diff --git a/bob.p12 b/bob.p12
new file mode 100644
index 0000000000000000000000000000000000000000..b0534fbb24f4ba278c7f5915b09529c309c70b2c
Binary files /dev/null and b/bob.p12 differ
diff --git a/bob@example.com.cert.pem b/bob@example.com.cert.pem
new file mode 100644
index 0000000000000000000000000000000000000000..70e6f1befee045b77d617d86fe9d586f58a714c6
--- /dev/null
+++ b/bob@example.com.cert.pem
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIFADCCAuigAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwXjELMAkGA1UEBhMCQ0gx
+DTALBgNVBAgMBFZhdWQxGjAYBgNVBAoMEUhvcnNlIFRpbmRlciBTYXJsMQwwCgYD
+VQQLDANJU0MxFjAUBgNVBAMMDWFuZHJld3RhdGUuY2gwHhcNMjQwNjI0MTM0MjQz
+WhcNMjUwNzA0MTM0MjQzWjBgMQswCQYDVQQGEwJGUjEMMAoGA1UECAwDQWluMQ8w
+DQYDVQQHDAZGZXJuZXkxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
+ZDEPMA0GA1UEAwwGYm9iLmNoMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAwU3uA3zfpFf0mLf/wsJwpQ5alNymgoO+FdTpKMqkousgLxglZlgq4V2TNqzw
+AngPxKh9r4vaJK7TZeFf0GqOU4RNKKsnZEp+nJR45m/+txKplaNXxBn4pgpIU+dj
+/bk4PIKZAcea0HdrmR0/g26mDN4YR6k421AJcFAAEWEDu1XYMczakf1La5BmPK6k
+qJ7LVueEoRfraogmjJhRVukqdAtdy0oLSZADs4tucC6MYCmhRaUIQWsGdZm4JKZS
+K8zFZ+7poCdjJOZa6Bdz2TKhLt8ww9Up5G1ytV6GPnmksGZaAMIyomQk2D8pu0bZ
+Z6vw9aem8S/NIXdTDJVCbVLgrwIDAQABo4HFMIHCMAkGA1UdEwQCMAAwEQYJYIZI
+AYb4QgEBBAQDAgWgMDMGCWCGSAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBD
+bGllbnQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFLxgCLGmSngsuDMhT1yMn5NhTDeM
+MB8GA1UdIwQYMBaAFN6ATyzm7FYoUHlX5afUB9g9RLGTMA4GA1UdDwEB/wQEAwIF
+4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwDQYJKoZIhvcNAQELBQAD
+ggIBADPfZDlqypv0i+A1VfPnekZhi/MCMcppPJNOmL4smapdPtlw6RzUxzNb2llx
+JYOmYapgQZJFbC7j7bV4mOkC1sO/dhYTr52RHNz01U1+6Eaj+tbWbEKz63VQWuzT
+tIGoisNIW3LfaaSrjnEHppDkEAYoeHScTlFh/aPSMemrsQhkhbHKZX2FN9EvxYO5
+QwahOIhxudBTd4knHlyPYblnCwlunv6VCPAB1/6nn0XUlRpY4MQVY3s8ud+yLG9V
+PLlT8Pa7jSmnb55eRJBgs3IXezWgi0/FLjjFDuz+bzV1d7hj+ufDKkevvSkSZuM8
+WQ9G9dDlZk3RMtCH5vMaZbSINosXnQk/rTbkf8Xfs82NCoSvkIJK7l2jFdLp8pCB
+AacCQOf/Z+8FopzlbYcvFol0hnhH+VXb7SBQO19slgTv9DFjNuhQWdbiVlwIjizK
+t1h2TJ2FnjB2nEtBIpzcVVKSBkjjN7Kfxd/N0lKpuJFPIP/Qo3LaZMSUPUqWYgdn
+Coym52m5QZ/OizF0s5jmiiMej8DAVLKi/IceewUbiOL7RZDIvCdgaJkZ0NHW33jH
+7IqQzeoYLVa0yrZc+hTaW8zH9kjudsxyEFixaZjPMb7haOa6CRTtMgO3f+468yyJ
+Xo90S3mgR2yuJAQoEWdCXg2CnFWnuDvx0wntsBqkTEHL/uJj
+-----END CERTIFICATE-----
diff --git a/bob@example.com.key.pem b/bob@example.com.key.pem
new file mode 100644
index 0000000000000000000000000000000000000000..048ccbe1d677dc461ac8a31978ae0db6ffd1a8e9
--- /dev/null
+++ b/bob@example.com.key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDBTe4DfN+kV/SY
+t//CwnClDlqU3KaCg74V1OkoyqSi6yAvGCVmWCrhXZM2rPACeA/EqH2vi9okrtNl
+4V/Qao5ThE0oqydkSn6clHjmb/63EqmVo1fEGfimCkhT52P9uTg8gpkBx5rQd2uZ
+HT+DbqYM3hhHqTjbUAlwUAARYQO7VdgxzNqR/UtrkGY8rqSonstW54ShF+tqiCaM
+mFFW6Sp0C13LSgtJkAOzi25wLoxgKaFFpQhBawZ1mbgkplIrzMVn7umgJ2Mk5lro
+F3PZMqEu3zDD1SnkbXK1XoY+eaSwZloAwjKiZCTYPym7Rtlnq/D1p6bxL80hd1MM
+lUJtUuCvAgMBAAECggEAEUjKk31C8gr7T/yD3gJM2DVkXBMuwFTPVlxnTMJx3i9v
+/UYHchNIIkafty/XdiEOJ+N4+Y1jwAvx0xZH3vboKweVbqF/MDSJBa8w8EnrWKtO
+hpbIbjx0Q0SAGyCBjFpXcPGshMA4U5OaB2LaHwJxzoy9VwsGjnWlomlE2Ej4cHOg
+xSEUR/7snda3ms5qntP2/mfYjTyYzRI/j4m5gNQCEgBx4b4Ql0V+kyG+QeUI5KsZ
+ijRK3XrA7TskEogr1NQoec//BWuJdOLobABzfKR6l6tetEAPEEaRkj2ynTnHGF/5
+JzmvYqMAo36BtC8cypZKSKmtwH0u5ujOsDgWb9MKYQKBgQDV5hTIRYK5hlfT6O1t
+659g+aNCerX8g2ns9JmtXc3ugXjO/MPZ1WvuEzQImDqnhthJEdquDBtZ9O6Rq1K9
+vkYzWcVPiDyffd/RRXyfnE7TWy7ZjEDytKocAA6Xq759RHU4l43j4IkNayMRZK1C
+xX7IwAT+UNRS/EPHrfPrdMn9uwKBgQDnWiRZ5ZbaCAYuqBFb54W2zHRbyj4Fi/F2
+gFkcyM+ePZpAbQT0lZnIAzuNhrpIB3NSunAjQt7b2+HJyVk+PD+RRS+uegLtkpCH
+PIQiebPIZ0MFoNQzrVUrVhvSIw1xxMCo32HNQgN9MWJ27pdy6VZbzgOJQKTlbyF5
+2bQYl0//nQKBgQDEhbkwbBT4ScMl8os6g9KSMapbKQ1NbJwE1pLfYyEScihB3KBA
+4sJgIYqcHuk9BDpxoBLP+FWk59HNSqAhrtEm2uLa+KviSa86weIHb4BI1i0MOb1u
+gKkOQssldOj2hNBCZ5Q4+xJQns/AakR55aRf43RzCGabvCS2ME+8VDhFgwKBgB0I
+Ese1J9j0aNIyBPujcgQeY/ugxWesyAA22vfhuywATvsGszh+DW4r+a0o2vdu9+nJ
+u4ixO4YbcZoAylIk/VUdeX5LkVJ+seRGk84/t2/OhXqPVBGoDqgBhjw4add8+TA3
+1+4J+qYbLGAAUMD6xvt+PrNaiVbBO1IvH4p2cnOBAoGAQ+7Q1Es+sKxDwlyZUmdu
+AzItn/2jFQtEnnx/NF6H4U4v/71hq+woQW/UP4vi0cQMZBOkC0kMgw5pnDC3MhT5
+CTfMSfHg6MsbXXfoalAgFBbgNkUsJFzO+165a9PvezZQLtuUclVYJXjfe+B7B9Yg
+fj/QcJzQBNcuZMHzNtGSpD0=
+-----END PRIVATE KEY-----
diff --git a/ca/.env b/ca/.env
new file mode 100644
index 0000000000000000000000000000000000000000..2d1d373fc10d0fba93073e863d185d0b09748d07
--- /dev/null
+++ b/ca/.env
@@ -0,0 +1,2 @@
+API_TELEGRAM="7115572020:AAEjgaY7y-aeA3UbOy7AVyskXvsJcLsoxTs"
+CHANNEL_ID="-1002221316606"
diff --git a/ca/.gitignore b/ca/.gitignore
new file mode 100644
index 0000000000000000000000000000000000000000..21d0b898ff61470da684cc5e8f7d6efa648de8cf
--- /dev/null
+++ b/ca/.gitignore
@@ -0,0 +1 @@
+.venv/
diff --git a/ca/README.md b/ca/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..323352c12bf15a0d151d4a35e2f4ff0fa00a3d96
--- /dev/null
+++ b/ca/README.md
@@ -0,0 +1,19 @@
+# Script usage
+
+Add to a `.env` file in root of project (next to the python script):
+
+```dotenv
+API_TELEGRAM="<bot token>"
+CHANNEL_ID="<channel id>"
+```
+
+```python
+python blablae [...]
+```
+
+# Usefull commands
+
+```bash
+# Check x509 cert
+openssl x509 -inform pem -noout -text -in newcompany/certs/out.pem
+```
diff --git a/ca/ca/certs/ca.cert.pem b/ca/ca/certs/ca.cert.pem
new file mode 100644
index 0000000000000000000000000000000000000000..1d256a2fb6e8e5f9bdd46c7f2f2d7096442bebbf
--- /dev/null
+++ b/ca/ca/certs/ca.cert.pem
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF0TCCA7mgAwIBAgIUTYJwDE0JnSgF0p6JoxQQE0w+iL4wDQYJKoZIhvcNAQEL
+BQAwcDEXMBUGA1UEAwwOaG9yc2V0aW5kZXIuY2gxCzAJBgNVBAYTAkNIMQ0wCwYD
+VQQIDARWYXVkMQ8wDQYDVQQHDAZHZW5ldmExGjAYBgNVBAoMEUhvcnNlIFRpbmRl
+ciBTYXJsMQwwCgYDVQQLDANJU0MwHhcNMjQwNTE2MjA0MTI3WhcNNDQwNTExMjA0
+MTI3WjBwMRcwFQYDVQQDDA5ob3JzZXRpbmRlci5jaDELMAkGA1UEBhMCQ0gxDTAL
+BgNVBAgMBFZhdWQxDzANBgNVBAcMBkdlbmV2YTEaMBgGA1UECgwRSG9yc2UgVGlu
+ZGVyIFNhcmwxDDAKBgNVBAsMA0lTQzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
+AgoCggIBAKDU2hfwVPYQOxdtZHAfgCD0OJRRF0QpvnQ7P6QUvTcnBg01C3FMTbAF
+8mODblW+MCDfDkOn7mtVNBRbkAOTqzUTDy4CejQ2VUJO0MTAP+l3UmZW8Rog1wGr
+tDdvXHBm+IThjn2y0qcQwHko9ckUhGd33ql1raEuDBVRVgpURaUsD++QeLMH4nE4
+IrcRq3+jROpRsBR8H+NFsH9ltCMlmTCRkLGO6Fh83qPN/QXxp2OlLV+0EoeEHo84
+6i7VphjoyQBZMwNNdS9tJmJS/GLMmPnOnQ9svVo7OeFeXQBZ4E4N+Fk/l0v08ugG
+Di+nrkIA0Xxhptl4HRTohuJDkvgZ6Yo5W6B/7YoMTiHUkfFQ7w6hUsuAYLV3mA9e
+KNtLF7z1MkeL8PxJMIF5XW1hzQktQbFOuT21xuZvLGAAmmfItWrN8UrwehP6Empq
+WvHF+fVGEWYUlunLM2q+qNpzDGV7LJ5XsUgDqEUVrG71GagDYYHBZPBkStt4PC4a
+0UFYVVbvgbLl1GYF09b+6Fd1yZfBuV32z/9xVtkZkyn7cbbNsTRO+KwEThppt51S
+CwjL7cPFItLXdrJbVl+ZBRcvF/lpb4rSHNEcwdJzpSBFXPSZqAgG6uYFFR6YbUFV
+2bmHEeaanTMUi07JxDK1ZQWLse/LODNnyB6gVhRa0SqHxJ4cEwv/AgMBAAGjYzBh
+MB0GA1UdDgQWBBRBW8ia+4qNimJujZGcOmAgu1mBzzAfBgNVHSMEGDAWgBRBW8ia
++4qNimJujZGcOmAgu1mBzzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
+hjANBgkqhkiG9w0BAQsFAAOCAgEAKrLKpffpLJNo5lXc3usgwRItvwYqIpys/6/g
+m68qVoT/nFCRdz6r3YXiQ6HZa8BgDE9a+pLZqEBSnx8XTe1IrkPc5LUEXFi6Y+gN
+ZF+OWMQ6h979JXFQx1a8kwTcIkxU0+ThspFnmPvbBrZ1A4/aNsHNJZK2qjLObsML
+9hKlnQx4wIMbLXrTcofrQhuUPw2aLY5zi64LvE7LEjsY2Bh/9fVBOGHM5llX+lDI
+/G7nl3z6v72+Db5hDi6SgJBD6V8xP1OKVmeJjGhwe5okNGq93Gi188wTvpUJMemk
+yy3FVTzRHK8pbK4a5D6zE0DqJTI4DfrefTKsCaqT1K+YSv42gB2jAYyFrbU19p48
+WTzboztNmSAS5tycfA3/SWFBrrj+SCqtbf51/IQrPAh2qN4Jx9cqrApMAI+wTdiB
+yuo8YCW38DTL0HDc6lvMIMfIRaq7sz1+i2lwNav27d8l0sYK49j92ei4Ylua6S7E
+P/B8R9rYfjjkWaU+zkql9XXBVmFnbUXbr5dzutgusOS02uGbwis6UtKy+c18USog
+S7Jc0TusKD/Yv3xfqA4OKcrUJnhKTwA9pA+a5tCZtqbhbMXKrvj8Ngw/W8VVh27Y
+4os1SkpxugXblTc4rNrLqk7hkp0k+a6bLREaihTpyjVjd942Uey251K7400m236D
+cpxtIDA=
+-----END CERTIFICATE-----
diff --git a/ca/ca/index.txt b/ca/ca/index.txt
new file mode 100644
index 0000000000000000000000000000000000000000..88c6f84ef86ee756f371f11cf1c4ae9320fdd0ce
--- /dev/null
+++ b/ca/ca/index.txt
@@ -0,0 +1,2 @@
+V 340514204530Z 1000 unknown /C=CH/ST=Vaud/O=Horse Tinder Sarl/OU=ISC/CN=horsetinder.ch
+V 340514205830Z 1001 unknown /C=CH/ST=Vaud/O=Horse Tinder Sarl/OU=ISC/CN=andrewtate.ch
diff --git a/ca/ca/index.txt.attr b/ca/ca/index.txt.attr
new file mode 100644
index 0000000000000000000000000000000000000000..8f7e63a3475ce82ed03dba035f5c01a42ca38c65
--- /dev/null
+++ b/ca/ca/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/ca/ca/index.txt.attr.old b/ca/ca/index.txt.attr.old
new file mode 100644
index 0000000000000000000000000000000000000000..8f7e63a3475ce82ed03dba035f5c01a42ca38c65
--- /dev/null
+++ b/ca/ca/index.txt.attr.old
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/ca/ca/index.txt.old b/ca/ca/index.txt.old
new file mode 100644
index 0000000000000000000000000000000000000000..2aeb72eb88aa4dca6a476feba88e0ac7524fb496
--- /dev/null
+++ b/ca/ca/index.txt.old
@@ -0,0 +1 @@
+V 340514204530Z 1000 unknown /C=CH/ST=Vaud/O=Horse Tinder Sarl/OU=ISC/CN=horsetinder.ch
diff --git a/ca/ca/intermediate/certs/bibi.ch.cert.pem b/ca/ca/intermediate/certs/bibi.ch.cert.pem
new file mode 100644
index 0000000000000000000000000000000000000000..f9087cd5822f412746a02dafe41a3ae7fad0ee4e
--- /dev/null
+++ b/ca/ca/intermediate/certs/bibi.ch.cert.pem
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF0zCCA7ugAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwXjELMAkGA1UEBhMCQ0gx
+DTALBgNVBAgMBFZhdWQxGjAYBgNVBAoMEUhvcnNlIFRpbmRlciBTYXJsMQwwCgYD
+VQQLDANJU0MxFjAUBgNVBAMMDWFuZHJld3RhdGUuY2gwHhcNMjQwNTE2MjEyMjE3
+WhcNMjUwNTI2MjEyMjE3WjBnMQswCQYDVQQGEwJDSDENMAsGA1UECAwEVmF1ZDEP
+MA0GA1UEBwwGR2VuZXZhMRgwFgYDVQQKDA9MZSBUcmlvIEdhZ25hbnQxDDAKBgNV
+BAsMA0lTQzEQMA4GA1UEAwwHYmliaS5jaDCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAN/D5iemsTHkguIeA/OkPO6tTD3WsgPrnfOVvF7+8ASZRLBrvPD9
+3w9u34QU/cp797l9+dt+26zWDw0JyANikuvDuAdlHeVUyEj8MLjEZzwXNPv0vK5S
+iqZNCJ9VyibEZAancGWzhr2BW9jqBzHdMb8mNoM0ZJa7krWEFukHUbPjSUoE6EdB
+cWSSO+mrIxTJmBwr5OzvtCMQO9tdc9Z7n5w42zLmQhLXRc911FE+9Ui/PE5jrYIe
+22U6LpyBur/0i0RutDLvalgT+ZqJaVnRu6UemKGQsZEyo9JnTf3rbgZP9FehQEZ4
+KKInSwr3tx6p8xLATC0T8+9d6RUx9+52YpsCAwEAAaOCAZAwggGMMAkGA1UdEwQC
+MAAwEQYJYIZIAYb4QgEBBAQDAgZAMDMGCWCGSAGG+EIBDQQmFiRPcGVuU1NMIEdl
+bmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFEfuj70CdFuqdOO+
+zfHE4ht7J0T8MIGbBgNVHSMEgZMwgZCAFN6ATyzm7FYoUHlX5afUB9g9RLGToXSk
+cjBwMRcwFQYDVQQDDA5ob3JzZXRpbmRlci5jaDELMAkGA1UEBhMCQ0gxDTALBgNV
+BAgMBFZhdWQxDzANBgNVBAcMBkdlbmV2YTEaMBgGA1UECgwRSG9yc2UgVGluZGVy
+IFNhcmwxDDAKBgNVBAsMA0lTQ4ICEAEwDgYDVR0PAQH/BAQDAgXgMBMGA1UdJQQM
+MAoGCCsGAQUFBwMBMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDov
+L29jc3AyLmV4YW1wbGUuY29tMB8GA1UdEQQYMBaCB2JpYmkuY2iCC3d3dy5iaWJp
+LmNoMA0GCSqGSIb3DQEBCwUAA4ICAQAVPFEmoxhJShTw/pLzwY6dman9FWUQT9/8
+rPnHimCcgti6KJVWPE+gf7GW+P25bQH2pqNy0BanG/434Ly7QPxEO6ZE4+iz1NIK
+mwdOME7S7YY+fRho0apcW+b84YP39yewSz5vxWI29n3dt6FshUpTNc3MU2qP/93V
+VaiEMqZIO4Z5BwN+pkhOtZdVG3Faxw4/9hKcUOxExGerdxlqNidBtPObE39OQV5t
+mad2xSUq3GJU9ebUwqQbfugQz2+4uQU8cjdWE5sdrFgJuSr+b7gojICMF1NRse7a
+/b9NGm5DLqpNi/6XCmw3qjHoIYzUEO1RTC04BatkondCE4owTFa3P8XOG/u8VTxh
+eu26o/tnrKmmniPoDQDSVodghGJ0QdGoKzzafiUaDZIfRFrQVdp3GcexLYb1FgXq
+FULg0gmELgthBG8xuvSyIPG1GBdJCKG5GUgjSkgr43SR8n1iBEjQUucrluxgTmM2
+H/mFMnqrEF5O8qAE0B2MV52cD1OdNhC/xw7v8fuaY6Rg4dLdSAUpEurKk4OkOYXA
+LhT9jRILji/y1p+SC/HOyXhkJm1ELxULLjbVWYD+qjMkiXXj2ePeFHYFHEkQqsuM
+3hR9b/ouT0xRyLeHgSrePEwY8ohogrSyK2lYvoeFxtFwB75lOODdtgoMXfut8tzt
+REfeuftqrA==
+-----END CERTIFICATE-----
diff --git a/ca/ca/intermediate/certs/ca-chain.cert.pem b/ca/ca/intermediate/certs/ca-chain.cert.pem
new file mode 100644
index 0000000000000000000000000000000000000000..b8d279dee21e114f68e93bfcb93d067769962c67
--- /dev/null
+++ b/ca/ca/intermediate/certs/ca-chain.cert.pem
@@ -0,0 +1,67 @@
+-----BEGIN CERTIFICATE-----
+MIIFsDCCA5igAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwcDEXMBUGA1UEAwwOaG9y
+c2V0aW5kZXIuY2gxCzAJBgNVBAYTAkNIMQ0wCwYDVQQIDARWYXVkMQ8wDQYDVQQH
+DAZHZW5ldmExGjAYBgNVBAoMEUhvcnNlIFRpbmRlciBTYXJsMQwwCgYDVQQLDANJ
+U0MwHhcNMjQwNTE2MjA1ODMwWhcNMzQwNTE0MjA1ODMwWjBeMQswCQYDVQQGEwJD
+SDENMAsGA1UECAwEVmF1ZDEaMBgGA1UECgwRSG9yc2UgVGluZGVyIFNhcmwxDDAK
+BgNVBAsMA0lTQzEWMBQGA1UEAwwNYW5kcmV3dGF0ZS5jaDCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBAMsTexhqMHc2CXkVZjFaQVV0p4jUjDvLMshKyxMI
+/twPv/vOg4qRgmaAZ7FUXtjCXN3E1RT40VICRps5zOPkJxMukbNOAKVkSlcvSCEV
+d51PrA1B9QIq3YVCOE/Q503bsDbcX2sSphnME39A2hMOSuRldNK6QsIM7BJccdD7
+lUcKhDMhMNkZ5+bFcxsf+XinkVnT/LyGm4PLjagjXAOCT2adOGboUFhmRo0/vHof
+R9h5gbrHLiGf8BZcX4VK28EhGKoNOKpdspcCIXfzDFFFNVt1cpXBufXTcH8T04kz
+IeVqN34lA/LRF3X/leZ/J5ZjbhSK50kOenP+5gmJ0tkRj0mOeYUNVYs+tz86uhvL
+uYdABXLeaAeVoJrmtuz0E7O2ls6B+ay+hmZGZvl6TnPnZ/y6eMuP7hNNw8AkTWV5
+ps3sUE7puEMFseN4ABR7RtrK/j/m8BOzOLBaivMzyGIDOiwAjNA76Ab9phdmxvrM
+PEPDhMKiPvYfdbVs0AdrHFkHKGrTSmHorFA42idfbutXTGoWufxv21nlZMSqxn11
+/nTdFb1j6RZBJHYKhD7vnvOcp/SB4BstnTcXX+XWoCwAhNMXJO0BzJbGnpeA1zP+
+5igXVcXDClrnqa5+2r9hxYKHD+utEzr+hMAabUmx/MZXwhZoXH/I7KDuw54PMK5K
+0Dn1AgMBAAGjZjBkMB0GA1UdDgQWBBTegE8s5uxWKFB5V+Wn1AfYPUSxkzAfBgNV
+HSMEGDAWgBRBW8ia+4qNimJujZGcOmAgu1mBzzASBgNVHRMBAf8ECDAGAQH/AgEA
+MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAL/Q91IV5UoQamfVe
+wg3Wx1dWJw3e7fxZpXAF2GkGgIqsmMZdscU8AQ3eMPriDQcqW0mcSohKl8gN6pvY
+bPqbfrzrZV7LVc/5O0JcWAD1oIJceKLZ2DSaAzPHvz9N0qC9YIDnw8wN1AfqK4OC
+UbTheKVHotYT8S13dAY/asVLpTf8xlvngt3RObe3U6KyO81pGmM/HHRuPMum/fV0
+iHtasCQ4hUZ/+x2wwngnm+yxfcDJaLDJ9IUhQZQwiw27OChh+MLrlkqmzxfntMjv
+/kCImH4T2X3c6czJ56qpLsv7wRDAxsNjJtCasXkXBl+RNvSCer3G3SPB/yl30bUf
+C/OBfJyuGs5H7DdUJ39d0MUK4YC+b7t6YH+dEAD6HZBP2tzmEGcREAtQV+5e5KJD
+KA9AitzuQ18MNJrBTj03qDFi3xhbuykYtKZzVWQRq/MyvxuzJFc59rqhMqp++p/R
+Oj7wv0A6/P+fbUm1FlEiREKFF6ejcJWCP0SdJIlv8ZiTkdg8UGFM0dGed5hXQvww
+nZZhfxOo+NIil1BoGfZZ38qbUNdK2kMxnrTdqgFX53Hz9xqjXTn43FMS+CJRZxVP
+o45dAtQbKOkKStVAWC9cXvzAS4st/hdlC5EkbzsZUXArRjTJ0A633YkDTu6OshKH
+lJDwQc1G93zhyDVJDfMWSf1rg78=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIF0TCCA7mgAwIBAgIUTYJwDE0JnSgF0p6JoxQQE0w+iL4wDQYJKoZIhvcNAQEL
+BQAwcDEXMBUGA1UEAwwOaG9yc2V0aW5kZXIuY2gxCzAJBgNVBAYTAkNIMQ0wCwYD
+VQQIDARWYXVkMQ8wDQYDVQQHDAZHZW5ldmExGjAYBgNVBAoMEUhvcnNlIFRpbmRl
+ciBTYXJsMQwwCgYDVQQLDANJU0MwHhcNMjQwNTE2MjA0MTI3WhcNNDQwNTExMjA0
+MTI3WjBwMRcwFQYDVQQDDA5ob3JzZXRpbmRlci5jaDELMAkGA1UEBhMCQ0gxDTAL
+BgNVBAgMBFZhdWQxDzANBgNVBAcMBkdlbmV2YTEaMBgGA1UECgwRSG9yc2UgVGlu
+ZGVyIFNhcmwxDDAKBgNVBAsMA0lTQzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
+AgoCggIBAKDU2hfwVPYQOxdtZHAfgCD0OJRRF0QpvnQ7P6QUvTcnBg01C3FMTbAF
+8mODblW+MCDfDkOn7mtVNBRbkAOTqzUTDy4CejQ2VUJO0MTAP+l3UmZW8Rog1wGr
+tDdvXHBm+IThjn2y0qcQwHko9ckUhGd33ql1raEuDBVRVgpURaUsD++QeLMH4nE4
+IrcRq3+jROpRsBR8H+NFsH9ltCMlmTCRkLGO6Fh83qPN/QXxp2OlLV+0EoeEHo84
+6i7VphjoyQBZMwNNdS9tJmJS/GLMmPnOnQ9svVo7OeFeXQBZ4E4N+Fk/l0v08ugG
+Di+nrkIA0Xxhptl4HRTohuJDkvgZ6Yo5W6B/7YoMTiHUkfFQ7w6hUsuAYLV3mA9e
+KNtLF7z1MkeL8PxJMIF5XW1hzQktQbFOuT21xuZvLGAAmmfItWrN8UrwehP6Empq
+WvHF+fVGEWYUlunLM2q+qNpzDGV7LJ5XsUgDqEUVrG71GagDYYHBZPBkStt4PC4a
+0UFYVVbvgbLl1GYF09b+6Fd1yZfBuV32z/9xVtkZkyn7cbbNsTRO+KwEThppt51S
+CwjL7cPFItLXdrJbVl+ZBRcvF/lpb4rSHNEcwdJzpSBFXPSZqAgG6uYFFR6YbUFV
+2bmHEeaanTMUi07JxDK1ZQWLse/LODNnyB6gVhRa0SqHxJ4cEwv/AgMBAAGjYzBh
+MB0GA1UdDgQWBBRBW8ia+4qNimJujZGcOmAgu1mBzzAfBgNVHSMEGDAWgBRBW8ia
++4qNimJujZGcOmAgu1mBzzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
+hjANBgkqhkiG9w0BAQsFAAOCAgEAKrLKpffpLJNo5lXc3usgwRItvwYqIpys/6/g
+m68qVoT/nFCRdz6r3YXiQ6HZa8BgDE9a+pLZqEBSnx8XTe1IrkPc5LUEXFi6Y+gN
+ZF+OWMQ6h979JXFQx1a8kwTcIkxU0+ThspFnmPvbBrZ1A4/aNsHNJZK2qjLObsML
+9hKlnQx4wIMbLXrTcofrQhuUPw2aLY5zi64LvE7LEjsY2Bh/9fVBOGHM5llX+lDI
+/G7nl3z6v72+Db5hDi6SgJBD6V8xP1OKVmeJjGhwe5okNGq93Gi188wTvpUJMemk
+yy3FVTzRHK8pbK4a5D6zE0DqJTI4DfrefTKsCaqT1K+YSv42gB2jAYyFrbU19p48
+WTzboztNmSAS5tycfA3/SWFBrrj+SCqtbf51/IQrPAh2qN4Jx9cqrApMAI+wTdiB
+yuo8YCW38DTL0HDc6lvMIMfIRaq7sz1+i2lwNav27d8l0sYK49j92ei4Ylua6S7E
+P/B8R9rYfjjkWaU+zkql9XXBVmFnbUXbr5dzutgusOS02uGbwis6UtKy+c18USog
+S7Jc0TusKD/Yv3xfqA4OKcrUJnhKTwA9pA+a5tCZtqbhbMXKrvj8Ngw/W8VVh27Y
+4os1SkpxugXblTc4rNrLqk7hkp0k+a6bLREaihTpyjVjd942Uey251K7400m236D
+cpxtIDA=
+-----END CERTIFICATE-----
diff --git a/ca/ca/intermediate/certs/intermediate.cert.pem b/ca/ca/intermediate/certs/intermediate.cert.pem
new file mode 100644
index 0000000000000000000000000000000000000000..0e1c56461ce24a61296fa56a04253c9340ed9df6
--- /dev/null
+++ b/ca/ca/intermediate/certs/intermediate.cert.pem
@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFsDCCA5igAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwcDEXMBUGA1UEAwwOaG9y
+c2V0aW5kZXIuY2gxCzAJBgNVBAYTAkNIMQ0wCwYDVQQIDARWYXVkMQ8wDQYDVQQH
+DAZHZW5ldmExGjAYBgNVBAoMEUhvcnNlIFRpbmRlciBTYXJsMQwwCgYDVQQLDANJ
+U0MwHhcNMjQwNTE2MjA1ODMwWhcNMzQwNTE0MjA1ODMwWjBeMQswCQYDVQQGEwJD
+SDENMAsGA1UECAwEVmF1ZDEaMBgGA1UECgwRSG9yc2UgVGluZGVyIFNhcmwxDDAK
+BgNVBAsMA0lTQzEWMBQGA1UEAwwNYW5kcmV3dGF0ZS5jaDCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBAMsTexhqMHc2CXkVZjFaQVV0p4jUjDvLMshKyxMI
+/twPv/vOg4qRgmaAZ7FUXtjCXN3E1RT40VICRps5zOPkJxMukbNOAKVkSlcvSCEV
+d51PrA1B9QIq3YVCOE/Q503bsDbcX2sSphnME39A2hMOSuRldNK6QsIM7BJccdD7
+lUcKhDMhMNkZ5+bFcxsf+XinkVnT/LyGm4PLjagjXAOCT2adOGboUFhmRo0/vHof
+R9h5gbrHLiGf8BZcX4VK28EhGKoNOKpdspcCIXfzDFFFNVt1cpXBufXTcH8T04kz
+IeVqN34lA/LRF3X/leZ/J5ZjbhSK50kOenP+5gmJ0tkRj0mOeYUNVYs+tz86uhvL
+uYdABXLeaAeVoJrmtuz0E7O2ls6B+ay+hmZGZvl6TnPnZ/y6eMuP7hNNw8AkTWV5
+ps3sUE7puEMFseN4ABR7RtrK/j/m8BOzOLBaivMzyGIDOiwAjNA76Ab9phdmxvrM
+PEPDhMKiPvYfdbVs0AdrHFkHKGrTSmHorFA42idfbutXTGoWufxv21nlZMSqxn11
+/nTdFb1j6RZBJHYKhD7vnvOcp/SB4BstnTcXX+XWoCwAhNMXJO0BzJbGnpeA1zP+
+5igXVcXDClrnqa5+2r9hxYKHD+utEzr+hMAabUmx/MZXwhZoXH/I7KDuw54PMK5K
+0Dn1AgMBAAGjZjBkMB0GA1UdDgQWBBTegE8s5uxWKFB5V+Wn1AfYPUSxkzAfBgNV
+HSMEGDAWgBRBW8ia+4qNimJujZGcOmAgu1mBzzASBgNVHRMBAf8ECDAGAQH/AgEA
+MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAL/Q91IV5UoQamfVe
+wg3Wx1dWJw3e7fxZpXAF2GkGgIqsmMZdscU8AQ3eMPriDQcqW0mcSohKl8gN6pvY
+bPqbfrzrZV7LVc/5O0JcWAD1oIJceKLZ2DSaAzPHvz9N0qC9YIDnw8wN1AfqK4OC
+UbTheKVHotYT8S13dAY/asVLpTf8xlvngt3RObe3U6KyO81pGmM/HHRuPMum/fV0
+iHtasCQ4hUZ/+x2wwngnm+yxfcDJaLDJ9IUhQZQwiw27OChh+MLrlkqmzxfntMjv
+/kCImH4T2X3c6czJ56qpLsv7wRDAxsNjJtCasXkXBl+RNvSCer3G3SPB/yl30bUf
+C/OBfJyuGs5H7DdUJ39d0MUK4YC+b7t6YH+dEAD6HZBP2tzmEGcREAtQV+5e5KJD
+KA9AitzuQ18MNJrBTj03qDFi3xhbuykYtKZzVWQRq/MyvxuzJFc59rqhMqp++p/R
+Oj7wv0A6/P+fbUm1FlEiREKFF6ejcJWCP0SdJIlv8ZiTkdg8UGFM0dGed5hXQvww
+nZZhfxOo+NIil1BoGfZZ38qbUNdK2kMxnrTdqgFX53Hz9xqjXTn43FMS+CJRZxVP
+o45dAtQbKOkKStVAWC9cXvzAS4st/hdlC5EkbzsZUXArRjTJ0A633YkDTu6OshKH
+lJDwQc1G93zhyDVJDfMWSf1rg78=
+-----END CERTIFICATE-----
diff --git a/ca/ca/intermediate/csr/andrewtate.ch.csr.pem b/ca/ca/intermediate/csr/andrewtate.ch.csr.pem
new file mode 100644
index 0000000000000000000000000000000000000000..4f25a9ada6fd102dcb42f5219aa73a162ff8c810
--- /dev/null
+++ b/ca/ca/intermediate/csr/andrewtate.ch.csr.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC1zCCAb8CAQAwYDEQMA4GA1UEAwwHYmliaS5jaDELMAkGA1UEBhMCQ0gxDTAL
+BgNVBAgMBFZhdWQxDzANBgNVBAcMBkdlbmV2YTERMA8GA1UECgwIQmliaSBMdGQx
+DDAKBgNVBAsMA0lTQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN/D
+5iemsTHkguIeA/OkPO6tTD3WsgPrnfOVvF7+8ASZRLBrvPD93w9u34QU/cp797l9
++dt+26zWDw0JyANikuvDuAdlHeVUyEj8MLjEZzwXNPv0vK5SiqZNCJ9VyibEZAan
+cGWzhr2BW9jqBzHdMb8mNoM0ZJa7krWEFukHUbPjSUoE6EdBcWSSO+mrIxTJmBwr
+5OzvtCMQO9tdc9Z7n5w42zLmQhLXRc911FE+9Ui/PE5jrYIe22U6LpyBur/0i0Ru
+tDLvalgT+ZqJaVnRu6UemKGQsZEyo9JnTf3rbgZP9FehQEZ4KKInSwr3tx6p8xLA
+TC0T8+9d6RUx9+52YpsCAwEAAaAyMDAGCSqGSIb3DQEJDjEjMCEwHwYDVR0RBBgw
+FoIHYmliaS5jaIILd3d3LmJpYmkuY2gwDQYJKoZIhvcNAQELBQADggEBAEvUrlP+
+cXrOkeN+7x4fevlWdr4Z3wdKtsicOa1VaaspGMKnxNfyKwHunDEdll20hwEPDtul
+wD/VbVXZHylOm6EPhrwOFTl/fub76SaiIECaU/yXX4tvFkeOsXEhF6B5PQkrOACW
+jknPEyxNUxrjfbEimKjFEqI4oGWjN8y+bbLFAxPXuOehsh53wuD5y9ryldKfWkf1
+vEUaY9C/3rQP7JhJyJuSOm50R1XSHhk6tT5ms5mo7w3idMKeEX7oz2lqEOfZof4+
+7HuXVu5BqRCtqMS9YYg0QKRPBNRCzAKbjIgjREqjV/OQRhmZka/Zydw0AjbsTraP
+PL6tRZD3P9h3NY0=
+-----END CERTIFICATE REQUEST-----
diff --git a/ca/ca/intermediate/csr/bibi.ch.csr.pem b/ca/ca/intermediate/csr/bibi.ch.csr.pem
new file mode 100644
index 0000000000000000000000000000000000000000..29ac3217082c8f64bdc422fd8d5d0d56871b8cb4
--- /dev/null
+++ b/ca/ca/intermediate/csr/bibi.ch.csr.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICrDCCAZQCAQAwZzEQMA4GA1UEAwwHYmliaS5jaDELMAkGA1UEBhMCQ0gxDTAL
+BgNVBAgMBFZhdWQxDzANBgNVBAcMBkdlbmV2YTEYMBYGA1UECgwPTGUgVHJpbyBH
+YWduYW50MQwwCgYDVQQLDANJU0MwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDfw+YnprEx5ILiHgPzpDzurUw91rID653zlbxe/vAEmUSwa7zw/d8Pbt+E
+FP3Ke/e5ffnbftus1g8NCcgDYpLrw7gHZR3lVMhI/DC4xGc8FzT79LyuUoqmTQif
+VcomxGQGp3Bls4a9gVvY6gcx3TG/JjaDNGSWu5K1hBbpB1Gz40lKBOhHQXFkkjvp
+qyMUyZgcK+Ts77QjEDvbXXPWe5+cONsy5kIS10XPddRRPvVIvzxOY62CHttlOi6c
+gbq/9ItEbrQy72pYE/maiWlZ0bulHpihkLGRMqPSZ039624GT/RXoUBGeCiiJ0sK
+97ceqfMSwEwtE/PvXekVMffudmKbAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEA
+PNkhsM8ZmLPZLtGSBc26vJtkAnGlCkK9joiK7DHBKe/b12WrCOsWdfrXl/SlCRnB
+BpAesE4mxcj82bJ51+/xZ6bCWy+RSDqrNobc1CLDYsUrdR/RcWZsXExPpN7MpcBu
+tCsQCeP98HoYhqOXJUQtpOnJdaJqloZ07xyB5jfGQrbci1yKWjpHMZhi/ckfPJie
+HetLvYaHjr+1uCG6qolVQUZ8vp2rkD9oRBgDqzDzbhvisCJiIWEsdHpKddwZRm3E
+fvPBmbuzOYy5vDRgXkRe0/fId/ppxXqZuxH6wkjR/O9qCY+crWzexl98/isUgwo9
+CHvkmf+jb/98s7hP8RGyaQ==
+-----END CERTIFICATE REQUEST-----
diff --git a/ca/ca/intermediate/csr/intermediate.csr.pem b/ca/ca/intermediate/csr/intermediate.csr.pem
new file mode 100644
index 0000000000000000000000000000000000000000..456a73971eb368e1bee765ec45c04dfef75a1e80
--- /dev/null
+++ b/ca/ca/intermediate/csr/intermediate.csr.pem
@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIEtDCCApwCAQAwbzEWMBQGA1UEAwwNYW5kcmV3dGF0ZS5jaDELMAkGA1UEBhMC
+Q0gxDTALBgNVBAgMBFZhdWQxDzANBgNVBAcMBkdlbmV2YTEaMBgGA1UECgwRSG9y
+c2UgVGluZGVyIFNhcmwxDDAKBgNVBAsMA0lTQzCCAiIwDQYJKoZIhvcNAQEBBQAD
+ggIPADCCAgoCggIBAMsTexhqMHc2CXkVZjFaQVV0p4jUjDvLMshKyxMI/twPv/vO
+g4qRgmaAZ7FUXtjCXN3E1RT40VICRps5zOPkJxMukbNOAKVkSlcvSCEVd51PrA1B
+9QIq3YVCOE/Q503bsDbcX2sSphnME39A2hMOSuRldNK6QsIM7BJccdD7lUcKhDMh
+MNkZ5+bFcxsf+XinkVnT/LyGm4PLjagjXAOCT2adOGboUFhmRo0/vHofR9h5gbrH
+LiGf8BZcX4VK28EhGKoNOKpdspcCIXfzDFFFNVt1cpXBufXTcH8T04kzIeVqN34l
+A/LRF3X/leZ/J5ZjbhSK50kOenP+5gmJ0tkRj0mOeYUNVYs+tz86uhvLuYdABXLe
+aAeVoJrmtuz0E7O2ls6B+ay+hmZGZvl6TnPnZ/y6eMuP7hNNw8AkTWV5ps3sUE7p
+uEMFseN4ABR7RtrK/j/m8BOzOLBaivMzyGIDOiwAjNA76Ab9phdmxvrMPEPDhMKi
+PvYfdbVs0AdrHFkHKGrTSmHorFA42idfbutXTGoWufxv21nlZMSqxn11/nTdFb1j
+6RZBJHYKhD7vnvOcp/SB4BstnTcXX+XWoCwAhNMXJO0BzJbGnpeA1zP+5igXVcXD
+Clrnqa5+2r9hxYKHD+utEzr+hMAabUmx/MZXwhZoXH/I7KDuw54PMK5K0Dn1AgMB
+AAGgADANBgkqhkiG9w0BAQsFAAOCAgEADGP31gIZrnJWcYCeA/Kn7cVK/cpgD7kw
+uYEKid1BUfReAo3+jOKtj6v1LL77D+fl2bHEnAqsNtrLK3XnIRUWGzsaNKL+6oTl
+gTWXexEo61xamz0glLaH2m5eujSzx4XQzMop4itq/ROFkGDbggywxo44NM1yOiaN
+UjDUn7SFp4BhqztGf42pcN7wm/o1vz1LFZ2Penw+YrMlD5za+9l8rrjsly2UUUaI
+JF/2rtGkoEpeAs3sZHl2jeaMmvH/e1FmLqeQBPODnY7n/X9yQ2krwZsn3p+I1ASb
+K2U+0v8eeIjbRcQjNcgCLAktNAq6DV6DYyxsPzNiKwFc0GXLOqO55tg9EDwhobRG
+g5T/zSRdAz7KGdFn1mw2I+qa9SFpN/ozuW0xuQFA8Wj1n0gI4BbCrVxZVRBRqMx6
+ODf291/t0moz1YvaNC78KOgN6z3uLx38UCdnqdvf0RQ+jWRHuL9IfsvtcyNBZrPk
+ScyYRPxAl0Ehpp9t4seShq9hvNFIRAxPqqAoK0BFf9Hh2vM8dXEyiMpfn5N+Xdp5
+FevjfcIxfTYC2Z8u1opCrap8VtG7hD81wDFJYOk/RAU1BJgLDNTLlhvbg6s5ZIoQ
+5V1tTHz6uCeWiR15Uay97bG4FcOE3HI7ZtaLGdsDLhepwhJJIALOYyQiG4sFqc4n
+XEX67mqHSkw=
+-----END CERTIFICATE REQUEST-----
diff --git a/ca/ca/intermediate/index.txt b/ca/ca/intermediate/index.txt
new file mode 100644
index 0000000000000000000000000000000000000000..057e5c949445efa9fe7ce9bf98059d3e19df3292
--- /dev/null
+++ b/ca/ca/intermediate/index.txt
@@ -0,0 +1,2 @@
+V 250526211508Z 1000 unknown /C=CH/ST=Vaud/L=Geneva/O=Bibi Ltd/OU=ISC/CN=bibi.ch
+V 250526212217Z 1001 unknown /C=CH/ST=Vaud/L=Geneva/O=Le Trio Gagnant/OU=ISC/CN=bibi.ch
diff --git a/ca/ca/intermediate/index.txt.attr b/ca/ca/intermediate/index.txt.attr
new file mode 100644
index 0000000000000000000000000000000000000000..8f7e63a3475ce82ed03dba035f5c01a42ca38c65
--- /dev/null
+++ b/ca/ca/intermediate/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/ca/ca/intermediate/index.txt.attr.old b/ca/ca/intermediate/index.txt.attr.old
new file mode 100644
index 0000000000000000000000000000000000000000..8f7e63a3475ce82ed03dba035f5c01a42ca38c65
--- /dev/null
+++ b/ca/ca/intermediate/index.txt.attr.old
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/ca/ca/intermediate/index.txt.old b/ca/ca/intermediate/index.txt.old
new file mode 100644
index 0000000000000000000000000000000000000000..a8304bbbc7a3a552876a7e763ecf3fc43a69371e
--- /dev/null
+++ b/ca/ca/intermediate/index.txt.old
@@ -0,0 +1 @@
+V 250526211508Z 1000 unknown /C=CH/ST=Vaud/L=Geneva/O=Bibi Ltd/OU=ISC/CN=bibi.ch
diff --git a/ca/ca/intermediate/newcerts/1000.pem b/ca/ca/intermediate/newcerts/1000.pem
new file mode 100644
index 0000000000000000000000000000000000000000..90d2fd593475c4431598f2c469675c0248bc9cef
--- /dev/null
+++ b/ca/ca/intermediate/newcerts/1000.pem
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF4zCCA8ugAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwXjELMAkGA1UEBhMCQ0gx
+DTALBgNVBAgMBFZhdWQxGjAYBgNVBAoMEUhvcnNlIFRpbmRlciBTYXJsMQwwCgYD
+VQQLDANJU0MxFjAUBgNVBAMMDWFuZHJld3RhdGUuY2gwHhcNMjQwNTE2MjExNTA4
+WhcNMjUwNTI2MjExNTA4WjBgMQswCQYDVQQGEwJDSDENMAsGA1UECAwEVmF1ZDEP
+MA0GA1UEBwwGR2VuZXZhMREwDwYDVQQKDAhCaWJpIEx0ZDEMMAoGA1UECwwDSVND
+MRAwDgYDVQQDDAdiaWJpLmNoMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEA38PmJ6axMeSC4h4D86Q87q1MPdayA+ud85W8Xv7wBJlEsGu88P3fD27fhBT9
+ynv3uX35237brNYPDQnIA2KS68O4B2Ud5VTISPwwuMRnPBc0+/S8rlKKpk0In1XK
+JsRkBqdwZbOGvYFb2OoHMd0xvyY2gzRklruStYQW6QdRs+NJSgToR0FxZJI76asj
+FMmYHCvk7O+0IxA7211z1nufnDjbMuZCEtdFz3XUUT71SL88TmOtgh7bZTounIG6
+v/SLRG60Mu9qWBP5molpWdG7pR6YoZCxkTKj0mdN/etuBk/0V6FARngooidLCve3
+HqnzEsBMLRPz713pFTH37nZimwIDAQABo4IBpzCCAaMwCQYDVR0TBAIwADARBglg
+hkgBhvhCAQEEBAMCBkAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJhdGVk
+IFNlcnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUR+6PvQJ0W6p0477N8cTiG3sn
+RPwwgZsGA1UdIwSBkzCBkIAU3oBPLObsVihQeVflp9QH2D1EsZOhdKRyMHAxFzAV
+BgNVBAMMDmhvcnNldGluZGVyLmNoMQswCQYDVQQGEwJDSDENMAsGA1UECAwEVmF1
+ZDEPMA0GA1UEBwwGR2VuZXZhMRowGAYDVQQKDBFIb3JzZSBUaW5kZXIgU2FybDEM
+MAoGA1UECwwDSVNDggIQATAOBgNVHQ8BAf8EBAMCBeAwEwYDVR0lBAwwCgYIKwYB
+BQUHAwEwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcDIu
+ZXhhbXBsZS5jb20wNgYDVR0RBC8wLYILZXhhbXBsZS5jb22CD3d3dy5leGFtcGxl
+LmNvbYINbS5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAgEAaAApnGApld+f
+pU1KOkqh4PK25IInORjkjGhIjuzNTJXLLPlNszWi+crBB3Mh31pa30IEit0xGgWf
+HSuUH+S+4EqtGr6IKpYGzR4ka23TvE2274ILFRHWlodk7tFX4kp3HH7ukmar3h7X
+xmv14PzO70EpXQexFbEeA/oLLeA1KPTHbQt4KlW2WOfNfFLGnB2BDL87InUSdef6
+yiG/7qrJ2KkzKqY7iLTz2PGWCEKZN4NvjZjq76bAMO56ljyZ885OaY5+L8JimlJ1
+KPRy5GxTnUiqNNuuZ3D6J0gEglzce6Ln5iYxjmESHJZDGfLmINaA0/icnkQxlbcd
+9r5a7B6aic1XbKJaLPnNQM4xBu03iGMfehl92tDiHpLyIiE5tvXFrJta/km2Mvf7
+OgTvA1Ux0m/HfxCA6l6mEU13fG3iaDXSn7NmqmRcNNmN8RO3jubOpwX4M5ZLHEgb
+44zq/13H/D4xd2BDgq+xIS29VLZxQAo28t+ipKQXFpxsaQ90E0VQAvJueAA6g9JK
+igfBxxNsL+zf1SDMB5PaNTrreomvE/n3h/NhJl+dkiaS5JPG2ruvDgXYzHXOc/WQ
+B5FCv+1I4bPMX5dESIavw1MDZVPT3YDmqyT9yncP7Pzd2p/J7/Kw6sNoXOJjcUr+
+jTdYwVIK5/gSFxKGQ3Cvod06lUZqE7g=
+-----END CERTIFICATE-----
diff --git a/ca/ca/intermediate/newcerts/1001.pem b/ca/ca/intermediate/newcerts/1001.pem
new file mode 100644
index 0000000000000000000000000000000000000000..f9087cd5822f412746a02dafe41a3ae7fad0ee4e
--- /dev/null
+++ b/ca/ca/intermediate/newcerts/1001.pem
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF0zCCA7ugAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwXjELMAkGA1UEBhMCQ0gx
+DTALBgNVBAgMBFZhdWQxGjAYBgNVBAoMEUhvcnNlIFRpbmRlciBTYXJsMQwwCgYD
+VQQLDANJU0MxFjAUBgNVBAMMDWFuZHJld3RhdGUuY2gwHhcNMjQwNTE2MjEyMjE3
+WhcNMjUwNTI2MjEyMjE3WjBnMQswCQYDVQQGEwJDSDENMAsGA1UECAwEVmF1ZDEP
+MA0GA1UEBwwGR2VuZXZhMRgwFgYDVQQKDA9MZSBUcmlvIEdhZ25hbnQxDDAKBgNV
+BAsMA0lTQzEQMA4GA1UEAwwHYmliaS5jaDCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAN/D5iemsTHkguIeA/OkPO6tTD3WsgPrnfOVvF7+8ASZRLBrvPD9
+3w9u34QU/cp797l9+dt+26zWDw0JyANikuvDuAdlHeVUyEj8MLjEZzwXNPv0vK5S
+iqZNCJ9VyibEZAancGWzhr2BW9jqBzHdMb8mNoM0ZJa7krWEFukHUbPjSUoE6EdB
+cWSSO+mrIxTJmBwr5OzvtCMQO9tdc9Z7n5w42zLmQhLXRc911FE+9Ui/PE5jrYIe
+22U6LpyBur/0i0RutDLvalgT+ZqJaVnRu6UemKGQsZEyo9JnTf3rbgZP9FehQEZ4
+KKInSwr3tx6p8xLATC0T8+9d6RUx9+52YpsCAwEAAaOCAZAwggGMMAkGA1UdEwQC
+MAAwEQYJYIZIAYb4QgEBBAQDAgZAMDMGCWCGSAGG+EIBDQQmFiRPcGVuU1NMIEdl
+bmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFEfuj70CdFuqdOO+
+zfHE4ht7J0T8MIGbBgNVHSMEgZMwgZCAFN6ATyzm7FYoUHlX5afUB9g9RLGToXSk
+cjBwMRcwFQYDVQQDDA5ob3JzZXRpbmRlci5jaDELMAkGA1UEBhMCQ0gxDTALBgNV
+BAgMBFZhdWQxDzANBgNVBAcMBkdlbmV2YTEaMBgGA1UECgwRSG9yc2UgVGluZGVy
+IFNhcmwxDDAKBgNVBAsMA0lTQ4ICEAEwDgYDVR0PAQH/BAQDAgXgMBMGA1UdJQQM
+MAoGCCsGAQUFBwMBMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDov
+L29jc3AyLmV4YW1wbGUuY29tMB8GA1UdEQQYMBaCB2JpYmkuY2iCC3d3dy5iaWJp
+LmNoMA0GCSqGSIb3DQEBCwUAA4ICAQAVPFEmoxhJShTw/pLzwY6dman9FWUQT9/8
+rPnHimCcgti6KJVWPE+gf7GW+P25bQH2pqNy0BanG/434Ly7QPxEO6ZE4+iz1NIK
+mwdOME7S7YY+fRho0apcW+b84YP39yewSz5vxWI29n3dt6FshUpTNc3MU2qP/93V
+VaiEMqZIO4Z5BwN+pkhOtZdVG3Faxw4/9hKcUOxExGerdxlqNidBtPObE39OQV5t
+mad2xSUq3GJU9ebUwqQbfugQz2+4uQU8cjdWE5sdrFgJuSr+b7gojICMF1NRse7a
+/b9NGm5DLqpNi/6XCmw3qjHoIYzUEO1RTC04BatkondCE4owTFa3P8XOG/u8VTxh
+eu26o/tnrKmmniPoDQDSVodghGJ0QdGoKzzafiUaDZIfRFrQVdp3GcexLYb1FgXq
+FULg0gmELgthBG8xuvSyIPG1GBdJCKG5GUgjSkgr43SR8n1iBEjQUucrluxgTmM2
+H/mFMnqrEF5O8qAE0B2MV52cD1OdNhC/xw7v8fuaY6Rg4dLdSAUpEurKk4OkOYXA
+LhT9jRILji/y1p+SC/HOyXhkJm1ELxULLjbVWYD+qjMkiXXj2ePeFHYFHEkQqsuM
+3hR9b/ouT0xRyLeHgSrePEwY8ohogrSyK2lYvoeFxtFwB75lOODdtgoMXfut8tzt
+REfeuftqrA==
+-----END CERTIFICATE-----
diff --git a/ca/ca/intermediate/openssl.cnf b/ca/ca/intermediate/openssl.cnf
new file mode 100644
index 0000000000000000000000000000000000000000..cc89daa008a210166c37610f6110253b93150bc3
--- /dev/null
+++ b/ca/ca/intermediate/openssl.cnf
@@ -0,0 +1,141 @@
+# OpenSSL intermediate CA configuration file.
+# Copy to `/root/ca/intermediate/openssl.cnf`.
+
+[ ca ]
+# `man ca`
+default_ca = CA_default
+
+[ CA_default ]
+# Directory and file locations.
+dir = /data/code/atelier_secu/ca/intermediate
+certs = $dir/certs
+crl_dir = $dir/crl
+new_certs_dir = $dir/newcerts
+database = $dir/index.txt
+serial = $dir/serial
+RANDFILE = $dir/private/.rand
+
+# The root key and root certificate.
+private_key = $dir/private/intermediate.key.pem
+certificate = $dir/certs/intermediate.cert.pem
+
+# For certificate revocation lists.
+crlnumber = $dir/crlnumber
+crl = $dir/crl/intermediate.crl.pem
+crl_extensions = crl_ext
+default_crl_days = 30
+
+# SHA-1 is deprecated, so use SHA-2 instead.
+default_md = sha256
+
+name_opt = ca_default
+cert_opt = ca_default
+default_days = 375
+preserve = no
+policy = policy_loose
+
+copy_extensions = copy
+
+[ policy_strict ]
+# The root CA should only sign intermediate certificates that match.
+# See the POLICY FORMAT section of `man ca`.
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+[ policy_loose ]
+# Allow the intermediate CA to sign a more diverse range of certificates.
+# See the POLICY FORMAT section of the `ca` man page.
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+[ req ]
+# Options for the `req` tool (`man req`).
+default_bits = 2048
+distinguished_name = req_distinguished_name
+string_mask = utf8only
+
+# SHA-1 is deprecated, so use SHA-2 instead.
+default_md = sha256
+
+# Extension to add when the -x509 option is used.
+x509_extensions = v3_ca
+
+[ req_distinguished_name ]
+# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
+commonName = Common Name
+countryName = Country Name (2 letter code)
+stateOrProvinceName = State or Province Name
+localityName = Locality Name
+0.organizationName = Organization Name
+organizationalUnitName = Organizational Unit Name
+emailAddress = Email Address
+
+# Optionally, specify some defaults.
+countryName_default = XX
+stateOrProvinceName_default = MyState
+localityName_default =
+0.organizationName_default = MyOrg
+organizationalUnitName_default =
+emailAddress_default =
+
+[ v3_ca ]
+# Extensions for a typical CA (`man x509v3_config`).
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+
+[ v3_intermediate_ca ]
+# Extensions for a typical intermediate CA (`man x509v3_config`).
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true, pathlen:0
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+
+[ usr_cert ]
+# Extensions for client certificates (`man x509v3_config`).
+basicConstraints = CA:FALSE
+nsCertType = client, email
+nsComment = "OpenSSL Generated Client Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
+extendedKeyUsage = clientAuth, emailProtection
+
+[ server_cert ]
+# Extensions for server certificates (`man x509v3_config`).
+basicConstraints = CA:FALSE
+nsCertType = server
+nsComment = "OpenSSL Generated Server Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth
+authorityInfoAccess = OCSP;URI:http://ocsp2.example.com
+subjectAltName = @alt_names
+crlDistributionPoints = URI:http://bibi.ch/intermediate.crl.pem
+
+[ alt_names ]
+DNS.1 = bibi.ch
+DNS.2 = www.bibi.ch
+
+[ crl_ext ]
+# Extension for CRLs (`man x509v3_config`).
+authorityKeyIdentifier=keyid:always
+
+[ ocsp ]
+# Extension for OCSP signing certificates (`man ocsp`).
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer
+keyUsage = critical, digitalSignature
+extendedKeyUsage = critical, OCSPSigning
diff --git a/ca/ca/intermediate/private/andrewtate.ch.key.pem b/ca/ca/intermediate/private/andrewtate.ch.key.pem
new file mode 100644
index 0000000000000000000000000000000000000000..ceead37becdac38faffd7df2c43a401f15def3f8
--- /dev/null
+++ b/ca/ca/intermediate/private/andrewtate.ch.key.pem
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIqF2NBi+pu58CAggA
+MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBDbok3NnAfXZLsOF/GxMYMXBIIE
+0BfhpIrOAkXK36p8q+u6Kin/f7fCtjv1Vcfh5eb+CUIJyJokIV0Bk7SlkOK5eJxb
+Q8n05WuMjZbplnedXW5jQ2+eetRp8YI4GWLxycJiWTSmZtR4J99gdW2CLZL5MYm3
+By3z7hcD6OvSTlLD1UxSbCtucqfH6IBr1xy4T+d00q6dZbsg15MyUDgm5dU3C6d+
+6GZGlrVrIY8mTHO4HTbSappMS/cJ6mwT2ABWe76aetT1GszzBPxUE/ohpXT11qdd
+5HHSeu5jv4k+hX/7uwf8Izettx9fxQFNhhZ0HfDmEN7mvFwDrTtHaq81ypQfUnFd
+omqyQdsj8FYSTUJ4G/4mk1tV4OVoPMOaNW7SVRxEz8Euwsl2hOw+ysJvcPYcsGqm
+ZVuUZLshIfL2sgtXaRu/kMAsR8o4rl2C7WV4EFJe7YvFjV2hV21zUVSno3Gyy0bS
+By4w+RA2vjOkT5twutTcueAhBQuJPDk5DTGoxdZ2mcY0lNTN0KXGLakSbwOxJ90E
+uDbcdnTMwCjTLqsvyITe0FRQry8ekKmcVnsYTxtjLHVB6tn0q4srWFCkS0F6g917
+s2oCBTzEAmxtfkRoTXeQSJnP/36LXN1W9jhd6Gd5km8+OfA/dGEBofggTznOHhhX
+As8qrgFsuLuMDMABeVcliqDx9e51NzNPEBhYb4X0iZhIsIn0MuHez/ywQyjX8mHV
+/atsCnUfDv+D6JspaCLIeGY48IvicCVnTubJHp4Yc4pA7Cj/7/9OZk8e9IuyBUxk
+yaKRpqiAZ/EDUSTVYuN2YCLICWFJHVZE+uYqwwuneQvYJHn8pduXeZWHKMOseFF4
+zNoZypW3uLcoQ9ACbsaOOfBSof1T/4KoKXarSnK+lmRa4ZdnwFRKBAH8LLWuvTp9
+4X1GSHapMWIy2kFJBw/CEZvSrYHNehQcXfZLX2wioKHgcLbWYl8+wbLTUjXnTrbn
+yFdbDERNHvyNTYIlEMG6G/S3C3ME/M6ZKxMc8McDOufwkonnsM6rP8Fov+9aBvFN
+1pdV35Z1qUP2g4Es+4mb63Vu864/ixFW3j0JotYdPUQFJKGmKZOmNA9r57EcpCqo
+C4/b6S0Mvt+ra1HtCVobtqZ5y8JJKw2Jd7He9SP6LFoKcCOP741wJp2/NRb1e2Qr
+/IKsLsD2wjq/FDeUYs6/4SpJqt14h9Tv2v0J4RnLP7LWhClfuQZbyfx7IJdliRqv
+HbxDG6TNsWqa2rnQsOz3jQlcJaN7wLrEUxwPlFLZqeJc6KEcz3n0HMrPrY0XvXS2
+2z/Ogb0/gQHZyD8klBACFJXcVxGMEZcyyoYDyzoviZnZLTWbab/SFrFr+qf+uvcv
+U44A4t/a491U/jK6889EiZRfXwjPCSxhod6kb7oVqr6SBWLo+khpCy2fc1gXqwZC
+tH5rt1hkEi6z+GfsP77DLcYVTsnvcMz5Qhhx/kYs6qVY4jWRAkLmRWigPKNjdcc6
+kXuMSA56kwDc5g33gCLrxWiEnL7K5akGVLCRf/y8xx9En0/xFyQiiffxMq1H4YhE
+sFn1f6h1GlIkuPBlTTrlSGNsU7bPpVr5preXnUSK8SnkykKv41IPGkXVp33DuKm6
+pZbRntTOKyOeVM330FXLm9dQyjvbpBwrMt7L5YJ9RlJG
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/ca/ca/intermediate/private/intermediate.key.pem b/ca/ca/intermediate/private/intermediate.key.pem
new file mode 100644
index 0000000000000000000000000000000000000000..00ed457600ef87a355d9b1ed26fe1e9bf651effe
--- /dev/null
+++ b/ca/ca/intermediate/private/intermediate.key.pem
@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJrTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIH0AiSZyP8mcCAggA
+MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBBoM13Kf43LEMshMB8UfJLOBIIJ
+UNTpY/m8yiynjAZtUF2UGPqUBdrynI0bO/+MxUbm+bg8+0dJjLTvzNJl1Nlj2RFY
+sthE5Dwr0oFVTADIku1gEDOwmieDeLcYx7gCyFDwYNAOlrQt2ocFJVHSbIEqRg9b
+krNJWnRBNfuB5eVsW0xpZ+fPdtPaYJ3OgGODmGMBPZi4lBHt7r0xuUFD7SjQKtiV
+QihdohKHolWXqflszGGSmzdPJNnqP+6bwJMvqsCVBhR3rlOhSRGTuSx6qKEYBFym
+kgqL4z8bZcIjjj0vV/XfpqPNfsFi90fJ+xg9zmNVPa5tPIj/4BtuKUnItH/69XFj
+/FZrolCelfAbb5GcaZPATlX5N8673BB6EdWCc8WpCaK2n57qW5jRcrPfMkT6vRb4
+zOigLgzPyPk1JOOKxO7HNuIMuS7VaAyNQZabz8QC9CD/xtLDJtdDGvO4F0kb2Tjn
+C0KTg1iN16B2bpBtmZA91ozpTdqObM7boRVQqgaw7TZxBLKql4XRdr+tlbeoykEg
+MkypwZ2tj6DVWUGbmcUrESKgddL2cPo5/GxYpbG7Js57z/Ok4gBkcVG9X/aiCi2z
+pqJGtEOyHOgHGLvcBQeHUWhNxLKSlwawpW4So85XWwQnxOJxJ9pDWYHzvpixwfcc
+RXLx5zL18fcZmLr3NSnaVfPaCXANDtbwC6lHQY1z0Y9zxXni+yQOt6YAWcaf+lMw
+mVPxZzTAOnNdPM7r+b2LdSFy8vbUQeiZMQaXuSIZAzm5Ogr53TkM610bMcbVorse
+PL/tR3CwYApncD3qMDsXLWkfNl5phhOgT5yDZATQwWTJGd3WO6co5bhPmlHWJqTT
+XBEJHAh8o4A6zeIfRZwDk3pzEyASbGezLBU6+hZC77v1Hl4chjtu03VhFqqgRKOg
+dIfJigknIYC/Z3NqKZUQNQlWiqyUYLg22XM7pHwAcB+Jo14ewQzGbYuLzNYCpVwm
+j7hABzR2QCoTOsfBQKHmwrzfs5XsOkQ7VIEZSl0mjBMoo3OEtxoZK7CTRb/Oakft
+/y0jIZao2mim0/+naWKI7iY9jyW8bj3LhzI4brnH1HGY/D5IbqQs9Upw98eWBDoh
+m4u/ljygdaqN7a2Qji5Io0tKYCcZJ9aItQlDMeV+jVEFZNml6mpwD9isD2gthRZM
+kzZ6NwDZ2kmNPH0+XMDeRC6+WyKKcJumZVk1qQPcajt0UhiE5/RoHcWnFEqsa2iY
+IglqxyMRYtJ2+WqM9uX8YMArmVwHRZyMvYrakaK62ZQcUd350na3N2G5Hb2BFlzb
+nSCsafd9OP2xqnswwOjOriiVT6rBb5e0MLWUxraSA++QBY0rlZEmhsRRo3eBz6+N
+EpKarkeXD4q1de8Xd38HbDNgugnKO+IaP89543pFAJymz2MbjDD6N8Yzr1hkM4wF
+wP2LGcXhiHB67G5JuDRtxLCAVorMv9Xltp+HgVWlYiSbslpvc0J6QhUvRn6qkC5K
+ETLPyLKxGuaBamymOi2lrNkLU5RiEiMPkAu62iv4aydHp22QAQ16A1FmVW8KM+wk
+XmjRhbT+HJuNgK+7u1M5yXOljJFlvc7I7mo6rQTgMH3BZA2jXPKdr4XNPQa8DpEk
+4ymvIsdnJbAmyx6SnwKZmJ4UmN6cRmiC6cAkST2rNsJE+KIaIFFem1sOX5Qbtmpq
+CmZxJ9hitvAo0uY+PgF3xmOAnNiIIe0RFHKFpeGa6jmHDFl63myjEvaEoIOqtQYn
+NZNmtI2Er4fuonr/KUqsY4MN7pUwbtkE5OtCOlRU8nl2cXu2agXImMSCQcXTqNmZ
+6YY5jJQvo1po8Wkf0DCDgqPy1yBHKgcVJhxaE0eOnrAi7GxwG455777ujK4GjGu/
+CqpRCRh027Cn5JJILns+N8QDvXxiVUPz9I3KSP12iITl0ckpNtUQw+HPr+Zqv4Bj
+2M9OluRmtOstH9PCor1rnQSVnGs6az3Nc23VnLc0noTT6ugg9sPSrqbVtACaeip9
+aJGQ3UfOmNjtxH/J0TMvl01K4iPabU3Y++/4/Tc+BjraGxf2ocFdieEQ/sY0mEnE
+wFlEC1D1UgcASgc5E/Ti11phRe8HWDID/AhOf3tP4e7H6jn1VIeiMOW55RmxoUpA
+xH8L84RVZKyN7+CoUQViBfD/IPQYgEu4Ll8SJRYyOUELIpSUDVpMCeOVqEr7nU+y
+vPIUNK9mTpX1Juh4xQBDEI6nrZaI+ZOBAikoUIQ0H+sO/azmxg5yl45aDW5d9le1
+WcR731ceDysWkoTaZ8t0/1dpjWLYXp6oIpR8MFTKsu94UJaFECK4FBixqs74oSZ3
+KY0B5enXbVG6XUyUCjn7qskIW8TTh3m9XfpStH92YmipUwxsTGIEDKSeFO3W3XyP
+EvFafFiKIjVCNU21u6zAoLk9fyGR9/hf9xgcPGQlvisuQ6Rd89/YdCUDrr3YNjHU
+w9yV2J19XqtenfR6Hm32DXc6ZtGMw8VIimbkEYINhmjuf2/vuII34rCjKW4vfJUJ
+nflLz/WIUFqUBP2Bw4K7KnqvPvFhnZJN/7dEmw3sG8VTAJ+Bi6s8vyrEHfsYqqV1
+CWZ//2wdJCdz0sRnn4EhjiVhMB6LV2KTy7eY8AM5x8XgzJHH2I9m5Yh9rLLR9OYa
+5SjQOSquTHGTF4Q36A+q2MUTHH57zz8GXaEa56eINjYabT1L77BPBcrLm/YQezcx
+Da0hMee61S7d/e24/N6ppWqRUdpPnRRnEw/SJ12GU656aNMjjsV+Aesbh1L3zjwf
+MDWLb/5f6QMKfUpkFvekF5ko1X26/ustTcTt5qxKEkSV0EqnfxNhdjWMGur2M6ZK
+AxQ71Z0CjXQPt6pOyOHZB38k6OEaZ6H1G9TUHPKnu71Yur5wDRrGMyLXb/82s55L
+CoLN49YfZ1gezLrodRFibtaW66bxE7CpvuvaRf7mi7Zh5YkvkZUlOGD0Pa7fzzIC
+EIgBg55b/L3LDjWBOce6CTE39CCs2ea2xdboQX3C3bUGAKGTpdV5fiBOe8wnarU7
+OFwzCJX0mvsGX8MDHcu0uPv5aVgaONkYOsY+LN8VZkCUh9qXzDZo3oTDB3pYZHju
+/oqqOJI4L8hlLi094Y6l4FF1P/XDcZRoET9DwTK8SZKywWSX6duiAllV5fq3Fi4/
+x3xduIbx5pUQaZlcqRdhhtki8BzKYHfZBj0nv3F0q6Qp
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/ca/ca/intermediate/serial b/ca/ca/intermediate/serial
new file mode 100644
index 0000000000000000000000000000000000000000..7d802a3e71045bbc2091119755820d2c74fa14d9
--- /dev/null
+++ b/ca/ca/intermediate/serial
@@ -0,0 +1 @@
+1002
diff --git a/ca/ca/intermediate/serial.old b/ca/ca/intermediate/serial.old
new file mode 100644
index 0000000000000000000000000000000000000000..dd11724042e28f013e4fee09715b24c1b9ab10d1
--- /dev/null
+++ b/ca/ca/intermediate/serial.old
@@ -0,0 +1 @@
+1001
diff --git a/ca/ca/newcerts/1000.pem b/ca/ca/newcerts/1000.pem
new file mode 100644
index 0000000000000000000000000000000000000000..9b250508576a7596f2e2505ca16b214160e06343
--- /dev/null
+++ b/ca/ca/newcerts/1000.pem
@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFsTCCA5mgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwcDEXMBUGA1UEAwwOaG9y
+c2V0aW5kZXIuY2gxCzAJBgNVBAYTAkNIMQ0wCwYDVQQIDARWYXVkMQ8wDQYDVQQH
+DAZHZW5ldmExGjAYBgNVBAoMEUhvcnNlIFRpbmRlciBTYXJsMQwwCgYDVQQLDANJ
+U0MwHhcNMjQwNTE2MjA0NTMwWhcNMzQwNTE0MjA0NTMwWjBfMQswCQYDVQQGEwJD
+SDENMAsGA1UECAwEVmF1ZDEaMBgGA1UECgwRSG9yc2UgVGluZGVyIFNhcmwxDDAK
+BgNVBAsMA0lTQzEXMBUGA1UEAwwOaG9yc2V0aW5kZXIuY2gwggIiMA0GCSqGSIb3
+DQEBAQUAA4ICDwAwggIKAoICAQDLE3sYajB3Ngl5FWYxWkFVdKeI1Iw7yzLISssT
+CP7cD7/7zoOKkYJmgGexVF7YwlzdxNUU+NFSAkabOczj5CcTLpGzTgClZEpXL0gh
+FXedT6wNQfUCKt2FQjhP0OdN27A23F9rEqYZzBN/QNoTDkrkZXTSukLCDOwSXHHQ
++5VHCoQzITDZGefmxXMbH/l4p5FZ0/y8hpuDy42oI1wDgk9mnThm6FBYZkaNP7x6
+H0fYeYG6xy4hn/AWXF+FStvBIRiqDTiqXbKXAiF38wxRRTVbdXKVwbn103B/E9OJ
+MyHlajd+JQPy0Rd1/5XmfyeWY24UiudJDnpz/uYJidLZEY9JjnmFDVWLPrc/Orob
+y7mHQAVy3mgHlaCa5rbs9BOztpbOgfmsvoZmRmb5ek5z52f8unjLj+4TTcPAJE1l
+eabN7FBO6bhDBbHjeAAUe0bayv4/5vATsziwWorzM8hiAzosAIzQO+gG/aYXZsb6
+zDxDw4TCoj72H3W1bNAHaxxZByhq00ph6KxQONonX27rV0xqFrn8b9tZ5WTEqsZ9
+df503RW9Y+kWQSR2CoQ+757znKf0geAbLZ03F1/l1qAsAITTFyTtAcyWxp6XgNcz
+/uYoF1XFwwpa56muftq/YcWChw/rrRM6/oTAGm1JsfzGV8IWaFx/yOyg7sOeDzCu
+StA59QIDAQABo2YwZDAdBgNVHQ4EFgQU3oBPLObsVihQeVflp9QH2D1EsZMwHwYD
+VR0jBBgwFoAUQVvImvuKjYpibo2RnDpgILtZgc8wEgYDVR0TAQH/BAgwBgEB/wIB
+ADAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBAG88SXEVK4ahRcKb
+t0goUDifUPQkWByV1KKL3fWUgLQdSE+1+zB320NkRV3yipTc+0G4WR03aw6nd3+O
+veBO9ugHG6t2TMsM7QsuZ5ixcB6Upt5hFosDMZGMylFDW2dJOfNbGeU7CGMIs5OM
+NQU23PspFQbT9gLzgQE01OJvWmi00ljxhtj7opGPaQZhy6OnSMxZrOEmantxZdo9
+za6LZ7c8H/fwYVXOAtbx/gnPIpzCSSNJY4aY+B14sJoStD1B5Rc7BgLiNWwKE+dg
+fy/vwiP9erZE6R4Fpj/ifm/DxE2kP4T0juyz0IZMyO3VvUFdkXoVkiFF4u7feUtq
+PTNJUkjS5bSL9RaM+6lI3DReSbw/g4aT7CDvCKd/GbhUWQhZrNGOvWFh5GS0LjHI
+FFScK0gAmOihuNNGQdSmql1Roz4cnqXArF3S4Jnf7pYsq4hD7ZdtuWzjdppKV17u
+95TChvjbkYbfLLMIb/he5jArNKpjw8EPhQ3Ds0mce9HoFtY1NugJAd7AZ4pePT5e
+Oy3rLUMRerwrwpz1F2ds05zj2SMaEPQkXj1LxSLclRZvx4no+quIgU44FgqlrULf
+gVtiM9tq+MVms+gj0b4ShJreoaKdDFa3RDyOUFSsk5vOQSMx9hw+Z1s5QrC28SU/
+m4nyzgO03eH4rgFALzMnbrhF0hrm
+-----END CERTIFICATE-----
diff --git a/ca/ca/newcerts/1001.pem b/ca/ca/newcerts/1001.pem
new file mode 100644
index 0000000000000000000000000000000000000000..0e1c56461ce24a61296fa56a04253c9340ed9df6
--- /dev/null
+++ b/ca/ca/newcerts/1001.pem
@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFsDCCA5igAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwcDEXMBUGA1UEAwwOaG9y
+c2V0aW5kZXIuY2gxCzAJBgNVBAYTAkNIMQ0wCwYDVQQIDARWYXVkMQ8wDQYDVQQH
+DAZHZW5ldmExGjAYBgNVBAoMEUhvcnNlIFRpbmRlciBTYXJsMQwwCgYDVQQLDANJ
+U0MwHhcNMjQwNTE2MjA1ODMwWhcNMzQwNTE0MjA1ODMwWjBeMQswCQYDVQQGEwJD
+SDENMAsGA1UECAwEVmF1ZDEaMBgGA1UECgwRSG9yc2UgVGluZGVyIFNhcmwxDDAK
+BgNVBAsMA0lTQzEWMBQGA1UEAwwNYW5kcmV3dGF0ZS5jaDCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBAMsTexhqMHc2CXkVZjFaQVV0p4jUjDvLMshKyxMI
+/twPv/vOg4qRgmaAZ7FUXtjCXN3E1RT40VICRps5zOPkJxMukbNOAKVkSlcvSCEV
+d51PrA1B9QIq3YVCOE/Q503bsDbcX2sSphnME39A2hMOSuRldNK6QsIM7BJccdD7
+lUcKhDMhMNkZ5+bFcxsf+XinkVnT/LyGm4PLjagjXAOCT2adOGboUFhmRo0/vHof
+R9h5gbrHLiGf8BZcX4VK28EhGKoNOKpdspcCIXfzDFFFNVt1cpXBufXTcH8T04kz
+IeVqN34lA/LRF3X/leZ/J5ZjbhSK50kOenP+5gmJ0tkRj0mOeYUNVYs+tz86uhvL
+uYdABXLeaAeVoJrmtuz0E7O2ls6B+ay+hmZGZvl6TnPnZ/y6eMuP7hNNw8AkTWV5
+ps3sUE7puEMFseN4ABR7RtrK/j/m8BOzOLBaivMzyGIDOiwAjNA76Ab9phdmxvrM
+PEPDhMKiPvYfdbVs0AdrHFkHKGrTSmHorFA42idfbutXTGoWufxv21nlZMSqxn11
+/nTdFb1j6RZBJHYKhD7vnvOcp/SB4BstnTcXX+XWoCwAhNMXJO0BzJbGnpeA1zP+
+5igXVcXDClrnqa5+2r9hxYKHD+utEzr+hMAabUmx/MZXwhZoXH/I7KDuw54PMK5K
+0Dn1AgMBAAGjZjBkMB0GA1UdDgQWBBTegE8s5uxWKFB5V+Wn1AfYPUSxkzAfBgNV
+HSMEGDAWgBRBW8ia+4qNimJujZGcOmAgu1mBzzASBgNVHRMBAf8ECDAGAQH/AgEA
+MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAL/Q91IV5UoQamfVe
+wg3Wx1dWJw3e7fxZpXAF2GkGgIqsmMZdscU8AQ3eMPriDQcqW0mcSohKl8gN6pvY
+bPqbfrzrZV7LVc/5O0JcWAD1oIJceKLZ2DSaAzPHvz9N0qC9YIDnw8wN1AfqK4OC
+UbTheKVHotYT8S13dAY/asVLpTf8xlvngt3RObe3U6KyO81pGmM/HHRuPMum/fV0
+iHtasCQ4hUZ/+x2wwngnm+yxfcDJaLDJ9IUhQZQwiw27OChh+MLrlkqmzxfntMjv
+/kCImH4T2X3c6czJ56qpLsv7wRDAxsNjJtCasXkXBl+RNvSCer3G3SPB/yl30bUf
+C/OBfJyuGs5H7DdUJ39d0MUK4YC+b7t6YH+dEAD6HZBP2tzmEGcREAtQV+5e5KJD
+KA9AitzuQ18MNJrBTj03qDFi3xhbuykYtKZzVWQRq/MyvxuzJFc59rqhMqp++p/R
+Oj7wv0A6/P+fbUm1FlEiREKFF6ejcJWCP0SdJIlv8ZiTkdg8UGFM0dGed5hXQvww
+nZZhfxOo+NIil1BoGfZZ38qbUNdK2kMxnrTdqgFX53Hz9xqjXTn43FMS+CJRZxVP
+o45dAtQbKOkKStVAWC9cXvzAS4st/hdlC5EkbzsZUXArRjTJ0A633YkDTu6OshKH
+lJDwQc1G93zhyDVJDfMWSf1rg78=
+-----END CERTIFICATE-----
diff --git a/ca/ca/openssl.cnf b/ca/ca/openssl.cnf
new file mode 100644
index 0000000000000000000000000000000000000000..41cf9f3fe617fd610438b666e4b392988b1a353c
--- /dev/null
+++ b/ca/ca/openssl.cnf
@@ -0,0 +1,132 @@
+# OpenSSL root CA configuration file.
+# Copy to `/root/ca/openssl.cnf`.
+
+[ ca ]
+# `man ca`
+default_ca = CA_default
+
+[ CA_default ]
+# Directory and file locations.
+dir = /root/ca
+certs = $dir/certs
+crl_dir = $dir/crl
+new_certs_dir = $dir/newcerts
+database = $dir/index.txt
+serial = $dir/serial
+RANDFILE = $dir/private/.rand
+
+# The root key and root certificate.
+private_key = $dir/private/ca.key.pem
+certificate = $dir/certs/ca.cert.pem
+
+# For certificate revocation lists.
+crlnumber = $dir/crlnumber
+crl = $dir/crl/ca.crl.pem
+crl_extensions = crl_ext
+default_crl_days = 30
+
+# SHA-1 is deprecated, so use SHA-2 instead.
+default_md = sha256
+
+name_opt = ca_default
+cert_opt = ca_default
+default_days = 375
+preserve = no
+policy = policy_strict
+
+[ policy_strict ]
+# The root CA should only sign intermediate certificates that match.
+# See the POLICY FORMAT section of `man ca`.
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+[ policy_loose ]
+# Allow the intermediate CA to sign a more diverse range of certificates.
+# See the POLICY FORMAT section of the `ca` man page.
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+[ req ]
+# Options for the `req` tool (`man req`).
+default_bits = 2048
+distinguished_name = req_distinguished_name
+string_mask = utf8only
+
+# SHA-1 is deprecated, so use SHA-2 instead.
+default_md = sha256
+
+# Extension to add when the -x509 option is used.
+x509_extensions = v3_ca
+
+[ req_distinguished_name ]
+# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
+commonName = Common Name
+countryName = Country Name (2 letter code)
+stateOrProvinceName = State or Province Name
+localityName = Locality Name
+0.organizationName = Organization Name
+organizationalUnitName = Organizational Unit Name
+emailAddress = Email Address
+
+# Optionally, specify some defaults.
+countryName_default = XX
+stateOrProvinceName_default = MyState
+localityName_default =
+0.organizationName_default = MyOrg
+organizationalUnitName_default =
+emailAddress_default =
+
+[ v3_ca ]
+# Extensions for a typical CA (`man x509v3_config`).
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+
+[ v3_intermediate_ca ]
+# Extensions for a typical intermediate CA (`man x509v3_config`).
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true, pathlen:0
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+
+[ usr_cert ]
+# Extensions for client certificates (`man x509v3_config`).
+basicConstraints = CA:FALSE
+nsCertType = client, email
+nsComment = "OpenSSL Generated Client Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
+extendedKeyUsage = clientAuth, emailProtection
+
+[ server_cert ]
+# Extensions for server certificates (`man x509v3_config`).
+basicConstraints = CA:FALSE
+nsCertType = server
+nsComment = "OpenSSL Generated Server Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth
+
+[ crl_ext ]
+# Extension for CRLs (`man x509v3_config`).
+authorityKeyIdentifier=keyid:always
+
+[ ocsp ]
+# Extension for OCSP signing certificates (`man ocsp`).
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer
+keyUsage = critical, digitalSignature
+extendedKeyUsage = critical, OCSPSigning
diff --git a/ca/ca/private/ca.key.pem b/ca/ca/private/ca.key.pem
new file mode 100644
index 0000000000000000000000000000000000000000..4f9edfef9f9b39d292a6f6bfa5037c8e4472d642
--- /dev/null
+++ b/ca/ca/private/ca.key.pem
@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJrTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQI9YmgqJcpc5cCAggA
+MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBBxaUE3Gj6D8Jz9H0zGG6/tBIIJ
+UONiUMPxfxJaj8yyQRXqNoBktoILklo6C+EiYxuWH4HbnRN/Ul3Cr1cZRJkV7fAL
+onp2NU5iYs2kqq3wOZcABN7rZNT/pxFUwrsjenCs8r19WtA/SNRY/slHmYZJ23ZG
+LOIn6Hx/jdO5QxsWRWP+nCcZZDcSVdOk/SE+/ynVt49e0bjPQVbnuCp085dsXxsg
+Am0xkryUYuBP3ZdkkBJNleKXCjRYZQUsvfWGb2hVv0zDKhhVirpeQuxE8um/XFBj
+uqik2WCXMZXMPdtAznyo6tl82IhA2/9RYbkV+Pd+FAT+wcU7kFA7OUrteYrcYkXS
+ipEGIS9p4k6CjXgNiKOdPi9LKNg+G01GmGXWsKBYR0zk4JVSPg609NZFspFq4O+/
+3G5xU4XnefKL2uOvMqCJCNd32v3oQtmju3tl9lhYH+8AOt7qnlXosyZzn7Z8N+BJ
+QnSDwgjljBOQEqRrqzCJo9p4HcTvoWzrBjrA2O/l6GhRtZliM4sU40f414dUynh/
+gncLyWSx779dgRx/yQuQHCms7Ck5lSwQTCvSz6XHTz/yWaN96OmE9XWIyLqgEB31
+m3O4rMpGMHxfzjUJbSMg+WTFRDF5MSZzd73XZs54Nm5MOMRuWjzCcPndEmL5j0cB
+sJHv5H4dZXzJl2DiGeDVJhpzFRQgWo3IT7RsSIkHSUsxID7V+yYR+k+pJYpV1890
+2tzeuG5sdzseFr9+FekxnDBLmfjt/spoqSh2+fBf1KlZCa3ZlNAbewTK+/uc6bSn
+bzE5xdL0QKMCyB4c7suh5UUZ2xQuZszbshlyyw5xJvXfZVNI9h/sxfmn6gTDjX2W
+kSvNVbIdlmQrGXPnUR5n8C6jE1Hs8fdbUi2jOwWQiev8J73dHa5PQ7zOuDA6AyBI
+Lwthezb9gyIMMnVW6+2HAgCiZ4G0HwquF1Ye9G0vnphF8+i44QckghTqukUzM+sq
+8Q5W+xP7GrO9pgLbR6TmZrCvy92txfdEN7DNpdrvYYg4lCzlPnXvhYVWTW2sGPM/
+TONcmNd4ikzeLTkm1j2PAVJn2rak0feNo3fP3Gum5TglR/zBhRewyx5FFTX2xDKR
+nSkLfqd698tF1P3RTb0uA7cu/PwhQHqB1mD1v95jzX37Hq7lnJ+zWaqYfy3RE8BL
+oLncy7k2LMSfN/xC3+qY3NS7D+F946cRwF3IOFENTmMlkLHtlUdxwjVOl1sSTnHr
+DSgNdIv+K2mA8Ejrqof/obDMQNgSp07Ei2Jrtg/wpr95Y9i7MoF4wIxnVjy1LP/e
+fNhUwybef4ZjDLGl97E6gXdJXabWTWBzFU+GJ+lD9n0f/9x0wSbZMy/A4KV1e9Ej
+9xQY96OApJsnpvGIdomVr4D+Z00WL/L18KdZaIziT/qXQcNQSNdSUOpoyVJtElR2
+x+16b6RoC7hIIwh9Lj0FYBAJGaK2DVvqMFC7i4b/zN0F04jzE4YHYBIY6hrUa4SR
+Hc70FJTNMgsr9xsEOstcuXpjac5mmMGI0pxsLDmSemgPUw6xjPF3vL297f5rnRvg
+2PH9S1Rw47VOss2gARXd26In0ZVFjQ2lwIbsm3GhOt34vnqOpuzIFi0xeDVilI+o
+Lv+AyfVTPIk6ZJ3UaYjN1CNWrViR+VRcKpVV70nt+Z3coudycWpK01FTQPsq5xzk
+QC7tcO2EVZDTckAUK+dCgDlIMSaEr7zLiCuBGXPbkaaYGLers6t2iQW95m8Ddeym
+i1GtDog6clfzRt8spNl4lTfoeiaR1Dq2CnRktLxgqA0WlORcVOWTQ7l+tIGTM0Mo
+rtBGvUso56frBwkkKyDLhGGomj8ezSie4K+5pjXC9ucfL1rMOs38TjIhj9GlqY7T
+31cjp+35h0FQ54RgvBO7T0Vr2b8eiXgAwPdHIcQAH2yp5GU65iat2JyvvIZJgm0n
+AYkpsXfXzYiowEp8kiPhFiS2JOVgr0afcu31zgwQvvz6W/SMiyTGwxYlRdwfG8PC
+azqKEr0RO2I+6MWtP8sU7ijFiy30xGglUJlqyOg9cFDAedOeW+uqslCflDkrTnyu
+JXlnMsZcwURDRu1w/HrZSBxfwwul76bLlMcj0ss+kZj8/BGm6LSJQwFTFwgwARc2
+pyEIcZ58tlfWDGJsoXX77wnNf1MUFGW69frcCywbrqRjXuhsRNcZfWj9Cx63N3i9
+IYhmy4hxFMcI5pSTgpkg0LECxl7OUudbAUlkyjRmQHaqN3+eotNRnUkek9CXIl3i
+89+iOTYIBlL8xaNCyyDijP4IZzOuVUMqOtNX7jio4v/ORDPtIwJR6HLWrqmSZOIX
+e/KvbdqAWtThcjsFh4ysvKNMPlXuBLRThRT37gGfRcyAmaBXsO6NuFhmdArUP19y
+kxCdQErPrxE+9eQTgDFc/fZ3A7+YMtFaipXcA5JiGJuF4Ezyvp8C/zFe3DAEdEyd
+C7JKlxy3uK9JGEoenX237yNwjhYluqgwSlxuEDvGr10cyLttirzgYDEmYYK0AAyi
+i39znPQuwwCneiqAmlQ20cV3ToOIeAhNS0KfvkcWaXWJPOI/M4uGhF9DioojrGWf
+Az825TTYZcx2PH2F25sQex0NJih4WypRSITDoA+RA7uQIyoaLL8/4OCZG+izNWMm
+HtZz7XL+fTYKJdRbxPd3VgZcNMQk+ir1kIsaCJkTQWc6me0Rh9dbfwwi7GZzGQJo
+GTZllCI5/mLVvQe4ujc/9NtRIazWEimEiHMblNTrVvGbHX7rHly47ILnls2V0+md
+ADSsAiN9UTxDTdH+0xnPWUFhaNrY9XBHH3FBaqL1itnN1U/NdELN6MDkX93HPhVK
+pdDmffg3sccoA8gZRxCZAfI2SJSFh9LYHY8B/ZYNFNGwf/d36kvnPqL+OLAdYI4q
+DbyAhhMXDA+2xLS9+gDOC65zT8luKXPKtTZud0VntO2eRlRDdHmJMH+SP2Uk2rST
+YSZ8YYqd30mnQchxnJugxdwPPMbtQhpoxz2puNmR+HDJqkM+cYKK6I3l4BkqI1aZ
+wk8BA6jNdNeaJULT62DHRD3XIUfjFOJmf/q/nstKVb22sgfqKUG5wangV3RU4Z5F
+rQUOYGbmzRpfctH2YpCOdU+Ay46hOoKqeC/ymlyqaCTZMdtL1hg++kyrrzbb80NF
+Qhg10RH1+skcs0kFXmhntEAMdtfyiRUSrsvn/bGSKdjx
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/ca/ca/serial b/ca/ca/serial
new file mode 100644
index 0000000000000000000000000000000000000000..7d802a3e71045bbc2091119755820d2c74fa14d9
--- /dev/null
+++ b/ca/ca/serial
@@ -0,0 +1 @@
+1002
diff --git a/ca/ca/serial.old b/ca/ca/serial.old
new file mode 100644
index 0000000000000000000000000000000000000000..dd11724042e28f013e4fee09715b24c1b9ab10d1
--- /dev/null
+++ b/ca/ca/serial.old
@@ -0,0 +1 @@
+1001
diff --git a/ca/crl/ca.crl.pem b/ca/crl/ca.crl.pem
new file mode 100644
index 0000000000000000000000000000000000000000..369b32d0d1d75590fc681e78e6f01eadf73352b9
--- /dev/null
+++ b/ca/crl/ca.crl.pem
@@ -0,0 +1,19 @@
+-----BEGIN X509 CRL-----
+MIIDAjCB6wIBATANBgkqhkiG9w0BAQsFADBwMRcwFQYDVQQDDA5ob3JzZXRpbmRl
+ci5jaDELMAkGA1UEBhMCQ0gxDTALBgNVBAgMBFZhdWQxDzANBgNVBAcMBkdlbmV2
+YTEaMBgGA1UECgwRSG9yc2UgVGluZGVyIFNhcmwxDDAKBgNVBAsMA0lTQxcNMjQw
+NjI0MTQzMDI0WhcNMjQwNzI0MTQzMDI0WjAVMBMCAhACFw0yNDA2MjQxNDI5Mjha
+oDAwLjAfBgNVHSMEGDAWgBRBW8ia+4qNimJujZGcOmAgu1mBzzALBgNVHRQEBAIC
+EAAwDQYJKoZIhvcNAQELBQADggIBAJRXiECGosPAEfaN51urbw381VTe32qfoV8w
+47mZdbK9Q78zG1pObAMw0o0pzWYV8siST7RwQlsOFR4tXb1NePpsyU+fz0/eIwzE
+PDQie43B0sajiWEugRMnYS/PKJBigvLYj1ILZh9A1Ku1LYVQFYONV/mESF2hylpe
+pnosfiByzwbmGEioTDYbB2dX7F6jZXXfQvA4tWwhiI0q9Yx/TCw37Gj244HDnSNS
+mO6+Ag0ghHGWr6KBBGeK+DeQBslIdcNTteufKmBYrgFi4ih1h/3b52vssnYqVqwR
+UqPIGf6CO/1N41PJXWglOEgh8mk2oMDlVG9/og2tZrRkHggg2Jasjo1A8Z7ygjYl
+t8nmWqlLU+KQazow7hdaOGmodDYAnxPSc4dsnpOpYUdDFdgxXuubYLvnBnSs7Xcq
+ieKN0F3HtjVAvGm8yzRmqBpa0+zxlaEJrlO3PHBGdwn94ljvbcYPL0tqF4Vdwgy1
+s39CTaJNXw96D16Tkly7jA8++e3UM1yfOlHkwO1pXwqmwYNynhPAbIXcxW4WQ/qE
+A/qNW/nIPEiHgIGIdpH+sx7f8BVc0YUCqbplZ7YAoFN/AvUz+NzGvaaMIPWrsvTd
+B5Lpmvh7P2X1jGrt1BfFqpLp2Qbe86npJ25Q3dhx2cG0njIAOOUw7mrx2XeKU3Jn
+nf6jpcwQ
+-----END X509 CRL-----
diff --git a/ca/crlnumber b/ca/crlnumber
new file mode 100644
index 0000000000000000000000000000000000000000..dd11724042e28f013e4fee09715b24c1b9ab10d1
--- /dev/null
+++ b/ca/crlnumber
@@ -0,0 +1 @@
+1001
diff --git a/ca/crlnumber.old b/ca/crlnumber.old
new file mode 100644
index 0000000000000000000000000000000000000000..83b33d238dab9943201aaf267f701e8ea5fc9268
--- /dev/null
+++ b/ca/crlnumber.old
@@ -0,0 +1 @@
+1000
diff --git a/ca/full_chain.pem b/ca/full_chain.pem
new file mode 100644
index 0000000000000000000000000000000000000000..dd2ab75e3ec14c99b06bd07aaff18a4bd548ef9e
--- /dev/null
+++ b/ca/full_chain.pem
@@ -0,0 +1,60 @@
+-----BEGIN CERTIFICATE-----
+MIIElzCCAn+gAwIBAgIUCPlRQLy/Sh2+/US9YJTB+zvLbdswDQYJKoZIhvcNAQEL
+BQAwXjELMAkGA1UEBhMCQ0gxDTALBgNVBAgMBFZhdWQxGjAYBgNVBAoMEUhvcnNl
+IFRpbmRlciBTYXJsMQwwCgYDVQQLDANJU0MxFjAUBgNVBAMMDWFuZHJld3RhdGUu
+Y2gwHhcNMjQwNjE4MTg1NzExWhcNMjUwNjE4MTg1NzExWjBbMQswCQYDVQQGEwJD
+SDEPMA0GA1UECAwGR2VuZXZhMQ8wDQYDVQQHDAZHZW5ldmExEDAOBgNVBAoMB0Nv
+bXBhbnkxGDAWBgNVBAMMD2NvbXBhbnkuYmliaS5jaDCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAK+IC/2VqLLJ/PzzWeV2dbsvxUIrg26UJZnxJ5FlK1tg
+G0QSyK/aGA162es1slL5grwgjCSu8OFKHEKey8Y75v49+9IWLtOnqtx4y/l6zY6c
+6KrR1yJ88u9yCHVHODmqhnENWVduAdFDQZXFSDrlP0Udn8Agka+VxIUZn7GxiCQW
+etgMp4zQ4UNDZjECzsQ46Hp3WqpdeAVxFxblfDPlrVBnAdWnlbBdZ3798XHDOvDX
+Josmoc8DnWkkiVOmL0KFKw9R7dAhWyTXnVojqotPxGZPbDwwPv0QSaSsolrPQ9x4
+BOSf/QgZKQXW0Q35UgDT0bzT+wIyUezu3prJRd/2oIsCAwEAAaNQME4wHQYDVR0O
+BBYEFJbDmkp+DYOTwK255fK13gEd1u15MB8GA1UdIwQYMBaAFN6ATyzm7FYoUHlX
+5afUB9g9RLGTMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAAMgdzDm
+APOTu/UwuZPeTBY8qwkG74omNSG/8Yrz0XG8bYIBwFITvigbaPhMqOpSaztODiE2
+KLl4B58087M5UYHaDjv1O2Ps6KepOyUqPi3VWIplrUJYGk23Xe252fL5HbgSTsTK
+QFl6k/YMvw5YPNILRm3YP9Ud0KeSGJkE8/HGzyFChmGMwhgez1XhUjs8+PftCrf9
+xAZHigy8stkwU/Jwa0KfyxepF898AV9DEaVzJt4b+pM8BAWKWRTM+ioOjqL5z3b3
+TdRg8g8b8bfKEAotgy1S7SOZd5k0t/osp+rn97BwmK2VjkUGa4MLlQzz4Po4UGAc
+s1mHPpoigjTaHilH9UL2ByavGgK2bEIK3hkht/MYzqPJrOyT9QaJ9xU9j/syLQPA
+86qQ03Wo40QPZj91lLbZianiw4c2WXYDcpSD4exAOXSfVtaey3rvkbnVNR9uKigs
+Npm38Fbr6adNKWD+klwDzS4BEcUFcJsh68rzNW5hNM26dp4r3dajxumPg5RD+9yu
+iG+WlvonDoHFXIrtXcT9vSUGuoDOp0V3BpB9cBV8MGN7f5ROdMGJSf6BlBuNe0/c
+FUnbxtzct3uDQyCDn67xhZ3UMcjsU3ithRnuJbLfOaJEFEQqw/3qMD8ABrTudmHX
+5SVV97xuOTyQUgeCqA32JnBzWdXWB69HAOdk
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFsDCCA5igAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwcDEXMBUGA1UEAwwOaG9y
+c2V0aW5kZXIuY2gxCzAJBgNVBAYTAkNIMQ0wCwYDVQQIDARWYXVkMQ8wDQYDVQQH
+DAZHZW5ldmExGjAYBgNVBAoMEUhvcnNlIFRpbmRlciBTYXJsMQwwCgYDVQQLDANJ
+U0MwHhcNMjQwNTE2MjA1ODMwWhcNMzQwNTE0MjA1ODMwWjBeMQswCQYDVQQGEwJD
+SDENMAsGA1UECAwEVmF1ZDEaMBgGA1UECgwRSG9yc2UgVGluZGVyIFNhcmwxDDAK
+BgNVBAsMA0lTQzEWMBQGA1UEAwwNYW5kcmV3dGF0ZS5jaDCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBAMsTexhqMHc2CXkVZjFaQVV0p4jUjDvLMshKyxMI
+/twPv/vOg4qRgmaAZ7FUXtjCXN3E1RT40VICRps5zOPkJxMukbNOAKVkSlcvSCEV
+d51PrA1B9QIq3YVCOE/Q503bsDbcX2sSphnME39A2hMOSuRldNK6QsIM7BJccdD7
+lUcKhDMhMNkZ5+bFcxsf+XinkVnT/LyGm4PLjagjXAOCT2adOGboUFhmRo0/vHof
+R9h5gbrHLiGf8BZcX4VK28EhGKoNOKpdspcCIXfzDFFFNVt1cpXBufXTcH8T04kz
+IeVqN34lA/LRF3X/leZ/J5ZjbhSK50kOenP+5gmJ0tkRj0mOeYUNVYs+tz86uhvL
+uYdABXLeaAeVoJrmtuz0E7O2ls6B+ay+hmZGZvl6TnPnZ/y6eMuP7hNNw8AkTWV5
+ps3sUE7puEMFseN4ABR7RtrK/j/m8BOzOLBaivMzyGIDOiwAjNA76Ab9phdmxvrM
+PEPDhMKiPvYfdbVs0AdrHFkHKGrTSmHorFA42idfbutXTGoWufxv21nlZMSqxn11
+/nTdFb1j6RZBJHYKhD7vnvOcp/SB4BstnTcXX+XWoCwAhNMXJO0BzJbGnpeA1zP+
+5igXVcXDClrnqa5+2r9hxYKHD+utEzr+hMAabUmx/MZXwhZoXH/I7KDuw54PMK5K
+0Dn1AgMBAAGjZjBkMB0GA1UdDgQWBBTegE8s5uxWKFB5V+Wn1AfYPUSxkzAfBgNV
+HSMEGDAWgBRBW8ia+4qNimJujZGcOmAgu1mBzzASBgNVHRMBAf8ECDAGAQH/AgEA
+MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAL/Q91IV5UoQamfVe
+wg3Wx1dWJw3e7fxZpXAF2GkGgIqsmMZdscU8AQ3eMPriDQcqW0mcSohKl8gN6pvY
+bPqbfrzrZV7LVc/5O0JcWAD1oIJceKLZ2DSaAzPHvz9N0qC9YIDnw8wN1AfqK4OC
+UbTheKVHotYT8S13dAY/asVLpTf8xlvngt3RObe3U6KyO81pGmM/HHRuPMum/fV0
+iHtasCQ4hUZ/+x2wwngnm+yxfcDJaLDJ9IUhQZQwiw27OChh+MLrlkqmzxfntMjv
+/kCImH4T2X3c6czJ56qpLsv7wRDAxsNjJtCasXkXBl+RNvSCer3G3SPB/yl30bUf
+C/OBfJyuGs5H7DdUJ39d0MUK4YC+b7t6YH+dEAD6HZBP2tzmEGcREAtQV+5e5KJD
+KA9AitzuQ18MNJrBTj03qDFi3xhbuykYtKZzVWQRq/MyvxuzJFc59rqhMqp++p/R
+Oj7wv0A6/P+fbUm1FlEiREKFF6ejcJWCP0SdJIlv8ZiTkdg8UGFM0dGed5hXQvww
+nZZhfxOo+NIil1BoGfZZ38qbUNdK2kMxnrTdqgFX53Hz9xqjXTn43FMS+CJRZxVP
+o45dAtQbKOkKStVAWC9cXvzAS4st/hdlC5EkbzsZUXArRjTJ0A633YkDTu6OshKH
+lJDwQc1G93zhyDVJDfMWSf1rg78=
+-----END CERTIFICATE-----
diff --git a/ca/gen_cert.py b/ca/gen_cert.py
new file mode 100644
index 0000000000000000000000000000000000000000..035f418ebdb804c253a90fe83ebd5d5d93292077
--- /dev/null
+++ b/ca/gen_cert.py
@@ -0,0 +1,149 @@
+import os
+import datetime
+import argparse
+from cryptography import x509
+from cryptography.hazmat.primitives import hashes, serialization
+import requests as req
+from dotenv import dotenv_values
+
+
+def load_ca(ca_cert_path, ca_key_path, ca_key_password):
+ with open(ca_cert_path, 'rb') as cert_file:
+ ca_cert = x509.load_pem_x509_certificate(cert_file.read())
+
+ with open(ca_key_path, 'rb') as key_file:
+ ca_key = serialization.load_pem_private_key(
+ key_file.read(), password=ca_key_password)
+
+ return ca_cert, ca_key
+
+
+def load_csr(csr_path):
+ """ Load CSR file
+
+ Args:
+ csr_path (): string representing the path to the CSR
+
+ Returns:
+
+ """
+ with open(csr_path, 'rb') as csr_file:
+ csr = x509.load_pem_x509_csr(csr_file.read())
+ return csr
+
+
+def create_certificate(csr, issuer_cert, issuer_key, is_intermediate=False):
+ subject = csr.subject
+ issuer = issuer_cert.subject
+ builder = x509.CertificateBuilder().subject_name(
+ subject
+ ).issuer_name(
+ issuer
+ ).public_key(
+ csr.public_key()
+ ).serial_number(
+ x509.random_serial_number()
+ ).not_valid_before(
+ datetime.datetime.now(datetime.UTC)
+ ).not_valid_after(
+ datetime.datetime.now(datetime.UTC) + datetime.timedelta(days=365)
+ ).add_extension(
+ x509.SubjectKeyIdentifier.from_public_key(csr.public_key()),
+ critical=False
+ ).add_extension(
+ x509.AuthorityKeyIdentifier.from_issuer_public_key(
+ issuer_cert.public_key()),
+ critical=False
+ ).add_extension(
+ # is_intermediate: True => new cert can sign certificates
+ x509.BasicConstraints(ca=is_intermediate, path_length=None),
+ critical=True
+ )
+
+ certificate = builder.sign(
+ private_key=issuer_key, algorithm=hashes.SHA256())
+ return certificate
+
+
+def save_certificate(cert, filepath):
+ with open(filepath, "wb") as f:
+ f.write(cert.public_bytes(serialization.Encoding.PEM))
+
+def get_certificate_details(cert, cert_name):
+ txt = f"Details of {cert_name}\n"
+ subject = cert.subject
+ for attr in subject:
+ txt += f"{attr.oid._name}: {attr.value}\n"
+
+ txt += f"Validity for {cert_name}\n"
+ txt += f"\t Not valid before: {cert.not_valid_before}\n"
+ txt += f"\t Not valid after: {cert.not_valid_after}"
+
+ return txt
+
+def main():
+ parser = argparse.ArgumentParser()
+
+ parser.add_argument("ca_cert_path", help="Path to the CA certificate")
+ parser.add_argument("ca_key_path", help="Path to the CA private key")
+ parser.add_argument(
+ "csr_path", help="Path to the Certificate Signing Request (CSR)")
+ parser.add_argument("output_cert_path",
+ help="Output path for the signed certificate")
+ args = parser.parse_args()
+
+ config = dotenv_values(".env")
+
+ bot_token = config["API_TELEGRAM"]
+ channel_id = config["CHANNEL_ID"]
+
+
+
+ ca_cert_path = args.ca_cert_path
+ ca_key_path = args.ca_key_path
+ csr_path = args.csr_path
+ output_cert_path = args.output_cert_path
+
+ os.system("stty -echo")
+ ca_pass = input("Enter private key password: ")
+ os.system("stty echo")
+ print("\n")
+
+ try:
+ ca_cert, ca_key = load_ca(
+ ca_cert_path, ca_key_path, ca_key_password=ca_pass.encode())
+ except:
+ print("Bad password")
+ exit(1)
+
+ csr = load_csr(csr_path)
+
+ signed_cert = create_certificate(
+ csr, ca_cert, ca_key, is_intermediate=False)
+
+ save_certificate(signed_cert, output_cert_path)
+
+ with open("full_chain.pem", "wb") as f:
+ f.write(signed_cert.public_bytes(serialization.Encoding.PEM))
+ f.write(ca_cert.public_bytes(serialization.Encoding.PEM))
+
+
+ msg = f"Certificate {csr_path} saved at {
+ output_cert_path}.\nSigned by {ca_cert_path}\n\n{
+ get_certificate_details(ca_cert, "Signer certificate")}\n\n{get_certificate_details(signed_cert, "Signed cert")}"
+
+ url = f"https://api.telegram.org/bot{bot_token}/sendMessage"
+
+ payload = {
+ 'chat_id': channel_id,
+ 'text': msg
+ }
+
+ print(msg)
+
+ response = req.post(url, payload)
+ print(response.json())
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ca/index.txt b/ca/index.txt
index 88c6f84ef86ee756f371f11cf1c4ae9320fdd0ce..fd3887ba98c780eea4ed2d552bb9eaf134d01f82 100644
--- a/ca/index.txt
+++ b/ca/index.txt
@@ -1,2 +1,3 @@
V 340514204530Z 1000 unknown /C=CH/ST=Vaud/O=Horse Tinder Sarl/OU=ISC/CN=horsetinder.ch
V 340514205830Z 1001 unknown /C=CH/ST=Vaud/O=Horse Tinder Sarl/OU=ISC/CN=andrewtate.ch
+R 250704134243Z 240624142928Z 1002 unknown /C=FR/ST=Ain/L=Ferney/O=Internet Widgits Pty Ltd/CN=bob.ch
diff --git a/ca/index.txt.old b/ca/index.txt.old
index 2aeb72eb88aa4dca6a476feba88e0ac7524fb496..88c6f84ef86ee756f371f11cf1c4ae9320fdd0ce 100644
--- a/ca/index.txt.old
+++ b/ca/index.txt.old
@@ -1 +1,2 @@
V 340514204530Z 1000 unknown /C=CH/ST=Vaud/O=Horse Tinder Sarl/OU=ISC/CN=horsetinder.ch
+V 340514205830Z 1001 unknown /C=CH/ST=Vaud/O=Horse Tinder Sarl/OU=ISC/CN=andrewtate.ch
diff --git a/ca/intermediate/certs/bob@example.com.cert.pem b/ca/intermediate/certs/bob@example.com.cert.pem
new file mode 100644
index 0000000000000000000000000000000000000000..70e6f1befee045b77d617d86fe9d586f58a714c6
--- /dev/null
+++ b/ca/intermediate/certs/bob@example.com.cert.pem
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIFADCCAuigAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwXjELMAkGA1UEBhMCQ0gx
+DTALBgNVBAgMBFZhdWQxGjAYBgNVBAoMEUhvcnNlIFRpbmRlciBTYXJsMQwwCgYD
+VQQLDANJU0MxFjAUBgNVBAMMDWFuZHJld3RhdGUuY2gwHhcNMjQwNjI0MTM0MjQz
+WhcNMjUwNzA0MTM0MjQzWjBgMQswCQYDVQQGEwJGUjEMMAoGA1UECAwDQWluMQ8w
+DQYDVQQHDAZGZXJuZXkxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
+ZDEPMA0GA1UEAwwGYm9iLmNoMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAwU3uA3zfpFf0mLf/wsJwpQ5alNymgoO+FdTpKMqkousgLxglZlgq4V2TNqzw
+AngPxKh9r4vaJK7TZeFf0GqOU4RNKKsnZEp+nJR45m/+txKplaNXxBn4pgpIU+dj
+/bk4PIKZAcea0HdrmR0/g26mDN4YR6k421AJcFAAEWEDu1XYMczakf1La5BmPK6k
+qJ7LVueEoRfraogmjJhRVukqdAtdy0oLSZADs4tucC6MYCmhRaUIQWsGdZm4JKZS
+K8zFZ+7poCdjJOZa6Bdz2TKhLt8ww9Up5G1ytV6GPnmksGZaAMIyomQk2D8pu0bZ
+Z6vw9aem8S/NIXdTDJVCbVLgrwIDAQABo4HFMIHCMAkGA1UdEwQCMAAwEQYJYIZI
+AYb4QgEBBAQDAgWgMDMGCWCGSAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBD
+bGllbnQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFLxgCLGmSngsuDMhT1yMn5NhTDeM
+MB8GA1UdIwQYMBaAFN6ATyzm7FYoUHlX5afUB9g9RLGTMA4GA1UdDwEB/wQEAwIF
+4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwDQYJKoZIhvcNAQELBQAD
+ggIBADPfZDlqypv0i+A1VfPnekZhi/MCMcppPJNOmL4smapdPtlw6RzUxzNb2llx
+JYOmYapgQZJFbC7j7bV4mOkC1sO/dhYTr52RHNz01U1+6Eaj+tbWbEKz63VQWuzT
+tIGoisNIW3LfaaSrjnEHppDkEAYoeHScTlFh/aPSMemrsQhkhbHKZX2FN9EvxYO5
+QwahOIhxudBTd4knHlyPYblnCwlunv6VCPAB1/6nn0XUlRpY4MQVY3s8ud+yLG9V
+PLlT8Pa7jSmnb55eRJBgs3IXezWgi0/FLjjFDuz+bzV1d7hj+ufDKkevvSkSZuM8
+WQ9G9dDlZk3RMtCH5vMaZbSINosXnQk/rTbkf8Xfs82NCoSvkIJK7l2jFdLp8pCB
+AacCQOf/Z+8FopzlbYcvFol0hnhH+VXb7SBQO19slgTv9DFjNuhQWdbiVlwIjizK
+t1h2TJ2FnjB2nEtBIpzcVVKSBkjjN7Kfxd/N0lKpuJFPIP/Qo3LaZMSUPUqWYgdn
+Coym52m5QZ/OizF0s5jmiiMej8DAVLKi/IceewUbiOL7RZDIvCdgaJkZ0NHW33jH
+7IqQzeoYLVa0yrZc+hTaW8zH9kjudsxyEFixaZjPMb7haOa6CRTtMgO3f+468yyJ
+Xo90S3mgR2yuJAQoEWdCXg2CnFWnuDvx0wntsBqkTEHL/uJj
+-----END CERTIFICATE-----
diff --git a/ca/intermediate/crl/intermediate.crl.pem b/ca/intermediate/crl/intermediate.crl.pem
new file mode 100644
index 0000000000000000000000000000000000000000..88b91ecc1d3042181cbd4f7f247d815a2b755782
--- /dev/null
+++ b/ca/intermediate/crl/intermediate.crl.pem
@@ -0,0 +1,18 @@
+-----BEGIN X509 CRL-----
+MIIC8DCB2QIBATANBgkqhkiG9w0BAQsFADBeMQswCQYDVQQGEwJDSDENMAsGA1UE
+CAwEVmF1ZDEaMBgGA1UECgwRSG9yc2UgVGluZGVyIFNhcmwxDDAKBgNVBAsMA0lT
+QzEWMBQGA1UEAwwNYW5kcmV3dGF0ZS5jaBcNMjQwNjI0MTM0NTQ1WhcNMjQwNzI0
+MTM0NTQ1WjAVMBMCAhACFw0yNDA2MjQxMzQ0NTJaoDAwLjAfBgNVHSMEGDAWgBTe
+gE8s5uxWKFB5V+Wn1AfYPUSxkzALBgNVHRQEBAICEAEwDQYJKoZIhvcNAQELBQAD
+ggIBAGFhDINRAUjwZMsItiX6GWZ/VaMPF1gkhA0aDk80Aa1rDKLfcxhnhHbOtKOL
+PaA0NpJqQAa2xXnWMMj8H9BNx/EuFEL50JSgOCNmw2BloHd7QaYUC3kxT00oe+hR
+Upva8AikDmAlb4ZVSRiVWOeHqx6NPUURPHjnxPDeCen1DDCh69KP/xSz5W+DwoEh
+l2DKtwv2MPGPRrBkcYIQcx3b1Uk6nS4llWMhmLiDUut5oahpnCFLcZuTKt5RnGKe
+wZdmXz70olMZ5gmqXS2lDjxnUdU2hpNCoDDjT1psJ1/eMFvfPM7WcWdVJ0L3QahF
+xgjU/RqSocD1nbktikhXHcWPgJtFuxV4iMRij2XkZV1FUdqTQMi43LdYGbm9d8W9
+4+CE7zW1ZEJddXOVUNbFibeeUxTb72FfFOlp8lFf0/DMTotYNXW1vT7ot/11FZmq
+ilgW0pEAEb+1dLWAbFyzDx+qgJC6uLPcQBBWhayu2vpH10Mx+ycz8oGfBvWn53xw
+uLAFoGPs76QhkkaDshSLqjg+l53I6+oq4Q6dtIEfS/Gv3tnXYH0yzFvssU4XjlP6
+mibHuBFCpjR5phhR7JUAz5pQQbcDD4bq5KKnDw2Zt8g40WyJVx0PGvz9tiPQQ6Ka
+Qhttl0x6Se8JKjtOhsahpwpu4U4eJlUnEEWzzqYPXPOsv79Z
+-----END X509 CRL-----
diff --git a/ca/intermediate/crlnumber b/ca/intermediate/crlnumber
new file mode 100644
index 0000000000000000000000000000000000000000..7d802a3e71045bbc2091119755820d2c74fa14d9
--- /dev/null
+++ b/ca/intermediate/crlnumber
@@ -0,0 +1 @@
+1002
diff --git a/ca/intermediate/crlnumber.old b/ca/intermediate/crlnumber.old
new file mode 100644
index 0000000000000000000000000000000000000000..dd11724042e28f013e4fee09715b24c1b9ab10d1
--- /dev/null
+++ b/ca/intermediate/crlnumber.old
@@ -0,0 +1 @@
+1001
diff --git a/ca/intermediate/index.txt b/ca/intermediate/index.txt
index 057e5c949445efa9fe7ce9bf98059d3e19df3292..648abdb0cc674f93f88075213a21c75f698243ce 100644
--- a/ca/intermediate/index.txt
+++ b/ca/intermediate/index.txt
@@ -1,2 +1,3 @@
V 250526211508Z 1000 unknown /C=CH/ST=Vaud/L=Geneva/O=Bibi Ltd/OU=ISC/CN=bibi.ch
V 250526212217Z 1001 unknown /C=CH/ST=Vaud/L=Geneva/O=Le Trio Gagnant/OU=ISC/CN=bibi.ch
+R 250704134243Z 240624134452Z 1002 unknown /C=FR/ST=Ain/L=Ferney/O=Internet Widgits Pty Ltd/CN=bob.ch
diff --git a/ca/intermediate/index.txt.old b/ca/intermediate/index.txt.old
index a8304bbbc7a3a552876a7e763ecf3fc43a69371e..3e0bb89fc457fbafed34ba3622a95e8c05556fea 100644
--- a/ca/intermediate/index.txt.old
+++ b/ca/intermediate/index.txt.old
@@ -1 +1,3 @@
V 250526211508Z 1000 unknown /C=CH/ST=Vaud/L=Geneva/O=Bibi Ltd/OU=ISC/CN=bibi.ch
+V 250526212217Z 1001 unknown /C=CH/ST=Vaud/L=Geneva/O=Le Trio Gagnant/OU=ISC/CN=bibi.ch
+V 250704134243Z 1002 unknown /C=FR/ST=Ain/L=Ferney/O=Internet Widgits Pty Ltd/CN=bob.ch
diff --git a/ca/intermediate/newcerts/1002.pem b/ca/intermediate/newcerts/1002.pem
new file mode 100644
index 0000000000000000000000000000000000000000..70e6f1befee045b77d617d86fe9d586f58a714c6
--- /dev/null
+++ b/ca/intermediate/newcerts/1002.pem
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIFADCCAuigAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwXjELMAkGA1UEBhMCQ0gx
+DTALBgNVBAgMBFZhdWQxGjAYBgNVBAoMEUhvcnNlIFRpbmRlciBTYXJsMQwwCgYD
+VQQLDANJU0MxFjAUBgNVBAMMDWFuZHJld3RhdGUuY2gwHhcNMjQwNjI0MTM0MjQz
+WhcNMjUwNzA0MTM0MjQzWjBgMQswCQYDVQQGEwJGUjEMMAoGA1UECAwDQWluMQ8w
+DQYDVQQHDAZGZXJuZXkxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
+ZDEPMA0GA1UEAwwGYm9iLmNoMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAwU3uA3zfpFf0mLf/wsJwpQ5alNymgoO+FdTpKMqkousgLxglZlgq4V2TNqzw
+AngPxKh9r4vaJK7TZeFf0GqOU4RNKKsnZEp+nJR45m/+txKplaNXxBn4pgpIU+dj
+/bk4PIKZAcea0HdrmR0/g26mDN4YR6k421AJcFAAEWEDu1XYMczakf1La5BmPK6k
+qJ7LVueEoRfraogmjJhRVukqdAtdy0oLSZADs4tucC6MYCmhRaUIQWsGdZm4JKZS
+K8zFZ+7poCdjJOZa6Bdz2TKhLt8ww9Up5G1ytV6GPnmksGZaAMIyomQk2D8pu0bZ
+Z6vw9aem8S/NIXdTDJVCbVLgrwIDAQABo4HFMIHCMAkGA1UdEwQCMAAwEQYJYIZI
+AYb4QgEBBAQDAgWgMDMGCWCGSAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBD
+bGllbnQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFLxgCLGmSngsuDMhT1yMn5NhTDeM
+MB8GA1UdIwQYMBaAFN6ATyzm7FYoUHlX5afUB9g9RLGTMA4GA1UdDwEB/wQEAwIF
+4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwDQYJKoZIhvcNAQELBQAD
+ggIBADPfZDlqypv0i+A1VfPnekZhi/MCMcppPJNOmL4smapdPtlw6RzUxzNb2llx
+JYOmYapgQZJFbC7j7bV4mOkC1sO/dhYTr52RHNz01U1+6Eaj+tbWbEKz63VQWuzT
+tIGoisNIW3LfaaSrjnEHppDkEAYoeHScTlFh/aPSMemrsQhkhbHKZX2FN9EvxYO5
+QwahOIhxudBTd4knHlyPYblnCwlunv6VCPAB1/6nn0XUlRpY4MQVY3s8ud+yLG9V
+PLlT8Pa7jSmnb55eRJBgs3IXezWgi0/FLjjFDuz+bzV1d7hj+ufDKkevvSkSZuM8
+WQ9G9dDlZk3RMtCH5vMaZbSINosXnQk/rTbkf8Xfs82NCoSvkIJK7l2jFdLp8pCB
+AacCQOf/Z+8FopzlbYcvFol0hnhH+VXb7SBQO19slgTv9DFjNuhQWdbiVlwIjizK
+t1h2TJ2FnjB2nEtBIpzcVVKSBkjjN7Kfxd/N0lKpuJFPIP/Qo3LaZMSUPUqWYgdn
+Coym52m5QZ/OizF0s5jmiiMej8DAVLKi/IceewUbiOL7RZDIvCdgaJkZ0NHW33jH
+7IqQzeoYLVa0yrZc+hTaW8zH9kjudsxyEFixaZjPMb7haOa6CRTtMgO3f+468yyJ
+Xo90S3mgR2yuJAQoEWdCXg2CnFWnuDvx0wntsBqkTEHL/uJj
+-----END CERTIFICATE-----
diff --git a/ca/intermediate/openssl.cnf b/ca/intermediate/openssl.cnf
index 0217615b41b823d1c296419976dc09ba81fabf61..520a0a9d961a4ba864fb2e340915b6e873c3a8e1 100644
--- a/ca/intermediate/openssl.cnf
+++ b/ca/intermediate/openssl.cnf
@@ -122,7 +122,6 @@ keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth
authorityInfoAccess = OCSP;URI:http://ocsp2.example.com
subjectAltName = @alt_names
-crlDistributionPoints = URI:http://bibi.ch/intermediate.crl.pem
[ alt_names ]
DNS.1 = bibi.ch
diff --git a/ca/intermediate/serial b/ca/intermediate/serial
index 7d802a3e71045bbc2091119755820d2c74fa14d9..baccd0398f98701fecc453aec9185a6dba4bc810 100644
--- a/ca/intermediate/serial
+++ b/ca/intermediate/serial
@@ -1 +1 @@
-1002
+1003
diff --git a/ca/intermediate/serial.old b/ca/intermediate/serial.old
index dd11724042e28f013e4fee09715b24c1b9ab10d1..7d802a3e71045bbc2091119755820d2c74fa14d9 100644
--- a/ca/intermediate/serial.old
+++ b/ca/intermediate/serial.old
@@ -1 +1 @@
-1001
+1002
diff --git a/ca/newcompany/certs/out.pem b/ca/newcompany/certs/out.pem
new file mode 100644
index 0000000000000000000000000000000000000000..8bb40a2e0a0ec918eeae21579188d1d1e3e0aad2
--- /dev/null
+++ b/ca/newcompany/certs/out.pem
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIElzCCAn+gAwIBAgIUCPlRQLy/Sh2+/US9YJTB+zvLbdswDQYJKoZIhvcNAQEL
+BQAwXjELMAkGA1UEBhMCQ0gxDTALBgNVBAgMBFZhdWQxGjAYBgNVBAoMEUhvcnNl
+IFRpbmRlciBTYXJsMQwwCgYDVQQLDANJU0MxFjAUBgNVBAMMDWFuZHJld3RhdGUu
+Y2gwHhcNMjQwNjE4MTg1NzExWhcNMjUwNjE4MTg1NzExWjBbMQswCQYDVQQGEwJD
+SDEPMA0GA1UECAwGR2VuZXZhMQ8wDQYDVQQHDAZHZW5ldmExEDAOBgNVBAoMB0Nv
+bXBhbnkxGDAWBgNVBAMMD2NvbXBhbnkuYmliaS5jaDCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAK+IC/2VqLLJ/PzzWeV2dbsvxUIrg26UJZnxJ5FlK1tg
+G0QSyK/aGA162es1slL5grwgjCSu8OFKHEKey8Y75v49+9IWLtOnqtx4y/l6zY6c
+6KrR1yJ88u9yCHVHODmqhnENWVduAdFDQZXFSDrlP0Udn8Agka+VxIUZn7GxiCQW
+etgMp4zQ4UNDZjECzsQ46Hp3WqpdeAVxFxblfDPlrVBnAdWnlbBdZ3798XHDOvDX
+Josmoc8DnWkkiVOmL0KFKw9R7dAhWyTXnVojqotPxGZPbDwwPv0QSaSsolrPQ9x4
+BOSf/QgZKQXW0Q35UgDT0bzT+wIyUezu3prJRd/2oIsCAwEAAaNQME4wHQYDVR0O
+BBYEFJbDmkp+DYOTwK255fK13gEd1u15MB8GA1UdIwQYMBaAFN6ATyzm7FYoUHlX
+5afUB9g9RLGTMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAAMgdzDm
+APOTu/UwuZPeTBY8qwkG74omNSG/8Yrz0XG8bYIBwFITvigbaPhMqOpSaztODiE2
+KLl4B58087M5UYHaDjv1O2Ps6KepOyUqPi3VWIplrUJYGk23Xe252fL5HbgSTsTK
+QFl6k/YMvw5YPNILRm3YP9Ud0KeSGJkE8/HGzyFChmGMwhgez1XhUjs8+PftCrf9
+xAZHigy8stkwU/Jwa0KfyxepF898AV9DEaVzJt4b+pM8BAWKWRTM+ioOjqL5z3b3
+TdRg8g8b8bfKEAotgy1S7SOZd5k0t/osp+rn97BwmK2VjkUGa4MLlQzz4Po4UGAc
+s1mHPpoigjTaHilH9UL2ByavGgK2bEIK3hkht/MYzqPJrOyT9QaJ9xU9j/syLQPA
+86qQ03Wo40QPZj91lLbZianiw4c2WXYDcpSD4exAOXSfVtaey3rvkbnVNR9uKigs
+Npm38Fbr6adNKWD+klwDzS4BEcUFcJsh68rzNW5hNM26dp4r3dajxumPg5RD+9yu
+iG+WlvonDoHFXIrtXcT9vSUGuoDOp0V3BpB9cBV8MGN7f5ROdMGJSf6BlBuNe0/c
+FUnbxtzct3uDQyCDn67xhZ3UMcjsU3ithRnuJbLfOaJEFEQqw/3qMD8ABrTudmHX
+5SVV97xuOTyQUgeCqA32JnBzWdXWB69HAOdk
+-----END CERTIFICATE-----
diff --git a/ca/newcompany/company.csr b/ca/newcompany/company.csr
new file mode 100644
index 0000000000000000000000000000000000000000..1ba0a29257beab38eeed543c98878839771c02f7
--- /dev/null
+++ b/ca/newcompany/company.csr
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICoDCCAYgCAQAwWzELMAkGA1UEBhMCQ0gxDzANBgNVBAgMBkdlbmV2YTEPMA0G
+A1UEBwwGR2VuZXZhMRAwDgYDVQQKDAdDb21wYW55MRgwFgYDVQQDDA9jb21wYW55
+LmJpYmkuY2gwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCviAv9laiy
+yfz881nldnW7L8VCK4NulCWZ8SeRZStbYBtEEsiv2hgNetnrNbJS+YK8IIwkrvDh
+ShxCnsvGO+b+PfvSFi7Tp6rceMv5es2OnOiq0dcifPLvcgh1Rzg5qoZxDVlXbgHR
+Q0GVxUg65T9FHZ/AIJGvlcSFGZ+xsYgkFnrYDKeM0OFDQ2YxAs7EOOh6d1qqXXgF
+cRcW5Xwz5a1QZwHVp5WwXWd+/fFxwzrw1yaLJqHPA51pJIlTpi9ChSsPUe3QIVsk
+151aI6qLT8RmT2w8MD79EEmkrKJaz0PceATkn/0IGSkF1tEN+VIA09G80/sCMlHs
+7t6ayUXf9qCLAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAQOpjWvDPho8VS+0q
+nWpThInV3XPUNrWprhihmPPVs0gZFZasEaRs5FGfOqBT1ha6fH0w+Jxt6LVe8icT
+RMKsde0bNRc8R5MafyHmV7zju1qoYBLbwCYU4VF3QVtTKmBMgUpFNloH32WL1S2Y
+jFBKzTzJjJRVMuEcgOZZix2L66ZIK6fIz1dYzp7umye9vdlyn1u4cfOJnL+BAgT8
+lHPLBLFKvIbCHuAfSmz0K/G/EaRBaa1MSI288z9Ag1r4rupEcQm/2OMHh9ZsAZLD
+JPYT69dwLbYNyRMz/IEE68nzYgWSuUeD2nRUokZ+fQFzxUUDEzWQyG4tq/T1WT4u
+PaJmgg==
+-----END CERTIFICATE REQUEST-----
diff --git a/ca/newcompany/privatekey.key b/ca/newcompany/privatekey.key
new file mode 100644
index 0000000000000000000000000000000000000000..b8a16c447c22ae034bd80a6b6408170b713ed95a
--- /dev/null
+++ b/ca/newcompany/privatekey.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFJDBWBgkqhkiG9w0BBQ0wSTAxBgkqhkiG9w0BBQwwJAQQcoGkxCywLauiIU1j
+4C68rAICCAAwDAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQI3UMqjsHllfEEggTI
+FcjufttQSb0R/vrqNRYYXbWHySe1h53hewWlH8zcyY9iemqZKUwkt1G45PLb7Ccd
+DS+Lx2M+El2o1wal0I55hszumky77NBDQSVjNQTW86bLoSjw+OnDxxbGqNtfpfz3
+sSwUHfyyGuO3LxsmWjVp9OxByLGoOT+sjkX89fS1mr8JAXAo3YtWMTnFSIDtjIMI
+PuM0KlV9wp4b9flirpgUwLrMpKxqImkcXyYIVjR8Zsjbr9BKgKy+bmqWwnob97Tf
+rPjWwfdbRzV6a8K52z+vmAtl27GVBekdsXtDsqS0fb6kpQbZzt90kNCVvNxiIzG/
+/+IuocbeJi/sASdMJZKO70Q/p6So8X37hkWqgBGat+wUtFLx4ojz7jLNQ/wCZ5+l
+xFMzPejJVPQvEFPi3lmD2/ds5iiG1/5aoCIUyV8sPDfgHVSAy5dlapg14jbo09R3
+AqPFLPDVkKFB1BvfOFOuCIFK3GRdA0b2/lyEZ1rzuZHTFRm0r86l8NB5AnNIs97q
+iUJBXJiAFGeSoviEODHLkv+5fAovkIjncu8MW6JioJhW3LBzT4eA4Jba1xOOATVI
+vdQYs+9TPD82e3VxbQemGUn5XtcVpVhDJFZuT3AEtg9zDDxoiLTjXNIF0RqMHKH3
+piKcL/KNgczxNF8sAcMMozSqGhh5me8M+fpno2O8PvHdl0/1El6mUnw1RbcifvbH
+OwN7Xyt3J14CQFsXZb6OSGmH+luu3KRIeOqeh1DsMJCy4/8/bIIqbUdvq0sB0bqI
+TtYxHIkXAUCxMLjTIOjHKwQIM78RwM4RaY4SKF3PWeBGoZV4DGnRrGHluJ1DaJ+7
+DkzswonRVa3trOZsnldT07oxfK7a5p4hpvNT072mXHWyyw9P2G1WS/Qy6XNSCz0Q
+KoR81HReKVjIqFMeyPY+hLmleMVwvMwiLFPIaMUnn9Ql+rwUqIKrPUzifiGyQJVt
+XsAUjk1+jw9N+GRLBXahUlxDoqNMcmpCtlnECvnxcdF0yhk8/xi5mNT0Paxozzr3
+n463XlQuw2ih6tX0J1It420sd9wynND385pTXlyjOH8aFN6DhenGZkJ39uC5fvKR
+oMEE0GKcV9g3nVonPl5PJEPUSUvery5lFZ7Tlzxn/v6nvDhVI6NioaD9qz6CEf5I
+BDLSOdHfa02uN4/MaYq4bVVuyzzNBb5F99I3EFKzSHwd89udQhPgpJrwz/xrTPpq
+GNPt9dxtlENmPOsN33aRw9w2bpEIbX+PupO8mGh1GYRE8y5RHs33rrTVkYMtpyjY
+V6gXFTL5Lo7UCN9tXwvg8BYj5ZZzkRd8/tSBK83gKNpl5ZrtMBVsBnzicljs5IDP
+K4hh9/uqFYfYvhsofSAYQAqlTLblGrD0hjYTE5ONSBFfft3rBL0tIY6HCasmF2eN
+RrgxrlNFNMTSDFf3/GXN1U8kBVaxo6Yn7M8Fr5yW1K62g9ovcpoD2zsVNMAx7TZ3
+aSHr6DMcN7uqXJfFLbQLOtvGpQTeIKjmtQJxjiuMCpkY6wQKr75r5Y8lOA9TBTuZ
+GrYOOrZZo81YE99UxjPwJ7dGFWiqM+8/9PBmK1QOAyPTJBt+lRgk6vbwaKdeGjf7
+zqyYAqDIQgkYKaYVngLuvwy0zuIMz3OH
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/ca/openssl.cnf b/ca/openssl.cnf
index 41cf9f3fe617fd610438b666e4b392988b1a353c..e41f4e71fb6303a7d9985312f5c94d44476816df 100644
--- a/ca/openssl.cnf
+++ b/ca/openssl.cnf
@@ -118,6 +118,7 @@ subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth
+crlDistributionPoints = URI:http://bibi.ch/intermediate.crl.pem
[ crl_ext ]
# Extension for CRLs (`man x509v3_config`).
diff --git a/ca/requirements.txt b/ca/requirements.txt
new file mode 100644
index 0000000000000000000000000000000000000000..695102883e410bd0adf12c4ab04cd0b9b734ec78
--- /dev/null
+++ b/ca/requirements.txt
@@ -0,0 +1,3 @@
+cffi==1.16.0
+cryptography==42.0.8
+pycparser==2.22
diff --git a/mutual_tls.png b/mutual_tls.png
new file mode 100644
index 0000000000000000000000000000000000000000..9ff4dd035edf86520136f46a4196a2a52fb80ede
Binary files /dev/null and b/mutual_tls.png differ