FS-10167: Added support for SSL/TLS, specifically enforcing TLS 1.2 currently but could be more configurable later. Added support for obtaining SANS from X509 certificates within the default wss transport, SANS will be used for preapproved automatically registered identities, currently only being cached on server side for downstream connections providing the remote client upstream certificate SANS, but can also be used by a master to obtain initial master identities from it's own downstream certificate in the future (planned, but not yet implemented) as it is the exception with no upstream and MUST have downstream available. Also added the openssl executable to the projects being built in the libblade solution to provide a windows executable for certificate production when required.
This commit is contained in:
Shane Bryldt
parent
63eec0ee3a
commit
ee8db10a5f
|
|
@ -27,6 +27,8 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "testcli", "test\testcli.vcx
|
|||
EndProject
|
||||
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "testcon", "test\testcon.vcxproj", "{D67EEF66-B323-4BCF-9E3C-3A640B9949B7}"
|
||||
EndProject
|
||||
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "openssl", "..\win32\openssl\openssl.2015.vcxproj", "{25BD39B1-C8BF-4676-A738-9CABD9C6BC79}"
|
||||
EndProject
|
||||
Global
|
||||
GlobalSection(SolutionConfigurationPlatforms) = preSolution
|
||||
Debug|x64 = Debug|x64
|
||||
|
|
@ -231,6 +233,22 @@ Global
|
|||
{D67EEF66-B323-4BCF-9E3C-3A640B9949B7}.ReleaseDLL|x64.Build.0 = Release|x64
|
||||
{D67EEF66-B323-4BCF-9E3C-3A640B9949B7}.ReleaseDLL|x86.ActiveCfg = Release|Win32
|
||||
{D67EEF66-B323-4BCF-9E3C-3A640B9949B7}.ReleaseDLL|x86.Build.0 = Release|Win32
|
||||
{25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.Debug|x64.ActiveCfg = Debug|x64
|
||||
{25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.Debug|x64.Build.0 = Debug|x64
|
||||
{25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.Debug|x86.ActiveCfg = Debug|Win32
|
||||
{25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.Debug|x86.Build.0 = Debug|Win32
|
||||
{25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.DebugDLL|x64.ActiveCfg = Debug|x64
|
||||
{25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.DebugDLL|x64.Build.0 = Debug|x64
|
||||
{25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.DebugDLL|x86.ActiveCfg = Debug|Win32
|
||||
{25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.DebugDLL|x86.Build.0 = Debug|Win32
|
||||
{25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.Release|x64.ActiveCfg = Release|x64
|
||||
{25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.Release|x64.Build.0 = Release|x64
|
||||
{25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.Release|x86.ActiveCfg = Release|Win32
|
||||
{25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.Release|x86.Build.0 = Release|Win32
|
||||
{25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.ReleaseDLL|x64.ActiveCfg = Release|x64
|
||||
{25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.ReleaseDLL|x64.Build.0 = Release|x64
|
||||
{25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.ReleaseDLL|x86.ActiveCfg = Release|Win32
|
||||
{25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.ReleaseDLL|x86.Build.0 = Release|Win32
|
||||
EndGlobalSection
|
||||
GlobalSection(SolutionProperties) = preSolution
|
||||
HideSolutionNode = FALSE
|
||||
|
|
|
|||
|
|
@ -44,11 +44,17 @@ struct blade_transport_wss_s {
|
|||
blade_transport_t *transport;
|
||||
blade_transport_callbacks_t *callbacks;
|
||||
|
||||
const char *ssl_key;
|
||||
const char *ssl_cert;
|
||||
const char *ssl_chain;
|
||||
ks_sockaddr_t endpoints_ipv4[BLADE_MODULE_WSS_ENDPOINTS_MULTIHOME_MAX];
|
||||
ks_sockaddr_t endpoints_ipv6[BLADE_MODULE_WSS_ENDPOINTS_MULTIHOME_MAX];
|
||||
int32_t endpoints_ipv4_length;
|
||||
int32_t endpoints_ipv6_length;
|
||||
int32_t endpoints_backlog;
|
||||
const char *endpoints_ssl_key;
|
||||
const char *endpoints_ssl_cert;
|
||||
const char *endpoints_ssl_chain;
|
||||
|
||||
volatile ks_bool_t shutdown;
|
||||
|
||||
|
|
@ -62,6 +68,7 @@ struct blade_transport_wss_link_s {
|
|||
const char *session_id;
|
||||
ks_socket_t sock;
|
||||
kws_t *kws;
|
||||
SSL_CTX *ssl;
|
||||
};
|
||||
|
||||
|
||||
|
|
@ -162,6 +169,7 @@ static void blade_transport_wss_link_cleanup(void *ptr, void *arg, ks_pool_clean
|
|||
if (btwssl->session_id) ks_pool_free(&btwssl->session_id);
|
||||
if (btwssl->kws) kws_destroy(&btwssl->kws);
|
||||
else ks_socket_close(&btwssl->sock);
|
||||
if (btwssl->ssl) SSL_CTX_free(btwssl->ssl);
|
||||
break;
|
||||
case KS_MPCL_DESTROY:
|
||||
break;
|
||||
|
|
@ -191,26 +199,94 @@ ks_status_t blade_transport_wss_link_create(blade_transport_wss_link_t **btwsslP
|
|||
return KS_STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
ks_status_t blade_transport_wss_link_ssl_init(blade_transport_wss_link_t *btwssl, ks_bool_t server)
|
||||
{
|
||||
const SSL_METHOD *method = NULL;
|
||||
const char *key = NULL;
|
||||
const char *cert = NULL;
|
||||
const char *chain = NULL;
|
||||
|
||||
ks_assert(btwssl);
|
||||
|
||||
method = server ? TLSv1_2_server_method() : TLSv1_2_client_method();
|
||||
key = server ? btwssl->transport->endpoints_ssl_key : btwssl->transport->ssl_key;
|
||||
cert = server ? btwssl->transport->endpoints_ssl_cert : btwssl->transport->ssl_cert;
|
||||
chain = server ? btwssl->transport->endpoints_ssl_chain : btwssl->transport->ssl_chain;
|
||||
|
||||
if (key && cert) {
|
||||
btwssl->ssl = SSL_CTX_new(method);
|
||||
|
||||
// @todo probably manage this through configuration, but TLS 1.2 is preferred
|
||||
SSL_CTX_set_options(btwssl->ssl, SSL_OP_NO_SSLv2);
|
||||
SSL_CTX_set_options(btwssl->ssl, SSL_OP_NO_SSLv3);
|
||||
SSL_CTX_set_options(btwssl->ssl, SSL_OP_NO_TLSv1);
|
||||
SSL_CTX_set_options(btwssl->ssl, SSL_OP_NO_TLSv1_1);
|
||||
SSL_CTX_set_options(btwssl->ssl, SSL_OP_NO_DTLSv1);
|
||||
SSL_CTX_set_options(btwssl->ssl, SSL_OP_NO_COMPRESSION);
|
||||
if (server) SSL_CTX_set_verify(btwssl->ssl, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
|
||||
|
||||
if (chain) {
|
||||
if (!SSL_CTX_use_certificate_chain_file(btwssl->ssl, chain)) {
|
||||
ks_log(KS_LOG_DEBUG, "SSL Chain File Error\n");
|
||||
return KS_STATUS_FAIL;
|
||||
}
|
||||
if (!SSL_CTX_load_verify_locations(btwssl->ssl, chain, NULL)) {
|
||||
ks_log(KS_LOG_DEBUG, "SSL Verify File Error\n");
|
||||
return KS_STATUS_FAIL;
|
||||
}
|
||||
}
|
||||
|
||||
if (!SSL_CTX_use_certificate_file(btwssl->ssl, cert, SSL_FILETYPE_PEM)) {
|
||||
ks_log(KS_LOG_DEBUG, "SSL Cert File Error\n");
|
||||
return KS_STATUS_FAIL;
|
||||
}
|
||||
|
||||
if (!SSL_CTX_use_PrivateKey_file(btwssl->ssl, key, SSL_FILETYPE_PEM)) {
|
||||
ks_log(KS_LOG_DEBUG, "SSL Key File Error\n");
|
||||
return KS_STATUS_FAIL;
|
||||
}
|
||||
|
||||
if (!SSL_CTX_check_private_key(btwssl->ssl)) {
|
||||
ks_log(KS_LOG_DEBUG, "SSL Key File Verification Error\n");
|
||||
return KS_STATUS_FAIL;
|
||||
}
|
||||
|
||||
SSL_CTX_set_cipher_list(btwssl->ssl, "HIGH:!DSS:!aNULL@STRENGTH");
|
||||
}
|
||||
|
||||
return KS_STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
ks_status_t blade_transport_wss_config(blade_transport_wss_t *btwss, config_setting_t *config)
|
||||
{
|
||||
ks_pool_t *pool = NULL;
|
||||
config_setting_t *transport = NULL;
|
||||
config_setting_t *transport_wss = NULL;
|
||||
config_setting_t *transport_wss_ssl = NULL;
|
||||
config_setting_t *transport_wss_endpoints = NULL;
|
||||
config_setting_t *transport_wss_endpoints_ipv4 = NULL;
|
||||
config_setting_t *transport_wss_endpoints_ipv6 = NULL;
|
||||
config_setting_t *transport_wss_ssl = NULL;
|
||||
config_setting_t *element;
|
||||
config_setting_t *transport_wss_endpoints_ssl = NULL;
|
||||
config_setting_t *element;
|
||||
config_setting_t *tmp1;
|
||||
config_setting_t *tmp2;
|
||||
const char *ssl_key = NULL;
|
||||
const char *ssl_cert = NULL;
|
||||
const char *ssl_chain = NULL;
|
||||
ks_sockaddr_t endpoints_ipv4[BLADE_MODULE_WSS_ENDPOINTS_MULTIHOME_MAX];
|
||||
ks_sockaddr_t endpoints_ipv6[BLADE_MODULE_WSS_ENDPOINTS_MULTIHOME_MAX];
|
||||
int32_t endpoints_ipv4_length = 0;
|
||||
int32_t endpoints_ipv6_length = 0;
|
||||
int32_t endpoints_backlog = 8;
|
||||
const char *endpoints_ssl_key = NULL;
|
||||
const char *endpoints_ssl_cert = NULL;
|
||||
const char *endpoints_ssl_chain = NULL;
|
||||
|
||||
ks_assert(btwss);
|
||||
ks_assert(config);
|
||||
|
||||
pool = ks_pool_get(btwss);
|
||||
|
||||
if (!config_setting_is_group(config)) {
|
||||
ks_log(KS_LOG_DEBUG, "!config_setting_is_group(config)\n");
|
||||
return KS_STATUS_FAIL;
|
||||
|
|
@ -219,69 +295,94 @@ ks_status_t blade_transport_wss_config(blade_transport_wss_t *btwss, config_sett
|
|||
if (transport) {
|
||||
transport_wss = config_setting_get_member(transport, "wss");
|
||||
if (transport_wss) {
|
||||
transport_wss_endpoints = config_setting_get_member(transport_wss, "endpoints");
|
||||
if (!transport_wss_endpoints) {
|
||||
ks_log(KS_LOG_DEBUG, "!wss_endpoints\n");
|
||||
return KS_STATUS_FAIL;
|
||||
}
|
||||
transport_wss_endpoints_ipv4 = config_lookup_from(transport_wss_endpoints, "ipv4");
|
||||
transport_wss_endpoints_ipv6 = config_lookup_from(transport_wss_endpoints, "ipv6");
|
||||
if (transport_wss_endpoints_ipv4) {
|
||||
if (config_setting_type(transport_wss_endpoints_ipv4) != CONFIG_TYPE_LIST) return KS_STATUS_FAIL;
|
||||
if ((endpoints_ipv4_length = config_setting_length(transport_wss_endpoints_ipv4)) > BLADE_MODULE_WSS_ENDPOINTS_MULTIHOME_MAX)
|
||||
return KS_STATUS_FAIL;
|
||||
|
||||
for (int32_t index = 0; index < endpoints_ipv4_length; ++index) {
|
||||
element = config_setting_get_elem(transport_wss_endpoints_ipv4, index);
|
||||
tmp1 = config_lookup_from(element, "address");
|
||||
tmp2 = config_lookup_from(element, "port");
|
||||
if (!tmp1 || !tmp2) return KS_STATUS_FAIL;
|
||||
if (config_setting_type(tmp1) != CONFIG_TYPE_STRING) return KS_STATUS_FAIL;
|
||||
if (config_setting_type(tmp2) != CONFIG_TYPE_INT) return KS_STATUS_FAIL;
|
||||
|
||||
if (ks_addr_set(&endpoints_ipv4[index],
|
||||
config_setting_get_string(tmp1),
|
||||
config_setting_get_int(tmp2),
|
||||
AF_INET) != KS_STATUS_SUCCESS) return KS_STATUS_FAIL;
|
||||
ks_log(KS_LOG_DEBUG,
|
||||
"Binding to IPV4 %s on port %d\n",
|
||||
ks_addr_get_host(&endpoints_ipv4[index]),
|
||||
ks_addr_get_port(&endpoints_ipv4[index]));
|
||||
}
|
||||
}
|
||||
if (transport_wss_endpoints_ipv6) {
|
||||
if (config_setting_type(transport_wss_endpoints_ipv6) != CONFIG_TYPE_LIST) return KS_STATUS_FAIL;
|
||||
if ((endpoints_ipv6_length = config_setting_length(transport_wss_endpoints_ipv6)) > BLADE_MODULE_WSS_ENDPOINTS_MULTIHOME_MAX)
|
||||
return KS_STATUS_FAIL;
|
||||
|
||||
for (int32_t index = 0; index < endpoints_ipv6_length; ++index) {
|
||||
element = config_setting_get_elem(transport_wss_endpoints_ipv6, index);
|
||||
tmp1 = config_lookup_from(element, "address");
|
||||
tmp2 = config_lookup_from(element, "port");
|
||||
if (!tmp1 || !tmp2) return KS_STATUS_FAIL;
|
||||
if (config_setting_type(tmp1) != CONFIG_TYPE_STRING) return KS_STATUS_FAIL;
|
||||
if (config_setting_type(tmp2) != CONFIG_TYPE_INT) return KS_STATUS_FAIL;
|
||||
|
||||
|
||||
if (ks_addr_set(&endpoints_ipv6[index],
|
||||
config_setting_get_string(tmp1),
|
||||
config_setting_get_int(tmp2),
|
||||
AF_INET6) != KS_STATUS_SUCCESS) return KS_STATUS_FAIL;
|
||||
ks_log(KS_LOG_DEBUG,
|
||||
"Binding to IPV6 %s on port %d\n",
|
||||
ks_addr_get_host(&endpoints_ipv6[index]),
|
||||
ks_addr_get_port(&endpoints_ipv6[index]));
|
||||
}
|
||||
}
|
||||
if (endpoints_ipv4_length + endpoints_ipv6_length <= 0) return KS_STATUS_FAIL;
|
||||
tmp1 = config_lookup_from(transport_wss_endpoints, "backlog");
|
||||
if (tmp1) {
|
||||
if (config_setting_type(tmp1) != CONFIG_TYPE_INT) return KS_STATUS_FAIL;
|
||||
endpoints_backlog = config_setting_get_int(tmp1);
|
||||
}
|
||||
transport_wss_ssl = config_setting_get_member(transport_wss, "ssl");
|
||||
if (transport_wss_ssl) {
|
||||
// @todo: SSL stuffs from wss_ssl into config_wss_ssl envelope
|
||||
tmp1 = config_setting_get_member(transport_wss_ssl, "key");
|
||||
if (tmp1) ssl_key = config_setting_get_string(tmp1);
|
||||
tmp1 = config_setting_get_member(transport_wss_ssl, "cert");
|
||||
if (tmp1) ssl_cert = config_setting_get_string(tmp1);
|
||||
tmp1 = config_setting_get_member(transport_wss_ssl, "chain");
|
||||
if (tmp1) ssl_chain = config_setting_get_string(tmp1);
|
||||
if (!ssl_key || !ssl_cert || !ssl_chain) return KS_STATUS_FAIL;
|
||||
ks_log(KS_LOG_DEBUG,
|
||||
"Using SSL: %s, %s, %s\n",
|
||||
ssl_key,
|
||||
ssl_cert,
|
||||
ssl_chain);
|
||||
}
|
||||
|
||||
transport_wss_endpoints = config_setting_get_member(transport_wss, "endpoints");
|
||||
if (transport_wss_endpoints) {
|
||||
transport_wss_endpoints_ipv4 = config_setting_get_member(transport_wss_endpoints, "ipv4");
|
||||
transport_wss_endpoints_ipv6 = config_setting_get_member(transport_wss_endpoints, "ipv6");
|
||||
if (transport_wss_endpoints_ipv4) {
|
||||
if (config_setting_type(transport_wss_endpoints_ipv4) != CONFIG_TYPE_LIST) return KS_STATUS_FAIL;
|
||||
if ((endpoints_ipv4_length = config_setting_length(transport_wss_endpoints_ipv4)) > BLADE_MODULE_WSS_ENDPOINTS_MULTIHOME_MAX)
|
||||
return KS_STATUS_FAIL;
|
||||
|
||||
for (int32_t index = 0; index < endpoints_ipv4_length; ++index) {
|
||||
element = config_setting_get_elem(transport_wss_endpoints_ipv4, index);
|
||||
tmp1 = config_setting_get_member(element, "address");
|
||||
tmp2 = config_setting_get_member(element, "port");
|
||||
if (!tmp1 || !tmp2) return KS_STATUS_FAIL;
|
||||
if (config_setting_type(tmp1) != CONFIG_TYPE_STRING) return KS_STATUS_FAIL;
|
||||
if (config_setting_type(tmp2) != CONFIG_TYPE_INT) return KS_STATUS_FAIL;
|
||||
|
||||
if (ks_addr_set(&endpoints_ipv4[index],
|
||||
config_setting_get_string(tmp1),
|
||||
config_setting_get_int(tmp2),
|
||||
AF_INET) != KS_STATUS_SUCCESS) return KS_STATUS_FAIL;
|
||||
ks_log(KS_LOG_DEBUG,
|
||||
"Binding to IPV4 %s on port %d\n",
|
||||
ks_addr_get_host(&endpoints_ipv4[index]),
|
||||
ks_addr_get_port(&endpoints_ipv4[index]));
|
||||
}
|
||||
}
|
||||
if (transport_wss_endpoints_ipv6) {
|
||||
if (config_setting_type(transport_wss_endpoints_ipv6) != CONFIG_TYPE_LIST) return KS_STATUS_FAIL;
|
||||
if ((endpoints_ipv6_length = config_setting_length(transport_wss_endpoints_ipv6)) > BLADE_MODULE_WSS_ENDPOINTS_MULTIHOME_MAX)
|
||||
return KS_STATUS_FAIL;
|
||||
|
||||
for (int32_t index = 0; index < endpoints_ipv6_length; ++index) {
|
||||
element = config_setting_get_elem(transport_wss_endpoints_ipv6, index);
|
||||
tmp1 = config_setting_get_member(element, "address");
|
||||
tmp2 = config_setting_get_member(element, "port");
|
||||
if (!tmp1 || !tmp2) return KS_STATUS_FAIL;
|
||||
if (config_setting_type(tmp1) != CONFIG_TYPE_STRING) return KS_STATUS_FAIL;
|
||||
if (config_setting_type(tmp2) != CONFIG_TYPE_INT) return KS_STATUS_FAIL;
|
||||
|
||||
|
||||
if (ks_addr_set(&endpoints_ipv6[index],
|
||||
config_setting_get_string(tmp1),
|
||||
config_setting_get_int(tmp2),
|
||||
AF_INET6) != KS_STATUS_SUCCESS) return KS_STATUS_FAIL;
|
||||
ks_log(KS_LOG_DEBUG,
|
||||
"Binding to IPV6 %s on port %d\n",
|
||||
ks_addr_get_host(&endpoints_ipv6[index]),
|
||||
ks_addr_get_port(&endpoints_ipv6[index]));
|
||||
}
|
||||
}
|
||||
if (endpoints_ipv4_length + endpoints_ipv6_length <= 0) return KS_STATUS_FAIL;
|
||||
tmp1 = config_setting_get_member(transport_wss_endpoints, "backlog");
|
||||
if (tmp1) {
|
||||
if (config_setting_type(tmp1) != CONFIG_TYPE_INT) return KS_STATUS_FAIL;
|
||||
endpoints_backlog = config_setting_get_int(tmp1);
|
||||
}
|
||||
transport_wss_endpoints_ssl = config_setting_get_member(transport_wss_endpoints, "ssl");
|
||||
if (transport_wss_endpoints_ssl) {
|
||||
tmp1 = config_setting_get_member(transport_wss_endpoints_ssl, "key");
|
||||
if (tmp1) endpoints_ssl_key = config_setting_get_string(tmp1);
|
||||
tmp1 = config_setting_get_member(transport_wss_endpoints_ssl, "cert");
|
||||
if (tmp1) endpoints_ssl_cert = config_setting_get_string(tmp1);
|
||||
tmp1 = config_setting_get_member(transport_wss_endpoints_ssl, "chain");
|
||||
if (tmp1) endpoints_ssl_chain = config_setting_get_string(tmp1);
|
||||
if (!endpoints_ssl_key || !endpoints_ssl_cert || !endpoints_ssl_chain) return KS_STATUS_FAIL;
|
||||
ks_log(KS_LOG_DEBUG,
|
||||
"Using Endpoint SSL: %s, %s, %s\n",
|
||||
endpoints_ssl_key,
|
||||
endpoints_ssl_cert,
|
||||
endpoints_ssl_chain);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -289,6 +390,12 @@ ks_status_t blade_transport_wss_config(blade_transport_wss_t *btwss, config_sett
|
|||
|
||||
// Configuration is valid, now assign it to the variables that are used
|
||||
// If the configuration was invalid, then this does not get changed
|
||||
if (ssl_key) {
|
||||
btwss->ssl_key = ks_pstrdup(pool, ssl_key);
|
||||
btwss->ssl_cert = ks_pstrdup(pool, ssl_cert);
|
||||
btwss->ssl_chain = ks_pstrdup(pool, ssl_chain);
|
||||
}
|
||||
|
||||
for (int32_t index = 0; index < endpoints_ipv4_length; ++index)
|
||||
btwss->endpoints_ipv4[index] = endpoints_ipv4[index];
|
||||
for (int32_t index = 0; index < endpoints_ipv6_length; ++index)
|
||||
|
|
@ -296,7 +403,11 @@ ks_status_t blade_transport_wss_config(blade_transport_wss_t *btwss, config_sett
|
|||
btwss->endpoints_ipv4_length = endpoints_ipv4_length;
|
||||
btwss->endpoints_ipv6_length = endpoints_ipv6_length;
|
||||
btwss->endpoints_backlog = endpoints_backlog;
|
||||
//btwss->ssl = ssl;
|
||||
if (endpoints_ssl_key) {
|
||||
btwss->endpoints_ssl_key = ks_pstrdup(pool, endpoints_ssl_key);
|
||||
btwss->endpoints_ssl_cert = ks_pstrdup(pool, endpoints_ssl_cert);
|
||||
btwss->endpoints_ssl_chain = ks_pstrdup(pool, endpoints_ssl_chain);
|
||||
}
|
||||
|
||||
ks_log(KS_LOG_DEBUG, "Configured\n");
|
||||
|
||||
|
|
@ -739,8 +850,12 @@ blade_connection_state_hook_t blade_transport_wss_onstate_startup_inbound(blade_
|
|||
|
||||
btwssl = (blade_transport_wss_link_t *)blade_connection_transport_get(bc);
|
||||
|
||||
// @todo: SSL init stuffs based on data from config to pass into kws_init
|
||||
if (kws_init(&btwssl->kws, btwssl->sock, NULL, NULL, KWS_BLOCK, ks_pool_get(btwssl)) != KS_STATUS_SUCCESS) {
|
||||
if (blade_transport_wss_link_ssl_init(btwssl, KS_TRUE) != KS_STATUS_SUCCESS) {
|
||||
ret = BLADE_CONNECTION_STATE_HOOK_DISCONNECT;
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (kws_init(&btwssl->kws, btwssl->sock, btwssl->ssl, NULL, KWS_BLOCK, ks_pool_get(btwssl)) != KS_STATUS_SUCCESS) {
|
||||
ks_log(KS_LOG_DEBUG, "Failed websocket init\n");
|
||||
ret = BLADE_CONNECTION_STATE_HOOK_DISCONNECT;
|
||||
goto done;
|
||||
|
|
@ -853,6 +968,8 @@ blade_connection_state_hook_t blade_transport_wss_onstate_startup_inbound(blade_
|
|||
|
||||
cJSON_AddStringToObject(json_result, "nodeid", nodeid);
|
||||
|
||||
// @todo process automatic identity registration from remote SANS entries
|
||||
|
||||
pool = ks_pool_get(bh);
|
||||
blade_upstreammgr_masterid_copy(blade_handle_upstreammgr_get(bh), pool, &master_nodeid);
|
||||
if (!master_nodeid) {
|
||||
|
|
@ -939,8 +1056,12 @@ blade_connection_state_hook_t blade_transport_wss_onstate_startup_outbound(blade
|
|||
btwssl = (blade_transport_wss_link_t *)blade_connection_transport_get(bc);
|
||||
pool = ks_pool_get(bh);
|
||||
|
||||
// @todo: SSL init stuffs based on data from config to pass into kws_init
|
||||
if (kws_init(&btwssl->kws, btwssl->sock, NULL, "/blade:blade.invalid:blade", KWS_BLOCK, ks_pool_get(btwssl)) != KS_STATUS_SUCCESS) {
|
||||
if (blade_transport_wss_link_ssl_init(btwssl, KS_FALSE) != KS_STATUS_SUCCESS) {
|
||||
ret = BLADE_CONNECTION_STATE_HOOK_DISCONNECT;
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (kws_init(&btwssl->kws, btwssl->sock, btwssl->ssl, "/blade:blade.invalid:blade", KWS_BLOCK, ks_pool_get(btwssl)) != KS_STATUS_SUCCESS) {
|
||||
ks_log(KS_LOG_DEBUG, "Failed websocket init\n");
|
||||
ret = BLADE_CONNECTION_STATE_HOOK_DISCONNECT;
|
||||
goto done;
|
||||
|
|
@ -1010,6 +1131,8 @@ blade_connection_state_hook_t blade_transport_wss_onstate_startup_outbound(blade
|
|||
goto done;
|
||||
}
|
||||
|
||||
// @todo parse and process automatic identity registration coming from local SANS entries, but given back in the connect response in case there are any errors (IE: missing realm or duplicate identity)
|
||||
|
||||
master_nodeid = cJSON_GetObjectCstr(json_result, "master-nodeid");
|
||||
if (!master_nodeid) {
|
||||
ks_log(KS_LOG_DEBUG, "Received message 'result' is missing 'master-nodeid'\n");
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ blade:
|
|||
{
|
||||
enabled = true;
|
||||
nodeid = "00000000-0000-0000-0000-000000000000";
|
||||
realms = ( "mydomain.com" );
|
||||
realms = ( "freeswitch" );
|
||||
};
|
||||
transport:
|
||||
{
|
||||
|
|
@ -13,14 +13,15 @@ blade:
|
|||
endpoints:
|
||||
{
|
||||
ipv4 = ( { address = "0.0.0.0", port = 2100 } );
|
||||
ipv6 = ( { address = "::", port = 2100 } );
|
||||
backlog = 128;
|
||||
};
|
||||
# SSL group is optional, disabled when absent
|
||||
ssl:
|
||||
{
|
||||
# todo: server SSL stuffs here
|
||||
};
|
||||
};
|
||||
ipv6 = ( { address = "::", port = 2100 } );
|
||||
backlog = 128;
|
||||
ssl:
|
||||
{
|
||||
key = "../test/ca/intermediate/private/master@freeswitch-downstream.key.pem";
|
||||
cert = "../test/ca/intermediate/certs/master@freeswitch-downstream.cert.pem";
|
||||
chain = "../test/ca/intermediate/certs/ca-chain.cert.pem";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -0,0 +1,33 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIFxDCCA6ygAwIBAgIJANi9lXvHAbx4MA0GCSqGSIb3DQEBCwUAMG8xCzAJBgNV
|
||||
BAYTAlVTMREwDwYDVQQIDAhJbGxpbm9pczEQMA4GA1UEBwwHQ2hpY2FnbzETMBEG
|
||||
A1UECgwKRnJlZVNXSVRDSDEOMAwGA1UECwwFQmxhZGUxFjAUBgNVBAMMDUJsYWRl
|
||||
IFJvb3QgQ0EwHhcNMTcwOTA3MDkyNDE2WhcNMjcwOTA1MDkyNDE2WjBvMQswCQYD
|
||||
VQQGEwJVUzERMA8GA1UECAwISWxsaW5vaXMxEDAOBgNVBAcMB0NoaWNhZ28xEzAR
|
||||
BgNVBAoMCkZyZWVTV0lUQ0gxDjAMBgNVBAsMBUJsYWRlMRYwFAYDVQQDDA1CbGFk
|
||||
ZSBSb290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3Pt3X1j8
|
||||
YaRuGb4ENkhfazwZl0K4VlaPhGj4h4wiL5S2Tp8E83HoRkoyQRX0fhKCrHtjNucO
|
||||
ODkVbf+QMlv1mgEwCq+3SIEA6keBzsUv5sahunfPd+Vgh6+lgp1sAfjFuFlxrRvi
|
||||
ghO/yHHKE6P2BBgIz3t5QSakE/fLPwejZ98dacyAIxklzLvt4xHRVP7rxfiNFXKR
|
||||
XHsQd1iaWGSUBNMkUspCl8wO5IAPX75RiFGeA80IjZ518YVjiFBjCdzQfJb9iGJC
|
||||
GzrOcPJahfum+tzyIO/rIj+ldFyLPY0wbpa0wKeF58HWt52p3HmKnK5FUa7L8RNA
|
||||
fc3/H+6qyDeBFx92+T6J30q61dcmPayKooUJNsTKslrZ5L2OicWZepa/Oc5dagyz
|
||||
GEUc+Z11Mgl8/4pT4rUOna29v1d8+StJPN8XgWAHxmwpZ/cY/9GluSq5oB+6PTPc
|
||||
Q0aFHHUAI97QqfpGOeAWjtVd/3YUcNo82Pa3577rRgh55X+XEySQmBiPWNOsfuCZ
|
||||
ZvYGOkLmby1SYR/LOwH8opKJyG/bOiZq23aaTPkmEQQSLRzsKxWc2jlE/UllpYX3
|
||||
FCu8nFn+L7Tam495IImi8FrpEX16ZpTGhr7YnfbOkMYw+LaRA36U55e5DToJAB5T
|
||||
CsC2CLhk8QDVoIMPfpYpY4XpdmA4EfDHOG0CAwEAAaNjMGEwHQYDVR0OBBYEFFoz
|
||||
OX01zWns+ANZ9/6m9g510yWWMB8GA1UdIwQYMBaAFFozOX01zWns+ANZ9/6m9g51
|
||||
0yWWMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB
|
||||
CwUAA4ICAQAg74tSgyZKqZtqJPXt/fadZJqWS75cW5TN0rXTKWfzdDXnPfMD2dhZ
|
||||
h0bH1ZQRamXmXWZni0LpWaOjvqaVNB2TMVStyjEIjLhcBLzR9fhBSXB0BkdVKXvF
|
||||
Y/pmGN0ZM7BRwbbltgTPYIefftU6BvAyUP5k6y0JJZGy6RTYp7SN2iJ00msqfie/
|
||||
zmF83arhFAmW8wjDXMPsSz958+TNgeetFeQjrJ5sbMaApCE21QazHcZw6/zPMRvX
|
||||
Gr+TPyx/p335MViz5SjeFThQ7XES871pZSbOhmIrugCHO8LJOat3oOlnsc8HkZ/T
|
||||
AfUjka0SSPA/sRqPxjLWw/OwDn7g5GpbXl7RXpRsKR8CDIRMVrzD71Nk0SOEb3T9
|
||||
Dv7UTl6NDYlyYYqx35t/KsiwWjnPtr6Xcl8O9l/tuzf5Tjt1mz9i80BybE9wXHYi
|
||||
Y3/1SGloKYVXC+HLLrLm1MEldi9GcYZDzxlydAPfHhSHlYWrvOS/J2Dq6uhH7RHn
|
||||
JV0nE3bVQE01e6iR4BZMYSj4e3BrhMQvkMX67NndYEmoK6+9d77MsK7wblSXja7t
|
||||
YyXysfQhcudaN/A00CLJt8VNq+h8Q9BR5PFmvIv6/jzV3kmLO4nX9z0CdERyBBUr
|
||||
cFXfDn2TBpwlLvOQbEWvZPlEh7Vx2hXRRZr97NstLmFLGTdnVdAl9w==
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -0,0 +1 @@
|
|||
V 270905092804Z 1000 unknown /C=US/ST=Illinois/O=FreeSWITCH/OU=Blade/CN=Blade Intermediate CA
|
||||
|
|
@ -0,0 +1 @@
|
|||
unique_subject = yes
|
||||
|
|
@ -0,0 +1,66 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIFtjCCA56gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwbzELMAkGA1UEBhMCVVMx
|
||||
ETAPBgNVBAgMCElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApG
|
||||
cmVlU1dJVENIMQ4wDAYDVQQLDAVCbGFkZTEWMBQGA1UEAwwNQmxhZGUgUm9vdCBD
|
||||
QTAeFw0xNzA5MDcwOTI4MDRaFw0yNzA5MDUwOTI4MDRaMGUxCzAJBgNVBAYTAlVT
|
||||
MREwDwYDVQQIDAhJbGxpbm9pczETMBEGA1UECgwKRnJlZVNXSVRDSDEOMAwGA1UE
|
||||
CwwFQmxhZGUxHjAcBgNVBAMMFUJsYWRlIEludGVybWVkaWF0ZSBDQTCCAiIwDQYJ
|
||||
KoZIhvcNAQEBBQADggIPADCCAgoCggIBALIlY1JmV9z6wjE6iEIXHUl2CRnsa1jD
|
||||
+uDk4I/OncOdezpfv2mRO9C7VkcefXb5yDrda/qq8r9pNVm6Q2wCJICIlrK9uK90
|
||||
SLsB8WsO8Dnrv9E5Tx96U6J5qDx5Ma3IFM7fF1KUP1LVawpS4lMMKFhcyd/P1dAN
|
||||
ZWlzHCBoM4O9HMo4sKYx4fzxn00yKNK+RU4Wyd3ecntOOg/Dtx3FHt1bExUFuPUW
|
||||
sgVUR8b+R6Z/1U6iWe+3x/XBAUVCBhyzt7OrCpY0g3TX7wVCh7CafpZnTe54gjMo
|
||||
1lqSraJ5Dr4Sn1LV1gRa8cVQrNbUZ+m2aHsNLxmpEviHDLTd267x5qXEDCNajesJ
|
||||
iSALRpQzAJE/neQvVa2fiaV7PbPGlxtUcyR8J9sGfuuby48/RulPQ1CjL1+sI+IE
|
||||
lnMZqTiab+1TT5OyKMYYRjQ4k3R/gUGn0MhQBcy1VOP6GVGEgeOYACbDSjvYO9HZ
|
||||
dyM9ivpxLhV3BMVM2B0PmFxLgFdyBlIPkP36/5kBzOFJWdYrMLP/vahFVmTgevDm
|
||||
8Uhi3PvEt6kKUnWHkBHdajzDKLvbh8y+Ucgap7PtT8apZR+8J9TX87gMFzH5r4Xc
|
||||
SF97inJ/q098V8dyoPJpL6PRAzigBXGmB2fFhLgtoXfuKfI/nfgQHO7MbYCCFP4z
|
||||
Och2kFZYehBTAgMBAAGjZjBkMB0GA1UdDgQWBBT24ScXvFFEdGFsK+X5SxmWnAmd
|
||||
/jAfBgNVHSMEGDAWgBRaMzl9Nc1p7PgDWff+pvYOddMlljASBgNVHRMBAf8ECDAG
|
||||
AQH/AgEAMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAgGzDCfJm
|
||||
weo6oeSFmSLTmlBlTJZO+7igFWf8tunmTkg8wvKe+lCyDd2efNgUocI/NA+X4kRj
|
||||
YtDH+hq0H+JlDu/p4y4/t6Srx/dh33Ow7eCv2wtuSCeK5Y0euysXhI9gmPquUGOC
|
||||
HlHkmQcG03NbbrWt0+4IaPAaKxMuV0FR7KArudZvr+8gp9S8o0AkQVFZSbW41HQe
|
||||
a7DAJmLF0vLQWoVz/YltKjwAMs/ws8OWxUdvcOA3w6XmWmjAFn5hc2MgHgu513c4
|
||||
Vbq0535ghU0Eneqc23y2ELa+8hbn5yS5wcK1AS2HG4VoDqOJw+pv4Ko3T33mCR6X
|
||||
bUABSB+znX5kEZn8KQaP8sLm07kERGjCI3FLPscM1S851tah/iqBgddlIUn/YNpM
|
||||
9uYQ2PWu6UWvqyZfhgVIlb2LYJNERtKZPeI05SRIbUW93wUTiC6A93fl8SEE7XHa
|
||||
LMJt6+HLysR2IsXLqlSRZw3rIoT0B3G4uS9Xop89znLAknrOI57OvVAMLaeBrtkl
|
||||
jepE7RrNX6VcyEY+Ar1p30ax4UJNxjxd3rszIznccerWQzuLo5wYUkuZEfNtnAFB
|
||||
Z/4qlIn7wkbRevafgmlf/bhP6ZkeJFhqEjOq36Zci5JrnRu3rM/+Vex2ibHVat0E
|
||||
IZjeGxeofAPEwTaLfPJT7EIWZ+33ZHMcz+8=
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFxDCCA6ygAwIBAgIJANi9lXvHAbx4MA0GCSqGSIb3DQEBCwUAMG8xCzAJBgNV
|
||||
BAYTAlVTMREwDwYDVQQIDAhJbGxpbm9pczEQMA4GA1UEBwwHQ2hpY2FnbzETMBEG
|
||||
A1UECgwKRnJlZVNXSVRDSDEOMAwGA1UECwwFQmxhZGUxFjAUBgNVBAMMDUJsYWRl
|
||||
IFJvb3QgQ0EwHhcNMTcwOTA3MDkyNDE2WhcNMjcwOTA1MDkyNDE2WjBvMQswCQYD
|
||||
VQQGEwJVUzERMA8GA1UECAwISWxsaW5vaXMxEDAOBgNVBAcMB0NoaWNhZ28xEzAR
|
||||
BgNVBAoMCkZyZWVTV0lUQ0gxDjAMBgNVBAsMBUJsYWRlMRYwFAYDVQQDDA1CbGFk
|
||||
ZSBSb290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3Pt3X1j8
|
||||
YaRuGb4ENkhfazwZl0K4VlaPhGj4h4wiL5S2Tp8E83HoRkoyQRX0fhKCrHtjNucO
|
||||
ODkVbf+QMlv1mgEwCq+3SIEA6keBzsUv5sahunfPd+Vgh6+lgp1sAfjFuFlxrRvi
|
||||
ghO/yHHKE6P2BBgIz3t5QSakE/fLPwejZ98dacyAIxklzLvt4xHRVP7rxfiNFXKR
|
||||
XHsQd1iaWGSUBNMkUspCl8wO5IAPX75RiFGeA80IjZ518YVjiFBjCdzQfJb9iGJC
|
||||
GzrOcPJahfum+tzyIO/rIj+ldFyLPY0wbpa0wKeF58HWt52p3HmKnK5FUa7L8RNA
|
||||
fc3/H+6qyDeBFx92+T6J30q61dcmPayKooUJNsTKslrZ5L2OicWZepa/Oc5dagyz
|
||||
GEUc+Z11Mgl8/4pT4rUOna29v1d8+StJPN8XgWAHxmwpZ/cY/9GluSq5oB+6PTPc
|
||||
Q0aFHHUAI97QqfpGOeAWjtVd/3YUcNo82Pa3577rRgh55X+XEySQmBiPWNOsfuCZ
|
||||
ZvYGOkLmby1SYR/LOwH8opKJyG/bOiZq23aaTPkmEQQSLRzsKxWc2jlE/UllpYX3
|
||||
FCu8nFn+L7Tam495IImi8FrpEX16ZpTGhr7YnfbOkMYw+LaRA36U55e5DToJAB5T
|
||||
CsC2CLhk8QDVoIMPfpYpY4XpdmA4EfDHOG0CAwEAAaNjMGEwHQYDVR0OBBYEFFoz
|
||||
OX01zWns+ANZ9/6m9g510yWWMB8GA1UdIwQYMBaAFFozOX01zWns+ANZ9/6m9g51
|
||||
0yWWMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB
|
||||
CwUAA4ICAQAg74tSgyZKqZtqJPXt/fadZJqWS75cW5TN0rXTKWfzdDXnPfMD2dhZ
|
||||
h0bH1ZQRamXmXWZni0LpWaOjvqaVNB2TMVStyjEIjLhcBLzR9fhBSXB0BkdVKXvF
|
||||
Y/pmGN0ZM7BRwbbltgTPYIefftU6BvAyUP5k6y0JJZGy6RTYp7SN2iJ00msqfie/
|
||||
zmF83arhFAmW8wjDXMPsSz958+TNgeetFeQjrJ5sbMaApCE21QazHcZw6/zPMRvX
|
||||
Gr+TPyx/p335MViz5SjeFThQ7XES871pZSbOhmIrugCHO8LJOat3oOlnsc8HkZ/T
|
||||
AfUjka0SSPA/sRqPxjLWw/OwDn7g5GpbXl7RXpRsKR8CDIRMVrzD71Nk0SOEb3T9
|
||||
Dv7UTl6NDYlyYYqx35t/KsiwWjnPtr6Xcl8O9l/tuzf5Tjt1mz9i80BybE9wXHYi
|
||||
Y3/1SGloKYVXC+HLLrLm1MEldi9GcYZDzxlydAPfHhSHlYWrvOS/J2Dq6uhH7RHn
|
||||
JV0nE3bVQE01e6iR4BZMYSj4e3BrhMQvkMX67NndYEmoK6+9d77MsK7wblSXja7t
|
||||
YyXysfQhcudaN/A00CLJt8VNq+h8Q9BR5PFmvIv6/jzV3kmLO4nX9z0CdERyBBUr
|
||||
cFXfDn2TBpwlLvOQbEWvZPlEh7Vx2hXRRZr97NstLmFLGTdnVdAl9w==
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -0,0 +1,30 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIFPDCCAySgAwIBAgICEAMwDQYJKoZIhvcNAQELBQAwZTELMAkGA1UEBhMCVVMx
|
||||
ETAPBgNVBAgMCElsbGlub2lzMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQL
|
||||
DAVCbGFkZTEeMBwGA1UEAwwVQmxhZGUgSW50ZXJtZWRpYXRlIENBMB4XDTE3MDkw
|
||||
NzEyMDgwNloXDTI3MDkwNTEyMDgwNlowdzELMAkGA1UEBhMCVVMxETAPBgNVBAgM
|
||||
CElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENI
|
||||
MQ4wDAYDVQQLDAVCbGFkZTEeMBwGA1UEAwwVQmxhZGUgQ2xpZW50IFVwc3RyZWFt
|
||||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7QkR1NA64HPzuYYko7LT
|
||||
ciwCWu1JLGuA3/7DkskMZ180+sQ3dBG4UjujKMRc0h65oFZc//WYIfmfUznLvLsR
|
||||
ygghlevPqgGRGdf9WHIMjo9+hLM6MgZ51Eqqydh42L7sen/2bO85gh/pfxno3+uP
|
||||
FGIJtX6GFiJ5Hp86wF+cqnfRRUFo+0L34+rLY08fITEkTbPjNg5R2jcWa+dWJXIJ
|
||||
i3pud+ulWPTKalYiUvsqN8tucjJIZb279yzrxsV2qjRqHBCToBj9/kcJHD8gKrpE
|
||||
f1HsiLLJ7PEAID1fMONTL5sVXCJ1TXpjWNZTlcTCCMAhrEghGMZV0FIm7GS//naq
|
||||
ywIDAQABo4HjMIHgMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgWgMDMGCWCG
|
||||
SAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBDbGllbnQgQ2VydGlmaWNhdGUw
|
||||
HQYDVR0OBBYEFCZDQ3rDX5H3YjuUjV5wsBi/GYyhMB8GA1UdIwQYMBaAFPbhJxe8
|
||||
UUR0YWwr5flLGZacCZ3+MA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEF
|
||||
BQcDAgYIKwYBBQUHAwQwHAYDVR0RBBUwE4IRY2xpZW50QGZyZWVzd2l0Y2gwDQYJ
|
||||
KoZIhvcNAQELBQADggIBAETxSF12VHvtjQA/uP6oUyENmu7wSbINUQZznzyJZSUQ
|
||||
X0eym9llkUqviMeT9g6wRIoFGSnoMuDkxKbG5k6xVIw6xBUeS+Ce40nhH3qmMkRi
|
||||
2DZgoqpQHb4DrTszJlXCxLhnnE83DuGDGxN2MbdY1HhCUo8yHqlCiA27hnxk46xh
|
||||
Xuyx44zoYsdpnROppSwBAeaW9Ewanp7GL8ayWUkbBy0kGV+8wH7u9bpijevmGZSC
|
||||
iykbYBM7V+RvDvZoywfNSP+l9H77Tv3SI6G40Pfc55M5MbFOa/Po+XjNVeoTOFCu
|
||||
YIgIm/kA2OUySyBiOy54HfxG5BecZYW+uUm2KIrDX5bS2tZcCww2eo4AKCXEYWrh
|
||||
1NM1xbeZCregMQ+2gRap4jhB5a49JoH3KPrjFc+1fhnv68bmSAUWwF0twwxev1Aq
|
||||
ugYwx5lOhAl9+wAZbtsUsmsCp0AmzsIzgv43H6lMXUMjwH8v770J7vpKgMzvXlu8
|
||||
wWxFKVMfyocQqvOvBQ3i9SwptnA0ORO8Y8/+Tyu8uW8as/H7z9qaHBcCOWl1RZkR
|
||||
diBrb5f+OtnamvmDM32APxYtfomj9pgWyxK9vmeCpCILdga3c41iBHbGNJDaNz9q
|
||||
y9N8z9w887aKQT+HUjoDD2/Zb92Nia1tY+NU0Qd3AQZysJjz1Pq/Eu7KRpHAirTC
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -0,0 +1,32 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIFmDCCA4CgAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwZTELMAkGA1UEBhMCVVMx
|
||||
ETAPBgNVBAgMCElsbGlub2lzMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQL
|
||||
DAVCbGFkZTEeMBwGA1UEAwwVQmxhZGUgSW50ZXJtZWRpYXRlIENBMB4XDTE3MDkw
|
||||
NzA5NTIxNloXDTI3MDkwNTA5NTIxNlowfTELMAkGA1UEBhMCVVMxETAPBgNVBAgM
|
||||
CElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENI
|
||||
MQ4wDAYDVQQLDAVCbGFkZTEkMCIGA1UEAwwbQmxhZGUgQ29udHJvbGxlciBEb3du
|
||||
c3RyZWFtMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwEA1njlU4qAG
|
||||
2/KskXthKBI35KDTND92Dqg6gkAvbC/IGEJJyzxw7Fd2AjNMAbNLuaasK9HFRwPh
|
||||
ZXOLQjvl+wjwtBEAgGw+gLqrLdC3RVuiWlxGsbfB4tAYn9Av44jURYc1Prprnvqz
|
||||
l8+DIU6UTuRh9JimoyL6NC4rqgcvo8LjR01RNn27RdyeO/VhDjdiU2/vC/OujUqn
|
||||
InhtGvTB/KrDJtxLEcl15zBGe0PBoolYCF2+8FS2cMFw8y2aeeNeOfvjlzMXOxGG
|
||||
4vohxUNx/DZh6aNUzbh9Fp7gvJQ8ZRsRNqtI3AgGW4+7Bt4US9ekM8RQjRb51Vk/
|
||||
NcFhOKejswIDAQABo4IBODCCATQwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMC
|
||||
BkAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJhdGVkIFNlcnZlciBDZXJ0
|
||||
aWZpY2F0ZTAdBgNVHQ4EFgQUowMxPRDVCvF5Ax/Nvn+quWWny/kwgZoGA1UdIwSB
|
||||
kjCBj4AU9uEnF7xRRHRhbCvl+UsZlpwJnf6hc6RxMG8xCzAJBgNVBAYTAlVTMREw
|
||||
DwYDVQQIDAhJbGxpbm9pczEQMA4GA1UEBwwHQ2hpY2FnbzETMBEGA1UECgwKRnJl
|
||||
ZVNXSVRDSDEOMAwGA1UECwwFQmxhZGUxFjAUBgNVBAMMDUJsYWRlIFJvb3QgQ0GC
|
||||
AhAAMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG
|
||||
9w0BAQsFAAOCAgEAayl96eapLsMHWJDT/p1qfNhMYR+JtO7xaaGLJ+yiibY6T1Be
|
||||
1R5dLhG7y00Ww1Os9B4F3rWScFxpGqI9GgX8FAGo94Rm3c6+qLAKj/IZmXC6Dgg/
|
||||
VzqppcxMt+wo4HsYYhiamVLCyPTrOpPZ82X0+rlR+7iQRbEQ09ubfrb1ec/rDbfU
|
||||
Kucr1ugwAyOLCmTsK+PAXhAdT/9ci/pL2uO9AxKYgSqvc9VnxoyUusq4Qouxb76I
|
||||
qmbkGxVN0iP67tJ9jecyaXSoAJ6kBUPAdOesp9shPXmxnU6sPbk5FuJqNU5uZmK+
|
||||
KFwGMycLOl8wGAtK88GlupSYHmUT1CDo5rKFtOtyD0wcjM1p+lieQIFYDRV4OLXh
|
||||
qTa3gtgVRqEcXdn2GdtNFlO87HWR8ptr4gA3jfm/yaC3WGqsgbZtXyPerSIUSd3B
|
||||
op+5tvE8oqaIahCJV+Lj5XbmXoQkVKGel1xQjZ9rZavBxvwT4BlTNjYBZQHN0wsk
|
||||
T9Pd1jbytZ9Ffwf3BO/vnkeo4mXSybYN+Ohfh3+bDPMu+NDL7m2/V8ZhIuRCJP0w
|
||||
YBrlHHxvn4wjVOMix/KXcYXMlVenL0V1xTUHhFhQhBWQ9V4TzzWq/YeZH18MyB/Q
|
||||
J9vGivKGGFUcs2F7ze+juVOPuUv/hE4ypdPAa4uq+v4HUQAD3mYZkeJnq8o=
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -0,0 +1,31 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIFVjCCAz6gAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwZTELMAkGA1UEBhMCVVMx
|
||||
ETAPBgNVBAgMCElsbGlub2lzMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQL
|
||||
DAVCbGFkZTEeMBwGA1UEAwwVQmxhZGUgSW50ZXJtZWRpYXRlIENBMB4XDTE3MDkw
|
||||
NzA5NTY1MFoXDTI3MDkwNTA5NTY1MFowezELMAkGA1UEBhMCVVMxETAPBgNVBAgM
|
||||
CElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENI
|
||||
MQ4wDAYDVQQLDAVCbGFkZTEiMCAGA1UEAwwZQmxhZGUgQ29udHJvbGxlciBVcHN0
|
||||
cmVhbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOLeR7h7lhJR2/T3
|
||||
uaG8P20ko4Zo9wudGS/GN+aFv5EpFjlnRRxxbaqc5FFxWSWoJpMvrciX+4izC/jg
|
||||
mVSU9L7TdK2svGT8rqbXz31H3wEIBP4irKLtW22UbOZL2JoiW8kDUMcyOsc3jTqp
|
||||
Ewm96PSiYUJHvP6aTJRJdsAlmxZoJu46hxg8tNuy0V6YVPBZFU9NODEosm/wwAFo
|
||||
Aly70lvUD/kXBZFPBbgMy6xHVPrXKdou2p4IwfWNqm4VmS652YkjG7avSSAnTaph
|
||||
taTTCvtwOkCvrjJHvg4AG+zgwPdRxSZRqm7+zQdAIyC3zQzQRkbOizlZXej+ffXj
|
||||
EiPNmNMCAwEAAaOB+TCB9jAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAz
|
||||
BglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xpZW50IENlcnRpZmlj
|
||||
YXRlMB0GA1UdDgQWBBSmUpL+sqt/zQFJU1CnvyTAKVEttzAfBgNVHSMEGDAWgBT2
|
||||
4ScXvFFEdGFsK+X5SxmWnAmd/jAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYI
|
||||
KwYBBQUHAwIGCCsGAQUFBwMEMDIGA1UdEQQrMCmCFWNvbnRyb2xsZXJAZnJlZXN3
|
||||
aXRjaIIQY29udHJvbGxlckBibGFkZTANBgkqhkiG9w0BAQsFAAOCAgEASJ0KLhWJ
|
||||
74j+jbHNAKMvqjrhCBSrAr6Ma94L7ut35umYx9jVQhlvW5FQnI+cGU9s+RRm/tkK
|
||||
bze6aP+FaQdQvQMaxH9P7nCUjEXvKutzATwmXdRNv8MS+i9xVxX1vodZz2nSJ4uE
|
||||
4GqwiS+HtF5W4DCSId55RQ/1lMsTHsDNi0SspV5nubGJ4qDv/EA6vgkEUMbR6X3J
|
||||
phLcVTNeM+MvwYFZWZtnXkLnejZUYXMvtCCPwOW3fMQP8lWzNHwCOT+rZCboCnba
|
||||
NMAOKKkZDiz525wYUsYqDrLN8Q94m1EwgCjIhd9Vn4aLZTBouKAouFW+//L8WWHA
|
||||
rHFQuw4fy/efZzd1B+AaiM5FfWcKZuGQqa2LJS//GHDQGbRYZZOX505qOSKonSBU
|
||||
vTLFDYIE4gIYWFFUZqzVOJnafRUGEVl1V5xLZajM7HWMuhCK8p+XA6QM7HQXDUMd
|
||||
tMa9+EhU5nDF5V+gQmzjNDkh3xGLMbkZceEIP4nSRT9rTEVfILsQ8Q6G9pWYfYf7
|
||||
NsSBmax/F/8Jbx2gw9UVo7HVDx6dA5FRht4K8qiT6aA/5pRSOADMRz6ISM2idiF9
|
||||
NjadbBo+nVPtKosSF5ZGKxTAdYMUb34FMdp1N7J4UzG1ZBiLpNa3+7R3GGbtlNy5
|
||||
WLn35rnLEHYt9KvftBeYz58KVaiPQz/af8c=
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -0,0 +1,33 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIFtjCCA56gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwbzELMAkGA1UEBhMCVVMx
|
||||
ETAPBgNVBAgMCElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApG
|
||||
cmVlU1dJVENIMQ4wDAYDVQQLDAVCbGFkZTEWMBQGA1UEAwwNQmxhZGUgUm9vdCBD
|
||||
QTAeFw0xNzA5MDcwOTI4MDRaFw0yNzA5MDUwOTI4MDRaMGUxCzAJBgNVBAYTAlVT
|
||||
MREwDwYDVQQIDAhJbGxpbm9pczETMBEGA1UECgwKRnJlZVNXSVRDSDEOMAwGA1UE
|
||||
CwwFQmxhZGUxHjAcBgNVBAMMFUJsYWRlIEludGVybWVkaWF0ZSBDQTCCAiIwDQYJ
|
||||
KoZIhvcNAQEBBQADggIPADCCAgoCggIBALIlY1JmV9z6wjE6iEIXHUl2CRnsa1jD
|
||||
+uDk4I/OncOdezpfv2mRO9C7VkcefXb5yDrda/qq8r9pNVm6Q2wCJICIlrK9uK90
|
||||
SLsB8WsO8Dnrv9E5Tx96U6J5qDx5Ma3IFM7fF1KUP1LVawpS4lMMKFhcyd/P1dAN
|
||||
ZWlzHCBoM4O9HMo4sKYx4fzxn00yKNK+RU4Wyd3ecntOOg/Dtx3FHt1bExUFuPUW
|
||||
sgVUR8b+R6Z/1U6iWe+3x/XBAUVCBhyzt7OrCpY0g3TX7wVCh7CafpZnTe54gjMo
|
||||
1lqSraJ5Dr4Sn1LV1gRa8cVQrNbUZ+m2aHsNLxmpEviHDLTd267x5qXEDCNajesJ
|
||||
iSALRpQzAJE/neQvVa2fiaV7PbPGlxtUcyR8J9sGfuuby48/RulPQ1CjL1+sI+IE
|
||||
lnMZqTiab+1TT5OyKMYYRjQ4k3R/gUGn0MhQBcy1VOP6GVGEgeOYACbDSjvYO9HZ
|
||||
dyM9ivpxLhV3BMVM2B0PmFxLgFdyBlIPkP36/5kBzOFJWdYrMLP/vahFVmTgevDm
|
||||
8Uhi3PvEt6kKUnWHkBHdajzDKLvbh8y+Ucgap7PtT8apZR+8J9TX87gMFzH5r4Xc
|
||||
SF97inJ/q098V8dyoPJpL6PRAzigBXGmB2fFhLgtoXfuKfI/nfgQHO7MbYCCFP4z
|
||||
Och2kFZYehBTAgMBAAGjZjBkMB0GA1UdDgQWBBT24ScXvFFEdGFsK+X5SxmWnAmd
|
||||
/jAfBgNVHSMEGDAWgBRaMzl9Nc1p7PgDWff+pvYOddMlljASBgNVHRMBAf8ECDAG
|
||||
AQH/AgEAMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAgGzDCfJm
|
||||
weo6oeSFmSLTmlBlTJZO+7igFWf8tunmTkg8wvKe+lCyDd2efNgUocI/NA+X4kRj
|
||||
YtDH+hq0H+JlDu/p4y4/t6Srx/dh33Ow7eCv2wtuSCeK5Y0euysXhI9gmPquUGOC
|
||||
HlHkmQcG03NbbrWt0+4IaPAaKxMuV0FR7KArudZvr+8gp9S8o0AkQVFZSbW41HQe
|
||||
a7DAJmLF0vLQWoVz/YltKjwAMs/ws8OWxUdvcOA3w6XmWmjAFn5hc2MgHgu513c4
|
||||
Vbq0535ghU0Eneqc23y2ELa+8hbn5yS5wcK1AS2HG4VoDqOJw+pv4Ko3T33mCR6X
|
||||
bUABSB+znX5kEZn8KQaP8sLm07kERGjCI3FLPscM1S851tah/iqBgddlIUn/YNpM
|
||||
9uYQ2PWu6UWvqyZfhgVIlb2LYJNERtKZPeI05SRIbUW93wUTiC6A93fl8SEE7XHa
|
||||
LMJt6+HLysR2IsXLqlSRZw3rIoT0B3G4uS9Xop89znLAknrOI57OvVAMLaeBrtkl
|
||||
jepE7RrNX6VcyEY+Ar1p30ax4UJNxjxd3rszIznccerWQzuLo5wYUkuZEfNtnAFB
|
||||
Z/4qlIn7wkbRevafgmlf/bhP6ZkeJFhqEjOq36Zci5JrnRu3rM/+Vex2ibHVat0E
|
||||
IZjeGxeofAPEwTaLfPJT7EIWZ+33ZHMcz+8=
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -0,0 +1,33 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIFwDCCA6igAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwZTELMAkGA1UEBhMCVVMx
|
||||
ETAPBgNVBAgMCElsbGlub2lzMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQL
|
||||
DAVCbGFkZTEeMBwGA1UEAwwVQmxhZGUgSW50ZXJtZWRpYXRlIENBMB4XDTE3MDkw
|
||||
NzA5NDQ1OVoXDTI3MDkwNTA5NDQ1OVoweTELMAkGA1UEBhMCVVMxETAPBgNVBAgM
|
||||
CElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENI
|
||||
MQ4wDAYDVQQLDAVCbGFkZTEgMB4GA1UEAwwXQmxhZGUgTWFzdGVyIERvd25zdHJl
|
||||
YW0wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDK8mciD1y9F1fz08+4
|
||||
V1d6VZfv87h0V4/JihsjFEAlvog1W1BsfMPw1eNGmykDVZPVgmmgjP95UZYBm9gW
|
||||
P26ze6hzA/7wpqdCs/tG0XsiCS5NsyP/9g33hcXJqzhTQXoqn0cGRJzrre2AfPoX
|
||||
2CijWpjH3ufUMyZzN7fP7/VCYNEDR/4Geyp3RjBnqw4PlFqroME2762kNC5jGkCh
|
||||
hPUpYrKwNE6mvQ6H0DwjJl9cHR9ynssU81h0TDa98N6kKcDLzK7BAoFtFGRKrFkL
|
||||
db8LtvbG6zyLZrpJtwkcgfyOoKtXMuHGfISnnMtbgi6IyZPfo/9RcKK6q6a3/ZHE
|
||||
plwJAgMBAAGjggFkMIIBYDAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAz
|
||||
BglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmlj
|
||||
YXRlMB0GA1UdDgQWBBT5po36vCPKHCecbSz1ueDbFDZ1jjCBmgYDVR0jBIGSMIGP
|
||||
gBT24ScXvFFEdGFsK+X5SxmWnAmd/qFzpHEwbzELMAkGA1UEBhMCVVMxETAPBgNV
|
||||
BAgMCElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJ
|
||||
VENIMQ4wDAYDVQQLDAVCbGFkZTEWMBQGA1UEAwwNQmxhZGUgUm9vdCBDQYICEAAw
|
||||
DgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMCoGA1UdEQQjMCGC
|
||||
EW1hc3RlckBmcmVlc3dpdGNoggxtYXN0ZXJAYmxhZGUwDQYJKoZIhvcNAQELBQAD
|
||||
ggIBAJ73CuGQvtFkzQxhVvmWcg7TOHeV6I1IycBXDgyEdL3MEC+z2vXpz7NwzcnD
|
||||
F0gYBVXAszSkNsLxmzUsxSr2IOy6rTJ/5R/GP9/3NLfjF1H2r1lxytfngMokp6ts
|
||||
AiCPu5fiIyYPlwj3Gcbw0+n8LL06oPKGf291eHRjWlJbbI0grUW2W1Mdajd9U42z
|
||||
vadoY0NAtWiZI3sM+OpicAg8hsYLN40KsnEag3Y6JdsDNiT05qKDhUcqVROlVcu4
|
||||
CT4u1gNROClAt/iUGA2s8jsPutPEedtGuAcIHqDk60C6D0v1+PokdFGG2ZBgHZLg
|
||||
fXRsPYzAtsqhyUW3jyR3XYEoIj1tU+zHRZT7B5wPczhOBk5LOHf+QYVVzwV3Ff5x
|
||||
8de8KRXRSg2ygLQGpBWTqMzzrjVgeSBNzC5nW/WaQHkMxmSGvUyvpUVUX/ySpDFf
|
||||
r4JfpYHmxSNWVdRVBmCzTBq2qM8npaPWsagXWOv/hdZcrTTi6nnrWxSIFogiY9DX
|
||||
YW2GUENt56AlXlyhiKd/NCWkQN5c/pRjV8EVUSTNuLNwFsGWmdZdjiaOUeILxHQS
|
||||
OyzvTgKohqHikECl1wISRuDY8Fbu+xfqUaERsSfS35CBKW3qtmnmg+9meE6MRj7I
|
||||
sbWoHXx7dJZst7vcDDsBptUPNUFKsgHKqfaGrb7hJGro/vTV
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -0,0 +1,133 @@
|
|||
# OpenSSL intermediate CA configuration file.
|
||||
# Copy to `/root/ca/intermediate/openssl.cnf`.
|
||||
|
||||
[ ca ]
|
||||
# `man ca`
|
||||
default_ca = CA_default
|
||||
|
||||
[ CA_default ]
|
||||
# Directory and file locations.
|
||||
dir = .
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
|
||||
# The root key and root certificate.
|
||||
private_key = $dir/private/intermediate.key.pem
|
||||
certificate = $dir/certs/intermediate.cert.pem
|
||||
|
||||
# For certificate revocation lists.
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/intermediate.crl.pem
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 30
|
||||
|
||||
# SHA-1 is deprecated, so use SHA-2 instead.
|
||||
default_md = sha256
|
||||
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 375
|
||||
preserve = no
|
||||
policy = policy_loose
|
||||
|
||||
[ policy_strict ]
|
||||
# The root CA should only sign intermediate certificates that match.
|
||||
# See the POLICY FORMAT section of `man ca`.
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[ policy_loose ]
|
||||
# Allow the intermediate CA to sign a more diverse range of certificates.
|
||||
# See the POLICY FORMAT section of the `ca` man page.
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[ req ]
|
||||
# Options for the `req` tool (`man req`).
|
||||
default_bits = 2048
|
||||
distinguished_name = req_distinguished_name
|
||||
string_mask = utf8only
|
||||
|
||||
# SHA-1 is deprecated, so use SHA-2 instead.
|
||||
default_md = sha256
|
||||
|
||||
# Extension to add when the -x509 option is used.
|
||||
x509_extensions = v3_ca
|
||||
|
||||
[ req_distinguished_name ]
|
||||
# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
|
||||
countryName = Country Name (2 letter code)
|
||||
stateOrProvinceName = State or Province Name
|
||||
localityName = Locality Name
|
||||
0.organizationName = Organization Name
|
||||
organizationalUnitName = Organizational Unit Name
|
||||
commonName = Common Name
|
||||
emailAddress = Email Address
|
||||
|
||||
# Optionally, specify some defaults.
|
||||
countryName_default = US
|
||||
stateOrProvinceName_default = Illinois
|
||||
localityName_default = Chicago
|
||||
0.organizationName_default = FreeSWITCH
|
||||
organizationalUnitName_default = Blade
|
||||
emailAddress_default =
|
||||
|
||||
[ v3_ca ]
|
||||
# Extensions for a typical CA (`man x509v3_config`).
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
|
||||
[ v3_intermediate_ca ]
|
||||
# Extensions for a typical intermediate CA (`man x509v3_config`).
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true, pathlen:0
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
|
||||
[ usr_cert ]
|
||||
# Extensions for client certificates (`man x509v3_config`).
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = client, email
|
||||
nsComment = "OpenSSL Generated Client Certificate"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = clientAuth, emailProtection
|
||||
subjectAltName = DNS: client@freeswitch
|
||||
|
||||
[ server_cert ]
|
||||
# Extensions for server certificates (`man x509v3_config`).
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = server
|
||||
nsComment = "OpenSSL Generated Server Certificate"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer:always
|
||||
keyUsage = critical, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = serverAuth
|
||||
|
||||
[ crl_ext ]
|
||||
# Extension for CRLs (`man x509v3_config`).
|
||||
authorityKeyIdentifier=keyid:always
|
||||
|
||||
[ ocsp ]
|
||||
# Extension for OCSP signing certificates (`man ocsp`).
|
||||
basicConstraints = CA:FALSE
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, digitalSignature
|
||||
extendedKeyUsage = critical, OCSPSigning
|
||||
|
|
@ -0,0 +1,133 @@
|
|||
# OpenSSL intermediate CA configuration file.
|
||||
# Copy to `/root/ca/intermediate/openssl.cnf`.
|
||||
|
||||
[ ca ]
|
||||
# `man ca`
|
||||
default_ca = CA_default
|
||||
|
||||
[ CA_default ]
|
||||
# Directory and file locations.
|
||||
dir = .
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
|
||||
# The root key and root certificate.
|
||||
private_key = $dir/private/intermediate.key.pem
|
||||
certificate = $dir/certs/intermediate.cert.pem
|
||||
|
||||
# For certificate revocation lists.
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/intermediate.crl.pem
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 30
|
||||
|
||||
# SHA-1 is deprecated, so use SHA-2 instead.
|
||||
default_md = sha256
|
||||
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 375
|
||||
preserve = no
|
||||
policy = policy_loose
|
||||
|
||||
[ policy_strict ]
|
||||
# The root CA should only sign intermediate certificates that match.
|
||||
# See the POLICY FORMAT section of `man ca`.
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[ policy_loose ]
|
||||
# Allow the intermediate CA to sign a more diverse range of certificates.
|
||||
# See the POLICY FORMAT section of the `ca` man page.
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[ req ]
|
||||
# Options for the `req` tool (`man req`).
|
||||
default_bits = 2048
|
||||
distinguished_name = req_distinguished_name
|
||||
string_mask = utf8only
|
||||
|
||||
# SHA-1 is deprecated, so use SHA-2 instead.
|
||||
default_md = sha256
|
||||
|
||||
# Extension to add when the -x509 option is used.
|
||||
x509_extensions = v3_ca
|
||||
|
||||
[ req_distinguished_name ]
|
||||
# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
|
||||
countryName = Country Name (2 letter code)
|
||||
stateOrProvinceName = State or Province Name
|
||||
localityName = Locality Name
|
||||
0.organizationName = Organization Name
|
||||
organizationalUnitName = Organizational Unit Name
|
||||
commonName = Common Name
|
||||
emailAddress = Email Address
|
||||
|
||||
# Optionally, specify some defaults.
|
||||
countryName_default = US
|
||||
stateOrProvinceName_default = Illinois
|
||||
localityName_default = Chicago
|
||||
0.organizationName_default = FreeSWITCH
|
||||
organizationalUnitName_default = Blade
|
||||
emailAddress_default =
|
||||
|
||||
[ v3_ca ]
|
||||
# Extensions for a typical CA (`man x509v3_config`).
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
|
||||
[ v3_intermediate_ca ]
|
||||
# Extensions for a typical intermediate CA (`man x509v3_config`).
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true, pathlen:0
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
|
||||
[ usr_cert ]
|
||||
# Extensions for client certificates (`man x509v3_config`).
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = client, email
|
||||
nsComment = "OpenSSL Generated Client Certificate"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = clientAuth, emailProtection
|
||||
subjectAltName = DNS: controller@freeswitch, DNS: controller@blade
|
||||
|
||||
[ server_cert ]
|
||||
# Extensions for server certificates (`man x509v3_config`).
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = server
|
||||
nsComment = "OpenSSL Generated Server Certificate"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer:always
|
||||
keyUsage = critical, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = serverAuth
|
||||
|
||||
[ crl_ext ]
|
||||
# Extension for CRLs (`man x509v3_config`).
|
||||
authorityKeyIdentifier=keyid:always
|
||||
|
||||
[ ocsp ]
|
||||
# Extension for OCSP signing certificates (`man ocsp`).
|
||||
basicConstraints = CA:FALSE
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, digitalSignature
|
||||
extendedKeyUsage = critical, OCSPSigning
|
||||
|
|
@ -0,0 +1,133 @@
|
|||
# OpenSSL intermediate CA configuration file.
|
||||
# Copy to `/root/ca/intermediate/openssl.cnf`.
|
||||
|
||||
[ ca ]
|
||||
# `man ca`
|
||||
default_ca = CA_default
|
||||
|
||||
[ CA_default ]
|
||||
# Directory and file locations.
|
||||
dir = .
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
|
||||
# The root key and root certificate.
|
||||
private_key = $dir/private/intermediate.key.pem
|
||||
certificate = $dir/certs/intermediate.cert.pem
|
||||
|
||||
# For certificate revocation lists.
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/intermediate.crl.pem
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 30
|
||||
|
||||
# SHA-1 is deprecated, so use SHA-2 instead.
|
||||
default_md = sha256
|
||||
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 375
|
||||
preserve = no
|
||||
policy = policy_loose
|
||||
|
||||
[ policy_strict ]
|
||||
# The root CA should only sign intermediate certificates that match.
|
||||
# See the POLICY FORMAT section of `man ca`.
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[ policy_loose ]
|
||||
# Allow the intermediate CA to sign a more diverse range of certificates.
|
||||
# See the POLICY FORMAT section of the `ca` man page.
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[ req ]
|
||||
# Options for the `req` tool (`man req`).
|
||||
default_bits = 2048
|
||||
distinguished_name = req_distinguished_name
|
||||
string_mask = utf8only
|
||||
|
||||
# SHA-1 is deprecated, so use SHA-2 instead.
|
||||
default_md = sha256
|
||||
|
||||
# Extension to add when the -x509 option is used.
|
||||
x509_extensions = v3_ca
|
||||
|
||||
[ req_distinguished_name ]
|
||||
# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
|
||||
countryName = Country Name (2 letter code)
|
||||
stateOrProvinceName = State or Province Name
|
||||
localityName = Locality Name
|
||||
0.organizationName = Organization Name
|
||||
organizationalUnitName = Organizational Unit Name
|
||||
commonName = Common Name
|
||||
emailAddress = Email Address
|
||||
|
||||
# Optionally, specify some defaults.
|
||||
countryName_default = US
|
||||
stateOrProvinceName_default = Illinois
|
||||
localityName_default = Chicago
|
||||
0.organizationName_default = FreeSWITCH
|
||||
organizationalUnitName_default = Blade
|
||||
emailAddress_default =
|
||||
|
||||
[ v3_ca ]
|
||||
# Extensions for a typical CA (`man x509v3_config`).
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
|
||||
[ v3_intermediate_ca ]
|
||||
# Extensions for a typical intermediate CA (`man x509v3_config`).
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true, pathlen:0
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
|
||||
[ usr_cert ]
|
||||
# Extensions for client certificates (`man x509v3_config`).
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = client, email
|
||||
nsComment = "OpenSSL Generated Client Certificate"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = clientAuth, emailProtection
|
||||
|
||||
[ server_cert ]
|
||||
# Extensions for server certificates (`man x509v3_config`).
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = server
|
||||
nsComment = "OpenSSL Generated Server Certificate"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer:always
|
||||
keyUsage = critical, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = serverAuth
|
||||
subjectAltName = DNS: master@freeswitch, DNS: master@blade
|
||||
|
||||
[ crl_ext ]
|
||||
# Extension for CRLs (`man x509v3_config`).
|
||||
authorityKeyIdentifier=keyid:always
|
||||
|
||||
[ ocsp ]
|
||||
# Extension for OCSP signing certificates (`man ocsp`).
|
||||
basicConstraints = CA:FALSE
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, digitalSignature
|
||||
extendedKeyUsage = critical, OCSPSigning
|
||||
|
|
@ -0,0 +1 @@
|
|||
1000
|
||||
|
|
@ -0,0 +1,17 @@
|
|||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxETAPBgNVBAgMCElsbGlub2lzMRAw
|
||||
DgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQLDAVC
|
||||
bGFkZTEeMBwGA1UEAwwVQmxhZGUgQ2xpZW50IFVwc3RyZWFtMIIBIjANBgkqhkiG
|
||||
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7QkR1NA64HPzuYYko7LTciwCWu1JLGuA3/7D
|
||||
kskMZ180+sQ3dBG4UjujKMRc0h65oFZc//WYIfmfUznLvLsRygghlevPqgGRGdf9
|
||||
WHIMjo9+hLM6MgZ51Eqqydh42L7sen/2bO85gh/pfxno3+uPFGIJtX6GFiJ5Hp86
|
||||
wF+cqnfRRUFo+0L34+rLY08fITEkTbPjNg5R2jcWa+dWJXIJi3pud+ulWPTKalYi
|
||||
UvsqN8tucjJIZb279yzrxsV2qjRqHBCToBj9/kcJHD8gKrpEf1HsiLLJ7PEAID1f
|
||||
MONTL5sVXCJ1TXpjWNZTlcTCCMAhrEghGMZV0FIm7GS//naqywIDAQABoAAwDQYJ
|
||||
KoZIhvcNAQELBQADggEBAJd+fNwHr5soFlNbWb5kMP5utXwJhElEfnQ25puC0jhP
|
||||
I03z63MS8Chi1Uaxo9MBpFnC84LVmhPT+7RwpRBubVJEWq2WUjZRvbt5dih+kGum
|
||||
zC7dDhHAMx8Gk8TwsYnnzCDkcvetCCTfrn5otYlVxc/36PWoMB4dL426XSi5JVx0
|
||||
nxeXmbiIpZP9udwXDl6J6i8HhjtGpveiVIV3RrfleApYHAxFa5pVP9l3pwMt9RqX
|
||||
+TbqXexAXrJoVoi8JENjDMGl2H/95UaXB7W/6iIHc/1hy3ebk5OCahxeIoS8LHgX
|
||||
LsLKJDVsz5eOmfo5rF7lT1WVgp2TTS+W6ys2uX3j/cY=
|
||||
-----END CERTIFICATE REQUEST-----
|
||||
|
|
@ -0,0 +1,17 @@
|
|||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIICwjCCAaoCAQAwfTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCElsbGlub2lzMRAw
|
||||
DgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQLDAVC
|
||||
bGFkZTEkMCIGA1UEAwwbQmxhZGUgQ29udHJvbGxlciBEb3duc3RyZWFtMIIBIjAN
|
||||
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwEA1njlU4qAG2/KskXthKBI35KDT
|
||||
ND92Dqg6gkAvbC/IGEJJyzxw7Fd2AjNMAbNLuaasK9HFRwPhZXOLQjvl+wjwtBEA
|
||||
gGw+gLqrLdC3RVuiWlxGsbfB4tAYn9Av44jURYc1Prprnvqzl8+DIU6UTuRh9Jim
|
||||
oyL6NC4rqgcvo8LjR01RNn27RdyeO/VhDjdiU2/vC/OujUqnInhtGvTB/KrDJtxL
|
||||
Ecl15zBGe0PBoolYCF2+8FS2cMFw8y2aeeNeOfvjlzMXOxGG4vohxUNx/DZh6aNU
|
||||
zbh9Fp7gvJQ8ZRsRNqtI3AgGW4+7Bt4US9ekM8RQjRb51Vk/NcFhOKejswIDAQAB
|
||||
oAAwDQYJKoZIhvcNAQELBQADggEBAHvlM/HiAI9fO2QlQRX4lAo0Y+pLYZDI0kjY
|
||||
2PWsLEzI69mBYLTGFrvzYaSzwDUzkHBuypV69BTsWHQBbnMfRRvvqXQCObYcnMUa
|
||||
IDaM4m4YLSYICWUYe+aCQZIMjg13TRspR8H1DlbRUlYFvsYumMeaeAauHW0t6xfL
|
||||
H5vaFtNs0G4apJpb++CoCW/2cWS5Iyj4oViGitX1ajl4oRBzjPMqRQFlqUWExcM8
|
||||
a/XA1STOcIw8qlIWZw9hL7StOoMcAFhybjadZIGLYSI8Y1vCl2+Ur+bRNEU0VY4h
|
||||
k9jhjr09pI0rHcXhXziZ88NRIQL4rT04MJnjR2G7AY18bKIGnqk=
|
||||
-----END CERTIFICATE REQUEST-----
|
||||
|
|
@ -0,0 +1,17 @@
|
|||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIICwDCCAagCAQAwezELMAkGA1UEBhMCVVMxETAPBgNVBAgMCElsbGlub2lzMRAw
|
||||
DgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQLDAVC
|
||||
bGFkZTEiMCAGA1UEAwwZQmxhZGUgQ29udHJvbGxlciBVcHN0cmVhbTCCASIwDQYJ
|
||||
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAOLeR7h7lhJR2/T3uaG8P20ko4Zo9wud
|
||||
GS/GN+aFv5EpFjlnRRxxbaqc5FFxWSWoJpMvrciX+4izC/jgmVSU9L7TdK2svGT8
|
||||
rqbXz31H3wEIBP4irKLtW22UbOZL2JoiW8kDUMcyOsc3jTqpEwm96PSiYUJHvP6a
|
||||
TJRJdsAlmxZoJu46hxg8tNuy0V6YVPBZFU9NODEosm/wwAFoAly70lvUD/kXBZFP
|
||||
BbgMy6xHVPrXKdou2p4IwfWNqm4VmS652YkjG7avSSAnTaphtaTTCvtwOkCvrjJH
|
||||
vg4AG+zgwPdRxSZRqm7+zQdAIyC3zQzQRkbOizlZXej+ffXjEiPNmNMCAwEAAaAA
|
||||
MA0GCSqGSIb3DQEBCwUAA4IBAQDTJmaPVFGJ7lgj2TOJi66WSLkXUc3wKCX7dkX/
|
||||
GIGXyr2hsabYT3FOkWlL0W/CI2KXkFEItnHPE4Plit9E+O/fZYGWjfSHhVUa6rzF
|
||||
w+rM2EWklAl6s/zH1/MoliRG68aluyqv8aIyovRNfAj3F3FaDW5qiIaSVtp3Znlu
|
||||
OlrIQD3ixqIa4na0+kr9MEV+wehDl5Uib0j8GLf7dM/drEywzWVkjaPRttrgvu/M
|
||||
loill3Ta13RQMs0qzu1zx36mbb+hyahq5kyrabWDisV6cmWxbcSCIGCOCfgHdXMl
|
||||
KYupqGBp1ey7KEl3erB4WQ8Rhl7z01+5QEhd875pNmHRE5/w
|
||||
-----END CERTIFICATE REQUEST-----
|
||||
|
|
@ -0,0 +1,28 @@
|
|||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIIEvDCCAqQCAQAwdzELMAkGA1UEBhMCVVMxETAPBgNVBAgMCElsbGlub2lzMRAw
|
||||
DgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQLDAVC
|
||||
bGFkZTEeMBwGA1UEAwwVQmxhZGUgSW50ZXJtZWRpYXRlIENBMIICIjANBgkqhkiG
|
||||
9w0BAQEFAAOCAg8AMIICCgKCAgEAsiVjUmZX3PrCMTqIQhcdSXYJGexrWMP64OTg
|
||||
j86dw517Ol+/aZE70LtWRx59dvnIOt1r+qryv2k1WbpDbAIkgIiWsr24r3RIuwHx
|
||||
aw7wOeu/0TlPH3pTonmoPHkxrcgUzt8XUpQ/UtVrClLiUwwoWFzJ38/V0A1laXMc
|
||||
IGgzg70cyjiwpjHh/PGfTTIo0r5FThbJ3d5ye046D8O3HcUe3VsTFQW49RayBVRH
|
||||
xv5Hpn/VTqJZ77fH9cEBRUIGHLO3s6sKljSDdNfvBUKHsJp+lmdN7niCMyjWWpKt
|
||||
onkOvhKfUtXWBFrxxVCs1tRn6bZoew0vGakS+IcMtN3brvHmpcQMI1qN6wmJIAtG
|
||||
lDMAkT+d5C9VrZ+JpXs9s8aXG1RzJHwn2wZ+65vLjz9G6U9DUKMvX6wj4gSWcxmp
|
||||
OJpv7VNPk7IoxhhGNDiTdH+BQafQyFAFzLVU4/oZUYSB45gAJsNKO9g70dl3Iz2K
|
||||
+nEuFXcExUzYHQ+YXEuAV3IGUg+Q/fr/mQHM4UlZ1isws/+9qEVWZOB68ObxSGLc
|
||||
+8S3qQpSdYeQEd1qPMMou9uHzL5RyBqns+1PxqllH7wn1NfzuAwXMfmvhdxIX3uK
|
||||
cn+rT3xXx3Kg8mkvo9EDOKAFcaYHZ8WEuC2hd+4p8j+d+BAc7sxtgIIU/jM5yHaQ
|
||||
Vlh6EFMCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4ICAQBjDnbyUJMn5Av78pt611u3
|
||||
/QrYxH1SHEwjtSwPcusmoTCNhMIF07GLlRuLNB1teyNLFtLzq345d/sr+o9BmFAS
|
||||
ODpW0rN5RGXnZKvHPrBARFRb/UdyZDlvbl/ksVT6b9fzroPRtU3IqgdAXvKnvJ7G
|
||||
1RCaIxyZd7T856Z7Eq2tmn0AblyXJLWy2JpBy6CzRK4KFCuNHbs+HrVBXeHD6Tgc
|
||||
pcbtIKohHw/x3r+OX2uf6hr0bfewePE7y5pf4yVb+eaN6TMQQHHSN+oIVSNi8yKk
|
||||
Sr1wd8F5OEp6teYKj4Nlrc8giOkrIV91a1XUJsKgYfzpT4GevIw+8U1uIa8qB3Ow
|
||||
ZchgdsltZAFR0MGmwJNKGQ6JAmFmZTGD2G43P3Y9EnXDiGYWo5k0UkdghaoJIIAO
|
||||
DYxGhEGOINjHmJyQik0ha+38+cLAWoItrSIShZaHDMSXx5ujaFBrZxPa662BwkF4
|
||||
zUXmAW09ww64owAYZ+a1EuujTcLDYszSzIbF6UqBoCeDpq3L5wEgFzl0zktVIwWI
|
||||
YQ99IKOj0JVbsIbikFoteXFbE1x0dR05Mgx9NaCDrIlmmydnsNW5xvwQISYnr92U
|
||||
HgS0/xfgaPo8hqDpl6rjlfwj0Ay/LZTAfH/xGjN69DZbTgf55PRhkTdwMLiQuY6e
|
||||
ENqjprP7sJ7aYdND59jAmQ==
|
||||
-----END CERTIFICATE REQUEST-----
|
||||
|
|
@ -0,0 +1,17 @@
|
|||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIICvjCCAaYCAQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCElsbGlub2lzMRAw
|
||||
DgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQLDAVC
|
||||
bGFkZTEgMB4GA1UEAwwXQmxhZGUgTWFzdGVyIERvd25zdHJlYW0wggEiMA0GCSqG
|
||||
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDK8mciD1y9F1fz08+4V1d6VZfv87h0V4/J
|
||||
ihsjFEAlvog1W1BsfMPw1eNGmykDVZPVgmmgjP95UZYBm9gWP26ze6hzA/7wpqdC
|
||||
s/tG0XsiCS5NsyP/9g33hcXJqzhTQXoqn0cGRJzrre2AfPoX2CijWpjH3ufUMyZz
|
||||
N7fP7/VCYNEDR/4Geyp3RjBnqw4PlFqroME2762kNC5jGkChhPUpYrKwNE6mvQ6H
|
||||
0DwjJl9cHR9ynssU81h0TDa98N6kKcDLzK7BAoFtFGRKrFkLdb8LtvbG6zyLZrpJ
|
||||
twkcgfyOoKtXMuHGfISnnMtbgi6IyZPfo/9RcKK6q6a3/ZHEplwJAgMBAAGgADAN
|
||||
BgkqhkiG9w0BAQsFAAOCAQEAGJ9T9wIQ5i8X8bkvsNKJMWBWWx6O5ihP77ve6Pet
|
||||
BHvfJyV++lFbaU4Af/5R5eE5aOXpfIzMm6MHmvE3sSSL9+Bkaqw+VL1jKieG919C
|
||||
+5CEC1T053QWjbqYG7dp5wVTMJ3MSawvsrkD6sr2rSHhu2pcmEeF5bFcaaYSXVsG
|
||||
vmCGQh7lUj8N79xdiuQvYUM1Lpgo/81WeUWXjCaMVkv6Hdzp0Hx9avCSweb6kklE
|
||||
dSUjOkOKGA/+IoCXmFiLxNs0hzxrkG85aVCmv1x5fcm9mqNVoqBY2YqWWguavDnz
|
||||
DT88l92ZDGqJpVmB+a5H1pC9JY54UUyii462ZMcDmrMK7g==
|
||||
-----END CERTIFICATE REQUEST-----
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
V 270905094459Z 1000 unknown /C=US/ST=Illinois/L=Chicago/O=FreeSWITCH/OU=Blade/CN=Blade Master Downstream
|
||||
V 270905095216Z 1001 unknown /C=US/ST=Illinois/L=Chicago/O=FreeSWITCH/OU=Blade/CN=Blade Controller Downstream
|
||||
V 270905095650Z 1002 unknown /C=US/ST=Illinois/L=Chicago/O=FreeSWITCH/OU=Blade/CN=Blade Controller Upstream
|
||||
V 270905120806Z 1003 unknown /C=US/ST=Illinois/L=Chicago/O=FreeSWITCH/OU=Blade/CN=Blade Client Upstream
|
||||
|
|
@ -0,0 +1 @@
|
|||
unique_subject = yes
|
||||
|
|
@ -0,0 +1 @@
|
|||
unique_subject = yes
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
V 270905094459Z 1000 unknown /C=US/ST=Illinois/L=Chicago/O=FreeSWITCH/OU=Blade/CN=Blade Master Downstream
|
||||
V 270905095216Z 1001 unknown /C=US/ST=Illinois/L=Chicago/O=FreeSWITCH/OU=Blade/CN=Blade Controller Downstream
|
||||
V 270905095650Z 1002 unknown /C=US/ST=Illinois/L=Chicago/O=FreeSWITCH/OU=Blade/CN=Blade Controller Upstream
|
||||
|
|
@ -0,0 +1,33 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIFwDCCA6igAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwZTELMAkGA1UEBhMCVVMx
|
||||
ETAPBgNVBAgMCElsbGlub2lzMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQL
|
||||
DAVCbGFkZTEeMBwGA1UEAwwVQmxhZGUgSW50ZXJtZWRpYXRlIENBMB4XDTE3MDkw
|
||||
NzA5NDQ1OVoXDTI3MDkwNTA5NDQ1OVoweTELMAkGA1UEBhMCVVMxETAPBgNVBAgM
|
||||
CElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENI
|
||||
MQ4wDAYDVQQLDAVCbGFkZTEgMB4GA1UEAwwXQmxhZGUgTWFzdGVyIERvd25zdHJl
|
||||
YW0wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDK8mciD1y9F1fz08+4
|
||||
V1d6VZfv87h0V4/JihsjFEAlvog1W1BsfMPw1eNGmykDVZPVgmmgjP95UZYBm9gW
|
||||
P26ze6hzA/7wpqdCs/tG0XsiCS5NsyP/9g33hcXJqzhTQXoqn0cGRJzrre2AfPoX
|
||||
2CijWpjH3ufUMyZzN7fP7/VCYNEDR/4Geyp3RjBnqw4PlFqroME2762kNC5jGkCh
|
||||
hPUpYrKwNE6mvQ6H0DwjJl9cHR9ynssU81h0TDa98N6kKcDLzK7BAoFtFGRKrFkL
|
||||
db8LtvbG6zyLZrpJtwkcgfyOoKtXMuHGfISnnMtbgi6IyZPfo/9RcKK6q6a3/ZHE
|
||||
plwJAgMBAAGjggFkMIIBYDAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAz
|
||||
BglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmlj
|
||||
YXRlMB0GA1UdDgQWBBT5po36vCPKHCecbSz1ueDbFDZ1jjCBmgYDVR0jBIGSMIGP
|
||||
gBT24ScXvFFEdGFsK+X5SxmWnAmd/qFzpHEwbzELMAkGA1UEBhMCVVMxETAPBgNV
|
||||
BAgMCElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJ
|
||||
VENIMQ4wDAYDVQQLDAVCbGFkZTEWMBQGA1UEAwwNQmxhZGUgUm9vdCBDQYICEAAw
|
||||
DgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMCoGA1UdEQQjMCGC
|
||||
EW1hc3RlckBmcmVlc3dpdGNoggxtYXN0ZXJAYmxhZGUwDQYJKoZIhvcNAQELBQAD
|
||||
ggIBAJ73CuGQvtFkzQxhVvmWcg7TOHeV6I1IycBXDgyEdL3MEC+z2vXpz7NwzcnD
|
||||
F0gYBVXAszSkNsLxmzUsxSr2IOy6rTJ/5R/GP9/3NLfjF1H2r1lxytfngMokp6ts
|
||||
AiCPu5fiIyYPlwj3Gcbw0+n8LL06oPKGf291eHRjWlJbbI0grUW2W1Mdajd9U42z
|
||||
vadoY0NAtWiZI3sM+OpicAg8hsYLN40KsnEag3Y6JdsDNiT05qKDhUcqVROlVcu4
|
||||
CT4u1gNROClAt/iUGA2s8jsPutPEedtGuAcIHqDk60C6D0v1+PokdFGG2ZBgHZLg
|
||||
fXRsPYzAtsqhyUW3jyR3XYEoIj1tU+zHRZT7B5wPczhOBk5LOHf+QYVVzwV3Ff5x
|
||||
8de8KRXRSg2ygLQGpBWTqMzzrjVgeSBNzC5nW/WaQHkMxmSGvUyvpUVUX/ySpDFf
|
||||
r4JfpYHmxSNWVdRVBmCzTBq2qM8npaPWsagXWOv/hdZcrTTi6nnrWxSIFogiY9DX
|
||||
YW2GUENt56AlXlyhiKd/NCWkQN5c/pRjV8EVUSTNuLNwFsGWmdZdjiaOUeILxHQS
|
||||
OyzvTgKohqHikECl1wISRuDY8Fbu+xfqUaERsSfS35CBKW3qtmnmg+9meE6MRj7I
|
||||
sbWoHXx7dJZst7vcDDsBptUPNUFKsgHKqfaGrb7hJGro/vTV
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -0,0 +1,32 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIFmDCCA4CgAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwZTELMAkGA1UEBhMCVVMx
|
||||
ETAPBgNVBAgMCElsbGlub2lzMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQL
|
||||
DAVCbGFkZTEeMBwGA1UEAwwVQmxhZGUgSW50ZXJtZWRpYXRlIENBMB4XDTE3MDkw
|
||||
NzA5NTIxNloXDTI3MDkwNTA5NTIxNlowfTELMAkGA1UEBhMCVVMxETAPBgNVBAgM
|
||||
CElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENI
|
||||
MQ4wDAYDVQQLDAVCbGFkZTEkMCIGA1UEAwwbQmxhZGUgQ29udHJvbGxlciBEb3du
|
||||
c3RyZWFtMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwEA1njlU4qAG
|
||||
2/KskXthKBI35KDTND92Dqg6gkAvbC/IGEJJyzxw7Fd2AjNMAbNLuaasK9HFRwPh
|
||||
ZXOLQjvl+wjwtBEAgGw+gLqrLdC3RVuiWlxGsbfB4tAYn9Av44jURYc1Prprnvqz
|
||||
l8+DIU6UTuRh9JimoyL6NC4rqgcvo8LjR01RNn27RdyeO/VhDjdiU2/vC/OujUqn
|
||||
InhtGvTB/KrDJtxLEcl15zBGe0PBoolYCF2+8FS2cMFw8y2aeeNeOfvjlzMXOxGG
|
||||
4vohxUNx/DZh6aNUzbh9Fp7gvJQ8ZRsRNqtI3AgGW4+7Bt4US9ekM8RQjRb51Vk/
|
||||
NcFhOKejswIDAQABo4IBODCCATQwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMC
|
||||
BkAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJhdGVkIFNlcnZlciBDZXJ0
|
||||
aWZpY2F0ZTAdBgNVHQ4EFgQUowMxPRDVCvF5Ax/Nvn+quWWny/kwgZoGA1UdIwSB
|
||||
kjCBj4AU9uEnF7xRRHRhbCvl+UsZlpwJnf6hc6RxMG8xCzAJBgNVBAYTAlVTMREw
|
||||
DwYDVQQIDAhJbGxpbm9pczEQMA4GA1UEBwwHQ2hpY2FnbzETMBEGA1UECgwKRnJl
|
||||
ZVNXSVRDSDEOMAwGA1UECwwFQmxhZGUxFjAUBgNVBAMMDUJsYWRlIFJvb3QgQ0GC
|
||||
AhAAMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG
|
||||
9w0BAQsFAAOCAgEAayl96eapLsMHWJDT/p1qfNhMYR+JtO7xaaGLJ+yiibY6T1Be
|
||||
1R5dLhG7y00Ww1Os9B4F3rWScFxpGqI9GgX8FAGo94Rm3c6+qLAKj/IZmXC6Dgg/
|
||||
VzqppcxMt+wo4HsYYhiamVLCyPTrOpPZ82X0+rlR+7iQRbEQ09ubfrb1ec/rDbfU
|
||||
Kucr1ugwAyOLCmTsK+PAXhAdT/9ci/pL2uO9AxKYgSqvc9VnxoyUusq4Qouxb76I
|
||||
qmbkGxVN0iP67tJ9jecyaXSoAJ6kBUPAdOesp9shPXmxnU6sPbk5FuJqNU5uZmK+
|
||||
KFwGMycLOl8wGAtK88GlupSYHmUT1CDo5rKFtOtyD0wcjM1p+lieQIFYDRV4OLXh
|
||||
qTa3gtgVRqEcXdn2GdtNFlO87HWR8ptr4gA3jfm/yaC3WGqsgbZtXyPerSIUSd3B
|
||||
op+5tvE8oqaIahCJV+Lj5XbmXoQkVKGel1xQjZ9rZavBxvwT4BlTNjYBZQHN0wsk
|
||||
T9Pd1jbytZ9Ffwf3BO/vnkeo4mXSybYN+Ohfh3+bDPMu+NDL7m2/V8ZhIuRCJP0w
|
||||
YBrlHHxvn4wjVOMix/KXcYXMlVenL0V1xTUHhFhQhBWQ9V4TzzWq/YeZH18MyB/Q
|
||||
J9vGivKGGFUcs2F7ze+juVOPuUv/hE4ypdPAa4uq+v4HUQAD3mYZkeJnq8o=
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -0,0 +1,31 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIFVjCCAz6gAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwZTELMAkGA1UEBhMCVVMx
|
||||
ETAPBgNVBAgMCElsbGlub2lzMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQL
|
||||
DAVCbGFkZTEeMBwGA1UEAwwVQmxhZGUgSW50ZXJtZWRpYXRlIENBMB4XDTE3MDkw
|
||||
NzA5NTY1MFoXDTI3MDkwNTA5NTY1MFowezELMAkGA1UEBhMCVVMxETAPBgNVBAgM
|
||||
CElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENI
|
||||
MQ4wDAYDVQQLDAVCbGFkZTEiMCAGA1UEAwwZQmxhZGUgQ29udHJvbGxlciBVcHN0
|
||||
cmVhbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOLeR7h7lhJR2/T3
|
||||
uaG8P20ko4Zo9wudGS/GN+aFv5EpFjlnRRxxbaqc5FFxWSWoJpMvrciX+4izC/jg
|
||||
mVSU9L7TdK2svGT8rqbXz31H3wEIBP4irKLtW22UbOZL2JoiW8kDUMcyOsc3jTqp
|
||||
Ewm96PSiYUJHvP6aTJRJdsAlmxZoJu46hxg8tNuy0V6YVPBZFU9NODEosm/wwAFo
|
||||
Aly70lvUD/kXBZFPBbgMy6xHVPrXKdou2p4IwfWNqm4VmS652YkjG7avSSAnTaph
|
||||
taTTCvtwOkCvrjJHvg4AG+zgwPdRxSZRqm7+zQdAIyC3zQzQRkbOizlZXej+ffXj
|
||||
EiPNmNMCAwEAAaOB+TCB9jAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAz
|
||||
BglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xpZW50IENlcnRpZmlj
|
||||
YXRlMB0GA1UdDgQWBBSmUpL+sqt/zQFJU1CnvyTAKVEttzAfBgNVHSMEGDAWgBT2
|
||||
4ScXvFFEdGFsK+X5SxmWnAmd/jAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYI
|
||||
KwYBBQUHAwIGCCsGAQUFBwMEMDIGA1UdEQQrMCmCFWNvbnRyb2xsZXJAZnJlZXN3
|
||||
aXRjaIIQY29udHJvbGxlckBibGFkZTANBgkqhkiG9w0BAQsFAAOCAgEASJ0KLhWJ
|
||||
74j+jbHNAKMvqjrhCBSrAr6Ma94L7ut35umYx9jVQhlvW5FQnI+cGU9s+RRm/tkK
|
||||
bze6aP+FaQdQvQMaxH9P7nCUjEXvKutzATwmXdRNv8MS+i9xVxX1vodZz2nSJ4uE
|
||||
4GqwiS+HtF5W4DCSId55RQ/1lMsTHsDNi0SspV5nubGJ4qDv/EA6vgkEUMbR6X3J
|
||||
phLcVTNeM+MvwYFZWZtnXkLnejZUYXMvtCCPwOW3fMQP8lWzNHwCOT+rZCboCnba
|
||||
NMAOKKkZDiz525wYUsYqDrLN8Q94m1EwgCjIhd9Vn4aLZTBouKAouFW+//L8WWHA
|
||||
rHFQuw4fy/efZzd1B+AaiM5FfWcKZuGQqa2LJS//GHDQGbRYZZOX505qOSKonSBU
|
||||
vTLFDYIE4gIYWFFUZqzVOJnafRUGEVl1V5xLZajM7HWMuhCK8p+XA6QM7HQXDUMd
|
||||
tMa9+EhU5nDF5V+gQmzjNDkh3xGLMbkZceEIP4nSRT9rTEVfILsQ8Q6G9pWYfYf7
|
||||
NsSBmax/F/8Jbx2gw9UVo7HVDx6dA5FRht4K8qiT6aA/5pRSOADMRz6ISM2idiF9
|
||||
NjadbBo+nVPtKosSF5ZGKxTAdYMUb34FMdp1N7J4UzG1ZBiLpNa3+7R3GGbtlNy5
|
||||
WLn35rnLEHYt9KvftBeYz58KVaiPQz/af8c=
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -0,0 +1,30 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIFPDCCAySgAwIBAgICEAMwDQYJKoZIhvcNAQELBQAwZTELMAkGA1UEBhMCVVMx
|
||||
ETAPBgNVBAgMCElsbGlub2lzMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQL
|
||||
DAVCbGFkZTEeMBwGA1UEAwwVQmxhZGUgSW50ZXJtZWRpYXRlIENBMB4XDTE3MDkw
|
||||
NzEyMDgwNloXDTI3MDkwNTEyMDgwNlowdzELMAkGA1UEBhMCVVMxETAPBgNVBAgM
|
||||
CElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENI
|
||||
MQ4wDAYDVQQLDAVCbGFkZTEeMBwGA1UEAwwVQmxhZGUgQ2xpZW50IFVwc3RyZWFt
|
||||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7QkR1NA64HPzuYYko7LT
|
||||
ciwCWu1JLGuA3/7DkskMZ180+sQ3dBG4UjujKMRc0h65oFZc//WYIfmfUznLvLsR
|
||||
ygghlevPqgGRGdf9WHIMjo9+hLM6MgZ51Eqqydh42L7sen/2bO85gh/pfxno3+uP
|
||||
FGIJtX6GFiJ5Hp86wF+cqnfRRUFo+0L34+rLY08fITEkTbPjNg5R2jcWa+dWJXIJ
|
||||
i3pud+ulWPTKalYiUvsqN8tucjJIZb279yzrxsV2qjRqHBCToBj9/kcJHD8gKrpE
|
||||
f1HsiLLJ7PEAID1fMONTL5sVXCJ1TXpjWNZTlcTCCMAhrEghGMZV0FIm7GS//naq
|
||||
ywIDAQABo4HjMIHgMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgWgMDMGCWCG
|
||||
SAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBDbGllbnQgQ2VydGlmaWNhdGUw
|
||||
HQYDVR0OBBYEFCZDQ3rDX5H3YjuUjV5wsBi/GYyhMB8GA1UdIwQYMBaAFPbhJxe8
|
||||
UUR0YWwr5flLGZacCZ3+MA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEF
|
||||
BQcDAgYIKwYBBQUHAwQwHAYDVR0RBBUwE4IRY2xpZW50QGZyZWVzd2l0Y2gwDQYJ
|
||||
KoZIhvcNAQELBQADggIBAETxSF12VHvtjQA/uP6oUyENmu7wSbINUQZznzyJZSUQ
|
||||
X0eym9llkUqviMeT9g6wRIoFGSnoMuDkxKbG5k6xVIw6xBUeS+Ce40nhH3qmMkRi
|
||||
2DZgoqpQHb4DrTszJlXCxLhnnE83DuGDGxN2MbdY1HhCUo8yHqlCiA27hnxk46xh
|
||||
Xuyx44zoYsdpnROppSwBAeaW9Ewanp7GL8ayWUkbBy0kGV+8wH7u9bpijevmGZSC
|
||||
iykbYBM7V+RvDvZoywfNSP+l9H77Tv3SI6G40Pfc55M5MbFOa/Po+XjNVeoTOFCu
|
||||
YIgIm/kA2OUySyBiOy54HfxG5BecZYW+uUm2KIrDX5bS2tZcCww2eo4AKCXEYWrh
|
||||
1NM1xbeZCregMQ+2gRap4jhB5a49JoH3KPrjFc+1fhnv68bmSAUWwF0twwxev1Aq
|
||||
ugYwx5lOhAl9+wAZbtsUsmsCp0AmzsIzgv43H6lMXUMjwH8v770J7vpKgMzvXlu8
|
||||
wWxFKVMfyocQqvOvBQ3i9SwptnA0ORO8Y8/+Tyu8uW8as/H7z9qaHBcCOWl1RZkR
|
||||
diBrb5f+OtnamvmDM32APxYtfomj9pgWyxK9vmeCpCILdga3c41iBHbGNJDaNz9q
|
||||
y9N8z9w887aKQT+HUjoDD2/Zb92Nia1tY+NU0Qd3AQZysJjz1Pq/Eu7KRpHAirTC
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -0,0 +1,132 @@
|
|||
# OpenSSL intermediate CA configuration file.
|
||||
# Copy to `/root/ca/intermediate/openssl.cnf`.
|
||||
|
||||
[ ca ]
|
||||
# `man ca`
|
||||
default_ca = CA_default
|
||||
|
||||
[ CA_default ]
|
||||
# Directory and file locations.
|
||||
dir = .
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
|
||||
# The root key and root certificate.
|
||||
private_key = $dir/private/intermediate.key.pem
|
||||
certificate = $dir/certs/intermediate.cert.pem
|
||||
|
||||
# For certificate revocation lists.
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/intermediate.crl.pem
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 30
|
||||
|
||||
# SHA-1 is deprecated, so use SHA-2 instead.
|
||||
default_md = sha256
|
||||
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 375
|
||||
preserve = no
|
||||
policy = policy_loose
|
||||
|
||||
[ policy_strict ]
|
||||
# The root CA should only sign intermediate certificates that match.
|
||||
# See the POLICY FORMAT section of `man ca`.
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[ policy_loose ]
|
||||
# Allow the intermediate CA to sign a more diverse range of certificates.
|
||||
# See the POLICY FORMAT section of the `ca` man page.
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[ req ]
|
||||
# Options for the `req` tool (`man req`).
|
||||
default_bits = 2048
|
||||
distinguished_name = req_distinguished_name
|
||||
string_mask = utf8only
|
||||
|
||||
# SHA-1 is deprecated, so use SHA-2 instead.
|
||||
default_md = sha256
|
||||
|
||||
# Extension to add when the -x509 option is used.
|
||||
x509_extensions = v3_ca
|
||||
|
||||
[ req_distinguished_name ]
|
||||
# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
|
||||
countryName = Country Name (2 letter code)
|
||||
stateOrProvinceName = State or Province Name
|
||||
localityName = Locality Name
|
||||
0.organizationName = Organization Name
|
||||
organizationalUnitName = Organizational Unit Name
|
||||
commonName = Common Name
|
||||
emailAddress = Email Address
|
||||
|
||||
# Optionally, specify some defaults.
|
||||
countryName_default = US
|
||||
stateOrProvinceName_default = Illinois
|
||||
localityName_default = Chicago
|
||||
0.organizationName_default = FreeSWITCH
|
||||
organizationalUnitName_default = Blade
|
||||
emailAddress_default =
|
||||
|
||||
[ v3_ca ]
|
||||
# Extensions for a typical CA (`man x509v3_config`).
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
|
||||
[ v3_intermediate_ca ]
|
||||
# Extensions for a typical intermediate CA (`man x509v3_config`).
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true, pathlen:0
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
|
||||
[ usr_cert ]
|
||||
# Extensions for client certificates (`man x509v3_config`).
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = client, email
|
||||
nsComment = "OpenSSL Generated Client Certificate"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = clientAuth, emailProtection
|
||||
|
||||
[ server_cert ]
|
||||
# Extensions for server certificates (`man x509v3_config`).
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = server
|
||||
nsComment = "OpenSSL Generated Server Certificate"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer:always
|
||||
keyUsage = critical, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = serverAuth
|
||||
|
||||
[ crl_ext ]
|
||||
# Extension for CRLs (`man x509v3_config`).
|
||||
authorityKeyIdentifier=keyid:always
|
||||
|
||||
[ ocsp ]
|
||||
# Extension for OCSP signing certificates (`man ocsp`).
|
||||
basicConstraints = CA:FALSE
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, digitalSignature
|
||||
extendedKeyUsage = critical, OCSPSigning
|
||||
|
|
@ -0,0 +1,27 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpAIBAAKCAQEA7QkR1NA64HPzuYYko7LTciwCWu1JLGuA3/7DkskMZ180+sQ3
|
||||
dBG4UjujKMRc0h65oFZc//WYIfmfUznLvLsRygghlevPqgGRGdf9WHIMjo9+hLM6
|
||||
MgZ51Eqqydh42L7sen/2bO85gh/pfxno3+uPFGIJtX6GFiJ5Hp86wF+cqnfRRUFo
|
||||
+0L34+rLY08fITEkTbPjNg5R2jcWa+dWJXIJi3pud+ulWPTKalYiUvsqN8tucjJI
|
||||
Zb279yzrxsV2qjRqHBCToBj9/kcJHD8gKrpEf1HsiLLJ7PEAID1fMONTL5sVXCJ1
|
||||
TXpjWNZTlcTCCMAhrEghGMZV0FIm7GS//naqywIDAQABAoIBABSZ9TLJ5lQbv9Mg
|
||||
FY8ku7vwl0PP28xAi7LsMZNQZgOWAsTIyQkNgTekd0nTxz177iZBW1PjxJUvXOme
|
||||
3FZK7ADjNAgTtrjP6gyU+S/2uaCqWBSwfx5Z8bzBwJZKejZcYbFD7ecJ47WrkF+7
|
||||
oMHVd1oOK0na9Ux3Mo+2xyRxKuyl0ngwYp71pDh2QyCqZUXBEeY/gD6rPOf6Bt02
|
||||
+fEjsePe0wGJUpiTpThwJuYH8nHQviXIN/zEK5CN3kOFC+fVVRLrXENmOrVBUMjC
|
||||
l8falZza/dtzStDDKsC5gQw+GZM3TC/1zo0eb+uzTeTLDH3o5GWsCAKC9MMImZo/
|
||||
gu9KkgECgYEA+Ecnv+nfAn6REU4jztFYcAHGMs0dEJPJK1AD/TkwMYC7Ve2uUNuz
|
||||
/0KsKiz0SyqhQxsvBHnj2FVlTZCxGQFe2KhVF3cp5miALMHlH/mbQyP2nnoO2+Ny
|
||||
A8GBizPNvugdDKUrnj/6jIp6S+2jhR5OfEtY2KgA5QjGRMIxndhsNo0CgYEA9Ghm
|
||||
Hk+UtutZ7NPXoZBH0iuBiDj3NOfqX/84mUb4XAQ+EVUw62pGpTf2OU8RRuHgGoHf
|
||||
aRcrfga/wtKx3/UA2m31xNhIWIHSGE35neyzQQXBp6fB2bhUCpPBgFCJz+fQCdOj
|
||||
fcCw3vrMf2H5oS/0azIsgsDRVp9lNAOtgdfFXLcCgYB5IgZTzSBAUE4o+k3gLyWN
|
||||
6F+yE38VwnUJC84Wcxt/W4aLIx7EVp0YcogbP7mlHtR1MEMdVPcEao21bV3qjE+h
|
||||
N2fkvgAUaXH35FYM5rSI6nf91CGByROsn3G73/eHKCpcLA3+9MoiXcHTX8tDPIkg
|
||||
fYaIlldxZ3mMvI6Gq7wIVQKBgQCba0P85GhSRalCg5fson45dPcC9A6ncw7Eityo
|
||||
A8xtXzlE9mKMYWGZMNP/r3ryEzLaSFoUTuqWUp5gunDoVLl9LU2LJmoi9jLux68D
|
||||
MQDwSUPTZEdONvwiWcFD4nMwZV4S0aV2kzEmKmAeZOREDuWjwR0y7IByUBwgDnKo
|
||||
TdiwUwKBgQDJ8OYzNPvp6wJ0vGg3s7ula8tiHCPmFCRJVLV6H1a+UDQD4MY2DdFa
|
||||
MgyxbetwglrSJNI4KJnc+WRYKspvTHlIkkr/GyJRW1EtBBED+drkOmvZE7vc51mN
|
||||
vj79bK66jJls/ul7YQxaKPHhB77zVNFJzWfZ8BrOCMhNTuxIE1xpRA==
|
||||
-----END RSA PRIVATE KEY-----
|
||||
|
|
@ -0,0 +1,27 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpAIBAAKCAQEAwEA1njlU4qAG2/KskXthKBI35KDTND92Dqg6gkAvbC/IGEJJ
|
||||
yzxw7Fd2AjNMAbNLuaasK9HFRwPhZXOLQjvl+wjwtBEAgGw+gLqrLdC3RVuiWlxG
|
||||
sbfB4tAYn9Av44jURYc1Prprnvqzl8+DIU6UTuRh9JimoyL6NC4rqgcvo8LjR01R
|
||||
Nn27RdyeO/VhDjdiU2/vC/OujUqnInhtGvTB/KrDJtxLEcl15zBGe0PBoolYCF2+
|
||||
8FS2cMFw8y2aeeNeOfvjlzMXOxGG4vohxUNx/DZh6aNUzbh9Fp7gvJQ8ZRsRNqtI
|
||||
3AgGW4+7Bt4US9ekM8RQjRb51Vk/NcFhOKejswIDAQABAoIBAQCPBjXdhGF2R/9S
|
||||
WnOvt85L9WHHoS3/TMcTmGwOwpmFLvb5tTcZD9oiud59PJRrH2xSrYChCOpvLp/c
|
||||
zdzoZY9u9vO7wnpREDZfpn/7Ea+G1ekuuD+Pr1l61726BzPZXs4s+63NAPtXxsMd
|
||||
SbAQc1k6aAXH5ljyPO9PKpopYDc86FCJwPikedeYAHzRG7o5msMUiyTQJkiti505
|
||||
cpK+YC6F0KxLzhYKKy5UlWW9J/j5rZf1UkK9keaP+dWxi3u1177aaZh3f/RMl04I
|
||||
QFxhfIElyuzcJK84uC3Ddmwjk88ix9RqP3Ho7EY+ly5WpHcuHJVXxKgOQXheRYeH
|
||||
4GQN2nBBAoGBAPOwQGPrwYkHjjWUAZ6NAvhxwUfJipjcdj0mF1J9aHzg6nn3PpE3
|
||||
nbFipPGdfTIf+v6QdpQJ4BEwCEgXNctfcqyu5UUv6S5TR4vAIpkuffA10GQaxcX0
|
||||
OXkdi/KgcHle0RQW+FJXMBfkr7DXidMy4XFK06kp0VPsECrINpM4B8hJAoGBAMn2
|
||||
sCrHn8zq3N1hO9gRPCjyArLLJEwL1QzwY07oIjPQFUsIHmt9ixh3VcipMoChqxfn
|
||||
dPSWqeLiq/t0e3ekSGLQf9juivoKZzv5KQqFoPg8/9eWnM988OuXQ525AgnaQIq2
|
||||
Sb1I+Yo5pS+PUShHrDBTI7Di+wMkljERZ4qy0WQbAoGAdkXU+qoyBI/mNZrgLlPC
|
||||
XVLYvD7VRdu6h3M1XpP/YpzHMOsPMuwLXUzDQYFugiWDbIoxAyjH14+4dUTOlyZ8
|
||||
QdOg8zONuS4yS2G1aSNnfG6h9fQIiUs/mcj9Y4T7Ee0zDM0ZON2YOgCERRBXlGnd
|
||||
gV8P28qwDktEjX8e/dTz8gECgYEAugjSHZXkTQ3KhOGcDltR3yWN9sPIm4QKq/CC
|
||||
iZyqZK+37XV9D+aEyfSiwEOakYJZ55r80JA3zRae9PFHCd36D4ufOGQDAG+0yDmq
|
||||
5FZTAFawFBZYO4gLI/giAJb6mbjA2wUux30A36JZ1oVdbI0YvyrWJYnvTeXVsz0k
|
||||
803kMyECgYAZW+NOhX4mXr2N4qfpQqE2JZZCPY9SlOJLwbS117xXqeOuE5Ht5owr
|
||||
DUO7z5Ps5dvDFdcvWf7wE4L8ZTxUNywFUbONb3dIH7AuIQXn8wcu3LqQbt15g9f3
|
||||
7vpm6snlbgebSMWarvE+W8DhklceuYizodI639HSjd8qNqCsiVWLbw==
|
||||
-----END RSA PRIVATE KEY-----
|
||||
|
|
@ -0,0 +1,27 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpAIBAAKCAQEA4t5HuHuWElHb9Pe5obw/bSSjhmj3C50ZL8Y35oW/kSkWOWdF
|
||||
HHFtqpzkUXFZJagmky+tyJf7iLML+OCZVJT0vtN0ray8ZPyuptfPfUffAQgE/iKs
|
||||
ou1bbZRs5kvYmiJbyQNQxzI6xzeNOqkTCb3o9KJhQke8/ppMlEl2wCWbFmgm7jqH
|
||||
GDy027LRXphU8FkVT004MSiyb/DAAWgCXLvSW9QP+RcFkU8FuAzLrEdU+tcp2i7a
|
||||
ngjB9Y2qbhWZLrnZiSMbtq9JICdNqmG1pNMK+3A6QK+uMke+DgAb7ODA91HFJlGq
|
||||
bv7NB0AjILfNDNBGRs6LOVld6P599eMSI82Y0wIDAQABAoIBADhwdAdBN6R3GPFo
|
||||
b5X87wqIAuZ9VnhdLNblySJgQ7gpMI43Usowrce0IFjiifsEShRz2Bf/N2Rapq/T
|
||||
sFGKfRi8IlrSjkvRUOHQ7p2MM75d8GAI4EnoIsawFid01v4BbjQjzwS/SkAlYc0m
|
||||
IsZZqIqzmt6SWkI8wLBjVleXA24fIvzgb/k0scAK51Zu4sgEYQmZYzzIdEjPoaj3
|
||||
SgU3YgsHFkTl6fwu56BqIyXIymmKIYmMyljFXXvEzqePsLAxH3nBoOjViIzybCRz
|
||||
twoCY2Ww3ddNJpJmldccs+0pB0i+rdnxg8lS0QCExI8cLNy8fzEQmKX5BQtGnd13
|
||||
8dO+0AECgYEA/gx5Oe5GZGMFtwVkUpAdwlGHB4chaX3BWAG2aHM6qmEoV6GntQog
|
||||
FMko6ifHY2oFt7gLR18bYQqgvpqkRlFieG89Y5Crsz6rSqu9HtBezuLibQ+9DRaZ
|
||||
MdGDrNjZ9gIv4W4bwakp9SHnvIyVDXzvX464XBF4Xp7B3kGkIPkQh4ECgYEA5Jxc
|
||||
3DYy8G2svF5hln3DmR2EKsoAfC0pdq+pxCxPDE5v6GONuwPnSB6YdP0nAZuMr+CY
|
||||
VZuiajH8lbZTjKYLAvi31B8hNV7s68YegUKYM21mzlGvlc9agjkuIQsHullHN/8R
|
||||
A7wuXoBC93m+0sQ86gX4Yw56kzHvmt3bt/R2qlMCgYBzYazpP6veyg59akh/Kw8p
|
||||
AyglphzpsYDPfK+gzrzVRx0wd64Yjkm1xwr7Fif7odqI72DIAI0JzO7mwotbmHj1
|
||||
o+gowTsKRKs9VbSmOxLkOa2GxQAi4qGfO73nEfIkRigC5aRbl34D5GtAekT0BEsf
|
||||
hk17G0AlEUuRqxRlGVmFgQKBgQCybpjMCEGaBwBbxg7FN0QDrlYKT8AxK87BJDqN
|
||||
M0g/grk12P42icVrNPYp2a0oRBB69gHwT5lk6b8L21M65B6UIyzYE7QHxB+HpwsI
|
||||
OMIy4aDsSDWT6FPscFTg1Ysil6xOuHa/Q5GtkM6z+gJG34Pr5N0J87MYUFGDvsZP
|
||||
vi8goQKBgQDWvwsSBOdVp0A5CxjjCDdIZWSg9VnHDulNiKg1uk3Ohg/N12ZmK0ZY
|
||||
HBy5hHSYBIx0PixfdKC6fkjbDdWCeKCoLqeUN3NU7WyDb+hnvDHI4uYU12CkXBnE
|
||||
sSdNVzfzCouLg1czYdxnlItwYRc5pTnTdEvdZJC4lNDSvrx+wM1GeA==
|
||||
-----END RSA PRIVATE KEY-----
|
||||
|
|
@ -0,0 +1,51 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIJKQIBAAKCAgEAsiVjUmZX3PrCMTqIQhcdSXYJGexrWMP64OTgj86dw517Ol+/
|
||||
aZE70LtWRx59dvnIOt1r+qryv2k1WbpDbAIkgIiWsr24r3RIuwHxaw7wOeu/0TlP
|
||||
H3pTonmoPHkxrcgUzt8XUpQ/UtVrClLiUwwoWFzJ38/V0A1laXMcIGgzg70cyjiw
|
||||
pjHh/PGfTTIo0r5FThbJ3d5ye046D8O3HcUe3VsTFQW49RayBVRHxv5Hpn/VTqJZ
|
||||
77fH9cEBRUIGHLO3s6sKljSDdNfvBUKHsJp+lmdN7niCMyjWWpKtonkOvhKfUtXW
|
||||
BFrxxVCs1tRn6bZoew0vGakS+IcMtN3brvHmpcQMI1qN6wmJIAtGlDMAkT+d5C9V
|
||||
rZ+JpXs9s8aXG1RzJHwn2wZ+65vLjz9G6U9DUKMvX6wj4gSWcxmpOJpv7VNPk7Io
|
||||
xhhGNDiTdH+BQafQyFAFzLVU4/oZUYSB45gAJsNKO9g70dl3Iz2K+nEuFXcExUzY
|
||||
HQ+YXEuAV3IGUg+Q/fr/mQHM4UlZ1isws/+9qEVWZOB68ObxSGLc+8S3qQpSdYeQ
|
||||
Ed1qPMMou9uHzL5RyBqns+1PxqllH7wn1NfzuAwXMfmvhdxIX3uKcn+rT3xXx3Kg
|
||||
8mkvo9EDOKAFcaYHZ8WEuC2hd+4p8j+d+BAc7sxtgIIU/jM5yHaQVlh6EFMCAwEA
|
||||
AQKCAgA4vlX7qiO0fJ8cZSN/wbMPciyF+FtdA9fGiMDKraps452bw2HJ83vVCcb6
|
||||
kkiue/N+ZIb/ajI2LAHVWdId9jTASEGQH4RTRrvf7UeDrVdxa5lGwHVmdmVrbErd
|
||||
MFFVpFSUbFUWdagR727P9ASpJUc4lh2rT50wTwQNaZ/85pP6E2O3OgVyepMcKa5v
|
||||
PVnpfre+nt2f8ToP8qPl35ZVQjOJmHfki1UVpCwCLI1MYjRaYX+FM4toIubrbZXF
|
||||
BLnDrK8H6KRPodx5fEpjJ4TnCN7nc3JMUlBOkWRtpyjthpfejTn4fapU6s715bOY
|
||||
HkIXHIX9I/7rsoIbbZDrj3tpJx4rCM1SkbjIylOvgWe7fEa5awiHnVQYL2Mwx60w
|
||||
Ag35r+ZvChu7+rNP/xXh812jNPOoFfwdXktJ0QSIbZp2dJGJLwaaaf2WscuYtKii
|
||||
0L4eY4wuJFd08nIIKDSxx+U+kO9JImZE1gxrFZJFBkt5fR1HtiK5904AUExVHcFC
|
||||
Bkkar++TztO4rZSRm5kcIQQ8e0zFFSnQNX3FAgRPt+FG7Rqq2TbN0QnyCu6WtY/a
|
||||
66sUgFoJHv/kkiukUYZgzHLsUuQn12U1hl6hPKjxQFaYUQU+ZDVuT8dJ1C/XQbPO
|
||||
V5REaV5gcATsCIvcWIb6R1gqqT6xaDK8AfDUdcBG7RAZFP3g6QKCAQEA2Usr0l2r
|
||||
xUSSfvQEd/YgORwZaCBmDpPi+MmLDZGij44aUemo+3QlzJBu88sCQRHAHBsxshA5
|
||||
8aQxb2gLyKyhbYjp7PQwlvJdWXrsTYtQaJ5j41x62PDqZg3EuBs6hmmpHk9srl3J
|
||||
RS171C4GrY+hvCetpfBFjvBpGMkS5xxuf7ghtfEqihHeWEfhoBFxCovyTcEG5EpV
|
||||
bIGkAQmEqjihUkwqSs1beR7Uo3lbBQv7TJ8IpqJoO2KguuCmrqxJD7blAGA09XoC
|
||||
Ndjum3/xLUVv8X1aLa3NkGgsfNBYyEVOxmbxmtrEXmrOQ7ryr6XUQcbiWCpiRJUB
|
||||
le1UX5wOgOP25wKCAQEA0eELKk6nfhizZ4RT9Va5W70gidIcXk6n2bVxACybj+cZ
|
||||
yDMClyYQCREl2N/ndxWzlMAJG5v8+4fzhUHMvzh6HJirdJXWU0AD8ujPHDTEO1Ot
|
||||
3S8GXj+q6t9Q2Ov1bmAHIlT97rrPqiMKjgl6NrCg8LUJ5FiVqAONlPdb/vk7GRvi
|
||||
KdyccJPwEO8hXWljXRMx0Rb2g7OWXfTWxTi3APf5HVAYWIpPzzAAlNfnM8i+rPxM
|
||||
YnWPj3BZXNfo2T5dyL8tFvW0aNp8wSe8y31FXtanwzfkhEune9aeS6me/SJnTuVZ
|
||||
D4IVS5QmBl5uxp9EM3f5Q12wx8wQf6k7CSt26IKptQKCAQAaWwjEqkHkWm3eYiCM
|
||||
oFjGNIdMXumiCQP1oxRvn+N0wAqnNs0dOrg++KHMhioO1GVVw2Kis18j1QN9/MO5
|
||||
Il8uFvYwnGmsVVdHPCafPS+SkOuSryvjVk1H9ZGPtxXBKd2uZHnNKGj6MAsd8Ds1
|
||||
H//A/5sLTnpRXQ2SSQk26PbqHN5R4B+FwacTVBykupjYa6MHFUuNswprb8oBqjLi
|
||||
Jp5CiiRzEDdxGHE4JscIdKyVXZDCDV7RHSRbplXxR8pQ0qEyC3lA8PyFpXtDdyA8
|
||||
mnh6dPbUJYmSY2BJ/0dVezqTy/awDqrUvOWpx2oaLeXx2HqpsPJcWSppEfEy643C
|
||||
ymOvAoIBAQCBw2pr1gWo6QzDTAW9AsnH9r9PdyEjDe6ppI0hVnM4HeLK7P8FBPuV
|
||||
H40O8iDieAB4T+NRtrhLrFrcYTp+YCTf2WToyFujTUkjvt2OyvEo3Sv6PUDqtOKw
|
||||
JTKPbBRrEeRXTcVS/R24S8IS37k4ZyyaptRe4oZlQw0etXGjy+TGOX8z8rqmwFEF
|
||||
p1QxtR9CRMPgSxpPg5HMtby0Y8SCTM8xWHw1Ag8mQr+ZR4QjeFKsEbIIjjccsJIP
|
||||
3U6SQwUpQUpXj8LjsXLA2hjYl7N0V7OR99TKFxyObLuifFVYnRTSqurNs9gGyqpX
|
||||
9br4AzDfwaXUCPFsFrd8tt1RZhY229KhAoIBAQCO7m9O9VCPVff5G8ZPyBx0dBa5
|
||||
9izwZ+eOJVXAMJUlw6uA5rgzne6di3JS8IOzaKOrNVK2cXESbS97n1pBybqqHibg
|
||||
bBOMESsoin8VdQZVic5rGYr3f8llMrv3yaVK8UievCNBdVPXlBY58uVyZIxrkVyo
|
||||
Xv2x/+6EcarY46CT874zLhYHRcq/ZNWfQpUx5V2ySO/eNgSbbob4dzEdP52HpPx1
|
||||
JAGpTHiOkicORAu1RWN1HvGxMITz6q/pY81cEwOI4QsQJQs+Qk0xMKLqW6f1EZY1
|
||||
dgvQq8YnwSo1fOrVM0TL5jvbXK7vRVT2zQ/RkEMIza1qvfeGbpCDD8/O21so
|
||||
-----END RSA PRIVATE KEY-----
|
||||
|
|
@ -0,0 +1,27 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpAIBAAKCAQEAyvJnIg9cvRdX89PPuFdXelWX7/O4dFePyYobIxRAJb6INVtQ
|
||||
bHzD8NXjRpspA1WT1YJpoIz/eVGWAZvYFj9us3uocwP+8KanQrP7RtF7IgkuTbMj
|
||||
//YN94XFyas4U0F6Kp9HBkSc663tgHz6F9goo1qYx97n1DMmcze3z+/1QmDRA0f+
|
||||
Bnsqd0YwZ6sOD5Raq6DBNu+tpDQuYxpAoYT1KWKysDROpr0Oh9A8IyZfXB0fcp7L
|
||||
FPNYdEw2vfDepCnAy8yuwQKBbRRkSqxZC3W/C7b2xus8i2a6SbcJHIH8jqCrVzLh
|
||||
xnyEp5zLW4IuiMmT36P/UXCiuqumt/2RxKZcCQIDAQABAoIBADimja9uRl7qQzzm
|
||||
5Vb52otllTIAAH9JafPCP2z9XCKtGux5/uspsLBrpDOzYDF0E/5HlyCf+zhsU8lD
|
||||
LYCYWFh1rkHc3a9jddEi2IOeOhb4JRq/ZM8wahmsF9gBmYlz/5wiNftD7+HB/Uge
|
||||
mtlJF57xzTANwvzzAkqrRP4gZ4ANct1zlqfsSojObV7a8BN7nk5xWw9lfQ2JmB8/
|
||||
ZLcXqKOyHZzH7A1XigeBoFglONWbBkxaziWiTld5QT1CiL4u3vke3QefLEUtOQq0
|
||||
ti8iaapS9q/qMcBzJuBvlEG1QdrHpz7moLlinplnLJy0tVdPFBr2ICX5im+SxHik
|
||||
nUJd+QECgYEA90618dSSxGguB7EWm51yIuLw7TXlh3FPzD3O3FNhxcmdfd9HrNRO
|
||||
lJYev/z8j1c2YK0F2n4zn5XRyiu2NKa6U3EpF55+LW61WibkK494HwkzLpRWQUJE
|
||||
aoDVz6iNhmZQDMTecKl6xVJSIhYV2wf6uh+PRbxlxNAyFIB0dPf0cLkCgYEA0hSI
|
||||
XM4l0w3goTVqAVfbm92gRi6KEq1iMO6kXTCMs3SN6b3X8BW4AgD6rIOszrhbpkqp
|
||||
Y6qkPSsOoo0x0er4ErQIZgnNH+eDQIxRaj84zpkwj8NKw43NYSurK9VGDPsJz6dS
|
||||
dcJPIe6jKCrYPp/XDx8fZorcAqXOHscKFFVsfdECgYEAyYbVkzxzYSO4JsJzNtol
|
||||
cTJXvCWIZke7DCdt03MLIJ77/N+fS8IySrjOVAr3UGN0R3GXbIYc0TXIICRgtSUM
|
||||
fwSexMV98s3dcJpyouCltTzM/W8ZntI+aD+WfELRGS10nAMtdMdW6Ub88RPoOXWW
|
||||
JmejW+N7VteFh9lpjQuloNkCgYEAgwTtOrwS2PsZslDmyOmrfB0PvVV/JUDfMVdU
|
||||
SQ5jYfR6IWIWD5TsCsvjir4gg1h1SFPeKtuczM1StkxK2vmpN7jyV/ka5h/0OsiI
|
||||
ajP90NO3dqG8uhNxGH4spgzAQI48Qza+ddT2l1oGhaGa9guoC7VEVyaZKkmQMJ/A
|
||||
CIhyPlECgYAxxTfosu1A7ZrceRPONl6rgVFGoWlqsI5COL5fcNmrl8rGfTkSOMQF
|
||||
ZPNO/7rl/3Ziaah6CZf06qMSG9atVfOJ9OQ6bPcS6JLSIHGwU9NVlAjGpFSAlM2m
|
||||
/KEffzPMJlyz6c7sXLt1Hb+hjO15yYsDpHZynFSSffd91GHNx8Lhew==
|
||||
-----END RSA PRIVATE KEY-----
|
||||
|
|
@ -0,0 +1 @@
|
|||
1004
|
||||
|
|
@ -0,0 +1 @@
|
|||
1003
|
||||
|
|
@ -0,0 +1,33 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIFtjCCA56gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwbzELMAkGA1UEBhMCVVMx
|
||||
ETAPBgNVBAgMCElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApG
|
||||
cmVlU1dJVENIMQ4wDAYDVQQLDAVCbGFkZTEWMBQGA1UEAwwNQmxhZGUgUm9vdCBD
|
||||
QTAeFw0xNzA5MDcwOTI4MDRaFw0yNzA5MDUwOTI4MDRaMGUxCzAJBgNVBAYTAlVT
|
||||
MREwDwYDVQQIDAhJbGxpbm9pczETMBEGA1UECgwKRnJlZVNXSVRDSDEOMAwGA1UE
|
||||
CwwFQmxhZGUxHjAcBgNVBAMMFUJsYWRlIEludGVybWVkaWF0ZSBDQTCCAiIwDQYJ
|
||||
KoZIhvcNAQEBBQADggIPADCCAgoCggIBALIlY1JmV9z6wjE6iEIXHUl2CRnsa1jD
|
||||
+uDk4I/OncOdezpfv2mRO9C7VkcefXb5yDrda/qq8r9pNVm6Q2wCJICIlrK9uK90
|
||||
SLsB8WsO8Dnrv9E5Tx96U6J5qDx5Ma3IFM7fF1KUP1LVawpS4lMMKFhcyd/P1dAN
|
||||
ZWlzHCBoM4O9HMo4sKYx4fzxn00yKNK+RU4Wyd3ecntOOg/Dtx3FHt1bExUFuPUW
|
||||
sgVUR8b+R6Z/1U6iWe+3x/XBAUVCBhyzt7OrCpY0g3TX7wVCh7CafpZnTe54gjMo
|
||||
1lqSraJ5Dr4Sn1LV1gRa8cVQrNbUZ+m2aHsNLxmpEviHDLTd267x5qXEDCNajesJ
|
||||
iSALRpQzAJE/neQvVa2fiaV7PbPGlxtUcyR8J9sGfuuby48/RulPQ1CjL1+sI+IE
|
||||
lnMZqTiab+1TT5OyKMYYRjQ4k3R/gUGn0MhQBcy1VOP6GVGEgeOYACbDSjvYO9HZ
|
||||
dyM9ivpxLhV3BMVM2B0PmFxLgFdyBlIPkP36/5kBzOFJWdYrMLP/vahFVmTgevDm
|
||||
8Uhi3PvEt6kKUnWHkBHdajzDKLvbh8y+Ucgap7PtT8apZR+8J9TX87gMFzH5r4Xc
|
||||
SF97inJ/q098V8dyoPJpL6PRAzigBXGmB2fFhLgtoXfuKfI/nfgQHO7MbYCCFP4z
|
||||
Och2kFZYehBTAgMBAAGjZjBkMB0GA1UdDgQWBBT24ScXvFFEdGFsK+X5SxmWnAmd
|
||||
/jAfBgNVHSMEGDAWgBRaMzl9Nc1p7PgDWff+pvYOddMlljASBgNVHRMBAf8ECDAG
|
||||
AQH/AgEAMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAgGzDCfJm
|
||||
weo6oeSFmSLTmlBlTJZO+7igFWf8tunmTkg8wvKe+lCyDd2efNgUocI/NA+X4kRj
|
||||
YtDH+hq0H+JlDu/p4y4/t6Srx/dh33Ow7eCv2wtuSCeK5Y0euysXhI9gmPquUGOC
|
||||
HlHkmQcG03NbbrWt0+4IaPAaKxMuV0FR7KArudZvr+8gp9S8o0AkQVFZSbW41HQe
|
||||
a7DAJmLF0vLQWoVz/YltKjwAMs/ws8OWxUdvcOA3w6XmWmjAFn5hc2MgHgu513c4
|
||||
Vbq0535ghU0Eneqc23y2ELa+8hbn5yS5wcK1AS2HG4VoDqOJw+pv4Ko3T33mCR6X
|
||||
bUABSB+znX5kEZn8KQaP8sLm07kERGjCI3FLPscM1S851tah/iqBgddlIUn/YNpM
|
||||
9uYQ2PWu6UWvqyZfhgVIlb2LYJNERtKZPeI05SRIbUW93wUTiC6A93fl8SEE7XHa
|
||||
LMJt6+HLysR2IsXLqlSRZw3rIoT0B3G4uS9Xop89znLAknrOI57OvVAMLaeBrtkl
|
||||
jepE7RrNX6VcyEY+Ar1p30ax4UJNxjxd3rszIznccerWQzuLo5wYUkuZEfNtnAFB
|
||||
Z/4qlIn7wkbRevafgmlf/bhP6ZkeJFhqEjOq36Zci5JrnRu3rM/+Vex2ibHVat0E
|
||||
IZjeGxeofAPEwTaLfPJT7EIWZ+33ZHMcz+8=
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -0,0 +1,132 @@
|
|||
# OpenSSL root CA configuration file.
|
||||
# Copy to `/root/ca/openssl.cnf`.
|
||||
|
||||
[ ca ]
|
||||
# `man ca`
|
||||
default_ca = CA_default
|
||||
|
||||
[ CA_default ]
|
||||
# Directory and file locations.
|
||||
dir = .
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
|
||||
# The root key and root certificate.
|
||||
private_key = $dir/private/ca.key.pem
|
||||
certificate = $dir/certs/ca.cert.pem
|
||||
|
||||
# For certificate revocation lists.
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/ca.crl.pem
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 30
|
||||
|
||||
# SHA-1 is deprecated, so use SHA-2 instead.
|
||||
default_md = sha256
|
||||
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 375
|
||||
preserve = no
|
||||
policy = policy_strict
|
||||
|
||||
[ policy_strict ]
|
||||
# The root CA should only sign intermediate certificates that match.
|
||||
# See the POLICY FORMAT section of `man ca`.
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[ policy_loose ]
|
||||
# Allow the intermediate CA to sign a more diverse range of certificates.
|
||||
# See the POLICY FORMAT section of the `ca` man page.
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[ req ]
|
||||
# Options for the `req` tool (`man req`).
|
||||
default_bits = 2048
|
||||
distinguished_name = req_distinguished_name
|
||||
string_mask = utf8only
|
||||
|
||||
# SHA-1 is deprecated, so use SHA-2 instead.
|
||||
default_md = sha256
|
||||
|
||||
# Extension to add when the -x509 option is used.
|
||||
x509_extensions = v3_ca
|
||||
|
||||
[ req_distinguished_name ]
|
||||
# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
|
||||
countryName = Country Name (2 letter code)
|
||||
stateOrProvinceName = State or Province Name
|
||||
localityName = Locality Name
|
||||
0.organizationName = Organization Name
|
||||
organizationalUnitName = Organizational Unit Name
|
||||
commonName = Common Name
|
||||
emailAddress = Email Address
|
||||
|
||||
# Optionally, specify some defaults.
|
||||
countryName_default = US
|
||||
stateOrProvinceName_default = Illinois
|
||||
localityName_default = Chicago
|
||||
0.organizationName_default = FreeSWITCH
|
||||
organizationalUnitName_default = Blade
|
||||
emailAddress_default =
|
||||
|
||||
[ v3_ca ]
|
||||
# Extensions for a typical CA (`man x509v3_config`).
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
|
||||
[ v3_intermediate_ca ]
|
||||
# Extensions for a typical intermediate CA (`man x509v3_config`).
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true, pathlen:0
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
|
||||
[ usr_cert ]
|
||||
# Extensions for client certificates (`man x509v3_config`).
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = client, email
|
||||
nsComment = "OpenSSL Generated Client Certificate"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = clientAuth, emailProtection
|
||||
|
||||
[ server_cert ]
|
||||
# Extensions for server certificates (`man x509v3_config`).
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = server
|
||||
nsComment = "OpenSSL Generated Server Certificate"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer:always
|
||||
keyUsage = critical, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = serverAuth
|
||||
|
||||
[ crl_ext ]
|
||||
# Extension for CRLs (`man x509v3_config`).
|
||||
authorityKeyIdentifier=keyid:always
|
||||
|
||||
[ ocsp ]
|
||||
# Extension for OCSP signing certificates (`man ocsp`).
|
||||
basicConstraints = CA:FALSE
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, digitalSignature
|
||||
extendedKeyUsage = critical, OCSPSigning
|
||||
|
|
@ -0,0 +1,51 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIJKAIBAAKCAgEA3Pt3X1j8YaRuGb4ENkhfazwZl0K4VlaPhGj4h4wiL5S2Tp8E
|
||||
83HoRkoyQRX0fhKCrHtjNucOODkVbf+QMlv1mgEwCq+3SIEA6keBzsUv5sahunfP
|
||||
d+Vgh6+lgp1sAfjFuFlxrRvighO/yHHKE6P2BBgIz3t5QSakE/fLPwejZ98dacyA
|
||||
IxklzLvt4xHRVP7rxfiNFXKRXHsQd1iaWGSUBNMkUspCl8wO5IAPX75RiFGeA80I
|
||||
jZ518YVjiFBjCdzQfJb9iGJCGzrOcPJahfum+tzyIO/rIj+ldFyLPY0wbpa0wKeF
|
||||
58HWt52p3HmKnK5FUa7L8RNAfc3/H+6qyDeBFx92+T6J30q61dcmPayKooUJNsTK
|
||||
slrZ5L2OicWZepa/Oc5dagyzGEUc+Z11Mgl8/4pT4rUOna29v1d8+StJPN8XgWAH
|
||||
xmwpZ/cY/9GluSq5oB+6PTPcQ0aFHHUAI97QqfpGOeAWjtVd/3YUcNo82Pa3577r
|
||||
Rgh55X+XEySQmBiPWNOsfuCZZvYGOkLmby1SYR/LOwH8opKJyG/bOiZq23aaTPkm
|
||||
EQQSLRzsKxWc2jlE/UllpYX3FCu8nFn+L7Tam495IImi8FrpEX16ZpTGhr7YnfbO
|
||||
kMYw+LaRA36U55e5DToJAB5TCsC2CLhk8QDVoIMPfpYpY4XpdmA4EfDHOG0CAwEA
|
||||
AQKCAgEAiAH9pqGONEqPuShKT16b29RRq9dUvU7pZgV1cXe+Uqqkyh71XSBuZVSl
|
||||
OYnZwP6DjsUie1gaWGBJ4Dm69kPDFdZFS0568BT2CzuXmTukD9WRFMNI3fI/R0PE
|
||||
Cm/5Wf1TM/NZE8Jl1slw8F2Ykh4H/N0ODyVfq8mskt2gKlr5J6Ua5VMISpHfwfKo
|
||||
p2j//eAoHOCtdNXewZy8tbfCx0SgFZgecxYphmQBhoGK9NKeO9h/+Lbo3MD6tnvy
|
||||
lqNjUV6mswf7Y0WWikvXY4zGSlBopV33aG5BugKSQtvylx+e/3GiLjDtKYcUME7J
|
||||
jPkBZw2bfHqo6ud+ee+fZnfuhOwkdoHCGPA4aN7L3B19XJBKsI4zAoQNlUAteegg
|
||||
D59Fdnq8362xLE0F0crEgwMFYj4Qg9jy12em3iSvuKa17o0FuovGug4nHiQQ5asH
|
||||
nmjadXNfM6xAoQqCgbwjrVYD+i+/ofFAqDhPbjH+nOxS8l4MD+0i7nzQAIqIjsvl
|
||||
S5XM548ufxcEgwpMGc2bbJS5qg1weIgHZGT/RqnzeqFfHaJ8VN33Lbk2H5w6Qj87
|
||||
QFNqE6ZxFnf/k8FRF1QJB6BhmkhExvYgiK51DElnkinDDa6nkbwlkr1dE5zVv2zQ
|
||||
jLmQdBoHw2dBWEmik0lZ4m6rIvMD5rkR45oNPcyZ2wA8dKgr6AECggEBAPjmq0vK
|
||||
ur8RSpqEIXvI6dvGNXayGAFM0KLaHYfB6+qWXP6j+cn2wJHvH9sxl9vmUdE8auj+
|
||||
DaoaK6XeFcvBryO4+EwzrnY4eVU6QW/UiCgmSnRupLBxeyQOSgbok+3gMeJieSPw
|
||||
CpyH5cC3v9mWpg5X5dmm+ENUqv3d4hjsZzxwkJ/k92/29F7eaCVmlEOPw2skkz3O
|
||||
4BBznOSL9foKp0zAx/hqV2hkJmnb6DK14D6QkX+A0o8mOvhq1NjJ0isMUtllVzkq
|
||||
Lro3J8NEwkMhwYfVMOoj/URdZ8iskp5T6ez/BmIPE5zE9F8ZKmU4PkmpMoHISzDz
|
||||
5zTJOBCJ9AslNuECggEBAONI81qE5gxk1DCXLkfdCDe1paoy2DTGFX2MXTeDipv+
|
||||
C466l/odu9JQZASfXgpVkyjAPKFTCgAZL20V3izuk2izskZKN16KaNG3SJWmwWx1
|
||||
o2Gle2Z0Jd8AqaXvPzAKDFio/6MfD/EQFzOv9+BEBAlCFCz39Q19neSarhS6Ckv8
|
||||
kljsOambnjGtSliPZkrFueG9BLRqaTCU3yZpXsS8DqCVTqw4xmNcMGADkhn568Jq
|
||||
664iFXjD5aiAnrmBKzW7GLY7mbH4oyxmL+NNj0mwjB80evFZ8RIQuJ4tmIRFK0vo
|
||||
czNWo6CPOVbd4qMbhsHk4Pm1gH7LHbbT1PFlrsZ0Tw0CggEAWFHJoLhMMbZaCaAv
|
||||
HXR6fzDDEd46JGP0eIT7C4wlQXWfg//9h8vWIzJ91FKxtybwC1Xr/ccAZEarDE1U
|
||||
4JtWoU9mU+vW0T5S14o3ZA4/TjfgHZaRO8bY0j97xx3KOBNgwBr/L2Bi845JWWwa
|
||||
WIRbYiWQev4DhCjMEA8mxn9EVq7+sq4VmxY/OlajD/ppS9v8lM1CriD1YwETQAnl
|
||||
+5bCLLsPejeJ0pIPC2sr5qqg6rJz3pGApakELdgCtPZQbFQQJfIO1EsCj7M4mdKR
|
||||
OC8HNELS+5JPsW2PgSazVBkknaMUycDdzbgZmpEceRRPDeZK9MB05eb2OMXZ7gx1
|
||||
m2rWIQKCAQB6rpLk5l2CjR5YCBKsKavY3kzI3N8FRXKuLQjYAUHdR7iXVzLXiBss
|
||||
v8XtFNTfASgI1BMmBTudp/qIiEg/upuI5Y4yELdoaY+Au80LMlKvp6QD/h3oxIL4
|
||||
p1PrRIO3+4SEitxKAWdKeKP9e1tyC2SeVrOrPkBhAtAqaC/U8kLCl1erdf7+BQjT
|
||||
ybUarnTJoYbfSXbzp4iV95WoFzJXQScoGM+5eH/lfAqEmQjQyq0uaSZD/RPX9u3N
|
||||
EXgbq5RWUWJaYztn7Eyvl4z7xY61eP15jotaIXFVjf8JKpVruCZRt+wO5xI1hXmu
|
||||
4OAHqMEJgfDJ+OWeCydD233Su08mwfs1AoIBABnzt5VGd6K835vpZHsXiAxmCh5y
|
||||
rk85wcnWy/Id1IpP91bDkHF/ilD/IpegS+dKGrmaEauKpRy+mRT+KyhUQAzS/Xnv
|
||||
k/6wbbwzLFvmD3zm1pID4/LucetyyFQmM/45V+sDTNsf1sWA92we0n4q+MiR3Xep
|
||||
apQoO90u3q2I811UlwfUzeLknnGr0+5FiQ2Lkt34GAgUr3ydNNw31fR9uWU4FRLq
|
||||
JZNXYQcaeH7NoAW4bhS0fo3+KKl6Yqza8O4iu1v8wqbTgVuNd/OJSvYZSc76yDrc
|
||||
Ghju++Rz9enWJfA00sTebHC+TDm97ASS6uZH2gwR6xjKggUbxlJ3uw/yQK4=
|
||||
-----END RSA PRIVATE KEY-----
|
||||
|
|
@ -0,0 +1 @@
|
|||
1001
|
||||
|
|
@ -0,0 +1 @@
|
|||
1000
|
||||
|
|
@ -1,3 +1,15 @@
|
|||
blade:
|
||||
{
|
||||
transport:
|
||||
{
|
||||
wss:
|
||||
{
|
||||
ssl:
|
||||
{
|
||||
key = "./ca/intermediate/private/client@freeswitch-upstream.key.pem";
|
||||
cert = "./ca/intermediate/certs/client@freeswitch-upstream.cert.pem";
|
||||
chain = "./ca/intermediate/certs/ca-chain.cert.pem";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -4,16 +4,23 @@ blade:
|
|||
{
|
||||
wss:
|
||||
{
|
||||
ssl:
|
||||
{
|
||||
key = "./ca/intermediate/private/controller@freeswitch-upstream.key.pem";
|
||||
cert = "./ca/intermediate/certs/controller@freeswitch-upstream.cert.pem";
|
||||
chain = "./ca/intermediate/certs/ca-chain.cert.pem";
|
||||
};
|
||||
endpoints:
|
||||
{
|
||||
ipv4 = ( { address = "0.0.0.0", port = 2101 } );
|
||||
ipv6 = ( { address = "::", port = 2101 } );
|
||||
backlog = 128;
|
||||
};
|
||||
# SSL group is optional, disabled when absent
|
||||
ssl:
|
||||
{
|
||||
# todo: server SSL stuffs here
|
||||
ssl:
|
||||
{
|
||||
key = "./ca/intermediate/private/controller@freeswitch-downstream.key.pem";
|
||||
cert = "./ca/intermediate/cert/controller@freeswitch-downstream.cert.pem";
|
||||
chain = "./ca/intermediate/cert/ca-chain.cert.pem";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@
|
|||
|
||||
#include <openssl/ssl.h>
|
||||
#include <openssl/engine.h>
|
||||
#include <openssl/x509v3.h>
|
||||
|
||||
KS_BEGIN_EXTERN_C
|
||||
|
||||
|
|
|
|||
|
|
@ -79,6 +79,9 @@ KS_DECLARE(ks_status_t) kws_init(kws_t **kwsP, ks_socket_t sock, SSL_CTX *ssl_ct
|
|||
KS_DECLARE(ks_ssize_t) kws_close(kws_t *kws, int16_t reason);
|
||||
KS_DECLARE(void) kws_destroy(kws_t **kwsP);
|
||||
KS_DECLARE(ks_status_t) kws_get_buffer(kws_t *kws, char **bufP, ks_size_t *buflen);
|
||||
KS_DECLARE(ks_size_t) kws_sans_count(kws_t *kws);
|
||||
KS_DECLARE(const char *) kws_sans_get(kws_t *kws, ks_size_t index);
|
||||
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -63,6 +63,7 @@ KS_DECLARE(void) ks_ssl_init_ssl_locks(void)
|
|||
is_init = 1;
|
||||
|
||||
SSL_library_init();
|
||||
SSL_load_error_strings();
|
||||
|
||||
if (ssl_count == 0) {
|
||||
num = CRYPTO_num_locks();
|
||||
|
|
|
|||
|
|
@ -85,6 +85,9 @@ struct kws_s {
|
|||
char *req_uri;
|
||||
char *req_host;
|
||||
char *req_proto;
|
||||
|
||||
char **sans;
|
||||
ks_size_t sans_count;
|
||||
};
|
||||
|
||||
|
||||
|
|
@ -619,7 +622,8 @@ static int establish_server_logical_layer(kws_t *kws)
|
|||
}
|
||||
|
||||
if (code < 0) {
|
||||
if (code == -1 && SSL_get_error(kws->ssl, code) != SSL_ERROR_WANT_READ) {
|
||||
int sslerr = SSL_get_error(kws->ssl, code);
|
||||
if (code == -1 && sslerr != SSL_ERROR_WANT_READ) {
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
|
@ -733,6 +737,27 @@ KS_DECLARE(ks_status_t) kws_init(kws_t **kwsP, ks_socket_t sock, SSL_CTX *ssl_ct
|
|||
goto err;
|
||||
}
|
||||
|
||||
if (kws->type == KWS_SERVER)
|
||||
{
|
||||
X509 *cert = SSL_get_peer_certificate(kws->ssl);
|
||||
|
||||
if (cert && SSL_get_verify_result(kws->ssl) == X509_V_OK) {
|
||||
GENERAL_NAMES *sans = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
|
||||
if (sans) {
|
||||
kws->sans_count = (ks_size_t)sk_GENERAL_NAME_num(sans);
|
||||
if (kws->sans_count) kws->sans = ks_pool_calloc(pool, kws->sans_count, sizeof(char *));
|
||||
for (ks_size_t i = 0; i < kws->sans_count; i++) {
|
||||
const GENERAL_NAME *gname = sk_GENERAL_NAME_value(sans, (int)i);
|
||||
char *name = (char *)ASN1_STRING_data(gname->d.dNSName);
|
||||
kws->sans[i] = ks_pstrdup(pool, name);
|
||||
}
|
||||
sk_GENERAL_NAME_pop_free(sans, GENERAL_NAME_free);
|
||||
}
|
||||
}
|
||||
|
||||
if (cert) X509_free(cert);
|
||||
}
|
||||
|
||||
*kwsP = kws;
|
||||
|
||||
return KS_STATUS_SUCCESS;
|
||||
|
|
@ -864,6 +889,46 @@ uint64_t ntoh64(uint64_t val)
|
|||
#endif
|
||||
}
|
||||
|
||||
KS_DECLARE(ks_status_t) kws_peer_sans(kws_t *kws, char *buf, ks_size_t buflen)
|
||||
{
|
||||
ks_status_t ret = KS_STATUS_SUCCESS;
|
||||
X509 *cert = NULL;
|
||||
|
||||
ks_assert(kws);
|
||||
ks_assert(buf);
|
||||
ks_assert(buflen);
|
||||
|
||||
cert = SSL_get_peer_certificate(kws->ssl);
|
||||
if (!cert) {
|
||||
ret = KS_STATUS_FAIL;
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (SSL_get_verify_result(kws->ssl) != X509_V_OK) {
|
||||
ret = KS_STATUS_FAIL;
|
||||
goto done;
|
||||
}
|
||||
|
||||
//if (X509_NAME_get_text_by_NID(X509_get_subject_name(cert), NID_commonName, buf, (int)buflen) < 0) {
|
||||
// ret = KS_STATUS_FAIL;
|
||||
// goto done;
|
||||
//}
|
||||
|
||||
GENERAL_NAMES *san_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
|
||||
if (san_names) {
|
||||
int san_names_nb = sk_GENERAL_NAME_num(san_names);
|
||||
for (int i = 0; i < san_names_nb; i++) {
|
||||
const GENERAL_NAME *current_name = sk_GENERAL_NAME_value(san_names, i);
|
||||
char *name = (char *)ASN1_STRING_data(current_name->d.dNSName);
|
||||
if (name) continue;
|
||||
}
|
||||
sk_GENERAL_NAME_pop_free(san_names, GENERAL_NAME_free);
|
||||
}
|
||||
done:
|
||||
if (cert) X509_free(cert);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
KS_DECLARE(ks_ssize_t) kws_read_frame(kws_t *kws, kws_opcode_t *oc, uint8_t **data)
|
||||
{
|
||||
|
|
@ -1182,3 +1247,17 @@ KS_DECLARE(ks_status_t) kws_get_buffer(kws_t *kws, char **bufP, ks_size_t *bufle
|
|||
|
||||
return KS_STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
KS_DECLARE(ks_size_t) kws_sans_count(kws_t *kws)
|
||||
{
|
||||
ks_assert(kws);
|
||||
|
||||
return kws->sans_count;
|
||||
}
|
||||
|
||||
KS_DECLARE(const char *) kws_sans_get(kws_t *kws, ks_size_t index)
|
||||
{
|
||||
ks_assert(kws);
|
||||
if (index >= kws->sans_count) return NULL;
|
||||
return kws->sans[index];
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue