mirror of
https://github.com/kakwa/uts-server
synced 2025-01-07 12:14:31 +01:00
new way to create certs for testing
This commit is contained in:
parent
bacd90bc68
commit
5fd07a352a
163
tests/cfg/pki/CAtsa.cnf
Normal file
163
tests/cfg/pki/CAtsa.cnf
Normal file
@ -0,0 +1,163 @@
|
|||||||
|
|
||||||
|
#
|
||||||
|
# This config is used by the Time Stamp Authority tests.
|
||||||
|
#
|
||||||
|
|
||||||
|
RANDFILE = ./.rnd
|
||||||
|
|
||||||
|
# Extra OBJECT IDENTIFIER info:
|
||||||
|
oid_section = new_oids
|
||||||
|
|
||||||
|
TSDNSECT = ts_cert_dn
|
||||||
|
INDEX = 1
|
||||||
|
|
||||||
|
[ new_oids ]
|
||||||
|
|
||||||
|
# Policies used by the TSA tests.
|
||||||
|
tsa_policy1 = 1.2.3.4.1
|
||||||
|
tsa_policy2 = 1.2.3.4.5.6
|
||||||
|
tsa_policy3 = 1.2.3.4.5.7
|
||||||
|
|
||||||
|
#----------------------------------------------------------------------
|
||||||
|
[ ca ]
|
||||||
|
default_ca = CA_default # The default ca section
|
||||||
|
|
||||||
|
[ CA_default ]
|
||||||
|
|
||||||
|
dir = ./demoCA
|
||||||
|
certs = $dir/certs # Where the issued certs are kept
|
||||||
|
database = $dir/index.txt # database index file.
|
||||||
|
new_certs_dir = $dir/newcerts # default place for new certs.
|
||||||
|
|
||||||
|
certificate = $dir/cacert.pem # The CA certificate
|
||||||
|
serial = $dir/serial # The current serial number
|
||||||
|
private_key = $dir/private/cakey.pem# The private key
|
||||||
|
RANDFILE = $dir/private/.rand # private random number file
|
||||||
|
|
||||||
|
default_days = 365 # how long to certify for
|
||||||
|
default_md = sha1 # which md to use.
|
||||||
|
preserve = no # keep passed DN ordering
|
||||||
|
|
||||||
|
policy = policy_match
|
||||||
|
|
||||||
|
# For the CA policy
|
||||||
|
[ policy_match ]
|
||||||
|
countryName = supplied
|
||||||
|
stateOrProvinceName = supplied
|
||||||
|
organizationName = supplied
|
||||||
|
organizationalUnitName = optional
|
||||||
|
commonName = supplied
|
||||||
|
emailAddress = optional
|
||||||
|
|
||||||
|
#----------------------------------------------------------------------
|
||||||
|
[ req ]
|
||||||
|
default_bits = 1024
|
||||||
|
default_md = sha1
|
||||||
|
distinguished_name = $ENV::TSDNSECT
|
||||||
|
encrypt_rsa_key = no
|
||||||
|
prompt = no
|
||||||
|
# attributes = req_attributes
|
||||||
|
x509_extensions = v3_ca # The extentions to add to the self signed cert
|
||||||
|
|
||||||
|
string_mask = nombstr
|
||||||
|
|
||||||
|
[ ts_ca_dn ]
|
||||||
|
countryName = HU
|
||||||
|
stateOrProvinceName = Budapest
|
||||||
|
localityName = Budapest
|
||||||
|
organizationName = Gov-CA Ltd.
|
||||||
|
commonName = ca1
|
||||||
|
|
||||||
|
[ ts_cert_dn ]
|
||||||
|
countryName = HU
|
||||||
|
stateOrProvinceName = Budapest
|
||||||
|
localityName = Buda
|
||||||
|
organizationName = Hun-TSA Ltd.
|
||||||
|
commonName = tsa$ENV::INDEX
|
||||||
|
|
||||||
|
[ tsa_cert ]
|
||||||
|
|
||||||
|
# TSA server cert is not a CA cert.
|
||||||
|
basicConstraints=CA:FALSE
|
||||||
|
|
||||||
|
# The following key usage flags are needed for TSA server certificates.
|
||||||
|
keyUsage = nonRepudiation, digitalSignature
|
||||||
|
extendedKeyUsage = critical,timeStamping
|
||||||
|
|
||||||
|
# PKIX recommendations harmless if included in all certificates.
|
||||||
|
subjectKeyIdentifier=hash
|
||||||
|
authorityKeyIdentifier=keyid,issuer:always
|
||||||
|
|
||||||
|
[ non_tsa_cert ]
|
||||||
|
|
||||||
|
# This is not a CA cert and not a TSA cert, either (timeStamping usage missing)
|
||||||
|
basicConstraints=CA:FALSE
|
||||||
|
|
||||||
|
# The following key usage flags are needed for TSA server certificates.
|
||||||
|
keyUsage = nonRepudiation, digitalSignature
|
||||||
|
# timeStamping is not supported by this certificate
|
||||||
|
# extendedKeyUsage = critical,timeStamping
|
||||||
|
|
||||||
|
# PKIX recommendations harmless if included in all certificates.
|
||||||
|
subjectKeyIdentifier=hash
|
||||||
|
authorityKeyIdentifier=keyid,issuer:always
|
||||||
|
|
||||||
|
[ v3_req ]
|
||||||
|
|
||||||
|
# Extensions to add to a certificate request
|
||||||
|
basicConstraints = CA:FALSE
|
||||||
|
keyUsage = nonRepudiation, digitalSignature
|
||||||
|
|
||||||
|
[ v3_ca ]
|
||||||
|
|
||||||
|
# Extensions for a typical CA
|
||||||
|
|
||||||
|
subjectKeyIdentifier=hash
|
||||||
|
authorityKeyIdentifier=keyid:always,issuer:always
|
||||||
|
basicConstraints = critical,CA:true
|
||||||
|
keyUsage = cRLSign, keyCertSign
|
||||||
|
|
||||||
|
#----------------------------------------------------------------------
|
||||||
|
[ tsa ]
|
||||||
|
|
||||||
|
default_tsa = tsa_config1 # the default TSA section
|
||||||
|
|
||||||
|
[ tsa_config1 ]
|
||||||
|
|
||||||
|
# These are used by the TSA reply generation only.
|
||||||
|
dir = . # TSA root directory
|
||||||
|
serial = $dir/tsa_serial # The current serial number (mandatory)
|
||||||
|
signer_cert = $dir/tsa_cert1.pem # The TSA signing certificate
|
||||||
|
# (optional)
|
||||||
|
certs = $dir/tsaca.pem # Certificate chain to include in reply
|
||||||
|
# (optional)
|
||||||
|
signer_key = $dir/tsa_key1.pem # The TSA private key (optional)
|
||||||
|
|
||||||
|
default_policy = tsa_policy1 # Policy if request did not specify it
|
||||||
|
# (optional)
|
||||||
|
other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
|
||||||
|
digests = md5, sha1 # Acceptable message digests (mandatory)
|
||||||
|
accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
|
||||||
|
ordering = yes # Is ordering defined for timestamps?
|
||||||
|
# (optional, default: no)
|
||||||
|
tsa_name = yes # Must the TSA name be included in the reply?
|
||||||
|
# (optional, default: no)
|
||||||
|
ess_cert_id_chain = yes # Must the ESS cert id chain be included?
|
||||||
|
# (optional, default: no)
|
||||||
|
|
||||||
|
[ tsa_config2 ]
|
||||||
|
|
||||||
|
# This configuration uses a certificate which doesn't have timeStamping usage.
|
||||||
|
# These are used by the TSA reply generation only.
|
||||||
|
dir = . # TSA root directory
|
||||||
|
serial = $dir/tsa_serial # The current serial number (mandatory)
|
||||||
|
signer_cert = $dir/tsa_cert2.pem # The TSA signing certificate
|
||||||
|
# (optional)
|
||||||
|
certs = $dir/demoCA/cacert.pem# Certificate chain to include in reply
|
||||||
|
# (optional)
|
||||||
|
signer_key = $dir/tsa_key2.pem # The TSA private key (optional)
|
||||||
|
|
||||||
|
default_policy = tsa_policy1 # Policy if request did not specify it
|
||||||
|
# (optional)
|
||||||
|
other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
|
||||||
|
digests = md5, sha1 # Acceptable message digests (mandatory)
|
@ -1,8 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
#
|
|
||||||
# Build a root certificate
|
|
||||||
#
|
|
||||||
|
|
||||||
export EASY_RSA="${EASY_RSA:-.}"
|
|
||||||
"$EASY_RSA/pkitool" --interact --initca $*
|
|
@ -1,11 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
# Build Diffie-Hellman parameters for the server side
|
|
||||||
# of an SSL/TLS connection.
|
|
||||||
|
|
||||||
if [ -d $KEY_DIR ] && [ $KEY_SIZE ]; then
|
|
||||||
$OPENSSL dhparam -out ${KEY_DIR}/dh${KEY_SIZE}.pem ${KEY_SIZE}
|
|
||||||
else
|
|
||||||
echo 'Please source the vars script first (i.e. "source ./vars")'
|
|
||||||
echo 'Make sure you have edited it to reflect your configuration.'
|
|
||||||
fi
|
|
@ -1,7 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
# Make an intermediate CA certificate/private key pair using a locally generated
|
|
||||||
# root certificate.
|
|
||||||
|
|
||||||
export EASY_RSA="${EASY_RSA:-.}"
|
|
||||||
"$EASY_RSA/pkitool" --interact --inter $*
|
|
@ -1,7 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
# Make a certificate/private key pair using a locally generated
|
|
||||||
# root certificate.
|
|
||||||
|
|
||||||
export EASY_RSA="${EASY_RSA:-.}"
|
|
||||||
"$EASY_RSA/pkitool" --interact $*
|
|
@ -1,7 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
# Similar to build-key, but protect the private key
|
|
||||||
# with a password.
|
|
||||||
|
|
||||||
export EASY_RSA="${EASY_RSA:-.}"
|
|
||||||
"$EASY_RSA/pkitool" --interact --pass $*
|
|
@ -1,8 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
# Make a certificate/private key pair using a locally generated
|
|
||||||
# root certificate and convert it to a PKCS #12 file including the
|
|
||||||
# the CA certificate as well.
|
|
||||||
|
|
||||||
export EASY_RSA="${EASY_RSA:-.}"
|
|
||||||
"$EASY_RSA/pkitool" --interact --pkcs12 $*
|
|
@ -1,10 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
# Make a certificate/private key pair using a locally generated
|
|
||||||
# root certificate.
|
|
||||||
#
|
|
||||||
# Explicitly set nsCertType to server using the "server"
|
|
||||||
# extension in the openssl.cnf file.
|
|
||||||
|
|
||||||
export EASY_RSA="${EASY_RSA:-.}"
|
|
||||||
"$EASY_RSA/pkitool" --interact --server $*
|
|
@ -1,7 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
# Build a certificate signing request and private key. Use this
|
|
||||||
# when your root certificate and key is not available locally.
|
|
||||||
|
|
||||||
export EASY_RSA="${EASY_RSA:-.}"
|
|
||||||
"$EASY_RSA/pkitool" --interact --csr $*
|
|
@ -1,7 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
# Like build-req, but protect your private key
|
|
||||||
# with a password.
|
|
||||||
|
|
||||||
export EASY_RSA="${EASY_RSA:-.}"
|
|
||||||
"$EASY_RSA/pkitool" --interact --csr --pass $*
|
|
@ -1,16 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
# Initialize the $KEY_DIR directory.
|
|
||||||
# Note that this script does a
|
|
||||||
# rm -rf on $KEY_DIR so be careful!
|
|
||||||
|
|
||||||
if [ "$KEY_DIR" ]; then
|
|
||||||
rm -rf "$KEY_DIR"
|
|
||||||
mkdir "$KEY_DIR" && \
|
|
||||||
chmod go-rwx "$KEY_DIR" && \
|
|
||||||
touch "$KEY_DIR/index.txt" && \
|
|
||||||
echo 01 >"$KEY_DIR/serial"
|
|
||||||
else
|
|
||||||
echo 'Please source the vars script first (i.e. "source ./vars")'
|
|
||||||
echo 'Make sure you have edited it to reflect your configuration.'
|
|
||||||
fi
|
|
48
tests/cfg/pki/create_tsa_certs
Executable file
48
tests/cfg/pki/create_tsa_certs
Executable file
@ -0,0 +1,48 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
error () {
|
||||||
|
|
||||||
|
echo "TSA test failed!" >&2
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
create_ca () {
|
||||||
|
|
||||||
|
echo "Creating a new CA for the TSA tests..."
|
||||||
|
TSDNSECT=ts_ca_dn
|
||||||
|
export TSDNSECT
|
||||||
|
openssl req -new -x509 -nodes \
|
||||||
|
-out tsaca.pem -keyout tsacakey.pem
|
||||||
|
test $? != 0 && error
|
||||||
|
}
|
||||||
|
|
||||||
|
create_tsa_cert () {
|
||||||
|
|
||||||
|
INDEX=$1
|
||||||
|
export INDEX
|
||||||
|
EXT=$2
|
||||||
|
TSDNSECT=ts_cert_dn
|
||||||
|
export TSDNSECT
|
||||||
|
|
||||||
|
openssl req -new \
|
||||||
|
-out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem
|
||||||
|
test $? != 0 && error
|
||||||
|
echo Using extension $EXT
|
||||||
|
openssl x509 -req \
|
||||||
|
-in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \
|
||||||
|
-CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \
|
||||||
|
-extfile $OPENSSL_CONF -extensions $EXT
|
||||||
|
test $? != 0 && error
|
||||||
|
}
|
||||||
|
|
||||||
|
echo "Creating CA for TSA tests..."
|
||||||
|
create_ca
|
||||||
|
|
||||||
|
echo "Creating tsa_cert1.pem TSA server cert..."
|
||||||
|
create_tsa_cert 1 tsa_cert
|
||||||
|
|
||||||
|
echo "Creating tsa_cert2.pem non-TSA server cert..."
|
||||||
|
create_tsa_cert 2 non_tsa_cert
|
||||||
|
|
||||||
|
OPENSSL_CONF="./CAtsa.cnf"
|
@ -1,39 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
# Build a new PKI which is rooted on an intermediate certificate generated
|
|
||||||
# by ./build-inter or ./pkitool --inter from a parent PKI. The new PKI should
|
|
||||||
# have independent vars settings, and must use a different KEY_DIR directory
|
|
||||||
# from the parent. This tool can be used to generate arbitrary depth
|
|
||||||
# certificate chains.
|
|
||||||
#
|
|
||||||
# To build an intermediate CA, follow the same steps for a regular PKI but
|
|
||||||
# replace ./build-key or ./pkitool --initca with this script.
|
|
||||||
|
|
||||||
# The EXPORT_CA file will contain the CA certificate chain and should be
|
|
||||||
# referenced by the OpenVPN "ca" directive in config files. The ca.crt file
|
|
||||||
# will only contain the local intermediate CA -- it's needed by the easy-rsa
|
|
||||||
# scripts but not by OpenVPN directly.
|
|
||||||
EXPORT_CA="export-ca.crt"
|
|
||||||
|
|
||||||
if [ $# -ne 2 ]; then
|
|
||||||
echo "usage: $0 <parent-key-dir> <common-name>"
|
|
||||||
echo "parent-key-dir: the KEY_DIR directory of the parent PKI"
|
|
||||||
echo "common-name: the common name of the intermediate certificate in the parent PKI"
|
|
||||||
exit 1;
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ "$KEY_DIR" ]; then
|
|
||||||
cp "$1/$2.crt" "$KEY_DIR/ca.crt"
|
|
||||||
cp "$1/$2.key" "$KEY_DIR/ca.key"
|
|
||||||
|
|
||||||
if [ -e "$1/$EXPORT_CA" ]; then
|
|
||||||
PARENT_CA="$1/$EXPORT_CA"
|
|
||||||
else
|
|
||||||
PARENT_CA="$1/ca.crt"
|
|
||||||
fi
|
|
||||||
cp "$PARENT_CA" "$KEY_DIR/$EXPORT_CA"
|
|
||||||
cat "$KEY_DIR/ca.crt" >> "$KEY_DIR/$EXPORT_CA"
|
|
||||||
else
|
|
||||||
echo 'Please source the vars script first (i.e. "source ./vars")'
|
|
||||||
echo 'Make sure you have edited it to reflect your configuration.'
|
|
||||||
fi
|
|
@ -1,98 +0,0 @@
|
|||||||
Certificate:
|
|
||||||
Data:
|
|
||||||
Version: 3 (0x2)
|
|
||||||
Serial Number: 1 (0x1)
|
|
||||||
Signature Algorithm: sha256WithRSAEncryption
|
|
||||||
Issuer: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain
|
|
||||||
Validity
|
|
||||||
Not Before: Aug 26 17:07:32 2016 GMT
|
|
||||||
Not After : Aug 24 17:07:32 2026 GMT
|
|
||||||
Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=-h/name=EasyRSA/emailAddress=me@myhost.mydomain
|
|
||||||
Subject Public Key Info:
|
|
||||||
Public Key Algorithm: rsaEncryption
|
|
||||||
Public-Key: (2048 bit)
|
|
||||||
Modulus:
|
|
||||||
00:b4:af:eb:bb:05:0d:4d:a8:a1:7b:65:79:1f:a2:
|
|
||||||
ad:8b:af:d5:2d:75:92:38:e7:0d:79:68:4a:6a:03:
|
|
||||||
0a:c6:3a:93:fd:e3:9a:e7:f5:18:8f:07:c7:c9:30:
|
|
||||||
aa:db:6c:7e:18:84:09:9c:69:32:5b:55:40:a1:1f:
|
|
||||||
1d:49:f1:cd:12:ec:aa:55:ad:fd:a0:13:60:d4:ed:
|
|
||||||
e6:6b:15:19:2a:a4:d5:a0:06:62:1c:36:f0:69:b5:
|
|
||||||
13:df:5d:5d:8a:90:2e:42:75:94:00:2f:61:d4:ef:
|
|
||||||
08:b7:37:fb:98:4e:b6:b9:4c:3b:cc:f2:05:21:8e:
|
|
||||||
1e:1d:8e:a9:dc:d1:e0:f8:2b:31:8b:db:cf:fd:66:
|
|
||||||
e2:ed:cb:da:b3:3e:e4:92:17:18:c1:31:9f:ae:35:
|
|
||||||
3c:c6:01:1e:35:fe:8c:74:6e:14:43:0b:bb:40:15:
|
|
||||||
32:3d:10:46:c6:f6:54:d8:26:ac:c2:98:ee:a0:66:
|
|
||||||
ed:81:69:3f:b8:2d:2b:f3:fa:3f:0d:6d:c4:9f:8c:
|
|
||||||
4d:82:f1:01:d6:66:1f:73:49:80:cd:73:bd:22:f1:
|
|
||||||
12:51:f1:fe:e6:8f:e0:be:32:99:74:50:3b:dc:8f:
|
|
||||||
ae:74:a0:58:64:b8:b7:40:b3:d5:f0:a8:19:20:cb:
|
|
||||||
7b:86:47:45:96:ae:f4:4a:f3:39:7d:ff:19:8e:50:
|
|
||||||
98:63
|
|
||||||
Exponent: 65537 (0x10001)
|
|
||||||
X509v3 extensions:
|
|
||||||
X509v3 Basic Constraints:
|
|
||||||
CA:FALSE
|
|
||||||
Netscape Comment:
|
|
||||||
Easy-RSA Generated Certificate
|
|
||||||
X509v3 Subject Key Identifier:
|
|
||||||
B4:F1:77:6A:ED:D2:67:AB:19:75:00:B5:DE:02:04:8C:F4:7E:4B:87
|
|
||||||
X509v3 Authority Key Identifier:
|
|
||||||
keyid:E3:2B:E4:74:CF:9B:BC:6E:6D:E6:52:1D:11:04:FC:66:1F:25:4A:73
|
|
||||||
DirName:/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain
|
|
||||||
serial:F9:2F:C6:8B:0E:F1:EB:9E
|
|
||||||
|
|
||||||
X509v3 Extended Key Usage:
|
|
||||||
TLS Web Client Authentication
|
|
||||||
X509v3 Key Usage:
|
|
||||||
Digital Signature
|
|
||||||
X509v3 Subject Alternative Name:
|
|
||||||
DNS:-h
|
|
||||||
Signature Algorithm: sha256WithRSAEncryption
|
|
||||||
0b:b4:40:74:21:70:12:4f:e9:b5:30:d0:2c:64:d9:fc:1a:01:
|
|
||||||
ac:9e:79:cf:a7:92:c7:27:c4:d8:55:e7:3f:ec:f6:11:36:07:
|
|
||||||
17:44:53:4c:f4:09:78:93:5b:ec:31:3c:08:d8:15:49:00:b6:
|
|
||||||
fc:5f:f5:46:d5:4e:d0:7f:a0:c3:9d:6c:43:cf:52:fa:22:cf:
|
|
||||||
14:ff:8e:92:68:90:23:22:41:6d:b9:5e:65:c0:81:56:61:63:
|
|
||||||
e4:73:33:7d:5d:43:49:9d:bb:d9:48:58:d0:65:f9:e9:bf:90:
|
|
||||||
15:30:51:dc:e2:27:c4:5b:4d:e7:46:4c:49:05:3a:f7:9b:dc:
|
|
||||||
f3:70:56:b4:69:24:25:92:33:48:eb:fe:07:95:5c:eb:4d:e6:
|
|
||||||
45:a3:27:5e:75:59:62:a4:3e:18:66:30:17:58:15:87:f0:63:
|
|
||||||
b9:d6:bd:01:e2:a9:a8:de:34:0d:5b:ab:41:8f:7a:f4:5a:c1:
|
|
||||||
7c:fa:5c:7d:cf:ab:8a:cb:36:53:12:fc:97:11:c5:b8:d0:a8:
|
|
||||||
7d:fc:f2:2f:74:95:c5:c0:62:cc:57:2a:8e:1f:9d:72:90:7e:
|
|
||||||
9b:d5:5a:cf:26:ff:3e:3a:cb:80:c7:e7:c6:77:d9:ef:e1:a5:
|
|
||||||
42:8f:9e:f7:15:2b:62:9c:8c:6a:35:36:3e:08:71:c6:06:44:
|
|
||||||
eb:43:4f:02
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIFWjCCBEKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBtjELMAkGA1UEBhMCVVMx
|
|
||||||
CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZv
|
|
||||||
cnQtRnVuc3RvbjEdMBsGA1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNV
|
|
||||||
BAMTD0ZvcnQtRnVuc3RvbiBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3
|
|
||||||
DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE2MDgyNjE3MDczMloXDTI2MDgy
|
|
||||||
NDE3MDczMlowgakxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMM
|
|
||||||
U2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24xHTAbBgNVBAsTFE15
|
|
||||||
T3JnYW5pemF0aW9uYWxVbml0MQswCQYDVQQDEwItaDEQMA4GA1UEKRMHRWFzeVJT
|
|
||||||
QTEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMIIBIjANBgkqhkiG
|
|
||||||
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtK/ruwUNTaihe2V5H6Kti6/VLXWSOOcNeWhK
|
|
||||||
agMKxjqT/eOa5/UYjwfHyTCq22x+GIQJnGkyW1VAoR8dSfHNEuyqVa39oBNg1O3m
|
|
||||||
axUZKqTVoAZiHDbwabUT311dipAuQnWUAC9h1O8Itzf7mE62uUw7zPIFIY4eHY6p
|
|
||||||
3NHg+Csxi9vP/Wbi7cvasz7kkhcYwTGfrjU8xgEeNf6MdG4UQwu7QBUyPRBGxvZU
|
|
||||||
2CaswpjuoGbtgWk/uC0r8/o/DW3En4xNgvEB1mYfc0mAzXO9IvESUfH+5o/gvjKZ
|
|
||||||
dFA73I+udKBYZLi3QLPV8KgZIMt7hkdFlq70SvM5ff8ZjlCYYwIDAQABo4IBfDCC
|
|
||||||
AXgwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJhdGVk
|
|
||||||
IENlcnRpZmljYXRlMB0GA1UdDgQWBBS08Xdq7dJnqxl1ALXeAgSM9H5LhzCB6wYD
|
|
||||||
VR0jBIHjMIHggBTjK+R0z5u8bm3mUh0RBPxmHyVKc6GBvKSBuTCBtjELMAkGA1UE
|
|
||||||
BhMCVVMxCzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNV
|
|
||||||
BAoTDEZvcnQtRnVuc3RvbjEdMBsGA1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQx
|
|
||||||
GDAWBgNVBAMTD0ZvcnQtRnVuc3RvbiBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8G
|
|
||||||
CSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluggkA+S/Giw7x654wEwYDVR0l
|
|
||||||
BAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA0GA1UdEQQGMASCAi1oMA0GCSqG
|
|
||||||
SIb3DQEBCwUAA4IBAQALtEB0IXAST+m1MNAsZNn8GgGsnnnPp5LHJ8TYVec/7PYR
|
|
||||||
NgcXRFNM9Al4k1vsMTwI2BVJALb8X/VG1U7Qf6DDnWxDz1L6Is8U/46SaJAjIkFt
|
|
||||||
uV5lwIFWYWPkczN9XUNJnbvZSFjQZfnpv5AVMFHc4ifEW03nRkxJBTr3m9zzcFa0
|
|
||||||
aSQlkjNI6/4HlVzrTeZFoydedVlipD4YZjAXWBWH8GO51r0B4qmo3jQNW6tBj3r0
|
|
||||||
WsF8+lx9z6uKyzZTEvyXEcW40Kh9/PIvdJXFwGLMVyqOH51ykH6b1VrPJv8+OsuA
|
|
||||||
x+fGd9nv4aVCj573FStinIxqNTY+CHHGBkTrQ08C
|
|
||||||
-----END CERTIFICATE-----
|
|
@ -1,99 +0,0 @@
|
|||||||
Certificate:
|
|
||||||
Data:
|
|
||||||
Version: 3 (0x2)
|
|
||||||
Serial Number: 2 (0x2)
|
|
||||||
Signature Algorithm: sha256WithRSAEncryption
|
|
||||||
Issuer: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain
|
|
||||||
Validity
|
|
||||||
Not Before: Aug 26 17:08:14 2016 GMT
|
|
||||||
Not After : Aug 24 17:08:14 2026 GMT
|
|
||||||
Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=ts.uts-server.org/name=EasyRSA/emailAddress=me@myhost.mydomain
|
|
||||||
Subject Public Key Info:
|
|
||||||
Public Key Algorithm: rsaEncryption
|
|
||||||
Public-Key: (2048 bit)
|
|
||||||
Modulus:
|
|
||||||
00:d3:50:7a:93:b7:10:8e:d2:2e:31:30:f6:10:9f:
|
|
||||||
bc:d6:db:ab:f0:4c:96:46:d2:bf:b2:2a:a0:f6:f7:
|
|
||||||
5c:48:83:66:54:75:3e:a3:25:20:89:2d:f7:9a:c5:
|
|
||||||
32:12:b1:32:a0:99:27:f4:9c:f0:e8:a2:19:9b:83:
|
|
||||||
a6:e1:aa:42:0a:f4:0b:81:a2:9c:3e:f2:5a:1c:ad:
|
|
||||||
5e:f8:24:12:e9:ec:75:cc:43:7c:6b:16:9a:5f:aa:
|
|
||||||
9e:39:b5:9f:2c:3e:b0:3f:cd:31:7f:90:46:a9:60:
|
|
||||||
74:d3:e0:18:e8:ee:0e:71:bf:37:bc:fe:2b:94:33:
|
|
||||||
61:3d:01:02:ed:f8:b8:66:6a:9f:76:c0:06:c8:06:
|
|
||||||
2b:70:5e:87:d2:17:b7:cd:aa:40:1f:ae:af:a4:c7:
|
|
||||||
3f:60:bc:be:54:ee:30:4e:fe:8e:2d:32:27:5c:f9:
|
|
||||||
af:2f:f9:f1:d2:2b:08:b5:6d:89:8b:84:3e:e9:d4:
|
|
||||||
e8:0b:c4:d7:5f:07:4e:96:5c:a2:4b:63:ef:a8:49:
|
|
||||||
55:39:55:34:1d:b5:ce:8e:5d:13:69:8d:52:d5:1e:
|
|
||||||
30:f9:ed:73:0b:2b:7d:8c:e1:c0:93:a9:28:20:d7:
|
|
||||||
f0:ec:04:37:bf:4b:85:0e:e2:3a:e8:54:ad:d9:e3:
|
|
||||||
27:8f:c7:43:8e:65:e1:f9:51:f0:c3:96:f2:0e:8d:
|
|
||||||
83:79
|
|
||||||
Exponent: 65537 (0x10001)
|
|
||||||
X509v3 extensions:
|
|
||||||
X509v3 Basic Constraints:
|
|
||||||
CA:FALSE
|
|
||||||
Netscape Comment:
|
|
||||||
Easy-RSA Generated Certificate
|
|
||||||
X509v3 Subject Key Identifier:
|
|
||||||
FF:2D:69:50:05:46:A3:95:F4:A3:E0:2E:34:39:EF:9B:BC:E2:F0:86
|
|
||||||
X509v3 Authority Key Identifier:
|
|
||||||
keyid:E3:2B:E4:74:CF:9B:BC:6E:6D:E6:52:1D:11:04:FC:66:1F:25:4A:73
|
|
||||||
DirName:/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain
|
|
||||||
serial:F9:2F:C6:8B:0E:F1:EB:9E
|
|
||||||
|
|
||||||
X509v3 Extended Key Usage:
|
|
||||||
TLS Web Client Authentication
|
|
||||||
X509v3 Key Usage:
|
|
||||||
Digital Signature
|
|
||||||
X509v3 Subject Alternative Name:
|
|
||||||
DNS:ts.uts-server.org
|
|
||||||
Signature Algorithm: sha256WithRSAEncryption
|
|
||||||
d2:ff:65:c8:fe:69:7d:fd:99:b9:4e:4c:c3:fe:ff:97:74:59:
|
|
||||||
a1:89:b6:47:b3:10:79:76:ee:7b:0b:26:7e:db:cd:fd:e1:52:
|
|
||||||
4b:94:78:3e:72:ba:8c:58:48:4f:67:ef:05:29:9e:7b:1a:07:
|
|
||||||
82:72:27:67:78:ef:43:e1:67:08:73:2c:11:e1:91:f4:4e:73:
|
|
||||||
5a:a8:09:61:9f:33:d1:33:c7:43:10:8b:a9:e8:16:63:97:e9:
|
|
||||||
81:63:74:f4:5a:b5:fc:88:46:a6:c9:c4:89:23:1d:ac:4a:02:
|
|
||||||
3f:29:ae:59:a2:6f:37:a1:27:e1:6e:34:c8:99:35:0b:50:5e:
|
|
||||||
bc:3d:64:01:7e:5e:4e:ee:79:48:a9:e6:26:bb:2d:f8:18:88:
|
|
||||||
ea:22:df:8e:7b:71:24:c1:6b:17:26:4c:96:0c:d0:d2:b4:29:
|
|
||||||
9a:1d:9a:ae:26:2b:aa:95:a9:9b:15:58:a6:9a:c4:5b:48:64:
|
|
||||||
ff:e0:e6:fb:53:37:0d:20:83:94:95:4e:5a:b9:3c:62:47:bc:
|
|
||||||
fb:6d:0a:eb:f2:b1:9c:d7:ee:30:9b:07:9f:1a:27:1f:e0:bb:
|
|
||||||
5e:36:4b:06:19:10:89:43:14:98:fc:cd:52:82:48:59:cc:77:
|
|
||||||
64:bd:ff:e7:b4:b1:00:ad:7a:94:c6:47:c7:f9:32:25:ad:2c:
|
|
||||||
14:e6:1c:df
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIFeDCCBGCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBtjELMAkGA1UEBhMCVVMx
|
|
||||||
CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZv
|
|
||||||
cnQtRnVuc3RvbjEdMBsGA1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNV
|
|
||||||
BAMTD0ZvcnQtRnVuc3RvbiBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3
|
|
||||||
DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE2MDgyNjE3MDgxNFoXDTI2MDgy
|
|
||||||
NDE3MDgxNFowgbgxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMM
|
|
||||||
U2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24xHTAbBgNVBAsTFE15
|
|
||||||
T3JnYW5pemF0aW9uYWxVbml0MRowGAYDVQQDExF0cy51dHMtc2VydmVyLm9yZzEQ
|
|
||||||
MA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9t
|
|
||||||
YWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA01B6k7cQjtIuMTD2
|
|
||||||
EJ+81tur8EyWRtK/siqg9vdcSINmVHU+oyUgiS33msUyErEyoJkn9Jzw6KIZm4Om
|
|
||||||
4apCCvQLgaKcPvJaHK1e+CQS6ex1zEN8axaaX6qeObWfLD6wP80xf5BGqWB00+AY
|
|
||||||
6O4Ocb83vP4rlDNhPQEC7fi4ZmqfdsAGyAYrcF6H0he3zapAH66vpMc/YLy+VO4w
|
|
||||||
Tv6OLTInXPmvL/nx0isItW2Ji4Q+6dToC8TXXwdOllyiS2PvqElVOVU0HbXOjl0T
|
|
||||||
aY1S1R4w+e1zCyt9jOHAk6koINfw7AQ3v0uFDuI66FSt2eMnj8dDjmXh+VHww5by
|
|
||||||
Do2DeQIDAQABo4IBizCCAYcwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFz
|
|
||||||
eS1SU0EgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBT/LWlQBUajlfSj
|
|
||||||
4C40Oe+bvOLwhjCB6wYDVR0jBIHjMIHggBTjK+R0z5u8bm3mUh0RBPxmHyVKc6GB
|
|
||||||
vKSBuTCBtjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5G
|
|
||||||
cmFuY2lzY28xFTATBgNVBAoTDEZvcnQtRnVuc3RvbjEdMBsGA1UECxMUTXlPcmdh
|
|
||||||
bml6YXRpb25hbFVuaXQxGDAWBgNVBAMTD0ZvcnQtRnVuc3RvbiBDQTEQMA4GA1UE
|
|
||||||
KRMHRWFzeVJTQTEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluggkA
|
|
||||||
+S/Giw7x654wEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMBwGA1Ud
|
|
||||||
EQQVMBOCEXRzLnV0cy1zZXJ2ZXIub3JnMA0GCSqGSIb3DQEBCwUAA4IBAQDS/2XI
|
|
||||||
/ml9/Zm5TkzD/v+XdFmhibZHsxB5du57CyZ+28394VJLlHg+crqMWEhPZ+8FKZ57
|
|
||||||
GgeCcidneO9D4WcIcywR4ZH0TnNaqAlhnzPRM8dDEIup6BZjl+mBY3T0WrX8iEam
|
|
||||||
ycSJIx2sSgI/Ka5Zom83oSfhbjTImTULUF68PWQBfl5O7nlIqeYmuy34GIjqIt+O
|
|
||||||
e3EkwWsXJkyWDNDStCmaHZquJiuqlambFVimmsRbSGT/4Ob7UzcNIIOUlU5auTxi
|
|
||||||
R7z7bQrr8rGc1+4wmwefGicf4LteNksGGRCJQxSY/M1SgkhZzHdkvf/ntLEArXqU
|
|
||||||
xkfH+TIlrSwU5hzf
|
|
||||||
-----END CERTIFICATE-----
|
|
@ -1,98 +0,0 @@
|
|||||||
Certificate:
|
|
||||||
Data:
|
|
||||||
Version: 3 (0x2)
|
|
||||||
Serial Number: 3 (0x3)
|
|
||||||
Signature Algorithm: sha256WithRSAEncryption
|
|
||||||
Issuer: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain
|
|
||||||
Validity
|
|
||||||
Not Before: Aug 26 17:08:43 2016 GMT
|
|
||||||
Not After : Aug 24 17:08:43 2026 GMT
|
|
||||||
Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=tsa1/name=EasyRSA/emailAddress=me@myhost.mydomain
|
|
||||||
Subject Public Key Info:
|
|
||||||
Public Key Algorithm: rsaEncryption
|
|
||||||
Public-Key: (2048 bit)
|
|
||||||
Modulus:
|
|
||||||
00:c8:00:8c:27:a0:52:ac:87:1f:e5:b4:1c:2d:be:
|
|
||||||
af:a0:8b:aa:ea:1b:8d:02:30:41:00:1b:3a:34:dc:
|
|
||||||
6f:04:5d:9f:c5:59:6f:a5:fa:d5:1e:3c:0e:22:52:
|
|
||||||
10:1e:7e:b2:48:b1:65:cd:0c:be:55:60:0e:98:d2:
|
|
||||||
34:8d:e9:9b:50:a2:98:92:6b:6a:09:db:9e:f6:f7:
|
|
||||||
80:22:d1:8b:f3:71:6e:bd:53:b3:fb:23:70:4e:01:
|
|
||||||
20:73:75:12:20:87:37:d3:ca:e5:0b:ff:ba:5e:bd:
|
|
||||||
ad:cd:ff:05:e2:91:31:7c:b1:99:34:ef:d2:6f:1e:
|
|
||||||
22:fe:77:e9:40:ac:8b:dc:f0:e8:23:04:f6:b7:b3:
|
|
||||||
60:34:2c:82:df:3c:3d:ca:14:52:d8:8a:57:1f:40:
|
|
||||||
1b:70:a2:ac:65:df:54:87:ba:7d:85:7b:d8:93:bd:
|
|
||||||
8e:85:fc:de:9a:0b:6a:88:52:b2:27:1b:0c:16:e0:
|
|
||||||
87:ba:7c:c9:94:a3:f7:10:79:88:0e:96:b4:a7:40:
|
|
||||||
76:00:58:b1:5a:ab:50:89:55:f6:f8:48:4f:76:66:
|
|
||||||
e5:1c:fa:bb:7a:59:57:df:33:57:7b:d4:0c:36:7f:
|
|
||||||
d6:6e:0a:40:a2:06:b7:c0:f2:31:f7:55:11:20:74:
|
|
||||||
cf:68:b2:b2:96:74:4c:58:a0:3e:ec:ee:8e:df:d1:
|
|
||||||
51:ff
|
|
||||||
Exponent: 65537 (0x10001)
|
|
||||||
X509v3 extensions:
|
|
||||||
X509v3 Basic Constraints:
|
|
||||||
CA:FALSE
|
|
||||||
Netscape Comment:
|
|
||||||
Easy-RSA Generated Certificate
|
|
||||||
X509v3 Subject Key Identifier:
|
|
||||||
6D:48:DA:1F:19:A2:88:71:0F:3D:80:5D:AB:44:5C:F5:06:B5:BB:0B
|
|
||||||
X509v3 Authority Key Identifier:
|
|
||||||
keyid:E3:2B:E4:74:CF:9B:BC:6E:6D:E6:52:1D:11:04:FC:66:1F:25:4A:73
|
|
||||||
DirName:/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain
|
|
||||||
serial:F9:2F:C6:8B:0E:F1:EB:9E
|
|
||||||
|
|
||||||
X509v3 Extended Key Usage:
|
|
||||||
TLS Web Client Authentication
|
|
||||||
X509v3 Key Usage:
|
|
||||||
Digital Signature
|
|
||||||
X509v3 Subject Alternative Name:
|
|
||||||
DNS:tsa1
|
|
||||||
Signature Algorithm: sha256WithRSAEncryption
|
|
||||||
a2:b6:e1:66:78:ff:d0:f1:53:58:2f:8a:26:0b:c1:7f:71:f8:
|
|
||||||
9a:d1:fa:70:f8:5b:b7:ce:da:79:92:52:0b:5f:d1:ed:c1:86:
|
|
||||||
eb:bc:29:f7:ed:0f:5b:c4:10:ab:a3:ce:9e:97:c8:a0:c8:5c:
|
|
||||||
af:bc:f2:58:77:00:59:69:85:2f:a1:16:92:45:b8:a9:3b:8d:
|
|
||||||
8c:bd:1a:bb:08:07:79:6d:6a:e9:8b:7c:fb:fb:0e:72:0a:e1:
|
|
||||||
fa:4c:ca:d5:d6:99:fc:2c:5f:1d:8a:28:38:da:bd:d4:88:36:
|
|
||||||
a2:a4:1a:e5:f9:77:72:e6:ed:13:62:31:19:79:ec:ad:9e:b5:
|
|
||||||
d1:92:7a:cf:f8:e0:ad:56:dd:5b:68:c6:64:c5:32:51:83:0e:
|
|
||||||
89:17:14:22:29:53:09:bb:49:06:3a:f1:02:8f:de:fc:94:59:
|
|
||||||
82:3d:d1:97:d8:70:53:ff:b5:0d:04:6f:2a:3f:30:50:7b:b1:
|
|
||||||
61:b3:a3:10:ee:94:dd:de:b8:ac:7c:0d:a4:af:f6:c2:8a:74:
|
|
||||||
dd:e8:95:db:ee:ab:d5:ef:68:0a:96:7c:46:05:93:12:93:d8:
|
|
||||||
84:5a:6d:38:ff:69:40:51:84:29:62:91:62:7b:af:17:18:b7:
|
|
||||||
bb:59:19:89:89:89:5d:75:54:92:bf:75:2f:7e:e4:fb:eb:a7:
|
|
||||||
ae:b5:a2:2f
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIFXjCCBEagAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBtjELMAkGA1UEBhMCVVMx
|
|
||||||
CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZv
|
|
||||||
cnQtRnVuc3RvbjEdMBsGA1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNV
|
|
||||||
BAMTD0ZvcnQtRnVuc3RvbiBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3
|
|
||||||
DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE2MDgyNjE3MDg0M1oXDTI2MDgy
|
|
||||||
NDE3MDg0M1owgasxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMM
|
|
||||||
U2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24xHTAbBgNVBAsTFE15
|
|
||||||
T3JnYW5pemF0aW9uYWxVbml0MQ0wCwYDVQQDEwR0c2ExMRAwDgYDVQQpEwdFYXN5
|
|
||||||
UlNBMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wggEiMA0GCSqG
|
|
||||||
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIAIwnoFKshx/ltBwtvq+gi6rqG40CMEEA
|
|
||||||
Gzo03G8EXZ/FWW+l+tUePA4iUhAefrJIsWXNDL5VYA6Y0jSN6ZtQopiSa2oJ2572
|
|
||||||
94Ai0YvzcW69U7P7I3BOASBzdRIghzfTyuUL/7peva3N/wXikTF8sZk079JvHiL+
|
|
||||||
d+lArIvc8OgjBPa3s2A0LILfPD3KFFLYilcfQBtwoqxl31SHun2Fe9iTvY6F/N6a
|
|
||||||
C2qIUrInGwwW4Ie6fMmUo/cQeYgOlrSnQHYAWLFaq1CJVfb4SE92ZuUc+rt6WVff
|
|
||||||
M1d71Aw2f9ZuCkCiBrfA8jH3VREgdM9osrKWdExYoD7s7o7f0VH/AgMBAAGjggF+
|
|
||||||
MIIBejAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0
|
|
||||||
ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFG1I2h8ZoohxDz2AXatEXPUGtbsLMIHr
|
|
||||||
BgNVHSMEgeMwgeCAFOMr5HTPm7xubeZSHREE/GYfJUpzoYG8pIG5MIG2MQswCQYD
|
|
||||||
VQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMG
|
|
||||||
A1UEChMMRm9ydC1GdW5zdG9uMR0wGwYDVQQLExRNeU9yZ2FuaXphdGlvbmFsVW5p
|
|
||||||
dDEYMBYGA1UEAxMPRm9ydC1GdW5zdG9uIENBMRAwDgYDVQQpEwdFYXN5UlNBMSEw
|
|
||||||
HwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CCQD5L8aLDvHrnjATBgNV
|
|
||||||
HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDwYDVR0RBAgwBoIEdHNhMTAN
|
|
||||||
BgkqhkiG9w0BAQsFAAOCAQEAorbhZnj/0PFTWC+KJgvBf3H4mtH6cPhbt87aeZJS
|
|
||||||
C1/R7cGG67wp9+0PW8QQq6POnpfIoMhcr7zyWHcAWWmFL6EWkkW4qTuNjL0auwgH
|
|
||||||
eW1q6Yt8+/sOcgrh+kzK1daZ/CxfHYooONq91Ig2oqQa5fl3cubtE2IxGXnsrZ61
|
|
||||||
0ZJ6z/jgrVbdW2jGZMUyUYMOiRcUIilTCbtJBjrxAo/e/JRZgj3Rl9hwU/+1DQRv
|
|
||||||
Kj8wUHuxYbOjEO6U3d64rHwNpK/2wop03eiV2+6r1e9oCpZ8RgWTEpPYhFptOP9p
|
|
||||||
QFGEKWKRYnuvFxi3u1kZiYmJXXVUkr91L37k++unrrWiLw==
|
|
||||||
-----END CERTIFICATE-----
|
|
@ -1,98 +0,0 @@
|
|||||||
Certificate:
|
|
||||||
Data:
|
|
||||||
Version: 3 (0x2)
|
|
||||||
Serial Number: 4 (0x4)
|
|
||||||
Signature Algorithm: sha256WithRSAEncryption
|
|
||||||
Issuer: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain
|
|
||||||
Validity
|
|
||||||
Not Before: Aug 26 17:08:44 2016 GMT
|
|
||||||
Not After : Aug 24 17:08:44 2026 GMT
|
|
||||||
Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=tsa2/name=EasyRSA/emailAddress=me@myhost.mydomain
|
|
||||||
Subject Public Key Info:
|
|
||||||
Public Key Algorithm: rsaEncryption
|
|
||||||
Public-Key: (2048 bit)
|
|
||||||
Modulus:
|
|
||||||
00:9b:34:5c:6b:ac:10:e9:63:50:cd:f5:f1:9e:80:
|
|
||||||
a8:be:ed:4f:21:25:7c:54:67:8f:f0:c1:16:57:ad:
|
|
||||||
1c:c7:14:90:8c:8d:1f:b4:e4:91:3b:fd:2c:44:a1:
|
|
||||||
c3:7d:1d:f5:cb:54:c2:45:a4:e3:e9:07:14:60:60:
|
|
||||||
63:07:d7:6d:92:2b:99:5a:c3:c1:91:87:92:b5:6d:
|
|
||||||
4b:d0:22:cd:62:13:34:9a:d1:c6:8f:e6:f6:df:50:
|
|
||||||
ba:1a:51:80:b8:2e:c9:dc:03:79:3d:97:a9:89:ce:
|
|
||||||
91:68:e4:dc:90:7d:f3:aa:74:2d:48:2b:40:f5:cf:
|
|
||||||
ba:d5:e8:07:d2:34:74:e0:31:c6:e1:0c:df:89:25:
|
|
||||||
c9:49:34:f6:0d:e8:1c:05:54:4c:eb:79:7b:04:bb:
|
|
||||||
e8:1e:f9:c3:dc:f8:d7:6f:d1:c3:77:a5:97:78:45:
|
|
||||||
1c:82:5a:52:a5:26:3e:4b:78:9e:6d:f8:75:3e:40:
|
|
||||||
b9:69:d6:e8:3f:ea:d7:6b:6e:e9:d3:a9:10:a4:92:
|
|
||||||
5e:96:e2:d8:f3:7e:2e:35:f2:81:85:b9:6d:9c:14:
|
|
||||||
02:38:c3:53:0f:a1:84:ef:c3:62:13:7f:10:0f:e4:
|
|
||||||
2e:43:4d:d0:48:06:5b:38:e4:49:e1:35:13:f6:d6:
|
|
||||||
83:1e:1c:f4:10:21:29:45:e3:48:47:01:9c:6a:4d:
|
|
||||||
b6:0b
|
|
||||||
Exponent: 65537 (0x10001)
|
|
||||||
X509v3 extensions:
|
|
||||||
X509v3 Basic Constraints:
|
|
||||||
CA:FALSE
|
|
||||||
Netscape Comment:
|
|
||||||
Easy-RSA Generated Certificate
|
|
||||||
X509v3 Subject Key Identifier:
|
|
||||||
6E:12:12:1A:40:9F:52:2F:48:9C:B5:EE:DC:BF:20:B7:7A:30:02:DC
|
|
||||||
X509v3 Authority Key Identifier:
|
|
||||||
keyid:E3:2B:E4:74:CF:9B:BC:6E:6D:E6:52:1D:11:04:FC:66:1F:25:4A:73
|
|
||||||
DirName:/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain
|
|
||||||
serial:F9:2F:C6:8B:0E:F1:EB:9E
|
|
||||||
|
|
||||||
X509v3 Extended Key Usage:
|
|
||||||
TLS Web Client Authentication
|
|
||||||
X509v3 Key Usage:
|
|
||||||
Digital Signature
|
|
||||||
X509v3 Subject Alternative Name:
|
|
||||||
DNS:tsa2
|
|
||||||
Signature Algorithm: sha256WithRSAEncryption
|
|
||||||
89:6d:03:f4:e6:29:77:ae:b4:82:de:7b:d6:39:56:10:2f:64:
|
|
||||||
f7:68:58:6e:3b:cf:9f:96:ab:a3:66:b0:53:80:98:88:c2:70:
|
|
||||||
3a:7e:de:d6:3f:69:ff:09:56:22:4f:b3:61:c3:43:ed:73:7f:
|
|
||||||
9f:29:10:31:31:ba:d6:78:a2:bc:7d:45:2c:5f:5a:8a:77:62:
|
|
||||||
3e:d8:38:fb:41:3c:54:8b:67:29:c5:d7:5a:a9:d3:a9:52:53:
|
|
||||||
81:eb:0b:55:9e:4e:f3:73:b5:f9:87:0d:a9:59:c4:2a:66:36:
|
|
||||||
47:bc:02:78:12:5b:12:7f:f5:c2:1c:a3:be:d0:bc:3e:72:1e:
|
|
||||||
96:f2:a4:16:71:d8:0f:af:76:1d:44:bd:1c:ef:e9:6a:09:00:
|
|
||||||
79:61:b1:20:83:61:1f:13:00:69:30:c6:ae:3b:31:a3:6c:db:
|
|
||||||
67:52:5d:ef:44:14:eb:53:b4:79:39:62:53:a6:d5:ea:96:ee:
|
|
||||||
2c:5f:38:9f:04:32:0c:39:24:e7:1c:04:79:ea:27:90:1f:e2:
|
|
||||||
b3:ed:93:a1:92:5c:c6:fa:d5:58:1f:9e:3a:a5:32:01:ce:b8:
|
|
||||||
61:f6:fa:bd:ff:37:1c:3f:30:54:8e:69:13:91:1b:95:6c:43:
|
|
||||||
c7:23:47:c8:2b:c1:97:00:d4:9b:46:52:ae:b4:dd:da:a6:13:
|
|
||||||
a5:6b:07:dc
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIFXjCCBEagAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBtjELMAkGA1UEBhMCVVMx
|
|
||||||
CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZv
|
|
||||||
cnQtRnVuc3RvbjEdMBsGA1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNV
|
|
||||||
BAMTD0ZvcnQtRnVuc3RvbiBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3
|
|
||||||
DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE2MDgyNjE3MDg0NFoXDTI2MDgy
|
|
||||||
NDE3MDg0NFowgasxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMM
|
|
||||||
U2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24xHTAbBgNVBAsTFE15
|
|
||||||
T3JnYW5pemF0aW9uYWxVbml0MQ0wCwYDVQQDEwR0c2EyMRAwDgYDVQQpEwdFYXN5
|
|
||||||
UlNBMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wggEiMA0GCSqG
|
|
||||||
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbNFxrrBDpY1DN9fGegKi+7U8hJXxUZ4/w
|
|
||||||
wRZXrRzHFJCMjR+05JE7/SxEocN9HfXLVMJFpOPpBxRgYGMH122SK5law8GRh5K1
|
|
||||||
bUvQIs1iEzSa0caP5vbfULoaUYC4LsncA3k9l6mJzpFo5NyQffOqdC1IK0D1z7rV
|
|
||||||
6AfSNHTgMcbhDN+JJclJNPYN6BwFVEzreXsEu+ge+cPc+Ndv0cN3pZd4RRyCWlKl
|
|
||||||
Jj5LeJ5t+HU+QLlp1ug/6tdrbunTqRCkkl6W4tjzfi418oGFuW2cFAI4w1MPoYTv
|
|
||||||
w2ITfxAP5C5DTdBIBls45EnhNRP21oMeHPQQISlF40hHAZxqTbYLAgMBAAGjggF+
|
|
||||||
MIIBejAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0
|
|
||||||
ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFG4SEhpAn1IvSJy17ty/ILd6MALcMIHr
|
|
||||||
BgNVHSMEgeMwgeCAFOMr5HTPm7xubeZSHREE/GYfJUpzoYG8pIG5MIG2MQswCQYD
|
|
||||||
VQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMG
|
|
||||||
A1UEChMMRm9ydC1GdW5zdG9uMR0wGwYDVQQLExRNeU9yZ2FuaXphdGlvbmFsVW5p
|
|
||||||
dDEYMBYGA1UEAxMPRm9ydC1GdW5zdG9uIENBMRAwDgYDVQQpEwdFYXN5UlNBMSEw
|
|
||||||
HwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CCQD5L8aLDvHrnjATBgNV
|
|
||||||
HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDwYDVR0RBAgwBoIEdHNhMjAN
|
|
||||||
BgkqhkiG9w0BAQsFAAOCAQEAiW0D9OYpd660gt571jlWEC9k92hYbjvPn5aro2aw
|
|
||||||
U4CYiMJwOn7e1j9p/wlWIk+zYcND7XN/nykQMTG61niivH1FLF9aindiPtg4+0E8
|
|
||||||
VItnKcXXWqnTqVJTgesLVZ5O83O1+YcNqVnEKmY2R7wCeBJbEn/1whyjvtC8PnIe
|
|
||||||
lvKkFnHYD692HUS9HO/pagkAeWGxIINhHxMAaTDGrjsxo2zbZ1Jd70QU61O0eTli
|
|
||||||
U6bV6pbuLF84nwQyDDkk5xwEeeonkB/is+2ToZJcxvrVWB+eOqUyAc64Yfb6vf83
|
|
||||||
HD8wVI5pE5EblWxDxyNHyCvBlwDUm0ZSrrTd2qYTpWsH3A==
|
|
||||||
-----END CERTIFICATE-----
|
|
@ -1,98 +0,0 @@
|
|||||||
Certificate:
|
|
||||||
Data:
|
|
||||||
Version: 3 (0x2)
|
|
||||||
Serial Number: 5 (0x5)
|
|
||||||
Signature Algorithm: sha256WithRSAEncryption
|
|
||||||
Issuer: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain
|
|
||||||
Validity
|
|
||||||
Not Before: Aug 26 17:08:56 2016 GMT
|
|
||||||
Not After : Aug 24 17:08:56 2026 GMT
|
|
||||||
Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=clt1/name=EasyRSA/emailAddress=me@myhost.mydomain
|
|
||||||
Subject Public Key Info:
|
|
||||||
Public Key Algorithm: rsaEncryption
|
|
||||||
Public-Key: (2048 bit)
|
|
||||||
Modulus:
|
|
||||||
00:d5:f2:1c:23:59:41:87:a7:68:06:7d:2f:5f:aa:
|
|
||||||
88:16:4a:91:59:11:7f:d9:28:d1:ec:d6:c9:bc:b0:
|
|
||||||
6b:90:ee:44:94:44:e7:d4:b9:11:48:f7:f1:ca:9e:
|
|
||||||
f8:ce:02:44:b2:7b:90:3d:e1:97:42:b1:02:fe:ab:
|
|
||||||
1c:2a:89:81:50:81:42:9f:7f:87:41:87:be:b5:bc:
|
|
||||||
c0:9f:33:81:26:81:86:24:a9:4c:72:6c:7f:e9:a8:
|
|
||||||
71:1f:aa:45:4a:38:bd:c8:57:c4:25:8c:47:14:d0:
|
|
||||||
e0:60:4b:07:ee:bb:52:b9:95:d3:66:24:c4:6b:79:
|
|
||||||
36:83:af:6b:b8:01:8f:67:f2:81:7f:3e:fe:c3:4f:
|
|
||||||
72:ac:06:65:43:39:0f:fc:5f:71:bc:5c:12:f6:36:
|
|
||||||
ef:27:61:a0:32:4c:d1:cd:e1:15:e2:64:b5:fd:fd:
|
|
||||||
54:d5:63:45:a1:96:9a:38:50:c5:b7:7e:0e:fb:96:
|
|
||||||
d9:a7:a7:4f:58:58:af:a1:17:50:fa:66:62:43:1e:
|
|
||||||
8a:38:6a:7c:54:3f:8d:5a:12:5c:e3:cc:95:55:25:
|
|
||||||
9b:ee:bc:33:40:3a:54:cb:39:3e:6c:17:30:79:fa:
|
|
||||||
24:ba:1c:5a:54:ff:b0:30:11:d4:aa:92:5a:d7:a6:
|
|
||||||
39:16:45:d7:74:fe:40:9c:d4:cd:f4:74:34:95:ef:
|
|
||||||
4a:99
|
|
||||||
Exponent: 65537 (0x10001)
|
|
||||||
X509v3 extensions:
|
|
||||||
X509v3 Basic Constraints:
|
|
||||||
CA:FALSE
|
|
||||||
Netscape Comment:
|
|
||||||
Easy-RSA Generated Certificate
|
|
||||||
X509v3 Subject Key Identifier:
|
|
||||||
DC:E2:70:D0:59:39:F5:F5:E0:48:E2:A9:5F:35:D2:98:34:EA:20:FB
|
|
||||||
X509v3 Authority Key Identifier:
|
|
||||||
keyid:E3:2B:E4:74:CF:9B:BC:6E:6D:E6:52:1D:11:04:FC:66:1F:25:4A:73
|
|
||||||
DirName:/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain
|
|
||||||
serial:F9:2F:C6:8B:0E:F1:EB:9E
|
|
||||||
|
|
||||||
X509v3 Extended Key Usage:
|
|
||||||
TLS Web Client Authentication
|
|
||||||
X509v3 Key Usage:
|
|
||||||
Digital Signature
|
|
||||||
X509v3 Subject Alternative Name:
|
|
||||||
DNS:clt1
|
|
||||||
Signature Algorithm: sha256WithRSAEncryption
|
|
||||||
ad:80:83:dd:ac:17:9c:da:ca:71:c6:99:13:c7:b5:b7:b4:69:
|
|
||||||
a9:fa:0f:dd:fa:b6:4f:a2:19:10:3a:ea:7e:37:e1:a8:29:a0:
|
|
||||||
45:76:7e:d2:a8:08:17:f6:4a:ad:9e:31:ad:b1:b4:e5:5a:3f:
|
|
||||||
4a:e3:2f:e3:fa:37:0e:3d:04:ca:aa:9a:8d:4e:6f:a2:35:ae:
|
|
||||||
48:37:9e:a3:cc:83:21:34:34:2f:e2:71:c6:51:a1:5b:46:ad:
|
|
||||||
d5:10:26:ea:e2:4b:18:df:8e:e2:ab:ac:e3:3b:a2:a7:fb:99:
|
|
||||||
f2:0e:05:3b:76:38:f0:18:fd:44:93:c1:06:79:1d:d5:c3:a6:
|
|
||||||
bf:c1:0a:98:d8:81:9a:66:a9:85:42:c0:fe:dd:ff:ef:21:6e:
|
|
||||||
00:9f:68:0a:df:97:c8:5e:f3:d6:c1:fb:06:d6:40:3d:14:59:
|
|
||||||
a7:3a:f5:c9:70:fd:b1:93:88:5f:18:45:5d:58:97:60:6a:aa:
|
|
||||||
a6:6e:74:de:0e:ba:cc:9b:bf:35:3c:b3:f6:0c:1c:48:7c:5d:
|
|
||||||
70:73:db:73:db:28:a9:b8:bc:1a:1e:b8:1c:d5:36:03:f3:22:
|
|
||||||
91:d1:e7:8d:eb:36:00:f9:10:b2:16:2b:65:e4:6e:1a:9e:5f:
|
|
||||||
cd:f0:fd:9f:39:8f:71:35:de:5c:57:a8:1a:d0:fa:25:12:80:
|
|
||||||
fb:9a:da:bb
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIFXjCCBEagAwIBAgIBBTANBgkqhkiG9w0BAQsFADCBtjELMAkGA1UEBhMCVVMx
|
|
||||||
CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZv
|
|
||||||
cnQtRnVuc3RvbjEdMBsGA1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNV
|
|
||||||
BAMTD0ZvcnQtRnVuc3RvbiBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3
|
|
||||||
DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE2MDgyNjE3MDg1NloXDTI2MDgy
|
|
||||||
NDE3MDg1NlowgasxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMM
|
|
||||||
U2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24xHTAbBgNVBAsTFE15
|
|
||||||
T3JnYW5pemF0aW9uYWxVbml0MQ0wCwYDVQQDEwRjbHQxMRAwDgYDVQQpEwdFYXN5
|
|
||||||
UlNBMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wggEiMA0GCSqG
|
|
||||||
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDV8hwjWUGHp2gGfS9fqogWSpFZEX/ZKNHs
|
|
||||||
1sm8sGuQ7kSUROfUuRFI9/HKnvjOAkSye5A94ZdCsQL+qxwqiYFQgUKff4dBh761
|
|
||||||
vMCfM4EmgYYkqUxybH/pqHEfqkVKOL3IV8QljEcU0OBgSwfuu1K5ldNmJMRreTaD
|
|
||||||
r2u4AY9n8oF/Pv7DT3KsBmVDOQ/8X3G8XBL2Nu8nYaAyTNHN4RXiZLX9/VTVY0Wh
|
|
||||||
lpo4UMW3fg77ltmnp09YWK+hF1D6ZmJDHoo4anxUP41aElzjzJVVJZvuvDNAOlTL
|
|
||||||
OT5sFzB5+iS6HFpU/7AwEdSqklrXpjkWRdd0/kCc1M30dDSV70qZAgMBAAGjggF+
|
|
||||||
MIIBejAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0
|
|
||||||
ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFNzicNBZOfX14EjiqV810pg06iD7MIHr
|
|
||||||
BgNVHSMEgeMwgeCAFOMr5HTPm7xubeZSHREE/GYfJUpzoYG8pIG5MIG2MQswCQYD
|
|
||||||
VQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMG
|
|
||||||
A1UEChMMRm9ydC1GdW5zdG9uMR0wGwYDVQQLExRNeU9yZ2FuaXphdGlvbmFsVW5p
|
|
||||||
dDEYMBYGA1UEAxMPRm9ydC1GdW5zdG9uIENBMRAwDgYDVQQpEwdFYXN5UlNBMSEw
|
|
||||||
HwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CCQD5L8aLDvHrnjATBgNV
|
|
||||||
HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDwYDVR0RBAgwBoIEY2x0MTAN
|
|
||||||
BgkqhkiG9w0BAQsFAAOCAQEArYCD3awXnNrKccaZE8e1t7RpqfoP3fq2T6IZEDrq
|
|
||||||
fjfhqCmgRXZ+0qgIF/ZKrZ4xrbG05Vo/SuMv4/o3Dj0EyqqajU5vojWuSDeeo8yD
|
|
||||||
ITQ0L+JxxlGhW0at1RAm6uJLGN+O4qus4zuip/uZ8g4FO3Y48Bj9RJPBBnkd1cOm
|
|
||||||
v8EKmNiBmmaphULA/t3/7yFuAJ9oCt+XyF7z1sH7BtZAPRRZpzr1yXD9sZOIXxhF
|
|
||||||
XViXYGqqpm503g66zJu/NTyz9gwcSHxdcHPbc9soqbi8Gh64HNU2A/MikdHnjes2
|
|
||||||
APkQshYrZeRuGp5fzfD9nzmPcTXeXFeoGtD6JRKA+5rauw==
|
|
||||||
-----END CERTIFICATE-----
|
|
@ -1,30 +0,0 @@
|
|||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIFEjCCA/qgAwIBAgIJAPkvxosO8eueMA0GCSqGSIb3DQEBCwUAMIG2MQswCQYD
|
|
||||||
VQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMG
|
|
||||||
A1UEChMMRm9ydC1GdW5zdG9uMR0wGwYDVQQLExRNeU9yZ2FuaXphdGlvbmFsVW5p
|
|
||||||
dDEYMBYGA1UEAxMPRm9ydC1GdW5zdG9uIENBMRAwDgYDVQQpEwdFYXN5UlNBMSEw
|
|
||||||
HwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wHhcNMTYwODI2MTcwNjMx
|
|
||||||
WhcNMjYwODI0MTcwNjMxWjCBtjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRUw
|
|
||||||
EwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZvcnQtRnVuc3RvbjEdMBsG
|
|
||||||
A1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNVBAMTD0ZvcnQtRnVuc3Rv
|
|
||||||
biBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0
|
|
||||||
Lm15ZG9tYWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1NZs05qa
|
|
||||||
+/07CjD+XWYienpCY0MSwQIWfzdMMCYhj9XdLYVS78Qt543nQ+KFdlIUvXKZteMz
|
|
||||||
0eYhPrRuqO+IJqBY/c35HLbz1RWhPta7UzUY2iFK+b2ja55KJvpoTESXWhrX5dNS
|
|
||||||
qzkuoYScn8FDADWbT04kcJmJYwcCucZl++as8yNQrNgOeItZbj9xiFpkq8Xy0aQ0
|
|
||||||
U0G7+Ip1+Z3TNzP/sZ5Jg5CIuZhs7+pkoFqrEJhSpjAdAXb5ZdioLsqE7sDSyeVa
|
|
||||||
8RM6a9y3fVAGY45/oZ02i/cAoWz9Oe4702QnhxHwdwEBF3JOHwdDDhrZdF9PmCKB
|
|
||||||
4cMZ+8gCs8vIewIDAQABo4IBHzCCARswHQYDVR0OBBYEFOMr5HTPm7xubeZSHREE
|
|
||||||
/GYfJUpzMIHrBgNVHSMEgeMwgeCAFOMr5HTPm7xubeZSHREE/GYfJUpzoYG8pIG5
|
|
||||||
MIG2MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5j
|
|
||||||
aXNjbzEVMBMGA1UEChMMRm9ydC1GdW5zdG9uMR0wGwYDVQQLExRNeU9yZ2FuaXph
|
|
||||||
dGlvbmFsVW5pdDEYMBYGA1UEAxMPRm9ydC1GdW5zdG9uIENBMRAwDgYDVQQpEwdF
|
|
||||||
YXN5UlNBMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CCQD5L8aL
|
|
||||||
DvHrnjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAP8mlnPOO15Xsl
|
|
||||||
DBAI3/PD7HbgPfQCq/7mOkW+QFFMOZ4HqZcgdVUM/yhkzpEQJBrQgYr4X1I48D8N
|
|
||||||
bdcG8JEEOXwgj/xu1M+buZIeh0vBQ1j4zNjzYhcho5kiUwW8vVvHyFhugfZUpQZL
|
|
||||||
WnR8GTP00/XuBNqTuXBnBzT8/MTBec4TDPfG7f0Tyosypvg9R8TYuZmYU8qdpVMA
|
|
||||||
W4JxpVGmCyUTi/7gQnntpUm7fbCwD166/phJXU5tuMyDdNuejd3mmkM4euHpL07m
|
|
||||||
CD5kizBstiHWRrb0vOzvZenZg8pCzJjSTJhfA1gPd4z1XUYN5HRWqqcE2UiR88b+
|
|
||||||
OChbJBgi
|
|
||||||
-----END CERTIFICATE-----
|
|
@ -1,28 +0,0 @@
|
|||||||
-----BEGIN PRIVATE KEY-----
|
|
||||||
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDU1mzTmpr7/TsK
|
|
||||||
MP5dZiJ6ekJjQxLBAhZ/N0wwJiGP1d0thVLvxC3njedD4oV2UhS9cpm14zPR5iE+
|
|
||||||
tG6o74gmoFj9zfkctvPVFaE+1rtTNRjaIUr5vaNrnkom+mhMRJdaGtfl01KrOS6h
|
|
||||||
hJyfwUMANZtPTiRwmYljBwK5xmX75qzzI1Cs2A54i1luP3GIWmSrxfLRpDRTQbv4
|
|
||||||
inX5ndM3M/+xnkmDkIi5mGzv6mSgWqsQmFKmMB0Bdvll2KguyoTuwNLJ5VrxEzpr
|
|
||||||
3Ld9UAZjjn+hnTaL9wChbP057jvTZCeHEfB3AQEXck4fB0MOGtl0X0+YIoHhwxn7
|
|
||||||
yAKzy8h7AgMBAAECggEAPoNQaYJifRruqVqki2hBPjoEn8UGkBv94ZWrUgURHH8T
|
|
||||||
PJiJOJUlanp6b6zryEnpf49WaF74THFMWG+EhSf9lGLKYJmLzoxJ5883kg5d7N2O
|
|
||||||
lBrtO5cgla5jVzl7QtNupO93dDByeooMETKzEhUgicI1AMER4OSnvqdDfK8yKx8X
|
|
||||||
ej3/t/7zoH4+WCZuRuJs6yo8KdVckr0Kc7T/9aksr3mk8aq/o4FvBMBMswVki5UF
|
|
||||||
bw6veVmvvpW+Dy3Z8nmsov1QKi4GgHG0ZorgezwaUp7xVdzWsd1EpVNFWKBJ2s0G
|
|
||||||
WBn/A3ihTom8BUICqQNSfPVxUUKkR+CzuqeWN6QegQKBgQDym/+vHWuLlAQMNj1J
|
|
||||||
Cp0ql4DlaGQGCgyJBYObHTk7H03/D3ZyQj1olJ/NCYWY9txXyEVtqvGejKWkhyHR
|
|
||||||
VS1/K/EB4xkacTC0mXxn8CaN3wM2+ayIZCS1FVLILhvSSNhSThy2FoR5pZ1CVGmC
|
|
||||||
RooCO3g4B45TazTS8nyXk9qsQQKBgQDglcJ6xBgGeJDW5vOdwtH2lxgEKsou5XsV
|
|
||||||
tRJ7p7LvrKyi+ZcFCqZi1qIvlRR8fbsd25mFPRZXgxhDDMIFud9sxO1TSEDWslcK
|
|
||||||
cKYKBU0KCxqScZHmwv/P6IH1y68OW//85JUBYf53k4TesX5GQ+brx4a7+c3d9+EZ
|
|
||||||
GHA7nca1uwKBgQCFWFLHOB9lPzyeTa2PmOLbhxwUezUG0L0lDr/QINbU9RbUivYq
|
|
||||||
RNglxBK1CnfApGZlZTEr3togr+NXM+LVgMCZ9lfoFp80lmQTz4y+QBOgxKOqsr4u
|
|
||||||
1QQL96VhW151TQ6A5mgHeQblKa7uxyCatxSht3gTK6wBk5ocG6V5Vo3JQQKBgEHj
|
|
||||||
TeIsg4vqdTvHF/PRwz2gCFi4oQZvJtQwglKq2XE9bIyHwwmknTnkFEL3bsIzNOFG
|
|
||||||
mtyfFl3oRQbuyEFbzbOgdqv3R6Z1Pdn/QIcyFO78YPhTv2U/EkPRx8bv0dTZotlz
|
|
||||||
yk9Ui45TRij7U7uTkjzcFagyWnZjkbOGGu8yk6ifAoGBAJn8JqkQLryz/eAzM9vw
|
|
||||||
YIjEXxh4pqvflQtlD5rK+PSxceq7pDObaRyPx38Sv0G+usAPjSUGUiUaVwqhaqVG
|
|
||||||
pPKqCJtUtBpSHClZzHuUnh91BAE0c5V1zJI9GNCccKy94A1cIP9fApP7aqLn6uaP
|
|
||||||
rr/mnZBf1ip0YN6dTEtUh5iW
|
|
||||||
-----END PRIVATE KEY-----
|
|
@ -1,98 +0,0 @@
|
|||||||
Certificate:
|
|
||||||
Data:
|
|
||||||
Version: 3 (0x2)
|
|
||||||
Serial Number: 5 (0x5)
|
|
||||||
Signature Algorithm: sha256WithRSAEncryption
|
|
||||||
Issuer: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain
|
|
||||||
Validity
|
|
||||||
Not Before: Aug 26 17:08:56 2016 GMT
|
|
||||||
Not After : Aug 24 17:08:56 2026 GMT
|
|
||||||
Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=clt1/name=EasyRSA/emailAddress=me@myhost.mydomain
|
|
||||||
Subject Public Key Info:
|
|
||||||
Public Key Algorithm: rsaEncryption
|
|
||||||
Public-Key: (2048 bit)
|
|
||||||
Modulus:
|
|
||||||
00:d5:f2:1c:23:59:41:87:a7:68:06:7d:2f:5f:aa:
|
|
||||||
88:16:4a:91:59:11:7f:d9:28:d1:ec:d6:c9:bc:b0:
|
|
||||||
6b:90:ee:44:94:44:e7:d4:b9:11:48:f7:f1:ca:9e:
|
|
||||||
f8:ce:02:44:b2:7b:90:3d:e1:97:42:b1:02:fe:ab:
|
|
||||||
1c:2a:89:81:50:81:42:9f:7f:87:41:87:be:b5:bc:
|
|
||||||
c0:9f:33:81:26:81:86:24:a9:4c:72:6c:7f:e9:a8:
|
|
||||||
71:1f:aa:45:4a:38:bd:c8:57:c4:25:8c:47:14:d0:
|
|
||||||
e0:60:4b:07:ee:bb:52:b9:95:d3:66:24:c4:6b:79:
|
|
||||||
36:83:af:6b:b8:01:8f:67:f2:81:7f:3e:fe:c3:4f:
|
|
||||||
72:ac:06:65:43:39:0f:fc:5f:71:bc:5c:12:f6:36:
|
|
||||||
ef:27:61:a0:32:4c:d1:cd:e1:15:e2:64:b5:fd:fd:
|
|
||||||
54:d5:63:45:a1:96:9a:38:50:c5:b7:7e:0e:fb:96:
|
|
||||||
d9:a7:a7:4f:58:58:af:a1:17:50:fa:66:62:43:1e:
|
|
||||||
8a:38:6a:7c:54:3f:8d:5a:12:5c:e3:cc:95:55:25:
|
|
||||||
9b:ee:bc:33:40:3a:54:cb:39:3e:6c:17:30:79:fa:
|
|
||||||
24:ba:1c:5a:54:ff:b0:30:11:d4:aa:92:5a:d7:a6:
|
|
||||||
39:16:45:d7:74:fe:40:9c:d4:cd:f4:74:34:95:ef:
|
|
||||||
4a:99
|
|
||||||
Exponent: 65537 (0x10001)
|
|
||||||
X509v3 extensions:
|
|
||||||
X509v3 Basic Constraints:
|
|
||||||
CA:FALSE
|
|
||||||
Netscape Comment:
|
|
||||||
Easy-RSA Generated Certificate
|
|
||||||
X509v3 Subject Key Identifier:
|
|
||||||
DC:E2:70:D0:59:39:F5:F5:E0:48:E2:A9:5F:35:D2:98:34:EA:20:FB
|
|
||||||
X509v3 Authority Key Identifier:
|
|
||||||
keyid:E3:2B:E4:74:CF:9B:BC:6E:6D:E6:52:1D:11:04:FC:66:1F:25:4A:73
|
|
||||||
DirName:/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain
|
|
||||||
serial:F9:2F:C6:8B:0E:F1:EB:9E
|
|
||||||
|
|
||||||
X509v3 Extended Key Usage:
|
|
||||||
TLS Web Client Authentication
|
|
||||||
X509v3 Key Usage:
|
|
||||||
Digital Signature
|
|
||||||
X509v3 Subject Alternative Name:
|
|
||||||
DNS:clt1
|
|
||||||
Signature Algorithm: sha256WithRSAEncryption
|
|
||||||
ad:80:83:dd:ac:17:9c:da:ca:71:c6:99:13:c7:b5:b7:b4:69:
|
|
||||||
a9:fa:0f:dd:fa:b6:4f:a2:19:10:3a:ea:7e:37:e1:a8:29:a0:
|
|
||||||
45:76:7e:d2:a8:08:17:f6:4a:ad:9e:31:ad:b1:b4:e5:5a:3f:
|
|
||||||
4a:e3:2f:e3:fa:37:0e:3d:04:ca:aa:9a:8d:4e:6f:a2:35:ae:
|
|
||||||
48:37:9e:a3:cc:83:21:34:34:2f:e2:71:c6:51:a1:5b:46:ad:
|
|
||||||
d5:10:26:ea:e2:4b:18:df:8e:e2:ab:ac:e3:3b:a2:a7:fb:99:
|
|
||||||
f2:0e:05:3b:76:38:f0:18:fd:44:93:c1:06:79:1d:d5:c3:a6:
|
|
||||||
bf:c1:0a:98:d8:81:9a:66:a9:85:42:c0:fe:dd:ff:ef:21:6e:
|
|
||||||
00:9f:68:0a:df:97:c8:5e:f3:d6:c1:fb:06:d6:40:3d:14:59:
|
|
||||||
a7:3a:f5:c9:70:fd:b1:93:88:5f:18:45:5d:58:97:60:6a:aa:
|
|
||||||
a6:6e:74:de:0e:ba:cc:9b:bf:35:3c:b3:f6:0c:1c:48:7c:5d:
|
|
||||||
70:73:db:73:db:28:a9:b8:bc:1a:1e:b8:1c:d5:36:03:f3:22:
|
|
||||||
91:d1:e7:8d:eb:36:00:f9:10:b2:16:2b:65:e4:6e:1a:9e:5f:
|
|
||||||
cd:f0:fd:9f:39:8f:71:35:de:5c:57:a8:1a:d0:fa:25:12:80:
|
|
||||||
fb:9a:da:bb
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIFXjCCBEagAwIBAgIBBTANBgkqhkiG9w0BAQsFADCBtjELMAkGA1UEBhMCVVMx
|
|
||||||
CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZv
|
|
||||||
cnQtRnVuc3RvbjEdMBsGA1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNV
|
|
||||||
BAMTD0ZvcnQtRnVuc3RvbiBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3
|
|
||||||
DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE2MDgyNjE3MDg1NloXDTI2MDgy
|
|
||||||
NDE3MDg1NlowgasxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMM
|
|
||||||
U2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24xHTAbBgNVBAsTFE15
|
|
||||||
T3JnYW5pemF0aW9uYWxVbml0MQ0wCwYDVQQDEwRjbHQxMRAwDgYDVQQpEwdFYXN5
|
|
||||||
UlNBMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wggEiMA0GCSqG
|
|
||||||
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDV8hwjWUGHp2gGfS9fqogWSpFZEX/ZKNHs
|
|
||||||
1sm8sGuQ7kSUROfUuRFI9/HKnvjOAkSye5A94ZdCsQL+qxwqiYFQgUKff4dBh761
|
|
||||||
vMCfM4EmgYYkqUxybH/pqHEfqkVKOL3IV8QljEcU0OBgSwfuu1K5ldNmJMRreTaD
|
|
||||||
r2u4AY9n8oF/Pv7DT3KsBmVDOQ/8X3G8XBL2Nu8nYaAyTNHN4RXiZLX9/VTVY0Wh
|
|
||||||
lpo4UMW3fg77ltmnp09YWK+hF1D6ZmJDHoo4anxUP41aElzjzJVVJZvuvDNAOlTL
|
|
||||||
OT5sFzB5+iS6HFpU/7AwEdSqklrXpjkWRdd0/kCc1M30dDSV70qZAgMBAAGjggF+
|
|
||||||
MIIBejAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0
|
|
||||||
ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFNzicNBZOfX14EjiqV810pg06iD7MIHr
|
|
||||||
BgNVHSMEgeMwgeCAFOMr5HTPm7xubeZSHREE/GYfJUpzoYG8pIG5MIG2MQswCQYD
|
|
||||||
VQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMG
|
|
||||||
A1UEChMMRm9ydC1GdW5zdG9uMR0wGwYDVQQLExRNeU9yZ2FuaXphdGlvbmFsVW5p
|
|
||||||
dDEYMBYGA1UEAxMPRm9ydC1GdW5zdG9uIENBMRAwDgYDVQQpEwdFYXN5UlNBMSEw
|
|
||||||
HwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CCQD5L8aLDvHrnjATBgNV
|
|
||||||
HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDwYDVR0RBAgwBoIEY2x0MTAN
|
|
||||||
BgkqhkiG9w0BAQsFAAOCAQEArYCD3awXnNrKccaZE8e1t7RpqfoP3fq2T6IZEDrq
|
|
||||||
fjfhqCmgRXZ+0qgIF/ZKrZ4xrbG05Vo/SuMv4/o3Dj0EyqqajU5vojWuSDeeo8yD
|
|
||||||
ITQ0L+JxxlGhW0at1RAm6uJLGN+O4qus4zuip/uZ8g4FO3Y48Bj9RJPBBnkd1cOm
|
|
||||||
v8EKmNiBmmaphULA/t3/7yFuAJ9oCt+XyF7z1sH7BtZAPRRZpzr1yXD9sZOIXxhF
|
|
||||||
XViXYGqqpm503g66zJu/NTyz9gwcSHxdcHPbc9soqbi8Gh64HNU2A/MikdHnjes2
|
|
||||||
APkQshYrZeRuGp5fzfD9nzmPcTXeXFeoGtD6JRKA+5rauw==
|
|
||||||
-----END CERTIFICATE-----
|
|
@ -1,18 +0,0 @@
|
|||||||
-----BEGIN CERTIFICATE REQUEST-----
|
|
||||||
MIIC8TCCAdkCAQAwgasxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UE
|
|
||||||
BxMMU2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24xHTAbBgNVBAsT
|
|
||||||
FE15T3JnYW5pemF0aW9uYWxVbml0MQ0wCwYDVQQDEwRjbHQxMRAwDgYDVQQpEwdF
|
|
||||||
YXN5UlNBMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wggEiMA0G
|
|
||||||
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDV8hwjWUGHp2gGfS9fqogWSpFZEX/Z
|
|
||||||
KNHs1sm8sGuQ7kSUROfUuRFI9/HKnvjOAkSye5A94ZdCsQL+qxwqiYFQgUKff4dB
|
|
||||||
h761vMCfM4EmgYYkqUxybH/pqHEfqkVKOL3IV8QljEcU0OBgSwfuu1K5ldNmJMRr
|
|
||||||
eTaDr2u4AY9n8oF/Pv7DT3KsBmVDOQ/8X3G8XBL2Nu8nYaAyTNHN4RXiZLX9/VTV
|
|
||||||
Y0Whlpo4UMW3fg77ltmnp09YWK+hF1D6ZmJDHoo4anxUP41aElzjzJVVJZvuvDNA
|
|
||||||
OlTLOT5sFzB5+iS6HFpU/7AwEdSqklrXpjkWRdd0/kCc1M30dDSV70qZAgMBAAGg
|
|
||||||
ADANBgkqhkiG9w0BAQsFAAOCAQEAk0u+mwQtAqx5g6BLXTgSwzcHGpxItbOasuIv
|
|
||||||
8BtQsVoIvbVzUu8v83BjJK2OfusTqgLQvDafAbCPn7LUbKFLW6/tHtsgdCDEuY1R
|
|
||||||
+1FuFmI16E2OukJc8A/rfkIrYl9uV5VKE3irU5rGF0EMWwfixxu8Vnv9VzTPEoL6
|
|
||||||
B8rqAKE6uFm9IKoJPeDb/nv73PhpPbU76qb/aYJ60Hh1jEXAe8THKxU1oH2z2DWx
|
|
||||||
4kYCncjjfhrwaQZQ9FHH8/gZ1Xjn55+fAz82rPPdZVtJM2PlGUzzLfaDn9En4tU9
|
|
||||||
vVt1/5NU4gZeUVuPH0wyjeNDSZmczX610k+Me4eccKspOtIL2A==
|
|
||||||
-----END CERTIFICATE REQUEST-----
|
|
@ -1,28 +0,0 @@
|
|||||||
-----BEGIN PRIVATE KEY-----
|
|
||||||
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDV8hwjWUGHp2gG
|
|
||||||
fS9fqogWSpFZEX/ZKNHs1sm8sGuQ7kSUROfUuRFI9/HKnvjOAkSye5A94ZdCsQL+
|
|
||||||
qxwqiYFQgUKff4dBh761vMCfM4EmgYYkqUxybH/pqHEfqkVKOL3IV8QljEcU0OBg
|
|
||||||
Swfuu1K5ldNmJMRreTaDr2u4AY9n8oF/Pv7DT3KsBmVDOQ/8X3G8XBL2Nu8nYaAy
|
|
||||||
TNHN4RXiZLX9/VTVY0Whlpo4UMW3fg77ltmnp09YWK+hF1D6ZmJDHoo4anxUP41a
|
|
||||||
ElzjzJVVJZvuvDNAOlTLOT5sFzB5+iS6HFpU/7AwEdSqklrXpjkWRdd0/kCc1M30
|
|
||||||
dDSV70qZAgMBAAECggEAdX75pRAnxPBTWPz3P3rQMi3RlTDfHcwlPgTX1iCtcnLo
|
|
||||||
huUwzMq2i3Rf/f9AdSMZx0vE87co8x9znZkrZtENi8DxbdcD2SFLw1NeFhCbJSKN
|
|
||||||
ISU5Lr4XoaM4PUOtug1fbN+GgXiAsRXlo/yQ5rNJw1JdPwOCO+Pd5IQ6jFuO/m5X
|
|
||||||
T2ZpsmSeI0q8f5oe4mjKelyMJhbO4eBZiZg421Q7BkWqc+waeEaFWjppmaaiqA/7
|
|
||||||
sva3KSP/GyEyc3a62vsE2f0zqkc9xQo1s4GTgBt4AOWuOe6oDxhaNygU66LeOLUH
|
|
||||||
yL/qfbzd4c8kdZieeMC2vZU/6fmPfPJ0HsUjllXW4QKBgQDsB8w8ydfYai4c6yHF
|
|
||||||
ntaDZ32JYbPfWwQ+sI9AhlNfV8aSoO8Vhkn1aPgS+AYq+7SwV3CKJPeClRr88gU6
|
|
||||||
/utZ19uPRAckng0ZvdejUe6saMVLCG3FgskONc/a8wBv1JBuq37cQbrd+Fr+A6bU
|
|
||||||
5BwxoRMch/QMlg42DXBWTLSvPwKBgQDoC/o7gqs1XxYFsh54iYWnIBJUEu0XP15E
|
|
||||||
XACUf2UKSGEicRhjIDR45oMTFhGdh+43Etzkes/VavwNAqaNzggJPKUJz0SAbDmo
|
|
||||||
mhKAqAJE5u4e8V4P+3ZUpE20lpC8d4b0fm3JM7UP6IdH91e4lXyangZr875mZRrM
|
|
||||||
z+d1KgloJwKBgQCkUy17KN9wWUQvd/g0OMiKBbQdwHrVRu2mo4+oUZyb5WVnUkoB
|
|
||||||
x1OYWvNTaYAJzuHWX5oHY4M6U4rNjcXcc/vwudqvXKJIeQ0P3d7SYslzGSI6gezC
|
|
||||||
tLI7hXVnrwSf1vKTSixxNgXeYfkfnfU5hHKojsbad0COvq24LhUG0DJ/SwKBgQCg
|
|
||||||
xcOvPb6fsOzSL3H7M9U9UPRB+gb5B3epx1DDkmyQLkvWkCNEcsjIR3XjYHP+AHMl
|
|
||||||
B1WynACproFKBl8devWIaNM0M74TeGiOj4loSH+h+5paKANy8VgwFtKb34ISgoIn
|
|
||||||
nf003TWC+ynXy+CkTDZT7k8mtm9iBIUICLgmLmTsGwKBgFoLwh1kCjIKqmjSnZdS
|
|
||||||
OzTpAa49xDE0fkGXWCnW2E+KMIBZE/VOPh0MYj2YWThKqt5yEk+tPmxiyxvo5ohH
|
|
||||||
2GZKOzkcsOpZROaNfX/9edPDsL0VYHv0IDPDcoJyiEGANh0VwIqFUAX6Hmwzno6Q
|
|
||||||
nw7R4xO7SN9M9fxuexGrU3Ba
|
|
||||||
-----END PRIVATE KEY-----
|
|
@ -1,5 +0,0 @@
|
|||||||
V 260824170732Z 01 unknown /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=-h/name=EasyRSA/emailAddress=me@myhost.mydomain
|
|
||||||
V 260824170814Z 02 unknown /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=ts.uts-server.org/name=EasyRSA/emailAddress=me@myhost.mydomain
|
|
||||||
V 260824170843Z 03 unknown /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=tsa1/name=EasyRSA/emailAddress=me@myhost.mydomain
|
|
||||||
V 260824170844Z 04 unknown /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=tsa2/name=EasyRSA/emailAddress=me@myhost.mydomain
|
|
||||||
V 260824170856Z 05 unknown /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=clt1/name=EasyRSA/emailAddress=me@myhost.mydomain
|
|
@ -1 +0,0 @@
|
|||||||
unique_subject = yes
|
|
@ -1 +0,0 @@
|
|||||||
unique_subject = yes
|
|
@ -1,4 +0,0 @@
|
|||||||
V 260824170732Z 01 unknown /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=-h/name=EasyRSA/emailAddress=me@myhost.mydomain
|
|
||||||
V 260824170814Z 02 unknown /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=ts.uts-server.org/name=EasyRSA/emailAddress=me@myhost.mydomain
|
|
||||||
V 260824170843Z 03 unknown /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=tsa1/name=EasyRSA/emailAddress=me@myhost.mydomain
|
|
||||||
V 260824170844Z 04 unknown /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=tsa2/name=EasyRSA/emailAddress=me@myhost.mydomain
|
|
@ -1 +0,0 @@
|
|||||||
06
|
|
@ -1 +0,0 @@
|
|||||||
05
|
|
@ -1,99 +0,0 @@
|
|||||||
Certificate:
|
|
||||||
Data:
|
|
||||||
Version: 3 (0x2)
|
|
||||||
Serial Number: 2 (0x2)
|
|
||||||
Signature Algorithm: sha256WithRSAEncryption
|
|
||||||
Issuer: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain
|
|
||||||
Validity
|
|
||||||
Not Before: Aug 26 17:08:14 2016 GMT
|
|
||||||
Not After : Aug 24 17:08:14 2026 GMT
|
|
||||||
Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=ts.uts-server.org/name=EasyRSA/emailAddress=me@myhost.mydomain
|
|
||||||
Subject Public Key Info:
|
|
||||||
Public Key Algorithm: rsaEncryption
|
|
||||||
Public-Key: (2048 bit)
|
|
||||||
Modulus:
|
|
||||||
00:d3:50:7a:93:b7:10:8e:d2:2e:31:30:f6:10:9f:
|
|
||||||
bc:d6:db:ab:f0:4c:96:46:d2:bf:b2:2a:a0:f6:f7:
|
|
||||||
5c:48:83:66:54:75:3e:a3:25:20:89:2d:f7:9a:c5:
|
|
||||||
32:12:b1:32:a0:99:27:f4:9c:f0:e8:a2:19:9b:83:
|
|
||||||
a6:e1:aa:42:0a:f4:0b:81:a2:9c:3e:f2:5a:1c:ad:
|
|
||||||
5e:f8:24:12:e9:ec:75:cc:43:7c:6b:16:9a:5f:aa:
|
|
||||||
9e:39:b5:9f:2c:3e:b0:3f:cd:31:7f:90:46:a9:60:
|
|
||||||
74:d3:e0:18:e8:ee:0e:71:bf:37:bc:fe:2b:94:33:
|
|
||||||
61:3d:01:02:ed:f8:b8:66:6a:9f:76:c0:06:c8:06:
|
|
||||||
2b:70:5e:87:d2:17:b7:cd:aa:40:1f:ae:af:a4:c7:
|
|
||||||
3f:60:bc:be:54:ee:30:4e:fe:8e:2d:32:27:5c:f9:
|
|
||||||
af:2f:f9:f1:d2:2b:08:b5:6d:89:8b:84:3e:e9:d4:
|
|
||||||
e8:0b:c4:d7:5f:07:4e:96:5c:a2:4b:63:ef:a8:49:
|
|
||||||
55:39:55:34:1d:b5:ce:8e:5d:13:69:8d:52:d5:1e:
|
|
||||||
30:f9:ed:73:0b:2b:7d:8c:e1:c0:93:a9:28:20:d7:
|
|
||||||
f0:ec:04:37:bf:4b:85:0e:e2:3a:e8:54:ad:d9:e3:
|
|
||||||
27:8f:c7:43:8e:65:e1:f9:51:f0:c3:96:f2:0e:8d:
|
|
||||||
83:79
|
|
||||||
Exponent: 65537 (0x10001)
|
|
||||||
X509v3 extensions:
|
|
||||||
X509v3 Basic Constraints:
|
|
||||||
CA:FALSE
|
|
||||||
Netscape Comment:
|
|
||||||
Easy-RSA Generated Certificate
|
|
||||||
X509v3 Subject Key Identifier:
|
|
||||||
FF:2D:69:50:05:46:A3:95:F4:A3:E0:2E:34:39:EF:9B:BC:E2:F0:86
|
|
||||||
X509v3 Authority Key Identifier:
|
|
||||||
keyid:E3:2B:E4:74:CF:9B:BC:6E:6D:E6:52:1D:11:04:FC:66:1F:25:4A:73
|
|
||||||
DirName:/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain
|
|
||||||
serial:F9:2F:C6:8B:0E:F1:EB:9E
|
|
||||||
|
|
||||||
X509v3 Extended Key Usage:
|
|
||||||
TLS Web Client Authentication
|
|
||||||
X509v3 Key Usage:
|
|
||||||
Digital Signature
|
|
||||||
X509v3 Subject Alternative Name:
|
|
||||||
DNS:ts.uts-server.org
|
|
||||||
Signature Algorithm: sha256WithRSAEncryption
|
|
||||||
d2:ff:65:c8:fe:69:7d:fd:99:b9:4e:4c:c3:fe:ff:97:74:59:
|
|
||||||
a1:89:b6:47:b3:10:79:76:ee:7b:0b:26:7e:db:cd:fd:e1:52:
|
|
||||||
4b:94:78:3e:72:ba:8c:58:48:4f:67:ef:05:29:9e:7b:1a:07:
|
|
||||||
82:72:27:67:78:ef:43:e1:67:08:73:2c:11:e1:91:f4:4e:73:
|
|
||||||
5a:a8:09:61:9f:33:d1:33:c7:43:10:8b:a9:e8:16:63:97:e9:
|
|
||||||
81:63:74:f4:5a:b5:fc:88:46:a6:c9:c4:89:23:1d:ac:4a:02:
|
|
||||||
3f:29:ae:59:a2:6f:37:a1:27:e1:6e:34:c8:99:35:0b:50:5e:
|
|
||||||
bc:3d:64:01:7e:5e:4e:ee:79:48:a9:e6:26:bb:2d:f8:18:88:
|
|
||||||
ea:22:df:8e:7b:71:24:c1:6b:17:26:4c:96:0c:d0:d2:b4:29:
|
|
||||||
9a:1d:9a:ae:26:2b:aa:95:a9:9b:15:58:a6:9a:c4:5b:48:64:
|
|
||||||
ff:e0:e6:fb:53:37:0d:20:83:94:95:4e:5a:b9:3c:62:47:bc:
|
|
||||||
fb:6d:0a:eb:f2:b1:9c:d7:ee:30:9b:07:9f:1a:27:1f:e0:bb:
|
|
||||||
5e:36:4b:06:19:10:89:43:14:98:fc:cd:52:82:48:59:cc:77:
|
|
||||||
64:bd:ff:e7:b4:b1:00:ad:7a:94:c6:47:c7:f9:32:25:ad:2c:
|
|
||||||
14:e6:1c:df
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIFeDCCBGCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBtjELMAkGA1UEBhMCVVMx
|
|
||||||
CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZv
|
|
||||||
cnQtRnVuc3RvbjEdMBsGA1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNV
|
|
||||||
BAMTD0ZvcnQtRnVuc3RvbiBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3
|
|
||||||
DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE2MDgyNjE3MDgxNFoXDTI2MDgy
|
|
||||||
NDE3MDgxNFowgbgxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMM
|
|
||||||
U2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24xHTAbBgNVBAsTFE15
|
|
||||||
T3JnYW5pemF0aW9uYWxVbml0MRowGAYDVQQDExF0cy51dHMtc2VydmVyLm9yZzEQ
|
|
||||||
MA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9t
|
|
||||||
YWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA01B6k7cQjtIuMTD2
|
|
||||||
EJ+81tur8EyWRtK/siqg9vdcSINmVHU+oyUgiS33msUyErEyoJkn9Jzw6KIZm4Om
|
|
||||||
4apCCvQLgaKcPvJaHK1e+CQS6ex1zEN8axaaX6qeObWfLD6wP80xf5BGqWB00+AY
|
|
||||||
6O4Ocb83vP4rlDNhPQEC7fi4ZmqfdsAGyAYrcF6H0he3zapAH66vpMc/YLy+VO4w
|
|
||||||
Tv6OLTInXPmvL/nx0isItW2Ji4Q+6dToC8TXXwdOllyiS2PvqElVOVU0HbXOjl0T
|
|
||||||
aY1S1R4w+e1zCyt9jOHAk6koINfw7AQ3v0uFDuI66FSt2eMnj8dDjmXh+VHww5by
|
|
||||||
Do2DeQIDAQABo4IBizCCAYcwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFz
|
|
||||||
eS1SU0EgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBT/LWlQBUajlfSj
|
|
||||||
4C40Oe+bvOLwhjCB6wYDVR0jBIHjMIHggBTjK+R0z5u8bm3mUh0RBPxmHyVKc6GB
|
|
||||||
vKSBuTCBtjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5G
|
|
||||||
cmFuY2lzY28xFTATBgNVBAoTDEZvcnQtRnVuc3RvbjEdMBsGA1UECxMUTXlPcmdh
|
|
||||||
bml6YXRpb25hbFVuaXQxGDAWBgNVBAMTD0ZvcnQtRnVuc3RvbiBDQTEQMA4GA1UE
|
|
||||||
KRMHRWFzeVJTQTEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluggkA
|
|
||||||
+S/Giw7x654wEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMBwGA1Ud
|
|
||||||
EQQVMBOCEXRzLnV0cy1zZXJ2ZXIub3JnMA0GCSqGSIb3DQEBCwUAA4IBAQDS/2XI
|
|
||||||
/ml9/Zm5TkzD/v+XdFmhibZHsxB5du57CyZ+28394VJLlHg+crqMWEhPZ+8FKZ57
|
|
||||||
GgeCcidneO9D4WcIcywR4ZH0TnNaqAlhnzPRM8dDEIup6BZjl+mBY3T0WrX8iEam
|
|
||||||
ycSJIx2sSgI/Ka5Zom83oSfhbjTImTULUF68PWQBfl5O7nlIqeYmuy34GIjqIt+O
|
|
||||||
e3EkwWsXJkyWDNDStCmaHZquJiuqlambFVimmsRbSGT/4Ob7UzcNIIOUlU5auTxi
|
|
||||||
R7z7bQrr8rGc1+4wmwefGicf4LteNksGGRCJQxSY/M1SgkhZzHdkvf/ntLEArXqU
|
|
||||||
xkfH+TIlrSwU5hzf
|
|
||||||
-----END CERTIFICATE-----
|
|
@ -1,19 +0,0 @@
|
|||||||
-----BEGIN CERTIFICATE REQUEST-----
|
|
||||||
MIIC/jCCAeYCAQAwgbgxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UE
|
|
||||||
BxMMU2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24xHTAbBgNVBAsT
|
|
||||||
FE15T3JnYW5pemF0aW9uYWxVbml0MRowGAYDVQQDExF0cy51dHMtc2VydmVyLm9y
|
|
||||||
ZzEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15
|
|
||||||
ZG9tYWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA01B6k7cQjtIu
|
|
||||||
MTD2EJ+81tur8EyWRtK/siqg9vdcSINmVHU+oyUgiS33msUyErEyoJkn9Jzw6KIZ
|
|
||||||
m4Om4apCCvQLgaKcPvJaHK1e+CQS6ex1zEN8axaaX6qeObWfLD6wP80xf5BGqWB0
|
|
||||||
0+AY6O4Ocb83vP4rlDNhPQEC7fi4ZmqfdsAGyAYrcF6H0he3zapAH66vpMc/YLy+
|
|
||||||
VO4wTv6OLTInXPmvL/nx0isItW2Ji4Q+6dToC8TXXwdOllyiS2PvqElVOVU0HbXO
|
|
||||||
jl0TaY1S1R4w+e1zCyt9jOHAk6koINfw7AQ3v0uFDuI66FSt2eMnj8dDjmXh+VHw
|
|
||||||
w5byDo2DeQIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAL+AN6jZ6QA2yxFk2rWy
|
|
||||||
4dqrDl+FGsxwIM9FTDD527+PgA0by8bPCLG+f/ep4HdH9CNJhmhArBcRLUs80b7H
|
|
||||||
fO8tvqDC7IE4Xahpc4sZHL2wJC0dVFsGtSk5wUmW9JnF2p0xy8EVF7aOYAalC1Lo
|
|
||||||
10y+6JqKZOyJOeLTjhmjpjtYI9qP8ss61Vw7Z8AkDJHelw/Bv2SYQ6uztDm8PvVW
|
|
||||||
aESnloNlAUmaqVqG+iDZ0ZaSyPy9Haf/O1kygyu7ganS+jXHm3T8LoCNYTCb03IV
|
|
||||||
zNVSP+N07sNfSGErhmMPi2MO5ahEJaTxfjo31MqvwOl4S45zjjnQoFc2HWEjX1OH
|
|
||||||
YlE=
|
|
||||||
-----END CERTIFICATE REQUEST-----
|
|
@ -1,28 +0,0 @@
|
|||||||
-----BEGIN PRIVATE KEY-----
|
|
||||||
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDTUHqTtxCO0i4x
|
|
||||||
MPYQn7zW26vwTJZG0r+yKqD291xIg2ZUdT6jJSCJLfeaxTISsTKgmSf0nPDoohmb
|
|
||||||
g6bhqkIK9AuBopw+8locrV74JBLp7HXMQ3xrFppfqp45tZ8sPrA/zTF/kEapYHTT
|
|
||||||
4Bjo7g5xvze8/iuUM2E9AQLt+Lhmap92wAbIBitwXofSF7fNqkAfrq+kxz9gvL5U
|
|
||||||
7jBO/o4tMidc+a8v+fHSKwi1bYmLhD7p1OgLxNdfB06WXKJLY++oSVU5VTQdtc6O
|
|
||||||
XRNpjVLVHjD57XMLK32M4cCTqSgg1/DsBDe/S4UO4jroVK3Z4yePx0OOZeH5UfDD
|
|
||||||
lvIOjYN5AgMBAAECggEBAKa35h3I3v1vghY5ZMn03U4+/kaWhjHWcHum+lwfCOYF
|
|
||||||
FaUo44Rf9G2GoMWxMzJgL2tZqpZphABmdAGoOu/sHjL6HGHo45EeME5T0ovAGlQI
|
|
||||||
xV+lFvJ+YMl9mVw6mRyVUQTlZVoZgEZ93W6UbdLIjwjbLqSje8pvRxaUR7Vs+D+E
|
|
||||||
DBBiAGWu74HKNzQ8GvoEZ/1tjI6/EZUrNY6tIJ7I4XyVoiPWnoXlOp0tmgJZLpRv
|
|
||||||
sTAmUlPoy/gYSxrMY0Ld/ar+gPscSl4KCiCjdH76BjAoTYCb3QyM1olNDOMSbXoP
|
|
||||||
tvpb3IFAwxs82yn+clpGXAu9v76jU0Sw8HODO0+HVAECgYEA99W+rbtLL0OPIyEY
|
|
||||||
6JzeEMf4WoIdwl/lzFFIKmZuEJEjrrFTRktiWuBp1V1BAfrUw3UWj2D0OXo45mQA
|
|
||||||
WVSO9Ked6yMbd98lELkc/n6GXvrDBfgyXyWwsGh9GJXZ+Apn41Ze1p6n0zEel1Fk
|
|
||||||
MN0AaleCHPf7Y5ZbVbf23d1nXbkCgYEA2ka3nNdhiHwZEfoB2mtF1Sonn301hdCk
|
|
||||||
Wgvz+ehRv9Z2tSU+mpROjIZ5Th68UuXIeiPLxXN01Z5cdQjNwNpjBiXFpTHRBdXg
|
|
||||||
woh9snV/ABTJRYUqPabUVMLb8kRL0D4PZy3CLjH92hvKmSYG+WofYNUU1zrbAx1h
|
|
||||||
RA2JucWUM8ECgYEAxmbdxBUJJmguQZAwcZ+LAuIjRsmda0r8GyoC3LatbCPU7ffV
|
|
||||||
U5PrxBadgwqpjR0xkNu+WL/kI9Ndk8sAoILaAq/g8ylixv7jnFSlCnNdvNGAqNm9
|
|
||||||
8X+pyD+Nzc3A9hnWex9cwvG2JpLPC5JD4/44Y+l0Jx66qEnpCmFAhvLE2jkCgYAs
|
|
||||||
dpdUhbNCgDUDKnBSM+PnxkyH+pN6jMPN6/1o/OAaOe+4ervD9U4C5imztiMap+As
|
|
||||||
sToDIL+9/CJNXNu82z+ssukN+5XeoHDGb9NbFQAn3hQZ60RthpxeH8t6EFt5Mgsl
|
|
||||||
M3cIvfo+AcdFZy+oguudaAp0xXJzsfpsSG2zwAGugQKBgQCkpLHyZLCD2ciOYg4f
|
|
||||||
V3NqpxviGAYx1FBSr6S97xA1dD7SnH8Mrv/ldxsK0ScGJVFjrGEFiU19HWoIYE9a
|
|
||||||
4//CVir2hxQ5Z8Ejp9ugTxbKcUukVoHbIw0PnWMJShQNbaGonn8pFJH7BJUZ0eI+
|
|
||||||
UhK6b0mz4qIixnYJBxuczj8WGA==
|
|
||||||
-----END PRIVATE KEY-----
|
|
@ -1,98 +0,0 @@
|
|||||||
Certificate:
|
|
||||||
Data:
|
|
||||||
Version: 3 (0x2)
|
|
||||||
Serial Number: 3 (0x3)
|
|
||||||
Signature Algorithm: sha256WithRSAEncryption
|
|
||||||
Issuer: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain
|
|
||||||
Validity
|
|
||||||
Not Before: Aug 26 17:08:43 2016 GMT
|
|
||||||
Not After : Aug 24 17:08:43 2026 GMT
|
|
||||||
Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=tsa1/name=EasyRSA/emailAddress=me@myhost.mydomain
|
|
||||||
Subject Public Key Info:
|
|
||||||
Public Key Algorithm: rsaEncryption
|
|
||||||
Public-Key: (2048 bit)
|
|
||||||
Modulus:
|
|
||||||
00:c8:00:8c:27:a0:52:ac:87:1f:e5:b4:1c:2d:be:
|
|
||||||
af:a0:8b:aa:ea:1b:8d:02:30:41:00:1b:3a:34:dc:
|
|
||||||
6f:04:5d:9f:c5:59:6f:a5:fa:d5:1e:3c:0e:22:52:
|
|
||||||
10:1e:7e:b2:48:b1:65:cd:0c:be:55:60:0e:98:d2:
|
|
||||||
34:8d:e9:9b:50:a2:98:92:6b:6a:09:db:9e:f6:f7:
|
|
||||||
80:22:d1:8b:f3:71:6e:bd:53:b3:fb:23:70:4e:01:
|
|
||||||
20:73:75:12:20:87:37:d3:ca:e5:0b:ff:ba:5e:bd:
|
|
||||||
ad:cd:ff:05:e2:91:31:7c:b1:99:34:ef:d2:6f:1e:
|
|
||||||
22:fe:77:e9:40:ac:8b:dc:f0:e8:23:04:f6:b7:b3:
|
|
||||||
60:34:2c:82:df:3c:3d:ca:14:52:d8:8a:57:1f:40:
|
|
||||||
1b:70:a2:ac:65:df:54:87:ba:7d:85:7b:d8:93:bd:
|
|
||||||
8e:85:fc:de:9a:0b:6a:88:52:b2:27:1b:0c:16:e0:
|
|
||||||
87:ba:7c:c9:94:a3:f7:10:79:88:0e:96:b4:a7:40:
|
|
||||||
76:00:58:b1:5a:ab:50:89:55:f6:f8:48:4f:76:66:
|
|
||||||
e5:1c:fa:bb:7a:59:57:df:33:57:7b:d4:0c:36:7f:
|
|
||||||
d6:6e:0a:40:a2:06:b7:c0:f2:31:f7:55:11:20:74:
|
|
||||||
cf:68:b2:b2:96:74:4c:58:a0:3e:ec:ee:8e:df:d1:
|
|
||||||
51:ff
|
|
||||||
Exponent: 65537 (0x10001)
|
|
||||||
X509v3 extensions:
|
|
||||||
X509v3 Basic Constraints:
|
|
||||||
CA:FALSE
|
|
||||||
Netscape Comment:
|
|
||||||
Easy-RSA Generated Certificate
|
|
||||||
X509v3 Subject Key Identifier:
|
|
||||||
6D:48:DA:1F:19:A2:88:71:0F:3D:80:5D:AB:44:5C:F5:06:B5:BB:0B
|
|
||||||
X509v3 Authority Key Identifier:
|
|
||||||
keyid:E3:2B:E4:74:CF:9B:BC:6E:6D:E6:52:1D:11:04:FC:66:1F:25:4A:73
|
|
||||||
DirName:/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain
|
|
||||||
serial:F9:2F:C6:8B:0E:F1:EB:9E
|
|
||||||
|
|
||||||
X509v3 Extended Key Usage:
|
|
||||||
TLS Web Client Authentication
|
|
||||||
X509v3 Key Usage:
|
|
||||||
Digital Signature
|
|
||||||
X509v3 Subject Alternative Name:
|
|
||||||
DNS:tsa1
|
|
||||||
Signature Algorithm: sha256WithRSAEncryption
|
|
||||||
a2:b6:e1:66:78:ff:d0:f1:53:58:2f:8a:26:0b:c1:7f:71:f8:
|
|
||||||
9a:d1:fa:70:f8:5b:b7:ce:da:79:92:52:0b:5f:d1:ed:c1:86:
|
|
||||||
eb:bc:29:f7:ed:0f:5b:c4:10:ab:a3:ce:9e:97:c8:a0:c8:5c:
|
|
||||||
af:bc:f2:58:77:00:59:69:85:2f:a1:16:92:45:b8:a9:3b:8d:
|
|
||||||
8c:bd:1a:bb:08:07:79:6d:6a:e9:8b:7c:fb:fb:0e:72:0a:e1:
|
|
||||||
fa:4c:ca:d5:d6:99:fc:2c:5f:1d:8a:28:38:da:bd:d4:88:36:
|
|
||||||
a2:a4:1a:e5:f9:77:72:e6:ed:13:62:31:19:79:ec:ad:9e:b5:
|
|
||||||
d1:92:7a:cf:f8:e0:ad:56:dd:5b:68:c6:64:c5:32:51:83:0e:
|
|
||||||
89:17:14:22:29:53:09:bb:49:06:3a:f1:02:8f:de:fc:94:59:
|
|
||||||
82:3d:d1:97:d8:70:53:ff:b5:0d:04:6f:2a:3f:30:50:7b:b1:
|
|
||||||
61:b3:a3:10:ee:94:dd:de:b8:ac:7c:0d:a4:af:f6:c2:8a:74:
|
|
||||||
dd:e8:95:db:ee:ab:d5:ef:68:0a:96:7c:46:05:93:12:93:d8:
|
|
||||||
84:5a:6d:38:ff:69:40:51:84:29:62:91:62:7b:af:17:18:b7:
|
|
||||||
bb:59:19:89:89:89:5d:75:54:92:bf:75:2f:7e:e4:fb:eb:a7:
|
|
||||||
ae:b5:a2:2f
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIFXjCCBEagAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBtjELMAkGA1UEBhMCVVMx
|
|
||||||
CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZv
|
|
||||||
cnQtRnVuc3RvbjEdMBsGA1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNV
|
|
||||||
BAMTD0ZvcnQtRnVuc3RvbiBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3
|
|
||||||
DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE2MDgyNjE3MDg0M1oXDTI2MDgy
|
|
||||||
NDE3MDg0M1owgasxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMM
|
|
||||||
U2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24xHTAbBgNVBAsTFE15
|
|
||||||
T3JnYW5pemF0aW9uYWxVbml0MQ0wCwYDVQQDEwR0c2ExMRAwDgYDVQQpEwdFYXN5
|
|
||||||
UlNBMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wggEiMA0GCSqG
|
|
||||||
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIAIwnoFKshx/ltBwtvq+gi6rqG40CMEEA
|
|
||||||
Gzo03G8EXZ/FWW+l+tUePA4iUhAefrJIsWXNDL5VYA6Y0jSN6ZtQopiSa2oJ2572
|
|
||||||
94Ai0YvzcW69U7P7I3BOASBzdRIghzfTyuUL/7peva3N/wXikTF8sZk079JvHiL+
|
|
||||||
d+lArIvc8OgjBPa3s2A0LILfPD3KFFLYilcfQBtwoqxl31SHun2Fe9iTvY6F/N6a
|
|
||||||
C2qIUrInGwwW4Ie6fMmUo/cQeYgOlrSnQHYAWLFaq1CJVfb4SE92ZuUc+rt6WVff
|
|
||||||
M1d71Aw2f9ZuCkCiBrfA8jH3VREgdM9osrKWdExYoD7s7o7f0VH/AgMBAAGjggF+
|
|
||||||
MIIBejAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0
|
|
||||||
ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFG1I2h8ZoohxDz2AXatEXPUGtbsLMIHr
|
|
||||||
BgNVHSMEgeMwgeCAFOMr5HTPm7xubeZSHREE/GYfJUpzoYG8pIG5MIG2MQswCQYD
|
|
||||||
VQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMG
|
|
||||||
A1UEChMMRm9ydC1GdW5zdG9uMR0wGwYDVQQLExRNeU9yZ2FuaXphdGlvbmFsVW5p
|
|
||||||
dDEYMBYGA1UEAxMPRm9ydC1GdW5zdG9uIENBMRAwDgYDVQQpEwdFYXN5UlNBMSEw
|
|
||||||
HwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CCQD5L8aLDvHrnjATBgNV
|
|
||||||
HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDwYDVR0RBAgwBoIEdHNhMTAN
|
|
||||||
BgkqhkiG9w0BAQsFAAOCAQEAorbhZnj/0PFTWC+KJgvBf3H4mtH6cPhbt87aeZJS
|
|
||||||
C1/R7cGG67wp9+0PW8QQq6POnpfIoMhcr7zyWHcAWWmFL6EWkkW4qTuNjL0auwgH
|
|
||||||
eW1q6Yt8+/sOcgrh+kzK1daZ/CxfHYooONq91Ig2oqQa5fl3cubtE2IxGXnsrZ61
|
|
||||||
0ZJ6z/jgrVbdW2jGZMUyUYMOiRcUIilTCbtJBjrxAo/e/JRZgj3Rl9hwU/+1DQRv
|
|
||||||
Kj8wUHuxYbOjEO6U3d64rHwNpK/2wop03eiV2+6r1e9oCpZ8RgWTEpPYhFptOP9p
|
|
||||||
QFGEKWKRYnuvFxi3u1kZiYmJXXVUkr91L37k++unrrWiLw==
|
|
||||||
-----END CERTIFICATE-----
|
|
@ -1,18 +0,0 @@
|
|||||||
-----BEGIN CERTIFICATE REQUEST-----
|
|
||||||
MIIC8TCCAdkCAQAwgasxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UE
|
|
||||||
BxMMU2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24xHTAbBgNVBAsT
|
|
||||||
FE15T3JnYW5pemF0aW9uYWxVbml0MQ0wCwYDVQQDEwR0c2ExMRAwDgYDVQQpEwdF
|
|
||||||
YXN5UlNBMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wggEiMA0G
|
|
||||||
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIAIwnoFKshx/ltBwtvq+gi6rqG40C
|
|
||||||
MEEAGzo03G8EXZ/FWW+l+tUePA4iUhAefrJIsWXNDL5VYA6Y0jSN6ZtQopiSa2oJ
|
|
||||||
257294Ai0YvzcW69U7P7I3BOASBzdRIghzfTyuUL/7peva3N/wXikTF8sZk079Jv
|
|
||||||
HiL+d+lArIvc8OgjBPa3s2A0LILfPD3KFFLYilcfQBtwoqxl31SHun2Fe9iTvY6F
|
|
||||||
/N6aC2qIUrInGwwW4Ie6fMmUo/cQeYgOlrSnQHYAWLFaq1CJVfb4SE92ZuUc+rt6
|
|
||||||
WVffM1d71Aw2f9ZuCkCiBrfA8jH3VREgdM9osrKWdExYoD7s7o7f0VH/AgMBAAGg
|
|
||||||
ADANBgkqhkiG9w0BAQsFAAOCAQEAF/TgnEcEdYC0tZ/Dr3j03Y6+HMOXUDjN9yQp
|
|
||||||
1HPZlXc0cl9k3JDMEbqE3xnLF6xkk2CBfG9YkHZwUk/CcoaRAg2qF3/4SF9WfboX
|
|
||||||
42a1AcMpsbD2tbDAulndvONPREGOx+b4aUJ8ddWDnkQtx7JEoQ57GldgQ4c/bU6v
|
|
||||||
QfNAtBnnlNDvo1lOYi2RNInTHR/zui6s+z4we95FJcYkh6qlS6/o+tRYu5E7qxVl
|
|
||||||
P+66RmmlsMydIrM712O8wZSFRoRoHXqrolG+BdWK5nj2CEuhk4g8plNwcMLx/8FI
|
|
||||||
FGeKATizb4zAAtRnBH3uf3HOVkOgMdNkKJK447zuqaE/+KeG6Q==
|
|
||||||
-----END CERTIFICATE REQUEST-----
|
|
@ -1,28 +0,0 @@
|
|||||||
-----BEGIN PRIVATE KEY-----
|
|
||||||
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDIAIwnoFKshx/l
|
|
||||||
tBwtvq+gi6rqG40CMEEAGzo03G8EXZ/FWW+l+tUePA4iUhAefrJIsWXNDL5VYA6Y
|
|
||||||
0jSN6ZtQopiSa2oJ257294Ai0YvzcW69U7P7I3BOASBzdRIghzfTyuUL/7peva3N
|
|
||||||
/wXikTF8sZk079JvHiL+d+lArIvc8OgjBPa3s2A0LILfPD3KFFLYilcfQBtwoqxl
|
|
||||||
31SHun2Fe9iTvY6F/N6aC2qIUrInGwwW4Ie6fMmUo/cQeYgOlrSnQHYAWLFaq1CJ
|
|
||||||
Vfb4SE92ZuUc+rt6WVffM1d71Aw2f9ZuCkCiBrfA8jH3VREgdM9osrKWdExYoD7s
|
|
||||||
7o7f0VH/AgMBAAECggEAJfRcpKR7K/yUpA3TDydRwwDeVYEW+GRZ4YBJQoDWnJh7
|
|
||||||
2oLHelMooI07DW5PWsomYT8xF4GkmSUagAvcJ1Y+wEWq+JZj0C0adLmxWmozyeYr
|
|
||||||
4sgArtch19vE4cRExWGDybCGWQmVv6b1VdNgtYdiQcyeS3p7j9TDRVFSNZDJFgtX
|
|
||||||
QJBHNnMjP96EtVNUp3aHP/N1a+3FRqjWwCW41xqKYc2Gg9W5peZdso8/6avTu2uJ
|
|
||||||
dJB7wcccPiIAnfgX3Xs8yMdXsPVR2ZqSDKfC9dHyEO65xYLs1nDo7a6rS7OSarL+
|
|
||||||
dOYt85AmUswdr69X72DIzaVRBxgzbg4ONlVodAIr2QKBgQD9sPTFZRsh+RoU3eWF
|
|
||||||
B4BwF/CA+KuBoKxxDtTp6ARWHal70Q4BZwg5mEhkJ2yslRwBevZHkO8DDKkB53jc
|
|
||||||
XAHcr2l9VdJni7ynrmoypvDn04vpsxnoY70klyrqSePKD93SU/Ll3hYvF0Ie1IDr
|
|
||||||
kj3/0TNPIuxzIzX3zkx2J2YerQKBgQDJ0oH79GAt3dUZTmyPvazMSR5JBUWjK0of
|
|
||||||
aHxo1jBZf9MDtTLNyDxtqKKjEEcBCWrnHt682m7BYVbuU7MC+z1rQ9pWYLDBq0XG
|
|
||||||
8aY46aR5AudG09l9VDOwZdNsghglstdDURk1zWKsS10x1JwgJdGzKCMZAxO0RrIM
|
|
||||||
Pf1znA/k2wKBgGh1OYQh6nclo7id2YjaGueM4+mm+q+IYhi3W7HoaAixc/zYiqTH
|
|
||||||
MNrOOliK5zN0vjBZ2hiDs/aUeu6eyeQqOlYNICmMcfNS1V5R8cZjeORr9btHlM5c
|
|
||||||
ayAq4m/P9uxXdiXJjUVbGdVQBVi+dUsKT18LW84k+ik6gVlE57Tq6iCNAoGBALA/
|
|
||||||
/zYaXxgPHzefbl1FRq+Mtz8LtJnfhzbQl70yOD0gzRXy2vAtCuC1IXsIDwoPwGUg
|
|
||||||
Z2JD2+9TY4h0XeOfpy6Srg07GYG4YhJwHDqdh/4KFBGdltTFgPJuqmmbXx0lBqqK
|
|
||||||
G1sKBz7x/ewzgTjt7ijoR2ZjcoTALGNWi42334V7AoGBAPsRnyG2cmruO9/SpQxd
|
|
||||||
QOjM0QtIGUKsjssiuRMWytYFD+fCv0Ft+iwnLyxCjBY1Ad6qSwtv50hEoygHnJ5X
|
|
||||||
DiyTptqErIxpSpp0Up8LPN6sXNawM/C7wcvRBGNafK+ijjS38QiWG3enGo5sAG+Y
|
|
||||||
n6Dq8vmFQAKsFz8o1JwJGteB
|
|
||||||
-----END PRIVATE KEY-----
|
|
@ -1,98 +0,0 @@
|
|||||||
Certificate:
|
|
||||||
Data:
|
|
||||||
Version: 3 (0x2)
|
|
||||||
Serial Number: 4 (0x4)
|
|
||||||
Signature Algorithm: sha256WithRSAEncryption
|
|
||||||
Issuer: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain
|
|
||||||
Validity
|
|
||||||
Not Before: Aug 26 17:08:44 2016 GMT
|
|
||||||
Not After : Aug 24 17:08:44 2026 GMT
|
|
||||||
Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=tsa2/name=EasyRSA/emailAddress=me@myhost.mydomain
|
|
||||||
Subject Public Key Info:
|
|
||||||
Public Key Algorithm: rsaEncryption
|
|
||||||
Public-Key: (2048 bit)
|
|
||||||
Modulus:
|
|
||||||
00:9b:34:5c:6b:ac:10:e9:63:50:cd:f5:f1:9e:80:
|
|
||||||
a8:be:ed:4f:21:25:7c:54:67:8f:f0:c1:16:57:ad:
|
|
||||||
1c:c7:14:90:8c:8d:1f:b4:e4:91:3b:fd:2c:44:a1:
|
|
||||||
c3:7d:1d:f5:cb:54:c2:45:a4:e3:e9:07:14:60:60:
|
|
||||||
63:07:d7:6d:92:2b:99:5a:c3:c1:91:87:92:b5:6d:
|
|
||||||
4b:d0:22:cd:62:13:34:9a:d1:c6:8f:e6:f6:df:50:
|
|
||||||
ba:1a:51:80:b8:2e:c9:dc:03:79:3d:97:a9:89:ce:
|
|
||||||
91:68:e4:dc:90:7d:f3:aa:74:2d:48:2b:40:f5:cf:
|
|
||||||
ba:d5:e8:07:d2:34:74:e0:31:c6:e1:0c:df:89:25:
|
|
||||||
c9:49:34:f6:0d:e8:1c:05:54:4c:eb:79:7b:04:bb:
|
|
||||||
e8:1e:f9:c3:dc:f8:d7:6f:d1:c3:77:a5:97:78:45:
|
|
||||||
1c:82:5a:52:a5:26:3e:4b:78:9e:6d:f8:75:3e:40:
|
|
||||||
b9:69:d6:e8:3f:ea:d7:6b:6e:e9:d3:a9:10:a4:92:
|
|
||||||
5e:96:e2:d8:f3:7e:2e:35:f2:81:85:b9:6d:9c:14:
|
|
||||||
02:38:c3:53:0f:a1:84:ef:c3:62:13:7f:10:0f:e4:
|
|
||||||
2e:43:4d:d0:48:06:5b:38:e4:49:e1:35:13:f6:d6:
|
|
||||||
83:1e:1c:f4:10:21:29:45:e3:48:47:01:9c:6a:4d:
|
|
||||||
b6:0b
|
|
||||||
Exponent: 65537 (0x10001)
|
|
||||||
X509v3 extensions:
|
|
||||||
X509v3 Basic Constraints:
|
|
||||||
CA:FALSE
|
|
||||||
Netscape Comment:
|
|
||||||
Easy-RSA Generated Certificate
|
|
||||||
X509v3 Subject Key Identifier:
|
|
||||||
6E:12:12:1A:40:9F:52:2F:48:9C:B5:EE:DC:BF:20:B7:7A:30:02:DC
|
|
||||||
X509v3 Authority Key Identifier:
|
|
||||||
keyid:E3:2B:E4:74:CF:9B:BC:6E:6D:E6:52:1D:11:04:FC:66:1F:25:4A:73
|
|
||||||
DirName:/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain
|
|
||||||
serial:F9:2F:C6:8B:0E:F1:EB:9E
|
|
||||||
|
|
||||||
X509v3 Extended Key Usage:
|
|
||||||
TLS Web Client Authentication
|
|
||||||
X509v3 Key Usage:
|
|
||||||
Digital Signature
|
|
||||||
X509v3 Subject Alternative Name:
|
|
||||||
DNS:tsa2
|
|
||||||
Signature Algorithm: sha256WithRSAEncryption
|
|
||||||
89:6d:03:f4:e6:29:77:ae:b4:82:de:7b:d6:39:56:10:2f:64:
|
|
||||||
f7:68:58:6e:3b:cf:9f:96:ab:a3:66:b0:53:80:98:88:c2:70:
|
|
||||||
3a:7e:de:d6:3f:69:ff:09:56:22:4f:b3:61:c3:43:ed:73:7f:
|
|
||||||
9f:29:10:31:31:ba:d6:78:a2:bc:7d:45:2c:5f:5a:8a:77:62:
|
|
||||||
3e:d8:38:fb:41:3c:54:8b:67:29:c5:d7:5a:a9:d3:a9:52:53:
|
|
||||||
81:eb:0b:55:9e:4e:f3:73:b5:f9:87:0d:a9:59:c4:2a:66:36:
|
|
||||||
47:bc:02:78:12:5b:12:7f:f5:c2:1c:a3:be:d0:bc:3e:72:1e:
|
|
||||||
96:f2:a4:16:71:d8:0f:af:76:1d:44:bd:1c:ef:e9:6a:09:00:
|
|
||||||
79:61:b1:20:83:61:1f:13:00:69:30:c6:ae:3b:31:a3:6c:db:
|
|
||||||
67:52:5d:ef:44:14:eb:53:b4:79:39:62:53:a6:d5:ea:96:ee:
|
|
||||||
2c:5f:38:9f:04:32:0c:39:24:e7:1c:04:79:ea:27:90:1f:e2:
|
|
||||||
b3:ed:93:a1:92:5c:c6:fa:d5:58:1f:9e:3a:a5:32:01:ce:b8:
|
|
||||||
61:f6:fa:bd:ff:37:1c:3f:30:54:8e:69:13:91:1b:95:6c:43:
|
|
||||||
c7:23:47:c8:2b:c1:97:00:d4:9b:46:52:ae:b4:dd:da:a6:13:
|
|
||||||
a5:6b:07:dc
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIFXjCCBEagAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBtjELMAkGA1UEBhMCVVMx
|
|
||||||
CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZv
|
|
||||||
cnQtRnVuc3RvbjEdMBsGA1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNV
|
|
||||||
BAMTD0ZvcnQtRnVuc3RvbiBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3
|
|
||||||
DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE2MDgyNjE3MDg0NFoXDTI2MDgy
|
|
||||||
NDE3MDg0NFowgasxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMM
|
|
||||||
U2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24xHTAbBgNVBAsTFE15
|
|
||||||
T3JnYW5pemF0aW9uYWxVbml0MQ0wCwYDVQQDEwR0c2EyMRAwDgYDVQQpEwdFYXN5
|
|
||||||
UlNBMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wggEiMA0GCSqG
|
|
||||||
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbNFxrrBDpY1DN9fGegKi+7U8hJXxUZ4/w
|
|
||||||
wRZXrRzHFJCMjR+05JE7/SxEocN9HfXLVMJFpOPpBxRgYGMH122SK5law8GRh5K1
|
|
||||||
bUvQIs1iEzSa0caP5vbfULoaUYC4LsncA3k9l6mJzpFo5NyQffOqdC1IK0D1z7rV
|
|
||||||
6AfSNHTgMcbhDN+JJclJNPYN6BwFVEzreXsEu+ge+cPc+Ndv0cN3pZd4RRyCWlKl
|
|
||||||
Jj5LeJ5t+HU+QLlp1ug/6tdrbunTqRCkkl6W4tjzfi418oGFuW2cFAI4w1MPoYTv
|
|
||||||
w2ITfxAP5C5DTdBIBls45EnhNRP21oMeHPQQISlF40hHAZxqTbYLAgMBAAGjggF+
|
|
||||||
MIIBejAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0
|
|
||||||
ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFG4SEhpAn1IvSJy17ty/ILd6MALcMIHr
|
|
||||||
BgNVHSMEgeMwgeCAFOMr5HTPm7xubeZSHREE/GYfJUpzoYG8pIG5MIG2MQswCQYD
|
|
||||||
VQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMG
|
|
||||||
A1UEChMMRm9ydC1GdW5zdG9uMR0wGwYDVQQLExRNeU9yZ2FuaXphdGlvbmFsVW5p
|
|
||||||
dDEYMBYGA1UEAxMPRm9ydC1GdW5zdG9uIENBMRAwDgYDVQQpEwdFYXN5UlNBMSEw
|
|
||||||
HwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CCQD5L8aLDvHrnjATBgNV
|
|
||||||
HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDwYDVR0RBAgwBoIEdHNhMjAN
|
|
||||||
BgkqhkiG9w0BAQsFAAOCAQEAiW0D9OYpd660gt571jlWEC9k92hYbjvPn5aro2aw
|
|
||||||
U4CYiMJwOn7e1j9p/wlWIk+zYcND7XN/nykQMTG61niivH1FLF9aindiPtg4+0E8
|
|
||||||
VItnKcXXWqnTqVJTgesLVZ5O83O1+YcNqVnEKmY2R7wCeBJbEn/1whyjvtC8PnIe
|
|
||||||
lvKkFnHYD692HUS9HO/pagkAeWGxIINhHxMAaTDGrjsxo2zbZ1Jd70QU61O0eTli
|
|
||||||
U6bV6pbuLF84nwQyDDkk5xwEeeonkB/is+2ToZJcxvrVWB+eOqUyAc64Yfb6vf83
|
|
||||||
HD8wVI5pE5EblWxDxyNHyCvBlwDUm0ZSrrTd2qYTpWsH3A==
|
|
||||||
-----END CERTIFICATE-----
|
|
@ -1,18 +0,0 @@
|
|||||||
-----BEGIN CERTIFICATE REQUEST-----
|
|
||||||
MIIC8TCCAdkCAQAwgasxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UE
|
|
||||||
BxMMU2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24xHTAbBgNVBAsT
|
|
||||||
FE15T3JnYW5pemF0aW9uYWxVbml0MQ0wCwYDVQQDEwR0c2EyMRAwDgYDVQQpEwdF
|
|
||||||
YXN5UlNBMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wggEiMA0G
|
|
||||||
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbNFxrrBDpY1DN9fGegKi+7U8hJXxU
|
|
||||||
Z4/wwRZXrRzHFJCMjR+05JE7/SxEocN9HfXLVMJFpOPpBxRgYGMH122SK5law8GR
|
|
||||||
h5K1bUvQIs1iEzSa0caP5vbfULoaUYC4LsncA3k9l6mJzpFo5NyQffOqdC1IK0D1
|
|
||||||
z7rV6AfSNHTgMcbhDN+JJclJNPYN6BwFVEzreXsEu+ge+cPc+Ndv0cN3pZd4RRyC
|
|
||||||
WlKlJj5LeJ5t+HU+QLlp1ug/6tdrbunTqRCkkl6W4tjzfi418oGFuW2cFAI4w1MP
|
|
||||||
oYTvw2ITfxAP5C5DTdBIBls45EnhNRP21oMeHPQQISlF40hHAZxqTbYLAgMBAAGg
|
|
||||||
ADANBgkqhkiG9w0BAQsFAAOCAQEAVXOIPyQqN2P/ZfcdsbklM/X0d1qfFAbkBV3M
|
|
||||||
MWh5QzrmyrxPnhGnSYBvwX0thN5G8FF5jlHit67G5Le5M5feczdRSXhGlLcao/U+
|
|
||||||
T/yr87Yojwagg9HgDGI+S82eLNSbI27x8A3dlaOGB5mPA+ff+WvRlqoC95sSDnEo
|
|
||||||
0W2cHMJTjwtj0/hDqlboh6iReXvicihdNVHJvfuED9CIOOPSLnW9WiZ+PM3GFvRi
|
|
||||||
EBZaoK/151mOqjfwIXCMelvozZG9kg8BKT+0+mtoFMHzaJWidPhArZt1hKyMc1FI
|
|
||||||
7jyUN+9X1d5piXIlN2RhO5CAx6ilhlqh7aZtEjkwnik+q8/P0w==
|
|
||||||
-----END CERTIFICATE REQUEST-----
|
|
@ -1,28 +0,0 @@
|
|||||||
-----BEGIN PRIVATE KEY-----
|
|
||||||
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCbNFxrrBDpY1DN
|
|
||||||
9fGegKi+7U8hJXxUZ4/wwRZXrRzHFJCMjR+05JE7/SxEocN9HfXLVMJFpOPpBxRg
|
|
||||||
YGMH122SK5law8GRh5K1bUvQIs1iEzSa0caP5vbfULoaUYC4LsncA3k9l6mJzpFo
|
|
||||||
5NyQffOqdC1IK0D1z7rV6AfSNHTgMcbhDN+JJclJNPYN6BwFVEzreXsEu+ge+cPc
|
|
||||||
+Ndv0cN3pZd4RRyCWlKlJj5LeJ5t+HU+QLlp1ug/6tdrbunTqRCkkl6W4tjzfi41
|
|
||||||
8oGFuW2cFAI4w1MPoYTvw2ITfxAP5C5DTdBIBls45EnhNRP21oMeHPQQISlF40hH
|
|
||||||
AZxqTbYLAgMBAAECggEBAI2WX/XOHAN+Gfo6szjA8LB092oqs1igvZyJ2aMUhxtK
|
|
||||||
tG+0UseIeMH8PcVCuX9LtK7Q3QYB3fT5A2rEo7NEoW3mnllCGjV0M6+VTMNM7Ibb
|
|
||||||
NHNEils+/dpN3+kgj0f3TymKdbFtyTmxm8/QcTLT5FWM9L5Qz0swPabkrTXjqvfW
|
|
||||||
pW3znLJsI/31LzFqicNRzSG3/PTE/RDhPrHnc7Evbz9TYZS8/D3FnvO8QJB8F2Uk
|
|
||||||
/0WunCYU1IKeyVwZvArTLHIAZgQoEoaQIrkfr7AGBi4/uyGPI5GvrCib3MMdBm6s
|
|
||||||
HpxQMo68MwSTm7HVLE9l7QQIGv17iGdks3WuyuUc4bECgYEAy53xVse3EBoUxRZ8
|
|
||||||
yb1i/fr/aMYcCnPoVSHFJh6bGzxy9DeX5kOo0ksge7OgY8MWdoZWHmN3KzSAxkUF
|
|
||||||
Cgz9znRHwAP1Ka7VpFShxmgj752yNSqm7nXj9GJs9P3Y9Pwnp8LMQPOoZmWulJWT
|
|
||||||
HrxoZCpGeC5wQsZ6Ve1xcazr+skCgYEAwyIDSIBygtRjUCyoJhsJR9Vhc7FBLFBY
|
|
||||||
yqu+ZrP2HV31p99M3IT3zEfNYj97MXpE4ggCXuMsPxiHRhDbthOrO1DEDZiZ/zU7
|
|
||||||
c9gzqGjJoa+n77T/88dDpukqm7FbB4pMiUZXj0HOYLmKppTAGO2R01xPgsOrKcU6
|
|
||||||
yNTLUYeUwDMCgYBDQ7AAbQWKqjMGUMF0m73iDVLmt9t3kIbF6NwKFb5DpxqKlvr1
|
|
||||||
NJDGt87JTrPDgSUgjoxQiadKfJO17AMYKOaHl15Ejook9P7axKKUur50X/IJIkf3
|
|
||||||
Krbdes5nuJw9gjdPckirhFKzUQ/1QdxSIQeTX2vcM+seBBdR35jEZs2mEQKBgGZM
|
|
||||||
kJgT7vSz0BUaNFU121mzflGe3eIThVlLTJifRCoFNmJ56Nu7QgXwprYZPcakqTQu
|
|
||||||
qr+ALZQukcyjzevYx+5i20WdeS6Yg8Cp2fsyZHLFmi9LHtx43PjGSLYy9twvHwzg
|
|
||||||
ucq63y1KWGwYk9T9x3Odc3nEhxlw8u6S0Ly/bbaNAoGAJYp4drHJ8uLGufVURrK0
|
|
||||||
NQJIdPl7bcRaUdzBt1bmE5IiQOqzsdDkJpN1/ZD8SVkGPni6m+ZpvOprw7gtXs3T
|
|
||||||
dQ3Ri2dMZ4VJkyACi8z21eErRjr16pi92MhZKVnk1PEsxldEPa6XdJPaBm34O+BE
|
|
||||||
rzhN9WafVc6yL45gNLnUlRc=
|
|
||||||
-----END PRIVATE KEY-----
|
|
@ -1,13 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
# list revoked certificates
|
|
||||||
|
|
||||||
CRL="${1:-crl.pem}"
|
|
||||||
|
|
||||||
if [ "$KEY_DIR" ]; then
|
|
||||||
cd "$KEY_DIR" && \
|
|
||||||
$OPENSSL crl -text -noout -in "$CRL"
|
|
||||||
else
|
|
||||||
echo 'Please source the vars script first (i.e. "source ./vars")'
|
|
||||||
echo 'Make sure you have edited it to reflect your configuration.'
|
|
||||||
fi
|
|
@ -1,268 +0,0 @@
|
|||||||
# For use with easy-rsa version 2.0
|
|
||||||
|
|
||||||
#
|
|
||||||
# OpenSSL example configuration file.
|
|
||||||
# This is mostly being used for generation of certificate requests.
|
|
||||||
#
|
|
||||||
|
|
||||||
# This definition stops the following lines choking if HOME isn't
|
|
||||||
# defined.
|
|
||||||
HOME = .
|
|
||||||
RANDFILE = $ENV::HOME/.rnd
|
|
||||||
|
|
||||||
# Extra OBJECT IDENTIFIER info:
|
|
||||||
#oid_file = $ENV::HOME/.oid
|
|
||||||
oid_section = new_oids
|
|
||||||
|
|
||||||
# To use this configuration file with the "-extfile" option of the
|
|
||||||
# "openssl x509" utility, name here the section containing the
|
|
||||||
# X.509v3 extensions to use:
|
|
||||||
# extensions =
|
|
||||||
# (Alternatively, use a configuration file that has only
|
|
||||||
# X.509v3 extensions in its main [= default] section.)
|
|
||||||
|
|
||||||
[ new_oids ]
|
|
||||||
|
|
||||||
# We can add new OIDs in here for use by 'ca' and 'req'.
|
|
||||||
# Add a simple OID like this:
|
|
||||||
# testoid1=1.2.3.4
|
|
||||||
# Or use config file substitution like this:
|
|
||||||
# testoid2=${testoid1}.5.6
|
|
||||||
|
|
||||||
####################################################################
|
|
||||||
[ ca ]
|
|
||||||
default_ca = CA_default # The default ca section
|
|
||||||
|
|
||||||
####################################################################
|
|
||||||
[ CA_default ]
|
|
||||||
|
|
||||||
dir = $ENV::KEY_DIR # Where everything is kept
|
|
||||||
certs = $dir # Where the issued certs are kept
|
|
||||||
crl_dir = $dir # Where the issued crl are kept
|
|
||||||
database = $dir/index.txt # database index file.
|
|
||||||
new_certs_dir = $dir # default place for new certs.
|
|
||||||
|
|
||||||
certificate = $dir/ca.crt # The CA certificate
|
|
||||||
serial = $dir/serial # The current serial number
|
|
||||||
crl = $dir/crl.pem # The current CRL
|
|
||||||
private_key = $dir/ca.key # The private key
|
|
||||||
RANDFILE = $dir/.rand # private random number file
|
|
||||||
|
|
||||||
x509_extensions = usr_cert # The extentions to add to the cert
|
|
||||||
|
|
||||||
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
|
|
||||||
# so this is commented out by default to leave a V1 CRL.
|
|
||||||
# crl_extensions = crl_ext
|
|
||||||
|
|
||||||
default_days = 3650 # how long to certify for
|
|
||||||
default_crl_days= 30 # how long before next CRL
|
|
||||||
default_md = sha256 # which md to use.
|
|
||||||
preserve = no # keep passed DN ordering
|
|
||||||
|
|
||||||
# A few difference way of specifying how similar the request should look
|
|
||||||
# For type CA, the listed attributes must be the same, and the optional
|
|
||||||
# and supplied fields are just that :-)
|
|
||||||
policy = policy_anything
|
|
||||||
|
|
||||||
# For the CA policy
|
|
||||||
[ policy_match ]
|
|
||||||
countryName = match
|
|
||||||
stateOrProvinceName = match
|
|
||||||
organizationName = match
|
|
||||||
organizationalUnitName = optional
|
|
||||||
commonName = supplied
|
|
||||||
emailAddress = optional
|
|
||||||
|
|
||||||
# For the 'anything' policy
|
|
||||||
# At this point in time, you must list all acceptable 'object'
|
|
||||||
# types.
|
|
||||||
[ policy_anything ]
|
|
||||||
countryName = optional
|
|
||||||
stateOrProvinceName = optional
|
|
||||||
localityName = optional
|
|
||||||
organizationName = optional
|
|
||||||
organizationalUnitName = optional
|
|
||||||
commonName = supplied
|
|
||||||
emailAddress = optional
|
|
||||||
|
|
||||||
####################################################################
|
|
||||||
[ req ]
|
|
||||||
default_bits = $ENV::KEY_SIZE
|
|
||||||
default_keyfile = privkey.pem
|
|
||||||
default_md = sha256
|
|
||||||
distinguished_name = req_distinguished_name
|
|
||||||
attributes = req_attributes
|
|
||||||
x509_extensions = v3_ca # The extentions to add to the self signed cert
|
|
||||||
|
|
||||||
# Passwords for private keys if not present they will be prompted for
|
|
||||||
# input_password = secret
|
|
||||||
# output_password = secret
|
|
||||||
|
|
||||||
# This sets a mask for permitted string types. There are several options.
|
|
||||||
# default: PrintableString, T61String, BMPString.
|
|
||||||
# pkix : PrintableString, BMPString.
|
|
||||||
# utf8only: only UTF8Strings.
|
|
||||||
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
|
|
||||||
# MASK:XXXX a literal mask value.
|
|
||||||
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
|
|
||||||
# so use this option with caution!
|
|
||||||
string_mask = nombstr
|
|
||||||
|
|
||||||
# req_extensions = v3_req # The extensions to add to a certificate request
|
|
||||||
|
|
||||||
[ req_distinguished_name ]
|
|
||||||
countryName = Country Name (2 letter code)
|
|
||||||
countryName_default = $ENV::KEY_COUNTRY
|
|
||||||
countryName_min = 2
|
|
||||||
countryName_max = 2
|
|
||||||
|
|
||||||
stateOrProvinceName = State or Province Name (full name)
|
|
||||||
stateOrProvinceName_default = $ENV::KEY_PROVINCE
|
|
||||||
|
|
||||||
localityName = Locality Name (eg, city)
|
|
||||||
localityName_default = $ENV::KEY_CITY
|
|
||||||
|
|
||||||
0.organizationName = Organization Name (eg, company)
|
|
||||||
0.organizationName_default = $ENV::KEY_ORG
|
|
||||||
|
|
||||||
# we can do this but it is not needed normally :-)
|
|
||||||
#1.organizationName = Second Organization Name (eg, company)
|
|
||||||
#1.organizationName_default = World Wide Web Pty Ltd
|
|
||||||
|
|
||||||
organizationalUnitName = Organizational Unit Name (eg, section)
|
|
||||||
#organizationalUnitName_default =
|
|
||||||
|
|
||||||
commonName = Common Name (eg, your name or your server\'s hostname)
|
|
||||||
commonName_max = 64
|
|
||||||
|
|
||||||
emailAddress = Email Address
|
|
||||||
emailAddress_default = $ENV::KEY_EMAIL
|
|
||||||
emailAddress_max = 40
|
|
||||||
|
|
||||||
# JY -- added for batch mode
|
|
||||||
organizationalUnitName_default = $ENV::KEY_OU
|
|
||||||
commonName_default = $ENV::KEY_CN
|
|
||||||
|
|
||||||
# SET-ex3 = SET extension number 3
|
|
||||||
|
|
||||||
[ req_attributes ]
|
|
||||||
challengePassword = A challenge password
|
|
||||||
challengePassword_min = 4
|
|
||||||
challengePassword_max = 20
|
|
||||||
|
|
||||||
unstructuredName = An optional company name
|
|
||||||
|
|
||||||
[ usr_cert ]
|
|
||||||
|
|
||||||
# These extensions are added when 'ca' signs a request.
|
|
||||||
|
|
||||||
# This goes against PKIX guidelines but some CAs do it and some software
|
|
||||||
# requires this to avoid interpreting an end user certificate as a CA.
|
|
||||||
|
|
||||||
basicConstraints=CA:FALSE
|
|
||||||
|
|
||||||
# Here are some examples of the usage of nsCertType. If it is omitted
|
|
||||||
# the certificate can be used for anything *except* object signing.
|
|
||||||
|
|
||||||
# This is OK for an SSL server.
|
|
||||||
# nsCertType = server
|
|
||||||
|
|
||||||
# For an object signing certificate this would be used.
|
|
||||||
# nsCertType = objsign
|
|
||||||
|
|
||||||
# For normal client use this is typical
|
|
||||||
# nsCertType = client, email
|
|
||||||
|
|
||||||
# and for everything including object signing:
|
|
||||||
# nsCertType = client, email, objsign
|
|
||||||
|
|
||||||
# This is typical in keyUsage for a client certificate.
|
|
||||||
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
|
||||||
|
|
||||||
# This will be displayed in Netscape's comment listbox.
|
|
||||||
nsComment = "Easy-RSA Generated Certificate"
|
|
||||||
|
|
||||||
# PKIX recommendations harmless if included in all certificates.
|
|
||||||
subjectKeyIdentifier=hash
|
|
||||||
authorityKeyIdentifier=keyid,issuer:always
|
|
||||||
extendedKeyUsage=clientAuth
|
|
||||||
keyUsage = digitalSignature
|
|
||||||
|
|
||||||
# This stuff is for subjectAltName and issuerAltname.
|
|
||||||
# Import the email address.
|
|
||||||
# subjectAltName=email:copy
|
|
||||||
subjectAltName=$ENV::KEY_ALTNAMES
|
|
||||||
|
|
||||||
# Copy subject details
|
|
||||||
# issuerAltName=issuer:copy
|
|
||||||
|
|
||||||
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
|
|
||||||
#nsBaseUrl
|
|
||||||
#nsRevocationUrl
|
|
||||||
#nsRenewalUrl
|
|
||||||
#nsCaPolicyUrl
|
|
||||||
#nsSslServerName
|
|
||||||
|
|
||||||
[ server ]
|
|
||||||
|
|
||||||
# JY ADDED -- Make a cert with nsCertType set to "server"
|
|
||||||
basicConstraints=CA:FALSE
|
|
||||||
nsCertType = server
|
|
||||||
nsComment = "Easy-RSA Generated Server Certificate"
|
|
||||||
subjectKeyIdentifier=hash
|
|
||||||
authorityKeyIdentifier=keyid,issuer:always
|
|
||||||
extendedKeyUsage=serverAuth
|
|
||||||
keyUsage = digitalSignature, keyEncipherment
|
|
||||||
subjectAltName=$ENV::KEY_ALTNAMES
|
|
||||||
|
|
||||||
[ v3_req ]
|
|
||||||
|
|
||||||
# Extensions to add to a certificate request
|
|
||||||
|
|
||||||
basicConstraints = CA:FALSE
|
|
||||||
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
|
||||||
|
|
||||||
[ v3_ca ]
|
|
||||||
|
|
||||||
|
|
||||||
# Extensions for a typical CA
|
|
||||||
|
|
||||||
|
|
||||||
# PKIX recommendation.
|
|
||||||
|
|
||||||
subjectKeyIdentifier=hash
|
|
||||||
|
|
||||||
authorityKeyIdentifier=keyid:always,issuer:always
|
|
||||||
|
|
||||||
# This is what PKIX recommends but some broken software chokes on critical
|
|
||||||
# extensions.
|
|
||||||
#basicConstraints = critical,CA:true
|
|
||||||
# So we do this instead.
|
|
||||||
basicConstraints = CA:true
|
|
||||||
|
|
||||||
# Key usage: this is typical for a CA certificate. However since it will
|
|
||||||
# prevent it being used as an test self-signed certificate it is best
|
|
||||||
# left out by default.
|
|
||||||
# keyUsage = cRLSign, keyCertSign
|
|
||||||
|
|
||||||
# Some might want this also
|
|
||||||
# nsCertType = sslCA, emailCA
|
|
||||||
|
|
||||||
# Include email address in subject alt name: another PKIX recommendation
|
|
||||||
# subjectAltName=email:copy
|
|
||||||
# Copy issuer details
|
|
||||||
# issuerAltName=issuer:copy
|
|
||||||
|
|
||||||
# DER hex encoding of an extension: beware experts only!
|
|
||||||
# obj=DER:02:03
|
|
||||||
# Where 'obj' is a standard or added object
|
|
||||||
# You can even override a supported extension:
|
|
||||||
# basicConstraints= critical, DER:30:03:01:01:FF
|
|
||||||
|
|
||||||
[ crl_ext ]
|
|
||||||
|
|
||||||
# CRL extensions.
|
|
||||||
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
|
|
||||||
|
|
||||||
# issuerAltName=issuer:copy
|
|
||||||
authorityKeyIdentifier=keyid:always,issuer:always
|
|
@ -1,293 +0,0 @@
|
|||||||
# For use with easy-rsa version 2.0
|
|
||||||
|
|
||||||
#
|
|
||||||
# OpenSSL example configuration file.
|
|
||||||
# This is mostly being used for generation of certificate requests.
|
|
||||||
#
|
|
||||||
|
|
||||||
# This definition stops the following lines choking if HOME isn't
|
|
||||||
# defined.
|
|
||||||
HOME = .
|
|
||||||
RANDFILE = $ENV::HOME/.rnd
|
|
||||||
openssl_conf = openssl_init
|
|
||||||
|
|
||||||
[ openssl_init ]
|
|
||||||
# Extra OBJECT IDENTIFIER info:
|
|
||||||
#oid_file = $ENV::HOME/.oid
|
|
||||||
oid_section = new_oids
|
|
||||||
engines = engine_section
|
|
||||||
|
|
||||||
# To use this configuration file with the "-extfile" option of the
|
|
||||||
# "openssl x509" utility, name here the section containing the
|
|
||||||
# X.509v3 extensions to use:
|
|
||||||
# extensions =
|
|
||||||
# (Alternatively, use a configuration file that has only
|
|
||||||
# X.509v3 extensions in its main [= default] section.)
|
|
||||||
|
|
||||||
[ new_oids ]
|
|
||||||
|
|
||||||
# We can add new OIDs in here for use by 'ca' and 'req'.
|
|
||||||
# Add a simple OID like this:
|
|
||||||
# testoid1=1.2.3.4
|
|
||||||
# Or use config file substitution like this:
|
|
||||||
# testoid2=${testoid1}.5.6
|
|
||||||
|
|
||||||
####################################################################
|
|
||||||
[ ca ]
|
|
||||||
default_ca = CA_default # The default ca section
|
|
||||||
|
|
||||||
####################################################################
|
|
||||||
[ CA_default ]
|
|
||||||
|
|
||||||
dir = $ENV::KEY_DIR # Where everything is kept
|
|
||||||
certs = $dir # Where the issued certs are kept
|
|
||||||
crl_dir = $dir # Where the issued crl are kept
|
|
||||||
database = $dir/index.txt # database index file.
|
|
||||||
new_certs_dir = $dir # default place for new certs.
|
|
||||||
|
|
||||||
certificate = $dir/ca.crt # The CA certificate
|
|
||||||
serial = $dir/serial # The current serial number
|
|
||||||
crl = $dir/crl.pem # The current CRL
|
|
||||||
private_key = $dir/ca.key # The private key
|
|
||||||
RANDFILE = $dir/.rand # private random number file
|
|
||||||
|
|
||||||
x509_extensions = usr_cert # The extentions to add to the cert
|
|
||||||
|
|
||||||
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
|
|
||||||
# so this is commented out by default to leave a V1 CRL.
|
|
||||||
# crl_extensions = crl_ext
|
|
||||||
|
|
||||||
default_days = 3650 # how long to certify for
|
|
||||||
default_crl_days= 30 # how long before next CRL
|
|
||||||
default_md = sha256 # which md to use.
|
|
||||||
preserve = no # keep passed DN ordering
|
|
||||||
|
|
||||||
# A few difference way of specifying how similar the request should look
|
|
||||||
# For type CA, the listed attributes must be the same, and the optional
|
|
||||||
# and supplied fields are just that :-)
|
|
||||||
policy = policy_anything
|
|
||||||
|
|
||||||
# For the CA policy
|
|
||||||
[ policy_match ]
|
|
||||||
countryName = match
|
|
||||||
stateOrProvinceName = match
|
|
||||||
organizationName = match
|
|
||||||
organizationalUnitName = optional
|
|
||||||
commonName = supplied
|
|
||||||
name = optional
|
|
||||||
emailAddress = optional
|
|
||||||
|
|
||||||
# For the 'anything' policy
|
|
||||||
# At this point in time, you must list all acceptable 'object'
|
|
||||||
# types.
|
|
||||||
[ policy_anything ]
|
|
||||||
countryName = optional
|
|
||||||
stateOrProvinceName = optional
|
|
||||||
localityName = optional
|
|
||||||
organizationName = optional
|
|
||||||
organizationalUnitName = optional
|
|
||||||
commonName = supplied
|
|
||||||
name = optional
|
|
||||||
emailAddress = optional
|
|
||||||
|
|
||||||
####################################################################
|
|
||||||
[ req ]
|
|
||||||
default_bits = $ENV::KEY_SIZE
|
|
||||||
default_keyfile = privkey.pem
|
|
||||||
default_md = sha256
|
|
||||||
distinguished_name = req_distinguished_name
|
|
||||||
attributes = req_attributes
|
|
||||||
x509_extensions = v3_ca # The extentions to add to the self signed cert
|
|
||||||
|
|
||||||
# Passwords for private keys if not present they will be prompted for
|
|
||||||
# input_password = secret
|
|
||||||
# output_password = secret
|
|
||||||
|
|
||||||
# This sets a mask for permitted string types. There are several options.
|
|
||||||
# default: PrintableString, T61String, BMPString.
|
|
||||||
# pkix : PrintableString, BMPString.
|
|
||||||
# utf8only: only UTF8Strings.
|
|
||||||
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
|
|
||||||
# MASK:XXXX a literal mask value.
|
|
||||||
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
|
|
||||||
# so use this option with caution!
|
|
||||||
string_mask = nombstr
|
|
||||||
|
|
||||||
# req_extensions = v3_req # The extensions to add to a certificate request
|
|
||||||
|
|
||||||
[ req_distinguished_name ]
|
|
||||||
countryName = Country Name (2 letter code)
|
|
||||||
countryName_default = $ENV::KEY_COUNTRY
|
|
||||||
countryName_min = 2
|
|
||||||
countryName_max = 2
|
|
||||||
|
|
||||||
stateOrProvinceName = State or Province Name (full name)
|
|
||||||
stateOrProvinceName_default = $ENV::KEY_PROVINCE
|
|
||||||
|
|
||||||
localityName = Locality Name (eg, city)
|
|
||||||
localityName_default = $ENV::KEY_CITY
|
|
||||||
|
|
||||||
0.organizationName = Organization Name (eg, company)
|
|
||||||
0.organizationName_default = $ENV::KEY_ORG
|
|
||||||
|
|
||||||
# we can do this but it is not needed normally :-)
|
|
||||||
#1.organizationName = Second Organization Name (eg, company)
|
|
||||||
#1.organizationName_default = World Wide Web Pty Ltd
|
|
||||||
|
|
||||||
organizationalUnitName = Organizational Unit Name (eg, section)
|
|
||||||
#organizationalUnitName_default =
|
|
||||||
|
|
||||||
commonName = Common Name (eg, your name or your server\'s hostname)
|
|
||||||
commonName_max = 64
|
|
||||||
|
|
||||||
name = Name
|
|
||||||
name_max = 64
|
|
||||||
|
|
||||||
emailAddress = Email Address
|
|
||||||
emailAddress_default = $ENV::KEY_EMAIL
|
|
||||||
emailAddress_max = 40
|
|
||||||
|
|
||||||
# JY -- added for batch mode
|
|
||||||
organizationalUnitName_default = $ENV::KEY_OU
|
|
||||||
commonName_default = $ENV::KEY_CN
|
|
||||||
name_default = $ENV::KEY_NAME
|
|
||||||
|
|
||||||
# SET-ex3 = SET extension number 3
|
|
||||||
|
|
||||||
[ req_attributes ]
|
|
||||||
challengePassword = A challenge password
|
|
||||||
challengePassword_min = 4
|
|
||||||
challengePassword_max = 20
|
|
||||||
|
|
||||||
unstructuredName = An optional company name
|
|
||||||
|
|
||||||
[ usr_cert ]
|
|
||||||
|
|
||||||
# These extensions are added when 'ca' signs a request.
|
|
||||||
|
|
||||||
# This goes against PKIX guidelines but some CAs do it and some software
|
|
||||||
# requires this to avoid interpreting an end user certificate as a CA.
|
|
||||||
|
|
||||||
basicConstraints=CA:FALSE
|
|
||||||
|
|
||||||
# Here are some examples of the usage of nsCertType. If it is omitted
|
|
||||||
# the certificate can be used for anything *except* object signing.
|
|
||||||
|
|
||||||
# This is OK for an SSL server.
|
|
||||||
# nsCertType = server
|
|
||||||
|
|
||||||
# For an object signing certificate this would be used.
|
|
||||||
# nsCertType = objsign
|
|
||||||
|
|
||||||
# For normal client use this is typical
|
|
||||||
# nsCertType = client, email
|
|
||||||
|
|
||||||
# and for everything including object signing:
|
|
||||||
# nsCertType = client, email, objsign
|
|
||||||
|
|
||||||
# This is typical in keyUsage for a client certificate.
|
|
||||||
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
|
||||||
|
|
||||||
# This will be displayed in Netscape's comment listbox.
|
|
||||||
nsComment = "Easy-RSA Generated Certificate"
|
|
||||||
|
|
||||||
# PKIX recommendations harmless if included in all certificates.
|
|
||||||
subjectKeyIdentifier=hash
|
|
||||||
authorityKeyIdentifier=keyid,issuer:always
|
|
||||||
extendedKeyUsage=clientAuth
|
|
||||||
keyUsage = digitalSignature
|
|
||||||
|
|
||||||
# This stuff is for subjectAltName and issuerAltname.
|
|
||||||
# Import the email address.
|
|
||||||
# subjectAltName=email:copy
|
|
||||||
subjectAltName=$ENV::KEY_ALTNAMES
|
|
||||||
|
|
||||||
# Copy subject details
|
|
||||||
# issuerAltName=issuer:copy
|
|
||||||
|
|
||||||
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
|
|
||||||
#nsBaseUrl
|
|
||||||
#nsRevocationUrl
|
|
||||||
#nsRenewalUrl
|
|
||||||
#nsCaPolicyUrl
|
|
||||||
#nsSslServerName
|
|
||||||
|
|
||||||
[ server ]
|
|
||||||
|
|
||||||
# JY ADDED -- Make a cert with nsCertType set to "server"
|
|
||||||
basicConstraints=CA:FALSE
|
|
||||||
nsCertType = server
|
|
||||||
nsComment = "Easy-RSA Generated Server Certificate"
|
|
||||||
subjectKeyIdentifier=hash
|
|
||||||
authorityKeyIdentifier=keyid,issuer:always
|
|
||||||
extendedKeyUsage=serverAuth
|
|
||||||
keyUsage = digitalSignature, keyEncipherment
|
|
||||||
subjectAltName=$ENV::KEY_ALTNAMES
|
|
||||||
|
|
||||||
[ v3_req ]
|
|
||||||
|
|
||||||
# Extensions to add to a certificate request
|
|
||||||
|
|
||||||
basicConstraints = CA:FALSE
|
|
||||||
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
|
||||||
|
|
||||||
[ v3_ca ]
|
|
||||||
|
|
||||||
|
|
||||||
# Extensions for a typical CA
|
|
||||||
|
|
||||||
|
|
||||||
# PKIX recommendation.
|
|
||||||
|
|
||||||
subjectKeyIdentifier=hash
|
|
||||||
|
|
||||||
authorityKeyIdentifier=keyid:always,issuer:always
|
|
||||||
|
|
||||||
# This is what PKIX recommends but some broken software chokes on critical
|
|
||||||
# extensions.
|
|
||||||
#basicConstraints = critical,CA:true
|
|
||||||
# So we do this instead.
|
|
||||||
basicConstraints = CA:true
|
|
||||||
|
|
||||||
# Key usage: this is typical for a CA certificate. However since it will
|
|
||||||
# prevent it being used as an test self-signed certificate it is best
|
|
||||||
# left out by default.
|
|
||||||
# keyUsage = cRLSign, keyCertSign
|
|
||||||
|
|
||||||
# Some might want this also
|
|
||||||
# nsCertType = sslCA, emailCA
|
|
||||||
|
|
||||||
# Include email address in subject alt name: another PKIX recommendation
|
|
||||||
# subjectAltName=email:copy
|
|
||||||
# Copy issuer details
|
|
||||||
# issuerAltName=issuer:copy
|
|
||||||
|
|
||||||
# DER hex encoding of an extension: beware experts only!
|
|
||||||
# obj=DER:02:03
|
|
||||||
# Where 'obj' is a standard or added object
|
|
||||||
# You can even override a supported extension:
|
|
||||||
# basicConstraints= critical, DER:30:03:01:01:FF
|
|
||||||
|
|
||||||
[ crl_ext ]
|
|
||||||
|
|
||||||
# CRL extensions.
|
|
||||||
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
|
|
||||||
|
|
||||||
# issuerAltName=issuer:copy
|
|
||||||
authorityKeyIdentifier=keyid:always,issuer:always
|
|
||||||
|
|
||||||
[ engine_section ]
|
|
||||||
#
|
|
||||||
# If you are using PKCS#11
|
|
||||||
# Install engine_pkcs11 of opensc (www.opensc.org)
|
|
||||||
# And uncomment the following
|
|
||||||
# verify that dynamic_path points to the correct location
|
|
||||||
#
|
|
||||||
#pkcs11 = pkcs11_section
|
|
||||||
|
|
||||||
[ pkcs11_section ]
|
|
||||||
engine_id = pkcs11
|
|
||||||
dynamic_path = /usr/lib/engines/engine_pkcs11.so
|
|
||||||
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
|
|
||||||
PIN = $ENV::PKCS11_PIN
|
|
||||||
init = 0
|
|
@ -1,288 +0,0 @@
|
|||||||
# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
|
|
||||||
|
|
||||||
# This definition stops the following lines choking if HOME isn't
|
|
||||||
# defined.
|
|
||||||
HOME = .
|
|
||||||
RANDFILE = $ENV::HOME/.rnd
|
|
||||||
openssl_conf = openssl_init
|
|
||||||
|
|
||||||
[ openssl_init ]
|
|
||||||
# Extra OBJECT IDENTIFIER info:
|
|
||||||
#oid_file = $ENV::HOME/.oid
|
|
||||||
oid_section = new_oids
|
|
||||||
engines = engine_section
|
|
||||||
|
|
||||||
# To use this configuration file with the "-extfile" option of the
|
|
||||||
# "openssl x509" utility, name here the section containing the
|
|
||||||
# X.509v3 extensions to use:
|
|
||||||
# extensions =
|
|
||||||
# (Alternatively, use a configuration file that has only
|
|
||||||
# X.509v3 extensions in its main [= default] section.)
|
|
||||||
|
|
||||||
[ new_oids ]
|
|
||||||
|
|
||||||
# We can add new OIDs in here for use by 'ca' and 'req'.
|
|
||||||
# Add a simple OID like this:
|
|
||||||
# testoid1=1.2.3.4
|
|
||||||
# Or use config file substitution like this:
|
|
||||||
# testoid2=${testoid1}.5.6
|
|
||||||
|
|
||||||
####################################################################
|
|
||||||
[ ca ]
|
|
||||||
default_ca = CA_default # The default ca section
|
|
||||||
|
|
||||||
####################################################################
|
|
||||||
[ CA_default ]
|
|
||||||
|
|
||||||
dir = $ENV::KEY_DIR # Where everything is kept
|
|
||||||
certs = $dir # Where the issued certs are kept
|
|
||||||
crl_dir = $dir # Where the issued crl are kept
|
|
||||||
database = $dir/index.txt # database index file.
|
|
||||||
new_certs_dir = $dir # default place for new certs.
|
|
||||||
|
|
||||||
certificate = $dir/ca.crt # The CA certificate
|
|
||||||
serial = $dir/serial # The current serial number
|
|
||||||
crl = $dir/crl.pem # The current CRL
|
|
||||||
private_key = $dir/ca.key # The private key
|
|
||||||
RANDFILE = $dir/.rand # private random number file
|
|
||||||
|
|
||||||
x509_extensions = usr_cert # The extentions to add to the cert
|
|
||||||
|
|
||||||
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
|
|
||||||
# so this is commented out by default to leave a V1 CRL.
|
|
||||||
# crl_extensions = crl_ext
|
|
||||||
|
|
||||||
default_days = 3650 # how long to certify for
|
|
||||||
default_crl_days= 30 # how long before next CRL
|
|
||||||
default_md = sha256 # use public key default MD
|
|
||||||
preserve = no # keep passed DN ordering
|
|
||||||
|
|
||||||
# A few difference way of specifying how similar the request should look
|
|
||||||
# For type CA, the listed attributes must be the same, and the optional
|
|
||||||
# and supplied fields are just that :-)
|
|
||||||
policy = policy_anything
|
|
||||||
|
|
||||||
# For the CA policy
|
|
||||||
[ policy_match ]
|
|
||||||
countryName = match
|
|
||||||
stateOrProvinceName = match
|
|
||||||
organizationName = match
|
|
||||||
organizationalUnitName = optional
|
|
||||||
commonName = supplied
|
|
||||||
name = optional
|
|
||||||
emailAddress = optional
|
|
||||||
|
|
||||||
# For the 'anything' policy
|
|
||||||
# At this point in time, you must list all acceptable 'object'
|
|
||||||
# types.
|
|
||||||
[ policy_anything ]
|
|
||||||
countryName = optional
|
|
||||||
stateOrProvinceName = optional
|
|
||||||
localityName = optional
|
|
||||||
organizationName = optional
|
|
||||||
organizationalUnitName = optional
|
|
||||||
commonName = supplied
|
|
||||||
name = optional
|
|
||||||
emailAddress = optional
|
|
||||||
|
|
||||||
####################################################################
|
|
||||||
[ req ]
|
|
||||||
default_bits = $ENV::KEY_SIZE
|
|
||||||
default_keyfile = privkey.pem
|
|
||||||
default_md = sha256
|
|
||||||
distinguished_name = req_distinguished_name
|
|
||||||
attributes = req_attributes
|
|
||||||
x509_extensions = v3_ca # The extentions to add to the self signed cert
|
|
||||||
|
|
||||||
# Passwords for private keys if not present they will be prompted for
|
|
||||||
# input_password = secret
|
|
||||||
# output_password = secret
|
|
||||||
|
|
||||||
# This sets a mask for permitted string types. There are several options.
|
|
||||||
# default: PrintableString, T61String, BMPString.
|
|
||||||
# pkix : PrintableString, BMPString (PKIX recommendation after 2004).
|
|
||||||
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
|
|
||||||
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
|
|
||||||
# MASK:XXXX a literal mask value.
|
|
||||||
string_mask = nombstr
|
|
||||||
|
|
||||||
# req_extensions = v3_req # The extensions to add to a certificate request
|
|
||||||
|
|
||||||
[ req_distinguished_name ]
|
|
||||||
countryName = Country Name (2 letter code)
|
|
||||||
countryName_default = $ENV::KEY_COUNTRY
|
|
||||||
countryName_min = 2
|
|
||||||
countryName_max = 2
|
|
||||||
|
|
||||||
stateOrProvinceName = State or Province Name (full name)
|
|
||||||
stateOrProvinceName_default = $ENV::KEY_PROVINCE
|
|
||||||
|
|
||||||
localityName = Locality Name (eg, city)
|
|
||||||
localityName_default = $ENV::KEY_CITY
|
|
||||||
|
|
||||||
0.organizationName = Organization Name (eg, company)
|
|
||||||
0.organizationName_default = $ENV::KEY_ORG
|
|
||||||
|
|
||||||
# we can do this but it is not needed normally :-)
|
|
||||||
#1.organizationName = Second Organization Name (eg, company)
|
|
||||||
#1.organizationName_default = World Wide Web Pty Ltd
|
|
||||||
|
|
||||||
organizationalUnitName = Organizational Unit Name (eg, section)
|
|
||||||
#organizationalUnitName_default =
|
|
||||||
|
|
||||||
commonName = Common Name (eg, your name or your server\'s hostname)
|
|
||||||
commonName_max = 64
|
|
||||||
|
|
||||||
name = Name
|
|
||||||
name_max = 64
|
|
||||||
|
|
||||||
emailAddress = Email Address
|
|
||||||
emailAddress_default = $ENV::KEY_EMAIL
|
|
||||||
emailAddress_max = 40
|
|
||||||
|
|
||||||
# JY -- added for batch mode
|
|
||||||
organizationalUnitName_default = $ENV::KEY_OU
|
|
||||||
commonName_default = $ENV::KEY_CN
|
|
||||||
name_default = $ENV::KEY_NAME
|
|
||||||
|
|
||||||
|
|
||||||
# SET-ex3 = SET extension number 3
|
|
||||||
|
|
||||||
[ req_attributes ]
|
|
||||||
challengePassword = A challenge password
|
|
||||||
challengePassword_min = 4
|
|
||||||
challengePassword_max = 20
|
|
||||||
|
|
||||||
unstructuredName = An optional company name
|
|
||||||
|
|
||||||
[ usr_cert ]
|
|
||||||
|
|
||||||
# These extensions are added when 'ca' signs a request.
|
|
||||||
|
|
||||||
# This goes against PKIX guidelines but some CAs do it and some software
|
|
||||||
# requires this to avoid interpreting an end user certificate as a CA.
|
|
||||||
|
|
||||||
basicConstraints=CA:FALSE
|
|
||||||
|
|
||||||
# Here are some examples of the usage of nsCertType. If it is omitted
|
|
||||||
# the certificate can be used for anything *except* object signing.
|
|
||||||
|
|
||||||
# This is OK for an SSL server.
|
|
||||||
# nsCertType = server
|
|
||||||
|
|
||||||
# For an object signing certificate this would be used.
|
|
||||||
# nsCertType = objsign
|
|
||||||
|
|
||||||
# For normal client use this is typical
|
|
||||||
# nsCertType = client, email
|
|
||||||
|
|
||||||
# and for everything including object signing:
|
|
||||||
# nsCertType = client, email, objsign
|
|
||||||
|
|
||||||
# This is typical in keyUsage for a client certificate.
|
|
||||||
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
|
||||||
|
|
||||||
# This will be displayed in Netscape's comment listbox.
|
|
||||||
nsComment = "Easy-RSA Generated Certificate"
|
|
||||||
|
|
||||||
# PKIX recommendations harmless if included in all certificates.
|
|
||||||
subjectKeyIdentifier=hash
|
|
||||||
authorityKeyIdentifier=keyid,issuer:always
|
|
||||||
extendedKeyUsage=clientAuth
|
|
||||||
keyUsage = digitalSignature
|
|
||||||
|
|
||||||
|
|
||||||
# This stuff is for subjectAltName and issuerAltname.
|
|
||||||
# Import the email address.
|
|
||||||
# subjectAltName=email:copy
|
|
||||||
subjectAltName=$ENV::KEY_ALTNAMES
|
|
||||||
|
|
||||||
# Copy subject details
|
|
||||||
# issuerAltName=issuer:copy
|
|
||||||
|
|
||||||
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
|
|
||||||
#nsBaseUrl
|
|
||||||
#nsRevocationUrl
|
|
||||||
#nsRenewalUrl
|
|
||||||
#nsCaPolicyUrl
|
|
||||||
#nsSslServerName
|
|
||||||
|
|
||||||
[ server ]
|
|
||||||
|
|
||||||
# JY ADDED -- Make a cert with nsCertType set to "server"
|
|
||||||
basicConstraints=CA:FALSE
|
|
||||||
nsCertType = server
|
|
||||||
nsComment = "Easy-RSA Generated Server Certificate"
|
|
||||||
subjectKeyIdentifier=hash
|
|
||||||
authorityKeyIdentifier=keyid,issuer:always
|
|
||||||
extendedKeyUsage=serverAuth
|
|
||||||
keyUsage = digitalSignature, keyEncipherment
|
|
||||||
subjectAltName=$ENV::KEY_ALTNAMES
|
|
||||||
|
|
||||||
[ v3_req ]
|
|
||||||
|
|
||||||
# Extensions to add to a certificate request
|
|
||||||
|
|
||||||
basicConstraints = CA:FALSE
|
|
||||||
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
|
||||||
|
|
||||||
[ v3_ca ]
|
|
||||||
|
|
||||||
|
|
||||||
# Extensions for a typical CA
|
|
||||||
|
|
||||||
|
|
||||||
# PKIX recommendation.
|
|
||||||
|
|
||||||
subjectKeyIdentifier=hash
|
|
||||||
|
|
||||||
authorityKeyIdentifier=keyid:always,issuer:always
|
|
||||||
|
|
||||||
# This is what PKIX recommends but some broken software chokes on critical
|
|
||||||
# extensions.
|
|
||||||
#basicConstraints = critical,CA:true
|
|
||||||
# So we do this instead.
|
|
||||||
basicConstraints = CA:true
|
|
||||||
|
|
||||||
# Key usage: this is typical for a CA certificate. However since it will
|
|
||||||
# prevent it being used as an test self-signed certificate it is best
|
|
||||||
# left out by default.
|
|
||||||
# keyUsage = cRLSign, keyCertSign
|
|
||||||
|
|
||||||
# Some might want this also
|
|
||||||
# nsCertType = sslCA, emailCA
|
|
||||||
|
|
||||||
# Include email address in subject alt name: another PKIX recommendation
|
|
||||||
# subjectAltName=email:copy
|
|
||||||
# Copy issuer details
|
|
||||||
# issuerAltName=issuer:copy
|
|
||||||
|
|
||||||
# DER hex encoding of an extension: beware experts only!
|
|
||||||
# obj=DER:02:03
|
|
||||||
# Where 'obj' is a standard or added object
|
|
||||||
# You can even override a supported extension:
|
|
||||||
# basicConstraints= critical, DER:30:03:01:01:FF
|
|
||||||
|
|
||||||
[ crl_ext ]
|
|
||||||
|
|
||||||
# CRL extensions.
|
|
||||||
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
|
|
||||||
|
|
||||||
# issuerAltName=issuer:copy
|
|
||||||
authorityKeyIdentifier=keyid:always,issuer:always
|
|
||||||
|
|
||||||
[ engine_section ]
|
|
||||||
#
|
|
||||||
# If you are using PKCS#11
|
|
||||||
# Install engine_pkcs11 of opensc (www.opensc.org)
|
|
||||||
# And uncomment the following
|
|
||||||
# verify that dynamic_path points to the correct location
|
|
||||||
#
|
|
||||||
#pkcs11 = pkcs11_section
|
|
||||||
|
|
||||||
[ pkcs11_section ]
|
|
||||||
engine_id = pkcs11
|
|
||||||
dynamic_path = /usr/lib/engines/engine_pkcs11.so
|
|
||||||
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
|
|
||||||
PIN = $ENV::PKCS11_PIN
|
|
||||||
init = 0
|
|
@ -1,399 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
# OpenVPN -- An application to securely tunnel IP networks
|
|
||||||
# over a single TCP/UDP port, with support for SSL/TLS-based
|
|
||||||
# session authentication and key exchange,
|
|
||||||
# packet encryption, packet authentication, and
|
|
||||||
# packet compression.
|
|
||||||
#
|
|
||||||
# Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
|
|
||||||
#
|
|
||||||
# This program is free software; you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License version 2
|
|
||||||
# as published by the Free Software Foundation.
|
|
||||||
#
|
|
||||||
# This program is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with this program (see the file COPYING included with this
|
|
||||||
# distribution); if not, write to the Free Software Foundation, Inc.,
|
|
||||||
# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
||||||
|
|
||||||
# pkitool is a front-end for the openssl tool.
|
|
||||||
|
|
||||||
# Calling scripts can set the certificate organizational
|
|
||||||
# unit with the KEY_OU environmental variable.
|
|
||||||
|
|
||||||
# Calling scripts can also set the KEY_NAME environmental
|
|
||||||
# variable to set the "name" X509 subject field.
|
|
||||||
|
|
||||||
PROGNAME=pkitool
|
|
||||||
VERSION=2.0
|
|
||||||
DEBUG=0
|
|
||||||
|
|
||||||
die()
|
|
||||||
{
|
|
||||||
local m="$1"
|
|
||||||
|
|
||||||
echo "$m" >&2
|
|
||||||
exit 1
|
|
||||||
}
|
|
||||||
|
|
||||||
need_vars()
|
|
||||||
{
|
|
||||||
cat <<EOM
|
|
||||||
Please edit the vars script to reflect your configuration,
|
|
||||||
then source it with "source ./vars".
|
|
||||||
Next, to start with a fresh PKI configuration and to delete any
|
|
||||||
previous certificates and keys, run "./clean-all".
|
|
||||||
Finally, you can run this tool ($PROGNAME) to build certificates/keys.
|
|
||||||
EOM
|
|
||||||
}
|
|
||||||
|
|
||||||
usage()
|
|
||||||
{
|
|
||||||
cat <<EOM
|
|
||||||
$PROGNAME $VERSION
|
|
||||||
Usage: $PROGNAME [options...] [common-name]
|
|
||||||
|
|
||||||
Options:
|
|
||||||
--batch : batch mode (default)
|
|
||||||
--keysize : Set keysize
|
|
||||||
size : size (default=1024)
|
|
||||||
--interact : interactive mode
|
|
||||||
--server : build server cert
|
|
||||||
--initca : build root CA
|
|
||||||
--inter : build intermediate CA
|
|
||||||
--pass : encrypt private key with password
|
|
||||||
--csr : only generate a CSR, do not sign
|
|
||||||
--sign : sign an existing CSR
|
|
||||||
--pkcs12 : generate a combined PKCS#12 file
|
|
||||||
--pkcs11 : generate certificate on PKCS#11 token
|
|
||||||
lib : PKCS#11 library
|
|
||||||
slot : PKCS#11 slot
|
|
||||||
id : PKCS#11 object id (hex string)
|
|
||||||
label : PKCS#11 object label
|
|
||||||
|
|
||||||
Standalone options:
|
|
||||||
--pkcs11-slots : list PKCS#11 slots
|
|
||||||
lib : PKCS#11 library
|
|
||||||
--pkcs11-objects : list PKCS#11 token objects
|
|
||||||
lib : PKCS#11 library
|
|
||||||
slot : PKCS#11 slot
|
|
||||||
--pkcs11-init : initialize PKCS#11 token DANGEROUS!!!
|
|
||||||
lib : PKCS#11 library
|
|
||||||
slot : PKCS#11 slot
|
|
||||||
label : PKCS#11 token label
|
|
||||||
|
|
||||||
Notes:
|
|
||||||
EOM
|
|
||||||
need_vars
|
|
||||||
cat <<EOM
|
|
||||||
In order to use PKCS#11 interface you must have opensc-0.10.0 or higher.
|
|
||||||
|
|
||||||
Generated files and corresponding OpenVPN directives:
|
|
||||||
(Files will be placed in the \$KEY_DIR directory, defined in ./vars)
|
|
||||||
ca.crt -> root certificate (--ca)
|
|
||||||
ca.key -> root key, keep secure (not directly used by OpenVPN)
|
|
||||||
.crt files -> client/server certificates (--cert)
|
|
||||||
.key files -> private keys, keep secure (--key)
|
|
||||||
.csr files -> certificate signing request (not directly used by OpenVPN)
|
|
||||||
dh1024.pem or dh2048.pem -> Diffie Hellman parameters (--dh)
|
|
||||||
|
|
||||||
Examples:
|
|
||||||
$PROGNAME --initca -> Build root certificate
|
|
||||||
$PROGNAME --initca --pass -> Build root certificate with password-protected key
|
|
||||||
$PROGNAME --server server1 -> Build "server1" certificate/key
|
|
||||||
$PROGNAME client1 -> Build "client1" certificate/key
|
|
||||||
$PROGNAME --pass client2 -> Build password-protected "client2" certificate/key
|
|
||||||
$PROGNAME --pkcs12 client3 -> Build "client3" certificate/key in PKCS#12 format
|
|
||||||
$PROGNAME --csr client4 -> Build "client4" CSR to be signed by another CA
|
|
||||||
$PROGNAME --sign client4 -> Sign "client4" CSR
|
|
||||||
$PROGNAME --inter interca -> Build an intermediate key-signing certificate/key
|
|
||||||
Also see ./inherit-inter script.
|
|
||||||
$PROGNAME --pkcs11 /usr/lib/pkcs11/lib1 0 010203 "client5 id" client5
|
|
||||||
-> Build "client5" certificate/key in PKCS#11 token
|
|
||||||
|
|
||||||
Typical usage for initial PKI setup. Build myserver, client1, and client2 cert/keys.
|
|
||||||
Protect client2 key with a password. Build DH parms. Generated files in ./keys :
|
|
||||||
[edit vars with your site-specific info]
|
|
||||||
source ./vars
|
|
||||||
./clean-all
|
|
||||||
./build-dh -> takes a long time, consider backgrounding
|
|
||||||
./$PROGNAME --initca
|
|
||||||
./$PROGNAME --server myserver
|
|
||||||
./$PROGNAME client1
|
|
||||||
./$PROGNAME --pass client2
|
|
||||||
|
|
||||||
Typical usage for adding client cert to existing PKI:
|
|
||||||
source ./vars
|
|
||||||
./$PROGNAME client-new
|
|
||||||
EOM
|
|
||||||
}
|
|
||||||
|
|
||||||
# Set tool defaults
|
|
||||||
[ -n "$OPENSSL" ] || export OPENSSL="openssl"
|
|
||||||
[ -n "$PKCS11TOOL" ] || export PKCS11TOOL="pkcs11-tool"
|
|
||||||
[ -n "$GREP" ] || export GREP="grep"
|
|
||||||
|
|
||||||
# Set defaults
|
|
||||||
DO_REQ="1"
|
|
||||||
REQ_EXT=""
|
|
||||||
DO_CA="1"
|
|
||||||
CA_EXT=""
|
|
||||||
DO_P12="0"
|
|
||||||
DO_P11="0"
|
|
||||||
DO_ROOT="0"
|
|
||||||
NODES_REQ="-nodes"
|
|
||||||
NODES_P12=""
|
|
||||||
BATCH="-batch"
|
|
||||||
CA="ca"
|
|
||||||
# must be set or errors of openssl.cnf
|
|
||||||
PKCS11_MODULE_PATH="dummy"
|
|
||||||
PKCS11_PIN="dummy"
|
|
||||||
|
|
||||||
# Process options
|
|
||||||
while [ $# -gt 0 ]; do
|
|
||||||
case "$1" in
|
|
||||||
--keysize ) KEY_SIZE=$2
|
|
||||||
shift;;
|
|
||||||
--server ) REQ_EXT="$REQ_EXT -extensions server"
|
|
||||||
CA_EXT="$CA_EXT -extensions server" ;;
|
|
||||||
--batch ) BATCH="-batch" ;;
|
|
||||||
--interact ) BATCH="" ;;
|
|
||||||
--inter ) CA_EXT="$CA_EXT -extensions v3_ca" ;;
|
|
||||||
--initca ) DO_ROOT="1" ;;
|
|
||||||
--pass ) NODES_REQ="" ;;
|
|
||||||
--csr ) DO_CA="0" ;;
|
|
||||||
--sign ) DO_REQ="0" ;;
|
|
||||||
--pkcs12 ) DO_P12="1" ;;
|
|
||||||
--pkcs11 ) DO_P11="1"
|
|
||||||
PKCS11_MODULE_PATH="$2"
|
|
||||||
PKCS11_SLOT="$3"
|
|
||||||
PKCS11_ID="$4"
|
|
||||||
PKCS11_LABEL="$5"
|
|
||||||
shift 4;;
|
|
||||||
|
|
||||||
# standalone
|
|
||||||
--pkcs11-init)
|
|
||||||
PKCS11_MODULE_PATH="$2"
|
|
||||||
PKCS11_SLOT="$3"
|
|
||||||
PKCS11_LABEL="$4"
|
|
||||||
if [ -z "$PKCS11_LABEL" ]; then
|
|
||||||
die "Please specify library name, slot and label"
|
|
||||||
fi
|
|
||||||
$PKCS11TOOL --module "$PKCS11_MODULE_PATH" --init-token --slot "$PKCS11_SLOT" \
|
|
||||||
--label "$PKCS11_LABEL" &&
|
|
||||||
$PKCS11TOOL --module "$PKCS11_MODULE_PATH" --init-pin --slot "$PKCS11_SLOT"
|
|
||||||
exit $?;;
|
|
||||||
--pkcs11-slots)
|
|
||||||
PKCS11_MODULE_PATH="$2"
|
|
||||||
if [ -z "$PKCS11_MODULE_PATH" ]; then
|
|
||||||
die "Please specify library name"
|
|
||||||
fi
|
|
||||||
$PKCS11TOOL --module "$PKCS11_MODULE_PATH" --list-slots
|
|
||||||
exit 0;;
|
|
||||||
--pkcs11-objects)
|
|
||||||
PKCS11_MODULE_PATH="$2"
|
|
||||||
PKCS11_SLOT="$3"
|
|
||||||
if [ -z "$PKCS11_SLOT" ]; then
|
|
||||||
die "Please specify library name and slot"
|
|
||||||
fi
|
|
||||||
$PKCS11TOOL --module "$PKCS11_MODULE_PATH" --list-objects --login --slot "$PKCS11_SLOT"
|
|
||||||
exit 0;;
|
|
||||||
|
|
||||||
--help|--usage)
|
|
||||||
usage
|
|
||||||
exit ;;
|
|
||||||
--version)
|
|
||||||
echo "$PROGNAME $VERSION"
|
|
||||||
exit ;;
|
|
||||||
# errors
|
|
||||||
--* ) die "$PROGNAME: unknown option: $1" ;;
|
|
||||||
* ) break ;;
|
|
||||||
esac
|
|
||||||
shift
|
|
||||||
done
|
|
||||||
|
|
||||||
if ! [ -z "$BATCH" ]; then
|
|
||||||
if $OPENSSL version | grep 0.9.6 > /dev/null; then
|
|
||||||
die "Batch mode is unsupported in openssl<0.9.7"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ $DO_P12 -eq 1 -a $DO_P11 -eq 1 ]; then
|
|
||||||
die "PKCS#11 and PKCS#12 cannot be specified together"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ $DO_P11 -eq 1 ]; then
|
|
||||||
if ! grep "^pkcs11.*=" "$KEY_CONFIG" > /dev/null; then
|
|
||||||
die "Please edit $KEY_CONFIG and setup PKCS#11 engine"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
# If we are generating pkcs12, only encrypt the final step
|
|
||||||
if [ $DO_P12 -eq 1 ]; then
|
|
||||||
NODES_P12="$NODES_REQ"
|
|
||||||
NODES_REQ="-nodes"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ $DO_P11 -eq 1 ]; then
|
|
||||||
if [ -z "$PKCS11_LABEL" ]; then
|
|
||||||
die "PKCS#11 arguments incomplete"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
# If undefined, set default key expiration intervals
|
|
||||||
if [ -z "$KEY_EXPIRE" ]; then
|
|
||||||
KEY_EXPIRE=3650
|
|
||||||
fi
|
|
||||||
if [ -z "$CA_EXPIRE" ]; then
|
|
||||||
CA_EXPIRE=3650
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Set organizational unit to empty string if undefined
|
|
||||||
if [ -z "$KEY_OU" ]; then
|
|
||||||
KEY_OU=""
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Set X509 Name string to empty string if undefined
|
|
||||||
if [ -z "$KEY_NAME" ]; then
|
|
||||||
KEY_NAME=""
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Set KEY_CN, FN
|
|
||||||
if [ $DO_ROOT -eq 1 ]; then
|
|
||||||
if [ -z "$KEY_CN" ]; then
|
|
||||||
if [ "$1" ]; then
|
|
||||||
KEY_CN="$1"
|
|
||||||
KEY_ALTNAMES="DNS:${KEY_CN}"
|
|
||||||
elif [ "$KEY_ORG" ]; then
|
|
||||||
KEY_CN="$KEY_ORG CA"
|
|
||||||
KEY_ALTNAMES="$KEY_CN"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
if [ $BATCH ] && [ "$KEY_CN" ]; then
|
|
||||||
echo "Using CA Common Name:" "$KEY_CN"
|
|
||||||
KEY_ALTNAMES="$KEY_CN"
|
|
||||||
fi
|
|
||||||
FN="$KEY_CN"
|
|
||||||
elif [ $BATCH ] && [ "$KEY_CN" ]; then
|
|
||||||
echo "Using Common Name:" "$KEY_CN"
|
|
||||||
KEY_ALTNAMES="$KEY_CN"
|
|
||||||
FN="$KEY_CN"
|
|
||||||
if [ "$1" ]; then
|
|
||||||
FN="$1"
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
KEY_CN="$1"
|
|
||||||
KEY_ALTNAMES="DNS:$1"
|
|
||||||
shift
|
|
||||||
while [ "x$1" != "x" ]
|
|
||||||
do
|
|
||||||
KEY_ALTNAMES="${KEY_ALTNAMES},DNS:$1"
|
|
||||||
shift
|
|
||||||
done
|
|
||||||
FN="$KEY_CN"
|
|
||||||
fi
|
|
||||||
|
|
||||||
export CA_EXPIRE KEY_EXPIRE KEY_OU KEY_NAME KEY_CN PKCS11_MODULE_PATH PKCS11_PIN KEY_ALTNAMES
|
|
||||||
|
|
||||||
# Show parameters (debugging)
|
|
||||||
if [ $DEBUG -eq 1 ]; then
|
|
||||||
echo DO_REQ $DO_REQ
|
|
||||||
echo REQ_EXT $REQ_EXT
|
|
||||||
echo DO_CA $DO_CA
|
|
||||||
echo CA_EXT $CA_EXT
|
|
||||||
echo NODES_REQ $NODES_REQ
|
|
||||||
echo NODES_P12 $NODES_P12
|
|
||||||
echo DO_P12 $DO_P12
|
|
||||||
echo KEY_CN $KEY_CN
|
|
||||||
echo KEY_ALTNAMES $KEY_ALTNAMES
|
|
||||||
echo BATCH $BATCH
|
|
||||||
echo DO_ROOT $DO_ROOT
|
|
||||||
echo KEY_EXPIRE $KEY_EXPIRE
|
|
||||||
echo CA_EXPIRE $CA_EXPIRE
|
|
||||||
echo KEY_OU $KEY_OU
|
|
||||||
echo KEY_NAME $KEY_NAME
|
|
||||||
echo DO_P11 $DO_P11
|
|
||||||
echo PKCS11_MODULE_PATH $PKCS11_MODULE_PATH
|
|
||||||
echo PKCS11_SLOT $PKCS11_SLOT
|
|
||||||
echo PKCS11_ID $PKCS11_ID
|
|
||||||
echo PKCS11_LABEL $PKCS11_LABEL
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Make sure ./vars was sourced beforehand
|
|
||||||
if [ -d "$KEY_DIR" ] && [ "$KEY_CONFIG" ]; then
|
|
||||||
cd "$KEY_DIR"
|
|
||||||
|
|
||||||
# Make sure $KEY_CONFIG points to the correct version
|
|
||||||
# of openssl.cnf
|
|
||||||
if $GREP -i 'easy-rsa version 2\.[0-9]' "$KEY_CONFIG" >/dev/null; then
|
|
||||||
:
|
|
||||||
else
|
|
||||||
echo "$PROGNAME: KEY_CONFIG (set by the ./vars script) is pointing to the wrong"
|
|
||||||
echo "version of openssl.cnf: $KEY_CONFIG"
|
|
||||||
echo "The correct version should have a comment that says: easy-rsa version 2.x";
|
|
||||||
exit 1;
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Build root CA
|
|
||||||
if [ $DO_ROOT -eq 1 ]; then
|
|
||||||
$OPENSSL req $BATCH -days $CA_EXPIRE $NODES_REQ -new -newkey rsa:$KEY_SIZE \
|
|
||||||
-x509 -keyout "$CA.key" -out "$CA.crt" -config "$KEY_CONFIG" && \
|
|
||||||
chmod 0600 "$CA.key"
|
|
||||||
else
|
|
||||||
# Make sure CA key/cert is available
|
|
||||||
if [ $DO_CA -eq 1 ] || [ $DO_P12 -eq 1 ]; then
|
|
||||||
if [ ! -r "$CA.crt" ] || [ ! -r "$CA.key" ]; then
|
|
||||||
echo "$PROGNAME: Need a readable $CA.crt and $CA.key in $KEY_DIR"
|
|
||||||
echo "Try $PROGNAME --initca to build a root certificate/key."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Generate key for PKCS#11 token
|
|
||||||
PKCS11_ARGS=
|
|
||||||
if [ $DO_P11 -eq 1 ]; then
|
|
||||||
stty -echo
|
|
||||||
echo -n "User PIN: "
|
|
||||||
read -r PKCS11_PIN
|
|
||||||
stty echo
|
|
||||||
export PKCS11_PIN
|
|
||||||
|
|
||||||
echo "Generating key pair on PKCS#11 token..."
|
|
||||||
$PKCS11TOOL --module "$PKCS11_MODULE_PATH" --keypairgen \
|
|
||||||
--login --pin "$PKCS11_PIN" \
|
|
||||||
--key-type rsa:1024 \
|
|
||||||
--slot "$PKCS11_SLOT" --id "$PKCS11_ID" --label "$PKCS11_LABEL" || exit 1
|
|
||||||
PKCS11_ARGS="-engine pkcs11 -keyform engine -key $PKCS11_SLOT:$PKCS11_ID"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Build cert/key
|
|
||||||
( [ $DO_REQ -eq 0 ] || $OPENSSL req $BATCH $NODES_REQ -new -newkey rsa:$KEY_SIZE \
|
|
||||||
-keyout "$FN.key" -out "$FN.csr" $REQ_EXT -config "$KEY_CONFIG" $PKCS11_ARGS ) && \
|
|
||||||
( [ $DO_CA -eq 0 ] || $OPENSSL ca $BATCH -days $KEY_EXPIRE -out "$FN.crt" \
|
|
||||||
-in "$FN.csr" $CA_EXT -config "$KEY_CONFIG" ) && \
|
|
||||||
( [ $DO_P12 -eq 0 ] || $OPENSSL pkcs12 -export -inkey "$FN.key" \
|
|
||||||
-in "$FN.crt" -certfile "$CA.crt" -out "$FN.p12" $NODES_P12 ) && \
|
|
||||||
( [ $DO_CA -eq 0 -o $DO_P11 -eq 1 ] || chmod 0600 "$FN.key" ) && \
|
|
||||||
( [ $DO_P12 -eq 0 ] || chmod 0600 "$FN.p12" )
|
|
||||||
|
|
||||||
# Load certificate into PKCS#11 token
|
|
||||||
if [ $DO_P11 -eq 1 ]; then
|
|
||||||
$OPENSSL x509 -in "$FN.crt" -inform PEM -out "$FN.crt.der" -outform DER && \
|
|
||||||
$PKCS11TOOL --module "$PKCS11_MODULE_PATH" --write-object "$FN.crt.der" --type cert \
|
|
||||||
--login --pin "$PKCS11_PIN" \
|
|
||||||
--slot "$PKCS11_SLOT" --id "$PKCS11_ID" --label "$PKCS11_LABEL"
|
|
||||||
[ -e "$FN.crt.der" ]; rm "$FN.crt.der"
|
|
||||||
fi
|
|
||||||
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Need definitions
|
|
||||||
else
|
|
||||||
need_vars
|
|
||||||
fi
|
|
@ -1,43 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
# revoke a certificate, regenerate CRL,
|
|
||||||
# and verify revocation
|
|
||||||
|
|
||||||
CRL="crl.pem"
|
|
||||||
RT="revoke-test.pem"
|
|
||||||
|
|
||||||
if [ $# -ne 1 ]; then
|
|
||||||
echo "usage: revoke-full <cert-name-base>";
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ "$KEY_DIR" ]; then
|
|
||||||
cd "$KEY_DIR"
|
|
||||||
rm -f "$RT"
|
|
||||||
|
|
||||||
# set defaults
|
|
||||||
export KEY_CN=""
|
|
||||||
export KEY_OU=""
|
|
||||||
export KEY_NAME=""
|
|
||||||
|
|
||||||
# required due to hack in openssl.cnf that supports Subject Alternative Names
|
|
||||||
export KEY_ALTNAMES=""
|
|
||||||
|
|
||||||
# revoke key and generate a new CRL
|
|
||||||
$OPENSSL ca -revoke "$1.crt" -config "$KEY_CONFIG"
|
|
||||||
|
|
||||||
# generate a new CRL -- try to be compatible with
|
|
||||||
# intermediate PKIs
|
|
||||||
$OPENSSL ca -gencrl -out "$CRL" -config "$KEY_CONFIG"
|
|
||||||
if [ -e export-ca.crt ]; then
|
|
||||||
cat export-ca.crt "$CRL" >"$RT"
|
|
||||||
else
|
|
||||||
cat ca.crt "$CRL" >"$RT"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# verify the revocation
|
|
||||||
$OPENSSL verify -CAfile "$RT" -crl_check "$1.crt"
|
|
||||||
else
|
|
||||||
echo 'Please source the vars script first (i.e. "source ./vars")'
|
|
||||||
echo 'Make sure you have edited it to reflect your configuration.'
|
|
||||||
fi
|
|
@ -1,7 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
# Sign a certificate signing request (a .csr file)
|
|
||||||
# with a local root certificate and key.
|
|
||||||
|
|
||||||
export EASY_RSA="${EASY_RSA:-.}"
|
|
||||||
"$EASY_RSA/pkitool" --interact --sign $*
|
|
@ -1,80 +0,0 @@
|
|||||||
# easy-rsa parameter settings
|
|
||||||
|
|
||||||
# NOTE: If you installed from an RPM,
|
|
||||||
# don't edit this file in place in
|
|
||||||
# /usr/share/openvpn/easy-rsa --
|
|
||||||
# instead, you should copy the whole
|
|
||||||
# easy-rsa directory to another location
|
|
||||||
# (such as /etc/openvpn) so that your
|
|
||||||
# edits will not be wiped out by a future
|
|
||||||
# OpenVPN package upgrade.
|
|
||||||
|
|
||||||
# This variable should point to
|
|
||||||
# the top level of the easy-rsa
|
|
||||||
# tree.
|
|
||||||
export EASY_RSA="`pwd`"
|
|
||||||
|
|
||||||
#
|
|
||||||
# This variable should point to
|
|
||||||
# the requested executables
|
|
||||||
#
|
|
||||||
export OPENSSL="openssl"
|
|
||||||
export PKCS11TOOL="pkcs11-tool"
|
|
||||||
export GREP="grep"
|
|
||||||
|
|
||||||
|
|
||||||
# This variable should point to
|
|
||||||
# the openssl.cnf file included
|
|
||||||
# with easy-rsa.
|
|
||||||
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
|
|
||||||
|
|
||||||
# Edit this variable to point to
|
|
||||||
# your soon-to-be-created key
|
|
||||||
# directory.
|
|
||||||
#
|
|
||||||
# WARNING: clean-all will do
|
|
||||||
# a rm -rf on this directory
|
|
||||||
# so make sure you define
|
|
||||||
# it correctly!
|
|
||||||
export KEY_DIR="$EASY_RSA/keys"
|
|
||||||
|
|
||||||
# Issue rm -rf warning
|
|
||||||
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
|
|
||||||
|
|
||||||
# PKCS11 fixes
|
|
||||||
export PKCS11_MODULE_PATH="dummy"
|
|
||||||
export PKCS11_PIN="dummy"
|
|
||||||
|
|
||||||
# Increase this to 2048 if you
|
|
||||||
# are paranoid. This will slow
|
|
||||||
# down TLS negotiation performance
|
|
||||||
# as well as the one-time DH parms
|
|
||||||
# generation process.
|
|
||||||
export KEY_SIZE=2048
|
|
||||||
|
|
||||||
# In how many days should the root CA key expire?
|
|
||||||
export CA_EXPIRE=3650
|
|
||||||
|
|
||||||
# In how many days should certificates expire?
|
|
||||||
export KEY_EXPIRE=3650
|
|
||||||
|
|
||||||
# These are the default values for fields
|
|
||||||
# which will be placed in the certificate.
|
|
||||||
# Don't leave any of these fields blank.
|
|
||||||
export KEY_COUNTRY="US"
|
|
||||||
export KEY_PROVINCE="CA"
|
|
||||||
export KEY_CITY="SanFrancisco"
|
|
||||||
export KEY_ORG="Fort-Funston"
|
|
||||||
export KEY_EMAIL="me@myhost.mydomain"
|
|
||||||
export KEY_OU="MyOrganizationalUnit"
|
|
||||||
|
|
||||||
# X509 Subject Field
|
|
||||||
export KEY_NAME="EasyRSA"
|
|
||||||
|
|
||||||
# PKCS11 Smart Card
|
|
||||||
# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
|
|
||||||
# export PKCS11_PIN=1234
|
|
||||||
|
|
||||||
# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
|
|
||||||
# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
|
|
||||||
# export KEY_CN="CommonName"
|
|
@ -1,26 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
cnf="$1/openssl.cnf"
|
|
||||||
|
|
||||||
if [ "$OPENSSL" ]; then
|
|
||||||
if $OPENSSL version | grep -E "0\.9\.6[[:alnum:]]?" > /dev/null; then
|
|
||||||
cnf="$1/openssl-0.9.6.cnf"
|
|
||||||
elif $OPENSSL version | grep -E "0\.9\.8[[:alnum:]]?" > /dev/null; then
|
|
||||||
cnf="$1/openssl-0.9.8.cnf"
|
|
||||||
elif $OPENSSL version | grep -E "1\.0\.[[:digit:]][[:alnum:]]?" > /dev/null; then
|
|
||||||
cnf="$1/openssl-1.0.0.cnf"
|
|
||||||
else
|
|
||||||
cnf="$1/openssl.cnf"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo $cnf
|
|
||||||
|
|
||||||
if [ ! -r $cnf ]; then
|
|
||||||
echo "**************************************************************" >&2
|
|
||||||
echo " No $cnf file could be found" >&2
|
|
||||||
echo " Further invocations will fail" >&2
|
|
||||||
echo "**************************************************************" >&2
|
|
||||||
fi
|
|
||||||
|
|
||||||
exit 0
|
|
Loading…
x
Reference in New Issue
Block a user