From: Zoltán Felleg Date: Tue, 7 Apr 2020 13:31:58 +0000 (+0200) Subject: Updated vpn.usr (added easy-rsa directory). X-Git-Url: http://git.useribm.hu/?a=commitdiff_plain;h=128a7cd8f0dfe4701843b489e3d7fc6dba7afdb0;p=user-lxc.git Updated vpn.usr (added easy-rsa directory). --- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/easyrsa b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/easyrsa new file mode 100755 index 0000000..aa3c59c --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/easyrsa @@ -0,0 +1,1714 @@ +#!/usr/bin/sh + +# Easy-RSA 3 -- A Shell-based CA Utility +# +# Copyright (C) 2018 by the Open-Source OpenVPN development community. +# A full list of contributors can be found in the ChangeLog. +# +# This code released under version 2 of the GNU GPL; see COPYING and the +# Licensing/ directory of this project for full licensing details. + +# Help/usage output to stdout +usage() { + # command help: + print " +Easy-RSA 3 usage and overview + +USAGE: easyrsa [options] COMMAND [command-options] + +A list of commands is shown below. To get detailed usage and help for a +command, run: + ./easyrsa help COMMAND + +For a listing of options that can be supplied before the command, use: + ./easyrsa help options + +Here is the list of commands available with a short syntax reminder. Use the +'help' command above to get full usage details. + + init-pki + build-ca [ cmd-opts ] + gen-dh + gen-req [ cmd-opts ] + sign-req + build-client-full [ cmd-opts ] + build-server-full [ cmd-opts ] + revoke [cmd-opts] + renew [cmd-opts] + build-serverClient-full [ cmd-opts ] + gen-crl + update-db + show-req [ cmd-opts ] + show-cert [ cmd-opts ] + show-ca [ cmd-opts ] + import-req + export-p7 [ cmd-opts ] + export-p12 [ cmd-opts ] + set-rsa-pass [ cmd-opts ] + set-ec-pass [ cmd-opts ] +" + + # collect/show dir status: + err_source="Not defined: vars autodetect failed and no value provided" + work_dir="${EASYRSA:-$err_source}" + pki_dir="${EASYRSA_PKI:-$err_source}" + print "\ +DIRECTORY STATUS (commands would take effect on these locations) + EASYRSA: $work_dir + PKI: $pki_dir +" +} # => usage() + +# Detailed command help +# When called with no args, calls usage(), otherwise shows help for a command +cmd_help() { + text="" + opts="" + case "$1" in + init-pki|clean-all) text=" + init-pki [ cmd-opts ] + Removes & re-initializes the PKI dir for a clean PKI" ;; + build-ca) text=" + build-ca [ cmd-opts ] + Creates a new CA" + opts=" + nopass - do not encrypt the CA key (default is encrypted) + subca - create a sub-CA keypair and request (default is a root CA)" ;; + gen-dh) text=" + gen-dh + Generates DH (Diffie-Hellman) parameters" ;; + gen-req) text=" + gen-req [ cmd-opts ] + Generate a standalone keypair and request (CSR) + + This request is suitable for sending to a remote CA for signing." + opts=" + nopass - do not encrypt the private key (default is encrypted)" ;; + sign|sign-req) text=" + sign-req + Sign a certificate request of the defined type. must be a known + type such as 'client', 'server', 'serverClient', or 'ca' (or a user-added type.) + + This request file must exist in the reqs/ dir and have a .req file + extension. See import-req below for importing reqs from other sources." ;; + build|build-client-full|build-server-full|build-serverClient-full) text=" + build-client-full [ cmd-opts ] + build-server-full [ cmd-opts ] + build-serverClient-full [ cmd-opts ] + Generate a keypair and sign locally for a client and/or server + + This mode uses the as the X509 CN." + opts=" + nopass - do not encrypt the private key (default is encrypted)" ;; + revoke) text=" + revoke [reason] + Revoke a certificate specified by the filename_base, with an optional + revocation reason that is one of: + unspecified + keyCompromise + CACompromise + affiliationChanged + superseded + cessationOfOperation + certificateHold";; + renew) text=" + renew [ cmd-opts ] + Renew a certificate specified by the filename_base" + opts=" + nopass - do not encrypt the private key (default is encrypted)" ;; + gen-crl) text=" + gen-crl + Generate a CRL" ;; + update-db) text=" + update-db + Update the index.txt database + + This command will use the system time to update the status of issued + certificates." ;; + show-req|show-cert) text=" + show-req [ cmd-opts ] + show-cert [ cmd-opts ] + Shows details of the req or cert referenced by filename_base + + Human-readable output is shown, including any requested cert options when + showing a request." + opts=" + full - show full req/cert info, including pubkey/sig data" ;; + show-ca) text=" + show-ca [ cmd-opts ] + Shows details of the CA cert + + Human-readable output is shown." + opts=" + full - show full cert info, including pubkey/sig data" ;; + import-req) text=" + import-req + Import a certificate request from a file + + This will copy the specified file into the reqs/ dir in + preparation for signing. + The is the filename base to create. + + Example usage: + import-req /some/where/bob_request.req bob" ;; + export-p12) text=" + export-p12 [ cmd-opts ] + Export a PKCS#12 file with the keypair specified by " + opts=" + noca - do not include the ca.crt file in the PKCS12 output + nokey - do not include the private key in the PKCS12 output" ;; + export-p7) text=" + export-p7 [ cmd-opts ] + Export a PKCS#7 file with the pubkey specified by " + opts=" + noca - do not include the ca.crt file in the PKCS7 output" ;; + set-rsa-pass|set-ec-pass) text=" + set-rsa-pass [ cmd-opts ] + set-ec-pass [ cmd-opts ] + Set a new passphrase on an RSA or EC key for the listed ." + opts=" + nopass - use no password and leave the key unencrypted + file - (advanced) treat the file as a raw path, not a short-name" ;; + altname|subjectaltname|san) text=" + --subject-alt-name=SAN_FORMAT_STRING + This global option adds a subjectAltName to the request or issued + certificate. It MUST be in a valid format accepted by openssl or + req/cert generation will fail. Note that including multiple such names + requires them to be comma-separated; further invocations of this + option will REPLACE the value. + + Examples of the SAN_FORMAT_STRING shown below: + DNS:alternate.example.net + DNS:primary.example.net,DNS:alternate.example.net + IP:203.0.113.29 + email:alternate@example.net" ;; + options) + opt_usage ;; + "") + usage ;; + *) text=" + Unknown command: '$1' (try without commands for a list of commands)" ;; + esac + + # display the help text + print "$text" + [ -n "$opts" ] && print " + cmd-opts is an optional set of command options from this list: +$opts" +} # => cmd_help() + +# Options usage +opt_usage() { + print " +Easy-RSA Global Option Flags + +The following options may be provided before the command. Options specified +at runtime override env-vars and any 'vars' file in use. Unless noted, +non-empty values to options are mandatory. + +General options: + +--batch : set automatic (no-prompts when possible) mode +--pki-dir=DIR : declares the PKI directory +--vars=FILE : define a specific 'vars' file to use for Easy-RSA config + +Certificate & Request options: (these impact cert/req field values) + +--days=# : sets the signing validity to the specified number of days +--digest=ALG : digest to use in the requests & certificates +--dn-mode=MODE : DN mode to use (cn_only or org) +--keysize=# : size in bits of keypair to generate +--req-cn=NAME : default CN to use +--subca-len=# : path length of signed sub-CA certs; must be >= 0 if used +--subject-alt-name : Add a subjectAltName. For more info and syntax, see: + ./easyrsa help altname +--use-algo=ALG : crypto alg to use: choose rsa (default) or ec +--curve=NAME : for elliptic curve, sets the named curve to use +--copy-ext : Copy included request X509 extensions (namely subjAltName + +Organizational DN options: (only used with the 'org' DN mode) + (values may be blank for org DN options) + +--req-c=CC : country code (2-letters) +--req-st=NAME : State/Province +--req-city=NAME : City/Locality +--req-org=NAME : Organization +--req-email=NAME : Email addresses +--req-ou=NAME : Organizational Unit + +Deprecated features: + +--ns-cert=YESNO : yes or no to including deprecated NS extensions +--ns-comment=COMMENT : NS comment to include (value may be blank) +" +} # => opt_usage() + +# Wrapper around printf - clobber print since it's not POSIX anyway +# shellcheck disable=SC1117 +print() { printf "%s\n" "$*"; } + +# Exit fatally with a message to stderr +# present even with EASYRSA_BATCH as these are fatal problems +die() { + print " +Easy-RSA error: + +$1" 1>&2 + clean_temp; + prog_exit "${2:-1}" +} # => die() + +# non-fatal warning output +warn() { + [ ! "$EASYRSA_BATCH" ] && \ + print " +$1" 1>&2 +} # => warn() + +# informational notices to stdout +notice() { + [ ! "$EASYRSA_BATCH" ] && \ + print " +$1" +} # => notice() + +# yes/no case-insensitive match (operates on stdin pipe) +# Returns 0 when input contains yes, 1 for no, 2 for no match +# If both strings are present, returns 1; first matching line returns. +awk_yesno() { + #shellcheck disable=SC2016 + awkscript=' +BEGIN {IGNORECASE=1; r=2} +{ if(match($0,"no")) {r=1; exit} + if(match($0,"yes")) {r=0; exit} +} END {exit r}' + awk "$awkscript" +} # => awk_yesno() + +# intent confirmation helper func +# returns without prompting in EASYRSA_BATCH +confirm() { + [ "$EASYRSA_BATCH" ] && return + prompt="$1" + value="$2" + msg="$3" + input="" + print " +$msg + +Type the word '$value' to continue, or any other input to abort." + printf %s " $prompt" + #shellcheck disable=SC2162 + read input + [ "$input" = "$value" ] && return + notice "Aborting without confirmation." + exit 9 +} # => confirm() + +# remove temp files +clean_temp() { + for f in "$EASYRSA_TEMP_CONF" "$EASYRSA_TEMP_EXT" \ + "$EASYRSA_TEMP_FILE_2" "$EASYRSA_TEMP_FILE_3" "$EASYRSA_TEMP_FILE_4" + do [ -f "$f" ] && rm "$f" 2>/dev/null + done +} # => clean_temp() + +prog_exit() { + ESTAT=0 + [ -n "$1" ] && ESTAT=$1 + (stty echo 2>/dev/null) || set -o echo + echo "" # just to get a clean line + exit "$ESTAT" +} # => prog_exit() + +# Make LibreSSL safe config file from OpenSSL config file +make_ssl_config() { +sed \ + -e "s\`ENV::EASYRSA\`EASYRSA\`g" \ + -e "s\`\$dir\`$EASYRSA_PKI\`g" \ + -e "s\`\$EASYRSA_PKI\`$EASYRSA_PKI\`g" \ + -e "s\`\$EASYRSA_CERT_EXPIRE\`$EASYRSA_CERT_EXPIRE\`g" \ + -e "s\`\$EASYRSA_CRL_DAYS\`$EASYRSA_CRL_DAYS\`g" \ + -e "s\`\$EASYRSA_DIGEST\`$EASYRSA_DIGEST\`g" \ + -e "s\`\$EASYRSA_KEY_SIZE\`$EASYRSA_KEY_SIZE\`g" \ + -e "s\`\$EASYRSA_DIGEST\`$EASYRSA_DIGEST\`g" \ + -e "s\`\$EASYRSA_DN\`$EASYRSA_DN\`g" \ + -e "s\`\$EASYRSA_REQ_COUNTRY\`$EASYRSA_REQ_COUNTRY\`g" \ + -e "s\`\$EASYRSA_REQ_PROVINCE\`$EASYRSA_REQ_PROVINCE\`g" \ + -e "s\`\$EASYRSA_REQ_CITY\`$EASYRSA_REQ_CITY\`g" \ + -e "s\`\$EASYRSA_REQ_ORG\`$EASYRSA_REQ_ORG\`g" \ + -e "s\`\$EASYRSA_REQ_OU\`$EASYRSA_REQ_OU\`g" \ + -e "s\`\$EASYRSA_REQ_CN\`$EASYRSA_REQ_CN\`g" \ + -e "s\`\$EASYRSA_REQ_EMAIL\`$EASYRSA_REQ_EMAIL\`g" \ + "$EASYRSA_SSL_CONF" > "$EASYRSA_SAFE_CONF" || die "\ +Failed to update $EASYRSA_SAFE_CONF" +} # => make_ssl_config() + +vars_source_check() { + # Check for defined EASYRSA_PKI + [ -n "$EASYRSA_PKI" ] || die "\ +EASYRSA_PKI env-var undefined" +} # => vars_source_check() + +# Verify supplied curve exists and generate curve file if needed +verify_curve() { + if ! "$EASYRSA_OPENSSL" ecparam -name "$EASYRSA_CURVE" > /dev/null; then + die "\ +Curve $EASYRSA_CURVE not found. Run openssl ecparam -list_curves to show a +list of supported curves." + fi + + # Check that the ecparams dir exists + [ -d "$EASYRSA_EC_DIR" ] || mkdir "$EASYRSA_EC_DIR" || die "\ +Failed creating ecparams dir (permissions?) at: +$EASYRSA_EC_DIR" + + # Check that the required ecparams file exists + out="$EASYRSA_EC_DIR/${EASYRSA_CURVE}.pem" + [ -f "$out" ] && return 0 + "$EASYRSA_OPENSSL" ecparam -name "$EASYRSA_CURVE" -out "$out" || die "\ +Failed to generate ecparam file (permissions?) when writing to: +$out" + + # Explicitly return success for caller + return 0 +} + +verify_ssl_lib () { + # make safessl-easyrsa.cnf + make_ssl_config + + # Verify EASYRSA_OPENSSL command gives expected output + if [ -z "$EASYRSA_SSL_OK" ]; then + val="$("$EASYRSA_OPENSSL" version)" + case "${val%% *}" in + OpenSSL|LibreSSL) + notice "\ +Using SSL: $EASYRSA_OPENSSL $("$EASYRSA_OPENSSL" version)" ;; + *) die "\ +Missing or invalid OpenSSL +Expected to find openssl command at: $EASYRSA_OPENSSL" ;; + esac + fi + EASYRSA_SSL_OK=1 + + # Verify EASYRSA_SSL_CONF file exists + [ -f "$EASYRSA_SSL_CONF" ] || die "\ +The OpenSSL config file cannot be found. +Expected location: $EASYRSA_SSL_CONF" +} # => verify_ssl_lib () + +# Basic sanity-check of PKI init and complain if missing +verify_pki_init() { + help_note="Run easyrsa without commands for usage and command help." + + # check that the pki dir exists + vars_source_check + [ -d "$EASYRSA_PKI" ] || die "\ +EASYRSA_PKI does not exist (perhaps you need to run init-pki)? +Expected to find the EASYRSA_PKI at: $EASYRSA_PKI +$help_note" + + # verify expected dirs present: + for i in private reqs; do + [ -d "$EASYRSA_PKI/$i" ] || die "\ +Missing expected directory: $i (perhaps you need to run init-pki?) +$help_note" + done + + # verify ssl lib + verify_ssl_lib +} # => verify_pki_init() + +# Verify core CA files present +verify_ca_init() { + help_note="Run without commands for usage and command help." + + # First check the PKI has been initialized + verify_pki_init + + # verify expected files present: + for i in serial index.txt ca.crt private/ca.key; do + if [ ! -f "$EASYRSA_PKI/$i" ]; then + [ "$1" = "test" ] && return 1 + die "\ +Missing expected CA file: $i (perhaps you need to run build-ca?) +$help_note" + fi + done + + # When operating in 'test' mode, return success. + # test callers don't care about CA-specific dir structure + [ "$1" = "test" ] && return 0 + + # verify expected CA-specific dirs: + for i in issued certs_by_serial \ + revoked/certs_by_serial revoked/private_by_serial revoked/reqs_by_serial \ + renewed/certs_by_serial renewed/private_by_serial renewed/reqs_by_serial ; + do + [ -d "$EASYRSA_PKI/$i" ] || die "\ +Missing expected CA dir: $i (perhaps you need to run build-ca?) +$help_note" + done + + # explicitly return success for callers + return 0 + +} # => verify_ca_init() + +# init-pki backend: +init_pki() { + + # If EASYRSA_PKI exists, confirm before we rm -rf (skiped with EASYRSA_BATCH) + if [ -e "$EASYRSA_PKI" ]; then + confirm "Confirm removal: " "yes" " +WARNING!!! + +You are about to remove the EASYRSA_PKI at: $EASYRSA_PKI +and initialize a fresh PKI here." + # now remove it: + rm -rf "$EASYRSA_PKI" || die "Removal of PKI dir failed. Check/correct errors above" + fi + + # new dirs: + for i in private reqs; do + mkdir -p "$EASYRSA_PKI/$i" || die "Failed to create PKI file structure (permissions?)" + done + + if [ ! -f "$EASYRSA_SSL_CONF" ] && [ -f "$EASYRSA/openssl-easyrsa.cnf" ]; + then + cp "$EASYRSA/openssl-easyrsa.cnf" "$EASYRSA_SSL_CONF" + fi + + notice "\ +init-pki complete; you may now create a CA or requests. +Your newly created PKI dir is: $EASYRSA_PKI +" + return 0 +} # => init_pki() + +hide_read_pass() +{ + (stty -echo 2>/dev/null) || set +o echo + read -r "$@" + (stty echo 2>/dev/null) || set -o echo +} # => hide_read_pass() + +# build-ca backend: +build_ca() { + opts="" + sub_ca="" + nopass="" + crypto="-aes256" + crypto_opts="" + while [ -n "$1" ]; do + case "$1" in + subca) sub_ca=1 ;; + nopass) nopass=1 ;; + *) warn "Ignoring unknown command option: '$1'" ;; + esac + shift + done + + verify_pki_init + [ "$EASYRSA_ALGO" = "ec" ] && verify_curve + + # setup for the simpler sub-CA situation and overwrite with root-CA if needed: + out_file="$EASYRSA_PKI/reqs/ca.req" + out_key="$EASYRSA_PKI/private/ca.key" + if [ ! $sub_ca ]; then + out_file="$EASYRSA_PKI/ca.crt" + opts="$opts -x509 -days $EASYRSA_CA_EXPIRE " + fi + + # Test for existing CA, and complain if already present + if verify_ca_init test; then + die "\ +Unable to create a CA as you already seem to have one set up. +If you intended to start a new CA, run init-pki first." + fi + # If a private key exists here, a sub-ca was created but not signed. + # Notify the user and require a signed ca.crt or a init-pki: + [ -f "$out_key" ] && \ + die "\ +A CA private key exists but no ca.crt is found in your PKI dir of: +$EASYRSA_PKI +Refusing to create a new CA keypair as this operation would overwrite your +current CA keypair. If you intended to start a new CA, run init-pki first." + + # create necessary files and dirs: + err_file="Unable to create necessary PKI files (permissions?)" + for i in issued certs_by_serial \ + revoked/certs_by_serial revoked/private_by_serial revoked/reqs_by_serial \ + renewed/certs_by_serial renewed/private_by_serial renewed/reqs_by_serial; + do + mkdir -p "$EASYRSA_PKI/$i" || die "$err_file" + done + printf "" > "$EASYRSA_PKI/index.txt" || die "$err_file" + print "01" > "$EASYRSA_PKI/serial" || die "$err_file" + + # Default CN only when not in global EASYRSA_BATCH mode: + # shellcheck disable=SC2015 + [ "$EASYRSA_BATCH" ] && opts="$opts -batch" || export EASYRSA_REQ_CN="Easy-RSA CA" + + out_key_tmp="$(mktemp "$out_key.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_2="$out_key_tmp" + out_file_tmp="$(mktemp "$out_file.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_3="$out_file_tmp" + # Get password from user if necessary + if [ ! $nopass ]; then + out_key_pass_tmp="$(mktemp)"; EASYRSA_TEMP_FILE_4="$out_key_pass_tmp" + echo + printf "Enter New CA Key Passphrase: " + hide_read_pass kpass + echo + printf "Re-Enter New CA Key Passphrase: " + hide_read_pass kpass2 + echo + # shellcheck disable=2154 + if [ "$kpass" = "$kpass2" ]; + then + printf "%s" "$kpass" > "$out_key_pass_tmp" + else + die "Passphrases do not match." + fi + fi + + # create the CA key using AES256 + [ ! $nopass ] && crypto_opts="$crypto -passout file:$out_key_pass_tmp" + if [ "$EASYRSA_ALGO" = "rsa" ]; then + #shellcheck disable=SC2086 + "$EASYRSA_OPENSSL" genrsa -out "$out_key_tmp" $crypto_opts "$EASYRSA_ALGO_PARAMS" + elif [ "$EASYRSA_ALGO" = "ec" ]; then + #shellcheck disable=SC2086 + "$EASYRSA_OPENSSL" ecparam -in "$EASYRSA_ALGO_PARAMS" -genkey | \ + "$EASYRSA_OPENSSL" ec -out "$out_key_tmp" $crypto_opts + fi + + # make safessl-easyrsa.cnf + make_ssl_config + + # create the CA keypair: + [ ! $nopass ] && crypto_opts="-passin file:$out_key_pass_tmp" + #shellcheck disable=SC2086 + "$EASYRSA_OPENSSL" req -utf8 -new -key "$out_key_tmp" \ + -config "$EASYRSA_SAFE_CONF" -keyout "$out_key_tmp" -out "$out_file_tmp" $crypto_opts $opts || \ + die "Failed to build the CA" + + mv "$out_key_tmp" "$out_key"; EASYRSA_TEMP_FILE_2= + mv "$out_file_tmp" "$out_file"; EASYRSA_TEMP_FILE_3= + [ -f "$out_key_pass_tmp" ] && rm "$out_key_pass_tmp" && EASYRSA_TEMP_FILE_4= + + # Success messages + if [ $sub_ca ]; then + notice "\ +NOTE: Your sub-CA request is at $out_file +and now must be sent to your parent CA for signing. Place your resulting cert +at $EASYRSA_PKI/ca.crt prior to signing operations. +" + else notice "\ +CA creation complete and you may now import and sign cert requests. +Your new CA certificate file for publishing is at: +$out_file +" + fi + return 0 +} # => build_ca() + +# gen-dh backend: +gen_dh() { + verify_pki_init + + out_file="$EASYRSA_PKI/dh.pem" + "$EASYRSA_OPENSSL" dhparam -out "$out_file" "$EASYRSA_KEY_SIZE" || \ + die "Failed to build DH params" + notice "\ +DH parameters of size $EASYRSA_KEY_SIZE created at $out_file +" + return 0 +} # => gen_dh() + +# gen-req backend: +gen_req() { + # pull filename base and use as default interactive CommonName: + [ -n "$1" ] || die "\ +Error: gen-req must have a file base as the first argument. +Run easyrsa without commands for usage and commands." + key_out="$EASYRSA_PKI/private/$1.key" + req_out="$EASYRSA_PKI/reqs/$1.req" + [ ! "$EASYRSA_BATCH" ] && EASYRSA_REQ_CN="$1" + shift + + # function opts support + opts= + while [ -n "$1" ]; do + case "$1" in + nopass) opts="$opts -nodes" ;; + # batch flag supports internal callers needing silent operation + batch) EASYRSA_BATCH=1 ;; + *) warn "Ignoring unknown command option: '$1'" ;; + esac + shift + done + + verify_pki_init + [ "$EASYRSA_ALGO" = "ec" ] && verify_curve + + # don't wipe out an existing private key without confirmation + [ -f "$key_out" ] && confirm "Confirm key overwrite: " "yes" "\ + +WARNING!!! + +An existing private key was found at $key_out +Continuing with key generation will replace this key." + + # When EASYRSA_EXTRA_EXTS is defined, append it to openssl's [req] section: + if [ -n "$EASYRSA_EXTRA_EXTS" ]; then + # Setup & insert the extra ext data keyed by a magic line + extra_exts=" +req_extensions = req_extra +[ req_extra ] +$EASYRSA_EXTRA_EXTS" + #shellcheck disable=SC2016 + awkscript=' +{if ( match($0, "^#%EXTRA_EXTS%") ) + { while ( getline<"/dev/stdin" ) {print} next } + {print} +}' + print "$extra_exts" | \ + awk "$awkscript" "$EASYRSA_SSL_CONF" \ + > "$EASYRSA_TEMP_CONF" \ + || die "Copying SSL config to temp file failed" + # Use this new SSL config for the rest of this function + EASYRSA_SSL_CONF="$EASYRSA_TEMP_CONF" + fi + + # make safessl-easyrsa.cnf + make_ssl_config + + key_out_tmp="$(mktemp "$key_out.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_2="$key_out_tmp" + req_out_tmp="$(mktemp "$req_out.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_3="$req_out_tmp" + # generate request + [ $EASYRSA_BATCH ] && opts="$opts -batch" + # shellcheck disable=2086,2148 + "$EASYRSA_OPENSSL" req -utf8 -new -newkey "$EASYRSA_ALGO":"$EASYRSA_ALGO_PARAMS" \ + -config "$EASYRSA_SAFE_CONF" -keyout "$key_out_tmp" -out "$req_out_tmp" $opts \ + || die "Failed to generate request" + mv "$key_out_tmp" "$key_out"; EASYRSA_TEMP_FILE_2= + mv "$req_out_tmp" "$req_out"; EASYRSA_TEMP_FILE_3= + notice "\ +Keypair and certificate request completed. Your files are: +req: $req_out +key: $key_out +" + return 0 +} # => gen_req() + +# common signing backend +sign_req() { + crt_type="$1" + opts="" + req_in="$EASYRSA_PKI/reqs/$2.req" + crt_out="$EASYRSA_PKI/issued/$2.crt" + + # Randomize Serial number + i="" + serial="" + check_serial="" + for i in 1 2 3 4 5; do + "$EASYRSA_OPENSSL" rand -hex -out "$EASYRSA_PKI/serial" 16 + serial="$(cat "$EASYRSA_PKI/serial")" + check_serial="$("$EASYRSA_OPENSSL" ca -config "$EASYRSA_SSL_CONF" -status "$serial" 2>&1)" + case "$check_serial" in + *"not present in db"*) break ;; + *) continue ;; + esac + done + + # Support batch by internal caller: + [ "$3" = "batch" ] && EASYRSA_BATCH=1 + + verify_ca_init + + # Check argument sanity: + [ -n "$2" ] || die "\ +Incorrect number of arguments provided to sign-req: +expected 2, got $# (see command help for usage)" + + # Cert type must exist under the EASYRSA_EXT_DIR + [ -r "$EASYRSA_EXT_DIR/$crt_type" ] || die "\ +Unknown cert type '$crt_type'" + + # Request file must exist + [ -f "$req_in" ] || die "\ +No request found for the input: '$2' +Expected to find the request at: $req_in" + + # Confirm input is a cert req + verify_file req "$req_in" || die "\ +The certificate request file is not in a valid X509 request format. +Offending file: $req_in" + + # Display the request subject in an easy-to-read format + # Confirm the user wishes to sign this request + confirm "Confirm request details: " "yes" " +You are about to sign the following certificate. +Please check over the details shown below for accuracy. Note that this request +has not been cryptographically verified. Please be sure it came from a trusted +source or that you have verified the request checksum with the sender. + +Request subject, to be signed as a $crt_type certificate for $EASYRSA_CERT_EXPIRE days: + +$(display_dn req "$req_in") +" # => confirm end + + # Generate the extensions file for this cert: + { + # Append first any COMMON file (if present) then the cert-type extensions + cat "$EASYRSA_EXT_DIR/COMMON" + cat "$EASYRSA_EXT_DIR/$crt_type" + # copy req extensions + [ "$EASYRSA_CP_EXT" ] && print "copy_extensions = copy" + + # Support a dynamic CA path length when present: + [ "$crt_type" = "ca" ] && [ -n "$EASYRSA_SUBCA_LEN" ] && \ + print "basicConstraints = CA:TRUE, pathlen:$EASYRSA_SUBCA_LEN" + + # Deprecated Netscape extension support, if enabled + if print "$EASYRSA_NS_SUPPORT" | awk_yesno; then + [ -n "$EASYRSA_NS_COMMENT" ] && \ + print "nsComment = \"$EASYRSA_NS_COMMENT\"" + case "$crt_type" in + serverClient) print "nsCertType = serverClient" ;; + server) print "nsCertType = server" ;; + client) print "nsCertType = client" ;; + ca) print "nsCertType = sslCA" ;; + esac + fi + + # If type is server and no subjectAltName was requested, + # add one to the extensions file + if [ "$crt_type" = 'server' ]; + then + echo "$EASYRSA_EXTRA_EXTS" | + grep -q subjectAltName || + default_server_san "$req_in" + fi + + # Add any advanced extensions supplied by env-var: + [ -n "$EASYRSA_EXTRA_EXTS" ] && print "$EASYRSA_EXTRA_EXTS" + + : # needed to keep die from inherting the above test + } > "$EASYRSA_TEMP_EXT" || die "\ +Failed to create temp extension file (bad permissions?) at: +$EASYRSA_TEMP_EXT" + + # make safessl-easyrsa.cnf + make_ssl_config + + # sign request + # shellcheck disable=SC2086 + crt_out_tmp="$(mktemp "$crt_out.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_2="$crt_out_tmp" + "$EASYRSA_OPENSSL" ca -utf8 -in "$req_in" -out "$crt_out_tmp" -config "$EASYRSA_SAFE_CONF" \ + -extfile "$EASYRSA_TEMP_EXT" -days "$EASYRSA_CERT_EXPIRE" -batch $opts \ + || die "signing failed (openssl output above may have more detail)" + mv "$crt_out_tmp" "$crt_out"; EASYRSA_TEMP_FILE_2= + notice "\ +Certificate created at: $crt_out +" + return 0 +} # => sign_req() + +# common build backend +# used to generate+sign in 1 step +build_full() { + verify_ca_init + + # pull filename base: + [ -n "$2" ] || die "\ +Error: didn't find a file base name as the first argument. +Run easyrsa without commands for usage and commands." + crt_type="$1" name="$2" + req_out="$EASYRSA_PKI/reqs/$2.req" + key_out="$EASYRSA_PKI/private/$2.key" + crt_out="$EASYRSA_PKI/issued/$2.crt" + shift 2 + + # function opts support + req_opts= + while [ -n "$1" ]; do + case "$1" in + nopass) req_opts="$req_opts nopass" ;; + *) warn "Ignoring unknown command option: '$1'" ;; + esac + shift + done + + # abort on existing req/key/crt files + err_exists="\ +file already exists. Aborting build to avoid overwriting this file. +If you wish to continue, please use a different name or remove the file. +Matching file found at: " + [ -f "$req_out" ] && die "Request $err_exists $req_out" + [ -f "$key_out" ] && die "Key $err_exists $key_out" + [ -f "$crt_out" ] && die "Certificate $err_exists $crt_out" + + # create request + EASYRSA_REQ_CN="$name" + #shellcheck disable=SC2086 + gen_req "$name" batch $req_opts + + # Sign it + sign_req "$crt_type" "$name" batch + +} # => build_full() + +# revoke backend +revoke() { + verify_ca_init + + # pull filename base: + [ -n "$1" ] || die "\ +Error: didn't find a file base name as the first argument. +Run easyrsa without commands for usage and command help." + crt_in="$EASYRSA_PKI/issued/$1.crt" + + opts="" + if [ "$2" ]; then + opts="$opts -crl_reason $2" + fi + + verify_file x509 "$crt_in" || die "\ +Unable to revoke as the input file is not a valid certificate. Unexpected +input in file: $crt_in" + + # confirm operation by displaying DN: + confirm "Continue with revocation: " "yes" " +Please confirm you wish to revoke the certificate with the following subject: + +$(display_dn x509 "$crt_in") +" # => confirm end + + # referenced cert must exist: + [ -f "$crt_in" ] || die "\ +Unable to revoke as no certificate was found. Certificate was expected +at: $crt_in" + + # make safessl-easyrsa.cnf + make_ssl_config + + # shellcheck disable=SC2086 + "$EASYRSA_OPENSSL" ca -utf8 -revoke "$crt_in" -config "$EASYRSA_SAFE_CONF" $opts || die "\ +Failed to revoke certificate: revocation command failed." + + # move revoked files so we can reissue certificates with the same name + move_revoked "$1" + + notice "\ +IMPORTANT!!! + +Revocation was successful. You must run gen-crl and upload a CRL to your +infrastructure in order to prevent the revoked cert from being accepted. +" # => notice end + return 0 +} #= revoke() + +# move-revoked +# moves revoked certificates to an alternative folder +# allows reissuing certificates with the same name +move_revoked() { + verify_ca_init + + [ -n "$1" ] || die "\ +Error: didn't find a file base name as the first argument. +Run easyrsa without commands for usage and command help." + + crt_in="$EASYRSA_PKI/issued/$1.crt" + key_in="$EASYRSA_PKI/private/$1.key" + req_in="$EASYRSA_PKI/reqs/$1.req" + + verify_file x509 "$crt_in" || die "\ +Unable to move revoked input file. The file is not a valid certificate. Unexpected +input in file: $crt_in" + + verify_file req "$req_in" || die "\ +Unable to move request. The file is not a valid request. Unexpected +input in file: $req_in" + + # get the serial number of the certificate -> serial=XXXX + cert_serial="$("$EASYRSA_OPENSSL" x509 -in "$crt_in" -noout -serial)" + # remove the serial= part -> we only need the XXXX part + cert_serial=${cert_serial##*=} + + crt_by_serial="$EASYRSA_PKI/certs_by_serial/$cert_serial.pem" + crt_by_serial_revoked="$EASYRSA_PKI/revoked/certs_by_serial/$cert_serial.crt" + key_by_serial_revoked="$EASYRSA_PKI/revoked/private_by_serial/$cert_serial.key" + req_by_serial_revoked="$EASYRSA_PKI/revoked/reqs_by_serial/$cert_serial.req" + + + # move crt, key and req file to revoked folders + mv "$crt_in" "$crt_by_serial_revoked" + mv "$req_in" "$req_by_serial_revoked" + + # only move the key if we have it + if [ -e "$key_in" ] + then + mv "$key_in" "$key_by_serial_revoked" + fi + + # move the rest of the files (p12, p7, ...) + # shellcheck disable=SC2231 + for file in $EASYRSA_PKI/private/$1\.??? + do + # get file extension + file_ext="${file##*.}" + + [ -f "$file" ] && mv "$file" "$EASYRSA_PKI/revoked/private_by_serial/$cert_serial.$file_ext" + done + + # remove the dublicate certificate in the certs_by_serial folder + rm "$crt_by_serial" + + return 0 + +} #= move_revoked() + +# renew backend +renew() { + verify_ca_init + + # pull filename base: + [ -n "$1" ] || die "\ +Error: didn't find a file base name as the first argument. +Run easyrsa without commands for usage and command help." + crt_in="$EASYRSA_PKI/issued/$1.crt" + + opts="" + if [ "$2" ]; then + opts="$2" + fi + + verify_file x509 "$crt_in" || die "\ +Unable to renew as the input file is not a valid certificate. Unexpected +input in file: $crt_in" + + # confirm operation by displaying DN: + confirm "Continue with renew: " "yes" " +Please confirm you wish to renew the certificate with the following subject: + +$(display_dn x509 "$crt_in") +" # => confirm end + + # referenced cert must exist: + [ -f "$crt_in" ] || die "\ +Unable to renew as no certificate was found. Certificate was expected +at: $crt_in" + + # make safessl-easyrsa.cnf + make_ssl_config + + # Check if old cert is expired or expires within 30 days + expire_date=$( + "$EASYRSA_OPENSSL" x509 -in "$crt_in" -noout -enddate | + sed 's/^notAfter=//' + ) + case $(uname) in + "Darwin"|*"BSD") + expire_date=$(date -j -f '%b %d %T %Y %Z' "$expire_date" +%s) + allow_renew_date=$(date -j -v"+${EASYRSA_CERT_RENEW}d" +%s) + ;; + *) + # This works on Windows, too, since uname doesn't exist and this is catch-all + expire_date=$(date -d "$expire_date" +%s) + allow_renew_date=$(date -d "+${EASYRSA_CERT_RENEW}day" +%s) + ;; + esac + + [ "$expire_date" -lt "$allow_renew_date" ] || die "\ +Certificate expires in more than $EASYRSA_CERT_RENEW days. +Renewal not allowed." + + # Extract certificate usage from old cert + cert_ext_key_usage=$( + "$EASYRSA_OPENSSL" x509 -in "$crt_in" -noout -text | + sed -n "/X509v3 Extended Key Usage:/{n;s/^ *//g;p;}" + ) + case $cert_ext_key_usage in + "TLS Web Client Authentication") + cert_type=client + ;; + "TLS Web Server Authentication") + cert_type=server + ;; + "TLS Web Server Authentication, TLS Web Client Authentication") + cert_type=serverClient + ;; + esac + + # Use SAN from --subject-alt-name if set else use SAN from old cert + echo "$EASYRSA_EXTRA_EXTS" | grep -q subjectAltName || \ + { + san=$( + "$EASYRSA_OPENSSL" x509 -in "$crt_in" -noout -text | + sed -n "/X509v3 Subject Alternative Name:/{n;s/ //g;p;}" + ) + [ -n "$san" ] && export EASYRSA_EXTRA_EXTS="\ +$EASYRSA_EXTRA_EXTS +subjectAltName = $san" + } + + # move renewed files so we can reissue certificate with the same name + # FIXME: Modify revoke() to also work on the renewed certs subdir + move_renewed "$1" + + # renew certificate + # shellcheck disable=SC2086 + build_full $cert_type $1 $opts || die "\ +Failed to renew certificate: renew command failed." + + notice "\ +IMPORTANT!!! + +Renew was successful. +You may want to revoke the old certificate once the new one has been deployed. +" # => notice end + return 0 +} #= renew() + +# move-renewed +# moves renewed certificates to an alternative folder +# allows reissuing certificates with the same name +move_renewed() { + verify_ca_init + + [ -n "$1" ] || die "\ +Error: didn't find a file base name as the first argument. +Run easyrsa without commands for usage and command help." + + crt_in="$EASYRSA_PKI/issued/$1.crt" + key_in="$EASYRSA_PKI/private/$1.key" + req_in="$EASYRSA_PKI/reqs/$1.req" + + verify_file x509 "$crt_in" || die "\ +Unable to move renewed input file. The file is not a valid certificate. Unexpected +input in file: $crt_in" + + verify_file req "$req_in" || die "\ +Unable to move request. The file is not a valid request. Unexpected +input in file: $req_in" + + # get the serial number of the certificate -> serial=XXXX + cert_serial="$("$EASYRSA_OPENSSL" x509 -in "$crt_in" -noout -serial)" + # remove the serial= part -> we only need the XXXX part + cert_serial=${cert_serial##*=} + + crt_by_serial="$EASYRSA_PKI/certs_by_serial/$cert_serial.pem" + crt_by_serial_renewed="$EASYRSA_PKI/renewed/certs_by_serial/$cert_serial.crt" + key_by_serial_renewed="$EASYRSA_PKI/renewed/private_by_serial/$cert_serial.key" + req_by_serial_renewed="$EASYRSA_PKI/renewed/reqs_by_serial/$cert_serial.req" + + + # move crt, key and req file to renewed folders + mv "$crt_in" "$crt_by_serial_renewed" + mv "$req_in" "$req_by_serial_renewed" + + # only move the key if we have it + if [ -e "$key_in" ] + then + mv "$key_in" "$key_by_serial_renewed" + fi + + # move the rest of the files (p12, p7, ...) + # shellcheck disable=SC2231 + for file in $EASYRSA_PKI/private/$1\.??? + do + # get file extension + file_ext="${file##*.}" + + [ -f "$file" ] && mv "$file" "$EASYRSA_PKI/renewed/private_by_serial/$cert_serial.$file_ext" + done + + # remove the duplicate certificate in the certs_by_serial folder + rm "$crt_by_serial" + + return 0 + +} #= move_renewed() + +# gen-crl backend +gen_crl() { + verify_ca_init + + # make safessl-easyrsa.cnf + make_ssl_config + + out_file="$EASYRSA_PKI/crl.pem" + out_file_tmp="$(mktemp "$out_file.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_2="$out_file_tmp" + "$EASYRSA_OPENSSL" ca -utf8 -gencrl -out "$out_file_tmp" -config "$EASYRSA_SAFE_CONF" || die "\ +CRL Generation failed. +" + mv "$out_file_tmp" "$out_file"; EASYRSA_TEMP_FILE_2= + + notice "\ +An updated CRL has been created. +CRL file: $out_file +" + return 0 +} # => gen_crl() + +# import-req backend +import_req() { + verify_pki_init + + # pull passed paths + in_req="$1" short_name="$2" + out_req="$EASYRSA_PKI/reqs/$2.req" + + [ -n "$short_name" ] || die "\ +Unable to import: incorrect command syntax. +Run easyrsa without commands for usage and command help." + + verify_file req "$in_req" || die "\ +The input file does not appear to be a certificate request. Aborting import. +Offending file: $in_req" + + # destination must not exist + [ -f "$out_req" ] && die "\ +Unable to import the request as the destination file already exists. +Please choose a different name for your imported request file. +Existing file at: $out_req" + + # now import it + cp "$in_req" "$out_req" + + notice "\ +The request has been successfully imported with a short name of: $short_name +You may now use this name to perform signing operations on this request. +" + return 0 +} # => import_req() + +# export pkcs#12 or pkcs#7 +export_pkcs() { + pkcs_type="$1" + shift + + [ -n "$1" ] || die "\ +Unable to export p12: incorrect command syntax. +Run easyrsa without commands for usage and command help." + + short_name="$1" + crt_in="$EASYRSA_PKI/issued/$1.crt" + key_in="$EASYRSA_PKI/private/$1.key" + crt_ca="$EASYRSA_PKI/ca.crt" + shift + + verify_pki_init + + # opts support + want_ca=1 + want_key=1 + while [ -n "$1" ]; do + case "$1" in + noca) want_ca="" ;; + nokey) want_key="" ;; + *) warn "Ignoring unknown command option: '$1'" ;; + esac + shift + done + + pkcs_opts= + if [ $want_ca ]; then + verify_file x509 "$crt_ca" || die "\ +Unable to include CA cert in the $pkcs_type output (missing file, or use noca option.) +Missing file expected at: $crt_ca" + pkcs_opts="$pkcs_opts -certfile $crt_ca" + fi + + # input files must exist + verify_file x509 "$crt_in" || die "\ +Unable to export $pkcs_type for short name '$short_name' without the certificate. +Missing cert expected at: $crt_in" + + case "$pkcs_type" in + p12) + pkcs_out="$EASYRSA_PKI/private/$short_name.p12" + + if [ $want_key ]; then + [ -f "$key_in" ] || die "\ +Unable to export p12 for short name '$short_name' without the key +(if you want a p12 without the private key, use nokey option.) +Missing key expected at: $key_in" + else + pkcs_opts="$pkcs_opts -nokeys" + fi + + # export the p12: + # shellcheck disable=SC2086 + "$EASYRSA_OPENSSL" pkcs12 -in "$crt_in" -inkey "$key_in" -export \ + -out "$pkcs_out" $pkcs_opts || die "\ +Export of p12 failed: see above for related openssl errors." + ;; + p7) + pkcs_out="$EASYRSA_PKI/issued/$short_name.p7b" + + # export the p7: + # shellcheck disable=SC2086 + "$EASYRSA_OPENSSL" crl2pkcs7 -nocrl -certfile "$crt_in" \ + -out "$pkcs_out" $pkcs_opts || die "\ +Export of p7 failed: see above for related openssl errors." + ;; +esac + + notice "\ +Successful export of $pkcs_type file. Your exported file is at the following +location: $pkcs_out +" + return 0 +} # => export_pkcs() + +# set-pass backend +set_pass() { + verify_pki_init + + # key type, supplied internally from frontend command call (rsa/ec) + key_type="$1" + + # values supplied by the user: + raw_file="$2" + file="$EASYRSA_PKI/private/$raw_file.key" + [ -n "$raw_file" ] || die "\ +Missing argument to 'set-$key_type-pass' command: no name/file supplied. +See help output for usage details." + + # parse command options + shift 2 + crypto="-aes256" + while [ -n "$1" ]; do + case "$1" in + nopass) crypto="" ;; + file) file="$raw_file" ;; + *) warn "Ignoring unknown command option: '$1'" ;; + esac + shift + done + + [ -f "$file" ] || die "\ +Missing private key: expected to find the private key component at: +$file" + + notice "\ +If the key is currently encrypted you must supply the decryption passphrase. +${crypto:+You will then enter a new PEM passphrase for this key.$NL}" + + EASYRSA_TEMP_FILE_2="$file.temp" + + "$EASYRSA_OPENSSL" "$key_type" -in "$file" -out "$EASYRSA_TEMP_FILE_2" $crypto || die "\ +Failed to change the private key passphrase. See above for possible openssl +error messages." + + mv "$EASYRSA_TEMP_FILE_2" "$file" || die "\ +Failed to change the private key passphrase. See above for error messages." + + notice "Key passphrase successfully changed" + +} # => set_pass() + +# update-db backend +update_db() { + verify_ca_init + + "$EASYRSA_OPENSSL" ca -utf8 -updatedb -config "$EASYRSA_SSL_CONF" || die "\ +Failed to perform update-db: see above for related openssl errors." + return 0 +} # => update_db() + +# display cert DN info on a req/X509, passed by full pathname +display_dn() { + format="$1" path="$2" + print "$("$EASYRSA_OPENSSL" "$format" -in "$path" -noout -subject -nameopt multiline)" +} # => display_dn() + +# generate default SAN from req/X509, passed by full pathname +default_server_san() { + path="$1" + cn=$( + "$EASYRSA_OPENSSL" req -in "$path" -noout -subject -nameopt sep_multiline | + awk -F'=' '/^ *CN=/{print $2}' + ) + echo "$cn" | grep -E -q '^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$' + #shellcheck disable=SC2181 + if [ $? -eq 0 ]; then + print "subjectAltName = IP:$cn" + else + print "subjectAltName = DNS:$cn" + fi +} # => default_server_san() + +# verify a file seems to be a valid req/X509 +verify_file() { + format="$1" + path="$2" + "$EASYRSA_OPENSSL" "$format" -in "$path" -noout 2>/dev/null || return 1 + return 0 +} # => verify_file() + +# show-* command backend +# Prints req/cert details in a readable format +show() { + type="$1" + name="$2" + in_file="" + format="" + [ -n "$name" ] || die "\ +Missing expected filename_base argument. +Run easyrsa without commands for usage help." + shift 2 + + # opts support + opts="-${type}opt no_pubkey,no_sigdump" + while [ -n "$1" ]; do + case "$1" in + full) + opts="" + ;; + *) + warn "Ignoring unknown command option: '$1'" + ;; + esac + shift + done + + # Determine cert/req type + if [ "$type" = "cert" ]; then + verify_ca_init + in_file="$EASYRSA_PKI/issued/${name}.crt" + format="x509" + else + verify_pki_init + in_file="$EASYRSA_PKI/reqs/${name}.req" + format="req" + fi + + # Verify file exists and is of the correct type + [ -f "$in_file" ] || die "\ +No such $type file with a basename of '$name' is present. +Expected to find this file at: +$in_file" + verify_file $format "$in_file" || die "\ +This file is not a valid $type file: +$in_file" + + notice "\ +Showing $type details for '$name'. +This file is stored at: +$in_file +" + "$EASYRSA_OPENSSL" $format -in "$in_file" -noout -text\ + -nameopt multiline $opts || die "\ +OpenSSL failure to process the input" +} # => show() + +# show-ca command backend +# Prints CA cert details in a readable format +show_ca() { + # opts support + opts="-certopt no_pubkey,no_sigdump" + while [ -n "$1" ]; do + case "$1" in + full) opts= ;; + *) warn "Ignoring unknown command option: '$1'" ;; + esac + shift + done + + verify_ca_init + in_file="$EASYRSA_PKI/ca.crt" + format="x509" + + # Verify file exists and is of the correct type + [ -f "$in_file" ] || die "\ +No such $type file with a basename of '$name' is present. +Expected to find this file at: +$in_file" + verify_file $format "$in_file" || die "\ +This file is not a valid $type file: +$in_file" + + notice "\ +Showing $type details for 'ca'. +This file is stored at: +$in_file +" + "$EASYRSA_OPENSSL" $format -in "$in_file" -noout -text\ + -nameopt multiline $opts || die "\ +OpenSSL failure to process the input" +} # => show_ca() + +# vars setup +# Here sourcing of 'vars' if present occurs. If not present, defaults are used +# to support running without a sourced config format +vars_setup() { + # Try to locate a 'vars' file in order of location preference. + # If one is found, source it + vars= + + # set up program path + prog_vars="${0%/*}/vars" + # set up PKI path + pki_vars="${EASYRSA_PKI:-$PWD/pki}/vars" + + # command-line path: + if [ -f "$EASYRSA_VARS_FILE" ]; then + vars="$EASYRSA_VARS_FILE" + # PKI location, if present: + elif [ -f "$pki_vars" ]; then + vars="$pki_vars" + # EASYRSA, if defined: + elif [ -n "$EASYRSA" ] && [ -f "$EASYRSA/vars" ]; then + vars="$EASYRSA/vars" + # program location: + elif [ -f "$prog_vars" ]; then + vars="$prog_vars" + fi + + # If a vars file was located, source it + # If $EASYRSA_NO_VARS is defined (not blank) this is skipped + if [ -z "$EASYRSA_NO_VARS" ] && [ -n "$vars" ]; then + #shellcheck disable=SC2034 + EASYRSA_CALLER=1 + # shellcheck disable=SC1090 + . "$vars" + notice "\ +Note: using Easy-RSA configuration from: $vars" + fi + + # Set defaults, preferring existing env-vars if present + set_var EASYRSA "${0%/*}" + set_var EASYRSA_OPENSSL openssl + set_var EASYRSA_PKI "$PWD/pki" + set_var EASYRSA_DN cn_only + set_var EASYRSA_REQ_COUNTRY "US" + set_var EASYRSA_REQ_PROVINCE "California" + set_var EASYRSA_REQ_CITY "San Francisco" + set_var EASYRSA_REQ_ORG "Copyleft Certificate Co" + set_var EASYRSA_REQ_EMAIL me@example.net + set_var EASYRSA_REQ_OU "My Organizational Unit" + set_var EASYRSA_ALGO rsa + set_var EASYRSA_KEY_SIZE 2048 + set_var EASYRSA_CURVE secp384r1 + set_var EASYRSA_EC_DIR "$EASYRSA_PKI/ecparams" + set_var EASYRSA_CA_EXPIRE 3650 + set_var EASYRSA_CERT_EXPIRE 1080 # new default of 36 months + set_var EASYRSA_CERT_RENEW 30 + set_var EASYRSA_CRL_DAYS 180 + set_var EASYRSA_NS_SUPPORT no + set_var EASYRSA_NS_COMMENT "Easy-RSA (v3.0.6) Generated Certificate" + set_var EASYRSA_TEMP_CONF "$EASYRSA_PKI/openssl-easyrsa.temp" + set_var EASYRSA_TEMP_EXT "$EASYRSA_PKI/extensions.temp" + set_var EASYRSA_TEMP_FILE_2 "" + set_var EASYRSA_TEMP_FILE_3 "" + set_var EASYRSA_REQ_CN ChangeMe + set_var EASYRSA_DIGEST sha256 + + set_var EASYRSA_SSL_CONF "$EASYRSA_PKI/openssl-easyrsa.cnf" + set_var EASYRSA_SAFE_CONF "$EASYRSA_PKI/safessl-easyrsa.cnf" + + # Same as above for the x509-types extensions dir + if [ -d "$EASYRSA_PKI/x509-types" ]; then + set_var EASYRSA_EXT_DIR "$EASYRSA_PKI/x509-types" + else + #TODO: This should be removed. Not really suitable for packaging. + set_var EASYRSA_EXT_DIR "$EASYRSA/x509-types" + fi + + # EASYRSA_ALGO_PARAMS must be set depending on selected algo + if [ "ec" = "$EASYRSA_ALGO" ]; then + EASYRSA_ALGO_PARAMS="$EASYRSA_EC_DIR/${EASYRSA_CURVE}.pem" + elif [ "rsa" = "$EASYRSA_ALGO" ]; then + EASYRSA_ALGO_PARAMS="${EASYRSA_KEY_SIZE}" + else + die "Alg '$EASYRSA_ALGO' is invalid: must be 'rsa' or 'ec'" + fi + + # Setting OPENSSL_CONF prevents bogus warnings (especially useful on win32) + export OPENSSL_CONF="$EASYRSA_SAFE_CONF" +} # vars_setup() + +# variable assignment by indirection when undefined; merely exports +# the variable when it is already defined (even if currently null) +# Sets $1 as the value contained in $2 and exports (may be blank) +set_var() { + var=$1 + shift + value="$*" + eval "export $var=\"\${$var-$value}\"" +} #=> set_var() + +######################################## +# Invocation entry point: + +NL=' +' + +# Be secure with a restrictive umask +[ -z "$EASYRSA_NO_UMASK" ] && umask 077 + +# Parse options +while :; do + # Separate option from value: + opt="${1%%=*}" + val="${1#*=}" + empty_ok="" # Empty values are not allowed unless excepted + + case "$opt" in + --days) + export EASYRSA_CERT_EXPIRE="$val" + export EASYRSA_CA_EXPIRE="$val" + export EASYRSA_CRL_DAYS="$val" + ;; + --pki-dir) + export EASYRSA_PKI="$val" ;; + --use-algo) + export EASYRSA_ALGO="$val" ;; + --keysize) + export EASYRSA_KEY_SIZE="$val" ;; + --curve) + export EASYRSA_CURVE="$val" ;; + --dn-mode) + export EASYRSA_DN="$val" ;; + --req-cn) + export EASYRSA_REQ_CN="$val" ;; + --digest) + export EASYRSA_DIGEST="$val" ;; + --req-c) + empty_ok=1 + export EASYRSA_REQ_COUNTRY="$val" ;; + --req-st) + empty_ok=1 + export EASYRSA_REQ_PROVINCE="$val" ;; + --req-city) + empty_ok=1 + export EASYRSA_REQ_CITY="$val" ;; + --req-org) + empty_ok=1 + export EASYRSA_REQ_ORG="$val" ;; + --req-email) + empty_ok=1 + export EASYRSA_REQ_EMAIL="$val" ;; + --req-ou) + empty_ok=1 + export EASYRSA_REQ_OU="$val" ;; + --ns-cert) + export EASYRSA_NS_SUPPORT="$val" ;; + --ns-comment) + empty_ok=1 + export EASYRSA_NS_COMMENT="$val" ;; + --batch) + empty_ok=1 + export EASYRSA_BATCH=1 ;; + --subca-len) + export EASYRSA_SUBCA_LEN="$val" ;; + --vars) + export EASYRSA_VARS_FILE="$val" ;; + --copy-ext) + empty_ok=1 + export EASYRSA_CP_EXT=1 ;; + --subject-alt-name) + export EASYRSA_EXTRA_EXTS="\ +$EASYRSA_EXTRA_EXTS +subjectAltName = $val" ;; + *) + break ;; + esac + + # fatal error when no value was provided + if [ ! $empty_ok ] && { [ "$val" = "$1" ] || [ -z "$val" ]; }; then + die "Missing value to option: $opt" + fi + + shift +done + +# Intelligent env-var detection and auto-loading: +vars_setup + +# Register clean_temp and prog_exit on SIGHUP, SIGINT, SIGQUIT, and SIGABRT +trap "clean_temp; prog_exit 1" 1 +trap "clean_temp; prog_exit 2" 2 +trap "clean_temp; prog_exit 3" 3 +trap "clean_temp; prog_exit 6" 6 +trap "clean_temp; prog_exit 15" 15 + +# determine how we were called, then hand off to the function responsible +cmd="$1" +[ -n "$1" ] && shift # scrape off command +case "$cmd" in + init-pki|clean-all) + init_pki "$@" + ;; + build-ca) + build_ca "$@" + ;; + gen-dh) + gen_dh + ;; + gen-req) + gen_req "$@" + ;; + sign|sign-req) + sign_req "$@" + ;; + build-client-full) + build_full client "$@" + ;; + build-server-full) + build_full server "$@" + ;; + build-serverClient-full) + build_full serverClient "$@" + ;; + gen-crl) + gen_crl + ;; + revoke) + revoke "$@" + ;; + renew) + renew "$@" + ;; + import-req) + import_req "$@" + ;; + export-p12) + export_pkcs p12 "$@" + ;; + export-p7) + export_pkcs p7 "$@" + ;; + set-rsa-pass) + set_pass rsa "$@" + ;; + set-ec-pass) + set_pass ec "$@" + ;; + update-db) + update_db + ;; + show-req) + show req "$@" + ;; + show-cert) + show cert "$@" + ;; + show-ca) + show_ca "$@" + ;; + ""|help|-h|--help|--usage) + cmd_help "$1" + exit 0 + ;; + *) + die "Unknown command '$cmd'. Run without commands for usage help." + ;; +esac + +# vim: ft=sh nu ai sw=8 ts=8 noet diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/openssl-easyrsa.cnf b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/openssl-easyrsa.cnf new file mode 100644 index 0000000..1139414 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/openssl-easyrsa.cnf @@ -0,0 +1,140 @@ +# For use with Easy-RSA 3.1 and OpenSSL or LibreSSL + +RANDFILE = $ENV::EASYRSA_PKI/.rnd + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = $ENV::EASYRSA_PKI # Where everything is kept +certs = $dir # Where the issued certs are kept +crl_dir = $dir # Where the issued crl are kept +database = $dir/index.txt # database index file. +new_certs_dir = $dir/certs_by_serial # default place for new certs. + +certificate = $dir/ca.crt # The CA certificate +serial = $dir/serial # The current serial number +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/ca.key # The private key +RANDFILE = $dir/.rand # private random number file + +x509_extensions = basic_exts # The extentions to add to the cert + +# This allows a V2 CRL. Ancient browsers don't like it, but anything Easy-RSA +# is designed for will. In return, we get the Issuer attached to CRLs. +crl_extensions = crl_ext + +default_days = $ENV::EASYRSA_CERT_EXPIRE # how long to certify for +default_crl_days= $ENV::EASYRSA_CRL_DAYS # how long before next CRL +default_md = $ENV::EASYRSA_DIGEST # use public key default MD +preserve = no # keep passed DN ordering + +# This allows to renew certificates which have not been revoked +unique_subject = no + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_anything + +# For the 'anything' policy, which defines allowed DN fields +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +name = optional +emailAddress = optional + +#################################################################### +# Easy-RSA request handling +# We key off $DN_MODE to determine how to format the DN +[ req ] +default_bits = $ENV::EASYRSA_KEY_SIZE +default_keyfile = privkey.pem +default_md = $ENV::EASYRSA_DIGEST +distinguished_name = $ENV::EASYRSA_DN +x509_extensions = easyrsa_ca # The extentions to add to the self signed cert + +# A placeholder to handle the $EXTRA_EXTS feature: +#%EXTRA_EXTS% # Do NOT remove or change this line as $EXTRA_EXTS support requires it + +#################################################################### +# Easy-RSA DN (Subject) handling + +# Easy-RSA DN for cn_only support: +[ cn_only ] +commonName = Common Name (eg: your user, host, or server name) +commonName_max = 64 +commonName_default = $ENV::EASYRSA_REQ_CN + +# Easy-RSA DN for org support: +[ org ] +countryName = Country Name (2 letter code) +countryName_default = $ENV::EASYRSA_REQ_COUNTRY +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = $ENV::EASYRSA_REQ_PROVINCE + +localityName = Locality Name (eg, city) +localityName_default = $ENV::EASYRSA_REQ_CITY + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = $ENV::EASYRSA_REQ_ORG + +organizationalUnitName = Organizational Unit Name (eg, section) +organizationalUnitName_default = $ENV::EASYRSA_REQ_OU + +commonName = Common Name (eg: your user, host, or server name) +commonName_max = 64 +commonName_default = $ENV::EASYRSA_REQ_CN + +emailAddress = Email Address +emailAddress_default = $ENV::EASYRSA_REQ_EMAIL +emailAddress_max = 64 + +#################################################################### +# Easy-RSA cert extension handling + +# This section is effectively unused as the main script sets extensions +# dynamically. This core section is left to support the odd usecase where +# a user calls openssl directly. +[ basic_exts ] +basicConstraints = CA:FALSE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer:always + +# The Easy-RSA CA extensions +[ easyrsa_ca ] + +# PKIX recommendations: + +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always + +# This could be marked critical, but it's nice to support reading by any +# broken clients who attempt to do so. +basicConstraints = CA:true + +# Limit key usage to CA tasks. If you really want to use the generated pair as +# a self-signed cert, comment this out. +keyUsage = cRLSign, keyCertSign + +# nsCertType omitted by default. Let's try to let the deprecated stuff die. +# nsCertType = sslCA + +# CRL extensions. +[ crl_ext ] + +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always,issuer:always + diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/.rnd b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/.rnd new file mode 100644 index 0000000..c219419 Binary files /dev/null and b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/.rnd differ diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/ca.crt b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/ca.crt new file mode 100644 index 0000000..1a2603d --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/ca.crt @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIICCDCCAY6gAwIBAgIUFpM3siy07jymSvRE5W3KA5SgaewwCgYIKoZIzj0EAwIw +GjEYMBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDczMDEzMDQyMFoXDTI5 +MDcyNzEzMDQyMFowGjEYMBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMHYwEAYHKoZI +zj0CAQYFK4EEACIDYgAEf0Vp3WUOyNyNadbV0wXRxNws3Vfj0DtLOWS+PqHnpqQR +DDoiX0VgP22UPewYdBM0G+8rY69V7/T0I2c1MOxehEJpwzDtrPSwWFIYlovhrTm5 +aCXFWv7Emjc2lzff7796o4GUMIGRMB0GA1UdDgQWBBTbN0eikCKafCP5MWLoyV7R +ZUYZ1jBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG +A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDAgNoADBlAjEAhPooIL9r +CPdBnbm7odHvnvllUvR+iwwfcJSB17uV7Zt/XrobItEvMkrj1pBNz/OHAjAL+ktb +q0j0Zxzt35PA8oNPttbKNAUXT7KYSQ4KYstqX3NRvoXKOAj48p1IjkuUC3k= +-----END CERTIFICATE----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/075BCC380AA760E433EADC635FDA65BB.pem b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/075BCC380AA760E433EADC635FDA65BB.pem new file mode 100644 index 0000000..95bd1bb --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/075BCC380AA760E433EADC635FDA65BB.pem @@ -0,0 +1,59 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 07:5b:cc:38:0a:a7:60:e4:33:ea:dc:63:5f:da:65:bb + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:14:04 2019 GMT + Not After : Jul 14 13:14:04 2022 GMT + Subject: CN=dvasary + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:83:4f:51:7b:f1:30:dc:76:25:db:21:fd:11:8a: + 39:fc:6f:4a:0f:f5:38:9d:8e:3c:18:c3:e2:b9:9a: + 7e:d8:25:9d:69:f1:40:f2:1c:f8:bd:7c:98:e9:1d: + 86:78:d0:d5:7b:b1:e6:8a:cb:44:e9:42:6c:61:c4: + d9:32:c5:16:f0:76:71:90:58:0f:13:f4:cb:01:02: + 68:fa:bb:3e:cb:24:47:e2:87:2d:f2:c6:d9:5f:b8: + 16:de:47:aa:bf:02:65 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 61:47:26:E4:48:A5:C7:F8:38:0A:5F:06:FE:F6:35:DC:BB:71:F1:36 + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:66:02:31:00:8a:59:88:96:eb:a1:b6:5d:51:39:39:63:b6: + 53:c1:1e:01:ae:35:ff:3e:a5:ba:ed:17:a9:0b:2d:a9:86:c3: + ae:c1:47:55:9b:16:9f:d7:29:71:28:06:92:6c:da:86:75:02: + 31:00:b3:f1:55:67:51:44:2f:fa:5f:c0:65:ce:45:c3:ef:88: + f4:80:98:65:69:e5:db:7b:42:71:6f:16:f2:06:5c:ad:e1:ce: + fb:dc:fc:46:1f:b2:79:61:5a:c9:81:b5:24:c3 +-----BEGIN CERTIFICATE----- +MIICDzCCAZSgAwIBAgIQB1vMOAqnYOQz6txjX9pluzAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNDA0WhcNMjIwNzE0 +MTMxNDA0WjASMRAwDgYDVQQDDAdkdmFzYXJ5MHYwEAYHKoZIzj0CAQYFK4EEACID +YgAEg09Re/Ew3HYl2yH9EYo5/G9KD/U4nY48GMPiuZp+2CWdafFA8hz4vXyY6R2G +eNDVe7HmistE6UJsYcTZMsUW8HZxkFgPE/TLAQJo+rs+yyRH4oct8sbZX7gW3keq +vwJlo4GmMIGjMAkGA1UdEwQCMAAwHQYDVR0OBBYEFGFHJuRIpcf4OApfBv72Ndy7 +cfE2MFUGA1UdIwROMEyAFNs3R6KQIpp8I/kxYujJXtFlRhnWoR6kHDAaMRgwFgYD +VQQDDA9VU0VSIE9wZW5WUE4gQ0GCFBaTN7IstO48pkr0ROVtygOUoGnsMBMGA1Ud +JQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjOPQQDAgNpADBmAjEA +ilmIluuhtl1ROTljtlPBHgGuNf8+pbrtF6kLLamGw67BR1WbFp/XKXEoBpJs2oZ1 +AjEAs/FVZ1FEL/pfwGXORcPviPSAmGVp5dt7QnFvFvIGXK3hzvvc/EYfsnlhWsmB +tSTD +-----END CERTIFICATE----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/12232170B0F9E3C1FE60D86EEC973512.pem b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/12232170B0F9E3C1FE60D86EEC973512.pem new file mode 100644 index 0000000..7d43dc8 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/12232170B0F9E3C1FE60D86EEC973512.pem @@ -0,0 +1,59 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 12:23:21:70:b0:f9:e3:c1:fe:60:d8:6e:ec:97:35:12 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:13:49 2019 GMT + Not After : Jul 14 13:13:49 2022 GMT + Subject: CN=cslevai + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:4b:d4:e1:4f:a7:5b:1e:c4:7d:40:27:19:de:bc: + cc:78:6b:5a:86:13:48:c4:c0:40:09:4e:1d:cd:b4: + f0:8d:14:2e:44:7c:8e:2d:7b:75:27:00:c4:9b:5c: + 71:1d:35:ff:f6:91:01:e2:3f:22:4d:f4:59:45:e4: + 85:61:a2:30:bb:7f:8e:7f:86:db:79:7a:da:61:00: + 72:3d:60:0b:3a:7b:d3:8e:43:d5:21:f9:e5:ef:01: + 02:48:0e:aa:07:e0:df + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + A5:71:47:49:34:D9:70:4C:8E:A6:06:51:69:AC:4D:2F:61:9F:3F:D2 + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:64:02:30:79:11:b6:e8:91:42:c8:db:cd:fa:27:07:1d:5b: + cc:9f:b2:f3:d2:0f:79:7f:7e:83:3a:e9:4b:86:a0:ba:c1:10: + 9a:87:21:f0:2c:26:e9:c5:fc:fc:7c:6c:45:79:29:d3:02:30: + 0b:74:ab:68:f6:25:3f:d3:2b:eb:a9:13:1d:3d:b1:a8:80:9c: + 1f:8f:6f:de:de:2f:a7:7f:ad:5a:a5:18:29:05:99:65:5f:63: + 50:31:6e:78:90:e6:12:3e:83:f1:d8:b0 +-----BEGIN CERTIFICATE----- +MIICDTCCAZSgAwIBAgIQEiMhcLD548H+YNhu7Jc1EjAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxMzQ5WhcNMjIwNzE0 +MTMxMzQ5WjASMRAwDgYDVQQDDAdjc2xldmFpMHYwEAYHKoZIzj0CAQYFK4EEACID +YgAES9ThT6dbHsR9QCcZ3rzMeGtahhNIxMBACU4dzbTwjRQuRHyOLXt1JwDEm1xx +HTX/9pEB4j8iTfRZReSFYaIwu3+Of4bbeXraYQByPWALOnvTjkPVIfnl7wECSA6q +B+Dfo4GmMIGjMAkGA1UdEwQCMAAwHQYDVR0OBBYEFKVxR0k02XBMjqYGUWmsTS9h +nz/SMFUGA1UdIwROMEyAFNs3R6KQIpp8I/kxYujJXtFlRhnWoR6kHDAaMRgwFgYD +VQQDDA9VU0VSIE9wZW5WUE4gQ0GCFBaTN7IstO48pkr0ROVtygOUoGnsMBMGA1Ud +JQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjOPQQDAgNnADBkAjB5 +EbbokULI2836JwcdW8yfsvPSD3l/foM66UuGoLrBEJqHIfAsJunF/Px8bEV5KdMC +MAt0q2j2JT/TK+upEx09saiAnB+Pb97eL6d/rVqlGCkFmWVfY1AxbniQ5hI+g/HY +sA== +-----END CERTIFICATE----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/237BC768F37B5C8E1763B5673ED3101C.pem b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/237BC768F37B5C8E1763B5673ED3101C.pem new file mode 100644 index 0000000..4e332dc --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/237BC768F37B5C8E1763B5673ED3101C.pem @@ -0,0 +1,59 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 23:7b:c7:68:f3:7b:5c:8e:17:63:b5:67:3e:d3:10:1c + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:15:16 2019 GMT + Not After : Jul 14 13:15:16 2022 GMT + Subject: CN=mszabo + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:d4:de:f0:4a:f4:a0:8a:bd:52:97:87:c0:f5:28: + 87:7d:7b:4c:f3:3d:13:be:6b:f6:61:23:f8:91:fd: + 2a:59:db:38:2e:ec:d6:5d:21:c2:b9:e0:8c:38:36: + c9:bb:2c:f9:87:f3:c5:53:28:d1:94:03:d3:24:c0: + fa:95:b3:19:4a:42:95:94:22:11:4f:82:ea:bf:16: + 42:42:90:f1:9e:e9:68:48:2e:b9:db:71:be:48:4a: + eb:06:61:63:73:77:18 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 8B:C8:96:C9:E3:FD:F0:F2:13:BD:F3:32:17:FD:4F:40:19:3D:2A:5F + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:66:02:31:00:84:81:10:d7:e4:4f:e6:1d:de:3f:6c:9d:f9: + 45:2f:6c:74:c1:ce:65:da:b9:0f:56:2d:3c:08:2d:a9:62:d2: + ec:45:46:50:7d:da:d1:0d:73:8c:e9:57:57:3e:2d:49:14:02: + 31:00:9e:6a:e2:fa:4f:6d:04:6f:3f:6b:35:9e:1b:6a:94:b8: + 3b:f3:79:db:9b:cd:2c:84:48:e9:7a:a9:13:d2:08:b0:d0:f2: + c6:22:7e:87:3b:f4:6d:d0:b7:db:c4:b5:ad:5d +-----BEGIN CERTIFICATE----- +MIICDjCCAZOgAwIBAgIQI3vHaPN7XI4XY7VnPtMQHDAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNTE2WhcNMjIwNzE0 +MTMxNTE2WjARMQ8wDQYDVQQDDAZtc3phYm8wdjAQBgcqhkjOPQIBBgUrgQQAIgNi +AATU3vBK9KCKvVKXh8D1KId9e0zzPRO+a/ZhI/iR/SpZ2zgu7NZdIcK54Iw4Nsm7 +LPmH88VTKNGUA9MkwPqVsxlKQpWUIhFPguq/FkJCkPGe6WhILrnbcb5ISusGYWNz +dxijgaYwgaMwCQYDVR0TBAIwADAdBgNVHQ4EFgQUi8iWyeP98PITvfMyF/1PQBk9 +Kl8wVQYDVR0jBE4wTIAU2zdHopAimnwj+TFi6Mle0WVGGdahHqQcMBoxGDAWBgNV +BAMMD1VTRVIgT3BlblZQTiBDQYIUFpM3siy07jymSvRE5W3KA5SgaewwEwYDVR0l +BAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMCA2kAMGYCMQCE +gRDX5E/mHd4/bJ35RS9sdMHOZdq5D1YtPAgtqWLS7EVGUH3a0Q1zjOlXVz4tSRQC +MQCeauL6T20Ebz9rNZ4bapS4O/N525vNLIRI6XqpE9IIsNDyxiJ+hzv0bdC328S1 +rV0= +-----END CERTIFICATE----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/26846A96D0DB00703B7DC8AAD60A5B07.pem b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/26846A96D0DB00703B7DC8AAD60A5B07.pem new file mode 100644 index 0000000..8dac23a --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/26846A96D0DB00703B7DC8AAD60A5B07.pem @@ -0,0 +1,59 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 26:84:6a:96:d0:db:00:70:3b:7d:c8:aa:d6:0a:5b:07 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:12:51 2019 GMT + Not After : Jul 14 13:12:51 2022 GMT + Subject: CN=akosztolanyi + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:97:d4:89:82:0c:1b:ad:c4:4b:dd:4c:19:a5:f5: + d8:3c:42:9d:d2:b0:0d:9e:6c:a6:a8:62:9a:bf:fd: + 78:9d:76:f4:02:ad:51:9f:97:12:59:bc:c1:a3:a0: + 17:35:76:2f:74:ea:b9:d3:72:4b:35:94:40:f3:7e: + b5:1c:af:51:d1:b4:d3:7a:69:3d:7f:1e:51:97:fe: + e3:4a:ec:01:c6:e9:89:e9:8e:b7:94:a3:72:12:6e: + 66:c5:a2:de:ad:27:e2 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + E9:6C:48:68:A1:BA:B9:7D:A3:9C:BF:89:F3:87:51:9B:B1:6C:9B:16 + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:30:6c:e9:e9:01:19:c4:53:40:ff:e6:bb:36:1f:51: + cd:1f:40:88:1d:e2:b3:8d:61:48:5d:ec:de:f8:20:c1:21:b1: + 38:5e:0b:c3:f7:ae:9c:41:38:36:73:a0:06:b6:a4:55:02:31: + 00:cc:50:fa:3f:7a:6c:6b:90:bf:6a:c6:af:1e:94:88:b7:90: + 5d:b7:27:cf:b3:28:bc:ee:31:99:f0:9b:87:48:06:d2:6d:24: + f0:d1:ad:be:94:b8:22:64:63:0f:d0:2d:85 +-----BEGIN CERTIFICATE----- +MIICEzCCAZmgAwIBAgIQJoRqltDbAHA7fciq1gpbBzAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxMjUxWhcNMjIwNzE0 +MTMxMjUxWjAXMRUwEwYDVQQDDAxha29zenRvbGFueWkwdjAQBgcqhkjOPQIBBgUr +gQQAIgNiAASX1ImCDButxEvdTBml9dg8Qp3SsA2ebKaoYpq//XiddvQCrVGflxJZ +vMGjoBc1di906rnTcks1lEDzfrUcr1HRtNN6aT1/HlGX/uNK7AHG6YnpjreUo3IS +bmbFot6tJ+KjgaYwgaMwCQYDVR0TBAIwADAdBgNVHQ4EFgQU6WxIaKG6uX2jnL+J +84dRm7FsmxYwVQYDVR0jBE4wTIAU2zdHopAimnwj+TFi6Mle0WVGGdahHqQcMBox +GDAWBgNVBAMMD1VTRVIgT3BlblZQTiBDQYIUFpM3siy07jymSvRE5W3KA5Sgaeww +EwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMCA2gA +MGUCMGzp6QEZxFNA/+a7Nh9RzR9AiB3is41hSF3s3vggwSGxOF4Lw/eunEE4NnOg +BrakVQIxAMxQ+j96bGuQv2rGrx6UiLeQXbcnz7MovO4xmfCbh0gG0m0k8NGtvpS4 +ImRjD9AthQ== +-----END CERTIFICATE----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/29F1F8311793D758D5AD0ECEA7267033.pem b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/29F1F8311793D758D5AD0ECEA7267033.pem new file mode 100644 index 0000000..578369e --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/29F1F8311793D758D5AD0ECEA7267033.pem @@ -0,0 +1,59 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 29:f1:f8:31:17:93:d7:58:d5:ad:0e:ce:a7:26:70:33 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:13:11 2019 GMT + Not After : Jul 14 13:13:11 2022 GMT + Subject: CN=azsamboki + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:34:0d:f3:0e:e6:05:69:f3:24:7d:ef:19:0c:ce: + 04:bd:24:34:e3:8c:e5:2b:7e:3f:70:39:55:9b:2e: + 73:fa:c6:4e:44:42:95:69:82:13:85:98:63:5a:25: + dc:1c:b2:32:9c:97:01:b5:fb:c4:dd:59:05:8a:ab: + b6:c1:b2:13:03:0a:e3:8b:e7:ea:62:c1:71:1b:4f: + 20:74:9c:0b:df:46:56:6c:03:d5:8c:d8:4c:02:e9: + 6e:62:3a:1f:b3:0e:ba + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 19:A1:EF:03:DB:DF:4F:40:2A:FD:35:E0:C9:ED:DD:75:47:2F:32:1B + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:31:00:d2:08:c6:1b:75:81:72:2e:c6:46:cd:47:11: + 2e:7c:3e:ba:e2:75:1c:8c:48:e1:4f:ac:61:5b:07:26:97:cc: + 0a:38:7f:0d:e4:63:35:c6:a5:8e:39:f3:4c:18:79:6d:0a:02: + 30:54:57:e5:dd:49:2b:8e:3e:89:ef:87:2f:d4:f4:ef:a3:95: + 2d:f5:87:5a:3a:1f:93:58:7d:c5:fe:9a:45:f1:8f:d1:44:13: + 30:b0:07:c0:b6:80:35:3f:b8:a8:96:c7:8c +-----BEGIN CERTIFICATE----- +MIICEDCCAZagAwIBAgIQKfH4MReT11jVrQ7OpyZwMzAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxMzExWhcNMjIwNzE0 +MTMxMzExWjAUMRIwEAYDVQQDDAlhenNhbWJva2kwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAAQ0DfMO5gVp8yR97xkMzgS9JDTjjOUrfj9wOVWbLnP6xk5EQpVpghOFmGNa +JdwcsjKclwG1+8TdWQWKq7bBshMDCuOL5+piwXEbTyB0nAvfRlZsA9WM2EwC6W5i +Oh+zDrqjgaYwgaMwCQYDVR0TBAIwADAdBgNVHQ4EFgQUGaHvA9vfT0Aq/TXgye3d +dUcvMhswVQYDVR0jBE4wTIAU2zdHopAimnwj+TFi6Mle0WVGGdahHqQcMBoxGDAW +BgNVBAMMD1VTRVIgT3BlblZQTiBDQYIUFpM3siy07jymSvRE5W3KA5SgaewwEwYD +VR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMCA2gAMGUC +MQDSCMYbdYFyLsZGzUcRLnw+uuJ1HIxI4U+sYVsHJpfMCjh/DeRjNcaljjnzTBh5 +bQoCMFRX5d1JK44+ie+HL9T076OVLfWHWjofk1h9xf6aRfGP0UQTMLAHwLaANT+4 +qJbHjA== +-----END CERTIFICATE----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/3206AF0B00A2DD98266113A2F8C5F8E7.pem b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/3206AF0B00A2DD98266113A2F8C5F8E7.pem new file mode 100644 index 0000000..6a4f5ff --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/3206AF0B00A2DD98266113A2F8C5F8E7.pem @@ -0,0 +1,59 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 32:06:af:0b:00:a2:dd:98:26:61:13:a2:f8:c5:f8:e7 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:14:15 2019 GMT + Not After : Jul 14 13:14:15 2022 GMT + Subject: CN=fritter + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:01:16:61:9a:29:9b:00:34:c6:d8:d0:31:87:e7: + 2c:fd:7a:7e:e0:6e:f7:26:1a:62:7f:d4:7d:aa:8d: + 0e:83:bd:c2:51:8c:cb:34:2b:3d:04:40:4f:2c:6f: + 8b:86:9b:7f:de:a2:79:a4:0a:03:4c:70:71:34:ba: + f6:f8:d1:e8:92:18:32:d6:78:3d:5d:29:5c:70:a0: + b6:80:7f:21:e2:63:09:57:c1:46:fd:9b:d9:7a:2a: + b8:13:f2:f7:83:cc:32 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + B1:1A:69:80:EF:74:B3:58:F8:3B:86:7A:86:DF:8C:50:30:56:12:04 + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:66:02:31:00:da:29:1d:b3:22:d6:c9:b3:16:e6:14:41:77: + fb:87:e7:9c:39:0b:a4:40:42:bf:45:0a:b0:4e:53:89:c9:a9: + 6b:90:b7:88:85:bd:f0:9b:a0:a4:4b:fb:e3:2e:6f:d1:ff:02: + 31:00:82:ce:d7:ed:cd:94:17:96:d4:65:97:82:11:ae:dd:22: + 2c:2f:f2:64:55:ef:e7:25:c9:89:c3:bf:fc:cf:5f:c5:60:00: + 2c:e9:7d:36:7b:6b:b8:c0:08:c2:66:f2:f7:ef +-----BEGIN CERTIFICATE----- +MIICDzCCAZSgAwIBAgIQMgavCwCi3ZgmYROi+MX45zAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNDE1WhcNMjIwNzE0 +MTMxNDE1WjASMRAwDgYDVQQDDAdmcml0dGVyMHYwEAYHKoZIzj0CAQYFK4EEACID +YgAEARZhmimbADTG2NAxh+cs/Xp+4G73Jhpif9R9qo0Og73CUYzLNCs9BEBPLG+L +hpt/3qJ5pAoDTHBxNLr2+NHokhgy1ng9XSlccKC2gH8h4mMJV8FG/ZvZeiq4E/L3 +g8wyo4GmMIGjMAkGA1UdEwQCMAAwHQYDVR0OBBYEFLEaaYDvdLNY+DuGeobfjFAw +VhIEMFUGA1UdIwROMEyAFNs3R6KQIpp8I/kxYujJXtFlRhnWoR6kHDAaMRgwFgYD +VQQDDA9VU0VSIE9wZW5WUE4gQ0GCFBaTN7IstO48pkr0ROVtygOUoGnsMBMGA1Ud +JQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjOPQQDAgNpADBmAjEA +2ikdsyLWybMW5hRBd/uH55w5C6RAQr9FCrBOU4nJqWuQt4iFvfCboKRL++Mub9H/ +AjEAgs7X7c2UF5bUZZeCEa7dIiwv8mRV7+clyYnDv/zPX8VgACzpfTZ7a7jACMJm +8vfv +-----END CERTIFICATE----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/3413803E217F3BDD0AAFD5CB0D174B3C.pem b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/3413803E217F3BDD0AAFD5CB0D174B3C.pem new file mode 100644 index 0000000..dbaae76 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/3413803E217F3BDD0AAFD5CB0D174B3C.pem @@ -0,0 +1,59 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 34:13:80:3e:21:7f:3b:dd:0a:af:d5:cb:0d:17:4b:3c + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:16:17 2019 GMT + Not After : Jul 14 13:16:17 2022 GMT + Subject: CN=zfelleg + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:83:a4:95:4c:f4:18:92:47:f1:fe:26:d4:2c:3a: + a1:65:73:7b:ef:cd:26:ef:dc:d7:7a:dc:95:9a:8b: + 66:3f:e9:c9:2e:f6:ac:0a:0e:a1:8f:bd:a5:00:42: + 3a:30:03:9c:0a:5b:4a:c3:3c:bc:62:05:60:37:36: + 99:e4:e7:27:2d:ae:a9:c1:a2:57:35:8e:d2:59:77: + 29:16:64:50:94:16:ca:1a:19:31:1a:83:8c:41:07: + 7f:7d:e7:fc:98:80:73 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 40:51:B5:0A:53:CE:54:25:34:5C:DC:E5:70:74:B3:6F:D4:D3:01:84 + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:30:7e:24:b4:72:c8:67:13:4f:a0:ba:09:76:d0:33: + 36:35:d4:d0:df:e7:a5:25:25:af:ce:36:67:42:22:bf:42:fb: + ab:96:52:73:c1:b2:a0:58:3a:90:b1:8a:78:70:eb:c9:02:31: + 00:d9:4a:41:83:7a:5d:1b:6c:e2:d0:2d:b7:c3:b9:b7:11:26: + 90:fa:9c:cb:20:e6:c4:cf:06:65:8b:8e:6b:00:c7:ec:77:f0: + 85:75:17:58:0b:ef:06:8b:13:0b:57:61:25 +-----BEGIN CERTIFICATE----- +MIICDjCCAZSgAwIBAgIQNBOAPiF/O90Kr9XLDRdLPDAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNjE3WhcNMjIwNzE0 +MTMxNjE3WjASMRAwDgYDVQQDDAd6ZmVsbGVnMHYwEAYHKoZIzj0CAQYFK4EEACID +YgAEg6SVTPQYkkfx/ibULDqhZXN7780m79zXetyVmotmP+nJLvasCg6hj72lAEI6 +MAOcCltKwzy8YgVgNzaZ5OcnLa6pwaJXNY7SWXcpFmRQlBbKGhkxGoOMQQd/fef8 +mIBzo4GmMIGjMAkGA1UdEwQCMAAwHQYDVR0OBBYEFEBRtQpTzlQlNFzc5XB0s2/U +0wGEMFUGA1UdIwROMEyAFNs3R6KQIpp8I/kxYujJXtFlRhnWoR6kHDAaMRgwFgYD +VQQDDA9VU0VSIE9wZW5WUE4gQ0GCFBaTN7IstO48pkr0ROVtygOUoGnsMBMGA1Ud +JQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjOPQQDAgNoADBlAjB+ +JLRyyGcTT6C6CXbQMzY11NDf56UlJa/ONmdCIr9C+6uWUnPBsqBYOpCxinhw68kC +MQDZSkGDel0bbOLQLbfDubcRJpD6nMsg5sTPBmWLjmsAx+x38IV1F1gL7waLEwtX +YSU= +-----END CERTIFICATE----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/394BDD541C1082EAC5CD4D9DFEB6D4D3.pem b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/394BDD541C1082EAC5CD4D9DFEB6D4D3.pem new file mode 100644 index 0000000..001fc25 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/394BDD541C1082EAC5CD4D9DFEB6D4D3.pem @@ -0,0 +1,58 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 39:4b:dd:54:1c:10:82:ea:c5:cd:4d:9d:fe:b6:d4:d3 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:15:02 2019 GMT + Not After : Jul 14 13:15:02 2022 GMT + Subject: CN=kkele + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:0a:e8:ed:f9:1a:f5:b6:17:d7:5f:ff:9e:9c:1e: + 1d:11:cf:12:7f:01:11:ca:a2:b1:e0:b5:bc:30:6b: + 5c:ff:5e:d2:06:2b:55:a9:0f:55:3a:ae:ee:a6:5e: + 74:0d:f6:43:b6:a4:1d:17:2b:0f:87:7b:c2:39:47: + 1d:e7:fb:e4:64:d1:00:60:bb:1c:eb:e0:40:82:8d: + 77:09:85:d1:1c:37:c8:3e:d5:64:51:0f:1d:71:71: + 04:3a:21:6c:a2:57:36 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + B0:47:56:D8:59:56:0D:E2:68:86:01:E8:12:30:4C:EF:D9:7D:EE:F7 + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:31:00:df:6c:06:c1:07:aa:bb:76:58:d8:ea:dc:60: + ce:e0:5c:a9:32:c0:20:c9:8b:da:3b:7e:98:74:94:96:83:0e: + 9f:71:8f:4e:af:72:d0:49:29:06:d0:c8:e9:12:88:67:67:02: + 30:77:f4:e3:b5:89:dd:e6:6e:83:65:64:77:09:8e:52:2d:47: + 04:80:27:14:25:51:08:97:01:86:e9:23:0d:04:fa:44:89:35: + c4:4e:18:84:09:86:cf:5a:7b:6c:0e:09:fd +-----BEGIN CERTIFICATE----- +MIICDDCCAZKgAwIBAgIQOUvdVBwQgurFzU2d/rbU0zAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNTAyWhcNMjIwNzE0 +MTMxNTAyWjAQMQ4wDAYDVQQDDAVra2VsZTB2MBAGByqGSM49AgEGBSuBBAAiA2IA +BAro7fka9bYX11//npweHRHPEn8BEcqiseC1vDBrXP9e0gYrVakPVTqu7qZedA32 +Q7akHRcrD4d7wjlHHef75GTRAGC7HOvgQIKNdwmF0Rw3yD7VZFEPHXFxBDohbKJX +NqOBpjCBozAJBgNVHRMEAjAAMB0GA1UdDgQWBBSwR1bYWVYN4miGAegSMEzv2X3u +9zBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYGA1UE +AwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DATBgNVHSUE +DDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZIzj0EAwIDaAAwZQIxAN9s +BsEHqrt2WNjq3GDO4FypMsAgyYvaO36YdJSWgw6fcY9Or3LQSSkG0MjpEohnZwIw +d/TjtYnd5m6DZWR3CY5SLUcEgCcUJVEIlwGG6SMNBPpEiTXEThiECYbPWntsDgn9 +-----END CERTIFICATE----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/466EF08C89776434622CEABEE1DF9368.pem b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/466EF08C89776434622CEABEE1DF9368.pem new file mode 100644 index 0000000..fc0d1c4 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/466EF08C89776434622CEABEE1DF9368.pem @@ -0,0 +1,59 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 46:6e:f0:8c:89:77:64:34:62:2c:ea:be:e1:df:93:68 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:13:22 2019 GMT + Not After : Jul 14 13:13:22 2022 GMT + Subject: CN=bcsoka + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:a7:95:bf:6c:8e:0f:34:9c:ca:14:8b:33:4d:80: + 55:98:1e:10:c3:e9:84:7f:72:4d:f2:61:68:70:59: + c7:6f:6d:02:c4:22:cf:58:80:e7:35:18:6e:ee:11: + fe:29:01:c3:ea:79:85:83:e6:0c:6f:c5:d8:7f:9f: + d5:55:27:7b:a8:17:14:2d:94:e5:c4:a4:9f:ac:b8: + 38:02:c0:41:5a:1a:8a:63:e5:c3:52:27:62:57:0b: + 14:6b:36:cc:8e:51:3f + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 5A:57:D9:73:6A:27:49:66:7D:18:9E:2A:96:1F:4C:49:7E:AD:9C:15 + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:30:2b:52:16:40:fb:43:11:6a:9a:45:62:58:5b:f5: + 19:34:3f:32:fe:f7:d0:82:4a:32:98:61:0f:22:22:99:9a:16: + b3:94:79:46:fe:a2:7a:9c:9a:86:a6:31:4e:72:f4:54:02:31: + 00:94:2c:a6:21:e6:78:73:3e:d9:93:89:c6:72:72:8e:1d:17: + 87:07:27:22:2c:5d:2c:00:f1:38:1f:17:fb:0e:c1:c9:52:80: + 52:ba:1c:79:93:69:c1:59:0e:f0:a0:cd:76 +-----BEGIN CERTIFICATE----- +MIICDTCCAZOgAwIBAgIQRm7wjIl3ZDRiLOq+4d+TaDAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxMzIyWhcNMjIwNzE0 +MTMxMzIyWjARMQ8wDQYDVQQDDAZiY3Nva2EwdjAQBgcqhkjOPQIBBgUrgQQAIgNi +AASnlb9sjg80nMoUizNNgFWYHhDD6YR/ck3yYWhwWcdvbQLEIs9YgOc1GG7uEf4p +AcPqeYWD5gxvxdh/n9VVJ3uoFxQtlOXEpJ+suDgCwEFaGopj5cNSJ2JXCxRrNsyO +UT+jgaYwgaMwCQYDVR0TBAIwADAdBgNVHQ4EFgQUWlfZc2onSWZ9GJ4qlh9MSX6t +nBUwVQYDVR0jBE4wTIAU2zdHopAimnwj+TFi6Mle0WVGGdahHqQcMBoxGDAWBgNV +BAMMD1VTRVIgT3BlblZQTiBDQYIUFpM3siy07jymSvRE5W3KA5SgaewwEwYDVR0l +BAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMCA2gAMGUCMCtS +FkD7QxFqmkViWFv1GTQ/Mv730IJKMphhDyIimZoWs5R5Rv6iepyahqYxTnL0VAIx +AJQspiHmeHM+2ZOJxnJyjh0XhwcnIixdLADxOB8X+w7ByVKAUroceZNpwVkO8KDN +dg== +-----END CERTIFICATE----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/469E0BAA82D007B19DFCC487C56C9E80.pem b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/469E0BAA82D007B19DFCC487C56C9E80.pem new file mode 100644 index 0000000..3566fd5 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/469E0BAA82D007B19DFCC487C56C9E80.pem @@ -0,0 +1,59 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 46:9e:0b:aa:82:d0:07:b1:9d:fc:c4:87:c5:6c:9e:80 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:14:38 2019 GMT + Not After : Jul 14 13:14:38 2022 GMT + Subject: CN=ifabian + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:ba:65:94:67:08:34:86:c7:0f:94:00:5f:e2:38: + 5b:9e:29:5f:76:7a:87:43:5b:37:a4:44:ab:39:72: + be:37:0e:3f:c5:ba:55:8b:6c:bd:22:ed:74:54:88: + a2:1c:ec:f8:24:37:3f:b3:b2:e3:56:0e:e5:81:cb: + ef:48:1d:e5:ea:1f:67:51:5f:20:8b:2f:aa:fe:fe: + 8e:d4:be:91:28:94:b6:cc:04:74:90:72:90:10:a0: + 7c:42:a2:e3:4c:7f:49 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 0B:41:AE:87:A5:73:BB:DC:4E:16:2E:F3:A0:20:FA:D5:38:52:40:AA + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:30:1f:f9:44:c2:c2:63:91:08:c2:c8:ca:22:28:7d: + 9b:84:3d:d1:f7:89:43:26:b0:a6:e7:2c:e5:63:e9:bd:86:81: + e5:ad:1a:c2:bb:30:31:05:eb:e9:d3:71:d1:6e:c0:df:02:31: + 00:d3:38:d5:bb:9f:d2:a2:92:6e:0e:2a:b4:d9:d6:a9:c9:eb: + 5c:c9:ef:33:1c:66:d4:3c:a0:86:07:39:38:14:0c:61:8b:67: + 75:20:06:d8:79:0c:65:a2:2d:87:fc:00:04 +-----BEGIN CERTIFICATE----- +MIICDjCCAZSgAwIBAgIQRp4LqoLQB7Gd/MSHxWyegDAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNDM4WhcNMjIwNzE0 +MTMxNDM4WjASMRAwDgYDVQQDDAdpZmFiaWFuMHYwEAYHKoZIzj0CAQYFK4EEACID +YgAEumWUZwg0hscPlABf4jhbnilfdnqHQ1s3pESrOXK+Nw4/xbpVi2y9Iu10VIii +HOz4JDc/s7LjVg7lgcvvSB3l6h9nUV8giy+q/v6O1L6RKJS2zAR0kHKQEKB8QqLj +TH9Jo4GmMIGjMAkGA1UdEwQCMAAwHQYDVR0OBBYEFAtBroelc7vcThYu86Ag+tU4 +UkCqMFUGA1UdIwROMEyAFNs3R6KQIpp8I/kxYujJXtFlRhnWoR6kHDAaMRgwFgYD +VQQDDA9VU0VSIE9wZW5WUE4gQ0GCFBaTN7IstO48pkr0ROVtygOUoGnsMBMGA1Ud +JQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjOPQQDAgNoADBlAjAf ++UTCwmORCMLIyiIofZuEPdH3iUMmsKbnLOVj6b2GgeWtGsK7MDEF6+nTcdFuwN8C +MQDTONW7n9Kikm4OKrTZ1qnJ61zJ7zMcZtQ8oIYHOTgUDGGLZ3UgBth5DGWiLYf8 +AAQ= +-----END CERTIFICATE----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/4BDF84B37B17CEE109879B67054B2791.pem b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/4BDF84B37B17CEE109879B67054B2791.pem new file mode 100644 index 0000000..289521f --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/4BDF84B37B17CEE109879B67054B2791.pem @@ -0,0 +1,59 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 4b:df:84:b3:7b:17:ce:e1:09:87:9b:67:05:4b:27:91 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:15:51 2019 GMT + Not After : Jul 14 13:15:51 2022 GMT + Subject: CN=tsuhajda + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:6a:52:47:b4:82:6f:88:07:39:d2:55:37:5b:de: + e8:37:fd:12:c8:2e:2a:c5:b4:9b:54:cf:2b:7c:73: + dd:9c:89:37:d7:a9:09:50:11:bb:ae:8e:8d:3f:e7: + d0:c9:7e:89:f5:7f:29:28:2d:d6:49:5b:69:b9:47: + da:82:87:1e:a9:e8:7a:98:e2:fe:2b:b6:b0:c2:fd: + aa:18:af:c3:d5:b0:c3:51:8b:77:8e:4d:68:60:47: + 41:28:4d:30:81:4d:7c + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 60:FA:D3:CB:9A:38:0E:08:58:0C:11:BB:A1:C8:18:FB:36:31:2A:67 + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:66:02:31:00:c2:3b:36:d4:ec:38:f3:3f:11:b3:74:6b:34: + 27:2f:bd:77:41:c1:20:55:e8:39:b5:1b:ad:04:a1:ab:ca:19: + 1e:31:6f:32:4e:12:80:f9:c9:fc:96:f4:7b:81:34:87:07:02: + 31:00:92:a4:26:4c:73:29:b6:4f:be:37:a7:98:50:33:4f:10: + cd:f2:a0:2d:e6:f1:dd:18:7e:0a:51:1d:81:36:5a:36:3c:17: + f8:d3:2c:cb:c1:16:5d:38:1d:57:97:9a:be:69 +-----BEGIN CERTIFICATE----- +MIICEDCCAZWgAwIBAgIQS9+Es3sXzuEJh5tnBUsnkTAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNTUxWhcNMjIwNzE0 +MTMxNTUxWjATMREwDwYDVQQDDAh0c3VoYWpkYTB2MBAGByqGSM49AgEGBSuBBAAi +A2IABGpSR7SCb4gHOdJVN1ve6Df9EsguKsW0m1TPK3xz3ZyJN9epCVARu66OjT/n +0Ml+ifV/KSgt1klbablH2oKHHqnoepji/iu2sML9qhivw9Www1GLd45NaGBHQShN +MIFNfKOBpjCBozAJBgNVHRMEAjAAMB0GA1UdDgQWBBRg+tPLmjgOCFgMEbuhyBj7 +NjEqZzBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG +A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DATBgNV +HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZIzj0EAwIDaQAwZgIx +AMI7NtTsOPM/EbN0azQnL713QcEgVeg5tRutBKGryhkeMW8yThKA+cn8lvR7gTSH +BwIxAJKkJkxzKbZPvjenmFAzTxDN8qAt5vHdGH4KUR2BNlo2PBf40yzLwRZdOB1X +l5q+aQ== +-----END CERTIFICATE----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/585AA97D7CCAB52C4957BBBF91374261.pem b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/585AA97D7CCAB52C4957BBBF91374261.pem new file mode 100644 index 0000000..8762b9e --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/585AA97D7CCAB52C4957BBBF91374261.pem @@ -0,0 +1,59 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 58:5a:a9:7d:7c:ca:b5:2c:49:57:bb:bf:91:37:42:61 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Mar 26 10:41:27 2020 GMT + Not After : Mar 11 10:41:27 2023 GMT + Subject: CN=kkancz + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:16:c3:cc:4c:19:91:e6:b3:53:89:7d:7a:1e:ae: + 57:89:52:19:d7:e5:c7:d0:68:74:a6:0d:92:e9:09: + e7:81:5e:11:02:ea:87:89:20:e7:57:b1:ca:44:b6: + cf:5f:01:58:73:94:89:3a:0a:67:fa:9f:c8:c9:16: + 8d:e7:72:75:94:8d:52:de:f1:0f:47:a3:15:83:c3: + cd:67:c8:14:af:b2:f5:63:08:0c:25:d5:d5:0a:ba: + fb:9b:0f:df:e0:45:b4 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 61:CB:25:BC:82:6D:D5:01:DE:15:AF:18:59:C3:D7:34:16:B7:A6:94 + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:31:00:ca:f1:79:0b:1b:e1:0f:15:b4:6e:3e:69:9b: + 92:a8:bc:fe:2f:5c:96:c0:ad:d7:02:97:e0:ea:f7:08:77:43: + 31:22:93:50:19:24:88:91:63:39:b1:1a:80:bf:9d:bf:f1:02: + 30:38:5b:c1:af:a7:58:0d:de:b5:19:77:00:33:31:7d:41:c5: + 3c:bb:b2:9e:cd:86:66:f6:1a:84:4d:80:b6:28:b5:2b:04:5f: + 1c:a3:49:cd:89:2d:21:0a:5f:65:eb:d0:36 +-----BEGIN CERTIFICATE----- +MIICDTCCAZOgAwIBAgIQWFqpfXzKtSxJV7u/kTdCYTAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMjAwMzI2MTA0MTI3WhcNMjMwMzEx +MTA0MTI3WjARMQ8wDQYDVQQDDAZra2FuY3owdjAQBgcqhkjOPQIBBgUrgQQAIgNi +AAQWw8xMGZHms1OJfXoerleJUhnX5cfQaHSmDZLpCeeBXhEC6oeJIOdXscpEts9f +AVhzlIk6Cmf6n8jJFo3ncnWUjVLe8Q9HoxWDw81nyBSvsvVjCAwl1dUKuvubD9/g +RbSjgaYwgaMwCQYDVR0TBAIwADAdBgNVHQ4EFgQUYcslvIJt1QHeFa8YWcPXNBa3 +ppQwVQYDVR0jBE4wTIAU2zdHopAimnwj+TFi6Mle0WVGGdahHqQcMBoxGDAWBgNV +BAMMD1VTRVIgT3BlblZQTiBDQYIUFpM3siy07jymSvRE5W3KA5SgaewwEwYDVR0l +BAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMCA2gAMGUCMQDK +8XkLG+EPFbRuPmmbkqi8/i9clsCt1wKX4Or3CHdDMSKTUBkkiJFjObEagL+dv/EC +MDhbwa+nWA3etRl3ADMxfUHFPLuyns2GZvYahE2Atii1KwRfHKNJzYktIQpfZevQ +Ng== +-----END CERTIFICATE----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/62DE031122C64B00AC33D5E58A250FFF.pem b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/62DE031122C64B00AC33D5E58A250FFF.pem new file mode 100644 index 0000000..7c72a4c --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/62DE031122C64B00AC33D5E58A250FFF.pem @@ -0,0 +1,59 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 62:de:03:11:22:c6:4b:00:ac:33:d5:e5:8a:25:0f:ff + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:14:27 2019 GMT + Not After : Jul 14 13:14:27 2022 GMT + Subject: CN=fschnell + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:c1:66:71:37:bb:f5:b6:2c:b0:a0:d6:8c:85:2c: + 31:28:d1:5e:d6:23:71:ae:b7:6f:79:12:50:7a:b5: + 6c:ee:eb:a0:a9:9b:1a:d5:f3:5d:72:fd:cd:f1:0d: + 23:3f:6e:44:7b:1f:c9:8a:1e:fb:51:ad:e2:bf:c8: + 12:0d:d0:7a:11:de:ee:c2:6e:06:af:67:c7:51:13: + 8c:cf:75:9f:a9:80:42:f2:9c:5a:78:af:29:57:df: + b0:c1:d6:d6:3b:42:60 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + B9:32:14:86:9B:D6:96:CB:A1:D9:29:28:C4:F7:93:25:5F:2A:A1:1C + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:64:02:30:61:aa:3e:2c:c7:81:3c:56:1a:87:fe:c8:42:6a: + b1:61:dd:1c:6a:21:ac:81:90:ef:04:4c:2f:fc:9f:b7:75:e1: + b2:2a:60:f8:67:f0:9a:b4:7f:18:cd:81:68:bf:ae:1b:02:30: + 33:0e:e6:86:5d:2e:bc:64:4e:4c:fd:8d:05:45:a6:c0:3d:d8: + af:53:fa:37:2f:e5:84:8e:ea:30:80:82:60:96:8e:5d:8f:1f: + f2:4f:d1:f7:c0:d1:a0:19:d7:93:95:82 +-----BEGIN CERTIFICATE----- +MIICDjCCAZWgAwIBAgIQYt4DESLGSwCsM9XliiUP/zAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNDI3WhcNMjIwNzE0 +MTMxNDI3WjATMREwDwYDVQQDDAhmc2NobmVsbDB2MBAGByqGSM49AgEGBSuBBAAi +A2IABMFmcTe79bYssKDWjIUsMSjRXtYjca63b3kSUHq1bO7roKmbGtXzXXL9zfEN +Iz9uRHsfyYoe+1Gt4r/IEg3QehHe7sJuBq9nx1ETjM91n6mAQvKcWnivKVffsMHW +1jtCYKOBpjCBozAJBgNVHRMEAjAAMB0GA1UdDgQWBBS5MhSGm9aWy6HZKSjE95Ml +XyqhHDBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG +A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DATBgNV +HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZIzj0EAwIDZwAwZAIw +Yao+LMeBPFYah/7IQmqxYd0caiGsgZDvBEwv/J+3deGyKmD4Z/CatH8YzYFov64b +AjAzDuaGXS68ZE5M/Y0FRabAPdivU/o3L+WEjuowgIJglo5djx/yT9H3wNGgGdeT +lYI= +-----END CERTIFICATE----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/6802688CE3BB71C1E867CA490A9D0B4C.pem b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/6802688CE3BB71C1E867CA490A9D0B4C.pem new file mode 100644 index 0000000..bad0fce --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/6802688CE3BB71C1E867CA490A9D0B4C.pem @@ -0,0 +1,59 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 68:02:68:8c:e3:bb:71:c1:e8:67:ca:49:0a:9d:0b:4c + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:14:53 2019 GMT + Not After : Jul 14 13:14:53 2022 GMT + Subject: CN=khorvath + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:10:d0:a2:68:66:ea:40:36:f3:9d:13:e2:bc:e7: + 87:92:d4:ca:f2:e6:13:a9:0b:d0:92:b7:a0:24:f0: + e4:ce:69:08:e4:e2:c0:66:e0:2a:2a:79:06:e3:d4: + 33:e8:6b:94:a7:fb:71:9a:e7:9a:a1:f9:1a:3b:28: + 3f:3b:0c:99:5f:2e:cf:17:98:60:10:16:22:c3:1f: + 7e:61:62:97:85:36:0a:0a:e9:26:0e:76:c3:88:b8: + 8e:e4:80:78:52:b5:9c + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 42:88:C3:F8:81:2A:78:1F:C8:3F:D2:7D:BA:E9:44:09:4A:36:3A:B1 + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:30:27:4e:d4:b0:5a:4b:af:6a:d6:a0:b7:ae:b4:57: + d1:dc:4e:77:9c:bf:06:c0:bd:3d:06:c3:90:7e:e4:7a:24:1e: + e9:a4:76:51:4b:2f:3d:8a:1c:6e:93:0d:de:b1:3c:63:02:31: + 00:fb:48:45:89:a8:e7:74:16:4a:1d:5e:a1:ad:b2:d3:34:9f: + 95:04:ed:92:1f:a8:ad:05:6f:81:ee:d0:8c:fc:9d:6c:e3:5d: + 5a:1b:e8:27:86:20:a0:e4:78:a2:4f:63:b3 +-----BEGIN CERTIFICATE----- +MIICDzCCAZWgAwIBAgIQaAJojOO7ccHoZ8pJCp0LTDAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNDUzWhcNMjIwNzE0 +MTMxNDUzWjATMREwDwYDVQQDDAhraG9ydmF0aDB2MBAGByqGSM49AgEGBSuBBAAi +A2IABBDQomhm6kA2850T4rznh5LUyvLmE6kL0JK3oCTw5M5pCOTiwGbgKip5BuPU +M+hrlKf7cZrnmqH5GjsoPzsMmV8uzxeYYBAWIsMffmFil4U2CgrpJg52w4i4juSA +eFK1nKOBpjCBozAJBgNVHRMEAjAAMB0GA1UdDgQWBBRCiMP4gSp4H8g/0n266UQJ +SjY6sTBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG +A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DATBgNV +HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZIzj0EAwIDaAAwZQIw +J07UsFpLr2rWoLeutFfR3E53nL8GwL09BsOQfuR6JB7ppHZRSy89ihxukw3esTxj +AjEA+0hFiajndBZKHV6hrbLTNJ+VBO2SH6itBW+B7tCM/J1s411aG+gnhiCg5Hii +T2Oz +-----END CERTIFICATE----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/6B9D83083D87CC880ADEBCCD3B5CEF4D.pem b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/6B9D83083D87CC880ADEBCCD3B5CEF4D.pem new file mode 100644 index 0000000..03034ec --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/6B9D83083D87CC880ADEBCCD3B5CEF4D.pem @@ -0,0 +1,59 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 6b:9d:83:08:3d:87:cc:88:0a:de:bc:cd:3b:5c:ef:4d + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:16:02 2019 GMT + Not After : Jul 14 13:16:02 2022 GMT + Subject: CN=zbartakovics + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:0f:68:0b:c6:8e:81:3c:ef:a7:cb:71:84:f3:84: + 12:e5:9c:28:13:15:e1:ab:bf:2f:92:3c:db:40:2c: + e5:f7:c9:61:94:d2:23:08:10:75:53:7a:ec:39:3c: + a1:9c:d3:73:0e:79:db:4c:15:94:77:11:a4:30:e2: + bc:73:fa:66:0e:17:90:e2:a3:4c:17:82:41:87:c2: + 94:8a:c3:28:47:40:76:76:59:c7:16:47:07:8b:ec: + dd:22:6c:3c:af:26:25 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 36:50:AD:4A:3A:69:D8:C0:00:F4:3C:7C:FF:B0:7D:E2:94:B9:7C:8A + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:64:02:30:7e:1a:02:39:9f:2d:c8:dd:5b:4a:2b:9a:2e:61: + 60:a5:e2:60:92:29:d4:7e:f2:32:5a:be:90:72:89:42:1a:74: + 74:72:c3:e8:32:0b:63:82:52:65:fa:2f:b3:13:4f:16:02:30: + 1e:a0:79:e7:55:d1:45:54:97:8d:a0:fb:50:ce:47:b0:1f:d0: + 78:47:21:dc:21:d1:7d:f4:1a:da:48:55:fc:43:ce:28:ae:b9: + 96:c0:72:2b:29:e4:61:b7:6b:9a:b2:92 +-----BEGIN CERTIFICATE----- +MIICEjCCAZmgAwIBAgIQa52DCD2HzIgK3rzNO1zvTTAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNjAyWhcNMjIwNzE0 +MTMxNjAyWjAXMRUwEwYDVQQDDAx6YmFydGFrb3ZpY3MwdjAQBgcqhkjOPQIBBgUr +gQQAIgNiAAQPaAvGjoE876fLcYTzhBLlnCgTFeGrvy+SPNtALOX3yWGU0iMIEHVT +euw5PKGc03MOedtMFZR3EaQw4rxz+mYOF5Dio0wXgkGHwpSKwyhHQHZ2WccWRweL +7N0ibDyvJiWjgaYwgaMwCQYDVR0TBAIwADAdBgNVHQ4EFgQUNlCtSjpp2MAA9Dx8 +/7B94pS5fIowVQYDVR0jBE4wTIAU2zdHopAimnwj+TFi6Mle0WVGGdahHqQcMBox +GDAWBgNVBAMMD1VTRVIgT3BlblZQTiBDQYIUFpM3siy07jymSvRE5W3KA5Sgaeww +EwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMCA2cA +MGQCMH4aAjmfLcjdW0ormi5hYKXiYJIp1H7yMlq+kHKJQhp0dHLD6DILY4JSZfov +sxNPFgIwHqB551XRRVSXjaD7UM5HsB/QeEch3CHRffQa2khV/EPOKK65lsByKynk +YbdrmrKS +-----END CERTIFICATE----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/6CECAC4AD54FBC03E472A59B0727AF32.pem b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/6CECAC4AD54FBC03E472A59B0727AF32.pem new file mode 100644 index 0000000..9b4e008 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/6CECAC4AD54FBC03E472A59B0727AF32.pem @@ -0,0 +1,58 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 6c:ec:ac:4a:d5:4f:bc:03:e4:72:a5:9b:07:27:af:32 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Oct 8 08:57:29 2019 GMT + Not After : Sep 22 08:57:29 2022 GMT + Subject: CN=bme + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:86:d3:5d:6e:be:3e:91:90:d7:a3:2c:d2:6a:2a: + 4f:bb:cd:52:4e:46:5b:1b:60:f0:cb:aa:5b:b4:88: + 71:f4:71:00:e4:b8:cb:74:ce:b8:9d:c1:fd:5c:69: + a7:28:66:21:43:11:4a:35:06:cb:1c:57:0b:37:9b: + f1:2f:78:2a:d2:1d:01:49:66:71:25:74:74:0e:be: + 93:75:40:6c:cb:0a:81:0e:23:7c:b7:f9:9b:e1:d0: + c4:d2:1c:6d:da:ca:f2 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + F9:F8:F4:23:C5:01:A0:4F:6A:66:BB:D9:A0:AB:2E:5A:4D:05:10:96 + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:64:02:30:1c:97:83:ea:9d:3f:9e:9b:99:26:1f:42:df:01: + b0:d5:33:0b:b5:40:9d:be:20:1c:c2:ef:ab:7e:1b:14:d6:72: + e2:43:19:6c:ec:2b:db:cf:ab:bf:21:27:2e:4f:0f:80:02:30: + 7e:e7:f7:c3:21:78:67:a5:71:7b:cb:45:cd:6f:8c:07:36:de: + fb:77:0a:08:f6:c7:3b:06:eb:f8:37:f0:2c:06:6b:c6:2a:95: + 0c:02:e4:87:34:ee:f9:af:93:27:b1:b5 +-----BEGIN CERTIFICATE----- +MIICCTCCAZCgAwIBAgIQbOysStVPvAPkcqWbByevMjAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkxMDA4MDg1NzI5WhcNMjIwOTIy +MDg1NzI5WjAOMQwwCgYDVQQDDANibWUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASG +011uvj6RkNejLNJqKk+7zVJORlsbYPDLqlu0iHH0cQDkuMt0zridwf1caacoZiFD +EUo1BsscVws3m/EveCrSHQFJZnEldHQOvpN1QGzLCoEOI3y3+Zvh0MTSHG3ayvKj +gaYwgaMwCQYDVR0TBAIwADAdBgNVHQ4EFgQU+fj0I8UBoE9qZrvZoKsuWk0FEJYw +VQYDVR0jBE4wTIAU2zdHopAimnwj+TFi6Mle0WVGGdahHqQcMBoxGDAWBgNVBAMM +D1VTRVIgT3BlblZQTiBDQYIUFpM3siy07jymSvRE5W3KA5SgaewwEwYDVR0lBAww +CgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMCA2cAMGQCMByXg+qd +P56bmSYfQt8BsNUzC7VAnb4gHMLvq34bFNZy4kMZbOwr28+rvyEnLk8PgAIwfuf3 +wyF4Z6Vxe8tFzW+MBzbe+3cKCPbHOwbr+DfwLAZrxiqVDALkhzTu+a+TJ7G1 +-----END CERTIFICATE----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/A174ECE4D95256FAD7AD431C5E3AE284.pem b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/A174ECE4D95256FAD7AD431C5E3AE284.pem new file mode 100644 index 0000000..a7ff700 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/A174ECE4D95256FAD7AD431C5E3AE284.pem @@ -0,0 +1,59 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + a1:74:ec:e4:d9:52:56:fa:d7:ad:43:1c:5e:3a:e2:84 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:13:36 2019 GMT + Not After : Jul 14 13:13:36 2022 GMT + Subject: CN=csgulyas + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:82:03:91:ad:e7:76:b7:8d:51:86:6d:cc:e3:15: + 91:6c:ac:31:e7:6d:e1:44:0d:c3:29:95:7c:5e:e1: + e8:37:aa:00:f6:47:74:18:e7:28:90:95:16:6c:08: + e2:9f:d7:24:55:46:22:1c:19:9f:06:4b:9b:8e:96: + 4b:5d:bb:c0:ad:35:5a:06:73:10:36:32:1d:89:e6: + b1:9e:f3:62:0d:8f:85:70:72:4c:48:4a:47:f0:fa: + eb:f6:7b:9c:7f:a8:7a + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 7E:44:12:28:E0:31:C6:7D:40:5A:E4:D5:86:5D:90:10:CC:14:12:33 + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:30:2c:e3:e6:64:cd:43:ae:4a:9c:d7:40:66:cb:b2: + 1e:90:c3:97:17:32:f8:df:62:fd:54:32:d3:85:ee:bb:71:5e: + 4a:e2:23:ea:a4:cb:75:3a:72:ac:ca:f6:1b:f5:6b:57:02:31: + 00:e7:0a:38:06:b4:97:17:2c:f3:76:cc:aa:1e:6e:8d:be:12: + 7e:0a:ef:d6:34:fa:42:37:e1:6d:d3:bb:1f:75:39:a3:c5:40: + 32:37:7e:ba:c1:18:d4:cb:1b:55:62:ad:1b +-----BEGIN CERTIFICATE----- +MIICEDCCAZagAwIBAgIRAKF07OTZUlb6161DHF464oQwCgYIKoZIzj0EAwIwGjEY +MBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDczMDEzMTMzNloXDTIyMDcx +NDEzMTMzNlowEzERMA8GA1UEAwwIY3NndWx5YXMwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAASCA5Gt53a3jVGGbczjFZFsrDHnbeFEDcMplXxe4eg3qgD2R3QY5yiQlRZs +COKf1yRVRiIcGZ8GS5uOlktdu8CtNVoGcxA2Mh2J5rGe82INj4VwckxISkfw+uv2 +e5x/qHqjgaYwgaMwCQYDVR0TBAIwADAdBgNVHQ4EFgQUfkQSKOAxxn1AWuTVhl2Q +EMwUEjMwVQYDVR0jBE4wTIAU2zdHopAimnwj+TFi6Mle0WVGGdahHqQcMBoxGDAW +BgNVBAMMD1VTRVIgT3BlblZQTiBDQYIUFpM3siy07jymSvRE5W3KA5SgaewwEwYD +VR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMCA2gAMGUC +MCzj5mTNQ65KnNdAZsuyHpDDlxcy+N9i/VQy04Xuu3FeSuIj6qTLdTpyrMr2G/Vr +VwIxAOcKOAa0lxcs83bMqh5ujb4Sfgrv1jT6QjfhbdO7H3U5o8VAMjd+usEY1Msb +VWKtGw== +-----END CERTIFICATE----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/AB517AC1C6BF8C355CA1EA625ACA6784.pem b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/AB517AC1C6BF8C355CA1EA625ACA6784.pem new file mode 100644 index 0000000..c9ce39b --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/AB517AC1C6BF8C355CA1EA625ACA6784.pem @@ -0,0 +1,61 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + ab:51:7a:c1:c6:bf:8c:35:5c:a1:ea:62:5a:ca:67:84 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:04:35 2019 GMT + Not After : Jul 14 13:04:35 2022 GMT + Subject: CN=server + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:b9:1f:ea:83:e0:6a:e3:49:dd:a8:f5:06:17:33: + 4c:44:73:ac:46:01:33:eb:88:a3:12:d6:0a:aa:3b: + ee:6f:d3:75:69:19:f6:82:12:9d:23:17:3a:b9:fe: + 66:61:26:4c:46:db:d2:f9:5a:fc:a8:82:58:22:a8: + b7:fc:cb:fd:cc:3d:f1:e8:c9:19:39:f1:f3:d0:fb: + 73:b0:9f:77:53:9c:ff:35:b5:b5:c6:8d:ee:eb:66: + 0b:d1:70:d5:bb:a4:66 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 81:F8:B0:C6:7B:70:D8:D6:C9:E1:9D:B2:67:8B:3B:D8:21:1B:9A:B2 + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Server Authentication + X509v3 Key Usage: + Digital Signature, Key Encipherment + X509v3 Subject Alternative Name: + DNS:server + Signature Algorithm: ecdsa-with-SHA256 + 30:66:02:31:00:88:cf:12:d6:9c:fd:43:24:58:63:13:27:f1: + 44:0a:62:b0:b2:1d:0f:28:3d:50:d0:be:f2:ea:5e:d6:23:27: + ac:42:b3:67:2c:d3:8d:7d:19:15:ce:4a:7f:5e:cb:67:94:02: + 31:00:8a:f3:c3:f9:ce:f2:35:3a:5a:21:55:1c:d1:ec:80:fa: + ad:ef:9b:d9:7d:5c:33:55:f3:71:9c:6d:eb:68:15:ba:45:43: + 23:1c:83:7a:21:36:a0:4c:24:73:44:14:ef:ea +-----BEGIN CERTIFICATE----- +MIICIjCCAaegAwIBAgIRAKtResHGv4w1XKHqYlrKZ4QwCgYIKoZIzj0EAwIwGjEY +MBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDczMDEzMDQzNVoXDTIyMDcx +NDEzMDQzNVowETEPMA0GA1UEAwwGc2VydmVyMHYwEAYHKoZIzj0CAQYFK4EEACID +YgAEuR/qg+Bq40ndqPUGFzNMRHOsRgEz64ijEtYKqjvub9N1aRn2ghKdIxc6uf5m +YSZMRtvS+Vr8qIJYIqi3/Mv9zD3x6MkZOfHz0PtzsJ93U5z/NbW1xo3u62YL0XDV +u6Rmo4G5MIG2MAkGA1UdEwQCMAAwHQYDVR0OBBYEFIH4sMZ7cNjWyeGdsmeLO9gh +G5qyMFUGA1UdIwROMEyAFNs3R6KQIpp8I/kxYujJXtFlRhnWoR6kHDAaMRgwFgYD +VQQDDA9VU0VSIE9wZW5WUE4gQ0GCFBaTN7IstO48pkr0ROVtygOUoGnsMBMGA1Ud +JQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIFoDARBgNVHREECjAIggZzZXJ2ZXIw +CgYIKoZIzj0EAwIDaQAwZgIxAIjPEtac/UMkWGMTJ/FECmKwsh0PKD1Q0L7y6l7W +IyesQrNnLNONfRkVzkp/XstnlAIxAIrzw/nO8jU6WiFVHNHsgPqt75vZfVwzVfNx +nG3raBW6RUMjHIN6ITagTCRzRBTv6g== +-----END CERTIFICATE----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/ACB649FDC2E3B81C542C661F0412E1B6.pem b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/ACB649FDC2E3B81C542C661F0412E1B6.pem new file mode 100644 index 0000000..4347633 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/ACB649FDC2E3B81C542C661F0412E1B6.pem @@ -0,0 +1,58 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + ac:b6:49:fd:c2:e3:b8:1c:54:2c:66:1f:04:12:e1:b6 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:16:25 2019 GMT + Not After : Jul 14 13:16:25 2022 GMT + Subject: CN=qqcs + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:4a:c3:a5:30:3e:35:30:99:34:68:48:48:08:05: + 96:c9:b4:40:cc:e5:09:81:e3:47:07:84:59:63:59: + f8:c5:92:7f:35:ba:68:1b:14:d2:f3:da:39:14:97: + e3:11:09:d8:4f:34:61:9d:b2:75:d6:73:ab:d9:eb: + ed:0e:e8:e5:7b:28:c6:9d:04:b1:ed:47:97:2b:d3: + 62:01:b3:83:e7:6c:c8:c7:11:82:f3:c8:c0:97:27: + 52:8d:54:da:42:98:fb + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 8B:85:13:8E:D2:D4:4D:3F:AE:DD:0D:38:D0:65:84:40:E9:2A:3F:02 + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:30:28:fe:ea:a7:50:e0:71:a6:51:36:4e:19:42:f7: + 01:c4:d0:fd:a2:66:f3:4c:28:15:81:51:9d:75:33:88:3e:6e: + 96:02:e4:67:be:26:cf:05:81:18:c3:e6:96:7f:73:2a:02:31: + 00:fc:ea:f1:0c:28:55:3b:9e:d1:5f:46:c7:41:0f:da:48:c5: + a6:35:45:19:07:f1:ad:59:2a:ae:0b:60:c6:f3:7d:a8:af:4f: + 71:50:5d:bb:fb:a7:55:7c:6c:b2:ce:12:c4 +-----BEGIN CERTIFICATE----- +MIICDDCCAZKgAwIBAgIRAKy2Sf3C47gcVCxmHwQS4bYwCgYIKoZIzj0EAwIwGjEY +MBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDczMDEzMTYyNVoXDTIyMDcx +NDEzMTYyNVowDzENMAsGA1UEAwwEcXFjczB2MBAGByqGSM49AgEGBSuBBAAiA2IA +BErDpTA+NTCZNGhISAgFlsm0QMzlCYHjRweEWWNZ+MWSfzW6aBsU0vPaORSX4xEJ +2E80YZ2yddZzq9nr7Q7o5Xsoxp0Ese1HlyvTYgGzg+dsyMcRgvPIwJcnUo1U2kKY ++6OBpjCBozAJBgNVHRMEAjAAMB0GA1UdDgQWBBSLhROO0tRNP67dDTjQZYRA6So/ +AjBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYGA1UE +AwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DATBgNVHSUE +DDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZIzj0EAwIDaAAwZQIwKP7q +p1DgcaZRNk4ZQvcBxND9ombzTCgVgVGddTOIPm6WAuRnvibPBYEYw+aWf3MqAjEA +/OrxDChVO57RX0bHQQ/aSMWmNUUZB/GtWSquC2DG832or09xUF27+6dVfGyyzhLE +-----END CERTIFICATE----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/B563FF7CFF8723F8FD6CCD82851FFA31.pem b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/B563FF7CFF8723F8FD6CCD82851FFA31.pem new file mode 100644 index 0000000..b2c45f3 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/B563FF7CFF8723F8FD6CCD82851FFA31.pem @@ -0,0 +1,59 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b5:63:ff:7c:ff:87:23:f8:fd:6c:cd:82:85:1f:fa:31 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Mar 26 10:41:42 2020 GMT + Not After : Mar 11 10:41:42 2023 GMT + Subject: CN=thering + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:18:e6:74:25:a4:09:6a:83:9f:bc:71:e8:8e:c1: + 44:73:6c:60:17:3a:29:a4:11:40:94:9d:ad:aa:f4: + 37:03:cc:83:a7:28:5b:58:c8:0b:40:bf:ec:c8:83: + 6e:41:db:56:24:37:56:7f:ba:25:57:09:76:82:27: + 45:93:e9:65:25:aa:55:f1:cb:48:d8:8b:d2:65:dc: + 8e:51:71:e8:60:d1:2e:88:34:f4:d1:f3:c2:81:3a: + 36:9a:9c:08:7f:ac:c7 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + DE:BA:42:67:DA:26:9A:79:0C:E4:D7:AB:BA:DA:0A:02:71:D0:48:FE + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:31:00:87:c1:1b:d1:15:d9:85:62:f9:58:ff:0b:30: + a0:3b:c7:31:ca:46:0c:71:0c:55:9d:83:a3:a9:32:93:94:7a: + 6b:b4:54:e2:a3:e6:be:de:aa:29:bc:77:a7:9e:1b:cc:6f:02: + 30:66:a5:9a:15:42:7f:e4:ad:00:be:0b:73:70:20:1b:c1:65: + 40:15:22:28:51:8a:d1:7a:06:3a:50:2c:d2:56:0d:48:2c:7a: + f4:b1:63:3e:ac:7f:01:c8:ac:bc:04:ce:b9 +-----BEGIN CERTIFICATE----- +MIICDzCCAZWgAwIBAgIRALVj/3z/hyP4/WzNgoUf+jEwCgYIKoZIzj0EAwIwGjEY +MBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTIwMDMyNjEwNDE0MloXDTIzMDMx +MTEwNDE0MlowEjEQMA4GA1UEAwwHdGhlcmluZzB2MBAGByqGSM49AgEGBSuBBAAi +A2IABBjmdCWkCWqDn7xx6I7BRHNsYBc6KaQRQJSdrar0NwPMg6coW1jIC0C/7MiD +bkHbViQ3Vn+6JVcJdoInRZPpZSWqVfHLSNiL0mXcjlFx6GDRLog09NHzwoE6Npqc +CH+sx6OBpjCBozAJBgNVHRMEAjAAMB0GA1UdDgQWBBTeukJn2iaaeQzk16u62goC +cdBI/jBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG +A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DATBgNV +HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZIzj0EAwIDaAAwZQIx +AIfBG9EV2YVi+Vj/CzCgO8cxykYMcQxVnYOjqTKTlHprtFTio+a+3qopvHennhvM +bwIwZqWaFUJ/5K0AvgtzcCAbwWVAFSIoUYrRegY6UCzSVg1ILHr0sWM+rH8ByKy8 +BM65 +-----END CERTIFICATE----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/EE4378CD167FA57CD510B8711F5E504E.pem b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/EE4378CD167FA57CD510B8711F5E504E.pem new file mode 100644 index 0000000..eecb944 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/EE4378CD167FA57CD510B8711F5E504E.pem @@ -0,0 +1,59 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + ee:43:78:cd:16:7f:a5:7c:d5:10:b8:71:1f:5e:50:4e + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Aug 2 08:47:52 2019 GMT + Not After : Jul 17 08:47:52 2022 GMT + Subject: CN=dhorvath + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:c2:77:2a:57:01:7b:d9:0b:e0:e0:69:7e:2a:df: + 05:b8:91:4e:50:51:e9:52:bd:a5:fa:01:ad:62:0a: + 69:10:82:6f:aa:84:64:33:71:d9:96:ca:9c:05:ce: + d9:13:99:b0:d9:d5:4d:d9:1a:43:8c:41:d5:e7:0a: + ae:92:6c:f6:7f:bf:73:b6:ff:bd:a4:bb:fc:d9:0c: + 36:0d:e2:f4:78:24:bb:cd:ac:e9:04:d6:9c:a5:2b: + ce:d7:0e:85:85:10:f1 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + D7:31:77:61:74:16:36:31:0A:BF:D2:E5:EA:44:1E:FD:CE:E3:7E:26 + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:66:02:31:00:cc:88:44:5d:a2:1b:e2:d5:1f:f6:17:f7:4f: + fe:11:b1:6a:e7:9b:cd:bb:35:21:90:9d:a5:07:e8:34:1c:b4: + 29:b6:a1:ff:d1:d9:d3:60:a1:04:ed:47:17:d5:81:53:bf:02: + 31:00:db:af:26:de:3e:0a:b9:2b:e7:43:a0:34:10:96:fb:7c: + 25:4a:dd:e6:82:bc:5a:f0:f9:ea:cc:10:3f:2f:18:09:eb:32: + f3:83:d4:49:b1:7b:30:d4:d0:3f:9c:00:75:7b +-----BEGIN CERTIFICATE----- +MIICETCCAZagAwIBAgIRAO5DeM0Wf6V81RC4cR9eUE4wCgYIKoZIzj0EAwIwGjEY +MBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDgwMjA4NDc1MloXDTIyMDcx +NzA4NDc1MlowEzERMA8GA1UEAwwIZGhvcnZhdGgwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAATCdypXAXvZC+DgaX4q3wW4kU5QUelSvaX6Aa1iCmkQgm+qhGQzcdmWypwF +ztkTmbDZ1U3ZGkOMQdXnCq6SbPZ/v3O2/72ku/zZDDYN4vR4JLvNrOkE1pylK87X +DoWFEPGjgaYwgaMwCQYDVR0TBAIwADAdBgNVHQ4EFgQU1zF3YXQWNjEKv9Ll6kQe +/c7jfiYwVQYDVR0jBE4wTIAU2zdHopAimnwj+TFi6Mle0WVGGdahHqQcMBoxGDAW +BgNVBAMMD1VTRVIgT3BlblZQTiBDQYIUFpM3siy07jymSvRE5W3KA5SgaewwEwYD +VR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMCA2kAMGYC +MQDMiERdohvi1R/2F/dP/hGxauebzbs1IZCdpQfoNBy0Kbah/9HZ02ChBO1HF9WB +U78CMQDbrybePgq5K+dDoDQQlvt8JUrd5oK8WvD56swQPy8YCesy84PUSbF7MNTQ +P5wAdXs= +-----END CERTIFICATE----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/F60186D64B853A3DD9F8799FB817C301.pem b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/F60186D64B853A3DD9F8799FB817C301.pem new file mode 100644 index 0000000..02ca332 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/F60186D64B853A3DD9F8799FB817C301.pem @@ -0,0 +1,59 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + f6:01:86:d6:4b:85:3a:3d:d9:f8:79:9f:b8:17:c3:01 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:15:29 2019 GMT + Not After : Jul 14 13:15:29 2022 GMT + Subject: CN=rrendek + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:ea:c4:ab:e1:24:42:91:06:17:73:d6:d9:87:17: + 29:a8:05:73:be:5a:54:38:3e:c9:dd:78:55:ca:e2: + 27:e6:44:1a:22:5b:3a:15:68:61:bf:ae:ce:05:a5: + c9:98:f7:a3:ff:0e:b9:db:8e:fc:15:ac:76:41:c8: + 6e:de:85:38:cb:1f:b1:98:41:df:4e:18:62:24:04: + 95:5a:16:6b:0b:fd:13:e3:26:8b:76:d3:9a:54:6c: + 9b:19:3c:55:de:d0:2e + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + D5:73:9E:FA:32:4C:D8:2A:E0:33:CF:15:F6:C0:D5:E9:56:5A:D0:EE + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:30:49:21:38:44:26:a9:96:15:98:29:c4:4f:04:25: + be:35:90:bc:44:00:60:0d:6a:f7:f8:d4:ed:58:ea:28:45:f2: + 99:33:d1:e3:2e:82:4e:04:bb:e5:27:10:ea:64:b8:83:02:31: + 00:c3:59:fe:dc:8a:a1:e4:d1:30:09:51:2a:d8:d2:76:af:dc: + 28:b2:d3:0d:ad:f3:19:91:b5:92:e6:8b:b4:77:d8:c3:87:f8: + 7b:39:94:ab:f2:c0:06:c1:c4:43:b8:0e:16 +-----BEGIN CERTIFICATE----- +MIICDzCCAZWgAwIBAgIRAPYBhtZLhTo92fh5n7gXwwEwCgYIKoZIzj0EAwIwGjEY +MBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDczMDEzMTUyOVoXDTIyMDcx +NDEzMTUyOVowEjEQMA4GA1UEAwwHcnJlbmRlazB2MBAGByqGSM49AgEGBSuBBAAi +A2IABOrEq+EkQpEGF3PW2YcXKagFc75aVDg+yd14VcriJ+ZEGiJbOhVoYb+uzgWl +yZj3o/8OuduO/BWsdkHIbt6FOMsfsZhB304YYiQElVoWawv9E+Mmi3bTmlRsmxk8 +Vd7QLqOBpjCBozAJBgNVHRMEAjAAMB0GA1UdDgQWBBTVc576MkzYKuAzzxX2wNXp +VlrQ7jBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG +A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DATBgNV +HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZIzj0EAwIDaAAwZQIw +SSE4RCaplhWYKcRPBCW+NZC8RABgDWr3+NTtWOooRfKZM9HjLoJOBLvlJxDqZLiD +AjEAw1n+3Iqh5NEwCVEq2NJ2r9wostMNrfMZkbWS5ou0d9jDh/h7OZSr8sAGwcRD +uA4W +-----END CERTIFICATE----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/crl.pem b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/crl.pem new file mode 100644 index 0000000..799d942 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/crl.pem @@ -0,0 +1,8 @@ +-----BEGIN X509 CRL----- +MIIBHDCBpAIBATAKBggqhkjOPQQDAjAaMRgwFgYDVQQDDA9VU0VSIE9wZW5WUE4g +Q0EXDTIwMDEyNzEyMDkyMFoXDTIwMDcyNTEyMDkyMFqgWTBXMFUGA1UdIwROMEyA +FNs3R6KQIpp8I/kxYujJXtFlRhnWoR6kHDAaMRgwFgYDVQQDDA9VU0VSIE9wZW5W +UE4gQ0GCFBaTN7IstO48pkr0ROVtygOUoGnsMAoGCCqGSM49BAMCA2cAMGQCMCSK +OFDvc+LfpeUGXWamFRsZGpS5GSsTZ1qqs4FfG3S2BfgxopiepNJOPh8bwzXDMgIw +a2cSXw5zpYIk16o/VodiF8zu6WymAkhKQ5EU5k2r3G2ELzMzjp3iltON6ffVYkre +-----END X509 CRL----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/dh.pem b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/dh.pem new file mode 100644 index 0000000..b6de0f5 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/dh.pem @@ -0,0 +1,8 @@ +-----BEGIN DH PARAMETERS----- +MIIBCAKCAQEAhdskhioTTeqbN4UtIAU05EVawl1yG3q6P+xy5WzWnKZSe8y2/4uv +SVs1IbubGWk4Xqvlz4TOnYi9nNYIL5rA9Ov7YXs5JCYDjLV4nZWB9CQZs1vy8/GZ +j6zvfblvWqH7vjWcrPsSaCse0n1+UKcGNC7tYOOJZf7MbvhKonvC+vldBgWkgHkJ +vfJTkhjjXKnf7p3zKBfTPyyXqmKC7A+rtkT96L4y2FsU1t9+6eurj6zfzWalhyRF +YrKnKENpHVHtAMs4/Wcbo9wQPHHWAvQDLoq1uUyjU2BlYSirxdeJwSFPI29nOPeN +SMJ1fgI6Dwq9yU88UzGoH1klOjv8PzRyQwIBAg== +-----END DH PARAMETERS----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/ecparams/secp384r1.pem b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/ecparams/secp384r1.pem new file mode 100644 index 0000000..ceed209 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/ecparams/secp384r1.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgUrgQQAIg== +-----END EC PARAMETERS----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/extensions.temp b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/extensions.temp new file mode 100644 index 0000000..5680ec9 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/extensions.temp @@ -0,0 +1,15 @@ +# X509 extensions added to every signed cert + +# This file is included for every cert signed, and by default does nothing. +# It could be used to add values every cert should have, such as a CDP as +# demonstrated in the following example: + +#crlDistributionPoints = URI:http://example.net/pki/my_ca.crl +# X509 extensions for a client + +basicConstraints = CA:FALSE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer:always +extendedKeyUsage = clientAuth +keyUsage = digitalSignature + diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/index.txt b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/index.txt new file mode 100644 index 0000000..f539f27 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/index.txt @@ -0,0 +1,22 @@ +V 220714130435Z AB517AC1C6BF8C355CA1EA625ACA6784 unknown /CN=server +V 220714131251Z 26846A96D0DB00703B7DC8AAD60A5B07 unknown /CN=akosztolanyi +V 220714131311Z 29F1F8311793D758D5AD0ECEA7267033 unknown /CN=azsamboki +V 220714131322Z 466EF08C89776434622CEABEE1DF9368 unknown /CN=bcsoka +V 220714131336Z A174ECE4D95256FAD7AD431C5E3AE284 unknown /CN=csgulyas +V 220714131349Z 12232170B0F9E3C1FE60D86EEC973512 unknown /CN=cslevai +V 220714131404Z 075BCC380AA760E433EADC635FDA65BB unknown /CN=dvasary +V 220714131415Z 3206AF0B00A2DD98266113A2F8C5F8E7 unknown /CN=fritter +V 220714131427Z 62DE031122C64B00AC33D5E58A250FFF unknown /CN=fschnell +V 220714131438Z 469E0BAA82D007B19DFCC487C56C9E80 unknown /CN=ifabian +V 220714131453Z 6802688CE3BB71C1E867CA490A9D0B4C unknown /CN=khorvath +V 220714131502Z 394BDD541C1082EAC5CD4D9DFEB6D4D3 unknown /CN=kkele +V 220714131516Z 237BC768F37B5C8E1763B5673ED3101C unknown /CN=mszabo +V 220714131529Z F60186D64B853A3DD9F8799FB817C301 unknown /CN=rrendek +V 220714131551Z 4BDF84B37B17CEE109879B67054B2791 unknown /CN=tsuhajda +V 220714131602Z 6B9D83083D87CC880ADEBCCD3B5CEF4D unknown /CN=zbartakovics +V 220714131617Z 3413803E217F3BDD0AAFD5CB0D174B3C unknown /CN=zfelleg +V 220714131625Z ACB649FDC2E3B81C542C661F0412E1B6 unknown /CN=qqcs +V 220717084752Z EE4378CD167FA57CD510B8711F5E504E unknown /CN=dhorvath +V 220922085729Z 6CECAC4AD54FBC03E472A59B0727AF32 unknown /CN=bme +V 230311104127Z 585AA97D7CCAB52C4957BBBF91374261 unknown /CN=kkancz +V 230311104142Z B563FF7CFF8723F8FD6CCD82851FFA31 unknown /CN=thering diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/index.txt.attr b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/index.txt.attr new file mode 100644 index 0000000..3a7e39e --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/index.txt.attr @@ -0,0 +1 @@ +unique_subject = no diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/index.txt.attr.old b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/index.txt.attr.old new file mode 100644 index 0000000..3a7e39e --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/index.txt.attr.old @@ -0,0 +1 @@ +unique_subject = no diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/index.txt.old b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/index.txt.old new file mode 100644 index 0000000..600b4e3 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/index.txt.old @@ -0,0 +1,21 @@ +V 220714130435Z AB517AC1C6BF8C355CA1EA625ACA6784 unknown /CN=server +V 220714131251Z 26846A96D0DB00703B7DC8AAD60A5B07 unknown /CN=akosztolanyi +V 220714131311Z 29F1F8311793D758D5AD0ECEA7267033 unknown /CN=azsamboki +V 220714131322Z 466EF08C89776434622CEABEE1DF9368 unknown /CN=bcsoka +V 220714131336Z A174ECE4D95256FAD7AD431C5E3AE284 unknown /CN=csgulyas +V 220714131349Z 12232170B0F9E3C1FE60D86EEC973512 unknown /CN=cslevai +V 220714131404Z 075BCC380AA760E433EADC635FDA65BB unknown /CN=dvasary +V 220714131415Z 3206AF0B00A2DD98266113A2F8C5F8E7 unknown /CN=fritter +V 220714131427Z 62DE031122C64B00AC33D5E58A250FFF unknown /CN=fschnell +V 220714131438Z 469E0BAA82D007B19DFCC487C56C9E80 unknown /CN=ifabian +V 220714131453Z 6802688CE3BB71C1E867CA490A9D0B4C unknown /CN=khorvath +V 220714131502Z 394BDD541C1082EAC5CD4D9DFEB6D4D3 unknown /CN=kkele +V 220714131516Z 237BC768F37B5C8E1763B5673ED3101C unknown /CN=mszabo +V 220714131529Z F60186D64B853A3DD9F8799FB817C301 unknown /CN=rrendek +V 220714131551Z 4BDF84B37B17CEE109879B67054B2791 unknown /CN=tsuhajda +V 220714131602Z 6B9D83083D87CC880ADEBCCD3B5CEF4D unknown /CN=zbartakovics +V 220714131617Z 3413803E217F3BDD0AAFD5CB0D174B3C unknown /CN=zfelleg +V 220714131625Z ACB649FDC2E3B81C542C661F0412E1B6 unknown /CN=qqcs +V 220717084752Z EE4378CD167FA57CD510B8711F5E504E unknown /CN=dhorvath +V 220922085729Z 6CECAC4AD54FBC03E472A59B0727AF32 unknown /CN=bme +V 230311104127Z 585AA97D7CCAB52C4957BBBF91374261 unknown /CN=kkancz diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/akosztolanyi.crt b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/akosztolanyi.crt new file mode 100644 index 0000000..8dac23a --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/akosztolanyi.crt @@ -0,0 +1,59 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 26:84:6a:96:d0:db:00:70:3b:7d:c8:aa:d6:0a:5b:07 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:12:51 2019 GMT + Not After : Jul 14 13:12:51 2022 GMT + Subject: CN=akosztolanyi + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:97:d4:89:82:0c:1b:ad:c4:4b:dd:4c:19:a5:f5: + d8:3c:42:9d:d2:b0:0d:9e:6c:a6:a8:62:9a:bf:fd: + 78:9d:76:f4:02:ad:51:9f:97:12:59:bc:c1:a3:a0: + 17:35:76:2f:74:ea:b9:d3:72:4b:35:94:40:f3:7e: + b5:1c:af:51:d1:b4:d3:7a:69:3d:7f:1e:51:97:fe: + e3:4a:ec:01:c6:e9:89:e9:8e:b7:94:a3:72:12:6e: + 66:c5:a2:de:ad:27:e2 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + E9:6C:48:68:A1:BA:B9:7D:A3:9C:BF:89:F3:87:51:9B:B1:6C:9B:16 + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:30:6c:e9:e9:01:19:c4:53:40:ff:e6:bb:36:1f:51: + cd:1f:40:88:1d:e2:b3:8d:61:48:5d:ec:de:f8:20:c1:21:b1: + 38:5e:0b:c3:f7:ae:9c:41:38:36:73:a0:06:b6:a4:55:02:31: + 00:cc:50:fa:3f:7a:6c:6b:90:bf:6a:c6:af:1e:94:88:b7:90: + 5d:b7:27:cf:b3:28:bc:ee:31:99:f0:9b:87:48:06:d2:6d:24: + f0:d1:ad:be:94:b8:22:64:63:0f:d0:2d:85 +-----BEGIN CERTIFICATE----- +MIICEzCCAZmgAwIBAgIQJoRqltDbAHA7fciq1gpbBzAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxMjUxWhcNMjIwNzE0 +MTMxMjUxWjAXMRUwEwYDVQQDDAxha29zenRvbGFueWkwdjAQBgcqhkjOPQIBBgUr +gQQAIgNiAASX1ImCDButxEvdTBml9dg8Qp3SsA2ebKaoYpq//XiddvQCrVGflxJZ +vMGjoBc1di906rnTcks1lEDzfrUcr1HRtNN6aT1/HlGX/uNK7AHG6YnpjreUo3IS +bmbFot6tJ+KjgaYwgaMwCQYDVR0TBAIwADAdBgNVHQ4EFgQU6WxIaKG6uX2jnL+J +84dRm7FsmxYwVQYDVR0jBE4wTIAU2zdHopAimnwj+TFi6Mle0WVGGdahHqQcMBox +GDAWBgNVBAMMD1VTRVIgT3BlblZQTiBDQYIUFpM3siy07jymSvRE5W3KA5Sgaeww +EwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMCA2gA +MGUCMGzp6QEZxFNA/+a7Nh9RzR9AiB3is41hSF3s3vggwSGxOF4Lw/eunEE4NnOg +BrakVQIxAMxQ+j96bGuQv2rGrx6UiLeQXbcnz7MovO4xmfCbh0gG0m0k8NGtvpS4 +ImRjD9AthQ== +-----END CERTIFICATE----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/azsamboki.crt b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/azsamboki.crt new file mode 100644 index 0000000..578369e --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/azsamboki.crt @@ -0,0 +1,59 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 29:f1:f8:31:17:93:d7:58:d5:ad:0e:ce:a7:26:70:33 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:13:11 2019 GMT + Not After : Jul 14 13:13:11 2022 GMT + Subject: CN=azsamboki + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:34:0d:f3:0e:e6:05:69:f3:24:7d:ef:19:0c:ce: + 04:bd:24:34:e3:8c:e5:2b:7e:3f:70:39:55:9b:2e: + 73:fa:c6:4e:44:42:95:69:82:13:85:98:63:5a:25: + dc:1c:b2:32:9c:97:01:b5:fb:c4:dd:59:05:8a:ab: + b6:c1:b2:13:03:0a:e3:8b:e7:ea:62:c1:71:1b:4f: + 20:74:9c:0b:df:46:56:6c:03:d5:8c:d8:4c:02:e9: + 6e:62:3a:1f:b3:0e:ba + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 19:A1:EF:03:DB:DF:4F:40:2A:FD:35:E0:C9:ED:DD:75:47:2F:32:1B + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:31:00:d2:08:c6:1b:75:81:72:2e:c6:46:cd:47:11: + 2e:7c:3e:ba:e2:75:1c:8c:48:e1:4f:ac:61:5b:07:26:97:cc: + 0a:38:7f:0d:e4:63:35:c6:a5:8e:39:f3:4c:18:79:6d:0a:02: + 30:54:57:e5:dd:49:2b:8e:3e:89:ef:87:2f:d4:f4:ef:a3:95: + 2d:f5:87:5a:3a:1f:93:58:7d:c5:fe:9a:45:f1:8f:d1:44:13: + 30:b0:07:c0:b6:80:35:3f:b8:a8:96:c7:8c +-----BEGIN CERTIFICATE----- +MIICEDCCAZagAwIBAgIQKfH4MReT11jVrQ7OpyZwMzAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxMzExWhcNMjIwNzE0 +MTMxMzExWjAUMRIwEAYDVQQDDAlhenNhbWJva2kwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAAQ0DfMO5gVp8yR97xkMzgS9JDTjjOUrfj9wOVWbLnP6xk5EQpVpghOFmGNa +JdwcsjKclwG1+8TdWQWKq7bBshMDCuOL5+piwXEbTyB0nAvfRlZsA9WM2EwC6W5i +Oh+zDrqjgaYwgaMwCQYDVR0TBAIwADAdBgNVHQ4EFgQUGaHvA9vfT0Aq/TXgye3d +dUcvMhswVQYDVR0jBE4wTIAU2zdHopAimnwj+TFi6Mle0WVGGdahHqQcMBoxGDAW +BgNVBAMMD1VTRVIgT3BlblZQTiBDQYIUFpM3siy07jymSvRE5W3KA5SgaewwEwYD +VR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMCA2gAMGUC +MQDSCMYbdYFyLsZGzUcRLnw+uuJ1HIxI4U+sYVsHJpfMCjh/DeRjNcaljjnzTBh5 +bQoCMFRX5d1JK44+ie+HL9T076OVLfWHWjofk1h9xf6aRfGP0UQTMLAHwLaANT+4 +qJbHjA== +-----END CERTIFICATE----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/bcsoka.crt b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/bcsoka.crt new file mode 100644 index 0000000..fc0d1c4 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/bcsoka.crt @@ -0,0 +1,59 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 46:6e:f0:8c:89:77:64:34:62:2c:ea:be:e1:df:93:68 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:13:22 2019 GMT + Not After : Jul 14 13:13:22 2022 GMT + Subject: CN=bcsoka + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:a7:95:bf:6c:8e:0f:34:9c:ca:14:8b:33:4d:80: + 55:98:1e:10:c3:e9:84:7f:72:4d:f2:61:68:70:59: + c7:6f:6d:02:c4:22:cf:58:80:e7:35:18:6e:ee:11: + fe:29:01:c3:ea:79:85:83:e6:0c:6f:c5:d8:7f:9f: + d5:55:27:7b:a8:17:14:2d:94:e5:c4:a4:9f:ac:b8: + 38:02:c0:41:5a:1a:8a:63:e5:c3:52:27:62:57:0b: + 14:6b:36:cc:8e:51:3f + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 5A:57:D9:73:6A:27:49:66:7D:18:9E:2A:96:1F:4C:49:7E:AD:9C:15 + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:30:2b:52:16:40:fb:43:11:6a:9a:45:62:58:5b:f5: + 19:34:3f:32:fe:f7:d0:82:4a:32:98:61:0f:22:22:99:9a:16: + b3:94:79:46:fe:a2:7a:9c:9a:86:a6:31:4e:72:f4:54:02:31: + 00:94:2c:a6:21:e6:78:73:3e:d9:93:89:c6:72:72:8e:1d:17: + 87:07:27:22:2c:5d:2c:00:f1:38:1f:17:fb:0e:c1:c9:52:80: + 52:ba:1c:79:93:69:c1:59:0e:f0:a0:cd:76 +-----BEGIN CERTIFICATE----- +MIICDTCCAZOgAwIBAgIQRm7wjIl3ZDRiLOq+4d+TaDAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxMzIyWhcNMjIwNzE0 +MTMxMzIyWjARMQ8wDQYDVQQDDAZiY3Nva2EwdjAQBgcqhkjOPQIBBgUrgQQAIgNi +AASnlb9sjg80nMoUizNNgFWYHhDD6YR/ck3yYWhwWcdvbQLEIs9YgOc1GG7uEf4p +AcPqeYWD5gxvxdh/n9VVJ3uoFxQtlOXEpJ+suDgCwEFaGopj5cNSJ2JXCxRrNsyO +UT+jgaYwgaMwCQYDVR0TBAIwADAdBgNVHQ4EFgQUWlfZc2onSWZ9GJ4qlh9MSX6t +nBUwVQYDVR0jBE4wTIAU2zdHopAimnwj+TFi6Mle0WVGGdahHqQcMBoxGDAWBgNV +BAMMD1VTRVIgT3BlblZQTiBDQYIUFpM3siy07jymSvRE5W3KA5SgaewwEwYDVR0l +BAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMCA2gAMGUCMCtS +FkD7QxFqmkViWFv1GTQ/Mv730IJKMphhDyIimZoWs5R5Rv6iepyahqYxTnL0VAIx +AJQspiHmeHM+2ZOJxnJyjh0XhwcnIixdLADxOB8X+w7ByVKAUroceZNpwVkO8KDN +dg== +-----END CERTIFICATE----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/bme.crt b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/bme.crt new file mode 100644 index 0000000..9b4e008 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/bme.crt @@ -0,0 +1,58 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 6c:ec:ac:4a:d5:4f:bc:03:e4:72:a5:9b:07:27:af:32 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Oct 8 08:57:29 2019 GMT + Not After : Sep 22 08:57:29 2022 GMT + Subject: CN=bme + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:86:d3:5d:6e:be:3e:91:90:d7:a3:2c:d2:6a:2a: + 4f:bb:cd:52:4e:46:5b:1b:60:f0:cb:aa:5b:b4:88: + 71:f4:71:00:e4:b8:cb:74:ce:b8:9d:c1:fd:5c:69: + a7:28:66:21:43:11:4a:35:06:cb:1c:57:0b:37:9b: + f1:2f:78:2a:d2:1d:01:49:66:71:25:74:74:0e:be: + 93:75:40:6c:cb:0a:81:0e:23:7c:b7:f9:9b:e1:d0: + c4:d2:1c:6d:da:ca:f2 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + F9:F8:F4:23:C5:01:A0:4F:6A:66:BB:D9:A0:AB:2E:5A:4D:05:10:96 + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:64:02:30:1c:97:83:ea:9d:3f:9e:9b:99:26:1f:42:df:01: + b0:d5:33:0b:b5:40:9d:be:20:1c:c2:ef:ab:7e:1b:14:d6:72: + e2:43:19:6c:ec:2b:db:cf:ab:bf:21:27:2e:4f:0f:80:02:30: + 7e:e7:f7:c3:21:78:67:a5:71:7b:cb:45:cd:6f:8c:07:36:de: + fb:77:0a:08:f6:c7:3b:06:eb:f8:37:f0:2c:06:6b:c6:2a:95: + 0c:02:e4:87:34:ee:f9:af:93:27:b1:b5 +-----BEGIN CERTIFICATE----- +MIICCTCCAZCgAwIBAgIQbOysStVPvAPkcqWbByevMjAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkxMDA4MDg1NzI5WhcNMjIwOTIy +MDg1NzI5WjAOMQwwCgYDVQQDDANibWUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASG +011uvj6RkNejLNJqKk+7zVJORlsbYPDLqlu0iHH0cQDkuMt0zridwf1caacoZiFD +EUo1BsscVws3m/EveCrSHQFJZnEldHQOvpN1QGzLCoEOI3y3+Zvh0MTSHG3ayvKj +gaYwgaMwCQYDVR0TBAIwADAdBgNVHQ4EFgQU+fj0I8UBoE9qZrvZoKsuWk0FEJYw +VQYDVR0jBE4wTIAU2zdHopAimnwj+TFi6Mle0WVGGdahHqQcMBoxGDAWBgNVBAMM +D1VTRVIgT3BlblZQTiBDQYIUFpM3siy07jymSvRE5W3KA5SgaewwEwYDVR0lBAww +CgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMCA2cAMGQCMByXg+qd +P56bmSYfQt8BsNUzC7VAnb4gHMLvq34bFNZy4kMZbOwr28+rvyEnLk8PgAIwfuf3 +wyF4Z6Vxe8tFzW+MBzbe+3cKCPbHOwbr+DfwLAZrxiqVDALkhzTu+a+TJ7G1 +-----END CERTIFICATE----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/csgulyas.crt b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/csgulyas.crt new file mode 100644 index 0000000..a7ff700 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/csgulyas.crt @@ -0,0 +1,59 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + a1:74:ec:e4:d9:52:56:fa:d7:ad:43:1c:5e:3a:e2:84 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:13:36 2019 GMT + Not After : Jul 14 13:13:36 2022 GMT + Subject: CN=csgulyas + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:82:03:91:ad:e7:76:b7:8d:51:86:6d:cc:e3:15: + 91:6c:ac:31:e7:6d:e1:44:0d:c3:29:95:7c:5e:e1: + e8:37:aa:00:f6:47:74:18:e7:28:90:95:16:6c:08: + e2:9f:d7:24:55:46:22:1c:19:9f:06:4b:9b:8e:96: + 4b:5d:bb:c0:ad:35:5a:06:73:10:36:32:1d:89:e6: + b1:9e:f3:62:0d:8f:85:70:72:4c:48:4a:47:f0:fa: + eb:f6:7b:9c:7f:a8:7a + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 7E:44:12:28:E0:31:C6:7D:40:5A:E4:D5:86:5D:90:10:CC:14:12:33 + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:30:2c:e3:e6:64:cd:43:ae:4a:9c:d7:40:66:cb:b2: + 1e:90:c3:97:17:32:f8:df:62:fd:54:32:d3:85:ee:bb:71:5e: + 4a:e2:23:ea:a4:cb:75:3a:72:ac:ca:f6:1b:f5:6b:57:02:31: + 00:e7:0a:38:06:b4:97:17:2c:f3:76:cc:aa:1e:6e:8d:be:12: + 7e:0a:ef:d6:34:fa:42:37:e1:6d:d3:bb:1f:75:39:a3:c5:40: + 32:37:7e:ba:c1:18:d4:cb:1b:55:62:ad:1b +-----BEGIN CERTIFICATE----- +MIICEDCCAZagAwIBAgIRAKF07OTZUlb6161DHF464oQwCgYIKoZIzj0EAwIwGjEY +MBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDczMDEzMTMzNloXDTIyMDcx +NDEzMTMzNlowEzERMA8GA1UEAwwIY3NndWx5YXMwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAASCA5Gt53a3jVGGbczjFZFsrDHnbeFEDcMplXxe4eg3qgD2R3QY5yiQlRZs +COKf1yRVRiIcGZ8GS5uOlktdu8CtNVoGcxA2Mh2J5rGe82INj4VwckxISkfw+uv2 +e5x/qHqjgaYwgaMwCQYDVR0TBAIwADAdBgNVHQ4EFgQUfkQSKOAxxn1AWuTVhl2Q +EMwUEjMwVQYDVR0jBE4wTIAU2zdHopAimnwj+TFi6Mle0WVGGdahHqQcMBoxGDAW +BgNVBAMMD1VTRVIgT3BlblZQTiBDQYIUFpM3siy07jymSvRE5W3KA5SgaewwEwYD +VR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMCA2gAMGUC +MCzj5mTNQ65KnNdAZsuyHpDDlxcy+N9i/VQy04Xuu3FeSuIj6qTLdTpyrMr2G/Vr +VwIxAOcKOAa0lxcs83bMqh5ujb4Sfgrv1jT6QjfhbdO7H3U5o8VAMjd+usEY1Msb +VWKtGw== +-----END CERTIFICATE----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/cslevai.crt b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/cslevai.crt new file mode 100644 index 0000000..7d43dc8 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/cslevai.crt @@ -0,0 +1,59 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 12:23:21:70:b0:f9:e3:c1:fe:60:d8:6e:ec:97:35:12 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:13:49 2019 GMT + Not After : Jul 14 13:13:49 2022 GMT + Subject: CN=cslevai + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:4b:d4:e1:4f:a7:5b:1e:c4:7d:40:27:19:de:bc: + cc:78:6b:5a:86:13:48:c4:c0:40:09:4e:1d:cd:b4: + f0:8d:14:2e:44:7c:8e:2d:7b:75:27:00:c4:9b:5c: + 71:1d:35:ff:f6:91:01:e2:3f:22:4d:f4:59:45:e4: + 85:61:a2:30:bb:7f:8e:7f:86:db:79:7a:da:61:00: + 72:3d:60:0b:3a:7b:d3:8e:43:d5:21:f9:e5:ef:01: + 02:48:0e:aa:07:e0:df + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + A5:71:47:49:34:D9:70:4C:8E:A6:06:51:69:AC:4D:2F:61:9F:3F:D2 + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:64:02:30:79:11:b6:e8:91:42:c8:db:cd:fa:27:07:1d:5b: + cc:9f:b2:f3:d2:0f:79:7f:7e:83:3a:e9:4b:86:a0:ba:c1:10: + 9a:87:21:f0:2c:26:e9:c5:fc:fc:7c:6c:45:79:29:d3:02:30: + 0b:74:ab:68:f6:25:3f:d3:2b:eb:a9:13:1d:3d:b1:a8:80:9c: + 1f:8f:6f:de:de:2f:a7:7f:ad:5a:a5:18:29:05:99:65:5f:63: + 50:31:6e:78:90:e6:12:3e:83:f1:d8:b0 +-----BEGIN CERTIFICATE----- +MIICDTCCAZSgAwIBAgIQEiMhcLD548H+YNhu7Jc1EjAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxMzQ5WhcNMjIwNzE0 +MTMxMzQ5WjASMRAwDgYDVQQDDAdjc2xldmFpMHYwEAYHKoZIzj0CAQYFK4EEACID +YgAES9ThT6dbHsR9QCcZ3rzMeGtahhNIxMBACU4dzbTwjRQuRHyOLXt1JwDEm1xx +HTX/9pEB4j8iTfRZReSFYaIwu3+Of4bbeXraYQByPWALOnvTjkPVIfnl7wECSA6q +B+Dfo4GmMIGjMAkGA1UdEwQCMAAwHQYDVR0OBBYEFKVxR0k02XBMjqYGUWmsTS9h +nz/SMFUGA1UdIwROMEyAFNs3R6KQIpp8I/kxYujJXtFlRhnWoR6kHDAaMRgwFgYD +VQQDDA9VU0VSIE9wZW5WUE4gQ0GCFBaTN7IstO48pkr0ROVtygOUoGnsMBMGA1Ud +JQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjOPQQDAgNnADBkAjB5 +EbbokULI2836JwcdW8yfsvPSD3l/foM66UuGoLrBEJqHIfAsJunF/Px8bEV5KdMC +MAt0q2j2JT/TK+upEx09saiAnB+Pb97eL6d/rVqlGCkFmWVfY1AxbniQ5hI+g/HY +sA== +-----END CERTIFICATE----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/dhorvath.crt b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/dhorvath.crt new file mode 100644 index 0000000..eecb944 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/dhorvath.crt @@ -0,0 +1,59 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + ee:43:78:cd:16:7f:a5:7c:d5:10:b8:71:1f:5e:50:4e + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Aug 2 08:47:52 2019 GMT + Not After : Jul 17 08:47:52 2022 GMT + Subject: CN=dhorvath + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:c2:77:2a:57:01:7b:d9:0b:e0:e0:69:7e:2a:df: + 05:b8:91:4e:50:51:e9:52:bd:a5:fa:01:ad:62:0a: + 69:10:82:6f:aa:84:64:33:71:d9:96:ca:9c:05:ce: + d9:13:99:b0:d9:d5:4d:d9:1a:43:8c:41:d5:e7:0a: + ae:92:6c:f6:7f:bf:73:b6:ff:bd:a4:bb:fc:d9:0c: + 36:0d:e2:f4:78:24:bb:cd:ac:e9:04:d6:9c:a5:2b: + ce:d7:0e:85:85:10:f1 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + D7:31:77:61:74:16:36:31:0A:BF:D2:E5:EA:44:1E:FD:CE:E3:7E:26 + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:66:02:31:00:cc:88:44:5d:a2:1b:e2:d5:1f:f6:17:f7:4f: + fe:11:b1:6a:e7:9b:cd:bb:35:21:90:9d:a5:07:e8:34:1c:b4: + 29:b6:a1:ff:d1:d9:d3:60:a1:04:ed:47:17:d5:81:53:bf:02: + 31:00:db:af:26:de:3e:0a:b9:2b:e7:43:a0:34:10:96:fb:7c: + 25:4a:dd:e6:82:bc:5a:f0:f9:ea:cc:10:3f:2f:18:09:eb:32: + f3:83:d4:49:b1:7b:30:d4:d0:3f:9c:00:75:7b +-----BEGIN CERTIFICATE----- +MIICETCCAZagAwIBAgIRAO5DeM0Wf6V81RC4cR9eUE4wCgYIKoZIzj0EAwIwGjEY +MBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDgwMjA4NDc1MloXDTIyMDcx +NzA4NDc1MlowEzERMA8GA1UEAwwIZGhvcnZhdGgwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAATCdypXAXvZC+DgaX4q3wW4kU5QUelSvaX6Aa1iCmkQgm+qhGQzcdmWypwF +ztkTmbDZ1U3ZGkOMQdXnCq6SbPZ/v3O2/72ku/zZDDYN4vR4JLvNrOkE1pylK87X +DoWFEPGjgaYwgaMwCQYDVR0TBAIwADAdBgNVHQ4EFgQU1zF3YXQWNjEKv9Ll6kQe +/c7jfiYwVQYDVR0jBE4wTIAU2zdHopAimnwj+TFi6Mle0WVGGdahHqQcMBoxGDAW +BgNVBAMMD1VTRVIgT3BlblZQTiBDQYIUFpM3siy07jymSvRE5W3KA5SgaewwEwYD +VR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMCA2kAMGYC +MQDMiERdohvi1R/2F/dP/hGxauebzbs1IZCdpQfoNBy0Kbah/9HZ02ChBO1HF9WB +U78CMQDbrybePgq5K+dDoDQQlvt8JUrd5oK8WvD56swQPy8YCesy84PUSbF7MNTQ +P5wAdXs= +-----END CERTIFICATE----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/dvasary.crt b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/dvasary.crt new file mode 100644 index 0000000..95bd1bb --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/dvasary.crt @@ -0,0 +1,59 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 07:5b:cc:38:0a:a7:60:e4:33:ea:dc:63:5f:da:65:bb + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:14:04 2019 GMT + Not After : Jul 14 13:14:04 2022 GMT + Subject: CN=dvasary + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:83:4f:51:7b:f1:30:dc:76:25:db:21:fd:11:8a: + 39:fc:6f:4a:0f:f5:38:9d:8e:3c:18:c3:e2:b9:9a: + 7e:d8:25:9d:69:f1:40:f2:1c:f8:bd:7c:98:e9:1d: + 86:78:d0:d5:7b:b1:e6:8a:cb:44:e9:42:6c:61:c4: + d9:32:c5:16:f0:76:71:90:58:0f:13:f4:cb:01:02: + 68:fa:bb:3e:cb:24:47:e2:87:2d:f2:c6:d9:5f:b8: + 16:de:47:aa:bf:02:65 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 61:47:26:E4:48:A5:C7:F8:38:0A:5F:06:FE:F6:35:DC:BB:71:F1:36 + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:66:02:31:00:8a:59:88:96:eb:a1:b6:5d:51:39:39:63:b6: + 53:c1:1e:01:ae:35:ff:3e:a5:ba:ed:17:a9:0b:2d:a9:86:c3: + ae:c1:47:55:9b:16:9f:d7:29:71:28:06:92:6c:da:86:75:02: + 31:00:b3:f1:55:67:51:44:2f:fa:5f:c0:65:ce:45:c3:ef:88: + f4:80:98:65:69:e5:db:7b:42:71:6f:16:f2:06:5c:ad:e1:ce: + fb:dc:fc:46:1f:b2:79:61:5a:c9:81:b5:24:c3 +-----BEGIN CERTIFICATE----- +MIICDzCCAZSgAwIBAgIQB1vMOAqnYOQz6txjX9pluzAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNDA0WhcNMjIwNzE0 +MTMxNDA0WjASMRAwDgYDVQQDDAdkdmFzYXJ5MHYwEAYHKoZIzj0CAQYFK4EEACID +YgAEg09Re/Ew3HYl2yH9EYo5/G9KD/U4nY48GMPiuZp+2CWdafFA8hz4vXyY6R2G +eNDVe7HmistE6UJsYcTZMsUW8HZxkFgPE/TLAQJo+rs+yyRH4oct8sbZX7gW3keq +vwJlo4GmMIGjMAkGA1UdEwQCMAAwHQYDVR0OBBYEFGFHJuRIpcf4OApfBv72Ndy7 +cfE2MFUGA1UdIwROMEyAFNs3R6KQIpp8I/kxYujJXtFlRhnWoR6kHDAaMRgwFgYD +VQQDDA9VU0VSIE9wZW5WUE4gQ0GCFBaTN7IstO48pkr0ROVtygOUoGnsMBMGA1Ud +JQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjOPQQDAgNpADBmAjEA +ilmIluuhtl1ROTljtlPBHgGuNf8+pbrtF6kLLamGw67BR1WbFp/XKXEoBpJs2oZ1 +AjEAs/FVZ1FEL/pfwGXORcPviPSAmGVp5dt7QnFvFvIGXK3hzvvc/EYfsnlhWsmB +tSTD +-----END CERTIFICATE----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/fritter.crt b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/fritter.crt new file mode 100644 index 0000000..6a4f5ff --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/fritter.crt @@ -0,0 +1,59 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 32:06:af:0b:00:a2:dd:98:26:61:13:a2:f8:c5:f8:e7 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:14:15 2019 GMT + Not After : Jul 14 13:14:15 2022 GMT + Subject: CN=fritter + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:01:16:61:9a:29:9b:00:34:c6:d8:d0:31:87:e7: + 2c:fd:7a:7e:e0:6e:f7:26:1a:62:7f:d4:7d:aa:8d: + 0e:83:bd:c2:51:8c:cb:34:2b:3d:04:40:4f:2c:6f: + 8b:86:9b:7f:de:a2:79:a4:0a:03:4c:70:71:34:ba: + f6:f8:d1:e8:92:18:32:d6:78:3d:5d:29:5c:70:a0: + b6:80:7f:21:e2:63:09:57:c1:46:fd:9b:d9:7a:2a: + b8:13:f2:f7:83:cc:32 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + B1:1A:69:80:EF:74:B3:58:F8:3B:86:7A:86:DF:8C:50:30:56:12:04 + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:66:02:31:00:da:29:1d:b3:22:d6:c9:b3:16:e6:14:41:77: + fb:87:e7:9c:39:0b:a4:40:42:bf:45:0a:b0:4e:53:89:c9:a9: + 6b:90:b7:88:85:bd:f0:9b:a0:a4:4b:fb:e3:2e:6f:d1:ff:02: + 31:00:82:ce:d7:ed:cd:94:17:96:d4:65:97:82:11:ae:dd:22: + 2c:2f:f2:64:55:ef:e7:25:c9:89:c3:bf:fc:cf:5f:c5:60:00: + 2c:e9:7d:36:7b:6b:b8:c0:08:c2:66:f2:f7:ef +-----BEGIN CERTIFICATE----- +MIICDzCCAZSgAwIBAgIQMgavCwCi3ZgmYROi+MX45zAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNDE1WhcNMjIwNzE0 +MTMxNDE1WjASMRAwDgYDVQQDDAdmcml0dGVyMHYwEAYHKoZIzj0CAQYFK4EEACID +YgAEARZhmimbADTG2NAxh+cs/Xp+4G73Jhpif9R9qo0Og73CUYzLNCs9BEBPLG+L +hpt/3qJ5pAoDTHBxNLr2+NHokhgy1ng9XSlccKC2gH8h4mMJV8FG/ZvZeiq4E/L3 +g8wyo4GmMIGjMAkGA1UdEwQCMAAwHQYDVR0OBBYEFLEaaYDvdLNY+DuGeobfjFAw +VhIEMFUGA1UdIwROMEyAFNs3R6KQIpp8I/kxYujJXtFlRhnWoR6kHDAaMRgwFgYD +VQQDDA9VU0VSIE9wZW5WUE4gQ0GCFBaTN7IstO48pkr0ROVtygOUoGnsMBMGA1Ud +JQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjOPQQDAgNpADBmAjEA +2ikdsyLWybMW5hRBd/uH55w5C6RAQr9FCrBOU4nJqWuQt4iFvfCboKRL++Mub9H/ +AjEAgs7X7c2UF5bUZZeCEa7dIiwv8mRV7+clyYnDv/zPX8VgACzpfTZ7a7jACMJm +8vfv +-----END CERTIFICATE----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/fschnell.crt b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/fschnell.crt new file mode 100644 index 0000000..7c72a4c --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/fschnell.crt @@ -0,0 +1,59 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 62:de:03:11:22:c6:4b:00:ac:33:d5:e5:8a:25:0f:ff + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:14:27 2019 GMT + Not After : Jul 14 13:14:27 2022 GMT + Subject: CN=fschnell + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:c1:66:71:37:bb:f5:b6:2c:b0:a0:d6:8c:85:2c: + 31:28:d1:5e:d6:23:71:ae:b7:6f:79:12:50:7a:b5: + 6c:ee:eb:a0:a9:9b:1a:d5:f3:5d:72:fd:cd:f1:0d: + 23:3f:6e:44:7b:1f:c9:8a:1e:fb:51:ad:e2:bf:c8: + 12:0d:d0:7a:11:de:ee:c2:6e:06:af:67:c7:51:13: + 8c:cf:75:9f:a9:80:42:f2:9c:5a:78:af:29:57:df: + b0:c1:d6:d6:3b:42:60 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + B9:32:14:86:9B:D6:96:CB:A1:D9:29:28:C4:F7:93:25:5F:2A:A1:1C + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:64:02:30:61:aa:3e:2c:c7:81:3c:56:1a:87:fe:c8:42:6a: + b1:61:dd:1c:6a:21:ac:81:90:ef:04:4c:2f:fc:9f:b7:75:e1: + b2:2a:60:f8:67:f0:9a:b4:7f:18:cd:81:68:bf:ae:1b:02:30: + 33:0e:e6:86:5d:2e:bc:64:4e:4c:fd:8d:05:45:a6:c0:3d:d8: + af:53:fa:37:2f:e5:84:8e:ea:30:80:82:60:96:8e:5d:8f:1f: + f2:4f:d1:f7:c0:d1:a0:19:d7:93:95:82 +-----BEGIN CERTIFICATE----- +MIICDjCCAZWgAwIBAgIQYt4DESLGSwCsM9XliiUP/zAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNDI3WhcNMjIwNzE0 +MTMxNDI3WjATMREwDwYDVQQDDAhmc2NobmVsbDB2MBAGByqGSM49AgEGBSuBBAAi +A2IABMFmcTe79bYssKDWjIUsMSjRXtYjca63b3kSUHq1bO7roKmbGtXzXXL9zfEN +Iz9uRHsfyYoe+1Gt4r/IEg3QehHe7sJuBq9nx1ETjM91n6mAQvKcWnivKVffsMHW +1jtCYKOBpjCBozAJBgNVHRMEAjAAMB0GA1UdDgQWBBS5MhSGm9aWy6HZKSjE95Ml +XyqhHDBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG +A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DATBgNV +HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZIzj0EAwIDZwAwZAIw +Yao+LMeBPFYah/7IQmqxYd0caiGsgZDvBEwv/J+3deGyKmD4Z/CatH8YzYFov64b +AjAzDuaGXS68ZE5M/Y0FRabAPdivU/o3L+WEjuowgIJglo5djx/yT9H3wNGgGdeT +lYI= +-----END CERTIFICATE----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/ifabian.crt b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/ifabian.crt new file mode 100644 index 0000000..3566fd5 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/ifabian.crt @@ -0,0 +1,59 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 46:9e:0b:aa:82:d0:07:b1:9d:fc:c4:87:c5:6c:9e:80 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:14:38 2019 GMT + Not After : Jul 14 13:14:38 2022 GMT + Subject: CN=ifabian + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:ba:65:94:67:08:34:86:c7:0f:94:00:5f:e2:38: + 5b:9e:29:5f:76:7a:87:43:5b:37:a4:44:ab:39:72: + be:37:0e:3f:c5:ba:55:8b:6c:bd:22:ed:74:54:88: + a2:1c:ec:f8:24:37:3f:b3:b2:e3:56:0e:e5:81:cb: + ef:48:1d:e5:ea:1f:67:51:5f:20:8b:2f:aa:fe:fe: + 8e:d4:be:91:28:94:b6:cc:04:74:90:72:90:10:a0: + 7c:42:a2:e3:4c:7f:49 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 0B:41:AE:87:A5:73:BB:DC:4E:16:2E:F3:A0:20:FA:D5:38:52:40:AA + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:30:1f:f9:44:c2:c2:63:91:08:c2:c8:ca:22:28:7d: + 9b:84:3d:d1:f7:89:43:26:b0:a6:e7:2c:e5:63:e9:bd:86:81: + e5:ad:1a:c2:bb:30:31:05:eb:e9:d3:71:d1:6e:c0:df:02:31: + 00:d3:38:d5:bb:9f:d2:a2:92:6e:0e:2a:b4:d9:d6:a9:c9:eb: + 5c:c9:ef:33:1c:66:d4:3c:a0:86:07:39:38:14:0c:61:8b:67: + 75:20:06:d8:79:0c:65:a2:2d:87:fc:00:04 +-----BEGIN CERTIFICATE----- +MIICDjCCAZSgAwIBAgIQRp4LqoLQB7Gd/MSHxWyegDAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNDM4WhcNMjIwNzE0 +MTMxNDM4WjASMRAwDgYDVQQDDAdpZmFiaWFuMHYwEAYHKoZIzj0CAQYFK4EEACID +YgAEumWUZwg0hscPlABf4jhbnilfdnqHQ1s3pESrOXK+Nw4/xbpVi2y9Iu10VIii +HOz4JDc/s7LjVg7lgcvvSB3l6h9nUV8giy+q/v6O1L6RKJS2zAR0kHKQEKB8QqLj +TH9Jo4GmMIGjMAkGA1UdEwQCMAAwHQYDVR0OBBYEFAtBroelc7vcThYu86Ag+tU4 +UkCqMFUGA1UdIwROMEyAFNs3R6KQIpp8I/kxYujJXtFlRhnWoR6kHDAaMRgwFgYD +VQQDDA9VU0VSIE9wZW5WUE4gQ0GCFBaTN7IstO48pkr0ROVtygOUoGnsMBMGA1Ud +JQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjOPQQDAgNoADBlAjAf ++UTCwmORCMLIyiIofZuEPdH3iUMmsKbnLOVj6b2GgeWtGsK7MDEF6+nTcdFuwN8C +MQDTONW7n9Kikm4OKrTZ1qnJ61zJ7zMcZtQ8oIYHOTgUDGGLZ3UgBth5DGWiLYf8 +AAQ= +-----END CERTIFICATE----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/khorvath.crt b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/khorvath.crt new file mode 100644 index 0000000..bad0fce --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/khorvath.crt @@ -0,0 +1,59 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 68:02:68:8c:e3:bb:71:c1:e8:67:ca:49:0a:9d:0b:4c + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:14:53 2019 GMT + Not After : Jul 14 13:14:53 2022 GMT + Subject: CN=khorvath + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:10:d0:a2:68:66:ea:40:36:f3:9d:13:e2:bc:e7: + 87:92:d4:ca:f2:e6:13:a9:0b:d0:92:b7:a0:24:f0: + e4:ce:69:08:e4:e2:c0:66:e0:2a:2a:79:06:e3:d4: + 33:e8:6b:94:a7:fb:71:9a:e7:9a:a1:f9:1a:3b:28: + 3f:3b:0c:99:5f:2e:cf:17:98:60:10:16:22:c3:1f: + 7e:61:62:97:85:36:0a:0a:e9:26:0e:76:c3:88:b8: + 8e:e4:80:78:52:b5:9c + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 42:88:C3:F8:81:2A:78:1F:C8:3F:D2:7D:BA:E9:44:09:4A:36:3A:B1 + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:30:27:4e:d4:b0:5a:4b:af:6a:d6:a0:b7:ae:b4:57: + d1:dc:4e:77:9c:bf:06:c0:bd:3d:06:c3:90:7e:e4:7a:24:1e: + e9:a4:76:51:4b:2f:3d:8a:1c:6e:93:0d:de:b1:3c:63:02:31: + 00:fb:48:45:89:a8:e7:74:16:4a:1d:5e:a1:ad:b2:d3:34:9f: + 95:04:ed:92:1f:a8:ad:05:6f:81:ee:d0:8c:fc:9d:6c:e3:5d: + 5a:1b:e8:27:86:20:a0:e4:78:a2:4f:63:b3 +-----BEGIN CERTIFICATE----- +MIICDzCCAZWgAwIBAgIQaAJojOO7ccHoZ8pJCp0LTDAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNDUzWhcNMjIwNzE0 +MTMxNDUzWjATMREwDwYDVQQDDAhraG9ydmF0aDB2MBAGByqGSM49AgEGBSuBBAAi +A2IABBDQomhm6kA2850T4rznh5LUyvLmE6kL0JK3oCTw5M5pCOTiwGbgKip5BuPU +M+hrlKf7cZrnmqH5GjsoPzsMmV8uzxeYYBAWIsMffmFil4U2CgrpJg52w4i4juSA +eFK1nKOBpjCBozAJBgNVHRMEAjAAMB0GA1UdDgQWBBRCiMP4gSp4H8g/0n266UQJ +SjY6sTBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG +A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DATBgNV +HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZIzj0EAwIDaAAwZQIw +J07UsFpLr2rWoLeutFfR3E53nL8GwL09BsOQfuR6JB7ppHZRSy89ihxukw3esTxj +AjEA+0hFiajndBZKHV6hrbLTNJ+VBO2SH6itBW+B7tCM/J1s411aG+gnhiCg5Hii +T2Oz +-----END CERTIFICATE----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/kkancz.crt b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/kkancz.crt new file mode 100644 index 0000000..8762b9e --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/kkancz.crt @@ -0,0 +1,59 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 58:5a:a9:7d:7c:ca:b5:2c:49:57:bb:bf:91:37:42:61 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Mar 26 10:41:27 2020 GMT + Not After : Mar 11 10:41:27 2023 GMT + Subject: CN=kkancz + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:16:c3:cc:4c:19:91:e6:b3:53:89:7d:7a:1e:ae: + 57:89:52:19:d7:e5:c7:d0:68:74:a6:0d:92:e9:09: + e7:81:5e:11:02:ea:87:89:20:e7:57:b1:ca:44:b6: + cf:5f:01:58:73:94:89:3a:0a:67:fa:9f:c8:c9:16: + 8d:e7:72:75:94:8d:52:de:f1:0f:47:a3:15:83:c3: + cd:67:c8:14:af:b2:f5:63:08:0c:25:d5:d5:0a:ba: + fb:9b:0f:df:e0:45:b4 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 61:CB:25:BC:82:6D:D5:01:DE:15:AF:18:59:C3:D7:34:16:B7:A6:94 + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:31:00:ca:f1:79:0b:1b:e1:0f:15:b4:6e:3e:69:9b: + 92:a8:bc:fe:2f:5c:96:c0:ad:d7:02:97:e0:ea:f7:08:77:43: + 31:22:93:50:19:24:88:91:63:39:b1:1a:80:bf:9d:bf:f1:02: + 30:38:5b:c1:af:a7:58:0d:de:b5:19:77:00:33:31:7d:41:c5: + 3c:bb:b2:9e:cd:86:66:f6:1a:84:4d:80:b6:28:b5:2b:04:5f: + 1c:a3:49:cd:89:2d:21:0a:5f:65:eb:d0:36 +-----BEGIN CERTIFICATE----- +MIICDTCCAZOgAwIBAgIQWFqpfXzKtSxJV7u/kTdCYTAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMjAwMzI2MTA0MTI3WhcNMjMwMzEx +MTA0MTI3WjARMQ8wDQYDVQQDDAZra2FuY3owdjAQBgcqhkjOPQIBBgUrgQQAIgNi +AAQWw8xMGZHms1OJfXoerleJUhnX5cfQaHSmDZLpCeeBXhEC6oeJIOdXscpEts9f +AVhzlIk6Cmf6n8jJFo3ncnWUjVLe8Q9HoxWDw81nyBSvsvVjCAwl1dUKuvubD9/g +RbSjgaYwgaMwCQYDVR0TBAIwADAdBgNVHQ4EFgQUYcslvIJt1QHeFa8YWcPXNBa3 +ppQwVQYDVR0jBE4wTIAU2zdHopAimnwj+TFi6Mle0WVGGdahHqQcMBoxGDAWBgNV +BAMMD1VTRVIgT3BlblZQTiBDQYIUFpM3siy07jymSvRE5W3KA5SgaewwEwYDVR0l +BAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMCA2gAMGUCMQDK +8XkLG+EPFbRuPmmbkqi8/i9clsCt1wKX4Or3CHdDMSKTUBkkiJFjObEagL+dv/EC +MDhbwa+nWA3etRl3ADMxfUHFPLuyns2GZvYahE2Atii1KwRfHKNJzYktIQpfZevQ +Ng== +-----END CERTIFICATE----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/kkele.crt b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/kkele.crt new file mode 100644 index 0000000..001fc25 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/kkele.crt @@ -0,0 +1,58 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 39:4b:dd:54:1c:10:82:ea:c5:cd:4d:9d:fe:b6:d4:d3 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:15:02 2019 GMT + Not After : Jul 14 13:15:02 2022 GMT + Subject: CN=kkele + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:0a:e8:ed:f9:1a:f5:b6:17:d7:5f:ff:9e:9c:1e: + 1d:11:cf:12:7f:01:11:ca:a2:b1:e0:b5:bc:30:6b: + 5c:ff:5e:d2:06:2b:55:a9:0f:55:3a:ae:ee:a6:5e: + 74:0d:f6:43:b6:a4:1d:17:2b:0f:87:7b:c2:39:47: + 1d:e7:fb:e4:64:d1:00:60:bb:1c:eb:e0:40:82:8d: + 77:09:85:d1:1c:37:c8:3e:d5:64:51:0f:1d:71:71: + 04:3a:21:6c:a2:57:36 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + B0:47:56:D8:59:56:0D:E2:68:86:01:E8:12:30:4C:EF:D9:7D:EE:F7 + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:31:00:df:6c:06:c1:07:aa:bb:76:58:d8:ea:dc:60: + ce:e0:5c:a9:32:c0:20:c9:8b:da:3b:7e:98:74:94:96:83:0e: + 9f:71:8f:4e:af:72:d0:49:29:06:d0:c8:e9:12:88:67:67:02: + 30:77:f4:e3:b5:89:dd:e6:6e:83:65:64:77:09:8e:52:2d:47: + 04:80:27:14:25:51:08:97:01:86:e9:23:0d:04:fa:44:89:35: + c4:4e:18:84:09:86:cf:5a:7b:6c:0e:09:fd +-----BEGIN CERTIFICATE----- +MIICDDCCAZKgAwIBAgIQOUvdVBwQgurFzU2d/rbU0zAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNTAyWhcNMjIwNzE0 +MTMxNTAyWjAQMQ4wDAYDVQQDDAVra2VsZTB2MBAGByqGSM49AgEGBSuBBAAiA2IA +BAro7fka9bYX11//npweHRHPEn8BEcqiseC1vDBrXP9e0gYrVakPVTqu7qZedA32 +Q7akHRcrD4d7wjlHHef75GTRAGC7HOvgQIKNdwmF0Rw3yD7VZFEPHXFxBDohbKJX +NqOBpjCBozAJBgNVHRMEAjAAMB0GA1UdDgQWBBSwR1bYWVYN4miGAegSMEzv2X3u +9zBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYGA1UE +AwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DATBgNVHSUE +DDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZIzj0EAwIDaAAwZQIxAN9s +BsEHqrt2WNjq3GDO4FypMsAgyYvaO36YdJSWgw6fcY9Or3LQSSkG0MjpEohnZwIw +d/TjtYnd5m6DZWR3CY5SLUcEgCcUJVEIlwGG6SMNBPpEiTXEThiECYbPWntsDgn9 +-----END CERTIFICATE----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/mszabo.crt b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/mszabo.crt new file mode 100644 index 0000000..4e332dc --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/mszabo.crt @@ -0,0 +1,59 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 23:7b:c7:68:f3:7b:5c:8e:17:63:b5:67:3e:d3:10:1c + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:15:16 2019 GMT + Not After : Jul 14 13:15:16 2022 GMT + Subject: CN=mszabo + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:d4:de:f0:4a:f4:a0:8a:bd:52:97:87:c0:f5:28: + 87:7d:7b:4c:f3:3d:13:be:6b:f6:61:23:f8:91:fd: + 2a:59:db:38:2e:ec:d6:5d:21:c2:b9:e0:8c:38:36: + c9:bb:2c:f9:87:f3:c5:53:28:d1:94:03:d3:24:c0: + fa:95:b3:19:4a:42:95:94:22:11:4f:82:ea:bf:16: + 42:42:90:f1:9e:e9:68:48:2e:b9:db:71:be:48:4a: + eb:06:61:63:73:77:18 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 8B:C8:96:C9:E3:FD:F0:F2:13:BD:F3:32:17:FD:4F:40:19:3D:2A:5F + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:66:02:31:00:84:81:10:d7:e4:4f:e6:1d:de:3f:6c:9d:f9: + 45:2f:6c:74:c1:ce:65:da:b9:0f:56:2d:3c:08:2d:a9:62:d2: + ec:45:46:50:7d:da:d1:0d:73:8c:e9:57:57:3e:2d:49:14:02: + 31:00:9e:6a:e2:fa:4f:6d:04:6f:3f:6b:35:9e:1b:6a:94:b8: + 3b:f3:79:db:9b:cd:2c:84:48:e9:7a:a9:13:d2:08:b0:d0:f2: + c6:22:7e:87:3b:f4:6d:d0:b7:db:c4:b5:ad:5d +-----BEGIN CERTIFICATE----- +MIICDjCCAZOgAwIBAgIQI3vHaPN7XI4XY7VnPtMQHDAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNTE2WhcNMjIwNzE0 +MTMxNTE2WjARMQ8wDQYDVQQDDAZtc3phYm8wdjAQBgcqhkjOPQIBBgUrgQQAIgNi +AATU3vBK9KCKvVKXh8D1KId9e0zzPRO+a/ZhI/iR/SpZ2zgu7NZdIcK54Iw4Nsm7 +LPmH88VTKNGUA9MkwPqVsxlKQpWUIhFPguq/FkJCkPGe6WhILrnbcb5ISusGYWNz +dxijgaYwgaMwCQYDVR0TBAIwADAdBgNVHQ4EFgQUi8iWyeP98PITvfMyF/1PQBk9 +Kl8wVQYDVR0jBE4wTIAU2zdHopAimnwj+TFi6Mle0WVGGdahHqQcMBoxGDAWBgNV +BAMMD1VTRVIgT3BlblZQTiBDQYIUFpM3siy07jymSvRE5W3KA5SgaewwEwYDVR0l +BAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMCA2kAMGYCMQCE +gRDX5E/mHd4/bJ35RS9sdMHOZdq5D1YtPAgtqWLS7EVGUH3a0Q1zjOlXVz4tSRQC +MQCeauL6T20Ebz9rNZ4bapS4O/N525vNLIRI6XqpE9IIsNDyxiJ+hzv0bdC328S1 +rV0= +-----END CERTIFICATE----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/qqcs.crt b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/qqcs.crt new file mode 100644 index 0000000..4347633 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/qqcs.crt @@ -0,0 +1,58 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + ac:b6:49:fd:c2:e3:b8:1c:54:2c:66:1f:04:12:e1:b6 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:16:25 2019 GMT + Not After : Jul 14 13:16:25 2022 GMT + Subject: CN=qqcs + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:4a:c3:a5:30:3e:35:30:99:34:68:48:48:08:05: + 96:c9:b4:40:cc:e5:09:81:e3:47:07:84:59:63:59: + f8:c5:92:7f:35:ba:68:1b:14:d2:f3:da:39:14:97: + e3:11:09:d8:4f:34:61:9d:b2:75:d6:73:ab:d9:eb: + ed:0e:e8:e5:7b:28:c6:9d:04:b1:ed:47:97:2b:d3: + 62:01:b3:83:e7:6c:c8:c7:11:82:f3:c8:c0:97:27: + 52:8d:54:da:42:98:fb + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 8B:85:13:8E:D2:D4:4D:3F:AE:DD:0D:38:D0:65:84:40:E9:2A:3F:02 + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:30:28:fe:ea:a7:50:e0:71:a6:51:36:4e:19:42:f7: + 01:c4:d0:fd:a2:66:f3:4c:28:15:81:51:9d:75:33:88:3e:6e: + 96:02:e4:67:be:26:cf:05:81:18:c3:e6:96:7f:73:2a:02:31: + 00:fc:ea:f1:0c:28:55:3b:9e:d1:5f:46:c7:41:0f:da:48:c5: + a6:35:45:19:07:f1:ad:59:2a:ae:0b:60:c6:f3:7d:a8:af:4f: + 71:50:5d:bb:fb:a7:55:7c:6c:b2:ce:12:c4 +-----BEGIN CERTIFICATE----- +MIICDDCCAZKgAwIBAgIRAKy2Sf3C47gcVCxmHwQS4bYwCgYIKoZIzj0EAwIwGjEY +MBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDczMDEzMTYyNVoXDTIyMDcx +NDEzMTYyNVowDzENMAsGA1UEAwwEcXFjczB2MBAGByqGSM49AgEGBSuBBAAiA2IA +BErDpTA+NTCZNGhISAgFlsm0QMzlCYHjRweEWWNZ+MWSfzW6aBsU0vPaORSX4xEJ +2E80YZ2yddZzq9nr7Q7o5Xsoxp0Ese1HlyvTYgGzg+dsyMcRgvPIwJcnUo1U2kKY ++6OBpjCBozAJBgNVHRMEAjAAMB0GA1UdDgQWBBSLhROO0tRNP67dDTjQZYRA6So/ +AjBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYGA1UE +AwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DATBgNVHSUE +DDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZIzj0EAwIDaAAwZQIwKP7q +p1DgcaZRNk4ZQvcBxND9ombzTCgVgVGddTOIPm6WAuRnvibPBYEYw+aWf3MqAjEA +/OrxDChVO57RX0bHQQ/aSMWmNUUZB/GtWSquC2DG832or09xUF27+6dVfGyyzhLE +-----END CERTIFICATE----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/rrendek.crt b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/rrendek.crt new file mode 100644 index 0000000..02ca332 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/rrendek.crt @@ -0,0 +1,59 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + f6:01:86:d6:4b:85:3a:3d:d9:f8:79:9f:b8:17:c3:01 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:15:29 2019 GMT + Not After : Jul 14 13:15:29 2022 GMT + Subject: CN=rrendek + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:ea:c4:ab:e1:24:42:91:06:17:73:d6:d9:87:17: + 29:a8:05:73:be:5a:54:38:3e:c9:dd:78:55:ca:e2: + 27:e6:44:1a:22:5b:3a:15:68:61:bf:ae:ce:05:a5: + c9:98:f7:a3:ff:0e:b9:db:8e:fc:15:ac:76:41:c8: + 6e:de:85:38:cb:1f:b1:98:41:df:4e:18:62:24:04: + 95:5a:16:6b:0b:fd:13:e3:26:8b:76:d3:9a:54:6c: + 9b:19:3c:55:de:d0:2e + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + D5:73:9E:FA:32:4C:D8:2A:E0:33:CF:15:F6:C0:D5:E9:56:5A:D0:EE + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:30:49:21:38:44:26:a9:96:15:98:29:c4:4f:04:25: + be:35:90:bc:44:00:60:0d:6a:f7:f8:d4:ed:58:ea:28:45:f2: + 99:33:d1:e3:2e:82:4e:04:bb:e5:27:10:ea:64:b8:83:02:31: + 00:c3:59:fe:dc:8a:a1:e4:d1:30:09:51:2a:d8:d2:76:af:dc: + 28:b2:d3:0d:ad:f3:19:91:b5:92:e6:8b:b4:77:d8:c3:87:f8: + 7b:39:94:ab:f2:c0:06:c1:c4:43:b8:0e:16 +-----BEGIN CERTIFICATE----- +MIICDzCCAZWgAwIBAgIRAPYBhtZLhTo92fh5n7gXwwEwCgYIKoZIzj0EAwIwGjEY +MBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDczMDEzMTUyOVoXDTIyMDcx +NDEzMTUyOVowEjEQMA4GA1UEAwwHcnJlbmRlazB2MBAGByqGSM49AgEGBSuBBAAi +A2IABOrEq+EkQpEGF3PW2YcXKagFc75aVDg+yd14VcriJ+ZEGiJbOhVoYb+uzgWl +yZj3o/8OuduO/BWsdkHIbt6FOMsfsZhB304YYiQElVoWawv9E+Mmi3bTmlRsmxk8 +Vd7QLqOBpjCBozAJBgNVHRMEAjAAMB0GA1UdDgQWBBTVc576MkzYKuAzzxX2wNXp +VlrQ7jBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG +A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DATBgNV +HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZIzj0EAwIDaAAwZQIw +SSE4RCaplhWYKcRPBCW+NZC8RABgDWr3+NTtWOooRfKZM9HjLoJOBLvlJxDqZLiD +AjEAw1n+3Iqh5NEwCVEq2NJ2r9wostMNrfMZkbWS5ou0d9jDh/h7OZSr8sAGwcRD +uA4W +-----END CERTIFICATE----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/server.crt b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/server.crt new file mode 100644 index 0000000..c9ce39b --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/server.crt @@ -0,0 +1,61 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + ab:51:7a:c1:c6:bf:8c:35:5c:a1:ea:62:5a:ca:67:84 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:04:35 2019 GMT + Not After : Jul 14 13:04:35 2022 GMT + Subject: CN=server + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:b9:1f:ea:83:e0:6a:e3:49:dd:a8:f5:06:17:33: + 4c:44:73:ac:46:01:33:eb:88:a3:12:d6:0a:aa:3b: + ee:6f:d3:75:69:19:f6:82:12:9d:23:17:3a:b9:fe: + 66:61:26:4c:46:db:d2:f9:5a:fc:a8:82:58:22:a8: + b7:fc:cb:fd:cc:3d:f1:e8:c9:19:39:f1:f3:d0:fb: + 73:b0:9f:77:53:9c:ff:35:b5:b5:c6:8d:ee:eb:66: + 0b:d1:70:d5:bb:a4:66 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 81:F8:B0:C6:7B:70:D8:D6:C9:E1:9D:B2:67:8B:3B:D8:21:1B:9A:B2 + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Server Authentication + X509v3 Key Usage: + Digital Signature, Key Encipherment + X509v3 Subject Alternative Name: + DNS:server + Signature Algorithm: ecdsa-with-SHA256 + 30:66:02:31:00:88:cf:12:d6:9c:fd:43:24:58:63:13:27:f1: + 44:0a:62:b0:b2:1d:0f:28:3d:50:d0:be:f2:ea:5e:d6:23:27: + ac:42:b3:67:2c:d3:8d:7d:19:15:ce:4a:7f:5e:cb:67:94:02: + 31:00:8a:f3:c3:f9:ce:f2:35:3a:5a:21:55:1c:d1:ec:80:fa: + ad:ef:9b:d9:7d:5c:33:55:f3:71:9c:6d:eb:68:15:ba:45:43: + 23:1c:83:7a:21:36:a0:4c:24:73:44:14:ef:ea +-----BEGIN CERTIFICATE----- +MIICIjCCAaegAwIBAgIRAKtResHGv4w1XKHqYlrKZ4QwCgYIKoZIzj0EAwIwGjEY +MBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDczMDEzMDQzNVoXDTIyMDcx +NDEzMDQzNVowETEPMA0GA1UEAwwGc2VydmVyMHYwEAYHKoZIzj0CAQYFK4EEACID +YgAEuR/qg+Bq40ndqPUGFzNMRHOsRgEz64ijEtYKqjvub9N1aRn2ghKdIxc6uf5m +YSZMRtvS+Vr8qIJYIqi3/Mv9zD3x6MkZOfHz0PtzsJ93U5z/NbW1xo3u62YL0XDV +u6Rmo4G5MIG2MAkGA1UdEwQCMAAwHQYDVR0OBBYEFIH4sMZ7cNjWyeGdsmeLO9gh +G5qyMFUGA1UdIwROMEyAFNs3R6KQIpp8I/kxYujJXtFlRhnWoR6kHDAaMRgwFgYD +VQQDDA9VU0VSIE9wZW5WUE4gQ0GCFBaTN7IstO48pkr0ROVtygOUoGnsMBMGA1Ud +JQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIFoDARBgNVHREECjAIggZzZXJ2ZXIw +CgYIKoZIzj0EAwIDaQAwZgIxAIjPEtac/UMkWGMTJ/FECmKwsh0PKD1Q0L7y6l7W +IyesQrNnLNONfRkVzkp/XstnlAIxAIrzw/nO8jU6WiFVHNHsgPqt75vZfVwzVfNx +nG3raBW6RUMjHIN6ITagTCRzRBTv6g== +-----END CERTIFICATE----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/thering.crt b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/thering.crt new file mode 100644 index 0000000..b2c45f3 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/thering.crt @@ -0,0 +1,59 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b5:63:ff:7c:ff:87:23:f8:fd:6c:cd:82:85:1f:fa:31 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Mar 26 10:41:42 2020 GMT + Not After : Mar 11 10:41:42 2023 GMT + Subject: CN=thering + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:18:e6:74:25:a4:09:6a:83:9f:bc:71:e8:8e:c1: + 44:73:6c:60:17:3a:29:a4:11:40:94:9d:ad:aa:f4: + 37:03:cc:83:a7:28:5b:58:c8:0b:40:bf:ec:c8:83: + 6e:41:db:56:24:37:56:7f:ba:25:57:09:76:82:27: + 45:93:e9:65:25:aa:55:f1:cb:48:d8:8b:d2:65:dc: + 8e:51:71:e8:60:d1:2e:88:34:f4:d1:f3:c2:81:3a: + 36:9a:9c:08:7f:ac:c7 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + DE:BA:42:67:DA:26:9A:79:0C:E4:D7:AB:BA:DA:0A:02:71:D0:48:FE + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:31:00:87:c1:1b:d1:15:d9:85:62:f9:58:ff:0b:30: + a0:3b:c7:31:ca:46:0c:71:0c:55:9d:83:a3:a9:32:93:94:7a: + 6b:b4:54:e2:a3:e6:be:de:aa:29:bc:77:a7:9e:1b:cc:6f:02: + 30:66:a5:9a:15:42:7f:e4:ad:00:be:0b:73:70:20:1b:c1:65: + 40:15:22:28:51:8a:d1:7a:06:3a:50:2c:d2:56:0d:48:2c:7a: + f4:b1:63:3e:ac:7f:01:c8:ac:bc:04:ce:b9 +-----BEGIN CERTIFICATE----- +MIICDzCCAZWgAwIBAgIRALVj/3z/hyP4/WzNgoUf+jEwCgYIKoZIzj0EAwIwGjEY +MBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTIwMDMyNjEwNDE0MloXDTIzMDMx +MTEwNDE0MlowEjEQMA4GA1UEAwwHdGhlcmluZzB2MBAGByqGSM49AgEGBSuBBAAi +A2IABBjmdCWkCWqDn7xx6I7BRHNsYBc6KaQRQJSdrar0NwPMg6coW1jIC0C/7MiD +bkHbViQ3Vn+6JVcJdoInRZPpZSWqVfHLSNiL0mXcjlFx6GDRLog09NHzwoE6Npqc +CH+sx6OBpjCBozAJBgNVHRMEAjAAMB0GA1UdDgQWBBTeukJn2iaaeQzk16u62goC +cdBI/jBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG +A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DATBgNV +HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZIzj0EAwIDaAAwZQIx +AIfBG9EV2YVi+Vj/CzCgO8cxykYMcQxVnYOjqTKTlHprtFTio+a+3qopvHennhvM +bwIwZqWaFUJ/5K0AvgtzcCAbwWVAFSIoUYrRegY6UCzSVg1ILHr0sWM+rH8ByKy8 +BM65 +-----END CERTIFICATE----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/tsuhajda.crt b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/tsuhajda.crt new file mode 100644 index 0000000..289521f --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/tsuhajda.crt @@ -0,0 +1,59 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 4b:df:84:b3:7b:17:ce:e1:09:87:9b:67:05:4b:27:91 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:15:51 2019 GMT + Not After : Jul 14 13:15:51 2022 GMT + Subject: CN=tsuhajda + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:6a:52:47:b4:82:6f:88:07:39:d2:55:37:5b:de: + e8:37:fd:12:c8:2e:2a:c5:b4:9b:54:cf:2b:7c:73: + dd:9c:89:37:d7:a9:09:50:11:bb:ae:8e:8d:3f:e7: + d0:c9:7e:89:f5:7f:29:28:2d:d6:49:5b:69:b9:47: + da:82:87:1e:a9:e8:7a:98:e2:fe:2b:b6:b0:c2:fd: + aa:18:af:c3:d5:b0:c3:51:8b:77:8e:4d:68:60:47: + 41:28:4d:30:81:4d:7c + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 60:FA:D3:CB:9A:38:0E:08:58:0C:11:BB:A1:C8:18:FB:36:31:2A:67 + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:66:02:31:00:c2:3b:36:d4:ec:38:f3:3f:11:b3:74:6b:34: + 27:2f:bd:77:41:c1:20:55:e8:39:b5:1b:ad:04:a1:ab:ca:19: + 1e:31:6f:32:4e:12:80:f9:c9:fc:96:f4:7b:81:34:87:07:02: + 31:00:92:a4:26:4c:73:29:b6:4f:be:37:a7:98:50:33:4f:10: + cd:f2:a0:2d:e6:f1:dd:18:7e:0a:51:1d:81:36:5a:36:3c:17: + f8:d3:2c:cb:c1:16:5d:38:1d:57:97:9a:be:69 +-----BEGIN CERTIFICATE----- +MIICEDCCAZWgAwIBAgIQS9+Es3sXzuEJh5tnBUsnkTAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNTUxWhcNMjIwNzE0 +MTMxNTUxWjATMREwDwYDVQQDDAh0c3VoYWpkYTB2MBAGByqGSM49AgEGBSuBBAAi +A2IABGpSR7SCb4gHOdJVN1ve6Df9EsguKsW0m1TPK3xz3ZyJN9epCVARu66OjT/n +0Ml+ifV/KSgt1klbablH2oKHHqnoepji/iu2sML9qhivw9Www1GLd45NaGBHQShN +MIFNfKOBpjCBozAJBgNVHRMEAjAAMB0GA1UdDgQWBBRg+tPLmjgOCFgMEbuhyBj7 +NjEqZzBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG +A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DATBgNV +HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZIzj0EAwIDaQAwZgIx +AMI7NtTsOPM/EbN0azQnL713QcEgVeg5tRutBKGryhkeMW8yThKA+cn8lvR7gTSH +BwIxAJKkJkxzKbZPvjenmFAzTxDN8qAt5vHdGH4KUR2BNlo2PBf40yzLwRZdOB1X +l5q+aQ== +-----END CERTIFICATE----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/zbartakovics.crt b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/zbartakovics.crt new file mode 100644 index 0000000..03034ec --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/zbartakovics.crt @@ -0,0 +1,59 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 6b:9d:83:08:3d:87:cc:88:0a:de:bc:cd:3b:5c:ef:4d + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:16:02 2019 GMT + Not After : Jul 14 13:16:02 2022 GMT + Subject: CN=zbartakovics + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:0f:68:0b:c6:8e:81:3c:ef:a7:cb:71:84:f3:84: + 12:e5:9c:28:13:15:e1:ab:bf:2f:92:3c:db:40:2c: + e5:f7:c9:61:94:d2:23:08:10:75:53:7a:ec:39:3c: + a1:9c:d3:73:0e:79:db:4c:15:94:77:11:a4:30:e2: + bc:73:fa:66:0e:17:90:e2:a3:4c:17:82:41:87:c2: + 94:8a:c3:28:47:40:76:76:59:c7:16:47:07:8b:ec: + dd:22:6c:3c:af:26:25 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 36:50:AD:4A:3A:69:D8:C0:00:F4:3C:7C:FF:B0:7D:E2:94:B9:7C:8A + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:64:02:30:7e:1a:02:39:9f:2d:c8:dd:5b:4a:2b:9a:2e:61: + 60:a5:e2:60:92:29:d4:7e:f2:32:5a:be:90:72:89:42:1a:74: + 74:72:c3:e8:32:0b:63:82:52:65:fa:2f:b3:13:4f:16:02:30: + 1e:a0:79:e7:55:d1:45:54:97:8d:a0:fb:50:ce:47:b0:1f:d0: + 78:47:21:dc:21:d1:7d:f4:1a:da:48:55:fc:43:ce:28:ae:b9: + 96:c0:72:2b:29:e4:61:b7:6b:9a:b2:92 +-----BEGIN CERTIFICATE----- +MIICEjCCAZmgAwIBAgIQa52DCD2HzIgK3rzNO1zvTTAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNjAyWhcNMjIwNzE0 +MTMxNjAyWjAXMRUwEwYDVQQDDAx6YmFydGFrb3ZpY3MwdjAQBgcqhkjOPQIBBgUr +gQQAIgNiAAQPaAvGjoE876fLcYTzhBLlnCgTFeGrvy+SPNtALOX3yWGU0iMIEHVT +euw5PKGc03MOedtMFZR3EaQw4rxz+mYOF5Dio0wXgkGHwpSKwyhHQHZ2WccWRweL +7N0ibDyvJiWjgaYwgaMwCQYDVR0TBAIwADAdBgNVHQ4EFgQUNlCtSjpp2MAA9Dx8 +/7B94pS5fIowVQYDVR0jBE4wTIAU2zdHopAimnwj+TFi6Mle0WVGGdahHqQcMBox +GDAWBgNVBAMMD1VTRVIgT3BlblZQTiBDQYIUFpM3siy07jymSvRE5W3KA5Sgaeww +EwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMCA2cA +MGQCMH4aAjmfLcjdW0ormi5hYKXiYJIp1H7yMlq+kHKJQhp0dHLD6DILY4JSZfov +sxNPFgIwHqB551XRRVSXjaD7UM5HsB/QeEch3CHRffQa2khV/EPOKK65lsByKynk +YbdrmrKS +-----END CERTIFICATE----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/zfelleg.crt b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/zfelleg.crt new file mode 100644 index 0000000..dbaae76 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/zfelleg.crt @@ -0,0 +1,59 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 34:13:80:3e:21:7f:3b:dd:0a:af:d5:cb:0d:17:4b:3c + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:16:17 2019 GMT + Not After : Jul 14 13:16:17 2022 GMT + Subject: CN=zfelleg + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:83:a4:95:4c:f4:18:92:47:f1:fe:26:d4:2c:3a: + a1:65:73:7b:ef:cd:26:ef:dc:d7:7a:dc:95:9a:8b: + 66:3f:e9:c9:2e:f6:ac:0a:0e:a1:8f:bd:a5:00:42: + 3a:30:03:9c:0a:5b:4a:c3:3c:bc:62:05:60:37:36: + 99:e4:e7:27:2d:ae:a9:c1:a2:57:35:8e:d2:59:77: + 29:16:64:50:94:16:ca:1a:19:31:1a:83:8c:41:07: + 7f:7d:e7:fc:98:80:73 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 40:51:B5:0A:53:CE:54:25:34:5C:DC:E5:70:74:B3:6F:D4:D3:01:84 + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:30:7e:24:b4:72:c8:67:13:4f:a0:ba:09:76:d0:33: + 36:35:d4:d0:df:e7:a5:25:25:af:ce:36:67:42:22:bf:42:fb: + ab:96:52:73:c1:b2:a0:58:3a:90:b1:8a:78:70:eb:c9:02:31: + 00:d9:4a:41:83:7a:5d:1b:6c:e2:d0:2d:b7:c3:b9:b7:11:26: + 90:fa:9c:cb:20:e6:c4:cf:06:65:8b:8e:6b:00:c7:ec:77:f0: + 85:75:17:58:0b:ef:06:8b:13:0b:57:61:25 +-----BEGIN CERTIFICATE----- +MIICDjCCAZSgAwIBAgIQNBOAPiF/O90Kr9XLDRdLPDAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNjE3WhcNMjIwNzE0 +MTMxNjE3WjASMRAwDgYDVQQDDAd6ZmVsbGVnMHYwEAYHKoZIzj0CAQYFK4EEACID +YgAEg6SVTPQYkkfx/ibULDqhZXN7780m79zXetyVmotmP+nJLvasCg6hj72lAEI6 +MAOcCltKwzy8YgVgNzaZ5OcnLa6pwaJXNY7SWXcpFmRQlBbKGhkxGoOMQQd/fef8 +mIBzo4GmMIGjMAkGA1UdEwQCMAAwHQYDVR0OBBYEFEBRtQpTzlQlNFzc5XB0s2/U +0wGEMFUGA1UdIwROMEyAFNs3R6KQIpp8I/kxYujJXtFlRhnWoR6kHDAaMRgwFgYD +VQQDDA9VU0VSIE9wZW5WUE4gQ0GCFBaTN7IstO48pkr0ROVtygOUoGnsMBMGA1Ud +JQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjOPQQDAgNoADBlAjB+ +JLRyyGcTT6C6CXbQMzY11NDf56UlJa/ONmdCIr9C+6uWUnPBsqBYOpCxinhw68kC +MQDZSkGDel0bbOLQLbfDubcRJpD6nMsg5sTPBmWLjmsAx+x38IV1F1gL7waLEwtX +YSU= +-----END CERTIFICATE----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/openssl-easyrsa.cnf b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/openssl-easyrsa.cnf new file mode 100644 index 0000000..1139414 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/openssl-easyrsa.cnf @@ -0,0 +1,140 @@ +# For use with Easy-RSA 3.1 and OpenSSL or LibreSSL + +RANDFILE = $ENV::EASYRSA_PKI/.rnd + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = $ENV::EASYRSA_PKI # Where everything is kept +certs = $dir # Where the issued certs are kept +crl_dir = $dir # Where the issued crl are kept +database = $dir/index.txt # database index file. +new_certs_dir = $dir/certs_by_serial # default place for new certs. + +certificate = $dir/ca.crt # The CA certificate +serial = $dir/serial # The current serial number +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/ca.key # The private key +RANDFILE = $dir/.rand # private random number file + +x509_extensions = basic_exts # The extentions to add to the cert + +# This allows a V2 CRL. Ancient browsers don't like it, but anything Easy-RSA +# is designed for will. In return, we get the Issuer attached to CRLs. +crl_extensions = crl_ext + +default_days = $ENV::EASYRSA_CERT_EXPIRE # how long to certify for +default_crl_days= $ENV::EASYRSA_CRL_DAYS # how long before next CRL +default_md = $ENV::EASYRSA_DIGEST # use public key default MD +preserve = no # keep passed DN ordering + +# This allows to renew certificates which have not been revoked +unique_subject = no + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_anything + +# For the 'anything' policy, which defines allowed DN fields +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +name = optional +emailAddress = optional + +#################################################################### +# Easy-RSA request handling +# We key off $DN_MODE to determine how to format the DN +[ req ] +default_bits = $ENV::EASYRSA_KEY_SIZE +default_keyfile = privkey.pem +default_md = $ENV::EASYRSA_DIGEST +distinguished_name = $ENV::EASYRSA_DN +x509_extensions = easyrsa_ca # The extentions to add to the self signed cert + +# A placeholder to handle the $EXTRA_EXTS feature: +#%EXTRA_EXTS% # Do NOT remove or change this line as $EXTRA_EXTS support requires it + +#################################################################### +# Easy-RSA DN (Subject) handling + +# Easy-RSA DN for cn_only support: +[ cn_only ] +commonName = Common Name (eg: your user, host, or server name) +commonName_max = 64 +commonName_default = $ENV::EASYRSA_REQ_CN + +# Easy-RSA DN for org support: +[ org ] +countryName = Country Name (2 letter code) +countryName_default = $ENV::EASYRSA_REQ_COUNTRY +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = $ENV::EASYRSA_REQ_PROVINCE + +localityName = Locality Name (eg, city) +localityName_default = $ENV::EASYRSA_REQ_CITY + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = $ENV::EASYRSA_REQ_ORG + +organizationalUnitName = Organizational Unit Name (eg, section) +organizationalUnitName_default = $ENV::EASYRSA_REQ_OU + +commonName = Common Name (eg: your user, host, or server name) +commonName_max = 64 +commonName_default = $ENV::EASYRSA_REQ_CN + +emailAddress = Email Address +emailAddress_default = $ENV::EASYRSA_REQ_EMAIL +emailAddress_max = 64 + +#################################################################### +# Easy-RSA cert extension handling + +# This section is effectively unused as the main script sets extensions +# dynamically. This core section is left to support the odd usecase where +# a user calls openssl directly. +[ basic_exts ] +basicConstraints = CA:FALSE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer:always + +# The Easy-RSA CA extensions +[ easyrsa_ca ] + +# PKIX recommendations: + +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always + +# This could be marked critical, but it's nice to support reading by any +# broken clients who attempt to do so. +basicConstraints = CA:true + +# Limit key usage to CA tasks. If you really want to use the generated pair as +# a self-signed cert, comment this out. +keyUsage = cRLSign, keyCertSign + +# nsCertType omitted by default. Let's try to let the deprecated stuff die. +# nsCertType = sslCA + +# CRL extensions. +[ crl_ext ] + +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always,issuer:always + diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/akosztolanyi.key b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/akosztolanyi.key new file mode 100644 index 0000000..1686196 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/akosztolanyi.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAAawl07oNQMZCfcl3T +oCd6VLq2esm4lDOpS6pk79zJuxrVrgWXWZ3DJdVPE939ZZyhZANiAASX1ImCDBut +xEvdTBml9dg8Qp3SsA2ebKaoYpq//XiddvQCrVGflxJZvMGjoBc1di906rnTcks1 +lEDzfrUcr1HRtNN6aT1/HlGX/uNK7AHG6YnpjreUo3ISbmbFot6tJ+I= +-----END PRIVATE KEY----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/azsamboki.key b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/azsamboki.key new file mode 100644 index 0000000..f36c066 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/azsamboki.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDVEmbLHw/XijB+525e +66kG1MP6JphJr44lPXVQvIujmajoE+MTm78fNuiGTdATr9uhZANiAAQ0DfMO5gVp +8yR97xkMzgS9JDTjjOUrfj9wOVWbLnP6xk5EQpVpghOFmGNaJdwcsjKclwG1+8Td +WQWKq7bBshMDCuOL5+piwXEbTyB0nAvfRlZsA9WM2EwC6W5iOh+zDro= +-----END PRIVATE KEY----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/bcsoka.key b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/bcsoka.key new file mode 100644 index 0000000..59bf176 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/bcsoka.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDW2V2Xoel5TxZHAr05 +sZS3frZowpcmgSGHc5yQagP0O0qR6qZFC78bee0wsOy/fG2hZANiAASnlb9sjg80 +nMoUizNNgFWYHhDD6YR/ck3yYWhwWcdvbQLEIs9YgOc1GG7uEf4pAcPqeYWD5gxv +xdh/n9VVJ3uoFxQtlOXEpJ+suDgCwEFaGopj5cNSJ2JXCxRrNsyOUT8= +-----END PRIVATE KEY----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/bme.key b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/bme.key new file mode 100644 index 0000000..1524074 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/bme.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDGOiNJILhTWN7SPHdY +gpwEUN8RoQ0ZNV1vZGV8yKqoQbfc58QwZ7b1HLT95z79oeuhZANiAASG011uvj6R +kNejLNJqKk+7zVJORlsbYPDLqlu0iHH0cQDkuMt0zridwf1caacoZiFDEUo1Bssc +Vws3m/EveCrSHQFJZnEldHQOvpN1QGzLCoEOI3y3+Zvh0MTSHG3ayvI= +-----END PRIVATE KEY----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/ca.key b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/ca.key new file mode 100644 index 0000000..6b9216a --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/ca.key @@ -0,0 +1,6 @@ +-----BEGIN EC PRIVATE KEY----- +MIGkAgEBBDA3vz1kTnTJw5rUdKXLe+731c2Q/jGtdnPZzYmi5D3MpQSzeH9DoOQx +fWsPZKD3sXSgBwYFK4EEACKhZANiAAR/RWndZQ7I3I1p1tXTBdHE3CzdV+PQO0s5 +ZL4+oeempBEMOiJfRWA/bZQ97Bh0EzQb7ytjr1Xv9PQjZzUw7F6EQmnDMO2s9LBY +UhiWi+GtObloJcVa/sSaNzaXN9/vv3o= +-----END EC PRIVATE KEY----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/csgulyas.key b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/csgulyas.key new file mode 100644 index 0000000..11a1b7e --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/csgulyas.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDByGpeF+ILcYFWX4cH9 +SxRUvZUkSb1ejVW5jVjfr8UyyfDaAR35ZNCZ1JLgdSWC0g2hZANiAASCA5Gt53a3 +jVGGbczjFZFsrDHnbeFEDcMplXxe4eg3qgD2R3QY5yiQlRZsCOKf1yRVRiIcGZ8G +S5uOlktdu8CtNVoGcxA2Mh2J5rGe82INj4VwckxISkfw+uv2e5x/qHo= +-----END PRIVATE KEY----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/cslevai.key b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/cslevai.key new file mode 100644 index 0000000..cb40b49 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/cslevai.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBcc3FEyoXLKwyy5rTO +jo9SMOdGwdkwZFGBHDUYB65z/JrmvW6ArIv/XuYS3eCOg3mhZANiAARL1OFPp1se +xH1AJxnevMx4a1qGE0jEwEAJTh3NtPCNFC5EfI4te3UnAMSbXHEdNf/2kQHiPyJN +9FlF5IVhojC7f45/htt5etphAHI9YAs6e9OOQ9Uh+eXvAQJIDqoH4N8= +-----END PRIVATE KEY----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/dhorvath.key b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/dhorvath.key new file mode 100644 index 0000000..40bd5d3 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/dhorvath.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAiHqPToF5VeW4qNuAu +JwWSuOhHA5ZoB1jVj28Cxtnd2nbtrVwpIKlKOMiQy4WhyoKhZANiAATCdypXAXvZ +C+DgaX4q3wW4kU5QUelSvaX6Aa1iCmkQgm+qhGQzcdmWypwFztkTmbDZ1U3ZGkOM +QdXnCq6SbPZ/v3O2/72ku/zZDDYN4vR4JLvNrOkE1pylK87XDoWFEPE= +-----END PRIVATE KEY----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/dvasary.key b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/dvasary.key new file mode 100644 index 0000000..9eeb0f5 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/dvasary.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBlosRzur9E4uOwMzTj +/x+I2VSe0jDyJr/CDV50ElawBO6bEvw4a5m2HjNW7HcAF4yhZANiAASDT1F78TDc +diXbIf0Rijn8b0oP9TidjjwYw+K5mn7YJZ1p8UDyHPi9fJjpHYZ40NV7seaKy0Tp +QmxhxNkyxRbwdnGQWA8T9MsBAmj6uz7LJEfihy3yxtlfuBbeR6q/AmU= +-----END PRIVATE KEY----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/fritter.key b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/fritter.key new file mode 100644 index 0000000..6074d87 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/fritter.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDaUFU/AcO1aLWRrpXF +pdIp3a8bUuIn0Sf/p2z+xd96uy8q/k4ldwJuAFpDqIWU7EehZANiAAQBFmGaKZsA +NMbY0DGH5yz9en7gbvcmGmJ/1H2qjQ6DvcJRjMs0Kz0EQE8sb4uGm3/eonmkCgNM +cHE0uvb40eiSGDLWeD1dKVxwoLaAfyHiYwlXwUb9m9l6KrgT8veDzDI= +-----END PRIVATE KEY----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/fschnell.key b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/fschnell.key new file mode 100644 index 0000000..9b80bca --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/fschnell.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDJrT8LYg3Z3J0bN6Zo +Hu+9iFCXEwyBg21YcYlkT+Ugp2+VCgT27UByvVcOCBWffvGhZANiAATBZnE3u/W2 +LLCg1oyFLDEo0V7WI3Gut295ElB6tWzu66CpmxrV811y/c3xDSM/bkR7H8mKHvtR +reK/yBIN0HoR3u7CbgavZ8dRE4zPdZ+pgELynFp4rylX37DB1tY7QmA= +-----END PRIVATE KEY----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/ifabian.key b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/ifabian.key new file mode 100644 index 0000000..536e995 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/ifabian.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBJtymPakZLlMwR+KYJ +QWARrF1lWXrsteVeTa36Rx5Hj/VVVvDBIdnd6jJ8ZYtFkP6hZANiAAS6ZZRnCDSG +xw+UAF/iOFueKV92eodDWzekRKs5cr43Dj/FulWLbL0i7XRUiKIc7PgkNz+zsuNW +DuWBy+9IHeXqH2dRXyCLL6r+/o7UvpEolLbMBHSQcpAQoHxCouNMf0k= +-----END PRIVATE KEY----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/khorvath.key b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/khorvath.key new file mode 100644 index 0000000..80b283e --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/khorvath.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCHVXyxB2Mu+VF6/KPn +CMn4rSmKCw0bg6ui1SzGZj+A8F334h0AnMFdygwAWFFwjI+hZANiAAQQ0KJoZupA +NvOdE+K854eS1Mry5hOpC9CSt6Ak8OTOaQjk4sBm4CoqeQbj1DPoa5Sn+3Ga55qh ++Ro7KD87DJlfLs8XmGAQFiLDH35hYpeFNgoK6SYOdsOIuI7kgHhStZw= +-----END PRIVATE KEY----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/kkancz.key b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/kkancz.key new file mode 100644 index 0000000..f637748 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/kkancz.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDC6hDj7GpCg6mhd+Ih0 +NNNHxi0brgmGC0T53l8asSES2Af/Ot8NgmKXCLncufiW/DyhZANiAAQWw8xMGZHm +s1OJfXoerleJUhnX5cfQaHSmDZLpCeeBXhEC6oeJIOdXscpEts9fAVhzlIk6Cmf6 +n8jJFo3ncnWUjVLe8Q9HoxWDw81nyBSvsvVjCAwl1dUKuvubD9/gRbQ= +-----END PRIVATE KEY----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/kkele.key b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/kkele.key new file mode 100644 index 0000000..cb85619 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/kkele.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCZCcP1YRtj97FZBxtE +5Axn4mV2pTI/8RH0/SBivyOK4NsnVPQeiXI1XOBgXKRafIWhZANiAAQK6O35GvW2 +F9df/56cHh0RzxJ/ARHKorHgtbwwa1z/XtIGK1WpD1U6ru6mXnQN9kO2pB0XKw+H +e8I5Rx3n++Rk0QBguxzr4ECCjXcJhdEcN8g+1WRRDx1xcQQ6IWyiVzY= +-----END PRIVATE KEY----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/mszabo.key b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/mszabo.key new file mode 100644 index 0000000..e2ca658 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/mszabo.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDlaHtUEb8WUjje5qw7 +TWC4QX2Cpc2Cp9yZfsw2l18Iz5G/fwCCzsYbfOstnZyIiJahZANiAATU3vBK9KCK +vVKXh8D1KId9e0zzPRO+a/ZhI/iR/SpZ2zgu7NZdIcK54Iw4Nsm7LPmH88VTKNGU +A9MkwPqVsxlKQpWUIhFPguq/FkJCkPGe6WhILrnbcb5ISusGYWNzdxg= +-----END PRIVATE KEY----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/qqcs.key b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/qqcs.key new file mode 100644 index 0000000..8a15c4f --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/qqcs.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBJVj3xLzZDW0wggPR3 +JPZUDXSKsfeXT+1IyjY7IKpB0Ku+jIOzCt1ma3S4iUK/F4ChZANiAARKw6UwPjUw +mTRoSEgIBZbJtEDM5QmB40cHhFljWfjFkn81umgbFNLz2jkUl+MRCdhPNGGdsnXW +c6vZ6+0O6OV7KMadBLHtR5cr02IBs4PnbMjHEYLzyMCXJ1KNVNpCmPs= +-----END PRIVATE KEY----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/rrendek.key b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/rrendek.key new file mode 100644 index 0000000..c61e94e --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/rrendek.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCsxtcmrcd9xqynDZ3a +foxPCtPVy9dGZ9GYZY0umi1aXddSZmTQLis9HcQZsg6fqpuhZANiAATqxKvhJEKR +Bhdz1tmHFymoBXO+WlQ4PsndeFXK4ifmRBoiWzoVaGG/rs4FpcmY96P/DrnbjvwV +rHZByG7ehTjLH7GYQd9OGGIkBJVaFmsL/RPjJot205pUbJsZPFXe0C4= +-----END PRIVATE KEY----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/server.key b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/server.key new file mode 100644 index 0000000..ad49b2d --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/server.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAxKh8kZwIH7ORp/VMB +sKaPF30JqoD2BfBnnsKIMk9tVLvGYQuBZPfOhIEejfuiT1mhZANiAAS5H+qD4Grj +Sd2o9QYXM0xEc6xGATPriKMS1gqqO+5v03VpGfaCEp0jFzq5/mZhJkxG29L5Wvyo +glgiqLf8y/3MPfHoyRk58fPQ+3Own3dTnP81tbXGje7rZgvRcNW7pGY= +-----END PRIVATE KEY----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/thering.key b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/thering.key new file mode 100644 index 0000000..0249c57 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/thering.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCboZiI4T9fQqhuUhZ1 +lsZw4yXdJ5COxryQGbWBWZanAdbF2JG/wNgYVcYHmU+IpEyhZANiAAQY5nQlpAlq +g5+8ceiOwURzbGAXOimkEUCUna2q9DcDzIOnKFtYyAtAv+zIg25B21YkN1Z/uiVX +CXaCJ0WT6WUlqlXxy0jYi9Jl3I5Rcehg0S6INPTR88KBOjaanAh/rMc= +-----END PRIVATE KEY----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/tsuhajda.key b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/tsuhajda.key new file mode 100644 index 0000000..f8231d9 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/tsuhajda.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDA3FfCdgRHmr7R09vcV +oMIHICl1w6SEHkvJWvu/kgBvfUTDa+8xO6TcfLj3bcN7SUKhZANiAARqUke0gm+I +BznSVTdb3ug3/RLILirFtJtUzyt8c92ciTfXqQlQEbuujo0/59DJfon1fykoLdZJ +W2m5R9qChx6p6HqY4v4rtrDC/aoYr8PVsMNRi3eOTWhgR0EoTTCBTXw= +-----END PRIVATE KEY----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/zbartakovics.key b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/zbartakovics.key new file mode 100644 index 0000000..fffc0bc --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/zbartakovics.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDA0fa139CTqeLKWJaqU +GKH5EIpDoFGwek9AW9Td5BTuYxpTREQwi3vMbEZ4sULZI2ehZANiAAQPaAvGjoE8 +76fLcYTzhBLlnCgTFeGrvy+SPNtALOX3yWGU0iMIEHVTeuw5PKGc03MOedtMFZR3 +EaQw4rxz+mYOF5Dio0wXgkGHwpSKwyhHQHZ2WccWRweL7N0ibDyvJiU= +-----END PRIVATE KEY----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/zfelleg.key b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/zfelleg.key new file mode 100644 index 0000000..9b1a3ad --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/zfelleg.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDrR6bejMZ+YEKPLqFW +EcqqktxOsksvQB6WL0olu99MczjNpHbWRJdzF0b1CxYYTKChZANiAASDpJVM9BiS +R/H+JtQsOqFlc3vvzSbv3Nd63JWai2Y/6cku9qwKDqGPvaUAQjowA5wKW0rDPLxi +BWA3Npnk5yctrqnBolc1jtJZdykWZFCUFsoaGTEag4xBB3995/yYgHM= +-----END PRIVATE KEY----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/akosztolanyi.req b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/akosztolanyi.req new file mode 100644 index 0000000..322cf20 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/akosztolanyi.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBEDCBlgIBADAXMRUwEwYDVQQDDAxha29zenRvbGFueWkwdjAQBgcqhkjOPQIB +BgUrgQQAIgNiAASX1ImCDButxEvdTBml9dg8Qp3SsA2ebKaoYpq//XiddvQCrVGf +lxJZvMGjoBc1di906rnTcks1lEDzfrUcr1HRtNN6aT1/HlGX/uNK7AHG6YnpjreU +o3ISbmbFot6tJ+KgADAKBggqhkjOPQQDAgNpADBmAjEA9b9s6OwjKnzMIMxDIDp7 +oUEmxZkKTd/qnF1rLkGMkEqPR1BtjmTQ0VCmiqqFHE78AjEAv2QzGitc04jGM9qN ++usRbImaeg6z0raTPfqLyMWm6nnBY8uSUU6v4+3QN71cRK9Q +-----END CERTIFICATE REQUEST----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/azsamboki.req b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/azsamboki.req new file mode 100644 index 0000000..825cf22 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/azsamboki.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBDTCBkwIBADAUMRIwEAYDVQQDDAlhenNhbWJva2kwdjAQBgcqhkjOPQIBBgUr +gQQAIgNiAAQ0DfMO5gVp8yR97xkMzgS9JDTjjOUrfj9wOVWbLnP6xk5EQpVpghOF +mGNaJdwcsjKclwG1+8TdWQWKq7bBshMDCuOL5+piwXEbTyB0nAvfRlZsA9WM2EwC +6W5iOh+zDrqgADAKBggqhkjOPQQDAgNpADBmAjEAiHN5e892//rYy9BnKTBTQC2J +TzqUkavZbFxD5mw0lMNSdPH+h1NStxXieQFf2SylAjEAjz34uHonL001gQgmvGab +31SogblGs9rlmN3nbHnQqOFMufbEhjlv4DRDrkEUyENY +-----END CERTIFICATE REQUEST----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/bcsoka.req b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/bcsoka.req new file mode 100644 index 0000000..d7a890d --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/bcsoka.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBCjCBkAIBADARMQ8wDQYDVQQDDAZiY3Nva2EwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAASnlb9sjg80nMoUizNNgFWYHhDD6YR/ck3yYWhwWcdvbQLEIs9YgOc1GG7u +Ef4pAcPqeYWD5gxvxdh/n9VVJ3uoFxQtlOXEpJ+suDgCwEFaGopj5cNSJ2JXCxRr +NsyOUT+gADAKBggqhkjOPQQDAgNpADBmAjEAwjmYAhasFVT6Lq4gGkMn4U1sz/9q +fcKAwjgYttqn0Ua3aerak8JkHZmInKqhACx8AjEAmdWK89Q64CZvB1GiN6BAfRo6 +OSbxdsrK9tZF+ZwwGqoQtdzMndk3C8nVKzUq6pRM +-----END CERTIFICATE REQUEST----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/bme.req b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/bme.req new file mode 100644 index 0000000..4689d8b --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/bme.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBBjCBjQIBADAOMQwwCgYDVQQDDANibWUwdjAQBgcqhkjOPQIBBgUrgQQAIgNi +AASG011uvj6RkNejLNJqKk+7zVJORlsbYPDLqlu0iHH0cQDkuMt0zridwf1caaco +ZiFDEUo1BsscVws3m/EveCrSHQFJZnEldHQOvpN1QGzLCoEOI3y3+Zvh0MTSHG3a +yvKgADAKBggqhkjOPQQDAgNoADBlAjAoEqLeEaWwBS6VbzcFoWGufgr14IuWII3H +CFQDf5mztT88Dbx+uPlZ3CpHUqHMDO8CMQCPOOmlAUz4AlATmoyuE8Ey7JVEqMxX +Z82izTz2dCDKQYaY4JpVJhrtkR6L7M5rvyg= +-----END CERTIFICATE REQUEST----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/csgulyas.req b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/csgulyas.req new file mode 100644 index 0000000..e8347f1 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/csgulyas.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBCzCBkgIBADATMREwDwYDVQQDDAhjc2d1bHlhczB2MBAGByqGSM49AgEGBSuB +BAAiA2IABIIDka3ndreNUYZtzOMVkWysMedt4UQNwymVfF7h6DeqAPZHdBjnKJCV +FmwI4p/XJFVGIhwZnwZLm46WS127wK01WgZzEDYyHYnmsZ7zYg2PhXByTEhKR/D6 +6/Z7nH+oeqAAMAoGCCqGSM49BAMCA2gAMGUCMQCRn3Yv+/MqzS4M2I0Z8+BQU4PP +r8IhvDBMeycOF7kbsUhg1p//ai8lcRM+GME5dzsCMD62uS2r1aCZkFRlYP82B5PH +LxrohmLJIPjb7bxJ89S4JF0FlkvRO9jSaGa7wj5FiA== +-----END CERTIFICATE REQUEST----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/cslevai.req b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/cslevai.req new file mode 100644 index 0000000..eb01a9b --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/cslevai.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBCjCBkQIBADASMRAwDgYDVQQDDAdjc2xldmFpMHYwEAYHKoZIzj0CAQYFK4EE +ACIDYgAES9ThT6dbHsR9QCcZ3rzMeGtahhNIxMBACU4dzbTwjRQuRHyOLXt1JwDE +m1xxHTX/9pEB4j8iTfRZReSFYaIwu3+Of4bbeXraYQByPWALOnvTjkPVIfnl7wEC +SA6qB+DfoAAwCgYIKoZIzj0EAwIDaAAwZQIwNeJETbz7Dat7wMfmHtx9Pv0jh8C4 +YodGVagDeEUqF3infv2UyBZcIbCyEPV1mFFhAjEA5hWnL38pc1lZjaNCnVRZmRWQ +3Ex5dlmifgYarn0mYzPkDWMzTsSdzwNGJ7OmKe8p +-----END CERTIFICATE REQUEST----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/dhorvath.req b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/dhorvath.req new file mode 100644 index 0000000..7562ee6 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/dhorvath.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBCjCBkgIBADATMREwDwYDVQQDDAhkaG9ydmF0aDB2MBAGByqGSM49AgEGBSuB +BAAiA2IABMJ3KlcBe9kL4OBpfirfBbiRTlBR6VK9pfoBrWIKaRCCb6qEZDNx2ZbK +nAXO2ROZsNnVTdkaQ4xB1ecKrpJs9n+/c7b/vaS7/NkMNg3i9Hgku82s6QTWnKUr +ztcOhYUQ8aAAMAoGCCqGSM49BAMCA2cAMGQCMBEnuVtyHrzWaRjKbPnZ0QtctxoE +drQ3vda///knPl0W/HPqmdkp2t1oPfbMCYZi9gIwTC/4kV1Fs35Y1diGh6zMAQnH +JqBRXkU4Hzq8wf5hB8d2rlGTeKllFhtLED2l8SHn +-----END CERTIFICATE REQUEST----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/dvasary.req b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/dvasary.req new file mode 100644 index 0000000..1ec72d6 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/dvasary.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBCjCBkQIBADASMRAwDgYDVQQDDAdkdmFzYXJ5MHYwEAYHKoZIzj0CAQYFK4EE +ACIDYgAEg09Re/Ew3HYl2yH9EYo5/G9KD/U4nY48GMPiuZp+2CWdafFA8hz4vXyY +6R2GeNDVe7HmistE6UJsYcTZMsUW8HZxkFgPE/TLAQJo+rs+yyRH4oct8sbZX7gW +3keqvwJloAAwCgYIKoZIzj0EAwIDaAAwZQIwDWGTqyuFxTU89a8QFmWFhnl98LAK +E6NmA5PtTd5jpFHIXReIRr3hSQooV1rSGVPhAjEAtdPDlua5HNE4BNHH0bAKmEXa +3nDHf5bW7ni58J4cLvwED/pVd6iOgqG4dA4S+qi2 +-----END CERTIFICATE REQUEST----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/fritter.req b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/fritter.req new file mode 100644 index 0000000..80e984a --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/fritter.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBCzCBkQIBADASMRAwDgYDVQQDDAdmcml0dGVyMHYwEAYHKoZIzj0CAQYFK4EE +ACIDYgAEARZhmimbADTG2NAxh+cs/Xp+4G73Jhpif9R9qo0Og73CUYzLNCs9BEBP +LG+Lhpt/3qJ5pAoDTHBxNLr2+NHokhgy1ng9XSlccKC2gH8h4mMJV8FG/ZvZeiq4 +E/L3g8wyoAAwCgYIKoZIzj0EAwIDaQAwZgIxAKqfCt8f45Cqbn0WnXE6MhQ1JxKj +QHAB75GEZ2u+Vpe0gnqlZh0S6GQxGhAsBMmtCAIxAKLdxowosLANPnPNGIkClJcI +C1L9r5AUWLA3E5hlEDDfc6V1XzYGPjwK1sVKsVSQtg== +-----END CERTIFICATE REQUEST----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/fschnell.req b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/fschnell.req new file mode 100644 index 0000000..996cfc7 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/fschnell.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBDDCBkgIBADATMREwDwYDVQQDDAhmc2NobmVsbDB2MBAGByqGSM49AgEGBSuB +BAAiA2IABMFmcTe79bYssKDWjIUsMSjRXtYjca63b3kSUHq1bO7roKmbGtXzXXL9 +zfENIz9uRHsfyYoe+1Gt4r/IEg3QehHe7sJuBq9nx1ETjM91n6mAQvKcWnivKVff +sMHW1jtCYKAAMAoGCCqGSM49BAMCA2kAMGYCMQDv/73kqyWsmH2ko9P2v8OsTtwM +5t+jTagnhMiEn5m5JcRL7Ek5KvIMtjMZis++hxMCMQCTjT/T7/5J7IbB5Hl4QwYR +DZ8rFgjx7pgwiGj+h5TJLsvYfziM4F7c7FJ3klh1T08= +-----END CERTIFICATE REQUEST----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/ifabian.req b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/ifabian.req new file mode 100644 index 0000000..7a5e086 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/ifabian.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBCzCBkQIBADASMRAwDgYDVQQDDAdpZmFiaWFuMHYwEAYHKoZIzj0CAQYFK4EE +ACIDYgAEumWUZwg0hscPlABf4jhbnilfdnqHQ1s3pESrOXK+Nw4/xbpVi2y9Iu10 +VIiiHOz4JDc/s7LjVg7lgcvvSB3l6h9nUV8giy+q/v6O1L6RKJS2zAR0kHKQEKB8 +QqLjTH9JoAAwCgYIKoZIzj0EAwIDaQAwZgIxAOKmHpLEoJhLnOz8fNiI5WoDjBgJ +12SbiqqP30nhj3VHCHp9vVQHIowqsKGaEcNMfgIxALfI4SN2rbCVk/NoNuJjnLjv +R7oQ9xPH/Vs0lsLiphy8HvgOVuX/GFMviRcI9BY4Fg== +-----END CERTIFICATE REQUEST----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/khorvath.req b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/khorvath.req new file mode 100644 index 0000000..56e30c5 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/khorvath.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBCzCBkgIBADATMREwDwYDVQQDDAhraG9ydmF0aDB2MBAGByqGSM49AgEGBSuB +BAAiA2IABBDQomhm6kA2850T4rznh5LUyvLmE6kL0JK3oCTw5M5pCOTiwGbgKip5 +BuPUM+hrlKf7cZrnmqH5GjsoPzsMmV8uzxeYYBAWIsMffmFil4U2CgrpJg52w4i4 +juSAeFK1nKAAMAoGCCqGSM49BAMCA2gAMGUCMH78kCLrP1jOuv+CdBvdGargTkqY +6VkaO+Ygm/mvXkZkLA62C3kDAYQivt7N2nleRAIxAIeEvYFTairnHufjd/Gr8xdt +SRei3fPpAm1gcQs02kNM6BFCuDPMg3E0AFMOX1SNBA== +-----END CERTIFICATE REQUEST----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/kkancz.req b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/kkancz.req new file mode 100644 index 0000000..15b1cf2 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/kkancz.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBCDCBkAIBADARMQ8wDQYDVQQDDAZra2FuY3owdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAAQWw8xMGZHms1OJfXoerleJUhnX5cfQaHSmDZLpCeeBXhEC6oeJIOdXscpE +ts9fAVhzlIk6Cmf6n8jJFo3ncnWUjVLe8Q9HoxWDw81nyBSvsvVjCAwl1dUKuvub +D9/gRbSgADAKBggqhkjOPQQDAgNnADBkAjAtsBR5gMCCHg5yQj7OW2MvxwMYTEpk +6066ABE0i66Ro8XJ0/7a/Wda5XvfqXVczIkCMG1SCQ20okavRvLqFg3O0+DH8Y7z ++jRPtszyVZ99Z9cGqK5CYszm7xf7ozyv/mN17Q== +-----END CERTIFICATE REQUEST----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/kkele.req b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/kkele.req new file mode 100644 index 0000000..77a3759 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/kkele.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBCDCBjwIBADAQMQ4wDAYDVQQDDAVra2VsZTB2MBAGByqGSM49AgEGBSuBBAAi +A2IABAro7fka9bYX11//npweHRHPEn8BEcqiseC1vDBrXP9e0gYrVakPVTqu7qZe +dA32Q7akHRcrD4d7wjlHHef75GTRAGC7HOvgQIKNdwmF0Rw3yD7VZFEPHXFxBDoh +bKJXNqAAMAoGCCqGSM49BAMCA2gAMGUCMBjHpxycgLPtdG09aiKCsVXlJRk4GIv3 +Zhpf/CaMZG4oDH/YzEwiFdand/7//GlE/gIxANy5n0vGIq56l1X3+WuIaNb3NFeR +G+8d4Z7W05tgac/dBYKR2hcAqvF16QE31vhWhA== +-----END CERTIFICATE REQUEST----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/mszabo.req b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/mszabo.req new file mode 100644 index 0000000..8f4c4b1 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/mszabo.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBCTCBkAIBADARMQ8wDQYDVQQDDAZtc3phYm8wdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAATU3vBK9KCKvVKXh8D1KId9e0zzPRO+a/ZhI/iR/SpZ2zgu7NZdIcK54Iw4 +Nsm7LPmH88VTKNGUA9MkwPqVsxlKQpWUIhFPguq/FkJCkPGe6WhILrnbcb5ISusG +YWNzdxigADAKBggqhkjOPQQDAgNoADBlAjEA077+fweY97IYc/LAi6fe72rejGAF +0mULlTDUxgFddu7wfUb/lgcnLv9M+SwIoaIHAjBqf5POJ5fsE4qaMP2YwoKjfrlG +08T6USZqvB4FpFa0zbd8LZihlkNroDBOx2TpXy0= +-----END CERTIFICATE REQUEST----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/qqcs.req b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/qqcs.req new file mode 100644 index 0000000..5d95907 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/qqcs.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBBjCBjgIBADAPMQ0wCwYDVQQDDARxcWNzMHYwEAYHKoZIzj0CAQYFK4EEACID +YgAESsOlMD41MJk0aEhICAWWybRAzOUJgeNHB4RZY1n4xZJ/NbpoGxTS89o5FJfj +EQnYTzRhnbJ11nOr2evtDujleyjGnQSx7UeXK9NiAbOD52zIxxGC88jAlydSjVTa +Qpj7oAAwCgYIKoZIzj0EAwIDZwAwZAIwR7VnIf4uVK82n307s6g0dYL1NUglgPwX +yIjqZIY2q2PvHGxwbmz/cU1Fuk1FeuAuAjB3QYjcUtk7kIcSmcI3SphCCRlbH0cD +4eImTHMs/6bJqft7xrDdAZN9uIAtBpsSqFk= +-----END CERTIFICATE REQUEST----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/rrendek.req b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/rrendek.req new file mode 100644 index 0000000..7973f6d --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/rrendek.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBCjCBkQIBADASMRAwDgYDVQQDDAdycmVuZGVrMHYwEAYHKoZIzj0CAQYFK4EE +ACIDYgAE6sSr4SRCkQYXc9bZhxcpqAVzvlpUOD7J3XhVyuIn5kQaIls6FWhhv67O +BaXJmPej/w652478Fax2Qchu3oU4yx+xmEHfThhiJASVWhZrC/0T4yaLdtOaVGyb +GTxV3tAuoAAwCgYIKoZIzj0EAwIDaAAwZQIwfcU6uSYmTg5df6XK0lxeYfAnNJJS +nCvW2iLWb2d8PHsQIj3CaTIDMAyMEUolkDD7AjEA1Rc+CDn480fUb2/IEGZvkYRi +0kztuCXQIz1WWJgpIr9X7OETpmkrNGWL4qNLJ/F5 +-----END CERTIFICATE REQUEST----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/server.req b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/server.req new file mode 100644 index 0000000..265669a --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/server.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBCTCBkAIBADARMQ8wDQYDVQQDDAZzZXJ2ZXIwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAAS5H+qD4GrjSd2o9QYXM0xEc6xGATPriKMS1gqqO+5v03VpGfaCEp0jFzq5 +/mZhJkxG29L5WvyoglgiqLf8y/3MPfHoyRk58fPQ+3Own3dTnP81tbXGje7rZgvR +cNW7pGagADAKBggqhkjOPQQDAgNoADBlAjEAv8gQnvhdDlNzx4eJwKHCciWX53PD +r9H+z1SZ44816XiTpFYZnMhRQI68+5TBp7CGAjByELeSgotlb4k9l3E0x/6/1QA8 +CC6AE4W/m8s1wXsRAhEHxmA6UZmOgPlZftSFICY= +-----END CERTIFICATE REQUEST----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/thering.req b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/thering.req new file mode 100644 index 0000000..df134f2 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/thering.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBCTCBkQIBADASMRAwDgYDVQQDDAd0aGVyaW5nMHYwEAYHKoZIzj0CAQYFK4EE +ACIDYgAEGOZ0JaQJaoOfvHHojsFEc2xgFzoppBFAlJ2tqvQ3A8yDpyhbWMgLQL/s +yINuQdtWJDdWf7olVwl2gidFk+llJapV8ctI2IvSZdyOUXHoYNEuiDT00fPCgTo2 +mpwIf6zHoAAwCgYIKoZIzj0EAwIDZwAwZAIwKkd3GRIaqtKhD6xkY/oDDkfO3JhS +1pytj/Y5Arxyllpq2WGKHk84Xpijpt+5mURuAjAJT6aKO8Yj/7gn0gUgqU7sgUjs +jeK8ul/weOnx98dvGarGCtHVFk/YOm1US3G60M4= +-----END CERTIFICATE REQUEST----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/tsuhajda.req b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/tsuhajda.req new file mode 100644 index 0000000..379e19f --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/tsuhajda.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBDDCBkgIBADATMREwDwYDVQQDDAh0c3VoYWpkYTB2MBAGByqGSM49AgEGBSuB +BAAiA2IABGpSR7SCb4gHOdJVN1ve6Df9EsguKsW0m1TPK3xz3ZyJN9epCVARu66O +jT/n0Ml+ifV/KSgt1klbablH2oKHHqnoepji/iu2sML9qhivw9Www1GLd45NaGBH +QShNMIFNfKAAMAoGCCqGSM49BAMCA2kAMGYCMQCaTPqfIpR3fVd//V/S5FDLDF5D +hUNIACH9bZYmY8pyH7PZ/hhQ23fZNDPWB8QcoHECMQDtcOGvrFd2VjHzZLsI98s5 +EHL436RfdE5WFtOnfEkCVoTvDkfZqkMjNh7M1dq/sgE= +-----END CERTIFICATE REQUEST----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/zbartakovics.req b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/zbartakovics.req new file mode 100644 index 0000000..a084cb4 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/zbartakovics.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBEDCBlgIBADAXMRUwEwYDVQQDDAx6YmFydGFrb3ZpY3MwdjAQBgcqhkjOPQIB +BgUrgQQAIgNiAAQPaAvGjoE876fLcYTzhBLlnCgTFeGrvy+SPNtALOX3yWGU0iMI +EHVTeuw5PKGc03MOedtMFZR3EaQw4rxz+mYOF5Dio0wXgkGHwpSKwyhHQHZ2WccW +RweL7N0ibDyvJiWgADAKBggqhkjOPQQDAgNpADBmAjEAlZgYRYG0puqjc3GQoAAI +sAZaw67rUqf+J9z6JDYnUPfqX3VrsJaKpTy4bmo8OwKnAjEArbINmKjKr9cOyTFu +IjC97INHf7dUzIWJQNJsmjpG9cUTetFHV9DlTiL+P72BRLWt +-----END CERTIFICATE REQUEST----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/zfelleg.req b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/zfelleg.req new file mode 100644 index 0000000..475481a --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/zfelleg.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBCjCBkQIBADASMRAwDgYDVQQDDAd6ZmVsbGVnMHYwEAYHKoZIzj0CAQYFK4EE +ACIDYgAEg6SVTPQYkkfx/ibULDqhZXN7780m79zXetyVmotmP+nJLvasCg6hj72l +AEI6MAOcCltKwzy8YgVgNzaZ5OcnLa6pwaJXNY7SWXcpFmRQlBbKGhkxGoOMQQd/ +fef8mIBzoAAwCgYIKoZIzj0EAwIDaAAwZQIxAPVqTTqKn5lRfhUswnzTfZEQS3e+ +zgb/KRloYHNkWyQiBgeevAegtg8QtJsyOnffagIwRrQOxn8+3w3QVui71ThBnVPz +6+8lqo25fipBYQ9xp0ONM6IxukuMdH5HBGqZi94q +-----END CERTIFICATE REQUEST----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/safessl-easyrsa.cnf b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/safessl-easyrsa.cnf new file mode 100644 index 0000000..e8527cb --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/safessl-easyrsa.cnf @@ -0,0 +1,140 @@ +# For use with Easy-RSA 3.1 and OpenSSL or LibreSSL + +RANDFILE = /etc/openvpn/server/easy-rsa/pki/.rnd + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = /etc/openvpn/server/easy-rsa/pki # Where everything is kept +certs = /etc/openvpn/server/easy-rsa/pki # Where the issued certs are kept +crl_dir = /etc/openvpn/server/easy-rsa/pki # Where the issued crl are kept +database = /etc/openvpn/server/easy-rsa/pki/index.txt # database index file. +new_certs_dir = /etc/openvpn/server/easy-rsa/pki/certs_by_serial # default place for new certs. + +certificate = /etc/openvpn/server/easy-rsa/pki/ca.crt # The CA certificate +serial = /etc/openvpn/server/easy-rsa/pki/serial # The current serial number +crl = /etc/openvpn/server/easy-rsa/pki/crl.pem # The current CRL +private_key = /etc/openvpn/server/easy-rsa/pki/private/ca.key # The private key +RANDFILE = /etc/openvpn/server/easy-rsa/pki/.rand # private random number file + +x509_extensions = basic_exts # The extentions to add to the cert + +# This allows a V2 CRL. Ancient browsers don't like it, but anything Easy-RSA +# is designed for will. In return, we get the Issuer attached to CRLs. +crl_extensions = crl_ext + +default_days = 1080 # how long to certify for +default_crl_days= 180 # how long before next CRL +default_md = sha256 # use public key default MD +preserve = no # keep passed DN ordering + +# This allows to renew certificates which have not been revoked +unique_subject = no + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_anything + +# For the 'anything' policy, which defines allowed DN fields +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +name = optional +emailAddress = optional + +#################################################################### +# Easy-RSA request handling +# We key off $DN_MODE to determine how to format the DN +[ req ] +default_bits = 2048 +default_keyfile = privkey.pem +default_md = sha256 +distinguished_name = cn_only +x509_extensions = easyrsa_ca # The extentions to add to the self signed cert + +# A placeholder to handle the $EXTRA_EXTS feature: +#%EXTRA_EXTS% # Do NOT remove or change this line as $EXTRA_EXTS support requires it + +#################################################################### +# Easy-RSA DN (Subject) handling + +# Easy-RSA DN for cn_only support: +[ cn_only ] +commonName = Common Name (eg: your user, host, or server name) +commonName_max = 64 +commonName_default = ChangeMe + +# Easy-RSA DN for org support: +[ org ] +countryName = Country Name (2 letter code) +countryName_default = US +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = California + +localityName = Locality Name (eg, city) +localityName_default = San Francisco + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Copyleft Certificate Co + +organizationalUnitName = Organizational Unit Name (eg, section) +organizationalUnitName_default = My Organizational Unit + +commonName = Common Name (eg: your user, host, or server name) +commonName_max = 64 +commonName_default = ChangeMe + +emailAddress = Email Address +emailAddress_default = me@example.net +emailAddress_max = 64 + +#################################################################### +# Easy-RSA cert extension handling + +# This section is effectively unused as the main script sets extensions +# dynamically. This core section is left to support the odd usecase where +# a user calls openssl directly. +[ basic_exts ] +basicConstraints = CA:FALSE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer:always + +# The Easy-RSA CA extensions +[ easyrsa_ca ] + +# PKIX recommendations: + +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always + +# This could be marked critical, but it's nice to support reading by any +# broken clients who attempt to do so. +basicConstraints = CA:true + +# Limit key usage to CA tasks. If you really want to use the generated pair as +# a self-signed cert, comment this out. +keyUsage = cRLSign, keyCertSign + +# nsCertType omitted by default. Let's try to let the deprecated stuff die. +# nsCertType = sslCA + +# CRL extensions. +[ crl_ext ] + +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always,issuer:always + diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/serial b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/serial new file mode 100644 index 0000000..639848e --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/serial @@ -0,0 +1 @@ +B563FF7CFF8723F8FD6CCD82851FFA32 diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/serial.old b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/serial.old new file mode 100644 index 0000000..32fcb20 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/serial.old @@ -0,0 +1 @@ +b563ff7cff8723f8fd6ccd82851ffa31 diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/ta.key b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/ta.key new file mode 100644 index 0000000..0cf8751 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/pki/ta.key @@ -0,0 +1,21 @@ +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +ea8f1c83226838b22597668f903e9929 +6b77ff8cf2afd8d9f839344c47f85693 +d4280a82bc743e01159f17545f7d7e23 +1e91d5292c53c26c353618495b7a4013 +8df9a1de2a3278ea55ac22d1a85b11bb +b155df61c10e835b49b2960a52840aa1 +64ea57bc98da062b695e06e3aca108c8 +d755dbd543d0d816546d7647d326aaea +8e02195160d37f131ffe52a1f39c017e +69fcb995e6fab1ee7a64c8b5a3946faa +38613b3bdbdd95443a7ec3b17386dce9 +b070e4a7cb7ce59152a37985e8a7d881 +b2c1da898f177dba80e0b53e7bbf53c0 +c7431ebce43cfebc92fa4e4ac49a146c +84ae27231334ca1dac42dea1f964d48f +eb7313175e956356f6ecefd289864a1a +-----END OpenVPN Static key V1----- diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/vars b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/vars new file mode 100644 index 0000000..00ccce7 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/vars @@ -0,0 +1,210 @@ +# Easy-RSA 3 parameter settings + +# NOTE: If you installed Easy-RSA from your distro's package manager, don't edit +# this file in place -- instead, you should copy the entire easy-rsa directory +# to another location so future upgrades don't wipe out your changes. + +# HOW TO USE THIS FILE +# +# vars.example contains built-in examples to Easy-RSA settings. You MUST name +# this file 'vars' if you want it to be used as a configuration file. If you do +# not, it WILL NOT be automatically read when you call easyrsa commands. +# +# It is not necessary to use this config file unless you wish to change +# operational defaults. These defaults should be fine for many uses without the +# need to copy and edit the 'vars' file. +# +# All of the editable settings are shown commented and start with the command +# 'set_var' -- this means any set_var command that is uncommented has been +# modified by the user. If you're happy with a default, there is no need to +# define the value to its default. + +# NOTES FOR WINDOWS USERS +# +# Paths for Windows *MUST* use forward slashes, or optionally double-esscaped +# backslashes (single forward slashes are recommended.) This means your path to +# the openssl binary might look like this: +# "C:/Program Files/OpenSSL-Win32/bin/openssl.exe" + +# A little housekeeping: DON'T EDIT THIS SECTION +# +# Easy-RSA 3.x doesn't source into the environment directly. +# Complain if a user tries to do this: +if [ -z "$EASYRSA_CALLER" ]; then + echo "You appear to be sourcing an Easy-RSA 'vars' file." >&2 + echo "This is no longer necessary and is disallowed. See the section called" >&2 + echo "'How to use this file' near the top comments for more details." >&2 + return 1 +fi + +# DO YOUR EDITS BELOW THIS POINT + +# This variable is used as the base location of configuration files needed by +# easyrsa. More specific variables for specific files (e.g., EASYRSA_SSL_CONF) +# may override this default. +# +# The default value of this variable is the location of the easyrsa script +# itself, which is also where the configuration files are located in the +# easy-rsa tree. + +#set_var EASYRSA "${0%/*}" + +# If your OpenSSL command is not in the system PATH, you will need to define the +# path to it here. Normally this means a full path to the executable, otherwise +# you could have left it undefined here and the shown default would be used. +# +# Windows users, remember to use paths with forward-slashes (or escaped +# back-slashes.) Windows users should declare the full path to the openssl +# binary here if it is not in their system PATH. + +#set_var EASYRSA_OPENSSL "openssl" +# +# This sample is in Windows syntax -- edit it for your path if not using PATH: +#set_var EASYRSA_OPENSSL "C:/Program Files/OpenSSL-Win32/bin/openssl.exe" + +# Edit this variable to point to your soon-to-be-created key directory. By +# default, this will be "$PWD/pki" (i.e. the "pki" subdirectory of the +# directory you are currently in). +# +# WARNING: init-pki will do a rm -rf on this directory so make sure you define +# it correctly! (Interactive mode will prompt before acting.) + +#set_var EASYRSA_PKI "$PWD/pki" + +# Define X509 DN mode. +# This is used to adjust what elements are included in the Subject field as the DN +# (this is the "Distinguished Name.") +# Note that in cn_only mode the Organizational fields further below aren't used. +# +# Choices are: +# cn_only - use just a CN value +# org - use the "traditional" Country/Province/City/Org/OU/email/CN format + +#set_var EASYRSA_DN "cn_only" + +# Organizational fields (used with 'org' mode and ignored in 'cn_only' mode.) +# These are the default values for fields which will be placed in the +# certificate. Don't leave any of these fields blank, although interactively +# you may omit any specific field by typing the "." symbol (not valid for +# email.) + +#set_var EASYRSA_REQ_COUNTRY "US" +#set_var EASYRSA_REQ_PROVINCE "California" +#set_var EASYRSA_REQ_CITY "San Francisco" +#set_var EASYRSA_REQ_ORG "Copyleft Certificate Co" +#set_var EASYRSA_REQ_EMAIL "me@example.net" +#set_var EASYRSA_REQ_OU "My Organizational Unit" + +# Choose a size in bits for your keypairs. The recommended value is 2048. Using +# 2048-bit keys is considered more than sufficient for many years into the +# future. Larger keysizes will slow down TLS negotiation and make key/DH param +# generation take much longer. Values up to 4096 should be accepted by most +# software. Only used when the crypto alg is rsa (see below.) + +#set_var EASYRSA_KEY_SIZE 2048 + +# The default crypto mode is rsa; ec can enable elliptic curve support. +# Note that not all software supports ECC, so use care when enabling it. +# Choices for crypto alg are: (each in lower-case) +# * rsa +# * ec + +set_var EASYRSA_ALGO ec + +# Define the named curve, used in ec mode only: + +#set_var EASYRSA_CURVE secp384r1 + +# In how many days should the root CA key expire? + +#set_var EASYRSA_CA_EXPIRE 3650 + +# In how many days should certificates expire? + +#set_var EASYRSA_CERT_EXPIRE 1080 + +# How many days until the next CRL publish date? Note that the CRL can still be +# parsed after this timeframe passes. It is only used for an expected next +# publication date. + +# How many days before its expiration date a certificate is allowed to be +# renewed? +#set_var EASYRSA_CERT_RENEW 30 + +#set_var EASYRSA_CRL_DAYS 180 + +# Support deprecated "Netscape" extensions? (choices "yes" or "no".) The default +# is "no" to discourage use of deprecated extensions. If you require this +# feature to use with --ns-cert-type, set this to "yes" here. This support +# should be replaced with the more modern --remote-cert-tls feature. If you do +# not use --ns-cert-type in your configs, it is safe (and recommended) to leave +# this defined to "no". When set to "yes", server-signed certs get the +# nsCertType=server attribute, and also get any NS_COMMENT defined below in the +# nsComment field. + +#set_var EASYRSA_NS_SUPPORT "no" + +# When NS_SUPPORT is set to "yes", this field is added as the nsComment field. +# Set this blank to omit it. With NS_SUPPORT set to "no" this field is ignored. + +#set_var EASYRSA_NS_COMMENT "Easy-RSA Generated Certificate" + +# A temp file used to stage cert extensions during signing. The default should +# be fine for most users; however, some users might want an alternative under a +# RAM-based FS, such as /dev/shm or /tmp on some systems. + +#set_var EASYRSA_TEMP_FILE "$EASYRSA_PKI/extensions.temp" + +# !! +# NOTE: ADVANCED OPTIONS BELOW THIS POINT +# PLAY WITH THEM AT YOUR OWN RISK +# !! + +# Broken shell command aliases: If you have a largely broken shell that is +# missing any of these POSIX-required commands used by Easy-RSA, you will need +# to define an alias to the proper path for the command. The symptom will be +# some form of a 'command not found' error from your shell. This means your +# shell is BROKEN, but you can hack around it here if you really need. These +# shown values are not defaults: it is up to you to know what you're doing if +# you touch these. +# +#alias awk="/alt/bin/awk" +#alias cat="/alt/bin/cat" + +# X509 extensions directory: +# If you want to customize the X509 extensions used, set the directory to look +# for extensions here. Each cert type you sign must have a matching filename, +# and an optional file named 'COMMON' is included first when present. Note that +# when undefined here, default behaviour is to look in $EASYRSA_PKI first, then +# fallback to $EASYRSA for the 'x509-types' dir. You may override this +# detection with an explicit dir here. +# +#set_var EASYRSA_EXT_DIR "$EASYRSA/x509-types" + +# OpenSSL config file: +# If you need to use a specific openssl config file, you can reference it here. +# Normally this file is auto-detected from a file named openssl-easyrsa.cnf from the +# EASYRSA_PKI or EASYRSA dir (in that order.) NOTE that this file is Easy-RSA +# specific and you cannot just use a standard config file, so this is an +# advanced feature. + +#set_var EASYRSA_SSL_CONF "$EASYRSA/openssl-easyrsa.cnf" + +# Default CN: +# This is best left alone. Interactively you will set this manually, and BATCH +# callers are expected to set this themselves. + +#set_var EASYRSA_REQ_CN "ChangeMe" + +# Cryptographic digest to use. +# Do not change this default unless you understand the security implications. +# Valid choices include: md5, sha1, sha256, sha224, sha384, sha512 + +#set_var EASYRSA_DIGEST "sha256" + +# Batch mode. Leave this disabled unless you intend to call Easy-RSA explicitly +# in batch mode without any user input, confirmation on dangerous operations, +# or most output. Setting this to any non-blank string enables batch mode. + +#set_var EASYRSA_BATCH "" + diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/x509-types/COMMON b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/x509-types/COMMON new file mode 100644 index 0000000..3e9b633 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/x509-types/COMMON @@ -0,0 +1,7 @@ +# X509 extensions added to every signed cert + +# This file is included for every cert signed, and by default does nothing. +# It could be used to add values every cert should have, such as a CDP as +# demonstrated in the following example: + +#crlDistributionPoints = URI:http://example.net/pki/my_ca.crl diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/x509-types/ca b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/x509-types/ca new file mode 100644 index 0000000..ef525b6 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/x509-types/ca @@ -0,0 +1,13 @@ +# X509 extensions for a ca + +# Note that basicConstraints will be overridden by Easy-RSA when defining a +# CA_PATH_LEN for CA path length limits. You could also do this here +# manually as in the following example in place of the existing line: +# +# basicConstraints = CA:TRUE, pathlen:1 + +basicConstraints = CA:TRUE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +keyUsage = cRLSign, keyCertSign + diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/x509-types/client b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/x509-types/client new file mode 100644 index 0000000..a7d81af --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/x509-types/client @@ -0,0 +1,8 @@ +# X509 extensions for a client + +basicConstraints = CA:FALSE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer:always +extendedKeyUsage = clientAuth +keyUsage = digitalSignature + diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/x509-types/code-signing b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/x509-types/code-signing new file mode 100644 index 0000000..05de2a5 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/x509-types/code-signing @@ -0,0 +1,8 @@ +# X509 extensions for a client + +basicConstraints = CA:FALSE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer:always +extendedKeyUsage = codeSigning +keyUsage = digitalSignature + diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/x509-types/server b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/x509-types/server new file mode 100644 index 0000000..bc024be --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/x509-types/server @@ -0,0 +1,8 @@ +# X509 extensions for a server + +basicConstraints = CA:FALSE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer:always +extendedKeyUsage = serverAuth +keyUsage = digitalSignature,keyEncipherment + diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/x509-types/serverClient b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/x509-types/serverClient new file mode 100644 index 0000000..774fe51 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/server/easy-rsa/x509-types/serverClient @@ -0,0 +1,8 @@ +# X509 extensions for a client/server + +basicConstraints = CA:FALSE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer:always +extendedKeyUsage = serverAuth,clientAuth +keyUsage = digitalSignature,keyEncipherment +