yippie

ca/ca/intermediate/index.txt.old

+V	250526211508Z		1000	unknown	/C=CH/ST=Vaud/L=Geneva/O=Bibi Ltd/OU=ISC/CN=bibi.ch

ca/ca/intermediate/newcerts/1000.pem

+-----BEGIN CERTIFICATE-----
+MIIF4zCCA8ugAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwXjELMAkGA1UEBhMCQ0gx
+DTALBgNVBAgMBFZhdWQxGjAYBgNVBAoMEUhvcnNlIFRpbmRlciBTYXJsMQwwCgYD
+VQQLDANJU0MxFjAUBgNVBAMMDWFuZHJld3RhdGUuY2gwHhcNMjQwNTE2MjExNTA4
+WhcNMjUwNTI2MjExNTA4WjBgMQswCQYDVQQGEwJDSDENMAsGA1UECAwEVmF1ZDEP
+MA0GA1UEBwwGR2VuZXZhMREwDwYDVQQKDAhCaWJpIEx0ZDEMMAoGA1UECwwDSVND
+MRAwDgYDVQQDDAdiaWJpLmNoMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEA38PmJ6axMeSC4h4D86Q87q1MPdayA+ud85W8Xv7wBJlEsGu88P3fD27fhBT9
+ynv3uX35237brNYPDQnIA2KS68O4B2Ud5VTISPwwuMRnPBc0+/S8rlKKpk0In1XK
+JsRkBqdwZbOGvYFb2OoHMd0xvyY2gzRklruStYQW6QdRs+NJSgToR0FxZJI76asj
+FMmYHCvk7O+0IxA7211z1nufnDjbMuZCEtdFz3XUUT71SL88TmOtgh7bZTounIG6
+v/SLRG60Mu9qWBP5molpWdG7pR6YoZCxkTKj0mdN/etuBk/0V6FARngooidLCve3
+HqnzEsBMLRPz713pFTH37nZimwIDAQABo4IBpzCCAaMwCQYDVR0TBAIwADARBglg
+hkgBhvhCAQEEBAMCBkAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJhdGVk
+IFNlcnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUR+6PvQJ0W6p0477N8cTiG3sn
+RPwwgZsGA1UdIwSBkzCBkIAU3oBPLObsVihQeVflp9QH2D1EsZOhdKRyMHAxFzAV
+BgNVBAMMDmhvcnNldGluZGVyLmNoMQswCQYDVQQGEwJDSDENMAsGA1UECAwEVmF1
+ZDEPMA0GA1UEBwwGR2VuZXZhMRowGAYDVQQKDBFIb3JzZSBUaW5kZXIgU2FybDEM
+MAoGA1UECwwDSVNDggIQATAOBgNVHQ8BAf8EBAMCBeAwEwYDVR0lBAwwCgYIKwYB
+BQUHAwEwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcDIu
+ZXhhbXBsZS5jb20wNgYDVR0RBC8wLYILZXhhbXBsZS5jb22CD3d3dy5leGFtcGxl
+LmNvbYINbS5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAgEAaAApnGApld+f
+pU1KOkqh4PK25IInORjkjGhIjuzNTJXLLPlNszWi+crBB3Mh31pa30IEit0xGgWf
+HSuUH+S+4EqtGr6IKpYGzR4ka23TvE2274ILFRHWlodk7tFX4kp3HH7ukmar3h7X
+xmv14PzO70EpXQexFbEeA/oLLeA1KPTHbQt4KlW2WOfNfFLGnB2BDL87InUSdef6
+yiG/7qrJ2KkzKqY7iLTz2PGWCEKZN4NvjZjq76bAMO56ljyZ885OaY5+L8JimlJ1
+KPRy5GxTnUiqNNuuZ3D6J0gEglzce6Ln5iYxjmESHJZDGfLmINaA0/icnkQxlbcd
+9r5a7B6aic1XbKJaLPnNQM4xBu03iGMfehl92tDiHpLyIiE5tvXFrJta/km2Mvf7
+OgTvA1Ux0m/HfxCA6l6mEU13fG3iaDXSn7NmqmRcNNmN8RO3jubOpwX4M5ZLHEgb
+44zq/13H/D4xd2BDgq+xIS29VLZxQAo28t+ipKQXFpxsaQ90E0VQAvJueAA6g9JK
+igfBxxNsL+zf1SDMB5PaNTrreomvE/n3h/NhJl+dkiaS5JPG2ruvDgXYzHXOc/WQ
+B5FCv+1I4bPMX5dESIavw1MDZVPT3YDmqyT9yncP7Pzd2p/J7/Kw6sNoXOJjcUr+
+jTdYwVIK5/gSFxKGQ3Cvod06lUZqE7g=
+-----END CERTIFICATE-----

ca/ca/intermediate/newcerts/1001.pem

+-----BEGIN CERTIFICATE-----
+MIIF0zCCA7ugAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwXjELMAkGA1UEBhMCQ0gx
+DTALBgNVBAgMBFZhdWQxGjAYBgNVBAoMEUhvcnNlIFRpbmRlciBTYXJsMQwwCgYD
+VQQLDANJU0MxFjAUBgNVBAMMDWFuZHJld3RhdGUuY2gwHhcNMjQwNTE2MjEyMjE3
+WhcNMjUwNTI2MjEyMjE3WjBnMQswCQYDVQQGEwJDSDENMAsGA1UECAwEVmF1ZDEP
+MA0GA1UEBwwGR2VuZXZhMRgwFgYDVQQKDA9MZSBUcmlvIEdhZ25hbnQxDDAKBgNV
+BAsMA0lTQzEQMA4GA1UEAwwHYmliaS5jaDCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAN/D5iemsTHkguIeA/OkPO6tTD3WsgPrnfOVvF7+8ASZRLBrvPD9
+3w9u34QU/cp797l9+dt+26zWDw0JyANikuvDuAdlHeVUyEj8MLjEZzwXNPv0vK5S
+iqZNCJ9VyibEZAancGWzhr2BW9jqBzHdMb8mNoM0ZJa7krWEFukHUbPjSUoE6EdB
+cWSSO+mrIxTJmBwr5OzvtCMQO9tdc9Z7n5w42zLmQhLXRc911FE+9Ui/PE5jrYIe
+22U6LpyBur/0i0RutDLvalgT+ZqJaVnRu6UemKGQsZEyo9JnTf3rbgZP9FehQEZ4
+KKInSwr3tx6p8xLATC0T8+9d6RUx9+52YpsCAwEAAaOCAZAwggGMMAkGA1UdEwQC
+MAAwEQYJYIZIAYb4QgEBBAQDAgZAMDMGCWCGSAGG+EIBDQQmFiRPcGVuU1NMIEdl
+bmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFEfuj70CdFuqdOO+
+zfHE4ht7J0T8MIGbBgNVHSMEgZMwgZCAFN6ATyzm7FYoUHlX5afUB9g9RLGToXSk
+cjBwMRcwFQYDVQQDDA5ob3JzZXRpbmRlci5jaDELMAkGA1UEBhMCQ0gxDTALBgNV
+BAgMBFZhdWQxDzANBgNVBAcMBkdlbmV2YTEaMBgGA1UECgwRSG9yc2UgVGluZGVy
+IFNhcmwxDDAKBgNVBAsMA0lTQ4ICEAEwDgYDVR0PAQH/BAQDAgXgMBMGA1UdJQQM
+MAoGCCsGAQUFBwMBMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDov
+L29jc3AyLmV4YW1wbGUuY29tMB8GA1UdEQQYMBaCB2JpYmkuY2iCC3d3dy5iaWJp
+LmNoMA0GCSqGSIb3DQEBCwUAA4ICAQAVPFEmoxhJShTw/pLzwY6dman9FWUQT9/8
+rPnHimCcgti6KJVWPE+gf7GW+P25bQH2pqNy0BanG/434Ly7QPxEO6ZE4+iz1NIK
+mwdOME7S7YY+fRho0apcW+b84YP39yewSz5vxWI29n3dt6FshUpTNc3MU2qP/93V
+VaiEMqZIO4Z5BwN+pkhOtZdVG3Faxw4/9hKcUOxExGerdxlqNidBtPObE39OQV5t
+mad2xSUq3GJU9ebUwqQbfugQz2+4uQU8cjdWE5sdrFgJuSr+b7gojICMF1NRse7a
+/b9NGm5DLqpNi/6XCmw3qjHoIYzUEO1RTC04BatkondCE4owTFa3P8XOG/u8VTxh
+eu26o/tnrKmmniPoDQDSVodghGJ0QdGoKzzafiUaDZIfRFrQVdp3GcexLYb1FgXq
+FULg0gmELgthBG8xuvSyIPG1GBdJCKG5GUgjSkgr43SR8n1iBEjQUucrluxgTmM2
+H/mFMnqrEF5O8qAE0B2MV52cD1OdNhC/xw7v8fuaY6Rg4dLdSAUpEurKk4OkOYXA
+LhT9jRILji/y1p+SC/HOyXhkJm1ELxULLjbVWYD+qjMkiXXj2ePeFHYFHEkQqsuM
+3hR9b/ouT0xRyLeHgSrePEwY8ohogrSyK2lYvoeFxtFwB75lOODdtgoMXfut8tzt
+REfeuftqrA==
+-----END CERTIFICATE-----

ca/ca/intermediate/openssl.cnf

+# OpenSSL intermediate CA configuration file.
+# Copy to `/root/ca/intermediate/openssl.cnf`.
+
+[ ca ]
+# `man ca`
+default_ca = CA_default
+
+[ CA_default ]
+# Directory and file locations.
+dir               = /data/code/atelier_secu/ca/intermediate
+certs             = $dir/certs
+crl_dir           = $dir/crl
+new_certs_dir     = $dir/newcerts
+database          = $dir/index.txt
+serial            = $dir/serial
+RANDFILE          = $dir/private/.rand
+
+# The root key and root certificate.
+private_key       = $dir/private/intermediate.key.pem
+certificate       = $dir/certs/intermediate.cert.pem
+
+# For certificate revocation lists.
+crlnumber         = $dir/crlnumber
+crl               = $dir/crl/intermediate.crl.pem
+crl_extensions    = crl_ext
+default_crl_days  = 30
+
+# SHA-1 is deprecated, so use SHA-2 instead.
+default_md        = sha256
+
+name_opt          = ca_default
+cert_opt          = ca_default
+default_days      = 375
+preserve          = no
+policy            = policy_loose
+
+copy_extensions   = copy
+
+[ policy_strict ]
+# The root CA should only sign intermediate certificates that match.
+# See the POLICY FORMAT section of `man ca`.
+countryName             = match
+stateOrProvinceName     = match
+organizationName        = match
+organizationalUnitName  = optional
+commonName              = supplied
+emailAddress            = optional
+
+[ policy_loose ]
+# Allow the intermediate CA to sign a more diverse range of certificates.
+# See the POLICY FORMAT section of the `ca` man page.
+countryName             = optional
+stateOrProvinceName     = optional
+localityName            = optional
+organizationName        = optional
+organizationalUnitName  = optional
+commonName              = supplied
+emailAddress            = optional
+
+[ req ]
+# Options for the `req` tool (`man req`).
+default_bits        = 2048
+distinguished_name  = req_distinguished_name
+string_mask         = utf8only
+
+# SHA-1 is deprecated, so use SHA-2 instead.
+default_md          = sha256
+
+# Extension to add when the -x509 option is used.
+x509_extensions     = v3_ca
+
+[ req_distinguished_name ]
+# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
+commonName                      = Common Name
+countryName                     = Country Name (2 letter code)
+stateOrProvinceName             = State or Province Name
+localityName                    = Locality Name
+0.organizationName              = Organization Name
+organizationalUnitName          = Organizational Unit Name
+emailAddress                    = Email Address
+
+# Optionally, specify some defaults.
+countryName_default             = XX
+stateOrProvinceName_default     = MyState
+localityName_default            =
+0.organizationName_default      = MyOrg
+organizationalUnitName_default  =
+emailAddress_default            =
+
+[ v3_ca ]
+# Extensions for a typical CA (`man x509v3_config`).
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+
+[ v3_intermediate_ca ]
+# Extensions for a typical intermediate CA (`man x509v3_config`).
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true, pathlen:0
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+
+[ usr_cert ]
+# Extensions for client certificates (`man x509v3_config`).
+basicConstraints = CA:FALSE
+nsCertType = client, email
+nsComment = "OpenSSL Generated Client Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
+extendedKeyUsage = clientAuth, emailProtection
+
+[ server_cert ]
+# Extensions for server certificates (`man x509v3_config`).
+basicConstraints = CA:FALSE
+nsCertType = server
+nsComment = "OpenSSL Generated Server Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth
+authorityInfoAccess = OCSP;URI:http://ocsp2.example.com
+subjectAltName = @alt_names
+crlDistributionPoints = URI:http://bibi.ch/intermediate.crl.pem
+
+[ alt_names ]
+DNS.1 = bibi.ch
+DNS.2 = www.bibi.ch
+
+[ crl_ext ]
+# Extension for CRLs (`man x509v3_config`).
+authorityKeyIdentifier=keyid:always
+
+[ ocsp ]
+# Extension for OCSP signing certificates (`man ocsp`).
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer
+keyUsage = critical, digitalSignature
+extendedKeyUsage = critical, OCSPSigning

ca/ca/intermediate/private/andrewtate.ch.key.pem

+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIqF2NBi+pu58CAggA
+MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBDbok3NnAfXZLsOF/GxMYMXBIIE
+0BfhpIrOAkXK36p8q+u6Kin/f7fCtjv1Vcfh5eb+CUIJyJokIV0Bk7SlkOK5eJxb
+Q8n05WuMjZbplnedXW5jQ2+eetRp8YI4GWLxycJiWTSmZtR4J99gdW2CLZL5MYm3
+By3z7hcD6OvSTlLD1UxSbCtucqfH6IBr1xy4T+d00q6dZbsg15MyUDgm5dU3C6d+
+6GZGlrVrIY8mTHO4HTbSappMS/cJ6mwT2ABWe76aetT1GszzBPxUE/ohpXT11qdd
+5HHSeu5jv4k+hX/7uwf8Izettx9fxQFNhhZ0HfDmEN7mvFwDrTtHaq81ypQfUnFd
+omqyQdsj8FYSTUJ4G/4mk1tV4OVoPMOaNW7SVRxEz8Euwsl2hOw+ysJvcPYcsGqm
+ZVuUZLshIfL2sgtXaRu/kMAsR8o4rl2C7WV4EFJe7YvFjV2hV21zUVSno3Gyy0bS
+By4w+RA2vjOkT5twutTcueAhBQuJPDk5DTGoxdZ2mcY0lNTN0KXGLakSbwOxJ90E
+uDbcdnTMwCjTLqsvyITe0FRQry8ekKmcVnsYTxtjLHVB6tn0q4srWFCkS0F6g917
+s2oCBTzEAmxtfkRoTXeQSJnP/36LXN1W9jhd6Gd5km8+OfA/dGEBofggTznOHhhX
+As8qrgFsuLuMDMABeVcliqDx9e51NzNPEBhYb4X0iZhIsIn0MuHez/ywQyjX8mHV
+/atsCnUfDv+D6JspaCLIeGY48IvicCVnTubJHp4Yc4pA7Cj/7/9OZk8e9IuyBUxk
+yaKRpqiAZ/EDUSTVYuN2YCLICWFJHVZE+uYqwwuneQvYJHn8pduXeZWHKMOseFF4
+zNoZypW3uLcoQ9ACbsaOOfBSof1T/4KoKXarSnK+lmRa4ZdnwFRKBAH8LLWuvTp9
+4X1GSHapMWIy2kFJBw/CEZvSrYHNehQcXfZLX2wioKHgcLbWYl8+wbLTUjXnTrbn
+yFdbDERNHvyNTYIlEMG6G/S3C3ME/M6ZKxMc8McDOufwkonnsM6rP8Fov+9aBvFN
+1pdV35Z1qUP2g4Es+4mb63Vu864/ixFW3j0JotYdPUQFJKGmKZOmNA9r57EcpCqo
+C4/b6S0Mvt+ra1HtCVobtqZ5y8JJKw2Jd7He9SP6LFoKcCOP741wJp2/NRb1e2Qr
+/IKsLsD2wjq/FDeUYs6/4SpJqt14h9Tv2v0J4RnLP7LWhClfuQZbyfx7IJdliRqv
+HbxDG6TNsWqa2rnQsOz3jQlcJaN7wLrEUxwPlFLZqeJc6KEcz3n0HMrPrY0XvXS2
+2z/Ogb0/gQHZyD8klBACFJXcVxGMEZcyyoYDyzoviZnZLTWbab/SFrFr+qf+uvcv
+U44A4t/a491U/jK6889EiZRfXwjPCSxhod6kb7oVqr6SBWLo+khpCy2fc1gXqwZC
+tH5rt1hkEi6z+GfsP77DLcYVTsnvcMz5Qhhx/kYs6qVY4jWRAkLmRWigPKNjdcc6
+kXuMSA56kwDc5g33gCLrxWiEnL7K5akGVLCRf/y8xx9En0/xFyQiiffxMq1H4YhE
+sFn1f6h1GlIkuPBlTTrlSGNsU7bPpVr5preXnUSK8SnkykKv41IPGkXVp33DuKm6
+pZbRntTOKyOeVM330FXLm9dQyjvbpBwrMt7L5YJ9RlJG
+-----END ENCRYPTED PRIVATE KEY-----

ca/ca/intermediate/private/intermediate.key.pem

+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJrTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIH0AiSZyP8mcCAggA
+MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBBoM13Kf43LEMshMB8UfJLOBIIJ
+UNTpY/m8yiynjAZtUF2UGPqUBdrynI0bO/+MxUbm+bg8+0dJjLTvzNJl1Nlj2RFY
+sthE5Dwr0oFVTADIku1gEDOwmieDeLcYx7gCyFDwYNAOlrQt2ocFJVHSbIEqRg9b
+krNJWnRBNfuB5eVsW0xpZ+fPdtPaYJ3OgGODmGMBPZi4lBHt7r0xuUFD7SjQKtiV
+QihdohKHolWXqflszGGSmzdPJNnqP+6bwJMvqsCVBhR3rlOhSRGTuSx6qKEYBFym
+kgqL4z8bZcIjjj0vV/XfpqPNfsFi90fJ+xg9zmNVPa5tPIj/4BtuKUnItH/69XFj
+/FZrolCelfAbb5GcaZPATlX5N8673BB6EdWCc8WpCaK2n57qW5jRcrPfMkT6vRb4
+zOigLgzPyPk1JOOKxO7HNuIMuS7VaAyNQZabz8QC9CD/xtLDJtdDGvO4F0kb2Tjn
+C0KTg1iN16B2bpBtmZA91ozpTdqObM7boRVQqgaw7TZxBLKql4XRdr+tlbeoykEg
+MkypwZ2tj6DVWUGbmcUrESKgddL2cPo5/GxYpbG7Js57z/Ok4gBkcVG9X/aiCi2z
+pqJGtEOyHOgHGLvcBQeHUWhNxLKSlwawpW4So85XWwQnxOJxJ9pDWYHzvpixwfcc
+RXLx5zL18fcZmLr3NSnaVfPaCXANDtbwC6lHQY1z0Y9zxXni+yQOt6YAWcaf+lMw
+mVPxZzTAOnNdPM7r+b2LdSFy8vbUQeiZMQaXuSIZAzm5Ogr53TkM610bMcbVorse
+PL/tR3CwYApncD3qMDsXLWkfNl5phhOgT5yDZATQwWTJGd3WO6co5bhPmlHWJqTT
+XBEJHAh8o4A6zeIfRZwDk3pzEyASbGezLBU6+hZC77v1Hl4chjtu03VhFqqgRKOg
+dIfJigknIYC/Z3NqKZUQNQlWiqyUYLg22XM7pHwAcB+Jo14ewQzGbYuLzNYCpVwm
+j7hABzR2QCoTOsfBQKHmwrzfs5XsOkQ7VIEZSl0mjBMoo3OEtxoZK7CTRb/Oakft
+/y0jIZao2mim0/+naWKI7iY9jyW8bj3LhzI4brnH1HGY/D5IbqQs9Upw98eWBDoh
+m4u/ljygdaqN7a2Qji5Io0tKYCcZJ9aItQlDMeV+jVEFZNml6mpwD9isD2gthRZM
+kzZ6NwDZ2kmNPH0+XMDeRC6+WyKKcJumZVk1qQPcajt0UhiE5/RoHcWnFEqsa2iY
+IglqxyMRYtJ2+WqM9uX8YMArmVwHRZyMvYrakaK62ZQcUd350na3N2G5Hb2BFlzb
+nSCsafd9OP2xqnswwOjOriiVT6rBb5e0MLWUxraSA++QBY0rlZEmhsRRo3eBz6+N
+EpKarkeXD4q1de8Xd38HbDNgugnKO+IaP89543pFAJymz2MbjDD6N8Yzr1hkM4wF
+wP2LGcXhiHB67G5JuDRtxLCAVorMv9Xltp+HgVWlYiSbslpvc0J6QhUvRn6qkC5K
+ETLPyLKxGuaBamymOi2lrNkLU5RiEiMPkAu62iv4aydHp22QAQ16A1FmVW8KM+wk
+XmjRhbT+HJuNgK+7u1M5yXOljJFlvc7I7mo6rQTgMH3BZA2jXPKdr4XNPQa8DpEk
+4ymvIsdnJbAmyx6SnwKZmJ4UmN6cRmiC6cAkST2rNsJE+KIaIFFem1sOX5Qbtmpq
+CmZxJ9hitvAo0uY+PgF3xmOAnNiIIe0RFHKFpeGa6jmHDFl63myjEvaEoIOqtQYn
+NZNmtI2Er4fuonr/KUqsY4MN7pUwbtkE5OtCOlRU8nl2cXu2agXImMSCQcXTqNmZ
+6YY5jJQvo1po8Wkf0DCDgqPy1yBHKgcVJhxaE0eOnrAi7GxwG455777ujK4GjGu/
+CqpRCRh027Cn5JJILns+N8QDvXxiVUPz9I3KSP12iITl0ckpNtUQw+HPr+Zqv4Bj
+2M9OluRmtOstH9PCor1rnQSVnGs6az3Nc23VnLc0noTT6ugg9sPSrqbVtACaeip9
+aJGQ3UfOmNjtxH/J0TMvl01K4iPabU3Y++/4/Tc+BjraGxf2ocFdieEQ/sY0mEnE
+wFlEC1D1UgcASgc5E/Ti11phRe8HWDID/AhOf3tP4e7H6jn1VIeiMOW55RmxoUpA
+xH8L84RVZKyN7+CoUQViBfD/IPQYgEu4Ll8SJRYyOUELIpSUDVpMCeOVqEr7nU+y
+vPIUNK9mTpX1Juh4xQBDEI6nrZaI+ZOBAikoUIQ0H+sO/azmxg5yl45aDW5d9le1
+WcR731ceDysWkoTaZ8t0/1dpjWLYXp6oIpR8MFTKsu94UJaFECK4FBixqs74oSZ3
+KY0B5enXbVG6XUyUCjn7qskIW8TTh3m9XfpStH92YmipUwxsTGIEDKSeFO3W3XyP
+EvFafFiKIjVCNU21u6zAoLk9fyGR9/hf9xgcPGQlvisuQ6Rd89/YdCUDrr3YNjHU
+w9yV2J19XqtenfR6Hm32DXc6ZtGMw8VIimbkEYINhmjuf2/vuII34rCjKW4vfJUJ
+nflLz/WIUFqUBP2Bw4K7KnqvPvFhnZJN/7dEmw3sG8VTAJ+Bi6s8vyrEHfsYqqV1
+CWZ//2wdJCdz0sRnn4EhjiVhMB6LV2KTy7eY8AM5x8XgzJHH2I9m5Yh9rLLR9OYa
+5SjQOSquTHGTF4Q36A+q2MUTHH57zz8GXaEa56eINjYabT1L77BPBcrLm/YQezcx
+Da0hMee61S7d/e24/N6ppWqRUdpPnRRnEw/SJ12GU656aNMjjsV+Aesbh1L3zjwf
+MDWLb/5f6QMKfUpkFvekF5ko1X26/ustTcTt5qxKEkSV0EqnfxNhdjWMGur2M6ZK
+AxQ71Z0CjXQPt6pOyOHZB38k6OEaZ6H1G9TUHPKnu71Yur5wDRrGMyLXb/82s55L
+CoLN49YfZ1gezLrodRFibtaW66bxE7CpvuvaRf7mi7Zh5YkvkZUlOGD0Pa7fzzIC
+EIgBg55b/L3LDjWBOce6CTE39CCs2ea2xdboQX3C3bUGAKGTpdV5fiBOe8wnarU7
+OFwzCJX0mvsGX8MDHcu0uPv5aVgaONkYOsY+LN8VZkCUh9qXzDZo3oTDB3pYZHju
+/oqqOJI4L8hlLi094Y6l4FF1P/XDcZRoET9DwTK8SZKywWSX6duiAllV5fq3Fi4/
+x3xduIbx5pUQaZlcqRdhhtki8BzKYHfZBj0nv3F0q6Qp
+-----END ENCRYPTED PRIVATE KEY-----

ca/ca/intermediate/serial

+1002

ca/ca/intermediate/serial.old

+1001

ca/ca/newcerts/1000.pem

+-----BEGIN CERTIFICATE-----
+MIIFsTCCA5mgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwcDEXMBUGA1UEAwwOaG9y
+c2V0aW5kZXIuY2gxCzAJBgNVBAYTAkNIMQ0wCwYDVQQIDARWYXVkMQ8wDQYDVQQH
+DAZHZW5ldmExGjAYBgNVBAoMEUhvcnNlIFRpbmRlciBTYXJsMQwwCgYDVQQLDANJ
+U0MwHhcNMjQwNTE2MjA0NTMwWhcNMzQwNTE0MjA0NTMwWjBfMQswCQYDVQQGEwJD
+SDENMAsGA1UECAwEVmF1ZDEaMBgGA1UECgwRSG9yc2UgVGluZGVyIFNhcmwxDDAK
+BgNVBAsMA0lTQzEXMBUGA1UEAwwOaG9yc2V0aW5kZXIuY2gwggIiMA0GCSqGSIb3
+DQEBAQUAA4ICDwAwggIKAoICAQDLE3sYajB3Ngl5FWYxWkFVdKeI1Iw7yzLISssT
+CP7cD7/7zoOKkYJmgGexVF7YwlzdxNUU+NFSAkabOczj5CcTLpGzTgClZEpXL0gh
+FXedT6wNQfUCKt2FQjhP0OdN27A23F9rEqYZzBN/QNoTDkrkZXTSukLCDOwSXHHQ
++5VHCoQzITDZGefmxXMbH/l4p5FZ0/y8hpuDy42oI1wDgk9mnThm6FBYZkaNP7x6
+H0fYeYG6xy4hn/AWXF+FStvBIRiqDTiqXbKXAiF38wxRRTVbdXKVwbn103B/E9OJ
+MyHlajd+JQPy0Rd1/5XmfyeWY24UiudJDnpz/uYJidLZEY9JjnmFDVWLPrc/Orob
+y7mHQAVy3mgHlaCa5rbs9BOztpbOgfmsvoZmRmb5ek5z52f8unjLj+4TTcPAJE1l
+eabN7FBO6bhDBbHjeAAUe0bayv4/5vATsziwWorzM8hiAzosAIzQO+gG/aYXZsb6
+zDxDw4TCoj72H3W1bNAHaxxZByhq00ph6KxQONonX27rV0xqFrn8b9tZ5WTEqsZ9
+df503RW9Y+kWQSR2CoQ+757znKf0geAbLZ03F1/l1qAsAITTFyTtAcyWxp6XgNcz
+/uYoF1XFwwpa56muftq/YcWChw/rrRM6/oTAGm1JsfzGV8IWaFx/yOyg7sOeDzCu
+StA59QIDAQABo2YwZDAdBgNVHQ4EFgQU3oBPLObsVihQeVflp9QH2D1EsZMwHwYD
+VR0jBBgwFoAUQVvImvuKjYpibo2RnDpgILtZgc8wEgYDVR0TAQH/BAgwBgEB/wIB
+ADAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBAG88SXEVK4ahRcKb
+t0goUDifUPQkWByV1KKL3fWUgLQdSE+1+zB320NkRV3yipTc+0G4WR03aw6nd3+O
+veBO9ugHG6t2TMsM7QsuZ5ixcB6Upt5hFosDMZGMylFDW2dJOfNbGeU7CGMIs5OM
+NQU23PspFQbT9gLzgQE01OJvWmi00ljxhtj7opGPaQZhy6OnSMxZrOEmantxZdo9
+za6LZ7c8H/fwYVXOAtbx/gnPIpzCSSNJY4aY+B14sJoStD1B5Rc7BgLiNWwKE+dg
+fy/vwiP9erZE6R4Fpj/ifm/DxE2kP4T0juyz0IZMyO3VvUFdkXoVkiFF4u7feUtq
+PTNJUkjS5bSL9RaM+6lI3DReSbw/g4aT7CDvCKd/GbhUWQhZrNGOvWFh5GS0LjHI
+FFScK0gAmOihuNNGQdSmql1Roz4cnqXArF3S4Jnf7pYsq4hD7ZdtuWzjdppKV17u
+95TChvjbkYbfLLMIb/he5jArNKpjw8EPhQ3Ds0mce9HoFtY1NugJAd7AZ4pePT5e
+Oy3rLUMRerwrwpz1F2ds05zj2SMaEPQkXj1LxSLclRZvx4no+quIgU44FgqlrULf
+gVtiM9tq+MVms+gj0b4ShJreoaKdDFa3RDyOUFSsk5vOQSMx9hw+Z1s5QrC28SU/
+m4nyzgO03eH4rgFALzMnbrhF0hrm
+-----END CERTIFICATE-----

ca/ca/newcerts/1001.pem

+-----BEGIN CERTIFICATE-----
+MIIFsDCCA5igAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwcDEXMBUGA1UEAwwOaG9y
+c2V0aW5kZXIuY2gxCzAJBgNVBAYTAkNIMQ0wCwYDVQQIDARWYXVkMQ8wDQYDVQQH
+DAZHZW5ldmExGjAYBgNVBAoMEUhvcnNlIFRpbmRlciBTYXJsMQwwCgYDVQQLDANJ
+U0MwHhcNMjQwNTE2MjA1ODMwWhcNMzQwNTE0MjA1ODMwWjBeMQswCQYDVQQGEwJD
+SDENMAsGA1UECAwEVmF1ZDEaMBgGA1UECgwRSG9yc2UgVGluZGVyIFNhcmwxDDAK
+BgNVBAsMA0lTQzEWMBQGA1UEAwwNYW5kcmV3dGF0ZS5jaDCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBAMsTexhqMHc2CXkVZjFaQVV0p4jUjDvLMshKyxMI
+/twPv/vOg4qRgmaAZ7FUXtjCXN3E1RT40VICRps5zOPkJxMukbNOAKVkSlcvSCEV
+d51PrA1B9QIq3YVCOE/Q503bsDbcX2sSphnME39A2hMOSuRldNK6QsIM7BJccdD7
+lUcKhDMhMNkZ5+bFcxsf+XinkVnT/LyGm4PLjagjXAOCT2adOGboUFhmRo0/vHof
+R9h5gbrHLiGf8BZcX4VK28EhGKoNOKpdspcCIXfzDFFFNVt1cpXBufXTcH8T04kz
+IeVqN34lA/LRF3X/leZ/J5ZjbhSK50kOenP+5gmJ0tkRj0mOeYUNVYs+tz86uhvL
+uYdABXLeaAeVoJrmtuz0E7O2ls6B+ay+hmZGZvl6TnPnZ/y6eMuP7hNNw8AkTWV5
+ps3sUE7puEMFseN4ABR7RtrK/j/m8BOzOLBaivMzyGIDOiwAjNA76Ab9phdmxvrM
+PEPDhMKiPvYfdbVs0AdrHFkHKGrTSmHorFA42idfbutXTGoWufxv21nlZMSqxn11
+/nTdFb1j6RZBJHYKhD7vnvOcp/SB4BstnTcXX+XWoCwAhNMXJO0BzJbGnpeA1zP+
+5igXVcXDClrnqa5+2r9hxYKHD+utEzr+hMAabUmx/MZXwhZoXH/I7KDuw54PMK5K
+0Dn1AgMBAAGjZjBkMB0GA1UdDgQWBBTegE8s5uxWKFB5V+Wn1AfYPUSxkzAfBgNV
+HSMEGDAWgBRBW8ia+4qNimJujZGcOmAgu1mBzzASBgNVHRMBAf8ECDAGAQH/AgEA
+MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAL/Q91IV5UoQamfVe
+wg3Wx1dWJw3e7fxZpXAF2GkGgIqsmMZdscU8AQ3eMPriDQcqW0mcSohKl8gN6pvY
+bPqbfrzrZV7LVc/5O0JcWAD1oIJceKLZ2DSaAzPHvz9N0qC9YIDnw8wN1AfqK4OC
+UbTheKVHotYT8S13dAY/asVLpTf8xlvngt3RObe3U6KyO81pGmM/HHRuPMum/fV0
+iHtasCQ4hUZ/+x2wwngnm+yxfcDJaLDJ9IUhQZQwiw27OChh+MLrlkqmzxfntMjv
+/kCImH4T2X3c6czJ56qpLsv7wRDAxsNjJtCasXkXBl+RNvSCer3G3SPB/yl30bUf
+C/OBfJyuGs5H7DdUJ39d0MUK4YC+b7t6YH+dEAD6HZBP2tzmEGcREAtQV+5e5KJD
+KA9AitzuQ18MNJrBTj03qDFi3xhbuykYtKZzVWQRq/MyvxuzJFc59rqhMqp++p/R
+Oj7wv0A6/P+fbUm1FlEiREKFF6ejcJWCP0SdJIlv8ZiTkdg8UGFM0dGed5hXQvww
+nZZhfxOo+NIil1BoGfZZ38qbUNdK2kMxnrTdqgFX53Hz9xqjXTn43FMS+CJRZxVP
+o45dAtQbKOkKStVAWC9cXvzAS4st/hdlC5EkbzsZUXArRjTJ0A633YkDTu6OshKH
+lJDwQc1G93zhyDVJDfMWSf1rg78=
+-----END CERTIFICATE-----

ca/ca/openssl.cnf

+# OpenSSL root CA configuration file.
+# Copy to `/root/ca/openssl.cnf`.
+
+[ ca ]
+# `man ca`
+default_ca = CA_default
+
+[ CA_default ]
+# Directory and file locations.
+dir               = /root/ca
+certs             = $dir/certs
+crl_dir           = $dir/crl
+new_certs_dir     = $dir/newcerts
+database          = $dir/index.txt
+serial            = $dir/serial
+RANDFILE          = $dir/private/.rand
+
+# The root key and root certificate.
+private_key       = $dir/private/ca.key.pem
+certificate       = $dir/certs/ca.cert.pem
+
+# For certificate revocation lists.
+crlnumber         = $dir/crlnumber
+crl               = $dir/crl/ca.crl.pem
+crl_extensions    = crl_ext
+default_crl_days  = 30
+
+# SHA-1 is deprecated, so use SHA-2 instead.
+default_md        = sha256
+
+name_opt          = ca_default
+cert_opt          = ca_default
+default_days      = 375
+preserve          = no
+policy            = policy_strict
+
+[ policy_strict ]
+# The root CA should only sign intermediate certificates that match.
+# See the POLICY FORMAT section of `man ca`.
+countryName             = match
+stateOrProvinceName     = match
+organizationName        = match
+organizationalUnitName  = optional
+commonName              = supplied
+emailAddress            = optional
+
+[ policy_loose ]
+# Allow the intermediate CA to sign a more diverse range of certificates.
+# See the POLICY FORMAT section of the `ca` man page.
+countryName             = optional
+stateOrProvinceName     = optional
+localityName            = optional
+organizationName        = optional
+organizationalUnitName  = optional
+commonName              = supplied
+emailAddress            = optional
+
+[ req ]
+# Options for the `req` tool (`man req`).
+default_bits        = 2048
+distinguished_name  = req_distinguished_name
+string_mask         = utf8only
+
+# SHA-1 is deprecated, so use SHA-2 instead.
+default_md          = sha256
+
+# Extension to add when the -x509 option is used.
+x509_extensions     = v3_ca
+
+[ req_distinguished_name ]
+# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
+commonName                      = Common Name
+countryName                     = Country Name (2 letter code)
+stateOrProvinceName             = State or Province Name
+localityName                    = Locality Name
+0.organizationName              = Organization Name
+organizationalUnitName          = Organizational Unit Name
+emailAddress                    = Email Address
+
+# Optionally, specify some defaults.
+countryName_default             = XX
+stateOrProvinceName_default     = MyState
+localityName_default            =
+0.organizationName_default      = MyOrg
+organizationalUnitName_default  =
+emailAddress_default            =
+
+[ v3_ca ]
+# Extensions for a typical CA (`man x509v3_config`).
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+
+[ v3_intermediate_ca ]
+# Extensions for a typical intermediate CA (`man x509v3_config`).
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true, pathlen:0
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+
+[ usr_cert ]
+# Extensions for client certificates (`man x509v3_config`).
+basicConstraints = CA:FALSE
+nsCertType = client, email
+nsComment = "OpenSSL Generated Client Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
+extendedKeyUsage = clientAuth, emailProtection
+
+[ server_cert ]
+# Extensions for server certificates (`man x509v3_config`).
+basicConstraints = CA:FALSE
+nsCertType = server
+nsComment = "OpenSSL Generated Server Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth
+
+[ crl_ext ]
+# Extension for CRLs (`man x509v3_config`).
+authorityKeyIdentifier=keyid:always
+
+[ ocsp ]
+# Extension for OCSP signing certificates (`man ocsp`).
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer
+keyUsage = critical, digitalSignature
+extendedKeyUsage = critical, OCSPSigning

ca/ca/private/ca.key.pem

+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJrTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQI9YmgqJcpc5cCAggA
+MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBBxaUE3Gj6D8Jz9H0zGG6/tBIIJ
+UONiUMPxfxJaj8yyQRXqNoBktoILklo6C+EiYxuWH4HbnRN/Ul3Cr1cZRJkV7fAL
+onp2NU5iYs2kqq3wOZcABN7rZNT/pxFUwrsjenCs8r19WtA/SNRY/slHmYZJ23ZG
+LOIn6Hx/jdO5QxsWRWP+nCcZZDcSVdOk/SE+/ynVt49e0bjPQVbnuCp085dsXxsg
+Am0xkryUYuBP3ZdkkBJNleKXCjRYZQUsvfWGb2hVv0zDKhhVirpeQuxE8um/XFBj
+uqik2WCXMZXMPdtAznyo6tl82IhA2/9RYbkV+Pd+FAT+wcU7kFA7OUrteYrcYkXS
+ipEGIS9p4k6CjXgNiKOdPi9LKNg+G01GmGXWsKBYR0zk4JVSPg609NZFspFq4O+/
+3G5xU4XnefKL2uOvMqCJCNd32v3oQtmju3tl9lhYH+8AOt7qnlXosyZzn7Z8N+BJ
+QnSDwgjljBOQEqRrqzCJo9p4HcTvoWzrBjrA2O/l6GhRtZliM4sU40f414dUynh/
+gncLyWSx779dgRx/yQuQHCms7Ck5lSwQTCvSz6XHTz/yWaN96OmE9XWIyLqgEB31
+m3O4rMpGMHxfzjUJbSMg+WTFRDF5MSZzd73XZs54Nm5MOMRuWjzCcPndEmL5j0cB
+sJHv5H4dZXzJl2DiGeDVJhpzFRQgWo3IT7RsSIkHSUsxID7V+yYR+k+pJYpV1890
+2tzeuG5sdzseFr9+FekxnDBLmfjt/spoqSh2+fBf1KlZCa3ZlNAbewTK+/uc6bSn
+bzE5xdL0QKMCyB4c7suh5UUZ2xQuZszbshlyyw5xJvXfZVNI9h/sxfmn6gTDjX2W
+kSvNVbIdlmQrGXPnUR5n8C6jE1Hs8fdbUi2jOwWQiev8J73dHa5PQ7zOuDA6AyBI
+Lwthezb9gyIMMnVW6+2HAgCiZ4G0HwquF1Ye9G0vnphF8+i44QckghTqukUzM+sq
+8Q5W+xP7GrO9pgLbR6TmZrCvy92txfdEN7DNpdrvYYg4lCzlPnXvhYVWTW2sGPM/
+TONcmNd4ikzeLTkm1j2PAVJn2rak0feNo3fP3Gum5TglR/zBhRewyx5FFTX2xDKR
+nSkLfqd698tF1P3RTb0uA7cu/PwhQHqB1mD1v95jzX37Hq7lnJ+zWaqYfy3RE8BL
+oLncy7k2LMSfN/xC3+qY3NS7D+F946cRwF3IOFENTmMlkLHtlUdxwjVOl1sSTnHr
+DSgNdIv+K2mA8Ejrqof/obDMQNgSp07Ei2Jrtg/wpr95Y9i7MoF4wIxnVjy1LP/e
+fNhUwybef4ZjDLGl97E6gXdJXabWTWBzFU+GJ+lD9n0f/9x0wSbZMy/A4KV1e9Ej
+9xQY96OApJsnpvGIdomVr4D+Z00WL/L18KdZaIziT/qXQcNQSNdSUOpoyVJtElR2
+x+16b6RoC7hIIwh9Lj0FYBAJGaK2DVvqMFC7i4b/zN0F04jzE4YHYBIY6hrUa4SR
+Hc70FJTNMgsr9xsEOstcuXpjac5mmMGI0pxsLDmSemgPUw6xjPF3vL297f5rnRvg
+2PH9S1Rw47VOss2gARXd26In0ZVFjQ2lwIbsm3GhOt34vnqOpuzIFi0xeDVilI+o
+Lv+AyfVTPIk6ZJ3UaYjN1CNWrViR+VRcKpVV70nt+Z3coudycWpK01FTQPsq5xzk
+QC7tcO2EVZDTckAUK+dCgDlIMSaEr7zLiCuBGXPbkaaYGLers6t2iQW95m8Ddeym
+i1GtDog6clfzRt8spNl4lTfoeiaR1Dq2CnRktLxgqA0WlORcVOWTQ7l+tIGTM0Mo
+rtBGvUso56frBwkkKyDLhGGomj8ezSie4K+5pjXC9ucfL1rMOs38TjIhj9GlqY7T
+31cjp+35h0FQ54RgvBO7T0Vr2b8eiXgAwPdHIcQAH2yp5GU65iat2JyvvIZJgm0n
+AYkpsXfXzYiowEp8kiPhFiS2JOVgr0afcu31zgwQvvz6W/SMiyTGwxYlRdwfG8PC
+azqKEr0RO2I+6MWtP8sU7ijFiy30xGglUJlqyOg9cFDAedOeW+uqslCflDkrTnyu
+JXlnMsZcwURDRu1w/HrZSBxfwwul76bLlMcj0ss+kZj8/BGm6LSJQwFTFwgwARc2
+pyEIcZ58tlfWDGJsoXX77wnNf1MUFGW69frcCywbrqRjXuhsRNcZfWj9Cx63N3i9
+IYhmy4hxFMcI5pSTgpkg0LECxl7OUudbAUlkyjRmQHaqN3+eotNRnUkek9CXIl3i
+89+iOTYIBlL8xaNCyyDijP4IZzOuVUMqOtNX7jio4v/ORDPtIwJR6HLWrqmSZOIX
+e/KvbdqAWtThcjsFh4ysvKNMPlXuBLRThRT37gGfRcyAmaBXsO6NuFhmdArUP19y
+kxCdQErPrxE+9eQTgDFc/fZ3A7+YMtFaipXcA5JiGJuF4Ezyvp8C/zFe3DAEdEyd
+C7JKlxy3uK9JGEoenX237yNwjhYluqgwSlxuEDvGr10cyLttirzgYDEmYYK0AAyi
+i39znPQuwwCneiqAmlQ20cV3ToOIeAhNS0KfvkcWaXWJPOI/M4uGhF9DioojrGWf
+Az825TTYZcx2PH2F25sQex0NJih4WypRSITDoA+RA7uQIyoaLL8/4OCZG+izNWMm
+HtZz7XL+fTYKJdRbxPd3VgZcNMQk+ir1kIsaCJkTQWc6me0Rh9dbfwwi7GZzGQJo
+GTZllCI5/mLVvQe4ujc/9NtRIazWEimEiHMblNTrVvGbHX7rHly47ILnls2V0+md
+ADSsAiN9UTxDTdH+0xnPWUFhaNrY9XBHH3FBaqL1itnN1U/NdELN6MDkX93HPhVK
+pdDmffg3sccoA8gZRxCZAfI2SJSFh9LYHY8B/ZYNFNGwf/d36kvnPqL+OLAdYI4q
+DbyAhhMXDA+2xLS9+gDOC65zT8luKXPKtTZud0VntO2eRlRDdHmJMH+SP2Uk2rST
+YSZ8YYqd30mnQchxnJugxdwPPMbtQhpoxz2puNmR+HDJqkM+cYKK6I3l4BkqI1aZ
+wk8BA6jNdNeaJULT62DHRD3XIUfjFOJmf/q/nstKVb22sgfqKUG5wangV3RU4Z5F
+rQUOYGbmzRpfctH2YpCOdU+Ay46hOoKqeC/ymlyqaCTZMdtL1hg++kyrrzbb80NF
+Qhg10RH1+skcs0kFXmhntEAMdtfyiRUSrsvn/bGSKdjx
+-----END ENCRYPTED PRIVATE KEY-----

ca/ca/serial

+1002

ca/ca/serial.old

+1001

ca/crl/ca.crl.pem

+-----BEGIN X509 CRL-----
+MIIDAjCB6wIBATANBgkqhkiG9w0BAQsFADBwMRcwFQYDVQQDDA5ob3JzZXRpbmRl
+ci5jaDELMAkGA1UEBhMCQ0gxDTALBgNVBAgMBFZhdWQxDzANBgNVBAcMBkdlbmV2
+YTEaMBgGA1UECgwRSG9yc2UgVGluZGVyIFNhcmwxDDAKBgNVBAsMA0lTQxcNMjQw
+NjI0MTQzMDI0WhcNMjQwNzI0MTQzMDI0WjAVMBMCAhACFw0yNDA2MjQxNDI5Mjha
+oDAwLjAfBgNVHSMEGDAWgBRBW8ia+4qNimJujZGcOmAgu1mBzzALBgNVHRQEBAIC
+EAAwDQYJKoZIhvcNAQELBQADggIBAJRXiECGosPAEfaN51urbw381VTe32qfoV8w
+47mZdbK9Q78zG1pObAMw0o0pzWYV8siST7RwQlsOFR4tXb1NePpsyU+fz0/eIwzE
+PDQie43B0sajiWEugRMnYS/PKJBigvLYj1ILZh9A1Ku1LYVQFYONV/mESF2hylpe
+pnosfiByzwbmGEioTDYbB2dX7F6jZXXfQvA4tWwhiI0q9Yx/TCw37Gj244HDnSNS
+mO6+Ag0ghHGWr6KBBGeK+DeQBslIdcNTteufKmBYrgFi4ih1h/3b52vssnYqVqwR
+UqPIGf6CO/1N41PJXWglOEgh8mk2oMDlVG9/og2tZrRkHggg2Jasjo1A8Z7ygjYl
+t8nmWqlLU+KQazow7hdaOGmodDYAnxPSc4dsnpOpYUdDFdgxXuubYLvnBnSs7Xcq
+ieKN0F3HtjVAvGm8yzRmqBpa0+zxlaEJrlO3PHBGdwn94ljvbcYPL0tqF4Vdwgy1
+s39CTaJNXw96D16Tkly7jA8++e3UM1yfOlHkwO1pXwqmwYNynhPAbIXcxW4WQ/qE
+A/qNW/nIPEiHgIGIdpH+sx7f8BVc0YUCqbplZ7YAoFN/AvUz+NzGvaaMIPWrsvTd
+B5Lpmvh7P2X1jGrt1BfFqpLp2Qbe86npJ25Q3dhx2cG0njIAOOUw7mrx2XeKU3Jn
+nf6jpcwQ
+-----END X509 CRL-----

ca/crlnumber

+1001

ca/crlnumber.old

+1000

ca/full_chain.pem

+-----BEGIN CERTIFICATE-----
+MIIElzCCAn+gAwIBAgIUCPlRQLy/Sh2+/US9YJTB+zvLbdswDQYJKoZIhvcNAQEL
+BQAwXjELMAkGA1UEBhMCQ0gxDTALBgNVBAgMBFZhdWQxGjAYBgNVBAoMEUhvcnNl
+IFRpbmRlciBTYXJsMQwwCgYDVQQLDANJU0MxFjAUBgNVBAMMDWFuZHJld3RhdGUu
+Y2gwHhcNMjQwNjE4MTg1NzExWhcNMjUwNjE4MTg1NzExWjBbMQswCQYDVQQGEwJD
+SDEPMA0GA1UECAwGR2VuZXZhMQ8wDQYDVQQHDAZHZW5ldmExEDAOBgNVBAoMB0Nv
+bXBhbnkxGDAWBgNVBAMMD2NvbXBhbnkuYmliaS5jaDCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAK+IC/2VqLLJ/PzzWeV2dbsvxUIrg26UJZnxJ5FlK1tg
+G0QSyK/aGA162es1slL5grwgjCSu8OFKHEKey8Y75v49+9IWLtOnqtx4y/l6zY6c
+6KrR1yJ88u9yCHVHODmqhnENWVduAdFDQZXFSDrlP0Udn8Agka+VxIUZn7GxiCQW
+etgMp4zQ4UNDZjECzsQ46Hp3WqpdeAVxFxblfDPlrVBnAdWnlbBdZ3798XHDOvDX
+Josmoc8DnWkkiVOmL0KFKw9R7dAhWyTXnVojqotPxGZPbDwwPv0QSaSsolrPQ9x4
+BOSf/QgZKQXW0Q35UgDT0bzT+wIyUezu3prJRd/2oIsCAwEAAaNQME4wHQYDVR0O
+BBYEFJbDmkp+DYOTwK255fK13gEd1u15MB8GA1UdIwQYMBaAFN6ATyzm7FYoUHlX
+5afUB9g9RLGTMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAAMgdzDm
+APOTu/UwuZPeTBY8qwkG74omNSG/8Yrz0XG8bYIBwFITvigbaPhMqOpSaztODiE2
+KLl4B58087M5UYHaDjv1O2Ps6KepOyUqPi3VWIplrUJYGk23Xe252fL5HbgSTsTK
+QFl6k/YMvw5YPNILRm3YP9Ud0KeSGJkE8/HGzyFChmGMwhgez1XhUjs8+PftCrf9
+xAZHigy8stkwU/Jwa0KfyxepF898AV9DEaVzJt4b+pM8BAWKWRTM+ioOjqL5z3b3
+TdRg8g8b8bfKEAotgy1S7SOZd5k0t/osp+rn97BwmK2VjkUGa4MLlQzz4Po4UGAc
+s1mHPpoigjTaHilH9UL2ByavGgK2bEIK3hkht/MYzqPJrOyT9QaJ9xU9j/syLQPA
+86qQ03Wo40QPZj91lLbZianiw4c2WXYDcpSD4exAOXSfVtaey3rvkbnVNR9uKigs
+Npm38Fbr6adNKWD+klwDzS4BEcUFcJsh68rzNW5hNM26dp4r3dajxumPg5RD+9yu
+iG+WlvonDoHFXIrtXcT9vSUGuoDOp0V3BpB9cBV8MGN7f5ROdMGJSf6BlBuNe0/c
+FUnbxtzct3uDQyCDn67xhZ3UMcjsU3ithRnuJbLfOaJEFEQqw/3qMD8ABrTudmHX
+5SVV97xuOTyQUgeCqA32JnBzWdXWB69HAOdk
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFsDCCA5igAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwcDEXMBUGA1UEAwwOaG9y
+c2V0aW5kZXIuY2gxCzAJBgNVBAYTAkNIMQ0wCwYDVQQIDARWYXVkMQ8wDQYDVQQH
+DAZHZW5ldmExGjAYBgNVBAoMEUhvcnNlIFRpbmRlciBTYXJsMQwwCgYDVQQLDANJ
+U0MwHhcNMjQwNTE2MjA1ODMwWhcNMzQwNTE0MjA1ODMwWjBeMQswCQYDVQQGEwJD
+SDENMAsGA1UECAwEVmF1ZDEaMBgGA1UECgwRSG9yc2UgVGluZGVyIFNhcmwxDDAK
+BgNVBAsMA0lTQzEWMBQGA1UEAwwNYW5kcmV3dGF0ZS5jaDCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBAMsTexhqMHc2CXkVZjFaQVV0p4jUjDvLMshKyxMI
+/twPv/vOg4qRgmaAZ7FUXtjCXN3E1RT40VICRps5zOPkJxMukbNOAKVkSlcvSCEV
+d51PrA1B9QIq3YVCOE/Q503bsDbcX2sSphnME39A2hMOSuRldNK6QsIM7BJccdD7
+lUcKhDMhMNkZ5+bFcxsf+XinkVnT/LyGm4PLjagjXAOCT2adOGboUFhmRo0/vHof
+R9h5gbrHLiGf8BZcX4VK28EhGKoNOKpdspcCIXfzDFFFNVt1cpXBufXTcH8T04kz
+IeVqN34lA/LRF3X/leZ/J5ZjbhSK50kOenP+5gmJ0tkRj0mOeYUNVYs+tz86uhvL
+uYdABXLeaAeVoJrmtuz0E7O2ls6B+ay+hmZGZvl6TnPnZ/y6eMuP7hNNw8AkTWV5
+ps3sUE7puEMFseN4ABR7RtrK/j/m8BOzOLBaivMzyGIDOiwAjNA76Ab9phdmxvrM
+PEPDhMKiPvYfdbVs0AdrHFkHKGrTSmHorFA42idfbutXTGoWufxv21nlZMSqxn11
+/nTdFb1j6RZBJHYKhD7vnvOcp/SB4BstnTcXX+XWoCwAhNMXJO0BzJbGnpeA1zP+
+5igXVcXDClrnqa5+2r9hxYKHD+utEzr+hMAabUmx/MZXwhZoXH/I7KDuw54PMK5K
+0Dn1AgMBAAGjZjBkMB0GA1UdDgQWBBTegE8s5uxWKFB5V+Wn1AfYPUSxkzAfBgNV
+HSMEGDAWgBRBW8ia+4qNimJujZGcOmAgu1mBzzASBgNVHRMBAf8ECDAGAQH/AgEA
+MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAL/Q91IV5UoQamfVe
+wg3Wx1dWJw3e7fxZpXAF2GkGgIqsmMZdscU8AQ3eMPriDQcqW0mcSohKl8gN6pvY
+bPqbfrzrZV7LVc/5O0JcWAD1oIJceKLZ2DSaAzPHvz9N0qC9YIDnw8wN1AfqK4OC
+UbTheKVHotYT8S13dAY/asVLpTf8xlvngt3RObe3U6KyO81pGmM/HHRuPMum/fV0
+iHtasCQ4hUZ/+x2wwngnm+yxfcDJaLDJ9IUhQZQwiw27OChh+MLrlkqmzxfntMjv
+/kCImH4T2X3c6czJ56qpLsv7wRDAxsNjJtCasXkXBl+RNvSCer3G3SPB/yl30bUf
+C/OBfJyuGs5H7DdUJ39d0MUK4YC+b7t6YH+dEAD6HZBP2tzmEGcREAtQV+5e5KJD
+KA9AitzuQ18MNJrBTj03qDFi3xhbuykYtKZzVWQRq/MyvxuzJFc59rqhMqp++p/R
+Oj7wv0A6/P+fbUm1FlEiREKFF6ejcJWCP0SdJIlv8ZiTkdg8UGFM0dGed5hXQvww
+nZZhfxOo+NIil1BoGfZZ38qbUNdK2kMxnrTdqgFX53Hz9xqjXTn43FMS+CJRZxVP
+o45dAtQbKOkKStVAWC9cXvzAS4st/hdlC5EkbzsZUXArRjTJ0A633YkDTu6OshKH
+lJDwQc1G93zhyDVJDfMWSf1rg78=
+-----END CERTIFICATE-----

ca/gen_cert.py

+import os
+import datetime
+import argparse
+from cryptography import x509
+from cryptography.hazmat.primitives import hashes, serialization
+import requests as req
+from dotenv import dotenv_values
+
+
+def load_ca(ca_cert_path, ca_key_path, ca_key_password):
+    with open(ca_cert_path, 'rb') as cert_file:
+        ca_cert = x509.load_pem_x509_certificate(cert_file.read())
+
+    with open(ca_key_path, 'rb') as key_file:
+        ca_key = serialization.load_pem_private_key(
+            key_file.read(), password=ca_key_password)
+
+    return ca_cert, ca_key
+
+
+def load_csr(csr_path):
+    """ Load CSR file
+
+    Args:
+        csr_path (): string representing the path to the CSR
+
+    Returns:
+
+    """
+    with open(csr_path, 'rb') as csr_file:
+        csr = x509.load_pem_x509_csr(csr_file.read())
+    return csr
+
+
+def create_certificate(csr, issuer_cert, issuer_key, is_intermediate=False):
+    subject = csr.subject
+    issuer = issuer_cert.subject
+    builder = x509.CertificateBuilder().subject_name(
+        subject
+    ).issuer_name(
+        issuer
+    ).public_key(
+        csr.public_key()
+    ).serial_number(
+        x509.random_serial_number()
+    ).not_valid_before(
+        datetime.datetime.now(datetime.UTC)
+    ).not_valid_after(
+        datetime.datetime.now(datetime.UTC) + datetime.timedelta(days=365)
+    ).add_extension(
+        x509.SubjectKeyIdentifier.from_public_key(csr.public_key()),
+        critical=False
+    ).add_extension(
+        x509.AuthorityKeyIdentifier.from_issuer_public_key(
+            issuer_cert.public_key()),
+        critical=False
+    ).add_extension(
+        # is_intermediate: True => new cert can sign certificates
+        x509.BasicConstraints(ca=is_intermediate, path_length=None),
+        critical=True
+    )
+
+    certificate = builder.sign(
+        private_key=issuer_key, algorithm=hashes.SHA256())
+    return certificate
+
+
+def save_certificate(cert, filepath):
+    with open(filepath, "wb") as f:
+        f.write(cert.public_bytes(serialization.Encoding.PEM))
+
+def get_certificate_details(cert, cert_name):
+    txt = f"Details of {cert_name}\n"
+    subject = cert.subject
+    for attr in subject:
+        txt += f"{attr.oid._name}: {attr.value}\n"
+
+    txt += f"Validity for {cert_name}\n"
+    txt += f"\t Not valid before: {cert.not_valid_before}\n"
+    txt += f"\t Not valid after: {cert.not_valid_after}"
+
+    return txt
+
+def main():
+    parser = argparse.ArgumentParser()
+
+    parser.add_argument("ca_cert_path", help="Path to the CA certificate")
+    parser.add_argument("ca_key_path", help="Path to the CA private key")
+    parser.add_argument(
+        "csr_path", help="Path to the Certificate Signing Request (CSR)")
+    parser.add_argument("output_cert_path",
+                        help="Output path for the signed certificate")
+    args = parser.parse_args()
+
+    config = dotenv_values(".env")
+
+    bot_token = config["API_TELEGRAM"]
+    channel_id = config["CHANNEL_ID"]
+
+
+
+    ca_cert_path = args.ca_cert_path
+    ca_key_path = args.ca_key_path
+    csr_path = args.csr_path
+    output_cert_path = args.output_cert_path
+
+    os.system("stty -echo")
+    ca_pass = input("Enter private key password: ")
+    os.system("stty echo")
+    print("\n")
+
+    try:
+        ca_cert, ca_key = load_ca(
+            ca_cert_path, ca_key_path, ca_key_password=ca_pass.encode())
+    except:
+        print("Bad password")
+        exit(1)
+
+    csr = load_csr(csr_path)
+
+    signed_cert = create_certificate(
+        csr, ca_cert, ca_key, is_intermediate=False)
+
+    save_certificate(signed_cert, output_cert_path)
+
+    with open("full_chain.pem", "wb") as f:
+        f.write(signed_cert.public_bytes(serialization.Encoding.PEM))
+        f.write(ca_cert.public_bytes(serialization.Encoding.PEM))
+
+
+    msg = f"Certificate {csr_path} saved at {
+          output_cert_path}.\nSigned by {ca_cert_path}\n\n{
+          get_certificate_details(ca_cert, "Signer certificate")}\n\n{get_certificate_details(signed_cert, "Signed cert")}"
+
+    url = f"https://api.telegram.org/bot{bot_token}/sendMessage"
+
+    payload = {
+        'chat_id': channel_id,
+        'text': msg
+    }
+
+    print(msg)
+
+    response = req.post(url, payload)
+    print(response.json())
+
+
+if __name__ == "__main__":
+    main()

ca/index.txt

 V	340514204530Z		1000	unknown	/C=CH/ST=Vaud/O=Horse Tinder Sarl/OU=ISC/CN=horsetinder.ch
 V	340514205830Z		1001	unknown	/C=CH/ST=Vaud/O=Horse Tinder Sarl/OU=ISC/CN=andrewtate.ch
+R	250704134243Z	240624142928Z	1002	unknown	/C=FR/ST=Ain/L=Ferney/O=Internet Widgits Pty Ltd/CN=bob.ch