From 18bf468e70d5e9d52eb1d5fcbe3b5edf9dacf0e6 Mon Sep 17 00:00:00 2001 From: dennison Date: Wed, 2 Mar 2022 14:26:50 -0800 Subject: [PATCH] Allow configuration of ServerName used by peer clients to prevent use of static IP SANs --- Makefile | 11 ++-- README.md | 2 +- certs/ca.cert | 29 ++++++++++ certs/ca.key | 98 ++++++++++++++++----------------- certs/ca.pem | 50 ++++++++--------- certs/ca.srl | 1 - certs/client-auth-ca.key | 56 +++++++++---------- certs/client-auth-ca.pem | 28 +++++----- certs/client-auth-ca.srl | 1 - certs/client-auth.key | 50 ++++++++--------- certs/client-auth.pem | 28 +++++----- certs/client-auth.req | 24 ++++---- certs/gubernator.csr | 46 ++++++++-------- certs/gubernator.key | 98 ++++++++++++++++----------------- certs/gubernator.pem | 58 +++++++++---------- certs/gubernator_no_ip_san.conf | 15 +++++ certs/gubernator_no_ip_san.csr | 28 ++++++++++ certs/gubernator_no_ip_san.key | 51 +++++++++++++++++ certs/gubernator_no_ip_san.pem | 30 ++++++++++ cli-tls.conf | 2 +- config.go | 1 + example.conf | 4 ++ tls.go | 4 ++ tls_test.go | 25 ++++++--- 24 files changed, 456 insertions(+), 284 deletions(-) create mode 100644 certs/ca.cert delete mode 100644 certs/ca.srl delete mode 100644 certs/client-auth-ca.srl create mode 100644 certs/gubernator_no_ip_san.conf create mode 100644 certs/gubernator_no_ip_san.csr create mode 100644 certs/gubernator_no_ip_san.key create mode 100644 certs/gubernator_no_ip_san.pem diff --git a/Makefile b/Makefile index 249a5a86..1da868ea 100644 --- a/Makefile +++ b/Makefile @@ -28,15 +28,18 @@ proto: .PHONY: certs certs: - rm certs/*.key certs/*.srl certs/*.csr certs/*.pem + rm certs/*.key || rm certs/*.srl || rm certs/*.csr || rm certs/*.pem || rm certs/*.cert || true openssl genrsa -out certs/ca.key 4096 openssl req -new -x509 -key certs/ca.key -sha256 -subj "/C=US/ST=TX/O=Mailgun Technologies, Inc." -days 3650 -out certs/ca.cert openssl genrsa -out certs/gubernator.key 4096 openssl req -new -key certs/gubernator.key -out certs/gubernator.csr -config certs/gubernator.conf - openssl x509 -req -in certs/gubernator.csr -CA certs/ca.cert -CAkey certs/ca.key -CAcreateserial -out certs/gubernator.pem -days 3650 -sha256 -extfile certs/gubernator.conf -extensions req_ext + openssl x509 -req -in certs/gubernator.csr -CA certs/ca.cert -CAkey certs/ca.key -set_serial 1 -out certs/gubernator.pem -days 3650 -sha256 -extfile certs/gubernator.conf -extensions req_ext + openssl genrsa -out certs/gubernator_no_ip_san.key 4096 + openssl req -new -key certs/gubernator_no_ip_san.key -out certs/gubernator_no_ip_san.csr -config certs/gubernator_no_ip_san.conf + openssl x509 -req -in certs/gubernator_no_ip_san.csr -CA certs/ca.cert -CAkey certs/ca.key -set_serial 2 -out certs/gubernator_no_ip_san.pem -days 3650 -sha256 -extfile certs/gubernator_no_ip_san.conf -extensions req_ext # Client Auth openssl req -new -x509 -days 3650 -keyout certs/client-auth-ca.key -out certs/client-auth-ca.pem -subj "/C=TX/ST=TX/O=Mailgun Technologies, Inc./CN=mailgun.com/emailAddress=admin@mailgun.com" -passout pass:test openssl genrsa -out certs/client-auth.key 2048 openssl req -sha1 -key certs/client-auth.key -new -out certs/client-auth.req -subj "/C=US/ST=TX/O=Mailgun Technologies, Inc./CN=client.com/emailAddress=admin@mailgun.com" - openssl x509 -req -days 3650 -in certs/client-auth.req -CA certs/client-auth-ca.pem -CAkey certs/client-auth-ca.key -passin pass:test -out certs/client-auth.pem - openssl x509 -extfile certs/client-auth.conf -extensions ssl_client -req -days 3650 -in certs/client-auth.req -CA certs/client-auth-ca.pem -CAkey certs/client-auth-ca.key -passin pass:test -out certs/client-auth.pem + openssl x509 -req -days 3650 -in certs/client-auth.req -CA certs/client-auth-ca.pem -CAkey certs/client-auth-ca.key -set_serial 3 -passin pass:test -out certs/client-auth.pem + openssl x509 -extfile certs/client-auth.conf -extensions ssl_client -req -days 3650 -in certs/client-auth.req -CA certs/client-auth-ca.pem -CAkey certs/client-auth-ca.key -set_serial 4 -passin pass:test -out certs/client-auth.pem diff --git a/README.md b/README.md index 67e605ee..451ba26f 100644 --- a/README.md +++ b/README.md @@ -317,7 +317,7 @@ self signed certs by running `docker-compose-tls.yaml` $ docker-compose -f docker-compose-tls.yaml up -d # Hit the HTTP API at localhost:9080 (GRPC is at 9081) -$ curl --cacert certs/ca.pem --cert certs/gubernator.pem --key certs/gubernator.key https://localhost:9080/v1/HealthCheck +$ curl --cacert certs/ca.cert --cert certs/gubernator.pem --key certs/gubernator.key https://localhost:9080/v1/HealthCheck ``` ### Configuration diff --git a/certs/ca.cert b/certs/ca.cert new file mode 100644 index 00000000..9fa4ef10 --- /dev/null +++ b/certs/ca.cert @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE+jCCAuICCQDB2icqR7G7cjANBgkqhkiG9w0BAQsFADA/MQswCQYDVQQGEwJV +UzELMAkGA1UECAwCVFgxIzAhBgNVBAoMGk1haWxndW4gVGVjaG5vbG9naWVzLCBJ +bmMuMB4XDTIyMDMwMjIxNDQwOFoXDTMyMDIyODIxNDQwOFowPzELMAkGA1UEBhMC +VVMxCzAJBgNVBAgMAlRYMSMwIQYDVQQKDBpNYWlsZ3VuIFRlY2hub2xvZ2llcywg +SW5jLjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKMxTP9drGoiLZR/ +SjbyywknPwsA+JTISnPYdecL8oiMwNxufHXILh2nIBahyxE47jC1G0XaH9aed59t +No5DM+aA0EEWtgMmoC/sZOy/gKSP0jBGn+O5WSSTU0a/2x1Et6zoyqjzT+pbgifA +Oqy4+MeT1ysg9cDa3VHfCadzgoLL45i4GJAEPKbjBa4HFP7DIG/6N0M695OKASOJ +bPqQWJCVIeGip06IgSscRdRp/Jc3Ji3BiaNmxKY+KiAoHtAdB82pc6RY4GVmvFPu +cSuWDM2juQalx+oCeVObOWr8lU9oIH1J0RGt0rq7IMvzMyuw2lH0Li68lNtVd6q/ +ORuyQXo8FUnp7v8qH3VUwH6OYn6fYRWR+gnzdkjsP/Ms5N1DvkDpOFRUd8iljd9L +C8bJrKR4LR3DCaQICS0LZyCe3ydfVlUU2ntvMKZkbtFPHMxsOoVBsFtUQaUr3pHJ +Gj8kxybAHjzenKmWk3TdS7QSG6qOp4oktiqUGbf6ds29iYeLKcXY5SZqh4zfRuEh +dWrJrPiyg6Q4WAU/zsW9L3q6WEg4HQj89ycUPyIW1YAwhAYGeBrFjvMzwC0WE/z4 +jUPGfna4VDCMzV9XSFL+lGHej8JBt37FoBqUtIQj7HZOTDHUnEL7ESsgvTNPEANP +VHg8zu4oLxgTBflmCgiPqLzxM+zbAgMBAAEwDQYJKoZIhvcNAQELBQADggIBAHTl +/zradXSCR8UdA6Z126nfmeiOavLiPkIpYqpJSmA1AeDjILj1VyHAHOjCtkhlX2xY +K5qEVAKsz1cSAk3OjTB9JADU8t5wvj5vRukjaEWPKhL00/bS7z9vfoYLM5QXRmMx +Eh8RpsXMiRxrk89cnCP49gS4+cONoG5vhZvDhiB8JjpufH0Qnv/r/0cic76d4/g5 +yIJKKPWcNpSiy8Wo2H3z19NpJpb7r0lKIg7ue+OksbtRxtbjxF7uehjVcMZW5ipj +rq6+Ckf1TCpPGaGJ3G730qhp7TMNuuqZ3CysCp3oGm466dcF4+GU3HdyVliMISm2 +Bm3E/3qVk4Fng9TOGYBtQ7LKlgS9gm2Dl1ji7DhhHUirTFdzTmmjEclJMftL9k+9 +hjsCtk4gXqixCM7iov6fCEUva7KXQ4mRYosug+RvC5cWPEv/7G2hLiKc2ScAgrsN +H05rBrecv+0t3x8vDd+T9ufXB016bmZC6Hoc/otg32P3WyIHogAtwSDhALiJkext +dL+68z+i+H0bkNZAff8J/0MpGi56+e0gbCoPaGc8Kxy1VPPwyOE8svBKD1AY8P9X +h1I+0vXZ9p4QGnE7sEZWZOrevWGNI1qaxEstVGgJKN4zADbAcRRU1psyRDENY+9i +myfbpRsVQJjdOMRe6lia9y8I+PzwTkHni8HeYDRG +-----END CERTIFICATE----- diff --git a/certs/ca.key b/certs/ca.key index b329a0d2..57ec1af3 100644 --- a/certs/ca.key +++ b/certs/ca.key @@ -1,51 +1,51 @@ -----BEGIN RSA PRIVATE KEY----- -MIIJKQIBAAKCAgEAvv4lHiIN5r+D5Ih6g0EQEo3ZB3P/GPdXZCJlybrgXssbn+OD -mcU42Iq25IzF+Dq65SRZvg+ZGI59uXmh4T0eyyBY1JjQAb+7PpXWU+GYcFIEOMDR -6IHOG2KLURYgmGL9AcgFP38ZOYRFczZMwpK7JfLDbFPjZkjhcGhnzBLPF4y3xA75 -E0cseJ6OA8reEKzhxVXoECqnLnlcZTbltlLmc4EI7tE2dAgvZoIx6K5tpR+6aOem -0gz/YwniJdj5mHnNL5bEMtlESzFEn8txp8iTgsKgfSI+2IRkVA+zg7hpq50+m4Dv -P6qmZ+e92ovMCiC89y5Oua11n5DJQeeo0wf/B8BTkphJ9TYNcvZJybB+YGemBT7G -AwyxM0kcO2Bl8SH6FDrglXgQpYCJGVdOnGBqfQir288Rvt3Q463v6gnProJLkCPM -eODKSdiPbn2tbUwo1hf4fUHiQ52bQHH15cfE5rG0lokkdqYj3WRPQ1YkYuDLY95K -MoAEx+tyaVhIRyTc/vUOCif4QOG/o1IMcyfj15Z4NBHLBNnUuR3uC4Yv1tq68ZmI -ZxZTjStCogd7sAJOefJKA/AhHdYSlwfW70tVSy2w9+y8QlPErT4C4386KVyW1jUh -JXb8vpRzipx7Z/3vQneFGEef2V16I6EWm4UEJGoX3QGIF7ZWd25mrdEFZfMCAwEA -AQKCAgBCSP/m0ljSwZrrwLYMQZNrbRFqdcaOCqGo3gtHlPTz0TfYKOTuhDUzagkJ -jxXSDcf5aMFApjcy/5kAuwcEnerHAoXx2ssuIDXDBcuptvzp1n0imUEAmbRHas8B -KFXNrWUzrhCsNdcyUAaucqT3TmdnRzatrPuZ7ydWlNWZTNnUyYCpqaymFSiJADY3 -eLvTO7zreOIeYj89cN8xPXlB6smSQrEv+SoV4RVaVUsu/wKMsVNHv0X1Vo939uEm -04PkeDlPD9st7pu2IPY5Iylh2snfMt7yLuVyzZfoWL6rs1/xMJSe8YOXLAmuvA33 -AFejGDOc8dReuqW86EoA9n5wJzFKDIHI4lo1gThULKaP4bUORr20KY+txxUMCf5+ -zkzuFfaPMB5AVvj6w6tbw2XRYlyC3Kq3WkmwYWel0vvnLUrDn6x0PdI39tdQqJmQ -Eh4HEWfm8fV6evPx+DH8wus1p6Ke8ITbJ6AIB200Ju5D4ZNgY00K1Jyh3uvnIwDe -VHSr9znaRreHQiOfU81c4hI7ktZV8g5uAOToGGINSz0GkhQ6/yQJpqQvhT3eQvVa -mVKVM+8CQsZKw4xtd1hc33GFoN7Tt5MkpNGJkdD4aR2zFXfLuangV0xBgl43q8j5 -pmi7rDwsvUifra47Dhz9Wdm4i2mUKiR7NNhZ6yljYqNZu4MkYQKCAQEA7bZi8GhE -tRiciou3T3I7/z/iZIIWuSi011Gfl9bR4UfzVLK7KDR2ZcHufwWWrkk03jL0nj0f -UalTOFNnthOXbyW1aq+TTHI15n2nK56tSKzHqDe13kTbxuq0jEXA4dFT3m+oj4LC -KupZYdXVA5100kYbqIRfaxvFAVTXt05IEcIbbYOo4/IrXXKw4OOGnzojc7l8zNKB -zmF7sfz+HBk5aQoujiEpi8mcHq8UyyektBSO2VN/Y7DvytfUrjYHMbs7345N93xk -Re2/AifTa+T/PYL1XPRLjhL2zoh9z5cc/XHan514Lxj9JGBTeshRB09l1a4KT9us -OIiriE3J6zj54wKCAQEAza+j67F5RQBv8Tt7lB/T6apYB9EmXGScZOjR3fgvappd -9lvy8nXu64b2dF25Gh5AcVzGrKM0jeYXEJOJcC1lu4wwFGBUSP+bM1YC7omwUacG -Xjwy3EE56m6I+7E9ndBLD3boDKmCPoAIzBh96aMDGKsCEkejBuOEp41UVyovvkyK -ig17JSyvKDPc2YF2JpA8TAZgkRohoKXQMp18CnGXEcjLTFkF8mLqAVv3lwJy+5xM -TM8+A4+xvmc/pTm06wiogbsdCCUb/7JqhjTazXvvxOfB/e4D9quPoc3cPbLTSq+d -jzQGt604lFuPlInk6UJw8cHEc9ehn44KbroyJT7gsQKCAQEAyCZSZhOVDlpbrDf5 -r7YCmGek6nWyRlLk+YsrckCZVTMsyfr3pOGPcxx4AJGnDrZrAlArMXVLgomsnXd0 -kpUqY5Z/iwWsY6iig6D2+b5QLynzrkrCIhUea/1A6f7tafXDxT2E0tkJPfM2MS9H -fRS9wTLwpNJYOSoXlYhnXVtXSUSDrZE2yj8kjjk8fw50Ums0YIMkdp0kWK4x5Wqc -VvJSKYQ+MMPxZFbr0dYfDvMhNdM9d/VbBIh9TvCtjcXGBvScdB4wvZoKH+sPcfQw -it80ngk/KPY1C7oh/0JjlD+rVCbiKpT/FcDXnCJTB8XUm/AZUXKKEjVna+5/Z3P/ -+MNvewKCAQEAwQqLSfWy3zPd3AX7obWNacxZ+lwtKKG0tnBcJ3t65Q4kCceaaDyP -E7YDMIuV4hFqYfq06+nwtQyxsPkHEKVKyY50wWr3L9vViYS8E6xeMwQTUfYltdnx -xTggkDh0n9yR1d2/Q8MDXi1EFGkYI2K+0TQOKaHaO+jk42wdMAGD9ZJYo+CrJuSd -L5odOHXssZzFOoTxtL1VujRlBlwPwq2BH0vYobsbfbWf8c6ivLOrvsGeSqhmh2kh -ZJX6gdN7HOtvWvKF+NL7SCvnFjYc9KXRDniE9RGh3qx9jVprzew7qejQc0pc055b -b8HPK5WPpeyZnAxDmIVURy9EU0+lKJeuwQKCAQBWtlQNdCfpOCSBDCZQ7y2Igbv9 -hYCK4+1KaqnGVCvd1XrVLzykCIlyCbMDum3Aiv4jMPFg+jtbEE8q5L6OD6bRIbdU -l7jQdGiCPcfp/aezb71scMC/YdYwDAuYkfDKylxfdvalqepvQ952HzbFv6qSW0nU -NpVwrgE3ZkFYzu2fV9u4mubkxb4FOYAlVyOnX+VVjUwBFD6MpUG3sTPjfj0Tgd1m -BKueLwgfbQJa6i+TnCq+PEAFXlYfkC/gyuXbCgynFao2tBpJzIXPJj+lNascXeNT -6PahNZ1mElSNYyEA4INVDjUGpGPVnkBRkmUIodfwzGrIheRR3khOl2MPf+8z +MIIJKQIBAAKCAgEAozFM/12saiItlH9KNvLLCSc/CwD4lMhKc9h15wvyiIzA3G58 +dcguHacgFqHLETjuMLUbRdof1p53n202jkMz5oDQQRa2AyagL+xk7L+ApI/SMEaf +47lZJJNTRr/bHUS3rOjKqPNP6luCJ8A6rLj4x5PXKyD1wNrdUd8Jp3OCgsvjmLgY +kAQ8puMFrgcU/sMgb/o3Qzr3k4oBI4ls+pBYkJUh4aKnToiBKxxF1Gn8lzcmLcGJ +o2bEpj4qICge0B0HzalzpFjgZWa8U+5xK5YMzaO5BqXH6gJ5U5s5avyVT2ggfUnR +Ea3Sursgy/MzK7DaUfQuLryU21V3qr85G7JBejwVSenu/yofdVTAfo5ifp9hFZH6 +CfN2SOw/8yzk3UO+QOk4VFR3yKWN30sLxsmspHgtHcMJpAgJLQtnIJ7fJ19WVRTa +e28wpmRu0U8czGw6hUGwW1RBpSvekckaPyTHJsAePN6cqZaTdN1LtBIbqo6niiS2 +KpQZt/p2zb2Jh4spxdjlJmqHjN9G4SF1asms+LKDpDhYBT/Oxb0verpYSDgdCPz3 +JxQ/IhbVgDCEBgZ4GsWO8zPALRYT/PiNQ8Z+drhUMIzNX1dIUv6UYd6PwkG3fsWg +GpS0hCPsdk5MMdScQvsRKyC9M08QA09UeDzO7igvGBMF+WYKCI+ovPEz7NsCAwEA +AQKCAgEAoB9PnYEcG0dN0dbTyvaPoXuQsAtT3ShpZSGPDhT69GCnG6KNHEQ+e3nw +UkSOK2fgzonlKLTNaJg0Z4mRbiUiV5ksvbC7Bnxv0JXysRl18AHuCtBBMgA7J1gm +7dRx+lXioxYHQ575WspO+xHygGc+MxUsmnTMrV4SqrJdlqAP/qZvuvlnoGeH23gF +qqvoPdDXkwfAEYdaRLm0RFojQ/c97x9lDy+5WaU2mEY1fiZAYV8LZvnvQxUi/rsg +Ok0jbrANaA5MGYXbJ6OWRgQ/prSj+2IZuhwP+9xRj2dO/1q2ZiOVPVmgeehETFQv +6e3G16e/j4o3hkQjCtLhh/f44OQWuXdzPlR306hRhKIEIJTkwn047bBuITJz+EaE +eMA7exiwCGNlsS2E/0Id9ER61zQApEyHEYZ81VAoSRDwsqR+dpp0jrE8av0HkA+e +L4o9n49wkMP7Qe20NeMKLACRlZI+lyVyrPDUxBvEbUMqj7nrJgFQ/cpg5THEMVfh +BNII4T90jJaRmPunmoObpwq2BvBonB8KB2myP4qOcMCmJBpEyOtxAUXvc8Ao5p+I +ybZ7WcXmChIK11miHmJPdeRbaMYZ8aIIw25ESaKKqWpQKXHvfPd+oIap3YPOp4ov +N9GPIClhvbwyRS4pSX+TP1d2WPAAfh99sN96MGStdgla+a+bH4ECggEBANde++Po +eSgrWDo1xZpXtRSSg6ZdypiaOqiWGRwSDNRJ0BolDTC+NrDiMGSiDJsMC70iwTLw +YSsAlPvfXHr7WmJdu9cm/EfVWB8ybmHFc7qvycYCA8Em98qj9UzAeCm9uHWDnYXe +GMXl2ZbCnymxHkdRddtcWB0tcaYRcyCfpVgFGtydKNUhkFiSEYupnzN+6QFjCypE +V9BAy0/5vqXxBd1RKvmPDpd/PwJ2EBpTH77dhvXUoteH/BU1KcN/wKvJNWlkIHyY +l27jp69WwrA1yRuNbduZNuszqHgzDMeyHh8hQmF+qqyid2iwDtgNfogEmP83i2BZ +s0l8wBOoBf6HpH0CggEBAMH6cCJ5Rh5XjrnQdfiruKeNfdGC02KsfqYGeIa16gZv +6fKgSSpC2deCIIbOg4jKquVKUlE8YAx/aqveYWN0msJTNCFPwvQyjQwrgo0bDLbU +DBshrLPR+/QdcRCl3wsCIcZUOi5g+XfJR2timM6z7X65pFMqXoZM5DAD6PbtX7bY +sU+azIwo8JH0yM7RI6eSNR2UX8aygIqyn3hkqSjxNxROtwC6e0iYPX8Rf8JYU8VH +lGqOhDEvn8FvtDwuhNFx9bcrR5RY/kc4u+otrrcCtk17sbqoiWmAr35H9YeX54hg +B62zXTolV0lPVY/XgNjOOcUrdikK3XYOKgKHGqfvzjcCggEAUTCrgLVoxy3f6sHO +pmqeBw1ct+DvuSubJWbAPIbJc1YIL3L8T/3FHFWIrMcyPVkDK9/oOU3JM67ae0Eu +2eXbou13HJrDzEivGcOnPRB0mlIenJix1aTdEPVSSgbcxc+RtCtTvN2HNUN7DYx8 +9/ifU39wEKv1Q7qX92Too8nLSS1TfQt6Ey69/cXC+4WMUJttN2qhEOQGvqlOe+3I +Y0JDVbV9n+rAM3hyxni/hU0E0K0ubYolgV7wNwZ9ogeNGLWXfw2R+aaEn/cOhdkN +N+Ru1gYw/fH6dBxbTETicn3BQTcGkT5xFPeCUGLelbAwnRIuozfLQR1Pq0puFnrn +F5cG+QKCAQAPjcxGB2Fm93BbV+rNuL9CuCa5kPrwM5KoL2akrpuITpr8uHuFZvze +ufFvvclwQ4f2gMIe/29YMTNVeqxmdCggotlQPnwMZq1Gp4p9VAjt9AzQdB/L/29r +gJzbT+GVmWMp6wELTP1T7JDMfIhyMp09hxc1D/WqYSn+66FXg2skVzXIg0oZhwLb +QTyE0OJCAog9yfLwFMoX1QDSf4fM36Kh/znPViSiioqL0NRkuf5lmDq/XJQe+Yme +0h0qojRGMxQXzuGbdJNXFKaEvYr/47jId72lkPQLwKTRxGVcrQKEveZ/uB0ml23r +U/Axa39KYybgt35vBg8B81rM/xZVFvZ7AoIBAQC4B6xWmX7dYi2PgaA89TMyyKz7 +S3opJKNvfdF+A/7CyFgtGlHu9/FnypPUcul2mAr4fr/ORZbjTBWNFAq4PkS97fWO +COXOwwyfK5djpfYrIG+IHfkHl4DI1FH0taQdXopTpIrE/0VYskeZeZ/zmliqU5bb +9dohYz7kCwn4DKn44JYVgFz5lB90lURPx9ahxFIHtmkwZrp86K/SF0NiVmcUnmLB +PCRryQBfI/iYAp1pk18QXbVOxS0qFuE8lqOSXlabJcV2tG3d0A3OfRBknzs7CwHH +EpeZW+SXA9OH1vY3ZhC/AKqYW+/m+NCT11qsFty5nrwyQRPDvypSEGQ5po2l -----END RSA PRIVATE KEY----- diff --git a/certs/ca.pem b/certs/ca.pem index b897751e..96a21836 100644 --- a/certs/ca.pem +++ b/certs/ca.pem @@ -1,29 +1,29 @@ -----BEGIN CERTIFICATE----- -MIIE+jCCAuICCQD4067NpJ3JHjANBgkqhkiG9w0BAQsFADA/MQswCQYDVQQGEwJV +MIIE+jCCAuICCQCAJPaQbOxgajANBgkqhkiG9w0BAQsFADA/MQswCQYDVQQGEwJV UzELMAkGA1UECAwCVFgxIzAhBgNVBAoMGk1haWxndW4gVGVjaG5vbG9naWVzLCBJ -bmMuMB4XDTIwMTAyNjIxMjkwMloXDTMwMTAyNDIxMjkwMlowPzELMAkGA1UEBhMC +bmMuMB4XDTIyMDMwMjIxMzM0MFoXDTMyMDIyODIxMzM0MFowPzELMAkGA1UEBhMC VVMxCzAJBgNVBAgMAlRYMSMwIQYDVQQKDBpNYWlsZ3VuIFRlY2hub2xvZ2llcywg -SW5jLjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL7+JR4iDea/g+SI -eoNBEBKN2Qdz/xj3V2QiZcm64F7LG5/jg5nFONiKtuSMxfg6uuUkWb4PmRiOfbl5 -oeE9HssgWNSY0AG/uz6V1lPhmHBSBDjA0eiBzhtii1EWIJhi/QHIBT9/GTmERXM2 -TMKSuyXyw2xT42ZI4XBoZ8wSzxeMt8QO+RNHLHiejgPK3hCs4cVV6BAqpy55XGU2 -5bZS5nOBCO7RNnQIL2aCMeiubaUfumjnptIM/2MJ4iXY+Zh5zS+WxDLZREsxRJ/L -cafIk4LCoH0iPtiEZFQPs4O4aaudPpuA7z+qpmfnvdqLzAogvPcuTrmtdZ+QyUHn -qNMH/wfAU5KYSfU2DXL2ScmwfmBnpgU+xgMMsTNJHDtgZfEh+hQ64JV4EKWAiRlX -Tpxgan0Iq9vPEb7d0OOt7+oJz66CS5AjzHjgyknYj259rW1MKNYX+H1B4kOdm0Bx -9eXHxOaxtJaJJHamI91kT0NWJGLgy2PeSjKABMfrcmlYSEck3P71Dgon+EDhv6NS -DHMn49eWeDQRywTZ1Lkd7guGL9bauvGZiGcWU40rQqIHe7ACTnnySgPwIR3WEpcH -1u9LVUstsPfsvEJTxK0+AuN/OilcltY1ISV2/L6Uc4qce2f970J3hRhHn9ldeiOh -FpuFBCRqF90BiBe2VnduZq3RBWXzAgMBAAEwDQYJKoZIhvcNAQELBQADggIBAGU4 -V3YItAgFN8hp+ipVBmwz2Fi/ui+/RBuz11zhpYg3V1BZIcsHt1QaWhwfOydipeiW -jScQ2fu0nawJlpM275R63xeJcNlp1qR0cbKFP5u7V5EOLIcwpOACKZ9rJUS3IrQ1 -yxdaM/jlh4y3wckiCC4+vnXtWa4EX5/euDlBU9hEJxHhwojEbgd1W91tGjkzv/t8 -UzIuxjWLMBfcVaKSiFOg8fBZttDiI578/rTz560+wtxwxgriK0ZZU01W9do9x+Yl -tHToZvIB6vwfALWGhiVSNv5X5l40akRFRHuIOZqrRrP+3Avhq6QReYeaeI4C7eCw -aNaDIEj9+5b/N7CkHwgI5gaogQtx4brgDOF+bw1+1bvQ3LCG1f12AKX2E+YEpr/w -/lv96VFPnmktadnCGgzwiN3poEBz6seEtRWqFWD2yBySy5CSuhmo0MOGuYgyn2/2 -nYjB0oWyT7dlanqtv+N4xdV+0EqqQANfnHBd4AUOZiDcQPXpygn1JsGr29VxTxh4 -xN8rgcHEiDYRw78MHLxAXM5C8mhqLeQxGYHsILwAGeFFGmFMontiEnrKdSUqEgZ2 -W1yl0ZPehOLoen1aheAem5gvFV5AMB6iQqiG+CGUFeLxtHz1odpYHpR54NKKh0tj -6pitN2Yt2GIiW4REmWP91B9ngWhSXpGHlB48mbgO +SW5jLjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKnZL6a+E0LZQMwO +kE+kLsr922C6AsTZR2lHyejp09yHakOB/11UsEHp50USqqZG4ewHalnJAIbjzOak +Uj2jgqD663jtBtL8pnCAFnYqcFhTJhkuKcESkq4j9h/LfhoIqeBIN5ujiFTt3yHK +O3/m3KbZ/WbNWp7j+VvJytVzYXFvg2pSNLTs7jN0dqvSWZcjtUbEJUUb27QEP+8E +Ebn9qYh7AZePtYtU9leY4faprBN7V8dtIZs3pHqgYhgihCjASLHpmyADnv6vWsUQ +yyoDmLYZb6J2u4iaD5wOv/4zcEf2ZkgdrM7dy/GJ0/mBVM8lxWVFaLqtZbfYRDSa +hP/BGReM2e+IQ27esA6EtgI0GG6gKFKlsZjmXIpSvPfvVAXKwk9pi6u0sikRxlAW +ofhVHFvn6LXcwwroBDIS7DZ7uW/YobDOnU07W9pqQiOLCzT/vEeKcAwM6FfQtXPe +RTUYv+p7KPrR2pq/BmeyAyMogcYfE/LQQ85AA7fvxSrQUAs+V5/6wn32HoOEGWNJ +PDkOG76TSscZc8K6hdFOIKVS7jtiPOcffqXCVQJQAk1++w0Ng/TTwa3BrBJlYcfN +7/vWEIGBWxyNP9hHlFG6ZnhrTByKVIVekRDl3vvDYWGZPt9TV+r2LZ5KKGRCX52G +6akiLCkDxCLVbmfNZFEnCpdK1UzFAgMBAAEwDQYJKoZIhvcNAQELBQADggIBABST +COfhSpgFPZUTdXDArlH94X1WH5t6/kcySjTIuPZfhRjRtxoUZ2Hz36dFgGkwpiK6 +3Ce6vhFDBFGeXWU9EE2VU8C8esJ5e+I2Nl/7G/RWfDzQg18DWf6UhvpErz0G8cl2 +K7jlRTA1Z6ZpNR0sWIMPIGOnkiMoAp2YA76rmJeccFPwOuC2pCZjKQiq/2rRul/h +6Vyy6ri2TaBSbWAMEEEUe/jpq9SHVlooiCiWj0gIL/+ExvhL1sUn+iskgldDyxF3 +R4MQkaM2hsjVgv+/i63nhohpREsaQw8k2/p0ebLTztkssiWyoxWQc9BN3tiSn4ZG +iH+fVmZPFhTvpn+QzouSBWSIfcW4vShPiCr7DVbOqj3wIJEphggJ53xECOSlS6eE +i91znWta+IF/505gcQACQHRm7ZvcTqjX+2akbaE+EIX13q49cS7KCYnbMxgYyOyD +WEqqrnJADTUJGF9kTBIj/5My76HGQ7o0SA0vaqeJVoUpWvZFMK9HzYr82J8evZih +DRL8zjMrCb7tbqE8rLBcEpaS+ix/7HSW6lC9E3Qw7QVA0vNEtdam8M7SzYHjlq4I +SmKuHYPSu0gdaclK5qeHFMuC6ODwjQCV54tIOUIefPf5+ngjlIge6GIHHX71to0s +CrtOZ2aNbZekLLpFX7xcqR2VylmY72HuFvrA4QrF -----END CERTIFICATE----- diff --git a/certs/ca.srl b/certs/ca.srl deleted file mode 100644 index 84be7777..00000000 --- a/certs/ca.srl +++ /dev/null @@ -1 +0,0 @@ -A12D63448A5A6809 diff --git a/certs/client-auth-ca.key b/certs/client-auth-ca.key index 1c077645..0ff281dd 100644 --- a/certs/client-auth-ca.key +++ b/certs/client-auth-ca.key @@ -1,30 +1,30 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIFHzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIJCKFdsqSX+sCAggA -MB0GCWCGSAFlAwQBKgQQhfE6viFG/7MEMoDHe0N5agSCBNAv5UKv5KIAbN7bu+3Q -vQaSQqFtEjWHZ0op7MtwtYrZdRMU3RYGkaXEqBNPImD5Z7tP7qPIDDh9VRVgHk6K -tQFRmr/xqsUTmsz74VGfieyxl92+IEhUaIaBgIcW7TStoQpVV+mHBi1hfvGpecmU -VbEwM8ToYlqHxGvoK6AAANP3bOezGlv4DqNI87gVlp2ujctnKZ8dY007WrsiUCVI -GjT179kN6oiRxKKRehsrVgY9WusM5sM2lNTbwY+G7r/u3Hk8wkfIB0Iin3k8QwV7 -OpYaWkbxrRCDsAOvmc6xQhUjJjjtAn/EKcpstvfxpXyTSJHpK76GoHkBN2WOvgcf -LinOYkld+Zx/fOVDjuESqMCvPypPb3n2i45rZ8pVCc6jk2/JaZWE8ldFDmxvp04A -NX3sb0+THMOfejgSNBPeNUXcqjI2vbY3thdkzf+IvxOk2LIj1mHGratAcBW9MPqE -nUKkY4OApt8fKb27xL5g6YXf5HoMHckEcB9krmDfWte/qtXmHl6ZUv/EqpQsrIvz -yTpTJ4DxlnalWv9Wp65juZxAJbaDYArqTyttnDIvNbTQ5Bm3l1iGa2CJnEITUbF1 -huQ4lxJmyrZnS+5ki76McTCo6ND/3vqeyCbc/uIftbCxefoUxFA0O3ZGwK7EZUOH -d3nVT/+XH8ivmZ5MDPA9qiqAtUdvPh87QPzeIGgw91xiHcjOnEcJlnxPaFqLWx2F -Me0UwAXjmQgmjegL23+NQLPRh5mXwmgawAbyH0Cm0WhCumBeEmonXlmm37OXz0GX -zi3uLmxvY0jnk37+oqUDbKw0v5xI3tar2BDl/+/Q4PgC4mLWFFWrGT4Fho4yYSr6 -7eKLahPl1a1jk+7OvWivct8QkbXVXDZHz6/HVbIi+OwwVeyEexH0DCzIvgqXSHSJ -pkEQCHoyP+vYcpLeRbT37OLuPY9MQckW8a+EcGUDn5dJxsHKTUSdn05ILk8g71t2 -qag6BO0P6XJvPAJo4QyB2Om2PpoeEjbaT6rtjoT4tkYbD3/v59UNEYpnJR3knYTw -HEsieTXTGLV0D3iojiwU2G5dcndJUxmRMexCwPgMJw0spb35mUbuKKqYcSrZ1K0m -RSFeT9/RCVVzbul91IUARPVaUyE1FzyN1RALgL84HKVPwMsfOjaXkvAIvvNYT1Ag -sFRYRYpu/aEClZNGaRrbu1jmbew1wHeD70b1iy8GjRhFz70igT+H3i0bVHEM/6uq -VRMLR7LsfXlVgelyvWrI3p6yjKEGwgVNdWQM7FbbPGZOUcwFDlgTqzr551szQm4Z -eRUN5KMcxMlmkIL1enMsVMG0MVi6o1ecF7qoJY+GSgoVEVYyYMFj+FBq0+jZfQPK -YQsFB4hyQgUQiZE8fkOXjXVp+cdZtLcehHSfHtiJruPcWPDhijs1A9VD2vIDRgfv -VU75JTWc/S/FwwfmhYE1R59XZd5avhUETq7uY16fhYROYVKSPUStPHDnjOL4vJag -KBtObke1WbprPMINj9qxTSRddVRp15BlDSry492k/fMdcaxnpPQ5LTm4dkx4hkKc -G3iPHtTMc5rtzdCzuaDZKYuCqK5xAHXLLUXJyN/44jWaS470c7FCzwGlfGmYbgYo -PeD0sov0pRLf1E9XTqzqfu8sYg== +MIIFHzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQI/2GU+x1iW6wCAggA +MB0GCWCGSAFlAwQBKgQQLvmM7reT65QOjKgAjcdrPgSCBNDvT8WR6aYUAmo+wTO4 +IA5G2tMuAEupBFc4RDQJbCA8mLNcERXF+T/cD1vCqAcYDJL523mflrzJS7FflWpN +pVgEHOwcvhp96gPyiUyoJXeH9BsQEGtee5NEPw0aOUAlS6OVAGd3L2e7xM1JjMPL +rvlv16+qYVZniy5EAOvLgNa0eJyNd3bKolIqWedDMUWN7qFBik5oJdUmZ2WBMxFJ +2EgbNPV12FtZth1swYHDRcjAycz1O0HC7ymNbTsG3fGroh5kC6DrGOnMyPFbTel8 +FV9M0gu9ZCh20gUj/mI736n9SMXBWllGChITsGgaGaSn5H6sVuJ3Y09otHCRTzkA +u5li+QsCjlkkguUhBfT/x6RLVgMe0jNcg2vdVYl4LEcD3VkHbZc7AU2ufdhACg+m +PmRrTcd9oeDJ81PToHocPJ7CAkB+DIWO6MQ9MCK03rTduVW7auguxji5vP3l9kna +mSTfCy03IMHN4T4tP8uhcTx5Br2WKTHO2uafiH/ns4rhWet/Sy+GWA3VGXBcLzF0 +Lh7E+repWELgilLwmSSVH098KD6PwNBCGwCcFRDSI2sZCAYjE/CchIVi0d5vr9FD +YHTzP/7eO5nWs0DpCV1hogWv41d4ZPSI7YC7bxn2Q+kPlkuYGaLTiV0LQbMdWDBJ +35Px5dir5kw1c9Q4pq4FL9vDgUjesSUE848hspeJfIxHFenUE9vxk85UVShI0RV0 +MWjwqxPWczoHsJpGtaPFfrVcZ//SPFklrpEcoRABDS4jweCH+qcdu+Ngr2+GYsU6 +euOMn2u5F5rDY2ZTOimdNJugux9TnW4HjQPg2cZ9wtMX4nF9XEV1Cfqv4fbMDAsF +zB4+D4btwCPqGRwpdwJ7BjwbuEMRVXIBfZ6rTjxt3j3VBV6N8+pXO6kVyYLN8JsZ +LKPR5BYcA4ZnMWD+saoyVY0XqMLyR+Oz6WC8Z9P6VK9B0+fZL5F4CwzfGyOwu2oK +6elGtPSki7GmoFa2SogHItl33NX4/77oDhkNF4dv3Ud14el3aU9YM6m8kJWLBdtM +q4m3JiNGGFxHpMDiSWcPW8IpDAYyCpJfz1TNst+Dtc1C1g99d8s5OarlxmTOteKF +394bjTBg78LKSN+TLnA/cBbjjGvOVB0NBQ7MpZvP3aRDYLVlcAwsWD67E7RxJ/Pm +1YVaomCgoUPwEANKC1GmDjQaHiVMeTzYKkdEjr15azZBYvWp+d0SNwhMqPqOPaEH +EAvf5nYjTsfdWrg0YwJBDfA0VcF8keFfasLGZum474asa3fE34Kth0mOkH+2yWyI +efKInb2GF40cc5pbzJxFu10krjuHJVFj32VhVmmlwhaPw8say0vH6V8PLHWVWRD+ +oYZ41W8KxJ1CkeZSPlWSViqXBlBclqvGxRSPqKvtQLgofBxo284SnpoK9frD1iUW +2vkgw3lVcqQcB78CtRJ4wb9kYiGBZwakZSusOwuUz0yO+GxrDDAPQV+z+5gJ++Xr +9lrbOYMmx5Z9ohY0PUM1us2QckfHGxxB1qZrsDEDsLI4I5jfTIWn6S/97RUvL/vp +UpYktJhzcarEcteTivNadX7oUGGjua29KuawT0L90FHsvLoEZeIlTyBYSy5PFHgf +BEPXVS2yS0ucXm7l31aJrGwOog== -----END ENCRYPTED PRIVATE KEY----- diff --git a/certs/client-auth-ca.pem b/certs/client-auth-ca.pem index db3e9de6..46fcd1c8 100644 --- a/certs/client-auth-ca.pem +++ b/certs/client-auth-ca.pem @@ -1,21 +1,21 @@ -----BEGIN CERTIFICATE----- -MIIDajCCAlICCQD4bLevNK0t4TANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQGEwJU +MIIDajCCAlICCQD4h1sg3O01MDANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQGEwJU WDELMAkGA1UECAwCVFgxIzAhBgNVBAoMGk1haWxndW4gVGVjaG5vbG9naWVzLCBJ bmMuMRQwEgYDVQQDDAttYWlsZ3VuLmNvbTEgMB4GCSqGSIb3DQEJARYRYWRtaW5A -bWFpbGd1bi5jb20wHhcNMjAxMDI5MTY1OTA1WhcNMzAxMDI3MTY1OTA1WjB3MQsw +bWFpbGd1bi5jb20wHhcNMjIwMzAyMjE0NDExWhcNMzIwMjI4MjE0NDExWjB3MQsw CQYDVQQGEwJUWDELMAkGA1UECAwCVFgxIzAhBgNVBAoMGk1haWxndW4gVGVjaG5v bG9naWVzLCBJbmMuMRQwEgYDVQQDDAttYWlsZ3VuLmNvbTEgMB4GCSqGSIb3DQEJ ARYRYWRtaW5AbWFpbGd1bi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQDFC/R6UkS7kZhOHevochs6pLrCcfsF/fPXc9HESlLbBlrJRvM3snvAKaO0 -GDZwrwRjvcV4RQDnblDuWRTLMODFfQVT95Y0M5vRd/mwj6AIlMjP0+RkWXXyzeYm -V1hU/I3OlIWfzLQ3JistIHQ9Yai8x0GnXsM70nRQlgE8+582FKaUzyBARXDS2N45 -+Nck+7TyHKhxE/1Qpcj1r/Y3mUScDGEUZWhMAYI5mpoaZ9tVIGODsZeIj01PGQMg -xkWYrI+l/+fIUZF1kZOMOvBg/Zq4/zIkjBKYm+UlmJ4sev8AwIlxmYT4UsI9O05k -gBsLg0mNji14wYkFIFjqCHJ7LAVbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAEdf -AGOHroICT4b0bPDK2XZTtl6wbCvrPeuwCCJho6ODi19we2FOIbPwoGeJAE40L0S/ -fJP+GBg22uUtF4nvEXrRhIKhQeQx7a6dg0ovVfmhTbVJEhCxfaY7mp9sCqEPV1Up -NqHYFp9dgBho7kakTODSfqw2WCyl1E3zOAa9ALOF/ynSor9IZeaD/ZrHe3kyYqwY -Hanzq/MXIztBNBSZE1xf18DVPDDw9vfSS9KY3RKw8bHRczpd2CMNZ/Ma5cbgwehv -gRdbBWum36a9SDUiK2LnjgJ8a2GWg+FuE2Mdzo2xoIr+Ennj9F6E5ZfZs5sueiSO -H8l75DteSnn4+9lbPCE= +AoIBAQCtfCzUrC0WkfYzBX/hC3+mPLnlu8C3icGEvDidHBWCcOsvqZV9kqqme0PZ +HsZCEz29mHd5570rhyUd/bihluAm6cv5DsDHHHVL304VnYOpYk9T+XEQjX5gOWnu +lZdmlPm+iHMVIWHN0eMVRc/qwqjdtc501fk7vYgNTjvi8INPcYI8N4+BsFEshM1a +SEPIMSYAJsJKFsJTquVyfLvxsc+uL2Zi8D+GcivTscQWzCetRcM5MgZCKt7uEoss +UfNvl9TGQE07yCIkk9UnVM/z4GZ9nnpLtfYLl6b1+0BAzqOa05iT73AdNBdih8PT +BM8zR30yNXNiwdsOhGoJKfp1vyeZAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAEBg +wI0VFf4dYhqjIDnJ5IUnFuGe0nISerrbBLDFXVMA1A2s32E9Mhun3nUicW0fXyVP +8sRIvir1Z32o+tHEWg05qPXgk0LSNbcoq1pMBuKix6t8pBFDcevlC/oonAeunWMI +FZXnpxYhKjyOPg5KvqhqQqbqSvtcIGyy/dbgOrn+h4VxsIz11vUNDTwnlK9ZXi4d +mTjfUGhtoC0h6Y3jc7soBR0SzkR9abpjHhseN4Q4L7Pds/iEYNKz4gLOGceDIy0B +873VJ8XNSHOP7/6/8MM+DIFe4Z72Mx2z0fDuXj3saQ2CJdkhIGvgTlxmU2BUdHdi +q8gOQQ5/9b901pI1tgs= -----END CERTIFICATE----- diff --git a/certs/client-auth-ca.srl b/certs/client-auth-ca.srl deleted file mode 100644 index 9e22bcb8..00000000 --- a/certs/client-auth-ca.srl +++ /dev/null @@ -1 +0,0 @@ -02 diff --git a/certs/client-auth.key b/certs/client-auth.key index cc77e64a..ef0e99a1 100644 --- a/certs/client-auth.key +++ b/certs/client-auth.key @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAuFF5DAhUZG0SGRkn4Mp2JmQRD670Fxoo41lHfG8LlxymuXAi -LKux/vblNd6DA4SF+tZ4nje00wSO0rlAM0OF4zoiz3bBSTw2XVsXkaW0GsWuCyEj -1UvRmWoKScANKchOuHmiLgQkoOkGs47iGv6Lsl+ffBKe3TRLqu4iT7uXRYYtbDVd -CTd9dCRu29+XMGKJ1ns2L6IH/KCenK1kIzBDWGvA4XcHFrjdm0zFr936wPbN6aRI -/RTlZEhuuMRYU5r37I4Mabe/IfG0GTaihSwD3pasKbxlrivha/g50jmQDoueyWsN -qgcKdCiu8fqWOS2XdPxQBgqA+WyPqq+Mb24ZCwIDAQABAoIBAElo+aMXNjWBU3H3 -mPBo8sG7nSf38HO7EYnrJxOiTqVy3dyBkrrj71KzFvtrkha2k34iKYwqd7SL3i6D -ZdSFEjA8GV0z2SvH9YcdHrf9nUwEa5s3KcRsHCDUISDaguOfSesjVrqpH8WOygJ9 -6AQEWbNDbovGBsvnZjPAAJ5tAoTHi/R3N1koRlqTfGnsVouQLq5YsFQxqs5/V7dH -s/F2hIn5021IVrWs4Olt+94Oavs6JBIMPm0PdmixikkhUF9Y3J58yd3/tkCHJpx/ -GymgMj0sl7KmNF+Jbk0iXEJiG3abuYvqHqCjZs40vgMZW4IvOFDddGgw0ve76S2V -j1T7rhECgYEA8wH2VFM1wGDf1p3iwiIKBNAhW4J3IuTVD0CstaPPksekNdnHz3kd -vT5N1845XuEa3UlNcCFgeV8D/+lHxc0mrilb9+FZzl4MK3h0oLsb8sLueQeotK3f -pd/rQsw15mBkXpFQlefUrzgstXpNdEfAZaKd70Lqypq7AOWPJkWM5T8CgYEAwiw7 -CMknsvcLA5BEREuyCq28KOTQ/OeFMpeeksABegy0qMuV1cYsr6uG4+CPtVayk/ss -xHwUvRHXXKPdsV+pn2PP3NZDfxyLVMS3LsKYeSx1kF9RJ+l3qZ92noL/7/mGAtij -g9WOiM38XVm10PSs8IqAEI75ZGlWCwnK7Q2VnTUCgYACuLzniN8LPoqDPtVxUyxF -jYcyHS30aBeyygilKCaFAFNofv3r5vFcUzxP9HFUDLVeURna7aTE9zl2PkidgIS0 -YqYzCoUU+JyuR/UWb8IKYACHvnw3OdNNakqaPutDn0TAgmQiqawKIljt12bSrJMN -EFsweNFkX4NEqU2HIjRHxQKBgGo9bSeHeFMxXDNc8h00FXxGRtdRKw/VVUmzL643 -pBc1cHuSuK64uaZ8gVeZfMfJYfgZzArNoUM5yc4EUr5ECzkMkaTRDykzYwDEiT3q -dyaFruWJYYwm77Q9bdeY8ZRJwIs6IW12oYA0xEoHVbW4yg7qmNt2fvnzsIJln0RI -1H2pAoGBAIKTBFfvLKGg/YnLnJ30vVYaMW6vAHkIAueFWW1j9do1qkZG2dN9ucLF -JG6KOCprReJpAHut/VLFnxdsCSmy1simhe2oWZYQTi0UiWf/E5aSJnHhXu6eTizk -ERRq8Ewf2HL5fs4dk7qQLJNdQCR74FyEJNuoWmWlsLBdM4SSXCxo +MIIEowIBAAKCAQEAxB3XH9zdLwZxcLtan7ZrUNwVkEN2KKvu31iNCWOFj+mWQ6HM +vbIYKC7lltTA0jMuAxyiKX/cRMGFZ7mlmfgxmDlAO9z4LLPOoumpRjK+OqLy8YlM +rit3r+XtikMzGPa4INEklfIn6kRzLz3pdUHGLVnf1YxChbcq9cmpa2kAfbBPZI+1 +NbEJgDlsDeUrdTeLbN5C+soyJ2So/ravverI/5lMizGqS8f9F+3IzJmRNXCNeNy6 +hpS6V9Vzy+/ZbdLnCRb2BNNCc6eFYy6OqHRvNvG64imuJG51cPsKvCgMoi3lB7fK +3BJ2y2rphUms4Nu5LXACIPu7m5bIat6jgutbpwIDAQABAoIBADilrefEMhdNMyMu +2sRbOrBGgewDsHObBgp5V3OozYF+JSsv5yW79YJV2XcxyOhuZBH+CVEXX5Z0l4YY +d577s8eWcdlYwE6ZOUyRVZWzPoNNYgMmd4GviIjET1Kqim3hhdnkzz6IjcL7NpIk +vfRipU2gMilKtERPXhdUwp0F3WBwNPVwiCX168MxcLrQtMjx/n863h0zaHbzv3cT +XWPt0Bjld36MKaXMTS7mm+EfNsZr2WHSrbEwzk9cjYQkevWIK1+EFKzo3dwhLxrO +iSbSLsuOaGRkFBXKfwJ4goQYSloPt1AXMK1G0lLSzH5/uDQFajwXDVCfHNiTG0tf +Sq18ToECgYEA8/DaLBsPpI/KKF4qY5l+Otb7sAG71AZVVMv3mZSRenyMJaGYXaaA +l7QNwH2vUyozVLwW3LQ3YipYN4tjYU5YugM7hG/lkHLFu31/ExnReUDeh6XcJCpc +o6PSyS9hDjfFLt1sh2enmXDYTfranBTxzwvmaqL9eI5/uleNWVxzOuECgYEAzc/B +yx5/SrBDSXiWn85u6n5V8EHRrcAsskGxNISP6gy6ARLSt7K/vfPuKuDDyGvepBB7 +jD/s48Pb41bV4xESroc6/4nDp2M1+CXRndWd72tclFLTobLmqzE17bIsJMN5U7CM +b7lyvaHoVCxVmtkXPe3qE5aZp3seMnlpfv1YL4cCgYEAur7olplE2WsGjO7Brqvj ++bF4zl4VZ5RNoPPgod8dm9JbC7fwx8jeasR5PqI5JQaKc1Tmf6ErQOg/zo3Tz7tF +q2ksGA/9gx6KByVksb+zIAssEFZF+B3B+7g/dqrhtxu0xVLXcbVFle7QeKoQzyot +j56Bj6MlPjSAzauW1xEyWaECgYAWBgZh2viaIHSC1zGfFjMOSsiddh2e7zKZPKhe +y1SvIf+Bf+cmmy0jgYfZ9MVenBRuEAl4f5q04M+V60PmEXyjSntIvxA9yEMNM9bT +gfltllqI0Lgu1HsUlKaFsgxBPt2r0/ejOQALRNkcsMXUVSjEisICqJn2rxkTI6Tj +Xu7h3wKBgDvvc/WXtpjgr71OwW95ZuzUsjlok+WvAAPSw5aqzUjbREotqYLm9I1g +3QwzySxtupiJMALHZWoiJrpsipKfLDx6Fj9zkvo/cuk0/27YWGSYVCJg6AsndoY7 +SLO6Oa2Ar/73wxMD/g+VqHkWe0IpFqU93lHys5y2g7SqMeaiWGav -----END RSA PRIVATE KEY----- diff --git a/certs/client-auth.pem b/certs/client-auth.pem index 398e6b94..fd8d4837 100644 --- a/certs/client-auth.pem +++ b/certs/client-auth.pem @@ -1,21 +1,21 @@ -----BEGIN CERTIFICATE----- -MIIDfzCCAmegAwIBAgIBAjANBgkqhkiG9w0BAQUFADB3MQswCQYDVQQGEwJUWDEL +MIIDfzCCAmegAwIBAgIBBDANBgkqhkiG9w0BAQUFADB3MQswCQYDVQQGEwJUWDEL MAkGA1UECAwCVFgxIzAhBgNVBAoMGk1haWxndW4gVGVjaG5vbG9naWVzLCBJbmMu MRQwEgYDVQQDDAttYWlsZ3VuLmNvbTEgMB4GCSqGSIb3DQEJARYRYWRtaW5AbWFp -bGd1bi5jb20wHhcNMjAxMDI5MTY1OTA1WhcNMzAxMDI3MTY1OTA1WjB2MQswCQYD +bGd1bi5jb20wHhcNMjIwMzAyMjE0NDExWhcNMzIwMjI4MjE0NDExWjB2MQswCQYD VQQGEwJVUzELMAkGA1UECAwCVFgxIzAhBgNVBAoMGk1haWxndW4gVGVjaG5vbG9n aWVzLCBJbmMuMRMwEQYDVQQDDApjbGllbnQuY29tMSAwHgYJKoZIhvcNAQkBFhFh ZG1pbkBtYWlsZ3VuLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -ALhReQwIVGRtEhkZJ+DKdiZkEQ+u9BcaKONZR3xvC5ccprlwIiyrsf725TXegwOE -hfrWeJ43tNMEjtK5QDNDheM6Is92wUk8Nl1bF5GltBrFrgshI9VL0ZlqCknADSnI -Trh5oi4EJKDpBrOO4hr+i7Jfn3wSnt00S6ruIk+7l0WGLWw1XQk3fXQkbtvflzBi -idZ7Ni+iB/ygnpytZCMwQ1hrwOF3Bxa43ZtMxa/d+sD2zemkSP0U5WRIbrjEWFOa -9+yODGm3vyHxtBk2ooUsA96WrCm8Za4r4Wv4OdI5kA6LnslrDaoHCnQorvH6ljkt -l3T8UAYKgPlsj6qvjG9uGQsCAwEAAaMXMBUwEwYDVR0lBAwwCgYIKwYBBQUHAwIw -DQYJKoZIhvcNAQEFBQADggEBAEj2iWqIEP14MGqh9jaTIeg9OVEd1b+Df6jKTtSJ -BdfhTozT8hM5bUQxKzsE58twuTmH9M6VQViEBhBQ8zk7pWlIZe/qHM5qbDFytULR -JNLhLukCR+kabw2lHL+MRiljzcwQMrOV+uPgI2XFgRe+ow18nfeEIK2tzclx9y1H -TYtqCc3ndjK8ZHh5pKRd4GBMkXgN+QeETj3Pr8+jTFLlMynpwKJMwi/uAAkagfFO -PPVBvIMwnYhV9bPF/AsOs4B+DYkK+eY/RM6POuzGeIs9g3SCVYc7lrYKBMcVfuZI -LZAV5B5E5XKePXe3cVgfgEto7OSL1hjiMWZev98baEA6LU8= +AMQd1x/c3S8GcXC7Wp+2a1DcFZBDdiir7t9YjQljhY/plkOhzL2yGCgu5ZbUwNIz +LgMcoil/3ETBhWe5pZn4MZg5QDvc+CyzzqLpqUYyvjqi8vGJTK4rd6/l7YpDMxj2 +uCDRJJXyJ+pEcy896XVBxi1Z39WMQoW3KvXJqWtpAH2wT2SPtTWxCYA5bA3lK3U3 +i2zeQvrKMidkqP62r73qyP+ZTIsxqkvH/RftyMyZkTVwjXjcuoaUulfVc8vv2W3S +5wkW9gTTQnOnhWMujqh0bzbxuuIpriRudXD7CrwoDKIt5Qe3ytwSdstq6YVJrODb +uS1wAiD7u5uWyGreo4LrW6cCAwEAAaMXMBUwEwYDVR0lBAwwCgYIKwYBBQUHAwIw +DQYJKoZIhvcNAQEFBQADggEBAB3SuCqdh405X6Y8phoGimNyU7OmUPKMK0mwy8XC +N0E01pcplvBf8NOhexKwqLVopMYdKGea8n47hMqZ8voNFjXBEbD4DwokIMzokB1F +aEDe3XtagIq1bGTZF6q6XePN/v6HJfpr5hlNQtqLjA3x4vAaKYylRt83/YXTcYAZ ++TY1jJ74nRFOebqXJnc/7EXLwEZ0wBfYvwtuQ8+Nd77JMaBDIxK+0b2axf7pQLwk +CAzMTYd7JT7mTJUzB3FXt9l5UsKRppjrfaq7ms8X+AVtveER5ZbUHl0VOF7sB+Do +gCzicy85NQX8+H3Y+6axHM8+E/pWtONg5oEdOi6oreDK37k= -----END CERTIFICATE----- diff --git a/certs/client-auth.req b/certs/client-auth.req index 531ce6fa..ff5739f5 100644 --- a/certs/client-auth.req +++ b/certs/client-auth.req @@ -2,16 +2,16 @@ MIICuzCCAaMCAQAwdjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlRYMSMwIQYDVQQK DBpNYWlsZ3VuIFRlY2hub2xvZ2llcywgSW5jLjETMBEGA1UEAwwKY2xpZW50LmNv bTEgMB4GCSqGSIb3DQEJARYRYWRtaW5AbWFpbGd1bi5jb20wggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQC4UXkMCFRkbRIZGSfgynYmZBEPrvQXGijjWUd8 -bwuXHKa5cCIsq7H+9uU13oMDhIX61nieN7TTBI7SuUAzQ4XjOiLPdsFJPDZdWxeR -pbQaxa4LISPVS9GZagpJwA0pyE64eaIuBCSg6QazjuIa/ouyX598Ep7dNEuq7iJP -u5dFhi1sNV0JN310JG7b35cwYonWezYvogf8oJ6crWQjMENYa8DhdwcWuN2bTMWv -3frA9s3ppEj9FOVkSG64xFhTmvfsjgxpt78h8bQZNqKFLAPelqwpvGWuK+Fr+DnS -OZAOi57Jaw2qBwp0KK7x+pY5LZd0/FAGCoD5bI+qr4xvbhkLAgMBAAGgADANBgkq -hkiG9w0BAQUFAAOCAQEAhrHrhsYmeCpMUSqrgYcEo3swwb4EvdcmZESzTsSnePt8 -21FGoY7ccXr5itUbH2VeFz02u171L+14wfQ3zjsgZt7orMC6qsCt84nYnXJ8mjMP -aQ5GprB4aXSgsdMZk1YtSrTa094SlcSuLRLnH/xtIa2RiLr06zQZZWVljwDvL8nZ -D/gFrC8nmtcW1J/0RXfDxdzpdAgwhiMg9Pwqqntz4IO0eTFma/Vq3MdWff+Hee0W -+j0eaqvkX+dBlYPOKg3lpN8ZFbw3pUWC9yKT4hRjaa8JczyCxZsG4MsMv88xa7rm -pjNlSwggbr7ZI4/XST5fdKlSylg1Py72HLuz7L7h6g== +DQEBAQUAA4IBDwAwggEKAoIBAQDEHdcf3N0vBnFwu1qftmtQ3BWQQ3Yoq+7fWI0J +Y4WP6ZZDocy9shgoLuWW1MDSMy4DHKIpf9xEwYVnuaWZ+DGYOUA73Pgss86i6alG +Mr46ovLxiUyuK3ev5e2KQzMY9rgg0SSV8ifqRHMvPel1QcYtWd/VjEKFtyr1yalr +aQB9sE9kj7U1sQmAOWwN5St1N4ts3kL6yjInZKj+tq+96sj/mUyLMapLx/0X7cjM +mZE1cI143LqGlLpX1XPL79lt0ucJFvYE00Jzp4VjLo6odG828briKa4kbnVw+wq8 +KAyiLeUHt8rcEnbLaumFSazg27ktcAIg+7ublshq3qOC61unAgMBAAGgADANBgkq +hkiG9w0BAQUFAAOCAQEADoMSPWSsSHm2GMeQNGfxi28QEz9XTIY262jiae6D9UdZ +fHF7v7JVtiG06OMg8TpdwyXWG3EiVeJZB2TOMjdFIMJXiIvGbkseamcguU4qLSqk +FSLG1V8bENaBdzDHqnjftq557lYGlsxGYbLaUmEPZocrBZRMcyps25Lqg7uJePnY +v+ssoQmWLo63Uu123E+q0tJCGpgcLC4zW5g9o2LXzvX3AokDbfMHeRmsWFfP+QS1 +EPXc+djwgHCTKyGRmevnJ+mCGDrkHFmW4tQw8NMfJmkqjGGwjaP/LrrSJ+wGR+AK +LB6z4Yb3ZITEioGgZomw9UVHFngmYW7sym7lcPTKyg== -----END CERTIFICATE REQUEST----- diff --git a/certs/gubernator.csr b/certs/gubernator.csr index 3c49c7a1..79541da2 100644 --- a/certs/gubernator.csr +++ b/certs/gubernator.csr @@ -1,28 +1,28 @@ -----BEGIN CERTIFICATE REQUEST----- MIIE1zCCAr8CAQAwUzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlRYMSMwIQYDVQQK DBpNYWlsZ3VuIFRlY2hub2xvZ2llcywgSW5jLjESMBAGA1UEAwwJbG9jYWxob3N0 -MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3KZ3GOVs2d/ZXHGTgFw5 -a5+s14f1aszdtFoV45g4QQ8mEvZAsfa77Rn5UhtIcVu3e1Uk4VVOgQR5wF3RDnmH -mllxYctnCTlS2a9NU7+d6Jo0N75eQezWvePIskqUG6hIzYijJheUESJ5Jm8LNsf8 -x/VONxCDQB+fUNwAPQsr/nCsFFhGCxfaLXV9pB1ysrPX1eH0hFMn0mL2XS40xX8M -9pPfAS15Xn1Pnq+jpwmHwARLorHVNNJv8/o+sz/TmnWl4SXOsWoRz8OWDWHMbrjH -UaJnCfnsPHSdaMoH9upsN+UQYeYfj+y89gGZdO/kwLxQAEdNaDku9HC6o5dRo/tP -+rOVCs1mQCZKql88tT0RJr5O0xcN5Y0rgHtBavrOQztXinLBOH8Yhb5kH5FBcPCo -BaWOW2gXNDL+/dCXHVJlxZdobWfDoAL7d0IyEhlRKQV0skUQIdRvcrWcIXDVDwHn -NAJENknw11QN5BjvSIWJFU+nfQaiGrrKFtclP2bap7B8EwxIBkOIl2tGTXCz3NBB -vRMbBp2OZ6yNyzWeiusx2JCF8awPCTWRIvLICMcZoG3ZYB/ZCZokcs3fU4Fra0IR -4u3WBn7nygmG855RXS74sM1XNffBang38lwNqEX2v8qmrpwmRDENx1+cL4O2DE2S -E5aktxhPB/3jZm+ONaGez3ECAwEAAaA/MD0GCSqGSIb3DQEJDjEwMC4wLAYDVR0R +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvr59qRI0FBU4zW/gFtnO +JE5DOcA2TFxH4cESPd2CCsV/KGTIyGbERBbvAj2f4s60Sn1I61veTWQ5yCf845VY +rg5IkTaBGIeiio+sDW9wOsZG74p3Op93dlIuMea9WXL1wxGzfFAmf32uoHaTPNm5 +OnMwvaorFmZDRJtQRtZ0bKIYMrGlL9/ywK+vYS/MZ88OLSpfpoiHRWkXQoGxeMnc +WFbnjhK9ULxYCPU53nb03efRtGIeVSOYkx9+ARn/lETotqJ+LNXBXXtj3EuYYch3 +Lso/xgvWpa61p3CxdrBwgdJcNJHghlr3bU9YBVYEx3XTTvaI4Th94uaygcK9U2ZZ +ISzgaAGNmRqCDecFkSCKRXzRh/oRwV5kDlktDp9dcmZ1TTUT2PHHiohrGECfbHxC +3lPmm2sRToYjF85PKlZKrVgf7JymlsnIkqOrEFCY5cTatxcF7Kpe4Vopa/yHmhaS +9Q21aQ5qLa5mhBZZLDjIXC/P85wYVdS5nOWmRIC4ButvHBW+f5mYEdtA49Pif56x +VkepdYKbq/6gweq2Z4qRVNE2zHDUol6CzY/DQ+zUHHJ493zoyCFHg+ZrH8HX+zV6 +zv703PG0k4v5S/X/mR5ze049wllf7XCMysWgQRpwvFlmzO06wb74VWx+Ovo8JjZz +kVFI2SPc0H+6e3WAj9xvmKUCAwEAAaA/MD0GCSqGSIb3DQEJDjEwMC4wLAYDVR0R BCUwI4IJbG9jYWxob3N0hxAAAAAAAAAAAAAAAAAAAAABhwR/AAABMA0GCSqGSIb3 -DQEBCwUAA4ICAQBFObKZiTaNkXLPUQ+1zTextGPlbrWHBOOsYPOtqBmu1+CFz7pX -Q8qiO4pboXwPs/Y51QBvxK1z/U97S2dMS9Jyi6tGMrl72fWsyiGeKHxFHqfCCZFr -vPRmlP5DXBgAyQASkU7ULrP1Pgvn2SDOhVLP6V31qvVybxL9I0vqKTz9ul/2rAmZ -6COjxoWNDywd9FUdARRpoyEJfp/dzwA1Ww4mcnrJrf7h2X9+ht6tr2hVieRrOhlm -foCKv1rSUKbua7hJ1JC6dE/L1rpH8315TpTkVhbCS/RxqGK+sLyS86u78Ka6q/7/ -BK3bsWU9QiaCrI6i9rXDgSd1SWCdNmPzGEkVwxQuuP5RxnMjwGfggVkxkq5Bb85b -gKlOZD2Hsv9/6Kgf9Zbe1MrEEpAiQoanV3nLuEC02F8UcRKzPdj1KaGTF3DdVfvY -ozQeeynL+dysk7RazicgsSYHVYqX0tuNbGSK2SMyPAKqmhvbFPNUsGqPP2/ARXt3 -TX6cHLj3+WHsFAvpQO7lsGtbFVYRtek21QaEDJeUQIAu9CvInM8DfoWkTRyqFOzE -9YGNvD4pBJHI//nekBc+IapPYsZ62XOZ/Agthv2t2aUeFYUFrnL//S8ExjMQqucK -q0cR2H0oCdEReDcmECn36UJ3whlX/Ja2UHV/UVe+ErIUSIToeLPGTFMpCg== +DQEBCwUAA4ICAQCbwjiIqU/0nlskpYy1Wvw4WFyOzpN/FGTme0/QmKlO92b+uGX3 +2BGqe/jrf9bYe2EeMxDd01NxVBd6KFOwbhIA+5kM1fHarI+8YqK8QeRAAy42W6pP +kr7ZOMLv7K95/8ufERTQpzMga3mYAAIdXAaV2D8l7qs+eG60is6wsLYjMQto8Zoi +L+cp9A5lZQAOReKyZaKCm+GIRNDVdaTO4fvzj6ZynE4Lz4ewUVaKnRW8MGk/Syi7 +KEhR3cXZkKeZ3+XG2LSR/JBIf2U/Tlj1wzOJOIenKNo7ir5W77hVEh33ZDomeHLn +SRWFUwg8uuYmhy1/NMaJxbX+DQZw69QZoBfSXIyPEwZvYnZhuWQGpoJK8BB5IBqO +VJ02InL+Ni9TWy6LnCeFG67+GDjFGIw9wQb5Lw9O0Hp8OyuVevsGJfS5vezpEBaX +tMxNUx1RQnd8FIxZNluCUj/9Ad3uLPi53W6/IZiUvzrMebDiQSe8V29x4yzo3Jca +8totxCZVXw4SjN91JtdOvBpxlXqeUdtdpqv8kHkbKTOOpU1D2w/100SlhLatafxV +24FXN4mbshUfEbNMzSRb1wyGEGpA/ArNV5KPRtqO+86zGN0Bh+6RaqeMUTs5Zb6s +OqxnS/TUTJgxJhZTCL3SKeXtmfM5jnXkPcsB4vlGCgdkwHx0teJq3Syy3w== -----END CERTIFICATE REQUEST----- diff --git a/certs/gubernator.key b/certs/gubernator.key index 8954b57b..d47aa8c5 100644 --- a/certs/gubernator.key +++ b/certs/gubernator.key @@ -1,51 +1,51 @@ -----BEGIN RSA PRIVATE KEY----- -MIIJJwIBAAKCAgEA3KZ3GOVs2d/ZXHGTgFw5a5+s14f1aszdtFoV45g4QQ8mEvZA -sfa77Rn5UhtIcVu3e1Uk4VVOgQR5wF3RDnmHmllxYctnCTlS2a9NU7+d6Jo0N75e -QezWvePIskqUG6hIzYijJheUESJ5Jm8LNsf8x/VONxCDQB+fUNwAPQsr/nCsFFhG -CxfaLXV9pB1ysrPX1eH0hFMn0mL2XS40xX8M9pPfAS15Xn1Pnq+jpwmHwARLorHV -NNJv8/o+sz/TmnWl4SXOsWoRz8OWDWHMbrjHUaJnCfnsPHSdaMoH9upsN+UQYeYf -j+y89gGZdO/kwLxQAEdNaDku9HC6o5dRo/tP+rOVCs1mQCZKql88tT0RJr5O0xcN -5Y0rgHtBavrOQztXinLBOH8Yhb5kH5FBcPCoBaWOW2gXNDL+/dCXHVJlxZdobWfD -oAL7d0IyEhlRKQV0skUQIdRvcrWcIXDVDwHnNAJENknw11QN5BjvSIWJFU+nfQai -GrrKFtclP2bap7B8EwxIBkOIl2tGTXCz3NBBvRMbBp2OZ6yNyzWeiusx2JCF8awP -CTWRIvLICMcZoG3ZYB/ZCZokcs3fU4Fra0IR4u3WBn7nygmG855RXS74sM1XNffB -ang38lwNqEX2v8qmrpwmRDENx1+cL4O2DE2SE5aktxhPB/3jZm+ONaGez3ECAwEA -AQKCAgAv5kdGdU+rAIg8JD/EBsFEVtZ7t30UYULjywajcMENho9aYHDs8UYck53n -MBsK2ME9Gd+2twEiyujvVK50ePdyD2aotzI382TD8uVTf+50tz0MuNvXbeW0NUW1 -RrFeS6r6S2Y3d7jh+1zXdhW2H7YFZoBDPedwPS0lrYyzs8AqLSV+CSezcssfQTk0 -Llxe5OG/AZ1GOJMVffxDgCtekFUtFi68H7YQSB3HshNRyKTaj1QoDnjdTa2WBkYk -PX/fMRkAhmeXZhJVyvzBDPEHPD+wvhOmO8YH3bzqKamO9Zbmj2h+CCnj4Z2nvfMl -SoqbOIYZeWEZdgh2ch5iMxA7C+xxdeUdjFwklzoGIfOq1ax+KXlIS4sSf4+vf50p -DpliDD0Mmvgr/2uBAbPxiLSapchMEPepgRq8WnOi2m7pCl4O0CXNGH8DRrcQ7Xzg -59Wa/9lPq5QOaR0Oar41fs8j06n+9HJJkaP3IPjk6eBjJobH0Mnvw7Ft1LIVo4/5 -72GfdIibewVXZJXg6xdbSL1OygREWlLdsrIyhMwmmgKRvV7PztZidEtoQxmHrcQD -+RC7ClNyHJSjwUxSHkh8JVcKvEn5i41rvWnMsFnsMV2ld1jjrcuEkdQlBzZs2LDZ -pQDns21lp1VE5PQftgQuuvU+ww884m18onpVLz8oaJY5N6t3wQKCAQEA8U5eijj3 -NnJzPh5XH5O8sMDqBQErlh2hy7/xF/dPqoBtHAORW4rEE0WihthwzCXpAHOX57HN -wqLu/QXXvNSPE9PlSL5/2dlk0qW4w3x8o+GcJ5O+aLtgnr1bZf05SHDDocFy0Je+ -mTuknpz4Ki27jXJHNtlGAnp1n2J6N4IT0QY4CSD2xxvzVtjZpdxePBDNiqz88vjT -QgN4HAQm6SSxPMRnIHPbTuHvh2EY4XEasFHrMKXKTN007trwD3Ut6IhXIRzGQ8Yx -V/Dm5lFimTgozOXb1ssRAoWLb0hK6LvEjhmWEWRJB6dhX7s8sicNtrnqIXaHx6oS -uuy+0j1lZY0fqQKCAQEA6hYZZ7ppkj85aj/phrZwqEa/nZYS02ekAHwVd1X6I/Bq -uwHVI4bW01q+9XZ0JIb5FYkhTuiMwz1tPU3gPL9Pafa4aV582jkzX2lA8M2x19fe -MSPk8Cqfj7lujjADBM545e5+PA0O7JeW9/Mt6wD6lA7NF+/QfTht9Zqd5dAK3TXC -w14Br5y/acSXHN2VuzN3VzZhzwGFiQctb46gim+F+0/wqrPEW4E/j2VAGD6gR8ky -5WXgUBoa+FLja9vJhEc0ktHX5679uh9MO3La86Nc0mkj6B/hz7+byf59TluFEHI6 -vEKwEaXME6NS4sLgSCzApiKhr2tLIuRhC/ww/XSuiQKCAQBv9UOJ8CpLGcj8bklP -/lTS0X8CuWtGqBL0nOa4judonVOCZulfRr/4jRt+YxfasFAuBHPbbTShdMVbogVZ -uGl18p90I+bf5ayQy5ExKiYOR1QTTMpQf3exzvuEE3wrbx5lg4LI407se67CZOQD -ddqKIxaFjUOdTMIcJC2+aVzWY4NGQQQel4pMpio9eURDrCwhhmeKOAaUn1Vv8kE3 -dO3C2wFaHkcHj256KoPHvZl7a1aq6JE3Hn87v1sYYO7e77s1Qst+kIs+WShYfjQ4 -EMVlY9SfEPKgb+Okyy7uUog8wgRNp3D22yMjrpTXt6T2PcYypnMTIYa1MbjLhO7x -sguZAoIBAHFF6ltAYE+tmnnonXdblx5Gxfhao5d7AmhdowGRMC7t6qe9lkbPu+qg -ceFTxZXbXnLmXaDSdTMQ6WiN46FhresHwWrzlxT+MvbLdupPjux0gAdlaCYzaezh -fTb+0qcjxmr1Qk6KvxsLq7kmCqU6XwcANoyLtmaxxLvhauDHEErE9g8V0VkKT7G9 -uKX2L7tbhzdDkIbcJKMPPxRJfzQeDUZ0A3CG9tCUtY4NH7vbqjGykZdh+e6pAz4A -1h3eSCBjWHRnaMOq8Qp8lKX7ySm2dnc2+3Ia42llPdy78iTVsoknzXZGCu8vPJaQ -JM6oIGGsjjiWb4j0MXKb8r4a9hXfvYkCggEACzVOr5XpLpr2YUSVDOrqsvGDz3rM -3iMpJI5xuyZ2TtVjdW5YexkwEihgGojxOYbTYT7VQHUu6i39I5W7+w/J073bp+vi -GQ6uHq9cafWY5s4jSYr4NPyWve7e/H0vpe3k03CeaVTy2JxiUQkdpT6FfvhOO0PK -0ZvgX7xB+OwjQUc8eyL3kyNHK1FWfpP8cC63qxLOAze5Q5WDcRZ5mzTHhOIpi1Dd -0efhw0C1aWvyPMOQKgGl9jFkaOsGGoH3dfaU35TJzYqC2KXMLe8acirOTWxIL4Em -Sre9sCEmz4t5MbV6AuJQ4mgQSTz4f7/0P+UH6MJKtUPXQFZtmX+R1FNiTQ== +MIIJKAIBAAKCAgEAvr59qRI0FBU4zW/gFtnOJE5DOcA2TFxH4cESPd2CCsV/KGTI +yGbERBbvAj2f4s60Sn1I61veTWQ5yCf845VYrg5IkTaBGIeiio+sDW9wOsZG74p3 +Op93dlIuMea9WXL1wxGzfFAmf32uoHaTPNm5OnMwvaorFmZDRJtQRtZ0bKIYMrGl +L9/ywK+vYS/MZ88OLSpfpoiHRWkXQoGxeMncWFbnjhK9ULxYCPU53nb03efRtGIe +VSOYkx9+ARn/lETotqJ+LNXBXXtj3EuYYch3Lso/xgvWpa61p3CxdrBwgdJcNJHg +hlr3bU9YBVYEx3XTTvaI4Th94uaygcK9U2ZZISzgaAGNmRqCDecFkSCKRXzRh/oR +wV5kDlktDp9dcmZ1TTUT2PHHiohrGECfbHxC3lPmm2sRToYjF85PKlZKrVgf7Jym +lsnIkqOrEFCY5cTatxcF7Kpe4Vopa/yHmhaS9Q21aQ5qLa5mhBZZLDjIXC/P85wY +VdS5nOWmRIC4ButvHBW+f5mYEdtA49Pif56xVkepdYKbq/6gweq2Z4qRVNE2zHDU +ol6CzY/DQ+zUHHJ493zoyCFHg+ZrH8HX+zV6zv703PG0k4v5S/X/mR5ze049wllf +7XCMysWgQRpwvFlmzO06wb74VWx+Ovo8JjZzkVFI2SPc0H+6e3WAj9xvmKUCAwEA +AQKCAgBuKKN39kxfYNY6Ryc66zUTYKOQgcKaHR1ictevJPNKdz71vCb9HeSxkjEc +sSxal5gmAO8RBjB/r6dzQizZ3tGlTBh6zOiHmyWzMkBiTf6Z4xLqmqQ7FgevLM0D +AshOFYd7zghDfiKNtK8aewCTvwYrjIUUtGdH+21T/QLCtm3sozyoYlINMSAISi5W +SX2aYklEqlktW2IMIyJMxYwSPzpjRmVadtYg/3U0TzPJmBfY5F4G+DeeYf1m0mQ6 +DKK/JYDkoTmPeS/AZleIzZvGtTinrCRio0mmzBybBAlpi4KeZzfbIHhz/6sv1Qf3 +pPMDoreTvevVboO9fBCRwj8HIG/OKUKAARLSmw58tSa0Y/UFHzQqwELAHnmBYtKL +JUCi7J9FKcAEkwwMyHK6rwgQPoqnTANEjC0dwb5HoKcj3lW3XGZQ93pabwb3i+da +BumyzB4GAxBolSH021IcyuY7hpqlGmfhmlqtDdoP9Qmky5DRqErb4x0zSgYg7Mvm +i+uNP+0R54BT3cLAbmVtXjs0pLREhD2soEEVVSIUpay0vskw00lJ99mc2LIxgDP9 +eATzWOKk5hLUSHzKYnvUP1BIwIg214Lv3utL9ZTBs8w58/XfEsQsEsPFCJ9wgRr8 +bwyPIXfGoQoeU0vfcDguLCva0f3aMGprYiVuutavRUOnqIW8oQKCAQEA9wH5slu5 +TNJMzUuptpSBEDOdd12KS+iJpbDmd/SMnQaiVP//gU4evzACSAPEFDoYKH9GRg3j +xYLfoiuuQDldmyvxk8G6HbItoUHfqvZ1P6CBggGjEHx2RRcob699EEhzxAvD7xmr +7w0F7zAh54ojctGsuhG82XUEWGgyU3Yl1TVvGOonDHAwnopl3OOEwS67rAhQxC7t +upleBIZWZv9VfGBZyGRSgRs2EOHWAqMIMOZ2KwZoSVq7wP0mubQPPioIBjaRws+I +N6L4U3ZlunW3/HNifdOZscCH5XiN0VNhP3Q9uH5YB7oVSf9zPo6vWqDcCQN44fpU +Q3mBGaccSSyfeQKCAQEAxbAolAs8OwIF49SAg1I6Dq/oaTHQl/QYm5+BF2o/yHvr +R4AWQ9mOD6vloefXrkGCX036d5gHpsEfViSTsDjr/+AerlGhRUouNDFLjSGlkcur +QbZBwh/7UtFKcvdOBaW3PB10DoSt7KwnSujFx3f9Mky6YV9a6oZhU5OAT8dYuGIf +uTYErkDUc+Yk4BxH/hku4PTPx0tCQ9fshye1/pfuimYYEg6ZPFAZnQXtuNPHJOMt +cCkX6noxFxiHTj/a/0UYALuXpeM+9S4s43mSTD66bzYG4Z3D7rV5MPwm4JhP8qMs +R/XOsf/8S0T+vzASXwOu2SOUPU6SA0DO4cdANdobjQKCAQByJ6eOlnV823RDLMSy +bM94/WG42LIhgsaanLbmmU6jA33iaq1axQ/QrA9h2Nu1vWOM08VWevTZQzK3cBiH +9fscy6JJ9y5cqwwLirYj/OMTFMrFmpwR8nN2Ws2FUEUsUU+vOwDCb8rWH96uPEBv +EZhwaBa7p5bvqPTpJr6bc+7oKlm92flR9keB/dQ10bB413BEgVNSV53mrxqUXMFx +uG95m83invrCUCEcjEKr1UzjzJ6wI7XusNA00Mok6OJiiGpM9MtIjUEW9WpuqDk7 +g0wUj/7kx/YwABrOInjoVPCMstwTd9CXQZi1KinIr4i7CbynLcOgLGDlDjJr+J9J +8iWBAoIBAGDCGQpk+WT0V4eswf4EqA/6P2oFjNBjFAxPpLKeOXvaU01avwsUl7jJ +7Qoy3NkYjUQyeY5BpjUTP1A9dOAC7FgADWRK5gFxDm5TVmRMfKqAomD2YPcwCiX9 +9E+TBegztRzCWcSlYi9+D3lVt0ArVY1iCrOQJYK2pTpv7pSdwKn2tQpFC0Nyzcmw +cooSrZYMI2rNyEkGZ/em3slEQYrMOGAbGlr0NEJV/kNh3Hnjhgxi+SF1q5QDnLVu +NwOws3LQEbCCIPZ75JvCrwvjvBx/c2btba7ONlFHF3tHX4v8YN0kyo6qHDH5VjZN +HdbcI5HHzrPO+0aKh2L6PIg7qwzwpR0CggEBALXwdndroGW/cmG/6AI/vQS6LBae +zYjAH3DGKJRdlIaWq2AtSy2tEhDAzr4tiyaBf0tNR9v57zoF97adg+lsSHEBusIF +Uf5SmjxYk5fs1J/BPcMwPVC/hTzZqp65GK3qqCJYx7ihSLb2B73AlPL5DpHu9rL2 +S3O2oDL0JvO5n6tT1lBOBc98VlT7tYh2Q9EsH3eiT4IYsfeaq2RVJyzaNE/KFf8p +in09tB3UmqH0Cdk92Bi/Ig2604KEsr8gMG6eumdWTjlXpi/E9bMrS7oH2ERglwDJ +Xu1eQIZG45xCIuatNFcoNg77NUnYLhFUVSb1tqbwA2wstFI5VhoqaWdbBwI= -----END RSA PRIVATE KEY----- diff --git a/certs/gubernator.pem b/certs/gubernator.pem index e8f1bff0..43901757 100644 --- a/certs/gubernator.pem +++ b/certs/gubernator.pem @@ -1,31 +1,31 @@ -----BEGIN CERTIFICATE----- -MIIFRTCCAy2gAwIBAgIJAKEtY0SKWmgJMA0GCSqGSIb3DQEBCwUAMD8xCzAJBgNV -BAYTAlVTMQswCQYDVQQIDAJUWDEjMCEGA1UECgwaTWFpbGd1biBUZWNobm9sb2dp -ZXMsIEluYy4wHhcNMjAxMDI2MjEyOTAyWhcNMzAxMDI0MjEyOTAyWjBTMQswCQYD -VQQGEwJVUzELMAkGA1UECAwCVFgxIzAhBgNVBAoMGk1haWxndW4gVGVjaG5vbG9n -aWVzLCBJbmMuMRIwEAYDVQQDDAlsb2NhbGhvc3QwggIiMA0GCSqGSIb3DQEBAQUA -A4ICDwAwggIKAoICAQDcpncY5WzZ39lccZOAXDlrn6zXh/VqzN20WhXjmDhBDyYS -9kCx9rvtGflSG0hxW7d7VSThVU6BBHnAXdEOeYeaWXFhy2cJOVLZr01Tv53omjQ3 -vl5B7Na948iySpQbqEjNiKMmF5QRInkmbws2x/zH9U43EINAH59Q3AA9Cyv+cKwU -WEYLF9otdX2kHXKys9fV4fSEUyfSYvZdLjTFfwz2k98BLXlefU+er6OnCYfABEui -sdU00m/z+j6zP9OadaXhJc6xahHPw5YNYcxuuMdRomcJ+ew8dJ1oygf26mw35RBh -5h+P7Lz2AZl07+TAvFAAR01oOS70cLqjl1Gj+0/6s5UKzWZAJkqqXzy1PREmvk7T -Fw3ljSuAe0Fq+s5DO1eKcsE4fxiFvmQfkUFw8KgFpY5baBc0Mv790JcdUmXFl2ht -Z8OgAvt3QjISGVEpBXSyRRAh1G9ytZwhcNUPAec0AkQ2SfDXVA3kGO9IhYkVT6d9 -BqIausoW1yU/ZtqnsHwTDEgGQ4iXa0ZNcLPc0EG9ExsGnY5nrI3LNZ6K6zHYkIXx -rA8JNZEi8sgIxxmgbdlgH9kJmiRyzd9TgWtrQhHi7dYGfufKCYbznlFdLviwzVc1 -98FqeDfyXA2oRfa/yqaunCZEMQ3HX5wvg7YMTZITlqS3GE8H/eNmb441oZ7PcQID -AQABozAwLjAsBgNVHREEJTAjgglsb2NhbGhvc3SHEAAAAAAAAAAAAAAAAAAAAAGH -BH8AAAEwDQYJKoZIhvcNAQELBQADggIBAJDkvzCrTdvLY93hIRthFRYVyee1jlRy -lYbRJ8Z7cBOWGbhceyL7lr1s/K1ntzSrWjYdbEpNUxnHbJpelxGz8tr9TS7TsHvz -J/3O9G5WzLZ2lvm4m0i5zxuJP2vDiWIpIy+H4wOXFkeetB6dBLIIV+e/NLmM+0x3 -D+1fjO5LRBo/Ipu/TFwNCRjasUv3KuDvsW6wgTRV0s3D8YnKoDKuUdydYitFfFCC -qQ4emBaymzpcA04I90Nl05xdiEDyKFVMBlw7cDGHbPqXymJyLFqmlZBo+KHyUGKZ -vD93LpTajxh5Cj2SWeTUsAYeEzgevKmjIAOLuQAzjtanj0Xx869qGYMHgx2qTX57 -KjAiT54NCIxMkPclONq1pHHqycNf1X95BqK5loeid469xs9hI7OK4ZgmGAxMOUyE -M/DqpfGetpTyILKGeRg4f9B4mRL/u2PE0O+STrp0x2ZAKvuVKkaY51ne5Y94ZvI0 -qYG4nYG0yJKKUZFlZM7CqcDeU+/npd2X+zuhQEicZVZTBBvvJiXqhzsG5oCGoSdS -l5imlrFH+ouYWAoAPlGtYE1RPxTPWExqY6VlkWlU4z8gcQF6g0cEO174K90FcRls -Cqo24pvfR3ihzVkudEBpksveuuvrrrna0MhpONTx/mzQuqQ17iofxiuhhydhAPP7 -bv+JfhIWsjyC +MIIFPTCCAyWgAwIBAgIBATANBgkqhkiG9w0BAQsFADA/MQswCQYDVQQGEwJVUzEL +MAkGA1UECAwCVFgxIzAhBgNVBAoMGk1haWxndW4gVGVjaG5vbG9naWVzLCBJbmMu +MB4XDTIyMDMwMjIxNDQwOVoXDTMyMDIyODIxNDQwOVowUzELMAkGA1UEBhMCVVMx +CzAJBgNVBAgMAlRYMSMwIQYDVQQKDBpNYWlsZ3VuIFRlY2hub2xvZ2llcywgSW5j +LjESMBAGA1UEAwwJbG9jYWxob3N0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEAvr59qRI0FBU4zW/gFtnOJE5DOcA2TFxH4cESPd2CCsV/KGTIyGbERBbv +Aj2f4s60Sn1I61veTWQ5yCf845VYrg5IkTaBGIeiio+sDW9wOsZG74p3Op93dlIu +Mea9WXL1wxGzfFAmf32uoHaTPNm5OnMwvaorFmZDRJtQRtZ0bKIYMrGlL9/ywK+v +YS/MZ88OLSpfpoiHRWkXQoGxeMncWFbnjhK9ULxYCPU53nb03efRtGIeVSOYkx9+ +ARn/lETotqJ+LNXBXXtj3EuYYch3Lso/xgvWpa61p3CxdrBwgdJcNJHghlr3bU9Y +BVYEx3XTTvaI4Th94uaygcK9U2ZZISzgaAGNmRqCDecFkSCKRXzRh/oRwV5kDlkt +Dp9dcmZ1TTUT2PHHiohrGECfbHxC3lPmm2sRToYjF85PKlZKrVgf7JymlsnIkqOr +EFCY5cTatxcF7Kpe4Vopa/yHmhaS9Q21aQ5qLa5mhBZZLDjIXC/P85wYVdS5nOWm +RIC4ButvHBW+f5mYEdtA49Pif56xVkepdYKbq/6gweq2Z4qRVNE2zHDUol6CzY/D +Q+zUHHJ493zoyCFHg+ZrH8HX+zV6zv703PG0k4v5S/X/mR5ze049wllf7XCMysWg +QRpwvFlmzO06wb74VWx+Ovo8JjZzkVFI2SPc0H+6e3WAj9xvmKUCAwEAAaMwMC4w +LAYDVR0RBCUwI4IJbG9jYWxob3N0hxAAAAAAAAAAAAAAAAAAAAABhwR/AAABMA0G +CSqGSIb3DQEBCwUAA4ICAQBNN340hTcmF9A+6Q1bmWtXC814imTk9+jDEjtuuE9Z +ry/24PhV9/Bw+1Vkipbo4BxnJUBPYwaq8z0uORxK5P6g5VngsnDvkHjfS2QHADOG +mBjePEnZpD6b0bRMwBzYlyCiIfvo+Ke1sh/XykO80I5NqGNLSONX1Jl187zFKVd9 +TW5tQVqSe6YiXvf80ZvW3oO/UDZDVQkQVxY8YhLw2PKNhJqYxjIv5FLnO+8m7IG3 +Q/XC2FScPpq8+xDR0OuXvQ8uWPuhBnBu5a9y7+ZtzjfB4U2JjpZEUFs24qFB5qYF +qXwduotVPA8Bqdo8oKM0wyZeQCTx9rH7gZsUXPwvVWkbZAVMrd7VGstyoXxl1zI0 +gsPT+LyW9Tvul+gORJGJ1+dPW2/iusXPJkWaXnkIUhiWlvCSH2fNhSGLPzEIfXww +FiGKe3NVpZPDoSlO6XlqSAycvxQZKCczkGheClQBcv9fhLkon9e0v1GojCZnmunf +JBuOpnhWfbF3AOKP2v9NqGFDNEydWXH4GWXo/3PKHdB0gGsCaVUoQY+AuXtUBu4B +1X8MFipjQSbOjKFBrg72Rrk1115MbyiXFoZH4e9WnSLbUrrJvr4KVgEv/1A9jksH +C4ZRGqkUTNKj9cIlXwA+qMOqarvYV0jOW3/59XHyMeRte3tAL1tNzOYvJQP1yuMV +zA== -----END CERTIFICATE----- diff --git a/certs/gubernator_no_ip_san.conf b/certs/gubernator_no_ip_san.conf new file mode 100644 index 00000000..520c6599 --- /dev/null +++ b/certs/gubernator_no_ip_san.conf @@ -0,0 +1,15 @@ +[req] +default_bits = 4096 +prompt = no +default_md = sha256 +req_extensions = req_ext +distinguished_name = dn +[dn] +C = US +ST = TX +O = Mailgun Technologies, Inc. +CN = localhost +[req_ext] +subjectAltName = @alt_names +[alt_names] +DNS.1 = gubernator \ No newline at end of file diff --git a/certs/gubernator_no_ip_san.csr b/certs/gubernator_no_ip_san.csr new file mode 100644 index 00000000..9f594ab3 --- /dev/null +++ b/certs/gubernator_no_ip_san.csr @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEwDCCAqgCAQAwUzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlRYMSMwIQYDVQQK +DBpNYWlsZ3VuIFRlY2hub2xvZ2llcywgSW5jLjESMBAGA1UEAwwJbG9jYWxob3N0 +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxhWcZ2Eo/vWwiZS8RfTy +BfEpbnwL7eChyh/Qvjk+Xla4nRiKSu/xXLWGAaAPkNjJ2De/ARFXt8gSyjuGUGr0 +8wbwVdc2/gBaDoDFTBxmfMDE6di7EVB+nEhPPLVUlK7YTbkcaBcQpyuu2JA27Pt9 +bo+ABt+ooI3Bo6z5kpI3C2gbWhbUDwKasqidrLnO2bpxJQnAJ9yHmIg8wo1/e2oq +YH5HgXbHUVCCDyaaO9IgQL3+HRKQ7S1RghPbz/olJF7T1e6h2xEr/QuDlKTENxa9 +KIEErxlwCEWZ6z+bFviQrMhge41iLSecfBQpn0y3rkq7UKMZ0QYaOiOdG/NklxQB +SQVPV+FDN7jUqfEgQJDkFagWq8pzDjkXs04oXMkzxpUDSris/TUZ9wUmTq/P1pvJ +PFgy6FDfRWKb7pxXEzMy5evOFLkdM2ZFAwJyZ1naGie+ER4zcTeKY/e2IHCFXMnw +ksnhZpuFs1Y75BmLf6msKM0eua+Mdd+7PhmfB9OabTNOe/ifaKa9rQjtLxdpAVFF +SldrSo+7duAx5xAsZGbGO/eUMcj9e0x6QiUum/AX6LH4YCIBQj292A6IEYLatoz9 +5bONZzE3/9yCGWCTx2S8RZ/WVCKq1F3LsoOI24KvD/BPOK5TnSzATccLUAvx8Y1t +auxEYusRJbBDY7NzyloZMekCAwEAAaAoMCYGCSqGSIb3DQEJDjEZMBcwFQYDVR0R +BA4wDIIKZ3ViZXJuYXRvcjANBgkqhkiG9w0BAQsFAAOCAgEAvhJGctgIIwqQkyo9 +QcItLKeep2l+5wb1R4MkIbzSnX2VGpg8ZSP/CNtLxCfyoUxrxortRHCmMQuO6tus +W3H0N/n7gCobqdpy56sCSekUUi9pzj0qLfGZsYfaP0rAhQi/DmDi/MRF29f4nmFg +hGoHpHyOpc9F2Y4Zn3SO75MMFdN2l3itT8724IKqi7KwbFqdcaRFzDv5Cew9dXXE +smNrBVVMxeTtzGoAtFMAK0bm01VdmI3clg9Pf4kcrRqmz2w8Eevxs58wMYMVXvWV +I+Fra4Em8CXjQoCFC6mi/DxjJzTYq5QNDlXisLNzhnzrexxsconK5Sl05XRpwHk+ +YIMM4fsEuDIik5XkV/tW5nqHl8dv9aCfF4xwoX8fcvmJTtYdwW2kjXZNoQISRZc0 +bO9wbHUvJCFeH1PyZjjS4vPGtzTtLryHuYxsFctIi+nyR9zP+oniDIXKdUBX5fFL +igsBKm7Q/mqKBboQ+szYk//yrXZzERkuE4yGMkUoJiL9oc/M3FA+tIUH0IjZLk3K +76B3sbq9Q7FJo/MYHVbq/ITzh8MiKWKKKAZvzoSOIHyWi42CAN2m55d2SYjNwfOF +bxUib3pp9ET3SnI4/oOHBoM32uja478c8bH+s7BCDC9rQWT5kl6D2rDiGukbgvCn +ImAYfCfUwn4dfi7sCMhCLwIV/Fk= +-----END CERTIFICATE REQUEST----- diff --git a/certs/gubernator_no_ip_san.key b/certs/gubernator_no_ip_san.key new file mode 100644 index 00000000..6ee44664 --- /dev/null +++ b/certs/gubernator_no_ip_san.key @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKAIBAAKCAgEAxhWcZ2Eo/vWwiZS8RfTyBfEpbnwL7eChyh/Qvjk+Xla4nRiK +Su/xXLWGAaAPkNjJ2De/ARFXt8gSyjuGUGr08wbwVdc2/gBaDoDFTBxmfMDE6di7 +EVB+nEhPPLVUlK7YTbkcaBcQpyuu2JA27Pt9bo+ABt+ooI3Bo6z5kpI3C2gbWhbU +DwKasqidrLnO2bpxJQnAJ9yHmIg8wo1/e2oqYH5HgXbHUVCCDyaaO9IgQL3+HRKQ +7S1RghPbz/olJF7T1e6h2xEr/QuDlKTENxa9KIEErxlwCEWZ6z+bFviQrMhge41i +LSecfBQpn0y3rkq7UKMZ0QYaOiOdG/NklxQBSQVPV+FDN7jUqfEgQJDkFagWq8pz +DjkXs04oXMkzxpUDSris/TUZ9wUmTq/P1pvJPFgy6FDfRWKb7pxXEzMy5evOFLkd +M2ZFAwJyZ1naGie+ER4zcTeKY/e2IHCFXMnwksnhZpuFs1Y75BmLf6msKM0eua+M +dd+7PhmfB9OabTNOe/ifaKa9rQjtLxdpAVFFSldrSo+7duAx5xAsZGbGO/eUMcj9 +e0x6QiUum/AX6LH4YCIBQj292A6IEYLatoz95bONZzE3/9yCGWCTx2S8RZ/WVCKq +1F3LsoOI24KvD/BPOK5TnSzATccLUAvx8Y1tauxEYusRJbBDY7NzyloZMekCAwEA +AQKCAgAxNYMyZ3/AvxaJR0ryciSB92RcjzKDeO+YgAjiiOQGmbKpTERm0275ohrV +Yocba8/RCCBKSp2pCWoplVoLtlZ93XZtTNbbiQjWW4UoIFIRoe4JTg9DAOVDO+97 +XGzTtxADVv5ImZpIfWClakZK3ztM8RdUHdINeMnnOHyTvgEwsz9ARTWPOQ1nXt40 +38AUdO3QzrhO7sk8ynOVvYMzDK/UYuqurexcNgzpaKSeQdhDXS+41zjrwvthvj84 +TqNVgr1Lg0nwWza7WVXp4njgWqTJYCviuAYN+ASB3b5QmZWPZwQZDYmbQCDu7i9c +5Lko8mXQZYRvWf2//cL1A6U0pwKeSnF2c1fl5Rm6jq4muQRS+zKikCiQnZchRWb4 +4Pbl5bT/1VdVOFecrEFDyV+62J/2RG5jEeNuagBhVsqqs1ygolsHIblhfCLKCX7d +9h3w/KlM8oy71ekmHwEC5BT3b/AHGqM2v1FEHedPyOTmSPdWwjft/NwvlJL37d6e +vTvBdpB+HNgkRcTtB4g1whUO4lZrvSPRfk+blG+hXbz9B5NblUVhVwqQ6or8j40y +OHVsAkjR+SXeOQrFdSOC56bmLlfNPzsn0ldfC+1ome1f7cXpfxlrcD5MqhxNKd1f +ZHXWrwDn3kyFBZUI9+ZDkY0RThNUjxrftdHGfw6v5AXc+cJH5QKCAQEA4cSZJGUt +kTLUrkCYpzSOR8o/4yB2OhKxrtKLN2eO1AwrSFkkbOKc/3iRJIoFGuyVmO6norbg +p2nawKzkGhl7FHquLXsyekz5FgUeo1+fAZ+9SASXp/YeFjJJb4E7t875DbX0XqyX +wz+ni2Vx53XVov2+rztm4gAza3dBiOgmE/iSgt1VjrPfU2iz/PjPR6lfjPhZ8YeW +1bOV11J6dd8GkdY6I/6B62lYvqcXE8+uRbSmN11Wkpw0KWqAZpObemgYrmkrd5jj +57G45uMtPu/3RCcN13/9uU0Iip+NWzoMw6tiWzJE5inN6H+krHFNjvi2d6sEeO77 +EcSC8BCaLQMNawKCAQEA4JwC82xyY2OCU8QBza5FW/b7WwRG29FfE5v5WhNu61O2 +Sb0T5KXHrrIAPAw/+TsjPg2u2l2JC+jMkDzFCkxIuHscgXeX1MWcEn7vSqFNNcZf +2h51pDGCzvVyQoIZurMHnlov6/7uthsLYjCR94Wf42BcLY0p9hiPLAgo+hqYOJK0 +l1MT/dbYgQ8ZB25XL9AumVWq+ZqRwFIa2+LhTL11koIo8qhWHeEsJ8+Ns+SoTkgo +A/VNKGM/e+BSXqa1mlBO0egq2Hf7b0emUL7Nk/pDPb9uJKXlDgytbc9LQ3ktTRGr +mY0gdFfo7+ar9S79KWNB1mUG8orh4hr0J8G0Szme+wKCAQEAt8EJGCtVnDFwE2e2 +F5laGKpPt3ArafbfMbhh4TVjdcl1zQvo7sq/F9us3r2LjC91TyUnwfLxBLHOfzX4 +7hlBKRj0/UWhfxN5ROfj2Psx8uNt7tj2CpnyQQSq6puX3HIUGYm4HPqDB0Ke/oER +5V7uBBxdAEjr4xRgxZ4p8+FnZKfTr7mwMlbKdRvqKwLjyqLbh2R36HMAXG0vjzKt +Q5TDxx1C8xrp6Y4z0fEzgkdtw4RWKQfKN8f1WKQ7X8HSMR3awNIOs+f3zxPCuAG9 +SNWNPqY+yOB+xTwisJlONysXSocKpclTdLYfxpVllYkepDhgYyQJnth79yknnXcV +1X7/gwKCAQA16PxEVPk3pcC4Pkl4hqWbJzK5a9NeG2jImh1FY3ix/wu3syw9KxU8 +dvjbcM1CEtGoqTwYqW6lbyD6VbutdxXVQadb48qLhUqqndDthr2zdIO5JKpz2HZf +GkZsdDGcwC/J8DekWzIMf31B+gpu8KGpv40gWcuCh+6FUQgUz6FNoti5oXUg7hpV +D7ygLfm7PiqRHyDEfDcThCFyOYh+FNNNcPRHGeRhk5Q3kfee//jtoSAJoyz7zqaE +IxliIn1gJnpko2b1QgcVdIsUwlcxd1YAUhwrq63Iq35M5v5XmZQn9V/MoTTy986v +Fhyb4sVc07gPr3v1ZyREUtfbWwDdNV1VAoIBAF4Okl1M1DVfDFRn7eR441sxx3cH +1ckEi3CLGsaYnTe15hZoFXjwYVDRHMgc+5F/TutIvuErBh7I3fWIJAmSOUwLB85Z +LnXd5d9U0PqgkawfkGwBW2KDn6FmpEqjoMlwZOM0kxY00cXxmQo1Itvwzp4qzEO2 +2zOjesl8R+a3x7rIfP9jVFSEwOHqSNKIvfViQy5veTAdZF82rP5d2wSD+jQny0PK +GCnD8FX4UG2Q9Cn/O3e9dl9g/zyDfHzmPYK3t3M9wc9KDyhjvRvxjPz03US5doo8 +CQSpny+0U5kyApBV340QI/XoA4qm8UlPvu/9mHmWkIDeY51MyRkzA8GsnTA= +-----END RSA PRIVATE KEY----- diff --git a/certs/gubernator_no_ip_san.pem b/certs/gubernator_no_ip_san.pem new file mode 100644 index 00000000..9b700db9 --- /dev/null +++ b/certs/gubernator_no_ip_san.pem @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFJjCCAw6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA/MQswCQYDVQQGEwJVUzEL +MAkGA1UECAwCVFgxIzAhBgNVBAoMGk1haWxndW4gVGVjaG5vbG9naWVzLCBJbmMu +MB4XDTIyMDMwMjIxNDQxMVoXDTMyMDIyODIxNDQxMVowUzELMAkGA1UEBhMCVVMx +CzAJBgNVBAgMAlRYMSMwIQYDVQQKDBpNYWlsZ3VuIFRlY2hub2xvZ2llcywgSW5j +LjESMBAGA1UEAwwJbG9jYWxob3N0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEAxhWcZ2Eo/vWwiZS8RfTyBfEpbnwL7eChyh/Qvjk+Xla4nRiKSu/xXLWG +AaAPkNjJ2De/ARFXt8gSyjuGUGr08wbwVdc2/gBaDoDFTBxmfMDE6di7EVB+nEhP +PLVUlK7YTbkcaBcQpyuu2JA27Pt9bo+ABt+ooI3Bo6z5kpI3C2gbWhbUDwKasqid +rLnO2bpxJQnAJ9yHmIg8wo1/e2oqYH5HgXbHUVCCDyaaO9IgQL3+HRKQ7S1RghPb +z/olJF7T1e6h2xEr/QuDlKTENxa9KIEErxlwCEWZ6z+bFviQrMhge41iLSecfBQp +n0y3rkq7UKMZ0QYaOiOdG/NklxQBSQVPV+FDN7jUqfEgQJDkFagWq8pzDjkXs04o +XMkzxpUDSris/TUZ9wUmTq/P1pvJPFgy6FDfRWKb7pxXEzMy5evOFLkdM2ZFAwJy +Z1naGie+ER4zcTeKY/e2IHCFXMnwksnhZpuFs1Y75BmLf6msKM0eua+Mdd+7Phmf +B9OabTNOe/ifaKa9rQjtLxdpAVFFSldrSo+7duAx5xAsZGbGO/eUMcj9e0x6QiUu +m/AX6LH4YCIBQj292A6IEYLatoz95bONZzE3/9yCGWCTx2S8RZ/WVCKq1F3LsoOI +24KvD/BPOK5TnSzATccLUAvx8Y1tauxEYusRJbBDY7NzyloZMekCAwEAAaMZMBcw +FQYDVR0RBA4wDIIKZ3ViZXJuYXRvcjANBgkqhkiG9w0BAQsFAAOCAgEAij09h1uc +heWbukR/T9kiXQRMopNc+ODi9ceR1Di9oIlOusCGmVyqbMSMG5EIm67sSC5fUufp +jOsDHhgcDjTjrVoD+xuHYo0uczJanDvF33BbWK3lXbExRyZhy7vAs7ZPwfXoJJpS +em5LZSc+n9CCNxmnXiZ2haj6TzcOOm9ysP4pe5G66QrEhUKcFiUPY9njGu8HiFUj +sHjM2MBJAiogqmU3UNr+WfRn2o0viyuXX7hS1Ieojx7jTUMDPuEsVivxHJ/XXhU0 +cYMo6V8rve7JqqVyEe5R/Eyk0cbG+hfG5uYKtZ8pceKrOhQKO6jRxNSCznFQvV0g +p7qTEhPIWd0aIPivXse6BO8GtRZ6bXRxkS5MpYrFFQ3yH8F4DhETmQIEw2SsAH5f +GavXv58Zo8PNrJZqHShnSvOdrN5gmCnOm1b3LNdDySnVqyYXjcjXfptYrbyEl3c1 +a3Qisvkq4jDHLY5jPG5+hd68AAsDP527Mv0yhb5EVpXTdVbf9N8LGf2PrM586R9C +azn9FOlSI5hW/GcvXx4WUmPd4sRRqHRPGoUPzd9yX9mAJc+ag/IDecka5NAG10wD +Wh+aPNwvDEN5ITrRMkQuDL95SYnERUAq6/PYrG0jU61/AEQBrL48q2Ug/NSljQ7B +mr8iFuYzeSfbAPhCZbEqIKhLMuaQnimcAAg= +-----END CERTIFICATE----- diff --git a/cli-tls.conf b/cli-tls.conf index 2394c482..d7a7d51f 100644 --- a/cli-tls.conf +++ b/cli-tls.conf @@ -1,5 +1,5 @@ GUBER_DEBUG=true GUBER_GRPC_ADDRESS=localhost:9081 -GUBER_TLS_CA=certs/ca.pem +GUBER_TLS_CA=certs/ca.cert GUBER_TLS_KEY=certs/gubernator.key GUBER_TLS_CERT=certs/gubernator.pem diff --git a/config.go b/config.go index 89364690..ed37e8c9 100644 --- a/config.go +++ b/config.go @@ -328,6 +328,7 @@ func SetupDaemonConfig(logger *logrus.Logger, configFile string) (DaemonConfig, setter.SetDefault(&conf.TLS.ClientAuthCertFile, os.Getenv("GUBER_TLS_CLIENT_AUTH_CERT")) setter.SetDefault(&conf.TLS.ClientAuthCaFile, os.Getenv("GUBER_TLS_CLIENT_AUTH_CA_CERT")) setter.SetDefault(&conf.TLS.InsecureSkipVerify, getEnvBool(log, "GUBER_TLS_INSECURE_SKIP_VERIFY")) + setter.SetDefault(&conf.TLS.ClientAuthServerName, os.Getenv("GUBER_TLS_CLIENT_AUTH_SERVER_NAME")) } // ETCD Config diff --git a/example.conf b/example.conf index 053f3df4..c3625dcb 100644 --- a/example.conf +++ b/example.conf @@ -102,6 +102,10 @@ GUBER_ADVERTISE_ADDRESS=localhost:9990 # gubernator instance and any host name in that certificate. # GUBER_TLS_INSECURE_SKIP_VERIFY=false +# Configures the tls client used to make peer GRPC requests to verify that peer certificates +# contain the specified SAN. See ServerName field of https://pkg.go.dev/crypto/tls#Config. +# Useful if your peer certificates do not contain IP SANs, but all contain a common SAN. +# GUBER_TLS_CLIENT_AUTH_SERVER_NAME=gubernator ############################ # Peer Discovery Type diff --git a/tls.go b/tls.go index d98749c9..431e9877 100644 --- a/tls.go +++ b/tls.go @@ -108,6 +108,9 @@ type TLSConfig struct { // (Optional) The client auth Certificate in PEM format. Used if ClientAuthCertFile is unset. ClientAuthCertPEM *bytes.Buffer + // (Optional) the server name to check when validating the provided certificate + ClientAuthServerName string + // (Optional) The config created for use by the gubernator server. If set, all other // fields in this struct are ignored and this config is used. If unset, gubernator.SetupTLS() // will create a config using the above fields. @@ -274,6 +277,7 @@ func SetupTLS(conf *TLSConfig) error { } } + conf.ClientTLS.ServerName = conf.ClientAuthServerName conf.ClientTLS.InsecureSkipVerify = conf.InsecureSkipVerify return nil } diff --git a/tls_test.go b/tls_test.go index 2012518d..c4f78fca 100644 --- a/tls_test.go +++ b/tls_test.go @@ -78,11 +78,20 @@ func TestSetupTLS(t *testing.T) { { name: "user provided certificates", tls: &gubernator.TLSConfig{ - CaFile: "certs/ca.pem", + CaFile: "certs/ca.cert", CertFile: "certs/gubernator.pem", KeyFile: "certs/gubernator.key", }, }, + { + name: "user provided certificate without IP SANs", + tls: &gubernator.TLSConfig{ + CaFile: "certs/ca.cert", + CertFile: "certs/gubernator_no_ip_san.pem", + KeyFile: "certs/gubernator_no_ip_san.key", + ClientAuthServerName: "gubernator", + }, + }, { name: "auto tls", tls: &gubernator.TLSConfig{ @@ -92,7 +101,7 @@ func TestSetupTLS(t *testing.T) { { name: "generate server certs with user provided ca", tls: &gubernator.TLSConfig{ - CaFile: "certs/ca.pem", + CaFile: "certs/ca.cert", CaKeyFile: "certs/ca.key", AutoTLS: true, }, @@ -100,7 +109,7 @@ func TestSetupTLS(t *testing.T) { { name: "client auth enabled", tls: &gubernator.TLSConfig{ - CaFile: "certs/ca.pem", + CaFile: "certs/ca.cert", CaKeyFile: "certs/ca.key", AutoTLS: true, ClientAuth: tls.RequireAndVerifyClientCert, @@ -118,7 +127,7 @@ func TestSetupTLS(t *testing.T) { d := spawnDaemon(t, conf) - client, err := gubernator.DialV1Server(conf.GRPCListenAddress, tt.tls.ServerTLS) + client, err := gubernator.DialV1Server(conf.GRPCListenAddress, tt.tls.ClientTLS) require.NoError(t, err) resp, err := client.GetRateLimits(context.Background(), &gubernator.GetRateLimitsReq{ @@ -149,7 +158,7 @@ func TestSetupTLSSkipVerify(t *testing.T) { GRPCListenAddress: "127.0.0.1:9695", HTTPListenAddress: "127.0.0.1:9685", TLS: &gubernator.TLSConfig{ - CaFile: "certs/ca.pem", + CaFile: "certs/ca.cert", CertFile: "certs/gubernator.pem", KeyFile: "certs/gubernator.key", }, @@ -173,7 +182,7 @@ func TestSetupTLSSkipVerify(t *testing.T) { func TestSetupTLSClientAuth(t *testing.T) { serverTLS := gubernator.TLSConfig{ - CaFile: "certs/ca.pem", + CaFile: "certs/ca.cert", CertFile: "certs/gubernator.pem", KeyFile: "certs/gubernator.key", ClientAuth: tls.RequireAndVerifyClientCert, @@ -222,7 +231,7 @@ func TestSetupTLSClientAuth(t *testing.T) { func TestTLSClusterWithClientAuthentication(t *testing.T) { serverTLS := gubernator.TLSConfig{ - CaFile: "certs/ca.pem", + CaFile: "certs/ca.cert", CertFile: "certs/gubernator.pem", KeyFile: "certs/gubernator.key", ClientAuth: tls.RequireAndVerifyClientCert, @@ -282,7 +291,7 @@ func TestHTTPSClientAuth(t *testing.T) { HTTPListenAddress: "127.0.0.1:9685", HTTPStatusListenAddress: "127.0.0.1:9686", TLS: &gubernator.TLSConfig{ - CaFile: "certs/ca.pem", + CaFile: "certs/ca.cert", CertFile: "certs/gubernator.pem", KeyFile: "certs/gubernator.key", ClientAuth: tls.RequireAndVerifyClientCert,