Skip to content

Codecrew / Moya

Go to a project
Commit b8c333b4 by Juho Juopperi
Options

ca

1 parent 1b722339
Inline Side-by-side
Showing with 1276 additions and 0 deletions
ca/ca-master/ca-master.crt 0 → 100644
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=FI, ST=Tampere, O=Bortal, CN=CA
Validity
Not Before: Jan 1 00:00:00 1970 GMT
Not After : Mar 23 16:55:49 2072 GMT
Subject: C=FI, ST=Tampere, O=Bortal, CN=CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:f7:fa:8f:54:32:02:aa:16:91:a2:25:6f:33:ed:
9e:83:7f:2c:01:9c:d2:8a:90:73:14:b0:01:ec:e0:
49:16:a0:fa:9a:d7:e9:bf:af:79:ac:ad:06:59:c1:
df:c3:5c:8a:4e:63:c0:55:5c:df:14:f7:f4:39:46:
ff:4f:ff:a4:43:97:67:db:b8:4f:fc:92:ed:8b:de:
0b:78:d7:fe:56:94:a5:64:3d:60:4c:01:73:54:87:
b6:6c:10:2c:37:dd:2d:6b:5c:c9:28:e8:6d:2b:58:
3d:f7:ec:00:a2:0a:92:55:c8:10:cf:85:67:dc:10:
0e:bb:5e:b9:df:0c:72:5e:28:48:33:42:e6:6c:3e:
e8:62:50:fe:f3:40:9f:6a:5d:30:ef:f1:60:b3:a6:
02:46:32:78:51:94:bd:8b:80:50:8f:e2:ca:60:07:
66:29:52:68:5a:08:a8:8c:74:70:20:3d:50:d4:29:
90:56:73:48:19:75:ef:23:ae:ba:7f:59:66:a2:8b:
73:c8:31:2b:01:04:7a:99:d6:21:f0:38:01:7b:f2:
b1:0a:a9:d0:64:dd:86:f7:95:0a:07:4e:90:1c:91:
28:3f:44:7d:6f:47:46:25:83:a7:6e:88:af:20:64:
4c:16:37:1f:20:3d:c9:02:0b:f8:b3:f9:a2:42:71:
df:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Bortal Certificate
X509v3 Subject Key Identifier:
A4:0A:2A:12:07:EC:CE:10:E4:4C:5E:B6:79:83:18:3B:15:3F:50:DB
X509v3 Authority Key Identifier:
keyid:A4:0A:2A:12:07:EC:CE:10:E4:4C:5E:B6:79:83:18:3B:15:3F:50:DB
Signature Algorithm: sha1WithRSAEncryption
f7:cc:50:5a:f9:fe:d4:69:1a:6e:90:fb:dd:ec:4d:42:e8:c1:
2c:08:69:b5:8d:69:ad:2e:63:94:33:93:35:69:37:73:87:18:
f1:27:68:54:69:63:18:21:3f:0a:9c:6d:da:cb:e6:fc:5e:0a:
21:db:d1:19:7e:4a:28:3c:d8:32:23:c8:3f:86:0b:40:bb:df:
a8:3c:c7:97:95:bc:26:bf:68:ae:d7:39:a8:fd:2f:58:82:d2:
be:6d:2e:1a:66:05:dd:76:af:8e:50:da:c1:a9:83:46:6f:c8:
30:ea:0a:f3:06:f2:73:f1:81:1c:eb:35:c5:3f:8c:0a:2c:ef:
ed:f5:53:d0:5c:4d:01:da:51:fc:95:26:9b:3a:93:ac:90:61:
35:f3:b4:2f:ee:3c:9b:0b:e7:b7:01:dc:d3:7a:aa:4e:43:d3:
d9:a5:59:a0:5c:7d:df:1a:a0:01:cf:0f:f5:ec:69:17:af:4d:
e3:da:ac:04:c3:ea:30:78:91:09:1b:55:af:ef:f6:61:4b:14:
e7:5b:5a:fc:55:26:f4:72:86:fa:46:6f:2b:73:4f:ba:da:af:
dd:92:3f:d4:2d:71:e4:64:11:8f:3b:9f:7d:17:22:b6:a4:e6:
88:03:df:f6:10:2f:b3:6d:bb:05:52:c8:cf:12:49:a4:a1:28:
6c:67:ca:16
-----BEGIN CERTIFICATE-----
MIIDZzCCAk+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA9MQswCQYDVQQGEwJGSTEQ
MA4GA1UECBMHVGFtcGVyZTEPMA0GA1UEChMGQm9ydGFsMQswCQYDVQQDEwJDQTAg
Fw03MDAxMDEwMDAwMDBaGA8yMDcyMDMyMzE2NTU0OVowPTELMAkGA1UEBhMCRkkx
EDAOBgNVBAgTB1RhbXBlcmUxDzANBgNVBAoTBkJvcnRhbDELMAkGA1UEAxMCQ0Ew
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD3+o9UMgKqFpGiJW8z7Z6D
fywBnNKKkHMUsAHs4EkWoPqa1+m/r3msrQZZwd/DXIpOY8BVXN8U9/Q5Rv9P/6RD
l2fbuE/8ku2L3gt41/5WlKVkPWBMAXNUh7ZsECw33S1rXMko6G0rWD337ACiCpJV
yBDPhWfcEA67XrnfDHJeKEgzQuZsPuhiUP7zQJ9qXTDv8WCzpgJGMnhRlL2LgFCP
4spgB2YpUmhaCKiMdHAgPVDUKZBWc0gZde8jrrp/WWaii3PIMSsBBHqZ1iHwOAF7
8rEKqdBk3Yb3lQoHTpAckSg/RH1vR0Ylg6duiK8gZEwWNx8gPckCC/iz+aJCcd8l
AgMBAAGjcDBuMAkGA1UdEwQCMAAwIQYJYIZIAYb4QgENBBQWEkJvcnRhbCBDZXJ0
aWZpY2F0ZTAdBgNVHQ4EFgQUpAoqEgfszhDkTF62eYMYOxU/UNswHwYDVR0jBBgw
FoAUpAoqEgfszhDkTF62eYMYOxU/UNswDQYJKoZIhvcNAQEFBQADggEBAPfMUFr5
/tRpGm6Q+93sTULowSwIabWNaa0uY5QzkzVpN3OHGPEnaFRpYxghPwqcbdrL5vxe
CiHb0Rl+Sig82DIjyD+GC0C736g8x5eVvCa/aK7XOaj9L1iC0r5tLhpmBd12r45Q
2sGpg0ZvyDDqCvMG8nPxgRzrNcU/jAos7+31U9BcTQHaUfyVJps6k6yQYTXztC/u
PJsL57cB3NN6qk5D09mlWaBcfd8aoAHPD/XsaRevTeParATD6jB4kQkbVa/v9mFL
FOdbWvxVJvRyhvpGbytzT7rar92SP9QtceRkEY87n30XIrak5ogD3/YQL7NtuwVS
yM8SSaShKGxnyhY=
-----END CERTIFICATE-----
ca/ca-master/ca-master.der 0 → 100644
No preview for this file type
ca/ca-master/certs/s1as.crt 0 → 100644
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=FI, ST=Tampere, O=Bortal, CN=CA
Validity
Not Before: Jan 1 00:00:00 1970 GMT
Not After : Mar 23 16:55:50 2072 GMT
Subject: C=FI, ST=Tampere, O=Bortal, CN=bortal-server
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:b9:02:7a:17:2e:51:7e:ae:f4:c8:63:f0:f2:cb:
48:55:26:15:ce:9c:f3:92:ed:24:73:6f:77:54:60:
14:4b:85:52:e3:b4:8a:94:5c:1c:a8:dc:6b:98:6d:
4d:bc:fc:76:24:20:e6:fc:54:49:c9:16:79:86:b1:
74:2f:0e:d2:13:16:64:3a:fc:b4:3e:95:94:34:87:
a9:f4:95:cb:96:d4:86:31:e9:10:be:b5:05:18:39:
f2:90:d2:59:52:87:90:2b:dc:88:a7:24:f3:55:48:
f9:93:66:93:85:84:61:ac:85:27:4c:79:bd:47:5f:
0d:67:e5:c7:ee:ce:16:35:c9:ba:d2:16:1e:22:01:
83:4a:50:21:c2:63:cb:b2:19:ad:e2:1a:f5:28:01:
18:65:dc:93:1a:68:66:45:5b:73:d2:f7:23:bb:1d:
e0:6a:8e:3b:44:db:8c:9f:07:36:fc:38:dd:f5:a8:
a6:b1:c4:c6:77:f8:be:ec:2e:f9:58:9c:e8:66:7d:
58:bc:c8:41:e0:9b:bd:32:4e:b8:31:b3:e9:2d:30:
e1:1a:2c:04:45:65:4d:3c:0f:60:61:9c:5c:74:d7:
df:fc:0d:05:32:f9:fb:a7:21:38:05:3b:07:58:a6:
81:20:80:b2:0b:23:bc:05:05:7f:d7:66:33:9c:12:
b1:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Netscape Comment:
Server certificate
X509v3 Subject Key Identifier:
53:BF:90:D6:8C:E7:D1:FA:33:AF:D3:DE:B2:55:3C:73:17:FA:50:8A
X509v3 Authority Key Identifier:
keyid:A4:0A:2A:12:07:EC:CE:10:E4:4C:5E:B6:79:83:18:3B:15:3F:50:DB
Signature Algorithm: sha1WithRSAEncryption
7d:a2:a3:b2:b0:7f:37:df:8a:7d:75:62:e7:1e:89:a8:7f:58:
cc:84:c2:00:2c:f7:e1:37:8f:4d:b0:0e:ab:ef:51:c7:b8:07:
24:95:18:98:a7:69:fc:d7:ee:57:82:aa:0c:c4:e4:e2:dc:88:
02:47:58:de:cf:2a:f2:11:8c:5a:79:f6:ce:33:40:93:01:f1:
18:7e:6b:07:c0:10:37:a5:a4:bd:5e:8d:b2:c5:ab:50:19:27:
8a:3c:d3:6e:08:ec:27:de:7d:39:1e:20:b8:20:75:f4:41:dd:
5c:6c:c5:75:18:e4:62:ab:c8:84:92:db:66:a8:dc:69:29:d3:
aa:06:cf:86:7d:12:f0:20:66:9a:f7:8e:d8:77:62:47:9a:d4:
37:49:5c:80:eb:f4:5b:04:2e:60:d3:dd:96:00:db:09:5d:2a:
eb:25:95:48:6b:3d:e1:57:ad:e9:ba:26:d6:fb:c3:31:13:48:
a4:4e:47:9d:c1:40:64:39:64:35:4b:52:6f:ea:51:28:65:3d:
32:e2:6f:38:1d:2d:ec:f9:69:aa:92:8b:66:a8:00:4e:dc:f2:
81:ea:ff:94:b3:2d:bd:a4:cf:1c:6c:42:7d:e4:c5:24:27:0d:
c2:0d:b5:b0:46:89:df:08:76:94:86:64:64:90:a3:95:79:5a:
d2:0d:70:3a
-----BEGIN CERTIFICATE-----
MIIDhzCCAm+gAwIBAgIBATANBgkqhkiG9w0BAQUFADA9MQswCQYDVQQGEwJGSTEQ
MA4GA1UECBMHVGFtcGVyZTEPMA0GA1UEChMGQm9ydGFsMQswCQYDVQQDEwJDQTAg
Fw03MDAxMDEwMDAwMDBaGA8yMDcyMDMyMzE2NTU1MFowSDELMAkGA1UEBhMCRkkx
EDAOBgNVBAgTB1RhbXBlcmUxDzANBgNVBAoTBkJvcnRhbDEWMBQGA1UEAxMNYm9y
dGFsLXNlcnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALkCehcu
UX6u9Mhj8PLLSFUmFc6c85LtJHNvd1RgFEuFUuO0ipRcHKjca5htTbz8diQg5vxU
SckWeYaxdC8O0hMWZDr8tD6VlDSHqfSVy5bUhjHpEL61BRg58pDSWVKHkCvciKck
81VI+ZNmk4WEYayFJ0x5vUdfDWflx+7OFjXJutIWHiIBg0pQIcJjy7IZreIa9SgB
GGXckxpoZkVbc9L3I7sd4GqOO0TbjJ8HNvw43fWoprHExnf4vuwu+Vic6GZ9WLzI
QeCbvTJOuDGz6S0w4RosBEVlTTwPYGGcXHTX3/wNBTL5+6chOAU7B1imgSCAsgsj
vAUFf9dmM5wSsZsCAwEAAaOBhDCBgTAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQE
AwIGQDAhBglghkgBhvhCAQ0EFBYSU2VydmVyIGNlcnRpZmljYXRlMB0GA1UdDgQW
BBRTv5DWjOfR+jOv096yVTxzF/pQijAfBgNVHSMEGDAWgBSkCioSB+zOEORMXrZ5
gxg7FT9Q2zANBgkqhkiG9w0BAQUFAAOCAQEAfaKjsrB/N9+KfXVi5x6JqH9YzITC
ACz34TePTbAOq+9Rx7gHJJUYmKdp/NfuV4KqDMTk4tyIAkdY3s8q8hGMWnn2zjNA
kwHxGH5rB8AQN6WkvV6NssWrUBknijzTbgjsJ959OR4guCB19EHdXGzFdRjkYqvI
hJLbZqjcaSnTqgbPhn0S8CBmmveO2HdiR5rUN0lcgOv0WwQuYNPdlgDbCV0q6yWV
SGs94Vet6bom1vvDMRNIpE5HncFAZDlkNUtSb+pRKGU9MuJvOB0t7PlpqpKLZqgA
Ttzyger/lLMtvaTPHGxCfeTFJCcNwg21sEaJ3wh2lIZkZJCjlXla0g1wOg==
-----END CERTIFICATE-----
ca/ca-master/certs/s1as.p12 0 → 100644
No preview for this file type
ca/ca-master/certs/terminal.crt 0 → 100644
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=FI, ST=Tampere, O=Bortal, CN=CA
Validity
Not Before: Jan 1 00:00:00 1970 GMT
Not After : Mar 23 16:55:51 2072 GMT
Subject: C=FI, ST=Tampere, O=Bortal, CN=terminal
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:c9:1d:16:b7:d3:f9:07:84:a8:e1:82:4c:e1:13:
c8:cf:58:fe:23:b6:8f:73:3c:90:df:b8:24:8b:b6:
d4:89:39:69:71:10:9e:1b:57:16:8a:ec:c0:78:b2:
a2:c5:ad:30:5e:b0:74:43:9b:56:3c:b6:4d:37:65:
d4:05:82:27:4c:c5:7d:0c:bb:8c:bf:d4:f2:46:de:
f6:c9:e7:5e:f2:27:48:a7:2d:3a:ed:8a:55:09:4f:
3a:45:cc:b6:b5:c1:b1:61:a2:74:b5:3d:8b:2a:cf:
e1:a0:4f:86:c4:99:63:bb:ec:5c:27:ef:20:a5:de:
1d:20:9a:b3:19:94:5c:1c:1d:25:ac:26:ac:4a:3f:
48:a3:30:76:4f:c1:81:99:59:0a:af:e4:cd:f6:bb:
ba:2e:97:32:1d:e9:ea:59:49:ad:99:5d:a5:d7:8a:
db:8a:41:33:dd:4e:54:ef:f8:ca:80:15:22:c6:e9:
d5:33:15:7c:fe:f2:21:3f:a2:b7:7f:1a:96:c2:82:
75:19:2a:28:c5:11:72:cc:f3:eb:2d:ca:31:e8:59:
c4:09:79:38:01:dc:fa:75:6e:23:be:e8:a7:bd:cd:
aa:3f:0f:c7:71:26:2c:48:b5:41:8e:91:91:61:2d:
39:98:f1:b1:9c:ce:b1:0d:9b:d0:c8:7e:15:d1:d4:
28:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Client
Netscape Comment:
Client certificate
X509v3 Subject Key Identifier:
0E:D4:56:4E:A6:62:B1:29:36:A0:12:50:4B:FC:B9:3E:92:54:59:52
X509v3 Authority Key Identifier:
keyid:A4:0A:2A:12:07:EC:CE:10:E4:4C:5E:B6:79:83:18:3B:15:3F:50:DB
Signature Algorithm: sha1WithRSAEncryption
73:84:1b:a8:2f:de:7d:22:d4:fa:3a:8a:1c:6e:01:73:fa:6e:
6c:8c:64:95:fa:89:34:c4:ad:83:4a:72:da:0c:bc:4d:86:ba:
5e:a9:c6:73:c9:50:27:ca:31:6a:e8:1d:1b:a6:32:f3:53:f8:
c1:a7:c7:58:e2:4c:64:65:33:ce:78:56:cf:13:75:6d:9d:7f:
d0:3e:a9:08:05:f2:d5:3d:6b:9c:bb:9f:12:96:e3:2a:76:98:
0c:e1:ee:1d:87:93:be:50:66:3f:20:17:93:67:68:b9:54:46:
ba:20:8e:5f:3a:f1:03:16:22:80:4f:90:97:fc:5b:2e:1f:a6:
b0:5b:a2:31:50:90:83:86:86:77:26:a1:19:c8:a0:30:ec:ef:
35:6b:b1:ed:e0:4b:b4:17:31:e6:e1:72:16:9e:24:01:6c:fe:
a2:9e:ad:6d:7c:57:c4:4e:9e:25:bd:ee:bc:e9:78:05:5a:16:
a3:e0:22:4a:66:cf:2c:4a:05:fe:24:ae:78:5d:1e:52:9e:07:
aa:de:bf:7d:31:1c:cc:86:1f:a4:a2:3a:6c:22:60:5a:fc:86:
47:c6:b3:73:9d:37:82:a5:15:ab:04:a7:4d:8a:94:58:27:d0:
7c:f8:e8:98:b6:95:c7:21:e3:17:2a:ce:dc:98:6a:90:07:7d:
63:df:27:62
-----BEGIN CERTIFICATE-----
MIIDgjCCAmqgAwIBAgIBAjANBgkqhkiG9w0BAQUFADA9MQswCQYDVQQGEwJGSTEQ
MA4GA1UECBMHVGFtcGVyZTEPMA0GA1UEChMGQm9ydGFsMQswCQYDVQQDEwJDQTAg
Fw03MDAxMDEwMDAwMDBaGA8yMDcyMDMyMzE2NTU1MVowQzELMAkGA1UEBhMCRkkx
EDAOBgNVBAgTB1RhbXBlcmUxDzANBgNVBAoTBkJvcnRhbDERMA8GA1UEAxMIdGVy
bWluYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJHRa30/kHhKjh
gkzhE8jPWP4jto9zPJDfuCSLttSJOWlxEJ4bVxaK7MB4sqLFrTBesHRDm1Y8tk03
ZdQFgidMxX0Mu4y/1PJG3vbJ517yJ0inLTrtilUJTzpFzLa1wbFhonS1PYsqz+Gg
T4bEmWO77Fwn7yCl3h0gmrMZlFwcHSWsJqxKP0ijMHZPwYGZWQqv5M32u7oulzId
6epZSa2ZXaXXituKQTPdTlTv+MqAFSLG6dUzFXz+8iE/ord/GpbCgnUZKijFEXLM
8+styjHoWcQJeTgB3Pp1biO+6Ke9zao/D8dxJixItUGOkZFhLTmY8bGczrENm9DI
fhXR1CgHAgMBAAGjgYQwgYEwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCB4Aw
IQYJYIZIAYb4QgENBBQWEkNsaWVudCBjZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUDtRW
TqZisSk2oBJQS/y5PpJUWVIwHwYDVR0jBBgwFoAUpAoqEgfszhDkTF62eYMYOxU/
UNswDQYJKoZIhvcNAQEFBQADggEBAHOEG6gv3n0i1Po6ihxuAXP6bmyMZJX6iTTE
rYNKctoMvE2Gul6pxnPJUCfKMWroHRumMvNT+MGnx1jiTGRlM854Vs8TdW2df9A+
qQgF8tU9a5y7nxKW4yp2mAzh7h2Hk75QZj8gF5NnaLlURrogjl868QMWIoBPkJf8
Wy4fprBbojFQkIOGhncmoRnIoDDs7zVrse3gS7QXMebhchaeJAFs/qKerW18V8RO
niW97rzpeAVaFqPgIkpmzyxKBf4krnhdHlKeB6rev30xHMyGH6SiOmwiYFr8hkfG
s3OdN4KlFasEp02KlFgn0Hz46Ji2lcch4xcqztyYapAHfWPfJ2I=
-----END CERTIFICATE-----
ca/ca-master/certs/terminal.p12 0 → 100644
No preview for this file type
ca/ca-master/index.txt 0 → 100644
V 20720323165549Z 00 unknown /C=FI/ST=Tampere/O=Bortal/CN=CA
V 20720323165550Z 01 unknown /C=FI/ST=Tampere/O=Bortal/CN=bortal-server
V 20720323165551Z 02 unknown /C=FI/ST=Tampere/O=Bortal/CN=terminal
ca/ca-master/index.txt.attr 0 → 100644
unique_subject = yes
ca/ca-master/index.txt.old 0 → 100644
V 20720323165549Z 00 unknown /C=FI/ST=Tampere/O=Bortal/CN=CA
V 20720323165550Z 01 unknown /C=FI/ST=Tampere/O=Bortal/CN=bortal-server
ca/ca-master/newcerts/00.pem 0 → 100644
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=FI, ST=Tampere, O=Bortal, CN=CA
Validity
Not Before: Jan 1 00:00:00 1970 GMT
Not After : Mar 23 16:55:49 2072 GMT
Subject: C=FI, ST=Tampere, O=Bortal, CN=CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:f7:fa:8f:54:32:02:aa:16:91:a2:25:6f:33:ed:
9e:83:7f:2c:01:9c:d2:8a:90:73:14:b0:01:ec:e0:
49:16:a0:fa:9a:d7:e9:bf:af:79:ac:ad:06:59:c1:
df:c3:5c:8a:4e:63:c0:55:5c:df:14:f7:f4:39:46:
ff:4f:ff:a4:43:97:67:db:b8:4f:fc:92:ed:8b:de:
0b:78:d7:fe:56:94:a5:64:3d:60:4c:01:73:54:87:
b6:6c:10:2c:37:dd:2d:6b:5c:c9:28:e8:6d:2b:58:
3d:f7:ec:00:a2:0a:92:55:c8:10:cf:85:67:dc:10:
0e:bb:5e:b9:df:0c:72:5e:28:48:33:42:e6:6c:3e:
e8:62:50:fe:f3:40:9f:6a:5d:30:ef:f1:60:b3:a6:
02:46:32:78:51:94:bd:8b:80:50:8f:e2:ca:60:07:
66:29:52:68:5a:08:a8:8c:74:70:20:3d:50:d4:29:
90:56:73:48:19:75:ef:23:ae:ba:7f:59:66:a2:8b:
73:c8:31:2b:01:04:7a:99:d6:21:f0:38:01:7b:f2:
b1:0a:a9:d0:64:dd:86:f7:95:0a:07:4e:90:1c:91:
28:3f:44:7d:6f:47:46:25:83:a7:6e:88:af:20:64:
4c:16:37:1f:20:3d:c9:02:0b:f8:b3:f9:a2:42:71:
df:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Bortal Certificate
X509v3 Subject Key Identifier:
A4:0A:2A:12:07:EC:CE:10:E4:4C:5E:B6:79:83:18:3B:15:3F:50:DB
X509v3 Authority Key Identifier:
keyid:A4:0A:2A:12:07:EC:CE:10:E4:4C:5E:B6:79:83:18:3B:15:3F:50:DB
Signature Algorithm: sha1WithRSAEncryption
f7:cc:50:5a:f9:fe:d4:69:1a:6e:90:fb:dd:ec:4d:42:e8:c1:
2c:08:69:b5:8d:69:ad:2e:63:94:33:93:35:69:37:73:87:18:
f1:27:68:54:69:63:18:21:3f:0a:9c:6d:da:cb:e6:fc:5e:0a:
21:db:d1:19:7e:4a:28:3c:d8:32:23:c8:3f:86:0b:40:bb:df:
a8:3c:c7:97:95:bc:26:bf:68:ae:d7:39:a8:fd:2f:58:82:d2:
be:6d:2e:1a:66:05:dd:76:af:8e:50:da:c1:a9:83:46:6f:c8:
30:ea:0a:f3:06:f2:73:f1:81:1c:eb:35:c5:3f:8c:0a:2c:ef:
ed:f5:53:d0:5c:4d:01:da:51:fc:95:26:9b:3a:93:ac:90:61:
35:f3:b4:2f:ee:3c:9b:0b:e7:b7:01:dc:d3:7a:aa:4e:43:d3:
d9:a5:59:a0:5c:7d:df:1a:a0:01:cf:0f:f5:ec:69:17:af:4d:
e3:da:ac:04:c3:ea:30:78:91:09:1b:55:af:ef:f6:61:4b:14:
e7:5b:5a:fc:55:26:f4:72:86:fa:46:6f:2b:73:4f:ba:da:af:
dd:92:3f:d4:2d:71:e4:64:11:8f:3b:9f:7d:17:22:b6:a4:e6:
88:03:df:f6:10:2f:b3:6d:bb:05:52:c8:cf:12:49:a4:a1:28:
6c:67:ca:16
-----BEGIN CERTIFICATE-----
MIIDZzCCAk+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA9MQswCQYDVQQGEwJGSTEQ
MA4GA1UECBMHVGFtcGVyZTEPMA0GA1UEChMGQm9ydGFsMQswCQYDVQQDEwJDQTAg
Fw03MDAxMDEwMDAwMDBaGA8yMDcyMDMyMzE2NTU0OVowPTELMAkGA1UEBhMCRkkx
EDAOBgNVBAgTB1RhbXBlcmUxDzANBgNVBAoTBkJvcnRhbDELMAkGA1UEAxMCQ0Ew
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD3+o9UMgKqFpGiJW8z7Z6D
fywBnNKKkHMUsAHs4EkWoPqa1+m/r3msrQZZwd/DXIpOY8BVXN8U9/Q5Rv9P/6RD
l2fbuE/8ku2L3gt41/5WlKVkPWBMAXNUh7ZsECw33S1rXMko6G0rWD337ACiCpJV
yBDPhWfcEA67XrnfDHJeKEgzQuZsPuhiUP7zQJ9qXTDv8WCzpgJGMnhRlL2LgFCP
4spgB2YpUmhaCKiMdHAgPVDUKZBWc0gZde8jrrp/WWaii3PIMSsBBHqZ1iHwOAF7
8rEKqdBk3Yb3lQoHTpAckSg/RH1vR0Ylg6duiK8gZEwWNx8gPckCC/iz+aJCcd8l
AgMBAAGjcDBuMAkGA1UdEwQCMAAwIQYJYIZIAYb4QgENBBQWEkJvcnRhbCBDZXJ0
aWZpY2F0ZTAdBgNVHQ4EFgQUpAoqEgfszhDkTF62eYMYOxU/UNswHwYDVR0jBBgw
FoAUpAoqEgfszhDkTF62eYMYOxU/UNswDQYJKoZIhvcNAQEFBQADggEBAPfMUFr5
/tRpGm6Q+93sTULowSwIabWNaa0uY5QzkzVpN3OHGPEnaFRpYxghPwqcbdrL5vxe
CiHb0Rl+Sig82DIjyD+GC0C736g8x5eVvCa/aK7XOaj9L1iC0r5tLhpmBd12r45Q
2sGpg0ZvyDDqCvMG8nPxgRzrNcU/jAos7+31U9BcTQHaUfyVJps6k6yQYTXztC/u
PJsL57cB3NN6qk5D09mlWaBcfd8aoAHPD/XsaRevTeParATD6jB4kQkbVa/v9mFL
FOdbWvxVJvRyhvpGbytzT7rar92SP9QtceRkEY87n30XIrak5ogD3/YQL7NtuwVS
yM8SSaShKGxnyhY=
-----END CERTIFICATE-----
ca/ca-master/newcerts/01.pem 0 → 100644
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=FI, ST=Tampere, O=Bortal, CN=CA
Validity
Not Before: Jan 1 00:00:00 1970 GMT
Not After : Mar 23 16:55:50 2072 GMT
Subject: C=FI, ST=Tampere, O=Bortal, CN=bortal-server
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:b9:02:7a:17:2e:51:7e:ae:f4:c8:63:f0:f2:cb:
48:55:26:15:ce:9c:f3:92:ed:24:73:6f:77:54:60:
14:4b:85:52:e3:b4:8a:94:5c:1c:a8:dc:6b:98:6d:
4d:bc:fc:76:24:20:e6:fc:54:49:c9:16:79:86:b1:
74:2f:0e:d2:13:16:64:3a:fc:b4:3e:95:94:34:87:
a9:f4:95:cb:96:d4:86:31:e9:10:be:b5:05:18:39:
f2:90:d2:59:52:87:90:2b:dc:88:a7:24:f3:55:48:
f9:93:66:93:85:84:61:ac:85:27:4c:79:bd:47:5f:
0d:67:e5:c7:ee:ce:16:35:c9:ba:d2:16:1e:22:01:
83:4a:50:21:c2:63:cb:b2:19:ad:e2:1a:f5:28:01:
18:65:dc:93:1a:68:66:45:5b:73:d2:f7:23:bb:1d:
e0:6a:8e:3b:44:db:8c:9f:07:36:fc:38:dd:f5:a8:
a6:b1:c4:c6:77:f8:be:ec:2e:f9:58:9c:e8:66:7d:
58:bc:c8:41:e0:9b:bd:32:4e:b8:31:b3:e9:2d:30:
e1:1a:2c:04:45:65:4d:3c:0f:60:61:9c:5c:74:d7:
df:fc:0d:05:32:f9:fb:a7:21:38:05:3b:07:58:a6:
81:20:80:b2:0b:23:bc:05:05:7f:d7:66:33:9c:12:
b1:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Netscape Comment:
Server certificate
X509v3 Subject Key Identifier:
53:BF:90:D6:8C:E7:D1:FA:33:AF:D3:DE:B2:55:3C:73:17:FA:50:8A
X509v3 Authority Key Identifier:
keyid:A4:0A:2A:12:07:EC:CE:10:E4:4C:5E:B6:79:83:18:3B:15:3F:50:DB
Signature Algorithm: sha1WithRSAEncryption
7d:a2:a3:b2:b0:7f:37:df:8a:7d:75:62:e7:1e:89:a8:7f:58:
cc:84:c2:00:2c:f7:e1:37:8f:4d:b0:0e:ab:ef:51:c7:b8:07:
24:95:18:98:a7:69:fc:d7:ee:57:82:aa:0c:c4:e4:e2:dc:88:
02:47:58:de:cf:2a:f2:11:8c:5a:79:f6:ce:33:40:93:01:f1:
18:7e:6b:07:c0:10:37:a5:a4:bd:5e:8d:b2:c5:ab:50:19:27:
8a:3c:d3:6e:08:ec:27:de:7d:39:1e:20:b8:20:75:f4:41:dd:
5c:6c:c5:75:18:e4:62:ab:c8:84:92:db:66:a8:dc:69:29:d3:
aa:06:cf:86:7d:12:f0:20:66:9a:f7:8e:d8:77:62:47:9a:d4:
37:49:5c:80:eb:f4:5b:04:2e:60:d3:dd:96:00:db:09:5d:2a:
eb:25:95:48:6b:3d:e1:57:ad:e9:ba:26:d6:fb:c3:31:13:48:
a4:4e:47:9d:c1:40:64:39:64:35:4b:52:6f:ea:51:28:65:3d:
32:e2:6f:38:1d:2d:ec:f9:69:aa:92:8b:66:a8:00:4e:dc:f2:
81:ea:ff:94:b3:2d:bd:a4:cf:1c:6c:42:7d:e4:c5:24:27:0d:
c2:0d:b5:b0:46:89:df:08:76:94:86:64:64:90:a3:95:79:5a:
d2:0d:70:3a
-----BEGIN CERTIFICATE-----
MIIDhzCCAm+gAwIBAgIBATANBgkqhkiG9w0BAQUFADA9MQswCQYDVQQGEwJGSTEQ
MA4GA1UECBMHVGFtcGVyZTEPMA0GA1UEChMGQm9ydGFsMQswCQYDVQQDEwJDQTAg
Fw03MDAxMDEwMDAwMDBaGA8yMDcyMDMyMzE2NTU1MFowSDELMAkGA1UEBhMCRkkx
EDAOBgNVBAgTB1RhbXBlcmUxDzANBgNVBAoTBkJvcnRhbDEWMBQGA1UEAxMNYm9y
dGFsLXNlcnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALkCehcu
UX6u9Mhj8PLLSFUmFc6c85LtJHNvd1RgFEuFUuO0ipRcHKjca5htTbz8diQg5vxU
SckWeYaxdC8O0hMWZDr8tD6VlDSHqfSVy5bUhjHpEL61BRg58pDSWVKHkCvciKck
81VI+ZNmk4WEYayFJ0x5vUdfDWflx+7OFjXJutIWHiIBg0pQIcJjy7IZreIa9SgB
GGXckxpoZkVbc9L3I7sd4GqOO0TbjJ8HNvw43fWoprHExnf4vuwu+Vic6GZ9WLzI
QeCbvTJOuDGz6S0w4RosBEVlTTwPYGGcXHTX3/wNBTL5+6chOAU7B1imgSCAsgsj
vAUFf9dmM5wSsZsCAwEAAaOBhDCBgTAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQE
AwIGQDAhBglghkgBhvhCAQ0EFBYSU2VydmVyIGNlcnRpZmljYXRlMB0GA1UdDgQW
BBRTv5DWjOfR+jOv096yVTxzF/pQijAfBgNVHSMEGDAWgBSkCioSB+zOEORMXrZ5
gxg7FT9Q2zANBgkqhkiG9w0BAQUFAAOCAQEAfaKjsrB/N9+KfXVi5x6JqH9YzITC
ACz34TePTbAOq+9Rx7gHJJUYmKdp/NfuV4KqDMTk4tyIAkdY3s8q8hGMWnn2zjNA
kwHxGH5rB8AQN6WkvV6NssWrUBknijzTbgjsJ959OR4guCB19EHdXGzFdRjkYqvI
hJLbZqjcaSnTqgbPhn0S8CBmmveO2HdiR5rUN0lcgOv0WwQuYNPdlgDbCV0q6yWV
SGs94Vet6bom1vvDMRNIpE5HncFAZDlkNUtSb+pRKGU9MuJvOB0t7PlpqpKLZqgA
Ttzyger/lLMtvaTPHGxCfeTFJCcNwg21sEaJ3wh2lIZkZJCjlXla0g1wOg==
-----END CERTIFICATE-----
ca/ca-master/newcerts/02.pem 0 → 100644
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=FI, ST=Tampere, O=Bortal, CN=CA
Validity
Not Before: Jan 1 00:00:00 1970 GMT
Not After : Mar 23 16:55:51 2072 GMT
Subject: C=FI, ST=Tampere, O=Bortal, CN=terminal
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:c9:1d:16:b7:d3:f9:07:84:a8:e1:82:4c:e1:13:
c8:cf:58:fe:23:b6:8f:73:3c:90:df:b8:24:8b:b6:
d4:89:39:69:71:10:9e:1b:57:16:8a:ec:c0:78:b2:
a2:c5:ad:30:5e:b0:74:43:9b:56:3c:b6:4d:37:65:
d4:05:82:27:4c:c5:7d:0c:bb:8c:bf:d4:f2:46:de:
f6:c9:e7:5e:f2:27:48:a7:2d:3a:ed:8a:55:09:4f:
3a:45:cc:b6:b5:c1:b1:61:a2:74:b5:3d:8b:2a:cf:
e1:a0:4f:86:c4:99:63:bb:ec:5c:27:ef:20:a5:de:
1d:20:9a:b3:19:94:5c:1c:1d:25:ac:26:ac:4a:3f:
48:a3:30:76:4f:c1:81:99:59:0a:af:e4:cd:f6:bb:
ba:2e:97:32:1d:e9:ea:59:49:ad:99:5d:a5:d7:8a:
db:8a:41:33:dd:4e:54:ef:f8:ca:80:15:22:c6:e9:
d5:33:15:7c:fe:f2:21:3f:a2:b7:7f:1a:96:c2:82:
75:19:2a:28:c5:11:72:cc:f3:eb:2d:ca:31:e8:59:
c4:09:79:38:01:dc:fa:75:6e:23:be:e8:a7:bd:cd:
aa:3f:0f:c7:71:26:2c:48:b5:41:8e:91:91:61:2d:
39:98:f1:b1:9c:ce:b1:0d:9b:d0:c8:7e:15:d1:d4:
28:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Client
Netscape Comment:
Client certificate
X509v3 Subject Key Identifier:
0E:D4:56:4E:A6:62:B1:29:36:A0:12:50:4B:FC:B9:3E:92:54:59:52
X509v3 Authority Key Identifier:
keyid:A4:0A:2A:12:07:EC:CE:10:E4:4C:5E:B6:79:83:18:3B:15:3F:50:DB
Signature Algorithm: sha1WithRSAEncryption
73:84:1b:a8:2f:de:7d:22:d4:fa:3a:8a:1c:6e:01:73:fa:6e:
6c:8c:64:95:fa:89:34:c4:ad:83:4a:72:da:0c:bc:4d:86:ba:
5e:a9:c6:73:c9:50:27:ca:31:6a:e8:1d:1b:a6:32:f3:53:f8:
c1:a7:c7:58:e2:4c:64:65:33:ce:78:56:cf:13:75:6d:9d:7f:
d0:3e:a9:08:05:f2:d5:3d:6b:9c:bb:9f:12:96:e3:2a:76:98:
0c:e1:ee:1d:87:93:be:50:66:3f:20:17:93:67:68:b9:54:46:
ba:20:8e:5f:3a:f1:03:16:22:80:4f:90:97:fc:5b:2e:1f:a6:
b0:5b:a2:31:50:90:83:86:86:77:26:a1:19:c8:a0:30:ec:ef:
35:6b:b1:ed:e0:4b:b4:17:31:e6:e1:72:16:9e:24:01:6c:fe:
a2:9e:ad:6d:7c:57:c4:4e:9e:25:bd:ee:bc:e9:78:05:5a:16:
a3:e0:22:4a:66:cf:2c:4a:05:fe:24:ae:78:5d:1e:52:9e:07:
aa:de:bf:7d:31:1c:cc:86:1f:a4:a2:3a:6c:22:60:5a:fc:86:
47:c6:b3:73:9d:37:82:a5:15:ab:04:a7:4d:8a:94:58:27:d0:
7c:f8:e8:98:b6:95:c7:21:e3:17:2a:ce:dc:98:6a:90:07:7d:
63:df:27:62
-----BEGIN CERTIFICATE-----
MIIDgjCCAmqgAwIBAgIBAjANBgkqhkiG9w0BAQUFADA9MQswCQYDVQQGEwJGSTEQ
MA4GA1UECBMHVGFtcGVyZTEPMA0GA1UEChMGQm9ydGFsMQswCQYDVQQDEwJDQTAg
Fw03MDAxMDEwMDAwMDBaGA8yMDcyMDMyMzE2NTU1MVowQzELMAkGA1UEBhMCRkkx
EDAOBgNVBAgTB1RhbXBlcmUxDzANBgNVBAoTBkJvcnRhbDERMA8GA1UEAxMIdGVy
bWluYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJHRa30/kHhKjh
gkzhE8jPWP4jto9zPJDfuCSLttSJOWlxEJ4bVxaK7MB4sqLFrTBesHRDm1Y8tk03
ZdQFgidMxX0Mu4y/1PJG3vbJ517yJ0inLTrtilUJTzpFzLa1wbFhonS1PYsqz+Gg
T4bEmWO77Fwn7yCl3h0gmrMZlFwcHSWsJqxKP0ijMHZPwYGZWQqv5M32u7oulzId
6epZSa2ZXaXXituKQTPdTlTv+MqAFSLG6dUzFXz+8iE/ord/GpbCgnUZKijFEXLM
8+styjHoWcQJeTgB3Pp1biO+6Ke9zao/D8dxJixItUGOkZFhLTmY8bGczrENm9DI
fhXR1CgHAgMBAAGjgYQwgYEwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCB4Aw
IQYJYIZIAYb4QgENBBQWEkNsaWVudCBjZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUDtRW
TqZisSk2oBJQS/y5PpJUWVIwHwYDVR0jBBgwFoAUpAoqEgfszhDkTF62eYMYOxU/
UNswDQYJKoZIhvcNAQEFBQADggEBAHOEG6gv3n0i1Po6ihxuAXP6bmyMZJX6iTTE
rYNKctoMvE2Gul6pxnPJUCfKMWroHRumMvNT+MGnx1jiTGRlM854Vs8TdW2df9A+
qQgF8tU9a5y7nxKW4yp2mAzh7h2Hk75QZj8gF5NnaLlURrogjl868QMWIoBPkJf8
Wy4fprBbojFQkIOGhncmoRnIoDDs7zVrse3gS7QXMebhchaeJAFs/qKerW18V8RO
niW97rzpeAVaFqPgIkpmzyxKBf4krnhdHlKeB6rev30xHMyGH6SiOmwiYFr8hkfG
s3OdN4KlFasEp02KlFgn0Hz46Ji2lcch4xcqztyYapAHfWPfJ2I=
-----END CERTIFICATE-----
ca/ca-master/private/ca-master.key 0 → 100644
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA9/qPVDICqhaRoiVvM+2eg38sAZzSipBzFLAB7OBJFqD6mtfp
v695rK0GWcHfw1yKTmPAVVzfFPf0OUb/T/+kQ5dn27hP/JLti94LeNf+VpSlZD1g
TAFzVIe2bBAsN90ta1zJKOhtK1g99+wAogqSVcgQz4Vn3BAOu1653wxyXihIM0Lm
bD7oYlD+80Cfal0w7/Fgs6YCRjJ4UZS9i4BQj+LKYAdmKVJoWgiojHRwID1Q1CmQ
VnNIGXXvI666f1lmootzyDErAQR6mdYh8DgBe/KxCqnQZN2G95UKB06QHJEoP0R9
b0dGJYOnboivIGRMFjcfID3JAgv4s/miQnHfJQIDAQABAoIBAQCT3fWvh+6sy65l
mJrZxRxbXu63u3KUK5RjxpwvSoJqmu00fgElSxZrz/TUetXaIYlbOwIKJMnlMAGS
UfKWGmMx5suIajxP6LD7URlYIrvHlvWUc0DDsa26vv4ZK/+iBCI8PeS5nvbR/Nle
x3yNI26k9hqIFA2dXHncYpzFEx/zYjdGBswfbUsQF47lK1QU8qDpGtnaanptxpi9
0mg1Y1RyDXIlKsKV6PUt7Fp4vavKZb8v/5OZEtjpTfP9m9XScv98ttupn0Sfc8ee
0Sskzk+Chqa0J9yhpLLe2BaKUAeGqP1mz5WFbeyzK3BoSvRoYQsfEqT4cyQIR33q
k7QzewuBAoGBAP2JSQgBgzwoILq234JrhJf8Vk4PGDaX4XHBoRFhKX5W7bjyBQTT
i5lpm0e4g/efKOvYILM87KdZw1eUbhbztaZnq9HJao4n6VmdHfPRcVgWhVeP+ATg
naJ7XlAs8XqNiSjHIp4D3J1UPqhQIcFzvdJD/kepZ234RQnY8pNuCN4hAoGBAPpj
cwaGtX+o0k0t9aHRgMwuS9WPooldfFETRoHyVSHVDsxn+FU2LamS8YGFwRQZYgz+
0f1v2Y/C8p4xH+1+9wg0s06xEf+BZOxrXUmgmPKrGB15k8EXRjlLmADa1o0CNg5y
HmYLsWT9UQAdwflOd0zPRObF2/rIt6KzoiMi13iFAoGBAKvO64GUXNVYMA23PTFJ
IPpJkkalbfgY5jpLR5XabN7jk4af4wzJOjGE4igw/qS/42Am/snXgFtLtddUi2Hc
Vv1kBYhNYHriyvviP9jo1lEmOcgDlMPhXpEr3tagDifJX+gVQf0oisjGvQsb+jP4
9epWDyuKvb9E3av1qzSC/VlhAoGAFMisg54q8q3QxxdJjGUXi9tL8C48D6ry5sfy
0laLOoO09sKqmmgk4i6QXW/81u5EdU+xnpfqN0S3Xuo0/EHNv6CgQafxFoRnHDjN
RY9PItWQ6uFsolqMObVMqMWBibLlSc2vOElAMGHWl2vg7hDVVkreLUm/ONHwbFD8
5G2/9QECgYEAqz3caaV3WeXE5iLMZIoAgfvLrgeiTNcw7soLvxjqm+BInXoY31hi
EHgI9tTqePmpDKLVZ+xOZYFt+uUM4DJHZ/dQ519YEcssvzdfYxeYMw5qgDPa6UTP
269332Ur+ci2Bn4vZoWTmKWOCTNDWLhbFcLzkZAMv5Q2nW2KCxvll1g=
-----END RSA PRIVATE KEY-----
ca/ca-master/private/s1as.key 0 → 100644
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAuQJ6Fy5Rfq70yGPw8stIVSYVzpzzku0kc293VGAUS4VS47SK
lFwcqNxrmG1NvPx2JCDm/FRJyRZ5hrF0Lw7SExZkOvy0PpWUNIep9JXLltSGMekQ
vrUFGDnykNJZUoeQK9yIpyTzVUj5k2aThYRhrIUnTHm9R18NZ+XH7s4WNcm60hYe
IgGDSlAhwmPLshmt4hr1KAEYZdyTGmhmRVtz0vcjux3gao47RNuMnwc2/Djd9aim
scTGd/i+7C75WJzoZn1YvMhB4Ju9Mk64MbPpLTDhGiwERWVNPA9gYZxcdNff/A0F
Mvn7pyE4BTsHWKaBIICyCyO8BQV/12YznBKxmwIDAQABAoIBAQCw2qVLM4PDzgtA
5AiYj6p9ewKtl2tfsEF/97XielXsO26ZLSSr3cGnyc0w0IvXdJ6aurkTzJ8cEtfo
4glmUoyOooD9wkOq7+HUtTrKC8eqT05Yt6rCItjT59Dwj6PDOMOgqhgXb0MM681o
Ek5C++FCwaZnfJhreXmfMBCHP4oLr0M45Wl+Fnh6vrNHr1LxR0QZNP6Y+gKlojMT
AbzuQ3GPUyHxkh+1HLXRAyoZpUbvaKG7wybiVSDBQake0gJQHFD8zXRuDrMausNK
HzQMvSG8cCrJqWdzZQUFdBWMvyJt51DQSjb2B42ZqgxeByPb6cuyMdu9mCl4mG6n
ofdTKYGBAoGBAN2367lVvvoD2zqB7NeyKtKzVZSeuW8f2QQP/Gyngey4NbgtDzHI
w54NadgwvmhPFPY5WUxKwzNG4jsFoGYe/dmWBe7iD+eX1G8N4VyCtzqlaUCq5ZY1
o87ThYmx3+UAKKh4gZfnVV5QkfYtOM6EE84oazoe+UOe+PKwC9j59G0jAoGBANWd
i+Zm2pYFA3E+0coe4cppFigFw2FbC/1ywB7zAdYCHs/c9LAbL650LeRNh+40HxhU
GugX+gLFde3qCsMTUEThRpn15+mozKyyOpB+1DeQG61nxZd+XM4ZECbn4SYZ3OQO
b0AudNa84fCTHYLL88qvpslbZWHv5cAu96H50t0pAoGAXcNA0aDcYZit5mE5isIS
8AXdBDvXiZH7UYd9JWn1POlt9lQ/37raVwWvJDkA3NXMtI/uHqBjSlUIqRMpEOa8
TX7vRWWeej8wHELPcjLpT8jR6QIck1hdzMKQ73kkiRB3IT/M9jNjW75Q672WD2e1
hHJ9XhfpK9qXxvICIKEb5+cCgYEAnkKMpXRKOZ8ZP8tUzjQ3ACj++0PZzsUPiwR7
BfLvx0fm4AVJWzepCcyVO3GdZYNEDlgxXwZ0eZ0lk9AzjPdAHufv0Jz45oniqYea
D/eG7mtbtgsNvwElbKPw7YIZsoqytltjXN+OPJHPqtazpHXJ9r5QCRoncHm1c77Y
RC68ZJECgYB9TO+pwciBn931UxWlZGCt0HGSnpSP6RHR0rM42NAEUV0p1hcsgRMF
2fKKg00TEcMfZbRA89NeYG56plFZ89G3SlkH3alUkv827fwjlTokPKs3KulOBqJe
HBNRc1VK0MfJjkXgsik6n4JbiYx1df35lvqn8OcNDI33RGQp1LduNQ==
-----END RSA PRIVATE KEY-----
ca/ca-master/private/terminal.key 0 → 100644
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAyR0Wt9P5B4So4YJM4RPIz1j+I7aPczyQ37gki7bUiTlpcRCe
G1cWiuzAeLKixa0wXrB0Q5tWPLZNN2XUBYInTMV9DLuMv9TyRt72yede8idIpy06
7YpVCU86Rcy2tcGxYaJ0tT2LKs/hoE+GxJlju+xcJ+8gpd4dIJqzGZRcHB0lrCas
Sj9IozB2T8GBmVkKr+TN9ru6LpcyHenqWUmtmV2l14rbikEz3U5U7/jKgBUixunV
MxV8/vIhP6K3fxqWwoJ1GSooxRFyzPPrLcox6FnECXk4Adz6dW4jvuinvc2qPw/H
cSYsSLVBjpGRYS05mPGxnM6xDZvQyH4V0dQoBwIDAQABAoIBACdLdLXkR+MNK4Ys
VGMh33mL9NP7hpnIerILo7Bcv7g0LIL38Tx8Tp5EVfL/TEh9Z1cI+R6AimAAaqPp
VHzjClS4vY8wUfblX5UzWVrnxyhfPpXTg5EIF0djYIpkzkpDFypxeIY1CS0LQxV0
lGtzYQZFz1fKJEHkXSKSt23HDBw9yO2N3j9Mk/VQGD/Ncwulvkc+yooZ4FKfbZkq
XSx2v4aiS5f4YOIpsnbdageXkP6VNqPS9Kxj1NLUZSEvYGWIZf3BW+8uN7SA7xKY
HVRUy1eqBxPuVj/w/tl6O/e7jeoLLoT5y7ffOU0i6Favpix7hlEImzl3+LiTibUg
mfbRDikCgYEA7U+RxE8U/Q7lHPmvjMRiE2hYmDLdWACyIx5E6BP3R8oc/z1KZHFk
EavGWcE7495DmiBU2Lu+5tc7vxbfAxi2WJsk5CYIZaGkwPIOzLyAi9q2Un2XcelV
4XE/HbsnC3dQ8rg0AEQUnT/INSvUeTjt8pONijJi74TV49n6Sa4opEsCgYEA2PO/
J1VA5riKA2RPg+8eZFtrJbGMKsp6hAqARsR5SF+ZiBG0qaqin7aU5fNjn8G96sBr
gy/GrbFVlQH9T4BOOI2J4AcuVvI7JH/tQdwaflwPd2zJKOlhmLeNTDpYMt1Tiq5g
c8uWe7w2NdZvBxTNAY6ZY1SvfFmvtWFNxtVCnbUCgYAmz2KJdl16XVs+996r6NoZ
TnFewsLMR6DaeXLPeaRxSy6e14k5EApLkYoo159RzuHDbRIzN9Eqs3yD7dufCAWa
TBUmcsngxSTKoUumVBW5yZUTvJJuALkY24p09EyYZXUJnPJ0MK4mYW3+tCJViOfx
SgxV05O2lETetKFoN2FSLQKBgAREXwkeAyXGkWhZq7qzlExzA9t8733T967rKfS6
XoxO3Q0xE/WWVpZ/l9QiAl6dB+g7GqI86VJ3P3Cr1lie9GrmVcTjP0UUhJdGMNtv
wdGka+V0bUxxsqq3SX8rUprFgaQjo+ADLBWI8SQD8LEZ9qJGNLwgaUcv2GXf4RC9
Fw9VAoGABiVn59gFCJ5vDiv/TnNC5YZHyJ0xLRHsSaAilpEcKh4A3oLMRH61Qi9X
AdjtgF3zvJZ4wvvGaIGwhjD2Rr+VZalCxy9+7AqRQ5rS2pkjMVJXo4xr+BUT1zeX
H1gmAJGwsMxVij/skcPsQ8VYLsJk4KGTogUFNx+673ZRI+AFdkA=
-----END RSA PRIVATE KEY-----
ca/ca-master/req/ca-master.csr 0 → 100644
-----BEGIN CERTIFICATE REQUEST-----
MIIClDCCAXwCAQAwTzELMAkGA1UEBhMCRkkxEDAOBgNVBAgTB1RhbXBlcmUxEDAO
BgNVBAcTB1RhbXBlcmUxDzANBgNVBAoTBkJvcnRhbDELMAkGA1UEAxMCQ0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD3+o9UMgKqFpGiJW8z7Z6DfywB
nNKKkHMUsAHs4EkWoPqa1+m/r3msrQZZwd/DXIpOY8BVXN8U9/Q5Rv9P/6RDl2fb
uE/8ku2L3gt41/5WlKVkPWBMAXNUh7ZsECw33S1rXMko6G0rWD337ACiCpJVyBDP
hWfcEA67XrnfDHJeKEgzQuZsPuhiUP7zQJ9qXTDv8WCzpgJGMnhRlL2LgFCP4spg
B2YpUmhaCKiMdHAgPVDUKZBWc0gZde8jrrp/WWaii3PIMSsBBHqZ1iHwOAF78rEK
qdBk3Yb3lQoHTpAckSg/RH1vR0Ylg6duiK8gZEwWNx8gPckCC/iz+aJCcd8lAgMB
AAGgADANBgkqhkiG9w0BAQUFAAOCAQEAAf2HBdd7TU4VpCaKCGnY8+lg722L+7qF
6fcm7GYpuvayBLW2W++HT1vbDAu62qOJS4sKGV+Z0iBKCdSocIxjTuQfND7s5lYB
wSFlEBq5HYurVibmGwIH8953TypYg5jL4NnAkd3VGAeoBD1jW3GRen3Vor5S5Ewl
R4nW3FqUT6KUUkKE1upv8lcC/YVYp9vOuDwvNPbmx9EBE2sgBjinl4dw1/c1d6Zb
sNg+5t8UK7dWP32qU13pPQIE3XZmlp04flYligR23D6wAXCk3p7GXlgjxNWzUeLy
9cRvJnwMD/Fxk/0OI7iI1373voPawKS3N5piEHyQHJCX3suE/GGLSQ==
-----END CERTIFICATE REQUEST-----
ca/ca-master/req/s1as.csr 0 → 100644
-----BEGIN CERTIFICATE REQUEST-----
MIICnzCCAYcCAQAwWjELMAkGA1UEBhMCRkkxEDAOBgNVBAgTB1RhbXBlcmUxEDAO
BgNVBAcTB1RhbXBlcmUxDzANBgNVBAoTBkJvcnRhbDEWMBQGA1UEAxMNYm9ydGFs
LXNlcnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALkCehcuUX6u
9Mhj8PLLSFUmFc6c85LtJHNvd1RgFEuFUuO0ipRcHKjca5htTbz8diQg5vxUSckW
eYaxdC8O0hMWZDr8tD6VlDSHqfSVy5bUhjHpEL61BRg58pDSWVKHkCvciKck81VI
+ZNmk4WEYayFJ0x5vUdfDWflx+7OFjXJutIWHiIBg0pQIcJjy7IZreIa9SgBGGXc
kxpoZkVbc9L3I7sd4GqOO0TbjJ8HNvw43fWoprHExnf4vuwu+Vic6GZ9WLzIQeCb
vTJOuDGz6S0w4RosBEVlTTwPYGGcXHTX3/wNBTL5+6chOAU7B1imgSCAsgsjvAUF
f9dmM5wSsZsCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQBIulavAguqK3yx7Weq
CwcQiQuQHmYLhfu6GAM2YvhEhVmlLVDvSVeW6bpLIeRwJ6exYuY8OnZ7IelffCP+
A61tLq09f45N4OzHvsOOpUbn7O0hm1gtGaM0xjWvlRciNuqOmMVqucqp5ku3Ql9t
9a5DcaQPdhGMybGT96zIxRmOEAfsjmuCVEzUG/kxJwtCtiLMqGdVrovbCLOcoJuZ
CXlBNtpqcPuV9CYO/+0Z72lQbuUU/PaBhpBvy9c1psXDA5ClVSV8Nj9F4DQFIdkc
TPATu7TYhBcuoWmrFQ4fCiL6F/oYX/TjDEcncttG4NrXipsvSjlhqjVMjg/zuHOI
UBkx
-----END CERTIFICATE REQUEST-----
ca/ca-master/req/terminal.csr 0 → 100644
-----BEGIN CERTIFICATE REQUEST-----
MIICmjCCAYICAQAwVTELMAkGA1UEBhMCRkkxEDAOBgNVBAgTB1RhbXBlcmUxEDAO
BgNVBAcTB1RhbXBlcmUxDzANBgNVBAoTBkJvcnRhbDERMA8GA1UEAxMIdGVybWlu
YWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJHRa30/kHhKjhgkzh
E8jPWP4jto9zPJDfuCSLttSJOWlxEJ4bVxaK7MB4sqLFrTBesHRDm1Y8tk03ZdQF
gidMxX0Mu4y/1PJG3vbJ517yJ0inLTrtilUJTzpFzLa1wbFhonS1PYsqz+GgT4bE
mWO77Fwn7yCl3h0gmrMZlFwcHSWsJqxKP0ijMHZPwYGZWQqv5M32u7oulzId6epZ
Sa2ZXaXXituKQTPdTlTv+MqAFSLG6dUzFXz+8iE/ord/GpbCgnUZKijFEXLM8+st
yjHoWcQJeTgB3Pp1biO+6Ke9zao/D8dxJixItUGOkZFhLTmY8bGczrENm9DIfhXR
1CgHAgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAJq7FLdxkyq00S/9ePGJxcGZf
QfSiMK2IJLodHZPgnT3q0X4cz4mt6rSlDp/Pf7B0i1ptSy12ul0JLfL6f4JzuQgh
BP3/1wvrad87WRUtlNJxDGagBuD4TcMvi+tU7+ZwAoIHrZ9TbWWbPrctjR+5709D
Jqfl2VOMKkJRO4sBNQH2TSFVm9eVvtduUxydzmAXyAnSURbiJYTOahAcjejPDq/R
RzuXApS35ObVeBJRnVfVzzRzOZ0X/6D+8b48A1N1jdEeolnPlrN2g5UtPGqsRsIt
crIAOciA/Zha7B30nrbLmn12EoV4SkXfZLhCLAZ0Lj5WY/v2S9D/3eLR/El1Kg==
-----END CERTIFICATE REQUEST-----
ca/cacerts.jks 0 → 100644
No preview for this file type
ca/forge.sh 0 → 100755
#!/bin/sh
#
# Commands
#
openssl_req () {
echo openssl req -config openssl.cnf $@
openssl req -config openssl.cnf $@
}
openssl_ca () {
echo openssl ca -config openssl.cnf -batch -startdate 700101000000Z -days 21900 $@
openssl ca -config openssl.cnf -batch -startdate 700101000000Z -days 21900 $@
}
#
# CA directory structure
#
ca_dir () {
test -d "$1" && return
mkdir $1 $1/certs $1/private $1/crl $1/newcerts $1/req
touch $1/index.txt
echo 00 > $1/serial
echo 00 > $1/crlnumber
}
ca_dir ca-master
#
# The CA
#
test -f ca-master/ca-master.crt || {
# Make key and request
openssl_req -extensions v3_ca -new -newkey rsa:2048 -nodes \
-keyout ca-master/private/ca-master.key -out ca-master/req/ca-master.csr \
-subj "/C=FI/ST=Tampere/L=Tampere/O=Bortal/CN=CA"
# Make self signed CA
openssl ca -config openssl.cnf -batch -startdate 700101000000Z -days 21900 \
-selfsign -in ca-master/req/ca-master.csr -out ca-master/ca-master.crt \
-keyfile ca-master/private/ca-master.key || exit 1
# Make CA bundle keystore
rm -f cacerts.jks
openssl x509 -outform der -in ca-master/ca-master.crt -out ca-master/ca-master.der
keytool -import -keystore cacerts.jks -storepass changeit -file ca-master/ca-master.der -noprompt -trustcacerts -alias bortalca
}
#
# Certificates signed by CA
#
master_signed_cert () {
_base=$1 ; shift
test -f ca-master/certs/$_base.crt && return
# Create
openssl_req -new -newkey rsa:2048 -nodes \
-keyout ca-master/private/$_base.key \
-out ca-master/req/$_base.csr \
-subj "/C=FI/ST=Tampere/L=Tampere/O=Bortal/CN=$_base"
# Sign
openssl_ca -name CA_master $@ \
-in ca-master/req/$_base.csr \
-out ca-master/certs/$_base.crt
# Convert to PKCS#12 for import to keystore/browser
openssl pkcs12 -export -passout pass:changeit \
-in ca-master/certs/$_base.crt \
-inkey ca-master/private/$_base.key \
-out ca-master/certs/$_base.p12
}
#Certificates signed by master CA - with custom common name
#also create a .pem file for both private key and cert
master_signed_cert_cn () {
_base=$1 ; shift
_cn=$1 ; shift
test -f ca-master/private/$_base.pem && return
# Generate key and certificate request
openssl_req -new -newkey rsa:2048 -nodes \
-keyout ca-master/private/$_base.key \
-out ca-master/req/$_base.csr \
-subj "/C=FI/ST=Tampere/L=Tampere/O=Bortal/CN=$_cn"
# Sign with CA
openssl_ca -name CA_master $@ \
-in ca-master/req/$_base.csr \
-out ca-master/certs/$_base.crt
# Convert to PKCS#12 for import to keystore/browser
openssl pkcs12 -export -passout pass:changeit -in ca-master/certs/$_base.crt -inkey ca-master/private/$_base.key -out ca-master/certs/$_base.p12
}
master_signed_cert_cn s1as bortal-server -extensions srv_cert
rm -f keystore.jks
keytool -importkeystore -srckeystore ca-master/certs/s1as.p12 -destkeystore keystore.jks -srcstorepass changeit -deststorepass changeit -srcstoretype pkcs12 -alias 1 -destalias s1as
master_signed_cert terminal -extensions client_cert
ca/keystore.jks 0 → 100644
No preview for this file type
ca/master.cer 0 → 100644
-----BEGIN CERTIFICATE-----
MIIDZzCCAk+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA9MQswCQYDVQQGEwJGSTEQ
MA4GA1UECBMHVGFtcGVyZTEPMA0GA1UEChMGQm9ydGFsMQswCQYDVQQDEwJDQTAg
Fw03MDAxMDEwMDAwMDBaGA8yMDcyMDMyMzE2MjIwNFowPTELMAkGA1UEBhMCRkkx
EDAOBgNVBAgTB1RhbXBlcmUxDzANBgNVBAoTBkJvcnRhbDELMAkGA1UEAxMCQ0Ew
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDseFQdsJKlAZDbaT7rwgHo
ThDXPCM2ynl3QXDUsoS9pNqtEePu8zHgMLnzbehQ1qNDAbrMc3DOr49vXkqBETAx
bu4J+AvpgmU3bb3CYb38vgLY6s9NwS6BKjW7Rn9pjnKVJcOfcR4h+No5mEuxz80H
f4DhQXIfDK2pK6+tQdyXAMCxp0qAW/HAZVJ6PYskoHw5MwqQ1pa+Qclyu3c4xyTh
QnHF71YO5KagBMkYrvgziqIZm/JGQ5GCgPmSEahXDzL9HWgcf6tL/pDjRz+TN3tj
4shK8/r/6QV6FwgtzNbkBY4exzwyiMw7aSHguECjRM0jiaTfSXJRGy80Nan8RO6Z
AgMBAAGjcDBuMAkGA1UdEwQCMAAwIQYJYIZIAYb4QgENBBQWEkJvcnRhbCBDZXJ0
aWZpY2F0ZTAdBgNVHQ4EFgQUlozbkSE+SlWHlrDgrFfc1Mq6OHswHwYDVR0jBBgw
FoAUlozbkSE+SlWHlrDgrFfc1Mq6OHswDQYJKoZIhvcNAQEFBQADggEBALQ2fOOf
Q5iGsHkYh7A+X/hFEQqgWEBtbZjEsuvAjgZSkufa9xzls2nA6h9v3rfgb6CBIkFs
b1RWsuz9ewYBsT8RfqKkp0eVaUFA1dZ8df+f7lQvOMK3l+JINXUqh7TAlJsfTwlW
EXID+OOU2/su6kuOBnajveitPU57RU4Oy1U7hB4U7STeyvmZod/CrHi6hlrMd/KJ
7CwWU5mP06hC6JzoE3t7BngSVj9QKpUHDhOiOLUsa919/Y8rmCsE098PjsRleuk9
LowqJh+Qyu6bJyZn6xvE5IcF2jg9AzqFi/tLRMr3uSPGzs9KqgAz3SXyKF7wYvLG
HsLclVSa3+Dos8I=
-----END CERTIFICATE-----
ca/master.der 0 → 100644
No preview for this file type
ca/openssl.cnf 0 → 100644
#
# Bortal CA
#
HOME = .
RANDFILE = $ENV::HOME/.rnd
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_master # The default ca section
####################################################################
[ CA_master ]
dir = ./ca-master # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
#unique_subject = no # Set to 'no' to allow creation of
# several ctificates with same subject.
new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/ca-master.crt # The CA certificate
serial = $dir/serial # The current serial number
crlnumber = $dir/crlnumber # the current crl number
# must be commented out to leave a V1 CRL
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/ca-master.key # The private key
RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Comment out the following two lines for the "traditional"
# (and highly broken) format.
name_opt = ca_default # Subject Name options
cert_opt = ca_default # Certificate field options
# Extension copying option: use with caution.
# copy_extensions = copy
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crlnumber must also be commented out to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha1 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_match
[ CA_tosibox ]
dir = ./ca-tosibox # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
#unique_subject = no # Set to 'no' to allow creation of
# several ctificates with same subject.
new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/ca-tosibox.crt # The CA certificate
serial = $dir/serial # The current serial number
crlnumber = $dir/crlnumber # the current crl number
# must be commented out to leave a V1 CRL
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/ca-tosibox.key # The private key
RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Comment out the following two lines for the "traditional"
# (and highly broken) format.
name_opt = ca_default # Subject Name options
cert_opt = ca_default # Certificate field options
# Extension copying option: use with caution.
# copy_extensions = copy
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crlnumber must also be commented out to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha1 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_match
[ CA_tokens ]
dir = ./ca-tokens # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
#unique_subject = no # Set to 'no' to allow creation of
# several ctificates with same subject.
new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/ca-tokens.crt # The CA certificate
serial = $dir/serial # The current serial number
crlnumber = $dir/crlnumber # the current crl number
# must be commented out to leave a V1 CRL
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/ca-tokens.key # The private key
RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Comment out the following two lines for the "traditional"
# (and highly broken) format.
name_opt = ca_default # Subject Name options
cert_opt = ca_default # Certificate field options
# Extension copying option: use with caution.
# copy_extensions = copy
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crlnumber must also be commented out to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha1 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_match
[ CA_vpnclient ]
dir = ./ca-vpnclient # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
#unique_subject = no # Set to 'no' to allow creation of
# several ctificates with same subject.
new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/ca-vpnclient.crt # The CA certificate
serial = $dir/serial # The current serial number
crlnumber = $dir/crlnumber # the current crl number
# must be commented out to leave a V1 CRL
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/ca-vpnclient.key # The private key
RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Comment out the following two lines for the "traditional"
# (and highly broken) format.
name_opt = ca_default # Subject Name options
cert_opt = ca_default # Certificate field options
# Extension copying option: use with caution.
# copy_extensions = copy
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crlnumber must also be commented out to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha1 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_match
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
####################################################################
[ req ]
default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = FI
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Tampere
localityName = Locality Name (eg, city)
localityName_default = Tampere
0.organizationName = Organization Name (eg, company)
0.organizationName_default = Bortal
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, YOUR name)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 64
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ srv_cert ]
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Server certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
[ sign_cert ]
basicConstraints=CA:FALSE
nsCertType = objsign
nsComment = "Software signing certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
[ client_cert ]
basicConstraints=CA:FALSE
nsCertType = client
nsComment = "Client certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Bortal Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
# An alternative to produce certificates that aren't
# deprecated according to PKIX.
# subjectAltName=email:move
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ proxy_cert_ext ]
# These extensions should be added when creating a proxy certificate
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "OpenSSL Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
# An alternative to produce certificates that aren't
# deprecated according to PKIX.
# subjectAltName=email:move
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
# This really needs to be in place for it to be a proxy certificate.
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
ca/s1as.pem 0 → 100644
-----BEGIN CERTIFICATE-----
MIIDhzCCAm+gAwIBAgIBATANBgkqhkiG9w0BAQUFADA9MQswCQYDVQQGEwJGSTEQ
MA4GA1UECBMHVGFtcGVyZTEPMA0GA1UEChMGQm9ydGFsMQswCQYDVQQDEwJDQTAg
Fw03MDAxMDEwMDAwMDBaGA8yMDcyMDMyMzE2NTU1MFowSDELMAkGA1UEBhMCRkkx
EDAOBgNVBAgTB1RhbXBlcmUxDzANBgNVBAoTBkJvcnRhbDEWMBQGA1UEAxMNYm9y
dGFsLXNlcnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALkCehcu
UX6u9Mhj8PLLSFUmFc6c85LtJHNvd1RgFEuFUuO0ipRcHKjca5htTbz8diQg5vxU
SckWeYaxdC8O0hMWZDr8tD6VlDSHqfSVy5bUhjHpEL61BRg58pDSWVKHkCvciKck
81VI+ZNmk4WEYayFJ0x5vUdfDWflx+7OFjXJutIWHiIBg0pQIcJjy7IZreIa9SgB
GGXckxpoZkVbc9L3I7sd4GqOO0TbjJ8HNvw43fWoprHExnf4vuwu+Vic6GZ9WLzI
QeCbvTJOuDGz6S0w4RosBEVlTTwPYGGcXHTX3/wNBTL5+6chOAU7B1imgSCAsgsj
vAUFf9dmM5wSsZsCAwEAAaOBhDCBgTAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQE
AwIGQDAhBglghkgBhvhCAQ0EFBYSU2VydmVyIGNlcnRpZmljYXRlMB0GA1UdDgQW
BBRTv5DWjOfR+jOv096yVTxzF/pQijAfBgNVHSMEGDAWgBSkCioSB+zOEORMXrZ5
gxg7FT9Q2zANBgkqhkiG9w0BAQUFAAOCAQEAfaKjsrB/N9+KfXVi5x6JqH9YzITC
ACz34TePTbAOq+9Rx7gHJJUYmKdp/NfuV4KqDMTk4tyIAkdY3s8q8hGMWnn2zjNA
kwHxGH5rB8AQN6WkvV6NssWrUBknijzTbgjsJ959OR4guCB19EHdXGzFdRjkYqvI
hJLbZqjcaSnTqgbPhn0S8CBmmveO2HdiR5rUN0lcgOv0WwQuYNPdlgDbCV0q6yWV
SGs94Vet6bom1vvDMRNIpE5HncFAZDlkNUtSb+pRKGU9MuJvOB0t7PlpqpKLZqgA
Ttzyger/lLMtvaTPHGxCfeTFJCcNwg21sEaJ3wh2lIZkZJCjlXla0g1wOg==
-----END CERTIFICATE-----
ca/terminal.pem 0 → 100644
-----BEGIN CERTIFICATE-----
MIIDgjCCAmqgAwIBAgIBAjANBgkqhkiG9w0BAQUFADA9MQswCQYDVQQGEwJGSTEQ
MA4GA1UECBMHVGFtcGVyZTEPMA0GA1UEChMGQm9ydGFsMQswCQYDVQQDEwJDQTAg
Fw03MDAxMDEwMDAwMDBaGA8yMDcyMDMyMzE2NTU1MVowQzELMAkGA1UEBhMCRkkx
EDAOBgNVBAgTB1RhbXBlcmUxDzANBgNVBAoTBkJvcnRhbDERMA8GA1UEAxMIdGVy
bWluYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJHRa30/kHhKjh
gkzhE8jPWP4jto9zPJDfuCSLttSJOWlxEJ4bVxaK7MB4sqLFrTBesHRDm1Y8tk03
ZdQFgidMxX0Mu4y/1PJG3vbJ517yJ0inLTrtilUJTzpFzLa1wbFhonS1PYsqz+Gg
T4bEmWO77Fwn7yCl3h0gmrMZlFwcHSWsJqxKP0ijMHZPwYGZWQqv5M32u7oulzId
6epZSa2ZXaXXituKQTPdTlTv+MqAFSLG6dUzFXz+8iE/ord/GpbCgnUZKijFEXLM
8+styjHoWcQJeTgB3Pp1biO+6Ke9zao/D8dxJixItUGOkZFhLTmY8bGczrENm9DI
fhXR1CgHAgMBAAGjgYQwgYEwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCB4Aw
IQYJYIZIAYb4QgENBBQWEkNsaWVudCBjZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUDtRW
TqZisSk2oBJQS/y5PpJUWVIwHwYDVR0jBBgwFoAUpAoqEgfszhDkTF62eYMYOxU/
UNswDQYJKoZIhvcNAQEFBQADggEBAHOEG6gv3n0i1Po6ihxuAXP6bmyMZJX6iTTE
rYNKctoMvE2Gul6pxnPJUCfKMWroHRumMvNT+MGnx1jiTGRlM854Vs8TdW2df9A+
qQgF8tU9a5y7nxKW4yp2mAzh7h2Hk75QZj8gF5NnaLlURrogjl868QMWIoBPkJf8
Wy4fprBbojFQkIOGhncmoRnIoDDs7zVrse3gS7QXMebhchaeJAFs/qKerW18V8RO
niW97rzpeAVaFqPgIkpmzyxKBf4krnhdHlKeB6rev30xHMyGH6SiOmwiYFr8hkfG
s3OdN4KlFasEp02KlFgn0Hz46Ji2lcch4xcqztyYapAHfWPfJ2I=
-----END CERTIFICATE-----
ca/test.sh 0 → 100755
#!/bin/sh
_base=glassfish
openssl pkcs12 -export -passout pass:changeit -in ca-master/certs/$_base.crt -inkey ca-master/private/$_base.key -out ca-master/certs/$_base.p12
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!