From 0016b2ce13461c82c1289f296d6f2274d461aa24 Mon Sep 17 00:00:00 2001 From: brian <brian@mails.bcrl.ch> Date: Tue, 18 Jun 2024 18:33:10 +0200 Subject: [PATCH] script now takes CSR and outputs pem cert --- certs/ca/certs/ca.cert.pem | 34 +++++ certs/ca/index.txt | 2 + certs/ca/index.txt.attr | 1 + certs/ca/index.txt.attr.old | 1 + certs/ca/index.txt.old | 1 + certs/ca/intermediate/certs/bibi.ch.cert.pem | 34 +++++ certs/ca/intermediate/certs/ca-chain.cert.pem | 67 +++++++++ .../intermediate/certs/intermediate.cert.pem | 33 +++++ .../ca/intermediate/csr/andrewtate.ch.csr.pem | 18 +++ certs/ca/intermediate/csr/bibi.ch.csr.pem | 17 +++ .../ca/intermediate/csr/intermediate.csr.pem | 28 ++++ certs/ca/intermediate/index.txt | 2 + certs/ca/intermediate/index.txt.attr | 1 + certs/ca/intermediate/index.txt.attr.old | 1 + certs/ca/intermediate/index.txt.old | 1 + certs/ca/intermediate/newcerts/1000.pem | 34 +++++ certs/ca/intermediate/newcerts/1001.pem | 34 +++++ certs/ca/intermediate/openssl.cnf | 140 ++++++++++++++++++ .../private/andrewtate.ch.key.pem | 30 ++++ .../intermediate/private/intermediate.key.pem | 54 +++++++ certs/ca/intermediate/serial | 1 + certs/ca/intermediate/serial.old | 1 + certs/ca/newcerts/1000.pem | 33 +++++ certs/ca/newcerts/1001.pem | 33 +++++ certs/ca/openssl.cnf | 132 +++++++++++++++++ certs/ca/private/ca.key.pem | 54 +++++++ certs/ca/serial | 1 + certs/ca/serial.old | 1 + full_chain.pem | 60 ++++++++ gen_cert.py | 49 ++---- newcompany/certs/out.pem | 27 ++++ newcompany/company.csr | 17 +++ newcompany/privatekey.key | 30 ++++ 33 files changed, 937 insertions(+), 35 deletions(-) create mode 100644 certs/ca/certs/ca.cert.pem create mode 100644 certs/ca/index.txt create mode 100644 certs/ca/index.txt.attr create mode 100644 certs/ca/index.txt.attr.old create mode 100644 certs/ca/index.txt.old create mode 100644 certs/ca/intermediate/certs/bibi.ch.cert.pem create mode 100644 certs/ca/intermediate/certs/ca-chain.cert.pem create mode 100644 certs/ca/intermediate/certs/intermediate.cert.pem create mode 100644 certs/ca/intermediate/csr/andrewtate.ch.csr.pem create mode 100644 certs/ca/intermediate/csr/bibi.ch.csr.pem create mode 100644 certs/ca/intermediate/csr/intermediate.csr.pem create mode 100644 certs/ca/intermediate/index.txt create mode 100644 certs/ca/intermediate/index.txt.attr create mode 100644 certs/ca/intermediate/index.txt.attr.old create mode 100644 certs/ca/intermediate/index.txt.old create mode 100644 certs/ca/intermediate/newcerts/1000.pem create mode 100644 certs/ca/intermediate/newcerts/1001.pem create mode 100644 certs/ca/intermediate/openssl.cnf create mode 100644 certs/ca/intermediate/private/andrewtate.ch.key.pem create mode 100644 certs/ca/intermediate/private/intermediate.key.pem create mode 100644 certs/ca/intermediate/serial create mode 100644 certs/ca/intermediate/serial.old create mode 100644 certs/ca/newcerts/1000.pem create mode 100644 certs/ca/newcerts/1001.pem create mode 100644 certs/ca/openssl.cnf create mode 100644 certs/ca/private/ca.key.pem create mode 100644 certs/ca/serial create mode 100644 certs/ca/serial.old create mode 100644 full_chain.pem create mode 100644 newcompany/certs/out.pem create mode 100644 newcompany/company.csr create mode 100644 newcompany/privatekey.key diff --git a/certs/ca/certs/ca.cert.pem b/certs/ca/certs/ca.cert.pem new file mode 100644 index 0000000..1d256a2 --- /dev/null +++ b/certs/ca/certs/ca.cert.pem @@ -0,0 +1,34 @@ +-----BEGIN CERTIFICATE----- +MIIF0TCCA7mgAwIBAgIUTYJwDE0JnSgF0p6JoxQQE0w+iL4wDQYJKoZIhvcNAQEL +BQAwcDEXMBUGA1UEAwwOaG9yc2V0aW5kZXIuY2gxCzAJBgNVBAYTAkNIMQ0wCwYD +VQQIDARWYXVkMQ8wDQYDVQQHDAZHZW5ldmExGjAYBgNVBAoMEUhvcnNlIFRpbmRl +ciBTYXJsMQwwCgYDVQQLDANJU0MwHhcNMjQwNTE2MjA0MTI3WhcNNDQwNTExMjA0 +MTI3WjBwMRcwFQYDVQQDDA5ob3JzZXRpbmRlci5jaDELMAkGA1UEBhMCQ0gxDTAL +BgNVBAgMBFZhdWQxDzANBgNVBAcMBkdlbmV2YTEaMBgGA1UECgwRSG9yc2UgVGlu +ZGVyIFNhcmwxDDAKBgNVBAsMA0lTQzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC +AgoCggIBAKDU2hfwVPYQOxdtZHAfgCD0OJRRF0QpvnQ7P6QUvTcnBg01C3FMTbAF +8mODblW+MCDfDkOn7mtVNBRbkAOTqzUTDy4CejQ2VUJO0MTAP+l3UmZW8Rog1wGr +tDdvXHBm+IThjn2y0qcQwHko9ckUhGd33ql1raEuDBVRVgpURaUsD++QeLMH4nE4 +IrcRq3+jROpRsBR8H+NFsH9ltCMlmTCRkLGO6Fh83qPN/QXxp2OlLV+0EoeEHo84 +6i7VphjoyQBZMwNNdS9tJmJS/GLMmPnOnQ9svVo7OeFeXQBZ4E4N+Fk/l0v08ugG +Di+nrkIA0Xxhptl4HRTohuJDkvgZ6Yo5W6B/7YoMTiHUkfFQ7w6hUsuAYLV3mA9e +KNtLF7z1MkeL8PxJMIF5XW1hzQktQbFOuT21xuZvLGAAmmfItWrN8UrwehP6Empq +WvHF+fVGEWYUlunLM2q+qNpzDGV7LJ5XsUgDqEUVrG71GagDYYHBZPBkStt4PC4a +0UFYVVbvgbLl1GYF09b+6Fd1yZfBuV32z/9xVtkZkyn7cbbNsTRO+KwEThppt51S +CwjL7cPFItLXdrJbVl+ZBRcvF/lpb4rSHNEcwdJzpSBFXPSZqAgG6uYFFR6YbUFV +2bmHEeaanTMUi07JxDK1ZQWLse/LODNnyB6gVhRa0SqHxJ4cEwv/AgMBAAGjYzBh +MB0GA1UdDgQWBBRBW8ia+4qNimJujZGcOmAgu1mBzzAfBgNVHSMEGDAWgBRBW8ia ++4qNimJujZGcOmAgu1mBzzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +hjANBgkqhkiG9w0BAQsFAAOCAgEAKrLKpffpLJNo5lXc3usgwRItvwYqIpys/6/g +m68qVoT/nFCRdz6r3YXiQ6HZa8BgDE9a+pLZqEBSnx8XTe1IrkPc5LUEXFi6Y+gN +ZF+OWMQ6h979JXFQx1a8kwTcIkxU0+ThspFnmPvbBrZ1A4/aNsHNJZK2qjLObsML +9hKlnQx4wIMbLXrTcofrQhuUPw2aLY5zi64LvE7LEjsY2Bh/9fVBOGHM5llX+lDI +/G7nl3z6v72+Db5hDi6SgJBD6V8xP1OKVmeJjGhwe5okNGq93Gi188wTvpUJMemk +yy3FVTzRHK8pbK4a5D6zE0DqJTI4DfrefTKsCaqT1K+YSv42gB2jAYyFrbU19p48 +WTzboztNmSAS5tycfA3/SWFBrrj+SCqtbf51/IQrPAh2qN4Jx9cqrApMAI+wTdiB +yuo8YCW38DTL0HDc6lvMIMfIRaq7sz1+i2lwNav27d8l0sYK49j92ei4Ylua6S7E +P/B8R9rYfjjkWaU+zkql9XXBVmFnbUXbr5dzutgusOS02uGbwis6UtKy+c18USog +S7Jc0TusKD/Yv3xfqA4OKcrUJnhKTwA9pA+a5tCZtqbhbMXKrvj8Ngw/W8VVh27Y +4os1SkpxugXblTc4rNrLqk7hkp0k+a6bLREaihTpyjVjd942Uey251K7400m236D +cpxtIDA= +-----END CERTIFICATE----- diff --git a/certs/ca/index.txt b/certs/ca/index.txt new file mode 100644 index 0000000..88c6f84 --- /dev/null +++ b/certs/ca/index.txt @@ -0,0 +1,2 @@ +V 340514204530Z 1000 unknown /C=CH/ST=Vaud/O=Horse Tinder Sarl/OU=ISC/CN=horsetinder.ch +V 340514205830Z 1001 unknown /C=CH/ST=Vaud/O=Horse Tinder Sarl/OU=ISC/CN=andrewtate.ch diff --git a/certs/ca/index.txt.attr b/certs/ca/index.txt.attr new file mode 100644 index 0000000..8f7e63a --- /dev/null +++ b/certs/ca/index.txt.attr @@ -0,0 +1 @@ +unique_subject = yes diff --git a/certs/ca/index.txt.attr.old b/certs/ca/index.txt.attr.old new file mode 100644 index 0000000..8f7e63a --- /dev/null +++ b/certs/ca/index.txt.attr.old @@ -0,0 +1 @@ +unique_subject = yes diff --git a/certs/ca/index.txt.old b/certs/ca/index.txt.old new file mode 100644 index 0000000..2aeb72e --- /dev/null +++ b/certs/ca/index.txt.old @@ -0,0 +1 @@ +V 340514204530Z 1000 unknown /C=CH/ST=Vaud/O=Horse Tinder Sarl/OU=ISC/CN=horsetinder.ch diff --git a/certs/ca/intermediate/certs/bibi.ch.cert.pem b/certs/ca/intermediate/certs/bibi.ch.cert.pem new file mode 100644 index 0000000..f9087cd --- /dev/null +++ b/certs/ca/intermediate/certs/bibi.ch.cert.pem @@ -0,0 +1,34 @@ +-----BEGIN CERTIFICATE----- +MIIF0zCCA7ugAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwXjELMAkGA1UEBhMCQ0gx +DTALBgNVBAgMBFZhdWQxGjAYBgNVBAoMEUhvcnNlIFRpbmRlciBTYXJsMQwwCgYD +VQQLDANJU0MxFjAUBgNVBAMMDWFuZHJld3RhdGUuY2gwHhcNMjQwNTE2MjEyMjE3 +WhcNMjUwNTI2MjEyMjE3WjBnMQswCQYDVQQGEwJDSDENMAsGA1UECAwEVmF1ZDEP +MA0GA1UEBwwGR2VuZXZhMRgwFgYDVQQKDA9MZSBUcmlvIEdhZ25hbnQxDDAKBgNV +BAsMA0lTQzEQMA4GA1UEAwwHYmliaS5jaDCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAN/D5iemsTHkguIeA/OkPO6tTD3WsgPrnfOVvF7+8ASZRLBrvPD9 +3w9u34QU/cp797l9+dt+26zWDw0JyANikuvDuAdlHeVUyEj8MLjEZzwXNPv0vK5S +iqZNCJ9VyibEZAancGWzhr2BW9jqBzHdMb8mNoM0ZJa7krWEFukHUbPjSUoE6EdB +cWSSO+mrIxTJmBwr5OzvtCMQO9tdc9Z7n5w42zLmQhLXRc911FE+9Ui/PE5jrYIe +22U6LpyBur/0i0RutDLvalgT+ZqJaVnRu6UemKGQsZEyo9JnTf3rbgZP9FehQEZ4 +KKInSwr3tx6p8xLATC0T8+9d6RUx9+52YpsCAwEAAaOCAZAwggGMMAkGA1UdEwQC +MAAwEQYJYIZIAYb4QgEBBAQDAgZAMDMGCWCGSAGG+EIBDQQmFiRPcGVuU1NMIEdl +bmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFEfuj70CdFuqdOO+ +zfHE4ht7J0T8MIGbBgNVHSMEgZMwgZCAFN6ATyzm7FYoUHlX5afUB9g9RLGToXSk +cjBwMRcwFQYDVQQDDA5ob3JzZXRpbmRlci5jaDELMAkGA1UEBhMCQ0gxDTALBgNV +BAgMBFZhdWQxDzANBgNVBAcMBkdlbmV2YTEaMBgGA1UECgwRSG9yc2UgVGluZGVy +IFNhcmwxDDAKBgNVBAsMA0lTQ4ICEAEwDgYDVR0PAQH/BAQDAgXgMBMGA1UdJQQM +MAoGCCsGAQUFBwMBMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDov +L29jc3AyLmV4YW1wbGUuY29tMB8GA1UdEQQYMBaCB2JpYmkuY2iCC3d3dy5iaWJp +LmNoMA0GCSqGSIb3DQEBCwUAA4ICAQAVPFEmoxhJShTw/pLzwY6dman9FWUQT9/8 +rPnHimCcgti6KJVWPE+gf7GW+P25bQH2pqNy0BanG/434Ly7QPxEO6ZE4+iz1NIK +mwdOME7S7YY+fRho0apcW+b84YP39yewSz5vxWI29n3dt6FshUpTNc3MU2qP/93V +VaiEMqZIO4Z5BwN+pkhOtZdVG3Faxw4/9hKcUOxExGerdxlqNidBtPObE39OQV5t +mad2xSUq3GJU9ebUwqQbfugQz2+4uQU8cjdWE5sdrFgJuSr+b7gojICMF1NRse7a +/b9NGm5DLqpNi/6XCmw3qjHoIYzUEO1RTC04BatkondCE4owTFa3P8XOG/u8VTxh +eu26o/tnrKmmniPoDQDSVodghGJ0QdGoKzzafiUaDZIfRFrQVdp3GcexLYb1FgXq +FULg0gmELgthBG8xuvSyIPG1GBdJCKG5GUgjSkgr43SR8n1iBEjQUucrluxgTmM2 +H/mFMnqrEF5O8qAE0B2MV52cD1OdNhC/xw7v8fuaY6Rg4dLdSAUpEurKk4OkOYXA +LhT9jRILji/y1p+SC/HOyXhkJm1ELxULLjbVWYD+qjMkiXXj2ePeFHYFHEkQqsuM +3hR9b/ouT0xRyLeHgSrePEwY8ohogrSyK2lYvoeFxtFwB75lOODdtgoMXfut8tzt +REfeuftqrA== +-----END CERTIFICATE----- diff --git a/certs/ca/intermediate/certs/ca-chain.cert.pem b/certs/ca/intermediate/certs/ca-chain.cert.pem new file mode 100644 index 0000000..b8d279d --- /dev/null +++ b/certs/ca/intermediate/certs/ca-chain.cert.pem @@ -0,0 +1,67 @@ +-----BEGIN CERTIFICATE----- +MIIFsDCCA5igAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwcDEXMBUGA1UEAwwOaG9y +c2V0aW5kZXIuY2gxCzAJBgNVBAYTAkNIMQ0wCwYDVQQIDARWYXVkMQ8wDQYDVQQH +DAZHZW5ldmExGjAYBgNVBAoMEUhvcnNlIFRpbmRlciBTYXJsMQwwCgYDVQQLDANJ +U0MwHhcNMjQwNTE2MjA1ODMwWhcNMzQwNTE0MjA1ODMwWjBeMQswCQYDVQQGEwJD +SDENMAsGA1UECAwEVmF1ZDEaMBgGA1UECgwRSG9yc2UgVGluZGVyIFNhcmwxDDAK +BgNVBAsMA0lTQzEWMBQGA1UEAwwNYW5kcmV3dGF0ZS5jaDCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAMsTexhqMHc2CXkVZjFaQVV0p4jUjDvLMshKyxMI +/twPv/vOg4qRgmaAZ7FUXtjCXN3E1RT40VICRps5zOPkJxMukbNOAKVkSlcvSCEV +d51PrA1B9QIq3YVCOE/Q503bsDbcX2sSphnME39A2hMOSuRldNK6QsIM7BJccdD7 +lUcKhDMhMNkZ5+bFcxsf+XinkVnT/LyGm4PLjagjXAOCT2adOGboUFhmRo0/vHof +R9h5gbrHLiGf8BZcX4VK28EhGKoNOKpdspcCIXfzDFFFNVt1cpXBufXTcH8T04kz +IeVqN34lA/LRF3X/leZ/J5ZjbhSK50kOenP+5gmJ0tkRj0mOeYUNVYs+tz86uhvL +uYdABXLeaAeVoJrmtuz0E7O2ls6B+ay+hmZGZvl6TnPnZ/y6eMuP7hNNw8AkTWV5 +ps3sUE7puEMFseN4ABR7RtrK/j/m8BOzOLBaivMzyGIDOiwAjNA76Ab9phdmxvrM +PEPDhMKiPvYfdbVs0AdrHFkHKGrTSmHorFA42idfbutXTGoWufxv21nlZMSqxn11 +/nTdFb1j6RZBJHYKhD7vnvOcp/SB4BstnTcXX+XWoCwAhNMXJO0BzJbGnpeA1zP+ +5igXVcXDClrnqa5+2r9hxYKHD+utEzr+hMAabUmx/MZXwhZoXH/I7KDuw54PMK5K +0Dn1AgMBAAGjZjBkMB0GA1UdDgQWBBTegE8s5uxWKFB5V+Wn1AfYPUSxkzAfBgNV +HSMEGDAWgBRBW8ia+4qNimJujZGcOmAgu1mBzzASBgNVHRMBAf8ECDAGAQH/AgEA +MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAL/Q91IV5UoQamfVe +wg3Wx1dWJw3e7fxZpXAF2GkGgIqsmMZdscU8AQ3eMPriDQcqW0mcSohKl8gN6pvY +bPqbfrzrZV7LVc/5O0JcWAD1oIJceKLZ2DSaAzPHvz9N0qC9YIDnw8wN1AfqK4OC +UbTheKVHotYT8S13dAY/asVLpTf8xlvngt3RObe3U6KyO81pGmM/HHRuPMum/fV0 +iHtasCQ4hUZ/+x2wwngnm+yxfcDJaLDJ9IUhQZQwiw27OChh+MLrlkqmzxfntMjv +/kCImH4T2X3c6czJ56qpLsv7wRDAxsNjJtCasXkXBl+RNvSCer3G3SPB/yl30bUf +C/OBfJyuGs5H7DdUJ39d0MUK4YC+b7t6YH+dEAD6HZBP2tzmEGcREAtQV+5e5KJD +KA9AitzuQ18MNJrBTj03qDFi3xhbuykYtKZzVWQRq/MyvxuzJFc59rqhMqp++p/R +Oj7wv0A6/P+fbUm1FlEiREKFF6ejcJWCP0SdJIlv8ZiTkdg8UGFM0dGed5hXQvww +nZZhfxOo+NIil1BoGfZZ38qbUNdK2kMxnrTdqgFX53Hz9xqjXTn43FMS+CJRZxVP +o45dAtQbKOkKStVAWC9cXvzAS4st/hdlC5EkbzsZUXArRjTJ0A633YkDTu6OshKH +lJDwQc1G93zhyDVJDfMWSf1rg78= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF0TCCA7mgAwIBAgIUTYJwDE0JnSgF0p6JoxQQE0w+iL4wDQYJKoZIhvcNAQEL +BQAwcDEXMBUGA1UEAwwOaG9yc2V0aW5kZXIuY2gxCzAJBgNVBAYTAkNIMQ0wCwYD +VQQIDARWYXVkMQ8wDQYDVQQHDAZHZW5ldmExGjAYBgNVBAoMEUhvcnNlIFRpbmRl +ciBTYXJsMQwwCgYDVQQLDANJU0MwHhcNMjQwNTE2MjA0MTI3WhcNNDQwNTExMjA0 +MTI3WjBwMRcwFQYDVQQDDA5ob3JzZXRpbmRlci5jaDELMAkGA1UEBhMCQ0gxDTAL +BgNVBAgMBFZhdWQxDzANBgNVBAcMBkdlbmV2YTEaMBgGA1UECgwRSG9yc2UgVGlu +ZGVyIFNhcmwxDDAKBgNVBAsMA0lTQzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC +AgoCggIBAKDU2hfwVPYQOxdtZHAfgCD0OJRRF0QpvnQ7P6QUvTcnBg01C3FMTbAF +8mODblW+MCDfDkOn7mtVNBRbkAOTqzUTDy4CejQ2VUJO0MTAP+l3UmZW8Rog1wGr +tDdvXHBm+IThjn2y0qcQwHko9ckUhGd33ql1raEuDBVRVgpURaUsD++QeLMH4nE4 +IrcRq3+jROpRsBR8H+NFsH9ltCMlmTCRkLGO6Fh83qPN/QXxp2OlLV+0EoeEHo84 +6i7VphjoyQBZMwNNdS9tJmJS/GLMmPnOnQ9svVo7OeFeXQBZ4E4N+Fk/l0v08ugG +Di+nrkIA0Xxhptl4HRTohuJDkvgZ6Yo5W6B/7YoMTiHUkfFQ7w6hUsuAYLV3mA9e +KNtLF7z1MkeL8PxJMIF5XW1hzQktQbFOuT21xuZvLGAAmmfItWrN8UrwehP6Empq +WvHF+fVGEWYUlunLM2q+qNpzDGV7LJ5XsUgDqEUVrG71GagDYYHBZPBkStt4PC4a +0UFYVVbvgbLl1GYF09b+6Fd1yZfBuV32z/9xVtkZkyn7cbbNsTRO+KwEThppt51S +CwjL7cPFItLXdrJbVl+ZBRcvF/lpb4rSHNEcwdJzpSBFXPSZqAgG6uYFFR6YbUFV +2bmHEeaanTMUi07JxDK1ZQWLse/LODNnyB6gVhRa0SqHxJ4cEwv/AgMBAAGjYzBh +MB0GA1UdDgQWBBRBW8ia+4qNimJujZGcOmAgu1mBzzAfBgNVHSMEGDAWgBRBW8ia ++4qNimJujZGcOmAgu1mBzzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +hjANBgkqhkiG9w0BAQsFAAOCAgEAKrLKpffpLJNo5lXc3usgwRItvwYqIpys/6/g +m68qVoT/nFCRdz6r3YXiQ6HZa8BgDE9a+pLZqEBSnx8XTe1IrkPc5LUEXFi6Y+gN +ZF+OWMQ6h979JXFQx1a8kwTcIkxU0+ThspFnmPvbBrZ1A4/aNsHNJZK2qjLObsML +9hKlnQx4wIMbLXrTcofrQhuUPw2aLY5zi64LvE7LEjsY2Bh/9fVBOGHM5llX+lDI +/G7nl3z6v72+Db5hDi6SgJBD6V8xP1OKVmeJjGhwe5okNGq93Gi188wTvpUJMemk +yy3FVTzRHK8pbK4a5D6zE0DqJTI4DfrefTKsCaqT1K+YSv42gB2jAYyFrbU19p48 +WTzboztNmSAS5tycfA3/SWFBrrj+SCqtbf51/IQrPAh2qN4Jx9cqrApMAI+wTdiB +yuo8YCW38DTL0HDc6lvMIMfIRaq7sz1+i2lwNav27d8l0sYK49j92ei4Ylua6S7E +P/B8R9rYfjjkWaU+zkql9XXBVmFnbUXbr5dzutgusOS02uGbwis6UtKy+c18USog +S7Jc0TusKD/Yv3xfqA4OKcrUJnhKTwA9pA+a5tCZtqbhbMXKrvj8Ngw/W8VVh27Y +4os1SkpxugXblTc4rNrLqk7hkp0k+a6bLREaihTpyjVjd942Uey251K7400m236D +cpxtIDA= +-----END CERTIFICATE----- diff --git a/certs/ca/intermediate/certs/intermediate.cert.pem b/certs/ca/intermediate/certs/intermediate.cert.pem new file mode 100644 index 0000000..0e1c564 --- /dev/null +++ b/certs/ca/intermediate/certs/intermediate.cert.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFsDCCA5igAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwcDEXMBUGA1UEAwwOaG9y +c2V0aW5kZXIuY2gxCzAJBgNVBAYTAkNIMQ0wCwYDVQQIDARWYXVkMQ8wDQYDVQQH +DAZHZW5ldmExGjAYBgNVBAoMEUhvcnNlIFRpbmRlciBTYXJsMQwwCgYDVQQLDANJ +U0MwHhcNMjQwNTE2MjA1ODMwWhcNMzQwNTE0MjA1ODMwWjBeMQswCQYDVQQGEwJD +SDENMAsGA1UECAwEVmF1ZDEaMBgGA1UECgwRSG9yc2UgVGluZGVyIFNhcmwxDDAK +BgNVBAsMA0lTQzEWMBQGA1UEAwwNYW5kcmV3dGF0ZS5jaDCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAMsTexhqMHc2CXkVZjFaQVV0p4jUjDvLMshKyxMI +/twPv/vOg4qRgmaAZ7FUXtjCXN3E1RT40VICRps5zOPkJxMukbNOAKVkSlcvSCEV +d51PrA1B9QIq3YVCOE/Q503bsDbcX2sSphnME39A2hMOSuRldNK6QsIM7BJccdD7 +lUcKhDMhMNkZ5+bFcxsf+XinkVnT/LyGm4PLjagjXAOCT2adOGboUFhmRo0/vHof +R9h5gbrHLiGf8BZcX4VK28EhGKoNOKpdspcCIXfzDFFFNVt1cpXBufXTcH8T04kz +IeVqN34lA/LRF3X/leZ/J5ZjbhSK50kOenP+5gmJ0tkRj0mOeYUNVYs+tz86uhvL +uYdABXLeaAeVoJrmtuz0E7O2ls6B+ay+hmZGZvl6TnPnZ/y6eMuP7hNNw8AkTWV5 +ps3sUE7puEMFseN4ABR7RtrK/j/m8BOzOLBaivMzyGIDOiwAjNA76Ab9phdmxvrM +PEPDhMKiPvYfdbVs0AdrHFkHKGrTSmHorFA42idfbutXTGoWufxv21nlZMSqxn11 +/nTdFb1j6RZBJHYKhD7vnvOcp/SB4BstnTcXX+XWoCwAhNMXJO0BzJbGnpeA1zP+ +5igXVcXDClrnqa5+2r9hxYKHD+utEzr+hMAabUmx/MZXwhZoXH/I7KDuw54PMK5K +0Dn1AgMBAAGjZjBkMB0GA1UdDgQWBBTegE8s5uxWKFB5V+Wn1AfYPUSxkzAfBgNV +HSMEGDAWgBRBW8ia+4qNimJujZGcOmAgu1mBzzASBgNVHRMBAf8ECDAGAQH/AgEA +MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAL/Q91IV5UoQamfVe +wg3Wx1dWJw3e7fxZpXAF2GkGgIqsmMZdscU8AQ3eMPriDQcqW0mcSohKl8gN6pvY +bPqbfrzrZV7LVc/5O0JcWAD1oIJceKLZ2DSaAzPHvz9N0qC9YIDnw8wN1AfqK4OC +UbTheKVHotYT8S13dAY/asVLpTf8xlvngt3RObe3U6KyO81pGmM/HHRuPMum/fV0 +iHtasCQ4hUZ/+x2wwngnm+yxfcDJaLDJ9IUhQZQwiw27OChh+MLrlkqmzxfntMjv +/kCImH4T2X3c6czJ56qpLsv7wRDAxsNjJtCasXkXBl+RNvSCer3G3SPB/yl30bUf +C/OBfJyuGs5H7DdUJ39d0MUK4YC+b7t6YH+dEAD6HZBP2tzmEGcREAtQV+5e5KJD +KA9AitzuQ18MNJrBTj03qDFi3xhbuykYtKZzVWQRq/MyvxuzJFc59rqhMqp++p/R +Oj7wv0A6/P+fbUm1FlEiREKFF6ejcJWCP0SdJIlv8ZiTkdg8UGFM0dGed5hXQvww +nZZhfxOo+NIil1BoGfZZ38qbUNdK2kMxnrTdqgFX53Hz9xqjXTn43FMS+CJRZxVP +o45dAtQbKOkKStVAWC9cXvzAS4st/hdlC5EkbzsZUXArRjTJ0A633YkDTu6OshKH +lJDwQc1G93zhyDVJDfMWSf1rg78= +-----END CERTIFICATE----- diff --git a/certs/ca/intermediate/csr/andrewtate.ch.csr.pem b/certs/ca/intermediate/csr/andrewtate.ch.csr.pem new file mode 100644 index 0000000..4f25a9a --- /dev/null +++ b/certs/ca/intermediate/csr/andrewtate.ch.csr.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIC1zCCAb8CAQAwYDEQMA4GA1UEAwwHYmliaS5jaDELMAkGA1UEBhMCQ0gxDTAL +BgNVBAgMBFZhdWQxDzANBgNVBAcMBkdlbmV2YTERMA8GA1UECgwIQmliaSBMdGQx +DDAKBgNVBAsMA0lTQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN/D +5iemsTHkguIeA/OkPO6tTD3WsgPrnfOVvF7+8ASZRLBrvPD93w9u34QU/cp797l9 ++dt+26zWDw0JyANikuvDuAdlHeVUyEj8MLjEZzwXNPv0vK5SiqZNCJ9VyibEZAan +cGWzhr2BW9jqBzHdMb8mNoM0ZJa7krWEFukHUbPjSUoE6EdBcWSSO+mrIxTJmBwr +5OzvtCMQO9tdc9Z7n5w42zLmQhLXRc911FE+9Ui/PE5jrYIe22U6LpyBur/0i0Ru +tDLvalgT+ZqJaVnRu6UemKGQsZEyo9JnTf3rbgZP9FehQEZ4KKInSwr3tx6p8xLA +TC0T8+9d6RUx9+52YpsCAwEAAaAyMDAGCSqGSIb3DQEJDjEjMCEwHwYDVR0RBBgw +FoIHYmliaS5jaIILd3d3LmJpYmkuY2gwDQYJKoZIhvcNAQELBQADggEBAEvUrlP+ +cXrOkeN+7x4fevlWdr4Z3wdKtsicOa1VaaspGMKnxNfyKwHunDEdll20hwEPDtul +wD/VbVXZHylOm6EPhrwOFTl/fub76SaiIECaU/yXX4tvFkeOsXEhF6B5PQkrOACW +jknPEyxNUxrjfbEimKjFEqI4oGWjN8y+bbLFAxPXuOehsh53wuD5y9ryldKfWkf1 +vEUaY9C/3rQP7JhJyJuSOm50R1XSHhk6tT5ms5mo7w3idMKeEX7oz2lqEOfZof4+ +7HuXVu5BqRCtqMS9YYg0QKRPBNRCzAKbjIgjREqjV/OQRhmZka/Zydw0AjbsTraP +PL6tRZD3P9h3NY0= +-----END CERTIFICATE REQUEST----- diff --git a/certs/ca/intermediate/csr/bibi.ch.csr.pem b/certs/ca/intermediate/csr/bibi.ch.csr.pem new file mode 100644 index 0000000..29ac321 --- /dev/null +++ b/certs/ca/intermediate/csr/bibi.ch.csr.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICrDCCAZQCAQAwZzEQMA4GA1UEAwwHYmliaS5jaDELMAkGA1UEBhMCQ0gxDTAL +BgNVBAgMBFZhdWQxDzANBgNVBAcMBkdlbmV2YTEYMBYGA1UECgwPTGUgVHJpbyBH +YWduYW50MQwwCgYDVQQLDANJU0MwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDfw+YnprEx5ILiHgPzpDzurUw91rID653zlbxe/vAEmUSwa7zw/d8Pbt+E +FP3Ke/e5ffnbftus1g8NCcgDYpLrw7gHZR3lVMhI/DC4xGc8FzT79LyuUoqmTQif +VcomxGQGp3Bls4a9gVvY6gcx3TG/JjaDNGSWu5K1hBbpB1Gz40lKBOhHQXFkkjvp +qyMUyZgcK+Ts77QjEDvbXXPWe5+cONsy5kIS10XPddRRPvVIvzxOY62CHttlOi6c +gbq/9ItEbrQy72pYE/maiWlZ0bulHpihkLGRMqPSZ039624GT/RXoUBGeCiiJ0sK +97ceqfMSwEwtE/PvXekVMffudmKbAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEA +PNkhsM8ZmLPZLtGSBc26vJtkAnGlCkK9joiK7DHBKe/b12WrCOsWdfrXl/SlCRnB +BpAesE4mxcj82bJ51+/xZ6bCWy+RSDqrNobc1CLDYsUrdR/RcWZsXExPpN7MpcBu +tCsQCeP98HoYhqOXJUQtpOnJdaJqloZ07xyB5jfGQrbci1yKWjpHMZhi/ckfPJie +HetLvYaHjr+1uCG6qolVQUZ8vp2rkD9oRBgDqzDzbhvisCJiIWEsdHpKddwZRm3E +fvPBmbuzOYy5vDRgXkRe0/fId/ppxXqZuxH6wkjR/O9qCY+crWzexl98/isUgwo9 +CHvkmf+jb/98s7hP8RGyaQ== +-----END CERTIFICATE REQUEST----- diff --git a/certs/ca/intermediate/csr/intermediate.csr.pem b/certs/ca/intermediate/csr/intermediate.csr.pem new file mode 100644 index 0000000..456a739 --- /dev/null +++ b/certs/ca/intermediate/csr/intermediate.csr.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEtDCCApwCAQAwbzEWMBQGA1UEAwwNYW5kcmV3dGF0ZS5jaDELMAkGA1UEBhMC +Q0gxDTALBgNVBAgMBFZhdWQxDzANBgNVBAcMBkdlbmV2YTEaMBgGA1UECgwRSG9y +c2UgVGluZGVyIFNhcmwxDDAKBgNVBAsMA0lTQzCCAiIwDQYJKoZIhvcNAQEBBQAD +ggIPADCCAgoCggIBAMsTexhqMHc2CXkVZjFaQVV0p4jUjDvLMshKyxMI/twPv/vO +g4qRgmaAZ7FUXtjCXN3E1RT40VICRps5zOPkJxMukbNOAKVkSlcvSCEVd51PrA1B +9QIq3YVCOE/Q503bsDbcX2sSphnME39A2hMOSuRldNK6QsIM7BJccdD7lUcKhDMh +MNkZ5+bFcxsf+XinkVnT/LyGm4PLjagjXAOCT2adOGboUFhmRo0/vHofR9h5gbrH +LiGf8BZcX4VK28EhGKoNOKpdspcCIXfzDFFFNVt1cpXBufXTcH8T04kzIeVqN34l +A/LRF3X/leZ/J5ZjbhSK50kOenP+5gmJ0tkRj0mOeYUNVYs+tz86uhvLuYdABXLe +aAeVoJrmtuz0E7O2ls6B+ay+hmZGZvl6TnPnZ/y6eMuP7hNNw8AkTWV5ps3sUE7p +uEMFseN4ABR7RtrK/j/m8BOzOLBaivMzyGIDOiwAjNA76Ab9phdmxvrMPEPDhMKi +PvYfdbVs0AdrHFkHKGrTSmHorFA42idfbutXTGoWufxv21nlZMSqxn11/nTdFb1j +6RZBJHYKhD7vnvOcp/SB4BstnTcXX+XWoCwAhNMXJO0BzJbGnpeA1zP+5igXVcXD +Clrnqa5+2r9hxYKHD+utEzr+hMAabUmx/MZXwhZoXH/I7KDuw54PMK5K0Dn1AgMB +AAGgADANBgkqhkiG9w0BAQsFAAOCAgEADGP31gIZrnJWcYCeA/Kn7cVK/cpgD7kw +uYEKid1BUfReAo3+jOKtj6v1LL77D+fl2bHEnAqsNtrLK3XnIRUWGzsaNKL+6oTl +gTWXexEo61xamz0glLaH2m5eujSzx4XQzMop4itq/ROFkGDbggywxo44NM1yOiaN +UjDUn7SFp4BhqztGf42pcN7wm/o1vz1LFZ2Penw+YrMlD5za+9l8rrjsly2UUUaI +JF/2rtGkoEpeAs3sZHl2jeaMmvH/e1FmLqeQBPODnY7n/X9yQ2krwZsn3p+I1ASb +K2U+0v8eeIjbRcQjNcgCLAktNAq6DV6DYyxsPzNiKwFc0GXLOqO55tg9EDwhobRG +g5T/zSRdAz7KGdFn1mw2I+qa9SFpN/ozuW0xuQFA8Wj1n0gI4BbCrVxZVRBRqMx6 +ODf291/t0moz1YvaNC78KOgN6z3uLx38UCdnqdvf0RQ+jWRHuL9IfsvtcyNBZrPk +ScyYRPxAl0Ehpp9t4seShq9hvNFIRAxPqqAoK0BFf9Hh2vM8dXEyiMpfn5N+Xdp5 +FevjfcIxfTYC2Z8u1opCrap8VtG7hD81wDFJYOk/RAU1BJgLDNTLlhvbg6s5ZIoQ +5V1tTHz6uCeWiR15Uay97bG4FcOE3HI7ZtaLGdsDLhepwhJJIALOYyQiG4sFqc4n +XEX67mqHSkw= +-----END CERTIFICATE REQUEST----- diff --git a/certs/ca/intermediate/index.txt b/certs/ca/intermediate/index.txt new file mode 100644 index 0000000..057e5c9 --- /dev/null +++ b/certs/ca/intermediate/index.txt @@ -0,0 +1,2 @@ +V 250526211508Z 1000 unknown /C=CH/ST=Vaud/L=Geneva/O=Bibi Ltd/OU=ISC/CN=bibi.ch +V 250526212217Z 1001 unknown /C=CH/ST=Vaud/L=Geneva/O=Le Trio Gagnant/OU=ISC/CN=bibi.ch diff --git a/certs/ca/intermediate/index.txt.attr b/certs/ca/intermediate/index.txt.attr new file mode 100644 index 0000000..8f7e63a --- /dev/null +++ b/certs/ca/intermediate/index.txt.attr @@ -0,0 +1 @@ +unique_subject = yes diff --git a/certs/ca/intermediate/index.txt.attr.old b/certs/ca/intermediate/index.txt.attr.old new file mode 100644 index 0000000..8f7e63a --- /dev/null +++ b/certs/ca/intermediate/index.txt.attr.old @@ -0,0 +1 @@ +unique_subject = yes diff --git a/certs/ca/intermediate/index.txt.old b/certs/ca/intermediate/index.txt.old new file mode 100644 index 0000000..a8304bb --- /dev/null +++ b/certs/ca/intermediate/index.txt.old @@ -0,0 +1 @@ +V 250526211508Z 1000 unknown /C=CH/ST=Vaud/L=Geneva/O=Bibi Ltd/OU=ISC/CN=bibi.ch diff --git a/certs/ca/intermediate/newcerts/1000.pem b/certs/ca/intermediate/newcerts/1000.pem new file mode 100644 index 0000000..90d2fd5 --- /dev/null +++ b/certs/ca/intermediate/newcerts/1000.pem @@ -0,0 +1,34 @@ +-----BEGIN CERTIFICATE----- +MIIF4zCCA8ugAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwXjELMAkGA1UEBhMCQ0gx +DTALBgNVBAgMBFZhdWQxGjAYBgNVBAoMEUhvcnNlIFRpbmRlciBTYXJsMQwwCgYD +VQQLDANJU0MxFjAUBgNVBAMMDWFuZHJld3RhdGUuY2gwHhcNMjQwNTE2MjExNTA4 +WhcNMjUwNTI2MjExNTA4WjBgMQswCQYDVQQGEwJDSDENMAsGA1UECAwEVmF1ZDEP +MA0GA1UEBwwGR2VuZXZhMREwDwYDVQQKDAhCaWJpIEx0ZDEMMAoGA1UECwwDSVND +MRAwDgYDVQQDDAdiaWJpLmNoMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEA38PmJ6axMeSC4h4D86Q87q1MPdayA+ud85W8Xv7wBJlEsGu88P3fD27fhBT9 +ynv3uX35237brNYPDQnIA2KS68O4B2Ud5VTISPwwuMRnPBc0+/S8rlKKpk0In1XK +JsRkBqdwZbOGvYFb2OoHMd0xvyY2gzRklruStYQW6QdRs+NJSgToR0FxZJI76asj +FMmYHCvk7O+0IxA7211z1nufnDjbMuZCEtdFz3XUUT71SL88TmOtgh7bZTounIG6 +v/SLRG60Mu9qWBP5molpWdG7pR6YoZCxkTKj0mdN/etuBk/0V6FARngooidLCve3 +HqnzEsBMLRPz713pFTH37nZimwIDAQABo4IBpzCCAaMwCQYDVR0TBAIwADARBglg +hkgBhvhCAQEEBAMCBkAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJhdGVk +IFNlcnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUR+6PvQJ0W6p0477N8cTiG3sn +RPwwgZsGA1UdIwSBkzCBkIAU3oBPLObsVihQeVflp9QH2D1EsZOhdKRyMHAxFzAV +BgNVBAMMDmhvcnNldGluZGVyLmNoMQswCQYDVQQGEwJDSDENMAsGA1UECAwEVmF1 +ZDEPMA0GA1UEBwwGR2VuZXZhMRowGAYDVQQKDBFIb3JzZSBUaW5kZXIgU2FybDEM +MAoGA1UECwwDSVNDggIQATAOBgNVHQ8BAf8EBAMCBeAwEwYDVR0lBAwwCgYIKwYB +BQUHAwEwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcDIu +ZXhhbXBsZS5jb20wNgYDVR0RBC8wLYILZXhhbXBsZS5jb22CD3d3dy5leGFtcGxl +LmNvbYINbS5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAgEAaAApnGApld+f +pU1KOkqh4PK25IInORjkjGhIjuzNTJXLLPlNszWi+crBB3Mh31pa30IEit0xGgWf +HSuUH+S+4EqtGr6IKpYGzR4ka23TvE2274ILFRHWlodk7tFX4kp3HH7ukmar3h7X +xmv14PzO70EpXQexFbEeA/oLLeA1KPTHbQt4KlW2WOfNfFLGnB2BDL87InUSdef6 +yiG/7qrJ2KkzKqY7iLTz2PGWCEKZN4NvjZjq76bAMO56ljyZ885OaY5+L8JimlJ1 +KPRy5GxTnUiqNNuuZ3D6J0gEglzce6Ln5iYxjmESHJZDGfLmINaA0/icnkQxlbcd +9r5a7B6aic1XbKJaLPnNQM4xBu03iGMfehl92tDiHpLyIiE5tvXFrJta/km2Mvf7 +OgTvA1Ux0m/HfxCA6l6mEU13fG3iaDXSn7NmqmRcNNmN8RO3jubOpwX4M5ZLHEgb +44zq/13H/D4xd2BDgq+xIS29VLZxQAo28t+ipKQXFpxsaQ90E0VQAvJueAA6g9JK +igfBxxNsL+zf1SDMB5PaNTrreomvE/n3h/NhJl+dkiaS5JPG2ruvDgXYzHXOc/WQ +B5FCv+1I4bPMX5dESIavw1MDZVPT3YDmqyT9yncP7Pzd2p/J7/Kw6sNoXOJjcUr+ +jTdYwVIK5/gSFxKGQ3Cvod06lUZqE7g= +-----END CERTIFICATE----- diff --git a/certs/ca/intermediate/newcerts/1001.pem b/certs/ca/intermediate/newcerts/1001.pem new file mode 100644 index 0000000..f9087cd --- /dev/null +++ b/certs/ca/intermediate/newcerts/1001.pem @@ -0,0 +1,34 @@ +-----BEGIN CERTIFICATE----- +MIIF0zCCA7ugAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwXjELMAkGA1UEBhMCQ0gx +DTALBgNVBAgMBFZhdWQxGjAYBgNVBAoMEUhvcnNlIFRpbmRlciBTYXJsMQwwCgYD +VQQLDANJU0MxFjAUBgNVBAMMDWFuZHJld3RhdGUuY2gwHhcNMjQwNTE2MjEyMjE3 +WhcNMjUwNTI2MjEyMjE3WjBnMQswCQYDVQQGEwJDSDENMAsGA1UECAwEVmF1ZDEP +MA0GA1UEBwwGR2VuZXZhMRgwFgYDVQQKDA9MZSBUcmlvIEdhZ25hbnQxDDAKBgNV +BAsMA0lTQzEQMA4GA1UEAwwHYmliaS5jaDCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAN/D5iemsTHkguIeA/OkPO6tTD3WsgPrnfOVvF7+8ASZRLBrvPD9 +3w9u34QU/cp797l9+dt+26zWDw0JyANikuvDuAdlHeVUyEj8MLjEZzwXNPv0vK5S +iqZNCJ9VyibEZAancGWzhr2BW9jqBzHdMb8mNoM0ZJa7krWEFukHUbPjSUoE6EdB +cWSSO+mrIxTJmBwr5OzvtCMQO9tdc9Z7n5w42zLmQhLXRc911FE+9Ui/PE5jrYIe +22U6LpyBur/0i0RutDLvalgT+ZqJaVnRu6UemKGQsZEyo9JnTf3rbgZP9FehQEZ4 +KKInSwr3tx6p8xLATC0T8+9d6RUx9+52YpsCAwEAAaOCAZAwggGMMAkGA1UdEwQC +MAAwEQYJYIZIAYb4QgEBBAQDAgZAMDMGCWCGSAGG+EIBDQQmFiRPcGVuU1NMIEdl +bmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFEfuj70CdFuqdOO+ +zfHE4ht7J0T8MIGbBgNVHSMEgZMwgZCAFN6ATyzm7FYoUHlX5afUB9g9RLGToXSk +cjBwMRcwFQYDVQQDDA5ob3JzZXRpbmRlci5jaDELMAkGA1UEBhMCQ0gxDTALBgNV +BAgMBFZhdWQxDzANBgNVBAcMBkdlbmV2YTEaMBgGA1UECgwRSG9yc2UgVGluZGVy +IFNhcmwxDDAKBgNVBAsMA0lTQ4ICEAEwDgYDVR0PAQH/BAQDAgXgMBMGA1UdJQQM +MAoGCCsGAQUFBwMBMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDov +L29jc3AyLmV4YW1wbGUuY29tMB8GA1UdEQQYMBaCB2JpYmkuY2iCC3d3dy5iaWJp +LmNoMA0GCSqGSIb3DQEBCwUAA4ICAQAVPFEmoxhJShTw/pLzwY6dman9FWUQT9/8 +rPnHimCcgti6KJVWPE+gf7GW+P25bQH2pqNy0BanG/434Ly7QPxEO6ZE4+iz1NIK +mwdOME7S7YY+fRho0apcW+b84YP39yewSz5vxWI29n3dt6FshUpTNc3MU2qP/93V +VaiEMqZIO4Z5BwN+pkhOtZdVG3Faxw4/9hKcUOxExGerdxlqNidBtPObE39OQV5t +mad2xSUq3GJU9ebUwqQbfugQz2+4uQU8cjdWE5sdrFgJuSr+b7gojICMF1NRse7a +/b9NGm5DLqpNi/6XCmw3qjHoIYzUEO1RTC04BatkondCE4owTFa3P8XOG/u8VTxh +eu26o/tnrKmmniPoDQDSVodghGJ0QdGoKzzafiUaDZIfRFrQVdp3GcexLYb1FgXq +FULg0gmELgthBG8xuvSyIPG1GBdJCKG5GUgjSkgr43SR8n1iBEjQUucrluxgTmM2 +H/mFMnqrEF5O8qAE0B2MV52cD1OdNhC/xw7v8fuaY6Rg4dLdSAUpEurKk4OkOYXA +LhT9jRILji/y1p+SC/HOyXhkJm1ELxULLjbVWYD+qjMkiXXj2ePeFHYFHEkQqsuM +3hR9b/ouT0xRyLeHgSrePEwY8ohogrSyK2lYvoeFxtFwB75lOODdtgoMXfut8tzt +REfeuftqrA== +-----END CERTIFICATE----- diff --git a/certs/ca/intermediate/openssl.cnf b/certs/ca/intermediate/openssl.cnf new file mode 100644 index 0000000..520a0a9 --- /dev/null +++ b/certs/ca/intermediate/openssl.cnf @@ -0,0 +1,140 @@ +# OpenSSL intermediate CA configuration file. +# Copy to `/root/ca/intermediate/openssl.cnf`. + +[ ca ] +# `man ca` +default_ca = CA_default + +[ CA_default ] +# Directory and file locations. +dir = /root/ca/intermediate +certs = $dir/certs +crl_dir = $dir/crl +new_certs_dir = $dir/newcerts +database = $dir/index.txt +serial = $dir/serial +RANDFILE = $dir/private/.rand + +# The root key and root certificate. +private_key = $dir/private/intermediate.key.pem +certificate = $dir/certs/intermediate.cert.pem + +# For certificate revocation lists. +crlnumber = $dir/crlnumber +crl = $dir/crl/intermediate.crl.pem +crl_extensions = crl_ext +default_crl_days = 30 + +# SHA-1 is deprecated, so use SHA-2 instead. +default_md = sha256 + +name_opt = ca_default +cert_opt = ca_default +default_days = 375 +preserve = no +policy = policy_loose + +copy_extensions = copy + +[ policy_strict ] +# The root CA should only sign intermediate certificates that match. +# See the POLICY FORMAT section of `man ca`. +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ policy_loose ] +# Allow the intermediate CA to sign a more diverse range of certificates. +# See the POLICY FORMAT section of the `ca` man page. +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ req ] +# Options for the `req` tool (`man req`). +default_bits = 2048 +distinguished_name = req_distinguished_name +string_mask = utf8only + +# SHA-1 is deprecated, so use SHA-2 instead. +default_md = sha256 + +# Extension to add when the -x509 option is used. +x509_extensions = v3_ca + +[ req_distinguished_name ] +# See <https://en.wikipedia.org/wiki/Certificate_signing_request>. +commonName = Common Name +countryName = Country Name (2 letter code) +stateOrProvinceName = State or Province Name +localityName = Locality Name +0.organizationName = Organization Name +organizationalUnitName = Organizational Unit Name +emailAddress = Email Address + +# Optionally, specify some defaults. +countryName_default = XX +stateOrProvinceName_default = MyState +localityName_default = +0.organizationName_default = MyOrg +organizationalUnitName_default = +emailAddress_default = + +[ v3_ca ] +# Extensions for a typical CA (`man x509v3_config`). +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:true +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +[ v3_intermediate_ca ] +# Extensions for a typical intermediate CA (`man x509v3_config`). +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:true, pathlen:0 +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +[ usr_cert ] +# Extensions for client certificates (`man x509v3_config`). +basicConstraints = CA:FALSE +nsCertType = client, email +nsComment = "OpenSSL Generated Client Certificate" +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage = clientAuth, emailProtection + +[ server_cert ] +# Extensions for server certificates (`man x509v3_config`). +basicConstraints = CA:FALSE +nsCertType = server +nsComment = "OpenSSL Generated Server Certificate" +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer:always +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage = serverAuth +authorityInfoAccess = OCSP;URI:http://ocsp2.example.com +subjectAltName = @alt_names + +[ alt_names ] +DNS.1 = bibi.ch +DNS.2 = www.bibi.ch + +[ crl_ext ] +# Extension for CRLs (`man x509v3_config`). +authorityKeyIdentifier=keyid:always + +[ ocsp ] +# Extension for OCSP signing certificates (`man ocsp`). +basicConstraints = CA:FALSE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +keyUsage = critical, digitalSignature +extendedKeyUsage = critical, OCSPSigning diff --git a/certs/ca/intermediate/private/andrewtate.ch.key.pem b/certs/ca/intermediate/private/andrewtate.ch.key.pem new file mode 100644 index 0000000..ceead37 --- /dev/null +++ b/certs/ca/intermediate/private/andrewtate.ch.key.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIqF2NBi+pu58CAggA +MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBDbok3NnAfXZLsOF/GxMYMXBIIE +0BfhpIrOAkXK36p8q+u6Kin/f7fCtjv1Vcfh5eb+CUIJyJokIV0Bk7SlkOK5eJxb +Q8n05WuMjZbplnedXW5jQ2+eetRp8YI4GWLxycJiWTSmZtR4J99gdW2CLZL5MYm3 +By3z7hcD6OvSTlLD1UxSbCtucqfH6IBr1xy4T+d00q6dZbsg15MyUDgm5dU3C6d+ +6GZGlrVrIY8mTHO4HTbSappMS/cJ6mwT2ABWe76aetT1GszzBPxUE/ohpXT11qdd +5HHSeu5jv4k+hX/7uwf8Izettx9fxQFNhhZ0HfDmEN7mvFwDrTtHaq81ypQfUnFd +omqyQdsj8FYSTUJ4G/4mk1tV4OVoPMOaNW7SVRxEz8Euwsl2hOw+ysJvcPYcsGqm +ZVuUZLshIfL2sgtXaRu/kMAsR8o4rl2C7WV4EFJe7YvFjV2hV21zUVSno3Gyy0bS +By4w+RA2vjOkT5twutTcueAhBQuJPDk5DTGoxdZ2mcY0lNTN0KXGLakSbwOxJ90E +uDbcdnTMwCjTLqsvyITe0FRQry8ekKmcVnsYTxtjLHVB6tn0q4srWFCkS0F6g917 +s2oCBTzEAmxtfkRoTXeQSJnP/36LXN1W9jhd6Gd5km8+OfA/dGEBofggTznOHhhX +As8qrgFsuLuMDMABeVcliqDx9e51NzNPEBhYb4X0iZhIsIn0MuHez/ywQyjX8mHV +/atsCnUfDv+D6JspaCLIeGY48IvicCVnTubJHp4Yc4pA7Cj/7/9OZk8e9IuyBUxk +yaKRpqiAZ/EDUSTVYuN2YCLICWFJHVZE+uYqwwuneQvYJHn8pduXeZWHKMOseFF4 +zNoZypW3uLcoQ9ACbsaOOfBSof1T/4KoKXarSnK+lmRa4ZdnwFRKBAH8LLWuvTp9 +4X1GSHapMWIy2kFJBw/CEZvSrYHNehQcXfZLX2wioKHgcLbWYl8+wbLTUjXnTrbn +yFdbDERNHvyNTYIlEMG6G/S3C3ME/M6ZKxMc8McDOufwkonnsM6rP8Fov+9aBvFN +1pdV35Z1qUP2g4Es+4mb63Vu864/ixFW3j0JotYdPUQFJKGmKZOmNA9r57EcpCqo +C4/b6S0Mvt+ra1HtCVobtqZ5y8JJKw2Jd7He9SP6LFoKcCOP741wJp2/NRb1e2Qr +/IKsLsD2wjq/FDeUYs6/4SpJqt14h9Tv2v0J4RnLP7LWhClfuQZbyfx7IJdliRqv +HbxDG6TNsWqa2rnQsOz3jQlcJaN7wLrEUxwPlFLZqeJc6KEcz3n0HMrPrY0XvXS2 +2z/Ogb0/gQHZyD8klBACFJXcVxGMEZcyyoYDyzoviZnZLTWbab/SFrFr+qf+uvcv +U44A4t/a491U/jK6889EiZRfXwjPCSxhod6kb7oVqr6SBWLo+khpCy2fc1gXqwZC +tH5rt1hkEi6z+GfsP77DLcYVTsnvcMz5Qhhx/kYs6qVY4jWRAkLmRWigPKNjdcc6 +kXuMSA56kwDc5g33gCLrxWiEnL7K5akGVLCRf/y8xx9En0/xFyQiiffxMq1H4YhE +sFn1f6h1GlIkuPBlTTrlSGNsU7bPpVr5preXnUSK8SnkykKv41IPGkXVp33DuKm6 +pZbRntTOKyOeVM330FXLm9dQyjvbpBwrMt7L5YJ9RlJG +-----END ENCRYPTED PRIVATE KEY----- diff --git a/certs/ca/intermediate/private/intermediate.key.pem b/certs/ca/intermediate/private/intermediate.key.pem new file mode 100644 index 0000000..00ed457 --- /dev/null +++ b/certs/ca/intermediate/private/intermediate.key.pem @@ -0,0 +1,54 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIJrTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIH0AiSZyP8mcCAggA +MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBBoM13Kf43LEMshMB8UfJLOBIIJ +UNTpY/m8yiynjAZtUF2UGPqUBdrynI0bO/+MxUbm+bg8+0dJjLTvzNJl1Nlj2RFY +sthE5Dwr0oFVTADIku1gEDOwmieDeLcYx7gCyFDwYNAOlrQt2ocFJVHSbIEqRg9b +krNJWnRBNfuB5eVsW0xpZ+fPdtPaYJ3OgGODmGMBPZi4lBHt7r0xuUFD7SjQKtiV +QihdohKHolWXqflszGGSmzdPJNnqP+6bwJMvqsCVBhR3rlOhSRGTuSx6qKEYBFym +kgqL4z8bZcIjjj0vV/XfpqPNfsFi90fJ+xg9zmNVPa5tPIj/4BtuKUnItH/69XFj +/FZrolCelfAbb5GcaZPATlX5N8673BB6EdWCc8WpCaK2n57qW5jRcrPfMkT6vRb4 +zOigLgzPyPk1JOOKxO7HNuIMuS7VaAyNQZabz8QC9CD/xtLDJtdDGvO4F0kb2Tjn +C0KTg1iN16B2bpBtmZA91ozpTdqObM7boRVQqgaw7TZxBLKql4XRdr+tlbeoykEg +MkypwZ2tj6DVWUGbmcUrESKgddL2cPo5/GxYpbG7Js57z/Ok4gBkcVG9X/aiCi2z +pqJGtEOyHOgHGLvcBQeHUWhNxLKSlwawpW4So85XWwQnxOJxJ9pDWYHzvpixwfcc +RXLx5zL18fcZmLr3NSnaVfPaCXANDtbwC6lHQY1z0Y9zxXni+yQOt6YAWcaf+lMw +mVPxZzTAOnNdPM7r+b2LdSFy8vbUQeiZMQaXuSIZAzm5Ogr53TkM610bMcbVorse +PL/tR3CwYApncD3qMDsXLWkfNl5phhOgT5yDZATQwWTJGd3WO6co5bhPmlHWJqTT +XBEJHAh8o4A6zeIfRZwDk3pzEyASbGezLBU6+hZC77v1Hl4chjtu03VhFqqgRKOg +dIfJigknIYC/Z3NqKZUQNQlWiqyUYLg22XM7pHwAcB+Jo14ewQzGbYuLzNYCpVwm +j7hABzR2QCoTOsfBQKHmwrzfs5XsOkQ7VIEZSl0mjBMoo3OEtxoZK7CTRb/Oakft +/y0jIZao2mim0/+naWKI7iY9jyW8bj3LhzI4brnH1HGY/D5IbqQs9Upw98eWBDoh +m4u/ljygdaqN7a2Qji5Io0tKYCcZJ9aItQlDMeV+jVEFZNml6mpwD9isD2gthRZM +kzZ6NwDZ2kmNPH0+XMDeRC6+WyKKcJumZVk1qQPcajt0UhiE5/RoHcWnFEqsa2iY +IglqxyMRYtJ2+WqM9uX8YMArmVwHRZyMvYrakaK62ZQcUd350na3N2G5Hb2BFlzb +nSCsafd9OP2xqnswwOjOriiVT6rBb5e0MLWUxraSA++QBY0rlZEmhsRRo3eBz6+N +EpKarkeXD4q1de8Xd38HbDNgugnKO+IaP89543pFAJymz2MbjDD6N8Yzr1hkM4wF +wP2LGcXhiHB67G5JuDRtxLCAVorMv9Xltp+HgVWlYiSbslpvc0J6QhUvRn6qkC5K +ETLPyLKxGuaBamymOi2lrNkLU5RiEiMPkAu62iv4aydHp22QAQ16A1FmVW8KM+wk +XmjRhbT+HJuNgK+7u1M5yXOljJFlvc7I7mo6rQTgMH3BZA2jXPKdr4XNPQa8DpEk +4ymvIsdnJbAmyx6SnwKZmJ4UmN6cRmiC6cAkST2rNsJE+KIaIFFem1sOX5Qbtmpq +CmZxJ9hitvAo0uY+PgF3xmOAnNiIIe0RFHKFpeGa6jmHDFl63myjEvaEoIOqtQYn +NZNmtI2Er4fuonr/KUqsY4MN7pUwbtkE5OtCOlRU8nl2cXu2agXImMSCQcXTqNmZ +6YY5jJQvo1po8Wkf0DCDgqPy1yBHKgcVJhxaE0eOnrAi7GxwG455777ujK4GjGu/ +CqpRCRh027Cn5JJILns+N8QDvXxiVUPz9I3KSP12iITl0ckpNtUQw+HPr+Zqv4Bj +2M9OluRmtOstH9PCor1rnQSVnGs6az3Nc23VnLc0noTT6ugg9sPSrqbVtACaeip9 +aJGQ3UfOmNjtxH/J0TMvl01K4iPabU3Y++/4/Tc+BjraGxf2ocFdieEQ/sY0mEnE +wFlEC1D1UgcASgc5E/Ti11phRe8HWDID/AhOf3tP4e7H6jn1VIeiMOW55RmxoUpA +xH8L84RVZKyN7+CoUQViBfD/IPQYgEu4Ll8SJRYyOUELIpSUDVpMCeOVqEr7nU+y +vPIUNK9mTpX1Juh4xQBDEI6nrZaI+ZOBAikoUIQ0H+sO/azmxg5yl45aDW5d9le1 +WcR731ceDysWkoTaZ8t0/1dpjWLYXp6oIpR8MFTKsu94UJaFECK4FBixqs74oSZ3 +KY0B5enXbVG6XUyUCjn7qskIW8TTh3m9XfpStH92YmipUwxsTGIEDKSeFO3W3XyP +EvFafFiKIjVCNU21u6zAoLk9fyGR9/hf9xgcPGQlvisuQ6Rd89/YdCUDrr3YNjHU +w9yV2J19XqtenfR6Hm32DXc6ZtGMw8VIimbkEYINhmjuf2/vuII34rCjKW4vfJUJ +nflLz/WIUFqUBP2Bw4K7KnqvPvFhnZJN/7dEmw3sG8VTAJ+Bi6s8vyrEHfsYqqV1 +CWZ//2wdJCdz0sRnn4EhjiVhMB6LV2KTy7eY8AM5x8XgzJHH2I9m5Yh9rLLR9OYa +5SjQOSquTHGTF4Q36A+q2MUTHH57zz8GXaEa56eINjYabT1L77BPBcrLm/YQezcx +Da0hMee61S7d/e24/N6ppWqRUdpPnRRnEw/SJ12GU656aNMjjsV+Aesbh1L3zjwf +MDWLb/5f6QMKfUpkFvekF5ko1X26/ustTcTt5qxKEkSV0EqnfxNhdjWMGur2M6ZK +AxQ71Z0CjXQPt6pOyOHZB38k6OEaZ6H1G9TUHPKnu71Yur5wDRrGMyLXb/82s55L +CoLN49YfZ1gezLrodRFibtaW66bxE7CpvuvaRf7mi7Zh5YkvkZUlOGD0Pa7fzzIC +EIgBg55b/L3LDjWBOce6CTE39CCs2ea2xdboQX3C3bUGAKGTpdV5fiBOe8wnarU7 +OFwzCJX0mvsGX8MDHcu0uPv5aVgaONkYOsY+LN8VZkCUh9qXzDZo3oTDB3pYZHju +/oqqOJI4L8hlLi094Y6l4FF1P/XDcZRoET9DwTK8SZKywWSX6duiAllV5fq3Fi4/ +x3xduIbx5pUQaZlcqRdhhtki8BzKYHfZBj0nv3F0q6Qp +-----END ENCRYPTED PRIVATE KEY----- diff --git a/certs/ca/intermediate/serial b/certs/ca/intermediate/serial new file mode 100644 index 0000000..7d802a3 --- /dev/null +++ b/certs/ca/intermediate/serial @@ -0,0 +1 @@ +1002 diff --git a/certs/ca/intermediate/serial.old b/certs/ca/intermediate/serial.old new file mode 100644 index 0000000..dd11724 --- /dev/null +++ b/certs/ca/intermediate/serial.old @@ -0,0 +1 @@ +1001 diff --git a/certs/ca/newcerts/1000.pem b/certs/ca/newcerts/1000.pem new file mode 100644 index 0000000..9b25050 --- /dev/null +++ b/certs/ca/newcerts/1000.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFsTCCA5mgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwcDEXMBUGA1UEAwwOaG9y +c2V0aW5kZXIuY2gxCzAJBgNVBAYTAkNIMQ0wCwYDVQQIDARWYXVkMQ8wDQYDVQQH +DAZHZW5ldmExGjAYBgNVBAoMEUhvcnNlIFRpbmRlciBTYXJsMQwwCgYDVQQLDANJ +U0MwHhcNMjQwNTE2MjA0NTMwWhcNMzQwNTE0MjA0NTMwWjBfMQswCQYDVQQGEwJD +SDENMAsGA1UECAwEVmF1ZDEaMBgGA1UECgwRSG9yc2UgVGluZGVyIFNhcmwxDDAK +BgNVBAsMA0lTQzEXMBUGA1UEAwwOaG9yc2V0aW5kZXIuY2gwggIiMA0GCSqGSIb3 +DQEBAQUAA4ICDwAwggIKAoICAQDLE3sYajB3Ngl5FWYxWkFVdKeI1Iw7yzLISssT +CP7cD7/7zoOKkYJmgGexVF7YwlzdxNUU+NFSAkabOczj5CcTLpGzTgClZEpXL0gh +FXedT6wNQfUCKt2FQjhP0OdN27A23F9rEqYZzBN/QNoTDkrkZXTSukLCDOwSXHHQ ++5VHCoQzITDZGefmxXMbH/l4p5FZ0/y8hpuDy42oI1wDgk9mnThm6FBYZkaNP7x6 +H0fYeYG6xy4hn/AWXF+FStvBIRiqDTiqXbKXAiF38wxRRTVbdXKVwbn103B/E9OJ +MyHlajd+JQPy0Rd1/5XmfyeWY24UiudJDnpz/uYJidLZEY9JjnmFDVWLPrc/Orob +y7mHQAVy3mgHlaCa5rbs9BOztpbOgfmsvoZmRmb5ek5z52f8unjLj+4TTcPAJE1l +eabN7FBO6bhDBbHjeAAUe0bayv4/5vATsziwWorzM8hiAzosAIzQO+gG/aYXZsb6 +zDxDw4TCoj72H3W1bNAHaxxZByhq00ph6KxQONonX27rV0xqFrn8b9tZ5WTEqsZ9 +df503RW9Y+kWQSR2CoQ+757znKf0geAbLZ03F1/l1qAsAITTFyTtAcyWxp6XgNcz +/uYoF1XFwwpa56muftq/YcWChw/rrRM6/oTAGm1JsfzGV8IWaFx/yOyg7sOeDzCu +StA59QIDAQABo2YwZDAdBgNVHQ4EFgQU3oBPLObsVihQeVflp9QH2D1EsZMwHwYD +VR0jBBgwFoAUQVvImvuKjYpibo2RnDpgILtZgc8wEgYDVR0TAQH/BAgwBgEB/wIB +ADAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBAG88SXEVK4ahRcKb +t0goUDifUPQkWByV1KKL3fWUgLQdSE+1+zB320NkRV3yipTc+0G4WR03aw6nd3+O +veBO9ugHG6t2TMsM7QsuZ5ixcB6Upt5hFosDMZGMylFDW2dJOfNbGeU7CGMIs5OM +NQU23PspFQbT9gLzgQE01OJvWmi00ljxhtj7opGPaQZhy6OnSMxZrOEmantxZdo9 +za6LZ7c8H/fwYVXOAtbx/gnPIpzCSSNJY4aY+B14sJoStD1B5Rc7BgLiNWwKE+dg +fy/vwiP9erZE6R4Fpj/ifm/DxE2kP4T0juyz0IZMyO3VvUFdkXoVkiFF4u7feUtq +PTNJUkjS5bSL9RaM+6lI3DReSbw/g4aT7CDvCKd/GbhUWQhZrNGOvWFh5GS0LjHI +FFScK0gAmOihuNNGQdSmql1Roz4cnqXArF3S4Jnf7pYsq4hD7ZdtuWzjdppKV17u +95TChvjbkYbfLLMIb/he5jArNKpjw8EPhQ3Ds0mce9HoFtY1NugJAd7AZ4pePT5e +Oy3rLUMRerwrwpz1F2ds05zj2SMaEPQkXj1LxSLclRZvx4no+quIgU44FgqlrULf +gVtiM9tq+MVms+gj0b4ShJreoaKdDFa3RDyOUFSsk5vOQSMx9hw+Z1s5QrC28SU/ +m4nyzgO03eH4rgFALzMnbrhF0hrm +-----END CERTIFICATE----- diff --git a/certs/ca/newcerts/1001.pem b/certs/ca/newcerts/1001.pem new file mode 100644 index 0000000..0e1c564 --- /dev/null +++ b/certs/ca/newcerts/1001.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFsDCCA5igAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwcDEXMBUGA1UEAwwOaG9y +c2V0aW5kZXIuY2gxCzAJBgNVBAYTAkNIMQ0wCwYDVQQIDARWYXVkMQ8wDQYDVQQH +DAZHZW5ldmExGjAYBgNVBAoMEUhvcnNlIFRpbmRlciBTYXJsMQwwCgYDVQQLDANJ +U0MwHhcNMjQwNTE2MjA1ODMwWhcNMzQwNTE0MjA1ODMwWjBeMQswCQYDVQQGEwJD +SDENMAsGA1UECAwEVmF1ZDEaMBgGA1UECgwRSG9yc2UgVGluZGVyIFNhcmwxDDAK +BgNVBAsMA0lTQzEWMBQGA1UEAwwNYW5kcmV3dGF0ZS5jaDCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAMsTexhqMHc2CXkVZjFaQVV0p4jUjDvLMshKyxMI +/twPv/vOg4qRgmaAZ7FUXtjCXN3E1RT40VICRps5zOPkJxMukbNOAKVkSlcvSCEV +d51PrA1B9QIq3YVCOE/Q503bsDbcX2sSphnME39A2hMOSuRldNK6QsIM7BJccdD7 +lUcKhDMhMNkZ5+bFcxsf+XinkVnT/LyGm4PLjagjXAOCT2adOGboUFhmRo0/vHof +R9h5gbrHLiGf8BZcX4VK28EhGKoNOKpdspcCIXfzDFFFNVt1cpXBufXTcH8T04kz +IeVqN34lA/LRF3X/leZ/J5ZjbhSK50kOenP+5gmJ0tkRj0mOeYUNVYs+tz86uhvL +uYdABXLeaAeVoJrmtuz0E7O2ls6B+ay+hmZGZvl6TnPnZ/y6eMuP7hNNw8AkTWV5 +ps3sUE7puEMFseN4ABR7RtrK/j/m8BOzOLBaivMzyGIDOiwAjNA76Ab9phdmxvrM +PEPDhMKiPvYfdbVs0AdrHFkHKGrTSmHorFA42idfbutXTGoWufxv21nlZMSqxn11 +/nTdFb1j6RZBJHYKhD7vnvOcp/SB4BstnTcXX+XWoCwAhNMXJO0BzJbGnpeA1zP+ +5igXVcXDClrnqa5+2r9hxYKHD+utEzr+hMAabUmx/MZXwhZoXH/I7KDuw54PMK5K +0Dn1AgMBAAGjZjBkMB0GA1UdDgQWBBTegE8s5uxWKFB5V+Wn1AfYPUSxkzAfBgNV +HSMEGDAWgBRBW8ia+4qNimJujZGcOmAgu1mBzzASBgNVHRMBAf8ECDAGAQH/AgEA +MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAL/Q91IV5UoQamfVe +wg3Wx1dWJw3e7fxZpXAF2GkGgIqsmMZdscU8AQ3eMPriDQcqW0mcSohKl8gN6pvY +bPqbfrzrZV7LVc/5O0JcWAD1oIJceKLZ2DSaAzPHvz9N0qC9YIDnw8wN1AfqK4OC +UbTheKVHotYT8S13dAY/asVLpTf8xlvngt3RObe3U6KyO81pGmM/HHRuPMum/fV0 +iHtasCQ4hUZ/+x2wwngnm+yxfcDJaLDJ9IUhQZQwiw27OChh+MLrlkqmzxfntMjv +/kCImH4T2X3c6czJ56qpLsv7wRDAxsNjJtCasXkXBl+RNvSCer3G3SPB/yl30bUf +C/OBfJyuGs5H7DdUJ39d0MUK4YC+b7t6YH+dEAD6HZBP2tzmEGcREAtQV+5e5KJD +KA9AitzuQ18MNJrBTj03qDFi3xhbuykYtKZzVWQRq/MyvxuzJFc59rqhMqp++p/R +Oj7wv0A6/P+fbUm1FlEiREKFF6ejcJWCP0SdJIlv8ZiTkdg8UGFM0dGed5hXQvww +nZZhfxOo+NIil1BoGfZZ38qbUNdK2kMxnrTdqgFX53Hz9xqjXTn43FMS+CJRZxVP +o45dAtQbKOkKStVAWC9cXvzAS4st/hdlC5EkbzsZUXArRjTJ0A633YkDTu6OshKH +lJDwQc1G93zhyDVJDfMWSf1rg78= +-----END CERTIFICATE----- diff --git a/certs/ca/openssl.cnf b/certs/ca/openssl.cnf new file mode 100644 index 0000000..41cf9f3 --- /dev/null +++ b/certs/ca/openssl.cnf @@ -0,0 +1,132 @@ +# OpenSSL root CA configuration file. +# Copy to `/root/ca/openssl.cnf`. + +[ ca ] +# `man ca` +default_ca = CA_default + +[ CA_default ] +# Directory and file locations. +dir = /root/ca +certs = $dir/certs +crl_dir = $dir/crl +new_certs_dir = $dir/newcerts +database = $dir/index.txt +serial = $dir/serial +RANDFILE = $dir/private/.rand + +# The root key and root certificate. +private_key = $dir/private/ca.key.pem +certificate = $dir/certs/ca.cert.pem + +# For certificate revocation lists. +crlnumber = $dir/crlnumber +crl = $dir/crl/ca.crl.pem +crl_extensions = crl_ext +default_crl_days = 30 + +# SHA-1 is deprecated, so use SHA-2 instead. +default_md = sha256 + +name_opt = ca_default +cert_opt = ca_default +default_days = 375 +preserve = no +policy = policy_strict + +[ policy_strict ] +# The root CA should only sign intermediate certificates that match. +# See the POLICY FORMAT section of `man ca`. +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ policy_loose ] +# Allow the intermediate CA to sign a more diverse range of certificates. +# See the POLICY FORMAT section of the `ca` man page. +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ req ] +# Options for the `req` tool (`man req`). +default_bits = 2048 +distinguished_name = req_distinguished_name +string_mask = utf8only + +# SHA-1 is deprecated, so use SHA-2 instead. +default_md = sha256 + +# Extension to add when the -x509 option is used. +x509_extensions = v3_ca + +[ req_distinguished_name ] +# See <https://en.wikipedia.org/wiki/Certificate_signing_request>. +commonName = Common Name +countryName = Country Name (2 letter code) +stateOrProvinceName = State or Province Name +localityName = Locality Name +0.organizationName = Organization Name +organizationalUnitName = Organizational Unit Name +emailAddress = Email Address + +# Optionally, specify some defaults. +countryName_default = XX +stateOrProvinceName_default = MyState +localityName_default = +0.organizationName_default = MyOrg +organizationalUnitName_default = +emailAddress_default = + +[ v3_ca ] +# Extensions for a typical CA (`man x509v3_config`). +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:true +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +[ v3_intermediate_ca ] +# Extensions for a typical intermediate CA (`man x509v3_config`). +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:true, pathlen:0 +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +[ usr_cert ] +# Extensions for client certificates (`man x509v3_config`). +basicConstraints = CA:FALSE +nsCertType = client, email +nsComment = "OpenSSL Generated Client Certificate" +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage = clientAuth, emailProtection + +[ server_cert ] +# Extensions for server certificates (`man x509v3_config`). +basicConstraints = CA:FALSE +nsCertType = server +nsComment = "OpenSSL Generated Server Certificate" +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer:always +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage = serverAuth + +[ crl_ext ] +# Extension for CRLs (`man x509v3_config`). +authorityKeyIdentifier=keyid:always + +[ ocsp ] +# Extension for OCSP signing certificates (`man ocsp`). +basicConstraints = CA:FALSE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +keyUsage = critical, digitalSignature +extendedKeyUsage = critical, OCSPSigning diff --git a/certs/ca/private/ca.key.pem b/certs/ca/private/ca.key.pem new file mode 100644 index 0000000..4f9edfe --- /dev/null +++ b/certs/ca/private/ca.key.pem @@ -0,0 +1,54 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIJrTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQI9YmgqJcpc5cCAggA +MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBBxaUE3Gj6D8Jz9H0zGG6/tBIIJ +UONiUMPxfxJaj8yyQRXqNoBktoILklo6C+EiYxuWH4HbnRN/Ul3Cr1cZRJkV7fAL +onp2NU5iYs2kqq3wOZcABN7rZNT/pxFUwrsjenCs8r19WtA/SNRY/slHmYZJ23ZG +LOIn6Hx/jdO5QxsWRWP+nCcZZDcSVdOk/SE+/ynVt49e0bjPQVbnuCp085dsXxsg +Am0xkryUYuBP3ZdkkBJNleKXCjRYZQUsvfWGb2hVv0zDKhhVirpeQuxE8um/XFBj +uqik2WCXMZXMPdtAznyo6tl82IhA2/9RYbkV+Pd+FAT+wcU7kFA7OUrteYrcYkXS +ipEGIS9p4k6CjXgNiKOdPi9LKNg+G01GmGXWsKBYR0zk4JVSPg609NZFspFq4O+/ +3G5xU4XnefKL2uOvMqCJCNd32v3oQtmju3tl9lhYH+8AOt7qnlXosyZzn7Z8N+BJ +QnSDwgjljBOQEqRrqzCJo9p4HcTvoWzrBjrA2O/l6GhRtZliM4sU40f414dUynh/ +gncLyWSx779dgRx/yQuQHCms7Ck5lSwQTCvSz6XHTz/yWaN96OmE9XWIyLqgEB31 +m3O4rMpGMHxfzjUJbSMg+WTFRDF5MSZzd73XZs54Nm5MOMRuWjzCcPndEmL5j0cB +sJHv5H4dZXzJl2DiGeDVJhpzFRQgWo3IT7RsSIkHSUsxID7V+yYR+k+pJYpV1890 +2tzeuG5sdzseFr9+FekxnDBLmfjt/spoqSh2+fBf1KlZCa3ZlNAbewTK+/uc6bSn +bzE5xdL0QKMCyB4c7suh5UUZ2xQuZszbshlyyw5xJvXfZVNI9h/sxfmn6gTDjX2W +kSvNVbIdlmQrGXPnUR5n8C6jE1Hs8fdbUi2jOwWQiev8J73dHa5PQ7zOuDA6AyBI +Lwthezb9gyIMMnVW6+2HAgCiZ4G0HwquF1Ye9G0vnphF8+i44QckghTqukUzM+sq +8Q5W+xP7GrO9pgLbR6TmZrCvy92txfdEN7DNpdrvYYg4lCzlPnXvhYVWTW2sGPM/ +TONcmNd4ikzeLTkm1j2PAVJn2rak0feNo3fP3Gum5TglR/zBhRewyx5FFTX2xDKR +nSkLfqd698tF1P3RTb0uA7cu/PwhQHqB1mD1v95jzX37Hq7lnJ+zWaqYfy3RE8BL +oLncy7k2LMSfN/xC3+qY3NS7D+F946cRwF3IOFENTmMlkLHtlUdxwjVOl1sSTnHr +DSgNdIv+K2mA8Ejrqof/obDMQNgSp07Ei2Jrtg/wpr95Y9i7MoF4wIxnVjy1LP/e +fNhUwybef4ZjDLGl97E6gXdJXabWTWBzFU+GJ+lD9n0f/9x0wSbZMy/A4KV1e9Ej +9xQY96OApJsnpvGIdomVr4D+Z00WL/L18KdZaIziT/qXQcNQSNdSUOpoyVJtElR2 +x+16b6RoC7hIIwh9Lj0FYBAJGaK2DVvqMFC7i4b/zN0F04jzE4YHYBIY6hrUa4SR +Hc70FJTNMgsr9xsEOstcuXpjac5mmMGI0pxsLDmSemgPUw6xjPF3vL297f5rnRvg +2PH9S1Rw47VOss2gARXd26In0ZVFjQ2lwIbsm3GhOt34vnqOpuzIFi0xeDVilI+o +Lv+AyfVTPIk6ZJ3UaYjN1CNWrViR+VRcKpVV70nt+Z3coudycWpK01FTQPsq5xzk +QC7tcO2EVZDTckAUK+dCgDlIMSaEr7zLiCuBGXPbkaaYGLers6t2iQW95m8Ddeym +i1GtDog6clfzRt8spNl4lTfoeiaR1Dq2CnRktLxgqA0WlORcVOWTQ7l+tIGTM0Mo +rtBGvUso56frBwkkKyDLhGGomj8ezSie4K+5pjXC9ucfL1rMOs38TjIhj9GlqY7T +31cjp+35h0FQ54RgvBO7T0Vr2b8eiXgAwPdHIcQAH2yp5GU65iat2JyvvIZJgm0n +AYkpsXfXzYiowEp8kiPhFiS2JOVgr0afcu31zgwQvvz6W/SMiyTGwxYlRdwfG8PC +azqKEr0RO2I+6MWtP8sU7ijFiy30xGglUJlqyOg9cFDAedOeW+uqslCflDkrTnyu +JXlnMsZcwURDRu1w/HrZSBxfwwul76bLlMcj0ss+kZj8/BGm6LSJQwFTFwgwARc2 +pyEIcZ58tlfWDGJsoXX77wnNf1MUFGW69frcCywbrqRjXuhsRNcZfWj9Cx63N3i9 +IYhmy4hxFMcI5pSTgpkg0LECxl7OUudbAUlkyjRmQHaqN3+eotNRnUkek9CXIl3i +89+iOTYIBlL8xaNCyyDijP4IZzOuVUMqOtNX7jio4v/ORDPtIwJR6HLWrqmSZOIX +e/KvbdqAWtThcjsFh4ysvKNMPlXuBLRThRT37gGfRcyAmaBXsO6NuFhmdArUP19y +kxCdQErPrxE+9eQTgDFc/fZ3A7+YMtFaipXcA5JiGJuF4Ezyvp8C/zFe3DAEdEyd +C7JKlxy3uK9JGEoenX237yNwjhYluqgwSlxuEDvGr10cyLttirzgYDEmYYK0AAyi +i39znPQuwwCneiqAmlQ20cV3ToOIeAhNS0KfvkcWaXWJPOI/M4uGhF9DioojrGWf +Az825TTYZcx2PH2F25sQex0NJih4WypRSITDoA+RA7uQIyoaLL8/4OCZG+izNWMm +HtZz7XL+fTYKJdRbxPd3VgZcNMQk+ir1kIsaCJkTQWc6me0Rh9dbfwwi7GZzGQJo +GTZllCI5/mLVvQe4ujc/9NtRIazWEimEiHMblNTrVvGbHX7rHly47ILnls2V0+md +ADSsAiN9UTxDTdH+0xnPWUFhaNrY9XBHH3FBaqL1itnN1U/NdELN6MDkX93HPhVK +pdDmffg3sccoA8gZRxCZAfI2SJSFh9LYHY8B/ZYNFNGwf/d36kvnPqL+OLAdYI4q +DbyAhhMXDA+2xLS9+gDOC65zT8luKXPKtTZud0VntO2eRlRDdHmJMH+SP2Uk2rST +YSZ8YYqd30mnQchxnJugxdwPPMbtQhpoxz2puNmR+HDJqkM+cYKK6I3l4BkqI1aZ +wk8BA6jNdNeaJULT62DHRD3XIUfjFOJmf/q/nstKVb22sgfqKUG5wangV3RU4Z5F +rQUOYGbmzRpfctH2YpCOdU+Ay46hOoKqeC/ymlyqaCTZMdtL1hg++kyrrzbb80NF +Qhg10RH1+skcs0kFXmhntEAMdtfyiRUSrsvn/bGSKdjx +-----END ENCRYPTED PRIVATE KEY----- diff --git a/certs/ca/serial b/certs/ca/serial new file mode 100644 index 0000000..7d802a3 --- /dev/null +++ b/certs/ca/serial @@ -0,0 +1 @@ +1002 diff --git a/certs/ca/serial.old b/certs/ca/serial.old new file mode 100644 index 0000000..dd11724 --- /dev/null +++ b/certs/ca/serial.old @@ -0,0 +1 @@ +1001 diff --git a/full_chain.pem b/full_chain.pem new file mode 100644 index 0000000..3f17259 --- /dev/null +++ b/full_chain.pem @@ -0,0 +1,60 @@ +-----BEGIN CERTIFICATE----- +MIIElzCCAn+gAwIBAgIUQyTmBMwNZLDzhYYaTstXHDfF1nIwDQYJKoZIhvcNAQEL +BQAwXjELMAkGA1UEBhMCQ0gxDTALBgNVBAgMBFZhdWQxGjAYBgNVBAoMEUhvcnNl +IFRpbmRlciBTYXJsMQwwCgYDVQQLDANJU0MxFjAUBgNVBAMMDWFuZHJld3RhdGUu +Y2gwHhcNMjQwNjE4MTYyODAyWhcNMjUwNjE4MTYyODAyWjBbMQswCQYDVQQGEwJD +SDEPMA0GA1UECAwGR2VuZXZhMQ8wDQYDVQQHDAZHZW5ldmExEDAOBgNVBAoMB0Nv +bXBhbnkxGDAWBgNVBAMMD2NvbXBhbnkuYmliaS5jaDCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAK+IC/2VqLLJ/PzzWeV2dbsvxUIrg26UJZnxJ5FlK1tg +G0QSyK/aGA162es1slL5grwgjCSu8OFKHEKey8Y75v49+9IWLtOnqtx4y/l6zY6c +6KrR1yJ88u9yCHVHODmqhnENWVduAdFDQZXFSDrlP0Udn8Agka+VxIUZn7GxiCQW +etgMp4zQ4UNDZjECzsQ46Hp3WqpdeAVxFxblfDPlrVBnAdWnlbBdZ3798XHDOvDX +Josmoc8DnWkkiVOmL0KFKw9R7dAhWyTXnVojqotPxGZPbDwwPv0QSaSsolrPQ9x4 +BOSf/QgZKQXW0Q35UgDT0bzT+wIyUezu3prJRd/2oIsCAwEAAaNQME4wHQYDVR0O +BBYEFJbDmkp+DYOTwK255fK13gEd1u15MB8GA1UdIwQYMBaAFN6ATyzm7FYoUHlX +5afUB9g9RLGTMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAEYhZk97 +GQWYn9tJqdS8yTeza6bia+hbh2oIEUDZRe3AV/DJrqh3GoG8VqjESWWYUF/NESoL +KrEaAl5JQYKCbrcRcqcUNpfEz9CiCDRYomu4MfJSZFuqTTIcUdo7uFg1RxEkjRO9 +uudcdghQU1CQ03GdkKVAFtDVRpGvK+Ir85Bd/Wh56ql5QjNbGSGPWAaU9vxVZ5Fk +FT4XtEHpZalO1vuR1VuXu0Go6Looko/+cDb8UlV+Qbxt+WxzErvPgrkt9+UJDs7o +R1v5tIFLE1T3vsfucrlRn4Huj3VFh5LcuWuYtnONJ1hIqrwaJm1leHm7OuJRH/qb +o4b4LIBrqdLetYKvcsE+tIOA/lkkXwlD17+CqW0lJtfLhlhgxkQBV06kMufO4Bf+ +BstnY20eqXxAf57L7v/EZvmVpqgkraWdrdNYcE5HfFXmODsvcdo2i49ZZ8Q1jj67 +FBiKR4wTE5goARvK/iF4ZHCo4hyOist2eO9R8ZYYkYZiTagkh9DDXodAq6tehAcp +BkBAKDJV5WX84A+2hEqN6cMYYK8Nu5q3mH0WdQUPK4dhxzOHchRPIIL294iIdru6 +J8q8hxrw0fgupOGS7Xwc/XBkIMG2xbCYxVxJhjKPYg/RcqQIPmt2LB/t2DdNVErj +MZwEPki6N1FqBKWzsK4tg8IHMAnTeWJVE3eB +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFsDCCA5igAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwcDEXMBUGA1UEAwwOaG9y +c2V0aW5kZXIuY2gxCzAJBgNVBAYTAkNIMQ0wCwYDVQQIDARWYXVkMQ8wDQYDVQQH +DAZHZW5ldmExGjAYBgNVBAoMEUhvcnNlIFRpbmRlciBTYXJsMQwwCgYDVQQLDANJ +U0MwHhcNMjQwNTE2MjA1ODMwWhcNMzQwNTE0MjA1ODMwWjBeMQswCQYDVQQGEwJD +SDENMAsGA1UECAwEVmF1ZDEaMBgGA1UECgwRSG9yc2UgVGluZGVyIFNhcmwxDDAK +BgNVBAsMA0lTQzEWMBQGA1UEAwwNYW5kcmV3dGF0ZS5jaDCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAMsTexhqMHc2CXkVZjFaQVV0p4jUjDvLMshKyxMI +/twPv/vOg4qRgmaAZ7FUXtjCXN3E1RT40VICRps5zOPkJxMukbNOAKVkSlcvSCEV +d51PrA1B9QIq3YVCOE/Q503bsDbcX2sSphnME39A2hMOSuRldNK6QsIM7BJccdD7 +lUcKhDMhMNkZ5+bFcxsf+XinkVnT/LyGm4PLjagjXAOCT2adOGboUFhmRo0/vHof +R9h5gbrHLiGf8BZcX4VK28EhGKoNOKpdspcCIXfzDFFFNVt1cpXBufXTcH8T04kz +IeVqN34lA/LRF3X/leZ/J5ZjbhSK50kOenP+5gmJ0tkRj0mOeYUNVYs+tz86uhvL +uYdABXLeaAeVoJrmtuz0E7O2ls6B+ay+hmZGZvl6TnPnZ/y6eMuP7hNNw8AkTWV5 +ps3sUE7puEMFseN4ABR7RtrK/j/m8BOzOLBaivMzyGIDOiwAjNA76Ab9phdmxvrM +PEPDhMKiPvYfdbVs0AdrHFkHKGrTSmHorFA42idfbutXTGoWufxv21nlZMSqxn11 +/nTdFb1j6RZBJHYKhD7vnvOcp/SB4BstnTcXX+XWoCwAhNMXJO0BzJbGnpeA1zP+ +5igXVcXDClrnqa5+2r9hxYKHD+utEzr+hMAabUmx/MZXwhZoXH/I7KDuw54PMK5K +0Dn1AgMBAAGjZjBkMB0GA1UdDgQWBBTegE8s5uxWKFB5V+Wn1AfYPUSxkzAfBgNV +HSMEGDAWgBRBW8ia+4qNimJujZGcOmAgu1mBzzASBgNVHRMBAf8ECDAGAQH/AgEA +MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAL/Q91IV5UoQamfVe +wg3Wx1dWJw3e7fxZpXAF2GkGgIqsmMZdscU8AQ3eMPriDQcqW0mcSohKl8gN6pvY +bPqbfrzrZV7LVc/5O0JcWAD1oIJceKLZ2DSaAzPHvz9N0qC9YIDnw8wN1AfqK4OC +UbTheKVHotYT8S13dAY/asVLpTf8xlvngt3RObe3U6KyO81pGmM/HHRuPMum/fV0 +iHtasCQ4hUZ/+x2wwngnm+yxfcDJaLDJ9IUhQZQwiw27OChh+MLrlkqmzxfntMjv +/kCImH4T2X3c6czJ56qpLsv7wRDAxsNjJtCasXkXBl+RNvSCer3G3SPB/yl30bUf +C/OBfJyuGs5H7DdUJ39d0MUK4YC+b7t6YH+dEAD6HZBP2tzmEGcREAtQV+5e5KJD +KA9AitzuQ18MNJrBTj03qDFi3xhbuykYtKZzVWQRq/MyvxuzJFc59rqhMqp++p/R +Oj7wv0A6/P+fbUm1FlEiREKFF6ejcJWCP0SdJIlv8ZiTkdg8UGFM0dGed5hXQvww +nZZhfxOo+NIil1BoGfZZ38qbUNdK2kMxnrTdqgFX53Hz9xqjXTn43FMS+CJRZxVP +o45dAtQbKOkKStVAWC9cXvzAS4st/hdlC5EkbzsZUXArRjTJ0A633YkDTu6OshKH +lJDwQc1G93zhyDVJDfMWSf1rg78= +-----END CERTIFICATE----- diff --git a/gen_cert.py b/gen_cert.py index 71d35b0..4eb9fb5 100644 --- a/gen_cert.py +++ b/gen_cert.py @@ -1,12 +1,12 @@ + import datetime import argparse from cryptography import x509 -from cryptography.x509.oid import NameOID from cryptography.hazmat.primitives import hashes, serialization from cryptography.hazmat.primitives.asymmetric import rsa -def load_ca(ca_cert_path, ca_key_path, ca_key_password=None): +def load_ca(ca_cert_path, ca_key_path, ca_key_password): with open(ca_cert_path, 'rb') as cert_file: ca_cert = x509.load_pem_x509_certificate(cert_file.read()) @@ -17,16 +17,9 @@ def load_ca(ca_cert_path, ca_key_path, ca_key_password=None): return ca_cert, ca_key -def generate_private_key(): - private_key = rsa.generate_private_key( - public_exponent=65537, key_size=2048) - return private_key - - -def create_csr(private_key, common_name): - csr = x509.CertificateSigningRequestBuilder().subject_name(x509.Name([ - x509.NameAttribute(NameOID.COMMON_NAME, common_name), - ])).sign(private_key, hashes.SHA256()) +def load_csr(csr_path): + with open(csr_path, 'rb') as csr_file: + csr = x509.load_pem_x509_csr(csr_file.read()) return csr @@ -67,44 +60,30 @@ def save_certificate(cert, filepath): f.write(cert.public_bytes(serialization.Encoding.PEM)) -def save_private_key(private_key, filepath, password=None): - encryption = serialization.NoEncryption() - if password: - encryption = serialization.BestAvailableEncryption(password.encode()) - - with open(filepath, "wb") as f: - f.write(private_key.private_bytes( - encoding=serialization.Encoding.PEM, - format=serialization.PrivateFormat.PKCS8, - encryption_algorithm=encryption - )) - - def main(): parser = argparse.ArgumentParser() parser.add_argument("ca_cert_path", help="Path to the CA certificate") parser.add_argument("ca_key_path", help="Path to the CA private key") + parser.add_argument("csr_path", help="Path to the Certificate Signing Request (CSR)") + parser.add_argument("output_cert_path", help="Output path for the signed certificate") args = parser.parse_args() ca_cert_path = args.ca_cert_path ca_key_path = args.ca_key_path + csr_path = args.csr_path + output_cert_path = args.output_cert_path - ca_cert, ca_key = load_ca(ca_cert_path, ca_key_path, ca_key_password=None) - - intermediate_private_key = generate_private_key() + ca_cert, ca_key = load_ca(ca_cert_path, ca_key_path, ca_key_password=b"admin1234") - intermediate_csr = create_csr( - intermediate_private_key, common_name="*.bibi.ch") + csr = load_csr(csr_path) - intermediate_cert = create_certificate( - intermediate_csr, ca_cert, ca_key, is_intermediate=True) + signed_cert = create_certificate(csr, ca_cert, ca_key, is_intermediate=False) - save_certificate(intermediate_cert, "intermediate_cert.pem") - save_private_key(intermediate_private_key, "intermediate_key.pem") + save_certificate(signed_cert, output_cert_path) with open("full_chain.pem", "wb") as f: - f.write(intermediate_cert.public_bytes(serialization.Encoding.PEM)) + f.write(signed_cert.public_bytes(serialization.Encoding.PEM)) f.write(ca_cert.public_bytes(serialization.Encoding.PEM)) diff --git a/newcompany/certs/out.pem b/newcompany/certs/out.pem new file mode 100644 index 0000000..2a4000f --- /dev/null +++ b/newcompany/certs/out.pem @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIElzCCAn+gAwIBAgIUQyTmBMwNZLDzhYYaTstXHDfF1nIwDQYJKoZIhvcNAQEL +BQAwXjELMAkGA1UEBhMCQ0gxDTALBgNVBAgMBFZhdWQxGjAYBgNVBAoMEUhvcnNl +IFRpbmRlciBTYXJsMQwwCgYDVQQLDANJU0MxFjAUBgNVBAMMDWFuZHJld3RhdGUu +Y2gwHhcNMjQwNjE4MTYyODAyWhcNMjUwNjE4MTYyODAyWjBbMQswCQYDVQQGEwJD +SDEPMA0GA1UECAwGR2VuZXZhMQ8wDQYDVQQHDAZHZW5ldmExEDAOBgNVBAoMB0Nv +bXBhbnkxGDAWBgNVBAMMD2NvbXBhbnkuYmliaS5jaDCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAK+IC/2VqLLJ/PzzWeV2dbsvxUIrg26UJZnxJ5FlK1tg +G0QSyK/aGA162es1slL5grwgjCSu8OFKHEKey8Y75v49+9IWLtOnqtx4y/l6zY6c +6KrR1yJ88u9yCHVHODmqhnENWVduAdFDQZXFSDrlP0Udn8Agka+VxIUZn7GxiCQW +etgMp4zQ4UNDZjECzsQ46Hp3WqpdeAVxFxblfDPlrVBnAdWnlbBdZ3798XHDOvDX +Josmoc8DnWkkiVOmL0KFKw9R7dAhWyTXnVojqotPxGZPbDwwPv0QSaSsolrPQ9x4 +BOSf/QgZKQXW0Q35UgDT0bzT+wIyUezu3prJRd/2oIsCAwEAAaNQME4wHQYDVR0O +BBYEFJbDmkp+DYOTwK255fK13gEd1u15MB8GA1UdIwQYMBaAFN6ATyzm7FYoUHlX +5afUB9g9RLGTMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAEYhZk97 +GQWYn9tJqdS8yTeza6bia+hbh2oIEUDZRe3AV/DJrqh3GoG8VqjESWWYUF/NESoL +KrEaAl5JQYKCbrcRcqcUNpfEz9CiCDRYomu4MfJSZFuqTTIcUdo7uFg1RxEkjRO9 +uudcdghQU1CQ03GdkKVAFtDVRpGvK+Ir85Bd/Wh56ql5QjNbGSGPWAaU9vxVZ5Fk +FT4XtEHpZalO1vuR1VuXu0Go6Looko/+cDb8UlV+Qbxt+WxzErvPgrkt9+UJDs7o +R1v5tIFLE1T3vsfucrlRn4Huj3VFh5LcuWuYtnONJ1hIqrwaJm1leHm7OuJRH/qb +o4b4LIBrqdLetYKvcsE+tIOA/lkkXwlD17+CqW0lJtfLhlhgxkQBV06kMufO4Bf+ +BstnY20eqXxAf57L7v/EZvmVpqgkraWdrdNYcE5HfFXmODsvcdo2i49ZZ8Q1jj67 +FBiKR4wTE5goARvK/iF4ZHCo4hyOist2eO9R8ZYYkYZiTagkh9DDXodAq6tehAcp +BkBAKDJV5WX84A+2hEqN6cMYYK8Nu5q3mH0WdQUPK4dhxzOHchRPIIL294iIdru6 +J8q8hxrw0fgupOGS7Xwc/XBkIMG2xbCYxVxJhjKPYg/RcqQIPmt2LB/t2DdNVErj +MZwEPki6N1FqBKWzsK4tg8IHMAnTeWJVE3eB +-----END CERTIFICATE----- diff --git a/newcompany/company.csr b/newcompany/company.csr new file mode 100644 index 0000000..1ba0a29 --- /dev/null +++ b/newcompany/company.csr @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICoDCCAYgCAQAwWzELMAkGA1UEBhMCQ0gxDzANBgNVBAgMBkdlbmV2YTEPMA0G +A1UEBwwGR2VuZXZhMRAwDgYDVQQKDAdDb21wYW55MRgwFgYDVQQDDA9jb21wYW55 +LmJpYmkuY2gwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCviAv9laiy +yfz881nldnW7L8VCK4NulCWZ8SeRZStbYBtEEsiv2hgNetnrNbJS+YK8IIwkrvDh +ShxCnsvGO+b+PfvSFi7Tp6rceMv5es2OnOiq0dcifPLvcgh1Rzg5qoZxDVlXbgHR +Q0GVxUg65T9FHZ/AIJGvlcSFGZ+xsYgkFnrYDKeM0OFDQ2YxAs7EOOh6d1qqXXgF +cRcW5Xwz5a1QZwHVp5WwXWd+/fFxwzrw1yaLJqHPA51pJIlTpi9ChSsPUe3QIVsk +151aI6qLT8RmT2w8MD79EEmkrKJaz0PceATkn/0IGSkF1tEN+VIA09G80/sCMlHs +7t6ayUXf9qCLAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAQOpjWvDPho8VS+0q +nWpThInV3XPUNrWprhihmPPVs0gZFZasEaRs5FGfOqBT1ha6fH0w+Jxt6LVe8icT +RMKsde0bNRc8R5MafyHmV7zju1qoYBLbwCYU4VF3QVtTKmBMgUpFNloH32WL1S2Y +jFBKzTzJjJRVMuEcgOZZix2L66ZIK6fIz1dYzp7umye9vdlyn1u4cfOJnL+BAgT8 +lHPLBLFKvIbCHuAfSmz0K/G/EaRBaa1MSI288z9Ag1r4rupEcQm/2OMHh9ZsAZLD +JPYT69dwLbYNyRMz/IEE68nzYgWSuUeD2nRUokZ+fQFzxUUDEzWQyG4tq/T1WT4u +PaJmgg== +-----END CERTIFICATE REQUEST----- diff --git a/newcompany/privatekey.key b/newcompany/privatekey.key new file mode 100644 index 0000000..b8a16c4 --- /dev/null +++ b/newcompany/privatekey.key @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFJDBWBgkqhkiG9w0BBQ0wSTAxBgkqhkiG9w0BBQwwJAQQcoGkxCywLauiIU1j +4C68rAICCAAwDAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQI3UMqjsHllfEEggTI +FcjufttQSb0R/vrqNRYYXbWHySe1h53hewWlH8zcyY9iemqZKUwkt1G45PLb7Ccd +DS+Lx2M+El2o1wal0I55hszumky77NBDQSVjNQTW86bLoSjw+OnDxxbGqNtfpfz3 +sSwUHfyyGuO3LxsmWjVp9OxByLGoOT+sjkX89fS1mr8JAXAo3YtWMTnFSIDtjIMI +PuM0KlV9wp4b9flirpgUwLrMpKxqImkcXyYIVjR8Zsjbr9BKgKy+bmqWwnob97Tf +rPjWwfdbRzV6a8K52z+vmAtl27GVBekdsXtDsqS0fb6kpQbZzt90kNCVvNxiIzG/ +/+IuocbeJi/sASdMJZKO70Q/p6So8X37hkWqgBGat+wUtFLx4ojz7jLNQ/wCZ5+l +xFMzPejJVPQvEFPi3lmD2/ds5iiG1/5aoCIUyV8sPDfgHVSAy5dlapg14jbo09R3 +AqPFLPDVkKFB1BvfOFOuCIFK3GRdA0b2/lyEZ1rzuZHTFRm0r86l8NB5AnNIs97q +iUJBXJiAFGeSoviEODHLkv+5fAovkIjncu8MW6JioJhW3LBzT4eA4Jba1xOOATVI +vdQYs+9TPD82e3VxbQemGUn5XtcVpVhDJFZuT3AEtg9zDDxoiLTjXNIF0RqMHKH3 +piKcL/KNgczxNF8sAcMMozSqGhh5me8M+fpno2O8PvHdl0/1El6mUnw1RbcifvbH +OwN7Xyt3J14CQFsXZb6OSGmH+luu3KRIeOqeh1DsMJCy4/8/bIIqbUdvq0sB0bqI +TtYxHIkXAUCxMLjTIOjHKwQIM78RwM4RaY4SKF3PWeBGoZV4DGnRrGHluJ1DaJ+7 +DkzswonRVa3trOZsnldT07oxfK7a5p4hpvNT072mXHWyyw9P2G1WS/Qy6XNSCz0Q +KoR81HReKVjIqFMeyPY+hLmleMVwvMwiLFPIaMUnn9Ql+rwUqIKrPUzifiGyQJVt +XsAUjk1+jw9N+GRLBXahUlxDoqNMcmpCtlnECvnxcdF0yhk8/xi5mNT0Paxozzr3 +n463XlQuw2ih6tX0J1It420sd9wynND385pTXlyjOH8aFN6DhenGZkJ39uC5fvKR +oMEE0GKcV9g3nVonPl5PJEPUSUvery5lFZ7Tlzxn/v6nvDhVI6NioaD9qz6CEf5I +BDLSOdHfa02uN4/MaYq4bVVuyzzNBb5F99I3EFKzSHwd89udQhPgpJrwz/xrTPpq +GNPt9dxtlENmPOsN33aRw9w2bpEIbX+PupO8mGh1GYRE8y5RHs33rrTVkYMtpyjY +V6gXFTL5Lo7UCN9tXwvg8BYj5ZZzkRd8/tSBK83gKNpl5ZrtMBVsBnzicljs5IDP +K4hh9/uqFYfYvhsofSAYQAqlTLblGrD0hjYTE5ONSBFfft3rBL0tIY6HCasmF2eN +RrgxrlNFNMTSDFf3/GXN1U8kBVaxo6Yn7M8Fr5yW1K62g9ovcpoD2zsVNMAx7TZ3 +aSHr6DMcN7uqXJfFLbQLOtvGpQTeIKjmtQJxjiuMCpkY6wQKr75r5Y8lOA9TBTuZ +GrYOOrZZo81YE99UxjPwJ7dGFWiqM+8/9PBmK1QOAyPTJBt+lRgk6vbwaKdeGjf7 +zqyYAqDIQgkYKaYVngLuvwy0zuIMz3OH +-----END ENCRYPTED PRIVATE KEY----- -- GitLab