--- /dev/null
+lxc.include = /usr/share/lxc/config/common.conf
+
+lxc.arch = x86_64
+lxc.uts.name = vpn.usr.user.hu
+lxc.rootfs.path = __CONTAINER_PATH__/rootfs
+lxc.mount.auto = proc:rw sys:ro
+
+lxc.net.0.type = phys
+lxc.net.0.flags = up
+lxc.net.0.link = vpn
+
+lxc.autodev = 1
+lxc.hook.autodev = __CONTAINER_PATH__/hooks/autodev
+
+lxc.cgroup.devices.allow = c 10:200 rwm
+
+lxc.signal.halt = SIGRTMIN+4
+
+lxc.start.auto = 1
+lxc.start.order = 12
+lxc.start.delay = 10
--- /dev/null
+#BASE_PACKAGES="NetworkManager initscripts openssh-server openssh-clients openssh-ldap rootfiles rsyslog sudo tar vim-minimal"
+#SPEC_PACKAGES="authselect easy-rsa openvpn nss-pam-ldapd pam_ssh passwd python"
+BASE_PACKAGES="NetworkManager initscripts rootfiles rsyslog tar"
+SPEC_PACKAGES="easy-rsa openvpn"
--- /dev/null
+#!/bin/sh
+
+
+sleep 1
+systemctl --quiet is-active NetworkManager.service
+NM_RC=$?
+WAITED=0
+while [ $NM_RC -ne 0 ]
+do
+ echo -n .
+ sleep 1
+ WAITED=1
+ systemctl --quiet is-active NetworkManager.service
+ NM_RC=$?
+done
+[ $WAITED -ne 0 ] && echo
+
+CONNECTIONS=$(nmcli connection show | grep -v '^NAME' | wc -l)
+if [ $CONNECTIONS -ne 1 ]
+then
+ echo "Number of connections: $CONNECTIONS" >&2
+ exit 1
+fi
+
+CONNECTION_LINE=$(nmcli connection show | grep -v '^NAME')
+CONNECTION_TOKENS=$(echo $CONNECTION_LINE | wc -w)
+#CONNECTION_NAME_POS=$(( $CONNECTION_TOKENS - 3 ))
+CONNECTION_UUID_POS=$(( $CONNECTION_TOKENS - 2 ))
+#CONNECTION_TYPE_POS=$(( $CONNECTION_TOKENS - 1 ))
+CONNECTION_DEVICE_POS=$CONNECTION_TOKENS
+#CONNECTION_NAME=$(echo $CONNECTION_LINE \
+# | cut -f -$CONNECTION_NAME_POS -d ' ')
+CONNECTION_UUID=$(echo $CONNECTION_LINE \
+ | cut -f $CONNECTION_UUID_POS -d ' ')
+#CONNECTION_TYPE=$(echo $CONNECTION_LINE \
+# | cut -f $CONNECTION_TYPE_POS -d ' ')
+CONNECTION_DEVICE=$(echo $CONNECTION_LINE \
+ | cut -f $CONNECTION_DEVICE_POS -d ' ')
+
+nmcli connection delete uuid "$CONNECTION_UUID"
+
+nmcli connection add \
+ type 802-3-ethernet \
+ ifname $CONNECTION_DEVICE \
+ con-name internal \
+ autoconnect yes \
+ save yes \
+ ipv4.addresses "10.228.109.236/16" \
+ ipv4.dns "10.228.109.104, 10.228.109.253" \
+ ipv4.dns-search "usr.user.hu" \
+ ipv4.gateway "10.228.109.254" \
+ ipv4.method "manual" \
+ ipv6.method "ignore"
+nmcli connection show
--- /dev/null
+#!/bin/sh
+
+
+sleep 1
+systemctl --quiet is-active dbus.service
+DBUS_RC=$?
+WAITED=0
+while [ $DBUS_RC -ne 0 ]
+do
+ if [ $WAITED -eq 0 ]
+ then
+ echo -n "Waiting for dbus.service"
+ fi
+ echo -n .
+ sleep 1
+ WAITED=1
+ systemctl --quiet is-active dbus.service
+ DBUS_RC=$?
+done
+[ $WAITED -ne 0 ] && echo
+timedatectl set-timezone Europe/Budapest
--- /dev/null
+#!/bin/sh
+
+
+REAL_PATH=$(dirname $(realpath $0))
+
+echo "OpenVPN setup scripts can be found in /etc/openvpn/setupscripts"
--- /dev/null
+#!/bin/sh
+
+
+REAL_PATH=$(dirname $(realpath $0))
+
+echo rm -Rf $REAL_PATH
--- /dev/null
+#!/bin/bash
+
+cd $LXC_ROOTFS_MOUNT/dev
+mkdir net
+mknod net/tun c 10 200
+chmod 0666 net/tun
--- /dev/null
+#!/bin/sh
+
+
+REAL_PATH=$(dirname $(realpath $0))
+SOURCE_PATH=$REAL_PATH/install
+
+chown -R root.root $SOURCE_PATH/*
--- /dev/null
+#!/bin/sh
+
+
+REAL_PATH=$(dirname $(realpath $0))
+SOURCE_PATH=$REAL_PATH/install
--- /dev/null
+#!/bin/sh
+
+
+REAL_PATH=$(dirname $(realpath $0))
+
+tar --create \
+ --directory=$REAL_PATH \
+ --to-stdout \
+ install \
+ | tar --extract \
+ --backup \
+ --directory=/ \
+ --no-overwrite-dir \
+ --strip-components=1 \
+ --suffix=.orig
--- /dev/null
+#!/bin/sh
+
+
+systemctl enable openvpn-server@server.service
+systemctl enable NetworkManager-wait-online.service
+
+systemctl mask wpa_supplicant.service
--- /dev/null
+#!/bin/sh
+
+
+REAL_PATH=$(dirname $(realpath $0))
+
+echo rm -Rf $REAL_PATH
--- /dev/null
+127.0.0.1 localhost.localdomain localhost localhost4.localdomain4 localhost4
+::1 localhost6.localdomain6 localhost6
+
+10.228.109.236 vpn.usr.user.hu vpn
--- /dev/null
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server. #
+# #
+# This configuration can be used by multiple #
+# clients, however each client should have #
+# its own cert and key files. #
+# #
+# On Windows, you might want to rename this #
+# file so it has a .ovpn extension #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel
+# if you have more than one. On XP SP2,
+# you may need to disable the firewall
+# for the TAP adapter.
+;dev-node MyTap
+
+# Are we connecting to a TCP or
+# UDP server? Use the same setting as
+# on the server.
+;proto tcp
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote vpn.userrendszerhaz.hu 1194
+
+# Choose a random host from the remote
+# list for load-balancing. Otherwise
+# try hosts in the order specified.
+;remote-random
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server. Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Downgrade privileges after initialization (non-Windows only)
+user nobody
+group nobody
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# If you are connecting through an
+# HTTP proxy to reach the actual OpenVPN
+# server, put the proxy server/IP and
+# port number here. See the man page
+# if your proxy server requires
+# authentication.
+;http-proxy-retry # retry on connection failures
+;http-proxy [proxy server] [proxy port #]
+
+# Wireless networks often produce a lot
+# of duplicate packets. Set this flag
+# to silence duplicate packet warnings.
+;mute-replay-warnings
+
+# SSL/TLS parms.
+# See the server config file for more
+# description. It's best to use
+# a separate .crt/.key file pair
+# for each client. A single ca
+# file can be used for all clients.
+;ca ca.crt
+;cert client.crt
+;key client.key
+
+# Verify server certificate by checking that the
+# certicate has the correct key usage set.
+# This is an important precaution to protect against
+# a potential attack discussed here:
+# http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the keyUsage set to
+# digitalSignature, keyEncipherment
+# and the extendedKeyUsage to
+# serverAuth
+# EasyRSA can do this for you.
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+;tls-auth ta.key 1
+key-direction 1
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+# Note that v2.4 client/server will automatically
+# negotiate AES-256-GCM in TLS mode.
+# See also the ncp-cipher option in the manpage
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+#comp-lzo
+
+# Set log file verbosity.
+verb 3
+
+# Silence repeating messages
+;mute 20
+
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIB4zCCAWmgAwIBAgIJANzVB7ZWgM/zMAoGCCqGSM49BAMCMBUxEzARBgNVBAMM
+Ck9wZW5WUE4gQ0EwHhcNMTcxMDE5MDkyNjQ5WhcNMjcxMDE3MDkyNjQ5WjAVMRMw
+EQYDVQQDDApPcGVuVlBOIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZlRYMkM/
+C1BWwdhulSHhjowAkCXaAN8OUprngryT/qA/0Am+LYQmWdwNdef4ElhSTW4xaKQZ
+q4d36p1ygnf3lEKRQSkg2u/5mrTCBw1DEZOgg8CS1z4wTlttYqlido0Jo4GEMIGB
+MB0GA1UdDgQWBBQ0+FxfsE+24u9DitmrWHTQVshLzzBFBgNVHSMEPjA8gBQ0+Fxf
+sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV
+B7ZWgM/zMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA2gA
+MGUCMQCzheSmsBg4AbeGKqnuJ9P/uvgQOZcsgxls63EDhpirHcL/eJFGwpF2xj1p
+9AnWZfwCMGO/71WFApKPRJo6rFfpbqt3UG/ht2TKE59f2kXNlhW2DS0Vg4FnFRVa
++ARBv6orZw==
+-----END CERTIFICATE-----
+</ca>
+
+<cert>
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 11420 (0x2c9c)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Nov 6 09:18:33 2017 GMT
+ Not After : Nov 4 09:18:33 2027 GMT
+ Subject: CN=abellai
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:76:75:53:16:13:32:01:21:f9:80:8b:5f:aa:e9:
+ b8:d8:0a:b6:cf:b1:d1:74:b8:f3:0b:cb:5a:60:41:
+ d4:de:50:20:53:aa:f1:3e:ba:14:b6:e8:3a:56:75:
+ cd:7d:1a:c9:a9:f6:31:b9:b8:55:a8:4c:cf:eb:91:
+ f7:23:f7:98:13:30:79:08:6f:4a:4d:61:be:3b:46:
+ 6d:80:83:67:bf:e9:03:4d:24:02:ce:a7:82:5f:6d:
+ b3:1b:c2:64:e9:43:bc
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 6D:CB:36:20:EB:42:04:2D:DD:B7:03:29:70:E0:05:32:40:9B:96:E0
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:30:1e:ee:85:f7:51:aa:00:8c:a7:bc:5d:81:dd:54:
+ 59:d0:bf:6b:31:6e:34:87:68:1c:23:1c:d8:6c:1a:59:6f:3f:
+ b8:88:b2:f7:da:45:22:38:d2:22:fb:a6:e1:fb:e1:f6:02:31:
+ 00:f0:6d:fc:d9:87:61:74:0e:6b:76:00:63:f2:16:5e:5d:ee:
+ d7:96:c4:ac:dd:ef:b8:fd:e5:e4:b1:47:35:52:ef:1d:5d:1d:
+ e6:1a:c7:7e:4a:b4:d4:be:86:64:2d:fd:52
+-----BEGIN CERTIFICATE-----
+MIIB6zCCAXGgAwIBAgICLJwwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzExMDYwOTE4MzNaFw0yNzExMDQwOTE4MzNaMBIxEDAOBgNVBAMM
+B2FiZWxsYWkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAR2dVMWEzIBIfmAi1+q6bjY
+CrbPsdF0uPMLy1pgQdTeUCBTqvE+uhS26DpWdc19Gsmp9jG5uFWoTM/rkfcj95gT
+MHkIb0pNYb47Rm2Ag2e/6QNNJALOp4JfbbMbwmTpQ7yjgZYwgZMwCQYDVR0TBAIw
+ADAdBgNVHQ4EFgQUbcs2IOtCBC3dtwMpcOAFMkCbluAwRQYDVR0jBD4wPIAUNPhc
+X7BPtuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc
+1Qe2VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI
+zj0EAwIDaAAwZQIwHu6F91GqAIynvF2B3VRZ0L9rMW40h2gcIxzYbBpZbz+4iLL3
+2kUiONIi+6bh++H2AjEA8G382YdhdA5rdgBj8hZeXe7XlsSs3e+4/eXksUc1Uu8d
+XR3mGsd+SrTUvoZkLf1S
+-----END CERTIFICATE-----
+</cert>
+
+<key>
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBFYzI7yj3wui4KYnrc
+HaHi0zzfEhd4GHhLKut+ILUjG1EFGAYB/x1INjV0pYiY9cyhZANiAAR2dVMWEzIB
+IfmAi1+q6bjYCrbPsdF0uPMLy1pgQdTeUCBTqvE+uhS26DpWdc19Gsmp9jG5uFWo
+TM/rkfcj95gTMHkIb0pNYb47Rm2Ag2e/6QNNJALOp4JfbbMbwmTpQ7w=
+-----END PRIVATE KEY-----
+</key>
+
+<tls-auth>
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+e2c3228e2b7b2e06ea31c36d88f0b025
+a43272d29c5e75ce0e0d848a22455f7f
+2fbbe2913630194ca637d987b9c9a62d
+4e68ce4cb9cc00a13475e749fdbf98c9
+cae6c8c4ef8e5b8bbf6d0cd30c217625
+382064df6f2fba84d572f0b462530549
+462ef72ebdf83b41bb1c25467d516938
+b9b82d3a5a6ba072c5ca7c1ed54500f1
+932f175f377cbf6a9250690eb36cf05b
+8d04c22756cb43d787d5c6efbbe78732
+02cdc11cf66cef8ccf0842f6f3de425a
+e0c1f29111e7aaf091b97b3958a35066
+94ba9f615b622339e6151314c6ea6014
+518c7ea5e064965985afab9a4bbba63e
+80fb88e0ab45db4f734c1650dcd01810
+c201d2efe838b414674643ce2d05fdab
+-----END OpenVPN Static key V1-----
+</tls-auth>
--- /dev/null
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server. #
+# #
+# This configuration can be used by multiple #
+# clients, however each client should have #
+# its own cert and key files. #
+# #
+# On Windows, you might want to rename this #
+# file so it has a .ovpn extension #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel
+# if you have more than one. On XP SP2,
+# you may need to disable the firewall
+# for the TAP adapter.
+;dev-node MyTap
+
+# Are we connecting to a TCP or
+# UDP server? Use the same setting as
+# on the server.
+;proto tcp
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote vpn.userrendszerhaz.hu 1194
+
+# Choose a random host from the remote
+# list for load-balancing. Otherwise
+# try hosts in the order specified.
+;remote-random
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server. Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Downgrade privileges after initialization (non-Windows only)
+user nobody
+group nobody
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# If you are connecting through an
+# HTTP proxy to reach the actual OpenVPN
+# server, put the proxy server/IP and
+# port number here. See the man page
+# if your proxy server requires
+# authentication.
+;http-proxy-retry # retry on connection failures
+;http-proxy [proxy server] [proxy port #]
+
+# Wireless networks often produce a lot
+# of duplicate packets. Set this flag
+# to silence duplicate packet warnings.
+;mute-replay-warnings
+
+# SSL/TLS parms.
+# See the server config file for more
+# description. It's best to use
+# a separate .crt/.key file pair
+# for each client. A single ca
+# file can be used for all clients.
+;ca ca.crt
+;cert client.crt
+;key client.key
+
+# Verify server certificate by checking that the
+# certicate has the correct key usage set.
+# This is an important precaution to protect against
+# a potential attack discussed here:
+# http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the keyUsage set to
+# digitalSignature, keyEncipherment
+# and the extendedKeyUsage to
+# serverAuth
+# EasyRSA can do this for you.
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+;tls-auth ta.key 1
+key-direction 1
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+# Note that v2.4 client/server will automatically
+# negotiate AES-256-GCM in TLS mode.
+# See also the ncp-cipher option in the manpage
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+#comp-lzo
+
+# Set log file verbosity.
+verb 3
+
+# Silence repeating messages
+;mute 20
+
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIB4zCCAWmgAwIBAgIJANzVB7ZWgM/zMAoGCCqGSM49BAMCMBUxEzARBgNVBAMM
+Ck9wZW5WUE4gQ0EwHhcNMTcxMDE5MDkyNjQ5WhcNMjcxMDE3MDkyNjQ5WjAVMRMw
+EQYDVQQDDApPcGVuVlBOIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZlRYMkM/
+C1BWwdhulSHhjowAkCXaAN8OUprngryT/qA/0Am+LYQmWdwNdef4ElhSTW4xaKQZ
+q4d36p1ygnf3lEKRQSkg2u/5mrTCBw1DEZOgg8CS1z4wTlttYqlido0Jo4GEMIGB
+MB0GA1UdDgQWBBQ0+FxfsE+24u9DitmrWHTQVshLzzBFBgNVHSMEPjA8gBQ0+Fxf
+sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV
+B7ZWgM/zMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA2gA
+MGUCMQCzheSmsBg4AbeGKqnuJ9P/uvgQOZcsgxls63EDhpirHcL/eJFGwpF2xj1p
+9AnWZfwCMGO/71WFApKPRJo6rFfpbqt3UG/ht2TKE59f2kXNlhW2DS0Vg4FnFRVa
++ARBv6orZw==
+-----END CERTIFICATE-----
+</ca>
+
+<cert>
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 12782 (0x31ee)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:30:45 2017 GMT
+ Not After : Oct 17 09:30:45 2027 GMT
+ Subject: CN=aborza
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:ca:81:c1:4a:ea:59:0a:e6:b5:34:90:78:60:ae:
+ 9a:b9:5c:d8:52:3e:ec:8f:30:00:96:c0:6b:5e:17:
+ 60:ab:72:09:73:e3:3e:31:5b:f7:fe:ed:31:48:94:
+ 6f:e9:a0:4a:70:76:55:5b:41:07:ea:af:e2:8a:b1:
+ 5f:5c:95:e4:f4:b4:60:1d:91:c8:0f:fb:57:f6:53:
+ 79:07:3a:2e:c9:6f:96:6a:7d:1e:1c:f6:74:19:76:
+ 8c:bb:c1:dd:dd:ff:6d
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 8D:C0:A1:00:5B:E9:79:9B:65:3D:0B:DA:CD:18:C0:80:D7:11:49:7A
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:30:70:1e:e8:7c:51:73:46:96:78:64:df:35:e8:90:
+ 28:60:66:c3:a1:9c:ce:46:c6:09:95:c3:99:80:ce:70:84:10:
+ 2f:a2:8b:ad:53:8f:0e:67:ad:05:88:71:4b:dc:a4:4a:02:31:
+ 00:83:2b:87:a9:6e:6e:14:49:ff:53:61:8c:6b:8a:f3:cf:b4:
+ 4a:b7:ec:19:e3:05:bd:4f:43:49:bb:cb:df:aa:ba:27:e7:5e:
+ 07:4a:f8:32:c6:f0:f1:22:31:a0:7f:f8:22
+-----BEGIN CERTIFICATE-----
+MIIB6jCCAXCgAwIBAgICMe4wCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMwNDVaFw0yNzEwMTcwOTMwNDVaMBExDzANBgNVBAMM
+BmFib3J6YTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMqBwUrqWQrmtTSQeGCumrlc
+2FI+7I8wAJbAa14XYKtyCXPjPjFb9/7tMUiUb+mgSnB2VVtBB+qv4oqxX1yV5PS0
+YB2RyA/7V/ZTeQc6Lslvlmp9Hhz2dBl2jLvB3d3/baOBljCBkzAJBgNVHRMEAjAA
+MB0GA1UdDgQWBBSNwKEAW+l5m2U9C9rNGMCA1xFJejBFBgNVHSMEPjA8gBQ0+Fxf
+sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV
+B7ZWgM/zMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjO
+PQQDAgNoADBlAjBwHuh8UXNGlnhk3zXokChgZsOhnM5GxgmVw5mAznCEEC+ii61T
+jw5nrQWIcUvcpEoCMQCDK4epbm4USf9TYYxrivPPtEq37BnjBb1PQ0m7y9+quifn
+XgdK+DLG8PEiMaB/+CI=
+-----END CERTIFICATE-----
+</cert>
+
+<key>
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDXDmyQ4XF5iPRhk/8g
+XXdZ5ECp/D3r7OnQDsORGakLdezeXNdK0ZgdIBX0R5/Vg1mhZANiAATKgcFK6lkK
+5rU0kHhgrpq5XNhSPuyPMACWwGteF2Crcglz4z4xW/f+7TFIlG/poEpwdlVbQQfq
+r+KKsV9cleT0tGAdkcgP+1f2U3kHOi7Jb5ZqfR4c9nQZdoy7wd3d/20=
+-----END PRIVATE KEY-----
+</key>
+
+<tls-auth>
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+e2c3228e2b7b2e06ea31c36d88f0b025
+a43272d29c5e75ce0e0d848a22455f7f
+2fbbe2913630194ca637d987b9c9a62d
+4e68ce4cb9cc00a13475e749fdbf98c9
+cae6c8c4ef8e5b8bbf6d0cd30c217625
+382064df6f2fba84d572f0b462530549
+462ef72ebdf83b41bb1c25467d516938
+b9b82d3a5a6ba072c5ca7c1ed54500f1
+932f175f377cbf6a9250690eb36cf05b
+8d04c22756cb43d787d5c6efbbe78732
+02cdc11cf66cef8ccf0842f6f3de425a
+e0c1f29111e7aaf091b97b3958a35066
+94ba9f615b622339e6151314c6ea6014
+518c7ea5e064965985afab9a4bbba63e
+80fb88e0ab45db4f734c1650dcd01810
+c201d2efe838b414674643ce2d05fdab
+-----END OpenVPN Static key V1-----
+</tls-auth>
--- /dev/null
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server. #
+# #
+# This configuration can be used by multiple #
+# clients, however each client should have #
+# its own cert and key files. #
+# #
+# On Windows, you might want to rename this #
+# file so it has a .ovpn extension #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel
+# if you have more than one. On XP SP2,
+# you may need to disable the firewall
+# for the TAP adapter.
+;dev-node MyTap
+
+# Are we connecting to a TCP or
+# UDP server? Use the same setting as
+# on the server.
+;proto tcp
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote vpn.userrendszerhaz.hu 1194
+
+# Choose a random host from the remote
+# list for load-balancing. Otherwise
+# try hosts in the order specified.
+;remote-random
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server. Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Downgrade privileges after initialization (non-Windows only)
+user nobody
+group nobody
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# If you are connecting through an
+# HTTP proxy to reach the actual OpenVPN
+# server, put the proxy server/IP and
+# port number here. See the man page
+# if your proxy server requires
+# authentication.
+;http-proxy-retry # retry on connection failures
+;http-proxy [proxy server] [proxy port #]
+
+# Wireless networks often produce a lot
+# of duplicate packets. Set this flag
+# to silence duplicate packet warnings.
+;mute-replay-warnings
+
+# SSL/TLS parms.
+# See the server config file for more
+# description. It's best to use
+# a separate .crt/.key file pair
+# for each client. A single ca
+# file can be used for all clients.
+;ca ca.crt
+;cert client.crt
+;key client.key
+
+# Verify server certificate by checking that the
+# certicate has the correct key usage set.
+# This is an important precaution to protect against
+# a potential attack discussed here:
+# http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the keyUsage set to
+# digitalSignature, keyEncipherment
+# and the extendedKeyUsage to
+# serverAuth
+# EasyRSA can do this for you.
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+;tls-auth ta.key 1
+key-direction 1
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+# Note that v2.4 client/server will automatically
+# negotiate AES-256-GCM in TLS mode.
+# See also the ncp-cipher option in the manpage
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+#comp-lzo
+
+# Set log file verbosity.
+verb 3
+
+# Silence repeating messages
+;mute 20
+
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIB4zCCAWmgAwIBAgIJANzVB7ZWgM/zMAoGCCqGSM49BAMCMBUxEzARBgNVBAMM
+Ck9wZW5WUE4gQ0EwHhcNMTcxMDE5MDkyNjQ5WhcNMjcxMDE3MDkyNjQ5WjAVMRMw
+EQYDVQQDDApPcGVuVlBOIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZlRYMkM/
+C1BWwdhulSHhjowAkCXaAN8OUprngryT/qA/0Am+LYQmWdwNdef4ElhSTW4xaKQZ
+q4d36p1ygnf3lEKRQSkg2u/5mrTCBw1DEZOgg8CS1z4wTlttYqlido0Jo4GEMIGB
+MB0GA1UdDgQWBBQ0+FxfsE+24u9DitmrWHTQVshLzzBFBgNVHSMEPjA8gBQ0+Fxf
+sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV
+B7ZWgM/zMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA2gA
+MGUCMQCzheSmsBg4AbeGKqnuJ9P/uvgQOZcsgxls63EDhpirHcL/eJFGwpF2xj1p
+9AnWZfwCMGO/71WFApKPRJo6rFfpbqt3UG/ht2TKE59f2kXNlhW2DS0Vg4FnFRVa
++ARBv6orZw==
+-----END CERTIFICATE-----
+</ca>
+
+<cert>
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 12010 (0x2eea)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:30:53 2017 GMT
+ Not After : Oct 17 09:30:53 2027 GMT
+ Subject: CN=acsiba
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:da:c2:53:06:83:f7:48:e5:6a:f8:89:fc:d5:bd:
+ db:d0:b9:7c:e0:d9:83:2c:63:7b:d2:5f:81:a7:81:
+ fc:c8:3d:ff:33:a8:48:f0:aa:7b:07:68:1b:aa:01:
+ 70:5e:d8:d1:18:a6:12:c9:65:42:2a:43:bc:37:19:
+ 41:57:a2:bc:e5:fb:9b:4a:0b:88:47:50:e2:ad:3e:
+ 79:22:54:c0:e9:ac:2a:2f:e7:ed:0d:a0:c1:38:86:
+ 9e:45:ec:14:12:a3:73
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 15:17:AB:54:ED:F7:6C:D1:1E:AD:12:A6:20:4F:04:78:22:83:6C:A0
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:31:00:a9:f0:bc:0c:01:70:39:9f:99:f1:c9:ce:5f:
+ d0:f2:b3:66:64:38:7e:9b:36:51:1c:5e:69:6f:7a:4b:bd:32:
+ 0f:50:7a:c9:8a:dc:f5:18:a3:f3:69:02:20:c2:3c:f1:95:02:
+ 30:78:72:d5:53:c2:2e:b2:5c:91:a7:a6:78:b4:3f:0f:2e:3e:
+ 22:20:22:3f:b2:67:96:e8:79:89:f0:b0:a8:bb:1d:d6:70:f1:
+ c9:1b:22:31:e3:40:36:6e:40:da:7d:64:d7
+-----BEGIN CERTIFICATE-----
+MIIB6jCCAXCgAwIBAgICLuowCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMwNTNaFw0yNzEwMTcwOTMwNTNaMBExDzANBgNVBAMM
+BmFjc2liYTB2MBAGByqGSM49AgEGBSuBBAAiA2IABNrCUwaD90jlaviJ/NW929C5
+fODZgyxje9JfgaeB/Mg9/zOoSPCqewdoG6oBcF7Y0RimEsllQipDvDcZQVeivOX7
+m0oLiEdQ4q0+eSJUwOmsKi/n7Q2gwTiGnkXsFBKjc6OBljCBkzAJBgNVHRMEAjAA
+MB0GA1UdDgQWBBQVF6tU7fds0R6tEqYgTwR4IoNsoDBFBgNVHSMEPjA8gBQ0+Fxf
+sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV
+B7ZWgM/zMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjO
+PQQDAgNoADBlAjEAqfC8DAFwOZ+Z8cnOX9Dys2ZkOH6bNlEcXmlveku9Mg9QesmK
+3PUYo/NpAiDCPPGVAjB4ctVTwi6yXJGnpni0Pw8uPiIgIj+yZ5boeYnwsKi7HdZw
+8ckbIjHjQDZuQNp9ZNc=
+-----END CERTIFICATE-----
+</cert>
+
+<key>
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBWJGEFVc/SmIhR0WOU
+yvUkd77l0e1NWkcUaVzR9ImZR8hVKPHkSH7mxgZW8ntIWBShZANiAATawlMGg/dI
+5Wr4ifzVvdvQuXzg2YMsY3vSX4GngfzIPf8zqEjwqnsHaBuqAXBe2NEYphLJZUIq
+Q7w3GUFXorzl+5tKC4hHUOKtPnkiVMDprCov5+0NoME4hp5F7BQSo3M=
+-----END PRIVATE KEY-----
+</key>
+
+<tls-auth>
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+e2c3228e2b7b2e06ea31c36d88f0b025
+a43272d29c5e75ce0e0d848a22455f7f
+2fbbe2913630194ca637d987b9c9a62d
+4e68ce4cb9cc00a13475e749fdbf98c9
+cae6c8c4ef8e5b8bbf6d0cd30c217625
+382064df6f2fba84d572f0b462530549
+462ef72ebdf83b41bb1c25467d516938
+b9b82d3a5a6ba072c5ca7c1ed54500f1
+932f175f377cbf6a9250690eb36cf05b
+8d04c22756cb43d787d5c6efbbe78732
+02cdc11cf66cef8ccf0842f6f3de425a
+e0c1f29111e7aaf091b97b3958a35066
+94ba9f615b622339e6151314c6ea6014
+518c7ea5e064965985afab9a4bbba63e
+80fb88e0ab45db4f734c1650dcd01810
+c201d2efe838b414674643ce2d05fdab
+-----END OpenVPN Static key V1-----
+</tls-auth>
--- /dev/null
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server. #
+# #
+# This configuration can be used by multiple #
+# clients, however each client should have #
+# its own cert and key files. #
+# #
+# On Windows, you might want to rename this #
+# file so it has a .ovpn extension #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel
+# if you have more than one. On XP SP2,
+# you may need to disable the firewall
+# for the TAP adapter.
+;dev-node MyTap
+
+# Are we connecting to a TCP or
+# UDP server? Use the same setting as
+# on the server.
+;proto tcp
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote vpn.userrendszerhaz.hu 1194
+
+# Choose a random host from the remote
+# list for load-balancing. Otherwise
+# try hosts in the order specified.
+;remote-random
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server. Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Downgrade privileges after initialization (non-Windows only)
+user nobody
+group nobody
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# If you are connecting through an
+# HTTP proxy to reach the actual OpenVPN
+# server, put the proxy server/IP and
+# port number here. See the man page
+# if your proxy server requires
+# authentication.
+;http-proxy-retry # retry on connection failures
+;http-proxy [proxy server] [proxy port #]
+
+# Wireless networks often produce a lot
+# of duplicate packets. Set this flag
+# to silence duplicate packet warnings.
+;mute-replay-warnings
+
+# SSL/TLS parms.
+# See the server config file for more
+# description. It's best to use
+# a separate .crt/.key file pair
+# for each client. A single ca
+# file can be used for all clients.
+;ca ca.crt
+;cert client.crt
+;key client.key
+
+# Verify server certificate by checking that the
+# certicate has the correct key usage set.
+# This is an important precaution to protect against
+# a potential attack discussed here:
+# http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the keyUsage set to
+# digitalSignature, keyEncipherment
+# and the extendedKeyUsage to
+# serverAuth
+# EasyRSA can do this for you.
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+;tls-auth ta.key 1
+key-direction 1
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+# Note that v2.4 client/server will automatically
+# negotiate AES-256-GCM in TLS mode.
+# See also the ncp-cipher option in the manpage
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+#comp-lzo
+
+# Set log file verbosity.
+verb 3
+
+# Silence repeating messages
+;mute 20
+
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIB4zCCAWmgAwIBAgIJANzVB7ZWgM/zMAoGCCqGSM49BAMCMBUxEzARBgNVBAMM
+Ck9wZW5WUE4gQ0EwHhcNMTcxMDE5MDkyNjQ5WhcNMjcxMDE3MDkyNjQ5WjAVMRMw
+EQYDVQQDDApPcGVuVlBOIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZlRYMkM/
+C1BWwdhulSHhjowAkCXaAN8OUprngryT/qA/0Am+LYQmWdwNdef4ElhSTW4xaKQZ
+q4d36p1ygnf3lEKRQSkg2u/5mrTCBw1DEZOgg8CS1z4wTlttYqlido0Jo4GEMIGB
+MB0GA1UdDgQWBBQ0+FxfsE+24u9DitmrWHTQVshLzzBFBgNVHSMEPjA8gBQ0+Fxf
+sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV
+B7ZWgM/zMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA2gA
+MGUCMQCzheSmsBg4AbeGKqnuJ9P/uvgQOZcsgxls63EDhpirHcL/eJFGwpF2xj1p
+9AnWZfwCMGO/71WFApKPRJo6rFfpbqt3UG/ht2TKE59f2kXNlhW2DS0Vg4FnFRVa
++ARBv6orZw==
+-----END CERTIFICATE-----
+</ca>
+
+<cert>
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 11036 (0x2b1c)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:31:11 2017 GMT
+ Not After : Oct 17 09:31:11 2027 GMT
+ Subject: CN=akosztolanyi
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:8f:3c:74:2e:5d:d7:90:ac:5c:2f:e8:fe:f3:8a:
+ 8d:6b:6b:96:98:a7:63:e3:03:42:4c:2b:49:22:a8:
+ 07:c2:ac:06:89:a8:80:04:26:5e:68:79:a8:b9:84:
+ 79:3e:da:98:56:15:36:f2:7c:09:f8:41:78:5c:8e:
+ 2c:de:1b:18:8a:49:4c:8f:fe:ed:95:8f:0f:cb:5b:
+ e2:64:b1:63:ef:3d:d1:95:49:f1:4e:73:47:a7:11:
+ 94:1c:36:da:e6:55:cf
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ B1:A3:E4:CB:16:E0:E1:12:E2:70:12:2B:8F:DA:D8:99:D6:63:A4:FC
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:66:02:31:00:b7:e6:6c:6c:e6:75:bd:45:00:d2:29:3e:55:
+ 07:c4:33:b8:50:77:09:1b:d2:9b:1d:4d:48:ed:74:a3:2d:c0:
+ 99:0a:06:7a:08:b6:c7:41:e0:58:a9:2c:3c:6e:3f:62:a3:02:
+ 31:00:a9:80:0c:db:0c:c4:7c:79:44:ec:09:a5:2d:02:ef:31:
+ a7:84:0b:c2:7e:a6:0b:0c:c1:e3:84:d5:35:7f:1d:ac:21:7f:
+ f0:83:a7:2b:db:d8:06:61:f2:86:ee:1b:6f:1f
+-----BEGIN CERTIFICATE-----
+MIIB8TCCAXagAwIBAgICKxwwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMxMTFaFw0yNzEwMTcwOTMxMTFaMBcxFTATBgNVBAMM
+DGFrb3N6dG9sYW55aTB2MBAGByqGSM49AgEGBSuBBAAiA2IABI88dC5d15CsXC/o
+/vOKjWtrlpinY+MDQkwrSSKoB8KsBomogAQmXmh5qLmEeT7amFYVNvJ8CfhBeFyO
+LN4bGIpJTI/+7ZWPD8tb4mSxY+890ZVJ8U5zR6cRlBw22uZVz6OBljCBkzAJBgNV
+HRMEAjAAMB0GA1UdDgQWBBSxo+TLFuDhEuJwEiuP2tiZ1mOk/DBFBgNVHSMEPjA8
+gBQ0+FxfsE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBD
+QYIJANzVB7ZWgM/zMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAK
+BggqhkjOPQQDAgNpADBmAjEAt+ZsbOZ1vUUA0ik+VQfEM7hQdwkb0psdTUjtdKMt
+wJkKBnoItsdB4FipLDxuP2KjAjEAqYAM2wzEfHlE7AmlLQLvMaeEC8J+pgsMweOE
+1TV/Hawhf/CDpyvb2AZh8obuG28f
+-----END CERTIFICATE-----
+</cert>
+
+<key>
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAcQQScflm1tSD4BQhX
+fWc/SL9jTmJnJC4hHlFyr6u558vkhOn49nOv62bdtGUKQjGhZANiAASPPHQuXdeQ
+rFwv6P7zio1ra5aYp2PjA0JMK0kiqAfCrAaJqIAEJl5oeai5hHk+2phWFTbyfAn4
+QXhcjizeGxiKSUyP/u2Vjw/LW+JksWPvPdGVSfFOc0enEZQcNtrmVc8=
+-----END PRIVATE KEY-----
+</key>
+
+<tls-auth>
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+e2c3228e2b7b2e06ea31c36d88f0b025
+a43272d29c5e75ce0e0d848a22455f7f
+2fbbe2913630194ca637d987b9c9a62d
+4e68ce4cb9cc00a13475e749fdbf98c9
+cae6c8c4ef8e5b8bbf6d0cd30c217625
+382064df6f2fba84d572f0b462530549
+462ef72ebdf83b41bb1c25467d516938
+b9b82d3a5a6ba072c5ca7c1ed54500f1
+932f175f377cbf6a9250690eb36cf05b
+8d04c22756cb43d787d5c6efbbe78732
+02cdc11cf66cef8ccf0842f6f3de425a
+e0c1f29111e7aaf091b97b3958a35066
+94ba9f615b622339e6151314c6ea6014
+518c7ea5e064965985afab9a4bbba63e
+80fb88e0ab45db4f734c1650dcd01810
+c201d2efe838b414674643ce2d05fdab
+-----END OpenVPN Static key V1-----
+</tls-auth>
--- /dev/null
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server. #
+# #
+# This configuration can be used by multiple #
+# clients, however each client should have #
+# its own cert and key files. #
+# #
+# On Windows, you might want to rename this #
+# file so it has a .ovpn extension #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel
+# if you have more than one. On XP SP2,
+# you may need to disable the firewall
+# for the TAP adapter.
+;dev-node MyTap
+
+# Are we connecting to a TCP or
+# UDP server? Use the same setting as
+# on the server.
+;proto tcp
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote vpn.userrendszerhaz.hu 1194
+
+# Choose a random host from the remote
+# list for load-balancing. Otherwise
+# try hosts in the order specified.
+;remote-random
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server. Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Downgrade privileges after initialization (non-Windows only)
+user nobody
+group nobody
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# If you are connecting through an
+# HTTP proxy to reach the actual OpenVPN
+# server, put the proxy server/IP and
+# port number here. See the man page
+# if your proxy server requires
+# authentication.
+;http-proxy-retry # retry on connection failures
+;http-proxy [proxy server] [proxy port #]
+
+# Wireless networks often produce a lot
+# of duplicate packets. Set this flag
+# to silence duplicate packet warnings.
+;mute-replay-warnings
+
+# SSL/TLS parms.
+# See the server config file for more
+# description. It's best to use
+# a separate .crt/.key file pair
+# for each client. A single ca
+# file can be used for all clients.
+;ca ca.crt
+;cert client.crt
+;key client.key
+
+# Verify server certificate by checking that the
+# certicate has the correct key usage set.
+# This is an important precaution to protect against
+# a potential attack discussed here:
+# http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the keyUsage set to
+# digitalSignature, keyEncipherment
+# and the extendedKeyUsage to
+# serverAuth
+# EasyRSA can do this for you.
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+;tls-auth ta.key 1
+key-direction 1
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+# Note that v2.4 client/server will automatically
+# negotiate AES-256-GCM in TLS mode.
+# See also the ncp-cipher option in the manpage
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+#comp-lzo
+
+# Set log file verbosity.
+verb 3
+
+# Silence repeating messages
+;mute 20
+
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIB4zCCAWmgAwIBAgIJANzVB7ZWgM/zMAoGCCqGSM49BAMCMBUxEzARBgNVBAMM
+Ck9wZW5WUE4gQ0EwHhcNMTcxMDE5MDkyNjQ5WhcNMjcxMDE3MDkyNjQ5WjAVMRMw
+EQYDVQQDDApPcGVuVlBOIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZlRYMkM/
+C1BWwdhulSHhjowAkCXaAN8OUprngryT/qA/0Am+LYQmWdwNdef4ElhSTW4xaKQZ
+q4d36p1ygnf3lEKRQSkg2u/5mrTCBw1DEZOgg8CS1z4wTlttYqlido0Jo4GEMIGB
+MB0GA1UdDgQWBBQ0+FxfsE+24u9DitmrWHTQVshLzzBFBgNVHSMEPjA8gBQ0+Fxf
+sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV
+B7ZWgM/zMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA2gA
+MGUCMQCzheSmsBg4AbeGKqnuJ9P/uvgQOZcsgxls63EDhpirHcL/eJFGwpF2xj1p
+9AnWZfwCMGO/71WFApKPRJo6rFfpbqt3UG/ht2TKE59f2kXNlhW2DS0Vg4FnFRVa
++ARBv6orZw==
+-----END CERTIFICATE-----
+</ca>
+
+<cert>
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 11427 (0x2ca3)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:31:22 2017 GMT
+ Not After : Oct 17 09:31:22 2027 GMT
+ Subject: CN=azsamboki
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:37:66:66:c1:b8:90:03:80:8d:75:22:db:61:2e:
+ 72:0e:78:04:91:9d:da:99:39:1d:89:0b:0e:34:90:
+ 06:0d:3d:8c:25:2f:fc:56:75:bc:85:ab:24:54:14:
+ f4:27:39:49:10:11:80:4a:07:7b:72:ed:79:8d:95:
+ 34:e3:07:13:3b:da:51:eb:8a:b5:77:b6:71:e4:97:
+ e6:05:4f:27:3e:0a:c1:f6:1f:ff:bf:a4:5e:43:ca:
+ bc:42:fd:3f:49:c3:5b
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ DE:CA:E6:F5:11:A9:62:D9:9C:93:4A:B3:2B:A4:9B:31:B1:1E:66:61
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:66:02:31:00:cb:c2:a4:ad:cd:f0:de:75:3b:7e:bb:c8:c1:
+ 45:2a:bf:01:8e:83:b7:7b:15:98:7d:21:2c:86:83:bb:2d:21:
+ f6:be:b8:0d:fb:91:d2:57:fb:21:e4:6c:4f:90:b8:29:eb:02:
+ 31:00:f2:98:41:ca:42:df:94:78:e5:c7:9e:93:fc:e4:f2:5f:
+ cc:5d:5d:e9:f8:97:84:1a:78:15:90:04:06:99:77:9b:dd:3c:
+ 3a:93:55:d0:2b:f6:59:80:ae:c7:1d:85:32:61
+-----BEGIN CERTIFICATE-----
+MIIB7jCCAXOgAwIBAgICLKMwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMxMjJaFw0yNzEwMTcwOTMxMjJaMBQxEjAQBgNVBAMM
+CWF6c2FtYm9raTB2MBAGByqGSM49AgEGBSuBBAAiA2IABDdmZsG4kAOAjXUi22Eu
+cg54BJGd2pk5HYkLDjSQBg09jCUv/FZ1vIWrJFQU9Cc5SRARgEoHe3LteY2VNOMH
+EzvaUeuKtXe2ceSX5gVPJz4KwfYf/7+kXkPKvEL9P0nDW6OBljCBkzAJBgNVHRME
+AjAAMB0GA1UdDgQWBBTeyub1Eali2ZyTSrMrpJsxsR5mYTBFBgNVHSMEPjA8gBQ0
++FxfsE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJ
+ANzVB7ZWgM/zMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggq
+hkjOPQQDAgNpADBmAjEAy8Kkrc3w3nU7frvIwUUqvwGOg7d7FZh9ISyGg7stIfa+
+uA37kdJX+yHkbE+QuCnrAjEA8phBykLflHjlx56T/OTyX8xdXen4l4QaeBWQBAaZ
+d5vdPDqTVdAr9lmArscdhTJh
+-----END CERTIFICATE-----
+</cert>
+
+<key>
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDArFkY/hBHoHVjQTRyX
+IrGy0dove2XopHBruMLhyoCeALqMVf71yMiC5ULPfcHa832hZANiAAQ3ZmbBuJAD
+gI11ItthLnIOeASRndqZOR2JCw40kAYNPYwlL/xWdbyFqyRUFPQnOUkQEYBKB3ty
+7XmNlTTjBxM72lHrirV3tnHkl+YFTyc+CsH2H/+/pF5DyrxC/T9Jw1s=
+-----END PRIVATE KEY-----
+</key>
+
+<tls-auth>
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+e2c3228e2b7b2e06ea31c36d88f0b025
+a43272d29c5e75ce0e0d848a22455f7f
+2fbbe2913630194ca637d987b9c9a62d
+4e68ce4cb9cc00a13475e749fdbf98c9
+cae6c8c4ef8e5b8bbf6d0cd30c217625
+382064df6f2fba84d572f0b462530549
+462ef72ebdf83b41bb1c25467d516938
+b9b82d3a5a6ba072c5ca7c1ed54500f1
+932f175f377cbf6a9250690eb36cf05b
+8d04c22756cb43d787d5c6efbbe78732
+02cdc11cf66cef8ccf0842f6f3de425a
+e0c1f29111e7aaf091b97b3958a35066
+94ba9f615b622339e6151314c6ea6014
+518c7ea5e064965985afab9a4bbba63e
+80fb88e0ab45db4f734c1650dcd01810
+c201d2efe838b414674643ce2d05fdab
+-----END OpenVPN Static key V1-----
+</tls-auth>
--- /dev/null
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server. #
+# #
+# This configuration can be used by multiple #
+# clients, however each client should have #
+# its own cert and key files. #
+# #
+# On Windows, you might want to rename this #
+# file so it has a .ovpn extension #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel
+# if you have more than one. On XP SP2,
+# you may need to disable the firewall
+# for the TAP adapter.
+;dev-node MyTap
+
+# Are we connecting to a TCP or
+# UDP server? Use the same setting as
+# on the server.
+;proto tcp
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote vpn.userrendszerhaz.hu 1194
+
+# Choose a random host from the remote
+# list for load-balancing. Otherwise
+# try hosts in the order specified.
+;remote-random
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server. Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Downgrade privileges after initialization (non-Windows only)
+user nobody
+group nobody
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# If you are connecting through an
+# HTTP proxy to reach the actual OpenVPN
+# server, put the proxy server/IP and
+# port number here. See the man page
+# if your proxy server requires
+# authentication.
+;http-proxy-retry # retry on connection failures
+;http-proxy [proxy server] [proxy port #]
+
+# Wireless networks often produce a lot
+# of duplicate packets. Set this flag
+# to silence duplicate packet warnings.
+;mute-replay-warnings
+
+# SSL/TLS parms.
+# See the server config file for more
+# description. It's best to use
+# a separate .crt/.key file pair
+# for each client. A single ca
+# file can be used for all clients.
+;ca ca.crt
+;cert client.crt
+;key client.key
+
+# Verify server certificate by checking that the
+# certicate has the correct key usage set.
+# This is an important precaution to protect against
+# a potential attack discussed here:
+# http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the keyUsage set to
+# digitalSignature, keyEncipherment
+# and the extendedKeyUsage to
+# serverAuth
+# EasyRSA can do this for you.
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+;tls-auth ta.key 1
+key-direction 1
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+# Note that v2.4 client/server will automatically
+# negotiate AES-256-GCM in TLS mode.
+# See also the ncp-cipher option in the manpage
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+#comp-lzo
+
+# Set log file verbosity.
+verb 3
+
+# Silence repeating messages
+;mute 20
--- /dev/null
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server. #
+# #
+# This configuration can be used by multiple #
+# clients, however each client should have #
+# its own cert and key files. #
+# #
+# On Windows, you might want to rename this #
+# file so it has a .ovpn extension #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel
+# if you have more than one. On XP SP2,
+# you may need to disable the firewall
+# for the TAP adapter.
+;dev-node MyTap
+
+# Are we connecting to a TCP or
+# UDP server? Use the same setting as
+# on the server.
+;proto tcp
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote vpn.userrendszerhaz.hu 1194
+
+# Choose a random host from the remote
+# list for load-balancing. Otherwise
+# try hosts in the order specified.
+;remote-random
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server. Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Downgrade privileges after initialization (non-Windows only)
+user nobody
+group nobody
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# If you are connecting through an
+# HTTP proxy to reach the actual OpenVPN
+# server, put the proxy server/IP and
+# port number here. See the man page
+# if your proxy server requires
+# authentication.
+;http-proxy-retry # retry on connection failures
+;http-proxy [proxy server] [proxy port #]
+
+# Wireless networks often produce a lot
+# of duplicate packets. Set this flag
+# to silence duplicate packet warnings.
+;mute-replay-warnings
+
+# SSL/TLS parms.
+# See the server config file for more
+# description. It's best to use
+# a separate .crt/.key file pair
+# for each client. A single ca
+# file can be used for all clients.
+;ca ca.crt
+;cert client.crt
+;key client.key
+
+# Verify server certificate by checking that the
+# certicate has the correct key usage set.
+# This is an important precaution to protect against
+# a potential attack discussed here:
+# http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the keyUsage set to
+# digitalSignature, keyEncipherment
+# and the extendedKeyUsage to
+# serverAuth
+# EasyRSA can do this for you.
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+;tls-auth ta.key 1
+key-direction 1
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+# Note that v2.4 client/server will automatically
+# negotiate AES-256-GCM in TLS mode.
+# See also the ncp-cipher option in the manpage
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+#comp-lzo
+
+# Set log file verbosity.
+verb 3
+
+# Silence repeating messages
+;mute 20
+
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIB4zCCAWmgAwIBAgIJANzVB7ZWgM/zMAoGCCqGSM49BAMCMBUxEzARBgNVBAMM
+Ck9wZW5WUE4gQ0EwHhcNMTcxMDE5MDkyNjQ5WhcNMjcxMDE3MDkyNjQ5WjAVMRMw
+EQYDVQQDDApPcGVuVlBOIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZlRYMkM/
+C1BWwdhulSHhjowAkCXaAN8OUprngryT/qA/0Am+LYQmWdwNdef4ElhSTW4xaKQZ
+q4d36p1ygnf3lEKRQSkg2u/5mrTCBw1DEZOgg8CS1z4wTlttYqlido0Jo4GEMIGB
+MB0GA1UdDgQWBBQ0+FxfsE+24u9DitmrWHTQVshLzzBFBgNVHSMEPjA8gBQ0+Fxf
+sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV
+B7ZWgM/zMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA2gA
+MGUCMQCzheSmsBg4AbeGKqnuJ9P/uvgQOZcsgxls63EDhpirHcL/eJFGwpF2xj1p
+9AnWZfwCMGO/71WFApKPRJo6rFfpbqt3UG/ht2TKE59f2kXNlhW2DS0Vg4FnFRVa
++ARBv6orZw==
+-----END CERTIFICATE-----
+</ca>
+
+<cert>
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 12239 (0x2fcf)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:31:36 2017 GMT
+ Not After : Oct 17 09:31:36 2027 GMT
+ Subject: CN=csgulyas
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:f2:18:09:ae:cd:31:69:80:cf:9b:ca:1b:ff:67:
+ d8:40:61:dc:48:60:b5:19:f9:40:aa:0b:92:0b:2b:
+ d9:7c:1f:01:23:cd:7a:62:51:0a:6a:57:18:49:dd:
+ d3:6b:71:48:4e:31:69:7c:56:b9:68:ed:a4:e8:a7:
+ cb:bb:6c:f8:95:f4:76:64:07:14:8f:4f:04:e9:26:
+ a2:74:46:a5:10:77:67:18:28:9c:8d:29:10:f7:7f:
+ 92:b2:83:75:19:8d:74
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 23:BC:13:C4:79:E6:B1:98:F7:D3:0D:AB:BB:B2:7F:C6:08:19:D5:15
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:66:02:31:00:d9:f1:2c:76:09:e3:5b:ed:20:3a:a7:47:48:
+ b8:55:d1:eb:37:51:3a:9f:33:48:03:c3:ec:82:9b:72:d5:94:
+ 24:58:7d:55:34:69:68:86:f4:57:85:1b:91:a5:57:c1:fb:02:
+ 31:00:f3:8f:50:60:25:14:b9:48:73:a8:d0:a0:ee:b1:a4:f9:
+ a3:6f:a8:29:d1:8c:fe:d0:be:7d:2f:67:e7:9d:02:85:ac:54:
+ d4:da:0f:68:85:53:04:7a:9c:14:28:91:7b:c3
+-----BEGIN CERTIFICATE-----
+MIIB7TCCAXKgAwIBAgICL88wCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMxMzZaFw0yNzEwMTcwOTMxMzZaMBMxETAPBgNVBAMM
+CGNzZ3VseWFzMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8hgJrs0xaYDPm8ob/2fY
+QGHcSGC1GflAqguSCyvZfB8BI816YlEKalcYSd3Ta3FITjFpfFa5aO2k6KfLu2z4
+lfR2ZAcUj08E6SaidEalEHdnGCicjSkQ93+SsoN1GY10o4GWMIGTMAkGA1UdEwQC
+MAAwHQYDVR0OBBYEFCO8E8R55rGY99MNq7uyf8YIGdUVMEUGA1UdIwQ+MDyAFDT4
+XF+wT7bi70OK2atYdNBWyEvPoRmkFzAVMRMwEQYDVQQDDApPcGVuVlBOIENBggkA
+3NUHtlaAz/MwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqG
+SM49BAMCA2kAMGYCMQDZ8Sx2CeNb7SA6p0dIuFXR6zdROp8zSAPD7IKbctWUJFh9
+VTRpaIb0V4UbkaVXwfsCMQDzj1BgJRS5SHOo0KDusaT5o2+oKdGM/tC+fS9n550C
+haxU1NoPaIVTBHqcFCiRe8M=
+-----END CERTIFICATE-----
+</cert>
+
+<key>
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCsHP52L0UObr9/psSM
+ua2cxeyl2m92YG5GgOAml76NIMUFfeFQgqGSW1slknJISZqhZANiAATyGAmuzTFp
+gM+byhv/Z9hAYdxIYLUZ+UCqC5ILK9l8HwEjzXpiUQpqVxhJ3dNrcUhOMWl8Vrlo
+7aTop8u7bPiV9HZkBxSPTwTpJqJ0RqUQd2cYKJyNKRD3f5Kyg3UZjXQ=
+-----END PRIVATE KEY-----
+</key>
+
+<tls-auth>
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+e2c3228e2b7b2e06ea31c36d88f0b025
+a43272d29c5e75ce0e0d848a22455f7f
+2fbbe2913630194ca637d987b9c9a62d
+4e68ce4cb9cc00a13475e749fdbf98c9
+cae6c8c4ef8e5b8bbf6d0cd30c217625
+382064df6f2fba84d572f0b462530549
+462ef72ebdf83b41bb1c25467d516938
+b9b82d3a5a6ba072c5ca7c1ed54500f1
+932f175f377cbf6a9250690eb36cf05b
+8d04c22756cb43d787d5c6efbbe78732
+02cdc11cf66cef8ccf0842f6f3de425a
+e0c1f29111e7aaf091b97b3958a35066
+94ba9f615b622339e6151314c6ea6014
+518c7ea5e064965985afab9a4bbba63e
+80fb88e0ab45db4f734c1650dcd01810
+c201d2efe838b414674643ce2d05fdab
+-----END OpenVPN Static key V1-----
+</tls-auth>
--- /dev/null
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server. #
+# #
+# This configuration can be used by multiple #
+# clients, however each client should have #
+# its own cert and key files. #
+# #
+# On Windows, you might want to rename this #
+# file so it has a .ovpn extension #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel
+# if you have more than one. On XP SP2,
+# you may need to disable the firewall
+# for the TAP adapter.
+;dev-node MyTap
+
+# Are we connecting to a TCP or
+# UDP server? Use the same setting as
+# on the server.
+;proto tcp
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote vpn.userrendszerhaz.hu 1194
+
+# Choose a random host from the remote
+# list for load-balancing. Otherwise
+# try hosts in the order specified.
+;remote-random
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server. Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Downgrade privileges after initialization (non-Windows only)
+user nobody
+group nobody
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# If you are connecting through an
+# HTTP proxy to reach the actual OpenVPN
+# server, put the proxy server/IP and
+# port number here. See the man page
+# if your proxy server requires
+# authentication.
+;http-proxy-retry # retry on connection failures
+;http-proxy [proxy server] [proxy port #]
+
+# Wireless networks often produce a lot
+# of duplicate packets. Set this flag
+# to silence duplicate packet warnings.
+;mute-replay-warnings
+
+# SSL/TLS parms.
+# See the server config file for more
+# description. It's best to use
+# a separate .crt/.key file pair
+# for each client. A single ca
+# file can be used for all clients.
+;ca ca.crt
+;cert client.crt
+;key client.key
+
+# Verify server certificate by checking that the
+# certicate has the correct key usage set.
+# This is an important precaution to protect against
+# a potential attack discussed here:
+# http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the keyUsage set to
+# digitalSignature, keyEncipherment
+# and the extendedKeyUsage to
+# serverAuth
+# EasyRSA can do this for you.
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+;tls-auth ta.key 1
+key-direction 1
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+# Note that v2.4 client/server will automatically
+# negotiate AES-256-GCM in TLS mode.
+# See also the ncp-cipher option in the manpage
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+#comp-lzo
+
+# Set log file verbosity.
+verb 3
+
+# Silence repeating messages
+;mute 20
+
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIB4zCCAWmgAwIBAgIJANzVB7ZWgM/zMAoGCCqGSM49BAMCMBUxEzARBgNVBAMM
+Ck9wZW5WUE4gQ0EwHhcNMTcxMDE5MDkyNjQ5WhcNMjcxMDE3MDkyNjQ5WjAVMRMw
+EQYDVQQDDApPcGVuVlBOIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZlRYMkM/
+C1BWwdhulSHhjowAkCXaAN8OUprngryT/qA/0Am+LYQmWdwNdef4ElhSTW4xaKQZ
+q4d36p1ygnf3lEKRQSkg2u/5mrTCBw1DEZOgg8CS1z4wTlttYqlido0Jo4GEMIGB
+MB0GA1UdDgQWBBQ0+FxfsE+24u9DitmrWHTQVshLzzBFBgNVHSMEPjA8gBQ0+Fxf
+sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV
+B7ZWgM/zMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA2gA
+MGUCMQCzheSmsBg4AbeGKqnuJ9P/uvgQOZcsgxls63EDhpirHcL/eJFGwpF2xj1p
+9AnWZfwCMGO/71WFApKPRJo6rFfpbqt3UG/ht2TKE59f2kXNlhW2DS0Vg4FnFRVa
++ARBv6orZw==
+-----END CERTIFICATE-----
+</ca>
+
+<cert>
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 12383 (0x305f)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:31:47 2017 GMT
+ Not After : Oct 17 09:31:47 2027 GMT
+ Subject: CN=dvasary
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:e6:2e:65:84:8a:05:e7:d2:32:6b:85:20:26:cd:
+ 0d:dc:a2:e6:cc:23:36:f4:33:7b:f0:6c:0d:a0:8d:
+ f8:0c:13:77:57:f7:6e:02:b7:1a:35:b0:ee:31:26:
+ 0d:57:31:df:11:fa:15:73:bd:d3:3e:e6:bc:97:9b:
+ 5e:da:41:b0:36:a2:95:98:3b:a6:4e:f5:18:8c:9e:
+ ff:26:8f:3e:00:93:b0:14:84:4d:43:f0:01:fa:95:
+ 6d:32:f2:41:0e:4f:5e
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ CD:19:31:60:F7:8A:AB:3D:A9:4F:C8:83:0D:B0:5A:D0:EB:69:44:4B
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:31:00:c8:72:bd:64:1d:57:d1:87:d9:1c:ef:e9:4f:
+ 7a:c9:b5:80:58:fb:ff:47:50:43:13:eb:80:4d:ab:ab:d6:9b:
+ 90:65:ae:58:88:43:da:3a:56:ba:ea:24:c0:03:42:a6:b1:02:
+ 30:22:fa:c5:a0:7d:b7:97:54:5a:e7:65:25:6a:02:f8:53:99:
+ 08:64:5e:a9:70:27:84:b0:03:df:d1:39:c9:9a:b7:ca:be:60:
+ d5:45:22:18:a7:ca:da:56:bd:15:d5:30:66
+-----BEGIN CERTIFICATE-----
+MIIB6zCCAXGgAwIBAgICMF8wCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMxNDdaFw0yNzEwMTcwOTMxNDdaMBIxEDAOBgNVBAMM
+B2R2YXNhcnkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATmLmWEigXn0jJrhSAmzQ3c
+oubMIzb0M3vwbA2gjfgME3dX924Ctxo1sO4xJg1XMd8R+hVzvdM+5ryXm17aQbA2
+opWYO6ZO9RiMnv8mjz4Ak7AUhE1D8AH6lW0y8kEOT16jgZYwgZMwCQYDVR0TBAIw
+ADAdBgNVHQ4EFgQUzRkxYPeKqz2pT8iDDbBa0OtpREswRQYDVR0jBD4wPIAUNPhc
+X7BPtuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc
+1Qe2VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI
+zj0EAwIDaAAwZQIxAMhyvWQdV9GH2Rzv6U96ybWAWPv/R1BDE+uATaur1puQZa5Y
+iEPaOla66iTAA0KmsQIwIvrFoH23l1Ra52UlagL4U5kIZF6pcCeEsAPf0TnJmrfK
+vmDVRSIYp8raVr0V1TBm
+-----END CERTIFICATE-----
+</cert>
+
+<key>
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDARoRvzkpzAcOI8m67x
+hCTeRoMbGd40xLhjrm+wAufAwpw3qqJe/LHNP12sOuEHbGihZANiAATmLmWEigXn
+0jJrhSAmzQ3coubMIzb0M3vwbA2gjfgME3dX924Ctxo1sO4xJg1XMd8R+hVzvdM+
+5ryXm17aQbA2opWYO6ZO9RiMnv8mjz4Ak7AUhE1D8AH6lW0y8kEOT14=
+-----END PRIVATE KEY-----
+</key>
+
+<tls-auth>
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+e2c3228e2b7b2e06ea31c36d88f0b025
+a43272d29c5e75ce0e0d848a22455f7f
+2fbbe2913630194ca637d987b9c9a62d
+4e68ce4cb9cc00a13475e749fdbf98c9
+cae6c8c4ef8e5b8bbf6d0cd30c217625
+382064df6f2fba84d572f0b462530549
+462ef72ebdf83b41bb1c25467d516938
+b9b82d3a5a6ba072c5ca7c1ed54500f1
+932f175f377cbf6a9250690eb36cf05b
+8d04c22756cb43d787d5c6efbbe78732
+02cdc11cf66cef8ccf0842f6f3de425a
+e0c1f29111e7aaf091b97b3958a35066
+94ba9f615b622339e6151314c6ea6014
+518c7ea5e064965985afab9a4bbba63e
+80fb88e0ab45db4f734c1650dcd01810
+c201d2efe838b414674643ce2d05fdab
+-----END OpenVPN Static key V1-----
+</tls-auth>
--- /dev/null
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server. #
+# #
+# This configuration can be used by multiple #
+# clients, however each client should have #
+# its own cert and key files. #
+# #
+# On Windows, you might want to rename this #
+# file so it has a .ovpn extension #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel
+# if you have more than one. On XP SP2,
+# you may need to disable the firewall
+# for the TAP adapter.
+;dev-node MyTap
+
+# Are we connecting to a TCP or
+# UDP server? Use the same setting as
+# on the server.
+;proto tcp
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote vpn.userrendszerhaz.hu 1194
+
+# Choose a random host from the remote
+# list for load-balancing. Otherwise
+# try hosts in the order specified.
+;remote-random
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server. Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Downgrade privileges after initialization (non-Windows only)
+user nobody
+group nobody
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# If you are connecting through an
+# HTTP proxy to reach the actual OpenVPN
+# server, put the proxy server/IP and
+# port number here. See the man page
+# if your proxy server requires
+# authentication.
+;http-proxy-retry # retry on connection failures
+;http-proxy [proxy server] [proxy port #]
+
+# Wireless networks often produce a lot
+# of duplicate packets. Set this flag
+# to silence duplicate packet warnings.
+;mute-replay-warnings
+
+# SSL/TLS parms.
+# See the server config file for more
+# description. It's best to use
+# a separate .crt/.key file pair
+# for each client. A single ca
+# file can be used for all clients.
+;ca ca.crt
+;cert client.crt
+;key client.key
+
+# Verify server certificate by checking that the
+# certicate has the correct key usage set.
+# This is an important precaution to protect against
+# a potential attack discussed here:
+# http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the keyUsage set to
+# digitalSignature, keyEncipherment
+# and the extendedKeyUsage to
+# serverAuth
+# EasyRSA can do this for you.
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+;tls-auth ta.key 1
+key-direction 1
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+# Note that v2.4 client/server will automatically
+# negotiate AES-256-GCM in TLS mode.
+# See also the ncp-cipher option in the manpage
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+#comp-lzo
+
+# Set log file verbosity.
+verb 3
+
+# Silence repeating messages
+;mute 20
+
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIB4zCCAWmgAwIBAgIJANzVB7ZWgM/zMAoGCCqGSM49BAMCMBUxEzARBgNVBAMM
+Ck9wZW5WUE4gQ0EwHhcNMTcxMDE5MDkyNjQ5WhcNMjcxMDE3MDkyNjQ5WjAVMRMw
+EQYDVQQDDApPcGVuVlBOIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZlRYMkM/
+C1BWwdhulSHhjowAkCXaAN8OUprngryT/qA/0Am+LYQmWdwNdef4ElhSTW4xaKQZ
+q4d36p1ygnf3lEKRQSkg2u/5mrTCBw1DEZOgg8CS1z4wTlttYqlido0Jo4GEMIGB
+MB0GA1UdDgQWBBQ0+FxfsE+24u9DitmrWHTQVshLzzBFBgNVHSMEPjA8gBQ0+Fxf
+sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV
+B7ZWgM/zMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA2gA
+MGUCMQCzheSmsBg4AbeGKqnuJ9P/uvgQOZcsgxls63EDhpirHcL/eJFGwpF2xj1p
+9AnWZfwCMGO/71WFApKPRJo6rFfpbqt3UG/ht2TKE59f2kXNlhW2DS0Vg4FnFRVa
++ARBv6orZw==
+-----END CERTIFICATE-----
+</ca>
+
+<cert>
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 13116 (0x333c)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:32:00 2017 GMT
+ Not After : Oct 17 09:32:00 2027 GMT
+ Subject: CN=fritter
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:2c:40:ec:81:89:ad:1b:ae:c8:1c:3e:5d:62:2f:
+ 5e:27:33:d2:42:ba:b9:6c:38:34:ea:90:d6:dd:10:
+ e6:b3:19:f5:02:4a:fe:8c:b4:77:cf:6f:c5:ab:81:
+ 82:88:3c:4e:9b:82:c3:22:c2:1f:c8:c7:53:af:18:
+ f9:9b:92:cf:18:51:8f:95:67:6b:04:9f:f4:95:b8:
+ 8b:1a:6a:d4:4c:23:c5:33:46:20:d2:e5:15:bf:bd:
+ af:1c:68:44:98:85:82
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ F6:A5:72:FC:DA:1E:8B:69:98:1A:0E:1E:21:31:3F:A3:CD:57:59:D2
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:31:00:ce:de:f9:f5:30:65:f1:0c:19:dd:a5:8d:42:
+ e7:b5:5b:66:96:45:7f:d2:00:de:d2:9f:7a:7d:cc:0a:a8:6e:
+ 0e:ce:f3:1a:4e:1e:33:50:48:9c:84:d4:47:47:d8:81:98:02:
+ 30:0b:13:67:f6:2a:d8:0d:86:2b:15:18:e5:41:f3:dc:3b:1c:
+ 15:a4:09:a6:82:03:d5:16:7e:4b:6b:0b:51:70:1a:01:92:e1:
+ 4f:61:58:1b:ed:b8:d9:17:90:78:70:85:bc
+-----BEGIN CERTIFICATE-----
+MIIB6zCCAXGgAwIBAgICMzwwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMyMDBaFw0yNzEwMTcwOTMyMDBaMBIxEDAOBgNVBAMM
+B2ZyaXR0ZXIwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQsQOyBia0brsgcPl1iL14n
+M9JCurlsODTqkNbdEOazGfUCSv6MtHfPb8WrgYKIPE6bgsMiwh/Ix1OvGPmbks8Y
+UY+VZ2sEn/SVuIsaatRMI8UzRiDS5RW/va8caESYhYKjgZYwgZMwCQYDVR0TBAIw
+ADAdBgNVHQ4EFgQU9qVy/Noei2mYGg4eITE/o81XWdIwRQYDVR0jBD4wPIAUNPhc
+X7BPtuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc
+1Qe2VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI
+zj0EAwIDaAAwZQIxAM7e+fUwZfEMGd2ljULntVtmlkV/0gDe0p96fcwKqG4OzvMa
+Th4zUEichNRHR9iBmAIwCxNn9irYDYYrFRjlQfPcOxwVpAmmggPVFn5LawtRcBoB
+kuFPYVgb7bjZF5B4cIW8
+-----END CERTIFICATE-----
+</cert>
+
+<key>
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDATa0Ldyit4RAnORuqq
+C4y/tAt7nJCaZkGnOsL7NE2V2iKSNyfQ0cH3go0Rb9db/i6hZANiAAQsQOyBia0b
+rsgcPl1iL14nM9JCurlsODTqkNbdEOazGfUCSv6MtHfPb8WrgYKIPE6bgsMiwh/I
+x1OvGPmbks8YUY+VZ2sEn/SVuIsaatRMI8UzRiDS5RW/va8caESYhYI=
+-----END PRIVATE KEY-----
+</key>
+
+<tls-auth>
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+e2c3228e2b7b2e06ea31c36d88f0b025
+a43272d29c5e75ce0e0d848a22455f7f
+2fbbe2913630194ca637d987b9c9a62d
+4e68ce4cb9cc00a13475e749fdbf98c9
+cae6c8c4ef8e5b8bbf6d0cd30c217625
+382064df6f2fba84d572f0b462530549
+462ef72ebdf83b41bb1c25467d516938
+b9b82d3a5a6ba072c5ca7c1ed54500f1
+932f175f377cbf6a9250690eb36cf05b
+8d04c22756cb43d787d5c6efbbe78732
+02cdc11cf66cef8ccf0842f6f3de425a
+e0c1f29111e7aaf091b97b3958a35066
+94ba9f615b622339e6151314c6ea6014
+518c7ea5e064965985afab9a4bbba63e
+80fb88e0ab45db4f734c1650dcd01810
+c201d2efe838b414674643ce2d05fdab
+-----END OpenVPN Static key V1-----
+</tls-auth>
--- /dev/null
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server. #
+# #
+# This configuration can be used by multiple #
+# clients, however each client should have #
+# its own cert and key files. #
+# #
+# On Windows, you might want to rename this #
+# file so it has a .ovpn extension #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel
+# if you have more than one. On XP SP2,
+# you may need to disable the firewall
+# for the TAP adapter.
+;dev-node MyTap
+
+# Are we connecting to a TCP or
+# UDP server? Use the same setting as
+# on the server.
+;proto tcp
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote vpn.userrendszerhaz.hu 1194
+
+# Choose a random host from the remote
+# list for load-balancing. Otherwise
+# try hosts in the order specified.
+;remote-random
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server. Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Downgrade privileges after initialization (non-Windows only)
+user nobody
+group nobody
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# If you are connecting through an
+# HTTP proxy to reach the actual OpenVPN
+# server, put the proxy server/IP and
+# port number here. See the man page
+# if your proxy server requires
+# authentication.
+;http-proxy-retry # retry on connection failures
+;http-proxy [proxy server] [proxy port #]
+
+# Wireless networks often produce a lot
+# of duplicate packets. Set this flag
+# to silence duplicate packet warnings.
+;mute-replay-warnings
+
+# SSL/TLS parms.
+# See the server config file for more
+# description. It's best to use
+# a separate .crt/.key file pair
+# for each client. A single ca
+# file can be used for all clients.
+;ca ca.crt
+;cert client.crt
+;key client.key
+
+# Verify server certificate by checking that the
+# certicate has the correct key usage set.
+# This is an important precaution to protect against
+# a potential attack discussed here:
+# http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the keyUsage set to
+# digitalSignature, keyEncipherment
+# and the extendedKeyUsage to
+# serverAuth
+# EasyRSA can do this for you.
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+;tls-auth ta.key 1
+key-direction 1
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+# Note that v2.4 client/server will automatically
+# negotiate AES-256-GCM in TLS mode.
+# See also the ncp-cipher option in the manpage
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+#comp-lzo
+
+# Set log file verbosity.
+verb 3
+
+# Silence repeating messages
+;mute 20
+
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIB4zCCAWmgAwIBAgIJANzVB7ZWgM/zMAoGCCqGSM49BAMCMBUxEzARBgNVBAMM
+Ck9wZW5WUE4gQ0EwHhcNMTcxMDE5MDkyNjQ5WhcNMjcxMDE3MDkyNjQ5WjAVMRMw
+EQYDVQQDDApPcGVuVlBOIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZlRYMkM/
+C1BWwdhulSHhjowAkCXaAN8OUprngryT/qA/0Am+LYQmWdwNdef4ElhSTW4xaKQZ
+q4d36p1ygnf3lEKRQSkg2u/5mrTCBw1DEZOgg8CS1z4wTlttYqlido0Jo4GEMIGB
+MB0GA1UdDgQWBBQ0+FxfsE+24u9DitmrWHTQVshLzzBFBgNVHSMEPjA8gBQ0+Fxf
+sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV
+B7ZWgM/zMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA2gA
+MGUCMQCzheSmsBg4AbeGKqnuJ9P/uvgQOZcsgxls63EDhpirHcL/eJFGwpF2xj1p
+9AnWZfwCMGO/71WFApKPRJo6rFfpbqt3UG/ht2TKE59f2kXNlhW2DS0Vg4FnFRVa
++ARBv6orZw==
+-----END CERTIFICATE-----
+</ca>
+
+<cert>
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 13057 (0x3301)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:32:15 2017 GMT
+ Not After : Oct 17 09:32:15 2027 GMT
+ Subject: CN=fschnell
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:53:8d:f8:f4:fd:5f:c9:b3:4c:57:f6:c4:93:7f:
+ 94:43:31:09:62:ca:ef:5a:d8:12:54:59:58:84:21:
+ aa:59:8b:5a:23:a9:b7:1b:e8:e6:e3:a6:76:14:75:
+ 45:c7:d5:0c:89:5c:e7:9e:f1:56:2a:6d:25:b8:30:
+ 6f:4a:dd:80:08:b0:a6:07:c8:98:d6:f3:0a:07:d9:
+ 60:d0:00:58:7f:f6:a5:6b:78:53:82:44:5a:81:01:
+ 54:18:6f:1b:f4:99:f9
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ C8:6F:89:82:1D:8F:8C:70:84:6F:E9:35:BD:92:9C:3E:56:DC:40:CD
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:66:02:31:00:f7:04:12:3d:b3:98:22:bc:aa:06:62:be:31:
+ ac:32:26:c9:80:1b:aa:17:e0:85:82:0b:14:b8:35:09:8f:e4:
+ 7c:2b:8f:82:a6:c2:08:9d:91:7a:43:19:30:a2:94:e6:2b:02:
+ 31:00:fb:61:02:d5:e4:9b:a8:a3:d9:5e:e6:cf:4e:8f:5c:17:
+ 4e:59:c4:20:78:bb:d6:2a:cc:8c:92:e5:78:aa:6b:2c:ce:db:
+ 94:46:86:16:76:14:ac:64:41:d1:78:d2:a9:ec
+-----BEGIN CERTIFICATE-----
+MIIB7TCCAXKgAwIBAgICMwEwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMyMTVaFw0yNzEwMTcwOTMyMTVaMBMxETAPBgNVBAMM
+CGZzY2huZWxsMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEU4349P1fybNMV/bEk3+U
+QzEJYsrvWtgSVFlYhCGqWYtaI6m3G+jm46Z2FHVFx9UMiVznnvFWKm0luDBvSt2A
+CLCmB8iY1vMKB9lg0ABYf/ala3hTgkRagQFUGG8b9Jn5o4GWMIGTMAkGA1UdEwQC
+MAAwHQYDVR0OBBYEFMhviYIdj4xwhG/pNb2SnD5W3EDNMEUGA1UdIwQ+MDyAFDT4
+XF+wT7bi70OK2atYdNBWyEvPoRmkFzAVMRMwEQYDVQQDDApPcGVuVlBOIENBggkA
+3NUHtlaAz/MwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqG
+SM49BAMCA2kAMGYCMQD3BBI9s5givKoGYr4xrDImyYAbqhfghYILFLg1CY/kfCuP
+gqbCCJ2RekMZMKKU5isCMQD7YQLV5Juoo9le5s9Oj1wXTlnEIHi71irMjJLleKpr
+LM7blEaGFnYUrGRB0XjSqew=
+-----END CERTIFICATE-----
+</cert>
+
+<key>
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAxNEO7csy6z8FIuKh0
+cUYc7KxGcFNiRb1U0ArLkuTxcFCMBar/1RbshVlrM6ecWQKhZANiAARTjfj0/V/J
+s0xX9sSTf5RDMQliyu9a2BJUWViEIapZi1ojqbcb6ObjpnYUdUXH1QyJXOee8VYq
+bSW4MG9K3YAIsKYHyJjW8woH2WDQAFh/9qVreFOCRFqBAVQYbxv0mfk=
+-----END PRIVATE KEY-----
+</key>
+
+<tls-auth>
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+e2c3228e2b7b2e06ea31c36d88f0b025
+a43272d29c5e75ce0e0d848a22455f7f
+2fbbe2913630194ca637d987b9c9a62d
+4e68ce4cb9cc00a13475e749fdbf98c9
+cae6c8c4ef8e5b8bbf6d0cd30c217625
+382064df6f2fba84d572f0b462530549
+462ef72ebdf83b41bb1c25467d516938
+b9b82d3a5a6ba072c5ca7c1ed54500f1
+932f175f377cbf6a9250690eb36cf05b
+8d04c22756cb43d787d5c6efbbe78732
+02cdc11cf66cef8ccf0842f6f3de425a
+e0c1f29111e7aaf091b97b3958a35066
+94ba9f615b622339e6151314c6ea6014
+518c7ea5e064965985afab9a4bbba63e
+80fb88e0ab45db4f734c1650dcd01810
+c201d2efe838b414674643ce2d05fdab
+-----END OpenVPN Static key V1-----
+</tls-auth>
--- /dev/null
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server. #
+# #
+# This configuration can be used by multiple #
+# clients, however each client should have #
+# its own cert and key files. #
+# #
+# On Windows, you might want to rename this #
+# file so it has a .ovpn extension #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel
+# if you have more than one. On XP SP2,
+# you may need to disable the firewall
+# for the TAP adapter.
+;dev-node MyTap
+
+# Are we connecting to a TCP or
+# UDP server? Use the same setting as
+# on the server.
+;proto tcp
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote vpn.userrendszerhaz.hu 1194
+
+# Choose a random host from the remote
+# list for load-balancing. Otherwise
+# try hosts in the order specified.
+;remote-random
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server. Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Downgrade privileges after initialization (non-Windows only)
+user nobody
+group nobody
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# If you are connecting through an
+# HTTP proxy to reach the actual OpenVPN
+# server, put the proxy server/IP and
+# port number here. See the man page
+# if your proxy server requires
+# authentication.
+;http-proxy-retry # retry on connection failures
+;http-proxy [proxy server] [proxy port #]
+
+# Wireless networks often produce a lot
+# of duplicate packets. Set this flag
+# to silence duplicate packet warnings.
+;mute-replay-warnings
+
+# SSL/TLS parms.
+# See the server config file for more
+# description. It's best to use
+# a separate .crt/.key file pair
+# for each client. A single ca
+# file can be used for all clients.
+;ca ca.crt
+;cert client.crt
+;key client.key
+
+# Verify server certificate by checking that the
+# certicate has the correct key usage set.
+# This is an important precaution to protect against
+# a potential attack discussed here:
+# http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the keyUsage set to
+# digitalSignature, keyEncipherment
+# and the extendedKeyUsage to
+# serverAuth
+# EasyRSA can do this for you.
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+;tls-auth ta.key 1
+key-direction 1
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+# Note that v2.4 client/server will automatically
+# negotiate AES-256-GCM in TLS mode.
+# See also the ncp-cipher option in the manpage
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+#comp-lzo
+
+# Set log file verbosity.
+verb 3
+
+# Silence repeating messages
+;mute 20
+
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIB4zCCAWmgAwIBAgIJANzVB7ZWgM/zMAoGCCqGSM49BAMCMBUxEzARBgNVBAMM
+Ck9wZW5WUE4gQ0EwHhcNMTcxMDE5MDkyNjQ5WhcNMjcxMDE3MDkyNjQ5WjAVMRMw
+EQYDVQQDDApPcGVuVlBOIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZlRYMkM/
+C1BWwdhulSHhjowAkCXaAN8OUprngryT/qA/0Am+LYQmWdwNdef4ElhSTW4xaKQZ
+q4d36p1ygnf3lEKRQSkg2u/5mrTCBw1DEZOgg8CS1z4wTlttYqlido0Jo4GEMIGB
+MB0GA1UdDgQWBBQ0+FxfsE+24u9DitmrWHTQVshLzzBFBgNVHSMEPjA8gBQ0+Fxf
+sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV
+B7ZWgM/zMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA2gA
+MGUCMQCzheSmsBg4AbeGKqnuJ9P/uvgQOZcsgxls63EDhpirHcL/eJFGwpF2xj1p
+9AnWZfwCMGO/71WFApKPRJo6rFfpbqt3UG/ht2TKE59f2kXNlhW2DS0Vg4FnFRVa
++ARBv6orZw==
+-----END CERTIFICATE-----
+</ca>
+
+<cert>
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 11182 (0x2bae)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:32:30 2017 GMT
+ Not After : Oct 17 09:32:30 2027 GMT
+ Subject: CN=khorvath
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:ab:61:3a:de:89:4e:0e:63:ea:c8:6b:98:1a:8b:
+ c4:f9:72:f4:bf:b2:0e:eb:94:ef:04:6c:a9:e4:78:
+ 53:f9:a8:af:6a:14:9b:27:e9:17:45:c7:f9:9e:e4:
+ d3:59:43:9c:13:c7:15:63:80:8e:aa:ac:fc:9a:55:
+ 59:64:7c:62:3d:2c:50:20:97:d1:c1:1e:22:94:53:
+ 74:4a:5f:30:fb:a0:3d:ba:e0:9d:2e:e2:70:af:73:
+ a5:c0:32:45:77:2e:20
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 1D:C8:C2:9E:05:CF:12:BB:33:C2:D9:24:C7:ED:A4:8D:86:23:75:CF
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:66:02:31:00:98:ba:ed:a5:45:71:05:76:b6:40:76:4e:a3:
+ 31:bd:38:7e:7d:0b:71:13:6f:1a:ee:58:1a:89:eb:ee:50:b2:
+ 86:2b:c6:4b:dc:8b:a5:ee:4b:c7:06:c9:65:55:10:7c:95:02:
+ 31:00:88:07:18:6d:65:2f:bf:79:42:d7:df:5c:88:f9:ff:81:
+ 8a:3d:25:80:8b:76:33:59:a9:28:20:82:30:40:67:88:49:34:
+ 51:f2:36:0a:22:49:2e:e5:d7:35:c3:4e:c8:2b
+-----BEGIN CERTIFICATE-----
+MIIB7TCCAXKgAwIBAgICK64wCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMyMzBaFw0yNzEwMTcwOTMyMzBaMBMxETAPBgNVBAMM
+CGtob3J2YXRoMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEq2E63olODmPqyGuYGovE
++XL0v7IO65TvBGyp5HhT+aivahSbJ+kXRcf5nuTTWUOcE8cVY4COqqz8mlVZZHxi
+PSxQIJfRwR4ilFN0Sl8w+6A9uuCdLuJwr3OlwDJFdy4go4GWMIGTMAkGA1UdEwQC
+MAAwHQYDVR0OBBYEFB3Iwp4FzxK7M8LZJMftpI2GI3XPMEUGA1UdIwQ+MDyAFDT4
+XF+wT7bi70OK2atYdNBWyEvPoRmkFzAVMRMwEQYDVQQDDApPcGVuVlBOIENBggkA
+3NUHtlaAz/MwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqG
+SM49BAMCA2kAMGYCMQCYuu2lRXEFdrZAdk6jMb04fn0LcRNvGu5YGonr7lCyhivG
+S9yLpe5LxwbJZVUQfJUCMQCIBxhtZS+/eULX31yI+f+Bij0lgIt2M1mpKCCCMEBn
+iEk0UfI2CiJJLuXXNcNOyCs=
+-----END CERTIFICATE-----
+</cert>
+
+<key>
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDA5CxtZG7mg0mVsbSQS
+QM45ehcXPIjeWufTSVmDFGXG3ON+mmjr/H7/N4yOY3Clj7+hZANiAASrYTreiU4O
+Y+rIa5gai8T5cvS/sg7rlO8EbKnkeFP5qK9qFJsn6RdFx/me5NNZQ5wTxxVjgI6q
+rPyaVVlkfGI9LFAgl9HBHiKUU3RKXzD7oD264J0u4nCvc6XAMkV3LiA=
+-----END PRIVATE KEY-----
+</key>
+
+<tls-auth>
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+e2c3228e2b7b2e06ea31c36d88f0b025
+a43272d29c5e75ce0e0d848a22455f7f
+2fbbe2913630194ca637d987b9c9a62d
+4e68ce4cb9cc00a13475e749fdbf98c9
+cae6c8c4ef8e5b8bbf6d0cd30c217625
+382064df6f2fba84d572f0b462530549
+462ef72ebdf83b41bb1c25467d516938
+b9b82d3a5a6ba072c5ca7c1ed54500f1
+932f175f377cbf6a9250690eb36cf05b
+8d04c22756cb43d787d5c6efbbe78732
+02cdc11cf66cef8ccf0842f6f3de425a
+e0c1f29111e7aaf091b97b3958a35066
+94ba9f615b622339e6151314c6ea6014
+518c7ea5e064965985afab9a4bbba63e
+80fb88e0ab45db4f734c1650dcd01810
+c201d2efe838b414674643ce2d05fdab
+-----END OpenVPN Static key V1-----
+</tls-auth>
--- /dev/null
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server. #
+# #
+# This configuration can be used by multiple #
+# clients, however each client should have #
+# its own cert and key files. #
+# #
+# On Windows, you might want to rename this #
+# file so it has a .ovpn extension #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel
+# if you have more than one. On XP SP2,
+# you may need to disable the firewall
+# for the TAP adapter.
+;dev-node MyTap
+
+# Are we connecting to a TCP or
+# UDP server? Use the same setting as
+# on the server.
+;proto tcp
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote vpn.userrendszerhaz.hu 1194
+
+# Choose a random host from the remote
+# list for load-balancing. Otherwise
+# try hosts in the order specified.
+;remote-random
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server. Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Downgrade privileges after initialization (non-Windows only)
+user nobody
+group nobody
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# If you are connecting through an
+# HTTP proxy to reach the actual OpenVPN
+# server, put the proxy server/IP and
+# port number here. See the man page
+# if your proxy server requires
+# authentication.
+;http-proxy-retry # retry on connection failures
+;http-proxy [proxy server] [proxy port #]
+
+# Wireless networks often produce a lot
+# of duplicate packets. Set this flag
+# to silence duplicate packet warnings.
+;mute-replay-warnings
+
+# SSL/TLS parms.
+# See the server config file for more
+# description. It's best to use
+# a separate .crt/.key file pair
+# for each client. A single ca
+# file can be used for all clients.
+;ca ca.crt
+;cert client.crt
+;key client.key
+
+# Verify server certificate by checking that the
+# certicate has the correct key usage set.
+# This is an important precaution to protect against
+# a potential attack discussed here:
+# http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the keyUsage set to
+# digitalSignature, keyEncipherment
+# and the extendedKeyUsage to
+# serverAuth
+# EasyRSA can do this for you.
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+;tls-auth ta.key 1
+key-direction 1
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+# Note that v2.4 client/server will automatically
+# negotiate AES-256-GCM in TLS mode.
+# See also the ncp-cipher option in the manpage
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+#comp-lzo
+
+# Set log file verbosity.
+verb 3
+
+# Silence repeating messages
+;mute 20
+
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIB4zCCAWmgAwIBAgIJANzVB7ZWgM/zMAoGCCqGSM49BAMCMBUxEzARBgNVBAMM
+Ck9wZW5WUE4gQ0EwHhcNMTcxMDE5MDkyNjQ5WhcNMjcxMDE3MDkyNjQ5WjAVMRMw
+EQYDVQQDDApPcGVuVlBOIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZlRYMkM/
+C1BWwdhulSHhjowAkCXaAN8OUprngryT/qA/0Am+LYQmWdwNdef4ElhSTW4xaKQZ
+q4d36p1ygnf3lEKRQSkg2u/5mrTCBw1DEZOgg8CS1z4wTlttYqlido0Jo4GEMIGB
+MB0GA1UdDgQWBBQ0+FxfsE+24u9DitmrWHTQVshLzzBFBgNVHSMEPjA8gBQ0+Fxf
+sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV
+B7ZWgM/zMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA2gA
+MGUCMQCzheSmsBg4AbeGKqnuJ9P/uvgQOZcsgxls63EDhpirHcL/eJFGwpF2xj1p
+9AnWZfwCMGO/71WFApKPRJo6rFfpbqt3UG/ht2TKE59f2kXNlhW2DS0Vg4FnFRVa
++ARBv6orZw==
+-----END CERTIFICATE-----
+</ca>
+
+<cert>
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 12916 (0x3274)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:32:40 2017 GMT
+ Not After : Oct 17 09:32:40 2027 GMT
+ Subject: CN=kkele
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:25:3e:a3:bd:c9:27:5e:ba:c6:30:68:0f:90:17:
+ 94:89:69:30:04:70:6a:ba:16:40:3d:04:08:ed:00:
+ 2d:a2:c4:45:aa:db:af:85:d2:a6:40:7b:69:85:bc:
+ cf:9a:41:66:0b:4d:1a:c4:82:53:b0:d1:cb:53:98:
+ 39:90:11:11:5e:e7:98:a7:b3:71:31:b1:55:be:07:
+ ef:ed:6a:e7:dc:e9:38:fd:03:fc:d5:52:ed:a8:da:
+ de:88:22:6d:c2:80:0a
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 05:94:51:39:17:98:AD:AD:A6:A0:4D:7F:79:9C:81:1F:3C:BB:8A:88
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:64:02:30:6c:81:f6:f7:47:45:a0:a2:2b:20:6f:2c:22:7d:
+ 40:79:45:2a:66:9e:04:5d:75:b9:d9:f9:a7:98:c8:81:c9:6e:
+ bd:9c:35:e8:67:2c:9c:2f:52:62:3c:b4:5f:4a:33:68:02:30:
+ 72:86:06:98:6e:ab:ff:2e:00:0d:20:1a:35:1f:86:33:ed:7c:
+ 36:31:69:89:98:6e:3e:22:39:71:c3:e3:62:26:20:aa:56:77:
+ 5f:1e:e3:60:45:dd:37:ca:6b:4f:f6:66
+-----BEGIN CERTIFICATE-----
+MIIB6DCCAW+gAwIBAgICMnQwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMyNDBaFw0yNzEwMTcwOTMyNDBaMBAxDjAMBgNVBAMM
+BWtrZWxlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEJT6jvcknXrrGMGgPkBeUiWkw
+BHBquhZAPQQI7QAtosRFqtuvhdKmQHtphbzPmkFmC00axIJTsNHLU5g5kBERXueY
+p7NxMbFVvgfv7Wrn3Ok4/QP81VLtqNreiCJtwoAKo4GWMIGTMAkGA1UdEwQCMAAw
+HQYDVR0OBBYEFAWUUTkXmK2tpqBNf3mcgR88u4qIMEUGA1UdIwQ+MDyAFDT4XF+w
+T7bi70OK2atYdNBWyEvPoRmkFzAVMRMwEQYDVQQDDApPcGVuVlBOIENBggkA3NUH
+tlaAz/MwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49
+BAMCA2cAMGQCMGyB9vdHRaCiKyBvLCJ9QHlFKmaeBF11udn5p5jIgcluvZw16Gcs
+nC9SYjy0X0ozaAIwcoYGmG6r/y4ADSAaNR+GM+18NjFpiZhuPiI5ccPjYiYgqlZ3
+Xx7jYEXdN8prT/Zm
+-----END CERTIFICATE-----
+</cert>
+
+<key>
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDApjJ+iDz8X3qtoQVtC
+jUgcydPDcz6VjstIZ5PGAsYw1QiWbC+7OvnEy+oMETvEzxahZANiAAQlPqO9ySde
+usYwaA+QF5SJaTAEcGq6FkA9BAjtAC2ixEWq26+F0qZAe2mFvM+aQWYLTRrEglOw
+0ctTmDmQERFe55ins3ExsVW+B+/taufc6Tj9A/zVUu2o2t6IIm3CgAo=
+-----END PRIVATE KEY-----
+</key>
+
+<tls-auth>
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+e2c3228e2b7b2e06ea31c36d88f0b025
+a43272d29c5e75ce0e0d848a22455f7f
+2fbbe2913630194ca637d987b9c9a62d
+4e68ce4cb9cc00a13475e749fdbf98c9
+cae6c8c4ef8e5b8bbf6d0cd30c217625
+382064df6f2fba84d572f0b462530549
+462ef72ebdf83b41bb1c25467d516938
+b9b82d3a5a6ba072c5ca7c1ed54500f1
+932f175f377cbf6a9250690eb36cf05b
+8d04c22756cb43d787d5c6efbbe78732
+02cdc11cf66cef8ccf0842f6f3de425a
+e0c1f29111e7aaf091b97b3958a35066
+94ba9f615b622339e6151314c6ea6014
+518c7ea5e064965985afab9a4bbba63e
+80fb88e0ab45db4f734c1650dcd01810
+c201d2efe838b414674643ce2d05fdab
+-----END OpenVPN Static key V1-----
+</tls-auth>
--- /dev/null
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server. #
+# #
+# This configuration can be used by multiple #
+# clients, however each client should have #
+# its own cert and key files. #
+# #
+# On Windows, you might want to rename this #
+# file so it has a .ovpn extension #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel
+# if you have more than one. On XP SP2,
+# you may need to disable the firewall
+# for the TAP adapter.
+;dev-node MyTap
+
+# Are we connecting to a TCP or
+# UDP server? Use the same setting as
+# on the server.
+;proto tcp
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote vpn.userrendszerhaz.hu 1194
+
+# Choose a random host from the remote
+# list for load-balancing. Otherwise
+# try hosts in the order specified.
+;remote-random
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server. Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Downgrade privileges after initialization (non-Windows only)
+user nobody
+group nobody
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# If you are connecting through an
+# HTTP proxy to reach the actual OpenVPN
+# server, put the proxy server/IP and
+# port number here. See the man page
+# if your proxy server requires
+# authentication.
+;http-proxy-retry # retry on connection failures
+;http-proxy [proxy server] [proxy port #]
+
+# Wireless networks often produce a lot
+# of duplicate packets. Set this flag
+# to silence duplicate packet warnings.
+;mute-replay-warnings
+
+# SSL/TLS parms.
+# See the server config file for more
+# description. It's best to use
+# a separate .crt/.key file pair
+# for each client. A single ca
+# file can be used for all clients.
+;ca ca.crt
+;cert client.crt
+;key client.key
+
+# Verify server certificate by checking that the
+# certicate has the correct key usage set.
+# This is an important precaution to protect against
+# a potential attack discussed here:
+# http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the keyUsage set to
+# digitalSignature, keyEncipherment
+# and the extendedKeyUsage to
+# serverAuth
+# EasyRSA can do this for you.
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+;tls-auth ta.key 1
+key-direction 1
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+# Note that v2.4 client/server will automatically
+# negotiate AES-256-GCM in TLS mode.
+# See also the ncp-cipher option in the manpage
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+#comp-lzo
+
+# Set log file verbosity.
+verb 3
+
+# Silence repeating messages
+;mute 20
+
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIB4zCCAWmgAwIBAgIJANzVB7ZWgM/zMAoGCCqGSM49BAMCMBUxEzARBgNVBAMM
+Ck9wZW5WUE4gQ0EwHhcNMTcxMDE5MDkyNjQ5WhcNMjcxMDE3MDkyNjQ5WjAVMRMw
+EQYDVQQDDApPcGVuVlBOIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZlRYMkM/
+C1BWwdhulSHhjowAkCXaAN8OUprngryT/qA/0Am+LYQmWdwNdef4ElhSTW4xaKQZ
+q4d36p1ygnf3lEKRQSkg2u/5mrTCBw1DEZOgg8CS1z4wTlttYqlido0Jo4GEMIGB
+MB0GA1UdDgQWBBQ0+FxfsE+24u9DitmrWHTQVshLzzBFBgNVHSMEPjA8gBQ0+Fxf
+sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV
+B7ZWgM/zMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA2gA
+MGUCMQCzheSmsBg4AbeGKqnuJ9P/uvgQOZcsgxls63EDhpirHcL/eJFGwpF2xj1p
+9AnWZfwCMGO/71WFApKPRJo6rFfpbqt3UG/ht2TKE59f2kXNlhW2DS0Vg4FnFRVa
++ARBv6orZw==
+-----END CERTIFICATE-----
+</ca>
+
+<cert>
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 11701 (0x2db5)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:32:51 2017 GMT
+ Not After : Oct 17 09:32:51 2027 GMT
+ Subject: CN=kschaffer
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:fc:5e:b3:e4:29:34:b3:d0:28:23:12:b9:4a:aa:
+ 85:61:2a:cd:16:9b:f9:38:dc:06:32:b1:39:0f:89:
+ 9f:df:aa:6e:1c:70:99:db:e9:aa:5d:21:eb:f6:6d:
+ 8f:e6:6b:25:bd:f6:e6:48:2f:75:ee:16:10:a5:e5:
+ 54:d7:32:7e:6e:26:1d:c2:8e:78:80:9e:69:3f:50:
+ 38:36:43:36:42:95:f5:42:b3:22:2f:6c:8b:bd:ca:
+ 2c:40:ea:3f:84:ce:be
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ B6:58:C0:94:45:C5:AC:E8:0A:30:D5:FA:15:AB:DC:7C:53:DC:88:06
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:66:02:31:00:95:e3:da:70:d6:17:f5:85:18:a7:2d:db:31:
+ 5d:22:a2:98:9a:24:8f:15:75:a6:60:2f:5a:67:46:bc:14:cc:
+ 38:d2:bc:b8:dd:f1:0d:4c:15:45:37:0f:cb:79:3e:d8:32:02:
+ 31:00:95:0d:83:ef:33:b0:da:d2:bc:ba:99:27:10:c0:fc:b2:
+ 9d:31:d7:e8:60:95:0a:0e:59:df:92:59:86:70:cc:7f:64:94:
+ 76:df:f7:1f:b9:5c:e2:14:85:9c:61:76:b0:cb
+-----BEGIN CERTIFICATE-----
+MIIB7jCCAXOgAwIBAgICLbUwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMyNTFaFw0yNzEwMTcwOTMyNTFaMBQxEjAQBgNVBAMM
+CWtzY2hhZmZlcjB2MBAGByqGSM49AgEGBSuBBAAiA2IABPxes+QpNLPQKCMSuUqq
+hWEqzRab+TjcBjKxOQ+Jn9+qbhxwmdvpql0h6/Ztj+ZrJb325kgvde4WEKXlVNcy
+fm4mHcKOeICeaT9QODZDNkKV9UKzIi9si73KLEDqP4TOvqOBljCBkzAJBgNVHRME
+AjAAMB0GA1UdDgQWBBS2WMCURcWs6Aow1foVq9x8U9yIBjBFBgNVHSMEPjA8gBQ0
++FxfsE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJ
+ANzVB7ZWgM/zMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggq
+hkjOPQQDAgNpADBmAjEAlePacNYX9YUYpy3bMV0iopiaJI8VdaZgL1pnRrwUzDjS
+vLjd8Q1MFUU3D8t5PtgyAjEAlQ2D7zOw2tK8upknEMD8sp0x1+hglQoOWd+SWYZw
+zH9klHbf9x+5XOIUhZxhdrDL
+-----END CERTIFICATE-----
+</cert>
+
+<key>
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAGMS95Xt2w9eVSEIRz
+QiRQPN5zL1INxTsHy5flZSBvIe/1++f8Il+/vhSssmQeeBmhZANiAAT8XrPkKTSz
+0CgjErlKqoVhKs0Wm/k43AYysTkPiZ/fqm4ccJnb6apdIev2bY/mayW99uZIL3Xu
+FhCl5VTXMn5uJh3CjniAnmk/UDg2QzZClfVCsyIvbIu9yixA6j+Ezr4=
+-----END PRIVATE KEY-----
+</key>
+
+<tls-auth>
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+e2c3228e2b7b2e06ea31c36d88f0b025
+a43272d29c5e75ce0e0d848a22455f7f
+2fbbe2913630194ca637d987b9c9a62d
+4e68ce4cb9cc00a13475e749fdbf98c9
+cae6c8c4ef8e5b8bbf6d0cd30c217625
+382064df6f2fba84d572f0b462530549
+462ef72ebdf83b41bb1c25467d516938
+b9b82d3a5a6ba072c5ca7c1ed54500f1
+932f175f377cbf6a9250690eb36cf05b
+8d04c22756cb43d787d5c6efbbe78732
+02cdc11cf66cef8ccf0842f6f3de425a
+e0c1f29111e7aaf091b97b3958a35066
+94ba9f615b622339e6151314c6ea6014
+518c7ea5e064965985afab9a4bbba63e
+80fb88e0ab45db4f734c1650dcd01810
+c201d2efe838b414674643ce2d05fdab
+-----END OpenVPN Static key V1-----
+</tls-auth>
--- /dev/null
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server. #
+# #
+# This configuration can be used by multiple #
+# clients, however each client should have #
+# its own cert and key files. #
+# #
+# On Windows, you might want to rename this #
+# file so it has a .ovpn extension #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel
+# if you have more than one. On XP SP2,
+# you may need to disable the firewall
+# for the TAP adapter.
+;dev-node MyTap
+
+# Are we connecting to a TCP or
+# UDP server? Use the same setting as
+# on the server.
+;proto tcp
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote vpn.userrendszerhaz.hu 1194
+
+# Choose a random host from the remote
+# list for load-balancing. Otherwise
+# try hosts in the order specified.
+;remote-random
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server. Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Downgrade privileges after initialization (non-Windows only)
+user nobody
+group nobody
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# If you are connecting through an
+# HTTP proxy to reach the actual OpenVPN
+# server, put the proxy server/IP and
+# port number here. See the man page
+# if your proxy server requires
+# authentication.
+;http-proxy-retry # retry on connection failures
+;http-proxy [proxy server] [proxy port #]
+
+# Wireless networks often produce a lot
+# of duplicate packets. Set this flag
+# to silence duplicate packet warnings.
+;mute-replay-warnings
+
+# SSL/TLS parms.
+# See the server config file for more
+# description. It's best to use
+# a separate .crt/.key file pair
+# for each client. A single ca
+# file can be used for all clients.
+;ca ca.crt
+;cert client.crt
+;key client.key
+
+# Verify server certificate by checking that the
+# certicate has the correct key usage set.
+# This is an important precaution to protect against
+# a potential attack discussed here:
+# http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the keyUsage set to
+# digitalSignature, keyEncipherment
+# and the extendedKeyUsage to
+# serverAuth
+# EasyRSA can do this for you.
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+;tls-auth ta.key 1
+key-direction 1
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+# Note that v2.4 client/server will automatically
+# negotiate AES-256-GCM in TLS mode.
+# See also the ncp-cipher option in the manpage
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+#comp-lzo
+
+# Set log file verbosity.
+verb 3
+
+# Silence repeating messages
+;mute 20
+
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIB4zCCAWmgAwIBAgIJANzVB7ZWgM/zMAoGCCqGSM49BAMCMBUxEzARBgNVBAMM
+Ck9wZW5WUE4gQ0EwHhcNMTcxMDE5MDkyNjQ5WhcNMjcxMDE3MDkyNjQ5WjAVMRMw
+EQYDVQQDDApPcGVuVlBOIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZlRYMkM/
+C1BWwdhulSHhjowAkCXaAN8OUprngryT/qA/0Am+LYQmWdwNdef4ElhSTW4xaKQZ
+q4d36p1ygnf3lEKRQSkg2u/5mrTCBw1DEZOgg8CS1z4wTlttYqlido0Jo4GEMIGB
+MB0GA1UdDgQWBBQ0+FxfsE+24u9DitmrWHTQVshLzzBFBgNVHSMEPjA8gBQ0+Fxf
+sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV
+B7ZWgM/zMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA2gA
+MGUCMQCzheSmsBg4AbeGKqnuJ9P/uvgQOZcsgxls63EDhpirHcL/eJFGwpF2xj1p
+9AnWZfwCMGO/71WFApKPRJo6rFfpbqt3UG/ht2TKE59f2kXNlhW2DS0Vg4FnFRVa
++ARBv6orZw==
+-----END CERTIFICATE-----
+</ca>
+
+<cert>
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 13129 (0x3349)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:33:02 2017 GMT
+ Not After : Oct 17 09:33:02 2027 GMT
+ Subject: CN=mszabo
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:69:c0:86:27:a1:fa:74:2a:18:21:dc:d4:d1:4b:
+ b3:6e:d5:16:06:b7:50:8d:3a:5c:86:ea:b9:25:84:
+ bd:4e:65:d9:7c:33:13:8e:63:64:cb:70:39:3a:ac:
+ a5:d0:68:4d:f5:aa:f1:56:8c:55:11:26:d3:c3:c0:
+ 4a:10:78:35:7d:ba:56:f6:9a:f5:af:3d:6b:be:ad:
+ e7:e2:9c:0e:ec:42:b2:49:e3:f8:d6:36:0d:dd:56:
+ fb:e3:c0:7d:34:e5:2e
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 28:55:A2:FF:1C:FC:9B:E2:22:C8:45:93:ED:DE:A6:8E:50:A6:86:0A
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:66:02:31:00:9e:5f:d5:2d:55:0f:44:fa:9f:67:9b:eb:11:
+ a9:ef:a4:7e:2e:f1:c7:a4:99:11:d3:b3:05:30:bb:80:a9:0e:
+ 0d:b4:57:30:a4:4b:c4:94:49:9e:f9:7a:b6:07:7a:02:02:02:
+ 31:00:81:c9:96:28:0f:c6:47:84:e1:a2:86:17:a1:f3:c1:39:
+ 55:ca:a9:ce:8c:fc:e9:ea:70:a9:de:be:8c:83:e5:25:1a:cf:
+ 30:cb:f9:51:b5:3b:59:7d:15:df:9d:f2:2a:4f
+-----BEGIN CERTIFICATE-----
+MIIB6zCCAXCgAwIBAgICM0kwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMzMDJaFw0yNzEwMTcwOTMzMDJaMBExDzANBgNVBAMM
+Bm1zemFibzB2MBAGByqGSM49AgEGBSuBBAAiA2IABGnAhieh+nQqGCHc1NFLs27V
+Fga3UI06XIbquSWEvU5l2XwzE45jZMtwOTqspdBoTfWq8VaMVREm08PAShB4NX26
+Vvaa9a89a76t5+KcDuxCsknj+NY2Dd1W++PAfTTlLqOBljCBkzAJBgNVHRMEAjAA
+MB0GA1UdDgQWBBQoVaL/HPyb4iLIRZPt3qaOUKaGCjBFBgNVHSMEPjA8gBQ0+Fxf
+sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV
+B7ZWgM/zMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjO
+PQQDAgNpADBmAjEAnl/VLVUPRPqfZ5vrEanvpH4u8cekmRHTswUwu4CpDg20VzCk
+S8SUSZ75erYHegICAjEAgcmWKA/GR4ThooYXofPBOVXKqc6M/OnqcKnevoyD5SUa
+zzDL+VG1O1l9Fd+d8ipP
+-----END CERTIFICATE-----
+</cert>
+
+<key>
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCDTjabyjcmnlfQF/VI
+cCppGo1RnOkZwbaw9uxuZt11AY9YidT/5HW7aKo/U8ie4cGhZANiAARpwIYnofp0
+Khgh3NTRS7Nu1RYGt1CNOlyG6rklhL1OZdl8MxOOY2TLcDk6rKXQaE31qvFWjFUR
+JtPDwEoQeDV9ulb2mvWvPWu+refinA7sQrJJ4/jWNg3dVvvjwH005S4=
+-----END PRIVATE KEY-----
+</key>
+
+<tls-auth>
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+e2c3228e2b7b2e06ea31c36d88f0b025
+a43272d29c5e75ce0e0d848a22455f7f
+2fbbe2913630194ca637d987b9c9a62d
+4e68ce4cb9cc00a13475e749fdbf98c9
+cae6c8c4ef8e5b8bbf6d0cd30c217625
+382064df6f2fba84d572f0b462530549
+462ef72ebdf83b41bb1c25467d516938
+b9b82d3a5a6ba072c5ca7c1ed54500f1
+932f175f377cbf6a9250690eb36cf05b
+8d04c22756cb43d787d5c6efbbe78732
+02cdc11cf66cef8ccf0842f6f3de425a
+e0c1f29111e7aaf091b97b3958a35066
+94ba9f615b622339e6151314c6ea6014
+518c7ea5e064965985afab9a4bbba63e
+80fb88e0ab45db4f734c1650dcd01810
+c201d2efe838b414674643ce2d05fdab
+-----END OpenVPN Static key V1-----
+</tls-auth>
--- /dev/null
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server. #
+# #
+# This configuration can be used by multiple #
+# clients, however each client should have #
+# its own cert and key files. #
+# #
+# On Windows, you might want to rename this #
+# file so it has a .ovpn extension #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel
+# if you have more than one. On XP SP2,
+# you may need to disable the firewall
+# for the TAP adapter.
+;dev-node MyTap
+
+# Are we connecting to a TCP or
+# UDP server? Use the same setting as
+# on the server.
+;proto tcp
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote vpn.userrendszerhaz.hu 1194
+
+# Choose a random host from the remote
+# list for load-balancing. Otherwise
+# try hosts in the order specified.
+;remote-random
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server. Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Downgrade privileges after initialization (non-Windows only)
+user nobody
+group nobody
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# If you are connecting through an
+# HTTP proxy to reach the actual OpenVPN
+# server, put the proxy server/IP and
+# port number here. See the man page
+# if your proxy server requires
+# authentication.
+;http-proxy-retry # retry on connection failures
+;http-proxy [proxy server] [proxy port #]
+
+# Wireless networks often produce a lot
+# of duplicate packets. Set this flag
+# to silence duplicate packet warnings.
+;mute-replay-warnings
+
+# SSL/TLS parms.
+# See the server config file for more
+# description. It's best to use
+# a separate .crt/.key file pair
+# for each client. A single ca
+# file can be used for all clients.
+;ca ca.crt
+;cert client.crt
+;key client.key
+
+# Verify server certificate by checking that the
+# certicate has the correct key usage set.
+# This is an important precaution to protect against
+# a potential attack discussed here:
+# http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the keyUsage set to
+# digitalSignature, keyEncipherment
+# and the extendedKeyUsage to
+# serverAuth
+# EasyRSA can do this for you.
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+;tls-auth ta.key 1
+key-direction 1
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+# Note that v2.4 client/server will automatically
+# negotiate AES-256-GCM in TLS mode.
+# See also the ncp-cipher option in the manpage
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+#comp-lzo
+
+# Set log file verbosity.
+verb 3
+
+# Silence repeating messages
+;mute 20
+
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIB4zCCAWmgAwIBAgIJANzVB7ZWgM/zMAoGCCqGSM49BAMCMBUxEzARBgNVBAMM
+Ck9wZW5WUE4gQ0EwHhcNMTcxMDE5MDkyNjQ5WhcNMjcxMDE3MDkyNjQ5WjAVMRMw
+EQYDVQQDDApPcGVuVlBOIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZlRYMkM/
+C1BWwdhulSHhjowAkCXaAN8OUprngryT/qA/0Am+LYQmWdwNdef4ElhSTW4xaKQZ
+q4d36p1ygnf3lEKRQSkg2u/5mrTCBw1DEZOgg8CS1z4wTlttYqlido0Jo4GEMIGB
+MB0GA1UdDgQWBBQ0+FxfsE+24u9DitmrWHTQVshLzzBFBgNVHSMEPjA8gBQ0+Fxf
+sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV
+B7ZWgM/zMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA2gA
+MGUCMQCzheSmsBg4AbeGKqnuJ9P/uvgQOZcsgxls63EDhpirHcL/eJFGwpF2xj1p
+9AnWZfwCMGO/71WFApKPRJo6rFfpbqt3UG/ht2TKE59f2kXNlhW2DS0Vg4FnFRVa
++ARBv6orZw==
+-----END CERTIFICATE-----
+</ca>
+
+<cert>
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 11776 (0x2e00)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:33:17 2017 GMT
+ Not After : Oct 17 09:33:17 2027 GMT
+ Subject: CN=ptombor
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:b0:7a:62:43:10:8b:4b:ae:3e:13:cb:10:b3:8c:
+ 85:4d:bb:74:df:61:bb:2b:0a:08:fb:15:e2:85:09:
+ 05:ee:8f:f4:65:43:4b:fe:ef:3c:58:ac:06:11:e8:
+ e4:d4:eb:7c:e3:dd:41:e0:24:f7:19:07:ee:48:fd:
+ 69:96:74:1e:fa:f2:b9:15:41:c8:70:64:53:7d:70:
+ 0a:46:f0:fe:f1:63:73:cc:bc:bc:e0:68:0d:e9:82:
+ 52:f3:19:53:a4:13:cd
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 5C:60:32:8A:63:F9:49:95:B7:4E:5E:28:41:CB:E2:EB:38:47:A7:76
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:64:02:30:35:ab:49:b6:56:25:02:8f:d8:fe:85:29:52:dd:
+ bb:ed:4f:52:83:1b:7b:09:ff:29:c3:18:84:48:04:df:34:dd:
+ fd:19:a4:93:cb:29:bd:6f:e5:83:ec:d7:6a:17:99:02:02:30:
+ 63:e7:11:4d:c2:f0:b7:50:50:d1:20:c1:9f:d8:27:a8:fd:dd:
+ a1:57:c4:9a:cd:e4:ff:93:36:e4:32:a7:59:51:24:7b:f3:17:
+ ff:49:2d:b6:82:da:a1:f9:bf:dc:35:29
+-----BEGIN CERTIFICATE-----
+MIIB6jCCAXGgAwIBAgICLgAwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMzMTdaFw0yNzEwMTcwOTMzMTdaMBIxEDAOBgNVBAMM
+B3B0b21ib3IwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASwemJDEItLrj4TyxCzjIVN
+u3TfYbsrCgj7FeKFCQXuj/RlQ0v+7zxYrAYR6OTU63zj3UHgJPcZB+5I/WmWdB76
+8rkVQchwZFN9cApG8P7xY3PMvLzgaA3pglLzGVOkE82jgZYwgZMwCQYDVR0TBAIw
+ADAdBgNVHQ4EFgQUXGAyimP5SZW3Tl4oQcvi6zhHp3YwRQYDVR0jBD4wPIAUNPhc
+X7BPtuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc
+1Qe2VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI
+zj0EAwIDZwAwZAIwNatJtlYlAo/Y/oUpUt277U9Sgxt7Cf8pwxiESATfNN39GaST
+yym9b+WD7NdqF5kCAjBj5xFNwvC3UFDRIMGf2Ceo/d2hV8SazeT/kzbkMqdZUSR7
+8xf/SS22gtqh+b/cNSk=
+-----END CERTIFICATE-----
+</cert>
+
+<key>
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAWd4gq0fjrX6niP1sy
+BWNPL4IH/XsTCC6H7YzbUq3G6/m5B67/P6TLidyEjKAdx1WhZANiAASwemJDEItL
+rj4TyxCzjIVNu3TfYbsrCgj7FeKFCQXuj/RlQ0v+7zxYrAYR6OTU63zj3UHgJPcZ
+B+5I/WmWdB768rkVQchwZFN9cApG8P7xY3PMvLzgaA3pglLzGVOkE80=
+-----END PRIVATE KEY-----
+</key>
+
+<tls-auth>
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+e2c3228e2b7b2e06ea31c36d88f0b025
+a43272d29c5e75ce0e0d848a22455f7f
+2fbbe2913630194ca637d987b9c9a62d
+4e68ce4cb9cc00a13475e749fdbf98c9
+cae6c8c4ef8e5b8bbf6d0cd30c217625
+382064df6f2fba84d572f0b462530549
+462ef72ebdf83b41bb1c25467d516938
+b9b82d3a5a6ba072c5ca7c1ed54500f1
+932f175f377cbf6a9250690eb36cf05b
+8d04c22756cb43d787d5c6efbbe78732
+02cdc11cf66cef8ccf0842f6f3de425a
+e0c1f29111e7aaf091b97b3958a35066
+94ba9f615b622339e6151314c6ea6014
+518c7ea5e064965985afab9a4bbba63e
+80fb88e0ab45db4f734c1650dcd01810
+c201d2efe838b414674643ce2d05fdab
+-----END OpenVPN Static key V1-----
+</tls-auth>
--- /dev/null
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server. #
+# #
+# This configuration can be used by multiple #
+# clients, however each client should have #
+# its own cert and key files. #
+# #
+# On Windows, you might want to rename this #
+# file so it has a .ovpn extension #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel
+# if you have more than one. On XP SP2,
+# you may need to disable the firewall
+# for the TAP adapter.
+;dev-node MyTap
+
+# Are we connecting to a TCP or
+# UDP server? Use the same setting as
+# on the server.
+;proto tcp
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote vpn.userrendszerhaz.hu 1194
+
+# Choose a random host from the remote
+# list for load-balancing. Otherwise
+# try hosts in the order specified.
+;remote-random
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server. Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Downgrade privileges after initialization (non-Windows only)
+user nobody
+group nobody
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# If you are connecting through an
+# HTTP proxy to reach the actual OpenVPN
+# server, put the proxy server/IP and
+# port number here. See the man page
+# if your proxy server requires
+# authentication.
+;http-proxy-retry # retry on connection failures
+;http-proxy [proxy server] [proxy port #]
+
+# Wireless networks often produce a lot
+# of duplicate packets. Set this flag
+# to silence duplicate packet warnings.
+;mute-replay-warnings
+
+# SSL/TLS parms.
+# See the server config file for more
+# description. It's best to use
+# a separate .crt/.key file pair
+# for each client. A single ca
+# file can be used for all clients.
+;ca ca.crt
+;cert client.crt
+;key client.key
+
+# Verify server certificate by checking that the
+# certicate has the correct key usage set.
+# This is an important precaution to protect against
+# a potential attack discussed here:
+# http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the keyUsage set to
+# digitalSignature, keyEncipherment
+# and the extendedKeyUsage to
+# serverAuth
+# EasyRSA can do this for you.
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+;tls-auth ta.key 1
+key-direction 1
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+# Note that v2.4 client/server will automatically
+# negotiate AES-256-GCM in TLS mode.
+# See also the ncp-cipher option in the manpage
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+#comp-lzo
+
+# Set log file verbosity.
+verb 3
+
+# Silence repeating messages
+;mute 20
+
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIB4zCCAWmgAwIBAgIJANzVB7ZWgM/zMAoGCCqGSM49BAMCMBUxEzARBgNVBAMM
+Ck9wZW5WUE4gQ0EwHhcNMTcxMDE5MDkyNjQ5WhcNMjcxMDE3MDkyNjQ5WjAVMRMw
+EQYDVQQDDApPcGVuVlBOIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZlRYMkM/
+C1BWwdhulSHhjowAkCXaAN8OUprngryT/qA/0Am+LYQmWdwNdef4ElhSTW4xaKQZ
+q4d36p1ygnf3lEKRQSkg2u/5mrTCBw1DEZOgg8CS1z4wTlttYqlido0Jo4GEMIGB
+MB0GA1UdDgQWBBQ0+FxfsE+24u9DitmrWHTQVshLzzBFBgNVHSMEPjA8gBQ0+Fxf
+sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV
+B7ZWgM/zMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA2gA
+MGUCMQCzheSmsBg4AbeGKqnuJ9P/uvgQOZcsgxls63EDhpirHcL/eJFGwpF2xj1p
+9AnWZfwCMGO/71WFApKPRJo6rFfpbqt3UG/ht2TKE59f2kXNlhW2DS0Vg4FnFRVa
++ARBv6orZw==
+-----END CERTIFICATE-----
+</ca>
+
+<cert>
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 13289 (0x33e9)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:34:00 2017 GMT
+ Not After : Oct 17 09:34:00 2027 GMT
+ Subject: CN=qqcs
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:9a:b6:99:d8:c9:2c:92:54:2a:9c:58:a3:1a:87:
+ 7c:d3:90:4b:31:09:71:9a:65:6f:9e:04:8f:52:dc:
+ 13:23:0f:d0:43:6f:6f:cd:87:1b:f6:43:e1:b8:45:
+ e2:c2:21:e2:c1:ca:13:f8:5c:d4:7c:44:c4:8e:d2:
+ d8:d4:c2:5e:76:89:93:1b:74:37:88:2e:c3:1e:3e:
+ 80:b2:d0:2f:62:44:a6:cb:73:20:67:94:ed:b1:0a:
+ 64:40:71:64:22:f8:6a
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ AA:02:0F:AC:73:99:75:38:B2:AA:0C:93:26:26:1C:16:CB:8E:0F:C6
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:30:21:83:0b:d3:2f:23:d3:94:5b:ec:f8:39:ab:eb:
+ 8c:2b:d3:2d:d3:8c:02:91:c9:aa:27:43:94:2f:0b:4c:0a:3d:
+ d3:5e:4e:f7:ce:00:a6:64:27:50:59:23:1c:ce:29:77:02:31:
+ 00:cf:63:11:48:62:02:45:7c:4a:e2:b8:41:3a:28:9b:dc:24:
+ c1:6e:04:19:fb:a5:0f:c0:46:85:ec:9c:c7:09:b2:c5:ca:a3:
+ 2c:51:73:f1:8f:e0:83:3d:9e:61:a2:a1:30
+-----BEGIN CERTIFICATE-----
+MIIB6DCCAW6gAwIBAgICM+kwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTM0MDBaFw0yNzEwMTcwOTM0MDBaMA8xDTALBgNVBAMM
+BHFxY3MwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASatpnYySySVCqcWKMah3zTkEsx
+CXGaZW+eBI9S3BMjD9BDb2/Nhxv2Q+G4ReLCIeLByhP4XNR8RMSO0tjUwl52iZMb
+dDeILsMePoCy0C9iRKbLcyBnlO2xCmRAcWQi+GqjgZYwgZMwCQYDVR0TBAIwADAd
+BgNVHQ4EFgQUqgIPrHOZdTiyqgyTJiYcFsuOD8YwRQYDVR0jBD4wPIAUNPhcX7BP
+tuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc1Qe2
+VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZIzj0E
+AwIDaAAwZQIwIYML0y8j05Rb7Pg5q+uMK9Mt04wCkcmqJ0OULwtMCj3TXk73zgCm
+ZCdQWSMczil3AjEAz2MRSGICRXxK4rhBOiib3CTBbgQZ+6UPwEaF7JzHCbLFyqMs
+UXPxj+CDPZ5hoqEw
+-----END CERTIFICATE-----
+</cert>
+
+<key>
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCPSKMchbxya5tE3BvA
+aVwiGkpkGTYbBvB/2JSNYCyY9NlPJE740SiHT4k2722T6cihZANiAASatpnYySyS
+VCqcWKMah3zTkEsxCXGaZW+eBI9S3BMjD9BDb2/Nhxv2Q+G4ReLCIeLByhP4XNR8
+RMSO0tjUwl52iZMbdDeILsMePoCy0C9iRKbLcyBnlO2xCmRAcWQi+Go=
+-----END PRIVATE KEY-----
+</key>
+
+<tls-auth>
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+e2c3228e2b7b2e06ea31c36d88f0b025
+a43272d29c5e75ce0e0d848a22455f7f
+2fbbe2913630194ca637d987b9c9a62d
+4e68ce4cb9cc00a13475e749fdbf98c9
+cae6c8c4ef8e5b8bbf6d0cd30c217625
+382064df6f2fba84d572f0b462530549
+462ef72ebdf83b41bb1c25467d516938
+b9b82d3a5a6ba072c5ca7c1ed54500f1
+932f175f377cbf6a9250690eb36cf05b
+8d04c22756cb43d787d5c6efbbe78732
+02cdc11cf66cef8ccf0842f6f3de425a
+e0c1f29111e7aaf091b97b3958a35066
+94ba9f615b622339e6151314c6ea6014
+518c7ea5e064965985afab9a4bbba63e
+80fb88e0ab45db4f734c1650dcd01810
+c201d2efe838b414674643ce2d05fdab
+-----END OpenVPN Static key V1-----
+</tls-auth>
--- /dev/null
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server. #
+# #
+# This configuration can be used by multiple #
+# clients, however each client should have #
+# its own cert and key files. #
+# #
+# On Windows, you might want to rename this #
+# file so it has a .ovpn extension #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel
+# if you have more than one. On XP SP2,
+# you may need to disable the firewall
+# for the TAP adapter.
+;dev-node MyTap
+
+# Are we connecting to a TCP or
+# UDP server? Use the same setting as
+# on the server.
+;proto tcp
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote vpn.userrendszerhaz.hu 1194
+
+# Choose a random host from the remote
+# list for load-balancing. Otherwise
+# try hosts in the order specified.
+;remote-random
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server. Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Downgrade privileges after initialization (non-Windows only)
+user nobody
+group nobody
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# If you are connecting through an
+# HTTP proxy to reach the actual OpenVPN
+# server, put the proxy server/IP and
+# port number here. See the man page
+# if your proxy server requires
+# authentication.
+;http-proxy-retry # retry on connection failures
+;http-proxy [proxy server] [proxy port #]
+
+# Wireless networks often produce a lot
+# of duplicate packets. Set this flag
+# to silence duplicate packet warnings.
+;mute-replay-warnings
+
+# SSL/TLS parms.
+# See the server config file for more
+# description. It's best to use
+# a separate .crt/.key file pair
+# for each client. A single ca
+# file can be used for all clients.
+;ca ca.crt
+;cert client.crt
+;key client.key
+
+# Verify server certificate by checking that the
+# certicate has the correct key usage set.
+# This is an important precaution to protect against
+# a potential attack discussed here:
+# http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the keyUsage set to
+# digitalSignature, keyEncipherment
+# and the extendedKeyUsage to
+# serverAuth
+# EasyRSA can do this for you.
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+;tls-auth ta.key 1
+key-direction 1
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+# Note that v2.4 client/server will automatically
+# negotiate AES-256-GCM in TLS mode.
+# See also the ncp-cipher option in the manpage
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+#comp-lzo
+
+# Set log file verbosity.
+verb 3
+
+# Silence repeating messages
+;mute 20
+
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIB4zCCAWmgAwIBAgIJANzVB7ZWgM/zMAoGCCqGSM49BAMCMBUxEzARBgNVBAMM
+Ck9wZW5WUE4gQ0EwHhcNMTcxMDE5MDkyNjQ5WhcNMjcxMDE3MDkyNjQ5WjAVMRMw
+EQYDVQQDDApPcGVuVlBOIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZlRYMkM/
+C1BWwdhulSHhjowAkCXaAN8OUprngryT/qA/0Am+LYQmWdwNdef4ElhSTW4xaKQZ
+q4d36p1ygnf3lEKRQSkg2u/5mrTCBw1DEZOgg8CS1z4wTlttYqlido0Jo4GEMIGB
+MB0GA1UdDgQWBBQ0+FxfsE+24u9DitmrWHTQVshLzzBFBgNVHSMEPjA8gBQ0+Fxf
+sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV
+B7ZWgM/zMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA2gA
+MGUCMQCzheSmsBg4AbeGKqnuJ9P/uvgQOZcsgxls63EDhpirHcL/eJFGwpF2xj1p
+9AnWZfwCMGO/71WFApKPRJo6rFfpbqt3UG/ht2TKE59f2kXNlhW2DS0Vg4FnFRVa
++ARBv6orZw==
+-----END CERTIFICATE-----
+</ca>
+
+<cert>
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 12392 (0x3068)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:33:27 2017 GMT
+ Not After : Oct 17 09:33:27 2027 GMT
+ Subject: CN=rrendek
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:93:14:3f:24:4e:45:1b:b9:99:2d:3f:dd:de:34:
+ ef:fe:d2:92:04:02:a7:15:a2:13:70:63:c3:2d:7c:
+ c9:4c:e1:b9:3d:16:da:4b:82:ab:f4:f8:12:fb:97:
+ 67:f9:5c:ed:a8:9f:59:a6:8f:95:07:60:51:ae:d1:
+ 31:a2:f3:7b:84:8e:22:12:cf:15:9d:f2:28:79:6f:
+ ae:81:7a:4f:8d:17:c8:51:40:5d:00:8a:be:d7:bc:
+ 89:9c:5c:6a:74:26:bd
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ DC:B3:A4:15:7A:8C:D4:35:51:97:3C:CE:EB:AE:04:F3:16:6E:06:EC
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:30:51:85:3f:d2:fb:cb:3c:b2:23:38:67:74:21:57:
+ d1:ce:30:98:ce:74:ba:25:bc:1d:4c:78:a8:9a:b3:9d:65:e4:
+ bb:f3:18:11:3d:78:3f:cb:0e:4e:84:10:d1:e3:36:fb:02:31:
+ 00:ac:47:55:f0:2e:4f:8d:04:10:f0:d7:ef:e6:20:49:50:37:
+ d9:8d:48:0a:4c:74:3a:ad:94:31:34:fc:b2:d8:ad:80:49:50:
+ fa:a7:97:6c:9c:e2:28:2c:9e:1f:14:50:22
+-----BEGIN CERTIFICATE-----
+MIIB6zCCAXGgAwIBAgICMGgwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMzMjdaFw0yNzEwMTcwOTMzMjdaMBIxEDAOBgNVBAMM
+B3JyZW5kZWswdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASTFD8kTkUbuZktP93eNO/+
+0pIEAqcVohNwY8MtfMlM4bk9FtpLgqv0+BL7l2f5XO2on1mmj5UHYFGu0TGi83uE
+jiISzxWd8ih5b66Bek+NF8hRQF0Air7XvImcXGp0Jr2jgZYwgZMwCQYDVR0TBAIw
+ADAdBgNVHQ4EFgQU3LOkFXqM1DVRlzzO664E8xZuBuwwRQYDVR0jBD4wPIAUNPhc
+X7BPtuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc
+1Qe2VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI
+zj0EAwIDaAAwZQIwUYU/0vvLPLIjOGd0IVfRzjCYznS6JbwdTHiomrOdZeS78xgR
+PXg/yw5OhBDR4zb7AjEArEdV8C5PjQQQ8Nfv5iBJUDfZjUgKTHQ6rZQxNPyy2K2A
+SVD6p5dsnOIoLJ4fFFAi
+-----END CERTIFICATE-----
+</cert>
+
+<key>
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBtLhYsFhfQiSZ3tsoP
+Ohxtg8tjRVo5xuNdtovcs9sM6JdHVgNTppG2MHE9br37y6yhZANiAASTFD8kTkUb
+uZktP93eNO/+0pIEAqcVohNwY8MtfMlM4bk9FtpLgqv0+BL7l2f5XO2on1mmj5UH
+YFGu0TGi83uEjiISzxWd8ih5b66Bek+NF8hRQF0Air7XvImcXGp0Jr0=
+-----END PRIVATE KEY-----
+</key>
+
+<tls-auth>
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+e2c3228e2b7b2e06ea31c36d88f0b025
+a43272d29c5e75ce0e0d848a22455f7f
+2fbbe2913630194ca637d987b9c9a62d
+4e68ce4cb9cc00a13475e749fdbf98c9
+cae6c8c4ef8e5b8bbf6d0cd30c217625
+382064df6f2fba84d572f0b462530549
+462ef72ebdf83b41bb1c25467d516938
+b9b82d3a5a6ba072c5ca7c1ed54500f1
+932f175f377cbf6a9250690eb36cf05b
+8d04c22756cb43d787d5c6efbbe78732
+02cdc11cf66cef8ccf0842f6f3de425a
+e0c1f29111e7aaf091b97b3958a35066
+94ba9f615b622339e6151314c6ea6014
+518c7ea5e064965985afab9a4bbba63e
+80fb88e0ab45db4f734c1650dcd01810
+c201d2efe838b414674643ce2d05fdab
+-----END OpenVPN Static key V1-----
+</tls-auth>
--- /dev/null
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server. #
+# #
+# This configuration can be used by multiple #
+# clients, however each client should have #
+# its own cert and key files. #
+# #
+# On Windows, you might want to rename this #
+# file so it has a .ovpn extension #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel
+# if you have more than one. On XP SP2,
+# you may need to disable the firewall
+# for the TAP adapter.
+;dev-node MyTap
+
+# Are we connecting to a TCP or
+# UDP server? Use the same setting as
+# on the server.
+;proto tcp
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote vpn.userrendszerhaz.hu 1194
+
+# Choose a random host from the remote
+# list for load-balancing. Otherwise
+# try hosts in the order specified.
+;remote-random
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server. Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Downgrade privileges after initialization (non-Windows only)
+user nobody
+group nobody
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# If you are connecting through an
+# HTTP proxy to reach the actual OpenVPN
+# server, put the proxy server/IP and
+# port number here. See the man page
+# if your proxy server requires
+# authentication.
+;http-proxy-retry # retry on connection failures
+;http-proxy [proxy server] [proxy port #]
+
+# Wireless networks often produce a lot
+# of duplicate packets. Set this flag
+# to silence duplicate packet warnings.
+;mute-replay-warnings
+
+# SSL/TLS parms.
+# See the server config file for more
+# description. It's best to use
+# a separate .crt/.key file pair
+# for each client. A single ca
+# file can be used for all clients.
+;ca ca.crt
+;cert client.crt
+;key client.key
+
+# Verify server certificate by checking that the
+# certicate has the correct key usage set.
+# This is an important precaution to protect against
+# a potential attack discussed here:
+# http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the keyUsage set to
+# digitalSignature, keyEncipherment
+# and the extendedKeyUsage to
+# serverAuth
+# EasyRSA can do this for you.
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+;tls-auth ta.key 1
+key-direction 1
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+# Note that v2.4 client/server will automatically
+# negotiate AES-256-GCM in TLS mode.
+# See also the ncp-cipher option in the manpage
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+#comp-lzo
+
+# Set log file verbosity.
+verb 3
+
+# Silence repeating messages
+;mute 20
+
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIB4zCCAWmgAwIBAgIJANzVB7ZWgM/zMAoGCCqGSM49BAMCMBUxEzARBgNVBAMM
+Ck9wZW5WUE4gQ0EwHhcNMTcxMDE5MDkyNjQ5WhcNMjcxMDE3MDkyNjQ5WjAVMRMw
+EQYDVQQDDApPcGVuVlBOIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZlRYMkM/
+C1BWwdhulSHhjowAkCXaAN8OUprngryT/qA/0Am+LYQmWdwNdef4ElhSTW4xaKQZ
+q4d36p1ygnf3lEKRQSkg2u/5mrTCBw1DEZOgg8CS1z4wTlttYqlido0Jo4GEMIGB
+MB0GA1UdDgQWBBQ0+FxfsE+24u9DitmrWHTQVshLzzBFBgNVHSMEPjA8gBQ0+Fxf
+sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV
+B7ZWgM/zMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA2gA
+MGUCMQCzheSmsBg4AbeGKqnuJ9P/uvgQOZcsgxls63EDhpirHcL/eJFGwpF2xj1p
+9AnWZfwCMGO/71WFApKPRJo6rFfpbqt3UG/ht2TKE59f2kXNlhW2DS0Vg4FnFRVa
++ARBv6orZw==
+-----END CERTIFICATE-----
+</ca>
+
+<cert>
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 12884 (0x3254)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:34:10 2017 GMT
+ Not After : Oct 17 09:34:10 2027 GMT
+ Subject: CN=rtoth
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:7a:7e:21:3f:34:e9:74:19:bb:bf:7e:9e:2b:c4:
+ 62:fd:ad:9f:ed:82:83:00:5d:39:53:14:81:44:0f:
+ 2b:bc:a8:6e:e3:10:00:fd:78:85:d2:76:12:bd:8a:
+ 3d:0d:8c:45:cc:ef:d2:2e:17:b0:d6:0a:68:c9:7a:
+ 12:f5:b4:df:44:11:27:da:22:4b:44:8c:4f:d9:d3:
+ 7c:be:ee:76:a1:5b:4b:ae:cd:fe:40:d1:43:9a:3b:
+ fd:9a:13:c6:68:b0:38
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 86:F1:74:B7:CD:8B:58:F7:D8:BD:31:75:B5:3F:EE:E1:6A:BB:99:0C
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:31:00:b9:da:3e:da:46:23:d5:66:a0:0e:c9:e1:cd:
+ 09:66:11:30:47:4f:e8:d7:5e:1e:6b:7e:4a:ba:01:d9:2b:8d:
+ d7:0c:9d:b1:53:a9:90:89:71:4b:18:ea:84:76:26:c1:e4:02:
+ 30:76:0f:ab:a2:75:cc:8d:b0:5a:b9:b6:1a:32:50:2e:aa:d2:
+ 3e:fb:be:da:35:e1:d0:17:95:49:fd:b5:63:c6:e8:b6:b9:3c:
+ 53:6d:b6:4d:ad:00:27:7f:a5:60:f9:1e:db
+-----BEGIN CERTIFICATE-----
+MIIB6TCCAW+gAwIBAgICMlQwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTM0MTBaFw0yNzEwMTcwOTM0MTBaMBAxDjAMBgNVBAMM
+BXJ0b3RoMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEen4hPzTpdBm7v36eK8Ri/a2f
+7YKDAF05UxSBRA8rvKhu4xAA/XiF0nYSvYo9DYxFzO/SLhew1gpoyXoS9bTfRBEn
+2iJLRIxP2dN8vu52oVtLrs3+QNFDmjv9mhPGaLA4o4GWMIGTMAkGA1UdEwQCMAAw
+HQYDVR0OBBYEFIbxdLfNi1j32L0xdbU/7uFqu5kMMEUGA1UdIwQ+MDyAFDT4XF+w
+T7bi70OK2atYdNBWyEvPoRmkFzAVMRMwEQYDVQQDDApPcGVuVlBOIENBggkA3NUH
+tlaAz/MwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49
+BAMCA2gAMGUCMQC52j7aRiPVZqAOyeHNCWYRMEdP6NdeHmt+SroB2SuN1wydsVOp
+kIlxSxjqhHYmweQCMHYPq6J1zI2wWrm2GjJQLqrSPvu+2jXh0BeVSf21Y8botrk8
+U222Ta0AJ3+lYPke2w==
+-----END CERTIFICATE-----
+</cert>
+
+<key>
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDYZtocWg502oc7z6yZ
+5prVXiJHzDxU5ujIdDzWicgPcPHSME2CwewAvXM07n5qXFmhZANiAAR6fiE/NOl0
+Gbu/fp4rxGL9rZ/tgoMAXTlTFIFEDyu8qG7jEAD9eIXSdhK9ij0NjEXM79IuF7DW
+CmjJehL1tN9EESfaIktEjE/Z03y+7nahW0uuzf5A0UOaO/2aE8ZosDg=
+-----END PRIVATE KEY-----
+</key>
+
+<tls-auth>
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+e2c3228e2b7b2e06ea31c36d88f0b025
+a43272d29c5e75ce0e0d848a22455f7f
+2fbbe2913630194ca637d987b9c9a62d
+4e68ce4cb9cc00a13475e749fdbf98c9
+cae6c8c4ef8e5b8bbf6d0cd30c217625
+382064df6f2fba84d572f0b462530549
+462ef72ebdf83b41bb1c25467d516938
+b9b82d3a5a6ba072c5ca7c1ed54500f1
+932f175f377cbf6a9250690eb36cf05b
+8d04c22756cb43d787d5c6efbbe78732
+02cdc11cf66cef8ccf0842f6f3de425a
+e0c1f29111e7aaf091b97b3958a35066
+94ba9f615b622339e6151314c6ea6014
+518c7ea5e064965985afab9a4bbba63e
+80fb88e0ab45db4f734c1650dcd01810
+c201d2efe838b414674643ce2d05fdab
+-----END OpenVPN Static key V1-----
+</tls-auth>
--- /dev/null
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server. #
+# #
+# This configuration can be used by multiple #
+# clients, however each client should have #
+# its own cert and key files. #
+# #
+# On Windows, you might want to rename this #
+# file so it has a .ovpn extension #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel
+# if you have more than one. On XP SP2,
+# you may need to disable the firewall
+# for the TAP adapter.
+;dev-node MyTap
+
+# Are we connecting to a TCP or
+# UDP server? Use the same setting as
+# on the server.
+;proto tcp
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote vpn.userrendszerhaz.hu 1194
+
+# Choose a random host from the remote
+# list for load-balancing. Otherwise
+# try hosts in the order specified.
+;remote-random
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server. Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Downgrade privileges after initialization (non-Windows only)
+user nobody
+group nobody
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# If you are connecting through an
+# HTTP proxy to reach the actual OpenVPN
+# server, put the proxy server/IP and
+# port number here. See the man page
+# if your proxy server requires
+# authentication.
+;http-proxy-retry # retry on connection failures
+;http-proxy [proxy server] [proxy port #]
+
+# Wireless networks often produce a lot
+# of duplicate packets. Set this flag
+# to silence duplicate packet warnings.
+;mute-replay-warnings
+
+# SSL/TLS parms.
+# See the server config file for more
+# description. It's best to use
+# a separate .crt/.key file pair
+# for each client. A single ca
+# file can be used for all clients.
+;ca ca.crt
+;cert client.crt
+;key client.key
+
+# Verify server certificate by checking that the
+# certicate has the correct key usage set.
+# This is an important precaution to protect against
+# a potential attack discussed here:
+# http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the keyUsage set to
+# digitalSignature, keyEncipherment
+# and the extendedKeyUsage to
+# serverAuth
+# EasyRSA can do this for you.
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+;tls-auth ta.key 1
+key-direction 1
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+# Note that v2.4 client/server will automatically
+# negotiate AES-256-GCM in TLS mode.
+# See also the ncp-cipher option in the manpage
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+#comp-lzo
+
+# Set log file verbosity.
+verb 3
+
+# Silence repeating messages
+;mute 20
+
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIB4zCCAWmgAwIBAgIJANzVB7ZWgM/zMAoGCCqGSM49BAMCMBUxEzARBgNVBAMM
+Ck9wZW5WUE4gQ0EwHhcNMTcxMDE5MDkyNjQ5WhcNMjcxMDE3MDkyNjQ5WjAVMRMw
+EQYDVQQDDApPcGVuVlBOIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZlRYMkM/
+C1BWwdhulSHhjowAkCXaAN8OUprngryT/qA/0Am+LYQmWdwNdef4ElhSTW4xaKQZ
+q4d36p1ygnf3lEKRQSkg2u/5mrTCBw1DEZOgg8CS1z4wTlttYqlido0Jo4GEMIGB
+MB0GA1UdDgQWBBQ0+FxfsE+24u9DitmrWHTQVshLzzBFBgNVHSMEPjA8gBQ0+Fxf
+sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV
+B7ZWgM/zMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA2gA
+MGUCMQCzheSmsBg4AbeGKqnuJ9P/uvgQOZcsgxls63EDhpirHcL/eJFGwpF2xj1p
+9AnWZfwCMGO/71WFApKPRJo6rFfpbqt3UG/ht2TKE59f2kXNlhW2DS0Vg4FnFRVa
++ARBv6orZw==
+-----END CERTIFICATE-----
+</ca>
+
+<cert>
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 14004 (0x36b4)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Jan 30 10:47:27 2018 GMT
+ Not After : Jan 28 10:47:27 2028 GMT
+ Subject: CN=zbartakovics
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:8e:37:8a:ac:33:b1:25:3b:48:63:b1:8b:49:68:
+ d3:a2:56:b7:b6:6b:0e:de:ed:9f:7e:0e:c9:8c:8d:
+ 1f:37:81:de:99:1c:ee:d8:74:ac:e0:73:cb:93:bd:
+ c6:6f:32:a2:30:ae:d6:87:93:59:0d:b3:09:67:ba:
+ fc:4b:43:54:ac:d2:86:2c:4a:08:91:08:d5:ef:17:
+ 4e:b4:65:c3:69:55:3f:65:b5:18:59:31:e8:17:21:
+ 04:eb:af:11:e3:b0:56
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 99:1D:BF:07:30:49:FC:A7:A7:2C:A2:3C:DD:C4:C8:4C:7A:BF:97:8E
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:30:15:70:82:b0:56:64:69:39:d9:05:44:4c:8a:59:
+ 9f:2f:33:80:19:91:92:de:cb:8b:00:92:0c:0d:7c:0a:43:ec:
+ bd:b3:dc:ca:d8:3b:ca:d1:b1:39:83:25:2f:00:0b:f8:02:31:
+ 00:92:db:1d:38:d9:e2:7d:c2:43:8e:c1:7b:45:f3:e5:c0:aa:
+ d2:d9:f7:be:28:d9:c1:b3:40:04:7d:6f:86:2f:ab:bb:4b:6d:
+ 3e:ec:af:e2:27:b0:95:ce:2b:fc:0b:1f:b8
+-----BEGIN CERTIFICATE-----
+MIIB8DCCAXagAwIBAgICNrQwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xODAxMzAxMDQ3MjdaFw0yODAxMjgxMDQ3MjdaMBcxFTATBgNVBAMM
+DHpiYXJ0YWtvdmljczB2MBAGByqGSM49AgEGBSuBBAAiA2IABI43iqwzsSU7SGOx
+i0lo06JWt7ZrDt7tn34OyYyNHzeB3pkc7th0rOBzy5O9xm8yojCu1oeTWQ2zCWe6
+/EtDVKzShixKCJEI1e8XTrRlw2lVP2W1GFkx6BchBOuvEeOwVqOBljCBkzAJBgNV
+HRMEAjAAMB0GA1UdDgQWBBSZHb8HMEn8p6csojzdxMhMer+XjjBFBgNVHSMEPjA8
+gBQ0+FxfsE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBD
+QYIJANzVB7ZWgM/zMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAK
+BggqhkjOPQQDAgNoADBlAjAVcIKwVmRpOdkFREyKWZ8vM4AZkZLey4sAkgwNfApD
+7L2z3MrYO8rRsTmDJS8AC/gCMQCS2x042eJ9wkOOwXtF8+XAqtLZ974o2cGzQAR9
+b4Yvq7tLbT7sr+InsJXOK/wLH7g=
+-----END CERTIFICATE-----
+</cert>
+
+<key>
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDjqbEAqwUzgWCosiqe
+HcQFZ3ryCgJ+T91AnFv7rv/ZW6lkQ7tXJZ+F3ZHbMfEnsuShZANiAASON4qsM7El
+O0hjsYtJaNOiVre2aw7e7Z9+DsmMjR83gd6ZHO7YdKzgc8uTvcZvMqIwrtaHk1kN
+swlnuvxLQ1Ss0oYsSgiRCNXvF060ZcNpVT9ltRhZMegXIQTrrxHjsFY=
+-----END PRIVATE KEY-----
+</key>
+
+<tls-auth>
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+e2c3228e2b7b2e06ea31c36d88f0b025
+a43272d29c5e75ce0e0d848a22455f7f
+2fbbe2913630194ca637d987b9c9a62d
+4e68ce4cb9cc00a13475e749fdbf98c9
+cae6c8c4ef8e5b8bbf6d0cd30c217625
+382064df6f2fba84d572f0b462530549
+462ef72ebdf83b41bb1c25467d516938
+b9b82d3a5a6ba072c5ca7c1ed54500f1
+932f175f377cbf6a9250690eb36cf05b
+8d04c22756cb43d787d5c6efbbe78732
+02cdc11cf66cef8ccf0842f6f3de425a
+e0c1f29111e7aaf091b97b3958a35066
+94ba9f615b622339e6151314c6ea6014
+518c7ea5e064965985afab9a4bbba63e
+80fb88e0ab45db4f734c1650dcd01810
+c201d2efe838b414674643ce2d05fdab
+-----END OpenVPN Static key V1-----
+</tls-auth>
--- /dev/null
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server. #
+# #
+# This configuration can be used by multiple #
+# clients, however each client should have #
+# its own cert and key files. #
+# #
+# On Windows, you might want to rename this #
+# file so it has a .ovpn extension #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel
+# if you have more than one. On XP SP2,
+# you may need to disable the firewall
+# for the TAP adapter.
+;dev-node MyTap
+
+# Are we connecting to a TCP or
+# UDP server? Use the same setting as
+# on the server.
+;proto tcp
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote vpn.userrendszerhaz.hu 1194
+
+# Choose a random host from the remote
+# list for load-balancing. Otherwise
+# try hosts in the order specified.
+;remote-random
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server. Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Downgrade privileges after initialization (non-Windows only)
+user nobody
+group nobody
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# If you are connecting through an
+# HTTP proxy to reach the actual OpenVPN
+# server, put the proxy server/IP and
+# port number here. See the man page
+# if your proxy server requires
+# authentication.
+;http-proxy-retry # retry on connection failures
+;http-proxy [proxy server] [proxy port #]
+
+# Wireless networks often produce a lot
+# of duplicate packets. Set this flag
+# to silence duplicate packet warnings.
+;mute-replay-warnings
+
+# SSL/TLS parms.
+# See the server config file for more
+# description. It's best to use
+# a separate .crt/.key file pair
+# for each client. A single ca
+# file can be used for all clients.
+;ca ca.crt
+;cert client.crt
+;key client.key
+
+# Verify server certificate by checking that the
+# certicate has the correct key usage set.
+# This is an important precaution to protect against
+# a potential attack discussed here:
+# http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the keyUsage set to
+# digitalSignature, keyEncipherment
+# and the extendedKeyUsage to
+# serverAuth
+# EasyRSA can do this for you.
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+;tls-auth ta.key 1
+key-direction 1
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+# Note that v2.4 client/server will automatically
+# negotiate AES-256-GCM in TLS mode.
+# See also the ncp-cipher option in the manpage
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+#comp-lzo
+
+# Set log file verbosity.
+verb 3
+
+# Silence repeating messages
+;mute 20
+
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIB4zCCAWmgAwIBAgIJANzVB7ZWgM/zMAoGCCqGSM49BAMCMBUxEzARBgNVBAMM
+Ck9wZW5WUE4gQ0EwHhcNMTcxMDE5MDkyNjQ5WhcNMjcxMDE3MDkyNjQ5WjAVMRMw
+EQYDVQQDDApPcGVuVlBOIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZlRYMkM/
+C1BWwdhulSHhjowAkCXaAN8OUprngryT/qA/0Am+LYQmWdwNdef4ElhSTW4xaKQZ
+q4d36p1ygnf3lEKRQSkg2u/5mrTCBw1DEZOgg8CS1z4wTlttYqlido0Jo4GEMIGB
+MB0GA1UdDgQWBBQ0+FxfsE+24u9DitmrWHTQVshLzzBFBgNVHSMEPjA8gBQ0+Fxf
+sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV
+B7ZWgM/zMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA2gA
+MGUCMQCzheSmsBg4AbeGKqnuJ9P/uvgQOZcsgxls63EDhpirHcL/eJFGwpF2xj1p
+9AnWZfwCMGO/71WFApKPRJo6rFfpbqt3UG/ht2TKE59f2kXNlhW2DS0Vg4FnFRVa
++ARBv6orZw==
+-----END CERTIFICATE-----
+</ca>
+
+<cert>
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 10257 (0x2811)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:33:38 2017 GMT
+ Not After : Oct 17 09:33:38 2027 GMT
+ Subject: CN=zfelleg
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:cf:d4:8f:88:15:a2:5f:1a:5d:2d:dd:51:2b:0d:
+ f1:6e:0b:4d:8b:81:67:ac:37:75:0b:1a:fa:fa:08:
+ 5b:4c:4a:d1:9b:63:df:b6:df:bd:dc:14:75:47:c3:
+ 77:6c:0e:f6:c1:7b:21:4b:5d:91:7e:93:7e:39:ac:
+ 07:69:86:15:9f:d8:b2:85:ee:2e:24:24:b7:e1:12:
+ 2a:d9:04:5b:f3:22:9e:2c:f3:3a:aa:3c:0d:de:28:
+ 13:8b:7a:b6:72:62:28
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 0E:89:B8:B3:3F:79:44:1B:2D:22:D5:67:BE:BB:FB:4B:F8:52:27:4B
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:31:00:ed:61:aa:ec:d9:b6:11:19:58:65:7f:57:3c:
+ 98:a8:dd:c0:db:3f:c2:43:a4:a6:21:34:98:21:f2:43:2f:81:
+ c6:a2:b1:f2:c9:eb:ea:37:6a:18:f9:81:ea:33:1a:6a:d4:02:
+ 30:48:a3:18:1a:4f:2e:8b:5e:67:e5:a9:f3:48:01:25:b9:73:
+ 0c:48:50:9f:0a:c1:9f:45:d3:e9:70:09:bd:18:38:17:66:0b:
+ f2:24:a2:77:0e:53:bf:67:be:36:9d:d7:9d
+-----BEGIN CERTIFICATE-----
+MIIB6zCCAXGgAwIBAgICKBEwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMzMzhaFw0yNzEwMTcwOTMzMzhaMBIxEDAOBgNVBAMM
+B3pmZWxsZWcwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATP1I+IFaJfGl0t3VErDfFu
+C02LgWesN3ULGvr6CFtMStGbY9+2373cFHVHw3dsDvbBeyFLXZF+k345rAdphhWf
+2LKF7i4kJLfhEirZBFvzIp4s8zqqPA3eKBOLerZyYiijgZYwgZMwCQYDVR0TBAIw
+ADAdBgNVHQ4EFgQUDom4sz95RBstItVnvrv7S/hSJ0swRQYDVR0jBD4wPIAUNPhc
+X7BPtuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc
+1Qe2VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI
+zj0EAwIDaAAwZQIxAO1hquzZthEZWGV/VzyYqN3A2z/CQ6SmITSYIfJDL4HGorHy
+yevqN2oY+YHqMxpq1AIwSKMYGk8ui15n5anzSAEluXMMSFCfCsGfRdPpcAm9GDgX
+ZgvyJKJ3DlO/Z742nded
+-----END CERTIFICATE-----
+</cert>
+
+<key>
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDlCNDXEXfkpMfZ4qrW
+tHKzpFEibWhvxc2cYDnXXb4SuZ999Xi1cZXp7McJ1lwntFWhZANiAATP1I+IFaJf
+Gl0t3VErDfFuC02LgWesN3ULGvr6CFtMStGbY9+2373cFHVHw3dsDvbBeyFLXZF+
+k345rAdphhWf2LKF7i4kJLfhEirZBFvzIp4s8zqqPA3eKBOLerZyYig=
+-----END PRIVATE KEY-----
+</key>
+
+<tls-auth>
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+e2c3228e2b7b2e06ea31c36d88f0b025
+a43272d29c5e75ce0e0d848a22455f7f
+2fbbe2913630194ca637d987b9c9a62d
+4e68ce4cb9cc00a13475e749fdbf98c9
+cae6c8c4ef8e5b8bbf6d0cd30c217625
+382064df6f2fba84d572f0b462530549
+462ef72ebdf83b41bb1c25467d516938
+b9b82d3a5a6ba072c5ca7c1ed54500f1
+932f175f377cbf6a9250690eb36cf05b
+8d04c22756cb43d787d5c6efbbe78732
+02cdc11cf66cef8ccf0842f6f3de425a
+e0c1f29111e7aaf091b97b3958a35066
+94ba9f615b622339e6151314c6ea6014
+518c7ea5e064965985afab9a4bbba63e
+80fb88e0ab45db4f734c1650dcd01810
+c201d2efe838b414674643ce2d05fdab
+-----END OpenVPN Static key V1-----
+</tls-auth>
--- /dev/null
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server. #
+# #
+# This configuration can be used by multiple #
+# clients, however each client should have #
+# its own cert and key files. #
+# #
+# On Windows, you might want to rename this #
+# file so it has a .ovpn extension #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel
+# if you have more than one. On XP SP2,
+# you may need to disable the firewall
+# for the TAP adapter.
+;dev-node MyTap
+
+# Are we connecting to a TCP or
+# UDP server? Use the same setting as
+# on the server.
+;proto tcp
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote vpn.userrendszerhaz.hu 1194
+
+# Choose a random host from the remote
+# list for load-balancing. Otherwise
+# try hosts in the order specified.
+;remote-random
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server. Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Downgrade privileges after initialization (non-Windows only)
+user nobody
+group nobody
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# If you are connecting through an
+# HTTP proxy to reach the actual OpenVPN
+# server, put the proxy server/IP and
+# port number here. See the man page
+# if your proxy server requires
+# authentication.
+;http-proxy-retry # retry on connection failures
+;http-proxy [proxy server] [proxy port #]
+
+# Wireless networks often produce a lot
+# of duplicate packets. Set this flag
+# to silence duplicate packet warnings.
+;mute-replay-warnings
+
+# SSL/TLS parms.
+# See the server config file for more
+# description. It's best to use
+# a separate .crt/.key file pair
+# for each client. A single ca
+# file can be used for all clients.
+;ca ca.crt
+;cert client.crt
+;key client.key
+
+# Verify server certificate by checking that the
+# certicate has the correct key usage set.
+# This is an important precaution to protect against
+# a potential attack discussed here:
+# http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the keyUsage set to
+# digitalSignature, keyEncipherment
+# and the extendedKeyUsage to
+# serverAuth
+# EasyRSA can do this for you.
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+;tls-auth ta.key 1
+key-direction 1
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+# Note that v2.4 client/server will automatically
+# negotiate AES-256-GCM in TLS mode.
+# See also the ncp-cipher option in the manpage
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+#comp-lzo
+
+# Set log file verbosity.
+verb 3
+
+# Silence repeating messages
+;mute 20
+
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIB4zCCAWmgAwIBAgIJANzVB7ZWgM/zMAoGCCqGSM49BAMCMBUxEzARBgNVBAMM
+Ck9wZW5WUE4gQ0EwHhcNMTcxMDE5MDkyNjQ5WhcNMjcxMDE3MDkyNjQ5WjAVMRMw
+EQYDVQQDDApPcGVuVlBOIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZlRYMkM/
+C1BWwdhulSHhjowAkCXaAN8OUprngryT/qA/0Am+LYQmWdwNdef4ElhSTW4xaKQZ
+q4d36p1ygnf3lEKRQSkg2u/5mrTCBw1DEZOgg8CS1z4wTlttYqlido0Jo4GEMIGB
+MB0GA1UdDgQWBBQ0+FxfsE+24u9DitmrWHTQVshLzzBFBgNVHSMEPjA8gBQ0+Fxf
+sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV
+B7ZWgM/zMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA2gA
+MGUCMQCzheSmsBg4AbeGKqnuJ9P/uvgQOZcsgxls63EDhpirHcL/eJFGwpF2xj1p
+9AnWZfwCMGO/71WFApKPRJo6rFfpbqt3UG/ht2TKE59f2kXNlhW2DS0Vg4FnFRVa
++ARBv6orZw==
+-----END CERTIFICATE-----
+</ca>
+
+<cert>
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 12097 (0x2f41)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:33:49 2017 GMT
+ Not After : Oct 17 09:33:49 2027 GMT
+ Subject: CN=zsnemes
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:ef:9d:6d:83:d5:6a:c2:ac:d9:a5:9f:37:e0:8f:
+ cc:a1:38:66:87:b8:ed:b3:3a:3b:b3:04:de:c9:54:
+ 72:4c:c5:0e:50:81:0f:9e:8c:cd:27:61:99:25:58:
+ f6:b4:c8:0c:0b:2e:95:4e:a4:64:b1:25:b7:32:f5:
+ 18:62:9b:3a:65:de:3c:5f:b3:c3:9d:30:34:b2:a5:
+ 45:18:b8:17:a6:ef:47:29:48:56:e0:ff:93:4a:a8:
+ 21:e9:1b:f4:71:63:7e
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 97:0E:42:9E:05:27:59:9E:29:8E:22:AA:1A:85:E0:F9:B8:03:DA:20
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:31:00:86:0d:4d:32:f7:5b:5f:a6:f8:36:52:7c:37:
+ bd:d3:1a:39:c3:16:0b:42:2e:95:4d:ff:ed:25:05:89:03:11:
+ 34:c2:30:7c:94:69:a5:90:68:15:7e:eb:1e:87:e4:c5:c1:02:
+ 30:20:c1:1a:86:89:2c:b5:67:f7:1a:a5:bb:4e:8e:cd:42:78:
+ 32:e7:75:b6:d0:c3:e5:61:40:48:c1:6b:20:54:42:de:ee:7a:
+ aa:7e:52:d9:c6:ee:16:90:1a:8c:0a:ae:b3
+-----BEGIN CERTIFICATE-----
+MIIB6zCCAXGgAwIBAgICL0EwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMzNDlaFw0yNzEwMTcwOTMzNDlaMBIxEDAOBgNVBAMM
+B3pzbmVtZXMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATvnW2D1WrCrNmlnzfgj8yh
+OGaHuO2zOjuzBN7JVHJMxQ5QgQ+ejM0nYZklWPa0yAwLLpVOpGSxJbcy9Rhimzpl
+3jxfs8OdMDSypUUYuBem70cpSFbg/5NKqCHpG/RxY36jgZYwgZMwCQYDVR0TBAIw
+ADAdBgNVHQ4EFgQUlw5CngUnWZ4pjiKqGoXg+bgD2iAwRQYDVR0jBD4wPIAUNPhc
+X7BPtuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc
+1Qe2VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI
+zj0EAwIDaAAwZQIxAIYNTTL3W1+m+DZSfDe90xo5wxYLQi6VTf/tJQWJAxE0wjB8
+lGmlkGgVfuseh+TFwQIwIMEahokstWf3GqW7To7NQngy53W20MPlYUBIwWsgVELe
+7nqqflLZxu4WkBqMCq6z
+-----END CERTIFICATE-----
+</cert>
+
+<key>
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDANt00lPuqR3fd6Ugh3
+3jI+P1HQ15Nwb3CAE04fzwAA30upq12Dao3oxs90TPen8fuhZANiAATvnW2D1WrC
+rNmlnzfgj8yhOGaHuO2zOjuzBN7JVHJMxQ5QgQ+ejM0nYZklWPa0yAwLLpVOpGSx
+Jbcy9Rhimzpl3jxfs8OdMDSypUUYuBem70cpSFbg/5NKqCHpG/RxY34=
+-----END PRIVATE KEY-----
+</key>
+
+<tls-auth>
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+e2c3228e2b7b2e06ea31c36d88f0b025
+a43272d29c5e75ce0e0d848a22455f7f
+2fbbe2913630194ca637d987b9c9a62d
+4e68ce4cb9cc00a13475e749fdbf98c9
+cae6c8c4ef8e5b8bbf6d0cd30c217625
+382064df6f2fba84d572f0b462530549
+462ef72ebdf83b41bb1c25467d516938
+b9b82d3a5a6ba072c5ca7c1ed54500f1
+932f175f377cbf6a9250690eb36cf05b
+8d04c22756cb43d787d5c6efbbe78732
+02cdc11cf66cef8ccf0842f6f3de425a
+e0c1f29111e7aaf091b97b3958a35066
+94ba9f615b622339e6151314c6ea6014
+518c7ea5e064965985afab9a4bbba63e
+80fb88e0ab45db4f734c1650dcd01810
+c201d2efe838b414674643ce2d05fdab
+-----END OpenVPN Static key V1-----
+</tls-auth>
--- /dev/null
+iroute 10.162.104.0 255.255.255.0
--- /dev/null
+#!/bin/sh
+
+# Easy-RSA 3 -- A Shell-based CA Utility
+#
+# Copyright (C) 2013 by the Open-Source OpenVPN development community.
+# A full list of contributors can be found in the ChangeLog.
+#
+# This code released under version 2 of the GNU GPL; see COPYING and the
+# Licensing/ directory of this project for full licensing details.
+
+# Help/usage output to stdout
+usage() {
+ # command help:
+ print "
+Easy-RSA 3 usage and overview
+
+USAGE: easyrsa [options] COMMAND [command-options]
+
+A list of commands is shown below. To get detailed usage and help for a
+command, run:
+ ./easyrsa help COMMAND
+
+For a listing of options that can be supplied before the command, use:
+ ./easyrsa help options
+
+Here is the list of commands available with a short syntax reminder. Use the
+'help' command above to get full usage details.
+
+ init-pki
+ build-ca [ cmd-opts ]
+ gen-dh
+ gen-req <filename_base> [ cmd-opts ]
+ sign-req <type> <filename_base>
+ build-client-full <filename_base> [ cmd-opts ]
+ build-server-full <filename_base> [ cmd-opts ]
+ revoke <filename_base>
+ gen-crl
+ update-db
+ show-req <filename_base> [ cmd-opts ]
+ show-cert <filename_base> [ cmd-opts ]
+ import-req <request_file_path> <short_basename>
+ export-p7 <filename_base> [ cmd-opts ]
+ export-p12 <filename_base> [ cmd-opts ]
+ set-rsa-pass <filename_base> [ cmd-opts ]
+ set-ec-pass <filename_base> [ cmd-opts ]
+"
+
+ # collect/show dir status:
+ local err_source="Not defined: vars autodetect failed and no value provided"
+ local work_dir="${EASYRSA:-$err_source}"
+ local pki_dir="${EASYRSA_PKI:-$err_source}"
+ print "\
+DIRECTORY STATUS (commands would take effect on these locations)
+ EASYRSA: $work_dir
+ PKI: $pki_dir
+"
+} # => usage()
+
+# Detailed command help
+# When called with no args, calls usage(), otherwise shows help for a command
+cmd_help() {
+ local text opts
+ case "$1" in
+ init-pki|clean-all) text="
+ init-pki [ cmd-opts ]
+ Removes & re-initializes the PKI dir for a clean PKI" ;;
+ build-ca) text="
+ build-ca [ cmd-opts ]
+ Creates a new CA"
+ opts="
+ nopass - do not encrypt the CA key (default is encrypted)
+ subca - create a sub-CA keypair and request (default is a root CA)" ;;
+ gen-dh) text="
+ gen-dh
+ Generates DH (Diffie-Hellman) parameters" ;;
+ gen-req) text="
+ gen-req <filename_base> [ cmd-opts ]
+ Generate a standalone keypair and request (CSR)
+
+ This request is suitable for sending to a remote CA for signing."
+ opts="
+ nopass - do not encrypt the private key (default is encrypted)" ;;
+ sign|sign-req) text="
+ sign-req <type> <filename_base>
+ Sign a certificate request of the defined type. <type> must be a known
+ type such as 'client', 'server', or 'ca' (or a user-added type.)
+
+ This request file must exist in the reqs/ dir and have a .req file
+ extension. See import-req below for importing reqs from other sources." ;;
+ build|build-client-full|build-server-full) text="
+ build-client-full <filename_base> [ cmd-opts ]
+ build-server-full <filename_base> [ cmd-opts ]
+ Generate a keypair and sign locally for a client or server
+
+ This mode uses the <filename_base> as the X509 CN."
+ opts="
+ nopass - do not encrypt the private key (default is encrypted)" ;;
+ revoke) text="
+ revoke <filename_base>
+ Revoke a certificate specified by the filename_base" ;;
+ gen-crl) text="
+ gen-crl
+ Generate a CRL" ;;
+ update-db) text="
+ update-db
+ Update the index.txt database
+
+ This command will use the system time to update the status of issued
+ certificates." ;;
+ show-req|show-cert) text="
+ show-req <filename_base> [ cmd-opts ]
+ show-cert <filename_base> [ cmd-opts ]
+ Shows details of the req or cert referenced by filename_base
+
+ Human-readable output is shown, including any requested cert options when
+ showing a request."
+ opts="
+ full - show full req/cert info, including pubkey/sig data" ;;
+ import-req) text="
+ import-req <request_file_path> <short_basename>
+ Import a certificate request from a file
+
+ This will copy the specified file into the reqs/ dir in
+ preparation for signing.
+ The <short_basename> is the filename base to create.
+
+ Example usage:
+ import-req /some/where/bob_request.req bob" ;;
+ export-p12) text="
+ export-p12 <filename_base> [ cmd-opts ]
+ Export a PKCS#12 file with the keypair specified by <filename_base>"
+ opts="
+ noca - do not include the ca.crt file in the PKCS12 output
+ nokey - do not include the private key in the PKCS12 output" ;;
+ export-p7) text="
+ export-p7 <filename_base> [ cmd-opts ]
+ Export a PKCS#7 file with the pubkey specified by <filename_base>"
+ opts="
+ noca - do not include the ca.crt file in the PKCS7 output" ;;
+ set-rsa-pass|set-ec-pass) text="
+ set-rsa-pass <filename_base> [ cmd-opts ]
+ set-ec-pass <filename_base> [ cmd-opts ]
+ Set a new passphrase on an RSA or EC key for the listed <filename_base>."
+ opts="
+ nopass - use no password and leave the key unencrypted
+ file - (advanced) treat the file as a raw path, not a short-name" ;;
+ altname|subjectaltname|san) text="
+ --subject-alt-name=SAN_FORMAT_STRING
+ This global option adds a subjectAltName to the request or issued
+ certificate. It MUST be in a valid format accepted by openssl or
+ req/cert generation will fail. Note that including multiple such names
+ requires them to be comma-separated; further invocations of this
+ option will REPLACE the value.
+
+ Examples of the SAN_FORMAT_STRING shown below:
+ DNS:alternate.example.net
+ DNS:primary.example.net,DNS:alternate.example.net
+ IP:203.0.113.29
+ email:alternate@example.net" ;;
+ options)
+ opt_usage ;;
+ "")
+ usage ;;
+ *) text="
+ Unknown command: '$1' (try without commands for a list of commands)" ;;
+ esac
+
+ # display the help text
+ print "$text"
+ [ -n "$opts" ] && print "
+ cmd-opts is an optional set of command options from this list:
+$opts"
+} # => cmd_help()
+
+# Options usage
+opt_usage() {
+ print "
+Easy-RSA Global Option Flags
+
+The following options may be provided before the command. Options specified
+at runtime override env-vars and any 'vars' file in use. Unless noted,
+non-empty values to options are mandatory.
+
+General options:
+
+--batch : set automatic (no-prompts when possible) mode
+--pki-dir=DIR : declares the PKI directory
+--vars=FILE : define a specific 'vars' file to use for Easy-RSA config
+
+Certificate & Request options: (these impact cert/req field values)
+
+--days=# : sets the signing validity to the specified number of days
+--digest=ALG : digest to use in the requests & certificates
+--dn-mode=MODE : DN mode to use (cn_only or org)
+--keysize=# : size in bits of keypair to generate
+--req-cn=NAME : default CN to use
+--subca-len=# : path length of signed sub-CA certs; must be >= 0 if used
+--subject-alt-name : Add a subjectAltName. For more info and syntax, see:
+ ./easyrsa help altname
+--use-algo=ALG : crypto alg to use: choose rsa (default) or ec
+--curve=NAME : for elliptic curve, sets the named curve to use
+
+Organizational DN options: (only used with the 'org' DN mode)
+ (values may be blank for org DN options)
+
+--req-c=CC : country code (2-letters)
+--req-st=NAME : State/Province
+--req-city=NAME : City/Locality
+--req-org=NAME : Organization
+--req-email=NAME : Email addresses
+--req-ou=NAME : Organizational Unit
+
+Deprecated features:
+
+--ns-cert=YESNO : yes or no to including deprecated NS extensions
+--ns-comment=COMMENT : NS comment to include (value may be blank)
+"
+} # => opt_usage()
+
+# Wrapper around printf - clobber print since it's not POSIX anyway
+print() { printf "%s\n" "$*"; }
+
+# Exit fatally with a message to stderr
+# present even with EASYRSA_BATCH as these are fatal problems
+die() {
+ print "
+Easy-RSA error:
+
+$1" 1>&2
+ exit ${2:-1}
+} # => die()
+
+# non-fatal warning output
+warn() {
+ [ ! $EASYRSA_BATCH ] && \
+ print "
+$1" 1>&2
+} # => warn()
+
+# informational notices to stdout
+notice() {
+ [ ! $EASYRSA_BATCH ] && \
+ print "
+$1"
+} # => notice()
+
+# yes/no case-insensitive match (operates on stdin pipe)
+# Returns 0 when input contains yes, 1 for no, 2 for no match
+# If both strings are present, returns 1; first matching line returns.
+awk_yesno() {
+ local awkscript='
+BEGIN {IGNORECASE=1; r=2}
+{ if(match($0,"no")) {r=1; exit}
+ if(match($0,"yes")) {r=0; exit}
+} END {exit r}'
+ awk "$awkscript"
+} # => awk_yesno()
+
+# intent confirmation helper func
+# returns without prompting in EASYRSA_BATCH
+confirm() {
+ [ $EASYRSA_BATCH ] && return
+ local prompt="$1" value="$2" msg="$3" input
+ print "
+$msg
+
+Type the word '$value' to continue, or any other input to abort."
+ printf %s " $prompt"
+ read input
+ [ "$input" = "$value" ] && return
+ notice "Aborting without confirmation."
+ exit 9
+} # => confirm()
+
+# remove temp files
+clean_temp() {
+ for f in "$EASYRSA_TEMP_FILE" "$EASYRSA_TEMP_FILE_2" "$EASYRSA_TEMP_FILE_3"
+ do [ -f "$f" ] && rm "$f" 2>/dev/null
+ done
+} # => clean_temp()
+
+vars_source_check() {
+ # Check for defined EASYRSA_PKI
+ [ -n "$EASYRSA_PKI" ] || die "\
+EASYRSA_PKI env-var undefined"
+
+ # Verify EASYRSA_OPENSSL command gives expected output
+ if [ -z "$EASYRSA_SSL_OK" ]; then
+ local val="$("$EASYRSA_OPENSSL" version)"
+ case "${val%% *}" in
+ OpenSSL|LibreSSL) ;;
+ *) die "\
+Missing or invalid OpenSSL
+Expected to find openssl command at: $EASYRSA_OPENSSL"
+ esac
+ fi
+ EASYRSA_SSL_OK=1
+
+ # Verify EASYRSA_SSL_CONF file exists
+ [ -f "$EASYRSA_SSL_CONF" ] || die "\
+The OpenSSL config file cannot be found.
+Expected location: $EASYRSA_SSL_CONF"
+} # => vars_source_check()
+
+# Verify supplied curve exists and generate curve file if needed
+verify_curve() {
+ if ! "$EASYRSA_OPENSSL" ecparam -name "$EASYRSA_CURVE" > /dev/null; then
+ die "\
+Curve $EASYRSA_CURVE not found. Run openssl ecparam -list_curves to show a
+list of supported curves."
+ fi
+
+ # Check that the ecparams dir exists
+ [ -d "$EASYRSA_EC_DIR" ] || mkdir "$EASYRSA_EC_DIR" || die "\
+Failed creating ecparams dir (permissions?) at:
+$EASYRSA_EC_DIR"
+
+ # Check that the required ecparams file exists
+ local out="$EASYRSA_EC_DIR/${EASYRSA_CURVE}.pem"
+ [ -f "$out" ] && return 0
+ "$EASYRSA_OPENSSL" ecparam -name "$EASYRSA_CURVE" -out "$out" || die "\
+Failed to generate ecparam file (permissions?) when writing to:
+$out"
+
+ # Explicitly return success for caller
+ return 0
+}
+
+# Basic sanity-check of PKI init and complain if missing
+verify_pki_init() {
+ local help_note="Run easyrsa without commands for usage and command help."
+
+ # check that the pki dir exists
+ vars_source_check
+ [ -d "$EASYRSA_PKI" ] || die "\
+EASYRSA_PKI does not exist (perhaps you need to run init-pki)?
+Expected to find the EASYRSA_PKI at: $EASYRSA_PKI
+$help_note"
+
+ # verify expected dirs present:
+ for i in private reqs; do
+ [ -d "$EASYRSA_PKI/$i" ] || die "\
+Missing expected directory: $i (perhaps you need to run init-pki?)
+$help_note"
+ done
+} # => verify_pki_init()
+
+# Verify core CA files present
+verify_ca_init() {
+ local help_note="Run without commands for usage and command help."
+
+ # First check the PKI has been initialized
+ verify_pki_init
+
+ # verify expected files present:
+ for i in serial index.txt ca.crt private/ca.key; do
+ if [ ! -f "$EASYRSA_PKI/$i" ]; then
+ [ "$1" = "test" ] && return 1
+ die "\
+Missing expected CA file: $i (perhaps you need to run build-ca?)
+$help_note"
+ fi
+ done
+
+ # When operating in 'test' mode, return success.
+ # test callers don't care about CA-specific dir structure
+ [ "$1" = "test" ] && return 0
+
+ # verify expected CA-specific dirs:
+ for i in issued certs_by_serial; do
+ [ -d "$EASYRSA_PKI/$i" ] || die "\
+Missing expected CA dir: $i (perhaps you need to run build-ca?)
+$help_note"
+ done
+
+ # explicitly return success for callers
+ return 0
+
+} # => verify_ca_init()
+
+# init-pki backend:
+init_pki() {
+ vars_source_check
+
+ # If EASYRSA_PKI exists, confirm before we rm -rf (skiped with EASYRSA_BATCH)
+ if [ -e "$EASYRSA_PKI" ]; then
+ confirm "Confirm removal: " "yes" "
+WARNING!!!
+
+You are about to remove the EASYRSA_PKI at: $EASYRSA_PKI
+and initialize a fresh PKI here."
+ # now remove it:
+ rm -rf "$EASYRSA_PKI" || die "Removal of PKI dir failed. Check/correct errors above"
+ fi
+
+ # new dirs:
+ for i in private reqs; do
+ mkdir -p "$EASYRSA_PKI/$i" || die "Failed to create PKI file structure (permissions?)"
+ done
+
+ notice "\
+init-pki complete; you may now create a CA or requests.
+Your newly created PKI dir is: $EASYRSA_PKI
+"
+ return 0
+} # => init_pki()
+
+# build-ca backend:
+build_ca() {
+ local opts= sub_ca=
+ while [ -n "$1" ]; do
+ case "$1" in
+ nopass) opts="$opts -nodes" ;;
+ subca) sub_ca=1 ;;
+ *) warn "Ignoring unknown command option: '$1'" ;;
+ esac
+ shift
+ done
+
+ verify_pki_init
+ [ "$EASYRSA_ALGO" = "ec" ] && verify_curve
+
+ # setup for the simpler sub-CA situation and overwrite with root-CA if needed:
+ local out_file="$EASYRSA_PKI/reqs/ca.req"
+ local out_key="$EASYRSA_PKI/private/ca.key"
+ if [ ! $sub_ca ]; then
+ out_file="$EASYRSA_PKI/ca.crt"
+ opts="$opts -x509 -days $EASYRSA_CA_EXPIRE"
+ fi
+
+ # Test for existing CA, and complain if already present
+ if verify_ca_init test; then
+ die "\
+Unable to create a CA as you already seem to have one set up.
+If you intended to start a new CA, run init-pki first."
+ fi
+ # If a private key exists here, a sub-ca was created but not signed.
+ # Notify the user and require a signed ca.crt or a init-pki:
+ [ -f "$out_key" ] && \
+ die "\
+A CA private key exists but no ca.crt is found in your PKI dir of:
+$EASYRSA_PKI
+Refusing to create a new CA keypair as this operation would overwrite your
+current CA keypair. If you intended to start a new CA, run init-pki first."
+
+ # create necessary files and dirs:
+ local err_file="Unable to create necessary PKI files (permissions?)"
+ for i in issued certs_by_serial; do
+ mkdir -p "$EASYRSA_PKI/$i" || die "$err_file"
+ done
+ printf "" > "$EASYRSA_PKI/index.txt" || die "$err_file"
+ print "01" > "$EASYRSA_PKI/serial" || die "$err_file"
+
+ # Default CN only when not in global EASYRSA_BATCH mode:
+ [ $EASYRSA_BATCH ] && opts="$opts -batch" || export EASYRSA_REQ_CN="Easy-RSA CA"
+
+ out_key_tmp="$(mktemp -u "$out_key.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_2="$out_key_tmp"
+ out_file_tmp="$(mktemp -u "$out_file.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_3="$out_file_tmp"
+ # create the CA keypair:
+ "$EASYRSA_OPENSSL" req -utf8 -new -newkey $EASYRSA_ALGO:"$EASYRSA_ALGO_PARAMS" \
+ -config "$EASYRSA_SSL_CONF" -keyout "$out_key_tmp" -out "$out_file_tmp" $opts || \
+ die "Failed to build the CA"
+ mv "$out_key_tmp" "$out_key"; EASYRSA_TEMP_FILE_2=
+ mv "$out_file_tmp" "$out_file"; EASYRSA_TEMP_FILE_3=
+
+ # Success messages
+ if [ $sub_ca ]; then
+ notice "\
+NOTE: Your sub-CA request is at $out_file
+and now must be sent to you parent CA for signing. Place your resulting cert
+at $EASYRSA_PKI/ca.crt prior to signing operations.
+"
+ else notice "\
+CA creation complete and you may now import and sign cert requests.
+Your new CA certificate file for publishing is at:
+$out_file
+"
+ fi
+ return 0
+} # => build_ca()
+
+# gen-dh backend:
+gen_dh() {
+ verify_pki_init
+
+ local out_file="$EASYRSA_PKI/dh.pem"
+ "$EASYRSA_OPENSSL" dhparam -out "$out_file" $EASYRSA_KEY_SIZE || \
+ die "Failed to build DH params"
+ notice "\
+DH parameters of size $EASYRSA_KEY_SIZE created at $out_file
+"
+ return 0
+} # => gen_dh()
+
+# gen-req backend:
+gen_req() {
+ # pull filename base and use as default interactive CommonName:
+ [ -n "$1" ] || die "\
+Error: gen-req must have a file base as the first argument.
+Run easyrsa without commands for usage and commands."
+ local key_out="$EASYRSA_PKI/private/$1.key"
+ local req_out="$EASYRSA_PKI/reqs/$1.req"
+ [ ! $EASYRSA_BATCH ] && EASYRSA_REQ_CN="$1"
+ shift
+
+ # function opts support
+ local opts=
+ while [ -n "$1" ]; do
+ case "$1" in
+ nopass) opts="$opts -nodes" ;;
+ # batch flag supports internal callers needing silent operation
+ batch) local EASYRSA_BATCH=1 ;;
+ *) warn "Ignoring unknown command option: '$1'" ;;
+ esac
+ shift
+ done
+
+ verify_pki_init
+ [ "$EASYRSA_ALGO" = "ec" ] && verify_curve
+
+ # don't wipe out an existing private key without confirmation
+ [ -f "$key_out" ] && confirm "Confirm key overwrite: " "yes" "\
+
+WARNING!!!
+
+An existing private key was found at $key_out
+Continuing with key generation will replace this key."
+
+ # When EASYRSA_EXTRA_EXTS is defined, append it to openssl's [req] section:
+ if [ -n "$EASYRSA_EXTRA_EXTS" ]; then
+ # Setup & insert the extra ext data keyed by a magic line
+ local extra_exts="
+req_extensions = req_extra
+[ req_extra ]
+$EASYRSA_EXTRA_EXTS"
+ local awkscript='
+{if ( match($0, "^#%EXTRA_EXTS%") )
+ { while ( getline<"/dev/stdin" ) {print} next }
+ {print}
+}'
+ print "$extra_exts" | \
+ awk "$awkscript" "$EASYRSA_SSL_CONF" \
+ > "$EASYRSA_TEMP_FILE" \
+ || die "Copying SSL config to temp file failed"
+ # Use this new SSL config for the rest of this function
+ local EASYRSA_SSL_CONF="$EASYRSA_TEMP_FILE"
+ fi
+
+ key_out_tmp="$(mktemp -u "$key_out.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_2="$key_out_tmp"
+ req_out_tmp="$(mktemp -u "$req_out.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_3="$req_out_tmp"
+ # generate request
+ [ $EASYRSA_BATCH ] && opts="$opts -batch"
+ "$EASYRSA_OPENSSL" req -utf8 -new -newkey $EASYRSA_ALGO:"$EASYRSA_ALGO_PARAMS" \
+ -config "$EASYRSA_SSL_CONF" -keyout "$key_out_tmp" -out "$req_out_tmp" $opts \
+ || die "Failed to generate request"
+ mv "$key_out_tmp" "$key_out"; EASYRSA_TEMP_FILE_2=
+ mv "$req_out_tmp" "$req_out"; EASYRSA_TEMP_FILE_3=
+ notice "\
+Keypair and certificate request completed. Your files are:
+req: $req_out
+key: $key_out
+"
+ return 0
+} # => gen_req()
+
+# common signing backend
+sign_req() {
+ local crt_type="$1" opts=
+ local req_in="$EASYRSA_PKI/reqs/$2.req"
+ local crt_out="$EASYRSA_PKI/issued/$2.crt"
+
+ # Support batch by internal caller:
+ [ "$3" = "batch" ] && local EASYRSA_BATCH=1
+
+ verify_ca_init
+
+ # Check argument sanity:
+ [ -n "$2" ] || die "\
+Incorrect number of arguments provided to sign-req:
+expected 2, got $# (see command help for usage)"
+
+ # Cert type must exist under the EASYRSA_EXT_DIR
+ [ -r "$EASYRSA_EXT_DIR/$crt_type" ] || die "\
+Unknown cert type '$crt_type'"
+
+ # Request file must exist
+ [ -f "$req_in" ] || die "\
+No request found for the input: '$2'
+Expected to find the request at: $req_in"
+
+ # Confirm input is a cert req
+ verify_file req "$req_in" || die "\
+The certificate request file is not in a valid X509 request format.
+Offending file: $req_in"
+
+ # Display the request subject in an easy-to-read format
+ # Confirm the user wishes to sign this request
+ confirm "Confirm request details: " "yes" "
+You are about to sign the following certificate.
+Please check over the details shown below for accuracy. Note that this request
+has not been cryptographically verified. Please be sure it came from a trusted
+source or that you have verified the request checksum with the sender.
+
+Request subject, to be signed as a $crt_type certificate for $EASYRSA_CERT_EXPIRE days:
+
+$(display_dn req "$req_in")
+" # => confirm end
+
+ # Generate the extensions file for this cert:
+ {
+ # Append first any COMMON file (if present) then the cert-type extensions
+ cat "$EASYRSA_EXT_DIR/COMMON"
+ cat "$EASYRSA_EXT_DIR/$crt_type"
+
+ # Support a dynamic CA path length when present:
+ [ "$crt_type" = "ca" ] && [ -n "$EASYRSA_SUBCA_LEN" ] && \
+ print "basicConstraints = CA:TRUE, pathlen:$EASYRSA_SUBCA_LEN"
+
+ # Deprecated Netscape extension support, if enabled
+ if print "$EASYRSA_NS_SUPPORT" | awk_yesno; then
+ [ -n "$EASYRSA_NS_COMMENT" ] && \
+ print "nsComment = \"$EASYRSA_NS_COMMENT\""
+ case "$crt_type" in
+ server) print "nsCertType = server" ;;
+ client) print "nsCertType = client" ;;
+ ca) print "nsCertType = sslCA" ;;
+ esac
+ fi
+
+ # Add any advanced extensions supplied by env-var:
+ [ -n "$EASYRSA_EXTRA_EXTS" ] && print "$EASYRSA_EXTRA_EXTS"
+
+ : # needed to keep die from inherting the above test
+ } > "$EASYRSA_TEMP_FILE" || die "\
+Failed to create temp extension file (bad permissions?) at:
+$EASYRSA_TEMP_FILE"
+
+ # sign request
+ crt_out_tmp="$(mktemp -u "$crt_out.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_2="$crt_out_tmp"
+ "$EASYRSA_OPENSSL" ca -utf8 -in "$req_in" -out "$crt_out_tmp" -config "$EASYRSA_SSL_CONF" \
+ -extfile "$EASYRSA_TEMP_FILE" -days $EASYRSA_CERT_EXPIRE -batch $opts \
+ || die "signing failed (openssl output above may have more detail)"
+ mv "$crt_out_tmp" "$crt_out"; EASYRSA_TEMP_FILE_2=
+ notice "\
+Certificate created at: $crt_out
+"
+ return 0
+} # => sign_req()
+
+# common build backend
+# used to generate+sign in 1 step
+build_full() {
+ verify_ca_init
+
+ # pull filename base:
+ [ -n "$2" ] || die "\
+Error: didn't find a file base name as the first argument.
+Run easyrsa without commands for usage and commands."
+ local crt_type="$1" name="$2"
+ local req_out="$EASYRSA_PKI/reqs/$2.req"
+ local key_out="$EASYRSA_PKI/private/$2.key"
+ local crt_out="$EASYRSA_PKI/issued/$2.crt"
+ shift 2
+
+ # function opts support
+ local req_opts=
+ while [ -n "$1" ]; do
+ case "$1" in
+ nopass) req_opts="$req_opts nopass" ;;
+ *) warn "Ignoring unknown command option: '$1'" ;;
+ esac
+ shift
+ done
+
+ # abort on existing req/key/crt files
+ local err_exists="\
+file already exists. Aborting build to avoid overwriting this file.
+If you wish to continue, please use a different name or remove the file.
+Matching file found at: "
+ [ -f "$req_out" ] && die "Request $err_exists $req_out"
+ [ -f "$key_out" ] && die "Key $err_exists $key_out"
+ [ -f "$crt_out" ] && die "Certificate $err_exists $crt_out"
+
+ # create request
+ EASYRSA_REQ_CN="$name"
+ gen_req "$name" batch $req_opts
+
+ # Sign it
+ sign_req "$crt_type" "$name" batch
+
+} # => build_full()
+
+# revoke backend
+revoke() {
+ verify_ca_init
+
+ # pull filename base:
+ [ -n "$1" ] || die "\
+Error: didn't find a file base name as the first argument.
+Run easyrsa without commands for usage and command help."
+ local crt_in="$EASYRSA_PKI/issued/$1.crt"
+
+ verify_file x509 "$crt_in" || die "\
+Unable to revoke as the input file is not a valid certificate. Unexpected
+input in file: $crt_in"
+
+ # confirm operation by displaying DN:
+ confirm "Continue with revocation: " "yes" "
+Please confirm you wish to revoke the certificate with the following subject:
+
+$(display_dn x509 "$crt_in")
+" # => confirm end
+
+ # referenced cert must exist:
+ [ -f "$crt_in" ] || die "\
+Unable to revoke as no certificate was found. Certificate was expected
+at: $crt_in"
+
+ "$EASYRSA_OPENSSL" ca -utf8 -revoke "$crt_in" -config "$EASYRSA_SSL_CONF" || die "\
+Failed to revoke certificate: revocation command failed."
+
+ notice "\
+IMPORTANT!!!
+
+Revocation was successful. You must run gen-crl and upload a CRL to your
+infrastructure in order to prevent the revoked cert from being accepted.
+" # => notice end
+ return 0
+} #= revoke()
+
+# gen-crl backend
+gen_crl() {
+ verify_ca_init
+
+ local out_file="$EASYRSA_PKI/crl.pem"
+ out_file_tmp="$(mktemp -u "$out_file.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_2="$out_file_tmp"
+ "$EASYRSA_OPENSSL" ca -utf8 -gencrl -out "$out_file_tmp" -config "$EASYRSA_SSL_CONF" || die "\
+CRL Generation failed.
+"
+ mv "$out_file_tmp" "$out_file"; EASYRSA_TEMP_FILE_2=
+
+ notice "\
+An updated CRL has been created.
+CRL file: $out_file
+"
+ return 0
+} # => gen_crl()
+
+# import-req backend
+import_req() {
+ verify_pki_init
+
+ # pull passed paths
+ local in_req="$1" short_name="$2"
+ local out_req="$EASYRSA_PKI/reqs/$2.req"
+
+ [ -n "$short_name" ] || die "\
+Unable to import: incorrect command syntax.
+Run easyrsa without commands for usage and command help."
+
+ verify_file req "$in_req" || die "\
+The input file does not appear to be a certificate request. Aborting import.
+Offending file: $in_req"
+
+ # destination must not exist
+ [ -f "$out_req" ] && die "\
+Unable to import the request as the destination file already exists.
+Please choose a different name for your imported request file.
+Existing file at: $out_req"
+
+ # now import it
+ cp "$in_req" "$out_req"
+
+ notice "\
+The request has been successfully imported with a short name of: $short_name
+You may now use this name to perform signing operations on this request.
+"
+ return 0
+} # => import_req()
+
+# export pkcs#12 or pkcs#7
+export_pkcs() {
+ local pkcs_type="$1"
+ shift
+
+ [ -n "$1" ] || die "\
+Unable to export p12: incorrect command syntax.
+Run easyrsa without commands for usage and command help."
+
+ local short_name="$1"
+ local crt_in="$EASYRSA_PKI/issued/$1.crt"
+ local key_in="$EASYRSA_PKI/private/$1.key"
+ local crt_ca="$EASYRSA_PKI/ca.crt"
+ shift
+
+ verify_pki_init
+
+ # opts support
+ local want_ca=1
+ local want_key=1
+ while [ -n "$1" ]; do
+ case "$1" in
+ noca) want_ca= ;;
+ nokey) want_key= ;;
+ *) warn "Ignoring unknown command option: '$1'" ;;
+ esac
+ shift
+ done
+
+ local pkcs_opts=
+ if [ $want_ca ]; then
+ verify_file x509 "$crt_ca" || die "\
+Unable to include CA cert in the $pkcs_type output (missing file, or use noca option.)
+Missing file expected at: $crt_ca"
+ pkcs_opts="$pkcs_opts -certfile $crt_ca"
+ fi
+
+ # input files must exist
+ verify_file x509 "$crt_in" || die "\
+Unable to export $pkcs_type for short name '$short_name' without the certificate.
+Missing cert expected at: $crt_in"
+
+ case "$pkcs_type" in
+ p12)
+ local pkcs_out="$EASYRSA_PKI/private/$short_name.p12"
+
+ if [ $want_key ]; then
+ [ -f "$key_in" ] || die "\
+Unable to export p12 for short name '$short_name' without the key
+(if you want a p12 without the private key, use nokey option.)
+Missing key expected at: $key_in"
+ else
+ pkcs_opts="$pkcs_opts -nokeys"
+ fi
+
+ # export the p12:
+ "$EASYRSA_OPENSSL" pkcs12 -in "$crt_in" -inkey "$key_in" -export \
+ -out "$pkcs_out" $pkcs_opts || die "\
+Export of p12 failed: see above for related openssl errors."
+ ;;
+ p7)
+ local pkcs_out="$EASYRSA_PKI/issued/$short_name.p7b"
+
+ # export the p7:
+ "$EASYRSA_OPENSSL" crl2pkcs7 -nocrl -certfile "$crt_in" \
+ -out "$pkcs_out" $pkcs_opts || die "\
+Export of p7 failed: see above for related openssl errors."
+ ;;
+esac
+
+ notice "\
+Successful export of $pkcs_type file. Your exported file is at the following
+location: $pkcs_out
+"
+ return 0
+} # => export_pkcs()
+
+# set-pass backend
+set_pass() {
+ verify_pki_init
+
+ # key type, supplied internally from frontend command call (rsa/ec)
+ local key_type="$1"
+
+ # values supplied by the user:
+ local raw_file="$2"
+ local file="$EASYRSA_PKI/private/$raw_file.key"
+ [ -n "$raw_file" ] || die "\
+Missing argument to 'set-$key_type-pass' command: no name/file supplied.
+See help output for usage details."
+
+ # parse command options
+ shift 2
+ local crypto="-aes256"
+ while [ -n "$1" ]; do
+ case "$1" in
+ nopass) crypto= ;;
+ file) file="$raw_file" ;;
+ *) warn "Ignoring unknown command option: '$1'" ;;
+ esac
+ shift
+ done
+
+ [ -f "$file" ] || die "\
+Missing private key: expected to find the private key component at:
+$file"
+
+ notice "\
+If the key is currently encrypted you must supply the decryption passphrase.
+${crypto:+You will then enter a new PEM passphrase for this key.$NL}"
+
+ "$EASYRSA_OPENSSL" $key_type -in "$file" -out "$file" $crypto || die "\
+Failed to change the private key passphrase. See above for possible openssl
+error messages."
+
+ notice "Key passphrase successfully changed"
+
+} # => set_pass()
+
+# update-db backend
+update_db() {
+ verify_ca_init
+
+ "$EASYRSA_OPENSSL" ca -utf8 -updatedb -config "$EASYRSA_SSL_CONF" || die "\
+Failed to perform update-db: see above for related openssl errors."
+ return 0
+} # => update_db()
+
+# display cert DN info on a req/X509, passed by full pathname
+display_dn() {
+ local format="$1" path="$2"
+ print "$("$EASYRSA_OPENSSL" $format -in "$path" -noout -subject -nameopt multiline)"
+} # => display_dn()
+
+# verify a file seems to be a valid req/X509
+verify_file() {
+ local format="$1" path="$2"
+ "$EASYRSA_OPENSSL" $format -in "$path" -noout 2>/dev/null || return 1
+ return 0
+} # => verify_x509()
+
+# show-* command backend
+# Prints req/cert details in a readable format
+show() {
+ local type="$1" name="$2" in_file format
+ [ -n "$name" ] || die "\
+Missing expected filename_base argument.
+Run easyrsa without commands for usage help."
+ shift 2
+
+ # opts support
+ local opts="-${type}opt no_pubkey,no_sigdump"
+ while [ -n "$1" ]; do
+ case "$1" in
+ full) opts= ;;
+ *) warn "Ignoring unknown command option: '$1'" ;;
+ esac
+ shift
+ done
+
+ # Determine cert/req type
+ if [ "$type" = "cert" ]; then
+ verify_ca_init
+ in_file="$EASYRSA_PKI/issued/${name}.crt"
+ format="x509"
+ else
+ verify_pki_init
+ in_file="$EASYRSA_PKI/reqs/${name}.req"
+ format="req"
+ fi
+
+ # Verify file exists and is of the correct type
+ [ -f "$in_file" ] || die "\
+No such $type file with a basename of '$name' is present.
+Expected to find this file at:
+$in_file"
+ verify_file $format "$in_file" || die "\
+This file is not a valid $type file:
+$in_file"
+
+ notice "\
+Showing $type details for '$name'.
+This file is stored at:
+$in_file
+"
+ "$EASYRSA_OPENSSL" $format -in "$in_file" -noout -text\
+ -nameopt multiline $opts || die "\
+OpenSSL failure to process the input"
+} # => show()
+
+# vars setup
+# Here sourcing of 'vars' if present occurs. If not present, defaults are used
+# to support running without a sourced config format
+vars_setup() {
+ # Try to locate a 'vars' file in order of location preference.
+ # If one is found, source it
+ local vars=
+
+ # set up program path
+ local prog_vars="${0%/*}/vars"
+
+ # command-line path:
+ if [ -f "$EASYRSA_VARS_FILE" ]; then
+ vars="$EASYRSA_VARS_FILE"
+ # EASYRSA_PKI, if defined:
+ elif [ -n "$EASYRSA_PKI" ] && [ -f "$EASYRSA_PKI/vars" ]; then
+ vars="$EASYRSA_PKI/vars"
+ # EASYRSA, if defined:
+ elif [ -n "$EASYRSA" ] && [ -f "$EASYRSA/vars" ]; then
+ vars="$EASYRSA/vars"
+ # program location:
+ elif [ -f "$prog_vars" ]; then
+ vars="$prog_vars"
+ fi
+
+ # If a vars file was located, source it
+ # If $EASYRSA_NO_VARS is defined (not blank) this is skipped
+ if [ -z "$EASYRSA_NO_VARS" ] && [ -n "$vars" ]; then
+ EASYRSA_CALLER=1 . "$vars"
+ notice "\
+Note: using Easy-RSA configuration from: $vars"
+ fi
+
+ # Set defaults, preferring existing env-vars if present
+ set_var EASYRSA "$PWD"
+ set_var EASYRSA_OPENSSL openssl
+ set_var EASYRSA_PKI "$EASYRSA/pki"
+ set_var EASYRSA_DN cn_only
+ set_var EASYRSA_REQ_COUNTRY "US"
+ set_var EASYRSA_REQ_PROVINCE "California"
+ set_var EASYRSA_REQ_CITY "San Francisco"
+ set_var EASYRSA_REQ_ORG "Copyleft Certificate Co"
+ set_var EASYRSA_REQ_EMAIL me@example.net
+ set_var EASYRSA_REQ_OU "My Organizational Unit"
+ set_var EASYRSA_ALGO rsa
+ set_var EASYRSA_KEY_SIZE 2048
+ set_var EASYRSA_CURVE secp384r1
+ set_var EASYRSA_EC_DIR "$EASYRSA_PKI/ecparams"
+ set_var EASYRSA_CA_EXPIRE 3650
+ set_var EASYRSA_CERT_EXPIRE 3650
+ set_var EASYRSA_CRL_DAYS 180
+ set_var EASYRSA_NS_SUPPORT no
+ set_var EASYRSA_NS_COMMENT "Easy-RSA Generated Certificate"
+ set_var EASYRSA_TEMP_FILE "$EASYRSA_PKI/extensions.temp"
+ set_var EASYRSA_TEMP_FILE_2 ""
+ set_var EASYRSA_TEMP_FILE_3 ""
+ set_var EASYRSA_REQ_CN ChangeMe
+ set_var EASYRSA_DIGEST sha256
+
+ # Detect openssl config, preferring EASYRSA_PKI over EASYRSA
+ if [ -f "$EASYRSA_PKI/openssl-1.0.cnf" ]; then
+ set_var EASYRSA_SSL_CONF "$EASYRSA_PKI/openssl-1.0.cnf"
+ else set_var EASYRSA_SSL_CONF "$EASYRSA/openssl-1.0.cnf"
+ fi
+
+ # Same as above for the x509-types extensions dir
+ if [ -d "$EASYRSA_PKI/x509-types" ]; then
+ set_var EASYRSA_EXT_DIR "$EASYRSA_PKI/x509-types"
+ else set_var EASYRSA_EXT_DIR "$EASYRSA/x509-types"
+ fi
+
+ # EASYRSA_ALGO_PARAMS must be set depending on selected algo
+ if [ "ec" = "$EASYRSA_ALGO" ]; then
+ EASYRSA_ALGO_PARAMS="$EASYRSA_EC_DIR/${EASYRSA_CURVE}.pem"
+ elif [ "rsa" = "$EASYRSA_ALGO" ]; then
+ EASYRSA_ALGO_PARAMS="${EASYRSA_KEY_SIZE}"
+ else
+ die "Alg '$EASYRSA_ALGO' is invalid: must be 'rsa' or 'ec'"
+ fi
+
+ # Setting OPENSSL_CONF prevents bogus warnings (especially useful on win32)
+ export OPENSSL_CONF="$EASYRSA_SSL_CONF"
+} # vars_setup()
+
+# variable assignment by indirection when undefined; merely exports
+# the variable when it is already defined (even if currently null)
+# Sets $1 as the value contained in $2 and exports (may be blank)
+set_var() {
+ local var=$1
+ shift
+ local value="$*"
+ eval "export $var=\"\${$var-$value}\""
+} #=> set_var()
+
+########################################
+# Invocation entry point:
+
+NL='
+'
+
+# Be secure with a restrictive umask
+[ -z "$EASYRSA_NO_UMASK" ] && umask 077
+
+# Parse options
+while :; do
+ # Separate option from value:
+ opt="${1%%=*}"
+ val="${1#*=}"
+ empty_ok= # Empty values are not allowed unless excepted
+
+ case "$opt" in
+ --days)
+ export EASYRSA_CERT_EXPIRE="$val"
+ export EASYRSA_CA_EXPIRE="$val"
+ export EASYRSA_CRL_DAYS="$val"
+ ;;
+ --pki-dir)
+ export EASYRSA_PKI="$val" ;;
+ --use-algo)
+ export EASYRSA_ALGO="$val" ;;
+ --keysize)
+ export EASYRSA_KEY_SIZE="$val" ;;
+ --curve)
+ export EASYRSA_CURVE="$val" ;;
+ --dn-mode)
+ export EASYRSA_DN="$val" ;;
+ --req-cn)
+ export EASYRSA_REQ_CN="$val" ;;
+ --digest)
+ export EASYRSA_DIGEST="$val" ;;
+ --req-c)
+ empty_ok=1
+ export EASYRSA_REQ_COUNTRY="$val" ;;
+ --req-st)
+ empty_ok=1
+ export EASYRSA_REQ_PROVINCE="$val" ;;
+ --req-city)
+ empty_ok=1
+ export EASYRSA_REQ_CITY="$val" ;;
+ --req-org)
+ empty_ok=1
+ export EASYRSA_REQ_ORG="$val" ;;
+ --req-email)
+ empty_ok=1
+ export EASYRSA_REQ_EMAIL="$val" ;;
+ --req-ou)
+ empty_ok=1
+ export EASYRSA_REQ_OU="$val" ;;
+ --ns-cert)
+ export EASYRSA_NS_SUPPORT="$val" ;;
+ --ns-comment)
+ empty_ok=1
+ export EASYRSA_NS_COMMENT="$val" ;;
+ --batch)
+ empty_ok=1
+ export EASYRSA_BATCH=1 ;;
+ --subca-len)
+ export EASYRSA_SUBCA_LEN="$val" ;;
+ --vars)
+ export EASYRSA_VARS_FILE="$val" ;;
+ --subject-alt-name)
+ export EASYRSA_EXTRA_EXTS="\
+$EASYRSA_EXTRA_EXTS
+subjectAltName = $val" ;;
+ *)
+ break ;;
+ esac
+
+ # fatal error when no value was provided
+ if [ ! $empty_ok ] && { [ "$val" = "$1" ] || [ -z "$val" ]; }; then
+ die "Missing value to option: $opt"
+ fi
+
+ shift
+done
+
+# Intelligent env-var detection and auto-loading:
+vars_setup
+
+# Register clean_temp on EXIT
+trap "clean_temp" EXIT
+
+# determine how we were called, then hand off to the function responsible
+cmd="$1"
+[ -n "$1" ] && shift # scrape off command
+case "$cmd" in
+ init-pki|clean-all)
+ init_pki "$@"
+ ;;
+ build-ca)
+ build_ca "$@"
+ ;;
+ gen-dh)
+ gen_dh
+ ;;
+ gen-req)
+ gen_req "$@"
+ ;;
+ sign|sign-req)
+ sign_req "$@"
+ ;;
+ build-client-full)
+ build_full client "$@"
+ ;;
+ build-server-full)
+ build_full server "$@"
+ ;;
+ gen-crl)
+ gen_crl
+ ;;
+ revoke)
+ revoke "$@"
+ ;;
+ import-req)
+ import_req "$@"
+ ;;
+ export-p12)
+ export_pkcs p12 "$@"
+ ;;
+ export-p7)
+ export_pkcs p7 "$@"
+ ;;
+ set-rsa-pass)
+ set_pass rsa "$@"
+ ;;
+ set-ec-pass)
+ set_pass ec "$@"
+ ;;
+ update-db)
+ update_db
+ ;;
+ show-req)
+ show req "$@"
+ ;;
+ show-cert)
+ show cert "$@"
+ ;;
+ ""|help|-h|--help|--usage)
+ cmd_help "$1"
+ exit 0
+ ;;
+ *)
+ die "Unknown command '$cmd'. Run without commands for usage help."
+ ;;
+esac
+
+# vim: ft=sh nu ai sw=8 ts=8
--- /dev/null
+# For use with Easy-RSA 3.0 and OpenSSL 1.0.*
+
+RANDFILE = $ENV::EASYRSA_PKI/.rnd
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = $ENV::EASYRSA_PKI # Where everything is kept
+certs = $dir # Where the issued certs are kept
+crl_dir = $dir # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+new_certs_dir = $dir/certs_by_serial # default place for new certs.
+
+certificate = $dir/ca.crt # The CA certificate
+serial = $dir/serial # The current serial number
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/ca.key # The private key
+RANDFILE = $dir/.rand # private random number file
+
+x509_extensions = basic_exts # The extentions to add to the cert
+
+# This allows a V2 CRL. Ancient browsers don't like it, but anything Easy-RSA
+# is designed for will. In return, we get the Issuer attached to CRLs.
+crl_extensions = crl_ext
+
+default_days = $ENV::EASYRSA_CERT_EXPIRE # how long to certify for
+default_crl_days= $ENV::EASYRSA_CRL_DAYS # how long before next CRL
+default_md = $ENV::EASYRSA_DIGEST # use public key default MD
+preserve = no # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_anything
+
+# For the 'anything' policy, which defines allowed DN fields
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+name = optional
+emailAddress = optional
+
+####################################################################
+# Easy-RSA request handling
+# We key off $DN_MODE to determine how to format the DN
+[ req ]
+default_bits = $ENV::EASYRSA_KEY_SIZE
+default_keyfile = privkey.pem
+default_md = $ENV::EASYRSA_DIGEST
+distinguished_name = $ENV::EASYRSA_DN
+x509_extensions = easyrsa_ca # The extentions to add to the self signed cert
+
+# A placeholder to handle the $EXTRA_EXTS feature:
+#%EXTRA_EXTS% # Do NOT remove or change this line as $EXTRA_EXTS support requires it
+
+####################################################################
+# Easy-RSA DN (Subject) handling
+
+# Easy-RSA DN for cn_only support:
+[ cn_only ]
+commonName = Common Name (eg: your user, host, or server name)
+commonName_max = 64
+commonName_default = $ENV::EASYRSA_REQ_CN
+
+# Easy-RSA DN for org support:
+[ org ]
+countryName = Country Name (2 letter code)
+countryName_default = $ENV::EASYRSA_REQ_COUNTRY
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = $ENV::EASYRSA_REQ_PROVINCE
+
+localityName = Locality Name (eg, city)
+localityName_default = $ENV::EASYRSA_REQ_CITY
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = $ENV::EASYRSA_REQ_ORG
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+organizationalUnitName_default = $ENV::EASYRSA_REQ_OU
+
+commonName = Common Name (eg: your user, host, or server name)
+commonName_max = 64
+commonName_default = $ENV::EASYRSA_REQ_CN
+
+emailAddress = Email Address
+emailAddress_default = $ENV::EASYRSA_REQ_EMAIL
+emailAddress_max = 64
+
+####################################################################
+# Easy-RSA cert extension handling
+
+# This section is effectively unused as the main script sets extensions
+# dynamically. This core section is left to support the odd usecase where
+# a user calls openssl directly.
+[ basic_exts ]
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+
+# The Easy-RSA CA extensions
+[ easyrsa_ca ]
+
+# PKIX recommendations:
+
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This could be marked critical, but it's nice to support reading by any
+# broken clients who attempt to do so.
+basicConstraints = CA:true
+
+# Limit key usage to CA tasks. If you really want to use the generated pair as
+# a self-signed cert, comment this out.
+keyUsage = cRLSign, keyCertSign
+
+# nsCertType omitted by default. Let's try to let the deprecated stuff die.
+# nsCertType = sslCA
+
+# CRL extensions.
+[ crl_ext ]
+
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIB4zCCAWmgAwIBAgIJANzVB7ZWgM/zMAoGCCqGSM49BAMCMBUxEzARBgNVBAMM
+Ck9wZW5WUE4gQ0EwHhcNMTcxMDE5MDkyNjQ5WhcNMjcxMDE3MDkyNjQ5WjAVMRMw
+EQYDVQQDDApPcGVuVlBOIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZlRYMkM/
+C1BWwdhulSHhjowAkCXaAN8OUprngryT/qA/0Am+LYQmWdwNdef4ElhSTW4xaKQZ
+q4d36p1ygnf3lEKRQSkg2u/5mrTCBw1DEZOgg8CS1z4wTlttYqlido0Jo4GEMIGB
+MB0GA1UdDgQWBBQ0+FxfsE+24u9DitmrWHTQVshLzzBFBgNVHSMEPjA8gBQ0+Fxf
+sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV
+B7ZWgM/zMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA2gA
+MGUCMQCzheSmsBg4AbeGKqnuJ9P/uvgQOZcsgxls63EDhpirHcL/eJFGwpF2xj1p
+9AnWZfwCMGO/71WFApKPRJo6rFfpbqt3UG/ht2TKE59f2kXNlhW2DS0Vg4FnFRVa
++ARBv6orZw==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 1 (0x1)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:26:59 2017 GMT
+ Not After : Oct 17 09:26:59 2027 GMT
+ Subject: CN=server
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:f3:0e:85:4d:7a:51:75:26:35:e7:56:09:01:4f:
+ a7:b4:75:c7:98:55:a7:ca:21:88:bf:0d:7a:29:c0:
+ ed:f8:e5:fa:bb:4b:f7:73:63:9c:b5:37:bc:b6:b3:
+ 24:3c:46:73:d0:46:4f:25:7c:b6:98:2f:03:85:b0:
+ 13:11:6f:c1:0a:a4:ce:d1:70:1f:f4:60:fc:cc:29:
+ 25:c0:b9:22:61:58:22:d6:3f:d2:f6:67:9f:06:ec:
+ da:9f:b3:ca:1f:da:9d
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 1C:77:A0:CE:67:4B:FE:FC:6F:51:C0:C1:5D:E3:94:FD:26:CE:63:3E
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:31:00:88:ec:52:55:18:34:d6:8c:e4:d2:26:c1:ec:
+ ac:8a:09:74:7f:3b:0f:ae:28:30:de:04:2b:5c:5a:25:8a:f9:
+ 6a:49:e8:a9:aa:1d:a3:86:17:f7:46:9f:3c:d0:fb:0b:98:02:
+ 30:4e:a5:cf:fc:18:9e:89:c3:b3:48:3c:20:b4:2c:d8:8b:f7:
+ 10:0f:80:e8:d9:40:ab:a4:3b:87:e3:57:a2:e5:15:2f:1a:10:
+ c6:7a:e1:2b:c9:9c:20:49:a8:20:94:6b:d8
+-----BEGIN CERTIFICATE-----
+MIIB6TCCAW+gAwIBAgIBATAKBggqhkjOPQQDAjAVMRMwEQYDVQQDDApPcGVuVlBO
+IENBMB4XDTE3MTAxOTA5MjY1OVoXDTI3MTAxNzA5MjY1OVowETEPMA0GA1UEAwwG
+c2VydmVyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8w6FTXpRdSY151YJAU+ntHXH
+mFWnyiGIvw16KcDt+OX6u0v3c2OctTe8trMkPEZz0EZPJXy2mC8DhbATEW/BCqTO
+0XAf9GD8zCklwLkiYVgi1j/S9mefBuzan7PKH9qdo4GWMIGTMAkGA1UdEwQCMAAw
+HQYDVR0OBBYEFBx3oM5nS/78b1HAwV3jlP0mzmM+MEUGA1UdIwQ+MDyAFDT4XF+w
+T7bi70OK2atYdNBWyEvPoRmkFzAVMRMwEQYDVQQDDApPcGVuVlBOIENBggkA3NUH
+tlaAz/MwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMAoGCCqGSM49
+BAMCA2gAMGUCMQCI7FJVGDTWjOTSJsHsrIoJdH87D64oMN4EK1xaJYr5aknoqaod
+o4YX90afPND7C5gCME6lz/wYnonDs0g8ILQs2Iv3EA+A6NlAq6Q7h+NXouUVLxoQ
+xnrhK8mcIEmoIJRr2A==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 10257 (0x2811)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:33:38 2017 GMT
+ Not After : Oct 17 09:33:38 2027 GMT
+ Subject: CN=zfelleg
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:cf:d4:8f:88:15:a2:5f:1a:5d:2d:dd:51:2b:0d:
+ f1:6e:0b:4d:8b:81:67:ac:37:75:0b:1a:fa:fa:08:
+ 5b:4c:4a:d1:9b:63:df:b6:df:bd:dc:14:75:47:c3:
+ 77:6c:0e:f6:c1:7b:21:4b:5d:91:7e:93:7e:39:ac:
+ 07:69:86:15:9f:d8:b2:85:ee:2e:24:24:b7:e1:12:
+ 2a:d9:04:5b:f3:22:9e:2c:f3:3a:aa:3c:0d:de:28:
+ 13:8b:7a:b6:72:62:28
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 0E:89:B8:B3:3F:79:44:1B:2D:22:D5:67:BE:BB:FB:4B:F8:52:27:4B
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:31:00:ed:61:aa:ec:d9:b6:11:19:58:65:7f:57:3c:
+ 98:a8:dd:c0:db:3f:c2:43:a4:a6:21:34:98:21:f2:43:2f:81:
+ c6:a2:b1:f2:c9:eb:ea:37:6a:18:f9:81:ea:33:1a:6a:d4:02:
+ 30:48:a3:18:1a:4f:2e:8b:5e:67:e5:a9:f3:48:01:25:b9:73:
+ 0c:48:50:9f:0a:c1:9f:45:d3:e9:70:09:bd:18:38:17:66:0b:
+ f2:24:a2:77:0e:53:bf:67:be:36:9d:d7:9d
+-----BEGIN CERTIFICATE-----
+MIIB6zCCAXGgAwIBAgICKBEwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMzMzhaFw0yNzEwMTcwOTMzMzhaMBIxEDAOBgNVBAMM
+B3pmZWxsZWcwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATP1I+IFaJfGl0t3VErDfFu
+C02LgWesN3ULGvr6CFtMStGbY9+2373cFHVHw3dsDvbBeyFLXZF+k345rAdphhWf
+2LKF7i4kJLfhEirZBFvzIp4s8zqqPA3eKBOLerZyYiijgZYwgZMwCQYDVR0TBAIw
+ADAdBgNVHQ4EFgQUDom4sz95RBstItVnvrv7S/hSJ0swRQYDVR0jBD4wPIAUNPhc
+X7BPtuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc
+1Qe2VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI
+zj0EAwIDaAAwZQIxAO1hquzZthEZWGV/VzyYqN3A2z/CQ6SmITSYIfJDL4HGorHy
+yevqN2oY+YHqMxpq1AIwSKMYGk8ui15n5anzSAEluXMMSFCfCsGfRdPpcAm9GDgX
+ZgvyJKJ3DlO/Z742nded
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 10946 (0x2ac2)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: May 8 11:24:40 2018 GMT
+ Not After : May 5 11:24:40 2028 GMT
+ Subject: CN=cslevai
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:a1:0f:74:b8:b8:de:43:c0:f5:a6:5c:24:49:fb:
+ 38:bc:80:d7:b7:af:a3:be:8d:f6:08:87:0b:13:8b:
+ 2f:c0:1c:d6:1a:27:78:26:d5:3b:0f:01:f3:8b:a0:
+ 3f:a0:dc:b5:2a:88:8d:7d:31:b2:98:ab:71:43:8c:
+ d3:d7:c2:84:a4:db:e8:40:e6:83:d8:6f:7d:8c:c5:
+ cf:87:5d:bc:6e:b2:6e:5a:07:64:cb:a6:57:e0:05:
+ 78:35:ae:71:da:5e:b7
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ C0:FE:8D:CF:21:47:D9:22:05:1A:A9:0F:5C:9A:0C:DF:78:13:21:6A
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:30:31:1e:7f:c1:2c:49:3e:d4:d9:d4:c0:3e:ad:f7:
+ 54:40:d9:f7:e5:1e:34:16:ef:52:35:51:92:d0:f1:9f:07:b0:
+ d8:aa:1d:75:4c:73:27:a5:e7:7e:7c:fa:11:40:d2:55:02:31:
+ 00:95:9a:5e:2d:20:ab:c6:93:30:7f:2a:91:e8:46:34:aa:90:
+ 4f:3e:b0:63:c0:e1:01:36:23:61:03:20:01:51:ba:fc:3d:29:
+ 74:50:0b:e0:5e:20:8a:33:58:f4:db:24:21
+-----BEGIN CERTIFICATE-----
+MIIB6zCCAXGgAwIBAgICKsIwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xODA1MDgxMTI0NDBaFw0yODA1MDUxMTI0NDBaMBIxEDAOBgNVBAMM
+B2NzbGV2YWkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAShD3S4uN5DwPWmXCRJ+zi8
+gNe3r6O+jfYIhwsTiy/AHNYaJ3gm1TsPAfOLoD+g3LUqiI19MbKYq3FDjNPXwoSk
+2+hA5oPYb32Mxc+HXbxusm5aB2TLplfgBXg1rnHaXrejgZYwgZMwCQYDVR0TBAIw
+ADAdBgNVHQ4EFgQUwP6NzyFH2SIFGqkPXJoM33gTIWowRQYDVR0jBD4wPIAUNPhc
+X7BPtuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc
+1Qe2VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI
+zj0EAwIDaAAwZQIwMR5/wSxJPtTZ1MA+rfdUQNn35R40Fu9SNVGS0PGfB7DYqh11
+THMnped+fPoRQNJVAjEAlZpeLSCrxpMwfyqR6EY0qpBPPrBjwOEBNiNhAyABUbr8
+PSl0UAvgXiCKM1j02yQh
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 11036 (0x2b1c)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:31:11 2017 GMT
+ Not After : Oct 17 09:31:11 2027 GMT
+ Subject: CN=akosztolanyi
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:8f:3c:74:2e:5d:d7:90:ac:5c:2f:e8:fe:f3:8a:
+ 8d:6b:6b:96:98:a7:63:e3:03:42:4c:2b:49:22:a8:
+ 07:c2:ac:06:89:a8:80:04:26:5e:68:79:a8:b9:84:
+ 79:3e:da:98:56:15:36:f2:7c:09:f8:41:78:5c:8e:
+ 2c:de:1b:18:8a:49:4c:8f:fe:ed:95:8f:0f:cb:5b:
+ e2:64:b1:63:ef:3d:d1:95:49:f1:4e:73:47:a7:11:
+ 94:1c:36:da:e6:55:cf
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ B1:A3:E4:CB:16:E0:E1:12:E2:70:12:2B:8F:DA:D8:99:D6:63:A4:FC
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:66:02:31:00:b7:e6:6c:6c:e6:75:bd:45:00:d2:29:3e:55:
+ 07:c4:33:b8:50:77:09:1b:d2:9b:1d:4d:48:ed:74:a3:2d:c0:
+ 99:0a:06:7a:08:b6:c7:41:e0:58:a9:2c:3c:6e:3f:62:a3:02:
+ 31:00:a9:80:0c:db:0c:c4:7c:79:44:ec:09:a5:2d:02:ef:31:
+ a7:84:0b:c2:7e:a6:0b:0c:c1:e3:84:d5:35:7f:1d:ac:21:7f:
+ f0:83:a7:2b:db:d8:06:61:f2:86:ee:1b:6f:1f
+-----BEGIN CERTIFICATE-----
+MIIB8TCCAXagAwIBAgICKxwwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMxMTFaFw0yNzEwMTcwOTMxMTFaMBcxFTATBgNVBAMM
+DGFrb3N6dG9sYW55aTB2MBAGByqGSM49AgEGBSuBBAAiA2IABI88dC5d15CsXC/o
+/vOKjWtrlpinY+MDQkwrSSKoB8KsBomogAQmXmh5qLmEeT7amFYVNvJ8CfhBeFyO
+LN4bGIpJTI/+7ZWPD8tb4mSxY+890ZVJ8U5zR6cRlBw22uZVz6OBljCBkzAJBgNV
+HRMEAjAAMB0GA1UdDgQWBBSxo+TLFuDhEuJwEiuP2tiZ1mOk/DBFBgNVHSMEPjA8
+gBQ0+FxfsE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBD
+QYIJANzVB7ZWgM/zMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAK
+BggqhkjOPQQDAgNpADBmAjEAt+ZsbOZ1vUUA0ik+VQfEM7hQdwkb0psdTUjtdKMt
+wJkKBnoItsdB4FipLDxuP2KjAjEAqYAM2wzEfHlE7AmlLQLvMaeEC8J+pgsMweOE
+1TV/Hawhf/CDpyvb2AZh8obuG28f
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 11182 (0x2bae)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:32:30 2017 GMT
+ Not After : Oct 17 09:32:30 2027 GMT
+ Subject: CN=khorvath
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:ab:61:3a:de:89:4e:0e:63:ea:c8:6b:98:1a:8b:
+ c4:f9:72:f4:bf:b2:0e:eb:94:ef:04:6c:a9:e4:78:
+ 53:f9:a8:af:6a:14:9b:27:e9:17:45:c7:f9:9e:e4:
+ d3:59:43:9c:13:c7:15:63:80:8e:aa:ac:fc:9a:55:
+ 59:64:7c:62:3d:2c:50:20:97:d1:c1:1e:22:94:53:
+ 74:4a:5f:30:fb:a0:3d:ba:e0:9d:2e:e2:70:af:73:
+ a5:c0:32:45:77:2e:20
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 1D:C8:C2:9E:05:CF:12:BB:33:C2:D9:24:C7:ED:A4:8D:86:23:75:CF
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:66:02:31:00:98:ba:ed:a5:45:71:05:76:b6:40:76:4e:a3:
+ 31:bd:38:7e:7d:0b:71:13:6f:1a:ee:58:1a:89:eb:ee:50:b2:
+ 86:2b:c6:4b:dc:8b:a5:ee:4b:c7:06:c9:65:55:10:7c:95:02:
+ 31:00:88:07:18:6d:65:2f:bf:79:42:d7:df:5c:88:f9:ff:81:
+ 8a:3d:25:80:8b:76:33:59:a9:28:20:82:30:40:67:88:49:34:
+ 51:f2:36:0a:22:49:2e:e5:d7:35:c3:4e:c8:2b
+-----BEGIN CERTIFICATE-----
+MIIB7TCCAXKgAwIBAgICK64wCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMyMzBaFw0yNzEwMTcwOTMyMzBaMBMxETAPBgNVBAMM
+CGtob3J2YXRoMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEq2E63olODmPqyGuYGovE
++XL0v7IO65TvBGyp5HhT+aivahSbJ+kXRcf5nuTTWUOcE8cVY4COqqz8mlVZZHxi
+PSxQIJfRwR4ilFN0Sl8w+6A9uuCdLuJwr3OlwDJFdy4go4GWMIGTMAkGA1UdEwQC
+MAAwHQYDVR0OBBYEFB3Iwp4FzxK7M8LZJMftpI2GI3XPMEUGA1UdIwQ+MDyAFDT4
+XF+wT7bi70OK2atYdNBWyEvPoRmkFzAVMRMwEQYDVQQDDApPcGVuVlBOIENBggkA
+3NUHtlaAz/MwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqG
+SM49BAMCA2kAMGYCMQCYuu2lRXEFdrZAdk6jMb04fn0LcRNvGu5YGonr7lCyhivG
+S9yLpe5LxwbJZVUQfJUCMQCIBxhtZS+/eULX31yI+f+Bij0lgIt2M1mpKCCCMEBn
+iEk0UfI2CiJJLuXXNcNOyCs=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 11427 (0x2ca3)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:31:22 2017 GMT
+ Not After : Oct 17 09:31:22 2027 GMT
+ Subject: CN=azsamboki
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:37:66:66:c1:b8:90:03:80:8d:75:22:db:61:2e:
+ 72:0e:78:04:91:9d:da:99:39:1d:89:0b:0e:34:90:
+ 06:0d:3d:8c:25:2f:fc:56:75:bc:85:ab:24:54:14:
+ f4:27:39:49:10:11:80:4a:07:7b:72:ed:79:8d:95:
+ 34:e3:07:13:3b:da:51:eb:8a:b5:77:b6:71:e4:97:
+ e6:05:4f:27:3e:0a:c1:f6:1f:ff:bf:a4:5e:43:ca:
+ bc:42:fd:3f:49:c3:5b
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ DE:CA:E6:F5:11:A9:62:D9:9C:93:4A:B3:2B:A4:9B:31:B1:1E:66:61
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:66:02:31:00:cb:c2:a4:ad:cd:f0:de:75:3b:7e:bb:c8:c1:
+ 45:2a:bf:01:8e:83:b7:7b:15:98:7d:21:2c:86:83:bb:2d:21:
+ f6:be:b8:0d:fb:91:d2:57:fb:21:e4:6c:4f:90:b8:29:eb:02:
+ 31:00:f2:98:41:ca:42:df:94:78:e5:c7:9e:93:fc:e4:f2:5f:
+ cc:5d:5d:e9:f8:97:84:1a:78:15:90:04:06:99:77:9b:dd:3c:
+ 3a:93:55:d0:2b:f6:59:80:ae:c7:1d:85:32:61
+-----BEGIN CERTIFICATE-----
+MIIB7jCCAXOgAwIBAgICLKMwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMxMjJaFw0yNzEwMTcwOTMxMjJaMBQxEjAQBgNVBAMM
+CWF6c2FtYm9raTB2MBAGByqGSM49AgEGBSuBBAAiA2IABDdmZsG4kAOAjXUi22Eu
+cg54BJGd2pk5HYkLDjSQBg09jCUv/FZ1vIWrJFQU9Cc5SRARgEoHe3LteY2VNOMH
+EzvaUeuKtXe2ceSX5gVPJz4KwfYf/7+kXkPKvEL9P0nDW6OBljCBkzAJBgNVHRME
+AjAAMB0GA1UdDgQWBBTeyub1Eali2ZyTSrMrpJsxsR5mYTBFBgNVHSMEPjA8gBQ0
++FxfsE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJ
+ANzVB7ZWgM/zMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggq
+hkjOPQQDAgNpADBmAjEAy8Kkrc3w3nU7frvIwUUqvwGOg7d7FZh9ISyGg7stIfa+
+uA37kdJX+yHkbE+QuCnrAjEA8phBykLflHjlx56T/OTyX8xdXen4l4QaeBWQBAaZ
+d5vdPDqTVdAr9lmArscdhTJh
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 11701 (0x2db5)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:32:51 2017 GMT
+ Not After : Oct 17 09:32:51 2027 GMT
+ Subject: CN=kschaffer
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:fc:5e:b3:e4:29:34:b3:d0:28:23:12:b9:4a:aa:
+ 85:61:2a:cd:16:9b:f9:38:dc:06:32:b1:39:0f:89:
+ 9f:df:aa:6e:1c:70:99:db:e9:aa:5d:21:eb:f6:6d:
+ 8f:e6:6b:25:bd:f6:e6:48:2f:75:ee:16:10:a5:e5:
+ 54:d7:32:7e:6e:26:1d:c2:8e:78:80:9e:69:3f:50:
+ 38:36:43:36:42:95:f5:42:b3:22:2f:6c:8b:bd:ca:
+ 2c:40:ea:3f:84:ce:be
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ B6:58:C0:94:45:C5:AC:E8:0A:30:D5:FA:15:AB:DC:7C:53:DC:88:06
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:66:02:31:00:95:e3:da:70:d6:17:f5:85:18:a7:2d:db:31:
+ 5d:22:a2:98:9a:24:8f:15:75:a6:60:2f:5a:67:46:bc:14:cc:
+ 38:d2:bc:b8:dd:f1:0d:4c:15:45:37:0f:cb:79:3e:d8:32:02:
+ 31:00:95:0d:83:ef:33:b0:da:d2:bc:ba:99:27:10:c0:fc:b2:
+ 9d:31:d7:e8:60:95:0a:0e:59:df:92:59:86:70:cc:7f:64:94:
+ 76:df:f7:1f:b9:5c:e2:14:85:9c:61:76:b0:cb
+-----BEGIN CERTIFICATE-----
+MIIB7jCCAXOgAwIBAgICLbUwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMyNTFaFw0yNzEwMTcwOTMyNTFaMBQxEjAQBgNVBAMM
+CWtzY2hhZmZlcjB2MBAGByqGSM49AgEGBSuBBAAiA2IABPxes+QpNLPQKCMSuUqq
+hWEqzRab+TjcBjKxOQ+Jn9+qbhxwmdvpql0h6/Ztj+ZrJb325kgvde4WEKXlVNcy
+fm4mHcKOeICeaT9QODZDNkKV9UKzIi9si73KLEDqP4TOvqOBljCBkzAJBgNVHRME
+AjAAMB0GA1UdDgQWBBS2WMCURcWs6Aow1foVq9x8U9yIBjBFBgNVHSMEPjA8gBQ0
++FxfsE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJ
+ANzVB7ZWgM/zMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggq
+hkjOPQQDAgNpADBmAjEAlePacNYX9YUYpy3bMV0iopiaJI8VdaZgL1pnRrwUzDjS
+vLjd8Q1MFUU3D8t5PtgyAjEAlQ2D7zOw2tK8upknEMD8sp0x1+hglQoOWd+SWYZw
+zH9klHbf9x+5XOIUhZxhdrDL
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 11776 (0x2e00)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:33:17 2017 GMT
+ Not After : Oct 17 09:33:17 2027 GMT
+ Subject: CN=ptombor
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:b0:7a:62:43:10:8b:4b:ae:3e:13:cb:10:b3:8c:
+ 85:4d:bb:74:df:61:bb:2b:0a:08:fb:15:e2:85:09:
+ 05:ee:8f:f4:65:43:4b:fe:ef:3c:58:ac:06:11:e8:
+ e4:d4:eb:7c:e3:dd:41:e0:24:f7:19:07:ee:48:fd:
+ 69:96:74:1e:fa:f2:b9:15:41:c8:70:64:53:7d:70:
+ 0a:46:f0:fe:f1:63:73:cc:bc:bc:e0:68:0d:e9:82:
+ 52:f3:19:53:a4:13:cd
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 5C:60:32:8A:63:F9:49:95:B7:4E:5E:28:41:CB:E2:EB:38:47:A7:76
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:64:02:30:35:ab:49:b6:56:25:02:8f:d8:fe:85:29:52:dd:
+ bb:ed:4f:52:83:1b:7b:09:ff:29:c3:18:84:48:04:df:34:dd:
+ fd:19:a4:93:cb:29:bd:6f:e5:83:ec:d7:6a:17:99:02:02:30:
+ 63:e7:11:4d:c2:f0:b7:50:50:d1:20:c1:9f:d8:27:a8:fd:dd:
+ a1:57:c4:9a:cd:e4:ff:93:36:e4:32:a7:59:51:24:7b:f3:17:
+ ff:49:2d:b6:82:da:a1:f9:bf:dc:35:29
+-----BEGIN CERTIFICATE-----
+MIIB6jCCAXGgAwIBAgICLgAwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMzMTdaFw0yNzEwMTcwOTMzMTdaMBIxEDAOBgNVBAMM
+B3B0b21ib3IwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASwemJDEItLrj4TyxCzjIVN
+u3TfYbsrCgj7FeKFCQXuj/RlQ0v+7zxYrAYR6OTU63zj3UHgJPcZB+5I/WmWdB76
+8rkVQchwZFN9cApG8P7xY3PMvLzgaA3pglLzGVOkE82jgZYwgZMwCQYDVR0TBAIw
+ADAdBgNVHQ4EFgQUXGAyimP5SZW3Tl4oQcvi6zhHp3YwRQYDVR0jBD4wPIAUNPhc
+X7BPtuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc
+1Qe2VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI
+zj0EAwIDZwAwZAIwNatJtlYlAo/Y/oUpUt277U9Sgxt7Cf8pwxiESATfNN39GaST
+yym9b+WD7NdqF5kCAjBj5xFNwvC3UFDRIMGf2Ceo/d2hV8SazeT/kzbkMqdZUSR7
+8xf/SS22gtqh+b/cNSk=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 12010 (0x2eea)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:30:53 2017 GMT
+ Not After : Oct 17 09:30:53 2027 GMT
+ Subject: CN=acsiba
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:da:c2:53:06:83:f7:48:e5:6a:f8:89:fc:d5:bd:
+ db:d0:b9:7c:e0:d9:83:2c:63:7b:d2:5f:81:a7:81:
+ fc:c8:3d:ff:33:a8:48:f0:aa:7b:07:68:1b:aa:01:
+ 70:5e:d8:d1:18:a6:12:c9:65:42:2a:43:bc:37:19:
+ 41:57:a2:bc:e5:fb:9b:4a:0b:88:47:50:e2:ad:3e:
+ 79:22:54:c0:e9:ac:2a:2f:e7:ed:0d:a0:c1:38:86:
+ 9e:45:ec:14:12:a3:73
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 15:17:AB:54:ED:F7:6C:D1:1E:AD:12:A6:20:4F:04:78:22:83:6C:A0
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:31:00:a9:f0:bc:0c:01:70:39:9f:99:f1:c9:ce:5f:
+ d0:f2:b3:66:64:38:7e:9b:36:51:1c:5e:69:6f:7a:4b:bd:32:
+ 0f:50:7a:c9:8a:dc:f5:18:a3:f3:69:02:20:c2:3c:f1:95:02:
+ 30:78:72:d5:53:c2:2e:b2:5c:91:a7:a6:78:b4:3f:0f:2e:3e:
+ 22:20:22:3f:b2:67:96:e8:79:89:f0:b0:a8:bb:1d:d6:70:f1:
+ c9:1b:22:31:e3:40:36:6e:40:da:7d:64:d7
+-----BEGIN CERTIFICATE-----
+MIIB6jCCAXCgAwIBAgICLuowCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMwNTNaFw0yNzEwMTcwOTMwNTNaMBExDzANBgNVBAMM
+BmFjc2liYTB2MBAGByqGSM49AgEGBSuBBAAiA2IABNrCUwaD90jlaviJ/NW929C5
+fODZgyxje9JfgaeB/Mg9/zOoSPCqewdoG6oBcF7Y0RimEsllQipDvDcZQVeivOX7
+m0oLiEdQ4q0+eSJUwOmsKi/n7Q2gwTiGnkXsFBKjc6OBljCBkzAJBgNVHRMEAjAA
+MB0GA1UdDgQWBBQVF6tU7fds0R6tEqYgTwR4IoNsoDBFBgNVHSMEPjA8gBQ0+Fxf
+sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV
+B7ZWgM/zMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjO
+PQQDAgNoADBlAjEAqfC8DAFwOZ+Z8cnOX9Dys2ZkOH6bNlEcXmlveku9Mg9QesmK
+3PUYo/NpAiDCPPGVAjB4ctVTwi6yXJGnpni0Pw8uPiIgIj+yZ5boeYnwsKi7HdZw
+8ckbIjHjQDZuQNp9ZNc=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 12097 (0x2f41)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:33:49 2017 GMT
+ Not After : Oct 17 09:33:49 2027 GMT
+ Subject: CN=zsnemes
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:ef:9d:6d:83:d5:6a:c2:ac:d9:a5:9f:37:e0:8f:
+ cc:a1:38:66:87:b8:ed:b3:3a:3b:b3:04:de:c9:54:
+ 72:4c:c5:0e:50:81:0f:9e:8c:cd:27:61:99:25:58:
+ f6:b4:c8:0c:0b:2e:95:4e:a4:64:b1:25:b7:32:f5:
+ 18:62:9b:3a:65:de:3c:5f:b3:c3:9d:30:34:b2:a5:
+ 45:18:b8:17:a6:ef:47:29:48:56:e0:ff:93:4a:a8:
+ 21:e9:1b:f4:71:63:7e
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 97:0E:42:9E:05:27:59:9E:29:8E:22:AA:1A:85:E0:F9:B8:03:DA:20
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:31:00:86:0d:4d:32:f7:5b:5f:a6:f8:36:52:7c:37:
+ bd:d3:1a:39:c3:16:0b:42:2e:95:4d:ff:ed:25:05:89:03:11:
+ 34:c2:30:7c:94:69:a5:90:68:15:7e:eb:1e:87:e4:c5:c1:02:
+ 30:20:c1:1a:86:89:2c:b5:67:f7:1a:a5:bb:4e:8e:cd:42:78:
+ 32:e7:75:b6:d0:c3:e5:61:40:48:c1:6b:20:54:42:de:ee:7a:
+ aa:7e:52:d9:c6:ee:16:90:1a:8c:0a:ae:b3
+-----BEGIN CERTIFICATE-----
+MIIB6zCCAXGgAwIBAgICL0EwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMzNDlaFw0yNzEwMTcwOTMzNDlaMBIxEDAOBgNVBAMM
+B3pzbmVtZXMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATvnW2D1WrCrNmlnzfgj8yh
+OGaHuO2zOjuzBN7JVHJMxQ5QgQ+ejM0nYZklWPa0yAwLLpVOpGSxJbcy9Rhimzpl
+3jxfs8OdMDSypUUYuBem70cpSFbg/5NKqCHpG/RxY36jgZYwgZMwCQYDVR0TBAIw
+ADAdBgNVHQ4EFgQUlw5CngUnWZ4pjiKqGoXg+bgD2iAwRQYDVR0jBD4wPIAUNPhc
+X7BPtuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc
+1Qe2VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI
+zj0EAwIDaAAwZQIxAIYNTTL3W1+m+DZSfDe90xo5wxYLQi6VTf/tJQWJAxE0wjB8
+lGmlkGgVfuseh+TFwQIwIMEahokstWf3GqW7To7NQngy53W20MPlYUBIwWsgVELe
+7nqqflLZxu4WkBqMCq6z
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 12239 (0x2fcf)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:31:36 2017 GMT
+ Not After : Oct 17 09:31:36 2027 GMT
+ Subject: CN=csgulyas
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:f2:18:09:ae:cd:31:69:80:cf:9b:ca:1b:ff:67:
+ d8:40:61:dc:48:60:b5:19:f9:40:aa:0b:92:0b:2b:
+ d9:7c:1f:01:23:cd:7a:62:51:0a:6a:57:18:49:dd:
+ d3:6b:71:48:4e:31:69:7c:56:b9:68:ed:a4:e8:a7:
+ cb:bb:6c:f8:95:f4:76:64:07:14:8f:4f:04:e9:26:
+ a2:74:46:a5:10:77:67:18:28:9c:8d:29:10:f7:7f:
+ 92:b2:83:75:19:8d:74
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 23:BC:13:C4:79:E6:B1:98:F7:D3:0D:AB:BB:B2:7F:C6:08:19:D5:15
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:66:02:31:00:d9:f1:2c:76:09:e3:5b:ed:20:3a:a7:47:48:
+ b8:55:d1:eb:37:51:3a:9f:33:48:03:c3:ec:82:9b:72:d5:94:
+ 24:58:7d:55:34:69:68:86:f4:57:85:1b:91:a5:57:c1:fb:02:
+ 31:00:f3:8f:50:60:25:14:b9:48:73:a8:d0:a0:ee:b1:a4:f9:
+ a3:6f:a8:29:d1:8c:fe:d0:be:7d:2f:67:e7:9d:02:85:ac:54:
+ d4:da:0f:68:85:53:04:7a:9c:14:28:91:7b:c3
+-----BEGIN CERTIFICATE-----
+MIIB7TCCAXKgAwIBAgICL88wCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMxMzZaFw0yNzEwMTcwOTMxMzZaMBMxETAPBgNVBAMM
+CGNzZ3VseWFzMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8hgJrs0xaYDPm8ob/2fY
+QGHcSGC1GflAqguSCyvZfB8BI816YlEKalcYSd3Ta3FITjFpfFa5aO2k6KfLu2z4
+lfR2ZAcUj08E6SaidEalEHdnGCicjSkQ93+SsoN1GY10o4GWMIGTMAkGA1UdEwQC
+MAAwHQYDVR0OBBYEFCO8E8R55rGY99MNq7uyf8YIGdUVMEUGA1UdIwQ+MDyAFDT4
+XF+wT7bi70OK2atYdNBWyEvPoRmkFzAVMRMwEQYDVQQDDApPcGVuVlBOIENBggkA
+3NUHtlaAz/MwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqG
+SM49BAMCA2kAMGYCMQDZ8Sx2CeNb7SA6p0dIuFXR6zdROp8zSAPD7IKbctWUJFh9
+VTRpaIb0V4UbkaVXwfsCMQDzj1BgJRS5SHOo0KDusaT5o2+oKdGM/tC+fS9n550C
+haxU1NoPaIVTBHqcFCiRe8M=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 12383 (0x305f)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:31:47 2017 GMT
+ Not After : Oct 17 09:31:47 2027 GMT
+ Subject: CN=dvasary
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:e6:2e:65:84:8a:05:e7:d2:32:6b:85:20:26:cd:
+ 0d:dc:a2:e6:cc:23:36:f4:33:7b:f0:6c:0d:a0:8d:
+ f8:0c:13:77:57:f7:6e:02:b7:1a:35:b0:ee:31:26:
+ 0d:57:31:df:11:fa:15:73:bd:d3:3e:e6:bc:97:9b:
+ 5e:da:41:b0:36:a2:95:98:3b:a6:4e:f5:18:8c:9e:
+ ff:26:8f:3e:00:93:b0:14:84:4d:43:f0:01:fa:95:
+ 6d:32:f2:41:0e:4f:5e
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ CD:19:31:60:F7:8A:AB:3D:A9:4F:C8:83:0D:B0:5A:D0:EB:69:44:4B
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:31:00:c8:72:bd:64:1d:57:d1:87:d9:1c:ef:e9:4f:
+ 7a:c9:b5:80:58:fb:ff:47:50:43:13:eb:80:4d:ab:ab:d6:9b:
+ 90:65:ae:58:88:43:da:3a:56:ba:ea:24:c0:03:42:a6:b1:02:
+ 30:22:fa:c5:a0:7d:b7:97:54:5a:e7:65:25:6a:02:f8:53:99:
+ 08:64:5e:a9:70:27:84:b0:03:df:d1:39:c9:9a:b7:ca:be:60:
+ d5:45:22:18:a7:ca:da:56:bd:15:d5:30:66
+-----BEGIN CERTIFICATE-----
+MIIB6zCCAXGgAwIBAgICMF8wCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMxNDdaFw0yNzEwMTcwOTMxNDdaMBIxEDAOBgNVBAMM
+B2R2YXNhcnkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATmLmWEigXn0jJrhSAmzQ3c
+oubMIzb0M3vwbA2gjfgME3dX924Ctxo1sO4xJg1XMd8R+hVzvdM+5ryXm17aQbA2
+opWYO6ZO9RiMnv8mjz4Ak7AUhE1D8AH6lW0y8kEOT16jgZYwgZMwCQYDVR0TBAIw
+ADAdBgNVHQ4EFgQUzRkxYPeKqz2pT8iDDbBa0OtpREswRQYDVR0jBD4wPIAUNPhc
+X7BPtuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc
+1Qe2VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI
+zj0EAwIDaAAwZQIxAMhyvWQdV9GH2Rzv6U96ybWAWPv/R1BDE+uATaur1puQZa5Y
+iEPaOla66iTAA0KmsQIwIvrFoH23l1Ra52UlagL4U5kIZF6pcCeEsAPf0TnJmrfK
+vmDVRSIYp8raVr0V1TBm
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 12392 (0x3068)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:33:27 2017 GMT
+ Not After : Oct 17 09:33:27 2027 GMT
+ Subject: CN=rrendek
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:93:14:3f:24:4e:45:1b:b9:99:2d:3f:dd:de:34:
+ ef:fe:d2:92:04:02:a7:15:a2:13:70:63:c3:2d:7c:
+ c9:4c:e1:b9:3d:16:da:4b:82:ab:f4:f8:12:fb:97:
+ 67:f9:5c:ed:a8:9f:59:a6:8f:95:07:60:51:ae:d1:
+ 31:a2:f3:7b:84:8e:22:12:cf:15:9d:f2:28:79:6f:
+ ae:81:7a:4f:8d:17:c8:51:40:5d:00:8a:be:d7:bc:
+ 89:9c:5c:6a:74:26:bd
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ DC:B3:A4:15:7A:8C:D4:35:51:97:3C:CE:EB:AE:04:F3:16:6E:06:EC
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:30:51:85:3f:d2:fb:cb:3c:b2:23:38:67:74:21:57:
+ d1:ce:30:98:ce:74:ba:25:bc:1d:4c:78:a8:9a:b3:9d:65:e4:
+ bb:f3:18:11:3d:78:3f:cb:0e:4e:84:10:d1:e3:36:fb:02:31:
+ 00:ac:47:55:f0:2e:4f:8d:04:10:f0:d7:ef:e6:20:49:50:37:
+ d9:8d:48:0a:4c:74:3a:ad:94:31:34:fc:b2:d8:ad:80:49:50:
+ fa:a7:97:6c:9c:e2:28:2c:9e:1f:14:50:22
+-----BEGIN CERTIFICATE-----
+MIIB6zCCAXGgAwIBAgICMGgwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMzMjdaFw0yNzEwMTcwOTMzMjdaMBIxEDAOBgNVBAMM
+B3JyZW5kZWswdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASTFD8kTkUbuZktP93eNO/+
+0pIEAqcVohNwY8MtfMlM4bk9FtpLgqv0+BL7l2f5XO2on1mmj5UHYFGu0TGi83uE
+jiISzxWd8ih5b66Bek+NF8hRQF0Air7XvImcXGp0Jr2jgZYwgZMwCQYDVR0TBAIw
+ADAdBgNVHQ4EFgQU3LOkFXqM1DVRlzzO664E8xZuBuwwRQYDVR0jBD4wPIAUNPhc
+X7BPtuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc
+1Qe2VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI
+zj0EAwIDaAAwZQIwUYU/0vvLPLIjOGd0IVfRzjCYznS6JbwdTHiomrOdZeS78xgR
+PXg/yw5OhBDR4zb7AjEArEdV8C5PjQQQ8Nfv5iBJUDfZjUgKTHQ6rZQxNPyy2K2A
+SVD6p5dsnOIoLJ4fFFAi
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 12782 (0x31ee)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:30:45 2017 GMT
+ Not After : Oct 17 09:30:45 2027 GMT
+ Subject: CN=aborza
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:ca:81:c1:4a:ea:59:0a:e6:b5:34:90:78:60:ae:
+ 9a:b9:5c:d8:52:3e:ec:8f:30:00:96:c0:6b:5e:17:
+ 60:ab:72:09:73:e3:3e:31:5b:f7:fe:ed:31:48:94:
+ 6f:e9:a0:4a:70:76:55:5b:41:07:ea:af:e2:8a:b1:
+ 5f:5c:95:e4:f4:b4:60:1d:91:c8:0f:fb:57:f6:53:
+ 79:07:3a:2e:c9:6f:96:6a:7d:1e:1c:f6:74:19:76:
+ 8c:bb:c1:dd:dd:ff:6d
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 8D:C0:A1:00:5B:E9:79:9B:65:3D:0B:DA:CD:18:C0:80:D7:11:49:7A
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:30:70:1e:e8:7c:51:73:46:96:78:64:df:35:e8:90:
+ 28:60:66:c3:a1:9c:ce:46:c6:09:95:c3:99:80:ce:70:84:10:
+ 2f:a2:8b:ad:53:8f:0e:67:ad:05:88:71:4b:dc:a4:4a:02:31:
+ 00:83:2b:87:a9:6e:6e:14:49:ff:53:61:8c:6b:8a:f3:cf:b4:
+ 4a:b7:ec:19:e3:05:bd:4f:43:49:bb:cb:df:aa:ba:27:e7:5e:
+ 07:4a:f8:32:c6:f0:f1:22:31:a0:7f:f8:22
+-----BEGIN CERTIFICATE-----
+MIIB6jCCAXCgAwIBAgICMe4wCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMwNDVaFw0yNzEwMTcwOTMwNDVaMBExDzANBgNVBAMM
+BmFib3J6YTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMqBwUrqWQrmtTSQeGCumrlc
+2FI+7I8wAJbAa14XYKtyCXPjPjFb9/7tMUiUb+mgSnB2VVtBB+qv4oqxX1yV5PS0
+YB2RyA/7V/ZTeQc6Lslvlmp9Hhz2dBl2jLvB3d3/baOBljCBkzAJBgNVHRMEAjAA
+MB0GA1UdDgQWBBSNwKEAW+l5m2U9C9rNGMCA1xFJejBFBgNVHSMEPjA8gBQ0+Fxf
+sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV
+B7ZWgM/zMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjO
+PQQDAgNoADBlAjBwHuh8UXNGlnhk3zXokChgZsOhnM5GxgmVw5mAznCEEC+ii61T
+jw5nrQWIcUvcpEoCMQCDK4epbm4USf9TYYxrivPPtEq37BnjBb1PQ0m7y9+quifn
+XgdK+DLG8PEiMaB/+CI=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 12884 (0x3254)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:34:10 2017 GMT
+ Not After : Oct 17 09:34:10 2027 GMT
+ Subject: CN=rtoth
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:7a:7e:21:3f:34:e9:74:19:bb:bf:7e:9e:2b:c4:
+ 62:fd:ad:9f:ed:82:83:00:5d:39:53:14:81:44:0f:
+ 2b:bc:a8:6e:e3:10:00:fd:78:85:d2:76:12:bd:8a:
+ 3d:0d:8c:45:cc:ef:d2:2e:17:b0:d6:0a:68:c9:7a:
+ 12:f5:b4:df:44:11:27:da:22:4b:44:8c:4f:d9:d3:
+ 7c:be:ee:76:a1:5b:4b:ae:cd:fe:40:d1:43:9a:3b:
+ fd:9a:13:c6:68:b0:38
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 86:F1:74:B7:CD:8B:58:F7:D8:BD:31:75:B5:3F:EE:E1:6A:BB:99:0C
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:31:00:b9:da:3e:da:46:23:d5:66:a0:0e:c9:e1:cd:
+ 09:66:11:30:47:4f:e8:d7:5e:1e:6b:7e:4a:ba:01:d9:2b:8d:
+ d7:0c:9d:b1:53:a9:90:89:71:4b:18:ea:84:76:26:c1:e4:02:
+ 30:76:0f:ab:a2:75:cc:8d:b0:5a:b9:b6:1a:32:50:2e:aa:d2:
+ 3e:fb:be:da:35:e1:d0:17:95:49:fd:b5:63:c6:e8:b6:b9:3c:
+ 53:6d:b6:4d:ad:00:27:7f:a5:60:f9:1e:db
+-----BEGIN CERTIFICATE-----
+MIIB6TCCAW+gAwIBAgICMlQwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTM0MTBaFw0yNzEwMTcwOTM0MTBaMBAxDjAMBgNVBAMM
+BXJ0b3RoMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEen4hPzTpdBm7v36eK8Ri/a2f
+7YKDAF05UxSBRA8rvKhu4xAA/XiF0nYSvYo9DYxFzO/SLhew1gpoyXoS9bTfRBEn
+2iJLRIxP2dN8vu52oVtLrs3+QNFDmjv9mhPGaLA4o4GWMIGTMAkGA1UdEwQCMAAw
+HQYDVR0OBBYEFIbxdLfNi1j32L0xdbU/7uFqu5kMMEUGA1UdIwQ+MDyAFDT4XF+w
+T7bi70OK2atYdNBWyEvPoRmkFzAVMRMwEQYDVQQDDApPcGVuVlBOIENBggkA3NUH
+tlaAz/MwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49
+BAMCA2gAMGUCMQC52j7aRiPVZqAOyeHNCWYRMEdP6NdeHmt+SroB2SuN1wydsVOp
+kIlxSxjqhHYmweQCMHYPq6J1zI2wWrm2GjJQLqrSPvu+2jXh0BeVSf21Y8botrk8
+U222Ta0AJ3+lYPke2w==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 12916 (0x3274)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:32:40 2017 GMT
+ Not After : Oct 17 09:32:40 2027 GMT
+ Subject: CN=kkele
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:25:3e:a3:bd:c9:27:5e:ba:c6:30:68:0f:90:17:
+ 94:89:69:30:04:70:6a:ba:16:40:3d:04:08:ed:00:
+ 2d:a2:c4:45:aa:db:af:85:d2:a6:40:7b:69:85:bc:
+ cf:9a:41:66:0b:4d:1a:c4:82:53:b0:d1:cb:53:98:
+ 39:90:11:11:5e:e7:98:a7:b3:71:31:b1:55:be:07:
+ ef:ed:6a:e7:dc:e9:38:fd:03:fc:d5:52:ed:a8:da:
+ de:88:22:6d:c2:80:0a
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 05:94:51:39:17:98:AD:AD:A6:A0:4D:7F:79:9C:81:1F:3C:BB:8A:88
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:64:02:30:6c:81:f6:f7:47:45:a0:a2:2b:20:6f:2c:22:7d:
+ 40:79:45:2a:66:9e:04:5d:75:b9:d9:f9:a7:98:c8:81:c9:6e:
+ bd:9c:35:e8:67:2c:9c:2f:52:62:3c:b4:5f:4a:33:68:02:30:
+ 72:86:06:98:6e:ab:ff:2e:00:0d:20:1a:35:1f:86:33:ed:7c:
+ 36:31:69:89:98:6e:3e:22:39:71:c3:e3:62:26:20:aa:56:77:
+ 5f:1e:e3:60:45:dd:37:ca:6b:4f:f6:66
+-----BEGIN CERTIFICATE-----
+MIIB6DCCAW+gAwIBAgICMnQwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMyNDBaFw0yNzEwMTcwOTMyNDBaMBAxDjAMBgNVBAMM
+BWtrZWxlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEJT6jvcknXrrGMGgPkBeUiWkw
+BHBquhZAPQQI7QAtosRFqtuvhdKmQHtphbzPmkFmC00axIJTsNHLU5g5kBERXueY
+p7NxMbFVvgfv7Wrn3Ok4/QP81VLtqNreiCJtwoAKo4GWMIGTMAkGA1UdEwQCMAAw
+HQYDVR0OBBYEFAWUUTkXmK2tpqBNf3mcgR88u4qIMEUGA1UdIwQ+MDyAFDT4XF+w
+T7bi70OK2atYdNBWyEvPoRmkFzAVMRMwEQYDVQQDDApPcGVuVlBOIENBggkA3NUH
+tlaAz/MwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49
+BAMCA2cAMGQCMGyB9vdHRaCiKyBvLCJ9QHlFKmaeBF11udn5p5jIgcluvZw16Gcs
+nC9SYjy0X0ozaAIwcoYGmG6r/y4ADSAaNR+GM+18NjFpiZhuPiI5ccPjYiYgqlZ3
+Xx7jYEXdN8prT/Zm
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 13057 (0x3301)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:32:15 2017 GMT
+ Not After : Oct 17 09:32:15 2027 GMT
+ Subject: CN=fschnell
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:53:8d:f8:f4:fd:5f:c9:b3:4c:57:f6:c4:93:7f:
+ 94:43:31:09:62:ca:ef:5a:d8:12:54:59:58:84:21:
+ aa:59:8b:5a:23:a9:b7:1b:e8:e6:e3:a6:76:14:75:
+ 45:c7:d5:0c:89:5c:e7:9e:f1:56:2a:6d:25:b8:30:
+ 6f:4a:dd:80:08:b0:a6:07:c8:98:d6:f3:0a:07:d9:
+ 60:d0:00:58:7f:f6:a5:6b:78:53:82:44:5a:81:01:
+ 54:18:6f:1b:f4:99:f9
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ C8:6F:89:82:1D:8F:8C:70:84:6F:E9:35:BD:92:9C:3E:56:DC:40:CD
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:66:02:31:00:f7:04:12:3d:b3:98:22:bc:aa:06:62:be:31:
+ ac:32:26:c9:80:1b:aa:17:e0:85:82:0b:14:b8:35:09:8f:e4:
+ 7c:2b:8f:82:a6:c2:08:9d:91:7a:43:19:30:a2:94:e6:2b:02:
+ 31:00:fb:61:02:d5:e4:9b:a8:a3:d9:5e:e6:cf:4e:8f:5c:17:
+ 4e:59:c4:20:78:bb:d6:2a:cc:8c:92:e5:78:aa:6b:2c:ce:db:
+ 94:46:86:16:76:14:ac:64:41:d1:78:d2:a9:ec
+-----BEGIN CERTIFICATE-----
+MIIB7TCCAXKgAwIBAgICMwEwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMyMTVaFw0yNzEwMTcwOTMyMTVaMBMxETAPBgNVBAMM
+CGZzY2huZWxsMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEU4349P1fybNMV/bEk3+U
+QzEJYsrvWtgSVFlYhCGqWYtaI6m3G+jm46Z2FHVFx9UMiVznnvFWKm0luDBvSt2A
+CLCmB8iY1vMKB9lg0ABYf/ala3hTgkRagQFUGG8b9Jn5o4GWMIGTMAkGA1UdEwQC
+MAAwHQYDVR0OBBYEFMhviYIdj4xwhG/pNb2SnD5W3EDNMEUGA1UdIwQ+MDyAFDT4
+XF+wT7bi70OK2atYdNBWyEvPoRmkFzAVMRMwEQYDVQQDDApPcGVuVlBOIENBggkA
+3NUHtlaAz/MwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqG
+SM49BAMCA2kAMGYCMQD3BBI9s5givKoGYr4xrDImyYAbqhfghYILFLg1CY/kfCuP
+gqbCCJ2RekMZMKKU5isCMQD7YQLV5Juoo9le5s9Oj1wXTlnEIHi71irMjJLleKpr
+LM7blEaGFnYUrGRB0XjSqew=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 13116 (0x333c)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:32:00 2017 GMT
+ Not After : Oct 17 09:32:00 2027 GMT
+ Subject: CN=fritter
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:2c:40:ec:81:89:ad:1b:ae:c8:1c:3e:5d:62:2f:
+ 5e:27:33:d2:42:ba:b9:6c:38:34:ea:90:d6:dd:10:
+ e6:b3:19:f5:02:4a:fe:8c:b4:77:cf:6f:c5:ab:81:
+ 82:88:3c:4e:9b:82:c3:22:c2:1f:c8:c7:53:af:18:
+ f9:9b:92:cf:18:51:8f:95:67:6b:04:9f:f4:95:b8:
+ 8b:1a:6a:d4:4c:23:c5:33:46:20:d2:e5:15:bf:bd:
+ af:1c:68:44:98:85:82
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ F6:A5:72:FC:DA:1E:8B:69:98:1A:0E:1E:21:31:3F:A3:CD:57:59:D2
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:31:00:ce:de:f9:f5:30:65:f1:0c:19:dd:a5:8d:42:
+ e7:b5:5b:66:96:45:7f:d2:00:de:d2:9f:7a:7d:cc:0a:a8:6e:
+ 0e:ce:f3:1a:4e:1e:33:50:48:9c:84:d4:47:47:d8:81:98:02:
+ 30:0b:13:67:f6:2a:d8:0d:86:2b:15:18:e5:41:f3:dc:3b:1c:
+ 15:a4:09:a6:82:03:d5:16:7e:4b:6b:0b:51:70:1a:01:92:e1:
+ 4f:61:58:1b:ed:b8:d9:17:90:78:70:85:bc
+-----BEGIN CERTIFICATE-----
+MIIB6zCCAXGgAwIBAgICMzwwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMyMDBaFw0yNzEwMTcwOTMyMDBaMBIxEDAOBgNVBAMM
+B2ZyaXR0ZXIwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQsQOyBia0brsgcPl1iL14n
+M9JCurlsODTqkNbdEOazGfUCSv6MtHfPb8WrgYKIPE6bgsMiwh/Ix1OvGPmbks8Y
+UY+VZ2sEn/SVuIsaatRMI8UzRiDS5RW/va8caESYhYKjgZYwgZMwCQYDVR0TBAIw
+ADAdBgNVHQ4EFgQU9qVy/Noei2mYGg4eITE/o81XWdIwRQYDVR0jBD4wPIAUNPhc
+X7BPtuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc
+1Qe2VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI
+zj0EAwIDaAAwZQIxAM7e+fUwZfEMGd2ljULntVtmlkV/0gDe0p96fcwKqG4OzvMa
+Th4zUEichNRHR9iBmAIwCxNn9irYDYYrFRjlQfPcOxwVpAmmggPVFn5LawtRcBoB
+kuFPYVgb7bjZF5B4cIW8
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 13129 (0x3349)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:33:02 2017 GMT
+ Not After : Oct 17 09:33:02 2027 GMT
+ Subject: CN=mszabo
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:69:c0:86:27:a1:fa:74:2a:18:21:dc:d4:d1:4b:
+ b3:6e:d5:16:06:b7:50:8d:3a:5c:86:ea:b9:25:84:
+ bd:4e:65:d9:7c:33:13:8e:63:64:cb:70:39:3a:ac:
+ a5:d0:68:4d:f5:aa:f1:56:8c:55:11:26:d3:c3:c0:
+ 4a:10:78:35:7d:ba:56:f6:9a:f5:af:3d:6b:be:ad:
+ e7:e2:9c:0e:ec:42:b2:49:e3:f8:d6:36:0d:dd:56:
+ fb:e3:c0:7d:34:e5:2e
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 28:55:A2:FF:1C:FC:9B:E2:22:C8:45:93:ED:DE:A6:8E:50:A6:86:0A
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:66:02:31:00:9e:5f:d5:2d:55:0f:44:fa:9f:67:9b:eb:11:
+ a9:ef:a4:7e:2e:f1:c7:a4:99:11:d3:b3:05:30:bb:80:a9:0e:
+ 0d:b4:57:30:a4:4b:c4:94:49:9e:f9:7a:b6:07:7a:02:02:02:
+ 31:00:81:c9:96:28:0f:c6:47:84:e1:a2:86:17:a1:f3:c1:39:
+ 55:ca:a9:ce:8c:fc:e9:ea:70:a9:de:be:8c:83:e5:25:1a:cf:
+ 30:cb:f9:51:b5:3b:59:7d:15:df:9d:f2:2a:4f
+-----BEGIN CERTIFICATE-----
+MIIB6zCCAXCgAwIBAgICM0kwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMzMDJaFw0yNzEwMTcwOTMzMDJaMBExDzANBgNVBAMM
+Bm1zemFibzB2MBAGByqGSM49AgEGBSuBBAAiA2IABGnAhieh+nQqGCHc1NFLs27V
+Fga3UI06XIbquSWEvU5l2XwzE45jZMtwOTqspdBoTfWq8VaMVREm08PAShB4NX26
+Vvaa9a89a76t5+KcDuxCsknj+NY2Dd1W++PAfTTlLqOBljCBkzAJBgNVHRMEAjAA
+MB0GA1UdDgQWBBQoVaL/HPyb4iLIRZPt3qaOUKaGCjBFBgNVHSMEPjA8gBQ0+Fxf
+sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV
+B7ZWgM/zMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjO
+PQQDAgNpADBmAjEAnl/VLVUPRPqfZ5vrEanvpH4u8cekmRHTswUwu4CpDg20VzCk
+S8SUSZ75erYHegICAjEAgcmWKA/GR4ThooYXofPBOVXKqc6M/OnqcKnevoyD5SUa
+zzDL+VG1O1l9Fd+d8ipP
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 13172 (0x3374)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: May 8 11:24:56 2018 GMT
+ Not After : May 5 11:24:56 2028 GMT
+ Subject: CN=ifabian
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:21:0d:77:39:b7:b1:43:2d:e9:a2:e9:a9:3b:88:
+ cd:93:d5:05:4d:b5:58:04:1f:43:76:1b:93:1e:c3:
+ d2:d8:15:37:df:3f:d4:75:c7:81:cc:78:f8:63:84:
+ 8d:49:0d:49:b2:71:5e:b3:73:0b:ab:0c:5b:ff:9a:
+ 68:39:1b:6a:c2:8e:b0:0f:bc:cd:69:93:79:73:f2:
+ c3:b9:04:66:87:20:90:1c:4b:c7:c4:e9:77:86:a6:
+ a5:8f:59:a0:6d:03:4b
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 47:CB:B8:DB:88:B9:FB:59:61:4B:66:B6:03:EB:5F:A5:30:2F:64:AC
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:30:2c:e5:1b:07:5f:bd:0b:75:e1:cb:fa:7c:30:1b:
+ 09:31:ae:9d:83:1b:ec:23:04:96:67:14:7b:8c:3a:64:02:10:
+ 0f:e6:f2:35:f9:44:2f:b4:7f:8f:ee:c9:dd:7c:4d:29:02:31:
+ 00:e2:34:be:b9:77:34:3b:0e:89:c7:00:5b:2d:c3:36:fc:86:
+ c6:8b:d8:10:64:28:d5:7c:84:f2:0a:b2:67:ad:7b:1e:8c:c6:
+ 46:80:18:89:f1:16:d2:fb:61:53:2d:6f:61
+-----BEGIN CERTIFICATE-----
+MIIB6zCCAXGgAwIBAgICM3QwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xODA1MDgxMTI0NTZaFw0yODA1MDUxMTI0NTZaMBIxEDAOBgNVBAMM
+B2lmYWJpYW4wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQhDXc5t7FDLemi6ak7iM2T
+1QVNtVgEH0N2G5Mew9LYFTffP9R1x4HMePhjhI1JDUmycV6zcwurDFv/mmg5G2rC
+jrAPvM1pk3lz8sO5BGaHIJAcS8fE6XeGpqWPWaBtA0ujgZYwgZMwCQYDVR0TBAIw
+ADAdBgNVHQ4EFgQUR8u424i5+1lhS2a2A+tfpTAvZKwwRQYDVR0jBD4wPIAUNPhc
+X7BPtuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc
+1Qe2VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI
+zj0EAwIDaAAwZQIwLOUbB1+9C3Xhy/p8MBsJMa6dgxvsIwSWZxR7jDpkAhAP5vI1
++UQvtH+P7sndfE0pAjEA4jS+uXc0Ow6JxwBbLcM2/IbGi9gQZCjVfITyCrJnrXse
+jMZGgBiJ8RbS+2FTLW9h
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 13289 (0x33e9)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:34:00 2017 GMT
+ Not After : Oct 17 09:34:00 2027 GMT
+ Subject: CN=qqcs
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:9a:b6:99:d8:c9:2c:92:54:2a:9c:58:a3:1a:87:
+ 7c:d3:90:4b:31:09:71:9a:65:6f:9e:04:8f:52:dc:
+ 13:23:0f:d0:43:6f:6f:cd:87:1b:f6:43:e1:b8:45:
+ e2:c2:21:e2:c1:ca:13:f8:5c:d4:7c:44:c4:8e:d2:
+ d8:d4:c2:5e:76:89:93:1b:74:37:88:2e:c3:1e:3e:
+ 80:b2:d0:2f:62:44:a6:cb:73:20:67:94:ed:b1:0a:
+ 64:40:71:64:22:f8:6a
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ AA:02:0F:AC:73:99:75:38:B2:AA:0C:93:26:26:1C:16:CB:8E:0F:C6
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:30:21:83:0b:d3:2f:23:d3:94:5b:ec:f8:39:ab:eb:
+ 8c:2b:d3:2d:d3:8c:02:91:c9:aa:27:43:94:2f:0b:4c:0a:3d:
+ d3:5e:4e:f7:ce:00:a6:64:27:50:59:23:1c:ce:29:77:02:31:
+ 00:cf:63:11:48:62:02:45:7c:4a:e2:b8:41:3a:28:9b:dc:24:
+ c1:6e:04:19:fb:a5:0f:c0:46:85:ec:9c:c7:09:b2:c5:ca:a3:
+ 2c:51:73:f1:8f:e0:83:3d:9e:61:a2:a1:30
+-----BEGIN CERTIFICATE-----
+MIIB6DCCAW6gAwIBAgICM+kwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTM0MDBaFw0yNzEwMTcwOTM0MDBaMA8xDTALBgNVBAMM
+BHFxY3MwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASatpnYySySVCqcWKMah3zTkEsx
+CXGaZW+eBI9S3BMjD9BDb2/Nhxv2Q+G4ReLCIeLByhP4XNR8RMSO0tjUwl52iZMb
+dDeILsMePoCy0C9iRKbLcyBnlO2xCmRAcWQi+GqjgZYwgZMwCQYDVR0TBAIwADAd
+BgNVHQ4EFgQUqgIPrHOZdTiyqgyTJiYcFsuOD8YwRQYDVR0jBD4wPIAUNPhcX7BP
+tuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc1Qe2
+VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZIzj0E
+AwIDaAAwZQIwIYML0y8j05Rb7Pg5q+uMK9Mt04wCkcmqJ0OULwtMCj3TXk73zgCm
+ZCdQWSMczil3AjEAz2MRSGICRXxK4rhBOiib3CTBbgQZ+6UPwEaF7JzHCbLFyqMs
+UXPxj+CDPZ5hoqEw
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 14004 (0x36b4)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Jan 30 10:47:27 2018 GMT
+ Not After : Jan 28 10:47:27 2028 GMT
+ Subject: CN=zbartakovics
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:8e:37:8a:ac:33:b1:25:3b:48:63:b1:8b:49:68:
+ d3:a2:56:b7:b6:6b:0e:de:ed:9f:7e:0e:c9:8c:8d:
+ 1f:37:81:de:99:1c:ee:d8:74:ac:e0:73:cb:93:bd:
+ c6:6f:32:a2:30:ae:d6:87:93:59:0d:b3:09:67:ba:
+ fc:4b:43:54:ac:d2:86:2c:4a:08:91:08:d5:ef:17:
+ 4e:b4:65:c3:69:55:3f:65:b5:18:59:31:e8:17:21:
+ 04:eb:af:11:e3:b0:56
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 99:1D:BF:07:30:49:FC:A7:A7:2C:A2:3C:DD:C4:C8:4C:7A:BF:97:8E
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:30:15:70:82:b0:56:64:69:39:d9:05:44:4c:8a:59:
+ 9f:2f:33:80:19:91:92:de:cb:8b:00:92:0c:0d:7c:0a:43:ec:
+ bd:b3:dc:ca:d8:3b:ca:d1:b1:39:83:25:2f:00:0b:f8:02:31:
+ 00:92:db:1d:38:d9:e2:7d:c2:43:8e:c1:7b:45:f3:e5:c0:aa:
+ d2:d9:f7:be:28:d9:c1:b3:40:04:7d:6f:86:2f:ab:bb:4b:6d:
+ 3e:ec:af:e2:27:b0:95:ce:2b:fc:0b:1f:b8
+-----BEGIN CERTIFICATE-----
+MIIB8DCCAXagAwIBAgICNrQwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xODAxMzAxMDQ3MjdaFw0yODAxMjgxMDQ3MjdaMBcxFTATBgNVBAMM
+DHpiYXJ0YWtvdmljczB2MBAGByqGSM49AgEGBSuBBAAiA2IABI43iqwzsSU7SGOx
+i0lo06JWt7ZrDt7tn34OyYyNHzeB3pkc7th0rOBzy5O9xm8yojCu1oeTWQ2zCWe6
+/EtDVKzShixKCJEI1e8XTrRlw2lVP2W1GFkx6BchBOuvEeOwVqOBljCBkzAJBgNV
+HRMEAjAAMB0GA1UdDgQWBBSZHb8HMEn8p6csojzdxMhMer+XjjBFBgNVHSMEPjA8
+gBQ0+FxfsE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBD
+QYIJANzVB7ZWgM/zMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAK
+BggqhkjOPQQDAgNoADBlAjAVcIKwVmRpOdkFREyKWZ8vM4AZkZLey4sAkgwNfApD
+7L2z3MrYO8rRsTmDJS8AC/gCMQCS2x042eJ9wkOOwXtF8+XAqtLZ974o2cGzQAR9
+b4Yvq7tLbT7sr+InsJXOK/wLH7g=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN X509 CRL-----
+MIIBHzCBpgIBATAKBggqhkjOPQQDAjAVMRMwEQYDVQQDDApPcGVuVlBOIENBFw0x
+ODEwMTMwODM5NDlaFw0xOTA0MTEwODM5NDlaMBUwEwICLgAXDTE4MDgwOTA5NTcy
+MFqgSTBHMEUGA1UdIwQ+MDyAFDT4XF+wT7bi70OK2atYdNBWyEvPoRmkFzAVMRMw
+EQYDVQQDDApPcGVuVlBOIENBggkA3NUHtlaAz/MwCgYIKoZIzj0EAwIDaAAwZQIx
+AKc1dDbNfBROolgs/frUj3g8TtOBVLD4oYkHl8DLAZ1badd7jKyTZe5PRTm4rWDO
+PAIwQy8pppUhsHClimepGdjen6sHFEsfW04WdzrWceN3U7fUsh+2SjQHrK5OogV8
+m5ru
+-----END X509 CRL-----
--- /dev/null
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEAqkkmABC9P/tNOud15pJqJ3ZhHMafkwuzn3mhhXobcT8lKFSrq6lp
+I1lY/6MhgTWGmOTrFMBcR3TRuNh6SFrHAvkZDbXIl+g9oKJ8oZzTd4/kxQbVxigT
+I1XGj3Csurw+Nhc1gMG847XPiw4bdlGT2SNXzLMFL/tO+Ok9t+gPYtElL39kt9Hl
+2u1xEIdBwpUr+I3R5y1buwtQemZ5aEdCp7/WJZRyabIG7e8ERlmHyuov29p9IGKG
+OszUDoP0zIXXBB+/Co65lx7YbxA4eITpU5upB67JcOPD3SLHuTt8OknKWV2aG9ms
+3pCcr5aDq1zXElDqpcEh7ROwZIyGxY4yIwIBAg==
+-----END DH PARAMETERS-----
--- /dev/null
+-----BEGIN EC PARAMETERS-----
+BgUrgQQAIg==
+-----END EC PARAMETERS-----
--- /dev/null
+V 271017092659Z 01 unknown /CN=server
+V 271017093045Z 31EE unknown /CN=aborza
+V 271017093053Z 2EEA unknown /CN=acsiba
+V 271017093111Z 2B1C unknown /CN=akosztolanyi
+V 271017093122Z 2CA3 unknown /CN=azsamboki
+V 271017093136Z 2FCF unknown /CN=csgulyas
+V 271017093147Z 305F unknown /CN=dvasary
+V 271017093200Z 333C unknown /CN=fritter
+V 271017093215Z 3301 unknown /CN=fschnell
+V 271017093230Z 2BAE unknown /CN=khorvath
+V 271017093240Z 3274 unknown /CN=kkele
+V 271017093251Z 2DB5 unknown /CN=kschaffer
+V 271017093302Z 3349 unknown /CN=mszabo
+R 271017093317Z 180809095720Z 2E00 unknown /CN=ptombor
+V 271017093327Z 3068 unknown /CN=rrendek
+V 271017093338Z 2811 unknown /CN=zfelleg
+V 271017093349Z 2F41 unknown /CN=zsnemes
+V 271017093400Z 33E9 unknown /CN=qqcs
+V 271017093410Z 3254 unknown /CN=rtoth
+V 280128104727Z 36B4 unknown /CN=zbartakovics
+V 280505112440Z 2AC2 unknown /CN=cslevai
+V 280505112456Z 3374 unknown /CN=ifabian
--- /dev/null
+unique_subject = yes
--- /dev/null
+unique_subject = yes
--- /dev/null
+V 271017092659Z 01 unknown /CN=server
+V 271017093045Z 31EE unknown /CN=aborza
+V 271017093053Z 2EEA unknown /CN=acsiba
+V 271017093111Z 2B1C unknown /CN=akosztolanyi
+V 271017093122Z 2CA3 unknown /CN=azsamboki
+V 271017093136Z 2FCF unknown /CN=csgulyas
+V 271017093147Z 305F unknown /CN=dvasary
+V 271017093200Z 333C unknown /CN=fritter
+V 271017093215Z 3301 unknown /CN=fschnell
+V 271017093230Z 2BAE unknown /CN=khorvath
+V 271017093240Z 3274 unknown /CN=kkele
+V 271017093251Z 2DB5 unknown /CN=kschaffer
+V 271017093302Z 3349 unknown /CN=mszabo
+V 271017093317Z 2E00 unknown /CN=ptombor
+V 271017093327Z 3068 unknown /CN=rrendek
+V 271017093338Z 2811 unknown /CN=zfelleg
+V 271017093349Z 2F41 unknown /CN=zsnemes
+V 271017093400Z 33E9 unknown /CN=qqcs
+V 271017093410Z 3254 unknown /CN=rtoth
+V 280128104727Z 36B4 unknown /CN=zbartakovics
+V 280505112440Z 2AC2 unknown /CN=cslevai
+V 280505112456Z 3374 unknown /CN=ifabian
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 12782 (0x31ee)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:30:45 2017 GMT
+ Not After : Oct 17 09:30:45 2027 GMT
+ Subject: CN=aborza
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:ca:81:c1:4a:ea:59:0a:e6:b5:34:90:78:60:ae:
+ 9a:b9:5c:d8:52:3e:ec:8f:30:00:96:c0:6b:5e:17:
+ 60:ab:72:09:73:e3:3e:31:5b:f7:fe:ed:31:48:94:
+ 6f:e9:a0:4a:70:76:55:5b:41:07:ea:af:e2:8a:b1:
+ 5f:5c:95:e4:f4:b4:60:1d:91:c8:0f:fb:57:f6:53:
+ 79:07:3a:2e:c9:6f:96:6a:7d:1e:1c:f6:74:19:76:
+ 8c:bb:c1:dd:dd:ff:6d
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 8D:C0:A1:00:5B:E9:79:9B:65:3D:0B:DA:CD:18:C0:80:D7:11:49:7A
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:30:70:1e:e8:7c:51:73:46:96:78:64:df:35:e8:90:
+ 28:60:66:c3:a1:9c:ce:46:c6:09:95:c3:99:80:ce:70:84:10:
+ 2f:a2:8b:ad:53:8f:0e:67:ad:05:88:71:4b:dc:a4:4a:02:31:
+ 00:83:2b:87:a9:6e:6e:14:49:ff:53:61:8c:6b:8a:f3:cf:b4:
+ 4a:b7:ec:19:e3:05:bd:4f:43:49:bb:cb:df:aa:ba:27:e7:5e:
+ 07:4a:f8:32:c6:f0:f1:22:31:a0:7f:f8:22
+-----BEGIN CERTIFICATE-----
+MIIB6jCCAXCgAwIBAgICMe4wCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMwNDVaFw0yNzEwMTcwOTMwNDVaMBExDzANBgNVBAMM
+BmFib3J6YTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMqBwUrqWQrmtTSQeGCumrlc
+2FI+7I8wAJbAa14XYKtyCXPjPjFb9/7tMUiUb+mgSnB2VVtBB+qv4oqxX1yV5PS0
+YB2RyA/7V/ZTeQc6Lslvlmp9Hhz2dBl2jLvB3d3/baOBljCBkzAJBgNVHRMEAjAA
+MB0GA1UdDgQWBBSNwKEAW+l5m2U9C9rNGMCA1xFJejBFBgNVHSMEPjA8gBQ0+Fxf
+sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV
+B7ZWgM/zMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjO
+PQQDAgNoADBlAjBwHuh8UXNGlnhk3zXokChgZsOhnM5GxgmVw5mAznCEEC+ii61T
+jw5nrQWIcUvcpEoCMQCDK4epbm4USf9TYYxrivPPtEq37BnjBb1PQ0m7y9+quifn
+XgdK+DLG8PEiMaB/+CI=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 12010 (0x2eea)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:30:53 2017 GMT
+ Not After : Oct 17 09:30:53 2027 GMT
+ Subject: CN=acsiba
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:da:c2:53:06:83:f7:48:e5:6a:f8:89:fc:d5:bd:
+ db:d0:b9:7c:e0:d9:83:2c:63:7b:d2:5f:81:a7:81:
+ fc:c8:3d:ff:33:a8:48:f0:aa:7b:07:68:1b:aa:01:
+ 70:5e:d8:d1:18:a6:12:c9:65:42:2a:43:bc:37:19:
+ 41:57:a2:bc:e5:fb:9b:4a:0b:88:47:50:e2:ad:3e:
+ 79:22:54:c0:e9:ac:2a:2f:e7:ed:0d:a0:c1:38:86:
+ 9e:45:ec:14:12:a3:73
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 15:17:AB:54:ED:F7:6C:D1:1E:AD:12:A6:20:4F:04:78:22:83:6C:A0
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:31:00:a9:f0:bc:0c:01:70:39:9f:99:f1:c9:ce:5f:
+ d0:f2:b3:66:64:38:7e:9b:36:51:1c:5e:69:6f:7a:4b:bd:32:
+ 0f:50:7a:c9:8a:dc:f5:18:a3:f3:69:02:20:c2:3c:f1:95:02:
+ 30:78:72:d5:53:c2:2e:b2:5c:91:a7:a6:78:b4:3f:0f:2e:3e:
+ 22:20:22:3f:b2:67:96:e8:79:89:f0:b0:a8:bb:1d:d6:70:f1:
+ c9:1b:22:31:e3:40:36:6e:40:da:7d:64:d7
+-----BEGIN CERTIFICATE-----
+MIIB6jCCAXCgAwIBAgICLuowCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMwNTNaFw0yNzEwMTcwOTMwNTNaMBExDzANBgNVBAMM
+BmFjc2liYTB2MBAGByqGSM49AgEGBSuBBAAiA2IABNrCUwaD90jlaviJ/NW929C5
+fODZgyxje9JfgaeB/Mg9/zOoSPCqewdoG6oBcF7Y0RimEsllQipDvDcZQVeivOX7
+m0oLiEdQ4q0+eSJUwOmsKi/n7Q2gwTiGnkXsFBKjc6OBljCBkzAJBgNVHRMEAjAA
+MB0GA1UdDgQWBBQVF6tU7fds0R6tEqYgTwR4IoNsoDBFBgNVHSMEPjA8gBQ0+Fxf
+sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV
+B7ZWgM/zMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjO
+PQQDAgNoADBlAjEAqfC8DAFwOZ+Z8cnOX9Dys2ZkOH6bNlEcXmlveku9Mg9QesmK
+3PUYo/NpAiDCPPGVAjB4ctVTwi6yXJGnpni0Pw8uPiIgIj+yZ5boeYnwsKi7HdZw
+8ckbIjHjQDZuQNp9ZNc=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 11036 (0x2b1c)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:31:11 2017 GMT
+ Not After : Oct 17 09:31:11 2027 GMT
+ Subject: CN=akosztolanyi
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:8f:3c:74:2e:5d:d7:90:ac:5c:2f:e8:fe:f3:8a:
+ 8d:6b:6b:96:98:a7:63:e3:03:42:4c:2b:49:22:a8:
+ 07:c2:ac:06:89:a8:80:04:26:5e:68:79:a8:b9:84:
+ 79:3e:da:98:56:15:36:f2:7c:09:f8:41:78:5c:8e:
+ 2c:de:1b:18:8a:49:4c:8f:fe:ed:95:8f:0f:cb:5b:
+ e2:64:b1:63:ef:3d:d1:95:49:f1:4e:73:47:a7:11:
+ 94:1c:36:da:e6:55:cf
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ B1:A3:E4:CB:16:E0:E1:12:E2:70:12:2B:8F:DA:D8:99:D6:63:A4:FC
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:66:02:31:00:b7:e6:6c:6c:e6:75:bd:45:00:d2:29:3e:55:
+ 07:c4:33:b8:50:77:09:1b:d2:9b:1d:4d:48:ed:74:a3:2d:c0:
+ 99:0a:06:7a:08:b6:c7:41:e0:58:a9:2c:3c:6e:3f:62:a3:02:
+ 31:00:a9:80:0c:db:0c:c4:7c:79:44:ec:09:a5:2d:02:ef:31:
+ a7:84:0b:c2:7e:a6:0b:0c:c1:e3:84:d5:35:7f:1d:ac:21:7f:
+ f0:83:a7:2b:db:d8:06:61:f2:86:ee:1b:6f:1f
+-----BEGIN CERTIFICATE-----
+MIIB8TCCAXagAwIBAgICKxwwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMxMTFaFw0yNzEwMTcwOTMxMTFaMBcxFTATBgNVBAMM
+DGFrb3N6dG9sYW55aTB2MBAGByqGSM49AgEGBSuBBAAiA2IABI88dC5d15CsXC/o
+/vOKjWtrlpinY+MDQkwrSSKoB8KsBomogAQmXmh5qLmEeT7amFYVNvJ8CfhBeFyO
+LN4bGIpJTI/+7ZWPD8tb4mSxY+890ZVJ8U5zR6cRlBw22uZVz6OBljCBkzAJBgNV
+HRMEAjAAMB0GA1UdDgQWBBSxo+TLFuDhEuJwEiuP2tiZ1mOk/DBFBgNVHSMEPjA8
+gBQ0+FxfsE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBD
+QYIJANzVB7ZWgM/zMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAK
+BggqhkjOPQQDAgNpADBmAjEAt+ZsbOZ1vUUA0ik+VQfEM7hQdwkb0psdTUjtdKMt
+wJkKBnoItsdB4FipLDxuP2KjAjEAqYAM2wzEfHlE7AmlLQLvMaeEC8J+pgsMweOE
+1TV/Hawhf/CDpyvb2AZh8obuG28f
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 11427 (0x2ca3)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:31:22 2017 GMT
+ Not After : Oct 17 09:31:22 2027 GMT
+ Subject: CN=azsamboki
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:37:66:66:c1:b8:90:03:80:8d:75:22:db:61:2e:
+ 72:0e:78:04:91:9d:da:99:39:1d:89:0b:0e:34:90:
+ 06:0d:3d:8c:25:2f:fc:56:75:bc:85:ab:24:54:14:
+ f4:27:39:49:10:11:80:4a:07:7b:72:ed:79:8d:95:
+ 34:e3:07:13:3b:da:51:eb:8a:b5:77:b6:71:e4:97:
+ e6:05:4f:27:3e:0a:c1:f6:1f:ff:bf:a4:5e:43:ca:
+ bc:42:fd:3f:49:c3:5b
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ DE:CA:E6:F5:11:A9:62:D9:9C:93:4A:B3:2B:A4:9B:31:B1:1E:66:61
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:66:02:31:00:cb:c2:a4:ad:cd:f0:de:75:3b:7e:bb:c8:c1:
+ 45:2a:bf:01:8e:83:b7:7b:15:98:7d:21:2c:86:83:bb:2d:21:
+ f6:be:b8:0d:fb:91:d2:57:fb:21:e4:6c:4f:90:b8:29:eb:02:
+ 31:00:f2:98:41:ca:42:df:94:78:e5:c7:9e:93:fc:e4:f2:5f:
+ cc:5d:5d:e9:f8:97:84:1a:78:15:90:04:06:99:77:9b:dd:3c:
+ 3a:93:55:d0:2b:f6:59:80:ae:c7:1d:85:32:61
+-----BEGIN CERTIFICATE-----
+MIIB7jCCAXOgAwIBAgICLKMwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMxMjJaFw0yNzEwMTcwOTMxMjJaMBQxEjAQBgNVBAMM
+CWF6c2FtYm9raTB2MBAGByqGSM49AgEGBSuBBAAiA2IABDdmZsG4kAOAjXUi22Eu
+cg54BJGd2pk5HYkLDjSQBg09jCUv/FZ1vIWrJFQU9Cc5SRARgEoHe3LteY2VNOMH
+EzvaUeuKtXe2ceSX5gVPJz4KwfYf/7+kXkPKvEL9P0nDW6OBljCBkzAJBgNVHRME
+AjAAMB0GA1UdDgQWBBTeyub1Eali2ZyTSrMrpJsxsR5mYTBFBgNVHSMEPjA8gBQ0
++FxfsE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJ
+ANzVB7ZWgM/zMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggq
+hkjOPQQDAgNpADBmAjEAy8Kkrc3w3nU7frvIwUUqvwGOg7d7FZh9ISyGg7stIfa+
+uA37kdJX+yHkbE+QuCnrAjEA8phBykLflHjlx56T/OTyX8xdXen4l4QaeBWQBAaZ
+d5vdPDqTVdAr9lmArscdhTJh
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 12239 (0x2fcf)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:31:36 2017 GMT
+ Not After : Oct 17 09:31:36 2027 GMT
+ Subject: CN=csgulyas
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:f2:18:09:ae:cd:31:69:80:cf:9b:ca:1b:ff:67:
+ d8:40:61:dc:48:60:b5:19:f9:40:aa:0b:92:0b:2b:
+ d9:7c:1f:01:23:cd:7a:62:51:0a:6a:57:18:49:dd:
+ d3:6b:71:48:4e:31:69:7c:56:b9:68:ed:a4:e8:a7:
+ cb:bb:6c:f8:95:f4:76:64:07:14:8f:4f:04:e9:26:
+ a2:74:46:a5:10:77:67:18:28:9c:8d:29:10:f7:7f:
+ 92:b2:83:75:19:8d:74
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 23:BC:13:C4:79:E6:B1:98:F7:D3:0D:AB:BB:B2:7F:C6:08:19:D5:15
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:66:02:31:00:d9:f1:2c:76:09:e3:5b:ed:20:3a:a7:47:48:
+ b8:55:d1:eb:37:51:3a:9f:33:48:03:c3:ec:82:9b:72:d5:94:
+ 24:58:7d:55:34:69:68:86:f4:57:85:1b:91:a5:57:c1:fb:02:
+ 31:00:f3:8f:50:60:25:14:b9:48:73:a8:d0:a0:ee:b1:a4:f9:
+ a3:6f:a8:29:d1:8c:fe:d0:be:7d:2f:67:e7:9d:02:85:ac:54:
+ d4:da:0f:68:85:53:04:7a:9c:14:28:91:7b:c3
+-----BEGIN CERTIFICATE-----
+MIIB7TCCAXKgAwIBAgICL88wCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMxMzZaFw0yNzEwMTcwOTMxMzZaMBMxETAPBgNVBAMM
+CGNzZ3VseWFzMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8hgJrs0xaYDPm8ob/2fY
+QGHcSGC1GflAqguSCyvZfB8BI816YlEKalcYSd3Ta3FITjFpfFa5aO2k6KfLu2z4
+lfR2ZAcUj08E6SaidEalEHdnGCicjSkQ93+SsoN1GY10o4GWMIGTMAkGA1UdEwQC
+MAAwHQYDVR0OBBYEFCO8E8R55rGY99MNq7uyf8YIGdUVMEUGA1UdIwQ+MDyAFDT4
+XF+wT7bi70OK2atYdNBWyEvPoRmkFzAVMRMwEQYDVQQDDApPcGVuVlBOIENBggkA
+3NUHtlaAz/MwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqG
+SM49BAMCA2kAMGYCMQDZ8Sx2CeNb7SA6p0dIuFXR6zdROp8zSAPD7IKbctWUJFh9
+VTRpaIb0V4UbkaVXwfsCMQDzj1BgJRS5SHOo0KDusaT5o2+oKdGM/tC+fS9n550C
+haxU1NoPaIVTBHqcFCiRe8M=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 10946 (0x2ac2)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: May 8 11:24:40 2018 GMT
+ Not After : May 5 11:24:40 2028 GMT
+ Subject: CN=cslevai
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:a1:0f:74:b8:b8:de:43:c0:f5:a6:5c:24:49:fb:
+ 38:bc:80:d7:b7:af:a3:be:8d:f6:08:87:0b:13:8b:
+ 2f:c0:1c:d6:1a:27:78:26:d5:3b:0f:01:f3:8b:a0:
+ 3f:a0:dc:b5:2a:88:8d:7d:31:b2:98:ab:71:43:8c:
+ d3:d7:c2:84:a4:db:e8:40:e6:83:d8:6f:7d:8c:c5:
+ cf:87:5d:bc:6e:b2:6e:5a:07:64:cb:a6:57:e0:05:
+ 78:35:ae:71:da:5e:b7
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ C0:FE:8D:CF:21:47:D9:22:05:1A:A9:0F:5C:9A:0C:DF:78:13:21:6A
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:30:31:1e:7f:c1:2c:49:3e:d4:d9:d4:c0:3e:ad:f7:
+ 54:40:d9:f7:e5:1e:34:16:ef:52:35:51:92:d0:f1:9f:07:b0:
+ d8:aa:1d:75:4c:73:27:a5:e7:7e:7c:fa:11:40:d2:55:02:31:
+ 00:95:9a:5e:2d:20:ab:c6:93:30:7f:2a:91:e8:46:34:aa:90:
+ 4f:3e:b0:63:c0:e1:01:36:23:61:03:20:01:51:ba:fc:3d:29:
+ 74:50:0b:e0:5e:20:8a:33:58:f4:db:24:21
+-----BEGIN CERTIFICATE-----
+MIIB6zCCAXGgAwIBAgICKsIwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xODA1MDgxMTI0NDBaFw0yODA1MDUxMTI0NDBaMBIxEDAOBgNVBAMM
+B2NzbGV2YWkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAShD3S4uN5DwPWmXCRJ+zi8
+gNe3r6O+jfYIhwsTiy/AHNYaJ3gm1TsPAfOLoD+g3LUqiI19MbKYq3FDjNPXwoSk
+2+hA5oPYb32Mxc+HXbxusm5aB2TLplfgBXg1rnHaXrejgZYwgZMwCQYDVR0TBAIw
+ADAdBgNVHQ4EFgQUwP6NzyFH2SIFGqkPXJoM33gTIWowRQYDVR0jBD4wPIAUNPhc
+X7BPtuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc
+1Qe2VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI
+zj0EAwIDaAAwZQIwMR5/wSxJPtTZ1MA+rfdUQNn35R40Fu9SNVGS0PGfB7DYqh11
+THMnped+fPoRQNJVAjEAlZpeLSCrxpMwfyqR6EY0qpBPPrBjwOEBNiNhAyABUbr8
+PSl0UAvgXiCKM1j02yQh
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 12383 (0x305f)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:31:47 2017 GMT
+ Not After : Oct 17 09:31:47 2027 GMT
+ Subject: CN=dvasary
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:e6:2e:65:84:8a:05:e7:d2:32:6b:85:20:26:cd:
+ 0d:dc:a2:e6:cc:23:36:f4:33:7b:f0:6c:0d:a0:8d:
+ f8:0c:13:77:57:f7:6e:02:b7:1a:35:b0:ee:31:26:
+ 0d:57:31:df:11:fa:15:73:bd:d3:3e:e6:bc:97:9b:
+ 5e:da:41:b0:36:a2:95:98:3b:a6:4e:f5:18:8c:9e:
+ ff:26:8f:3e:00:93:b0:14:84:4d:43:f0:01:fa:95:
+ 6d:32:f2:41:0e:4f:5e
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ CD:19:31:60:F7:8A:AB:3D:A9:4F:C8:83:0D:B0:5A:D0:EB:69:44:4B
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:31:00:c8:72:bd:64:1d:57:d1:87:d9:1c:ef:e9:4f:
+ 7a:c9:b5:80:58:fb:ff:47:50:43:13:eb:80:4d:ab:ab:d6:9b:
+ 90:65:ae:58:88:43:da:3a:56:ba:ea:24:c0:03:42:a6:b1:02:
+ 30:22:fa:c5:a0:7d:b7:97:54:5a:e7:65:25:6a:02:f8:53:99:
+ 08:64:5e:a9:70:27:84:b0:03:df:d1:39:c9:9a:b7:ca:be:60:
+ d5:45:22:18:a7:ca:da:56:bd:15:d5:30:66
+-----BEGIN CERTIFICATE-----
+MIIB6zCCAXGgAwIBAgICMF8wCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMxNDdaFw0yNzEwMTcwOTMxNDdaMBIxEDAOBgNVBAMM
+B2R2YXNhcnkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATmLmWEigXn0jJrhSAmzQ3c
+oubMIzb0M3vwbA2gjfgME3dX924Ctxo1sO4xJg1XMd8R+hVzvdM+5ryXm17aQbA2
+opWYO6ZO9RiMnv8mjz4Ak7AUhE1D8AH6lW0y8kEOT16jgZYwgZMwCQYDVR0TBAIw
+ADAdBgNVHQ4EFgQUzRkxYPeKqz2pT8iDDbBa0OtpREswRQYDVR0jBD4wPIAUNPhc
+X7BPtuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc
+1Qe2VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI
+zj0EAwIDaAAwZQIxAMhyvWQdV9GH2Rzv6U96ybWAWPv/R1BDE+uATaur1puQZa5Y
+iEPaOla66iTAA0KmsQIwIvrFoH23l1Ra52UlagL4U5kIZF6pcCeEsAPf0TnJmrfK
+vmDVRSIYp8raVr0V1TBm
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 13116 (0x333c)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:32:00 2017 GMT
+ Not After : Oct 17 09:32:00 2027 GMT
+ Subject: CN=fritter
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:2c:40:ec:81:89:ad:1b:ae:c8:1c:3e:5d:62:2f:
+ 5e:27:33:d2:42:ba:b9:6c:38:34:ea:90:d6:dd:10:
+ e6:b3:19:f5:02:4a:fe:8c:b4:77:cf:6f:c5:ab:81:
+ 82:88:3c:4e:9b:82:c3:22:c2:1f:c8:c7:53:af:18:
+ f9:9b:92:cf:18:51:8f:95:67:6b:04:9f:f4:95:b8:
+ 8b:1a:6a:d4:4c:23:c5:33:46:20:d2:e5:15:bf:bd:
+ af:1c:68:44:98:85:82
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ F6:A5:72:FC:DA:1E:8B:69:98:1A:0E:1E:21:31:3F:A3:CD:57:59:D2
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:31:00:ce:de:f9:f5:30:65:f1:0c:19:dd:a5:8d:42:
+ e7:b5:5b:66:96:45:7f:d2:00:de:d2:9f:7a:7d:cc:0a:a8:6e:
+ 0e:ce:f3:1a:4e:1e:33:50:48:9c:84:d4:47:47:d8:81:98:02:
+ 30:0b:13:67:f6:2a:d8:0d:86:2b:15:18:e5:41:f3:dc:3b:1c:
+ 15:a4:09:a6:82:03:d5:16:7e:4b:6b:0b:51:70:1a:01:92:e1:
+ 4f:61:58:1b:ed:b8:d9:17:90:78:70:85:bc
+-----BEGIN CERTIFICATE-----
+MIIB6zCCAXGgAwIBAgICMzwwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMyMDBaFw0yNzEwMTcwOTMyMDBaMBIxEDAOBgNVBAMM
+B2ZyaXR0ZXIwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQsQOyBia0brsgcPl1iL14n
+M9JCurlsODTqkNbdEOazGfUCSv6MtHfPb8WrgYKIPE6bgsMiwh/Ix1OvGPmbks8Y
+UY+VZ2sEn/SVuIsaatRMI8UzRiDS5RW/va8caESYhYKjgZYwgZMwCQYDVR0TBAIw
+ADAdBgNVHQ4EFgQU9qVy/Noei2mYGg4eITE/o81XWdIwRQYDVR0jBD4wPIAUNPhc
+X7BPtuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc
+1Qe2VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI
+zj0EAwIDaAAwZQIxAM7e+fUwZfEMGd2ljULntVtmlkV/0gDe0p96fcwKqG4OzvMa
+Th4zUEichNRHR9iBmAIwCxNn9irYDYYrFRjlQfPcOxwVpAmmggPVFn5LawtRcBoB
+kuFPYVgb7bjZF5B4cIW8
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 13057 (0x3301)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:32:15 2017 GMT
+ Not After : Oct 17 09:32:15 2027 GMT
+ Subject: CN=fschnell
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:53:8d:f8:f4:fd:5f:c9:b3:4c:57:f6:c4:93:7f:
+ 94:43:31:09:62:ca:ef:5a:d8:12:54:59:58:84:21:
+ aa:59:8b:5a:23:a9:b7:1b:e8:e6:e3:a6:76:14:75:
+ 45:c7:d5:0c:89:5c:e7:9e:f1:56:2a:6d:25:b8:30:
+ 6f:4a:dd:80:08:b0:a6:07:c8:98:d6:f3:0a:07:d9:
+ 60:d0:00:58:7f:f6:a5:6b:78:53:82:44:5a:81:01:
+ 54:18:6f:1b:f4:99:f9
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ C8:6F:89:82:1D:8F:8C:70:84:6F:E9:35:BD:92:9C:3E:56:DC:40:CD
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:66:02:31:00:f7:04:12:3d:b3:98:22:bc:aa:06:62:be:31:
+ ac:32:26:c9:80:1b:aa:17:e0:85:82:0b:14:b8:35:09:8f:e4:
+ 7c:2b:8f:82:a6:c2:08:9d:91:7a:43:19:30:a2:94:e6:2b:02:
+ 31:00:fb:61:02:d5:e4:9b:a8:a3:d9:5e:e6:cf:4e:8f:5c:17:
+ 4e:59:c4:20:78:bb:d6:2a:cc:8c:92:e5:78:aa:6b:2c:ce:db:
+ 94:46:86:16:76:14:ac:64:41:d1:78:d2:a9:ec
+-----BEGIN CERTIFICATE-----
+MIIB7TCCAXKgAwIBAgICMwEwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMyMTVaFw0yNzEwMTcwOTMyMTVaMBMxETAPBgNVBAMM
+CGZzY2huZWxsMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEU4349P1fybNMV/bEk3+U
+QzEJYsrvWtgSVFlYhCGqWYtaI6m3G+jm46Z2FHVFx9UMiVznnvFWKm0luDBvSt2A
+CLCmB8iY1vMKB9lg0ABYf/ala3hTgkRagQFUGG8b9Jn5o4GWMIGTMAkGA1UdEwQC
+MAAwHQYDVR0OBBYEFMhviYIdj4xwhG/pNb2SnD5W3EDNMEUGA1UdIwQ+MDyAFDT4
+XF+wT7bi70OK2atYdNBWyEvPoRmkFzAVMRMwEQYDVQQDDApPcGVuVlBOIENBggkA
+3NUHtlaAz/MwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqG
+SM49BAMCA2kAMGYCMQD3BBI9s5givKoGYr4xrDImyYAbqhfghYILFLg1CY/kfCuP
+gqbCCJ2RekMZMKKU5isCMQD7YQLV5Juoo9le5s9Oj1wXTlnEIHi71irMjJLleKpr
+LM7blEaGFnYUrGRB0XjSqew=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 13172 (0x3374)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: May 8 11:24:56 2018 GMT
+ Not After : May 5 11:24:56 2028 GMT
+ Subject: CN=ifabian
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:21:0d:77:39:b7:b1:43:2d:e9:a2:e9:a9:3b:88:
+ cd:93:d5:05:4d:b5:58:04:1f:43:76:1b:93:1e:c3:
+ d2:d8:15:37:df:3f:d4:75:c7:81:cc:78:f8:63:84:
+ 8d:49:0d:49:b2:71:5e:b3:73:0b:ab:0c:5b:ff:9a:
+ 68:39:1b:6a:c2:8e:b0:0f:bc:cd:69:93:79:73:f2:
+ c3:b9:04:66:87:20:90:1c:4b:c7:c4:e9:77:86:a6:
+ a5:8f:59:a0:6d:03:4b
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 47:CB:B8:DB:88:B9:FB:59:61:4B:66:B6:03:EB:5F:A5:30:2F:64:AC
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:30:2c:e5:1b:07:5f:bd:0b:75:e1:cb:fa:7c:30:1b:
+ 09:31:ae:9d:83:1b:ec:23:04:96:67:14:7b:8c:3a:64:02:10:
+ 0f:e6:f2:35:f9:44:2f:b4:7f:8f:ee:c9:dd:7c:4d:29:02:31:
+ 00:e2:34:be:b9:77:34:3b:0e:89:c7:00:5b:2d:c3:36:fc:86:
+ c6:8b:d8:10:64:28:d5:7c:84:f2:0a:b2:67:ad:7b:1e:8c:c6:
+ 46:80:18:89:f1:16:d2:fb:61:53:2d:6f:61
+-----BEGIN CERTIFICATE-----
+MIIB6zCCAXGgAwIBAgICM3QwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xODA1MDgxMTI0NTZaFw0yODA1MDUxMTI0NTZaMBIxEDAOBgNVBAMM
+B2lmYWJpYW4wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQhDXc5t7FDLemi6ak7iM2T
+1QVNtVgEH0N2G5Mew9LYFTffP9R1x4HMePhjhI1JDUmycV6zcwurDFv/mmg5G2rC
+jrAPvM1pk3lz8sO5BGaHIJAcS8fE6XeGpqWPWaBtA0ujgZYwgZMwCQYDVR0TBAIw
+ADAdBgNVHQ4EFgQUR8u424i5+1lhS2a2A+tfpTAvZKwwRQYDVR0jBD4wPIAUNPhc
+X7BPtuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc
+1Qe2VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI
+zj0EAwIDaAAwZQIwLOUbB1+9C3Xhy/p8MBsJMa6dgxvsIwSWZxR7jDpkAhAP5vI1
++UQvtH+P7sndfE0pAjEA4jS+uXc0Ow6JxwBbLcM2/IbGi9gQZCjVfITyCrJnrXse
+jMZGgBiJ8RbS+2FTLW9h
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 11182 (0x2bae)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:32:30 2017 GMT
+ Not After : Oct 17 09:32:30 2027 GMT
+ Subject: CN=khorvath
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:ab:61:3a:de:89:4e:0e:63:ea:c8:6b:98:1a:8b:
+ c4:f9:72:f4:bf:b2:0e:eb:94:ef:04:6c:a9:e4:78:
+ 53:f9:a8:af:6a:14:9b:27:e9:17:45:c7:f9:9e:e4:
+ d3:59:43:9c:13:c7:15:63:80:8e:aa:ac:fc:9a:55:
+ 59:64:7c:62:3d:2c:50:20:97:d1:c1:1e:22:94:53:
+ 74:4a:5f:30:fb:a0:3d:ba:e0:9d:2e:e2:70:af:73:
+ a5:c0:32:45:77:2e:20
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 1D:C8:C2:9E:05:CF:12:BB:33:C2:D9:24:C7:ED:A4:8D:86:23:75:CF
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:66:02:31:00:98:ba:ed:a5:45:71:05:76:b6:40:76:4e:a3:
+ 31:bd:38:7e:7d:0b:71:13:6f:1a:ee:58:1a:89:eb:ee:50:b2:
+ 86:2b:c6:4b:dc:8b:a5:ee:4b:c7:06:c9:65:55:10:7c:95:02:
+ 31:00:88:07:18:6d:65:2f:bf:79:42:d7:df:5c:88:f9:ff:81:
+ 8a:3d:25:80:8b:76:33:59:a9:28:20:82:30:40:67:88:49:34:
+ 51:f2:36:0a:22:49:2e:e5:d7:35:c3:4e:c8:2b
+-----BEGIN CERTIFICATE-----
+MIIB7TCCAXKgAwIBAgICK64wCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMyMzBaFw0yNzEwMTcwOTMyMzBaMBMxETAPBgNVBAMM
+CGtob3J2YXRoMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEq2E63olODmPqyGuYGovE
++XL0v7IO65TvBGyp5HhT+aivahSbJ+kXRcf5nuTTWUOcE8cVY4COqqz8mlVZZHxi
+PSxQIJfRwR4ilFN0Sl8w+6A9uuCdLuJwr3OlwDJFdy4go4GWMIGTMAkGA1UdEwQC
+MAAwHQYDVR0OBBYEFB3Iwp4FzxK7M8LZJMftpI2GI3XPMEUGA1UdIwQ+MDyAFDT4
+XF+wT7bi70OK2atYdNBWyEvPoRmkFzAVMRMwEQYDVQQDDApPcGVuVlBOIENBggkA
+3NUHtlaAz/MwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqG
+SM49BAMCA2kAMGYCMQCYuu2lRXEFdrZAdk6jMb04fn0LcRNvGu5YGonr7lCyhivG
+S9yLpe5LxwbJZVUQfJUCMQCIBxhtZS+/eULX31yI+f+Bij0lgIt2M1mpKCCCMEBn
+iEk0UfI2CiJJLuXXNcNOyCs=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 12916 (0x3274)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:32:40 2017 GMT
+ Not After : Oct 17 09:32:40 2027 GMT
+ Subject: CN=kkele
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:25:3e:a3:bd:c9:27:5e:ba:c6:30:68:0f:90:17:
+ 94:89:69:30:04:70:6a:ba:16:40:3d:04:08:ed:00:
+ 2d:a2:c4:45:aa:db:af:85:d2:a6:40:7b:69:85:bc:
+ cf:9a:41:66:0b:4d:1a:c4:82:53:b0:d1:cb:53:98:
+ 39:90:11:11:5e:e7:98:a7:b3:71:31:b1:55:be:07:
+ ef:ed:6a:e7:dc:e9:38:fd:03:fc:d5:52:ed:a8:da:
+ de:88:22:6d:c2:80:0a
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 05:94:51:39:17:98:AD:AD:A6:A0:4D:7F:79:9C:81:1F:3C:BB:8A:88
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:64:02:30:6c:81:f6:f7:47:45:a0:a2:2b:20:6f:2c:22:7d:
+ 40:79:45:2a:66:9e:04:5d:75:b9:d9:f9:a7:98:c8:81:c9:6e:
+ bd:9c:35:e8:67:2c:9c:2f:52:62:3c:b4:5f:4a:33:68:02:30:
+ 72:86:06:98:6e:ab:ff:2e:00:0d:20:1a:35:1f:86:33:ed:7c:
+ 36:31:69:89:98:6e:3e:22:39:71:c3:e3:62:26:20:aa:56:77:
+ 5f:1e:e3:60:45:dd:37:ca:6b:4f:f6:66
+-----BEGIN CERTIFICATE-----
+MIIB6DCCAW+gAwIBAgICMnQwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMyNDBaFw0yNzEwMTcwOTMyNDBaMBAxDjAMBgNVBAMM
+BWtrZWxlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEJT6jvcknXrrGMGgPkBeUiWkw
+BHBquhZAPQQI7QAtosRFqtuvhdKmQHtphbzPmkFmC00axIJTsNHLU5g5kBERXueY
+p7NxMbFVvgfv7Wrn3Ok4/QP81VLtqNreiCJtwoAKo4GWMIGTMAkGA1UdEwQCMAAw
+HQYDVR0OBBYEFAWUUTkXmK2tpqBNf3mcgR88u4qIMEUGA1UdIwQ+MDyAFDT4XF+w
+T7bi70OK2atYdNBWyEvPoRmkFzAVMRMwEQYDVQQDDApPcGVuVlBOIENBggkA3NUH
+tlaAz/MwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49
+BAMCA2cAMGQCMGyB9vdHRaCiKyBvLCJ9QHlFKmaeBF11udn5p5jIgcluvZw16Gcs
+nC9SYjy0X0ozaAIwcoYGmG6r/y4ADSAaNR+GM+18NjFpiZhuPiI5ccPjYiYgqlZ3
+Xx7jYEXdN8prT/Zm
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 11701 (0x2db5)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:32:51 2017 GMT
+ Not After : Oct 17 09:32:51 2027 GMT
+ Subject: CN=kschaffer
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:fc:5e:b3:e4:29:34:b3:d0:28:23:12:b9:4a:aa:
+ 85:61:2a:cd:16:9b:f9:38:dc:06:32:b1:39:0f:89:
+ 9f:df:aa:6e:1c:70:99:db:e9:aa:5d:21:eb:f6:6d:
+ 8f:e6:6b:25:bd:f6:e6:48:2f:75:ee:16:10:a5:e5:
+ 54:d7:32:7e:6e:26:1d:c2:8e:78:80:9e:69:3f:50:
+ 38:36:43:36:42:95:f5:42:b3:22:2f:6c:8b:bd:ca:
+ 2c:40:ea:3f:84:ce:be
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ B6:58:C0:94:45:C5:AC:E8:0A:30:D5:FA:15:AB:DC:7C:53:DC:88:06
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:66:02:31:00:95:e3:da:70:d6:17:f5:85:18:a7:2d:db:31:
+ 5d:22:a2:98:9a:24:8f:15:75:a6:60:2f:5a:67:46:bc:14:cc:
+ 38:d2:bc:b8:dd:f1:0d:4c:15:45:37:0f:cb:79:3e:d8:32:02:
+ 31:00:95:0d:83:ef:33:b0:da:d2:bc:ba:99:27:10:c0:fc:b2:
+ 9d:31:d7:e8:60:95:0a:0e:59:df:92:59:86:70:cc:7f:64:94:
+ 76:df:f7:1f:b9:5c:e2:14:85:9c:61:76:b0:cb
+-----BEGIN CERTIFICATE-----
+MIIB7jCCAXOgAwIBAgICLbUwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMyNTFaFw0yNzEwMTcwOTMyNTFaMBQxEjAQBgNVBAMM
+CWtzY2hhZmZlcjB2MBAGByqGSM49AgEGBSuBBAAiA2IABPxes+QpNLPQKCMSuUqq
+hWEqzRab+TjcBjKxOQ+Jn9+qbhxwmdvpql0h6/Ztj+ZrJb325kgvde4WEKXlVNcy
+fm4mHcKOeICeaT9QODZDNkKV9UKzIi9si73KLEDqP4TOvqOBljCBkzAJBgNVHRME
+AjAAMB0GA1UdDgQWBBS2WMCURcWs6Aow1foVq9x8U9yIBjBFBgNVHSMEPjA8gBQ0
++FxfsE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJ
+ANzVB7ZWgM/zMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggq
+hkjOPQQDAgNpADBmAjEAlePacNYX9YUYpy3bMV0iopiaJI8VdaZgL1pnRrwUzDjS
+vLjd8Q1MFUU3D8t5PtgyAjEAlQ2D7zOw2tK8upknEMD8sp0x1+hglQoOWd+SWYZw
+zH9klHbf9x+5XOIUhZxhdrDL
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 13129 (0x3349)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:33:02 2017 GMT
+ Not After : Oct 17 09:33:02 2027 GMT
+ Subject: CN=mszabo
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:69:c0:86:27:a1:fa:74:2a:18:21:dc:d4:d1:4b:
+ b3:6e:d5:16:06:b7:50:8d:3a:5c:86:ea:b9:25:84:
+ bd:4e:65:d9:7c:33:13:8e:63:64:cb:70:39:3a:ac:
+ a5:d0:68:4d:f5:aa:f1:56:8c:55:11:26:d3:c3:c0:
+ 4a:10:78:35:7d:ba:56:f6:9a:f5:af:3d:6b:be:ad:
+ e7:e2:9c:0e:ec:42:b2:49:e3:f8:d6:36:0d:dd:56:
+ fb:e3:c0:7d:34:e5:2e
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 28:55:A2:FF:1C:FC:9B:E2:22:C8:45:93:ED:DE:A6:8E:50:A6:86:0A
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:66:02:31:00:9e:5f:d5:2d:55:0f:44:fa:9f:67:9b:eb:11:
+ a9:ef:a4:7e:2e:f1:c7:a4:99:11:d3:b3:05:30:bb:80:a9:0e:
+ 0d:b4:57:30:a4:4b:c4:94:49:9e:f9:7a:b6:07:7a:02:02:02:
+ 31:00:81:c9:96:28:0f:c6:47:84:e1:a2:86:17:a1:f3:c1:39:
+ 55:ca:a9:ce:8c:fc:e9:ea:70:a9:de:be:8c:83:e5:25:1a:cf:
+ 30:cb:f9:51:b5:3b:59:7d:15:df:9d:f2:2a:4f
+-----BEGIN CERTIFICATE-----
+MIIB6zCCAXCgAwIBAgICM0kwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMzMDJaFw0yNzEwMTcwOTMzMDJaMBExDzANBgNVBAMM
+Bm1zemFibzB2MBAGByqGSM49AgEGBSuBBAAiA2IABGnAhieh+nQqGCHc1NFLs27V
+Fga3UI06XIbquSWEvU5l2XwzE45jZMtwOTqspdBoTfWq8VaMVREm08PAShB4NX26
+Vvaa9a89a76t5+KcDuxCsknj+NY2Dd1W++PAfTTlLqOBljCBkzAJBgNVHRMEAjAA
+MB0GA1UdDgQWBBQoVaL/HPyb4iLIRZPt3qaOUKaGCjBFBgNVHSMEPjA8gBQ0+Fxf
+sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV
+B7ZWgM/zMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjO
+PQQDAgNpADBmAjEAnl/VLVUPRPqfZ5vrEanvpH4u8cekmRHTswUwu4CpDg20VzCk
+S8SUSZ75erYHegICAjEAgcmWKA/GR4ThooYXofPBOVXKqc6M/OnqcKnevoyD5SUa
+zzDL+VG1O1l9Fd+d8ipP
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 11776 (0x2e00)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:33:17 2017 GMT
+ Not After : Oct 17 09:33:17 2027 GMT
+ Subject: CN=ptombor
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:b0:7a:62:43:10:8b:4b:ae:3e:13:cb:10:b3:8c:
+ 85:4d:bb:74:df:61:bb:2b:0a:08:fb:15:e2:85:09:
+ 05:ee:8f:f4:65:43:4b:fe:ef:3c:58:ac:06:11:e8:
+ e4:d4:eb:7c:e3:dd:41:e0:24:f7:19:07:ee:48:fd:
+ 69:96:74:1e:fa:f2:b9:15:41:c8:70:64:53:7d:70:
+ 0a:46:f0:fe:f1:63:73:cc:bc:bc:e0:68:0d:e9:82:
+ 52:f3:19:53:a4:13:cd
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 5C:60:32:8A:63:F9:49:95:B7:4E:5E:28:41:CB:E2:EB:38:47:A7:76
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:64:02:30:35:ab:49:b6:56:25:02:8f:d8:fe:85:29:52:dd:
+ bb:ed:4f:52:83:1b:7b:09:ff:29:c3:18:84:48:04:df:34:dd:
+ fd:19:a4:93:cb:29:bd:6f:e5:83:ec:d7:6a:17:99:02:02:30:
+ 63:e7:11:4d:c2:f0:b7:50:50:d1:20:c1:9f:d8:27:a8:fd:dd:
+ a1:57:c4:9a:cd:e4:ff:93:36:e4:32:a7:59:51:24:7b:f3:17:
+ ff:49:2d:b6:82:da:a1:f9:bf:dc:35:29
+-----BEGIN CERTIFICATE-----
+MIIB6jCCAXGgAwIBAgICLgAwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMzMTdaFw0yNzEwMTcwOTMzMTdaMBIxEDAOBgNVBAMM
+B3B0b21ib3IwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASwemJDEItLrj4TyxCzjIVN
+u3TfYbsrCgj7FeKFCQXuj/RlQ0v+7zxYrAYR6OTU63zj3UHgJPcZB+5I/WmWdB76
+8rkVQchwZFN9cApG8P7xY3PMvLzgaA3pglLzGVOkE82jgZYwgZMwCQYDVR0TBAIw
+ADAdBgNVHQ4EFgQUXGAyimP5SZW3Tl4oQcvi6zhHp3YwRQYDVR0jBD4wPIAUNPhc
+X7BPtuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc
+1Qe2VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI
+zj0EAwIDZwAwZAIwNatJtlYlAo/Y/oUpUt277U9Sgxt7Cf8pwxiESATfNN39GaST
+yym9b+WD7NdqF5kCAjBj5xFNwvC3UFDRIMGf2Ceo/d2hV8SazeT/kzbkMqdZUSR7
+8xf/SS22gtqh+b/cNSk=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 13289 (0x33e9)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:34:00 2017 GMT
+ Not After : Oct 17 09:34:00 2027 GMT
+ Subject: CN=qqcs
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:9a:b6:99:d8:c9:2c:92:54:2a:9c:58:a3:1a:87:
+ 7c:d3:90:4b:31:09:71:9a:65:6f:9e:04:8f:52:dc:
+ 13:23:0f:d0:43:6f:6f:cd:87:1b:f6:43:e1:b8:45:
+ e2:c2:21:e2:c1:ca:13:f8:5c:d4:7c:44:c4:8e:d2:
+ d8:d4:c2:5e:76:89:93:1b:74:37:88:2e:c3:1e:3e:
+ 80:b2:d0:2f:62:44:a6:cb:73:20:67:94:ed:b1:0a:
+ 64:40:71:64:22:f8:6a
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ AA:02:0F:AC:73:99:75:38:B2:AA:0C:93:26:26:1C:16:CB:8E:0F:C6
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:30:21:83:0b:d3:2f:23:d3:94:5b:ec:f8:39:ab:eb:
+ 8c:2b:d3:2d:d3:8c:02:91:c9:aa:27:43:94:2f:0b:4c:0a:3d:
+ d3:5e:4e:f7:ce:00:a6:64:27:50:59:23:1c:ce:29:77:02:31:
+ 00:cf:63:11:48:62:02:45:7c:4a:e2:b8:41:3a:28:9b:dc:24:
+ c1:6e:04:19:fb:a5:0f:c0:46:85:ec:9c:c7:09:b2:c5:ca:a3:
+ 2c:51:73:f1:8f:e0:83:3d:9e:61:a2:a1:30
+-----BEGIN CERTIFICATE-----
+MIIB6DCCAW6gAwIBAgICM+kwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTM0MDBaFw0yNzEwMTcwOTM0MDBaMA8xDTALBgNVBAMM
+BHFxY3MwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASatpnYySySVCqcWKMah3zTkEsx
+CXGaZW+eBI9S3BMjD9BDb2/Nhxv2Q+G4ReLCIeLByhP4XNR8RMSO0tjUwl52iZMb
+dDeILsMePoCy0C9iRKbLcyBnlO2xCmRAcWQi+GqjgZYwgZMwCQYDVR0TBAIwADAd
+BgNVHQ4EFgQUqgIPrHOZdTiyqgyTJiYcFsuOD8YwRQYDVR0jBD4wPIAUNPhcX7BP
+tuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc1Qe2
+VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZIzj0E
+AwIDaAAwZQIwIYML0y8j05Rb7Pg5q+uMK9Mt04wCkcmqJ0OULwtMCj3TXk73zgCm
+ZCdQWSMczil3AjEAz2MRSGICRXxK4rhBOiib3CTBbgQZ+6UPwEaF7JzHCbLFyqMs
+UXPxj+CDPZ5hoqEw
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 12392 (0x3068)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:33:27 2017 GMT
+ Not After : Oct 17 09:33:27 2027 GMT
+ Subject: CN=rrendek
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:93:14:3f:24:4e:45:1b:b9:99:2d:3f:dd:de:34:
+ ef:fe:d2:92:04:02:a7:15:a2:13:70:63:c3:2d:7c:
+ c9:4c:e1:b9:3d:16:da:4b:82:ab:f4:f8:12:fb:97:
+ 67:f9:5c:ed:a8:9f:59:a6:8f:95:07:60:51:ae:d1:
+ 31:a2:f3:7b:84:8e:22:12:cf:15:9d:f2:28:79:6f:
+ ae:81:7a:4f:8d:17:c8:51:40:5d:00:8a:be:d7:bc:
+ 89:9c:5c:6a:74:26:bd
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ DC:B3:A4:15:7A:8C:D4:35:51:97:3C:CE:EB:AE:04:F3:16:6E:06:EC
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:30:51:85:3f:d2:fb:cb:3c:b2:23:38:67:74:21:57:
+ d1:ce:30:98:ce:74:ba:25:bc:1d:4c:78:a8:9a:b3:9d:65:e4:
+ bb:f3:18:11:3d:78:3f:cb:0e:4e:84:10:d1:e3:36:fb:02:31:
+ 00:ac:47:55:f0:2e:4f:8d:04:10:f0:d7:ef:e6:20:49:50:37:
+ d9:8d:48:0a:4c:74:3a:ad:94:31:34:fc:b2:d8:ad:80:49:50:
+ fa:a7:97:6c:9c:e2:28:2c:9e:1f:14:50:22
+-----BEGIN CERTIFICATE-----
+MIIB6zCCAXGgAwIBAgICMGgwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMzMjdaFw0yNzEwMTcwOTMzMjdaMBIxEDAOBgNVBAMM
+B3JyZW5kZWswdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASTFD8kTkUbuZktP93eNO/+
+0pIEAqcVohNwY8MtfMlM4bk9FtpLgqv0+BL7l2f5XO2on1mmj5UHYFGu0TGi83uE
+jiISzxWd8ih5b66Bek+NF8hRQF0Air7XvImcXGp0Jr2jgZYwgZMwCQYDVR0TBAIw
+ADAdBgNVHQ4EFgQU3LOkFXqM1DVRlzzO664E8xZuBuwwRQYDVR0jBD4wPIAUNPhc
+X7BPtuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc
+1Qe2VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI
+zj0EAwIDaAAwZQIwUYU/0vvLPLIjOGd0IVfRzjCYznS6JbwdTHiomrOdZeS78xgR
+PXg/yw5OhBDR4zb7AjEArEdV8C5PjQQQ8Nfv5iBJUDfZjUgKTHQ6rZQxNPyy2K2A
+SVD6p5dsnOIoLJ4fFFAi
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 12884 (0x3254)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:34:10 2017 GMT
+ Not After : Oct 17 09:34:10 2027 GMT
+ Subject: CN=rtoth
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:7a:7e:21:3f:34:e9:74:19:bb:bf:7e:9e:2b:c4:
+ 62:fd:ad:9f:ed:82:83:00:5d:39:53:14:81:44:0f:
+ 2b:bc:a8:6e:e3:10:00:fd:78:85:d2:76:12:bd:8a:
+ 3d:0d:8c:45:cc:ef:d2:2e:17:b0:d6:0a:68:c9:7a:
+ 12:f5:b4:df:44:11:27:da:22:4b:44:8c:4f:d9:d3:
+ 7c:be:ee:76:a1:5b:4b:ae:cd:fe:40:d1:43:9a:3b:
+ fd:9a:13:c6:68:b0:38
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 86:F1:74:B7:CD:8B:58:F7:D8:BD:31:75:B5:3F:EE:E1:6A:BB:99:0C
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:31:00:b9:da:3e:da:46:23:d5:66:a0:0e:c9:e1:cd:
+ 09:66:11:30:47:4f:e8:d7:5e:1e:6b:7e:4a:ba:01:d9:2b:8d:
+ d7:0c:9d:b1:53:a9:90:89:71:4b:18:ea:84:76:26:c1:e4:02:
+ 30:76:0f:ab:a2:75:cc:8d:b0:5a:b9:b6:1a:32:50:2e:aa:d2:
+ 3e:fb:be:da:35:e1:d0:17:95:49:fd:b5:63:c6:e8:b6:b9:3c:
+ 53:6d:b6:4d:ad:00:27:7f:a5:60:f9:1e:db
+-----BEGIN CERTIFICATE-----
+MIIB6TCCAW+gAwIBAgICMlQwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTM0MTBaFw0yNzEwMTcwOTM0MTBaMBAxDjAMBgNVBAMM
+BXJ0b3RoMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEen4hPzTpdBm7v36eK8Ri/a2f
+7YKDAF05UxSBRA8rvKhu4xAA/XiF0nYSvYo9DYxFzO/SLhew1gpoyXoS9bTfRBEn
+2iJLRIxP2dN8vu52oVtLrs3+QNFDmjv9mhPGaLA4o4GWMIGTMAkGA1UdEwQCMAAw
+HQYDVR0OBBYEFIbxdLfNi1j32L0xdbU/7uFqu5kMMEUGA1UdIwQ+MDyAFDT4XF+w
+T7bi70OK2atYdNBWyEvPoRmkFzAVMRMwEQYDVQQDDApPcGVuVlBOIENBggkA3NUH
+tlaAz/MwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49
+BAMCA2gAMGUCMQC52j7aRiPVZqAOyeHNCWYRMEdP6NdeHmt+SroB2SuN1wydsVOp
+kIlxSxjqhHYmweQCMHYPq6J1zI2wWrm2GjJQLqrSPvu+2jXh0BeVSf21Y8botrk8
+U222Ta0AJ3+lYPke2w==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 1 (0x1)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:26:59 2017 GMT
+ Not After : Oct 17 09:26:59 2027 GMT
+ Subject: CN=server
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:f3:0e:85:4d:7a:51:75:26:35:e7:56:09:01:4f:
+ a7:b4:75:c7:98:55:a7:ca:21:88:bf:0d:7a:29:c0:
+ ed:f8:e5:fa:bb:4b:f7:73:63:9c:b5:37:bc:b6:b3:
+ 24:3c:46:73:d0:46:4f:25:7c:b6:98:2f:03:85:b0:
+ 13:11:6f:c1:0a:a4:ce:d1:70:1f:f4:60:fc:cc:29:
+ 25:c0:b9:22:61:58:22:d6:3f:d2:f6:67:9f:06:ec:
+ da:9f:b3:ca:1f:da:9d
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 1C:77:A0:CE:67:4B:FE:FC:6F:51:C0:C1:5D:E3:94:FD:26:CE:63:3E
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:31:00:88:ec:52:55:18:34:d6:8c:e4:d2:26:c1:ec:
+ ac:8a:09:74:7f:3b:0f:ae:28:30:de:04:2b:5c:5a:25:8a:f9:
+ 6a:49:e8:a9:aa:1d:a3:86:17:f7:46:9f:3c:d0:fb:0b:98:02:
+ 30:4e:a5:cf:fc:18:9e:89:c3:b3:48:3c:20:b4:2c:d8:8b:f7:
+ 10:0f:80:e8:d9:40:ab:a4:3b:87:e3:57:a2:e5:15:2f:1a:10:
+ c6:7a:e1:2b:c9:9c:20:49:a8:20:94:6b:d8
+-----BEGIN CERTIFICATE-----
+MIIB6TCCAW+gAwIBAgIBATAKBggqhkjOPQQDAjAVMRMwEQYDVQQDDApPcGVuVlBO
+IENBMB4XDTE3MTAxOTA5MjY1OVoXDTI3MTAxNzA5MjY1OVowETEPMA0GA1UEAwwG
+c2VydmVyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8w6FTXpRdSY151YJAU+ntHXH
+mFWnyiGIvw16KcDt+OX6u0v3c2OctTe8trMkPEZz0EZPJXy2mC8DhbATEW/BCqTO
+0XAf9GD8zCklwLkiYVgi1j/S9mefBuzan7PKH9qdo4GWMIGTMAkGA1UdEwQCMAAw
+HQYDVR0OBBYEFBx3oM5nS/78b1HAwV3jlP0mzmM+MEUGA1UdIwQ+MDyAFDT4XF+w
+T7bi70OK2atYdNBWyEvPoRmkFzAVMRMwEQYDVQQDDApPcGVuVlBOIENBggkA3NUH
+tlaAz/MwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMAoGCCqGSM49
+BAMCA2gAMGUCMQCI7FJVGDTWjOTSJsHsrIoJdH87D64oMN4EK1xaJYr5aknoqaod
+o4YX90afPND7C5gCME6lz/wYnonDs0g8ILQs2Iv3EA+A6NlAq6Q7h+NXouUVLxoQ
+xnrhK8mcIEmoIJRr2A==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 14004 (0x36b4)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Jan 30 10:47:27 2018 GMT
+ Not After : Jan 28 10:47:27 2028 GMT
+ Subject: CN=zbartakovics
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:8e:37:8a:ac:33:b1:25:3b:48:63:b1:8b:49:68:
+ d3:a2:56:b7:b6:6b:0e:de:ed:9f:7e:0e:c9:8c:8d:
+ 1f:37:81:de:99:1c:ee:d8:74:ac:e0:73:cb:93:bd:
+ c6:6f:32:a2:30:ae:d6:87:93:59:0d:b3:09:67:ba:
+ fc:4b:43:54:ac:d2:86:2c:4a:08:91:08:d5:ef:17:
+ 4e:b4:65:c3:69:55:3f:65:b5:18:59:31:e8:17:21:
+ 04:eb:af:11:e3:b0:56
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 99:1D:BF:07:30:49:FC:A7:A7:2C:A2:3C:DD:C4:C8:4C:7A:BF:97:8E
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:30:15:70:82:b0:56:64:69:39:d9:05:44:4c:8a:59:
+ 9f:2f:33:80:19:91:92:de:cb:8b:00:92:0c:0d:7c:0a:43:ec:
+ bd:b3:dc:ca:d8:3b:ca:d1:b1:39:83:25:2f:00:0b:f8:02:31:
+ 00:92:db:1d:38:d9:e2:7d:c2:43:8e:c1:7b:45:f3:e5:c0:aa:
+ d2:d9:f7:be:28:d9:c1:b3:40:04:7d:6f:86:2f:ab:bb:4b:6d:
+ 3e:ec:af:e2:27:b0:95:ce:2b:fc:0b:1f:b8
+-----BEGIN CERTIFICATE-----
+MIIB8DCCAXagAwIBAgICNrQwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xODAxMzAxMDQ3MjdaFw0yODAxMjgxMDQ3MjdaMBcxFTATBgNVBAMM
+DHpiYXJ0YWtvdmljczB2MBAGByqGSM49AgEGBSuBBAAiA2IABI43iqwzsSU7SGOx
+i0lo06JWt7ZrDt7tn34OyYyNHzeB3pkc7th0rOBzy5O9xm8yojCu1oeTWQ2zCWe6
+/EtDVKzShixKCJEI1e8XTrRlw2lVP2W1GFkx6BchBOuvEeOwVqOBljCBkzAJBgNV
+HRMEAjAAMB0GA1UdDgQWBBSZHb8HMEn8p6csojzdxMhMer+XjjBFBgNVHSMEPjA8
+gBQ0+FxfsE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBD
+QYIJANzVB7ZWgM/zMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAK
+BggqhkjOPQQDAgNoADBlAjAVcIKwVmRpOdkFREyKWZ8vM4AZkZLey4sAkgwNfApD
+7L2z3MrYO8rRsTmDJS8AC/gCMQCS2x042eJ9wkOOwXtF8+XAqtLZ974o2cGzQAR9
+b4Yvq7tLbT7sr+InsJXOK/wLH7g=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 10257 (0x2811)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:33:38 2017 GMT
+ Not After : Oct 17 09:33:38 2027 GMT
+ Subject: CN=zfelleg
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:cf:d4:8f:88:15:a2:5f:1a:5d:2d:dd:51:2b:0d:
+ f1:6e:0b:4d:8b:81:67:ac:37:75:0b:1a:fa:fa:08:
+ 5b:4c:4a:d1:9b:63:df:b6:df:bd:dc:14:75:47:c3:
+ 77:6c:0e:f6:c1:7b:21:4b:5d:91:7e:93:7e:39:ac:
+ 07:69:86:15:9f:d8:b2:85:ee:2e:24:24:b7:e1:12:
+ 2a:d9:04:5b:f3:22:9e:2c:f3:3a:aa:3c:0d:de:28:
+ 13:8b:7a:b6:72:62:28
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 0E:89:B8:B3:3F:79:44:1B:2D:22:D5:67:BE:BB:FB:4B:F8:52:27:4B
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:31:00:ed:61:aa:ec:d9:b6:11:19:58:65:7f:57:3c:
+ 98:a8:dd:c0:db:3f:c2:43:a4:a6:21:34:98:21:f2:43:2f:81:
+ c6:a2:b1:f2:c9:eb:ea:37:6a:18:f9:81:ea:33:1a:6a:d4:02:
+ 30:48:a3:18:1a:4f:2e:8b:5e:67:e5:a9:f3:48:01:25:b9:73:
+ 0c:48:50:9f:0a:c1:9f:45:d3:e9:70:09:bd:18:38:17:66:0b:
+ f2:24:a2:77:0e:53:bf:67:be:36:9d:d7:9d
+-----BEGIN CERTIFICATE-----
+MIIB6zCCAXGgAwIBAgICKBEwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMzMzhaFw0yNzEwMTcwOTMzMzhaMBIxEDAOBgNVBAMM
+B3pmZWxsZWcwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATP1I+IFaJfGl0t3VErDfFu
+C02LgWesN3ULGvr6CFtMStGbY9+2373cFHVHw3dsDvbBeyFLXZF+k345rAdphhWf
+2LKF7i4kJLfhEirZBFvzIp4s8zqqPA3eKBOLerZyYiijgZYwgZMwCQYDVR0TBAIw
+ADAdBgNVHQ4EFgQUDom4sz95RBstItVnvrv7S/hSJ0swRQYDVR0jBD4wPIAUNPhc
+X7BPtuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc
+1Qe2VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI
+zj0EAwIDaAAwZQIxAO1hquzZthEZWGV/VzyYqN3A2z/CQ6SmITSYIfJDL4HGorHy
+yevqN2oY+YHqMxpq1AIwSKMYGk8ui15n5anzSAEluXMMSFCfCsGfRdPpcAm9GDgX
+ZgvyJKJ3DlO/Z742nded
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 12097 (0x2f41)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN=OpenVPN CA
+ Validity
+ Not Before: Oct 19 09:33:49 2017 GMT
+ Not After : Oct 17 09:33:49 2027 GMT
+ Subject: CN=zsnemes
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:ef:9d:6d:83:d5:6a:c2:ac:d9:a5:9f:37:e0:8f:
+ cc:a1:38:66:87:b8:ed:b3:3a:3b:b3:04:de:c9:54:
+ 72:4c:c5:0e:50:81:0f:9e:8c:cd:27:61:99:25:58:
+ f6:b4:c8:0c:0b:2e:95:4e:a4:64:b1:25:b7:32:f5:
+ 18:62:9b:3a:65:de:3c:5f:b3:c3:9d:30:34:b2:a5:
+ 45:18:b8:17:a6:ef:47:29:48:56:e0:ff:93:4a:a8:
+ 21:e9:1b:f4:71:63:7e
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 97:0E:42:9E:05:27:59:9E:29:8E:22:AA:1A:85:E0:F9:B8:03:DA:20
+ X509v3 Authority Key Identifier:
+ keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF
+ DirName:/CN=OpenVPN CA
+ serial:DC:D5:07:B6:56:80:CF:F3
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:65:02:31:00:86:0d:4d:32:f7:5b:5f:a6:f8:36:52:7c:37:
+ bd:d3:1a:39:c3:16:0b:42:2e:95:4d:ff:ed:25:05:89:03:11:
+ 34:c2:30:7c:94:69:a5:90:68:15:7e:eb:1e:87:e4:c5:c1:02:
+ 30:20:c1:1a:86:89:2c:b5:67:f7:1a:a5:bb:4e:8e:cd:42:78:
+ 32:e7:75:b6:d0:c3:e5:61:40:48:c1:6b:20:54:42:de:ee:7a:
+ aa:7e:52:d9:c6:ee:16:90:1a:8c:0a:ae:b3
+-----BEGIN CERTIFICATE-----
+MIIB6zCCAXGgAwIBAgICL0EwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ
+TiBDQTAeFw0xNzEwMTkwOTMzNDlaFw0yNzEwMTcwOTMzNDlaMBIxEDAOBgNVBAMM
+B3pzbmVtZXMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATvnW2D1WrCrNmlnzfgj8yh
+OGaHuO2zOjuzBN7JVHJMxQ5QgQ+ejM0nYZklWPa0yAwLLpVOpGSxJbcy9Rhimzpl
+3jxfs8OdMDSypUUYuBem70cpSFbg/5NKqCHpG/RxY36jgZYwgZMwCQYDVR0TBAIw
+ADAdBgNVHQ4EFgQUlw5CngUnWZ4pjiKqGoXg+bgD2iAwRQYDVR0jBD4wPIAUNPhc
+X7BPtuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc
+1Qe2VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI
+zj0EAwIDaAAwZQIxAIYNTTL3W1+m+DZSfDe90xo5wxYLQi6VTf/tJQWJAxE0wjB8
+lGmlkGgVfuseh+TFwQIwIMEahokstWf3GqW7To7NQngy53W20MPlYUBIwWsgVELe
+7nqqflLZxu4WkBqMCq6z
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDXDmyQ4XF5iPRhk/8g
+XXdZ5ECp/D3r7OnQDsORGakLdezeXNdK0ZgdIBX0R5/Vg1mhZANiAATKgcFK6lkK
+5rU0kHhgrpq5XNhSPuyPMACWwGteF2Crcglz4z4xW/f+7TFIlG/poEpwdlVbQQfq
+r+KKsV9cleT0tGAdkcgP+1f2U3kHOi7Jb5ZqfR4c9nQZdoy7wd3d/20=
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBWJGEFVc/SmIhR0WOU
+yvUkd77l0e1NWkcUaVzR9ImZR8hVKPHkSH7mxgZW8ntIWBShZANiAATawlMGg/dI
+5Wr4ifzVvdvQuXzg2YMsY3vSX4GngfzIPf8zqEjwqnsHaBuqAXBe2NEYphLJZUIq
+Q7w3GUFXorzl+5tKC4hHUOKtPnkiVMDprCov5+0NoME4hp5F7BQSo3M=
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAcQQScflm1tSD4BQhX
+fWc/SL9jTmJnJC4hHlFyr6u558vkhOn49nOv62bdtGUKQjGhZANiAASPPHQuXdeQ
+rFwv6P7zio1ra5aYp2PjA0JMK0kiqAfCrAaJqIAEJl5oeai5hHk+2phWFTbyfAn4
+QXhcjizeGxiKSUyP/u2Vjw/LW+JksWPvPdGVSfFOc0enEZQcNtrmVc8=
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDArFkY/hBHoHVjQTRyX
+IrGy0dove2XopHBruMLhyoCeALqMVf71yMiC5ULPfcHa832hZANiAAQ3ZmbBuJAD
+gI11ItthLnIOeASRndqZOR2JCw40kAYNPYwlL/xWdbyFqyRUFPQnOUkQEYBKB3ty
+7XmNlTTjBxM72lHrirV3tnHkl+YFTyc+CsH2H/+/pF5DyrxC/T9Jw1s=
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDe4Jpe920R6SnsUcPv
+m1PNDzITYzGgFBfuQgAsx6xyVacWYTjDoezx18adTrxebB6hZANiAARmVFgyQz8L
+UFbB2G6VIeGOjACQJdoA3w5SmueCvJP+oD/QCb4thCZZ3A115/gSWFJNbjFopBmr
+h3fqnXKCd/eUQpFBKSDa7/matMIHDUMRk6CDwJLXPjBOW21iqWJ2jQk=
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCsHP52L0UObr9/psSM
+ua2cxeyl2m92YG5GgOAml76NIMUFfeFQgqGSW1slknJISZqhZANiAATyGAmuzTFp
+gM+byhv/Z9hAYdxIYLUZ+UCqC5ILK9l8HwEjzXpiUQpqVxhJ3dNrcUhOMWl8Vrlo
+7aTop8u7bPiV9HZkBxSPTwTpJqJ0RqUQd2cYKJyNKRD3f5Kyg3UZjXQ=
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAiyNiQ4nY7MGLfAJwW
+spibaY/IOE/swPb1Ho2hwLXe7FTeGh1xSGH/NKlUE+KafoOhZANiAAShD3S4uN5D
+wPWmXCRJ+zi8gNe3r6O+jfYIhwsTiy/AHNYaJ3gm1TsPAfOLoD+g3LUqiI19MbKY
+q3FDjNPXwoSk2+hA5oPYb32Mxc+HXbxusm5aB2TLplfgBXg1rnHaXrc=
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDARoRvzkpzAcOI8m67x
+hCTeRoMbGd40xLhjrm+wAufAwpw3qqJe/LHNP12sOuEHbGihZANiAATmLmWEigXn
+0jJrhSAmzQ3coubMIzb0M3vwbA2gjfgME3dX924Ctxo1sO4xJg1XMd8R+hVzvdM+
+5ryXm17aQbA2opWYO6ZO9RiMnv8mjz4Ak7AUhE1D8AH6lW0y8kEOT14=
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDATa0Ldyit4RAnORuqq
+C4y/tAt7nJCaZkGnOsL7NE2V2iKSNyfQ0cH3go0Rb9db/i6hZANiAAQsQOyBia0b
+rsgcPl1iL14nM9JCurlsODTqkNbdEOazGfUCSv6MtHfPb8WrgYKIPE6bgsMiwh/I
+x1OvGPmbks8YUY+VZ2sEn/SVuIsaatRMI8UzRiDS5RW/va8caESYhYI=
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAxNEO7csy6z8FIuKh0
+cUYc7KxGcFNiRb1U0ArLkuTxcFCMBar/1RbshVlrM6ecWQKhZANiAARTjfj0/V/J
+s0xX9sSTf5RDMQliyu9a2BJUWViEIapZi1ojqbcb6ObjpnYUdUXH1QyJXOee8VYq
+bSW4MG9K3YAIsKYHyJjW8woH2WDQAFh/9qVreFOCRFqBAVQYbxv0mfk=
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBlmrzRa0VPDEy4dULf
+z8bt4hVQI0iuIVr7VP7WkGqyfaJXGZlH6OUcsISxn2xTKWChZANiAAQhDXc5t7FD
+Lemi6ak7iM2T1QVNtVgEH0N2G5Mew9LYFTffP9R1x4HMePhjhI1JDUmycV6zcwur
+DFv/mmg5G2rCjrAPvM1pk3lz8sO5BGaHIJAcS8fE6XeGpqWPWaBtA0s=
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDA5CxtZG7mg0mVsbSQS
+QM45ehcXPIjeWufTSVmDFGXG3ON+mmjr/H7/N4yOY3Clj7+hZANiAASrYTreiU4O
+Y+rIa5gai8T5cvS/sg7rlO8EbKnkeFP5qK9qFJsn6RdFx/me5NNZQ5wTxxVjgI6q
+rPyaVVlkfGI9LFAgl9HBHiKUU3RKXzD7oD264J0u4nCvc6XAMkV3LiA=
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDApjJ+iDz8X3qtoQVtC
+jUgcydPDcz6VjstIZ5PGAsYw1QiWbC+7OvnEy+oMETvEzxahZANiAAQlPqO9ySde
+usYwaA+QF5SJaTAEcGq6FkA9BAjtAC2ixEWq26+F0qZAe2mFvM+aQWYLTRrEglOw
+0ctTmDmQERFe55ins3ExsVW+B+/taufc6Tj9A/zVUu2o2t6IIm3CgAo=
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAGMS95Xt2w9eVSEIRz
+QiRQPN5zL1INxTsHy5flZSBvIe/1++f8Il+/vhSssmQeeBmhZANiAAT8XrPkKTSz
+0CgjErlKqoVhKs0Wm/k43AYysTkPiZ/fqm4ccJnb6apdIev2bY/mayW99uZIL3Xu
+FhCl5VTXMn5uJh3CjniAnmk/UDg2QzZClfVCsyIvbIu9yixA6j+Ezr4=
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCDTjabyjcmnlfQF/VI
+cCppGo1RnOkZwbaw9uxuZt11AY9YidT/5HW7aKo/U8ie4cGhZANiAARpwIYnofp0
+Khgh3NTRS7Nu1RYGt1CNOlyG6rklhL1OZdl8MxOOY2TLcDk6rKXQaE31qvFWjFUR
+JtPDwEoQeDV9ulb2mvWvPWu+refinA7sQrJJ4/jWNg3dVvvjwH005S4=
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAWd4gq0fjrX6niP1sy
+BWNPL4IH/XsTCC6H7YzbUq3G6/m5B67/P6TLidyEjKAdx1WhZANiAASwemJDEItL
+rj4TyxCzjIVNu3TfYbsrCgj7FeKFCQXuj/RlQ0v+7zxYrAYR6OTU63zj3UHgJPcZ
+B+5I/WmWdB768rkVQchwZFN9cApG8P7xY3PMvLzgaA3pglLzGVOkE80=
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCPSKMchbxya5tE3BvA
+aVwiGkpkGTYbBvB/2JSNYCyY9NlPJE740SiHT4k2722T6cihZANiAASatpnYySyS
+VCqcWKMah3zTkEsxCXGaZW+eBI9S3BMjD9BDb2/Nhxv2Q+G4ReLCIeLByhP4XNR8
+RMSO0tjUwl52iZMbdDeILsMePoCy0C9iRKbLcyBnlO2xCmRAcWQi+Go=
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBtLhYsFhfQiSZ3tsoP
+Ohxtg8tjRVo5xuNdtovcs9sM6JdHVgNTppG2MHE9br37y6yhZANiAASTFD8kTkUb
+uZktP93eNO/+0pIEAqcVohNwY8MtfMlM4bk9FtpLgqv0+BL7l2f5XO2on1mmj5UH
+YFGu0TGi83uEjiISzxWd8ih5b66Bek+NF8hRQF0Air7XvImcXGp0Jr0=
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDYZtocWg502oc7z6yZ
+5prVXiJHzDxU5ujIdDzWicgPcPHSME2CwewAvXM07n5qXFmhZANiAAR6fiE/NOl0
+Gbu/fp4rxGL9rZ/tgoMAXTlTFIFEDyu8qG7jEAD9eIXSdhK9ij0NjEXM79IuF7DW
+CmjJehL1tN9EESfaIktEjE/Z03y+7nahW0uuzf5A0UOaO/2aE8ZosDg=
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAX1a49j7Quu74cFXmJ
+IupkeE9mTr/tKPgPGiUCv0kyEVauuNkEpyBLO8nPQ81As9mhZANiAATzDoVNelF1
+JjXnVgkBT6e0dceYVafKIYi/DXopwO345fq7S/dzY5y1N7y2syQ8RnPQRk8lfLaY
+LwOFsBMRb8EKpM7RcB/0YPzMKSXAuSJhWCLWP9L2Z58G7Nqfs8of2p0=
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDjqbEAqwUzgWCosiqe
+HcQFZ3ryCgJ+T91AnFv7rv/ZW6lkQ7tXJZ+F3ZHbMfEnsuShZANiAASON4qsM7El
+O0hjsYtJaNOiVre2aw7e7Z9+DsmMjR83gd6ZHO7YdKzgc8uTvcZvMqIwrtaHk1kN
+swlnuvxLQ1Ss0oYsSgiRCNXvF060ZcNpVT9ltRhZMegXIQTrrxHjsFY=
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDlCNDXEXfkpMfZ4qrW
+tHKzpFEibWhvxc2cYDnXXb4SuZ999Xi1cZXp7McJ1lwntFWhZANiAATP1I+IFaJf
+Gl0t3VErDfFuC02LgWesN3ULGvr6CFtMStGbY9+2373cFHVHw3dsDvbBeyFLXZF+
+k345rAdphhWf2LKF7i4kJLfhEirZBFvzIp4s8zqqPA3eKBOLerZyYig=
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDANt00lPuqR3fd6Ugh3
+3jI+P1HQ15Nwb3CAE04fzwAA30upq12Dao3oxs90TPen8fuhZANiAATvnW2D1WrC
+rNmlnzfgj8yhOGaHuO2zOjuzBN7JVHJMxQ5QgQ+ejM0nYZklWPa0yAwLLpVOpGSx
+Jbcy9Rhimzpl3jxfs8OdMDSypUUYuBem70cpSFbg/5NKqCHpG/RxY34=
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBCTCBkAIBADARMQ8wDQYDVQQDDAZhYm9yemEwdjAQBgcqhkjOPQIBBgUrgQQA
+IgNiAATKgcFK6lkK5rU0kHhgrpq5XNhSPuyPMACWwGteF2Crcglz4z4xW/f+7TFI
+lG/poEpwdlVbQQfqr+KKsV9cleT0tGAdkcgP+1f2U3kHOi7Jb5ZqfR4c9nQZdoy7
+wd3d/22gADAKBggqhkjOPQQDAgNoADBlAjAHn6n+wwImEU6d8tn4wMlC5rk28Jn3
+VtZfeKd4k540CFx4J73Lzc9PzQaNgUDm2vQCMQC+wOh3T/Is8VLDw76Ht8WK74jd
+JyR3lWuNW+GXqA22/Zka4fkD0ihiQWOhwo/t5M0=
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBCTCBkAIBADARMQ8wDQYDVQQDDAZhY3NpYmEwdjAQBgcqhkjOPQIBBgUrgQQA
+IgNiAATawlMGg/dI5Wr4ifzVvdvQuXzg2YMsY3vSX4GngfzIPf8zqEjwqnsHaBuq
+AXBe2NEYphLJZUIqQ7w3GUFXorzl+5tKC4hHUOKtPnkiVMDprCov5+0NoME4hp5F
+7BQSo3OgADAKBggqhkjOPQQDAgNoADBlAjEAw69iohBTC/k5P1SNegtRvj7xNr8z
+qpCLNWpwpD+R7fQn/2oGrFcP8n1UUD2FCrRSAjBxvguhMfxhfB/6Zl3SLCSVTO1U
+zo4dJN1h/jjUEXaxYxNho6Rn3pKJIULn+aWp+v8=
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBDzCBlgIBADAXMRUwEwYDVQQDDAxha29zenRvbGFueWkwdjAQBgcqhkjOPQIB
+BgUrgQQAIgNiAASPPHQuXdeQrFwv6P7zio1ra5aYp2PjA0JMK0kiqAfCrAaJqIAE
+Jl5oeai5hHk+2phWFTbyfAn4QXhcjizeGxiKSUyP/u2Vjw/LW+JksWPvPdGVSfFO
+c0enEZQcNtrmVc+gADAKBggqhkjOPQQDAgNoADBlAjEA1B8DJJV3T4P1QS/u4jC4
+xQ146ioh9foP0Qk7/K2WTF+cnXNDCTCPUKeeen4h2J/OAjB2tJwM9FWvhQklgHQh
+0bbpFz3wUG9e98//hGBbAcylvPsXzIQLUvhIwdcCjlLI51I=
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBCzCBkwIBADAUMRIwEAYDVQQDDAlhenNhbWJva2kwdjAQBgcqhkjOPQIBBgUr
+gQQAIgNiAAQ3ZmbBuJADgI11ItthLnIOeASRndqZOR2JCw40kAYNPYwlL/xWdbyF
+qyRUFPQnOUkQEYBKB3ty7XmNlTTjBxM72lHrirV3tnHkl+YFTyc+CsH2H/+/pF5D
+yrxC/T9Jw1ugADAKBggqhkjOPQQDAgNnADBkAjAORjxnyGtfv8E0QjnlDG3HgnLW
+dDTL58ucnYnipQ9XuDwdeYD+8dorvsm92jqFcA0CMAGy+ISAWh2n397dqeI4Xlml
+m9nCpnjUf/PHpYmEFEzcryU2BZL6ZT2z3DdJqIv6bQ==
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBCzCBkgIBADATMREwDwYDVQQDDAhjc2d1bHlhczB2MBAGByqGSM49AgEGBSuB
+BAAiA2IABPIYCa7NMWmAz5vKG/9n2EBh3EhgtRn5QKoLkgsr2XwfASPNemJRCmpX
+GEnd02txSE4xaXxWuWjtpOiny7ts+JX0dmQHFI9PBOkmonRGpRB3ZxgonI0pEPd/
+krKDdRmNdKAAMAoGCCqGSM49BAMCA2gAMGUCMQCREMfh5Pi8JhC/zDaG2JJ6eY4X
+o1NMcUwfjBpwAvonaC0jo1U76Gg1zxsdVxJAPuACMB/Nxz1UNWsTydwyTS3JyaAT
+QstJL5PIYCAR37fUrU9K4EpQd3z3Edi32JIGlb9wiA==
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBCjCBkQIBADASMRAwDgYDVQQDDAdjc2xldmFpMHYwEAYHKoZIzj0CAQYFK4EE
+ACIDYgAEoQ90uLjeQ8D1plwkSfs4vIDXt6+jvo32CIcLE4svwBzWGid4JtU7DwHz
+i6A/oNy1KoiNfTGymKtxQ4zT18KEpNvoQOaD2G99jMXPh128brJuWgdky6ZX4AV4
+Na5x2l63oAAwCgYIKoZIzj0EAwIDaAAwZQIwfkWR5WF3c1o+uV7ZWoYV/BEKl0m7
+8YiH8VrV1WXtZPW+1zzzpwCBGlRJ2FwBuqSMAjEAjx6g0IRQ/Zzw4Y6aCGOH6mP2
+aKqp5VAIJJFjJ/gPovPDxDgJFWhFuFlzcdm2Venv
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBCTCBkQIBADASMRAwDgYDVQQDDAdkdmFzYXJ5MHYwEAYHKoZIzj0CAQYFK4EE
+ACIDYgAE5i5lhIoF59Iya4UgJs0N3KLmzCM29DN78GwNoI34DBN3V/duArcaNbDu
+MSYNVzHfEfoVc73TPua8l5te2kGwNqKVmDumTvUYjJ7/Jo8+AJOwFIRNQ/AB+pVt
+MvJBDk9eoAAwCgYIKoZIzj0EAwIDZwAwZAIwQgDM/EyEAz0G+0Vqel9bMbddmnmD
+u5otbshs7IIRjEUgtaaM3zOgClgMNuDDc1GcAjAwvERdKdEyIwYRuWviRmHyOpI9
+0nvmEbPS52Vkdgu2WJpSEUC7TKUkElk2kmL9V10=
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBCzCBkQIBADASMRAwDgYDVQQDDAdmcml0dGVyMHYwEAYHKoZIzj0CAQYFK4EE
+ACIDYgAELEDsgYmtG67IHD5dYi9eJzPSQrq5bDg06pDW3RDmsxn1Akr+jLR3z2/F
+q4GCiDxOm4LDIsIfyMdTrxj5m5LPGFGPlWdrBJ/0lbiLGmrUTCPFM0Yg0uUVv72v
+HGhEmIWCoAAwCgYIKoZIzj0EAwIDaQAwZgIxAJ2V46Z1RFtSNPPOaUkeHmNlT/vT
+VMiRYLCILaQiVXfu+z7ac23UsPex1QIDlxlIxgIxANSjHlc5G0suEd/8Ci+/MKMO
+oM0RrNFiT7N/yaeZN/kETTez0Ff6uXNwQK4yvqILQQ==
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBCzCBkgIBADATMREwDwYDVQQDDAhmc2NobmVsbDB2MBAGByqGSM49AgEGBSuB
+BAAiA2IABFON+PT9X8mzTFf2xJN/lEMxCWLK71rYElRZWIQhqlmLWiOptxvo5uOm
+dhR1RcfVDIlc557xViptJbgwb0rdgAiwpgfImNbzCgfZYNAAWH/2pWt4U4JEWoEB
+VBhvG/SZ+aAAMAoGCCqGSM49BAMCA2gAMGUCMEsBzT78nmPLpK2HRJJxK/BJPcMl
+E70gcIm2YIR9qn2L/IQhktELOqoeILMURnR2qAIxAPiSkyKoVp7iRfyq8MvbiJB8
+aIo/blqnEDgi1m0Y/s/wuHRwJAsIn1nK6B55S3jjyA==
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBCjCBkQIBADASMRAwDgYDVQQDDAdpZmFiaWFuMHYwEAYHKoZIzj0CAQYFK4EE
+ACIDYgAEIQ13ObexQy3poumpO4jNk9UFTbVYBB9DdhuTHsPS2BU33z/UdceBzHj4
+Y4SNSQ1JsnFes3MLqwxb/5poORtqwo6wD7zNaZN5c/LDuQRmhyCQHEvHxOl3hqal
+j1mgbQNLoAAwCgYIKoZIzj0EAwIDaAAwZQIxANNPYThD0Cil9d7rU6DohzuVDgYz
+TD0zUWxoZh6IuyCkhueEgO7v3zI+7HHwUdF0mwIwFTMXmxUmGFcIkFziUk2Ccwf2
+WAwQHouAeMguwDd5XVl7+6pFmJ9bXXHm+sPumuFs
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBCzCBkgIBADATMREwDwYDVQQDDAhraG9ydmF0aDB2MBAGByqGSM49AgEGBSuB
+BAAiA2IABKthOt6JTg5j6shrmBqLxPly9L+yDuuU7wRsqeR4U/mor2oUmyfpF0XH
++Z7k01lDnBPHFWOAjqqs/JpVWWR8Yj0sUCCX0cEeIpRTdEpfMPugPbrgnS7icK9z
+pcAyRXcuIKAAMAoGCCqGSM49BAMCA2gAMGUCMQChfy+YUCLrhvagP6wcWV9dSu5x
+7PrKDJGAuqcdufaFxn6PGG+K4szyrBkvGh5y6UcCMB0dpGJcz9ObOclOdg8XT2om
+5xqYIwcmh1P94/Nu41VCudq9XfTo3uovuleqhFfIXw==
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBCDCBjwIBADAQMQ4wDAYDVQQDDAVra2VsZTB2MBAGByqGSM49AgEGBSuBBAAi
+A2IABCU+o73JJ166xjBoD5AXlIlpMARwaroWQD0ECO0ALaLERarbr4XSpkB7aYW8
+z5pBZgtNGsSCU7DRy1OYOZAREV7nmKezcTGxVb4H7+1q59zpOP0D/NVS7aja3ogi
+bcKACqAAMAoGCCqGSM49BAMCA2gAMGUCMQC5ojkTrBXwECnhKwXfpjPyD3X4QHKV
+wMU8UkTW7GrcFujaRmrwdAmaX6FaN53Tls4CMB9NYoHASiHQ6LBFFGF5VV4VIhhU
+JOAXEGDvA7n4OZIqSWBHKsl9ZMFdJFR8NqTE7g==
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBCzCBkwIBADAUMRIwEAYDVQQDDAlrc2NoYWZmZXIwdjAQBgcqhkjOPQIBBgUr
+gQQAIgNiAAT8XrPkKTSz0CgjErlKqoVhKs0Wm/k43AYysTkPiZ/fqm4ccJnb6apd
+Iev2bY/mayW99uZIL3XuFhCl5VTXMn5uJh3CjniAnmk/UDg2QzZClfVCsyIvbIu9
+yixA6j+Ezr6gADAKBggqhkjOPQQDAgNnADBkAjBk4JB3mbZLPtoFbXPWPM3lfVpw
+PHE7VkQtQ+E0BX8IrFU8R4T1nImdk2XIVWxsNQcCMEyksu0iBhXGmYeMOeyROERD
+L2/cc1nKZlgksMZgRV9jtisRGqEz5xk8R06jF9CuKQ==
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBCjCBkAIBADARMQ8wDQYDVQQDDAZtc3phYm8wdjAQBgcqhkjOPQIBBgUrgQQA
+IgNiAARpwIYnofp0Khgh3NTRS7Nu1RYGt1CNOlyG6rklhL1OZdl8MxOOY2TLcDk6
+rKXQaE31qvFWjFURJtPDwEoQeDV9ulb2mvWvPWu+refinA7sQrJJ4/jWNg3dVvvj
+wH005S6gADAKBggqhkjOPQQDAgNpADBmAjEA4dPM+R0J+e6PZUREJgSuu19ZTJ55
+d724QwCa9e4g183kbH4tFDKw+AbGh/Mqa9aFAjEA2WoHY3D8qjqqHIg1y8AL3emC
+NWIKOC6CcDIdIEDW9K2ozHFWsrFl/v/V95acH1yb
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBCjCBkQIBADASMRAwDgYDVQQDDAdwdG9tYm9yMHYwEAYHKoZIzj0CAQYFK4EE
+ACIDYgAEsHpiQxCLS64+E8sQs4yFTbt032G7KwoI+xXihQkF7o/0ZUNL/u88WKwG
+Eejk1Ot8491B4CT3GQfuSP1plnQe+vK5FUHIcGRTfXAKRvD+8WNzzLy84GgN6YJS
+8xlTpBPNoAAwCgYIKoZIzj0EAwIDaAAwZQIxAIN3/Ml9/EUkSfmMocYrw7o2FhjD
+JPwT4CwoXhHOi0v3G+oiYUngpSu/MrNH8Cv6WQIwO5rXLP+JSoq7JuwhcTaq/Wvk
+6DHRBNQruYut4L9XkKuQMFx+SWtVey4lbGv/Q2WB
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBBzCBjgIBADAPMQ0wCwYDVQQDDARxcWNzMHYwEAYHKoZIzj0CAQYFK4EEACID
+YgAEmraZ2MksklQqnFijGod805BLMQlxmmVvngSPUtwTIw/QQ29vzYcb9kPhuEXi
+wiHiwcoT+FzUfETEjtLY1MJedomTG3Q3iC7DHj6AstAvYkSmy3MgZ5TtsQpkQHFk
+IvhqoAAwCgYIKoZIzj0EAwIDaAAwZQIxANIOQeE5+Y+D7xxSr09YKCkxDu+hTEAJ
+0Jdl6RsN1yAYXwQC+uDpuLFtFK6wCfkkTwIwYfHncH/VLj3FiGU9r020n1Ty7Kgm
+fzBqu2obFv7v0SoRuVaY8lMEo1kLMel3uaGI
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBCTCBkQIBADASMRAwDgYDVQQDDAdycmVuZGVrMHYwEAYHKoZIzj0CAQYFK4EE
+ACIDYgAEkxQ/JE5FG7mZLT/d3jTv/tKSBAKnFaITcGPDLXzJTOG5PRbaS4Kr9PgS
++5dn+VztqJ9Zpo+VB2BRrtExovN7hI4iEs8VnfIoeW+ugXpPjRfIUUBdAIq+17yJ
+nFxqdCa9oAAwCgYIKoZIzj0EAwIDZwAwZAIwU1YFf95rKyPzWcPqh6J7T86anGPp
+u4JOI3owLMqVkmNDRFHaX0MiKC0fK2K6F9KhAjB9PNfnF+U+XUzURgBk/k1gmhN3
+dIP8qzSNG7xr/q2zX9T2+kWwr8cujVk9SdMZvs8=
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBCTCBjwIBADAQMQ4wDAYDVQQDDAVydG90aDB2MBAGByqGSM49AgEGBSuBBAAi
+A2IABHp+IT806XQZu79+nivEYv2tn+2CgwBdOVMUgUQPK7yobuMQAP14hdJ2Er2K
+PQ2MRczv0i4XsNYKaMl6EvW030QRJ9oiS0SMT9nTfL7udqFbS67N/kDRQ5o7/ZoT
+xmiwOKAAMAoGCCqGSM49BAMCA2kAMGYCMQC5dDTbGjhQEFuZePDLLuofjiATkKWT
+uUCYIL/BejVZGrsWJr2gVfPvaqfKTlWPJoACMQCXPk3IxAlRRYT0j/OVGyHn+/zd
+/2zfmtoy7va1LXKTs0C0nZN68kF7UrKvtKxyFMg=
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBCTCBkAIBADARMQ8wDQYDVQQDDAZzZXJ2ZXIwdjAQBgcqhkjOPQIBBgUrgQQA
+IgNiAATzDoVNelF1JjXnVgkBT6e0dceYVafKIYi/DXopwO345fq7S/dzY5y1N7y2
+syQ8RnPQRk8lfLaYLwOFsBMRb8EKpM7RcB/0YPzMKSXAuSJhWCLWP9L2Z58G7Nqf
+s8of2p2gADAKBggqhkjOPQQDAgNoADBlAjAi4XYb4RfwUZhl6anNeeyPjC+hc0a7
++VDfP7JO/jT1ZJMUu2pWyxWYSQnQeDLcDagCMQDXSrimsm3eOCxtHArtRmnaQ2co
+wyrc2q+Nf/7+7O8NIsdAWEcIDDmO4hNw0Gn+LBM=
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBDzCBlgIBADAXMRUwEwYDVQQDDAx6YmFydGFrb3ZpY3MwdjAQBgcqhkjOPQIB
+BgUrgQQAIgNiAASON4qsM7ElO0hjsYtJaNOiVre2aw7e7Z9+DsmMjR83gd6ZHO7Y
+dKzgc8uTvcZvMqIwrtaHk1kNswlnuvxLQ1Ss0oYsSgiRCNXvF060ZcNpVT9ltRhZ
+MegXIQTrrxHjsFagADAKBggqhkjOPQQDAgNoADBlAjEAtI4zlXdoRKDV6MsMmQlj
+HcNTayQ6SFCc8uZzXOS+GvKWNN05yJX7aJVpKhV64XbMAjBe20XbfTvkdOLrVYb5
+mnJ27Jj9aobYl3ILafAPOgthBX/t9YA2UCzCr5eJujxmLZM=
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBCzCBkQIBADASMRAwDgYDVQQDDAd6ZmVsbGVnMHYwEAYHKoZIzj0CAQYFK4EE
+ACIDYgAEz9SPiBWiXxpdLd1RKw3xbgtNi4FnrDd1Cxr6+ghbTErRm2Pftt+93BR1
+R8N3bA72wXshS12RfpN+OawHaYYVn9iyhe4uJCS34RIq2QRb8yKeLPM6qjwN3igT
+i3q2cmIooAAwCgYIKoZIzj0EAwIDaQAwZgIxAN9ivd74Lzh+SsAoemHUqu6rhugM
+/wd54dqiap/Ckjr5SkEh2LxEGqlnMI6P9UpuzQIxAJzLyLFUg7OseNKzLCuXGJNu
+AOj3ZW41qcegZuZ1hEsWtkpdCLmrQIMRh0hNNT5JeQ==
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBCzCBkQIBADASMRAwDgYDVQQDDAd6c25lbWVzMHYwEAYHKoZIzj0CAQYFK4EE
+ACIDYgAE751tg9VqwqzZpZ834I/MoThmh7jtszo7swTeyVRyTMUOUIEPnozNJ2GZ
+JVj2tMgMCy6VTqRksSW3MvUYYps6Zd48X7PDnTA0sqVFGLgXpu9HKUhW4P+TSqgh
+6Rv0cWN+oAAwCgYIKoZIzj0EAwIDaQAwZgIxAORI2d67T/kCfaAb3HmYNzE8tJSV
+a0JlXSbyNNR8qzE4y99kg+2Y45FqDiFwMWHrkgIxAIB2LM6T0Pr3bgM1dSanGIMy
+6A/alMG5hUjyZrDE9R9GmS/kqEw5IVMWwzCA8I8vKA==
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+e2c3228e2b7b2e06ea31c36d88f0b025
+a43272d29c5e75ce0e0d848a22455f7f
+2fbbe2913630194ca637d987b9c9a62d
+4e68ce4cb9cc00a13475e749fdbf98c9
+cae6c8c4ef8e5b8bbf6d0cd30c217625
+382064df6f2fba84d572f0b462530549
+462ef72ebdf83b41bb1c25467d516938
+b9b82d3a5a6ba072c5ca7c1ed54500f1
+932f175f377cbf6a9250690eb36cf05b
+8d04c22756cb43d787d5c6efbbe78732
+02cdc11cf66cef8ccf0842f6f3de425a
+e0c1f29111e7aaf091b97b3958a35066
+94ba9f615b622339e6151314c6ea6014
+518c7ea5e064965985afab9a4bbba63e
+80fb88e0ab45db4f734c1650dcd01810
+c201d2efe838b414674643ce2d05fdab
+-----END OpenVPN Static key V1-----
--- /dev/null
+# Easy-RSA 3 parameter settings
+
+# NOTE: If you installed Easy-RSA from your distro's package manager, don't edit
+# this file in place -- instead, you should copy the entire easy-rsa directory
+# to another location so future upgrades don't wipe out your changes.
+
+# HOW TO USE THIS FILE
+#
+# vars.example contains built-in examples to Easy-RSA settings. You MUST name
+# this file 'vars' if you want it to be used as a configuration file. If you do
+# not, it WILL NOT be automatically read when you call easyrsa commands.
+#
+# It is not necessary to use this config file unless you wish to change
+# operational defaults. These defaults should be fine for many uses without the
+# need to copy and edit the 'vars' file.
+#
+# All of the editable settings are shown commented and start with the command
+# 'set_var' -- this means any set_var command that is uncommented has been
+# modified by the user. If you're happy with a default, there is no need to
+# define the value to its default.
+
+# NOTES FOR WINDOWS USERS
+#
+# Paths for Windows *MUST* use forward slashes, or optionally double-esscaped
+# backslashes (single forward slashes are recommended.) This means your path to
+# the openssl binary might look like this:
+# "C:/Program Files/OpenSSL-Win32/bin/openssl.exe"
+
+# A little housekeeping: DON'T EDIT THIS SECTION
+#
+# Easy-RSA 3.x doesn't source into the environment directly.
+# Complain if a user tries to do this:
+if [ -z "$EASYRSA_CALLER" ]; then
+ echo "You appear to be sourcing an Easy-RSA 'vars' file." >&2
+ echo "This is no longer necessary and is disallowed. See the section called" >&2
+ echo "'How to use this file' near the top comments for more details." >&2
+ return 1
+fi
+
+# DO YOUR EDITS BELOW THIS POINT
+
+# This variable should point to the top level of the easy-rsa tree. By default,
+# this is taken to be the directory you are currently in.
+
+#set_var EASYRSA "$PWD"
+
+# If your OpenSSL command is not in the system PATH, you will need to define the
+# path to it here. Normally this means a full path to the executable, otherwise
+# you could have left it undefined here and the shown default would be used.
+#
+# Windows users, remember to use paths with forward-slashes (or escaped
+# back-slashes.) Windows users should declare the full path to the openssl
+# binary here if it is not in their system PATH.
+
+#set_var EASYRSA_OPENSSL "openssl"
+#
+# This sample is in Windows syntax -- edit it for your path if not using PATH:
+#set_var EASYRSA_OPENSSL "C:/Program Files/OpenSSL-Win32/bin/openssl.exe"
+
+# Edit this variable to point to your soon-to-be-created key directory.
+#
+# WARNING: init-pki will do a rm -rf on this directory so make sure you define
+# it correctly! (Interactive mode will prompt before acting.)
+
+#set_var EASYRSA_PKI "$EASYRSA/pki"
+
+# Define X509 DN mode.
+# This is used to adjust what elements are included in the Subject field as the DN
+# (this is the "Distinguished Name.")
+# Note that in cn_only mode the Organizational fields further below aren't used.
+#
+# Choices are:
+# cn_only - use just a CN value
+# org - use the "traditional" Country/Province/City/Org/OU/email/CN format
+
+#set_var EASYRSA_DN "cn_only"
+
+# Organizational fields (used with 'org' mode and ignored in 'cn_only' mode.)
+# These are the default values for fields which will be placed in the
+# certificate. Don't leave any of these fields blank, although interactively
+# you may omit any specific field by typing the "." symbol (not valid for
+# email.)
+
+#set_var EASYRSA_REQ_COUNTRY "US"
+#set_var EASYRSA_REQ_PROVINCE "California"
+#set_var EASYRSA_REQ_CITY "San Francisco"
+#set_var EASYRSA_REQ_ORG "Copyleft Certificate Co"
+#set_var EASYRSA_REQ_EMAIL "me@example.net"
+#set_var EASYRSA_REQ_OU "My Organizational Unit"
+
+# Choose a size in bits for your keypairs. The recommended value is 2048. Using
+# 2048-bit keys is considered more than sufficient for many years into the
+# future. Larger keysizes will slow down TLS negotiation and make key/DH param
+# generation take much longer. Values up to 4096 should be accepted by most
+# software. Only used when the crypto alg is rsa (see below.)
+
+#set_var EASYRSA_KEY_SIZE 2048
+
+# The default crypto mode is rsa; ec can enable elliptic curve support.
+# Note that not all software supports ECC, so use care when enabling it.
+# Choices for crypto alg are: (each in lower-case)
+# * rsa
+# * ec
+
+set_var EASYRSA_ALGO ec
+
+# Define the named curve, used in ec mode only:
+
+#set_var EASYRSA_CURVE secp384r1
+
+# In how many days should the root CA key expire?
+
+#set_var EASYRSA_CA_EXPIRE 3650
+
+# In how many days should certificates expire?
+
+#set_var EASYRSA_CERT_EXPIRE 3650
+
+# How many days until the next CRL publish date? Note that the CRL can still be
+# parsed after this timeframe passes. It is only used for an expected next
+# publication date.
+
+#set_var EASYRSA_CRL_DAYS 180
+
+# Support deprecated "Netscape" extensions? (choices "yes" or "no".) The default
+# is "no" to discourage use of deprecated extensions. If you require this
+# feature to use with --ns-cert-type, set this to "yes" here. This support
+# should be replaced with the more modern --remote-cert-tls feature. If you do
+# not use --ns-cert-type in your configs, it is safe (and recommended) to leave
+# this defined to "no". When set to "yes", server-signed certs get the
+# nsCertType=server attribute, and also get any NS_COMMENT defined below in the
+# nsComment field.
+
+#set_var EASYRSA_NS_SUPPORT "no"
+
+# When NS_SUPPORT is set to "yes", this field is added as the nsComment field.
+# Set this blank to omit it. With NS_SUPPORT set to "no" this field is ignored.
+
+#set_var EASYRSA_NS_COMMENT "Easy-RSA Generated Certificate"
+
+# A temp file used to stage cert extensions during signing. The default should
+# be fine for most users; however, some users might want an alternative under a
+# RAM-based FS, such as /dev/shm or /tmp on some systems.
+
+#set_var EASYRSA_TEMP_FILE "$EASYRSA_PKI/extensions.temp"
+
+# !!
+# NOTE: ADVANCED OPTIONS BELOW THIS POINT
+# PLAY WITH THEM AT YOUR OWN RISK
+# !!
+
+# Broken shell command aliases: If you have a largely broken shell that is
+# missing any of these POSIX-required commands used by Easy-RSA, you will need
+# to define an alias to the proper path for the command. The symptom will be
+# some form of a 'command not found' error from your shell. This means your
+# shell is BROKEN, but you can hack around it here if you really need. These
+# shown values are not defaults: it is up to you to know what you're doing if
+# you touch these.
+#
+#alias awk="/alt/bin/awk"
+#alias cat="/alt/bin/cat"
+
+# X509 extensions directory:
+# If you want to customize the X509 extensions used, set the directory to look
+# for extensions here. Each cert type you sign must have a matching filename,
+# and an optional file named 'COMMON' is included first when present. Note that
+# when undefined here, default behaviour is to look in $EASYRSA_PKI first, then
+# fallback to $EASYRSA for the 'x509-types' dir. You may override this
+# detection with an explicit dir here.
+#
+#set_var EASYRSA_EXT_DIR "$EASYRSA/x509-types"
+
+# OpenSSL config file:
+# If you need to use a specific openssl config file, you can reference it here.
+# Normally this file is auto-detected from a file named openssl-1.0.cnf from the
+# EASYRSA_PKI or EASYRSA dir (in that order.) NOTE that this file is Easy-RSA
+# specific and you cannot just use a standard config file, so this is an
+# advanced feature.
+
+#set_var EASYRSA_SSL_CONF "$EASYRSA/openssl-1.0.cnf"
+
+# Default CN:
+# This is best left alone. Interactively you will set this manually, and BATCH
+# callers are expected to set this themselves.
+
+#set_var EASYRSA_REQ_CN "ChangeMe"
+
+# Cryptographic digest to use.
+# Do not change this default unless you understand the security implications.
+# Valid choices include: md5, sha1, sha256, sha224, sha384, sha512
+
+#set_var EASYRSA_DIGEST "sha256"
+
+# Batch mode. Leave this disabled unless you intend to call Easy-RSA explicitly
+# in batch mode without any user input, confirmation on dangerous operations,
+# or most output. Setting this to any non-blank string enables batch mode.
+
+#set_var EASYRSA_BATCH ""
+
--- /dev/null
+# X509 extensions added to every signed cert
+
+# This file is included for every cert signed, and by default does nothing.
+# It could be used to add values every cert should have, such as a CDP as
+# demonstrated in the following example:
+
+#crlDistributionPoints = URI:http://example.net/pki/my_ca.crl
--- /dev/null
+# X509 extensions for a ca
+
+# Note that basicConstraints will be overridden by Easy-RSA when defining a
+# CA_PATH_LEN for CA path length limits. You could also do this here
+# manually as in the following example in place of the existing line:
+#
+# basicConstraints = CA:TRUE, pathlen:1
+
+basicConstraints = CA:TRUE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer:always
+keyUsage = cRLSign, keyCertSign
+
--- /dev/null
+# X509 extensions for a client
+
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+extendedKeyUsage = clientAuth
+keyUsage = digitalSignature
+
--- /dev/null
+# X509 extensions for a server
+
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+extendedKeyUsage = serverAuth
+keyUsage = digitalSignature,keyEncipherment
+
--- /dev/null
+#################################################
+# Sample OpenVPN 2.0 config file for #
+# multi-client server. #
+# #
+# This file is for the server side #
+# of a many-clients <-> one-server #
+# OpenVPN configuration. #
+# #
+# OpenVPN also supports #
+# single-machine <-> single-machine #
+# configurations (See the Examples page #
+# on the web site for more info). #
+# #
+# This config should work on Windows #
+# or Linux/BSD systems. Remember on #
+# Windows to quote pathnames and use #
+# double backslashes, e.g.: #
+# "C:\\Program Files\\OpenVPN\\config\\foo.key" #
+# #
+# Comments are preceded with '#' or ';' #
+#################################################
+
+# Which local IP address should OpenVPN
+# listen on? (optional)
+;local a.b.c.d
+
+# Which TCP/UDP port should OpenVPN listen on?
+# If you want to run multiple OpenVPN instances
+# on the same machine, use a different port
+# number for each one. You will need to
+# open up this port on your firewall.
+port 1194
+
+# TCP or UDP server?
+;proto tcp
+proto udp
+
+# "dev tun" will create a routed IP tunnel,
+# "dev tap" will create an ethernet tunnel.
+# Use "dev tap0" if you are ethernet bridging
+# and have precreated a tap0 virtual interface
+# and bridged it with your ethernet interface.
+# If you want to control access policies
+# over the VPN, you must create firewall
+# rules for the the TUN/TAP interface.
+# On non-Windows systems, you can give
+# an explicit unit number, such as tun0.
+# On Windows, use "dev-node" for this.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel if you
+# have more than one. On XP SP2 or higher,
+# you may need to selectively disable the
+# Windows firewall for the TAP adapter.
+# Non-Windows systems usually don't need this.
+;dev-node MyTap
+
+# SSL/TLS root certificate (ca), certificate
+# (cert), and private key (key). Each client
+# and the server must have their own cert and
+# key file. The server and all clients will
+# use the same ca file.
+#
+# See the "easy-rsa" directory for a series
+# of scripts for generating RSA certificates
+# and private keys. Remember to use
+# a unique Common Name for the server
+# and each of the client certificates.
+#
+# Any X509 key management system can be used.
+# OpenVPN can also use a PKCS #12 formatted key file
+# (see "pkcs12" directive in man page).
+ca easy-rsa/pki/ca.crt
+cert easy-rsa/pki/issued/server.crt
+key easy-rsa/pki/private/server.key # This file should be kept secret
+crl-verify easy-rsa/pki/crl.pem
+
+# Diffie hellman parameters.
+# Generate your own with:
+# openssl dhparam -out dh2048.pem 2048
+#dh dh2048.pem
+dh easy-rsa/pki/dh.pem
+
+# Network topology
+# Should be subnet (addressing via IP)
+# unless Windows clients v2.0.9 and lower have to
+# be supported (then net30, i.e. a /30 per client)
+# Defaults to net30 (not recommended)
+;topology subnet
+
+# Configure server mode and supply a VPN subnet
+# for OpenVPN to draw client addresses from.
+# The server will take 10.8.0.1 for itself,
+# the rest will be made available to clients.
+# Each client will be able to reach the server
+# on 10.8.0.1. Comment this line out if you are
+# ethernet bridging. See the man page for more info.
+server 172.16.223.0 255.255.255.0
+
+# Maintain a record of client <-> virtual IP address
+# associations in this file. If OpenVPN goes down or
+# is restarted, reconnecting clients can be assigned
+# the same virtual IP address from the pool that was
+# previously assigned.
+ifconfig-pool-persist ipp.txt
+
+# Configure server mode for ethernet bridging.
+# You must first use your OS's bridging capability
+# to bridge the TAP interface with the ethernet
+# NIC interface. Then you must manually set the
+# IP/netmask on the bridge interface, here we
+# assume 10.8.0.4/255.255.255.0. Finally we
+# must set aside an IP range in this subnet
+# (start=10.8.0.50 end=10.8.0.100) to allocate
+# to connecting clients. Leave this line commented
+# out unless you are ethernet bridging.
+;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
+
+# Configure server mode for ethernet bridging
+# using a DHCP-proxy, where clients talk
+# to the OpenVPN server-side DHCP server
+# to receive their IP address allocation
+# and DNS server addresses. You must first use
+# your OS's bridging capability to bridge the TAP
+# interface with the ethernet NIC interface.
+# Note: this mode only works on clients (such as
+# Windows), where the client-side TAP adapter is
+# bound to a DHCP client.
+;server-bridge
+
+# Push routes to the client to allow it
+# to reach other private subnets behind
+# the server. Remember that these
+# private subnets will also need
+# to know to route the OpenVPN client
+# address pool (10.8.0.0/255.255.255.0)
+# back to the OpenVPN server.
+;push "route 192.168.10.0 255.255.255.0"
+;push "route 192.168.20.0 255.255.255.0"
+push "route 10.228.0.0 255.255.0.0"
+push "route 192.168.42.0 255.255.255.0"
+push "route 192.168.43.0 255.255.255.0"
+
+# To assign specific IP addresses to specific
+# clients or if a connecting client has a private
+# subnet behind it that should also have VPN access,
+# use the subdirectory "ccd" for client-specific
+# configuration files (see man page for more info).
+client-config-dir ccd
+route 10.162.104.0 255.255.255.0
+
+# EXAMPLE: Suppose the client
+# having the certificate common name "Thelonious"
+# also has a small subnet behind his connecting
+# machine, such as 192.168.40.128/255.255.255.248.
+# First, uncomment out these lines:
+;client-config-dir ccd
+;route 192.168.40.128 255.255.255.248
+# Then create a file ccd/Thelonious with this line:
+# iroute 192.168.40.128 255.255.255.248
+# This will allow Thelonious' private subnet to
+# access the VPN. This example will only work
+# if you are routing, not bridging, i.e. you are
+# using "dev tun" and "server" directives.
+
+# EXAMPLE: Suppose you want to give
+# Thelonious a fixed VPN IP address of 10.9.0.1.
+# First uncomment out these lines:
+;client-config-dir ccd
+;route 10.9.0.0 255.255.255.252
+# Then add this line to ccd/Thelonious:
+# ifconfig-push 10.9.0.1 10.9.0.2
+
+# Suppose that you want to enable different
+# firewall access policies for different groups
+# of clients. There are two methods:
+# (1) Run multiple OpenVPN daemons, one for each
+# group, and firewall the TUN/TAP interface
+# for each group/daemon appropriately.
+# (2) (Advanced) Create a script to dynamically
+# modify the firewall in response to access
+# from different clients. See man
+# page for more info on learn-address script.
+;learn-address ./script
+
+# If enabled, this directive will configure
+# all clients to redirect their default
+# network gateway through the VPN, causing
+# all IP traffic such as web browsing and
+# and DNS lookups to go through the VPN
+# (The OpenVPN server machine may need to NAT
+# or bridge the TUN/TAP interface to the internet
+# in order for this to work properly).
+;push "redirect-gateway def1 bypass-dhcp"
+
+# Certain Windows-specific network settings
+# can be pushed to clients, such as DNS
+# or WINS server addresses. CAVEAT:
+# http://openvpn.net/faq.html#dhcpcaveats
+# The addresses below refer to the public
+# DNS servers provided by opendns.com.
+;push "dhcp-option DNS 208.67.222.222"
+;push "dhcp-option DNS 208.67.220.220"
+push "dhcp-option DNS 10.228.109.253"
+
+# Uncomment this directive to allow different
+# clients to be able to "see" each other.
+# By default, clients will only see the server.
+# To force clients to only see the server, you
+# will also need to appropriately firewall the
+# server's TUN/TAP interface.
+;client-to-client
+
+# Uncomment this directive if multiple clients
+# might connect with the same certificate/key
+# files or common names. This is recommended
+# only for testing purposes. For production use,
+# each client should have its own certificate/key
+# pair.
+#
+# IF YOU HAVE NOT GENERATED INDIVIDUAL
+# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
+# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
+# UNCOMMENT THIS LINE OUT.
+;duplicate-cn
+
+# The keepalive directive causes ping-like
+# messages to be sent back and forth over
+# the link so that each side knows when
+# the other side has gone down.
+# Ping every 10 seconds, assume that remote
+# peer is down if no ping received during
+# a 120 second time period.
+keepalive 10 120
+
+# For extra security beyond that provided
+# by SSL/TLS, create an "HMAC firewall"
+# to help block DoS attacks and UDP port flooding.
+#
+# Generate with:
+# openvpn --genkey --secret ta.key
+#
+# The server and each client must have
+# a copy of this key.
+# The second parameter should be '0'
+# on the server and '1' on the clients.
+tls-auth easy-rsa/pki/ta.key 0 # This file is secret
+
+# Select a cryptographic cipher.
+# This config item must be copied to
+# the client config file as well.
+# Note that 2.4 client/server will automatically
+# negotiate AES-256-GCM in TLS mode.
+# See also the ncp-cipher option in the manpage
+cipher AES-256-CBC
+
+# Enable compression on the VPN link and push the
+# option to the client (2.4+ only, for earlier
+# versions see below)
+;compress lz4-v2
+;push "compress lz4-v2"
+
+# For compression compatible with older clients use comp-lzo
+# If you enable it here, you must also
+# enable it in the client config file.
+;comp-lzo
+
+# The maximum number of concurrently connected
+# clients we want to allow.
+;max-clients 100
+
+# It's a good idea to reduce the OpenVPN
+# daemon's privileges after initialization.
+#
+# You can uncomment this out on
+# non-Windows systems.
+user nobody
+group nobody
+
+# The persist options will try to avoid
+# accessing certain resources on restart
+# that may no longer be accessible because
+# of the privilege downgrade.
+persist-key
+persist-tun
+
+# Output a short status file showing
+# current connections, truncated
+# and rewritten every minute.
+status openvpn-status.log
+
+# By default, log messages will go to the syslog (or
+# on Windows, if running as a service, they will go to
+# the "\Program Files\OpenVPN\log" directory).
+# Use log or log-append to override this default.
+# "log" will truncate the log file on OpenVPN startup,
+# while "log-append" will append to it. Use one
+# or the other (but not both).
+;log openvpn.log
+;log-append openvpn.log
+
+# Set the appropriate level of log
+# file verbosity.
+#
+# 0 is silent, except for fatal errors
+# 4 is reasonable for general usage
+# 5 and 6 can help to debug connection problems
+# 9 is extremely verbose
+verb 3
+
+# Silence repeating messages. At most 20
+# sequential messages of the same message
+# category will be output to the log.
+;mute 20
+
+# Notify the client that when the server restarts so it
+# can automatically reconnect.
+explicit-exit-notify 1
--- /dev/null
+#!/bin/sh
+
+
+REAL_PATH=$(realpath $(dirname $0))
+ERSA_PATH=/etc/openvpn/server/easy-rsa
+ERSA_VERSION=$(rpm --query --queryformat "%{VERSION}\n" easy-rsa)
+PKI_PATH=$ERSA_PATH/pki
+
+
+if [ ! -d $PKI_PATH ]
+then
+ if [ -d $ERSA_PATH ]
+ then
+ mv $ERSA_PATH ${ERSA_PATH}.orig
+ fi
+ mkdir $ERSA_PATH
+ cp -a /usr/share/doc/easy-rsa/vars.example $ERSA_PATH/vars
+ cp -a /usr/share/easy-rsa/$ERSA_VERSION/easyrsa $ERSA_PATH
+ cp -a /usr/share/easy-rsa/$ERSA_VERSION/openssl-1.0.cnf $ERSA_PATH
+ cp -a /usr/share/easy-rsa/$ERSA_VERSION/x509-types $ERSA_PATH
+ cd $ERSA_PATH
+ echo "Edit (review only) $ERSA_PATH/openssl-1.0.cnf"
+ read
+ vi $ERSA_PATH/openssl-1.0.cnf
+ echo "Edit (set EASYRSA_ALGO to ec) $ERSA_PATH/vars"
+ echo "Optionally set EASYRSA_CURVE to one of \$(openssl ecparam -list_curves)"
+ read
+ vi $ERSA_PATH/vars
+
+ echo "Run ./easyrsa init-pki"
+ read
+ ./easyrsa init-pki
+ echo "Run ./easyrsa build-ca nopass"
+ read
+ ./easyrsa build-ca nopass
+ echo "Run ./easyrsa gen-crl"
+ read
+ ./easyrsa gen-crl
+ echo "Run ./easyrsa gen-req server nopass"
+ read
+ ./easyrsa gen-req server nopass
+ echo "Run ./easyrsa sign-req server server"
+ read
+ ./easyrsa sign-req server server
+ echo "Run ./easyrsa gen-dh"
+ read
+ ./easyrsa gen-dh
+ echo "Run openvpn --genkey --secret pki/ta.key"
+ read
+ openvpn --genkey --secret pki/ta.key
+ echo "Check server.conf"
+ read
+ #echo "Run ./easyrsa gen-req <name> nopass"
+ #echo "Run ./easyrsa sign-req client <name>"
+ echo "Run ./20_getuids.sh"
+ echo "Run ./30_create_client.sh"
+fi
--- /dev/null
+#!/bin/sh
+
+
+REAL_PATH=$(realpath $(dirname $0))
+
+
+>$REAL_PATH/SEED.txt
+>$REAL_PATH/UIDS.txt
+grep '^[a-z]' $REAL_PATH/NAMES.txt | while read LOGIN_NAME
+do
+ LOGIN_MD5SUM=$(echo $LOGIN_NAME | md5sum | awk '{print $1}')
+ UID_POSITION=30
+ UID_IS_UNIQUE=0
+ while [ $UID_IS_UNIQUE -eq 0 ]
+ do
+ LOGIN_UID=$(echo $LOGIN_MD5SUM | cut -c ${UID_POSITION}- | cut -c 1-3)
+ grep $LOGIN_UID $REAL_PATH/SEED.txt >/dev/null 2>&1
+ if [ $? -eq 1 ]
+ then
+ INT_UID=$(python3 -c "print(10000 + int('$LOGIN_UID', 16))")
+ HEX_UID=$(python3 -c "print(hex($INT_UID))")
+ echo $LOGIN_NAME $LOGIN_MD5SUM $LOGIN_UID $INT_UID $HEX_UID
+ echo $LOGIN_UID >>$REAL_PATH/SEED.txt
+ echo $LOGIN_NAME $INT_UID $HEX_UID >>$REAL_PATH/UIDS.txt
+ UID_IS_UNIQUE=1
+ else
+ UID_POSITION=$(( $UID_POSITION - 1 ))
+ if [ $UID_POSITION -eq 0 ]
+ then
+ echo "Cannot generate unique uid for $LOGIN_NAME" >&2
+ exit 1
+ fi
+ fi
+ done
+done
--- /dev/null
+#!/bin/sh
+
+
+REAL_PATH=$(realpath $(dirname $0))
+OVPN_PATH=/etc/openvpn
+ERSA_PATH=$OVPN_PATH/server/easy-rsa
+PKI_PATH=$ERSA_PATH/pki
+CCFG_PATH=$OVPN_PATH/client-config
+
+
+if [ -z "$1" ]
+then
+ echo "Usage: $(basename $0) clientname"
+fi
+
+NAME=$1
+LINE=$(grep "^$NAME " UIDS.txt)
+if [ -z "$LINE" ]
+then
+ echo "$NAME not found." >&2
+ exit 1
+fi
+
+SERIAL=$(echo $LINE | awk '{print $3}' | cut -c 3-6)
+
+if [ -f $CCFG_PATH/${NAME}.conf ]
+then
+ echo "Configuration for $NAME already exists."
+else
+ echo "Generating configuration for ${NAME}."
+ cd $ERSA_PATH
+ echo $SERIAL >${PKI_PATH}/serial
+ ./easyrsa gen-req $NAME nopass
+ ./easyrsa sign-req client $NAME
+ cp -a $CCFG_PATH/client.conf.template $CCFG_PATH/${NAME}.conf
+ echo >>$CCFG_PATH/${NAME}.conf
+ echo '<ca>' >>$CCFG_PATH/${NAME}.conf
+ cat $PKI_PATH/ca.crt >>$CCFG_PATH/${NAME}.conf
+ echo '</ca>' >>$CCFG_PATH/${NAME}.conf
+ echo >>$CCFG_PATH/${NAME}.conf
+ echo '<cert>' >>$CCFG_PATH/${NAME}.conf
+ cat $PKI_PATH/issued/${NAME}.crt >>$CCFG_PATH/${NAME}.conf
+ echo '</cert>' >>$CCFG_PATH/${NAME}.conf
+ echo >>$CCFG_PATH/${NAME}.conf
+ echo '<key>' >>$CCFG_PATH/${NAME}.conf
+ cat $PKI_PATH/private/${NAME}.key >>$CCFG_PATH/${NAME}.conf
+ echo '</key>' >>$CCFG_PATH/${NAME}.conf
+ echo >>$CCFG_PATH/${NAME}.conf
+ echo '<tls-auth>' >>$CCFG_PATH/${NAME}.conf
+ cat $PKI_PATH/ta.key >>$CCFG_PATH/${NAME}.conf
+ echo '</tls-auth>' >>$CCFG_PATH/${NAME}.conf
+fi
--- /dev/null
+#!/bin/sh
+
+
+cat UIDS.txt | while read LINE
+do
+ NAME=$(echo $LINE | awk '{print $1}')
+ ./30_create_client.sh $NAME
+done
--- /dev/null
+#!/bin/sh
+
+
+REAL_PATH=$(dirname $(realpath $0))
+
+echo rm -Rf $REAL_PATH
--- /dev/null
+# Regular users
+acsiba
+akosztolanyi
+azsamboki
+bcsoka
+csgulyas
+dvasary
+fritter
+fschnell
+khorvath
+kkele
+mszabo
+rrendek
+zbak
+zbartakovics
+zfelleg
+
+# zfelleg's home network
+qqcs
--- /dev/null
+login name -> uid: 10000+last 3 digits of md5sum(login name)
+ in case of collision: shift the 3 digits
--- /dev/null
+# Enable IPv4 packet forwarding
+net.ipv4.ip_forward = 1
--- /dev/null
+net.ipv6.conf.all.disable_ipv6 = 1
+net.ipv6.conf.svc.disable_ipv6 = 1
https://git.useribm.hu / user-lxc.git / commitdiff