From 0016b2ce13461c82c1289f296d6f2274d461aa24 Mon Sep 17 00:00:00 2001
From: brian <brian@mails.bcrl.ch>
Date: Tue, 18 Jun 2024 18:33:10 +0200
Subject: [PATCH] script now takes CSR and outputs pem cert

---
 certs/ca/certs/ca.cert.pem                    |  34 +++++
 certs/ca/index.txt                            |   2 +
 certs/ca/index.txt.attr                       |   1 +
 certs/ca/index.txt.attr.old                   |   1 +
 certs/ca/index.txt.old                        |   1 +
 certs/ca/intermediate/certs/bibi.ch.cert.pem  |  34 +++++
 certs/ca/intermediate/certs/ca-chain.cert.pem |  67 +++++++++
 .../intermediate/certs/intermediate.cert.pem  |  33 +++++
 .../ca/intermediate/csr/andrewtate.ch.csr.pem |  18 +++
 certs/ca/intermediate/csr/bibi.ch.csr.pem     |  17 +++
 .../ca/intermediate/csr/intermediate.csr.pem  |  28 ++++
 certs/ca/intermediate/index.txt               |   2 +
 certs/ca/intermediate/index.txt.attr          |   1 +
 certs/ca/intermediate/index.txt.attr.old      |   1 +
 certs/ca/intermediate/index.txt.old           |   1 +
 certs/ca/intermediate/newcerts/1000.pem       |  34 +++++
 certs/ca/intermediate/newcerts/1001.pem       |  34 +++++
 certs/ca/intermediate/openssl.cnf             | 140 ++++++++++++++++++
 .../private/andrewtate.ch.key.pem             |  30 ++++
 .../intermediate/private/intermediate.key.pem |  54 +++++++
 certs/ca/intermediate/serial                  |   1 +
 certs/ca/intermediate/serial.old              |   1 +
 certs/ca/newcerts/1000.pem                    |  33 +++++
 certs/ca/newcerts/1001.pem                    |  33 +++++
 certs/ca/openssl.cnf                          | 132 +++++++++++++++++
 certs/ca/private/ca.key.pem                   |  54 +++++++
 certs/ca/serial                               |   1 +
 certs/ca/serial.old                           |   1 +
 full_chain.pem                                |  60 ++++++++
 gen_cert.py                                   |  49 ++----
 newcompany/certs/out.pem                      |  27 ++++
 newcompany/company.csr                        |  17 +++
 newcompany/privatekey.key                     |  30 ++++
 33 files changed, 937 insertions(+), 35 deletions(-)
 create mode 100644 certs/ca/certs/ca.cert.pem
 create mode 100644 certs/ca/index.txt
 create mode 100644 certs/ca/index.txt.attr
 create mode 100644 certs/ca/index.txt.attr.old
 create mode 100644 certs/ca/index.txt.old
 create mode 100644 certs/ca/intermediate/certs/bibi.ch.cert.pem
 create mode 100644 certs/ca/intermediate/certs/ca-chain.cert.pem
 create mode 100644 certs/ca/intermediate/certs/intermediate.cert.pem
 create mode 100644 certs/ca/intermediate/csr/andrewtate.ch.csr.pem
 create mode 100644 certs/ca/intermediate/csr/bibi.ch.csr.pem
 create mode 100644 certs/ca/intermediate/csr/intermediate.csr.pem
 create mode 100644 certs/ca/intermediate/index.txt
 create mode 100644 certs/ca/intermediate/index.txt.attr
 create mode 100644 certs/ca/intermediate/index.txt.attr.old
 create mode 100644 certs/ca/intermediate/index.txt.old
 create mode 100644 certs/ca/intermediate/newcerts/1000.pem
 create mode 100644 certs/ca/intermediate/newcerts/1001.pem
 create mode 100644 certs/ca/intermediate/openssl.cnf
 create mode 100644 certs/ca/intermediate/private/andrewtate.ch.key.pem
 create mode 100644 certs/ca/intermediate/private/intermediate.key.pem
 create mode 100644 certs/ca/intermediate/serial
 create mode 100644 certs/ca/intermediate/serial.old
 create mode 100644 certs/ca/newcerts/1000.pem
 create mode 100644 certs/ca/newcerts/1001.pem
 create mode 100644 certs/ca/openssl.cnf
 create mode 100644 certs/ca/private/ca.key.pem
 create mode 100644 certs/ca/serial
 create mode 100644 certs/ca/serial.old
 create mode 100644 full_chain.pem
 create mode 100644 newcompany/certs/out.pem
 create mode 100644 newcompany/company.csr
 create mode 100644 newcompany/privatekey.key

diff --git a/certs/ca/certs/ca.cert.pem b/certs/ca/certs/ca.cert.pem
new file mode 100644
index 0000000..1d256a2
--- /dev/null
+++ b/certs/ca/certs/ca.cert.pem
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF0TCCA7mgAwIBAgIUTYJwDE0JnSgF0p6JoxQQE0w+iL4wDQYJKoZIhvcNAQEL
+BQAwcDEXMBUGA1UEAwwOaG9yc2V0aW5kZXIuY2gxCzAJBgNVBAYTAkNIMQ0wCwYD
+VQQIDARWYXVkMQ8wDQYDVQQHDAZHZW5ldmExGjAYBgNVBAoMEUhvcnNlIFRpbmRl
+ciBTYXJsMQwwCgYDVQQLDANJU0MwHhcNMjQwNTE2MjA0MTI3WhcNNDQwNTExMjA0
+MTI3WjBwMRcwFQYDVQQDDA5ob3JzZXRpbmRlci5jaDELMAkGA1UEBhMCQ0gxDTAL
+BgNVBAgMBFZhdWQxDzANBgNVBAcMBkdlbmV2YTEaMBgGA1UECgwRSG9yc2UgVGlu
+ZGVyIFNhcmwxDDAKBgNVBAsMA0lTQzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
+AgoCggIBAKDU2hfwVPYQOxdtZHAfgCD0OJRRF0QpvnQ7P6QUvTcnBg01C3FMTbAF
+8mODblW+MCDfDkOn7mtVNBRbkAOTqzUTDy4CejQ2VUJO0MTAP+l3UmZW8Rog1wGr
+tDdvXHBm+IThjn2y0qcQwHko9ckUhGd33ql1raEuDBVRVgpURaUsD++QeLMH4nE4
+IrcRq3+jROpRsBR8H+NFsH9ltCMlmTCRkLGO6Fh83qPN/QXxp2OlLV+0EoeEHo84
+6i7VphjoyQBZMwNNdS9tJmJS/GLMmPnOnQ9svVo7OeFeXQBZ4E4N+Fk/l0v08ugG
+Di+nrkIA0Xxhptl4HRTohuJDkvgZ6Yo5W6B/7YoMTiHUkfFQ7w6hUsuAYLV3mA9e
+KNtLF7z1MkeL8PxJMIF5XW1hzQktQbFOuT21xuZvLGAAmmfItWrN8UrwehP6Empq
+WvHF+fVGEWYUlunLM2q+qNpzDGV7LJ5XsUgDqEUVrG71GagDYYHBZPBkStt4PC4a
+0UFYVVbvgbLl1GYF09b+6Fd1yZfBuV32z/9xVtkZkyn7cbbNsTRO+KwEThppt51S
+CwjL7cPFItLXdrJbVl+ZBRcvF/lpb4rSHNEcwdJzpSBFXPSZqAgG6uYFFR6YbUFV
+2bmHEeaanTMUi07JxDK1ZQWLse/LODNnyB6gVhRa0SqHxJ4cEwv/AgMBAAGjYzBh
+MB0GA1UdDgQWBBRBW8ia+4qNimJujZGcOmAgu1mBzzAfBgNVHSMEGDAWgBRBW8ia
++4qNimJujZGcOmAgu1mBzzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
+hjANBgkqhkiG9w0BAQsFAAOCAgEAKrLKpffpLJNo5lXc3usgwRItvwYqIpys/6/g
+m68qVoT/nFCRdz6r3YXiQ6HZa8BgDE9a+pLZqEBSnx8XTe1IrkPc5LUEXFi6Y+gN
+ZF+OWMQ6h979JXFQx1a8kwTcIkxU0+ThspFnmPvbBrZ1A4/aNsHNJZK2qjLObsML
+9hKlnQx4wIMbLXrTcofrQhuUPw2aLY5zi64LvE7LEjsY2Bh/9fVBOGHM5llX+lDI
+/G7nl3z6v72+Db5hDi6SgJBD6V8xP1OKVmeJjGhwe5okNGq93Gi188wTvpUJMemk
+yy3FVTzRHK8pbK4a5D6zE0DqJTI4DfrefTKsCaqT1K+YSv42gB2jAYyFrbU19p48
+WTzboztNmSAS5tycfA3/SWFBrrj+SCqtbf51/IQrPAh2qN4Jx9cqrApMAI+wTdiB
+yuo8YCW38DTL0HDc6lvMIMfIRaq7sz1+i2lwNav27d8l0sYK49j92ei4Ylua6S7E
+P/B8R9rYfjjkWaU+zkql9XXBVmFnbUXbr5dzutgusOS02uGbwis6UtKy+c18USog
+S7Jc0TusKD/Yv3xfqA4OKcrUJnhKTwA9pA+a5tCZtqbhbMXKrvj8Ngw/W8VVh27Y
+4os1SkpxugXblTc4rNrLqk7hkp0k+a6bLREaihTpyjVjd942Uey251K7400m236D
+cpxtIDA=
+-----END CERTIFICATE-----
diff --git a/certs/ca/index.txt b/certs/ca/index.txt
new file mode 100644
index 0000000..88c6f84
--- /dev/null
+++ b/certs/ca/index.txt
@@ -0,0 +1,2 @@
+V	340514204530Z		1000	unknown	/C=CH/ST=Vaud/O=Horse Tinder Sarl/OU=ISC/CN=horsetinder.ch
+V	340514205830Z		1001	unknown	/C=CH/ST=Vaud/O=Horse Tinder Sarl/OU=ISC/CN=andrewtate.ch
diff --git a/certs/ca/index.txt.attr b/certs/ca/index.txt.attr
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/certs/ca/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/certs/ca/index.txt.attr.old b/certs/ca/index.txt.attr.old
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/certs/ca/index.txt.attr.old
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/certs/ca/index.txt.old b/certs/ca/index.txt.old
new file mode 100644
index 0000000..2aeb72e
--- /dev/null
+++ b/certs/ca/index.txt.old
@@ -0,0 +1 @@
+V	340514204530Z		1000	unknown	/C=CH/ST=Vaud/O=Horse Tinder Sarl/OU=ISC/CN=horsetinder.ch
diff --git a/certs/ca/intermediate/certs/bibi.ch.cert.pem b/certs/ca/intermediate/certs/bibi.ch.cert.pem
new file mode 100644
index 0000000..f9087cd
--- /dev/null
+++ b/certs/ca/intermediate/certs/bibi.ch.cert.pem
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF0zCCA7ugAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwXjELMAkGA1UEBhMCQ0gx
+DTALBgNVBAgMBFZhdWQxGjAYBgNVBAoMEUhvcnNlIFRpbmRlciBTYXJsMQwwCgYD
+VQQLDANJU0MxFjAUBgNVBAMMDWFuZHJld3RhdGUuY2gwHhcNMjQwNTE2MjEyMjE3
+WhcNMjUwNTI2MjEyMjE3WjBnMQswCQYDVQQGEwJDSDENMAsGA1UECAwEVmF1ZDEP
+MA0GA1UEBwwGR2VuZXZhMRgwFgYDVQQKDA9MZSBUcmlvIEdhZ25hbnQxDDAKBgNV
+BAsMA0lTQzEQMA4GA1UEAwwHYmliaS5jaDCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAN/D5iemsTHkguIeA/OkPO6tTD3WsgPrnfOVvF7+8ASZRLBrvPD9
+3w9u34QU/cp797l9+dt+26zWDw0JyANikuvDuAdlHeVUyEj8MLjEZzwXNPv0vK5S
+iqZNCJ9VyibEZAancGWzhr2BW9jqBzHdMb8mNoM0ZJa7krWEFukHUbPjSUoE6EdB
+cWSSO+mrIxTJmBwr5OzvtCMQO9tdc9Z7n5w42zLmQhLXRc911FE+9Ui/PE5jrYIe
+22U6LpyBur/0i0RutDLvalgT+ZqJaVnRu6UemKGQsZEyo9JnTf3rbgZP9FehQEZ4
+KKInSwr3tx6p8xLATC0T8+9d6RUx9+52YpsCAwEAAaOCAZAwggGMMAkGA1UdEwQC
+MAAwEQYJYIZIAYb4QgEBBAQDAgZAMDMGCWCGSAGG+EIBDQQmFiRPcGVuU1NMIEdl
+bmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFEfuj70CdFuqdOO+
+zfHE4ht7J0T8MIGbBgNVHSMEgZMwgZCAFN6ATyzm7FYoUHlX5afUB9g9RLGToXSk
+cjBwMRcwFQYDVQQDDA5ob3JzZXRpbmRlci5jaDELMAkGA1UEBhMCQ0gxDTALBgNV
+BAgMBFZhdWQxDzANBgNVBAcMBkdlbmV2YTEaMBgGA1UECgwRSG9yc2UgVGluZGVy
+IFNhcmwxDDAKBgNVBAsMA0lTQ4ICEAEwDgYDVR0PAQH/BAQDAgXgMBMGA1UdJQQM
+MAoGCCsGAQUFBwMBMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDov
+L29jc3AyLmV4YW1wbGUuY29tMB8GA1UdEQQYMBaCB2JpYmkuY2iCC3d3dy5iaWJp
+LmNoMA0GCSqGSIb3DQEBCwUAA4ICAQAVPFEmoxhJShTw/pLzwY6dman9FWUQT9/8
+rPnHimCcgti6KJVWPE+gf7GW+P25bQH2pqNy0BanG/434Ly7QPxEO6ZE4+iz1NIK
+mwdOME7S7YY+fRho0apcW+b84YP39yewSz5vxWI29n3dt6FshUpTNc3MU2qP/93V
+VaiEMqZIO4Z5BwN+pkhOtZdVG3Faxw4/9hKcUOxExGerdxlqNidBtPObE39OQV5t
+mad2xSUq3GJU9ebUwqQbfugQz2+4uQU8cjdWE5sdrFgJuSr+b7gojICMF1NRse7a
+/b9NGm5DLqpNi/6XCmw3qjHoIYzUEO1RTC04BatkondCE4owTFa3P8XOG/u8VTxh
+eu26o/tnrKmmniPoDQDSVodghGJ0QdGoKzzafiUaDZIfRFrQVdp3GcexLYb1FgXq
+FULg0gmELgthBG8xuvSyIPG1GBdJCKG5GUgjSkgr43SR8n1iBEjQUucrluxgTmM2
+H/mFMnqrEF5O8qAE0B2MV52cD1OdNhC/xw7v8fuaY6Rg4dLdSAUpEurKk4OkOYXA
+LhT9jRILji/y1p+SC/HOyXhkJm1ELxULLjbVWYD+qjMkiXXj2ePeFHYFHEkQqsuM
+3hR9b/ouT0xRyLeHgSrePEwY8ohogrSyK2lYvoeFxtFwB75lOODdtgoMXfut8tzt
+REfeuftqrA==
+-----END CERTIFICATE-----
diff --git a/certs/ca/intermediate/certs/ca-chain.cert.pem b/certs/ca/intermediate/certs/ca-chain.cert.pem
new file mode 100644
index 0000000..b8d279d
--- /dev/null
+++ b/certs/ca/intermediate/certs/ca-chain.cert.pem
@@ -0,0 +1,67 @@
+-----BEGIN CERTIFICATE-----
+MIIFsDCCA5igAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwcDEXMBUGA1UEAwwOaG9y
+c2V0aW5kZXIuY2gxCzAJBgNVBAYTAkNIMQ0wCwYDVQQIDARWYXVkMQ8wDQYDVQQH
+DAZHZW5ldmExGjAYBgNVBAoMEUhvcnNlIFRpbmRlciBTYXJsMQwwCgYDVQQLDANJ
+U0MwHhcNMjQwNTE2MjA1ODMwWhcNMzQwNTE0MjA1ODMwWjBeMQswCQYDVQQGEwJD
+SDENMAsGA1UECAwEVmF1ZDEaMBgGA1UECgwRSG9yc2UgVGluZGVyIFNhcmwxDDAK
+BgNVBAsMA0lTQzEWMBQGA1UEAwwNYW5kcmV3dGF0ZS5jaDCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBAMsTexhqMHc2CXkVZjFaQVV0p4jUjDvLMshKyxMI
+/twPv/vOg4qRgmaAZ7FUXtjCXN3E1RT40VICRps5zOPkJxMukbNOAKVkSlcvSCEV
+d51PrA1B9QIq3YVCOE/Q503bsDbcX2sSphnME39A2hMOSuRldNK6QsIM7BJccdD7
+lUcKhDMhMNkZ5+bFcxsf+XinkVnT/LyGm4PLjagjXAOCT2adOGboUFhmRo0/vHof
+R9h5gbrHLiGf8BZcX4VK28EhGKoNOKpdspcCIXfzDFFFNVt1cpXBufXTcH8T04kz
+IeVqN34lA/LRF3X/leZ/J5ZjbhSK50kOenP+5gmJ0tkRj0mOeYUNVYs+tz86uhvL
+uYdABXLeaAeVoJrmtuz0E7O2ls6B+ay+hmZGZvl6TnPnZ/y6eMuP7hNNw8AkTWV5
+ps3sUE7puEMFseN4ABR7RtrK/j/m8BOzOLBaivMzyGIDOiwAjNA76Ab9phdmxvrM
+PEPDhMKiPvYfdbVs0AdrHFkHKGrTSmHorFA42idfbutXTGoWufxv21nlZMSqxn11
+/nTdFb1j6RZBJHYKhD7vnvOcp/SB4BstnTcXX+XWoCwAhNMXJO0BzJbGnpeA1zP+
+5igXVcXDClrnqa5+2r9hxYKHD+utEzr+hMAabUmx/MZXwhZoXH/I7KDuw54PMK5K
+0Dn1AgMBAAGjZjBkMB0GA1UdDgQWBBTegE8s5uxWKFB5V+Wn1AfYPUSxkzAfBgNV
+HSMEGDAWgBRBW8ia+4qNimJujZGcOmAgu1mBzzASBgNVHRMBAf8ECDAGAQH/AgEA
+MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAL/Q91IV5UoQamfVe
+wg3Wx1dWJw3e7fxZpXAF2GkGgIqsmMZdscU8AQ3eMPriDQcqW0mcSohKl8gN6pvY
+bPqbfrzrZV7LVc/5O0JcWAD1oIJceKLZ2DSaAzPHvz9N0qC9YIDnw8wN1AfqK4OC
+UbTheKVHotYT8S13dAY/asVLpTf8xlvngt3RObe3U6KyO81pGmM/HHRuPMum/fV0
+iHtasCQ4hUZ/+x2wwngnm+yxfcDJaLDJ9IUhQZQwiw27OChh+MLrlkqmzxfntMjv
+/kCImH4T2X3c6czJ56qpLsv7wRDAxsNjJtCasXkXBl+RNvSCer3G3SPB/yl30bUf
+C/OBfJyuGs5H7DdUJ39d0MUK4YC+b7t6YH+dEAD6HZBP2tzmEGcREAtQV+5e5KJD
+KA9AitzuQ18MNJrBTj03qDFi3xhbuykYtKZzVWQRq/MyvxuzJFc59rqhMqp++p/R
+Oj7wv0A6/P+fbUm1FlEiREKFF6ejcJWCP0SdJIlv8ZiTkdg8UGFM0dGed5hXQvww
+nZZhfxOo+NIil1BoGfZZ38qbUNdK2kMxnrTdqgFX53Hz9xqjXTn43FMS+CJRZxVP
+o45dAtQbKOkKStVAWC9cXvzAS4st/hdlC5EkbzsZUXArRjTJ0A633YkDTu6OshKH
+lJDwQc1G93zhyDVJDfMWSf1rg78=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIF0TCCA7mgAwIBAgIUTYJwDE0JnSgF0p6JoxQQE0w+iL4wDQYJKoZIhvcNAQEL
+BQAwcDEXMBUGA1UEAwwOaG9yc2V0aW5kZXIuY2gxCzAJBgNVBAYTAkNIMQ0wCwYD
+VQQIDARWYXVkMQ8wDQYDVQQHDAZHZW5ldmExGjAYBgNVBAoMEUhvcnNlIFRpbmRl
+ciBTYXJsMQwwCgYDVQQLDANJU0MwHhcNMjQwNTE2MjA0MTI3WhcNNDQwNTExMjA0
+MTI3WjBwMRcwFQYDVQQDDA5ob3JzZXRpbmRlci5jaDELMAkGA1UEBhMCQ0gxDTAL
+BgNVBAgMBFZhdWQxDzANBgNVBAcMBkdlbmV2YTEaMBgGA1UECgwRSG9yc2UgVGlu
+ZGVyIFNhcmwxDDAKBgNVBAsMA0lTQzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
+AgoCggIBAKDU2hfwVPYQOxdtZHAfgCD0OJRRF0QpvnQ7P6QUvTcnBg01C3FMTbAF
+8mODblW+MCDfDkOn7mtVNBRbkAOTqzUTDy4CejQ2VUJO0MTAP+l3UmZW8Rog1wGr
+tDdvXHBm+IThjn2y0qcQwHko9ckUhGd33ql1raEuDBVRVgpURaUsD++QeLMH4nE4
+IrcRq3+jROpRsBR8H+NFsH9ltCMlmTCRkLGO6Fh83qPN/QXxp2OlLV+0EoeEHo84
+6i7VphjoyQBZMwNNdS9tJmJS/GLMmPnOnQ9svVo7OeFeXQBZ4E4N+Fk/l0v08ugG
+Di+nrkIA0Xxhptl4HRTohuJDkvgZ6Yo5W6B/7YoMTiHUkfFQ7w6hUsuAYLV3mA9e
+KNtLF7z1MkeL8PxJMIF5XW1hzQktQbFOuT21xuZvLGAAmmfItWrN8UrwehP6Empq
+WvHF+fVGEWYUlunLM2q+qNpzDGV7LJ5XsUgDqEUVrG71GagDYYHBZPBkStt4PC4a
+0UFYVVbvgbLl1GYF09b+6Fd1yZfBuV32z/9xVtkZkyn7cbbNsTRO+KwEThppt51S
+CwjL7cPFItLXdrJbVl+ZBRcvF/lpb4rSHNEcwdJzpSBFXPSZqAgG6uYFFR6YbUFV
+2bmHEeaanTMUi07JxDK1ZQWLse/LODNnyB6gVhRa0SqHxJ4cEwv/AgMBAAGjYzBh
+MB0GA1UdDgQWBBRBW8ia+4qNimJujZGcOmAgu1mBzzAfBgNVHSMEGDAWgBRBW8ia
++4qNimJujZGcOmAgu1mBzzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
+hjANBgkqhkiG9w0BAQsFAAOCAgEAKrLKpffpLJNo5lXc3usgwRItvwYqIpys/6/g
+m68qVoT/nFCRdz6r3YXiQ6HZa8BgDE9a+pLZqEBSnx8XTe1IrkPc5LUEXFi6Y+gN
+ZF+OWMQ6h979JXFQx1a8kwTcIkxU0+ThspFnmPvbBrZ1A4/aNsHNJZK2qjLObsML
+9hKlnQx4wIMbLXrTcofrQhuUPw2aLY5zi64LvE7LEjsY2Bh/9fVBOGHM5llX+lDI
+/G7nl3z6v72+Db5hDi6SgJBD6V8xP1OKVmeJjGhwe5okNGq93Gi188wTvpUJMemk
+yy3FVTzRHK8pbK4a5D6zE0DqJTI4DfrefTKsCaqT1K+YSv42gB2jAYyFrbU19p48
+WTzboztNmSAS5tycfA3/SWFBrrj+SCqtbf51/IQrPAh2qN4Jx9cqrApMAI+wTdiB
+yuo8YCW38DTL0HDc6lvMIMfIRaq7sz1+i2lwNav27d8l0sYK49j92ei4Ylua6S7E
+P/B8R9rYfjjkWaU+zkql9XXBVmFnbUXbr5dzutgusOS02uGbwis6UtKy+c18USog
+S7Jc0TusKD/Yv3xfqA4OKcrUJnhKTwA9pA+a5tCZtqbhbMXKrvj8Ngw/W8VVh27Y
+4os1SkpxugXblTc4rNrLqk7hkp0k+a6bLREaihTpyjVjd942Uey251K7400m236D
+cpxtIDA=
+-----END CERTIFICATE-----
diff --git a/certs/ca/intermediate/certs/intermediate.cert.pem b/certs/ca/intermediate/certs/intermediate.cert.pem
new file mode 100644
index 0000000..0e1c564
--- /dev/null
+++ b/certs/ca/intermediate/certs/intermediate.cert.pem
@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFsDCCA5igAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwcDEXMBUGA1UEAwwOaG9y
+c2V0aW5kZXIuY2gxCzAJBgNVBAYTAkNIMQ0wCwYDVQQIDARWYXVkMQ8wDQYDVQQH
+DAZHZW5ldmExGjAYBgNVBAoMEUhvcnNlIFRpbmRlciBTYXJsMQwwCgYDVQQLDANJ
+U0MwHhcNMjQwNTE2MjA1ODMwWhcNMzQwNTE0MjA1ODMwWjBeMQswCQYDVQQGEwJD
+SDENMAsGA1UECAwEVmF1ZDEaMBgGA1UECgwRSG9yc2UgVGluZGVyIFNhcmwxDDAK
+BgNVBAsMA0lTQzEWMBQGA1UEAwwNYW5kcmV3dGF0ZS5jaDCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBAMsTexhqMHc2CXkVZjFaQVV0p4jUjDvLMshKyxMI
+/twPv/vOg4qRgmaAZ7FUXtjCXN3E1RT40VICRps5zOPkJxMukbNOAKVkSlcvSCEV
+d51PrA1B9QIq3YVCOE/Q503bsDbcX2sSphnME39A2hMOSuRldNK6QsIM7BJccdD7
+lUcKhDMhMNkZ5+bFcxsf+XinkVnT/LyGm4PLjagjXAOCT2adOGboUFhmRo0/vHof
+R9h5gbrHLiGf8BZcX4VK28EhGKoNOKpdspcCIXfzDFFFNVt1cpXBufXTcH8T04kz
+IeVqN34lA/LRF3X/leZ/J5ZjbhSK50kOenP+5gmJ0tkRj0mOeYUNVYs+tz86uhvL
+uYdABXLeaAeVoJrmtuz0E7O2ls6B+ay+hmZGZvl6TnPnZ/y6eMuP7hNNw8AkTWV5
+ps3sUE7puEMFseN4ABR7RtrK/j/m8BOzOLBaivMzyGIDOiwAjNA76Ab9phdmxvrM
+PEPDhMKiPvYfdbVs0AdrHFkHKGrTSmHorFA42idfbutXTGoWufxv21nlZMSqxn11
+/nTdFb1j6RZBJHYKhD7vnvOcp/SB4BstnTcXX+XWoCwAhNMXJO0BzJbGnpeA1zP+
+5igXVcXDClrnqa5+2r9hxYKHD+utEzr+hMAabUmx/MZXwhZoXH/I7KDuw54PMK5K
+0Dn1AgMBAAGjZjBkMB0GA1UdDgQWBBTegE8s5uxWKFB5V+Wn1AfYPUSxkzAfBgNV
+HSMEGDAWgBRBW8ia+4qNimJujZGcOmAgu1mBzzASBgNVHRMBAf8ECDAGAQH/AgEA
+MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAL/Q91IV5UoQamfVe
+wg3Wx1dWJw3e7fxZpXAF2GkGgIqsmMZdscU8AQ3eMPriDQcqW0mcSohKl8gN6pvY
+bPqbfrzrZV7LVc/5O0JcWAD1oIJceKLZ2DSaAzPHvz9N0qC9YIDnw8wN1AfqK4OC
+UbTheKVHotYT8S13dAY/asVLpTf8xlvngt3RObe3U6KyO81pGmM/HHRuPMum/fV0
+iHtasCQ4hUZ/+x2wwngnm+yxfcDJaLDJ9IUhQZQwiw27OChh+MLrlkqmzxfntMjv
+/kCImH4T2X3c6czJ56qpLsv7wRDAxsNjJtCasXkXBl+RNvSCer3G3SPB/yl30bUf
+C/OBfJyuGs5H7DdUJ39d0MUK4YC+b7t6YH+dEAD6HZBP2tzmEGcREAtQV+5e5KJD
+KA9AitzuQ18MNJrBTj03qDFi3xhbuykYtKZzVWQRq/MyvxuzJFc59rqhMqp++p/R
+Oj7wv0A6/P+fbUm1FlEiREKFF6ejcJWCP0SdJIlv8ZiTkdg8UGFM0dGed5hXQvww
+nZZhfxOo+NIil1BoGfZZ38qbUNdK2kMxnrTdqgFX53Hz9xqjXTn43FMS+CJRZxVP
+o45dAtQbKOkKStVAWC9cXvzAS4st/hdlC5EkbzsZUXArRjTJ0A633YkDTu6OshKH
+lJDwQc1G93zhyDVJDfMWSf1rg78=
+-----END CERTIFICATE-----
diff --git a/certs/ca/intermediate/csr/andrewtate.ch.csr.pem b/certs/ca/intermediate/csr/andrewtate.ch.csr.pem
new file mode 100644
index 0000000..4f25a9a
--- /dev/null
+++ b/certs/ca/intermediate/csr/andrewtate.ch.csr.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC1zCCAb8CAQAwYDEQMA4GA1UEAwwHYmliaS5jaDELMAkGA1UEBhMCQ0gxDTAL
+BgNVBAgMBFZhdWQxDzANBgNVBAcMBkdlbmV2YTERMA8GA1UECgwIQmliaSBMdGQx
+DDAKBgNVBAsMA0lTQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN/D
+5iemsTHkguIeA/OkPO6tTD3WsgPrnfOVvF7+8ASZRLBrvPD93w9u34QU/cp797l9
++dt+26zWDw0JyANikuvDuAdlHeVUyEj8MLjEZzwXNPv0vK5SiqZNCJ9VyibEZAan
+cGWzhr2BW9jqBzHdMb8mNoM0ZJa7krWEFukHUbPjSUoE6EdBcWSSO+mrIxTJmBwr
+5OzvtCMQO9tdc9Z7n5w42zLmQhLXRc911FE+9Ui/PE5jrYIe22U6LpyBur/0i0Ru
+tDLvalgT+ZqJaVnRu6UemKGQsZEyo9JnTf3rbgZP9FehQEZ4KKInSwr3tx6p8xLA
+TC0T8+9d6RUx9+52YpsCAwEAAaAyMDAGCSqGSIb3DQEJDjEjMCEwHwYDVR0RBBgw
+FoIHYmliaS5jaIILd3d3LmJpYmkuY2gwDQYJKoZIhvcNAQELBQADggEBAEvUrlP+
+cXrOkeN+7x4fevlWdr4Z3wdKtsicOa1VaaspGMKnxNfyKwHunDEdll20hwEPDtul
+wD/VbVXZHylOm6EPhrwOFTl/fub76SaiIECaU/yXX4tvFkeOsXEhF6B5PQkrOACW
+jknPEyxNUxrjfbEimKjFEqI4oGWjN8y+bbLFAxPXuOehsh53wuD5y9ryldKfWkf1
+vEUaY9C/3rQP7JhJyJuSOm50R1XSHhk6tT5ms5mo7w3idMKeEX7oz2lqEOfZof4+
+7HuXVu5BqRCtqMS9YYg0QKRPBNRCzAKbjIgjREqjV/OQRhmZka/Zydw0AjbsTraP
+PL6tRZD3P9h3NY0=
+-----END CERTIFICATE REQUEST-----
diff --git a/certs/ca/intermediate/csr/bibi.ch.csr.pem b/certs/ca/intermediate/csr/bibi.ch.csr.pem
new file mode 100644
index 0000000..29ac321
--- /dev/null
+++ b/certs/ca/intermediate/csr/bibi.ch.csr.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICrDCCAZQCAQAwZzEQMA4GA1UEAwwHYmliaS5jaDELMAkGA1UEBhMCQ0gxDTAL
+BgNVBAgMBFZhdWQxDzANBgNVBAcMBkdlbmV2YTEYMBYGA1UECgwPTGUgVHJpbyBH
+YWduYW50MQwwCgYDVQQLDANJU0MwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDfw+YnprEx5ILiHgPzpDzurUw91rID653zlbxe/vAEmUSwa7zw/d8Pbt+E
+FP3Ke/e5ffnbftus1g8NCcgDYpLrw7gHZR3lVMhI/DC4xGc8FzT79LyuUoqmTQif
+VcomxGQGp3Bls4a9gVvY6gcx3TG/JjaDNGSWu5K1hBbpB1Gz40lKBOhHQXFkkjvp
+qyMUyZgcK+Ts77QjEDvbXXPWe5+cONsy5kIS10XPddRRPvVIvzxOY62CHttlOi6c
+gbq/9ItEbrQy72pYE/maiWlZ0bulHpihkLGRMqPSZ039624GT/RXoUBGeCiiJ0sK
+97ceqfMSwEwtE/PvXekVMffudmKbAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEA
+PNkhsM8ZmLPZLtGSBc26vJtkAnGlCkK9joiK7DHBKe/b12WrCOsWdfrXl/SlCRnB
+BpAesE4mxcj82bJ51+/xZ6bCWy+RSDqrNobc1CLDYsUrdR/RcWZsXExPpN7MpcBu
+tCsQCeP98HoYhqOXJUQtpOnJdaJqloZ07xyB5jfGQrbci1yKWjpHMZhi/ckfPJie
+HetLvYaHjr+1uCG6qolVQUZ8vp2rkD9oRBgDqzDzbhvisCJiIWEsdHpKddwZRm3E
+fvPBmbuzOYy5vDRgXkRe0/fId/ppxXqZuxH6wkjR/O9qCY+crWzexl98/isUgwo9
+CHvkmf+jb/98s7hP8RGyaQ==
+-----END CERTIFICATE REQUEST-----
diff --git a/certs/ca/intermediate/csr/intermediate.csr.pem b/certs/ca/intermediate/csr/intermediate.csr.pem
new file mode 100644
index 0000000..456a739
--- /dev/null
+++ b/certs/ca/intermediate/csr/intermediate.csr.pem
@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIEtDCCApwCAQAwbzEWMBQGA1UEAwwNYW5kcmV3dGF0ZS5jaDELMAkGA1UEBhMC
+Q0gxDTALBgNVBAgMBFZhdWQxDzANBgNVBAcMBkdlbmV2YTEaMBgGA1UECgwRSG9y
+c2UgVGluZGVyIFNhcmwxDDAKBgNVBAsMA0lTQzCCAiIwDQYJKoZIhvcNAQEBBQAD
+ggIPADCCAgoCggIBAMsTexhqMHc2CXkVZjFaQVV0p4jUjDvLMshKyxMI/twPv/vO
+g4qRgmaAZ7FUXtjCXN3E1RT40VICRps5zOPkJxMukbNOAKVkSlcvSCEVd51PrA1B
+9QIq3YVCOE/Q503bsDbcX2sSphnME39A2hMOSuRldNK6QsIM7BJccdD7lUcKhDMh
+MNkZ5+bFcxsf+XinkVnT/LyGm4PLjagjXAOCT2adOGboUFhmRo0/vHofR9h5gbrH
+LiGf8BZcX4VK28EhGKoNOKpdspcCIXfzDFFFNVt1cpXBufXTcH8T04kzIeVqN34l
+A/LRF3X/leZ/J5ZjbhSK50kOenP+5gmJ0tkRj0mOeYUNVYs+tz86uhvLuYdABXLe
+aAeVoJrmtuz0E7O2ls6B+ay+hmZGZvl6TnPnZ/y6eMuP7hNNw8AkTWV5ps3sUE7p
+uEMFseN4ABR7RtrK/j/m8BOzOLBaivMzyGIDOiwAjNA76Ab9phdmxvrMPEPDhMKi
+PvYfdbVs0AdrHFkHKGrTSmHorFA42idfbutXTGoWufxv21nlZMSqxn11/nTdFb1j
+6RZBJHYKhD7vnvOcp/SB4BstnTcXX+XWoCwAhNMXJO0BzJbGnpeA1zP+5igXVcXD
+Clrnqa5+2r9hxYKHD+utEzr+hMAabUmx/MZXwhZoXH/I7KDuw54PMK5K0Dn1AgMB
+AAGgADANBgkqhkiG9w0BAQsFAAOCAgEADGP31gIZrnJWcYCeA/Kn7cVK/cpgD7kw
+uYEKid1BUfReAo3+jOKtj6v1LL77D+fl2bHEnAqsNtrLK3XnIRUWGzsaNKL+6oTl
+gTWXexEo61xamz0glLaH2m5eujSzx4XQzMop4itq/ROFkGDbggywxo44NM1yOiaN
+UjDUn7SFp4BhqztGf42pcN7wm/o1vz1LFZ2Penw+YrMlD5za+9l8rrjsly2UUUaI
+JF/2rtGkoEpeAs3sZHl2jeaMmvH/e1FmLqeQBPODnY7n/X9yQ2krwZsn3p+I1ASb
+K2U+0v8eeIjbRcQjNcgCLAktNAq6DV6DYyxsPzNiKwFc0GXLOqO55tg9EDwhobRG
+g5T/zSRdAz7KGdFn1mw2I+qa9SFpN/ozuW0xuQFA8Wj1n0gI4BbCrVxZVRBRqMx6
+ODf291/t0moz1YvaNC78KOgN6z3uLx38UCdnqdvf0RQ+jWRHuL9IfsvtcyNBZrPk
+ScyYRPxAl0Ehpp9t4seShq9hvNFIRAxPqqAoK0BFf9Hh2vM8dXEyiMpfn5N+Xdp5
+FevjfcIxfTYC2Z8u1opCrap8VtG7hD81wDFJYOk/RAU1BJgLDNTLlhvbg6s5ZIoQ
+5V1tTHz6uCeWiR15Uay97bG4FcOE3HI7ZtaLGdsDLhepwhJJIALOYyQiG4sFqc4n
+XEX67mqHSkw=
+-----END CERTIFICATE REQUEST-----
diff --git a/certs/ca/intermediate/index.txt b/certs/ca/intermediate/index.txt
new file mode 100644
index 0000000..057e5c9
--- /dev/null
+++ b/certs/ca/intermediate/index.txt
@@ -0,0 +1,2 @@
+V	250526211508Z		1000	unknown	/C=CH/ST=Vaud/L=Geneva/O=Bibi Ltd/OU=ISC/CN=bibi.ch
+V	250526212217Z		1001	unknown	/C=CH/ST=Vaud/L=Geneva/O=Le Trio Gagnant/OU=ISC/CN=bibi.ch
diff --git a/certs/ca/intermediate/index.txt.attr b/certs/ca/intermediate/index.txt.attr
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/certs/ca/intermediate/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/certs/ca/intermediate/index.txt.attr.old b/certs/ca/intermediate/index.txt.attr.old
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/certs/ca/intermediate/index.txt.attr.old
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/certs/ca/intermediate/index.txt.old b/certs/ca/intermediate/index.txt.old
new file mode 100644
index 0000000..a8304bb
--- /dev/null
+++ b/certs/ca/intermediate/index.txt.old
@@ -0,0 +1 @@
+V	250526211508Z		1000	unknown	/C=CH/ST=Vaud/L=Geneva/O=Bibi Ltd/OU=ISC/CN=bibi.ch
diff --git a/certs/ca/intermediate/newcerts/1000.pem b/certs/ca/intermediate/newcerts/1000.pem
new file mode 100644
index 0000000..90d2fd5
--- /dev/null
+++ b/certs/ca/intermediate/newcerts/1000.pem
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF4zCCA8ugAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwXjELMAkGA1UEBhMCQ0gx
+DTALBgNVBAgMBFZhdWQxGjAYBgNVBAoMEUhvcnNlIFRpbmRlciBTYXJsMQwwCgYD
+VQQLDANJU0MxFjAUBgNVBAMMDWFuZHJld3RhdGUuY2gwHhcNMjQwNTE2MjExNTA4
+WhcNMjUwNTI2MjExNTA4WjBgMQswCQYDVQQGEwJDSDENMAsGA1UECAwEVmF1ZDEP
+MA0GA1UEBwwGR2VuZXZhMREwDwYDVQQKDAhCaWJpIEx0ZDEMMAoGA1UECwwDSVND
+MRAwDgYDVQQDDAdiaWJpLmNoMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEA38PmJ6axMeSC4h4D86Q87q1MPdayA+ud85W8Xv7wBJlEsGu88P3fD27fhBT9
+ynv3uX35237brNYPDQnIA2KS68O4B2Ud5VTISPwwuMRnPBc0+/S8rlKKpk0In1XK
+JsRkBqdwZbOGvYFb2OoHMd0xvyY2gzRklruStYQW6QdRs+NJSgToR0FxZJI76asj
+FMmYHCvk7O+0IxA7211z1nufnDjbMuZCEtdFz3XUUT71SL88TmOtgh7bZTounIG6
+v/SLRG60Mu9qWBP5molpWdG7pR6YoZCxkTKj0mdN/etuBk/0V6FARngooidLCve3
+HqnzEsBMLRPz713pFTH37nZimwIDAQABo4IBpzCCAaMwCQYDVR0TBAIwADARBglg
+hkgBhvhCAQEEBAMCBkAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJhdGVk
+IFNlcnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUR+6PvQJ0W6p0477N8cTiG3sn
+RPwwgZsGA1UdIwSBkzCBkIAU3oBPLObsVihQeVflp9QH2D1EsZOhdKRyMHAxFzAV
+BgNVBAMMDmhvcnNldGluZGVyLmNoMQswCQYDVQQGEwJDSDENMAsGA1UECAwEVmF1
+ZDEPMA0GA1UEBwwGR2VuZXZhMRowGAYDVQQKDBFIb3JzZSBUaW5kZXIgU2FybDEM
+MAoGA1UECwwDSVNDggIQATAOBgNVHQ8BAf8EBAMCBeAwEwYDVR0lBAwwCgYIKwYB
+BQUHAwEwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcDIu
+ZXhhbXBsZS5jb20wNgYDVR0RBC8wLYILZXhhbXBsZS5jb22CD3d3dy5leGFtcGxl
+LmNvbYINbS5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAgEAaAApnGApld+f
+pU1KOkqh4PK25IInORjkjGhIjuzNTJXLLPlNszWi+crBB3Mh31pa30IEit0xGgWf
+HSuUH+S+4EqtGr6IKpYGzR4ka23TvE2274ILFRHWlodk7tFX4kp3HH7ukmar3h7X
+xmv14PzO70EpXQexFbEeA/oLLeA1KPTHbQt4KlW2WOfNfFLGnB2BDL87InUSdef6
+yiG/7qrJ2KkzKqY7iLTz2PGWCEKZN4NvjZjq76bAMO56ljyZ885OaY5+L8JimlJ1
+KPRy5GxTnUiqNNuuZ3D6J0gEglzce6Ln5iYxjmESHJZDGfLmINaA0/icnkQxlbcd
+9r5a7B6aic1XbKJaLPnNQM4xBu03iGMfehl92tDiHpLyIiE5tvXFrJta/km2Mvf7
+OgTvA1Ux0m/HfxCA6l6mEU13fG3iaDXSn7NmqmRcNNmN8RO3jubOpwX4M5ZLHEgb
+44zq/13H/D4xd2BDgq+xIS29VLZxQAo28t+ipKQXFpxsaQ90E0VQAvJueAA6g9JK
+igfBxxNsL+zf1SDMB5PaNTrreomvE/n3h/NhJl+dkiaS5JPG2ruvDgXYzHXOc/WQ
+B5FCv+1I4bPMX5dESIavw1MDZVPT3YDmqyT9yncP7Pzd2p/J7/Kw6sNoXOJjcUr+
+jTdYwVIK5/gSFxKGQ3Cvod06lUZqE7g=
+-----END CERTIFICATE-----
diff --git a/certs/ca/intermediate/newcerts/1001.pem b/certs/ca/intermediate/newcerts/1001.pem
new file mode 100644
index 0000000..f9087cd
--- /dev/null
+++ b/certs/ca/intermediate/newcerts/1001.pem
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF0zCCA7ugAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwXjELMAkGA1UEBhMCQ0gx
+DTALBgNVBAgMBFZhdWQxGjAYBgNVBAoMEUhvcnNlIFRpbmRlciBTYXJsMQwwCgYD
+VQQLDANJU0MxFjAUBgNVBAMMDWFuZHJld3RhdGUuY2gwHhcNMjQwNTE2MjEyMjE3
+WhcNMjUwNTI2MjEyMjE3WjBnMQswCQYDVQQGEwJDSDENMAsGA1UECAwEVmF1ZDEP
+MA0GA1UEBwwGR2VuZXZhMRgwFgYDVQQKDA9MZSBUcmlvIEdhZ25hbnQxDDAKBgNV
+BAsMA0lTQzEQMA4GA1UEAwwHYmliaS5jaDCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAN/D5iemsTHkguIeA/OkPO6tTD3WsgPrnfOVvF7+8ASZRLBrvPD9
+3w9u34QU/cp797l9+dt+26zWDw0JyANikuvDuAdlHeVUyEj8MLjEZzwXNPv0vK5S
+iqZNCJ9VyibEZAancGWzhr2BW9jqBzHdMb8mNoM0ZJa7krWEFukHUbPjSUoE6EdB
+cWSSO+mrIxTJmBwr5OzvtCMQO9tdc9Z7n5w42zLmQhLXRc911FE+9Ui/PE5jrYIe
+22U6LpyBur/0i0RutDLvalgT+ZqJaVnRu6UemKGQsZEyo9JnTf3rbgZP9FehQEZ4
+KKInSwr3tx6p8xLATC0T8+9d6RUx9+52YpsCAwEAAaOCAZAwggGMMAkGA1UdEwQC
+MAAwEQYJYIZIAYb4QgEBBAQDAgZAMDMGCWCGSAGG+EIBDQQmFiRPcGVuU1NMIEdl
+bmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFEfuj70CdFuqdOO+
+zfHE4ht7J0T8MIGbBgNVHSMEgZMwgZCAFN6ATyzm7FYoUHlX5afUB9g9RLGToXSk
+cjBwMRcwFQYDVQQDDA5ob3JzZXRpbmRlci5jaDELMAkGA1UEBhMCQ0gxDTALBgNV
+BAgMBFZhdWQxDzANBgNVBAcMBkdlbmV2YTEaMBgGA1UECgwRSG9yc2UgVGluZGVy
+IFNhcmwxDDAKBgNVBAsMA0lTQ4ICEAEwDgYDVR0PAQH/BAQDAgXgMBMGA1UdJQQM
+MAoGCCsGAQUFBwMBMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDov
+L29jc3AyLmV4YW1wbGUuY29tMB8GA1UdEQQYMBaCB2JpYmkuY2iCC3d3dy5iaWJp
+LmNoMA0GCSqGSIb3DQEBCwUAA4ICAQAVPFEmoxhJShTw/pLzwY6dman9FWUQT9/8
+rPnHimCcgti6KJVWPE+gf7GW+P25bQH2pqNy0BanG/434Ly7QPxEO6ZE4+iz1NIK
+mwdOME7S7YY+fRho0apcW+b84YP39yewSz5vxWI29n3dt6FshUpTNc3MU2qP/93V
+VaiEMqZIO4Z5BwN+pkhOtZdVG3Faxw4/9hKcUOxExGerdxlqNidBtPObE39OQV5t
+mad2xSUq3GJU9ebUwqQbfugQz2+4uQU8cjdWE5sdrFgJuSr+b7gojICMF1NRse7a
+/b9NGm5DLqpNi/6XCmw3qjHoIYzUEO1RTC04BatkondCE4owTFa3P8XOG/u8VTxh
+eu26o/tnrKmmniPoDQDSVodghGJ0QdGoKzzafiUaDZIfRFrQVdp3GcexLYb1FgXq
+FULg0gmELgthBG8xuvSyIPG1GBdJCKG5GUgjSkgr43SR8n1iBEjQUucrluxgTmM2
+H/mFMnqrEF5O8qAE0B2MV52cD1OdNhC/xw7v8fuaY6Rg4dLdSAUpEurKk4OkOYXA
+LhT9jRILji/y1p+SC/HOyXhkJm1ELxULLjbVWYD+qjMkiXXj2ePeFHYFHEkQqsuM
+3hR9b/ouT0xRyLeHgSrePEwY8ohogrSyK2lYvoeFxtFwB75lOODdtgoMXfut8tzt
+REfeuftqrA==
+-----END CERTIFICATE-----
diff --git a/certs/ca/intermediate/openssl.cnf b/certs/ca/intermediate/openssl.cnf
new file mode 100644
index 0000000..520a0a9
--- /dev/null
+++ b/certs/ca/intermediate/openssl.cnf
@@ -0,0 +1,140 @@
+# OpenSSL intermediate CA configuration file.
+# Copy to `/root/ca/intermediate/openssl.cnf`.
+
+[ ca ]
+# `man ca`
+default_ca = CA_default
+
+[ CA_default ]
+# Directory and file locations.
+dir               = /root/ca/intermediate
+certs             = $dir/certs
+crl_dir           = $dir/crl
+new_certs_dir     = $dir/newcerts
+database          = $dir/index.txt
+serial            = $dir/serial
+RANDFILE          = $dir/private/.rand
+
+# The root key and root certificate.
+private_key       = $dir/private/intermediate.key.pem
+certificate       = $dir/certs/intermediate.cert.pem
+
+# For certificate revocation lists.
+crlnumber         = $dir/crlnumber
+crl               = $dir/crl/intermediate.crl.pem
+crl_extensions    = crl_ext
+default_crl_days  = 30
+
+# SHA-1 is deprecated, so use SHA-2 instead.
+default_md        = sha256
+
+name_opt          = ca_default
+cert_opt          = ca_default
+default_days      = 375
+preserve          = no
+policy            = policy_loose
+
+copy_extensions   = copy
+
+[ policy_strict ]
+# The root CA should only sign intermediate certificates that match.
+# See the POLICY FORMAT section of `man ca`.
+countryName             = match
+stateOrProvinceName     = match
+organizationName        = match
+organizationalUnitName  = optional
+commonName              = supplied
+emailAddress            = optional
+
+[ policy_loose ]
+# Allow the intermediate CA to sign a more diverse range of certificates.
+# See the POLICY FORMAT section of the `ca` man page.
+countryName             = optional
+stateOrProvinceName     = optional
+localityName            = optional
+organizationName        = optional
+organizationalUnitName  = optional
+commonName              = supplied
+emailAddress            = optional
+
+[ req ]
+# Options for the `req` tool (`man req`).
+default_bits        = 2048
+distinguished_name  = req_distinguished_name
+string_mask         = utf8only
+
+# SHA-1 is deprecated, so use SHA-2 instead.
+default_md          = sha256
+
+# Extension to add when the -x509 option is used.
+x509_extensions     = v3_ca
+
+[ req_distinguished_name ]
+# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
+commonName                      = Common Name
+countryName                     = Country Name (2 letter code)
+stateOrProvinceName             = State or Province Name
+localityName                    = Locality Name
+0.organizationName              = Organization Name
+organizationalUnitName          = Organizational Unit Name
+emailAddress                    = Email Address
+
+# Optionally, specify some defaults.
+countryName_default             = XX
+stateOrProvinceName_default     = MyState
+localityName_default            =
+0.organizationName_default      = MyOrg
+organizationalUnitName_default  =
+emailAddress_default            =
+
+[ v3_ca ]
+# Extensions for a typical CA (`man x509v3_config`).
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+
+[ v3_intermediate_ca ]
+# Extensions for a typical intermediate CA (`man x509v3_config`).
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true, pathlen:0
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+
+[ usr_cert ]
+# Extensions for client certificates (`man x509v3_config`).
+basicConstraints = CA:FALSE
+nsCertType = client, email
+nsComment = "OpenSSL Generated Client Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
+extendedKeyUsage = clientAuth, emailProtection
+
+[ server_cert ]
+# Extensions for server certificates (`man x509v3_config`).
+basicConstraints = CA:FALSE
+nsCertType = server
+nsComment = "OpenSSL Generated Server Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth
+authorityInfoAccess = OCSP;URI:http://ocsp2.example.com
+subjectAltName = @alt_names
+
+[ alt_names ]
+DNS.1 = bibi.ch
+DNS.2 = www.bibi.ch
+
+[ crl_ext ]
+# Extension for CRLs (`man x509v3_config`).
+authorityKeyIdentifier=keyid:always
+
+[ ocsp ]
+# Extension for OCSP signing certificates (`man ocsp`).
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer
+keyUsage = critical, digitalSignature
+extendedKeyUsage = critical, OCSPSigning
diff --git a/certs/ca/intermediate/private/andrewtate.ch.key.pem b/certs/ca/intermediate/private/andrewtate.ch.key.pem
new file mode 100644
index 0000000..ceead37
--- /dev/null
+++ b/certs/ca/intermediate/private/andrewtate.ch.key.pem
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIqF2NBi+pu58CAggA
+MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBDbok3NnAfXZLsOF/GxMYMXBIIE
+0BfhpIrOAkXK36p8q+u6Kin/f7fCtjv1Vcfh5eb+CUIJyJokIV0Bk7SlkOK5eJxb
+Q8n05WuMjZbplnedXW5jQ2+eetRp8YI4GWLxycJiWTSmZtR4J99gdW2CLZL5MYm3
+By3z7hcD6OvSTlLD1UxSbCtucqfH6IBr1xy4T+d00q6dZbsg15MyUDgm5dU3C6d+
+6GZGlrVrIY8mTHO4HTbSappMS/cJ6mwT2ABWe76aetT1GszzBPxUE/ohpXT11qdd
+5HHSeu5jv4k+hX/7uwf8Izettx9fxQFNhhZ0HfDmEN7mvFwDrTtHaq81ypQfUnFd
+omqyQdsj8FYSTUJ4G/4mk1tV4OVoPMOaNW7SVRxEz8Euwsl2hOw+ysJvcPYcsGqm
+ZVuUZLshIfL2sgtXaRu/kMAsR8o4rl2C7WV4EFJe7YvFjV2hV21zUVSno3Gyy0bS
+By4w+RA2vjOkT5twutTcueAhBQuJPDk5DTGoxdZ2mcY0lNTN0KXGLakSbwOxJ90E
+uDbcdnTMwCjTLqsvyITe0FRQry8ekKmcVnsYTxtjLHVB6tn0q4srWFCkS0F6g917
+s2oCBTzEAmxtfkRoTXeQSJnP/36LXN1W9jhd6Gd5km8+OfA/dGEBofggTznOHhhX
+As8qrgFsuLuMDMABeVcliqDx9e51NzNPEBhYb4X0iZhIsIn0MuHez/ywQyjX8mHV
+/atsCnUfDv+D6JspaCLIeGY48IvicCVnTubJHp4Yc4pA7Cj/7/9OZk8e9IuyBUxk
+yaKRpqiAZ/EDUSTVYuN2YCLICWFJHVZE+uYqwwuneQvYJHn8pduXeZWHKMOseFF4
+zNoZypW3uLcoQ9ACbsaOOfBSof1T/4KoKXarSnK+lmRa4ZdnwFRKBAH8LLWuvTp9
+4X1GSHapMWIy2kFJBw/CEZvSrYHNehQcXfZLX2wioKHgcLbWYl8+wbLTUjXnTrbn
+yFdbDERNHvyNTYIlEMG6G/S3C3ME/M6ZKxMc8McDOufwkonnsM6rP8Fov+9aBvFN
+1pdV35Z1qUP2g4Es+4mb63Vu864/ixFW3j0JotYdPUQFJKGmKZOmNA9r57EcpCqo
+C4/b6S0Mvt+ra1HtCVobtqZ5y8JJKw2Jd7He9SP6LFoKcCOP741wJp2/NRb1e2Qr
+/IKsLsD2wjq/FDeUYs6/4SpJqt14h9Tv2v0J4RnLP7LWhClfuQZbyfx7IJdliRqv
+HbxDG6TNsWqa2rnQsOz3jQlcJaN7wLrEUxwPlFLZqeJc6KEcz3n0HMrPrY0XvXS2
+2z/Ogb0/gQHZyD8klBACFJXcVxGMEZcyyoYDyzoviZnZLTWbab/SFrFr+qf+uvcv
+U44A4t/a491U/jK6889EiZRfXwjPCSxhod6kb7oVqr6SBWLo+khpCy2fc1gXqwZC
+tH5rt1hkEi6z+GfsP77DLcYVTsnvcMz5Qhhx/kYs6qVY4jWRAkLmRWigPKNjdcc6
+kXuMSA56kwDc5g33gCLrxWiEnL7K5akGVLCRf/y8xx9En0/xFyQiiffxMq1H4YhE
+sFn1f6h1GlIkuPBlTTrlSGNsU7bPpVr5preXnUSK8SnkykKv41IPGkXVp33DuKm6
+pZbRntTOKyOeVM330FXLm9dQyjvbpBwrMt7L5YJ9RlJG
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/certs/ca/intermediate/private/intermediate.key.pem b/certs/ca/intermediate/private/intermediate.key.pem
new file mode 100644
index 0000000..00ed457
--- /dev/null
+++ b/certs/ca/intermediate/private/intermediate.key.pem
@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJrTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIH0AiSZyP8mcCAggA
+MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBBoM13Kf43LEMshMB8UfJLOBIIJ
+UNTpY/m8yiynjAZtUF2UGPqUBdrynI0bO/+MxUbm+bg8+0dJjLTvzNJl1Nlj2RFY
+sthE5Dwr0oFVTADIku1gEDOwmieDeLcYx7gCyFDwYNAOlrQt2ocFJVHSbIEqRg9b
+krNJWnRBNfuB5eVsW0xpZ+fPdtPaYJ3OgGODmGMBPZi4lBHt7r0xuUFD7SjQKtiV
+QihdohKHolWXqflszGGSmzdPJNnqP+6bwJMvqsCVBhR3rlOhSRGTuSx6qKEYBFym
+kgqL4z8bZcIjjj0vV/XfpqPNfsFi90fJ+xg9zmNVPa5tPIj/4BtuKUnItH/69XFj
+/FZrolCelfAbb5GcaZPATlX5N8673BB6EdWCc8WpCaK2n57qW5jRcrPfMkT6vRb4
+zOigLgzPyPk1JOOKxO7HNuIMuS7VaAyNQZabz8QC9CD/xtLDJtdDGvO4F0kb2Tjn
+C0KTg1iN16B2bpBtmZA91ozpTdqObM7boRVQqgaw7TZxBLKql4XRdr+tlbeoykEg
+MkypwZ2tj6DVWUGbmcUrESKgddL2cPo5/GxYpbG7Js57z/Ok4gBkcVG9X/aiCi2z
+pqJGtEOyHOgHGLvcBQeHUWhNxLKSlwawpW4So85XWwQnxOJxJ9pDWYHzvpixwfcc
+RXLx5zL18fcZmLr3NSnaVfPaCXANDtbwC6lHQY1z0Y9zxXni+yQOt6YAWcaf+lMw
+mVPxZzTAOnNdPM7r+b2LdSFy8vbUQeiZMQaXuSIZAzm5Ogr53TkM610bMcbVorse
+PL/tR3CwYApncD3qMDsXLWkfNl5phhOgT5yDZATQwWTJGd3WO6co5bhPmlHWJqTT
+XBEJHAh8o4A6zeIfRZwDk3pzEyASbGezLBU6+hZC77v1Hl4chjtu03VhFqqgRKOg
+dIfJigknIYC/Z3NqKZUQNQlWiqyUYLg22XM7pHwAcB+Jo14ewQzGbYuLzNYCpVwm
+j7hABzR2QCoTOsfBQKHmwrzfs5XsOkQ7VIEZSl0mjBMoo3OEtxoZK7CTRb/Oakft
+/y0jIZao2mim0/+naWKI7iY9jyW8bj3LhzI4brnH1HGY/D5IbqQs9Upw98eWBDoh
+m4u/ljygdaqN7a2Qji5Io0tKYCcZJ9aItQlDMeV+jVEFZNml6mpwD9isD2gthRZM
+kzZ6NwDZ2kmNPH0+XMDeRC6+WyKKcJumZVk1qQPcajt0UhiE5/RoHcWnFEqsa2iY
+IglqxyMRYtJ2+WqM9uX8YMArmVwHRZyMvYrakaK62ZQcUd350na3N2G5Hb2BFlzb
+nSCsafd9OP2xqnswwOjOriiVT6rBb5e0MLWUxraSA++QBY0rlZEmhsRRo3eBz6+N
+EpKarkeXD4q1de8Xd38HbDNgugnKO+IaP89543pFAJymz2MbjDD6N8Yzr1hkM4wF
+wP2LGcXhiHB67G5JuDRtxLCAVorMv9Xltp+HgVWlYiSbslpvc0J6QhUvRn6qkC5K
+ETLPyLKxGuaBamymOi2lrNkLU5RiEiMPkAu62iv4aydHp22QAQ16A1FmVW8KM+wk
+XmjRhbT+HJuNgK+7u1M5yXOljJFlvc7I7mo6rQTgMH3BZA2jXPKdr4XNPQa8DpEk
+4ymvIsdnJbAmyx6SnwKZmJ4UmN6cRmiC6cAkST2rNsJE+KIaIFFem1sOX5Qbtmpq
+CmZxJ9hitvAo0uY+PgF3xmOAnNiIIe0RFHKFpeGa6jmHDFl63myjEvaEoIOqtQYn
+NZNmtI2Er4fuonr/KUqsY4MN7pUwbtkE5OtCOlRU8nl2cXu2agXImMSCQcXTqNmZ
+6YY5jJQvo1po8Wkf0DCDgqPy1yBHKgcVJhxaE0eOnrAi7GxwG455777ujK4GjGu/
+CqpRCRh027Cn5JJILns+N8QDvXxiVUPz9I3KSP12iITl0ckpNtUQw+HPr+Zqv4Bj
+2M9OluRmtOstH9PCor1rnQSVnGs6az3Nc23VnLc0noTT6ugg9sPSrqbVtACaeip9
+aJGQ3UfOmNjtxH/J0TMvl01K4iPabU3Y++/4/Tc+BjraGxf2ocFdieEQ/sY0mEnE
+wFlEC1D1UgcASgc5E/Ti11phRe8HWDID/AhOf3tP4e7H6jn1VIeiMOW55RmxoUpA
+xH8L84RVZKyN7+CoUQViBfD/IPQYgEu4Ll8SJRYyOUELIpSUDVpMCeOVqEr7nU+y
+vPIUNK9mTpX1Juh4xQBDEI6nrZaI+ZOBAikoUIQ0H+sO/azmxg5yl45aDW5d9le1
+WcR731ceDysWkoTaZ8t0/1dpjWLYXp6oIpR8MFTKsu94UJaFECK4FBixqs74oSZ3
+KY0B5enXbVG6XUyUCjn7qskIW8TTh3m9XfpStH92YmipUwxsTGIEDKSeFO3W3XyP
+EvFafFiKIjVCNU21u6zAoLk9fyGR9/hf9xgcPGQlvisuQ6Rd89/YdCUDrr3YNjHU
+w9yV2J19XqtenfR6Hm32DXc6ZtGMw8VIimbkEYINhmjuf2/vuII34rCjKW4vfJUJ
+nflLz/WIUFqUBP2Bw4K7KnqvPvFhnZJN/7dEmw3sG8VTAJ+Bi6s8vyrEHfsYqqV1
+CWZ//2wdJCdz0sRnn4EhjiVhMB6LV2KTy7eY8AM5x8XgzJHH2I9m5Yh9rLLR9OYa
+5SjQOSquTHGTF4Q36A+q2MUTHH57zz8GXaEa56eINjYabT1L77BPBcrLm/YQezcx
+Da0hMee61S7d/e24/N6ppWqRUdpPnRRnEw/SJ12GU656aNMjjsV+Aesbh1L3zjwf
+MDWLb/5f6QMKfUpkFvekF5ko1X26/ustTcTt5qxKEkSV0EqnfxNhdjWMGur2M6ZK
+AxQ71Z0CjXQPt6pOyOHZB38k6OEaZ6H1G9TUHPKnu71Yur5wDRrGMyLXb/82s55L
+CoLN49YfZ1gezLrodRFibtaW66bxE7CpvuvaRf7mi7Zh5YkvkZUlOGD0Pa7fzzIC
+EIgBg55b/L3LDjWBOce6CTE39CCs2ea2xdboQX3C3bUGAKGTpdV5fiBOe8wnarU7
+OFwzCJX0mvsGX8MDHcu0uPv5aVgaONkYOsY+LN8VZkCUh9qXzDZo3oTDB3pYZHju
+/oqqOJI4L8hlLi094Y6l4FF1P/XDcZRoET9DwTK8SZKywWSX6duiAllV5fq3Fi4/
+x3xduIbx5pUQaZlcqRdhhtki8BzKYHfZBj0nv3F0q6Qp
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/certs/ca/intermediate/serial b/certs/ca/intermediate/serial
new file mode 100644
index 0000000..7d802a3
--- /dev/null
+++ b/certs/ca/intermediate/serial
@@ -0,0 +1 @@
+1002
diff --git a/certs/ca/intermediate/serial.old b/certs/ca/intermediate/serial.old
new file mode 100644
index 0000000..dd11724
--- /dev/null
+++ b/certs/ca/intermediate/serial.old
@@ -0,0 +1 @@
+1001
diff --git a/certs/ca/newcerts/1000.pem b/certs/ca/newcerts/1000.pem
new file mode 100644
index 0000000..9b25050
--- /dev/null
+++ b/certs/ca/newcerts/1000.pem
@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFsTCCA5mgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwcDEXMBUGA1UEAwwOaG9y
+c2V0aW5kZXIuY2gxCzAJBgNVBAYTAkNIMQ0wCwYDVQQIDARWYXVkMQ8wDQYDVQQH
+DAZHZW5ldmExGjAYBgNVBAoMEUhvcnNlIFRpbmRlciBTYXJsMQwwCgYDVQQLDANJ
+U0MwHhcNMjQwNTE2MjA0NTMwWhcNMzQwNTE0MjA0NTMwWjBfMQswCQYDVQQGEwJD
+SDENMAsGA1UECAwEVmF1ZDEaMBgGA1UECgwRSG9yc2UgVGluZGVyIFNhcmwxDDAK
+BgNVBAsMA0lTQzEXMBUGA1UEAwwOaG9yc2V0aW5kZXIuY2gwggIiMA0GCSqGSIb3
+DQEBAQUAA4ICDwAwggIKAoICAQDLE3sYajB3Ngl5FWYxWkFVdKeI1Iw7yzLISssT
+CP7cD7/7zoOKkYJmgGexVF7YwlzdxNUU+NFSAkabOczj5CcTLpGzTgClZEpXL0gh
+FXedT6wNQfUCKt2FQjhP0OdN27A23F9rEqYZzBN/QNoTDkrkZXTSukLCDOwSXHHQ
++5VHCoQzITDZGefmxXMbH/l4p5FZ0/y8hpuDy42oI1wDgk9mnThm6FBYZkaNP7x6
+H0fYeYG6xy4hn/AWXF+FStvBIRiqDTiqXbKXAiF38wxRRTVbdXKVwbn103B/E9OJ
+MyHlajd+JQPy0Rd1/5XmfyeWY24UiudJDnpz/uYJidLZEY9JjnmFDVWLPrc/Orob
+y7mHQAVy3mgHlaCa5rbs9BOztpbOgfmsvoZmRmb5ek5z52f8unjLj+4TTcPAJE1l
+eabN7FBO6bhDBbHjeAAUe0bayv4/5vATsziwWorzM8hiAzosAIzQO+gG/aYXZsb6
+zDxDw4TCoj72H3W1bNAHaxxZByhq00ph6KxQONonX27rV0xqFrn8b9tZ5WTEqsZ9
+df503RW9Y+kWQSR2CoQ+757znKf0geAbLZ03F1/l1qAsAITTFyTtAcyWxp6XgNcz
+/uYoF1XFwwpa56muftq/YcWChw/rrRM6/oTAGm1JsfzGV8IWaFx/yOyg7sOeDzCu
+StA59QIDAQABo2YwZDAdBgNVHQ4EFgQU3oBPLObsVihQeVflp9QH2D1EsZMwHwYD
+VR0jBBgwFoAUQVvImvuKjYpibo2RnDpgILtZgc8wEgYDVR0TAQH/BAgwBgEB/wIB
+ADAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBAG88SXEVK4ahRcKb
+t0goUDifUPQkWByV1KKL3fWUgLQdSE+1+zB320NkRV3yipTc+0G4WR03aw6nd3+O
+veBO9ugHG6t2TMsM7QsuZ5ixcB6Upt5hFosDMZGMylFDW2dJOfNbGeU7CGMIs5OM
+NQU23PspFQbT9gLzgQE01OJvWmi00ljxhtj7opGPaQZhy6OnSMxZrOEmantxZdo9
+za6LZ7c8H/fwYVXOAtbx/gnPIpzCSSNJY4aY+B14sJoStD1B5Rc7BgLiNWwKE+dg
+fy/vwiP9erZE6R4Fpj/ifm/DxE2kP4T0juyz0IZMyO3VvUFdkXoVkiFF4u7feUtq
+PTNJUkjS5bSL9RaM+6lI3DReSbw/g4aT7CDvCKd/GbhUWQhZrNGOvWFh5GS0LjHI
+FFScK0gAmOihuNNGQdSmql1Roz4cnqXArF3S4Jnf7pYsq4hD7ZdtuWzjdppKV17u
+95TChvjbkYbfLLMIb/he5jArNKpjw8EPhQ3Ds0mce9HoFtY1NugJAd7AZ4pePT5e
+Oy3rLUMRerwrwpz1F2ds05zj2SMaEPQkXj1LxSLclRZvx4no+quIgU44FgqlrULf
+gVtiM9tq+MVms+gj0b4ShJreoaKdDFa3RDyOUFSsk5vOQSMx9hw+Z1s5QrC28SU/
+m4nyzgO03eH4rgFALzMnbrhF0hrm
+-----END CERTIFICATE-----
diff --git a/certs/ca/newcerts/1001.pem b/certs/ca/newcerts/1001.pem
new file mode 100644
index 0000000..0e1c564
--- /dev/null
+++ b/certs/ca/newcerts/1001.pem
@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFsDCCA5igAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwcDEXMBUGA1UEAwwOaG9y
+c2V0aW5kZXIuY2gxCzAJBgNVBAYTAkNIMQ0wCwYDVQQIDARWYXVkMQ8wDQYDVQQH
+DAZHZW5ldmExGjAYBgNVBAoMEUhvcnNlIFRpbmRlciBTYXJsMQwwCgYDVQQLDANJ
+U0MwHhcNMjQwNTE2MjA1ODMwWhcNMzQwNTE0MjA1ODMwWjBeMQswCQYDVQQGEwJD
+SDENMAsGA1UECAwEVmF1ZDEaMBgGA1UECgwRSG9yc2UgVGluZGVyIFNhcmwxDDAK
+BgNVBAsMA0lTQzEWMBQGA1UEAwwNYW5kcmV3dGF0ZS5jaDCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBAMsTexhqMHc2CXkVZjFaQVV0p4jUjDvLMshKyxMI
+/twPv/vOg4qRgmaAZ7FUXtjCXN3E1RT40VICRps5zOPkJxMukbNOAKVkSlcvSCEV
+d51PrA1B9QIq3YVCOE/Q503bsDbcX2sSphnME39A2hMOSuRldNK6QsIM7BJccdD7
+lUcKhDMhMNkZ5+bFcxsf+XinkVnT/LyGm4PLjagjXAOCT2adOGboUFhmRo0/vHof
+R9h5gbrHLiGf8BZcX4VK28EhGKoNOKpdspcCIXfzDFFFNVt1cpXBufXTcH8T04kz
+IeVqN34lA/LRF3X/leZ/J5ZjbhSK50kOenP+5gmJ0tkRj0mOeYUNVYs+tz86uhvL
+uYdABXLeaAeVoJrmtuz0E7O2ls6B+ay+hmZGZvl6TnPnZ/y6eMuP7hNNw8AkTWV5
+ps3sUE7puEMFseN4ABR7RtrK/j/m8BOzOLBaivMzyGIDOiwAjNA76Ab9phdmxvrM
+PEPDhMKiPvYfdbVs0AdrHFkHKGrTSmHorFA42idfbutXTGoWufxv21nlZMSqxn11
+/nTdFb1j6RZBJHYKhD7vnvOcp/SB4BstnTcXX+XWoCwAhNMXJO0BzJbGnpeA1zP+
+5igXVcXDClrnqa5+2r9hxYKHD+utEzr+hMAabUmx/MZXwhZoXH/I7KDuw54PMK5K
+0Dn1AgMBAAGjZjBkMB0GA1UdDgQWBBTegE8s5uxWKFB5V+Wn1AfYPUSxkzAfBgNV
+HSMEGDAWgBRBW8ia+4qNimJujZGcOmAgu1mBzzASBgNVHRMBAf8ECDAGAQH/AgEA
+MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAL/Q91IV5UoQamfVe
+wg3Wx1dWJw3e7fxZpXAF2GkGgIqsmMZdscU8AQ3eMPriDQcqW0mcSohKl8gN6pvY
+bPqbfrzrZV7LVc/5O0JcWAD1oIJceKLZ2DSaAzPHvz9N0qC9YIDnw8wN1AfqK4OC
+UbTheKVHotYT8S13dAY/asVLpTf8xlvngt3RObe3U6KyO81pGmM/HHRuPMum/fV0
+iHtasCQ4hUZ/+x2wwngnm+yxfcDJaLDJ9IUhQZQwiw27OChh+MLrlkqmzxfntMjv
+/kCImH4T2X3c6czJ56qpLsv7wRDAxsNjJtCasXkXBl+RNvSCer3G3SPB/yl30bUf
+C/OBfJyuGs5H7DdUJ39d0MUK4YC+b7t6YH+dEAD6HZBP2tzmEGcREAtQV+5e5KJD
+KA9AitzuQ18MNJrBTj03qDFi3xhbuykYtKZzVWQRq/MyvxuzJFc59rqhMqp++p/R
+Oj7wv0A6/P+fbUm1FlEiREKFF6ejcJWCP0SdJIlv8ZiTkdg8UGFM0dGed5hXQvww
+nZZhfxOo+NIil1BoGfZZ38qbUNdK2kMxnrTdqgFX53Hz9xqjXTn43FMS+CJRZxVP
+o45dAtQbKOkKStVAWC9cXvzAS4st/hdlC5EkbzsZUXArRjTJ0A633YkDTu6OshKH
+lJDwQc1G93zhyDVJDfMWSf1rg78=
+-----END CERTIFICATE-----
diff --git a/certs/ca/openssl.cnf b/certs/ca/openssl.cnf
new file mode 100644
index 0000000..41cf9f3
--- /dev/null
+++ b/certs/ca/openssl.cnf
@@ -0,0 +1,132 @@
+# OpenSSL root CA configuration file.
+# Copy to `/root/ca/openssl.cnf`.
+
+[ ca ]
+# `man ca`
+default_ca = CA_default
+
+[ CA_default ]
+# Directory and file locations.
+dir               = /root/ca
+certs             = $dir/certs
+crl_dir           = $dir/crl
+new_certs_dir     = $dir/newcerts
+database          = $dir/index.txt
+serial            = $dir/serial
+RANDFILE          = $dir/private/.rand
+
+# The root key and root certificate.
+private_key       = $dir/private/ca.key.pem
+certificate       = $dir/certs/ca.cert.pem
+
+# For certificate revocation lists.
+crlnumber         = $dir/crlnumber
+crl               = $dir/crl/ca.crl.pem
+crl_extensions    = crl_ext
+default_crl_days  = 30
+
+# SHA-1 is deprecated, so use SHA-2 instead.
+default_md        = sha256
+
+name_opt          = ca_default
+cert_opt          = ca_default
+default_days      = 375
+preserve          = no
+policy            = policy_strict
+
+[ policy_strict ]
+# The root CA should only sign intermediate certificates that match.
+# See the POLICY FORMAT section of `man ca`.
+countryName             = match
+stateOrProvinceName     = match
+organizationName        = match
+organizationalUnitName  = optional
+commonName              = supplied
+emailAddress            = optional
+
+[ policy_loose ]
+# Allow the intermediate CA to sign a more diverse range of certificates.
+# See the POLICY FORMAT section of the `ca` man page.
+countryName             = optional
+stateOrProvinceName     = optional
+localityName            = optional
+organizationName        = optional
+organizationalUnitName  = optional
+commonName              = supplied
+emailAddress            = optional
+
+[ req ]
+# Options for the `req` tool (`man req`).
+default_bits        = 2048
+distinguished_name  = req_distinguished_name
+string_mask         = utf8only
+
+# SHA-1 is deprecated, so use SHA-2 instead.
+default_md          = sha256
+
+# Extension to add when the -x509 option is used.
+x509_extensions     = v3_ca
+
+[ req_distinguished_name ]
+# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
+commonName                      = Common Name
+countryName                     = Country Name (2 letter code)
+stateOrProvinceName             = State or Province Name
+localityName                    = Locality Name
+0.organizationName              = Organization Name
+organizationalUnitName          = Organizational Unit Name
+emailAddress                    = Email Address
+
+# Optionally, specify some defaults.
+countryName_default             = XX
+stateOrProvinceName_default     = MyState
+localityName_default            =
+0.organizationName_default      = MyOrg
+organizationalUnitName_default  =
+emailAddress_default            =
+
+[ v3_ca ]
+# Extensions for a typical CA (`man x509v3_config`).
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+
+[ v3_intermediate_ca ]
+# Extensions for a typical intermediate CA (`man x509v3_config`).
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true, pathlen:0
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+
+[ usr_cert ]
+# Extensions for client certificates (`man x509v3_config`).
+basicConstraints = CA:FALSE
+nsCertType = client, email
+nsComment = "OpenSSL Generated Client Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
+extendedKeyUsage = clientAuth, emailProtection
+
+[ server_cert ]
+# Extensions for server certificates (`man x509v3_config`).
+basicConstraints = CA:FALSE
+nsCertType = server
+nsComment = "OpenSSL Generated Server Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth
+
+[ crl_ext ]
+# Extension for CRLs (`man x509v3_config`).
+authorityKeyIdentifier=keyid:always
+
+[ ocsp ]
+# Extension for OCSP signing certificates (`man ocsp`).
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer
+keyUsage = critical, digitalSignature
+extendedKeyUsage = critical, OCSPSigning
diff --git a/certs/ca/private/ca.key.pem b/certs/ca/private/ca.key.pem
new file mode 100644
index 0000000..4f9edfe
--- /dev/null
+++ b/certs/ca/private/ca.key.pem
@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJrTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQI9YmgqJcpc5cCAggA
+MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBBxaUE3Gj6D8Jz9H0zGG6/tBIIJ
+UONiUMPxfxJaj8yyQRXqNoBktoILklo6C+EiYxuWH4HbnRN/Ul3Cr1cZRJkV7fAL
+onp2NU5iYs2kqq3wOZcABN7rZNT/pxFUwrsjenCs8r19WtA/SNRY/slHmYZJ23ZG
+LOIn6Hx/jdO5QxsWRWP+nCcZZDcSVdOk/SE+/ynVt49e0bjPQVbnuCp085dsXxsg
+Am0xkryUYuBP3ZdkkBJNleKXCjRYZQUsvfWGb2hVv0zDKhhVirpeQuxE8um/XFBj
+uqik2WCXMZXMPdtAznyo6tl82IhA2/9RYbkV+Pd+FAT+wcU7kFA7OUrteYrcYkXS
+ipEGIS9p4k6CjXgNiKOdPi9LKNg+G01GmGXWsKBYR0zk4JVSPg609NZFspFq4O+/
+3G5xU4XnefKL2uOvMqCJCNd32v3oQtmju3tl9lhYH+8AOt7qnlXosyZzn7Z8N+BJ
+QnSDwgjljBOQEqRrqzCJo9p4HcTvoWzrBjrA2O/l6GhRtZliM4sU40f414dUynh/
+gncLyWSx779dgRx/yQuQHCms7Ck5lSwQTCvSz6XHTz/yWaN96OmE9XWIyLqgEB31
+m3O4rMpGMHxfzjUJbSMg+WTFRDF5MSZzd73XZs54Nm5MOMRuWjzCcPndEmL5j0cB
+sJHv5H4dZXzJl2DiGeDVJhpzFRQgWo3IT7RsSIkHSUsxID7V+yYR+k+pJYpV1890
+2tzeuG5sdzseFr9+FekxnDBLmfjt/spoqSh2+fBf1KlZCa3ZlNAbewTK+/uc6bSn
+bzE5xdL0QKMCyB4c7suh5UUZ2xQuZszbshlyyw5xJvXfZVNI9h/sxfmn6gTDjX2W
+kSvNVbIdlmQrGXPnUR5n8C6jE1Hs8fdbUi2jOwWQiev8J73dHa5PQ7zOuDA6AyBI
+Lwthezb9gyIMMnVW6+2HAgCiZ4G0HwquF1Ye9G0vnphF8+i44QckghTqukUzM+sq
+8Q5W+xP7GrO9pgLbR6TmZrCvy92txfdEN7DNpdrvYYg4lCzlPnXvhYVWTW2sGPM/
+TONcmNd4ikzeLTkm1j2PAVJn2rak0feNo3fP3Gum5TglR/zBhRewyx5FFTX2xDKR
+nSkLfqd698tF1P3RTb0uA7cu/PwhQHqB1mD1v95jzX37Hq7lnJ+zWaqYfy3RE8BL
+oLncy7k2LMSfN/xC3+qY3NS7D+F946cRwF3IOFENTmMlkLHtlUdxwjVOl1sSTnHr
+DSgNdIv+K2mA8Ejrqof/obDMQNgSp07Ei2Jrtg/wpr95Y9i7MoF4wIxnVjy1LP/e
+fNhUwybef4ZjDLGl97E6gXdJXabWTWBzFU+GJ+lD9n0f/9x0wSbZMy/A4KV1e9Ej
+9xQY96OApJsnpvGIdomVr4D+Z00WL/L18KdZaIziT/qXQcNQSNdSUOpoyVJtElR2
+x+16b6RoC7hIIwh9Lj0FYBAJGaK2DVvqMFC7i4b/zN0F04jzE4YHYBIY6hrUa4SR
+Hc70FJTNMgsr9xsEOstcuXpjac5mmMGI0pxsLDmSemgPUw6xjPF3vL297f5rnRvg
+2PH9S1Rw47VOss2gARXd26In0ZVFjQ2lwIbsm3GhOt34vnqOpuzIFi0xeDVilI+o
+Lv+AyfVTPIk6ZJ3UaYjN1CNWrViR+VRcKpVV70nt+Z3coudycWpK01FTQPsq5xzk
+QC7tcO2EVZDTckAUK+dCgDlIMSaEr7zLiCuBGXPbkaaYGLers6t2iQW95m8Ddeym
+i1GtDog6clfzRt8spNl4lTfoeiaR1Dq2CnRktLxgqA0WlORcVOWTQ7l+tIGTM0Mo
+rtBGvUso56frBwkkKyDLhGGomj8ezSie4K+5pjXC9ucfL1rMOs38TjIhj9GlqY7T
+31cjp+35h0FQ54RgvBO7T0Vr2b8eiXgAwPdHIcQAH2yp5GU65iat2JyvvIZJgm0n
+AYkpsXfXzYiowEp8kiPhFiS2JOVgr0afcu31zgwQvvz6W/SMiyTGwxYlRdwfG8PC
+azqKEr0RO2I+6MWtP8sU7ijFiy30xGglUJlqyOg9cFDAedOeW+uqslCflDkrTnyu
+JXlnMsZcwURDRu1w/HrZSBxfwwul76bLlMcj0ss+kZj8/BGm6LSJQwFTFwgwARc2
+pyEIcZ58tlfWDGJsoXX77wnNf1MUFGW69frcCywbrqRjXuhsRNcZfWj9Cx63N3i9
+IYhmy4hxFMcI5pSTgpkg0LECxl7OUudbAUlkyjRmQHaqN3+eotNRnUkek9CXIl3i
+89+iOTYIBlL8xaNCyyDijP4IZzOuVUMqOtNX7jio4v/ORDPtIwJR6HLWrqmSZOIX
+e/KvbdqAWtThcjsFh4ysvKNMPlXuBLRThRT37gGfRcyAmaBXsO6NuFhmdArUP19y
+kxCdQErPrxE+9eQTgDFc/fZ3A7+YMtFaipXcA5JiGJuF4Ezyvp8C/zFe3DAEdEyd
+C7JKlxy3uK9JGEoenX237yNwjhYluqgwSlxuEDvGr10cyLttirzgYDEmYYK0AAyi
+i39znPQuwwCneiqAmlQ20cV3ToOIeAhNS0KfvkcWaXWJPOI/M4uGhF9DioojrGWf
+Az825TTYZcx2PH2F25sQex0NJih4WypRSITDoA+RA7uQIyoaLL8/4OCZG+izNWMm
+HtZz7XL+fTYKJdRbxPd3VgZcNMQk+ir1kIsaCJkTQWc6me0Rh9dbfwwi7GZzGQJo
+GTZllCI5/mLVvQe4ujc/9NtRIazWEimEiHMblNTrVvGbHX7rHly47ILnls2V0+md
+ADSsAiN9UTxDTdH+0xnPWUFhaNrY9XBHH3FBaqL1itnN1U/NdELN6MDkX93HPhVK
+pdDmffg3sccoA8gZRxCZAfI2SJSFh9LYHY8B/ZYNFNGwf/d36kvnPqL+OLAdYI4q
+DbyAhhMXDA+2xLS9+gDOC65zT8luKXPKtTZud0VntO2eRlRDdHmJMH+SP2Uk2rST
+YSZ8YYqd30mnQchxnJugxdwPPMbtQhpoxz2puNmR+HDJqkM+cYKK6I3l4BkqI1aZ
+wk8BA6jNdNeaJULT62DHRD3XIUfjFOJmf/q/nstKVb22sgfqKUG5wangV3RU4Z5F
+rQUOYGbmzRpfctH2YpCOdU+Ay46hOoKqeC/ymlyqaCTZMdtL1hg++kyrrzbb80NF
+Qhg10RH1+skcs0kFXmhntEAMdtfyiRUSrsvn/bGSKdjx
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/certs/ca/serial b/certs/ca/serial
new file mode 100644
index 0000000..7d802a3
--- /dev/null
+++ b/certs/ca/serial
@@ -0,0 +1 @@
+1002
diff --git a/certs/ca/serial.old b/certs/ca/serial.old
new file mode 100644
index 0000000..dd11724
--- /dev/null
+++ b/certs/ca/serial.old
@@ -0,0 +1 @@
+1001
diff --git a/full_chain.pem b/full_chain.pem
new file mode 100644
index 0000000..3f17259
--- /dev/null
+++ b/full_chain.pem
@@ -0,0 +1,60 @@
+-----BEGIN CERTIFICATE-----
+MIIElzCCAn+gAwIBAgIUQyTmBMwNZLDzhYYaTstXHDfF1nIwDQYJKoZIhvcNAQEL
+BQAwXjELMAkGA1UEBhMCQ0gxDTALBgNVBAgMBFZhdWQxGjAYBgNVBAoMEUhvcnNl
+IFRpbmRlciBTYXJsMQwwCgYDVQQLDANJU0MxFjAUBgNVBAMMDWFuZHJld3RhdGUu
+Y2gwHhcNMjQwNjE4MTYyODAyWhcNMjUwNjE4MTYyODAyWjBbMQswCQYDVQQGEwJD
+SDEPMA0GA1UECAwGR2VuZXZhMQ8wDQYDVQQHDAZHZW5ldmExEDAOBgNVBAoMB0Nv
+bXBhbnkxGDAWBgNVBAMMD2NvbXBhbnkuYmliaS5jaDCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAK+IC/2VqLLJ/PzzWeV2dbsvxUIrg26UJZnxJ5FlK1tg
+G0QSyK/aGA162es1slL5grwgjCSu8OFKHEKey8Y75v49+9IWLtOnqtx4y/l6zY6c
+6KrR1yJ88u9yCHVHODmqhnENWVduAdFDQZXFSDrlP0Udn8Agka+VxIUZn7GxiCQW
+etgMp4zQ4UNDZjECzsQ46Hp3WqpdeAVxFxblfDPlrVBnAdWnlbBdZ3798XHDOvDX
+Josmoc8DnWkkiVOmL0KFKw9R7dAhWyTXnVojqotPxGZPbDwwPv0QSaSsolrPQ9x4
+BOSf/QgZKQXW0Q35UgDT0bzT+wIyUezu3prJRd/2oIsCAwEAAaNQME4wHQYDVR0O
+BBYEFJbDmkp+DYOTwK255fK13gEd1u15MB8GA1UdIwQYMBaAFN6ATyzm7FYoUHlX
+5afUB9g9RLGTMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAEYhZk97
+GQWYn9tJqdS8yTeza6bia+hbh2oIEUDZRe3AV/DJrqh3GoG8VqjESWWYUF/NESoL
+KrEaAl5JQYKCbrcRcqcUNpfEz9CiCDRYomu4MfJSZFuqTTIcUdo7uFg1RxEkjRO9
+uudcdghQU1CQ03GdkKVAFtDVRpGvK+Ir85Bd/Wh56ql5QjNbGSGPWAaU9vxVZ5Fk
+FT4XtEHpZalO1vuR1VuXu0Go6Looko/+cDb8UlV+Qbxt+WxzErvPgrkt9+UJDs7o
+R1v5tIFLE1T3vsfucrlRn4Huj3VFh5LcuWuYtnONJ1hIqrwaJm1leHm7OuJRH/qb
+o4b4LIBrqdLetYKvcsE+tIOA/lkkXwlD17+CqW0lJtfLhlhgxkQBV06kMufO4Bf+
+BstnY20eqXxAf57L7v/EZvmVpqgkraWdrdNYcE5HfFXmODsvcdo2i49ZZ8Q1jj67
+FBiKR4wTE5goARvK/iF4ZHCo4hyOist2eO9R8ZYYkYZiTagkh9DDXodAq6tehAcp
+BkBAKDJV5WX84A+2hEqN6cMYYK8Nu5q3mH0WdQUPK4dhxzOHchRPIIL294iIdru6
+J8q8hxrw0fgupOGS7Xwc/XBkIMG2xbCYxVxJhjKPYg/RcqQIPmt2LB/t2DdNVErj
+MZwEPki6N1FqBKWzsK4tg8IHMAnTeWJVE3eB
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFsDCCA5igAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwcDEXMBUGA1UEAwwOaG9y
+c2V0aW5kZXIuY2gxCzAJBgNVBAYTAkNIMQ0wCwYDVQQIDARWYXVkMQ8wDQYDVQQH
+DAZHZW5ldmExGjAYBgNVBAoMEUhvcnNlIFRpbmRlciBTYXJsMQwwCgYDVQQLDANJ
+U0MwHhcNMjQwNTE2MjA1ODMwWhcNMzQwNTE0MjA1ODMwWjBeMQswCQYDVQQGEwJD
+SDENMAsGA1UECAwEVmF1ZDEaMBgGA1UECgwRSG9yc2UgVGluZGVyIFNhcmwxDDAK
+BgNVBAsMA0lTQzEWMBQGA1UEAwwNYW5kcmV3dGF0ZS5jaDCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBAMsTexhqMHc2CXkVZjFaQVV0p4jUjDvLMshKyxMI
+/twPv/vOg4qRgmaAZ7FUXtjCXN3E1RT40VICRps5zOPkJxMukbNOAKVkSlcvSCEV
+d51PrA1B9QIq3YVCOE/Q503bsDbcX2sSphnME39A2hMOSuRldNK6QsIM7BJccdD7
+lUcKhDMhMNkZ5+bFcxsf+XinkVnT/LyGm4PLjagjXAOCT2adOGboUFhmRo0/vHof
+R9h5gbrHLiGf8BZcX4VK28EhGKoNOKpdspcCIXfzDFFFNVt1cpXBufXTcH8T04kz
+IeVqN34lA/LRF3X/leZ/J5ZjbhSK50kOenP+5gmJ0tkRj0mOeYUNVYs+tz86uhvL
+uYdABXLeaAeVoJrmtuz0E7O2ls6B+ay+hmZGZvl6TnPnZ/y6eMuP7hNNw8AkTWV5
+ps3sUE7puEMFseN4ABR7RtrK/j/m8BOzOLBaivMzyGIDOiwAjNA76Ab9phdmxvrM
+PEPDhMKiPvYfdbVs0AdrHFkHKGrTSmHorFA42idfbutXTGoWufxv21nlZMSqxn11
+/nTdFb1j6RZBJHYKhD7vnvOcp/SB4BstnTcXX+XWoCwAhNMXJO0BzJbGnpeA1zP+
+5igXVcXDClrnqa5+2r9hxYKHD+utEzr+hMAabUmx/MZXwhZoXH/I7KDuw54PMK5K
+0Dn1AgMBAAGjZjBkMB0GA1UdDgQWBBTegE8s5uxWKFB5V+Wn1AfYPUSxkzAfBgNV
+HSMEGDAWgBRBW8ia+4qNimJujZGcOmAgu1mBzzASBgNVHRMBAf8ECDAGAQH/AgEA
+MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAL/Q91IV5UoQamfVe
+wg3Wx1dWJw3e7fxZpXAF2GkGgIqsmMZdscU8AQ3eMPriDQcqW0mcSohKl8gN6pvY
+bPqbfrzrZV7LVc/5O0JcWAD1oIJceKLZ2DSaAzPHvz9N0qC9YIDnw8wN1AfqK4OC
+UbTheKVHotYT8S13dAY/asVLpTf8xlvngt3RObe3U6KyO81pGmM/HHRuPMum/fV0
+iHtasCQ4hUZ/+x2wwngnm+yxfcDJaLDJ9IUhQZQwiw27OChh+MLrlkqmzxfntMjv
+/kCImH4T2X3c6czJ56qpLsv7wRDAxsNjJtCasXkXBl+RNvSCer3G3SPB/yl30bUf
+C/OBfJyuGs5H7DdUJ39d0MUK4YC+b7t6YH+dEAD6HZBP2tzmEGcREAtQV+5e5KJD
+KA9AitzuQ18MNJrBTj03qDFi3xhbuykYtKZzVWQRq/MyvxuzJFc59rqhMqp++p/R
+Oj7wv0A6/P+fbUm1FlEiREKFF6ejcJWCP0SdJIlv8ZiTkdg8UGFM0dGed5hXQvww
+nZZhfxOo+NIil1BoGfZZ38qbUNdK2kMxnrTdqgFX53Hz9xqjXTn43FMS+CJRZxVP
+o45dAtQbKOkKStVAWC9cXvzAS4st/hdlC5EkbzsZUXArRjTJ0A633YkDTu6OshKH
+lJDwQc1G93zhyDVJDfMWSf1rg78=
+-----END CERTIFICATE-----
diff --git a/gen_cert.py b/gen_cert.py
index 71d35b0..4eb9fb5 100644
--- a/gen_cert.py
+++ b/gen_cert.py
@@ -1,12 +1,12 @@
+
 import datetime
 import argparse
 from cryptography import x509
-from cryptography.x509.oid import NameOID
 from cryptography.hazmat.primitives import hashes, serialization
 from cryptography.hazmat.primitives.asymmetric import rsa
 
 
-def load_ca(ca_cert_path, ca_key_path, ca_key_password=None):
+def load_ca(ca_cert_path, ca_key_path, ca_key_password):
     with open(ca_cert_path, 'rb') as cert_file:
         ca_cert = x509.load_pem_x509_certificate(cert_file.read())
 
@@ -17,16 +17,9 @@ def load_ca(ca_cert_path, ca_key_path, ca_key_password=None):
     return ca_cert, ca_key
 
 
-def generate_private_key():
-    private_key = rsa.generate_private_key(
-        public_exponent=65537, key_size=2048)
-    return private_key
-
-
-def create_csr(private_key, common_name):
-    csr = x509.CertificateSigningRequestBuilder().subject_name(x509.Name([
-        x509.NameAttribute(NameOID.COMMON_NAME, common_name),
-    ])).sign(private_key, hashes.SHA256())
+def load_csr(csr_path):
+    with open(csr_path, 'rb') as csr_file:
+        csr = x509.load_pem_x509_csr(csr_file.read())
     return csr
 
 
@@ -67,44 +60,30 @@ def save_certificate(cert, filepath):
         f.write(cert.public_bytes(serialization.Encoding.PEM))
 
 
-def save_private_key(private_key, filepath, password=None):
-    encryption = serialization.NoEncryption()
-    if password:
-        encryption = serialization.BestAvailableEncryption(password.encode())
-
-    with open(filepath, "wb") as f:
-        f.write(private_key.private_bytes(
-            encoding=serialization.Encoding.PEM,
-            format=serialization.PrivateFormat.PKCS8,
-            encryption_algorithm=encryption
-        ))
-
-
 def main():
     parser = argparse.ArgumentParser()
 
     parser.add_argument("ca_cert_path", help="Path to the CA certificate")
     parser.add_argument("ca_key_path", help="Path to the CA private key")
+    parser.add_argument("csr_path", help="Path to the Certificate Signing Request (CSR)")
+    parser.add_argument("output_cert_path", help="Output path for the signed certificate")
     args = parser.parse_args()
 
     ca_cert_path = args.ca_cert_path
     ca_key_path = args.ca_key_path
+    csr_path = args.csr_path
+    output_cert_path = args.output_cert_path
 
-    ca_cert, ca_key = load_ca(ca_cert_path, ca_key_path, ca_key_password=None)
-
-    intermediate_private_key = generate_private_key()
+    ca_cert, ca_key = load_ca(ca_cert_path, ca_key_path, ca_key_password=b"admin1234")
 
-    intermediate_csr = create_csr(
-        intermediate_private_key, common_name="*.bibi.ch")
+    csr = load_csr(csr_path)
 
-    intermediate_cert = create_certificate(
-        intermediate_csr, ca_cert, ca_key, is_intermediate=True)
+    signed_cert = create_certificate(csr, ca_cert, ca_key, is_intermediate=False)
 
-    save_certificate(intermediate_cert, "intermediate_cert.pem")
-    save_private_key(intermediate_private_key, "intermediate_key.pem")
+    save_certificate(signed_cert, output_cert_path)
 
     with open("full_chain.pem", "wb") as f:
-        f.write(intermediate_cert.public_bytes(serialization.Encoding.PEM))
+        f.write(signed_cert.public_bytes(serialization.Encoding.PEM))
         f.write(ca_cert.public_bytes(serialization.Encoding.PEM))
 
 
diff --git a/newcompany/certs/out.pem b/newcompany/certs/out.pem
new file mode 100644
index 0000000..2a4000f
--- /dev/null
+++ b/newcompany/certs/out.pem
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIElzCCAn+gAwIBAgIUQyTmBMwNZLDzhYYaTstXHDfF1nIwDQYJKoZIhvcNAQEL
+BQAwXjELMAkGA1UEBhMCQ0gxDTALBgNVBAgMBFZhdWQxGjAYBgNVBAoMEUhvcnNl
+IFRpbmRlciBTYXJsMQwwCgYDVQQLDANJU0MxFjAUBgNVBAMMDWFuZHJld3RhdGUu
+Y2gwHhcNMjQwNjE4MTYyODAyWhcNMjUwNjE4MTYyODAyWjBbMQswCQYDVQQGEwJD
+SDEPMA0GA1UECAwGR2VuZXZhMQ8wDQYDVQQHDAZHZW5ldmExEDAOBgNVBAoMB0Nv
+bXBhbnkxGDAWBgNVBAMMD2NvbXBhbnkuYmliaS5jaDCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAK+IC/2VqLLJ/PzzWeV2dbsvxUIrg26UJZnxJ5FlK1tg
+G0QSyK/aGA162es1slL5grwgjCSu8OFKHEKey8Y75v49+9IWLtOnqtx4y/l6zY6c
+6KrR1yJ88u9yCHVHODmqhnENWVduAdFDQZXFSDrlP0Udn8Agka+VxIUZn7GxiCQW
+etgMp4zQ4UNDZjECzsQ46Hp3WqpdeAVxFxblfDPlrVBnAdWnlbBdZ3798XHDOvDX
+Josmoc8DnWkkiVOmL0KFKw9R7dAhWyTXnVojqotPxGZPbDwwPv0QSaSsolrPQ9x4
+BOSf/QgZKQXW0Q35UgDT0bzT+wIyUezu3prJRd/2oIsCAwEAAaNQME4wHQYDVR0O
+BBYEFJbDmkp+DYOTwK255fK13gEd1u15MB8GA1UdIwQYMBaAFN6ATyzm7FYoUHlX
+5afUB9g9RLGTMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAEYhZk97
+GQWYn9tJqdS8yTeza6bia+hbh2oIEUDZRe3AV/DJrqh3GoG8VqjESWWYUF/NESoL
+KrEaAl5JQYKCbrcRcqcUNpfEz9CiCDRYomu4MfJSZFuqTTIcUdo7uFg1RxEkjRO9
+uudcdghQU1CQ03GdkKVAFtDVRpGvK+Ir85Bd/Wh56ql5QjNbGSGPWAaU9vxVZ5Fk
+FT4XtEHpZalO1vuR1VuXu0Go6Looko/+cDb8UlV+Qbxt+WxzErvPgrkt9+UJDs7o
+R1v5tIFLE1T3vsfucrlRn4Huj3VFh5LcuWuYtnONJ1hIqrwaJm1leHm7OuJRH/qb
+o4b4LIBrqdLetYKvcsE+tIOA/lkkXwlD17+CqW0lJtfLhlhgxkQBV06kMufO4Bf+
+BstnY20eqXxAf57L7v/EZvmVpqgkraWdrdNYcE5HfFXmODsvcdo2i49ZZ8Q1jj67
+FBiKR4wTE5goARvK/iF4ZHCo4hyOist2eO9R8ZYYkYZiTagkh9DDXodAq6tehAcp
+BkBAKDJV5WX84A+2hEqN6cMYYK8Nu5q3mH0WdQUPK4dhxzOHchRPIIL294iIdru6
+J8q8hxrw0fgupOGS7Xwc/XBkIMG2xbCYxVxJhjKPYg/RcqQIPmt2LB/t2DdNVErj
+MZwEPki6N1FqBKWzsK4tg8IHMAnTeWJVE3eB
+-----END CERTIFICATE-----
diff --git a/newcompany/company.csr b/newcompany/company.csr
new file mode 100644
index 0000000..1ba0a29
--- /dev/null
+++ b/newcompany/company.csr
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICoDCCAYgCAQAwWzELMAkGA1UEBhMCQ0gxDzANBgNVBAgMBkdlbmV2YTEPMA0G
+A1UEBwwGR2VuZXZhMRAwDgYDVQQKDAdDb21wYW55MRgwFgYDVQQDDA9jb21wYW55
+LmJpYmkuY2gwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCviAv9laiy
+yfz881nldnW7L8VCK4NulCWZ8SeRZStbYBtEEsiv2hgNetnrNbJS+YK8IIwkrvDh
+ShxCnsvGO+b+PfvSFi7Tp6rceMv5es2OnOiq0dcifPLvcgh1Rzg5qoZxDVlXbgHR
+Q0GVxUg65T9FHZ/AIJGvlcSFGZ+xsYgkFnrYDKeM0OFDQ2YxAs7EOOh6d1qqXXgF
+cRcW5Xwz5a1QZwHVp5WwXWd+/fFxwzrw1yaLJqHPA51pJIlTpi9ChSsPUe3QIVsk
+151aI6qLT8RmT2w8MD79EEmkrKJaz0PceATkn/0IGSkF1tEN+VIA09G80/sCMlHs
+7t6ayUXf9qCLAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAQOpjWvDPho8VS+0q
+nWpThInV3XPUNrWprhihmPPVs0gZFZasEaRs5FGfOqBT1ha6fH0w+Jxt6LVe8icT
+RMKsde0bNRc8R5MafyHmV7zju1qoYBLbwCYU4VF3QVtTKmBMgUpFNloH32WL1S2Y
+jFBKzTzJjJRVMuEcgOZZix2L66ZIK6fIz1dYzp7umye9vdlyn1u4cfOJnL+BAgT8
+lHPLBLFKvIbCHuAfSmz0K/G/EaRBaa1MSI288z9Ag1r4rupEcQm/2OMHh9ZsAZLD
+JPYT69dwLbYNyRMz/IEE68nzYgWSuUeD2nRUokZ+fQFzxUUDEzWQyG4tq/T1WT4u
+PaJmgg==
+-----END CERTIFICATE REQUEST-----
diff --git a/newcompany/privatekey.key b/newcompany/privatekey.key
new file mode 100644
index 0000000..b8a16c4
--- /dev/null
+++ b/newcompany/privatekey.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFJDBWBgkqhkiG9w0BBQ0wSTAxBgkqhkiG9w0BBQwwJAQQcoGkxCywLauiIU1j
+4C68rAICCAAwDAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQI3UMqjsHllfEEggTI
+FcjufttQSb0R/vrqNRYYXbWHySe1h53hewWlH8zcyY9iemqZKUwkt1G45PLb7Ccd
+DS+Lx2M+El2o1wal0I55hszumky77NBDQSVjNQTW86bLoSjw+OnDxxbGqNtfpfz3
+sSwUHfyyGuO3LxsmWjVp9OxByLGoOT+sjkX89fS1mr8JAXAo3YtWMTnFSIDtjIMI
+PuM0KlV9wp4b9flirpgUwLrMpKxqImkcXyYIVjR8Zsjbr9BKgKy+bmqWwnob97Tf
+rPjWwfdbRzV6a8K52z+vmAtl27GVBekdsXtDsqS0fb6kpQbZzt90kNCVvNxiIzG/
+/+IuocbeJi/sASdMJZKO70Q/p6So8X37hkWqgBGat+wUtFLx4ojz7jLNQ/wCZ5+l
+xFMzPejJVPQvEFPi3lmD2/ds5iiG1/5aoCIUyV8sPDfgHVSAy5dlapg14jbo09R3
+AqPFLPDVkKFB1BvfOFOuCIFK3GRdA0b2/lyEZ1rzuZHTFRm0r86l8NB5AnNIs97q
+iUJBXJiAFGeSoviEODHLkv+5fAovkIjncu8MW6JioJhW3LBzT4eA4Jba1xOOATVI
+vdQYs+9TPD82e3VxbQemGUn5XtcVpVhDJFZuT3AEtg9zDDxoiLTjXNIF0RqMHKH3
+piKcL/KNgczxNF8sAcMMozSqGhh5me8M+fpno2O8PvHdl0/1El6mUnw1RbcifvbH
+OwN7Xyt3J14CQFsXZb6OSGmH+luu3KRIeOqeh1DsMJCy4/8/bIIqbUdvq0sB0bqI
+TtYxHIkXAUCxMLjTIOjHKwQIM78RwM4RaY4SKF3PWeBGoZV4DGnRrGHluJ1DaJ+7
+DkzswonRVa3trOZsnldT07oxfK7a5p4hpvNT072mXHWyyw9P2G1WS/Qy6XNSCz0Q
+KoR81HReKVjIqFMeyPY+hLmleMVwvMwiLFPIaMUnn9Ql+rwUqIKrPUzifiGyQJVt
+XsAUjk1+jw9N+GRLBXahUlxDoqNMcmpCtlnECvnxcdF0yhk8/xi5mNT0Paxozzr3
+n463XlQuw2ih6tX0J1It420sd9wynND385pTXlyjOH8aFN6DhenGZkJ39uC5fvKR
+oMEE0GKcV9g3nVonPl5PJEPUSUvery5lFZ7Tlzxn/v6nvDhVI6NioaD9qz6CEf5I
+BDLSOdHfa02uN4/MaYq4bVVuyzzNBb5F99I3EFKzSHwd89udQhPgpJrwz/xrTPpq
+GNPt9dxtlENmPOsN33aRw9w2bpEIbX+PupO8mGh1GYRE8y5RHs33rrTVkYMtpyjY
+V6gXFTL5Lo7UCN9tXwvg8BYj5ZZzkRd8/tSBK83gKNpl5ZrtMBVsBnzicljs5IDP
+K4hh9/uqFYfYvhsofSAYQAqlTLblGrD0hjYTE5ONSBFfft3rBL0tIY6HCasmF2eN
+RrgxrlNFNMTSDFf3/GXN1U8kBVaxo6Yn7M8Fr5yW1K62g9ovcpoD2zsVNMAx7TZ3
+aSHr6DMcN7uqXJfFLbQLOtvGpQTeIKjmtQJxjiuMCpkY6wQKr75r5Y8lOA9TBTuZ
+GrYOOrZZo81YE99UxjPwJ7dGFWiqM+8/9PBmK1QOAyPTJBt+lRgk6vbwaKdeGjf7
+zqyYAqDIQgkYKaYVngLuvwy0zuIMz3OH
+-----END ENCRYPTED PRIVATE KEY-----
-- 
GitLab