diff --git a/ca/root-ca.crt b/ca/root-ca.crt new file mode 100644 index 0000000..44174b2 --- /dev/null +++ b/ca/root-ca.crt @@ -0,0 +1,82 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2a:92:4b:e5:eb:2b:8b:a5:09:6d:1d:af:13:a4:b5:3d:20:83:0a:2b + Signature Algorithm: sha256WithRSAEncryption + Issuer: DC=org, DC=simple, O=Simple Inc, CN=Simple Root CA + Validity + Not Before: Oct 24 13:49:19 2025 GMT + Not After : Oct 24 13:49:19 2035 GMT + Subject: DC=org, DC=simple, O=Simple Inc, CN=Simple Root CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:97:70:47:fe:95:95:6d:f1:d3:fc:22:39:fe:db: + 9b:08:44:9f:98:e0:02:9d:9c:85:69:f9:b3:be:01: + 77:d6:aa:31:e1:b2:b7:82:1a:ba:7e:62:36:f4:df: + be:26:13:26:1e:d0:c2:c3:00:61:1e:f5:e1:5d:02: + c3:5a:04:08:7e:70:e8:5d:25:f8:94:35:45:b7:ee: + 91:cc:ef:41:41:2e:a4:71:7b:54:51:81:7e:e3:27: + 42:53:c2:ab:4c:e4:8a:ed:59:7a:a9:f8:91:f1:8a: + 69:83:0c:a7:83:f9:36:cc:af:9c:26:7e:b6:d5:10: + 03:24:be:7b:f2:5c:f8:a9:3c:01:96:c2:21:88:1d: + e3:6f:46:c3:9d:d8:ea:8b:90:4c:c4:2b:90:7c:a3: + 5c:dc:68:c3:b5:01:a7:4c:99:97:d4:94:b0:69:3d: + c9:50:4e:a4:5e:54:94:cc:c4:db:18:65:f7:6f:6c: + 74:b1:02:c4:5e:93:d1:92:1b:05:89:4d:a5:55:38: + da:8e:2d:e7:60:9a:ee:be:60:6c:77:5a:12:c0:60: + 2d:b1:4b:8d:6b:04:ae:5c:38:c9:9e:0c:b4:4e:3a: + df:5b:d6:43:60:98:bb:b1:04:25:41:c6:af:b8:8b: + 18:c7:a7:ae:29:11:b9:40:04:35:6b:f4:57:57:fa: + d9:d3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + DA:B2:3E:C6:6E:34:D2:0A:3C:FF:AC:A2:9D:17:24:A3:32:AB:DD:AB + X509v3 Authority Key Identifier: + DA:B2:3E:C6:6E:34:D2:0A:3C:FF:AC:A2:9D:17:24:A3:32:AB:DD:AB + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 2c:da:9e:3c:bf:e8:ce:92:3f:33:66:0e:f0:53:0c:8b:d8:51: + a3:00:7f:3d:9c:df:dc:9b:a5:fb:f4:b4:d1:12:e4:0d:4a:a7: + 02:3b:ce:4b:2e:8d:af:06:a8:a3:62:a8:71:ef:8d:60:08:4f: + e5:ff:fb:8d:e7:00:33:3b:c8:41:1b:be:61:03:ec:d5:b4:fe: + d1:29:06:eb:fb:1f:2c:70:47:4f:99:b8:cd:45:38:29:89:70: + cb:00:c2:db:73:f1:37:b6:84:e4:fc:38:38:1d:74:d9:07:14: + ba:47:d0:f1:fa:f3:97:c2:1f:90:79:de:bb:58:9e:69:67:b5: + 12:93:87:c8:9f:c2:02:55:8a:d1:5b:c4:3c:2d:65:4d:6e:70: + c6:59:f3:52:d1:01:9b:37:b7:39:2d:32:00:cd:e4:27:f2:d9: + f8:4a:14:4d:4d:a7:8e:37:2b:6f:ab:aa:58:81:22:93:e9:cd: + 8a:aa:4e:c3:11:74:1a:13:4a:ad:e7:db:dd:ac:d6:f4:90:cd: + 76:b7:c1:cb:2d:da:6e:9e:ee:12:85:a2:a2:6c:be:62:6a:c2: + cf:3e:ac:40:0e:d4:0e:65:b7:2d:8f:22:3e:d5:0b:41:da:fa: + 4a:eb:1b:a5:7f:d5:c9:86:21:a3:19:51:03:d1:a9:35:f1:5f: + 7d:2a:b9:87 +-----BEGIN CERTIFICATE----- +MIIDpzCCAo+gAwIBAgIUKpJL5esri6UJbR2vE6S1PSCDCiswDQYJKoZIhvcNAQEL +BQAwWzETMBEGCgmSJomT8ixkARkWA29yZzEWMBQGCgmSJomT8ixkARkWBnNpbXBs +ZTETMBEGA1UECgwKU2ltcGxlIEluYzEXMBUGA1UEAwwOU2ltcGxlIFJvb3QgQ0Ew +HhcNMjUxMDI0MTM0OTE5WhcNMzUxMDI0MTM0OTE5WjBbMRMwEQYKCZImiZPyLGQB +GRYDb3JnMRYwFAYKCZImiZPyLGQBGRYGc2ltcGxlMRMwEQYDVQQKDApTaW1wbGUg +SW5jMRcwFQYDVQQDDA5TaW1wbGUgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAJdwR/6VlW3x0/wiOf7bmwhEn5jgAp2chWn5s74Bd9aqMeGy +t4Iaun5iNvTfviYTJh7QwsMAYR714V0Cw1oECH5w6F0l+JQ1RbfukczvQUEupHF7 +VFGBfuMnQlPCq0zkiu1Zeqn4kfGKaYMMp4P5NsyvnCZ+ttUQAyS+e/Jc+Kk8AZbC +IYgd429Gw53Y6ouQTMQrkHyjXNxow7UBp0yZl9SUsGk9yVBOpF5UlMzE2xhl929s +dLECxF6T0ZIbBYlNpVU42o4t52Ca7r5gbHdaEsBgLbFLjWsErlw4yZ4MtE4631vW +Q2CYu7EEJUHGr7iLGMenrikRuUAENWv0V1f62dMCAwEAAaNjMGEwDgYDVR0PAQH/ +BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNqyPsZuNNIKPP+sop0X +JKMyq92rMB8GA1UdIwQYMBaAFNqyPsZuNNIKPP+sop0XJKMyq92rMA0GCSqGSIb3 +DQEBCwUAA4IBAQAs2p48v+jOkj8zZg7wUwyL2FGjAH89nN/cm6X79LTREuQNSqcC +O85LLo2vBqijYqhx741gCE/l//uN5wAzO8hBG75hA+zVtP7RKQbr+x8scEdPmbjN +RTgpiXDLAMLbc/E3toTk/Dg4HXTZBxS6R9Dx+vOXwh+Qed67WJ5pZ7USk4fIn8IC +VYrRW8Q8LWVNbnDGWfNS0QGbN7c5LTIAzeQn8tn4ShRNTaeONytvq6pYgSKT6c2K +qk7DEXQaE0qt59vdrNb0kM12t8HLLdpunu4ShaKibL5iasLPPqxADtQOZbctjyI+ +1QtB2vpK6xulf9XJhiGjGVED0ak18V99KrmH +-----END CERTIFICATE----- diff --git a/ca/root-ca.csr b/ca/root-ca.csr new file mode 100644 index 0000000..fdc5cb3 --- /dev/null +++ b/ca/root-ca.csr @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIC8TCCAdkCAQAwWzETMBEGCgmSJomT8ixkARkWA29yZzEWMBQGCgmSJomT8ixk +ARkWBnNpbXBsZTETMBEGA1UECgwKU2ltcGxlIEluYzEXMBUGA1UEAwwOU2ltcGxl +IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXcEf+lZVt +8dP8Ijn+25sIRJ+Y4AKdnIVp+bO+AXfWqjHhsreCGrp+Yjb0374mEyYe0MLDAGEe +9eFdAsNaBAh+cOhdJfiUNUW37pHM70FBLqRxe1RRgX7jJ0JTwqtM5IrtWXqp+JHx +immDDKeD+TbMr5wmfrbVEAMkvnvyXPipPAGWwiGIHeNvRsOd2OqLkEzEK5B8o1zc +aMO1AadMmZfUlLBpPclQTqReVJTMxNsYZfdvbHSxAsRek9GSGwWJTaVVONqOLedg +mu6+YGx3WhLAYC2xS41rBK5cOMmeDLROOt9b1kNgmLuxBCVBxq+4ixjHp64pEblA +BDVr9FdX+tnTAgMBAAGgUTBPBgkqhkiG9w0BCQ4xQjBAMA4GA1UdDwEB/wQEAwIB +BjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTasj7GbjTSCjz/rKKdFySjMqvd +qzANBgkqhkiG9w0BAQsFAAOCAQEAdWJ7rkL/OaaX6JYUeXuR0x3zQ0L1KAaLo/TU +iqY1L2LV9RXdNCsqsV2i/zx5F+nb6qtr65l7r/J75nGsfAJOrwgXWxKRCNo/aYdY +3PJ120BmrUHIRWZuQC2I5hyjiuSXYQduCjJYujRnV28dEgCHIs+luLWpBzKVE0yO +NiPW4cfKuBNWrfYmO/BT79ygJBjnt/gXAILsHYIn2yg8cksjkXkoDhXisYYCUGYS +uhC3ATn1zR4lNHsXQg8uwlBJSWYEbOqfEBHGWWVbZergxWsRyRY6fDy1tbqOP+TO +QXAXCt4zB1PU8J6uufNID7LTa6LeKnTRj7P/9lGXpKNDIsEpeA== +-----END CERTIFICATE REQUEST----- diff --git a/ca/root-ca/2A924BE5EB2B8BA5096D1DAF13A4B53D20830A2B.pem b/ca/root-ca/2A924BE5EB2B8BA5096D1DAF13A4B53D20830A2B.pem new file mode 100644 index 0000000..44174b2 --- /dev/null +++ b/ca/root-ca/2A924BE5EB2B8BA5096D1DAF13A4B53D20830A2B.pem @@ -0,0 +1,82 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2a:92:4b:e5:eb:2b:8b:a5:09:6d:1d:af:13:a4:b5:3d:20:83:0a:2b + Signature Algorithm: sha256WithRSAEncryption + Issuer: DC=org, DC=simple, O=Simple Inc, CN=Simple Root CA + Validity + Not Before: Oct 24 13:49:19 2025 GMT + Not After : Oct 24 13:49:19 2035 GMT + Subject: DC=org, DC=simple, O=Simple Inc, CN=Simple Root CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:97:70:47:fe:95:95:6d:f1:d3:fc:22:39:fe:db: + 9b:08:44:9f:98:e0:02:9d:9c:85:69:f9:b3:be:01: + 77:d6:aa:31:e1:b2:b7:82:1a:ba:7e:62:36:f4:df: + be:26:13:26:1e:d0:c2:c3:00:61:1e:f5:e1:5d:02: + c3:5a:04:08:7e:70:e8:5d:25:f8:94:35:45:b7:ee: + 91:cc:ef:41:41:2e:a4:71:7b:54:51:81:7e:e3:27: + 42:53:c2:ab:4c:e4:8a:ed:59:7a:a9:f8:91:f1:8a: + 69:83:0c:a7:83:f9:36:cc:af:9c:26:7e:b6:d5:10: + 03:24:be:7b:f2:5c:f8:a9:3c:01:96:c2:21:88:1d: + e3:6f:46:c3:9d:d8:ea:8b:90:4c:c4:2b:90:7c:a3: + 5c:dc:68:c3:b5:01:a7:4c:99:97:d4:94:b0:69:3d: + c9:50:4e:a4:5e:54:94:cc:c4:db:18:65:f7:6f:6c: + 74:b1:02:c4:5e:93:d1:92:1b:05:89:4d:a5:55:38: + da:8e:2d:e7:60:9a:ee:be:60:6c:77:5a:12:c0:60: + 2d:b1:4b:8d:6b:04:ae:5c:38:c9:9e:0c:b4:4e:3a: + df:5b:d6:43:60:98:bb:b1:04:25:41:c6:af:b8:8b: + 18:c7:a7:ae:29:11:b9:40:04:35:6b:f4:57:57:fa: + d9:d3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + DA:B2:3E:C6:6E:34:D2:0A:3C:FF:AC:A2:9D:17:24:A3:32:AB:DD:AB + X509v3 Authority Key Identifier: + DA:B2:3E:C6:6E:34:D2:0A:3C:FF:AC:A2:9D:17:24:A3:32:AB:DD:AB + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 2c:da:9e:3c:bf:e8:ce:92:3f:33:66:0e:f0:53:0c:8b:d8:51: + a3:00:7f:3d:9c:df:dc:9b:a5:fb:f4:b4:d1:12:e4:0d:4a:a7: + 02:3b:ce:4b:2e:8d:af:06:a8:a3:62:a8:71:ef:8d:60:08:4f: + e5:ff:fb:8d:e7:00:33:3b:c8:41:1b:be:61:03:ec:d5:b4:fe: + d1:29:06:eb:fb:1f:2c:70:47:4f:99:b8:cd:45:38:29:89:70: + cb:00:c2:db:73:f1:37:b6:84:e4:fc:38:38:1d:74:d9:07:14: + ba:47:d0:f1:fa:f3:97:c2:1f:90:79:de:bb:58:9e:69:67:b5: + 12:93:87:c8:9f:c2:02:55:8a:d1:5b:c4:3c:2d:65:4d:6e:70: + c6:59:f3:52:d1:01:9b:37:b7:39:2d:32:00:cd:e4:27:f2:d9: + f8:4a:14:4d:4d:a7:8e:37:2b:6f:ab:aa:58:81:22:93:e9:cd: + 8a:aa:4e:c3:11:74:1a:13:4a:ad:e7:db:dd:ac:d6:f4:90:cd: + 76:b7:c1:cb:2d:da:6e:9e:ee:12:85:a2:a2:6c:be:62:6a:c2: + cf:3e:ac:40:0e:d4:0e:65:b7:2d:8f:22:3e:d5:0b:41:da:fa: + 4a:eb:1b:a5:7f:d5:c9:86:21:a3:19:51:03:d1:a9:35:f1:5f: + 7d:2a:b9:87 +-----BEGIN CERTIFICATE----- +MIIDpzCCAo+gAwIBAgIUKpJL5esri6UJbR2vE6S1PSCDCiswDQYJKoZIhvcNAQEL +BQAwWzETMBEGCgmSJomT8ixkARkWA29yZzEWMBQGCgmSJomT8ixkARkWBnNpbXBs +ZTETMBEGA1UECgwKU2ltcGxlIEluYzEXMBUGA1UEAwwOU2ltcGxlIFJvb3QgQ0Ew +HhcNMjUxMDI0MTM0OTE5WhcNMzUxMDI0MTM0OTE5WjBbMRMwEQYKCZImiZPyLGQB +GRYDb3JnMRYwFAYKCZImiZPyLGQBGRYGc2ltcGxlMRMwEQYDVQQKDApTaW1wbGUg +SW5jMRcwFQYDVQQDDA5TaW1wbGUgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAJdwR/6VlW3x0/wiOf7bmwhEn5jgAp2chWn5s74Bd9aqMeGy +t4Iaun5iNvTfviYTJh7QwsMAYR714V0Cw1oECH5w6F0l+JQ1RbfukczvQUEupHF7 +VFGBfuMnQlPCq0zkiu1Zeqn4kfGKaYMMp4P5NsyvnCZ+ttUQAyS+e/Jc+Kk8AZbC +IYgd429Gw53Y6ouQTMQrkHyjXNxow7UBp0yZl9SUsGk9yVBOpF5UlMzE2xhl929s +dLECxF6T0ZIbBYlNpVU42o4t52Ca7r5gbHdaEsBgLbFLjWsErlw4yZ4MtE4631vW +Q2CYu7EEJUHGr7iLGMenrikRuUAENWv0V1f62dMCAwEAAaNjMGEwDgYDVR0PAQH/ +BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNqyPsZuNNIKPP+sop0X +JKMyq92rMB8GA1UdIwQYMBaAFNqyPsZuNNIKPP+sop0XJKMyq92rMA0GCSqGSIb3 +DQEBCwUAA4IBAQAs2p48v+jOkj8zZg7wUwyL2FGjAH89nN/cm6X79LTREuQNSqcC +O85LLo2vBqijYqhx741gCE/l//uN5wAzO8hBG75hA+zVtP7RKQbr+x8scEdPmbjN +RTgpiXDLAMLbc/E3toTk/Dg4HXTZBxS6R9Dx+vOXwh+Qed67WJ5pZ7USk4fIn8IC +VYrRW8Q8LWVNbnDGWfNS0QGbN7c5LTIAzeQn8tn4ShRNTaeONytvq6pYgSKT6c2K +qk7DEXQaE0qt59vdrNb0kM12t8HLLdpunu4ShaKibL5iasLPPqxADtQOZbctjyI+ +1QtB2vpK6xulf9XJhiGjGVED0ak18V99KrmH +-----END CERTIFICATE----- diff --git a/ca/root-ca/70665C1EDD2521B0A59089AF93F35E78E5D6848A.pem b/ca/root-ca/70665C1EDD2521B0A59089AF93F35E78E5D6848A.pem new file mode 100644 index 0000000..15d6aa9 --- /dev/null +++ b/ca/root-ca/70665C1EDD2521B0A59089AF93F35E78E5D6848A.pem @@ -0,0 +1,82 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 70:66:5c:1e:dd:25:21:b0:a5:90:89:af:93:f3:5e:78:e5:d6:84:8a + Signature Algorithm: sha256WithRSAEncryption + Issuer: DC=org, DC=simple, O=Simple Inc, CN=Simple Root CA + Validity + Not Before: Oct 24 13:50:25 2025 GMT + Not After : Oct 24 13:50:25 2035 GMT + Subject: DC=org, DC=simple, O=Simple Inc, CN=Simple Signing CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:cd:57:70:66:95:5b:9e:c7:e0:8e:92:3c:8c:a5: + f2:c1:de:e5:2b:ed:96:f6:04:4c:62:1e:91:e8:b0: + 29:22:88:ff:7f:7f:af:25:92:f7:e9:ca:ce:3a:3a: + 59:7b:9a:68:ab:dd:27:87:15:8d:3c:e2:88:bf:28: + 68:14:d8:6a:9a:e0:60:1d:61:c4:c1:c4:1f:9b:10: + ea:d5:ee:ff:7a:97:93:d8:9d:fc:a3:92:ca:30:3f: + c8:fc:3f:6b:ac:db:ba:fd:22:70:3e:d0:38:14:b2: + b2:c4:6c:61:74:a0:ed:c7:6c:cf:e6:9d:df:aa:d8: + ef:3d:ac:5f:6b:93:a7:a7:4f:d4:28:b1:d5:e2:01: + 6e:e3:0f:34:39:58:6c:e7:e7:e8:68:92:da:5d:d1: + ef:c5:e5:7c:a7:28:2c:51:cd:d9:9d:1d:43:20:ad: + f1:76:20:94:20:e4:72:b4:ed:e4:77:c8:00:c1:19: + 86:be:50:95:01:97:40:58:dc:3b:f2:69:ac:d7:b3: + 4b:c2:39:31:bf:13:f9:a4:96:49:e8:dc:07:49:a4: + ab:20:0f:08:d1:45:a6:0a:57:bb:59:22:14:d9:bb: + bd:17:d2:3a:06:95:80:14:a4:69:cc:b3:84:65:3b: + bc:33:72:d5:45:0f:f4:90:50:4f:ac:57:81:2b:b0: + 6d:05 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + X509v3 Subject Key Identifier: + D7:7A:FE:65:8D:74:F3:F3:85:92:B5:F1:C3:55:3A:0B:6D:50:10:41 + X509v3 Authority Key Identifier: + DA:B2:3E:C6:6E:34:D2:0A:3C:FF:AC:A2:9D:17:24:A3:32:AB:DD:AB + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 59:0f:a8:fa:9b:a6:5b:34:8b:c4:ea:44:02:f8:3c:08:62:45: + d4:87:48:24:20:50:8f:40:ca:3a:64:0d:98:04:f7:3c:a9:4c: + ca:92:4a:56:40:9a:45:28:fd:7b:f3:6b:2b:f2:7d:a0:d6:24: + e1:51:24:e5:5b:f1:e1:c5:8f:f4:06:a8:4f:2b:c3:58:ad:a6: + f8:32:80:d6:de:ca:46:97:f2:0f:07:9b:06:55:7c:db:a2:bf: + 5c:1f:be:41:09:a8:34:c3:68:71:d2:dc:94:1a:63:24:2c:73: + 65:92:47:74:82:3e:ba:74:07:c3:06:14:13:25:81:de:8c:f7: + c5:61:ca:c4:90:93:14:9a:50:eb:a1:03:6b:b0:1d:ad:4f:9b: + b8:14:8e:ba:d0:4d:c2:71:bb:19:2a:c1:ed:0e:19:00:87:38: + fb:3f:df:53:bf:42:b5:1f:f6:3b:dc:82:b4:a2:40:37:b4:96: + 21:66:4a:f0:86:6b:3a:37:90:f0:2a:f6:94:70:3f:65:73:3c: + 30:0d:c1:41:5c:e1:33:cd:c1:1f:d6:16:8b:fe:34:01:af:05: + e6:df:fa:f3:55:31:ac:0d:5c:15:7e:a4:f9:0d:70:c6:d8:c2: + 40:e3:01:e3:59:af:86:35:fd:22:ce:cc:85:bb:dd:93:e9:7c: + e4:64:b3:14 +-----BEGIN CERTIFICATE----- +MIIDrTCCApWgAwIBAgIUcGZcHt0lIbClkImvk/NeeOXWhIowDQYJKoZIhvcNAQEL +BQAwWzETMBEGCgmSJomT8ixkARkWA29yZzEWMBQGCgmSJomT8ixkARkWBnNpbXBs +ZTETMBEGA1UECgwKU2ltcGxlIEluYzEXMBUGA1UEAwwOU2ltcGxlIFJvb3QgQ0Ew +HhcNMjUxMDI0MTM1MDI1WhcNMzUxMDI0MTM1MDI1WjBeMRMwEQYKCZImiZPyLGQB +GRYDb3JnMRYwFAYKCZImiZPyLGQBGRYGc2ltcGxlMRMwEQYDVQQKDApTaW1wbGUg +SW5jMRowGAYDVQQDDBFTaW1wbGUgU2lnbmluZyBDQTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAM1XcGaVW57H4I6SPIyl8sHe5SvtlvYETGIekeiwKSKI +/39/ryWS9+nKzjo6WXuaaKvdJ4cVjTziiL8oaBTYaprgYB1hxMHEH5sQ6tXu/3qX +k9id/KOSyjA/yPw/a6zbuv0icD7QOBSyssRsYXSg7cdsz+ad36rY7z2sX2uTp6dP +1Cix1eIBbuMPNDlYbOfn6GiS2l3R78XlfKcoLFHN2Z0dQyCt8XYglCDkcrTt5HfI +AMEZhr5QlQGXQFjcO/JprNezS8I5Mb8T+aSWSejcB0mkqyAPCNFFpgpXu1kiFNm7 +vRfSOgaVgBSkacyzhGU7vDNy1UUP9JBQT6xXgSuwbQUCAwEAAaNmMGQwDgYDVR0P +AQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFNd6/mWNdPPz +hZK18cNVOgttUBBBMB8GA1UdIwQYMBaAFNqyPsZuNNIKPP+sop0XJKMyq92rMA0G +CSqGSIb3DQEBCwUAA4IBAQBZD6j6m6ZbNIvE6kQC+DwIYkXUh0gkIFCPQMo6ZA2Y +BPc8qUzKkkpWQJpFKP1782sr8n2g1iThUSTlW/HhxY/0BqhPK8NYrab4MoDW3spG +l/IPB5sGVXzbor9cH75BCag0w2hx0tyUGmMkLHNlkkd0gj66dAfDBhQTJYHejPfF +YcrEkJMUmlDroQNrsB2tT5u4FI660E3CcbsZKsHtDhkAhzj7P99Tv0K1H/Y73IK0 +okA3tJYhZkrwhms6N5DwKvaUcD9lczwwDcFBXOEzzcEf1haL/jQBrwXm3/rzVTGs +DVwVfqT5DXDG2MJA4wHjWa+GNf0izsyFu92T6XzkZLMU +-----END CERTIFICATE----- diff --git a/ca/root-ca/db/root-ca.crl.srl b/ca/root-ca/db/root-ca.crl.srl new file mode 100644 index 0000000..8a0f05e --- /dev/null +++ b/ca/root-ca/db/root-ca.crl.srl @@ -0,0 +1 @@ +01 diff --git a/ca/root-ca/db/root-ca.crt.srl b/ca/root-ca/db/root-ca.crt.srl new file mode 100644 index 0000000..8a0f05e --- /dev/null +++ b/ca/root-ca/db/root-ca.crt.srl @@ -0,0 +1 @@ +01 diff --git a/ca/root-ca/db/root-ca.db b/ca/root-ca/db/root-ca.db new file mode 100644 index 0000000..24033a5 --- /dev/null +++ b/ca/root-ca/db/root-ca.db @@ -0,0 +1,2 @@ +V 351024134919Z 2A924BE5EB2B8BA5096D1DAF13A4B53D20830A2B unknown /DC=org/DC=simple/O=Simple Inc/CN=Simple Root CA +V 351024135025Z 70665C1EDD2521B0A59089AF93F35E78E5D6848A unknown /DC=org/DC=simple/O=Simple Inc/CN=Simple Signing CA diff --git a/ca/root-ca/db/root-ca.db.attr b/ca/root-ca/db/root-ca.db.attr new file mode 100644 index 0000000..3a7e39e --- /dev/null +++ b/ca/root-ca/db/root-ca.db.attr @@ -0,0 +1 @@ +unique_subject = no diff --git a/ca/root-ca/db/root-ca.db.attr.old b/ca/root-ca/db/root-ca.db.attr.old new file mode 100644 index 0000000..3a7e39e --- /dev/null +++ b/ca/root-ca/db/root-ca.db.attr.old @@ -0,0 +1 @@ +unique_subject = no diff --git a/ca/root-ca/db/root-ca.db.old b/ca/root-ca/db/root-ca.db.old new file mode 100644 index 0000000..4d02077 --- /dev/null +++ b/ca/root-ca/db/root-ca.db.old @@ -0,0 +1 @@ +V 351024134919Z 2A924BE5EB2B8BA5096D1DAF13A4B53D20830A2B unknown /DC=org/DC=simple/O=Simple Inc/CN=Simple Root CA diff --git a/ca/root-ca/private/root-ca.key b/ca/root-ca/private/root-ca.key new file mode 100644 index 0000000..cc4f66f --- /dev/null +++ b/ca/root-ca/private/root-ca.key @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQPz6DyCEMMiTsB8O8 +XBs3VQICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEKK5iLhWYyPvGkZZ +uzBeGBsEggTQxjNhLLlc6fNUJUhO2A0xiWPtMefCEOcOKSq+n9EtmvzIEkgUptKG +Z2cIJ054BVHBezOf4fF9jRqjKaOTkF0JUHAYjSGHL1UxgdNWSVTpaodDz4iKsXRC +9BtOaEza2s3Z2Ffp6/h7cU5xig76L0dRRkEpOTi6e5Ta4vWnO0S/hfwUBs/Ymhf2 +qob5BL/8GWOdNdlgVcgZ7aEjsYg32MQbXQsjNuUMa8/P/GTv6xKUGV1H+9kDHg8e +42Q84lNnVmFcNERwbH25ELvHyCBeZFMSHqeQ2NIP7LuPdLUHnMed86eQVBHWTvmd +Kn8kU90cdqvCdHlyKEK7b2QXWz5mhoE6ijXmJxz7sqOXBRljpOIJBwBUoEb20huZ +ajSDRAVqJbwHp9VRSx7bWwY11RcpBV8O8K0Z3axaQqJnZsunHqH7g7PbwMDxrZ17 +QCptadkDBE24HMOY2qi2/q9fzjTUC/O2fCO82dtiRDeyYm4hTX1E/BR99N17Btxm ++nSkhTSZYbk/7i1Rut3Oa/p36P93dYgXZUTSv0moduGcGYpiXyLSpnTY0vqmn77z +hG7JaTlD7Zh0lM7LsEUTeKMyXGKs/zaY+ZOAzuLpkf/SaCfiZWiUnzPI+QEjz8Bi +8POHYQvyCV6ojpn74+L/nw7zMGxMfJQ6gifG9dXg3rtttNs0DFbx4KtKdGPXMAiZ +96s/odx2VhU7AAVs2NF4JQj0xmIbbZiTVG/PfUcU27goM6Q2YYM3CCqg4LXNRVIp +Eam6iEWKyHD3QfRl4teKyt7OcQnHU6OH8usmUlLn9cSWmr503GTjrwUeyskzTndZ +DYNPHNpcbHNp9y7Y9W208JFh4WseM60tP2Wv7owBj71DlIVe2OKUnYbcb3GgC0xH +izFVoq5SdhoFsb+moQqOc0GXwXCW6ilUvy2W4ubZnWiZbI3rsj4P+6ZDFOUHeiu7 +nLkFNbxwoXQFr19Coi5+rqRQztgJVOTBd4nYd3lnBeZVk0goIN09giWk6LL55aG3 +usLDYX0uwT8PfRMj7BPZtVgZOxxhj17bORkhIkDxzvam0gX9oJsQFcqqKeulaJAT +EneM9UGJJvHHC1h0e8A7CzHjZtqMxm81W2iSNfe4z4qiTFMEln5DU3jA5yz2g5C/ +yrPVyXiZ0XeJLxJtkanmeYphInwjARhaJNdridcYH+sWzs5gLgOGc+hKZf7Mszrq +A7ZpHKA8cVxHeMLCW03wi4m3ENGPjvciZALMabu+2TSLSS6qGCD9zZJgKgNaf1BN +sfj/tNx0+pJfJGmMPKV8thqGGyCEIVCj6zp3D0zhGWR3JqYrnOItqi8yOhJe1ArV +KJQSMffByKkxyVYk1FTmJZ9/pxQDgc2lndfoqf75+aZ2RBr6f25j/vHvDzRsgIJy +BAzZLO8FyPysudjbLgaHnOMAA+wZTqm8DReJ50kC4a3I/FOONWrk7NHVqpLRN25l +OuysFQ2t/dysBmK0VOAJmK7WzO34mVN+qnvNymp4307UR03nL7N3YI5SSj86oS5/ +TVqZLXHsoK6fMwSqPv9pHSsjyohj6FdTo0zo9an5skfrThfltO7gArJ+GDxjEGxc +TYliT6kENDeDZE7CZaR0+dN8SmSAwAX7g74z8UZsfi+ho+OUGGX/oq0= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/ca/signing-ca.crt b/ca/signing-ca.crt new file mode 100644 index 0000000..15d6aa9 --- /dev/null +++ b/ca/signing-ca.crt @@ -0,0 +1,82 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 70:66:5c:1e:dd:25:21:b0:a5:90:89:af:93:f3:5e:78:e5:d6:84:8a + Signature Algorithm: sha256WithRSAEncryption + Issuer: DC=org, DC=simple, O=Simple Inc, CN=Simple Root CA + Validity + Not Before: Oct 24 13:50:25 2025 GMT + Not After : Oct 24 13:50:25 2035 GMT + Subject: DC=org, DC=simple, O=Simple Inc, CN=Simple Signing CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:cd:57:70:66:95:5b:9e:c7:e0:8e:92:3c:8c:a5: + f2:c1:de:e5:2b:ed:96:f6:04:4c:62:1e:91:e8:b0: + 29:22:88:ff:7f:7f:af:25:92:f7:e9:ca:ce:3a:3a: + 59:7b:9a:68:ab:dd:27:87:15:8d:3c:e2:88:bf:28: + 68:14:d8:6a:9a:e0:60:1d:61:c4:c1:c4:1f:9b:10: + ea:d5:ee:ff:7a:97:93:d8:9d:fc:a3:92:ca:30:3f: + c8:fc:3f:6b:ac:db:ba:fd:22:70:3e:d0:38:14:b2: + b2:c4:6c:61:74:a0:ed:c7:6c:cf:e6:9d:df:aa:d8: + ef:3d:ac:5f:6b:93:a7:a7:4f:d4:28:b1:d5:e2:01: + 6e:e3:0f:34:39:58:6c:e7:e7:e8:68:92:da:5d:d1: + ef:c5:e5:7c:a7:28:2c:51:cd:d9:9d:1d:43:20:ad: + f1:76:20:94:20:e4:72:b4:ed:e4:77:c8:00:c1:19: + 86:be:50:95:01:97:40:58:dc:3b:f2:69:ac:d7:b3: + 4b:c2:39:31:bf:13:f9:a4:96:49:e8:dc:07:49:a4: + ab:20:0f:08:d1:45:a6:0a:57:bb:59:22:14:d9:bb: + bd:17:d2:3a:06:95:80:14:a4:69:cc:b3:84:65:3b: + bc:33:72:d5:45:0f:f4:90:50:4f:ac:57:81:2b:b0: + 6d:05 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + X509v3 Subject Key Identifier: + D7:7A:FE:65:8D:74:F3:F3:85:92:B5:F1:C3:55:3A:0B:6D:50:10:41 + X509v3 Authority Key Identifier: + DA:B2:3E:C6:6E:34:D2:0A:3C:FF:AC:A2:9D:17:24:A3:32:AB:DD:AB + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 59:0f:a8:fa:9b:a6:5b:34:8b:c4:ea:44:02:f8:3c:08:62:45: + d4:87:48:24:20:50:8f:40:ca:3a:64:0d:98:04:f7:3c:a9:4c: + ca:92:4a:56:40:9a:45:28:fd:7b:f3:6b:2b:f2:7d:a0:d6:24: + e1:51:24:e5:5b:f1:e1:c5:8f:f4:06:a8:4f:2b:c3:58:ad:a6: + f8:32:80:d6:de:ca:46:97:f2:0f:07:9b:06:55:7c:db:a2:bf: + 5c:1f:be:41:09:a8:34:c3:68:71:d2:dc:94:1a:63:24:2c:73: + 65:92:47:74:82:3e:ba:74:07:c3:06:14:13:25:81:de:8c:f7: + c5:61:ca:c4:90:93:14:9a:50:eb:a1:03:6b:b0:1d:ad:4f:9b: + b8:14:8e:ba:d0:4d:c2:71:bb:19:2a:c1:ed:0e:19:00:87:38: + fb:3f:df:53:bf:42:b5:1f:f6:3b:dc:82:b4:a2:40:37:b4:96: + 21:66:4a:f0:86:6b:3a:37:90:f0:2a:f6:94:70:3f:65:73:3c: + 30:0d:c1:41:5c:e1:33:cd:c1:1f:d6:16:8b:fe:34:01:af:05: + e6:df:fa:f3:55:31:ac:0d:5c:15:7e:a4:f9:0d:70:c6:d8:c2: + 40:e3:01:e3:59:af:86:35:fd:22:ce:cc:85:bb:dd:93:e9:7c: + e4:64:b3:14 +-----BEGIN CERTIFICATE----- +MIIDrTCCApWgAwIBAgIUcGZcHt0lIbClkImvk/NeeOXWhIowDQYJKoZIhvcNAQEL +BQAwWzETMBEGCgmSJomT8ixkARkWA29yZzEWMBQGCgmSJomT8ixkARkWBnNpbXBs +ZTETMBEGA1UECgwKU2ltcGxlIEluYzEXMBUGA1UEAwwOU2ltcGxlIFJvb3QgQ0Ew +HhcNMjUxMDI0MTM1MDI1WhcNMzUxMDI0MTM1MDI1WjBeMRMwEQYKCZImiZPyLGQB +GRYDb3JnMRYwFAYKCZImiZPyLGQBGRYGc2ltcGxlMRMwEQYDVQQKDApTaW1wbGUg +SW5jMRowGAYDVQQDDBFTaW1wbGUgU2lnbmluZyBDQTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAM1XcGaVW57H4I6SPIyl8sHe5SvtlvYETGIekeiwKSKI +/39/ryWS9+nKzjo6WXuaaKvdJ4cVjTziiL8oaBTYaprgYB1hxMHEH5sQ6tXu/3qX +k9id/KOSyjA/yPw/a6zbuv0icD7QOBSyssRsYXSg7cdsz+ad36rY7z2sX2uTp6dP +1Cix1eIBbuMPNDlYbOfn6GiS2l3R78XlfKcoLFHN2Z0dQyCt8XYglCDkcrTt5HfI +AMEZhr5QlQGXQFjcO/JprNezS8I5Mb8T+aSWSejcB0mkqyAPCNFFpgpXu1kiFNm7 +vRfSOgaVgBSkacyzhGU7vDNy1UUP9JBQT6xXgSuwbQUCAwEAAaNmMGQwDgYDVR0P +AQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFNd6/mWNdPPz +hZK18cNVOgttUBBBMB8GA1UdIwQYMBaAFNqyPsZuNNIKPP+sop0XJKMyq92rMA0G +CSqGSIb3DQEBCwUAA4IBAQBZD6j6m6ZbNIvE6kQC+DwIYkXUh0gkIFCPQMo6ZA2Y +BPc8qUzKkkpWQJpFKP1782sr8n2g1iThUSTlW/HhxY/0BqhPK8NYrab4MoDW3spG +l/IPB5sGVXzbor9cH75BCag0w2hx0tyUGmMkLHNlkkd0gj66dAfDBhQTJYHejPfF +YcrEkJMUmlDroQNrsB2tT5u4FI660E3CcbsZKsHtDhkAhzj7P99Tv0K1H/Y73IK0 +okA3tJYhZkrwhms6N5DwKvaUcD9lczwwDcFBXOEzzcEf1haL/jQBrwXm3/rzVTGs +DVwVfqT5DXDG2MJA4wHjWa+GNf0izsyFu92T6XzkZLMU +-----END CERTIFICATE----- diff --git a/ca/signing-ca.csr b/ca/signing-ca.csr new file mode 100644 index 0000000..f9286be --- /dev/null +++ b/ca/signing-ca.csr @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIC9zCCAd8CAQAwXjETMBEGCgmSJomT8ixkARkWA29yZzEWMBQGCgmSJomT8ixk +ARkWBnNpbXBsZTETMBEGA1UECgwKU2ltcGxlIEluYzEaMBgGA1UEAwwRU2ltcGxl +IFNpZ25pbmcgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNV3Bm +lVuex+COkjyMpfLB3uUr7Zb2BExiHpHosCkiiP9/f68lkvfpys46Oll7mmir3SeH +FY084oi/KGgU2Gqa4GAdYcTBxB+bEOrV7v96l5PYnfyjksowP8j8P2us27r9InA+ +0DgUsrLEbGF0oO3HbM/mnd+q2O89rF9rk6enT9QosdXiAW7jDzQ5WGzn5+hoktpd +0e/F5XynKCxRzdmdHUMgrfF2IJQg5HK07eR3yADBGYa+UJUBl0BY3DvyaazXs0vC +OTG/E/mklkno3AdJpKsgDwjRRaYKV7tZIhTZu70X0joGlYAUpGnMs4RlO7wzctVF +D/SQUE+sV4ErsG0FAgMBAAGgVDBSBgkqhkiG9w0BCQ4xRTBDMA4GA1UdDwEB/wQE +AwIBBjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBTXev5ljXTz84WStfHD +VToLbVAQQTANBgkqhkiG9w0BAQsFAAOCAQEAei+n50sS+liBhNZlR2Vz9TwFpGm5 +qrqu8RYDQjqLMHD1wHglhvB692dr+dNzPbtmfY6CGYgglsSJ+UzBbJxNxCfhG3cZ +Hkum9cj1u02KqDGtyk+HPyzXoaYtj8Cg3QOwiS80Jc143asjeDXGx3DL759A+ya9 +doZiG6qpm7jpje9MvX9WUJ0xJW58NLTROTc7EmyWA4Dg/UJOWGYzCU3zrJRhW1sl +iQJlQoUFx2r1SkEQOKmWYpLByvTzxNI1MjOov4ri2L1WQpkPj0JnJhJWuqg9w/JU +zhttK428M4Hccn58Ny0xlO1vx9+TBlKhTPscdJDiVPoOmHU3ikrZZPAfZA== +-----END CERTIFICATE REQUEST----- diff --git a/ca/signing-ca/2C3928739ADF6A4B59724A907A463AF46DE9C119.pem b/ca/signing-ca/2C3928739ADF6A4B59724A907A463AF46DE9C119.pem new file mode 100644 index 0000000..4949aae --- /dev/null +++ b/ca/signing-ca/2C3928739ADF6A4B59724A907A463AF46DE9C119.pem @@ -0,0 +1,87 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2c:39:28:73:9a:df:6a:4b:59:72:4a:90:7a:46:3a:f4:6d:e9:c1:19 + Signature Algorithm: sha256WithRSAEncryption + Issuer: DC=org, DC=simple, O=Simple Inc, CN=Simple Signing CA + Validity + Not Before: Oct 24 13:52:07 2025 GMT + Not After : Oct 24 13:52:07 2027 GMT + Subject: DC=org, DC=simple, O=Simple Inc, CN=Simple + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:8f:16:6d:2c:43:29:37:e4:d8:a3:6e:0c:e9:11: + 63:f5:a5:b1:2c:bc:a1:2a:c8:43:66:04:0f:a0:c9: + 8e:d8:62:dd:29:33:2e:b8:35:21:1f:58:52:3b:f2: + 52:ad:87:de:7e:e5:e0:65:28:f5:8f:74:93:e2:bd: + 6c:59:4f:30:9f:27:f9:7a:9a:9b:f6:17:07:37:cf: + 79:d7:12:40:0a:3d:70:26:27:20:73:e9:a6:4e:98: + e5:ff:d7:e1:69:ff:dd:79:50:79:b7:2b:d2:b7:7a: + fb:18:0d:d5:c5:3a:20:3b:1e:f2:03:b3:8d:cf:7d: + 42:8d:86:cf:33:48:01:e2:0f:4e:4e:c1:d3:58:e0: + d7:58:34:0e:a5:4f:3f:48:71:93:14:d0:70:9a:f0: + 7d:ff:ad:b0:25:a2:de:25:e4:4c:b0:0c:0e:a8:3c: + c6:cb:52:20:e6:c8:3e:09:05:b9:8b:bf:03:0c:6f: + c0:19:4e:6e:c1:13:1c:3b:1a:2e:9c:4a:c2:b7:10: + b1:78:87:1b:31:11:3a:42:72:72:53:d2:7a:b9:74: + 54:0f:0d:32:eb:3e:a1:ee:4d:8e:61:aa:0c:8f:0e: + bb:58:9f:f0:27:99:bc:d1:cb:13:14:0b:15:36:4e: + 97:d4:01:08:6c:05:55:ca:78:8d:90:f7:09:f1:6e: + 94:81 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Basic Constraints: + CA:FALSE + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Key Identifier: + 83:0D:B5:A2:0F:97:28:E1:3E:78:9D:18:6F:1F:9F:BC:B9:FB:85:56 + X509v3 Authority Key Identifier: + D7:7A:FE:65:8D:74:F3:F3:85:92:B5:F1:C3:55:3A:0B:6D:50:10:41 + X509v3 Subject Alternative Name: + DNS:www.simple.org + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 86:70:a9:51:a3:52:d6:f5:8d:bb:c3:ef:40:a4:5d:42:9e:b7: + 46:e4:ca:1a:4c:86:ec:20:25:5d:b5:52:ea:0f:63:f2:fd:77: + d5:8c:1d:9b:3d:c0:3f:a5:09:6c:b8:75:1d:f8:1c:47:2d:7a: + d6:4d:57:06:0d:8e:f4:c7:ef:07:59:5d:38:ed:e4:51:a1:c4: + 30:9a:1f:7d:4a:87:ff:06:2f:98:fb:e2:cf:db:7f:f7:ec:bd: + b2:13:11:02:73:11:7a:89:f5:90:79:7f:03:df:01:7b:3e:af: + 4e:92:d5:93:c6:8d:63:dd:3e:4f:ff:ca:6e:70:8c:4a:53:19: + 52:75:22:1b:ab:37:a4:6a:03:aa:0f:48:a6:9c:6f:a3:47:cf: + 0d:1a:ff:89:30:44:00:39:02:85:df:ef:4b:e5:64:64:5b:f4: + 64:23:9e:d3:07:c0:00:3f:e4:18:f1:58:a6:52:a2:3d:ba:0f: + b6:39:6a:6a:fa:6b:50:4f:0f:79:1a:23:c2:03:df:66:8e:9e: + e7:e1:d9:97:51:b7:b2:ef:2d:25:27:6b:87:9e:ac:5b:4e:78: + bb:39:05:68:9a:7e:6e:66:82:b9:3e:30:be:dd:7a:34:9f:93: + 2a:30:bc:bf:b2:44:e8:37:01:df:d4:c7:c9:a7:8d:19:f0:a1: + f1:a1:b0:42 +-----BEGIN CERTIFICATE----- +MIID2DCCAsCgAwIBAgIULDkoc5rfaktZckqQekY69G3pwRkwDQYJKoZIhvcNAQEL +BQAwXjETMBEGCgmSJomT8ixkARkWA29yZzEWMBQGCgmSJomT8ixkARkWBnNpbXBs +ZTETMBEGA1UECgwKU2ltcGxlIEluYzEaMBgGA1UEAwwRU2ltcGxlIFNpZ25pbmcg +Q0EwHhcNMjUxMDI0MTM1MjA3WhcNMjcxMDI0MTM1MjA3WjBTMRMwEQYKCZImiZPy +LGQBGRYDb3JnMRYwFAYKCZImiZPyLGQBGRYGc2ltcGxlMRMwEQYDVQQKDApTaW1w +bGUgSW5jMQ8wDQYDVQQDDAZTaW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQCPFm0sQyk35NijbgzpEWP1pbEsvKEqyENmBA+gyY7YYt0pMy64NSEf +WFI78lKth95+5eBlKPWPdJPivWxZTzCfJ/l6mpv2Fwc3z3nXEkAKPXAmJyBz6aZO +mOX/1+Fp/915UHm3K9K3evsYDdXFOiA7HvIDs43PfUKNhs8zSAHiD05OwdNY4NdY +NA6lTz9IcZMU0HCa8H3/rbAlot4l5EywDA6oPMbLUiDmyD4JBbmLvwMMb8AZTm7B +Exw7Gi6cSsK3ELF4hxsxETpCcnJT0nq5dFQPDTLrPqHuTY5hqgyPDrtYn/AnmbzR +yxMUCxU2TpfUAQhsBVXKeI2Q9wnxbpSBAgMBAAGjgZgwgZUwDgYDVR0PAQH/BAQD +AgWgMAkGA1UdEwQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0G +A1UdDgQWBBSDDbWiD5co4T54nRhvH5+8ufuFVjAfBgNVHSMEGDAWgBTXev5ljXTz +84WStfHDVToLbVAQQTAZBgNVHREEEjAQgg53d3cuc2ltcGxlLm9yZzANBgkqhkiG +9w0BAQsFAAOCAQEAhnCpUaNS1vWNu8PvQKRdQp63RuTKGkyG7CAlXbVS6g9j8v13 +1Ywdmz3AP6UJbLh1HfgcRy161k1XBg2O9MfvB1ldOO3kUaHEMJoffUqH/wYvmPvi +z9t/9+y9shMRAnMReon1kHl/A98Bez6vTpLVk8aNY90+T//KbnCMSlMZUnUiG6s3 +pGoDqg9Ippxvo0fPDRr/iTBEADkChd/vS+VkZFv0ZCOe0wfAAD/kGPFYplKiPboP +tjlqavprUE8PeRojwgPfZo6e5+HZl1G3su8tJSdrh56sW054uzkFaJp+bmaCuT4w +vt16NJ+TKjC8v7JE6DcB39THyaeNGfCh8aGwQg== +-----END CERTIFICATE----- diff --git a/ca/signing-ca/4B0890E47F3A4BDA3113B7019392EC4EEC3C6FC5.pem b/ca/signing-ca/4B0890E47F3A4BDA3113B7019392EC4EEC3C6FC5.pem new file mode 100644 index 0000000..5aec4fd --- /dev/null +++ b/ca/signing-ca/4B0890E47F3A4BDA3113B7019392EC4EEC3C6FC5.pem @@ -0,0 +1,88 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 4b:08:90:e4:7f:3a:4b:da:31:13:b7:01:93:92:ec:4e:ec:3c:6f:c5 + Signature Algorithm: sha256WithRSAEncryption + Issuer: DC=org, DC=simple, O=Simple Inc, CN=Simple Signing CA + Validity + Not Before: Oct 24 14:05:59 2025 GMT + Not After : Oct 24 14:05:59 2027 GMT + Subject: C=FR, ST=Paris, L=Paris, O=LoLiLoL, CN=Barney/emailAddress=Barney@lolilol.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c7:d5:79:79:f5:b3:d5:48:b1:bc:25:53:4c:6b: + 1e:21:d7:76:25:f5:9e:0d:c9:e6:9d:8b:2e:cf:e6: + af:1d:92:34:72:5a:a3:bd:6c:4b:40:83:f3:3e:22: + 57:70:a1:23:47:ee:03:54:bf:50:e4:e2:fb:03:94: + e6:2f:2a:50:28:10:9d:73:90:66:dc:bc:24:c6:96: + 44:2b:f7:b8:e0:e5:c0:40:10:9e:6a:fc:36:0e:ea: + 67:7f:7e:47:0a:d5:b4:e5:b7:64:ea:09:fd:fa:32: + cc:c3:0e:1f:2a:1e:af:07:e5:03:32:49:43:ab:3d: + d4:f5:58:e3:c7:59:76:70:04:9c:0a:ca:12:75:29: + 80:a8:7a:e5:3e:ed:99:34:de:24:53:69:15:e1:b4: + 72:11:0f:1f:c8:2d:fe:65:5d:85:31:5f:ed:d5:33: + 11:6d:28:e8:92:5b:c4:d4:90:43:b3:3f:9a:cf:28: + 3a:10:5e:8c:bc:92:fe:d2:79:dd:d3:2d:44:68:be: + ff:98:81:07:d0:a8:2c:ad:f2:a8:14:5e:41:4b:f4: + fb:08:e9:c4:b8:0f:e2:48:de:d3:f9:c9:b2:4d:e1: + 07:09:74:85:61:4f:8c:5b:9c:46:fb:43:7e:c1:35: + 7d:63:55:86:07:1e:c3:b7:12:7c:31:ff:ca:28:c6: + 13:5f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature + X509v3 Basic Constraints: + CA:FALSE + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Subject Key Identifier: + DD:19:55:95:C5:A8:26:A8:A5:BD:B1:26:2A:BE:F0:03:72:68:FB:89 + X509v3 Authority Key Identifier: + D7:7A:FE:65:8D:74:F3:F3:85:92:B5:F1:C3:55:3A:0B:6D:50:10:41 + X509v3 Subject Alternative Name: + email:Barney@lolilol.com + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 02:5b:88:3a:ef:ac:25:64:39:e4:30:62:62:b2:f6:70:66:75: + 5e:7d:7c:c7:4f:a2:74:d1:f0:66:eb:b0:87:f3:59:d2:83:be: + 66:f8:9a:bf:15:68:9f:ad:13:4d:db:a3:7d:09:e6:f8:2b:a0: + 8a:e7:37:2c:b7:94:32:5c:4b:3b:98:2d:b4:aa:20:c1:64:34: + 51:c3:3e:40:ab:b6:f2:d1:dd:fc:e3:a2:bd:40:2a:50:fc:e5: + 68:28:4f:07:90:6e:d2:3d:65:0d:bc:db:01:dd:fb:0d:39:c8: + 1d:a8:75:53:4c:7d:cc:0f:ea:68:f9:7b:cb:22:56:41:3a:37: + f2:5b:1d:54:8e:59:a8:62:dd:43:f6:33:78:c4:81:75:c4:74: + 96:2f:dd:13:14:cb:d6:b6:18:3e:60:41:6c:af:56:e8:9b:15: + d1:87:83:94:56:21:f2:0d:c9:d1:67:7e:d8:01:a6:dd:a8:eb: + dd:5e:b2:38:dc:36:b6:0a:c4:bb:13:04:69:f4:59:55:1e:9c: + 20:70:c9:aa:38:f1:a3:7f:a5:2b:f6:3d:f4:f4:05:ef:46:3d: + 93:73:04:c3:4e:de:de:4c:4d:f9:92:ec:67:16:c3:04:8d:c1: + 87:5d:a7:c7:25:40:7c:5e:93:76:97:74:b7:3f:1f:cd:78:fd: + 4e:d2:bc:11 +-----BEGIN CERTIFICATE----- +MIID8jCCAtqgAwIBAgIUSwiQ5H86S9oxE7cBk5LsTuw8b8UwDQYJKoZIhvcNAQEL +BQAwXjETMBEGCgmSJomT8ixkARkWA29yZzEWMBQGCgmSJomT8ixkARkWBnNpbXBs +ZTETMBEGA1UECgwKU2ltcGxlIEluYzEaMBgGA1UEAwwRU2ltcGxlIFNpZ25pbmcg +Q0EwHhcNMjUxMDI0MTQwNTU5WhcNMjcxMDI0MTQwNTU5WjBzMQswCQYDVQQGEwJG +UjEOMAwGA1UECAwFUGFyaXMxDjAMBgNVBAcMBVBhcmlzMRAwDgYDVQQKDAdMb0xp +TG9MMQ8wDQYDVQQDDAZCYXJuZXkxITAfBgkqhkiG9w0BCQEWEkJhcm5leUBsb2xp +bG9sLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfVeXn1s9VI +sbwlU0xrHiHXdiX1ng3J5p2LLs/mrx2SNHJao71sS0CD8z4iV3ChI0fuA1S/UOTi ++wOU5i8qUCgQnXOQZty8JMaWRCv3uODlwEAQnmr8Ng7qZ39+RwrVtOW3ZOoJ/foy +zMMOHyoerwflAzJJQ6s91PVY48dZdnAEnArKEnUpgKh65T7tmTTeJFNpFeG0chEP +H8gt/mVdhTFf7dUzEW0o6JJbxNSQQ7M/ms8oOhBejLyS/tJ53dMtRGi+/5iBB9Co +LK3yqBReQUv0+wjpxLgP4kje0/nJsk3hBwl0hWFPjFucRvtDfsE1fWNVhgcew7cS +fDH/yijGE18CAwEAAaOBkjCBjzAOBgNVHQ8BAf8EBAMCB4AwCQYDVR0TBAIwADAT +BgNVHSUEDDAKBggrBgEFBQcDAjAdBgNVHQ4EFgQU3RlVlcWoJqilvbEmKr7wA3Jo ++4kwHwYDVR0jBBgwFoAU13r+ZY108/OFkrXxw1U6C21QEEEwHQYDVR0RBBYwFIES +QmFybmV5QGxvbGlsb2wuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQACW4g676wlZDnk +MGJisvZwZnVefXzHT6J00fBm67CH81nSg75m+Jq/FWifrRNN26N9Ceb4K6CK5zcs +t5QyXEs7mC20qiDBZDRRwz5Aq7by0d3846K9QCpQ/OVoKE8HkG7SPWUNvNsB3fsN +OcgdqHVTTH3MD+po+XvLIlZBOjfyWx1UjlmoYt1D9jN4xIF1xHSWL90TFMvWthg+ +YEFsr1bomxXRh4OUViHyDcnRZ37YAabdqOvdXrI43Da2CsS7EwRp9FlVHpwgcMmq +OPGjf6Ur9j309AXvRj2TcwTDTt7eTE35kuxnFsMEjcGHXafHJUB8XpN2l3S3Px/N +eP1O0rwR +-----END CERTIFICATE----- diff --git a/ca/signing-ca/db/signing-ca.crl.srl b/ca/signing-ca/db/signing-ca.crl.srl new file mode 100644 index 0000000..8a0f05e --- /dev/null +++ b/ca/signing-ca/db/signing-ca.crl.srl @@ -0,0 +1 @@ +01 diff --git a/ca/signing-ca/db/signing-ca.crt.srl b/ca/signing-ca/db/signing-ca.crt.srl new file mode 100644 index 0000000..8a0f05e --- /dev/null +++ b/ca/signing-ca/db/signing-ca.crt.srl @@ -0,0 +1 @@ +01 diff --git a/ca/signing-ca/db/signing-ca.db b/ca/signing-ca/db/signing-ca.db new file mode 100644 index 0000000..42e45ad --- /dev/null +++ b/ca/signing-ca/db/signing-ca.db @@ -0,0 +1,2 @@ +V 271024135207Z 2C3928739ADF6A4B59724A907A463AF46DE9C119 unknown /DC=org/DC=simple/O=Simple Inc/CN=Simple +V 271024140559Z 4B0890E47F3A4BDA3113B7019392EC4EEC3C6FC5 unknown /C=FR/ST=Paris/L=Paris/O=LoLiLoL/CN=Barney/emailAddress=Barney@lolilol.com diff --git a/ca/signing-ca/db/signing-ca.db.attr b/ca/signing-ca/db/signing-ca.db.attr new file mode 100644 index 0000000..3a7e39e --- /dev/null +++ b/ca/signing-ca/db/signing-ca.db.attr @@ -0,0 +1 @@ +unique_subject = no diff --git a/ca/signing-ca/db/signing-ca.db.attr.old b/ca/signing-ca/db/signing-ca.db.attr.old new file mode 100644 index 0000000..3a7e39e --- /dev/null +++ b/ca/signing-ca/db/signing-ca.db.attr.old @@ -0,0 +1 @@ +unique_subject = no diff --git a/ca/signing-ca/db/signing-ca.db.old b/ca/signing-ca/db/signing-ca.db.old new file mode 100644 index 0000000..6be3050 --- /dev/null +++ b/ca/signing-ca/db/signing-ca.db.old @@ -0,0 +1 @@ +V 271024135207Z 2C3928739ADF6A4B59724A907A463AF46DE9C119 unknown /DC=org/DC=simple/O=Simple Inc/CN=Simple diff --git a/ca/signing-ca/private/signing-ca.key b/ca/signing-ca/private/signing-ca.key new file mode 100644 index 0000000..c11a323 --- /dev/null +++ b/ca/signing-ca/private/signing-ca.key @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQ1bbvoC4QJNqOKxCH +oSXIQAICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEIoL3gD6+ksCQQMc +mUKsCRUEggTQtzrwva2nTG9OFOpMgMnJn+95A4Px3iCgAH+PLb+xtwJ7NCWKhpAM +2Gj7ezSTrhwf99CjYhhiYcuGUcigG6XkW8fcgjSSQ9vnywebG5GbmndV4FgY+cty +lzhz1SWvV2IwW3M1XtGH6MOb8RI2s3bp9RgvUduN81VJKhISBl7o0K/X6CyhkiDq +TTkaRAwTxej4ZZDxjJ2mo2HFnFX9FGFQUbnE/IAwsAb3+c0xKXo3Fj+y/RICexLD +zMGKbsUhzw4k53oZEBeHKB+31XrrvN8Dzxj3KL8ywHliZnQaAZs61ELcPQuDYl4B +XJwp2WyEV39VQmvTW2ECcMIP9fE5M3ivRDGvA1O4gGjmHAkotH3i6OvW56kYMCVQ +zFZhelI6+aD97741Chio5x2gSPtvdfsvIr4avj7BxFOUscC2mrGvDhLWUOM78Xd9 +X2y9ZzdUrZ/NXdmnj3e4Fd/T9XH6INt3XU6Jdt49AoW+RUA3uKZAZhLiapoIAdeE +FAIQMWlnBZFqZNql0hyJi5UJ4ccW+0+5I8AHg/eJbrHnDS39zZOKP+I3JIf/+2q+ +C4MmLKDa9nXvRYD7dpxOGyOwvDAtYmTLAZaYYHxX7qjT5E49eluzsR/lt880ROZY +LPxb5eOV8IvJ9d/ONXHCIOAoDqGI/c38o8/qO0WH2+EFSdvKoTs7GX5Tni8YaUGy +vlES9tOtU5kfCE4IzToFHWJkMTQVg5AkFxrpBZPelu4+ogCWyzCeoBfdywPGVHQk +M/BX5JaI66PIBUuc6nVmpEDlCRNy1hipivgD9A3VkpKwLkqQlXHA91N8NrOdbESG +2CQxltg1g93RxdQBhUcp+SJ0iliqTGFBxvdfjmDjd9TLSsYLOTHvVpCqDwvbJ7nN +paSeYOxkZ1mGHYpCvavRY0dtXZyFliwQO8wPPccav4DtsbyDKMG57GSmW3PdNIUN +hD6w4aM/VOgVdBjm+Euu6yTcTcR591mriVe9Y7Ph3pBB9a6CrASdvNPMaoSXCAT3 +Tjtgj+0xLksWS6GWgyTEOjw8xy5/yKF5bVJpd8ocj2Dm1bnWgzmqgC8ThRc8Hv7w +ZWL9eVLUht3A+XKAiIKqOjGDK7tBOJAQ7bxfiyfLsovmRWb8aRfZpFOpRRG3Iw/V +fxWjrx1khk4RXP+lt02zIugiW4N861s2HjiNzAiPLDpTxkjpcPYUZ11EFa8SH2IG +acGcdQzkTf1ZVKaP9UeGdX7eSHWDb+xOvH1ADT++NAKM2WDYdCBGuTkB2Au1kV09 +nXOb/EgXwsDVJtBwxRTYiw7obIDIrUdXMH6DWrRFQKMWzwviimoJfwL2nfEhmoiM +qe9FMHF/x7+wNuzsPOAtBpBqfovx5sqW4Ic78J3+anulRX3TaslVLvCDDc6LnDQv +k9QhE3oYFlDdZTsSGcmvOwB8vVBErZGkDbirS34ex3N1FXmwtEk3yj18Clvus+ce ++B22sRbsdkbt9jw2vxKEhjmkB2xzuvYHgLVKOuGVXtBVO6CbKMcFCQyTd/0TMAPn +SoD0QxqkvEcxCY/KUaGad+rs1H9e3dsPhlPYKvKa5E2FS1sKTSYoj9+t1Kzm0fw3 +BJsGozL1SDNBhzCDYdE2XG7B1nb1BZxz7snlus0WUb3IEMPGp53aCyk= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/certs/barney.crt b/certs/barney.crt new file mode 100644 index 0000000..5aec4fd --- /dev/null +++ b/certs/barney.crt @@ -0,0 +1,88 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 4b:08:90:e4:7f:3a:4b:da:31:13:b7:01:93:92:ec:4e:ec:3c:6f:c5 + Signature Algorithm: sha256WithRSAEncryption + Issuer: DC=org, DC=simple, O=Simple Inc, CN=Simple Signing CA + Validity + Not Before: Oct 24 14:05:59 2025 GMT + Not After : Oct 24 14:05:59 2027 GMT + Subject: C=FR, ST=Paris, L=Paris, O=LoLiLoL, CN=Barney/emailAddress=Barney@lolilol.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c7:d5:79:79:f5:b3:d5:48:b1:bc:25:53:4c:6b: + 1e:21:d7:76:25:f5:9e:0d:c9:e6:9d:8b:2e:cf:e6: + af:1d:92:34:72:5a:a3:bd:6c:4b:40:83:f3:3e:22: + 57:70:a1:23:47:ee:03:54:bf:50:e4:e2:fb:03:94: + e6:2f:2a:50:28:10:9d:73:90:66:dc:bc:24:c6:96: + 44:2b:f7:b8:e0:e5:c0:40:10:9e:6a:fc:36:0e:ea: + 67:7f:7e:47:0a:d5:b4:e5:b7:64:ea:09:fd:fa:32: + cc:c3:0e:1f:2a:1e:af:07:e5:03:32:49:43:ab:3d: + d4:f5:58:e3:c7:59:76:70:04:9c:0a:ca:12:75:29: + 80:a8:7a:e5:3e:ed:99:34:de:24:53:69:15:e1:b4: + 72:11:0f:1f:c8:2d:fe:65:5d:85:31:5f:ed:d5:33: + 11:6d:28:e8:92:5b:c4:d4:90:43:b3:3f:9a:cf:28: + 3a:10:5e:8c:bc:92:fe:d2:79:dd:d3:2d:44:68:be: + ff:98:81:07:d0:a8:2c:ad:f2:a8:14:5e:41:4b:f4: + fb:08:e9:c4:b8:0f:e2:48:de:d3:f9:c9:b2:4d:e1: + 07:09:74:85:61:4f:8c:5b:9c:46:fb:43:7e:c1:35: + 7d:63:55:86:07:1e:c3:b7:12:7c:31:ff:ca:28:c6: + 13:5f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature + X509v3 Basic Constraints: + CA:FALSE + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Subject Key Identifier: + DD:19:55:95:C5:A8:26:A8:A5:BD:B1:26:2A:BE:F0:03:72:68:FB:89 + X509v3 Authority Key Identifier: + D7:7A:FE:65:8D:74:F3:F3:85:92:B5:F1:C3:55:3A:0B:6D:50:10:41 + X509v3 Subject Alternative Name: + email:Barney@lolilol.com + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 02:5b:88:3a:ef:ac:25:64:39:e4:30:62:62:b2:f6:70:66:75: + 5e:7d:7c:c7:4f:a2:74:d1:f0:66:eb:b0:87:f3:59:d2:83:be: + 66:f8:9a:bf:15:68:9f:ad:13:4d:db:a3:7d:09:e6:f8:2b:a0: + 8a:e7:37:2c:b7:94:32:5c:4b:3b:98:2d:b4:aa:20:c1:64:34: + 51:c3:3e:40:ab:b6:f2:d1:dd:fc:e3:a2:bd:40:2a:50:fc:e5: + 68:28:4f:07:90:6e:d2:3d:65:0d:bc:db:01:dd:fb:0d:39:c8: + 1d:a8:75:53:4c:7d:cc:0f:ea:68:f9:7b:cb:22:56:41:3a:37: + f2:5b:1d:54:8e:59:a8:62:dd:43:f6:33:78:c4:81:75:c4:74: + 96:2f:dd:13:14:cb:d6:b6:18:3e:60:41:6c:af:56:e8:9b:15: + d1:87:83:94:56:21:f2:0d:c9:d1:67:7e:d8:01:a6:dd:a8:eb: + dd:5e:b2:38:dc:36:b6:0a:c4:bb:13:04:69:f4:59:55:1e:9c: + 20:70:c9:aa:38:f1:a3:7f:a5:2b:f6:3d:f4:f4:05:ef:46:3d: + 93:73:04:c3:4e:de:de:4c:4d:f9:92:ec:67:16:c3:04:8d:c1: + 87:5d:a7:c7:25:40:7c:5e:93:76:97:74:b7:3f:1f:cd:78:fd: + 4e:d2:bc:11 +-----BEGIN CERTIFICATE----- +MIID8jCCAtqgAwIBAgIUSwiQ5H86S9oxE7cBk5LsTuw8b8UwDQYJKoZIhvcNAQEL +BQAwXjETMBEGCgmSJomT8ixkARkWA29yZzEWMBQGCgmSJomT8ixkARkWBnNpbXBs +ZTETMBEGA1UECgwKU2ltcGxlIEluYzEaMBgGA1UEAwwRU2ltcGxlIFNpZ25pbmcg +Q0EwHhcNMjUxMDI0MTQwNTU5WhcNMjcxMDI0MTQwNTU5WjBzMQswCQYDVQQGEwJG +UjEOMAwGA1UECAwFUGFyaXMxDjAMBgNVBAcMBVBhcmlzMRAwDgYDVQQKDAdMb0xp +TG9MMQ8wDQYDVQQDDAZCYXJuZXkxITAfBgkqhkiG9w0BCQEWEkJhcm5leUBsb2xp +bG9sLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfVeXn1s9VI +sbwlU0xrHiHXdiX1ng3J5p2LLs/mrx2SNHJao71sS0CD8z4iV3ChI0fuA1S/UOTi ++wOU5i8qUCgQnXOQZty8JMaWRCv3uODlwEAQnmr8Ng7qZ39+RwrVtOW3ZOoJ/foy +zMMOHyoerwflAzJJQ6s91PVY48dZdnAEnArKEnUpgKh65T7tmTTeJFNpFeG0chEP +H8gt/mVdhTFf7dUzEW0o6JJbxNSQQ7M/ms8oOhBejLyS/tJ53dMtRGi+/5iBB9Co +LK3yqBReQUv0+wjpxLgP4kje0/nJsk3hBwl0hWFPjFucRvtDfsE1fWNVhgcew7cS +fDH/yijGE18CAwEAAaOBkjCBjzAOBgNVHQ8BAf8EBAMCB4AwCQYDVR0TBAIwADAT +BgNVHSUEDDAKBggrBgEFBQcDAjAdBgNVHQ4EFgQU3RlVlcWoJqilvbEmKr7wA3Jo ++4kwHwYDVR0jBBgwFoAU13r+ZY108/OFkrXxw1U6C21QEEEwHQYDVR0RBBYwFIES +QmFybmV5QGxvbGlsb2wuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQACW4g676wlZDnk +MGJisvZwZnVefXzHT6J00fBm67CH81nSg75m+Jq/FWifrRNN26N9Ceb4K6CK5zcs +t5QyXEs7mC20qiDBZDRRwz5Aq7by0d3846K9QCpQ/OVoKE8HkG7SPWUNvNsB3fsN +OcgdqHVTTH3MD+po+XvLIlZBOjfyWx1UjlmoYt1D9jN4xIF1xHSWL90TFMvWthg+ +YEFsr1bomxXRh4OUViHyDcnRZ37YAabdqOvdXrI43Da2CsS7EwRp9FlVHpwgcMmq +OPGjf6Ur9j309AXvRj2TcwTDTt7eTE35kuxnFsMEjcGHXafHJUB8XpN2l3S3Px/N +eP1O0rwR +-----END CERTIFICATE----- diff --git a/certs/barney.csr b/certs/barney.csr new file mode 100644 index 0000000..b00f289 --- /dev/null +++ b/certs/barney.csr @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIDLDCCAhQCAQAwczELMAkGA1UEBhMCRlIxDjAMBgNVBAgMBVBhcmlzMQ4wDAYD +VQQHDAVQYXJpczEQMA4GA1UECgwHTG9MaUxvTDEPMA0GA1UEAwwGQmFybmV5MSEw +HwYJKoZIhvcNAQkBFhJCYXJuZXlAbG9saWxvbC5jb20wggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQDH1Xl59bPVSLG8JVNMax4h13Yl9Z4Nyeadiy7P5q8d +kjRyWqO9bEtAg/M+IldwoSNH7gNUv1Dk4vsDlOYvKlAoEJ1zkGbcvCTGlkQr97jg +5cBAEJ5q/DYO6md/fkcK1bTlt2TqCf36MszDDh8qHq8H5QMySUOrPdT1WOPHWXZw +BJwKyhJ1KYCoeuU+7Zk03iRTaRXhtHIRDx/ILf5lXYUxX+3VMxFtKOiSW8TUkEOz +P5rPKDoQXoy8kv7Sed3TLURovv+YgQfQqCyt8qgUXkFL9PsI6cS4D+JI3tP5ybJN +4QcJdIVhT4xbnEb7Q37BNX1jVYYHHsO3Enwx/8ooxhNfAgMBAAGgdDByBgkqhkiG +9w0BCQ4xZTBjMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAjAd +BgNVHQ4EFgQU3RlVlcWoJqilvbEmKr7wA3Jo+4kwHQYDVR0RBBYwFIESQmFybmV5 +QGxvbGlsb2wuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQBQBNIWRsAYKFAOvyFeh3Sq +Krc1rtJQzqHOiiqIKkLwm2rab2C5RooXA1jZ7CI/OLXSIN9eyb18uUza0E801xgK +VLe8iOr0xojpO8oLYrBUUwj014aoLiNjwoLsfQ1FgcccSjMe1efGLYb08RpR/uvx +1JL6pHAhg8/Jnt/2KU6VsVdEErHhu+EltJc0pzlHYCcOUDYlznPwAvCg0Z3/3xqu +MpxPLI8KnkOnoJYAEVKc6qPTBqMpMuheYGzav1oHATQsTcrk17ELM4GA5eJuZPiH +o4k4NCusK6VJsKh1L2puACe5OwrG1MRxEkwmEKM0mVluxXkbLYA/AB/90ni6ucZk +-----END CERTIFICATE REQUEST----- diff --git a/certs/barney.key b/certs/barney.key new file mode 100644 index 0000000..4126374 --- /dev/null +++ b/certs/barney.key @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQCJHGxV/mC+Fvab7F +HrUx6wICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEHMd3ChJ90iMFT3y +XL54LUIEggTQAfexKPo9zoz/+y7opfU7fKDEo53Qt8QK9zUagntv1ktOboNXwswU +7qu/iKH9UPlgkmndCK8oMS8spywsvqYb2yKhjbxhm5f0njxKP7axb+O+RlCk8QoF +fzbdnvcf9l5KTNz4XtzdK1bmt1Hopq9kO3ELJkvH7lhzSKYRf+WikaXrRecNsfqf +xNIzsPQebCSCgGj460CiW2CEuKC6UXto98MTArIE3l7QjRjEINrlBNBUfJVhOaDK +7RBbkbwC69ISsMH2WEJ04DmejSveo/jHkKU7rD7qlnCcCVBF6VhsBKQKJSeqAdNA +781JYdokySQMNycAdlwXJE25Z5zgey9gdE2CpRfXvAgAUBN9JgJP48qInjfPvxqi +kJwH4ykjVm75CnxcrD8DsF7+njr2Aiboeb96eXus/vtmUjXexIdlYSq6ZwcnBSq2 +9HW95y1DHh3zZYN1e/gm0hWWoRfF/44lMvcZ346jkT8atxJQJcTvTvTRix0HFh3l +SatFPHn0Eu8kDvzUhuHWPkyZSErW1nmhHYiYL7SSM/iov1sgAAX7aunDZ+x+pSxe +JlzCmxwZDI4pHmvuSTKR+JuXmbD3/0VMUstJGWXe91T1iHJQIlYH63IOQ9mhPD1v +ox15KB2KMCEuPHa3ddc5kCxTlHKD4+eQLl1V5bGtHhC4L8fDtD4ZsLgVCaBJG0lH +lSIdbJ0LWAAbD2W5R8+1jQFq5WcK9nb9ujyhQhCwBAI4pEQKPtGM0t/PqyaBV5mh +VK61q9avYkeLX9+KW1YZGPW7Br9fmTGmqUODhDbnPqjDbpZKnbDTuiWkk3BIfKR7 +vdnG7d0OuFj3bePq/vsyoowRdJ7v2PvPWkZeuAEUANxWw0xX69VXYyIvotjMupQc +O7v5zAVF/b60WhMpuIqH+VGkDisFlg0dq6XjqnNFqnOyO4NHfUv4vSyaQfYoDZ9L ++kHcWV9OtZYpQFxwfkRZRYhHH4FrcPoWJgoR+r0xZsnrRu46DDve4k6B3eqEwO+v +rm7KiFrdU5WCM2yyfMf2OuMjrIu/Juk3IVGZYVfaMaMlHroLA8Jg9C/tsN13IeCy +jT4Qjy6Y2of/mklKw/aGS466rXlLPevaULeNy6v+4aX+FJChWmznzRxMEKQVOHAb +8MCBjTGzoP6XN+RpU9Gq0/Bwd2eLxrP8fsk6SjKYj+AK4POAvpBRJggYrAlvy5p7 +7QdD7K0dAlvUtcrbkEVJr3Co9MYZ2Z+zzjFeMZRvXeTzENjO5/+W3WdZFLjrgTu3 +tSBPdXNslywt7FHimLog6IUc/QYae7x+mirhUmFapAV0ZZM7px6Ar123GBhnPUsd +ECor6oEVTOu/QqMlRkpyxPKOQxqRatTThB+x4kGLrxirim9yqUo8ZOeE0zBAf/0G +IxsN/Q/woRBFSumOSmXA4kiy91K82rjPtzqyZunLDvdyOyLwKDCRgo8lvq95CSYJ +GX6nXEtz7wZX7+PDmS9cPsDKB8M0mRhfGSDfL4mpzvBOA5hgraTJ8Awd8Caw8FnS +iIvNmFTA2cQVdZDShxB3ZFUKc1T5Ca/OYgnfy012tPVR/R4nN42M0JICuvKN9fck +uCytFJaEcrTYxLS2fHXOpgMmqkmU4pNNDs6D/BWgiJGdDD0gRWLvmRA= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/certs/barney.p12 b/certs/barney.p12 new file mode 100644 index 0000000..6e6de43 Binary files /dev/null and b/certs/barney.p12 differ diff --git a/certs/simple-org.crt b/certs/simple-org.crt new file mode 100644 index 0000000..4949aae --- /dev/null +++ b/certs/simple-org.crt @@ -0,0 +1,87 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2c:39:28:73:9a:df:6a:4b:59:72:4a:90:7a:46:3a:f4:6d:e9:c1:19 + Signature Algorithm: sha256WithRSAEncryption + Issuer: DC=org, DC=simple, O=Simple Inc, CN=Simple Signing CA + Validity + Not Before: Oct 24 13:52:07 2025 GMT + Not After : Oct 24 13:52:07 2027 GMT + Subject: DC=org, DC=simple, O=Simple Inc, CN=Simple + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:8f:16:6d:2c:43:29:37:e4:d8:a3:6e:0c:e9:11: + 63:f5:a5:b1:2c:bc:a1:2a:c8:43:66:04:0f:a0:c9: + 8e:d8:62:dd:29:33:2e:b8:35:21:1f:58:52:3b:f2: + 52:ad:87:de:7e:e5:e0:65:28:f5:8f:74:93:e2:bd: + 6c:59:4f:30:9f:27:f9:7a:9a:9b:f6:17:07:37:cf: + 79:d7:12:40:0a:3d:70:26:27:20:73:e9:a6:4e:98: + e5:ff:d7:e1:69:ff:dd:79:50:79:b7:2b:d2:b7:7a: + fb:18:0d:d5:c5:3a:20:3b:1e:f2:03:b3:8d:cf:7d: + 42:8d:86:cf:33:48:01:e2:0f:4e:4e:c1:d3:58:e0: + d7:58:34:0e:a5:4f:3f:48:71:93:14:d0:70:9a:f0: + 7d:ff:ad:b0:25:a2:de:25:e4:4c:b0:0c:0e:a8:3c: + c6:cb:52:20:e6:c8:3e:09:05:b9:8b:bf:03:0c:6f: + c0:19:4e:6e:c1:13:1c:3b:1a:2e:9c:4a:c2:b7:10: + b1:78:87:1b:31:11:3a:42:72:72:53:d2:7a:b9:74: + 54:0f:0d:32:eb:3e:a1:ee:4d:8e:61:aa:0c:8f:0e: + bb:58:9f:f0:27:99:bc:d1:cb:13:14:0b:15:36:4e: + 97:d4:01:08:6c:05:55:ca:78:8d:90:f7:09:f1:6e: + 94:81 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Basic Constraints: + CA:FALSE + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Key Identifier: + 83:0D:B5:A2:0F:97:28:E1:3E:78:9D:18:6F:1F:9F:BC:B9:FB:85:56 + X509v3 Authority Key Identifier: + D7:7A:FE:65:8D:74:F3:F3:85:92:B5:F1:C3:55:3A:0B:6D:50:10:41 + X509v3 Subject Alternative Name: + DNS:www.simple.org + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 86:70:a9:51:a3:52:d6:f5:8d:bb:c3:ef:40:a4:5d:42:9e:b7: + 46:e4:ca:1a:4c:86:ec:20:25:5d:b5:52:ea:0f:63:f2:fd:77: + d5:8c:1d:9b:3d:c0:3f:a5:09:6c:b8:75:1d:f8:1c:47:2d:7a: + d6:4d:57:06:0d:8e:f4:c7:ef:07:59:5d:38:ed:e4:51:a1:c4: + 30:9a:1f:7d:4a:87:ff:06:2f:98:fb:e2:cf:db:7f:f7:ec:bd: + b2:13:11:02:73:11:7a:89:f5:90:79:7f:03:df:01:7b:3e:af: + 4e:92:d5:93:c6:8d:63:dd:3e:4f:ff:ca:6e:70:8c:4a:53:19: + 52:75:22:1b:ab:37:a4:6a:03:aa:0f:48:a6:9c:6f:a3:47:cf: + 0d:1a:ff:89:30:44:00:39:02:85:df:ef:4b:e5:64:64:5b:f4: + 64:23:9e:d3:07:c0:00:3f:e4:18:f1:58:a6:52:a2:3d:ba:0f: + b6:39:6a:6a:fa:6b:50:4f:0f:79:1a:23:c2:03:df:66:8e:9e: + e7:e1:d9:97:51:b7:b2:ef:2d:25:27:6b:87:9e:ac:5b:4e:78: + bb:39:05:68:9a:7e:6e:66:82:b9:3e:30:be:dd:7a:34:9f:93: + 2a:30:bc:bf:b2:44:e8:37:01:df:d4:c7:c9:a7:8d:19:f0:a1: + f1:a1:b0:42 +-----BEGIN CERTIFICATE----- +MIID2DCCAsCgAwIBAgIULDkoc5rfaktZckqQekY69G3pwRkwDQYJKoZIhvcNAQEL +BQAwXjETMBEGCgmSJomT8ixkARkWA29yZzEWMBQGCgmSJomT8ixkARkWBnNpbXBs +ZTETMBEGA1UECgwKU2ltcGxlIEluYzEaMBgGA1UEAwwRU2ltcGxlIFNpZ25pbmcg +Q0EwHhcNMjUxMDI0MTM1MjA3WhcNMjcxMDI0MTM1MjA3WjBTMRMwEQYKCZImiZPy +LGQBGRYDb3JnMRYwFAYKCZImiZPyLGQBGRYGc2ltcGxlMRMwEQYDVQQKDApTaW1w +bGUgSW5jMQ8wDQYDVQQDDAZTaW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQCPFm0sQyk35NijbgzpEWP1pbEsvKEqyENmBA+gyY7YYt0pMy64NSEf +WFI78lKth95+5eBlKPWPdJPivWxZTzCfJ/l6mpv2Fwc3z3nXEkAKPXAmJyBz6aZO +mOX/1+Fp/915UHm3K9K3evsYDdXFOiA7HvIDs43PfUKNhs8zSAHiD05OwdNY4NdY +NA6lTz9IcZMU0HCa8H3/rbAlot4l5EywDA6oPMbLUiDmyD4JBbmLvwMMb8AZTm7B +Exw7Gi6cSsK3ELF4hxsxETpCcnJT0nq5dFQPDTLrPqHuTY5hqgyPDrtYn/AnmbzR +yxMUCxU2TpfUAQhsBVXKeI2Q9wnxbpSBAgMBAAGjgZgwgZUwDgYDVR0PAQH/BAQD +AgWgMAkGA1UdEwQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0G +A1UdDgQWBBSDDbWiD5co4T54nRhvH5+8ufuFVjAfBgNVHSMEGDAWgBTXev5ljXTz +84WStfHDVToLbVAQQTAZBgNVHREEEjAQgg53d3cuc2ltcGxlLm9yZzANBgkqhkiG +9w0BAQsFAAOCAQEAhnCpUaNS1vWNu8PvQKRdQp63RuTKGkyG7CAlXbVS6g9j8v13 +1Ywdmz3AP6UJbLh1HfgcRy161k1XBg2O9MfvB1ldOO3kUaHEMJoffUqH/wYvmPvi +z9t/9+y9shMRAnMReon1kHl/A98Bez6vTpLVk8aNY90+T//KbnCMSlMZUnUiG6s3 +pGoDqg9Ippxvo0fPDRr/iTBEADkChd/vS+VkZFv0ZCOe0wfAAD/kGPFYplKiPboP +tjlqavprUE8PeRojwgPfZo6e5+HZl1G3su8tJSdrh56sW054uzkFaJp+bmaCuT4w +vt16NJ+TKjC8v7JE6DcB39THyaeNGfCh8aGwQg== +-----END CERTIFICATE----- diff --git a/certs/simple-org.csr b/certs/simple-org.csr new file mode 100644 index 0000000..fe294fb --- /dev/null +++ b/certs/simple-org.csr @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIDEjCCAfoCAQAwUzETMBEGCgmSJomT8ixkARkWA29yZzEWMBQGCgmSJomT8ixk +ARkWBnNpbXBsZTETMBEGA1UECgwKU2ltcGxlIEluYzEPMA0GA1UEAwwGU2ltcGxl +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjxZtLEMpN+TYo24M6RFj +9aWxLLyhKshDZgQPoMmO2GLdKTMuuDUhH1hSO/JSrYfefuXgZSj1j3ST4r1sWU8w +nyf5epqb9hcHN8951xJACj1wJicgc+mmTpjl/9fhaf/deVB5tyvSt3r7GA3VxTog +Ox7yA7ONz31CjYbPM0gB4g9OTsHTWODXWDQOpU8/SHGTFNBwmvB9/62wJaLeJeRM +sAwOqDzGy1Ig5sg+CQW5i78DDG/AGU5uwRMcOxounErCtxCxeIcbMRE6QnJyU9J6 +uXRUDw0y6z6h7k2OYaoMjw67WJ/wJ5m80csTFAsVNk6X1AEIbAVVyniNkPcJ8W6U +gQIDAQABoHoweAYJKoZIhvcNAQkOMWswaTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0l +BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBSDDbWiD5co4T54nRhv +H5+8ufuFVjAZBgNVHREEEjAQgg53d3cuc2ltcGxlLm9yZzANBgkqhkiG9w0BAQsF +AAOCAQEAROxIUVaXvOfwYxYlgWAMsWGbt8l8FYRtr+nDf4jg1d1SJXgTqftYoJXI +1aHjjVdDleM/p2Cd97EcQzO3Rk66RL7XMKCN6sENJBNyT4mUK1cQWHrq3LB3MJCM +clf/qX8hh2spIeWLT9SHxvDGJUitXBlqPkI8HOsFSFD1zYGO1GexPRVbi7/jkCSU +mmZiwRavJ0a8s02Ua940jC9LyDayck8pFJzaYxFJ2jNMYK4rfQsNxMBDKow3/ufb +4Rr+2ESLvqx8Ndo4Zj1SnNTywIV4UUFS9y18B635LWvJenGAjsFE3oTzYqoknhzT +cXz1bDY6dPJH68X6rupsCmG2uE7Wpg== +-----END CERTIFICATE REQUEST----- diff --git a/certs/simple-org.key b/certs/simple-org.key new file mode 100644 index 0000000..f8e993f --- /dev/null +++ b/certs/simple-org.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCPFm0sQyk35Nij +bgzpEWP1pbEsvKEqyENmBA+gyY7YYt0pMy64NSEfWFI78lKth95+5eBlKPWPdJPi +vWxZTzCfJ/l6mpv2Fwc3z3nXEkAKPXAmJyBz6aZOmOX/1+Fp/915UHm3K9K3evsY +DdXFOiA7HvIDs43PfUKNhs8zSAHiD05OwdNY4NdYNA6lTz9IcZMU0HCa8H3/rbAl +ot4l5EywDA6oPMbLUiDmyD4JBbmLvwMMb8AZTm7BExw7Gi6cSsK3ELF4hxsxETpC +cnJT0nq5dFQPDTLrPqHuTY5hqgyPDrtYn/AnmbzRyxMUCxU2TpfUAQhsBVXKeI2Q +9wnxbpSBAgMBAAECggEAAfhul3HzUtw5aYK99cWyCTN3baTJWWP5naGHr5CnAW7X +GdalGY9NvfdC5qVvIwmgdEHpJat7OjcCRFiUceRnyIFN67TOWgS2KjwWsvIC5ME0 +1qmqRj5c9m8fl7ba2VFXNPD5RB7731/3rjyeiYFD6VyDO67Q0J8qd/V3y/59XCYR +ifYhQCp8AM9/rYaiYJ9YMjqJqMjFj4Q4NH5TAehlOTBDLcgSWeRrBXLnyFr4zhcO +xmYLUFMiCxFWcI17fsGQlda2mBclLhHTcaFEMjO0UuA0gwZ+YrLnfP6fHTY2kwp7 +rywI0PWwzpyHCnZNcF1QxwgJOfei4hGkUqlOrUFnYQKBgQDBfpklHT6QgLmiblx+ +o5aFAwJ41wW9qQ4X3b7VxwhhPpoP+ygS8EUkxngPJahZ8rA5qWH+DJ4LDku3RQ64 +hE0O1P08NnlWg76XXrZmocRV5iu016PDMWEMySeelvRUQAYH8MFH+WDEMK51Mm6L +RwURuXN6pTWzLHNdFo0dQF8e+QKBgQC9T1S6oUIRtttvwNvNwtw9s/1eyHmdytfW +e6ZWT21l9X3N3+0YR8Gy1rmjQVMdxaF5sRxOWtn7ihujZYs8KP5QoXWfS30G2ZJQ +N1qEZn0wJhpq9VF+I023NmuLJBxSi7hctGUdDHcoe0piUP24H5QV0bTEYSi+7LpV +sWf8IhMbyQKBgQCCGj+bBvjkbMllAFPNCu3Qbd+hpOLFTgCd54nDcFqgGFm62SNu +6IN1YMWlWarDID2B5/Rtv8ocoPYkOpjVVJADow7LB826cEccvKBkjezX3TYSGNSS +EIey8yZiqhmK9KmZeTZc0L9R63HCd7CAkbZE3q9ZDfD3krHXK6yiuH+88QKBgQCV +eGqcxLAmzmrqDKtABgfhDBkUWlNz2/GZHp4R7bqh0zgWciSAlD+C1flSxkQ68Izz +SXzg/Oi5q6zw0T8jK/bIcQMu1+qKmwTkIyBsA4P6nUskgjdq0bMN4oD9JnDaWAkj +4ScozWvT4ay0feAmHYDNzXrdxxzlyoHBIUbKE5lkyQKBgQC7ertazu8bxWMPFa48 +DZDL6oDvWWcSmUVyNAjlaZFUmF3gQeSB7U6BfxGa+k1BdbDeYSXVwCCC9G2XGPAx +eMUnFYS6WjagxKNfls0yC19Gy1Jo4XNwdFKujW15uC8ogArwTrOSKEQBUGk4gmH6 +ZttsuVvMuTmZv9Kq9hinarLUWQ== +-----END PRIVATE KEY----- diff --git a/etc/client.conf b/etc/client.conf new file mode 100644 index 0000000..f7cfa5a --- /dev/null +++ b/etc/client.conf @@ -0,0 +1,29 @@ +# TLS client certificate request + +[ req ] +default_bits = 2048 # RSA key size +encrypt_key = yes # Protect private key +default_md = sha256 # MD to use +utf8 = yes # Input is UTF-8 +string_mask = utf8only # Emit UTF-8 strings +prompt = yes # Prompt for DN +distinguished_name = client_dn # DN template +req_extensions = client_reqext # Desired extensions + +[ client_dn ] +countryName = "1. Country Name (2 letters) (eg, US) " +countryName_max = 2 +stateOrProvinceName = "2. State or Province Name (eg, region) " +localityName = "3. Locality Name (eg, city) " +organizationName = "4. Organization Name (eg, company) " +organizationalUnitName = "5. Organizational Unit Name (eg, section) " +commonName = "6. Common Name (eg, full name)" +commonName_max = 64 +emailAddress = "7. Email Address (eg, name@fqdn)" +emailAddress_max = 40 + +[ client_reqext ] +keyUsage = critical,digitalSignature +extendedKeyUsage = clientAuth +subjectKeyIdentifier = hash +subjectAltName = email:copy diff --git a/etc/email.conf b/etc/email.conf new file mode 100644 index 0000000..6206353 --- /dev/null +++ b/etc/email.conf @@ -0,0 +1,31 @@ +# Email certificate request + +# This file is used by the openssl req command. Since we cannot know the DN in +# advance the user is prompted for DN information. + +[ req ] +default_bits = 2048 # RSA key size +encrypt_key = yes # Protect private key +default_md = sha256 # MD to use +utf8 = yes # Input is UTF-8 +string_mask = utf8only # Emit UTF-8 strings +prompt = yes # Prompt for DN +distinguished_name = email_dn # DN template +req_extensions = email_reqext # Desired extensions + +[ email_dn ] +0.domainComponent = "1. Domain Component (eg, com) " +1.domainComponent = "2. Domain Component (eg, company) " +2.domainComponent = "3. Domain Component (eg, pki) " +organizationName = "4. Organization Name (eg, company) " +organizationalUnitName = "5. Organizational Unit Name (eg, section) " +commonName = "6. Common Name (eg, full name)" +commonName_max = 64 +emailAddress = "7. Email Address (eg, name@fqdn)" +emailAddress_max = 40 + +[ email_reqext ] +keyUsage = critical,digitalSignature,keyEncipherment +extendedKeyUsage = emailProtection,clientAuth +subjectKeyIdentifier = hash +subjectAltName = email:copy diff --git a/etc/root-ca.conf b/etc/root-ca.conf new file mode 100644 index 0000000..ccb452c --- /dev/null +++ b/etc/root-ca.conf @@ -0,0 +1,102 @@ +# Simple Root CA + +# The [default] section contains global constants that can be referred to from +# the entire configuration file. It may also hold settings pertaining to more +# than one openssl command. + +[ default ] +ca = root-ca # CA name +dir = . # Top dir + +# The next part of the configuration file is used by the openssl req command. +# It defines the CA's key pair, its DN, and the desired extensions for the CA +# certificate. + +[ req ] +default_bits = 2048 # RSA key size +encrypt_key = yes # Protect private key +default_md = sha256 # MD to use +utf8 = yes # Input is UTF-8 +string_mask = utf8only # Emit UTF-8 strings +prompt = no # Don't prompt for DN +distinguished_name = ca_dn # DN section +req_extensions = ca_reqext # Desired extensions + +[ ca_dn ] +0.domainComponent = "org" +1.domainComponent = "simple" +organizationName = "Simple Inc" +commonName = "Simple Root CA" + +[ ca_reqext ] +keyUsage = critical,keyCertSign,cRLSign +basicConstraints = critical,CA:true +subjectKeyIdentifier = hash + +# The remainder of the configuration file is used by the openssl ca command. +# The CA section defines the locations of CA assets, as well as the policies +# applying to the CA. + +[ ca ] +default_ca = root_ca # The default CA section + +[ root_ca ] +certificate = $dir/ca/$ca.crt # The CA cert +private_key = $dir/ca/$ca/private/$ca.key # CA private key +new_certs_dir = $dir/ca/$ca # Certificate archive +serial = $dir/ca/$ca/db/$ca.crt.srl # Serial number file +crlnumber = $dir/ca/$ca/db/$ca.crl.srl # CRL number file +database = $dir/ca/$ca/db/$ca.db # Index file +rand_serial = yes # Use random serial numbers +unique_subject = no # Require unique subject +default_days = 3652 # How long to certify for +default_md = sha256 # MD to use +policy = match_pol # Default naming policy +email_in_dn = no # Add email to cert DN +preserve = no # Keep passed DN ordering +name_opt = multiline,-esc_msb,utf8 # Subject DN display options +cert_opt = ca_default # Certificate display options +copy_extensions = none # Copy extensions from CSR +x509_extensions = signing_ca_ext # Default cert extensions +default_crl_days = 365 # How long before next CRL +crl_extensions = crl_ext # CRL extensions + +# Naming policies control which parts of a DN end up in the certificate and +# under what circumstances certification should be denied. + +[ match_pol ] +domainComponent = match # Must match 'simple.org' +organizationName = match # Must match 'Simple Inc' +organizationalUnitName = optional # Included if present +commonName = supplied # Must be present + +[ any_pol ] +domainComponent = optional +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = optional +emailAddress = optional + +# Certificate extensions define what types of certificates the CA is able to +# create. + +[ root_ca_ext ] +keyUsage = critical,keyCertSign,cRLSign +basicConstraints = critical,CA:true +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always + +[ signing_ca_ext ] +keyUsage = critical,keyCertSign,cRLSign +basicConstraints = critical,CA:true,pathlen:0 +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always + +# CRL extensions exist solely to point to the CA certificate that has issued +# the CRL. + +[ crl_ext ] +authorityKeyIdentifier = keyid:always diff --git a/etc/server.conf b/etc/server.conf new file mode 100644 index 0000000..b35f588 --- /dev/null +++ b/etc/server.conf @@ -0,0 +1,32 @@ +# TLS server certificate request + +# This file is used by the openssl req command. The subjectAltName cannot be +# prompted for and must be specified in the SAN environment variable. + +[ default ] +SAN = DNS:www.example.com # Default SAN + +[ req ] +default_bits = 2048 # RSA key size +encrypt_key = no # Protect private key +default_md = sha256 # MD to use +utf8 = yes # Input is UTF-8 +string_mask = utf8only # Emit UTF-8 strings +prompt = yes # Prompt for DN +distinguished_name = server_dn # DN template +req_extensions = server_reqext # Desired extensions + +[ server_dn ] +0.domainComponent = "1. Domain Component (eg, com) " +1.domainComponent = "2. Domain Component (eg, company) " +2.domainComponent = "3. Domain Component (eg, pki) " +organizationName = "4. Organization Name (eg, company) " +organizationalUnitName = "5. Organizational Unit Name (eg, section) " +commonName = "6. Common Name (eg, FQDN) " +commonName_max = 64 + +[ server_reqext ] +keyUsage = critical,digitalSignature,keyEncipherment +extendedKeyUsage = serverAuth,clientAuth +subjectKeyIdentifier = hash +subjectAltName = $ENV::SAN diff --git a/etc/signing-ca.conf b/etc/signing-ca.conf new file mode 100644 index 0000000..c8ec1b2 --- /dev/null +++ b/etc/signing-ca.conf @@ -0,0 +1,124 @@ +# Simple Signing CA + +# The [default] section contains global constants that can be referred to from +# the entire configuration file. It may also hold settings pertaining to more +# than one openssl command. + +[ default ] +ca = signing-ca # CA name +dir = . # Top dir + +# The next part of the configuration file is used by the openssl req command. +# It defines the CA's key pair, its DN, and the desired extensions for the CA +# certificate. + +[ req ] +default_bits = 2048 # RSA key size +encrypt_key = yes # Protect private key +default_md = sha256 # MD to use +utf8 = yes # Input is UTF-8 +string_mask = utf8only # Emit UTF-8 strings +prompt = no # Don't prompt for DN +distinguished_name = ca_dn # DN section +req_extensions = ca_reqext # Desired extensions + +[ ca_dn ] +0.domainComponent = "org" +1.domainComponent = "simple" +organizationName = "Simple Inc" +commonName = "Simple Signing CA" + +[ ca_reqext ] +keyUsage = critical,keyCertSign,cRLSign +basicConstraints = critical,CA:true,pathlen:0 +subjectKeyIdentifier = hash + +# The remainder of the configuration file is used by the openssl ca command. +# The CA section defines the locations of CA assets, as well as the policies +# applying to the CA. + +[ ca ] +default_ca = signing_ca # The default CA section + +[ signing_ca ] +certificate = $dir/ca/$ca.crt # The CA cert +private_key = $dir/ca/$ca/private/$ca.key # CA private key +new_certs_dir = $dir/ca/$ca # Certificate archive +serial = $dir/ca/$ca/db/$ca.crt.srl # Serial number file +crlnumber = $dir/ca/$ca/db/$ca.crl.srl # CRL number file +database = $dir/ca/$ca/db/$ca.db # Index file +rand_serial = yes # Use random serial numbers +unique_subject = no # Require unique subject +default_days = 730 # How long to certify for +default_md = sha256 # MD to use +policy = match_pol # Default naming policy +email_in_dn = yes # Add email to cert DN +preserve = no # Keep passed DN ordering +name_opt = multiline,-esc_msb,utf8 # Subject DN display options +cert_opt = ca_default # Certificate display options +copy_extensions = copy # Copy extensions from CSR +x509_extensions = email_ext # Default cert extensions +default_crl_days = 7 # How long before next CRL +crl_extensions = crl_ext # CRL extensions + +# Naming policies control which parts of a DN end up in the certificate and +# under what circumstances certification should be denied. + +[ match_pol ] +domainComponent = match # Must match 'simple.org' +organizationName = match # Must match 'Simple Inc' +organizationalUnitName = optional # Included if present +commonName = supplied # Must be present +emailAddress = optional # Included if present + +[ any_pol ] +domainComponent = optional +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = optional +emailAddress = optional + +# Certificate extensions define what types of certificates the CA is able to +# create. + +[ extern_pol ] +countryName = supplied # Must be present +stateOrProvinceName = optional # Included if present +localityName = optional # Included if present +organizationName = supplied # Must be present +organizationalUnitName = optional # Included if present +commonName = supplied # Must be present +emailAddress = optional # Included if present + + +[ email_ext ] +keyUsage = critical,digitalSignature,keyEncipherment +basicConstraints = CA:false +extendedKeyUsage = emailProtection,clientAuth +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always + +[ server_ext ] +keyUsage = critical,digitalSignature,keyEncipherment +basicConstraints = CA:false +extendedKeyUsage = serverAuth,clientAuth +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always + +[ client_ext ] +keyUsage = critical,digitalSignature +basicConstraints = CA:false +extendedKeyUsage = clientAuth +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always +#authorityInfoAccess = @issuer_info +#crlDistributionPoints = @crl_info + +# CRL extensions exist solely to point to the CA certificate that has issued +# the CRL. + +[ crl_ext ] +authorityKeyIdentifier = keyid:always