\r
\r
[ ca_server ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# This is OK for an SSL server.\r
nsCertType = server\r
nsComment = "OpenSSL Generated Server Certificate"\r
# nsCertType = objsign\r
\r
[ ca_altname ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# This is OK for an SSL server.\r
nsCertType = server\r
nsComment = "OpenSSL Generated Server Certificate"\r
subjectAltName = DNS:*.hoo.org,DNS:joo.haa.org,IP:123.124.220.1,DNS:g*a.e*.com\r
\r
[ ca_altname2 ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# This is OK for an SSL server.\r
nsCertType = server\r
nsComment = "OpenSSL Generated Server Certificate"\r
subjectAltName = $ENV::DNS_HOSTNAME\r
\r
[ ca_altname3 ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# This is OK for an SSL server.\r
nsCertType = server\r
nsComment = "OpenSSL Generated Server Certificate"\r
subjectAltName = email:john.doe@foo.bar\r
\r
[ ca_client ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# For normal client use this is typical\r
nsCertType = client, email\r
nsComment = "OpenSSL Generated Client Certificate"\r
\r
[ ca_clientserver ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# For normal client use this is typical\r
nsCertType = server, client, email\r
nsComment = "OpenSSL Generated Client Server Certificate"\r
\r
[ ca_fclient ]\r
-# This is typical in keyUsage for a client certificate.\r
+# Test cert without flags.\r
basicConstraints = CA:false\r
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
nsComment = "OpenSSL Generated Client Certificate with key usage"\r
-----BEGIN CERTIFICATE-----
-MIIC/zCCAmigAwIBAgIJAPyX1GUEW7U4MA0GCSqGSIb3DQEBBQUAMFkxCzAJBgNV
+MIIC/zCCAmigAwIBAgIJAIr7MlTxfRzEMA0GCSqGSIb3DQEBBQUAMFkxCzAJBgNV
BAYTAlVHMQ8wDQYDVQQHEwZUcm9waWMxDzANBgNVBAoTBlV0b3BpYTETMBEGA1UE
-CxMKUmVsYXhhdGlvbjETMBEGA1UEAxMKdGhlIGJhZCBDQTAeFw0xMDEyMTYxNzIz
-MDlaFw0zODA1MDMxNzIzMDlaMFkxCzAJBgNVBAYTAlVHMQ8wDQYDVQQHEwZUcm9w
+CxMKUmVsYXhhdGlvbjETMBEGA1UEAxMKdGhlIGJhZCBDQTAeFw0xMjAxMzAxMjE4
+NDlaFw0yNTEwMDgxMjE4NDlaMFkxCzAJBgNVBAYTAlVHMQ8wDQYDVQQHEwZUcm9w
aWMxDzANBgNVBAoTBlV0b3BpYTETMBEGA1UECxMKUmVsYXhhdGlvbjETMBEGA1UE
-AxMKdGhlIGJhZCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyFjAIRIE
-hy7WExZv2wzxQhCjS83hm7MFHhTsL5n+mkWWkpVQaLmGWXrnyn3IUbD2lu5KysL6
-Y3lYqlYBy+z47C0cGLfhLN3K5b5FLSgG+lGGwVdjWIlh3OrLIF/JPvkiqvUyj4vM
-cnHKFLrhCJwH9QfkJaoQPTu2MxWQFt8XEnMCAwEAAaOBzjCByzAMBgNVHRMEBTAD
-AQH/MB0GA1UdDgQWBBQuDrF3Ok8SCnxrWpbzpcVrOGfXdjCBiwYDVR0jBIGDMIGA
-gBQuDrF3Ok8SCnxrWpbzpcVrOGfXdqFdpFswWTELMAkGA1UEBhMCVUcxDzANBgNV
+AxMKdGhlIGJhZCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArzvmjayO
+WK0rPrBaasFsHJ6ZaXvnHgQ2vm1vfTfw1E3I6P/3iqqzmhEABeLfPrgybZya6RO7
+SCDWMOVOHGX4xdWxUAUea7ehpmLduRcGedt6hJ+jsex7UfRoQRKeobVXEZQLR6Yr
+R8IANYFsvLriWtfCjP2kdD5NN6/bfDsT+ecCAwEAAaOBzjCByzAMBgNVHRMEBTAD
+AQH/MB0GA1UdDgQWBBSPD7RDRGeCxsPZt5e4Dwl3j8tnRjCBiwYDVR0jBIGDMIGA
+gBSPD7RDRGeCxsPZt5e4Dwl3j8tnRqFdpFswWTELMAkGA1UEBhMCVUcxDzANBgNV
BAcTBlRyb3BpYzEPMA0GA1UEChMGVXRvcGlhMRMwEQYDVQQLEwpSZWxheGF0aW9u
-MRMwEQYDVQQDEwp0aGUgYmFkIENBggkA/JfUZQRbtTgwDgYDVR0PAQH/BAQDAgEG
-MA0GCSqGSIb3DQEBBQUAA4GBAMT1HF5n25PgC9dybe2AQzGV9iFIU7KDITtNmGwJ
-iOQ6eg+p5d037jxHNSF0EJjAAfCJDGUOn4bZhEDv8zDzVUuuY63yngZ5arVDZaZT
-EUF00J6JI389GNqg1ZxpYgSu5gkiSEydr0g5NL6Gu0JsCp5ZVNP1k/thUGqavxMw
-feKY
+MRMwEQYDVQQDEwp0aGUgYmFkIENBggkAivsyVPF9HMQwDgYDVR0PAQH/BAQDAgEG
+MA0GCSqGSIb3DQEBBQUAA4GBAKHxmA8kkBrCQUl3HvyD2Q6zIv+Cg5z1luB2Wz+a
+s32yar0yoYR3cOTF5ZrpO5dhJbKZgGD49pcVFFOFjke4+kbwRXIow/r9pc82yHMD
+NiVZ4bLbVBJ6H1ZjLrGGnqA8PviYWSN4qYxUVMHWZJpyxS8JOYIJIC1VVoSPlyH6
+v/o7
-----END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDIWMAhEgSHLtYTFm/bDPFCEKNLzeGbswUeFOwvmf6aRZaSlVBo
-uYZZeufKfchRsPaW7krKwvpjeViqVgHL7PjsLRwYt+Es3crlvkUtKAb6UYbBV2NY
-iWHc6ssgX8k++SKq9TKPi8xyccoUuuEInAf1B+QlqhA9O7YzFZAW3xcScwIDAQAB
-AoGAKoBhaeKXoVH3Sh9VZWPufnRnH/qyJMSqjkIkBMkncPTYR4pzf3P0I2FmcNeU
-OnhPJ5+vsCoC0j146NHMGcXQ3HFyOJkH0JdQVw4+DtV361mmQ82rLI8wPnACw4oN
-CLG2NyZFBhisxsk8n2H7MdblAFcEwNUDkePF2L9pdbspXWkCQQDkF87ohjcbf35r
-yI3oJqcu10GkD6HGblnGOMakrloBDbXDg8CqcNHOYhCDWxZnvwZdVTvnIUM8Ky6R
-2vIpu7D3AkEA4NvjhP6t9pI23bnc/31R33c4Lzr/w3htImB1ckBjeRr/+a9RJDgL
-ZfjYEbESxpTYkeaxKc0ZDhzgzmzGygiHZQJBAJkvXChRq0TudQsSICvfebw9mLoE
-PZO0nNpBWzdSWOQIPyBVpdlR97XxqkFttThr1GxuR9LMRglsvtP6BVT91rUCQHYW
-xOwpnE7sBuh3HfsHY6IKSHV1dLDBY/8zzTpNWnBVn60PR3vP+xx4jXDtH8EulnY5
-Qz2Cuu/QdreyJMwhookCQGnQXNNfYJdaJ7poQVgw/6h4LEazL/GUgrBPSKefxJe/
-ns+w5YzdpYOWdydBhB/9J+haE3e/Z8qK0E/z+GSrSNE=
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAK875o2sjlitKz6w
+WmrBbByemWl75x4ENr5tb3038NRNyOj/94qqs5oRAAXi3z64Mm2cmukTu0gg1jDl
+Thxl+MXVsVAFHmu3oaZi3bkXBnnbeoSfo7Hse1H0aEESnqG1VxGUC0emK0fCADWB
+bLy64lrXwoz9pHQ+TTev23w7E/nnAgMBAAECgYB32peZxTFjU6YlbYeaRwuEE7JI
+ZLeyXx12Z/F+ivmMrFtDinesf47yTLhgTkl1Y5USRa/qxVUuQ09dCCnB4LkirKRR
+oxbesNaGFRjTZDO3k+78z1Or6yGRPBwqhpEK5HY+9iYEwkhePp/7nmT0v5S9Qf2B
+sJixhPi+uH3qrVyeKQJBAOUKLrOZJTP9mhrkPe995Sc6hR0iNE+1htBHdNiWoe8J
+1wsPtI74gotX9c5qWmp6X4hGdCmP0upIsfedQfy4/7sCQQDD3FmsWNaxTMEYwXVH
+DW2RZFVkOQtCm9ZzcQpwcAkcAGrsSB2AykQC6Fw35FHrkAGICwlD3hDRA9VDNSVZ
+zR3FAkADG11A0G4Bw4nonXn9mq6WFqQhngopnqPChYWfPoPZ0z9YhhED83kJ3NqX
+vzeUxC4xkgsXWT0aMnw/iKGRhQzrAkAsWmTwM3oC0ofTzFN7kJ3kU91Ggeh74ABz
+SgD8L1LQxYNxGG+d76/xHJ9thMXMW2MNZLpnZQ1X189eldVsfZelAkEAkxemU1XQ
+2l5sh3VV/+Nc/kZ1Ma/7lphJqVWwvGt4iXgSfvfpY8XKNdvwIkU6L5WXKhmIXn0Q
+cY5AfAkr3yDXVg==
+-----END PRIVATE KEY-----
\r
\r
[ ca_server ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# This is OK for an SSL server.\r
nsCertType = server\r
nsComment = "OpenSSL Generated Server Certificate"\r
# nsCertType = objsign\r
\r
[ ca_altname ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# This is OK for an SSL server.\r
nsCertType = server\r
nsComment = "OpenSSL Generated Server Certificate"\r
subjectAltName = DNS:*.hoo.org,DNS:joo.haa.org,IP:123.124.220.1,DNS:g*a.e*.com\r
\r
[ ca_altname2 ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# This is OK for an SSL server.\r
nsCertType = server\r
nsComment = "OpenSSL Generated Server Certificate"\r
subjectAltName = $ENV::DNS_HOSTNAME\r
\r
[ ca_altname3 ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# This is OK for an SSL server.\r
nsCertType = server\r
nsComment = "OpenSSL Generated Server Certificate"\r
subjectAltName = email:john.doe@foo.bar\r
\r
[ ca_client ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# For normal client use this is typical\r
nsCertType = client, email\r
nsComment = "OpenSSL Generated Client Certificate"\r
\r
[ ca_clientserver ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# For normal client use this is typical\r
nsCertType = server, client, email\r
nsComment = "OpenSSL Generated Client Server Certificate"\r
\r
[ ca_fclient ]\r
-# This is typical in keyUsage for a client certificate.\r
+# Test cert without flags.\r
basicConstraints = CA:false\r
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
nsComment = "OpenSSL Generated Client Certificate with key usage"\r
-----BEGIN CERTIFICATE-----
-MIIKBDCCBeygAwIBAgIJAO61iS86gZAOMA0GCSqGSIb3DQEBBQUAMFkxCzAJBgNV
+MIIKBDCCBeygAwIBAgIJAO2oAhKC5DbrMA0GCSqGSIb3DQEBBQUAMFkxCzAJBgNV
BAYTAlVHMQ8wDQYDVQQHEwZUcm9waWMxDzANBgNVBAoTBlV0b3BpYTETMBEGA1UE
-CxMKUmVsYXhhdGlvbjETMBEGA1UEAxMKdGhlIGJpZyBDQTAeFw0xMDEyMTYxNzIz
-MTNaFw0zODA1MDMxNzIzMTNaMFkxCzAJBgNVBAYTAlVHMQ8wDQYDVQQHEwZUcm9w
+CxMKUmVsYXhhdGlvbjETMBEGA1UEAxMKdGhlIGJpZyBDQTAeFw0xMjAxMzAxMjE4
+NThaFw0yNTEwMDgxMjE4NThaMFkxCzAJBgNVBAYTAlVHMQ8wDQYDVQQHEwZUcm9w
aWMxDzANBgNVBAoTBlV0b3BpYTETMBEGA1UECxMKUmVsYXhhdGlvbjETMBEGA1UE
-AxMKdGhlIGJpZyBDQTCCBCIwDQYJKoZIhvcNAQEBBQADggQPADCCBAoCggQBANL4
-TJ9SW2xUysd24EPw09DwTieiFxpUmEJBZy2K651XmuqZRFnIkGw7PsYyHaWbYOvT
-E4eyJE0EHZRq76DEudwmeln9q63SVvYak2XYmnlLs6unxf/F580uyLoS8PX0Krey
-Jex1RDEipVCM4/eUDn/rfDXE92rQ5lS3RTr/qqc2KvXMZowe8UB231ZNxSvuzx3+
-UcMjxFBeEIC6bh+32uY6RSDKO/pKqO0dSVwKU4UwNplzYLPM1gMaKXhxf1qcdKQa
-8Th0eXpXqK0JBNR0OqoAeBWxLSlhZpXvKMiUXvgg2TLiKVozmFGT15eC2QsSq7ij
-WD9kbc0d364lGs57upw1aVubzFeaCqDMd5sPyW0MAw93+uZXuRmAwevngVGZzGbI
-ArpZhj7+KT8VzATNRkQiZ+/f0koFhY3eAPh1DxExJy0adFSQ7Sf5XBDZNeLVVVjT
-WEu3mEZrr7Jo+AvTY9IGA2ETs+JL9QVbmOjyyhVeb6CF+g4VA1gDycH6/yDGENdj
-iBvr10Af57Mzxl1wtaE6NM20nvrMPALcBw3Y3EIK9LFDq+EkN63CkczSjKQDsdjf
-uGDLELk1l7P6dpqAUbHJaD2JYAARX2IjfLtV/wNZJRWwnLJ9iSb6smaz98vuw5OM
-DK2/iUNJxPCe56YYQUqwKSnaUVG3bLRP0+idGb2sUyiytNC95gL76VGnlWeUt4Xo
-gj6DPJ/QABcdZ7AhJ/hW8s8yXmjkJyP6pNBr25BY0+LGjP5kuE6YrRQFYcFMrnRS
-3FAhd4SkoK3qM0xuTwbzvCbzmcFZDLexG/u6hjm76l0vw4+K0F3bk/ttKZFxvSKm
-SDZzQyPrD0a69hKuVD7jt/fD2vU5SkItGpmnnVbuZYssEfE6o450QSbMU4Rcbvw3
-okw5fQYBI7oLdpdLQgMZEtPKGz/76Wqw8eaeAT3rhHZF+wS6/w8NUZtUmem/ESLf
-aKDqAmZ4/i8OeCTfn5fbtqyfrni3qR29qlCDlNNcrmM89Vz+p1mSg8hdeAS115Sf
-bsbGYtpygeSG0WEAQvG095Gpq4xFmQrbdZ62wTihbQh2rOl8hd2pAO622P8GVj1T
-OcK1i4ZtA+TwP789dhr6MgBPn87MlwxDsgNNpcqJyo+CNPJwJ1HgppxJORz/snVC
-4dpDcYqsxyOAiKcR2b9jsld9GjxM02cYioxk8L263zbGZ/js7JZvx9Ovu96szdtt
-40+bbfQmzbja/fP+rPol/DxQnOhT1/+ub75L4VUx01AWwyFhsK0ozknZ5QgtZxsk
-fCuuONW93WQK3uJZdh1MH4q2JOCdl4bvNjJyYFKyma4ZRPCPoI+3VOFqhXV1z7Re
-zjsvIuU23dHcepMsinkCAwEAAaOBzjCByzAMBgNVHRMEBTADAQH/MB0GA1UdDgQW
-BBSxUNHUrHgUBI5ufRE3C4Uzx2611jCBiwYDVR0jBIGDMIGAgBSxUNHUrHgUBI5u
-fRE3C4Uzx2611qFdpFswWTELMAkGA1UEBhMCVUcxDzANBgNVBAcTBlRyb3BpYzEP
+AxMKdGhlIGJpZyBDQTCCBCIwDQYJKoZIhvcNAQEBBQADggQPADCCBAoCggQBAOdf
+RlWgLzfUL9rRWiOc144dYxxnNo3eVZuBjk14eaRPbayHaOobubHxyVo9TtGo43s9
+PyDvW9dmiv2LaasV89rKs7XmDPn5ITWfkdzuILgRmhAv8eMdtWNRpI5tfDmcd4om
+u2Ua1IMrZ9YZf+rLulroa8bOXnR70LxS7wiARx0PUo0hHXPOkGTpL3K/bQI1Cm+o
+VnPlE6XyNkmu+EW7d9cuIM66fWI+xwqUkCuqHEr3FpEL/dkkhXjkNDyf898Ev3q/
+6mxg93GnXuy4OeFoLyJDHez+l2mdmqbmWwQHIWCD0qwy/clfPnEsIuWOjH3CosWz
+xahhi/zjAhysZzTL/CGbpQn1vFtLOml18lpqsoDoUSaq+W4SEmHV4TkfCnnDu55k
+XBYPV2IPeO/UTJapAVjv1jkeUQwuVrmd0EaMwB9jSzPVjYYo2j4YBV8Rm501DrV8
+tPwienD3o0FWfXLVdByr262NXOXbHpNUDbK4gWd9eqRhzXMBSw/4jRKnVpb4o32E
+wsAar/LJOVoF9osK2PGaG5tvXH0PP2GUJo59uNmAQ/1Ta2TOTg151+YprakBxOkf
+PJEUEqbvWxs0bSVuNcLag/z5ZqzB3tw5BnlA/72XDR/Be74zflkhnTUfAaoO6P3/
+XsscojGgygQZcU6Vc7wCF+kUtowdxD8AvgobQZbsDC1EpZn7y/6l545kAC/D7VJw
+8SIWUp1QUtIyl1OEFhecGPsn1NsFWLKOY6PGWsV6gFvGkp4LuXMWKA2VB5s9udAM
+CsXq8zCTcWJHbhG8BcxOGudcMtxrc8m9cMVwlSMxP1zVJbf/soDfTqCg643JMNcu
+0+7EQlJO+Dsj2mn54vy3WUGugH0iwTlKft3ie+0WbLnryG35b5mvvYL0TP3LoF9X
+GFURPwQpKJtQfWGRy9AaBM/pQTPVnZLv4k3cencdJvZUXzUUQv/ma7t1h0wmR/09
+P0LUc5xEhCM1kO7w81DPs03C/h+L7HqtBdUiivCqmjW4IaXCPGG+7Rsj80h2bF71
+38phIz+Lws27cr262uhZENpQ6jo4xvmjat3u0x8P8VXu6L4tkzPpLCKyAHNI1lpZ
+QypMWiPaHlCR6BWt92F8dMHhJUwKpxtEGW7XI1Q6kS2q4JT7q1F9zWNg1s+MfwML
+lwjZpyfjYDm7Ka+zK8+MPHNILu6UiOOMNkJ41C/H1NRP+h53TH+jrKLj+ZwAgPi2
+0259WaIqcWk+wXnlNC1bEjx8Q3w9r49wJ4/o6yrkTB79XUNWgfAxxUg/Ml8l9nvO
+zixO1Osry28QXlbIv47D2kh+PboGpDF2Fty6Orj4dWPXqLVP27zwlyY5o/jyM4J2
+t1/WjIISV4Sh4Gn3+TUCAwEAAaOBzjCByzAMBgNVHRMEBTADAQH/MB0GA1UdDgQW
+BBSDDMMlC6a3yAP8hXZ1QxvPlVh0UTCBiwYDVR0jBIGDMIGAgBSDDMMlC6a3yAP8
+hXZ1QxvPlVh0UaFdpFswWTELMAkGA1UEBhMCVUcxDzANBgNVBAcTBlRyb3BpYzEP
MA0GA1UEChMGVXRvcGlhMRMwEQYDVQQLEwpSZWxheGF0aW9uMRMwEQYDVQQDEwp0
-aGUgYmlnIENBggkA7rWJLzqBkA4wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEB
-BQUAA4IEAQBSE5/nS0jdN4v0rc9V0msXE5rBI3D9zg6ZKvUQW8nYky4pQkY2Mm/v
-h60Mu3BpeCUEPTsreJZqiYGJpAeblsjlHzIZXeGpD+VW1/nok3qwrLz/CPYMNzy7
-Qn60Mpd47mvNM5yTygZF/XNO3qT9OTnqa/jmKO6bXJozll8Krb66f/7jSnLRUaVc
-kqyuPSNRpINOeOfrtzvzGmyda85S3eipyuHAwANYCbr/RLHIRM1FInJuQJ1utd9S
-STzNCfZVO0xMP4jZS3Brno5aQkAPIfysCPvWGWSGAgH92KdL9LqoIHaTGZijtY6A
-Fkm4P1MdtGg1X5IaMizFqeDAy/ZAXsrivnnQtucqtNcoP/+kyjrEhgXgHL7xFvQ/
-FVmQ1fZJjp0Wu51bWJFuDXye5p3+x6y9IZk/KY/25m+RQL3Ai95J88maRYz+F1uw
-cY1hv1LYKcyOw3K1eCPVpLhBtA7LfZVhZNYuQzEnjrGT2o+y8Y3/9a/JiNUJ57BH
-FmlQFsoaGVS08AGuzgLwAX7m1sbltqSLG12dNthso807boKdlqYSPeUctxHBPELQ
-Z6KShu3SsanaQaqRMOlhzCktAhMqQ9onM6aAjIE+lXZHOE/vEkIPJ6/uW1+fe6nY
-o2jx83RfNTCBMH2TKfu9qnOpCjIW3QAryK6eTacxQsoiFZudQajYKSdXYHejfp1M
-WD9eG33z7WVBuf+o7EE6/lhR3vY5E4auB6wqyM3PZJQsAhVqjiaujQee0yiMGja8
-5HVsmv0Pxqi1YnByP6vf2x4KPXzjGrzYqD9VuJuEYl7R9XsRsOOCRKVO+C18iKfe
-mcMOt6lYkwEaDiSw9CBfq7I10Ro1Nj/OIoowPV10kyDS1z1gUk/bddl/z4aNkC9K
-YeWb9gIf/L3IT6tMklqo46K1pCJAChtreTAHR3Xa6xEC5nkotBQcmlKDHkYzKYeM
-u0FW50rohUJ7kz6Djw9IgxEpz6dPJI+C0Hx2I2jbIporD6aK0RiD15/UYu2q8vVp
-fJsICJQrLfIzWG++iLlvwApcszWve3CrnWvw6hxzKJ07FX8HMxx3KGPEi3lkUnaR
-0lXLLncS4cQSd1k8jRw6ZS68gAMao3wudgijtQlDPSopb4/LUCVCJG38KZ8t+KTZ
-fKYcm1TvJFBgK2TIxZIy2g6Y+Es+MpIt2Sb2iV2bf0S0NrJKiNY6Kbl4VktkagTU
-LcfHBwp61dJsJwrfoeCFoi50JBMZO2d7Urv70A6RbvhUI43cEj4f4L2ENm/OWMPE
-RHAeGUVAQZlmhxqELEAaZK9VGbnvPa9r3m8whn+OkOabWVSZQzMrCizbs5T4EaH1
-m2YchzTLlINAbvI9awVaTdxmWPtWniyb
+aGUgYmlnIENBggkA7agCEoLkNuswDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEB
+BQUAA4IEAQBIo4+d2oLPML0pb3reUD1I820lLty5Pq2mJ5u84N8XdLD/tCWL6gPC
+2vyHycha1mtDjMN8wKKP/VXSythGkoxLRj/58AaAVa3gcFmrcYFXcTQ/YeV8YxqP
+pT/KWF1Q6GOnf82DulRdHBtrTvFS05oSPdGMTnMzRvhQjHhYu8YL2fdtkJ0scIcA
+s2noEd4g0M7nNodqX6A3FRw/MehX6+d7WhI8bqL1uA6cVOxuvEZvjnDeAKgq07gJ
+CRlRw3asds8e0HmIbv4WZ8awDSsw2sDOB5+39s6GmgumEa/UEfpAOZtHOXgNO7RA
+td4U9kuKixIKPQjAhL5o2cK1iJQuCzGgcpj4vGt+tvNO3M/stHoEL/mVN5yceXLj
+E//aTcWzOhiL5D6HPlch/4xm64PePYhcQhIcnr4/fhXP1CizRXJL9WBxw9BXbJ4f
+C9zhgUVYL9cMfrVtJkUIY0lk4ZyurWXVrKvR8pRqXTSc0SXiX11Z7wiUhO4CSYH4
+89ydbzulEaVVkev9DglkK3xpklHstFwI8xn9hvWU3xz/ONdEdP34+SRxs2uXSCz6
+KMCk/YgqwYZ96wwdJC3cabC/rl5srL+aCGRNk4VkYppEXsYaqQ/wK4ucZkejon2L
+K7bEsAQqV8q5sbin33mb3dhhzJPjwpEUWp8Yst102f7ln/F/IbPU4emXpKN3Z5tf
+1+wZfZRZtBr2mExiYEhtyzbDXCUkdyS+Wq8gCcDx7isCIbfRnupNutwtCrOA2x8Y
+h+iYe4d+tTq2504RnAMCtmVOCfblf+OdMgwN0vLVlLgUMnAaleYqIMjA6TxaaPjA
+xny+Uhg4UUTt3Ll2zRiukzcY1ZRoaj7SHnFZwmF+hOmVY4ft09waH0XJ6m1K3W/O
+YMVXjKrZxAoG9fxTuWfXHIwZCDh3DTOI6I/90McnVF8tsnmzKQmVxhljZUueoN93
+fWoQPV2Pt9TTN8Od5XsgevlD1EnYkQCFCNlzd1mRxgsBEtmDNOLDP5dYPiaOAW+x
+OL0VGWZyH2R4/6CZK73z5KF1INZA0GgTnQeFJS25yy1lJZsGQuRzvG16KZDT11V9
+QdkXCLxx36GeqqnDfOdHCZBg/Ks+FqP6nvjpFNbEWZdSLDRBlcZoAF7nTLmd3vkn
+VLw6OdGIubr8T3lEfHJP49Y7GKW5OXWNsislnn7f539aCxyR9I58QvSbrFGz9igC
+m7SaCRxmO4NhMkQBNjmQEtEyCPtJ4zaTOEp1yoYClrtVwgQyiK0HYwXrewA0v1Y4
+LuTiB1sNJiBLJw09ViCEd0KvUksHEolDHsGB6bwXV33S7oi5AndNb2VozkjcRoXI
+FQaKRQyXpKfzrZp9nDqMixdaZOs7w26E
-----END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIISKQIBAAKCBAEA0vhMn1JbbFTKx3bgQ/DT0PBOJ6IXGlSYQkFnLYrrnVea6plE
-WciQbDs+xjIdpZtg69MTh7IkTQQdlGrvoMS53CZ6Wf2rrdJW9hqTZdiaeUuzq6fF
-/8XnzS7IuhLw9fQqt7Il7HVEMSKlUIzj95QOf+t8NcT3atDmVLdFOv+qpzYq9cxm
-jB7xQHbfVk3FK+7PHf5RwyPEUF4QgLpuH7fa5jpFIMo7+kqo7R1JXApThTA2mXNg
-s8zWAxopeHF/Wpx0pBrxOHR5eleorQkE1HQ6qgB4FbEtKWFmle8oyJRe+CDZMuIp
-WjOYUZPXl4LZCxKruKNYP2RtzR3friUaznu6nDVpW5vMV5oKoMx3mw/JbQwDD3f6
-5le5GYDB6+eBUZnMZsgCulmGPv4pPxXMBM1GRCJn79/SSgWFjd4A+HUPETEnLRp0
-VJDtJ/lcENk14tVVWNNYS7eYRmuvsmj4C9Nj0gYDYROz4kv1BVuY6PLKFV5voIX6
-DhUDWAPJwfr/IMYQ12OIG+vXQB/nszPGXXC1oTo0zbSe+sw8AtwHDdjcQgr0sUOr
-4SQ3rcKRzNKMpAOx2N+4YMsQuTWXs/p2moBRscloPYlgABFfYiN8u1X/A1klFbCc
-sn2JJvqyZrP3y+7Dk4wMrb+JQ0nE8J7nphhBSrApKdpRUbdstE/T6J0ZvaxTKLK0
-0L3mAvvpUaeVZ5S3heiCPoM8n9AAFx1nsCEn+FbyzzJeaOQnI/qk0GvbkFjT4saM
-/mS4TpitFAVhwUyudFLcUCF3hKSgreozTG5PBvO8JvOZwVkMt7Eb+7qGObvqXS/D
-j4rQXduT+20pkXG9IqZINnNDI+sPRrr2Eq5UPuO398Pa9TlKQi0amaedVu5liywR
-8TqjjnRBJsxThFxu/DeiTDl9BgEjugt2l0tCAxkS08obP/vparDx5p4BPeuEdkX7
-BLr/Dw1Rm1SZ6b8RIt9ooOoCZnj+Lw54JN+fl9u2rJ+ueLepHb2qUIOU01yuYzz1
-XP6nWZKDyF14BLXXlJ9uxsZi2nKB5IbRYQBC8bT3kamrjEWZCtt1nrbBOKFtCHas
-6XyF3akA7rbY/wZWPVM5wrWLhm0D5PA/vz12GvoyAE+fzsyXDEOyA02lyonKj4I0
-8nAnUeCmnEk5HP+ydULh2kNxiqzHI4CIpxHZv2OyV30aPEzTZxiKjGTwvbrfNsZn
-+Ozslm/H06+73qzN223jT5tt9CbNuNr98/6s+iX8PFCc6FPX/65vvkvhVTHTUBbD
-IWGwrSjOSdnlCC1nGyR8K6441b3dZAre4ll2HUwfirYk4J2Xhu82MnJgUrKZrhlE
-8I+gj7dU4WqFdXXPtF7OOy8i5Tbd0dx6kyyKeQIDAQABAoIEAEoLsAjzRPc+w3VC
-ue/epNlenm+2qlkpe881WVtYuN2ek9bnOGAyzs3N9XhmupUXdesPSHmGAsutOByR
-c81/fqRQNP1E1W7Kto7mQPmsDnuoIEWNOydMdNFFLFpyr3QD4MJcmoblmauNN2yQ
-JqsMohIvuoa8vQIWk+ED+h59AY5yqp1ewldHvPEdR8Hoxd1nkfY6/sN42DxE55Hm
-3SPwybmolf6uPGLatXOTpd3SGgJTK7asEjLJIAwysH9/hm1tIFtAwY1JBCH2hlNF
-KRbQPI7SX1NtviYZ84GIUU4lFTgNf24mhtEL7tgjBbY9zKPgR7kkS6LkQs2NQKbE
-iyYRsyuEa5gllJDilfxeB1S7M708TA6v07Xo8CSNVoLP3Emhq2YfqSVyqnWNiziD
-E/pTeegME2LTseEdEwT5+Gk73K/yCogAEvhjbXlsQe3/7rPQoIXul7zrkVyWCzKZ
-OQYdiZl7VtBJtAcnFbZtsbuBC4B4hsFWhK9QnL3Vhoi46ba9DcgrPOhf3Eq7Z/0z
-nNnK51TRMxtH28y2xhFS3H71sEjVw5A76iW5KnmoIrg65fXi/hbaXsJKQ3Jd5wLa
-U6pig0ndIOMIRlN/xXSSdALkaf7o2OVF+ZmEChFOSDNX0w8WnDo7G3AYG7ssNx0l
-CLT5KmFmduwjngsKT/LxWbT4/sHdCCNDYh75yL3Hd+dUmV8mmJ9G0YXtpPBFtCxk
-KUhiLeWX1ZrRSL8mRIy4xfjypmZqnvEPvkngJ1QGb5qynQJmf6pfl3qirr2zL8lh
-yykouI5gy7flrgINzhddVK3UzlYJClKks6vu2cnSGt7Co63wIMBRxPXrV0FRz6rD
-PFbLdtjkvJgWmfu0fUQqXno124ovEaffHtno8zHqF+qYSk07JE6gt8UbrkETQ28/
-c1kQcCmNmlt+5sfZ5aLEKL/N48voaQ8ZXH0IUo+YPVC3keobgpQ3Snx4S5LEWieF
-d+Tbe7RLkUSSkBLFdN3yITsLTOThOouMlb/y/BXlvzt63z041apZO8xVJoq8FRHt
-0vyY6oqakBBqm64UsgGwJwinGKERzNV3AP971n1OSETkElMqjnfoL2OwP+czFzDU
-NJoc/no1fqX+hOVg6fH05uPgwXq9N1l/g/yUzH4s8/t3ggvIscKBmA+4dw52Ydwu
-ptGYyBpAvPxy+FDT9dCD9gKySu60ToP0tGHDUwNJzn330WURea+rjYrLWnGew7PZ
-AtmiSYYv6c6eo5CS5GVoSZRiDrsZEbUQIt1F7cvrP1WiwKzxvBWRSzT7Q+x6KcJc
-I1GG8juNDSX6H7Z9wKPg/3TPHdBEJlKdNrziQWfvg3EXUW41GXw83wiWFFDDrOIC
-vRbhFiECggIBAPu3UNt6SvrixYF+1femlNskteaNAL4JfuO2Ws1yeW7KFxPNctJy
-JnPDYmgXtuceQWcknM+UqoswGGPtR/SeDB62Q3YZziZt5xe1xtq/JKFxRU1I9SS3
-9Z7sWOmF4g+d1+5c4aHcM/L4enmsADFsTGO7KDpGtHKSVPEnHe9nH9aJqwJHeqoJ
-Y0eOUMgSFNKfsI/ONWrlMqfrZdSeLj+ANxocKgu6ULTwwWVf3bOaucrtdm12nNKm
-jtB8uWHNTQtUtdNmHMtftAsEApP2kko6xyGy1vNY//dw78oFVvefX4ur1KlYllWv
-qM0tiTbgTFg+88Op2V6aQlGyoa6cMw7JOAIyAsDMKo6/gpftTxgyte/0XqEfPALN
-OWQQzGLEGUqWWoTw4Q4nnuFX8W8xv0HlLCNMC8Y1+MicGT/fdsYirUWzpF/SXRxq
-rdGpVCxP3hMCcikJdIg5MBi8WhnDPAKqPuTx5jMxyDu/5A/tn+2zRKAnqBN7LfiI
-uWnRpAVIi11cThjzg9MK1qBiGi3zcV8qf3vXD93K96/Z3zSzrrJhNa5kh6dnd1ER
-oQEhG8BDUJ2sP8yumGUR8ViL7ZR0tjStXUc3IkgvLqCM5haxBRvPgEHA59e+vfi/
-nT1KgVd0N4VbRxHalV6dR3mKfolt+wRoTxELyiDYU0ZMPQPiOUoaUR6NAoICAQDW
-j3WZeQpTrk+sSHlUWMLfuE2Zb9rraXruMIsovIl+G6Tea7xB2+hf2c1W20pRz14J
-ic1qxRKvxu/lay8KB5b+AOPF/WhWDF5W26xuwXbM0vH3Mgc0u8u7jdPHOeK+vaRd
-RriXtdlIdDoqCaY8lbvVj0NpAFMuAR0yN4gc1va2G6lpk33mQuhdBaTeQ8Ta4BR1
-FFI3vajhaALlTY/vDKepqXwqhutkmXM+vHEtZpy27Fj9/KA5xDj5ALvNlBbkN6Xd
-rO0GWZUl3AtgTR2h9MG0dFpL4cgTP/h8+Syc4DCsiB2EJRgkTmTwPr7du+PmXm44
-jhUzZA9tQk9alDPoWiQqKAQ5/hIO6iN9dAkrdBht4jxgV2BTMpE/Y8PJMLBeho9Q
-5Tbb1JOFTXXMgsz+0Ffxm3xkFMm4e2ZerWcSv97SxOl/3yNAGn1hCJPC8uZmEawv
-o5TWMOIcwI7q9DaTQO3tPbLigb6wyOBDFE4hXwy19tBOvMp7bfJiWCgT2TQ33O0K
-BBkQqYhpHKn8tUfI5QaU2Q9SnoRMl/CvI4a5ucUnLfFQD+WUxIe8ON6wUZsurd3q
-yI9OqegyW6v0FePB/LhLywTMeq3WvvhWnqgfS85d+sWiHLA8JgP9iB0T2uSeB0TQ
-07iBOWI2445dcMc+NowMcEixgpZyxOpL1qrKJuuGnQKCAgB8Py8lNscd8aOl2NKK
-zGn7hbJX28+6/frpMZC+ijvQaOZdOvLrV7cNOysu0E3S5QdJfzP77pkD3Tic0nnL
-D9xRqIvCFti/9U21UV+Xh/Pv0HZxwIpolnkh+e2lTxWXucTk/mnNOGFYFDh4KGNs
-AdXvAGnJ4i6dwwc0hadsDU4U2p1Toa61ka60mlXbe7lVgcdoJFQPsJSBeFsqSO3x
-IDuSosZKRawitBfyDxDi34PH29CyFXMxM0+ZL4dd9DWMW0Lo1yVtaY74RQF0wafS
-BhNW2ezp70thexiRcnNMBRnnWmi9MmH6Z5t9s3VgZfSpNmGiegs2fBQyOWc/RhCZ
-ws7nnoHnYp+7GGLA1T1OZ3GQwOGYzE8V3vDuKLCKK9uECpUhu7iLARmWh48/4KFU
-SGeyAI5rRybG9u4rrgT1phY7KoH/XlnhdfLYY6mNudqXLYTmJqmjt/66pvYec1UC
-x8AFyDVlnbQFciGDjzp63RsJpql6/DljzTEgP3+jr/xCmBZgkIrIODhasDHV7q1O
-WS7WFQDa7J236mYXoH2hxQP3Ud33zsWBeZ8sbIhDLbb0LRrM0H2ene2wVFlwBvAN
-Lmm1hkxgrxFn5ESKfNRVtuXLDwohXyBsUUCvCUCwx0fEhpqdAHTsX9vw7WCqO2RE
-96vXcSdTcRQhxe30Jc07e6QA3QKCAgEAwsrtvk8YpA5OASCvHneTPJ9LvDDD9RQH
-ajYiMPKydQ5N6Sywdq5a0qKffOqMF6gHPOuh1fxjUbhv1b4wr49icuqF4BuHXQ/P
-mlXHv6ne3GfrCzydNDAG8Bj8GxSfmgH8Nj7dmcacJN54a+/kv35FUMbHMY389nhG
-dG/cICq9Q2nrrZEdLS6zXLiiDLREBV6I1B6F4ltK9pGCh4GaWjIICc14j/d7wBJc
-gal9qvVM8/mxda2kHa3a953F4wc+nSU0bgPwEOLFuOCEZ4K7k2zta5Jy5A9woKFk
-TLm/2hDjv8+31GAFAfk2RLMCf7Z0WpKCyM+dydFe/BfGiXqhgaJM0QURiUD0Thwd
-6mitZoj5INHTdLf/GKmBGqbNelu806SgepYO7xeYct53QxvBVtn57bz2+rmwxc8q
-imwtduVBO+NQBiqkCy/BgpXR6Jyzthj3VSzTFH6+2dGsLv1WiuvY1pk8Tc3zPPay
-O9Q0drGfjZgtWD6oKdUQyF42zIZWlRz7CyvbQbhYwu0mGurN6EKdbgd+lMibXhpX
-hfnf98ADkOVx/vjfuueOP8D10+fS1lc9cUlyab1xtD5r56bz5ws0moMPsUDzkFJC
-jgluozMkgUgJo3seOQ1edA/eLkd9ZUc+H8UH7jIVy7Vea9DW4tGM5kIOjTH8uuex
-uvaCihM5ozUCggIBAODv3U1NeNbEBIGqGTl+/mRq9HQnp0rI5/k1dz79sZDtyCWM
-u3SGpKU9V/a60shcgEv8QDQ9clJHoJ/dP29OM0JdcMhntGh9Or5qDEJVK8/NtkuS
-eqb52cnsEMr9cBOEmdtHTLvOCYjXIailV0BsHDuuAkBlETbUZ9caxob5X38gBemc
-+B5P+rE7BhsZGW5rRh7QVE7g1xzhiOhxUhdT02onphLQc1I9cr+O1QxHmYjAIPJ/
-U49KcZ71rZY2225WihkjYVXw2CmO/HWWIl2QLobs2QGP3RE6p/6qTPDbv5Fq8FIY
-upqjNCcKVg6FBqp4hH/GEMBM0N3hHbQrW0eBAV9IH5AXZO1CR353cca710UEZ2Hg
-E9Yu8HK5KWmNSXEmmLC/0pEjap+VM8mxUZ7bmpnGuB3uBiC2DE6ROu64Fdy/j6Km
-bUFo0Y7AMxFk1nVaXpCtYJeLcpsRsq28raRGgI68049DEgpgEC7u9HTmmUlEJNRO
-i6Pf5o9B5Gttc6u5+6fzo0AIJlkoJ8a5lTvcQotTpcWm1lol3YvWEawBlP3T7zvS
-AUN6+Pp9DNoL6yVgT5rN+4NOd+zxV5y3xGZ3Si358uz7LnL5kN4pVnJiK9gPhwNb
-KOB2UONFc1YhzARjozk7UHDJwBHOtudQsfWrmDrZPbnlyFm2fmJww4Kf/d+f
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIISRAIBADANBgkqhkiG9w0BAQEFAASCEi4wghIqAgEAAoIEAQDnX0ZVoC831C/a
+0VojnNeOHWMcZzaN3lWbgY5NeHmkT22sh2jqG7mx8claPU7RqON7PT8g71vXZor9
+i2mrFfPayrO15gz5+SE1n5Hc7iC4EZoQL/HjHbVjUaSObXw5nHeKJrtlGtSDK2fW
+GX/qy7pa6GvGzl50e9C8Uu8IgEcdD1KNIR1zzpBk6S9yv20CNQpvqFZz5ROl8jZJ
+rvhFu3fXLiDOun1iPscKlJArqhxK9xaRC/3ZJIV45DQ8n/PfBL96v+psYPdxp17s
+uDnhaC8iQx3s/pdpnZqm5lsEByFgg9KsMv3JXz5xLCLljox9wqLFs8WoYYv84wIc
+rGc0y/whm6UJ9bxbSzppdfJaarKA6FEmqvluEhJh1eE5Hwp5w7ueZFwWD1diD3jv
+1EyWqQFY79Y5HlEMLla5ndBGjMAfY0sz1Y2GKNo+GAVfEZudNQ61fLT8Inpw96NB
+Vn1y1XQcq9utjVzl2x6TVA2yuIFnfXqkYc1zAUsP+I0Sp1aW+KN9hMLAGq/yyTla
+BfaLCtjxmhubb1x9Dz9hlCaOfbjZgEP9U2tkzk4NedfmKa2pAcTpHzyRFBKm71sb
+NG0lbjXC2oP8+Waswd7cOQZ5QP+9lw0fwXu+M35ZIZ01HwGqDuj9/17LHKIxoMoE
+GXFOlXO8AhfpFLaMHcQ/AL4KG0GW7AwtRKWZ+8v+peeOZAAvw+1ScPEiFlKdUFLS
+MpdThBYXnBj7J9TbBViyjmOjxlrFeoBbxpKeC7lzFigNlQebPbnQDArF6vMwk3Fi
+R24RvAXMThrnXDLca3PJvXDFcJUjMT9c1SW3/7KA306goOuNyTDXLtPuxEJSTvg7
+I9pp+eL8t1lBroB9IsE5Sn7d4nvtFmy568ht+W+Zr72C9Ez9y6BfVxhVET8EKSib
+UH1hkcvQGgTP6UEz1Z2S7+JN3Hp3HSb2VF81FEL/5mu7dYdMJkf9PT9C1HOcRIQj
+NZDu8PNQz7NNwv4fi+x6rQXVIorwqpo1uCGlwjxhvu0bI/NIdmxe9d/KYSM/i8LN
+u3K9utroWRDaUOo6OMb5o2rd7tMfD/FV7ui+LZMz6SwisgBzSNZaWUMqTFoj2h5Q
+kegVrfdhfHTB4SVMCqcbRBlu1yNUOpEtquCU+6tRfc1jYNbPjH8DC5cI2acn42A5
+uymvsyvPjDxzSC7ulIjjjDZCeNQvx9TUT/oed0x/o6yi4/mcAID4ttNufVmiKnFp
+PsF55TQtWxI8fEN8Pa+PcCeP6Osq5Ewe/V1DVoHwMcVIPzJfJfZ7zs4sTtTrK8tv
+EF5WyL+Ow9pIfj26BqQxdhbcujq4+HVj16i1T9u88JcmOaP48jOCdrdf1oyCEleE
+oeBp9/k1AgMBAAECggQBAN/1VDKb7DjBNlU74mGodupEPeSHb8IhXYI6BNGudSh8
+DfA73m0Fy1iYb0vfHkVJknB/V3T83EyDILTN1snZZQL6xLuk5BivctriC6HsClXC
+C/vxPNWXszVhGMUY628kqn1agngaYWxafpc6dZyD+W33niOBLOLZ2rIAIQp8iNlz
+NHgRft3TK+fR47DR5KWHTAPK0Ww7aCpwauYl7IIrNZRfPTh+QdHwbGAsb+UkM2DJ
+Ddn23o/qjxv24S1xsvDEOsiJrlOcBMjJttOye6xZWY5zoyr9QPjlqoY1YhJjCIbQ
+8wLmFMxwWhPYIitMMWemGEMAgao8SfHOlwPESd5MOVEaxMUATYOdLPxaQ+4La5/l
+wG+Kfghyi8KR8gGFr3Ev6pMmGBDuZqovyeNz/3KyQvCgrx743oDI9f+T57/yjCGV
+znxtESG0t5P1UnW0qImiiwtXnCSXBygEPM2I98NJJKyAGhNDS5He6Ri4+s1tVS0k
+w6sMVH8m2E6sS3mr6uAV6sMb2Bt1eayr5MzkCsKKDHbIskJhqAgR00sTycKRpXU7
+eBRlRAX+wITA1SAgZc27PaxeJRVVdbyK4ghSVfguVvG27J3Zl+5PdvZ6aG7EYQhW
+h0ie07XHSFzkcbSyv7yp1BPQtiQrIkChoAoZypjDh5SL/jMKbqzwPz6w7EMCIRoA
+qZDdJQiOkpUpsz7rAjBtVaqogFOHIG37jL3FyoMh+9CLgmRxz8hjTFXeeovZlG0R
+xTf4Zw6xTycMTipW2ZrPDF4bPZoiyEHtPu8IaA0MPsejql5QT2EtinOvIUXcZ9v8
+zNNnJDW/Uwi5SBkZN7s4UTmgMOYwxCnnFHBEYqOE6cBOUG9EVOE8gzYSaeWtZS3o
+nsuzaxTsSZwV/JbF7AkHl7af1QWMugg5wCPpAlaMHxq/YZNN3GffkVYfDweKoGub
+jc7+NuYlj9IC9bHqASptRgoAh9XPxVBofcOh9Prax3U4rHGVgf4EDqaxvWgdTEuw
+v1Vz2ah46kPDyTt/rtDDDWWetJhvC/3sHh9fw2BIUubmYCom0XasI4wdUJ9V0b3N
+aWPH7AK3wmzM3Yh8KpIJKsl6xTy9zT0HTNCKvo4wG9HvFR5gl2penyV7wJ9FHwy1
+FLABJicLOXbU+NxBfbgxJgoGzvYd3pnbDN5y/DT4CyaLyVdAnH/2EDGBct/2DWae
+UxFJFg7ELUUUcP848EdjyVeUTfssnDq0JANL+2G2OSzxsMAyn73ce/cIBqKABxNb
+pg1RhGxHasKrvMAQJ1q7/Lw/16q/l+SK7TyYEynol5aPFfmqUHRanYkLz5z4Xm0/
+NdNqcl0DFb8NdXgLwdLpB47ycTkwQC9y8zd9F/2fgX0CggIBAPauqNdavhkZWp5R
+EBWhXKnhENvZLSkoXElmOOjnccucgww0NXIez8jhoPXnD5BIbhuwfIumzS47GtJF
+IhxMs5L9tTfK8XJAFDAWlaK3m24qcr2tToM5ZXs2RVf0bnspjqsTMz1cL1YTxtsm
+M7h8JYg55+CU+yaKcOnEKbgYKry7HOIMQmm8JsWLVGrRVgaCdti/llDdyF9obJUj
+ogSLAfF2yegIQhjpD9dDCK+vjTM9O7fDNf+lErOdo8q7A1yV339Soc6awrEQoflV
+/G07cxxmOsxmHvuNKHD8Zfphs0nF1PXTbn4ymnyKtPW/ytb9XqIVKorpD3g7+1hB
+mcH8oMhk3y9n53fQ0xn0eC2LK7bMiahOvw307oy3gLi1yWt2cB/9Oan+m7oE/kyI
+x5cmVwqRE1yAddxSNP3/J0J0e0tcU/ooFZK69vv4P6V9b708RgSw9MRAlNwcLa/1
+BqWw5NBzE2Urfmxyeg/gH9n+BQ43M3M5Id/ShDQmDCeXeC3rXKVk2Zr9+ztUpYc7
+dVfsLBAc1HrNiM4xY5KIaaKC63Eau0agZsSOw2CF6ulo9TOCE1Y4MmCcAdUelEPq
+/i5xHBvWk2sQpM6owF9557/m8tXyREEBEkwESZIu9B72ai/OWxakOOcHinrFE2nx
+p2rOaHHhTGHOunjxJD4XwT4mZvCLAoICAQDwHJJEIh1G7EQre7tTUvuJEDdIyB2x
+NOLA/cehxWtg/BVOIuMEgF3RJ3tKe1F4dt1/47w4OgzvoOguhu/A6DyylR0383qp
+i7qHb4IZMvUifHdYIlFlGmr+P8InDsjxm0AJgYc+HQwxNr12oOAin1qOzKwjfRj5
+QiReovoS66TsxxsDdcsdwdaXqEXP1SLTdFuX2cQ562uzcWqS4NOdDH5SQalF7Lum
+qCoqG+q4O3s6nqZqg5m1YKjx0hLkbeeNRlvEHJnbHeoXhw0thuytnx1sUGwecCfP
+cWlD4ThGSVD5lDZPPCrc9j6nYtqjvB1mgVFjigxiPv18CuEY255SA6bu2ldHxI89
+4YPEHlz0BvsiYnNTek5T8QGQP/HfGPmSLaE0h76YoOBrQg6CdNnPHpPi+sthX3KC
+DYeYV650gX0DjtubQRFeCWlHkH8zRR0B0faJZD6q1JqXRJbvaMgq26FCrj+cbzhe
+J06D5cGSwZVBpmDl2c1iPVegJTGfLXVb1Gslbc6lkjhgHQbtUvTPV9j9bQ8EVVHM
+pydZNGAc6XNCXi1oA5bIB11VpS+WLB9zq/w4LkNrXUakuzdaX8Ox/EUzyN39aDRV
+p0BX+MTpJnFk8ZN+4kAhWa86oeuvBgDmnmK2vXS9ZTDUN643p79aUrt2uQLZqIaY
+kcC1mO2ASUI1PwKCAgBVTNQpk8FEYJYLRLCxKhkmzSLNQu3w23n+D5ECSHX7GGXg
+ZHVOvwTOy+ai4YFqPQGGJaMLj2RH5jxCFZHUA1ndLEnrvwt6nFnevxCDMcZXc+o1
+WKZbjg9facbUwTsq75Xb5knDoArmUvRid3VPB+7ailt6N0oZa6nby+85L3InzPQR
+3ndgpKUrjiBkx3pdyeNa0/UghXByPWO+tpGhzIehfZgX2jMw9fZ6Uz2/so669yOd
+Sa10dxpebdZjlgN1koW0O1ikXrOQEtZPp8If63zEhz0xzOZNyeQAHecNi5c5nWUk
+lDYTAWCWTEiC6g00Bm0g0vzhB/JHe0ZQoG6Qu9DFOsxKUj2iGt3Ejdq4tPUqwtOf
+FYvPQbDzi8jBFmtN86iWBzRXailjS7K7uFh8Fc/nYX82b11SEEMuyXpD6o9v4b9Q
+M2gyUuBxBMjNavCmmR8FJEOfUU2oRz4tKCdiSCb3RbOhOkb/LR60OqYI9WO+JKxv
+3YOvJ9Z7SeTOE/yEtGxW7OaqR8UGISEUACV1f79E2xNGW6hA1Kc/1lfg0DCl7b5w
+j6q5sTwyNlyi1Z5kb0hMeiZBbfDcRzSxv6KhYI99uNdFIH48z/GlkjvnCe9St/GO
+INa43oqqN/5GbqMNYOfyjlr22I60IU2zRtLDhhhruKJ298tXYttLdV9nJFRYPQKC
+AgEA2JcdRYJ0YF6Nm5/QOXh4V4oeJHQHfKsVBDuoEYAQvXqHCWWk3JGijyGLMIOO
+2Rh3834NcbbDpoDCD/4+VQfogLrLkYX7FudpCfSHKY3y2/nkecbzHz02WERRMYQ/
+tNlzaV/DDD+NmPMk8tZpeDHAsWFkwdp9ZZLJVeizpc+UhNWRw4xE/YG1vjXXS4Oa
+F541ZQPV4t0+2K4tEXLm0BrN9Asw01eZadr1teha0XcuUJF90kUFqTwZCZGS4yVU
+ovZdnsih7KrOWAzF0VSNOIx4MRVWghpvfstxxf5qEdTey1Nrrgu7KnihycH9MYdm
+CeoK7bxAMXtaksMJi6/H33lV4s1nv+BJyescPhOZi7KkZL7kAuAnucaDv4g++R0B
+O2AXs1fjkLBF39rFVd5r/0443p2WSi6cDz5/Gue1AXkwuL3r0N9f+DCLHDf21du5
+L8QjHIolkVmYXW1MrYcaULavf4PI86bL9PqF86qT83rV1VNswsm2X7Cv01DZsxmB
+bKVvRWMI7ge4/NISRo/3LvWyUeBHlIQV9oKtluUM8eePxcVINjROlf82rSQFifQh
+Julz6YWp4TZRnBUY+Fe8IlhKYE0IGiceVkk5XGGV1i6MSR81ClayvKK20y/udoH2
+3BDxQKAjpxiZdEUJzUBu9t38Jjr7nDVNvGB1shnR20+5/mcCggIBAMAJPCyRqnFZ
+wmy3Bqe/LS2eUzly9Rrp1kUHCgmD9uDDfzS7A/NButb17Akd8BPzI3rGTvf83fuJ
+ueOVBWRhBV64bDL60BIUmfp4aVmk80GYeSw2TVKIrPrmy/80UVv5b05zTkY8TiKF
+FOA1b+g1I2h9/U/DdaC5um1+5oVaBNwsH1BVdW6rRVPhhkw6+EwqDYJMKSQ59O/7
+iyQj2gSfz42FV7CG0X9cHIIB1Cv9hbHoHVm0JwD+bmKNylK/xfClgLTMZGjBCNkx
+zmm3YNvM4BBFtmXyKuuBnBOY3u1hw78Xg9tfmFHHODVSkrufxUXfFseqXQ7o6paH
+hxxCNrf/Qog+MbepJDf0L2RjfDjLI2Np5+LQUFjvULagTDYLQbbnZedpGDtNRcqj
+W4u6HlaGpnABv7RbjikES3hIpkuk3z3lsQIPGG/p/wHdQj9h2dWq8jIPT6zsVm//
+5cB6SpIGF6fIFc7GVQ/Qzu8P3ovxgbvaku5p98SCpamGH4xbz9D4hlqiKI45GJiY
+SX+taP2q9ehd8wSOHcXQAEUVp+mWTHCSV+lWxve/O6EEjRljUlt9/jxEog6NlK6y
+4WtLRNBK6mHaBTVLKzpkrDDzjrOpZqvVm8bNXE5BZ1odGAyNEfygjZu4v8eF4ZHh
+ehReaLFnvTEpdNeL7KhhRXDhscR+7hwQ
+-----END PRIVATE KEY-----
\r
\r
[ ca_server ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# This is OK for an SSL server.\r
nsCertType = server\r
nsComment = "OpenSSL Generated Server Certificate"\r
# nsCertType = objsign\r
\r
[ ca_altname ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# This is OK for an SSL server.\r
nsCertType = server\r
nsComment = "OpenSSL Generated Server Certificate"\r
subjectAltName = DNS:*.hoo.org,DNS:joo.haa.org,IP:123.124.220.1,DNS:g*a.e*.com\r
\r
[ ca_altname2 ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# This is OK for an SSL server.\r
nsCertType = server\r
nsComment = "OpenSSL Generated Server Certificate"\r
subjectAltName = $ENV::DNS_HOSTNAME\r
\r
[ ca_altname3 ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# This is OK for an SSL server.\r
nsCertType = server\r
nsComment = "OpenSSL Generated Server Certificate"\r
subjectAltName = email:john.doe@foo.bar\r
\r
[ ca_client ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# For normal client use this is typical\r
nsCertType = client, email\r
nsComment = "OpenSSL Generated Client Certificate"\r
\r
[ ca_clientserver ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# For normal client use this is typical\r
nsCertType = server, client, email\r
nsComment = "OpenSSL Generated Client Server Certificate"\r
\r
[ ca_fclient ]\r
-# This is typical in keyUsage for a client certificate.\r
+# Test cert without flags.\r
basicConstraints = CA:false\r
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
nsComment = "OpenSSL Generated Client Certificate with key usage"\r
-----BEGIN CERTIFICATE-----
-MIIDCzCCAnSgAwIBAgIJANbLTjynlDJIMA0GCSqGSIb3DQEBBQUAMF0xCzAJBgNV
+MIIDCzCCAnSgAwIBAgIJAOhpVce10J0KMA0GCSqGSIb3DQEBBQUAMF0xCzAJBgNV
BAYTAlVHMQ8wDQYDVQQHEwZUcm9waWMxDzANBgNVBAoTBlV0b3BpYTETMBEGA1UE
-CxMKUmVsYXhhdGlvbjEXMBUGA1UEAxMOdGhlIGV4cGlyZWQgQ0EwHhcNMTAxMjE2
-MTcyMzEzWhcNMTAxMjE1MTcyMzEzWjBdMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMG
+CxMKUmVsYXhhdGlvbjEXMBUGA1UEAxMOdGhlIGV4cGlyZWQgQ0EwHhcNMTIwMTMw
+MTIxODU4WhcNMTIwMTI5MTIxODU4WjBdMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMG
VHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRpb24xFzAV
BgNVBAMTDnRoZSBleHBpcmVkIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
-gQCyL1xmtX8CGM5PfEou8uW23mlgQecVzCkWSL5q8oa3v0AUTI6oMJzLKOgCt6ej
-0HNSnGsoOwQrvG1sjR8GNPcSN7MK4to/1xPR4+wlIr+R5w1s8fCBzQsuVEdIthFp
-Hp8U/xB13FDFouFRT7Iztb0Hww1qFQfnKji1f7G7m1VZLwIDAQABo4HSMIHPMAwG
-A1UdEwQFMAMBAf8wHQYDVR0OBBYEFFqbGmHdV/NQQlNSwzcfKNJpdmSqMIGPBgNV
-HSMEgYcwgYSAFFqbGmHdV/NQQlNSwzcfKNJpdmSqoWGkXzBdMQswCQYDVQQGEwJV
+gQC1t53CFkwM8zBKnEpvtDKgvorgvn/bQuMmDvgI4xCCUW9OVPGETmneMUNPfZZM
+fpz0fMnXdVPV4EvN3urJukN9r0Wkt8RCbFfNqLDy0WE4ybxD/UoeFv/b63CZoNUb
+6eDNti0ysSQu2Vr6JI1HzzfHCRAKR+VLr0ck0Rg9ATZz4wIDAQABo4HSMIHPMAwG
+A1UdEwQFMAMBAf8wHQYDVR0OBBYEFJeY0oWWx+v5K4MaIoLNVb2SQGS5MIGPBgNV
+HSMEgYcwgYSAFJeY0oWWx+v5K4MaIoLNVb2SQGS5oWGkXzBdMQswCQYDVQQGEwJV
RzEPMA0GA1UEBxMGVHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJl
-bGF4YXRpb24xFzAVBgNVBAMTDnRoZSBleHBpcmVkIENBggkA1stOPKeUMkgwDgYD
-VR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4GBAJHrEyQ6gk50iaWb5CmDwXmk
-mJ60QSeogrjZaOXnEE9ibTOU62DHBnRupPl5F5LunBEkj43ZAxemKN66oDjdRRpT
-nO1kDuUFCVO223f6o7iYr468k/JfINqs7/6Rli6kHkOrbiWedu/EA4bCuvz8vtdT
-cZAQwVROG3O8UCWr54h5
+bGF4YXRpb24xFzAVBgNVBAMTDnRoZSBleHBpcmVkIENBggkA6GlVx7XQnQowDgYD
+VR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4GBAB/EsxQPeusXzdverpRgPqwv
+bU9A3wzB3Y//mYQ6x5kVEmam7BX7dsBn1LcusxyjPrOtQGJb50fGRcADyvlSZqf+
+DbyeV0q81Qoi9vwWbXD1m7YlF4mIQrTh6vmr+sKfym0YjXrRQ97XAfe4B4/kO0Ic
+gxsLwktuviOeRbJw/iyR
-----END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQCyL1xmtX8CGM5PfEou8uW23mlgQecVzCkWSL5q8oa3v0AUTI6o
-MJzLKOgCt6ej0HNSnGsoOwQrvG1sjR8GNPcSN7MK4to/1xPR4+wlIr+R5w1s8fCB
-zQsuVEdIthFpHp8U/xB13FDFouFRT7Iztb0Hww1qFQfnKji1f7G7m1VZLwIDAQAB
-AoGAMB2L5QxDlKxgIaSdX5oln8DlUaHaJc+wlJzmFnkRGdMiGZkmuJIP9OhB5mHz
-ec/TJE6qvP1avfiuz64333Qz9xrrZKihCsdgDLsXWGa3Hpg/yt61Ba797XOq3zRp
-WN6yTCuckQUHIMOH50j5g5GYMCPRE/MAM3R/Cy/CnGDhWbkCQQDf8dhm0W1UNrsZ
-EMsHFVQ7G2gkpJxPQ8nENov/PQwetZXUKGlmYs4NY/DH5QoW25hOS/VmSYV7UH7y
-Kj2eOllLAkEAy7C2XkSwp8SnpnIMf6FPofzD26mZi8mOZ0vYkjG//O4DEUMz21FV
-0ZIb741ymUHH7avrcfEqBgMyPrGoYXGVLQJBAJ+u6HqwPL/+4ryFz+92EwCukz0F
-r3uJv7ZMmtjeI+VF39dPFZDvRTQhHlC7Dc2sudairRJJvIdop4xv+E36Fy8CQE5/
-A0jA3/NHbfRO71IgMDgU2MXGTk34ltBoAkYUthAbCUOVyl4ysgfZbrqaoBc/qnSF
-VG7MqY03nh1bCbDDvOECQBGiBBk5Bntn4BsFBrd02TaypGF7htMhzpfMtK4x0ix2
-16GXhgRvAEROLFry5mJaM/Fg8X3ipxbWCyBEzxWnC00=
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALW3ncIWTAzzMEqc
+Sm+0MqC+iuC+f9tC4yYO+AjjEIJRb05U8YROad4xQ099lkx+nPR8ydd1U9XgS83e
+6sm6Q32vRaS3xEJsV82osPLRYTjJvEP9Sh4W/9vrcJmg1Rvp4M22LTKxJC7ZWvok
+jUfPN8cJEApH5UuvRyTRGD0BNnPjAgMBAAECgYEAn+EOhx5RCS/KNErwXvmfdbhP
+vk89dO+TpP+UkVUeSFpX4QZxfGP1V43mWAD6BRF9DMriV5QeD9YJO/e+gYBFMcs/
+gE3r5Fc8gbN3/Cd4qKz7+LMp74o2vHAKSZazXR1eV400GUlfVQFExeyCyL6hSV21
+dWtsdvYz20vCyFNK7tkCQQDZ5aa3bCyTV1/KZuZrfKmb/coI5gXpVFW9hl6BiNg5
+BaYe7PuEHuT78YrqLej/MiAzqiU4QpZkkedYZHx05XsVAkEA1X5YIXRuk0odqPgm
+caeOe7Uealolc9tPhc4qH16A8nkzcmuYFZ/584gZU50gRKG8PNO5fEtawhEa5X9p
+YLwRFwJAMacJRIbb6X9hjqfAHgI8TBWa8kgoVLEpEJUL+AyM6QGGh0mNTuATYe36
+r75id7Sebed5r8ZMqwIsa5IKYkDguQJAQrS4WrOjfRfyToJCmM5uwY5k03wZKasD
+nN4+4RBJH/norj6aBV+33HTQ3QRCOc+DHkpVMVXmJK7thXma9mOsvwJBAMWlj1Mh
+mLnIp9qeKYgiMkgceIUwjIcFEjtgdo+JdcouRbiuGJIrX2J4ywuYiNj7ElbXkJrm
+27TiftM8hnG/1nM=
+-----END PRIVATE KEY-----
\r
\r
[ ca_server ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# This is OK for an SSL server.\r
nsCertType = server\r
nsComment = "OpenSSL Generated Server Certificate"\r
# nsCertType = objsign\r
\r
[ ca_altname ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# This is OK for an SSL server.\r
nsCertType = server\r
nsComment = "OpenSSL Generated Server Certificate"\r
subjectAltName = DNS:*.hoo.org,DNS:joo.haa.org,IP:123.124.220.1,DNS:g*a.e*.com\r
\r
[ ca_altname2 ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# This is OK for an SSL server.\r
nsCertType = server\r
nsComment = "OpenSSL Generated Server Certificate"\r
subjectAltName = $ENV::DNS_HOSTNAME\r
\r
[ ca_altname3 ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# This is OK for an SSL server.\r
nsCertType = server\r
nsComment = "OpenSSL Generated Server Certificate"\r
subjectAltName = email:john.doe@foo.bar\r
\r
[ ca_client ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# For normal client use this is typical\r
nsCertType = client, email\r
nsComment = "OpenSSL Generated Client Certificate"\r
\r
[ ca_clientserver ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# For normal client use this is typical\r
nsCertType = server, client, email\r
nsComment = "OpenSSL Generated Client Server Certificate"\r
\r
[ ca_fclient ]\r
-# This is typical in keyUsage for a client certificate.\r
+# Test cert without flags.\r
basicConstraints = CA:false\r
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
nsComment = "OpenSSL Generated Client Certificate with key usage"\r
-----BEGIN CERTIFICATE-----
-MIIDAjCCAmugAwIBAgIJAJ47rLNvvXxtMA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNV
+MIIDAjCCAmugAwIBAgIJAPgDH6mOySl4MA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNV
BAYTAlVHMQ8wDQYDVQQHEwZUcm9waWMxDzANBgNVBAoTBlV0b3BpYTETMBEGA1UE
-CxMKUmVsYXhhdGlvbjEUMBIGA1UEAxMLdGhlIGZha2UgQ0EwHhcNMTAxMjE2MTcy
-MzA5WhcNMzgwNTAzMTcyMzA5WjBaMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMGVHJv
+CxMKUmVsYXhhdGlvbjEUMBIGA1UEAxMLdGhlIGZha2UgQ0EwHhcNMTIwMTMwMTIx
+ODQ5WhcNMjUxMDA4MTIxODQ5WjBaMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMGVHJv
cGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRpb24xFDASBgNV
-BAMTC3RoZSBmYWtlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDp5shV
-W7TJt1k69urRkk1MBD5CEOhgJvCh0PNKQVkF8KjnAqkRDUywUukU0+SIQz/NNYFX
-ATC8t3AFUH2sbvEogcpCPTm1D+SQznEYw5G6TO0cPGG085yOWTSdpXI1z3sGBhTs
-WMVNYF14gmgNik6vgKAth/tSS3MSLAon086i7wIDAQABo4HPMIHMMAwGA1UdEwQF
-MAMBAf8wHQYDVR0OBBYEFJMbyYcSo6yXJUmr8dlyMAkpkY2nMIGMBgNVHSMEgYQw
-gYGAFJMbyYcSo6yXJUmr8dlyMAkpkY2noV6kXDBaMQswCQYDVQQGEwJVRzEPMA0G
+BAMTC3RoZSBmYWtlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzlnBR
+HSsApirUUdYCygHxFgDZMOBfdcj7cyzWaf/gXb+vgzmdAAezXq96xTN+CqDV7tLC
+4MHz420kmymbIzl8Dr0ik8VfeSBl0w5v1Xuyk161pEG1BvBPKk4YLazM7rvVeTcL
+GEwQak4F7X4uCtKHascutlH6ZwYk3/a8/bRsnwIDAQABo4HPMIHMMAwGA1UdEwQF
+MAMBAf8wHQYDVR0OBBYEFB533RdbipSQkkglGN+ZZRE81WwwMIGMBgNVHSMEgYQw
+gYGAFB533RdbipSQkkglGN+ZZRE81WwwoV6kXDBaMQswCQYDVQQGEwJVRzEPMA0G
A1UEBxMGVHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRp
-b24xFDASBgNVBAMTC3RoZSBmYWtlIENBggkAnjuss2+9fG0wDgYDVR0PAQH/BAQD
-AgEGMA0GCSqGSIb3DQEBBQUAA4GBAHUG2f9J6MkrzC801Zw6OpasF40i9mSQmEqi
-lRU0HeV1Aq21giZ0OSdxgfl1abd2jg/FPZmtakowBWdBbs0woRkBlpGr0HRIDSwk
-ajiISVBmWL9KAejQc1e/8QrNOZwTd0NqWLknjw0ecQg6w2YiwzmupcnDOQIDfD02
-A2hHpJQV
+b24xFDASBgNVBAMTC3RoZSBmYWtlIENBggkA+AMfqY7JKXgwDgYDVR0PAQH/BAQD
+AgEGMA0GCSqGSIb3DQEBBQUAA4GBAG+oJY5ErX0UyYdfbfqV/i1rvYLjYeZj5xih
+uLYI6WcMMKBvGZRn83EgpXVdA0kCvoJXaDjsfCuLhf81j8cP+cu1c4l7q9qO4qql
+W0fkeZ/AeP9YbC8vB849JRlUhmCkW1GavRd835MHAT5yTxO33Qrh1ImiFHI4Jzgx
+4XJm/E8b
-----END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDp5shVW7TJt1k69urRkk1MBD5CEOhgJvCh0PNKQVkF8KjnAqkR
-DUywUukU0+SIQz/NNYFXATC8t3AFUH2sbvEogcpCPTm1D+SQznEYw5G6TO0cPGG0
-85yOWTSdpXI1z3sGBhTsWMVNYF14gmgNik6vgKAth/tSS3MSLAon086i7wIDAQAB
-AoGAdFXIxku6e6mpw94TpPCzaV+i55EpQsmbXaBjoUcnVAECwQNdu5F11y0lqKpL
-PErWbOZz0iZRa0uBd+M03pK/dobLuKM4uPx+6XqKyGjzP3TFWj8n8S3v3Vf7YLPn
-RI00IkZklPmA6Zwq86woDCouHIQq+4uq1z+eX2UNQJ8iLyECQQD2C4JcfhwN22Y0
-IqmwXCXsy/WkGjCKpaW0V5UPlKe7wz7jyWdp4xmdZd3KyNrl/6nwGwnuQAfsXdO6
-Zs0Posm1AkEA811+UsIZVAeMeuu8i9heT3EcAQfmQK6xCnQaNv4g8B6STkDf5PER
-gsg7YUvB4FMdrFuMSRosCWbeGVNj98OQkwJBAIfrm7xUvlK5XSB39Z3Dif/iPHTH
-MwGkuIGD0Iim6nJDTb6wSDyqhD/7QicABk0Ai3Rku3uuS7I7svdKSwXUO/ECQAbo
-LGGk6Jsd67rBXgSKC4MtrqHI25wSWSv2x5ev9rdZ5sUZykDxJpITpLvKLqJzOXBe
-2MhqWb2akcseNsQdZMkCQHQHid1TRCxukOIyrrM+iXrHkDolt2A2xnJMCFuzqHSI
-o0MEcNJEuQ/wT41tMYQrXjlkdHeL2coXhn1sh7qwCvU=
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALOWcFEdKwCmKtRR
+1gLKAfEWANkw4F91yPtzLNZp/+Bdv6+DOZ0AB7Ner3rFM34KoNXu0sLgwfPjbSSb
+KZsjOXwOvSKTxV95IGXTDm/Ve7KTXrWkQbUG8E8qThgtrMzuu9V5NwsYTBBqTgXt
+fi4K0odqxy62UfpnBiTf9rz9tGyfAgMBAAECgYAo4yJ1RUfKIQr1RiCMiAODKThO
+OrOK6F026pUVyBJquc1vn1fZp+0Y6IDZWdaMZs0RiAtSNSvTZD8wK2eAm7d1Zhay
+Z7DEKKFzjd+n/yOXebQ3WZFFwmSSldUdgL+jmsPUAeDKycCGEOpf0EBDrGL7+/U4
+ntV7K6Qpk1AhEDmvcQJBAO4DjgO2jkOKSKMialU0f4aftVVU7ykfG9VdfSVRzvo8
+CnI93jVXeoh+lh7jNIfWHBG/n/6cnARqaywZOjSMCKkCQQDBKJy0pqAMMXNYHgTw
+PBr9labfV5HeiDcDe8KvUz+FtXbTWe32Xy9pq1NrKXKp1dxyqJm/poK4v358THng
+DLAHAkEAkeFL4aq6d1sCOjqVwbNzlie9FJgCHcobXSL32S/TFDxIisywrTD4wUAU
+8sl/IOJyQc6ZWYzTc0FmfpjXu+04QQJAJGV/qbaf/8wtnNQDQDVDLLdPO1Rn4xOt
+shVW6Ox50rsPyeFvKnZjG7kxvcaQmZn3sQ898VPx29gRgGB0spgRbwJAfc6wCeY2
+YFHodO/zf5U5fogiPh6nRw4TUfTBBodRQ4W6QnT4R09rNxvVAT6gtvLCM8a5P514
+MP4ptCGeGD+jXA==
+-----END PRIVATE KEY-----
\r
\r
[ ca_server ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# This is OK for an SSL server.\r
nsCertType = server\r
nsComment = "OpenSSL Generated Server Certificate"\r
# nsCertType = objsign\r
\r
[ ca_altname ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# This is OK for an SSL server.\r
nsCertType = server\r
nsComment = "OpenSSL Generated Server Certificate"\r
subjectAltName = DNS:*.hoo.org,DNS:joo.haa.org,IP:123.124.220.1,DNS:g*a.e*.com\r
\r
[ ca_altname2 ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# This is OK for an SSL server.\r
nsCertType = server\r
nsComment = "OpenSSL Generated Server Certificate"\r
subjectAltName = $ENV::DNS_HOSTNAME\r
\r
[ ca_altname3 ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# This is OK for an SSL server.\r
nsCertType = server\r
nsComment = "OpenSSL Generated Server Certificate"\r
subjectAltName = email:john.doe@foo.bar\r
\r
[ ca_client ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# For normal client use this is typical\r
nsCertType = client, email\r
nsComment = "OpenSSL Generated Client Certificate"\r
\r
[ ca_clientserver ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# For normal client use this is typical\r
nsCertType = server, client, email\r
nsComment = "OpenSSL Generated Client Server Certificate"\r
\r
[ ca_fclient ]\r
-# This is typical in keyUsage for a client certificate.\r
+# Test cert without flags.\r
basicConstraints = CA:false\r
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
nsComment = "OpenSSL Generated Client Certificate with key usage"\r
-----BEGIN CERTIFICATE-----
-MIIDFDCCAn2gAwIBAgIJAPZ7YDhrX55SMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV
+MIIDFDCCAn2gAwIBAgIJALoXg5GbierPMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV
BAYTAlVHMQ8wDQYDVQQHEwZUcm9waWMxDzANBgNVBAoTBlV0b3BpYTETMBEGA1UE
-CxMKUmVsYXhhdGlvbjEaMBgGA1UEAxMRdGhlIG5va2V5dXNhZ2UgQ0EwHhcNMTAx
-MjE2MTcyMzEzWhcNMzgwNTAzMTcyMzEzWjBgMQswCQYDVQQGEwJVRzEPMA0GA1UE
+CxMKUmVsYXhhdGlvbjEaMBgGA1UEAxMRdGhlIG5va2V5dXNhZ2UgQ0EwHhcNMTIw
+MTMwMTIxODU4WhcNMjUxMDA4MTIxODU4WjBgMQswCQYDVQQGEwJVRzEPMA0GA1UE
BxMGVHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRpb24x
GjAYBgNVBAMTEXRoZSBub2tleXVzYWdlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQDx5Sz93RLCLWRTfRtPmqCzRFvFVp3c+c85paLf4t2Bei/qpu60ptzl
-oizAlcKfExOKJ059FTIMIewVEWwcv7JShiB+v2ckFcLTmX2uB+T3ntEJP2T2sTBQ
-SvGOopjfbOCn1RjskvSofCW5yu47F+pdCWA+XBeUwsE3QFmzRUejLwIDAQABo4HV
-MIHSMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFBBaxa2WNA6NT+7Yh/JWOHWbuDO9
-MIGSBgNVHSMEgYowgYeAFBBaxa2WNA6NT+7Yh/JWOHWbuDO9oWSkYjBgMQswCQYD
+ADCBiQKBgQC5ly9mLQi2a+oSMMKtjXSuBuhplOZ4I96GdoXsmfhfST1kL8nUtT6I
+4yxL/gBP6sCEYA4dE9Cfkh2GyjxZ8Med5gvRwiDSCoDBV5aW6f5EHFfKPCwQLw4c
+6sW5/o005dRG/rT6UmDnZ92hgwgMHBFBYH65oooS38bJMCdCpGzAtQIDAQABo4HV
+MIHSMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFGQBn04SrTlLH+zvAyiMarUaAuNa
+MIGSBgNVHSMEgYowgYeAFGQBn04SrTlLH+zvAyiMarUaAuNaoWSkYjBgMQswCQYD
VQQGEwJVRzEPMA0GA1UEBxMGVHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNV
-BAsTClJlbGF4YXRpb24xGjAYBgNVBAMTEXRoZSBub2tleXVzYWdlIENBggkA9ntg
-OGtfnlIwDgYDVR0PAQH/BAQDAgECMA0GCSqGSIb3DQEBBQUAA4GBAMvhCDIdYcDW
-WgWc/S/k7+sEzbA3eASrPR524l/tUwby+VFtDNhzo52jBAB4BXCOeyu3QdckQ5Y4
-AmiJTJ74HUBDVpFsKwVNEgClgJyC8so4FDblPqmuI2vVuH87zUKd467kR8jXU46G
-yo/qd5Pjqh+Zm7qQWdTlElovq5qlAB1d
+BAsTClJlbGF4YXRpb24xGjAYBgNVBAMTEXRoZSBub2tleXVzYWdlIENBggkAuheD
+kZuJ6s8wDgYDVR0PAQH/BAQDAgECMA0GCSqGSIb3DQEBBQUAA4GBAJs6bi2psC4l
+ejxqL3h8CdsrOQFJGF5TueGrHm1fb32ML7FzjIW6q6I2A4RrF0J56QCKOIm+yeja
+8VR1JwqGy3kUrUJAUIXWC5MO74cEj9Xc+RSWHJr7LnCXmiXD1XkPjObOO6ufxRan
+eyVKQiJroBnV5Sdo/1LTgfKnHKoYxijQ
-----END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIICXgIBAAKBgQDx5Sz93RLCLWRTfRtPmqCzRFvFVp3c+c85paLf4t2Bei/qpu60
-ptzloizAlcKfExOKJ059FTIMIewVEWwcv7JShiB+v2ckFcLTmX2uB+T3ntEJP2T2
-sTBQSvGOopjfbOCn1RjskvSofCW5yu47F+pdCWA+XBeUwsE3QFmzRUejLwIDAQAB
-AoGBANNoZPr2BJf6Te19sKnQzVP/kWkVu2BOX6LVNVUQlGC9pjUhcgwmrXZwV0Z1
-XKPkazZaBgnhxVy/JPKAyIkTrMcp9lY8ydLsttB0m30pA/Vp+T1zmv+CCKApRMgB
-fho0avEmQz5vsa9hppB3E1Ikj47TynaJxBbtk8NON5aqv1cRAkEA/JOeXu0Nddmj
-p8p0bPFjetQwDuVnGEpE+u8bvUPjSu6Y9EsJsZfs2VZDifIdan3NvEfo0h2ak5oz
-2TCC1WLsOQJBAPUsfr+0NzIuYQR3wl61/vG5o3Usu0OjPxwx35/TgAjNzIcClCC8
-HvAg76JGCBut4UCjIht5WcZpLi9oomdP2qcCQQCpWbkoYL1TtXe7u01Q9pEC/F60
-vi/f43xY3BW3U1uFFHHN6ro3L2yJVQO37HS4wF0/zt9Wcq8AJLZ6+8HdnZRRAkA6
-zvl4MlorB0TuNWvCHBWTFdxHdvtUNgwlTzE8vRaxBexRViUB1R32q2/PlMzNFuA5
-COhdfrYyCXiyln6eGWFxAkEA3A6CojzW5WTf5AruK/yNR0c2gvNwBjhaJjS/oK4k
-DwrWW06vqIwrptUYREc08Ysl9miysH7lRLXbH8JfddU6aw==
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALmXL2YtCLZr6hIw
+wq2NdK4G6GmU5ngj3oZ2heyZ+F9JPWQvydS1PojjLEv+AE/qwIRgDh0T0J+SHYbK
+PFnwx53mC9HCINIKgMFXlpbp/kQcV8o8LBAvDhzqxbn+jTTl1Eb+tPpSYOdn3aGD
+CAwcEUFgfrmiihLfxskwJ0KkbMC1AgMBAAECgYAPKWS76i3uCT7kIYul9gp0NShD
+h+CULAn/3iruu11pG2iiiKzqbawgLr7trmCEJt93cQl2IqpGfv9ehaMMjfkgr2Oo
+LI4i60w4MtgUpT4jHGXIel5FRvE5K6edP+d7/F0r20V3nMAgs5x8LzYMnEgLltGI
+1jVw16VZ3pd3mqJsAQJBAPBX7kODGQuyBYSeCawC2d3i33rGHsW+hsZGPQQdwmsL
+hqRG7JZMkEn2GmgwzRBXKHuGGaD95FZEAnRaQbDxZYECQQDFriv4uFUvbbGi85p4
+qUCenf7tEKiUUfjKSCvP2FuhpmjtQN/SeBul1S06Sq31y+P4VIqY6mwSD3hqc60s
+wz01AkEA3MZZBskhM54W9YhaqBiCWxFxag0d7VWj5fRVTjesBLq0tqiz4Sh5joc0
+IKtbY3w8oqM/XaR7oEae3pSeLVTBgQJAGgJ7uKMQWkg1mjoxNfUXEoe5VhneBH3w
+nTT3xsYx8EgEAEuL55Z0FNLCu6u9zdyA51jAT7RwecPdVSxZOc2KjQJAUzKw3VL1
+qMCvqfnHskuzeX8tMn/X/uRv47M+xG+uC3V7kLsJ2/y2uPNMy9Wl0vFD1l1FKXNy
+hPzCsbKr5oBtuQ==
+-----END PRIVATE KEY-----
\r
\r
[ ca_server ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# This is OK for an SSL server.\r
nsCertType = server\r
nsComment = "OpenSSL Generated Server Certificate"\r
# nsCertType = objsign\r
\r
[ ca_altname ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# This is OK for an SSL server.\r
nsCertType = server\r
nsComment = "OpenSSL Generated Server Certificate"\r
subjectAltName = DNS:*.hoo.org,DNS:joo.haa.org,IP:123.124.220.1,DNS:g*a.e*.com\r
\r
[ ca_altname2 ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# This is OK for an SSL server.\r
nsCertType = server\r
nsComment = "OpenSSL Generated Server Certificate"\r
subjectAltName = $ENV::DNS_HOSTNAME\r
\r
[ ca_altname3 ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# This is OK for an SSL server.\r
nsCertType = server\r
nsComment = "OpenSSL Generated Server Certificate"\r
subjectAltName = email:john.doe@foo.bar\r
\r
[ ca_client ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# For normal client use this is typical\r
nsCertType = client, email\r
nsComment = "OpenSSL Generated Client Certificate"\r
\r
[ ca_clientserver ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# For normal client use this is typical\r
nsCertType = server, client, email\r
nsComment = "OpenSSL Generated Client Server Certificate"\r
\r
[ ca_fclient ]\r
-# This is typical in keyUsage for a client certificate.\r
+# Test cert without flags.\r
basicConstraints = CA:false\r
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
nsComment = "OpenSSL Generated Client Certificate with key usage"\r
\r
\r
[ ca_server ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# This is OK for an SSL server.\r
nsCertType = server\r
nsComment = "OpenSSL Generated Server Certificate"\r
# nsCertType = objsign\r
\r
[ ca_altname ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# This is OK for an SSL server.\r
nsCertType = server\r
nsComment = "OpenSSL Generated Server Certificate"\r
subjectAltName = DNS:*.hoo.org,DNS:joo.haa.org,IP:123.124.220.1,DNS:g*a.e*.com\r
\r
[ ca_altname2 ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# This is OK for an SSL server.\r
nsCertType = server\r
nsComment = "OpenSSL Generated Server Certificate"\r
subjectAltName = $ENV::DNS_HOSTNAME\r
\r
[ ca_altname3 ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# This is OK for an SSL server.\r
nsCertType = server\r
nsComment = "OpenSSL Generated Server Certificate"\r
subjectAltName = email:john.doe@foo.bar\r
\r
[ ca_client ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# For normal client use this is typical\r
nsCertType = client, email\r
nsComment = "OpenSSL Generated Client Certificate"\r
\r
[ ca_clientserver ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# For normal client use this is typical\r
nsCertType = server, client, email\r
nsComment = "OpenSSL Generated Client Server Certificate"\r
\r
[ ca_fclient ]\r
-# This is typical in keyUsage for a client certificate.\r
+# Test cert without flags.\r
basicConstraints = CA:false\r
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
nsComment = "OpenSSL Generated Client Certificate with key usage"\r
-----BEGIN CERTIFICATE-----
-MIIDAjCCAmugAwIBAgIJAKNRwvjdf7maMA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNV
+MIIDAjCCAmugAwIBAgIJAKJtBugfITEvMA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNV
BAYTAlVHMQ8wDQYDVQQHEwZUcm9waWMxDzANBgNVBAoTBlV0b3BpYTETMBEGA1UE
-CxMKUmVsYXhhdGlvbjEUMBIGA1UEAxMLdGhlIHJvb3QgQ0EwHhcNMTAxMjE2MTcy
-MzEzWhcNMzgwNTAzMTcyMzEzWjBaMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMGVHJv
+CxMKUmVsYXhhdGlvbjEUMBIGA1UEAxMLdGhlIHJvb3QgQ0EwHhcNMTIwMTMwMTIx
+ODU4WhcNMjUxMDA4MTIxODU4WjBaMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMGVHJv
cGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRpb24xFDASBgNV
-BAMTC3RoZSByb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwtt6B
-km6plmUmXk1okHED/Mratlz01+wDjjEH1/DMs0TYCvjdCrijG3Mcu9czj4x4HDv/
-/swoNwT805BgYP00vxDwh3oraTsaipjaxIeYks8hXH54JZuuLOiM5GuTDLkvXdOy
-VnaNVU9tFtjJX+kYMvozlDVcH9NJwzyQosaUJQIDAQABo4HPMIHMMAwGA1UdEwQF
-MAMBAf8wHQYDVR0OBBYEFNLhBH6Nc1RTScVTrR6E2YoAC2pvMIGMBgNVHSMEgYQw
-gYGAFNLhBH6Nc1RTScVTrR6E2YoAC2pvoV6kXDBaMQswCQYDVQQGEwJVRzEPMA0G
+BAMTC3RoZSByb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWDFRp
+jXzy13Mg5pSaYTgAzYTRUBOJui0R2cVDxWD+gsugeRQJsx834VWCJ4gAodsTBedV
++W1pAeGNTMWX2JxUcWho8phtCzkovAK8u/CepIcv3lfzt9/DcXj276V/VskjmAIM
+yTpJVEu1YqaFRlDuwm7BcqWt/dPCY1MU8BUgAQIDAQABo4HPMIHMMAwGA1UdEwQF
+MAMBAf8wHQYDVR0OBBYEFFcke4MImokq2/O3k3RI+cTWw71CMIGMBgNVHSMEgYQw
+gYGAFFcke4MImokq2/O3k3RI+cTWw71CoV6kXDBaMQswCQYDVQQGEwJVRzEPMA0G
A1UEBxMGVHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRp
-b24xFDASBgNVBAMTC3RoZSByb290IENBggkAo1HC+N1/uZowDgYDVR0PAQH/BAQD
-AgEGMA0GCSqGSIb3DQEBBQUAA4GBAK2QXF62pXErsW9eZZasxSOxNyna/4dNsznP
-GhA1Ua6hWLUFEiMuzagnuALzTceSS9CJPUBgpIxOIR6bcOlY7MvtmI9rIds97VoI
-iCFRCb/eBtqaFgLHwaUFi14z/qxfAscRH53Ub0NNQPrLhOhnMwwvRXJ/wr3zOf8k
-RQtwJL57
+b24xFDASBgNVBAMTC3RoZSByb290IENBggkAom0G6B8hMS8wDgYDVR0PAQH/BAQD
+AgEGMA0GCSqGSIb3DQEBBQUAA4GBABwT0+dY2Th5kdUWMA63NqXMEl6ycPP72Ers
+2odG2UCd7Dj5tCJPWcwaG0YsfZg0e/WH+4gZTNZdNxV46FME3ln2jQFU+nYpjRAY
+fPWVkMwWPC3XKKOd/ccNN/I5mcja3qWsnmryed2ZWEfzwhhJpq1ItnitCSX414b/
+TigWZ3NG
-----END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIICWwIBAAKBgQCwtt6Bkm6plmUmXk1okHED/Mratlz01+wDjjEH1/DMs0TYCvjd
-CrijG3Mcu9czj4x4HDv//swoNwT805BgYP00vxDwh3oraTsaipjaxIeYks8hXH54
-JZuuLOiM5GuTDLkvXdOyVnaNVU9tFtjJX+kYMvozlDVcH9NJwzyQosaUJQIDAQAB
-AoGAd71BobyOHX1ZxpjJjNuqqJAHCBHfhMw2EOatVGo+sQWb1WQB4w0btPGpm0Ow
-ezB+dvhys3B795foWkQkpRmzF4Rb7w3t9DQ1tShqwyXCPTURSl9RxS8nQcGUX2/Y
-/8Ei8jGEHWn/8IyryJmnetCulibNFOTVZrB+aAxBPWhopEECQQDmoC6ks//tS7My
-9iXx48xyM4Pd2UYzM/eRvjuYsaAbYDF95w5Ai6esdLCVNJgAUe259TtO0cdJgJup
-EJwBlVkxAkEAxCg3PeeoOppBLxvtLszlLf8r+DmteI57hGwVPHtIElX7BLg9ItoT
-7joP/ZRfE4VZApuf4/kFUOCkb7/U9aWtNQJAO/FibjjCymCkoRhNYIO+/efZ3G2+
-y0w0itMRFm0Emlj0RC8sCybBXBewVfenkl25Fl5hHel0jOw6iUTh559z4QJASek1
-V3gQZXR2F0AYkMfXmwtJEBD7ki9tzynCnrV9JJuNJ+wb7SPq2pq6J7xeTsayEU9+
-YbIVFLJwg0LvBVhV+QJASxW/aJQukNB9fZC3SFBz/6ed17lpK/F8958lnbNJAx1S
-Nvcv/KvKiND0dFbAvu/GzL69wjqTq0P6qIQ5U3pYUw==
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBANYMVGmNfPLXcyDm
+lJphOADNhNFQE4m6LRHZxUPFYP6Cy6B5FAmzHzfhVYIniACh2xMF51X5bWkB4Y1M
+xZfYnFRxaGjymG0LOSi8Ary78J6khy/eV/O338NxePbvpX9WySOYAgzJOklUS7Vi
+poVGUO7CbsFypa3908JjUxTwFSABAgMBAAECgYB+/2nGBrCv1Kz2RFi/EBeOQmIf
+Xod5HAFJqg+kmiNmXmw6lhwRdTl8ijGVu6ax2VaF/ua21/rWZstQbtB9u4Nkb/bk
+NoA0Kptqa0yGuRVtcZoMtuQu8zRlOjJVB+0IzOQOSc7917d5kSNQFyd/GpttZ6iP
+uZqI/NGM62KiXoMS0QJBAP5wRfQs6bKqXs5CFXXa+miyzDUsNXPMXWS0SMeBomoU
+tBdvdngjUqBWN7d0Hjymt09P1+iQO1iFqS/UImAvgcMCQQDXXJpBM76vmMoK4r5b
+1gbI4cCJiXTZRDGt6df84oWPQ3cFjfsbuhKWYRYoLyy+wJMgfugM5l7fYf797xh6
+ANbrAkEAhmBdUZv2wLlh4KTeGKRR48GqP9rdUA76tBjS5yr7z/KnOklP1BszpCJk
+wqq83WNfJLASY2zpKtNMi0oJ7aqpaQJBAJxMFZtafXqdLYzm8HZgBz6FMKHgw4/n
+ARMR0nIyx/Goadn7KBIAYfsHbPgu/I9X3a9IywqJqrL+QPx0KNRqhY8CQQDUwb8S
+eDP+3r7Kwgp2CGGXvbNOKQ0WKoJjUoRN7UEGX7XYY9BThuCm8dMbNxhiLUxG2Vy4
+aU3HNhRd6EO/2HS3
+-----END PRIVATE KEY-----
\r
\r
[ ca_server ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# This is OK for an SSL server.\r
nsCertType = server\r
nsComment = "OpenSSL Generated Server Certificate"\r
# nsCertType = objsign\r
\r
[ ca_altname ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# This is OK for an SSL server.\r
nsCertType = server\r
nsComment = "OpenSSL Generated Server Certificate"\r
subjectAltName = DNS:*.hoo.org,DNS:joo.haa.org,IP:123.124.220.1,DNS:g*a.e*.com\r
\r
[ ca_altname2 ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# This is OK for an SSL server.\r
nsCertType = server\r
nsComment = "OpenSSL Generated Server Certificate"\r
subjectAltName = $ENV::DNS_HOSTNAME\r
\r
[ ca_altname3 ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# This is OK for an SSL server.\r
nsCertType = server\r
nsComment = "OpenSSL Generated Server Certificate"\r
subjectAltName = email:john.doe@foo.bar\r
\r
[ ca_client ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# For normal client use this is typical\r
nsCertType = client, email\r
nsComment = "OpenSSL Generated Client Certificate"\r
\r
[ ca_clientserver ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# For normal client use this is typical\r
nsCertType = server, client, email\r
nsComment = "OpenSSL Generated Client Server Certificate"\r
\r
[ ca_fclient ]\r
-# This is typical in keyUsage for a client certificate.\r
+# Test cert without flags.\r
basicConstraints = CA:false\r
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
nsComment = "OpenSSL Generated Client Certificate with key usage"\r
-----BEGIN CERTIFICATE-----
-MIIDXDCCAsWgAwIBAgIJAIg5QkW7J8/JMA0GCSqGSIb3DQEBBQUAMHgxCzAJBgNV
+MIIDXDCCAsWgAwIBAgIJAOEnYom3UUXiMA0GCSqGSIb3DQEBBQUAMHgxCzAJBgNV
BAYTAlVHMQ8wDQYDVQQHEwZUcm9waWMxLDAqBgNVBAoTI2h0dHA6Ly9zbGFzaC5z
bGFzaC5lZHU6NzY1Ni90ZXN0aW5nMRMwEQYDVQQLEwpSZWxheGF0aW9uMRUwEwYD
-VQQDEwx0aGUgc2xhc2ggQ0EwHhcNMTAxMjE2MTcyMzE0WhcNMzgwNTAzMTcyMzE0
+VQQDEwx0aGUgc2xhc2ggQ0EwHhcNMTIwMTMwMTIxODU4WhcNMjUxMDA4MTIxODU4
WjB4MQswCQYDVQQGEwJVRzEPMA0GA1UEBxMGVHJvcGljMSwwKgYDVQQKEyNodHRw
Oi8vc2xhc2guc2xhc2guZWR1Ojc2NTYvdGVzdGluZzETMBEGA1UECxMKUmVsYXhh
dGlvbjEVMBMGA1UEAxMMdGhlIHNsYXNoIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQDluI75hMEoE1TGyj7XTjElxLx9LKCj3QmkuNco7/nSVu3jXkEWSUSp
-tfNLQ+nnWZ4MlPtL0x21BqFZA5YGV/P8T/Q/oX8fTyFnLc2FTWAmujrbpQHPknUa
-EO9CRiJjK7DuoWwsEjRClbRuB297zrTdQH9RFzJ8UbBt4bi0ckNp1QIDAQABo4Ht
-MIHqMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFBryqVaj4vDBMxXwlXHGXyWzH1L6
-MIGqBgNVHSMEgaIwgZ+AFBryqVaj4vDBMxXwlXHGXyWzH1L6oXykejB4MQswCQYD
+ADCBiQKBgQDH3EfOZgvZ6g9WdrrK1aCAGGD19uZFAleH9tuB3NT8qjJUMOPinwbS
+9CMZCOaSSLVFVKuFf25YEy2f2GECa17kztJs/6HYA3vgNkCq4tWGTwJc4YEXTz0i
+iRbL0Udipmr1MssLwFtb+XVxCOear+Hw+0wLKwld+CGHwRTgXwzl0QIDAQABo4Ht
+MIHqMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFMAwDZL6I8Aj1Cs2p6xFK2E9nFA9
+MIGqBgNVHSMEgaIwgZ+AFMAwDZL6I8Aj1Cs2p6xFK2E9nFA9oXykejB4MQswCQYD
VQQGEwJVRzEPMA0GA1UEBxMGVHJvcGljMSwwKgYDVQQKEyNodHRwOi8vc2xhc2gu
c2xhc2guZWR1Ojc2NTYvdGVzdGluZzETMBEGA1UECxMKUmVsYXhhdGlvbjEVMBMG
-A1UEAxMMdGhlIHNsYXNoIENBggkAiDlCRbsnz8kwDgYDVR0PAQH/BAQDAgEGMA0G
-CSqGSIb3DQEBBQUAA4GBAI9+LLLaK1ANc8da9g9w2d8i5jN8ln6pUKcemE0ScT+3
-F0Qyc1jdqpmulEtrHD8/XJDydSoiKhhaWqYbW+KZYIumoWG8fUJ1FJLQfvUqCLaS
-dnIvE5h7BaEBERgE450YP1uidOoJXCCqUgpr3SywrSUwEfykwF2veljqn9poYSOM
+A1UEAxMMdGhlIHNsYXNoIENBggkA4SdiibdRReIwDgYDVR0PAQH/BAQDAgEGMA0G
+CSqGSIb3DQEBBQUAA4GBAJ2rtDNZcbC6Q+mgP32URg7MoF3yr6hQqfJcmYvhCvxW
+82gVS/SO1WfPTKScKgNwC/B/R1yP2emRR9uxAPGIMfJEU6gpFnFvcE24XOw2cPaR
+aMPRDiqsRuOu/sJqPRIOxReE2Yyd+caBcuf++EARLuzqOe0f39r/92zKRbM2RM54
-----END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIICXgIBAAKBgQDluI75hMEoE1TGyj7XTjElxLx9LKCj3QmkuNco7/nSVu3jXkEW
-SUSptfNLQ+nnWZ4MlPtL0x21BqFZA5YGV/P8T/Q/oX8fTyFnLc2FTWAmujrbpQHP
-knUaEO9CRiJjK7DuoWwsEjRClbRuB297zrTdQH9RFzJ8UbBt4bi0ckNp1QIDAQAB
-AoGBAN9xbxBhAoh6lSFvI0TFd6SnAjg3KmF45KJmcFIPac4gY++ehGyrA7CXnHh/
-LIqtbsAKQYx1YxXrxxEQHeM5tcTEGyyQl3BN1hAnNviY0IQ95B2yrk3O7nkPpIuT
-+id1QCouCQFto/gG3/Z8Yw4CQAkl/CvTDwL5U59+GgvH/bsBAkEA95k+EQ+GVFvS
-I7xW0kSKjvPopyFwG8G6viBhNvGHhWTrXCnGsPSEcbKOkMH6G0c6NJ+FOHR3dgqc
-JciB8vIddQJBAO2EBa98tcTLzpMWHzaRP6oPErTVpfyTKiC9LhU7XbAlQNN3jZnW
-Ay/zZN0WBhvyZ/72MKQfTQoDa2KRxmVqruECQQDVgYZc7dc27Uri1+jCPqqApOEt
-JY9n0AG5K3DJETN8ms691aRpOSDwbjmzqCGE3kHZ2OjnCr9swa9ugV1VYuR1AkBI
-aCX/kIotO2B3UJglX3REGKJARJ18eTSvlFyXFmkCSOkRTnH5gten55BJIeys2mI/
-xLehYPVwZwh2nTAZPMOhAkEA1w0VCC4WP58r8V79BXXmAPwL9HgeOFmNYn89XO4+
-tyv3MA3BTaS4nYeAL1/QcRHURvuRV3Pl4TmFDeCwdov9Gg==
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAMfcR85mC9nqD1Z2
+usrVoIAYYPX25kUCV4f224Hc1PyqMlQw4+KfBtL0IxkI5pJItUVUq4V/blgTLZ/Y
+YQJrXuTO0mz/odgDe+A2QKri1YZPAlzhgRdPPSKJFsvRR2KmavUyywvAW1v5dXEI
+55qv4fD7TAsrCV34IYfBFOBfDOXRAgMBAAECgYB6zCrGc0a21qwj2QF+HPHnopL4
+rYHgRscXQCKw0MmAkOYpenyaQlGEDgL+n8xjdw8BkTtt49UdgnMW8nDwdp4vahML
+UlYzmFjzuYtL5FzHSs+IghwinWAVJF0BsuVTTT39Gz7JNUCAuSCe0Qrw7O6e+Agi
+BLGznV/BsKe3KRWsAQJBAPxAWdJfGBnQD5Ca9dS9jW5d4JNBgLYuRDnagCM4mpqm
+l40lde26RHaCbnLoWlp78I4PqurqtDB8s6/aDISd55ECQQDK1J30INug1d6ucI4k
+f/IqogkvZ1zpl1yra1QXcmjYHcoA/jNP5Oh7CcvETP3l2f1bs3ctS/v7kE/nVlTf
++npBAkEA3uA4vLB6yevUpM7V4AcvHFHj6BgbElykuX0+dGBB8dy50ONFZCuM7Czo
+S6zSkForvElJmdCQLrsvxHNjVhVykQJAAP/pQ2HCE1nafhuZ574lsGYaC3zD7XbM
+gx/FS1RKBf6nlzepgxRKvQiAU5hZi/92CzSoOrXsKQI+EpLPWkc+wQJAKsamGIeS
+xpcdjc9KfBTeQTFGGRnfgKjAON8bzsEFCpWEu69ItWpQJPs7LUe7rr5Raq8KCoh/
+2Ywowam7utyVag==
+-----END PRIVATE KEY-----
-V 380503172313Z 0176 unknown /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the subca CA
+V 251008121858Z 0176 unknown /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the subca CA
\r
\r
[ ca_server ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# This is OK for an SSL server.\r
nsCertType = server\r
nsComment = "OpenSSL Generated Server Certificate"\r
# nsCertType = objsign\r
\r
[ ca_altname ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# This is OK for an SSL server.\r
nsCertType = server\r
nsComment = "OpenSSL Generated Server Certificate"\r
subjectAltName = DNS:*.hoo.org,DNS:joo.haa.org,IP:123.124.220.1,DNS:g*a.e*.com\r
\r
[ ca_altname2 ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# This is OK for an SSL server.\r
nsCertType = server\r
nsComment = "OpenSSL Generated Server Certificate"\r
subjectAltName = $ENV::DNS_HOSTNAME\r
\r
[ ca_altname3 ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# This is OK for an SSL server.\r
nsCertType = server\r
nsComment = "OpenSSL Generated Server Certificate"\r
subjectAltName = email:john.doe@foo.bar\r
\r
[ ca_client ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# For normal client use this is typical\r
nsCertType = client, email\r
nsComment = "OpenSSL Generated Client Certificate"\r
\r
[ ca_clientserver ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# For normal client use this is typical\r
nsCertType = server, client, email\r
nsComment = "OpenSSL Generated Client Server Certificate"\r
\r
[ ca_fclient ]\r
-# This is typical in keyUsage for a client certificate.\r
+# Test cert without flags.\r
basicConstraints = CA:false\r
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
nsComment = "OpenSSL Generated Client Certificate with key usage"\r
Signature Algorithm: md5WithRSAEncryption
Issuer: C=UG, L=Tropic, O=Utopia, OU=Relaxation, CN=the root CA
Validity
- Not Before: Dec 16 17:23:13 2010 GMT
- Not After : May 3 17:23:13 2038 GMT
+ Not Before: Jan 30 12:18:58 2012 GMT
+ Not After : Oct 8 12:18:58 2025 GMT
Subject: C=UG, L=Tropic, O=Utopia, OU=Relaxation, CN=the subca CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:a6:02:9e:e7:e5:25:2f:a0:b7:60:7c:a6:99:2d:
- 32:34:6e:c7:bd:11:c5:ca:ac:fd:65:08:de:d8:4e:
- 58:b7:19:d6:d7:53:67:9f:3c:76:ab:65:a1:db:5f:
- 4f:83:cc:5e:b3:14:73:c0:58:06:4e:10:96:c2:71:
- 20:f0:c3:43:d5:82:ea:f4:bc:ce:d3:a1:17:7f:b1:
- 2e:a5:2a:cd:67:36:a1:00:28:39:fe:29:95:c8:b9:
- d2:60:35:0f:96:ec:6b:00:d4:1d:ae:73:8f:e5:47:
- 42:95:16:f1:9f:0a:f6:a0:f5:5a:cb:85:81:15:b2:
- 3c:21:ab:4d:cc:b1:52:52:dd
+ Public-Key: (1024 bit)
+ Modulus:
+ 00:c2:68:6a:f6:e3:56:2a:36:fb:c5:f8:4f:1a:fd:
+ 0b:f0:f6:95:cb:05:30:5e:88:f6:84:b0:71:fe:59:
+ 98:6f:35:09:2b:40:4d:dd:e5:37:ea:8c:9b:e8:ad:
+ bf:f5:63:88:e9:ed:4a:69:6a:8c:f0:7c:b7:3b:6a:
+ 99:5f:1c:d7:d1:d0:ab:ba:1c:55:f6:14:c7:c7:e1:
+ 07:e5:8e:40:82:56:d8:42:9d:40:ad:ee:2e:7e:32:
+ db:cd:11:3e:75:87:b0:b9:1f:3c:20:d5:3e:ac:ee:
+ 86:01:0b:57:9b:3d:d6:5d:b8:cd:bb:ee:b5:ef:87:
+ f8:91:09:7c:6a:54:64:55:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:TRUE
X509v3 Subject Key Identifier:
- 72:E2:1C:DF:FA:13:48:67:BA:80:EF:59:BC:ED:EC:15:77:61:AF:CC
+ 50:09:78:05:FC:8F:6D:EB:38:39:EE:32:06:BD:6D:73:DE:38:AE:87
X509v3 Authority Key Identifier:
- keyid:D2:E1:04:7E:8D:73:54:53:49:C5:53:AD:1E:84:D9:8A:00:0B:6A:6F
+ keyid:57:24:7B:83:08:9A:89:2A:DB:F3:B7:93:74:48:F9:C4:D6:C3:BD:42
DirName:/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the root CA
- serial:A3:51:C2:F8:DD:7F:B9:9A
+ serial:A2:6D:06:E8:1F:21:31:2F
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Signature Algorithm: md5WithRSAEncryption
- 77:fb:7d:ed:41:72:9a:44:a3:aa:c1:fd:45:09:67:2a:46:a9:
- d9:72:5d:9a:d8:e3:0d:fe:2b:c7:62:4c:14:04:45:0f:34:a8:
- 39:a0:e0:b9:70:74:74:e1:99:da:6a:e7:e8:cc:07:56:b9:a6:
- 38:24:46:74:e1:a9:55:02:c0:5a:cf:78:9b:d7:95:76:2f:68:
- 36:87:1b:8a:97:80:77:24:5b:6f:db:ec:a3:fc:88:50:3d:be:
- f0:e1:ac:6d:1f:02:61:63:d4:8d:88:98:ca:de:0a:da:0e:36:
- 19:ea:a6:1c:c1:fa:7c:d1:30:bc:d2:ee:6e:10:15:17:44:fb:
- 53:52
+ 52:ca:c6:04:5d:02:50:1f:b5:db:8c:2d:d2:0b:ad:71:e8:22:
+ 55:0d:f5:30:d2:76:77:4e:3f:0c:66:4d:75:40:ee:0d:d9:6d:
+ 66:5a:5b:2d:17:a1:b5:9f:0c:33:07:23:8d:c5:53:6b:f2:4e:
+ 9a:46:b1:55:c5:01:d6:a5:7e:d6:10:c7:5b:47:64:88:4e:ef:
+ be:7e:79:b3:53:7b:7a:75:e8:77:c4:c8:e8:67:3d:29:61:ad:
+ bb:3d:e4:1e:2d:f2:7a:ad:62:b3:62:4f:7a:24:64:e4:3b:78:
+ 1a:52:18:e1:6c:bb:0d:15:cb:17:3c:0d:1a:2f:c1:a8:23:c4:
+ 57:46
-----BEGIN CERTIFICATE-----
MIIC/DCCAmWgAwIBAgICAXYwDQYJKoZIhvcNAQEEBQAwWjELMAkGA1UEBhMCVUcx
DzANBgNVBAcTBlRyb3BpYzEPMA0GA1UEChMGVXRvcGlhMRMwEQYDVQQLEwpSZWxh
-eGF0aW9uMRQwEgYDVQQDEwt0aGUgcm9vdCBDQTAeFw0xMDEyMTYxNzIzMTNaFw0z
-ODA1MDMxNzIzMTNaMFsxCzAJBgNVBAYTAlVHMQ8wDQYDVQQHEwZUcm9waWMxDzAN
+eGF0aW9uMRQwEgYDVQQDEwt0aGUgcm9vdCBDQTAeFw0xMjAxMzAxMjE4NThaFw0y
+NTEwMDgxMjE4NThaMFsxCzAJBgNVBAYTAlVHMQ8wDQYDVQQHEwZUcm9waWMxDzAN
BgNVBAoTBlV0b3BpYTETMBEGA1UECxMKUmVsYXhhdGlvbjEVMBMGA1UEAxMMdGhl
-IHN1YmNhIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCmAp7n5SUvoLdg
-fKaZLTI0bse9EcXKrP1lCN7YTli3GdbXU2efPHarZaHbX0+DzF6zFHPAWAZOEJbC
-cSDww0PVgur0vM7ToRd/sS6lKs1nNqEAKDn+KZXIudJgNQ+W7GsA1B2uc4/lR0KV
-FvGfCvag9VrLhYEVsjwhq03MsVJS3QIDAQABo4HPMIHMMAwGA1UdEwQFMAMBAf8w
-HQYDVR0OBBYEFHLiHN/6E0hnuoDvWbzt7BV3Ya/MMIGMBgNVHSMEgYQwgYGAFNLh
-BH6Nc1RTScVTrR6E2YoAC2pvoV6kXDBaMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMG
+IHN1YmNhIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCaGr241YqNvvF
++E8a/Qvw9pXLBTBeiPaEsHH+WZhvNQkrQE3d5TfqjJvorb/1Y4jp7UppaozwfLc7
+aplfHNfR0Ku6HFX2FMfH4QfljkCCVthCnUCt7i5+MtvNET51h7C5Hzwg1T6s7oYB
+C1ebPdZduM277rXvh/iRCXxqVGRV9QIDAQABo4HPMIHMMAwGA1UdEwQFMAMBAf8w
+HQYDVR0OBBYEFFAJeAX8j23rODnuMga9bXPeOK6HMIGMBgNVHSMEgYQwgYGAFFck
+e4MImokq2/O3k3RI+cTWw71CoV6kXDBaMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMG
VHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRpb24xFDAS
-BgNVBAMTC3RoZSByb290IENBggkAo1HC+N1/uZowDgYDVR0PAQH/BAQDAgEGMA0G
-CSqGSIb3DQEBBAUAA4GBAHf7fe1BcppEo6rB/UUJZypGqdlyXZrY4w3+K8diTBQE
-RQ80qDmg4LlwdHThmdpq5+jMB1a5pjgkRnThqVUCwFrPeJvXlXYvaDaHG4qXgHck
-W2/b7KP8iFA9vvDhrG0fAmFj1I2ImMreCtoONhnqphzB+nzRMLzS7m4QFRdE+1NS
+BgNVBAMTC3RoZSByb290IENBggkAom0G6B8hMS8wDgYDVR0PAQH/BAQDAgEGMA0G
+CSqGSIb3DQEBBAUAA4GBAFLKxgRdAlAftduMLdILrXHoIlUN9TDSdndOPwxmTXVA
+7g3ZbWZaWy0XobWfDDMHI43FU2vyTppGsVXFAdalftYQx1tHZIhO775+ebNTe3p1
+6HfEyOhnPSlhrbs95B4t8nqtYrNiT3okZOQ7eBpSGOFsuw0Vyxc8DRovwagjxFdG
-----END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQCmAp7n5SUvoLdgfKaZLTI0bse9EcXKrP1lCN7YTli3GdbXU2ef
-PHarZaHbX0+DzF6zFHPAWAZOEJbCcSDww0PVgur0vM7ToRd/sS6lKs1nNqEAKDn+
-KZXIudJgNQ+W7GsA1B2uc4/lR0KVFvGfCvag9VrLhYEVsjwhq03MsVJS3QIDAQAB
-AoGAGFHv96cBMJ4J30/DlFMjtLy59D/jSxLWuHN5OhUYOBLH/5mPZ6uS8v8bnCi1
-XGiXQwLvBjGfEtapT2kFW2Av0p4zsAnJ9D1emH5aFD67YXI5vW4PR0R/Lu58SI6a
-p5y3aNsxCMmORAsXTfj2C3r/ntCuwUXITP2mUbL8pa2ofz0CQQDZWD9DNRdfDb4W
-xQGparH30jxhlkUMxhjnddMnt0pAKxFjWXQQ80EI1mZRDk9gpb14okaEq+dRtkdR
-3piJ/a2DAkEAw4kafeTETUSbbACRKmr+5skDuKYWY4nei7JNCP45HkpmIdFSEtvY
-ftwkhuhJGtW7q4AuEIyU2QI7DRYg67twHwJAVy4+sgapyUcJ6Lg9YmeZ235JGhvc
-trL/alioylWLQxIDd4Z6OBJbE+BsSjcjP/E7fxgYkT8jGnOzR/Ox3CgVYQJBAJoB
-yI3TuxEoskl0gOGp+C6JsJakqgmoM1JQEwC8SvyimKKWHVChO3lfpp1jIwExymif
-wqhiMXJioWQDQ9angP0CQB+PR9qES3nqqfRn8iCqcxNnmxALGqS2cxmDFxeQqEAL
-0mGmZtNxswQr/9BipCHbf5KehNeDuVvMANk1ip00pyc=
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMJoavbjVio2+8X4
+Txr9C/D2lcsFMF6I9oSwcf5ZmG81CStATd3lN+qMm+itv/VjiOntSmlqjPB8tztq
+mV8c19HQq7ocVfYUx8fhB+WOQIJW2EKdQK3uLn4y280RPnWHsLkfPCDVPqzuhgEL
+V5s91l24zbvute+H+JEJfGpUZFX1AgMBAAECgYAtkEuBkcagHkLkI05nBOfHkgOJ
+ka3EelVMxA3zjwwrBEMh3/BgEVkJn+rqnc5ftPRh3zuReWeO9av8QP+xSxFJsnsL
+gKZNpsOSclR+zdpWsiIR9JnO58qnXW+m8AnXArSg8aLG5hFSEKSkxSfNKEybm0nG
+fn25zKYTzpnaua/QAQJBAPeJ5jCwWZL35OhBSFwTigm3fAA0ffOSW1tjkm6+byXD
+hfMfjvpbe8TQfjKq7UA5KnU7icr+cACiPuNJXo4PTTcCQQDJDZhCSJKwdVVF/lQX
+FwcG2T2zyO3RpozXFgXXBT2j3awicxgbjOxUh9ImVOhjlash4aIAcksWzlA0Xyg/
+wawzAkEAoEPw/C8BH41N8C1sKukfoyDfsMZLkap9aZLzGK5FCf8oN3uEN4WJgai3
+PBi8WKtqWNJ+aSYI3/ArpT44cONpSwJAcPruwPC/XeHRlY+h+Ye7LyINBma3HcUW
+CBgcGASd6uO6w3Eh7vl2JNpeQaQdIzkL/fIpc07G2338nDGNEKbo+QJBAKdOkF8x
+E49CHpIyB+PfYXfNHOSXQMucQSpM21YLj666QPiUd+zLxBnTRdiSq5DAXV83/qrL
+Y/mpZlO1XCpNUJs=
+-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE REQUEST-----
MIIBmzCCAQQCAQAwWzELMAkGA1UEBhMCVUcxDzANBgNVBAcTBlRyb3BpYzEPMA0G
A1UEChMGVXRvcGlhMRMwEQYDVQQLEwpSZWxheGF0aW9uMRUwEwYDVQQDEwx0aGUg
-c3ViY2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKYCnuflJS+gt2B8
-ppktMjRux70Rxcqs/WUI3thOWLcZ1tdTZ588dqtlodtfT4PMXrMUc8BYBk4QlsJx
-IPDDQ9WC6vS8ztOhF3+xLqUqzWc2oQAoOf4plci50mA1D5bsawDUHa5zj+VHQpUW
-8Z8K9qD1WsuFgRWyPCGrTcyxUlLdAgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQCk
-MpGCwnIPP/A4U7v6GjNIeaD7SS1yTz8v7Sak7ZqQAgHQubQoOVeMrlWzrIqVbQiZ
-g4JM7fjRObd0XSOwaUpMXmlB/O3+WLBsFELudfWslyEaHv0Wkgom+aZP9DRb/lVz
-Kg6OaBIApp/5bwATPZxk+9Zo4W6d7LF6tHayHsgJhw==
+c3ViY2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMJoavbjVio2+8X4
+Txr9C/D2lcsFMF6I9oSwcf5ZmG81CStATd3lN+qMm+itv/VjiOntSmlqjPB8tztq
+mV8c19HQq7ocVfYUx8fhB+WOQIJW2EKdQK3uLn4y280RPnWHsLkfPCDVPqzuhgEL
+V5s91l24zbvute+H+JEJfGpUZFX1AgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQCs
+gvrRv5ck4k8xP3vRPwDU7pKwr7iAvwsg5qGF7DtZT+Fr3fxmoZsot68GGkgpCGkZ
+E3qWreu8Jms+fQZ1EdDNjHfQDfSNuzI7NJswRSY5dzQUUZhJ9WFqhwOEppvmB18L
+fV01wpqFdLnDrbvNK1f/YV/yGllzqlp8jseMw+MW+Q==
-----END CERTIFICATE REQUEST-----
-V 380503172313Z 0176 unknown /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the subsubca CA
+V 251008121858Z 0176 unknown /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the subsubca CA
\r
\r
[ ca_server ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# This is OK for an SSL server.\r
nsCertType = server\r
nsComment = "OpenSSL Generated Server Certificate"\r
# nsCertType = objsign\r
\r
[ ca_altname ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# This is OK for an SSL server.\r
nsCertType = server\r
nsComment = "OpenSSL Generated Server Certificate"\r
subjectAltName = DNS:*.hoo.org,DNS:joo.haa.org,IP:123.124.220.1,DNS:g*a.e*.com\r
\r
[ ca_altname2 ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# This is OK for an SSL server.\r
nsCertType = server\r
nsComment = "OpenSSL Generated Server Certificate"\r
subjectAltName = $ENV::DNS_HOSTNAME\r
\r
[ ca_altname3 ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# This is OK for an SSL server.\r
nsCertType = server\r
nsComment = "OpenSSL Generated Server Certificate"\r
subjectAltName = email:john.doe@foo.bar\r
\r
[ ca_client ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# For normal client use this is typical\r
nsCertType = client, email\r
nsComment = "OpenSSL Generated Client Certificate"\r
\r
[ ca_clientserver ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# For normal client use this is typical\r
nsCertType = server, client, email\r
nsComment = "OpenSSL Generated Client Server Certificate"\r
\r
[ ca_fclient ]\r
-# This is typical in keyUsage for a client certificate.\r
+# Test cert without flags.\r
basicConstraints = CA:false\r
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
nsComment = "OpenSSL Generated Client Certificate with key usage"\r
Signature Algorithm: md5WithRSAEncryption
Issuer: C=UG, L=Tropic, O=Utopia, OU=Relaxation, CN=the subca CA
Validity
- Not Before: Dec 16 17:23:13 2010 GMT
- Not After : May 3 17:23:13 2038 GMT
+ Not Before: Jan 30 12:18:58 2012 GMT
+ Not After : Oct 8 12:18:58 2025 GMT
Subject: C=UG, L=Tropic, O=Utopia, OU=Relaxation, CN=the subsubca CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:b9:e2:be:89:f7:d4:ea:b1:90:2a:13:c3:18:59:
- fa:05:cd:52:73:09:18:7d:a8:a1:85:2c:c2:4b:58:
- f8:c2:fd:2d:20:97:d0:df:39:be:15:7b:26:72:a1:
- 4b:cc:62:03:0c:2b:9b:7d:d1:f0:a4:66:36:d4:48:
- 8b:ca:61:73:61:b3:c3:9e:0a:5a:54:d5:43:ad:88:
- 2a:0f:85:41:f0:d6:09:8d:d4:9a:f2:10:4e:41:d8:
- d2:88:cd:07:78:ea:60:67:28:e1:4f:9e:3d:24:8b:
- 64:31:fd:d3:d3:4c:bb:c8:42:49:15:69:f6:06:14:
- 00:6d:b7:df:1d:c2:44:88:7d
+ Public-Key: (1024 bit)
+ Modulus:
+ 00:c1:f1:e2:20:04:0b:dc:d9:ad:c2:d7:fa:e6:70:
+ f3:6f:14:0d:66:4a:ed:c3:66:b9:1a:83:f6:73:67:
+ 46:0b:e9:f5:11:ee:26:2b:a4:e4:77:92:71:e0:a2:
+ 1a:76:ba:a3:93:2d:84:05:71:cf:2c:ff:32:99:49:
+ 5d:ae:d5:9f:b0:d3:d2:7f:50:21:ba:0b:40:d4:6b:
+ a8:d6:ba:a9:0a:bc:7d:d9:28:bc:45:7a:50:d3:fb:
+ 41:aa:ea:c0:76:a8:96:e8:c4:8b:fc:6e:c7:88:37:
+ c2:2f:49:ba:61:fd:97:f7:91:c6:2a:35:1c:3a:8b:
+ 39:c1:29:97:6e:1b:a1:5b:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:TRUE
X509v3 Subject Key Identifier:
- 43:B2:E1:9F:EB:C5:ED:9C:C6:76:EF:EC:B4:D1:D3:95:AF:67:45:AD
+ 13:D5:A4:0F:E9:84:B4:C3:AC:D6:53:CA:7E:C5:B7:D3:61:4C:17:3F
X509v3 Authority Key Identifier:
- keyid:72:E2:1C:DF:FA:13:48:67:BA:80:EF:59:BC:ED:EC:15:77:61:AF:CC
+ keyid:50:09:78:05:FC:8F:6D:EB:38:39:EE:32:06:BD:6D:73:DE:38:AE:87
DirName:/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the root CA
serial:01:76
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Signature Algorithm: md5WithRSAEncryption
- 32:3b:67:ad:10:b0:a0:6c:82:39:c9:30:fb:c3:63:20:ff:66:
- 11:38:13:58:3a:36:b4:ec:f8:55:9f:c4:05:34:04:9d:f1:5e:
- 6a:95:71:79:9f:4d:42:6c:a7:ba:f2:e0:fe:cc:42:7e:85:49:
- 56:94:5c:2f:e5:5b:27:ff:52:16:1b:a6:f5:4f:9e:88:67:96:
- 6d:b0:71:07:73:d2:08:35:a0:8b:f5:5f:a6:9d:8f:ee:20:49:
- 4f:01:39:17:e6:76:4a:43:9c:cd:9c:87:33:c2:5b:ac:8b:f9:
- 24:4b:6b:1f:08:ef:99:e3:1a:16:1f:0f:1a:f4:1a:96:91:5c:
- 69:d0
+ aa:6c:14:cd:1e:53:0b:45:7d:4e:4f:78:4d:a2:ef:20:a6:97:
+ e9:dd:8b:ca:09:bd:1c:7a:ac:02:e7:c8:44:af:69:a4:cd:de:
+ b0:34:b5:f4:ba:d7:c8:8f:ab:27:88:e9:48:80:d9:86:88:ee:
+ 6d:b8:c5:08:a0:d5:bd:ad:cd:71:40:78:7a:5f:aa:46:02:ac:
+ c2:a0:07:0f:5d:fb:d4:ef:01:13:0c:96:77:7d:ba:89:8d:11:
+ d4:04:e0:f2:c1:93:5c:ee:31:70:67:57:79:2b:03:bf:72:2e:
+ 8b:3d:c9:93:22:bd:20:2a:c0:41:30:b8:01:9a:4f:31:0d:58:
+ f4:88
-----BEGIN CERTIFICATE-----
MIIC9zCCAmCgAwIBAgICAXYwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCVUcx
DzANBgNVBAcTBlRyb3BpYzEPMA0GA1UEChMGVXRvcGlhMRMwEQYDVQQLEwpSZWxh
-eGF0aW9uMRUwEwYDVQQDEwx0aGUgc3ViY2EgQ0EwHhcNMTAxMjE2MTcyMzEzWhcN
-MzgwNTAzMTcyMzEzWjBeMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMGVHJvcGljMQ8w
+eGF0aW9uMRUwEwYDVQQDEwx0aGUgc3ViY2EgQ0EwHhcNMTIwMTMwMTIxODU4WhcN
+MjUxMDA4MTIxODU4WjBeMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMGVHJvcGljMQ8w
DQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRpb24xGDAWBgNVBAMTD3Ro
-ZSBzdWJzdWJjYSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAueK+iffU
-6rGQKhPDGFn6Bc1ScwkYfaihhSzCS1j4wv0tIJfQ3zm+FXsmcqFLzGIDDCubfdHw
-pGY21EiLymFzYbPDngpaVNVDrYgqD4VB8NYJjdSa8hBOQdjSiM0HeOpgZyjhT549
-JItkMf3T00y7yEJJFWn2BhQAbbffHcJEiH0CAwEAAaOBxjCBwzAMBgNVHRMEBTAD
-AQH/MB0GA1UdDgQWBBRDsuGf68XtnMZ27+y00dOVr2dFrTCBgwYDVR0jBHwweoAU
-cuIc3/oTSGe6gO9ZvO3sFXdhr8yhXqRcMFoxCzAJBgNVBAYTAlVHMQ8wDQYDVQQH
+ZSBzdWJzdWJjYSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwfHiIAQL
+3Nmtwtf65nDzbxQNZkrtw2a5GoP2c2dGC+n1Ee4mK6Tkd5Jx4KIadrqjky2EBXHP
+LP8ymUldrtWfsNPSf1AhugtA1Guo1rqpCrx92Si8RXpQ0/tBqurAdqiW6MSL/G7H
+iDfCL0m6Yf2X95HGKjUcOos5wSmXbhuhW/sCAwEAAaOBxjCBwzAMBgNVHRMEBTAD
+AQH/MB0GA1UdDgQWBBQT1aQP6YS0w6zWU8p+xbfTYUwXPzCBgwYDVR0jBHwweoAU
+UAl4BfyPbes4Oe4yBr1tc944roehXqRcMFoxCzAJBgNVBAYTAlVHMQ8wDQYDVQQH
EwZUcm9waWMxDzANBgNVBAoTBlV0b3BpYTETMBEGA1UECxMKUmVsYXhhdGlvbjEU
MBIGA1UEAxMLdGhlIHJvb3QgQ0GCAgF2MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG
-9w0BAQQFAAOBgQAyO2etELCgbII5yTD7w2Mg/2YROBNYOja07PhVn8QFNASd8V5q
-lXF5n01CbKe68uD+zEJ+hUlWlFwv5Vsn/1IWG6b1T56IZ5ZtsHEHc9IINaCL9V+m
-nY/uIElPATkX5nZKQ5zNnIczwlusi/kkS2sfCO+Z4xoWHw8a9BqWkVxp0A==
+9w0BAQQFAAOBgQCqbBTNHlMLRX1OT3hNou8gppfp3YvKCb0ceqwC58hEr2mkzd6w
+NLX0utfIj6sniOlIgNmGiO5tuMUIoNW9rc1xQHh6X6pGAqzCoAcPXfvU7wETDJZ3
+fbqJjRHUBODywZNc7jFwZ1d5KwO/ci6LPcmTIr0gKsBBMLgBmk8xDVj0iA==
-----END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQC54r6J99TqsZAqE8MYWfoFzVJzCRh9qKGFLMJLWPjC/S0gl9Df
-Ob4VeyZyoUvMYgMMK5t90fCkZjbUSIvKYXNhs8OeClpU1UOtiCoPhUHw1gmN1Jry
-EE5B2NKIzQd46mBnKOFPnj0ki2Qx/dPTTLvIQkkVafYGFABtt98dwkSIfQIDAQAB
-AoGACLRqkdFuQhNQmffU8gX8pFrqGoL5h6Dm93KSIq8m7xKmE1moqVtt4FmlAkc1
-YnvQgrhkDq9PIpO6y5QeH7sSiRNAWO8iMSuGlsGCv5BqWz6T7qcSSM0k7r7VVdtC
-J0xvuTeJJx5zuAHPlBb5gW+B7m9BMBXhkwCZk99EbTBOhmECQQDsDznUQbljz0Ny
-klbzbtWppG6JLXmUr6VssRcvMgFVJHrch1+L/zMPS1w+ZERu0orTAGaswiJ5zCgj
-+7Luj8BlAkEAyZaDc6VNeVDbL74rQFXDF8bdeuVZKqVgd3fjLY6EoT50U36AlCHg
-rJh3xs9eEW5KmUXmyb5Ir8KfGD4icffKOQJBAJMWma4Mlfv/NcO6M7vToAbokoef
-claXa7hiUFP0EKiA5p1rLLoK9kHdb0jhKVL0ldQMN+4FuX2zHH/vYfsMT5ECQDgV
-aOLutVwwE5r3xF60vX9K82lyj1kfA3SZZRnSkbGuh3yHMEyGFFTQYlpsbNZaoeR8
-nxW3m89STSLYforIjnkCQQDh36p1GeYIVQJ4j6xveOPIG/wb4bj0FqymhsDldtxi
-zl6IPPGlzlKyNYp+PLFjJ87FXoPWXa/xYWNZlE8yF2nD
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAMHx4iAEC9zZrcLX
++uZw828UDWZK7cNmuRqD9nNnRgvp9RHuJiuk5HeSceCiGna6o5MthAVxzyz/MplJ
+Xa7Vn7DT0n9QIboLQNRrqNa6qQq8fdkovEV6UNP7QarqwHaolujEi/xux4g3wi9J
+umH9l/eRxio1HDqLOcEpl24boVv7AgMBAAECgYEAjvk64rE48YmDYCUKMIFJ5DQb
+ILLSDn+Wq6Zms3KJn9TMNniiqP/48PEDhD7cVXSHi8M9FSpuOVS0P25nYrDW9CJA
+hAmB9FqD/eier8PFOlP65aVSKAkbNqu44KuyDg5q3gcQ27XmCcDMoOmxBMpecOPl
+OhFGOXKXdMpO/3nTgcECQQDszJk3sQHn/xP3orrK1iN2R5UusIBbavm0QO5qlT2Z
+XM/cHY9fFFVNYJYXB5ZNI8qt+mE/+I5dFfhQE7s4nMthAkEA0au6WT6T4YdoRIW+
+fuVxfeq3rgUmYjvDUW2PhCpjEi3DwcLuojp/8zkPGXoBjfvoVRloMv2PVwaTXs0V
+Lhtg2wJBAMc6oJJln6f0SXVo+WWc4vsp4M8GewfvKiXJF46e/9OfbdbRHAYv0lEm
+uUCpBoDiYy0bYmTzF7wjtuaQo01PRiECQCJlOIGxaVMDApDTG+f3PcH5Qj6S67QL
+t8Pg5D07MttllIpxrvIABMNipd55DE49d+SV8WkD/YK6Omy/2eyhYycCQQCTulrt
+U14yo/PXUmyJ8rb1W+H3kwhvMgcMp5Zhm5UPv9bJJGU7YNna3q4elpdDDn8SAYg1
+Yhu8jPTGwwMOP/4w
+-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE REQUEST-----
MIIBnjCCAQcCAQAwXjELMAkGA1UEBhMCVUcxDzANBgNVBAcTBlRyb3BpYzEPMA0G
A1UEChMGVXRvcGlhMRMwEQYDVQQLEwpSZWxheGF0aW9uMRgwFgYDVQQDEw90aGUg
-c3Vic3ViY2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALnivon31Oqx
-kCoTwxhZ+gXNUnMJGH2ooYUswktY+ML9LSCX0N85vhV7JnKhS8xiAwwrm33R8KRm
-NtRIi8phc2Gzw54KWlTVQ62IKg+FQfDWCY3UmvIQTkHY0ojNB3jqYGco4U+ePSSL
-ZDH909NMu8hCSRVp9gYUAG233x3CRIh9AgMBAAGgADANBgkqhkiG9w0BAQUFAAOB
-gQBN3GWZgt/lPxp6arW8azlqgMwrFqay++JhWLzJZHSCIbJYQweYlf3hD69ykfYP
-xxqG5+K9T81dJqHSEWgvXysK8yJAIcFUigV2Fdd6ggwUKvRLzBe6rS7b0imV32mP
-BF/IVWQXScyQWCpp15ktKXdUY6QkygYeeMnf4Scf2tTlgg==
+c3Vic3ViY2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMHx4iAEC9zZ
+rcLX+uZw828UDWZK7cNmuRqD9nNnRgvp9RHuJiuk5HeSceCiGna6o5MthAVxzyz/
+MplJXa7Vn7DT0n9QIboLQNRrqNa6qQq8fdkovEV6UNP7QarqwHaolujEi/xux4g3
+wi9JumH9l/eRxio1HDqLOcEpl24boVv7AgMBAAGgADANBgkqhkiG9w0BAQUFAAOB
+gQClUJ+/IyD3EjF9mrNduam2Mo018QJIto5xw3GEFABSQDINVVZQjX2hz7bMLnGq
++GfhX8YIaLpAeLLPii0iHrg3khUwH360Kxo45oFAJUAVhGljZztAHmRc+x1RwYxN
+m4sRhMKAdL26QwTQuMZzxlSDSJHS5UAc+1B0nVyVqx+GUQ==
-----END CERTIFICATE REQUEST-----
\r
\r
[ ca_server ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# This is OK for an SSL server.\r
nsCertType = server\r
nsComment = "OpenSSL Generated Server Certificate"\r
# nsCertType = objsign\r
\r
[ ca_altname ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# This is OK for an SSL server.\r
nsCertType = server\r
nsComment = "OpenSSL Generated Server Certificate"\r
subjectAltName = DNS:*.hoo.org,DNS:joo.haa.org,IP:123.124.220.1,DNS:g*a.e*.com\r
\r
[ ca_altname2 ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# This is OK for an SSL server.\r
nsCertType = server\r
nsComment = "OpenSSL Generated Server Certificate"\r
subjectAltName = $ENV::DNS_HOSTNAME\r
\r
[ ca_altname3 ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# This is OK for an SSL server.\r
nsCertType = server\r
nsComment = "OpenSSL Generated Server Certificate"\r
subjectAltName = email:john.doe@foo.bar\r
\r
[ ca_client ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# For normal client use this is typical\r
nsCertType = client, email\r
nsComment = "OpenSSL Generated Client Certificate"\r
\r
[ ca_clientserver ]\r
+basicConstraints = CA:false\r
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
# For normal client use this is typical\r
nsCertType = server, client, email\r
nsComment = "OpenSSL Generated Client Server Certificate"\r
\r
[ ca_fclient ]\r
-# This is typical in keyUsage for a client certificate.\r
+# Test cert without flags.\r
basicConstraints = CA:false\r
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\r
nsComment = "OpenSSL Generated Client Certificate with key usage"\r
-----BEGIN CERTIFICATE-----
-MIIDCzCCAnSgAwIBAgIJAJuFJ8UKay74MA0GCSqGSIb3DQEBBQUAMF0xCzAJBgNV
+MIIDCzCCAnSgAwIBAgIJALpkA0P4MdBQMA0GCSqGSIb3DQEBBQUAMF0xCzAJBgNV
BAYTAlVHMQ8wDQYDVQQHEwZUcm9waWMxDzANBgNVBAoTBlV0b3BpYTETMBEGA1UE
-CxMKUmVsYXhhdGlvbjEXMBUGA1UEAxMOdGhlIHRydXN0ZWQgQ0EwHhcNMTAxMjE2
-MTcyMzA5WhcNMzgwNTAzMTcyMzA5WjBdMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMG
+CxMKUmVsYXhhdGlvbjEXMBUGA1UEAxMOdGhlIHRydXN0ZWQgQ0EwHhcNMTIwMTMw
+MTIxODQ5WhcNMjUxMDA4MTIxODQ5WjBdMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMG
VHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRpb24xFzAV
BgNVBAMTDnRoZSB0cnVzdGVkIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
-gQDZdPzKqIcYF1MYCcE/VZ63Pz8xJB8NcsLDK/VkWKGVGx6PTnanJ7I9k46ruTkb
-i362cmIj70qDNZzVlkaPJJ9ncwedhDvxcxofSVzqetI38RsHYBeLFm011W7wsVl3
-FeMbRRBUkcHSULSNU09lxvzSj3sbTqN8BiQWwKsfmCFH8QIDAQABo4HSMIHPMAwG
-A1UdEwQFMAMBAf8wHQYDVR0OBBYEFJO6Gw2Fwc+luvR2I+eCL4VngvNpMIGPBgNV
-HSMEgYcwgYSAFJO6Gw2Fwc+luvR2I+eCL4VngvNpoWGkXzBdMQswCQYDVQQGEwJV
+gQCv4kT+pYDDFXUfbQOMoJ0AZ4h1Bo9z0zSKHhlhVS747qvlgU1oCV6Bnh9RMfWR
+kUvvW8lvwDlPiMcQw/DYYTOnQvXXqiuSBr01tEVH7YNVC4mbEYFSIwmjgEW+ol6Z
+uIk+9G5SC2MKVN9X5PZjtHIcvLDzopDHW7yEke9jOCyK4wIDAQABo4HSMIHPMAwG
+A1UdEwQFMAMBAf8wHQYDVR0OBBYEFGePn60nINcTy7n5GqHFPJ1FtkpMMIGPBgNV
+HSMEgYcwgYSAFGePn60nINcTy7n5GqHFPJ1FtkpMoWGkXzBdMQswCQYDVQQGEwJV
RzEPMA0GA1UEBxMGVHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJl
-bGF4YXRpb24xFzAVBgNVBAMTDnRoZSB0cnVzdGVkIENBggkAm4UnxQprLvgwDgYD
-VR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4GBANBi+lIoIhlKOLs1Wbxfu+Mv
-0vxde/ZIWjJ6KTTfXpvhshimKPwVfv+kppJA6wdVtVe7Zx5Jwc9Wt/p6lWD6htoI
-8p6k9GCk2sT5DcVlErxi1hIwps+RbkuJVPpwQZFpCdpKyOTcfJvhXlbO27ZI6Qyw
-dfTq0+pVfIgUoBVG9Rw/
+bGF4YXRpb24xFzAVBgNVBAMTDnRoZSB0cnVzdGVkIENBggkAumQDQ/gx0FAwDgYD
+VR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4GBAJpcvcizPwtuF5GERvEQPVlh
+sCfrsPXn+e01qAevpIIIRFvWu1W6dC5pRzRyU7QFGPhmgr2kiT4wxZMVAJ5Vpxpz
+/nnTiXSQhSMaWclQ7F+mWtrXVkOgdxziILuzNwrvUo+5beGTlxItkcEK2AuAncl1
+88GVBuPADpITbGmca9j0
-----END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDZdPzKqIcYF1MYCcE/VZ63Pz8xJB8NcsLDK/VkWKGVGx6PTnan
-J7I9k46ruTkbi362cmIj70qDNZzVlkaPJJ9ncwedhDvxcxofSVzqetI38RsHYBeL
-Fm011W7wsVl3FeMbRRBUkcHSULSNU09lxvzSj3sbTqN8BiQWwKsfmCFH8QIDAQAB
-AoGBAMDwj6qwRM0XRN67KP8s1Jn6P/M1/WdNP4kz45KZISTO3xp/n79H9Vm1Jo0u
-1oCeEFuIuZLwqcgpNXI813YCJHteXrTx12B5iMroBQ2hmm2plgkcok2dS3NQDnGc
-3LeiWaljgLJV+MFA/5cRdP39jFo84gJvsf2XbSkbDPzeTmsRAkEA7S+VjWG8Xxol
-65B1nozOaXMoKW1hVFxKHb5bF9p2cmkRLXv9ILnhQohwvPx0XQUuejuNicrB9Mzm
-M6XYQk5z1wJBAOq0x0eKgsU9yLktqGBUfWTpfk9tYVr4mS43b6uSUZjRGwcs1o7d
-5Ew+oyj204kpkSECxCjRabS73XJ9ihBEKXcCQB+NKunJzJMiGVVCvELBHFwus3L/
-V+ku9bULM3by2rrRezV/vuZxk6OUHtslAh21qL8d2PAxhqeX8i+Aqkn3wbUCQHAv
-5SlfHc7mD3HkTx1shVuc+FFC+UwglCexO+GI2RPwr7ioSA6WJbAEKL1F7iscAVEE
-H3tbTemj+t/k/f90dVUCQH+ns8UJYRLIhuEW0vF5D1LYNFEtAMly96iCRUChciAF
-lV8ve1NcgfvujhQPLC5Sj8pNj/omVwUCFNZNaiQf/9o=
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAK/iRP6lgMMVdR9t
+A4ygnQBniHUGj3PTNIoeGWFVLvjuq+WBTWgJXoGeH1Ex9ZGRS+9byW/AOU+IxxDD
+8NhhM6dC9deqK5IGvTW0RUftg1ULiZsRgVIjCaOARb6iXpm4iT70blILYwpU31fk
+9mO0chy8sPOikMdbvISR72M4LIrjAgMBAAECgYARBo43OD4mpEUaLatSSZnpGByV
+d3UbeS500EUUrvJFFpV9Oe8MSxvi4DOX4IYs+Suol/H/51Ok51CdxtnhmEcvmKLX
+nxnFU+zZIflAThg5IvUIC0GxNq7NNr4omOSciaLwVN8JVxjQD5H7mSajVjXxMeGT
+TbyX7dmblQl4qfoVQQJBAN6aHif09z0YEAy2GLxQm+6eFw9k8H32iHn5cg94N9ma
++EYNdsws/qDX9Xes7I3B80n93U9uwPIUklS4xa9/Ru0CQQDKRcMdb5DfgmaW/8Ia
+lD9Hm1WChmkN/fb3ooUbPp38pto4QAAfz2vjuXSzkpDIDIOF9Q6azdyrc0SdNg//
+XY8PAkA8rvMNnYBRDWBCttmjbK41rK9IqRHOpQirh88KXJGNJuwL3NvH6XQ40ObA
+C0opkvgJ8cUFRIIg/G6v3fc2UpI5AkBo3Cedf/Pz2w9CIo7G5qmzfpSi2PlnVoyM
+rkUg7aJLk1g3pv4pf4doBAG7AjVqcApTDMqoeCZ4/4XHlnpOoXsDAkBuLWSWMpqS
+wX5nmC4bXOUJqOPDgDt3o6QISK9J85tUwb4EmYoFY0VtSyRe5tyWSdxLhc7uCfUZ
+eCZueq5lS7YC
+-----END PRIVATE KEY-----
git://scientific.zcu.cz / glite-security-test-utils.git / commitdiff