wolfSSL · douzzer · Nov 16, 2024 · Sep 26, 2024
diff --git a/certs/intermediate/ca_false_intermediate/gentestcert.sh b/certs/intermediate/ca_false_intermediate/gentestcert.sh
@@ -0,0 +1,161 @@
+#!/bin/bash
+
+# Script for generating RSA CA and server certs based on it.
+#
+SERVER_PEM='test_sign_bynoca_srv.pem'
+INTCA_PEM='test_int_not_cacert.pem'
+CA_PEM='test_ca.pem'
+
+CURRENT=$(cd $(dirname $0);pwd)
+# OpenSSL configuration files
+OPENSSL_BASE_CA_CONF='wolfssl_base.conf'
+OPENSSL_CA_CONF='wolfssl_ca.conf'
+OPENSSL_INTCA_CONF='wolfssl_int_ca.conf'
+OPENSSL_SRV_CONF='wolfssl_srv.conf'
+# SEt ver
+CA_NAME="test_ca"
+INTCA_NAME="int_ca"
+SRVCERT_NAME="server_ext"
+CRT_HOSTNAME="WOLFSSL"
+CRT_DN="${CRT_HOSTNAME%% *}"
+CRT_ALT_NAME="$(echo $CRT_HOSTNAME | sed -e "s/^/DNS:/" -e "s/ /,DNS:/g")"
+
+CA_HOME=$(cd $(dirname $0);pwd)/pki/$CA_NAME
+INT_CA_HOME="$CA_HOME/gen_int/$CRT_DN"
+SRV_CRT_HOME="$CA_HOME/gen_srv/$CRT_DN"
+
+Prepare_folder_file(){
+    mkdir -m 700 pki
+
+    # Create folders for CA
+    mkdir "$CA_HOME"/{,certs,db,gen_srv,gen_int}
+    mkdir -m 700 "$CA_HOME/private"
+    # Create folders for Intermediate CA
+    mkdir "$INT_CA_HOME"
+    mkdir "$INT_CA_HOME"/{,certs,db}
+    mkdir -m 700 "$INT_CA_HOME/private"
+    # Create folders for Server
+    mkdir "$SRV_CRT_HOME"
+    mkdir -m 700 "$SRV_CRT_HOME/private"
+
+    # Create and populate openssl CA files
+    touch "$CA_HOME"/db/index
+    openssl rand -hex 16 > "$CA_HOME"/db/serial
+
+    touch "$INT_CA_HOME"/db/index
+    openssl rand -hex 16 > "$INT_CA_HOME"/db/serial
+
+    # Copy openssl config and private key
+    cp "$OPENSSL_CA_CONF" "$CA_HOME"
+    cp ./"$CA_NAME".key ./pki/$CA_NAME/private/"$CA_NAME".key
+
+    cp "$OPENSSL_INTCA_CONF" "$INT_CA_HOME"
+    cp ./"$INTCA_NAME".key "$INT_CA_HOME"/private/"$INTCA_NAME".key
+
+    cp "$OPENSSL_SRV_CONF" "$SRV_CRT_HOME"
+    cp ./server.key "$SRV_CRT_HOME"/private/server.key
+}
+
+Generate_conf(){
+    # copy conf from base
+    cp $OPENSSL_BASE_CA_CONF $OPENSSL_CA_CONF
+    cp $OPENSSL_BASE_CA_CONF $OPENSSL_INTCA_CONF
+    # Replace contents
+    # For CA
+    sed -i "s/_CA_NAME_/$CA_NAME/" "$OPENSSL_CA_CONF"
+    sed -i "s/_CERT_NAME_/$INTCA_NAME/" "$OPENSSL_CA_CONF"
+    sed -i "s/_CA_DEPART_/Development/" "$OPENSSL_CA_CONF"
+    # For Intermediate CA
+    sed -i "s/_CA_NAME_/$INTCA_NAME/" "$OPENSSL_INTCA_CONF"
+    sed -i "s/_CERT_NAME_/$SRVCERT_NAME/" "$OPENSSL_INTCA_CONF"
+    sed -i "s/_CA_DEPART_/Product_Support/" "$OPENSSL_INTCA_CONF"
+}
+
+cleanup_files(){
+    rm -f wolfssl_ca.conf
+    rm -f wolfssl_int_ca.conf
+    rm -rf pki/
+}
+
+# clean up
+if [ "$1" = "clean" ]; then
+    echo "Cleaning temp files"
+    cleanup_files
+    exit 0
+fi
+if [ "$1" = "cleanall" ]; then
+    echo "Cleaning all files"
+    rm -f ./"$SERVER_PEM"
+    rm -f ./"$INTCA_PEM"
+    rm -f ./"$CA_PEM"
+    cleanup_files
+    exit 0
+fi
+# Generate OpenSSL Conf files
+Generate_conf
+# Prepare folders and files
+Prepare_folder_file
+##########################################
+## Create CA, Intermediate and Server Cert
+##########################################
+# Generate CA
+cd "$CA_HOME"
+
+# Generate CA private key and csr - use config file info
+openssl req -new -config "$OPENSSL_CA_CONF" \
+                            -out "$CA_NAME.csr" -key "private/$CA_NAME.key"
+
+# Self-sign CA certificate - use config file info
+# Note: Use extension from config "ca_ext" section
+openssl ca -selfsign -config "$OPENSSL_CA_CONF" \
+        -notext -in "$CA_NAME.csr" -out "$CA_NAME.crt" -extensions ca_ext -batch
+
+# Generate Intermediate CA
+# cd into Cert generation folder
+cd "$INT_CA_HOME"
+
+# Create private key and csr
+openssl req -new -config "$OPENSSL_INTCA_CONF" \
+            -out "$INTCA_NAME.csr" -key "private/$INTCA_NAME.key"
+
+cd "$CA_HOME"
+# Sign certificate with CA
+openssl ca -config "$OPENSSL_CA_CONF" -notext \
+    -in "$INT_CA_HOME/$INTCA_NAME.csr" -out "$INT_CA_HOME/$INTCA_NAME.crt" \
+    -extensions "$INTCA_NAME" -batch
+
+# cd into Cert generation folder
+cd "$SRV_CRT_HOME"
+# Create private key and csr
+openssl req -new -config "$OPENSSL_SRV_CONF" \
+                                    -out server.csr -key private/server.key
+
+# cd into intermediate CA home
+cd "$CA_HOME/gen_int/WOLFSSL/"
+
+# Sign certificate with CA
+openssl ca -config "$OPENSSL_INTCA_CONF" -notext \
+    -in "$SRV_CRT_HOME/server.csr" -out "$SRV_CRT_HOME/server.crt" \
+    -extensions server_ext -batch
+
+
+# cp generate certificates
+cd $CURRENT
+# CA
+openssl x509 -in ./pki/$CA_NAME/$CA_NAME.crt -inform PEM -noout -text > ./pki/$CA_NAME/$CA_NAME.pem
+cat ./pki/$CA_NAME/$CA_NAME.crt >> ./pki/$CA_NAME/$CA_NAME.pem
+mv ./pki/$CA_NAME/$CA_NAME.pem $CA_PEM
+
+# Intermediate CA
+openssl x509 -in $INT_CA_HOME/$INTCA_NAME.crt -inform PEM -noout -text > $INT_CA_HOME/$INTCA_NAME.pem
+cat $INT_CA_HOME/$INTCA_NAME.crt >> $INT_CA_HOME/$INTCA_NAME.pem
+mv $INT_CA_HOME/$INTCA_NAME.pem $INTCA_PEM
+# Server
+openssl x509 -in $SRV_CRT_HOME/server.crt -inform PEM -noout -text > $SRV_CRT_HOME/server.pem
+cat $SRV_CRT_HOME/server.crt >> $SRV_CRT_HOME/server.pem
+mv $SRV_CRT_HOME/server.pem $SERVER_PEM
+
+# clean up
+cleanup_files
+
+echo "Completed"
diff --git a/certs/intermediate/ca_false_intermediate/int_ca.key b/certs/intermediate/ca_false_intermediate/int_ca.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC4VOnmv/SyU9w8
+kloGnogOLqerpp0HNI8/fOU3+CYr4M0mETKuBvI7PkXBV0VLNpupt5MmAgi/H1QX
+bejxNiBsQOLo278NgFYPoNm1OdazQ5PeX8+lNFJ7OEq8TBHSriwfJuJRyNaU5Mr+
+qxcTDZx4+Mvr8cZbmVoSK8s5S6DT7CJmYjSdV52aB8ZFOj3psoLnEsavPKi5Wk+O
+BRvQnWNy0yxjZ9k+Md39gZiEbezfQyy3UzHi7aUc6MrfUDOpmAwmuaE6I/caztFP
+HpgZqT7sva20RPvOKtBhuVyxd27h9dzHr+ZD7rc8FohFRg5tVtccDq41/oRvy9CN
+1uM99eyHAgMBAAECggEADBW/wq8caIHy/c2iiq3jbE/xZ4w5iKVmLDAQtHCtH/yn
+C93eHWa7Lth6/kgDH6vph2D6YWg0u+2z4lgEXlFsIsIbnk9PNqAOrwuepQZbuyOt
+Esvj8zLQ+DR37IxthrXV6Aeb7ZIQmhu960sQQjbcPATOacj6IOXsRSYLNtXB1OLu
+Xo4UbjLX3uOrAg5uMsi/Z/2s9jy3eDBf8FWmM6fBDsejRl18MzY2Y7bYS1yL3762
+4ydB4yHJEEkiFurtjgdX2pscF+ftivYrVqZDUWhM7htFLJz6bS4sRpgjfQegYs4f
+RLTuef/+ozFVhpH/HuPrV2jH67T90Z5lHgZ6Nm5qwQKBgQDybcwCKcFFWKac84ln
+JDJuqPHyyRgH09cia6C7Y/t1/caSJvJP6KR4c7TuEvIYpc6hSsO1Pd1k6ajFkDdN
+IWYfOF3R6K3vR956LPWPdxkYWdONjmwBvVaKozWmxR01RHeGXk+VxFb7PBudAvEu
+cGOzDEaTuE5RC1RxNHjZYxZ98QKBgQDCpoljVMR+/7+pwKoIEmw1FmH+DEEgL+so
+U1pBcaPU1poBRYKH+1yah7M+eFhTEzV4XbJCjMYeynSCWMSqGXrHwWq0AmA3jhSM
+OyDuwboTXVHCkqIuAs/Q/8A9dcyTejsgLuU6mLU1eXzNeWm0/0VjfvPgOziM7SHt
+14tip/P59wKBgQDTY74yXKp0h3qw/QLg9wUqzRI8O/FCUgwTrXm4LNSF7EWMB33f
+A+L2TR6FQevsZhgpOIIytcEpTz2lF73A+dCMhJ/6e0O/lBGAw1dUQ+uT+i+oDXpM
+ggbGWM5dnx965Tq75dzLoSqfY6hIXtpjPgkRhTC9ekaAELsPA0wlcmuYYQKBgDVT
+Llw6AsLQCY/Vqj8f3OkGQr44WTcaKZAYladMHJfYWsRyaHocUJg9CMvaaEgKASIC
+eS1mJ3iT+isjam03Ib3LrRG3fOh7UgHAyRrfk7xuWlG1nhyAxLH6/o1X0j2sxLni
+XwYYg7wslhYsZtsg+79wLhuF3c4twJfJ7vOOE3atAoGBAKiH+9h5SdQ2L4gjM+dl
+0dr1fTZpJta+l0FIEiOdQcbGp7ia9G9WglV5HkzyhETG+wTNNuG8GD/jTlg23AVE
+vVf2vPq7La3juAT7oOoEkm13vQ//2VUJum4g34dP4V9FpWP5FLiAAu9H8op5P9Hp
+LqbpMcrAkbexh41ZEZlmzSx5
+-----END PRIVATE KEY-----
diff --git a/certs/intermediate/ca_false_intermediate/server.key b/certs/intermediate/ca_false_intermediate/server.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC6IGIrgaxYzvMi
+XZ9GkLfppLP84bdp07YUh8u7MR67YPI/jGoNY1WiyANKjdajY937KO8xlXDMKJUf
+8JyJ9PZWHgCBUxt4G/mf4xBljMZANiHNV1WyFHGaVznu2pgbr4ngwyv5oZM/TWVB
+K2YdZpyVld8Z3I14RvQV62Rclxbs4uzK6+IDuEGBxfTKpOSr3u0a2qONAjmNACxd
+fu+RsdeWumXBQ//UajX6F1DNdj4dvqRp9u5Hw3pJmoBv5puD4OhYcfvNbcG0FtI3
+ZKa8sPT++/Rypjx5MnrAtTAhsTXf2UV/xPbFHJhtU9b/NsE4GLd2ExDIRWpSc2V+
+ublm1DwnAgMBAAECggEAA92CTGb//kQl9nO9SAjfWOHLvxes6Gy2Hk0HpRaLDdcg
+kMNIvIhwkdXXg6fYakI7rOiXtw7kbcj199jWV2MX7ofm+MiSDHeAQprDj2hSAale
+IFaM+ArGpS7kjBpMCF8n3NwQwLljRnBEBwtwrnGgFNcs7+uNoI7QqNffmLCmkDrJ
+BCK3kXXbjENOuzlddgxsb1mipsXot3uwDaByB8Tl2OtI7ezZvhCraeYZMyRXuq2o
+JDPk3FZ9O/mPgULZrqnlvxyJmog2ajgyED4M0mqM29L4YB3MOOz8Wgeksp20VEQJ
+lHJtpHK+zcodnT3rXGMj2A1Qu4HHoYEdKvAb8XzuUQKBgQD/nP7ZFOCJGR+q/Wu1
+CSLYwO9YM8sn7gMy3R1C1Ps7UKvjVWDv9cjsgId7XnYSQQ/52kV8HbIMqr9EOlwS
+pHkHmAbqDNhLY++hhqf9nPHo6e0AiMY4uF/JcfYb8A4PE8/x8Iv5HVjH9WYJFwcL
+UNDgm0ULrSbRR7ULtaSpZjyXfwKBgQC6aHlpNIvqa3+KmFmZFI4Xx5EB6fHBy02R
+PJKk/B2SVsW+kq0kAwsYdnS6rbkYS8ZmfyJKzvacXpDYvUfFV93s+ewoT5J2a4Ab
+WmELmWABqqCwvyT7h2oO+hqLljGNIJxygR0iu9F/fHVYp8G/oHZBeDZEJt+PNR0G
+cuG7/6zvWQKBgF/dforl1Iw2evUDFFkSMxp9yYYX7rJsBpEV8np1LEADsmORSsjU
+MmXYkndHZxrTge1f2j2BWZx8kT1CcfOf8bBSaQ1wgdJMibvXp7trGCMVUIipw0XU
+iEAh2H6D2pH3CT8gyy5Dvl9H/tub4k1xItWKBiwp5WwJ67GXj0jlCgZ7AoGARYmz
+wQtZJpnzekBbLD/+weAwuAYNqb2tsgBmtCVY4r58Bhuxez2nZfjKktk7s1SRLqs+
+n6mVVb/xSOlTXMrqfvy8nE0S1hpEL/AHQ8xzhCuixkyH/00Ew5GJVYkx8vO3aP/B
+XrOx81z6aZgrLtEtTD8L/2CBBWtK6JzymK9IVAECgYAfoFaqRVl0JJlQJttfQtc+
+cYyVzZEBzckIH3BriHuNwDpnPOq6iSx5JUp6mh03G3/3mHx4G45tD6GvsK53WIAH
+TCrHQv6vRjrA2oay/AlO2x/ElBOkdOVo8x20YGAAhIRAh65rwFrdTREnfUwChwSV
+QVeI7CdToIyIiZGhYmmO/g==
+-----END PRIVATE KEY-----
diff --git a/certs/intermediate/ca_false_intermediate/test_ca.key b/certs/intermediate/ca_false_intermediate/test_ca.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC8QEMO8Y4eCzs2
+9n6qVnfSp9tVSxQQUtgkAVgmIJX+5g3MZef9vR2ZOSeXVXibOluq2SBjRlzrorJQ
+AXY8r07l1+PNFpf4UQr70yaI1xO8VAlC/zmFqmE5zI8OjqbH4Ck8r6yaM+ZPNM20
+VClvkoIAzlGnVe6vziHpNuGnDXXfMtYOFeNmeCFBe87VnOjFCZR+hHtZKmRrkUtL
+9w30UJKP9QMNcyBMTnugjcpflM82HObhuxRBkBZoAkFTksbEbNOtVgUiSq6aKt78
+6tiZolplL/5DrivplHCuNdyPE3Jhv7r8SLeh7VysXJxLxU1J2oZldzS7uq5uTPl9
+9sKCkJzhAgMBAAECggEABxk4Ph3DMWRUhwnL9HHewlGEjoaOeuAY2OC5GXT0mwBD
+SHAWS6XgMhkq4kS9j8LnVn2qADxUwCjqJuSrN/YXWEjoBOGDeQBbVOwdIZ9Ule8o
+Sz+zBFSMpoCNa2vbI6HTBEAOluD6oAV6dUCQMG4am1usTg5KOhRgiHoCj8lM5s3j
+/f0KWkJReql92o//bLDXDjeGGDtIzaWfIKpsW7gwPe6nHsR7n854sbkdRT9b6BMa
+EZPg17XD8Dg1ZkvUemShrvgPrGFPMH/JFcvpX1s4/l2kM88xQEL+s45E4IyTT2gh
+FlDFC3QXrFI7M7emid3rwXIVEkEIO4Aw4xW34OAVnQKBgQD5cJE/WojeHI3Pyo3L
+sMDaWabzWWAAsev5EpDo41BalPDpBig29qO31afkIwIgCQyLNMXn9VqxoxILOg5d
+uopBaPWHihmME5qgLp6F6nDeOYril1b1LU1/7G2Ehu9lGYLJd6hdQ6tC/iKMfrIz
+fnsHEH/FC4woWmXdFMozujyZNQKBgQDBM7jeBtdIOOZhcwc98y9mQUr+ttlUODC6
+BNI2xAcV6ZJg/y0JXby84jM0fP5MuCkGHdNvufpvT68Dn9NRhrOBz8JyhCy5m4Rz
+/dIr3JUT5Y0r4+2l5MgfZMlcYCWESNcJPwchSstzAthLhtrgP2ZFGfzzZUZGAMxR
+f6sZK7pWfQKBgQCYpp4NAm/eVeUndBNAw4PSXKlCJcENy9TYkdci3vHu7VVdlgoI
+UPoyZ8ueXxpO1prZmks/QDTnnx9MxZPDIoS3sO8JqqclxV2Mh9s1oxq9tMNdFjb+
+RmI2Vk9TmmxpF6qldtgPc3kcv4APMP4Ha3EJCrzWrtFwZJoQKUfxThkFvQKBgQCI
+Scs0XJELMpBZ2AIY0m7ybEbSDfyba5P79SCxX3E8JOuMnxWPEN/uQocqlK3zQso1
+tV6M5x3h3c0w+lLgpOwGO6AIlnLScAFsrXXQWSeUxI7kkkH3j78YXkmpb22ntpZy
+wFJwSsngFPatuLC4FiE3x9Bnhl6fTTrUlwIEnJMzJQKBgFc5ej1NXuPWDlLKjC7w
+0N4YPs5BJRuhoUxyajYC3FxiWvr5bTz7zqc5DAPcH0nGAH/UVWZzWXMUw+Je3dej
+chkmVUuKjfTZTZHOBAqJDCNRfZcfzWnzAcXkcmsAHr53UKYnH8XGuHsPVHujQVu/
+0Hx7AKuJK48fZeo8LTZufg1l
+-----END PRIVATE KEY-----
diff --git a/certs/intermediate/ca_false_intermediate/test_ca.pem b/certs/intermediate/ca_false_intermediate/test_ca.pem
@@ -0,0 +1,80 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            3b:1d:6e:96:2e:32:85:de:99:5a:63:dd:49:1c:eb:cc
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C = US, ST = Wahington, O = Seattle, OU = Development, CN = www.wolfssl.com
+        Validity
+            Not Before: Oct 10 03:44:23 2024 GMT
+            Not After : Oct  8 03:44:23 2034 GMT
+        Subject: C = US, ST = Wahington, O = Seattle, OU = Development, CN = www.wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:bc:40:43:0e:f1:8e:1e:0b:3b:36:f6:7e:aa:56:
+                    77:d2:a7:db:55:4b:14:10:52:d8:24:01:58:26:20:
+                    95:fe:e6:0d:cc:65:e7:fd:bd:1d:99:39:27:97:55:
+                    78:9b:3a:5b:aa:d9:20:63:46:5c:eb:a2:b2:50:01:
+                    76:3c:af:4e:e5:d7:e3:cd:16:97:f8:51:0a:fb:d3:
+                    26:88:d7:13:bc:54:09:42:ff:39:85:aa:61:39:cc:
+                    8f:0e:8e:a6:c7:e0:29:3c:af:ac:9a:33:e6:4f:34:
+                    cd:b4:54:29:6f:92:82:00:ce:51:a7:55:ee:af:ce:
+                    21:e9:36:e1:a7:0d:75:df:32:d6:0e:15:e3:66:78:
+                    21:41:7b:ce:d5:9c:e8:c5:09:94:7e:84:7b:59:2a:
+                    64:6b:91:4b:4b:f7:0d:f4:50:92:8f:f5:03:0d:73:
+                    20:4c:4e:7b:a0:8d:ca:5f:94:cf:36:1c:e6:e1:bb:
+                    14:41:90:16:68:02:41:53:92:c6:c4:6c:d3:ad:56:
+                    05:22:4a:ae:9a:2a:de:fc:ea:d8:99:a2:5a:65:2f:
+                    fe:43:ae:2b:e9:94:70:ae:35:dc:8f:13:72:61:bf:
+                    ba:fc:48:b7:a1:ed:5c:ac:5c:9c:4b:c5:4d:49:da:
+                    86:65:77:34:bb:ba:ae:6e:4c:f9:7d:f6:c2:82:90:
+                    9c:e1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: critical
+                Digital Signature, Certificate Sign, CRL Sign
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Subject Key Identifier: 
+                49:CB:00:BF:AC:AD:4B:18:2C:DB:69:21:1E:60:EF:00:4E:FC:69:52
+    Signature Algorithm: sha256WithRSAEncryption
+    Signature Value:
+        24:1c:cf:b6:3e:20:6e:99:e8:36:b3:7e:2d:67:0d:cb:b5:1c:
+        69:ff:5a:bb:0b:2f:52:fd:d6:3e:73:5c:a2:47:8e:8d:1d:fc:
+        96:e7:e0:ca:e6:b6:3d:af:fa:f1:77:77:e6:2e:67:e6:44:d7:
+        84:36:ce:dc:cb:3e:3d:bf:bc:8b:48:53:30:fa:bf:43:81:5b:
+        e0:a3:a7:db:44:c2:29:cd:4c:8a:68:e8:b9:3e:5d:eb:e4:06:
+        17:6d:de:cf:76:e9:5a:6a:16:27:f8:6f:96:43:8a:4f:65:be:
+        3a:f2:7e:fd:ad:55:93:ad:ac:00:b4:b5:f3:85:b0:d7:83:6d:
+        ab:d0:8f:1a:23:36:e1:1f:c4:9d:54:e8:ee:20:cd:b9:da:56:
+        a7:92:5a:a5:bd:36:c5:a2:ea:ac:06:24:98:e5:32:0a:e0:00:
+        64:63:9c:7d:01:18:66:5a:7a:b1:d5:b4:24:9b:5e:8a:6b:a0:
+        25:eb:39:52:cd:12:61:d0:62:6c:19:e7:f5:ae:32:a3:aa:d5:
+        2f:05:fe:6f:cb:47:20:a0:32:1d:cb:88:96:59:ed:8e:69:dd:
+        cf:f0:6f:83:85:ff:0a:59:ef:80:94:16:99:a6:35:ee:a7:b8:
+        d4:e9:3c:4f:56:5b:77:0e:b5:bd:61:21:b9:93:ad:be:2c:55:
+        9b:bf:01:19
+-----BEGIN CERTIFICATE-----
+MIIDkjCCAnqgAwIBAgIQOx1uli4yhd6ZWmPdSRzrzDANBgkqhkiG9w0BAQsFADBj
+MQswCQYDVQQGEwJVUzESMBAGA1UECAwJV2FoaW5ndG9uMRAwDgYDVQQKDAdTZWF0
+dGxlMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZzc2wu
+Y29tMB4XDTI0MTAxMDAzNDQyM1oXDTM0MTAwODAzNDQyM1owYzELMAkGA1UEBhMC
+VVMxEjAQBgNVBAgMCVdhaGluZ3RvbjEQMA4GA1UECgwHU2VhdHRsZTEUMBIGA1UE
+CwwLRGV2ZWxvcG1lbnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBALxAQw7xjh4LOzb2fqpWd9Kn21VLFBBS
+2CQBWCYglf7mDcxl5/29HZk5J5dVeJs6W6rZIGNGXOuislABdjyvTuXX480Wl/hR
+CvvTJojXE7xUCUL/OYWqYTnMjw6OpsfgKTyvrJoz5k80zbRUKW+SggDOUadV7q/O
+Iek24acNdd8y1g4V42Z4IUF7ztWc6MUJlH6Ee1kqZGuRS0v3DfRQko/1Aw1zIExO
+e6CNyl+UzzYc5uG7FEGQFmgCQVOSxsRs061WBSJKrpoq3vzq2JmiWmUv/kOuK+mU
+cK413I8TcmG/uvxIt6HtXKxcnEvFTUnahmV3NLu6rm5M+X32woKQnOECAwEAAaNC
+MEAwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEnL
+AL+srUsYLNtpIR5g7wBO/GlSMA0GCSqGSIb3DQEBCwUAA4IBAQAkHM+2PiBumeg2
+s34tZw3LtRxp/1q7Cy9S/dY+c1yiR46NHfyW5+DK5rY9r/rxd3fmLmfmRNeENs7c
+yz49v7yLSFMw+r9DgVvgo6fbRMIpzUyKaOi5Pl3r5AYXbd7PdulaahYn+G+WQ4pP
+Zb468n79rVWTrawAtLXzhbDXg22r0I8aIzbhH8SdVOjuIM252lanklqlvTbFouqs
+BiSY5TIK4ABkY5x9ARhmWnqx1bQkm16Ka6Al6zlSzRJh0GJsGef1rjKjqtUvBf5v
+y0cgoDIdy4iWWe2Oad3P8G+Dhf8KWe+AlBaZpjXup7jU6TxPVlt3DrW9YSG5k62+
+LFWbvwEZ
+-----END CERTIFICATE-----