CONFIGDIR=$PWD/$(dirname $0)/../config
BASEDIR=$PWD/$(dirname $0)/../test
-CONFIGFILES="index.txt serial.txt req_conf.cnf"
+CONFIGFILES="index.txt serial.txt"
PASSWORD='changeit'
CATYPES='trusted fake big expired nokeyusage root subca subsubca'
+#CATYPES='trusted fake expired nokeyusage root subca subsubca'
BIG_BITS=8192
SMALL_BITS=1024
cp $CONFIGDIR/$config .
done
+ sed "s/\$ENV::CATYPE/${catype}/" <$CONFIGDIR/req_conf.cnf > req_conf.cnf
+
if [ "$catype" = "big" ]; then
BITS=$BIG_BITS
else
function generate_ca_cert {
catype=$1 # current CA to generate
- export CATYPE=$2 # parent CA if applicable
+ parenttype=$2 # parent CA if applicable
DAYS=$3 # days flag
selfsign=$4 # whether to generate self signed CA or hierarchical
bits=$5 # number of bits for the CA cert
echo CA certificate request generation failed!
exit 1
fi
+ echo `pwd`
openssl ca -in ${catype}.req -out ${catype}.cert -outdir . \
- -md md5 -config req_conf.cnf -batch -extensions ca_cert_req ${DAYS}
+ -md md5 -cert $CASROOT/$parenttype-ca/$parenttype.cert -keyfile $CASROOT/$parenttype-ca/$parenttype.priv \
+ -config req_conf.cnf -batch -extensions ca_cert_req ${DAYS}
if [ $? -ne "0" ]; then
echo CA certificate signing failed!
exit 1
fi
else
- openssl req -new -x509 -out ${catype}.cert $DAYS -nodes \
- -keyout ${catype}.priv -config req_conf.cnf -newkey rsa:$bits -extensions ca_cert_req -subj "${dn}"
- if [ $? -ne "0" ]; then
- echo CA certificate generation failed!
- exit 1
+ if [ x$catype == "xnokeyusage" ]; then
+ openssl req -new -x509 -out ${catype}.cert $DAYS -nodes \
+ -keyout ${catype}.priv -config req_conf.cnf -newkey rsa:$bits -extensions ca_cert_req_nokeyusage -subj "${dn}"
+ if [ $? -ne "0" ]; then
+ echo CA certificate generation failed!
+ exit 1
+ fi
+ else
+ openssl req -new -x509 -out ${catype}.cert $DAYS -nodes \
+ -keyout ${catype}.priv -config req_conf.cnf -newkey rsa:$bits -extensions ca_cert_req -subj "${dn}"
+ if [ $? -ne "0" ]; then
+ echo CA certificate generation failed!
+ exit 1
+ fi
fi
fi
dn="/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=$2"
- echo "Creating a cert for '$CN' in files named $filebase.(cert|priv)"
+ echo "Creating a cert for '$2' in files named $filebase.(cert|priv)"
echo " with $flags flags and $validity days validity time"
if [ -r "$filebase.cert" -o -r "$filebase.priv" ]; then
exit 1
fi
- # Get the serial number of the certificate that will eventually sign the proxy.
- # Put it into a temporary file to be read by the ca command later.
-
-# SERIAL=$(openssl x509 -in ${filebase}.cert -noout -serial | sed 's/^serial=//')
-# echo ${SERIAL} > ${CA_DIR}/serial_proxy.txt
- # cat ${CA_DIR}/serial_proxy.txt
-
- # some minor cleanup
-# rm $filebase.req
-
create_p12 $filebase
}
+# create_cert_proxy "file base (signer)" "ignored" "added part to filename" "CN part to add" "days"
function create_cert_proxy {
filebase=$1
ending="grid_proxy"
+ echo "##### creating proxy $1.$3.$ending"
+
# This really depends on if we make a proxy or a proxy-proxy
X509_SIGNING_CERT=${filebase}.cert
X509_SIGNING_KEY=${filebase}.priv
X509_PROX_REQ=${filebase}.${ident}.req
X509_PROX_GRID=${filebase}.${ident}.${ending}
- dn="`openssl x509 -in ${X509_SIGNING_CERT} -subject -noout| sed 's/^subject= //'`/CN=$4"
+ if [ x$ident == "xproxy_dnerror2" ]; then
+ dn="`openssl x509 -in ${X509_SIGNING_CERT} -subject -noout| sed 's/^subject= //'` dnerror2/CN=$4"
+ else
+ dn="`openssl x509 -in ${X509_SIGNING_CERT} -subject -noout| sed 's/^subject= //'`/CN=$4"
+ fi
echo "Creating a proxy cert ${X509_PROX_CERT} for '$dn"
echo " in files named $filebase.(cert|priv)"
return
fi
-
- # Have to 'edit' the ca database to remove the entry for the signing certificate.
- # maybe no need... make a dummy database, touch and then delete afterwards...
-# touch ${CA_DIR}/index_proxy.txt
-
# instead save the ones for real certs and copy the ones saved before and use them and later switch back
cp ${CA_DIR}/index.txt ${CA_DIR}/index_cert_save.txt
cp ${CA_DIR}/serial.txt ${CA_DIR}/serial_cert_save.txt
fi
# Sign the cert request with the user cert and key. Set the serial number here!
-
CMD="openssl ca -verbose -in ${X509_PROX_REQ} \
-cert ${X509_SIGNING_CERT} \
-keyfile ${X509_SIGNING_KEY} \
-preserveDN \
-config ${REQ_CONFIG_FILE} -md md5 -days ${validity} -batch \
-passin pass:${PASSWORD} -notext"
+
+ case $ident in
+ proxy_rfc)
+ CMD="$CMD -extensions proxy_rfc"
+ ;;
+ proxy_rfc_anyp)
+ CMD="$CMD -extensions proxy_rfc_anypolicy"
+ ;;
+ proxy_rfc_indep)
+ CMD="$CMD -extensions proxy_rfc_independent"
+ ;;
+ proxy_rfc_lim)
+ CMD="$CMD -extensions proxy_rfc_limited"
+ ;;
+ proxy_rfc_plen)
+ CMD="$CMD -extensions proxy_rfc_pathLen1"
+ ;;
+ proxy_invKeyusage)
+ CMD="$CMD -extensions proxy_invalid_usage"
+ ;;
+ esac
echo $CMD; $CMD
if [ $? != 0 ]; then
# copy the normal cert files back
cp ${CA_DIR}/index_cert_save.txt ${CA_DIR}/index.txt
cp ${CA_DIR}/serial_cert_save.txt ${CA_DIR}/serial.txt
-
- # Clean up stuff
- # rm ${CA_DIR}/serial_proxy.txt ${CA_DIR}/index_proxy.txt
- # most of the cleanup should be done in the create_cert_proxy_proxy function
- # since some files need to be kept for signing purposes later!
}
+# create_cert_proxy "file base (signer)" "ignored" "added part to filename" "CN part to add" "days"
+# create_cert_proxy_proxy "file base (signer)" "ignored" "added part to filename" "CN part to add" "days" "first proxy type"
function create_cert_proxy_proxy {
ending="grid_proxy"
+ echo "############## creating proxy-proxy $1.$6.$3.$ending"
+
create_cert_proxy $1.$6 "$2" $3 "$4" $5
+ # adding in the original certificate to the chain. 03/06/05
+ CMD="openssl x509 -in $1.cert >> \"$1.$6.$3.$ending\""
+ echo "$CMD"; eval "$CMD"
+
+ if [ $? != 0 ]; then
+ echo Proxy file generation failed!
+ exit 1
+ fi
+}
+
+# create_cert_proxy "file base (signer)" "ignored" "added part to filename" "CN part to add" "days"
+# create_cert_proxy_proxy "file base (signer)" "ignored" "added part to filename" "CN part to add" "days" "first proxy type"
+# create_cert_proxy_proxy_proxy "file base (signer)" "ignored" "added part to filename" "CN part to add" "days" "first proxy type" "second proxy type"
+function create_cert_proxy_proxy_proxy {
+
+ ending="grid_proxy"
+
+ echo "############################ creating proxy-proxy-proxy $1.$6.$7.$3.$ending"
+
+ create_cert_proxy_proxy $1.$6 "$2" $3 "$4" $5 $7
+
# echo Appending $1.cert to "$1.$3.$6.$ending"
# adding in the original certificate to the chain. 03/06/05
- CMD="openssl x509 -in $1.cert >> \"$1.$3.$6.$ending\""
+ CMD="openssl x509 -in $1.cert >> \"$1.$6.$7.$3.$ending\""
echo "$CMD"; eval "$CMD"
if [ $? != 0 ]; then
# generating CRL
openssl ca -gencrl -crldays 10000 -out $CA_DIR/${catype}.crl -config $REQ_CONFIG_FILE
- # make it user friendly
- if [ ! -d 'grid-security/certificates' ]; then
- mkdir -p 'grid-security/certificates'
- fi
- hash=$(openssl x509 -hash -noout -in $CA_DIR/${catype}.cert)
- cp $CA_DIR/${catype}.cert grid-security/certificates/${hash}.0
- cp $CA_DIR/${catype}.crl grid-security/certificates/${hash}.r0
- # generating a signing_policy file
- subject_name=$(openssl x509 -in $CA_DIR/${catype}.cert -subject -noout)
- cat <<EOF >grid-security/certificates/${hash}.signing_policy
-# Signing policy file for the $(echo "$subject_name" | sed -e 's#^.*/CN=##')
-access_id_CA X509 '${subject_name:9}'
-pos_rights globus CA:sign
-cond_subjects globus '"$(echo "${subject_name:9}" | sed -e 's#/CN=.*$##')/*"'
-EOF
+ add_ca_grid_sec ${catype}
cp $CERT_DIR/${catype}_host.cert grid-security/hostcert.pem
openssl rsa -passin pass:$PASSWORD -in $CERT_DIR/${catype}_host.priv -out grid-security/hostkey.pem
fi
}
+# add a ca to the grid-security/certificates directory
+function add_ca_grid_sec {
-# create all certificates
-function create_all {
+ if [ ! -d 'grid-security/certificates' ]; then
+ mkdir -p 'grid-security/certificates'
+ fi
+ hash=$(openssl x509 -hash -noout -in $CA_DIR/${catype}.cert)
+ cp $CA_DIR/${catype}.cert grid-security/certificates/${hash}.0
+ cp $CA_DIR/${catype}.crl grid-security/certificates/${hash}.r0
+ # generating a signing_policy file
+ subject_name=$(openssl x509 -in $CA_DIR/${catype}.cert -subject -noout)
+ cat <<EOF >grid-security/certificates/${hash}.signing_policy
+# Signing policy file for the $(echo "$subject_name" | sed -e 's#^.*/CN=##')
+access_id_CA X509 '${subject_name:9}'
+pos_rights globus CA:sign
+cond_subjects globus '"$(echo "${subject_name:9}" | sed -e 's#/CN=.*$##')/*"'
+EOF
- # If we have the trusted CA, then generate a user cert/key pair
- # And also a host cert/key pair.
- if [ "$catype" == "trusted" ]; then
- create_some
- rm ${CA_DIR}/serial_proxy.txt; # touch ${CA_DIR}/serial_proxy.txt
- fi
+}
+
+
+# create all certificates
+function create_all {
# create valid certs with proxies
create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS
create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_dnerror "dnerror proxy" $PROXY_VALIDITY
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_dnerror2 "proxy" $PROXY_VALIDITY
create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_lim "limited proxy" $PROXY_VALIDITY
create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_rfc "rfc proxy" $PROXY_VALIDITY
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_rfc_anyp "rfc any policy proxy" $PROXY_VALIDITY
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_rfc_lim "limited rfc proxy" $PROXY_VALIDITY
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_rfc_indep "rfc independent proxy" $PROXY_VALIDITY
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_rfc_plen "rfc path len 1 proxy" $PROXY_VALIDITY
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_invKeyusage "proxy" $PROXY_VALIDITY
+
+
create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_dnerror "dnerror proxy" $PROXY_VALIDITY proxy
create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_lim "limited proxy" $PROXY_VALIDITY proxy
create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy_exp
create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy_exp
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_rfc "rfc proxy" $PROXY_VALIDITY proxy
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy_rfc
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_rfc_lim "limited proxy" $PROXY_VALIDITY proxy_rfc
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_rfc "rfc proxy" $PROXY_VALIDITY proxy_rfc_plen
+
+ create_cert_proxy_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_rfc "rfc proxy" $PROXY_VALIDITY proxy_rfc_plen proxy_rfc
+
+
TYPE="clientbaddn"
CTYPE="client with bad DN"
create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy
- TYPE="clientserial"
- CTYPE="client serial"
-
- create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS
- create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
- create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy
-
- TYPE="clientemail"
- CTYPE="client email"
-
- create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS
- create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
- create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDIT $PROXY_VALIDITY proxy
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy_exp
-
- TYPE="clientuid"
- CTYPE="client UID"
-
- create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS
- create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
- create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy_exp
-
- TYPE="fclient"
- CTYPE="flag client"
-
- create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS
- create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
- create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy_exp
-
- TYPE="bigclient"
- CTYPE="bigclient"
- TYPE2="client"
-
- create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} $DAYS 4096
- create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
- create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy_exp
-
- TYPE="verybigclient"
- CTYPE="very big client"
- TYPE2="client"
-
- create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} $DAYS 8192
- create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
- create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy_exp
-
- TYPE="server"
- CTYPE="server"
-
- create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS
- create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
- create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy_exp
-
- TYPE="host"
- CTYPE="$HOSTNAME"
- TYPE2="server"
-
- create_cert $CERT_DIR/${catype}_${TYPE} "${CTYPE}" ${TYPE2} $DAYS
-
- TYPE="host_rev"
- CTYPE="$HOSTNAME"
- TYPE2="server"
-
- create_cert $CERT_DIR/${catype}_${TYPE} "${CTYPE}" ${TYPE2} $DAYS
- openssl ca -revoke $CERT_DIR/${catype}_${TYPE}.cert -config $REQ_CONFIG_FILE
-
-
- TYPE="host_exp"
- CTYPE="$HOSTNAME"
- TYPE2="server"
-
- create_cert $CERT_DIR/${catype}_${TYPE} "${CTYPE}" ${TYPE2} -1
-
- TYPE="host_baddn"
- CTYPE="$HOSTNAME"
- TYPE2="hostbaddn"
-
- create_cert $CERT_DIR/${catype}_${TYPE} "${CTYPE}" ${TYPE2} $DAYS
-
- TYPE="altname"
- CTYPE="altname"
-
- create_cert $CERT_DIR/${catype}_${TYPE} "$catype\/xxx.foo.bar" ${TYPE} $DAYS
-
- TYPE="altname"
- CTYPE="altname2"
-
- create_cert $CERT_DIR/${catype}_${TYPE}2 "xxx.foo.bar" ${TYPE} $DAYS
-
- TYPE="server"
- CTYPE="server2"
-
- create_cert $CERT_DIR/${catype}_${TYPE}2 "xxx.foo.bar" ${TYPE} $DAYS
-
- TYPE="clientserver"
- CTYPE="clientserver"
-
- create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS
- create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
- create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy_exp
-
- TYPE="none"
- CTYPE="none"
-
- create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS
- create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
- create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy_exp
-
+ if [ $catype == "trusted" ]; then
+
+ TYPE="clientserial"
+ CTYPE="client serial"
+
+ create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy
+
+ TYPE="clientemail"
+ CTYPE="client email"
+
+ create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDIT $PROXY_VALIDITY proxy
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy_exp
+
+ TYPE="clientuid"
+ CTYPE="client UID"
+
+ create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy_exp
+
+ TYPE="fclient"
+ CTYPE="flag client"
+
+ create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy_exp
+
+ TYPE="bigclient"
+ CTYPE="bigclient"
+ TYPE2="client"
+
+ create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} $DAYS 4096
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy_exp
+
+ TYPE="verybigclient"
+ CTYPE="very big client"
+ TYPE2="client"
+
+ create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} $DAYS 8192
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy_exp
+
+ TYPE="server"
+ CTYPE="server"
+
+ create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy_exp
+
+ TYPE="host"
+ CTYPE="$HOSTNAME"
+ TYPE2="server"
+
+ create_cert $CERT_DIR/${catype}_${TYPE} "${CTYPE}" ${TYPE2} $DAYS
+
+ TYPE="host_rev"
+ CTYPE="$HOSTNAME"
+ TYPE2="server"
+
+ create_cert $CERT_DIR/${catype}_${TYPE} "${CTYPE}" ${TYPE2} $DAYS
+ openssl ca -revoke $CERT_DIR/${catype}_${TYPE}.cert -config $REQ_CONFIG_FILE
+
+
+ TYPE="host_exp"
+ CTYPE="$HOSTNAME"
+ TYPE2="server"
+
+ create_cert $CERT_DIR/${catype}_${TYPE} "${CTYPE}" ${TYPE2} -1
+
+ TYPE="host_baddn"
+ CTYPE="$HOSTNAME"
+ TYPE2="hostbaddn"
+
+ create_cert $CERT_DIR/${catype}_${TYPE} "${CTYPE}" ${TYPE2} $DAYS
+
+ TYPE="altname"
+ CTYPE="altname"
+
+ create_cert $CERT_DIR/${catype}_${TYPE} "$catype\/xxx.foo.bar" ${TYPE} $DAYS
+
+ TYPE="altname"
+ CTYPE="altname2"
+
+ create_cert $CERT_DIR/${catype}_${TYPE}2 "xxx.foo.bar" ${TYPE} $DAYS
+
+ TYPE="server"
+ CTYPE="server2"
+
+ create_cert $CERT_DIR/${catype}_${TYPE}2 "xxx.foo.bar" ${TYPE} $DAYS
+
+ TYPE="clientserver"
+ CTYPE="clientserver"
+
+ create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy_exp
+
+ TYPE="none"
+ CTYPE="none"
+
+ create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy_exp
+
# create certs with valid proxies, but expired user certs
-
- TYPE="client_exp"
- CTYPE="client expired"
- TYPE2="client"
-
- create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} -1
- create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
-
- TYPE="fclient_exp"
- CTYPE="flag client expired"
- TYPE2="fclient"
-
- create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} -1
- create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
-
- TYPE="server_exp"
- CTYPE="flag server expired"
- TYPE2="server"
-
- create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} -1
- create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
-
- TYPE="clientserver_exp"
- CTYPE="clientserver expired"
- TYPE2="clientserver"
-
- create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} -1
- create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
-
- TYPE="none_exp"
- CTYPE="none expired"
- TYPE2="none"
-
- create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} -1
- create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
-
+
+ TYPE="client_exp"
+ CTYPE="client expired"
+ TYPE2="client"
+
+ create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} -1
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
+
+ TYPE="fclient_exp"
+ CTYPE="flag client expired"
+ TYPE2="fclient"
+
+ create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} -1
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
+
+ TYPE="server_exp"
+ CTYPE="flag server expired"
+ TYPE2="server"
+
+ create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} -1
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
+
+ TYPE="clientserver_exp"
+ CTYPE="clientserver expired"
+ TYPE2="clientserver"
+
+ create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} -1
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
+
+ TYPE="none_exp"
+ CTYPE="none expired"
+ TYPE2="none"
+
+ create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} -1
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
+
# Create revoked certificates with otherwise valid proxies
-
- TYPE="client_rev"
- CTYPE="client revoked"
- TYPE2="client"
-
- create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} $DAYS
- create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
- openssl ca -revoke $CERT_DIR/${catype}_${TYPE}.cert -config $REQ_CONFIG_FILE
-
- TYPE="fclient_rev"
- CTYPE="flag client revoked"
- TYPE2="fclient"
-
- create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} $DAYS
- create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
- openssl ca -revoke $CERT_DIR/${catype}_${TYPE}.cert -config $REQ_CONFIG_FILE
-
- TYPE="server_rev"
- CTYPE="server revoked"
- TYPE2="server"
-
- create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} $DAYS
- create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
- openssl ca -revoke $CERT_DIR/${catype}_${TYPE}.cert -config $REQ_CONFIG_FILE
-
- TYPE="clientserver_rev"
- CTYPE="clientserver revoked"
- TYPE2="clientserver"
-
- create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} $DAYS
- create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
- openssl ca -revoke $CERT_DIR/${catype}_${TYPE}.cert -config $REQ_CONFIG_FILE
-
- TYPE="none_rev"
- CTYPE="none revoked"
- TYPE2="none"
-
- create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} $DAYS
- create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
- openssl ca -revoke $CERT_DIR/${catype}_${TYPE}.cert -config $REQ_CONFIG_FILE
-
- # some extra certificates
+
+ TYPE="client_rev"
+ CTYPE="client revoked"
+ TYPE2="client"
+
+ create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} $DAYS
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
+ openssl ca -revoke $CERT_DIR/${catype}_${TYPE}.cert -config $REQ_CONFIG_FILE
+ TYPE="fclient_rev"
+ CTYPE="flag client revoked"
+ TYPE2="fclient"
+
+ create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} $DAYS
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
+ openssl ca -revoke $CERT_DIR/${catype}_${TYPE}.cert -config $REQ_CONFIG_FILE
+
+ TYPE="server_rev"
+ CTYPE="server revoked"
+ TYPE2="server"
+
+ create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} $DAYS
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
+ openssl ca -revoke $CERT_DIR/${catype}_${TYPE}.cert -config $REQ_CONFIG_FILE
+
+ TYPE="clientserver_rev"
+ CTYPE="clientserver revoked"
+ TYPE2="clientserver"
+
+ create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} $DAYS
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
+ openssl ca -revoke $CERT_DIR/${catype}_${TYPE}.cert -config $REQ_CONFIG_FILE
+
+ TYPE="none_rev"
+ CTYPE="none revoked"
+ TYPE2="none"
+
+ create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} $DAYS
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
+ openssl ca -revoke $CERT_DIR/${catype}_${TYPE}.cert -config $REQ_CONFIG_FILE
+
+ fi
+
# generating CRL
openssl ca -gencrl -crldays 10000 -out $CA_DIR/${catype}.crl -config $REQ_CONFIG_FILE
+ # If we have the trusted CA, then generate a user cert/key pair
+ # And also a host cert/key pair.
+
+ if [ "$catype" == "trusted" ]; then
+ create_some
+ else
+ # othewise if the ca is not the fake one, add them to the grid-security/certificates directory
+ if [ "$catype" != "fake" ]; then
+ add_ca_grid_sec $catype
+ fi
+ fi
+
# now do the clean-up?
rm ${CA_DIR}/serial_proxy.txt ${CA_DIR}/index_proxy.txt ${CA_DIR}/serial_cert_save.txt ${CA_DIR}/index_cert_save.txt
echo "+-----------------------"
cd $TARGETDIR
- export CATYPE=${catype}
- export CA_DIR=${catype}-ca
- export CERT_DIR=${catype}-certs
- export REQ_CONFIG_FILE=$CA_DIR/req_conf.cnf
- export PROXY_BITS=1024
+ CA_DIR=${catype}-ca
+ CERT_DIR=${catype}-certs
+ REQ_CONFIG_FILE=$CA_DIR/req_conf.cnf
+ PROXY_BITS=1024
+ # this is needed for the req_config.cnf to work
export CASROOT=./
# putting the CA certificate to the right place
mkdir -p $CERT_DIR
- if [ $catype = "bad" ] ; then
- #Create a CA with bad certificates (namespaces, signing policies etc.)
- create_bad
+ if [ "$ALL" = "yes" ]; then
+ create_all
else
-
- if [ "$ALL" = "yes" ]; then
- create_all
- else
- create_some
- fi
+ create_some
fi
done
### req command\r
\r
+oid_section = new_oids\r
+\r
+[ new_oids ]\r
+limitedProxyOid = 1.3.6.1.4.1.3536.1.1.1.9\r
+\r
[ req ]\r
default_bits = 1024\r
distinguished_name = req_distinguished_name\r
basicConstraints = CA:true\r
subjectKeyIdentifier = hash\r
authorityKeyIdentifier = keyid:always,issuer:always\r
-keyUsage = cRLSign, keyCertSign\r
+keyUsage = critical, cRLSign, keyCertSign\r
+\r
+[ ca_cert_req_nokeyusage ]\r
+basicConstraints = CA:true\r
+subjectKeyIdentifier = hash\r
+authorityKeyIdentifier = keyid:always,issuer:always\r
+keyUsage = critical, cRLSign\r
\r
[ proxy_cert_req ]\r
\r
[ proxy_none ]\r
keyUsage = critical,digitalSignature,keyEncipherment\r
\r
+[ proxy_invalid_usage ]\r
+keyUsage = critical,keyEncipherment\r
+\r
+[ proxy_rfc_pathLen1 ]\r
+proxyCertInfo=critical,language:id-ppl-inheritAll,pathlen:1\r
+\r
+[ proxy_rfc ]\r
+proxyCertInfo=critical,language:id-ppl-inheritAll\r
+\r
+[ proxy_rfc_anypolicy ]\r
+proxyCertInfo=critical,language:id-ppl-anyLanguage,policy:text:AB\r
+\r
+[ proxy_rfc_independent ]\r
+proxyCertInfo=critical,language:id-ppl-independent,pathlen:1\r
+\r
+[ proxy_rfc_limited ]\r
+proxyCertInfo=critical,language:limitedProxyOid\r
-----BEGIN CERTIFICATE-----
-MIIKATCCBemgAwIBAgIJAJ8B/7ukFzCMMA0GCSqGSIb3DQEBBQUAMFkxCzAJBgNV
+MIIKBDCCBeygAwIBAgIJAMAFlm8hDOq7MA0GCSqGSIb3DQEBBQUAMFkxCzAJBgNV
BAYTAlVHMQ8wDQYDVQQHEwZUcm9waWMxDzANBgNVBAoTBlV0b3BpYTETMBEGA1UE
-CxMKUmVsYXhhdGlvbjETMBEGA1UEAxMKdGhlIGJpZyBDQTAeFw0wOTExMTgyMDA5
-NTdaFw0zNzA0MDUyMDA5NTdaMFkxCzAJBgNVBAYTAlVHMQ8wDQYDVQQHEwZUcm9w
+CxMKUmVsYXhhdGlvbjETMBEGA1UEAxMKdGhlIGJpZyBDQTAeFw0wOTEyMDkxNjI3
+MDhaFw0zNzA0MjYxNjI3MDhaMFkxCzAJBgNVBAYTAlVHMQ8wDQYDVQQHEwZUcm9w
aWMxDzANBgNVBAoTBlV0b3BpYTETMBEGA1UECxMKUmVsYXhhdGlvbjETMBEGA1UE
-AxMKdGhlIGJpZyBDQTCCBCIwDQYJKoZIhvcNAQEBBQADggQPADCCBAoCggQBAMMP
-gBs+EVHOOA2uzaKfom1nc2JmCSjYTBcJV3PlZtLO+1a3B2Rfp1uJ9YnLZoJHkmiI
-du2aUvSndEQ2rD0k9EB9yHCPI8qaq2CWM1uJgPt2olWnVSIHVEdU27D3ADSWTY+6
-VixPcDqNjk8uMjNuNYJGr1azL6z79ig8RAQyHhMzUEdgMBKgSE6HdAGYJNjqm1+S
-WliBXi83bKcmB07cBl5rKW0zD2WATlCJh1wkURvrCpsVKBmVcK8itwsl5Jebnwmw
-QCN0gXfjnRfTEM4Rp3PQfY9IydgwP72To/Jou8Lm73nGg251XLvvYFFnPX/sjZ3p
-RPFZkZoF4nEQc61/ziWtlWc3DvtwbxoLMNqy/jtrfq7+AB/p19vfFZ3+vBfgqjPa
-h75MC7gRRaR5ia8tDlaKGvq8O7iKo4d6QBgX2hX4FP4WbPu1hH91OhvUklYTvDc+
-zAQngEtf80WOve38TVTINbimhlxo3xSBEyd0Zdpgq0WKXfpmaHoUpqvyrQLTaASh
-yhHqMzh5i+m3JKpovU2G3jO7Iav0uEcRWOKLSZjDaP/TTYimzi71PxkFNu/a/sOr
-16VchTOr+SAwgseM9PMZTsFKHwgfeIRPz1kAhWMz6rnQdfBg3Q/wEc3NqsgF1GMt
-6ttDFlGMrq7wWo59aE01R/+uR9OiP3N6GxEVw6cY2e2tWRZwJOMJM6M27bfkXG+R
-nuctC5fUBOXaFyuUHLars2Yo0Eygu0MOgYz2WPbjIe5WbKYC/sZjcJAmD7lFGo3e
-6ChHjxq9XKCLD3+t42Sh2n+c7D5R0F2Q0QEwwbCca6ulZ5bJTGBVP8Dr1BiJRICg
-BcmoHhHVg+/zvERAqHU9fk5jvpb5BFQPS3/ReRYH+dFiiqzNhLjfSPuWYKFW70Xg
-3QHQBu0IqNdJq1Og8SIcDxJ/kiNbW6GYYb1e5ZDWjszhtsPvKT8n9q8sqN6JzcX2
-2n9e1UAjz0tJn2z1IY3FJIalKmyo+DgvThAE8tPecW3370/LI64Slb1WoEYTwt1j
-s2hSXqODMdC4xAJWuIQJIIxNFEtb5PE9ahpV8/Ff7vuka8EG8jLOjifNCrSpkOYf
-8EbHgbv+j9JQ68d9MDXdk3YgznXkQnEHVb8lw2NdjheM1GrTHfRz4VlbSChSM4l/
-pZC4CNLB7gItngJC5sSuc+L3hLFqqbiloFQpU6HUKnPFxBjVlaaf7HZcVsBWVehh
-/6jPDuutR4Q79QZrcxBUeuhH+X7ofvAvb9QWaqdlCM47/uZdD3PuOk0rN3UamB4G
-0VypiUpKI4R//69nG8kTCB8qLjjZWxPQvmtPhj+JnNt+9TB0xAhOhIrtfz5EYWmL
-cQf0D1r5JUfeeJkFyd8CAwEAAaOByzCByDAMBgNVHRMEBTADAQH/MB0GA1UdDgQW
-BBQgseI4jmaCF37DPSVAkJU0EhRpjTCBiwYDVR0jBIGDMIGAgBQgseI4jmaCF37D
-PSVAkJU0EhRpjaFdpFswWTELMAkGA1UEBhMCVUcxDzANBgNVBAcTBlRyb3BpYzEP
+AxMKdGhlIGJpZyBDQTCCBCIwDQYJKoZIhvcNAQEBBQADggQPADCCBAoCggQBANkY
+oZ/9Bi83Mn6PTnbxo4JgJRCXcfaefgScjIxKk40KhqBozEBOLBwz42GAWJ0rVz2+
+kF9ZGApAqCRmlann/dDEoOYQfSL29XUr+dr9h3GATtzU+9xfa/0BnykZAAcl6MFV
+MYy4aJUY5wiOaeaanDAeNuoj+RVYCZAvv23IYlIrjU0QySx8ykdIs+IQ75W6+inA
+PKb80Y8lj7TpArbicJoo29JLXCzHRMRBfBhNOAf6IVSWKcabyq9HmYFOwhPd7dLB
+6gZLrh0FEBrAju0IMGf8RlgaDJAqpda63DU4xrH+8yZcR/GAxa0Ax92AM04b9Atn
+e4xz1cIyrEcDj/EM+E9YPWTyag0dRMJDpC6BNajDWQibScy5D2UA1wL0MjHJYenS
+e/Xk0gEMjsLK91Io8rH9LfNoIaASqZ2tN+cO/UuP+vZCE6NoGTLFWKH8oMpnQfk6
+ARgA32uy+MDmW8jWM2vTC9JOBs3oZYtuS66VuC9CSqtG/S/4nbK7O/14Ooi0YaZQ
+cztDE9EP4nNKwTWKidTioUXAVJcF1FIzltxHsUClUyII6s3hHeIeRxZN9UBB+lBN
+QktjZx3nRmeMDfN7uBWYplX406c5jSPH4ZlDHepTEHddDHyy0mhQwKa/hhE2hZjZ
+63AYhc0DyaiJp0PsqLyk0FgBd3HdvNbT8hyjgtqKzinCsb64NREPCDzLcxC9fQUo
+Oxe58VnfI8HtnylWL3CTNFEiijotDxbpIFGxXZJHS+GsnvsSd076rGBVCv2GX9W9
+EJ0zZgv/tq+fdTV88Y4CjIexuzTxE6q5DKKUF/BKVyn++jBWamoWoh/RzDbKcsJP
+sE/rV7h5FVMaX2KfhdcYEaJ0kg/3RPzGuWryV4e83x7YvBPeMxSWEHW/ydHWc+PI
+6a7zACIhT3YnJqPrOrXijr3G1tMG2L9tHVV87xOftVs5fu2O+feXBv5T12xj4fgJ
+gEbGkS8AiuiY2c0EGH2dbgrzBAR7ubjlAndMOSWxxD874X7KLFw0n/zck7BME/hH
+o+k6ZC7OI1cCywVgaI1bZCPOkyLiHTzKha6nc6KjB0BQnObZatDTcWVg/uS8WyN9
+gRgv+Ga8MRJ58te4GYHlV6kbSuoEfIujWL7VDFi8t3b+U4Uqb4eaPuCdcnEYje1g
+8r9gFdUeg50YL1Mk5Roz20K0KKbz5yAyptDaGB8ld3v6zbvCw6qnZA3g7AXoFHNb
+Y3HTU+r4USSIxonGIQJPMVa0xtfNOInxix5Hz5UthFeZ25KLzLOHkfTTr271dwcv
+Cm1/ExkdUtSmtI5IKQofNJk9x237QLTOGZNBUwg/1ZAYa7T1d4ndmo+OTPXEIRUu
+hAwmb1MJjmHavd9I7NMCAwEAAaOBzjCByzAMBgNVHRMEBTADAQH/MB0GA1UdDgQW
+BBSyeeMzGfYa1Z+R0JX2b+biUseWujCBiwYDVR0jBIGDMIGAgBSyeeMzGfYa1Z+R
+0JX2b+biUseWuqFdpFswWTELMAkGA1UEBhMCVUcxDzANBgNVBAcTBlRyb3BpYzEP
MA0GA1UEChMGVXRvcGlhMRMwEQYDVQQLEwpSZWxheGF0aW9uMRMwEQYDVQQDEwp0
-aGUgYmlnIENBggkAnwH/u6QXMIwwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUA
-A4IEAQBi7pMGytwry4CalH6FjQSlGV/gF3HMMzDZ7Byf2m6jGs+8f6R/s0ruATwx
-VbER9ro36xCEJmrDVKeW3PSkcyJAFoxribSmgLaWa8E9O4GGTv0IlLDyDRaQs2IY
-icskfNCEEq6p9rnkA5MXq7hVsojafc1CShH4Bw5QOPxK/uX09DGcutO78TBdPMja
-jDoZi2toOUv6AwAeobbwKdRezRBoQVA97DPpb4ex+/AqZF9/nJsuaO9P87RtvJCA
-DRK+K/xYWeo9G+QrqSDxCqL48aDE6WAaaJkf3BzVj8xm+kNjWkpNHAt6Tr6IdUUt
-PuWyr329CqwiEDQcYt9y3fvi4LKkJRmKZrRoUWdD1ChWe6JbCWoa1mop6Wff1JU5
-WtY3N1COrqfGc/0xUG4pysSbzlk03UrHyRkCHOSt9AukxvWtU33tGN/TqKBLwntI
-y8Nq4ZdSwyni2INV+eIogZMt0CSejLb4dsrBMXCRfWeg0T6tL1B0upGb85vD2fn6
-m9xF1SDx+IjDfieLHjECE09fSi+G2oBebhqfWEArRyW8aaKjwFaPBL7kGMASJ83Y
-9HLg/tgNqSc4MI0+3Mnt9bPi83Lr2piIto3axB/GM2XP9gM+nxy1i63JqcfSWhF9
-eFOObROXiMSRKvJx2jhN4lwEB1TvfgtL3szDXuIuob8hsRZHzvlXMDxbZoFuwnLo
-kU62uqq5XR86B7TElwEBZkPIFTyNvp051e/hm/6uPuJXSDFAiqiNX/dzKObpEzOh
-1Mv+xQUVOuN8dRu/2rBKGp+vuZKEwVayjKF0NEmeygNMFal0GJ1NcZcydxnO8U0g
-GeBlUhDbM+eHmTCO4zzbTHydSP6x+eBbdJq9figqqhS4OD7SWPYyHEEeDLfs5Vgr
-ulzkexF0JxGcaQwKD1gFFZrUWB4J1dY7YIMPiQ8kaGsl1sGQgD7axnGRt7WPc0Yb
-HqaGGvV/ZBh88HkZPzYZqYwtHjVjvOkbCS8QSHvzWZSUKkyH/hKAHRcQ/g1tY/vF
-nSJYydt5qKhyxa+A/hbgqDNQpQscWTQ/lRBZakOfkpB8ZGd/EFbtV1tt+sHpToRp
-R/feABVYl3fa4jWT5om/I97PrKC2Jm4/qEx8P3LybUwUbw91iBRgVoQt9pU6PvfT
-YBnVz2N8diBGj8yZ7wyTxNiO3WjJUldrY4Q2FADUm09fOBw2pcF5gnor54NBKXT2
-7K2B3GoaNa3+Tk0bE5WhS2+hyolmt1qeu/5lGfbIUb5UlAxBYFOLpGuoDFutR86P
-MMyFqDMRWpEtqSLa2MA1WRSrS4v8r6wawpy6ZfX0B45TSDt4RemgqKVreVg7Oe13
-tOEKBYEvhpvq0ZQgcaUWPVE7eP3I
+aGUgYmlnIENBggkAwAWWbyEM6rswDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEB
+BQUAA4IEAQCUNIxuOf4Q2sTdTP6xUWPUnhGGes7LAEacOIw/QsFyEFbgaH0+lB7g
+nc1I8gG2/ZuvOBPo73s2oRai2Yn0OMHonJjlF+21iYAHyd0+XjmVbMwOMwJyUyV0
+QRZJt3i0eel4Ti6ml0w5qYoNoRqMh/xgVSFlaXaXl1TaxYDT3ZJNkajCIw2PcRcP
+HYdY41GpldLOUsyeqEAP4ktbwcHGjm5ThmFtl3PsDEoJpZ6/bhuy82GIImV9nOzl
+WEhry8tJL7l0N4znrjze/Lu4UknqqU9Y/Blj3mR+MYQMt2/dwqeqPsy7vk83uC2C
+OR+WUHjWSBn1hBScGUBUHWVMcGn2j5A5+k8LvRgSvrBDJGBzGVHDYtix5g1fDSM8
+Ocb+7shEsRgwu7FEt8p/E1QiQusO5sOkT9AN4430nZEn23SY9dejyRgsCMv2fgK9
+dY+FQjwubcY5SKvLcTEWwMkgeQkRs3Qot9h6rufPMsxjoI5D985ShpEQeJq5LXDT
+yK8hvSUF8IXA61pGtQ6CfmXmdaESq/33y3CD6iDtnifrllkDXu9dZHmpoK0xm/Ng
+CJAO/i+OLFARI92X6fMZ70dgOlOsnftunDkFstL9aSUwRItvJLEvgCO5ow9AcVBj
+957BbAvyo/T77v+Sps2yWVy/ryGyOWfjiMGna6oL79s/TrMTiwCJq24++rXDteMe
+x+dGQwkrXXx5ETIwbQeUhHyNwda9JxZRghEjpyIjfP4J0CO/KzOfHWFsnS35R22L
+5a1johlMA/cNHj8Scn5uCQA9QZD2npSDSYDyzB11VC+yWNXuY9d9/y/VsWCEyKKg
+IyEeqcMK1a/tOVSnLITxMrCWAdt20XDbLuqMeZTXFLTq5aP4gTZWbrY9bJDzDtaq
+7+M/Mt+VPz+C3KGKyd38wx6dP8mb/5sEax9JgZvpnVQTCRFzi2AOGEX75LEQOkYI
+Xf2IwkYCeW/o3DhfwqyzxyjboQlabD0GYsB7BrxyGEQ8XxspGb2PNa5Lyvy7WH5L
++8v4++gtDwqkDID/+hO0MDfuqGrCyThFMuKBwqvmo/z5xia2/s8/cUteQXjxQW2S
+4to6ooB3Z+Llihgkd5wM0zVm9GnQbHr3oaeqOmd6CfvxVzkAPAfDm2tW1hamme84
+Dw7n0NFromRErcqE9HRZ8l3+BR4tJ96ZBCZNNlfaxAT8nvMXgrwsAUfTSifnSj1+
+XMPxYppbHsx0OYmZY1ApkQuIU3T+VaJBAS5owf136KgUO2v9EuTRslYjMeHvMxWg
+UT+fvt1dbre29hVV998ZxOT+d2YvXh80NtN2sOv3MRn6DuHi2vdDo1X6msFEjELu
+65zrURNK4nhfrN2nS/rV671gDOVI1mw/
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
-MIISJwIBAAKCBAEAww+AGz4RUc44Da7Nop+ibWdzYmYJKNhMFwlXc+Vm0s77VrcH
-ZF+nW4n1ictmgkeSaIh27ZpS9Kd0RDasPST0QH3IcI8jypqrYJYzW4mA+3aiVadV
-IgdUR1TbsPcANJZNj7pWLE9wOo2OTy4yM241gkavVrMvrPv2KDxEBDIeEzNQR2Aw
-EqBITod0AZgk2OqbX5JaWIFeLzdspyYHTtwGXmspbTMPZYBOUImHXCRRG+sKmxUo
-GZVwryK3CyXkl5ufCbBAI3SBd+OdF9MQzhGnc9B9j0jJ2DA/vZOj8mi7wubvecaD
-bnVcu+9gUWc9f+yNnelE8VmRmgXicRBzrX/OJa2VZzcO+3BvGgsw2rL+O2t+rv4A
-H+nX298Vnf68F+CqM9qHvkwLuBFFpHmJry0OVooa+rw7uIqjh3pAGBfaFfgU/hZs
-+7WEf3U6G9SSVhO8Nz7MBCeAS1/zRY697fxNVMg1uKaGXGjfFIETJ3Rl2mCrRYpd
-+mZoehSmq/KtAtNoBKHKEeozOHmL6bckqmi9TYbeM7shq/S4RxFY4otJmMNo/9NN
-iKbOLvU/GQU279r+w6vXpVyFM6v5IDCCx4z08xlOwUofCB94hE/PWQCFYzPqudB1
-8GDdD/ARzc2qyAXUYy3q20MWUYyurvBajn1oTTVH/65H06I/c3obERXDpxjZ7a1Z
-FnAk4wkzozbtt+Rcb5Ge5y0Ll9QE5doXK5QctquzZijQTKC7Qw6BjPZY9uMh7lZs
-pgL+xmNwkCYPuUUajd7oKEePGr1coIsPf63jZKHaf5zsPlHQXZDRATDBsJxrq6Vn
-lslMYFU/wOvUGIlEgKAFyageEdWD7/O8RECodT1+TmO+lvkEVA9Lf9F5Fgf50WKK
-rM2EuN9I+5ZgoVbvReDdAdAG7Qio10mrU6DxIhwPEn+SI1tboZhhvV7lkNaOzOG2
-w+8pPyf2ryyo3onNxfbaf17VQCPPS0mfbPUhjcUkhqUqbKj4OC9OEATy095xbffv
-T8sjrhKVvVagRhPC3WOzaFJeo4Mx0LjEAla4hAkgjE0US1vk8T1qGlXz8V/u+6Rr
-wQbyMs6OJ80KtKmQ5h/wRseBu/6P0lDrx30wNd2TdiDOdeRCcQdVvyXDY12OF4zU
-atMd9HPhWVtIKFIziX+lkLgI0sHuAi2eAkLmxK5z4veEsWqpuKWgVClTodQqc8XE
-GNWVpp/sdlxWwFZV6GH/qM8O661HhDv1BmtzEFR66Ef5fuh+8C9v1BZqp2UIzjv+
-5l0Pc+46TSs3dRqYHgbRXKmJSkojhH//r2cbyRMIHyouONlbE9C+a0+GP4mc2371
-MHTECE6Eiu1/PkRhaYtxB/QPWvklR954mQXJ3wIDAQABAoIEAERYgweImOL0Abnx
-nMW1b2EsFUbN/7mbCBYuRMEsCPomYfSBTwrBZU9yqGDuru1JDKip4Bnir9xfbCKW
-kYUfFKIgMIIX9W+BADloh3g0VshFSh3+8ppovQP9XLjF4wGKBIUuwhDmiKlLfiiK
-RDa3D/Kkt70GLddLtXVloGNj+Bu8KA3KSy3LkWpKlcAVQhvrICO9kQBf29NpdR2f
-+oGMIIMmwy4q7OMgsNARUCdd5jmFAoNSR2mnbgM/g6lZTp48fd4ULnT91nteemWl
-o8bAcs7mp4fz9h1U0pCnUZOXVOq2pgQiJV0nrCWBe1sqdGcFSJ2i5XA3dQfltfDt
-1cpd9KpJBwdSSGKbg6I5d5W5j9DcGlhQUVTdR7AXm2hvoBIxuxFOKa/oz1ZgXumB
-WFfTzqlN3KQsHjTMBv5qPFj0yopWEWzyCJ+te055kbG8qsWURqeIzk1KVe6TIRcn
-K69ebu4c9I3Nc1ifukJh84cohqOcqYZFNCaPiV31LG0lK6/IyTKOSdI7IFVSaU6r
-yCIZbvLiJas0j1jD92mXT3CZY2EuXvT8YbdW0vmrHr+yjww9zHRdGsMrBtUTFchM
-lxY6cn1XSbv6L6NV+5FIsZs6zoHy5/TRcPGXzv1Nnb9hp8xMFp3lsdu/xusuAury
-9pfkow4idCbHNw2VVOwuRZuX56T9OIfCZkdmLsrHN78liuWoZq02jEWFs8i/ZCQ6
-xTFd52D9yxKVbWJ44kca6rUtEk4uNyvq8a8/rZoZE4P9gzN4tHDRDmP7vqO9Q9G3
-pGuYsyk25I6usdHpUGcP7gfXttIDens+d2uKuVFwJuHmijhrOduQ/8iGsNLg3xKq
-SdGoommvzJGUGbe3h9ghYW2XDfRniRl/c+wisUHb/t1yhGRcqowh22KbOucdYkuZ
-W96BVm3Bt2O/sQcVPeSxykvhlwoJljED52HgDqUT7grZMVtYDJuI4KF6RgK5ubsT
-7zbF7Pe42P95XzUp2mEPW4unU8H3MA6tJ/md7QEfM2ZwlNDcYDhYuFoF6lGOc6Ug
-8LMzyfuqeBCuYBHr9TM17oys6IkmY5BrUi5JKIobGMM0apVIzAv1anLxgE4yY6K5
-/NTvI/KKdYSawiH8XcUcMW0nhAWPBFU/VPcoLzYX7DN4iUQaSL3ArPiif3mWQXfH
-fQiagCxkOZdIlsVn32asoIlKnWM9/u/7Ww3G8dDDOoWY0vgZ0rmW9GpU6W9hvxS1
-Amx1nkeLX7JWxdJI6teQRJFBckhmc5NS3gOiFUwggwO2FYornwdlAn3z/XcfqCBY
-jnkdG7k/hcojyduQ5bY0yxFxGmkMKdsj2IeU16F08ZIIb4DGknjwldXQnkMdmk4c
-HSv4SEECggIBAONthGamE/BLTPVCvyDgbFCFrkVBgz4u3xZp/ag1hEzBDNjoN8lp
-KGh1eRLobWIx0BbQnor+WL/TIOiRF5DWgqRoNampf3uZAgHuAX8XwS7nbdeX8qf/
-dciPR5Iw+Px+/GeagLUOtl6TizG3oSuw44tEDqh58N20IpnxfAJUnUKn8Ax2q+HO
-rMsZAT5Ax3qSyABr8VXh5GbZ+2q9UL/9swEKX/gXz235XqT90Q3Gh3GJtoa9pGBV
-6kYaZuQgcQO7CNomQTcaujXf1wjzw/ktu8eIBKuLTvD6yc8OSo19QBj+gHi5G/T1
-9hZvpCGnR2MWiUjJmVA1yOkQkYmT3RP/BOs/+tkYENxw6yMYMEul4rzNstGXhDEA
-PsC6EUAmElnKuLLzbMsJNPPgYPnQULIPMs80HQ+oAkGEc+0ldq6bniNGgnSvMQ3o
-ziRiVf+xb9aQjpBekb7RZMbdECS+YKmkubzUCs2DaQ+hWaFLOyIqTw1/Pj091VYA
-me3ovLn1lqJk4szSA9wD2qz/YPRGQgtiPHnNpRYmllNDsQoayTxYbxOxJOiuVONQ
-Ce9sqYsJKH+PSaem68Nen69iR7zDCAokcKnVGxk/4Qx7NHGJyZaewPny8pKgEQ15
-MfOjkUReP3u3tlXtzv9mNrEyuSMDvMPCj9FeL0mI8yFXMeVzme3F5oyhAoICAQDb
-kP6pLI/R/F8dkChP0lZdE/tY42RgyVJBfNfV6jLmKw2AFevxkBafNs+eHIcB8uZH
-Xx0DQ982pa6V5chv6egiASq9w7uSahZUdFuWMHXMmpyp49PHCugW6zZhnCWL5O6e
-FbQf+ZifKFWeIN2gHGbr9sfXucxlX0vnVbBBGXkZlo/JKeKoYD9L3Qbr9SGRIYSQ
-gxReeyBDZqynQSqSe21zFCJT9TMYChSOMJafIsDE7+YG6n/4TT5e1E9kBR+G2Klk
-k5tVIeTpJdQnnes7PW0AK7aJrMIXyZuMWmjU1d0agy97LmZoPQ+eg9yJ5jSkzoYn
-1GqtQFw2MFZD8PmeGVBnp6fVUmeQt/ydEWEKUGKUHdVkRSuy2bZaJkJLyzjJL3Bj
-QRNEKy4JTNjFwlRnbrLo1wp8ug/xMIV/d6VBdAYaxg7PGVeaJdjQtGcJlUDPPCB0
-FPVldfdk5q5ODcP5CvbNjeAELHw5MeDvgLMhMfVg50wMYDwOoMbelsYowkVtM37y
-smvGHIQ0nEOrwbJRgtwIaiPjuwqMRbi4X5SwZCN5CJbTH80oehcgQkJd2NTLiOuW
-MzQrF4qeFcFM9rL6HnMiZGPSY7nbMJNsevpiUBOiHeLXbXGfqzubfTJc/A86nJ8r
-sIq3k80D/hRCoASIxFYLRdJGFTB84lLVV9jm0fJGfwKCAgAr8mW7UCxaKrLcUeGN
-ANDtXmemilpKEdSaCDEz5+OA0W0iHP1qth9Q0CJtPOymJOoI/pckVLHhn3KkfiUH
-n+vuyRRVjKNNxutUZCF15ak23xGir4H8ZKjl8Inr/fqfEArGGlz0n7st22TyXoGO
-Z8gQiT4r4CRjMwPcq4VDDga1cq44OlZMdBt/w30yAmKJlQOA0Vr5NYVlOooSvjJ0
-ZxnIAbE5x6AVqDJZv5I+DzbtAad7sfmpg/CZS1DGlF5CUkoLnYjMlSWWc4KiADjG
-VcgLboU4gNroRg3pLOHLJYDVU5iPu3VjiIPdIgWdWy24QAqXPh2aGkqQftsgsqnt
-y0GwE9TtTnEzp75IMcxjUdLWmQkM5zJsJZf6tfnPY4v4Pewi6FcFhOnullUm8NIn
-FjjDQVa8R8Ln1ihwkuS0KO4N8voSgigAgBQVg8sKdccetyBVVXDkZqIKq30LHJ6h
-KWuayX6s58/NbWhceqUanQJZoVTtkJ1A2SzlhCuz43kQOF57JboJMdV3yIF7snfg
-q0L0ZoCYHyy9Oj9jrHlmZ9BPBdQUAlv08Op6kYzRiRuCSrX455B3WDmTMnKaTzWm
-gBQlPUDXSDi8qLIhnnaN3G993SxymOuyptC4O8s+YtfxmDZrtGBjieTXqO2NjpNT
-YK1Zz9FjbEtPDgJeTFBaWfuLAQKCAgBPG0JlOUTn5wFt6U5c0++BwX1BXUwBAwe7
-yHsK+0IzYzeN+lfzxHIiEuFimeyaayVEeaQ+VOnLCo6IOy2oBKI5/imkDS07ZzV8
-YB/PUM5gVSQ0oXzfrbJI7528NUHh0S2Xj0JCcu7mCOYv/q9azGDYiyUdODfIHjl+
-s4S5L7BN480SMSEUgPjNIGkqAjuByo20c0WXdMz++7Mg332zIP0iBRMJJMKv2pHl
-WOQrmZ3SVoyN2VcZ4tqh1+RyqNXfA5ikP/orBfcveQ2i6GakBVGMSjOODswvPdfp
-DXnPlO4Aa1tkCiejTryd4+xFUseMyUvUddepbBLNA0VRXTTSHVS2w9TYKsRdg6xj
-+qr3yFZ7/vOvGKzR11a3zCj+nc1rzsezOvLyEIyZlTJUrdszGNMkyLVikrbDszOl
-5TmJB4BbjRgwzXSeeRxQtW6aKUgcYhFfQV3YnFPx6prKTHNa+vRIwuD/H/fxs2LT
-Z48iWpmJvEvN+a4ppwt/jtr+PGA/I9qNHnNuAUAwpExNSZAxhfA4p+UeW3lFaKlQ
-5D7x/mI5bTrJ/h8wgixq1vSKU2D3o/EdQH1/ORAcPMJUNF3vd6ELtxev6XZA3pN+
-9h/X4/nu4s2jyC6z1EG5l7XZgocKGvvOBeE0mu+2jIhIKNb5X6OQlCtaTLAXjoNB
-klD3eJTNiQKCAgBK7hoDqYRUQP29WKGaJSk91TsPO3zEErB8Z0R9KiX31TC4Ln9U
-eh4dYvQvyQi0agtP5/+eQBiOALqRRwbzoA0fI2s7z4KTTGlDwnFZxIiY2ylYgBFV
-KPb/lK2UurnwxJQ9j4GLsVOBhD3KXZDEY8Jl+Gr82+azDeMlUSrqXzj4txk/RkZh
-BNZXlBQHx5ouWUp/f8dB2jqVnsn6r6EqKwiLfFEd6z9IAlWQtENBwGq5kRG0BZ/6
-f00dCh5U1VE+Kx8eKlyXVqscYndLZG3bJbQBYwXKGh4fku8zEiBw+yEE6/LZIIWQ
-KYrfIGu3r74pQEG/ZYdxdCasjidrdgZRrbjeo1A6R4uywI7L8bOzLBzu8HWIwGU3
-DTDcBRR9EU/wkKsXUhi0RkDRGfamDfz4DIxGOdHNe6UXSW8MKciOxI4gmO44VkgN
-wxadNnt27+puetDXQZdxRXZgBN/LZeu9AzFwclI3WtjiHCeS0Lp+GjpYB8wS2rOk
-3zqQnIx0He0rVuVEMAOdvMrtFw2fuU1EomrUuFHjOkq2ulZ4wC/MvXgEo2c6puKb
-YameI61Q3PdY9IwWoy1QOt47cjxT8MyZYnWHuOUbeHUFwOqfAyFMRvF1+G0l2gm0
-eWbX7BKTYYLG5NSca3N40zspX4fXjzi7wekoRmFWrEe1jU3KzboL6iRLeg==
+MIISKQIBAAKCBAEA2Rihn/0GLzcyfo9OdvGjgmAlEJdx9p5+BJyMjEqTjQqGoGjM
+QE4sHDPjYYBYnStXPb6QX1kYCkCoJGaVqef90MSg5hB9Ivb1dSv52v2HcYBO3NT7
+3F9r/QGfKRkAByXowVUxjLholRjnCI5p5pqcMB426iP5FVgJkC+/bchiUiuNTRDJ
+LHzKR0iz4hDvlbr6KcA8pvzRjyWPtOkCtuJwmijb0ktcLMdExEF8GE04B/ohVJYp
+xpvKr0eZgU7CE93t0sHqBkuuHQUQGsCO7QgwZ/xGWBoMkCql1rrcNTjGsf7zJlxH
+8YDFrQDH3YAzThv0C2d7jHPVwjKsRwOP8Qz4T1g9ZPJqDR1EwkOkLoE1qMNZCJtJ
+zLkPZQDXAvQyMclh6dJ79eTSAQyOwsr3Uijysf0t82ghoBKpna035w79S4/69kIT
+o2gZMsVYofygymdB+ToBGADfa7L4wOZbyNYza9ML0k4Gzehli25LrpW4L0JKq0b9
+L/idsrs7/Xg6iLRhplBzO0MT0Q/ic0rBNYqJ1OKhRcBUlwXUUjOW3EexQKVTIgjq
+zeEd4h5HFk31QEH6UE1CS2NnHedGZ4wN83u4FZimVfjTpzmNI8fhmUMd6lMQd10M
+fLLSaFDApr+GETaFmNnrcBiFzQPJqImnQ+yovKTQWAF3cd281tPyHKOC2orOKcKx
+vrg1EQ8IPMtzEL19BSg7F7nxWd8jwe2fKVYvcJM0USKKOi0PFukgUbFdkkdL4aye
++xJ3TvqsYFUK/YZf1b0QnTNmC/+2r591NXzxjgKMh7G7NPETqrkMopQX8EpXKf76
+MFZqahaiH9HMNspywk+wT+tXuHkVUxpfYp+F1xgRonSSD/dE/Ma5avJXh7zfHti8
+E94zFJYQdb/J0dZz48jprvMAIiFPdicmo+s6teKOvcbW0wbYv20dVXzvE5+1Wzl+
+7Y7595cG/lPXbGPh+AmARsaRLwCK6JjZzQQYfZ1uCvMEBHu5uOUCd0w5JbHEPzvh
+fsosXDSf/NyTsEwT+Eej6TpkLs4jVwLLBWBojVtkI86TIuIdPMqFrqdzoqMHQFCc
+5tlq0NNxZWD+5LxbI32BGC/4ZrwxEnny17gZgeVXqRtK6gR8i6NYvtUMWLy3dv5T
+hSpvh5o+4J1ycRiN7WDyv2AV1R6DnRgvUyTlGjPbQrQopvPnIDKm0NoYHyV3e/rN
+u8LDqqdkDeDsBegUc1tjcdNT6vhRJIjGicYhAk8xVrTG1804ifGLHkfPlS2EV5nb
+kovMs4eR9NOvbvV3By8KbX8TGR1S1Ka0jkgpCh80mT3HbftAtM4Zk0FTCD/VkBhr
+tPV3id2aj45M9cQhFS6EDCZvUwmOYdq930js0wIDAQABAoIEAQC5aHroq2yzuF1s
+jzGBDgAKIdil4eGXsWaIw7aZPjvj0eCGcNo39UtgzsPcCoQjvtckSXL9q5aHcw7m
+/6HEWPiBatzLf7uPuACMEIG0EKCzQ9SWb2OmouwUSWVH8Sz/7dVqADtwJjJTW9A8
+k3xIUTUhNzzJHO3m16hbNxwzQ1cNPFrSPYrCbtVGqgXPBY3If8aVD7P9HaBPs9GW
+vQXvcVafolOSt3/CUnEdd5vnGVPIJEyA9Do7f+RLbEfikoPX+craG3il5c6OxDsr
+zdaDA2Jr/J2LMrwWCAZYbIATCClR7R52XYun6sVoamlHd+zZQbBcaQWwP2GJGEPf
+5l/xi5UqFn9gjlQaXSvTCXfXq8xLFIMegZk2ubo3Fc+Lm0ifEpGH45awu7rK4JGw
+NS2iQox7jHHJFt7Y2fd4TW6X7EpRVWcNGAOzo/0ZSkfXGG2uTx+eHXa/rEcjsNcX
+z+UFkkKaTMUk2DSheF/5A7qpIP8LhX9F5jvn01nDQnsKj7rV89AN/VlcfH4ZJ4rL
+0kVOV8I9SUxYyNi1nmnlxl+KQ8RTJJ7qS1lVeXRPIHKvzuas+WwxVrpOrldrx5Bu
+cMOddcUS1KsCc583i0RKEbRPc23CKSy/9HzspsBiDM1r29hBLSJOF5cmxhrHq/t2
+8BElRqIZclzpPF9ppOlZQ+vbn53qy9twP55kpXmE1ablwyz1VnNaWwyMS1zFc/vq
+Wpn/CTCzZmqo5pETxpc2aEVPIsSmjakYL2+xqoMxFso9uBFmxe92VjvzlbJtiq8I
+I2COqm3Rj3+b8Y5U47e4mQXmcyRc/XSCANM9bo1/l/9YuOwvkGfEm/L5eSLAQxrZ
+4LY9lJZa2GWpaulPqwUKVsE1MiUj6NNjU3eXlMyMfz9agL7AW2rsgX3yYHYpzL0V
+dS+zg6UHmk1WL6I/b2DzKVUV809I5FjPFEEHoQFDUGYedunEHFsCiFYWVTKbPXyB
+6RK62mEd+a9xTwI1MPXyMFK1460+58F4LTv+VbnNfZDF1PjWSYK444j4YrIT616w
+gULc+ktrplbDs2Cz8ILJKhFHDIf4qXr8wRmM0lHNcAzQNvAUE7jJgpUxYtvN14gd
+4DD5auFzkbmdbapVIJ7Q3bEXKpPRbofcurmSS9CMRr+S0q64iJ1jvAXqrM+YIpT6
+Hs3h9R5wKEkGAJ9bXaan/jhNcla4Q70j6286iMJ2TEQzdGG3BgeQGm3P6xkXhMvQ
+BQrII8jNk4ngHDvb10A8hgxhox02paj9EwCUB/SQ/HRtuT9U1cOimsGqT9gj2zHZ
+pqSK5WKT4qErnCbaJg2uHn0e9MhrZlldad7xFLhPl1xy50qHpgCL4Xi8r5yr4zhh
+fg1R3c/BAoICAQD9MYjbfx4xqoiMKLEkoeTyEBN5s0d63ihomlqBTcHeC6BI2VLf
+Rb8Uw/aE0Vd4rRj9VF6fp4tIwklEesO9Rhp+FbyTtHyjDikOOpBKhG+uhkqoac2M
+1VUuzthkQzk2Hy+kaGwcKFRbqSH7HAldv1Gu8MMgaiDeio1hfgPoi5Ud988CiQcz
+pLRbSjguLdzjZEw3zmrTwxMg3Vp1AKjAHsXYFNWLUTVFCyqxI/sXhgoQkN8RCfPz
+8tHD6qKP9LcmDhdnpEG1KJxCvfJo26+Yh92zUZMuk1cvhGoV0zH8fcQ+7ac0L+qn
+M8sGIOSpbgSkoa8YNjywiOXJSIDbGTLzJo+jcXlCU6XRSFm24fzoGR2vyTUWZ0wD
+rvWrP546PD7insG6i/ulA8ax32vKq01rA/uErHkjXx3NNj0fAzuNRzdZ+p65Llmi
+R5veDXbax8zBmjymJu0ohz11Q4CcCMEnJ0aqc5GldE9zBxCqXjbulO+3s6HQoW6V
+pOaPC1NAZdFWvmdT+nGc/diQmjRzJ6z8LAvfJuS95h7q/SXHT7aU87hg7wfpRJNH
+w4k59N63fBq7Z6ty1C34IN0wbRDzIsPuiw+gub8VbA11e26BhVBepP4z+hOHDYVD
+HDU9RFaW79TmI071t+GsQe/SwpGa7U1DNq/HnIkidLv0/2/AhhEJpqgzoQKCAgEA
+24CqpriNPOfKCUwUxM9F+0EMzVLnBpc57u7ZG5vsy3BXeXXIsoqJ35vE/C9c0Vhp
+ZbgNtDzfgvvTw0BeqXVcSxL8VpKCMxXIJbdRZrx4/tNjV/ppYMUlo+Z/xMhiBvgb
+G42v4LcFUIKzD1JN/csliwxrcfSjD1cDKmBJ57l8TYCWB3K94MdZRDA8jluwpnRc
+HakVemJYfzeWASSnnUzNmxTeTwyTxd1HcUqCf56pkVCJT7vJcaWFzXRjVGV31A/U
+abV/265MauMUtdngfHEw01I4bHa2SOgJSJ/dxWlsvLtp7pgCwLJlr6HVc1uDxCBQ
+vGHYHdSOFVp65InFNpNgRd6ZWm06LzBJnDHFJa9+EJ/haUZnnm0Ng9w6h+qi3ALF
+ai+gmpKgDfK33rV8SxvX04cIZaBoqIkk6FAI5KUGtfCPLUuugmOm3Tq7GBa/pXvR
+OUcEdLsF4yBzWzzgUQlgzBahMfBQHUzy3zFjYJ5u/QNhOqh4+RKFt5fbjVoO0vTy
+BHXrn1YfKNPs2Bnz5f4c/3gUSHCefgCSJ/d1h4uWFhfSv43BaQPLe9PgAyJCKP6E
+eKiFATgmgVcmAoh4er3UY/g3b/n3yAji9v5/aXdkfNpX/dCYmnbhkkO2IjYn7Sy8
+o1yddJXqxn/rcOJnGpLctoMR0rgTaM5/zQXZ5DpoC/MCggIAO1tVfj+60GHuSQ1x
+GelqRuVF643//+n9ByjIdu/Ht0p6dRmduAId3bxjGpgJLZ1G8nzJAhzBJnmFu6wc
+H09D/rMR1n7FiWRUc6V/FjkeBYguEHVdXtrUcXjEehzYWLvO63gfgCpkPGjWMoxM
+FdI4UA7Zb8vxkLpikqx8NhQjDTd/LFT7fzvpnE02Bn1x/00QITUfDi35WgcKoctZ
+xFByiUm5FkQffOQ1Sfnpb4ZY7bFI2jG/Iz2Vt5xWJ/FyzlUXX5C+Zr3yhCMLpVF7
+RQL1EojZPF4GXnlodV1hppPFYgtM24swM6qMug8UDDRimkXdSovMhoZReHKq4rJx
+o1cy7Vo41zfM89dGUP2B0Neygfdlnq7wvxxRM6hia7yb8XzOZfFTOUg9WI3MM2Md
+by0r1dqpO4Wc8vL4OUEEwQYlD88VTsxy7vxiqhf1+SxF8E08Uqdlic7Ktabxi6Lx
+xUAL7QHS7zrpNUo+ufIEZsI7wJE4KjTuO97AvmAlUD+OaAuTJbjc0bUhBCVijmyK
+vUOGNPZlQa+lJ+nY5XTmlNzeKLtg22rcLELG9PNXEyThD3YqV20uqbDqqeOnyZgo
+3s9zBncFOPxv207ohSy/vrBnd7/0vACLcUQ3pvlSY2guPRWh+TD2ku+STZKXl/5x
+0oQLiXxFGfLL7Y/EnxnO/Lg5ToECggIAZWjubpQ4/HiCCQWTWtIAHPKSvZGdlpfr
+dg33VCAXqG3AnCbkkEgdJqfKvFANa9KS7yG3gxvUj6lUzpJAqb3E5BJjboPFj2By
+1an5+6L7q49yCEVyxfiPSUfGo92IHHwn2fT92q3z0JxxqZR239gpAjK8uSsy4nVq
+yvstaddyLERKDCrguqafATff4k1OMbj0jed+OsqQ5EWEEgcjQTMokotzocXHx9RR
+m2+3FsrwwGga6DF0AgNc6+znrygp0ll141itN4sxVviOqu18H0IUMq17z/CQiuJY
+16q0RO5OBGv5pven3esNu7Ti7qbLG6NqaX4y4KVA93CT8l4MNQilo+IRq4tnJEIE
+4BrGYIDRl1CmTYLvgGwVoGPwzraCg27sUgCrDH7NX2RRupzSTckRT3LFWF5hu+uQ
+l5vSYAA2N3xqSZz7hNYRU4g8xAZOiF/J69J5pox5TdPCN9bKM+ZHSEL0OiQyfzb7
+xk4FAbBwyofzNax8J2Z9TLLmBkojKydrYNAyCa06PBydAcILwqhCMW0Cwez17HTL
+EZfsPrEoqBBdl44gWyobqpvalNgRBOuBvFTvDf8pGvxuXSE7uElXhNA6nIs6BLrG
+USKHLuywCla97E+hEUv3LyIFVYz7qUHP7RFu1Vwl2Ytj9QVEaSyMt+2aIGZW4Ub2
+GHypjB3H0C0CggIBAI7/LJMEBnU7U/KSpgzNsv9hrwfjbONqC8bAUkdxRdWxTXNB
+baZeUgz7nFVrT7LSiL+9NKIlNzbXNMPCBoGkYML9Gm/KIzFa2xqV466ceRuK90jW
+MkU1w4WFnWZfzhWc/U621eLTMg/mzUKjMcgEvLv5KM1PWzRp/Fs1xeTrsYt6WCUj
+TPANfXUvvnz4YluYODhlKEr8BhR91S//i0QtaGqlV0GnemkoXcJN2QF3fvDAh8hI
+vPsItXOusQKxSeJUJkgJGnAOx2Br72r12NSjd7+sOsrnwyqsq3kHah7ZhH2cSFaZ
+FrbTDASGoXrO3+EGfTHnOWneu2mKVMcSq0amellnxo7kRkFkUI0Rdi4qzPqV4a9j
+mdwIM/iOQrYsC3lMePTfUQFJwqB8lNKoRDqjilxU69bMzqCU5iFZncyASiACv+T7
+f3yHXbLQrEXuO2Xowj6ppnohI2vdqI+UDodIh/2E2weunnRJfhtJZTjN4HOH/HxX
+ANK1J3CCJSoIx4nCcY4JFchXTgr2hgcuju9C+mK+CTIGNy8BtDxAC6AuW//YD+Pj
+hO/j6sXVhU4qootkxGeswWGfsylk8zrOW9qkt2/ZFgQ0ClooyeVNGvTk5wNcLTX0
+LflBnWCq5gO2d8sOehskNSR8u3rEX32pA6ZX5hDJ1mKE3xVbTCw0sPsLd6y/
-----END RSA PRIVATE KEY-----
### req command\r
\r
+oid_section = new_oids\r
+\r
+[ new_oids ]\r
+limitedProxyOid = 1.3.6.1.4.1.3536.1.1.1.9\r
+\r
[ req ]\r
default_bits = 1024\r
distinguished_name = req_distinguished_name\r
basicConstraints = CA:true\r
subjectKeyIdentifier = hash\r
authorityKeyIdentifier = keyid:always,issuer:always\r
-keyUsage = cRLSign, keyCertSign\r
-\r
-#[ serial_cert_req ]\r
-#serialNumber = 12341324\r
+keyUsage = critical, cRLSign, keyCertSign\r
\r
-#[ email_cert_req ]\r
-#emailAddress = test@home.org\r
-\r
-#[ uid_cert_req ]\r
-#userId = testuserid\r
+[ ca_cert_req_nokeyusage ]\r
+basicConstraints = CA:true\r
+subjectKeyIdentifier = hash\r
+authorityKeyIdentifier = keyid:always,issuer:always\r
+keyUsage = critical, cRLSign\r
\r
[ proxy_cert_req ]\r
\r
default_ca = CA_default\r
\r
[CA_default]\r
-dir = $ENV::CASROOT/$ENV::CATYPE-ca\r
+dir = $ENV::CASROOT/big-ca\r
database = $dir/index.txt\r
serial = $dir/serial.txt\r
default_md = sha1\r
\r
-certificate = $dir/$ENV::CATYPE.cert\r
-private_key = $dir/$ENV::CATYPE.priv\r
+certificate = $dir/big.cert\r
+private_key = $dir/big.priv\r
\r
policy = policy_any\r
\r
[ proxy_none ]\r
keyUsage = critical,digitalSignature,keyEncipherment\r
\r
+[ proxy_invalid_usage ]\r
+keyUsage = critical,keyEncipherment\r
+\r
+[ proxy_rfc_pathLen1 ]\r
+proxyCertInfo=critical,language:id-ppl-inheritAll,pathlen:1\r
+\r
+[ proxy_rfc ]\r
+proxyCertInfo=critical,language:id-ppl-inheritAll\r
+\r
+[ proxy_rfc_anypolicy ]\r
+proxyCertInfo=critical,language:id-ppl-anyLanguage,policy:text:AB\r
+\r
+[ proxy_rfc_independent ]\r
+proxyCertInfo=critical,language:id-ppl-independent,pathlen:1\r
+\r
+[ proxy_rfc_limited ]\r
+proxyCertInfo=critical,language:limitedProxyOid\r
-----BEGIN CERTIFICATE-----
-MIIDCDCCAnGgAwIBAgIJAJO9tXDLWAPpMA0GCSqGSIb3DQEBBQUAMF0xCzAJBgNV
+MIIDCzCCAnSgAwIBAgIJAOT06wOW29j4MA0GCSqGSIb3DQEBBQUAMF0xCzAJBgNV
BAYTAlVHMQ8wDQYDVQQHEwZUcm9waWMxDzANBgNVBAoTBlV0b3BpYTETMBEGA1UE
-CxMKUmVsYXhhdGlvbjEXMBUGA1UEAxMOdGhlIGV4cGlyZWQgQ0EwHhcNMDkxMTE4
-MjAwOTU3WhcNMDkxMTE3MjAwOTU3WjBdMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMG
+CxMKUmVsYXhhdGlvbjEXMBUGA1UEAxMOdGhlIGV4cGlyZWQgQ0EwHhcNMDkxMjA5
+MTYyNzA5WhcNMDkxMjA4MTYyNzA5WjBdMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMG
VHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRpb24xFzAV
BgNVBAMTDnRoZSBleHBpcmVkIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
-gQC1CZ0a6cakhd8Ql58VXnzy23ToUOp77bRTmR1M1iwiy8+h4faW+B2Gm4oGJrhD
-oYp7cEVpnrlQuWQdYs+sT01GZmdzCfQ4fznc0VTMsGtpavWVOo5cZYUVfz48zu0B
-bgB7W08EL88uGMBubaFDLB5Rb/yHkP+5fmis+ugKpdiffQIDAQABo4HPMIHMMAwG
-A1UdEwQFMAMBAf8wHQYDVR0OBBYEFBTlEzymeVaSezNLUZA1dHU0E8wcMIGPBgNV
-HSMEgYcwgYSAFBTlEzymeVaSezNLUZA1dHU0E8wcoWGkXzBdMQswCQYDVQQGEwJV
+gQC9AK5saP9/piHGc0T7yTCh3pf59wKFZ8AWVUciYgGmfk+PtUh3lWabYhK7cB+j
+6es3o236GLMfesl/WQAwsXHuR/aCr/NAESYdF7zthGHpxB47wHmG9XihklryOqjf
+ixCFV4SQ8RM/SJa6lHCdQvWR/u3XSegiyUlFxSkz5J/vWQIDAQABo4HSMIHPMAwG
+A1UdEwQFMAMBAf8wHQYDVR0OBBYEFAbNZ7iK5Ae28C18F4T8XKlvXHSAMIGPBgNV
+HSMEgYcwgYSAFAbNZ7iK5Ae28C18F4T8XKlvXHSAoWGkXzBdMQswCQYDVQQGEwJV
RzEPMA0GA1UEBxMGVHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJl
-bGF4YXRpb24xFzAVBgNVBAMTDnRoZSBleHBpcmVkIENBggkAk721cMtYA+kwCwYD
-VR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4GBABnlqhW3QU6WZcLsBMHjRn23ruQ8
-8CKYxN/LAl+7QraMQ1bE8rlqQLzKdnaFHq6R3P6adhnLgnyaAhYt3GozRBwsSJ1d
-K0EAmbl0Lk2rdRC+53lHOC++byK1pSZM4KkwVZt33z9WkR4gpb6wyQb527g7vSZK
-BLXE+M5wgxtjUXV2
+bGF4YXRpb24xFzAVBgNVBAMTDnRoZSBleHBpcmVkIENBggkA5PTrA5bb2PgwDgYD
+VR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4GBAD3osvnJVrhT4YYWC+k5iMBP
+91KDTwsO1wIKhM9cFsQRBI8YGjhcRk5ppTXlAoXkbRIoE96nYrSAYmaizn18D1tN
+xn0AQ21tUTwxZzKi+scDHoyeC0DFEHJJpDqRwhctazp+gS8bjnKmLHwCyDBoeRb6
+t4+7FZ7HIwpPNQDEqBtu
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQC1CZ0a6cakhd8Ql58VXnzy23ToUOp77bRTmR1M1iwiy8+h4faW
-+B2Gm4oGJrhDoYp7cEVpnrlQuWQdYs+sT01GZmdzCfQ4fznc0VTMsGtpavWVOo5c
-ZYUVfz48zu0BbgB7W08EL88uGMBubaFDLB5Rb/yHkP+5fmis+ugKpdiffQIDAQAB
-AoGAbYlMkm0iMIeDaQGkUoSiKzsXaD0VMzim4/H/pW7ss30HuxYCYmPrUXeosoIY
-+WqzZG6QwRA1Zh9V8OXJa6NryAkFjwIzrBpNKRXNFBnOGtJIRzmQtr97WeNTDv2o
-bPFDcdRMLhd3/VPC/8SEziy6TrOmmYM7HDBnpys3QfuZlU0CQQDhIWAJqHEUnTo+
-NRPQQW4b/ECh8rkbSBvQlInrft4zRmScvwv4CpO0Iump0fuXEb7BEFCIKh8F4hsW
-39i+peE3AkEAzdx5H7GRoAvohPIKRGsApSXn6Qfj3+aSfDCvdKR5VCXt6xOUR/jX
-B4l2fMBNvOEqnoQcX07+MynRtzYvrT0u6wJBAKOhcH5UkaxcAwNH7NjHVdK9a/TJ
-yMUNijn2XLBwC+zU0zgim/5zIZwibBdkaisJWM5Wn1H424eZKftcQ9t+Ec0CQCtA
-6co4+woPtnlIidO6T9ZjUojp+X0v6xNg/1yYuk1t8sFzybIdnMCep2Cq3yqSfOv1
-giicZljFrqS6I+ZYdqUCQHpcJQdZO4iRcmtJEA5zqVOjtx/l6+BBnd95ZuZ38Ph8
-mWzzAMCUZ2Fw8ZYsJIi3MmnKqEagzH6AnpgW0z/3ntk=
+MIICWwIBAAKBgQC9AK5saP9/piHGc0T7yTCh3pf59wKFZ8AWVUciYgGmfk+PtUh3
+lWabYhK7cB+j6es3o236GLMfesl/WQAwsXHuR/aCr/NAESYdF7zthGHpxB47wHmG
+9XihklryOqjfixCFV4SQ8RM/SJa6lHCdQvWR/u3XSegiyUlFxSkz5J/vWQIDAQAB
+AoGAZlgYG1w//j9Xyr5gfHdVflGquhCnrNWhjnZfLp8jhaSgMJFZzGd6SGmy+wyc
+FYZ1eItm4ia92C4FLpBjKfrsVcu28cCAHgBeAQ6BmLk9oRGJMxwjs5QXz8YmVaGl
+Rac6R/7oiBSWxL8SabFAq5i/OgVxRoDGLpTj3ymQHgKMggECQQD1jvRBjeMFXBBy
+q7HD8L6VuufSZo87nfVZy2DTFZJJq2q4UyD0Ms89obkWmJmT5T86LPMAfNe7vsVQ
+3nK1TWjdAkEAxQoVw61lWk2d+5zWroGZaaOyxCC0YVxgSi0HxGjGWwS8BvOFtRge
+Kxt+HjOuFxgJVAXTiUUYEreZ+v3Uq+Y6rQJAdpiIV3DTiC8isn9B58RKB76xX+iw
+nLZ5XNjg9pGgiXwEmulrLQWtGbMV1Vf2NHuvwcUbx8yD1OUaHyiQdgfg8QJAaj98
+6u32KBKQbNvum1zA58jgnYdxHMreFUFg3dUNmIjeBvWLlNIzelUx1YFSj5tjdE5L
++corJ/Se8EutQSA9ZQJAQnOKQsZ2wHJPUM52gyq+YETtAB1qsexeuhSJWs1v2dOk
+tWuapfHTQ9AzrUZTGJ3W3h+uXcR4DXMy1I/urG/l3A==
-----END RSA PRIVATE KEY-----
### req command\r
\r
+oid_section = new_oids\r
+\r
+[ new_oids ]\r
+limitedProxyOid = 1.3.6.1.4.1.3536.1.1.1.9\r
+\r
[ req ]\r
default_bits = 1024\r
distinguished_name = req_distinguished_name\r
basicConstraints = CA:true\r
subjectKeyIdentifier = hash\r
authorityKeyIdentifier = keyid:always,issuer:always\r
-keyUsage = cRLSign, keyCertSign\r
-\r
-#[ serial_cert_req ]\r
-#serialNumber = 12341324\r
+keyUsage = critical, cRLSign, keyCertSign\r
\r
-#[ email_cert_req ]\r
-#emailAddress = test@home.org\r
-\r
-#[ uid_cert_req ]\r
-#userId = testuserid\r
+[ ca_cert_req_nokeyusage ]\r
+basicConstraints = CA:true\r
+subjectKeyIdentifier = hash\r
+authorityKeyIdentifier = keyid:always,issuer:always\r
+keyUsage = critical, cRLSign\r
\r
[ proxy_cert_req ]\r
\r
default_ca = CA_default\r
\r
[CA_default]\r
-dir = $ENV::CASROOT/$ENV::CATYPE-ca\r
+dir = $ENV::CASROOT/expired-ca\r
database = $dir/index.txt\r
serial = $dir/serial.txt\r
default_md = sha1\r
\r
-certificate = $dir/$ENV::CATYPE.cert\r
-private_key = $dir/$ENV::CATYPE.priv\r
+certificate = $dir/expired.cert\r
+private_key = $dir/expired.priv\r
\r
policy = policy_any\r
\r
[ proxy_none ]\r
keyUsage = critical,digitalSignature,keyEncipherment\r
\r
+[ proxy_invalid_usage ]\r
+keyUsage = critical,keyEncipherment\r
+\r
+[ proxy_rfc_pathLen1 ]\r
+proxyCertInfo=critical,language:id-ppl-inheritAll,pathlen:1\r
+\r
+[ proxy_rfc ]\r
+proxyCertInfo=critical,language:id-ppl-inheritAll\r
+\r
+[ proxy_rfc_anypolicy ]\r
+proxyCertInfo=critical,language:id-ppl-anyLanguage,policy:text:AB\r
+\r
+[ proxy_rfc_independent ]\r
+proxyCertInfo=critical,language:id-ppl-independent,pathlen:1\r
+\r
+[ proxy_rfc_limited ]\r
+proxyCertInfo=critical,language:limitedProxyOid\r
-----BEGIN CERTIFICATE-----
-MIIC/zCCAmigAwIBAgIJAJOODvhASivmMA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNV
+MIIDAjCCAmugAwIBAgIJAO0FFDQThQMjMA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNV
BAYTAlVHMQ8wDQYDVQQHEwZUcm9waWMxDzANBgNVBAoTBlV0b3BpYTETMBEGA1UE
-CxMKUmVsYXhhdGlvbjEUMBIGA1UEAxMLdGhlIGZha2UgQ0EwHhcNMDkxMTE4MjAw
-OTMwWhcNMzcwNDA1MjAwOTMwWjBaMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMGVHJv
+CxMKUmVsYXhhdGlvbjEUMBIGA1UEAxMLdGhlIGZha2UgQ0EwHhcNMDkxMjA5MTYy
+NjEwWhcNMzcwNDI2MTYyNjEwWjBaMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMGVHJv
cGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRpb24xFDASBgNV
-BAMTC3RoZSBmYWtlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzJg2Y
-4PEy7IHjJtnAUoHsJTFiwH3upubJ21J1xIwbuwCCvUrBpj/OzEzaPdxU6fzjPXD2
-wVDzE2vqLF6hvxyzUlLKXmuB10lOfly8vkMHO7T/P1pO4vrZIpzo3pGFgx3fw4E4
-ZCdlsbjV/yHjVpO6+pnWdpka+S7rOIKMJfjfMwIDAQABo4HMMIHJMAwGA1UdEwQF
-MAMBAf8wHQYDVR0OBBYEFGASma3GAhhYIPGOPve5MAxg7ce2MIGMBgNVHSMEgYQw
-gYGAFGASma3GAhhYIPGOPve5MAxg7ce2oV6kXDBaMQswCQYDVQQGEwJVRzEPMA0G
+BAMTC3RoZSBmYWtlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDcesdY
+OZsBJPCJvQicfeyNM4uZT30FhKTO47/SrQiotN9nE36oUVzqQ096RBGrxxGDEYae
+xqa8p3gHp9urqAteHb6MhimkASns68UwS9VwBjqkKTz9TV91MgPAgUcYkxuIOff+
+sYUYXDUQSExTWuzb4xlG5+wfrqryYEQkORWD+QIDAQABo4HPMIHMMAwGA1UdEwQF
+MAMBAf8wHQYDVR0OBBYEFN07u5oRDwxZe3RIxhCNSOD9rXhuMIGMBgNVHSMEgYQw
+gYGAFN07u5oRDwxZe3RIxhCNSOD9rXhuoV6kXDBaMQswCQYDVQQGEwJVRzEPMA0G
A1UEBxMGVHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRp
-b24xFDASBgNVBAMTC3RoZSBmYWtlIENBggkAk44O+EBKK+YwCwYDVR0PBAQDAgEG
-MA0GCSqGSIb3DQEBBQUAA4GBABt1ebIzQl2S2vu8nuGgssYpBHdUyTCiZNg6RFBx
-GRmxPvd7/F6Ag60/xbz3rKtpQqeDoZg/FtpBHlAbIuOc3+kGDl3UatNV1VVozC6q
-gocDvafELWoH0Xqmiv/WRoi7vzqsB7k387QkKCnYeahmQPS75pwE99A0HwhhaM/A
-T9ia
+b24xFDASBgNVBAMTC3RoZSBmYWtlIENBggkA7QUUNBOFAyMwDgYDVR0PAQH/BAQD
+AgEGMA0GCSqGSIb3DQEBBQUAA4GBAG26hxwZ/ov3Qz9q2Cc24SNxgSu8WkjFNJBD
+yEcZx0JTRMkHCCuEqYhgOjcMCD5imXydDCCFYG5XWJcdJImZqYSRdyd8KZyXE6xi
+gTYZhLuOmNIzekwMee9QhOeYuXbghpDp85ID4gbdVfVh7K6M+/Ro+5qrDQyz58Vi
+WiUn4Ezn
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQCzJg2Y4PEy7IHjJtnAUoHsJTFiwH3upubJ21J1xIwbuwCCvUrB
-pj/OzEzaPdxU6fzjPXD2wVDzE2vqLF6hvxyzUlLKXmuB10lOfly8vkMHO7T/P1pO
-4vrZIpzo3pGFgx3fw4E4ZCdlsbjV/yHjVpO6+pnWdpka+S7rOIKMJfjfMwIDAQAB
-AoGAEw7tS2JCxqQafUvYxnkAkVqzkkngG89tpfPLJfQu45RVTZNNrKQ/DYT2eBE0
-q2PpH1Od/OI79mAOju8BcjueldeO7bWM7ujW3o8zt/k/enq+Y/qcP6tWx8ulm4Ij
-ALno9t5Zcp8B1Zq2LV/mqRvC25BbFsX7K6nLKVnnUkobfiECQQDYOaR6Ml5jrnXZ
-a/EgAbx0wYnpOFO1ZU1i/wk2ffK6P8vWpuvL5Ad5QF1dBxWo/mtifTzNimuk6BYG
-rwJPsU+nAkEA1BpsX3/qGx8ze5XpQEa8hbUVidLhMldNrcskQXd9KSd8YJPDsTcC
-HG0DDu+7hhNaWEV2hLVTWeapiMAk4fbFlQJAL6ekpHnta7LLrnunzRIU4va02n3b
-lSMahzMGaMghcwMUfd6UIX/EVejlqtcg4voP2MkZWYOkbdfo4tg3fjDqCQJBAKV2
-r5CYw1LBNnJ08m/YPv231MOeJVwWS10HGpOP2a4fRaI54/H9zcHLMRWX45ymwFYY
-amsA4bNChINQEfXNgzkCQE0lhV6MD0R9geM32+pCQlImfVIhsLYQJs+D2lsjlvSW
-S4nS6t2M8CFVJlOvOpdZL3x7eHuan2dhHHP1sz3jCx4=
+MIICXQIBAAKBgQDcesdYOZsBJPCJvQicfeyNM4uZT30FhKTO47/SrQiotN9nE36o
+UVzqQ096RBGrxxGDEYaexqa8p3gHp9urqAteHb6MhimkASns68UwS9VwBjqkKTz9
+TV91MgPAgUcYkxuIOff+sYUYXDUQSExTWuzb4xlG5+wfrqryYEQkORWD+QIDAQAB
+AoGBAJesy0hxUKYH4IYRCkSGCF7XD/knCs3qA2rkmMj5CpTs4SdK7P4kAvSR27Iz
+86glqXFudBr0dC4iU1uI6YD8eNw+VqiYJDSICk01DV/lHfuvu8k8nEgTgZekjgfC
+ax+xiQbvtGko4v4Fz0Wutz6foWzevJeHd21JDhvw73a2EnkBAkEA8QDOTRt1KrsB
+erC8scTuMrWu4bKSjqOSHtihzE3ZKcQrIMSp9Xmt+tmskhLhOFKkAkyUZ3I5lExi
+yJKhw+3FGQJBAOozCBXnLQN3vf3fUMwsyorb4S6jlZlvmxBGQQ01D5Msg3kV75fp
+4AnlAiNpA/w01mZxpAcjxhwH5SafMCwdseECQQCVf9h5wISoIyVBxIzpAa55SnbX
+jvyW+yTTebK0l74UyJmwVA7SNc8VAx6n5opLdAhFXNfaa+MH+XJ11W//qGlRAkBb
+/Xt5jvpBWHFKHMNRz24nKMLEXQDP6eSQeefnViYt+tgRYapgkz6q5Eb4vbERCXgF
+eTGilEymiftaNkDnsypBAkBdych3aA7N186aNQ+KPN+nfnWcMyYh9yQm3VzKsT1R
+7Nh4rf3yB/Y4AI4E/qfeMr0vbWYoqft+hmE0rPNCskO+
-----END RSA PRIVATE KEY-----
### req command\r
\r
+oid_section = new_oids\r
+\r
+[ new_oids ]\r
+limitedProxyOid = 1.3.6.1.4.1.3536.1.1.1.9\r
+\r
[ req ]\r
default_bits = 1024\r
distinguished_name = req_distinguished_name\r
basicConstraints = CA:true\r
subjectKeyIdentifier = hash\r
authorityKeyIdentifier = keyid:always,issuer:always\r
-keyUsage = cRLSign, keyCertSign\r
-\r
-#[ serial_cert_req ]\r
-#serialNumber = 12341324\r
+keyUsage = critical, cRLSign, keyCertSign\r
\r
-#[ email_cert_req ]\r
-#emailAddress = test@home.org\r
-\r
-#[ uid_cert_req ]\r
-#userId = testuserid\r
+[ ca_cert_req_nokeyusage ]\r
+basicConstraints = CA:true\r
+subjectKeyIdentifier = hash\r
+authorityKeyIdentifier = keyid:always,issuer:always\r
+keyUsage = critical, cRLSign\r
\r
[ proxy_cert_req ]\r
\r
default_ca = CA_default\r
\r
[CA_default]\r
-dir = $ENV::CASROOT/$ENV::CATYPE-ca\r
+dir = $ENV::CASROOT/fake-ca\r
database = $dir/index.txt\r
serial = $dir/serial.txt\r
default_md = sha1\r
\r
-certificate = $dir/$ENV::CATYPE.cert\r
-private_key = $dir/$ENV::CATYPE.priv\r
+certificate = $dir/fake.cert\r
+private_key = $dir/fake.priv\r
\r
policy = policy_any\r
\r
[ proxy_none ]\r
keyUsage = critical,digitalSignature,keyEncipherment\r
\r
+[ proxy_invalid_usage ]\r
+keyUsage = critical,keyEncipherment\r
+\r
+[ proxy_rfc_pathLen1 ]\r
+proxyCertInfo=critical,language:id-ppl-inheritAll,pathlen:1\r
+\r
+[ proxy_rfc ]\r
+proxyCertInfo=critical,language:id-ppl-inheritAll\r
+\r
+[ proxy_rfc_anypolicy ]\r
+proxyCertInfo=critical,language:id-ppl-anyLanguage,policy:text:AB\r
+\r
+[ proxy_rfc_independent ]\r
+proxyCertInfo=critical,language:id-ppl-independent,pathlen:1\r
+\r
+[ proxy_rfc_limited ]\r
+proxyCertInfo=critical,language:limitedProxyOid\r
-----BEGIN CERTIFICATE-----
-MIIDETCCAnqgAwIBAgIJAJXRhilSGEmtMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV
+MIIDFDCCAn2gAwIBAgIJAMam5pwcE352MA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV
BAYTAlVHMQ8wDQYDVQQHEwZUcm9waWMxDzANBgNVBAoTBlV0b3BpYTETMBEGA1UE
CxMKUmVsYXhhdGlvbjEaMBgGA1UEAxMRdGhlIG5va2V5dXNhZ2UgQ0EwHhcNMDkx
-MTE4MjAwOTU3WhcNMzcwNDA1MjAwOTU3WjBgMQswCQYDVQQGEwJVRzEPMA0GA1UE
+MjA5MTYyNzA5WhcNMzcwNDI2MTYyNzA5WjBgMQswCQYDVQQGEwJVRzEPMA0GA1UE
BxMGVHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRpb24x
GjAYBgNVBAMTEXRoZSBub2tleXVzYWdlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQCoVc7fs7Owtyzi24NxaBoemkPQRv/mDDfhJTzX5cGVcymMWXLqhjHk
-KhuCziQ1pIRFPPUxmlNJneeo95WzrCWHe3HFILDSrjXoIw48aHPcgHmJRTU2U+wE
-fIwvw1nrSsQXS5ftQuMb5PcOCcI6cZiQzZquEy64Kkqovx7CvEKqOQIDAQABo4HS
-MIHPMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFD5yNicj3eNgIHr1/Ou0UciEePrH
-MIGSBgNVHSMEgYowgYeAFD5yNicj3eNgIHr1/Ou0UciEePrHoWSkYjBgMQswCQYD
+ADCBiQKBgQC1sDcjw5TH+LYj2sNRaR5CEo4zecP3nMyGWL1B84HEDBejvNXMZbpk
+FV6aWc/aIsZjM1NVKDBx4OH+JimjX1y1TnURlq0k4S/4/cqPxIX6wY2Om0QF418l
+6yVEcXPFkGvfM22MkNDdukpBxYIUYAlcoEflb0wVNXR0LD0cqaWtkQIDAQABo4HV
+MIHSMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFHtqwoVzbfSCBoAchgVr0Kdlb+QN
+MIGSBgNVHSMEgYowgYeAFHtqwoVzbfSCBoAchgVr0Kdlb+QNoWSkYjBgMQswCQYD
VQQGEwJVRzEPMA0GA1UEBxMGVHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNV
-BAsTClJlbGF4YXRpb24xGjAYBgNVBAMTEXRoZSBub2tleXVzYWdlIENBggkAldGG
-KVIYSa0wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4GBAAZY4vy4uPDsiqdp
-Y7LycXMQ20Dzp9WYOncjrUvw0UgSiF3kgOvjdJSNI+2ISSCvL8qKB5m4v88dhZvV
-N0xr/QhTZidAH/EnarURy4s46ueqW/80PGFszLsUQwMB/lQCKDbXXiJ31GytxZMr
-tLUfi9j+FtxbQRTNBvF93zh2sVwi
+BAsTClJlbGF4YXRpb24xGjAYBgNVBAMTEXRoZSBub2tleXVzYWdlIENBggkAxqbm
+nBwTfnYwDgYDVR0PAQH/BAQDAgECMA0GCSqGSIb3DQEBBQUAA4GBADhep4H9Lnfm
+uoKLUR4Xuyvnv8OvvVtqMO/Gk35nv645jqoFfLMX/hWnMke7vd0oUiMoWo5B9wlN
+CWW2z14rRg75aX08SCT1XE5UAdrBQJIbKzFRGoEKzRyukfMCoX4K3mVdGwH7igoH
+sF8HmwdlUOl0gaagKM1qWkQrcHGNLEeq
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
-MIICWwIBAAKBgQCoVc7fs7Owtyzi24NxaBoemkPQRv/mDDfhJTzX5cGVcymMWXLq
-hjHkKhuCziQ1pIRFPPUxmlNJneeo95WzrCWHe3HFILDSrjXoIw48aHPcgHmJRTU2
-U+wEfIwvw1nrSsQXS5ftQuMb5PcOCcI6cZiQzZquEy64Kkqovx7CvEKqOQIDAQAB
-AoGAfZJFGCr9SD3chf4qN1bo5Rs+qwfLrNhAdvtIP+VsWwflXoT7bGdeoE2o6BLO
-gBWRdfTbE32D086vGSRX0AgClbBjq6F4zV6YyWxU8B5W55AObvkGFVXmbWc3Bqso
-F4EOr3EdXNGYKvguoXIJ+cSrpt72X9SBOS5XGYUdwDTZ2AECQQDWyhMoAy/j/QML
-LvA1IwJilcD7U2FEK/Gs6qD/yUqPit0hj3I4jXVkpXX2s6n1VbB+rmYj8YPaBFzd
-nWSOSEnhAkEAyKIEzmLoP90cMiWcR7jhSSHprdnhpmo4W7xLrxYfZ95cjuzNEdlV
-ex2jzPRHRA5eDauQj0J+rG9PIFi/Op5bWQJAOIjj1epQ1q+n92+ZZkMaw5wrOXvO
-5ES0zhDL48e1ymaAoe7B38TMG3u5uv+7QooVdKKu29McI2x2jRZ6e0DnwQJAcavy
-Ayjgo0ZYMkVC3RPveCrhpaE7irjFw5vUWZe0JXpDgKrDqSg0mTN62aVRN0rYmPAq
-UDCBapsJ/q6pccHEyQJAfHkXV65981psqotNFMO7Xvs/uePIifSkuopiNM9cXVPR
-PghtFTnSLavjBOa94EzT4mTc3X2kjfecVZvMSf0Yow==
+MIICWwIBAAKBgQC1sDcjw5TH+LYj2sNRaR5CEo4zecP3nMyGWL1B84HEDBejvNXM
+ZbpkFV6aWc/aIsZjM1NVKDBx4OH+JimjX1y1TnURlq0k4S/4/cqPxIX6wY2Om0QF
+418l6yVEcXPFkGvfM22MkNDdukpBxYIUYAlcoEflb0wVNXR0LD0cqaWtkQIDAQAB
+AoGAYPvCQzX4alIpr7PrxL4u56gN/g5GfBtX1XLy+4xnPWYTDFUVbvjyaNA7YnsE
+h3U+nt9b4T4FthQLrmVinpGd40ZOzbRXmY7K9QyUmFobGlQNK+TT+wKdF0brajiJ
+bMwk2j65vmNVflmRe4lyq6FV+1oyj+WzkXOKwOpmURZICxECQQDx2xE1IIij4T1Q
+i135ujGsFQhvcSBRNJgtevHTblcoQULEvE1zV1wWg2eIZu1CqwLkrJOMxn8Q1Mv7
+jR/qIULFAkEAwFBayrnx75LdBSxdvsx8HRtiDsIePkf1InLpOAF8CS72W2rRniNE
+mef+hWPiXRK80KkoPpHMgalDEFdFAeV8XQI/VBTU5qNo3ZBwwI+zHB6fJjQpupSZ
+p6GhRi535Al4Q4Zsr/jG9FJqsWj9lW4zDfpmBxn4MfjQNAnG4K0vazYlAkEAnJZQ
+9tRki/92+ylew2ZYgJK1SvMAERIiJQSPpMyApDGa4mCdgTeSOgbOFOp5e/Mvzm6N
+mDS64bBiLMICLEMg+QJANy+y9S7o5eH+svlRYcj9DNdqD41JLsBE3q+60S/cv85W
+eX5Oc3j+c0O/JPO8UxFoYAlDCfVQd2937kiNz19MHg==
-----END RSA PRIVATE KEY-----
### req command\r
\r
+oid_section = new_oids\r
+\r
+[ new_oids ]\r
+limitedProxyOid = 1.3.6.1.4.1.3536.1.1.1.9\r
+\r
[ req ]\r
default_bits = 1024\r
distinguished_name = req_distinguished_name\r
basicConstraints = CA:true\r
subjectKeyIdentifier = hash\r
authorityKeyIdentifier = keyid:always,issuer:always\r
-keyUsage = cRLSign, keyCertSign\r
-\r
-#[ serial_cert_req ]\r
-#serialNumber = 12341324\r
+keyUsage = critical, cRLSign, keyCertSign\r
\r
-#[ email_cert_req ]\r
-#emailAddress = test@home.org\r
-\r
-#[ uid_cert_req ]\r
-#userId = testuserid\r
+[ ca_cert_req_nokeyusage ]\r
+basicConstraints = CA:true\r
+subjectKeyIdentifier = hash\r
+authorityKeyIdentifier = keyid:always,issuer:always\r
+keyUsage = critical, cRLSign\r
\r
[ proxy_cert_req ]\r
\r
default_ca = CA_default\r
\r
[CA_default]\r
-dir = $ENV::CASROOT/$ENV::CATYPE-ca\r
+dir = $ENV::CASROOT/nokeyusage-ca\r
database = $dir/index.txt\r
serial = $dir/serial.txt\r
default_md = sha1\r
\r
-certificate = $dir/$ENV::CATYPE.cert\r
-private_key = $dir/$ENV::CATYPE.priv\r
+certificate = $dir/nokeyusage.cert\r
+private_key = $dir/nokeyusage.priv\r
\r
policy = policy_any\r
\r
[ proxy_none ]\r
keyUsage = critical,digitalSignature,keyEncipherment\r
\r
+[ proxy_invalid_usage ]\r
+keyUsage = critical,keyEncipherment\r
+\r
+[ proxy_rfc_pathLen1 ]\r
+proxyCertInfo=critical,language:id-ppl-inheritAll,pathlen:1\r
+\r
+[ proxy_rfc ]\r
+proxyCertInfo=critical,language:id-ppl-inheritAll\r
+\r
+[ proxy_rfc_anypolicy ]\r
+proxyCertInfo=critical,language:id-ppl-anyLanguage,policy:text:AB\r
+\r
+[ proxy_rfc_independent ]\r
+proxyCertInfo=critical,language:id-ppl-independent,pathlen:1\r
+\r
+[ proxy_rfc_limited ]\r
+proxyCertInfo=critical,language:limitedProxyOid\r
-V 370405200958Z 0176 unknown /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the subca CA
### req command\r
\r
+oid_section = new_oids\r
+\r
+[ new_oids ]\r
+limitedProxyOid = 1.3.6.1.4.1.3536.1.1.1.9\r
+\r
[ req ]\r
default_bits = 1024\r
distinguished_name = req_distinguished_name\r
basicConstraints = CA:true\r
subjectKeyIdentifier = hash\r
authorityKeyIdentifier = keyid:always,issuer:always\r
-keyUsage = cRLSign, keyCertSign\r
-\r
-#[ serial_cert_req ]\r
-#serialNumber = 12341324\r
+keyUsage = critical, cRLSign, keyCertSign\r
\r
-#[ email_cert_req ]\r
-#emailAddress = test@home.org\r
-\r
-#[ uid_cert_req ]\r
-#userId = testuserid\r
+[ ca_cert_req_nokeyusage ]\r
+basicConstraints = CA:true\r
+subjectKeyIdentifier = hash\r
+authorityKeyIdentifier = keyid:always,issuer:always\r
+keyUsage = critical, cRLSign\r
\r
[ proxy_cert_req ]\r
\r
default_ca = CA_default\r
\r
[CA_default]\r
-dir = $ENV::CASROOT/$ENV::CATYPE-ca\r
+dir = $ENV::CASROOT/root-ca\r
database = $dir/index.txt\r
serial = $dir/serial.txt\r
default_md = sha1\r
\r
-certificate = $dir/$ENV::CATYPE.cert\r
-private_key = $dir/$ENV::CATYPE.priv\r
+certificate = $dir/root.cert\r
+private_key = $dir/root.priv\r
\r
policy = policy_any\r
\r
[ proxy_none ]\r
keyUsage = critical,digitalSignature,keyEncipherment\r
\r
+[ proxy_invalid_usage ]\r
+keyUsage = critical,keyEncipherment\r
+\r
+[ proxy_rfc_pathLen1 ]\r
+proxyCertInfo=critical,language:id-ppl-inheritAll,pathlen:1\r
+\r
+[ proxy_rfc ]\r
+proxyCertInfo=critical,language:id-ppl-inheritAll\r
+\r
+[ proxy_rfc_anypolicy ]\r
+proxyCertInfo=critical,language:id-ppl-anyLanguage,policy:text:AB\r
+\r
+[ proxy_rfc_independent ]\r
+proxyCertInfo=critical,language:id-ppl-independent,pathlen:1\r
+\r
+[ proxy_rfc_limited ]\r
+proxyCertInfo=critical,language:limitedProxyOid\r
-----BEGIN CERTIFICATE-----
-MIIC/zCCAmigAwIBAgIJAOwn+bdeOP7lMA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNV
+MIIDAjCCAmugAwIBAgIJAN70gOiGeHNkMA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNV
BAYTAlVHMQ8wDQYDVQQHEwZUcm9waWMxDzANBgNVBAoTBlV0b3BpYTETMBEGA1UE
-CxMKUmVsYXhhdGlvbjEUMBIGA1UEAxMLdGhlIHJvb3QgQ0EwHhcNMDkxMTE4MjAw
-OTU4WhcNMzcwNDA1MjAwOTU4WjBaMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMGVHJv
+CxMKUmVsYXhhdGlvbjEUMBIGA1UEAxMLdGhlIHJvb3QgQ0EwHhcNMDkxMjA5MTYy
+NzA5WhcNMzcwNDI2MTYyNzA5WjBaMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMGVHJv
cGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRpb24xFDASBgNV
-BAMTC3RoZSByb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxw6fX
-Pm7OJc5QC0QaRHIjRXCK2CWVz1GXJ+1Fp9nN2OF3lhIr2JnYKkD3Shg9/6R43LUL
-pBOF8bEdQzC8P3XZTr2HHoS79bI8TVnZ4xtEM+bZO7k6EGQhzd+xjfQ7dGEqk4TS
-36PuyzIXyUJ9CrgpmzrD3r/wZreGNENql4iW6wIDAQABo4HMMIHJMAwGA1UdEwQF
-MAMBAf8wHQYDVR0OBBYEFC3z3nM1NSxp66FO7/5rlG43PPUxMIGMBgNVHSMEgYQw
-gYGAFC3z3nM1NSxp66FO7/5rlG43PPUxoV6kXDBaMQswCQYDVQQGEwJVRzEPMA0G
+BAMTC3RoZSByb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDsBAlZ
+L671sIktcVJcoEYdHMqtLlf/RYJt0da0upIWRxXvpS28UDOGkiGXqqXNgayWTrf6
+ecBYAnfXjIDCG42RQiEzcnHQWTyGhVKclGgeXv49B1Fn1hH77wMhQrtyUbMhvSGI
+sRHYv4EH45UOLVtQc4fGa9x7LgP6cJg9i1+DGQIDAQABo4HPMIHMMAwGA1UdEwQF
+MAMBAf8wHQYDVR0OBBYEFL2h6oGN//VQZjdV1+QmQMKpOD7EMIGMBgNVHSMEgYQw
+gYGAFL2h6oGN//VQZjdV1+QmQMKpOD7EoV6kXDBaMQswCQYDVQQGEwJVRzEPMA0G
A1UEBxMGVHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRp
-b24xFDASBgNVBAMTC3RoZSByb290IENBggkA7Cf5t144/uUwCwYDVR0PBAQDAgEG
-MA0GCSqGSIb3DQEBBQUAA4GBACzSdZyhnSj5wArIua8Nc6Tc6XIVp0by/jYz/cOa
-FAZZmY7GaTTL65SDu0QH1NJIRC6G8wWvQeCouK9dgKXA9vQZ3Caf+8LOwyAU4rZe
-2maDgk4CcLYz953CYDxRSwmLPTVkXAJHPD15SS8gXxWcNKIUInoov6cSzjTEfjw9
-1kCX
+b24xFDASBgNVBAMTC3RoZSByb290IENBggkA3vSA6IZ4c2QwDgYDVR0PAQH/BAQD
+AgEGMA0GCSqGSIb3DQEBBQUAA4GBAI0KSvSjFgzWR26b8N9jpU/20Nw6xH6uS2AF
+czdqlJxBJZKzPCOkfPB2oh82CTcebzdDOWOOqa0Sft65s8wTqHeG7JS6BnceiNKL
+w6dj4WBgvgWBgl4euue0wlTQLOd849cvKOlOfFZmtwOjqIV/Bc2+VXPXkLGe66z8
+wMLCxTdo
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQCxw6fXPm7OJc5QC0QaRHIjRXCK2CWVz1GXJ+1Fp9nN2OF3lhIr
-2JnYKkD3Shg9/6R43LULpBOF8bEdQzC8P3XZTr2HHoS79bI8TVnZ4xtEM+bZO7k6
-EGQhzd+xjfQ7dGEqk4TS36PuyzIXyUJ9CrgpmzrD3r/wZreGNENql4iW6wIDAQAB
-AoGAMdlWFcwSMojzhArEvED5aN6uIqFeWNZcYPD3XpMlRs5M28Yfrl/9NFsVAMOs
-bKZlrubldjA6sVMHgdc3sXJyT1fY7GYGt0Xsgy/pGL1+c5uREiFSXl/nhXgeZrfY
-M/C6Dl0269a6K3OSwk92OVYRUqRZM2nUK4bpODOAnAtGkcECQQDp30uqbx7BAkcj
-Z49Txg5sGfmHHrJgWGzJK9RKSdrE0OH/DTus08h/wMm3fXxPffchLIAHWp94m4uM
-Zi0AfBkbAkEAwpVZP/GoSPGwvDtw4t3YVvz2oNgoxFQtmU5xx4LgRNWVHrAE4sXd
-8opTBnqikAIbOADXEF/A04ViMvR0Kw6mcQJAXFfr04b+uK0Ck8svP5/DUBHNgfmv
-6vTfN2uT7iVNOUtVANUjy/DviOoBe+8TZ3vQWYvtnXm93+xi5HPvrvJRIwJBAK4B
-/ulHAzYQJPt/sIjA2QmZeDgIdhR0Lr7tPqSrLkGAOrVRtVzSk5OlDXA61QsxRwQD
-BFBZQMgnfNSSdRxYIpECQD3aPIAP/tv6mWeSOc6aP7jH0NyEceDEOPnpFitSfJqe
-8m/wecCuED9DgXTSpmJJ0BuFc8oXKRV7OgwhqfIuEwc=
+MIICXQIBAAKBgQDsBAlZL671sIktcVJcoEYdHMqtLlf/RYJt0da0upIWRxXvpS28
+UDOGkiGXqqXNgayWTrf6ecBYAnfXjIDCG42RQiEzcnHQWTyGhVKclGgeXv49B1Fn
+1hH77wMhQrtyUbMhvSGIsRHYv4EH45UOLVtQc4fGa9x7LgP6cJg9i1+DGQIDAQAB
+AoGBAIqwKIonEgm/7iws7jgN2oWa+KJhnEYeI3HDIAbdp6C9ru8+wixpeI24a1MD
+bSDg9Xjx0vy19MgC00dvge4OYNX86ec28N2PmERPNzilqFMj5sGNx2BWArnJT6fV
+odkQ6UIh+USMiAk6xGpo68T+jBt6DyK81sCOL90PCCRQDoKNAkEA/DqnJOG7xU5Z
+glsf226XE+U1UDyK/ePHnIOHIV1D/4x0aIAvFqeyER5+iTILnoWT0YepaDoM+tWY
+9xzjvQ2qPwJBAO+LVLRpYdn2YSGMUxVvLt4RJKr7zQ+SwwC+wi+b3VmS+iCGXwWu
+QX3eFbtRlmv35d9b5xcaA/eoOGMoiozljKcCQFC0y8qnWBe4DDgDxFvINRsumjKE
+TM0UV0ijZVetqhZY8N6HNYoAOp/zq/VmSAV/JF9FE1XATWrtcbaQTeauOq0CQBM3
+8IHQ+qLMG5rfcUME+pOieHinXxpiwfZrV5UOQkIPgrXdUf5YrrR0fvXaY+EhsHWt
+H+tAkRTrkCqUdBk9yX0CQQDh6J7uGU44tvMwxgc9jSqib5DqgflzF3hXJpLhZX8S
+Y9GaWp6pfrZUH0E46f7aorAaTeZ/4GobazC9VLcK5wPK
-----END RSA PRIVATE KEY-----
-V 370405200958Z 0176 unknown /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the subsubca CA
+V 370426162710Z 0176 unknown /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the subca CA
### req command\r
\r
+oid_section = new_oids\r
+\r
+[ new_oids ]\r
+limitedProxyOid = 1.3.6.1.4.1.3536.1.1.1.9\r
+\r
[ req ]\r
default_bits = 1024\r
distinguished_name = req_distinguished_name\r
basicConstraints = CA:true\r
subjectKeyIdentifier = hash\r
authorityKeyIdentifier = keyid:always,issuer:always\r
-keyUsage = cRLSign, keyCertSign\r
-\r
-#[ serial_cert_req ]\r
-#serialNumber = 12341324\r
+keyUsage = critical, cRLSign, keyCertSign\r
\r
-#[ email_cert_req ]\r
-#emailAddress = test@home.org\r
-\r
-#[ uid_cert_req ]\r
-#userId = testuserid\r
+[ ca_cert_req_nokeyusage ]\r
+basicConstraints = CA:true\r
+subjectKeyIdentifier = hash\r
+authorityKeyIdentifier = keyid:always,issuer:always\r
+keyUsage = critical, cRLSign\r
\r
[ proxy_cert_req ]\r
\r
default_ca = CA_default\r
\r
[CA_default]\r
-dir = $ENV::CASROOT/$ENV::CATYPE-ca\r
+dir = $ENV::CASROOT/subca-ca\r
database = $dir/index.txt\r
serial = $dir/serial.txt\r
default_md = sha1\r
\r
-certificate = $dir/$ENV::CATYPE.cert\r
-private_key = $dir/$ENV::CATYPE.priv\r
+certificate = $dir/subca.cert\r
+private_key = $dir/subca.priv\r
\r
policy = policy_any\r
\r
[ proxy_none ]\r
keyUsage = critical,digitalSignature,keyEncipherment\r
\r
+[ proxy_invalid_usage ]\r
+keyUsage = critical,keyEncipherment\r
+\r
+[ proxy_rfc_pathLen1 ]\r
+proxyCertInfo=critical,language:id-ppl-inheritAll,pathlen:1\r
+\r
+[ proxy_rfc ]\r
+proxyCertInfo=critical,language:id-ppl-inheritAll\r
+\r
+[ proxy_rfc_anypolicy ]\r
+proxyCertInfo=critical,language:id-ppl-anyLanguage,policy:text:AB\r
+\r
+[ proxy_rfc_independent ]\r
+proxyCertInfo=critical,language:id-ppl-independent,pathlen:1\r
+\r
+[ proxy_rfc_limited ]\r
+proxyCertInfo=critical,language:limitedProxyOid\r
Signature Algorithm: md5WithRSAEncryption
Issuer: C=UG, L=Tropic, O=Utopia, OU=Relaxation, CN=the root CA
Validity
- Not Before: Nov 18 20:09:58 2009 GMT
- Not After : Apr 5 20:09:58 2037 GMT
+ Not Before: Dec 9 16:27:10 2009 GMT
+ Not After : Apr 26 16:27:10 2037 GMT
Subject: C=UG, L=Tropic, O=Utopia, OU=Relaxation, CN=the subca CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:ba:44:79:30:f9:57:b7:5a:8d:86:95:51:1c:5c:
- 9d:f8:dd:e1:c7:e9:e3:d6:8e:9a:4d:7c:cc:0b:ef:
- e2:85:99:8b:c1:df:7c:b4:41:60:6f:a6:55:0c:51:
- cc:ed:d5:46:2a:64:24:a0:3a:d4:d1:ff:ef:44:20:
- 07:c0:51:eb:67:ae:af:a7:d7:22:14:36:08:98:76:
- 06:85:34:42:9f:30:23:0a:6b:f4:d5:47:38:67:54:
- 0a:92:1b:33:5c:37:cb:e7:7c:76:94:45:ad:45:23:
- 6c:b1:0c:80:5b:00:bc:4e:83:44:cc:0a:a0:a7:dd:
- ef:59:ca:da:02:73:d6:f4:b3
+ 00:c6:2d:d0:cd:2c:7d:2d:5e:96:a6:3d:78:62:97:
+ bd:da:51:33:95:8a:24:0f:8d:fd:14:b1:fa:b3:ac:
+ eb:f8:e9:f3:31:3b:f7:f3:c1:f6:e0:5a:bf:9b:93:
+ 22:08:ec:f2:09:55:58:44:bd:c5:bb:07:c0:8c:bc:
+ 7d:9c:04:66:51:b3:26:d8:d9:37:76:6e:ca:88:ef:
+ b2:cd:43:cf:e9:3a:61:fc:2e:30:96:90:fa:8b:8b:
+ ce:7b:3a:64:a5:0f:a1:9d:c2:25:0a:21:ee:ed:be:
+ ce:d1:ea:0f:6e:20:36:7c:e8:f1:8a:ca:6c:4e:3c:
+ 41:46:c5:4d:40:aa:09:91:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:TRUE
X509v3 Subject Key Identifier:
- 97:58:6D:62:00:14:32:1C:0E:B1:6F:89:3B:3C:92:A9:95:15:8A:05
+ CE:3B:77:9F:05:35:41:E3:6C:26:B9:F7:CF:CA:01:F6:F5:15:89:02
X509v3 Authority Key Identifier:
- keyid:2D:F3:DE:73:35:35:2C:69:EB:A1:4E:EF:FE:6B:94:6E:37:3C:F5:31
+ keyid:BD:A1:EA:81:8D:FF:F5:50:66:37:55:D7:E4:26:40:C2:A9:38:3E:C4
DirName:/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the root CA
- serial:EC:27:F9:B7:5E:38:FE:E5
+ serial:DE:F4:80:E8:86:78:73:64
- X509v3 Key Usage:
+ X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Signature Algorithm: md5WithRSAEncryption
- 6c:03:5f:54:ba:53:fd:b4:fe:42:f5:96:1f:4d:98:64:11:6b:
- 7c:95:8e:e6:91:22:a8:b7:d5:0a:5c:50:6f:16:ea:51:f2:aa:
- 18:30:9a:55:1d:af:10:be:38:79:d7:eb:b9:2f:94:14:c4:0b:
- 37:21:b8:76:b7:df:96:67:c5:98:56:8c:d6:88:c6:8b:ba:6d:
- 06:a4:bb:c1:ad:72:c7:96:ff:85:f5:d5:36:88:ac:10:15:66:
- 04:44:04:54:98:be:db:6c:83:78:48:aa:2a:52:9f:85:81:71:
- 50:b7:af:22:2a:7c:f8:b8:94:bf:35:0e:6b:57:61:14:22:66:
- 7c:6b
+ 98:0e:78:59:02:57:26:43:33:cc:70:82:69:e1:a9:bf:df:a1:
+ 9c:3a:4b:f5:c2:eb:f2:7a:97:88:87:7e:4b:c2:5d:2e:61:a5:
+ a2:5d:73:76:13:e5:d6:0d:07:de:2b:23:e2:11:b5:93:3a:9c:
+ cc:f2:ed:61:65:15:23:2e:73:2e:90:07:5b:fd:88:49:ba:b3:
+ 6a:d0:1d:38:e6:82:08:5d:35:eb:fb:da:cf:5e:a5:b3:31:11:
+ 04:30:18:78:76:c2:da:65:4a:c6:71:47:dd:14:56:2e:77:e3:
+ e8:31:6b:c7:0b:9a:48:30:90:13:d3:2e:b9:3d:75:54:d3:d8:
+ 7d:02
-----BEGIN CERTIFICATE-----
-MIIC+TCCAmKgAwIBAgICAXYwDQYJKoZIhvcNAQEEBQAwWjELMAkGA1UEBhMCVUcx
+MIIC/DCCAmWgAwIBAgICAXYwDQYJKoZIhvcNAQEEBQAwWjELMAkGA1UEBhMCVUcx
DzANBgNVBAcTBlRyb3BpYzEPMA0GA1UEChMGVXRvcGlhMRMwEQYDVQQLEwpSZWxh
-eGF0aW9uMRQwEgYDVQQDEwt0aGUgcm9vdCBDQTAeFw0wOTExMTgyMDA5NThaFw0z
-NzA0MDUyMDA5NThaMFsxCzAJBgNVBAYTAlVHMQ8wDQYDVQQHEwZUcm9waWMxDzAN
+eGF0aW9uMRQwEgYDVQQDEwt0aGUgcm9vdCBDQTAeFw0wOTEyMDkxNjI3MTBaFw0z
+NzA0MjYxNjI3MTBaMFsxCzAJBgNVBAYTAlVHMQ8wDQYDVQQHEwZUcm9waWMxDzAN
BgNVBAoTBlV0b3BpYTETMBEGA1UECxMKUmVsYXhhdGlvbjEVMBMGA1UEAxMMdGhl
-IHN1YmNhIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC6RHkw+Ve3Wo2G
-lVEcXJ343eHH6ePWjppNfMwL7+KFmYvB33y0QWBvplUMUczt1UYqZCSgOtTR/+9E
-IAfAUetnrq+n1yIUNgiYdgaFNEKfMCMKa/TVRzhnVAqSGzNcN8vnfHaURa1FI2yx
-DIBbALxOg0TMCqCn3e9ZytoCc9b0swIDAQABo4HMMIHJMAwGA1UdEwQFMAMBAf8w
-HQYDVR0OBBYEFJdYbWIAFDIcDrFviTs8kqmVFYoFMIGMBgNVHSMEgYQwgYGAFC3z
-3nM1NSxp66FO7/5rlG43PPUxoV6kXDBaMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMG
+IHN1YmNhIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGLdDNLH0tXpam
+PXhil73aUTOViiQPjf0UsfqzrOv46fMxO/fzwfbgWr+bkyII7PIJVVhEvcW7B8CM
+vH2cBGZRsybY2Td2bsqI77LNQ8/pOmH8LjCWkPqLi857OmSlD6GdwiUKIe7tvs7R
+6g9uIDZ86PGKymxOPEFGxU1AqgmRJwIDAQABo4HPMIHMMAwGA1UdEwQFMAMBAf8w
+HQYDVR0OBBYEFM47d58FNUHjbCa598/KAfb1FYkCMIGMBgNVHSMEgYQwgYGAFL2h
+6oGN//VQZjdV1+QmQMKpOD7EoV6kXDBaMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMG
VHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRpb24xFDAS
-BgNVBAMTC3RoZSByb290IENBggkA7Cf5t144/uUwCwYDVR0PBAQDAgEGMA0GCSqG
-SIb3DQEBBAUAA4GBAGwDX1S6U/20/kL1lh9NmGQRa3yVjuaRIqi31QpcUG8W6lHy
-qhgwmlUdrxC+OHnX67kvlBTECzchuHa335ZnxZhWjNaIxou6bQaku8GtcseW/4X1
-1TaIrBAVZgREBFSYvttsg3hIqipSn4WBcVC3ryIqfPi4lL81DmtXYRQiZnxr
+BgNVBAMTC3RoZSByb290IENBggkA3vSA6IZ4c2QwDgYDVR0PAQH/BAQDAgEGMA0G
+CSqGSIb3DQEBBAUAA4GBAJgOeFkCVyZDM8xwgmnhqb/foZw6S/XC6/J6l4iHfkvC
+XS5hpaJdc3YT5dYNB94rI+IRtZM6nMzy7WFlFSMucy6QB1v9iEm6s2rQHTjmgghd
+Nev72s9epbMxEQQwGHh2wtplSsZxR90UVi534+gxa8cLmkgwkBPTLrk9dVTT2H0C
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQC6RHkw+Ve3Wo2GlVEcXJ343eHH6ePWjppNfMwL7+KFmYvB33y0
-QWBvplUMUczt1UYqZCSgOtTR/+9EIAfAUetnrq+n1yIUNgiYdgaFNEKfMCMKa/TV
-RzhnVAqSGzNcN8vnfHaURa1FI2yxDIBbALxOg0TMCqCn3e9ZytoCc9b0swIDAQAB
-AoGAB3GTEkT0n2wr+bPf4O1GltpvGmkbZMigG/afxN5aRBKFxkKjHiT6sJuKDIr8
-UIjUW/9Sg2C2fonmyucoyCO9735TR7JTeIiEsrTWKI2OR2rMtvLyUV1x7MzfZtw+
-uIolrukbMD0a5RKKnAI1PqLVqgIDp8nSCbG7r8LLRvF3MGkCQQDfx4lSVZ5deHvy
-H33QOqIekglKHesF6tin4J6xHN7l1bi76FpYQuOBmI4EuQfatlej/CbASt5vPFHj
-+QxJXkCHAkEA1RZA9tpzslI3JeIBdMMtWRrBPRW8b1BFL7Y+hNBT/Gk5uG7Q0giE
-4FH7Q95Phi1fMy8OIGskpyj2psC7DdGRdQJAf6nKAZquugxeSYcFs6F/k4kkm4/t
-4HZWG4/deJVL5DrFJQ4tXGTsfaaWfsNAY9narcbQJKuRskvrO+98vu5ySQJAd//X
-R+0P2K1aJzhWj5XWtOZPSoIyIxG2VL8yCAN2OKBdhBLMAGwRwG4KrVbFvA9THHT0
-ZKdR9d0owhGphYeufQJBANnY/Uc437oWe7qd/Kssai0omuGTswxztOZWWr4dAokP
-9A18VsU3gSmFGMK6OCmtJcX6R3pO3FvuVSqtQz+HTLY=
+MIICXAIBAAKBgQDGLdDNLH0tXpamPXhil73aUTOViiQPjf0UsfqzrOv46fMxO/fz
+wfbgWr+bkyII7PIJVVhEvcW7B8CMvH2cBGZRsybY2Td2bsqI77LNQ8/pOmH8LjCW
+kPqLi857OmSlD6GdwiUKIe7tvs7R6g9uIDZ86PGKymxOPEFGxU1AqgmRJwIDAQAB
+AoGARDzmVp9pAsQ9D0S/PQOOxauMHYORYyG68PNPpap3HiBAMsW5XN9+yEW3EDSb
+VYNw27HdUN4fRYUn0c3dWmlRaVkfUAtHx1VhcsTfWRxp+FN4enl1HFvi2ji/5UYd
+e8z2GumVgwthxK1mGS2Q3pRB/VobGrX1r8384r7qCqRVyUECQQDns994mE751SyD
+Aa53ifeh85hbT4kJDN3wjOpQn++JuLu4qWoUHhRFXKD2DL6+TOewD0Y9iAkUAyTN
+yuUpVLBRAkEA2vX9aMqv9qPQqBzwScbJQr+YMND363OKwrvQa2ed94O8oFwl/+vC
+C83TV5eLxUinfFsT0zNMca3eIQVqBPqD9wJBANp4LcPlyMGkkN3N3hV0j3uy1fty
+2QEhkrrYA6+VviSbfNU3WIAzhGWKW3LkvY1tsh+9pzspY3XtKOyp3L3FzqECQGiO
+tL6YoyQ0n4vXncqtGSg9k3AkKW8OkoFg7CqNpTovdyBgQGkP7G50j+ow3LaNdiUE
+3NeqlGNocjz0d+b+tYsCQAhOG1xXly1tBduUJTQ+V5Cs9fKG7nn9QftCe53CocPS
+RHQFd6d4WYZjhxorAduJf5gVXWU2tdyhYqY239dVxhY=
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE REQUEST-----
MIIBmzCCAQQCAQAwWzELMAkGA1UEBhMCVUcxDzANBgNVBAcTBlRyb3BpYzEPMA0G
A1UEChMGVXRvcGlhMRMwEQYDVQQLEwpSZWxheGF0aW9uMRUwEwYDVQQDEwx0aGUg
-c3ViY2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALpEeTD5V7dajYaV
-URxcnfjd4cfp49aOmk18zAvv4oWZi8HffLRBYG+mVQxRzO3VRipkJKA61NH/70Qg
-B8BR62eur6fXIhQ2CJh2BoU0Qp8wIwpr9NVHOGdUCpIbM1w3y+d8dpRFrUUjbLEM
-gFsAvE6DRMwKoKfd71nK2gJz1vSzAgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQCK
-08BejkSBKvmzprupFEkKdaKcu+dDthDDpNGDrGJsYzIM/w4KU8PBQYZ1899YBu02
-TtusdVST6k8Q1uE35qdcd/hHRqRanQM8Vbzfzwoi2iOhUVvERW9/rEfdJ2HeiPzg
-550HXO/kRbMOiATQEqNz5JcXWCS64raA7D9X7Y0jIQ==
+c3ViY2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMYt0M0sfS1elqY9
+eGKXvdpRM5WKJA+N/RSx+rOs6/jp8zE79/PB9uBav5uTIgjs8glVWES9xbsHwIy8
+fZwEZlGzJtjZN3Zuyojvss1Dz+k6YfwuMJaQ+ouLzns6ZKUPoZ3CJQoh7u2+ztHq
+D24gNnzo8YrKbE48QUbFTUCqCZEnAgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQAr
+HDqquBnfR1ZvErqw3A7u3m1wq+wWzGvc/AU66wX5pA0n8eGGRoB7AX/VIxowgbQk
+415R37S9kUbVc2vW7a4Qr+cAhyiknVOWcakSjf7g5tzg/KYawA1kvvzxLV6dTZhZ
+ACTnvCY3Q2DDcvkOJ+20PbACPRpbWbg9ekZYkHq3VQ==
-----END CERTIFICATE REQUEST-----
+V 370426162710Z 0176 unknown /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the subsubca CA
### req command\r
\r
+oid_section = new_oids\r
+\r
+[ new_oids ]\r
+limitedProxyOid = 1.3.6.1.4.1.3536.1.1.1.9\r
+\r
[ req ]\r
default_bits = 1024\r
distinguished_name = req_distinguished_name\r
basicConstraints = CA:true\r
subjectKeyIdentifier = hash\r
authorityKeyIdentifier = keyid:always,issuer:always\r
-keyUsage = cRLSign, keyCertSign\r
-\r
-#[ serial_cert_req ]\r
-#serialNumber = 12341324\r
+keyUsage = critical, cRLSign, keyCertSign\r
\r
-#[ email_cert_req ]\r
-#emailAddress = test@home.org\r
-\r
-#[ uid_cert_req ]\r
-#userId = testuserid\r
+[ ca_cert_req_nokeyusage ]\r
+basicConstraints = CA:true\r
+subjectKeyIdentifier = hash\r
+authorityKeyIdentifier = keyid:always,issuer:always\r
+keyUsage = critical, cRLSign\r
\r
[ proxy_cert_req ]\r
\r
default_ca = CA_default\r
\r
[CA_default]\r
-dir = $ENV::CASROOT/$ENV::CATYPE-ca\r
+dir = $ENV::CASROOT/subsubca-ca\r
database = $dir/index.txt\r
serial = $dir/serial.txt\r
default_md = sha1\r
\r
-certificate = $dir/$ENV::CATYPE.cert\r
-private_key = $dir/$ENV::CATYPE.priv\r
+certificate = $dir/subsubca.cert\r
+private_key = $dir/subsubca.priv\r
\r
policy = policy_any\r
\r
[ proxy_none ]\r
keyUsage = critical,digitalSignature,keyEncipherment\r
\r
+[ proxy_invalid_usage ]\r
+keyUsage = critical,keyEncipherment\r
+\r
+[ proxy_rfc_pathLen1 ]\r
+proxyCertInfo=critical,language:id-ppl-inheritAll,pathlen:1\r
+\r
+[ proxy_rfc ]\r
+proxyCertInfo=critical,language:id-ppl-inheritAll\r
+\r
+[ proxy_rfc_anypolicy ]\r
+proxyCertInfo=critical,language:id-ppl-anyLanguage,policy:text:AB\r
+\r
+[ proxy_rfc_independent ]\r
+proxyCertInfo=critical,language:id-ppl-independent,pathlen:1\r
+\r
+[ proxy_rfc_limited ]\r
+proxyCertInfo=critical,language:limitedProxyOid\r
Signature Algorithm: md5WithRSAEncryption
Issuer: C=UG, L=Tropic, O=Utopia, OU=Relaxation, CN=the subca CA
Validity
- Not Before: Nov 18 20:09:58 2009 GMT
- Not After : Apr 5 20:09:58 2037 GMT
+ Not Before: Dec 9 16:27:10 2009 GMT
+ Not After : Apr 26 16:27:10 2037 GMT
Subject: C=UG, L=Tropic, O=Utopia, OU=Relaxation, CN=the subsubca CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:e9:4b:ca:3a:8f:65:d5:44:72:1f:21:9a:16:42:
- 61:e7:67:93:38:13:cc:c2:0d:81:dc:ff:fe:8d:c4:
- c1:a1:57:c1:43:64:18:bd:a2:22:0b:fd:51:84:12:
- a2:b7:86:f2:1c:a0:dd:b2:e9:01:53:43:e2:c7:de:
- 44:ea:41:97:85:08:91:b4:f9:b8:f8:1e:da:e9:a2:
- 3c:1b:4e:33:8d:1a:05:d8:3a:40:21:f6:9d:2a:84:
- c7:f6:10:8c:ea:21:2c:40:cc:a1:c8:6e:1e:76:c3:
- 0d:21:ec:8f:fc:76:62:d8:78:ae:e1:11:9d:3c:66:
- c3:56:bc:bb:8f:87:d2:2c:4b
+ 00:bc:29:f6:02:17:f1:46:b2:28:0d:50:1d:f5:b3:
+ 90:1b:ea:43:ea:cf:58:eb:fe:91:21:64:59:78:d9:
+ ad:dd:cd:82:5c:1c:17:b6:75:74:fa:42:96:1c:b1:
+ 1f:a2:76:ab:06:e4:ff:28:65:49:08:ed:b1:92:c6:
+ 25:7d:ad:dc:2a:23:ab:b1:bf:06:71:27:70:2a:2d:
+ ed:3c:dc:1b:bb:ea:ba:11:20:9a:d7:9e:9c:62:18:
+ 27:bb:05:74:b5:50:44:33:72:f5:fb:37:a3:00:44:
+ 55:67:74:0e:84:ae:5c:72:68:30:01:6c:0f:c9:bc:
+ a5:c1:94:e4:2a:72:26:ee:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:TRUE
X509v3 Subject Key Identifier:
- 03:4A:F7:6F:2F:37:6B:B7:24:C1:92:6E:FB:54:26:42:C1:84:20:26
+ 1B:F6:7F:35:4E:C6:B8:06:BC:67:63:FD:A4:93:D8:9E:1F:D1:C0:44
X509v3 Authority Key Identifier:
- keyid:97:58:6D:62:00:14:32:1C:0E:B1:6F:89:3B:3C:92:A9:95:15:8A:05
+ keyid:CE:3B:77:9F:05:35:41:E3:6C:26:B9:F7:CF:CA:01:F6:F5:15:89:02
DirName:/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the root CA
serial:01:76
- X509v3 Key Usage:
+ X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Signature Algorithm: md5WithRSAEncryption
- ae:93:74:7c:61:3d:7c:38:c3:95:f8:48:71:33:6f:2b:00:eb:
- 35:bb:5d:f2:0c:09:10:bf:07:48:ef:3f:10:d8:a9:ae:c8:74:
- 82:12:18:01:6d:ce:b7:28:9b:6c:b1:b0:74:e5:b6:70:c4:d0:
- 47:22:8b:ed:40:d8:79:d9:8a:93:03:94:cf:12:27:b9:06:ce:
- e2:e8:a2:42:89:97:e0:12:e7:7f:0c:93:38:6f:56:4c:ca:6b:
- 0a:23:df:6c:37:5e:32:1f:13:0f:2b:59:df:f3:e4:8c:80:8f:
- c8:4e:01:f2:3a:20:87:be:15:96:ef:cf:94:8d:9a:79:35:bb:
- f2:22
+ a3:f2:83:56:21:14:83:51:b5:65:0e:9f:58:dc:f3:67:13:a3:
+ c3:d5:96:35:8e:bb:8a:85:d2:c8:e7:c2:12:63:51:04:3b:c2:
+ bf:a8:6b:09:91:0b:ed:2d:24:d9:eb:2a:7f:73:ef:13:51:d3:
+ 30:44:d6:99:46:62:f3:fe:af:9b:71:e5:fb:96:6d:0e:f4:ee:
+ f2:9a:18:88:4e:2d:7c:7f:7e:73:16:52:82:e8:06:2b:49:60:
+ 40:0e:be:6b:c8:e4:f1:75:0f:9d:8d:52:f7:ea:c6:e9:70:4e:
+ 0d:d4:64:73:9e:fa:0c:e9:25:72:e9:40:14:77:aa:6e:e9:55:
+ 85:34
-----BEGIN CERTIFICATE-----
-MIIC9DCCAl2gAwIBAgICAXYwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCVUcx
+MIIC9zCCAmCgAwIBAgICAXYwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCVUcx
DzANBgNVBAcTBlRyb3BpYzEPMA0GA1UEChMGVXRvcGlhMRMwEQYDVQQLEwpSZWxh
-eGF0aW9uMRUwEwYDVQQDEwx0aGUgc3ViY2EgQ0EwHhcNMDkxMTE4MjAwOTU4WhcN
-MzcwNDA1MjAwOTU4WjBeMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMGVHJvcGljMQ8w
+eGF0aW9uMRUwEwYDVQQDEwx0aGUgc3ViY2EgQ0EwHhcNMDkxMjA5MTYyNzEwWhcN
+MzcwNDI2MTYyNzEwWjBeMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMGVHJvcGljMQ8w
DQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRpb24xGDAWBgNVBAMTD3Ro
-ZSBzdWJzdWJjYSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6UvKOo9l
-1URyHyGaFkJh52eTOBPMwg2B3P/+jcTBoVfBQ2QYvaIiC/1RhBKit4byHKDdsukB
-U0Pix95E6kGXhQiRtPm4+B7a6aI8G04zjRoF2DpAIfadKoTH9hCM6iEsQMyhyG4e
-dsMNIeyP/HZi2Hiu4RGdPGbDVry7j4fSLEsCAwEAAaOBwzCBwDAMBgNVHRMEBTAD
-AQH/MB0GA1UdDgQWBBQDSvdvLzdrtyTBkm77VCZCwYQgJjCBgwYDVR0jBHwweoAU
-l1htYgAUMhwOsW+JOzySqZUVigWhXqRcMFoxCzAJBgNVBAYTAlVHMQ8wDQYDVQQH
+ZSBzdWJzdWJjYSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvCn2Ahfx
+RrIoDVAd9bOQG+pD6s9Y6/6RIWRZeNmt3c2CXBwXtnV0+kKWHLEfonarBuT/KGVJ
+CO2xksYlfa3cKiOrsb8GcSdwKi3tPNwbu+q6ESCa156cYhgnuwV0tVBEM3L1+zej
+AERVZ3QOhK5ccmgwAWwPybylwZTkKnIm7uUCAwEAAaOBxjCBwzAMBgNVHRMEBTAD
+AQH/MB0GA1UdDgQWBBQb9n81Tsa4BrxnY/2kk9ieH9HARDCBgwYDVR0jBHwweoAU
+zjt3nwU1QeNsJrn3z8oB9vUViQKhXqRcMFoxCzAJBgNVBAYTAlVHMQ8wDQYDVQQH
EwZUcm9waWMxDzANBgNVBAoTBlV0b3BpYTETMBEGA1UECxMKUmVsYXhhdGlvbjEU
-MBIGA1UEAxMLdGhlIHJvb3QgQ0GCAgF2MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0B
-AQQFAAOBgQCuk3R8YT18OMOV+EhxM28rAOs1u13yDAkQvwdI7z8Q2KmuyHSCEhgB
-bc63KJtssbB05bZwxNBHIovtQNh52YqTA5TPEie5Bs7i6KJCiZfgEud/DJM4b1ZM
-ymsKI99sN14yHxMPK1nf8+SMgI/ITgHyOiCHvhWW78+UjZp5NbvyIg==
+MBIGA1UEAxMLdGhlIHJvb3QgQ0GCAgF2MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG
+9w0BAQQFAAOBgQCj8oNWIRSDUbVlDp9Y3PNnE6PD1ZY1jruKhdLI58ISY1EEO8K/
+qGsJkQvtLSTZ6yp/c+8TUdMwRNaZRmLz/q+bceX7lm0O9O7ymhiITi18f35zFlKC
+6AYrSWBADr5ryOTxdQ+djVL36sbpcE4N1GRznvoM6SVy6UAUd6pu6VWFNA==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDpS8o6j2XVRHIfIZoWQmHnZ5M4E8zCDYHc//6NxMGhV8FDZBi9
-oiIL/VGEEqK3hvIcoN2y6QFTQ+LH3kTqQZeFCJG0+bj4HtrpojwbTjONGgXYOkAh
-9p0qhMf2EIzqISxAzKHIbh52ww0h7I/8dmLYeK7hEZ08ZsNWvLuPh9IsSwIDAQAB
-AoGAWUWNLvdsaj10xgDfq6DfQeNabFz3P1JX3S+AQtOFnK2t4JHO/dGq4Zeft8BB
-z6StxNKxwyJyRWB2yTB+gn1y8tQaTUIgihKKNOLb0gAKH71VNucFAidSYGqWZG6l
-IOAHvd8kJDteqAKzsHn8xSB/IPeKg27IiUAep6ozUhaRn+ECQQD0tNWt+M8os1hY
-F1OEmaMJeMPte6mQ75TngYMLs0feKERMIVw6mmCp7LioEFRj3IU/TVrzHXCEReKE
-095vl2QpAkEA9BAk5AR4jb4kxB+1Wl84PoTUJkNi76/VOMHqqxWKR/2ohUyiBgov
-2YMxk0CEmKg99sSS6Cv3fLx1/GGn41V7UwJAGiq8Lr5MaK3E5KaZ57QGGx0u1lZC
-65yy746J1NZ2+OqVYw6uLhYUABewJ0iXvZX3Ka277ANZ5MsUTd/aCVTHAQJBANWc
-i61GfH0SvvspBYFjdcbCWyxiLmW6b9SNZOb4o17/FFAXEnhW0ip+ORW4klVKa3Ff
-+3RZhvMVv+51SowedSECQQDCg5KIpLI/a1MIciiSsamypdGdDU8B/HshrHm1ZUJ1
-b7dc3pffJwtOlQiwzX5Ihwxx4lW0eY+Xo8i2abhpPXun
+MIICXQIBAAKBgQC8KfYCF/FGsigNUB31s5Ab6kPqz1jr/pEhZFl42a3dzYJcHBe2
+dXT6QpYcsR+idqsG5P8oZUkI7bGSxiV9rdwqI6uxvwZxJ3AqLe083Bu76roRIJrX
+npxiGCe7BXS1UEQzcvX7N6MARFVndA6ErlxyaDABbA/JvKXBlOQqcibu5QIDAQAB
+AoGBALH1wa0DNffWAZltv5gk5tPwAaIvzvsMPfjl7tUkk5MmjfdNvoObnTIgDdc/
+EhtWvrR7mnN7L9MY84xMiSLPb1xwS3uAGYDTtMpydOdWZZYwcoZMM36YjXYFgqvl
+QW4Kcfi60/gWW7TMp9329M8ibDyAomDfd1e0Vg//g8zjnRg1AkEA3RoZkhT9/8rn
+z3Sqg8l4ys6VUuYBylPPSjPLbTKG6oX5PWKyQw3GrJrN/2NpOE21/QPfvmIBsJlC
+35oG479s3wJBANnc9VmEERy139BjQse/1lHJ5N83Cy64smE2Bm9TxkbIhvxZWO31
+f5sSU2FFGq36fHJyM6uJ3FX0dtq1sNsSmLsCQDPKJEkyf5iF96yBYFuEOrYOk62a
+ULsKzJhN742Bc1bF0O7PCoBoXqwZir0SlRfqJAHDAYq/vDOYgrCLjKeWNDMCQQDV
+onew7PF+ztYHWZ6dk39NOoZFYIuFqDW7X6fVuTegJ3k+sTqkNW2JGeJLauEro4ov
+C8+hMZGvdAaslygy2ryLAkAJEow6EQXqtve6enOWk6SYeTJ82hKBc2L8cQeUA2jR
+fVDfECxJoC3IezBZzhuMkmX0BL7n6GxhyFOmdg2uqJ2h
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE REQUEST-----
MIIBnjCCAQcCAQAwXjELMAkGA1UEBhMCVUcxDzANBgNVBAcTBlRyb3BpYzEPMA0G
A1UEChMGVXRvcGlhMRMwEQYDVQQLEwpSZWxheGF0aW9uMRgwFgYDVQQDEw90aGUg
-c3Vic3ViY2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOlLyjqPZdVE
-ch8hmhZCYednkzgTzMINgdz//o3EwaFXwUNkGL2iIgv9UYQSoreG8hyg3bLpAVND
-4sfeROpBl4UIkbT5uPge2umiPBtOM40aBdg6QCH2nSqEx/YQjOohLEDMochuHnbD
-DSHsj/x2Yth4ruERnTxmw1a8u4+H0ixLAgMBAAGgADANBgkqhkiG9w0BAQUFAAOB
-gQB15WCrFk3RykaCyJjnoToQfi72KkPr0ZpK4AjtGiTx1TepFFcXzgyU+1jtbTzv
-v8Wo0En5wzi7CzHJnFHfwhPF3fkNf6F6WbF+tC1O9XQ4fzqpvlYIbxS11I6VeLwb
-X1Owgu3ns9lhgVtqRjohEYDveoi8NdJVtC/iCKe46IBtkg==
+c3Vic3ViY2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALwp9gIX8Uay
+KA1QHfWzkBvqQ+rPWOv+kSFkWXjZrd3NglwcF7Z1dPpClhyxH6J2qwbk/yhlSQjt
+sZLGJX2t3Cojq7G/BnEncCot7TzcG7vquhEgmteenGIYJ7sFdLVQRDNy9fs3owBE
+VWd0DoSuXHJoMAFsD8m8pcGU5CpyJu7lAgMBAAGgADANBgkqhkiG9w0BAQUFAAOB
+gQBeHdKgFoI8OGM2Xc2j00eBVGYsxfIXjYsagPuyLxG2+WbQjsQfSlehDvJcf5E/
+g/iHI++poo36TcWnLh+YGcEP0taOp2O9wBNXGDWX3KGKdQ5XLpkPiGHG5Zvhkx7a
+Y4KTlUw4GnfWYciHbzjK3ZGL//jwgvHJNJ6/Iw5bDpNGfg==
-----END CERTIFICATE REQUEST-----
### req command\r
\r
+oid_section = new_oids\r
+\r
+[ new_oids ]\r
+limitedProxyOid = 1.3.6.1.4.1.3536.1.1.1.9\r
+\r
[ req ]\r
default_bits = 1024\r
distinguished_name = req_distinguished_name\r
basicConstraints = CA:true\r
subjectKeyIdentifier = hash\r
authorityKeyIdentifier = keyid:always,issuer:always\r
-keyUsage = cRLSign, keyCertSign\r
-\r
-#[ serial_cert_req ]\r
-#serialNumber = 12341324\r
+keyUsage = critical, cRLSign, keyCertSign\r
\r
-#[ email_cert_req ]\r
-#emailAddress = test@home.org\r
-\r
-#[ uid_cert_req ]\r
-#userId = testuserid\r
+[ ca_cert_req_nokeyusage ]\r
+basicConstraints = CA:true\r
+subjectKeyIdentifier = hash\r
+authorityKeyIdentifier = keyid:always,issuer:always\r
+keyUsage = critical, cRLSign\r
\r
[ proxy_cert_req ]\r
\r
default_ca = CA_default\r
\r
[CA_default]\r
-dir = $ENV::CASROOT/$ENV::CATYPE-ca\r
+dir = $ENV::CASROOT/trusted-ca\r
database = $dir/index.txt\r
serial = $dir/serial.txt\r
default_md = sha1\r
\r
-certificate = $dir/$ENV::CATYPE.cert\r
-private_key = $dir/$ENV::CATYPE.priv\r
+certificate = $dir/trusted.cert\r
+private_key = $dir/trusted.priv\r
\r
policy = policy_any\r
\r
[ proxy_none ]\r
keyUsage = critical,digitalSignature,keyEncipherment\r
\r
+[ proxy_invalid_usage ]\r
+keyUsage = critical,keyEncipherment\r
+\r
+[ proxy_rfc_pathLen1 ]\r
+proxyCertInfo=critical,language:id-ppl-inheritAll,pathlen:1\r
+\r
+[ proxy_rfc ]\r
+proxyCertInfo=critical,language:id-ppl-inheritAll\r
+\r
+[ proxy_rfc_anypolicy ]\r
+proxyCertInfo=critical,language:id-ppl-anyLanguage,policy:text:AB\r
+\r
+[ proxy_rfc_independent ]\r
+proxyCertInfo=critical,language:id-ppl-independent,pathlen:1\r
+\r
+[ proxy_rfc_limited ]\r
+proxyCertInfo=critical,language:limitedProxyOid\r
-----BEGIN CERTIFICATE-----
-MIIDCDCCAnGgAwIBAgIJANziUWMgmUwRMA0GCSqGSIb3DQEBBQUAMF0xCzAJBgNV
+MIIDCzCCAnSgAwIBAgIJALIbmjlwx6A+MA0GCSqGSIb3DQEBBQUAMF0xCzAJBgNV
BAYTAlVHMQ8wDQYDVQQHEwZUcm9waWMxDzANBgNVBAoTBlV0b3BpYTETMBEGA1UE
-CxMKUmVsYXhhdGlvbjEXMBUGA1UEAxMOdGhlIHRydXN0ZWQgQ0EwHhcNMDkxMTE4
-MjAwOTMwWhcNMzcwNDA1MjAwOTMwWjBdMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMG
+CxMKUmVsYXhhdGlvbjEXMBUGA1UEAxMOdGhlIHRydXN0ZWQgQ0EwHhcNMDkxMjA5
+MTYyNjEwWhcNMzcwNDI2MTYyNjEwWjBdMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMG
VHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRpb24xFzAV
BgNVBAMTDnRoZSB0cnVzdGVkIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
-gQDTgxhpXPFdUAZ6vdOUeDhNNq7O+CCeYnOv/sMIoauTNxRSlMOIGwIB8d4VlgsK
-U/JKNhmV2Bx1jCAB4nBsoY3mIryPWvt86emR+5lWcfJfG9Q2HHMed0oNwUf7i3g9
-DX22x/B69Kq4KR5C24QlZEwloPi97ltg+ILWp5WULD2v+wIDAQABo4HPMIHMMAwG
-A1UdEwQFMAMBAf8wHQYDVR0OBBYEFFLVqrGqen8FRIdghQ2W5M5+VLFfMIGPBgNV
-HSMEgYcwgYSAFFLVqrGqen8FRIdghQ2W5M5+VLFfoWGkXzBdMQswCQYDVQQGEwJV
+gQCX3cRHcag8RiQV4LztIAx7B7i381yF+zf39ZZq84Ycc8ZI+LFBzrRQsjaEPsbi
+6f1dbDh1IwLFptttwG+AJBKwjHjPSdbPqtOYshBIjG+phanVTLg9chPEIirYf5ng
+idfDOCMw9mNdFcPnrBA7CXDNCoY7hsPSf3U986B2csZfgQIDAQABo4HSMIHPMAwG
+A1UdEwQFMAMBAf8wHQYDVR0OBBYEFMQRFAPFkx4YXYvN7xawfJOsXtilMIGPBgNV
+HSMEgYcwgYSAFMQRFAPFkx4YXYvN7xawfJOsXtiloWGkXzBdMQswCQYDVQQGEwJV
RzEPMA0GA1UEBxMGVHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJl
-bGF4YXRpb24xFzAVBgNVBAMTDnRoZSB0cnVzdGVkIENBggkA3OJRYyCZTBEwCwYD
-VR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4GBAJz6xkG3SctVcVOlRrgdGSpqlE2v
-Fw1j8tasKRYrhHWZYQT32oiP34ov6ZFTxZ0lBtgjNfRhI0VxXDvr5tamt819hTUL
-F5F8yPoabSvBbpWjeDJa4ma74N4jn3Rmdp8K7i1Xno+Eslbx60QYy+Zk8GlFtEsX
-CR53OZzZdYBWFa5W
+bGF4YXRpb24xFzAVBgNVBAMTDnRoZSB0cnVzdGVkIENBggkAshuaOXDHoD4wDgYD
+VR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4GBABLlJ29AZEJqgwGp27/paP0f
+brMWEmlBQrObohg+K8oflMUVPNotwkChR58hwyNfNCKR+r/8bIJOWI+lFTkh5EQq
+Yqz2q5bLhy/Odgkyk5QSNm2YsMpvfWyA1A9ROtpvIXquBXMG6fx0/xYG1/NQkbK/
+BE0sTheSsSSJLTDB7PwE
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDTgxhpXPFdUAZ6vdOUeDhNNq7O+CCeYnOv/sMIoauTNxRSlMOI
-GwIB8d4VlgsKU/JKNhmV2Bx1jCAB4nBsoY3mIryPWvt86emR+5lWcfJfG9Q2HHMe
-d0oNwUf7i3g9DX22x/B69Kq4KR5C24QlZEwloPi97ltg+ILWp5WULD2v+wIDAQAB
-AoGAI0CnUfBOvjm3Sr/WwtkisSPbEN3kOeG43G1+vjKL8TZt6bGnwUiXFhHk7P4c
-CvWg3WOU8heZ7rGTKB1Alap7hsEeVC6kVZHz4PmvjkJbIyBKlFfeUm3UY7kq+eyD
-148CGk9gSCtRs/vOHygpJwEvIac6toKE64gCh3xn9NZo/UkCQQD6dr93AX3hh7qb
-Ht3ep2TD5nKdiRfNtW5uieXGm2wG4jinKziQHOeURJ8kFjzbmIo58zGLjbeUD42C
-eAjkr3D1AkEA2C/wQeYp6lNh7AIx2GAPSTGlKHa1x016j69pVUMXyPQBht7o66WG
-lGEC4v22axMFogbj8Ln5Pj84k6IGyGRHLwJAeR4rgJUMFp/YMWM/z4gLRmCOVHgT
-Nrrh6DpvDxfhqYKD+vL/q1EO+7gjbQQD8f1V+qgL8XxaphLPT6RUSKI+cQJBAM9I
-t78X5xyssnlOaWikQkPV/BveJtFgMqHOeNqtqAKgI06kMQSxA2cF1XS7+8qSxJXk
-sW3Bg3/xslerxYEi1TUCQQDYo/EVIhFigU3ONRguQxZ4rHCF5zwl3rdw2wXcIdS0
-4nREE6He1zwNrTlS3bRU+asmD4dtYxuUgSTqvvyArsCe
+MIICWwIBAAKBgQCX3cRHcag8RiQV4LztIAx7B7i381yF+zf39ZZq84Ycc8ZI+LFB
+zrRQsjaEPsbi6f1dbDh1IwLFptttwG+AJBKwjHjPSdbPqtOYshBIjG+phanVTLg9
+chPEIirYf5ngidfDOCMw9mNdFcPnrBA7CXDNCoY7hsPSf3U986B2csZfgQIDAQAB
+AoGAZ6OzkKIzErc3ZyrRI+5MNiYF3JubV+AiyPhz55c7ve0Qs7nsliFvkuacJ9ID
+vtW6z+fL+7yh5qtBcnvyW/vCOGb1SZR8TaeK4eYPYn7+f34cMY+EYqVB9jws8Er8
+VByq7rx7Gmwr1ykiGiT04HdeFKw1uhYpqtdKwpNG+5L2g+UCQQDFqlkOxNWdx1Iy
+RK9Z1JWBh5BaywBexiBxObA98AA/pYpi6Bd01HSA28R0nQXkKSRJl1Y0Fv8UKl2v
+ovsNguIbAkEAxK9JXNYDQX4gVqf/nk/UVaqbpt60ahRRWkDHgCueVW6PipwV3TgA
+SkKkS5M1E1aTSw8tPP6XXshK31amN1Q+kwJADRrbJrCEHR7O40hMe98tPlY3it10
+m9P06KzTc3fK/G1EPIR4saU4SCbJ4pVag6L6pepjq7ZumO6qIW/jxySLSwJAXh/Q
+iPf2GOqGCVJeduGXKOP7lzDuv/E3OWzUzFaTcCj30op9wB8jrGYWAADTnoyI8pux
+t4XS5M4PXrA13TaYtwJAB5jWQUN+Hk8pqMC5R8ft10Z9pUB5WCAEeOqJBRmpbg5m
+TYOzpXPGwNglpzaXG7EQp1pC71I3k3gsI0jXjmnwkQ==
-----END RSA PRIVATE KEY-----
git://scientific.zcu.cz / glite-security-test-utils.git / commitdiff