-
Notifications
You must be signed in to change notification settings - Fork 595
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: Client TLS identity extraction and assertion directives (#4360)
- Loading branch information
1 parent
45be48d
commit d53124e
Showing
37 changed files
with
1,652 additions
and
169 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,227 @@ | ||
| Test cert files created through: | ||
|
|
||
| ```shell | ||
| $ export PW="verysecret" | ||
|
|
||
| # create a fake CA | ||
| $ keytool -genkeypair -v \ | ||
| -alias exampleca \ | ||
| -dname "CN=exampleCA, OU=Example Org, O=Example Company, L=San Francisco, ST=California, C=US" \ | ||
| -keystore exampleca.jks \ | ||
| -keypass:env PW \ | ||
| -storepass:env PW \ | ||
| -keyalg RSA \ | ||
| -keysize 4096 \ | ||
| -ext KeyUsage:critical="keyCertSign" \ | ||
| -ext BasicConstraints:critical="ca:true" \ | ||
| -validity 999900 | ||
|
|
||
| $ keytool -export -v \ | ||
| -alias exampleca \ | ||
| -file exampleca.crt \ | ||
| -keypass:env PW \ | ||
| -storepass:env PW \ | ||
| -keystore exampleca.jks \ | ||
| -rfc | ||
|
|
||
| # create a server keypair, in the JKS store example.com.jks | ||
| $ keytool -genkeypair -v \ | ||
| -alias example.com \ | ||
| -dname "CN=example.com, OU=Example Org, O=Example Company, L=San Francisco, ST=California, C=US" \ | ||
| -keystore example.com.jks \ | ||
| -keypass:env PW \ | ||
| -storepass:env PW \ | ||
| -keyalg RSA \ | ||
| -keysize 2048 \ | ||
| -validity 9999 | ||
|
|
||
| # create a signing request for the server cert (.csr file) | ||
| $ keytool -certreq -v \ | ||
| -alias example.com \ | ||
| -keypass:env PW \ | ||
| -storepass:env PW \ | ||
| -keystore example.com.jks \ | ||
| -file example.com.csr | ||
|
|
||
| # as the CA, sign the server cert, producing `example.com.crt` | ||
| $ keytool -gencert -v \ | ||
| -alias exampleca \ | ||
| -keypass:env PW \ | ||
| -storepass:env PW \ | ||
| -keystore exampleca.jks \ | ||
| -infile example.com.csr \ | ||
| -outfile example.com.crt \ | ||
| -ext KeyUsage:critical="digitalSignature,keyEncipherment" \ | ||
| -ext EKU="serverAuth" \ | ||
| -ext SAN="DNS:example.com" \ | ||
| -rfc | ||
|
|
||
| # import the CA cert into a JKS keystore | ||
| $ keytool -import -v \ | ||
| -alias exampleca \ | ||
| -file exampleca.crt \ | ||
| -keystore example.com.jks \ | ||
| -storetype JKS \ | ||
| -storepass:env PW | ||
| # enter yes | ||
|
|
||
| # import the signed server cert into the same JKS keystore | ||
| $ keytool -import -v \ | ||
| -alias example.com \ | ||
| -file example.com.crt \ | ||
| -keystore example.com.jks \ | ||
| -storetype JKS \ | ||
| -storepass:env PW | ||
|
|
||
| # we already have the crt file, but dump it out again from the keystore to get the whole certificate chain (I _think) | ||
| $ keytool -export -v \ | ||
| -alias example.com \ | ||
| -file example.com.crt \ | ||
| -keypass:env PW \ | ||
| -storepass:env PW \ | ||
| -keystore example.com.jks \ | ||
| -rfc | ||
|
|
||
| # Create a PKCS12 keystore with the server cert and private key | ||
| $ keytool -importkeystore -v \ | ||
| -srcalias example.com \ | ||
| -srckeystore example.com.jks \ | ||
| -srcstoretype jks \ | ||
| -srcstorepass:env PW \ | ||
| -destkeystore example.com.p12 \ | ||
| -destkeypass:env PW \ | ||
| -deststorepass:env PW \ | ||
| -deststoretype PKCS12 | ||
|
|
||
| # export the private key into a pem file from the PKCS12 keystore | ||
| $ openssl pkcs12 \ | ||
| -nocerts \ | ||
| -nodes \ | ||
| -passout env:PW \ | ||
| -passin env:PW \ | ||
| -in example.com.p12 \ | ||
| -out example.com.key | ||
| # then manually remove the lines before the "-----BEGIN CERTIFICATE-----" lines in example.com.key | ||
|
|
||
| # Finally drop that intermediate p12 keystore (we may need that later, but for now) | ||
| $ rm example.com.p12 | ||
|
|
||
| # create a client trust store with the CA cert | ||
| $ keytool -import -v \ | ||
| -alias exampleca \ | ||
| -file exampleca.crt \ | ||
| -keypass:env PW \ | ||
| -storepass changeit \ | ||
| -keystore exampletrust.jks | ||
|
|
||
| # create a client cert | ||
| $ keytool -genkeypair -v \ | ||
| -alias client1 \ | ||
| -dname "CN=client1, OU=Akka Team, O=Lightbend, L=Stockholm, ST=Svealand, C=SE" \ | ||
| -keystore client1.jks \ | ||
| -keypass:env PW \ | ||
| -storepass:env PW \ | ||
| -keyalg RSA \ | ||
| -keysize 2048 \ | ||
| -validity 9999 | ||
|
|
||
| # signing request | ||
| $ keytool -certreq -v \ | ||
| -alias client1 \ | ||
| -keypass:env PW \ | ||
| -storepass:env PW \ | ||
| -keystore client1.jks \ | ||
| -file client1.csr | ||
|
|
||
| # CA creates cert from signing request, adding some SAN (subject alternative names) | ||
| # I think those could also be added in the previous request step | ||
| $ keytool -gencert -v \ | ||
| -alias exampleca \ | ||
| -keypass:env PW \ | ||
| -storepass:env PW \ | ||
| -keystore exampleca.jks \ | ||
| -ext san=ip:127.0.0.1,dns:localhost \ | ||
| -infile client1.csr \ | ||
| -outfile client1.crt \ | ||
| -rfc | ||
|
|
||
| # import ca to client keystore (needs the full cert chain for importing the cert itself) | ||
| $ keytool -import -v \ | ||
| -alias exampleca \ | ||
| -file exampleca.crt \ | ||
| -keystore client1.jks \ | ||
| -storetype JKS \ | ||
| -storepass:env PW | ||
| # enter yes | ||
|
|
||
| # import signed cert into client keystore | ||
| $ keytool -import -v \ | ||
| -alias client1 \ | ||
| -file client1.crt \ | ||
| -keystore client1.jks \ | ||
| -storetype JKS \ | ||
| -storepass:env PW | ||
|
|
||
| # FIXME not sure what we do here, we already have the crt file, but dump it out again from that crt | ||
| $ keytool -export -v \ | ||
| -alias client1 \ | ||
| -file client1.crt \ | ||
| -keypass:env PW \ | ||
| -storepass:env PW \ | ||
| -keystore client1.jks \ | ||
| -rfc | ||
|
|
||
| # export key and cert to p12 | ||
| $ keytool -importkeystore -v \ | ||
| -srcalias client1 \ | ||
| -srckeystore client1.jks \ | ||
| -srcstoretype jks \ | ||
| -srcstorepass:env PW \ | ||
| -destkeystore client1.p12 \ | ||
| -destkeypass:env PW \ | ||
| -deststorepass:env PW \ | ||
| -deststoretype PKCS12 | ||
|
|
||
| # export the private client key into a pem file from the PKCS12 keystore | ||
| $ openssl pkcs12 \ | ||
| -nocerts \ | ||
| -nodes \ | ||
| -passout env:PW \ | ||
| -passin env:PW \ | ||
| -in client1.p12 \ | ||
| -out client1.key | ||
| # then manually remove the lines before the "-----BEGIN CERTIFICATE-----" lines in client1.key | ||
|
|
||
| # drop that intermediate p12 keystore (we may need that later, but for now) | ||
| $ rm client1.p12 | ||
|
|
||
| # create a client cert that we trust with different CN and SAN (mostly using openssl this time) | ||
| $ openssl genrsa -aes256 -passout pass:"" -out client2.key 4096 | ||
| $ openssl req -new -key client2.key -out client2.csr -passin pass:"" \ | ||
| -subj "/C=SE/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=client2/" | ||
| $ keytool -gencert -v \ | ||
| -alias exampleca \ | ||
| -keypass:env PW \ | ||
| -storepass:env PW \ | ||
| -keystore exampleca.jks \ | ||
| -ext san=ip:192.168.0.1,dns:some.example.com \ | ||
| -infile client2.csr \ | ||
| -outfile client2.crt \ | ||
| -rfc | ||
| # private key to pem | ||
| $ openssl rsa -in client2.key -out client2.key -passin pass:"" | ||
|
|
||
| # create a client cert that we don't trust | ||
| $ openssl genrsa -aes256 -passout pass:xxxx -out untrustedca.pass.key 4096 | ||
| $ openssl rsa -passin pass:xxxx -in untrustedca.pass.key -out untrustedca.key | ||
| $ rm untrustedca.pass.key | ||
| $ openssl req -new -x509 -days 999900 -key untrustedca.key -out untrustedca.pem -subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=CommonNameOrHostname" | ||
| $ openssl genrsa -aes256 -passout pass:"" -out untrusted-client1.key 4096 | ||
| # signing request, use the same san and CN as the trusted cert | ||
| $ openssl req -new -key untrusted-client1.key -out untrusted-client1.csr -passin pass:"" \ | ||
| -subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=client1/" \ | ||
| -addext 'subjectAltName=DNS:localhost,IP:127.0.0.1' | ||
| $ openssl x509 -req -days 999900 -in untrusted-client1.csr -CA untrustedca.pem -CAkey untrustedca.key -passin pass:xxxx -set_serial 01 -out untrusted-client1.pem | ||
| # private key to pem | ||
| $ openssl rsa -in untrusted-client1.key -out untrusted-client1.key -passin pass:"" | ||
| ``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| -----BEGIN CERTIFICATE----- | ||
| MIIEzDCCArSgAwIBAgIIML4ybmBf6BIwDQYJKoZIhvcNAQEMBQAwfjELMAkGA1UE | ||
| BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lz | ||
| Y28xGDAWBgNVBAoTD0V4YW1wbGUgQ29tcGFueTEUMBIGA1UECxMLRXhhbXBsZSBP | ||
| cmcxEjAQBgNVBAMTCWV4YW1wbGVDQTAeFw0yNDAzMDUxMjQ4NTlaFw0yNDA2MDMx | ||
| MjQ4NTlaMG4xCzAJBgNVBAYTAlNFMREwDwYDVQQIEwhTdmVhbGFuZDESMBAGA1UE | ||
| BxMJU3RvY2tob2xtMRIwEAYDVQQKEwlMaWdodGJlbmQxEjAQBgNVBAsTCUFra2Eg | ||
| VGVhbTEQMA4GA1UEAxMHY2xpZW50MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC | ||
| AQoCggEBAKcZBJ2ud2JQ3kwKPd+YhLEE1dJl+fQbM+b1L0RILeB7ibLOcHTf83+k | ||
| 60pBhfN9auOtuM2Bupxm0WvJiDnoCUjzYXx8TTkMa6P9jnfriJOGRe4dqdFIvu9B | ||
| ifcsDmPyi1ftqPmI6+YxiY0Ff1GZTJPyUBgRFO+dUkiqsoMQJ78TnB3dBIDbWxi7 | ||
| cXXLsCeJsf8zPWbeI5WjBwD85++RjB+vuO7xnfrO/CkxDSEYXGaW2H1Sh9GbduaC | ||
| MOveHfRPWk/nO5C3f7vjNSFMOzcjgoj97jeqhdLYRdMNNxiHodNsq8jyQhysFOo/ | ||
| Vll+fKNgwZqG+trOD+JimeY4efEKchECAwEAAaNeMFwwHQYDVR0OBBYEFCqUQE/b | ||
| uoRXrsjy0PLbUxpXkuh+MBoGA1UdEQQTMBGHBH8AAAGCCWxvY2FsaG9zdDAfBgNV | ||
| HSMEGDAWgBSOT0le0OKme2V3BRSP/QaswoL2kTANBgkqhkiG9w0BAQwFAAOCAgEA | ||
| Dn7dBm+B/WagSG1I5T6U6Kkj0b0yZ5E4FJcdZGZwy+8qvWhHoO762+B+fPbemmvG | ||
| k/nyi942hH17RzFRoPb02i2S1j9aCW/LX7GAY953d7L1nvKKN3Yvdn3xvxjFziLI | ||
| wtWwQyB/QZp25cTZSa2F1pa230U0V2prscJgeobKhP/q1Qv9ujO9BeuiElpefJom | ||
| gNv1ofqEiTjoEcHI4kJBWrd+F98M4D19YqxOVQoP4AOPBmPXonxp401vHLL9XMrR | ||
| VE2afoRJimvtzPtXK18gwiLKi2b/LJ2+qXOL5v9dftK+S/zMgiS68l2+4r4B8a+v | ||
| JDvbvXcp5cjdWxuo+/80LSaM3rfw404D3rQSF3d9Snxll7rQCjp9CY6YtFrxaQA5 | ||
| 3NVMvSmh+oJJ24+InqZYuKOpEz/Yc3/A1MX+n+hmzM3Rp2G2NVO8a2hs4bl1th2y | ||
| JHINir6jgX1EYuaLdYmszHmXJNEBbK31KIcx/gPqNKLQNLsiF1tcjD2BGM5YqDxT | ||
| LMZtg8YZn88AdKcmfPzSbPISIbQ3m6ig33/Cs8oHqZ8XjWsRjxaLvxRR9PavXzl3 | ||
| I5sVCUIPWJXD2gjhAlr6HteucRmmdp8+Co/stFv7UVZ8xLoepqe27mB+PdsSdhAm | ||
| nybO6bKgyMd55T+etl6qunTHnxxbFXrpYUehg3CGf68= | ||
| -----END CERTIFICATE----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| -----BEGIN NEW CERTIFICATE REQUEST----- | ||
| MIIC/zCCAecCAQAwbjELMAkGA1UEBhMCU0UxETAPBgNVBAgTCFN2ZWFsYW5kMRIw | ||
| EAYDVQQHEwlTdG9ja2hvbG0xEjAQBgNVBAoTCUxpZ2h0YmVuZDESMBAGA1UECxMJ | ||
| QWtrYSBUZWFtMRAwDgYDVQQDEwdjbGllbnQxMIIBIjANBgkqhkiG9w0BAQEFAAOC | ||
| AQ8AMIIBCgKCAQEApxkEna53YlDeTAo935iEsQTV0mX59Bsz5vUvREgt4HuJss5w | ||
| dN/zf6TrSkGF831q4624zYG6nGbRa8mIOegJSPNhfHxNOQxro/2Od+uIk4ZF7h2p | ||
| 0Ui+70GJ9ywOY/KLV+2o+Yjr5jGJjQV/UZlMk/JQGBEU751SSKqygxAnvxOcHd0E | ||
| gNtbGLtxdcuwJ4mx/zM9Zt4jlaMHAPzn75GMH6+47vGd+s78KTENIRhcZpbYfVKH | ||
| 0Zt25oIw694d9E9aT+c7kLd/u+M1IUw7NyOCiP3uN6qF0thF0w03GIeh02yryPJC | ||
| HKwU6j9WWX58o2DBmob62s4P4mKZ5jh58QpyEQIDAQABoEwwSgYJKoZIhvcNAQkO | ||
| MT0wOzAdBgNVHQ4EFgQUKpRAT9u6hFeuyPLQ8ttTGleS6H4wGgYDVR0RBBMwEYcE | ||
| fwAAAYIJbG9jYWxob3N0MA0GCSqGSIb3DQEBDAUAA4IBAQA41XLlAUovL9OkDhvX | ||
| PvSRsamNdZQXsXxCzgLHzNaAqHE8xdUgBUT0egxmbg0E8dwk7N/DKvH1EfkMn4uq | ||
| GrH1CIjzRh+tAk45jkQBp424W9RIYPzZ6vvNwKMJkKHqeXrIJ/rLHXuIZmCGUB8N | ||
| 9vtX/z97kQ5bc2x2jR94idlktxOXzkbUgkCyqOvUcaDz5yna2fq7wgQXtQFj/QKe | ||
| P9SRP4/KFchf8RrAmS8BvjYLRV2tLWTEI4/pi+AwJP4V2Jwpe8JvkFEI2yJBfHCy | ||
| +6/vc40/0Ra3tQGnfWZdFe8do2MBKFSEBG71YeJYjUL2UWK1bqql6T8QWsM+bNUU | ||
| ln6B | ||
| -----END NEW CERTIFICATE REQUEST----- |
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| -----BEGIN PRIVATE KEY----- | ||
| MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCnGQSdrndiUN5M | ||
| Cj3fmISxBNXSZfn0GzPm9S9ESC3ge4myznB03/N/pOtKQYXzfWrjrbjNgbqcZtFr | ||
| yYg56AlI82F8fE05DGuj/Y5364iThkXuHanRSL7vQYn3LA5j8otX7aj5iOvmMYmN | ||
| BX9RmUyT8lAYERTvnVJIqrKDECe/E5wd3QSA21sYu3F1y7AnibH/Mz1m3iOVowcA | ||
| /OfvkYwfr7ju8Z36zvwpMQ0hGFxmlth9UofRm3bmgjDr3h30T1pP5zuQt3+74zUh | ||
| TDs3I4KI/e43qoXS2EXTDTcYh6HTbKvI8kIcrBTqP1ZZfnyjYMGahvrazg/iYpnm | ||
| OHnxCnIRAgMBAAECggEAF1I5z3MR5PYh7G1ygMI15MnmuNh0OAJS7l1SdT54rq+3 | ||
| Qm4nClzWTH6dOy4lbpwWvsOYexAr1hfQizFjsqdEonqbZMcpdPibjlX9XBXSqDpR | ||
| iL/5m0TCpzxXr9hlgsQPeBxqnLckK2rHBphZkm8pna1wSceaiy3DFfLC+uFWlseB | ||
| X//jhOJlnpBVMiIg1faEtSCfFtuissIyVRz9INP9f9UvWGWFfORnBWMe8HkJjkhs | ||
| X0/a7E/GdwwRp5hOVmmBzz2Q1/zmlN51J8FX/omUOwQd58IbEqo1X7G/a0CexDLC | ||
| YRsZsBh7Dypp0J70tqWi46+gHmGQj0eIWnmXfWbYlQKBgQDTIRr6W6QfwnHgt+pN | ||
| VFuaiJNTBO5B3THTBE/ZRmK1hafuYIL3Qfy1iA/3A3y72Ik6mZmfr4F7F9aTPAfm | ||
| cnlZSDV6WqWQAXuebVLT70iD8NhDT7KdMlA6h2cbxAhTjbVpv8SA3vSWE0LAaQjU | ||
| P8mjHIcX6pOoHnzTGhu0Q+XRzQKBgQDKnEom85MBLc3PDuICd2WvaeGBrgJk7nuu | ||
| m65qONXiC/jFSQvn0VIvEb/TXlLyxJariL2b87SotWrMAnHYsQHZIEkOUul07EHf | ||
| woyOy9L/FNoxZHHxBBPAp2zlXK7F5Df5FOnOONlgsUmYb6+TpaAaLhREa7MOfp4T | ||
| CWE9L4XtVQKBgQDCVrXDf7k6Nryl8gSs+5p6S374qxA49kdXip+JSx2vIwEqDhJf | ||
| UJEx87VmVQJq0m220A41i9JuoMm1q0tGV1bV1P7MykWdoY/Ni6nzRU2FjZszklfC | ||
| FL7+sQY6654Sct1rIsbZLOEMh1wpSkWDQdfz2V2MqTMTTETv+BdKPjl8fQKBgDKX | ||
| C7zmHNKyiS0mXjCXd4BxQ6mJtXdWRPO4U7iaMG2c56T7NEnR7l9qYyd36eZMSALU | ||
| xeNm2rk1c1E1Ww/sQrXgZd15vmk/hMNGZKpTIoAmyMSEfB7eEcCNDZfHqKwo7AD5 | ||
| w9eGQmDuY534ZTLMrEldMBpVegQogXfnY6xPbXVxAoGBAIbPGwFLPQ40J55zSn73 | ||
| oEW7Iwr8xwc8+5ZpbPpkNaw7AdGqP9r7rLkmF7/icRghLpe5vSeGsHZ+Zh6Xo7bO | ||
| I84xrio1F0UE+/889ON9WNFY2/whSkngD4NAA7YjeOEz9NXZccapK/qjjXjkgLLn | ||
| JQajrbTucjy6mYfm1kxbx3nE | ||
| -----END PRIVATE KEY----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| -----BEGIN CERTIFICATE----- | ||
| MIIF3zCCA8egAwIBAgIJAPQ2ou41u9xcMA0GCSqGSIb3DQEBDAUAMH4xCzAJBgNV | ||
| BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNp | ||
| c2NvMRgwFgYDVQQKEw9FeGFtcGxlIENvbXBhbnkxFDASBgNVBAsTC0V4YW1wbGUg | ||
| T3JnMRIwEAYDVQQDEwlleGFtcGxlQ0EwHhcNMjQwMzA3MTQ0MDI3WhcNMjQwNjA1 | ||
| MTQ0MDI3WjB5MQswCQYDVQQGEwJTRTESMBAGA1UECAwJU3RhdGVOYW1lMREwDwYD | ||
| VQQHDAhDaXR5TmFtZTEUMBIGA1UECgwLQ29tcGFueU5hbWUxGzAZBgNVBAsMEkNv | ||
| bXBhbnlTZWN0aW9uTmFtZTEQMA4GA1UEAwwHY2xpZW50MjCCAiIwDQYJKoZIhvcN | ||
| AQEBBQADggIPADCCAgoCggIBAK7diaoP1FjN7iN4ZQOtKApt9pklyhsDpPJauB9N | ||
| ofgSVc0O2K5jC6bCagHCX444nsXNjQM5bp7mgagx3SwfjfF2a4Aga2PAhnUx/w9j | ||
| h+zHZAFCRJWAgR+opB0/oej1pn1VZSK0X7P3F6wBSdDR3tevBV6elu+IlDSH0yNJ | ||
| M7ozGv978SmgKwrOqsgY+Tv1stSS/DBc9lc2wklSo0pHIvd2HxNjbMXUofmKok2z | ||
| kBHeE0D7TSfhh7nu47eDMwc8RcZaEHevEFjdlL9Mf1M9Vjn8zR0Kf9de4Jf8DPr1 | ||
| +oOfPkXzhgDvxCPXZ2jBwrEy9OFS1CEqjUbxdmSb8l6X5S4Ov7u+PMeP1n3xrEha | ||
| TPoFeUF4QHlmzvT4/9MHCTj8EEy/hulcLCfZ2SlllZ9/NJQhZl+BL6joBk1pyjye | ||
| a7V57iGs0wOWy1xDDHRGb5fd9Rgu38AqDx41+bBqHla8qdH3FDzVrCTGgR1zXsMQ | ||
| KNdVaQYxdD73DBnTHT638n2GUk5jum/QglsRF6IOtN0G0eNz8NzeCp/Y1EXiq6+C | ||
| a73sokS6mBqXCnfLRgf8/gRton/iNrB3U6174IcTc1db9D4ofOquH8wN023loSdv | ||
| qo0lr7VBfJG6uP42sB2091l3S7HQ6ShUKtlV+47TQmaaL27i+6VQUN8OQnvaQoVS | ||
| JlJ5AgMBAAGjZTBjMB0GA1UdDgQWBBSvaGPvrZg9hBFLDawExq/DAkOCyjAhBgNV | ||
| HREEGjAYhwTAqAABghBzb21lLmV4YW1wbGUuY29tMB8GA1UdIwQYMBaAFI5PSV7Q | ||
| 4qZ7ZXcFFI/9BqzCgvaRMA0GCSqGSIb3DQEBDAUAA4ICAQCmddZV6dVwcpSMXyvO | ||
| HIwaJWfoqJMB14hpoeA16yXzfU2JHor1XH2ckqJo1t7OvOTVQ5ranfkPPp1pfeyM | ||
| nP+5I1bDUkq4w7as5UHACetQ9P+uSzfCr0CVEn1GZt1z1jw6OpqLFp4TO400iWQu | ||
| jbrTnqjM81/Fsjd/MSNCs9h4QNNiK/a2pypFJbpen2h6Go0AY+qbqNljTRQCqGwm | ||
| vyQTbgp18VLnAMC/gNZG2alXYGJSYd3RGuPDDYI6hVjesn847cw5D3Fmw68ETKog | ||
| 6ucRyL2HQYeFISEgZUVwGTi9ejhUefTodrWvltYiFUeeWWL/Bc4SbF3cQzGZbEQG | ||
| EQWM49Zv+/RaCJAhDgKQBeYI5ppaj20ecE/3EvBkqvzYdTo6QxPDu8UGkjAnYrt8 | ||
| EJYNtcPbi6Q+k1M4141n63KLxHkPjnmUOeHTm4OJnZJQSM19QxiKJiEpMHzTgcQ/ | ||
| mrFde7pioycgm5P2vuLeR/u+PRcJ5ebMif1xNyNxpXIT0XWgu3zY1CR4IPQq+SF8 | ||
| xBBfB9a8CBLtGQTn3A07pyv5WqC+My0KDX/Jxm2XSyasYR+wTnylIQwRlcU2AC4i | ||
| 2ZJ8YQx4hPxjV/JhIAI11JJboXJ99OmreX+1XsGmopfo1f/yRIbEz39/pLpaINq6 | ||
| Yx/4M123Skz8gLjbJibHJiRkcg== | ||
| -----END CERTIFICATE----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| -----BEGIN CERTIFICATE REQUEST----- | ||
| MIIEvjCCAqYCAQAweTELMAkGA1UEBhMCU0UxEjAQBgNVBAgMCVN0YXRlTmFtZTER | ||
| MA8GA1UEBwwIQ2l0eU5hbWUxFDASBgNVBAoMC0NvbXBhbnlOYW1lMRswGQYDVQQL | ||
| DBJDb21wYW55U2VjdGlvbk5hbWUxEDAOBgNVBAMMB2NsaWVudDIwggIiMA0GCSqG | ||
| SIb3DQEBAQUAA4ICDwAwggIKAoICAQCu3YmqD9RYze4jeGUDrSgKbfaZJcobA6Ty | ||
| WrgfTaH4ElXNDtiuYwumwmoBwl+OOJ7FzY0DOW6e5oGoMd0sH43xdmuAIGtjwIZ1 | ||
| Mf8PY4fsx2QBQkSVgIEfqKQdP6Ho9aZ9VWUitF+z9xesAUnQ0d7XrwVenpbviJQ0 | ||
| h9MjSTO6Mxr/e/EpoCsKzqrIGPk79bLUkvwwXPZXNsJJUqNKRyL3dh8TY2zF1KH5 | ||
| iqJNs5AR3hNA+00n4Ye57uO3gzMHPEXGWhB3rxBY3ZS/TH9TPVY5/M0dCn/XXuCX | ||
| /Az69fqDnz5F84YA78Qj12dowcKxMvThUtQhKo1G8XZkm/Jel+UuDr+7vjzHj9Z9 | ||
| 8axIWkz6BXlBeEB5Zs70+P/TBwk4/BBMv4bpXCwn2dkpZZWffzSUIWZfgS+o6AZN | ||
| aco8nmu1ee4hrNMDlstcQwx0Rm+X3fUYLt/AKg8eNfmwah5WvKnR9xQ81awkxoEd | ||
| c17DECjXVWkGMXQ+9wwZ0x0+t/J9hlJOY7pv0IJbEReiDrTdBtHjc/Dc3gqf2NRF | ||
| 4quvgmu97KJEupgalwp3y0YH/P4EbaJ/4jawd1Ote+CHE3NXW/Q+KHzqrh/MDdNt | ||
| 5aEnb6qNJa+1QXyRurj+NrAdtPdZd0ux0OkoVCrZVfuO00Jmmi9u4vulUFDfDkJ7 | ||
| 2kKFUiZSeQIDAQABoAAwDQYJKoZIhvcNAQELBQADggIBAJ55PXF7DWwoIzmnz+hy | ||
| 8wTYQA4sSHWcJLOjsYYikO3D2E0uNSzO2VK9w04wnviUe8rcet/wVlWuEvqRLAQ4 | ||
| YAPXm4+EvQIIl+VWjXm874Bt0IhWOLlb7icHjSrfOAzRnZlSHU2BXh0HFB6XC1Zk | ||
| bRWKm0Ts2XAxlVRg//agw4TKs/jztnzegNko0ZX0IqjSQcpA2UAnMu3NMiDVtSyg | ||
| Z9Qfh9POxIrRR3E0vXgzRK3NmL+kK2xWnotKegF2OL246L+YlCM7gWRktjvwW2ZU | ||
| aCH02wSQwGN/nMolcT0z/wWm5lqaVYSrX44hfesbvxl9KNikOn95hxdqOr0FLjvP | ||
| LmfroD3qRBcjxFKAZgxie+L6ivoJ270daMkT62Ni5aq3iuvKeGbQ8H+diLbESHG9 | ||
| L1mQvzXMsViOWO7NM2EzujAkQsfrbpvHrob7kTJXVaUiDPBa0DemEJbc4KeM43sd | ||
| ZnH+udRCkB/tf1qqh8urtUODlChAROZV019WHxt3IFW94G+D65Wi6RVN/bxUxFdd | ||
| g3p2jUVzae2CaI+K0WMXKzCC+sEn9hEYCqZLbbNSh07nZYWpVixwj7Y/3F9xmcPW | ||
| RCr9V2sWrFl/IeI5rdoo4rQi0fH7O/e2SZSWBiPNsZAqIMnIz4AWRoNmS6aWEL4g | ||
| 0VvbldH1RkoB/90Rz3VCGRsI | ||
| -----END CERTIFICATE REQUEST----- |
Oops, something went wrong.