--- /dev/null
+#!/usr/bin/sh
+
+# Easy-RSA 3 -- A Shell-based CA Utility
+#
+# Copyright (C) 2018 by the Open-Source OpenVPN development community.
+# A full list of contributors can be found in the ChangeLog.
+#
+# This code released under version 2 of the GNU GPL; see COPYING and the
+# Licensing/ directory of this project for full licensing details.
+
+# Help/usage output to stdout
+usage() {
+ # command help:
+ print "
+Easy-RSA 3 usage and overview
+
+USAGE: easyrsa [options] COMMAND [command-options]
+
+A list of commands is shown below. To get detailed usage and help for a
+command, run:
+ ./easyrsa help COMMAND
+
+For a listing of options that can be supplied before the command, use:
+ ./easyrsa help options
+
+Here is the list of commands available with a short syntax reminder. Use the
+'help' command above to get full usage details.
+
+ init-pki
+ build-ca [ cmd-opts ]
+ gen-dh
+ gen-req <filename_base> [ cmd-opts ]
+ sign-req <type> <filename_base>
+ build-client-full <filename_base> [ cmd-opts ]
+ build-server-full <filename_base> [ cmd-opts ]
+ revoke <filename_base> [cmd-opts]
+ renew <filename_base> [cmd-opts]
+ build-serverClient-full <filename_base> [ cmd-opts ]
+ gen-crl
+ update-db
+ show-req <filename_base> [ cmd-opts ]
+ show-cert <filename_base> [ cmd-opts ]
+ show-ca [ cmd-opts ]
+ import-req <request_file_path> <short_basename>
+ export-p7 <filename_base> [ cmd-opts ]
+ export-p12 <filename_base> [ cmd-opts ]
+ set-rsa-pass <filename_base> [ cmd-opts ]
+ set-ec-pass <filename_base> [ cmd-opts ]
+"
+
+ # collect/show dir status:
+ err_source="Not defined: vars autodetect failed and no value provided"
+ work_dir="${EASYRSA:-$err_source}"
+ pki_dir="${EASYRSA_PKI:-$err_source}"
+ print "\
+DIRECTORY STATUS (commands would take effect on these locations)
+ EASYRSA: $work_dir
+ PKI: $pki_dir
+"
+} # => usage()
+
+# Detailed command help
+# When called with no args, calls usage(), otherwise shows help for a command
+cmd_help() {
+ text=""
+ opts=""
+ case "$1" in
+ init-pki|clean-all) text="
+ init-pki [ cmd-opts ]
+ Removes & re-initializes the PKI dir for a clean PKI" ;;
+ build-ca) text="
+ build-ca [ cmd-opts ]
+ Creates a new CA"
+ opts="
+ nopass - do not encrypt the CA key (default is encrypted)
+ subca - create a sub-CA keypair and request (default is a root CA)" ;;
+ gen-dh) text="
+ gen-dh
+ Generates DH (Diffie-Hellman) parameters" ;;
+ gen-req) text="
+ gen-req <filename_base> [ cmd-opts ]
+ Generate a standalone keypair and request (CSR)
+
+ This request is suitable for sending to a remote CA for signing."
+ opts="
+ nopass - do not encrypt the private key (default is encrypted)" ;;
+ sign|sign-req) text="
+ sign-req <type> <filename_base>
+ Sign a certificate request of the defined type. <type> must be a known
+ type such as 'client', 'server', 'serverClient', or 'ca' (or a user-added type.)
+
+ This request file must exist in the reqs/ dir and have a .req file
+ extension. See import-req below for importing reqs from other sources." ;;
+ build|build-client-full|build-server-full|build-serverClient-full) text="
+ build-client-full <filename_base> [ cmd-opts ]
+ build-server-full <filename_base> [ cmd-opts ]
+ build-serverClient-full <filename_base> [ cmd-opts ]
+ Generate a keypair and sign locally for a client and/or server
+
+ This mode uses the <filename_base> as the X509 CN."
+ opts="
+ nopass - do not encrypt the private key (default is encrypted)" ;;
+ revoke) text="
+ revoke <filename_base> [reason]
+ Revoke a certificate specified by the filename_base, with an optional
+ revocation reason that is one of:
+ unspecified
+ keyCompromise
+ CACompromise
+ affiliationChanged
+ superseded
+ cessationOfOperation
+ certificateHold";;
+ renew) text="
+ renew <filename_base> [ cmd-opts ]
+ Renew a certificate specified by the filename_base"
+ opts="
+ nopass - do not encrypt the private key (default is encrypted)" ;;
+ gen-crl) text="
+ gen-crl
+ Generate a CRL" ;;
+ update-db) text="
+ update-db
+ Update the index.txt database
+
+ This command will use the system time to update the status of issued
+ certificates." ;;
+ show-req|show-cert) text="
+ show-req <filename_base> [ cmd-opts ]
+ show-cert <filename_base> [ cmd-opts ]
+ Shows details of the req or cert referenced by filename_base
+
+ Human-readable output is shown, including any requested cert options when
+ showing a request."
+ opts="
+ full - show full req/cert info, including pubkey/sig data" ;;
+ show-ca) text="
+ show-ca [ cmd-opts ]
+ Shows details of the CA cert
+
+ Human-readable output is shown."
+ opts="
+ full - show full cert info, including pubkey/sig data" ;;
+ import-req) text="
+ import-req <request_file_path> <short_basename>
+ Import a certificate request from a file
+
+ This will copy the specified file into the reqs/ dir in
+ preparation for signing.
+ The <short_basename> is the filename base to create.
+
+ Example usage:
+ import-req /some/where/bob_request.req bob" ;;
+ export-p12) text="
+ export-p12 <filename_base> [ cmd-opts ]
+ Export a PKCS#12 file with the keypair specified by <filename_base>"
+ opts="
+ noca - do not include the ca.crt file in the PKCS12 output
+ nokey - do not include the private key in the PKCS12 output" ;;
+ export-p7) text="
+ export-p7 <filename_base> [ cmd-opts ]
+ Export a PKCS#7 file with the pubkey specified by <filename_base>"
+ opts="
+ noca - do not include the ca.crt file in the PKCS7 output" ;;
+ set-rsa-pass|set-ec-pass) text="
+ set-rsa-pass <filename_base> [ cmd-opts ]
+ set-ec-pass <filename_base> [ cmd-opts ]
+ Set a new passphrase on an RSA or EC key for the listed <filename_base>."
+ opts="
+ nopass - use no password and leave the key unencrypted
+ file - (advanced) treat the file as a raw path, not a short-name" ;;
+ altname|subjectaltname|san) text="
+ --subject-alt-name=SAN_FORMAT_STRING
+ This global option adds a subjectAltName to the request or issued
+ certificate. It MUST be in a valid format accepted by openssl or
+ req/cert generation will fail. Note that including multiple such names
+ requires them to be comma-separated; further invocations of this
+ option will REPLACE the value.
+
+ Examples of the SAN_FORMAT_STRING shown below:
+ DNS:alternate.example.net
+ DNS:primary.example.net,DNS:alternate.example.net
+ IP:203.0.113.29
+ email:alternate@example.net" ;;
+ options)
+ opt_usage ;;
+ "")
+ usage ;;
+ *) text="
+ Unknown command: '$1' (try without commands for a list of commands)" ;;
+ esac
+
+ # display the help text
+ print "$text"
+ [ -n "$opts" ] && print "
+ cmd-opts is an optional set of command options from this list:
+$opts"
+} # => cmd_help()
+
+# Options usage
+opt_usage() {
+ print "
+Easy-RSA Global Option Flags
+
+The following options may be provided before the command. Options specified
+at runtime override env-vars and any 'vars' file in use. Unless noted,
+non-empty values to options are mandatory.
+
+General options:
+
+--batch : set automatic (no-prompts when possible) mode
+--pki-dir=DIR : declares the PKI directory
+--vars=FILE : define a specific 'vars' file to use for Easy-RSA config
+
+Certificate & Request options: (these impact cert/req field values)
+
+--days=# : sets the signing validity to the specified number of days
+--digest=ALG : digest to use in the requests & certificates
+--dn-mode=MODE : DN mode to use (cn_only or org)
+--keysize=# : size in bits of keypair to generate
+--req-cn=NAME : default CN to use
+--subca-len=# : path length of signed sub-CA certs; must be >= 0 if used
+--subject-alt-name : Add a subjectAltName. For more info and syntax, see:
+ ./easyrsa help altname
+--use-algo=ALG : crypto alg to use: choose rsa (default) or ec
+--curve=NAME : for elliptic curve, sets the named curve to use
+--copy-ext : Copy included request X509 extensions (namely subjAltName
+
+Organizational DN options: (only used with the 'org' DN mode)
+ (values may be blank for org DN options)
+
+--req-c=CC : country code (2-letters)
+--req-st=NAME : State/Province
+--req-city=NAME : City/Locality
+--req-org=NAME : Organization
+--req-email=NAME : Email addresses
+--req-ou=NAME : Organizational Unit
+
+Deprecated features:
+
+--ns-cert=YESNO : yes or no to including deprecated NS extensions
+--ns-comment=COMMENT : NS comment to include (value may be blank)
+"
+} # => opt_usage()
+
+# Wrapper around printf - clobber print since it's not POSIX anyway
+# shellcheck disable=SC1117
+print() { printf "%s\n" "$*"; }
+
+# Exit fatally with a message to stderr
+# present even with EASYRSA_BATCH as these are fatal problems
+die() {
+ print "
+Easy-RSA error:
+
+$1" 1>&2
+ clean_temp;
+ prog_exit "${2:-1}"
+} # => die()
+
+# non-fatal warning output
+warn() {
+ [ ! "$EASYRSA_BATCH" ] && \
+ print "
+$1" 1>&2
+} # => warn()
+
+# informational notices to stdout
+notice() {
+ [ ! "$EASYRSA_BATCH" ] && \
+ print "
+$1"
+} # => notice()
+
+# yes/no case-insensitive match (operates on stdin pipe)
+# Returns 0 when input contains yes, 1 for no, 2 for no match
+# If both strings are present, returns 1; first matching line returns.
+awk_yesno() {
+ #shellcheck disable=SC2016
+ awkscript='
+BEGIN {IGNORECASE=1; r=2}
+{ if(match($0,"no")) {r=1; exit}
+ if(match($0,"yes")) {r=0; exit}
+} END {exit r}'
+ awk "$awkscript"
+} # => awk_yesno()
+
+# intent confirmation helper func
+# returns without prompting in EASYRSA_BATCH
+confirm() {
+ [ "$EASYRSA_BATCH" ] && return
+ prompt="$1"
+ value="$2"
+ msg="$3"
+ input=""
+ print "
+$msg
+
+Type the word '$value' to continue, or any other input to abort."
+ printf %s " $prompt"
+ #shellcheck disable=SC2162
+ read input
+ [ "$input" = "$value" ] && return
+ notice "Aborting without confirmation."
+ exit 9
+} # => confirm()
+
+# remove temp files
+clean_temp() {
+ for f in "$EASYRSA_TEMP_CONF" "$EASYRSA_TEMP_EXT" \
+ "$EASYRSA_TEMP_FILE_2" "$EASYRSA_TEMP_FILE_3" "$EASYRSA_TEMP_FILE_4"
+ do [ -f "$f" ] && rm "$f" 2>/dev/null
+ done
+} # => clean_temp()
+
+prog_exit() {
+ ESTAT=0
+ [ -n "$1" ] && ESTAT=$1
+ (stty echo 2>/dev/null) || set -o echo
+ echo "" # just to get a clean line
+ exit "$ESTAT"
+} # => prog_exit()
+
+# Make LibreSSL safe config file from OpenSSL config file
+make_ssl_config() {
+sed \
+ -e "s\`ENV::EASYRSA\`EASYRSA\`g" \
+ -e "s\`\$dir\`$EASYRSA_PKI\`g" \
+ -e "s\`\$EASYRSA_PKI\`$EASYRSA_PKI\`g" \
+ -e "s\`\$EASYRSA_CERT_EXPIRE\`$EASYRSA_CERT_EXPIRE\`g" \
+ -e "s\`\$EASYRSA_CRL_DAYS\`$EASYRSA_CRL_DAYS\`g" \
+ -e "s\`\$EASYRSA_DIGEST\`$EASYRSA_DIGEST\`g" \
+ -e "s\`\$EASYRSA_KEY_SIZE\`$EASYRSA_KEY_SIZE\`g" \
+ -e "s\`\$EASYRSA_DIGEST\`$EASYRSA_DIGEST\`g" \
+ -e "s\`\$EASYRSA_DN\`$EASYRSA_DN\`g" \
+ -e "s\`\$EASYRSA_REQ_COUNTRY\`$EASYRSA_REQ_COUNTRY\`g" \
+ -e "s\`\$EASYRSA_REQ_PROVINCE\`$EASYRSA_REQ_PROVINCE\`g" \
+ -e "s\`\$EASYRSA_REQ_CITY\`$EASYRSA_REQ_CITY\`g" \
+ -e "s\`\$EASYRSA_REQ_ORG\`$EASYRSA_REQ_ORG\`g" \
+ -e "s\`\$EASYRSA_REQ_OU\`$EASYRSA_REQ_OU\`g" \
+ -e "s\`\$EASYRSA_REQ_CN\`$EASYRSA_REQ_CN\`g" \
+ -e "s\`\$EASYRSA_REQ_EMAIL\`$EASYRSA_REQ_EMAIL\`g" \
+ "$EASYRSA_SSL_CONF" > "$EASYRSA_SAFE_CONF" || die "\
+Failed to update $EASYRSA_SAFE_CONF"
+} # => make_ssl_config()
+
+vars_source_check() {
+ # Check for defined EASYRSA_PKI
+ [ -n "$EASYRSA_PKI" ] || die "\
+EASYRSA_PKI env-var undefined"
+} # => vars_source_check()
+
+# Verify supplied curve exists and generate curve file if needed
+verify_curve() {
+ if ! "$EASYRSA_OPENSSL" ecparam -name "$EASYRSA_CURVE" > /dev/null; then
+ die "\
+Curve $EASYRSA_CURVE not found. Run openssl ecparam -list_curves to show a
+list of supported curves."
+ fi
+
+ # Check that the ecparams dir exists
+ [ -d "$EASYRSA_EC_DIR" ] || mkdir "$EASYRSA_EC_DIR" || die "\
+Failed creating ecparams dir (permissions?) at:
+$EASYRSA_EC_DIR"
+
+ # Check that the required ecparams file exists
+ out="$EASYRSA_EC_DIR/${EASYRSA_CURVE}.pem"
+ [ -f "$out" ] && return 0
+ "$EASYRSA_OPENSSL" ecparam -name "$EASYRSA_CURVE" -out "$out" || die "\
+Failed to generate ecparam file (permissions?) when writing to:
+$out"
+
+ # Explicitly return success for caller
+ return 0
+}
+
+verify_ssl_lib () {
+ # make safessl-easyrsa.cnf
+ make_ssl_config
+
+ # Verify EASYRSA_OPENSSL command gives expected output
+ if [ -z "$EASYRSA_SSL_OK" ]; then
+ val="$("$EASYRSA_OPENSSL" version)"
+ case "${val%% *}" in
+ OpenSSL|LibreSSL)
+ notice "\
+Using SSL: $EASYRSA_OPENSSL $("$EASYRSA_OPENSSL" version)" ;;
+ *) die "\
+Missing or invalid OpenSSL
+Expected to find openssl command at: $EASYRSA_OPENSSL" ;;
+ esac
+ fi
+ EASYRSA_SSL_OK=1
+
+ # Verify EASYRSA_SSL_CONF file exists
+ [ -f "$EASYRSA_SSL_CONF" ] || die "\
+The OpenSSL config file cannot be found.
+Expected location: $EASYRSA_SSL_CONF"
+} # => verify_ssl_lib ()
+
+# Basic sanity-check of PKI init and complain if missing
+verify_pki_init() {
+ help_note="Run easyrsa without commands for usage and command help."
+
+ # check that the pki dir exists
+ vars_source_check
+ [ -d "$EASYRSA_PKI" ] || die "\
+EASYRSA_PKI does not exist (perhaps you need to run init-pki)?
+Expected to find the EASYRSA_PKI at: $EASYRSA_PKI
+$help_note"
+
+ # verify expected dirs present:
+ for i in private reqs; do
+ [ -d "$EASYRSA_PKI/$i" ] || die "\
+Missing expected directory: $i (perhaps you need to run init-pki?)
+$help_note"
+ done
+
+ # verify ssl lib
+ verify_ssl_lib
+} # => verify_pki_init()
+
+# Verify core CA files present
+verify_ca_init() {
+ help_note="Run without commands for usage and command help."
+
+ # First check the PKI has been initialized
+ verify_pki_init
+
+ # verify expected files present:
+ for i in serial index.txt ca.crt private/ca.key; do
+ if [ ! -f "$EASYRSA_PKI/$i" ]; then
+ [ "$1" = "test" ] && return 1
+ die "\
+Missing expected CA file: $i (perhaps you need to run build-ca?)
+$help_note"
+ fi
+ done
+
+ # When operating in 'test' mode, return success.
+ # test callers don't care about CA-specific dir structure
+ [ "$1" = "test" ] && return 0
+
+ # verify expected CA-specific dirs:
+ for i in issued certs_by_serial \
+ revoked/certs_by_serial revoked/private_by_serial revoked/reqs_by_serial \
+ renewed/certs_by_serial renewed/private_by_serial renewed/reqs_by_serial ;
+ do
+ [ -d "$EASYRSA_PKI/$i" ] || die "\
+Missing expected CA dir: $i (perhaps you need to run build-ca?)
+$help_note"
+ done
+
+ # explicitly return success for callers
+ return 0
+
+} # => verify_ca_init()
+
+# init-pki backend:
+init_pki() {
+
+ # If EASYRSA_PKI exists, confirm before we rm -rf (skiped with EASYRSA_BATCH)
+ if [ -e "$EASYRSA_PKI" ]; then
+ confirm "Confirm removal: " "yes" "
+WARNING!!!
+
+You are about to remove the EASYRSA_PKI at: $EASYRSA_PKI
+and initialize a fresh PKI here."
+ # now remove it:
+ rm -rf "$EASYRSA_PKI" || die "Removal of PKI dir failed. Check/correct errors above"
+ fi
+
+ # new dirs:
+ for i in private reqs; do
+ mkdir -p "$EASYRSA_PKI/$i" || die "Failed to create PKI file structure (permissions?)"
+ done
+
+ if [ ! -f "$EASYRSA_SSL_CONF" ] && [ -f "$EASYRSA/openssl-easyrsa.cnf" ];
+ then
+ cp "$EASYRSA/openssl-easyrsa.cnf" "$EASYRSA_SSL_CONF"
+ fi
+
+ notice "\
+init-pki complete; you may now create a CA or requests.
+Your newly created PKI dir is: $EASYRSA_PKI
+"
+ return 0
+} # => init_pki()
+
+hide_read_pass()
+{
+ (stty -echo 2>/dev/null) || set +o echo
+ read -r "$@"
+ (stty echo 2>/dev/null) || set -o echo
+} # => hide_read_pass()
+
+# build-ca backend:
+build_ca() {
+ opts=""
+ sub_ca=""
+ nopass=""
+ crypto="-aes256"
+ crypto_opts=""
+ while [ -n "$1" ]; do
+ case "$1" in
+ subca) sub_ca=1 ;;
+ nopass) nopass=1 ;;
+ *) warn "Ignoring unknown command option: '$1'" ;;
+ esac
+ shift
+ done
+
+ verify_pki_init
+ [ "$EASYRSA_ALGO" = "ec" ] && verify_curve
+
+ # setup for the simpler sub-CA situation and overwrite with root-CA if needed:
+ out_file="$EASYRSA_PKI/reqs/ca.req"
+ out_key="$EASYRSA_PKI/private/ca.key"
+ if [ ! $sub_ca ]; then
+ out_file="$EASYRSA_PKI/ca.crt"
+ opts="$opts -x509 -days $EASYRSA_CA_EXPIRE "
+ fi
+
+ # Test for existing CA, and complain if already present
+ if verify_ca_init test; then
+ die "\
+Unable to create a CA as you already seem to have one set up.
+If you intended to start a new CA, run init-pki first."
+ fi
+ # If a private key exists here, a sub-ca was created but not signed.
+ # Notify the user and require a signed ca.crt or a init-pki:
+ [ -f "$out_key" ] && \
+ die "\
+A CA private key exists but no ca.crt is found in your PKI dir of:
+$EASYRSA_PKI
+Refusing to create a new CA keypair as this operation would overwrite your
+current CA keypair. If you intended to start a new CA, run init-pki first."
+
+ # create necessary files and dirs:
+ err_file="Unable to create necessary PKI files (permissions?)"
+ for i in issued certs_by_serial \
+ revoked/certs_by_serial revoked/private_by_serial revoked/reqs_by_serial \
+ renewed/certs_by_serial renewed/private_by_serial renewed/reqs_by_serial;
+ do
+ mkdir -p "$EASYRSA_PKI/$i" || die "$err_file"
+ done
+ printf "" > "$EASYRSA_PKI/index.txt" || die "$err_file"
+ print "01" > "$EASYRSA_PKI/serial" || die "$err_file"
+
+ # Default CN only when not in global EASYRSA_BATCH mode:
+ # shellcheck disable=SC2015
+ [ "$EASYRSA_BATCH" ] && opts="$opts -batch" || export EASYRSA_REQ_CN="Easy-RSA CA"
+
+ out_key_tmp="$(mktemp "$out_key.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_2="$out_key_tmp"
+ out_file_tmp="$(mktemp "$out_file.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_3="$out_file_tmp"
+ # Get password from user if necessary
+ if [ ! $nopass ]; then
+ out_key_pass_tmp="$(mktemp)"; EASYRSA_TEMP_FILE_4="$out_key_pass_tmp"
+ echo
+ printf "Enter New CA Key Passphrase: "
+ hide_read_pass kpass
+ echo
+ printf "Re-Enter New CA Key Passphrase: "
+ hide_read_pass kpass2
+ echo
+ # shellcheck disable=2154
+ if [ "$kpass" = "$kpass2" ];
+ then
+ printf "%s" "$kpass" > "$out_key_pass_tmp"
+ else
+ die "Passphrases do not match."
+ fi
+ fi
+
+ # create the CA key using AES256
+ [ ! $nopass ] && crypto_opts="$crypto -passout file:$out_key_pass_tmp"
+ if [ "$EASYRSA_ALGO" = "rsa" ]; then
+ #shellcheck disable=SC2086
+ "$EASYRSA_OPENSSL" genrsa -out "$out_key_tmp" $crypto_opts "$EASYRSA_ALGO_PARAMS"
+ elif [ "$EASYRSA_ALGO" = "ec" ]; then
+ #shellcheck disable=SC2086
+ "$EASYRSA_OPENSSL" ecparam -in "$EASYRSA_ALGO_PARAMS" -genkey | \
+ "$EASYRSA_OPENSSL" ec -out "$out_key_tmp" $crypto_opts
+ fi
+
+ # make safessl-easyrsa.cnf
+ make_ssl_config
+
+ # create the CA keypair:
+ [ ! $nopass ] && crypto_opts="-passin file:$out_key_pass_tmp"
+ #shellcheck disable=SC2086
+ "$EASYRSA_OPENSSL" req -utf8 -new -key "$out_key_tmp" \
+ -config "$EASYRSA_SAFE_CONF" -keyout "$out_key_tmp" -out "$out_file_tmp" $crypto_opts $opts || \
+ die "Failed to build the CA"
+
+ mv "$out_key_tmp" "$out_key"; EASYRSA_TEMP_FILE_2=
+ mv "$out_file_tmp" "$out_file"; EASYRSA_TEMP_FILE_3=
+ [ -f "$out_key_pass_tmp" ] && rm "$out_key_pass_tmp" && EASYRSA_TEMP_FILE_4=
+
+ # Success messages
+ if [ $sub_ca ]; then
+ notice "\
+NOTE: Your sub-CA request is at $out_file
+and now must be sent to your parent CA for signing. Place your resulting cert
+at $EASYRSA_PKI/ca.crt prior to signing operations.
+"
+ else notice "\
+CA creation complete and you may now import and sign cert requests.
+Your new CA certificate file for publishing is at:
+$out_file
+"
+ fi
+ return 0
+} # => build_ca()
+
+# gen-dh backend:
+gen_dh() {
+ verify_pki_init
+
+ out_file="$EASYRSA_PKI/dh.pem"
+ "$EASYRSA_OPENSSL" dhparam -out "$out_file" "$EASYRSA_KEY_SIZE" || \
+ die "Failed to build DH params"
+ notice "\
+DH parameters of size $EASYRSA_KEY_SIZE created at $out_file
+"
+ return 0
+} # => gen_dh()
+
+# gen-req backend:
+gen_req() {
+ # pull filename base and use as default interactive CommonName:
+ [ -n "$1" ] || die "\
+Error: gen-req must have a file base as the first argument.
+Run easyrsa without commands for usage and commands."
+ key_out="$EASYRSA_PKI/private/$1.key"
+ req_out="$EASYRSA_PKI/reqs/$1.req"
+ [ ! "$EASYRSA_BATCH" ] && EASYRSA_REQ_CN="$1"
+ shift
+
+ # function opts support
+ opts=
+ while [ -n "$1" ]; do
+ case "$1" in
+ nopass) opts="$opts -nodes" ;;
+ # batch flag supports internal callers needing silent operation
+ batch) EASYRSA_BATCH=1 ;;
+ *) warn "Ignoring unknown command option: '$1'" ;;
+ esac
+ shift
+ done
+
+ verify_pki_init
+ [ "$EASYRSA_ALGO" = "ec" ] && verify_curve
+
+ # don't wipe out an existing private key without confirmation
+ [ -f "$key_out" ] && confirm "Confirm key overwrite: " "yes" "\
+
+WARNING!!!
+
+An existing private key was found at $key_out
+Continuing with key generation will replace this key."
+
+ # When EASYRSA_EXTRA_EXTS is defined, append it to openssl's [req] section:
+ if [ -n "$EASYRSA_EXTRA_EXTS" ]; then
+ # Setup & insert the extra ext data keyed by a magic line
+ extra_exts="
+req_extensions = req_extra
+[ req_extra ]
+$EASYRSA_EXTRA_EXTS"
+ #shellcheck disable=SC2016
+ awkscript='
+{if ( match($0, "^#%EXTRA_EXTS%") )
+ { while ( getline<"/dev/stdin" ) {print} next }
+ {print}
+}'
+ print "$extra_exts" | \
+ awk "$awkscript" "$EASYRSA_SSL_CONF" \
+ > "$EASYRSA_TEMP_CONF" \
+ || die "Copying SSL config to temp file failed"
+ # Use this new SSL config for the rest of this function
+ EASYRSA_SSL_CONF="$EASYRSA_TEMP_CONF"
+ fi
+
+ # make safessl-easyrsa.cnf
+ make_ssl_config
+
+ key_out_tmp="$(mktemp "$key_out.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_2="$key_out_tmp"
+ req_out_tmp="$(mktemp "$req_out.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_3="$req_out_tmp"
+ # generate request
+ [ $EASYRSA_BATCH ] && opts="$opts -batch"
+ # shellcheck disable=2086,2148
+ "$EASYRSA_OPENSSL" req -utf8 -new -newkey "$EASYRSA_ALGO":"$EASYRSA_ALGO_PARAMS" \
+ -config "$EASYRSA_SAFE_CONF" -keyout "$key_out_tmp" -out "$req_out_tmp" $opts \
+ || die "Failed to generate request"
+ mv "$key_out_tmp" "$key_out"; EASYRSA_TEMP_FILE_2=
+ mv "$req_out_tmp" "$req_out"; EASYRSA_TEMP_FILE_3=
+ notice "\
+Keypair and certificate request completed. Your files are:
+req: $req_out
+key: $key_out
+"
+ return 0
+} # => gen_req()
+
+# common signing backend
+sign_req() {
+ crt_type="$1"
+ opts=""
+ req_in="$EASYRSA_PKI/reqs/$2.req"
+ crt_out="$EASYRSA_PKI/issued/$2.crt"
+
+ # Randomize Serial number
+ i=""
+ serial=""
+ check_serial=""
+ for i in 1 2 3 4 5; do
+ "$EASYRSA_OPENSSL" rand -hex -out "$EASYRSA_PKI/serial" 16
+ serial="$(cat "$EASYRSA_PKI/serial")"
+ check_serial="$("$EASYRSA_OPENSSL" ca -config "$EASYRSA_SSL_CONF" -status "$serial" 2>&1)"
+ case "$check_serial" in
+ *"not present in db"*) break ;;
+ *) continue ;;
+ esac
+ done
+
+ # Support batch by internal caller:
+ [ "$3" = "batch" ] && EASYRSA_BATCH=1
+
+ verify_ca_init
+
+ # Check argument sanity:
+ [ -n "$2" ] || die "\
+Incorrect number of arguments provided to sign-req:
+expected 2, got $# (see command help for usage)"
+
+ # Cert type must exist under the EASYRSA_EXT_DIR
+ [ -r "$EASYRSA_EXT_DIR/$crt_type" ] || die "\
+Unknown cert type '$crt_type'"
+
+ # Request file must exist
+ [ -f "$req_in" ] || die "\
+No request found for the input: '$2'
+Expected to find the request at: $req_in"
+
+ # Confirm input is a cert req
+ verify_file req "$req_in" || die "\
+The certificate request file is not in a valid X509 request format.
+Offending file: $req_in"
+
+ # Display the request subject in an easy-to-read format
+ # Confirm the user wishes to sign this request
+ confirm "Confirm request details: " "yes" "
+You are about to sign the following certificate.
+Please check over the details shown below for accuracy. Note that this request
+has not been cryptographically verified. Please be sure it came from a trusted
+source or that you have verified the request checksum with the sender.
+
+Request subject, to be signed as a $crt_type certificate for $EASYRSA_CERT_EXPIRE days:
+
+$(display_dn req "$req_in")
+" # => confirm end
+
+ # Generate the extensions file for this cert:
+ {
+ # Append first any COMMON file (if present) then the cert-type extensions
+ cat "$EASYRSA_EXT_DIR/COMMON"
+ cat "$EASYRSA_EXT_DIR/$crt_type"
+ # copy req extensions
+ [ "$EASYRSA_CP_EXT" ] && print "copy_extensions = copy"
+
+ # Support a dynamic CA path length when present:
+ [ "$crt_type" = "ca" ] && [ -n "$EASYRSA_SUBCA_LEN" ] && \
+ print "basicConstraints = CA:TRUE, pathlen:$EASYRSA_SUBCA_LEN"
+
+ # Deprecated Netscape extension support, if enabled
+ if print "$EASYRSA_NS_SUPPORT" | awk_yesno; then
+ [ -n "$EASYRSA_NS_COMMENT" ] && \
+ print "nsComment = \"$EASYRSA_NS_COMMENT\""
+ case "$crt_type" in
+ serverClient) print "nsCertType = serverClient" ;;
+ server) print "nsCertType = server" ;;
+ client) print "nsCertType = client" ;;
+ ca) print "nsCertType = sslCA" ;;
+ esac
+ fi
+
+ # If type is server and no subjectAltName was requested,
+ # add one to the extensions file
+ if [ "$crt_type" = 'server' ];
+ then
+ echo "$EASYRSA_EXTRA_EXTS" |
+ grep -q subjectAltName ||
+ default_server_san "$req_in"
+ fi
+
+ # Add any advanced extensions supplied by env-var:
+ [ -n "$EASYRSA_EXTRA_EXTS" ] && print "$EASYRSA_EXTRA_EXTS"
+
+ : # needed to keep die from inherting the above test
+ } > "$EASYRSA_TEMP_EXT" || die "\
+Failed to create temp extension file (bad permissions?) at:
+$EASYRSA_TEMP_EXT"
+
+ # make safessl-easyrsa.cnf
+ make_ssl_config
+
+ # sign request
+ # shellcheck disable=SC2086
+ crt_out_tmp="$(mktemp "$crt_out.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_2="$crt_out_tmp"
+ "$EASYRSA_OPENSSL" ca -utf8 -in "$req_in" -out "$crt_out_tmp" -config "$EASYRSA_SAFE_CONF" \
+ -extfile "$EASYRSA_TEMP_EXT" -days "$EASYRSA_CERT_EXPIRE" -batch $opts \
+ || die "signing failed (openssl output above may have more detail)"
+ mv "$crt_out_tmp" "$crt_out"; EASYRSA_TEMP_FILE_2=
+ notice "\
+Certificate created at: $crt_out
+"
+ return 0
+} # => sign_req()
+
+# common build backend
+# used to generate+sign in 1 step
+build_full() {
+ verify_ca_init
+
+ # pull filename base:
+ [ -n "$2" ] || die "\
+Error: didn't find a file base name as the first argument.
+Run easyrsa without commands for usage and commands."
+ crt_type="$1" name="$2"
+ req_out="$EASYRSA_PKI/reqs/$2.req"
+ key_out="$EASYRSA_PKI/private/$2.key"
+ crt_out="$EASYRSA_PKI/issued/$2.crt"
+ shift 2
+
+ # function opts support
+ req_opts=
+ while [ -n "$1" ]; do
+ case "$1" in
+ nopass) req_opts="$req_opts nopass" ;;
+ *) warn "Ignoring unknown command option: '$1'" ;;
+ esac
+ shift
+ done
+
+ # abort on existing req/key/crt files
+ err_exists="\
+file already exists. Aborting build to avoid overwriting this file.
+If you wish to continue, please use a different name or remove the file.
+Matching file found at: "
+ [ -f "$req_out" ] && die "Request $err_exists $req_out"
+ [ -f "$key_out" ] && die "Key $err_exists $key_out"
+ [ -f "$crt_out" ] && die "Certificate $err_exists $crt_out"
+
+ # create request
+ EASYRSA_REQ_CN="$name"
+ #shellcheck disable=SC2086
+ gen_req "$name" batch $req_opts
+
+ # Sign it
+ sign_req "$crt_type" "$name" batch
+
+} # => build_full()
+
+# revoke backend
+revoke() {
+ verify_ca_init
+
+ # pull filename base:
+ [ -n "$1" ] || die "\
+Error: didn't find a file base name as the first argument.
+Run easyrsa without commands for usage and command help."
+ crt_in="$EASYRSA_PKI/issued/$1.crt"
+
+ opts=""
+ if [ "$2" ]; then
+ opts="$opts -crl_reason $2"
+ fi
+
+ verify_file x509 "$crt_in" || die "\
+Unable to revoke as the input file is not a valid certificate. Unexpected
+input in file: $crt_in"
+
+ # confirm operation by displaying DN:
+ confirm "Continue with revocation: " "yes" "
+Please confirm you wish to revoke the certificate with the following subject:
+
+$(display_dn x509 "$crt_in")
+" # => confirm end
+
+ # referenced cert must exist:
+ [ -f "$crt_in" ] || die "\
+Unable to revoke as no certificate was found. Certificate was expected
+at: $crt_in"
+
+ # make safessl-easyrsa.cnf
+ make_ssl_config
+
+ # shellcheck disable=SC2086
+ "$EASYRSA_OPENSSL" ca -utf8 -revoke "$crt_in" -config "$EASYRSA_SAFE_CONF" $opts || die "\
+Failed to revoke certificate: revocation command failed."
+
+ # move revoked files so we can reissue certificates with the same name
+ move_revoked "$1"
+
+ notice "\
+IMPORTANT!!!
+
+Revocation was successful. You must run gen-crl and upload a CRL to your
+infrastructure in order to prevent the revoked cert from being accepted.
+" # => notice end
+ return 0
+} #= revoke()
+
+# move-revoked
+# moves revoked certificates to an alternative folder
+# allows reissuing certificates with the same name
+move_revoked() {
+ verify_ca_init
+
+ [ -n "$1" ] || die "\
+Error: didn't find a file base name as the first argument.
+Run easyrsa without commands for usage and command help."
+
+ crt_in="$EASYRSA_PKI/issued/$1.crt"
+ key_in="$EASYRSA_PKI/private/$1.key"
+ req_in="$EASYRSA_PKI/reqs/$1.req"
+
+ verify_file x509 "$crt_in" || die "\
+Unable to move revoked input file. The file is not a valid certificate. Unexpected
+input in file: $crt_in"
+
+ verify_file req "$req_in" || die "\
+Unable to move request. The file is not a valid request. Unexpected
+input in file: $req_in"
+
+ # get the serial number of the certificate -> serial=XXXX
+ cert_serial="$("$EASYRSA_OPENSSL" x509 -in "$crt_in" -noout -serial)"
+ # remove the serial= part -> we only need the XXXX part
+ cert_serial=${cert_serial##*=}
+
+ crt_by_serial="$EASYRSA_PKI/certs_by_serial/$cert_serial.pem"
+ crt_by_serial_revoked="$EASYRSA_PKI/revoked/certs_by_serial/$cert_serial.crt"
+ key_by_serial_revoked="$EASYRSA_PKI/revoked/private_by_serial/$cert_serial.key"
+ req_by_serial_revoked="$EASYRSA_PKI/revoked/reqs_by_serial/$cert_serial.req"
+
+
+ # move crt, key and req file to revoked folders
+ mv "$crt_in" "$crt_by_serial_revoked"
+ mv "$req_in" "$req_by_serial_revoked"
+
+ # only move the key if we have it
+ if [ -e "$key_in" ]
+ then
+ mv "$key_in" "$key_by_serial_revoked"
+ fi
+
+ # move the rest of the files (p12, p7, ...)
+ # shellcheck disable=SC2231
+ for file in $EASYRSA_PKI/private/$1\.???
+ do
+ # get file extension
+ file_ext="${file##*.}"
+
+ [ -f "$file" ] && mv "$file" "$EASYRSA_PKI/revoked/private_by_serial/$cert_serial.$file_ext"
+ done
+
+ # remove the dublicate certificate in the certs_by_serial folder
+ rm "$crt_by_serial"
+
+ return 0
+
+} #= move_revoked()
+
+# renew backend
+renew() {
+ verify_ca_init
+
+ # pull filename base:
+ [ -n "$1" ] || die "\
+Error: didn't find a file base name as the first argument.
+Run easyrsa without commands for usage and command help."
+ crt_in="$EASYRSA_PKI/issued/$1.crt"
+
+ opts=""
+ if [ "$2" ]; then
+ opts="$2"
+ fi
+
+ verify_file x509 "$crt_in" || die "\
+Unable to renew as the input file is not a valid certificate. Unexpected
+input in file: $crt_in"
+
+ # confirm operation by displaying DN:
+ confirm "Continue with renew: " "yes" "
+Please confirm you wish to renew the certificate with the following subject:
+
+$(display_dn x509 "$crt_in")
+" # => confirm end
+
+ # referenced cert must exist:
+ [ -f "$crt_in" ] || die "\
+Unable to renew as no certificate was found. Certificate was expected
+at: $crt_in"
+
+ # make safessl-easyrsa.cnf
+ make_ssl_config
+
+ # Check if old cert is expired or expires within 30 days
+ expire_date=$(
+ "$EASYRSA_OPENSSL" x509 -in "$crt_in" -noout -enddate |
+ sed 's/^notAfter=//'
+ )
+ case $(uname) in
+ "Darwin"|*"BSD")
+ expire_date=$(date -j -f '%b %d %T %Y %Z' "$expire_date" +%s)
+ allow_renew_date=$(date -j -v"+${EASYRSA_CERT_RENEW}d" +%s)
+ ;;
+ *)
+ # This works on Windows, too, since uname doesn't exist and this is catch-all
+ expire_date=$(date -d "$expire_date" +%s)
+ allow_renew_date=$(date -d "+${EASYRSA_CERT_RENEW}day" +%s)
+ ;;
+ esac
+
+ [ "$expire_date" -lt "$allow_renew_date" ] || die "\
+Certificate expires in more than $EASYRSA_CERT_RENEW days.
+Renewal not allowed."
+
+ # Extract certificate usage from old cert
+ cert_ext_key_usage=$(
+ "$EASYRSA_OPENSSL" x509 -in "$crt_in" -noout -text |
+ sed -n "/X509v3 Extended Key Usage:/{n;s/^ *//g;p;}"
+ )
+ case $cert_ext_key_usage in
+ "TLS Web Client Authentication")
+ cert_type=client
+ ;;
+ "TLS Web Server Authentication")
+ cert_type=server
+ ;;
+ "TLS Web Server Authentication, TLS Web Client Authentication")
+ cert_type=serverClient
+ ;;
+ esac
+
+ # Use SAN from --subject-alt-name if set else use SAN from old cert
+ echo "$EASYRSA_EXTRA_EXTS" | grep -q subjectAltName || \
+ {
+ san=$(
+ "$EASYRSA_OPENSSL" x509 -in "$crt_in" -noout -text |
+ sed -n "/X509v3 Subject Alternative Name:/{n;s/ //g;p;}"
+ )
+ [ -n "$san" ] && export EASYRSA_EXTRA_EXTS="\
+$EASYRSA_EXTRA_EXTS
+subjectAltName = $san"
+ }
+
+ # move renewed files so we can reissue certificate with the same name
+ # FIXME: Modify revoke() to also work on the renewed certs subdir
+ move_renewed "$1"
+
+ # renew certificate
+ # shellcheck disable=SC2086
+ build_full $cert_type $1 $opts || die "\
+Failed to renew certificate: renew command failed."
+
+ notice "\
+IMPORTANT!!!
+
+Renew was successful.
+You may want to revoke the old certificate once the new one has been deployed.
+" # => notice end
+ return 0
+} #= renew()
+
+# move-renewed
+# moves renewed certificates to an alternative folder
+# allows reissuing certificates with the same name
+move_renewed() {
+ verify_ca_init
+
+ [ -n "$1" ] || die "\
+Error: didn't find a file base name as the first argument.
+Run easyrsa without commands for usage and command help."
+
+ crt_in="$EASYRSA_PKI/issued/$1.crt"
+ key_in="$EASYRSA_PKI/private/$1.key"
+ req_in="$EASYRSA_PKI/reqs/$1.req"
+
+ verify_file x509 "$crt_in" || die "\
+Unable to move renewed input file. The file is not a valid certificate. Unexpected
+input in file: $crt_in"
+
+ verify_file req "$req_in" || die "\
+Unable to move request. The file is not a valid request. Unexpected
+input in file: $req_in"
+
+ # get the serial number of the certificate -> serial=XXXX
+ cert_serial="$("$EASYRSA_OPENSSL" x509 -in "$crt_in" -noout -serial)"
+ # remove the serial= part -> we only need the XXXX part
+ cert_serial=${cert_serial##*=}
+
+ crt_by_serial="$EASYRSA_PKI/certs_by_serial/$cert_serial.pem"
+ crt_by_serial_renewed="$EASYRSA_PKI/renewed/certs_by_serial/$cert_serial.crt"
+ key_by_serial_renewed="$EASYRSA_PKI/renewed/private_by_serial/$cert_serial.key"
+ req_by_serial_renewed="$EASYRSA_PKI/renewed/reqs_by_serial/$cert_serial.req"
+
+
+ # move crt, key and req file to renewed folders
+ mv "$crt_in" "$crt_by_serial_renewed"
+ mv "$req_in" "$req_by_serial_renewed"
+
+ # only move the key if we have it
+ if [ -e "$key_in" ]
+ then
+ mv "$key_in" "$key_by_serial_renewed"
+ fi
+
+ # move the rest of the files (p12, p7, ...)
+ # shellcheck disable=SC2231
+ for file in $EASYRSA_PKI/private/$1\.???
+ do
+ # get file extension
+ file_ext="${file##*.}"
+
+ [ -f "$file" ] && mv "$file" "$EASYRSA_PKI/renewed/private_by_serial/$cert_serial.$file_ext"
+ done
+
+ # remove the duplicate certificate in the certs_by_serial folder
+ rm "$crt_by_serial"
+
+ return 0
+
+} #= move_renewed()
+
+# gen-crl backend
+gen_crl() {
+ verify_ca_init
+
+ # make safessl-easyrsa.cnf
+ make_ssl_config
+
+ out_file="$EASYRSA_PKI/crl.pem"
+ out_file_tmp="$(mktemp "$out_file.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_2="$out_file_tmp"
+ "$EASYRSA_OPENSSL" ca -utf8 -gencrl -out "$out_file_tmp" -config "$EASYRSA_SAFE_CONF" || die "\
+CRL Generation failed.
+"
+ mv "$out_file_tmp" "$out_file"; EASYRSA_TEMP_FILE_2=
+
+ notice "\
+An updated CRL has been created.
+CRL file: $out_file
+"
+ return 0
+} # => gen_crl()
+
+# import-req backend
+import_req() {
+ verify_pki_init
+
+ # pull passed paths
+ in_req="$1" short_name="$2"
+ out_req="$EASYRSA_PKI/reqs/$2.req"
+
+ [ -n "$short_name" ] || die "\
+Unable to import: incorrect command syntax.
+Run easyrsa without commands for usage and command help."
+
+ verify_file req "$in_req" || die "\
+The input file does not appear to be a certificate request. Aborting import.
+Offending file: $in_req"
+
+ # destination must not exist
+ [ -f "$out_req" ] && die "\
+Unable to import the request as the destination file already exists.
+Please choose a different name for your imported request file.
+Existing file at: $out_req"
+
+ # now import it
+ cp "$in_req" "$out_req"
+
+ notice "\
+The request has been successfully imported with a short name of: $short_name
+You may now use this name to perform signing operations on this request.
+"
+ return 0
+} # => import_req()
+
+# export pkcs#12 or pkcs#7
+export_pkcs() {
+ pkcs_type="$1"
+ shift
+
+ [ -n "$1" ] || die "\
+Unable to export p12: incorrect command syntax.
+Run easyrsa without commands for usage and command help."
+
+ short_name="$1"
+ crt_in="$EASYRSA_PKI/issued/$1.crt"
+ key_in="$EASYRSA_PKI/private/$1.key"
+ crt_ca="$EASYRSA_PKI/ca.crt"
+ shift
+
+ verify_pki_init
+
+ # opts support
+ want_ca=1
+ want_key=1
+ while [ -n "$1" ]; do
+ case "$1" in
+ noca) want_ca="" ;;
+ nokey) want_key="" ;;
+ *) warn "Ignoring unknown command option: '$1'" ;;
+ esac
+ shift
+ done
+
+ pkcs_opts=
+ if [ $want_ca ]; then
+ verify_file x509 "$crt_ca" || die "\
+Unable to include CA cert in the $pkcs_type output (missing file, or use noca option.)
+Missing file expected at: $crt_ca"
+ pkcs_opts="$pkcs_opts -certfile $crt_ca"
+ fi
+
+ # input files must exist
+ verify_file x509 "$crt_in" || die "\
+Unable to export $pkcs_type for short name '$short_name' without the certificate.
+Missing cert expected at: $crt_in"
+
+ case "$pkcs_type" in
+ p12)
+ pkcs_out="$EASYRSA_PKI/private/$short_name.p12"
+
+ if [ $want_key ]; then
+ [ -f "$key_in" ] || die "\
+Unable to export p12 for short name '$short_name' without the key
+(if you want a p12 without the private key, use nokey option.)
+Missing key expected at: $key_in"
+ else
+ pkcs_opts="$pkcs_opts -nokeys"
+ fi
+
+ # export the p12:
+ # shellcheck disable=SC2086
+ "$EASYRSA_OPENSSL" pkcs12 -in "$crt_in" -inkey "$key_in" -export \
+ -out "$pkcs_out" $pkcs_opts || die "\
+Export of p12 failed: see above for related openssl errors."
+ ;;
+ p7)
+ pkcs_out="$EASYRSA_PKI/issued/$short_name.p7b"
+
+ # export the p7:
+ # shellcheck disable=SC2086
+ "$EASYRSA_OPENSSL" crl2pkcs7 -nocrl -certfile "$crt_in" \
+ -out "$pkcs_out" $pkcs_opts || die "\
+Export of p7 failed: see above for related openssl errors."
+ ;;
+esac
+
+ notice "\
+Successful export of $pkcs_type file. Your exported file is at the following
+location: $pkcs_out
+"
+ return 0
+} # => export_pkcs()
+
+# set-pass backend
+set_pass() {
+ verify_pki_init
+
+ # key type, supplied internally from frontend command call (rsa/ec)
+ key_type="$1"
+
+ # values supplied by the user:
+ raw_file="$2"
+ file="$EASYRSA_PKI/private/$raw_file.key"
+ [ -n "$raw_file" ] || die "\
+Missing argument to 'set-$key_type-pass' command: no name/file supplied.
+See help output for usage details."
+
+ # parse command options
+ shift 2
+ crypto="-aes256"
+ while [ -n "$1" ]; do
+ case "$1" in
+ nopass) crypto="" ;;
+ file) file="$raw_file" ;;
+ *) warn "Ignoring unknown command option: '$1'" ;;
+ esac
+ shift
+ done
+
+ [ -f "$file" ] || die "\
+Missing private key: expected to find the private key component at:
+$file"
+
+ notice "\
+If the key is currently encrypted you must supply the decryption passphrase.
+${crypto:+You will then enter a new PEM passphrase for this key.$NL}"
+
+ EASYRSA_TEMP_FILE_2="$file.temp"
+
+ "$EASYRSA_OPENSSL" "$key_type" -in "$file" -out "$EASYRSA_TEMP_FILE_2" $crypto || die "\
+Failed to change the private key passphrase. See above for possible openssl
+error messages."
+
+ mv "$EASYRSA_TEMP_FILE_2" "$file" || die "\
+Failed to change the private key passphrase. See above for error messages."
+
+ notice "Key passphrase successfully changed"
+
+} # => set_pass()
+
+# update-db backend
+update_db() {
+ verify_ca_init
+
+ "$EASYRSA_OPENSSL" ca -utf8 -updatedb -config "$EASYRSA_SSL_CONF" || die "\
+Failed to perform update-db: see above for related openssl errors."
+ return 0
+} # => update_db()
+
+# display cert DN info on a req/X509, passed by full pathname
+display_dn() {
+ format="$1" path="$2"
+ print "$("$EASYRSA_OPENSSL" "$format" -in "$path" -noout -subject -nameopt multiline)"
+} # => display_dn()
+
+# generate default SAN from req/X509, passed by full pathname
+default_server_san() {
+ path="$1"
+ cn=$(
+ "$EASYRSA_OPENSSL" req -in "$path" -noout -subject -nameopt sep_multiline |
+ awk -F'=' '/^ *CN=/{print $2}'
+ )
+ echo "$cn" | grep -E -q '^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$'
+ #shellcheck disable=SC2181
+ if [ $? -eq 0 ]; then
+ print "subjectAltName = IP:$cn"
+ else
+ print "subjectAltName = DNS:$cn"
+ fi
+} # => default_server_san()
+
+# verify a file seems to be a valid req/X509
+verify_file() {
+ format="$1"
+ path="$2"
+ "$EASYRSA_OPENSSL" "$format" -in "$path" -noout 2>/dev/null || return 1
+ return 0
+} # => verify_file()
+
+# show-* command backend
+# Prints req/cert details in a readable format
+show() {
+ type="$1"
+ name="$2"
+ in_file=""
+ format=""
+ [ -n "$name" ] || die "\
+Missing expected filename_base argument.
+Run easyrsa without commands for usage help."
+ shift 2
+
+ # opts support
+ opts="-${type}opt no_pubkey,no_sigdump"
+ while [ -n "$1" ]; do
+ case "$1" in
+ full)
+ opts=""
+ ;;
+ *)
+ warn "Ignoring unknown command option: '$1'"
+ ;;
+ esac
+ shift
+ done
+
+ # Determine cert/req type
+ if [ "$type" = "cert" ]; then
+ verify_ca_init
+ in_file="$EASYRSA_PKI/issued/${name}.crt"
+ format="x509"
+ else
+ verify_pki_init
+ in_file="$EASYRSA_PKI/reqs/${name}.req"
+ format="req"
+ fi
+
+ # Verify file exists and is of the correct type
+ [ -f "$in_file" ] || die "\
+No such $type file with a basename of '$name' is present.
+Expected to find this file at:
+$in_file"
+ verify_file $format "$in_file" || die "\
+This file is not a valid $type file:
+$in_file"
+
+ notice "\
+Showing $type details for '$name'.
+This file is stored at:
+$in_file
+"
+ "$EASYRSA_OPENSSL" $format -in "$in_file" -noout -text\
+ -nameopt multiline $opts || die "\
+OpenSSL failure to process the input"
+} # => show()
+
+# show-ca command backend
+# Prints CA cert details in a readable format
+show_ca() {
+ # opts support
+ opts="-certopt no_pubkey,no_sigdump"
+ while [ -n "$1" ]; do
+ case "$1" in
+ full) opts= ;;
+ *) warn "Ignoring unknown command option: '$1'" ;;
+ esac
+ shift
+ done
+
+ verify_ca_init
+ in_file="$EASYRSA_PKI/ca.crt"
+ format="x509"
+
+ # Verify file exists and is of the correct type
+ [ -f "$in_file" ] || die "\
+No such $type file with a basename of '$name' is present.
+Expected to find this file at:
+$in_file"
+ verify_file $format "$in_file" || die "\
+This file is not a valid $type file:
+$in_file"
+
+ notice "\
+Showing $type details for 'ca'.
+This file is stored at:
+$in_file
+"
+ "$EASYRSA_OPENSSL" $format -in "$in_file" -noout -text\
+ -nameopt multiline $opts || die "\
+OpenSSL failure to process the input"
+} # => show_ca()
+
+# vars setup
+# Here sourcing of 'vars' if present occurs. If not present, defaults are used
+# to support running without a sourced config format
+vars_setup() {
+ # Try to locate a 'vars' file in order of location preference.
+ # If one is found, source it
+ vars=
+
+ # set up program path
+ prog_vars="${0%/*}/vars"
+ # set up PKI path
+ pki_vars="${EASYRSA_PKI:-$PWD/pki}/vars"
+
+ # command-line path:
+ if [ -f "$EASYRSA_VARS_FILE" ]; then
+ vars="$EASYRSA_VARS_FILE"
+ # PKI location, if present:
+ elif [ -f "$pki_vars" ]; then
+ vars="$pki_vars"
+ # EASYRSA, if defined:
+ elif [ -n "$EASYRSA" ] && [ -f "$EASYRSA/vars" ]; then
+ vars="$EASYRSA/vars"
+ # program location:
+ elif [ -f "$prog_vars" ]; then
+ vars="$prog_vars"
+ fi
+
+ # If a vars file was located, source it
+ # If $EASYRSA_NO_VARS is defined (not blank) this is skipped
+ if [ -z "$EASYRSA_NO_VARS" ] && [ -n "$vars" ]; then
+ #shellcheck disable=SC2034
+ EASYRSA_CALLER=1
+ # shellcheck disable=SC1090
+ . "$vars"
+ notice "\
+Note: using Easy-RSA configuration from: $vars"
+ fi
+
+ # Set defaults, preferring existing env-vars if present
+ set_var EASYRSA "${0%/*}"
+ set_var EASYRSA_OPENSSL openssl
+ set_var EASYRSA_PKI "$PWD/pki"
+ set_var EASYRSA_DN cn_only
+ set_var EASYRSA_REQ_COUNTRY "US"
+ set_var EASYRSA_REQ_PROVINCE "California"
+ set_var EASYRSA_REQ_CITY "San Francisco"
+ set_var EASYRSA_REQ_ORG "Copyleft Certificate Co"
+ set_var EASYRSA_REQ_EMAIL me@example.net
+ set_var EASYRSA_REQ_OU "My Organizational Unit"
+ set_var EASYRSA_ALGO rsa
+ set_var EASYRSA_KEY_SIZE 2048
+ set_var EASYRSA_CURVE secp384r1
+ set_var EASYRSA_EC_DIR "$EASYRSA_PKI/ecparams"
+ set_var EASYRSA_CA_EXPIRE 3650
+ set_var EASYRSA_CERT_EXPIRE 1080 # new default of 36 months
+ set_var EASYRSA_CERT_RENEW 30
+ set_var EASYRSA_CRL_DAYS 180
+ set_var EASYRSA_NS_SUPPORT no
+ set_var EASYRSA_NS_COMMENT "Easy-RSA (v3.0.6) Generated Certificate"
+ set_var EASYRSA_TEMP_CONF "$EASYRSA_PKI/openssl-easyrsa.temp"
+ set_var EASYRSA_TEMP_EXT "$EASYRSA_PKI/extensions.temp"
+ set_var EASYRSA_TEMP_FILE_2 ""
+ set_var EASYRSA_TEMP_FILE_3 ""
+ set_var EASYRSA_REQ_CN ChangeMe
+ set_var EASYRSA_DIGEST sha256
+
+ set_var EASYRSA_SSL_CONF "$EASYRSA_PKI/openssl-easyrsa.cnf"
+ set_var EASYRSA_SAFE_CONF "$EASYRSA_PKI/safessl-easyrsa.cnf"
+
+ # Same as above for the x509-types extensions dir
+ if [ -d "$EASYRSA_PKI/x509-types" ]; then
+ set_var EASYRSA_EXT_DIR "$EASYRSA_PKI/x509-types"
+ else
+ #TODO: This should be removed. Not really suitable for packaging.
+ set_var EASYRSA_EXT_DIR "$EASYRSA/x509-types"
+ fi
+
+ # EASYRSA_ALGO_PARAMS must be set depending on selected algo
+ if [ "ec" = "$EASYRSA_ALGO" ]; then
+ EASYRSA_ALGO_PARAMS="$EASYRSA_EC_DIR/${EASYRSA_CURVE}.pem"
+ elif [ "rsa" = "$EASYRSA_ALGO" ]; then
+ EASYRSA_ALGO_PARAMS="${EASYRSA_KEY_SIZE}"
+ else
+ die "Alg '$EASYRSA_ALGO' is invalid: must be 'rsa' or 'ec'"
+ fi
+
+ # Setting OPENSSL_CONF prevents bogus warnings (especially useful on win32)
+ export OPENSSL_CONF="$EASYRSA_SAFE_CONF"
+} # vars_setup()
+
+# variable assignment by indirection when undefined; merely exports
+# the variable when it is already defined (even if currently null)
+# Sets $1 as the value contained in $2 and exports (may be blank)
+set_var() {
+ var=$1
+ shift
+ value="$*"
+ eval "export $var=\"\${$var-$value}\""
+} #=> set_var()
+
+########################################
+# Invocation entry point:
+
+NL='
+'
+
+# Be secure with a restrictive umask
+[ -z "$EASYRSA_NO_UMASK" ] && umask 077
+
+# Parse options
+while :; do
+ # Separate option from value:
+ opt="${1%%=*}"
+ val="${1#*=}"
+ empty_ok="" # Empty values are not allowed unless excepted
+
+ case "$opt" in
+ --days)
+ export EASYRSA_CERT_EXPIRE="$val"
+ export EASYRSA_CA_EXPIRE="$val"
+ export EASYRSA_CRL_DAYS="$val"
+ ;;
+ --pki-dir)
+ export EASYRSA_PKI="$val" ;;
+ --use-algo)
+ export EASYRSA_ALGO="$val" ;;
+ --keysize)
+ export EASYRSA_KEY_SIZE="$val" ;;
+ --curve)
+ export EASYRSA_CURVE="$val" ;;
+ --dn-mode)
+ export EASYRSA_DN="$val" ;;
+ --req-cn)
+ export EASYRSA_REQ_CN="$val" ;;
+ --digest)
+ export EASYRSA_DIGEST="$val" ;;
+ --req-c)
+ empty_ok=1
+ export EASYRSA_REQ_COUNTRY="$val" ;;
+ --req-st)
+ empty_ok=1
+ export EASYRSA_REQ_PROVINCE="$val" ;;
+ --req-city)
+ empty_ok=1
+ export EASYRSA_REQ_CITY="$val" ;;
+ --req-org)
+ empty_ok=1
+ export EASYRSA_REQ_ORG="$val" ;;
+ --req-email)
+ empty_ok=1
+ export EASYRSA_REQ_EMAIL="$val" ;;
+ --req-ou)
+ empty_ok=1
+ export EASYRSA_REQ_OU="$val" ;;
+ --ns-cert)
+ export EASYRSA_NS_SUPPORT="$val" ;;
+ --ns-comment)
+ empty_ok=1
+ export EASYRSA_NS_COMMENT="$val" ;;
+ --batch)
+ empty_ok=1
+ export EASYRSA_BATCH=1 ;;
+ --subca-len)
+ export EASYRSA_SUBCA_LEN="$val" ;;
+ --vars)
+ export EASYRSA_VARS_FILE="$val" ;;
+ --copy-ext)
+ empty_ok=1
+ export EASYRSA_CP_EXT=1 ;;
+ --subject-alt-name)
+ export EASYRSA_EXTRA_EXTS="\
+$EASYRSA_EXTRA_EXTS
+subjectAltName = $val" ;;
+ *)
+ break ;;
+ esac
+
+ # fatal error when no value was provided
+ if [ ! $empty_ok ] && { [ "$val" = "$1" ] || [ -z "$val" ]; }; then
+ die "Missing value to option: $opt"
+ fi
+
+ shift
+done
+
+# Intelligent env-var detection and auto-loading:
+vars_setup
+
+# Register clean_temp and prog_exit on SIGHUP, SIGINT, SIGQUIT, and SIGABRT
+trap "clean_temp; prog_exit 1" 1
+trap "clean_temp; prog_exit 2" 2
+trap "clean_temp; prog_exit 3" 3
+trap "clean_temp; prog_exit 6" 6
+trap "clean_temp; prog_exit 15" 15
+
+# determine how we were called, then hand off to the function responsible
+cmd="$1"
+[ -n "$1" ] && shift # scrape off command
+case "$cmd" in
+ init-pki|clean-all)
+ init_pki "$@"
+ ;;
+ build-ca)
+ build_ca "$@"
+ ;;
+ gen-dh)
+ gen_dh
+ ;;
+ gen-req)
+ gen_req "$@"
+ ;;
+ sign|sign-req)
+ sign_req "$@"
+ ;;
+ build-client-full)
+ build_full client "$@"
+ ;;
+ build-server-full)
+ build_full server "$@"
+ ;;
+ build-serverClient-full)
+ build_full serverClient "$@"
+ ;;
+ gen-crl)
+ gen_crl
+ ;;
+ revoke)
+ revoke "$@"
+ ;;
+ renew)
+ renew "$@"
+ ;;
+ import-req)
+ import_req "$@"
+ ;;
+ export-p12)
+ export_pkcs p12 "$@"
+ ;;
+ export-p7)
+ export_pkcs p7 "$@"
+ ;;
+ set-rsa-pass)
+ set_pass rsa "$@"
+ ;;
+ set-ec-pass)
+ set_pass ec "$@"
+ ;;
+ update-db)
+ update_db
+ ;;
+ show-req)
+ show req "$@"
+ ;;
+ show-cert)
+ show cert "$@"
+ ;;
+ show-ca)
+ show_ca "$@"
+ ;;
+ ""|help|-h|--help|--usage)
+ cmd_help "$1"
+ exit 0
+ ;;
+ *)
+ die "Unknown command '$cmd'. Run without commands for usage help."
+ ;;
+esac
+
+# vim: ft=sh nu ai sw=8 ts=8 noet
--- /dev/null
+# For use with Easy-RSA 3.1 and OpenSSL or LibreSSL
+
+RANDFILE = $ENV::EASYRSA_PKI/.rnd
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = $ENV::EASYRSA_PKI # Where everything is kept
+certs = $dir # Where the issued certs are kept
+crl_dir = $dir # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+new_certs_dir = $dir/certs_by_serial # default place for new certs.
+
+certificate = $dir/ca.crt # The CA certificate
+serial = $dir/serial # The current serial number
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/ca.key # The private key
+RANDFILE = $dir/.rand # private random number file
+
+x509_extensions = basic_exts # The extentions to add to the cert
+
+# This allows a V2 CRL. Ancient browsers don't like it, but anything Easy-RSA
+# is designed for will. In return, we get the Issuer attached to CRLs.
+crl_extensions = crl_ext
+
+default_days = $ENV::EASYRSA_CERT_EXPIRE # how long to certify for
+default_crl_days= $ENV::EASYRSA_CRL_DAYS # how long before next CRL
+default_md = $ENV::EASYRSA_DIGEST # use public key default MD
+preserve = no # keep passed DN ordering
+
+# This allows to renew certificates which have not been revoked
+unique_subject = no
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_anything
+
+# For the 'anything' policy, which defines allowed DN fields
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+name = optional
+emailAddress = optional
+
+####################################################################
+# Easy-RSA request handling
+# We key off $DN_MODE to determine how to format the DN
+[ req ]
+default_bits = $ENV::EASYRSA_KEY_SIZE
+default_keyfile = privkey.pem
+default_md = $ENV::EASYRSA_DIGEST
+distinguished_name = $ENV::EASYRSA_DN
+x509_extensions = easyrsa_ca # The extentions to add to the self signed cert
+
+# A placeholder to handle the $EXTRA_EXTS feature:
+#%EXTRA_EXTS% # Do NOT remove or change this line as $EXTRA_EXTS support requires it
+
+####################################################################
+# Easy-RSA DN (Subject) handling
+
+# Easy-RSA DN for cn_only support:
+[ cn_only ]
+commonName = Common Name (eg: your user, host, or server name)
+commonName_max = 64
+commonName_default = $ENV::EASYRSA_REQ_CN
+
+# Easy-RSA DN for org support:
+[ org ]
+countryName = Country Name (2 letter code)
+countryName_default = $ENV::EASYRSA_REQ_COUNTRY
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = $ENV::EASYRSA_REQ_PROVINCE
+
+localityName = Locality Name (eg, city)
+localityName_default = $ENV::EASYRSA_REQ_CITY
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = $ENV::EASYRSA_REQ_ORG
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+organizationalUnitName_default = $ENV::EASYRSA_REQ_OU
+
+commonName = Common Name (eg: your user, host, or server name)
+commonName_max = 64
+commonName_default = $ENV::EASYRSA_REQ_CN
+
+emailAddress = Email Address
+emailAddress_default = $ENV::EASYRSA_REQ_EMAIL
+emailAddress_max = 64
+
+####################################################################
+# Easy-RSA cert extension handling
+
+# This section is effectively unused as the main script sets extensions
+# dynamically. This core section is left to support the odd usecase where
+# a user calls openssl directly.
+[ basic_exts ]
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+
+# The Easy-RSA CA extensions
+[ easyrsa_ca ]
+
+# PKIX recommendations:
+
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This could be marked critical, but it's nice to support reading by any
+# broken clients who attempt to do so.
+basicConstraints = CA:true
+
+# Limit key usage to CA tasks. If you really want to use the generated pair as
+# a self-signed cert, comment this out.
+keyUsage = cRLSign, keyCertSign
+
+# nsCertType omitted by default. Let's try to let the deprecated stuff die.
+# nsCertType = sslCA
+
+# CRL extensions.
+[ crl_ext ]
+
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIICCDCCAY6gAwIBAgIUFpM3siy07jymSvRE5W3KA5SgaewwCgYIKoZIzj0EAwIw
+GjEYMBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDczMDEzMDQyMFoXDTI5
+MDcyNzEzMDQyMFowGjEYMBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMHYwEAYHKoZI
+zj0CAQYFK4EEACIDYgAEf0Vp3WUOyNyNadbV0wXRxNws3Vfj0DtLOWS+PqHnpqQR
+DDoiX0VgP22UPewYdBM0G+8rY69V7/T0I2c1MOxehEJpwzDtrPSwWFIYlovhrTm5
+aCXFWv7Emjc2lzff7796o4GUMIGRMB0GA1UdDgQWBBTbN0eikCKafCP5MWLoyV7R
+ZUYZ1jBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG
+A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DAMBgNV
+HRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDAgNoADBlAjEAhPooIL9r
+CPdBnbm7odHvnvllUvR+iwwfcJSB17uV7Zt/XrobItEvMkrj1pBNz/OHAjAL+ktb
+q0j0Zxzt35PA8oNPttbKNAUXT7KYSQ4KYstqX3NRvoXKOAj48p1IjkuUC3k=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 07:5b:cc:38:0a:a7:60:e4:33:ea:dc:63:5f:da:65:bb
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=USER OpenVPN CA
+ Validity
+ Not Before: Jul 30 13:14:04 2019 GMT
+ Not After : Jul 14 13:14:04 2022 GMT
+ Subject: CN=dvasary
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:83:4f:51:7b:f1:30:dc:76:25:db:21:fd:11:8a:
+ 39:fc:6f:4a:0f:f5:38:9d:8e:3c:18:c3:e2:b9:9a:
+ 7e:d8:25:9d:69:f1:40:f2:1c:f8:bd:7c:98:e9:1d:
+ 86:78:d0:d5:7b:b1:e6:8a:cb:44:e9:42:6c:61:c4:
+ d9:32:c5:16:f0:76:71:90:58:0f:13:f4:cb:01:02:
+ 68:fa:bb:3e:cb:24:47:e2:87:2d:f2:c6:d9:5f:b8:
+ 16:de:47:aa:bf:02:65
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 61:47:26:E4:48:A5:C7:F8:38:0A:5F:06:FE:F6:35:DC:BB:71:F1:36
+ X509v3 Authority Key Identifier:
+ keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6
+ DirName:/CN=USER OpenVPN CA
+ serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:66:02:31:00:8a:59:88:96:eb:a1:b6:5d:51:39:39:63:b6:
+ 53:c1:1e:01:ae:35:ff:3e:a5:ba:ed:17:a9:0b:2d:a9:86:c3:
+ ae:c1:47:55:9b:16:9f:d7:29:71:28:06:92:6c:da:86:75:02:
+ 31:00:b3:f1:55:67:51:44:2f:fa:5f:c0:65:ce:45:c3:ef:88:
+ f4:80:98:65:69:e5:db:7b:42:71:6f:16:f2:06:5c:ad:e1:ce:
+ fb:dc:fc:46:1f:b2:79:61:5a:c9:81:b5:24:c3
+-----BEGIN CERTIFICATE-----
+MIICDzCCAZSgAwIBAgIQB1vMOAqnYOQz6txjX9pluzAKBggqhkjOPQQDAjAaMRgw
+FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNDA0WhcNMjIwNzE0
+MTMxNDA0WjASMRAwDgYDVQQDDAdkdmFzYXJ5MHYwEAYHKoZIzj0CAQYFK4EEACID
+YgAEg09Re/Ew3HYl2yH9EYo5/G9KD/U4nY48GMPiuZp+2CWdafFA8hz4vXyY6R2G
+eNDVe7HmistE6UJsYcTZMsUW8HZxkFgPE/TLAQJo+rs+yyRH4oct8sbZX7gW3keq
+vwJlo4GmMIGjMAkGA1UdEwQCMAAwHQYDVR0OBBYEFGFHJuRIpcf4OApfBv72Ndy7
+cfE2MFUGA1UdIwROMEyAFNs3R6KQIpp8I/kxYujJXtFlRhnWoR6kHDAaMRgwFgYD
+VQQDDA9VU0VSIE9wZW5WUE4gQ0GCFBaTN7IstO48pkr0ROVtygOUoGnsMBMGA1Ud
+JQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjOPQQDAgNpADBmAjEA
+ilmIluuhtl1ROTljtlPBHgGuNf8+pbrtF6kLLamGw67BR1WbFp/XKXEoBpJs2oZ1
+AjEAs/FVZ1FEL/pfwGXORcPviPSAmGVp5dt7QnFvFvIGXK3hzvvc/EYfsnlhWsmB
+tSTD
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 12:23:21:70:b0:f9:e3:c1:fe:60:d8:6e:ec:97:35:12
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=USER OpenVPN CA
+ Validity
+ Not Before: Jul 30 13:13:49 2019 GMT
+ Not After : Jul 14 13:13:49 2022 GMT
+ Subject: CN=cslevai
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:4b:d4:e1:4f:a7:5b:1e:c4:7d:40:27:19:de:bc:
+ cc:78:6b:5a:86:13:48:c4:c0:40:09:4e:1d:cd:b4:
+ f0:8d:14:2e:44:7c:8e:2d:7b:75:27:00:c4:9b:5c:
+ 71:1d:35:ff:f6:91:01:e2:3f:22:4d:f4:59:45:e4:
+ 85:61:a2:30:bb:7f:8e:7f:86:db:79:7a:da:61:00:
+ 72:3d:60:0b:3a:7b:d3:8e:43:d5:21:f9:e5:ef:01:
+ 02:48:0e:aa:07:e0:df
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ A5:71:47:49:34:D9:70:4C:8E:A6:06:51:69:AC:4D:2F:61:9F:3F:D2
+ X509v3 Authority Key Identifier:
+ keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6
+ DirName:/CN=USER OpenVPN CA
+ serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:64:02:30:79:11:b6:e8:91:42:c8:db:cd:fa:27:07:1d:5b:
+ cc:9f:b2:f3:d2:0f:79:7f:7e:83:3a:e9:4b:86:a0:ba:c1:10:
+ 9a:87:21:f0:2c:26:e9:c5:fc:fc:7c:6c:45:79:29:d3:02:30:
+ 0b:74:ab:68:f6:25:3f:d3:2b:eb:a9:13:1d:3d:b1:a8:80:9c:
+ 1f:8f:6f:de:de:2f:a7:7f:ad:5a:a5:18:29:05:99:65:5f:63:
+ 50:31:6e:78:90:e6:12:3e:83:f1:d8:b0
+-----BEGIN CERTIFICATE-----
+MIICDTCCAZSgAwIBAgIQEiMhcLD548H+YNhu7Jc1EjAKBggqhkjOPQQDAjAaMRgw
+FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxMzQ5WhcNMjIwNzE0
+MTMxMzQ5WjASMRAwDgYDVQQDDAdjc2xldmFpMHYwEAYHKoZIzj0CAQYFK4EEACID
+YgAES9ThT6dbHsR9QCcZ3rzMeGtahhNIxMBACU4dzbTwjRQuRHyOLXt1JwDEm1xx
+HTX/9pEB4j8iTfRZReSFYaIwu3+Of4bbeXraYQByPWALOnvTjkPVIfnl7wECSA6q
+B+Dfo4GmMIGjMAkGA1UdEwQCMAAwHQYDVR0OBBYEFKVxR0k02XBMjqYGUWmsTS9h
+nz/SMFUGA1UdIwROMEyAFNs3R6KQIpp8I/kxYujJXtFlRhnWoR6kHDAaMRgwFgYD
+VQQDDA9VU0VSIE9wZW5WUE4gQ0GCFBaTN7IstO48pkr0ROVtygOUoGnsMBMGA1Ud
+JQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjOPQQDAgNnADBkAjB5
+EbbokULI2836JwcdW8yfsvPSD3l/foM66UuGoLrBEJqHIfAsJunF/Px8bEV5KdMC
+MAt0q2j2JT/TK+upEx09saiAnB+Pb97eL6d/rVqlGCkFmWVfY1AxbniQ5hI+g/HY
+sA==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 23:7b:c7:68:f3:7b:5c:8e:17:63:b5:67:3e:d3:10:1c
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=USER OpenVPN CA
+ Validity
+ Not Before: Jul 30 13:15:16 2019 GMT
+ Not After : Jul 14 13:15:16 2022 GMT
+ Subject: CN=mszabo
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:d4:de:f0:4a:f4:a0:8a:bd:52:97:87:c0:f5:28:
+ 87:7d:7b:4c:f3:3d:13:be:6b:f6:61:23:f8:91:fd:
+ 2a:59:db:38:2e:ec:d6:5d:21:c2:b9:e0:8c:38:36:
+ c9:bb:2c:f9:87:f3:c5:53:28:d1:94:03:d3:24:c0:
+ fa:95:b3:19:4a:42:95:94:22:11:4f:82:ea:bf:16:
+ 42:42:90:f1:9e:e9:68:48:2e:b9:db:71:be:48:4a:
+ eb:06:61:63:73:77:18
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 8B:C8:96:C9:E3:FD:F0:F2:13:BD:F3:32:17:FD:4F:40:19:3D:2A:5F
+ X509v3 Authority Key Identifier:
+ keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6
+ DirName:/CN=USER OpenVPN CA
+ serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:66:02:31:00:84:81:10:d7:e4:4f:e6:1d:de:3f:6c:9d:f9:
+ 45:2f:6c:74:c1:ce:65:da:b9:0f:56:2d:3c:08:2d:a9:62:d2:
+ ec:45:46:50:7d:da:d1:0d:73:8c:e9:57:57:3e:2d:49:14:02:
+ 31:00:9e:6a:e2:fa:4f:6d:04:6f:3f:6b:35:9e:1b:6a:94:b8:
+ 3b:f3:79:db:9b:cd:2c:84:48:e9:7a:a9:13:d2:08:b0:d0:f2:
+ c6:22:7e:87:3b:f4:6d:d0:b7:db:c4:b5:ad:5d
+-----BEGIN CERTIFICATE-----
+MIICDjCCAZOgAwIBAgIQI3vHaPN7XI4XY7VnPtMQHDAKBggqhkjOPQQDAjAaMRgw
+FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNTE2WhcNMjIwNzE0
+MTMxNTE2WjARMQ8wDQYDVQQDDAZtc3phYm8wdjAQBgcqhkjOPQIBBgUrgQQAIgNi
+AATU3vBK9KCKvVKXh8D1KId9e0zzPRO+a/ZhI/iR/SpZ2zgu7NZdIcK54Iw4Nsm7
+LPmH88VTKNGUA9MkwPqVsxlKQpWUIhFPguq/FkJCkPGe6WhILrnbcb5ISusGYWNz
+dxijgaYwgaMwCQYDVR0TBAIwADAdBgNVHQ4EFgQUi8iWyeP98PITvfMyF/1PQBk9
+Kl8wVQYDVR0jBE4wTIAU2zdHopAimnwj+TFi6Mle0WVGGdahHqQcMBoxGDAWBgNV
+BAMMD1VTRVIgT3BlblZQTiBDQYIUFpM3siy07jymSvRE5W3KA5SgaewwEwYDVR0l
+BAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMCA2kAMGYCMQCE
+gRDX5E/mHd4/bJ35RS9sdMHOZdq5D1YtPAgtqWLS7EVGUH3a0Q1zjOlXVz4tSRQC
+MQCeauL6T20Ebz9rNZ4bapS4O/N525vNLIRI6XqpE9IIsNDyxiJ+hzv0bdC328S1
+rV0=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 26:84:6a:96:d0:db:00:70:3b:7d:c8:aa:d6:0a:5b:07
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=USER OpenVPN CA
+ Validity
+ Not Before: Jul 30 13:12:51 2019 GMT
+ Not After : Jul 14 13:12:51 2022 GMT
+ Subject: CN=akosztolanyi
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:97:d4:89:82:0c:1b:ad:c4:4b:dd:4c:19:a5:f5:
+ d8:3c:42:9d:d2:b0:0d:9e:6c:a6:a8:62:9a:bf:fd:
+ 78:9d:76:f4:02:ad:51:9f:97:12:59:bc:c1:a3:a0:
+ 17:35:76:2f:74:ea:b9:d3:72:4b:35:94:40:f3:7e:
+ b5:1c:af:51:d1:b4:d3:7a:69:3d:7f:1e:51:97:fe:
+ e3:4a:ec:01:c6:e9:89:e9:8e:b7:94:a3:72:12:6e:
+ 66:c5:a2:de:ad:27:e2
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ E9:6C:48:68:A1:BA:B9:7D:A3:9C:BF:89:F3:87:51:9B:B1:6C:9B:16
+ X509v3 Authority Key Identifier:
+ keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6
+ DirName:/CN=USER OpenVPN CA
+ serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:30:6c:e9:e9:01:19:c4:53:40:ff:e6:bb:36:1f:51:
+ cd:1f:40:88:1d:e2:b3:8d:61:48:5d:ec:de:f8:20:c1:21:b1:
+ 38:5e:0b:c3:f7:ae:9c:41:38:36:73:a0:06:b6:a4:55:02:31:
+ 00:cc:50:fa:3f:7a:6c:6b:90:bf:6a:c6:af:1e:94:88:b7:90:
+ 5d:b7:27:cf:b3:28:bc:ee:31:99:f0:9b:87:48:06:d2:6d:24:
+ f0:d1:ad:be:94:b8:22:64:63:0f:d0:2d:85
+-----BEGIN CERTIFICATE-----
+MIICEzCCAZmgAwIBAgIQJoRqltDbAHA7fciq1gpbBzAKBggqhkjOPQQDAjAaMRgw
+FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxMjUxWhcNMjIwNzE0
+MTMxMjUxWjAXMRUwEwYDVQQDDAxha29zenRvbGFueWkwdjAQBgcqhkjOPQIBBgUr
+gQQAIgNiAASX1ImCDButxEvdTBml9dg8Qp3SsA2ebKaoYpq//XiddvQCrVGflxJZ
+vMGjoBc1di906rnTcks1lEDzfrUcr1HRtNN6aT1/HlGX/uNK7AHG6YnpjreUo3IS
+bmbFot6tJ+KjgaYwgaMwCQYDVR0TBAIwADAdBgNVHQ4EFgQU6WxIaKG6uX2jnL+J
+84dRm7FsmxYwVQYDVR0jBE4wTIAU2zdHopAimnwj+TFi6Mle0WVGGdahHqQcMBox
+GDAWBgNVBAMMD1VTRVIgT3BlblZQTiBDQYIUFpM3siy07jymSvRE5W3KA5Sgaeww
+EwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMCA2gA
+MGUCMGzp6QEZxFNA/+a7Nh9RzR9AiB3is41hSF3s3vggwSGxOF4Lw/eunEE4NnOg
+BrakVQIxAMxQ+j96bGuQv2rGrx6UiLeQXbcnz7MovO4xmfCbh0gG0m0k8NGtvpS4
+ImRjD9AthQ==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 29:f1:f8:31:17:93:d7:58:d5:ad:0e:ce:a7:26:70:33
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=USER OpenVPN CA
+ Validity
+ Not Before: Jul 30 13:13:11 2019 GMT
+ Not After : Jul 14 13:13:11 2022 GMT
+ Subject: CN=azsamboki
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:34:0d:f3:0e:e6:05:69:f3:24:7d:ef:19:0c:ce:
+ 04:bd:24:34:e3:8c:e5:2b:7e:3f:70:39:55:9b:2e:
+ 73:fa:c6:4e:44:42:95:69:82:13:85:98:63:5a:25:
+ dc:1c:b2:32:9c:97:01:b5:fb:c4:dd:59:05:8a:ab:
+ b6:c1:b2:13:03:0a:e3:8b:e7:ea:62:c1:71:1b:4f:
+ 20:74:9c:0b:df:46:56:6c:03:d5:8c:d8:4c:02:e9:
+ 6e:62:3a:1f:b3:0e:ba
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 19:A1:EF:03:DB:DF:4F:40:2A:FD:35:E0:C9:ED:DD:75:47:2F:32:1B
+ X509v3 Authority Key Identifier:
+ keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6
+ DirName:/CN=USER OpenVPN CA
+ serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:31:00:d2:08:c6:1b:75:81:72:2e:c6:46:cd:47:11:
+ 2e:7c:3e:ba:e2:75:1c:8c:48:e1:4f:ac:61:5b:07:26:97:cc:
+ 0a:38:7f:0d:e4:63:35:c6:a5:8e:39:f3:4c:18:79:6d:0a:02:
+ 30:54:57:e5:dd:49:2b:8e:3e:89:ef:87:2f:d4:f4:ef:a3:95:
+ 2d:f5:87:5a:3a:1f:93:58:7d:c5:fe:9a:45:f1:8f:d1:44:13:
+ 30:b0:07:c0:b6:80:35:3f:b8:a8:96:c7:8c
+-----BEGIN CERTIFICATE-----
+MIICEDCCAZagAwIBAgIQKfH4MReT11jVrQ7OpyZwMzAKBggqhkjOPQQDAjAaMRgw
+FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxMzExWhcNMjIwNzE0
+MTMxMzExWjAUMRIwEAYDVQQDDAlhenNhbWJva2kwdjAQBgcqhkjOPQIBBgUrgQQA
+IgNiAAQ0DfMO5gVp8yR97xkMzgS9JDTjjOUrfj9wOVWbLnP6xk5EQpVpghOFmGNa
+JdwcsjKclwG1+8TdWQWKq7bBshMDCuOL5+piwXEbTyB0nAvfRlZsA9WM2EwC6W5i
+Oh+zDrqjgaYwgaMwCQYDVR0TBAIwADAdBgNVHQ4EFgQUGaHvA9vfT0Aq/TXgye3d
+dUcvMhswVQYDVR0jBE4wTIAU2zdHopAimnwj+TFi6Mle0WVGGdahHqQcMBoxGDAW
+BgNVBAMMD1VTRVIgT3BlblZQTiBDQYIUFpM3siy07jymSvRE5W3KA5SgaewwEwYD
+VR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMCA2gAMGUC
+MQDSCMYbdYFyLsZGzUcRLnw+uuJ1HIxI4U+sYVsHJpfMCjh/DeRjNcaljjnzTBh5
+bQoCMFRX5d1JK44+ie+HL9T076OVLfWHWjofk1h9xf6aRfGP0UQTMLAHwLaANT+4
+qJbHjA==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 32:06:af:0b:00:a2:dd:98:26:61:13:a2:f8:c5:f8:e7
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=USER OpenVPN CA
+ Validity
+ Not Before: Jul 30 13:14:15 2019 GMT
+ Not After : Jul 14 13:14:15 2022 GMT
+ Subject: CN=fritter
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:01:16:61:9a:29:9b:00:34:c6:d8:d0:31:87:e7:
+ 2c:fd:7a:7e:e0:6e:f7:26:1a:62:7f:d4:7d:aa:8d:
+ 0e:83:bd:c2:51:8c:cb:34:2b:3d:04:40:4f:2c:6f:
+ 8b:86:9b:7f:de:a2:79:a4:0a:03:4c:70:71:34:ba:
+ f6:f8:d1:e8:92:18:32:d6:78:3d:5d:29:5c:70:a0:
+ b6:80:7f:21:e2:63:09:57:c1:46:fd:9b:d9:7a:2a:
+ b8:13:f2:f7:83:cc:32
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ B1:1A:69:80:EF:74:B3:58:F8:3B:86:7A:86:DF:8C:50:30:56:12:04
+ X509v3 Authority Key Identifier:
+ keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6
+ DirName:/CN=USER OpenVPN CA
+ serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:66:02:31:00:da:29:1d:b3:22:d6:c9:b3:16:e6:14:41:77:
+ fb:87:e7:9c:39:0b:a4:40:42:bf:45:0a:b0:4e:53:89:c9:a9:
+ 6b:90:b7:88:85:bd:f0:9b:a0:a4:4b:fb:e3:2e:6f:d1:ff:02:
+ 31:00:82:ce:d7:ed:cd:94:17:96:d4:65:97:82:11:ae:dd:22:
+ 2c:2f:f2:64:55:ef:e7:25:c9:89:c3:bf:fc:cf:5f:c5:60:00:
+ 2c:e9:7d:36:7b:6b:b8:c0:08:c2:66:f2:f7:ef
+-----BEGIN CERTIFICATE-----
+MIICDzCCAZSgAwIBAgIQMgavCwCi3ZgmYROi+MX45zAKBggqhkjOPQQDAjAaMRgw
+FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNDE1WhcNMjIwNzE0
+MTMxNDE1WjASMRAwDgYDVQQDDAdmcml0dGVyMHYwEAYHKoZIzj0CAQYFK4EEACID
+YgAEARZhmimbADTG2NAxh+cs/Xp+4G73Jhpif9R9qo0Og73CUYzLNCs9BEBPLG+L
+hpt/3qJ5pAoDTHBxNLr2+NHokhgy1ng9XSlccKC2gH8h4mMJV8FG/ZvZeiq4E/L3
+g8wyo4GmMIGjMAkGA1UdEwQCMAAwHQYDVR0OBBYEFLEaaYDvdLNY+DuGeobfjFAw
+VhIEMFUGA1UdIwROMEyAFNs3R6KQIpp8I/kxYujJXtFlRhnWoR6kHDAaMRgwFgYD
+VQQDDA9VU0VSIE9wZW5WUE4gQ0GCFBaTN7IstO48pkr0ROVtygOUoGnsMBMGA1Ud
+JQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjOPQQDAgNpADBmAjEA
+2ikdsyLWybMW5hRBd/uH55w5C6RAQr9FCrBOU4nJqWuQt4iFvfCboKRL++Mub9H/
+AjEAgs7X7c2UF5bUZZeCEa7dIiwv8mRV7+clyYnDv/zPX8VgACzpfTZ7a7jACMJm
+8vfv
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 34:13:80:3e:21:7f:3b:dd:0a:af:d5:cb:0d:17:4b:3c
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=USER OpenVPN CA
+ Validity
+ Not Before: Jul 30 13:16:17 2019 GMT
+ Not After : Jul 14 13:16:17 2022 GMT
+ Subject: CN=zfelleg
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:83:a4:95:4c:f4:18:92:47:f1:fe:26:d4:2c:3a:
+ a1:65:73:7b:ef:cd:26:ef:dc:d7:7a:dc:95:9a:8b:
+ 66:3f:e9:c9:2e:f6:ac:0a:0e:a1:8f:bd:a5:00:42:
+ 3a:30:03:9c:0a:5b:4a:c3:3c:bc:62:05:60:37:36:
+ 99:e4:e7:27:2d:ae:a9:c1:a2:57:35:8e:d2:59:77:
+ 29:16:64:50:94:16:ca:1a:19:31:1a:83:8c:41:07:
+ 7f:7d:e7:fc:98:80:73
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 40:51:B5:0A:53:CE:54:25:34:5C:DC:E5:70:74:B3:6F:D4:D3:01:84
+ X509v3 Authority Key Identifier:
+ keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6
+ DirName:/CN=USER OpenVPN CA
+ serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:30:7e:24:b4:72:c8:67:13:4f:a0:ba:09:76:d0:33:
+ 36:35:d4:d0:df:e7:a5:25:25:af:ce:36:67:42:22:bf:42:fb:
+ ab:96:52:73:c1:b2:a0:58:3a:90:b1:8a:78:70:eb:c9:02:31:
+ 00:d9:4a:41:83:7a:5d:1b:6c:e2:d0:2d:b7:c3:b9:b7:11:26:
+ 90:fa:9c:cb:20:e6:c4:cf:06:65:8b:8e:6b:00:c7:ec:77:f0:
+ 85:75:17:58:0b:ef:06:8b:13:0b:57:61:25
+-----BEGIN CERTIFICATE-----
+MIICDjCCAZSgAwIBAgIQNBOAPiF/O90Kr9XLDRdLPDAKBggqhkjOPQQDAjAaMRgw
+FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNjE3WhcNMjIwNzE0
+MTMxNjE3WjASMRAwDgYDVQQDDAd6ZmVsbGVnMHYwEAYHKoZIzj0CAQYFK4EEACID
+YgAEg6SVTPQYkkfx/ibULDqhZXN7780m79zXetyVmotmP+nJLvasCg6hj72lAEI6
+MAOcCltKwzy8YgVgNzaZ5OcnLa6pwaJXNY7SWXcpFmRQlBbKGhkxGoOMQQd/fef8
+mIBzo4GmMIGjMAkGA1UdEwQCMAAwHQYDVR0OBBYEFEBRtQpTzlQlNFzc5XB0s2/U
+0wGEMFUGA1UdIwROMEyAFNs3R6KQIpp8I/kxYujJXtFlRhnWoR6kHDAaMRgwFgYD
+VQQDDA9VU0VSIE9wZW5WUE4gQ0GCFBaTN7IstO48pkr0ROVtygOUoGnsMBMGA1Ud
+JQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjOPQQDAgNoADBlAjB+
+JLRyyGcTT6C6CXbQMzY11NDf56UlJa/ONmdCIr9C+6uWUnPBsqBYOpCxinhw68kC
+MQDZSkGDel0bbOLQLbfDubcRJpD6nMsg5sTPBmWLjmsAx+x38IV1F1gL7waLEwtX
+YSU=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 39:4b:dd:54:1c:10:82:ea:c5:cd:4d:9d:fe:b6:d4:d3
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=USER OpenVPN CA
+ Validity
+ Not Before: Jul 30 13:15:02 2019 GMT
+ Not After : Jul 14 13:15:02 2022 GMT
+ Subject: CN=kkele
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:0a:e8:ed:f9:1a:f5:b6:17:d7:5f:ff:9e:9c:1e:
+ 1d:11:cf:12:7f:01:11:ca:a2:b1:e0:b5:bc:30:6b:
+ 5c:ff:5e:d2:06:2b:55:a9:0f:55:3a:ae:ee:a6:5e:
+ 74:0d:f6:43:b6:a4:1d:17:2b:0f:87:7b:c2:39:47:
+ 1d:e7:fb:e4:64:d1:00:60:bb:1c:eb:e0:40:82:8d:
+ 77:09:85:d1:1c:37:c8:3e:d5:64:51:0f:1d:71:71:
+ 04:3a:21:6c:a2:57:36
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ B0:47:56:D8:59:56:0D:E2:68:86:01:E8:12:30:4C:EF:D9:7D:EE:F7
+ X509v3 Authority Key Identifier:
+ keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6
+ DirName:/CN=USER OpenVPN CA
+ serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:31:00:df:6c:06:c1:07:aa:bb:76:58:d8:ea:dc:60:
+ ce:e0:5c:a9:32:c0:20:c9:8b:da:3b:7e:98:74:94:96:83:0e:
+ 9f:71:8f:4e:af:72:d0:49:29:06:d0:c8:e9:12:88:67:67:02:
+ 30:77:f4:e3:b5:89:dd:e6:6e:83:65:64:77:09:8e:52:2d:47:
+ 04:80:27:14:25:51:08:97:01:86:e9:23:0d:04:fa:44:89:35:
+ c4:4e:18:84:09:86:cf:5a:7b:6c:0e:09:fd
+-----BEGIN CERTIFICATE-----
+MIICDDCCAZKgAwIBAgIQOUvdVBwQgurFzU2d/rbU0zAKBggqhkjOPQQDAjAaMRgw
+FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNTAyWhcNMjIwNzE0
+MTMxNTAyWjAQMQ4wDAYDVQQDDAVra2VsZTB2MBAGByqGSM49AgEGBSuBBAAiA2IA
+BAro7fka9bYX11//npweHRHPEn8BEcqiseC1vDBrXP9e0gYrVakPVTqu7qZedA32
+Q7akHRcrD4d7wjlHHef75GTRAGC7HOvgQIKNdwmF0Rw3yD7VZFEPHXFxBDohbKJX
+NqOBpjCBozAJBgNVHRMEAjAAMB0GA1UdDgQWBBSwR1bYWVYN4miGAegSMEzv2X3u
+9zBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYGA1UE
+AwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DATBgNVHSUE
+DDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZIzj0EAwIDaAAwZQIxAN9s
+BsEHqrt2WNjq3GDO4FypMsAgyYvaO36YdJSWgw6fcY9Or3LQSSkG0MjpEohnZwIw
+d/TjtYnd5m6DZWR3CY5SLUcEgCcUJVEIlwGG6SMNBPpEiTXEThiECYbPWntsDgn9
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 46:6e:f0:8c:89:77:64:34:62:2c:ea:be:e1:df:93:68
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=USER OpenVPN CA
+ Validity
+ Not Before: Jul 30 13:13:22 2019 GMT
+ Not After : Jul 14 13:13:22 2022 GMT
+ Subject: CN=bcsoka
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:a7:95:bf:6c:8e:0f:34:9c:ca:14:8b:33:4d:80:
+ 55:98:1e:10:c3:e9:84:7f:72:4d:f2:61:68:70:59:
+ c7:6f:6d:02:c4:22:cf:58:80:e7:35:18:6e:ee:11:
+ fe:29:01:c3:ea:79:85:83:e6:0c:6f:c5:d8:7f:9f:
+ d5:55:27:7b:a8:17:14:2d:94:e5:c4:a4:9f:ac:b8:
+ 38:02:c0:41:5a:1a:8a:63:e5:c3:52:27:62:57:0b:
+ 14:6b:36:cc:8e:51:3f
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 5A:57:D9:73:6A:27:49:66:7D:18:9E:2A:96:1F:4C:49:7E:AD:9C:15
+ X509v3 Authority Key Identifier:
+ keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6
+ DirName:/CN=USER OpenVPN CA
+ serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:30:2b:52:16:40:fb:43:11:6a:9a:45:62:58:5b:f5:
+ 19:34:3f:32:fe:f7:d0:82:4a:32:98:61:0f:22:22:99:9a:16:
+ b3:94:79:46:fe:a2:7a:9c:9a:86:a6:31:4e:72:f4:54:02:31:
+ 00:94:2c:a6:21:e6:78:73:3e:d9:93:89:c6:72:72:8e:1d:17:
+ 87:07:27:22:2c:5d:2c:00:f1:38:1f:17:fb:0e:c1:c9:52:80:
+ 52:ba:1c:79:93:69:c1:59:0e:f0:a0:cd:76
+-----BEGIN CERTIFICATE-----
+MIICDTCCAZOgAwIBAgIQRm7wjIl3ZDRiLOq+4d+TaDAKBggqhkjOPQQDAjAaMRgw
+FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxMzIyWhcNMjIwNzE0
+MTMxMzIyWjARMQ8wDQYDVQQDDAZiY3Nva2EwdjAQBgcqhkjOPQIBBgUrgQQAIgNi
+AASnlb9sjg80nMoUizNNgFWYHhDD6YR/ck3yYWhwWcdvbQLEIs9YgOc1GG7uEf4p
+AcPqeYWD5gxvxdh/n9VVJ3uoFxQtlOXEpJ+suDgCwEFaGopj5cNSJ2JXCxRrNsyO
+UT+jgaYwgaMwCQYDVR0TBAIwADAdBgNVHQ4EFgQUWlfZc2onSWZ9GJ4qlh9MSX6t
+nBUwVQYDVR0jBE4wTIAU2zdHopAimnwj+TFi6Mle0WVGGdahHqQcMBoxGDAWBgNV
+BAMMD1VTRVIgT3BlblZQTiBDQYIUFpM3siy07jymSvRE5W3KA5SgaewwEwYDVR0l
+BAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMCA2gAMGUCMCtS
+FkD7QxFqmkViWFv1GTQ/Mv730IJKMphhDyIimZoWs5R5Rv6iepyahqYxTnL0VAIx
+AJQspiHmeHM+2ZOJxnJyjh0XhwcnIixdLADxOB8X+w7ByVKAUroceZNpwVkO8KDN
+dg==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 46:9e:0b:aa:82:d0:07:b1:9d:fc:c4:87:c5:6c:9e:80
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=USER OpenVPN CA
+ Validity
+ Not Before: Jul 30 13:14:38 2019 GMT
+ Not After : Jul 14 13:14:38 2022 GMT
+ Subject: CN=ifabian
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:ba:65:94:67:08:34:86:c7:0f:94:00:5f:e2:38:
+ 5b:9e:29:5f:76:7a:87:43:5b:37:a4:44:ab:39:72:
+ be:37:0e:3f:c5:ba:55:8b:6c:bd:22:ed:74:54:88:
+ a2:1c:ec:f8:24:37:3f:b3:b2:e3:56:0e:e5:81:cb:
+ ef:48:1d:e5:ea:1f:67:51:5f:20:8b:2f:aa:fe:fe:
+ 8e:d4:be:91:28:94:b6:cc:04:74:90:72:90:10:a0:
+ 7c:42:a2:e3:4c:7f:49
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 0B:41:AE:87:A5:73:BB:DC:4E:16:2E:F3:A0:20:FA:D5:38:52:40:AA
+ X509v3 Authority Key Identifier:
+ keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6
+ DirName:/CN=USER OpenVPN CA
+ serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:30:1f:f9:44:c2:c2:63:91:08:c2:c8:ca:22:28:7d:
+ 9b:84:3d:d1:f7:89:43:26:b0:a6:e7:2c:e5:63:e9:bd:86:81:
+ e5:ad:1a:c2:bb:30:31:05:eb:e9:d3:71:d1:6e:c0:df:02:31:
+ 00:d3:38:d5:bb:9f:d2:a2:92:6e:0e:2a:b4:d9:d6:a9:c9:eb:
+ 5c:c9:ef:33:1c:66:d4:3c:a0:86:07:39:38:14:0c:61:8b:67:
+ 75:20:06:d8:79:0c:65:a2:2d:87:fc:00:04
+-----BEGIN CERTIFICATE-----
+MIICDjCCAZSgAwIBAgIQRp4LqoLQB7Gd/MSHxWyegDAKBggqhkjOPQQDAjAaMRgw
+FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNDM4WhcNMjIwNzE0
+MTMxNDM4WjASMRAwDgYDVQQDDAdpZmFiaWFuMHYwEAYHKoZIzj0CAQYFK4EEACID
+YgAEumWUZwg0hscPlABf4jhbnilfdnqHQ1s3pESrOXK+Nw4/xbpVi2y9Iu10VIii
+HOz4JDc/s7LjVg7lgcvvSB3l6h9nUV8giy+q/v6O1L6RKJS2zAR0kHKQEKB8QqLj
+TH9Jo4GmMIGjMAkGA1UdEwQCMAAwHQYDVR0OBBYEFAtBroelc7vcThYu86Ag+tU4
+UkCqMFUGA1UdIwROMEyAFNs3R6KQIpp8I/kxYujJXtFlRhnWoR6kHDAaMRgwFgYD
+VQQDDA9VU0VSIE9wZW5WUE4gQ0GCFBaTN7IstO48pkr0ROVtygOUoGnsMBMGA1Ud
+JQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjOPQQDAgNoADBlAjAf
++UTCwmORCMLIyiIofZuEPdH3iUMmsKbnLOVj6b2GgeWtGsK7MDEF6+nTcdFuwN8C
+MQDTONW7n9Kikm4OKrTZ1qnJ61zJ7zMcZtQ8oIYHOTgUDGGLZ3UgBth5DGWiLYf8
+AAQ=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 4b:df:84:b3:7b:17:ce:e1:09:87:9b:67:05:4b:27:91
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=USER OpenVPN CA
+ Validity
+ Not Before: Jul 30 13:15:51 2019 GMT
+ Not After : Jul 14 13:15:51 2022 GMT
+ Subject: CN=tsuhajda
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:6a:52:47:b4:82:6f:88:07:39:d2:55:37:5b:de:
+ e8:37:fd:12:c8:2e:2a:c5:b4:9b:54:cf:2b:7c:73:
+ dd:9c:89:37:d7:a9:09:50:11:bb:ae:8e:8d:3f:e7:
+ d0:c9:7e:89:f5:7f:29:28:2d:d6:49:5b:69:b9:47:
+ da:82:87:1e:a9:e8:7a:98:e2:fe:2b:b6:b0:c2:fd:
+ aa:18:af:c3:d5:b0:c3:51:8b:77:8e:4d:68:60:47:
+ 41:28:4d:30:81:4d:7c
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 60:FA:D3:CB:9A:38:0E:08:58:0C:11:BB:A1:C8:18:FB:36:31:2A:67
+ X509v3 Authority Key Identifier:
+ keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6
+ DirName:/CN=USER OpenVPN CA
+ serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:66:02:31:00:c2:3b:36:d4:ec:38:f3:3f:11:b3:74:6b:34:
+ 27:2f:bd:77:41:c1:20:55:e8:39:b5:1b:ad:04:a1:ab:ca:19:
+ 1e:31:6f:32:4e:12:80:f9:c9:fc:96:f4:7b:81:34:87:07:02:
+ 31:00:92:a4:26:4c:73:29:b6:4f:be:37:a7:98:50:33:4f:10:
+ cd:f2:a0:2d:e6:f1:dd:18:7e:0a:51:1d:81:36:5a:36:3c:17:
+ f8:d3:2c:cb:c1:16:5d:38:1d:57:97:9a:be:69
+-----BEGIN CERTIFICATE-----
+MIICEDCCAZWgAwIBAgIQS9+Es3sXzuEJh5tnBUsnkTAKBggqhkjOPQQDAjAaMRgw
+FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNTUxWhcNMjIwNzE0
+MTMxNTUxWjATMREwDwYDVQQDDAh0c3VoYWpkYTB2MBAGByqGSM49AgEGBSuBBAAi
+A2IABGpSR7SCb4gHOdJVN1ve6Df9EsguKsW0m1TPK3xz3ZyJN9epCVARu66OjT/n
+0Ml+ifV/KSgt1klbablH2oKHHqnoepji/iu2sML9qhivw9Www1GLd45NaGBHQShN
+MIFNfKOBpjCBozAJBgNVHRMEAjAAMB0GA1UdDgQWBBRg+tPLmjgOCFgMEbuhyBj7
+NjEqZzBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG
+A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DATBgNV
+HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZIzj0EAwIDaQAwZgIx
+AMI7NtTsOPM/EbN0azQnL713QcEgVeg5tRutBKGryhkeMW8yThKA+cn8lvR7gTSH
+BwIxAJKkJkxzKbZPvjenmFAzTxDN8qAt5vHdGH4KUR2BNlo2PBf40yzLwRZdOB1X
+l5q+aQ==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 58:5a:a9:7d:7c:ca:b5:2c:49:57:bb:bf:91:37:42:61
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=USER OpenVPN CA
+ Validity
+ Not Before: Mar 26 10:41:27 2020 GMT
+ Not After : Mar 11 10:41:27 2023 GMT
+ Subject: CN=kkancz
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:16:c3:cc:4c:19:91:e6:b3:53:89:7d:7a:1e:ae:
+ 57:89:52:19:d7:e5:c7:d0:68:74:a6:0d:92:e9:09:
+ e7:81:5e:11:02:ea:87:89:20:e7:57:b1:ca:44:b6:
+ cf:5f:01:58:73:94:89:3a:0a:67:fa:9f:c8:c9:16:
+ 8d:e7:72:75:94:8d:52:de:f1:0f:47:a3:15:83:c3:
+ cd:67:c8:14:af:b2:f5:63:08:0c:25:d5:d5:0a:ba:
+ fb:9b:0f:df:e0:45:b4
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 61:CB:25:BC:82:6D:D5:01:DE:15:AF:18:59:C3:D7:34:16:B7:A6:94
+ X509v3 Authority Key Identifier:
+ keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6
+ DirName:/CN=USER OpenVPN CA
+ serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:31:00:ca:f1:79:0b:1b:e1:0f:15:b4:6e:3e:69:9b:
+ 92:a8:bc:fe:2f:5c:96:c0:ad:d7:02:97:e0:ea:f7:08:77:43:
+ 31:22:93:50:19:24:88:91:63:39:b1:1a:80:bf:9d:bf:f1:02:
+ 30:38:5b:c1:af:a7:58:0d:de:b5:19:77:00:33:31:7d:41:c5:
+ 3c:bb:b2:9e:cd:86:66:f6:1a:84:4d:80:b6:28:b5:2b:04:5f:
+ 1c:a3:49:cd:89:2d:21:0a:5f:65:eb:d0:36
+-----BEGIN CERTIFICATE-----
+MIICDTCCAZOgAwIBAgIQWFqpfXzKtSxJV7u/kTdCYTAKBggqhkjOPQQDAjAaMRgw
+FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMjAwMzI2MTA0MTI3WhcNMjMwMzEx
+MTA0MTI3WjARMQ8wDQYDVQQDDAZra2FuY3owdjAQBgcqhkjOPQIBBgUrgQQAIgNi
+AAQWw8xMGZHms1OJfXoerleJUhnX5cfQaHSmDZLpCeeBXhEC6oeJIOdXscpEts9f
+AVhzlIk6Cmf6n8jJFo3ncnWUjVLe8Q9HoxWDw81nyBSvsvVjCAwl1dUKuvubD9/g
+RbSjgaYwgaMwCQYDVR0TBAIwADAdBgNVHQ4EFgQUYcslvIJt1QHeFa8YWcPXNBa3
+ppQwVQYDVR0jBE4wTIAU2zdHopAimnwj+TFi6Mle0WVGGdahHqQcMBoxGDAWBgNV
+BAMMD1VTRVIgT3BlblZQTiBDQYIUFpM3siy07jymSvRE5W3KA5SgaewwEwYDVR0l
+BAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMCA2gAMGUCMQDK
+8XkLG+EPFbRuPmmbkqi8/i9clsCt1wKX4Or3CHdDMSKTUBkkiJFjObEagL+dv/EC
+MDhbwa+nWA3etRl3ADMxfUHFPLuyns2GZvYahE2Atii1KwRfHKNJzYktIQpfZevQ
+Ng==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 62:de:03:11:22:c6:4b:00:ac:33:d5:e5:8a:25:0f:ff
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=USER OpenVPN CA
+ Validity
+ Not Before: Jul 30 13:14:27 2019 GMT
+ Not After : Jul 14 13:14:27 2022 GMT
+ Subject: CN=fschnell
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:c1:66:71:37:bb:f5:b6:2c:b0:a0:d6:8c:85:2c:
+ 31:28:d1:5e:d6:23:71:ae:b7:6f:79:12:50:7a:b5:
+ 6c:ee:eb:a0:a9:9b:1a:d5:f3:5d:72:fd:cd:f1:0d:
+ 23:3f:6e:44:7b:1f:c9:8a:1e:fb:51:ad:e2:bf:c8:
+ 12:0d:d0:7a:11:de:ee:c2:6e:06:af:67:c7:51:13:
+ 8c:cf:75:9f:a9:80:42:f2:9c:5a:78:af:29:57:df:
+ b0:c1:d6:d6:3b:42:60
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ B9:32:14:86:9B:D6:96:CB:A1:D9:29:28:C4:F7:93:25:5F:2A:A1:1C
+ X509v3 Authority Key Identifier:
+ keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6
+ DirName:/CN=USER OpenVPN CA
+ serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:64:02:30:61:aa:3e:2c:c7:81:3c:56:1a:87:fe:c8:42:6a:
+ b1:61:dd:1c:6a:21:ac:81:90:ef:04:4c:2f:fc:9f:b7:75:e1:
+ b2:2a:60:f8:67:f0:9a:b4:7f:18:cd:81:68:bf:ae:1b:02:30:
+ 33:0e:e6:86:5d:2e:bc:64:4e:4c:fd:8d:05:45:a6:c0:3d:d8:
+ af:53:fa:37:2f:e5:84:8e:ea:30:80:82:60:96:8e:5d:8f:1f:
+ f2:4f:d1:f7:c0:d1:a0:19:d7:93:95:82
+-----BEGIN CERTIFICATE-----
+MIICDjCCAZWgAwIBAgIQYt4DESLGSwCsM9XliiUP/zAKBggqhkjOPQQDAjAaMRgw
+FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNDI3WhcNMjIwNzE0
+MTMxNDI3WjATMREwDwYDVQQDDAhmc2NobmVsbDB2MBAGByqGSM49AgEGBSuBBAAi
+A2IABMFmcTe79bYssKDWjIUsMSjRXtYjca63b3kSUHq1bO7roKmbGtXzXXL9zfEN
+Iz9uRHsfyYoe+1Gt4r/IEg3QehHe7sJuBq9nx1ETjM91n6mAQvKcWnivKVffsMHW
+1jtCYKOBpjCBozAJBgNVHRMEAjAAMB0GA1UdDgQWBBS5MhSGm9aWy6HZKSjE95Ml
+XyqhHDBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG
+A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DATBgNV
+HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZIzj0EAwIDZwAwZAIw
+Yao+LMeBPFYah/7IQmqxYd0caiGsgZDvBEwv/J+3deGyKmD4Z/CatH8YzYFov64b
+AjAzDuaGXS68ZE5M/Y0FRabAPdivU/o3L+WEjuowgIJglo5djx/yT9H3wNGgGdeT
+lYI=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 68:02:68:8c:e3:bb:71:c1:e8:67:ca:49:0a:9d:0b:4c
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=USER OpenVPN CA
+ Validity
+ Not Before: Jul 30 13:14:53 2019 GMT
+ Not After : Jul 14 13:14:53 2022 GMT
+ Subject: CN=khorvath
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:10:d0:a2:68:66:ea:40:36:f3:9d:13:e2:bc:e7:
+ 87:92:d4:ca:f2:e6:13:a9:0b:d0:92:b7:a0:24:f0:
+ e4:ce:69:08:e4:e2:c0:66:e0:2a:2a:79:06:e3:d4:
+ 33:e8:6b:94:a7:fb:71:9a:e7:9a:a1:f9:1a:3b:28:
+ 3f:3b:0c:99:5f:2e:cf:17:98:60:10:16:22:c3:1f:
+ 7e:61:62:97:85:36:0a:0a:e9:26:0e:76:c3:88:b8:
+ 8e:e4:80:78:52:b5:9c
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 42:88:C3:F8:81:2A:78:1F:C8:3F:D2:7D:BA:E9:44:09:4A:36:3A:B1
+ X509v3 Authority Key Identifier:
+ keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6
+ DirName:/CN=USER OpenVPN CA
+ serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:30:27:4e:d4:b0:5a:4b:af:6a:d6:a0:b7:ae:b4:57:
+ d1:dc:4e:77:9c:bf:06:c0:bd:3d:06:c3:90:7e:e4:7a:24:1e:
+ e9:a4:76:51:4b:2f:3d:8a:1c:6e:93:0d:de:b1:3c:63:02:31:
+ 00:fb:48:45:89:a8:e7:74:16:4a:1d:5e:a1:ad:b2:d3:34:9f:
+ 95:04:ed:92:1f:a8:ad:05:6f:81:ee:d0:8c:fc:9d:6c:e3:5d:
+ 5a:1b:e8:27:86:20:a0:e4:78:a2:4f:63:b3
+-----BEGIN CERTIFICATE-----
+MIICDzCCAZWgAwIBAgIQaAJojOO7ccHoZ8pJCp0LTDAKBggqhkjOPQQDAjAaMRgw
+FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNDUzWhcNMjIwNzE0
+MTMxNDUzWjATMREwDwYDVQQDDAhraG9ydmF0aDB2MBAGByqGSM49AgEGBSuBBAAi
+A2IABBDQomhm6kA2850T4rznh5LUyvLmE6kL0JK3oCTw5M5pCOTiwGbgKip5BuPU
+M+hrlKf7cZrnmqH5GjsoPzsMmV8uzxeYYBAWIsMffmFil4U2CgrpJg52w4i4juSA
+eFK1nKOBpjCBozAJBgNVHRMEAjAAMB0GA1UdDgQWBBRCiMP4gSp4H8g/0n266UQJ
+SjY6sTBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG
+A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DATBgNV
+HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZIzj0EAwIDaAAwZQIw
+J07UsFpLr2rWoLeutFfR3E53nL8GwL09BsOQfuR6JB7ppHZRSy89ihxukw3esTxj
+AjEA+0hFiajndBZKHV6hrbLTNJ+VBO2SH6itBW+B7tCM/J1s411aG+gnhiCg5Hii
+T2Oz
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 6b:9d:83:08:3d:87:cc:88:0a:de:bc:cd:3b:5c:ef:4d
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=USER OpenVPN CA
+ Validity
+ Not Before: Jul 30 13:16:02 2019 GMT
+ Not After : Jul 14 13:16:02 2022 GMT
+ Subject: CN=zbartakovics
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:0f:68:0b:c6:8e:81:3c:ef:a7:cb:71:84:f3:84:
+ 12:e5:9c:28:13:15:e1:ab:bf:2f:92:3c:db:40:2c:
+ e5:f7:c9:61:94:d2:23:08:10:75:53:7a:ec:39:3c:
+ a1:9c:d3:73:0e:79:db:4c:15:94:77:11:a4:30:e2:
+ bc:73:fa:66:0e:17:90:e2:a3:4c:17:82:41:87:c2:
+ 94:8a:c3:28:47:40:76:76:59:c7:16:47:07:8b:ec:
+ dd:22:6c:3c:af:26:25
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 36:50:AD:4A:3A:69:D8:C0:00:F4:3C:7C:FF:B0:7D:E2:94:B9:7C:8A
+ X509v3 Authority Key Identifier:
+ keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6
+ DirName:/CN=USER OpenVPN CA
+ serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:64:02:30:7e:1a:02:39:9f:2d:c8:dd:5b:4a:2b:9a:2e:61:
+ 60:a5:e2:60:92:29:d4:7e:f2:32:5a:be:90:72:89:42:1a:74:
+ 74:72:c3:e8:32:0b:63:82:52:65:fa:2f:b3:13:4f:16:02:30:
+ 1e:a0:79:e7:55:d1:45:54:97:8d:a0:fb:50:ce:47:b0:1f:d0:
+ 78:47:21:dc:21:d1:7d:f4:1a:da:48:55:fc:43:ce:28:ae:b9:
+ 96:c0:72:2b:29:e4:61:b7:6b:9a:b2:92
+-----BEGIN CERTIFICATE-----
+MIICEjCCAZmgAwIBAgIQa52DCD2HzIgK3rzNO1zvTTAKBggqhkjOPQQDAjAaMRgw
+FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNjAyWhcNMjIwNzE0
+MTMxNjAyWjAXMRUwEwYDVQQDDAx6YmFydGFrb3ZpY3MwdjAQBgcqhkjOPQIBBgUr
+gQQAIgNiAAQPaAvGjoE876fLcYTzhBLlnCgTFeGrvy+SPNtALOX3yWGU0iMIEHVT
+euw5PKGc03MOedtMFZR3EaQw4rxz+mYOF5Dio0wXgkGHwpSKwyhHQHZ2WccWRweL
+7N0ibDyvJiWjgaYwgaMwCQYDVR0TBAIwADAdBgNVHQ4EFgQUNlCtSjpp2MAA9Dx8
+/7B94pS5fIowVQYDVR0jBE4wTIAU2zdHopAimnwj+TFi6Mle0WVGGdahHqQcMBox
+GDAWBgNVBAMMD1VTRVIgT3BlblZQTiBDQYIUFpM3siy07jymSvRE5W3KA5Sgaeww
+EwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMCA2cA
+MGQCMH4aAjmfLcjdW0ormi5hYKXiYJIp1H7yMlq+kHKJQhp0dHLD6DILY4JSZfov
+sxNPFgIwHqB551XRRVSXjaD7UM5HsB/QeEch3CHRffQa2khV/EPOKK65lsByKynk
+YbdrmrKS
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 6c:ec:ac:4a:d5:4f:bc:03:e4:72:a5:9b:07:27:af:32
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=USER OpenVPN CA
+ Validity
+ Not Before: Oct 8 08:57:29 2019 GMT
+ Not After : Sep 22 08:57:29 2022 GMT
+ Subject: CN=bme
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:86:d3:5d:6e:be:3e:91:90:d7:a3:2c:d2:6a:2a:
+ 4f:bb:cd:52:4e:46:5b:1b:60:f0:cb:aa:5b:b4:88:
+ 71:f4:71:00:e4:b8:cb:74:ce:b8:9d:c1:fd:5c:69:
+ a7:28:66:21:43:11:4a:35:06:cb:1c:57:0b:37:9b:
+ f1:2f:78:2a:d2:1d:01:49:66:71:25:74:74:0e:be:
+ 93:75:40:6c:cb:0a:81:0e:23:7c:b7:f9:9b:e1:d0:
+ c4:d2:1c:6d:da:ca:f2
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ F9:F8:F4:23:C5:01:A0:4F:6A:66:BB:D9:A0:AB:2E:5A:4D:05:10:96
+ X509v3 Authority Key Identifier:
+ keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6
+ DirName:/CN=USER OpenVPN CA
+ serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:64:02:30:1c:97:83:ea:9d:3f:9e:9b:99:26:1f:42:df:01:
+ b0:d5:33:0b:b5:40:9d:be:20:1c:c2:ef:ab:7e:1b:14:d6:72:
+ e2:43:19:6c:ec:2b:db:cf:ab:bf:21:27:2e:4f:0f:80:02:30:
+ 7e:e7:f7:c3:21:78:67:a5:71:7b:cb:45:cd:6f:8c:07:36:de:
+ fb:77:0a:08:f6:c7:3b:06:eb:f8:37:f0:2c:06:6b:c6:2a:95:
+ 0c:02:e4:87:34:ee:f9:af:93:27:b1:b5
+-----BEGIN CERTIFICATE-----
+MIICCTCCAZCgAwIBAgIQbOysStVPvAPkcqWbByevMjAKBggqhkjOPQQDAjAaMRgw
+FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkxMDA4MDg1NzI5WhcNMjIwOTIy
+MDg1NzI5WjAOMQwwCgYDVQQDDANibWUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASG
+011uvj6RkNejLNJqKk+7zVJORlsbYPDLqlu0iHH0cQDkuMt0zridwf1caacoZiFD
+EUo1BsscVws3m/EveCrSHQFJZnEldHQOvpN1QGzLCoEOI3y3+Zvh0MTSHG3ayvKj
+gaYwgaMwCQYDVR0TBAIwADAdBgNVHQ4EFgQU+fj0I8UBoE9qZrvZoKsuWk0FEJYw
+VQYDVR0jBE4wTIAU2zdHopAimnwj+TFi6Mle0WVGGdahHqQcMBoxGDAWBgNVBAMM
+D1VTRVIgT3BlblZQTiBDQYIUFpM3siy07jymSvRE5W3KA5SgaewwEwYDVR0lBAww
+CgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMCA2cAMGQCMByXg+qd
+P56bmSYfQt8BsNUzC7VAnb4gHMLvq34bFNZy4kMZbOwr28+rvyEnLk8PgAIwfuf3
+wyF4Z6Vxe8tFzW+MBzbe+3cKCPbHOwbr+DfwLAZrxiqVDALkhzTu+a+TJ7G1
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ a1:74:ec:e4:d9:52:56:fa:d7:ad:43:1c:5e:3a:e2:84
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=USER OpenVPN CA
+ Validity
+ Not Before: Jul 30 13:13:36 2019 GMT
+ Not After : Jul 14 13:13:36 2022 GMT
+ Subject: CN=csgulyas
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:82:03:91:ad:e7:76:b7:8d:51:86:6d:cc:e3:15:
+ 91:6c:ac:31:e7:6d:e1:44:0d:c3:29:95:7c:5e:e1:
+ e8:37:aa:00:f6:47:74:18:e7:28:90:95:16:6c:08:
+ e2:9f:d7:24:55:46:22:1c:19:9f:06:4b:9b:8e:96:
+ 4b:5d:bb:c0:ad:35:5a:06:73:10:36:32:1d:89:e6:
+ b1:9e:f3:62:0d:8f:85:70:72:4c:48:4a:47:f0:fa:
+ eb:f6:7b:9c:7f:a8:7a
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 7E:44:12:28:E0:31:C6:7D:40:5A:E4:D5:86:5D:90:10:CC:14:12:33
+ X509v3 Authority Key Identifier:
+ keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6
+ DirName:/CN=USER OpenVPN CA
+ serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:30:2c:e3:e6:64:cd:43:ae:4a:9c:d7:40:66:cb:b2:
+ 1e:90:c3:97:17:32:f8:df:62:fd:54:32:d3:85:ee:bb:71:5e:
+ 4a:e2:23:ea:a4:cb:75:3a:72:ac:ca:f6:1b:f5:6b:57:02:31:
+ 00:e7:0a:38:06:b4:97:17:2c:f3:76:cc:aa:1e:6e:8d:be:12:
+ 7e:0a:ef:d6:34:fa:42:37:e1:6d:d3:bb:1f:75:39:a3:c5:40:
+ 32:37:7e:ba:c1:18:d4:cb:1b:55:62:ad:1b
+-----BEGIN CERTIFICATE-----
+MIICEDCCAZagAwIBAgIRAKF07OTZUlb6161DHF464oQwCgYIKoZIzj0EAwIwGjEY
+MBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDczMDEzMTMzNloXDTIyMDcx
+NDEzMTMzNlowEzERMA8GA1UEAwwIY3NndWx5YXMwdjAQBgcqhkjOPQIBBgUrgQQA
+IgNiAASCA5Gt53a3jVGGbczjFZFsrDHnbeFEDcMplXxe4eg3qgD2R3QY5yiQlRZs
+COKf1yRVRiIcGZ8GS5uOlktdu8CtNVoGcxA2Mh2J5rGe82INj4VwckxISkfw+uv2
+e5x/qHqjgaYwgaMwCQYDVR0TBAIwADAdBgNVHQ4EFgQUfkQSKOAxxn1AWuTVhl2Q
+EMwUEjMwVQYDVR0jBE4wTIAU2zdHopAimnwj+TFi6Mle0WVGGdahHqQcMBoxGDAW
+BgNVBAMMD1VTRVIgT3BlblZQTiBDQYIUFpM3siy07jymSvRE5W3KA5SgaewwEwYD
+VR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMCA2gAMGUC
+MCzj5mTNQ65KnNdAZsuyHpDDlxcy+N9i/VQy04Xuu3FeSuIj6qTLdTpyrMr2G/Vr
+VwIxAOcKOAa0lxcs83bMqh5ujb4Sfgrv1jT6QjfhbdO7H3U5o8VAMjd+usEY1Msb
+VWKtGw==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ ab:51:7a:c1:c6:bf:8c:35:5c:a1:ea:62:5a:ca:67:84
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=USER OpenVPN CA
+ Validity
+ Not Before: Jul 30 13:04:35 2019 GMT
+ Not After : Jul 14 13:04:35 2022 GMT
+ Subject: CN=server
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:b9:1f:ea:83:e0:6a:e3:49:dd:a8:f5:06:17:33:
+ 4c:44:73:ac:46:01:33:eb:88:a3:12:d6:0a:aa:3b:
+ ee:6f:d3:75:69:19:f6:82:12:9d:23:17:3a:b9:fe:
+ 66:61:26:4c:46:db:d2:f9:5a:fc:a8:82:58:22:a8:
+ b7:fc:cb:fd:cc:3d:f1:e8:c9:19:39:f1:f3:d0:fb:
+ 73:b0:9f:77:53:9c:ff:35:b5:b5:c6:8d:ee:eb:66:
+ 0b:d1:70:d5:bb:a4:66
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 81:F8:B0:C6:7B:70:D8:D6:C9:E1:9D:B2:67:8B:3B:D8:21:1B:9A:B2
+ X509v3 Authority Key Identifier:
+ keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6
+ DirName:/CN=USER OpenVPN CA
+ serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:server
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:66:02:31:00:88:cf:12:d6:9c:fd:43:24:58:63:13:27:f1:
+ 44:0a:62:b0:b2:1d:0f:28:3d:50:d0:be:f2:ea:5e:d6:23:27:
+ ac:42:b3:67:2c:d3:8d:7d:19:15:ce:4a:7f:5e:cb:67:94:02:
+ 31:00:8a:f3:c3:f9:ce:f2:35:3a:5a:21:55:1c:d1:ec:80:fa:
+ ad:ef:9b:d9:7d:5c:33:55:f3:71:9c:6d:eb:68:15:ba:45:43:
+ 23:1c:83:7a:21:36:a0:4c:24:73:44:14:ef:ea
+-----BEGIN CERTIFICATE-----
+MIICIjCCAaegAwIBAgIRAKtResHGv4w1XKHqYlrKZ4QwCgYIKoZIzj0EAwIwGjEY
+MBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDczMDEzMDQzNVoXDTIyMDcx
+NDEzMDQzNVowETEPMA0GA1UEAwwGc2VydmVyMHYwEAYHKoZIzj0CAQYFK4EEACID
+YgAEuR/qg+Bq40ndqPUGFzNMRHOsRgEz64ijEtYKqjvub9N1aRn2ghKdIxc6uf5m
+YSZMRtvS+Vr8qIJYIqi3/Mv9zD3x6MkZOfHz0PtzsJ93U5z/NbW1xo3u62YL0XDV
+u6Rmo4G5MIG2MAkGA1UdEwQCMAAwHQYDVR0OBBYEFIH4sMZ7cNjWyeGdsmeLO9gh
+G5qyMFUGA1UdIwROMEyAFNs3R6KQIpp8I/kxYujJXtFlRhnWoR6kHDAaMRgwFgYD
+VQQDDA9VU0VSIE9wZW5WUE4gQ0GCFBaTN7IstO48pkr0ROVtygOUoGnsMBMGA1Ud
+JQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIFoDARBgNVHREECjAIggZzZXJ2ZXIw
+CgYIKoZIzj0EAwIDaQAwZgIxAIjPEtac/UMkWGMTJ/FECmKwsh0PKD1Q0L7y6l7W
+IyesQrNnLNONfRkVzkp/XstnlAIxAIrzw/nO8jU6WiFVHNHsgPqt75vZfVwzVfNx
+nG3raBW6RUMjHIN6ITagTCRzRBTv6g==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ ac:b6:49:fd:c2:e3:b8:1c:54:2c:66:1f:04:12:e1:b6
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=USER OpenVPN CA
+ Validity
+ Not Before: Jul 30 13:16:25 2019 GMT
+ Not After : Jul 14 13:16:25 2022 GMT
+ Subject: CN=qqcs
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:4a:c3:a5:30:3e:35:30:99:34:68:48:48:08:05:
+ 96:c9:b4:40:cc:e5:09:81:e3:47:07:84:59:63:59:
+ f8:c5:92:7f:35:ba:68:1b:14:d2:f3:da:39:14:97:
+ e3:11:09:d8:4f:34:61:9d:b2:75:d6:73:ab:d9:eb:
+ ed:0e:e8:e5:7b:28:c6:9d:04:b1:ed:47:97:2b:d3:
+ 62:01:b3:83:e7:6c:c8:c7:11:82:f3:c8:c0:97:27:
+ 52:8d:54:da:42:98:fb
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 8B:85:13:8E:D2:D4:4D:3F:AE:DD:0D:38:D0:65:84:40:E9:2A:3F:02
+ X509v3 Authority Key Identifier:
+ keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6
+ DirName:/CN=USER OpenVPN CA
+ serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:30:28:fe:ea:a7:50:e0:71:a6:51:36:4e:19:42:f7:
+ 01:c4:d0:fd:a2:66:f3:4c:28:15:81:51:9d:75:33:88:3e:6e:
+ 96:02:e4:67:be:26:cf:05:81:18:c3:e6:96:7f:73:2a:02:31:
+ 00:fc:ea:f1:0c:28:55:3b:9e:d1:5f:46:c7:41:0f:da:48:c5:
+ a6:35:45:19:07:f1:ad:59:2a:ae:0b:60:c6:f3:7d:a8:af:4f:
+ 71:50:5d:bb:fb:a7:55:7c:6c:b2:ce:12:c4
+-----BEGIN CERTIFICATE-----
+MIICDDCCAZKgAwIBAgIRAKy2Sf3C47gcVCxmHwQS4bYwCgYIKoZIzj0EAwIwGjEY
+MBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDczMDEzMTYyNVoXDTIyMDcx
+NDEzMTYyNVowDzENMAsGA1UEAwwEcXFjczB2MBAGByqGSM49AgEGBSuBBAAiA2IA
+BErDpTA+NTCZNGhISAgFlsm0QMzlCYHjRweEWWNZ+MWSfzW6aBsU0vPaORSX4xEJ
+2E80YZ2yddZzq9nr7Q7o5Xsoxp0Ese1HlyvTYgGzg+dsyMcRgvPIwJcnUo1U2kKY
++6OBpjCBozAJBgNVHRMEAjAAMB0GA1UdDgQWBBSLhROO0tRNP67dDTjQZYRA6So/
+AjBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYGA1UE
+AwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DATBgNVHSUE
+DDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZIzj0EAwIDaAAwZQIwKP7q
+p1DgcaZRNk4ZQvcBxND9ombzTCgVgVGddTOIPm6WAuRnvibPBYEYw+aWf3MqAjEA
+/OrxDChVO57RX0bHQQ/aSMWmNUUZB/GtWSquC2DG832or09xUF27+6dVfGyyzhLE
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ b5:63:ff:7c:ff:87:23:f8:fd:6c:cd:82:85:1f:fa:31
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=USER OpenVPN CA
+ Validity
+ Not Before: Mar 26 10:41:42 2020 GMT
+ Not After : Mar 11 10:41:42 2023 GMT
+ Subject: CN=thering
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:18:e6:74:25:a4:09:6a:83:9f:bc:71:e8:8e:c1:
+ 44:73:6c:60:17:3a:29:a4:11:40:94:9d:ad:aa:f4:
+ 37:03:cc:83:a7:28:5b:58:c8:0b:40:bf:ec:c8:83:
+ 6e:41:db:56:24:37:56:7f:ba:25:57:09:76:82:27:
+ 45:93:e9:65:25:aa:55:f1:cb:48:d8:8b:d2:65:dc:
+ 8e:51:71:e8:60:d1:2e:88:34:f4:d1:f3:c2:81:3a:
+ 36:9a:9c:08:7f:ac:c7
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ DE:BA:42:67:DA:26:9A:79:0C:E4:D7:AB:BA:DA:0A:02:71:D0:48:FE
+ X509v3 Authority Key Identifier:
+ keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6
+ DirName:/CN=USER OpenVPN CA
+ serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:31:00:87:c1:1b:d1:15:d9:85:62:f9:58:ff:0b:30:
+ a0:3b:c7:31:ca:46:0c:71:0c:55:9d:83:a3:a9:32:93:94:7a:
+ 6b:b4:54:e2:a3:e6:be:de:aa:29:bc:77:a7:9e:1b:cc:6f:02:
+ 30:66:a5:9a:15:42:7f:e4:ad:00:be:0b:73:70:20:1b:c1:65:
+ 40:15:22:28:51:8a:d1:7a:06:3a:50:2c:d2:56:0d:48:2c:7a:
+ f4:b1:63:3e:ac:7f:01:c8:ac:bc:04:ce:b9
+-----BEGIN CERTIFICATE-----
+MIICDzCCAZWgAwIBAgIRALVj/3z/hyP4/WzNgoUf+jEwCgYIKoZIzj0EAwIwGjEY
+MBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTIwMDMyNjEwNDE0MloXDTIzMDMx
+MTEwNDE0MlowEjEQMA4GA1UEAwwHdGhlcmluZzB2MBAGByqGSM49AgEGBSuBBAAi
+A2IABBjmdCWkCWqDn7xx6I7BRHNsYBc6KaQRQJSdrar0NwPMg6coW1jIC0C/7MiD
+bkHbViQ3Vn+6JVcJdoInRZPpZSWqVfHLSNiL0mXcjlFx6GDRLog09NHzwoE6Npqc
+CH+sx6OBpjCBozAJBgNVHRMEAjAAMB0GA1UdDgQWBBTeukJn2iaaeQzk16u62goC
+cdBI/jBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG
+A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DATBgNV
+HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZIzj0EAwIDaAAwZQIx
+AIfBG9EV2YVi+Vj/CzCgO8cxykYMcQxVnYOjqTKTlHprtFTio+a+3qopvHennhvM
+bwIwZqWaFUJ/5K0AvgtzcCAbwWVAFSIoUYrRegY6UCzSVg1ILHr0sWM+rH8ByKy8
+BM65
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ ee:43:78:cd:16:7f:a5:7c:d5:10:b8:71:1f:5e:50:4e
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=USER OpenVPN CA
+ Validity
+ Not Before: Aug 2 08:47:52 2019 GMT
+ Not After : Jul 17 08:47:52 2022 GMT
+ Subject: CN=dhorvath
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:c2:77:2a:57:01:7b:d9:0b:e0:e0:69:7e:2a:df:
+ 05:b8:91:4e:50:51:e9:52:bd:a5:fa:01:ad:62:0a:
+ 69:10:82:6f:aa:84:64:33:71:d9:96:ca:9c:05:ce:
+ d9:13:99:b0:d9:d5:4d:d9:1a:43:8c:41:d5:e7:0a:
+ ae:92:6c:f6:7f:bf:73:b6:ff:bd:a4:bb:fc:d9:0c:
+ 36:0d:e2:f4:78:24:bb:cd:ac:e9:04:d6:9c:a5:2b:
+ ce:d7:0e:85:85:10:f1
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ D7:31:77:61:74:16:36:31:0A:BF:D2:E5:EA:44:1E:FD:CE:E3:7E:26
+ X509v3 Authority Key Identifier:
+ keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6
+ DirName:/CN=USER OpenVPN CA
+ serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:66:02:31:00:cc:88:44:5d:a2:1b:e2:d5:1f:f6:17:f7:4f:
+ fe:11:b1:6a:e7:9b:cd:bb:35:21:90:9d:a5:07:e8:34:1c:b4:
+ 29:b6:a1:ff:d1:d9:d3:60:a1:04:ed:47:17:d5:81:53:bf:02:
+ 31:00:db:af:26:de:3e:0a:b9:2b:e7:43:a0:34:10:96:fb:7c:
+ 25:4a:dd:e6:82:bc:5a:f0:f9:ea:cc:10:3f:2f:18:09:eb:32:
+ f3:83:d4:49:b1:7b:30:d4:d0:3f:9c:00:75:7b
+-----BEGIN CERTIFICATE-----
+MIICETCCAZagAwIBAgIRAO5DeM0Wf6V81RC4cR9eUE4wCgYIKoZIzj0EAwIwGjEY
+MBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDgwMjA4NDc1MloXDTIyMDcx
+NzA4NDc1MlowEzERMA8GA1UEAwwIZGhvcnZhdGgwdjAQBgcqhkjOPQIBBgUrgQQA
+IgNiAATCdypXAXvZC+DgaX4q3wW4kU5QUelSvaX6Aa1iCmkQgm+qhGQzcdmWypwF
+ztkTmbDZ1U3ZGkOMQdXnCq6SbPZ/v3O2/72ku/zZDDYN4vR4JLvNrOkE1pylK87X
+DoWFEPGjgaYwgaMwCQYDVR0TBAIwADAdBgNVHQ4EFgQU1zF3YXQWNjEKv9Ll6kQe
+/c7jfiYwVQYDVR0jBE4wTIAU2zdHopAimnwj+TFi6Mle0WVGGdahHqQcMBoxGDAW
+BgNVBAMMD1VTRVIgT3BlblZQTiBDQYIUFpM3siy07jymSvRE5W3KA5SgaewwEwYD
+VR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMCA2kAMGYC
+MQDMiERdohvi1R/2F/dP/hGxauebzbs1IZCdpQfoNBy0Kbah/9HZ02ChBO1HF9WB
+U78CMQDbrybePgq5K+dDoDQQlvt8JUrd5oK8WvD56swQPy8YCesy84PUSbF7MNTQ
+P5wAdXs=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ f6:01:86:d6:4b:85:3a:3d:d9:f8:79:9f:b8:17:c3:01
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=USER OpenVPN CA
+ Validity
+ Not Before: Jul 30 13:15:29 2019 GMT
+ Not After : Jul 14 13:15:29 2022 GMT
+ Subject: CN=rrendek
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:ea:c4:ab:e1:24:42:91:06:17:73:d6:d9:87:17:
+ 29:a8:05:73:be:5a:54:38:3e:c9:dd:78:55:ca:e2:
+ 27:e6:44:1a:22:5b:3a:15:68:61:bf:ae:ce:05:a5:
+ c9:98:f7:a3:ff:0e:b9:db:8e:fc:15:ac:76:41:c8:
+ 6e:de:85:38:cb:1f:b1:98:41:df:4e:18:62:24:04:
+ 95:5a:16:6b:0b:fd:13:e3:26:8b:76:d3:9a:54:6c:
+ 9b:19:3c:55:de:d0:2e
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ D5:73:9E:FA:32:4C:D8:2A:E0:33:CF:15:F6:C0:D5:E9:56:5A:D0:EE
+ X509v3 Authority Key Identifier:
+ keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6
+ DirName:/CN=USER OpenVPN CA
+ serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:30:49:21:38:44:26:a9:96:15:98:29:c4:4f:04:25:
+ be:35:90:bc:44:00:60:0d:6a:f7:f8:d4:ed:58:ea:28:45:f2:
+ 99:33:d1:e3:2e:82:4e:04:bb:e5:27:10:ea:64:b8:83:02:31:
+ 00:c3:59:fe:dc:8a:a1:e4:d1:30:09:51:2a:d8:d2:76:af:dc:
+ 28:b2:d3:0d:ad:f3:19:91:b5:92:e6:8b:b4:77:d8:c3:87:f8:
+ 7b:39:94:ab:f2:c0:06:c1:c4:43:b8:0e:16
+-----BEGIN CERTIFICATE-----
+MIICDzCCAZWgAwIBAgIRAPYBhtZLhTo92fh5n7gXwwEwCgYIKoZIzj0EAwIwGjEY
+MBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDczMDEzMTUyOVoXDTIyMDcx
+NDEzMTUyOVowEjEQMA4GA1UEAwwHcnJlbmRlazB2MBAGByqGSM49AgEGBSuBBAAi
+A2IABOrEq+EkQpEGF3PW2YcXKagFc75aVDg+yd14VcriJ+ZEGiJbOhVoYb+uzgWl
+yZj3o/8OuduO/BWsdkHIbt6FOMsfsZhB304YYiQElVoWawv9E+Mmi3bTmlRsmxk8
+Vd7QLqOBpjCBozAJBgNVHRMEAjAAMB0GA1UdDgQWBBTVc576MkzYKuAzzxX2wNXp
+VlrQ7jBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG
+A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DATBgNV
+HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZIzj0EAwIDaAAwZQIw
+SSE4RCaplhWYKcRPBCW+NZC8RABgDWr3+NTtWOooRfKZM9HjLoJOBLvlJxDqZLiD
+AjEAw1n+3Iqh5NEwCVEq2NJ2r9wostMNrfMZkbWS5ou0d9jDh/h7OZSr8sAGwcRD
+uA4W
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN X509 CRL-----
+MIIBHDCBpAIBATAKBggqhkjOPQQDAjAaMRgwFgYDVQQDDA9VU0VSIE9wZW5WUE4g
+Q0EXDTIwMDEyNzEyMDkyMFoXDTIwMDcyNTEyMDkyMFqgWTBXMFUGA1UdIwROMEyA
+FNs3R6KQIpp8I/kxYujJXtFlRhnWoR6kHDAaMRgwFgYDVQQDDA9VU0VSIE9wZW5W
+UE4gQ0GCFBaTN7IstO48pkr0ROVtygOUoGnsMAoGCCqGSM49BAMCA2cAMGQCMCSK
+OFDvc+LfpeUGXWamFRsZGpS5GSsTZ1qqs4FfG3S2BfgxopiepNJOPh8bwzXDMgIw
+a2cSXw5zpYIk16o/VodiF8zu6WymAkhKQ5EU5k2r3G2ELzMzjp3iltON6ffVYkre
+-----END X509 CRL-----
--- /dev/null
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEAhdskhioTTeqbN4UtIAU05EVawl1yG3q6P+xy5WzWnKZSe8y2/4uv
+SVs1IbubGWk4Xqvlz4TOnYi9nNYIL5rA9Ov7YXs5JCYDjLV4nZWB9CQZs1vy8/GZ
+j6zvfblvWqH7vjWcrPsSaCse0n1+UKcGNC7tYOOJZf7MbvhKonvC+vldBgWkgHkJ
+vfJTkhjjXKnf7p3zKBfTPyyXqmKC7A+rtkT96L4y2FsU1t9+6eurj6zfzWalhyRF
+YrKnKENpHVHtAMs4/Wcbo9wQPHHWAvQDLoq1uUyjU2BlYSirxdeJwSFPI29nOPeN
+SMJ1fgI6Dwq9yU88UzGoH1klOjv8PzRyQwIBAg==
+-----END DH PARAMETERS-----
--- /dev/null
+-----BEGIN EC PARAMETERS-----
+BgUrgQQAIg==
+-----END EC PARAMETERS-----
--- /dev/null
+# X509 extensions added to every signed cert
+
+# This file is included for every cert signed, and by default does nothing.
+# It could be used to add values every cert should have, such as a CDP as
+# demonstrated in the following example:
+
+#crlDistributionPoints = URI:http://example.net/pki/my_ca.crl
+# X509 extensions for a client
+
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+extendedKeyUsage = clientAuth
+keyUsage = digitalSignature
+
--- /dev/null
+V 220714130435Z AB517AC1C6BF8C355CA1EA625ACA6784 unknown /CN=server
+V 220714131251Z 26846A96D0DB00703B7DC8AAD60A5B07 unknown /CN=akosztolanyi
+V 220714131311Z 29F1F8311793D758D5AD0ECEA7267033 unknown /CN=azsamboki
+V 220714131322Z 466EF08C89776434622CEABEE1DF9368 unknown /CN=bcsoka
+V 220714131336Z A174ECE4D95256FAD7AD431C5E3AE284 unknown /CN=csgulyas
+V 220714131349Z 12232170B0F9E3C1FE60D86EEC973512 unknown /CN=cslevai
+V 220714131404Z 075BCC380AA760E433EADC635FDA65BB unknown /CN=dvasary
+V 220714131415Z 3206AF0B00A2DD98266113A2F8C5F8E7 unknown /CN=fritter
+V 220714131427Z 62DE031122C64B00AC33D5E58A250FFF unknown /CN=fschnell
+V 220714131438Z 469E0BAA82D007B19DFCC487C56C9E80 unknown /CN=ifabian
+V 220714131453Z 6802688CE3BB71C1E867CA490A9D0B4C unknown /CN=khorvath
+V 220714131502Z 394BDD541C1082EAC5CD4D9DFEB6D4D3 unknown /CN=kkele
+V 220714131516Z 237BC768F37B5C8E1763B5673ED3101C unknown /CN=mszabo
+V 220714131529Z F60186D64B853A3DD9F8799FB817C301 unknown /CN=rrendek
+V 220714131551Z 4BDF84B37B17CEE109879B67054B2791 unknown /CN=tsuhajda
+V 220714131602Z 6B9D83083D87CC880ADEBCCD3B5CEF4D unknown /CN=zbartakovics
+V 220714131617Z 3413803E217F3BDD0AAFD5CB0D174B3C unknown /CN=zfelleg
+V 220714131625Z ACB649FDC2E3B81C542C661F0412E1B6 unknown /CN=qqcs
+V 220717084752Z EE4378CD167FA57CD510B8711F5E504E unknown /CN=dhorvath
+V 220922085729Z 6CECAC4AD54FBC03E472A59B0727AF32 unknown /CN=bme
+V 230311104127Z 585AA97D7CCAB52C4957BBBF91374261 unknown /CN=kkancz
+V 230311104142Z B563FF7CFF8723F8FD6CCD82851FFA31 unknown /CN=thering
--- /dev/null
+unique_subject = no
--- /dev/null
+unique_subject = no
--- /dev/null
+V 220714130435Z AB517AC1C6BF8C355CA1EA625ACA6784 unknown /CN=server
+V 220714131251Z 26846A96D0DB00703B7DC8AAD60A5B07 unknown /CN=akosztolanyi
+V 220714131311Z 29F1F8311793D758D5AD0ECEA7267033 unknown /CN=azsamboki
+V 220714131322Z 466EF08C89776434622CEABEE1DF9368 unknown /CN=bcsoka
+V 220714131336Z A174ECE4D95256FAD7AD431C5E3AE284 unknown /CN=csgulyas
+V 220714131349Z 12232170B0F9E3C1FE60D86EEC973512 unknown /CN=cslevai
+V 220714131404Z 075BCC380AA760E433EADC635FDA65BB unknown /CN=dvasary
+V 220714131415Z 3206AF0B00A2DD98266113A2F8C5F8E7 unknown /CN=fritter
+V 220714131427Z 62DE031122C64B00AC33D5E58A250FFF unknown /CN=fschnell
+V 220714131438Z 469E0BAA82D007B19DFCC487C56C9E80 unknown /CN=ifabian
+V 220714131453Z 6802688CE3BB71C1E867CA490A9D0B4C unknown /CN=khorvath
+V 220714131502Z 394BDD541C1082EAC5CD4D9DFEB6D4D3 unknown /CN=kkele
+V 220714131516Z 237BC768F37B5C8E1763B5673ED3101C unknown /CN=mszabo
+V 220714131529Z F60186D64B853A3DD9F8799FB817C301 unknown /CN=rrendek
+V 220714131551Z 4BDF84B37B17CEE109879B67054B2791 unknown /CN=tsuhajda
+V 220714131602Z 6B9D83083D87CC880ADEBCCD3B5CEF4D unknown /CN=zbartakovics
+V 220714131617Z 3413803E217F3BDD0AAFD5CB0D174B3C unknown /CN=zfelleg
+V 220714131625Z ACB649FDC2E3B81C542C661F0412E1B6 unknown /CN=qqcs
+V 220717084752Z EE4378CD167FA57CD510B8711F5E504E unknown /CN=dhorvath
+V 220922085729Z 6CECAC4AD54FBC03E472A59B0727AF32 unknown /CN=bme
+V 230311104127Z 585AA97D7CCAB52C4957BBBF91374261 unknown /CN=kkancz
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 26:84:6a:96:d0:db:00:70:3b:7d:c8:aa:d6:0a:5b:07
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=USER OpenVPN CA
+ Validity
+ Not Before: Jul 30 13:12:51 2019 GMT
+ Not After : Jul 14 13:12:51 2022 GMT
+ Subject: CN=akosztolanyi
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:97:d4:89:82:0c:1b:ad:c4:4b:dd:4c:19:a5:f5:
+ d8:3c:42:9d:d2:b0:0d:9e:6c:a6:a8:62:9a:bf:fd:
+ 78:9d:76:f4:02:ad:51:9f:97:12:59:bc:c1:a3:a0:
+ 17:35:76:2f:74:ea:b9:d3:72:4b:35:94:40:f3:7e:
+ b5:1c:af:51:d1:b4:d3:7a:69:3d:7f:1e:51:97:fe:
+ e3:4a:ec:01:c6:e9:89:e9:8e:b7:94:a3:72:12:6e:
+ 66:c5:a2:de:ad:27:e2
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ E9:6C:48:68:A1:BA:B9:7D:A3:9C:BF:89:F3:87:51:9B:B1:6C:9B:16
+ X509v3 Authority Key Identifier:
+ keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6
+ DirName:/CN=USER OpenVPN CA
+ serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:30:6c:e9:e9:01:19:c4:53:40:ff:e6:bb:36:1f:51:
+ cd:1f:40:88:1d:e2:b3:8d:61:48:5d:ec:de:f8:20:c1:21:b1:
+ 38:5e:0b:c3:f7:ae:9c:41:38:36:73:a0:06:b6:a4:55:02:31:
+ 00:cc:50:fa:3f:7a:6c:6b:90:bf:6a:c6:af:1e:94:88:b7:90:
+ 5d:b7:27:cf:b3:28:bc:ee:31:99:f0:9b:87:48:06:d2:6d:24:
+ f0:d1:ad:be:94:b8:22:64:63:0f:d0:2d:85
+-----BEGIN CERTIFICATE-----
+MIICEzCCAZmgAwIBAgIQJoRqltDbAHA7fciq1gpbBzAKBggqhkjOPQQDAjAaMRgw
+FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxMjUxWhcNMjIwNzE0
+MTMxMjUxWjAXMRUwEwYDVQQDDAxha29zenRvbGFueWkwdjAQBgcqhkjOPQIBBgUr
+gQQAIgNiAASX1ImCDButxEvdTBml9dg8Qp3SsA2ebKaoYpq//XiddvQCrVGflxJZ
+vMGjoBc1di906rnTcks1lEDzfrUcr1HRtNN6aT1/HlGX/uNK7AHG6YnpjreUo3IS
+bmbFot6tJ+KjgaYwgaMwCQYDVR0TBAIwADAdBgNVHQ4EFgQU6WxIaKG6uX2jnL+J
+84dRm7FsmxYwVQYDVR0jBE4wTIAU2zdHopAimnwj+TFi6Mle0WVGGdahHqQcMBox
+GDAWBgNVBAMMD1VTRVIgT3BlblZQTiBDQYIUFpM3siy07jymSvRE5W3KA5Sgaeww
+EwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMCA2gA
+MGUCMGzp6QEZxFNA/+a7Nh9RzR9AiB3is41hSF3s3vggwSGxOF4Lw/eunEE4NnOg
+BrakVQIxAMxQ+j96bGuQv2rGrx6UiLeQXbcnz7MovO4xmfCbh0gG0m0k8NGtvpS4
+ImRjD9AthQ==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 29:f1:f8:31:17:93:d7:58:d5:ad:0e:ce:a7:26:70:33
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=USER OpenVPN CA
+ Validity
+ Not Before: Jul 30 13:13:11 2019 GMT
+ Not After : Jul 14 13:13:11 2022 GMT
+ Subject: CN=azsamboki
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:34:0d:f3:0e:e6:05:69:f3:24:7d:ef:19:0c:ce:
+ 04:bd:24:34:e3:8c:e5:2b:7e:3f:70:39:55:9b:2e:
+ 73:fa:c6:4e:44:42:95:69:82:13:85:98:63:5a:25:
+ dc:1c:b2:32:9c:97:01:b5:fb:c4:dd:59:05:8a:ab:
+ b6:c1:b2:13:03:0a:e3:8b:e7:ea:62:c1:71:1b:4f:
+ 20:74:9c:0b:df:46:56:6c:03:d5:8c:d8:4c:02:e9:
+ 6e:62:3a:1f:b3:0e:ba
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 19:A1:EF:03:DB:DF:4F:40:2A:FD:35:E0:C9:ED:DD:75:47:2F:32:1B
+ X509v3 Authority Key Identifier:
+ keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6
+ DirName:/CN=USER OpenVPN CA
+ serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:31:00:d2:08:c6:1b:75:81:72:2e:c6:46:cd:47:11:
+ 2e:7c:3e:ba:e2:75:1c:8c:48:e1:4f:ac:61:5b:07:26:97:cc:
+ 0a:38:7f:0d:e4:63:35:c6:a5:8e:39:f3:4c:18:79:6d:0a:02:
+ 30:54:57:e5:dd:49:2b:8e:3e:89:ef:87:2f:d4:f4:ef:a3:95:
+ 2d:f5:87:5a:3a:1f:93:58:7d:c5:fe:9a:45:f1:8f:d1:44:13:
+ 30:b0:07:c0:b6:80:35:3f:b8:a8:96:c7:8c
+-----BEGIN CERTIFICATE-----
+MIICEDCCAZagAwIBAgIQKfH4MReT11jVrQ7OpyZwMzAKBggqhkjOPQQDAjAaMRgw
+FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxMzExWhcNMjIwNzE0
+MTMxMzExWjAUMRIwEAYDVQQDDAlhenNhbWJva2kwdjAQBgcqhkjOPQIBBgUrgQQA
+IgNiAAQ0DfMO5gVp8yR97xkMzgS9JDTjjOUrfj9wOVWbLnP6xk5EQpVpghOFmGNa
+JdwcsjKclwG1+8TdWQWKq7bBshMDCuOL5+piwXEbTyB0nAvfRlZsA9WM2EwC6W5i
+Oh+zDrqjgaYwgaMwCQYDVR0TBAIwADAdBgNVHQ4EFgQUGaHvA9vfT0Aq/TXgye3d
+dUcvMhswVQYDVR0jBE4wTIAU2zdHopAimnwj+TFi6Mle0WVGGdahHqQcMBoxGDAW
+BgNVBAMMD1VTRVIgT3BlblZQTiBDQYIUFpM3siy07jymSvRE5W3KA5SgaewwEwYD
+VR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMCA2gAMGUC
+MQDSCMYbdYFyLsZGzUcRLnw+uuJ1HIxI4U+sYVsHJpfMCjh/DeRjNcaljjnzTBh5
+bQoCMFRX5d1JK44+ie+HL9T076OVLfWHWjofk1h9xf6aRfGP0UQTMLAHwLaANT+4
+qJbHjA==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 46:6e:f0:8c:89:77:64:34:62:2c:ea:be:e1:df:93:68
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=USER OpenVPN CA
+ Validity
+ Not Before: Jul 30 13:13:22 2019 GMT
+ Not After : Jul 14 13:13:22 2022 GMT
+ Subject: CN=bcsoka
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:a7:95:bf:6c:8e:0f:34:9c:ca:14:8b:33:4d:80:
+ 55:98:1e:10:c3:e9:84:7f:72:4d:f2:61:68:70:59:
+ c7:6f:6d:02:c4:22:cf:58:80:e7:35:18:6e:ee:11:
+ fe:29:01:c3:ea:79:85:83:e6:0c:6f:c5:d8:7f:9f:
+ d5:55:27:7b:a8:17:14:2d:94:e5:c4:a4:9f:ac:b8:
+ 38:02:c0:41:5a:1a:8a:63:e5:c3:52:27:62:57:0b:
+ 14:6b:36:cc:8e:51:3f
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 5A:57:D9:73:6A:27:49:66:7D:18:9E:2A:96:1F:4C:49:7E:AD:9C:15
+ X509v3 Authority Key Identifier:
+ keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6
+ DirName:/CN=USER OpenVPN CA
+ serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:30:2b:52:16:40:fb:43:11:6a:9a:45:62:58:5b:f5:
+ 19:34:3f:32:fe:f7:d0:82:4a:32:98:61:0f:22:22:99:9a:16:
+ b3:94:79:46:fe:a2:7a:9c:9a:86:a6:31:4e:72:f4:54:02:31:
+ 00:94:2c:a6:21:e6:78:73:3e:d9:93:89:c6:72:72:8e:1d:17:
+ 87:07:27:22:2c:5d:2c:00:f1:38:1f:17:fb:0e:c1:c9:52:80:
+ 52:ba:1c:79:93:69:c1:59:0e:f0:a0:cd:76
+-----BEGIN CERTIFICATE-----
+MIICDTCCAZOgAwIBAgIQRm7wjIl3ZDRiLOq+4d+TaDAKBggqhkjOPQQDAjAaMRgw
+FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxMzIyWhcNMjIwNzE0
+MTMxMzIyWjARMQ8wDQYDVQQDDAZiY3Nva2EwdjAQBgcqhkjOPQIBBgUrgQQAIgNi
+AASnlb9sjg80nMoUizNNgFWYHhDD6YR/ck3yYWhwWcdvbQLEIs9YgOc1GG7uEf4p
+AcPqeYWD5gxvxdh/n9VVJ3uoFxQtlOXEpJ+suDgCwEFaGopj5cNSJ2JXCxRrNsyO
+UT+jgaYwgaMwCQYDVR0TBAIwADAdBgNVHQ4EFgQUWlfZc2onSWZ9GJ4qlh9MSX6t
+nBUwVQYDVR0jBE4wTIAU2zdHopAimnwj+TFi6Mle0WVGGdahHqQcMBoxGDAWBgNV
+BAMMD1VTRVIgT3BlblZQTiBDQYIUFpM3siy07jymSvRE5W3KA5SgaewwEwYDVR0l
+BAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMCA2gAMGUCMCtS
+FkD7QxFqmkViWFv1GTQ/Mv730IJKMphhDyIimZoWs5R5Rv6iepyahqYxTnL0VAIx
+AJQspiHmeHM+2ZOJxnJyjh0XhwcnIixdLADxOB8X+w7ByVKAUroceZNpwVkO8KDN
+dg==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 6c:ec:ac:4a:d5:4f:bc:03:e4:72:a5:9b:07:27:af:32
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=USER OpenVPN CA
+ Validity
+ Not Before: Oct 8 08:57:29 2019 GMT
+ Not After : Sep 22 08:57:29 2022 GMT
+ Subject: CN=bme
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:86:d3:5d:6e:be:3e:91:90:d7:a3:2c:d2:6a:2a:
+ 4f:bb:cd:52:4e:46:5b:1b:60:f0:cb:aa:5b:b4:88:
+ 71:f4:71:00:e4:b8:cb:74:ce:b8:9d:c1:fd:5c:69:
+ a7:28:66:21:43:11:4a:35:06:cb:1c:57:0b:37:9b:
+ f1:2f:78:2a:d2:1d:01:49:66:71:25:74:74:0e:be:
+ 93:75:40:6c:cb:0a:81:0e:23:7c:b7:f9:9b:e1:d0:
+ c4:d2:1c:6d:da:ca:f2
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ F9:F8:F4:23:C5:01:A0:4F:6A:66:BB:D9:A0:AB:2E:5A:4D:05:10:96
+ X509v3 Authority Key Identifier:
+ keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6
+ DirName:/CN=USER OpenVPN CA
+ serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:64:02:30:1c:97:83:ea:9d:3f:9e:9b:99:26:1f:42:df:01:
+ b0:d5:33:0b:b5:40:9d:be:20:1c:c2:ef:ab:7e:1b:14:d6:72:
+ e2:43:19:6c:ec:2b:db:cf:ab:bf:21:27:2e:4f:0f:80:02:30:
+ 7e:e7:f7:c3:21:78:67:a5:71:7b:cb:45:cd:6f:8c:07:36:de:
+ fb:77:0a:08:f6:c7:3b:06:eb:f8:37:f0:2c:06:6b:c6:2a:95:
+ 0c:02:e4:87:34:ee:f9:af:93:27:b1:b5
+-----BEGIN CERTIFICATE-----
+MIICCTCCAZCgAwIBAgIQbOysStVPvAPkcqWbByevMjAKBggqhkjOPQQDAjAaMRgw
+FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkxMDA4MDg1NzI5WhcNMjIwOTIy
+MDg1NzI5WjAOMQwwCgYDVQQDDANibWUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASG
+011uvj6RkNejLNJqKk+7zVJORlsbYPDLqlu0iHH0cQDkuMt0zridwf1caacoZiFD
+EUo1BsscVws3m/EveCrSHQFJZnEldHQOvpN1QGzLCoEOI3y3+Zvh0MTSHG3ayvKj
+gaYwgaMwCQYDVR0TBAIwADAdBgNVHQ4EFgQU+fj0I8UBoE9qZrvZoKsuWk0FEJYw
+VQYDVR0jBE4wTIAU2zdHopAimnwj+TFi6Mle0WVGGdahHqQcMBoxGDAWBgNVBAMM
+D1VTRVIgT3BlblZQTiBDQYIUFpM3siy07jymSvRE5W3KA5SgaewwEwYDVR0lBAww
+CgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMCA2cAMGQCMByXg+qd
+P56bmSYfQt8BsNUzC7VAnb4gHMLvq34bFNZy4kMZbOwr28+rvyEnLk8PgAIwfuf3
+wyF4Z6Vxe8tFzW+MBzbe+3cKCPbHOwbr+DfwLAZrxiqVDALkhzTu+a+TJ7G1
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ a1:74:ec:e4:d9:52:56:fa:d7:ad:43:1c:5e:3a:e2:84
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=USER OpenVPN CA
+ Validity
+ Not Before: Jul 30 13:13:36 2019 GMT
+ Not After : Jul 14 13:13:36 2022 GMT
+ Subject: CN=csgulyas
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:82:03:91:ad:e7:76:b7:8d:51:86:6d:cc:e3:15:
+ 91:6c:ac:31:e7:6d:e1:44:0d:c3:29:95:7c:5e:e1:
+ e8:37:aa:00:f6:47:74:18:e7:28:90:95:16:6c:08:
+ e2:9f:d7:24:55:46:22:1c:19:9f:06:4b:9b:8e:96:
+ 4b:5d:bb:c0:ad:35:5a:06:73:10:36:32:1d:89:e6:
+ b1:9e:f3:62:0d:8f:85:70:72:4c:48:4a:47:f0:fa:
+ eb:f6:7b:9c:7f:a8:7a
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 7E:44:12:28:E0:31:C6:7D:40:5A:E4:D5:86:5D:90:10:CC:14:12:33
+ X509v3 Authority Key Identifier:
+ keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6
+ DirName:/CN=USER OpenVPN CA
+ serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:30:2c:e3:e6:64:cd:43:ae:4a:9c:d7:40:66:cb:b2:
+ 1e:90:c3:97:17:32:f8:df:62:fd:54:32:d3:85:ee:bb:71:5e:
+ 4a:e2:23:ea:a4:cb:75:3a:72:ac:ca:f6:1b:f5:6b:57:02:31:
+ 00:e7:0a:38:06:b4:97:17:2c:f3:76:cc:aa:1e:6e:8d:be:12:
+ 7e:0a:ef:d6:34:fa:42:37:e1:6d:d3:bb:1f:75:39:a3:c5:40:
+ 32:37:7e:ba:c1:18:d4:cb:1b:55:62:ad:1b
+-----BEGIN CERTIFICATE-----
+MIICEDCCAZagAwIBAgIRAKF07OTZUlb6161DHF464oQwCgYIKoZIzj0EAwIwGjEY
+MBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDczMDEzMTMzNloXDTIyMDcx
+NDEzMTMzNlowEzERMA8GA1UEAwwIY3NndWx5YXMwdjAQBgcqhkjOPQIBBgUrgQQA
+IgNiAASCA5Gt53a3jVGGbczjFZFsrDHnbeFEDcMplXxe4eg3qgD2R3QY5yiQlRZs
+COKf1yRVRiIcGZ8GS5uOlktdu8CtNVoGcxA2Mh2J5rGe82INj4VwckxISkfw+uv2
+e5x/qHqjgaYwgaMwCQYDVR0TBAIwADAdBgNVHQ4EFgQUfkQSKOAxxn1AWuTVhl2Q
+EMwUEjMwVQYDVR0jBE4wTIAU2zdHopAimnwj+TFi6Mle0WVGGdahHqQcMBoxGDAW
+BgNVBAMMD1VTRVIgT3BlblZQTiBDQYIUFpM3siy07jymSvRE5W3KA5SgaewwEwYD
+VR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMCA2gAMGUC
+MCzj5mTNQ65KnNdAZsuyHpDDlxcy+N9i/VQy04Xuu3FeSuIj6qTLdTpyrMr2G/Vr
+VwIxAOcKOAa0lxcs83bMqh5ujb4Sfgrv1jT6QjfhbdO7H3U5o8VAMjd+usEY1Msb
+VWKtGw==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 12:23:21:70:b0:f9:e3:c1:fe:60:d8:6e:ec:97:35:12
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=USER OpenVPN CA
+ Validity
+ Not Before: Jul 30 13:13:49 2019 GMT
+ Not After : Jul 14 13:13:49 2022 GMT
+ Subject: CN=cslevai
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:4b:d4:e1:4f:a7:5b:1e:c4:7d:40:27:19:de:bc:
+ cc:78:6b:5a:86:13:48:c4:c0:40:09:4e:1d:cd:b4:
+ f0:8d:14:2e:44:7c:8e:2d:7b:75:27:00:c4:9b:5c:
+ 71:1d:35:ff:f6:91:01:e2:3f:22:4d:f4:59:45:e4:
+ 85:61:a2:30:bb:7f:8e:7f:86:db:79:7a:da:61:00:
+ 72:3d:60:0b:3a:7b:d3:8e:43:d5:21:f9:e5:ef:01:
+ 02:48:0e:aa:07:e0:df
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ A5:71:47:49:34:D9:70:4C:8E:A6:06:51:69:AC:4D:2F:61:9F:3F:D2
+ X509v3 Authority Key Identifier:
+ keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6
+ DirName:/CN=USER OpenVPN CA
+ serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:64:02:30:79:11:b6:e8:91:42:c8:db:cd:fa:27:07:1d:5b:
+ cc:9f:b2:f3:d2:0f:79:7f:7e:83:3a:e9:4b:86:a0:ba:c1:10:
+ 9a:87:21:f0:2c:26:e9:c5:fc:fc:7c:6c:45:79:29:d3:02:30:
+ 0b:74:ab:68:f6:25:3f:d3:2b:eb:a9:13:1d:3d:b1:a8:80:9c:
+ 1f:8f:6f:de:de:2f:a7:7f:ad:5a:a5:18:29:05:99:65:5f:63:
+ 50:31:6e:78:90:e6:12:3e:83:f1:d8:b0
+-----BEGIN CERTIFICATE-----
+MIICDTCCAZSgAwIBAgIQEiMhcLD548H+YNhu7Jc1EjAKBggqhkjOPQQDAjAaMRgw
+FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxMzQ5WhcNMjIwNzE0
+MTMxMzQ5WjASMRAwDgYDVQQDDAdjc2xldmFpMHYwEAYHKoZIzj0CAQYFK4EEACID
+YgAES9ThT6dbHsR9QCcZ3rzMeGtahhNIxMBACU4dzbTwjRQuRHyOLXt1JwDEm1xx
+HTX/9pEB4j8iTfRZReSFYaIwu3+Of4bbeXraYQByPWALOnvTjkPVIfnl7wECSA6q
+B+Dfo4GmMIGjMAkGA1UdEwQCMAAwHQYDVR0OBBYEFKVxR0k02XBMjqYGUWmsTS9h
+nz/SMFUGA1UdIwROMEyAFNs3R6KQIpp8I/kxYujJXtFlRhnWoR6kHDAaMRgwFgYD
+VQQDDA9VU0VSIE9wZW5WUE4gQ0GCFBaTN7IstO48pkr0ROVtygOUoGnsMBMGA1Ud
+JQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjOPQQDAgNnADBkAjB5
+EbbokULI2836JwcdW8yfsvPSD3l/foM66UuGoLrBEJqHIfAsJunF/Px8bEV5KdMC
+MAt0q2j2JT/TK+upEx09saiAnB+Pb97eL6d/rVqlGCkFmWVfY1AxbniQ5hI+g/HY
+sA==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ ee:43:78:cd:16:7f:a5:7c:d5:10:b8:71:1f:5e:50:4e
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=USER OpenVPN CA
+ Validity
+ Not Before: Aug 2 08:47:52 2019 GMT
+ Not After : Jul 17 08:47:52 2022 GMT
+ Subject: CN=dhorvath
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:c2:77:2a:57:01:7b:d9:0b:e0:e0:69:7e:2a:df:
+ 05:b8:91:4e:50:51:e9:52:bd:a5:fa:01:ad:62:0a:
+ 69:10:82:6f:aa:84:64:33:71:d9:96:ca:9c:05:ce:
+ d9:13:99:b0:d9:d5:4d:d9:1a:43:8c:41:d5:e7:0a:
+ ae:92:6c:f6:7f:bf:73:b6:ff:bd:a4:bb:fc:d9:0c:
+ 36:0d:e2:f4:78:24:bb:cd:ac:e9:04:d6:9c:a5:2b:
+ ce:d7:0e:85:85:10:f1
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ D7:31:77:61:74:16:36:31:0A:BF:D2:E5:EA:44:1E:FD:CE:E3:7E:26
+ X509v3 Authority Key Identifier:
+ keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6
+ DirName:/CN=USER OpenVPN CA
+ serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:66:02:31:00:cc:88:44:5d:a2:1b:e2:d5:1f:f6:17:f7:4f:
+ fe:11:b1:6a:e7:9b:cd:bb:35:21:90:9d:a5:07:e8:34:1c:b4:
+ 29:b6:a1:ff:d1:d9:d3:60:a1:04:ed:47:17:d5:81:53:bf:02:
+ 31:00:db:af:26:de:3e:0a:b9:2b:e7:43:a0:34:10:96:fb:7c:
+ 25:4a:dd:e6:82:bc:5a:f0:f9:ea:cc:10:3f:2f:18:09:eb:32:
+ f3:83:d4:49:b1:7b:30:d4:d0:3f:9c:00:75:7b
+-----BEGIN CERTIFICATE-----
+MIICETCCAZagAwIBAgIRAO5DeM0Wf6V81RC4cR9eUE4wCgYIKoZIzj0EAwIwGjEY
+MBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDgwMjA4NDc1MloXDTIyMDcx
+NzA4NDc1MlowEzERMA8GA1UEAwwIZGhvcnZhdGgwdjAQBgcqhkjOPQIBBgUrgQQA
+IgNiAATCdypXAXvZC+DgaX4q3wW4kU5QUelSvaX6Aa1iCmkQgm+qhGQzcdmWypwF
+ztkTmbDZ1U3ZGkOMQdXnCq6SbPZ/v3O2/72ku/zZDDYN4vR4JLvNrOkE1pylK87X
+DoWFEPGjgaYwgaMwCQYDVR0TBAIwADAdBgNVHQ4EFgQU1zF3YXQWNjEKv9Ll6kQe
+/c7jfiYwVQYDVR0jBE4wTIAU2zdHopAimnwj+TFi6Mle0WVGGdahHqQcMBoxGDAW
+BgNVBAMMD1VTRVIgT3BlblZQTiBDQYIUFpM3siy07jymSvRE5W3KA5SgaewwEwYD
+VR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMCA2kAMGYC
+MQDMiERdohvi1R/2F/dP/hGxauebzbs1IZCdpQfoNBy0Kbah/9HZ02ChBO1HF9WB
+U78CMQDbrybePgq5K+dDoDQQlvt8JUrd5oK8WvD56swQPy8YCesy84PUSbF7MNTQ
+P5wAdXs=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 07:5b:cc:38:0a:a7:60:e4:33:ea:dc:63:5f:da:65:bb
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=USER OpenVPN CA
+ Validity
+ Not Before: Jul 30 13:14:04 2019 GMT
+ Not After : Jul 14 13:14:04 2022 GMT
+ Subject: CN=dvasary
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:83:4f:51:7b:f1:30:dc:76:25:db:21:fd:11:8a:
+ 39:fc:6f:4a:0f:f5:38:9d:8e:3c:18:c3:e2:b9:9a:
+ 7e:d8:25:9d:69:f1:40:f2:1c:f8:bd:7c:98:e9:1d:
+ 86:78:d0:d5:7b:b1:e6:8a:cb:44:e9:42:6c:61:c4:
+ d9:32:c5:16:f0:76:71:90:58:0f:13:f4:cb:01:02:
+ 68:fa:bb:3e:cb:24:47:e2:87:2d:f2:c6:d9:5f:b8:
+ 16:de:47:aa:bf:02:65
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 61:47:26:E4:48:A5:C7:F8:38:0A:5F:06:FE:F6:35:DC:BB:71:F1:36
+ X509v3 Authority Key Identifier:
+ keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6
+ DirName:/CN=USER OpenVPN CA
+ serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:66:02:31:00:8a:59:88:96:eb:a1:b6:5d:51:39:39:63:b6:
+ 53:c1:1e:01:ae:35:ff:3e:a5:ba:ed:17:a9:0b:2d:a9:86:c3:
+ ae:c1:47:55:9b:16:9f:d7:29:71:28:06:92:6c:da:86:75:02:
+ 31:00:b3:f1:55:67:51:44:2f:fa:5f:c0:65:ce:45:c3:ef:88:
+ f4:80:98:65:69:e5:db:7b:42:71:6f:16:f2:06:5c:ad:e1:ce:
+ fb:dc:fc:46:1f:b2:79:61:5a:c9:81:b5:24:c3
+-----BEGIN CERTIFICATE-----
+MIICDzCCAZSgAwIBAgIQB1vMOAqnYOQz6txjX9pluzAKBggqhkjOPQQDAjAaMRgw
+FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNDA0WhcNMjIwNzE0
+MTMxNDA0WjASMRAwDgYDVQQDDAdkdmFzYXJ5MHYwEAYHKoZIzj0CAQYFK4EEACID
+YgAEg09Re/Ew3HYl2yH9EYo5/G9KD/U4nY48GMPiuZp+2CWdafFA8hz4vXyY6R2G
+eNDVe7HmistE6UJsYcTZMsUW8HZxkFgPE/TLAQJo+rs+yyRH4oct8sbZX7gW3keq
+vwJlo4GmMIGjMAkGA1UdEwQCMAAwHQYDVR0OBBYEFGFHJuRIpcf4OApfBv72Ndy7
+cfE2MFUGA1UdIwROMEyAFNs3R6KQIpp8I/kxYujJXtFlRhnWoR6kHDAaMRgwFgYD
+VQQDDA9VU0VSIE9wZW5WUE4gQ0GCFBaTN7IstO48pkr0ROVtygOUoGnsMBMGA1Ud
+JQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjOPQQDAgNpADBmAjEA
+ilmIluuhtl1ROTljtlPBHgGuNf8+pbrtF6kLLamGw67BR1WbFp/XKXEoBpJs2oZ1
+AjEAs/FVZ1FEL/pfwGXORcPviPSAmGVp5dt7QnFvFvIGXK3hzvvc/EYfsnlhWsmB
+tSTD
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 32:06:af:0b:00:a2:dd:98:26:61:13:a2:f8:c5:f8:e7
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=USER OpenVPN CA
+ Validity
+ Not Before: Jul 30 13:14:15 2019 GMT
+ Not After : Jul 14 13:14:15 2022 GMT
+ Subject: CN=fritter
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:01:16:61:9a:29:9b:00:34:c6:d8:d0:31:87:e7:
+ 2c:fd:7a:7e:e0:6e:f7:26:1a:62:7f:d4:7d:aa:8d:
+ 0e:83:bd:c2:51:8c:cb:34:2b:3d:04:40:4f:2c:6f:
+ 8b:86:9b:7f:de:a2:79:a4:0a:03:4c:70:71:34:ba:
+ f6:f8:d1:e8:92:18:32:d6:78:3d:5d:29:5c:70:a0:
+ b6:80:7f:21:e2:63:09:57:c1:46:fd:9b:d9:7a:2a:
+ b8:13:f2:f7:83:cc:32
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ B1:1A:69:80:EF:74:B3:58:F8:3B:86:7A:86:DF:8C:50:30:56:12:04
+ X509v3 Authority Key Identifier:
+ keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6
+ DirName:/CN=USER OpenVPN CA
+ serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:66:02:31:00:da:29:1d:b3:22:d6:c9:b3:16:e6:14:41:77:
+ fb:87:e7:9c:39:0b:a4:40:42:bf:45:0a:b0:4e:53:89:c9:a9:
+ 6b:90:b7:88:85:bd:f0:9b:a0:a4:4b:fb:e3:2e:6f:d1:ff:02:
+ 31:00:82:ce:d7:ed:cd:94:17:96:d4:65:97:82:11:ae:dd:22:
+ 2c:2f:f2:64:55:ef:e7:25:c9:89:c3:bf:fc:cf:5f:c5:60:00:
+ 2c:e9:7d:36:7b:6b:b8:c0:08:c2:66:f2:f7:ef
+-----BEGIN CERTIFICATE-----
+MIICDzCCAZSgAwIBAgIQMgavCwCi3ZgmYROi+MX45zAKBggqhkjOPQQDAjAaMRgw
+FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNDE1WhcNMjIwNzE0
+MTMxNDE1WjASMRAwDgYDVQQDDAdmcml0dGVyMHYwEAYHKoZIzj0CAQYFK4EEACID
+YgAEARZhmimbADTG2NAxh+cs/Xp+4G73Jhpif9R9qo0Og73CUYzLNCs9BEBPLG+L
+hpt/3qJ5pAoDTHBxNLr2+NHokhgy1ng9XSlccKC2gH8h4mMJV8FG/ZvZeiq4E/L3
+g8wyo4GmMIGjMAkGA1UdEwQCMAAwHQYDVR0OBBYEFLEaaYDvdLNY+DuGeobfjFAw
+VhIEMFUGA1UdIwROMEyAFNs3R6KQIpp8I/kxYujJXtFlRhnWoR6kHDAaMRgwFgYD
+VQQDDA9VU0VSIE9wZW5WUE4gQ0GCFBaTN7IstO48pkr0ROVtygOUoGnsMBMGA1Ud
+JQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjOPQQDAgNpADBmAjEA
+2ikdsyLWybMW5hRBd/uH55w5C6RAQr9FCrBOU4nJqWuQt4iFvfCboKRL++Mub9H/
+AjEAgs7X7c2UF5bUZZeCEa7dIiwv8mRV7+clyYnDv/zPX8VgACzpfTZ7a7jACMJm
+8vfv
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 62:de:03:11:22:c6:4b:00:ac:33:d5:e5:8a:25:0f:ff
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=USER OpenVPN CA
+ Validity
+ Not Before: Jul 30 13:14:27 2019 GMT
+ Not After : Jul 14 13:14:27 2022 GMT
+ Subject: CN=fschnell
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:c1:66:71:37:bb:f5:b6:2c:b0:a0:d6:8c:85:2c:
+ 31:28:d1:5e:d6:23:71:ae:b7:6f:79:12:50:7a:b5:
+ 6c:ee:eb:a0:a9:9b:1a:d5:f3:5d:72:fd:cd:f1:0d:
+ 23:3f:6e:44:7b:1f:c9:8a:1e:fb:51:ad:e2:bf:c8:
+ 12:0d:d0:7a:11:de:ee:c2:6e:06:af:67:c7:51:13:
+ 8c:cf:75:9f:a9:80:42:f2:9c:5a:78:af:29:57:df:
+ b0:c1:d6:d6:3b:42:60
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ B9:32:14:86:9B:D6:96:CB:A1:D9:29:28:C4:F7:93:25:5F:2A:A1:1C
+ X509v3 Authority Key Identifier:
+ keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6
+ DirName:/CN=USER OpenVPN CA
+ serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:64:02:30:61:aa:3e:2c:c7:81:3c:56:1a:87:fe:c8:42:6a:
+ b1:61:dd:1c:6a:21:ac:81:90:ef:04:4c:2f:fc:9f:b7:75:e1:
+ b2:2a:60:f8:67:f0:9a:b4:7f:18:cd:81:68:bf:ae:1b:02:30:
+ 33:0e:e6:86:5d:2e:bc:64:4e:4c:fd:8d:05:45:a6:c0:3d:d8:
+ af:53:fa:37:2f:e5:84:8e:ea:30:80:82:60:96:8e:5d:8f:1f:
+ f2:4f:d1:f7:c0:d1:a0:19:d7:93:95:82
+-----BEGIN CERTIFICATE-----
+MIICDjCCAZWgAwIBAgIQYt4DESLGSwCsM9XliiUP/zAKBggqhkjOPQQDAjAaMRgw
+FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNDI3WhcNMjIwNzE0
+MTMxNDI3WjATMREwDwYDVQQDDAhmc2NobmVsbDB2MBAGByqGSM49AgEGBSuBBAAi
+A2IABMFmcTe79bYssKDWjIUsMSjRXtYjca63b3kSUHq1bO7roKmbGtXzXXL9zfEN
+Iz9uRHsfyYoe+1Gt4r/IEg3QehHe7sJuBq9nx1ETjM91n6mAQvKcWnivKVffsMHW
+1jtCYKOBpjCBozAJBgNVHRMEAjAAMB0GA1UdDgQWBBS5MhSGm9aWy6HZKSjE95Ml
+XyqhHDBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG
+A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DATBgNV
+HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZIzj0EAwIDZwAwZAIw
+Yao+LMeBPFYah/7IQmqxYd0caiGsgZDvBEwv/J+3deGyKmD4Z/CatH8YzYFov64b
+AjAzDuaGXS68ZE5M/Y0FRabAPdivU/o3L+WEjuowgIJglo5djx/yT9H3wNGgGdeT
+lYI=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 46:9e:0b:aa:82:d0:07:b1:9d:fc:c4:87:c5:6c:9e:80
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=USER OpenVPN CA
+ Validity
+ Not Before: Jul 30 13:14:38 2019 GMT
+ Not After : Jul 14 13:14:38 2022 GMT
+ Subject: CN=ifabian
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:ba:65:94:67:08:34:86:c7:0f:94:00:5f:e2:38:
+ 5b:9e:29:5f:76:7a:87:43:5b:37:a4:44:ab:39:72:
+ be:37:0e:3f:c5:ba:55:8b:6c:bd:22:ed:74:54:88:
+ a2:1c:ec:f8:24:37:3f:b3:b2:e3:56:0e:e5:81:cb:
+ ef:48:1d:e5:ea:1f:67:51:5f:20:8b:2f:aa:fe:fe:
+ 8e:d4:be:91:28:94:b6:cc:04:74:90:72:90:10:a0:
+ 7c:42:a2:e3:4c:7f:49
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 0B:41:AE:87:A5:73:BB:DC:4E:16:2E:F3:A0:20:FA:D5:38:52:40:AA
+ X509v3 Authority Key Identifier:
+ keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6
+ DirName:/CN=USER OpenVPN CA
+ serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:30:1f:f9:44:c2:c2:63:91:08:c2:c8:ca:22:28:7d:
+ 9b:84:3d:d1:f7:89:43:26:b0:a6:e7:2c:e5:63:e9:bd:86:81:
+ e5:ad:1a:c2:bb:30:31:05:eb:e9:d3:71:d1:6e:c0:df:02:31:
+ 00:d3:38:d5:bb:9f:d2:a2:92:6e:0e:2a:b4:d9:d6:a9:c9:eb:
+ 5c:c9:ef:33:1c:66:d4:3c:a0:86:07:39:38:14:0c:61:8b:67:
+ 75:20:06:d8:79:0c:65:a2:2d:87:fc:00:04
+-----BEGIN CERTIFICATE-----
+MIICDjCCAZSgAwIBAgIQRp4LqoLQB7Gd/MSHxWyegDAKBggqhkjOPQQDAjAaMRgw
+FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNDM4WhcNMjIwNzE0
+MTMxNDM4WjASMRAwDgYDVQQDDAdpZmFiaWFuMHYwEAYHKoZIzj0CAQYFK4EEACID
+YgAEumWUZwg0hscPlABf4jhbnilfdnqHQ1s3pESrOXK+Nw4/xbpVi2y9Iu10VIii
+HOz4JDc/s7LjVg7lgcvvSB3l6h9nUV8giy+q/v6O1L6RKJS2zAR0kHKQEKB8QqLj
+TH9Jo4GmMIGjMAkGA1UdEwQCMAAwHQYDVR0OBBYEFAtBroelc7vcThYu86Ag+tU4
+UkCqMFUGA1UdIwROMEyAFNs3R6KQIpp8I/kxYujJXtFlRhnWoR6kHDAaMRgwFgYD
+VQQDDA9VU0VSIE9wZW5WUE4gQ0GCFBaTN7IstO48pkr0ROVtygOUoGnsMBMGA1Ud
+JQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjOPQQDAgNoADBlAjAf
++UTCwmORCMLIyiIofZuEPdH3iUMmsKbnLOVj6b2GgeWtGsK7MDEF6+nTcdFuwN8C
+MQDTONW7n9Kikm4OKrTZ1qnJ61zJ7zMcZtQ8oIYHOTgUDGGLZ3UgBth5DGWiLYf8
+AAQ=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 68:02:68:8c:e3:bb:71:c1:e8:67:ca:49:0a:9d:0b:4c
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=USER OpenVPN CA
+ Validity
+ Not Before: Jul 30 13:14:53 2019 GMT
+ Not After : Jul 14 13:14:53 2022 GMT
+ Subject: CN=khorvath
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:10:d0:a2:68:66:ea:40:36:f3:9d:13:e2:bc:e7:
+ 87:92:d4:ca:f2:e6:13:a9:0b:d0:92:b7:a0:24:f0:
+ e4:ce:69:08:e4:e2:c0:66:e0:2a:2a:79:06:e3:d4:
+ 33:e8:6b:94:a7:fb:71:9a:e7:9a:a1:f9:1a:3b:28:
+ 3f:3b:0c:99:5f:2e:cf:17:98:60:10:16:22:c3:1f:
+ 7e:61:62:97:85:36:0a:0a:e9:26:0e:76:c3:88:b8:
+ 8e:e4:80:78:52:b5:9c
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 42:88:C3:F8:81:2A:78:1F:C8:3F:D2:7D:BA:E9:44:09:4A:36:3A:B1
+ X509v3 Authority Key Identifier:
+ keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6
+ DirName:/CN=USER OpenVPN CA
+ serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:30:27:4e:d4:b0:5a:4b:af:6a:d6:a0:b7:ae:b4:57:
+ d1:dc:4e:77:9c:bf:06:c0:bd:3d:06:c3:90:7e:e4:7a:24:1e:
+ e9:a4:76:51:4b:2f:3d:8a:1c:6e:93:0d:de:b1:3c:63:02:31:
+ 00:fb:48:45:89:a8:e7:74:16:4a:1d:5e:a1:ad:b2:d3:34:9f:
+ 95:04:ed:92:1f:a8:ad:05:6f:81:ee:d0:8c:fc:9d:6c:e3:5d:
+ 5a:1b:e8:27:86:20:a0:e4:78:a2:4f:63:b3
+-----BEGIN CERTIFICATE-----
+MIICDzCCAZWgAwIBAgIQaAJojOO7ccHoZ8pJCp0LTDAKBggqhkjOPQQDAjAaMRgw
+FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNDUzWhcNMjIwNzE0
+MTMxNDUzWjATMREwDwYDVQQDDAhraG9ydmF0aDB2MBAGByqGSM49AgEGBSuBBAAi
+A2IABBDQomhm6kA2850T4rznh5LUyvLmE6kL0JK3oCTw5M5pCOTiwGbgKip5BuPU
+M+hrlKf7cZrnmqH5GjsoPzsMmV8uzxeYYBAWIsMffmFil4U2CgrpJg52w4i4juSA
+eFK1nKOBpjCBozAJBgNVHRMEAjAAMB0GA1UdDgQWBBRCiMP4gSp4H8g/0n266UQJ
+SjY6sTBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG
+A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DATBgNV
+HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZIzj0EAwIDaAAwZQIw
+J07UsFpLr2rWoLeutFfR3E53nL8GwL09BsOQfuR6JB7ppHZRSy89ihxukw3esTxj
+AjEA+0hFiajndBZKHV6hrbLTNJ+VBO2SH6itBW+B7tCM/J1s411aG+gnhiCg5Hii
+T2Oz
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 58:5a:a9:7d:7c:ca:b5:2c:49:57:bb:bf:91:37:42:61
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=USER OpenVPN CA
+ Validity
+ Not Before: Mar 26 10:41:27 2020 GMT
+ Not After : Mar 11 10:41:27 2023 GMT
+ Subject: CN=kkancz
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:16:c3:cc:4c:19:91:e6:b3:53:89:7d:7a:1e:ae:
+ 57:89:52:19:d7:e5:c7:d0:68:74:a6:0d:92:e9:09:
+ e7:81:5e:11:02:ea:87:89:20:e7:57:b1:ca:44:b6:
+ cf:5f:01:58:73:94:89:3a:0a:67:fa:9f:c8:c9:16:
+ 8d:e7:72:75:94:8d:52:de:f1:0f:47:a3:15:83:c3:
+ cd:67:c8:14:af:b2:f5:63:08:0c:25:d5:d5:0a:ba:
+ fb:9b:0f:df:e0:45:b4
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 61:CB:25:BC:82:6D:D5:01:DE:15:AF:18:59:C3:D7:34:16:B7:A6:94
+ X509v3 Authority Key Identifier:
+ keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6
+ DirName:/CN=USER OpenVPN CA
+ serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:31:00:ca:f1:79:0b:1b:e1:0f:15:b4:6e:3e:69:9b:
+ 92:a8:bc:fe:2f:5c:96:c0:ad:d7:02:97:e0:ea:f7:08:77:43:
+ 31:22:93:50:19:24:88:91:63:39:b1:1a:80:bf:9d:bf:f1:02:
+ 30:38:5b:c1:af:a7:58:0d:de:b5:19:77:00:33:31:7d:41:c5:
+ 3c:bb:b2:9e:cd:86:66:f6:1a:84:4d:80:b6:28:b5:2b:04:5f:
+ 1c:a3:49:cd:89:2d:21:0a:5f:65:eb:d0:36
+-----BEGIN CERTIFICATE-----
+MIICDTCCAZOgAwIBAgIQWFqpfXzKtSxJV7u/kTdCYTAKBggqhkjOPQQDAjAaMRgw
+FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMjAwMzI2MTA0MTI3WhcNMjMwMzEx
+MTA0MTI3WjARMQ8wDQYDVQQDDAZra2FuY3owdjAQBgcqhkjOPQIBBgUrgQQAIgNi
+AAQWw8xMGZHms1OJfXoerleJUhnX5cfQaHSmDZLpCeeBXhEC6oeJIOdXscpEts9f
+AVhzlIk6Cmf6n8jJFo3ncnWUjVLe8Q9HoxWDw81nyBSvsvVjCAwl1dUKuvubD9/g
+RbSjgaYwgaMwCQYDVR0TBAIwADAdBgNVHQ4EFgQUYcslvIJt1QHeFa8YWcPXNBa3
+ppQwVQYDVR0jBE4wTIAU2zdHopAimnwj+TFi6Mle0WVGGdahHqQcMBoxGDAWBgNV
+BAMMD1VTRVIgT3BlblZQTiBDQYIUFpM3siy07jymSvRE5W3KA5SgaewwEwYDVR0l
+BAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMCA2gAMGUCMQDK
+8XkLG+EPFbRuPmmbkqi8/i9clsCt1wKX4Or3CHdDMSKTUBkkiJFjObEagL+dv/EC
+MDhbwa+nWA3etRl3ADMxfUHFPLuyns2GZvYahE2Atii1KwRfHKNJzYktIQpfZevQ
+Ng==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 39:4b:dd:54:1c:10:82:ea:c5:cd:4d:9d:fe:b6:d4:d3
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=USER OpenVPN CA
+ Validity
+ Not Before: Jul 30 13:15:02 2019 GMT
+ Not After : Jul 14 13:15:02 2022 GMT
+ Subject: CN=kkele
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:0a:e8:ed:f9:1a:f5:b6:17:d7:5f:ff:9e:9c:1e:
+ 1d:11:cf:12:7f:01:11:ca:a2:b1:e0:b5:bc:30:6b:
+ 5c:ff:5e:d2:06:2b:55:a9:0f:55:3a:ae:ee:a6:5e:
+ 74:0d:f6:43:b6:a4:1d:17:2b:0f:87:7b:c2:39:47:
+ 1d:e7:fb:e4:64:d1:00:60:bb:1c:eb:e0:40:82:8d:
+ 77:09:85:d1:1c:37:c8:3e:d5:64:51:0f:1d:71:71:
+ 04:3a:21:6c:a2:57:36
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ B0:47:56:D8:59:56:0D:E2:68:86:01:E8:12:30:4C:EF:D9:7D:EE:F7
+ X509v3 Authority Key Identifier:
+ keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6
+ DirName:/CN=USER OpenVPN CA
+ serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:31:00:df:6c:06:c1:07:aa:bb:76:58:d8:ea:dc:60:
+ ce:e0:5c:a9:32:c0:20:c9:8b:da:3b:7e:98:74:94:96:83:0e:
+ 9f:71:8f:4e:af:72:d0:49:29:06:d0:c8:e9:12:88:67:67:02:
+ 30:77:f4:e3:b5:89:dd:e6:6e:83:65:64:77:09:8e:52:2d:47:
+ 04:80:27:14:25:51:08:97:01:86:e9:23:0d:04:fa:44:89:35:
+ c4:4e:18:84:09:86:cf:5a:7b:6c:0e:09:fd
+-----BEGIN CERTIFICATE-----
+MIICDDCCAZKgAwIBAgIQOUvdVBwQgurFzU2d/rbU0zAKBggqhkjOPQQDAjAaMRgw
+FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNTAyWhcNMjIwNzE0
+MTMxNTAyWjAQMQ4wDAYDVQQDDAVra2VsZTB2MBAGByqGSM49AgEGBSuBBAAiA2IA
+BAro7fka9bYX11//npweHRHPEn8BEcqiseC1vDBrXP9e0gYrVakPVTqu7qZedA32
+Q7akHRcrD4d7wjlHHef75GTRAGC7HOvgQIKNdwmF0Rw3yD7VZFEPHXFxBDohbKJX
+NqOBpjCBozAJBgNVHRMEAjAAMB0GA1UdDgQWBBSwR1bYWVYN4miGAegSMEzv2X3u
+9zBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYGA1UE
+AwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DATBgNVHSUE
+DDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZIzj0EAwIDaAAwZQIxAN9s
+BsEHqrt2WNjq3GDO4FypMsAgyYvaO36YdJSWgw6fcY9Or3LQSSkG0MjpEohnZwIw
+d/TjtYnd5m6DZWR3CY5SLUcEgCcUJVEIlwGG6SMNBPpEiTXEThiECYbPWntsDgn9
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 23:7b:c7:68:f3:7b:5c:8e:17:63:b5:67:3e:d3:10:1c
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=USER OpenVPN CA
+ Validity
+ Not Before: Jul 30 13:15:16 2019 GMT
+ Not After : Jul 14 13:15:16 2022 GMT
+ Subject: CN=mszabo
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:d4:de:f0:4a:f4:a0:8a:bd:52:97:87:c0:f5:28:
+ 87:7d:7b:4c:f3:3d:13:be:6b:f6:61:23:f8:91:fd:
+ 2a:59:db:38:2e:ec:d6:5d:21:c2:b9:e0:8c:38:36:
+ c9:bb:2c:f9:87:f3:c5:53:28:d1:94:03:d3:24:c0:
+ fa:95:b3:19:4a:42:95:94:22:11:4f:82:ea:bf:16:
+ 42:42:90:f1:9e:e9:68:48:2e:b9:db:71:be:48:4a:
+ eb:06:61:63:73:77:18
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 8B:C8:96:C9:E3:FD:F0:F2:13:BD:F3:32:17:FD:4F:40:19:3D:2A:5F
+ X509v3 Authority Key Identifier:
+ keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6
+ DirName:/CN=USER OpenVPN CA
+ serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:66:02:31:00:84:81:10:d7:e4:4f:e6:1d:de:3f:6c:9d:f9:
+ 45:2f:6c:74:c1:ce:65:da:b9:0f:56:2d:3c:08:2d:a9:62:d2:
+ ec:45:46:50:7d:da:d1:0d:73:8c:e9:57:57:3e:2d:49:14:02:
+ 31:00:9e:6a:e2:fa:4f:6d:04:6f:3f:6b:35:9e:1b:6a:94:b8:
+ 3b:f3:79:db:9b:cd:2c:84:48:e9:7a:a9:13:d2:08:b0:d0:f2:
+ c6:22:7e:87:3b:f4:6d:d0:b7:db:c4:b5:ad:5d
+-----BEGIN CERTIFICATE-----
+MIICDjCCAZOgAwIBAgIQI3vHaPN7XI4XY7VnPtMQHDAKBggqhkjOPQQDAjAaMRgw
+FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNTE2WhcNMjIwNzE0
+MTMxNTE2WjARMQ8wDQYDVQQDDAZtc3phYm8wdjAQBgcqhkjOPQIBBgUrgQQAIgNi
+AATU3vBK9KCKvVKXh8D1KId9e0zzPRO+a/ZhI/iR/SpZ2zgu7NZdIcK54Iw4Nsm7
+LPmH88VTKNGUA9MkwPqVsxlKQpWUIhFPguq/FkJCkPGe6WhILrnbcb5ISusGYWNz
+dxijgaYwgaMwCQYDVR0TBAIwADAdBgNVHQ4EFgQUi8iWyeP98PITvfMyF/1PQBk9
+Kl8wVQYDVR0jBE4wTIAU2zdHopAimnwj+TFi6Mle0WVGGdahHqQcMBoxGDAWBgNV
+BAMMD1VTRVIgT3BlblZQTiBDQYIUFpM3siy07jymSvRE5W3KA5SgaewwEwYDVR0l
+BAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMCA2kAMGYCMQCE
+gRDX5E/mHd4/bJ35RS9sdMHOZdq5D1YtPAgtqWLS7EVGUH3a0Q1zjOlXVz4tSRQC
+MQCeauL6T20Ebz9rNZ4bapS4O/N525vNLIRI6XqpE9IIsNDyxiJ+hzv0bdC328S1
+rV0=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ ac:b6:49:fd:c2:e3:b8:1c:54:2c:66:1f:04:12:e1:b6
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=USER OpenVPN CA
+ Validity
+ Not Before: Jul 30 13:16:25 2019 GMT
+ Not After : Jul 14 13:16:25 2022 GMT
+ Subject: CN=qqcs
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:4a:c3:a5:30:3e:35:30:99:34:68:48:48:08:05:
+ 96:c9:b4:40:cc:e5:09:81:e3:47:07:84:59:63:59:
+ f8:c5:92:7f:35:ba:68:1b:14:d2:f3:da:39:14:97:
+ e3:11:09:d8:4f:34:61:9d:b2:75:d6:73:ab:d9:eb:
+ ed:0e:e8:e5:7b:28:c6:9d:04:b1:ed:47:97:2b:d3:
+ 62:01:b3:83:e7:6c:c8:c7:11:82:f3:c8:c0:97:27:
+ 52:8d:54:da:42:98:fb
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 8B:85:13:8E:D2:D4:4D:3F:AE:DD:0D:38:D0:65:84:40:E9:2A:3F:02
+ X509v3 Authority Key Identifier:
+ keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6
+ DirName:/CN=USER OpenVPN CA
+ serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:30:28:fe:ea:a7:50:e0:71:a6:51:36:4e:19:42:f7:
+ 01:c4:d0:fd:a2:66:f3:4c:28:15:81:51:9d:75:33:88:3e:6e:
+ 96:02:e4:67:be:26:cf:05:81:18:c3:e6:96:7f:73:2a:02:31:
+ 00:fc:ea:f1:0c:28:55:3b:9e:d1:5f:46:c7:41:0f:da:48:c5:
+ a6:35:45:19:07:f1:ad:59:2a:ae:0b:60:c6:f3:7d:a8:af:4f:
+ 71:50:5d:bb:fb:a7:55:7c:6c:b2:ce:12:c4
+-----BEGIN CERTIFICATE-----
+MIICDDCCAZKgAwIBAgIRAKy2Sf3C47gcVCxmHwQS4bYwCgYIKoZIzj0EAwIwGjEY
+MBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDczMDEzMTYyNVoXDTIyMDcx
+NDEzMTYyNVowDzENMAsGA1UEAwwEcXFjczB2MBAGByqGSM49AgEGBSuBBAAiA2IA
+BErDpTA+NTCZNGhISAgFlsm0QMzlCYHjRweEWWNZ+MWSfzW6aBsU0vPaORSX4xEJ
+2E80YZ2yddZzq9nr7Q7o5Xsoxp0Ese1HlyvTYgGzg+dsyMcRgvPIwJcnUo1U2kKY
++6OBpjCBozAJBgNVHRMEAjAAMB0GA1UdDgQWBBSLhROO0tRNP67dDTjQZYRA6So/
+AjBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYGA1UE
+AwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DATBgNVHSUE
+DDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZIzj0EAwIDaAAwZQIwKP7q
+p1DgcaZRNk4ZQvcBxND9ombzTCgVgVGddTOIPm6WAuRnvibPBYEYw+aWf3MqAjEA
+/OrxDChVO57RX0bHQQ/aSMWmNUUZB/GtWSquC2DG832or09xUF27+6dVfGyyzhLE
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ f6:01:86:d6:4b:85:3a:3d:d9:f8:79:9f:b8:17:c3:01
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=USER OpenVPN CA
+ Validity
+ Not Before: Jul 30 13:15:29 2019 GMT
+ Not After : Jul 14 13:15:29 2022 GMT
+ Subject: CN=rrendek
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:ea:c4:ab:e1:24:42:91:06:17:73:d6:d9:87:17:
+ 29:a8:05:73:be:5a:54:38:3e:c9:dd:78:55:ca:e2:
+ 27:e6:44:1a:22:5b:3a:15:68:61:bf:ae:ce:05:a5:
+ c9:98:f7:a3:ff:0e:b9:db:8e:fc:15:ac:76:41:c8:
+ 6e:de:85:38:cb:1f:b1:98:41:df:4e:18:62:24:04:
+ 95:5a:16:6b:0b:fd:13:e3:26:8b:76:d3:9a:54:6c:
+ 9b:19:3c:55:de:d0:2e
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ D5:73:9E:FA:32:4C:D8:2A:E0:33:CF:15:F6:C0:D5:E9:56:5A:D0:EE
+ X509v3 Authority Key Identifier:
+ keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6
+ DirName:/CN=USER OpenVPN CA
+ serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:30:49:21:38:44:26:a9:96:15:98:29:c4:4f:04:25:
+ be:35:90:bc:44:00:60:0d:6a:f7:f8:d4:ed:58:ea:28:45:f2:
+ 99:33:d1:e3:2e:82:4e:04:bb:e5:27:10:ea:64:b8:83:02:31:
+ 00:c3:59:fe:dc:8a:a1:e4:d1:30:09:51:2a:d8:d2:76:af:dc:
+ 28:b2:d3:0d:ad:f3:19:91:b5:92:e6:8b:b4:77:d8:c3:87:f8:
+ 7b:39:94:ab:f2:c0:06:c1:c4:43:b8:0e:16
+-----BEGIN CERTIFICATE-----
+MIICDzCCAZWgAwIBAgIRAPYBhtZLhTo92fh5n7gXwwEwCgYIKoZIzj0EAwIwGjEY
+MBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDczMDEzMTUyOVoXDTIyMDcx
+NDEzMTUyOVowEjEQMA4GA1UEAwwHcnJlbmRlazB2MBAGByqGSM49AgEGBSuBBAAi
+A2IABOrEq+EkQpEGF3PW2YcXKagFc75aVDg+yd14VcriJ+ZEGiJbOhVoYb+uzgWl
+yZj3o/8OuduO/BWsdkHIbt6FOMsfsZhB304YYiQElVoWawv9E+Mmi3bTmlRsmxk8
+Vd7QLqOBpjCBozAJBgNVHRMEAjAAMB0GA1UdDgQWBBTVc576MkzYKuAzzxX2wNXp
+VlrQ7jBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG
+A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DATBgNV
+HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZIzj0EAwIDaAAwZQIw
+SSE4RCaplhWYKcRPBCW+NZC8RABgDWr3+NTtWOooRfKZM9HjLoJOBLvlJxDqZLiD
+AjEAw1n+3Iqh5NEwCVEq2NJ2r9wostMNrfMZkbWS5ou0d9jDh/h7OZSr8sAGwcRD
+uA4W
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ ab:51:7a:c1:c6:bf:8c:35:5c:a1:ea:62:5a:ca:67:84
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=USER OpenVPN CA
+ Validity
+ Not Before: Jul 30 13:04:35 2019 GMT
+ Not After : Jul 14 13:04:35 2022 GMT
+ Subject: CN=server
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:b9:1f:ea:83:e0:6a:e3:49:dd:a8:f5:06:17:33:
+ 4c:44:73:ac:46:01:33:eb:88:a3:12:d6:0a:aa:3b:
+ ee:6f:d3:75:69:19:f6:82:12:9d:23:17:3a:b9:fe:
+ 66:61:26:4c:46:db:d2:f9:5a:fc:a8:82:58:22:a8:
+ b7:fc:cb:fd:cc:3d:f1:e8:c9:19:39:f1:f3:d0:fb:
+ 73:b0:9f:77:53:9c:ff:35:b5:b5:c6:8d:ee:eb:66:
+ 0b:d1:70:d5:bb:a4:66
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 81:F8:B0:C6:7B:70:D8:D6:C9:E1:9D:B2:67:8B:3B:D8:21:1B:9A:B2
+ X509v3 Authority Key Identifier:
+ keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6
+ DirName:/CN=USER OpenVPN CA
+ serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:server
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:66:02:31:00:88:cf:12:d6:9c:fd:43:24:58:63:13:27:f1:
+ 44:0a:62:b0:b2:1d:0f:28:3d:50:d0:be:f2:ea:5e:d6:23:27:
+ ac:42:b3:67:2c:d3:8d:7d:19:15:ce:4a:7f:5e:cb:67:94:02:
+ 31:00:8a:f3:c3:f9:ce:f2:35:3a:5a:21:55:1c:d1:ec:80:fa:
+ ad:ef:9b:d9:7d:5c:33:55:f3:71:9c:6d:eb:68:15:ba:45:43:
+ 23:1c:83:7a:21:36:a0:4c:24:73:44:14:ef:ea
+-----BEGIN CERTIFICATE-----
+MIICIjCCAaegAwIBAgIRAKtResHGv4w1XKHqYlrKZ4QwCgYIKoZIzj0EAwIwGjEY
+MBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDczMDEzMDQzNVoXDTIyMDcx
+NDEzMDQzNVowETEPMA0GA1UEAwwGc2VydmVyMHYwEAYHKoZIzj0CAQYFK4EEACID
+YgAEuR/qg+Bq40ndqPUGFzNMRHOsRgEz64ijEtYKqjvub9N1aRn2ghKdIxc6uf5m
+YSZMRtvS+Vr8qIJYIqi3/Mv9zD3x6MkZOfHz0PtzsJ93U5z/NbW1xo3u62YL0XDV
+u6Rmo4G5MIG2MAkGA1UdEwQCMAAwHQYDVR0OBBYEFIH4sMZ7cNjWyeGdsmeLO9gh
+G5qyMFUGA1UdIwROMEyAFNs3R6KQIpp8I/kxYujJXtFlRhnWoR6kHDAaMRgwFgYD
+VQQDDA9VU0VSIE9wZW5WUE4gQ0GCFBaTN7IstO48pkr0ROVtygOUoGnsMBMGA1Ud
+JQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIFoDARBgNVHREECjAIggZzZXJ2ZXIw
+CgYIKoZIzj0EAwIDaQAwZgIxAIjPEtac/UMkWGMTJ/FECmKwsh0PKD1Q0L7y6l7W
+IyesQrNnLNONfRkVzkp/XstnlAIxAIrzw/nO8jU6WiFVHNHsgPqt75vZfVwzVfNx
+nG3raBW6RUMjHIN6ITagTCRzRBTv6g==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ b5:63:ff:7c:ff:87:23:f8:fd:6c:cd:82:85:1f:fa:31
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=USER OpenVPN CA
+ Validity
+ Not Before: Mar 26 10:41:42 2020 GMT
+ Not After : Mar 11 10:41:42 2023 GMT
+ Subject: CN=thering
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:18:e6:74:25:a4:09:6a:83:9f:bc:71:e8:8e:c1:
+ 44:73:6c:60:17:3a:29:a4:11:40:94:9d:ad:aa:f4:
+ 37:03:cc:83:a7:28:5b:58:c8:0b:40:bf:ec:c8:83:
+ 6e:41:db:56:24:37:56:7f:ba:25:57:09:76:82:27:
+ 45:93:e9:65:25:aa:55:f1:cb:48:d8:8b:d2:65:dc:
+ 8e:51:71:e8:60:d1:2e:88:34:f4:d1:f3:c2:81:3a:
+ 36:9a:9c:08:7f:ac:c7
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ DE:BA:42:67:DA:26:9A:79:0C:E4:D7:AB:BA:DA:0A:02:71:D0:48:FE
+ X509v3 Authority Key Identifier:
+ keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6
+ DirName:/CN=USER OpenVPN CA
+ serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:31:00:87:c1:1b:d1:15:d9:85:62:f9:58:ff:0b:30:
+ a0:3b:c7:31:ca:46:0c:71:0c:55:9d:83:a3:a9:32:93:94:7a:
+ 6b:b4:54:e2:a3:e6:be:de:aa:29:bc:77:a7:9e:1b:cc:6f:02:
+ 30:66:a5:9a:15:42:7f:e4:ad:00:be:0b:73:70:20:1b:c1:65:
+ 40:15:22:28:51:8a:d1:7a:06:3a:50:2c:d2:56:0d:48:2c:7a:
+ f4:b1:63:3e:ac:7f:01:c8:ac:bc:04:ce:b9
+-----BEGIN CERTIFICATE-----
+MIICDzCCAZWgAwIBAgIRALVj/3z/hyP4/WzNgoUf+jEwCgYIKoZIzj0EAwIwGjEY
+MBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTIwMDMyNjEwNDE0MloXDTIzMDMx
+MTEwNDE0MlowEjEQMA4GA1UEAwwHdGhlcmluZzB2MBAGByqGSM49AgEGBSuBBAAi
+A2IABBjmdCWkCWqDn7xx6I7BRHNsYBc6KaQRQJSdrar0NwPMg6coW1jIC0C/7MiD
+bkHbViQ3Vn+6JVcJdoInRZPpZSWqVfHLSNiL0mXcjlFx6GDRLog09NHzwoE6Npqc
+CH+sx6OBpjCBozAJBgNVHRMEAjAAMB0GA1UdDgQWBBTeukJn2iaaeQzk16u62goC
+cdBI/jBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG
+A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DATBgNV
+HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZIzj0EAwIDaAAwZQIx
+AIfBG9EV2YVi+Vj/CzCgO8cxykYMcQxVnYOjqTKTlHprtFTio+a+3qopvHennhvM
+bwIwZqWaFUJ/5K0AvgtzcCAbwWVAFSIoUYrRegY6UCzSVg1ILHr0sWM+rH8ByKy8
+BM65
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 4b:df:84:b3:7b:17:ce:e1:09:87:9b:67:05:4b:27:91
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=USER OpenVPN CA
+ Validity
+ Not Before: Jul 30 13:15:51 2019 GMT
+ Not After : Jul 14 13:15:51 2022 GMT
+ Subject: CN=tsuhajda
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:6a:52:47:b4:82:6f:88:07:39:d2:55:37:5b:de:
+ e8:37:fd:12:c8:2e:2a:c5:b4:9b:54:cf:2b:7c:73:
+ dd:9c:89:37:d7:a9:09:50:11:bb:ae:8e:8d:3f:e7:
+ d0:c9:7e:89:f5:7f:29:28:2d:d6:49:5b:69:b9:47:
+ da:82:87:1e:a9:e8:7a:98:e2:fe:2b:b6:b0:c2:fd:
+ aa:18:af:c3:d5:b0:c3:51:8b:77:8e:4d:68:60:47:
+ 41:28:4d:30:81:4d:7c
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 60:FA:D3:CB:9A:38:0E:08:58:0C:11:BB:A1:C8:18:FB:36:31:2A:67
+ X509v3 Authority Key Identifier:
+ keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6
+ DirName:/CN=USER OpenVPN CA
+ serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:66:02:31:00:c2:3b:36:d4:ec:38:f3:3f:11:b3:74:6b:34:
+ 27:2f:bd:77:41:c1:20:55:e8:39:b5:1b:ad:04:a1:ab:ca:19:
+ 1e:31:6f:32:4e:12:80:f9:c9:fc:96:f4:7b:81:34:87:07:02:
+ 31:00:92:a4:26:4c:73:29:b6:4f:be:37:a7:98:50:33:4f:10:
+ cd:f2:a0:2d:e6:f1:dd:18:7e:0a:51:1d:81:36:5a:36:3c:17:
+ f8:d3:2c:cb:c1:16:5d:38:1d:57:97:9a:be:69
+-----BEGIN CERTIFICATE-----
+MIICEDCCAZWgAwIBAgIQS9+Es3sXzuEJh5tnBUsnkTAKBggqhkjOPQQDAjAaMRgw
+FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNTUxWhcNMjIwNzE0
+MTMxNTUxWjATMREwDwYDVQQDDAh0c3VoYWpkYTB2MBAGByqGSM49AgEGBSuBBAAi
+A2IABGpSR7SCb4gHOdJVN1ve6Df9EsguKsW0m1TPK3xz3ZyJN9epCVARu66OjT/n
+0Ml+ifV/KSgt1klbablH2oKHHqnoepji/iu2sML9qhivw9Www1GLd45NaGBHQShN
+MIFNfKOBpjCBozAJBgNVHRMEAjAAMB0GA1UdDgQWBBRg+tPLmjgOCFgMEbuhyBj7
+NjEqZzBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG
+A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DATBgNV
+HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZIzj0EAwIDaQAwZgIx
+AMI7NtTsOPM/EbN0azQnL713QcEgVeg5tRutBKGryhkeMW8yThKA+cn8lvR7gTSH
+BwIxAJKkJkxzKbZPvjenmFAzTxDN8qAt5vHdGH4KUR2BNlo2PBf40yzLwRZdOB1X
+l5q+aQ==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 6b:9d:83:08:3d:87:cc:88:0a:de:bc:cd:3b:5c:ef:4d
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=USER OpenVPN CA
+ Validity
+ Not Before: Jul 30 13:16:02 2019 GMT
+ Not After : Jul 14 13:16:02 2022 GMT
+ Subject: CN=zbartakovics
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:0f:68:0b:c6:8e:81:3c:ef:a7:cb:71:84:f3:84:
+ 12:e5:9c:28:13:15:e1:ab:bf:2f:92:3c:db:40:2c:
+ e5:f7:c9:61:94:d2:23:08:10:75:53:7a:ec:39:3c:
+ a1:9c:d3:73:0e:79:db:4c:15:94:77:11:a4:30:e2:
+ bc:73:fa:66:0e:17:90:e2:a3:4c:17:82:41:87:c2:
+ 94:8a:c3:28:47:40:76:76:59:c7:16:47:07:8b:ec:
+ dd:22:6c:3c:af:26:25
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 36:50:AD:4A:3A:69:D8:C0:00:F4:3C:7C:FF:B0:7D:E2:94:B9:7C:8A
+ X509v3 Authority Key Identifier:
+ keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6
+ DirName:/CN=USER OpenVPN CA
+ serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:64:02:30:7e:1a:02:39:9f:2d:c8:dd:5b:4a:2b:9a:2e:61:
+ 60:a5:e2:60:92:29:d4:7e:f2:32:5a:be:90:72:89:42:1a:74:
+ 74:72:c3:e8:32:0b:63:82:52:65:fa:2f:b3:13:4f:16:02:30:
+ 1e:a0:79:e7:55:d1:45:54:97:8d:a0:fb:50:ce:47:b0:1f:d0:
+ 78:47:21:dc:21:d1:7d:f4:1a:da:48:55:fc:43:ce:28:ae:b9:
+ 96:c0:72:2b:29:e4:61:b7:6b:9a:b2:92
+-----BEGIN CERTIFICATE-----
+MIICEjCCAZmgAwIBAgIQa52DCD2HzIgK3rzNO1zvTTAKBggqhkjOPQQDAjAaMRgw
+FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNjAyWhcNMjIwNzE0
+MTMxNjAyWjAXMRUwEwYDVQQDDAx6YmFydGFrb3ZpY3MwdjAQBgcqhkjOPQIBBgUr
+gQQAIgNiAAQPaAvGjoE876fLcYTzhBLlnCgTFeGrvy+SPNtALOX3yWGU0iMIEHVT
+euw5PKGc03MOedtMFZR3EaQw4rxz+mYOF5Dio0wXgkGHwpSKwyhHQHZ2WccWRweL
+7N0ibDyvJiWjgaYwgaMwCQYDVR0TBAIwADAdBgNVHQ4EFgQUNlCtSjpp2MAA9Dx8
+/7B94pS5fIowVQYDVR0jBE4wTIAU2zdHopAimnwj+TFi6Mle0WVGGdahHqQcMBox
+GDAWBgNVBAMMD1VTRVIgT3BlblZQTiBDQYIUFpM3siy07jymSvRE5W3KA5Sgaeww
+EwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMCA2cA
+MGQCMH4aAjmfLcjdW0ormi5hYKXiYJIp1H7yMlq+kHKJQhp0dHLD6DILY4JSZfov
+sxNPFgIwHqB551XRRVSXjaD7UM5HsB/QeEch3CHRffQa2khV/EPOKK65lsByKynk
+YbdrmrKS
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 34:13:80:3e:21:7f:3b:dd:0a:af:d5:cb:0d:17:4b:3c
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=USER OpenVPN CA
+ Validity
+ Not Before: Jul 30 13:16:17 2019 GMT
+ Not After : Jul 14 13:16:17 2022 GMT
+ Subject: CN=zfelleg
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:83:a4:95:4c:f4:18:92:47:f1:fe:26:d4:2c:3a:
+ a1:65:73:7b:ef:cd:26:ef:dc:d7:7a:dc:95:9a:8b:
+ 66:3f:e9:c9:2e:f6:ac:0a:0e:a1:8f:bd:a5:00:42:
+ 3a:30:03:9c:0a:5b:4a:c3:3c:bc:62:05:60:37:36:
+ 99:e4:e7:27:2d:ae:a9:c1:a2:57:35:8e:d2:59:77:
+ 29:16:64:50:94:16:ca:1a:19:31:1a:83:8c:41:07:
+ 7f:7d:e7:fc:98:80:73
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 40:51:B5:0A:53:CE:54:25:34:5C:DC:E5:70:74:B3:6F:D4:D3:01:84
+ X509v3 Authority Key Identifier:
+ keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6
+ DirName:/CN=USER OpenVPN CA
+ serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:30:7e:24:b4:72:c8:67:13:4f:a0:ba:09:76:d0:33:
+ 36:35:d4:d0:df:e7:a5:25:25:af:ce:36:67:42:22:bf:42:fb:
+ ab:96:52:73:c1:b2:a0:58:3a:90:b1:8a:78:70:eb:c9:02:31:
+ 00:d9:4a:41:83:7a:5d:1b:6c:e2:d0:2d:b7:c3:b9:b7:11:26:
+ 90:fa:9c:cb:20:e6:c4:cf:06:65:8b:8e:6b:00:c7:ec:77:f0:
+ 85:75:17:58:0b:ef:06:8b:13:0b:57:61:25
+-----BEGIN CERTIFICATE-----
+MIICDjCCAZSgAwIBAgIQNBOAPiF/O90Kr9XLDRdLPDAKBggqhkjOPQQDAjAaMRgw
+FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNjE3WhcNMjIwNzE0
+MTMxNjE3WjASMRAwDgYDVQQDDAd6ZmVsbGVnMHYwEAYHKoZIzj0CAQYFK4EEACID
+YgAEg6SVTPQYkkfx/ibULDqhZXN7780m79zXetyVmotmP+nJLvasCg6hj72lAEI6
+MAOcCltKwzy8YgVgNzaZ5OcnLa6pwaJXNY7SWXcpFmRQlBbKGhkxGoOMQQd/fef8
+mIBzo4GmMIGjMAkGA1UdEwQCMAAwHQYDVR0OBBYEFEBRtQpTzlQlNFzc5XB0s2/U
+0wGEMFUGA1UdIwROMEyAFNs3R6KQIpp8I/kxYujJXtFlRhnWoR6kHDAaMRgwFgYD
+VQQDDA9VU0VSIE9wZW5WUE4gQ0GCFBaTN7IstO48pkr0ROVtygOUoGnsMBMGA1Ud
+JQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjOPQQDAgNoADBlAjB+
+JLRyyGcTT6C6CXbQMzY11NDf56UlJa/ONmdCIr9C+6uWUnPBsqBYOpCxinhw68kC
+MQDZSkGDel0bbOLQLbfDubcRJpD6nMsg5sTPBmWLjmsAx+x38IV1F1gL7waLEwtX
+YSU=
+-----END CERTIFICATE-----
--- /dev/null
+# For use with Easy-RSA 3.1 and OpenSSL or LibreSSL
+
+RANDFILE = $ENV::EASYRSA_PKI/.rnd
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = $ENV::EASYRSA_PKI # Where everything is kept
+certs = $dir # Where the issued certs are kept
+crl_dir = $dir # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+new_certs_dir = $dir/certs_by_serial # default place for new certs.
+
+certificate = $dir/ca.crt # The CA certificate
+serial = $dir/serial # The current serial number
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/ca.key # The private key
+RANDFILE = $dir/.rand # private random number file
+
+x509_extensions = basic_exts # The extentions to add to the cert
+
+# This allows a V2 CRL. Ancient browsers don't like it, but anything Easy-RSA
+# is designed for will. In return, we get the Issuer attached to CRLs.
+crl_extensions = crl_ext
+
+default_days = $ENV::EASYRSA_CERT_EXPIRE # how long to certify for
+default_crl_days= $ENV::EASYRSA_CRL_DAYS # how long before next CRL
+default_md = $ENV::EASYRSA_DIGEST # use public key default MD
+preserve = no # keep passed DN ordering
+
+# This allows to renew certificates which have not been revoked
+unique_subject = no
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_anything
+
+# For the 'anything' policy, which defines allowed DN fields
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+name = optional
+emailAddress = optional
+
+####################################################################
+# Easy-RSA request handling
+# We key off $DN_MODE to determine how to format the DN
+[ req ]
+default_bits = $ENV::EASYRSA_KEY_SIZE
+default_keyfile = privkey.pem
+default_md = $ENV::EASYRSA_DIGEST
+distinguished_name = $ENV::EASYRSA_DN
+x509_extensions = easyrsa_ca # The extentions to add to the self signed cert
+
+# A placeholder to handle the $EXTRA_EXTS feature:
+#%EXTRA_EXTS% # Do NOT remove or change this line as $EXTRA_EXTS support requires it
+
+####################################################################
+# Easy-RSA DN (Subject) handling
+
+# Easy-RSA DN for cn_only support:
+[ cn_only ]
+commonName = Common Name (eg: your user, host, or server name)
+commonName_max = 64
+commonName_default = $ENV::EASYRSA_REQ_CN
+
+# Easy-RSA DN for org support:
+[ org ]
+countryName = Country Name (2 letter code)
+countryName_default = $ENV::EASYRSA_REQ_COUNTRY
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = $ENV::EASYRSA_REQ_PROVINCE
+
+localityName = Locality Name (eg, city)
+localityName_default = $ENV::EASYRSA_REQ_CITY
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = $ENV::EASYRSA_REQ_ORG
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+organizationalUnitName_default = $ENV::EASYRSA_REQ_OU
+
+commonName = Common Name (eg: your user, host, or server name)
+commonName_max = 64
+commonName_default = $ENV::EASYRSA_REQ_CN
+
+emailAddress = Email Address
+emailAddress_default = $ENV::EASYRSA_REQ_EMAIL
+emailAddress_max = 64
+
+####################################################################
+# Easy-RSA cert extension handling
+
+# This section is effectively unused as the main script sets extensions
+# dynamically. This core section is left to support the odd usecase where
+# a user calls openssl directly.
+[ basic_exts ]
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+
+# The Easy-RSA CA extensions
+[ easyrsa_ca ]
+
+# PKIX recommendations:
+
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This could be marked critical, but it's nice to support reading by any
+# broken clients who attempt to do so.
+basicConstraints = CA:true
+
+# Limit key usage to CA tasks. If you really want to use the generated pair as
+# a self-signed cert, comment this out.
+keyUsage = cRLSign, keyCertSign
+
+# nsCertType omitted by default. Let's try to let the deprecated stuff die.
+# nsCertType = sslCA
+
+# CRL extensions.
+[ crl_ext ]
+
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAAawl07oNQMZCfcl3T
+oCd6VLq2esm4lDOpS6pk79zJuxrVrgWXWZ3DJdVPE939ZZyhZANiAASX1ImCDBut
+xEvdTBml9dg8Qp3SsA2ebKaoYpq//XiddvQCrVGflxJZvMGjoBc1di906rnTcks1
+lEDzfrUcr1HRtNN6aT1/HlGX/uNK7AHG6YnpjreUo3ISbmbFot6tJ+I=
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDVEmbLHw/XijB+525e
+66kG1MP6JphJr44lPXVQvIujmajoE+MTm78fNuiGTdATr9uhZANiAAQ0DfMO5gVp
+8yR97xkMzgS9JDTjjOUrfj9wOVWbLnP6xk5EQpVpghOFmGNaJdwcsjKclwG1+8Td
+WQWKq7bBshMDCuOL5+piwXEbTyB0nAvfRlZsA9WM2EwC6W5iOh+zDro=
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDW2V2Xoel5TxZHAr05
+sZS3frZowpcmgSGHc5yQagP0O0qR6qZFC78bee0wsOy/fG2hZANiAASnlb9sjg80
+nMoUizNNgFWYHhDD6YR/ck3yYWhwWcdvbQLEIs9YgOc1GG7uEf4pAcPqeYWD5gxv
+xdh/n9VVJ3uoFxQtlOXEpJ+suDgCwEFaGopj5cNSJ2JXCxRrNsyOUT8=
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDGOiNJILhTWN7SPHdY
+gpwEUN8RoQ0ZNV1vZGV8yKqoQbfc58QwZ7b1HLT95z79oeuhZANiAASG011uvj6R
+kNejLNJqKk+7zVJORlsbYPDLqlu0iHH0cQDkuMt0zridwf1caacoZiFDEUo1Bssc
+Vws3m/EveCrSHQFJZnEldHQOvpN1QGzLCoEOI3y3+Zvh0MTSHG3ayvI=
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN EC PRIVATE KEY-----
+MIGkAgEBBDA3vz1kTnTJw5rUdKXLe+731c2Q/jGtdnPZzYmi5D3MpQSzeH9DoOQx
+fWsPZKD3sXSgBwYFK4EEACKhZANiAAR/RWndZQ7I3I1p1tXTBdHE3CzdV+PQO0s5
+ZL4+oeempBEMOiJfRWA/bZQ97Bh0EzQb7ytjr1Xv9PQjZzUw7F6EQmnDMO2s9LBY
+UhiWi+GtObloJcVa/sSaNzaXN9/vv3o=
+-----END EC PRIVATE KEY-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDByGpeF+ILcYFWX4cH9
+SxRUvZUkSb1ejVW5jVjfr8UyyfDaAR35ZNCZ1JLgdSWC0g2hZANiAASCA5Gt53a3
+jVGGbczjFZFsrDHnbeFEDcMplXxe4eg3qgD2R3QY5yiQlRZsCOKf1yRVRiIcGZ8G
+S5uOlktdu8CtNVoGcxA2Mh2J5rGe82INj4VwckxISkfw+uv2e5x/qHo=
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBcc3FEyoXLKwyy5rTO
+jo9SMOdGwdkwZFGBHDUYB65z/JrmvW6ArIv/XuYS3eCOg3mhZANiAARL1OFPp1se
+xH1AJxnevMx4a1qGE0jEwEAJTh3NtPCNFC5EfI4te3UnAMSbXHEdNf/2kQHiPyJN
+9FlF5IVhojC7f45/htt5etphAHI9YAs6e9OOQ9Uh+eXvAQJIDqoH4N8=
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAiHqPToF5VeW4qNuAu
+JwWSuOhHA5ZoB1jVj28Cxtnd2nbtrVwpIKlKOMiQy4WhyoKhZANiAATCdypXAXvZ
+C+DgaX4q3wW4kU5QUelSvaX6Aa1iCmkQgm+qhGQzcdmWypwFztkTmbDZ1U3ZGkOM
+QdXnCq6SbPZ/v3O2/72ku/zZDDYN4vR4JLvNrOkE1pylK87XDoWFEPE=
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBlosRzur9E4uOwMzTj
+/x+I2VSe0jDyJr/CDV50ElawBO6bEvw4a5m2HjNW7HcAF4yhZANiAASDT1F78TDc
+diXbIf0Rijn8b0oP9TidjjwYw+K5mn7YJZ1p8UDyHPi9fJjpHYZ40NV7seaKy0Tp
+QmxhxNkyxRbwdnGQWA8T9MsBAmj6uz7LJEfihy3yxtlfuBbeR6q/AmU=
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDaUFU/AcO1aLWRrpXF
+pdIp3a8bUuIn0Sf/p2z+xd96uy8q/k4ldwJuAFpDqIWU7EehZANiAAQBFmGaKZsA
+NMbY0DGH5yz9en7gbvcmGmJ/1H2qjQ6DvcJRjMs0Kz0EQE8sb4uGm3/eonmkCgNM
+cHE0uvb40eiSGDLWeD1dKVxwoLaAfyHiYwlXwUb9m9l6KrgT8veDzDI=
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDJrT8LYg3Z3J0bN6Zo
+Hu+9iFCXEwyBg21YcYlkT+Ugp2+VCgT27UByvVcOCBWffvGhZANiAATBZnE3u/W2
+LLCg1oyFLDEo0V7WI3Gut295ElB6tWzu66CpmxrV811y/c3xDSM/bkR7H8mKHvtR
+reK/yBIN0HoR3u7CbgavZ8dRE4zPdZ+pgELynFp4rylX37DB1tY7QmA=
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBJtymPakZLlMwR+KYJ
+QWARrF1lWXrsteVeTa36Rx5Hj/VVVvDBIdnd6jJ8ZYtFkP6hZANiAAS6ZZRnCDSG
+xw+UAF/iOFueKV92eodDWzekRKs5cr43Dj/FulWLbL0i7XRUiKIc7PgkNz+zsuNW
+DuWBy+9IHeXqH2dRXyCLL6r+/o7UvpEolLbMBHSQcpAQoHxCouNMf0k=
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCHVXyxB2Mu+VF6/KPn
+CMn4rSmKCw0bg6ui1SzGZj+A8F334h0AnMFdygwAWFFwjI+hZANiAAQQ0KJoZupA
+NvOdE+K854eS1Mry5hOpC9CSt6Ak8OTOaQjk4sBm4CoqeQbj1DPoa5Sn+3Ga55qh
++Ro7KD87DJlfLs8XmGAQFiLDH35hYpeFNgoK6SYOdsOIuI7kgHhStZw=
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDC6hDj7GpCg6mhd+Ih0
+NNNHxi0brgmGC0T53l8asSES2Af/Ot8NgmKXCLncufiW/DyhZANiAAQWw8xMGZHm
+s1OJfXoerleJUhnX5cfQaHSmDZLpCeeBXhEC6oeJIOdXscpEts9fAVhzlIk6Cmf6
+n8jJFo3ncnWUjVLe8Q9HoxWDw81nyBSvsvVjCAwl1dUKuvubD9/gRbQ=
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCZCcP1YRtj97FZBxtE
+5Axn4mV2pTI/8RH0/SBivyOK4NsnVPQeiXI1XOBgXKRafIWhZANiAAQK6O35GvW2
+F9df/56cHh0RzxJ/ARHKorHgtbwwa1z/XtIGK1WpD1U6ru6mXnQN9kO2pB0XKw+H
+e8I5Rx3n++Rk0QBguxzr4ECCjXcJhdEcN8g+1WRRDx1xcQQ6IWyiVzY=
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDlaHtUEb8WUjje5qw7
+TWC4QX2Cpc2Cp9yZfsw2l18Iz5G/fwCCzsYbfOstnZyIiJahZANiAATU3vBK9KCK
+vVKXh8D1KId9e0zzPRO+a/ZhI/iR/SpZ2zgu7NZdIcK54Iw4Nsm7LPmH88VTKNGU
+A9MkwPqVsxlKQpWUIhFPguq/FkJCkPGe6WhILrnbcb5ISusGYWNzdxg=
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBJVj3xLzZDW0wggPR3
+JPZUDXSKsfeXT+1IyjY7IKpB0Ku+jIOzCt1ma3S4iUK/F4ChZANiAARKw6UwPjUw
+mTRoSEgIBZbJtEDM5QmB40cHhFljWfjFkn81umgbFNLz2jkUl+MRCdhPNGGdsnXW
+c6vZ6+0O6OV7KMadBLHtR5cr02IBs4PnbMjHEYLzyMCXJ1KNVNpCmPs=
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCsxtcmrcd9xqynDZ3a
+foxPCtPVy9dGZ9GYZY0umi1aXddSZmTQLis9HcQZsg6fqpuhZANiAATqxKvhJEKR
+Bhdz1tmHFymoBXO+WlQ4PsndeFXK4ifmRBoiWzoVaGG/rs4FpcmY96P/DrnbjvwV
+rHZByG7ehTjLH7GYQd9OGGIkBJVaFmsL/RPjJot205pUbJsZPFXe0C4=
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAxKh8kZwIH7ORp/VMB
+sKaPF30JqoD2BfBnnsKIMk9tVLvGYQuBZPfOhIEejfuiT1mhZANiAAS5H+qD4Grj
+Sd2o9QYXM0xEc6xGATPriKMS1gqqO+5v03VpGfaCEp0jFzq5/mZhJkxG29L5Wvyo
+glgiqLf8y/3MPfHoyRk58fPQ+3Own3dTnP81tbXGje7rZgvRcNW7pGY=
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCboZiI4T9fQqhuUhZ1
+lsZw4yXdJ5COxryQGbWBWZanAdbF2JG/wNgYVcYHmU+IpEyhZANiAAQY5nQlpAlq
+g5+8ceiOwURzbGAXOimkEUCUna2q9DcDzIOnKFtYyAtAv+zIg25B21YkN1Z/uiVX
+CXaCJ0WT6WUlqlXxy0jYi9Jl3I5Rcehg0S6INPTR88KBOjaanAh/rMc=
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDA3FfCdgRHmr7R09vcV
+oMIHICl1w6SEHkvJWvu/kgBvfUTDa+8xO6TcfLj3bcN7SUKhZANiAARqUke0gm+I
+BznSVTdb3ug3/RLILirFtJtUzyt8c92ciTfXqQlQEbuujo0/59DJfon1fykoLdZJ
+W2m5R9qChx6p6HqY4v4rtrDC/aoYr8PVsMNRi3eOTWhgR0EoTTCBTXw=
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDA0fa139CTqeLKWJaqU
+GKH5EIpDoFGwek9AW9Td5BTuYxpTREQwi3vMbEZ4sULZI2ehZANiAAQPaAvGjoE8
+76fLcYTzhBLlnCgTFeGrvy+SPNtALOX3yWGU0iMIEHVTeuw5PKGc03MOedtMFZR3
+EaQw4rxz+mYOF5Dio0wXgkGHwpSKwyhHQHZ2WccWRweL7N0ibDyvJiU=
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDrR6bejMZ+YEKPLqFW
+EcqqktxOsksvQB6WL0olu99MczjNpHbWRJdzF0b1CxYYTKChZANiAASDpJVM9BiS
+R/H+JtQsOqFlc3vvzSbv3Nd63JWai2Y/6cku9qwKDqGPvaUAQjowA5wKW0rDPLxi
+BWA3Npnk5yctrqnBolc1jtJZdykWZFCUFsoaGTEag4xBB3995/yYgHM=
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBEDCBlgIBADAXMRUwEwYDVQQDDAxha29zenRvbGFueWkwdjAQBgcqhkjOPQIB
+BgUrgQQAIgNiAASX1ImCDButxEvdTBml9dg8Qp3SsA2ebKaoYpq//XiddvQCrVGf
+lxJZvMGjoBc1di906rnTcks1lEDzfrUcr1HRtNN6aT1/HlGX/uNK7AHG6YnpjreU
+o3ISbmbFot6tJ+KgADAKBggqhkjOPQQDAgNpADBmAjEA9b9s6OwjKnzMIMxDIDp7
+oUEmxZkKTd/qnF1rLkGMkEqPR1BtjmTQ0VCmiqqFHE78AjEAv2QzGitc04jGM9qN
++usRbImaeg6z0raTPfqLyMWm6nnBY8uSUU6v4+3QN71cRK9Q
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBDTCBkwIBADAUMRIwEAYDVQQDDAlhenNhbWJva2kwdjAQBgcqhkjOPQIBBgUr
+gQQAIgNiAAQ0DfMO5gVp8yR97xkMzgS9JDTjjOUrfj9wOVWbLnP6xk5EQpVpghOF
+mGNaJdwcsjKclwG1+8TdWQWKq7bBshMDCuOL5+piwXEbTyB0nAvfRlZsA9WM2EwC
+6W5iOh+zDrqgADAKBggqhkjOPQQDAgNpADBmAjEAiHN5e892//rYy9BnKTBTQC2J
+TzqUkavZbFxD5mw0lMNSdPH+h1NStxXieQFf2SylAjEAjz34uHonL001gQgmvGab
+31SogblGs9rlmN3nbHnQqOFMufbEhjlv4DRDrkEUyENY
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBCjCBkAIBADARMQ8wDQYDVQQDDAZiY3Nva2EwdjAQBgcqhkjOPQIBBgUrgQQA
+IgNiAASnlb9sjg80nMoUizNNgFWYHhDD6YR/ck3yYWhwWcdvbQLEIs9YgOc1GG7u
+Ef4pAcPqeYWD5gxvxdh/n9VVJ3uoFxQtlOXEpJ+suDgCwEFaGopj5cNSJ2JXCxRr
+NsyOUT+gADAKBggqhkjOPQQDAgNpADBmAjEAwjmYAhasFVT6Lq4gGkMn4U1sz/9q
+fcKAwjgYttqn0Ua3aerak8JkHZmInKqhACx8AjEAmdWK89Q64CZvB1GiN6BAfRo6
+OSbxdsrK9tZF+ZwwGqoQtdzMndk3C8nVKzUq6pRM
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBBjCBjQIBADAOMQwwCgYDVQQDDANibWUwdjAQBgcqhkjOPQIBBgUrgQQAIgNi
+AASG011uvj6RkNejLNJqKk+7zVJORlsbYPDLqlu0iHH0cQDkuMt0zridwf1caaco
+ZiFDEUo1BsscVws3m/EveCrSHQFJZnEldHQOvpN1QGzLCoEOI3y3+Zvh0MTSHG3a
+yvKgADAKBggqhkjOPQQDAgNoADBlAjAoEqLeEaWwBS6VbzcFoWGufgr14IuWII3H
+CFQDf5mztT88Dbx+uPlZ3CpHUqHMDO8CMQCPOOmlAUz4AlATmoyuE8Ey7JVEqMxX
+Z82izTz2dCDKQYaY4JpVJhrtkR6L7M5rvyg=
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBCzCBkgIBADATMREwDwYDVQQDDAhjc2d1bHlhczB2MBAGByqGSM49AgEGBSuB
+BAAiA2IABIIDka3ndreNUYZtzOMVkWysMedt4UQNwymVfF7h6DeqAPZHdBjnKJCV
+FmwI4p/XJFVGIhwZnwZLm46WS127wK01WgZzEDYyHYnmsZ7zYg2PhXByTEhKR/D6
+6/Z7nH+oeqAAMAoGCCqGSM49BAMCA2gAMGUCMQCRn3Yv+/MqzS4M2I0Z8+BQU4PP
+r8IhvDBMeycOF7kbsUhg1p//ai8lcRM+GME5dzsCMD62uS2r1aCZkFRlYP82B5PH
+LxrohmLJIPjb7bxJ89S4JF0FlkvRO9jSaGa7wj5FiA==
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBCjCBkQIBADASMRAwDgYDVQQDDAdjc2xldmFpMHYwEAYHKoZIzj0CAQYFK4EE
+ACIDYgAES9ThT6dbHsR9QCcZ3rzMeGtahhNIxMBACU4dzbTwjRQuRHyOLXt1JwDE
+m1xxHTX/9pEB4j8iTfRZReSFYaIwu3+Of4bbeXraYQByPWALOnvTjkPVIfnl7wEC
+SA6qB+DfoAAwCgYIKoZIzj0EAwIDaAAwZQIwNeJETbz7Dat7wMfmHtx9Pv0jh8C4
+YodGVagDeEUqF3infv2UyBZcIbCyEPV1mFFhAjEA5hWnL38pc1lZjaNCnVRZmRWQ
+3Ex5dlmifgYarn0mYzPkDWMzTsSdzwNGJ7OmKe8p
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBCjCBkgIBADATMREwDwYDVQQDDAhkaG9ydmF0aDB2MBAGByqGSM49AgEGBSuB
+BAAiA2IABMJ3KlcBe9kL4OBpfirfBbiRTlBR6VK9pfoBrWIKaRCCb6qEZDNx2ZbK
+nAXO2ROZsNnVTdkaQ4xB1ecKrpJs9n+/c7b/vaS7/NkMNg3i9Hgku82s6QTWnKUr
+ztcOhYUQ8aAAMAoGCCqGSM49BAMCA2cAMGQCMBEnuVtyHrzWaRjKbPnZ0QtctxoE
+drQ3vda///knPl0W/HPqmdkp2t1oPfbMCYZi9gIwTC/4kV1Fs35Y1diGh6zMAQnH
+JqBRXkU4Hzq8wf5hB8d2rlGTeKllFhtLED2l8SHn
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBCjCBkQIBADASMRAwDgYDVQQDDAdkdmFzYXJ5MHYwEAYHKoZIzj0CAQYFK4EE
+ACIDYgAEg09Re/Ew3HYl2yH9EYo5/G9KD/U4nY48GMPiuZp+2CWdafFA8hz4vXyY
+6R2GeNDVe7HmistE6UJsYcTZMsUW8HZxkFgPE/TLAQJo+rs+yyRH4oct8sbZX7gW
+3keqvwJloAAwCgYIKoZIzj0EAwIDaAAwZQIwDWGTqyuFxTU89a8QFmWFhnl98LAK
+E6NmA5PtTd5jpFHIXReIRr3hSQooV1rSGVPhAjEAtdPDlua5HNE4BNHH0bAKmEXa
+3nDHf5bW7ni58J4cLvwED/pVd6iOgqG4dA4S+qi2
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBCzCBkQIBADASMRAwDgYDVQQDDAdmcml0dGVyMHYwEAYHKoZIzj0CAQYFK4EE
+ACIDYgAEARZhmimbADTG2NAxh+cs/Xp+4G73Jhpif9R9qo0Og73CUYzLNCs9BEBP
+LG+Lhpt/3qJ5pAoDTHBxNLr2+NHokhgy1ng9XSlccKC2gH8h4mMJV8FG/ZvZeiq4
+E/L3g8wyoAAwCgYIKoZIzj0EAwIDaQAwZgIxAKqfCt8f45Cqbn0WnXE6MhQ1JxKj
+QHAB75GEZ2u+Vpe0gnqlZh0S6GQxGhAsBMmtCAIxAKLdxowosLANPnPNGIkClJcI
+C1L9r5AUWLA3E5hlEDDfc6V1XzYGPjwK1sVKsVSQtg==
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBDDCBkgIBADATMREwDwYDVQQDDAhmc2NobmVsbDB2MBAGByqGSM49AgEGBSuB
+BAAiA2IABMFmcTe79bYssKDWjIUsMSjRXtYjca63b3kSUHq1bO7roKmbGtXzXXL9
+zfENIz9uRHsfyYoe+1Gt4r/IEg3QehHe7sJuBq9nx1ETjM91n6mAQvKcWnivKVff
+sMHW1jtCYKAAMAoGCCqGSM49BAMCA2kAMGYCMQDv/73kqyWsmH2ko9P2v8OsTtwM
+5t+jTagnhMiEn5m5JcRL7Ek5KvIMtjMZis++hxMCMQCTjT/T7/5J7IbB5Hl4QwYR
+DZ8rFgjx7pgwiGj+h5TJLsvYfziM4F7c7FJ3klh1T08=
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBCzCBkQIBADASMRAwDgYDVQQDDAdpZmFiaWFuMHYwEAYHKoZIzj0CAQYFK4EE
+ACIDYgAEumWUZwg0hscPlABf4jhbnilfdnqHQ1s3pESrOXK+Nw4/xbpVi2y9Iu10
+VIiiHOz4JDc/s7LjVg7lgcvvSB3l6h9nUV8giy+q/v6O1L6RKJS2zAR0kHKQEKB8
+QqLjTH9JoAAwCgYIKoZIzj0EAwIDaQAwZgIxAOKmHpLEoJhLnOz8fNiI5WoDjBgJ
+12SbiqqP30nhj3VHCHp9vVQHIowqsKGaEcNMfgIxALfI4SN2rbCVk/NoNuJjnLjv
+R7oQ9xPH/Vs0lsLiphy8HvgOVuX/GFMviRcI9BY4Fg==
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBCzCBkgIBADATMREwDwYDVQQDDAhraG9ydmF0aDB2MBAGByqGSM49AgEGBSuB
+BAAiA2IABBDQomhm6kA2850T4rznh5LUyvLmE6kL0JK3oCTw5M5pCOTiwGbgKip5
+BuPUM+hrlKf7cZrnmqH5GjsoPzsMmV8uzxeYYBAWIsMffmFil4U2CgrpJg52w4i4
+juSAeFK1nKAAMAoGCCqGSM49BAMCA2gAMGUCMH78kCLrP1jOuv+CdBvdGargTkqY
+6VkaO+Ygm/mvXkZkLA62C3kDAYQivt7N2nleRAIxAIeEvYFTairnHufjd/Gr8xdt
+SRei3fPpAm1gcQs02kNM6BFCuDPMg3E0AFMOX1SNBA==
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBCDCBkAIBADARMQ8wDQYDVQQDDAZra2FuY3owdjAQBgcqhkjOPQIBBgUrgQQA
+IgNiAAQWw8xMGZHms1OJfXoerleJUhnX5cfQaHSmDZLpCeeBXhEC6oeJIOdXscpE
+ts9fAVhzlIk6Cmf6n8jJFo3ncnWUjVLe8Q9HoxWDw81nyBSvsvVjCAwl1dUKuvub
+D9/gRbSgADAKBggqhkjOPQQDAgNnADBkAjAtsBR5gMCCHg5yQj7OW2MvxwMYTEpk
+6066ABE0i66Ro8XJ0/7a/Wda5XvfqXVczIkCMG1SCQ20okavRvLqFg3O0+DH8Y7z
++jRPtszyVZ99Z9cGqK5CYszm7xf7ozyv/mN17Q==
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBCDCBjwIBADAQMQ4wDAYDVQQDDAVra2VsZTB2MBAGByqGSM49AgEGBSuBBAAi
+A2IABAro7fka9bYX11//npweHRHPEn8BEcqiseC1vDBrXP9e0gYrVakPVTqu7qZe
+dA32Q7akHRcrD4d7wjlHHef75GTRAGC7HOvgQIKNdwmF0Rw3yD7VZFEPHXFxBDoh
+bKJXNqAAMAoGCCqGSM49BAMCA2gAMGUCMBjHpxycgLPtdG09aiKCsVXlJRk4GIv3
+Zhpf/CaMZG4oDH/YzEwiFdand/7//GlE/gIxANy5n0vGIq56l1X3+WuIaNb3NFeR
+G+8d4Z7W05tgac/dBYKR2hcAqvF16QE31vhWhA==
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBCTCBkAIBADARMQ8wDQYDVQQDDAZtc3phYm8wdjAQBgcqhkjOPQIBBgUrgQQA
+IgNiAATU3vBK9KCKvVKXh8D1KId9e0zzPRO+a/ZhI/iR/SpZ2zgu7NZdIcK54Iw4
+Nsm7LPmH88VTKNGUA9MkwPqVsxlKQpWUIhFPguq/FkJCkPGe6WhILrnbcb5ISusG
+YWNzdxigADAKBggqhkjOPQQDAgNoADBlAjEA077+fweY97IYc/LAi6fe72rejGAF
+0mULlTDUxgFddu7wfUb/lgcnLv9M+SwIoaIHAjBqf5POJ5fsE4qaMP2YwoKjfrlG
+08T6USZqvB4FpFa0zbd8LZihlkNroDBOx2TpXy0=
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBBjCBjgIBADAPMQ0wCwYDVQQDDARxcWNzMHYwEAYHKoZIzj0CAQYFK4EEACID
+YgAESsOlMD41MJk0aEhICAWWybRAzOUJgeNHB4RZY1n4xZJ/NbpoGxTS89o5FJfj
+EQnYTzRhnbJ11nOr2evtDujleyjGnQSx7UeXK9NiAbOD52zIxxGC88jAlydSjVTa
+Qpj7oAAwCgYIKoZIzj0EAwIDZwAwZAIwR7VnIf4uVK82n307s6g0dYL1NUglgPwX
+yIjqZIY2q2PvHGxwbmz/cU1Fuk1FeuAuAjB3QYjcUtk7kIcSmcI3SphCCRlbH0cD
+4eImTHMs/6bJqft7xrDdAZN9uIAtBpsSqFk=
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBCjCBkQIBADASMRAwDgYDVQQDDAdycmVuZGVrMHYwEAYHKoZIzj0CAQYFK4EE
+ACIDYgAE6sSr4SRCkQYXc9bZhxcpqAVzvlpUOD7J3XhVyuIn5kQaIls6FWhhv67O
+BaXJmPej/w652478Fax2Qchu3oU4yx+xmEHfThhiJASVWhZrC/0T4yaLdtOaVGyb
+GTxV3tAuoAAwCgYIKoZIzj0EAwIDaAAwZQIwfcU6uSYmTg5df6XK0lxeYfAnNJJS
+nCvW2iLWb2d8PHsQIj3CaTIDMAyMEUolkDD7AjEA1Rc+CDn480fUb2/IEGZvkYRi
+0kztuCXQIz1WWJgpIr9X7OETpmkrNGWL4qNLJ/F5
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBCTCBkAIBADARMQ8wDQYDVQQDDAZzZXJ2ZXIwdjAQBgcqhkjOPQIBBgUrgQQA
+IgNiAAS5H+qD4GrjSd2o9QYXM0xEc6xGATPriKMS1gqqO+5v03VpGfaCEp0jFzq5
+/mZhJkxG29L5WvyoglgiqLf8y/3MPfHoyRk58fPQ+3Own3dTnP81tbXGje7rZgvR
+cNW7pGagADAKBggqhkjOPQQDAgNoADBlAjEAv8gQnvhdDlNzx4eJwKHCciWX53PD
+r9H+z1SZ44816XiTpFYZnMhRQI68+5TBp7CGAjByELeSgotlb4k9l3E0x/6/1QA8
+CC6AE4W/m8s1wXsRAhEHxmA6UZmOgPlZftSFICY=
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBCTCBkQIBADASMRAwDgYDVQQDDAd0aGVyaW5nMHYwEAYHKoZIzj0CAQYFK4EE
+ACIDYgAEGOZ0JaQJaoOfvHHojsFEc2xgFzoppBFAlJ2tqvQ3A8yDpyhbWMgLQL/s
+yINuQdtWJDdWf7olVwl2gidFk+llJapV8ctI2IvSZdyOUXHoYNEuiDT00fPCgTo2
+mpwIf6zHoAAwCgYIKoZIzj0EAwIDZwAwZAIwKkd3GRIaqtKhD6xkY/oDDkfO3JhS
+1pytj/Y5Arxyllpq2WGKHk84Xpijpt+5mURuAjAJT6aKO8Yj/7gn0gUgqU7sgUjs
+jeK8ul/weOnx98dvGarGCtHVFk/YOm1US3G60M4=
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBDDCBkgIBADATMREwDwYDVQQDDAh0c3VoYWpkYTB2MBAGByqGSM49AgEGBSuB
+BAAiA2IABGpSR7SCb4gHOdJVN1ve6Df9EsguKsW0m1TPK3xz3ZyJN9epCVARu66O
+jT/n0Ml+ifV/KSgt1klbablH2oKHHqnoepji/iu2sML9qhivw9Www1GLd45NaGBH
+QShNMIFNfKAAMAoGCCqGSM49BAMCA2kAMGYCMQCaTPqfIpR3fVd//V/S5FDLDF5D
+hUNIACH9bZYmY8pyH7PZ/hhQ23fZNDPWB8QcoHECMQDtcOGvrFd2VjHzZLsI98s5
+EHL436RfdE5WFtOnfEkCVoTvDkfZqkMjNh7M1dq/sgE=
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBEDCBlgIBADAXMRUwEwYDVQQDDAx6YmFydGFrb3ZpY3MwdjAQBgcqhkjOPQIB
+BgUrgQQAIgNiAAQPaAvGjoE876fLcYTzhBLlnCgTFeGrvy+SPNtALOX3yWGU0iMI
+EHVTeuw5PKGc03MOedtMFZR3EaQw4rxz+mYOF5Dio0wXgkGHwpSKwyhHQHZ2WccW
+RweL7N0ibDyvJiWgADAKBggqhkjOPQQDAgNpADBmAjEAlZgYRYG0puqjc3GQoAAI
+sAZaw67rUqf+J9z6JDYnUPfqX3VrsJaKpTy4bmo8OwKnAjEArbINmKjKr9cOyTFu
+IjC97INHf7dUzIWJQNJsmjpG9cUTetFHV9DlTiL+P72BRLWt
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBCjCBkQIBADASMRAwDgYDVQQDDAd6ZmVsbGVnMHYwEAYHKoZIzj0CAQYFK4EE
+ACIDYgAEg6SVTPQYkkfx/ibULDqhZXN7780m79zXetyVmotmP+nJLvasCg6hj72l
+AEI6MAOcCltKwzy8YgVgNzaZ5OcnLa6pwaJXNY7SWXcpFmRQlBbKGhkxGoOMQQd/
+fef8mIBzoAAwCgYIKoZIzj0EAwIDaAAwZQIxAPVqTTqKn5lRfhUswnzTfZEQS3e+
+zgb/KRloYHNkWyQiBgeevAegtg8QtJsyOnffagIwRrQOxn8+3w3QVui71ThBnVPz
+6+8lqo25fipBYQ9xp0ONM6IxukuMdH5HBGqZi94q
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+# For use with Easy-RSA 3.1 and OpenSSL or LibreSSL
+
+RANDFILE = /etc/openvpn/server/easy-rsa/pki/.rnd
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = /etc/openvpn/server/easy-rsa/pki # Where everything is kept
+certs = /etc/openvpn/server/easy-rsa/pki # Where the issued certs are kept
+crl_dir = /etc/openvpn/server/easy-rsa/pki # Where the issued crl are kept
+database = /etc/openvpn/server/easy-rsa/pki/index.txt # database index file.
+new_certs_dir = /etc/openvpn/server/easy-rsa/pki/certs_by_serial # default place for new certs.
+
+certificate = /etc/openvpn/server/easy-rsa/pki/ca.crt # The CA certificate
+serial = /etc/openvpn/server/easy-rsa/pki/serial # The current serial number
+crl = /etc/openvpn/server/easy-rsa/pki/crl.pem # The current CRL
+private_key = /etc/openvpn/server/easy-rsa/pki/private/ca.key # The private key
+RANDFILE = /etc/openvpn/server/easy-rsa/pki/.rand # private random number file
+
+x509_extensions = basic_exts # The extentions to add to the cert
+
+# This allows a V2 CRL. Ancient browsers don't like it, but anything Easy-RSA
+# is designed for will. In return, we get the Issuer attached to CRLs.
+crl_extensions = crl_ext
+
+default_days = 1080 # how long to certify for
+default_crl_days= 180 # how long before next CRL
+default_md = sha256 # use public key default MD
+preserve = no # keep passed DN ordering
+
+# This allows to renew certificates which have not been revoked
+unique_subject = no
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_anything
+
+# For the 'anything' policy, which defines allowed DN fields
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+name = optional
+emailAddress = optional
+
+####################################################################
+# Easy-RSA request handling
+# We key off $DN_MODE to determine how to format the DN
+[ req ]
+default_bits = 2048
+default_keyfile = privkey.pem
+default_md = sha256
+distinguished_name = cn_only
+x509_extensions = easyrsa_ca # The extentions to add to the self signed cert
+
+# A placeholder to handle the $EXTRA_EXTS feature:
+#%EXTRA_EXTS% # Do NOT remove or change this line as $EXTRA_EXTS support requires it
+
+####################################################################
+# Easy-RSA DN (Subject) handling
+
+# Easy-RSA DN for cn_only support:
+[ cn_only ]
+commonName = Common Name (eg: your user, host, or server name)
+commonName_max = 64
+commonName_default = ChangeMe
+
+# Easy-RSA DN for org support:
+[ org ]
+countryName = Country Name (2 letter code)
+countryName_default = US
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = California
+
+localityName = Locality Name (eg, city)
+localityName_default = San Francisco
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = Copyleft Certificate Co
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+organizationalUnitName_default = My Organizational Unit
+
+commonName = Common Name (eg: your user, host, or server name)
+commonName_max = 64
+commonName_default = ChangeMe
+
+emailAddress = Email Address
+emailAddress_default = me@example.net
+emailAddress_max = 64
+
+####################################################################
+# Easy-RSA cert extension handling
+
+# This section is effectively unused as the main script sets extensions
+# dynamically. This core section is left to support the odd usecase where
+# a user calls openssl directly.
+[ basic_exts ]
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+
+# The Easy-RSA CA extensions
+[ easyrsa_ca ]
+
+# PKIX recommendations:
+
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This could be marked critical, but it's nice to support reading by any
+# broken clients who attempt to do so.
+basicConstraints = CA:true
+
+# Limit key usage to CA tasks. If you really want to use the generated pair as
+# a self-signed cert, comment this out.
+keyUsage = cRLSign, keyCertSign
+
+# nsCertType omitted by default. Let's try to let the deprecated stuff die.
+# nsCertType = sslCA
+
+# CRL extensions.
+[ crl_ext ]
+
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
--- /dev/null
+B563FF7CFF8723F8FD6CCD82851FFA32
--- /dev/null
+b563ff7cff8723f8fd6ccd82851ffa31
--- /dev/null
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+ea8f1c83226838b22597668f903e9929
+6b77ff8cf2afd8d9f839344c47f85693
+d4280a82bc743e01159f17545f7d7e23
+1e91d5292c53c26c353618495b7a4013
+8df9a1de2a3278ea55ac22d1a85b11bb
+b155df61c10e835b49b2960a52840aa1
+64ea57bc98da062b695e06e3aca108c8
+d755dbd543d0d816546d7647d326aaea
+8e02195160d37f131ffe52a1f39c017e
+69fcb995e6fab1ee7a64c8b5a3946faa
+38613b3bdbdd95443a7ec3b17386dce9
+b070e4a7cb7ce59152a37985e8a7d881
+b2c1da898f177dba80e0b53e7bbf53c0
+c7431ebce43cfebc92fa4e4ac49a146c
+84ae27231334ca1dac42dea1f964d48f
+eb7313175e956356f6ecefd289864a1a
+-----END OpenVPN Static key V1-----
--- /dev/null
+# Easy-RSA 3 parameter settings
+
+# NOTE: If you installed Easy-RSA from your distro's package manager, don't edit
+# this file in place -- instead, you should copy the entire easy-rsa directory
+# to another location so future upgrades don't wipe out your changes.
+
+# HOW TO USE THIS FILE
+#
+# vars.example contains built-in examples to Easy-RSA settings. You MUST name
+# this file 'vars' if you want it to be used as a configuration file. If you do
+# not, it WILL NOT be automatically read when you call easyrsa commands.
+#
+# It is not necessary to use this config file unless you wish to change
+# operational defaults. These defaults should be fine for many uses without the
+# need to copy and edit the 'vars' file.
+#
+# All of the editable settings are shown commented and start with the command
+# 'set_var' -- this means any set_var command that is uncommented has been
+# modified by the user. If you're happy with a default, there is no need to
+# define the value to its default.
+
+# NOTES FOR WINDOWS USERS
+#
+# Paths for Windows *MUST* use forward slashes, or optionally double-esscaped
+# backslashes (single forward slashes are recommended.) This means your path to
+# the openssl binary might look like this:
+# "C:/Program Files/OpenSSL-Win32/bin/openssl.exe"
+
+# A little housekeeping: DON'T EDIT THIS SECTION
+#
+# Easy-RSA 3.x doesn't source into the environment directly.
+# Complain if a user tries to do this:
+if [ -z "$EASYRSA_CALLER" ]; then
+ echo "You appear to be sourcing an Easy-RSA 'vars' file." >&2
+ echo "This is no longer necessary and is disallowed. See the section called" >&2
+ echo "'How to use this file' near the top comments for more details." >&2
+ return 1
+fi
+
+# DO YOUR EDITS BELOW THIS POINT
+
+# This variable is used as the base location of configuration files needed by
+# easyrsa. More specific variables for specific files (e.g., EASYRSA_SSL_CONF)
+# may override this default.
+#
+# The default value of this variable is the location of the easyrsa script
+# itself, which is also where the configuration files are located in the
+# easy-rsa tree.
+
+#set_var EASYRSA "${0%/*}"
+
+# If your OpenSSL command is not in the system PATH, you will need to define the
+# path to it here. Normally this means a full path to the executable, otherwise
+# you could have left it undefined here and the shown default would be used.
+#
+# Windows users, remember to use paths with forward-slashes (or escaped
+# back-slashes.) Windows users should declare the full path to the openssl
+# binary here if it is not in their system PATH.
+
+#set_var EASYRSA_OPENSSL "openssl"
+#
+# This sample is in Windows syntax -- edit it for your path if not using PATH:
+#set_var EASYRSA_OPENSSL "C:/Program Files/OpenSSL-Win32/bin/openssl.exe"
+
+# Edit this variable to point to your soon-to-be-created key directory. By
+# default, this will be "$PWD/pki" (i.e. the "pki" subdirectory of the
+# directory you are currently in).
+#
+# WARNING: init-pki will do a rm -rf on this directory so make sure you define
+# it correctly! (Interactive mode will prompt before acting.)
+
+#set_var EASYRSA_PKI "$PWD/pki"
+
+# Define X509 DN mode.
+# This is used to adjust what elements are included in the Subject field as the DN
+# (this is the "Distinguished Name.")
+# Note that in cn_only mode the Organizational fields further below aren't used.
+#
+# Choices are:
+# cn_only - use just a CN value
+# org - use the "traditional" Country/Province/City/Org/OU/email/CN format
+
+#set_var EASYRSA_DN "cn_only"
+
+# Organizational fields (used with 'org' mode and ignored in 'cn_only' mode.)
+# These are the default values for fields which will be placed in the
+# certificate. Don't leave any of these fields blank, although interactively
+# you may omit any specific field by typing the "." symbol (not valid for
+# email.)
+
+#set_var EASYRSA_REQ_COUNTRY "US"
+#set_var EASYRSA_REQ_PROVINCE "California"
+#set_var EASYRSA_REQ_CITY "San Francisco"
+#set_var EASYRSA_REQ_ORG "Copyleft Certificate Co"
+#set_var EASYRSA_REQ_EMAIL "me@example.net"
+#set_var EASYRSA_REQ_OU "My Organizational Unit"
+
+# Choose a size in bits for your keypairs. The recommended value is 2048. Using
+# 2048-bit keys is considered more than sufficient for many years into the
+# future. Larger keysizes will slow down TLS negotiation and make key/DH param
+# generation take much longer. Values up to 4096 should be accepted by most
+# software. Only used when the crypto alg is rsa (see below.)
+
+#set_var EASYRSA_KEY_SIZE 2048
+
+# The default crypto mode is rsa; ec can enable elliptic curve support.
+# Note that not all software supports ECC, so use care when enabling it.
+# Choices for crypto alg are: (each in lower-case)
+# * rsa
+# * ec
+
+set_var EASYRSA_ALGO ec
+
+# Define the named curve, used in ec mode only:
+
+#set_var EASYRSA_CURVE secp384r1
+
+# In how many days should the root CA key expire?
+
+#set_var EASYRSA_CA_EXPIRE 3650
+
+# In how many days should certificates expire?
+
+#set_var EASYRSA_CERT_EXPIRE 1080
+
+# How many days until the next CRL publish date? Note that the CRL can still be
+# parsed after this timeframe passes. It is only used for an expected next
+# publication date.
+
+# How many days before its expiration date a certificate is allowed to be
+# renewed?
+#set_var EASYRSA_CERT_RENEW 30
+
+#set_var EASYRSA_CRL_DAYS 180
+
+# Support deprecated "Netscape" extensions? (choices "yes" or "no".) The default
+# is "no" to discourage use of deprecated extensions. If you require this
+# feature to use with --ns-cert-type, set this to "yes" here. This support
+# should be replaced with the more modern --remote-cert-tls feature. If you do
+# not use --ns-cert-type in your configs, it is safe (and recommended) to leave
+# this defined to "no". When set to "yes", server-signed certs get the
+# nsCertType=server attribute, and also get any NS_COMMENT defined below in the
+# nsComment field.
+
+#set_var EASYRSA_NS_SUPPORT "no"
+
+# When NS_SUPPORT is set to "yes", this field is added as the nsComment field.
+# Set this blank to omit it. With NS_SUPPORT set to "no" this field is ignored.
+
+#set_var EASYRSA_NS_COMMENT "Easy-RSA Generated Certificate"
+
+# A temp file used to stage cert extensions during signing. The default should
+# be fine for most users; however, some users might want an alternative under a
+# RAM-based FS, such as /dev/shm or /tmp on some systems.
+
+#set_var EASYRSA_TEMP_FILE "$EASYRSA_PKI/extensions.temp"
+
+# !!
+# NOTE: ADVANCED OPTIONS BELOW THIS POINT
+# PLAY WITH THEM AT YOUR OWN RISK
+# !!
+
+# Broken shell command aliases: If you have a largely broken shell that is
+# missing any of these POSIX-required commands used by Easy-RSA, you will need
+# to define an alias to the proper path for the command. The symptom will be
+# some form of a 'command not found' error from your shell. This means your
+# shell is BROKEN, but you can hack around it here if you really need. These
+# shown values are not defaults: it is up to you to know what you're doing if
+# you touch these.
+#
+#alias awk="/alt/bin/awk"
+#alias cat="/alt/bin/cat"
+
+# X509 extensions directory:
+# If you want to customize the X509 extensions used, set the directory to look
+# for extensions here. Each cert type you sign must have a matching filename,
+# and an optional file named 'COMMON' is included first when present. Note that
+# when undefined here, default behaviour is to look in $EASYRSA_PKI first, then
+# fallback to $EASYRSA for the 'x509-types' dir. You may override this
+# detection with an explicit dir here.
+#
+#set_var EASYRSA_EXT_DIR "$EASYRSA/x509-types"
+
+# OpenSSL config file:
+# If you need to use a specific openssl config file, you can reference it here.
+# Normally this file is auto-detected from a file named openssl-easyrsa.cnf from the
+# EASYRSA_PKI or EASYRSA dir (in that order.) NOTE that this file is Easy-RSA
+# specific and you cannot just use a standard config file, so this is an
+# advanced feature.
+
+#set_var EASYRSA_SSL_CONF "$EASYRSA/openssl-easyrsa.cnf"
+
+# Default CN:
+# This is best left alone. Interactively you will set this manually, and BATCH
+# callers are expected to set this themselves.
+
+#set_var EASYRSA_REQ_CN "ChangeMe"
+
+# Cryptographic digest to use.
+# Do not change this default unless you understand the security implications.
+# Valid choices include: md5, sha1, sha256, sha224, sha384, sha512
+
+#set_var EASYRSA_DIGEST "sha256"
+
+# Batch mode. Leave this disabled unless you intend to call Easy-RSA explicitly
+# in batch mode without any user input, confirmation on dangerous operations,
+# or most output. Setting this to any non-blank string enables batch mode.
+
+#set_var EASYRSA_BATCH ""
+
--- /dev/null
+# X509 extensions added to every signed cert
+
+# This file is included for every cert signed, and by default does nothing.
+# It could be used to add values every cert should have, such as a CDP as
+# demonstrated in the following example:
+
+#crlDistributionPoints = URI:http://example.net/pki/my_ca.crl
--- /dev/null
+# X509 extensions for a ca
+
+# Note that basicConstraints will be overridden by Easy-RSA when defining a
+# CA_PATH_LEN for CA path length limits. You could also do this here
+# manually as in the following example in place of the existing line:
+#
+# basicConstraints = CA:TRUE, pathlen:1
+
+basicConstraints = CA:TRUE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer:always
+keyUsage = cRLSign, keyCertSign
+
--- /dev/null
+# X509 extensions for a client
+
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+extendedKeyUsage = clientAuth
+keyUsage = digitalSignature
+
--- /dev/null
+# X509 extensions for a client
+
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+extendedKeyUsage = codeSigning
+keyUsage = digitalSignature
+
--- /dev/null
+# X509 extensions for a server
+
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+extendedKeyUsage = serverAuth
+keyUsage = digitalSignature,keyEncipherment
+
--- /dev/null
+# X509 extensions for a client/server
+
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+extendedKeyUsage = serverAuth,clientAuth
+keyUsage = digitalSignature,keyEncipherment
+
https://git.useribm.hu / user-lxc.git / commitdiff