new pki

ca/root-ca.crt

@@ -0,0 +1,82 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            2a:92:4b:e5:eb:2b:8b:a5:09:6d:1d:af:13:a4:b5:3d:20:83:0a:2b
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: DC=org, DC=simple, O=Simple Inc, CN=Simple Root CA
+        Validity
+            Not Before: Oct 24 13:49:19 2025 GMT
+            Not After : Oct 24 13:49:19 2035 GMT
+        Subject: DC=org, DC=simple, O=Simple Inc, CN=Simple Root CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:97:70:47:fe:95:95:6d:f1:d3:fc:22:39:fe:db:
+                    9b:08:44:9f:98:e0:02:9d:9c:85:69:f9:b3:be:01:
+                    77:d6:aa:31:e1:b2:b7:82:1a:ba:7e:62:36:f4:df:
+                    be:26:13:26:1e:d0:c2:c3:00:61:1e:f5:e1:5d:02:
+                    c3:5a:04:08:7e:70:e8:5d:25:f8:94:35:45:b7:ee:
+                    91:cc:ef:41:41:2e:a4:71:7b:54:51:81:7e:e3:27:
+                    42:53:c2:ab:4c:e4:8a:ed:59:7a:a9:f8:91:f1:8a:
+                    69:83:0c:a7:83:f9:36:cc:af:9c:26:7e:b6:d5:10:
+                    03:24:be:7b:f2:5c:f8:a9:3c:01:96:c2:21:88:1d:
+                    e3:6f:46:c3:9d:d8:ea:8b:90:4c:c4:2b:90:7c:a3:
+                    5c:dc:68:c3:b5:01:a7:4c:99:97:d4:94:b0:69:3d:
+                    c9:50:4e:a4:5e:54:94:cc:c4:db:18:65:f7:6f:6c:
+                    74:b1:02:c4:5e:93:d1:92:1b:05:89:4d:a5:55:38:
+                    da:8e:2d:e7:60:9a:ee:be:60:6c:77:5a:12:c0:60:
+                    2d:b1:4b:8d:6b:04:ae:5c:38:c9:9e:0c:b4:4e:3a:
+                    df:5b:d6:43:60:98:bb:b1:04:25:41:c6:af:b8:8b:
+                    18:c7:a7:ae:29:11:b9:40:04:35:6b:f4:57:57:fa:
+                    d9:d3
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Subject Key Identifier: 
+                DA:B2:3E:C6:6E:34:D2:0A:3C:FF:AC:A2:9D:17:24:A3:32:AB:DD:AB
+            X509v3 Authority Key Identifier: 
+                DA:B2:3E:C6:6E:34:D2:0A:3C:FF:AC:A2:9D:17:24:A3:32:AB:DD:AB
+    Signature Algorithm: sha256WithRSAEncryption
+    Signature Value:
+        2c:da:9e:3c:bf:e8:ce:92:3f:33:66:0e:f0:53:0c:8b:d8:51:
+        a3:00:7f:3d:9c:df:dc:9b:a5:fb:f4:b4:d1:12:e4:0d:4a:a7:
+        02:3b:ce:4b:2e:8d:af:06:a8:a3:62:a8:71:ef:8d:60:08:4f:
+        e5:ff:fb:8d:e7:00:33:3b:c8:41:1b:be:61:03:ec:d5:b4:fe:
+        d1:29:06:eb:fb:1f:2c:70:47:4f:99:b8:cd:45:38:29:89:70:
+        cb:00:c2:db:73:f1:37:b6:84:e4:fc:38:38:1d:74:d9:07:14:
+        ba:47:d0:f1:fa:f3:97:c2:1f:90:79:de:bb:58:9e:69:67:b5:
+        12:93:87:c8:9f:c2:02:55:8a:d1:5b:c4:3c:2d:65:4d:6e:70:
+        c6:59:f3:52:d1:01:9b:37:b7:39:2d:32:00:cd:e4:27:f2:d9:
+        f8:4a:14:4d:4d:a7:8e:37:2b:6f:ab:aa:58:81:22:93:e9:cd:
+        8a:aa:4e:c3:11:74:1a:13:4a:ad:e7:db:dd:ac:d6:f4:90:cd:
+        76:b7:c1:cb:2d:da:6e:9e:ee:12:85:a2:a2:6c:be:62:6a:c2:
+        cf:3e:ac:40:0e:d4:0e:65:b7:2d:8f:22:3e:d5:0b:41:da:fa:
+        4a:eb:1b:a5:7f:d5:c9:86:21:a3:19:51:03:d1:a9:35:f1:5f:
+        7d:2a:b9:87
+-----BEGIN CERTIFICATE-----
+MIIDpzCCAo+gAwIBAgIUKpJL5esri6UJbR2vE6S1PSCDCiswDQYJKoZIhvcNAQEL
+BQAwWzETMBEGCgmSJomT8ixkARkWA29yZzEWMBQGCgmSJomT8ixkARkWBnNpbXBs
+ZTETMBEGA1UECgwKU2ltcGxlIEluYzEXMBUGA1UEAwwOU2ltcGxlIFJvb3QgQ0Ew
+HhcNMjUxMDI0MTM0OTE5WhcNMzUxMDI0MTM0OTE5WjBbMRMwEQYKCZImiZPyLGQB
+GRYDb3JnMRYwFAYKCZImiZPyLGQBGRYGc2ltcGxlMRMwEQYDVQQKDApTaW1wbGUg
+SW5jMRcwFQYDVQQDDA5TaW1wbGUgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAJdwR/6VlW3x0/wiOf7bmwhEn5jgAp2chWn5s74Bd9aqMeGy
+t4Iaun5iNvTfviYTJh7QwsMAYR714V0Cw1oECH5w6F0l+JQ1RbfukczvQUEupHF7
+VFGBfuMnQlPCq0zkiu1Zeqn4kfGKaYMMp4P5NsyvnCZ+ttUQAyS+e/Jc+Kk8AZbC
+IYgd429Gw53Y6ouQTMQrkHyjXNxow7UBp0yZl9SUsGk9yVBOpF5UlMzE2xhl929s
+dLECxF6T0ZIbBYlNpVU42o4t52Ca7r5gbHdaEsBgLbFLjWsErlw4yZ4MtE4631vW
+Q2CYu7EEJUHGr7iLGMenrikRuUAENWv0V1f62dMCAwEAAaNjMGEwDgYDVR0PAQH/
+BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNqyPsZuNNIKPP+sop0X
+JKMyq92rMB8GA1UdIwQYMBaAFNqyPsZuNNIKPP+sop0XJKMyq92rMA0GCSqGSIb3
+DQEBCwUAA4IBAQAs2p48v+jOkj8zZg7wUwyL2FGjAH89nN/cm6X79LTREuQNSqcC
+O85LLo2vBqijYqhx741gCE/l//uN5wAzO8hBG75hA+zVtP7RKQbr+x8scEdPmbjN
+RTgpiXDLAMLbc/E3toTk/Dg4HXTZBxS6R9Dx+vOXwh+Qed67WJ5pZ7USk4fIn8IC
+VYrRW8Q8LWVNbnDGWfNS0QGbN7c5LTIAzeQn8tn4ShRNTaeONytvq6pYgSKT6c2K
+qk7DEXQaE0qt59vdrNb0kM12t8HLLdpunu4ShaKibL5iasLPPqxADtQOZbctjyI+
+1QtB2vpK6xulf9XJhiGjGVED0ak18V99KrmH
+-----END CERTIFICATE-----

ca/root-ca.csr

@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC8TCCAdkCAQAwWzETMBEGCgmSJomT8ixkARkWA29yZzEWMBQGCgmSJomT8ixk
+ARkWBnNpbXBsZTETMBEGA1UECgwKU2ltcGxlIEluYzEXMBUGA1UEAwwOU2ltcGxl
+IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXcEf+lZVt
+8dP8Ijn+25sIRJ+Y4AKdnIVp+bO+AXfWqjHhsreCGrp+Yjb0374mEyYe0MLDAGEe
+9eFdAsNaBAh+cOhdJfiUNUW37pHM70FBLqRxe1RRgX7jJ0JTwqtM5IrtWXqp+JHx
+immDDKeD+TbMr5wmfrbVEAMkvnvyXPipPAGWwiGIHeNvRsOd2OqLkEzEK5B8o1zc
+aMO1AadMmZfUlLBpPclQTqReVJTMxNsYZfdvbHSxAsRek9GSGwWJTaVVONqOLedg
+mu6+YGx3WhLAYC2xS41rBK5cOMmeDLROOt9b1kNgmLuxBCVBxq+4ixjHp64pEblA
+BDVr9FdX+tnTAgMBAAGgUTBPBgkqhkiG9w0BCQ4xQjBAMA4GA1UdDwEB/wQEAwIB
+BjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTasj7GbjTSCjz/rKKdFySjMqvd
+qzANBgkqhkiG9w0BAQsFAAOCAQEAdWJ7rkL/OaaX6JYUeXuR0x3zQ0L1KAaLo/TU
+iqY1L2LV9RXdNCsqsV2i/zx5F+nb6qtr65l7r/J75nGsfAJOrwgXWxKRCNo/aYdY
+3PJ120BmrUHIRWZuQC2I5hyjiuSXYQduCjJYujRnV28dEgCHIs+luLWpBzKVE0yO
+NiPW4cfKuBNWrfYmO/BT79ygJBjnt/gXAILsHYIn2yg8cksjkXkoDhXisYYCUGYS
+uhC3ATn1zR4lNHsXQg8uwlBJSWYEbOqfEBHGWWVbZergxWsRyRY6fDy1tbqOP+TO
+QXAXCt4zB1PU8J6uufNID7LTa6LeKnTRj7P/9lGXpKNDIsEpeA==
+-----END CERTIFICATE REQUEST-----

ca/root-ca/2A924BE5EB2B8BA5096D1DAF13A4B53D20830A2B.pem

@@ -0,0 +1,82 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            2a:92:4b:e5:eb:2b:8b:a5:09:6d:1d:af:13:a4:b5:3d:20:83:0a:2b
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: DC=org, DC=simple, O=Simple Inc, CN=Simple Root CA
+        Validity
+            Not Before: Oct 24 13:49:19 2025 GMT
+            Not After : Oct 24 13:49:19 2035 GMT
+        Subject: DC=org, DC=simple, O=Simple Inc, CN=Simple Root CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:97:70:47:fe:95:95:6d:f1:d3:fc:22:39:fe:db:
+                    9b:08:44:9f:98:e0:02:9d:9c:85:69:f9:b3:be:01:
+                    77:d6:aa:31:e1:b2:b7:82:1a:ba:7e:62:36:f4:df:
+                    be:26:13:26:1e:d0:c2:c3:00:61:1e:f5:e1:5d:02:
+                    c3:5a:04:08:7e:70:e8:5d:25:f8:94:35:45:b7:ee:
+                    91:cc:ef:41:41:2e:a4:71:7b:54:51:81:7e:e3:27:
+                    42:53:c2:ab:4c:e4:8a:ed:59:7a:a9:f8:91:f1:8a:
+                    69:83:0c:a7:83:f9:36:cc:af:9c:26:7e:b6:d5:10:
+                    03:24:be:7b:f2:5c:f8:a9:3c:01:96:c2:21:88:1d:
+                    e3:6f:46:c3:9d:d8:ea:8b:90:4c:c4:2b:90:7c:a3:
+                    5c:dc:68:c3:b5:01:a7:4c:99:97:d4:94:b0:69:3d:
+                    c9:50:4e:a4:5e:54:94:cc:c4:db:18:65:f7:6f:6c:
+                    74:b1:02:c4:5e:93:d1:92:1b:05:89:4d:a5:55:38:
+                    da:8e:2d:e7:60:9a:ee:be:60:6c:77:5a:12:c0:60:
+                    2d:b1:4b:8d:6b:04:ae:5c:38:c9:9e:0c:b4:4e:3a:
+                    df:5b:d6:43:60:98:bb:b1:04:25:41:c6:af:b8:8b:
+                    18:c7:a7:ae:29:11:b9:40:04:35:6b:f4:57:57:fa:
+                    d9:d3
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Subject Key Identifier: 
+                DA:B2:3E:C6:6E:34:D2:0A:3C:FF:AC:A2:9D:17:24:A3:32:AB:DD:AB
+            X509v3 Authority Key Identifier: 
+                DA:B2:3E:C6:6E:34:D2:0A:3C:FF:AC:A2:9D:17:24:A3:32:AB:DD:AB
+    Signature Algorithm: sha256WithRSAEncryption
+    Signature Value:
+        2c:da:9e:3c:bf:e8:ce:92:3f:33:66:0e:f0:53:0c:8b:d8:51:
+        a3:00:7f:3d:9c:df:dc:9b:a5:fb:f4:b4:d1:12:e4:0d:4a:a7:
+        02:3b:ce:4b:2e:8d:af:06:a8:a3:62:a8:71:ef:8d:60:08:4f:
+        e5:ff:fb:8d:e7:00:33:3b:c8:41:1b:be:61:03:ec:d5:b4:fe:
+        d1:29:06:eb:fb:1f:2c:70:47:4f:99:b8:cd:45:38:29:89:70:
+        cb:00:c2:db:73:f1:37:b6:84:e4:fc:38:38:1d:74:d9:07:14:
+        ba:47:d0:f1:fa:f3:97:c2:1f:90:79:de:bb:58:9e:69:67:b5:
+        12:93:87:c8:9f:c2:02:55:8a:d1:5b:c4:3c:2d:65:4d:6e:70:
+        c6:59:f3:52:d1:01:9b:37:b7:39:2d:32:00:cd:e4:27:f2:d9:
+        f8:4a:14:4d:4d:a7:8e:37:2b:6f:ab:aa:58:81:22:93:e9:cd:
+        8a:aa:4e:c3:11:74:1a:13:4a:ad:e7:db:dd:ac:d6:f4:90:cd:
+        76:b7:c1:cb:2d:da:6e:9e:ee:12:85:a2:a2:6c:be:62:6a:c2:
+        cf:3e:ac:40:0e:d4:0e:65:b7:2d:8f:22:3e:d5:0b:41:da:fa:
+        4a:eb:1b:a5:7f:d5:c9:86:21:a3:19:51:03:d1:a9:35:f1:5f:
+        7d:2a:b9:87
+-----BEGIN CERTIFICATE-----
+MIIDpzCCAo+gAwIBAgIUKpJL5esri6UJbR2vE6S1PSCDCiswDQYJKoZIhvcNAQEL
+BQAwWzETMBEGCgmSJomT8ixkARkWA29yZzEWMBQGCgmSJomT8ixkARkWBnNpbXBs
+ZTETMBEGA1UECgwKU2ltcGxlIEluYzEXMBUGA1UEAwwOU2ltcGxlIFJvb3QgQ0Ew
+HhcNMjUxMDI0MTM0OTE5WhcNMzUxMDI0MTM0OTE5WjBbMRMwEQYKCZImiZPyLGQB
+GRYDb3JnMRYwFAYKCZImiZPyLGQBGRYGc2ltcGxlMRMwEQYDVQQKDApTaW1wbGUg
+SW5jMRcwFQYDVQQDDA5TaW1wbGUgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAJdwR/6VlW3x0/wiOf7bmwhEn5jgAp2chWn5s74Bd9aqMeGy
+t4Iaun5iNvTfviYTJh7QwsMAYR714V0Cw1oECH5w6F0l+JQ1RbfukczvQUEupHF7
+VFGBfuMnQlPCq0zkiu1Zeqn4kfGKaYMMp4P5NsyvnCZ+ttUQAyS+e/Jc+Kk8AZbC
+IYgd429Gw53Y6ouQTMQrkHyjXNxow7UBp0yZl9SUsGk9yVBOpF5UlMzE2xhl929s
+dLECxF6T0ZIbBYlNpVU42o4t52Ca7r5gbHdaEsBgLbFLjWsErlw4yZ4MtE4631vW
+Q2CYu7EEJUHGr7iLGMenrikRuUAENWv0V1f62dMCAwEAAaNjMGEwDgYDVR0PAQH/
+BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNqyPsZuNNIKPP+sop0X
+JKMyq92rMB8GA1UdIwQYMBaAFNqyPsZuNNIKPP+sop0XJKMyq92rMA0GCSqGSIb3
+DQEBCwUAA4IBAQAs2p48v+jOkj8zZg7wUwyL2FGjAH89nN/cm6X79LTREuQNSqcC
+O85LLo2vBqijYqhx741gCE/l//uN5wAzO8hBG75hA+zVtP7RKQbr+x8scEdPmbjN
+RTgpiXDLAMLbc/E3toTk/Dg4HXTZBxS6R9Dx+vOXwh+Qed67WJ5pZ7USk4fIn8IC
+VYrRW8Q8LWVNbnDGWfNS0QGbN7c5LTIAzeQn8tn4ShRNTaeONytvq6pYgSKT6c2K
+qk7DEXQaE0qt59vdrNb0kM12t8HLLdpunu4ShaKibL5iasLPPqxADtQOZbctjyI+
+1QtB2vpK6xulf9XJhiGjGVED0ak18V99KrmH
+-----END CERTIFICATE-----

ca/root-ca/70665C1EDD2521B0A59089AF93F35E78E5D6848A.pem

@@ -0,0 +1,82 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            70:66:5c:1e:dd:25:21:b0:a5:90:89:af:93:f3:5e:78:e5:d6:84:8a
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: DC=org, DC=simple, O=Simple Inc, CN=Simple Root CA
+        Validity
+            Not Before: Oct 24 13:50:25 2025 GMT
+            Not After : Oct 24 13:50:25 2035 GMT
+        Subject: DC=org, DC=simple, O=Simple Inc, CN=Simple Signing CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:cd:57:70:66:95:5b:9e:c7:e0:8e:92:3c:8c:a5:
+                    f2:c1:de:e5:2b:ed:96:f6:04:4c:62:1e:91:e8:b0:
+                    29:22:88:ff:7f:7f:af:25:92:f7:e9:ca:ce:3a:3a:
+                    59:7b:9a:68:ab:dd:27:87:15:8d:3c:e2:88:bf:28:
+                    68:14:d8:6a:9a:e0:60:1d:61:c4:c1:c4:1f:9b:10:
+                    ea:d5:ee:ff:7a:97:93:d8:9d:fc:a3:92:ca:30:3f:
+                    c8:fc:3f:6b:ac:db:ba:fd:22:70:3e:d0:38:14:b2:
+                    b2:c4:6c:61:74:a0:ed:c7:6c:cf:e6:9d:df:aa:d8:
+                    ef:3d:ac:5f:6b:93:a7:a7:4f:d4:28:b1:d5:e2:01:
+                    6e:e3:0f:34:39:58:6c:e7:e7:e8:68:92:da:5d:d1:
+                    ef:c5:e5:7c:a7:28:2c:51:cd:d9:9d:1d:43:20:ad:
+                    f1:76:20:94:20:e4:72:b4:ed:e4:77:c8:00:c1:19:
+                    86:be:50:95:01:97:40:58:dc:3b:f2:69:ac:d7:b3:
+                    4b:c2:39:31:bf:13:f9:a4:96:49:e8:dc:07:49:a4:
+                    ab:20:0f:08:d1:45:a6:0a:57:bb:59:22:14:d9:bb:
+                    bd:17:d2:3a:06:95:80:14:a4:69:cc:b3:84:65:3b:
+                    bc:33:72:d5:45:0f:f4:90:50:4f:ac:57:81:2b:b0:
+                    6d:05
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Basic Constraints: critical
+                CA:TRUE, pathlen:0
+            X509v3 Subject Key Identifier: 
+                D7:7A:FE:65:8D:74:F3:F3:85:92:B5:F1:C3:55:3A:0B:6D:50:10:41
+            X509v3 Authority Key Identifier: 
+                DA:B2:3E:C6:6E:34:D2:0A:3C:FF:AC:A2:9D:17:24:A3:32:AB:DD:AB
+    Signature Algorithm: sha256WithRSAEncryption
+    Signature Value:
+        59:0f:a8:fa:9b:a6:5b:34:8b:c4:ea:44:02:f8:3c:08:62:45:
+        d4:87:48:24:20:50:8f:40:ca:3a:64:0d:98:04:f7:3c:a9:4c:
+        ca:92:4a:56:40:9a:45:28:fd:7b:f3:6b:2b:f2:7d:a0:d6:24:
+        e1:51:24:e5:5b:f1:e1:c5:8f:f4:06:a8:4f:2b:c3:58:ad:a6:
+        f8:32:80:d6:de:ca:46:97:f2:0f:07:9b:06:55:7c:db:a2:bf:
+        5c:1f:be:41:09:a8:34:c3:68:71:d2:dc:94:1a:63:24:2c:73:
+        65:92:47:74:82:3e:ba:74:07:c3:06:14:13:25:81:de:8c:f7:
+        c5:61:ca:c4:90:93:14:9a:50:eb:a1:03:6b:b0:1d:ad:4f:9b:
+        b8:14:8e:ba:d0:4d:c2:71:bb:19:2a:c1:ed:0e:19:00:87:38:
+        fb:3f:df:53:bf:42:b5:1f:f6:3b:dc:82:b4:a2:40:37:b4:96:
+        21:66:4a:f0:86:6b:3a:37:90:f0:2a:f6:94:70:3f:65:73:3c:
+        30:0d:c1:41:5c:e1:33:cd:c1:1f:d6:16:8b:fe:34:01:af:05:
+        e6:df:fa:f3:55:31:ac:0d:5c:15:7e:a4:f9:0d:70:c6:d8:c2:
+        40:e3:01:e3:59:af:86:35:fd:22:ce:cc:85:bb:dd:93:e9:7c:
+        e4:64:b3:14
+-----BEGIN CERTIFICATE-----
+MIIDrTCCApWgAwIBAgIUcGZcHt0lIbClkImvk/NeeOXWhIowDQYJKoZIhvcNAQEL
+BQAwWzETMBEGCgmSJomT8ixkARkWA29yZzEWMBQGCgmSJomT8ixkARkWBnNpbXBs
+ZTETMBEGA1UECgwKU2ltcGxlIEluYzEXMBUGA1UEAwwOU2ltcGxlIFJvb3QgQ0Ew
+HhcNMjUxMDI0MTM1MDI1WhcNMzUxMDI0MTM1MDI1WjBeMRMwEQYKCZImiZPyLGQB
+GRYDb3JnMRYwFAYKCZImiZPyLGQBGRYGc2ltcGxlMRMwEQYDVQQKDApTaW1wbGUg
+SW5jMRowGAYDVQQDDBFTaW1wbGUgU2lnbmluZyBDQTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAM1XcGaVW57H4I6SPIyl8sHe5SvtlvYETGIekeiwKSKI
+/39/ryWS9+nKzjo6WXuaaKvdJ4cVjTziiL8oaBTYaprgYB1hxMHEH5sQ6tXu/3qX
+k9id/KOSyjA/yPw/a6zbuv0icD7QOBSyssRsYXSg7cdsz+ad36rY7z2sX2uTp6dP
+1Cix1eIBbuMPNDlYbOfn6GiS2l3R78XlfKcoLFHN2Z0dQyCt8XYglCDkcrTt5HfI
+AMEZhr5QlQGXQFjcO/JprNezS8I5Mb8T+aSWSejcB0mkqyAPCNFFpgpXu1kiFNm7
+vRfSOgaVgBSkacyzhGU7vDNy1UUP9JBQT6xXgSuwbQUCAwEAAaNmMGQwDgYDVR0P
+AQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFNd6/mWNdPPz
+hZK18cNVOgttUBBBMB8GA1UdIwQYMBaAFNqyPsZuNNIKPP+sop0XJKMyq92rMA0G
+CSqGSIb3DQEBCwUAA4IBAQBZD6j6m6ZbNIvE6kQC+DwIYkXUh0gkIFCPQMo6ZA2Y
+BPc8qUzKkkpWQJpFKP1782sr8n2g1iThUSTlW/HhxY/0BqhPK8NYrab4MoDW3spG
+l/IPB5sGVXzbor9cH75BCag0w2hx0tyUGmMkLHNlkkd0gj66dAfDBhQTJYHejPfF
+YcrEkJMUmlDroQNrsB2tT5u4FI660E3CcbsZKsHtDhkAhzj7P99Tv0K1H/Y73IK0
+okA3tJYhZkrwhms6N5DwKvaUcD9lczwwDcFBXOEzzcEf1haL/jQBrwXm3/rzVTGs
+DVwVfqT5DXDG2MJA4wHjWa+GNf0izsyFu92T6XzkZLMU
+-----END CERTIFICATE-----

ca/root-ca/db/root-ca.crl.srl

@@ -0,0 +1 @@
+01

ca/root-ca/db/root-ca.crt.srl

@@ -0,0 +1 @@
+01

ca/root-ca/db/root-ca.db

@@ -0,0 +1,2 @@
+V	351024134919Z		2A924BE5EB2B8BA5096D1DAF13A4B53D20830A2B	unknown	/DC=org/DC=simple/O=Simple Inc/CN=Simple Root CA
+V	351024135025Z		70665C1EDD2521B0A59089AF93F35E78E5D6848A	unknown	/DC=org/DC=simple/O=Simple Inc/CN=Simple Signing CA

ca/root-ca/db/root-ca.db.attr

@@ -0,0 +1 @@
+unique_subject = no

ca/root-ca/db/root-ca.db.attr.old

@@ -0,0 +1 @@
+unique_subject = no

ca/root-ca/db/root-ca.db.old

@@ -0,0 +1 @@
+V	351024134919Z		2A924BE5EB2B8BA5096D1DAF13A4B53D20830A2B	unknown	/DC=org/DC=simple/O=Simple Inc/CN=Simple Root CA

ca/root-ca/private/root-ca.key

@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQPz6DyCEMMiTsB8O8
+XBs3VQICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEKK5iLhWYyPvGkZZ
+uzBeGBsEggTQxjNhLLlc6fNUJUhO2A0xiWPtMefCEOcOKSq+n9EtmvzIEkgUptKG
+Z2cIJ054BVHBezOf4fF9jRqjKaOTkF0JUHAYjSGHL1UxgdNWSVTpaodDz4iKsXRC
+9BtOaEza2s3Z2Ffp6/h7cU5xig76L0dRRkEpOTi6e5Ta4vWnO0S/hfwUBs/Ymhf2
+qob5BL/8GWOdNdlgVcgZ7aEjsYg32MQbXQsjNuUMa8/P/GTv6xKUGV1H+9kDHg8e
+42Q84lNnVmFcNERwbH25ELvHyCBeZFMSHqeQ2NIP7LuPdLUHnMed86eQVBHWTvmd
+Kn8kU90cdqvCdHlyKEK7b2QXWz5mhoE6ijXmJxz7sqOXBRljpOIJBwBUoEb20huZ
+ajSDRAVqJbwHp9VRSx7bWwY11RcpBV8O8K0Z3axaQqJnZsunHqH7g7PbwMDxrZ17
+QCptadkDBE24HMOY2qi2/q9fzjTUC/O2fCO82dtiRDeyYm4hTX1E/BR99N17Btxm
++nSkhTSZYbk/7i1Rut3Oa/p36P93dYgXZUTSv0moduGcGYpiXyLSpnTY0vqmn77z
+hG7JaTlD7Zh0lM7LsEUTeKMyXGKs/zaY+ZOAzuLpkf/SaCfiZWiUnzPI+QEjz8Bi
+8POHYQvyCV6ojpn74+L/nw7zMGxMfJQ6gifG9dXg3rtttNs0DFbx4KtKdGPXMAiZ
+96s/odx2VhU7AAVs2NF4JQj0xmIbbZiTVG/PfUcU27goM6Q2YYM3CCqg4LXNRVIp
+Eam6iEWKyHD3QfRl4teKyt7OcQnHU6OH8usmUlLn9cSWmr503GTjrwUeyskzTndZ
+DYNPHNpcbHNp9y7Y9W208JFh4WseM60tP2Wv7owBj71DlIVe2OKUnYbcb3GgC0xH
+izFVoq5SdhoFsb+moQqOc0GXwXCW6ilUvy2W4ubZnWiZbI3rsj4P+6ZDFOUHeiu7
+nLkFNbxwoXQFr19Coi5+rqRQztgJVOTBd4nYd3lnBeZVk0goIN09giWk6LL55aG3
+usLDYX0uwT8PfRMj7BPZtVgZOxxhj17bORkhIkDxzvam0gX9oJsQFcqqKeulaJAT
+EneM9UGJJvHHC1h0e8A7CzHjZtqMxm81W2iSNfe4z4qiTFMEln5DU3jA5yz2g5C/
+yrPVyXiZ0XeJLxJtkanmeYphInwjARhaJNdridcYH+sWzs5gLgOGc+hKZf7Mszrq
+A7ZpHKA8cVxHeMLCW03wi4m3ENGPjvciZALMabu+2TSLSS6qGCD9zZJgKgNaf1BN
+sfj/tNx0+pJfJGmMPKV8thqGGyCEIVCj6zp3D0zhGWR3JqYrnOItqi8yOhJe1ArV
+KJQSMffByKkxyVYk1FTmJZ9/pxQDgc2lndfoqf75+aZ2RBr6f25j/vHvDzRsgIJy
+BAzZLO8FyPysudjbLgaHnOMAA+wZTqm8DReJ50kC4a3I/FOONWrk7NHVqpLRN25l
+OuysFQ2t/dysBmK0VOAJmK7WzO34mVN+qnvNymp4307UR03nL7N3YI5SSj86oS5/
+TVqZLXHsoK6fMwSqPv9pHSsjyohj6FdTo0zo9an5skfrThfltO7gArJ+GDxjEGxc
+TYliT6kENDeDZE7CZaR0+dN8SmSAwAX7g74z8UZsfi+ho+OUGGX/oq0=
+-----END ENCRYPTED PRIVATE KEY-----

ca/signing-ca.crt

@@ -0,0 +1,82 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            70:66:5c:1e:dd:25:21:b0:a5:90:89:af:93:f3:5e:78:e5:d6:84:8a
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: DC=org, DC=simple, O=Simple Inc, CN=Simple Root CA
+        Validity
+            Not Before: Oct 24 13:50:25 2025 GMT
+            Not After : Oct 24 13:50:25 2035 GMT
+        Subject: DC=org, DC=simple, O=Simple Inc, CN=Simple Signing CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:cd:57:70:66:95:5b:9e:c7:e0:8e:92:3c:8c:a5:
+                    f2:c1:de:e5:2b:ed:96:f6:04:4c:62:1e:91:e8:b0:
+                    29:22:88:ff:7f:7f:af:25:92:f7:e9:ca:ce:3a:3a:
+                    59:7b:9a:68:ab:dd:27:87:15:8d:3c:e2:88:bf:28:
+                    68:14:d8:6a:9a:e0:60:1d:61:c4:c1:c4:1f:9b:10:
+                    ea:d5:ee:ff:7a:97:93:d8:9d:fc:a3:92:ca:30:3f:
+                    c8:fc:3f:6b:ac:db:ba:fd:22:70:3e:d0:38:14:b2:
+                    b2:c4:6c:61:74:a0:ed:c7:6c:cf:e6:9d:df:aa:d8:
+                    ef:3d:ac:5f:6b:93:a7:a7:4f:d4:28:b1:d5:e2:01:
+                    6e:e3:0f:34:39:58:6c:e7:e7:e8:68:92:da:5d:d1:
+                    ef:c5:e5:7c:a7:28:2c:51:cd:d9:9d:1d:43:20:ad:
+                    f1:76:20:94:20:e4:72:b4:ed:e4:77:c8:00:c1:19:
+                    86:be:50:95:01:97:40:58:dc:3b:f2:69:ac:d7:b3:
+                    4b:c2:39:31:bf:13:f9:a4:96:49:e8:dc:07:49:a4:
+                    ab:20:0f:08:d1:45:a6:0a:57:bb:59:22:14:d9:bb:
+                    bd:17:d2:3a:06:95:80:14:a4:69:cc:b3:84:65:3b:
+                    bc:33:72:d5:45:0f:f4:90:50:4f:ac:57:81:2b:b0:
+                    6d:05
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Basic Constraints: critical
+                CA:TRUE, pathlen:0
+            X509v3 Subject Key Identifier: 
+                D7:7A:FE:65:8D:74:F3:F3:85:92:B5:F1:C3:55:3A:0B:6D:50:10:41
+            X509v3 Authority Key Identifier: 
+                DA:B2:3E:C6:6E:34:D2:0A:3C:FF:AC:A2:9D:17:24:A3:32:AB:DD:AB
+    Signature Algorithm: sha256WithRSAEncryption
+    Signature Value:
+        59:0f:a8:fa:9b:a6:5b:34:8b:c4:ea:44:02:f8:3c:08:62:45:
+        d4:87:48:24:20:50:8f:40:ca:3a:64:0d:98:04:f7:3c:a9:4c:
+        ca:92:4a:56:40:9a:45:28:fd:7b:f3:6b:2b:f2:7d:a0:d6:24:
+        e1:51:24:e5:5b:f1:e1:c5:8f:f4:06:a8:4f:2b:c3:58:ad:a6:
+        f8:32:80:d6:de:ca:46:97:f2:0f:07:9b:06:55:7c:db:a2:bf:
+        5c:1f:be:41:09:a8:34:c3:68:71:d2:dc:94:1a:63:24:2c:73:
+        65:92:47:74:82:3e:ba:74:07:c3:06:14:13:25:81:de:8c:f7:
+        c5:61:ca:c4:90:93:14:9a:50:eb:a1:03:6b:b0:1d:ad:4f:9b:
+        b8:14:8e:ba:d0:4d:c2:71:bb:19:2a:c1:ed:0e:19:00:87:38:
+        fb:3f:df:53:bf:42:b5:1f:f6:3b:dc:82:b4:a2:40:37:b4:96:
+        21:66:4a:f0:86:6b:3a:37:90:f0:2a:f6:94:70:3f:65:73:3c:
+        30:0d:c1:41:5c:e1:33:cd:c1:1f:d6:16:8b:fe:34:01:af:05:
+        e6:df:fa:f3:55:31:ac:0d:5c:15:7e:a4:f9:0d:70:c6:d8:c2:
+        40:e3:01:e3:59:af:86:35:fd:22:ce:cc:85:bb:dd:93:e9:7c:
+        e4:64:b3:14
+-----BEGIN CERTIFICATE-----
+MIIDrTCCApWgAwIBAgIUcGZcHt0lIbClkImvk/NeeOXWhIowDQYJKoZIhvcNAQEL
+BQAwWzETMBEGCgmSJomT8ixkARkWA29yZzEWMBQGCgmSJomT8ixkARkWBnNpbXBs
+ZTETMBEGA1UECgwKU2ltcGxlIEluYzEXMBUGA1UEAwwOU2ltcGxlIFJvb3QgQ0Ew
+HhcNMjUxMDI0MTM1MDI1WhcNMzUxMDI0MTM1MDI1WjBeMRMwEQYKCZImiZPyLGQB
+GRYDb3JnMRYwFAYKCZImiZPyLGQBGRYGc2ltcGxlMRMwEQYDVQQKDApTaW1wbGUg
+SW5jMRowGAYDVQQDDBFTaW1wbGUgU2lnbmluZyBDQTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAM1XcGaVW57H4I6SPIyl8sHe5SvtlvYETGIekeiwKSKI
+/39/ryWS9+nKzjo6WXuaaKvdJ4cVjTziiL8oaBTYaprgYB1hxMHEH5sQ6tXu/3qX
+k9id/KOSyjA/yPw/a6zbuv0icD7QOBSyssRsYXSg7cdsz+ad36rY7z2sX2uTp6dP
+1Cix1eIBbuMPNDlYbOfn6GiS2l3R78XlfKcoLFHN2Z0dQyCt8XYglCDkcrTt5HfI
+AMEZhr5QlQGXQFjcO/JprNezS8I5Mb8T+aSWSejcB0mkqyAPCNFFpgpXu1kiFNm7
+vRfSOgaVgBSkacyzhGU7vDNy1UUP9JBQT6xXgSuwbQUCAwEAAaNmMGQwDgYDVR0P
+AQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFNd6/mWNdPPz
+hZK18cNVOgttUBBBMB8GA1UdIwQYMBaAFNqyPsZuNNIKPP+sop0XJKMyq92rMA0G
+CSqGSIb3DQEBCwUAA4IBAQBZD6j6m6ZbNIvE6kQC+DwIYkXUh0gkIFCPQMo6ZA2Y
+BPc8qUzKkkpWQJpFKP1782sr8n2g1iThUSTlW/HhxY/0BqhPK8NYrab4MoDW3spG
+l/IPB5sGVXzbor9cH75BCag0w2hx0tyUGmMkLHNlkkd0gj66dAfDBhQTJYHejPfF
+YcrEkJMUmlDroQNrsB2tT5u4FI660E3CcbsZKsHtDhkAhzj7P99Tv0K1H/Y73IK0
+okA3tJYhZkrwhms6N5DwKvaUcD9lczwwDcFBXOEzzcEf1haL/jQBrwXm3/rzVTGs
+DVwVfqT5DXDG2MJA4wHjWa+GNf0izsyFu92T6XzkZLMU
+-----END CERTIFICATE-----

ca/signing-ca.csr

@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC9zCCAd8CAQAwXjETMBEGCgmSJomT8ixkARkWA29yZzEWMBQGCgmSJomT8ixk
+ARkWBnNpbXBsZTETMBEGA1UECgwKU2ltcGxlIEluYzEaMBgGA1UEAwwRU2ltcGxl
+IFNpZ25pbmcgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNV3Bm
+lVuex+COkjyMpfLB3uUr7Zb2BExiHpHosCkiiP9/f68lkvfpys46Oll7mmir3SeH
+FY084oi/KGgU2Gqa4GAdYcTBxB+bEOrV7v96l5PYnfyjksowP8j8P2us27r9InA+
+0DgUsrLEbGF0oO3HbM/mnd+q2O89rF9rk6enT9QosdXiAW7jDzQ5WGzn5+hoktpd
+0e/F5XynKCxRzdmdHUMgrfF2IJQg5HK07eR3yADBGYa+UJUBl0BY3DvyaazXs0vC
+OTG/E/mklkno3AdJpKsgDwjRRaYKV7tZIhTZu70X0joGlYAUpGnMs4RlO7wzctVF
+D/SQUE+sV4ErsG0FAgMBAAGgVDBSBgkqhkiG9w0BCQ4xRTBDMA4GA1UdDwEB/wQE
+AwIBBjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBTXev5ljXTz84WStfHD
+VToLbVAQQTANBgkqhkiG9w0BAQsFAAOCAQEAei+n50sS+liBhNZlR2Vz9TwFpGm5
+qrqu8RYDQjqLMHD1wHglhvB692dr+dNzPbtmfY6CGYgglsSJ+UzBbJxNxCfhG3cZ
+Hkum9cj1u02KqDGtyk+HPyzXoaYtj8Cg3QOwiS80Jc143asjeDXGx3DL759A+ya9
+doZiG6qpm7jpje9MvX9WUJ0xJW58NLTROTc7EmyWA4Dg/UJOWGYzCU3zrJRhW1sl
+iQJlQoUFx2r1SkEQOKmWYpLByvTzxNI1MjOov4ri2L1WQpkPj0JnJhJWuqg9w/JU
+zhttK428M4Hccn58Ny0xlO1vx9+TBlKhTPscdJDiVPoOmHU3ikrZZPAfZA==
+-----END CERTIFICATE REQUEST-----

ca/signing-ca/2C3928739ADF6A4B59724A907A463AF46DE9C119.pem

@@ -0,0 +1,87 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            2c:39:28:73:9a:df:6a:4b:59:72:4a:90:7a:46:3a:f4:6d:e9:c1:19
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: DC=org, DC=simple, O=Simple Inc, CN=Simple Signing CA
+        Validity
+            Not Before: Oct 24 13:52:07 2025 GMT
+            Not After : Oct 24 13:52:07 2027 GMT
+        Subject: DC=org, DC=simple, O=Simple Inc, CN=Simple
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:8f:16:6d:2c:43:29:37:e4:d8:a3:6e:0c:e9:11:
+                    63:f5:a5:b1:2c:bc:a1:2a:c8:43:66:04:0f:a0:c9:
+                    8e:d8:62:dd:29:33:2e:b8:35:21:1f:58:52:3b:f2:
+                    52:ad:87:de:7e:e5:e0:65:28:f5:8f:74:93:e2:bd:
+                    6c:59:4f:30:9f:27:f9:7a:9a:9b:f6:17:07:37:cf:
+                    79:d7:12:40:0a:3d:70:26:27:20:73:e9:a6:4e:98:
+                    e5:ff:d7:e1:69:ff:dd:79:50:79:b7:2b:d2:b7:7a:
+                    fb:18:0d:d5:c5:3a:20:3b:1e:f2:03:b3:8d:cf:7d:
+                    42:8d:86:cf:33:48:01:e2:0f:4e:4e:c1:d3:58:e0:
+                    d7:58:34:0e:a5:4f:3f:48:71:93:14:d0:70:9a:f0:
+                    7d:ff:ad:b0:25:a2:de:25:e4:4c:b0:0c:0e:a8:3c:
+                    c6:cb:52:20:e6:c8:3e:09:05:b9:8b:bf:03:0c:6f:
+                    c0:19:4e:6e:c1:13:1c:3b:1a:2e:9c:4a:c2:b7:10:
+                    b1:78:87:1b:31:11:3a:42:72:72:53:d2:7a:b9:74:
+                    54:0f:0d:32:eb:3e:a1:ee:4d:8e:61:aa:0c:8f:0e:
+                    bb:58:9f:f0:27:99:bc:d1:cb:13:14:0b:15:36:4e:
+                    97:d4:01:08:6c:05:55:ca:78:8d:90:f7:09:f1:6e:
+                    94:81
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: critical
+                Digital Signature, Key Encipherment
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication, TLS Web Client Authentication
+            X509v3 Subject Key Identifier: 
+                83:0D:B5:A2:0F:97:28:E1:3E:78:9D:18:6F:1F:9F:BC:B9:FB:85:56
+            X509v3 Authority Key Identifier: 
+                D7:7A:FE:65:8D:74:F3:F3:85:92:B5:F1:C3:55:3A:0B:6D:50:10:41
+            X509v3 Subject Alternative Name: 
+                DNS:www.simple.org
+    Signature Algorithm: sha256WithRSAEncryption
+    Signature Value:
+        86:70:a9:51:a3:52:d6:f5:8d:bb:c3:ef:40:a4:5d:42:9e:b7:
+        46:e4:ca:1a:4c:86:ec:20:25:5d:b5:52:ea:0f:63:f2:fd:77:
+        d5:8c:1d:9b:3d:c0:3f:a5:09:6c:b8:75:1d:f8:1c:47:2d:7a:
+        d6:4d:57:06:0d:8e:f4:c7:ef:07:59:5d:38:ed:e4:51:a1:c4:
+        30:9a:1f:7d:4a:87:ff:06:2f:98:fb:e2:cf:db:7f:f7:ec:bd:
+        b2:13:11:02:73:11:7a:89:f5:90:79:7f:03:df:01:7b:3e:af:
+        4e:92:d5:93:c6:8d:63:dd:3e:4f:ff:ca:6e:70:8c:4a:53:19:
+        52:75:22:1b:ab:37:a4:6a:03:aa:0f:48:a6:9c:6f:a3:47:cf:
+        0d:1a:ff:89:30:44:00:39:02:85:df:ef:4b:e5:64:64:5b:f4:
+        64:23:9e:d3:07:c0:00:3f:e4:18:f1:58:a6:52:a2:3d:ba:0f:
+        b6:39:6a:6a:fa:6b:50:4f:0f:79:1a:23:c2:03:df:66:8e:9e:
+        e7:e1:d9:97:51:b7:b2:ef:2d:25:27:6b:87:9e:ac:5b:4e:78:
+        bb:39:05:68:9a:7e:6e:66:82:b9:3e:30:be:dd:7a:34:9f:93:
+        2a:30:bc:bf:b2:44:e8:37:01:df:d4:c7:c9:a7:8d:19:f0:a1:
+        f1:a1:b0:42
+-----BEGIN CERTIFICATE-----
+MIID2DCCAsCgAwIBAgIULDkoc5rfaktZckqQekY69G3pwRkwDQYJKoZIhvcNAQEL
+BQAwXjETMBEGCgmSJomT8ixkARkWA29yZzEWMBQGCgmSJomT8ixkARkWBnNpbXBs
+ZTETMBEGA1UECgwKU2ltcGxlIEluYzEaMBgGA1UEAwwRU2ltcGxlIFNpZ25pbmcg
+Q0EwHhcNMjUxMDI0MTM1MjA3WhcNMjcxMDI0MTM1MjA3WjBTMRMwEQYKCZImiZPy
+LGQBGRYDb3JnMRYwFAYKCZImiZPyLGQBGRYGc2ltcGxlMRMwEQYDVQQKDApTaW1w
+bGUgSW5jMQ8wDQYDVQQDDAZTaW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQCPFm0sQyk35NijbgzpEWP1pbEsvKEqyENmBA+gyY7YYt0pMy64NSEf
+WFI78lKth95+5eBlKPWPdJPivWxZTzCfJ/l6mpv2Fwc3z3nXEkAKPXAmJyBz6aZO
+mOX/1+Fp/915UHm3K9K3evsYDdXFOiA7HvIDs43PfUKNhs8zSAHiD05OwdNY4NdY
+NA6lTz9IcZMU0HCa8H3/rbAlot4l5EywDA6oPMbLUiDmyD4JBbmLvwMMb8AZTm7B
+Exw7Gi6cSsK3ELF4hxsxETpCcnJT0nq5dFQPDTLrPqHuTY5hqgyPDrtYn/AnmbzR
+yxMUCxU2TpfUAQhsBVXKeI2Q9wnxbpSBAgMBAAGjgZgwgZUwDgYDVR0PAQH/BAQD
+AgWgMAkGA1UdEwQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0G
+A1UdDgQWBBSDDbWiD5co4T54nRhvH5+8ufuFVjAfBgNVHSMEGDAWgBTXev5ljXTz
+84WStfHDVToLbVAQQTAZBgNVHREEEjAQgg53d3cuc2ltcGxlLm9yZzANBgkqhkiG
+9w0BAQsFAAOCAQEAhnCpUaNS1vWNu8PvQKRdQp63RuTKGkyG7CAlXbVS6g9j8v13
+1Ywdmz3AP6UJbLh1HfgcRy161k1XBg2O9MfvB1ldOO3kUaHEMJoffUqH/wYvmPvi
+z9t/9+y9shMRAnMReon1kHl/A98Bez6vTpLVk8aNY90+T//KbnCMSlMZUnUiG6s3
+pGoDqg9Ippxvo0fPDRr/iTBEADkChd/vS+VkZFv0ZCOe0wfAAD/kGPFYplKiPboP
+tjlqavprUE8PeRojwgPfZo6e5+HZl1G3su8tJSdrh56sW054uzkFaJp+bmaCuT4w
+vt16NJ+TKjC8v7JE6DcB39THyaeNGfCh8aGwQg==
+-----END CERTIFICATE-----

ca/signing-ca/4B0890E47F3A4BDA3113B7019392EC4EEC3C6FC5.pem

@@ -0,0 +1,88 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            4b:08:90:e4:7f:3a:4b:da:31:13:b7:01:93:92:ec:4e:ec:3c:6f:c5
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: DC=org, DC=simple, O=Simple Inc, CN=Simple Signing CA
+        Validity
+            Not Before: Oct 24 14:05:59 2025 GMT
+            Not After : Oct 24 14:05:59 2027 GMT
+        Subject: C=FR, ST=Paris, L=Paris, O=LoLiLoL, CN=Barney/emailAddress=Barney@lolilol.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:c7:d5:79:79:f5:b3:d5:48:b1:bc:25:53:4c:6b:
+                    1e:21:d7:76:25:f5:9e:0d:c9:e6:9d:8b:2e:cf:e6:
+                    af:1d:92:34:72:5a:a3:bd:6c:4b:40:83:f3:3e:22:
+                    57:70:a1:23:47:ee:03:54:bf:50:e4:e2:fb:03:94:
+                    e6:2f:2a:50:28:10:9d:73:90:66:dc:bc:24:c6:96:
+                    44:2b:f7:b8:e0:e5:c0:40:10:9e:6a:fc:36:0e:ea:
+                    67:7f:7e:47:0a:d5:b4:e5:b7:64:ea:09:fd:fa:32:
+                    cc:c3:0e:1f:2a:1e:af:07:e5:03:32:49:43:ab:3d:
+                    d4:f5:58:e3:c7:59:76:70:04:9c:0a:ca:12:75:29:
+                    80:a8:7a:e5:3e:ed:99:34:de:24:53:69:15:e1:b4:
+                    72:11:0f:1f:c8:2d:fe:65:5d:85:31:5f:ed:d5:33:
+                    11:6d:28:e8:92:5b:c4:d4:90:43:b3:3f:9a:cf:28:
+                    3a:10:5e:8c:bc:92:fe:d2:79:dd:d3:2d:44:68:be:
+                    ff:98:81:07:d0:a8:2c:ad:f2:a8:14:5e:41:4b:f4:
+                    fb:08:e9:c4:b8:0f:e2:48:de:d3:f9:c9:b2:4d:e1:
+                    07:09:74:85:61:4f:8c:5b:9c:46:fb:43:7e:c1:35:
+                    7d:63:55:86:07:1e:c3:b7:12:7c:31:ff:ca:28:c6:
+                    13:5f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: critical
+                Digital Signature
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Subject Key Identifier: 
+                DD:19:55:95:C5:A8:26:A8:A5:BD:B1:26:2A:BE:F0:03:72:68:FB:89
+            X509v3 Authority Key Identifier: 
+                D7:7A:FE:65:8D:74:F3:F3:85:92:B5:F1:C3:55:3A:0B:6D:50:10:41
+            X509v3 Subject Alternative Name: 
+                email:Barney@lolilol.com
+    Signature Algorithm: sha256WithRSAEncryption
+    Signature Value:
+        02:5b:88:3a:ef:ac:25:64:39:e4:30:62:62:b2:f6:70:66:75:
+        5e:7d:7c:c7:4f:a2:74:d1:f0:66:eb:b0:87:f3:59:d2:83:be:
+        66:f8:9a:bf:15:68:9f:ad:13:4d:db:a3:7d:09:e6:f8:2b:a0:
+        8a:e7:37:2c:b7:94:32:5c:4b:3b:98:2d:b4:aa:20:c1:64:34:
+        51:c3:3e:40:ab:b6:f2:d1:dd:fc:e3:a2:bd:40:2a:50:fc:e5:
+        68:28:4f:07:90:6e:d2:3d:65:0d:bc:db:01:dd:fb:0d:39:c8:
+        1d:a8:75:53:4c:7d:cc:0f:ea:68:f9:7b:cb:22:56:41:3a:37:
+        f2:5b:1d:54:8e:59:a8:62:dd:43:f6:33:78:c4:81:75:c4:74:
+        96:2f:dd:13:14:cb:d6:b6:18:3e:60:41:6c:af:56:e8:9b:15:
+        d1:87:83:94:56:21:f2:0d:c9:d1:67:7e:d8:01:a6:dd:a8:eb:
+        dd:5e:b2:38:dc:36:b6:0a:c4:bb:13:04:69:f4:59:55:1e:9c:
+        20:70:c9:aa:38:f1:a3:7f:a5:2b:f6:3d:f4:f4:05:ef:46:3d:
+        93:73:04:c3:4e:de:de:4c:4d:f9:92:ec:67:16:c3:04:8d:c1:
+        87:5d:a7:c7:25:40:7c:5e:93:76:97:74:b7:3f:1f:cd:78:fd:
+        4e:d2:bc:11
+-----BEGIN CERTIFICATE-----
+MIID8jCCAtqgAwIBAgIUSwiQ5H86S9oxE7cBk5LsTuw8b8UwDQYJKoZIhvcNAQEL
+BQAwXjETMBEGCgmSJomT8ixkARkWA29yZzEWMBQGCgmSJomT8ixkARkWBnNpbXBs
+ZTETMBEGA1UECgwKU2ltcGxlIEluYzEaMBgGA1UEAwwRU2ltcGxlIFNpZ25pbmcg
+Q0EwHhcNMjUxMDI0MTQwNTU5WhcNMjcxMDI0MTQwNTU5WjBzMQswCQYDVQQGEwJG
+UjEOMAwGA1UECAwFUGFyaXMxDjAMBgNVBAcMBVBhcmlzMRAwDgYDVQQKDAdMb0xp
+TG9MMQ8wDQYDVQQDDAZCYXJuZXkxITAfBgkqhkiG9w0BCQEWEkJhcm5leUBsb2xp
+bG9sLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfVeXn1s9VI
+sbwlU0xrHiHXdiX1ng3J5p2LLs/mrx2SNHJao71sS0CD8z4iV3ChI0fuA1S/UOTi
++wOU5i8qUCgQnXOQZty8JMaWRCv3uODlwEAQnmr8Ng7qZ39+RwrVtOW3ZOoJ/foy
+zMMOHyoerwflAzJJQ6s91PVY48dZdnAEnArKEnUpgKh65T7tmTTeJFNpFeG0chEP
+H8gt/mVdhTFf7dUzEW0o6JJbxNSQQ7M/ms8oOhBejLyS/tJ53dMtRGi+/5iBB9Co
+LK3yqBReQUv0+wjpxLgP4kje0/nJsk3hBwl0hWFPjFucRvtDfsE1fWNVhgcew7cS
+fDH/yijGE18CAwEAAaOBkjCBjzAOBgNVHQ8BAf8EBAMCB4AwCQYDVR0TBAIwADAT
+BgNVHSUEDDAKBggrBgEFBQcDAjAdBgNVHQ4EFgQU3RlVlcWoJqilvbEmKr7wA3Jo
++4kwHwYDVR0jBBgwFoAU13r+ZY108/OFkrXxw1U6C21QEEEwHQYDVR0RBBYwFIES
+QmFybmV5QGxvbGlsb2wuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQACW4g676wlZDnk
+MGJisvZwZnVefXzHT6J00fBm67CH81nSg75m+Jq/FWifrRNN26N9Ceb4K6CK5zcs
+t5QyXEs7mC20qiDBZDRRwz5Aq7by0d3846K9QCpQ/OVoKE8HkG7SPWUNvNsB3fsN
+OcgdqHVTTH3MD+po+XvLIlZBOjfyWx1UjlmoYt1D9jN4xIF1xHSWL90TFMvWthg+
+YEFsr1bomxXRh4OUViHyDcnRZ37YAabdqOvdXrI43Da2CsS7EwRp9FlVHpwgcMmq
+OPGjf6Ur9j309AXvRj2TcwTDTt7eTE35kuxnFsMEjcGHXafHJUB8XpN2l3S3Px/N
+eP1O0rwR
+-----END CERTIFICATE-----

ca/signing-ca/db/signing-ca.crl.srl

@@ -0,0 +1 @@
+01

ca/signing-ca/db/signing-ca.crt.srl

@@ -0,0 +1 @@
+01

ca/signing-ca/db/signing-ca.db

@@ -0,0 +1,2 @@
+V	271024135207Z		2C3928739ADF6A4B59724A907A463AF46DE9C119	unknown	/DC=org/DC=simple/O=Simple Inc/CN=Simple
+V	271024140559Z		4B0890E47F3A4BDA3113B7019392EC4EEC3C6FC5	unknown	/C=FR/ST=Paris/L=Paris/O=LoLiLoL/CN=Barney/emailAddress=Barney@lolilol.com

ca/signing-ca/db/signing-ca.db.attr

@@ -0,0 +1 @@
+unique_subject = no

ca/signing-ca/db/signing-ca.db.attr.old

@@ -0,0 +1 @@
+unique_subject = no

ca/signing-ca/db/signing-ca.db.old

@@ -0,0 +1 @@
+V	271024135207Z		2C3928739ADF6A4B59724A907A463AF46DE9C119	unknown	/DC=org/DC=simple/O=Simple Inc/CN=Simple

ca/signing-ca/private/signing-ca.key

@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQ1bbvoC4QJNqOKxCH
+oSXIQAICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEIoL3gD6+ksCQQMc
+mUKsCRUEggTQtzrwva2nTG9OFOpMgMnJn+95A4Px3iCgAH+PLb+xtwJ7NCWKhpAM
+2Gj7ezSTrhwf99CjYhhiYcuGUcigG6XkW8fcgjSSQ9vnywebG5GbmndV4FgY+cty
+lzhz1SWvV2IwW3M1XtGH6MOb8RI2s3bp9RgvUduN81VJKhISBl7o0K/X6CyhkiDq
+TTkaRAwTxej4ZZDxjJ2mo2HFnFX9FGFQUbnE/IAwsAb3+c0xKXo3Fj+y/RICexLD
+zMGKbsUhzw4k53oZEBeHKB+31XrrvN8Dzxj3KL8ywHliZnQaAZs61ELcPQuDYl4B
+XJwp2WyEV39VQmvTW2ECcMIP9fE5M3ivRDGvA1O4gGjmHAkotH3i6OvW56kYMCVQ
+zFZhelI6+aD97741Chio5x2gSPtvdfsvIr4avj7BxFOUscC2mrGvDhLWUOM78Xd9
+X2y9ZzdUrZ/NXdmnj3e4Fd/T9XH6INt3XU6Jdt49AoW+RUA3uKZAZhLiapoIAdeE
+FAIQMWlnBZFqZNql0hyJi5UJ4ccW+0+5I8AHg/eJbrHnDS39zZOKP+I3JIf/+2q+
+C4MmLKDa9nXvRYD7dpxOGyOwvDAtYmTLAZaYYHxX7qjT5E49eluzsR/lt880ROZY
+LPxb5eOV8IvJ9d/ONXHCIOAoDqGI/c38o8/qO0WH2+EFSdvKoTs7GX5Tni8YaUGy
+vlES9tOtU5kfCE4IzToFHWJkMTQVg5AkFxrpBZPelu4+ogCWyzCeoBfdywPGVHQk
+M/BX5JaI66PIBUuc6nVmpEDlCRNy1hipivgD9A3VkpKwLkqQlXHA91N8NrOdbESG
+2CQxltg1g93RxdQBhUcp+SJ0iliqTGFBxvdfjmDjd9TLSsYLOTHvVpCqDwvbJ7nN
+paSeYOxkZ1mGHYpCvavRY0dtXZyFliwQO8wPPccav4DtsbyDKMG57GSmW3PdNIUN
+hD6w4aM/VOgVdBjm+Euu6yTcTcR591mriVe9Y7Ph3pBB9a6CrASdvNPMaoSXCAT3
+Tjtgj+0xLksWS6GWgyTEOjw8xy5/yKF5bVJpd8ocj2Dm1bnWgzmqgC8ThRc8Hv7w
+ZWL9eVLUht3A+XKAiIKqOjGDK7tBOJAQ7bxfiyfLsovmRWb8aRfZpFOpRRG3Iw/V
+fxWjrx1khk4RXP+lt02zIugiW4N861s2HjiNzAiPLDpTxkjpcPYUZ11EFa8SH2IG
+acGcdQzkTf1ZVKaP9UeGdX7eSHWDb+xOvH1ADT++NAKM2WDYdCBGuTkB2Au1kV09
+nXOb/EgXwsDVJtBwxRTYiw7obIDIrUdXMH6DWrRFQKMWzwviimoJfwL2nfEhmoiM
+qe9FMHF/x7+wNuzsPOAtBpBqfovx5sqW4Ic78J3+anulRX3TaslVLvCDDc6LnDQv
+k9QhE3oYFlDdZTsSGcmvOwB8vVBErZGkDbirS34ex3N1FXmwtEk3yj18Clvus+ce
++B22sRbsdkbt9jw2vxKEhjmkB2xzuvYHgLVKOuGVXtBVO6CbKMcFCQyTd/0TMAPn
+SoD0QxqkvEcxCY/KUaGad+rs1H9e3dsPhlPYKvKa5E2FS1sKTSYoj9+t1Kzm0fw3
+BJsGozL1SDNBhzCDYdE2XG7B1nb1BZxz7snlus0WUb3IEMPGp53aCyk=
+-----END ENCRYPTED PRIVATE KEY-----

certs/barney.crt

@@ -0,0 +1,88 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            4b:08:90:e4:7f:3a:4b:da:31:13:b7:01:93:92:ec:4e:ec:3c:6f:c5
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: DC=org, DC=simple, O=Simple Inc, CN=Simple Signing CA
+        Validity
+            Not Before: Oct 24 14:05:59 2025 GMT
+            Not After : Oct 24 14:05:59 2027 GMT
+        Subject: C=FR, ST=Paris, L=Paris, O=LoLiLoL, CN=Barney/emailAddress=Barney@lolilol.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:c7:d5:79:79:f5:b3:d5:48:b1:bc:25:53:4c:6b:
+                    1e:21:d7:76:25:f5:9e:0d:c9:e6:9d:8b:2e:cf:e6:
+                    af:1d:92:34:72:5a:a3:bd:6c:4b:40:83:f3:3e:22:
+                    57:70:a1:23:47:ee:03:54:bf:50:e4:e2:fb:03:94:
+                    e6:2f:2a:50:28:10:9d:73:90:66:dc:bc:24:c6:96:
+                    44:2b:f7:b8:e0:e5:c0:40:10:9e:6a:fc:36:0e:ea:
+                    67:7f:7e:47:0a:d5:b4:e5:b7:64:ea:09:fd:fa:32:
+                    cc:c3:0e:1f:2a:1e:af:07:e5:03:32:49:43:ab:3d:
+                    d4:f5:58:e3:c7:59:76:70:04:9c:0a:ca:12:75:29:
+                    80:a8:7a:e5:3e:ed:99:34:de:24:53:69:15:e1:b4:
+                    72:11:0f:1f:c8:2d:fe:65:5d:85:31:5f:ed:d5:33:
+                    11:6d:28:e8:92:5b:c4:d4:90:43:b3:3f:9a:cf:28:
+                    3a:10:5e:8c:bc:92:fe:d2:79:dd:d3:2d:44:68:be:
+                    ff:98:81:07:d0:a8:2c:ad:f2:a8:14:5e:41:4b:f4:
+                    fb:08:e9:c4:b8:0f:e2:48:de:d3:f9:c9:b2:4d:e1:
+                    07:09:74:85:61:4f:8c:5b:9c:46:fb:43:7e:c1:35:
+                    7d:63:55:86:07:1e:c3:b7:12:7c:31:ff:ca:28:c6:
+                    13:5f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: critical
+                Digital Signature
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Subject Key Identifier: 
+                DD:19:55:95:C5:A8:26:A8:A5:BD:B1:26:2A:BE:F0:03:72:68:FB:89
+            X509v3 Authority Key Identifier: 
+                D7:7A:FE:65:8D:74:F3:F3:85:92:B5:F1:C3:55:3A:0B:6D:50:10:41
+            X509v3 Subject Alternative Name: 
+                email:Barney@lolilol.com
+    Signature Algorithm: sha256WithRSAEncryption
+    Signature Value:
+        02:5b:88:3a:ef:ac:25:64:39:e4:30:62:62:b2:f6:70:66:75:
+        5e:7d:7c:c7:4f:a2:74:d1:f0:66:eb:b0:87:f3:59:d2:83:be:
+        66:f8:9a:bf:15:68:9f:ad:13:4d:db:a3:7d:09:e6:f8:2b:a0:
+        8a:e7:37:2c:b7:94:32:5c:4b:3b:98:2d:b4:aa:20:c1:64:34:
+        51:c3:3e:40:ab:b6:f2:d1:dd:fc:e3:a2:bd:40:2a:50:fc:e5:
+        68:28:4f:07:90:6e:d2:3d:65:0d:bc:db:01:dd:fb:0d:39:c8:
+        1d:a8:75:53:4c:7d:cc:0f:ea:68:f9:7b:cb:22:56:41:3a:37:
+        f2:5b:1d:54:8e:59:a8:62:dd:43:f6:33:78:c4:81:75:c4:74:
+        96:2f:dd:13:14:cb:d6:b6:18:3e:60:41:6c:af:56:e8:9b:15:
+        d1:87:83:94:56:21:f2:0d:c9:d1:67:7e:d8:01:a6:dd:a8:eb:
+        dd:5e:b2:38:dc:36:b6:0a:c4:bb:13:04:69:f4:59:55:1e:9c:
+        20:70:c9:aa:38:f1:a3:7f:a5:2b:f6:3d:f4:f4:05:ef:46:3d:
+        93:73:04:c3:4e:de:de:4c:4d:f9:92:ec:67:16:c3:04:8d:c1:
+        87:5d:a7:c7:25:40:7c:5e:93:76:97:74:b7:3f:1f:cd:78:fd:
+        4e:d2:bc:11
+-----BEGIN CERTIFICATE-----
+MIID8jCCAtqgAwIBAgIUSwiQ5H86S9oxE7cBk5LsTuw8b8UwDQYJKoZIhvcNAQEL
+BQAwXjETMBEGCgmSJomT8ixkARkWA29yZzEWMBQGCgmSJomT8ixkARkWBnNpbXBs
+ZTETMBEGA1UECgwKU2ltcGxlIEluYzEaMBgGA1UEAwwRU2ltcGxlIFNpZ25pbmcg
+Q0EwHhcNMjUxMDI0MTQwNTU5WhcNMjcxMDI0MTQwNTU5WjBzMQswCQYDVQQGEwJG
+UjEOMAwGA1UECAwFUGFyaXMxDjAMBgNVBAcMBVBhcmlzMRAwDgYDVQQKDAdMb0xp
+TG9MMQ8wDQYDVQQDDAZCYXJuZXkxITAfBgkqhkiG9w0BCQEWEkJhcm5leUBsb2xp
+bG9sLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfVeXn1s9VI
+sbwlU0xrHiHXdiX1ng3J5p2LLs/mrx2SNHJao71sS0CD8z4iV3ChI0fuA1S/UOTi
++wOU5i8qUCgQnXOQZty8JMaWRCv3uODlwEAQnmr8Ng7qZ39+RwrVtOW3ZOoJ/foy
+zMMOHyoerwflAzJJQ6s91PVY48dZdnAEnArKEnUpgKh65T7tmTTeJFNpFeG0chEP
+H8gt/mVdhTFf7dUzEW0o6JJbxNSQQ7M/ms8oOhBejLyS/tJ53dMtRGi+/5iBB9Co
+LK3yqBReQUv0+wjpxLgP4kje0/nJsk3hBwl0hWFPjFucRvtDfsE1fWNVhgcew7cS
+fDH/yijGE18CAwEAAaOBkjCBjzAOBgNVHQ8BAf8EBAMCB4AwCQYDVR0TBAIwADAT
+BgNVHSUEDDAKBggrBgEFBQcDAjAdBgNVHQ4EFgQU3RlVlcWoJqilvbEmKr7wA3Jo
++4kwHwYDVR0jBBgwFoAU13r+ZY108/OFkrXxw1U6C21QEEEwHQYDVR0RBBYwFIES
+QmFybmV5QGxvbGlsb2wuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQACW4g676wlZDnk
+MGJisvZwZnVefXzHT6J00fBm67CH81nSg75m+Jq/FWifrRNN26N9Ceb4K6CK5zcs
+t5QyXEs7mC20qiDBZDRRwz5Aq7by0d3846K9QCpQ/OVoKE8HkG7SPWUNvNsB3fsN
+OcgdqHVTTH3MD+po+XvLIlZBOjfyWx1UjlmoYt1D9jN4xIF1xHSWL90TFMvWthg+
+YEFsr1bomxXRh4OUViHyDcnRZ37YAabdqOvdXrI43Da2CsS7EwRp9FlVHpwgcMmq
+OPGjf6Ur9j309AXvRj2TcwTDTt7eTE35kuxnFsMEjcGHXafHJUB8XpN2l3S3Px/N
+eP1O0rwR
+-----END CERTIFICATE-----

certs/barney.csr

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIDLDCCAhQCAQAwczELMAkGA1UEBhMCRlIxDjAMBgNVBAgMBVBhcmlzMQ4wDAYD
+VQQHDAVQYXJpczEQMA4GA1UECgwHTG9MaUxvTDEPMA0GA1UEAwwGQmFybmV5MSEw
+HwYJKoZIhvcNAQkBFhJCYXJuZXlAbG9saWxvbC5jb20wggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDH1Xl59bPVSLG8JVNMax4h13Yl9Z4Nyeadiy7P5q8d
+kjRyWqO9bEtAg/M+IldwoSNH7gNUv1Dk4vsDlOYvKlAoEJ1zkGbcvCTGlkQr97jg
+5cBAEJ5q/DYO6md/fkcK1bTlt2TqCf36MszDDh8qHq8H5QMySUOrPdT1WOPHWXZw
+BJwKyhJ1KYCoeuU+7Zk03iRTaRXhtHIRDx/ILf5lXYUxX+3VMxFtKOiSW8TUkEOz
+P5rPKDoQXoy8kv7Sed3TLURovv+YgQfQqCyt8qgUXkFL9PsI6cS4D+JI3tP5ybJN
+4QcJdIVhT4xbnEb7Q37BNX1jVYYHHsO3Enwx/8ooxhNfAgMBAAGgdDByBgkqhkiG
+9w0BCQ4xZTBjMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAjAd
+BgNVHQ4EFgQU3RlVlcWoJqilvbEmKr7wA3Jo+4kwHQYDVR0RBBYwFIESQmFybmV5
+QGxvbGlsb2wuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQBQBNIWRsAYKFAOvyFeh3Sq
+Krc1rtJQzqHOiiqIKkLwm2rab2C5RooXA1jZ7CI/OLXSIN9eyb18uUza0E801xgK
+VLe8iOr0xojpO8oLYrBUUwj014aoLiNjwoLsfQ1FgcccSjMe1efGLYb08RpR/uvx
+1JL6pHAhg8/Jnt/2KU6VsVdEErHhu+EltJc0pzlHYCcOUDYlznPwAvCg0Z3/3xqu
+MpxPLI8KnkOnoJYAEVKc6qPTBqMpMuheYGzav1oHATQsTcrk17ELM4GA5eJuZPiH
+o4k4NCusK6VJsKh1L2puACe5OwrG1MRxEkwmEKM0mVluxXkbLYA/AB/90ni6ucZk
+-----END CERTIFICATE REQUEST-----

certs/barney.key

@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQCJHGxV/mC+Fvab7F
+HrUx6wICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEHMd3ChJ90iMFT3y
+XL54LUIEggTQAfexKPo9zoz/+y7opfU7fKDEo53Qt8QK9zUagntv1ktOboNXwswU
+7qu/iKH9UPlgkmndCK8oMS8spywsvqYb2yKhjbxhm5f0njxKP7axb+O+RlCk8QoF
+fzbdnvcf9l5KTNz4XtzdK1bmt1Hopq9kO3ELJkvH7lhzSKYRf+WikaXrRecNsfqf
+xNIzsPQebCSCgGj460CiW2CEuKC6UXto98MTArIE3l7QjRjEINrlBNBUfJVhOaDK
+7RBbkbwC69ISsMH2WEJ04DmejSveo/jHkKU7rD7qlnCcCVBF6VhsBKQKJSeqAdNA
+781JYdokySQMNycAdlwXJE25Z5zgey9gdE2CpRfXvAgAUBN9JgJP48qInjfPvxqi
+kJwH4ykjVm75CnxcrD8DsF7+njr2Aiboeb96eXus/vtmUjXexIdlYSq6ZwcnBSq2
+9HW95y1DHh3zZYN1e/gm0hWWoRfF/44lMvcZ346jkT8atxJQJcTvTvTRix0HFh3l
+SatFPHn0Eu8kDvzUhuHWPkyZSErW1nmhHYiYL7SSM/iov1sgAAX7aunDZ+x+pSxe
+JlzCmxwZDI4pHmvuSTKR+JuXmbD3/0VMUstJGWXe91T1iHJQIlYH63IOQ9mhPD1v
+ox15KB2KMCEuPHa3ddc5kCxTlHKD4+eQLl1V5bGtHhC4L8fDtD4ZsLgVCaBJG0lH
+lSIdbJ0LWAAbD2W5R8+1jQFq5WcK9nb9ujyhQhCwBAI4pEQKPtGM0t/PqyaBV5mh
+VK61q9avYkeLX9+KW1YZGPW7Br9fmTGmqUODhDbnPqjDbpZKnbDTuiWkk3BIfKR7
+vdnG7d0OuFj3bePq/vsyoowRdJ7v2PvPWkZeuAEUANxWw0xX69VXYyIvotjMupQc
+O7v5zAVF/b60WhMpuIqH+VGkDisFlg0dq6XjqnNFqnOyO4NHfUv4vSyaQfYoDZ9L
++kHcWV9OtZYpQFxwfkRZRYhHH4FrcPoWJgoR+r0xZsnrRu46DDve4k6B3eqEwO+v
+rm7KiFrdU5WCM2yyfMf2OuMjrIu/Juk3IVGZYVfaMaMlHroLA8Jg9C/tsN13IeCy
+jT4Qjy6Y2of/mklKw/aGS466rXlLPevaULeNy6v+4aX+FJChWmznzRxMEKQVOHAb
+8MCBjTGzoP6XN+RpU9Gq0/Bwd2eLxrP8fsk6SjKYj+AK4POAvpBRJggYrAlvy5p7
+7QdD7K0dAlvUtcrbkEVJr3Co9MYZ2Z+zzjFeMZRvXeTzENjO5/+W3WdZFLjrgTu3
+tSBPdXNslywt7FHimLog6IUc/QYae7x+mirhUmFapAV0ZZM7px6Ar123GBhnPUsd
+ECor6oEVTOu/QqMlRkpyxPKOQxqRatTThB+x4kGLrxirim9yqUo8ZOeE0zBAf/0G
+IxsN/Q/woRBFSumOSmXA4kiy91K82rjPtzqyZunLDvdyOyLwKDCRgo8lvq95CSYJ
+GX6nXEtz7wZX7+PDmS9cPsDKB8M0mRhfGSDfL4mpzvBOA5hgraTJ8Awd8Caw8FnS
+iIvNmFTA2cQVdZDShxB3ZFUKc1T5Ca/OYgnfy012tPVR/R4nN42M0JICuvKN9fck
+uCytFJaEcrTYxLS2fHXOpgMmqkmU4pNNDs6D/BWgiJGdDD0gRWLvmRA=
+-----END ENCRYPTED PRIVATE KEY-----

certs/simple-org.crt

@@ -0,0 +1,87 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            2c:39:28:73:9a:df:6a:4b:59:72:4a:90:7a:46:3a:f4:6d:e9:c1:19
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: DC=org, DC=simple, O=Simple Inc, CN=Simple Signing CA
+        Validity
+            Not Before: Oct 24 13:52:07 2025 GMT
+            Not After : Oct 24 13:52:07 2027 GMT
+        Subject: DC=org, DC=simple, O=Simple Inc, CN=Simple
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:8f:16:6d:2c:43:29:37:e4:d8:a3:6e:0c:e9:11:
+                    63:f5:a5:b1:2c:bc:a1:2a:c8:43:66:04:0f:a0:c9:
+                    8e:d8:62:dd:29:33:2e:b8:35:21:1f:58:52:3b:f2:
+                    52:ad:87:de:7e:e5:e0:65:28:f5:8f:74:93:e2:bd:
+                    6c:59:4f:30:9f:27:f9:7a:9a:9b:f6:17:07:37:cf:
+                    79:d7:12:40:0a:3d:70:26:27:20:73:e9:a6:4e:98:
+                    e5:ff:d7:e1:69:ff:dd:79:50:79:b7:2b:d2:b7:7a:
+                    fb:18:0d:d5:c5:3a:20:3b:1e:f2:03:b3:8d:cf:7d:
+                    42:8d:86:cf:33:48:01:e2:0f:4e:4e:c1:d3:58:e0:
+                    d7:58:34:0e:a5:4f:3f:48:71:93:14:d0:70:9a:f0:
+                    7d:ff:ad:b0:25:a2:de:25:e4:4c:b0:0c:0e:a8:3c:
+                    c6:cb:52:20:e6:c8:3e:09:05:b9:8b:bf:03:0c:6f:
+                    c0:19:4e:6e:c1:13:1c:3b:1a:2e:9c:4a:c2:b7:10:
+                    b1:78:87:1b:31:11:3a:42:72:72:53:d2:7a:b9:74:
+                    54:0f:0d:32:eb:3e:a1:ee:4d:8e:61:aa:0c:8f:0e:
+                    bb:58:9f:f0:27:99:bc:d1:cb:13:14:0b:15:36:4e:
+                    97:d4:01:08:6c:05:55:ca:78:8d:90:f7:09:f1:6e:
+                    94:81
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: critical
+                Digital Signature, Key Encipherment
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication, TLS Web Client Authentication
+            X509v3 Subject Key Identifier: 
+                83:0D:B5:A2:0F:97:28:E1:3E:78:9D:18:6F:1F:9F:BC:B9:FB:85:56
+            X509v3 Authority Key Identifier: 
+                D7:7A:FE:65:8D:74:F3:F3:85:92:B5:F1:C3:55:3A:0B:6D:50:10:41
+            X509v3 Subject Alternative Name: 
+                DNS:www.simple.org
+    Signature Algorithm: sha256WithRSAEncryption
+    Signature Value:
+        86:70:a9:51:a3:52:d6:f5:8d:bb:c3:ef:40:a4:5d:42:9e:b7:
+        46:e4:ca:1a:4c:86:ec:20:25:5d:b5:52:ea:0f:63:f2:fd:77:
+        d5:8c:1d:9b:3d:c0:3f:a5:09:6c:b8:75:1d:f8:1c:47:2d:7a:
+        d6:4d:57:06:0d:8e:f4:c7:ef:07:59:5d:38:ed:e4:51:a1:c4:
+        30:9a:1f:7d:4a:87:ff:06:2f:98:fb:e2:cf:db:7f:f7:ec:bd:
+        b2:13:11:02:73:11:7a:89:f5:90:79:7f:03:df:01:7b:3e:af:
+        4e:92:d5:93:c6:8d:63:dd:3e:4f:ff:ca:6e:70:8c:4a:53:19:
+        52:75:22:1b:ab:37:a4:6a:03:aa:0f:48:a6:9c:6f:a3:47:cf:
+        0d:1a:ff:89:30:44:00:39:02:85:df:ef:4b:e5:64:64:5b:f4:
+        64:23:9e:d3:07:c0:00:3f:e4:18:f1:58:a6:52:a2:3d:ba:0f:
+        b6:39:6a:6a:fa:6b:50:4f:0f:79:1a:23:c2:03:df:66:8e:9e:
+        e7:e1:d9:97:51:b7:b2:ef:2d:25:27:6b:87:9e:ac:5b:4e:78:
+        bb:39:05:68:9a:7e:6e:66:82:b9:3e:30:be:dd:7a:34:9f:93:
+        2a:30:bc:bf:b2:44:e8:37:01:df:d4:c7:c9:a7:8d:19:f0:a1:
+        f1:a1:b0:42
+-----BEGIN CERTIFICATE-----
+MIID2DCCAsCgAwIBAgIULDkoc5rfaktZckqQekY69G3pwRkwDQYJKoZIhvcNAQEL
+BQAwXjETMBEGCgmSJomT8ixkARkWA29yZzEWMBQGCgmSJomT8ixkARkWBnNpbXBs
+ZTETMBEGA1UECgwKU2ltcGxlIEluYzEaMBgGA1UEAwwRU2ltcGxlIFNpZ25pbmcg
+Q0EwHhcNMjUxMDI0MTM1MjA3WhcNMjcxMDI0MTM1MjA3WjBTMRMwEQYKCZImiZPy
+LGQBGRYDb3JnMRYwFAYKCZImiZPyLGQBGRYGc2ltcGxlMRMwEQYDVQQKDApTaW1w
+bGUgSW5jMQ8wDQYDVQQDDAZTaW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQCPFm0sQyk35NijbgzpEWP1pbEsvKEqyENmBA+gyY7YYt0pMy64NSEf
+WFI78lKth95+5eBlKPWPdJPivWxZTzCfJ/l6mpv2Fwc3z3nXEkAKPXAmJyBz6aZO
+mOX/1+Fp/915UHm3K9K3evsYDdXFOiA7HvIDs43PfUKNhs8zSAHiD05OwdNY4NdY
+NA6lTz9IcZMU0HCa8H3/rbAlot4l5EywDA6oPMbLUiDmyD4JBbmLvwMMb8AZTm7B
+Exw7Gi6cSsK3ELF4hxsxETpCcnJT0nq5dFQPDTLrPqHuTY5hqgyPDrtYn/AnmbzR
+yxMUCxU2TpfUAQhsBVXKeI2Q9wnxbpSBAgMBAAGjgZgwgZUwDgYDVR0PAQH/BAQD
+AgWgMAkGA1UdEwQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0G
+A1UdDgQWBBSDDbWiD5co4T54nRhvH5+8ufuFVjAfBgNVHSMEGDAWgBTXev5ljXTz
+84WStfHDVToLbVAQQTAZBgNVHREEEjAQgg53d3cuc2ltcGxlLm9yZzANBgkqhkiG
+9w0BAQsFAAOCAQEAhnCpUaNS1vWNu8PvQKRdQp63RuTKGkyG7CAlXbVS6g9j8v13
+1Ywdmz3AP6UJbLh1HfgcRy161k1XBg2O9MfvB1ldOO3kUaHEMJoffUqH/wYvmPvi
+z9t/9+y9shMRAnMReon1kHl/A98Bez6vTpLVk8aNY90+T//KbnCMSlMZUnUiG6s3
+pGoDqg9Ippxvo0fPDRr/iTBEADkChd/vS+VkZFv0ZCOe0wfAAD/kGPFYplKiPboP
+tjlqavprUE8PeRojwgPfZo6e5+HZl1G3su8tJSdrh56sW054uzkFaJp+bmaCuT4w
+vt16NJ+TKjC8v7JE6DcB39THyaeNGfCh8aGwQg==
+-----END CERTIFICATE-----

certs/simple-org.csr

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIDEjCCAfoCAQAwUzETMBEGCgmSJomT8ixkARkWA29yZzEWMBQGCgmSJomT8ixk
+ARkWBnNpbXBsZTETMBEGA1UECgwKU2ltcGxlIEluYzEPMA0GA1UEAwwGU2ltcGxl
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjxZtLEMpN+TYo24M6RFj
+9aWxLLyhKshDZgQPoMmO2GLdKTMuuDUhH1hSO/JSrYfefuXgZSj1j3ST4r1sWU8w
+nyf5epqb9hcHN8951xJACj1wJicgc+mmTpjl/9fhaf/deVB5tyvSt3r7GA3VxTog
+Ox7yA7ONz31CjYbPM0gB4g9OTsHTWODXWDQOpU8/SHGTFNBwmvB9/62wJaLeJeRM
+sAwOqDzGy1Ig5sg+CQW5i78DDG/AGU5uwRMcOxounErCtxCxeIcbMRE6QnJyU9J6
+uXRUDw0y6z6h7k2OYaoMjw67WJ/wJ5m80csTFAsVNk6X1AEIbAVVyniNkPcJ8W6U
+gQIDAQABoHoweAYJKoZIhvcNAQkOMWswaTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0l
+BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBSDDbWiD5co4T54nRhv
+H5+8ufuFVjAZBgNVHREEEjAQgg53d3cuc2ltcGxlLm9yZzANBgkqhkiG9w0BAQsF
+AAOCAQEAROxIUVaXvOfwYxYlgWAMsWGbt8l8FYRtr+nDf4jg1d1SJXgTqftYoJXI
+1aHjjVdDleM/p2Cd97EcQzO3Rk66RL7XMKCN6sENJBNyT4mUK1cQWHrq3LB3MJCM
+clf/qX8hh2spIeWLT9SHxvDGJUitXBlqPkI8HOsFSFD1zYGO1GexPRVbi7/jkCSU
+mmZiwRavJ0a8s02Ua940jC9LyDayck8pFJzaYxFJ2jNMYK4rfQsNxMBDKow3/ufb
+4Rr+2ESLvqx8Ndo4Zj1SnNTywIV4UUFS9y18B635LWvJenGAjsFE3oTzYqoknhzT
+cXz1bDY6dPJH68X6rupsCmG2uE7Wpg==
+-----END CERTIFICATE REQUEST-----

certs/simple-org.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCPFm0sQyk35Nij
+bgzpEWP1pbEsvKEqyENmBA+gyY7YYt0pMy64NSEfWFI78lKth95+5eBlKPWPdJPi
+vWxZTzCfJ/l6mpv2Fwc3z3nXEkAKPXAmJyBz6aZOmOX/1+Fp/915UHm3K9K3evsY
+DdXFOiA7HvIDs43PfUKNhs8zSAHiD05OwdNY4NdYNA6lTz9IcZMU0HCa8H3/rbAl
+ot4l5EywDA6oPMbLUiDmyD4JBbmLvwMMb8AZTm7BExw7Gi6cSsK3ELF4hxsxETpC
+cnJT0nq5dFQPDTLrPqHuTY5hqgyPDrtYn/AnmbzRyxMUCxU2TpfUAQhsBVXKeI2Q
+9wnxbpSBAgMBAAECggEAAfhul3HzUtw5aYK99cWyCTN3baTJWWP5naGHr5CnAW7X
+GdalGY9NvfdC5qVvIwmgdEHpJat7OjcCRFiUceRnyIFN67TOWgS2KjwWsvIC5ME0
+1qmqRj5c9m8fl7ba2VFXNPD5RB7731/3rjyeiYFD6VyDO67Q0J8qd/V3y/59XCYR
+ifYhQCp8AM9/rYaiYJ9YMjqJqMjFj4Q4NH5TAehlOTBDLcgSWeRrBXLnyFr4zhcO
+xmYLUFMiCxFWcI17fsGQlda2mBclLhHTcaFEMjO0UuA0gwZ+YrLnfP6fHTY2kwp7
+rywI0PWwzpyHCnZNcF1QxwgJOfei4hGkUqlOrUFnYQKBgQDBfpklHT6QgLmiblx+
+o5aFAwJ41wW9qQ4X3b7VxwhhPpoP+ygS8EUkxngPJahZ8rA5qWH+DJ4LDku3RQ64
+hE0O1P08NnlWg76XXrZmocRV5iu016PDMWEMySeelvRUQAYH8MFH+WDEMK51Mm6L
+RwURuXN6pTWzLHNdFo0dQF8e+QKBgQC9T1S6oUIRtttvwNvNwtw9s/1eyHmdytfW
+e6ZWT21l9X3N3+0YR8Gy1rmjQVMdxaF5sRxOWtn7ihujZYs8KP5QoXWfS30G2ZJQ
+N1qEZn0wJhpq9VF+I023NmuLJBxSi7hctGUdDHcoe0piUP24H5QV0bTEYSi+7LpV
+sWf8IhMbyQKBgQCCGj+bBvjkbMllAFPNCu3Qbd+hpOLFTgCd54nDcFqgGFm62SNu
+6IN1YMWlWarDID2B5/Rtv8ocoPYkOpjVVJADow7LB826cEccvKBkjezX3TYSGNSS
+EIey8yZiqhmK9KmZeTZc0L9R63HCd7CAkbZE3q9ZDfD3krHXK6yiuH+88QKBgQCV
+eGqcxLAmzmrqDKtABgfhDBkUWlNz2/GZHp4R7bqh0zgWciSAlD+C1flSxkQ68Izz
+SXzg/Oi5q6zw0T8jK/bIcQMu1+qKmwTkIyBsA4P6nUskgjdq0bMN4oD9JnDaWAkj
+4ScozWvT4ay0feAmHYDNzXrdxxzlyoHBIUbKE5lkyQKBgQC7ertazu8bxWMPFa48
+DZDL6oDvWWcSmUVyNAjlaZFUmF3gQeSB7U6BfxGa+k1BdbDeYSXVwCCC9G2XGPAx
+eMUnFYS6WjagxKNfls0yC19Gy1Jo4XNwdFKujW15uC8ogArwTrOSKEQBUGk4gmH6
+ZttsuVvMuTmZv9Kq9hinarLUWQ==
+-----END PRIVATE KEY-----

etc/client.conf

@@ -0,0 +1,29 @@
+# TLS client certificate request
+
+[ req ]
+default_bits            = 2048                  # RSA key size
+encrypt_key             = yes                   # Protect private key
+default_md              = sha256                # MD to use
+utf8                    = yes                   # Input is UTF-8
+string_mask             = utf8only              # Emit UTF-8 strings
+prompt                  = yes                   # Prompt for DN
+distinguished_name      = client_dn             # DN template
+req_extensions          = client_reqext         # Desired extensions
+
+[ client_dn ]
+countryName             = "1. Country Name (2 letters) (eg, US)       "
+countryName_max         = 2
+stateOrProvinceName     = "2. State or Province Name   (eg, region)   "
+localityName            = "3. Locality Name            (eg, city)     "
+organizationName        = "4. Organization Name        (eg, company)  "
+organizationalUnitName  = "5. Organizational Unit Name (eg, section)  "
+commonName              = "6. Common Name              (eg, full name)"
+commonName_max          = 64
+emailAddress            = "7. Email Address            (eg, name@fqdn)"
+emailAddress_max        = 40
+
+[ client_reqext ]
+keyUsage                = critical,digitalSignature
+extendedKeyUsage        = clientAuth
+subjectKeyIdentifier    = hash
+subjectAltName          = email:copy

etc/email.conf

@@ -0,0 +1,31 @@
+# Email certificate request
+
+# This file is used by the openssl req command. Since we cannot know the DN in
+# advance the user is prompted for DN information.
+
+[ req ]
+default_bits            = 2048                  # RSA key size
+encrypt_key             = yes                   # Protect private key
+default_md              = sha256                # MD to use
+utf8                    = yes                   # Input is UTF-8
+string_mask             = utf8only              # Emit UTF-8 strings
+prompt                  = yes                   # Prompt for DN
+distinguished_name      = email_dn              # DN template
+req_extensions          = email_reqext          # Desired extensions
+
+[ email_dn ]
+0.domainComponent       = "1. Domain Component         (eg, com)      "
+1.domainComponent       = "2. Domain Component         (eg, company)  "
+2.domainComponent       = "3. Domain Component         (eg, pki)      "
+organizationName        = "4. Organization Name        (eg, company)  "
+organizationalUnitName  = "5. Organizational Unit Name (eg, section)  "
+commonName              = "6. Common Name              (eg, full name)"
+commonName_max          = 64
+emailAddress            = "7. Email Address            (eg, name@fqdn)"
+emailAddress_max        = 40
+
+[ email_reqext ]
+keyUsage                = critical,digitalSignature,keyEncipherment
+extendedKeyUsage        = emailProtection,clientAuth
+subjectKeyIdentifier    = hash
+subjectAltName          = email:copy

etc/root-ca.conf

@@ -0,0 +1,102 @@
+# Simple Root CA
+
+# The [default] section contains global constants that can be referred to from
+# the entire configuration file. It may also hold settings pertaining to more
+# than one openssl command.
+
+[ default ]
+ca                      = root-ca               # CA name
+dir                     = .                     # Top dir
+
+# The next part of the configuration file is used by the openssl req command.
+# It defines the CA's key pair, its DN, and the desired extensions for the CA
+# certificate.
+
+[ req ]
+default_bits            = 2048                  # RSA key size
+encrypt_key             = yes                   # Protect private key
+default_md              = sha256                # MD to use
+utf8                    = yes                   # Input is UTF-8
+string_mask             = utf8only              # Emit UTF-8 strings
+prompt                  = no                    # Don't prompt for DN
+distinguished_name      = ca_dn                 # DN section
+req_extensions          = ca_reqext             # Desired extensions
+
+[ ca_dn ]
+0.domainComponent       = "org"
+1.domainComponent       = "simple"
+organizationName        = "Simple Inc"
+commonName              = "Simple Root CA"
+
+[ ca_reqext ]
+keyUsage                = critical,keyCertSign,cRLSign
+basicConstraints        = critical,CA:true
+subjectKeyIdentifier    = hash
+
+# The remainder of the configuration file is used by the openssl ca command.
+# The CA section defines the locations of CA assets, as well as the policies
+# applying to the CA.
+
+[ ca ]
+default_ca              = root_ca               # The default CA section
+
+[ root_ca ]
+certificate             = $dir/ca/$ca.crt       # The CA cert
+private_key             = $dir/ca/$ca/private/$ca.key # CA private key
+new_certs_dir           = $dir/ca/$ca           # Certificate archive
+serial                  = $dir/ca/$ca/db/$ca.crt.srl # Serial number file
+crlnumber               = $dir/ca/$ca/db/$ca.crl.srl # CRL number file
+database                = $dir/ca/$ca/db/$ca.db # Index file
+rand_serial             = yes                   # Use random serial numbers
+unique_subject          = no                    # Require unique subject
+default_days            = 3652                  # How long to certify for
+default_md              = sha256                # MD to use
+policy                  = match_pol             # Default naming policy
+email_in_dn             = no                    # Add email to cert DN
+preserve                = no                    # Keep passed DN ordering
+name_opt                = multiline,-esc_msb,utf8 # Subject DN display options
+cert_opt                = ca_default            # Certificate display options
+copy_extensions         = none                  # Copy extensions from CSR
+x509_extensions         = signing_ca_ext        # Default cert extensions
+default_crl_days        = 365                   # How long before next CRL
+crl_extensions          = crl_ext               # CRL extensions
+
+# Naming policies control which parts of a DN end up in the certificate and
+# under what circumstances certification should be denied.
+
+[ match_pol ]
+domainComponent         = match                 # Must match 'simple.org'
+organizationName        = match                 # Must match 'Simple Inc'
+organizationalUnitName  = optional              # Included if present
+commonName              = supplied              # Must be present
+
+[ any_pol ]
+domainComponent         = optional
+countryName             = optional
+stateOrProvinceName     = optional
+localityName            = optional
+organizationName        = optional
+organizationalUnitName  = optional
+commonName              = optional
+emailAddress            = optional
+
+# Certificate extensions define what types of certificates the CA is able to
+# create.
+
+[ root_ca_ext ]
+keyUsage                = critical,keyCertSign,cRLSign
+basicConstraints        = critical,CA:true
+subjectKeyIdentifier    = hash
+authorityKeyIdentifier  = keyid:always
+
+[ signing_ca_ext ]
+keyUsage                = critical,keyCertSign,cRLSign
+basicConstraints        = critical,CA:true,pathlen:0
+subjectKeyIdentifier    = hash
+authorityKeyIdentifier  = keyid:always
+
+# CRL extensions exist solely to point to the CA certificate that has issued
+# the CRL.
+
+[ crl_ext ]
+authorityKeyIdentifier  = keyid:always

etc/server.conf

@@ -0,0 +1,32 @@
+# TLS server certificate request
+
+# This file is used by the openssl req command. The subjectAltName cannot be
+# prompted for and must be specified in the SAN environment variable.
+
+[ default ]
+SAN                     = DNS:www.example.com   # Default SAN
+
+[ req ]
+default_bits            = 2048                  # RSA key size
+encrypt_key             = no                    # Protect private key
+default_md              = sha256                # MD to use
+utf8                    = yes                   # Input is UTF-8
+string_mask             = utf8only              # Emit UTF-8 strings
+prompt                  = yes                   # Prompt for DN
+distinguished_name      = server_dn             # DN template
+req_extensions          = server_reqext         # Desired extensions
+
+[ server_dn ]
+0.domainComponent       = "1. Domain Component         (eg, com)      "
+1.domainComponent       = "2. Domain Component         (eg, company)  "
+2.domainComponent       = "3. Domain Component         (eg, pki)      "
+organizationName        = "4. Organization Name        (eg, company)  "
+organizationalUnitName  = "5. Organizational Unit Name (eg, section)  "
+commonName              = "6. Common Name              (eg, FQDN)     "
+commonName_max          = 64
+
+[ server_reqext ]
+keyUsage                = critical,digitalSignature,keyEncipherment
+extendedKeyUsage        = serverAuth,clientAuth
+subjectKeyIdentifier    = hash
+subjectAltName          = $ENV::SAN

etc/signing-ca.conf

@@ -0,0 +1,124 @@
+# Simple Signing CA
+
+# The [default] section contains global constants that can be referred to from
+# the entire configuration file. It may also hold settings pertaining to more
+# than one openssl command.
+
+[ default ]
+ca                      = signing-ca            # CA name
+dir                     = .                     # Top dir
+
+# The next part of the configuration file is used by the openssl req command.
+# It defines the CA's key pair, its DN, and the desired extensions for the CA
+# certificate.
+
+[ req ]
+default_bits            = 2048                  # RSA key size
+encrypt_key             = yes                   # Protect private key
+default_md              = sha256                # MD to use
+utf8                    = yes                   # Input is UTF-8
+string_mask             = utf8only              # Emit UTF-8 strings
+prompt                  = no                    # Don't prompt for DN
+distinguished_name      = ca_dn                 # DN section
+req_extensions          = ca_reqext             # Desired extensions
+
+[ ca_dn ]
+0.domainComponent       = "org"
+1.domainComponent       = "simple"
+organizationName        = "Simple Inc"
+commonName              = "Simple Signing CA"
+
+[ ca_reqext ]
+keyUsage                = critical,keyCertSign,cRLSign
+basicConstraints        = critical,CA:true,pathlen:0
+subjectKeyIdentifier    = hash
+
+# The remainder of the configuration file is used by the openssl ca command.
+# The CA section defines the locations of CA assets, as well as the policies
+# applying to the CA.
+
+[ ca ]
+default_ca              = signing_ca            # The default CA section
+
+[ signing_ca ]
+certificate             = $dir/ca/$ca.crt       # The CA cert
+private_key             = $dir/ca/$ca/private/$ca.key # CA private key
+new_certs_dir           = $dir/ca/$ca           # Certificate archive
+serial                  = $dir/ca/$ca/db/$ca.crt.srl # Serial number file
+crlnumber               = $dir/ca/$ca/db/$ca.crl.srl # CRL number file
+database                = $dir/ca/$ca/db/$ca.db # Index file
+rand_serial             = yes                   # Use random serial numbers
+unique_subject          = no                    # Require unique subject
+default_days            = 730                   # How long to certify for
+default_md              = sha256                # MD to use
+policy                  = match_pol             # Default naming policy
+email_in_dn             = yes                   # Add email to cert DN
+preserve                = no                    # Keep passed DN ordering
+name_opt                = multiline,-esc_msb,utf8 # Subject DN display options
+cert_opt                = ca_default            # Certificate display options
+copy_extensions         = copy                  # Copy extensions from CSR
+x509_extensions         = email_ext             # Default cert extensions
+default_crl_days        = 7                     # How long before next CRL
+crl_extensions          = crl_ext               # CRL extensions
+
+# Naming policies control which parts of a DN end up in the certificate and
+# under what circumstances certification should be denied.
+
+[ match_pol ]
+domainComponent         = match                 # Must match 'simple.org'
+organizationName        = match                 # Must match 'Simple Inc'
+organizationalUnitName  = optional              # Included if present
+commonName              = supplied              # Must be present
+emailAddress            = optional              # Included if present
+
+[ any_pol ]
+domainComponent         = optional
+countryName             = optional
+stateOrProvinceName     = optional
+localityName            = optional
+organizationName        = optional
+organizationalUnitName  = optional
+commonName              = optional
+emailAddress            = optional
+
+# Certificate extensions define what types of certificates the CA is able to
+# create.
+
+[ extern_pol ]
+countryName             = supplied              # Must be present
+stateOrProvinceName     = optional              # Included if present
+localityName            = optional              # Included if present
+organizationName        = supplied              # Must be present
+organizationalUnitName  = optional              # Included if present
+commonName              = supplied              # Must be present
+emailAddress            = optional              # Included if present
+
+
+[ email_ext ]
+keyUsage                = critical,digitalSignature,keyEncipherment
+basicConstraints        = CA:false
+extendedKeyUsage        = emailProtection,clientAuth
+subjectKeyIdentifier    = hash
+authorityKeyIdentifier  = keyid:always
+
+[ server_ext ]
+keyUsage                = critical,digitalSignature,keyEncipherment
+basicConstraints        = CA:false
+extendedKeyUsage        = serverAuth,clientAuth
+subjectKeyIdentifier    = hash
+authorityKeyIdentifier  = keyid:always
+
+[ client_ext ]
+keyUsage                = critical,digitalSignature
+basicConstraints        = CA:false
+extendedKeyUsage        = clientAuth
+subjectKeyIdentifier    = hash
+authorityKeyIdentifier  = keyid:always
+#authorityInfoAccess     = @issuer_info
+#crlDistributionPoints   = @crl_info
+
+# CRL extensions exist solely to point to the CA certificate that has issued
+# the CRL.
+
+[ crl_ext ]
+authorityKeyIdentifier  = keyid:always