lxc.net.0.hwaddr = 02:0c:18:03:6d:ec
lxc.autodev = 1
-lxc.hook.autodev = __CONTAINER_PATH__/hooks/autodev
lxc.cgroup2.devices.allow = a
DISTRIBUTION=Fedora
-DISTRIBUTION_VERSION=36
+DISTRIBUTION_VERSION=37
ROOT_PACKAGES="hostname initscripts iproute rootfiles systemd-udev"
BASE_PACKAGES="NetworkManager iputils logrotate rsyslog tar vim-minimal"
-SPEC_PACKAGES="cronie easy-rsa openssh-clients openssh-server openvpn rpm"
+SPEC_PACKAGES="wireguard-tools"
+++ /dev/null
-#!/bin/sh
-
-
-REAL_PATH=$(dirname $(realpath $0))
-
-echo "OpenVPN setup scripts can be found in /etc/openvpn/setupscripts"
#!/usr/bin/sh
-systemctl enable openvpn-server@server.service
-systemctl start openvpn-server@server.service
+systemctl enable wg-quick@wgs.service
+systemctl start wg-quick@wgs.service
systemctl enable NetworkManager-wait-online.service
systemctl start NetworkManager-wait-online.service
+++ /dev/null
-#!/bin/bash
-
-cd $LXC_ROOTFS_MOUNT/dev
-mkdir net
-mknod net/tun c 10 200
-chmod 0666 net/tun
SOURCE_PATH=$REAL_PATH/install
chown -R root.root $SOURCE_PATH/*
-
-chgrp openvpn $SOURCE_PATH/etc/openvpn/client
-chgrp openvpn $SOURCE_PATH/etc/openvpn/server
REAL_PATH=$(dirname $(realpath $0))
SOURCE_PATH=$REAL_PATH/install
-
-chmod 755 $SOURCE_PATH/etc/cron.monthly/vpn
-chmod 750 $SOURCE_PATH/etc/openvpn/client
-chmod 750 $SOURCE_PATH/etc/openvpn/server
#!/bin/sh
+systemctl disable wg-quick@wgs
systemctl disable NetworkManager-wait-online.service
systemctl disable logrotate.timer
+++ /dev/null
-#!/usr/bin/sh
-
-
-/etc/openvpn/server/easy-rsa/easyrsa --pki-dir=/etc/openvpn/server/easy-rsa/pki gen-crl
+++ /dev/null
-#!/usr/bin/sh
-
-
-/etc/openvpn/server/easy-rsa/easyrsa --pki-dir=/etc/openvpn/server/easy-rsa/pki gen-crl
-/usr/bin/systemctl restart openvpn-server@server
+++ /dev/null
-iroute 10.162.104.0 255.255.255.0
+++ /dev/null
-##############################################
-# Sample client-side OpenVPN 2.0 config file #
-# for connecting to multi-client server. #
-# #
-# This configuration can be used by multiple #
-# clients, however each client should have #
-# its own cert and key files. #
-# #
-# On Windows, you might want to rename this #
-# file so it has a .ovpn extension #
-##############################################
-
-# Specify that we are a client and that we
-# will be pulling certain config file directives
-# from the server.
-client
-
-# Use the same setting as you are using on
-# the server.
-# On most systems, the VPN will not function
-# unless you partially or fully disable
-# the firewall for the TUN/TAP interface.
-;dev tap
-dev tun
-
-# Windows needs the TAP-Win32 adapter name
-# from the Network Connections panel
-# if you have more than one. On XP SP2,
-# you may need to disable the firewall
-# for the TAP adapter.
-;dev-node MyTap
-
-# Are we connecting to a TCP or
-# UDP server? Use the same setting as
-# on the server.
-;proto tcp
-proto udp
-
-# The hostname/IP and port of the server.
-# You can have multiple remote entries
-# to load balance between the servers.
-remote vpn.userrendszerhaz.hu 1194
-
-# Choose a random host from the remote
-# list for load-balancing. Otherwise
-# try hosts in the order specified.
-;remote-random
-
-# Keep trying indefinitely to resolve the
-# host name of the OpenVPN server. Very useful
-# on machines which are not permanently connected
-# to the internet such as laptops.
-resolv-retry infinite
-
-# Most clients don't need to bind to
-# a specific local port number.
-nobind
-
-# Downgrade privileges after initialization (non-Windows only)
-user nobody
-group nobody
-
-# Try to preserve some state across restarts.
-persist-key
-persist-tun
-
-# If you are connecting through an
-# HTTP proxy to reach the actual OpenVPN
-# server, put the proxy server/IP and
-# port number here. See the man page
-# if your proxy server requires
-# authentication.
-;http-proxy-retry # retry on connection failures
-;http-proxy [proxy server] [proxy port #]
-
-# Wireless networks often produce a lot
-# of duplicate packets. Set this flag
-# to silence duplicate packet warnings.
-;mute-replay-warnings
-
-# SSL/TLS parms.
-# See the server config file for more
-# description. It's best to use
-# a separate .crt/.key file pair
-# for each client. A single ca
-# file can be used for all clients.
-;ca ca.crt
-;cert client.crt
-;key client.key
-
-# Verify server certificate by checking that the
-# certificate has the correct key usage set.
-# This is an important precaution to protect against
-# a potential attack discussed here:
-# http://openvpn.net/howto.html#mitm
-#
-# To use this feature, you will need to generate
-# your server certificates with the keyUsage set to
-# digitalSignature, keyEncipherment
-# and the extendedKeyUsage to
-# serverAuth
-# EasyRSA can do this for you.
-remote-cert-tls server
-
-# If a tls-auth key is used on the server
-# then every client must also have the key.
-;tls-auth ta.key 1
-key-direction 1
-
-# Select a cryptographic cipher.
-# If the cipher option is used on the server
-# then you must also specify it here.
-# Note that v2.4 client/server will automatically
-# negotiate AES-256-GCM in TLS mode.
-# See also the data-ciphers option in the manpage
-cipher AES-256-CBC
-
-# Enable compression on the VPN link.
-# Don't enable this unless it is also
-# enabled in the server config file.
-#comp-lzo
-
-# Set log file verbosity.
-verb 3
-
-# Silence repeating messages
-;mute 20
-
-<ca>
------BEGIN CERTIFICATE-----
-MIIDSzCCAjOgAwIBAgIUdc8xO6X2O5dKTboU0VjKk8vxf6UwDQYJKoZIhvcNAQEL
-BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjIwMTI3MTYyMjI1WhcNMzIw
-MTI1MTYyMjI1WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBANfUW/VYGBdUDdq3yGWMD7TDDoXNFX+FaESEj8ad
-KhU3aakSF2bltPSLV0OKh+6H0avL1sPwvgleI7mmHU3PnyOTt4Seeikhcx9ZMLTZ
-NJ5unObrnfCyTOrpg7oQGUfu/eYsF3wAxXkQp/CG3aq++eTc741V3HVoj8slPtqJ
-7wMPMWDOgqENgIitOYD5gA9iywoLthXsIrPtWKy2zo8kUTQ3KE61UOEUa1I9r+3X
-EMM25lCid8I4kPTRU4JMbFvFqM+q3EOhMXeLlzAj6bD0ebmndxUyJLvbDBC5Uk9Q
-4CJsMRFhXTZZVUeCdmzvt4iUBZXN1P9AeM9lYCw4ZOjIknECAwEAAaOBkDCBjTAd
-BgNVHQ4EFgQUSUNbUvgxeLWEdHqNJ9MiH6nUwqUwUQYDVR0jBEowSIAUSUNbUvgx
-eLWEdHqNJ9MiH6nUwqWhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghR1zzE7
-pfY7l0pNuhTRWMqTy/F/pTAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq
-hkiG9w0BAQsFAAOCAQEAn4m1/6ptyMlGlobrZJ1/zpFykrHdlsFU2JbfVKB1Cu3P
-Hz9rJ0ai3du++7TObktNkALQgMy+i6eGH6+EbLp9lazcRRdJPVhJIuhQX9hvzQfk
-F/mM5wRJd6Rg6Cy8SDp0KYPwOM74Xck9ukvIPxdWd6omgu0b0qpruc58P0AW2Tjk
-XIP5YnBTBQGmN7NUzrJ4zWLKEJbOOi/P47oqEwYBGaWquLBsCPq03oDMs8EsGTcO
-90k9S8vgrrZfW4jHfkOmmNepgvt3g4A3g7Y9qYKLQi6vBtDOpK8OWfD6kIXBxqNt
-uSXdVmSwgbCTdXsMU3aEnVEyvgnlw/Wz+tXo+gLb5w==
------END CERTIFICATE-----
-</ca>
-
-<cert>
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- b7:e4:9a:ec:69:ad:ac:37:db:3d:e7:3a:72:68:05:aa
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:52:59 2022 GMT
- Not After : Jan 25 16:52:59 2032 GMT
- Subject: CN=akosztolanyi
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:cd:02:9c:1d:2c:a3:f2:9f:dc:ed:e2:44:32:e2:
- 0f:02:2e:47:45:a2:a5:22:31:5a:8e:c8:68:c6:df:
- 63:6b:25:32:62:ee:db:16:97:dd:60:21:61:a9:cb:
- 77:6c:99:45:d1:5a:bf:b5:4c:0e:30:a6:33:ae:12:
- 37:66:38:ec:5c:e5:b9:7c:4f:0e:14:b0:1a:c1:a8:
- 50:e3:56:01:ce:68:0d:63:d4:9a:1b:33:95:f0:d5:
- 38:7a:0d:d5:b3:a7:73:2f:a3:ed:54:bb:4e:40:0a:
- 09:0b:ed:73:38:e0:bd:65:36:2e:92:29:b9:59:e1:
- 3b:e6:bf:74:6b:8d:2a:f7:61:31:ba:10:04:98:d3:
- b5:73:b7:74:bc:06:d7:c0:7c:33:4b:18:d7:5a:ea:
- bf:87:7d:95:3e:ba:d9:5a:ad:c7:40:8e:6f:5b:90:
- 38:91:54:f2:b8:30:71:b3:ad:d4:2f:c8:19:66:83:
- 99:28:ba:7e:2f:00:c2:df:cc:e6:88:08:e4:ef:c2:
- e3:e5:47:8b:6d:2d:70:b4:71:de:33:c5:47:9e:e6:
- 2e:f7:7d:de:81:6f:ad:a4:00:44:b5:78:4f:3d:43:
- 43:ef:5d:5a:0b:56:be:ab:da:22:2d:80:f1:99:fe:
- 13:d7:a2:8e:4a:fb:31:1f:8e:27:fd:40:79:e1:73:
- f3:d7
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- AB:71:5B:8D:67:12:A3:DB:00:A1:63:AA:37:72:C3:EC:6A:82:CC:FB
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- 3c:b1:50:93:48:68:cc:42:76:ba:3e:f4:c7:38:95:40:18:23:
- 17:6b:0e:2b:f9:13:25:d3:5e:49:e5:51:38:6c:66:da:c4:c1:
- df:9f:71:96:65:6c:53:1d:bf:af:98:05:d5:4d:c2:cf:f3:6d:
- cc:92:7c:79:c6:cc:47:5b:8a:9e:95:f5:fa:02:9d:69:73:b7:
- 75:93:6f:18:f2:b8:15:97:08:a6:fa:c8:a9:e9:6d:44:bf:cb:
- 77:73:b4:6a:02:55:c0:fb:3e:f0:e1:a3:a7:35:90:d1:91:79:
- f1:3d:0f:b7:c9:2c:0a:de:c7:23:c2:10:b6:2c:d2:8a:a7:bf:
- 11:ea:64:cb:93:99:c3:f6:0c:3f:57:a2:65:27:7e:ce:d2:f7:
- 85:e2:ec:66:56:b4:a1:d6:5f:4b:56:6f:fb:93:1b:77:80:7a:
- f4:c4:9d:59:71:09:d3:08:ba:75:0a:57:ce:c6:a0:08:e9:cd:
- 94:0d:39:51:3b:e1:a1:a8:97:a9:26:4c:4d:fe:a6:e2:86:11:
- 1c:2a:34:4d:ab:89:b2:ea:35:39:57:90:65:74:f8:89:75:53:
- 0b:50:74:64:26:52:39:8b:b4:b7:6c:3a:a5:2d:59:68:fa:80:
- ef:93:79:92:fe:88:ea:80:b8:bc:d0:79:c6:1f:a6:6d:01:5b:
- 58:1d:30:0e
------BEGIN CERTIFICATE-----
-MIIDWzCCAkOgAwIBAgIRALfkmuxpraw32z3nOnJoBaowDQYJKoZIhvcNAQELBQAw
-FjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjIwMTI3MTY1MjU5WhcNMzIwMTI1
-MTY1MjU5WjAXMRUwEwYDVQQDDAxha29zenRvbGFueWkwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQDNApwdLKPyn9zt4kQy4g8CLkdFoqUiMVqOyGjG32Nr
-JTJi7tsWl91gIWGpy3dsmUXRWr+1TA4wpjOuEjdmOOxc5bl8Tw4UsBrBqFDjVgHO
-aA1j1JobM5Xw1Th6DdWzp3Mvo+1Uu05ACgkL7XM44L1lNi6SKblZ4Tvmv3RrjSr3
-YTG6EASY07Vzt3S8BtfAfDNLGNda6r+HfZU+utlarcdAjm9bkDiRVPK4MHGzrdQv
-yBlmg5koun4vAMLfzOaICOTvwuPlR4ttLXC0cd4zxUee5i73fd6Bb62kAES1eE89
-Q0PvXVoLVr6r2iItgPGZ/hPXoo5K+zEfjif9QHnhc/PXAgMBAAGjgaIwgZ8wCQYD
-VR0TBAIwADAdBgNVHQ4EFgQUq3FbjWcSo9sAoWOqN3LD7GqCzPswUQYDVR0jBEow
-SIAUSUNbUvgxeLWEdHqNJ9MiH6nUwqWhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNB
-IENBghR1zzE7pfY7l0pNuhTRWMqTy/F/pTATBgNVHSUEDDAKBggrBgEFBQcDAjAL
-BgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBADyxUJNIaMxCdro+9Mc4lUAY
-IxdrDiv5EyXTXknlUThsZtrEwd+fcZZlbFMdv6+YBdVNws/zbcySfHnGzEdbip6V
-9foCnWlzt3WTbxjyuBWXCKb6yKnpbUS/y3dztGoCVcD7PvDho6c1kNGRefE9D7fJ
-LArexyPCELYs0oqnvxHqZMuTmcP2DD9XomUnfs7S94Xi7GZWtKHWX0tWb/uTG3eA
-evTEnVlxCdMIunUKV87GoAjpzZQNOVE74aGol6kmTE3+puKGERwqNE2ribLqNTlX
-kGV0+Il1UwtQdGQmUjmLtLdsOqUtWWj6gO+TeZL+iOqAuLzQecYfpm0BW1gdMA4=
------END CERTIFICATE-----
-</cert>
-
-<key>
------BEGIN PRIVATE KEY-----
-MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDNApwdLKPyn9zt
-4kQy4g8CLkdFoqUiMVqOyGjG32NrJTJi7tsWl91gIWGpy3dsmUXRWr+1TA4wpjOu
-EjdmOOxc5bl8Tw4UsBrBqFDjVgHOaA1j1JobM5Xw1Th6DdWzp3Mvo+1Uu05ACgkL
-7XM44L1lNi6SKblZ4Tvmv3RrjSr3YTG6EASY07Vzt3S8BtfAfDNLGNda6r+HfZU+
-utlarcdAjm9bkDiRVPK4MHGzrdQvyBlmg5koun4vAMLfzOaICOTvwuPlR4ttLXC0
-cd4zxUee5i73fd6Bb62kAES1eE89Q0PvXVoLVr6r2iItgPGZ/hPXoo5K+zEfjif9
-QHnhc/PXAgMBAAECggEAEzXEZSNytWBvdkb2dwIhv+WQPiEwchTH1ItI7iGukjKp
-FwYkt2hBkSlvmlZ7eUyfcy+auSVISxy3yP7h/A0ncMkB6XkK67tYtn7MHZFImAu9
-/XXFfvkFesyv/xfex3fQXk1xBriKa4vFLz3vxwugE6TRFlccjCSD1WppQU64EPf6
-ZFbnd3oDg3DTLB4sRP50LRRiOd0LGd5Rrfvfm9+4os5MB8O0zD/KuJtFLTCVPPZs
-v7xHq49y2aokUj4ZpYli1Cw8gMypL32ZIgWHtXaclZL2x5jMZNRj2r+suSArweCB
-KKJpG4VJNTTSvLDDsFvZF3Ax5NSofDW2xFNAb/kAGQKBgQD9/WHWoRYH6dP9g/Kl
-1aG0fuqMIfPZCRk/2ogDd2EcxJ2QfcMnJGmTYQtyDPu5UPw7uQi4VP0NBSzLMC4t
-gNQTPPBuZYWr+anDNmxJuy85Aitaay+iQHUvLE+l4MviueYv6CTE5XC7TFtFJ6c+
-psfXFQZZlnNUiBfVy+lMWMJSowKBgQDOof0EjoC7XBoiLg9CgHrRBho6yZtwxfN2
-xSO4V6JabE+hytgs0NGRw91ZAkrJZCAgns4RkN57lJa62T9uTGfJgSuOwoh4b7As
-Z0ZUxgb8OHMdJLsfS/4s9rAvE4AS4lDSHX/2KBdscguEiqTy+eauAwvfHuSaJeYA
-ZrL7irfhPQKBgCII6ClooJki3kNkgQlz3R1gvHFWw2Rb8cQ6tmswfhTqy+pmz9XY
-7UTQhkYcM0cb8RDXtLFuwhISlXQM2sNCNij1y4oflI/8/qCoFE61BJjxD3ooTtPB
-K3LMz0d9HhUdsBjPVM4FqNuQWdKkg6bDlpfdu2IZ5Q54xijiEDso0bFdAoGAKNIh
-nQvV7K2mUAhPZXDiUnblKaX4ek/w6A7MHrfZUAnDtY/QIxJhxG0wRkxIn/6Sxj75
-MMkw2rMhD+qpOE4J1uoYw8w0j65o3GzOnSK98IfqXeCKwwUNQq69YZ91lsV09/1x
-8Rw8fGUPV3DYY1PxOYFKkBqXSMih5oRjaYQfDXUCgYA7DrzT8VANm8LNJH0aStSf
-Pgcd4zZb9hPbBaV2QMlZulbvYA5/01Nhqbhjdg7aQ3sDVINWoxS2BN2Uab/NAkNP
-biOnv2AOmscJ9a4zyYQqtT3TrmuR/HdiBMd2+wIE708mifXLuDR6t4KH1gWZkAuO
-2Vkf/8W3elyje5X2/kdhMQ==
------END PRIVATE KEY-----
-</key>
-
-<tls-auth>
-#
-# 2048 bit OpenVPN static key
-#
------BEGIN OpenVPN Static key V1-----
-7a5f3c2dd505666b595d6a03a6d627e1
-9babefe23197dc2181a7d1c00b3f5fd6
-7f28ea49abf33ea7422e0ab63c9eae14
-261ce5c099dd27ae26ba9b70b87737fa
-313a21b5e9d99ae382649eb1d0344703
-5a3b99fb9a1cddf03a89aed78fd3be92
-37ba0fa96e49814ea45495148a6552b4
-5f85d6fcc38fe88fbf8f86e0a0e33894
-89c418f65d4c8fc04ca6e59c61024995
-50547f35e5a7985d6415a7304d9340fd
-9f7ff6bb6f063a745fc3d656f275e07c
-8486233627fb96b8d798fbe8d2f8171d
-afc8bf5677ebef7ab1d80c8495d7262b
-c20efbdcc8645b48b68d6a537d9fb3f3
-03e345699bea11b99d9ace6fa5cd1e1d
-5d0951970c379d3e0b28bcaf453c2700
------END OpenVPN Static key V1-----
-</tls-auth>
+++ /dev/null
-##############################################
-# Sample client-side OpenVPN 2.0 config file #
-# for connecting to multi-client server. #
-# #
-# This configuration can be used by multiple #
-# clients, however each client should have #
-# its own cert and key files. #
-# #
-# On Windows, you might want to rename this #
-# file so it has a .ovpn extension #
-##############################################
-
-# Specify that we are a client and that we
-# will be pulling certain config file directives
-# from the server.
-client
-
-# Use the same setting as you are using on
-# the server.
-# On most systems, the VPN will not function
-# unless you partially or fully disable
-# the firewall for the TUN/TAP interface.
-;dev tap
-dev tun
-
-# Windows needs the TAP-Win32 adapter name
-# from the Network Connections panel
-# if you have more than one. On XP SP2,
-# you may need to disable the firewall
-# for the TAP adapter.
-;dev-node MyTap
-
-# Are we connecting to a TCP or
-# UDP server? Use the same setting as
-# on the server.
-;proto tcp
-proto udp
-
-# The hostname/IP and port of the server.
-# You can have multiple remote entries
-# to load balance between the servers.
-remote vpn.userrendszerhaz.hu 1194
-
-# Choose a random host from the remote
-# list for load-balancing. Otherwise
-# try hosts in the order specified.
-;remote-random
-
-# Keep trying indefinitely to resolve the
-# host name of the OpenVPN server. Very useful
-# on machines which are not permanently connected
-# to the internet such as laptops.
-resolv-retry infinite
-
-# Most clients don't need to bind to
-# a specific local port number.
-nobind
-
-# Downgrade privileges after initialization (non-Windows only)
-user nobody
-group nobody
-
-# Try to preserve some state across restarts.
-persist-key
-persist-tun
-
-# If you are connecting through an
-# HTTP proxy to reach the actual OpenVPN
-# server, put the proxy server/IP and
-# port number here. See the man page
-# if your proxy server requires
-# authentication.
-;http-proxy-retry # retry on connection failures
-;http-proxy [proxy server] [proxy port #]
-
-# Wireless networks often produce a lot
-# of duplicate packets. Set this flag
-# to silence duplicate packet warnings.
-;mute-replay-warnings
-
-# SSL/TLS parms.
-# See the server config file for more
-# description. It's best to use
-# a separate .crt/.key file pair
-# for each client. A single ca
-# file can be used for all clients.
-;ca ca.crt
-;cert client.crt
-;key client.key
-
-# Verify server certificate by checking that the
-# certificate has the correct key usage set.
-# This is an important precaution to protect against
-# a potential attack discussed here:
-# http://openvpn.net/howto.html#mitm
-#
-# To use this feature, you will need to generate
-# your server certificates with the keyUsage set to
-# digitalSignature, keyEncipherment
-# and the extendedKeyUsage to
-# serverAuth
-# EasyRSA can do this for you.
-remote-cert-tls server
-
-# If a tls-auth key is used on the server
-# then every client must also have the key.
-;tls-auth ta.key 1
-key-direction 1
-
-# Select a cryptographic cipher.
-# If the cipher option is used on the server
-# then you must also specify it here.
-# Note that v2.4 client/server will automatically
-# negotiate AES-256-GCM in TLS mode.
-# See also the data-ciphers option in the manpage
-cipher AES-256-CBC
-
-# Enable compression on the VPN link.
-# Don't enable this unless it is also
-# enabled in the server config file.
-#comp-lzo
-
-# Set log file verbosity.
-verb 3
-
-# Silence repeating messages
-;mute 20
+++ /dev/null
-##############################################
-# Sample client-side OpenVPN 2.0 config file #
-# for connecting to multi-client server. #
-# #
-# This configuration can be used by multiple #
-# clients, however each client should have #
-# its own cert and key files. #
-# #
-# On Windows, you might want to rename this #
-# file so it has a .ovpn extension #
-##############################################
-
-# Specify that we are a client and that we
-# will be pulling certain config file directives
-# from the server.
-client
-
-# Use the same setting as you are using on
-# the server.
-# On most systems, the VPN will not function
-# unless you partially or fully disable
-# the firewall for the TUN/TAP interface.
-;dev tap
-dev tun
-
-# Windows needs the TAP-Win32 adapter name
-# from the Network Connections panel
-# if you have more than one. On XP SP2,
-# you may need to disable the firewall
-# for the TAP adapter.
-;dev-node MyTap
-
-# Are we connecting to a TCP or
-# UDP server? Use the same setting as
-# on the server.
-;proto tcp
-proto udp
-
-# The hostname/IP and port of the server.
-# You can have multiple remote entries
-# to load balance between the servers.
-remote vpn.userrendszerhaz.hu 1194
-
-# Choose a random host from the remote
-# list for load-balancing. Otherwise
-# try hosts in the order specified.
-;remote-random
-
-# Keep trying indefinitely to resolve the
-# host name of the OpenVPN server. Very useful
-# on machines which are not permanently connected
-# to the internet such as laptops.
-resolv-retry infinite
-
-# Most clients don't need to bind to
-# a specific local port number.
-nobind
-
-# Downgrade privileges after initialization (non-Windows only)
-user nobody
-group nobody
-
-# Try to preserve some state across restarts.
-persist-key
-persist-tun
-
-# If you are connecting through an
-# HTTP proxy to reach the actual OpenVPN
-# server, put the proxy server/IP and
-# port number here. See the man page
-# if your proxy server requires
-# authentication.
-;http-proxy-retry # retry on connection failures
-;http-proxy [proxy server] [proxy port #]
-
-# Wireless networks often produce a lot
-# of duplicate packets. Set this flag
-# to silence duplicate packet warnings.
-;mute-replay-warnings
-
-# SSL/TLS parms.
-# See the server config file for more
-# description. It's best to use
-# a separate .crt/.key file pair
-# for each client. A single ca
-# file can be used for all clients.
-;ca ca.crt
-;cert client.crt
-;key client.key
-
-# Verify server certificate by checking that the
-# certificate has the correct key usage set.
-# This is an important precaution to protect against
-# a potential attack discussed here:
-# http://openvpn.net/howto.html#mitm
-#
-# To use this feature, you will need to generate
-# your server certificates with the keyUsage set to
-# digitalSignature, keyEncipherment
-# and the extendedKeyUsage to
-# serverAuth
-# EasyRSA can do this for you.
-remote-cert-tls server
-
-# If a tls-auth key is used on the server
-# then every client must also have the key.
-;tls-auth ta.key 1
-key-direction 1
-
-# Select a cryptographic cipher.
-# If the cipher option is used on the server
-# then you must also specify it here.
-# Note that v2.4 client/server will automatically
-# negotiate AES-256-GCM in TLS mode.
-# See also the data-ciphers option in the manpage
-cipher AES-256-CBC
-
-# Enable compression on the VPN link.
-# Don't enable this unless it is also
-# enabled in the server config file.
-#comp-lzo
-
-# Set log file verbosity.
-verb 3
-
-# Silence repeating messages
-;mute 20
-
-<ca>
------BEGIN CERTIFICATE-----
-MIIDSzCCAjOgAwIBAgIUdc8xO6X2O5dKTboU0VjKk8vxf6UwDQYJKoZIhvcNAQEL
-BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjIwMTI3MTYyMjI1WhcNMzIw
-MTI1MTYyMjI1WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBANfUW/VYGBdUDdq3yGWMD7TDDoXNFX+FaESEj8ad
-KhU3aakSF2bltPSLV0OKh+6H0avL1sPwvgleI7mmHU3PnyOTt4Seeikhcx9ZMLTZ
-NJ5unObrnfCyTOrpg7oQGUfu/eYsF3wAxXkQp/CG3aq++eTc741V3HVoj8slPtqJ
-7wMPMWDOgqENgIitOYD5gA9iywoLthXsIrPtWKy2zo8kUTQ3KE61UOEUa1I9r+3X
-EMM25lCid8I4kPTRU4JMbFvFqM+q3EOhMXeLlzAj6bD0ebmndxUyJLvbDBC5Uk9Q
-4CJsMRFhXTZZVUeCdmzvt4iUBZXN1P9AeM9lYCw4ZOjIknECAwEAAaOBkDCBjTAd
-BgNVHQ4EFgQUSUNbUvgxeLWEdHqNJ9MiH6nUwqUwUQYDVR0jBEowSIAUSUNbUvgx
-eLWEdHqNJ9MiH6nUwqWhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghR1zzE7
-pfY7l0pNuhTRWMqTy/F/pTAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq
-hkiG9w0BAQsFAAOCAQEAn4m1/6ptyMlGlobrZJ1/zpFykrHdlsFU2JbfVKB1Cu3P
-Hz9rJ0ai3du++7TObktNkALQgMy+i6eGH6+EbLp9lazcRRdJPVhJIuhQX9hvzQfk
-F/mM5wRJd6Rg6Cy8SDp0KYPwOM74Xck9ukvIPxdWd6omgu0b0qpruc58P0AW2Tjk
-XIP5YnBTBQGmN7NUzrJ4zWLKEJbOOi/P47oqEwYBGaWquLBsCPq03oDMs8EsGTcO
-90k9S8vgrrZfW4jHfkOmmNepgvt3g4A3g7Y9qYKLQi6vBtDOpK8OWfD6kIXBxqNt
-uSXdVmSwgbCTdXsMU3aEnVEyvgnlw/Wz+tXo+gLb5w==
------END CERTIFICATE-----
-</ca>
-
-<cert>
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- cc:ff:e2:58:83:b8:5d:b6:9b:12:89:cf:9a:aa:2f:d4
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:53:22 2022 GMT
- Not After : Jan 25 16:53:22 2032 GMT
- Subject: CN=csgulyas
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:c6:73:39:5f:81:fd:b4:0c:84:c8:23:e0:44:80:
- f5:9f:c1:cd:0f:f8:b8:4b:dd:c9:b0:8a:74:b4:23:
- 37:34:c9:d9:82:95:d9:f0:a1:9e:54:3a:c4:33:19:
- cd:71:96:ee:55:f2:10:67:34:de:dc:0a:b2:21:04:
- d9:d7:5b:15:29:7f:08:54:da:0c:b5:ec:39:b8:78:
- 92:03:07:1d:36:3d:ca:54:75:e9:67:fe:bb:b8:d2:
- 30:72:6a:e7:5c:39:1f:93:bb:b4:62:40:6c:d3:c5:
- a7:4f:24:7c:1e:0d:f9:ea:15:cd:1b:f1:e5:5b:86:
- 7b:99:03:99:20:b0:2a:2f:58:2a:aa:b6:0f:e6:6e:
- 1e:dc:43:57:04:dd:32:d7:ec:01:2c:1c:83:52:02:
- 04:c2:8f:cd:69:da:ed:33:e1:ff:69:65:2e:26:67:
- 23:a6:81:35:05:7c:52:c7:49:8a:69:38:26:9e:87:
- fd:53:2a:9b:7b:90:d1:1a:b8:4e:fc:b7:6e:0c:26:
- b8:55:b2:50:72:4c:d5:cb:8b:dd:de:e6:da:b4:b4:
- 02:12:1c:24:84:bd:81:8a:4d:78:b8:6f:bc:dc:5a:
- 03:da:70:44:48:10:13:bd:ba:be:db:94:e8:6b:71:
- be:d0:cf:03:99:56:fe:c5:ad:68:51:ee:ff:7d:25:
- 80:ff
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 74:79:FB:63:0E:0D:0C:52:6E:FD:DC:CD:22:A3:E6:59:9E:0D:93:E7
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- 17:0c:56:0d:55:55:8a:58:6a:c0:b6:b1:0e:df:ce:77:a6:a6:
- 09:4b:07:f8:01:5b:e2:b9:21:1d:d9:3c:63:14:7c:f4:b8:1f:
- db:90:c8:bb:c5:c1:ef:86:08:ff:d4:55:17:3c:cb:d3:0a:e5:
- ac:f6:fa:93:fe:55:13:3f:94:d1:d9:9d:08:43:46:be:65:d2:
- dd:60:55:6e:82:39:ca:49:20:50:1f:84:e4:b8:8a:3b:f1:51:
- da:59:dc:f9:62:3b:c6:fc:a7:ae:34:8a:90:d3:d4:a6:53:39:
- eb:8a:a3:64:a6:18:3a:62:c1:e2:a3:1f:ae:01:d1:21:e3:77:
- ce:07:16:3c:37:02:05:e6:5c:76:63:45:7e:61:3c:18:44:f2:
- 72:a0:37:7b:24:31:bf:af:ef:40:1c:5a:e1:8d:06:26:fd:3a:
- 4b:3c:fe:21:a8:6f:d4:01:71:d8:77:a4:46:82:c9:60:84:a7:
- a1:7f:c8:95:c5:a9:16:4f:60:28:86:53:97:9d:52:ef:9a:31:
- 51:60:80:44:26:5e:67:79:33:64:01:b3:99:c3:24:cd:ad:5e:
- a1:7f:18:d6:3d:f9:f0:ce:b0:70:f0:25:72:34:45:7a:68:17:
- 13:4b:24:82:d7:83:5b:e3:78:77:98:5e:ea:85:19:ee:83:3b:
- 68:7c:5e:8e
------BEGIN CERTIFICATE-----
-MIIDVzCCAj+gAwIBAgIRAMz/4liDuF22mxKJz5qqL9QwDQYJKoZIhvcNAQELBQAw
-FjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjIwMTI3MTY1MzIyWhcNMzIwMTI1
-MTY1MzIyWjATMREwDwYDVQQDDAhjc2d1bHlhczCCASIwDQYJKoZIhvcNAQEBBQAD
-ggEPADCCAQoCggEBAMZzOV+B/bQMhMgj4ESA9Z/BzQ/4uEvdybCKdLQjNzTJ2YKV
-2fChnlQ6xDMZzXGW7lXyEGc03twKsiEE2ddbFSl/CFTaDLXsObh4kgMHHTY9ylR1
-6Wf+u7jSMHJq51w5H5O7tGJAbNPFp08kfB4N+eoVzRvx5VuGe5kDmSCwKi9YKqq2
-D+ZuHtxDVwTdMtfsASwcg1ICBMKPzWna7TPh/2llLiZnI6aBNQV8UsdJimk4Jp6H
-/VMqm3uQ0Rq4Tvy3bgwmuFWyUHJM1cuL3d7m2rS0AhIcJIS9gYpNeLhvvNxaA9pw
-REgQE726vtuU6GtxvtDPA5lW/sWtaFHu/30lgP8CAwEAAaOBojCBnzAJBgNVHRME
-AjAAMB0GA1UdDgQWBBR0eftjDg0MUm793M0io+ZZng2T5zBRBgNVHSMESjBIgBRJ
-Q1tS+DF4tYR0eo0n0yIfqdTCpaEapBgwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0GC
-FHXPMTul9juXSk26FNFYypPL8X+lMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1Ud
-DwQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAFwxWDVVVilhqwLaxDt/Od6amCUsH
-+AFb4rkhHdk8YxR89Lgf25DIu8XB74YI/9RVFzzL0wrlrPb6k/5VEz+U0dmdCENG
-vmXS3WBVboI5ykkgUB+E5LiKO/FR2lnc+WI7xvynrjSKkNPUplM564qjZKYYOmLB
-4qMfrgHRIeN3zgcWPDcCBeZcdmNFfmE8GETycqA3eyQxv6/vQBxa4Y0GJv06Szz+
-Iahv1AFx2HekRoLJYISnoX/IlcWpFk9gKIZTl51S75oxUWCARCZeZ3kzZAGzmcMk
-za1eoX8Y1j358M6wcPAlcjRFemgXE0skgteDW+N4d5he6oUZ7oM7aHxejg==
------END CERTIFICATE-----
-</cert>
-
-<key>
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDGczlfgf20DITI
-I+BEgPWfwc0P+LhL3cmwinS0Izc0ydmCldnwoZ5UOsQzGc1xlu5V8hBnNN7cCrIh
-BNnXWxUpfwhU2gy17Dm4eJIDBx02PcpUdeln/ru40jByaudcOR+Tu7RiQGzTxadP
-JHweDfnqFc0b8eVbhnuZA5kgsCovWCqqtg/mbh7cQ1cE3TLX7AEsHINSAgTCj81p
-2u0z4f9pZS4mZyOmgTUFfFLHSYppOCaeh/1TKpt7kNEauE78t24MJrhVslByTNXL
-i93e5tq0tAISHCSEvYGKTXi4b7zcWgPacERIEBO9ur7blOhrcb7QzwOZVv7FrWhR
-7v99JYD/AgMBAAECggEBAK61yF/mEFZP4yJUO1/z7MqOExupi473HlZ3PpFMo5Cs
-1/pYNPvdPYfICO04HR+QkhlGN9y0tjMgk3vwSlyHSpUyykHxidkrtBFMzLcvry8O
-rS84c5ljsR7gpVhF95PAkqU8Tm1lbKnwTACoDUFkao4ETYP5rUOrnOq0OT6G+Uyd
-lA00kqmumvuSEXSRrP5sfm8TVfruVZTqLJm2osW6LSCx3XqHIwWyNDABpENGmPxW
-Klxy7WLRjWOfS+RgA8GtYkKH5mSKMhabUXlbUgxHHs7qrIgowKovDZc16RV6KgLA
-8JpQrUT7UXocH3fpGB3KrJgriXv+q9vinUmrqoZ5f5ECgYEA61TkLzGSJVENdImi
-ha46btPiwSI0xD874bxwrAxjPq+CdlrKO01gGvjKfJg05v5lEiCF9aEtJ/z1OXlu
-Wiz5HWSFzQsSWMx5Qud10J+OciXY5Zq6gKptjXkXyGR1O0j1xa/WgjN0hSXYCH7S
-h7r+LYg2Q3//r6Acuya3p+gxfBcCgYEA1+EaPa173NFrwPz/K3BMCV9th2VJvypP
-VuEs/JRKOD/2SwjYR944P/08rV03hUpgU/Xbr7zkV2Yc1sqzFvtjqLvH1gy9Y/2Z
-7aRNFzFGY7ZzBbNyqBhFffQvbUnBMQ3O0BoLh0P4P21L/8fg7RbBcYvufM9YUASy
-yYCGq30iq1kCgYEA3oxccokFdYbOG6xhZtxaZB667PxFPGW0YojLYNkiLdDapsS7
-RROqVDd9fhCOzvg7asYZCS5QPuXInn7IrjyjpXk/06WpxxIvhubPEukhU6+ZC6Gk
-yDLkAYtHw3nFJ7iavEXKrTyt75DXWUleHX/oCfUro+/zRAo9wXse6Yn66icCgYBj
-cVjyInEVJg755lDwxJjyFFhS71CKU8YaYj2j1/dcc/JTXC6s5GuK5m9F+NOzfbBj
-3LQm/t88d1g/hT38Dy84Mc/7BQFVByQZ+P5d+Z/QHOJdNO1TC2MvgwU51ai9nPuw
-lt7Kn3/CT+mbWIp/DGVtlaT1L1oh+hgVhDQE2O7YeQKBgBZE22pasu2XGxCOhUt0
-OHatbUebuWO3CKv5hH8o+jFoDseZWtjM4PbvkrRv0AWLIYMxp7yUkZl3ZBHD4Fkk
-wpjnm4dLqmaxQ+wvnK4hhxul2hs7j5Hxmfo7bpF8v6MSHLTQEhOsVX0U9onI7IIn
-8XG+eKM27X28XAOAOXCo1b2q
------END PRIVATE KEY-----
-</key>
-
-<tls-auth>
-#
-# 2048 bit OpenVPN static key
-#
------BEGIN OpenVPN Static key V1-----
-7a5f3c2dd505666b595d6a03a6d627e1
-9babefe23197dc2181a7d1c00b3f5fd6
-7f28ea49abf33ea7422e0ab63c9eae14
-261ce5c099dd27ae26ba9b70b87737fa
-313a21b5e9d99ae382649eb1d0344703
-5a3b99fb9a1cddf03a89aed78fd3be92
-37ba0fa96e49814ea45495148a6552b4
-5f85d6fcc38fe88fbf8f86e0a0e33894
-89c418f65d4c8fc04ca6e59c61024995
-50547f35e5a7985d6415a7304d9340fd
-9f7ff6bb6f063a745fc3d656f275e07c
-8486233627fb96b8d798fbe8d2f8171d
-afc8bf5677ebef7ab1d80c8495d7262b
-c20efbdcc8645b48b68d6a537d9fb3f3
-03e345699bea11b99d9ace6fa5cd1e1d
-5d0951970c379d3e0b28bcaf453c2700
------END OpenVPN Static key V1-----
-</tls-auth>
+++ /dev/null
-##############################################
-# Sample client-side OpenVPN 2.0 config file #
-# for connecting to multi-client server. #
-# #
-# This configuration can be used by multiple #
-# clients, however each client should have #
-# its own cert and key files. #
-# #
-# On Windows, you might want to rename this #
-# file so it has a .ovpn extension #
-##############################################
-
-# Specify that we are a client and that we
-# will be pulling certain config file directives
-# from the server.
-client
-
-# Use the same setting as you are using on
-# the server.
-# On most systems, the VPN will not function
-# unless you partially or fully disable
-# the firewall for the TUN/TAP interface.
-;dev tap
-dev tun
-
-# Windows needs the TAP-Win32 adapter name
-# from the Network Connections panel
-# if you have more than one. On XP SP2,
-# you may need to disable the firewall
-# for the TAP adapter.
-;dev-node MyTap
-
-# Are we connecting to a TCP or
-# UDP server? Use the same setting as
-# on the server.
-;proto tcp
-proto udp
-
-# The hostname/IP and port of the server.
-# You can have multiple remote entries
-# to load balance between the servers.
-remote vpn.userrendszerhaz.hu 1194
-
-# Choose a random host from the remote
-# list for load-balancing. Otherwise
-# try hosts in the order specified.
-;remote-random
-
-# Keep trying indefinitely to resolve the
-# host name of the OpenVPN server. Very useful
-# on machines which are not permanently connected
-# to the internet such as laptops.
-resolv-retry infinite
-
-# Most clients don't need to bind to
-# a specific local port number.
-nobind
-
-# Downgrade privileges after initialization (non-Windows only)
-user nobody
-group nobody
-
-# Try to preserve some state across restarts.
-persist-key
-persist-tun
-
-# If you are connecting through an
-# HTTP proxy to reach the actual OpenVPN
-# server, put the proxy server/IP and
-# port number here. See the man page
-# if your proxy server requires
-# authentication.
-;http-proxy-retry # retry on connection failures
-;http-proxy [proxy server] [proxy port #]
-
-# Wireless networks often produce a lot
-# of duplicate packets. Set this flag
-# to silence duplicate packet warnings.
-;mute-replay-warnings
-
-# SSL/TLS parms.
-# See the server config file for more
-# description. It's best to use
-# a separate .crt/.key file pair
-# for each client. A single ca
-# file can be used for all clients.
-;ca ca.crt
-;cert client.crt
-;key client.key
-
-# Verify server certificate by checking that the
-# certificate has the correct key usage set.
-# This is an important precaution to protect against
-# a potential attack discussed here:
-# http://openvpn.net/howto.html#mitm
-#
-# To use this feature, you will need to generate
-# your server certificates with the keyUsage set to
-# digitalSignature, keyEncipherment
-# and the extendedKeyUsage to
-# serverAuth
-# EasyRSA can do this for you.
-remote-cert-tls server
-
-# If a tls-auth key is used on the server
-# then every client must also have the key.
-;tls-auth ta.key 1
-key-direction 1
-
-# Select a cryptographic cipher.
-# If the cipher option is used on the server
-# then you must also specify it here.
-# Note that v2.4 client/server will automatically
-# negotiate AES-256-GCM in TLS mode.
-# See also the data-ciphers option in the manpage
-cipher AES-256-CBC
-
-# Enable compression on the VPN link.
-# Don't enable this unless it is also
-# enabled in the server config file.
-#comp-lzo
-
-# Set log file verbosity.
-verb 3
-
-# Silence repeating messages
-;mute 20
-
-<ca>
------BEGIN CERTIFICATE-----
-MIIDSzCCAjOgAwIBAgIUdc8xO6X2O5dKTboU0VjKk8vxf6UwDQYJKoZIhvcNAQEL
-BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjIwMTI3MTYyMjI1WhcNMzIw
-MTI1MTYyMjI1WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBANfUW/VYGBdUDdq3yGWMD7TDDoXNFX+FaESEj8ad
-KhU3aakSF2bltPSLV0OKh+6H0avL1sPwvgleI7mmHU3PnyOTt4Seeikhcx9ZMLTZ
-NJ5unObrnfCyTOrpg7oQGUfu/eYsF3wAxXkQp/CG3aq++eTc741V3HVoj8slPtqJ
-7wMPMWDOgqENgIitOYD5gA9iywoLthXsIrPtWKy2zo8kUTQ3KE61UOEUa1I9r+3X
-EMM25lCid8I4kPTRU4JMbFvFqM+q3EOhMXeLlzAj6bD0ebmndxUyJLvbDBC5Uk9Q
-4CJsMRFhXTZZVUeCdmzvt4iUBZXN1P9AeM9lYCw4ZOjIknECAwEAAaOBkDCBjTAd
-BgNVHQ4EFgQUSUNbUvgxeLWEdHqNJ9MiH6nUwqUwUQYDVR0jBEowSIAUSUNbUvgx
-eLWEdHqNJ9MiH6nUwqWhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghR1zzE7
-pfY7l0pNuhTRWMqTy/F/pTAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq
-hkiG9w0BAQsFAAOCAQEAn4m1/6ptyMlGlobrZJ1/zpFykrHdlsFU2JbfVKB1Cu3P
-Hz9rJ0ai3du++7TObktNkALQgMy+i6eGH6+EbLp9lazcRRdJPVhJIuhQX9hvzQfk
-F/mM5wRJd6Rg6Cy8SDp0KYPwOM74Xck9ukvIPxdWd6omgu0b0qpruc58P0AW2Tjk
-XIP5YnBTBQGmN7NUzrJ4zWLKEJbOOi/P47oqEwYBGaWquLBsCPq03oDMs8EsGTcO
-90k9S8vgrrZfW4jHfkOmmNepgvt3g4A3g7Y9qYKLQi6vBtDOpK8OWfD6kIXBxqNt
-uSXdVmSwgbCTdXsMU3aEnVEyvgnlw/Wz+tXo+gLb5w==
------END CERTIFICATE-----
-</ca>
-
-<cert>
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 98:28:a1:64:04:42:5a:3f:9f:42:0b:d6:47:20:1b:be
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:53:32 2022 GMT
- Not After : Jan 25 16:53:32 2032 GMT
- Subject: CN=cslevai
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:d1:ac:70:e4:89:88:d8:df:db:ce:fe:1e:85:79:
- 12:be:c3:fe:78:5d:90:21:37:4c:8b:f7:83:21:8b:
- af:e0:17:83:20:b9:34:f7:f4:ac:ac:c3:6b:6f:94:
- 60:b1:c3:82:98:55:4a:19:61:89:3a:60:75:8c:99:
- 86:55:07:e0:b5:ee:6a:62:41:29:39:e4:c0:d3:14:
- 22:78:1e:4c:02:ff:9a:36:3c:d5:17:a2:28:d8:68:
- 9c:cd:cc:cc:32:0d:ac:b5:c4:c3:b4:ce:c1:d7:50:
- ad:65:44:56:3f:d6:9a:1e:12:4c:18:d9:f7:c4:d9:
- d0:eb:5f:ee:d4:b8:1c:64:40:cb:cf:62:72:38:33:
- ab:d7:c5:bc:84:af:5e:5d:d2:df:51:0e:62:48:b5:
- 71:e8:74:c2:de:1c:59:fb:ad:ae:f9:9e:9a:7b:73:
- c7:ad:1a:43:9d:92:03:40:5c:b0:89:0a:79:e7:7a:
- a4:a9:fe:d2:a2:37:fb:30:b9:84:8b:af:4d:ae:d1:
- 68:36:dc:df:9c:f3:e9:84:b3:dc:41:97:cb:34:ea:
- 18:97:9f:d8:60:86:e2:8f:f1:9e:6b:6d:69:fe:78:
- 87:f9:5b:f5:4d:bf:5d:7e:29:c3:73:68:1d:9a:03:
- 5c:f7:34:fd:89:d9:70:59:e6:df:e3:64:55:21:a9:
- 23:d1
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 78:8A:3B:63:8C:10:54:23:2A:F6:61:5B:4E:8D:23:85:01:A5:3A:B8
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- 5f:0c:9b:ec:2f:d1:0f:96:91:e2:9c:3b:55:27:f0:56:5d:7c:
- 85:0c:8b:d3:03:d5:40:86:0e:9b:0b:d1:ce:f5:e6:ab:7a:ec:
- 18:17:e0:0f:56:03:c6:29:20:35:4a:bc:43:01:0b:c0:6e:77:
- 5d:33:c8:57:11:75:c3:d6:e4:fa:70:42:9c:0f:cd:33:75:ce:
- 68:3e:8b:2c:c1:19:07:5f:ab:00:8d:cc:b5:7e:bf:6d:ec:01:
- db:6a:5e:56:dd:2e:95:13:bb:4c:8e:ed:06:3e:50:c9:48:ad:
- 87:7d:1b:0b:54:b2:cb:70:cf:c3:15:19:fc:cf:57:05:3c:c8:
- e3:34:9f:e7:d1:57:65:5d:07:08:82:3e:2e:00:dc:02:ab:4a:
- ab:9d:f3:e1:37:c7:17:83:71:e0:c2:92:a8:5a:45:46:83:a2:
- 8b:c8:f4:41:cb:17:fb:dd:cd:ea:40:02:63:3d:a5:79:8c:f4:
- ea:3b:4c:d1:2c:1b:82:f1:ff:6a:d4:e4:dc:8c:b1:ff:8a:72:
- 00:f0:53:a1:c8:98:45:ac:22:7a:35:40:b8:fe:13:8a:9c:d1:
- b9:d6:74:31:08:30:db:03:a9:75:6c:75:48:96:ad:02:ce:a3:
- 22:2a:a9:a8:63:c9:7f:0b:25:0d:91:6c:3a:72:56:11:22:4c:
- 37:5f:3d:f9
------BEGIN CERTIFICATE-----
-MIIDVjCCAj6gAwIBAgIRAJgooWQEQlo/n0IL1kcgG74wDQYJKoZIhvcNAQELBQAw
-FjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjIwMTI3MTY1MzMyWhcNMzIwMTI1
-MTY1MzMyWjASMRAwDgYDVQQDDAdjc2xldmFpMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEA0axw5ImI2N/bzv4ehXkSvsP+eF2QITdMi/eDIYuv4BeDILk0
-9/SsrMNrb5RgscOCmFVKGWGJOmB1jJmGVQfgte5qYkEpOeTA0xQieB5MAv+aNjzV
-F6Io2GiczczMMg2stcTDtM7B11CtZURWP9aaHhJMGNn3xNnQ61/u1LgcZEDLz2Jy
-ODOr18W8hK9eXdLfUQ5iSLVx6HTC3hxZ+62u+Z6ae3PHrRpDnZIDQFywiQp553qk
-qf7Sojf7MLmEi69NrtFoNtzfnPPphLPcQZfLNOoYl5/YYIbij/Gea21p/niH+Vv1
-Tb9dfinDc2gdmgNc9zT9idlwWebf42RVIakj0QIDAQABo4GiMIGfMAkGA1UdEwQC
-MAAwHQYDVR0OBBYEFHiKO2OMEFQjKvZhW06NI4UBpTq4MFEGA1UdIwRKMEiAFElD
-W1L4MXi1hHR6jSfTIh+p1MKloRqkGDAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQYIU
-dc8xO6X2O5dKTboU0VjKk8vxf6UwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0P
-BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQBfDJvsL9EPlpHinDtVJ/BWXXyFDIvT
-A9VAhg6bC9HO9eareuwYF+APVgPGKSA1SrxDAQvAbnddM8hXEXXD1uT6cEKcD80z
-dc5oPosswRkHX6sAjcy1fr9t7AHbal5W3S6VE7tMju0GPlDJSK2HfRsLVLLLcM/D
-FRn8z1cFPMjjNJ/n0VdlXQcIgj4uANwCq0qrnfPhN8cXg3HgwpKoWkVGg6KLyPRB
-yxf73c3qQAJjPaV5jPTqO0zRLBuC8f9q1OTcjLH/inIA8FOhyJhFrCJ6NUC4/hOK
-nNG51nQxCDDbA6l1bHVIlq0CzqMiKqmoY8l/CyUNkWw6clYRIkw3Xz35
------END CERTIFICATE-----
-</cert>
-
-<key>
------BEGIN PRIVATE KEY-----
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDRrHDkiYjY39vO
-/h6FeRK+w/54XZAhN0yL94Mhi6/gF4MguTT39Kysw2tvlGCxw4KYVUoZYYk6YHWM
-mYZVB+C17mpiQSk55MDTFCJ4HkwC/5o2PNUXoijYaJzNzMwyDay1xMO0zsHXUK1l
-RFY/1poeEkwY2ffE2dDrX+7UuBxkQMvPYnI4M6vXxbyEr15d0t9RDmJItXHodMLe
-HFn7ra75npp7c8etGkOdkgNAXLCJCnnneqSp/tKiN/swuYSLr02u0Wg23N+c8+mE
-s9xBl8s06hiXn9hghuKP8Z5rbWn+eIf5W/VNv11+KcNzaB2aA1z3NP2J2XBZ5t/j
-ZFUhqSPRAgMBAAECggEBAMqSNJvH+Ou3E7GfODOx7pdZ2j/F/VrqB01u+0TspSX2
-8VwrM26f+DgNsX2it+zmvASa2jU9U4yP5uHI7cy3CLYcurFkzQS+6kDEQi0U8FEx
-S3c9PI9Rvu6d22jFhT6SkZsnmADWhNaWfn/JDx8sIcgN23FjHQsVec/95kuj+OIt
-LARLRmID+/Pu0KempNsL+4E+DXEsC5qARVAa/oZVoGmLLbYZXIie+LyXlph224lX
-2wVoOp7aCQ4BxlD7wVTq5mDEaGaFaYqZHzDRqzRX8V754caBNO8j7KsPPcsaZG4B
-ge7vMvIcEiF8IOB/JBw9IosH4xksaC+Ar6ynlMEnxDUCgYEA8DJQZgiXcg1L707/
-1zaRVRh85YHu5o4gCXexxHaEEhZUvUT8ZmehdFjajBrvp2yZsm6z8WUL2+sjn4gR
-yJA7+qr3FYMYvn7cl+hbDz2QHXRyG9sYWjhBPEvbrYpeC4pVEvrRNDuIG0L1T1ts
-JI/OtaIw9bYH42cVdSaiKvRZxPcCgYEA33gFnsoSvRakPHFitMHbyrhsKpgzWKt3
-HrpYyJiOkj7fHKHonSV8CeZeVV2QLbqkrwODAXewHFQRS8titFFXmWZGqqcxVJtj
-vTtCY7tsLBzXay56NZPN4EPV3JbX3+XBWKJF1c2clURm6iB3ev5B1terF8od89bC
-VMw/KTth03cCgYEA4eF/CCUmPsRQV7FEGWCglZTcx3xEbR7U8/JTA32sv9GuSPua
-HLdx9xckF0OxghI4C7vdjrJGz762Fm2Aw8sYDKhAikNpvqNQ0a5aC+AKKhj6wkVt
-BlMGzixMX0vTGykwzhN/L46YdYKnbMR903hFnTv0rO1NR8YGQNBfCuQVk4sCgYEA
-pnvra/5N8ZOBrgonKFVY4vF8nEshzciIiVr5NBD7/pZacCFrhE/d1h5LXzvCY18u
-u7hZDGnXyXMUI6yVj5MeOQmKUi8XQFo3903DyzthfofKMW7B21KPSaogFSRIFeU8
-o0TZ1ExHgKkiJwEjIn10HZQ1QhbxM61mv/gegiBcZEcCgYAVRURDfBPPfDRw6VrR
-WgeQX3I+N/dy6cFkBZLflpxdW9IgOAegEXRBYoTfyKXy6KHgGoJRePM1SDss2+mu
-ku8dBPBdOTIIoBhrRT0onwigoJaMerE9ipUglZnmu4ZtixH2w80VGXp4l08CUmgj
-VjgdFdDlKJ6ql29pDiiNvM27/A==
------END PRIVATE KEY-----
-</key>
-
-<tls-auth>
-#
-# 2048 bit OpenVPN static key
-#
------BEGIN OpenVPN Static key V1-----
-7a5f3c2dd505666b595d6a03a6d627e1
-9babefe23197dc2181a7d1c00b3f5fd6
-7f28ea49abf33ea7422e0ab63c9eae14
-261ce5c099dd27ae26ba9b70b87737fa
-313a21b5e9d99ae382649eb1d0344703
-5a3b99fb9a1cddf03a89aed78fd3be92
-37ba0fa96e49814ea45495148a6552b4
-5f85d6fcc38fe88fbf8f86e0a0e33894
-89c418f65d4c8fc04ca6e59c61024995
-50547f35e5a7985d6415a7304d9340fd
-9f7ff6bb6f063a745fc3d656f275e07c
-8486233627fb96b8d798fbe8d2f8171d
-afc8bf5677ebef7ab1d80c8495d7262b
-c20efbdcc8645b48b68d6a537d9fb3f3
-03e345699bea11b99d9ace6fa5cd1e1d
-5d0951970c379d3e0b28bcaf453c2700
------END OpenVPN Static key V1-----
-</tls-auth>
+++ /dev/null
-##############################################
-# Sample client-side OpenVPN 2.0 config file #
-# for connecting to multi-client server. #
-# #
-# This configuration can be used by multiple #
-# clients, however each client should have #
-# its own cert and key files. #
-# #
-# On Windows, you might want to rename this #
-# file so it has a .ovpn extension #
-##############################################
-
-# Specify that we are a client and that we
-# will be pulling certain config file directives
-# from the server.
-client
-
-# Use the same setting as you are using on
-# the server.
-# On most systems, the VPN will not function
-# unless you partially or fully disable
-# the firewall for the TUN/TAP interface.
-;dev tap
-dev tun
-
-# Windows needs the TAP-Win32 adapter name
-# from the Network Connections panel
-# if you have more than one. On XP SP2,
-# you may need to disable the firewall
-# for the TAP adapter.
-;dev-node MyTap
-
-# Are we connecting to a TCP or
-# UDP server? Use the same setting as
-# on the server.
-;proto tcp
-proto udp
-
-# The hostname/IP and port of the server.
-# You can have multiple remote entries
-# to load balance between the servers.
-remote vpn.userrendszerhaz.hu 1194
-
-# Choose a random host from the remote
-# list for load-balancing. Otherwise
-# try hosts in the order specified.
-;remote-random
-
-# Keep trying indefinitely to resolve the
-# host name of the OpenVPN server. Very useful
-# on machines which are not permanently connected
-# to the internet such as laptops.
-resolv-retry infinite
-
-# Most clients don't need to bind to
-# a specific local port number.
-nobind
-
-# Downgrade privileges after initialization (non-Windows only)
-user nobody
-group nobody
-
-# Try to preserve some state across restarts.
-persist-key
-persist-tun
-
-# If you are connecting through an
-# HTTP proxy to reach the actual OpenVPN
-# server, put the proxy server/IP and
-# port number here. See the man page
-# if your proxy server requires
-# authentication.
-;http-proxy-retry # retry on connection failures
-;http-proxy [proxy server] [proxy port #]
-
-# Wireless networks often produce a lot
-# of duplicate packets. Set this flag
-# to silence duplicate packet warnings.
-;mute-replay-warnings
-
-# SSL/TLS parms.
-# See the server config file for more
-# description. It's best to use
-# a separate .crt/.key file pair
-# for each client. A single ca
-# file can be used for all clients.
-;ca ca.crt
-;cert client.crt
-;key client.key
-
-# Verify server certificate by checking that the
-# certificate has the correct key usage set.
-# This is an important precaution to protect against
-# a potential attack discussed here:
-# http://openvpn.net/howto.html#mitm
-#
-# To use this feature, you will need to generate
-# your server certificates with the keyUsage set to
-# digitalSignature, keyEncipherment
-# and the extendedKeyUsage to
-# serverAuth
-# EasyRSA can do this for you.
-remote-cert-tls server
-
-# If a tls-auth key is used on the server
-# then every client must also have the key.
-;tls-auth ta.key 1
-key-direction 1
-
-# Select a cryptographic cipher.
-# If the cipher option is used on the server
-# then you must also specify it here.
-# Note that v2.4 client/server will automatically
-# negotiate AES-256-GCM in TLS mode.
-# See also the data-ciphers option in the manpage
-cipher AES-256-CBC
-
-# Enable compression on the VPN link.
-# Don't enable this unless it is also
-# enabled in the server config file.
-#comp-lzo
-
-# Set log file verbosity.
-verb 3
-
-# Silence repeating messages
-;mute 20
-
-<ca>
------BEGIN CERTIFICATE-----
-MIIDSzCCAjOgAwIBAgIUdc8xO6X2O5dKTboU0VjKk8vxf6UwDQYJKoZIhvcNAQEL
-BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjIwMTI3MTYyMjI1WhcNMzIw
-MTI1MTYyMjI1WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBANfUW/VYGBdUDdq3yGWMD7TDDoXNFX+FaESEj8ad
-KhU3aakSF2bltPSLV0OKh+6H0avL1sPwvgleI7mmHU3PnyOTt4Seeikhcx9ZMLTZ
-NJ5unObrnfCyTOrpg7oQGUfu/eYsF3wAxXkQp/CG3aq++eTc741V3HVoj8slPtqJ
-7wMPMWDOgqENgIitOYD5gA9iywoLthXsIrPtWKy2zo8kUTQ3KE61UOEUa1I9r+3X
-EMM25lCid8I4kPTRU4JMbFvFqM+q3EOhMXeLlzAj6bD0ebmndxUyJLvbDBC5Uk9Q
-4CJsMRFhXTZZVUeCdmzvt4iUBZXN1P9AeM9lYCw4ZOjIknECAwEAAaOBkDCBjTAd
-BgNVHQ4EFgQUSUNbUvgxeLWEdHqNJ9MiH6nUwqUwUQYDVR0jBEowSIAUSUNbUvgx
-eLWEdHqNJ9MiH6nUwqWhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghR1zzE7
-pfY7l0pNuhTRWMqTy/F/pTAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq
-hkiG9w0BAQsFAAOCAQEAn4m1/6ptyMlGlobrZJ1/zpFykrHdlsFU2JbfVKB1Cu3P
-Hz9rJ0ai3du++7TObktNkALQgMy+i6eGH6+EbLp9lazcRRdJPVhJIuhQX9hvzQfk
-F/mM5wRJd6Rg6Cy8SDp0KYPwOM74Xck9ukvIPxdWd6omgu0b0qpruc58P0AW2Tjk
-XIP5YnBTBQGmN7NUzrJ4zWLKEJbOOi/P47oqEwYBGaWquLBsCPq03oDMs8EsGTcO
-90k9S8vgrrZfW4jHfkOmmNepgvt3g4A3g7Y9qYKLQi6vBtDOpK8OWfD6kIXBxqNt
-uSXdVmSwgbCTdXsMU3aEnVEyvgnlw/Wz+tXo+gLb5w==
------END CERTIFICATE-----
-</ca>
-
-<cert>
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- ac:ba:23:20:4b:73:6c:f4:35:3c:08:0b:12:1b:ff:49
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:53:47 2022 GMT
- Not After : Jan 25 16:53:47 2032 GMT
- Subject: CN=dhorvath
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:c6:f8:1a:ee:a6:a6:42:b8:ae:3f:fc:45:c6:86:
- 81:17:81:74:f1:e2:eb:14:a6:22:5e:3a:44:33:0c:
- d9:a4:2b:64:62:f5:77:61:c1:97:56:42:ee:89:d0:
- 6d:61:a7:a1:59:65:7d:83:0e:97:7e:63:b4:ab:f7:
- 95:fd:18:c1:0b:2d:c3:de:66:7a:9a:75:cd:ef:1f:
- 0e:56:b5:c3:c8:45:78:68:f0:51:a1:30:75:9f:3e:
- b0:31:02:a7:d8:73:b5:eb:1c:6c:93:6a:c0:bb:3f:
- f7:ad:27:76:0e:86:55:f8:23:e5:d3:70:6e:23:9f:
- dc:94:f0:50:40:98:a9:8a:07:c7:e3:cb:e9:23:ca:
- 91:4d:01:49:db:8d:1a:ca:4c:f6:52:5b:b6:02:15:
- 69:b3:20:6a:33:c0:61:52:bc:d5:1d:ac:f4:6a:8e:
- cc:a9:fb:36:8f:8b:21:db:91:f8:3a:11:d4:cd:c7:
- d6:c7:cd:41:17:cd:91:49:0b:40:21:8d:13:a2:ee:
- fa:59:d3:60:55:f8:8e:bb:6b:2b:0e:f7:af:61:a7:
- 6b:88:c1:03:4d:73:4d:e3:c0:e2:17:b1:2c:9d:78:
- 78:1c:9e:e9:f8:0c:2c:64:68:b4:c1:4a:43:47:f4:
- 87:91:06:f9:00:fd:76:00:41:09:58:b5:a2:b8:af:
- b7:05
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- CF:44:3C:7F:23:15:9C:76:59:D3:47:32:F3:05:35:6E:23:A0:3B:C7
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- 41:c4:86:a3:f5:3b:0d:5e:b2:78:78:b1:18:80:65:4d:02:06:
- ba:f5:3b:49:5d:09:13:a9:7d:e2:6e:f2:a3:ea:e0:27:78:8c:
- 41:63:85:f5:8b:11:86:89:f4:83:d4:2a:91:22:26:b9:68:11:
- 3a:2a:74:df:3c:ea:d5:3b:bc:e9:d8:c6:1b:01:6d:3d:db:43:
- bb:eb:6b:76:2c:fe:d9:ec:d1:d6:3d:c1:f2:59:27:29:17:cc:
- 6a:be:da:b3:cd:c7:6f:b6:5d:1e:49:a5:4b:d5:c0:87:fc:7a:
- a6:40:67:e4:1e:5b:93:01:51:be:f9:33:7e:cb:29:4a:4f:55:
- 52:09:66:f1:b9:b3:98:99:59:f8:24:50:09:80:51:21:76:47:
- 93:c1:f7:c2:83:32:9c:a8:da:63:1b:cf:85:3a:99:9d:43:22:
- af:76:94:b0:50:18:7c:bf:c4:16:55:09:79:90:2c:41:ee:84:
- ac:b5:f1:26:d7:b3:23:38:95:28:e0:66:3e:ae:11:61:72:cf:
- a2:e7:c4:58:d9:14:52:a7:da:0a:6b:2b:94:7e:b5:66:57:8e:
- 54:40:df:57:09:5e:61:7f:7e:dd:71:fa:a7:23:06:18:c1:2d:
- ff:8d:90:f2:b0:8d:5a:0a:7e:ae:64:d3:bb:ae:48:29:24:ea:
- 39:9f:cf:0d
------BEGIN CERTIFICATE-----
-MIIDVzCCAj+gAwIBAgIRAKy6IyBLc2z0NTwICxIb/0kwDQYJKoZIhvcNAQELBQAw
-FjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjIwMTI3MTY1MzQ3WhcNMzIwMTI1
-MTY1MzQ3WjATMREwDwYDVQQDDAhkaG9ydmF0aDCCASIwDQYJKoZIhvcNAQEBBQAD
-ggEPADCCAQoCggEBAMb4Gu6mpkK4rj/8RcaGgReBdPHi6xSmIl46RDMM2aQrZGL1
-d2HBl1ZC7onQbWGnoVllfYMOl35jtKv3lf0YwQstw95mepp1ze8fDla1w8hFeGjw
-UaEwdZ8+sDECp9hztescbJNqwLs/960ndg6GVfgj5dNwbiOf3JTwUECYqYoHx+PL
-6SPKkU0BSduNGspM9lJbtgIVabMgajPAYVK81R2s9GqOzKn7No+LIduR+DoR1M3H
-1sfNQRfNkUkLQCGNE6Lu+lnTYFX4jrtrKw73r2Gna4jBA01zTePA4hexLJ14eBye
-6fgMLGRotMFKQ0f0h5EG+QD9dgBBCVi1orivtwUCAwEAAaOBojCBnzAJBgNVHRME
-AjAAMB0GA1UdDgQWBBTPRDx/IxWcdlnTRzLzBTVuI6A7xzBRBgNVHSMESjBIgBRJ
-Q1tS+DF4tYR0eo0n0yIfqdTCpaEapBgwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0GC
-FHXPMTul9juXSk26FNFYypPL8X+lMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1Ud
-DwQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAQcSGo/U7DV6yeHixGIBlTQIGuvU7
-SV0JE6l94m7yo+rgJ3iMQWOF9YsRhon0g9QqkSImuWgROip03zzq1Tu86djGGwFt
-PdtDu+trdiz+2ezR1j3B8lknKRfMar7as83Hb7ZdHkmlS9XAh/x6pkBn5B5bkwFR
-vvkzfsspSk9VUglm8bmzmJlZ+CRQCYBRIXZHk8H3woMynKjaYxvPhTqZnUMir3aU
-sFAYfL/EFlUJeZAsQe6ErLXxJtezIziVKOBmPq4RYXLPoufEWNkUUqfaCmsrlH61
-ZleOVEDfVwleYX9+3XH6pyMGGMEt/42Q8rCNWgp+rmTTu65IKSTqOZ/PDQ==
------END CERTIFICATE-----
-</cert>
-
-<key>
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDG+BrupqZCuK4/
-/EXGhoEXgXTx4usUpiJeOkQzDNmkK2Ri9XdhwZdWQu6J0G1hp6FZZX2DDpd+Y7Sr
-95X9GMELLcPeZnqadc3vHw5WtcPIRXho8FGhMHWfPrAxAqfYc7XrHGyTasC7P/et
-J3YOhlX4I+XTcG4jn9yU8FBAmKmKB8fjy+kjypFNAUnbjRrKTPZSW7YCFWmzIGoz
-wGFSvNUdrPRqjsyp+zaPiyHbkfg6EdTNx9bHzUEXzZFJC0AhjROi7vpZ02BV+I67
-aysO969hp2uIwQNNc03jwOIXsSydeHgcnun4DCxkaLTBSkNH9IeRBvkA/XYAQQlY
-taK4r7cFAgMBAAECggEASv6tOBK8TB3MH/X4XtHHypJS//El5kyQW6/ekNdhGU35
-sosPClurrSnhOzTCZbKHUGi+nC1d0JfIO6FAeXthF9OSJju+LoYErwKnpusv9kap
-EfSy7+ySCQnZ4z87AIzsnsfB7Pap2mpL8ooTJ3pe4P6227Fe8jKJM+I4fYCNNqb5
-3pCvUQ7ajpnhVwzrmJ68JzQMAHNr1mOwjd5PZIJFt+Qr5JrkNfhbRmK7fdEGwD4d
-lW0vZcj0Dbi48ohVlv+8vY7T2Gmv+1CrPMZOIGdKM+FdSAWPSPwVno/6+OqEMP8g
-QKP5BvBsLUg+YmRqNOga0lCZ33aau67DKkq79zlzKQKBgQDqugIWvdb6G4p1HKJq
-IfLZ7cPFmZKQSKQESncNAXLZqPSE45U5XWsLiS+LemSGE+CAiiuOg54Iw0fbijuu
-w7x5ek5GB2oC8nDoEKUBMq28eWcSAVt4DjZdfTzMcHDavpdfxe9EkUYBVMwP8rDj
-4r/xV572rttqUZ2t65ZGFf6NkwKBgQDZAHk8e2b7b1nFtYEES81dua0RdndnqvO2
-yvl5w0qUuxxXpEEN+UFUg0JNOmRN96F24g+ZYcy/Vts+XXvkMuAWh0WixiK5DeD/
-7HExpYNl440B0Xy5Vp/s3sIAS49cgjcz/a6HwJcV4YgAyYNAKqtAiMFnKEe0ZcRY
-iMYBOsXIBwKBgEmgcPlLMPyg2OxlP/jEj1WWhBseUd/aOUBzTyaQNsNZgOGSNYOZ
-7vLeZEB+8rsvzvLi5Ei+tjqPbqHJmXD3Ss5b8+N5feJQw+O3HNrkV6TP++mk7Vka
-NCldGE4UUwH6WKcdAjFi1C+ktqGmAaBpxsVgM6ezL3YJBcnBJRD04zTrAoGAYZ5u
-66Bv4WhkMCbIlVAsYJ9oldR/PqmO3YpN1FLgOCw8QcjoYwrgMs6hgvBjsxdVEY/8
-iHmQi/rcwh933l5spHXSA7myYSE3OKn6+eSFSc6l3k2JGC853msPRua25VzGzKKw
-Yu1mijdc4U3Ft5X6WButNWTPbP3i6BkPSfpQgv0CgYEAkhDKG+xABN8XvLocvlg+
-vGofIprLK03A+rvegZAT9/JlmEqaEbdvBSiaCGQNHdy+k6xdAFnsrMzVIL1cDLKv
-u/ncsR/kdVZ5b/5uaJrtixkuYZVJdYEs5CabJc6aeRsHD5Slb1Z7/v8FB2wjQPRx
-lvV2jdeuwJ37WIetVS/tqkw=
------END PRIVATE KEY-----
-</key>
-
-<tls-auth>
-#
-# 2048 bit OpenVPN static key
-#
------BEGIN OpenVPN Static key V1-----
-7a5f3c2dd505666b595d6a03a6d627e1
-9babefe23197dc2181a7d1c00b3f5fd6
-7f28ea49abf33ea7422e0ab63c9eae14
-261ce5c099dd27ae26ba9b70b87737fa
-313a21b5e9d99ae382649eb1d0344703
-5a3b99fb9a1cddf03a89aed78fd3be92
-37ba0fa96e49814ea45495148a6552b4
-5f85d6fcc38fe88fbf8f86e0a0e33894
-89c418f65d4c8fc04ca6e59c61024995
-50547f35e5a7985d6415a7304d9340fd
-9f7ff6bb6f063a745fc3d656f275e07c
-8486233627fb96b8d798fbe8d2f8171d
-afc8bf5677ebef7ab1d80c8495d7262b
-c20efbdcc8645b48b68d6a537d9fb3f3
-03e345699bea11b99d9ace6fa5cd1e1d
-5d0951970c379d3e0b28bcaf453c2700
------END OpenVPN Static key V1-----
-</tls-auth>
+++ /dev/null
-##############################################
-# Sample client-side OpenVPN 2.0 config file #
-# for connecting to multi-client server. #
-# #
-# This configuration can be used by multiple #
-# clients, however each client should have #
-# its own cert and key files. #
-# #
-# On Windows, you might want to rename this #
-# file so it has a .ovpn extension #
-##############################################
-
-# Specify that we are a client and that we
-# will be pulling certain config file directives
-# from the server.
-client
-
-# Use the same setting as you are using on
-# the server.
-# On most systems, the VPN will not function
-# unless you partially or fully disable
-# the firewall for the TUN/TAP interface.
-;dev tap
-dev tun
-
-# Windows needs the TAP-Win32 adapter name
-# from the Network Connections panel
-# if you have more than one. On XP SP2,
-# you may need to disable the firewall
-# for the TAP adapter.
-;dev-node MyTap
-
-# Are we connecting to a TCP or
-# UDP server? Use the same setting as
-# on the server.
-;proto tcp
-proto udp
-
-# The hostname/IP and port of the server.
-# You can have multiple remote entries
-# to load balance between the servers.
-remote vpn.userrendszerhaz.hu 1194
-
-# Choose a random host from the remote
-# list for load-balancing. Otherwise
-# try hosts in the order specified.
-;remote-random
-
-# Keep trying indefinitely to resolve the
-# host name of the OpenVPN server. Very useful
-# on machines which are not permanently connected
-# to the internet such as laptops.
-resolv-retry infinite
-
-# Most clients don't need to bind to
-# a specific local port number.
-nobind
-
-# Downgrade privileges after initialization (non-Windows only)
-user nobody
-group nobody
-
-# Try to preserve some state across restarts.
-persist-key
-persist-tun
-
-# If you are connecting through an
-# HTTP proxy to reach the actual OpenVPN
-# server, put the proxy server/IP and
-# port number here. See the man page
-# if your proxy server requires
-# authentication.
-;http-proxy-retry # retry on connection failures
-;http-proxy [proxy server] [proxy port #]
-
-# Wireless networks often produce a lot
-# of duplicate packets. Set this flag
-# to silence duplicate packet warnings.
-;mute-replay-warnings
-
-# SSL/TLS parms.
-# See the server config file for more
-# description. It's best to use
-# a separate .crt/.key file pair
-# for each client. A single ca
-# file can be used for all clients.
-;ca ca.crt
-;cert client.crt
-;key client.key
-
-# Verify server certificate by checking that the
-# certificate has the correct key usage set.
-# This is an important precaution to protect against
-# a potential attack discussed here:
-# http://openvpn.net/howto.html#mitm
-#
-# To use this feature, you will need to generate
-# your server certificates with the keyUsage set to
-# digitalSignature, keyEncipherment
-# and the extendedKeyUsage to
-# serverAuth
-# EasyRSA can do this for you.
-remote-cert-tls server
-
-# If a tls-auth key is used on the server
-# then every client must also have the key.
-;tls-auth ta.key 1
-key-direction 1
-
-# Select a cryptographic cipher.
-# If the cipher option is used on the server
-# then you must also specify it here.
-# Note that v2.4 client/server will automatically
-# negotiate AES-256-GCM in TLS mode.
-# See also the data-ciphers option in the manpage
-cipher AES-256-CBC
-
-# Enable compression on the VPN link.
-# Don't enable this unless it is also
-# enabled in the server config file.
-#comp-lzo
-
-# Set log file verbosity.
-verb 3
-
-# Silence repeating messages
-;mute 20
-
-<ca>
------BEGIN CERTIFICATE-----
-MIIDSzCCAjOgAwIBAgIUdc8xO6X2O5dKTboU0VjKk8vxf6UwDQYJKoZIhvcNAQEL
-BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjIwMTI3MTYyMjI1WhcNMzIw
-MTI1MTYyMjI1WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBANfUW/VYGBdUDdq3yGWMD7TDDoXNFX+FaESEj8ad
-KhU3aakSF2bltPSLV0OKh+6H0avL1sPwvgleI7mmHU3PnyOTt4Seeikhcx9ZMLTZ
-NJ5unObrnfCyTOrpg7oQGUfu/eYsF3wAxXkQp/CG3aq++eTc741V3HVoj8slPtqJ
-7wMPMWDOgqENgIitOYD5gA9iywoLthXsIrPtWKy2zo8kUTQ3KE61UOEUa1I9r+3X
-EMM25lCid8I4kPTRU4JMbFvFqM+q3EOhMXeLlzAj6bD0ebmndxUyJLvbDBC5Uk9Q
-4CJsMRFhXTZZVUeCdmzvt4iUBZXN1P9AeM9lYCw4ZOjIknECAwEAAaOBkDCBjTAd
-BgNVHQ4EFgQUSUNbUvgxeLWEdHqNJ9MiH6nUwqUwUQYDVR0jBEowSIAUSUNbUvgx
-eLWEdHqNJ9MiH6nUwqWhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghR1zzE7
-pfY7l0pNuhTRWMqTy/F/pTAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq
-hkiG9w0BAQsFAAOCAQEAn4m1/6ptyMlGlobrZJ1/zpFykrHdlsFU2JbfVKB1Cu3P
-Hz9rJ0ai3du++7TObktNkALQgMy+i6eGH6+EbLp9lazcRRdJPVhJIuhQX9hvzQfk
-F/mM5wRJd6Rg6Cy8SDp0KYPwOM74Xck9ukvIPxdWd6omgu0b0qpruc58P0AW2Tjk
-XIP5YnBTBQGmN7NUzrJ4zWLKEJbOOi/P47oqEwYBGaWquLBsCPq03oDMs8EsGTcO
-90k9S8vgrrZfW4jHfkOmmNepgvt3g4A3g7Y9qYKLQi6vBtDOpK8OWfD6kIXBxqNt
-uSXdVmSwgbCTdXsMU3aEnVEyvgnlw/Wz+tXo+gLb5w==
------END CERTIFICATE-----
-</ca>
-
-<cert>
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- d0:00:c3:68:db:1f:1a:36:3a:cd:08:ff:f2:13:d8:e9
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:54:00 2022 GMT
- Not After : Jan 25 16:54:00 2032 GMT
- Subject: CN=dvasary
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:b4:d9:2e:da:28:56:77:92:4d:fd:38:96:a6:8d:
- c4:0a:44:75:dc:ff:81:ee:9e:0d:af:9b:7b:ed:5e:
- 5f:03:be:33:5e:af:54:e1:e8:b8:0e:9c:83:62:24:
- ce:94:0c:e5:d0:8a:90:41:5f:72:4f:a3:b0:27:9c:
- 73:32:52:1f:8c:9d:d9:52:db:ce:91:85:db:0e:c6:
- 71:f0:fe:42:6f:06:11:76:16:32:45:22:f0:37:72:
- d8:87:d2:f4:15:ad:77:b5:e2:a7:50:81:80:57:87:
- 2f:84:f4:9d:9c:5a:b6:47:61:2e:42:f5:59:4a:f8:
- b1:de:2f:c3:bb:4a:69:57:61:6d:d2:a6:9c:bd:ee:
- 91:2d:fc:8e:68:5f:62:b8:c6:6f:0d:29:7c:2c:26:
- 17:96:8a:42:45:29:93:49:e9:71:3b:df:11:54:c5:
- 19:47:11:be:48:42:5d:df:e7:39:0d:59:06:79:a7:
- 5d:68:fd:ff:63:d4:d5:f2:a4:77:b3:46:c2:7c:9d:
- bf:10:57:73:da:03:c0:82:4c:6c:55:37:1e:64:68:
- d0:96:f3:9e:02:f9:c5:52:73:dc:15:57:81:2e:0f:
- 01:98:29:bc:cf:a1:8e:fa:58:e8:05:98:3b:4c:73:
- 65:06:e5:f9:be:25:9a:e2:e9:33:be:86:5f:16:8a:
- fc:f9
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- D0:78:94:E1:01:5B:22:6C:03:1E:7C:BC:CA:35:8D:58:BC:31:78:82
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- cb:3e:27:5c:98:9f:19:d3:e3:e6:9b:13:23:fc:6d:06:62:1f:
- 80:6e:95:f3:67:02:a0:9e:a0:71:fd:c2:08:c4:a3:ed:61:44:
- 5e:3e:d7:fa:a2:53:ca:97:44:97:8a:e3:e5:e4:c6:b0:b7:cc:
- 46:aa:5d:32:71:7b:0c:e7:ac:e8:c3:65:9e:45:bf:39:4a:d1:
- fe:20:4f:1b:8e:88:f3:9d:82:3b:99:0d:95:53:da:ed:db:60:
- 68:79:31:c3:11:f5:63:e9:74:1a:8d:15:8d:e7:0e:ff:0f:8f:
- a1:e0:82:ad:42:cd:6d:2c:73:93:a8:fc:c3:c7:37:24:f5:44:
- 51:c9:3d:28:67:6c:a3:3b:11:3c:f2:5e:45:a8:cc:09:21:f7:
- 3a:be:aa:53:c6:4f:90:65:83:df:3d:1b:01:c5:a8:95:f0:d3:
- da:b0:e4:9a:d5:ed:c5:f6:2e:78:38:39:ba:78:db:53:d6:0a:
- e4:5d:e7:59:7d:81:a1:1d:81:96:ef:28:26:0a:8d:73:9c:60:
- e3:6c:02:c3:95:cf:93:6f:e5:c0:49:b9:eb:8f:5e:02:19:83:
- 5a:50:d9:6b:9d:0d:01:80:06:ba:96:2d:e0:82:4a:5b:02:53:
- 37:36:a6:41:5d:34:1d:9a:96:86:ae:46:cf:74:f7:49:dd:cd:
- 93:eb:81:23
------BEGIN CERTIFICATE-----
-MIIDVjCCAj6gAwIBAgIRANAAw2jbHxo2Os0I//IT2OkwDQYJKoZIhvcNAQELBQAw
-FjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjIwMTI3MTY1NDAwWhcNMzIwMTI1
-MTY1NDAwWjASMRAwDgYDVQQDDAdkdmFzYXJ5MIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEAtNku2ihWd5JN/TiWpo3ECkR13P+B7p4Nr5t77V5fA74zXq9U
-4ei4DpyDYiTOlAzl0IqQQV9yT6OwJ5xzMlIfjJ3ZUtvOkYXbDsZx8P5CbwYRdhYy
-RSLwN3LYh9L0Fa13teKnUIGAV4cvhPSdnFq2R2EuQvVZSvix3i/Du0ppV2Ft0qac
-ve6RLfyOaF9iuMZvDSl8LCYXlopCRSmTSelxO98RVMUZRxG+SEJd3+c5DVkGeadd
-aP3/Y9TV8qR3s0bCfJ2/EFdz2gPAgkxsVTceZGjQlvOeAvnFUnPcFVeBLg8BmCm8
-z6GO+ljoBZg7THNlBuX5viWa4ukzvoZfFor8+QIDAQABo4GiMIGfMAkGA1UdEwQC
-MAAwHQYDVR0OBBYEFNB4lOEBWyJsAx58vMo1jVi8MXiCMFEGA1UdIwRKMEiAFElD
-W1L4MXi1hHR6jSfTIh+p1MKloRqkGDAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQYIU
-dc8xO6X2O5dKTboU0VjKk8vxf6UwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0P
-BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQDLPidcmJ8Z0+PmmxMj/G0GYh+AbpXz
-ZwKgnqBx/cIIxKPtYURePtf6olPKl0SXiuPl5Mawt8xGql0ycXsM56zow2WeRb85
-StH+IE8bjojznYI7mQ2VU9rt22BoeTHDEfVj6XQajRWN5w7/D4+h4IKtQs1tLHOT
-qPzDxzck9URRyT0oZ2yjOxE88l5FqMwJIfc6vqpTxk+QZYPfPRsBxaiV8NPasOSa
-1e3F9i54ODm6eNtT1grkXedZfYGhHYGW7ygmCo1znGDjbALDlc+Tb+XASbnrj14C
-GYNaUNlrnQ0BgAa6li3ggkpbAlM3NqZBXTQdmpaGrkbPdPdJ3c2T64Ej
------END CERTIFICATE-----
-</cert>
-
-<key>
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC02S7aKFZ3kk39
-OJamjcQKRHXc/4Hung2vm3vtXl8DvjNer1Th6LgOnINiJM6UDOXQipBBX3JPo7An
-nHMyUh+MndlS286RhdsOxnHw/kJvBhF2FjJFIvA3ctiH0vQVrXe14qdQgYBXhy+E
-9J2cWrZHYS5C9VlK+LHeL8O7SmlXYW3Sppy97pEt/I5oX2K4xm8NKXwsJheWikJF
-KZNJ6XE73xFUxRlHEb5IQl3f5zkNWQZ5p11o/f9j1NXypHezRsJ8nb8QV3PaA8CC
-TGxVNx5kaNCW854C+cVSc9wVV4EuDwGYKbzPoY76WOgFmDtMc2UG5fm+JZri6TO+
-hl8Wivz5AgMBAAECggEANUs/TFjQymHaC8JOWvyyBdiQ5zSApMH9BIAMcDH8TA0T
-9FY07HH5M40aBqUUH3sBioga5Ljs5d01/yZSqESdOYIW1h0iba4FlQAT+dHj3/Xo
-1WTLIaafJaf5eWVIOs8o1PfbGJVhLeoPrd2sSLROvRA9YswMqVRKjlCDHMFb87yq
-Cuwa/YEIxGYI0OLMPdDXMOwcXL2iy4oHm7rOjpwakB4nJypKDVRPCutC1uAN7sHn
-q9Z/NXRfe6SYqq62LWlSWm90u7ESEUem1BkUL8F+yd+xL86gA0eBGT1IIXdm1QPk
-CNjVxjqEM0BF55Qavjw2xZGb9Yf0YM+1sLCxyB5ZtQKBgQDs1Ig3nIVTj6VXTQDq
-yGgiqloRDwLPa6e5zG98z69dH25hlJjsiWVvZ0NVMEiLhhLr3UtMs96wunqqGKc9
-AOH/3v/hVaPH2px6EPP9ASV8YgSxMPHSVNc49pTkJ1xCuxeGovem19VrggWNznlW
-+kGaHAPOE8i0QTa6usUPj2+RXwKBgQDDfKAjp4cxsj1TJJmPHUa69wpcbcvlTpjY
-RZUWoYiMOlWujbDAaQUS9jorSzm28TMCtwAm+iKRo/TNwvWs9MGhTuwfkQeblTtm
-C/hRGF8Cm/X7v4/84p6BzDs1FGov4D9MBjDRfXk1JHdWqjQHpFn+9fW6efgHdHSh
-R26C/MXYpwKBgHl4cP2FDGVVkgp69nN1ouPU2ClTt69HmlmT38L2iw2KZ4UpQF5i
-AmLnZgO1ph/Z/q53bH3E6/1dSDkiN/T0FPa2HCwpTr3dBNEfDOXBxsZLR/jSD9Y/
-qbwPzUJQZePcLi7iO3+ZyF9B6zNWqanQ5gDzSYhTYWgC4t1XmmdmvGSlAoGAXIfo
-ERhiQN66cll3qitUaHk42UlLYu4SIQTGriClzqJqHiaJTHopYbFVFVsVJYgD+jv/
-AXQS2tc9sAuhWE2+PYlq8QIoFLfNlt8BmfksN8L060XgdPYbyxqNx/Ey1hiSPX0M
-rIx0y/fH2SjVWeysgKeRucOz6GtyLUjvgWb+iy8CgYEA620weTdaFfnoGojrDrOM
-e2wl+ll86GX9OXRS2mkUSgg9AOYTl15ik94U8+QBA6W1QDT7k7rCDr/NDlUnmPO9
-l2hzCnYbrE4Cqs63N0sGb8dHdwzBDG2f4txrfUotL5wb9NqJeV1yg21WKV2bhiPo
-7XDtHqlGenpGP/D54L1amIk=
------END PRIVATE KEY-----
-</key>
-
-<tls-auth>
-#
-# 2048 bit OpenVPN static key
-#
------BEGIN OpenVPN Static key V1-----
-7a5f3c2dd505666b595d6a03a6d627e1
-9babefe23197dc2181a7d1c00b3f5fd6
-7f28ea49abf33ea7422e0ab63c9eae14
-261ce5c099dd27ae26ba9b70b87737fa
-313a21b5e9d99ae382649eb1d0344703
-5a3b99fb9a1cddf03a89aed78fd3be92
-37ba0fa96e49814ea45495148a6552b4
-5f85d6fcc38fe88fbf8f86e0a0e33894
-89c418f65d4c8fc04ca6e59c61024995
-50547f35e5a7985d6415a7304d9340fd
-9f7ff6bb6f063a745fc3d656f275e07c
-8486233627fb96b8d798fbe8d2f8171d
-afc8bf5677ebef7ab1d80c8495d7262b
-c20efbdcc8645b48b68d6a537d9fb3f3
-03e345699bea11b99d9ace6fa5cd1e1d
-5d0951970c379d3e0b28bcaf453c2700
------END OpenVPN Static key V1-----
-</tls-auth>
+++ /dev/null
-##############################################
-# Sample client-side OpenVPN 2.0 config file #
-# for connecting to multi-client server. #
-# #
-# This configuration can be used by multiple #
-# clients, however each client should have #
-# its own cert and key files. #
-# #
-# On Windows, you might want to rename this #
-# file so it has a .ovpn extension #
-##############################################
-
-# Specify that we are a client and that we
-# will be pulling certain config file directives
-# from the server.
-client
-
-# Use the same setting as you are using on
-# the server.
-# On most systems, the VPN will not function
-# unless you partially or fully disable
-# the firewall for the TUN/TAP interface.
-;dev tap
-dev tun
-
-# Windows needs the TAP-Win32 adapter name
-# from the Network Connections panel
-# if you have more than one. On XP SP2,
-# you may need to disable the firewall
-# for the TAP adapter.
-;dev-node MyTap
-
-# Are we connecting to a TCP or
-# UDP server? Use the same setting as
-# on the server.
-;proto tcp
-proto udp
-
-# The hostname/IP and port of the server.
-# You can have multiple remote entries
-# to load balance between the servers.
-remote vpn.userrendszerhaz.hu 1194
-
-# Choose a random host from the remote
-# list for load-balancing. Otherwise
-# try hosts in the order specified.
-;remote-random
-
-# Keep trying indefinitely to resolve the
-# host name of the OpenVPN server. Very useful
-# on machines which are not permanently connected
-# to the internet such as laptops.
-resolv-retry infinite
-
-# Most clients don't need to bind to
-# a specific local port number.
-nobind
-
-# Downgrade privileges after initialization (non-Windows only)
-user nobody
-group nobody
-
-# Try to preserve some state across restarts.
-persist-key
-persist-tun
-
-# If you are connecting through an
-# HTTP proxy to reach the actual OpenVPN
-# server, put the proxy server/IP and
-# port number here. See the man page
-# if your proxy server requires
-# authentication.
-;http-proxy-retry # retry on connection failures
-;http-proxy [proxy server] [proxy port #]
-
-# Wireless networks often produce a lot
-# of duplicate packets. Set this flag
-# to silence duplicate packet warnings.
-;mute-replay-warnings
-
-# SSL/TLS parms.
-# See the server config file for more
-# description. It's best to use
-# a separate .crt/.key file pair
-# for each client. A single ca
-# file can be used for all clients.
-;ca ca.crt
-;cert client.crt
-;key client.key
-
-# Verify server certificate by checking that the
-# certificate has the correct key usage set.
-# This is an important precaution to protect against
-# a potential attack discussed here:
-# http://openvpn.net/howto.html#mitm
-#
-# To use this feature, you will need to generate
-# your server certificates with the keyUsage set to
-# digitalSignature, keyEncipherment
-# and the extendedKeyUsage to
-# serverAuth
-# EasyRSA can do this for you.
-remote-cert-tls server
-
-# If a tls-auth key is used on the server
-# then every client must also have the key.
-;tls-auth ta.key 1
-key-direction 1
-
-# Select a cryptographic cipher.
-# If the cipher option is used on the server
-# then you must also specify it here.
-# Note that v2.4 client/server will automatically
-# negotiate AES-256-GCM in TLS mode.
-# See also the data-ciphers option in the manpage
-cipher AES-256-CBC
-
-# Enable compression on the VPN link.
-# Don't enable this unless it is also
-# enabled in the server config file.
-#comp-lzo
-
-# Set log file verbosity.
-verb 3
-
-# Silence repeating messages
-;mute 20
-
-<ca>
------BEGIN CERTIFICATE-----
-MIIDSzCCAjOgAwIBAgIUdc8xO6X2O5dKTboU0VjKk8vxf6UwDQYJKoZIhvcNAQEL
-BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjIwMTI3MTYyMjI1WhcNMzIw
-MTI1MTYyMjI1WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBANfUW/VYGBdUDdq3yGWMD7TDDoXNFX+FaESEj8ad
-KhU3aakSF2bltPSLV0OKh+6H0avL1sPwvgleI7mmHU3PnyOTt4Seeikhcx9ZMLTZ
-NJ5unObrnfCyTOrpg7oQGUfu/eYsF3wAxXkQp/CG3aq++eTc741V3HVoj8slPtqJ
-7wMPMWDOgqENgIitOYD5gA9iywoLthXsIrPtWKy2zo8kUTQ3KE61UOEUa1I9r+3X
-EMM25lCid8I4kPTRU4JMbFvFqM+q3EOhMXeLlzAj6bD0ebmndxUyJLvbDBC5Uk9Q
-4CJsMRFhXTZZVUeCdmzvt4iUBZXN1P9AeM9lYCw4ZOjIknECAwEAAaOBkDCBjTAd
-BgNVHQ4EFgQUSUNbUvgxeLWEdHqNJ9MiH6nUwqUwUQYDVR0jBEowSIAUSUNbUvgx
-eLWEdHqNJ9MiH6nUwqWhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghR1zzE7
-pfY7l0pNuhTRWMqTy/F/pTAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq
-hkiG9w0BAQsFAAOCAQEAn4m1/6ptyMlGlobrZJ1/zpFykrHdlsFU2JbfVKB1Cu3P
-Hz9rJ0ai3du++7TObktNkALQgMy+i6eGH6+EbLp9lazcRRdJPVhJIuhQX9hvzQfk
-F/mM5wRJd6Rg6Cy8SDp0KYPwOM74Xck9ukvIPxdWd6omgu0b0qpruc58P0AW2Tjk
-XIP5YnBTBQGmN7NUzrJ4zWLKEJbOOi/P47oqEwYBGaWquLBsCPq03oDMs8EsGTcO
-90k9S8vgrrZfW4jHfkOmmNepgvt3g4A3g7Y9qYKLQi6vBtDOpK8OWfD6kIXBxqNt
-uSXdVmSwgbCTdXsMU3aEnVEyvgnlw/Wz+tXo+gLb5w==
------END CERTIFICATE-----
-</ca>
-
-<cert>
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- dd:3f:8e:ec:40:23:98:27:3e:6e:03:0d:a4:c4:94:43
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:54:12 2022 GMT
- Not After : Jan 25 16:54:12 2032 GMT
- Subject: CN=fritter
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:d2:58:d1:a5:05:3c:bd:ed:ca:7c:f3:0b:96:d1:
- 01:db:c5:61:64:ed:9c:2e:23:0f:9d:94:cc:dc:ff:
- 84:4b:20:ce:9d:1f:f6:f2:20:b8:1b:7c:87:1a:6a:
- f7:8e:5f:cf:b0:3b:0b:f5:8a:2c:84:fb:35:63:3f:
- ae:4f:54:ce:8f:b5:3c:76:ee:b4:6e:3d:e9:39:13:
- 4b:0f:03:64:32:a1:2f:4f:12:c7:91:db:5e:09:93:
- 92:2e:9e:7e:7d:bd:1c:00:f8:f2:12:48:e0:57:0d:
- 8a:7a:8b:d4:68:6f:3e:19:6f:86:d8:91:97:11:5f:
- db:52:5e:53:4b:62:92:56:d6:e3:02:68:6d:40:7f:
- ce:4b:28:b5:c1:9d:7d:87:5c:0a:b5:33:f5:a3:a0:
- 1a:a8:a6:1c:24:a8:33:a0:36:59:e6:3c:ce:aa:90:
- d1:74:68:59:4d:6a:da:c3:7a:90:74:44:af:b3:e6:
- 3f:82:86:9a:bb:a5:03:7c:79:92:ef:f9:fd:e2:09:
- 46:b7:2c:57:df:f0:1d:4b:8b:a8:e3:5d:29:7b:40:
- 4b:b0:63:e9:9b:aa:f3:26:70:94:81:4d:29:44:55:
- 97:b6:75:3c:e3:be:ca:a4:5b:8b:9e:a9:04:d1:d7:
- 45:72:95:ed:cd:62:20:aa:0f:2f:06:ca:59:2b:1f:
- fe:05
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 38:5F:64:D8:70:65:7B:A2:3F:85:A7:10:E8:23:47:ED:0B:22:89:1A
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- 0b:9e:0b:ac:0c:d5:88:a3:4b:66:cf:2d:a4:ed:7f:e3:32:94:
- 5d:c6:20:33:20:50:cb:51:12:7b:cc:a6:61:43:bf:22:39:95:
- f9:15:c8:5a:ba:82:07:92:d4:b8:11:34:47:17:7b:00:b4:40:
- 32:d6:c9:e1:a3:e4:cf:1b:b8:3f:8e:ef:9e:96:c6:60:6f:63:
- 2d:70:58:46:f7:bb:30:31:bc:08:19:3f:45:b6:45:31:db:db:
- d7:eb:fd:8a:dd:04:bc:d3:30:b0:f0:e4:1c:84:e8:71:9a:a8:
- e8:16:19:1e:96:60:d5:2f:c1:09:46:3c:a5:84:00:5f:f8:3d:
- 0d:f8:0f:ec:8a:c9:31:ed:4f:64:2d:b3:ed:f1:6a:f0:ed:31:
- 10:e6:38:69:a9:02:c8:3b:8c:a9:57:dc:65:c5:35:fd:e6:5a:
- 4d:a1:f0:43:e5:ca:18:02:eb:41:28:32:c3:04:5e:77:d1:b7:
- 64:69:aa:ff:ca:e1:dc:2c:14:9f:02:25:2d:77:bd:88:c6:6c:
- ff:61:cd:7d:9c:fe:f1:58:5a:17:60:88:d6:ae:9a:76:86:7e:
- b1:84:00:f2:f5:3a:b3:5e:6e:e9:cf:5d:b7:bb:1d:79:1b:e6:
- b8:5c:f9:c0:21:e9:35:30:01:1e:a0:23:a2:cf:42:6e:a6:74:
- fc:da:bf:6a
------BEGIN CERTIFICATE-----
-MIIDVjCCAj6gAwIBAgIRAN0/juxAI5gnPm4DDaTElEMwDQYJKoZIhvcNAQELBQAw
-FjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjIwMTI3MTY1NDEyWhcNMzIwMTI1
-MTY1NDEyWjASMRAwDgYDVQQDDAdmcml0dGVyMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEA0ljRpQU8ve3KfPMLltEB28VhZO2cLiMPnZTM3P+ESyDOnR/2
-8iC4G3yHGmr3jl/PsDsL9YoshPs1Yz+uT1TOj7U8du60bj3pORNLDwNkMqEvTxLH
-kdteCZOSLp5+fb0cAPjyEkjgVw2KeovUaG8+GW+G2JGXEV/bUl5TS2KSVtbjAmht
-QH/OSyi1wZ19h1wKtTP1o6AaqKYcJKgzoDZZ5jzOqpDRdGhZTWraw3qQdESvs+Y/
-goaau6UDfHmS7/n94glGtyxX3/AdS4uo410pe0BLsGPpm6rzJnCUgU0pRFWXtnU8
-477KpFuLnqkE0ddFcpXtzWIgqg8vBspZKx/+BQIDAQABo4GiMIGfMAkGA1UdEwQC
-MAAwHQYDVR0OBBYEFDhfZNhwZXuiP4WnEOgjR+0LIokaMFEGA1UdIwRKMEiAFElD
-W1L4MXi1hHR6jSfTIh+p1MKloRqkGDAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQYIU
-dc8xO6X2O5dKTboU0VjKk8vxf6UwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0P
-BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQALngusDNWIo0tmzy2k7X/jMpRdxiAz
-IFDLURJ7zKZhQ78iOZX5FchauoIHktS4ETRHF3sAtEAy1snho+TPG7g/ju+elsZg
-b2MtcFhG97swMbwIGT9FtkUx29vX6/2K3QS80zCw8OQchOhxmqjoFhkelmDVL8EJ
-RjylhABf+D0N+A/siskx7U9kLbPt8Wrw7TEQ5jhpqQLIO4ypV9xlxTX95lpNofBD
-5coYAutBKDLDBF530bdkaar/yuHcLBSfAiUtd72Ixmz/Yc19nP7xWFoXYIjWrpp2
-hn6xhADy9TqzXm7pz123ux15G+a4XPnAIek1MAEeoCOiz0JupnT82r9q
------END CERTIFICATE-----
-</cert>
-
-<key>
------BEGIN PRIVATE KEY-----
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDSWNGlBTy97cp8
-8wuW0QHbxWFk7ZwuIw+dlMzc/4RLIM6dH/byILgbfIcaaveOX8+wOwv1iiyE+zVj
-P65PVM6PtTx27rRuPek5E0sPA2QyoS9PEseR214Jk5Iunn59vRwA+PISSOBXDYp6
-i9Robz4Zb4bYkZcRX9tSXlNLYpJW1uMCaG1Af85LKLXBnX2HXAq1M/WjoBqophwk
-qDOgNlnmPM6qkNF0aFlNatrDepB0RK+z5j+Chpq7pQN8eZLv+f3iCUa3LFff8B1L
-i6jjXSl7QEuwY+mbqvMmcJSBTSlEVZe2dTzjvsqkW4ueqQTR10Vyle3NYiCqDy8G
-ylkrH/4FAgMBAAECggEAIMHQNCCyqulDJV48Kcp2vaDpX+xY7B5tqh6oIKpyEbkU
-NAfsTxylTzJ/X6/UyYlGMK2hWSWhdTwhvkkGfjg4ysxwlBzsYFan4UmN4NKoYfIU
-Cf5kseQ1qsweccAg9rfiiow6Nnq+5Q+oxxjLhU/9nbxuhX92xS/mWddypUS+gWNB
-BsXOc8V3+pg84nMNQRvP8EgocGT7pPRW9VzufA0CLAayjzXLxnXvvyJR9Sey2BLx
-PcaHMM1BhOzVig9Psq1jJna5NAu+PkmqRPBbgD7WJ3n6WGvm8y++6exF3nOllxcY
-0mvcdw5XIVy1BItgHt5Im3r4r1M2UuAvJqP+WrWygQKBgQD7xUyiEwKyLOKAmOvo
-nBCYEb+EKv3aybF1AyAZIvUlifT9cBeZtEKkdMdrbYi57iHAxC0GWAgduWA4uN3D
-jxnwI2XzKk6+AtKhbYxP7/ADloaOzteeCQ7mGTtiwqU5LMgh4rLuTq3zj+26fWcq
-jVdpu5LyoJV7iOpSqP8vj3Pr8QKBgQDV4WIYshS4L1NQbq15uY2Kg/Kk7aMAQuNM
-IuOPmoO4Rci7Dp53gX8ZGjRWt5PTa1pVnABV0/IQZMl4kZ8TtKBL2sjb++kh0Hm5
-6HdvaQ75sFkr8Jd/hJh8lIcFbfM8oLDUdBMAs2V3a2wAWv01Q3xo8JAyJm5KYD2k
-dctwRnAXVQKBgQCFbLLG9YIpQIYsll324LYekNFIzqvHRboIg8Z/67m00h6GLOAk
-8ZWbp9ODCAI8Xol+qbges4phjjsC9F155J1fWLMPoa0nH0HWkMKaHlK45A2dItq7
-gptlr5t8JCEBYs0QwB4JEqM2/2CBwzFoKI1ZmDEw6Y8ub4mWkr7hyokpUQKBgQDB
-e8X5X0hdIvr0vVsTzidcUmd0ikG2H8xt+PXx2C8myYKArgXvSGfJNqp4dFQ3o1sy
-LREkk7rc18Bm4R2Ofw2v8XlZgLdzTpx/8OvzDpBskvroRBtZUYN82ASZhdDQXPH7
-EBKMxL2a3cPzQlzkDWwDpvRbWebWQ+Af4iwrIp2OjQKBgQCMnPfrcjiS7+Kc29jF
-6+karf1C2sL3zCoTi1pY6KXFAiO46rg6RFvfMwDEHSAI2mRv7l0jpgyFgWizJqYH
-85i30MxQUWzJu59CAEcqe9SSu1NrGdzx2wswOdhGjiBhh2Tt+uX1B8eFPqjp5+Fg
-df2uTy3RZuhKT/h0GrhFnliXrQ==
------END PRIVATE KEY-----
-</key>
-
-<tls-auth>
-#
-# 2048 bit OpenVPN static key
-#
------BEGIN OpenVPN Static key V1-----
-7a5f3c2dd505666b595d6a03a6d627e1
-9babefe23197dc2181a7d1c00b3f5fd6
-7f28ea49abf33ea7422e0ab63c9eae14
-261ce5c099dd27ae26ba9b70b87737fa
-313a21b5e9d99ae382649eb1d0344703
-5a3b99fb9a1cddf03a89aed78fd3be92
-37ba0fa96e49814ea45495148a6552b4
-5f85d6fcc38fe88fbf8f86e0a0e33894
-89c418f65d4c8fc04ca6e59c61024995
-50547f35e5a7985d6415a7304d9340fd
-9f7ff6bb6f063a745fc3d656f275e07c
-8486233627fb96b8d798fbe8d2f8171d
-afc8bf5677ebef7ab1d80c8495d7262b
-c20efbdcc8645b48b68d6a537d9fb3f3
-03e345699bea11b99d9ace6fa5cd1e1d
-5d0951970c379d3e0b28bcaf453c2700
------END OpenVPN Static key V1-----
-</tls-auth>
+++ /dev/null
-##############################################
-# Sample client-side OpenVPN 2.0 config file #
-# for connecting to multi-client server. #
-# #
-# This configuration can be used by multiple #
-# clients, however each client should have #
-# its own cert and key files. #
-# #
-# On Windows, you might want to rename this #
-# file so it has a .ovpn extension #
-##############################################
-
-# Specify that we are a client and that we
-# will be pulling certain config file directives
-# from the server.
-client
-
-# Use the same setting as you are using on
-# the server.
-# On most systems, the VPN will not function
-# unless you partially or fully disable
-# the firewall for the TUN/TAP interface.
-;dev tap
-dev tun
-
-# Windows needs the TAP-Win32 adapter name
-# from the Network Connections panel
-# if you have more than one. On XP SP2,
-# you may need to disable the firewall
-# for the TAP adapter.
-;dev-node MyTap
-
-# Are we connecting to a TCP or
-# UDP server? Use the same setting as
-# on the server.
-;proto tcp
-proto udp
-
-# The hostname/IP and port of the server.
-# You can have multiple remote entries
-# to load balance between the servers.
-remote vpn.userrendszerhaz.hu 1194
-
-# Choose a random host from the remote
-# list for load-balancing. Otherwise
-# try hosts in the order specified.
-;remote-random
-
-# Keep trying indefinitely to resolve the
-# host name of the OpenVPN server. Very useful
-# on machines which are not permanently connected
-# to the internet such as laptops.
-resolv-retry infinite
-
-# Most clients don't need to bind to
-# a specific local port number.
-nobind
-
-# Downgrade privileges after initialization (non-Windows only)
-user nobody
-group nobody
-
-# Try to preserve some state across restarts.
-persist-key
-persist-tun
-
-# If you are connecting through an
-# HTTP proxy to reach the actual OpenVPN
-# server, put the proxy server/IP and
-# port number here. See the man page
-# if your proxy server requires
-# authentication.
-;http-proxy-retry # retry on connection failures
-;http-proxy [proxy server] [proxy port #]
-
-# Wireless networks often produce a lot
-# of duplicate packets. Set this flag
-# to silence duplicate packet warnings.
-;mute-replay-warnings
-
-# SSL/TLS parms.
-# See the server config file for more
-# description. It's best to use
-# a separate .crt/.key file pair
-# for each client. A single ca
-# file can be used for all clients.
-;ca ca.crt
-;cert client.crt
-;key client.key
-
-# Verify server certificate by checking that the
-# certificate has the correct key usage set.
-# This is an important precaution to protect against
-# a potential attack discussed here:
-# http://openvpn.net/howto.html#mitm
-#
-# To use this feature, you will need to generate
-# your server certificates with the keyUsage set to
-# digitalSignature, keyEncipherment
-# and the extendedKeyUsage to
-# serverAuth
-# EasyRSA can do this for you.
-remote-cert-tls server
-
-# If a tls-auth key is used on the server
-# then every client must also have the key.
-;tls-auth ta.key 1
-key-direction 1
-
-# Select a cryptographic cipher.
-# If the cipher option is used on the server
-# then you must also specify it here.
-# Note that v2.4 client/server will automatically
-# negotiate AES-256-GCM in TLS mode.
-# See also the data-ciphers option in the manpage
-cipher AES-256-CBC
-
-# Enable compression on the VPN link.
-# Don't enable this unless it is also
-# enabled in the server config file.
-#comp-lzo
-
-# Set log file verbosity.
-verb 3
-
-# Silence repeating messages
-;mute 20
-
-<ca>
------BEGIN CERTIFICATE-----
-MIIDSzCCAjOgAwIBAgIUdc8xO6X2O5dKTboU0VjKk8vxf6UwDQYJKoZIhvcNAQEL
-BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjIwMTI3MTYyMjI1WhcNMzIw
-MTI1MTYyMjI1WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBANfUW/VYGBdUDdq3yGWMD7TDDoXNFX+FaESEj8ad
-KhU3aakSF2bltPSLV0OKh+6H0avL1sPwvgleI7mmHU3PnyOTt4Seeikhcx9ZMLTZ
-NJ5unObrnfCyTOrpg7oQGUfu/eYsF3wAxXkQp/CG3aq++eTc741V3HVoj8slPtqJ
-7wMPMWDOgqENgIitOYD5gA9iywoLthXsIrPtWKy2zo8kUTQ3KE61UOEUa1I9r+3X
-EMM25lCid8I4kPTRU4JMbFvFqM+q3EOhMXeLlzAj6bD0ebmndxUyJLvbDBC5Uk9Q
-4CJsMRFhXTZZVUeCdmzvt4iUBZXN1P9AeM9lYCw4ZOjIknECAwEAAaOBkDCBjTAd
-BgNVHQ4EFgQUSUNbUvgxeLWEdHqNJ9MiH6nUwqUwUQYDVR0jBEowSIAUSUNbUvgx
-eLWEdHqNJ9MiH6nUwqWhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghR1zzE7
-pfY7l0pNuhTRWMqTy/F/pTAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq
-hkiG9w0BAQsFAAOCAQEAn4m1/6ptyMlGlobrZJ1/zpFykrHdlsFU2JbfVKB1Cu3P
-Hz9rJ0ai3du++7TObktNkALQgMy+i6eGH6+EbLp9lazcRRdJPVhJIuhQX9hvzQfk
-F/mM5wRJd6Rg6Cy8SDp0KYPwOM74Xck9ukvIPxdWd6omgu0b0qpruc58P0AW2Tjk
-XIP5YnBTBQGmN7NUzrJ4zWLKEJbOOi/P47oqEwYBGaWquLBsCPq03oDMs8EsGTcO
-90k9S8vgrrZfW4jHfkOmmNepgvt3g4A3g7Y9qYKLQi6vBtDOpK8OWfD6kIXBxqNt
-uSXdVmSwgbCTdXsMU3aEnVEyvgnlw/Wz+tXo+gLb5w==
------END CERTIFICATE-----
-</ca>
-
-<cert>
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 60:87:51:1c:41:ab:64:4d:6e:87:35:4b:37:da:5a:be
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:54:21 2022 GMT
- Not After : Jan 25 16:54:21 2032 GMT
- Subject: CN=fschnell
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:ba:48:1e:7f:2f:93:ee:b3:88:cf:0a:0a:82:0d:
- 48:bd:ed:d8:3f:5d:13:d1:20:c0:34:b9:8f:53:39:
- 52:d2:7e:91:4f:e5:4c:07:73:54:25:a6:6a:c7:83:
- b8:fc:93:1d:b6:03:72:59:41:4a:61:b9:68:0d:4e:
- e2:9b:b4:74:6c:87:7c:a3:61:30:22:3f:9b:53:23:
- 31:e1:b6:37:ef:0d:32:df:6e:40:14:e1:d8:1a:0e:
- 93:8f:6c:55:0d:dd:c9:9a:a2:5c:1e:46:c1:19:ce:
- e4:ee:8b:3e:93:bf:ce:60:30:29:da:2c:e7:d7:a9:
- 06:4d:84:60:cd:3a:28:18:0d:d2:11:6e:01:e9:1a:
- 0c:6b:d1:09:b4:e6:5f:95:7d:c3:a3:d3:fb:44:15:
- 50:b7:be:6e:89:d3:75:cf:57:e3:13:f6:99:3e:ea:
- 2b:38:05:5b:d4:0d:c6:65:42:93:63:c6:e7:44:5a:
- 2c:01:19:88:52:c7:6f:12:fa:27:df:5e:b6:40:e9:
- 15:35:e4:27:0f:e3:c7:1d:37:4f:5f:0b:78:cb:33:
- a2:e6:06:35:b3:b1:d4:4a:4f:55:48:95:b1:e0:5c:
- 8f:35:87:d9:32:07:1b:68:b0:eb:8b:03:67:9c:0e:
- 14:0c:63:ca:22:c7:86:9a:35:5f:af:84:75:fa:3b:
- e7:43
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 4C:D9:F1:08:3B:62:3F:D4:E3:22:0B:27:BD:9C:7C:15:44:B8:D6:11
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- 4c:cf:19:8e:b2:4a:87:3c:de:5b:f3:31:9d:c3:58:4d:9a:d6:
- 59:ad:49:ec:aa:ec:2a:3c:04:c2:1b:fd:31:76:8f:af:2a:bc:
- 9e:d4:96:5d:31:b5:86:16:df:af:2f:ea:12:e9:2a:23:f5:37:
- bb:9b:c0:c5:b6:bc:77:28:2c:f6:8d:31:8a:8e:a2:f8:dc:b8:
- 65:14:ba:1a:8c:32:4f:ec:84:08:3c:87:c2:97:08:93:f8:b9:
- a4:30:a4:78:54:05:a0:f0:29:7b:61:bb:22:4a:98:21:bb:a3:
- c1:38:be:14:bf:58:ab:09:07:8c:d8:c1:66:17:98:91:f3:64:
- ca:05:41:f8:04:5d:91:8a:8f:29:2b:d1:85:20:c5:7c:3e:32:
- 3e:40:8b:c5:1a:20:1f:c4:95:4b:3a:35:a1:37:e3:c8:15:f1:
- 04:4f:9e:cb:1d:1f:bf:4a:c5:8b:f9:81:a7:42:e5:95:04:e5:
- b2:04:f0:3e:1e:d5:24:1d:37:e1:cd:c4:b9:69:77:0d:d6:28:
- b2:f9:7b:be:93:a0:b5:2b:c3:3d:27:9e:4d:a0:73:64:d1:16:
- 9a:07:cc:ff:55:e8:06:ff:a7:d3:fe:a7:33:ff:1c:9d:b4:c8:
- f8:37:fa:e3:24:1d:57:e9:ea:df:92:61:7b:ec:f3:6b:3d:0f:
- 7e:75:72:59
------BEGIN CERTIFICATE-----
-MIIDVjCCAj6gAwIBAgIQYIdRHEGrZE1uhzVLN9pavjANBgkqhkiG9w0BAQsFADAW
-MRQwEgYDVQQDDAtFYXN5LVJTQSBDQTAeFw0yMjAxMjcxNjU0MjFaFw0zMjAxMjUx
-NjU0MjFaMBMxETAPBgNVBAMMCGZzY2huZWxsMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEAukgefy+T7rOIzwoKgg1Ive3YP10T0SDANLmPUzlS0n6RT+VM
-B3NUJaZqx4O4/JMdtgNyWUFKYbloDU7im7R0bId8o2EwIj+bUyMx4bY37w0y325A
-FOHYGg6Tj2xVDd3JmqJcHkbBGc7k7os+k7/OYDAp2izn16kGTYRgzTooGA3SEW4B
-6RoMa9EJtOZflX3Do9P7RBVQt75uidN1z1fjE/aZPuorOAVb1A3GZUKTY8bnRFos
-ARmIUsdvEvon3162QOkVNeQnD+PHHTdPXwt4yzOi5gY1s7HUSk9VSJWx4FyPNYfZ
-MgcbaLDriwNnnA4UDGPKIseGmjVfr4R1+jvnQwIDAQABo4GiMIGfMAkGA1UdEwQC
-MAAwHQYDVR0OBBYEFEzZ8Qg7Yj/U4yILJ72cfBVEuNYRMFEGA1UdIwRKMEiAFElD
-W1L4MXi1hHR6jSfTIh+p1MKloRqkGDAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQYIU
-dc8xO6X2O5dKTboU0VjKk8vxf6UwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0P
-BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQBMzxmOskqHPN5b8zGdw1hNmtZZrUns
-quwqPATCG/0xdo+vKrye1JZdMbWGFt+vL+oS6Soj9Te7m8DFtrx3KCz2jTGKjqL4
-3LhlFLoajDJP7IQIPIfClwiT+LmkMKR4VAWg8Cl7YbsiSpghu6PBOL4Uv1irCQeM
-2MFmF5iR82TKBUH4BF2Rio8pK9GFIMV8PjI+QIvFGiAfxJVLOjWhN+PIFfEET57L
-HR+/SsWL+YGnQuWVBOWyBPA+HtUkHTfhzcS5aXcN1iiy+Xu+k6C1K8M9J55NoHNk
-0RaaB8z/VegG/6fT/qcz/xydtMj4N/rjJB1X6erfkmF77PNrPQ9+dXJZ
------END CERTIFICATE-----
-</cert>
-
-<key>
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6SB5/L5Pus4jP
-CgqCDUi97dg/XRPRIMA0uY9TOVLSfpFP5UwHc1QlpmrHg7j8kx22A3JZQUphuWgN
-TuKbtHRsh3yjYTAiP5tTIzHhtjfvDTLfbkAU4dgaDpOPbFUN3cmaolweRsEZzuTu
-iz6Tv85gMCnaLOfXqQZNhGDNOigYDdIRbgHpGgxr0Qm05l+VfcOj0/tEFVC3vm6J
-03XPV+MT9pk+6is4BVvUDcZlQpNjxudEWiwBGYhSx28S+iffXrZA6RU15CcP48cd
-N09fC3jLM6LmBjWzsdRKT1VIlbHgXI81h9kyBxtosOuLA2ecDhQMY8oix4aaNV+v
-hHX6O+dDAgMBAAECggEAOee5MygDACxm1pT0d0DR39hTZD72rgdUOA+GcgRbrnsR
-iJhqbdZ3zcxRXPuhQUIp9i5UGVKmYIJVye0/m88YcbQcFl1brQnAqrNCCjuuX2zm
-53VKDjO2DUOCsw6l0c2joaHeqLqtw+wAVfaK2TrCWDwghmV3HB66itYfkSwG0pLR
-BdhqK+DLGo9aWUqv9ktxBk87kEf00DLTlX3IdZOPreaNqVhJOjaVBEMd7RrgUZ/o
-UAkc1d18cxLxlGtQkO4oQxMujQ/NmSj9vOMBtT2aU6o3PdlitrcpmH362LlzpzT/
-iFB3b/rgQnNiSEvkR3CmodQAhKIlOXQiCWMPcJ6xAQKBgQDs+0unYAe/A1DX1CRB
-Lj84CjVmWquPEr2tg4s3umZ26rE8MKoWXswkCFaSuX97jFRANVQXS9+x1AZhPr2h
-74SIt3rzVGcnXxJ49zqiFK4+jHURx4/ad8b0dfJZh7KgVaBQ2iu0L+Jm/Vh1VO2A
-fU+6WkUWEiUHrvpVZf7JeI0iYwKBgQDJOzY1SQv7VV6BfV8H0mq8owQLF0+ntLCv
-Ogm9DzZrsMHtBB9gd08+ZR95b6KNwdS+4pJPOrNmZaETxLF6RbiV+N/2WSPLjcAU
-BLPCjKwmLGQNn+/wxXgqYIHvwaMgaYB+h2RkIryAlFDprJVRSc8c5OeiNoBKzI1H
-vgXW4lDNoQKBgQCYS4K6BL/VpIbevSmzbcoY9I6OwbRBFRUqnj/ox3Sz9W2DNe8I
-w1FD0sv4LRfdSTiXru3krtEKUizrb8ukdu3ggrGUEOjd535SmOdoZAv6jH9rtqkf
-CBym2+msWcWUvpJxg1PUz3UbJLMlbDfZfC6xnvOJFI4RmwSrvwl3Zm6k6wKBgBUA
-kQ/Op+l7Z3msVBbE50741Jszu6SNP0OKkymgRNXIhPTv0TaIPUUN2NMby6Nv73xc
-uVh7j+3H/Z/Kj5trW3CLoRRdCVddXAa61ugfNnhleavSXYCLm5cQq38SfqwLVtXd
-26R326Sv1iINWSg6w9sIKQTNG2azIquyMXnT9QsBAoGAEyW4Scj08YF2JUpBfCcQ
-d7IKFRmfrV6sC5CnRfiOhDWRQZ0ud60ObX27VFY18pRg9wlfYvsjfiObqgF6UqjZ
-IYGshZWEQf9micH8+uGuWVd4bRQG2RxcNtwsKncX3UNerxprxUJYPQm/5JrkoR12
-JhvAwPkmisVXMlZ3U+monYs=
------END PRIVATE KEY-----
-</key>
-
-<tls-auth>
-#
-# 2048 bit OpenVPN static key
-#
------BEGIN OpenVPN Static key V1-----
-7a5f3c2dd505666b595d6a03a6d627e1
-9babefe23197dc2181a7d1c00b3f5fd6
-7f28ea49abf33ea7422e0ab63c9eae14
-261ce5c099dd27ae26ba9b70b87737fa
-313a21b5e9d99ae382649eb1d0344703
-5a3b99fb9a1cddf03a89aed78fd3be92
-37ba0fa96e49814ea45495148a6552b4
-5f85d6fcc38fe88fbf8f86e0a0e33894
-89c418f65d4c8fc04ca6e59c61024995
-50547f35e5a7985d6415a7304d9340fd
-9f7ff6bb6f063a745fc3d656f275e07c
-8486233627fb96b8d798fbe8d2f8171d
-afc8bf5677ebef7ab1d80c8495d7262b
-c20efbdcc8645b48b68d6a537d9fb3f3
-03e345699bea11b99d9ace6fa5cd1e1d
-5d0951970c379d3e0b28bcaf453c2700
------END OpenVPN Static key V1-----
-</tls-auth>
+++ /dev/null
-##############################################
-# Sample client-side OpenVPN 2.0 config file #
-# for connecting to multi-client server. #
-# #
-# This configuration can be used by multiple #
-# clients, however each client should have #
-# its own cert and key files. #
-# #
-# On Windows, you might want to rename this #
-# file so it has a .ovpn extension #
-##############################################
-
-# Specify that we are a client and that we
-# will be pulling certain config file directives
-# from the server.
-client
-
-# Use the same setting as you are using on
-# the server.
-# On most systems, the VPN will not function
-# unless you partially or fully disable
-# the firewall for the TUN/TAP interface.
-;dev tap
-dev tun
-
-# Windows needs the TAP-Win32 adapter name
-# from the Network Connections panel
-# if you have more than one. On XP SP2,
-# you may need to disable the firewall
-# for the TAP adapter.
-;dev-node MyTap
-
-# Are we connecting to a TCP or
-# UDP server? Use the same setting as
-# on the server.
-;proto tcp
-proto udp
-
-# The hostname/IP and port of the server.
-# You can have multiple remote entries
-# to load balance between the servers.
-remote vpn.userrendszerhaz.hu 1194
-
-# Choose a random host from the remote
-# list for load-balancing. Otherwise
-# try hosts in the order specified.
-;remote-random
-
-# Keep trying indefinitely to resolve the
-# host name of the OpenVPN server. Very useful
-# on machines which are not permanently connected
-# to the internet such as laptops.
-resolv-retry infinite
-
-# Most clients don't need to bind to
-# a specific local port number.
-nobind
-
-# Downgrade privileges after initialization (non-Windows only)
-user nobody
-group nobody
-
-# Try to preserve some state across restarts.
-persist-key
-persist-tun
-
-# If you are connecting through an
-# HTTP proxy to reach the actual OpenVPN
-# server, put the proxy server/IP and
-# port number here. See the man page
-# if your proxy server requires
-# authentication.
-;http-proxy-retry # retry on connection failures
-;http-proxy [proxy server] [proxy port #]
-
-# Wireless networks often produce a lot
-# of duplicate packets. Set this flag
-# to silence duplicate packet warnings.
-;mute-replay-warnings
-
-# SSL/TLS parms.
-# See the server config file for more
-# description. It's best to use
-# a separate .crt/.key file pair
-# for each client. A single ca
-# file can be used for all clients.
-;ca ca.crt
-;cert client.crt
-;key client.key
-
-# Verify server certificate by checking that the
-# certificate has the correct key usage set.
-# This is an important precaution to protect against
-# a potential attack discussed here:
-# http://openvpn.net/howto.html#mitm
-#
-# To use this feature, you will need to generate
-# your server certificates with the keyUsage set to
-# digitalSignature, keyEncipherment
-# and the extendedKeyUsage to
-# serverAuth
-# EasyRSA can do this for you.
-remote-cert-tls server
-
-# If a tls-auth key is used on the server
-# then every client must also have the key.
-;tls-auth ta.key 1
-key-direction 1
-
-# Select a cryptographic cipher.
-# If the cipher option is used on the server
-# then you must also specify it here.
-# Note that v2.4 client/server will automatically
-# negotiate AES-256-GCM in TLS mode.
-# See also the data-ciphers option in the manpage
-cipher AES-256-CBC
-
-# Enable compression on the VPN link.
-# Don't enable this unless it is also
-# enabled in the server config file.
-#comp-lzo
-
-# Set log file verbosity.
-verb 3
-
-# Silence repeating messages
-;mute 20
-
-<ca>
------BEGIN CERTIFICATE-----
-MIIDSzCCAjOgAwIBAgIUdc8xO6X2O5dKTboU0VjKk8vxf6UwDQYJKoZIhvcNAQEL
-BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjIwMTI3MTYyMjI1WhcNMzIw
-MTI1MTYyMjI1WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBANfUW/VYGBdUDdq3yGWMD7TDDoXNFX+FaESEj8ad
-KhU3aakSF2bltPSLV0OKh+6H0avL1sPwvgleI7mmHU3PnyOTt4Seeikhcx9ZMLTZ
-NJ5unObrnfCyTOrpg7oQGUfu/eYsF3wAxXkQp/CG3aq++eTc741V3HVoj8slPtqJ
-7wMPMWDOgqENgIitOYD5gA9iywoLthXsIrPtWKy2zo8kUTQ3KE61UOEUa1I9r+3X
-EMM25lCid8I4kPTRU4JMbFvFqM+q3EOhMXeLlzAj6bD0ebmndxUyJLvbDBC5Uk9Q
-4CJsMRFhXTZZVUeCdmzvt4iUBZXN1P9AeM9lYCw4ZOjIknECAwEAAaOBkDCBjTAd
-BgNVHQ4EFgQUSUNbUvgxeLWEdHqNJ9MiH6nUwqUwUQYDVR0jBEowSIAUSUNbUvgx
-eLWEdHqNJ9MiH6nUwqWhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghR1zzE7
-pfY7l0pNuhTRWMqTy/F/pTAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq
-hkiG9w0BAQsFAAOCAQEAn4m1/6ptyMlGlobrZJ1/zpFykrHdlsFU2JbfVKB1Cu3P
-Hz9rJ0ai3du++7TObktNkALQgMy+i6eGH6+EbLp9lazcRRdJPVhJIuhQX9hvzQfk
-F/mM5wRJd6Rg6Cy8SDp0KYPwOM74Xck9ukvIPxdWd6omgu0b0qpruc58P0AW2Tjk
-XIP5YnBTBQGmN7NUzrJ4zWLKEJbOOi/P47oqEwYBGaWquLBsCPq03oDMs8EsGTcO
-90k9S8vgrrZfW4jHfkOmmNepgvt3g4A3g7Y9qYKLQi6vBtDOpK8OWfD6kIXBxqNt
-uSXdVmSwgbCTdXsMU3aEnVEyvgnlw/Wz+tXo+gLb5w==
------END CERTIFICATE-----
-</ca>
-
-<cert>
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 23:70:61:7d:39:85:fe:76:8d:ca:0f:04:d3:68:3d:1f
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:54:35 2022 GMT
- Not After : Jan 25 16:54:35 2032 GMT
- Subject: CN=khorvath
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:eb:04:0d:b5:38:69:3a:69:07:21:1c:59:4c:07:
- 6c:1d:30:89:93:3d:90:d3:ef:04:cb:ec:41:94:9e:
- 35:91:28:17:e4:1f:cb:2b:0a:06:b9:6a:91:e6:cb:
- 89:60:e6:3c:0a:f8:ff:ae:6c:48:e3:d7:a9:52:95:
- 5f:e5:c8:80:5c:82:b5:91:3b:5e:e0:23:82:8d:52:
- 53:0a:ea:e8:b2:92:b3:4b:bb:1d:2f:5a:e4:29:a9:
- 69:2c:b9:e1:9e:13:1c:3c:0d:d9:fe:fd:e9:a7:1f:
- f4:c2:ab:3b:eb:52:95:41:2a:5a:d4:9e:e9:8e:40:
- 97:60:fb:e8:12:9e:d6:e4:72:2b:43:57:de:85:6b:
- db:94:27:45:eb:43:bb:3d:6e:17:c6:dc:19:d2:dc:
- cd:c8:67:fc:d0:d3:8f:81:4c:1a:ad:df:e6:2b:43:
- 07:95:18:ad:e0:21:c6:5a:fd:ce:17:af:63:58:97:
- b7:86:db:42:95:7f:38:46:08:7e:26:81:24:e2:7e:
- dd:53:51:ab:29:43:19:ad:5f:8b:b2:b8:cf:19:06:
- 0e:15:67:a4:50:79:00:f4:f8:2a:b8:e7:fd:b4:59:
- 9a:ef:10:fb:10:bf:57:3e:26:ec:1e:97:6d:ad:87:
- b9:60:94:69:24:96:69:36:9a:21:00:42:98:06:24:
- d5:f9
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 96:F4:90:70:43:B0:6E:93:48:D7:95:1F:9B:BC:0E:8A:8D:33:36:99
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- 01:8a:5e:af:fe:5a:9d:65:ba:a5:3a:51:d0:1e:7d:fe:9e:b7:
- 7e:bc:da:33:0b:e2:f8:13:6f:73:40:5f:c2:b7:5d:2f:54:5e:
- 0d:db:1d:28:b0:e9:fa:a2:ff:23:3c:4e:63:90:d6:5e:6c:81:
- 9a:69:3d:06:05:5f:c3:a5:67:4a:29:e9:40:36:eb:53:89:a7:
- 13:a5:69:ba:8d:61:ac:d9:5f:89:35:59:dc:c0:98:73:f1:f8:
- 1e:14:80:d9:09:9c:bd:db:69:54:ea:15:68:97:bd:08:27:d7:
- af:c9:8a:b5:41:4a:6c:dc:4f:4c:dd:5b:c7:cf:86:01:07:a2:
- ad:33:7d:aa:47:ae:a8:b0:d2:24:89:9c:a0:48:8d:74:51:79:
- 89:f8:8d:ee:33:4f:d6:45:b8:b5:a6:48:eb:ad:3a:86:68:53:
- 4d:ba:55:fa:d4:2f:7b:59:3d:a6:16:d9:8a:81:90:72:e8:14:
- e8:06:7f:de:0e:f8:be:cf:ce:91:22:8e:cd:5a:94:8f:1c:d0:
- 4b:f6:b5:41:2d:1d:c4:0a:1e:36:17:dd:78:17:23:85:c7:cb:
- ae:1b:ae:65:90:22:b0:c0:94:df:cc:83:38:61:cb:fa:a7:e6:
- a4:a7:9b:10:5d:fc:30:6f:d2:dc:02:15:07:a0:42:9f:1b:a9:
- f9:c7:22:34
------BEGIN CERTIFICATE-----
-MIIDVjCCAj6gAwIBAgIQI3BhfTmF/naNyg8E02g9HzANBgkqhkiG9w0BAQsFADAW
-MRQwEgYDVQQDDAtFYXN5LVJTQSBDQTAeFw0yMjAxMjcxNjU0MzVaFw0zMjAxMjUx
-NjU0MzVaMBMxETAPBgNVBAMMCGtob3J2YXRoMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEA6wQNtThpOmkHIRxZTAdsHTCJkz2Q0+8Ey+xBlJ41kSgX5B/L
-KwoGuWqR5suJYOY8Cvj/rmxI49epUpVf5ciAXIK1kTte4COCjVJTCurospKzS7sd
-L1rkKalpLLnhnhMcPA3Z/v3ppx/0wqs761KVQSpa1J7pjkCXYPvoEp7W5HIrQ1fe
-hWvblCdF60O7PW4XxtwZ0tzNyGf80NOPgUward/mK0MHlRit4CHGWv3OF69jWJe3
-httClX84Rgh+JoEk4n7dU1GrKUMZrV+LsrjPGQYOFWekUHkA9PgquOf9tFma7xD7
-EL9XPibsHpdtrYe5YJRpJJZpNpohAEKYBiTV+QIDAQABo4GiMIGfMAkGA1UdEwQC
-MAAwHQYDVR0OBBYEFJb0kHBDsG6TSNeVH5u8DoqNMzaZMFEGA1UdIwRKMEiAFElD
-W1L4MXi1hHR6jSfTIh+p1MKloRqkGDAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQYIU
-dc8xO6X2O5dKTboU0VjKk8vxf6UwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0P
-BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQABil6v/lqdZbqlOlHQHn3+nrd+vNoz
-C+L4E29zQF/Ct10vVF4N2x0osOn6ov8jPE5jkNZebIGaaT0GBV/DpWdKKelANutT
-iacTpWm6jWGs2V+JNVncwJhz8fgeFIDZCZy922lU6hVol70IJ9evyYq1QUps3E9M
-3VvHz4YBB6KtM32qR66osNIkiZygSI10UXmJ+I3uM0/WRbi1pkjrrTqGaFNNulX6
-1C97WT2mFtmKgZBy6BToBn/eDvi+z86RIo7NWpSPHNBL9rVBLR3ECh42F914FyOF
-x8uuG65lkCKwwJTfzIM4Ycv6p+akp5sQXfwwb9LcAhUHoEKfG6n5xyI0
------END CERTIFICATE-----
-</cert>
-
-<key>
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDrBA21OGk6aQch
-HFlMB2wdMImTPZDT7wTL7EGUnjWRKBfkH8srCga5apHmy4lg5jwK+P+ubEjj16lS
-lV/lyIBcgrWRO17gI4KNUlMK6uiykrNLux0vWuQpqWksueGeExw8Ddn+/emnH/TC
-qzvrUpVBKlrUnumOQJdg++gSntbkcitDV96Fa9uUJ0XrQ7s9bhfG3BnS3M3IZ/zQ
-04+BTBqt3+YrQweVGK3gIcZa/c4Xr2NYl7eG20KVfzhGCH4mgSTift1TUaspQxmt
-X4uyuM8ZBg4VZ6RQeQD0+Cq45/20WZrvEPsQv1c+Juwel22th7lglGkklmk2miEA
-QpgGJNX5AgMBAAECggEBAONhmKGtYqJQ28T9WKhmxgO34mPDPUzQBSQIAat5Jvq6
-f+MHn9qUaM0cfu1+H/zQxWcYYsivnBZVok10mMQJqafYDzPk7XaO5NE2xYHapimg
-JjkvYJ1go0Br2Iadkd0PQFIaVMCRim9YS8fNRLv5us7B2/+7gN1RQSVklLTvWZrL
-wJwsnhACnzEpJIKLhnFyrjbF2XCWtrxBvdSTRzP6Z5frrg8IKPDV0qFdGYNS3Wl0
-YCt/80vcsIe39xxh31XdzXPNnLmWDXRqc8Nrx7Du2W8QlGMQMK6OOFF9J9wud04w
-NzZoCZDPt6kUjFouMU7xhnt/lAMzh3OhMYc+KrVlMMECgYEA/E5/4yDWAHCdFqeL
-mCzpGSL2FS3XcP20ZsAfGCAYAF8w9qONWKxQS44vL/Ffi2KClmw6pFi+XXnSJ0DE
-GKp1R//UwVWQBJR3W0t7FEJKOZcDqrdy/n6UspMVq9RlQKcdrGIxHRBVoO12dnSU
-r72PtbNUSp8mfU5lbs9rXMihDMsCgYEA7nTCCsfed4Ogk7so89sgB7XXGGKtvRg/
-uNuZ7wy0Fp2sQ1WfG0SEJ7N9r8w1anM2tasvJqQRaUHBGLCsONEA7rU1L4kEexCY
-799oQ+dUYVJLwcs8dw5slEcvEhKbmC4VeXkLyysChAXWCJBjNEqm/LZVkUzBNPAd
-zsX/ZzeB88sCgYAfHUckKV56u2iD7LGIWLF+ShNy1S5mXsMqkLLE9OBA23xcThsW
-PlnAl442KVwRAlr8Veh9b/w55tYFxTTpncvMzz3bgcO67NwzRAGvo+UnaPooyWrC
-+7U2uHDJue2qpXFBWvKXlPYaXG5peUME0SmxzKWudiX2+f4ERkwFKzDBNQKBgEOY
-kZEgy22xwIlgWuGV0mSdJZZiEsIx545tohtjzIFEvRpxYSMHrzbZ6N021EWS14V0
-O2+GvvDJlQV8v7VzegIxGBybiMuiDtigyhvFrePQwmzzQfa1/g2iiDNlVvoyxh+j
-MrarQJFQXjYbSCQArYmh3mvMCFELaEe/VQFbeNk1AoGBAKkKwFtlFRD33jpX/fD3
-HSU1Orl1+TYA2qpFyf1S7fyrBFOGojsyaoLD1CqVTwLhr2OAexKNRcm9Adx/zXYX
-wVeb13aM7GoubwKYDV3zjLyhetYLLTg0jkgBCprKRD7zKTZgzAdkZcIGlMVVB+FL
-NXyvV71TyYb5UkoYgnDk1Jb3
------END PRIVATE KEY-----
-</key>
-
-<tls-auth>
-#
-# 2048 bit OpenVPN static key
-#
------BEGIN OpenVPN Static key V1-----
-7a5f3c2dd505666b595d6a03a6d627e1
-9babefe23197dc2181a7d1c00b3f5fd6
-7f28ea49abf33ea7422e0ab63c9eae14
-261ce5c099dd27ae26ba9b70b87737fa
-313a21b5e9d99ae382649eb1d0344703
-5a3b99fb9a1cddf03a89aed78fd3be92
-37ba0fa96e49814ea45495148a6552b4
-5f85d6fcc38fe88fbf8f86e0a0e33894
-89c418f65d4c8fc04ca6e59c61024995
-50547f35e5a7985d6415a7304d9340fd
-9f7ff6bb6f063a745fc3d656f275e07c
-8486233627fb96b8d798fbe8d2f8171d
-afc8bf5677ebef7ab1d80c8495d7262b
-c20efbdcc8645b48b68d6a537d9fb3f3
-03e345699bea11b99d9ace6fa5cd1e1d
-5d0951970c379d3e0b28bcaf453c2700
------END OpenVPN Static key V1-----
-</tls-auth>
+++ /dev/null
-##############################################
-# Sample client-side OpenVPN 2.0 config file #
-# for connecting to multi-client server. #
-# #
-# This configuration can be used by multiple #
-# clients, however each client should have #
-# its own cert and key files. #
-# #
-# On Windows, you might want to rename this #
-# file so it has a .ovpn extension #
-##############################################
-
-# Specify that we are a client and that we
-# will be pulling certain config file directives
-# from the server.
-client
-
-# Use the same setting as you are using on
-# the server.
-# On most systems, the VPN will not function
-# unless you partially or fully disable
-# the firewall for the TUN/TAP interface.
-;dev tap
-dev tun
-
-# Windows needs the TAP-Win32 adapter name
-# from the Network Connections panel
-# if you have more than one. On XP SP2,
-# you may need to disable the firewall
-# for the TAP adapter.
-;dev-node MyTap
-
-# Are we connecting to a TCP or
-# UDP server? Use the same setting as
-# on the server.
-;proto tcp
-proto udp
-
-# The hostname/IP and port of the server.
-# You can have multiple remote entries
-# to load balance between the servers.
-remote vpn.userrendszerhaz.hu 1194
-
-# Choose a random host from the remote
-# list for load-balancing. Otherwise
-# try hosts in the order specified.
-;remote-random
-
-# Keep trying indefinitely to resolve the
-# host name of the OpenVPN server. Very useful
-# on machines which are not permanently connected
-# to the internet such as laptops.
-resolv-retry infinite
-
-# Most clients don't need to bind to
-# a specific local port number.
-nobind
-
-# Downgrade privileges after initialization (non-Windows only)
-user nobody
-group nobody
-
-# Try to preserve some state across restarts.
-persist-key
-persist-tun
-
-# If you are connecting through an
-# HTTP proxy to reach the actual OpenVPN
-# server, put the proxy server/IP and
-# port number here. See the man page
-# if your proxy server requires
-# authentication.
-;http-proxy-retry # retry on connection failures
-;http-proxy [proxy server] [proxy port #]
-
-# Wireless networks often produce a lot
-# of duplicate packets. Set this flag
-# to silence duplicate packet warnings.
-;mute-replay-warnings
-
-# SSL/TLS parms.
-# See the server config file for more
-# description. It's best to use
-# a separate .crt/.key file pair
-# for each client. A single ca
-# file can be used for all clients.
-;ca ca.crt
-;cert client.crt
-;key client.key
-
-# Verify server certificate by checking that the
-# certificate has the correct key usage set.
-# This is an important precaution to protect against
-# a potential attack discussed here:
-# http://openvpn.net/howto.html#mitm
-#
-# To use this feature, you will need to generate
-# your server certificates with the keyUsage set to
-# digitalSignature, keyEncipherment
-# and the extendedKeyUsage to
-# serverAuth
-# EasyRSA can do this for you.
-remote-cert-tls server
-
-# If a tls-auth key is used on the server
-# then every client must also have the key.
-;tls-auth ta.key 1
-key-direction 1
-
-# Select a cryptographic cipher.
-# If the cipher option is used on the server
-# then you must also specify it here.
-# Note that v2.4 client/server will automatically
-# negotiate AES-256-GCM in TLS mode.
-# See also the data-ciphers option in the manpage
-cipher AES-256-CBC
-
-# Enable compression on the VPN link.
-# Don't enable this unless it is also
-# enabled in the server config file.
-#comp-lzo
-
-# Set log file verbosity.
-verb 3
-
-# Silence repeating messages
-;mute 20
-
-<ca>
------BEGIN CERTIFICATE-----
-MIIDSzCCAjOgAwIBAgIUdc8xO6X2O5dKTboU0VjKk8vxf6UwDQYJKoZIhvcNAQEL
-BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjIwMTI3MTYyMjI1WhcNMzIw
-MTI1MTYyMjI1WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBANfUW/VYGBdUDdq3yGWMD7TDDoXNFX+FaESEj8ad
-KhU3aakSF2bltPSLV0OKh+6H0avL1sPwvgleI7mmHU3PnyOTt4Seeikhcx9ZMLTZ
-NJ5unObrnfCyTOrpg7oQGUfu/eYsF3wAxXkQp/CG3aq++eTc741V3HVoj8slPtqJ
-7wMPMWDOgqENgIitOYD5gA9iywoLthXsIrPtWKy2zo8kUTQ3KE61UOEUa1I9r+3X
-EMM25lCid8I4kPTRU4JMbFvFqM+q3EOhMXeLlzAj6bD0ebmndxUyJLvbDBC5Uk9Q
-4CJsMRFhXTZZVUeCdmzvt4iUBZXN1P9AeM9lYCw4ZOjIknECAwEAAaOBkDCBjTAd
-BgNVHQ4EFgQUSUNbUvgxeLWEdHqNJ9MiH6nUwqUwUQYDVR0jBEowSIAUSUNbUvgx
-eLWEdHqNJ9MiH6nUwqWhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghR1zzE7
-pfY7l0pNuhTRWMqTy/F/pTAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq
-hkiG9w0BAQsFAAOCAQEAn4m1/6ptyMlGlobrZJ1/zpFykrHdlsFU2JbfVKB1Cu3P
-Hz9rJ0ai3du++7TObktNkALQgMy+i6eGH6+EbLp9lazcRRdJPVhJIuhQX9hvzQfk
-F/mM5wRJd6Rg6Cy8SDp0KYPwOM74Xck9ukvIPxdWd6omgu0b0qpruc58P0AW2Tjk
-XIP5YnBTBQGmN7NUzrJ4zWLKEJbOOi/P47oqEwYBGaWquLBsCPq03oDMs8EsGTcO
-90k9S8vgrrZfW4jHfkOmmNepgvt3g4A3g7Y9qYKLQi6vBtDOpK8OWfD6kIXBxqNt
-uSXdVmSwgbCTdXsMU3aEnVEyvgnlw/Wz+tXo+gLb5w==
------END CERTIFICATE-----
-</ca>
-
-<cert>
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 16:d6:7e:bd:b7:16:bd:51:0c:34:0d:08:fa:8c:cb:b1
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:54:48 2022 GMT
- Not After : Jan 25 16:54:48 2032 GMT
- Subject: CN=kkancz
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:b9:6a:63:78:e0:1b:e8:2f:dc:70:f4:49:6f:6c:
- 7b:62:05:76:60:4e:01:4f:91:07:2d:b2:8e:7f:e1:
- 61:4e:c3:24:1d:da:6c:ae:b9:d5:de:00:d5:f7:cf:
- 36:8f:a1:cb:9c:15:4c:57:e8:76:36:83:8b:7b:d4:
- de:04:c9:06:40:32:c3:31:01:f1:f5:bc:9c:97:42:
- 4d:82:47:71:cc:b8:0c:2c:91:bb:c8:6b:2b:62:09:
- f3:5a:c5:5f:40:e8:46:7c:9f:d8:dd:20:a3:bc:34:
- f9:67:28:ae:ed:fc:cd:3e:f0:68:ce:1b:02:d4:da:
- d2:0b:74:b6:32:11:39:6e:53:80:a7:e1:b9:06:96:
- ae:ef:8e:dd:0e:26:05:7a:2c:46:7d:f6:ba:af:6f:
- 3e:44:8b:fa:ff:40:fd:3e:32:64:a5:f7:27:60:f7:
- 85:28:33:e2:a3:2f:5a:37:cd:15:02:ff:28:b5:95:
- a4:3d:ee:01:9f:86:76:2d:01:3d:b4:e7:e2:1f:fb:
- be:1f:6a:2f:e8:50:68:2a:2d:86:3a:ef:38:f1:46:
- df:e7:5c:53:b0:63:13:80:b4:4d:b8:60:7a:ee:71:
- 67:bc:c8:21:83:64:6f:45:07:19:87:f3:49:c2:63:
- 04:59:3f:6d:80:21:0e:2f:4e:cc:b5:7c:38:47:c4:
- 7b:a5
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 9E:32:BB:AC:26:6F:9A:04:73:A5:B9:42:DA:29:46:95:C8:DE:F3:05
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- 6a:07:04:54:3c:a9:4c:05:72:9e:78:6b:a6:dd:a8:09:15:0b:
- cb:54:ad:54:91:f9:8d:ee:61:37:a3:97:92:9e:97:25:4d:db:
- 96:91:9f:39:45:92:e5:d7:06:45:57:89:ef:96:bf:47:c5:5a:
- 84:c8:6d:78:7a:43:02:f5:0f:4b:7f:7b:04:49:53:4b:85:13:
- 5a:cb:75:06:f3:ba:8b:0b:83:f2:1a:df:27:0b:17:b2:28:ca:
- c6:38:14:8c:3d:42:02:db:f2:63:79:ce:00:be:90:b6:0a:5f:
- 23:5a:06:37:c3:34:da:09:1f:66:c8:29:11:0c:b0:8e:ac:43:
- b3:a9:8b:eb:71:38:9c:ed:cf:7c:00:55:47:a4:48:6b:a8:1c:
- 13:4a:b7:bf:4a:48:72:10:32:a7:48:64:d7:82:60:64:cb:a0:
- 20:6a:20:13:d9:0a:09:03:8b:be:76:f1:23:af:90:73:d9:de:
- 65:23:0d:07:04:48:61:f1:9a:c8:37:41:ff:65:72:27:de:88:
- 82:ca:8f:eb:92:2c:8e:b3:ab:dc:26:ff:d4:3d:d8:99:66:c5:
- f8:c4:cc:54:ac:98:21:29:65:ac:77:4e:f6:12:de:f5:ba:cc:
- 1b:ee:eb:08:bf:fe:33:77:19:a5:5c:43:6c:30:40:40:e2:6c:
- bf:93:e0:af
------BEGIN CERTIFICATE-----
-MIIDVDCCAjygAwIBAgIQFtZ+vbcWvVEMNA0I+ozLsTANBgkqhkiG9w0BAQsFADAW
-MRQwEgYDVQQDDAtFYXN5LVJTQSBDQTAeFw0yMjAxMjcxNjU0NDhaFw0zMjAxMjUx
-NjU0NDhaMBExDzANBgNVBAMMBmtrYW5jejCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBALlqY3jgG+gv3HD0SW9se2IFdmBOAU+RBy2yjn/hYU7DJB3abK65
-1d4A1ffPNo+hy5wVTFfodjaDi3vU3gTJBkAywzEB8fW8nJdCTYJHccy4DCyRu8hr
-K2IJ81rFX0DoRnyf2N0go7w0+Wcoru38zT7waM4bAtTa0gt0tjIROW5TgKfhuQaW
-ru+O3Q4mBXosRn32uq9vPkSL+v9A/T4yZKX3J2D3hSgz4qMvWjfNFQL/KLWVpD3u
-AZ+Gdi0BPbTn4h/7vh9qL+hQaCothjrvOPFG3+dcU7BjE4C0Tbhgeu5xZ7zIIYNk
-b0UHGYfzScJjBFk/bYAhDi9OzLV8OEfEe6UCAwEAAaOBojCBnzAJBgNVHRMEAjAA
-MB0GA1UdDgQWBBSeMrusJm+aBHOluULaKUaVyN7zBTBRBgNVHSMESjBIgBRJQ1tS
-+DF4tYR0eo0n0yIfqdTCpaEapBgwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0GCFHXP
-MTul9juXSk26FNFYypPL8X+lMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQE
-AwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAagcEVDypTAVynnhrpt2oCRULy1StVJH5
-je5hN6OXkp6XJU3blpGfOUWS5dcGRVeJ75a/R8VahMhteHpDAvUPS397BElTS4UT
-Wst1BvO6iwuD8hrfJwsXsijKxjgUjD1CAtvyY3nOAL6QtgpfI1oGN8M02gkfZsgp
-EQywjqxDs6mL63E4nO3PfABVR6RIa6gcE0q3v0pIchAyp0hk14JgZMugIGogE9kK
-CQOLvnbxI6+Qc9neZSMNBwRIYfGayDdB/2VyJ96IgsqP65IsjrOr3Cb/1D3YmWbF
-+MTMVKyYISllrHdO9hLe9brMG+7rCL/+M3cZpVxDbDBAQOJsv5Pgrw==
------END CERTIFICATE-----
-</cert>
-
-<key>
------BEGIN PRIVATE KEY-----
-MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC5amN44BvoL9xw
-9ElvbHtiBXZgTgFPkQctso5/4WFOwyQd2myuudXeANX3zzaPocucFUxX6HY2g4t7
-1N4EyQZAMsMxAfH1vJyXQk2CR3HMuAwskbvIaytiCfNaxV9A6EZ8n9jdIKO8NPln
-KK7t/M0+8GjOGwLU2tILdLYyETluU4Cn4bkGlq7vjt0OJgV6LEZ99rqvbz5Ei/r/
-QP0+MmSl9ydg94UoM+KjL1o3zRUC/yi1laQ97gGfhnYtAT205+If+74fai/oUGgq
-LYY67zjxRt/nXFOwYxOAtE24YHrucWe8yCGDZG9FBxmH80nCYwRZP22AIQ4vTsy1
-fDhHxHulAgMBAAECggEAUkCo6gl5N9Jrl0w3e4+DWKOVtPlFyZdLuPD6GC7SbQ9S
-aU/pYMWd44M5aFprGOKsoYwtNt4v+tT2PrPa3gKTnE0onAgB34KRcOR/3+hzyl5n
-QCpSRIGOWEqTw1PFgtTH2CdNHCOLn0Vc0m+Q0pCQOHiL9cqzwdtkzKI05RcRBCiT
-aMehWb4fBE9H1isI4K8I9o4EFCiEs3PdRDgIuokLn1cCRXWXqEpU9YYiSu0typkI
-iBowhKMyaAe0XXn/U+e8UsDlyWZoG1kaGwJNcimGkAESTZluItOO17Uhq5DbhxaV
-bQMZPdCNY9MLCei8aBARwe9hzXsTongM6C/JjAlsIQKBgQDkc7JTr4Slr3LCqpdw
-MgppsrK0b7R553yB4i9sBvjr0S5P6/Zm+7h7Z9ercPQpvzoenAICt2e5dHWcyZvu
-lphhVmEc6WoxuLXoCL6cD961qKJzTvlBlsa5tvJMLJ6pYZWuF+ajRumzeJBjkEpM
-iSkK+T95qYblc9NY2Hv4joYmGQKBgQDPxik7HWZMHXCyCmu7GoDbxHNUklY121oD
-ciudOKco5GZY/U3/OUbDIp/30TLH4vJi3/3fJ/l02E19Fpd3abF2HG0Fjg1vMCXK
-Gp1A7shoXGVkbT4m4ytl0GE2qbMfGZyqPze2q8OfgOjNyVh4OCynMafZBujnrFAy
-chsZV6K7bQKBgHM7TIrbsJvmKIu6gpKMGyZ/hZZv9ee7dNkK3wKtbad9JtAXZH1D
-oSVWFroaSn44P7eq13TJUB+Cd8SzCN1KxufqKyfrMK6NzeuRZZvQgXS979sbzaxg
-wjJw7jywEQO8/kQHOEXJgh4NxT8DTAbY9IPdfz/929YnG0boQ3f3ZAEZAoGAbjqy
-SyN4zy7bSAmRSA1yiaV6jkaoqB/8bFGY4+tXe7FYvyN7ysjHSuVGuwHoj/VOJLiz
-Bj498QiEa7WdnAOd24yPJmBLrk577fIatYU5G2zReesfCyCAOJ7JxGdZmUlMPWIW
-m7oaqbeJSwvj/LvIrNcCNnic/bQERA8XY2WD9y0CgYAaqBh90AJbHUUKnBu9YhiF
-Yo50N5W6iaP8LIYxBVReOo9T0AdSsZAne9g9kWvkWz7XOdJlpTmT9uBX6Hvd3GKf
-S/j2xQt9sct0/pLp7tVCMMudZflafo1yOa1w2Z+augMX94CZcW9FIAWZFpR9hg5Q
-J7FYKqXP64A1Ef1OVIUeLw==
------END PRIVATE KEY-----
-</key>
-
-<tls-auth>
-#
-# 2048 bit OpenVPN static key
-#
------BEGIN OpenVPN Static key V1-----
-7a5f3c2dd505666b595d6a03a6d627e1
-9babefe23197dc2181a7d1c00b3f5fd6
-7f28ea49abf33ea7422e0ab63c9eae14
-261ce5c099dd27ae26ba9b70b87737fa
-313a21b5e9d99ae382649eb1d0344703
-5a3b99fb9a1cddf03a89aed78fd3be92
-37ba0fa96e49814ea45495148a6552b4
-5f85d6fcc38fe88fbf8f86e0a0e33894
-89c418f65d4c8fc04ca6e59c61024995
-50547f35e5a7985d6415a7304d9340fd
-9f7ff6bb6f063a745fc3d656f275e07c
-8486233627fb96b8d798fbe8d2f8171d
-afc8bf5677ebef7ab1d80c8495d7262b
-c20efbdcc8645b48b68d6a537d9fb3f3
-03e345699bea11b99d9ace6fa5cd1e1d
-5d0951970c379d3e0b28bcaf453c2700
------END OpenVPN Static key V1-----
-</tls-auth>
+++ /dev/null
-##############################################
-# Sample client-side OpenVPN 2.0 config file #
-# for connecting to multi-client server. #
-# #
-# This configuration can be used by multiple #
-# clients, however each client should have #
-# its own cert and key files. #
-# #
-# On Windows, you might want to rename this #
-# file so it has a .ovpn extension #
-##############################################
-
-# Specify that we are a client and that we
-# will be pulling certain config file directives
-# from the server.
-client
-
-# Use the same setting as you are using on
-# the server.
-# On most systems, the VPN will not function
-# unless you partially or fully disable
-# the firewall for the TUN/TAP interface.
-;dev tap
-dev tun
-
-# Windows needs the TAP-Win32 adapter name
-# from the Network Connections panel
-# if you have more than one. On XP SP2,
-# you may need to disable the firewall
-# for the TAP adapter.
-;dev-node MyTap
-
-# Are we connecting to a TCP or
-# UDP server? Use the same setting as
-# on the server.
-;proto tcp
-proto udp
-
-# The hostname/IP and port of the server.
-# You can have multiple remote entries
-# to load balance between the servers.
-remote vpn.userrendszerhaz.hu 1194
-
-# Choose a random host from the remote
-# list for load-balancing. Otherwise
-# try hosts in the order specified.
-;remote-random
-
-# Keep trying indefinitely to resolve the
-# host name of the OpenVPN server. Very useful
-# on machines which are not permanently connected
-# to the internet such as laptops.
-resolv-retry infinite
-
-# Most clients don't need to bind to
-# a specific local port number.
-nobind
-
-# Downgrade privileges after initialization (non-Windows only)
-user nobody
-group nobody
-
-# Try to preserve some state across restarts.
-persist-key
-persist-tun
-
-# If you are connecting through an
-# HTTP proxy to reach the actual OpenVPN
-# server, put the proxy server/IP and
-# port number here. See the man page
-# if your proxy server requires
-# authentication.
-;http-proxy-retry # retry on connection failures
-;http-proxy [proxy server] [proxy port #]
-
-# Wireless networks often produce a lot
-# of duplicate packets. Set this flag
-# to silence duplicate packet warnings.
-;mute-replay-warnings
-
-# SSL/TLS parms.
-# See the server config file for more
-# description. It's best to use
-# a separate .crt/.key file pair
-# for each client. A single ca
-# file can be used for all clients.
-;ca ca.crt
-;cert client.crt
-;key client.key
-
-# Verify server certificate by checking that the
-# certificate has the correct key usage set.
-# This is an important precaution to protect against
-# a potential attack discussed here:
-# http://openvpn.net/howto.html#mitm
-#
-# To use this feature, you will need to generate
-# your server certificates with the keyUsage set to
-# digitalSignature, keyEncipherment
-# and the extendedKeyUsage to
-# serverAuth
-# EasyRSA can do this for you.
-remote-cert-tls server
-
-# If a tls-auth key is used on the server
-# then every client must also have the key.
-;tls-auth ta.key 1
-key-direction 1
-
-# Select a cryptographic cipher.
-# If the cipher option is used on the server
-# then you must also specify it here.
-# Note that v2.4 client/server will automatically
-# negotiate AES-256-GCM in TLS mode.
-# See also the data-ciphers option in the manpage
-cipher AES-256-CBC
-
-# Enable compression on the VPN link.
-# Don't enable this unless it is also
-# enabled in the server config file.
-#comp-lzo
-
-# Set log file verbosity.
-verb 3
-
-# Silence repeating messages
-;mute 20
-
-<ca>
------BEGIN CERTIFICATE-----
-MIIDSzCCAjOgAwIBAgIUdc8xO6X2O5dKTboU0VjKk8vxf6UwDQYJKoZIhvcNAQEL
-BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjIwMTI3MTYyMjI1WhcNMzIw
-MTI1MTYyMjI1WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBANfUW/VYGBdUDdq3yGWMD7TDDoXNFX+FaESEj8ad
-KhU3aakSF2bltPSLV0OKh+6H0avL1sPwvgleI7mmHU3PnyOTt4Seeikhcx9ZMLTZ
-NJ5unObrnfCyTOrpg7oQGUfu/eYsF3wAxXkQp/CG3aq++eTc741V3HVoj8slPtqJ
-7wMPMWDOgqENgIitOYD5gA9iywoLthXsIrPtWKy2zo8kUTQ3KE61UOEUa1I9r+3X
-EMM25lCid8I4kPTRU4JMbFvFqM+q3EOhMXeLlzAj6bD0ebmndxUyJLvbDBC5Uk9Q
-4CJsMRFhXTZZVUeCdmzvt4iUBZXN1P9AeM9lYCw4ZOjIknECAwEAAaOBkDCBjTAd
-BgNVHQ4EFgQUSUNbUvgxeLWEdHqNJ9MiH6nUwqUwUQYDVR0jBEowSIAUSUNbUvgx
-eLWEdHqNJ9MiH6nUwqWhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghR1zzE7
-pfY7l0pNuhTRWMqTy/F/pTAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq
-hkiG9w0BAQsFAAOCAQEAn4m1/6ptyMlGlobrZJ1/zpFykrHdlsFU2JbfVKB1Cu3P
-Hz9rJ0ai3du++7TObktNkALQgMy+i6eGH6+EbLp9lazcRRdJPVhJIuhQX9hvzQfk
-F/mM5wRJd6Rg6Cy8SDp0KYPwOM74Xck9ukvIPxdWd6omgu0b0qpruc58P0AW2Tjk
-XIP5YnBTBQGmN7NUzrJ4zWLKEJbOOi/P47oqEwYBGaWquLBsCPq03oDMs8EsGTcO
-90k9S8vgrrZfW4jHfkOmmNepgvt3g4A3g7Y9qYKLQi6vBtDOpK8OWfD6kIXBxqNt
-uSXdVmSwgbCTdXsMU3aEnVEyvgnlw/Wz+tXo+gLb5w==
------END CERTIFICATE-----
-</ca>
-
-<cert>
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 7f:02:84:bd:04:07:a8:de:a7:7a:76:16:b2:25:d0:8e
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:54:58 2022 GMT
- Not After : Jan 25 16:54:58 2032 GMT
- Subject: CN=kvajda
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:d1:7a:06:e5:cf:eb:9b:3f:97:77:e5:31:89:cf:
- 0a:4d:63:b4:7d:df:31:04:83:62:eb:5c:b9:75:35:
- d2:b1:9b:60:63:36:3a:70:3e:e1:5f:f4:22:0b:7c:
- 32:ed:c7:bb:64:44:4a:5a:9b:a6:3a:5b:b5:a5:f8:
- a0:c3:bb:c4:a4:10:5a:99:b1:0c:d1:05:ae:08:25:
- 15:dd:af:b6:2e:cf:96:eb:35:25:d7:73:e3:a8:d4:
- eb:fc:a9:5e:37:71:35:aa:1a:58:4d:57:df:a7:8c:
- 27:0b:76:28:98:0b:17:98:74:25:3c:54:21:52:5e:
- 38:ce:e2:7f:fd:50:17:43:3c:fc:4c:b9:6b:28:53:
- 59:89:e2:b9:f8:ec:b6:1e:14:b4:f6:8a:51:3e:d2:
- 1b:04:77:8f:a3:7d:57:f2:14:0b:7c:e5:70:ca:1a:
- 57:7c:e1:b2:1a:5e:ad:fc:af:c9:dd:d4:81:4c:19:
- 2c:bd:b6:c3:5b:fa:3d:f9:2d:ad:06:be:49:84:01:
- f6:44:ca:a3:bb:2a:23:4c:b2:ea:d8:67:36:22:ca:
- c6:c6:19:df:b1:fa:31:1b:c4:40:dc:4e:c7:0a:66:
- 22:5c:25:36:2d:5b:22:23:f6:5d:bd:c9:b3:95:ef:
- c0:82:a2:d9:d8:eb:d2:05:4d:e5:31:1f:8a:0c:05:
- 0d:bd
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 5C:FF:92:2D:39:79:AC:9A:F5:F2:B6:9D:63:81:87:78:07:94:0F:04
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- a8:5b:2c:2d:3a:6a:d1:9d:1a:44:b3:ef:14:fd:63:2b:fd:72:
- 79:4e:3a:30:ff:1b:91:82:fc:7f:c8:bf:45:05:74:ed:e9:94:
- d4:73:4d:66:f7:82:b7:7e:b2:e3:41:fc:f8:b6:2c:c2:a0:64:
- af:e3:05:65:80:51:5e:6a:cb:c6:2d:33:84:d0:bc:ba:40:c5:
- c7:0e:2d:05:16:b5:81:7a:de:6a:d6:13:aa:b2:58:5d:18:72:
- 1a:98:9f:be:2b:00:67:70:7a:82:1c:9b:6f:38:5a:7a:60:ee:
- d5:1a:fd:8f:8f:d2:55:87:bc:b9:bc:e0:c0:bf:d6:ec:09:70:
- a2:2a:50:6e:de:41:75:99:bd:c9:5e:8c:5e:52:09:3b:3d:1c:
- e0:c7:05:ec:65:64:7f:e4:57:98:0d:2e:c7:79:5f:6f:9b:f4:
- b0:bb:cc:58:f0:dd:c4:c0:04:a6:a3:8f:ae:1d:74:c3:04:73:
- 56:5e:e4:4b:2b:ef:87:d9:c6:84:1d:bd:a7:17:63:8d:8a:31:
- 99:6e:d7:e9:15:56:b1:00:b7:5f:49:c9:44:71:f2:6d:14:b5:
- 06:b9:7a:7f:e5:8d:fb:8e:a3:f1:f4:52:c7:72:3b:6c:f4:50:
- d1:c8:c5:26:4a:40:6b:16:08:7e:ab:c9:8c:54:3c:94:57:5e:
- 3e:52:84:f7
------BEGIN CERTIFICATE-----
-MIIDVDCCAjygAwIBAgIQfwKEvQQHqN6nenYWsiXQjjANBgkqhkiG9w0BAQsFADAW
-MRQwEgYDVQQDDAtFYXN5LVJTQSBDQTAeFw0yMjAxMjcxNjU0NThaFw0zMjAxMjUx
-NjU0NThaMBExDzANBgNVBAMMBmt2YWpkYTCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBANF6BuXP65s/l3flMYnPCk1jtH3fMQSDYutcuXU10rGbYGM2OnA+
-4V/0Igt8Mu3Hu2RESlqbpjpbtaX4oMO7xKQQWpmxDNEFrgglFd2vti7Plus1Jddz
-46jU6/ypXjdxNaoaWE1X36eMJwt2KJgLF5h0JTxUIVJeOM7if/1QF0M8/Ey5ayhT
-WYniufjsth4UtPaKUT7SGwR3j6N9V/IUC3zlcMoaV3zhshperfyvyd3UgUwZLL22
-w1v6PfktrQa+SYQB9kTKo7sqI0yy6thnNiLKxsYZ37H6MRvEQNxOxwpmIlwlNi1b
-IiP2Xb3Js5XvwIKi2djr0gVN5TEfigwFDb0CAwEAAaOBojCBnzAJBgNVHRMEAjAA
-MB0GA1UdDgQWBBRc/5ItOXmsmvXytp1jgYd4B5QPBDBRBgNVHSMESjBIgBRJQ1tS
-+DF4tYR0eo0n0yIfqdTCpaEapBgwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0GCFHXP
-MTul9juXSk26FNFYypPL8X+lMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQE
-AwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAqFssLTpq0Z0aRLPvFP1jK/1yeU46MP8b
-kYL8f8i/RQV07emU1HNNZveCt36y40H8+LYswqBkr+MFZYBRXmrLxi0zhNC8ukDF
-xw4tBRa1gXreatYTqrJYXRhyGpifvisAZ3B6ghybbzhaemDu1Rr9j4/SVYe8ubzg
-wL/W7AlwoipQbt5BdZm9yV6MXlIJOz0c4McF7GVkf+RXmA0ux3lfb5v0sLvMWPDd
-xMAEpqOPrh10wwRzVl7kSyvvh9nGhB29pxdjjYoxmW7X6RVWsQC3X0nJRHHybRS1
-Brl6f+WN+46j8fRSx3I7bPRQ0cjFJkpAaxYIfqvJjFQ8lFdePlKE9w==
------END CERTIFICATE-----
-</cert>
-
-<key>
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDRegblz+ubP5d3
-5TGJzwpNY7R93zEEg2LrXLl1NdKxm2BjNjpwPuFf9CILfDLtx7tkREpam6Y6W7Wl
-+KDDu8SkEFqZsQzRBa4IJRXdr7Yuz5brNSXXc+Oo1Ov8qV43cTWqGlhNV9+njCcL
-diiYCxeYdCU8VCFSXjjO4n/9UBdDPPxMuWsoU1mJ4rn47LYeFLT2ilE+0hsEd4+j
-fVfyFAt85XDKGld84bIaXq38r8nd1IFMGSy9tsNb+j35La0GvkmEAfZEyqO7KiNM
-surYZzYiysbGGd+x+jEbxEDcTscKZiJcJTYtWyIj9l29ybOV78CCotnY69IFTeUx
-H4oMBQ29AgMBAAECggEAA9RFOAI6/lWFQU3RQAGm4I9IB10DGmAEeOTzBu968IA0
-nNuq6c5cdFKUJL2aeLpD9KtC6LEbsslmYqhO2AUgrRcXcOPJpjCCY+e5pJnHrMdi
-rN4F2RBnQvjRb4bxD/Zj0r40iwVmMzveotkAGPdq8QB+hcHL8iOCylVdnZXPNw1n
-2kgDW7Fjl5uK6QTV+rLeHKIhLJnpib6plYX2LT9DYTxvSO2Dk1iEn1ORR57lLQie
-dD85fmnugt4Cb7KA/0YeaGlekL3sPHhzT70d74MzAmiprEDydOZ0vNOUHO9Vpkm3
-swG7JmXOeNuA0EUmbDjbdI1Ug34PWnD8/08z2UkzCQKBgQD429emRyh5rq52onJ9
-fmLArdxvOX3IrE4t7yPNQTpuHGqlc3mvBLIVY6/ICoHjbPAxxIMAYsIJL7xxU+ah
-TaHtmWcL1vBRXqPXn4yIcECw6L1wEiyJh+anzsh2ceOBz16yBWFCIgBrJwX9eG+E
-2gxi3zcr/UQMphSRWMMw1PMnewKBgQDXfOCQX/B57VbFJBnY/YmbfueexCK3R3N2
-LdKN2f+Ee3G1QDuwZ+zypmb4EcSYPu6tXjMTpQPqS8GUuLxtNoWP8X2lK4E3x6Zl
-R1eaQkxyFBXeadupiS/SG8R1Qe+iDW9Lbfc0jRK6sUxVNR6g+nB4QxevZEtGwrrx
-fAERvQr+JwKBgGo9ICECO8tGwYAv9YSRkgMDthldh89Fj9KYRsZ3VERxqS2c0JPh
-A02SUxapNa4rcZctd2eQwZk+YcpXsRunkrtmQ9GQHuP97SA+IraUhWmA0m6ns4+7
-DsMQyg+WqzNdneWN2mlrLpaQAESnR6SFmcgT1u/WnVhxBlLOe/W601tFAoGAKAj7
-b9djRkPiKx5Z7war2kfpoIWwLX0I5pv80n3+Cw8kQRh9/nhQfYSM/OnQLLkEfxFR
-TAUMhSst/AOWfnPyvJuRTG6Yw1REheyLSg2nRkqVBY2FUio6yD6AcYiejO0SEGGN
-3CWZpTXriKkl16Kv4qgUbnGjyrHDKbpwOGt272ECgYEA8blqgKwA5MMA4GGPyN4h
-Y7OzvbBU63EbEjszV+oeADjVqLyucGuWSSJxAdbEtmJM9zwzUYAxswXwr/LgEIEL
-j1LmrQ7ASXzaOosZnu3SxM003jarqcDWhQxoH6MuZE0/tuWwaEpws/nRyQhV/INB
-WmlVEtGP9Ny/1daWt4tVk/w=
------END PRIVATE KEY-----
-</key>
-
-<tls-auth>
-#
-# 2048 bit OpenVPN static key
-#
------BEGIN OpenVPN Static key V1-----
-7a5f3c2dd505666b595d6a03a6d627e1
-9babefe23197dc2181a7d1c00b3f5fd6
-7f28ea49abf33ea7422e0ab63c9eae14
-261ce5c099dd27ae26ba9b70b87737fa
-313a21b5e9d99ae382649eb1d0344703
-5a3b99fb9a1cddf03a89aed78fd3be92
-37ba0fa96e49814ea45495148a6552b4
-5f85d6fcc38fe88fbf8f86e0a0e33894
-89c418f65d4c8fc04ca6e59c61024995
-50547f35e5a7985d6415a7304d9340fd
-9f7ff6bb6f063a745fc3d656f275e07c
-8486233627fb96b8d798fbe8d2f8171d
-afc8bf5677ebef7ab1d80c8495d7262b
-c20efbdcc8645b48b68d6a537d9fb3f3
-03e345699bea11b99d9ace6fa5cd1e1d
-5d0951970c379d3e0b28bcaf453c2700
------END OpenVPN Static key V1-----
-</tls-auth>
+++ /dev/null
-##############################################
-# Sample client-side OpenVPN 2.0 config file #
-# for connecting to multi-client server. #
-# #
-# This configuration can be used by multiple #
-# clients, however each client should have #
-# its own cert and key files. #
-# #
-# On Windows, you might want to rename this #
-# file so it has a .ovpn extension #
-##############################################
-
-# Specify that we are a client and that we
-# will be pulling certain config file directives
-# from the server.
-client
-
-# Use the same setting as you are using on
-# the server.
-# On most systems, the VPN will not function
-# unless you partially or fully disable
-# the firewall for the TUN/TAP interface.
-;dev tap
-dev tun
-
-# Windows needs the TAP-Win32 adapter name
-# from the Network Connections panel
-# if you have more than one. On XP SP2,
-# you may need to disable the firewall
-# for the TAP adapter.
-;dev-node MyTap
-
-# Are we connecting to a TCP or
-# UDP server? Use the same setting as
-# on the server.
-;proto tcp
-proto udp
-
-# The hostname/IP and port of the server.
-# You can have multiple remote entries
-# to load balance between the servers.
-remote vpn.userrendszerhaz.hu 1194
-
-# Choose a random host from the remote
-# list for load-balancing. Otherwise
-# try hosts in the order specified.
-;remote-random
-
-# Keep trying indefinitely to resolve the
-# host name of the OpenVPN server. Very useful
-# on machines which are not permanently connected
-# to the internet such as laptops.
-resolv-retry infinite
-
-# Most clients don't need to bind to
-# a specific local port number.
-nobind
-
-# Downgrade privileges after initialization (non-Windows only)
-user nobody
-group nobody
-
-# Try to preserve some state across restarts.
-persist-key
-persist-tun
-
-# If you are connecting through an
-# HTTP proxy to reach the actual OpenVPN
-# server, put the proxy server/IP and
-# port number here. See the man page
-# if your proxy server requires
-# authentication.
-;http-proxy-retry # retry on connection failures
-;http-proxy [proxy server] [proxy port #]
-
-# Wireless networks often produce a lot
-# of duplicate packets. Set this flag
-# to silence duplicate packet warnings.
-;mute-replay-warnings
-
-# SSL/TLS parms.
-# See the server config file for more
-# description. It's best to use
-# a separate .crt/.key file pair
-# for each client. A single ca
-# file can be used for all clients.
-;ca ca.crt
-;cert client.crt
-;key client.key
-
-# Verify server certificate by checking that the
-# certificate has the correct key usage set.
-# This is an important precaution to protect against
-# a potential attack discussed here:
-# http://openvpn.net/howto.html#mitm
-#
-# To use this feature, you will need to generate
-# your server certificates with the keyUsage set to
-# digitalSignature, keyEncipherment
-# and the extendedKeyUsage to
-# serverAuth
-# EasyRSA can do this for you.
-remote-cert-tls server
-
-# If a tls-auth key is used on the server
-# then every client must also have the key.
-;tls-auth ta.key 1
-key-direction 1
-
-# Select a cryptographic cipher.
-# If the cipher option is used on the server
-# then you must also specify it here.
-# Note that v2.4 client/server will automatically
-# negotiate AES-256-GCM in TLS mode.
-# See also the data-ciphers option in the manpage
-cipher AES-256-CBC
-
-# Enable compression on the VPN link.
-# Don't enable this unless it is also
-# enabled in the server config file.
-#comp-lzo
-
-# Set log file verbosity.
-verb 3
-
-# Silence repeating messages
-;mute 20
-
-<ca>
------BEGIN CERTIFICATE-----
-MIIDSzCCAjOgAwIBAgIUdc8xO6X2O5dKTboU0VjKk8vxf6UwDQYJKoZIhvcNAQEL
-BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjIwMTI3MTYyMjI1WhcNMzIw
-MTI1MTYyMjI1WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBANfUW/VYGBdUDdq3yGWMD7TDDoXNFX+FaESEj8ad
-KhU3aakSF2bltPSLV0OKh+6H0avL1sPwvgleI7mmHU3PnyOTt4Seeikhcx9ZMLTZ
-NJ5unObrnfCyTOrpg7oQGUfu/eYsF3wAxXkQp/CG3aq++eTc741V3HVoj8slPtqJ
-7wMPMWDOgqENgIitOYD5gA9iywoLthXsIrPtWKy2zo8kUTQ3KE61UOEUa1I9r+3X
-EMM25lCid8I4kPTRU4JMbFvFqM+q3EOhMXeLlzAj6bD0ebmndxUyJLvbDBC5Uk9Q
-4CJsMRFhXTZZVUeCdmzvt4iUBZXN1P9AeM9lYCw4ZOjIknECAwEAAaOBkDCBjTAd
-BgNVHQ4EFgQUSUNbUvgxeLWEdHqNJ9MiH6nUwqUwUQYDVR0jBEowSIAUSUNbUvgx
-eLWEdHqNJ9MiH6nUwqWhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghR1zzE7
-pfY7l0pNuhTRWMqTy/F/pTAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq
-hkiG9w0BAQsFAAOCAQEAn4m1/6ptyMlGlobrZJ1/zpFykrHdlsFU2JbfVKB1Cu3P
-Hz9rJ0ai3du++7TObktNkALQgMy+i6eGH6+EbLp9lazcRRdJPVhJIuhQX9hvzQfk
-F/mM5wRJd6Rg6Cy8SDp0KYPwOM74Xck9ukvIPxdWd6omgu0b0qpruc58P0AW2Tjk
-XIP5YnBTBQGmN7NUzrJ4zWLKEJbOOi/P47oqEwYBGaWquLBsCPq03oDMs8EsGTcO
-90k9S8vgrrZfW4jHfkOmmNepgvt3g4A3g7Y9qYKLQi6vBtDOpK8OWfD6kIXBxqNt
-uSXdVmSwgbCTdXsMU3aEnVEyvgnlw/Wz+tXo+gLb5w==
------END CERTIFICATE-----
-</ca>
-
-<cert>
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- c3:0f:84:cf:71:19:04:e9:f7:bc:b1:ad:5d:99:6b:80
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:55:11 2022 GMT
- Not After : Jan 25 16:55:11 2032 GMT
- Subject: CN=mszabo
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:b7:e3:57:e4:6d:41:2f:71:88:38:35:5c:fb:54:
- 6d:75:dc:d4:fc:38:95:81:ed:98:13:6a:1b:aa:db:
- 41:fb:2d:8b:ff:1d:49:9c:08:9e:b5:4a:a0:7c:48:
- 96:87:1d:8d:ea:df:85:ad:5a:23:a0:7c:9a:ec:97:
- 9c:73:20:06:2b:02:06:67:2b:86:fb:94:7f:e8:ff:
- 3e:e2:3c:f4:3d:13:40:f2:6d:3c:15:5d:72:a2:7d:
- b0:c2:0a:17:a2:a3:83:66:52:e9:0a:04:b2:f1:b7:
- 1d:86:93:f9:11:82:bd:26:5a:b5:39:9d:61:d2:34:
- 78:25:24:c6:fd:e7:c8:3b:c8:bb:8d:98:fa:cf:5f:
- b8:e4:a8:93:2d:68:70:51:b9:2c:d0:7c:31:94:4a:
- 00:b9:2d:d4:29:2a:b2:18:54:27:77:2f:e0:3c:a7:
- f4:0a:16:c7:9c:a9:a0:b1:ba:54:43:a2:52:14:58:
- 71:74:63:f6:9b:e6:5e:89:09:8c:a5:1c:ae:41:82:
- 01:8d:2c:94:ad:a1:c0:47:c7:1a:8b:79:06:c6:3e:
- 66:9b:d9:37:64:70:7b:d6:c3:f1:02:81:9f:4c:42:
- 5d:da:c0:95:ca:96:e4:7f:41:75:72:f3:35:eb:e2:
- a1:97:78:3d:07:6d:90:27:d0:41:b1:74:1a:ee:1d:
- 0c:7f
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 54:03:3E:8D:18:23:6D:03:63:E7:22:D6:12:21:9B:0A:0B:24:47:19
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- 6b:11:da:f5:70:9e:8f:07:ec:18:40:e5:2e:65:9c:10:36:55:
- 83:13:8e:3e:5e:82:8a:3d:db:6b:ac:fc:6f:ea:8d:9d:97:27:
- 47:a6:b1:d4:b7:4d:f5:b6:36:dc:62:7d:66:be:f1:ab:24:29:
- f2:b2:89:83:49:e4:de:40:00:74:ca:e8:7e:92:2a:3c:65:e0:
- 6d:ac:5a:5c:76:31:27:2d:57:82:8e:e4:cb:ee:8b:a1:db:a2:
- f8:e1:12:25:93:d1:79:1f:82:93:2b:d8:83:37:07:6b:b5:bc:
- 48:4f:bf:36:23:ea:04:23:0f:81:87:3a:d7:e5:51:75:ce:7e:
- e4:fd:76:ee:ff:df:31:4b:2f:28:9e:9e:28:c1:2a:01:ab:66:
- a3:b8:95:17:70:1f:2f:7b:06:da:ca:73:81:e3:a5:5b:1a:74:
- 4c:8d:93:df:3e:56:ef:f7:16:0c:8b:78:5c:69:35:af:9a:64:
- df:bc:12:ac:c8:77:48:94:4f:b8:28:5f:86:dd:ff:4c:b8:8e:
- 0c:64:5b:9b:ce:24:5e:02:53:6a:78:f3:41:a2:86:7b:07:43:
- 64:92:2c:fa:77:18:f0:31:58:05:e4:76:2a:60:cf:71:6b:2b:
- c9:71:d4:e2:48:00:0b:d9:59:1a:3c:dd:bf:55:54:ea:79:fd:
- 44:37:79:b8
------BEGIN CERTIFICATE-----
-MIIDVTCCAj2gAwIBAgIRAMMPhM9xGQTp97yxrV2Za4AwDQYJKoZIhvcNAQELBQAw
-FjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjIwMTI3MTY1NTExWhcNMzIwMTI1
-MTY1NTExWjARMQ8wDQYDVQQDDAZtc3phYm8wggEiMA0GCSqGSIb3DQEBAQUAA4IB
-DwAwggEKAoIBAQC341fkbUEvcYg4NVz7VG113NT8OJWB7ZgTahuq20H7LYv/HUmc
-CJ61SqB8SJaHHY3q34WtWiOgfJrsl5xzIAYrAgZnK4b7lH/o/z7iPPQ9E0DybTwV
-XXKifbDCCheio4NmUukKBLLxtx2Gk/kRgr0mWrU5nWHSNHglJMb958g7yLuNmPrP
-X7jkqJMtaHBRuSzQfDGUSgC5LdQpKrIYVCd3L+A8p/QKFsecqaCxulRDolIUWHF0
-Y/ab5l6JCYylHK5BggGNLJStocBHxxqLeQbGPmab2TdkcHvWw/ECgZ9MQl3awJXK
-luR/QXVy8zXr4qGXeD0HbZAn0EGxdBruHQx/AgMBAAGjgaIwgZ8wCQYDVR0TBAIw
-ADAdBgNVHQ4EFgQUVAM+jRgjbQNj5yLWEiGbCgskRxkwUQYDVR0jBEowSIAUSUNb
-UvgxeLWEdHqNJ9MiH6nUwqWhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghR1
-zzE7pfY7l0pNuhTRWMqTy/F/pTATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8E
-BAMCB4AwDQYJKoZIhvcNAQELBQADggEBAGsR2vVwno8H7BhA5S5lnBA2VYMTjj5e
-goo922us/G/qjZ2XJ0emsdS3TfW2NtxifWa+8askKfKyiYNJ5N5AAHTK6H6SKjxl
-4G2sWlx2MSctV4KO5Mvui6HbovjhEiWT0XkfgpMr2IM3B2u1vEhPvzYj6gQjD4GH
-OtflUXXOfuT9du7/3zFLLyienijBKgGrZqO4lRdwHy97BtrKc4HjpVsadEyNk98+
-Vu/3FgyLeFxpNa+aZN+8EqzId0iUT7goX4bd/0y4jgxkW5vOJF4CU2p480GihnsH
-Q2SSLPp3GPAxWAXkdipgz3FrK8lx1OJIAAvZWRo83b9VVOp5/UQ3ebg=
------END CERTIFICATE-----
-</cert>
-
-<key>
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC341fkbUEvcYg4
-NVz7VG113NT8OJWB7ZgTahuq20H7LYv/HUmcCJ61SqB8SJaHHY3q34WtWiOgfJrs
-l5xzIAYrAgZnK4b7lH/o/z7iPPQ9E0DybTwVXXKifbDCCheio4NmUukKBLLxtx2G
-k/kRgr0mWrU5nWHSNHglJMb958g7yLuNmPrPX7jkqJMtaHBRuSzQfDGUSgC5LdQp
-KrIYVCd3L+A8p/QKFsecqaCxulRDolIUWHF0Y/ab5l6JCYylHK5BggGNLJStocBH
-xxqLeQbGPmab2TdkcHvWw/ECgZ9MQl3awJXKluR/QXVy8zXr4qGXeD0HbZAn0EGx
-dBruHQx/AgMBAAECggEALrcBmBUtTykvauAbm/mpyRxtuxmA2b4LOTtmhfQngfDj
-NM8y6QHDl9i6hnhGTVLzv6xDIHPawyWEkgA+DX0gNALSr5j+NKFYEU/uoLjNb0qZ
-4Dxh3CeePKtjoRfBQ174vaDodNQWxZM4W/zxdEJbXQgEK/vQYv9TWlRKfSxJ0O3S
-KXLsktKS7GUjJZK/qWZCzi5/WesHpFnxHhoZEUqhWaaeo8LnulU7xlD47R2UYWkR
-09YKVjQ5vlcVitIcquBLHT2ranO/+Bdktt7XVwxnKMrPqZojMlLw72BneAC4HStb
-CcwzekyTQSMe9/R/pEg+sYIVpiroYD9sQL5Yuq4NKQKBgQDq6M56o+MFx8uSaMsp
-4q6mAcnIXOMSJ+vcXUyW0b2eYAQNss5LROfK5C2TVNtPobXdJwa/VtO6HZKKBUWM
-ah72jyoGzHg8x0OWxZ8MIqEV0AbSQEUq0ZqKmaH0AZwLKE3nGuPKnupVwEu3a7LW
-8/7/1p8lSQhuLWogD0eP+3vTNQKBgQDIZdrAyPQZvBGNBQrrfvzOyt0ScQq+DKDN
-P9zzYjVg0M9Ii7PPh72N+NqJK9/fHU/A021ulDqjIw5wTw+dMR6++g/ipA5NuSP7
-MOJaL4ZOJ49i9nOT1O+xk3co9UT4sBJp6GvliIPsxsPr5QgxMkpE3m94dO8UnR0x
-oz256BXDYwKBgGcrThvgxIEyaX7o1WmU7B1upZ+A5B2COP10YIHQphXbl4wonp/C
-KIccRcPyPcuwev4g+L6qNJ0GBejmPdBYfzbMU6nevWP8I/wg2SRsRREeZxCKN5aB
-rfz3UoCnAFCKKAS685Z2yvZUWSy6eTYcvT7BlO28MJ6rBXQFIenjilONAoGBAJTY
-wqDLIjQzMr4R7sh4bAKVP5tBB3+eFZoeQ1krqwYcUrpJueb9pdfb7UZRplkshl5t
-LC0kQGGH2mOk9a4GHBYx2ra2sEEesREUgCwIfLN0QtZ4w+QcF2VIaQutEeu9rA+q
-KOo2efbWtBN07J7OAcghh55rDGG9ST/jRifdsLyNAoGAeW1zjD6MFFEYy2rBHyM6
-yswunGISx/Kdy7Rv+1aUSGyfIZ49tn/7dXv1kNBbLElleTxDS2TMWdoIF3soU5BO
-/kthQ8jKa6LvCDVXXvo89kJavdYgcofPCfoA83UxQyPt3D+7gYeVrvZoDEkJtg6w
-oOQXLabZ7qUNkLFcZF0kKXA=
------END PRIVATE KEY-----
-</key>
-
-<tls-auth>
-#
-# 2048 bit OpenVPN static key
-#
------BEGIN OpenVPN Static key V1-----
-7a5f3c2dd505666b595d6a03a6d627e1
-9babefe23197dc2181a7d1c00b3f5fd6
-7f28ea49abf33ea7422e0ab63c9eae14
-261ce5c099dd27ae26ba9b70b87737fa
-313a21b5e9d99ae382649eb1d0344703
-5a3b99fb9a1cddf03a89aed78fd3be92
-37ba0fa96e49814ea45495148a6552b4
-5f85d6fcc38fe88fbf8f86e0a0e33894
-89c418f65d4c8fc04ca6e59c61024995
-50547f35e5a7985d6415a7304d9340fd
-9f7ff6bb6f063a745fc3d656f275e07c
-8486233627fb96b8d798fbe8d2f8171d
-afc8bf5677ebef7ab1d80c8495d7262b
-c20efbdcc8645b48b68d6a537d9fb3f3
-03e345699bea11b99d9ace6fa5cd1e1d
-5d0951970c379d3e0b28bcaf453c2700
------END OpenVPN Static key V1-----
-</tls-auth>
+++ /dev/null
-##############################################
-# Sample client-side OpenVPN 2.0 config file #
-# for connecting to multi-client server. #
-# #
-# This configuration can be used by multiple #
-# clients, however each client should have #
-# its own cert and key files. #
-# #
-# On Windows, you might want to rename this #
-# file so it has a .ovpn extension #
-##############################################
-
-# Specify that we are a client and that we
-# will be pulling certain config file directives
-# from the server.
-client
-
-# Use the same setting as you are using on
-# the server.
-# On most systems, the VPN will not function
-# unless you partially or fully disable
-# the firewall for the TUN/TAP interface.
-;dev tap
-dev tun
-
-# Windows needs the TAP-Win32 adapter name
-# from the Network Connections panel
-# if you have more than one. On XP SP2,
-# you may need to disable the firewall
-# for the TAP adapter.
-;dev-node MyTap
-
-# Are we connecting to a TCP or
-# UDP server? Use the same setting as
-# on the server.
-;proto tcp
-proto udp
-
-# The hostname/IP and port of the server.
-# You can have multiple remote entries
-# to load balance between the servers.
-remote vpn.userrendszerhaz.hu 1194
-
-# Choose a random host from the remote
-# list for load-balancing. Otherwise
-# try hosts in the order specified.
-;remote-random
-
-# Keep trying indefinitely to resolve the
-# host name of the OpenVPN server. Very useful
-# on machines which are not permanently connected
-# to the internet such as laptops.
-resolv-retry infinite
-
-# Most clients don't need to bind to
-# a specific local port number.
-nobind
-
-# Downgrade privileges after initialization (non-Windows only)
-user nobody
-group nobody
-
-# Try to preserve some state across restarts.
-persist-key
-persist-tun
-
-# If you are connecting through an
-# HTTP proxy to reach the actual OpenVPN
-# server, put the proxy server/IP and
-# port number here. See the man page
-# if your proxy server requires
-# authentication.
-;http-proxy-retry # retry on connection failures
-;http-proxy [proxy server] [proxy port #]
-
-# Wireless networks often produce a lot
-# of duplicate packets. Set this flag
-# to silence duplicate packet warnings.
-;mute-replay-warnings
-
-# SSL/TLS parms.
-# See the server config file for more
-# description. It's best to use
-# a separate .crt/.key file pair
-# for each client. A single ca
-# file can be used for all clients.
-;ca ca.crt
-;cert client.crt
-;key client.key
-
-# Verify server certificate by checking that the
-# certificate has the correct key usage set.
-# This is an important precaution to protect against
-# a potential attack discussed here:
-# http://openvpn.net/howto.html#mitm
-#
-# To use this feature, you will need to generate
-# your server certificates with the keyUsage set to
-# digitalSignature, keyEncipherment
-# and the extendedKeyUsage to
-# serverAuth
-# EasyRSA can do this for you.
-remote-cert-tls server
-
-# If a tls-auth key is used on the server
-# then every client must also have the key.
-;tls-auth ta.key 1
-key-direction 1
-
-# Select a cryptographic cipher.
-# If the cipher option is used on the server
-# then you must also specify it here.
-# Note that v2.4 client/server will automatically
-# negotiate AES-256-GCM in TLS mode.
-# See also the data-ciphers option in the manpage
-cipher AES-256-CBC
-
-# Enable compression on the VPN link.
-# Don't enable this unless it is also
-# enabled in the server config file.
-#comp-lzo
-
-# Set log file verbosity.
-verb 3
-
-# Silence repeating messages
-;mute 20
-
-<ca>
------BEGIN CERTIFICATE-----
-MIIDSzCCAjOgAwIBAgIUdc8xO6X2O5dKTboU0VjKk8vxf6UwDQYJKoZIhvcNAQEL
-BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjIwMTI3MTYyMjI1WhcNMzIw
-MTI1MTYyMjI1WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBANfUW/VYGBdUDdq3yGWMD7TDDoXNFX+FaESEj8ad
-KhU3aakSF2bltPSLV0OKh+6H0avL1sPwvgleI7mmHU3PnyOTt4Seeikhcx9ZMLTZ
-NJ5unObrnfCyTOrpg7oQGUfu/eYsF3wAxXkQp/CG3aq++eTc741V3HVoj8slPtqJ
-7wMPMWDOgqENgIitOYD5gA9iywoLthXsIrPtWKy2zo8kUTQ3KE61UOEUa1I9r+3X
-EMM25lCid8I4kPTRU4JMbFvFqM+q3EOhMXeLlzAj6bD0ebmndxUyJLvbDBC5Uk9Q
-4CJsMRFhXTZZVUeCdmzvt4iUBZXN1P9AeM9lYCw4ZOjIknECAwEAAaOBkDCBjTAd
-BgNVHQ4EFgQUSUNbUvgxeLWEdHqNJ9MiH6nUwqUwUQYDVR0jBEowSIAUSUNbUvgx
-eLWEdHqNJ9MiH6nUwqWhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghR1zzE7
-pfY7l0pNuhTRWMqTy/F/pTAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq
-hkiG9w0BAQsFAAOCAQEAn4m1/6ptyMlGlobrZJ1/zpFykrHdlsFU2JbfVKB1Cu3P
-Hz9rJ0ai3du++7TObktNkALQgMy+i6eGH6+EbLp9lazcRRdJPVhJIuhQX9hvzQfk
-F/mM5wRJd6Rg6Cy8SDp0KYPwOM74Xck9ukvIPxdWd6omgu0b0qpruc58P0AW2Tjk
-XIP5YnBTBQGmN7NUzrJ4zWLKEJbOOi/P47oqEwYBGaWquLBsCPq03oDMs8EsGTcO
-90k9S8vgrrZfW4jHfkOmmNepgvt3g4A3g7Y9qYKLQi6vBtDOpK8OWfD6kIXBxqNt
-uSXdVmSwgbCTdXsMU3aEnVEyvgnlw/Wz+tXo+gLb5w==
------END CERTIFICATE-----
-</ca>
-
-<cert>
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 07:42:93:a8:25:71:a4:ae:b0:96:4d:14:d1:e2:ff:22
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:55:26 2022 GMT
- Not After : Jan 25 16:55:26 2032 GMT
- Subject: CN=osweidan
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:c4:fd:94:e9:62:a5:7d:74:92:9a:22:d6:7b:35:
- ff:95:26:e8:d3:bf:1e:ee:96:be:ba:de:2c:31:5a:
- 02:27:6d:ac:42:b4:3a:e0:22:89:63:e3:a3:b5:68:
- 8b:6f:f8:0e:a9:1f:a9:e5:62:d1:b4:39:6c:73:61:
- 89:a1:0e:db:8e:62:21:06:0b:d5:4f:64:10:39:4c:
- 91:f5:05:ca:65:09:82:e7:c6:52:61:7f:ed:de:95:
- bc:8f:23:a3:01:77:c3:2a:1c:75:ff:b9:55:66:a2:
- ae:ff:27:0d:4a:70:8c:b6:4d:f8:bc:65:fd:ff:a8:
- 60:e1:ea:df:64:e9:46:34:71:ec:3b:05:cb:ec:e7:
- a0:bc:39:6c:04:16:f9:0c:2c:c2:4b:4f:aa:80:6b:
- d7:37:68:e9:c4:f2:91:11:5b:33:03:8e:85:67:40:
- 7c:97:36:84:94:15:21:3d:2a:e9:87:81:65:21:fa:
- 27:07:ca:1b:0b:df:fa:eb:34:62:d5:52:fc:b6:00:
- 1a:54:bc:6d:0a:52:70:5e:15:38:ec:ce:dd:62:0c:
- c6:c2:10:7c:b2:a5:8b:18:10:81:f4:b5:9a:38:c4:
- cc:00:fa:de:0b:ca:8b:bc:82:df:2f:9e:84:3b:6a:
- 1e:13:61:c1:72:28:cd:0d:71:1d:97:36:04:2d:c8:
- 50:e1
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 52:89:7A:20:5D:CA:C8:13:92:30:14:B2:BD:6D:FA:8B:FE:73:38:9C
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- 17:99:13:42:f0:60:a8:b3:54:d4:c6:30:12:1e:0f:d3:78:a5:
- c1:1f:54:0e:3f:15:8c:72:60:dd:8e:e4:23:64:4f:5f:a5:7f:
- 12:59:d3:c4:cf:9b:51:98:67:cb:49:a9:99:38:65:09:7f:56:
- 42:08:86:31:e5:48:54:04:82:ac:1b:23:fd:63:b6:49:dd:73:
- 50:af:84:0c:d5:37:6e:47:49:f6:2a:17:0c:c1:08:f9:cf:4f:
- 3f:90:c7:dc:c4:d8:ef:99:ab:f8:12:55:8d:9a:18:4b:2f:9e:
- c8:1f:97:31:83:8a:62:3d:6c:d0:0e:0c:e2:d4:7c:2f:10:37:
- 7e:23:be:7d:f8:59:97:4e:a6:5f:75:ca:6a:a4:f1:ea:b9:41:
- da:fe:be:8f:28:ff:0a:93:17:b0:7a:d2:fe:4e:7a:c7:ed:c2:
- fe:91:93:c8:94:43:ec:74:4f:34:85:6e:7c:72:1d:45:2a:b1:
- b9:bd:3b:d7:d0:b9:4d:54:74:6d:c5:73:03:ad:5c:7d:9d:16:
- bb:28:d4:9c:6e:33:54:65:e5:11:06:b5:a5:e8:e9:dc:b4:95:
- 4b:b4:6b:ef:db:5a:fe:4e:8f:4b:3d:b6:e2:37:fb:78:37:36:
- 9a:a0:26:cc:19:72:e6:26:99:05:e2:6b:a2:6f:d4:86:cb:f5:
- 5c:fe:cc:54
------BEGIN CERTIFICATE-----
-MIIDVjCCAj6gAwIBAgIQB0KTqCVxpK6wlk0U0eL/IjANBgkqhkiG9w0BAQsFADAW
-MRQwEgYDVQQDDAtFYXN5LVJTQSBDQTAeFw0yMjAxMjcxNjU1MjZaFw0zMjAxMjUx
-NjU1MjZaMBMxETAPBgNVBAMMCG9zd2VpZGFuMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEAxP2U6WKlfXSSmiLWezX/lSbo078e7pa+ut4sMVoCJ22sQrQ6
-4CKJY+OjtWiLb/gOqR+p5WLRtDlsc2GJoQ7bjmIhBgvVT2QQOUyR9QXKZQmC58ZS
-YX/t3pW8jyOjAXfDKhx1/7lVZqKu/ycNSnCMtk34vGX9/6hg4erfZOlGNHHsOwXL
-7OegvDlsBBb5DCzCS0+qgGvXN2jpxPKREVszA46FZ0B8lzaElBUhPSrph4FlIfon
-B8obC9/66zRi1VL8tgAaVLxtClJwXhU47M7dYgzGwhB8sqWLGBCB9LWaOMTMAPre
-C8qLvILfL56EO2oeE2HBcijNDXEdlzYELchQ4QIDAQABo4GiMIGfMAkGA1UdEwQC
-MAAwHQYDVR0OBBYEFFKJeiBdysgTkjAUsr1t+ov+czicMFEGA1UdIwRKMEiAFElD
-W1L4MXi1hHR6jSfTIh+p1MKloRqkGDAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQYIU
-dc8xO6X2O5dKTboU0VjKk8vxf6UwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0P
-BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQAXmRNC8GCos1TUxjASHg/TeKXBH1QO
-PxWMcmDdjuQjZE9fpX8SWdPEz5tRmGfLSamZOGUJf1ZCCIYx5UhUBIKsGyP9Y7ZJ
-3XNQr4QM1TduR0n2KhcMwQj5z08/kMfcxNjvmav4ElWNmhhLL57IH5cxg4piPWzQ
-Dgzi1HwvEDd+I759+FmXTqZfdcpqpPHquUHa/r6PKP8KkxewetL+TnrH7cL+kZPI
-lEPsdE80hW58ch1FKrG5vTvX0LlNVHRtxXMDrVx9nRa7KNScbjNUZeURBrWl6Onc
-tJVLtGvv21r+To9LPbbiN/t4NzaaoCbMGXLmJpkF4muib9SGy/Vc/sxU
------END CERTIFICATE-----
-</cert>
-
-<key>
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDE/ZTpYqV9dJKa
-ItZ7Nf+VJujTvx7ulr663iwxWgInbaxCtDrgIolj46O1aItv+A6pH6nlYtG0OWxz
-YYmhDtuOYiEGC9VPZBA5TJH1BcplCYLnxlJhf+3elbyPI6MBd8MqHHX/uVVmoq7/
-Jw1KcIy2Tfi8Zf3/qGDh6t9k6UY0cew7Bcvs56C8OWwEFvkMLMJLT6qAa9c3aOnE
-8pERWzMDjoVnQHyXNoSUFSE9KumHgWUh+icHyhsL3/rrNGLVUvy2ABpUvG0KUnBe
-FTjszt1iDMbCEHyypYsYEIH0tZo4xMwA+t4Lyou8gt8vnoQ7ah4TYcFyKM0NcR2X
-NgQtyFDhAgMBAAECggEAZSp55FXl+YT5mTEVB1fW90lxPvWjNBK0xxE8jufTvV4E
-nokix2LVPjh1JcAYBBvXo6GARi621aC8ApFv9gfEV94raYiANvKDpnmdZ8FejP8S
-fGeMfUgO6EXr/XLmzuUrlJ/jNb5/jmM0DhOHLtiYWzO170NN65MUllFiAtgOVvXX
-8N/scDs85X9wTYoDZ38UQXdGMWpbvdgaGsWUSUrag87MvJa3zLCVbrRfOxTSIpCf
-l+U1L22x/6l2pRhiG/1k8JTl4Ns3kclTs2otZXiBOQLymayNx16g0Qwbo6/rmlYH
-opLM0D+zfu8N8L60IDFgGoTUE3wvn3JOTtcjXb+2wQKBgQDpYIz6CNP7+Dugh9ao
-DrYWR9njP4NMLfqqVXaHf6qYVRAaM6iyE+SXs5QBdiLKhClKq9+XZ65muvH2RuSV
-V5DqL733ZJhr86bWz9SPLOSir01PWsmwjBm3D4quGsuvH/tJAt0kNzRktHsPr00W
-qW91DRZNp+9Jt2zUCAG7Kq8+yQKBgQDYFhEvDL/Oxr4E1AgGEsPDGBGVzvD6JVa6
-4GZvfBwzw/S6aqSLKnhAcYhAZ4VesFMuVQ57W5nACNPdqejeAFgapeLMLTeeBLxe
-H4vMSrZvDCJPq/tPhkQ1FxTdDHHYdbbWvUNIN5Gov9QsY5WzpXwu2wI5Mop6yCmm
-jQ5QUo0VWQKBgQCUQjQNO8J/1gj7SJCDnyTqLqcrCNQ+dw9BWp28IsybjZ53Js5K
-ovybqwehjg04HpGk0F9w7fsLZEQGsq7QeRqky8OhAJUcL2OUH9/nPRvahgdVHFX5
-BGfptcPiKz+ud2DJ1znpofB08XskUbdlaCpYcAH1P3RynkZSxOtkng9KkQKBgC1S
-o5QMxoZmZSC6IFy1vt3CxJ15ZE3zWvejbZjgnUG2TjRzfcO6yrIpnfx0OiMcNLY5
-HOp+0gbXUyjhJHi79b7RIHrW2R2JvMC5OSdGXHF6SBAR8IpDjTbdeoDKxW4zcoAj
-/mK9VQ3h/my5DoM5qIxjX1oD4cvTA/ltCJ2MUw8xAoGBAMTxTljV/UcPki5qZX7F
-OoZu450hmuxZ3D/eaQPQHiUJXkK3hNRoNjs1tk4mZR5g1piczvPGOwbXblY0YXaJ
-58PQE0eUjAQ5XrWofBAQ0FPeUA6/F4GABNbrI+B8BfuHBDsK0x41OhvS2JcQ0N+Y
-Zp2QP2kMgaSuFw60va9ST1DS
------END PRIVATE KEY-----
-</key>
-
-<tls-auth>
-#
-# 2048 bit OpenVPN static key
-#
------BEGIN OpenVPN Static key V1-----
-7a5f3c2dd505666b595d6a03a6d627e1
-9babefe23197dc2181a7d1c00b3f5fd6
-7f28ea49abf33ea7422e0ab63c9eae14
-261ce5c099dd27ae26ba9b70b87737fa
-313a21b5e9d99ae382649eb1d0344703
-5a3b99fb9a1cddf03a89aed78fd3be92
-37ba0fa96e49814ea45495148a6552b4
-5f85d6fcc38fe88fbf8f86e0a0e33894
-89c418f65d4c8fc04ca6e59c61024995
-50547f35e5a7985d6415a7304d9340fd
-9f7ff6bb6f063a745fc3d656f275e07c
-8486233627fb96b8d798fbe8d2f8171d
-afc8bf5677ebef7ab1d80c8495d7262b
-c20efbdcc8645b48b68d6a537d9fb3f3
-03e345699bea11b99d9ace6fa5cd1e1d
-5d0951970c379d3e0b28bcaf453c2700
------END OpenVPN Static key V1-----
-</tls-auth>
+++ /dev/null
-##############################################
-# Sample client-side OpenVPN 2.0 config file #
-# for connecting to multi-client server. #
-# #
-# This configuration can be used by multiple #
-# clients, however each client should have #
-# its own cert and key files. #
-# #
-# On Windows, you might want to rename this #
-# file so it has a .ovpn extension #
-##############################################
-
-# Specify that we are a client and that we
-# will be pulling certain config file directives
-# from the server.
-client
-
-# Use the same setting as you are using on
-# the server.
-# On most systems, the VPN will not function
-# unless you partially or fully disable
-# the firewall for the TUN/TAP interface.
-;dev tap
-dev tun
-
-# Windows needs the TAP-Win32 adapter name
-# from the Network Connections panel
-# if you have more than one. On XP SP2,
-# you may need to disable the firewall
-# for the TAP adapter.
-;dev-node MyTap
-
-# Are we connecting to a TCP or
-# UDP server? Use the same setting as
-# on the server.
-;proto tcp
-proto udp
-
-# The hostname/IP and port of the server.
-# You can have multiple remote entries
-# to load balance between the servers.
-remote vpn.userrendszerhaz.hu 1194
-
-# Choose a random host from the remote
-# list for load-balancing. Otherwise
-# try hosts in the order specified.
-;remote-random
-
-# Keep trying indefinitely to resolve the
-# host name of the OpenVPN server. Very useful
-# on machines which are not permanently connected
-# to the internet such as laptops.
-resolv-retry infinite
-
-# Most clients don't need to bind to
-# a specific local port number.
-nobind
-
-# Downgrade privileges after initialization (non-Windows only)
-user nobody
-group nobody
-
-# Try to preserve some state across restarts.
-persist-key
-persist-tun
-
-# If you are connecting through an
-# HTTP proxy to reach the actual OpenVPN
-# server, put the proxy server/IP and
-# port number here. See the man page
-# if your proxy server requires
-# authentication.
-;http-proxy-retry # retry on connection failures
-;http-proxy [proxy server] [proxy port #]
-
-# Wireless networks often produce a lot
-# of duplicate packets. Set this flag
-# to silence duplicate packet warnings.
-;mute-replay-warnings
-
-# SSL/TLS parms.
-# See the server config file for more
-# description. It's best to use
-# a separate .crt/.key file pair
-# for each client. A single ca
-# file can be used for all clients.
-;ca ca.crt
-;cert client.crt
-;key client.key
-
-# Verify server certificate by checking that the
-# certificate has the correct key usage set.
-# This is an important precaution to protect against
-# a potential attack discussed here:
-# http://openvpn.net/howto.html#mitm
-#
-# To use this feature, you will need to generate
-# your server certificates with the keyUsage set to
-# digitalSignature, keyEncipherment
-# and the extendedKeyUsage to
-# serverAuth
-# EasyRSA can do this for you.
-remote-cert-tls server
-
-# If a tls-auth key is used on the server
-# then every client must also have the key.
-;tls-auth ta.key 1
-key-direction 1
-
-# Select a cryptographic cipher.
-# If the cipher option is used on the server
-# then you must also specify it here.
-# Note that v2.4 client/server will automatically
-# negotiate AES-256-GCM in TLS mode.
-# See also the data-ciphers option in the manpage
-cipher AES-256-CBC
-
-# Enable compression on the VPN link.
-# Don't enable this unless it is also
-# enabled in the server config file.
-#comp-lzo
-
-# Set log file verbosity.
-verb 3
-
-# Silence repeating messages
-;mute 20
-
-<ca>
------BEGIN CERTIFICATE-----
-MIIDSzCCAjOgAwIBAgIUdc8xO6X2O5dKTboU0VjKk8vxf6UwDQYJKoZIhvcNAQEL
-BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjIwMTI3MTYyMjI1WhcNMzIw
-MTI1MTYyMjI1WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBANfUW/VYGBdUDdq3yGWMD7TDDoXNFX+FaESEj8ad
-KhU3aakSF2bltPSLV0OKh+6H0avL1sPwvgleI7mmHU3PnyOTt4Seeikhcx9ZMLTZ
-NJ5unObrnfCyTOrpg7oQGUfu/eYsF3wAxXkQp/CG3aq++eTc741V3HVoj8slPtqJ
-7wMPMWDOgqENgIitOYD5gA9iywoLthXsIrPtWKy2zo8kUTQ3KE61UOEUa1I9r+3X
-EMM25lCid8I4kPTRU4JMbFvFqM+q3EOhMXeLlzAj6bD0ebmndxUyJLvbDBC5Uk9Q
-4CJsMRFhXTZZVUeCdmzvt4iUBZXN1P9AeM9lYCw4ZOjIknECAwEAAaOBkDCBjTAd
-BgNVHQ4EFgQUSUNbUvgxeLWEdHqNJ9MiH6nUwqUwUQYDVR0jBEowSIAUSUNbUvgx
-eLWEdHqNJ9MiH6nUwqWhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghR1zzE7
-pfY7l0pNuhTRWMqTy/F/pTAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq
-hkiG9w0BAQsFAAOCAQEAn4m1/6ptyMlGlobrZJ1/zpFykrHdlsFU2JbfVKB1Cu3P
-Hz9rJ0ai3du++7TObktNkALQgMy+i6eGH6+EbLp9lazcRRdJPVhJIuhQX9hvzQfk
-F/mM5wRJd6Rg6Cy8SDp0KYPwOM74Xck9ukvIPxdWd6omgu0b0qpruc58P0AW2Tjk
-XIP5YnBTBQGmN7NUzrJ4zWLKEJbOOi/P47oqEwYBGaWquLBsCPq03oDMs8EsGTcO
-90k9S8vgrrZfW4jHfkOmmNepgvt3g4A3g7Y9qYKLQi6vBtDOpK8OWfD6kIXBxqNt
-uSXdVmSwgbCTdXsMU3aEnVEyvgnlw/Wz+tXo+gLb5w==
------END CERTIFICATE-----
-</ca>
-
-<cert>
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 73:44:69:33:9d:70:f8:2e:cc:af:44:62:a8:c4:d2:32
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:52:17 2022 GMT
- Not After : Jan 25 16:52:17 2032 GMT
- Subject: CN=qqcs
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:b9:83:80:30:d8:21:63:c5:f1:85:af:0d:2a:af:
- b6:c8:50:03:6e:6c:1c:55:28:b2:9d:59:1d:42:0b:
- f9:42:ea:38:d6:3d:1b:2f:9e:c2:c4:91:d8:0e:56:
- 28:03:5f:a8:a9:bf:6a:d7:9f:22:78:b8:cb:f5:7e:
- da:c0:bb:56:b7:25:a1:84:af:19:70:c3:27:fc:33:
- 82:01:71:76:25:a3:6e:bb:d6:a3:71:1b:4a:48:51:
- 3d:6a:c6:36:28:05:88:01:3c:6a:45:b5:a3:46:f1:
- 8b:bf:49:52:80:c6:30:fd:a3:4c:36:22:f0:b5:22:
- fe:05:0d:8f:8d:14:0b:67:3d:95:4f:56:d3:88:a6:
- a3:a7:56:52:86:ad:7b:a9:03:e8:39:50:18:7d:79:
- d0:9c:c7:24:4b:02:75:60:95:60:0f:92:a5:44:7a:
- 7c:6b:ec:77:29:ac:6f:a9:7f:7d:ee:06:9c:36:d5:
- 8c:fe:34:f5:c0:52:6c:4e:26:c9:4c:e6:17:02:41:
- 89:f7:5e:83:51:eb:2c:59:c1:e0:96:6d:7b:57:7f:
- f7:d6:df:59:59:5a:c2:23:5b:7c:f6:f9:41:ec:fa:
- 5a:6c:a7:41:2c:5e:c6:a1:50:3f:c2:4c:a9:ee:60:
- d1:10:af:e3:99:c3:2d:c5:dc:cd:ac:ee:8e:c6:92:
- 16:33
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- E5:15:40:45:95:37:CC:FA:F8:7F:B7:70:67:A8:23:62:31:B6:58:35
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- 1b:08:06:e9:01:65:f8:ff:f8:52:03:4c:f4:e3:da:41:7a:b1:
- e3:af:78:f3:ba:0d:7a:28:68:71:ef:fe:db:ef:8d:eb:c9:5f:
- 18:c2:0c:36:48:2e:b3:38:f1:21:09:d4:21:11:4a:21:4d:3b:
- 6c:c0:cb:2a:55:c9:59:5e:e9:03:e9:ca:af:c3:46:86:68:96:
- 3b:2a:1a:41:a9:d0:f1:f5:21:78:45:ab:70:d9:a5:7d:58:9d:
- 3b:cb:39:3a:d5:17:39:cb:9a:21:fa:b1:01:c2:4e:12:35:48:
- a2:d4:0f:06:d1:ca:37:98:3e:0b:51:a2:bf:34:ff:d1:28:86:
- 3d:34:1a:25:a8:5d:0d:08:03:d9:80:26:e7:9b:9a:31:a2:d0:
- b8:26:1f:b6:60:d8:50:8b:a2:aa:6b:61:94:9d:56:b9:6e:c4:
- 02:b7:45:91:6b:fb:45:ae:62:00:cd:54:37:07:82:10:1c:bf:
- 4c:73:ff:53:ff:f8:0f:67:43:9d:a7:27:1c:4b:51:01:27:cf:
- 0a:8d:8f:84:49:85:3c:c4:59:1e:23:9a:2f:2d:71:03:a3:b4:
- 3a:59:2d:6b:d5:ec:c0:0f:8b:95:79:b6:71:50:4a:e7:13:6e:
- 49:59:fc:4f:e7:df:8a:40:23:32:41:f4:28:54:4e:43:ef:16:
- 24:f2:f1:8d
------BEGIN CERTIFICATE-----
-MIIDUjCCAjqgAwIBAgIQc0RpM51w+C7Mr0RiqMTSMjANBgkqhkiG9w0BAQsFADAW
-MRQwEgYDVQQDDAtFYXN5LVJTQSBDQTAeFw0yMjAxMjcxNjUyMTdaFw0zMjAxMjUx
-NjUyMTdaMA8xDTALBgNVBAMMBHFxY3MwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQC5g4Aw2CFjxfGFrw0qr7bIUANubBxVKLKdWR1CC/lC6jjWPRsvnsLE
-kdgOVigDX6ipv2rXnyJ4uMv1ftrAu1a3JaGErxlwwyf8M4IBcXYlo2671qNxG0pI
-UT1qxjYoBYgBPGpFtaNG8Yu/SVKAxjD9o0w2IvC1Iv4FDY+NFAtnPZVPVtOIpqOn
-VlKGrXupA+g5UBh9edCcxyRLAnVglWAPkqVEenxr7HcprG+pf33uBpw21Yz+NPXA
-UmxOJslM5hcCQYn3XoNR6yxZweCWbXtXf/fW31lZWsIjW3z2+UHs+lpsp0EsXsah
-UD/CTKnuYNEQr+OZwy3F3M2s7o7GkhYzAgMBAAGjgaIwgZ8wCQYDVR0TBAIwADAd
-BgNVHQ4EFgQU5RVARZU3zPr4f7dwZ6gjYjG2WDUwUQYDVR0jBEowSIAUSUNbUvgx
-eLWEdHqNJ9MiH6nUwqWhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghR1zzE7
-pfY7l0pNuhTRWMqTy/F/pTATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMC
-B4AwDQYJKoZIhvcNAQELBQADggEBABsIBukBZfj/+FIDTPTj2kF6seOvePO6DXoo
-aHHv/tvvjevJXxjCDDZILrM48SEJ1CERSiFNO2zAyypVyVle6QPpyq/DRoZoljsq
-GkGp0PH1IXhFq3DZpX1YnTvLOTrVFznLmiH6sQHCThI1SKLUDwbRyjeYPgtRor80
-/9Eohj00GiWoXQ0IA9mAJuebmjGi0LgmH7Zg2FCLoqprYZSdVrluxAK3RZFr+0Wu
-YgDNVDcHghAcv0xz/1P/+A9nQ52nJxxLUQEnzwqNj4RJhTzEWR4jmi8tcQOjtDpZ
-LWvV7MAPi5V5tnFQSucTbklZ/E/n34pAIzJB9ChUTkPvFiTy8Y0=
------END CERTIFICATE-----
-</cert>
-
-<key>
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC5g4Aw2CFjxfGF
-rw0qr7bIUANubBxVKLKdWR1CC/lC6jjWPRsvnsLEkdgOVigDX6ipv2rXnyJ4uMv1
-ftrAu1a3JaGErxlwwyf8M4IBcXYlo2671qNxG0pIUT1qxjYoBYgBPGpFtaNG8Yu/
-SVKAxjD9o0w2IvC1Iv4FDY+NFAtnPZVPVtOIpqOnVlKGrXupA+g5UBh9edCcxyRL
-AnVglWAPkqVEenxr7HcprG+pf33uBpw21Yz+NPXAUmxOJslM5hcCQYn3XoNR6yxZ
-weCWbXtXf/fW31lZWsIjW3z2+UHs+lpsp0EsXsahUD/CTKnuYNEQr+OZwy3F3M2s
-7o7GkhYzAgMBAAECggEBAImf17rkrCijkWDWk5MGVjhWu6TwiThX/+IhWUZFMb8F
-mfK91GxIgD9p3voLypVuIucDPZUG1oDuv0i5ujlfAZ7PSPrxF5ODBCfiYmEFtluH
-2j95pTjkwP/TXRfYQhcAu3wHQOPEM4QO79iR4aXs4i1YNtK2qxIGCqLfA47qvubw
-EEgrqx+4vfCehT4o5FDoCzyFlZX0wah3KKUBw2anCf8bdSuiWkRT4jpGeST4R2Yc
-V45iNHgzv3Y3renxuAKUH4ZD0BE9cVLu5L6HCl54N00INOGO/dzZfg2PI7rxjieC
-xKeU5xHsPS37ZrmeT5qcexQCZHph+Y+lGBuIhbRWzPkCgYEA9OFUKTBz465ZJHng
-8KzK8cj3BACIIGHAmAMRQTpYpw3fVN5VX/Z66G2h2rxTNWuiCcmUnITbT4NRcs44
-AnekUnSEG2L7cyp92oGeTrqXAbhDdZwYXHN05mQPabsh3pSirVyx8KyVltU2JaIa
-GiwLE4Dmu8DJ1FfSZb8igMZDND8CgYEAwfANECZLDpFbjDPuVCQ+P5apAjrfJUT3
-uacB5fND+EJuZ2XeUA0XrHkNAx0iMVbizqNvq7tPIXyGdTaI1+xNkSvqwUnrqUVR
-V0VO6lNpo8v8DhYBEus9jKT4EEuSrc73wToi/nA24YJ6RtWeJMghuDr/0vWe79lz
-tewj8wQ/0Q0CgYAOKkajB1F81yYC7SXs5iHrMJPRYHJ/ZQguAudpnYVpTG0hzKal
-oW1kqorVS1WI3owGAuocz7ab992rRXCJ+/++YU0PBH/FHq0fCaZtqW94wv7r+7aR
-CoC1nw4hMJj59iEe5CDK6kDQ885pCOJ3pxqQ60DtlW5XYSkjh5XoWw+iIwKBgBtU
-zUJ9Yw6GhbRYjTnmca9ceC0MRu5lrdPIKYhSpD2UfyKrRI1biv6PgLnznSH+8K/W
-cKJvH1PEzN4v9VEYyEWxPsBGvqN4VWJLLjfv0W94C+mgSD52UJJFnYAOZnmANYJR
-wyTAg7t8O+dHq6XbXoUsK2l7nA6JQrlcsiRJcQTxAoGACpeisPQfNaqQIOmMvRVy
-EX8WIyYqOEzmqlCogodUHQEfQtbC31BkU1NrnH0HOXJTPa8Yvq40Phty1ahXVpCk
-/5+VPjzAj6SKD5whq5oZe/3wAL0NHCcPqnyU+5/mTJpwTKM/1L36T+vYBRMzpk5u
-dHr9d4JiY4L4RET03fg9E3w=
------END PRIVATE KEY-----
-</key>
-
-<tls-auth>
-#
-# 2048 bit OpenVPN static key
-#
------BEGIN OpenVPN Static key V1-----
-7a5f3c2dd505666b595d6a03a6d627e1
-9babefe23197dc2181a7d1c00b3f5fd6
-7f28ea49abf33ea7422e0ab63c9eae14
-261ce5c099dd27ae26ba9b70b87737fa
-313a21b5e9d99ae382649eb1d0344703
-5a3b99fb9a1cddf03a89aed78fd3be92
-37ba0fa96e49814ea45495148a6552b4
-5f85d6fcc38fe88fbf8f86e0a0e33894
-89c418f65d4c8fc04ca6e59c61024995
-50547f35e5a7985d6415a7304d9340fd
-9f7ff6bb6f063a745fc3d656f275e07c
-8486233627fb96b8d798fbe8d2f8171d
-afc8bf5677ebef7ab1d80c8495d7262b
-c20efbdcc8645b48b68d6a537d9fb3f3
-03e345699bea11b99d9ace6fa5cd1e1d
-5d0951970c379d3e0b28bcaf453c2700
------END OpenVPN Static key V1-----
-</tls-auth>
+++ /dev/null
-##############################################
-# Sample client-side OpenVPN 2.0 config file #
-# for connecting to multi-client server. #
-# #
-# This configuration can be used by multiple #
-# clients, however each client should have #
-# its own cert and key files. #
-# #
-# On Windows, you might want to rename this #
-# file so it has a .ovpn extension #
-##############################################
-
-# Specify that we are a client and that we
-# will be pulling certain config file directives
-# from the server.
-client
-
-# Use the same setting as you are using on
-# the server.
-# On most systems, the VPN will not function
-# unless you partially or fully disable
-# the firewall for the TUN/TAP interface.
-;dev tap
-dev tun
-
-# Windows needs the TAP-Win32 adapter name
-# from the Network Connections panel
-# if you have more than one. On XP SP2,
-# you may need to disable the firewall
-# for the TAP adapter.
-;dev-node MyTap
-
-# Are we connecting to a TCP or
-# UDP server? Use the same setting as
-# on the server.
-;proto tcp
-proto udp
-
-# The hostname/IP and port of the server.
-# You can have multiple remote entries
-# to load balance between the servers.
-remote vpn.userrendszerhaz.hu 1194
-
-# Choose a random host from the remote
-# list for load-balancing. Otherwise
-# try hosts in the order specified.
-;remote-random
-
-# Keep trying indefinitely to resolve the
-# host name of the OpenVPN server. Very useful
-# on machines which are not permanently connected
-# to the internet such as laptops.
-resolv-retry infinite
-
-# Most clients don't need to bind to
-# a specific local port number.
-nobind
-
-# Downgrade privileges after initialization (non-Windows only)
-user nobody
-group nobody
-
-# Try to preserve some state across restarts.
-persist-key
-persist-tun
-
-# If you are connecting through an
-# HTTP proxy to reach the actual OpenVPN
-# server, put the proxy server/IP and
-# port number here. See the man page
-# if your proxy server requires
-# authentication.
-;http-proxy-retry # retry on connection failures
-;http-proxy [proxy server] [proxy port #]
-
-# Wireless networks often produce a lot
-# of duplicate packets. Set this flag
-# to silence duplicate packet warnings.
-;mute-replay-warnings
-
-# SSL/TLS parms.
-# See the server config file for more
-# description. It's best to use
-# a separate .crt/.key file pair
-# for each client. A single ca
-# file can be used for all clients.
-;ca ca.crt
-;cert client.crt
-;key client.key
-
-# Verify server certificate by checking that the
-# certificate has the correct key usage set.
-# This is an important precaution to protect against
-# a potential attack discussed here:
-# http://openvpn.net/howto.html#mitm
-#
-# To use this feature, you will need to generate
-# your server certificates with the keyUsage set to
-# digitalSignature, keyEncipherment
-# and the extendedKeyUsage to
-# serverAuth
-# EasyRSA can do this for you.
-remote-cert-tls server
-
-# If a tls-auth key is used on the server
-# then every client must also have the key.
-;tls-auth ta.key 1
-key-direction 1
-
-# Select a cryptographic cipher.
-# If the cipher option is used on the server
-# then you must also specify it here.
-# Note that v2.4 client/server will automatically
-# negotiate AES-256-GCM in TLS mode.
-# See also the data-ciphers option in the manpage
-cipher AES-256-CBC
-
-# Enable compression on the VPN link.
-# Don't enable this unless it is also
-# enabled in the server config file.
-#comp-lzo
-
-# Set log file verbosity.
-verb 3
-
-# Silence repeating messages
-;mute 20
-
-<ca>
------BEGIN CERTIFICATE-----
-MIIDSzCCAjOgAwIBAgIUdc8xO6X2O5dKTboU0VjKk8vxf6UwDQYJKoZIhvcNAQEL
-BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjIwMTI3MTYyMjI1WhcNMzIw
-MTI1MTYyMjI1WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBANfUW/VYGBdUDdq3yGWMD7TDDoXNFX+FaESEj8ad
-KhU3aakSF2bltPSLV0OKh+6H0avL1sPwvgleI7mmHU3PnyOTt4Seeikhcx9ZMLTZ
-NJ5unObrnfCyTOrpg7oQGUfu/eYsF3wAxXkQp/CG3aq++eTc741V3HVoj8slPtqJ
-7wMPMWDOgqENgIitOYD5gA9iywoLthXsIrPtWKy2zo8kUTQ3KE61UOEUa1I9r+3X
-EMM25lCid8I4kPTRU4JMbFvFqM+q3EOhMXeLlzAj6bD0ebmndxUyJLvbDBC5Uk9Q
-4CJsMRFhXTZZVUeCdmzvt4iUBZXN1P9AeM9lYCw4ZOjIknECAwEAAaOBkDCBjTAd
-BgNVHQ4EFgQUSUNbUvgxeLWEdHqNJ9MiH6nUwqUwUQYDVR0jBEowSIAUSUNbUvgx
-eLWEdHqNJ9MiH6nUwqWhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghR1zzE7
-pfY7l0pNuhTRWMqTy/F/pTAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq
-hkiG9w0BAQsFAAOCAQEAn4m1/6ptyMlGlobrZJ1/zpFykrHdlsFU2JbfVKB1Cu3P
-Hz9rJ0ai3du++7TObktNkALQgMy+i6eGH6+EbLp9lazcRRdJPVhJIuhQX9hvzQfk
-F/mM5wRJd6Rg6Cy8SDp0KYPwOM74Xck9ukvIPxdWd6omgu0b0qpruc58P0AW2Tjk
-XIP5YnBTBQGmN7NUzrJ4zWLKEJbOOi/P47oqEwYBGaWquLBsCPq03oDMs8EsGTcO
-90k9S8vgrrZfW4jHfkOmmNepgvt3g4A3g7Y9qYKLQi6vBtDOpK8OWfD6kIXBxqNt
-uSXdVmSwgbCTdXsMU3aEnVEyvgnlw/Wz+tXo+gLb5w==
------END CERTIFICATE-----
-</ca>
-
-<cert>
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- c2:28:3c:ff:fa:8e:dc:f7:39:52:42:b1:f3:82:40:74
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:56:00 2022 GMT
- Not After : Jan 25 16:56:00 2032 GMT
- Subject: CN=rrendek
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:f3:4f:9c:e7:ba:7f:36:4f:1d:ac:7a:c7:d0:6c:
- 59:f4:c2:e8:07:a3:d2:f1:ba:7b:e7:75:96:91:47:
- 02:ac:53:d5:40:1b:43:25:ad:b9:15:b5:e5:b0:c0:
- 90:42:74:47:a5:92:b0:f5:1c:fb:02:a9:0e:bd:9d:
- b2:6d:85:95:2a:2b:95:51:9b:4e:14:22:45:bc:ab:
- 23:df:76:e3:1a:f6:b7:27:a2:f0:e5:49:88:04:dc:
- cb:7d:a0:4e:2b:8d:56:97:59:e9:4e:dc:f7:9f:41:
- 2e:16:ef:75:59:db:e9:9c:59:3e:e5:3f:05:a7:aa:
- 0d:01:bc:db:f8:03:e1:b1:d6:4b:70:18:1b:5e:10:
- 05:a6:28:99:59:e5:a5:38:17:a9:92:95:ba:74:84:
- cf:20:d4:e4:e4:26:4f:82:6d:3b:aa:51:d4:2e:4e:
- c8:99:63:3a:bb:dd:ee:5d:e9:1c:ab:4b:54:a3:df:
- 48:54:c0:7e:20:85:a1:4f:0a:93:3e:94:90:90:92:
- f3:dc:73:94:16:3d:99:6e:57:82:98:87:8c:f8:15:
- 0c:1e:35:6f:48:47:ed:15:3f:e4:06:98:04:f1:af:
- 27:3d:af:25:10:aa:46:79:4e:00:ce:d4:bf:70:1f:
- 2f:60:4b:a1:77:be:68:ff:36:4a:5f:60:ff:2e:cf:
- ef:d5
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 20:87:C3:77:30:AC:3B:C2:8A:77:02:A3:86:B8:C0:A4:44:7D:33:FD
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- 10:48:0c:b5:7b:c8:7f:51:e4:53:31:e9:c0:88:8a:da:55:2e:
- e2:3b:ee:5f:20:bf:b1:ce:c8:0b:90:f5:d3:99:cf:b0:96:8b:
- 63:9b:0a:ba:9b:2f:7b:d0:27:29:8b:67:b7:b2:85:d4:e6:26:
- 6a:06:9f:27:f5:c0:a1:d9:35:39:51:89:82:18:b7:d4:25:72:
- d5:a1:5f:56:65:37:15:e9:f6:8a:6f:03:6d:59:b7:8c:17:44:
- f9:09:c3:71:3f:5d:e0:25:99:22:c4:32:41:a0:8b:93:02:47:
- 14:ff:eb:df:1b:0b:d8:7e:ea:d8:d9:40:33:c6:ca:b2:f2:c6:
- 53:89:90:b1:4a:5a:68:44:a1:18:df:af:1b:fc:b7:b7:04:20:
- 36:61:e0:44:0d:9f:95:ed:f7:59:d7:a6:22:5a:0f:82:bf:5a:
- aa:5a:fd:3c:77:0e:82:e6:ac:f3:b8:5d:26:62:55:66:06:3d:
- cc:0a:22:09:dd:18:ec:98:eb:e9:f2:c5:43:85:f9:d8:43:82:
- a8:ed:0e:19:0d:43:95:d9:ee:17:93:b4:ad:da:2a:b3:10:cf:
- 52:74:50:2b:3d:8a:06:bd:31:52:38:07:85:dd:ca:9b:cb:97:
- fb:ad:e6:a0:78:23:93:5c:22:5d:b9:d1:0f:55:32:07:d7:df:
- c0:db:e5:05
------BEGIN CERTIFICATE-----
-MIIDVjCCAj6gAwIBAgIRAMIoPP/6jtz3OVJCsfOCQHQwDQYJKoZIhvcNAQELBQAw
-FjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjIwMTI3MTY1NjAwWhcNMzIwMTI1
-MTY1NjAwWjASMRAwDgYDVQQDDAdycmVuZGVrMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEA80+c57p/Nk8drHrH0GxZ9MLoB6PS8bp753WWkUcCrFPVQBtD
-Ja25FbXlsMCQQnRHpZKw9Rz7AqkOvZ2ybYWVKiuVUZtOFCJFvKsj33bjGva3J6Lw
-5UmIBNzLfaBOK41Wl1npTtz3n0EuFu91WdvpnFk+5T8Fp6oNAbzb+APhsdZLcBgb
-XhAFpiiZWeWlOBepkpW6dITPINTk5CZPgm07qlHULk7ImWM6u93uXekcq0tUo99I
-VMB+IIWhTwqTPpSQkJLz3HOUFj2ZbleCmIeM+BUMHjVvSEftFT/kBpgE8a8nPa8l
-EKpGeU4AztS/cB8vYEuhd75o/zZKX2D/Ls/v1QIDAQABo4GiMIGfMAkGA1UdEwQC
-MAAwHQYDVR0OBBYEFCCHw3cwrDvCincCo4a4wKREfTP9MFEGA1UdIwRKMEiAFElD
-W1L4MXi1hHR6jSfTIh+p1MKloRqkGDAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQYIU
-dc8xO6X2O5dKTboU0VjKk8vxf6UwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0P
-BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQAQSAy1e8h/UeRTMenAiIraVS7iO+5f
-IL+xzsgLkPXTmc+wlotjmwq6my970Ccpi2e3soXU5iZqBp8n9cCh2TU5UYmCGLfU
-JXLVoV9WZTcV6faKbwNtWbeMF0T5CcNxP13gJZkixDJBoIuTAkcU/+vfGwvYfurY
-2UAzxsqy8sZTiZCxSlpoRKEY368b/Le3BCA2YeBEDZ+V7fdZ16YiWg+Cv1qqWv08
-dw6C5qzzuF0mYlVmBj3MCiIJ3RjsmOvp8sVDhfnYQ4Ko7Q4ZDUOV2e4Xk7St2iqz
-EM9SdFArPYoGvTFSOAeF3cqby5f7reageCOTXCJdudEPVTIH19/A2+UF
------END CERTIFICATE-----
-</cert>
-
-<key>
------BEGIN PRIVATE KEY-----
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDzT5znun82Tx2s
-esfQbFn0wugHo9LxunvndZaRRwKsU9VAG0MlrbkVteWwwJBCdEelkrD1HPsCqQ69
-nbJthZUqK5VRm04UIkW8qyPfduMa9rcnovDlSYgE3Mt9oE4rjVaXWelO3PefQS4W
-73VZ2+mcWT7lPwWnqg0BvNv4A+Gx1ktwGBteEAWmKJlZ5aU4F6mSlbp0hM8g1OTk
-Jk+CbTuqUdQuTsiZYzq73e5d6RyrS1Sj30hUwH4ghaFPCpM+lJCQkvPcc5QWPZlu
-V4KYh4z4FQweNW9IR+0VP+QGmATxryc9ryUQqkZ5TgDO1L9wHy9gS6F3vmj/Nkpf
-YP8uz+/VAgMBAAECggEBAKuDdYHMb5xjDPHm4y/DEW5+bn3kN/D6mhlBRNBIFFRS
-DENSdHT9DzmErdN5Crgtq8vFqkQ/F5p6fc+geITH46yEaI/MQK/ksPAcW/9MmS8K
-t3WTYOjgeqei1TdLZ48/5MhwMwzKqytyEQFN75VWdkkmiDWlxWC5eM2+yfj9E339
-x/Ed7UyNGTeL6gdFdDUXwNmPBYWhO/0YFeWlMLS9I0wF1NL9GaoHNdmeGh6usjKk
-zDFM+PmrRC5kZJH3Un3Qd0fD2hUvwppAtw5/+IAwg98TOVKdh0ZCCWgERV0YvTkC
-Bzlos3JDv0PH2kJbv0xkzjSsfcbd15GkCxMwpIDh2EECgYEA/GOVoh5MU1RlU5lS
-eSuo/w96ceuZybE0FUku2UdRf0j6nyOIknsgbypDpQop1DGSZNgc7msBMbaUObTt
-OoDmPCUQF3GEDQj0swwgMjLgA5UYL38T7eVGYIO7nR1uuNfKpZqga8xHy9JoQt7t
-8LuX5G+EdULi2Z04rD96XuTiNa0CgYEA9srHWbomGfYli59OsdvB1MkVaiJSLnC5
-liG82rq/v74yVIu2D2wRY5jZ3piZhPUlMCzLCd66zLtJfCLl9rU4NDZXToUO+0Pt
-KTHYaDaGaPjR+CyWDVGIS3fZ0/msjFw3P6/NlfPDJTIUSghiIHvffFx/kI2Wjnzp
-rQYoQn+OV8kCgYEAz9zYhM99Pvf4B7TztrXdlktSJfbLDtCxu4ItYmeZWEJrnpsu
-RK3BVayyT3+iWY+GKSXQFg/syNu9EhXPd2pntEs2CIjGH9IrbjbjYVSDKJAnfh6j
-9D7rClwULV7rLLMUw/Uof/+bdeNRWRmvT5/AhjPOHKE8ocsZvMr+5p6NK3UCgYAR
-Y9SMRAuvRKL8pasb6UpNPiYeJnD4CMVrCNGP8BzW3AYb4wRfLdRD2l9vyfz3W3bV
-YDKmbWVoS8Iv1x2xNq/RLgsU41dc6Tpq7rI7Fax+9RmGjU29foNGHhnhT/SSp2TV
-PgQUjuqvUkoPtWuEsnXbA4GRpAh53d9xa7+mf+p90QKBgQD5TYbSS6oXC75uTcvZ
-5oWrzZDI+1j+hScwT7piX8DDaUbB/KPenl7jKQvFkWCQ2PIhNnMzWF57NCzt//9E
-yq9wkTbBETXWeSI6AxPpwhMnhCCgAnfP0Qc96ndiB2/3n7iMB5DDjkeA74WPhwlE
-3C1HC5XSNxNAY9STdR4TVu6seA==
------END PRIVATE KEY-----
-</key>
-
-<tls-auth>
-#
-# 2048 bit OpenVPN static key
-#
------BEGIN OpenVPN Static key V1-----
-7a5f3c2dd505666b595d6a03a6d627e1
-9babefe23197dc2181a7d1c00b3f5fd6
-7f28ea49abf33ea7422e0ab63c9eae14
-261ce5c099dd27ae26ba9b70b87737fa
-313a21b5e9d99ae382649eb1d0344703
-5a3b99fb9a1cddf03a89aed78fd3be92
-37ba0fa96e49814ea45495148a6552b4
-5f85d6fcc38fe88fbf8f86e0a0e33894
-89c418f65d4c8fc04ca6e59c61024995
-50547f35e5a7985d6415a7304d9340fd
-9f7ff6bb6f063a745fc3d656f275e07c
-8486233627fb96b8d798fbe8d2f8171d
-afc8bf5677ebef7ab1d80c8495d7262b
-c20efbdcc8645b48b68d6a537d9fb3f3
-03e345699bea11b99d9ace6fa5cd1e1d
-5d0951970c379d3e0b28bcaf453c2700
------END OpenVPN Static key V1-----
-</tls-auth>
+++ /dev/null
-##############################################
-# Sample client-side OpenVPN 2.0 config file #
-# for connecting to multi-client server. #
-# #
-# This configuration can be used by multiple #
-# clients, however each client should have #
-# its own cert and key files. #
-# #
-# On Windows, you might want to rename this #
-# file so it has a .ovpn extension #
-##############################################
-
-# Specify that we are a client and that we
-# will be pulling certain config file directives
-# from the server.
-client
-
-# Use the same setting as you are using on
-# the server.
-# On most systems, the VPN will not function
-# unless you partially or fully disable
-# the firewall for the TUN/TAP interface.
-;dev tap
-dev tun
-
-# Windows needs the TAP-Win32 adapter name
-# from the Network Connections panel
-# if you have more than one. On XP SP2,
-# you may need to disable the firewall
-# for the TAP adapter.
-;dev-node MyTap
-
-# Are we connecting to a TCP or
-# UDP server? Use the same setting as
-# on the server.
-;proto tcp
-proto udp
-
-# The hostname/IP and port of the server.
-# You can have multiple remote entries
-# to load balance between the servers.
-remote vpn.userrendszerhaz.hu 1194
-
-# Choose a random host from the remote
-# list for load-balancing. Otherwise
-# try hosts in the order specified.
-;remote-random
-
-# Keep trying indefinitely to resolve the
-# host name of the OpenVPN server. Very useful
-# on machines which are not permanently connected
-# to the internet such as laptops.
-resolv-retry infinite
-
-# Most clients don't need to bind to
-# a specific local port number.
-nobind
-
-# Downgrade privileges after initialization (non-Windows only)
-user nobody
-group nobody
-
-# Try to preserve some state across restarts.
-persist-key
-persist-tun
-
-# If you are connecting through an
-# HTTP proxy to reach the actual OpenVPN
-# server, put the proxy server/IP and
-# port number here. See the man page
-# if your proxy server requires
-# authentication.
-;http-proxy-retry # retry on connection failures
-;http-proxy [proxy server] [proxy port #]
-
-# Wireless networks often produce a lot
-# of duplicate packets. Set this flag
-# to silence duplicate packet warnings.
-;mute-replay-warnings
-
-# SSL/TLS parms.
-# See the server config file for more
-# description. It's best to use
-# a separate .crt/.key file pair
-# for each client. A single ca
-# file can be used for all clients.
-;ca ca.crt
-;cert client.crt
-;key client.key
-
-# Verify server certificate by checking that the
-# certificate has the correct key usage set.
-# This is an important precaution to protect against
-# a potential attack discussed here:
-# http://openvpn.net/howto.html#mitm
-#
-# To use this feature, you will need to generate
-# your server certificates with the keyUsage set to
-# digitalSignature, keyEncipherment
-# and the extendedKeyUsage to
-# serverAuth
-# EasyRSA can do this for you.
-remote-cert-tls server
-
-# If a tls-auth key is used on the server
-# then every client must also have the key.
-;tls-auth ta.key 1
-key-direction 1
-
-# Select a cryptographic cipher.
-# If the cipher option is used on the server
-# then you must also specify it here.
-# Note that v2.4 client/server will automatically
-# negotiate AES-256-GCM in TLS mode.
-# See also the data-ciphers option in the manpage
-cipher AES-256-CBC
-
-# Enable compression on the VPN link.
-# Don't enable this unless it is also
-# enabled in the server config file.
-#comp-lzo
-
-# Set log file verbosity.
-verb 3
-
-# Silence repeating messages
-;mute 20
-
-<ca>
------BEGIN CERTIFICATE-----
-MIIDSzCCAjOgAwIBAgIUdc8xO6X2O5dKTboU0VjKk8vxf6UwDQYJKoZIhvcNAQEL
-BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjIwMTI3MTYyMjI1WhcNMzIw
-MTI1MTYyMjI1WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBANfUW/VYGBdUDdq3yGWMD7TDDoXNFX+FaESEj8ad
-KhU3aakSF2bltPSLV0OKh+6H0avL1sPwvgleI7mmHU3PnyOTt4Seeikhcx9ZMLTZ
-NJ5unObrnfCyTOrpg7oQGUfu/eYsF3wAxXkQp/CG3aq++eTc741V3HVoj8slPtqJ
-7wMPMWDOgqENgIitOYD5gA9iywoLthXsIrPtWKy2zo8kUTQ3KE61UOEUa1I9r+3X
-EMM25lCid8I4kPTRU4JMbFvFqM+q3EOhMXeLlzAj6bD0ebmndxUyJLvbDBC5Uk9Q
-4CJsMRFhXTZZVUeCdmzvt4iUBZXN1P9AeM9lYCw4ZOjIknECAwEAAaOBkDCBjTAd
-BgNVHQ4EFgQUSUNbUvgxeLWEdHqNJ9MiH6nUwqUwUQYDVR0jBEowSIAUSUNbUvgx
-eLWEdHqNJ9MiH6nUwqWhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghR1zzE7
-pfY7l0pNuhTRWMqTy/F/pTAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq
-hkiG9w0BAQsFAAOCAQEAn4m1/6ptyMlGlobrZJ1/zpFykrHdlsFU2JbfVKB1Cu3P
-Hz9rJ0ai3du++7TObktNkALQgMy+i6eGH6+EbLp9lazcRRdJPVhJIuhQX9hvzQfk
-F/mM5wRJd6Rg6Cy8SDp0KYPwOM74Xck9ukvIPxdWd6omgu0b0qpruc58P0AW2Tjk
-XIP5YnBTBQGmN7NUzrJ4zWLKEJbOOi/P47oqEwYBGaWquLBsCPq03oDMs8EsGTcO
-90k9S8vgrrZfW4jHfkOmmNepgvt3g4A3g7Y9qYKLQi6vBtDOpK8OWfD6kIXBxqNt
-uSXdVmSwgbCTdXsMU3aEnVEyvgnlw/Wz+tXo+gLb5w==
------END CERTIFICATE-----
-</ca>
-
-<cert>
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 2b:f6:cb:e6:ee:b9:5f:05:2f:9d:64:50:3f:0c:c3:37
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:56:14 2022 GMT
- Not After : Jan 25 16:56:14 2032 GMT
- Subject: CN=zfelleg
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:a9:54:33:8f:8b:4d:40:21:59:cf:42:77:2e:a3:
- 58:dc:9b:6c:62:ab:d8:f7:7e:06:98:e0:d8:20:13:
- 6f:14:01:d2:3a:9c:d6:a8:d5:9e:cd:1b:b7:53:e4:
- a5:c0:aa:50:13:6a:9a:34:c6:8b:ce:b0:f2:68:ff:
- e1:8d:ed:a3:91:27:c9:30:75:d3:8d:ee:be:df:c6:
- 1f:df:ef:50:f1:21:d5:4d:ae:07:b7:b9:97:bc:ba:
- 6a:65:22:03:00:86:7b:7f:b3:8b:c4:98:73:3d:e6:
- 44:2f:27:31:6d:9c:7d:9d:da:d6:a4:65:68:bb:5b:
- 06:fb:f3:9b:b6:69:f9:08:dd:61:6b:0e:04:48:e7:
- d7:d9:8a:82:1f:44:74:a4:be:86:54:bb:c0:55:da:
- c5:d6:d7:83:6d:26:09:4e:c6:87:cc:89:e1:e8:40:
- 6d:3b:9f:c3:b2:8b:23:87:d2:8c:93:be:95:33:6a:
- 35:dd:33:45:de:06:42:ee:18:19:5a:1d:52:46:54:
- a4:f0:af:5b:f9:56:6d:be:3d:01:ea:96:fe:75:6b:
- 44:95:f8:3b:8a:11:67:59:7b:c8:30:cd:05:40:5a:
- f5:ce:5d:80:2a:aa:0b:f5:e1:24:d2:81:54:b7:7f:
- 39:b0:1c:10:0e:6b:39:d3:06:3b:58:48:7a:a9:7e:
- ea:4f
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- E2:66:F5:04:A5:2A:61:D5:3B:DF:7A:50:2E:78:E9:C4:76:F1:D5:78
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- 21:ff:e7:b7:cf:17:01:19:6e:2c:43:1c:96:37:32:3b:49:ba:
- 4f:97:59:fc:31:2a:97:88:54:5b:96:6b:cd:20:75:f8:91:29:
- 69:93:a0:54:8f:bf:2a:9e:1f:7a:d5:25:ef:7e:16:04:72:0b:
- ab:fc:26:fb:65:47:6a:dc:64:59:e5:51:1a:3b:bd:1c:21:93:
- ba:39:dc:34:37:98:68:0b:7b:72:96:81:0f:63:ea:bc:ea:ed:
- 19:9e:bb:b4:56:8e:c9:67:44:4f:d6:c8:60:2c:7f:37:c7:8e:
- a7:37:c5:f1:67:99:57:2b:0e:1d:8d:27:8c:bf:e1:5b:b7:42:
- 76:09:f0:e5:03:72:a3:93:91:03:62:8c:7d:f5:d9:f0:8e:ca:
- 52:9e:00:8c:1a:90:72:30:ba:86:92:ff:f6:41:ca:17:7d:75:
- 6f:3c:e0:4b:9a:26:d2:fe:79:23:cd:96:0e:c3:77:eb:d4:0c:
- 44:e5:d4:1a:5d:73:2e:48:26:25:97:04:65:90:0b:1f:6f:f1:
- 0c:f6:07:68:c5:38:cf:f4:74:b1:c3:06:ce:38:d2:98:b1:be:
- 82:20:bf:41:6e:8e:74:a5:f7:e9:de:dd:ed:c8:99:db:1c:de:
- c6:14:4d:8d:f1:85:52:d0:a7:44:3e:18:41:87:52:b9:e0:8c:
- ee:1f:01:42
------BEGIN CERTIFICATE-----
-MIIDVTCCAj2gAwIBAgIQK/bL5u65XwUvnWRQPwzDNzANBgkqhkiG9w0BAQsFADAW
-MRQwEgYDVQQDDAtFYXN5LVJTQSBDQTAeFw0yMjAxMjcxNjU2MTRaFw0zMjAxMjUx
-NjU2MTRaMBIxEDAOBgNVBAMMB3pmZWxsZWcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-DwAwggEKAoIBAQCpVDOPi01AIVnPQncuo1jcm2xiq9j3fgaY4NggE28UAdI6nNao
-1Z7NG7dT5KXAqlATapo0xovOsPJo/+GN7aORJ8kwddON7r7fxh/f71DxIdVNrge3
-uZe8umplIgMAhnt/s4vEmHM95kQvJzFtnH2d2takZWi7Wwb785u2afkI3WFrDgRI
-59fZioIfRHSkvoZUu8BV2sXW14NtJglOxofMieHoQG07n8OyiyOH0oyTvpUzajXd
-M0XeBkLuGBlaHVJGVKTwr1v5Vm2+PQHqlv51a0SV+DuKEWdZe8gwzQVAWvXOXYAq
-qgv14STSgVS3fzmwHBAOaznTBjtYSHqpfupPAgMBAAGjgaIwgZ8wCQYDVR0TBAIw
-ADAdBgNVHQ4EFgQU4mb1BKUqYdU733pQLnjpxHbx1XgwUQYDVR0jBEowSIAUSUNb
-UvgxeLWEdHqNJ9MiH6nUwqWhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghR1
-zzE7pfY7l0pNuhTRWMqTy/F/pTATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8E
-BAMCB4AwDQYJKoZIhvcNAQELBQADggEBACH/57fPFwEZbixDHJY3MjtJuk+XWfwx
-KpeIVFuWa80gdfiRKWmToFSPvyqeH3rVJe9+FgRyC6v8JvtlR2rcZFnlURo7vRwh
-k7o53DQ3mGgLe3KWgQ9j6rzq7Rmeu7RWjslnRE/WyGAsfzfHjqc3xfFnmVcrDh2N
-J4y/4Vu3QnYJ8OUDcqOTkQNijH312fCOylKeAIwakHIwuoaS//ZByhd9dW884Eua
-JtL+eSPNlg7Dd+vUDETl1Bpdcy5IJiWXBGWQCx9v8Qz2B2jFOM/0dLHDBs440pix
-voIgv0FujnSl9+ne3e3Imdsc3sYUTY3xhVLQp0Q+GEGHUrngjO4fAUI=
------END CERTIFICATE-----
-</cert>
-
-<key>
------BEGIN PRIVATE KEY-----
-MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCpVDOPi01AIVnP
-Qncuo1jcm2xiq9j3fgaY4NggE28UAdI6nNao1Z7NG7dT5KXAqlATapo0xovOsPJo
-/+GN7aORJ8kwddON7r7fxh/f71DxIdVNrge3uZe8umplIgMAhnt/s4vEmHM95kQv
-JzFtnH2d2takZWi7Wwb785u2afkI3WFrDgRI59fZioIfRHSkvoZUu8BV2sXW14Nt
-JglOxofMieHoQG07n8OyiyOH0oyTvpUzajXdM0XeBkLuGBlaHVJGVKTwr1v5Vm2+
-PQHqlv51a0SV+DuKEWdZe8gwzQVAWvXOXYAqqgv14STSgVS3fzmwHBAOaznTBjtY
-SHqpfupPAgMBAAECggEAb3LTKPR32PDairbleNXcg/7sPJl9CZBySSccOShxYMq+
-EwPtqVxI1Bkc9eO1UPUIFW+BpaDUnisKsh9Q1riFguGb4wB6SJ3OFbzyd9KtBLjP
-CvyzabKG85oCsyPKtArPuEJ1iOUKXMB1Ok/ikZGBgGdsBPIWF9KW6zfw0gQ3/COf
-Kff46NYB2IK+aydp9oeq45yfPMts+ZtfDg2dEsUmRojvy/oy7uLehtEEyj09BzU4
-VLiV9OY3XFcCFtkj3SDqaLEDCv+Wb3ywsBs+6ZbfbQ4JJFqqHhqEgYrXPdG1lu7k
-pAAEbXaUucgdnf5K11PvtQnfHkLKxZ5z9Y7nd/PKmQKBgQDbd9a01dlY/Mg/7S1I
-NvzBKS35oSFVgWUaAlDv7K/x74HA8hO+insOV/8UYoRMOpHDTYElVsxAQ4ymOfXZ
-ghk+38EqKZPvVG6q9C9FhCNiqSjoxQUMbGJVPM0QF5/nWk5SgBefkA02lCWj+Ox7
-Bk2ne7hjaJeuWQUN1tQZAGijlQKBgQDFg8nQH8qFBQd9NN/9ldNIDkeyxK9pBxxX
-MFislUZof85Hnaf8SKTErequT6OKIj2Wr7a7osmub1UXqCryFvTU9mAJsGQEWDVb
-rB/j+xFNtR3RC4vBKATENfT9NjW4S8gj7TRZZKosiHDE7ZIRYZQwvhqvxk7vrBx7
-CFrNVmIdUwKBgC3JpdDaoNrw+jJkIENlvXvrRH1FQbgeI+K2Qv6baeXW60I+/yGM
-sLnAYCZ3m1RwD8MoY15P6pMpxKlVhFZZzzyP4DQUspmHCwO9qDMfq2ZFFpThrfj2
-j9lqsvm9hA33iEmsEcGngyo05Fl+cJAGM6NSq5iJ1MN6LRTDEkMZE7u1AoGAbg00
-UYalLODUf2sKsxzcEHYEdRMqOXcAz4PcpKy4AlnT8gtiIivHwt60uFMfaEQT1PYq
-9vmJLmxSGVBWPXWVDWQJttxVniYX9PA/BKRLy+RyrJumTwWhQkJeMwgVfo6bAYmV
-dYmlWBLd4pwMmyqni1EhRXdVXC2l4NeS4H6VRIkCgYBFXAcEbTWIpEJn+iTjaoao
-FMu6f8nAqTwGyX+0o43Zt7V8I+WcPHkSfNZvhQyl9vYwZTdOGMyE0/KYgaitrtCc
-XZiWTowoy1POGoAMqXwkvB/iqe7++Isb9BQrRoTqS49gIdIYLkL0dkQamjuOAOLC
-ayUpgzo6DfPSNIqgAnDSUQ==
------END PRIVATE KEY-----
-</key>
-
-<tls-auth>
-#
-# 2048 bit OpenVPN static key
-#
------BEGIN OpenVPN Static key V1-----
-7a5f3c2dd505666b595d6a03a6d627e1
-9babefe23197dc2181a7d1c00b3f5fd6
-7f28ea49abf33ea7422e0ab63c9eae14
-261ce5c099dd27ae26ba9b70b87737fa
-313a21b5e9d99ae382649eb1d0344703
-5a3b99fb9a1cddf03a89aed78fd3be92
-37ba0fa96e49814ea45495148a6552b4
-5f85d6fcc38fe88fbf8f86e0a0e33894
-89c418f65d4c8fc04ca6e59c61024995
-50547f35e5a7985d6415a7304d9340fd
-9f7ff6bb6f063a745fc3d656f275e07c
-8486233627fb96b8d798fbe8d2f8171d
-afc8bf5677ebef7ab1d80c8495d7262b
-c20efbdcc8645b48b68d6a537d9fb3f3
-03e345699bea11b99d9ace6fa5cd1e1d
-5d0951970c379d3e0b28bcaf453c2700
------END OpenVPN Static key V1-----
-</tls-auth>
+++ /dev/null
-#!/usr/bin/sh
-
-# Easy-RSA 3 -- A Shell-based CA Utility
-#
-# Copyright (C) 2018 by the Open-Source OpenVPN development community.
-# A full list of contributors can be found in the ChangeLog.
-#
-# This code released under version 2 of the GNU GPL; see COPYING and the
-# Licensing/ directory of this project for full licensing details.
-
-# Help/usage output to stdout
-usage() {
- # command help:
- print "
-Easy-RSA 3 usage and overview
-
-USAGE: easyrsa [options] COMMAND [command-options]
-
-A list of commands is shown below. To get detailed usage and help for a
-command, run:
- ./easyrsa help COMMAND
-
-For a listing of options that can be supplied before the command, use:
- ./easyrsa help options
-
-Here is the list of commands available with a short syntax reminder. Use the
-'help' command above to get full usage details.
-
- init-pki
- build-ca [ cmd-opts ]
- gen-dh
- gen-req <filename_base> [ cmd-opts ]
- sign-req <type> <filename_base>
- build-client-full <filename_base> [ cmd-opts ]
- build-server-full <filename_base> [ cmd-opts ]
- revoke <filename_base> [cmd-opts]
- renew <filename_base> [cmd-opts]
- build-serverClient-full <filename_base> [ cmd-opts ]
- gen-crl
- update-db
- show-req <filename_base> [ cmd-opts ]
- show-cert <filename_base> [ cmd-opts ]
- show-ca [ cmd-opts ]
- import-req <request_file_path> <short_basename>
- export-p7 <filename_base> [ cmd-opts ]
- export-p8 <filename_base> [ cmd-opts ]
- export-p12 <filename_base> [ cmd-opts ]
- set-rsa-pass <filename_base> [ cmd-opts ]
- set-ec-pass <filename_base> [ cmd-opts ]
- upgrade <type>
-"
-
- # collect/show dir status:
- err_source="Not defined: vars autodetect failed and no value provided"
- work_dir="${EASYRSA:-$err_source}"
- pki_dir="${EASYRSA_PKI:-$err_source}"
- print "\
-DIRECTORY STATUS (commands would take effect on these locations)
- EASYRSA: $work_dir
- PKI: $pki_dir
-"
-} # => usage()
-
-# Detailed command help
-# When called with no args, calls usage(), otherwise shows help for a command
-cmd_help() {
- text=""
- opts=""
- case "$1" in
- init-pki|clean-all) text="
- init-pki [ cmd-opts ]
- Removes & re-initializes the PKI dir for a clean PKI" ;;
- build-ca) text="
- build-ca [ cmd-opts ]
- Creates a new CA"
- opts="
- nopass - do not encrypt the CA key (default is encrypted)
- subca - create an intermediate CA keypair and request (default is a root CA)
- intca - alias to the above" ;;
- gen-dh) text="
- gen-dh
- Generates DH (Diffie-Hellman) parameters" ;;
- gen-req) text="
- gen-req <filename_base> [ cmd-opts ]
- Generate a standalone keypair and request (CSR)
-
- This request is suitable for sending to a remote CA for signing."
- opts="
- nopass - do not encrypt the private key (default is encrypted)" ;;
- sign|sign-req) text="
- sign-req <type> <filename_base>
- Sign a certificate request of the defined type. <type> must be a known
- type such as 'client', 'server', 'serverClient', or 'ca' (or a user-added type.)
-
- This request file must exist in the reqs/ dir and have a .req file
- extension. See import-req below for importing reqs from other sources." ;;
- build|build-client-full|build-server-full|build-serverClient-full) text="
- build-client-full <filename_base> [ cmd-opts ]
- build-server-full <filename_base> [ cmd-opts ]
- build-serverClient-full <filename_base> [ cmd-opts ]
- Generate a keypair and sign locally for a client and/or server
-
- This mode uses the <filename_base> as the X509 CN."
- opts="
- nopass - do not encrypt the private key (default is encrypted)
- inline - create an inline credentials file for this node" ;;
- revoke) text="
- revoke <filename_base> [reason]
- Revoke a certificate specified by the filename_base, with an optional
- revocation reason that is one of:
- unspecified
- keyCompromise
- CACompromise
- affiliationChanged
- superseded
- cessationOfOperation
- certificateHold";;
- renew) text="
- renew <filename_base> [ cmd-opts ]
- Renew a certificate specified by the filename_base"
- opts="
- nopass - do not encrypt the private key (default is encrypted)" ;;
- gen-crl) text="
- gen-crl
- Generate a CRL" ;;
- update-db) text="
- update-db
- Update the index.txt database
-
- This command will use the system time to update the status of issued
- certificates." ;;
- show-req|show-cert) text="
- show-req <filename_base> [ cmd-opts ]
- show-cert <filename_base> [ cmd-opts ]
- Shows details of the req or cert referenced by filename_base
-
- Human-readable output is shown, including any requested cert options when
- showing a request."
- opts="
- full - show full req/cert info, including pubkey/sig data" ;;
- show-ca) text="
- show-ca [ cmd-opts ]
- Shows details of the CA cert
-
- Human-readable output is shown."
- opts="
- full - show full cert info, including pubkey/sig data" ;;
- import-req) text="
- import-req <request_file_path> <short_basename>
- Import a certificate request from a file
-
- This will copy the specified file into the reqs/ dir in
- preparation for signing.
- The <short_basename> is the filename base to create.
-
- Example usage:
- import-req /some/where/bob_request.req bob" ;;
- export-p12) text="
- export-p12 <filename_base> [ cmd-opts ]
- Export a PKCS#12 file with the keypair specified by <filename_base>"
- opts="
- noca - do not include the ca.crt file in the PKCS12 output
- nokey - do not include the private key in the PKCS12 output" ;;
- export-p7) text="
- export-p7 <filename_base> [ cmd-opts ]
- Export a PKCS#7 file with the pubkey specified by <filename_base>"
- opts="
- noca - do not include the ca.crt file in the PKCS7 output" ;;
- export-p8) text="
- export-p8 <filename_base> [ cmd-opts ]
- Export a PKCS#8 file with the private key specified by <filename_base>"
- opts="
- noca - do not include the ca.crt file in the PKCS7 output" ;;
- set-rsa-pass|set-ec-pass) text="
- set-rsa-pass <filename_base> [ cmd-opts ]
- set-ec-pass <filename_base> [ cmd-opts ]
- Set a new passphrase on an RSA or EC key for the listed <filename_base>."
- opts="
- nopass - use no password and leave the key unencrypted
- file - (advanced) treat the file as a raw path, not a short-name" ;;
- upgrade) text="
- upgrade <type>
- Upgrade EasyRSA PKI and/or CA. <type> must be one of:
- pki - Upgrade EasyRSA v2.x PKI to EasyRSA v3.x PKI (includes CA below)
- ca - Upgrade EasyRSA v3.0.5 CA or older to EasyRSA v3.0.6 CA or later." ;;
- altname|subjectaltname|san) text="
- --subject-alt-name=SAN_FORMAT_STRING
- This global option adds a subjectAltName to the request or issued
- certificate. It MUST be in a valid format accepted by openssl or
- req/cert generation will fail. Note that including multiple such names
- requires them to be comma-separated; further invocations of this
- option will REPLACE the value.
-
- Examples of the SAN_FORMAT_STRING shown below:
- DNS:alternate.example.net
- DNS:primary.example.net,DNS:alternate.example.net
- IP:203.0.113.29
- email:alternate@example.net" ;;
- options)
- opt_usage ;;
- "")
- usage ;;
- *) text="
- Unknown command: '$1' (try without commands for a list of commands)" ;;
- esac
-
- # display the help text
- print "$text"
- [ -n "$opts" ] && print "
- cmd-opts is an optional set of command options from this list:
-$opts"
-} # => cmd_help()
-
-# Options usage
-opt_usage() {
- print "
-Easy-RSA Global Option Flags
-
-The following options may be provided before the command. Options specified
-at runtime override env-vars and any 'vars' file in use. Unless noted,
-non-empty values to options are mandatory.
-
-General options:
-
---batch : set automatic (no-prompts when possible) mode
---passin=ARG : set -passin ARG for openssl
---passout=ARG : set -passout ARG for openssl
---pki-dir=DIR : declares the PKI directory
---vars=FILE : define a specific 'vars' file to use for Easy-RSA config
---version : prints EasyRSA version and build information, then exits
-
-Certificate & Request options: (these impact cert/req field values)
-
---days=# : sets the signing validity to the specified number of days
---digest=ALG : digest to use in the requests & certificates
---dn-mode=MODE : DN mode to use (cn_only or org)
---keysize=# : size in bits of keypair to generate
---req-cn=NAME : default CN to use
---subca-len=# : path length of signed intermediate CA certs; must be >= 0 if used
---subject-alt-name : Add a subjectAltName. For more info and syntax, see:
- ./easyrsa help altname
---use-algo=ALG : crypto alg to use: choose rsa (default) or ec
---curve=NAME : for elliptic curve, sets the named curve to use
---copy-ext : Copy included request X509 extensions (namely subjAltName
-
-Organizational DN options: (only used with the 'org' DN mode)
- (values may be blank for org DN options)
-
---req-c=CC : country code (2-letters)
---req-st=NAME : State/Province
---req-city=NAME : City/Locality
---req-org=NAME : Organization
---req-email=NAME : Email addresses
---req-ou=NAME : Organizational Unit
-
-Deprecated features:
-
---ns-cert=YESNO : yes or no to including deprecated NS extensions
---ns-comment=COMMENT : NS comment to include (value may be blank)
-"
-} # => opt_usage()
-
-# Wrapper around printf - clobber print since it's not POSIX anyway
-# shellcheck disable=SC1117
-print() { printf "%s\n" "$*" || exit 1; }
-
-# Exit fatally with a message to stderr
-# present even with EASYRSA_BATCH as these are fatal problems
-die() {
- print "
-Easy-RSA error:
-
-$1" 1>&2
- exit "${2:-1}"
-} # => die()
-
-# non-fatal warning output
-warn() {
- [ ! "$EASYRSA_BATCH" ] && \
- print "
-$1" 1>&2
-
- return 0
-} # => warn()
-
-# informational notices to stdout
-notice() {
- [ ! "$EASYRSA_BATCH" ] && \
- print "
-$1"
-
- return 0
-} # => notice()
-
-# yes/no case-insensitive match (operates on stdin pipe)
-# Returns 0 when input contains yes, 1 for no, 2 for no match
-# If both strings are present, returns 1; first matching line returns.
-awk_yesno() {
- #shellcheck disable=SC2016
- awkscript='
-BEGIN {IGNORECASE=1; r=2}
-{ if(match($0,"no")) {r=1; exit}
- if(match($0,"yes")) {r=0; exit}
-} END {exit r}'
- awk "$awkscript"
-} # => awk_yesno()
-
-# intent confirmation helper func
-# returns without prompting in EASYRSA_BATCH
-confirm() {
- [ "$EASYRSA_BATCH" ] && return
- prompt="$1"
- value="$2"
- msg="$3"
- input=""
- print "
-$msg
-
-Type the word '$value' to continue, or any other input to abort."
- printf %s " $prompt"
- #shellcheck disable=SC2162
- read input
- [ "$input" = "$value" ] && return
- notice "Aborting without confirmation."
- exit 9
-} # => confirm()
-
-# mktemp wrapper
-easyrsa_mktemp() {
- [ -n "$EASYRSA_TEMP_DIR_session" ] || die "EASYRSA_TEMP_DIR_session not initialized!"
- [ -d "$EASYRSA_TEMP_DIR_session" ] || mkdir -p "$EASYRSA_TEMP_DIR_session" ||
- die "Could not create temporary directory '$EASYRSA_TEMP_DIR_session'. Permission or concurrency problem?"
- [ -d "$EASYRSA_TEMP_DIR_session" ] || die "Temporary directory '$EASYRSA_TEMP_DIR_session' does not exist"
-
- template="$EASYRSA_TEMP_DIR_session/tmp.XXXXXX"
- tempfile=$(mktemp "$template") || return
-
- # win32 mktemp shipped by easyrsa returns template as file!
- if [ "$template" = "$tempfile" ]; then
- # but win32 mktemp -d does work
- # but win32 mktemp -u does not work
- tempfile=$(mktemp -du "$tempfile") || return
- printf "" > "$tempfile" || return
- fi
- echo "$tempfile"
-} # => easyrsa_mktemp
-
-# remove temp files and do terminal cleanups
-cleanup() {
- [ -z "$EASYRSA_TEMP_DIR_session" ] || rm -rf "$EASYRSA_TEMP_DIR_session"
- # shellcheck disable=SC2039
- (stty echo 2>/dev/null) || { (set -o echo 2>/dev/null) && set -o echo; }
- echo "" # just to get a clean line
-} # => cleanup()
-
-easyrsa_openssl() {
- openssl_command=$1; shift
-
- case $openssl_command in
- makesafeconf) has_config=true;;
- ca|req|srp|ts) has_config=true;;
- *) has_config=false;;
- esac
-
- if ! $has_config; then
- "$EASYRSA_OPENSSL" "$openssl_command" "$@"
- return
- fi
-
- easyrsa_openssl_conf=$(easyrsa_mktemp) || die "Failed to create temporary file"
- easyrsa_extra_exts=
- if [ -n "$EASYRSA_EXTRA_EXTS" ]; then
- easyrsa_extra_exts=$(easyrsa_mktemp) || die "Failed to create temporary file"
- cat >"$easyrsa_extra_exts" <<-EOF
- req_extensions = req_extra
- [ req_extra ]
- $EASYRSA_EXTRA_EXTS
- EOF
- fi
-
- # Make LibreSSL safe config file from OpenSSL config file
- sed \
- -e "s\`ENV::EASYRSA\`EASYRSA\`g" \
- -e "s\`\$dir\`$EASYRSA_PKI\`g" \
- -e "s\`\$EASYRSA_PKI\`$EASYRSA_PKI\`g" \
- -e "s\`\$EASYRSA_CERT_EXPIRE\`$EASYRSA_CERT_EXPIRE\`g" \
- -e "s\`\$EASYRSA_CRL_DAYS\`$EASYRSA_CRL_DAYS\`g" \
- -e "s\`\$EASYRSA_DIGEST\`$EASYRSA_DIGEST\`g" \
- -e "s\`\$EASYRSA_KEY_SIZE\`$EASYRSA_KEY_SIZE\`g" \
- -e "s\`\$EASYRSA_DIGEST\`$EASYRSA_DIGEST\`g" \
- -e "s\`\$EASYRSA_DN\`$EASYRSA_DN\`g" \
- -e "s\`\$EASYRSA_REQ_COUNTRY\`$EASYRSA_REQ_COUNTRY\`g" \
- -e "s\`\$EASYRSA_REQ_PROVINCE\`$EASYRSA_REQ_PROVINCE\`g" \
- -e "s\`\$EASYRSA_REQ_CITY\`$EASYRSA_REQ_CITY\`g" \
- -e "s\`\$EASYRSA_REQ_ORG\`$EASYRSA_REQ_ORG\`g" \
- -e "s\`\$EASYRSA_REQ_OU\`$EASYRSA_REQ_OU\`g" \
- -e "s\`\$EASYRSA_REQ_CN\`$EASYRSA_REQ_CN\`g" \
- -e "s\`\$EASYRSA_REQ_EMAIL\`$EASYRSA_REQ_EMAIL\`g" \
- ${EASYRSA_EXTRA_EXTS:+-e "/^#%EXTRA_EXTS%/r $easyrsa_extra_exts"} \
- "$EASYRSA_SSL_CONF" > "$easyrsa_openssl_conf" ||
- die "Failed to update $easyrsa_openssl_conf"
-
- if [ "$openssl_command" = "makesafeconf" ]; then
- cp "$easyrsa_openssl_conf" "$EASYRSA_SAFE_CONF"
- err=$?
- else
- "$EASYRSA_OPENSSL" "$openssl_command" -config "$easyrsa_openssl_conf" "$@"
- err=$?
- fi
-
- rm -f "$easyrsa_openssl_conf"
- rm -f "$easyrsa_extra_exts"
- return $err
-} # => easyrsa_openssl
-
-vars_source_check() {
- # Check for defined EASYRSA_PKI
- [ -n "$EASYRSA_PKI" ] || die "\
-EASYRSA_PKI env-var undefined"
-} # => vars_source_check()
-
-# Verify supplied curve exists and generate curve file if needed
-verify_curve_ec() {
- if ! "$EASYRSA_OPENSSL" ecparam -name "$EASYRSA_CURVE" > /dev/null; then
- die "\
-Curve $EASYRSA_CURVE not found. Run openssl ecparam -list_curves to show a
-list of supported curves."
- fi
-
- # Check that the ecparams dir exists
- [ -d "$EASYRSA_EC_DIR" ] || mkdir "$EASYRSA_EC_DIR" || die "\
-Failed creating ecparams dir (permissions?) at:
-$EASYRSA_EC_DIR"
-
- # Check that the required ecparams file exists
- out="$EASYRSA_EC_DIR/${EASYRSA_CURVE}.pem"
- [ -f "$out" ] && return 0
- "$EASYRSA_OPENSSL" ecparam -name "$EASYRSA_CURVE" -out "$out" || die "\
-Failed to generate ecparam file (permissions?) when writing to:
-$out"
-
- # Explicitly return success for caller
- return 0
-}
-
-# Verify if Edward Curve exists
-verify_curve_ed() {
- if [ "ed25519" = "$EASYRSA_CURVE" ] && "$EASYRSA_OPENSSL" genpkey -algorithm ED25519 > /dev/null; then
- return 0
- elif [ "ed448" = "$EASYRSA_CURVE" ] && "$EASYRSA_OPENSSL" genpkey -algorithm ED448 > /dev/null; then
- return 0
- fi
- die "Curve $EASYRSA_CURVE not found."
-}
-
-verify_ssl_lib () {
- # Verify EASYRSA_OPENSSL command gives expected output
- if [ -z "$EASYRSA_SSL_OK" ]; then
- val="$("$EASYRSA_OPENSSL" version)"
- case "${val%% *}" in
- OpenSSL|LibreSSL)
- print "\
-Using SSL: $EASYRSA_OPENSSL $("$EASYRSA_OPENSSL" version)" ;;
- *) die "\
-Missing or invalid OpenSSL
-Expected to find openssl command at: $EASYRSA_OPENSSL" ;;
- esac
- fi
- EASYRSA_SSL_OK=1
-
- # Verify EASYRSA_SSL_CONF file exists
- [ -f "$EASYRSA_SSL_CONF" ] || die "\
-The OpenSSL config file cannot be found.
-Expected location: $EASYRSA_SSL_CONF"
-} # => verify_ssl_lib ()
-
-# Basic sanity-check of PKI init and complain if missing
-verify_pki_init() {
- help_note="Run easyrsa without commands for usage and command help."
-
- # check that the pki dir exists
- vars_source_check
- [ -d "$EASYRSA_PKI" ] || die "\
-EASYRSA_PKI does not exist (perhaps you need to run init-pki)?
-Expected to find the EASYRSA_PKI at: $EASYRSA_PKI
-$help_note"
-
- # verify expected dirs present:
- for i in private reqs; do
- [ -d "$EASYRSA_PKI/$i" ] || die "\
-Missing expected directory: $i (perhaps you need to run init-pki?)
-$help_note"
- done
-
- # verify ssl lib
- verify_ssl_lib
-} # => verify_pki_init()
-
-# Verify core CA files present
-verify_ca_init() {
- help_note="Run without commands for usage and command help."
-
- # First check the PKI has been initialized
- verify_pki_init
-
- # Verify expected files are present. Allow files to be regular files
- # (or symlinks), but also pipes, for flexibility with ca.key
- for i in serial index.txt index.txt.attr ca.crt private/ca.key; do
- if [ ! -f "$EASYRSA_PKI/$i" ] && [ ! -p "$EASYRSA_PKI/$i" ]; then
- [ "$1" = "test" ] && return 1
- die "\
-Missing expected CA file: $i (perhaps you need to run build-ca?)
-$help_note"
- fi
- done
-
- # When operating in 'test' mode, return success.
- # test callers don't care about CA-specific dir structure
- [ "$1" = "test" ] && return 0
-
- # verify expected CA-specific dirs:
- for i in issued certs_by_serial
- do
- [ -d "$EASYRSA_PKI/$i" ] || die "\
-Missing expected CA dir: $i (perhaps you need to run build-ca?)
-$help_note"
- done
-
- # explicitly return success for callers
- return 0
-
-} # => verify_ca_init()
-
-# init-pki backend:
-init_pki() {
-
- # If EASYRSA_PKI exists, confirm before we rm -rf (skiped with EASYRSA_BATCH)
- if [ -e "$EASYRSA_PKI" ]; then
- confirm "Confirm removal: " "yes" "
-WARNING!!!
-
-You are about to remove the EASYRSA_PKI at: $EASYRSA_PKI
-and initialize a fresh PKI here."
- # now remove it:
- rm -rf "$EASYRSA_PKI" || die "Removal of PKI dir failed. Check/correct errors above"
- fi
-
- # new dirs:
- for i in private reqs; do
- mkdir -p "$EASYRSA_PKI/$i" || die "Failed to create PKI file structure (permissions?)"
- done
-
- # Create $EASYRSA_SAFE_CONF ($OPENSSL_CONF) prevents bogus warnings (especially useful on win32)
- if [ ! -f "$EASYRSA_SSL_CONF" ] && [ -f "$EASYRSA/openssl-easyrsa.cnf" ];
- then
- cp "$EASYRSA/openssl-easyrsa.cnf" "$EASYRSA_SSL_CONF"
- easyrsa_openssl makesafeconf
- fi
-
- notice "\
-init-pki complete; you may now create a CA or requests.
-Your newly created PKI dir is: $EASYRSA_PKI
-"
- return 0
-} # => init_pki()
-
-hide_read_pass()
-{
- # shellcheck disable=SC2039
- if stty -echo 2>/dev/null; then
- read -r "$@"
- stty echo
- elif (set +o echo 2>/dev/null); then
- set +o echo
- read -r "$@"
- set -o echo
- elif (echo | read -r -s 2>/dev/null) ; then
- read -r -s "$@"
- else
- warn "Could not disable echo. Password will be shown on screen!"
- read -r "$@"
- fi
-} # => hide_read_pass()
-
-# build-ca backend:
-build_ca() {
- opts=""
- sub_ca=""
- nopass=""
- crypto="-aes256"
- while [ -n "$1" ]; do
- case "$1" in
- intca) sub_ca=1 ;;
- subca) sub_ca=1 ;;
- nopass) nopass=1 ;;
- *) warn "Ignoring unknown command option: '$1'" ;;
- esac
- shift
- done
-
- verify_pki_init
- [ "$EASYRSA_ALGO" = "ec" ] && verify_curve_ec
- [ "$EASYRSA_ALGO" = "ed" ] && verify_curve_ed
-
- # setup for the simpler intermediate CA situation and overwrite with root-CA if needed:
- out_file="$EASYRSA_PKI/reqs/ca.req"
- out_key="$EASYRSA_PKI/private/ca.key"
- if [ ! $sub_ca ]; then
- out_file="$EASYRSA_PKI/ca.crt"
- opts="$opts -x509 -days $EASYRSA_CA_EXPIRE "
- fi
-
- # Test for existing CA, and complain if already present
- if verify_ca_init test; then
- die "\
-Unable to create a CA as you already seem to have one set up.
-If you intended to start a new CA, run init-pki first."
- fi
- # If a private key exists here, a intermediate ca was created but not signed.
- # Notify the user and require a signed ca.crt or a init-pki:
- [ -f "$out_key" ] && \
- die "\
-A CA private key exists but no ca.crt is found in your PKI dir of:
-$EASYRSA_PKI
-Refusing to create a new CA keypair as this operation would overwrite your
-current CA keypair. If you intended to start a new CA, run init-pki first."
-
- # create necessary files and dirs:
- err_file="Unable to create necessary PKI files (permissions?)"
- for i in issued certs_by_serial \
- revoked/certs_by_serial revoked/private_by_serial revoked/reqs_by_serial \
- renewed/certs_by_serial renewed/private_by_serial renewed/reqs_by_serial;
- do
- mkdir -p "$EASYRSA_PKI/$i" || die "$err_file"
- done
- printf "" > "$EASYRSA_PKI/index.txt" || die "$err_file"
- printf "" > "$EASYRSA_PKI/index.txt.attr" || die "$err_file"
- print "01" > "$EASYRSA_PKI/serial" || die "$err_file"
-
- # Default CN only when not in global EASYRSA_BATCH mode:
- # shellcheck disable=SC2015
- [ "$EASYRSA_BATCH" ] && opts="$opts -batch" || export EASYRSA_REQ_CN="Easy-RSA CA"
-
- out_key_tmp="$(easyrsa_mktemp)" || die "Failed to create temporary file"
- out_file_tmp="$(easyrsa_mktemp)" || die "Failed to create temporary file"
- # Get password from user if necessary
- if [ ! $nopass ] && ( [ -z "$EASYRSA_PASSOUT" ] || [ -z "$EASYRSA_PASSIN" ] ); then
- out_key_pass_tmp="$(easyrsa_mktemp)" || die "Failed to create temporary file"
- echo
- printf "Enter New CA Key Passphrase: "
- hide_read_pass kpass
- echo
- printf "Re-Enter New CA Key Passphrase: "
- hide_read_pass kpass2
- echo
- # shellcheck disable=2154
- if [ "$kpass" = "$kpass2" ];
- then
- printf "%s" "$kpass" > "$out_key_pass_tmp"
- else
- die "Passphrases do not match."
- fi
- fi
-
- # create the CA key using AES256
- crypto_opts=""
- if [ ! $nopass ]; then
- crypto_opts="$crypto"
- if [ -z "$EASYRSA_PASSOUT" ]; then
- if [ "ed" = "$EASYRSA_ALGO" ]; then
- crypto_opts="$crypto_opts -pass file:$out_key_pass_tmp"
- else
- crypto_opts="$crypto_opts -passout file:$out_key_pass_tmp"
- fi
- fi
- fi
- if [ "$EASYRSA_ALGO" = "rsa" ]; then
- #shellcheck disable=SC2086
- "$EASYRSA_OPENSSL" genrsa -out "$out_key_tmp" $crypto_opts ${EASYRSA_PASSOUT:+-passout "$EASYRSA_PASSOUT"} "$EASYRSA_ALGO_PARAMS" || \
- die "Failed create CA private key"
- elif [ "$EASYRSA_ALGO" = "ec" ]; then
- #shellcheck disable=SC2086
- "$EASYRSA_OPENSSL" ecparam -in "$EASYRSA_ALGO_PARAMS" -genkey | \
- "$EASYRSA_OPENSSL" ec -out "$out_key_tmp" $crypto_opts ${EASYRSA_PASSOUT:+-passout "$EASYRSA_PASSOUT"} || \
- die "Failed create CA private key"
- elif [ "ed" = "$EASYRSA_ALGO" ]; then
- if [ "ed25519" = "$EASYRSA_CURVE" ]; then
- "$EASYRSA_OPENSSL" genpkey -algorithm ED25519 -out $out_key_tmp $crypto_opts ${EASYRSA_PASSOUT:+-pass "$EASYRSA_PASSOUT"} || \
- die "Failed create CA private key"
- elif [ "ed448" = "$EASYRSA_CURVE" ]; then
- "$EASYRSA_OPENSSL" genpkey -algorithm ED448 -out $out_key_tmp $crypto_opts ${EASYRSA_PASSOUT:+-pass "$EASYRSA_PASSOUT"} || \
- die "Failed create CA private key"
- fi
- fi
-
- # create the CA keypair:
- crypto_opts=""
- [ ! $nopass ] && [ -z "$EASYRSA_PASSIN" ] && crypto_opts="-passin file:$out_key_pass_tmp"
-
- #shellcheck disable=SC2086
- easyrsa_openssl req -utf8 -new -key "$out_key_tmp" \
- -keyout "$out_key_tmp" -out "$out_file_tmp" $crypto_opts $opts ${EASYRSA_PASSIN:+-passin "$EASYRSA_PASSIN"} || \
- die "Failed to build the CA"
-
- mv "$out_key_tmp" "$out_key"
- mv "$out_file_tmp" "$out_file"
- [ -f "$out_key_pass_tmp" ] && rm "$out_key_pass_tmp"
-
- # Success messages
- if [ $sub_ca ]; then
- notice "\
-NOTE: Your intermediate CA request is at $out_file
-and now must be sent to your parent CA for signing. Place your resulting cert
-at $EASYRSA_PKI/ca.crt prior to signing operations.
-"
- else notice "\
-CA creation complete and you may now import and sign cert requests.
-Your new CA certificate file for publishing is at:
-$out_file
-"
- fi
- return 0
-} # => build_ca()
-
-# gen-dh backend:
-gen_dh() {
- verify_pki_init
-
- out_file="$EASYRSA_PKI/dh.pem"
-
- # check to see if we already have a dh parameters file
- if [ -e "$EASYRSA_PKI/dh.pem" ]; then
- if [ "$EASYRSA_BATCH" = "1" ]; then
- # if batch is enabled, die
- die "file $EASYRSA_PKI/dh.pem already exists!"
- else
- # warn the user, give them a chance to force overwrite
- confirm "Overwrite? " "yes" "*** File $EASYRSA_PKI/dh.pem already exists! ***"
- fi
- fi
-
- "$EASYRSA_OPENSSL" dhparam -out "$out_file" "$EASYRSA_KEY_SIZE" || \
- die "Failed to build DH params"
- notice "\
-DH parameters of size $EASYRSA_KEY_SIZE created at $out_file
-"
- return 0
-} # => gen_dh()
-
-# gen-req backend:
-gen_req() {
- # pull filename base and use as default interactive CommonName:
- [ -n "$1" ] || die "\
-Error: gen-req must have a file base as the first argument.
-Run easyrsa without commands for usage and commands."
- key_out="$EASYRSA_PKI/private/$1.key"
- req_out="$EASYRSA_PKI/reqs/$1.req"
- [ ! "$EASYRSA_BATCH" ] && EASYRSA_REQ_CN="$1"
- shift
-
- # function opts support
- opts=
- while [ -n "$1" ]; do
- case "$1" in
- nopass) opts="$opts -nodes" ;;
- # batch flag supports internal callers needing silent operation
- batch) EASYRSA_BATCH=1 ;;
- *) warn "Ignoring unknown command option: '$1'" ;;
- esac
- shift
- done
-
- verify_pki_init
- [ "$EASYRSA_ALGO" = "ec" ] && verify_curve_ec
- [ "$EASYRSA_ALGO" = "ed" ] && verify_curve_ed
-
- # don't wipe out an existing private key without confirmation
- [ -f "$key_out" ] && confirm "Confirm key overwrite: " "yes" "\
-
-WARNING!!!
-
-An existing private key was found at $key_out
-Continuing with key generation will replace this key."
-
- # When EASYRSA_EXTRA_EXTS is defined, append it to openssl's [req] section:
- if [ -n "$EASYRSA_EXTRA_EXTS" ]; then
- # Setup & insert the extra ext data keyed by a magic line
- extra_exts="
-req_extensions = req_extra
-[ req_extra ]
-$EASYRSA_EXTRA_EXTS"
- #shellcheck disable=SC2016
- awkscript='
-{if ( match($0, "^#%EXTRA_EXTS%") )
- { while ( getline<"/dev/stdin" ) {print} next }
- {print}
-}'
- conf_tmp="$(easyrsa_mktemp)" || die "Failed to create temporary file"
- print "$extra_exts" | \
- awk "$awkscript" "$EASYRSA_SSL_CONF" \
- > "$conf_tmp" \
- || die "Copying SSL config to temp file failed"
- # Use this new SSL config for the rest of this function
- EASYRSA_SSL_CONF="$conf_tmp"
- fi
-
- key_out_tmp="$(easyrsa_mktemp)" || die "Failed to create temporary file"
- req_out_tmp="$(easyrsa_mktemp)" || die "Failed to create temporary file"
- # generate request
- [ $EASYRSA_BATCH ] && opts="$opts -batch"
- # shellcheck disable=2086,2148
- algo_opts=""
- if [ "ed" = "$EASYRSA_ALGO" ]; then
- algo_opts=" -newkey $EASYRSA_CURVE "
- else
- algo_opts=" -newkey $EASYRSA_ALGO:$EASYRSA_ALGO_PARAMS "
- fi
- easyrsa_openssl req -utf8 -new $algo_opts \
- -keyout "$key_out_tmp" -out "$req_out_tmp" $opts ${EASYRSA_PASSOUT:+-passout "$EASYRSA_PASSOUT"} \
- || die "Failed to generate request"
- mv "$key_out_tmp" "$key_out"
- mv "$req_out_tmp" "$req_out"
- notice "\
-Keypair and certificate request completed. Your files are:
-req: $req_out
-key: $key_out
-"
- return 0
-} # => gen_req()
-
-# common signing backend
-sign_req() {
- crt_type="$1"
- opts=""
- req_in="$EASYRSA_PKI/reqs/$2.req"
- crt_out="$EASYRSA_PKI/issued/$2.crt"
-
- # Randomize Serial number
- if [ "$EASYRSA_RAND_SN" != "no" ];
- then
- i=""
- serial=""
- check_serial=""
- for i in 1 2 3 4 5; do
- "$EASYRSA_OPENSSL" rand -hex -out "$EASYRSA_PKI/serial" 16
- serial="$(cat "$EASYRSA_PKI/serial")"
- check_serial="$("$EASYRSA_OPENSSL" ca -config "$EASYRSA_SSL_CONF" -status "$serial" 2>&1)"
- case "$check_serial" in
- *"not present in db"*) break ;;
- *) continue ;;
- esac
- done
- fi
-
- # Support batch by internal caller:
- [ "$3" = "batch" ] && EASYRSA_BATCH=1
-
- verify_ca_init
-
- # Check argument sanity:
- [ -n "$2" ] || die "\
-Incorrect number of arguments provided to sign-req:
-expected 2, got $# (see command help for usage)"
-
- # Cert type must exist under the EASYRSA_EXT_DIR
- [ -r "$EASYRSA_EXT_DIR/$crt_type" ] || die "\
-Unknown cert type '$crt_type'"
-
- # Request file must exist
- [ -f "$req_in" ] || die "\
-No request found for the input: '$2'
-Expected to find the request at: $req_in"
-
- # Confirm input is a cert req
- verify_file req "$req_in" || die "\
-The certificate request file is not in a valid X509 request format.
-File Path: $req_in"
-
- # Display the request subject in an easy-to-read format
- # Confirm the user wishes to sign this request
- confirm "Confirm request details: " "yes" "
-You are about to sign the following certificate.
-Please check over the details shown below for accuracy. Note that this request
-has not been cryptographically verified. Please be sure it came from a trusted
-source or that you have verified the request checksum with the sender.
-
-Request subject, to be signed as a $crt_type certificate for $EASYRSA_CERT_EXPIRE days:
-
-$(display_dn req "$req_in")
-" # => confirm end
-
- # Generate the extensions file for this cert:
- ext_tmp="$(easyrsa_mktemp)" || die "Failed to create temporary file"
- {
- # Append first any COMMON file (if present) then the cert-type extensions
- cat "$EASYRSA_EXT_DIR/COMMON"
- cat "$EASYRSA_EXT_DIR/$crt_type"
- # copy req extensions
- [ "$EASYRSA_CP_EXT" ] && print "copy_extensions = copy"
-
- # Support a dynamic CA path length when present:
- [ "$crt_type" = "ca" ] && [ -n "$EASYRSA_SUBCA_LEN" ] && \
- print "basicConstraints = CA:TRUE, pathlen:$EASYRSA_SUBCA_LEN"
-
- # Deprecated Netscape extension support, if enabled
- if print "$EASYRSA_NS_SUPPORT" | awk_yesno; then
- [ -n "$EASYRSA_NS_COMMENT" ] && \
- print "nsComment = \"$EASYRSA_NS_COMMENT\""
- case "$crt_type" in
- serverClient) print "nsCertType = serverClient" ;;
- server) print "nsCertType = server" ;;
- client) print "nsCertType = client" ;;
- ca) print "nsCertType = sslCA" ;;
- esac
- fi
-
- # If type is server and no subjectAltName was requested,
- # add one to the extensions file
- if [ "$crt_type" = 'server' ] || [ "$crt_type" = 'serverClient' ];
- then
- echo "$EASYRSA_EXTRA_EXTS" | grep -q subjectAltName
- if [ $? -ne 0 ];
- then
- san=$(display_san req "$req_in")
-
- if [ -n "$san" ];
- then
- print "subjectAltName = $san"
- else
- default_server_san "$req_in"
- fi
- fi
- fi
-
- # Add any advanced extensions supplied by env-var:
- [ -n "$EASYRSA_EXTRA_EXTS" ] && print "$EASYRSA_EXTRA_EXTS"
-
- : # needed to keep die from inherting the above test
- } > "$ext_tmp" || die "\
-Failed to create temp extension file (bad permissions?) at:
-$ext_tmp"
-
- # sign request
- crt_out_tmp="$(easyrsa_mktemp)" || die "Failed to create temporary file"
- easyrsa_openssl ca -utf8 -in "$req_in" -out "$crt_out_tmp" \
- -extfile "$ext_tmp" -days "$EASYRSA_CERT_EXPIRE" -batch $opts ${EASYRSA_PASSIN:+-passin "$EASYRSA_PASSIN"} \
- || die "signing failed (openssl output above may have more detail)"
- mv "$crt_out_tmp" "$crt_out"
- rm -f "$ext_tmp"
- notice "\
-Certificate created at: $crt_out
-"
- return 0
-} # => sign_req()
-
-# common build backend
-# used to generate+sign in 1 step
-build_full() {
- verify_ca_init
-
- # pull filename base:
- [ -n "$2" ] || die "\
-Error: didn't find a file base name as the first argument.
-Run easyrsa without commands for usage and commands."
- crt_type="$1" name="$2"
- req_out="$EASYRSA_PKI/reqs/$2.req"
- key_out="$EASYRSA_PKI/private/$2.key"
- crt_out="$EASYRSA_PKI/issued/$2.crt"
- shift 2
-
- # function opts support
- req_opts=
- while [ -n "$1" ]; do
- case "$1" in
- nopass) req_opts="$req_opts nopass" ;;
- inline) EASYRSA_INLINE=1 ;;
- *) warn "Ignoring unknown command option: '$1'" ;;
- esac
- shift
- done
-
- # abort on existing req/key/crt files
- err_exists="\
-file already exists. Aborting build to avoid overwriting this file.
-If you wish to continue, please use a different name or remove the file.
-Matching file found at: "
- [ -f "$req_out" ] && die "Request $err_exists $req_out"
- [ -f "$key_out" ] && die "Key $err_exists $key_out"
- [ -f "$crt_out" ] && die "Certificate $err_exists $crt_out"
-
- # create request
- EASYRSA_REQ_CN="$name"
- #shellcheck disable=SC2086
- gen_req "$name" batch $req_opts
-
- # Sign it
- ( sign_req "$crt_type" "$name" batch ) || {
- rm -f "$req_out" "$key_out"
- die "Failed to sign '$name'"
- }
-
- # inline it
- if [ $EASYRSA_INLINE ]; then
- inline_creds
- fi
-} # => build_full()
-
-# Create inline credentials file for this node
-inline_creds ()
-{
- [ -f "$EASYRSA_PKI/$EASYRSA_REQ_CN.creds" ] \
- && die "Inline file exists: $EASYRSA_PKI/$EASYRSA_REQ_CN.creds"
- {
- printf "%s\n" "# $crt_type: $EASYRSA_REQ_CN"
- printf "%s\n" ""
- printf "%s\n" "<ca>"
- cat "$EASYRSA_PKI/ca.crt"
- printf "%s\n" "</ca>"
- printf "%s\n" ""
- printf "%s\n" "<cert>"
- cat "$crt_out"
- printf "%s\n" "</cert>"
- printf "%s\n" ""
- printf "%s\n" "<key>"
- cat "$key_out"
- printf "%s\n" "</key>"
- printf "%s\n" ""
- } > "$EASYRSA_PKI/$EASYRSA_REQ_CN.creds"
-} # => inline_creds ()
-
-# revoke backend
-revoke() {
- verify_ca_init
-
- # pull filename base:
- [ -n "$1" ] || die "\
-Error: didn't find a file base name as the first argument.
-Run easyrsa without commands for usage and command help."
- crt_in="$EASYRSA_PKI/issued/$1.crt"
-
- opts=""
- if [ "$2" ]; then
- opts="$opts -crl_reason $2"
- fi
-
- verify_file x509 "$crt_in" || die "\
-Unable to revoke as the input file is not a valid certificate. Unexpected
-input in file: $crt_in"
-
- # confirm operation by displaying DN:
- confirm "Continue with revocation: " "yes" "
-Please confirm you wish to revoke the certificate with the following subject:
-
-$(display_dn x509 "$crt_in")
-" # => confirm end
-
- # referenced cert must exist:
- [ -f "$crt_in" ] || die "\
-Unable to revoke as no certificate was found. Certificate was expected
-at: $crt_in"
-
- # shellcheck disable=SC2086
- easyrsa_openssl ca -utf8 -revoke "$crt_in" ${EASYRSA_PASSIN:+-passin "$EASYRSA_PASSIN"} $opts || die "\
-Failed to revoke certificate: revocation command failed."
-
- # move revoked files so we can reissue certificates with the same name
- move_revoked "$1"
-
- notice "\
-IMPORTANT!!!
-
-Revocation was successful. You must run gen-crl and upload a CRL to your
-infrastructure in order to prevent the revoked cert from being accepted.
-" # => notice end
- return 0
-} #= revoke()
-
-# move-revoked
-# moves revoked certificates to an alternative folder
-# allows reissuing certificates with the same name
-move_revoked() {
- verify_ca_init
-
- [ -n "$1" ] || die "\
-Error: didn't find a file base name as the first argument.
-Run easyrsa without commands for usage and command help."
-
- crt_in="$EASYRSA_PKI/issued/$1.crt"
- key_in="$EASYRSA_PKI/private/$1.key"
- req_in="$EASYRSA_PKI/reqs/$1.req"
-
- verify_file x509 "$crt_in" || die "\
-Unable to move revoked input file. The file is not a valid certificate. Unexpected
-input in file: $crt_in"
-
- if [ -e "$req_in" ]
- then
- verify_file req "$req_in" || die "\
-Unable to move request. The file is not a valid request. Unexpected
-input in file: $req_in"
- fi
-
- # get the serial number of the certificate -> serial=XXXX
- cert_serial="$(easyrsa_openssl x509 -in "$crt_in" -noout -serial)"
- # remove the serial= part -> we only need the XXXX part
- cert_serial=${cert_serial##*=}
-
- crt_by_serial="$EASYRSA_PKI/certs_by_serial/$cert_serial.pem"
- crt_by_serial_revoked="$EASYRSA_PKI/revoked/certs_by_serial/$cert_serial.crt"
- key_by_serial_revoked="$EASYRSA_PKI/revoked/private_by_serial/$cert_serial.key"
- req_by_serial_revoked="$EASYRSA_PKI/revoked/reqs_by_serial/$cert_serial.req"
-
- # make sure revoked dirs exist
- [ -d "$EASYRSA_PKI/revoked" ] || mkdir "$EASYRSA_PKI/revoked"
- [ -d "$EASYRSA_PKI/revoked/certs_by_serial" ] || mkdir "$EASYRSA_PKI/revoked/certs_by_serial"
- [ -d "$EASYRSA_PKI/revoked/private_by_serial" ] || mkdir "$EASYRSA_PKI/revoked/private_by_serial"
- [ -d "$EASYRSA_PKI/revoked/reqs_by_serial" ] || mkdir "$EASYRSA_PKI/revoked/reqs_by_serial"
-
- # move crt, key and req file to revoked folders
- mv "$crt_in" "$crt_by_serial_revoked"
-
- # only move the req if we have it
- [ -e "$req_in" ] && mv "$req_in" "$req_by_serial_revoked"
-
- # only move the key if we have it
- [ -e "$key_in" ] && mv "$key_in" "$key_by_serial_revoked"
-
- # move the rest of the files (p12, p7, ...)
- # shellcheck disable=SC2231
- for file in $EASYRSA_PKI/private/$1\.???
- do
- # get file extension
- file_ext="${file##*.}"
-
- [ -f "$file" ] && mv "$file" "$EASYRSA_PKI/revoked/private_by_serial/$cert_serial.$file_ext"
- done
-
- # remove the dublicate certificate in the certs_by_serial folder
- rm "$crt_by_serial"
-
- return 0
-
-} #= move_revoked()
-
-# renew backend
-renew() {
- verify_ca_init
-
- # pull filename base:
- [ -n "$1" ] || die "\
-Error: didn't find a file base name as the first argument.
-Run easyrsa without commands for usage and command help."
- crt_in="$EASYRSA_PKI/issued/$1.crt"
-
- opts=""
- if [ "$2" ]; then
- opts="$2"
- fi
-
- verify_file x509 "$crt_in" || die "\
-Unable to renew as the input file is not a valid certificate. Unexpected
-input in file: $crt_in"
-
- # confirm operation by displaying DN:
- confirm "Continue with renew: " "yes" "
-Please confirm you wish to renew the certificate with the following subject:
-
-$(display_dn x509 "$crt_in")
-" # => confirm end
-
- # referenced cert must exist:
- [ -f "$crt_in" ] || die "\
-Unable to renew as no certificate was found. Certificate was expected
-at: $crt_in"
-
- # Check if old cert is expired or expires within 30 days
- expire_date=$(
- easyrsa_openssl x509 -in "$crt_in" -noout -enddate |
- sed 's/^notAfter=//'
- )
- case $(uname 2>/dev/null) in
- "Darwin"|*"BSD")
- expire_date=$(date -j -f '%b %d %T %Y %Z' "$expire_date" +%s)
- allow_renew_date=$(date -j -v"+${EASYRSA_CERT_RENEW}d" +%s)
- ;;
- *)
- # This works on Windows, too, since uname doesn't exist and this is catch-all
- expire_date=$(date -d "$expire_date" +%s)
- allow_renew_date=$(date -d "+${EASYRSA_CERT_RENEW}day" +%s)
- ;;
- esac
-
- [ "$expire_date" -lt "$allow_renew_date" ] || die "\
-Certificate expires in more than $EASYRSA_CERT_RENEW days.
-Renewal not allowed."
-
- # Extract certificate usage from old cert
- cert_ext_key_usage=$(
- easyrsa_openssl x509 -in "$crt_in" -noout -text |
- sed -n "/X509v3 Extended Key Usage:/{n;s/^ *//g;p;}"
- )
- case $cert_ext_key_usage in
- "TLS Web Client Authentication")
- cert_type=client
- ;;
- "TLS Web Server Authentication")
- cert_type=server
- ;;
- "TLS Web Server Authentication, TLS Web Client Authentication")
- cert_type=serverClient
- ;;
- esac
-
- # Use SAN from --subject-alt-name if set else use SAN from old cert
- echo "$EASYRSA_EXTRA_EXTS" | grep -q subjectAltName || \
- {
- san=$(
- easyrsa_openssl x509 -in "$crt_in" -noout -text |
- sed -n "/X509v3 Subject Alternative Name:/{n;s/IP Address:/IP:/;s/ //g;p;}"
- )
- [ -n "$san" ] && export EASYRSA_EXTRA_EXTS="\
-$EASYRSA_EXTRA_EXTS
-subjectAltName = $san"
- }
-
- # move renewed files so we can reissue certificate with the same name
- # FIXME: Modify revoke() to also work on the renewed certs subdir
- move_renewed "$1"
-
- # renew certificate
- # shellcheck disable=SC2086
- build_full $cert_type $1 $opts || die "\
-Failed to renew certificate: renew command failed."
-
- notice "\
-IMPORTANT!!!
-
-Renew was successful.
-You may want to revoke the old certificate once the new one has been deployed.
-" # => notice end
- return 0
-} #= renew()
-
-# move-renewed
-# moves renewed certificates to an alternative folder
-# allows reissuing certificates with the same name
-move_renewed() {
- verify_ca_init
-
- [ -n "$1" ] || die "\
-Error: didn't find a file base name as the first argument.
-Run easyrsa without commands for usage and command help."
-
- crt_in="$EASYRSA_PKI/issued/$1.crt"
- key_in="$EASYRSA_PKI/private/$1.key"
- req_in="$EASYRSA_PKI/reqs/$1.req"
-
- verify_file x509 "$crt_in" || die "\
-Unable to move renewed input file. The file is not a valid certificate. Unexpected
-input in file: $crt_in"
-
- if [ -e "$req_in" ]
- then
- verify_file req "$req_in" || die "\
-Unable to move request. The file is not a valid request. Unexpected
-input in file: $req_in"
- fi
-
- # get the serial number of the certificate -> serial=XXXX
- cert_serial="$(easyrsa_openssl x509 -in "$crt_in" -noout -serial)"
- # remove the serial= part -> we only need the XXXX part
- cert_serial=${cert_serial##*=}
-
- crt_by_serial="$EASYRSA_PKI/certs_by_serial/$cert_serial.pem"
- crt_by_serial_renewed="$EASYRSA_PKI/renewed/certs_by_serial/$cert_serial.crt"
- key_by_serial_renewed="$EASYRSA_PKI/renewed/private_by_serial/$cert_serial.key"
- req_by_serial_renewed="$EASYRSA_PKI/renewed/reqs_by_serial/$cert_serial.req"
-
- # make sure renewed dirs exist
- [ -d "$EASYRSA_PKI/renewed" ] || mkdir "$EASYRSA_PKI/renewed"
- [ -d "$EASYRSA_PKI/renewed/certs_by_serial" ] || mkdir "$EASYRSA_PKI/renewed/certs_by_serial"
- [ -d "$EASYRSA_PKI/renewed/private_by_serial" ] || mkdir "$EASYRSA_PKI/renewed/private_by_serial"
- [ -d "$EASYRSA_PKI/renewed/reqs_by_serial" ] || mkdir "$EASYRSA_PKI/renewed/reqs_by_serial"
-
- # move crt, key and req file to renewed folders
- mv "$crt_in" "$crt_by_serial_renewed"
-
- # only move the req if we have it
- [ -e "$req_in" ] && mv "$req_in" "$req_by_serial_renewed"
-
- # only move the key if we have it
- [ -e "$key_in" ] && mv "$key_in" "$key_by_serial_renewed"
-
- # move the rest of the files (p12, p7, ...)
- # shellcheck disable=SC2231
- for file in $EASYRSA_PKI/private/$1\.???
- do
- # get file extension
- file_ext="${file##*.}"
-
- [ -f "$file" ] && mv "$file" "$EASYRSA_PKI/renewed/private_by_serial/$cert_serial.$file_ext"
- done
-
- # remove the duplicate certificate in the certs_by_serial folder
- rm "$crt_by_serial"
-
- return 0
-
-} #= move_renewed()
-
-# gen-crl backend
-gen_crl() {
- verify_ca_init
-
- out_file="$EASYRSA_PKI/crl.pem"
- out_file_tmp="$(easyrsa_mktemp)" || die "Failed to create temporary file"
- easyrsa_openssl ca -utf8 -gencrl -out "$out_file_tmp" ${EASYRSA_PASSIN:+-passin "$EASYRSA_PASSIN"} || die "\
-CRL Generation failed.
-"
- mv "$out_file_tmp" "$out_file"
-
- notice "\
-An updated CRL has been created.
-CRL file: $out_file
-"
- return 0
-} # => gen_crl()
-
-# import-req backend
-import_req() {
- verify_pki_init
-
- # pull passed paths
- in_req="$1" short_name="$2"
- out_req="$EASYRSA_PKI/reqs/$2.req"
-
- [ -n "$short_name" ] || die "\
-Unable to import: incorrect command syntax.
-Run easyrsa without commands for usage and command help."
-
- verify_file req "$in_req" || die "\
-The input file does not appear to be a certificate request. Aborting import.
-File Path: $in_req"
-
- # destination must not exist
- [ -f "$out_req" ] && die "\
-Unable to import the request as the destination file already exists.
-Please choose a different name for your imported request file.
-Existing file at: $out_req"
-
- # now import it
- cp "$in_req" "$out_req"
-
- notice "\
-The request has been successfully imported with a short name of: $short_name
-You may now use this name to perform signing operations on this request.
-"
- return 0
-} # => import_req()
-
-# export pkcs#12 or pkcs#7
-export_pkcs() {
- pkcs_type="$1"
- shift
-
- [ -n "$1" ] || die "\
-Unable to export p12: incorrect command syntax.
-Run easyrsa without commands for usage and command help."
-
- short_name="$1"
- crt_in="$EASYRSA_PKI/issued/$1.crt"
- key_in="$EASYRSA_PKI/private/$1.key"
- crt_ca="$EASYRSA_PKI/ca.crt"
- shift
-
- verify_pki_init
-
- # opts support
- want_ca=1
- want_key=1
- want_pass=1
- while [ -n "$1" ]; do
- case "$1" in
- noca) want_ca="" ;;
- nokey) want_key="" ;;
- nopass) want_pass="" ;;
- *) warn "Ignoring unknown command option: '$1'" ;;
- esac
- shift
- done
-
- pkcs_opts=
- if [ $want_ca ]; then
- verify_file x509 "$crt_ca" || die "\
-Unable to include CA cert in the $pkcs_type output (missing file, or use noca option.)
-Missing file expected at: $crt_ca"
- pkcs_opts="$pkcs_opts -certfile $crt_ca"
- fi
-
- # input files must exist
- verify_file x509 "$crt_in" || die "\
-Unable to export $pkcs_type for short name '$short_name' without the certificate.
-Missing cert expected at: $crt_in"
-
- case "$pkcs_type" in
- p12)
- pkcs_out="$EASYRSA_PKI/private/$short_name.p12"
-
- if [ $want_key ]; then
- [ -f "$key_in" ] || die "\
-Unable to export p12 for short name '$short_name' without the key
-(if you want a p12 without the private key, use nokey option.)
-Missing key expected at: $key_in"
- else
- pkcs_opts="$pkcs_opts -nokeys"
- fi
-
- # export the p12:
- # shellcheck disable=SC2086
- easyrsa_openssl pkcs12 -in "$crt_in" -inkey "$key_in" -export \
- -out "$pkcs_out" $pkcs_opts ${EASYRSA_PASSIN:+-passin "$EASYRSA_PASSIN"} ${EASYRSA_PASSOUT:+-passout "$EASYRSA_PASSOUT"} || die "\
-Export of p12 failed: see above for related openssl errors."
- ;;
- p7)
- pkcs_out="$EASYRSA_PKI/issued/$short_name.p7b"
-
- # export the p7:
- # shellcheck disable=SC2086
- easyrsa_openssl crl2pkcs7 -nocrl -certfile "$crt_in" \
- -out "$pkcs_out" $pkcs_opts ${EASYRSA_PASSIN:+-passin "$EASYRSA_PASSIN"} ${EASYRSA_PASSOUT:+-passout "$EASYRSA_PASSOUT"} || die "\
-Export of p7 failed: see above for related openssl errors."
- ;;
- p8)
- if [ -z $want_pass ]; then
- pkcs_opts="-nocrypt"
- else
- pkcs_opts=""
- fi
- pkcs_out="$EASYRSA_PKI/private/$short_name.p8"
-
- # export the p8:
- # shellcheck disable=SC2086
- easyrsa_openssl pkcs8 -in "$key_in" -topk8 \
- -out "$pkcs_out" $pkcs_opts ${EASYRSA_PASSIN:+-passin "$EASYRSA_PASSIN"} ${EASYRSA_PASSOUT:+-passout "$EASYRSA_PASSOUT"} || die "\
-Export of p8 failed: see above for related openssl errors."
- ;;
-esac
-
- notice "\
-Successful export of $pkcs_type file. Your exported file is at the following
-location: $pkcs_out
-"
- return 0
-} # => export_pkcs()
-
-# set-pass backend
-set_pass() {
- verify_pki_init
-
- # key type, supplied internally from frontend command call (rsa/ec)
- key_type="$1"
-
- # values supplied by the user:
- raw_file="$2"
- file="$EASYRSA_PKI/private/$raw_file.key"
- [ -n "$raw_file" ] || die "\
-Missing argument to 'set-$key_type-pass' command: no name/file supplied.
-See help output for usage details."
-
- # parse command options
- shift 2
- crypto="-aes256"
- while [ -n "$1" ]; do
- case "$1" in
- nopass) crypto="" ;;
- file) file="$raw_file" ;;
- *) warn "Ignoring unknown command option: '$1'" ;;
- esac
- shift
- done
-
- [ -f "$file" ] || die "\
-Missing private key: expected to find the private key component at:
-$file"
-
- notice "\
-If the key is currently encrypted you must supply the decryption passphrase.
-${crypto:+You will then enter a new PEM passphrase for this key.$NL}"
-
- out_key_tmp="$(easyrsa_mktemp)" || die "Failed to create temporary file"
- easyrsa_openssl "$key_type" -in "$file" -out "$out_key_tmp" $crypto ${EASYRSA_PASSIN:+-passin "$EASYRSA_PASSIN"} ${EASYRSA_PASSOUT:+-passout "$EASYRSA_PASSOUT"} || die "\
-Failed to change the private key passphrase. See above for possible openssl
-error messages."
-
- mv "$out_key_tmp" "$file" || die "\
-Failed to change the private key passphrase. See above for error messages."
-
- notice "Key passphrase successfully changed"
-
- return 0
-} # => set_pass()
-
-# update-db backend
-update_db() {
- verify_ca_init
-
- easyrsa_openssl ca -utf8 -updatedb ${EASYRSA_PASSIN:+-passin "$EASYRSA_PASSIN"} || die "\
-Failed to perform update-db: see above for related openssl errors."
- return 0
-} # => update_db()
-
-display_san() {
- format="$1" path="$2"
-
- echo "$EASYRSA_EXTRA_EXTS" | grep -q subjectAltName
-
- if [ $? -eq 0 ]; then
- print "$(echo "$EASYRSA_EXTRA_EXTS" | grep subjectAltName | sed 's/^\s*subjectAltName\s*=\s*//')"
- else
- san=$(
- "$EASYRSA_OPENSSL" "$format" -in "$path" -noout -text |
- sed -n "/X509v3 Subject Alternative Name:/{n;s/ //g;s/IPAddress:/IP:/g;s/RegisteredID/RID/;p;}"
- )
-
- [ -n "$san" ] && print "$san"
- fi
-}
-
-# display cert DN info on a req/X509, passed by full pathname
-display_dn() {
- format="$1" path="$2"
- print "$("$EASYRSA_OPENSSL" "$format" -in "$path" -noout -subject -nameopt multiline)"
- san=$(display_san "$1" "$2")
- if [ -n "$san" ]; then
- print ""
- print "X509v3 Subject Alternative Name:"
- print " $san"
- fi
-
-} # => display_dn()
-
-# generate default SAN from req/X509, passed by full pathname
-default_server_san() {
- path="$1"
- cn=$(
- easyrsa_openssl req -in "$path" -noout -subject -nameopt sep_multiline |
- awk -F'=' '/^ *CN=/{print $2}'
- )
- echo "$cn" | grep -E -q '^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$'
- #shellcheck disable=SC2181
- if [ $? -eq 0 ]; then
- print "subjectAltName = IP:$cn"
- else
- print "subjectAltName = DNS:$cn"
- fi
-} # => default_server_san()
-
-# verify a file seems to be a valid req/X509
-verify_file() {
- format="$1"
- path="$2"
- easyrsa_openssl "$format" -in "$path" -noout 2>/dev/null || return 1
- return 0
-} # => verify_file()
-
-# show-* command backend
-# Prints req/cert details in a readable format
-show() {
- type="$1"
- name="$2"
- in_file=""
- format=""
- [ -n "$name" ] || die "\
-Missing expected filename_base argument.
-Run easyrsa without commands for usage help."
- shift 2
-
- # opts support
- opts="-${type}opt no_pubkey,no_sigdump"
- while [ -n "$1" ]; do
- case "$1" in
- full)
- opts=""
- ;;
- *)
- warn "Ignoring unknown command option: '$1'"
- ;;
- esac
- shift
- done
-
- # Determine cert/req type
- if [ "$type" = "cert" ]; then
- verify_ca_init
- in_file="$EASYRSA_PKI/issued/${name}.crt"
- format="x509"
- else
- verify_pki_init
- in_file="$EASYRSA_PKI/reqs/${name}.req"
- format="req"
- fi
-
- # Verify file exists and is of the correct type
- [ -f "$in_file" ] || die "\
-No such $type file with a basename of '$name' is present.
-Expected to find this file at:
-$in_file"
- verify_file $format "$in_file" || die "\
-This file is not a valid $type file:
-$in_file"
-
- notice "\
-Showing $type details for '$name'.
-This file is stored at:
-$in_file
-"
- easyrsa_openssl $format -in "$in_file" -noout -text\
- -nameopt multiline $opts || die "\
-OpenSSL failure to process the input"
-} # => show()
-
-# show-ca command backend
-# Prints CA cert details in a readable format
-show_ca() {
- # opts support
- opts="-certopt no_pubkey,no_sigdump"
- while [ -n "$1" ]; do
- case "$1" in
- full) opts= ;;
- *) warn "Ignoring unknown command option: '$1'" ;;
- esac
- shift
- done
-
- verify_ca_init
- in_file="$EASYRSA_PKI/ca.crt"
- format="x509"
-
- # Verify file exists and is of the correct type
- [ -f "$in_file" ] || die "\
-No such $type file with a basename of '$name' is present.
-Expected to find this file at:
-$in_file"
- verify_file $format "$in_file" || die "\
-This file is not a valid $type file:
-$in_file"
-
- notice "\
-Showing $type details for 'ca'.
-This file is stored at:
-$in_file
-"
- easyrsa_openssl $format -in "$in_file" -noout -text\
- -nameopt multiline $opts || die "\
-OpenSSL failure to process the input"
-} # => show_ca()
-
-# vars setup
-# Here sourcing of 'vars' if present occurs. If not present, defaults are used
-# to support running without a sourced config format
-vars_setup() {
- # Try to locate a 'vars' file in order of location preference.
- # If one is found, source it
- vars=
-
- # set up program path
- prog_file="$0"
- prog_file2="$(which -- "$prog_file" 2>/dev/null)" && prog_file="$prog_file2"
- prog_file2="$(readlink -f "$prog_file" 2>/dev/null)" && prog_file="$prog_file2"
- prog_dir="${prog_file%/*}"
- prog_vars="${prog_dir}/vars"
- # set up PKI path
- pki_vars="${EASYRSA_PKI:-$PWD/pki}/vars"
-
- # command-line path:
- if [ ! -z "$EASYRSA_VARS_FILE" ]; then
- if [ ! -f "$EASYRSA_VARS_FILE" ]; then
- # If the --vars option does not point to a file, show helpful error.
- die "The file '$EASYRSA_VARS_FILE' was not found."
- fi
- vars="$EASYRSA_VARS_FILE"
- # PKI location, if present:
- elif [ -f "$pki_vars" ]; then
- vars="$pki_vars"
- # EASYRSA, if defined:
- elif [ -n "$EASYRSA" ] && [ -f "$EASYRSA/vars" ]; then
- vars="$EASYRSA/vars"
- # program location:
- elif [ -f "$prog_vars" ]; then
- vars="$prog_vars"
- fi
-
- # If a vars file was located, source it
- # If $EASYRSA_NO_VARS is defined (not blank) this is skipped
- if [ -z "$EASYRSA_NO_VARS" ] && [ -n "$vars" ]; then
- if grep -Eq 'EASYRSA_PASSIN|EASYRSA_PASSOUT' "$vars"; then
- die "\
-Variable EASYRSA_PASSIN or EASYRSA_PASSOUT has been found in the configuration \
-file. Storing sensitive information in the configuration file is not \
-recommended - please remove it from there before continuing."
- fi
- #shellcheck disable=SC2034
- EASYRSA_CALLER=1
- # shellcheck disable=SC1090
- . "$vars"
- notice "\
-Note: using Easy-RSA configuration from: $vars"
- fi
-
- # Set defaults, preferring existing env-vars if present
- set_var EASYRSA "$prog_dir"
- set_var EASYRSA_OPENSSL openssl
- set_var EASYRSA_PKI "$PWD/pki"
- set_var EASYRSA_DN cn_only
- set_var EASYRSA_REQ_COUNTRY "US"
- set_var EASYRSA_REQ_PROVINCE "California"
- set_var EASYRSA_REQ_CITY "San Francisco"
- set_var EASYRSA_REQ_ORG "Copyleft Certificate Co"
- set_var EASYRSA_REQ_EMAIL me@example.net
- set_var EASYRSA_REQ_OU "My Organizational Unit"
- set_var EASYRSA_ALGO rsa
- set_var EASYRSA_KEY_SIZE 2048
- set_var EASYRSA_CURVE secp384r1
- set_var EASYRSA_EC_DIR "$EASYRSA_PKI/ecparams"
- set_var EASYRSA_CA_EXPIRE 3650
- set_var EASYRSA_CERT_EXPIRE 825 # new default of 36 months
- set_var EASYRSA_CERT_RENEW 30
- set_var EASYRSA_CRL_DAYS 180
- set_var EASYRSA_NS_SUPPORT no
- set_var EASYRSA_NS_COMMENT "Easy-RSA (3.0.8) Generated Certificate"
- set_var EASYRSA_TEMP_DIR "$EASYRSA_PKI"
- set_var EASYRSA_REQ_CN ChangeMe
- set_var EASYRSA_DIGEST sha256
- set_var EASYRSA_SSL_CONF "$EASYRSA_PKI/openssl-easyrsa.cnf"
- set_var EASYRSA_SAFE_CONF "$EASYRSA_PKI/safessl-easyrsa.cnf"
- set_var EASYRSA_KDC_REALM "CHANGEME.EXAMPLE.COM"
-
- # Same as above for the x509-types extensions dir
- if [ -d "$EASYRSA_PKI/x509-types" ]; then
- set_var EASYRSA_EXT_DIR "$EASYRSA_PKI/x509-types"
- else
- #TODO: This should be removed. Not really suitable for packaging.
- set_var EASYRSA_EXT_DIR "$EASYRSA/x509-types"
- fi
-
- # EASYRSA_ALGO_PARAMS must be set depending on selected algo
- if [ "ec" = "$EASYRSA_ALGO" ]; then
- EASYRSA_ALGO_PARAMS="$EASYRSA_EC_DIR/${EASYRSA_CURVE}.pem"
- elif [ "rsa" = "$EASYRSA_ALGO" ]; then
- EASYRSA_ALGO_PARAMS="${EASYRSA_KEY_SIZE}"
- elif [ "ed" != "$EASYRSA_ALGO" ]; then
- die "Alg '$EASYRSA_ALGO' is invalid: must be 'rsa', 'ec' or 'ed' "
- fi
-
- # Assign value to $EASYRSA_TEMP_DIR_session and work around Windows mktemp bug when parent dir is missing
- if [ -z "$EASYRSA_TEMP_DIR_session" ]; then
- if [ -d "$EASYRSA_TEMP_DIR" ]; then
- EASYRSA_TEMP_DIR_session="$(mktemp -du "$EASYRSA_TEMP_DIR/easy-rsa-$$.XXXXXX")"
- else
- # If the directory does not exist then we have not run init-pki
- mkdir -p "$EASYRSA_TEMP_DIR" || die "Cannot create $EASYRSA_TEMP_DIR (permission?)"
- EASYRSA_TEMP_DIR_session="$(mktemp -du "$EASYRSA_TEMP_DIR/easy-rsa-$$.XXXXXX")"
- rm -rf "$EASYRSA_TEMP_DIR"
- fi
- fi
-
- # Setting OPENSSL_CONF prevents bogus warnings (especially useful on win32)
- export OPENSSL_CONF="$EASYRSA_SAFE_CONF"
-
- # Upgrade to 306: Create $EASYRSA_SSL_CONF if it does not exist but only if $EASYRSA_PKI exists.
- if [ ! -f "$EASYRSA_SSL_CONF" ] && [ -f "$EASYRSA/openssl-easyrsa.cnf" ] && [ -d "$EASYRSA_PKI" ];
- then
- cp "$EASYRSA/openssl-easyrsa.cnf" "$EASYRSA_SSL_CONF"
- easyrsa_openssl makesafeconf
- fi
-
-} # vars_setup()
-
-# variable assignment by indirection when undefined; merely exports
-# the variable when it is already defined (even if currently null)
-# Sets $1 as the value contained in $2 and exports (may be blank)
-set_var() {
- var=$1
- shift
- value="$*"
- eval "export $var=\"\${$var-$value}\""
-} #=> set_var()
-
-
-############################################################################
-# Upgrade v2 PKI to v3 PKI
-
-# You can report problems on the normal openvpn support channels:
-# --------------------------------------------------------------------------
-# 1. The Openvpn Forum: https://forums.openvpn.net/viewforum.php?f=31
-# 2. The #easyrsa IRC channel at freenode
-# 3. Info: https://community.openvpn.net/openvpn/wiki/easyrsa-upgrade
-# --------------------------------------------------------------------------
-#
-
-up23_fail_upgrade ()
-{
- # Replace die()
- unset EASYRSA_BATCH
- notice "
-============================================================================
-The update has failed but NOTHING has been lost.
-
-ERROR: $1
-----------------------------------------------------------------------------
-
-Further info:
-* https://community.openvpn.net/openvpn/wiki/easyrsa-upgrade#ersa-up23-fails
-
-Easyrsa3 upgrade FAILED
-============================================================================
-"
- exit 9
-} #=> up23_fail_upgrade ()
-
-up23_verbose ()
-{
- [ "$VERBOSE" ] || return 0
- printf "%s\n" "$1"
-} #=> up23_verbose ()
-
-up23_verify_new_pki ()
-{
- # Fail now, before any changes are made
-
- up23_verbose "> Verify DEFAULT NEW PKI does not exist .."
- EASYRSA_NEW_PKI="$EASYRSA/pki"
- [ -d "$EASYRSA_NEW_PKI" ] \
- && up23_fail_upgrade "DEFAULT NEW PKI exists: $EASYRSA_NEW_PKI"
-
- up23_verbose "> Verify VERY-SAFE-PKI does not exist .."
- EASYRSA_SAFE_PKI="$EASYRSA/VERY-SAFE-PKI"
- [ -d "$EASYRSA_SAFE_PKI" ] \
- && up23_fail_upgrade "VERY-SAFE-PKI exists: $EASYRSA_SAFE_PKI"
-
- up23_verbose "> Verify openssl-easyrsa.cnf does exist .."
- EASYRSA_SSL_CNFFILE="$EASYRSA/openssl-easyrsa.cnf"
- [ -f "$EASYRSA_SSL_CNFFILE" ] \
- || up23_fail_upgrade "cannot find $EASYRSA_SSL_CNFFILE"
-
- up23_verbose "> Verify vars.example does exist .."
- EASYRSA_VARSV3_EXMP="$EASYRSA/vars.example"
- [ -f "$EASYRSA_VARSV3_EXMP" ] \
- || up23_fail_upgrade "cannot find $EASYRSA_VARSV3_EXMP"
-
- up23_verbose "> OK"
- up23_verbose " Initial dirs & files are in a workable state."
-} #=> up23_verify_new_pki ()
-
-up23_verify_current_pki ()
-{
- up23_verbose "> Verify CURRENT PKI vars .."
-
- # This can probably be improved
- EASYRSA_NO_REM="$(grep '^set ' "$EASYRSA_VER2_VARSFILE")"
-
- # This list may not be complete
- # Not required: DH_KEY_SIZE PKCS11_MODULE_PATH PKCS11_PIN
- for i in KEY_DIR KEY_SIZE KEY_COUNTRY KEY_PROVINCE \
- KEY_CITY KEY_ORG KEY_EMAIL KEY_CN KEY_NAME KEY_OU
- do
- # Effectively, source the v2 vars file
- UNIQUE="set $i"
- KEY_grep="$(printf "%s\n" "$EASYRSA_NO_REM" | grep "$UNIQUE")"
- KEY_value="${KEY_grep##*=}"
- set_var $i "$KEY_value"
- done
-
- [ -d "$KEY_DIR" ] || up23_fail_upgrade "Cannot find CURRENT PKI KEY_DIR: $KEY_DIR"
-
- up23_verbose "> OK"
- up23_verbose " Current CURRENT PKI vars uses PKI in: $KEY_DIR"
-} #=> up23_verify_current_pki ()
-
-up23_verify_current_ca ()
-{
- up23_verbose "> Find CA .."
- # $KEY_DIR is assigned in up23_verify_current_pki ()
- [ -f "$KEY_DIR/ca.crt" ] \
- || up23_fail_upgrade "Cannot find current ca.crt: $KEY_DIR/ca.crt"
- up23_verbose "> OK"
-
- # If CA is already verified then return
- in_file="$KEY_DIR/ca.crt"
- [ "$CURRENT_CA_IS_VERIFIED" = "$in_file" ] && return 0
- format="x509"
-
- # Current CA is unverified
- # Extract the current CA details
- CA_SUBJECT="$(easyrsa_openssl $format -in "$in_file" -subject -noout -nameopt multiline)"
-
- # Extract individual elements
- CA_countryName="$(printf "%s\n" "$CA_SUBJECT" \
- | grep countryName | sed "s\`^.*=\ \`\`g")"
- CA_stateOrProvinceName="$(printf "%s\n" "$CA_SUBJECT" \
- | grep stateOrProvinceName | sed "s\`^.*=\ \`\`g")"
- CA_localityName="$(printf "%s\n" "$CA_SUBJECT" \
- | grep localityName | sed "s\`^.*=\ \`\`g")"
- CA_organizationName="$(printf "%s\n" "$CA_SUBJECT" \
- | grep organizationName | sed "s\`^.*=\ \`\`g")"
- CA_organizationalUnitName="$(printf "%s\n" "$CA_SUBJECT" \
- | grep organizationalUnitName | sed "s\`^.*=\ \`\`g")"
- CA_emailAddress="$(printf "%s\n" "$CA_SUBJECT" \
- | grep emailAddress | sed "s\`^.*=\ \`\`g")"
-
- # Match the current CA elements to the vars file settings
- CA_vars_match=1
- [ "$CA_countryName" = "$KEY_COUNTRY" ] || CA_vars_match=0
- [ "$CA_stateOrProvinceName" = "$KEY_PROVINCE" ] || CA_vars_match=0
- [ "$CA_localityName" = "$KEY_CITY" ] || CA_vars_match=0
- [ "$CA_organizationName" = "$KEY_ORG" ] || CA_vars_match=0
- [ "$CA_organizationalUnitName" = "$KEY_OU" ] || CA_vars_match=0
- [ "$CA_emailAddress" = "$KEY_EMAIL" ] || CA_vars_match=0
-
- if [ "$CA_vars_match" -eq 1 ]
- then
- CURRENT_CA_IS_VERIFIED="partially"
- else
- up23_fail_upgrade "CA certificate does not match vars file settings"
- fi
-
- opts="-certopt no_pubkey,no_sigdump"
- if [ ! "$EASYRSA_BATCH" ]
- then
- up23_show_current_ca
- elif [ "$VERBOSE" ]
- then
- up23_show_current_ca
- fi
- confirm "* Confirm CA shown above is correct: " "yes" \
- "Found current CA at: $KEY_DIR/ca.crt"
- CURRENT_CA_IS_VERIFIED="$in_file"
-} #=> up23_verify_current_ca ()
-
-up23_show_current_ca ()
-{
- printf "%s\n" "-------------------------------------------------------------------------"
- # $opts is always set here
- # shellcheck disable=SC2086
- easyrsa_openssl $format -in "$in_file" -noout -text\
- -nameopt multiline $opts || die "\
- OpenSSL failure to process the input CA certificate: $in_file"
- printf "%s\n" "-------------------------------------------------------------------------"
-} #=> up23_show_current_ca ()
-
-up23_backup_current_pki ()
-{
- up23_verbose "> Backup current PKI .."
-
- mkdir -p "$EASYRSA_SAFE_PKI" \
- || up23_fail_upgrade "Failed to create safe PKI dir: $EASYRSA_SAFE_PKI"
-
- cp -r "$KEY_DIR" "$EASYRSA_SAFE_PKI" \
- || up23_fail_upgrade "Failed to copy $KEY_DIR to $EASYRSA_SAFE_PKI"
-
- # EASYRSA_VER2_VARSFILE is either version 2 *nix ./vars or Win vars.bat
- cp "$EASYRSA_VER2_VARSFILE" "$EASYRSA_SAFE_PKI" \
- || up23_fail_upgrade "Failed to copy $EASYRSA_VER2_VARSFILE to EASYRSA_SAFE_PKI"
-
- up23_verbose "> OK"
- up23_verbose " Current PKI backup created in: $EASYRSA_SAFE_PKI"
-} #=> up23_backup_current_pki ()
-
-up23_create_new_pki ()
-{
- # Dirs: renewed and revoked are created when used.
- up23_verbose "> Create NEW PKI .."
- up23_verbose ">> Create NEW PKI dirs .."
- for i in private reqs issued certs_by_serial
- do
- mkdir -p "$EASYRSA_PKI/$i" \
- || up23_fail_upgrade "Failed to Create NEW PKI dir: $EASYRSA_PKI/$i"
- done
- up23_verbose ">> OK"
-
- up23_verbose ">> Copy database to NEW PKI .."
- # Failure for these is not optional
- # Files ignored: index.txt.old serial.old
- for i in index.txt serial ca.crt index.txt.attr
- do
- cp "$KEY_DIR/$i" "$EASYRSA_PKI" \
- || up23_fail_upgrade "Failed to copy $KEY_DIR/$i to $EASYRSA_PKI"
- done
- up23_verbose ">> OK"
-
- up23_verbose ">> Copy current PKI to NEW PKI .."
- for i in "csr.reqs" "pem.certs_by_serial" "crt.issued" "key.private" \
- "p12.private" "p8.private" "p7b.issued"
- do
- FILE_EXT="${i%%.*}"
- DEST_DIR="${i##*.}"
- if ls "$KEY_DIR/"*".$FILE_EXT" > /dev/null 2>&1; then
- cp "$KEY_DIR/"*".$FILE_EXT" "$EASYRSA_PKI/$DEST_DIR" \
- || up23_fail_upgrade "Failed to copy .$FILE_EXT"
- else
- up23_verbose " Note: No .$FILE_EXT files found"
- fi
- done
- up23_verbose ">> OK"
- up23_verbose "> OK"
-
- # Todo: CRL - Or generate a new CRL on completion
- up23_verbose " New PKI created in: $EASYRSA_PKI"
-} #=> up23_create_new_pki ()
-
-up23_upgrade_ca ()
-{
- [ -d "$EASYRSA_PKI" ] || return 0
- up23_verbose "> Confirm that index.txt.attr exists and 'unique_subject = no'"
- if [ -f "$EASYRSA_PKI/index.txt.attr" ]
- then
- if grep -q 'unique_subject = no' "$EASYRSA_PKI/index.txt.attr"
- then
- # If index.txt.attr exists and "unique_suject = no" then do nothing
- return 0
- fi
- else
- # If index.txt.attr does not exists then do nothing
- return 0
- fi
-
- # Otherwise this is required for all easyrsa v3
- #confirm "Set 'unique_subject = no' in index.txt.attr for your current CA: " \
- #"yes" "This version of easyrsa requires that 'unique_subject = no' is set correctly"
-
- printf "%s\n" "unique_subject = no" > "$EASYRSA_PKI/index.txt.attr"
- up23_verbose "> OK"
- up23_verbose " Upgraded index.txt.attr to v306+"
-} #=> up23_upgrade_index_txt_attr ()
-
-up23_create_openssl_cnf ()
-{
- up23_verbose "> OpenSSL config .."
- EASYRSA_PKI_SSL_CNFFILE="$EASYRSA_PKI/openssl-easyrsa.cnf"
- EASYRSA_PKI_SAFE_CNFFILE="$EASYRSA_PKI/safessl-easyrsa.cnf"
- cp "$EASYRSA_SSL_CNFFILE" "$EASYRSA_PKI_SSL_CNFFILE" \
- || up23_fail_upgrade "create $EASYRSA_PKI_SSL_CNFFILE"
- up23_verbose "> OK"
- up23_verbose " New OpenSSL config file created in: $EASYRSA_PKI_SSL_CNFFILE"
-
- # Create $EASYRSA_PKI/safessl-easyrsa.cnf
- easyrsa_openssl makesafeconf
- if [ -f "$EASYRSA_PKI_SAFE_CNFFILE" ]
- then
- up23_verbose " New SafeSSL config file created in: $EASYRSA_PKI_SAFE_CNFFILE"
- else
- up23_verbose " FAILED to create New SafeSSL config file in: $EASYRSA_PKI_SAFE_CNFFILE"
- fi
-} #=> up23_create_openssl_cnf ()
-
-up23_move_easyrsa2_programs ()
-{
- # These files may not exist here
- up23_verbose "> Move easyrsa2 programs to SAFE PKI .."
- for i in build-ca build-dh build-inter build-key build-key-pass \
- build-key-pkcs12 build-key-server build-req build-req-pass \
- clean-all inherit-inter list-crl pkitool revoke-full sign-req \
- whichopensslcnf build-ca-pass build-key-server-pass init-config \
- make-crl revoke-crt openssl-0.9.6.cnf openssl-0.9.8.cnf \
- openssl-1.0.0.cnf openssl.cnf README.txt index.txt.start \
- vars.bat.sample serial.start
- do
- # Although unlikely, both files could exist
- # EG: ./build-ca and ./build-ca.bat
- NIX_FILE="$EASYRSA/$i"
- WIN_FILE="$EASYRSA/$i.bat"
- if [ -f "$NIX_FILE" ]
- then
- cp "$NIX_FILE" "$EASYRSA_SAFE_PKI" \
- || up23_fail_upgrade "copy $NIX_FILE $EASYRSA_SAFE_PKI"
- fi
-
- if [ -f "$WIN_FILE" ]
- then
- cp "$WIN_FILE" "$EASYRSA_SAFE_PKI" \
- || up23_fail_upgrade "copy $WIN_FILE $EASYRSA_SAFE_PKI"
- fi
-
- if [ ! -f "$NIX_FILE" ] && [ ! -f "$WIN_FILE" ]
- then
- up23_verbose "File does not exist, ignoring: $i(.bat)"
- fi
-
- # These files are not removed on TEST run
- [ "$NOSAVE" -eq 1 ] && rm -f "$NIX_FILE" "$WIN_FILE"
- done
-
- up23_verbose "> OK"
- up23_verbose " Easyrsa2 programs successfully moved to: $EASYRSA_SAFE_PKI"
-} #=> up23_move_easyrsa2_programs ()
-
-up23_build_v3_vars ()
-{
- up23_verbose "> Build v3 vars file .."
-
- EASYRSA_EXT="easyrsa-upgrade-23"
- EASYRSA_VARSV2_TMP="$EASYRSA/vars-v2.tmp.$EASYRSA_EXT"
- rm -f "$EASYRSA_VARSV2_TMP"
- EASYRSA_VARSV3_TMP="$EASYRSA/vars-v3.tmp.$EASYRSA_EXT"
- rm -f "$EASYRSA_VARSV3_TMP"
- EASYRSA_VARSV3_NEW="$EASYRSA/vars-v3.new.$EASYRSA_EXT"
- rm -f "$EASYRSA_VARSV3_NEW"
- EASYRSA_VARSV3_WRN="$EASYRSA/vars-v3.wrn.$EASYRSA_EXT"
- rm -f "$EASYRSA_VARSV3_WRN"
-
- printf "%s\n" "\
-########################++++++++++#########################
-### ###
-### WARNING: THIS FILE WAS AUTOMATICALLY GENERATED ###
-### ALL SETTINGS ARE AT THE END OF THE FILE ###
-### ###
-########################++++++++++#########################
-
-" > "$EASYRSA_VARSV3_WRN" || up23_fail_upgrade "Failed to create $EASYRSA_VARSV3_WRN"
-
- # Create vars v3 temp file from sourced vars v2 key variables
- {
- printf "%s\n" "set_var EASYRSA_KEY_SIZE $KEY_SIZE"
- printf "%s\n" "set_var EASYRSA_REQ_COUNTRY \"$KEY_COUNTRY\""
- printf "%s\n" "set_var EASYRSA_REQ_PROVINCE \"$KEY_PROVINCE\""
- printf "%s\n" "set_var EASYRSA_REQ_CITY \"$KEY_CITY\""
- printf "%s\n" "set_var EASYRSA_REQ_ORG \"$KEY_ORG\""
- printf "%s\n" "set_var EASYRSA_REQ_EMAIL \"$KEY_EMAIL\""
- printf "%s\n" "set_var EASYRSA_REQ_OU \"$KEY_OU\""
- printf "%s\n" 'set_var EASYRSA_NS_SUPPORT "yes"'
- printf "%s\n" 'set_var EASYRSA_DN "org"'
- printf "%s\n" 'set_var EASYRSA_RAND_SN "no"'
- printf "%s\n" ""
- } > "$EASYRSA_VARSV3_TMP" \
- || up23_fail_upgrade "Failed to create $EASYRSA_VARSV3_TMP"
-
- # cat temp files into new v3 vars
- cat "$EASYRSA_VARSV3_WRN" "$EASYRSA_VARSV3_EXMP" "$EASYRSA_VARSV3_TMP" \
- > "$EASYRSA_VARSV3_NEW" \
- || up23_fail_upgrade "Failed to create $EASYRSA_VARSV3_NEW"
-
- # This file must be created and restored at the end of TEST
- # for the REAL update to to succeed
- EASYRSA_VARS_LIVEBKP="$EASYRSA_TARGET_VARSFILE.livebackup"
- cp "$EASYRSA_VER2_VARSFILE" "$EASYRSA_VARS_LIVEBKP" \
- || up23_fail_upgrade "Failed to create $EASYRSA_VARS_LIVEBKP"
- rm -f "$EASYRSA_VER2_VARSFILE"
-
- # "$EASYRSA_TARGET_VARSFILE" is always $EASYRSA/vars
- cp "$EASYRSA_VARSV3_NEW" "$EASYRSA_TARGET_VARSFILE" \
- || up23_fail_upgrade "copy $EASYRSA_VARSV3_NEW to $EASYRSA_TARGET_VARSFILE"
-
- # Delete temp files
- rm -f "$EASYRSA_VARSV2_TMP" "$EASYRSA_VARSV3_TMP" \
- "$EASYRSA_VARSV3_NEW" "$EASYRSA_VARSV3_WRN"
-
- up23_verbose "> OK"
- up23_verbose " New v3 vars file created in: $EASYRSA_TARGET_VARSFILE"
-} #=> up23_build_v3_vars ()
-
-up23_do_upgrade_23 ()
-{
- up23_verbose "============================================================================"
- up23_verbose "Begin ** $1 ** upgrade process .."
- up23_verbose ""
- up23_verbose "Easyrsa upgrade version: $EASYRSA_UPGRADE_23"
- up23_verbose ""
-
- up23_verify_new_pki
- up23_verify_current_pki
- up23_verify_current_ca
- up23_backup_current_pki
- up23_create_new_pki
- up23_upgrade_ca
- up23_move_easyrsa2_programs
- up23_build_v3_vars
- up23_create_openssl_cnf
-
- if [ "$NOSAVE" -eq 0 ]
- then
- # Must stay in this order
- # New created dirs: EASYRSA_NEW_PKI and EASYRSA_SAFE_PKI
- rm -rf "$EASYRSA_NEW_PKI"
- rm -rf "$EASYRSA_SAFE_PKI"
- # EASYRSA_TARGET_VARSFILE is always the new created v3 vars
- # Need to know if this fails
- rm "$EASYRSA_TARGET_VARSFILE" \
- || up23_fail_upgrade "remove new vars file: $EASYRSA_TARGET_VARSFILE"
- # EASYRSA_VER2_VARSFILE is either v2 *nix ./vars or Win vars.bat
- # Need this dance because v2 vars is same name as v3 vars above
- cp "$EASYRSA_VARS_LIVEBKP" "$EASYRSA_VER2_VARSFILE"
- fi
- rm -f "$EASYRSA_VARS_LIVEBKP"
-} #= up23_do_upgrade_23 ()
-
-up23_manage_upgrade_23 ()
-{
- EASYRSA_UPGRADE_VERSION="v1.0a (2020/01/08)"
- EASYRSA_UPGRADE_TYPE="$1"
- EASYRSA_FOUND_VARS=0
-
- # Verify all existing versions of vars/vars.bat
- if [ -f "$vars" ]
- then
- if grep -q 'Complain if a user tries to do this:' "$vars"
- then
- EASYRSA_FOUND_VARS=1
- EASYRSA_VARS_IS_VER3=1
- fi
-
- # Easyrsa v3 does not use NOR allow use of `export`.
- if grep -q 'export' "$vars"
- then
- EASYRSA_FOUND_VARS=1
- EASYRSA_VARS_IS_VER2=1
- EASYRSA_VER2_VARSFILE="$vars"
- EASYRSA_TARGET_VARSFILE="$vars"
- fi
- fi
-
- if [ -f "$EASYRSA/vars.bat" ]
- then
- EASYRSA_FOUND_VARS=1
- EASYRSA_VARS_IS_WIN2=1
- EASYRSA_VER2_VARSFILE="$EASYRSA/vars.bat"
- EASYRSA_TARGET_VARSFILE="$EASYRSA/vars"
- fi
-
- if [ $EASYRSA_FOUND_VARS -ne 1 ];
- then
- die echo "vars file not found"
- fi
-
- # Only allow specific vars/vars.bat to exist
- if [ "$EASYRSA_VARS_IS_VER3" ] && [ "$EASYRSA_VARS_IS_VER2" ]
- then
- die "Verify your current vars file, v3 cannot use 'export'."
- fi
-
- if [ "$EASYRSA_VARS_IS_VER3" ] && [ "$EASYRSA_VARS_IS_WIN2" ]
- then
- die "Verify your current vars/vars.bat file, cannot have both."
- fi
-
- if [ "$EASYRSA_VARS_IS_VER2" ] && [ "$EASYRSA_VARS_IS_WIN2" ]
- then
- die "Verify your current vars/vars.bat file, cannot have both."
- fi
-
- # Die on invalid upgrade type or environment
- if [ "$EASYRSA_UPGRADE_TYPE" = "ca" ]
- then
- if [ "$EASYRSA_VARS_IS_VER3" ]
- then
- # v3 ensure index.txt.attr "unique_subject = no"
- up23_upgrade_ca
- unset EASYRSA_BATCH
- notice "Your CA is fully up to date."
- return 0
- else
- die "Only v3 PKI CA can be upgraded."
- fi
- fi
-
- if [ "$EASYRSA_UPGRADE_TYPE" = "pki" ]
- then
- if [ "$EASYRSA_VARS_IS_VER3" ]
- then
- unset EASYRSA_BATCH
- notice "Your PKI is fully up to date."
- return 0
- fi
- else
- die "upgrade type must be 'pki' or 'ca'."
- fi
-
- # PKI is potentially suitable for upgrade
-
- warn "
-=========================================================================
-
- * WARNING *
-
-Found settings from EasyRSA-v2 which are not compatible with EasyRSA-v3.
-Before you can continue, EasyRSA must upgrade your settings and PKI.
-* Found EASYRSA and vars file:
- $EASYRSA
- $EASYRSA_VER2_VARSFILE :
-
-Further info:
-* https://community.openvpn.net/openvpn/wiki/easyrsa-upgrade
-
-Easyrsa upgrade version: $EASYRSA_UPGRADE_VERSION
-=========================================================================
-"
-
-# Test upgrade
-
- NOSAVE=0
-
- confirm "* EasyRSA **TEST** upgrade (Changes will NOT be written): " "yes" "
-This upgrade will TEST that the upgrade works BEFORE making any changes."
-
- up23_do_upgrade_23 "TEST"
-
- notice "
-=========================================================================
-
- * NOTICE *
-
-EasyRSA upgrade **TEST** has successfully completed.
-"
-# Upgrade for REAL
-
- NOSAVE=1
-
- confirm "* EasyRSA **REAL** upgrade (Changes WILL be written): " "yes" "
-=========================================================================
-
- * WARNING *
-
-Run REAL upgrade: Answer yes (Once completed you will have a version 3 PKI)
-Terminate upgrade: Answer no (No changes have been made to your current PKI)
-"
-
- confirm "* Confirm **REAL** upgrade (Changes will be written): " "yes" "
-=========================================================================
-
- * SECOND WARNING *
-
-This upgrade will permanently write changes to your PKI !
-(With full backup backout)
-"
- up23_do_upgrade_23 "REAL"
-
- notice "
-=========================================================================
-
- * NOTICE *
-
-Your settings and PKI have been successfully upgraded to EasyRSA version3
-
-A backup of your current PKI is here:
- $EASYRSA_SAFE_PKI
-
- * IMPORTANT NOTICE *
-
-1. YOU MUST VERIFY THAT YOUR NEW ./vars FILE IS SETUP CORRECTLY
-2. IF YOU ARE USING WINDOWS YOU MUST ENSURE THAT openssl IS CORRECTLY DEFINED
- IN ./vars (example follows)
-
- #
- # This sample is in Windows syntax -- edit it for your path if not using PATH:
- # set_var EASYRSA_OPENSSL \"C:/Program Files/OpenSSL-Win32/bin/openssl.exe\"
- #
- # Alternate location (Note: Forward slash '/' is correct for Windpws):
- # set_var EASYRSA_OPENSSL \"C:/Program Files/Openvpn/bin/openssl.exe\"
- #
-
-3. Finally, you can verify that easyrsa works by using these two commands:
- ./easyrsa show-ca (Verify that your CA is intact and correct)
- ./easyrsa gen-crl ((re)-generate a CRL file)
-
-Further info:
-* https://community.openvpn.net/openvpn/wiki/easyrsa-upgrade"
- up23_verbose "
- * UPGRADE COMPLETED SUCCESSFULLY *
-"
-
-return 0
-
-} # => up23_manage_upgrade_23 ()
-
-print_version()
-{
- cat <<HERE
-EasyRSA Version Information
-Version: 3.0.8
-Generated: Wed Sep 9 15:59:45 CDT 2020
-SSL Lib: $(openssl version)
-Git Commit: f12e00e53b4f486ce3d119ca429198780fa694ac
-Source Repo: https://github.com/OpenVPN/easy-rsa
-HERE
- exit 0
-} # => print_version ()
-
-
-########################################
-# Invocation entry point:
-
-NL='
-'
-
-# Be secure with a restrictive umask
-[ -z "$EASYRSA_NO_UMASK" ] && umask 077
-
-# Parse options
-while :; do
- # Separate option from value:
- opt="${1%%=*}"
- val="${1#*=}"
- empty_ok="" # Empty values are not allowed unless excepted
-
- case "$opt" in
- --days)
- export EASYRSA_CERT_EXPIRE="$val"
- export EASYRSA_CA_EXPIRE="$val"
- export EASYRSA_CRL_DAYS="$val"
- ;;
- --pki-dir)
- export EASYRSA_PKI="$val" ;;
- --use-algo)
- export EASYRSA_ALGO="$val" ;;
- --keysize)
- export EASYRSA_KEY_SIZE="$val" ;;
- --curve)
- export EASYRSA_CURVE="$val" ;;
- --dn-mode)
- export EASYRSA_DN="$val" ;;
- --req-cn)
- export EASYRSA_REQ_CN="$val" ;;
- --digest)
- export EASYRSA_DIGEST="$val" ;;
- --req-c)
- empty_ok=1
- export EASYRSA_REQ_COUNTRY="$val" ;;
- --req-st)
- empty_ok=1
- export EASYRSA_REQ_PROVINCE="$val" ;;
- --req-city)
- empty_ok=1
- export EASYRSA_REQ_CITY="$val" ;;
- --req-org)
- empty_ok=1
- export EASYRSA_REQ_ORG="$val" ;;
- --req-email)
- empty_ok=1
- export EASYRSA_REQ_EMAIL="$val" ;;
- --req-ou)
- empty_ok=1
- export EASYRSA_REQ_OU="$val" ;;
- --ns-cert)
- export EASYRSA_NS_SUPPORT="$val" ;;
- --ns-comment)
- empty_ok=1
- export EASYRSA_NS_COMMENT="$val" ;;
- --batch)
- empty_ok=1
- export EASYRSA_BATCH=1 ;;
- --passin)
- export EASYRSA_PASSIN="$val";;
- --passout)
- export EASYRSA_PASSOUT="$val";;
- --subca-len)
- export EASYRSA_SUBCA_LEN="$val" ;;
- --vars)
- export EASYRSA_VARS_FILE="$val" ;;
- --copy-ext)
- empty_ok=1
- export EASYRSA_CP_EXT=1 ;;
- --subject-alt-name)
- export EASYRSA_EXTRA_EXTS="\
-$EASYRSA_EXTRA_EXTS
-subjectAltName = $val" ;;
- --version)
- print_version
- ;;
- *)
- break ;;
- esac
-
- # fatal error when no value was provided
- if [ ! $empty_ok ] && { [ "$val" = "$1" ] || [ -z "$val" ]; }; then
- die "Missing value to option: $opt"
- fi
-
- shift
-done
-
-# Intelligent env-var detection and auto-loading:
-vars_setup
-
-# Register cleanup on EXIT
-trap "cleanup" EXIT
-# When SIGHUP, SIGINT, SIGQUIT, SIGABRT and SIGTERM,
-# explicitly exit to signal EXIT (non-bash shells)
-trap "exit 1" 1
-trap "exit 2" 2
-trap "exit 3" 3
-trap "exit 6" 6
-trap "exit 14" 15
-
-# Upgrade: EasyRSA v2.x to EasyRSA v3.x
-# Upgrade: EasyRSA < v3.0.6 to v3.0.6+
-#up23_manage_upgrade_23
-
-# determine how we were called, then hand off to the function responsible
-cmd="$1"
-[ -n "$1" ] && shift # scrape off command
-case "$cmd" in
- init-pki|clean-all)
- init_pki "$@"
- ;;
- build-ca)
- build_ca "$@"
- ;;
- gen-dh)
- gen_dh
- ;;
- gen-req)
- gen_req "$@"
- ;;
- sign|sign-req)
- sign_req "$@"
- ;;
- build-client-full)
- build_full client "$@"
- ;;
- build-server-full)
- build_full server "$@"
- ;;
- build-serverClient-full)
- build_full serverClient "$@"
- ;;
- gen-crl)
- gen_crl
- ;;
- revoke)
- revoke "$@"
- ;;
- renew)
- renew "$@"
- ;;
- import-req)
- import_req "$@"
- ;;
- export-p12)
- export_pkcs p12 "$@"
- ;;
- export-p7)
- export_pkcs p7 "$@"
- ;;
- export-p8)
- export_pkcs p8 "$@"
- ;;
- set-rsa-pass)
- set_pass rsa "$@"
- ;;
- set-ec-pass)
- set_pass ec "$@"
- ;;
- update-db)
- update_db
- ;;
- show-req)
- show req "$@"
- ;;
- show-cert)
- show cert "$@"
- ;;
- show-ca)
- show_ca "$@"
- ;;
- upgrade)
- up23_manage_upgrade_23 "$@"
- ;;
- ""|help|-h|--help|--usage)
- cmd_help "$1"
- exit 0
- ;;
- version)
- print_version
- ;;
- *)
- die "Unknown command '$cmd'. Run without commands for usage help."
- ;;
-esac
-
-# vim: ft=sh nu ai sw=8 ts=8 noet
+++ /dev/null
-# For use with Easy-RSA 3.0+ and OpenSSL or LibreSSL
-
-####################################################################
-[ ca ]
-default_ca = CA_default # The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir = $ENV::EASYRSA_PKI # Where everything is kept
-certs = $dir # Where the issued certs are kept
-crl_dir = $dir # Where the issued crl are kept
-database = $dir/index.txt # database index file.
-new_certs_dir = $dir/certs_by_serial # default place for new certs.
-
-certificate = $dir/ca.crt # The CA certificate
-serial = $dir/serial # The current serial number
-crl = $dir/crl.pem # The current CRL
-private_key = $dir/private/ca.key # The private key
-RANDFILE = $dir/.rand # private random number file
-
-x509_extensions = basic_exts # The extensions to add to the cert
-
-# This allows a V2 CRL. Ancient browsers don't like it, but anything Easy-RSA
-# is designed for will. In return, we get the Issuer attached to CRLs.
-crl_extensions = crl_ext
-
-default_days = $ENV::EASYRSA_CERT_EXPIRE # how long to certify for
-default_crl_days= $ENV::EASYRSA_CRL_DAYS # how long before next CRL
-default_md = $ENV::EASYRSA_DIGEST # use public key default MD
-preserve = no # keep passed DN ordering
-
-# This allows to renew certificates which have not been revoked
-unique_subject = no
-
-# A few different ways of specifying how similar the request should look
-# For type CA, the listed attributes must be the same, and the optional
-# and supplied fields are just that :-)
-policy = policy_anything
-
-# For the 'anything' policy, which defines allowed DN fields
-[ policy_anything ]
-countryName = optional
-stateOrProvinceName = optional
-localityName = optional
-organizationName = optional
-organizationalUnitName = optional
-commonName = supplied
-name = optional
-emailAddress = optional
-
-####################################################################
-# Easy-RSA request handling
-# We key off $DN_MODE to determine how to format the DN
-[ req ]
-default_bits = $ENV::EASYRSA_KEY_SIZE
-default_keyfile = privkey.pem
-default_md = $ENV::EASYRSA_DIGEST
-distinguished_name = $ENV::EASYRSA_DN
-x509_extensions = easyrsa_ca # The extensions to add to the self signed cert
-
-# A placeholder to handle the $EXTRA_EXTS feature:
-#%EXTRA_EXTS% # Do NOT remove or change this line as $EXTRA_EXTS support requires it
-
-####################################################################
-# Easy-RSA DN (Subject) handling
-
-# Easy-RSA DN for cn_only support:
-[ cn_only ]
-commonName = Common Name (eg: your user, host, or server name)
-commonName_max = 64
-commonName_default = $ENV::EASYRSA_REQ_CN
-
-# Easy-RSA DN for org support:
-[ org ]
-countryName = Country Name (2 letter code)
-countryName_default = $ENV::EASYRSA_REQ_COUNTRY
-countryName_min = 2
-countryName_max = 2
-
-stateOrProvinceName = State or Province Name (full name)
-stateOrProvinceName_default = $ENV::EASYRSA_REQ_PROVINCE
-
-localityName = Locality Name (eg, city)
-localityName_default = $ENV::EASYRSA_REQ_CITY
-
-0.organizationName = Organization Name (eg, company)
-0.organizationName_default = $ENV::EASYRSA_REQ_ORG
-
-organizationalUnitName = Organizational Unit Name (eg, section)
-organizationalUnitName_default = $ENV::EASYRSA_REQ_OU
-
-commonName = Common Name (eg: your user, host, or server name)
-commonName_max = 64
-commonName_default = $ENV::EASYRSA_REQ_CN
-
-emailAddress = Email Address
-emailAddress_default = $ENV::EASYRSA_REQ_EMAIL
-emailAddress_max = 64
-
-####################################################################
-# Easy-RSA cert extension handling
-
-# This section is effectively unused as the main script sets extensions
-# dynamically. This core section is left to support the odd usecase where
-# a user calls openssl directly.
-[ basic_exts ]
-basicConstraints = CA:FALSE
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid,issuer:always
-
-# The Easy-RSA CA extensions
-[ easyrsa_ca ]
-
-# PKIX recommendations:
-
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer:always
-
-# This could be marked critical, but it's nice to support reading by any
-# broken clients who attempt to do so.
-basicConstraints = CA:true
-
-# Limit key usage to CA tasks. If you really want to use the generated pair as
-# a self-signed cert, comment this out.
-keyUsage = cRLSign, keyCertSign
-
-# nsCertType omitted by default. Let's try to let the deprecated stuff die.
-# nsCertType = sslCA
-
-# CRL extensions.
-[ crl_ext ]
-
-# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
-
-# issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always,issuer:always
-
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIDSzCCAjOgAwIBAgIUdc8xO6X2O5dKTboU0VjKk8vxf6UwDQYJKoZIhvcNAQEL
-BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjIwMTI3MTYyMjI1WhcNMzIw
-MTI1MTYyMjI1WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBANfUW/VYGBdUDdq3yGWMD7TDDoXNFX+FaESEj8ad
-KhU3aakSF2bltPSLV0OKh+6H0avL1sPwvgleI7mmHU3PnyOTt4Seeikhcx9ZMLTZ
-NJ5unObrnfCyTOrpg7oQGUfu/eYsF3wAxXkQp/CG3aq++eTc741V3HVoj8slPtqJ
-7wMPMWDOgqENgIitOYD5gA9iywoLthXsIrPtWKy2zo8kUTQ3KE61UOEUa1I9r+3X
-EMM25lCid8I4kPTRU4JMbFvFqM+q3EOhMXeLlzAj6bD0ebmndxUyJLvbDBC5Uk9Q
-4CJsMRFhXTZZVUeCdmzvt4iUBZXN1P9AeM9lYCw4ZOjIknECAwEAAaOBkDCBjTAd
-BgNVHQ4EFgQUSUNbUvgxeLWEdHqNJ9MiH6nUwqUwUQYDVR0jBEowSIAUSUNbUvgx
-eLWEdHqNJ9MiH6nUwqWhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghR1zzE7
-pfY7l0pNuhTRWMqTy/F/pTAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq
-hkiG9w0BAQsFAAOCAQEAn4m1/6ptyMlGlobrZJ1/zpFykrHdlsFU2JbfVKB1Cu3P
-Hz9rJ0ai3du++7TObktNkALQgMy+i6eGH6+EbLp9lazcRRdJPVhJIuhQX9hvzQfk
-F/mM5wRJd6Rg6Cy8SDp0KYPwOM74Xck9ukvIPxdWd6omgu0b0qpruc58P0AW2Tjk
-XIP5YnBTBQGmN7NUzrJ4zWLKEJbOOi/P47oqEwYBGaWquLBsCPq03oDMs8EsGTcO
-90k9S8vgrrZfW4jHfkOmmNepgvt3g4A3g7Y9qYKLQi6vBtDOpK8OWfD6kIXBxqNt
-uSXdVmSwgbCTdXsMU3aEnVEyvgnlw/Wz+tXo+gLb5w==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 07:42:93:a8:25:71:a4:ae:b0:96:4d:14:d1:e2:ff:22
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:55:26 2022 GMT
- Not After : Jan 25 16:55:26 2032 GMT
- Subject: CN=osweidan
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:c4:fd:94:e9:62:a5:7d:74:92:9a:22:d6:7b:35:
- ff:95:26:e8:d3:bf:1e:ee:96:be:ba:de:2c:31:5a:
- 02:27:6d:ac:42:b4:3a:e0:22:89:63:e3:a3:b5:68:
- 8b:6f:f8:0e:a9:1f:a9:e5:62:d1:b4:39:6c:73:61:
- 89:a1:0e:db:8e:62:21:06:0b:d5:4f:64:10:39:4c:
- 91:f5:05:ca:65:09:82:e7:c6:52:61:7f:ed:de:95:
- bc:8f:23:a3:01:77:c3:2a:1c:75:ff:b9:55:66:a2:
- ae:ff:27:0d:4a:70:8c:b6:4d:f8:bc:65:fd:ff:a8:
- 60:e1:ea:df:64:e9:46:34:71:ec:3b:05:cb:ec:e7:
- a0:bc:39:6c:04:16:f9:0c:2c:c2:4b:4f:aa:80:6b:
- d7:37:68:e9:c4:f2:91:11:5b:33:03:8e:85:67:40:
- 7c:97:36:84:94:15:21:3d:2a:e9:87:81:65:21:fa:
- 27:07:ca:1b:0b:df:fa:eb:34:62:d5:52:fc:b6:00:
- 1a:54:bc:6d:0a:52:70:5e:15:38:ec:ce:dd:62:0c:
- c6:c2:10:7c:b2:a5:8b:18:10:81:f4:b5:9a:38:c4:
- cc:00:fa:de:0b:ca:8b:bc:82:df:2f:9e:84:3b:6a:
- 1e:13:61:c1:72:28:cd:0d:71:1d:97:36:04:2d:c8:
- 50:e1
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 52:89:7A:20:5D:CA:C8:13:92:30:14:B2:BD:6D:FA:8B:FE:73:38:9C
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- 17:99:13:42:f0:60:a8:b3:54:d4:c6:30:12:1e:0f:d3:78:a5:
- c1:1f:54:0e:3f:15:8c:72:60:dd:8e:e4:23:64:4f:5f:a5:7f:
- 12:59:d3:c4:cf:9b:51:98:67:cb:49:a9:99:38:65:09:7f:56:
- 42:08:86:31:e5:48:54:04:82:ac:1b:23:fd:63:b6:49:dd:73:
- 50:af:84:0c:d5:37:6e:47:49:f6:2a:17:0c:c1:08:f9:cf:4f:
- 3f:90:c7:dc:c4:d8:ef:99:ab:f8:12:55:8d:9a:18:4b:2f:9e:
- c8:1f:97:31:83:8a:62:3d:6c:d0:0e:0c:e2:d4:7c:2f:10:37:
- 7e:23:be:7d:f8:59:97:4e:a6:5f:75:ca:6a:a4:f1:ea:b9:41:
- da:fe:be:8f:28:ff:0a:93:17:b0:7a:d2:fe:4e:7a:c7:ed:c2:
- fe:91:93:c8:94:43:ec:74:4f:34:85:6e:7c:72:1d:45:2a:b1:
- b9:bd:3b:d7:d0:b9:4d:54:74:6d:c5:73:03:ad:5c:7d:9d:16:
- bb:28:d4:9c:6e:33:54:65:e5:11:06:b5:a5:e8:e9:dc:b4:95:
- 4b:b4:6b:ef:db:5a:fe:4e:8f:4b:3d:b6:e2:37:fb:78:37:36:
- 9a:a0:26:cc:19:72:e6:26:99:05:e2:6b:a2:6f:d4:86:cb:f5:
- 5c:fe:cc:54
------BEGIN CERTIFICATE-----
-MIIDVjCCAj6gAwIBAgIQB0KTqCVxpK6wlk0U0eL/IjANBgkqhkiG9w0BAQsFADAW
-MRQwEgYDVQQDDAtFYXN5LVJTQSBDQTAeFw0yMjAxMjcxNjU1MjZaFw0zMjAxMjUx
-NjU1MjZaMBMxETAPBgNVBAMMCG9zd2VpZGFuMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEAxP2U6WKlfXSSmiLWezX/lSbo078e7pa+ut4sMVoCJ22sQrQ6
-4CKJY+OjtWiLb/gOqR+p5WLRtDlsc2GJoQ7bjmIhBgvVT2QQOUyR9QXKZQmC58ZS
-YX/t3pW8jyOjAXfDKhx1/7lVZqKu/ycNSnCMtk34vGX9/6hg4erfZOlGNHHsOwXL
-7OegvDlsBBb5DCzCS0+qgGvXN2jpxPKREVszA46FZ0B8lzaElBUhPSrph4FlIfon
-B8obC9/66zRi1VL8tgAaVLxtClJwXhU47M7dYgzGwhB8sqWLGBCB9LWaOMTMAPre
-C8qLvILfL56EO2oeE2HBcijNDXEdlzYELchQ4QIDAQABo4GiMIGfMAkGA1UdEwQC
-MAAwHQYDVR0OBBYEFFKJeiBdysgTkjAUsr1t+ov+czicMFEGA1UdIwRKMEiAFElD
-W1L4MXi1hHR6jSfTIh+p1MKloRqkGDAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQYIU
-dc8xO6X2O5dKTboU0VjKk8vxf6UwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0P
-BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQAXmRNC8GCos1TUxjASHg/TeKXBH1QO
-PxWMcmDdjuQjZE9fpX8SWdPEz5tRmGfLSamZOGUJf1ZCCIYx5UhUBIKsGyP9Y7ZJ
-3XNQr4QM1TduR0n2KhcMwQj5z08/kMfcxNjvmav4ElWNmhhLL57IH5cxg4piPWzQ
-Dgzi1HwvEDd+I759+FmXTqZfdcpqpPHquUHa/r6PKP8KkxewetL+TnrH7cL+kZPI
-lEPsdE80hW58ch1FKrG5vTvX0LlNVHRtxXMDrVx9nRa7KNScbjNUZeURBrWl6Onc
-tJVLtGvv21r+To9LPbbiN/t4NzaaoCbMGXLmJpkF4muib9SGy/Vc/sxU
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 16:d6:7e:bd:b7:16:bd:51:0c:34:0d:08:fa:8c:cb:b1
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:54:48 2022 GMT
- Not After : Jan 25 16:54:48 2032 GMT
- Subject: CN=kkancz
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:b9:6a:63:78:e0:1b:e8:2f:dc:70:f4:49:6f:6c:
- 7b:62:05:76:60:4e:01:4f:91:07:2d:b2:8e:7f:e1:
- 61:4e:c3:24:1d:da:6c:ae:b9:d5:de:00:d5:f7:cf:
- 36:8f:a1:cb:9c:15:4c:57:e8:76:36:83:8b:7b:d4:
- de:04:c9:06:40:32:c3:31:01:f1:f5:bc:9c:97:42:
- 4d:82:47:71:cc:b8:0c:2c:91:bb:c8:6b:2b:62:09:
- f3:5a:c5:5f:40:e8:46:7c:9f:d8:dd:20:a3:bc:34:
- f9:67:28:ae:ed:fc:cd:3e:f0:68:ce:1b:02:d4:da:
- d2:0b:74:b6:32:11:39:6e:53:80:a7:e1:b9:06:96:
- ae:ef:8e:dd:0e:26:05:7a:2c:46:7d:f6:ba:af:6f:
- 3e:44:8b:fa:ff:40:fd:3e:32:64:a5:f7:27:60:f7:
- 85:28:33:e2:a3:2f:5a:37:cd:15:02:ff:28:b5:95:
- a4:3d:ee:01:9f:86:76:2d:01:3d:b4:e7:e2:1f:fb:
- be:1f:6a:2f:e8:50:68:2a:2d:86:3a:ef:38:f1:46:
- df:e7:5c:53:b0:63:13:80:b4:4d:b8:60:7a:ee:71:
- 67:bc:c8:21:83:64:6f:45:07:19:87:f3:49:c2:63:
- 04:59:3f:6d:80:21:0e:2f:4e:cc:b5:7c:38:47:c4:
- 7b:a5
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 9E:32:BB:AC:26:6F:9A:04:73:A5:B9:42:DA:29:46:95:C8:DE:F3:05
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- 6a:07:04:54:3c:a9:4c:05:72:9e:78:6b:a6:dd:a8:09:15:0b:
- cb:54:ad:54:91:f9:8d:ee:61:37:a3:97:92:9e:97:25:4d:db:
- 96:91:9f:39:45:92:e5:d7:06:45:57:89:ef:96:bf:47:c5:5a:
- 84:c8:6d:78:7a:43:02:f5:0f:4b:7f:7b:04:49:53:4b:85:13:
- 5a:cb:75:06:f3:ba:8b:0b:83:f2:1a:df:27:0b:17:b2:28:ca:
- c6:38:14:8c:3d:42:02:db:f2:63:79:ce:00:be:90:b6:0a:5f:
- 23:5a:06:37:c3:34:da:09:1f:66:c8:29:11:0c:b0:8e:ac:43:
- b3:a9:8b:eb:71:38:9c:ed:cf:7c:00:55:47:a4:48:6b:a8:1c:
- 13:4a:b7:bf:4a:48:72:10:32:a7:48:64:d7:82:60:64:cb:a0:
- 20:6a:20:13:d9:0a:09:03:8b:be:76:f1:23:af:90:73:d9:de:
- 65:23:0d:07:04:48:61:f1:9a:c8:37:41:ff:65:72:27:de:88:
- 82:ca:8f:eb:92:2c:8e:b3:ab:dc:26:ff:d4:3d:d8:99:66:c5:
- f8:c4:cc:54:ac:98:21:29:65:ac:77:4e:f6:12:de:f5:ba:cc:
- 1b:ee:eb:08:bf:fe:33:77:19:a5:5c:43:6c:30:40:40:e2:6c:
- bf:93:e0:af
------BEGIN CERTIFICATE-----
-MIIDVDCCAjygAwIBAgIQFtZ+vbcWvVEMNA0I+ozLsTANBgkqhkiG9w0BAQsFADAW
-MRQwEgYDVQQDDAtFYXN5LVJTQSBDQTAeFw0yMjAxMjcxNjU0NDhaFw0zMjAxMjUx
-NjU0NDhaMBExDzANBgNVBAMMBmtrYW5jejCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBALlqY3jgG+gv3HD0SW9se2IFdmBOAU+RBy2yjn/hYU7DJB3abK65
-1d4A1ffPNo+hy5wVTFfodjaDi3vU3gTJBkAywzEB8fW8nJdCTYJHccy4DCyRu8hr
-K2IJ81rFX0DoRnyf2N0go7w0+Wcoru38zT7waM4bAtTa0gt0tjIROW5TgKfhuQaW
-ru+O3Q4mBXosRn32uq9vPkSL+v9A/T4yZKX3J2D3hSgz4qMvWjfNFQL/KLWVpD3u
-AZ+Gdi0BPbTn4h/7vh9qL+hQaCothjrvOPFG3+dcU7BjE4C0Tbhgeu5xZ7zIIYNk
-b0UHGYfzScJjBFk/bYAhDi9OzLV8OEfEe6UCAwEAAaOBojCBnzAJBgNVHRMEAjAA
-MB0GA1UdDgQWBBSeMrusJm+aBHOluULaKUaVyN7zBTBRBgNVHSMESjBIgBRJQ1tS
-+DF4tYR0eo0n0yIfqdTCpaEapBgwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0GCFHXP
-MTul9juXSk26FNFYypPL8X+lMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQE
-AwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAagcEVDypTAVynnhrpt2oCRULy1StVJH5
-je5hN6OXkp6XJU3blpGfOUWS5dcGRVeJ75a/R8VahMhteHpDAvUPS397BElTS4UT
-Wst1BvO6iwuD8hrfJwsXsijKxjgUjD1CAtvyY3nOAL6QtgpfI1oGN8M02gkfZsgp
-EQywjqxDs6mL63E4nO3PfABVR6RIa6gcE0q3v0pIchAyp0hk14JgZMugIGogE9kK
-CQOLvnbxI6+Qc9neZSMNBwRIYfGayDdB/2VyJ96IgsqP65IsjrOr3Cb/1D3YmWbF
-+MTMVKyYISllrHdO9hLe9brMG+7rCL/+M3cZpVxDbDBAQOJsv5Pgrw==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 23:70:61:7d:39:85:fe:76:8d:ca:0f:04:d3:68:3d:1f
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:54:35 2022 GMT
- Not After : Jan 25 16:54:35 2032 GMT
- Subject: CN=khorvath
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:eb:04:0d:b5:38:69:3a:69:07:21:1c:59:4c:07:
- 6c:1d:30:89:93:3d:90:d3:ef:04:cb:ec:41:94:9e:
- 35:91:28:17:e4:1f:cb:2b:0a:06:b9:6a:91:e6:cb:
- 89:60:e6:3c:0a:f8:ff:ae:6c:48:e3:d7:a9:52:95:
- 5f:e5:c8:80:5c:82:b5:91:3b:5e:e0:23:82:8d:52:
- 53:0a:ea:e8:b2:92:b3:4b:bb:1d:2f:5a:e4:29:a9:
- 69:2c:b9:e1:9e:13:1c:3c:0d:d9:fe:fd:e9:a7:1f:
- f4:c2:ab:3b:eb:52:95:41:2a:5a:d4:9e:e9:8e:40:
- 97:60:fb:e8:12:9e:d6:e4:72:2b:43:57:de:85:6b:
- db:94:27:45:eb:43:bb:3d:6e:17:c6:dc:19:d2:dc:
- cd:c8:67:fc:d0:d3:8f:81:4c:1a:ad:df:e6:2b:43:
- 07:95:18:ad:e0:21:c6:5a:fd:ce:17:af:63:58:97:
- b7:86:db:42:95:7f:38:46:08:7e:26:81:24:e2:7e:
- dd:53:51:ab:29:43:19:ad:5f:8b:b2:b8:cf:19:06:
- 0e:15:67:a4:50:79:00:f4:f8:2a:b8:e7:fd:b4:59:
- 9a:ef:10:fb:10:bf:57:3e:26:ec:1e:97:6d:ad:87:
- b9:60:94:69:24:96:69:36:9a:21:00:42:98:06:24:
- d5:f9
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 96:F4:90:70:43:B0:6E:93:48:D7:95:1F:9B:BC:0E:8A:8D:33:36:99
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- 01:8a:5e:af:fe:5a:9d:65:ba:a5:3a:51:d0:1e:7d:fe:9e:b7:
- 7e:bc:da:33:0b:e2:f8:13:6f:73:40:5f:c2:b7:5d:2f:54:5e:
- 0d:db:1d:28:b0:e9:fa:a2:ff:23:3c:4e:63:90:d6:5e:6c:81:
- 9a:69:3d:06:05:5f:c3:a5:67:4a:29:e9:40:36:eb:53:89:a7:
- 13:a5:69:ba:8d:61:ac:d9:5f:89:35:59:dc:c0:98:73:f1:f8:
- 1e:14:80:d9:09:9c:bd:db:69:54:ea:15:68:97:bd:08:27:d7:
- af:c9:8a:b5:41:4a:6c:dc:4f:4c:dd:5b:c7:cf:86:01:07:a2:
- ad:33:7d:aa:47:ae:a8:b0:d2:24:89:9c:a0:48:8d:74:51:79:
- 89:f8:8d:ee:33:4f:d6:45:b8:b5:a6:48:eb:ad:3a:86:68:53:
- 4d:ba:55:fa:d4:2f:7b:59:3d:a6:16:d9:8a:81:90:72:e8:14:
- e8:06:7f:de:0e:f8:be:cf:ce:91:22:8e:cd:5a:94:8f:1c:d0:
- 4b:f6:b5:41:2d:1d:c4:0a:1e:36:17:dd:78:17:23:85:c7:cb:
- ae:1b:ae:65:90:22:b0:c0:94:df:cc:83:38:61:cb:fa:a7:e6:
- a4:a7:9b:10:5d:fc:30:6f:d2:dc:02:15:07:a0:42:9f:1b:a9:
- f9:c7:22:34
------BEGIN CERTIFICATE-----
-MIIDVjCCAj6gAwIBAgIQI3BhfTmF/naNyg8E02g9HzANBgkqhkiG9w0BAQsFADAW
-MRQwEgYDVQQDDAtFYXN5LVJTQSBDQTAeFw0yMjAxMjcxNjU0MzVaFw0zMjAxMjUx
-NjU0MzVaMBMxETAPBgNVBAMMCGtob3J2YXRoMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEA6wQNtThpOmkHIRxZTAdsHTCJkz2Q0+8Ey+xBlJ41kSgX5B/L
-KwoGuWqR5suJYOY8Cvj/rmxI49epUpVf5ciAXIK1kTte4COCjVJTCurospKzS7sd
-L1rkKalpLLnhnhMcPA3Z/v3ppx/0wqs761KVQSpa1J7pjkCXYPvoEp7W5HIrQ1fe
-hWvblCdF60O7PW4XxtwZ0tzNyGf80NOPgUward/mK0MHlRit4CHGWv3OF69jWJe3
-httClX84Rgh+JoEk4n7dU1GrKUMZrV+LsrjPGQYOFWekUHkA9PgquOf9tFma7xD7
-EL9XPibsHpdtrYe5YJRpJJZpNpohAEKYBiTV+QIDAQABo4GiMIGfMAkGA1UdEwQC
-MAAwHQYDVR0OBBYEFJb0kHBDsG6TSNeVH5u8DoqNMzaZMFEGA1UdIwRKMEiAFElD
-W1L4MXi1hHR6jSfTIh+p1MKloRqkGDAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQYIU
-dc8xO6X2O5dKTboU0VjKk8vxf6UwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0P
-BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQABil6v/lqdZbqlOlHQHn3+nrd+vNoz
-C+L4E29zQF/Ct10vVF4N2x0osOn6ov8jPE5jkNZebIGaaT0GBV/DpWdKKelANutT
-iacTpWm6jWGs2V+JNVncwJhz8fgeFIDZCZy922lU6hVol70IJ9evyYq1QUps3E9M
-3VvHz4YBB6KtM32qR66osNIkiZygSI10UXmJ+I3uM0/WRbi1pkjrrTqGaFNNulX6
-1C97WT2mFtmKgZBy6BToBn/eDvi+z86RIo7NWpSPHNBL9rVBLR3ECh42F914FyOF
-x8uuG65lkCKwwJTfzIM4Ycv6p+akp5sQXfwwb9LcAhUHoEKfG6n5xyI0
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 2b:f6:cb:e6:ee:b9:5f:05:2f:9d:64:50:3f:0c:c3:37
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:56:14 2022 GMT
- Not After : Jan 25 16:56:14 2032 GMT
- Subject: CN=zfelleg
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:a9:54:33:8f:8b:4d:40:21:59:cf:42:77:2e:a3:
- 58:dc:9b:6c:62:ab:d8:f7:7e:06:98:e0:d8:20:13:
- 6f:14:01:d2:3a:9c:d6:a8:d5:9e:cd:1b:b7:53:e4:
- a5:c0:aa:50:13:6a:9a:34:c6:8b:ce:b0:f2:68:ff:
- e1:8d:ed:a3:91:27:c9:30:75:d3:8d:ee:be:df:c6:
- 1f:df:ef:50:f1:21:d5:4d:ae:07:b7:b9:97:bc:ba:
- 6a:65:22:03:00:86:7b:7f:b3:8b:c4:98:73:3d:e6:
- 44:2f:27:31:6d:9c:7d:9d:da:d6:a4:65:68:bb:5b:
- 06:fb:f3:9b:b6:69:f9:08:dd:61:6b:0e:04:48:e7:
- d7:d9:8a:82:1f:44:74:a4:be:86:54:bb:c0:55:da:
- c5:d6:d7:83:6d:26:09:4e:c6:87:cc:89:e1:e8:40:
- 6d:3b:9f:c3:b2:8b:23:87:d2:8c:93:be:95:33:6a:
- 35:dd:33:45:de:06:42:ee:18:19:5a:1d:52:46:54:
- a4:f0:af:5b:f9:56:6d:be:3d:01:ea:96:fe:75:6b:
- 44:95:f8:3b:8a:11:67:59:7b:c8:30:cd:05:40:5a:
- f5:ce:5d:80:2a:aa:0b:f5:e1:24:d2:81:54:b7:7f:
- 39:b0:1c:10:0e:6b:39:d3:06:3b:58:48:7a:a9:7e:
- ea:4f
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- E2:66:F5:04:A5:2A:61:D5:3B:DF:7A:50:2E:78:E9:C4:76:F1:D5:78
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- 21:ff:e7:b7:cf:17:01:19:6e:2c:43:1c:96:37:32:3b:49:ba:
- 4f:97:59:fc:31:2a:97:88:54:5b:96:6b:cd:20:75:f8:91:29:
- 69:93:a0:54:8f:bf:2a:9e:1f:7a:d5:25:ef:7e:16:04:72:0b:
- ab:fc:26:fb:65:47:6a:dc:64:59:e5:51:1a:3b:bd:1c:21:93:
- ba:39:dc:34:37:98:68:0b:7b:72:96:81:0f:63:ea:bc:ea:ed:
- 19:9e:bb:b4:56:8e:c9:67:44:4f:d6:c8:60:2c:7f:37:c7:8e:
- a7:37:c5:f1:67:99:57:2b:0e:1d:8d:27:8c:bf:e1:5b:b7:42:
- 76:09:f0:e5:03:72:a3:93:91:03:62:8c:7d:f5:d9:f0:8e:ca:
- 52:9e:00:8c:1a:90:72:30:ba:86:92:ff:f6:41:ca:17:7d:75:
- 6f:3c:e0:4b:9a:26:d2:fe:79:23:cd:96:0e:c3:77:eb:d4:0c:
- 44:e5:d4:1a:5d:73:2e:48:26:25:97:04:65:90:0b:1f:6f:f1:
- 0c:f6:07:68:c5:38:cf:f4:74:b1:c3:06:ce:38:d2:98:b1:be:
- 82:20:bf:41:6e:8e:74:a5:f7:e9:de:dd:ed:c8:99:db:1c:de:
- c6:14:4d:8d:f1:85:52:d0:a7:44:3e:18:41:87:52:b9:e0:8c:
- ee:1f:01:42
------BEGIN CERTIFICATE-----
-MIIDVTCCAj2gAwIBAgIQK/bL5u65XwUvnWRQPwzDNzANBgkqhkiG9w0BAQsFADAW
-MRQwEgYDVQQDDAtFYXN5LVJTQSBDQTAeFw0yMjAxMjcxNjU2MTRaFw0zMjAxMjUx
-NjU2MTRaMBIxEDAOBgNVBAMMB3pmZWxsZWcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-DwAwggEKAoIBAQCpVDOPi01AIVnPQncuo1jcm2xiq9j3fgaY4NggE28UAdI6nNao
-1Z7NG7dT5KXAqlATapo0xovOsPJo/+GN7aORJ8kwddON7r7fxh/f71DxIdVNrge3
-uZe8umplIgMAhnt/s4vEmHM95kQvJzFtnH2d2takZWi7Wwb785u2afkI3WFrDgRI
-59fZioIfRHSkvoZUu8BV2sXW14NtJglOxofMieHoQG07n8OyiyOH0oyTvpUzajXd
-M0XeBkLuGBlaHVJGVKTwr1v5Vm2+PQHqlv51a0SV+DuKEWdZe8gwzQVAWvXOXYAq
-qgv14STSgVS3fzmwHBAOaznTBjtYSHqpfupPAgMBAAGjgaIwgZ8wCQYDVR0TBAIw
-ADAdBgNVHQ4EFgQU4mb1BKUqYdU733pQLnjpxHbx1XgwUQYDVR0jBEowSIAUSUNb
-UvgxeLWEdHqNJ9MiH6nUwqWhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghR1
-zzE7pfY7l0pNuhTRWMqTy/F/pTATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8E
-BAMCB4AwDQYJKoZIhvcNAQELBQADggEBACH/57fPFwEZbixDHJY3MjtJuk+XWfwx
-KpeIVFuWa80gdfiRKWmToFSPvyqeH3rVJe9+FgRyC6v8JvtlR2rcZFnlURo7vRwh
-k7o53DQ3mGgLe3KWgQ9j6rzq7Rmeu7RWjslnRE/WyGAsfzfHjqc3xfFnmVcrDh2N
-J4y/4Vu3QnYJ8OUDcqOTkQNijH312fCOylKeAIwakHIwuoaS//ZByhd9dW884Eua
-JtL+eSPNlg7Dd+vUDETl1Bpdcy5IJiWXBGWQCx9v8Qz2B2jFOM/0dLHDBs440pix
-voIgv0FujnSl9+ne3e3Imdsc3sYUTY3xhVLQp0Q+GEGHUrngjO4fAUI=
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 33:59:80:b8:6f:f1:71:c9:57:98:a1:e9:af:81:5f:cb
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:22:46 2022 GMT
- Not After : Jan 25 16:22:46 2032 GMT
- Subject: CN=vpn.in.useribm.hu
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:d1:47:ff:20:8f:34:88:dd:50:ed:d5:d1:55:d8:
- 12:a2:ff:61:e5:0d:71:29:00:49:35:d0:1c:4a:ef:
- d4:01:49:c5:84:3a:a3:b9:14:ae:cc:d1:50:53:4c:
- 7d:68:38:55:14:88:e3:42:0e:76:8c:17:a7:fd:8b:
- 3b:a9:9c:26:37:fc:d1:4f:89:ab:ea:b9:e1:1e:0b:
- 58:8b:ea:bd:80:8d:df:a0:0e:1d:bf:19:85:81:94:
- 87:e6:d0:0e:31:77:e3:29:7e:ef:16:6f:7e:01:09:
- eb:39:3d:da:11:a2:62:72:a7:8b:5b:f6:5c:75:f3:
- 24:a9:66:15:c2:fa:7a:b8:9c:35:a3:82:bb:84:41:
- cc:39:fe:cc:f2:d0:65:3b:13:b9:7b:1a:05:9b:6f:
- 8c:77:a1:a5:2c:59:17:86:e5:d7:58:23:c5:03:3e:
- ad:75:38:69:ba:f3:b4:41:3b:8a:ee:a0:8c:81:60:
- e0:13:51:ed:cb:90:d4:8c:d2:5e:d5:f9:d4:b3:b9:
- 7e:e6:71:4d:4a:bf:50:f1:d6:63:6a:f7:c0:44:8d:
- 48:46:9d:53:36:e8:c6:ba:fa:9d:08:5b:22:c5:f7:
- 6a:f9:b1:cf:9a:76:bd:fe:e0:88:01:82:4c:c8:a1:
- c0:3e:68:fc:06:e3:df:07:ec:97:48:1f:d2:c5:cd:
- 11:81
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 71:D0:E0:F8:9D:2C:0D:A1:35:C6:F5:4D:1C:88:53:40:07:00:78:35
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Server Authentication
- X509v3 Key Usage:
- Digital Signature, Key Encipherment
- X509v3 Subject Alternative Name:
- DNS:vpn.in.useribm.hu
- Signature Algorithm: sha256WithRSAEncryption
- af:9b:99:1f:f6:90:a0:7a:58:9f:98:d7:da:75:0d:86:85:c7:
- 8e:99:95:86:ad:8b:1d:c4:a8:e5:cf:75:79:bc:b8:ce:b8:2c:
- 53:e3:c6:93:e9:4a:42:b6:f7:2d:82:85:cf:ed:82:37:21:0f:
- 27:c5:07:56:33:99:37:37:66:da:72:1a:e1:0e:78:2d:f0:2c:
- fc:d8:af:b9:23:07:d9:82:9f:42:6d:e8:7a:5d:69:b1:f5:a2:
- 7a:d8:85:72:4c:e2:c6:c3:91:c7:65:1a:a2:a5:2e:94:58:5b:
- fe:a1:12:dc:48:15:9e:e6:18:a8:21:3f:fd:be:fa:28:02:22:
- 9f:f2:04:0c:e3:57:01:3f:fb:87:4f:64:ff:5a:c0:4c:60:48:
- 65:59:1a:db:76:c2:d4:1d:57:39:e8:10:57:f2:10:15:10:ce:
- 3d:7a:d5:4e:70:6e:90:22:6b:37:58:c7:01:7f:62:78:7c:b6:
- aa:e5:f6:5f:47:a0:97:27:b5:18:cd:ac:22:90:76:5d:0b:c8:
- dc:4c:55:01:b2:8f:67:e6:14:17:7f:f3:c6:1a:f5:0d:a3:f4:
- 2e:0c:d5:bb:08:fc:7b:23:c2:c7:ed:25:77:97:94:3d:86:87:
- de:bd:0c:83:ea:52:6b:44:45:fd:39:a0:e8:61:dc:be:73:1c:
- 10:c6:ba:0c
------BEGIN CERTIFICATE-----
-MIIDfTCCAmWgAwIBAgIQM1mAuG/xcclXmKHpr4FfyzANBgkqhkiG9w0BAQsFADAW
-MRQwEgYDVQQDDAtFYXN5LVJTQSBDQTAeFw0yMjAxMjcxNjIyNDZaFw0zMjAxMjUx
-NjIyNDZaMBwxGjAYBgNVBAMMEXZwbi5pbi51c2VyaWJtLmh1MIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Uf/II80iN1Q7dXRVdgSov9h5Q1xKQBJNdAc
-Su/UAUnFhDqjuRSuzNFQU0x9aDhVFIjjQg52jBen/Ys7qZwmN/zRT4mr6rnhHgtY
-i+q9gI3foA4dvxmFgZSH5tAOMXfjKX7vFm9+AQnrOT3aEaJicqeLW/ZcdfMkqWYV
-wvp6uJw1o4K7hEHMOf7M8tBlOxO5exoFm2+Md6GlLFkXhuXXWCPFAz6tdThpuvO0
-QTuK7qCMgWDgE1Hty5DUjNJe1fnUs7l+5nFNSr9Q8dZjavfARI1IRp1TNujGuvqd
-CFsixfdq+bHPmna9/uCIAYJMyKHAPmj8BuPfB+yXSB/Sxc0RgQIDAQABo4HAMIG9
-MAkGA1UdEwQCMAAwHQYDVR0OBBYEFHHQ4PidLA2hNcb1TRyIU0AHAHg1MFEGA1Ud
-IwRKMEiAFElDW1L4MXi1hHR6jSfTIh+p1MKloRqkGDAWMRQwEgYDVQQDDAtFYXN5
-LVJTQSBDQYIUdc8xO6X2O5dKTboU0VjKk8vxf6UwEwYDVR0lBAwwCgYIKwYBBQUH
-AwEwCwYDVR0PBAQDAgWgMBwGA1UdEQQVMBOCEXZwbi5pbi51c2VyaWJtLmh1MA0G
-CSqGSIb3DQEBCwUAA4IBAQCvm5kf9pCgelifmNfadQ2GhceOmZWGrYsdxKjlz3V5
-vLjOuCxT48aT6UpCtvctgoXP7YI3IQ8nxQdWM5k3N2bachrhDngt8Cz82K+5IwfZ
-gp9Cbeh6XWmx9aJ62IVyTOLGw5HHZRqipS6UWFv+oRLcSBWe5hioIT/9vvooAiKf
-8gQM41cBP/uHT2T/WsBMYEhlWRrbdsLUHVc56BBX8hAVEM49etVOcG6QIms3WMcB
-f2J4fLaq5fZfR6CXJ7UYzawikHZdC8jcTFUBso9n5hQXf/PGGvUNo/QuDNW7CPx7
-I8LH7SV3l5Q9hofevQyD6lJrREX9OaDoYdy+cxwQxroM
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 60:87:51:1c:41:ab:64:4d:6e:87:35:4b:37:da:5a:be
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:54:21 2022 GMT
- Not After : Jan 25 16:54:21 2032 GMT
- Subject: CN=fschnell
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:ba:48:1e:7f:2f:93:ee:b3:88:cf:0a:0a:82:0d:
- 48:bd:ed:d8:3f:5d:13:d1:20:c0:34:b9:8f:53:39:
- 52:d2:7e:91:4f:e5:4c:07:73:54:25:a6:6a:c7:83:
- b8:fc:93:1d:b6:03:72:59:41:4a:61:b9:68:0d:4e:
- e2:9b:b4:74:6c:87:7c:a3:61:30:22:3f:9b:53:23:
- 31:e1:b6:37:ef:0d:32:df:6e:40:14:e1:d8:1a:0e:
- 93:8f:6c:55:0d:dd:c9:9a:a2:5c:1e:46:c1:19:ce:
- e4:ee:8b:3e:93:bf:ce:60:30:29:da:2c:e7:d7:a9:
- 06:4d:84:60:cd:3a:28:18:0d:d2:11:6e:01:e9:1a:
- 0c:6b:d1:09:b4:e6:5f:95:7d:c3:a3:d3:fb:44:15:
- 50:b7:be:6e:89:d3:75:cf:57:e3:13:f6:99:3e:ea:
- 2b:38:05:5b:d4:0d:c6:65:42:93:63:c6:e7:44:5a:
- 2c:01:19:88:52:c7:6f:12:fa:27:df:5e:b6:40:e9:
- 15:35:e4:27:0f:e3:c7:1d:37:4f:5f:0b:78:cb:33:
- a2:e6:06:35:b3:b1:d4:4a:4f:55:48:95:b1:e0:5c:
- 8f:35:87:d9:32:07:1b:68:b0:eb:8b:03:67:9c:0e:
- 14:0c:63:ca:22:c7:86:9a:35:5f:af:84:75:fa:3b:
- e7:43
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 4C:D9:F1:08:3B:62:3F:D4:E3:22:0B:27:BD:9C:7C:15:44:B8:D6:11
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- 4c:cf:19:8e:b2:4a:87:3c:de:5b:f3:31:9d:c3:58:4d:9a:d6:
- 59:ad:49:ec:aa:ec:2a:3c:04:c2:1b:fd:31:76:8f:af:2a:bc:
- 9e:d4:96:5d:31:b5:86:16:df:af:2f:ea:12:e9:2a:23:f5:37:
- bb:9b:c0:c5:b6:bc:77:28:2c:f6:8d:31:8a:8e:a2:f8:dc:b8:
- 65:14:ba:1a:8c:32:4f:ec:84:08:3c:87:c2:97:08:93:f8:b9:
- a4:30:a4:78:54:05:a0:f0:29:7b:61:bb:22:4a:98:21:bb:a3:
- c1:38:be:14:bf:58:ab:09:07:8c:d8:c1:66:17:98:91:f3:64:
- ca:05:41:f8:04:5d:91:8a:8f:29:2b:d1:85:20:c5:7c:3e:32:
- 3e:40:8b:c5:1a:20:1f:c4:95:4b:3a:35:a1:37:e3:c8:15:f1:
- 04:4f:9e:cb:1d:1f:bf:4a:c5:8b:f9:81:a7:42:e5:95:04:e5:
- b2:04:f0:3e:1e:d5:24:1d:37:e1:cd:c4:b9:69:77:0d:d6:28:
- b2:f9:7b:be:93:a0:b5:2b:c3:3d:27:9e:4d:a0:73:64:d1:16:
- 9a:07:cc:ff:55:e8:06:ff:a7:d3:fe:a7:33:ff:1c:9d:b4:c8:
- f8:37:fa:e3:24:1d:57:e9:ea:df:92:61:7b:ec:f3:6b:3d:0f:
- 7e:75:72:59
------BEGIN CERTIFICATE-----
-MIIDVjCCAj6gAwIBAgIQYIdRHEGrZE1uhzVLN9pavjANBgkqhkiG9w0BAQsFADAW
-MRQwEgYDVQQDDAtFYXN5LVJTQSBDQTAeFw0yMjAxMjcxNjU0MjFaFw0zMjAxMjUx
-NjU0MjFaMBMxETAPBgNVBAMMCGZzY2huZWxsMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEAukgefy+T7rOIzwoKgg1Ive3YP10T0SDANLmPUzlS0n6RT+VM
-B3NUJaZqx4O4/JMdtgNyWUFKYbloDU7im7R0bId8o2EwIj+bUyMx4bY37w0y325A
-FOHYGg6Tj2xVDd3JmqJcHkbBGc7k7os+k7/OYDAp2izn16kGTYRgzTooGA3SEW4B
-6RoMa9EJtOZflX3Do9P7RBVQt75uidN1z1fjE/aZPuorOAVb1A3GZUKTY8bnRFos
-ARmIUsdvEvon3162QOkVNeQnD+PHHTdPXwt4yzOi5gY1s7HUSk9VSJWx4FyPNYfZ
-MgcbaLDriwNnnA4UDGPKIseGmjVfr4R1+jvnQwIDAQABo4GiMIGfMAkGA1UdEwQC
-MAAwHQYDVR0OBBYEFEzZ8Qg7Yj/U4yILJ72cfBVEuNYRMFEGA1UdIwRKMEiAFElD
-W1L4MXi1hHR6jSfTIh+p1MKloRqkGDAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQYIU
-dc8xO6X2O5dKTboU0VjKk8vxf6UwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0P
-BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQBMzxmOskqHPN5b8zGdw1hNmtZZrUns
-quwqPATCG/0xdo+vKrye1JZdMbWGFt+vL+oS6Soj9Te7m8DFtrx3KCz2jTGKjqL4
-3LhlFLoajDJP7IQIPIfClwiT+LmkMKR4VAWg8Cl7YbsiSpghu6PBOL4Uv1irCQeM
-2MFmF5iR82TKBUH4BF2Rio8pK9GFIMV8PjI+QIvFGiAfxJVLOjWhN+PIFfEET57L
-HR+/SsWL+YGnQuWVBOWyBPA+HtUkHTfhzcS5aXcN1iiy+Xu+k6C1K8M9J55NoHNk
-0RaaB8z/VegG/6fT/qcz/xydtMj4N/rjJB1X6erfkmF77PNrPQ9+dXJZ
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 73:44:69:33:9d:70:f8:2e:cc:af:44:62:a8:c4:d2:32
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:52:17 2022 GMT
- Not After : Jan 25 16:52:17 2032 GMT
- Subject: CN=qqcs
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:b9:83:80:30:d8:21:63:c5:f1:85:af:0d:2a:af:
- b6:c8:50:03:6e:6c:1c:55:28:b2:9d:59:1d:42:0b:
- f9:42:ea:38:d6:3d:1b:2f:9e:c2:c4:91:d8:0e:56:
- 28:03:5f:a8:a9:bf:6a:d7:9f:22:78:b8:cb:f5:7e:
- da:c0:bb:56:b7:25:a1:84:af:19:70:c3:27:fc:33:
- 82:01:71:76:25:a3:6e:bb:d6:a3:71:1b:4a:48:51:
- 3d:6a:c6:36:28:05:88:01:3c:6a:45:b5:a3:46:f1:
- 8b:bf:49:52:80:c6:30:fd:a3:4c:36:22:f0:b5:22:
- fe:05:0d:8f:8d:14:0b:67:3d:95:4f:56:d3:88:a6:
- a3:a7:56:52:86:ad:7b:a9:03:e8:39:50:18:7d:79:
- d0:9c:c7:24:4b:02:75:60:95:60:0f:92:a5:44:7a:
- 7c:6b:ec:77:29:ac:6f:a9:7f:7d:ee:06:9c:36:d5:
- 8c:fe:34:f5:c0:52:6c:4e:26:c9:4c:e6:17:02:41:
- 89:f7:5e:83:51:eb:2c:59:c1:e0:96:6d:7b:57:7f:
- f7:d6:df:59:59:5a:c2:23:5b:7c:f6:f9:41:ec:fa:
- 5a:6c:a7:41:2c:5e:c6:a1:50:3f:c2:4c:a9:ee:60:
- d1:10:af:e3:99:c3:2d:c5:dc:cd:ac:ee:8e:c6:92:
- 16:33
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- E5:15:40:45:95:37:CC:FA:F8:7F:B7:70:67:A8:23:62:31:B6:58:35
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- 1b:08:06:e9:01:65:f8:ff:f8:52:03:4c:f4:e3:da:41:7a:b1:
- e3:af:78:f3:ba:0d:7a:28:68:71:ef:fe:db:ef:8d:eb:c9:5f:
- 18:c2:0c:36:48:2e:b3:38:f1:21:09:d4:21:11:4a:21:4d:3b:
- 6c:c0:cb:2a:55:c9:59:5e:e9:03:e9:ca:af:c3:46:86:68:96:
- 3b:2a:1a:41:a9:d0:f1:f5:21:78:45:ab:70:d9:a5:7d:58:9d:
- 3b:cb:39:3a:d5:17:39:cb:9a:21:fa:b1:01:c2:4e:12:35:48:
- a2:d4:0f:06:d1:ca:37:98:3e:0b:51:a2:bf:34:ff:d1:28:86:
- 3d:34:1a:25:a8:5d:0d:08:03:d9:80:26:e7:9b:9a:31:a2:d0:
- b8:26:1f:b6:60:d8:50:8b:a2:aa:6b:61:94:9d:56:b9:6e:c4:
- 02:b7:45:91:6b:fb:45:ae:62:00:cd:54:37:07:82:10:1c:bf:
- 4c:73:ff:53:ff:f8:0f:67:43:9d:a7:27:1c:4b:51:01:27:cf:
- 0a:8d:8f:84:49:85:3c:c4:59:1e:23:9a:2f:2d:71:03:a3:b4:
- 3a:59:2d:6b:d5:ec:c0:0f:8b:95:79:b6:71:50:4a:e7:13:6e:
- 49:59:fc:4f:e7:df:8a:40:23:32:41:f4:28:54:4e:43:ef:16:
- 24:f2:f1:8d
------BEGIN CERTIFICATE-----
-MIIDUjCCAjqgAwIBAgIQc0RpM51w+C7Mr0RiqMTSMjANBgkqhkiG9w0BAQsFADAW
-MRQwEgYDVQQDDAtFYXN5LVJTQSBDQTAeFw0yMjAxMjcxNjUyMTdaFw0zMjAxMjUx
-NjUyMTdaMA8xDTALBgNVBAMMBHFxY3MwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQC5g4Aw2CFjxfGFrw0qr7bIUANubBxVKLKdWR1CC/lC6jjWPRsvnsLE
-kdgOVigDX6ipv2rXnyJ4uMv1ftrAu1a3JaGErxlwwyf8M4IBcXYlo2671qNxG0pI
-UT1qxjYoBYgBPGpFtaNG8Yu/SVKAxjD9o0w2IvC1Iv4FDY+NFAtnPZVPVtOIpqOn
-VlKGrXupA+g5UBh9edCcxyRLAnVglWAPkqVEenxr7HcprG+pf33uBpw21Yz+NPXA
-UmxOJslM5hcCQYn3XoNR6yxZweCWbXtXf/fW31lZWsIjW3z2+UHs+lpsp0EsXsah
-UD/CTKnuYNEQr+OZwy3F3M2s7o7GkhYzAgMBAAGjgaIwgZ8wCQYDVR0TBAIwADAd
-BgNVHQ4EFgQU5RVARZU3zPr4f7dwZ6gjYjG2WDUwUQYDVR0jBEowSIAUSUNbUvgx
-eLWEdHqNJ9MiH6nUwqWhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghR1zzE7
-pfY7l0pNuhTRWMqTy/F/pTATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMC
-B4AwDQYJKoZIhvcNAQELBQADggEBABsIBukBZfj/+FIDTPTj2kF6seOvePO6DXoo
-aHHv/tvvjevJXxjCDDZILrM48SEJ1CERSiFNO2zAyypVyVle6QPpyq/DRoZoljsq
-GkGp0PH1IXhFq3DZpX1YnTvLOTrVFznLmiH6sQHCThI1SKLUDwbRyjeYPgtRor80
-/9Eohj00GiWoXQ0IA9mAJuebmjGi0LgmH7Zg2FCLoqprYZSdVrluxAK3RZFr+0Wu
-YgDNVDcHghAcv0xz/1P/+A9nQ52nJxxLUQEnzwqNj4RJhTzEWR4jmi8tcQOjtDpZ
-LWvV7MAPi5V5tnFQSucTbklZ/E/n34pAIzJB9ChUTkPvFiTy8Y0=
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 7f:02:84:bd:04:07:a8:de:a7:7a:76:16:b2:25:d0:8e
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:54:58 2022 GMT
- Not After : Jan 25 16:54:58 2032 GMT
- Subject: CN=kvajda
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:d1:7a:06:e5:cf:eb:9b:3f:97:77:e5:31:89:cf:
- 0a:4d:63:b4:7d:df:31:04:83:62:eb:5c:b9:75:35:
- d2:b1:9b:60:63:36:3a:70:3e:e1:5f:f4:22:0b:7c:
- 32:ed:c7:bb:64:44:4a:5a:9b:a6:3a:5b:b5:a5:f8:
- a0:c3:bb:c4:a4:10:5a:99:b1:0c:d1:05:ae:08:25:
- 15:dd:af:b6:2e:cf:96:eb:35:25:d7:73:e3:a8:d4:
- eb:fc:a9:5e:37:71:35:aa:1a:58:4d:57:df:a7:8c:
- 27:0b:76:28:98:0b:17:98:74:25:3c:54:21:52:5e:
- 38:ce:e2:7f:fd:50:17:43:3c:fc:4c:b9:6b:28:53:
- 59:89:e2:b9:f8:ec:b6:1e:14:b4:f6:8a:51:3e:d2:
- 1b:04:77:8f:a3:7d:57:f2:14:0b:7c:e5:70:ca:1a:
- 57:7c:e1:b2:1a:5e:ad:fc:af:c9:dd:d4:81:4c:19:
- 2c:bd:b6:c3:5b:fa:3d:f9:2d:ad:06:be:49:84:01:
- f6:44:ca:a3:bb:2a:23:4c:b2:ea:d8:67:36:22:ca:
- c6:c6:19:df:b1:fa:31:1b:c4:40:dc:4e:c7:0a:66:
- 22:5c:25:36:2d:5b:22:23:f6:5d:bd:c9:b3:95:ef:
- c0:82:a2:d9:d8:eb:d2:05:4d:e5:31:1f:8a:0c:05:
- 0d:bd
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 5C:FF:92:2D:39:79:AC:9A:F5:F2:B6:9D:63:81:87:78:07:94:0F:04
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- a8:5b:2c:2d:3a:6a:d1:9d:1a:44:b3:ef:14:fd:63:2b:fd:72:
- 79:4e:3a:30:ff:1b:91:82:fc:7f:c8:bf:45:05:74:ed:e9:94:
- d4:73:4d:66:f7:82:b7:7e:b2:e3:41:fc:f8:b6:2c:c2:a0:64:
- af:e3:05:65:80:51:5e:6a:cb:c6:2d:33:84:d0:bc:ba:40:c5:
- c7:0e:2d:05:16:b5:81:7a:de:6a:d6:13:aa:b2:58:5d:18:72:
- 1a:98:9f:be:2b:00:67:70:7a:82:1c:9b:6f:38:5a:7a:60:ee:
- d5:1a:fd:8f:8f:d2:55:87:bc:b9:bc:e0:c0:bf:d6:ec:09:70:
- a2:2a:50:6e:de:41:75:99:bd:c9:5e:8c:5e:52:09:3b:3d:1c:
- e0:c7:05:ec:65:64:7f:e4:57:98:0d:2e:c7:79:5f:6f:9b:f4:
- b0:bb:cc:58:f0:dd:c4:c0:04:a6:a3:8f:ae:1d:74:c3:04:73:
- 56:5e:e4:4b:2b:ef:87:d9:c6:84:1d:bd:a7:17:63:8d:8a:31:
- 99:6e:d7:e9:15:56:b1:00:b7:5f:49:c9:44:71:f2:6d:14:b5:
- 06:b9:7a:7f:e5:8d:fb:8e:a3:f1:f4:52:c7:72:3b:6c:f4:50:
- d1:c8:c5:26:4a:40:6b:16:08:7e:ab:c9:8c:54:3c:94:57:5e:
- 3e:52:84:f7
------BEGIN CERTIFICATE-----
-MIIDVDCCAjygAwIBAgIQfwKEvQQHqN6nenYWsiXQjjANBgkqhkiG9w0BAQsFADAW
-MRQwEgYDVQQDDAtFYXN5LVJTQSBDQTAeFw0yMjAxMjcxNjU0NThaFw0zMjAxMjUx
-NjU0NThaMBExDzANBgNVBAMMBmt2YWpkYTCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBANF6BuXP65s/l3flMYnPCk1jtH3fMQSDYutcuXU10rGbYGM2OnA+
-4V/0Igt8Mu3Hu2RESlqbpjpbtaX4oMO7xKQQWpmxDNEFrgglFd2vti7Plus1Jddz
-46jU6/ypXjdxNaoaWE1X36eMJwt2KJgLF5h0JTxUIVJeOM7if/1QF0M8/Ey5ayhT
-WYniufjsth4UtPaKUT7SGwR3j6N9V/IUC3zlcMoaV3zhshperfyvyd3UgUwZLL22
-w1v6PfktrQa+SYQB9kTKo7sqI0yy6thnNiLKxsYZ37H6MRvEQNxOxwpmIlwlNi1b
-IiP2Xb3Js5XvwIKi2djr0gVN5TEfigwFDb0CAwEAAaOBojCBnzAJBgNVHRMEAjAA
-MB0GA1UdDgQWBBRc/5ItOXmsmvXytp1jgYd4B5QPBDBRBgNVHSMESjBIgBRJQ1tS
-+DF4tYR0eo0n0yIfqdTCpaEapBgwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0GCFHXP
-MTul9juXSk26FNFYypPL8X+lMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQE
-AwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAqFssLTpq0Z0aRLPvFP1jK/1yeU46MP8b
-kYL8f8i/RQV07emU1HNNZveCt36y40H8+LYswqBkr+MFZYBRXmrLxi0zhNC8ukDF
-xw4tBRa1gXreatYTqrJYXRhyGpifvisAZ3B6ghybbzhaemDu1Rr9j4/SVYe8ubzg
-wL/W7AlwoipQbt5BdZm9yV6MXlIJOz0c4McF7GVkf+RXmA0ux3lfb5v0sLvMWPDd
-xMAEpqOPrh10wwRzVl7kSyvvh9nGhB29pxdjjYoxmW7X6RVWsQC3X0nJRHHybRS1
-Brl6f+WN+46j8fRSx3I7bPRQ0cjFJkpAaxYIfqvJjFQ8lFdePlKE9w==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 98:28:a1:64:04:42:5a:3f:9f:42:0b:d6:47:20:1b:be
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:53:32 2022 GMT
- Not After : Jan 25 16:53:32 2032 GMT
- Subject: CN=cslevai
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:d1:ac:70:e4:89:88:d8:df:db:ce:fe:1e:85:79:
- 12:be:c3:fe:78:5d:90:21:37:4c:8b:f7:83:21:8b:
- af:e0:17:83:20:b9:34:f7:f4:ac:ac:c3:6b:6f:94:
- 60:b1:c3:82:98:55:4a:19:61:89:3a:60:75:8c:99:
- 86:55:07:e0:b5:ee:6a:62:41:29:39:e4:c0:d3:14:
- 22:78:1e:4c:02:ff:9a:36:3c:d5:17:a2:28:d8:68:
- 9c:cd:cc:cc:32:0d:ac:b5:c4:c3:b4:ce:c1:d7:50:
- ad:65:44:56:3f:d6:9a:1e:12:4c:18:d9:f7:c4:d9:
- d0:eb:5f:ee:d4:b8:1c:64:40:cb:cf:62:72:38:33:
- ab:d7:c5:bc:84:af:5e:5d:d2:df:51:0e:62:48:b5:
- 71:e8:74:c2:de:1c:59:fb:ad:ae:f9:9e:9a:7b:73:
- c7:ad:1a:43:9d:92:03:40:5c:b0:89:0a:79:e7:7a:
- a4:a9:fe:d2:a2:37:fb:30:b9:84:8b:af:4d:ae:d1:
- 68:36:dc:df:9c:f3:e9:84:b3:dc:41:97:cb:34:ea:
- 18:97:9f:d8:60:86:e2:8f:f1:9e:6b:6d:69:fe:78:
- 87:f9:5b:f5:4d:bf:5d:7e:29:c3:73:68:1d:9a:03:
- 5c:f7:34:fd:89:d9:70:59:e6:df:e3:64:55:21:a9:
- 23:d1
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 78:8A:3B:63:8C:10:54:23:2A:F6:61:5B:4E:8D:23:85:01:A5:3A:B8
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- 5f:0c:9b:ec:2f:d1:0f:96:91:e2:9c:3b:55:27:f0:56:5d:7c:
- 85:0c:8b:d3:03:d5:40:86:0e:9b:0b:d1:ce:f5:e6:ab:7a:ec:
- 18:17:e0:0f:56:03:c6:29:20:35:4a:bc:43:01:0b:c0:6e:77:
- 5d:33:c8:57:11:75:c3:d6:e4:fa:70:42:9c:0f:cd:33:75:ce:
- 68:3e:8b:2c:c1:19:07:5f:ab:00:8d:cc:b5:7e:bf:6d:ec:01:
- db:6a:5e:56:dd:2e:95:13:bb:4c:8e:ed:06:3e:50:c9:48:ad:
- 87:7d:1b:0b:54:b2:cb:70:cf:c3:15:19:fc:cf:57:05:3c:c8:
- e3:34:9f:e7:d1:57:65:5d:07:08:82:3e:2e:00:dc:02:ab:4a:
- ab:9d:f3:e1:37:c7:17:83:71:e0:c2:92:a8:5a:45:46:83:a2:
- 8b:c8:f4:41:cb:17:fb:dd:cd:ea:40:02:63:3d:a5:79:8c:f4:
- ea:3b:4c:d1:2c:1b:82:f1:ff:6a:d4:e4:dc:8c:b1:ff:8a:72:
- 00:f0:53:a1:c8:98:45:ac:22:7a:35:40:b8:fe:13:8a:9c:d1:
- b9:d6:74:31:08:30:db:03:a9:75:6c:75:48:96:ad:02:ce:a3:
- 22:2a:a9:a8:63:c9:7f:0b:25:0d:91:6c:3a:72:56:11:22:4c:
- 37:5f:3d:f9
------BEGIN CERTIFICATE-----
-MIIDVjCCAj6gAwIBAgIRAJgooWQEQlo/n0IL1kcgG74wDQYJKoZIhvcNAQELBQAw
-FjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjIwMTI3MTY1MzMyWhcNMzIwMTI1
-MTY1MzMyWjASMRAwDgYDVQQDDAdjc2xldmFpMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEA0axw5ImI2N/bzv4ehXkSvsP+eF2QITdMi/eDIYuv4BeDILk0
-9/SsrMNrb5RgscOCmFVKGWGJOmB1jJmGVQfgte5qYkEpOeTA0xQieB5MAv+aNjzV
-F6Io2GiczczMMg2stcTDtM7B11CtZURWP9aaHhJMGNn3xNnQ61/u1LgcZEDLz2Jy
-ODOr18W8hK9eXdLfUQ5iSLVx6HTC3hxZ+62u+Z6ae3PHrRpDnZIDQFywiQp553qk
-qf7Sojf7MLmEi69NrtFoNtzfnPPphLPcQZfLNOoYl5/YYIbij/Gea21p/niH+Vv1
-Tb9dfinDc2gdmgNc9zT9idlwWebf42RVIakj0QIDAQABo4GiMIGfMAkGA1UdEwQC
-MAAwHQYDVR0OBBYEFHiKO2OMEFQjKvZhW06NI4UBpTq4MFEGA1UdIwRKMEiAFElD
-W1L4MXi1hHR6jSfTIh+p1MKloRqkGDAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQYIU
-dc8xO6X2O5dKTboU0VjKk8vxf6UwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0P
-BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQBfDJvsL9EPlpHinDtVJ/BWXXyFDIvT
-A9VAhg6bC9HO9eareuwYF+APVgPGKSA1SrxDAQvAbnddM8hXEXXD1uT6cEKcD80z
-dc5oPosswRkHX6sAjcy1fr9t7AHbal5W3S6VE7tMju0GPlDJSK2HfRsLVLLLcM/D
-FRn8z1cFPMjjNJ/n0VdlXQcIgj4uANwCq0qrnfPhN8cXg3HgwpKoWkVGg6KLyPRB
-yxf73c3qQAJjPaV5jPTqO0zRLBuC8f9q1OTcjLH/inIA8FOhyJhFrCJ6NUC4/hOK
-nNG51nQxCDDbA6l1bHVIlq0CzqMiKqmoY8l/CyUNkWw6clYRIkw3Xz35
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- ac:ba:23:20:4b:73:6c:f4:35:3c:08:0b:12:1b:ff:49
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:53:47 2022 GMT
- Not After : Jan 25 16:53:47 2032 GMT
- Subject: CN=dhorvath
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:c6:f8:1a:ee:a6:a6:42:b8:ae:3f:fc:45:c6:86:
- 81:17:81:74:f1:e2:eb:14:a6:22:5e:3a:44:33:0c:
- d9:a4:2b:64:62:f5:77:61:c1:97:56:42:ee:89:d0:
- 6d:61:a7:a1:59:65:7d:83:0e:97:7e:63:b4:ab:f7:
- 95:fd:18:c1:0b:2d:c3:de:66:7a:9a:75:cd:ef:1f:
- 0e:56:b5:c3:c8:45:78:68:f0:51:a1:30:75:9f:3e:
- b0:31:02:a7:d8:73:b5:eb:1c:6c:93:6a:c0:bb:3f:
- f7:ad:27:76:0e:86:55:f8:23:e5:d3:70:6e:23:9f:
- dc:94:f0:50:40:98:a9:8a:07:c7:e3:cb:e9:23:ca:
- 91:4d:01:49:db:8d:1a:ca:4c:f6:52:5b:b6:02:15:
- 69:b3:20:6a:33:c0:61:52:bc:d5:1d:ac:f4:6a:8e:
- cc:a9:fb:36:8f:8b:21:db:91:f8:3a:11:d4:cd:c7:
- d6:c7:cd:41:17:cd:91:49:0b:40:21:8d:13:a2:ee:
- fa:59:d3:60:55:f8:8e:bb:6b:2b:0e:f7:af:61:a7:
- 6b:88:c1:03:4d:73:4d:e3:c0:e2:17:b1:2c:9d:78:
- 78:1c:9e:e9:f8:0c:2c:64:68:b4:c1:4a:43:47:f4:
- 87:91:06:f9:00:fd:76:00:41:09:58:b5:a2:b8:af:
- b7:05
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- CF:44:3C:7F:23:15:9C:76:59:D3:47:32:F3:05:35:6E:23:A0:3B:C7
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- 41:c4:86:a3:f5:3b:0d:5e:b2:78:78:b1:18:80:65:4d:02:06:
- ba:f5:3b:49:5d:09:13:a9:7d:e2:6e:f2:a3:ea:e0:27:78:8c:
- 41:63:85:f5:8b:11:86:89:f4:83:d4:2a:91:22:26:b9:68:11:
- 3a:2a:74:df:3c:ea:d5:3b:bc:e9:d8:c6:1b:01:6d:3d:db:43:
- bb:eb:6b:76:2c:fe:d9:ec:d1:d6:3d:c1:f2:59:27:29:17:cc:
- 6a:be:da:b3:cd:c7:6f:b6:5d:1e:49:a5:4b:d5:c0:87:fc:7a:
- a6:40:67:e4:1e:5b:93:01:51:be:f9:33:7e:cb:29:4a:4f:55:
- 52:09:66:f1:b9:b3:98:99:59:f8:24:50:09:80:51:21:76:47:
- 93:c1:f7:c2:83:32:9c:a8:da:63:1b:cf:85:3a:99:9d:43:22:
- af:76:94:b0:50:18:7c:bf:c4:16:55:09:79:90:2c:41:ee:84:
- ac:b5:f1:26:d7:b3:23:38:95:28:e0:66:3e:ae:11:61:72:cf:
- a2:e7:c4:58:d9:14:52:a7:da:0a:6b:2b:94:7e:b5:66:57:8e:
- 54:40:df:57:09:5e:61:7f:7e:dd:71:fa:a7:23:06:18:c1:2d:
- ff:8d:90:f2:b0:8d:5a:0a:7e:ae:64:d3:bb:ae:48:29:24:ea:
- 39:9f:cf:0d
------BEGIN CERTIFICATE-----
-MIIDVzCCAj+gAwIBAgIRAKy6IyBLc2z0NTwICxIb/0kwDQYJKoZIhvcNAQELBQAw
-FjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjIwMTI3MTY1MzQ3WhcNMzIwMTI1
-MTY1MzQ3WjATMREwDwYDVQQDDAhkaG9ydmF0aDCCASIwDQYJKoZIhvcNAQEBBQAD
-ggEPADCCAQoCggEBAMb4Gu6mpkK4rj/8RcaGgReBdPHi6xSmIl46RDMM2aQrZGL1
-d2HBl1ZC7onQbWGnoVllfYMOl35jtKv3lf0YwQstw95mepp1ze8fDla1w8hFeGjw
-UaEwdZ8+sDECp9hztescbJNqwLs/960ndg6GVfgj5dNwbiOf3JTwUECYqYoHx+PL
-6SPKkU0BSduNGspM9lJbtgIVabMgajPAYVK81R2s9GqOzKn7No+LIduR+DoR1M3H
-1sfNQRfNkUkLQCGNE6Lu+lnTYFX4jrtrKw73r2Gna4jBA01zTePA4hexLJ14eBye
-6fgMLGRotMFKQ0f0h5EG+QD9dgBBCVi1orivtwUCAwEAAaOBojCBnzAJBgNVHRME
-AjAAMB0GA1UdDgQWBBTPRDx/IxWcdlnTRzLzBTVuI6A7xzBRBgNVHSMESjBIgBRJ
-Q1tS+DF4tYR0eo0n0yIfqdTCpaEapBgwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0GC
-FHXPMTul9juXSk26FNFYypPL8X+lMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1Ud
-DwQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAQcSGo/U7DV6yeHixGIBlTQIGuvU7
-SV0JE6l94m7yo+rgJ3iMQWOF9YsRhon0g9QqkSImuWgROip03zzq1Tu86djGGwFt
-PdtDu+trdiz+2ezR1j3B8lknKRfMar7as83Hb7ZdHkmlS9XAh/x6pkBn5B5bkwFR
-vvkzfsspSk9VUglm8bmzmJlZ+CRQCYBRIXZHk8H3woMynKjaYxvPhTqZnUMir3aU
-sFAYfL/EFlUJeZAsQe6ErLXxJtezIziVKOBmPq4RYXLPoufEWNkUUqfaCmsrlH61
-ZleOVEDfVwleYX9+3XH6pyMGGMEt/42Q8rCNWgp+rmTTu65IKSTqOZ/PDQ==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- b7:e4:9a:ec:69:ad:ac:37:db:3d:e7:3a:72:68:05:aa
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:52:59 2022 GMT
- Not After : Jan 25 16:52:59 2032 GMT
- Subject: CN=akosztolanyi
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:cd:02:9c:1d:2c:a3:f2:9f:dc:ed:e2:44:32:e2:
- 0f:02:2e:47:45:a2:a5:22:31:5a:8e:c8:68:c6:df:
- 63:6b:25:32:62:ee:db:16:97:dd:60:21:61:a9:cb:
- 77:6c:99:45:d1:5a:bf:b5:4c:0e:30:a6:33:ae:12:
- 37:66:38:ec:5c:e5:b9:7c:4f:0e:14:b0:1a:c1:a8:
- 50:e3:56:01:ce:68:0d:63:d4:9a:1b:33:95:f0:d5:
- 38:7a:0d:d5:b3:a7:73:2f:a3:ed:54:bb:4e:40:0a:
- 09:0b:ed:73:38:e0:bd:65:36:2e:92:29:b9:59:e1:
- 3b:e6:bf:74:6b:8d:2a:f7:61:31:ba:10:04:98:d3:
- b5:73:b7:74:bc:06:d7:c0:7c:33:4b:18:d7:5a:ea:
- bf:87:7d:95:3e:ba:d9:5a:ad:c7:40:8e:6f:5b:90:
- 38:91:54:f2:b8:30:71:b3:ad:d4:2f:c8:19:66:83:
- 99:28:ba:7e:2f:00:c2:df:cc:e6:88:08:e4:ef:c2:
- e3:e5:47:8b:6d:2d:70:b4:71:de:33:c5:47:9e:e6:
- 2e:f7:7d:de:81:6f:ad:a4:00:44:b5:78:4f:3d:43:
- 43:ef:5d:5a:0b:56:be:ab:da:22:2d:80:f1:99:fe:
- 13:d7:a2:8e:4a:fb:31:1f:8e:27:fd:40:79:e1:73:
- f3:d7
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- AB:71:5B:8D:67:12:A3:DB:00:A1:63:AA:37:72:C3:EC:6A:82:CC:FB
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- 3c:b1:50:93:48:68:cc:42:76:ba:3e:f4:c7:38:95:40:18:23:
- 17:6b:0e:2b:f9:13:25:d3:5e:49:e5:51:38:6c:66:da:c4:c1:
- df:9f:71:96:65:6c:53:1d:bf:af:98:05:d5:4d:c2:cf:f3:6d:
- cc:92:7c:79:c6:cc:47:5b:8a:9e:95:f5:fa:02:9d:69:73:b7:
- 75:93:6f:18:f2:b8:15:97:08:a6:fa:c8:a9:e9:6d:44:bf:cb:
- 77:73:b4:6a:02:55:c0:fb:3e:f0:e1:a3:a7:35:90:d1:91:79:
- f1:3d:0f:b7:c9:2c:0a:de:c7:23:c2:10:b6:2c:d2:8a:a7:bf:
- 11:ea:64:cb:93:99:c3:f6:0c:3f:57:a2:65:27:7e:ce:d2:f7:
- 85:e2:ec:66:56:b4:a1:d6:5f:4b:56:6f:fb:93:1b:77:80:7a:
- f4:c4:9d:59:71:09:d3:08:ba:75:0a:57:ce:c6:a0:08:e9:cd:
- 94:0d:39:51:3b:e1:a1:a8:97:a9:26:4c:4d:fe:a6:e2:86:11:
- 1c:2a:34:4d:ab:89:b2:ea:35:39:57:90:65:74:f8:89:75:53:
- 0b:50:74:64:26:52:39:8b:b4:b7:6c:3a:a5:2d:59:68:fa:80:
- ef:93:79:92:fe:88:ea:80:b8:bc:d0:79:c6:1f:a6:6d:01:5b:
- 58:1d:30:0e
------BEGIN CERTIFICATE-----
-MIIDWzCCAkOgAwIBAgIRALfkmuxpraw32z3nOnJoBaowDQYJKoZIhvcNAQELBQAw
-FjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjIwMTI3MTY1MjU5WhcNMzIwMTI1
-MTY1MjU5WjAXMRUwEwYDVQQDDAxha29zenRvbGFueWkwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQDNApwdLKPyn9zt4kQy4g8CLkdFoqUiMVqOyGjG32Nr
-JTJi7tsWl91gIWGpy3dsmUXRWr+1TA4wpjOuEjdmOOxc5bl8Tw4UsBrBqFDjVgHO
-aA1j1JobM5Xw1Th6DdWzp3Mvo+1Uu05ACgkL7XM44L1lNi6SKblZ4Tvmv3RrjSr3
-YTG6EASY07Vzt3S8BtfAfDNLGNda6r+HfZU+utlarcdAjm9bkDiRVPK4MHGzrdQv
-yBlmg5koun4vAMLfzOaICOTvwuPlR4ttLXC0cd4zxUee5i73fd6Bb62kAES1eE89
-Q0PvXVoLVr6r2iItgPGZ/hPXoo5K+zEfjif9QHnhc/PXAgMBAAGjgaIwgZ8wCQYD
-VR0TBAIwADAdBgNVHQ4EFgQUq3FbjWcSo9sAoWOqN3LD7GqCzPswUQYDVR0jBEow
-SIAUSUNbUvgxeLWEdHqNJ9MiH6nUwqWhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNB
-IENBghR1zzE7pfY7l0pNuhTRWMqTy/F/pTATBgNVHSUEDDAKBggrBgEFBQcDAjAL
-BgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBADyxUJNIaMxCdro+9Mc4lUAY
-IxdrDiv5EyXTXknlUThsZtrEwd+fcZZlbFMdv6+YBdVNws/zbcySfHnGzEdbip6V
-9foCnWlzt3WTbxjyuBWXCKb6yKnpbUS/y3dztGoCVcD7PvDho6c1kNGRefE9D7fJ
-LArexyPCELYs0oqnvxHqZMuTmcP2DD9XomUnfs7S94Xi7GZWtKHWX0tWb/uTG3eA
-evTEnVlxCdMIunUKV87GoAjpzZQNOVE74aGol6kmTE3+puKGERwqNE2ribLqNTlX
-kGV0+Il1UwtQdGQmUjmLtLdsOqUtWWj6gO+TeZL+iOqAuLzQecYfpm0BW1gdMA4=
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- c2:28:3c:ff:fa:8e:dc:f7:39:52:42:b1:f3:82:40:74
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:56:00 2022 GMT
- Not After : Jan 25 16:56:00 2032 GMT
- Subject: CN=rrendek
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:f3:4f:9c:e7:ba:7f:36:4f:1d:ac:7a:c7:d0:6c:
- 59:f4:c2:e8:07:a3:d2:f1:ba:7b:e7:75:96:91:47:
- 02:ac:53:d5:40:1b:43:25:ad:b9:15:b5:e5:b0:c0:
- 90:42:74:47:a5:92:b0:f5:1c:fb:02:a9:0e:bd:9d:
- b2:6d:85:95:2a:2b:95:51:9b:4e:14:22:45:bc:ab:
- 23:df:76:e3:1a:f6:b7:27:a2:f0:e5:49:88:04:dc:
- cb:7d:a0:4e:2b:8d:56:97:59:e9:4e:dc:f7:9f:41:
- 2e:16:ef:75:59:db:e9:9c:59:3e:e5:3f:05:a7:aa:
- 0d:01:bc:db:f8:03:e1:b1:d6:4b:70:18:1b:5e:10:
- 05:a6:28:99:59:e5:a5:38:17:a9:92:95:ba:74:84:
- cf:20:d4:e4:e4:26:4f:82:6d:3b:aa:51:d4:2e:4e:
- c8:99:63:3a:bb:dd:ee:5d:e9:1c:ab:4b:54:a3:df:
- 48:54:c0:7e:20:85:a1:4f:0a:93:3e:94:90:90:92:
- f3:dc:73:94:16:3d:99:6e:57:82:98:87:8c:f8:15:
- 0c:1e:35:6f:48:47:ed:15:3f:e4:06:98:04:f1:af:
- 27:3d:af:25:10:aa:46:79:4e:00:ce:d4:bf:70:1f:
- 2f:60:4b:a1:77:be:68:ff:36:4a:5f:60:ff:2e:cf:
- ef:d5
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 20:87:C3:77:30:AC:3B:C2:8A:77:02:A3:86:B8:C0:A4:44:7D:33:FD
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- 10:48:0c:b5:7b:c8:7f:51:e4:53:31:e9:c0:88:8a:da:55:2e:
- e2:3b:ee:5f:20:bf:b1:ce:c8:0b:90:f5:d3:99:cf:b0:96:8b:
- 63:9b:0a:ba:9b:2f:7b:d0:27:29:8b:67:b7:b2:85:d4:e6:26:
- 6a:06:9f:27:f5:c0:a1:d9:35:39:51:89:82:18:b7:d4:25:72:
- d5:a1:5f:56:65:37:15:e9:f6:8a:6f:03:6d:59:b7:8c:17:44:
- f9:09:c3:71:3f:5d:e0:25:99:22:c4:32:41:a0:8b:93:02:47:
- 14:ff:eb:df:1b:0b:d8:7e:ea:d8:d9:40:33:c6:ca:b2:f2:c6:
- 53:89:90:b1:4a:5a:68:44:a1:18:df:af:1b:fc:b7:b7:04:20:
- 36:61:e0:44:0d:9f:95:ed:f7:59:d7:a6:22:5a:0f:82:bf:5a:
- aa:5a:fd:3c:77:0e:82:e6:ac:f3:b8:5d:26:62:55:66:06:3d:
- cc:0a:22:09:dd:18:ec:98:eb:e9:f2:c5:43:85:f9:d8:43:82:
- a8:ed:0e:19:0d:43:95:d9:ee:17:93:b4:ad:da:2a:b3:10:cf:
- 52:74:50:2b:3d:8a:06:bd:31:52:38:07:85:dd:ca:9b:cb:97:
- fb:ad:e6:a0:78:23:93:5c:22:5d:b9:d1:0f:55:32:07:d7:df:
- c0:db:e5:05
------BEGIN CERTIFICATE-----
-MIIDVjCCAj6gAwIBAgIRAMIoPP/6jtz3OVJCsfOCQHQwDQYJKoZIhvcNAQELBQAw
-FjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjIwMTI3MTY1NjAwWhcNMzIwMTI1
-MTY1NjAwWjASMRAwDgYDVQQDDAdycmVuZGVrMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEA80+c57p/Nk8drHrH0GxZ9MLoB6PS8bp753WWkUcCrFPVQBtD
-Ja25FbXlsMCQQnRHpZKw9Rz7AqkOvZ2ybYWVKiuVUZtOFCJFvKsj33bjGva3J6Lw
-5UmIBNzLfaBOK41Wl1npTtz3n0EuFu91WdvpnFk+5T8Fp6oNAbzb+APhsdZLcBgb
-XhAFpiiZWeWlOBepkpW6dITPINTk5CZPgm07qlHULk7ImWM6u93uXekcq0tUo99I
-VMB+IIWhTwqTPpSQkJLz3HOUFj2ZbleCmIeM+BUMHjVvSEftFT/kBpgE8a8nPa8l
-EKpGeU4AztS/cB8vYEuhd75o/zZKX2D/Ls/v1QIDAQABo4GiMIGfMAkGA1UdEwQC
-MAAwHQYDVR0OBBYEFCCHw3cwrDvCincCo4a4wKREfTP9MFEGA1UdIwRKMEiAFElD
-W1L4MXi1hHR6jSfTIh+p1MKloRqkGDAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQYIU
-dc8xO6X2O5dKTboU0VjKk8vxf6UwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0P
-BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQAQSAy1e8h/UeRTMenAiIraVS7iO+5f
-IL+xzsgLkPXTmc+wlotjmwq6my970Ccpi2e3soXU5iZqBp8n9cCh2TU5UYmCGLfU
-JXLVoV9WZTcV6faKbwNtWbeMF0T5CcNxP13gJZkixDJBoIuTAkcU/+vfGwvYfurY
-2UAzxsqy8sZTiZCxSlpoRKEY368b/Le3BCA2YeBEDZ+V7fdZ16YiWg+Cv1qqWv08
-dw6C5qzzuF0mYlVmBj3MCiIJ3RjsmOvp8sVDhfnYQ4Ko7Q4ZDUOV2e4Xk7St2iqz
-EM9SdFArPYoGvTFSOAeF3cqby5f7reageCOTXCJdudEPVTIH19/A2+UF
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- c3:0f:84:cf:71:19:04:e9:f7:bc:b1:ad:5d:99:6b:80
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:55:11 2022 GMT
- Not After : Jan 25 16:55:11 2032 GMT
- Subject: CN=mszabo
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:b7:e3:57:e4:6d:41:2f:71:88:38:35:5c:fb:54:
- 6d:75:dc:d4:fc:38:95:81:ed:98:13:6a:1b:aa:db:
- 41:fb:2d:8b:ff:1d:49:9c:08:9e:b5:4a:a0:7c:48:
- 96:87:1d:8d:ea:df:85:ad:5a:23:a0:7c:9a:ec:97:
- 9c:73:20:06:2b:02:06:67:2b:86:fb:94:7f:e8:ff:
- 3e:e2:3c:f4:3d:13:40:f2:6d:3c:15:5d:72:a2:7d:
- b0:c2:0a:17:a2:a3:83:66:52:e9:0a:04:b2:f1:b7:
- 1d:86:93:f9:11:82:bd:26:5a:b5:39:9d:61:d2:34:
- 78:25:24:c6:fd:e7:c8:3b:c8:bb:8d:98:fa:cf:5f:
- b8:e4:a8:93:2d:68:70:51:b9:2c:d0:7c:31:94:4a:
- 00:b9:2d:d4:29:2a:b2:18:54:27:77:2f:e0:3c:a7:
- f4:0a:16:c7:9c:a9:a0:b1:ba:54:43:a2:52:14:58:
- 71:74:63:f6:9b:e6:5e:89:09:8c:a5:1c:ae:41:82:
- 01:8d:2c:94:ad:a1:c0:47:c7:1a:8b:79:06:c6:3e:
- 66:9b:d9:37:64:70:7b:d6:c3:f1:02:81:9f:4c:42:
- 5d:da:c0:95:ca:96:e4:7f:41:75:72:f3:35:eb:e2:
- a1:97:78:3d:07:6d:90:27:d0:41:b1:74:1a:ee:1d:
- 0c:7f
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 54:03:3E:8D:18:23:6D:03:63:E7:22:D6:12:21:9B:0A:0B:24:47:19
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- 6b:11:da:f5:70:9e:8f:07:ec:18:40:e5:2e:65:9c:10:36:55:
- 83:13:8e:3e:5e:82:8a:3d:db:6b:ac:fc:6f:ea:8d:9d:97:27:
- 47:a6:b1:d4:b7:4d:f5:b6:36:dc:62:7d:66:be:f1:ab:24:29:
- f2:b2:89:83:49:e4:de:40:00:74:ca:e8:7e:92:2a:3c:65:e0:
- 6d:ac:5a:5c:76:31:27:2d:57:82:8e:e4:cb:ee:8b:a1:db:a2:
- f8:e1:12:25:93:d1:79:1f:82:93:2b:d8:83:37:07:6b:b5:bc:
- 48:4f:bf:36:23:ea:04:23:0f:81:87:3a:d7:e5:51:75:ce:7e:
- e4:fd:76:ee:ff:df:31:4b:2f:28:9e:9e:28:c1:2a:01:ab:66:
- a3:b8:95:17:70:1f:2f:7b:06:da:ca:73:81:e3:a5:5b:1a:74:
- 4c:8d:93:df:3e:56:ef:f7:16:0c:8b:78:5c:69:35:af:9a:64:
- df:bc:12:ac:c8:77:48:94:4f:b8:28:5f:86:dd:ff:4c:b8:8e:
- 0c:64:5b:9b:ce:24:5e:02:53:6a:78:f3:41:a2:86:7b:07:43:
- 64:92:2c:fa:77:18:f0:31:58:05:e4:76:2a:60:cf:71:6b:2b:
- c9:71:d4:e2:48:00:0b:d9:59:1a:3c:dd:bf:55:54:ea:79:fd:
- 44:37:79:b8
------BEGIN CERTIFICATE-----
-MIIDVTCCAj2gAwIBAgIRAMMPhM9xGQTp97yxrV2Za4AwDQYJKoZIhvcNAQELBQAw
-FjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjIwMTI3MTY1NTExWhcNMzIwMTI1
-MTY1NTExWjARMQ8wDQYDVQQDDAZtc3phYm8wggEiMA0GCSqGSIb3DQEBAQUAA4IB
-DwAwggEKAoIBAQC341fkbUEvcYg4NVz7VG113NT8OJWB7ZgTahuq20H7LYv/HUmc
-CJ61SqB8SJaHHY3q34WtWiOgfJrsl5xzIAYrAgZnK4b7lH/o/z7iPPQ9E0DybTwV
-XXKifbDCCheio4NmUukKBLLxtx2Gk/kRgr0mWrU5nWHSNHglJMb958g7yLuNmPrP
-X7jkqJMtaHBRuSzQfDGUSgC5LdQpKrIYVCd3L+A8p/QKFsecqaCxulRDolIUWHF0
-Y/ab5l6JCYylHK5BggGNLJStocBHxxqLeQbGPmab2TdkcHvWw/ECgZ9MQl3awJXK
-luR/QXVy8zXr4qGXeD0HbZAn0EGxdBruHQx/AgMBAAGjgaIwgZ8wCQYDVR0TBAIw
-ADAdBgNVHQ4EFgQUVAM+jRgjbQNj5yLWEiGbCgskRxkwUQYDVR0jBEowSIAUSUNb
-UvgxeLWEdHqNJ9MiH6nUwqWhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghR1
-zzE7pfY7l0pNuhTRWMqTy/F/pTATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8E
-BAMCB4AwDQYJKoZIhvcNAQELBQADggEBAGsR2vVwno8H7BhA5S5lnBA2VYMTjj5e
-goo922us/G/qjZ2XJ0emsdS3TfW2NtxifWa+8askKfKyiYNJ5N5AAHTK6H6SKjxl
-4G2sWlx2MSctV4KO5Mvui6HbovjhEiWT0XkfgpMr2IM3B2u1vEhPvzYj6gQjD4GH
-OtflUXXOfuT9du7/3zFLLyienijBKgGrZqO4lRdwHy97BtrKc4HjpVsadEyNk98+
-Vu/3FgyLeFxpNa+aZN+8EqzId0iUT7goX4bd/0y4jgxkW5vOJF4CU2p480GihnsH
-Q2SSLPp3GPAxWAXkdipgz3FrK8lx1OJIAAvZWRo83b9VVOp5/UQ3ebg=
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- cc:ff:e2:58:83:b8:5d:b6:9b:12:89:cf:9a:aa:2f:d4
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:53:22 2022 GMT
- Not After : Jan 25 16:53:22 2032 GMT
- Subject: CN=csgulyas
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:c6:73:39:5f:81:fd:b4:0c:84:c8:23:e0:44:80:
- f5:9f:c1:cd:0f:f8:b8:4b:dd:c9:b0:8a:74:b4:23:
- 37:34:c9:d9:82:95:d9:f0:a1:9e:54:3a:c4:33:19:
- cd:71:96:ee:55:f2:10:67:34:de:dc:0a:b2:21:04:
- d9:d7:5b:15:29:7f:08:54:da:0c:b5:ec:39:b8:78:
- 92:03:07:1d:36:3d:ca:54:75:e9:67:fe:bb:b8:d2:
- 30:72:6a:e7:5c:39:1f:93:bb:b4:62:40:6c:d3:c5:
- a7:4f:24:7c:1e:0d:f9:ea:15:cd:1b:f1:e5:5b:86:
- 7b:99:03:99:20:b0:2a:2f:58:2a:aa:b6:0f:e6:6e:
- 1e:dc:43:57:04:dd:32:d7:ec:01:2c:1c:83:52:02:
- 04:c2:8f:cd:69:da:ed:33:e1:ff:69:65:2e:26:67:
- 23:a6:81:35:05:7c:52:c7:49:8a:69:38:26:9e:87:
- fd:53:2a:9b:7b:90:d1:1a:b8:4e:fc:b7:6e:0c:26:
- b8:55:b2:50:72:4c:d5:cb:8b:dd:de:e6:da:b4:b4:
- 02:12:1c:24:84:bd:81:8a:4d:78:b8:6f:bc:dc:5a:
- 03:da:70:44:48:10:13:bd:ba:be:db:94:e8:6b:71:
- be:d0:cf:03:99:56:fe:c5:ad:68:51:ee:ff:7d:25:
- 80:ff
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 74:79:FB:63:0E:0D:0C:52:6E:FD:DC:CD:22:A3:E6:59:9E:0D:93:E7
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- 17:0c:56:0d:55:55:8a:58:6a:c0:b6:b1:0e:df:ce:77:a6:a6:
- 09:4b:07:f8:01:5b:e2:b9:21:1d:d9:3c:63:14:7c:f4:b8:1f:
- db:90:c8:bb:c5:c1:ef:86:08:ff:d4:55:17:3c:cb:d3:0a:e5:
- ac:f6:fa:93:fe:55:13:3f:94:d1:d9:9d:08:43:46:be:65:d2:
- dd:60:55:6e:82:39:ca:49:20:50:1f:84:e4:b8:8a:3b:f1:51:
- da:59:dc:f9:62:3b:c6:fc:a7:ae:34:8a:90:d3:d4:a6:53:39:
- eb:8a:a3:64:a6:18:3a:62:c1:e2:a3:1f:ae:01:d1:21:e3:77:
- ce:07:16:3c:37:02:05:e6:5c:76:63:45:7e:61:3c:18:44:f2:
- 72:a0:37:7b:24:31:bf:af:ef:40:1c:5a:e1:8d:06:26:fd:3a:
- 4b:3c:fe:21:a8:6f:d4:01:71:d8:77:a4:46:82:c9:60:84:a7:
- a1:7f:c8:95:c5:a9:16:4f:60:28:86:53:97:9d:52:ef:9a:31:
- 51:60:80:44:26:5e:67:79:33:64:01:b3:99:c3:24:cd:ad:5e:
- a1:7f:18:d6:3d:f9:f0:ce:b0:70:f0:25:72:34:45:7a:68:17:
- 13:4b:24:82:d7:83:5b:e3:78:77:98:5e:ea:85:19:ee:83:3b:
- 68:7c:5e:8e
------BEGIN CERTIFICATE-----
-MIIDVzCCAj+gAwIBAgIRAMz/4liDuF22mxKJz5qqL9QwDQYJKoZIhvcNAQELBQAw
-FjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjIwMTI3MTY1MzIyWhcNMzIwMTI1
-MTY1MzIyWjATMREwDwYDVQQDDAhjc2d1bHlhczCCASIwDQYJKoZIhvcNAQEBBQAD
-ggEPADCCAQoCggEBAMZzOV+B/bQMhMgj4ESA9Z/BzQ/4uEvdybCKdLQjNzTJ2YKV
-2fChnlQ6xDMZzXGW7lXyEGc03twKsiEE2ddbFSl/CFTaDLXsObh4kgMHHTY9ylR1
-6Wf+u7jSMHJq51w5H5O7tGJAbNPFp08kfB4N+eoVzRvx5VuGe5kDmSCwKi9YKqq2
-D+ZuHtxDVwTdMtfsASwcg1ICBMKPzWna7TPh/2llLiZnI6aBNQV8UsdJimk4Jp6H
-/VMqm3uQ0Rq4Tvy3bgwmuFWyUHJM1cuL3d7m2rS0AhIcJIS9gYpNeLhvvNxaA9pw
-REgQE726vtuU6GtxvtDPA5lW/sWtaFHu/30lgP8CAwEAAaOBojCBnzAJBgNVHRME
-AjAAMB0GA1UdDgQWBBR0eftjDg0MUm793M0io+ZZng2T5zBRBgNVHSMESjBIgBRJ
-Q1tS+DF4tYR0eo0n0yIfqdTCpaEapBgwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0GC
-FHXPMTul9juXSk26FNFYypPL8X+lMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1Ud
-DwQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAFwxWDVVVilhqwLaxDt/Od6amCUsH
-+AFb4rkhHdk8YxR89Lgf25DIu8XB74YI/9RVFzzL0wrlrPb6k/5VEz+U0dmdCENG
-vmXS3WBVboI5ykkgUB+E5LiKO/FR2lnc+WI7xvynrjSKkNPUplM564qjZKYYOmLB
-4qMfrgHRIeN3zgcWPDcCBeZcdmNFfmE8GETycqA3eyQxv6/vQBxa4Y0GJv06Szz+
-Iahv1AFx2HekRoLJYISnoX/IlcWpFk9gKIZTl51S75oxUWCARCZeZ3kzZAGzmcMk
-za1eoX8Y1j358M6wcPAlcjRFemgXE0skgteDW+N4d5he6oUZ7oM7aHxejg==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- d0:00:c3:68:db:1f:1a:36:3a:cd:08:ff:f2:13:d8:e9
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:54:00 2022 GMT
- Not After : Jan 25 16:54:00 2032 GMT
- Subject: CN=dvasary
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:b4:d9:2e:da:28:56:77:92:4d:fd:38:96:a6:8d:
- c4:0a:44:75:dc:ff:81:ee:9e:0d:af:9b:7b:ed:5e:
- 5f:03:be:33:5e:af:54:e1:e8:b8:0e:9c:83:62:24:
- ce:94:0c:e5:d0:8a:90:41:5f:72:4f:a3:b0:27:9c:
- 73:32:52:1f:8c:9d:d9:52:db:ce:91:85:db:0e:c6:
- 71:f0:fe:42:6f:06:11:76:16:32:45:22:f0:37:72:
- d8:87:d2:f4:15:ad:77:b5:e2:a7:50:81:80:57:87:
- 2f:84:f4:9d:9c:5a:b6:47:61:2e:42:f5:59:4a:f8:
- b1:de:2f:c3:bb:4a:69:57:61:6d:d2:a6:9c:bd:ee:
- 91:2d:fc:8e:68:5f:62:b8:c6:6f:0d:29:7c:2c:26:
- 17:96:8a:42:45:29:93:49:e9:71:3b:df:11:54:c5:
- 19:47:11:be:48:42:5d:df:e7:39:0d:59:06:79:a7:
- 5d:68:fd:ff:63:d4:d5:f2:a4:77:b3:46:c2:7c:9d:
- bf:10:57:73:da:03:c0:82:4c:6c:55:37:1e:64:68:
- d0:96:f3:9e:02:f9:c5:52:73:dc:15:57:81:2e:0f:
- 01:98:29:bc:cf:a1:8e:fa:58:e8:05:98:3b:4c:73:
- 65:06:e5:f9:be:25:9a:e2:e9:33:be:86:5f:16:8a:
- fc:f9
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- D0:78:94:E1:01:5B:22:6C:03:1E:7C:BC:CA:35:8D:58:BC:31:78:82
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- cb:3e:27:5c:98:9f:19:d3:e3:e6:9b:13:23:fc:6d:06:62:1f:
- 80:6e:95:f3:67:02:a0:9e:a0:71:fd:c2:08:c4:a3:ed:61:44:
- 5e:3e:d7:fa:a2:53:ca:97:44:97:8a:e3:e5:e4:c6:b0:b7:cc:
- 46:aa:5d:32:71:7b:0c:e7:ac:e8:c3:65:9e:45:bf:39:4a:d1:
- fe:20:4f:1b:8e:88:f3:9d:82:3b:99:0d:95:53:da:ed:db:60:
- 68:79:31:c3:11:f5:63:e9:74:1a:8d:15:8d:e7:0e:ff:0f:8f:
- a1:e0:82:ad:42:cd:6d:2c:73:93:a8:fc:c3:c7:37:24:f5:44:
- 51:c9:3d:28:67:6c:a3:3b:11:3c:f2:5e:45:a8:cc:09:21:f7:
- 3a:be:aa:53:c6:4f:90:65:83:df:3d:1b:01:c5:a8:95:f0:d3:
- da:b0:e4:9a:d5:ed:c5:f6:2e:78:38:39:ba:78:db:53:d6:0a:
- e4:5d:e7:59:7d:81:a1:1d:81:96:ef:28:26:0a:8d:73:9c:60:
- e3:6c:02:c3:95:cf:93:6f:e5:c0:49:b9:eb:8f:5e:02:19:83:
- 5a:50:d9:6b:9d:0d:01:80:06:ba:96:2d:e0:82:4a:5b:02:53:
- 37:36:a6:41:5d:34:1d:9a:96:86:ae:46:cf:74:f7:49:dd:cd:
- 93:eb:81:23
------BEGIN CERTIFICATE-----
-MIIDVjCCAj6gAwIBAgIRANAAw2jbHxo2Os0I//IT2OkwDQYJKoZIhvcNAQELBQAw
-FjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjIwMTI3MTY1NDAwWhcNMzIwMTI1
-MTY1NDAwWjASMRAwDgYDVQQDDAdkdmFzYXJ5MIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEAtNku2ihWd5JN/TiWpo3ECkR13P+B7p4Nr5t77V5fA74zXq9U
-4ei4DpyDYiTOlAzl0IqQQV9yT6OwJ5xzMlIfjJ3ZUtvOkYXbDsZx8P5CbwYRdhYy
-RSLwN3LYh9L0Fa13teKnUIGAV4cvhPSdnFq2R2EuQvVZSvix3i/Du0ppV2Ft0qac
-ve6RLfyOaF9iuMZvDSl8LCYXlopCRSmTSelxO98RVMUZRxG+SEJd3+c5DVkGeadd
-aP3/Y9TV8qR3s0bCfJ2/EFdz2gPAgkxsVTceZGjQlvOeAvnFUnPcFVeBLg8BmCm8
-z6GO+ljoBZg7THNlBuX5viWa4ukzvoZfFor8+QIDAQABo4GiMIGfMAkGA1UdEwQC
-MAAwHQYDVR0OBBYEFNB4lOEBWyJsAx58vMo1jVi8MXiCMFEGA1UdIwRKMEiAFElD
-W1L4MXi1hHR6jSfTIh+p1MKloRqkGDAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQYIU
-dc8xO6X2O5dKTboU0VjKk8vxf6UwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0P
-BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQDLPidcmJ8Z0+PmmxMj/G0GYh+AbpXz
-ZwKgnqBx/cIIxKPtYURePtf6olPKl0SXiuPl5Mawt8xGql0ycXsM56zow2WeRb85
-StH+IE8bjojznYI7mQ2VU9rt22BoeTHDEfVj6XQajRWN5w7/D4+h4IKtQs1tLHOT
-qPzDxzck9URRyT0oZ2yjOxE88l5FqMwJIfc6vqpTxk+QZYPfPRsBxaiV8NPasOSa
-1e3F9i54ODm6eNtT1grkXedZfYGhHYGW7ygmCo1znGDjbALDlc+Tb+XASbnrj14C
-GYNaUNlrnQ0BgAa6li3ggkpbAlM3NqZBXTQdmpaGrkbPdPdJ3c2T64Ej
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- dd:3f:8e:ec:40:23:98:27:3e:6e:03:0d:a4:c4:94:43
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:54:12 2022 GMT
- Not After : Jan 25 16:54:12 2032 GMT
- Subject: CN=fritter
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:d2:58:d1:a5:05:3c:bd:ed:ca:7c:f3:0b:96:d1:
- 01:db:c5:61:64:ed:9c:2e:23:0f:9d:94:cc:dc:ff:
- 84:4b:20:ce:9d:1f:f6:f2:20:b8:1b:7c:87:1a:6a:
- f7:8e:5f:cf:b0:3b:0b:f5:8a:2c:84:fb:35:63:3f:
- ae:4f:54:ce:8f:b5:3c:76:ee:b4:6e:3d:e9:39:13:
- 4b:0f:03:64:32:a1:2f:4f:12:c7:91:db:5e:09:93:
- 92:2e:9e:7e:7d:bd:1c:00:f8:f2:12:48:e0:57:0d:
- 8a:7a:8b:d4:68:6f:3e:19:6f:86:d8:91:97:11:5f:
- db:52:5e:53:4b:62:92:56:d6:e3:02:68:6d:40:7f:
- ce:4b:28:b5:c1:9d:7d:87:5c:0a:b5:33:f5:a3:a0:
- 1a:a8:a6:1c:24:a8:33:a0:36:59:e6:3c:ce:aa:90:
- d1:74:68:59:4d:6a:da:c3:7a:90:74:44:af:b3:e6:
- 3f:82:86:9a:bb:a5:03:7c:79:92:ef:f9:fd:e2:09:
- 46:b7:2c:57:df:f0:1d:4b:8b:a8:e3:5d:29:7b:40:
- 4b:b0:63:e9:9b:aa:f3:26:70:94:81:4d:29:44:55:
- 97:b6:75:3c:e3:be:ca:a4:5b:8b:9e:a9:04:d1:d7:
- 45:72:95:ed:cd:62:20:aa:0f:2f:06:ca:59:2b:1f:
- fe:05
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 38:5F:64:D8:70:65:7B:A2:3F:85:A7:10:E8:23:47:ED:0B:22:89:1A
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- 0b:9e:0b:ac:0c:d5:88:a3:4b:66:cf:2d:a4:ed:7f:e3:32:94:
- 5d:c6:20:33:20:50:cb:51:12:7b:cc:a6:61:43:bf:22:39:95:
- f9:15:c8:5a:ba:82:07:92:d4:b8:11:34:47:17:7b:00:b4:40:
- 32:d6:c9:e1:a3:e4:cf:1b:b8:3f:8e:ef:9e:96:c6:60:6f:63:
- 2d:70:58:46:f7:bb:30:31:bc:08:19:3f:45:b6:45:31:db:db:
- d7:eb:fd:8a:dd:04:bc:d3:30:b0:f0:e4:1c:84:e8:71:9a:a8:
- e8:16:19:1e:96:60:d5:2f:c1:09:46:3c:a5:84:00:5f:f8:3d:
- 0d:f8:0f:ec:8a:c9:31:ed:4f:64:2d:b3:ed:f1:6a:f0:ed:31:
- 10:e6:38:69:a9:02:c8:3b:8c:a9:57:dc:65:c5:35:fd:e6:5a:
- 4d:a1:f0:43:e5:ca:18:02:eb:41:28:32:c3:04:5e:77:d1:b7:
- 64:69:aa:ff:ca:e1:dc:2c:14:9f:02:25:2d:77:bd:88:c6:6c:
- ff:61:cd:7d:9c:fe:f1:58:5a:17:60:88:d6:ae:9a:76:86:7e:
- b1:84:00:f2:f5:3a:b3:5e:6e:e9:cf:5d:b7:bb:1d:79:1b:e6:
- b8:5c:f9:c0:21:e9:35:30:01:1e:a0:23:a2:cf:42:6e:a6:74:
- fc:da:bf:6a
------BEGIN CERTIFICATE-----
-MIIDVjCCAj6gAwIBAgIRAN0/juxAI5gnPm4DDaTElEMwDQYJKoZIhvcNAQELBQAw
-FjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjIwMTI3MTY1NDEyWhcNMzIwMTI1
-MTY1NDEyWjASMRAwDgYDVQQDDAdmcml0dGVyMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEA0ljRpQU8ve3KfPMLltEB28VhZO2cLiMPnZTM3P+ESyDOnR/2
-8iC4G3yHGmr3jl/PsDsL9YoshPs1Yz+uT1TOj7U8du60bj3pORNLDwNkMqEvTxLH
-kdteCZOSLp5+fb0cAPjyEkjgVw2KeovUaG8+GW+G2JGXEV/bUl5TS2KSVtbjAmht
-QH/OSyi1wZ19h1wKtTP1o6AaqKYcJKgzoDZZ5jzOqpDRdGhZTWraw3qQdESvs+Y/
-goaau6UDfHmS7/n94glGtyxX3/AdS4uo410pe0BLsGPpm6rzJnCUgU0pRFWXtnU8
-477KpFuLnqkE0ddFcpXtzWIgqg8vBspZKx/+BQIDAQABo4GiMIGfMAkGA1UdEwQC
-MAAwHQYDVR0OBBYEFDhfZNhwZXuiP4WnEOgjR+0LIokaMFEGA1UdIwRKMEiAFElD
-W1L4MXi1hHR6jSfTIh+p1MKloRqkGDAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQYIU
-dc8xO6X2O5dKTboU0VjKk8vxf6UwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0P
-BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQALngusDNWIo0tmzy2k7X/jMpRdxiAz
-IFDLURJ7zKZhQ78iOZX5FchauoIHktS4ETRHF3sAtEAy1snho+TPG7g/ju+elsZg
-b2MtcFhG97swMbwIGT9FtkUx29vX6/2K3QS80zCw8OQchOhxmqjoFhkelmDVL8EJ
-RjylhABf+D0N+A/siskx7U9kLbPt8Wrw7TEQ5jhpqQLIO4ypV9xlxTX95lpNofBD
-5coYAutBKDLDBF530bdkaar/yuHcLBSfAiUtd72Ixmz/Yc19nP7xWFoXYIjWrpp2
-hn6xhADy9TqzXm7pz123ux15G+a4XPnAIek1MAEeoCOiz0JupnT82r9q
------END CERTIFICATE-----
+++ /dev/null
------BEGIN X509 CRL-----
-MIIBtjCBnwIBATANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDDAtFYXN5LVJTQSBD
-QRcNMjIwMTI3MTYyMjI3WhcNMjIwNzI2MTYyMjI3WqBVMFMwUQYDVR0jBEowSIAU
-SUNbUvgxeLWEdHqNJ9MiH6nUwqWhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENB
-ghR1zzE7pfY7l0pNuhTRWMqTy/F/pTANBgkqhkiG9w0BAQsFAAOCAQEAUCRIUB6t
-1Tz4UWGV5de+YIYXESYaNgkHLq1Q8QnPz4hp/Z5HMecbfJYqom3aFJlzKHyK7cMO
-ImRm3UQudWpBQolfMwDY5OhQDIfLkDW1IrQYfQWe4oEX3jWcAZ0MCNfbnjAKD1If
-kfDxfdWK8Np2muvxF8ux++wFaUVthl0ftGxoLfUQ7gq94DN9rWVpWXpOekfAY8au
-P0Fda4IGz5Y/rIXJ2ZdeZxHbdPrWEOcNi5G4E4KY1TPKmxD+809KcF4Y/+J6kD4S
-xEs39z4y5epTka3pyexrAMNZ7+5dTzmjOrk4P7i1fwZ6PmmvVxOEvwZxVhIEURdt
-jFiMZt2mwB2TKA==
------END X509 CRL-----
+++ /dev/null
------BEGIN DH PARAMETERS-----
-MIIBCAKCAQEAns3FyV7aGDjxLwi/52fFlURQfz/TFuG7zzUdmCTRhaexacT8fDHf
-1nEnb6OFIRNeUwArWCCHFK9Y224NNSByp8KUN8kpMRSm53LEoxMGoreLTEIq4inX
-TM4wyEUBYiOWa/EHxo13wwMNPWwz7DYVL4mMa/Dc12I/G7olqQ5RgQYtjim4trap
-uI2lGIZBJKnOWfisAdWOn3jB8jSgz7iyAM6Fs6yhISWf3k/YzKAQsD5oYcixBaHX
-Do6PwYlVJXZRoDy/DdEkosd5wLJ/ZNMkTu7T2fm1Eyt32taQgIQSVv75/H4DuVm2
-T0VXi3dNTXDyfLIswsRIPOR0EeNoHu4WGwIBAg==
------END DH PARAMETERS-----
+++ /dev/null
-V 320125162246Z 335980B86FF171C95798A1E9AF815FCB unknown /CN=vpn.in.useribm.hu
-V 320125165217Z 734469339D70F82ECCAF4462A8C4D232 unknown /CN=qqcs
-V 320125165259Z B7E49AEC69ADAC37DB3DE73A726805AA unknown /CN=akosztolanyi
-V 320125165322Z CCFFE25883B85DB69B1289CF9AAA2FD4 unknown /CN=csgulyas
-V 320125165332Z 9828A16404425A3F9F420BD647201BBE unknown /CN=cslevai
-V 320125165347Z ACBA23204B736CF4353C080B121BFF49 unknown /CN=dhorvath
-V 320125165400Z D000C368DB1F1A363ACD08FFF213D8E9 unknown /CN=dvasary
-V 320125165412Z DD3F8EEC402398273E6E030DA4C49443 unknown /CN=fritter
-V 320125165421Z 6087511C41AB644D6E87354B37DA5ABE unknown /CN=fschnell
-V 320125165435Z 2370617D3985FE768DCA0F04D3683D1F unknown /CN=khorvath
-V 320125165448Z 16D67EBDB716BD510C340D08FA8CCBB1 unknown /CN=kkancz
-V 320125165458Z 7F0284BD0407A8DEA77A7616B225D08E unknown /CN=kvajda
-V 320125165511Z C30F84CF711904E9F7BCB1AD5D996B80 unknown /CN=mszabo
-V 320125165526Z 074293A82571A4AEB0964D14D1E2FF22 unknown /CN=osweidan
-V 320125165600Z C2283CFFFA8EDCF7395242B1F3824074 unknown /CN=rrendek
-V 320125165614Z 2BF6CBE6EEB95F052F9D64503F0CC337 unknown /CN=zfelleg
+++ /dev/null
-unique_subject = no
+++ /dev/null
-unique_subject = no
+++ /dev/null
-V 320125162246Z 335980B86FF171C95798A1E9AF815FCB unknown /CN=vpn.in.useribm.hu
-V 320125165217Z 734469339D70F82ECCAF4462A8C4D232 unknown /CN=qqcs
-V 320125165259Z B7E49AEC69ADAC37DB3DE73A726805AA unknown /CN=akosztolanyi
-V 320125165322Z CCFFE25883B85DB69B1289CF9AAA2FD4 unknown /CN=csgulyas
-V 320125165332Z 9828A16404425A3F9F420BD647201BBE unknown /CN=cslevai
-V 320125165347Z ACBA23204B736CF4353C080B121BFF49 unknown /CN=dhorvath
-V 320125165400Z D000C368DB1F1A363ACD08FFF213D8E9 unknown /CN=dvasary
-V 320125165412Z DD3F8EEC402398273E6E030DA4C49443 unknown /CN=fritter
-V 320125165421Z 6087511C41AB644D6E87354B37DA5ABE unknown /CN=fschnell
-V 320125165435Z 2370617D3985FE768DCA0F04D3683D1F unknown /CN=khorvath
-V 320125165448Z 16D67EBDB716BD510C340D08FA8CCBB1 unknown /CN=kkancz
-V 320125165458Z 7F0284BD0407A8DEA77A7616B225D08E unknown /CN=kvajda
-V 320125165511Z C30F84CF711904E9F7BCB1AD5D996B80 unknown /CN=mszabo
-V 320125165526Z 074293A82571A4AEB0964D14D1E2FF22 unknown /CN=osweidan
-V 320125165600Z C2283CFFFA8EDCF7395242B1F3824074 unknown /CN=rrendek
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- b7:e4:9a:ec:69:ad:ac:37:db:3d:e7:3a:72:68:05:aa
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:52:59 2022 GMT
- Not After : Jan 25 16:52:59 2032 GMT
- Subject: CN=akosztolanyi
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:cd:02:9c:1d:2c:a3:f2:9f:dc:ed:e2:44:32:e2:
- 0f:02:2e:47:45:a2:a5:22:31:5a:8e:c8:68:c6:df:
- 63:6b:25:32:62:ee:db:16:97:dd:60:21:61:a9:cb:
- 77:6c:99:45:d1:5a:bf:b5:4c:0e:30:a6:33:ae:12:
- 37:66:38:ec:5c:e5:b9:7c:4f:0e:14:b0:1a:c1:a8:
- 50:e3:56:01:ce:68:0d:63:d4:9a:1b:33:95:f0:d5:
- 38:7a:0d:d5:b3:a7:73:2f:a3:ed:54:bb:4e:40:0a:
- 09:0b:ed:73:38:e0:bd:65:36:2e:92:29:b9:59:e1:
- 3b:e6:bf:74:6b:8d:2a:f7:61:31:ba:10:04:98:d3:
- b5:73:b7:74:bc:06:d7:c0:7c:33:4b:18:d7:5a:ea:
- bf:87:7d:95:3e:ba:d9:5a:ad:c7:40:8e:6f:5b:90:
- 38:91:54:f2:b8:30:71:b3:ad:d4:2f:c8:19:66:83:
- 99:28:ba:7e:2f:00:c2:df:cc:e6:88:08:e4:ef:c2:
- e3:e5:47:8b:6d:2d:70:b4:71:de:33:c5:47:9e:e6:
- 2e:f7:7d:de:81:6f:ad:a4:00:44:b5:78:4f:3d:43:
- 43:ef:5d:5a:0b:56:be:ab:da:22:2d:80:f1:99:fe:
- 13:d7:a2:8e:4a:fb:31:1f:8e:27:fd:40:79:e1:73:
- f3:d7
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- AB:71:5B:8D:67:12:A3:DB:00:A1:63:AA:37:72:C3:EC:6A:82:CC:FB
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- 3c:b1:50:93:48:68:cc:42:76:ba:3e:f4:c7:38:95:40:18:23:
- 17:6b:0e:2b:f9:13:25:d3:5e:49:e5:51:38:6c:66:da:c4:c1:
- df:9f:71:96:65:6c:53:1d:bf:af:98:05:d5:4d:c2:cf:f3:6d:
- cc:92:7c:79:c6:cc:47:5b:8a:9e:95:f5:fa:02:9d:69:73:b7:
- 75:93:6f:18:f2:b8:15:97:08:a6:fa:c8:a9:e9:6d:44:bf:cb:
- 77:73:b4:6a:02:55:c0:fb:3e:f0:e1:a3:a7:35:90:d1:91:79:
- f1:3d:0f:b7:c9:2c:0a:de:c7:23:c2:10:b6:2c:d2:8a:a7:bf:
- 11:ea:64:cb:93:99:c3:f6:0c:3f:57:a2:65:27:7e:ce:d2:f7:
- 85:e2:ec:66:56:b4:a1:d6:5f:4b:56:6f:fb:93:1b:77:80:7a:
- f4:c4:9d:59:71:09:d3:08:ba:75:0a:57:ce:c6:a0:08:e9:cd:
- 94:0d:39:51:3b:e1:a1:a8:97:a9:26:4c:4d:fe:a6:e2:86:11:
- 1c:2a:34:4d:ab:89:b2:ea:35:39:57:90:65:74:f8:89:75:53:
- 0b:50:74:64:26:52:39:8b:b4:b7:6c:3a:a5:2d:59:68:fa:80:
- ef:93:79:92:fe:88:ea:80:b8:bc:d0:79:c6:1f:a6:6d:01:5b:
- 58:1d:30:0e
------BEGIN CERTIFICATE-----
-MIIDWzCCAkOgAwIBAgIRALfkmuxpraw32z3nOnJoBaowDQYJKoZIhvcNAQELBQAw
-FjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjIwMTI3MTY1MjU5WhcNMzIwMTI1
-MTY1MjU5WjAXMRUwEwYDVQQDDAxha29zenRvbGFueWkwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQDNApwdLKPyn9zt4kQy4g8CLkdFoqUiMVqOyGjG32Nr
-JTJi7tsWl91gIWGpy3dsmUXRWr+1TA4wpjOuEjdmOOxc5bl8Tw4UsBrBqFDjVgHO
-aA1j1JobM5Xw1Th6DdWzp3Mvo+1Uu05ACgkL7XM44L1lNi6SKblZ4Tvmv3RrjSr3
-YTG6EASY07Vzt3S8BtfAfDNLGNda6r+HfZU+utlarcdAjm9bkDiRVPK4MHGzrdQv
-yBlmg5koun4vAMLfzOaICOTvwuPlR4ttLXC0cd4zxUee5i73fd6Bb62kAES1eE89
-Q0PvXVoLVr6r2iItgPGZ/hPXoo5K+zEfjif9QHnhc/PXAgMBAAGjgaIwgZ8wCQYD
-VR0TBAIwADAdBgNVHQ4EFgQUq3FbjWcSo9sAoWOqN3LD7GqCzPswUQYDVR0jBEow
-SIAUSUNbUvgxeLWEdHqNJ9MiH6nUwqWhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNB
-IENBghR1zzE7pfY7l0pNuhTRWMqTy/F/pTATBgNVHSUEDDAKBggrBgEFBQcDAjAL
-BgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBADyxUJNIaMxCdro+9Mc4lUAY
-IxdrDiv5EyXTXknlUThsZtrEwd+fcZZlbFMdv6+YBdVNws/zbcySfHnGzEdbip6V
-9foCnWlzt3WTbxjyuBWXCKb6yKnpbUS/y3dztGoCVcD7PvDho6c1kNGRefE9D7fJ
-LArexyPCELYs0oqnvxHqZMuTmcP2DD9XomUnfs7S94Xi7GZWtKHWX0tWb/uTG3eA
-evTEnVlxCdMIunUKV87GoAjpzZQNOVE74aGol6kmTE3+puKGERwqNE2ribLqNTlX
-kGV0+Il1UwtQdGQmUjmLtLdsOqUtWWj6gO+TeZL+iOqAuLzQecYfpm0BW1gdMA4=
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- cc:ff:e2:58:83:b8:5d:b6:9b:12:89:cf:9a:aa:2f:d4
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:53:22 2022 GMT
- Not After : Jan 25 16:53:22 2032 GMT
- Subject: CN=csgulyas
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:c6:73:39:5f:81:fd:b4:0c:84:c8:23:e0:44:80:
- f5:9f:c1:cd:0f:f8:b8:4b:dd:c9:b0:8a:74:b4:23:
- 37:34:c9:d9:82:95:d9:f0:a1:9e:54:3a:c4:33:19:
- cd:71:96:ee:55:f2:10:67:34:de:dc:0a:b2:21:04:
- d9:d7:5b:15:29:7f:08:54:da:0c:b5:ec:39:b8:78:
- 92:03:07:1d:36:3d:ca:54:75:e9:67:fe:bb:b8:d2:
- 30:72:6a:e7:5c:39:1f:93:bb:b4:62:40:6c:d3:c5:
- a7:4f:24:7c:1e:0d:f9:ea:15:cd:1b:f1:e5:5b:86:
- 7b:99:03:99:20:b0:2a:2f:58:2a:aa:b6:0f:e6:6e:
- 1e:dc:43:57:04:dd:32:d7:ec:01:2c:1c:83:52:02:
- 04:c2:8f:cd:69:da:ed:33:e1:ff:69:65:2e:26:67:
- 23:a6:81:35:05:7c:52:c7:49:8a:69:38:26:9e:87:
- fd:53:2a:9b:7b:90:d1:1a:b8:4e:fc:b7:6e:0c:26:
- b8:55:b2:50:72:4c:d5:cb:8b:dd:de:e6:da:b4:b4:
- 02:12:1c:24:84:bd:81:8a:4d:78:b8:6f:bc:dc:5a:
- 03:da:70:44:48:10:13:bd:ba:be:db:94:e8:6b:71:
- be:d0:cf:03:99:56:fe:c5:ad:68:51:ee:ff:7d:25:
- 80:ff
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 74:79:FB:63:0E:0D:0C:52:6E:FD:DC:CD:22:A3:E6:59:9E:0D:93:E7
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- 17:0c:56:0d:55:55:8a:58:6a:c0:b6:b1:0e:df:ce:77:a6:a6:
- 09:4b:07:f8:01:5b:e2:b9:21:1d:d9:3c:63:14:7c:f4:b8:1f:
- db:90:c8:bb:c5:c1:ef:86:08:ff:d4:55:17:3c:cb:d3:0a:e5:
- ac:f6:fa:93:fe:55:13:3f:94:d1:d9:9d:08:43:46:be:65:d2:
- dd:60:55:6e:82:39:ca:49:20:50:1f:84:e4:b8:8a:3b:f1:51:
- da:59:dc:f9:62:3b:c6:fc:a7:ae:34:8a:90:d3:d4:a6:53:39:
- eb:8a:a3:64:a6:18:3a:62:c1:e2:a3:1f:ae:01:d1:21:e3:77:
- ce:07:16:3c:37:02:05:e6:5c:76:63:45:7e:61:3c:18:44:f2:
- 72:a0:37:7b:24:31:bf:af:ef:40:1c:5a:e1:8d:06:26:fd:3a:
- 4b:3c:fe:21:a8:6f:d4:01:71:d8:77:a4:46:82:c9:60:84:a7:
- a1:7f:c8:95:c5:a9:16:4f:60:28:86:53:97:9d:52:ef:9a:31:
- 51:60:80:44:26:5e:67:79:33:64:01:b3:99:c3:24:cd:ad:5e:
- a1:7f:18:d6:3d:f9:f0:ce:b0:70:f0:25:72:34:45:7a:68:17:
- 13:4b:24:82:d7:83:5b:e3:78:77:98:5e:ea:85:19:ee:83:3b:
- 68:7c:5e:8e
------BEGIN CERTIFICATE-----
-MIIDVzCCAj+gAwIBAgIRAMz/4liDuF22mxKJz5qqL9QwDQYJKoZIhvcNAQELBQAw
-FjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjIwMTI3MTY1MzIyWhcNMzIwMTI1
-MTY1MzIyWjATMREwDwYDVQQDDAhjc2d1bHlhczCCASIwDQYJKoZIhvcNAQEBBQAD
-ggEPADCCAQoCggEBAMZzOV+B/bQMhMgj4ESA9Z/BzQ/4uEvdybCKdLQjNzTJ2YKV
-2fChnlQ6xDMZzXGW7lXyEGc03twKsiEE2ddbFSl/CFTaDLXsObh4kgMHHTY9ylR1
-6Wf+u7jSMHJq51w5H5O7tGJAbNPFp08kfB4N+eoVzRvx5VuGe5kDmSCwKi9YKqq2
-D+ZuHtxDVwTdMtfsASwcg1ICBMKPzWna7TPh/2llLiZnI6aBNQV8UsdJimk4Jp6H
-/VMqm3uQ0Rq4Tvy3bgwmuFWyUHJM1cuL3d7m2rS0AhIcJIS9gYpNeLhvvNxaA9pw
-REgQE726vtuU6GtxvtDPA5lW/sWtaFHu/30lgP8CAwEAAaOBojCBnzAJBgNVHRME
-AjAAMB0GA1UdDgQWBBR0eftjDg0MUm793M0io+ZZng2T5zBRBgNVHSMESjBIgBRJ
-Q1tS+DF4tYR0eo0n0yIfqdTCpaEapBgwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0GC
-FHXPMTul9juXSk26FNFYypPL8X+lMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1Ud
-DwQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAFwxWDVVVilhqwLaxDt/Od6amCUsH
-+AFb4rkhHdk8YxR89Lgf25DIu8XB74YI/9RVFzzL0wrlrPb6k/5VEz+U0dmdCENG
-vmXS3WBVboI5ykkgUB+E5LiKO/FR2lnc+WI7xvynrjSKkNPUplM564qjZKYYOmLB
-4qMfrgHRIeN3zgcWPDcCBeZcdmNFfmE8GETycqA3eyQxv6/vQBxa4Y0GJv06Szz+
-Iahv1AFx2HekRoLJYISnoX/IlcWpFk9gKIZTl51S75oxUWCARCZeZ3kzZAGzmcMk
-za1eoX8Y1j358M6wcPAlcjRFemgXE0skgteDW+N4d5he6oUZ7oM7aHxejg==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 98:28:a1:64:04:42:5a:3f:9f:42:0b:d6:47:20:1b:be
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:53:32 2022 GMT
- Not After : Jan 25 16:53:32 2032 GMT
- Subject: CN=cslevai
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:d1:ac:70:e4:89:88:d8:df:db:ce:fe:1e:85:79:
- 12:be:c3:fe:78:5d:90:21:37:4c:8b:f7:83:21:8b:
- af:e0:17:83:20:b9:34:f7:f4:ac:ac:c3:6b:6f:94:
- 60:b1:c3:82:98:55:4a:19:61:89:3a:60:75:8c:99:
- 86:55:07:e0:b5:ee:6a:62:41:29:39:e4:c0:d3:14:
- 22:78:1e:4c:02:ff:9a:36:3c:d5:17:a2:28:d8:68:
- 9c:cd:cc:cc:32:0d:ac:b5:c4:c3:b4:ce:c1:d7:50:
- ad:65:44:56:3f:d6:9a:1e:12:4c:18:d9:f7:c4:d9:
- d0:eb:5f:ee:d4:b8:1c:64:40:cb:cf:62:72:38:33:
- ab:d7:c5:bc:84:af:5e:5d:d2:df:51:0e:62:48:b5:
- 71:e8:74:c2:de:1c:59:fb:ad:ae:f9:9e:9a:7b:73:
- c7:ad:1a:43:9d:92:03:40:5c:b0:89:0a:79:e7:7a:
- a4:a9:fe:d2:a2:37:fb:30:b9:84:8b:af:4d:ae:d1:
- 68:36:dc:df:9c:f3:e9:84:b3:dc:41:97:cb:34:ea:
- 18:97:9f:d8:60:86:e2:8f:f1:9e:6b:6d:69:fe:78:
- 87:f9:5b:f5:4d:bf:5d:7e:29:c3:73:68:1d:9a:03:
- 5c:f7:34:fd:89:d9:70:59:e6:df:e3:64:55:21:a9:
- 23:d1
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 78:8A:3B:63:8C:10:54:23:2A:F6:61:5B:4E:8D:23:85:01:A5:3A:B8
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- 5f:0c:9b:ec:2f:d1:0f:96:91:e2:9c:3b:55:27:f0:56:5d:7c:
- 85:0c:8b:d3:03:d5:40:86:0e:9b:0b:d1:ce:f5:e6:ab:7a:ec:
- 18:17:e0:0f:56:03:c6:29:20:35:4a:bc:43:01:0b:c0:6e:77:
- 5d:33:c8:57:11:75:c3:d6:e4:fa:70:42:9c:0f:cd:33:75:ce:
- 68:3e:8b:2c:c1:19:07:5f:ab:00:8d:cc:b5:7e:bf:6d:ec:01:
- db:6a:5e:56:dd:2e:95:13:bb:4c:8e:ed:06:3e:50:c9:48:ad:
- 87:7d:1b:0b:54:b2:cb:70:cf:c3:15:19:fc:cf:57:05:3c:c8:
- e3:34:9f:e7:d1:57:65:5d:07:08:82:3e:2e:00:dc:02:ab:4a:
- ab:9d:f3:e1:37:c7:17:83:71:e0:c2:92:a8:5a:45:46:83:a2:
- 8b:c8:f4:41:cb:17:fb:dd:cd:ea:40:02:63:3d:a5:79:8c:f4:
- ea:3b:4c:d1:2c:1b:82:f1:ff:6a:d4:e4:dc:8c:b1:ff:8a:72:
- 00:f0:53:a1:c8:98:45:ac:22:7a:35:40:b8:fe:13:8a:9c:d1:
- b9:d6:74:31:08:30:db:03:a9:75:6c:75:48:96:ad:02:ce:a3:
- 22:2a:a9:a8:63:c9:7f:0b:25:0d:91:6c:3a:72:56:11:22:4c:
- 37:5f:3d:f9
------BEGIN CERTIFICATE-----
-MIIDVjCCAj6gAwIBAgIRAJgooWQEQlo/n0IL1kcgG74wDQYJKoZIhvcNAQELBQAw
-FjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjIwMTI3MTY1MzMyWhcNMzIwMTI1
-MTY1MzMyWjASMRAwDgYDVQQDDAdjc2xldmFpMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEA0axw5ImI2N/bzv4ehXkSvsP+eF2QITdMi/eDIYuv4BeDILk0
-9/SsrMNrb5RgscOCmFVKGWGJOmB1jJmGVQfgte5qYkEpOeTA0xQieB5MAv+aNjzV
-F6Io2GiczczMMg2stcTDtM7B11CtZURWP9aaHhJMGNn3xNnQ61/u1LgcZEDLz2Jy
-ODOr18W8hK9eXdLfUQ5iSLVx6HTC3hxZ+62u+Z6ae3PHrRpDnZIDQFywiQp553qk
-qf7Sojf7MLmEi69NrtFoNtzfnPPphLPcQZfLNOoYl5/YYIbij/Gea21p/niH+Vv1
-Tb9dfinDc2gdmgNc9zT9idlwWebf42RVIakj0QIDAQABo4GiMIGfMAkGA1UdEwQC
-MAAwHQYDVR0OBBYEFHiKO2OMEFQjKvZhW06NI4UBpTq4MFEGA1UdIwRKMEiAFElD
-W1L4MXi1hHR6jSfTIh+p1MKloRqkGDAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQYIU
-dc8xO6X2O5dKTboU0VjKk8vxf6UwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0P
-BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQBfDJvsL9EPlpHinDtVJ/BWXXyFDIvT
-A9VAhg6bC9HO9eareuwYF+APVgPGKSA1SrxDAQvAbnddM8hXEXXD1uT6cEKcD80z
-dc5oPosswRkHX6sAjcy1fr9t7AHbal5W3S6VE7tMju0GPlDJSK2HfRsLVLLLcM/D
-FRn8z1cFPMjjNJ/n0VdlXQcIgj4uANwCq0qrnfPhN8cXg3HgwpKoWkVGg6KLyPRB
-yxf73c3qQAJjPaV5jPTqO0zRLBuC8f9q1OTcjLH/inIA8FOhyJhFrCJ6NUC4/hOK
-nNG51nQxCDDbA6l1bHVIlq0CzqMiKqmoY8l/CyUNkWw6clYRIkw3Xz35
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- ac:ba:23:20:4b:73:6c:f4:35:3c:08:0b:12:1b:ff:49
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:53:47 2022 GMT
- Not After : Jan 25 16:53:47 2032 GMT
- Subject: CN=dhorvath
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:c6:f8:1a:ee:a6:a6:42:b8:ae:3f:fc:45:c6:86:
- 81:17:81:74:f1:e2:eb:14:a6:22:5e:3a:44:33:0c:
- d9:a4:2b:64:62:f5:77:61:c1:97:56:42:ee:89:d0:
- 6d:61:a7:a1:59:65:7d:83:0e:97:7e:63:b4:ab:f7:
- 95:fd:18:c1:0b:2d:c3:de:66:7a:9a:75:cd:ef:1f:
- 0e:56:b5:c3:c8:45:78:68:f0:51:a1:30:75:9f:3e:
- b0:31:02:a7:d8:73:b5:eb:1c:6c:93:6a:c0:bb:3f:
- f7:ad:27:76:0e:86:55:f8:23:e5:d3:70:6e:23:9f:
- dc:94:f0:50:40:98:a9:8a:07:c7:e3:cb:e9:23:ca:
- 91:4d:01:49:db:8d:1a:ca:4c:f6:52:5b:b6:02:15:
- 69:b3:20:6a:33:c0:61:52:bc:d5:1d:ac:f4:6a:8e:
- cc:a9:fb:36:8f:8b:21:db:91:f8:3a:11:d4:cd:c7:
- d6:c7:cd:41:17:cd:91:49:0b:40:21:8d:13:a2:ee:
- fa:59:d3:60:55:f8:8e:bb:6b:2b:0e:f7:af:61:a7:
- 6b:88:c1:03:4d:73:4d:e3:c0:e2:17:b1:2c:9d:78:
- 78:1c:9e:e9:f8:0c:2c:64:68:b4:c1:4a:43:47:f4:
- 87:91:06:f9:00:fd:76:00:41:09:58:b5:a2:b8:af:
- b7:05
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- CF:44:3C:7F:23:15:9C:76:59:D3:47:32:F3:05:35:6E:23:A0:3B:C7
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- 41:c4:86:a3:f5:3b:0d:5e:b2:78:78:b1:18:80:65:4d:02:06:
- ba:f5:3b:49:5d:09:13:a9:7d:e2:6e:f2:a3:ea:e0:27:78:8c:
- 41:63:85:f5:8b:11:86:89:f4:83:d4:2a:91:22:26:b9:68:11:
- 3a:2a:74:df:3c:ea:d5:3b:bc:e9:d8:c6:1b:01:6d:3d:db:43:
- bb:eb:6b:76:2c:fe:d9:ec:d1:d6:3d:c1:f2:59:27:29:17:cc:
- 6a:be:da:b3:cd:c7:6f:b6:5d:1e:49:a5:4b:d5:c0:87:fc:7a:
- a6:40:67:e4:1e:5b:93:01:51:be:f9:33:7e:cb:29:4a:4f:55:
- 52:09:66:f1:b9:b3:98:99:59:f8:24:50:09:80:51:21:76:47:
- 93:c1:f7:c2:83:32:9c:a8:da:63:1b:cf:85:3a:99:9d:43:22:
- af:76:94:b0:50:18:7c:bf:c4:16:55:09:79:90:2c:41:ee:84:
- ac:b5:f1:26:d7:b3:23:38:95:28:e0:66:3e:ae:11:61:72:cf:
- a2:e7:c4:58:d9:14:52:a7:da:0a:6b:2b:94:7e:b5:66:57:8e:
- 54:40:df:57:09:5e:61:7f:7e:dd:71:fa:a7:23:06:18:c1:2d:
- ff:8d:90:f2:b0:8d:5a:0a:7e:ae:64:d3:bb:ae:48:29:24:ea:
- 39:9f:cf:0d
------BEGIN CERTIFICATE-----
-MIIDVzCCAj+gAwIBAgIRAKy6IyBLc2z0NTwICxIb/0kwDQYJKoZIhvcNAQELBQAw
-FjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjIwMTI3MTY1MzQ3WhcNMzIwMTI1
-MTY1MzQ3WjATMREwDwYDVQQDDAhkaG9ydmF0aDCCASIwDQYJKoZIhvcNAQEBBQAD
-ggEPADCCAQoCggEBAMb4Gu6mpkK4rj/8RcaGgReBdPHi6xSmIl46RDMM2aQrZGL1
-d2HBl1ZC7onQbWGnoVllfYMOl35jtKv3lf0YwQstw95mepp1ze8fDla1w8hFeGjw
-UaEwdZ8+sDECp9hztescbJNqwLs/960ndg6GVfgj5dNwbiOf3JTwUECYqYoHx+PL
-6SPKkU0BSduNGspM9lJbtgIVabMgajPAYVK81R2s9GqOzKn7No+LIduR+DoR1M3H
-1sfNQRfNkUkLQCGNE6Lu+lnTYFX4jrtrKw73r2Gna4jBA01zTePA4hexLJ14eBye
-6fgMLGRotMFKQ0f0h5EG+QD9dgBBCVi1orivtwUCAwEAAaOBojCBnzAJBgNVHRME
-AjAAMB0GA1UdDgQWBBTPRDx/IxWcdlnTRzLzBTVuI6A7xzBRBgNVHSMESjBIgBRJ
-Q1tS+DF4tYR0eo0n0yIfqdTCpaEapBgwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0GC
-FHXPMTul9juXSk26FNFYypPL8X+lMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1Ud
-DwQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAQcSGo/U7DV6yeHixGIBlTQIGuvU7
-SV0JE6l94m7yo+rgJ3iMQWOF9YsRhon0g9QqkSImuWgROip03zzq1Tu86djGGwFt
-PdtDu+trdiz+2ezR1j3B8lknKRfMar7as83Hb7ZdHkmlS9XAh/x6pkBn5B5bkwFR
-vvkzfsspSk9VUglm8bmzmJlZ+CRQCYBRIXZHk8H3woMynKjaYxvPhTqZnUMir3aU
-sFAYfL/EFlUJeZAsQe6ErLXxJtezIziVKOBmPq4RYXLPoufEWNkUUqfaCmsrlH61
-ZleOVEDfVwleYX9+3XH6pyMGGMEt/42Q8rCNWgp+rmTTu65IKSTqOZ/PDQ==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- d0:00:c3:68:db:1f:1a:36:3a:cd:08:ff:f2:13:d8:e9
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:54:00 2022 GMT
- Not After : Jan 25 16:54:00 2032 GMT
- Subject: CN=dvasary
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:b4:d9:2e:da:28:56:77:92:4d:fd:38:96:a6:8d:
- c4:0a:44:75:dc:ff:81:ee:9e:0d:af:9b:7b:ed:5e:
- 5f:03:be:33:5e:af:54:e1:e8:b8:0e:9c:83:62:24:
- ce:94:0c:e5:d0:8a:90:41:5f:72:4f:a3:b0:27:9c:
- 73:32:52:1f:8c:9d:d9:52:db:ce:91:85:db:0e:c6:
- 71:f0:fe:42:6f:06:11:76:16:32:45:22:f0:37:72:
- d8:87:d2:f4:15:ad:77:b5:e2:a7:50:81:80:57:87:
- 2f:84:f4:9d:9c:5a:b6:47:61:2e:42:f5:59:4a:f8:
- b1:de:2f:c3:bb:4a:69:57:61:6d:d2:a6:9c:bd:ee:
- 91:2d:fc:8e:68:5f:62:b8:c6:6f:0d:29:7c:2c:26:
- 17:96:8a:42:45:29:93:49:e9:71:3b:df:11:54:c5:
- 19:47:11:be:48:42:5d:df:e7:39:0d:59:06:79:a7:
- 5d:68:fd:ff:63:d4:d5:f2:a4:77:b3:46:c2:7c:9d:
- bf:10:57:73:da:03:c0:82:4c:6c:55:37:1e:64:68:
- d0:96:f3:9e:02:f9:c5:52:73:dc:15:57:81:2e:0f:
- 01:98:29:bc:cf:a1:8e:fa:58:e8:05:98:3b:4c:73:
- 65:06:e5:f9:be:25:9a:e2:e9:33:be:86:5f:16:8a:
- fc:f9
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- D0:78:94:E1:01:5B:22:6C:03:1E:7C:BC:CA:35:8D:58:BC:31:78:82
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- cb:3e:27:5c:98:9f:19:d3:e3:e6:9b:13:23:fc:6d:06:62:1f:
- 80:6e:95:f3:67:02:a0:9e:a0:71:fd:c2:08:c4:a3:ed:61:44:
- 5e:3e:d7:fa:a2:53:ca:97:44:97:8a:e3:e5:e4:c6:b0:b7:cc:
- 46:aa:5d:32:71:7b:0c:e7:ac:e8:c3:65:9e:45:bf:39:4a:d1:
- fe:20:4f:1b:8e:88:f3:9d:82:3b:99:0d:95:53:da:ed:db:60:
- 68:79:31:c3:11:f5:63:e9:74:1a:8d:15:8d:e7:0e:ff:0f:8f:
- a1:e0:82:ad:42:cd:6d:2c:73:93:a8:fc:c3:c7:37:24:f5:44:
- 51:c9:3d:28:67:6c:a3:3b:11:3c:f2:5e:45:a8:cc:09:21:f7:
- 3a:be:aa:53:c6:4f:90:65:83:df:3d:1b:01:c5:a8:95:f0:d3:
- da:b0:e4:9a:d5:ed:c5:f6:2e:78:38:39:ba:78:db:53:d6:0a:
- e4:5d:e7:59:7d:81:a1:1d:81:96:ef:28:26:0a:8d:73:9c:60:
- e3:6c:02:c3:95:cf:93:6f:e5:c0:49:b9:eb:8f:5e:02:19:83:
- 5a:50:d9:6b:9d:0d:01:80:06:ba:96:2d:e0:82:4a:5b:02:53:
- 37:36:a6:41:5d:34:1d:9a:96:86:ae:46:cf:74:f7:49:dd:cd:
- 93:eb:81:23
------BEGIN CERTIFICATE-----
-MIIDVjCCAj6gAwIBAgIRANAAw2jbHxo2Os0I//IT2OkwDQYJKoZIhvcNAQELBQAw
-FjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjIwMTI3MTY1NDAwWhcNMzIwMTI1
-MTY1NDAwWjASMRAwDgYDVQQDDAdkdmFzYXJ5MIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEAtNku2ihWd5JN/TiWpo3ECkR13P+B7p4Nr5t77V5fA74zXq9U
-4ei4DpyDYiTOlAzl0IqQQV9yT6OwJ5xzMlIfjJ3ZUtvOkYXbDsZx8P5CbwYRdhYy
-RSLwN3LYh9L0Fa13teKnUIGAV4cvhPSdnFq2R2EuQvVZSvix3i/Du0ppV2Ft0qac
-ve6RLfyOaF9iuMZvDSl8LCYXlopCRSmTSelxO98RVMUZRxG+SEJd3+c5DVkGeadd
-aP3/Y9TV8qR3s0bCfJ2/EFdz2gPAgkxsVTceZGjQlvOeAvnFUnPcFVeBLg8BmCm8
-z6GO+ljoBZg7THNlBuX5viWa4ukzvoZfFor8+QIDAQABo4GiMIGfMAkGA1UdEwQC
-MAAwHQYDVR0OBBYEFNB4lOEBWyJsAx58vMo1jVi8MXiCMFEGA1UdIwRKMEiAFElD
-W1L4MXi1hHR6jSfTIh+p1MKloRqkGDAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQYIU
-dc8xO6X2O5dKTboU0VjKk8vxf6UwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0P
-BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQDLPidcmJ8Z0+PmmxMj/G0GYh+AbpXz
-ZwKgnqBx/cIIxKPtYURePtf6olPKl0SXiuPl5Mawt8xGql0ycXsM56zow2WeRb85
-StH+IE8bjojznYI7mQ2VU9rt22BoeTHDEfVj6XQajRWN5w7/D4+h4IKtQs1tLHOT
-qPzDxzck9URRyT0oZ2yjOxE88l5FqMwJIfc6vqpTxk+QZYPfPRsBxaiV8NPasOSa
-1e3F9i54ODm6eNtT1grkXedZfYGhHYGW7ygmCo1znGDjbALDlc+Tb+XASbnrj14C
-GYNaUNlrnQ0BgAa6li3ggkpbAlM3NqZBXTQdmpaGrkbPdPdJ3c2T64Ej
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- dd:3f:8e:ec:40:23:98:27:3e:6e:03:0d:a4:c4:94:43
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:54:12 2022 GMT
- Not After : Jan 25 16:54:12 2032 GMT
- Subject: CN=fritter
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:d2:58:d1:a5:05:3c:bd:ed:ca:7c:f3:0b:96:d1:
- 01:db:c5:61:64:ed:9c:2e:23:0f:9d:94:cc:dc:ff:
- 84:4b:20:ce:9d:1f:f6:f2:20:b8:1b:7c:87:1a:6a:
- f7:8e:5f:cf:b0:3b:0b:f5:8a:2c:84:fb:35:63:3f:
- ae:4f:54:ce:8f:b5:3c:76:ee:b4:6e:3d:e9:39:13:
- 4b:0f:03:64:32:a1:2f:4f:12:c7:91:db:5e:09:93:
- 92:2e:9e:7e:7d:bd:1c:00:f8:f2:12:48:e0:57:0d:
- 8a:7a:8b:d4:68:6f:3e:19:6f:86:d8:91:97:11:5f:
- db:52:5e:53:4b:62:92:56:d6:e3:02:68:6d:40:7f:
- ce:4b:28:b5:c1:9d:7d:87:5c:0a:b5:33:f5:a3:a0:
- 1a:a8:a6:1c:24:a8:33:a0:36:59:e6:3c:ce:aa:90:
- d1:74:68:59:4d:6a:da:c3:7a:90:74:44:af:b3:e6:
- 3f:82:86:9a:bb:a5:03:7c:79:92:ef:f9:fd:e2:09:
- 46:b7:2c:57:df:f0:1d:4b:8b:a8:e3:5d:29:7b:40:
- 4b:b0:63:e9:9b:aa:f3:26:70:94:81:4d:29:44:55:
- 97:b6:75:3c:e3:be:ca:a4:5b:8b:9e:a9:04:d1:d7:
- 45:72:95:ed:cd:62:20:aa:0f:2f:06:ca:59:2b:1f:
- fe:05
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 38:5F:64:D8:70:65:7B:A2:3F:85:A7:10:E8:23:47:ED:0B:22:89:1A
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- 0b:9e:0b:ac:0c:d5:88:a3:4b:66:cf:2d:a4:ed:7f:e3:32:94:
- 5d:c6:20:33:20:50:cb:51:12:7b:cc:a6:61:43:bf:22:39:95:
- f9:15:c8:5a:ba:82:07:92:d4:b8:11:34:47:17:7b:00:b4:40:
- 32:d6:c9:e1:a3:e4:cf:1b:b8:3f:8e:ef:9e:96:c6:60:6f:63:
- 2d:70:58:46:f7:bb:30:31:bc:08:19:3f:45:b6:45:31:db:db:
- d7:eb:fd:8a:dd:04:bc:d3:30:b0:f0:e4:1c:84:e8:71:9a:a8:
- e8:16:19:1e:96:60:d5:2f:c1:09:46:3c:a5:84:00:5f:f8:3d:
- 0d:f8:0f:ec:8a:c9:31:ed:4f:64:2d:b3:ed:f1:6a:f0:ed:31:
- 10:e6:38:69:a9:02:c8:3b:8c:a9:57:dc:65:c5:35:fd:e6:5a:
- 4d:a1:f0:43:e5:ca:18:02:eb:41:28:32:c3:04:5e:77:d1:b7:
- 64:69:aa:ff:ca:e1:dc:2c:14:9f:02:25:2d:77:bd:88:c6:6c:
- ff:61:cd:7d:9c:fe:f1:58:5a:17:60:88:d6:ae:9a:76:86:7e:
- b1:84:00:f2:f5:3a:b3:5e:6e:e9:cf:5d:b7:bb:1d:79:1b:e6:
- b8:5c:f9:c0:21:e9:35:30:01:1e:a0:23:a2:cf:42:6e:a6:74:
- fc:da:bf:6a
------BEGIN CERTIFICATE-----
-MIIDVjCCAj6gAwIBAgIRAN0/juxAI5gnPm4DDaTElEMwDQYJKoZIhvcNAQELBQAw
-FjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjIwMTI3MTY1NDEyWhcNMzIwMTI1
-MTY1NDEyWjASMRAwDgYDVQQDDAdmcml0dGVyMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEA0ljRpQU8ve3KfPMLltEB28VhZO2cLiMPnZTM3P+ESyDOnR/2
-8iC4G3yHGmr3jl/PsDsL9YoshPs1Yz+uT1TOj7U8du60bj3pORNLDwNkMqEvTxLH
-kdteCZOSLp5+fb0cAPjyEkjgVw2KeovUaG8+GW+G2JGXEV/bUl5TS2KSVtbjAmht
-QH/OSyi1wZ19h1wKtTP1o6AaqKYcJKgzoDZZ5jzOqpDRdGhZTWraw3qQdESvs+Y/
-goaau6UDfHmS7/n94glGtyxX3/AdS4uo410pe0BLsGPpm6rzJnCUgU0pRFWXtnU8
-477KpFuLnqkE0ddFcpXtzWIgqg8vBspZKx/+BQIDAQABo4GiMIGfMAkGA1UdEwQC
-MAAwHQYDVR0OBBYEFDhfZNhwZXuiP4WnEOgjR+0LIokaMFEGA1UdIwRKMEiAFElD
-W1L4MXi1hHR6jSfTIh+p1MKloRqkGDAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQYIU
-dc8xO6X2O5dKTboU0VjKk8vxf6UwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0P
-BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQALngusDNWIo0tmzy2k7X/jMpRdxiAz
-IFDLURJ7zKZhQ78iOZX5FchauoIHktS4ETRHF3sAtEAy1snho+TPG7g/ju+elsZg
-b2MtcFhG97swMbwIGT9FtkUx29vX6/2K3QS80zCw8OQchOhxmqjoFhkelmDVL8EJ
-RjylhABf+D0N+A/siskx7U9kLbPt8Wrw7TEQ5jhpqQLIO4ypV9xlxTX95lpNofBD
-5coYAutBKDLDBF530bdkaar/yuHcLBSfAiUtd72Ixmz/Yc19nP7xWFoXYIjWrpp2
-hn6xhADy9TqzXm7pz123ux15G+a4XPnAIek1MAEeoCOiz0JupnT82r9q
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 60:87:51:1c:41:ab:64:4d:6e:87:35:4b:37:da:5a:be
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:54:21 2022 GMT
- Not After : Jan 25 16:54:21 2032 GMT
- Subject: CN=fschnell
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:ba:48:1e:7f:2f:93:ee:b3:88:cf:0a:0a:82:0d:
- 48:bd:ed:d8:3f:5d:13:d1:20:c0:34:b9:8f:53:39:
- 52:d2:7e:91:4f:e5:4c:07:73:54:25:a6:6a:c7:83:
- b8:fc:93:1d:b6:03:72:59:41:4a:61:b9:68:0d:4e:
- e2:9b:b4:74:6c:87:7c:a3:61:30:22:3f:9b:53:23:
- 31:e1:b6:37:ef:0d:32:df:6e:40:14:e1:d8:1a:0e:
- 93:8f:6c:55:0d:dd:c9:9a:a2:5c:1e:46:c1:19:ce:
- e4:ee:8b:3e:93:bf:ce:60:30:29:da:2c:e7:d7:a9:
- 06:4d:84:60:cd:3a:28:18:0d:d2:11:6e:01:e9:1a:
- 0c:6b:d1:09:b4:e6:5f:95:7d:c3:a3:d3:fb:44:15:
- 50:b7:be:6e:89:d3:75:cf:57:e3:13:f6:99:3e:ea:
- 2b:38:05:5b:d4:0d:c6:65:42:93:63:c6:e7:44:5a:
- 2c:01:19:88:52:c7:6f:12:fa:27:df:5e:b6:40:e9:
- 15:35:e4:27:0f:e3:c7:1d:37:4f:5f:0b:78:cb:33:
- a2:e6:06:35:b3:b1:d4:4a:4f:55:48:95:b1:e0:5c:
- 8f:35:87:d9:32:07:1b:68:b0:eb:8b:03:67:9c:0e:
- 14:0c:63:ca:22:c7:86:9a:35:5f:af:84:75:fa:3b:
- e7:43
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 4C:D9:F1:08:3B:62:3F:D4:E3:22:0B:27:BD:9C:7C:15:44:B8:D6:11
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- 4c:cf:19:8e:b2:4a:87:3c:de:5b:f3:31:9d:c3:58:4d:9a:d6:
- 59:ad:49:ec:aa:ec:2a:3c:04:c2:1b:fd:31:76:8f:af:2a:bc:
- 9e:d4:96:5d:31:b5:86:16:df:af:2f:ea:12:e9:2a:23:f5:37:
- bb:9b:c0:c5:b6:bc:77:28:2c:f6:8d:31:8a:8e:a2:f8:dc:b8:
- 65:14:ba:1a:8c:32:4f:ec:84:08:3c:87:c2:97:08:93:f8:b9:
- a4:30:a4:78:54:05:a0:f0:29:7b:61:bb:22:4a:98:21:bb:a3:
- c1:38:be:14:bf:58:ab:09:07:8c:d8:c1:66:17:98:91:f3:64:
- ca:05:41:f8:04:5d:91:8a:8f:29:2b:d1:85:20:c5:7c:3e:32:
- 3e:40:8b:c5:1a:20:1f:c4:95:4b:3a:35:a1:37:e3:c8:15:f1:
- 04:4f:9e:cb:1d:1f:bf:4a:c5:8b:f9:81:a7:42:e5:95:04:e5:
- b2:04:f0:3e:1e:d5:24:1d:37:e1:cd:c4:b9:69:77:0d:d6:28:
- b2:f9:7b:be:93:a0:b5:2b:c3:3d:27:9e:4d:a0:73:64:d1:16:
- 9a:07:cc:ff:55:e8:06:ff:a7:d3:fe:a7:33:ff:1c:9d:b4:c8:
- f8:37:fa:e3:24:1d:57:e9:ea:df:92:61:7b:ec:f3:6b:3d:0f:
- 7e:75:72:59
------BEGIN CERTIFICATE-----
-MIIDVjCCAj6gAwIBAgIQYIdRHEGrZE1uhzVLN9pavjANBgkqhkiG9w0BAQsFADAW
-MRQwEgYDVQQDDAtFYXN5LVJTQSBDQTAeFw0yMjAxMjcxNjU0MjFaFw0zMjAxMjUx
-NjU0MjFaMBMxETAPBgNVBAMMCGZzY2huZWxsMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEAukgefy+T7rOIzwoKgg1Ive3YP10T0SDANLmPUzlS0n6RT+VM
-B3NUJaZqx4O4/JMdtgNyWUFKYbloDU7im7R0bId8o2EwIj+bUyMx4bY37w0y325A
-FOHYGg6Tj2xVDd3JmqJcHkbBGc7k7os+k7/OYDAp2izn16kGTYRgzTooGA3SEW4B
-6RoMa9EJtOZflX3Do9P7RBVQt75uidN1z1fjE/aZPuorOAVb1A3GZUKTY8bnRFos
-ARmIUsdvEvon3162QOkVNeQnD+PHHTdPXwt4yzOi5gY1s7HUSk9VSJWx4FyPNYfZ
-MgcbaLDriwNnnA4UDGPKIseGmjVfr4R1+jvnQwIDAQABo4GiMIGfMAkGA1UdEwQC
-MAAwHQYDVR0OBBYEFEzZ8Qg7Yj/U4yILJ72cfBVEuNYRMFEGA1UdIwRKMEiAFElD
-W1L4MXi1hHR6jSfTIh+p1MKloRqkGDAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQYIU
-dc8xO6X2O5dKTboU0VjKk8vxf6UwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0P
-BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQBMzxmOskqHPN5b8zGdw1hNmtZZrUns
-quwqPATCG/0xdo+vKrye1JZdMbWGFt+vL+oS6Soj9Te7m8DFtrx3KCz2jTGKjqL4
-3LhlFLoajDJP7IQIPIfClwiT+LmkMKR4VAWg8Cl7YbsiSpghu6PBOL4Uv1irCQeM
-2MFmF5iR82TKBUH4BF2Rio8pK9GFIMV8PjI+QIvFGiAfxJVLOjWhN+PIFfEET57L
-HR+/SsWL+YGnQuWVBOWyBPA+HtUkHTfhzcS5aXcN1iiy+Xu+k6C1K8M9J55NoHNk
-0RaaB8z/VegG/6fT/qcz/xydtMj4N/rjJB1X6erfkmF77PNrPQ9+dXJZ
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 23:70:61:7d:39:85:fe:76:8d:ca:0f:04:d3:68:3d:1f
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:54:35 2022 GMT
- Not After : Jan 25 16:54:35 2032 GMT
- Subject: CN=khorvath
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:eb:04:0d:b5:38:69:3a:69:07:21:1c:59:4c:07:
- 6c:1d:30:89:93:3d:90:d3:ef:04:cb:ec:41:94:9e:
- 35:91:28:17:e4:1f:cb:2b:0a:06:b9:6a:91:e6:cb:
- 89:60:e6:3c:0a:f8:ff:ae:6c:48:e3:d7:a9:52:95:
- 5f:e5:c8:80:5c:82:b5:91:3b:5e:e0:23:82:8d:52:
- 53:0a:ea:e8:b2:92:b3:4b:bb:1d:2f:5a:e4:29:a9:
- 69:2c:b9:e1:9e:13:1c:3c:0d:d9:fe:fd:e9:a7:1f:
- f4:c2:ab:3b:eb:52:95:41:2a:5a:d4:9e:e9:8e:40:
- 97:60:fb:e8:12:9e:d6:e4:72:2b:43:57:de:85:6b:
- db:94:27:45:eb:43:bb:3d:6e:17:c6:dc:19:d2:dc:
- cd:c8:67:fc:d0:d3:8f:81:4c:1a:ad:df:e6:2b:43:
- 07:95:18:ad:e0:21:c6:5a:fd:ce:17:af:63:58:97:
- b7:86:db:42:95:7f:38:46:08:7e:26:81:24:e2:7e:
- dd:53:51:ab:29:43:19:ad:5f:8b:b2:b8:cf:19:06:
- 0e:15:67:a4:50:79:00:f4:f8:2a:b8:e7:fd:b4:59:
- 9a:ef:10:fb:10:bf:57:3e:26:ec:1e:97:6d:ad:87:
- b9:60:94:69:24:96:69:36:9a:21:00:42:98:06:24:
- d5:f9
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 96:F4:90:70:43:B0:6E:93:48:D7:95:1F:9B:BC:0E:8A:8D:33:36:99
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- 01:8a:5e:af:fe:5a:9d:65:ba:a5:3a:51:d0:1e:7d:fe:9e:b7:
- 7e:bc:da:33:0b:e2:f8:13:6f:73:40:5f:c2:b7:5d:2f:54:5e:
- 0d:db:1d:28:b0:e9:fa:a2:ff:23:3c:4e:63:90:d6:5e:6c:81:
- 9a:69:3d:06:05:5f:c3:a5:67:4a:29:e9:40:36:eb:53:89:a7:
- 13:a5:69:ba:8d:61:ac:d9:5f:89:35:59:dc:c0:98:73:f1:f8:
- 1e:14:80:d9:09:9c:bd:db:69:54:ea:15:68:97:bd:08:27:d7:
- af:c9:8a:b5:41:4a:6c:dc:4f:4c:dd:5b:c7:cf:86:01:07:a2:
- ad:33:7d:aa:47:ae:a8:b0:d2:24:89:9c:a0:48:8d:74:51:79:
- 89:f8:8d:ee:33:4f:d6:45:b8:b5:a6:48:eb:ad:3a:86:68:53:
- 4d:ba:55:fa:d4:2f:7b:59:3d:a6:16:d9:8a:81:90:72:e8:14:
- e8:06:7f:de:0e:f8:be:cf:ce:91:22:8e:cd:5a:94:8f:1c:d0:
- 4b:f6:b5:41:2d:1d:c4:0a:1e:36:17:dd:78:17:23:85:c7:cb:
- ae:1b:ae:65:90:22:b0:c0:94:df:cc:83:38:61:cb:fa:a7:e6:
- a4:a7:9b:10:5d:fc:30:6f:d2:dc:02:15:07:a0:42:9f:1b:a9:
- f9:c7:22:34
------BEGIN CERTIFICATE-----
-MIIDVjCCAj6gAwIBAgIQI3BhfTmF/naNyg8E02g9HzANBgkqhkiG9w0BAQsFADAW
-MRQwEgYDVQQDDAtFYXN5LVJTQSBDQTAeFw0yMjAxMjcxNjU0MzVaFw0zMjAxMjUx
-NjU0MzVaMBMxETAPBgNVBAMMCGtob3J2YXRoMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEA6wQNtThpOmkHIRxZTAdsHTCJkz2Q0+8Ey+xBlJ41kSgX5B/L
-KwoGuWqR5suJYOY8Cvj/rmxI49epUpVf5ciAXIK1kTte4COCjVJTCurospKzS7sd
-L1rkKalpLLnhnhMcPA3Z/v3ppx/0wqs761KVQSpa1J7pjkCXYPvoEp7W5HIrQ1fe
-hWvblCdF60O7PW4XxtwZ0tzNyGf80NOPgUward/mK0MHlRit4CHGWv3OF69jWJe3
-httClX84Rgh+JoEk4n7dU1GrKUMZrV+LsrjPGQYOFWekUHkA9PgquOf9tFma7xD7
-EL9XPibsHpdtrYe5YJRpJJZpNpohAEKYBiTV+QIDAQABo4GiMIGfMAkGA1UdEwQC
-MAAwHQYDVR0OBBYEFJb0kHBDsG6TSNeVH5u8DoqNMzaZMFEGA1UdIwRKMEiAFElD
-W1L4MXi1hHR6jSfTIh+p1MKloRqkGDAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQYIU
-dc8xO6X2O5dKTboU0VjKk8vxf6UwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0P
-BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQABil6v/lqdZbqlOlHQHn3+nrd+vNoz
-C+L4E29zQF/Ct10vVF4N2x0osOn6ov8jPE5jkNZebIGaaT0GBV/DpWdKKelANutT
-iacTpWm6jWGs2V+JNVncwJhz8fgeFIDZCZy922lU6hVol70IJ9evyYq1QUps3E9M
-3VvHz4YBB6KtM32qR66osNIkiZygSI10UXmJ+I3uM0/WRbi1pkjrrTqGaFNNulX6
-1C97WT2mFtmKgZBy6BToBn/eDvi+z86RIo7NWpSPHNBL9rVBLR3ECh42F914FyOF
-x8uuG65lkCKwwJTfzIM4Ycv6p+akp5sQXfwwb9LcAhUHoEKfG6n5xyI0
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 16:d6:7e:bd:b7:16:bd:51:0c:34:0d:08:fa:8c:cb:b1
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:54:48 2022 GMT
- Not After : Jan 25 16:54:48 2032 GMT
- Subject: CN=kkancz
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:b9:6a:63:78:e0:1b:e8:2f:dc:70:f4:49:6f:6c:
- 7b:62:05:76:60:4e:01:4f:91:07:2d:b2:8e:7f:e1:
- 61:4e:c3:24:1d:da:6c:ae:b9:d5:de:00:d5:f7:cf:
- 36:8f:a1:cb:9c:15:4c:57:e8:76:36:83:8b:7b:d4:
- de:04:c9:06:40:32:c3:31:01:f1:f5:bc:9c:97:42:
- 4d:82:47:71:cc:b8:0c:2c:91:bb:c8:6b:2b:62:09:
- f3:5a:c5:5f:40:e8:46:7c:9f:d8:dd:20:a3:bc:34:
- f9:67:28:ae:ed:fc:cd:3e:f0:68:ce:1b:02:d4:da:
- d2:0b:74:b6:32:11:39:6e:53:80:a7:e1:b9:06:96:
- ae:ef:8e:dd:0e:26:05:7a:2c:46:7d:f6:ba:af:6f:
- 3e:44:8b:fa:ff:40:fd:3e:32:64:a5:f7:27:60:f7:
- 85:28:33:e2:a3:2f:5a:37:cd:15:02:ff:28:b5:95:
- a4:3d:ee:01:9f:86:76:2d:01:3d:b4:e7:e2:1f:fb:
- be:1f:6a:2f:e8:50:68:2a:2d:86:3a:ef:38:f1:46:
- df:e7:5c:53:b0:63:13:80:b4:4d:b8:60:7a:ee:71:
- 67:bc:c8:21:83:64:6f:45:07:19:87:f3:49:c2:63:
- 04:59:3f:6d:80:21:0e:2f:4e:cc:b5:7c:38:47:c4:
- 7b:a5
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 9E:32:BB:AC:26:6F:9A:04:73:A5:B9:42:DA:29:46:95:C8:DE:F3:05
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- 6a:07:04:54:3c:a9:4c:05:72:9e:78:6b:a6:dd:a8:09:15:0b:
- cb:54:ad:54:91:f9:8d:ee:61:37:a3:97:92:9e:97:25:4d:db:
- 96:91:9f:39:45:92:e5:d7:06:45:57:89:ef:96:bf:47:c5:5a:
- 84:c8:6d:78:7a:43:02:f5:0f:4b:7f:7b:04:49:53:4b:85:13:
- 5a:cb:75:06:f3:ba:8b:0b:83:f2:1a:df:27:0b:17:b2:28:ca:
- c6:38:14:8c:3d:42:02:db:f2:63:79:ce:00:be:90:b6:0a:5f:
- 23:5a:06:37:c3:34:da:09:1f:66:c8:29:11:0c:b0:8e:ac:43:
- b3:a9:8b:eb:71:38:9c:ed:cf:7c:00:55:47:a4:48:6b:a8:1c:
- 13:4a:b7:bf:4a:48:72:10:32:a7:48:64:d7:82:60:64:cb:a0:
- 20:6a:20:13:d9:0a:09:03:8b:be:76:f1:23:af:90:73:d9:de:
- 65:23:0d:07:04:48:61:f1:9a:c8:37:41:ff:65:72:27:de:88:
- 82:ca:8f:eb:92:2c:8e:b3:ab:dc:26:ff:d4:3d:d8:99:66:c5:
- f8:c4:cc:54:ac:98:21:29:65:ac:77:4e:f6:12:de:f5:ba:cc:
- 1b:ee:eb:08:bf:fe:33:77:19:a5:5c:43:6c:30:40:40:e2:6c:
- bf:93:e0:af
------BEGIN CERTIFICATE-----
-MIIDVDCCAjygAwIBAgIQFtZ+vbcWvVEMNA0I+ozLsTANBgkqhkiG9w0BAQsFADAW
-MRQwEgYDVQQDDAtFYXN5LVJTQSBDQTAeFw0yMjAxMjcxNjU0NDhaFw0zMjAxMjUx
-NjU0NDhaMBExDzANBgNVBAMMBmtrYW5jejCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBALlqY3jgG+gv3HD0SW9se2IFdmBOAU+RBy2yjn/hYU7DJB3abK65
-1d4A1ffPNo+hy5wVTFfodjaDi3vU3gTJBkAywzEB8fW8nJdCTYJHccy4DCyRu8hr
-K2IJ81rFX0DoRnyf2N0go7w0+Wcoru38zT7waM4bAtTa0gt0tjIROW5TgKfhuQaW
-ru+O3Q4mBXosRn32uq9vPkSL+v9A/T4yZKX3J2D3hSgz4qMvWjfNFQL/KLWVpD3u
-AZ+Gdi0BPbTn4h/7vh9qL+hQaCothjrvOPFG3+dcU7BjE4C0Tbhgeu5xZ7zIIYNk
-b0UHGYfzScJjBFk/bYAhDi9OzLV8OEfEe6UCAwEAAaOBojCBnzAJBgNVHRMEAjAA
-MB0GA1UdDgQWBBSeMrusJm+aBHOluULaKUaVyN7zBTBRBgNVHSMESjBIgBRJQ1tS
-+DF4tYR0eo0n0yIfqdTCpaEapBgwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0GCFHXP
-MTul9juXSk26FNFYypPL8X+lMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQE
-AwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAagcEVDypTAVynnhrpt2oCRULy1StVJH5
-je5hN6OXkp6XJU3blpGfOUWS5dcGRVeJ75a/R8VahMhteHpDAvUPS397BElTS4UT
-Wst1BvO6iwuD8hrfJwsXsijKxjgUjD1CAtvyY3nOAL6QtgpfI1oGN8M02gkfZsgp
-EQywjqxDs6mL63E4nO3PfABVR6RIa6gcE0q3v0pIchAyp0hk14JgZMugIGogE9kK
-CQOLvnbxI6+Qc9neZSMNBwRIYfGayDdB/2VyJ96IgsqP65IsjrOr3Cb/1D3YmWbF
-+MTMVKyYISllrHdO9hLe9brMG+7rCL/+M3cZpVxDbDBAQOJsv5Pgrw==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 7f:02:84:bd:04:07:a8:de:a7:7a:76:16:b2:25:d0:8e
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:54:58 2022 GMT
- Not After : Jan 25 16:54:58 2032 GMT
- Subject: CN=kvajda
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:d1:7a:06:e5:cf:eb:9b:3f:97:77:e5:31:89:cf:
- 0a:4d:63:b4:7d:df:31:04:83:62:eb:5c:b9:75:35:
- d2:b1:9b:60:63:36:3a:70:3e:e1:5f:f4:22:0b:7c:
- 32:ed:c7:bb:64:44:4a:5a:9b:a6:3a:5b:b5:a5:f8:
- a0:c3:bb:c4:a4:10:5a:99:b1:0c:d1:05:ae:08:25:
- 15:dd:af:b6:2e:cf:96:eb:35:25:d7:73:e3:a8:d4:
- eb:fc:a9:5e:37:71:35:aa:1a:58:4d:57:df:a7:8c:
- 27:0b:76:28:98:0b:17:98:74:25:3c:54:21:52:5e:
- 38:ce:e2:7f:fd:50:17:43:3c:fc:4c:b9:6b:28:53:
- 59:89:e2:b9:f8:ec:b6:1e:14:b4:f6:8a:51:3e:d2:
- 1b:04:77:8f:a3:7d:57:f2:14:0b:7c:e5:70:ca:1a:
- 57:7c:e1:b2:1a:5e:ad:fc:af:c9:dd:d4:81:4c:19:
- 2c:bd:b6:c3:5b:fa:3d:f9:2d:ad:06:be:49:84:01:
- f6:44:ca:a3:bb:2a:23:4c:b2:ea:d8:67:36:22:ca:
- c6:c6:19:df:b1:fa:31:1b:c4:40:dc:4e:c7:0a:66:
- 22:5c:25:36:2d:5b:22:23:f6:5d:bd:c9:b3:95:ef:
- c0:82:a2:d9:d8:eb:d2:05:4d:e5:31:1f:8a:0c:05:
- 0d:bd
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 5C:FF:92:2D:39:79:AC:9A:F5:F2:B6:9D:63:81:87:78:07:94:0F:04
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- a8:5b:2c:2d:3a:6a:d1:9d:1a:44:b3:ef:14:fd:63:2b:fd:72:
- 79:4e:3a:30:ff:1b:91:82:fc:7f:c8:bf:45:05:74:ed:e9:94:
- d4:73:4d:66:f7:82:b7:7e:b2:e3:41:fc:f8:b6:2c:c2:a0:64:
- af:e3:05:65:80:51:5e:6a:cb:c6:2d:33:84:d0:bc:ba:40:c5:
- c7:0e:2d:05:16:b5:81:7a:de:6a:d6:13:aa:b2:58:5d:18:72:
- 1a:98:9f:be:2b:00:67:70:7a:82:1c:9b:6f:38:5a:7a:60:ee:
- d5:1a:fd:8f:8f:d2:55:87:bc:b9:bc:e0:c0:bf:d6:ec:09:70:
- a2:2a:50:6e:de:41:75:99:bd:c9:5e:8c:5e:52:09:3b:3d:1c:
- e0:c7:05:ec:65:64:7f:e4:57:98:0d:2e:c7:79:5f:6f:9b:f4:
- b0:bb:cc:58:f0:dd:c4:c0:04:a6:a3:8f:ae:1d:74:c3:04:73:
- 56:5e:e4:4b:2b:ef:87:d9:c6:84:1d:bd:a7:17:63:8d:8a:31:
- 99:6e:d7:e9:15:56:b1:00:b7:5f:49:c9:44:71:f2:6d:14:b5:
- 06:b9:7a:7f:e5:8d:fb:8e:a3:f1:f4:52:c7:72:3b:6c:f4:50:
- d1:c8:c5:26:4a:40:6b:16:08:7e:ab:c9:8c:54:3c:94:57:5e:
- 3e:52:84:f7
------BEGIN CERTIFICATE-----
-MIIDVDCCAjygAwIBAgIQfwKEvQQHqN6nenYWsiXQjjANBgkqhkiG9w0BAQsFADAW
-MRQwEgYDVQQDDAtFYXN5LVJTQSBDQTAeFw0yMjAxMjcxNjU0NThaFw0zMjAxMjUx
-NjU0NThaMBExDzANBgNVBAMMBmt2YWpkYTCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBANF6BuXP65s/l3flMYnPCk1jtH3fMQSDYutcuXU10rGbYGM2OnA+
-4V/0Igt8Mu3Hu2RESlqbpjpbtaX4oMO7xKQQWpmxDNEFrgglFd2vti7Plus1Jddz
-46jU6/ypXjdxNaoaWE1X36eMJwt2KJgLF5h0JTxUIVJeOM7if/1QF0M8/Ey5ayhT
-WYniufjsth4UtPaKUT7SGwR3j6N9V/IUC3zlcMoaV3zhshperfyvyd3UgUwZLL22
-w1v6PfktrQa+SYQB9kTKo7sqI0yy6thnNiLKxsYZ37H6MRvEQNxOxwpmIlwlNi1b
-IiP2Xb3Js5XvwIKi2djr0gVN5TEfigwFDb0CAwEAAaOBojCBnzAJBgNVHRMEAjAA
-MB0GA1UdDgQWBBRc/5ItOXmsmvXytp1jgYd4B5QPBDBRBgNVHSMESjBIgBRJQ1tS
-+DF4tYR0eo0n0yIfqdTCpaEapBgwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0GCFHXP
-MTul9juXSk26FNFYypPL8X+lMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQE
-AwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAqFssLTpq0Z0aRLPvFP1jK/1yeU46MP8b
-kYL8f8i/RQV07emU1HNNZveCt36y40H8+LYswqBkr+MFZYBRXmrLxi0zhNC8ukDF
-xw4tBRa1gXreatYTqrJYXRhyGpifvisAZ3B6ghybbzhaemDu1Rr9j4/SVYe8ubzg
-wL/W7AlwoipQbt5BdZm9yV6MXlIJOz0c4McF7GVkf+RXmA0ux3lfb5v0sLvMWPDd
-xMAEpqOPrh10wwRzVl7kSyvvh9nGhB29pxdjjYoxmW7X6RVWsQC3X0nJRHHybRS1
-Brl6f+WN+46j8fRSx3I7bPRQ0cjFJkpAaxYIfqvJjFQ8lFdePlKE9w==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- c3:0f:84:cf:71:19:04:e9:f7:bc:b1:ad:5d:99:6b:80
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:55:11 2022 GMT
- Not After : Jan 25 16:55:11 2032 GMT
- Subject: CN=mszabo
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:b7:e3:57:e4:6d:41:2f:71:88:38:35:5c:fb:54:
- 6d:75:dc:d4:fc:38:95:81:ed:98:13:6a:1b:aa:db:
- 41:fb:2d:8b:ff:1d:49:9c:08:9e:b5:4a:a0:7c:48:
- 96:87:1d:8d:ea:df:85:ad:5a:23:a0:7c:9a:ec:97:
- 9c:73:20:06:2b:02:06:67:2b:86:fb:94:7f:e8:ff:
- 3e:e2:3c:f4:3d:13:40:f2:6d:3c:15:5d:72:a2:7d:
- b0:c2:0a:17:a2:a3:83:66:52:e9:0a:04:b2:f1:b7:
- 1d:86:93:f9:11:82:bd:26:5a:b5:39:9d:61:d2:34:
- 78:25:24:c6:fd:e7:c8:3b:c8:bb:8d:98:fa:cf:5f:
- b8:e4:a8:93:2d:68:70:51:b9:2c:d0:7c:31:94:4a:
- 00:b9:2d:d4:29:2a:b2:18:54:27:77:2f:e0:3c:a7:
- f4:0a:16:c7:9c:a9:a0:b1:ba:54:43:a2:52:14:58:
- 71:74:63:f6:9b:e6:5e:89:09:8c:a5:1c:ae:41:82:
- 01:8d:2c:94:ad:a1:c0:47:c7:1a:8b:79:06:c6:3e:
- 66:9b:d9:37:64:70:7b:d6:c3:f1:02:81:9f:4c:42:
- 5d:da:c0:95:ca:96:e4:7f:41:75:72:f3:35:eb:e2:
- a1:97:78:3d:07:6d:90:27:d0:41:b1:74:1a:ee:1d:
- 0c:7f
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 54:03:3E:8D:18:23:6D:03:63:E7:22:D6:12:21:9B:0A:0B:24:47:19
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- 6b:11:da:f5:70:9e:8f:07:ec:18:40:e5:2e:65:9c:10:36:55:
- 83:13:8e:3e:5e:82:8a:3d:db:6b:ac:fc:6f:ea:8d:9d:97:27:
- 47:a6:b1:d4:b7:4d:f5:b6:36:dc:62:7d:66:be:f1:ab:24:29:
- f2:b2:89:83:49:e4:de:40:00:74:ca:e8:7e:92:2a:3c:65:e0:
- 6d:ac:5a:5c:76:31:27:2d:57:82:8e:e4:cb:ee:8b:a1:db:a2:
- f8:e1:12:25:93:d1:79:1f:82:93:2b:d8:83:37:07:6b:b5:bc:
- 48:4f:bf:36:23:ea:04:23:0f:81:87:3a:d7:e5:51:75:ce:7e:
- e4:fd:76:ee:ff:df:31:4b:2f:28:9e:9e:28:c1:2a:01:ab:66:
- a3:b8:95:17:70:1f:2f:7b:06:da:ca:73:81:e3:a5:5b:1a:74:
- 4c:8d:93:df:3e:56:ef:f7:16:0c:8b:78:5c:69:35:af:9a:64:
- df:bc:12:ac:c8:77:48:94:4f:b8:28:5f:86:dd:ff:4c:b8:8e:
- 0c:64:5b:9b:ce:24:5e:02:53:6a:78:f3:41:a2:86:7b:07:43:
- 64:92:2c:fa:77:18:f0:31:58:05:e4:76:2a:60:cf:71:6b:2b:
- c9:71:d4:e2:48:00:0b:d9:59:1a:3c:dd:bf:55:54:ea:79:fd:
- 44:37:79:b8
------BEGIN CERTIFICATE-----
-MIIDVTCCAj2gAwIBAgIRAMMPhM9xGQTp97yxrV2Za4AwDQYJKoZIhvcNAQELBQAw
-FjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjIwMTI3MTY1NTExWhcNMzIwMTI1
-MTY1NTExWjARMQ8wDQYDVQQDDAZtc3phYm8wggEiMA0GCSqGSIb3DQEBAQUAA4IB
-DwAwggEKAoIBAQC341fkbUEvcYg4NVz7VG113NT8OJWB7ZgTahuq20H7LYv/HUmc
-CJ61SqB8SJaHHY3q34WtWiOgfJrsl5xzIAYrAgZnK4b7lH/o/z7iPPQ9E0DybTwV
-XXKifbDCCheio4NmUukKBLLxtx2Gk/kRgr0mWrU5nWHSNHglJMb958g7yLuNmPrP
-X7jkqJMtaHBRuSzQfDGUSgC5LdQpKrIYVCd3L+A8p/QKFsecqaCxulRDolIUWHF0
-Y/ab5l6JCYylHK5BggGNLJStocBHxxqLeQbGPmab2TdkcHvWw/ECgZ9MQl3awJXK
-luR/QXVy8zXr4qGXeD0HbZAn0EGxdBruHQx/AgMBAAGjgaIwgZ8wCQYDVR0TBAIw
-ADAdBgNVHQ4EFgQUVAM+jRgjbQNj5yLWEiGbCgskRxkwUQYDVR0jBEowSIAUSUNb
-UvgxeLWEdHqNJ9MiH6nUwqWhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghR1
-zzE7pfY7l0pNuhTRWMqTy/F/pTATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8E
-BAMCB4AwDQYJKoZIhvcNAQELBQADggEBAGsR2vVwno8H7BhA5S5lnBA2VYMTjj5e
-goo922us/G/qjZ2XJ0emsdS3TfW2NtxifWa+8askKfKyiYNJ5N5AAHTK6H6SKjxl
-4G2sWlx2MSctV4KO5Mvui6HbovjhEiWT0XkfgpMr2IM3B2u1vEhPvzYj6gQjD4GH
-OtflUXXOfuT9du7/3zFLLyienijBKgGrZqO4lRdwHy97BtrKc4HjpVsadEyNk98+
-Vu/3FgyLeFxpNa+aZN+8EqzId0iUT7goX4bd/0y4jgxkW5vOJF4CU2p480GihnsH
-Q2SSLPp3GPAxWAXkdipgz3FrK8lx1OJIAAvZWRo83b9VVOp5/UQ3ebg=
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 07:42:93:a8:25:71:a4:ae:b0:96:4d:14:d1:e2:ff:22
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:55:26 2022 GMT
- Not After : Jan 25 16:55:26 2032 GMT
- Subject: CN=osweidan
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:c4:fd:94:e9:62:a5:7d:74:92:9a:22:d6:7b:35:
- ff:95:26:e8:d3:bf:1e:ee:96:be:ba:de:2c:31:5a:
- 02:27:6d:ac:42:b4:3a:e0:22:89:63:e3:a3:b5:68:
- 8b:6f:f8:0e:a9:1f:a9:e5:62:d1:b4:39:6c:73:61:
- 89:a1:0e:db:8e:62:21:06:0b:d5:4f:64:10:39:4c:
- 91:f5:05:ca:65:09:82:e7:c6:52:61:7f:ed:de:95:
- bc:8f:23:a3:01:77:c3:2a:1c:75:ff:b9:55:66:a2:
- ae:ff:27:0d:4a:70:8c:b6:4d:f8:bc:65:fd:ff:a8:
- 60:e1:ea:df:64:e9:46:34:71:ec:3b:05:cb:ec:e7:
- a0:bc:39:6c:04:16:f9:0c:2c:c2:4b:4f:aa:80:6b:
- d7:37:68:e9:c4:f2:91:11:5b:33:03:8e:85:67:40:
- 7c:97:36:84:94:15:21:3d:2a:e9:87:81:65:21:fa:
- 27:07:ca:1b:0b:df:fa:eb:34:62:d5:52:fc:b6:00:
- 1a:54:bc:6d:0a:52:70:5e:15:38:ec:ce:dd:62:0c:
- c6:c2:10:7c:b2:a5:8b:18:10:81:f4:b5:9a:38:c4:
- cc:00:fa:de:0b:ca:8b:bc:82:df:2f:9e:84:3b:6a:
- 1e:13:61:c1:72:28:cd:0d:71:1d:97:36:04:2d:c8:
- 50:e1
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 52:89:7A:20:5D:CA:C8:13:92:30:14:B2:BD:6D:FA:8B:FE:73:38:9C
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- 17:99:13:42:f0:60:a8:b3:54:d4:c6:30:12:1e:0f:d3:78:a5:
- c1:1f:54:0e:3f:15:8c:72:60:dd:8e:e4:23:64:4f:5f:a5:7f:
- 12:59:d3:c4:cf:9b:51:98:67:cb:49:a9:99:38:65:09:7f:56:
- 42:08:86:31:e5:48:54:04:82:ac:1b:23:fd:63:b6:49:dd:73:
- 50:af:84:0c:d5:37:6e:47:49:f6:2a:17:0c:c1:08:f9:cf:4f:
- 3f:90:c7:dc:c4:d8:ef:99:ab:f8:12:55:8d:9a:18:4b:2f:9e:
- c8:1f:97:31:83:8a:62:3d:6c:d0:0e:0c:e2:d4:7c:2f:10:37:
- 7e:23:be:7d:f8:59:97:4e:a6:5f:75:ca:6a:a4:f1:ea:b9:41:
- da:fe:be:8f:28:ff:0a:93:17:b0:7a:d2:fe:4e:7a:c7:ed:c2:
- fe:91:93:c8:94:43:ec:74:4f:34:85:6e:7c:72:1d:45:2a:b1:
- b9:bd:3b:d7:d0:b9:4d:54:74:6d:c5:73:03:ad:5c:7d:9d:16:
- bb:28:d4:9c:6e:33:54:65:e5:11:06:b5:a5:e8:e9:dc:b4:95:
- 4b:b4:6b:ef:db:5a:fe:4e:8f:4b:3d:b6:e2:37:fb:78:37:36:
- 9a:a0:26:cc:19:72:e6:26:99:05:e2:6b:a2:6f:d4:86:cb:f5:
- 5c:fe:cc:54
------BEGIN CERTIFICATE-----
-MIIDVjCCAj6gAwIBAgIQB0KTqCVxpK6wlk0U0eL/IjANBgkqhkiG9w0BAQsFADAW
-MRQwEgYDVQQDDAtFYXN5LVJTQSBDQTAeFw0yMjAxMjcxNjU1MjZaFw0zMjAxMjUx
-NjU1MjZaMBMxETAPBgNVBAMMCG9zd2VpZGFuMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEAxP2U6WKlfXSSmiLWezX/lSbo078e7pa+ut4sMVoCJ22sQrQ6
-4CKJY+OjtWiLb/gOqR+p5WLRtDlsc2GJoQ7bjmIhBgvVT2QQOUyR9QXKZQmC58ZS
-YX/t3pW8jyOjAXfDKhx1/7lVZqKu/ycNSnCMtk34vGX9/6hg4erfZOlGNHHsOwXL
-7OegvDlsBBb5DCzCS0+qgGvXN2jpxPKREVszA46FZ0B8lzaElBUhPSrph4FlIfon
-B8obC9/66zRi1VL8tgAaVLxtClJwXhU47M7dYgzGwhB8sqWLGBCB9LWaOMTMAPre
-C8qLvILfL56EO2oeE2HBcijNDXEdlzYELchQ4QIDAQABo4GiMIGfMAkGA1UdEwQC
-MAAwHQYDVR0OBBYEFFKJeiBdysgTkjAUsr1t+ov+czicMFEGA1UdIwRKMEiAFElD
-W1L4MXi1hHR6jSfTIh+p1MKloRqkGDAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQYIU
-dc8xO6X2O5dKTboU0VjKk8vxf6UwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0P
-BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQAXmRNC8GCos1TUxjASHg/TeKXBH1QO
-PxWMcmDdjuQjZE9fpX8SWdPEz5tRmGfLSamZOGUJf1ZCCIYx5UhUBIKsGyP9Y7ZJ
-3XNQr4QM1TduR0n2KhcMwQj5z08/kMfcxNjvmav4ElWNmhhLL57IH5cxg4piPWzQ
-Dgzi1HwvEDd+I759+FmXTqZfdcpqpPHquUHa/r6PKP8KkxewetL+TnrH7cL+kZPI
-lEPsdE80hW58ch1FKrG5vTvX0LlNVHRtxXMDrVx9nRa7KNScbjNUZeURBrWl6Onc
-tJVLtGvv21r+To9LPbbiN/t4NzaaoCbMGXLmJpkF4muib9SGy/Vc/sxU
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 73:44:69:33:9d:70:f8:2e:cc:af:44:62:a8:c4:d2:32
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:52:17 2022 GMT
- Not After : Jan 25 16:52:17 2032 GMT
- Subject: CN=qqcs
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:b9:83:80:30:d8:21:63:c5:f1:85:af:0d:2a:af:
- b6:c8:50:03:6e:6c:1c:55:28:b2:9d:59:1d:42:0b:
- f9:42:ea:38:d6:3d:1b:2f:9e:c2:c4:91:d8:0e:56:
- 28:03:5f:a8:a9:bf:6a:d7:9f:22:78:b8:cb:f5:7e:
- da:c0:bb:56:b7:25:a1:84:af:19:70:c3:27:fc:33:
- 82:01:71:76:25:a3:6e:bb:d6:a3:71:1b:4a:48:51:
- 3d:6a:c6:36:28:05:88:01:3c:6a:45:b5:a3:46:f1:
- 8b:bf:49:52:80:c6:30:fd:a3:4c:36:22:f0:b5:22:
- fe:05:0d:8f:8d:14:0b:67:3d:95:4f:56:d3:88:a6:
- a3:a7:56:52:86:ad:7b:a9:03:e8:39:50:18:7d:79:
- d0:9c:c7:24:4b:02:75:60:95:60:0f:92:a5:44:7a:
- 7c:6b:ec:77:29:ac:6f:a9:7f:7d:ee:06:9c:36:d5:
- 8c:fe:34:f5:c0:52:6c:4e:26:c9:4c:e6:17:02:41:
- 89:f7:5e:83:51:eb:2c:59:c1:e0:96:6d:7b:57:7f:
- f7:d6:df:59:59:5a:c2:23:5b:7c:f6:f9:41:ec:fa:
- 5a:6c:a7:41:2c:5e:c6:a1:50:3f:c2:4c:a9:ee:60:
- d1:10:af:e3:99:c3:2d:c5:dc:cd:ac:ee:8e:c6:92:
- 16:33
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- E5:15:40:45:95:37:CC:FA:F8:7F:B7:70:67:A8:23:62:31:B6:58:35
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- 1b:08:06:e9:01:65:f8:ff:f8:52:03:4c:f4:e3:da:41:7a:b1:
- e3:af:78:f3:ba:0d:7a:28:68:71:ef:fe:db:ef:8d:eb:c9:5f:
- 18:c2:0c:36:48:2e:b3:38:f1:21:09:d4:21:11:4a:21:4d:3b:
- 6c:c0:cb:2a:55:c9:59:5e:e9:03:e9:ca:af:c3:46:86:68:96:
- 3b:2a:1a:41:a9:d0:f1:f5:21:78:45:ab:70:d9:a5:7d:58:9d:
- 3b:cb:39:3a:d5:17:39:cb:9a:21:fa:b1:01:c2:4e:12:35:48:
- a2:d4:0f:06:d1:ca:37:98:3e:0b:51:a2:bf:34:ff:d1:28:86:
- 3d:34:1a:25:a8:5d:0d:08:03:d9:80:26:e7:9b:9a:31:a2:d0:
- b8:26:1f:b6:60:d8:50:8b:a2:aa:6b:61:94:9d:56:b9:6e:c4:
- 02:b7:45:91:6b:fb:45:ae:62:00:cd:54:37:07:82:10:1c:bf:
- 4c:73:ff:53:ff:f8:0f:67:43:9d:a7:27:1c:4b:51:01:27:cf:
- 0a:8d:8f:84:49:85:3c:c4:59:1e:23:9a:2f:2d:71:03:a3:b4:
- 3a:59:2d:6b:d5:ec:c0:0f:8b:95:79:b6:71:50:4a:e7:13:6e:
- 49:59:fc:4f:e7:df:8a:40:23:32:41:f4:28:54:4e:43:ef:16:
- 24:f2:f1:8d
------BEGIN CERTIFICATE-----
-MIIDUjCCAjqgAwIBAgIQc0RpM51w+C7Mr0RiqMTSMjANBgkqhkiG9w0BAQsFADAW
-MRQwEgYDVQQDDAtFYXN5LVJTQSBDQTAeFw0yMjAxMjcxNjUyMTdaFw0zMjAxMjUx
-NjUyMTdaMA8xDTALBgNVBAMMBHFxY3MwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQC5g4Aw2CFjxfGFrw0qr7bIUANubBxVKLKdWR1CC/lC6jjWPRsvnsLE
-kdgOVigDX6ipv2rXnyJ4uMv1ftrAu1a3JaGErxlwwyf8M4IBcXYlo2671qNxG0pI
-UT1qxjYoBYgBPGpFtaNG8Yu/SVKAxjD9o0w2IvC1Iv4FDY+NFAtnPZVPVtOIpqOn
-VlKGrXupA+g5UBh9edCcxyRLAnVglWAPkqVEenxr7HcprG+pf33uBpw21Yz+NPXA
-UmxOJslM5hcCQYn3XoNR6yxZweCWbXtXf/fW31lZWsIjW3z2+UHs+lpsp0EsXsah
-UD/CTKnuYNEQr+OZwy3F3M2s7o7GkhYzAgMBAAGjgaIwgZ8wCQYDVR0TBAIwADAd
-BgNVHQ4EFgQU5RVARZU3zPr4f7dwZ6gjYjG2WDUwUQYDVR0jBEowSIAUSUNbUvgx
-eLWEdHqNJ9MiH6nUwqWhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghR1zzE7
-pfY7l0pNuhTRWMqTy/F/pTATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMC
-B4AwDQYJKoZIhvcNAQELBQADggEBABsIBukBZfj/+FIDTPTj2kF6seOvePO6DXoo
-aHHv/tvvjevJXxjCDDZILrM48SEJ1CERSiFNO2zAyypVyVle6QPpyq/DRoZoljsq
-GkGp0PH1IXhFq3DZpX1YnTvLOTrVFznLmiH6sQHCThI1SKLUDwbRyjeYPgtRor80
-/9Eohj00GiWoXQ0IA9mAJuebmjGi0LgmH7Zg2FCLoqprYZSdVrluxAK3RZFr+0Wu
-YgDNVDcHghAcv0xz/1P/+A9nQ52nJxxLUQEnzwqNj4RJhTzEWR4jmi8tcQOjtDpZ
-LWvV7MAPi5V5tnFQSucTbklZ/E/n34pAIzJB9ChUTkPvFiTy8Y0=
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- c2:28:3c:ff:fa:8e:dc:f7:39:52:42:b1:f3:82:40:74
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:56:00 2022 GMT
- Not After : Jan 25 16:56:00 2032 GMT
- Subject: CN=rrendek
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:f3:4f:9c:e7:ba:7f:36:4f:1d:ac:7a:c7:d0:6c:
- 59:f4:c2:e8:07:a3:d2:f1:ba:7b:e7:75:96:91:47:
- 02:ac:53:d5:40:1b:43:25:ad:b9:15:b5:e5:b0:c0:
- 90:42:74:47:a5:92:b0:f5:1c:fb:02:a9:0e:bd:9d:
- b2:6d:85:95:2a:2b:95:51:9b:4e:14:22:45:bc:ab:
- 23:df:76:e3:1a:f6:b7:27:a2:f0:e5:49:88:04:dc:
- cb:7d:a0:4e:2b:8d:56:97:59:e9:4e:dc:f7:9f:41:
- 2e:16:ef:75:59:db:e9:9c:59:3e:e5:3f:05:a7:aa:
- 0d:01:bc:db:f8:03:e1:b1:d6:4b:70:18:1b:5e:10:
- 05:a6:28:99:59:e5:a5:38:17:a9:92:95:ba:74:84:
- cf:20:d4:e4:e4:26:4f:82:6d:3b:aa:51:d4:2e:4e:
- c8:99:63:3a:bb:dd:ee:5d:e9:1c:ab:4b:54:a3:df:
- 48:54:c0:7e:20:85:a1:4f:0a:93:3e:94:90:90:92:
- f3:dc:73:94:16:3d:99:6e:57:82:98:87:8c:f8:15:
- 0c:1e:35:6f:48:47:ed:15:3f:e4:06:98:04:f1:af:
- 27:3d:af:25:10:aa:46:79:4e:00:ce:d4:bf:70:1f:
- 2f:60:4b:a1:77:be:68:ff:36:4a:5f:60:ff:2e:cf:
- ef:d5
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 20:87:C3:77:30:AC:3B:C2:8A:77:02:A3:86:B8:C0:A4:44:7D:33:FD
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- 10:48:0c:b5:7b:c8:7f:51:e4:53:31:e9:c0:88:8a:da:55:2e:
- e2:3b:ee:5f:20:bf:b1:ce:c8:0b:90:f5:d3:99:cf:b0:96:8b:
- 63:9b:0a:ba:9b:2f:7b:d0:27:29:8b:67:b7:b2:85:d4:e6:26:
- 6a:06:9f:27:f5:c0:a1:d9:35:39:51:89:82:18:b7:d4:25:72:
- d5:a1:5f:56:65:37:15:e9:f6:8a:6f:03:6d:59:b7:8c:17:44:
- f9:09:c3:71:3f:5d:e0:25:99:22:c4:32:41:a0:8b:93:02:47:
- 14:ff:eb:df:1b:0b:d8:7e:ea:d8:d9:40:33:c6:ca:b2:f2:c6:
- 53:89:90:b1:4a:5a:68:44:a1:18:df:af:1b:fc:b7:b7:04:20:
- 36:61:e0:44:0d:9f:95:ed:f7:59:d7:a6:22:5a:0f:82:bf:5a:
- aa:5a:fd:3c:77:0e:82:e6:ac:f3:b8:5d:26:62:55:66:06:3d:
- cc:0a:22:09:dd:18:ec:98:eb:e9:f2:c5:43:85:f9:d8:43:82:
- a8:ed:0e:19:0d:43:95:d9:ee:17:93:b4:ad:da:2a:b3:10:cf:
- 52:74:50:2b:3d:8a:06:bd:31:52:38:07:85:dd:ca:9b:cb:97:
- fb:ad:e6:a0:78:23:93:5c:22:5d:b9:d1:0f:55:32:07:d7:df:
- c0:db:e5:05
------BEGIN CERTIFICATE-----
-MIIDVjCCAj6gAwIBAgIRAMIoPP/6jtz3OVJCsfOCQHQwDQYJKoZIhvcNAQELBQAw
-FjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjIwMTI3MTY1NjAwWhcNMzIwMTI1
-MTY1NjAwWjASMRAwDgYDVQQDDAdycmVuZGVrMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEA80+c57p/Nk8drHrH0GxZ9MLoB6PS8bp753WWkUcCrFPVQBtD
-Ja25FbXlsMCQQnRHpZKw9Rz7AqkOvZ2ybYWVKiuVUZtOFCJFvKsj33bjGva3J6Lw
-5UmIBNzLfaBOK41Wl1npTtz3n0EuFu91WdvpnFk+5T8Fp6oNAbzb+APhsdZLcBgb
-XhAFpiiZWeWlOBepkpW6dITPINTk5CZPgm07qlHULk7ImWM6u93uXekcq0tUo99I
-VMB+IIWhTwqTPpSQkJLz3HOUFj2ZbleCmIeM+BUMHjVvSEftFT/kBpgE8a8nPa8l
-EKpGeU4AztS/cB8vYEuhd75o/zZKX2D/Ls/v1QIDAQABo4GiMIGfMAkGA1UdEwQC
-MAAwHQYDVR0OBBYEFCCHw3cwrDvCincCo4a4wKREfTP9MFEGA1UdIwRKMEiAFElD
-W1L4MXi1hHR6jSfTIh+p1MKloRqkGDAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQYIU
-dc8xO6X2O5dKTboU0VjKk8vxf6UwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0P
-BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQAQSAy1e8h/UeRTMenAiIraVS7iO+5f
-IL+xzsgLkPXTmc+wlotjmwq6my970Ccpi2e3soXU5iZqBp8n9cCh2TU5UYmCGLfU
-JXLVoV9WZTcV6faKbwNtWbeMF0T5CcNxP13gJZkixDJBoIuTAkcU/+vfGwvYfurY
-2UAzxsqy8sZTiZCxSlpoRKEY368b/Le3BCA2YeBEDZ+V7fdZ16YiWg+Cv1qqWv08
-dw6C5qzzuF0mYlVmBj3MCiIJ3RjsmOvp8sVDhfnYQ4Ko7Q4ZDUOV2e4Xk7St2iqz
-EM9SdFArPYoGvTFSOAeF3cqby5f7reageCOTXCJdudEPVTIH19/A2+UF
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 33:59:80:b8:6f:f1:71:c9:57:98:a1:e9:af:81:5f:cb
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:22:46 2022 GMT
- Not After : Jan 25 16:22:46 2032 GMT
- Subject: CN=vpn.in.useribm.hu
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:d1:47:ff:20:8f:34:88:dd:50:ed:d5:d1:55:d8:
- 12:a2:ff:61:e5:0d:71:29:00:49:35:d0:1c:4a:ef:
- d4:01:49:c5:84:3a:a3:b9:14:ae:cc:d1:50:53:4c:
- 7d:68:38:55:14:88:e3:42:0e:76:8c:17:a7:fd:8b:
- 3b:a9:9c:26:37:fc:d1:4f:89:ab:ea:b9:e1:1e:0b:
- 58:8b:ea:bd:80:8d:df:a0:0e:1d:bf:19:85:81:94:
- 87:e6:d0:0e:31:77:e3:29:7e:ef:16:6f:7e:01:09:
- eb:39:3d:da:11:a2:62:72:a7:8b:5b:f6:5c:75:f3:
- 24:a9:66:15:c2:fa:7a:b8:9c:35:a3:82:bb:84:41:
- cc:39:fe:cc:f2:d0:65:3b:13:b9:7b:1a:05:9b:6f:
- 8c:77:a1:a5:2c:59:17:86:e5:d7:58:23:c5:03:3e:
- ad:75:38:69:ba:f3:b4:41:3b:8a:ee:a0:8c:81:60:
- e0:13:51:ed:cb:90:d4:8c:d2:5e:d5:f9:d4:b3:b9:
- 7e:e6:71:4d:4a:bf:50:f1:d6:63:6a:f7:c0:44:8d:
- 48:46:9d:53:36:e8:c6:ba:fa:9d:08:5b:22:c5:f7:
- 6a:f9:b1:cf:9a:76:bd:fe:e0:88:01:82:4c:c8:a1:
- c0:3e:68:fc:06:e3:df:07:ec:97:48:1f:d2:c5:cd:
- 11:81
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 71:D0:E0:F8:9D:2C:0D:A1:35:C6:F5:4D:1C:88:53:40:07:00:78:35
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Server Authentication
- X509v3 Key Usage:
- Digital Signature, Key Encipherment
- X509v3 Subject Alternative Name:
- DNS:vpn.in.useribm.hu
- Signature Algorithm: sha256WithRSAEncryption
- af:9b:99:1f:f6:90:a0:7a:58:9f:98:d7:da:75:0d:86:85:c7:
- 8e:99:95:86:ad:8b:1d:c4:a8:e5:cf:75:79:bc:b8:ce:b8:2c:
- 53:e3:c6:93:e9:4a:42:b6:f7:2d:82:85:cf:ed:82:37:21:0f:
- 27:c5:07:56:33:99:37:37:66:da:72:1a:e1:0e:78:2d:f0:2c:
- fc:d8:af:b9:23:07:d9:82:9f:42:6d:e8:7a:5d:69:b1:f5:a2:
- 7a:d8:85:72:4c:e2:c6:c3:91:c7:65:1a:a2:a5:2e:94:58:5b:
- fe:a1:12:dc:48:15:9e:e6:18:a8:21:3f:fd:be:fa:28:02:22:
- 9f:f2:04:0c:e3:57:01:3f:fb:87:4f:64:ff:5a:c0:4c:60:48:
- 65:59:1a:db:76:c2:d4:1d:57:39:e8:10:57:f2:10:15:10:ce:
- 3d:7a:d5:4e:70:6e:90:22:6b:37:58:c7:01:7f:62:78:7c:b6:
- aa:e5:f6:5f:47:a0:97:27:b5:18:cd:ac:22:90:76:5d:0b:c8:
- dc:4c:55:01:b2:8f:67:e6:14:17:7f:f3:c6:1a:f5:0d:a3:f4:
- 2e:0c:d5:bb:08:fc:7b:23:c2:c7:ed:25:77:97:94:3d:86:87:
- de:bd:0c:83:ea:52:6b:44:45:fd:39:a0:e8:61:dc:be:73:1c:
- 10:c6:ba:0c
------BEGIN CERTIFICATE-----
-MIIDfTCCAmWgAwIBAgIQM1mAuG/xcclXmKHpr4FfyzANBgkqhkiG9w0BAQsFADAW
-MRQwEgYDVQQDDAtFYXN5LVJTQSBDQTAeFw0yMjAxMjcxNjIyNDZaFw0zMjAxMjUx
-NjIyNDZaMBwxGjAYBgNVBAMMEXZwbi5pbi51c2VyaWJtLmh1MIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Uf/II80iN1Q7dXRVdgSov9h5Q1xKQBJNdAc
-Su/UAUnFhDqjuRSuzNFQU0x9aDhVFIjjQg52jBen/Ys7qZwmN/zRT4mr6rnhHgtY
-i+q9gI3foA4dvxmFgZSH5tAOMXfjKX7vFm9+AQnrOT3aEaJicqeLW/ZcdfMkqWYV
-wvp6uJw1o4K7hEHMOf7M8tBlOxO5exoFm2+Md6GlLFkXhuXXWCPFAz6tdThpuvO0
-QTuK7qCMgWDgE1Hty5DUjNJe1fnUs7l+5nFNSr9Q8dZjavfARI1IRp1TNujGuvqd
-CFsixfdq+bHPmna9/uCIAYJMyKHAPmj8BuPfB+yXSB/Sxc0RgQIDAQABo4HAMIG9
-MAkGA1UdEwQCMAAwHQYDVR0OBBYEFHHQ4PidLA2hNcb1TRyIU0AHAHg1MFEGA1Ud
-IwRKMEiAFElDW1L4MXi1hHR6jSfTIh+p1MKloRqkGDAWMRQwEgYDVQQDDAtFYXN5
-LVJTQSBDQYIUdc8xO6X2O5dKTboU0VjKk8vxf6UwEwYDVR0lBAwwCgYIKwYBBQUH
-AwEwCwYDVR0PBAQDAgWgMBwGA1UdEQQVMBOCEXZwbi5pbi51c2VyaWJtLmh1MA0G
-CSqGSIb3DQEBCwUAA4IBAQCvm5kf9pCgelifmNfadQ2GhceOmZWGrYsdxKjlz3V5
-vLjOuCxT48aT6UpCtvctgoXP7YI3IQ8nxQdWM5k3N2bachrhDngt8Cz82K+5IwfZ
-gp9Cbeh6XWmx9aJ62IVyTOLGw5HHZRqipS6UWFv+oRLcSBWe5hioIT/9vvooAiKf
-8gQM41cBP/uHT2T/WsBMYEhlWRrbdsLUHVc56BBX8hAVEM49etVOcG6QIms3WMcB
-f2J4fLaq5fZfR6CXJ7UYzawikHZdC8jcTFUBso9n5hQXf/PGGvUNo/QuDNW7CPx7
-I8LH7SV3l5Q9hofevQyD6lJrREX9OaDoYdy+cxwQxroM
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 2b:f6:cb:e6:ee:b9:5f:05:2f:9d:64:50:3f:0c:c3:37
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Easy-RSA CA
- Validity
- Not Before: Jan 27 16:56:14 2022 GMT
- Not After : Jan 25 16:56:14 2032 GMT
- Subject: CN=zfelleg
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:a9:54:33:8f:8b:4d:40:21:59:cf:42:77:2e:a3:
- 58:dc:9b:6c:62:ab:d8:f7:7e:06:98:e0:d8:20:13:
- 6f:14:01:d2:3a:9c:d6:a8:d5:9e:cd:1b:b7:53:e4:
- a5:c0:aa:50:13:6a:9a:34:c6:8b:ce:b0:f2:68:ff:
- e1:8d:ed:a3:91:27:c9:30:75:d3:8d:ee:be:df:c6:
- 1f:df:ef:50:f1:21:d5:4d:ae:07:b7:b9:97:bc:ba:
- 6a:65:22:03:00:86:7b:7f:b3:8b:c4:98:73:3d:e6:
- 44:2f:27:31:6d:9c:7d:9d:da:d6:a4:65:68:bb:5b:
- 06:fb:f3:9b:b6:69:f9:08:dd:61:6b:0e:04:48:e7:
- d7:d9:8a:82:1f:44:74:a4:be:86:54:bb:c0:55:da:
- c5:d6:d7:83:6d:26:09:4e:c6:87:cc:89:e1:e8:40:
- 6d:3b:9f:c3:b2:8b:23:87:d2:8c:93:be:95:33:6a:
- 35:dd:33:45:de:06:42:ee:18:19:5a:1d:52:46:54:
- a4:f0:af:5b:f9:56:6d:be:3d:01:ea:96:fe:75:6b:
- 44:95:f8:3b:8a:11:67:59:7b:c8:30:cd:05:40:5a:
- f5:ce:5d:80:2a:aa:0b:f5:e1:24:d2:81:54:b7:7f:
- 39:b0:1c:10:0e:6b:39:d3:06:3b:58:48:7a:a9:7e:
- ea:4f
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- E2:66:F5:04:A5:2A:61:D5:3B:DF:7A:50:2E:78:E9:C4:76:F1:D5:78
- X509v3 Authority Key Identifier:
- keyid:49:43:5B:52:F8:31:78:B5:84:74:7A:8D:27:D3:22:1F:A9:D4:C2:A5
- DirName:/CN=Easy-RSA CA
- serial:75:CF:31:3B:A5:F6:3B:97:4A:4D:BA:14:D1:58:CA:93:CB:F1:7F:A5
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- 21:ff:e7:b7:cf:17:01:19:6e:2c:43:1c:96:37:32:3b:49:ba:
- 4f:97:59:fc:31:2a:97:88:54:5b:96:6b:cd:20:75:f8:91:29:
- 69:93:a0:54:8f:bf:2a:9e:1f:7a:d5:25:ef:7e:16:04:72:0b:
- ab:fc:26:fb:65:47:6a:dc:64:59:e5:51:1a:3b:bd:1c:21:93:
- ba:39:dc:34:37:98:68:0b:7b:72:96:81:0f:63:ea:bc:ea:ed:
- 19:9e:bb:b4:56:8e:c9:67:44:4f:d6:c8:60:2c:7f:37:c7:8e:
- a7:37:c5:f1:67:99:57:2b:0e:1d:8d:27:8c:bf:e1:5b:b7:42:
- 76:09:f0:e5:03:72:a3:93:91:03:62:8c:7d:f5:d9:f0:8e:ca:
- 52:9e:00:8c:1a:90:72:30:ba:86:92:ff:f6:41:ca:17:7d:75:
- 6f:3c:e0:4b:9a:26:d2:fe:79:23:cd:96:0e:c3:77:eb:d4:0c:
- 44:e5:d4:1a:5d:73:2e:48:26:25:97:04:65:90:0b:1f:6f:f1:
- 0c:f6:07:68:c5:38:cf:f4:74:b1:c3:06:ce:38:d2:98:b1:be:
- 82:20:bf:41:6e:8e:74:a5:f7:e9:de:dd:ed:c8:99:db:1c:de:
- c6:14:4d:8d:f1:85:52:d0:a7:44:3e:18:41:87:52:b9:e0:8c:
- ee:1f:01:42
------BEGIN CERTIFICATE-----
-MIIDVTCCAj2gAwIBAgIQK/bL5u65XwUvnWRQPwzDNzANBgkqhkiG9w0BAQsFADAW
-MRQwEgYDVQQDDAtFYXN5LVJTQSBDQTAeFw0yMjAxMjcxNjU2MTRaFw0zMjAxMjUx
-NjU2MTRaMBIxEDAOBgNVBAMMB3pmZWxsZWcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-DwAwggEKAoIBAQCpVDOPi01AIVnPQncuo1jcm2xiq9j3fgaY4NggE28UAdI6nNao
-1Z7NG7dT5KXAqlATapo0xovOsPJo/+GN7aORJ8kwddON7r7fxh/f71DxIdVNrge3
-uZe8umplIgMAhnt/s4vEmHM95kQvJzFtnH2d2takZWi7Wwb785u2afkI3WFrDgRI
-59fZioIfRHSkvoZUu8BV2sXW14NtJglOxofMieHoQG07n8OyiyOH0oyTvpUzajXd
-M0XeBkLuGBlaHVJGVKTwr1v5Vm2+PQHqlv51a0SV+DuKEWdZe8gwzQVAWvXOXYAq
-qgv14STSgVS3fzmwHBAOaznTBjtYSHqpfupPAgMBAAGjgaIwgZ8wCQYDVR0TBAIw
-ADAdBgNVHQ4EFgQU4mb1BKUqYdU733pQLnjpxHbx1XgwUQYDVR0jBEowSIAUSUNb
-UvgxeLWEdHqNJ9MiH6nUwqWhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghR1
-zzE7pfY7l0pNuhTRWMqTy/F/pTATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8E
-BAMCB4AwDQYJKoZIhvcNAQELBQADggEBACH/57fPFwEZbixDHJY3MjtJuk+XWfwx
-KpeIVFuWa80gdfiRKWmToFSPvyqeH3rVJe9+FgRyC6v8JvtlR2rcZFnlURo7vRwh
-k7o53DQ3mGgLe3KWgQ9j6rzq7Rmeu7RWjslnRE/WyGAsfzfHjqc3xfFnmVcrDh2N
-J4y/4Vu3QnYJ8OUDcqOTkQNijH312fCOylKeAIwakHIwuoaS//ZByhd9dW884Eua
-JtL+eSPNlg7Dd+vUDETl1Bpdcy5IJiWXBGWQCx9v8Qz2B2jFOM/0dLHDBs440pix
-voIgv0FujnSl9+ne3e3Imdsc3sYUTY3xhVLQp0Q+GEGHUrngjO4fAUI=
------END CERTIFICATE-----
+++ /dev/null
-# For use with Easy-RSA 3.0+ and OpenSSL or LibreSSL
-
-####################################################################
-[ ca ]
-default_ca = CA_default # The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir = $ENV::EASYRSA_PKI # Where everything is kept
-certs = $dir # Where the issued certs are kept
-crl_dir = $dir # Where the issued crl are kept
-database = $dir/index.txt # database index file.
-new_certs_dir = $dir/certs_by_serial # default place for new certs.
-
-certificate = $dir/ca.crt # The CA certificate
-serial = $dir/serial # The current serial number
-crl = $dir/crl.pem # The current CRL
-private_key = $dir/private/ca.key # The private key
-RANDFILE = $dir/.rand # private random number file
-
-x509_extensions = basic_exts # The extensions to add to the cert
-
-# This allows a V2 CRL. Ancient browsers don't like it, but anything Easy-RSA
-# is designed for will. In return, we get the Issuer attached to CRLs.
-crl_extensions = crl_ext
-
-default_days = $ENV::EASYRSA_CERT_EXPIRE # how long to certify for
-default_crl_days= $ENV::EASYRSA_CRL_DAYS # how long before next CRL
-default_md = $ENV::EASYRSA_DIGEST # use public key default MD
-preserve = no # keep passed DN ordering
-
-# This allows to renew certificates which have not been revoked
-unique_subject = no
-
-# A few different ways of specifying how similar the request should look
-# For type CA, the listed attributes must be the same, and the optional
-# and supplied fields are just that :-)
-policy = policy_anything
-
-# For the 'anything' policy, which defines allowed DN fields
-[ policy_anything ]
-countryName = optional
-stateOrProvinceName = optional
-localityName = optional
-organizationName = optional
-organizationalUnitName = optional
-commonName = supplied
-name = optional
-emailAddress = optional
-
-####################################################################
-# Easy-RSA request handling
-# We key off $DN_MODE to determine how to format the DN
-[ req ]
-default_bits = $ENV::EASYRSA_KEY_SIZE
-default_keyfile = privkey.pem
-default_md = $ENV::EASYRSA_DIGEST
-distinguished_name = $ENV::EASYRSA_DN
-x509_extensions = easyrsa_ca # The extensions to add to the self signed cert
-
-# A placeholder to handle the $EXTRA_EXTS feature:
-#%EXTRA_EXTS% # Do NOT remove or change this line as $EXTRA_EXTS support requires it
-
-####################################################################
-# Easy-RSA DN (Subject) handling
-
-# Easy-RSA DN for cn_only support:
-[ cn_only ]
-commonName = Common Name (eg: your user, host, or server name)
-commonName_max = 64
-commonName_default = $ENV::EASYRSA_REQ_CN
-
-# Easy-RSA DN for org support:
-[ org ]
-countryName = Country Name (2 letter code)
-countryName_default = $ENV::EASYRSA_REQ_COUNTRY
-countryName_min = 2
-countryName_max = 2
-
-stateOrProvinceName = State or Province Name (full name)
-stateOrProvinceName_default = $ENV::EASYRSA_REQ_PROVINCE
-
-localityName = Locality Name (eg, city)
-localityName_default = $ENV::EASYRSA_REQ_CITY
-
-0.organizationName = Organization Name (eg, company)
-0.organizationName_default = $ENV::EASYRSA_REQ_ORG
-
-organizationalUnitName = Organizational Unit Name (eg, section)
-organizationalUnitName_default = $ENV::EASYRSA_REQ_OU
-
-commonName = Common Name (eg: your user, host, or server name)
-commonName_max = 64
-commonName_default = $ENV::EASYRSA_REQ_CN
-
-emailAddress = Email Address
-emailAddress_default = $ENV::EASYRSA_REQ_EMAIL
-emailAddress_max = 64
-
-####################################################################
-# Easy-RSA cert extension handling
-
-# This section is effectively unused as the main script sets extensions
-# dynamically. This core section is left to support the odd usecase where
-# a user calls openssl directly.
-[ basic_exts ]
-basicConstraints = CA:FALSE
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid,issuer:always
-
-# The Easy-RSA CA extensions
-[ easyrsa_ca ]
-
-# PKIX recommendations:
-
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer:always
-
-# This could be marked critical, but it's nice to support reading by any
-# broken clients who attempt to do so.
-basicConstraints = CA:true
-
-# Limit key usage to CA tasks. If you really want to use the generated pair as
-# a self-signed cert, comment this out.
-keyUsage = cRLSign, keyCertSign
-
-# nsCertType omitted by default. Let's try to let the deprecated stuff die.
-# nsCertType = sslCA
-
-# CRL extensions.
-[ crl_ext ]
-
-# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
-
-# issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always,issuer:always
-
+++ /dev/null
------BEGIN PRIVATE KEY-----
-MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDNApwdLKPyn9zt
-4kQy4g8CLkdFoqUiMVqOyGjG32NrJTJi7tsWl91gIWGpy3dsmUXRWr+1TA4wpjOu
-EjdmOOxc5bl8Tw4UsBrBqFDjVgHOaA1j1JobM5Xw1Th6DdWzp3Mvo+1Uu05ACgkL
-7XM44L1lNi6SKblZ4Tvmv3RrjSr3YTG6EASY07Vzt3S8BtfAfDNLGNda6r+HfZU+
-utlarcdAjm9bkDiRVPK4MHGzrdQvyBlmg5koun4vAMLfzOaICOTvwuPlR4ttLXC0
-cd4zxUee5i73fd6Bb62kAES1eE89Q0PvXVoLVr6r2iItgPGZ/hPXoo5K+zEfjif9
-QHnhc/PXAgMBAAECggEAEzXEZSNytWBvdkb2dwIhv+WQPiEwchTH1ItI7iGukjKp
-FwYkt2hBkSlvmlZ7eUyfcy+auSVISxy3yP7h/A0ncMkB6XkK67tYtn7MHZFImAu9
-/XXFfvkFesyv/xfex3fQXk1xBriKa4vFLz3vxwugE6TRFlccjCSD1WppQU64EPf6
-ZFbnd3oDg3DTLB4sRP50LRRiOd0LGd5Rrfvfm9+4os5MB8O0zD/KuJtFLTCVPPZs
-v7xHq49y2aokUj4ZpYli1Cw8gMypL32ZIgWHtXaclZL2x5jMZNRj2r+suSArweCB
-KKJpG4VJNTTSvLDDsFvZF3Ax5NSofDW2xFNAb/kAGQKBgQD9/WHWoRYH6dP9g/Kl
-1aG0fuqMIfPZCRk/2ogDd2EcxJ2QfcMnJGmTYQtyDPu5UPw7uQi4VP0NBSzLMC4t
-gNQTPPBuZYWr+anDNmxJuy85Aitaay+iQHUvLE+l4MviueYv6CTE5XC7TFtFJ6c+
-psfXFQZZlnNUiBfVy+lMWMJSowKBgQDOof0EjoC7XBoiLg9CgHrRBho6yZtwxfN2
-xSO4V6JabE+hytgs0NGRw91ZAkrJZCAgns4RkN57lJa62T9uTGfJgSuOwoh4b7As
-Z0ZUxgb8OHMdJLsfS/4s9rAvE4AS4lDSHX/2KBdscguEiqTy+eauAwvfHuSaJeYA
-ZrL7irfhPQKBgCII6ClooJki3kNkgQlz3R1gvHFWw2Rb8cQ6tmswfhTqy+pmz9XY
-7UTQhkYcM0cb8RDXtLFuwhISlXQM2sNCNij1y4oflI/8/qCoFE61BJjxD3ooTtPB
-K3LMz0d9HhUdsBjPVM4FqNuQWdKkg6bDlpfdu2IZ5Q54xijiEDso0bFdAoGAKNIh
-nQvV7K2mUAhPZXDiUnblKaX4ek/w6A7MHrfZUAnDtY/QIxJhxG0wRkxIn/6Sxj75
-MMkw2rMhD+qpOE4J1uoYw8w0j65o3GzOnSK98IfqXeCKwwUNQq69YZ91lsV09/1x
-8Rw8fGUPV3DYY1PxOYFKkBqXSMih5oRjaYQfDXUCgYA7DrzT8VANm8LNJH0aStSf
-Pgcd4zZb9hPbBaV2QMlZulbvYA5/01Nhqbhjdg7aQ3sDVINWoxS2BN2Uab/NAkNP
-biOnv2AOmscJ9a4zyYQqtT3TrmuR/HdiBMd2+wIE708mifXLuDR6t4KH1gWZkAuO
-2Vkf/8W3elyje5X2/kdhMQ==
------END PRIVATE KEY-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIIEpgIBAAKCAQEA19Rb9VgYF1QN2rfIZYwPtMMOhc0Vf4VoRISPxp0qFTdpqRIX
-ZuW09ItXQ4qH7ofRq8vWw/C+CV4juaYdTc+fI5O3hJ56KSFzH1kwtNk0nm6c5uud
-8LJM6umDuhAZR+795iwXfADFeRCn8Ibdqr755NzvjVXcdWiPyyU+2onvAw8xYM6C
-oQ2AiK05gPmAD2LLCgu2Fewis+1YrLbOjyRRNDcoTrVQ4RRrUj2v7dcQwzbmUKJ3
-wjiQ9NFTgkxsW8Woz6rcQ6Exd4uXMCPpsPR5uad3FTIku9sMELlST1DgImwxEWFd
-NllVR4J2bO+3iJQFlc3U/0B4z2VgLDhk6MiScQIDAQABAoIBAQDCVnnzAb63irzq
-2x87qJEf3579Bbw81eAcCgz39t5Eul+OmDawNVfp9mm97EgXlP5LpcCdL/G9t6GN
-cbDjNncB7umJJbWzwWXKrWG5BfdmTQ1EtJXDfJjb0SYGbKaG6gB+t+bxhjRJnaDK
-aHXCYDHdTL760Xwvz9XiQohE+XxYkDczGmMt5MuZ+TgILIvZ2EO7lieTr1GHQ3op
-xUCber0mH0Ya2mrf+MKLJv9OSoS6aRMmJLT37y6Yx6/eS6GdkvpBsd4NayayZM84
-D9aCPxUyFkSxnvLB7WzV3Yx4lYLUBlLmJAmZgK/KoJbhYFmniEJQWP2RfTbYcdtB
-VKVhPf6tAoGBAO802xqW/ds0YhmouNN70NtBRJdsmA9ELHKhbdcuMn4Zunb9ppL+
-EX9LCZZYpZpEMGyGRK2XhLWw5uiPXAlg/B4wL7NdqM1nVkRAwLfdEiwsI7PdVbFn
-sRYRocIhdqUoLWBsQfiR0mT+TMxg6nsbaP7iXY26r8Mxij6zrLg/tSkfAoGBAOb7
-XFdd0X/TpmdlmdG0htQTt0arNRHv9aUFv2oIkNrjAjh9P5CSpfhTxjdhZWvNivK5
-jnscBp9KSqTzUHOZKarg88imfSfmLqUVVU9ckZFOP8RYu6gXFgGgNunp5j2x+rpK
-78UQn95rhd7cK103AZ+RH0+iU8GzLe0VECIYZoJvAoGBAMuqvUMOfGY/W6dtOLEY
-IuQL1lL3ayDUcuPG/rbP5r3nOhRGM6XEHTG8uhUAtT97/57nU2JaN+xbCr/IEB0M
-Lp2leXfGrwr0iUbjuzLRT7+8dUmXknbSSrz3ljqsM1C7vKb0hdcWkYTb4JfDjOH0
-nJkoM2+RHEWd0I9CfDUESUMRAoGBAJhXQFf+8KW2GhIn2IOO5T4Kot5hHOdvtDva
-xpxQefljr5tCQCJCFmTqG9l6y0GGlxXvfCGGInf8r66LK4ySgADLzP2RkQo3rpwC
-rflhvEBxs2z0eRAr6b+4w38TXV9je1JTCkCW7lnr4KdT3uXj2ZY8SMJk9YjTfH7Z
-XYKfRTzRAoGBAMroEz2k/BCaccxRJIWYxCKiH7cK+Ool9qkuWz5H5TfFfx6ZDANy
-Cf/vToziF0mc+sG+9eY9dNhn2p63J4Qu/83XpIkFPqrZSwYEG4wkTO3PM9gQEdHQ
-zc5LMVSjvg4ayNtFc8jV/CLKP0hb+Bvyb3cwMC689qBOouaZiAMrXCfr
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDGczlfgf20DITI
-I+BEgPWfwc0P+LhL3cmwinS0Izc0ydmCldnwoZ5UOsQzGc1xlu5V8hBnNN7cCrIh
-BNnXWxUpfwhU2gy17Dm4eJIDBx02PcpUdeln/ru40jByaudcOR+Tu7RiQGzTxadP
-JHweDfnqFc0b8eVbhnuZA5kgsCovWCqqtg/mbh7cQ1cE3TLX7AEsHINSAgTCj81p
-2u0z4f9pZS4mZyOmgTUFfFLHSYppOCaeh/1TKpt7kNEauE78t24MJrhVslByTNXL
-i93e5tq0tAISHCSEvYGKTXi4b7zcWgPacERIEBO9ur7blOhrcb7QzwOZVv7FrWhR
-7v99JYD/AgMBAAECggEBAK61yF/mEFZP4yJUO1/z7MqOExupi473HlZ3PpFMo5Cs
-1/pYNPvdPYfICO04HR+QkhlGN9y0tjMgk3vwSlyHSpUyykHxidkrtBFMzLcvry8O
-rS84c5ljsR7gpVhF95PAkqU8Tm1lbKnwTACoDUFkao4ETYP5rUOrnOq0OT6G+Uyd
-lA00kqmumvuSEXSRrP5sfm8TVfruVZTqLJm2osW6LSCx3XqHIwWyNDABpENGmPxW
-Klxy7WLRjWOfS+RgA8GtYkKH5mSKMhabUXlbUgxHHs7qrIgowKovDZc16RV6KgLA
-8JpQrUT7UXocH3fpGB3KrJgriXv+q9vinUmrqoZ5f5ECgYEA61TkLzGSJVENdImi
-ha46btPiwSI0xD874bxwrAxjPq+CdlrKO01gGvjKfJg05v5lEiCF9aEtJ/z1OXlu
-Wiz5HWSFzQsSWMx5Qud10J+OciXY5Zq6gKptjXkXyGR1O0j1xa/WgjN0hSXYCH7S
-h7r+LYg2Q3//r6Acuya3p+gxfBcCgYEA1+EaPa173NFrwPz/K3BMCV9th2VJvypP
-VuEs/JRKOD/2SwjYR944P/08rV03hUpgU/Xbr7zkV2Yc1sqzFvtjqLvH1gy9Y/2Z
-7aRNFzFGY7ZzBbNyqBhFffQvbUnBMQ3O0BoLh0P4P21L/8fg7RbBcYvufM9YUASy
-yYCGq30iq1kCgYEA3oxccokFdYbOG6xhZtxaZB667PxFPGW0YojLYNkiLdDapsS7
-RROqVDd9fhCOzvg7asYZCS5QPuXInn7IrjyjpXk/06WpxxIvhubPEukhU6+ZC6Gk
-yDLkAYtHw3nFJ7iavEXKrTyt75DXWUleHX/oCfUro+/zRAo9wXse6Yn66icCgYBj
-cVjyInEVJg755lDwxJjyFFhS71CKU8YaYj2j1/dcc/JTXC6s5GuK5m9F+NOzfbBj
-3LQm/t88d1g/hT38Dy84Mc/7BQFVByQZ+P5d+Z/QHOJdNO1TC2MvgwU51ai9nPuw
-lt7Kn3/CT+mbWIp/DGVtlaT1L1oh+hgVhDQE2O7YeQKBgBZE22pasu2XGxCOhUt0
-OHatbUebuWO3CKv5hH8o+jFoDseZWtjM4PbvkrRv0AWLIYMxp7yUkZl3ZBHD4Fkk
-wpjnm4dLqmaxQ+wvnK4hhxul2hs7j5Hxmfo7bpF8v6MSHLTQEhOsVX0U9onI7IIn
-8XG+eKM27X28XAOAOXCo1b2q
------END PRIVATE KEY-----
+++ /dev/null
------BEGIN PRIVATE KEY-----
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDRrHDkiYjY39vO
-/h6FeRK+w/54XZAhN0yL94Mhi6/gF4MguTT39Kysw2tvlGCxw4KYVUoZYYk6YHWM
-mYZVB+C17mpiQSk55MDTFCJ4HkwC/5o2PNUXoijYaJzNzMwyDay1xMO0zsHXUK1l
-RFY/1poeEkwY2ffE2dDrX+7UuBxkQMvPYnI4M6vXxbyEr15d0t9RDmJItXHodMLe
-HFn7ra75npp7c8etGkOdkgNAXLCJCnnneqSp/tKiN/swuYSLr02u0Wg23N+c8+mE
-s9xBl8s06hiXn9hghuKP8Z5rbWn+eIf5W/VNv11+KcNzaB2aA1z3NP2J2XBZ5t/j
-ZFUhqSPRAgMBAAECggEBAMqSNJvH+Ou3E7GfODOx7pdZ2j/F/VrqB01u+0TspSX2
-8VwrM26f+DgNsX2it+zmvASa2jU9U4yP5uHI7cy3CLYcurFkzQS+6kDEQi0U8FEx
-S3c9PI9Rvu6d22jFhT6SkZsnmADWhNaWfn/JDx8sIcgN23FjHQsVec/95kuj+OIt
-LARLRmID+/Pu0KempNsL+4E+DXEsC5qARVAa/oZVoGmLLbYZXIie+LyXlph224lX
-2wVoOp7aCQ4BxlD7wVTq5mDEaGaFaYqZHzDRqzRX8V754caBNO8j7KsPPcsaZG4B
-ge7vMvIcEiF8IOB/JBw9IosH4xksaC+Ar6ynlMEnxDUCgYEA8DJQZgiXcg1L707/
-1zaRVRh85YHu5o4gCXexxHaEEhZUvUT8ZmehdFjajBrvp2yZsm6z8WUL2+sjn4gR
-yJA7+qr3FYMYvn7cl+hbDz2QHXRyG9sYWjhBPEvbrYpeC4pVEvrRNDuIG0L1T1ts
-JI/OtaIw9bYH42cVdSaiKvRZxPcCgYEA33gFnsoSvRakPHFitMHbyrhsKpgzWKt3
-HrpYyJiOkj7fHKHonSV8CeZeVV2QLbqkrwODAXewHFQRS8titFFXmWZGqqcxVJtj
-vTtCY7tsLBzXay56NZPN4EPV3JbX3+XBWKJF1c2clURm6iB3ev5B1terF8od89bC
-VMw/KTth03cCgYEA4eF/CCUmPsRQV7FEGWCglZTcx3xEbR7U8/JTA32sv9GuSPua
-HLdx9xckF0OxghI4C7vdjrJGz762Fm2Aw8sYDKhAikNpvqNQ0a5aC+AKKhj6wkVt
-BlMGzixMX0vTGykwzhN/L46YdYKnbMR903hFnTv0rO1NR8YGQNBfCuQVk4sCgYEA
-pnvra/5N8ZOBrgonKFVY4vF8nEshzciIiVr5NBD7/pZacCFrhE/d1h5LXzvCY18u
-u7hZDGnXyXMUI6yVj5MeOQmKUi8XQFo3903DyzthfofKMW7B21KPSaogFSRIFeU8
-o0TZ1ExHgKkiJwEjIn10HZQ1QhbxM61mv/gegiBcZEcCgYAVRURDfBPPfDRw6VrR
-WgeQX3I+N/dy6cFkBZLflpxdW9IgOAegEXRBYoTfyKXy6KHgGoJRePM1SDss2+mu
-ku8dBPBdOTIIoBhrRT0onwigoJaMerE9ipUglZnmu4ZtixH2w80VGXp4l08CUmgj
-VjgdFdDlKJ6ql29pDiiNvM27/A==
------END PRIVATE KEY-----
+++ /dev/null
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDG+BrupqZCuK4/
-/EXGhoEXgXTx4usUpiJeOkQzDNmkK2Ri9XdhwZdWQu6J0G1hp6FZZX2DDpd+Y7Sr
-95X9GMELLcPeZnqadc3vHw5WtcPIRXho8FGhMHWfPrAxAqfYc7XrHGyTasC7P/et
-J3YOhlX4I+XTcG4jn9yU8FBAmKmKB8fjy+kjypFNAUnbjRrKTPZSW7YCFWmzIGoz
-wGFSvNUdrPRqjsyp+zaPiyHbkfg6EdTNx9bHzUEXzZFJC0AhjROi7vpZ02BV+I67
-aysO969hp2uIwQNNc03jwOIXsSydeHgcnun4DCxkaLTBSkNH9IeRBvkA/XYAQQlY
-taK4r7cFAgMBAAECggEASv6tOBK8TB3MH/X4XtHHypJS//El5kyQW6/ekNdhGU35
-sosPClurrSnhOzTCZbKHUGi+nC1d0JfIO6FAeXthF9OSJju+LoYErwKnpusv9kap
-EfSy7+ySCQnZ4z87AIzsnsfB7Pap2mpL8ooTJ3pe4P6227Fe8jKJM+I4fYCNNqb5
-3pCvUQ7ajpnhVwzrmJ68JzQMAHNr1mOwjd5PZIJFt+Qr5JrkNfhbRmK7fdEGwD4d
-lW0vZcj0Dbi48ohVlv+8vY7T2Gmv+1CrPMZOIGdKM+FdSAWPSPwVno/6+OqEMP8g
-QKP5BvBsLUg+YmRqNOga0lCZ33aau67DKkq79zlzKQKBgQDqugIWvdb6G4p1HKJq
-IfLZ7cPFmZKQSKQESncNAXLZqPSE45U5XWsLiS+LemSGE+CAiiuOg54Iw0fbijuu
-w7x5ek5GB2oC8nDoEKUBMq28eWcSAVt4DjZdfTzMcHDavpdfxe9EkUYBVMwP8rDj
-4r/xV572rttqUZ2t65ZGFf6NkwKBgQDZAHk8e2b7b1nFtYEES81dua0RdndnqvO2
-yvl5w0qUuxxXpEEN+UFUg0JNOmRN96F24g+ZYcy/Vts+XXvkMuAWh0WixiK5DeD/
-7HExpYNl440B0Xy5Vp/s3sIAS49cgjcz/a6HwJcV4YgAyYNAKqtAiMFnKEe0ZcRY
-iMYBOsXIBwKBgEmgcPlLMPyg2OxlP/jEj1WWhBseUd/aOUBzTyaQNsNZgOGSNYOZ
-7vLeZEB+8rsvzvLi5Ei+tjqPbqHJmXD3Ss5b8+N5feJQw+O3HNrkV6TP++mk7Vka
-NCldGE4UUwH6WKcdAjFi1C+ktqGmAaBpxsVgM6ezL3YJBcnBJRD04zTrAoGAYZ5u
-66Bv4WhkMCbIlVAsYJ9oldR/PqmO3YpN1FLgOCw8QcjoYwrgMs6hgvBjsxdVEY/8
-iHmQi/rcwh933l5spHXSA7myYSE3OKn6+eSFSc6l3k2JGC853msPRua25VzGzKKw
-Yu1mijdc4U3Ft5X6WButNWTPbP3i6BkPSfpQgv0CgYEAkhDKG+xABN8XvLocvlg+
-vGofIprLK03A+rvegZAT9/JlmEqaEbdvBSiaCGQNHdy+k6xdAFnsrMzVIL1cDLKv
-u/ncsR/kdVZ5b/5uaJrtixkuYZVJdYEs5CabJc6aeRsHD5Slb1Z7/v8FB2wjQPRx
-lvV2jdeuwJ37WIetVS/tqkw=
------END PRIVATE KEY-----
+++ /dev/null
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC02S7aKFZ3kk39
-OJamjcQKRHXc/4Hung2vm3vtXl8DvjNer1Th6LgOnINiJM6UDOXQipBBX3JPo7An
-nHMyUh+MndlS286RhdsOxnHw/kJvBhF2FjJFIvA3ctiH0vQVrXe14qdQgYBXhy+E
-9J2cWrZHYS5C9VlK+LHeL8O7SmlXYW3Sppy97pEt/I5oX2K4xm8NKXwsJheWikJF
-KZNJ6XE73xFUxRlHEb5IQl3f5zkNWQZ5p11o/f9j1NXypHezRsJ8nb8QV3PaA8CC
-TGxVNx5kaNCW854C+cVSc9wVV4EuDwGYKbzPoY76WOgFmDtMc2UG5fm+JZri6TO+
-hl8Wivz5AgMBAAECggEANUs/TFjQymHaC8JOWvyyBdiQ5zSApMH9BIAMcDH8TA0T
-9FY07HH5M40aBqUUH3sBioga5Ljs5d01/yZSqESdOYIW1h0iba4FlQAT+dHj3/Xo
-1WTLIaafJaf5eWVIOs8o1PfbGJVhLeoPrd2sSLROvRA9YswMqVRKjlCDHMFb87yq
-Cuwa/YEIxGYI0OLMPdDXMOwcXL2iy4oHm7rOjpwakB4nJypKDVRPCutC1uAN7sHn
-q9Z/NXRfe6SYqq62LWlSWm90u7ESEUem1BkUL8F+yd+xL86gA0eBGT1IIXdm1QPk
-CNjVxjqEM0BF55Qavjw2xZGb9Yf0YM+1sLCxyB5ZtQKBgQDs1Ig3nIVTj6VXTQDq
-yGgiqloRDwLPa6e5zG98z69dH25hlJjsiWVvZ0NVMEiLhhLr3UtMs96wunqqGKc9
-AOH/3v/hVaPH2px6EPP9ASV8YgSxMPHSVNc49pTkJ1xCuxeGovem19VrggWNznlW
-+kGaHAPOE8i0QTa6usUPj2+RXwKBgQDDfKAjp4cxsj1TJJmPHUa69wpcbcvlTpjY
-RZUWoYiMOlWujbDAaQUS9jorSzm28TMCtwAm+iKRo/TNwvWs9MGhTuwfkQeblTtm
-C/hRGF8Cm/X7v4/84p6BzDs1FGov4D9MBjDRfXk1JHdWqjQHpFn+9fW6efgHdHSh
-R26C/MXYpwKBgHl4cP2FDGVVkgp69nN1ouPU2ClTt69HmlmT38L2iw2KZ4UpQF5i
-AmLnZgO1ph/Z/q53bH3E6/1dSDkiN/T0FPa2HCwpTr3dBNEfDOXBxsZLR/jSD9Y/
-qbwPzUJQZePcLi7iO3+ZyF9B6zNWqanQ5gDzSYhTYWgC4t1XmmdmvGSlAoGAXIfo
-ERhiQN66cll3qitUaHk42UlLYu4SIQTGriClzqJqHiaJTHopYbFVFVsVJYgD+jv/
-AXQS2tc9sAuhWE2+PYlq8QIoFLfNlt8BmfksN8L060XgdPYbyxqNx/Ey1hiSPX0M
-rIx0y/fH2SjVWeysgKeRucOz6GtyLUjvgWb+iy8CgYEA620weTdaFfnoGojrDrOM
-e2wl+ll86GX9OXRS2mkUSgg9AOYTl15ik94U8+QBA6W1QDT7k7rCDr/NDlUnmPO9
-l2hzCnYbrE4Cqs63N0sGb8dHdwzBDG2f4txrfUotL5wb9NqJeV1yg21WKV2bhiPo
-7XDtHqlGenpGP/D54L1amIk=
------END PRIVATE KEY-----
+++ /dev/null
------BEGIN PRIVATE KEY-----
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDSWNGlBTy97cp8
-8wuW0QHbxWFk7ZwuIw+dlMzc/4RLIM6dH/byILgbfIcaaveOX8+wOwv1iiyE+zVj
-P65PVM6PtTx27rRuPek5E0sPA2QyoS9PEseR214Jk5Iunn59vRwA+PISSOBXDYp6
-i9Robz4Zb4bYkZcRX9tSXlNLYpJW1uMCaG1Af85LKLXBnX2HXAq1M/WjoBqophwk
-qDOgNlnmPM6qkNF0aFlNatrDepB0RK+z5j+Chpq7pQN8eZLv+f3iCUa3LFff8B1L
-i6jjXSl7QEuwY+mbqvMmcJSBTSlEVZe2dTzjvsqkW4ueqQTR10Vyle3NYiCqDy8G
-ylkrH/4FAgMBAAECggEAIMHQNCCyqulDJV48Kcp2vaDpX+xY7B5tqh6oIKpyEbkU
-NAfsTxylTzJ/X6/UyYlGMK2hWSWhdTwhvkkGfjg4ysxwlBzsYFan4UmN4NKoYfIU
-Cf5kseQ1qsweccAg9rfiiow6Nnq+5Q+oxxjLhU/9nbxuhX92xS/mWddypUS+gWNB
-BsXOc8V3+pg84nMNQRvP8EgocGT7pPRW9VzufA0CLAayjzXLxnXvvyJR9Sey2BLx
-PcaHMM1BhOzVig9Psq1jJna5NAu+PkmqRPBbgD7WJ3n6WGvm8y++6exF3nOllxcY
-0mvcdw5XIVy1BItgHt5Im3r4r1M2UuAvJqP+WrWygQKBgQD7xUyiEwKyLOKAmOvo
-nBCYEb+EKv3aybF1AyAZIvUlifT9cBeZtEKkdMdrbYi57iHAxC0GWAgduWA4uN3D
-jxnwI2XzKk6+AtKhbYxP7/ADloaOzteeCQ7mGTtiwqU5LMgh4rLuTq3zj+26fWcq
-jVdpu5LyoJV7iOpSqP8vj3Pr8QKBgQDV4WIYshS4L1NQbq15uY2Kg/Kk7aMAQuNM
-IuOPmoO4Rci7Dp53gX8ZGjRWt5PTa1pVnABV0/IQZMl4kZ8TtKBL2sjb++kh0Hm5
-6HdvaQ75sFkr8Jd/hJh8lIcFbfM8oLDUdBMAs2V3a2wAWv01Q3xo8JAyJm5KYD2k
-dctwRnAXVQKBgQCFbLLG9YIpQIYsll324LYekNFIzqvHRboIg8Z/67m00h6GLOAk
-8ZWbp9ODCAI8Xol+qbges4phjjsC9F155J1fWLMPoa0nH0HWkMKaHlK45A2dItq7
-gptlr5t8JCEBYs0QwB4JEqM2/2CBwzFoKI1ZmDEw6Y8ub4mWkr7hyokpUQKBgQDB
-e8X5X0hdIvr0vVsTzidcUmd0ikG2H8xt+PXx2C8myYKArgXvSGfJNqp4dFQ3o1sy
-LREkk7rc18Bm4R2Ofw2v8XlZgLdzTpx/8OvzDpBskvroRBtZUYN82ASZhdDQXPH7
-EBKMxL2a3cPzQlzkDWwDpvRbWebWQ+Af4iwrIp2OjQKBgQCMnPfrcjiS7+Kc29jF
-6+karf1C2sL3zCoTi1pY6KXFAiO46rg6RFvfMwDEHSAI2mRv7l0jpgyFgWizJqYH
-85i30MxQUWzJu59CAEcqe9SSu1NrGdzx2wswOdhGjiBhh2Tt+uX1B8eFPqjp5+Fg
-df2uTy3RZuhKT/h0GrhFnliXrQ==
------END PRIVATE KEY-----
+++ /dev/null
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6SB5/L5Pus4jP
-CgqCDUi97dg/XRPRIMA0uY9TOVLSfpFP5UwHc1QlpmrHg7j8kx22A3JZQUphuWgN
-TuKbtHRsh3yjYTAiP5tTIzHhtjfvDTLfbkAU4dgaDpOPbFUN3cmaolweRsEZzuTu
-iz6Tv85gMCnaLOfXqQZNhGDNOigYDdIRbgHpGgxr0Qm05l+VfcOj0/tEFVC3vm6J
-03XPV+MT9pk+6is4BVvUDcZlQpNjxudEWiwBGYhSx28S+iffXrZA6RU15CcP48cd
-N09fC3jLM6LmBjWzsdRKT1VIlbHgXI81h9kyBxtosOuLA2ecDhQMY8oix4aaNV+v
-hHX6O+dDAgMBAAECggEAOee5MygDACxm1pT0d0DR39hTZD72rgdUOA+GcgRbrnsR
-iJhqbdZ3zcxRXPuhQUIp9i5UGVKmYIJVye0/m88YcbQcFl1brQnAqrNCCjuuX2zm
-53VKDjO2DUOCsw6l0c2joaHeqLqtw+wAVfaK2TrCWDwghmV3HB66itYfkSwG0pLR
-BdhqK+DLGo9aWUqv9ktxBk87kEf00DLTlX3IdZOPreaNqVhJOjaVBEMd7RrgUZ/o
-UAkc1d18cxLxlGtQkO4oQxMujQ/NmSj9vOMBtT2aU6o3PdlitrcpmH362LlzpzT/
-iFB3b/rgQnNiSEvkR3CmodQAhKIlOXQiCWMPcJ6xAQKBgQDs+0unYAe/A1DX1CRB
-Lj84CjVmWquPEr2tg4s3umZ26rE8MKoWXswkCFaSuX97jFRANVQXS9+x1AZhPr2h
-74SIt3rzVGcnXxJ49zqiFK4+jHURx4/ad8b0dfJZh7KgVaBQ2iu0L+Jm/Vh1VO2A
-fU+6WkUWEiUHrvpVZf7JeI0iYwKBgQDJOzY1SQv7VV6BfV8H0mq8owQLF0+ntLCv
-Ogm9DzZrsMHtBB9gd08+ZR95b6KNwdS+4pJPOrNmZaETxLF6RbiV+N/2WSPLjcAU
-BLPCjKwmLGQNn+/wxXgqYIHvwaMgaYB+h2RkIryAlFDprJVRSc8c5OeiNoBKzI1H
-vgXW4lDNoQKBgQCYS4K6BL/VpIbevSmzbcoY9I6OwbRBFRUqnj/ox3Sz9W2DNe8I
-w1FD0sv4LRfdSTiXru3krtEKUizrb8ukdu3ggrGUEOjd535SmOdoZAv6jH9rtqkf
-CBym2+msWcWUvpJxg1PUz3UbJLMlbDfZfC6xnvOJFI4RmwSrvwl3Zm6k6wKBgBUA
-kQ/Op+l7Z3msVBbE50741Jszu6SNP0OKkymgRNXIhPTv0TaIPUUN2NMby6Nv73xc
-uVh7j+3H/Z/Kj5trW3CLoRRdCVddXAa61ugfNnhleavSXYCLm5cQq38SfqwLVtXd
-26R326Sv1iINWSg6w9sIKQTNG2azIquyMXnT9QsBAoGAEyW4Scj08YF2JUpBfCcQ
-d7IKFRmfrV6sC5CnRfiOhDWRQZ0ud60ObX27VFY18pRg9wlfYvsjfiObqgF6UqjZ
-IYGshZWEQf9micH8+uGuWVd4bRQG2RxcNtwsKncX3UNerxprxUJYPQm/5JrkoR12
-JhvAwPkmisVXMlZ3U+monYs=
------END PRIVATE KEY-----
+++ /dev/null
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDrBA21OGk6aQch
-HFlMB2wdMImTPZDT7wTL7EGUnjWRKBfkH8srCga5apHmy4lg5jwK+P+ubEjj16lS
-lV/lyIBcgrWRO17gI4KNUlMK6uiykrNLux0vWuQpqWksueGeExw8Ddn+/emnH/TC
-qzvrUpVBKlrUnumOQJdg++gSntbkcitDV96Fa9uUJ0XrQ7s9bhfG3BnS3M3IZ/zQ
-04+BTBqt3+YrQweVGK3gIcZa/c4Xr2NYl7eG20KVfzhGCH4mgSTift1TUaspQxmt
-X4uyuM8ZBg4VZ6RQeQD0+Cq45/20WZrvEPsQv1c+Juwel22th7lglGkklmk2miEA
-QpgGJNX5AgMBAAECggEBAONhmKGtYqJQ28T9WKhmxgO34mPDPUzQBSQIAat5Jvq6
-f+MHn9qUaM0cfu1+H/zQxWcYYsivnBZVok10mMQJqafYDzPk7XaO5NE2xYHapimg
-JjkvYJ1go0Br2Iadkd0PQFIaVMCRim9YS8fNRLv5us7B2/+7gN1RQSVklLTvWZrL
-wJwsnhACnzEpJIKLhnFyrjbF2XCWtrxBvdSTRzP6Z5frrg8IKPDV0qFdGYNS3Wl0
-YCt/80vcsIe39xxh31XdzXPNnLmWDXRqc8Nrx7Du2W8QlGMQMK6OOFF9J9wud04w
-NzZoCZDPt6kUjFouMU7xhnt/lAMzh3OhMYc+KrVlMMECgYEA/E5/4yDWAHCdFqeL
-mCzpGSL2FS3XcP20ZsAfGCAYAF8w9qONWKxQS44vL/Ffi2KClmw6pFi+XXnSJ0DE
-GKp1R//UwVWQBJR3W0t7FEJKOZcDqrdy/n6UspMVq9RlQKcdrGIxHRBVoO12dnSU
-r72PtbNUSp8mfU5lbs9rXMihDMsCgYEA7nTCCsfed4Ogk7so89sgB7XXGGKtvRg/
-uNuZ7wy0Fp2sQ1WfG0SEJ7N9r8w1anM2tasvJqQRaUHBGLCsONEA7rU1L4kEexCY
-799oQ+dUYVJLwcs8dw5slEcvEhKbmC4VeXkLyysChAXWCJBjNEqm/LZVkUzBNPAd
-zsX/ZzeB88sCgYAfHUckKV56u2iD7LGIWLF+ShNy1S5mXsMqkLLE9OBA23xcThsW
-PlnAl442KVwRAlr8Veh9b/w55tYFxTTpncvMzz3bgcO67NwzRAGvo+UnaPooyWrC
-+7U2uHDJue2qpXFBWvKXlPYaXG5peUME0SmxzKWudiX2+f4ERkwFKzDBNQKBgEOY
-kZEgy22xwIlgWuGV0mSdJZZiEsIx545tohtjzIFEvRpxYSMHrzbZ6N021EWS14V0
-O2+GvvDJlQV8v7VzegIxGBybiMuiDtigyhvFrePQwmzzQfa1/g2iiDNlVvoyxh+j
-MrarQJFQXjYbSCQArYmh3mvMCFELaEe/VQFbeNk1AoGBAKkKwFtlFRD33jpX/fD3
-HSU1Orl1+TYA2qpFyf1S7fyrBFOGojsyaoLD1CqVTwLhr2OAexKNRcm9Adx/zXYX
-wVeb13aM7GoubwKYDV3zjLyhetYLLTg0jkgBCprKRD7zKTZgzAdkZcIGlMVVB+FL
-NXyvV71TyYb5UkoYgnDk1Jb3
------END PRIVATE KEY-----
+++ /dev/null
------BEGIN PRIVATE KEY-----
-MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC5amN44BvoL9xw
-9ElvbHtiBXZgTgFPkQctso5/4WFOwyQd2myuudXeANX3zzaPocucFUxX6HY2g4t7
-1N4EyQZAMsMxAfH1vJyXQk2CR3HMuAwskbvIaytiCfNaxV9A6EZ8n9jdIKO8NPln
-KK7t/M0+8GjOGwLU2tILdLYyETluU4Cn4bkGlq7vjt0OJgV6LEZ99rqvbz5Ei/r/
-QP0+MmSl9ydg94UoM+KjL1o3zRUC/yi1laQ97gGfhnYtAT205+If+74fai/oUGgq
-LYY67zjxRt/nXFOwYxOAtE24YHrucWe8yCGDZG9FBxmH80nCYwRZP22AIQ4vTsy1
-fDhHxHulAgMBAAECggEAUkCo6gl5N9Jrl0w3e4+DWKOVtPlFyZdLuPD6GC7SbQ9S
-aU/pYMWd44M5aFprGOKsoYwtNt4v+tT2PrPa3gKTnE0onAgB34KRcOR/3+hzyl5n
-QCpSRIGOWEqTw1PFgtTH2CdNHCOLn0Vc0m+Q0pCQOHiL9cqzwdtkzKI05RcRBCiT
-aMehWb4fBE9H1isI4K8I9o4EFCiEs3PdRDgIuokLn1cCRXWXqEpU9YYiSu0typkI
-iBowhKMyaAe0XXn/U+e8UsDlyWZoG1kaGwJNcimGkAESTZluItOO17Uhq5DbhxaV
-bQMZPdCNY9MLCei8aBARwe9hzXsTongM6C/JjAlsIQKBgQDkc7JTr4Slr3LCqpdw
-MgppsrK0b7R553yB4i9sBvjr0S5P6/Zm+7h7Z9ercPQpvzoenAICt2e5dHWcyZvu
-lphhVmEc6WoxuLXoCL6cD961qKJzTvlBlsa5tvJMLJ6pYZWuF+ajRumzeJBjkEpM
-iSkK+T95qYblc9NY2Hv4joYmGQKBgQDPxik7HWZMHXCyCmu7GoDbxHNUklY121oD
-ciudOKco5GZY/U3/OUbDIp/30TLH4vJi3/3fJ/l02E19Fpd3abF2HG0Fjg1vMCXK
-Gp1A7shoXGVkbT4m4ytl0GE2qbMfGZyqPze2q8OfgOjNyVh4OCynMafZBujnrFAy
-chsZV6K7bQKBgHM7TIrbsJvmKIu6gpKMGyZ/hZZv9ee7dNkK3wKtbad9JtAXZH1D
-oSVWFroaSn44P7eq13TJUB+Cd8SzCN1KxufqKyfrMK6NzeuRZZvQgXS979sbzaxg
-wjJw7jywEQO8/kQHOEXJgh4NxT8DTAbY9IPdfz/929YnG0boQ3f3ZAEZAoGAbjqy
-SyN4zy7bSAmRSA1yiaV6jkaoqB/8bFGY4+tXe7FYvyN7ysjHSuVGuwHoj/VOJLiz
-Bj498QiEa7WdnAOd24yPJmBLrk577fIatYU5G2zReesfCyCAOJ7JxGdZmUlMPWIW
-m7oaqbeJSwvj/LvIrNcCNnic/bQERA8XY2WD9y0CgYAaqBh90AJbHUUKnBu9YhiF
-Yo50N5W6iaP8LIYxBVReOo9T0AdSsZAne9g9kWvkWz7XOdJlpTmT9uBX6Hvd3GKf
-S/j2xQt9sct0/pLp7tVCMMudZflafo1yOa1w2Z+augMX94CZcW9FIAWZFpR9hg5Q
-J7FYKqXP64A1Ef1OVIUeLw==
------END PRIVATE KEY-----
+++ /dev/null
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDRegblz+ubP5d3
-5TGJzwpNY7R93zEEg2LrXLl1NdKxm2BjNjpwPuFf9CILfDLtx7tkREpam6Y6W7Wl
-+KDDu8SkEFqZsQzRBa4IJRXdr7Yuz5brNSXXc+Oo1Ov8qV43cTWqGlhNV9+njCcL
-diiYCxeYdCU8VCFSXjjO4n/9UBdDPPxMuWsoU1mJ4rn47LYeFLT2ilE+0hsEd4+j
-fVfyFAt85XDKGld84bIaXq38r8nd1IFMGSy9tsNb+j35La0GvkmEAfZEyqO7KiNM
-surYZzYiysbGGd+x+jEbxEDcTscKZiJcJTYtWyIj9l29ybOV78CCotnY69IFTeUx
-H4oMBQ29AgMBAAECggEAA9RFOAI6/lWFQU3RQAGm4I9IB10DGmAEeOTzBu968IA0
-nNuq6c5cdFKUJL2aeLpD9KtC6LEbsslmYqhO2AUgrRcXcOPJpjCCY+e5pJnHrMdi
-rN4F2RBnQvjRb4bxD/Zj0r40iwVmMzveotkAGPdq8QB+hcHL8iOCylVdnZXPNw1n
-2kgDW7Fjl5uK6QTV+rLeHKIhLJnpib6plYX2LT9DYTxvSO2Dk1iEn1ORR57lLQie
-dD85fmnugt4Cb7KA/0YeaGlekL3sPHhzT70d74MzAmiprEDydOZ0vNOUHO9Vpkm3
-swG7JmXOeNuA0EUmbDjbdI1Ug34PWnD8/08z2UkzCQKBgQD429emRyh5rq52onJ9
-fmLArdxvOX3IrE4t7yPNQTpuHGqlc3mvBLIVY6/ICoHjbPAxxIMAYsIJL7xxU+ah
-TaHtmWcL1vBRXqPXn4yIcECw6L1wEiyJh+anzsh2ceOBz16yBWFCIgBrJwX9eG+E
-2gxi3zcr/UQMphSRWMMw1PMnewKBgQDXfOCQX/B57VbFJBnY/YmbfueexCK3R3N2
-LdKN2f+Ee3G1QDuwZ+zypmb4EcSYPu6tXjMTpQPqS8GUuLxtNoWP8X2lK4E3x6Zl
-R1eaQkxyFBXeadupiS/SG8R1Qe+iDW9Lbfc0jRK6sUxVNR6g+nB4QxevZEtGwrrx
-fAERvQr+JwKBgGo9ICECO8tGwYAv9YSRkgMDthldh89Fj9KYRsZ3VERxqS2c0JPh
-A02SUxapNa4rcZctd2eQwZk+YcpXsRunkrtmQ9GQHuP97SA+IraUhWmA0m6ns4+7
-DsMQyg+WqzNdneWN2mlrLpaQAESnR6SFmcgT1u/WnVhxBlLOe/W601tFAoGAKAj7
-b9djRkPiKx5Z7war2kfpoIWwLX0I5pv80n3+Cw8kQRh9/nhQfYSM/OnQLLkEfxFR
-TAUMhSst/AOWfnPyvJuRTG6Yw1REheyLSg2nRkqVBY2FUio6yD6AcYiejO0SEGGN
-3CWZpTXriKkl16Kv4qgUbnGjyrHDKbpwOGt272ECgYEA8blqgKwA5MMA4GGPyN4h
-Y7OzvbBU63EbEjszV+oeADjVqLyucGuWSSJxAdbEtmJM9zwzUYAxswXwr/LgEIEL
-j1LmrQ7ASXzaOosZnu3SxM003jarqcDWhQxoH6MuZE0/tuWwaEpws/nRyQhV/INB
-WmlVEtGP9Ny/1daWt4tVk/w=
------END PRIVATE KEY-----
+++ /dev/null
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC341fkbUEvcYg4
-NVz7VG113NT8OJWB7ZgTahuq20H7LYv/HUmcCJ61SqB8SJaHHY3q34WtWiOgfJrs
-l5xzIAYrAgZnK4b7lH/o/z7iPPQ9E0DybTwVXXKifbDCCheio4NmUukKBLLxtx2G
-k/kRgr0mWrU5nWHSNHglJMb958g7yLuNmPrPX7jkqJMtaHBRuSzQfDGUSgC5LdQp
-KrIYVCd3L+A8p/QKFsecqaCxulRDolIUWHF0Y/ab5l6JCYylHK5BggGNLJStocBH
-xxqLeQbGPmab2TdkcHvWw/ECgZ9MQl3awJXKluR/QXVy8zXr4qGXeD0HbZAn0EGx
-dBruHQx/AgMBAAECggEALrcBmBUtTykvauAbm/mpyRxtuxmA2b4LOTtmhfQngfDj
-NM8y6QHDl9i6hnhGTVLzv6xDIHPawyWEkgA+DX0gNALSr5j+NKFYEU/uoLjNb0qZ
-4Dxh3CeePKtjoRfBQ174vaDodNQWxZM4W/zxdEJbXQgEK/vQYv9TWlRKfSxJ0O3S
-KXLsktKS7GUjJZK/qWZCzi5/WesHpFnxHhoZEUqhWaaeo8LnulU7xlD47R2UYWkR
-09YKVjQ5vlcVitIcquBLHT2ranO/+Bdktt7XVwxnKMrPqZojMlLw72BneAC4HStb
-CcwzekyTQSMe9/R/pEg+sYIVpiroYD9sQL5Yuq4NKQKBgQDq6M56o+MFx8uSaMsp
-4q6mAcnIXOMSJ+vcXUyW0b2eYAQNss5LROfK5C2TVNtPobXdJwa/VtO6HZKKBUWM
-ah72jyoGzHg8x0OWxZ8MIqEV0AbSQEUq0ZqKmaH0AZwLKE3nGuPKnupVwEu3a7LW
-8/7/1p8lSQhuLWogD0eP+3vTNQKBgQDIZdrAyPQZvBGNBQrrfvzOyt0ScQq+DKDN
-P9zzYjVg0M9Ii7PPh72N+NqJK9/fHU/A021ulDqjIw5wTw+dMR6++g/ipA5NuSP7
-MOJaL4ZOJ49i9nOT1O+xk3co9UT4sBJp6GvliIPsxsPr5QgxMkpE3m94dO8UnR0x
-oz256BXDYwKBgGcrThvgxIEyaX7o1WmU7B1upZ+A5B2COP10YIHQphXbl4wonp/C
-KIccRcPyPcuwev4g+L6qNJ0GBejmPdBYfzbMU6nevWP8I/wg2SRsRREeZxCKN5aB
-rfz3UoCnAFCKKAS685Z2yvZUWSy6eTYcvT7BlO28MJ6rBXQFIenjilONAoGBAJTY
-wqDLIjQzMr4R7sh4bAKVP5tBB3+eFZoeQ1krqwYcUrpJueb9pdfb7UZRplkshl5t
-LC0kQGGH2mOk9a4GHBYx2ra2sEEesREUgCwIfLN0QtZ4w+QcF2VIaQutEeu9rA+q
-KOo2efbWtBN07J7OAcghh55rDGG9ST/jRifdsLyNAoGAeW1zjD6MFFEYy2rBHyM6
-yswunGISx/Kdy7Rv+1aUSGyfIZ49tn/7dXv1kNBbLElleTxDS2TMWdoIF3soU5BO
-/kthQ8jKa6LvCDVXXvo89kJavdYgcofPCfoA83UxQyPt3D+7gYeVrvZoDEkJtg6w
-oOQXLabZ7qUNkLFcZF0kKXA=
------END PRIVATE KEY-----
+++ /dev/null
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDE/ZTpYqV9dJKa
-ItZ7Nf+VJujTvx7ulr663iwxWgInbaxCtDrgIolj46O1aItv+A6pH6nlYtG0OWxz
-YYmhDtuOYiEGC9VPZBA5TJH1BcplCYLnxlJhf+3elbyPI6MBd8MqHHX/uVVmoq7/
-Jw1KcIy2Tfi8Zf3/qGDh6t9k6UY0cew7Bcvs56C8OWwEFvkMLMJLT6qAa9c3aOnE
-8pERWzMDjoVnQHyXNoSUFSE9KumHgWUh+icHyhsL3/rrNGLVUvy2ABpUvG0KUnBe
-FTjszt1iDMbCEHyypYsYEIH0tZo4xMwA+t4Lyou8gt8vnoQ7ah4TYcFyKM0NcR2X
-NgQtyFDhAgMBAAECggEAZSp55FXl+YT5mTEVB1fW90lxPvWjNBK0xxE8jufTvV4E
-nokix2LVPjh1JcAYBBvXo6GARi621aC8ApFv9gfEV94raYiANvKDpnmdZ8FejP8S
-fGeMfUgO6EXr/XLmzuUrlJ/jNb5/jmM0DhOHLtiYWzO170NN65MUllFiAtgOVvXX
-8N/scDs85X9wTYoDZ38UQXdGMWpbvdgaGsWUSUrag87MvJa3zLCVbrRfOxTSIpCf
-l+U1L22x/6l2pRhiG/1k8JTl4Ns3kclTs2otZXiBOQLymayNx16g0Qwbo6/rmlYH
-opLM0D+zfu8N8L60IDFgGoTUE3wvn3JOTtcjXb+2wQKBgQDpYIz6CNP7+Dugh9ao
-DrYWR9njP4NMLfqqVXaHf6qYVRAaM6iyE+SXs5QBdiLKhClKq9+XZ65muvH2RuSV
-V5DqL733ZJhr86bWz9SPLOSir01PWsmwjBm3D4quGsuvH/tJAt0kNzRktHsPr00W
-qW91DRZNp+9Jt2zUCAG7Kq8+yQKBgQDYFhEvDL/Oxr4E1AgGEsPDGBGVzvD6JVa6
-4GZvfBwzw/S6aqSLKnhAcYhAZ4VesFMuVQ57W5nACNPdqejeAFgapeLMLTeeBLxe
-H4vMSrZvDCJPq/tPhkQ1FxTdDHHYdbbWvUNIN5Gov9QsY5WzpXwu2wI5Mop6yCmm
-jQ5QUo0VWQKBgQCUQjQNO8J/1gj7SJCDnyTqLqcrCNQ+dw9BWp28IsybjZ53Js5K
-ovybqwehjg04HpGk0F9w7fsLZEQGsq7QeRqky8OhAJUcL2OUH9/nPRvahgdVHFX5
-BGfptcPiKz+ud2DJ1znpofB08XskUbdlaCpYcAH1P3RynkZSxOtkng9KkQKBgC1S
-o5QMxoZmZSC6IFy1vt3CxJ15ZE3zWvejbZjgnUG2TjRzfcO6yrIpnfx0OiMcNLY5
-HOp+0gbXUyjhJHi79b7RIHrW2R2JvMC5OSdGXHF6SBAR8IpDjTbdeoDKxW4zcoAj
-/mK9VQ3h/my5DoM5qIxjX1oD4cvTA/ltCJ2MUw8xAoGBAMTxTljV/UcPki5qZX7F
-OoZu450hmuxZ3D/eaQPQHiUJXkK3hNRoNjs1tk4mZR5g1piczvPGOwbXblY0YXaJ
-58PQE0eUjAQ5XrWofBAQ0FPeUA6/F4GABNbrI+B8BfuHBDsK0x41OhvS2JcQ0N+Y
-Zp2QP2kMgaSuFw60va9ST1DS
------END PRIVATE KEY-----
+++ /dev/null
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC5g4Aw2CFjxfGF
-rw0qr7bIUANubBxVKLKdWR1CC/lC6jjWPRsvnsLEkdgOVigDX6ipv2rXnyJ4uMv1
-ftrAu1a3JaGErxlwwyf8M4IBcXYlo2671qNxG0pIUT1qxjYoBYgBPGpFtaNG8Yu/
-SVKAxjD9o0w2IvC1Iv4FDY+NFAtnPZVPVtOIpqOnVlKGrXupA+g5UBh9edCcxyRL
-AnVglWAPkqVEenxr7HcprG+pf33uBpw21Yz+NPXAUmxOJslM5hcCQYn3XoNR6yxZ
-weCWbXtXf/fW31lZWsIjW3z2+UHs+lpsp0EsXsahUD/CTKnuYNEQr+OZwy3F3M2s
-7o7GkhYzAgMBAAECggEBAImf17rkrCijkWDWk5MGVjhWu6TwiThX/+IhWUZFMb8F
-mfK91GxIgD9p3voLypVuIucDPZUG1oDuv0i5ujlfAZ7PSPrxF5ODBCfiYmEFtluH
-2j95pTjkwP/TXRfYQhcAu3wHQOPEM4QO79iR4aXs4i1YNtK2qxIGCqLfA47qvubw
-EEgrqx+4vfCehT4o5FDoCzyFlZX0wah3KKUBw2anCf8bdSuiWkRT4jpGeST4R2Yc
-V45iNHgzv3Y3renxuAKUH4ZD0BE9cVLu5L6HCl54N00INOGO/dzZfg2PI7rxjieC
-xKeU5xHsPS37ZrmeT5qcexQCZHph+Y+lGBuIhbRWzPkCgYEA9OFUKTBz465ZJHng
-8KzK8cj3BACIIGHAmAMRQTpYpw3fVN5VX/Z66G2h2rxTNWuiCcmUnITbT4NRcs44
-AnekUnSEG2L7cyp92oGeTrqXAbhDdZwYXHN05mQPabsh3pSirVyx8KyVltU2JaIa
-GiwLE4Dmu8DJ1FfSZb8igMZDND8CgYEAwfANECZLDpFbjDPuVCQ+P5apAjrfJUT3
-uacB5fND+EJuZ2XeUA0XrHkNAx0iMVbizqNvq7tPIXyGdTaI1+xNkSvqwUnrqUVR
-V0VO6lNpo8v8DhYBEus9jKT4EEuSrc73wToi/nA24YJ6RtWeJMghuDr/0vWe79lz
-tewj8wQ/0Q0CgYAOKkajB1F81yYC7SXs5iHrMJPRYHJ/ZQguAudpnYVpTG0hzKal
-oW1kqorVS1WI3owGAuocz7ab992rRXCJ+/++YU0PBH/FHq0fCaZtqW94wv7r+7aR
-CoC1nw4hMJj59iEe5CDK6kDQ885pCOJ3pxqQ60DtlW5XYSkjh5XoWw+iIwKBgBtU
-zUJ9Yw6GhbRYjTnmca9ceC0MRu5lrdPIKYhSpD2UfyKrRI1biv6PgLnznSH+8K/W
-cKJvH1PEzN4v9VEYyEWxPsBGvqN4VWJLLjfv0W94C+mgSD52UJJFnYAOZnmANYJR
-wyTAg7t8O+dHq6XbXoUsK2l7nA6JQrlcsiRJcQTxAoGACpeisPQfNaqQIOmMvRVy
-EX8WIyYqOEzmqlCogodUHQEfQtbC31BkU1NrnH0HOXJTPa8Yvq40Phty1ahXVpCk
-/5+VPjzAj6SKD5whq5oZe/3wAL0NHCcPqnyU+5/mTJpwTKM/1L36T+vYBRMzpk5u
-dHr9d4JiY4L4RET03fg9E3w=
------END PRIVATE KEY-----
+++ /dev/null
------BEGIN PRIVATE KEY-----
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDzT5znun82Tx2s
-esfQbFn0wugHo9LxunvndZaRRwKsU9VAG0MlrbkVteWwwJBCdEelkrD1HPsCqQ69
-nbJthZUqK5VRm04UIkW8qyPfduMa9rcnovDlSYgE3Mt9oE4rjVaXWelO3PefQS4W
-73VZ2+mcWT7lPwWnqg0BvNv4A+Gx1ktwGBteEAWmKJlZ5aU4F6mSlbp0hM8g1OTk
-Jk+CbTuqUdQuTsiZYzq73e5d6RyrS1Sj30hUwH4ghaFPCpM+lJCQkvPcc5QWPZlu
-V4KYh4z4FQweNW9IR+0VP+QGmATxryc9ryUQqkZ5TgDO1L9wHy9gS6F3vmj/Nkpf
-YP8uz+/VAgMBAAECggEBAKuDdYHMb5xjDPHm4y/DEW5+bn3kN/D6mhlBRNBIFFRS
-DENSdHT9DzmErdN5Crgtq8vFqkQ/F5p6fc+geITH46yEaI/MQK/ksPAcW/9MmS8K
-t3WTYOjgeqei1TdLZ48/5MhwMwzKqytyEQFN75VWdkkmiDWlxWC5eM2+yfj9E339
-x/Ed7UyNGTeL6gdFdDUXwNmPBYWhO/0YFeWlMLS9I0wF1NL9GaoHNdmeGh6usjKk
-zDFM+PmrRC5kZJH3Un3Qd0fD2hUvwppAtw5/+IAwg98TOVKdh0ZCCWgERV0YvTkC
-Bzlos3JDv0PH2kJbv0xkzjSsfcbd15GkCxMwpIDh2EECgYEA/GOVoh5MU1RlU5lS
-eSuo/w96ceuZybE0FUku2UdRf0j6nyOIknsgbypDpQop1DGSZNgc7msBMbaUObTt
-OoDmPCUQF3GEDQj0swwgMjLgA5UYL38T7eVGYIO7nR1uuNfKpZqga8xHy9JoQt7t
-8LuX5G+EdULi2Z04rD96XuTiNa0CgYEA9srHWbomGfYli59OsdvB1MkVaiJSLnC5
-liG82rq/v74yVIu2D2wRY5jZ3piZhPUlMCzLCd66zLtJfCLl9rU4NDZXToUO+0Pt
-KTHYaDaGaPjR+CyWDVGIS3fZ0/msjFw3P6/NlfPDJTIUSghiIHvffFx/kI2Wjnzp
-rQYoQn+OV8kCgYEAz9zYhM99Pvf4B7TztrXdlktSJfbLDtCxu4ItYmeZWEJrnpsu
-RK3BVayyT3+iWY+GKSXQFg/syNu9EhXPd2pntEs2CIjGH9IrbjbjYVSDKJAnfh6j
-9D7rClwULV7rLLMUw/Uof/+bdeNRWRmvT5/AhjPOHKE8ocsZvMr+5p6NK3UCgYAR
-Y9SMRAuvRKL8pasb6UpNPiYeJnD4CMVrCNGP8BzW3AYb4wRfLdRD2l9vyfz3W3bV
-YDKmbWVoS8Iv1x2xNq/RLgsU41dc6Tpq7rI7Fax+9RmGjU29foNGHhnhT/SSp2TV
-PgQUjuqvUkoPtWuEsnXbA4GRpAh53d9xa7+mf+p90QKBgQD5TYbSS6oXC75uTcvZ
-5oWrzZDI+1j+hScwT7piX8DDaUbB/KPenl7jKQvFkWCQ2PIhNnMzWF57NCzt//9E
-yq9wkTbBETXWeSI6AxPpwhMnhCCgAnfP0Qc96ndiB2/3n7iMB5DDjkeA74WPhwlE
-3C1HC5XSNxNAY9STdR4TVu6seA==
------END PRIVATE KEY-----
+++ /dev/null
------BEGIN PRIVATE KEY-----
-MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDRR/8gjzSI3VDt
-1dFV2BKi/2HlDXEpAEk10BxK79QBScWEOqO5FK7M0VBTTH1oOFUUiONCDnaMF6f9
-izupnCY3/NFPiavqueEeC1iL6r2Ajd+gDh2/GYWBlIfm0A4xd+Mpfu8Wb34BCes5
-PdoRomJyp4tb9lx18ySpZhXC+nq4nDWjgruEQcw5/szy0GU7E7l7GgWbb4x3oaUs
-WReG5ddYI8UDPq11OGm687RBO4ruoIyBYOATUe3LkNSM0l7V+dSzuX7mcU1Kv1Dx
-1mNq98BEjUhGnVM26Ma6+p0IWyLF92r5sc+adr3+4IgBgkzIocA+aPwG498H7JdI
-H9LFzRGBAgMBAAECggEBALYk8lCVMsT30irdkI8lOrswiDRBqb5kqFM0qJsz9pGU
-clruanZ4INbUShPlm7QsaygvJ5PjYJv3LteF6cxpwf2yhT2zdbQaSWrLtyo3iO0t
-DXeRMaSUAtVPv6RMaj31uPjxqAcfzEv9JQOx6Gy2pvZhCfJlDf3+O2dQGRqUxGCM
-x2S9pYdLsvTD7QRwskf9IhDK8YHRNDsjd5JM5OilesBTWiOsLyt9yLc7rfenRUZv
-+vCU4h6X6Mj/dTSaw3rPYvWIntbSvASlwOJfiupvJWM/K2uchqOi8HTLKcnmOZf+
-iF7AWJxM6EyV5ElRXvD4qmDHIbz6E+IvceRMUNUZAAECgYEA/4dPG8aDTbExiECK
-NNTu1bTdJIKDt/p/KgNPclXsOufnveNziRjjw7E1JGHNB09OJkr/iWXUJbni9N7m
-8NWNCojO2SWiP+Wgf1PABI8f8V5sr6n6reatanEyp/SzYQ+9pBH7igyksvCEL54v
-apNRrw42DzCXdEryw9z1tVA4ZAECgYEA0arYFjlsWdQBhBXhkf/4JsvdrNacJ/L0
-ZL0PO2qeg194gzwvJLQGZGPEHOqGfX4qrWj3kCMvJI+5OAmV/iUt2CcxfKO/+QtC
-cF4ZCimwl2tHi72lXnL8TlOl06c3hOV0OX/98QMclZSzCyejJg8FhZK77/Jond24
-UiNt6sXOrYECgYBLbxNwfKr4fY3EzmC+dfnHxuvdwlXGM0HlEjMa6rihLyLfkMzj
-tSBP/flVMzYGqWfFsDA9zHzTYkvYxBDjGffYG0kNG6oJOO2niP7PmbzxUVG+jex9
-9/JL0P0GThvCVJZEYDakq1TXql8re4Q97x2XExfsZgjgANwn7AvxKaxsAQJ/YXYI
-/Eu1Egx6p+uD71oM//vED5OzAt7su+cmLXhiNq8qVdakE2ubjQ7TGp3p5mu/atxg
-N6AjSduFPYc3MewWY2PUnRuBIUManyEegpree4RivZJqTH0my0IW00vngt8mJ5RX
-drD7mIyGrai/LfHNn0mWEvObrcZi58uQTJGmgQKBgQD+nxQL7NxySUz2ibT9AYaR
-DSli8zxE8tCP52B42DoDXQzlZpriDE8FbtoYK3MiFlpFPTYoHSf57A5NTngLgmQ4
-n2+HNn+MJUB3fyvitAobEXZS98nLLixtk/wlYyqoKGCgoRDLpWjR+XALhsdQ3HJm
-18AbgRl2U6ov3eAvNyV6IA==
------END PRIVATE KEY-----
+++ /dev/null
------BEGIN PRIVATE KEY-----
-MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCpVDOPi01AIVnP
-Qncuo1jcm2xiq9j3fgaY4NggE28UAdI6nNao1Z7NG7dT5KXAqlATapo0xovOsPJo
-/+GN7aORJ8kwddON7r7fxh/f71DxIdVNrge3uZe8umplIgMAhnt/s4vEmHM95kQv
-JzFtnH2d2takZWi7Wwb785u2afkI3WFrDgRI59fZioIfRHSkvoZUu8BV2sXW14Nt
-JglOxofMieHoQG07n8OyiyOH0oyTvpUzajXdM0XeBkLuGBlaHVJGVKTwr1v5Vm2+
-PQHqlv51a0SV+DuKEWdZe8gwzQVAWvXOXYAqqgv14STSgVS3fzmwHBAOaznTBjtY
-SHqpfupPAgMBAAECggEAb3LTKPR32PDairbleNXcg/7sPJl9CZBySSccOShxYMq+
-EwPtqVxI1Bkc9eO1UPUIFW+BpaDUnisKsh9Q1riFguGb4wB6SJ3OFbzyd9KtBLjP
-CvyzabKG85oCsyPKtArPuEJ1iOUKXMB1Ok/ikZGBgGdsBPIWF9KW6zfw0gQ3/COf
-Kff46NYB2IK+aydp9oeq45yfPMts+ZtfDg2dEsUmRojvy/oy7uLehtEEyj09BzU4
-VLiV9OY3XFcCFtkj3SDqaLEDCv+Wb3ywsBs+6ZbfbQ4JJFqqHhqEgYrXPdG1lu7k
-pAAEbXaUucgdnf5K11PvtQnfHkLKxZ5z9Y7nd/PKmQKBgQDbd9a01dlY/Mg/7S1I
-NvzBKS35oSFVgWUaAlDv7K/x74HA8hO+insOV/8UYoRMOpHDTYElVsxAQ4ymOfXZ
-ghk+38EqKZPvVG6q9C9FhCNiqSjoxQUMbGJVPM0QF5/nWk5SgBefkA02lCWj+Ox7
-Bk2ne7hjaJeuWQUN1tQZAGijlQKBgQDFg8nQH8qFBQd9NN/9ldNIDkeyxK9pBxxX
-MFislUZof85Hnaf8SKTErequT6OKIj2Wr7a7osmub1UXqCryFvTU9mAJsGQEWDVb
-rB/j+xFNtR3RC4vBKATENfT9NjW4S8gj7TRZZKosiHDE7ZIRYZQwvhqvxk7vrBx7
-CFrNVmIdUwKBgC3JpdDaoNrw+jJkIENlvXvrRH1FQbgeI+K2Qv6baeXW60I+/yGM
-sLnAYCZ3m1RwD8MoY15P6pMpxKlVhFZZzzyP4DQUspmHCwO9qDMfq2ZFFpThrfj2
-j9lqsvm9hA33iEmsEcGngyo05Fl+cJAGM6NSq5iJ1MN6LRTDEkMZE7u1AoGAbg00
-UYalLODUf2sKsxzcEHYEdRMqOXcAz4PcpKy4AlnT8gtiIivHwt60uFMfaEQT1PYq
-9vmJLmxSGVBWPXWVDWQJttxVniYX9PA/BKRLy+RyrJumTwWhQkJeMwgVfo6bAYmV
-dYmlWBLd4pwMmyqni1EhRXdVXC2l4NeS4H6VRIkCgYBFXAcEbTWIpEJn+iTjaoao
-FMu6f8nAqTwGyX+0o43Zt7V8I+WcPHkSfNZvhQyl9vYwZTdOGMyE0/KYgaitrtCc
-XZiWTowoy1POGoAMqXwkvB/iqe7++Isb9BQrRoTqS49gIdIYLkL0dkQamjuOAOLC
-ayUpgzo6DfPSNIqgAnDSUQ==
------END PRIVATE KEY-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIICXDCCAUQCAQAwFzEVMBMGA1UEAwwMYWtvc3p0b2xhbnlpMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzQKcHSyj8p/c7eJEMuIPAi5HRaKlIjFajsho
-xt9jayUyYu7bFpfdYCFhqct3bJlF0Vq/tUwOMKYzrhI3ZjjsXOW5fE8OFLAawahQ
-41YBzmgNY9SaGzOV8NU4eg3Vs6dzL6PtVLtOQAoJC+1zOOC9ZTYukim5WeE75r90
-a40q92ExuhAEmNO1c7d0vAbXwHwzSxjXWuq/h32VPrrZWq3HQI5vW5A4kVTyuDBx
-s63UL8gZZoOZKLp+LwDC38zmiAjk78Lj5UeLbS1wtHHeM8VHnuYu933egW+tpABE
-tXhPPUND711aC1a+q9oiLYDxmf4T16KOSvsxH44n/UB54XPz1wIDAQABoAAwDQYJ
-KoZIhvcNAQELBQADggEBAI2tMCc6wiKaFLPbrGXXLjcT/QEmXGo9TxUXvMHhg8ZA
-SXsAHc61tYk2dipGE4ttIMomTPEDdQxhAY2Dk6IoEz8Jcs0xC8LqbHZusl+Ttf42
-LHIVUAF8rmLcQcjeSuYnrtntCLvk6wV7P49RhQM6RguP4ItySXshkRGJCxIgLBzm
-GtHJbJ2AWr+qvfTB2bMb4bZgCWo9jDYEc8LNBcT6NzWPQQkGl+oOSzfXukDQBG2K
-5WvMQYwbyHUr2b8XB36uOJi3UasWHKoRiUihaRNrXnaIa13zXEYCM1+Jd4ZP0xBr
-ji2hOqi8fCCAZGhKmUtWEKdKD8I4qJPW0JoAk09ayYM=
------END CERTIFICATE REQUEST-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIICWDCCAUACAQAwEzERMA8GA1UEAwwIY3NndWx5YXMwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQDGczlfgf20DITII+BEgPWfwc0P+LhL3cmwinS0Izc0
-ydmCldnwoZ5UOsQzGc1xlu5V8hBnNN7cCrIhBNnXWxUpfwhU2gy17Dm4eJIDBx02
-PcpUdeln/ru40jByaudcOR+Tu7RiQGzTxadPJHweDfnqFc0b8eVbhnuZA5kgsCov
-WCqqtg/mbh7cQ1cE3TLX7AEsHINSAgTCj81p2u0z4f9pZS4mZyOmgTUFfFLHSYpp
-OCaeh/1TKpt7kNEauE78t24MJrhVslByTNXLi93e5tq0tAISHCSEvYGKTXi4b7zc
-WgPacERIEBO9ur7blOhrcb7QzwOZVv7FrWhR7v99JYD/AgMBAAGgADANBgkqhkiG
-9w0BAQsFAAOCAQEAHhRbMPoD+Dig7DFE5O06DwodCGb3Mh4nY3Y1lK3QAXvpo8+0
-FV1Dc6paJE48PRUcW0Tm2h344l6gs2PCjxzzjYOK1A5GAikU0TE9Nk83Ic3dwZKv
-4XV+/NkXMQP5qjAdje0rdd70ApDWudsXAu0Rz+vCR4ynEj26x8TAiTFB0jKnvMfd
-caXlI7/fNylpX12s9i6MJ2xYB/q/wtUQHWxhaJL1GA+i3EjVtj9fvZP3BBdIVUvF
-a6QOgNqiEMhuU3Oyxt8vBh+2h80/IKJzCDwUy059pAnNjK+dZY9NzsKlCI2VktQl
-iYSmsOIFyjGK6WFfyxtNl0YkDtDnIsCPaNu42Q==
------END CERTIFICATE REQUEST-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIICVzCCAT8CAQAwEjEQMA4GA1UEAwwHY3NsZXZhaTCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBANGscOSJiNjf287+HoV5Er7D/nhdkCE3TIv3gyGLr+AX
-gyC5NPf0rKzDa2+UYLHDgphVShlhiTpgdYyZhlUH4LXuamJBKTnkwNMUIngeTAL/
-mjY81ReiKNhonM3MzDINrLXEw7TOwddQrWVEVj/Wmh4STBjZ98TZ0Otf7tS4HGRA
-y89icjgzq9fFvISvXl3S31EOYki1ceh0wt4cWfutrvmemntzx60aQ52SA0BcsIkK
-eed6pKn+0qI3+zC5hIuvTa7RaDbc35zz6YSz3EGXyzTqGJef2GCG4o/xnmttaf54
-h/lb9U2/XX4pw3NoHZoDXPc0/YnZcFnm3+NkVSGpI9ECAwEAAaAAMA0GCSqGSIb3
-DQEBCwUAA4IBAQBfEotuHRmWP6y/xf5+VnUC832xQ4e3jubH6BoAobXoQgDLmPsm
-h0paUXF86tG5ZfdyseiNGH4KBCiAljFZS51y3H0S3/ueAkMSSVo8o1LcgOk/iZx8
-eRbKixqZywx6erCHJSIhhRFvGgN3DvPHvl+txND+62q+0kUVEPTC6pUcubCTn6ZE
-DhWXRUF9MpQHVrw38bbXdXc5YpJ6IAWJFopFbFUebt9380ncsSU/Oh7B9Zy+cHaF
-a3mcxDiKF8UFnGnlj4eMOOtnRNeQvjzdBPqf9U3nby+m8o90/W7wskeC+fd8mLww
-dtDAj3H5LSRGhlTXT1ZBVcUhLYgwx9DAS1zt
------END CERTIFICATE REQUEST-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIICWDCCAUACAQAwEzERMA8GA1UEAwwIZGhvcnZhdGgwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQDG+BrupqZCuK4//EXGhoEXgXTx4usUpiJeOkQzDNmk
-K2Ri9XdhwZdWQu6J0G1hp6FZZX2DDpd+Y7Sr95X9GMELLcPeZnqadc3vHw5WtcPI
-RXho8FGhMHWfPrAxAqfYc7XrHGyTasC7P/etJ3YOhlX4I+XTcG4jn9yU8FBAmKmK
-B8fjy+kjypFNAUnbjRrKTPZSW7YCFWmzIGozwGFSvNUdrPRqjsyp+zaPiyHbkfg6
-EdTNx9bHzUEXzZFJC0AhjROi7vpZ02BV+I67aysO969hp2uIwQNNc03jwOIXsSyd
-eHgcnun4DCxkaLTBSkNH9IeRBvkA/XYAQQlYtaK4r7cFAgMBAAGgADANBgkqhkiG
-9w0BAQsFAAOCAQEAQRwJTQmsuy3iKYMr+qEOxTeN7MEnjFfcgS/lsMCirpCuMbFo
-Tp9LcD7ik6OGV5wjsAu+JFdD38jFBn56oSAzOJlNCzjAo9pB+aR+M+07Xk3mr5No
-6wkx1EiemRRixBG7l19OOKf0/0ciU3Ykmla6/Y8dbht7Ti9DWLXBM2zp5JgOBg6h
-Cqm8USROS1pBQxBlDa1IoHpRcR5nNjO6l2RfDnd88zoRgXZdpFu7w9BdRv8mzy11
-e9RYIFoPj7oHe5TYMUJ5o91TuBv2/0qqKhNqYYB9ZtwEGb0jwKvgiLdx30Dr+9dh
-L/kNNOZ/h4YiYaYP3NWi1alhxavUjMXoWR5Z7Q==
------END CERTIFICATE REQUEST-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIICVzCCAT8CAQAwEjEQMA4GA1UEAwwHZHZhc2FyeTCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBALTZLtooVneSTf04lqaNxApEddz/ge6eDa+be+1eXwO+
-M16vVOHouA6cg2IkzpQM5dCKkEFfck+jsCecczJSH4yd2VLbzpGF2w7GcfD+Qm8G
-EXYWMkUi8Ddy2IfS9BWtd7Xip1CBgFeHL4T0nZxatkdhLkL1WUr4sd4vw7tKaVdh
-bdKmnL3ukS38jmhfYrjGbw0pfCwmF5aKQkUpk0npcTvfEVTFGUcRvkhCXd/nOQ1Z
-BnmnXWj9/2PU1fKkd7NGwnydvxBXc9oDwIJMbFU3HmRo0JbzngL5xVJz3BVXgS4P
-AZgpvM+hjvpY6AWYO0xzZQbl+b4lmuLpM76GXxaK/PkCAwEAAaAAMA0GCSqGSIb3
-DQEBCwUAA4IBAQCR+nN9xaT6hQw6bJZqNyn6hBJ8F5tc71RBUFD8ETUsN5MJuhfu
-HAT7E1eMHRKE4ByZDsb62IMmZC/nsOV66wW1pdnRuDxNGtLtafM8+pwZFMK/GueD
-vAu19aYmXpvuGRmHmU6v7NcAR7m8HOXgpy372wAsCMCUTWw4Ss6X8hFI6IQ2hANn
-kyvYHY6xtPGPd+/UwMAR+TnZqdg2wUVvVcNlW8y+TjnZp+f318pLAv0aDs/pVb9O
-bYLNBL5ccWh2QrWz9AH8KC5vZqwfIPsvnnDK+Md9SG4qbUOgwGHqiDi3Dv1OZHN2
-O3NntAI7yo4rY2RI6LL7ZTCZdJ8R2ZGfwjol
------END CERTIFICATE REQUEST-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIICVzCCAT8CAQAwEjEQMA4GA1UEAwwHZnJpdHRlcjCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBANJY0aUFPL3tynzzC5bRAdvFYWTtnC4jD52UzNz/hEsg
-zp0f9vIguBt8hxpq945fz7A7C/WKLIT7NWM/rk9Uzo+1PHbutG496TkTSw8DZDKh
-L08Sx5HbXgmTki6efn29HAD48hJI4FcNinqL1GhvPhlvhtiRlxFf21JeU0tiklbW
-4wJobUB/zksotcGdfYdcCrUz9aOgGqimHCSoM6A2WeY8zqqQ0XRoWU1q2sN6kHRE
-r7PmP4KGmrulA3x5ku/5/eIJRrcsV9/wHUuLqONdKXtAS7Bj6Zuq8yZwlIFNKURV
-l7Z1POO+yqRbi56pBNHXRXKV7c1iIKoPLwbKWSsf/gUCAwEAAaAAMA0GCSqGSIb3
-DQEBCwUAA4IBAQCOYkP7z1sBtyC4jxSIkIDhR9VlKzX7tcJfOKK5igQqYhTXUhpO
-Lk62G96P2KFNKmFXKv743yrGh7mcp9wB7T/X5MQH19dQtdng8jkmMQV1m4CAiPfG
-0EOWqOIxlD5ua3nSF532mxhpmtQSJWSHeihwK2BfxOi2ZDXyBMbtxa2X9lxzeKIT
-P5WnKZPA9Lj3gpJGbsiL7LSfYhR/mwQYKNhenO1+5YpPg+XpLDT7lWkTmWIpUWez
-+5O0LWPR1+EZBTx02XZCLh8zJaU5cy3uL270aRH4pmU2wMUzP4pbToEAEOxtObQZ
-7WXC1vsC8QPMdhhAsIztGKnEVUvjg7tElV/h
------END CERTIFICATE REQUEST-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIICWDCCAUACAQAwEzERMA8GA1UEAwwIZnNjaG5lbGwwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQC6SB5/L5Pus4jPCgqCDUi97dg/XRPRIMA0uY9TOVLS
-fpFP5UwHc1QlpmrHg7j8kx22A3JZQUphuWgNTuKbtHRsh3yjYTAiP5tTIzHhtjfv
-DTLfbkAU4dgaDpOPbFUN3cmaolweRsEZzuTuiz6Tv85gMCnaLOfXqQZNhGDNOigY
-DdIRbgHpGgxr0Qm05l+VfcOj0/tEFVC3vm6J03XPV+MT9pk+6is4BVvUDcZlQpNj
-xudEWiwBGYhSx28S+iffXrZA6RU15CcP48cdN09fC3jLM6LmBjWzsdRKT1VIlbHg
-XI81h9kyBxtosOuLA2ecDhQMY8oix4aaNV+vhHX6O+dDAgMBAAGgADANBgkqhkiG
-9w0BAQsFAAOCAQEAdsL3yRsG40pw3tyyaOi4fxKAYcnKyT30lVQOMHaHW3f48K3z
-95jw3FhnuPPa6escjh+/RQBUijhtTkPiUTf9ZH3iCFxYAtMUiQ7+ak4nX40A35PS
-hAwyq/9tKSjYS8c+55oT1qLDLwsqEL3qQJpP+x097qyl8lviOBl2emD2/npe25OS
-faeST748fKTM9Ew2oXZyUoNch1psFKDo5uxR2erQ18hvM1h8OivyfhvNVmLcA5fe
-oJIA5AjXmBv9JP+v2rDn/YA9I+hBLkKgfWckcce19E20Yu9rsSD/25jlXXf+NEfS
-IbwqT26UiGaT7H/2mjNuIpX19vupXEQLRFARHw==
------END CERTIFICATE REQUEST-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIICWDCCAUACAQAwEzERMA8GA1UEAwwIa2hvcnZhdGgwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQDrBA21OGk6aQchHFlMB2wdMImTPZDT7wTL7EGUnjWR
-KBfkH8srCga5apHmy4lg5jwK+P+ubEjj16lSlV/lyIBcgrWRO17gI4KNUlMK6uiy
-krNLux0vWuQpqWksueGeExw8Ddn+/emnH/TCqzvrUpVBKlrUnumOQJdg++gSntbk
-citDV96Fa9uUJ0XrQ7s9bhfG3BnS3M3IZ/zQ04+BTBqt3+YrQweVGK3gIcZa/c4X
-r2NYl7eG20KVfzhGCH4mgSTift1TUaspQxmtX4uyuM8ZBg4VZ6RQeQD0+Cq45/20
-WZrvEPsQv1c+Juwel22th7lglGkklmk2miEAQpgGJNX5AgMBAAGgADANBgkqhkiG
-9w0BAQsFAAOCAQEA2mPLxcIieCIW1HFUCOjiR9KqB8bnGlsfJ6nJWaVNOu8mpNqZ
-/LbA0ixNhV1EotRQNRpMgrvN+Z1j1UlUFNhPud/LBY/u8JL92q8h45UX+YpOBTzX
-d7qFzyGR3uHbRLYk1eGAXvBYevJChG2s8DhLgqfN4t+3+DROD26is3ZQcqNNmA8Z
-nfFG88zareVj2MY7Hy2qA1GEt0l0D7xY33vQULGjMw1JzL8CpEPRmpSgGMN2Oc7y
-IVB9xW7LnWiR8ROEWsGyaVGarR3IP2G2LHbG4CGacOMPfiF15uq0uOvO4tvrNEDw
-WgSnxQmpNip+UsFE4yohgzagj3vfPT3offeFjQ==
------END CERTIFICATE REQUEST-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIICVjCCAT4CAQAwETEPMA0GA1UEAwwGa2thbmN6MIIBIjANBgkqhkiG9w0BAQEF
-AAOCAQ8AMIIBCgKCAQEAuWpjeOAb6C/ccPRJb2x7YgV2YE4BT5EHLbKOf+FhTsMk
-HdpsrrnV3gDV9882j6HLnBVMV+h2NoOLe9TeBMkGQDLDMQHx9bycl0JNgkdxzLgM
-LJG7yGsrYgnzWsVfQOhGfJ/Y3SCjvDT5Zyiu7fzNPvBozhsC1NrSC3S2MhE5blOA
-p+G5Bpau747dDiYFeixGffa6r28+RIv6/0D9PjJkpfcnYPeFKDPioy9aN80VAv8o
-tZWkPe4Bn4Z2LQE9tOfiH/u+H2ov6FBoKi2GOu848Ubf51xTsGMTgLRNuGB67nFn
-vMghg2RvRQcZh/NJwmMEWT9tgCEOL07MtXw4R8R7pQIDAQABoAAwDQYJKoZIhvcN
-AQELBQADggEBAIv3o0kbUToXn2KYKa2R/oeQOrddTwFRS6TzlNsZ+Y5bhgRHmfn7
-ZujH7wGb2qyhKCf0FdF6SdxTC3lagBorDXm+VJW8gpslWgS3rYLCgfHd9jtbmqHs
-mzHXap1LzKIGrQjmshR1U2B32CdVlyDLnMdCiu6q76DDcFLt85DL6hLVRsIHzcHf
-+aSTTrydAgLVdH7O8k/Rpk4BSD6TDSkMZpJE/Fs5hhO9155D9uf3Df8DOhsHDu4e
-TrFnErqTjuq1T620QQHGUtgqQsM82om0k6vaAAk4f8qkfa/9kO8tcqvGpYLomTli
-LU4MMPZLj+lP4p47+OA0rei8oJdCnkzDXfI=
------END CERTIFICATE REQUEST-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIICVjCCAT4CAQAwETEPMA0GA1UEAwwGa3ZhamRhMIIBIjANBgkqhkiG9w0BAQEF
-AAOCAQ8AMIIBCgKCAQEA0XoG5c/rmz+Xd+Uxic8KTWO0fd8xBINi61y5dTXSsZtg
-YzY6cD7hX/QiC3wy7ce7ZERKWpumOlu1pfigw7vEpBBambEM0QWuCCUV3a+2Ls+W
-6zUl13PjqNTr/KleN3E1qhpYTVffp4wnC3YomAsXmHQlPFQhUl44zuJ//VAXQzz8
-TLlrKFNZieK5+Oy2HhS09opRPtIbBHePo31X8hQLfOVwyhpXfOGyGl6t/K/J3dSB
-TBksvbbDW/o9+S2tBr5JhAH2RMqjuyojTLLq2Gc2IsrGxhnfsfoxG8RA3E7HCmYi
-XCU2LVsiI/Zdvcmzle/AgqLZ2OvSBU3lMR+KDAUNvQIDAQABoAAwDQYJKoZIhvcN
-AQELBQADggEBAIA2nWkRT+waN7T/ZC2crLMH9rUOAVVzC8ufFLIy0/bhsUkOQZ/b
-q22U6Lr/H/FKudVzIizCTjrDd6iSBdNCTnqkveuThxjXVqYQCF+BfOLOm49Rv/oN
-pXG/ScnRhbdJN2ui3+ZvdtfsBk0K2lsSvJ+oxnOeN5CrDOFFEuXlkPpBulzm1y8g
-aB1dyOi6SKSRXDQqn48HPoUT/XQCE1sbAYhdnig7ryoOUwLmi1k6+8ZOMfXyzdvi
-MQFsryRxqqWXkXNTrL51Z5PD24w4XmMemqfsKX8SJ314vGz8W+H/ufQMo8DYS7f9
-flfKcecSSx7ATSJqwoJpjpuK/L7pg/4AjLw=
------END CERTIFICATE REQUEST-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIICVjCCAT4CAQAwETEPMA0GA1UEAwwGbXN6YWJvMIIBIjANBgkqhkiG9w0BAQEF
-AAOCAQ8AMIIBCgKCAQEAt+NX5G1BL3GIODVc+1RtddzU/DiVge2YE2obqttB+y2L
-/x1JnAietUqgfEiWhx2N6t+FrVojoHya7JeccyAGKwIGZyuG+5R/6P8+4jz0PRNA
-8m08FV1yon2wwgoXoqODZlLpCgSy8bcdhpP5EYK9Jlq1OZ1h0jR4JSTG/efIO8i7
-jZj6z1+45KiTLWhwUbks0HwxlEoAuS3UKSqyGFQndy/gPKf0ChbHnKmgsbpUQ6JS
-FFhxdGP2m+ZeiQmMpRyuQYIBjSyUraHAR8cai3kGxj5mm9k3ZHB71sPxAoGfTEJd
-2sCVypbkf0F1cvM16+Khl3g9B22QJ9BBsXQa7h0MfwIDAQABoAAwDQYJKoZIhvcN
-AQELBQADggEBADL3T5id0TGdqLrj1EVEPuYEvACvAjWeffcc34uicH9RqfydfgYY
-q59c7alCb65a2giNFyVocJ7Im5hwPtt60STLJkHYJJh36AYV/ADYuBXD0stbB+DK
-fLyqvGK24WbMDFOLX9iPIY8L7e5sMfuN7zF8AZ2piMlAh6d78Z6PLu/r6c8M+acS
-1pWtYkM8oZ1U7H/DHE7aAfAlk2AeK8aZ0W75Q1UmZJ97YfvhmfIAWSEiVmbwhTnx
-+bzs5MYzAHbguZvoK1ZdVMtDtXxFzRx6jZhT+T5/cYxTrjduHq8V68j90I8KJM8+
-y6LqwfOxtYPpn1ZMikmLFjrbxsHYlxYb7bE=
------END CERTIFICATE REQUEST-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIICWDCCAUACAQAwEzERMA8GA1UEAwwIb3N3ZWlkYW4wggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQDE/ZTpYqV9dJKaItZ7Nf+VJujTvx7ulr663iwxWgIn
-baxCtDrgIolj46O1aItv+A6pH6nlYtG0OWxzYYmhDtuOYiEGC9VPZBA5TJH1Bcpl
-CYLnxlJhf+3elbyPI6MBd8MqHHX/uVVmoq7/Jw1KcIy2Tfi8Zf3/qGDh6t9k6UY0
-cew7Bcvs56C8OWwEFvkMLMJLT6qAa9c3aOnE8pERWzMDjoVnQHyXNoSUFSE9KumH
-gWUh+icHyhsL3/rrNGLVUvy2ABpUvG0KUnBeFTjszt1iDMbCEHyypYsYEIH0tZo4
-xMwA+t4Lyou8gt8vnoQ7ah4TYcFyKM0NcR2XNgQtyFDhAgMBAAGgADANBgkqhkiG
-9w0BAQsFAAOCAQEAH07ihRGZT6u4oiqPbe6zFQo1kECfvxzuHBU4EpExc4R6lrCr
-WwAgF9sSLhpEZMQA57XK1HuIGZBxMTgrsei6FtvOP4ql2B1Jm/HYqJsCp/JtRrpp
-w0xGenXbQa01J1S/qOeVBFFTHO4RVmVpJyrv6iSzY5a2OVwj7nhgpgkjegM2nYQG
-p9IJO1nE3mSeJ4Ir6BE5dNEGWR1Nlqs5YS1XhU55VN5TIwIOrGi408jRtGMWtnrB
-zz6FT5XEzaDRBcxKml2W4nCgNXXx0HNmplMcQ9my0cf8pMYR7jf8IDVf+kHV8pVH
-/Ixohh0Sky7h+Tld/AsfmxRrQ3IV7LKAc2OsQg==
------END CERTIFICATE REQUEST-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIICVDCCATwCAQAwDzENMAsGA1UEAwwEcXFjczCCASIwDQYJKoZIhvcNAQEBBQAD
-ggEPADCCAQoCggEBALmDgDDYIWPF8YWvDSqvtshQA25sHFUosp1ZHUIL+ULqONY9
-Gy+ewsSR2A5WKANfqKm/atefIni4y/V+2sC7VrcloYSvGXDDJ/wzggFxdiWjbrvW
-o3EbSkhRPWrGNigFiAE8akW1o0bxi79JUoDGMP2jTDYi8LUi/gUNj40UC2c9lU9W
-04imo6dWUoate6kD6DlQGH150JzHJEsCdWCVYA+SpUR6fGvsdymsb6l/fe4GnDbV
-jP409cBSbE4myUzmFwJBifdeg1HrLFnB4JZte1d/99bfWVlawiNbfPb5Qez6Wmyn
-QSxexqFQP8JMqe5g0RCv45nDLcXczazujsaSFjMCAwEAAaAAMA0GCSqGSIb3DQEB
-CwUAA4IBAQAYllfsBlZwMHZdZX4N99Noin31OtCdCb0UrAcKTSYyDv4mnHItbTs5
-9gbrnlSz5iliytteNvgVpAUGltnADCHk0Cw6u5izGMepxzdDHUKGTF3o61SqwObb
-WZCtOLB0iFyBt1C8KCHSFowGe8J0amA/Ng1rRBplQMHQtRkP3YbM4AOB8yvAx76s
-7PhrKJlNEe6+q2vRr9Ymil4Cp7HAUHTC8jvZ2OWT+hzokkXhXjnPCivXOTvg0stp
-MKpUjh3G8PAYTZd2TBc1vI4lsxhCEfwD4HKYhsrR1e6dUBepbsNR1aJ6mvFwplGq
-eG3JiRe5N0kszNTeMuX9nKsrTSrk3XcB
------END CERTIFICATE REQUEST-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIICVzCCAT8CAQAwEjEQMA4GA1UEAwwHcnJlbmRlazCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBAPNPnOe6fzZPHax6x9BsWfTC6Aej0vG6e+d1lpFHAqxT
-1UAbQyWtuRW15bDAkEJ0R6WSsPUc+wKpDr2dsm2FlSorlVGbThQiRbyrI9924xr2
-tyei8OVJiATcy32gTiuNVpdZ6U7c959BLhbvdVnb6ZxZPuU/BaeqDQG82/gD4bHW
-S3AYG14QBaYomVnlpTgXqZKVunSEzyDU5OQmT4JtO6pR1C5OyJljOrvd7l3pHKtL
-VKPfSFTAfiCFoU8Kkz6UkJCS89xzlBY9mW5XgpiHjPgVDB41b0hH7RU/5AaYBPGv
-Jz2vJRCqRnlOAM7Uv3AfL2BLoXe+aP82Sl9g/y7P79UCAwEAAaAAMA0GCSqGSIb3
-DQEBCwUAA4IBAQCo8enI5r9XgBEk8aIAvOvOMrqCYWR1unGm1MrzrDn59786uaM6
-mr7xkDajclPNjg17BHXuD1G7b16pCqP1laysBQ2oEZPznfUS7DoZ+YhYtUoKDnvx
-JISsOwRw/VWlZedUt+GZh+PoUaoQ6TWHgiNpt5j10o3aIvCdaLxRAMg+1fo0ta0g
-wRCDGgAKxpacs+10h7iSFpG6LWxXsQbCw3bd3gliPEmPkFk22W9io3hruszLfaPx
-OCNBuS4Q2McyLZAwLb15PneF9GukDGkv5TBbAdFsOSrd89eZVrGohdyty+P3EPiY
-6LLQtujN/8yHH8xPyGIgxHXVzIBq2z3YYEHD
------END CERTIFICATE REQUEST-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIICYTCCAUkCAQAwHDEaMBgGA1UEAwwRdnBuLmluLnVzZXJpYm0uaHUwggEiMA0G
-CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRR/8gjzSI3VDt1dFV2BKi/2HlDXEp
-AEk10BxK79QBScWEOqO5FK7M0VBTTH1oOFUUiONCDnaMF6f9izupnCY3/NFPiavq
-ueEeC1iL6r2Ajd+gDh2/GYWBlIfm0A4xd+Mpfu8Wb34BCes5PdoRomJyp4tb9lx1
-8ySpZhXC+nq4nDWjgruEQcw5/szy0GU7E7l7GgWbb4x3oaUsWReG5ddYI8UDPq11
-OGm687RBO4ruoIyBYOATUe3LkNSM0l7V+dSzuX7mcU1Kv1Dx1mNq98BEjUhGnVM2
-6Ma6+p0IWyLF92r5sc+adr3+4IgBgkzIocA+aPwG498H7JdIH9LFzRGBAgMBAAGg
-ADANBgkqhkiG9w0BAQsFAAOCAQEAGeMg5XZVlzzxpKUvkXYdNIyVtrk6ZFc1ln7E
-ulg2kPeaNhAfOFcK0JSj9xi3C1lyj+vT0KXftHTN0S830rZOaz8dqaYW1zsc0Z8l
-9yN7/LBZ/nJhgziZDeHawXrVkBBNCJ6rnIlqVXUjKLvzyV6NNtFjTakGMu4A37Z+
-I2On858OxttZN0Ush13HcXVz0wRR4/gIJwwAcTcVoT4D4hjSh4f8ARAa9+9RbZL7
-UsHzS5GevDlcfXECZRuJLFEZxhViiQQfnZjqKMGDoDVUGBXG05AGf5YifEABRQx7
-i0ic6m/mNfovYgbbjtadh7KBYzcq+acbeJYYz3sFhxNK/pJvjA==
------END CERTIFICATE REQUEST-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIICVzCCAT8CAQAwEjEQMA4GA1UEAwwHemZlbGxlZzCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBAKlUM4+LTUAhWc9Cdy6jWNybbGKr2Pd+Bpjg2CATbxQB
-0jqc1qjVns0bt1PkpcCqUBNqmjTGi86w8mj/4Y3to5EnyTB1043uvt/GH9/vUPEh
-1U2uB7e5l7y6amUiAwCGe3+zi8SYcz3mRC8nMW2cfZ3a1qRlaLtbBvvzm7Zp+Qjd
-YWsOBEjn19mKgh9EdKS+hlS7wFXaxdbXg20mCU7Gh8yJ4ehAbTufw7KLI4fSjJO+
-lTNqNd0zRd4GQu4YGVodUkZUpPCvW/lWbb49AeqW/nVrRJX4O4oRZ1l7yDDNBUBa
-9c5dgCqqC/XhJNKBVLd/ObAcEA5rOdMGO1hIeql+6k8CAwEAAaAAMA0GCSqGSIb3
-DQEBCwUAA4IBAQBfUQ2ax4jVJl4owEU9/EfFud9kD4g019uptRnxghNOU8JCZJOf
-JF2JQvOy7MEbFCvWqaKSDRpa3OI4NDwutX1pvcJba7AHBuftcp7nqZXSTH4oudU0
-2Sqwe2zpTaYbkU7sGh91R2DapAbQGiz8+v8ibMobH0k2IxbnOiAcin5QY6mBB7yV
-7WC9IpVQfC3EOAurJUN+Ya55RZ4xlH55EFXr4xe/7KpRrBzR0mdZUfauXWLrgjgy
-jHu4u3wMA9YNeIw615h4hvLDBmnvOBeNjmUTVxH3Wd8WtOWVOh/hTCRbR5Co2OGc
-+4+v1JGchh7g4xNtu8rt0KvNWV/Zmi5/vZZ/
------END CERTIFICATE REQUEST-----
+++ /dev/null
-# For use with Easy-RSA 3.0+ and OpenSSL or LibreSSL
-
-####################################################################
-[ ca ]
-default_ca = CA_default # The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir = /etc/openvpn/server/easy-rsa/pki # Where everything is kept
-certs = /etc/openvpn/server/easy-rsa/pki # Where the issued certs are kept
-crl_dir = /etc/openvpn/server/easy-rsa/pki # Where the issued crl are kept
-database = /etc/openvpn/server/easy-rsa/pki/index.txt # database index file.
-new_certs_dir = /etc/openvpn/server/easy-rsa/pki/certs_by_serial # default place for new certs.
-
-certificate = /etc/openvpn/server/easy-rsa/pki/ca.crt # The CA certificate
-serial = /etc/openvpn/server/easy-rsa/pki/serial # The current serial number
-crl = /etc/openvpn/server/easy-rsa/pki/crl.pem # The current CRL
-private_key = /etc/openvpn/server/easy-rsa/pki/private/ca.key # The private key
-RANDFILE = /etc/openvpn/server/easy-rsa/pki/.rand # private random number file
-
-x509_extensions = basic_exts # The extensions to add to the cert
-
-# This allows a V2 CRL. Ancient browsers don't like it, but anything Easy-RSA
-# is designed for will. In return, we get the Issuer attached to CRLs.
-crl_extensions = crl_ext
-
-default_days = 3650 # how long to certify for
-default_crl_days= 180 # how long before next CRL
-default_md = sha256 # use public key default MD
-preserve = no # keep passed DN ordering
-
-# This allows to renew certificates which have not been revoked
-unique_subject = no
-
-# A few different ways of specifying how similar the request should look
-# For type CA, the listed attributes must be the same, and the optional
-# and supplied fields are just that :-)
-policy = policy_anything
-
-# For the 'anything' policy, which defines allowed DN fields
-[ policy_anything ]
-countryName = optional
-stateOrProvinceName = optional
-localityName = optional
-organizationName = optional
-organizationalUnitName = optional
-commonName = supplied
-name = optional
-emailAddress = optional
-
-####################################################################
-# Easy-RSA request handling
-# We key off $DN_MODE to determine how to format the DN
-[ req ]
-default_bits = 2048
-default_keyfile = privkey.pem
-default_md = sha256
-distinguished_name = cn_only
-x509_extensions = easyrsa_ca # The extensions to add to the self signed cert
-
-# A placeholder to handle the $EXTRA_EXTS feature:
-#%EXTRA_EXTS% # Do NOT remove or change this line as $EXTRA_EXTS support requires it
-
-####################################################################
-# Easy-RSA DN (Subject) handling
-
-# Easy-RSA DN for cn_only support:
-[ cn_only ]
-commonName = Common Name (eg: your user, host, or server name)
-commonName_max = 64
-commonName_default = ChangeMe
-
-# Easy-RSA DN for org support:
-[ org ]
-countryName = Country Name (2 letter code)
-countryName_default = US
-countryName_min = 2
-countryName_max = 2
-
-stateOrProvinceName = State or Province Name (full name)
-stateOrProvinceName_default = California
-
-localityName = Locality Name (eg, city)
-localityName_default = San Francisco
-
-0.organizationName = Organization Name (eg, company)
-0.organizationName_default = Copyleft Certificate Co
-
-organizationalUnitName = Organizational Unit Name (eg, section)
-organizationalUnitName_default = My Organizational Unit
-
-commonName = Common Name (eg: your user, host, or server name)
-commonName_max = 64
-commonName_default = ChangeMe
-
-emailAddress = Email Address
-emailAddress_default = me@example.net
-emailAddress_max = 64
-
-####################################################################
-# Easy-RSA cert extension handling
-
-# This section is effectively unused as the main script sets extensions
-# dynamically. This core section is left to support the odd usecase where
-# a user calls openssl directly.
-[ basic_exts ]
-basicConstraints = CA:FALSE
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid,issuer:always
-
-# The Easy-RSA CA extensions
-[ easyrsa_ca ]
-
-# PKIX recommendations:
-
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer:always
-
-# This could be marked critical, but it's nice to support reading by any
-# broken clients who attempt to do so.
-basicConstraints = CA:true
-
-# Limit key usage to CA tasks. If you really want to use the generated pair as
-# a self-signed cert, comment this out.
-keyUsage = cRLSign, keyCertSign
-
-# nsCertType omitted by default. Let's try to let the deprecated stuff die.
-# nsCertType = sslCA
-
-# CRL extensions.
-[ crl_ext ]
-
-# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
-
-# issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always,issuer:always
-
+++ /dev/null
-2BF6CBE6EEB95F052F9D64503F0CC338
+++ /dev/null
-2bf6cbe6eeb95f052f9d64503f0cc337
+++ /dev/null
-#
-# 2048 bit OpenVPN static key
-#
------BEGIN OpenVPN Static key V1-----
-7a5f3c2dd505666b595d6a03a6d627e1
-9babefe23197dc2181a7d1c00b3f5fd6
-7f28ea49abf33ea7422e0ab63c9eae14
-261ce5c099dd27ae26ba9b70b87737fa
-313a21b5e9d99ae382649eb1d0344703
-5a3b99fb9a1cddf03a89aed78fd3be92
-37ba0fa96e49814ea45495148a6552b4
-5f85d6fcc38fe88fbf8f86e0a0e33894
-89c418f65d4c8fc04ca6e59c61024995
-50547f35e5a7985d6415a7304d9340fd
-9f7ff6bb6f063a745fc3d656f275e07c
-8486233627fb96b8d798fbe8d2f8171d
-afc8bf5677ebef7ab1d80c8495d7262b
-c20efbdcc8645b48b68d6a537d9fb3f3
-03e345699bea11b99d9ace6fa5cd1e1d
-5d0951970c379d3e0b28bcaf453c2700
------END OpenVPN Static key V1-----
+++ /dev/null
-# Easy-RSA 3 parameter settings
-
-# NOTE: If you installed Easy-RSA from your distro's package manager, don't edit
-# this file in place -- instead, you should copy the entire easy-rsa directory
-# to another location so future upgrades don't wipe out your changes.
-
-# HOW TO USE THIS FILE
-#
-# vars.example contains built-in examples to Easy-RSA settings. You MUST name
-# this file 'vars' if you want it to be used as a configuration file. If you do
-# not, it WILL NOT be automatically read when you call easyrsa commands.
-#
-# It is not necessary to use this config file unless you wish to change
-# operational defaults. These defaults should be fine for many uses without the
-# need to copy and edit the 'vars' file.
-#
-# All of the editable settings are shown commented and start with the command
-# 'set_var' -- this means any set_var command that is uncommented has been
-# modified by the user. If you're happy with a default, there is no need to
-# define the value to its default.
-
-# NOTES FOR WINDOWS USERS
-#
-# Paths for Windows *MUST* use forward slashes, or optionally double-escaped
-# backslashes (single forward slashes are recommended.) This means your path to
-# the openssl binary might look like this:
-# "C:/Program Files/OpenSSL-Win32/bin/openssl.exe"
-
-# A little housekeeping: DON'T EDIT THIS SECTION
-#
-# Easy-RSA 3.x doesn't source into the environment directly.
-# Complain if a user tries to do this:
-if [ -z "$EASYRSA_CALLER" ]; then
- echo "You appear to be sourcing an Easy-RSA 'vars' file." >&2
- echo "This is no longer necessary and is disallowed. See the section called" >&2
- echo "'How to use this file' near the top comments for more details." >&2
- return 1
-fi
-
-# DO YOUR EDITS BELOW THIS POINT
-
-# This variable is used as the base location of configuration files needed by
-# easyrsa. More specific variables for specific files (e.g., EASYRSA_SSL_CONF)
-# may override this default.
-#
-# The default value of this variable is the location of the easyrsa script
-# itself, which is also where the configuration files are located in the
-# easy-rsa tree.
-
-#set_var EASYRSA "${0%/*}"
-
-# If your OpenSSL command is not in the system PATH, you will need to define the
-# path to it here. Normally this means a full path to the executable, otherwise
-# you could have left it undefined here and the shown default would be used.
-#
-# Windows users, remember to use paths with forward-slashes (or escaped
-# back-slashes.) Windows users should declare the full path to the openssl
-# binary here if it is not in their system PATH.
-
-#set_var EASYRSA_OPENSSL "openssl"
-#
-# This sample is in Windows syntax -- edit it for your path if not using PATH:
-#set_var EASYRSA_OPENSSL "C:/Program Files/OpenSSL-Win32/bin/openssl.exe"
-
-# Edit this variable to point to your soon-to-be-created key directory. By
-# default, this will be "$PWD/pki" (i.e. the "pki" subdirectory of the
-# directory you are currently in).
-#
-# WARNING: init-pki will do a rm -rf on this directory so make sure you define
-# it correctly! (Interactive mode will prompt before acting.)
-
-#set_var EASYRSA_PKI "$PWD/pki"
-
-# Define directory for temporary subdirectories.
-
-#set_var EASYRSA_TEMP_DIR "$EASYRSA_PKI"
-
-# Define X509 DN mode.
-# This is used to adjust what elements are included in the Subject field as the DN
-# (this is the "Distinguished Name.")
-# Note that in cn_only mode the Organizational fields further below aren't used.
-#
-# Choices are:
-# cn_only - use just a CN value
-# org - use the "traditional" Country/Province/City/Org/OU/email/CN format
-
-#set_var EASYRSA_DN "cn_only"
-
-# Organizational fields (used with 'org' mode and ignored in 'cn_only' mode.)
-# These are the default values for fields which will be placed in the
-# certificate. Don't leave any of these fields blank, although interactively
-# you may omit any specific field by typing the "." symbol (not valid for
-# email.)
-
-#set_var EASYRSA_REQ_COUNTRY "US"
-#set_var EASYRSA_REQ_PROVINCE "California"
-#set_var EASYRSA_REQ_CITY "San Francisco"
-#set_var EASYRSA_REQ_ORG "Copyleft Certificate Co"
-#set_var EASYRSA_REQ_EMAIL "me@example.net"
-#set_var EASYRSA_REQ_OU "My Organizational Unit"
-
-# Choose a size in bits for your keypairs. The recommended value is 2048. Using
-# 2048-bit keys is considered more than sufficient for many years into the
-# future. Larger keysizes will slow down TLS negotiation and make key/DH param
-# generation take much longer. Values up to 4096 should be accepted by most
-# software. Only used when the crypto alg is rsa (see below.)
-
-#set_var EASYRSA_KEY_SIZE 2048
-
-# The default crypto mode is rsa; ec can enable elliptic curve support.
-# Note that not all software supports ECC, so use care when enabling it.
-# Choices for crypto alg are: (each in lower-case)
-# * rsa
-# * ec
-# * ed
-
-#set_var EASYRSA_ALGO rsa
-
-# Define the named curve, used in ec & ed modes:
-
-set_var EASYRSA_CURVE secp521r1
-
-# In how many days should the root CA key expire?
-
-#set_var EASYRSA_CA_EXPIRE 3650
-
-# In how many days should certificates expire?
-
-set_var EASYRSA_CERT_EXPIRE 3650
-
-# How many days until the next CRL publish date? Note that the CRL can still be
-# parsed after this timeframe passes. It is only used for an expected next
-# publication date.
-#set_var EASYRSA_CRL_DAYS 180
-
-# How many days before its expiration date a certificate is allowed to be
-# renewed?
-#set_var EASYRSA_CERT_RENEW 30
-
-# Random serial numbers by default, set to no for the old incremental serial numbers
-#
-#set_var EASYRSA_RAND_SN "yes"
-
-# Support deprecated "Netscape" extensions? (choices "yes" or "no".) The default
-# is "no" to discourage use of deprecated extensions. If you require this
-# feature to use with --ns-cert-type, set this to "yes" here. This support
-# should be replaced with the more modern --remote-cert-tls feature. If you do
-# not use --ns-cert-type in your configs, it is safe (and recommended) to leave
-# this defined to "no". When set to "yes", server-signed certs get the
-# nsCertType=server attribute, and also get any NS_COMMENT defined below in the
-# nsComment field.
-
-#set_var EASYRSA_NS_SUPPORT "no"
-
-# When NS_SUPPORT is set to "yes", this field is added as the nsComment field.
-# Set this blank to omit it. With NS_SUPPORT set to "no" this field is ignored.
-
-#set_var EASYRSA_NS_COMMENT "Easy-RSA Generated Certificate"
-
-# A temp file used to stage cert extensions during signing. The default should
-# be fine for most users; however, some users might want an alternative under a
-# RAM-based FS, such as /dev/shm or /tmp on some systems.
-
-#set_var EASYRSA_TEMP_FILE "$EASYRSA_PKI/extensions.temp"
-
-# !!
-# NOTE: ADVANCED OPTIONS BELOW THIS POINT
-# PLAY WITH THEM AT YOUR OWN RISK
-# !!
-
-# Broken shell command aliases: If you have a largely broken shell that is
-# missing any of these POSIX-required commands used by Easy-RSA, you will need
-# to define an alias to the proper path for the command. The symptom will be
-# some form of a 'command not found' error from your shell. This means your
-# shell is BROKEN, but you can hack around it here if you really need. These
-# shown values are not defaults: it is up to you to know what you're doing if
-# you touch these.
-#
-#alias awk="/alt/bin/awk"
-#alias cat="/alt/bin/cat"
-
-# X509 extensions directory:
-# If you want to customize the X509 extensions used, set the directory to look
-# for extensions here. Each cert type you sign must have a matching filename,
-# and an optional file named 'COMMON' is included first when present. Note that
-# when undefined here, default behaviour is to look in $EASYRSA_PKI first, then
-# fallback to $EASYRSA for the 'x509-types' dir. You may override this
-# detection with an explicit dir here.
-#
-#set_var EASYRSA_EXT_DIR "$EASYRSA/x509-types"
-
-# If you want to generate KDC certificates, you need to set the realm here.
-#set_var EASYRSA_KDC_REALM "CHANGEME.EXAMPLE.COM"
-
-# OpenSSL config file:
-# If you need to use a specific openssl config file, you can reference it here.
-# Normally this file is auto-detected from a file named openssl-easyrsa.cnf from the
-# EASYRSA_PKI or EASYRSA dir (in that order.) NOTE that this file is Easy-RSA
-# specific and you cannot just use a standard config file, so this is an
-# advanced feature.
-
-#set_var EASYRSA_SSL_CONF "$EASYRSA/openssl-easyrsa.cnf"
-
-# Default CN:
-# This is best left alone. Interactively you will set this manually, and BATCH
-# callers are expected to set this themselves.
-
-#set_var EASYRSA_REQ_CN "ChangeMe"
-
-# Cryptographic digest to use.
-# Do not change this default unless you understand the security implications.
-# Valid choices include: md5, sha1, sha256, sha224, sha384, sha512
-
-#set_var EASYRSA_DIGEST "sha256"
-
-# Batch mode. Leave this disabled unless you intend to call Easy-RSA explicitly
-# in batch mode without any user input, confirmation on dangerous operations,
-# or most output. Setting this to any non-blank string enables batch mode.
-
-#set_var EASYRSA_BATCH ""
-
+++ /dev/null
-# X509 extensions added to every signed cert
-
-# This file is included for every cert signed, and by default does nothing.
-# It could be used to add values every cert should have, such as a CDP as
-# demonstrated in the following example:
-
-#crlDistributionPoints = URI:http://example.net/pki/my_ca.crl
+++ /dev/null
-# X509 extensions for a ca
-
-# Note that basicConstraints will be overridden by Easy-RSA when defining a
-# CA_PATH_LEN for CA path length limits. You could also do this here
-# manually as in the following example in place of the existing line:
-#
-# basicConstraints = CA:TRUE, pathlen:1
-
-basicConstraints = CA:TRUE
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid:always,issuer:always
-keyUsage = cRLSign, keyCertSign
-
+++ /dev/null
-# X509 extensions for a client
-
-basicConstraints = CA:FALSE
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid,issuer:always
-extendedKeyUsage = clientAuth
-keyUsage = digitalSignature
-
+++ /dev/null
-# X509 extensions for a client
-
-basicConstraints = CA:FALSE
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid,issuer:always
-extendedKeyUsage = codeSigning
-keyUsage = digitalSignature
-
+++ /dev/null
-# X509 extensions for email
-
-basicConstraints = CA:FALSE
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid,issuer:always
-extendedKeyUsage = emailProtection
-keyUsage = digitalSignature,keyEncipherment,nonRepudiation
-
+++ /dev/null
-# X509 extensions for a KDC server certificate
-
-basicConstraints = CA:FALSE
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid,issuer:always
-extendedKeyUsage = 1.3.6.1.5.2.3.5
-keyUsage = nonRepudiation,digitalSignature,keyEncipherment,keyAgreement
-issuerAltName = issuer:copy
-subjectAltName = otherName:1.3.6.1.5.2.2;SEQUENCE:kdc_princ_name
-
-[kdc_princ_name]
-realm = EXP:0,GeneralString:${ENV::EASYRSA_KDC_REALM}
-principal_name = EXP:1,SEQUENCE:kdc_principal_seq
-
-[kdc_principal_seq]
-name_type = EXP:0,INTEGER:1
-name_string = EXP:1,SEQUENCE:kdc_principals
-
-[kdc_principals]
-princ1 = GeneralString:krbtgt
-princ2 = GeneralString:${ENV::EASYRSA_KDC_REALM}
+++ /dev/null
-# X509 extensions for a server
-
-basicConstraints = CA:FALSE
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid,issuer:always
-extendedKeyUsage = serverAuth
-keyUsage = digitalSignature,keyEncipherment
-
+++ /dev/null
-# X509 extensions for a client/server
-
-basicConstraints = CA:FALSE
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid,issuer:always
-extendedKeyUsage = serverAuth,clientAuth
-keyUsage = digitalSignature,keyEncipherment
-
+++ /dev/null
-#################################################
-# Sample OpenVPN 2.0 config file for #
-# multi-client server. #
-# #
-# This file is for the server side #
-# of a many-clients <-> one-server #
-# OpenVPN configuration. #
-# #
-# OpenVPN also supports #
-# single-machine <-> single-machine #
-# configurations (See the Examples page #
-# on the web site for more info). #
-# #
-# This config should work on Windows #
-# or Linux/BSD systems. Remember on #
-# Windows to quote pathnames and use #
-# double backslashes, e.g.: #
-# "C:\\Program Files\\OpenVPN\\config\\foo.key" #
-# #
-# Comments are preceded with '#' or ';' #
-#################################################
-
-# Which local IP address should OpenVPN
-# listen on? (optional)
-;local a.b.c.d
-
-# Which TCP/UDP port should OpenVPN listen on?
-# If you want to run multiple OpenVPN instances
-# on the same machine, use a different port
-# number for each one. You will need to
-# open up this port on your firewall.
-port 1194
-
-# TCP or UDP server?
-;proto tcp
-proto udp
-
-# "dev tun" will create a routed IP tunnel,
-# "dev tap" will create an ethernet tunnel.
-# Use "dev tap0" if you are ethernet bridging
-# and have precreated a tap0 virtual interface
-# and bridged it with your ethernet interface.
-# If you want to control access policies
-# over the VPN, you must create firewall
-# rules for the the TUN/TAP interface.
-# On non-Windows systems, you can give
-# an explicit unit number, such as tun0.
-# On Windows, use "dev-node" for this.
-# On most systems, the VPN will not function
-# unless you partially or fully disable
-# the firewall for the TUN/TAP interface.
-;dev tap
-dev tun
-
-# Windows needs the TAP-Win32 adapter name
-# from the Network Connections panel if you
-# have more than one. On XP SP2 or higher,
-# you may need to selectively disable the
-# Windows firewall for the TAP adapter.
-# Non-Windows systems usually don't need this.
-;dev-node MyTap
-
-# SSL/TLS root certificate (ca), certificate
-# (cert), and private key (key). Each client
-# and the server must have their own cert and
-# key file. The server and all clients will
-# use the same ca file.
-#
-# See the "easy-rsa" directory for a series
-# of scripts for generating RSA certificates
-# and private keys. Remember to use
-# a unique Common Name for the server
-# and each of the client certificates.
-#
-# Any X509 key management system can be used.
-# OpenVPN can also use a PKCS #12 formatted key file
-# (see "pkcs12" directive in man page).
-ca easy-rsa/pki/ca.crt
-cert easy-rsa/pki/issued/server.crt
-key easy-rsa/pki/private/server.key # This file should be kept secret
-crl-verify /etc/openvpn/crl.pem
-
-# Diffie hellman parameters.
-# Generate your own with:
-# openssl dhparam -out dh2048.pem 2048
-dh easy-rsa/pki/dh.pem
-
-# Network topology
-# Should be subnet (addressing via IP)
-# unless Windows clients v2.0.9 and lower have to
-# be supported (then net30, i.e. a /30 per client)
-# Defaults to net30 (not recommended)
-;topology subnet
-
-# Configure server mode and supply a VPN subnet
-# for OpenVPN to draw client addresses from.
-# The server will take 10.8.0.1 for itself,
-# the rest will be made available to clients.
-# Each client will be able to reach the server
-# on 10.8.0.1. Comment this line out if you are
-# ethernet bridging. See the man page for more info.
-server 172.16.223.0 255.255.255.0
-
-# Maintain a record of client <-> virtual IP address
-# associations in this file. If OpenVPN goes down or
-# is restarted, reconnecting clients can be assigned
-# the same virtual IP address from the pool that was
-# previously assigned.
-ifconfig-pool-persist ipp.txt
-
-# Configure server mode for ethernet bridging.
-# You must first use your OS's bridging capability
-# to bridge the TAP interface with the ethernet
-# NIC interface. Then you must manually set the
-# IP/netmask on the bridge interface, here we
-# assume 10.8.0.4/255.255.255.0. Finally we
-# must set aside an IP range in this subnet
-# (start=10.8.0.50 end=10.8.0.100) to allocate
-# to connecting clients. Leave this line commented
-# out unless you are ethernet bridging.
-;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
-
-# Configure server mode for ethernet bridging
-# using a DHCP-proxy, where clients talk
-# to the OpenVPN server-side DHCP server
-# to receive their IP address allocation
-# and DNS server addresses. You must first use
-# your OS's bridging capability to bridge the TAP
-# interface with the ethernet NIC interface.
-# Note: this mode only works on clients (such as
-# Windows), where the client-side TAP adapter is
-# bound to a DHCP client.
-;server-bridge
-
-# Push routes to the client to allow it
-# to reach other private subnets behind
-# the server. Remember that these
-# private subnets will also need
-# to know to route the OpenVPN client
-# address pool (10.8.0.0/255.255.255.0)
-# back to the OpenVPN server.
-;push "route 192.168.10.0 255.255.255.0"
-;push "route 192.168.20.0 255.255.255.0"
-push "route 10.228.0.0 255.255.0.0"
-push "route 192.168.42.0 255.255.255.0"
-push "route 192.168.43.0 255.255.255.0"
-
-# To assign specific IP addresses to specific
-# clients or if a connecting client has a private
-# subnet behind it that should also have VPN access,
-# use the subdirectory "ccd" for client-specific
-# configuration files (see man page for more info).
-client-config-dir /etc/openvpn/ccd
-route 10.162.104.0 255.255.255.0
-
-# EXAMPLE: Suppose the client
-# having the certificate common name "Thelonious"
-# also has a small subnet behind his connecting
-# machine, such as 192.168.40.128/255.255.255.248.
-# First, uncomment out these lines:
-;client-config-dir ccd
-;route 192.168.40.128 255.255.255.248
-# Then create a file ccd/Thelonious with this line:
-# iroute 192.168.40.128 255.255.255.248
-# This will allow Thelonious' private subnet to
-# access the VPN. This example will only work
-# if you are routing, not bridging, i.e. you are
-# using "dev tun" and "server" directives.
-
-# EXAMPLE: Suppose you want to give
-# Thelonious a fixed VPN IP address of 10.9.0.1.
-# First uncomment out these lines:
-;client-config-dir ccd
-;route 10.9.0.0 255.255.255.252
-# Then add this line to ccd/Thelonious:
-# ifconfig-push 10.9.0.1 10.9.0.2
-
-# Suppose that you want to enable different
-# firewall access policies for different groups
-# of clients. There are two methods:
-# (1) Run multiple OpenVPN daemons, one for each
-# group, and firewall the TUN/TAP interface
-# for each group/daemon appropriately.
-# (2) (Advanced) Create a script to dynamically
-# modify the firewall in response to access
-# from different clients. See man
-# page for more info on learn-address script.
-;learn-address ./script
-
-# If enabled, this directive will configure
-# all clients to redirect their default
-# network gateway through the VPN, causing
-# all IP traffic such as web browsing and
-# and DNS lookups to go through the VPN
-# (The OpenVPN server machine may need to NAT
-# or bridge the TUN/TAP interface to the internet
-# in order for this to work properly).
-;push "redirect-gateway def1 bypass-dhcp"
-
-# Certain Windows-specific network settings
-# can be pushed to clients, such as DNS
-# or WINS server addresses. CAVEAT:
-# http://openvpn.net/faq.html#dhcpcaveats
-# The addresses below refer to the public
-# DNS servers provided by opendns.com.
-;push "dhcp-option DNS 208.67.222.222"
-;push "dhcp-option DNS 208.67.220.220"
-push "dhcp-option DNS 10.228.109.159"
-push "dhcp-option DNS 10.228.92.159"
-
-# Uncomment this directive to allow different
-# clients to be able to "see" each other.
-# By default, clients will only see the server.
-# To force clients to only see the server, you
-# will also need to appropriately firewall the
-# server's TUN/TAP interface.
-;client-to-client
-
-# Uncomment this directive if multiple clients
-# might connect with the same certificate/key
-# files or common names. This is recommended
-# only for testing purposes. For production use,
-# each client should have its own certificate/key
-# pair.
-#
-# IF YOU HAVE NOT GENERATED INDIVIDUAL
-# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
-# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
-# UNCOMMENT THIS LINE OUT.
-;duplicate-cn
-
-# The keepalive directive causes ping-like
-# messages to be sent back and forth over
-# the link so that each side knows when
-# the other side has gone down.
-# Ping every 10 seconds, assume that remote
-# peer is down if no ping received during
-# a 120 second time period.
-keepalive 10 120
-
-# For extra security beyond that provided
-# by SSL/TLS, create an "HMAC firewall"
-# to help block DoS attacks and UDP port flooding.
-#
-# Generate with:
-# openvpn --genkey tls-auth ta.key
-#
-# The server and each client must have
-# a copy of this key.
-# The second parameter should be '0'
-# on the server and '1' on the clients.
-tls-auth easy-rsa/pki/ta.key 0 # This file is secret
-
-# Select a cryptographic cipher.
-# This config item must be copied to
-# the client config file as well.
-# Note that v2.4 client/server will automatically
-# negotiate AES-256-GCM in TLS mode.
-# See also the ncp-cipher option in the manpage
-cipher AES-256-CBC
-
-# Enable compression on the VPN link and push the
-# option to the client (v2.4+ only, for earlier
-# versions see below)
-;compress lz4-v2
-;push "compress lz4-v2"
-
-# For compression compatible with older clients use comp-lzo
-# If you enable it here, you must also
-# enable it in the client config file.
-;comp-lzo
-
-# The maximum number of concurrently connected
-# clients we want to allow.
-;max-clients 100
-
-# It's a good idea to reduce the OpenVPN
-# daemon's privileges after initialization.
-#
-# You can uncomment this out on
-# non-Windows systems.
-user nobody
-group nobody
-
-# The persist options will try to avoid
-# accessing certain resources on restart
-# that may no longer be accessible because
-# of the privilege downgrade.
-persist-key
-persist-tun
-
-# Output a short status file showing
-# current connections, truncated
-# and rewritten every minute.
-status openvpn-status.log
-
-# By default, log messages will go to the syslog (or
-# on Windows, if running as a service, they will go to
-# the "\Program Files\OpenVPN\log" directory).
-# Use log or log-append to override this default.
-# "log" will truncate the log file on OpenVPN startup,
-# while "log-append" will append to it. Use one
-# or the other (but not both).
-;log openvpn.log
-;log-append openvpn.log
-
-# Set the appropriate level of log
-# file verbosity.
-#
-# 0 is silent, except for fatal errors
-# 4 is reasonable for general usage
-# 5 and 6 can help to debug connection problems
-# 9 is extremely verbose
-verb 3
-
-# Silence repeating messages. At most 20
-# sequential messages of the same message
-# category will be output to the log.
-;mute 20
-
-# Notify the client that when the server restarts so it
-# can automatically reconnect.
-explicit-exit-notify 1
+++ /dev/null
-#!/bin/sh
-
-
-REAL_PATH=$(realpath $(dirname $0))
-ERSA_PATH=/etc/openvpn/server/easy-rsa
-ERSA_VERSION=$(rpm --query --queryformat "%{VERSION}\n" easy-rsa)
-PKI_PATH=$ERSA_PATH/pki
-
-
-if [ ! -d $PKI_PATH ]
-then
- if [ -d $ERSA_PATH ]
- then
- mv $ERSA_PATH ${ERSA_PATH}.orig
- fi
- mkdir $ERSA_PATH
- cp -a /usr/share/doc/easy-rsa/vars.example $ERSA_PATH/vars
- cp -a /usr/share/easy-rsa/$ERSA_VERSION/easyrsa $ERSA_PATH
- cp -a /usr/share/easy-rsa/$ERSA_VERSION/openssl-easyrsa.cnf $ERSA_PATH
- cp -a /usr/share/easy-rsa/$ERSA_VERSION/x509-types $ERSA_PATH
- cd $ERSA_PATH
- echo "Edit (review only) $ERSA_PATH/openssl-easyrsa.cnf"
- read
- vi $ERSA_PATH/openssl-easyrsa.cnf
- echo "Edit (set EASYRSA_ALGO to ec) $ERSA_PATH/vars"
- echo "Optionally set EASYRSA_CURVE to one of \$(openssl ecparam -list_curves)"
- read
- vi $ERSA_PATH/vars
-
- echo "Run ./easyrsa init-pki"
- read
- ./easyrsa init-pki
- echo "Run ./easyrsa build-ca nopass"
- read
- ./easyrsa build-ca nopass
- echo "Run ./easyrsa gen-crl"
- read
- ./easyrsa gen-crl
- cp -a $PKI_PATH/crl.pem /etc/openvpn
- chmod 644 /etc/openvpn/crl.pem
- echo "Run ./easyrsa gen-req server nopass"
- read
- ./easyrsa gen-req server nopass
- echo "Run ./easyrsa sign-req server server"
- read
- ./easyrsa sign-req server server
- echo "Run ./easyrsa gen-dh"
- read
- ./easyrsa gen-dh
- echo "Run openvpn --genkey tls-auth pki/ta.key"
- read
- openvpn --genkey tls-auth pki/ta.key
- echo "Check server.conf"
- read
- echo "Run ./20_getuids.sh"
- echo "Run ./30_create_client.sh for each client"
-fi
+++ /dev/null
-#!/bin/sh
-
-
-REAL_PATH=$(realpath $(dirname $0))
-
-
->$REAL_PATH/SEED.txt
->$REAL_PATH/UIDS.txt
-grep '^[a-z]' $REAL_PATH/NAMES.txt | while read LOGIN_NAME
-do
- LOGIN_MD5SUM=$(echo $LOGIN_NAME | md5sum | awk '{print $1}')
- UID_POSITION=30
- UID_IS_UNIQUE=0
- while [ $UID_IS_UNIQUE -eq 0 ]
- do
- LOGIN_UID=$(echo $LOGIN_MD5SUM | cut -c ${UID_POSITION}- | cut -c 1-3)
- grep $LOGIN_UID $REAL_PATH/SEED.txt >/dev/null 2>&1
- if [ $? -eq 1 ]
- then
- INT_UID=$(python -c "print(10000 + int('$LOGIN_UID', 16))")
- HEX_UID=$(python -c "print(hex($INT_UID))")
- echo $LOGIN_NAME $LOGIN_MD5SUM $LOGIN_UID $INT_UID $HEX_UID
- echo $LOGIN_UID >>$REAL_PATH/SEED.txt
- echo $LOGIN_NAME $INT_UID $HEX_UID >>$REAL_PATH/UIDS.txt
- UID_IS_UNIQUE=1
- else
- UID_POSITION=$(( $UID_POSITION - 1 ))
- if [ $UID_POSITION -eq 0 ]
- then
- echo "Cannot generate unique uid for $LOGIN_NAME" >&2
- exit 1
- fi
- fi
- done
-done
+++ /dev/null
-#!/bin/sh
-
-
-REAL_PATH=$(realpath $(dirname $0))
-OVPN_PATH=/etc/openvpn
-ERSA_PATH=$OVPN_PATH/server/easy-rsa
-PKI_PATH=$ERSA_PATH/pki
-CCFG_PATH=$OVPN_PATH/client-config
-
-
-if [ -z "$1" ]
-then
- echo "Usage: $(basename $0) clientname"
-fi
-
-NAME=$1
-LINE=$(grep "^$NAME " UIDS.txt)
-if [ -z "$LINE" ]
-then
- echo "$NAME not found." >&2
- exit 1
-fi
-
-SERIAL=$(echo $LINE | awk '{print $3}' | cut -c 3-6)
-
-if [ -f $CCFG_PATH/${NAME}.conf ]
-then
- echo "Configuration for $NAME already exists."
-else
- echo "Generating configuration for ${NAME}."
- cd $ERSA_PATH
- echo $SERIAL >${PKI_PATH}/serial
- ./easyrsa gen-req $NAME nopass
- ./easyrsa sign-req client $NAME
- cp -a $CCFG_PATH/client.conf.template $CCFG_PATH/${NAME}.conf
- echo >>$CCFG_PATH/${NAME}.conf
- echo '<ca>' >>$CCFG_PATH/${NAME}.conf
- cat $PKI_PATH/ca.crt >>$CCFG_PATH/${NAME}.conf
- echo '</ca>' >>$CCFG_PATH/${NAME}.conf
- echo >>$CCFG_PATH/${NAME}.conf
- echo '<cert>' >>$CCFG_PATH/${NAME}.conf
- cat $PKI_PATH/issued/${NAME}.crt >>$CCFG_PATH/${NAME}.conf
- echo '</cert>' >>$CCFG_PATH/${NAME}.conf
- echo >>$CCFG_PATH/${NAME}.conf
- echo '<key>' >>$CCFG_PATH/${NAME}.conf
- cat $PKI_PATH/private/${NAME}.key >>$CCFG_PATH/${NAME}.conf
- echo '</key>' >>$CCFG_PATH/${NAME}.conf
- echo >>$CCFG_PATH/${NAME}.conf
- echo '<tls-auth>' >>$CCFG_PATH/${NAME}.conf
- cat $PKI_PATH/ta.key >>$CCFG_PATH/${NAME}.conf
- echo '</tls-auth>' >>$CCFG_PATH/${NAME}.conf
-fi
+++ /dev/null
-#!/bin/sh
-
-
-cat UIDS.txt | while read LINE
-do
- NAME=$(echo $LINE | awk '{print $1}')
- ./30_create_client.sh $NAME
-done
+++ /dev/null
-#!/bin/sh
-
-
-REAL_PATH=$(dirname $(realpath $0))
-
-echo rm -Rf $REAL_PATH
+++ /dev/null
-# Regular users
-akosztolanyi
-csgulyas
-cslevai
-dhorvath
-dvasary
-fritter
-fschnell
-khorvath
-kkancz
-kvajda
-mszabo
-osweidan
-pbognar
-rrendek
-zfelleg
-
-# zfelleg's home network
-qqcs
+++ /dev/null
-login name -> uid: 10000+last 3 digits of md5sum(login name)
- in case of collision: shift the 3 digits
--- /dev/null
+[Interface]
+Address = 172.24.232.10/24
+PrivateKey = aIsQc1k9KMElBSr3Jy9V0f7U9wIGrf8Hpx9GQntRD3s=
+DNS = 10.228.109.159, 10.228.92.159, in.useribm.hu
+
+[Peer]
+PublicKey = uSwGsVY6WrmP6nyPw7kN3airj7ARutQKv6+aDPgPpSo=
+AllowedIPs = 172.24.232.1/32, 10.228.0.0/16, 192.168.42.0/24, 192.168.43.0/24
+Endpoint = vpn.useribm.hu:51820
+PersistentKeepalive = 25
--- /dev/null
+[Interface]
+Address = 172.24.232.20/24
+PrivateKey = wMhSuxvfpr6xbuJ7r7nDrJgYBs1RRml2nHpj3MGInmM=
+DNS = 10.228.109.159, 10.228.92.159, in.useribm.hu
+
+[Peer]
+PublicKey = uSwGsVY6WrmP6nyPw7kN3airj7ARutQKv6+aDPgPpSo=
+AllowedIPs = 172.24.232.1/32, 10.228.0.0/16, 192.168.42.0/24, 192.168.43.0/24
+Endpoint = vpn.useribm.hu:51820
+PersistentKeepalive = 25
--- /dev/null
+[Interface]
+Address = 172.24.232.30/24
+PrivateKey = 8Jo4es21bfGX4Vu53nhoWypwLZwGAfLOMdSL4sU0nHs=
+DNS = 10.228.109.159, 10.228.92.159, in.useribm.hu
+
+[Peer]
+PublicKey = uSwGsVY6WrmP6nyPw7kN3airj7ARutQKv6+aDPgPpSo=
+AllowedIPs = 172.24.232.1/32, 10.228.0.0/16, 192.168.42.0/24, 192.168.43.0/24
+Endpoint = vpn.useribm.hu:51820
+PersistentKeepalive = 25
--- /dev/null
+[Interface]
+Address = 172.24.232.40/24
+PrivateKey = uOXNQihjnDuC2BazdvJ05uhnH0QIjfcBCfX7Z6X4Cks=
+DNS = 10.228.109.159, 10.228.92.159, in.useribm.hu
+
+[Peer]
+PublicKey = uSwGsVY6WrmP6nyPw7kN3airj7ARutQKv6+aDPgPpSo=
+AllowedIPs = 172.24.232.1/32, 10.228.0.0/16, 192.168.42.0/24, 192.168.43.0/24
+Endpoint = vpn.useribm.hu:51820
+PersistentKeepalive = 25
--- /dev/null
+[Interface]
+Address = 172.24.232.200/24
+PrivateKey = 2I78sPM3r2GY2Al1nTR8dhGFCc0CLRljB6KxPKVoUH8=
+DNS = 10.228.109.159, 10.228.92.159, in.useribm.hu
+
+[Peer]
+PublicKey = uSwGsVY6WrmP6nyPw7kN3airj7ARutQKv6+aDPgPpSo=
+AllowedIPs = 172.24.232.1/32, 10.228.0.0/16, 192.168.42.0/24, 192.168.43.0/24
+Endpoint = vpn.useribm.hu:51820
+PersistentKeepalive = 25
--- /dev/null
+[Interface]
+Address = 172.24.232.50/24
+PrivateKey = KGsa8Jwk5hszFnePCx6HZaxJUBe7NvikHKj3c6rJLX0=
+DNS = 10.228.109.159, 10.228.92.159, in.useribm.hu
+
+[Peer]
+PublicKey = uSwGsVY6WrmP6nyPw7kN3airj7ARutQKv6+aDPgPpSo=
+AllowedIPs = 172.24.232.1/32, 10.228.0.0/16, 192.168.42.0/24, 192.168.43.0/24
+Endpoint = vpn.useribm.hu:51820
+PersistentKeepalive = 25
--- /dev/null
+[Interface]
+Address = 172.24.232.60/24
+PrivateKey = IBo0IrvkJt3AQRPldXqjJxtYYqeu090ilRPK9zDm31I=
+DNS = 10.228.109.159, 10.228.92.159, in.useribm.hu
+
+[Peer]
+PublicKey = uSwGsVY6WrmP6nyPw7kN3airj7ARutQKv6+aDPgPpSo=
+AllowedIPs = 172.24.232.1/32, 10.228.0.0/16, 192.168.42.0/24, 192.168.43.0/24
+Endpoint = vpn.useribm.hu:51820
+PersistentKeepalive = 25
--- /dev/null
+uswgs
+private: gMMrtKBqMnLFPmQZwtf7tOxghylOAto0BVSJ4FiqJ1Y= public: uSwGsVY6WrmP6nyPw7kN3airj7ARutQKv6+aDPgPpSo=
+
+akos
+private: aIsQc1k9KMElBSr3Jy9V0f7U9wIGrf8Hpx9GQntRD3s= public: AKoS0kccfwrAcqCIXyUduirX2U3xmg66Wxo0Ls2EgDQ=
+csgu
+private: wMhSuxvfpr6xbuJ7r7nDrJgYBs1RRml2nHpj3MGInmM= public: CSgU7TPb8r8Xq4ZZEZsYAbrO2IW1bfbpnKxFdEfDpis=
+csle
+private: 8Jo4es21bfGX4Vu53nhoWypwLZwGAfLOMdSL4sU0nHs= public: cSle6izzNoxT66GtBy7mxRmWaQwh9fnQZERqrICeWS0=
+dhor
+private: OAN0PpD2GjLMFb0u2Xgt83vM3bNAzIt9qqQAMRQubks= public: DHoR9ur06i1Zec1UKqZinIQF4X2Rte7RkrDODV0Heis=
+dvas
+private: uOXNQihjnDuC2BazdvJ05uhnH0QIjfcBCfX7Z6X4Cks= public: DvAs21fJlOzoa8mrRcViOLlcPxBiGZ4ibe1dco2D314=
+frit
+private: KGsa8Jwk5hszFnePCx6HZaxJUBe7NvikHKj3c6rJLX0= public: FRit2Hd6MyCPNnqfC6qUOa1BvnElTizOjxoiVgQ6EBE=
+fsch
+private: IBo0IrvkJt3AQRPldXqjJxtYYqeu090ilRPK9zDm31I= public: FSch2HGdZzioig8JZNywcO6PaPGfPj4tPYmdByW2p0I=
+khor
+private: IHXU8oFCPwhtUUhmz1toqstwcjIAS5u4RPKHGcpzwWE= public: KHor1QtnBLR19RKmGqETZkIo0T5EqW7BWHbpAT1SABA=
+kkel
+private: ELjl7ofEnJr6fO0J3o1qhHPih0zLX64KdSOLkBDFtUs= public: kkelfQGdWhlh9wRM2Q97Ewu7ZTmpVYFjO1QVH3098AQ=
+kvaj
+private: qHGUleQuRVehHIFjQLYXsPsmPYdpRwk3GgZSp4y79kM= public: KvAjD9BtnfsSmUZbwCRpVCOvlitCh7aDTGqi0DiBryE=
+msza
+private: QKGvTS2n5xeCix2k0oWQDD1a1tad9dkBjzNUJPmdnHo= public: mSzafcgJP3OIELE9G8WA6SXuov1vXZQQ6JY6YikLSxs=
+pbog
+private: 8ELSGqz2vJE1VqarbMH93hWdA0h0AUFeHbmkmGbfdmc= public: PBogNmIZRlQtCw5qKZOEBJgxSt1OW1AfI63JIxokj0I=
+qqcs
+private: 0H4p39sOkAuwWxdgvFyVBIERcmssEXXwu6CcTE09C0g= public: QqcS3jXx59JEnUN6zAVoIohTjwTIrooG9oLbTSGeZw4=
+rren
+private: eCbEDPYftaWMkLckuyJ42p98nbBKZYUE7pSrnSr23U8= public: RREn1qpFSn9k2cShfoFAeT41zr2MtXdn6zjCFqNr5Hc=
+zfel
+private: 8HJqCBGQgEjTIiQsKxWF4DpLDgwz9JV7v2wCy1vi42M= public: ZfelGpsm1h4ROf5h9WVyAykkKdUKn8sXMAitQWCN2yw=
+
+flex
+private: 2I78sPM3r2GY2Al1nTR8dhGFCc0CLRljB6KxPKVoUH8= public: fLeXEE4gpmAKgVUzJ14tdMH0Hm146syDwbBdXgwWdTo=
--- /dev/null
+[Interface]
+Address = 172.24.232.70/24
+PrivateKey = IHXU8oFCPwhtUUhmz1toqstwcjIAS5u4RPKHGcpzwWE=
+DNS = 10.228.109.159, 10.228.92.159, in.useribm.hu
+
+[Peer]
+PublicKey = uSwGsVY6WrmP6nyPw7kN3airj7ARutQKv6+aDPgPpSo=
+AllowedIPs = 172.24.232.1/32, 10.228.0.0/16, 192.168.42.0/24, 192.168.43.0/24
+Endpoint = vpn.useribm.hu:51820
+PersistentKeepalive = 25
--- /dev/null
+[Interface]
+Address = 172.24.232.80/24
+PrivateKey = ELjl7ofEnJr6fO0J3o1qhHPih0zLX64KdSOLkBDFtUs=
+DNS = 10.228.109.159, 10.228.92.159, in.useribm.hu
+
+[Peer]
+PublicKey = uSwGsVY6WrmP6nyPw7kN3airj7ARutQKv6+aDPgPpSo=
+AllowedIPs = 172.24.232.1/32, 10.228.0.0/16, 192.168.42.0/24, 192.168.43.0/24
+Endpoint = vpn.useribm.hu:51820
+PersistentKeepalive = 25
--- /dev/null
+[Interface]
+Address = 172.24.232.90/24
+PrivateKey = qHGUleQuRVehHIFjQLYXsPsmPYdpRwk3GgZSp4y79kM=
+DNS = 10.228.109.159, 10.228.92.159, in.useribm.hu
+
+[Peer]
+PublicKey = uSwGsVY6WrmP6nyPw7kN3airj7ARutQKv6+aDPgPpSo=
+AllowedIPs = 172.24.232.1/32, 10.228.0.0/16, 192.168.42.0/24, 192.168.43.0/24
+Endpoint = vpn.useribm.hu:51820
+PersistentKeepalive = 25
--- /dev/null
+[Interface]
+Address = 172.24.232.100/24
+PrivateKey = QKGvTS2n5xeCix2k0oWQDD1a1tad9dkBjzNUJPmdnHo=
+DNS = 10.228.109.159, 10.228.92.159, in.useribm.hu
+
+[Peer]
+PublicKey = uSwGsVY6WrmP6nyPw7kN3airj7ARutQKv6+aDPgPpSo=
+AllowedIPs = 172.24.232.1/32, 10.228.0.0/16, 192.168.42.0/24, 192.168.43.0/24
+Endpoint = vpn.useribm.hu:51820
+PersistentKeepalive = 25
--- /dev/null
+[Interface]
+Address = 172.24.232.110/24
+PrivateKey = 8ELSGqz2vJE1VqarbMH93hWdA0h0AUFeHbmkmGbfdmc=
+DNS = 10.228.109.159, 10.228.92.159, in.useribm.hu
+
+[Peer]
+PublicKey = uSwGsVY6WrmP6nyPw7kN3airj7ARutQKv6+aDPgPpSo=
+AllowedIPs = 172.24.232.1/32, 10.228.0.0/16, 192.168.42.0/24, 192.168.43.0/24
+Endpoint = vpn.useribm.hu:51820
+PersistentKeepalive = 25
--- /dev/null
+[Interface]
+Address = 172.24.232.135/24
+PrivateKey = 0H4p39sOkAuwWxdgvFyVBIERcmssEXXwu6CcTE09C0g=
+DNS = 10.228.109.159, 10.228.92.159, in.useribm.hu
+
+[Peer]
+PublicKey = uSwGsVY6WrmP6nyPw7kN3airj7ARutQKv6+aDPgPpSo=
+AllowedIPs = 172.24.232.1/32, 10.228.0.0/16, 192.168.42.0/24, 192.168.43.0/24
+Endpoint = vpn.useribm.hu:51820
+PersistentKeepalive = 25
--- /dev/null
+[Interface]
+Address = 172.24.232.120/24
+PrivateKey = eCbEDPYftaWMkLckuyJ42p98nbBKZYUE7pSrnSr23U8=
+DNS = 10.228.109.159, 10.228.92.159, in.useribm.hu
+
+[Peer]
+PublicKey = uSwGsVY6WrmP6nyPw7kN3airj7ARutQKv6+aDPgPpSo=
+AllowedIPs = 172.24.232.1/32, 10.228.0.0/16, 192.168.42.0/24, 192.168.43.0/24
+Endpoint = vpn.useribm.hu:51820
+PersistentKeepalive = 25
--- /dev/null
+[Interface]
+Address = 172.24.232.130/24
+PrivateKey = 8HJqCBGQgEjTIiQsKxWF4DpLDgwz9JV7v2wCy1vi42M=
+DNS = 10.228.109.159, 10.228.92.159, in.useribm.hu
+
+[Peer]
+PublicKey = uSwGsVY6WrmP6nyPw7kN3airj7ARutQKv6+aDPgPpSo=
+AllowedIPs = 172.24.232.1/32, 10.228.0.0/16, 192.168.42.0/24, 192.168.43.0/24
+Endpoint = vpn.useribm.hu:51820
+PersistentKeepalive = 25
--- /dev/null
+[Interface]
+Address = 172.24.232.1/24
+PrivateKey = gMMrtKBqMnLFPmQZwtf7tOxghylOAto0BVSJ4FiqJ1Y=
+ListenPort = 51820
+
+[Peer]
+# akosztolanyi
+PublicKey = AKoS0kccfwrAcqCIXyUduirX2U3xmg66Wxo0Ls2EgDQ=
+AllowedIPs = 172.24.232.10/32
+
+[Peer]
+# csgulyas
+PublicKey = CSgU7TPb8r8Xq4ZZEZsYAbrO2IW1bfbpnKxFdEfDpis=
+AllowedIPs = 172.24.232.20/32
+
+[Peer]
+# cslevai
+PublicKey = cSle6izzNoxT66GtBy7mxRmWaQwh9fnQZERqrICeWS0=
+AllowedIPs = 172.24.232.30/32
+
+[Peer]
+# dvasary
+PublicKey = DvAs21fJlOzoa8mrRcViOLlcPxBiGZ4ibe1dco2D314=
+AllowedIPs = 172.24.232.40/32
+
+[Peer]
+# fritter
+PublicKey = FRit2Hd6MyCPNnqfC6qUOa1BvnElTizOjxoiVgQ6EBE=
+AllowedIPs = 172.24.232.50/32
+
+[Peer]
+# fschnell
+PublicKey = FSch2HGdZzioig8JZNywcO6PaPGfPj4tPYmdByW2p0I=
+AllowedIPs = 172.24.232.60/32
+
+[Peer]
+# khorvath
+PublicKey = KHor1QtnBLR19RKmGqETZkIo0T5EqW7BWHbpAT1SABA=
+AllowedIPs = 172.24.232.70/32
+
+[Peer]
+# kkele
+PublicKey = kkelfQGdWhlh9wRM2Q97Ewu7ZTmpVYFjO1QVH3098AQ=
+AllowedIPs = 172.24.232.80/32
+
+[Peer]
+# kvajda
+PublicKey = KvAjD9BtnfsSmUZbwCRpVCOvlitCh7aDTGqi0DiBryE=
+AllowedIPs = 172.24.232.90/32
+
+[Peer]
+# mszabo
+PublicKey = mSzafcgJP3OIELE9G8WA6SXuov1vXZQQ6JY6YikLSxs=
+AllowedIPs = 172.24.232.100/32
+
+[Peer]
+# pbognar
+PublicKey = PBogNmIZRlQtCw5qKZOEBJgxSt1OW1AfI63JIxokj0I=
+AllowedIPs = 172.24.232.110/32
+
+[Peer]
+# rrendek
+PublicKey = RREn1qpFSn9k2cShfoFAeT41zr2MtXdn6zjCFqNr5Hc=
+AllowedIPs = 172.24.232.120/32
+
+[Peer]
+# zfelleg
+PublicKey = ZfelGpsm1h4ROf5h9WVyAykkKdUKn8sXMAitQWCN2yw=
+AllowedIPs = 172.24.232.130/32
+
+[Peer]
+# qqcs
+PublicKey = QqcS3jXx59JEnUN6zAVoIohTjwTIrooG9oLbTSGeZw4=
+AllowedIPs = 172.24.232.135/32, 10.162.0.0/16
+
+[Peer]
+# flex
+PublicKey = fLeXEE4gpmAKgVUzJ14tdMH0Hm146syDwbBdXgwWdTo=
+AllowedIPs = 172.24.232.200/32
https://git.useribm.hu / user-lxc.git / commitdiff