customer-01 cert

Juho Juopperi
Commit a6ffd3ff authored Apr 08, 2012 by Juho Juopperi
Showing with 212 additions and 23 deletions
ca/ca-master/certs/customer-01.crt
ca/ca-master/certs/customer-01.p12
ca/ca-master/newcerts/06.pem
ca/ca-master/private/customer-01.key
ca/ca-master/req/customer-01.csr
ca/forge.sh
--- a/ca/ca-master/certs/customer-01.crt
+++ b/ca/ca-master/certs/customer-01.crt
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 6 (0x6)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=FI, ST=Tampere, O=Bortal, CN=CA
+        Validity
+            Not Before: Jan  1 00:00:00 1970 GMT
+            Not After : Mar 24 16:14:45 2072 GMT
+        Subject: C=FI, ST=Tampere, O=Bortal, OU=Customer, CN=customer-01
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:db:cc:51:60:bc:f0:1c:a5:0e:86:a5:5d:85:90:
+                    db:13:c2:92:cb:84:7f:10:13:06:ff:36:83:0d:5c:
+                    50:21:0e:6d:c6:0b:60:5b:8f:bd:9c:cc:ec:b4:a8:
+                    3b:f5:66:9f:e2:47:4f:b9:30:c5:08:76:86:7f:6b:
+                    b2:ef:cb:28:a1:82:66:14:1a:00:12:3b:2c:72:b5:
+                    bc:ca:c3:e7:a8:b9:a1:cf:2e:52:86:63:82:bd:12:
+                    78:d3:bd:04:b3:2b:52:ac:ee:aa:50:17:6a:01:fc:
+                    f9:4d:cc:2f:05:e4:42:ea:9f:7c:1b:b0:49:0f:62:
+                    1e:4d:b6:1e:fa:e3:10:15:c0:a6:4d:96:11:fe:16:
+                    81:c6:d1:e2:cb:12:be:93:1a:ce:f5:e3:76:1b:dd:
+                    b6:89:f1:65:e4:ba:e3:50:6b:79:0f:29:01:5b:b8:
+                    e8:1f:ef:c0:d9:24:d1:d8:9b:20:32:2f:d0:35:7b:
+                    74:14:ef:3a:1e:4e:3c:5c:6c:4e:7d:63:f3:71:d3:
+                    ca:4a:ab:33:48:bd:b0:c3:b3:66:ec:19:93:c7:2c:
+                    3e:83:45:6d:aa:63:62:48:2b:bc:27:b3:c0:d4:c8:
+                    46:ce:05:46:0e:93:f7:d8:ee:1a:e1:7e:29:8b:8d:
+                    60:80:57:2c:61:29:dd:02:cc:5f:68:77:b1:6c:d4:
+                    05:19
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Client
+            Netscape Comment: 
+                Client certificate
+            X509v3 Subject Key Identifier: 
+                BA:E4:50:FE:A8:48:8F:70:CF:00:7C:C2:7A:73:31:FC:B8:0D:C9:C2
+            X509v3 Authority Key Identifier: 
+                keyid:A4:0A:2A:12:07:EC:CE:10:E4:4C:5E:B6:79:83:18:3B:15:3F:50:DB
+
+    Signature Algorithm: sha1WithRSAEncryption
+        38:2b:bb:d3:4d:aa:95:5e:f8:7b:a5:05:da:af:f4:25:e2:7f:
+        be:83:fd:75:5f:2e:09:16:29:f8:77:7c:4b:f8:0e:fb:99:db:
+        62:5d:c1:51:20:65:c5:8f:f1:31:5d:91:d4:af:5e:7c:94:e1:
+        eb:c9:ee:5e:a5:a5:74:46:de:8b:1d:65:38:86:fe:eb:54:85:
+        ab:82:92:b0:72:81:6c:de:41:bd:90:53:ce:25:93:0b:42:da:
+        a1:d4:03:69:4f:59:ef:c9:de:d1:ac:0d:31:1c:fb:84:6b:cf:
+        b1:f8:39:8e:f0:aa:d8:77:1a:bb:61:e9:2a:c8:96:b8:e0:f3:
+        19:b4:73:7e:33:51:79:41:d6:0a:29:e3:e9:12:85:8f:7c:21:
+        a6:a9:12:e7:cf:46:ba:38:5b:22:2f:8c:af:01:92:df:67:6f:
+        7a:d2:77:13:86:84:d8:43:4d:bf:60:c6:14:e1:12:81:ad:ac:
+        81:b6:eb:60:58:c3:d4:d9:c2:bc:47:b5:16:7e:1f:3b:aa:42:
+        75:8f:30:2d:f0:f7:24:6f:59:b5:d8:57:6b:27:0d:b5:60:af:
+        42:8c:ad:82:f6:f4:ae:72:36:53:e8:ae:f3:74:de:65:53:a6:
+        02:e4:26:65:c5:aa:b1:55:06:c8:6c:39:fb:82:f4:ea:bf:8a:
+        91:46:7c:6a
+-----BEGIN CERTIFICATE-----
+MIIDmDCCAoCgAwIBAgIBBjANBgkqhkiG9w0BAQUFADA9MQswCQYDVQQGEwJGSTEQ
+MA4GA1UECBMHVGFtcGVyZTEPMA0GA1UEChMGQm9ydGFsMQswCQYDVQQDEwJDQTAg
+Fw03MDAxMDEwMDAwMDBaGA8yMDcyMDMyNDE2MTQ0NVowWTELMAkGA1UEBhMCRkkx
+EDAOBgNVBAgTB1RhbXBlcmUxDzANBgNVBAoTBkJvcnRhbDERMA8GA1UECxMIQ3Vz
+dG9tZXIxFDASBgNVBAMTC2N1c3RvbWVyLTAxMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEA28xRYLzwHKUOhqVdhZDbE8KSy4R/EBMG/zaDDVxQIQ5txgtg
+W4+9nMzstKg79Waf4kdPuTDFCHaGf2uy78sooYJmFBoAEjsscrW8ysPnqLmhzy5S
+hmOCvRJ4070EsytSrO6qUBdqAfz5TcwvBeRC6p98G7BJD2IeTbYe+uMQFcCmTZYR
+/haBxtHiyxK+kxrO9eN2G922ifFl5LrjUGt5DykBW7joH+/A2STR2JsgMi/QNXt0
+FO86Hk48XGxOfWPzcdPKSqszSL2ww7Nm7BmTxyw+g0VtqmNiSCu8J7PA1MhGzgVG
+DpP32O4a4X4pi41ggFcsYSndAsxfaHexbNQFGQIDAQABo4GEMIGBMAkGA1UdEwQC
+MAAwEQYJYIZIAYb4QgEBBAQDAgeAMCEGCWCGSAGG+EIBDQQUFhJDbGllbnQgY2Vy
+dGlmaWNhdGUwHQYDVR0OBBYEFLrkUP6oSI9wzwB8wnpzMfy4DcnCMB8GA1UdIwQY
+MBaAFKQKKhIH7M4Q5ExetnmDGDsVP1DbMA0GCSqGSIb3DQEBBQUAA4IBAQA4K7vT
+TaqVXvh7pQXar/Ql4n++g/11Xy4JFin4d3xL+A77mdtiXcFRIGXFj/ExXZHUr158
+lOHrye5epaV0Rt6LHWU4hv7rVIWrgpKwcoFs3kG9kFPOJZMLQtqh1ANpT1nvyd7R
+rA0xHPuEa8+x+DmO8KrYdxq7YekqyJa44PMZtHN+M1F5QdYKKePpEoWPfCGmqRLn
+z0a6OFsiL4yvAZLfZ2960ncThoTYQ02/YMYU4RKBrayBtutgWMPU2cK8R7UWfh87
+qkJ1jzAt8Pckb1m12FdrJw21YK9CjK2C9vSucjZT6K7zdN5lU6YC5CZlxaqxVQbI
+bDn7gvTqv4qRRnxq
+-----END CERTIFICATE-----
--- a/ca/ca-master/certs/customer-01.p12
+++ b/ca/ca-master/certs/customer-01.p12
--- a/ca/ca-master/newcerts/06.pem
+++ b/ca/ca-master/newcerts/06.pem
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 6 (0x6)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=FI, ST=Tampere, O=Bortal, CN=CA
+        Validity
+            Not Before: Jan  1 00:00:00 1970 GMT
+            Not After : Mar 24 16:14:45 2072 GMT
+        Subject: C=FI, ST=Tampere, O=Bortal, OU=Customer, CN=customer-01
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:db:cc:51:60:bc:f0:1c:a5:0e:86:a5:5d:85:90:
+                    db:13:c2:92:cb:84:7f:10:13:06:ff:36:83:0d:5c:
+                    50:21:0e:6d:c6:0b:60:5b:8f:bd:9c:cc:ec:b4:a8:
+                    3b:f5:66:9f:e2:47:4f:b9:30:c5:08:76:86:7f:6b:
+                    b2:ef:cb:28:a1:82:66:14:1a:00:12:3b:2c:72:b5:
+                    bc:ca:c3:e7:a8:b9:a1:cf:2e:52:86:63:82:bd:12:
+                    78:d3:bd:04:b3:2b:52:ac:ee:aa:50:17:6a:01:fc:
+                    f9:4d:cc:2f:05:e4:42:ea:9f:7c:1b:b0:49:0f:62:
+                    1e:4d:b6:1e:fa:e3:10:15:c0:a6:4d:96:11:fe:16:
+                    81:c6:d1:e2:cb:12:be:93:1a:ce:f5:e3:76:1b:dd:
+                    b6:89:f1:65:e4:ba:e3:50:6b:79:0f:29:01:5b:b8:
+                    e8:1f:ef:c0:d9:24:d1:d8:9b:20:32:2f:d0:35:7b:
+                    74:14:ef:3a:1e:4e:3c:5c:6c:4e:7d:63:f3:71:d3:
+                    ca:4a:ab:33:48:bd:b0:c3:b3:66:ec:19:93:c7:2c:
+                    3e:83:45:6d:aa:63:62:48:2b:bc:27:b3:c0:d4:c8:
+                    46:ce:05:46:0e:93:f7:d8:ee:1a:e1:7e:29:8b:8d:
+                    60:80:57:2c:61:29:dd:02:cc:5f:68:77:b1:6c:d4:
+                    05:19
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Client
+            Netscape Comment: 
+                Client certificate
+            X509v3 Subject Key Identifier: 
+                BA:E4:50:FE:A8:48:8F:70:CF:00:7C:C2:7A:73:31:FC:B8:0D:C9:C2
+            X509v3 Authority Key Identifier: 
+                keyid:A4:0A:2A:12:07:EC:CE:10:E4:4C:5E:B6:79:83:18:3B:15:3F:50:DB
+
+    Signature Algorithm: sha1WithRSAEncryption
+        38:2b:bb:d3:4d:aa:95:5e:f8:7b:a5:05:da:af:f4:25:e2:7f:
+        be:83:fd:75:5f:2e:09:16:29:f8:77:7c:4b:f8:0e:fb:99:db:
+        62:5d:c1:51:20:65:c5:8f:f1:31:5d:91:d4:af:5e:7c:94:e1:
+        eb:c9:ee:5e:a5:a5:74:46:de:8b:1d:65:38:86:fe:eb:54:85:
+        ab:82:92:b0:72:81:6c:de:41:bd:90:53:ce:25:93:0b:42:da:
+        a1:d4:03:69:4f:59:ef:c9:de:d1:ac:0d:31:1c:fb:84:6b:cf:
+        b1:f8:39:8e:f0:aa:d8:77:1a:bb:61:e9:2a:c8:96:b8:e0:f3:
+        19:b4:73:7e:33:51:79:41:d6:0a:29:e3:e9:12:85:8f:7c:21:
+        a6:a9:12:e7:cf:46:ba:38:5b:22:2f:8c:af:01:92:df:67:6f:
+        7a:d2:77:13:86:84:d8:43:4d:bf:60:c6:14:e1:12:81:ad:ac:
+        81:b6:eb:60:58:c3:d4:d9:c2:bc:47:b5:16:7e:1f:3b:aa:42:
+        75:8f:30:2d:f0:f7:24:6f:59:b5:d8:57:6b:27:0d:b5:60:af:
+        42:8c:ad:82:f6:f4:ae:72:36:53:e8:ae:f3:74:de:65:53:a6:
+        02:e4:26:65:c5:aa:b1:55:06:c8:6c:39:fb:82:f4:ea:bf:8a:
+        91:46:7c:6a
+-----BEGIN CERTIFICATE-----
+MIIDmDCCAoCgAwIBAgIBBjANBgkqhkiG9w0BAQUFADA9MQswCQYDVQQGEwJGSTEQ
+MA4GA1UECBMHVGFtcGVyZTEPMA0GA1UEChMGQm9ydGFsMQswCQYDVQQDEwJDQTAg
+Fw03MDAxMDEwMDAwMDBaGA8yMDcyMDMyNDE2MTQ0NVowWTELMAkGA1UEBhMCRkkx
+EDAOBgNVBAgTB1RhbXBlcmUxDzANBgNVBAoTBkJvcnRhbDERMA8GA1UECxMIQ3Vz
+dG9tZXIxFDASBgNVBAMTC2N1c3RvbWVyLTAxMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEA28xRYLzwHKUOhqVdhZDbE8KSy4R/EBMG/zaDDVxQIQ5txgtg
+W4+9nMzstKg79Waf4kdPuTDFCHaGf2uy78sooYJmFBoAEjsscrW8ysPnqLmhzy5S
+hmOCvRJ4070EsytSrO6qUBdqAfz5TcwvBeRC6p98G7BJD2IeTbYe+uMQFcCmTZYR
+/haBxtHiyxK+kxrO9eN2G922ifFl5LrjUGt5DykBW7joH+/A2STR2JsgMi/QNXt0
+FO86Hk48XGxOfWPzcdPKSqszSL2ww7Nm7BmTxyw+g0VtqmNiSCu8J7PA1MhGzgVG
+DpP32O4a4X4pi41ggFcsYSndAsxfaHexbNQFGQIDAQABo4GEMIGBMAkGA1UdEwQC
+MAAwEQYJYIZIAYb4QgEBBAQDAgeAMCEGCWCGSAGG+EIBDQQUFhJDbGllbnQgY2Vy
+dGlmaWNhdGUwHQYDVR0OBBYEFLrkUP6oSI9wzwB8wnpzMfy4DcnCMB8GA1UdIwQY
+MBaAFKQKKhIH7M4Q5ExetnmDGDsVP1DbMA0GCSqGSIb3DQEBBQUAA4IBAQA4K7vT
+TaqVXvh7pQXar/Ql4n++g/11Xy4JFin4d3xL+A77mdtiXcFRIGXFj/ExXZHUr158
+lOHrye5epaV0Rt6LHWU4hv7rVIWrgpKwcoFs3kG9kFPOJZMLQtqh1ANpT1nvyd7R
+rA0xHPuEa8+x+DmO8KrYdxq7YekqyJa44PMZtHN+M1F5QdYKKePpEoWPfCGmqRLn
+z0a6OFsiL4yvAZLfZ2960ncThoTYQ02/YMYU4RKBrayBtutgWMPU2cK8R7UWfh87
+qkJ1jzAt8Pckb1m12FdrJw21YK9CjK2C9vSucjZT6K7zdN5lU6YC5CZlxaqxVQbI
+bDn7gvTqv4qRRnxq
+-----END CERTIFICATE-----
--- a/ca/ca-master/private/customer-01.key
+++ b/ca/ca-master/private/customer-01.key
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA28xRYLzwHKUOhqVdhZDbE8KSy4R/EBMG/zaDDVxQIQ5txgtg
+W4+9nMzstKg79Waf4kdPuTDFCHaGf2uy78sooYJmFBoAEjsscrW8ysPnqLmhzy5S
+hmOCvRJ4070EsytSrO6qUBdqAfz5TcwvBeRC6p98G7BJD2IeTbYe+uMQFcCmTZYR
+/haBxtHiyxK+kxrO9eN2G922ifFl5LrjUGt5DykBW7joH+/A2STR2JsgMi/QNXt0
+FO86Hk48XGxOfWPzcdPKSqszSL2ww7Nm7BmTxyw+g0VtqmNiSCu8J7PA1MhGzgVG
+DpP32O4a4X4pi41ggFcsYSndAsxfaHexbNQFGQIDAQABAoIBABzXuvYO1RNtNXLF
+0HfuglEdf1XllSbu2EQ1Sw09x+YOlqkeZQ6e1ir1WTp7uSKCzQhMg1Gx7KknpI6j
+18sMbDAA9UvdELwMOz8nEGfY47ojSs60OmBtW5KNkDS1QMN9FNtHjxUVjzcjXqA
+CMulIILZWtfnUi8KmR9pfrc9hKbV2re7QOxO2aGAkqmPaNNRsL1vCM2ezya53wc5
+vcZoirn+gGfbdIIGQb7FX5YIJo1LXqQ5ZgQcXXdzmhT3J5G+Fu5nc26sRABMUIzA
+D7ldSEitxx+3IxQ8lCOTohiJcbaydAMdAbmvwZJdgt0JSamKvVC9AEiatM3oqxPs
+Z01Bd2ECgYEA8lcFBLbjppeKE7RPH55/IltMGQvk7VW044taJLD5KlcD35tdKuMq
+ozJWS30eLuWlQuvtj4w7wVWtujENDXUfIPswnHa+uu5rncm5cSbP8YP0MJipGIXm
+ePQjwHPBPTm8+xdxTJJSkyHRVtOf2N+p2ILObxXbNJYqOaFxFJRvU5MCgYEA6DAE
+xKiavxLgVRkVeEuxOV7TMGRI5Z2zpVKv5W9kdizL/wgpXKC0z2RkXQ7QoZkqOfNY
+uI1kmcV/1nQ0uu7bi100Y7QFoiEoX90ksSTe5fRz1VBZGBQRBeZ+aGiXAGL1EXEC
+zbTjeC34pq/q+aqRK0Ak7bUwur4nAAPEUFplCCMCgYAxcGNLtOv4fo3iuzQxJSqW
+nb2GlpCbgpKmoTVAqwIKCzp1EcMODs4SASDtwZa4xozSfEM4t8kxBgOtKniZOD2j
+gttF8Eu04xL9W7wDQ4HEqcDVcS9+G0MLhfMNPhA8J11QdFXe4zMJZSrJ5d6EZgzG
+aNkofHL95Wyz2SWypx2XFQKBgQDHtdXEGYnQ47mVOJgg+mobgJaCPx/8cGK+xpqI
+7AErLGjimfCJvakH4b/50u5csNODOO6M/wESyq+klBtu1lh8TNTtFUDrLT3/BsWy
+oJYgkNy5E/0uGsRxoMoFoECRkoxcTiotKXOmQVRoe1PPH4jx/KBG3dxmI3yEJLlM
+rBPOpQKBgHS4j0XgItZPW6paYfbS0zTtbx6GyA9y1d3Bo1DYfWzCRcsmXSxCWN7y
+wzyJ3ElyMZxGcCPlQvk2h9RYW2OYWSK3S5kiatxsqAJ90ItVZDDsPoWT7P8OHZ6/
+TApmKbpV0vZ5o4zxqU2zSPQr76HkQipib7Un9RNhmH8Md9wNhxDe
+-----END RSA PRIVATE KEY-----
--- a/ca/ca-master/req/customer-01.csr
+++ b/ca/ca-master/req/customer-01.csr
+-----BEGIN CERTIFICATE REQUEST-----
+MIICsDCCAZgCAQAwazELMAkGA1UEBhMCRkkxEDAOBgNVBAgTB1RhbXBlcmUxEDAO
+BgNVBAcTB1RhbXBlcmUxDzANBgNVBAoTBkJvcnRhbDERMA8GA1UECxMIQ3VzdG9t
+ZXIxFDASBgNVBAMTC2N1c3RvbWVyLTAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEA28xRYLzwHKUOhqVdhZDbE8KSy4R/EBMG/zaDDVxQIQ5txgtgW4+9
+nMzstKg79Waf4kdPuTDFCHaGf2uy78sooYJmFBoAEjsscrW8ysPnqLmhzy5ShmOC
+vRJ4070EsytSrO6qUBdqAfz5TcwvBeRC6p98G7BJD2IeTbYe+uMQFcCmTZYR/haB
+xtHiyxK+kxrO9eN2G922ifFl5LrjUGt5DykBW7joH+/A2STR2JsgMi/QNXt0FO86
+Hk48XGxOfWPzcdPKSqszSL2ww7Nm7BmTxyw+g0VtqmNiSCu8J7PA1MhGzgVGDpP3
+2O4a4X4pi41ggFcsYSndAsxfaHexbNQFGQIDAQABoAAwDQYJKoZIhvcNAQEFBQAD
+ggEBAClQwvOkm+lu74/ndo0AUmyvEC+3btAHtb9C25pAwfb6uG/B5Q8vw0w+Y5RI
+yjTrsPhHv3NPoaZI8tJPBiGJWdQHLcFlsJx8Lp9vI9IEOg34q53jq+JeaLb/4/YJ
+ECwjYbYFRm6yg9U54bMEQlA6+5KBNSzEPra3s/Htiom5aXhYUMzEaRkGqSFoZVr6
+JONZU4f1RgRkOi/jPJuOuKV+MtOkN+k68aTbBtg9z0UwwbtLXCWIxJ6VegVhl66Y
+g2hnTKtTlR4Xa+nuZVDUqu2+oacdCR///SA97U2eQiETrngWloZFz8uukrVPWNPo
+rEjA/xUtD8Wr0qaiE+P3Bs1U8QE=
+-----END CERTIFICATE REQUEST-----
--- a/ca/forge.sh
+++ b/ca/forge.sh
@@ -55,35 +55,13 @@ test -f ca-master/ca-master.crt || {
 # Certificates signed by CA
 #

-master_signed_cert () {
-    _base=$1 ; shift
-    test -f ca-master/certs/$_base.crt && return
-
-    # Create
-    openssl_req -new -newkey rsa:2048 -nodes \
-	-keyout ca-master/private/$_base.key \
-	-out ca-master/req/$_base.csr \
-	-subj "/C=FI/ST=Tampere/L=Tampere/O=Bortal/CN=$_base"
-
-    # Sign
-    openssl_ca -name CA_master $@ \
-	-in ca-master/req/$_base.csr \
-	-out ca-master/certs/$_base.crt 
-
-    # Convert to PKCS#12 for import to keystore/browser
-    openssl pkcs12 -export -passout pass:changeit \
-        -in ca-master/certs/$_base.crt \
-        -inkey ca-master/private/$_base.key \
-        -out ca-master/certs/$_base.p12
-}
-
 #Certificates signed by master CA - with custom common name
 #also create a .pem file for both private key and cert
 master_signed_cert_subj () {
    _base=$1 ; shift
    _subj=$1 ; shift

-    test -f ca-master/private/$_base.pem && return
+    test -f ca-master/private/$_base.key && return

    # Generate key and certificate request
    openssl_req -new -newkey rsa:2048 -nodes \
@@ -112,4 +90,5 @@ master_signed_cert_subj terminal "/C=FI/ST=Tampere/L=Tampere/O=Bortal/CN=termina
 master_signed_cert_subj cashier-01 "/C=FI/ST=Tampere/L=Tampere/O=Bortal/OU=Cashier/CN=cashier-01" -extensions client_cert
 master_signed_cert_subj client-01 "/C=FI/ST=Tampere/L=Tampere/O=Bortal/OU=Client/CN=client-01" -extensions client_cert
 master_signed_cert_subj selfhelp-01 "/C=FI/ST=Tampere/L=Tampere/O=Bortal/OU=Selfhelp/CN=selfhelp-01" -extensions client_cert
+master_signed_cert_subj customer-01 "/C=FI/ST=Tampere/L=Tampere/O=Bortal/OU=Customer/CN=customer-01" -extensions client_cert