diff --git a/Pipfile b/Pipfile
index 076d21db..d7cef862 100644
--- a/Pipfile
+++ b/Pipfile
@@ -18,6 +18,8 @@ flask-sqlalchemy = "*"
flask-assets = "*"
flask-session = "*"
flask-wtf = "*"
+pyopenssl = "*"
+requests = "*"
[dev-packages]
bandit = "*"
diff --git a/Pipfile.lock b/Pipfile.lock
index 2a25ba15..0bc39077 100644
--- a/Pipfile.lock
+++ b/Pipfile.lock
@@ -1,7 +1,7 @@
{
"_meta": {
"hash": {
- "sha256": "0738d50fa0153e356ddd9ce23bcc781914ed0fe860044457a9db9fc0e1cff46b"
+ "sha256": "647d98b5384d1942bbe6bfe7930b1cd249886da2f47645802cd6f93369f44538"
},
"pipfile-spec": 6,
"requires": {
@@ -24,6 +24,64 @@
"index": "pypi",
"version": "==1.0.0"
},
+ "asn1crypto": {
+ "hashes": [
+ "sha256:2f1adbb7546ed199e3c90ef23ec95c5cf3585bac7d11fb7eb562a3fe89c64e87",
+ "sha256:9d5c20441baf0cb60a4ac34cc447c6c189024b6b4c6cd7877034f4965c464e49"
+ ],
+ "version": "==0.24.0"
+ },
+ "certifi": {
+ "hashes": [
+ "sha256:13e698f54293db9f89122b0581843a782ad0934a4fe0172d2a980ba77fc61bb7",
+ "sha256:9fa520c1bacfb634fa7af20a76bcbd3d5fb390481724c597da32c719a7dca4b0"
+ ],
+ "version": "==2018.4.16"
+ },
+ "cffi": {
+ "hashes": [
+ "sha256:151b7eefd035c56b2b2e1eb9963c90c6302dc15fbd8c1c0a83a163ff2c7d7743",
+ "sha256:1553d1e99f035ace1c0544050622b7bc963374a00c467edafac50ad7bd276aef",
+ "sha256:1b0493c091a1898f1136e3f4f991a784437fac3673780ff9de3bcf46c80b6b50",
+ "sha256:2ba8a45822b7aee805ab49abfe7eec16b90587f7f26df20c71dd89e45a97076f",
+ "sha256:3bb6bd7266598f318063e584378b8e27c67de998a43362e8fce664c54ee52d30",
+ "sha256:3c85641778460581c42924384f5e68076d724ceac0f267d66c757f7535069c93",
+ "sha256:3eb6434197633b7748cea30bf0ba9f66727cdce45117a712b29a443943733257",
+ "sha256:495c5c2d43bf6cebe0178eb3e88f9c4aa48d8934aa6e3cddb865c058da76756b",
+ "sha256:4c91af6e967c2015729d3e69c2e51d92f9898c330d6a851bf8f121236f3defd3",
+ "sha256:57b2533356cb2d8fac1555815929f7f5f14d68ac77b085d2326b571310f34f6e",
+ "sha256:770f3782b31f50b68627e22f91cb182c48c47c02eb405fd689472aa7b7aa16dc",
+ "sha256:79f9b6f7c46ae1f8ded75f68cf8ad50e5729ed4d590c74840471fc2823457d04",
+ "sha256:7a33145e04d44ce95bcd71e522b478d282ad0eafaf34fe1ec5bbd73e662f22b6",
+ "sha256:857959354ae3a6fa3da6651b966d13b0a8bed6bbc87a0de7b38a549db1d2a359",
+ "sha256:87f37fe5130574ff76c17cab61e7d2538a16f843bb7bca8ebbc4b12de3078596",
+ "sha256:95d5251e4b5ca00061f9d9f3d6fe537247e145a8524ae9fd30a2f8fbce993b5b",
+ "sha256:9d1d3e63a4afdc29bd76ce6aa9d58c771cd1599fbba8cf5057e7860b203710dd",
+ "sha256:a36c5c154f9d42ec176e6e620cb0dd275744aa1d804786a71ac37dc3661a5e95",
+ "sha256:a6a5cb8809091ec9ac03edde9304b3ad82ad4466333432b16d78ef40e0cce0d5",
+ "sha256:ae5e35a2c189d397b91034642cb0eab0e346f776ec2eb44a49a459e6615d6e2e",
+ "sha256:b0f7d4a3df8f06cf49f9f121bead236e328074de6449866515cea4907bbc63d6",
+ "sha256:b75110fb114fa366b29a027d0c9be3709579602ae111ff61674d28c93606acca",
+ "sha256:ba5e697569f84b13640c9e193170e89c13c6244c24400fc57e88724ef610cd31",
+ "sha256:be2a9b390f77fd7676d80bc3cdc4f8edb940d8c198ed2d8c0be1319018c778e1",
+ "sha256:ca1bd81f40adc59011f58159e4aa6445fc585a32bb8ac9badf7a2c1aa23822f2",
+ "sha256:d5d8555d9bfc3f02385c1c37e9f998e2011f0db4f90e250e5bc0c0a85a813085",
+ "sha256:e55e22ac0a30023426564b1059b035973ec82186ddddbac867078435801c7801",
+ "sha256:e90f17980e6ab0f3c2f3730e56d1fe9bcba1891eeea58966e89d352492cc74f4",
+ "sha256:ecbb7b01409e9b782df5ded849c178a0aa7c906cf8c5a67368047daab282b184",
+ "sha256:ed01918d545a38998bfa5902c7c00e0fee90e957ce036a4000a88e3fe2264917",
+ "sha256:edabd457cd23a02965166026fd9bfd196f4324fe6032e866d0f3bd0301cd486f",
+ "sha256:fdf1c1dc5bafc32bc5d08b054f94d659422b05aba244d6be4ddc1c72d9aa70fb"
+ ],
+ "version": "==1.11.5"
+ },
+ "chardet": {
+ "hashes": [
+ "sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae",
+ "sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691"
+ ],
+ "version": "==3.0.4"
+ },
"click": {
"hashes": [
"sha256:29f99fc6125fbc931b758dc053b3114e55c77a6e4c6c3a2674a2dc986016381d",
@@ -31,6 +89,30 @@
],
"version": "==6.7"
},
+ "cryptography": {
+ "hashes": [
+ "sha256:21af753934f2f6d1a10fe8f4c0a64315af209ef6adeaee63ca349797d747d687",
+ "sha256:27bb401a20a838d6d0ea380f08c6ead3ccd8c9d8a0232dc9adcc0e4994576a66",
+ "sha256:29720c4253263cff9aea64585adbbe85013ba647f6e98367efff9db2d7193ded",
+ "sha256:2a35b7570d8f247889784010aac8b384fd2e4a47b33e15c4a60b45a7c1944120",
+ "sha256:42c531a6a354407f42ee07fda5c2c0dc822cf6d52744949c182f2b295fbd4183",
+ "sha256:5eb86f03f9c4f0ac2336ac5431271072ddf7ecc76b338e26366732cfac58aa19",
+ "sha256:67f7f57eae8dede577f3f7775957f5bec93edd6bdb6ce597bb5b28e1bdf3d4fb",
+ "sha256:6ec84edcbc966ae460560a51a90046503ff0b5b66157a9efc61515c68059f6c8",
+ "sha256:7ba834564daef87557e7fcd35c3c3183a4147b0b3a57314e53317360b9b201b3",
+ "sha256:7d7f084cbe1fdb82be5a0545062b59b1ad3637bc5a48612ac2eb428ff31b31ea",
+ "sha256:82409f5150e529d699e5c33fa8fd85e965104db03bc564f5f4b6a9199e591f7c",
+ "sha256:87d092a7c2a44e5f7414ab02fb4145723ebba411425e1a99773531dd4c0e9b8d",
+ "sha256:8c56ef989342e42b9fcaba7c74b446f0cc9bed546dd00034fa7ad66fc00307ef",
+ "sha256:9449f5d4d7c516a6118fa9210c4a00f34384cb1d2028672100ee0c6cce49d7f6",
+ "sha256:bc2301170986ad82d9349a91eb8884e0e191209c45f5541b16aa7c0cfb135978",
+ "sha256:c132bab45d4bd0fff1d3fe294d92b0a6eb8404e93337b3127bdec9f21de117e6",
+ "sha256:c3d945b7b577f07a477700f618f46cbc287af3a9222cd73035c6ef527ef2c363",
+ "sha256:cee18beb4c807b5c0b178f4fa2fae03cef9d51821a358c6890f8b23465b7e5d2",
+ "sha256:d01dfc5c2b3495184f683574e03c70022674ca9a7be88589c5aba130d835ea90"
+ ],
+ "version": "==2.3"
+ },
"flask": {
"hashes": [
"sha256:2271c0070dbcb5275fad4a82e29f23ab92682dc45f9dfbc22c02ba9b9322ce48",
@@ -70,6 +152,13 @@
"index": "pypi",
"version": "==0.14.2"
},
+ "idna": {
+ "hashes": [
+ "sha256:156a6814fb5ac1fc6850fb002e0852d56c0c8d2531923a51032d1b70760e186e",
+ "sha256:684a38a6f903c1d71d6d5fac066b58d7768af4de2b832e426ec79c30daa94a16"
+ ],
+ "version": "==2.7"
+ },
"itsdangerous": {
"hashes": [
"sha256:cbb3fcf8d3e33df861709ecaf89d9e6629cff0a217bc2848f1b41cd30d360519"
@@ -150,6 +239,20 @@
"index": "pypi",
"version": "==2.7.5"
},
+ "pycparser": {
+ "hashes": [
+ "sha256:99a8ca03e29851d96616ad0404b4aad7d9ee16f25c9f9708a11faf2810f7b226"
+ ],
+ "version": "==2.18"
+ },
+ "pyopenssl": {
+ "hashes": [
+ "sha256:26ff56a6b5ecaf3a2a59f132681e2a80afcc76b4f902f612f518f92c2a1bf854",
+ "sha256:6488f1423b00f73b7ad5167885312bb0ce410d3312eb212393795b53c8caa580"
+ ],
+ "index": "pypi",
+ "version": "==18.0.0"
+ },
"python-dateutil": {
"hashes": [
"sha256:1adb80e7a782c12e52ef9a8182bebeb73f1d7e24e374397af06fb4956c8dc5c0",
@@ -168,7 +271,6 @@
"sha256:1d936da41ee06216d89fdc7ead1ee9a5da2811a8787515a976b646e110c3f622",
"sha256:e4ef42e82b0b493c5849eed98b5ab49d6767caf982127e9a33167f1153b36cc5"
],
- "markers": "python_version != '3.2.*' and python_version != '3.3.*' and python_version != '3.0.*' and python_version != '3.1.*' and python_version >= '2.7'",
"version": "==2018.5"
},
"redis": {
@@ -179,6 +281,14 @@
"index": "pypi",
"version": "==2.10.6"
},
+ "requests": {
+ "hashes": [
+ "sha256:63b52e3c866428a224f97cab011de738c36aec0185aa91cfacd418b5d58911d1",
+ "sha256:ec22d826a36ed72a7358ff3fe56cbd4ba69dd7a6718ffd450ff0e9df7a47ce6a"
+ ],
+ "index": "pypi",
+ "version": "==2.19.1"
+ },
"six": {
"hashes": [
"sha256:70e8a77beed4562e7f14fe23a786b54f6296e34344c23bc42f07b15018ff98e9",
@@ -214,6 +324,13 @@
"index": "pypi",
"version": "==1.1"
},
+ "urllib3": {
+ "hashes": [
+ "sha256:a68ac5e15e76e7e5dd2b8f94007233e01effe3e50e8daddf69acfd81cb686baf",
+ "sha256:b5725a0bd4ba422ab0e66e89e030c806576753ea3ee08554382c14e685d117b5"
+ ],
+ "version": "==1.23"
+ },
"webassets": {
"hashes": [
"sha256:e7d9c8887343123fd5b32309b33167428cb1318cdda97ece12d0907fd69d38db"
@@ -402,7 +519,6 @@
"sha256:b9c40e9750f3d77e6e4d441d8b0266cf555e7cdabdcff33c4fd06366ca761ef8",
"sha256:ec9ef8f4a9bc6f71eec99e1806bfa2de401650d996c59330782b89a5555c1497"
],
- "markers": "python_version != '3.2.*' and python_version != '3.1.*' and python_version != '3.3.*' and python_version >= '2.7' and python_version != '3.0.*'",
"version": "==4.3.4"
},
"itsdangerous": {
@@ -520,7 +636,6 @@
"sha256:6e3836e39f4d36ae72840833db137f7b7d35105079aee6ec4a62d9f80d594dd1",
"sha256:95eb8364a4708392bae89035f45341871286a333f749c3141c20573d2b3876e1"
],
- "markers": "python_version != '3.2.*' and python_version != '3.1.*' and python_version != '3.3.*' and python_version >= '2.7' and python_version != '3.0.*'",
"version": "==0.7.1"
},
"prompt-toolkit": {
@@ -543,7 +658,6 @@
"sha256:3fd59af7435864e1a243790d322d763925431213b6b8529c6ca71081ace3bbf7",
"sha256:e31fb2767eb657cbde86c454f02e99cb846d3cd9d61b318525140214fdc0e98e"
],
- "markers": "python_version != '3.2.*' and python_version != '3.1.*' and python_version != '3.3.*' and python_version >= '2.7' and python_version != '3.0.*'",
"version": "==1.5.4"
},
"pygments": {
@@ -593,11 +707,15 @@
},
"pyyaml": {
"hashes": [
+ "sha256:1cbc199009e78f92d9edf554be4fe40fb7b0bef71ba688602a00e97a51909110",
"sha256:254bf6fda2b7c651837acb2c718e213df29d531eebf00edb54743d10bcb694eb",
"sha256:3108529b78577327d15eec243f0ff348a0640b0c3478d67ad7f5648f93bac3e2",
"sha256:3c17fb92c8ba2f525e4b5f7941d850e7a48c3a59b32d331e2502a3cdc6648e76",
+ "sha256:6f89b5c95e93945b597776163403d47af72d243f366bf4622ff08bdfd1c950b7",
"sha256:8d6d96001aa7f0a6a4a95e8143225b5d06e41b1131044913fecb8f85a125714b",
- "sha256:c8a88edd93ee29ede719080b2be6cb2333dfee1dccba213b422a9c8e97f2967b"
+ "sha256:be622cc81696e24d0836ba71f6272a2b5767669b0d79fdcf0295d51ac2e156c8",
+ "sha256:c8a88edd93ee29ede719080b2be6cb2333dfee1dccba213b422a9c8e97f2967b",
+ "sha256:f39411e380e2182ad33be039e8ee5770a5d9efe01a2bfb7ae58d9ba31c4a2a9d"
],
"version": "==4.2b4"
},
diff --git a/atst/domain/authnid/__init__.py b/atst/domain/authnid/__init__.py
new file mode 100644
index 00000000..e69de29b
diff --git a/atst/domain/authnid/crl/util.py b/atst/domain/authnid/crl/util.py
new file mode 100644
index 00000000..13e8106d
--- /dev/null
+++ b/atst/domain/authnid/crl/util.py
@@ -0,0 +1,72 @@
+import requests
+import re
+import os
+from html.parser import HTMLParser
+
+_DISA_CRLS = "https://iasecontent.disa.mil/pki-pke/data/crls/dod_crldps.htm"
+
+
+def fetch_disa():
+ response = requests.get(_DISA_CRLS)
+ return response.text
+
+
+class DISAParser(HTMLParser):
+ crl_list = []
+ _CRL_MATCH = re.compile("DOD(ROOT|EMAIL|ID)?CA")
+
+ def handle_starttag(self, tag, attrs):
+ if tag == "a":
+ href = [pair[1] for pair in attrs if pair[0] == "href"].pop()
+ if re.search(self._CRL_MATCH, href):
+ self.crl_list.append(href)
+
+
+def crl_list_from_disa_html(html):
+ parser = DISAParser()
+ parser.reset()
+ parser.feed(html)
+ return parser.crl_list
+
+
+def write_crl(out_dir, crl_location):
+ name = re.split("/", crl_location)[-1]
+ crl = os.path.join(out_dir, name)
+ with requests.get(crl_location, stream=True) as r:
+ with open(crl, "wb") as crl_file:
+ for chunk in r.iter_content(chunk_size=1024):
+ if chunk:
+ crl_file.write(chunk)
+
+
+def refresh_crls(out_dir, logger=None):
+ disa_html = fetch_disa()
+ crl_list = crl_list_from_disa_html(disa_html)
+ for crl_location in crl_list:
+ if logger:
+ logger.info("updating CRL from {}".format(crl_location))
+ try:
+ write_crl(out_dir, crl_location)
+ except requests.exceptions.ChunkedEncodingError:
+ if logger:
+ logger.error(
+ "Error downloading {}, continuing anyway".format(crl_location)
+ )
+
+
+if __name__ == "__main__":
+ import sys
+ import datetime
+ import logging
+
+ logging.basicConfig(
+ level=logging.INFO, format="[%(asctime)s]:%(levelname)s: %(message)s"
+ )
+ logger = logging.getLogger()
+ logger.info("Updating CRLs")
+ try:
+ refresh_crls(sys.argv[1], logger=logger)
+ except Exception as err:
+ logger.exception("Fatal error encountered, stopping")
+ sys.exit(1)
+ logger.info("Finished updating CRLs")
diff --git a/atst/domain/authnid/crl/validator.py b/atst/domain/authnid/crl/validator.py
new file mode 100644
index 00000000..409a8bf7
--- /dev/null
+++ b/atst/domain/authnid/crl/validator.py
@@ -0,0 +1,124 @@
+import sys
+import os
+import re
+import hashlib
+from OpenSSL import crypto, SSL
+
+
+def sha256_checksum(filename, block_size=65536):
+ sha256 = hashlib.sha256()
+ with open(filename, "rb") as f:
+ for block in iter(lambda: f.read(block_size), b""):
+ sha256.update(block)
+ return sha256.hexdigest()
+
+
+class Validator:
+
+ _PEM_RE = re.compile(
+ b"-----BEGIN CERTIFICATE-----\r?.+?\r?-----END CERTIFICATE-----\r?\n?",
+ re.DOTALL,
+ )
+
+ def __init__(self, crl_locations=[], roots=[], base_store=crypto.X509Store):
+ self.errors = []
+ self.crl_locations = crl_locations
+ self.roots = roots
+ self.base_store = base_store
+ self._reset()
+
+ def _reset(self):
+ self.cache = {}
+ self.store = self.base_store()
+ self._add_crls(self.crl_locations)
+ self._add_roots(self.roots)
+ self.store.set_flags(crypto.X509StoreFlags.CRL_CHECK)
+
+ def _add_crls(self, locations):
+ for filename in locations:
+ try:
+ self._add_crl(filename)
+ except crypto.Error as err:
+ self.errors.append(
+ "CRL could not be parsed. Filename: {}, Error: {}, args: {}".format(
+ filename, type(err), err.args
+ )
+ )
+
+ # This caches the CRL issuer with the CRL filepath and a checksum, in addition to adding the CRL to the store.
+
+ def _add_crl(self, filename):
+ with open(filename, "rb") as crl_file:
+ crl = crypto.load_crl(crypto.FILETYPE_ASN1, crl_file.read())
+ self.cache[crl.get_issuer().der()] = (filename, sha256_checksum(filename))
+ self._add_carefully("add_crl", crl)
+
+ def _parse_roots(self, root_str):
+ return [match.group(0) for match in self._PEM_RE.finditer(root_str)]
+
+ def _add_roots(self, roots):
+ for filename in roots:
+ with open(filename, "rb") as f:
+ for raw_ca in self._parse_roots(f.read()):
+ ca = crypto.load_certificate(crypto.FILETYPE_PEM, raw_ca)
+ self._add_carefully("add_cert", ca)
+
+ # in testing, it seems that openssl is maintaining a local cache of certs
+ # in a hash table and throws errors if you try to add redundant certs or
+ # CRLs. For now, we catch and ignore that error with great specificity.
+
+ def _add_carefully(self, method_name, obj):
+ try:
+ getattr(self.store, method_name)(obj)
+ except crypto.Error as error:
+ if self._is_preloaded_error(error):
+ pass
+ else:
+ raise error
+
+ PRELOADED_CRL = (
+ [
+ (
+ "x509 certificate routines",
+ "X509_STORE_add_crl",
+ "cert already in hash table",
+ )
+ ],
+ )
+ PRELOADED_CERT = (
+ [
+ (
+ "x509 certificate routines",
+ "X509_STORE_add_cert",
+ "cert already in hash table",
+ )
+ ],
+ )
+
+ def _is_preloaded_error(self, error):
+ return error.args == self.PRELOADED_CRL or error.args == self.PRELOADED_CERT
+
+ # Checks that the CRL currently in-memory is up-to-date via the checksum.
+
+ def refresh_cache(self, cert):
+ der = cert.get_issuer().der()
+ if der in self.cache:
+ filename, checksum = self.cache[der]
+ if sha256_checksum(filename) != checksum:
+ self._reset()
+
+ def validate(self, cert):
+ parsed = crypto.load_certificate(crypto.FILETYPE_PEM, cert)
+ self.refresh_cache(parsed)
+ context = crypto.X509StoreContext(self.store, parsed)
+ try:
+ context.verify_certificate()
+ return True
+
+ except crypto.X509StoreContextError as err:
+ self.errors.append(
+ "Certificate revoked or errored. Error: {}. Args: {}".format(
+ type(err), err.args
+ )
+ )
+ return False
diff --git a/script/sync-crls b/script/sync-crls
new file mode 100755
index 00000000..d4535173
--- /dev/null
+++ b/script/sync-crls
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+# script/sync-crls: update the DOD CRLs and place them where authnid expects them
+set -e
+cd "$(dirname "$0")/.."
+
+mkdir -p crl-tmp
+pipenv run python ./authnid/crl/util.py crl-tmp
+mkdir -p crl
+rsync -rq crl-tmp/. crl/.
+rm -rf crl-tmp
+
+if [[ $FLASK_ENV != "production" ]]; then
+ # place our test CRL there
+ cp ssl/client-certs/client-ca.der.crl crl/
+fi
diff --git a/script/sync-dod-certs b/script/sync-dod-certs
new file mode 100755
index 00000000..043629c1
--- /dev/null
+++ b/script/sync-dod-certs
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+# script/sync-dod-certs: update the CA bundle with DOD intermediate and root CAs
+
+CAS_FILE_NAME="Certificates_PKCS7_v5.3_DoD"
+CA_CHAIN="ssl/server-certs/ca-chain.pem"
+
+echo "Resetting CA bundle..."
+rm ssl/server-certs/ca-chain.pem &> /dev/null || true
+touch $CA_CHAIN
+
+if [[ $FLASK_ENV != "production" ]]; then
+ # only for testing and development
+ echo "Copy in testing client CA..."
+ cat ssl/client-certs/client-ca.crt >> $CA_CHAIN
+fi
+
+# dod intermediate certs
+echo "Adding DoD root certs"
+rm -rf tmp || true
+mkdir tmp
+curl --silent -o tmp/dod-cas.zip "https://iasecontent.disa.mil/pki-pke/$CAS_FILE_NAME.zip"
+unzip tmp/dod-cas.zip -d tmp/ &> /dev/null
+openssl pkcs7 -in "tmp/$CAS_FILE_NAME/$CAS_FILE_NAME.pem.p7b" -print_certs >> $CA_CHAIN
+rm -rf tmp
diff --git a/ssl/certificate-authority/ca.crt b/ssl/certificate-authority/ca.crt
new file mode 100644
index 00000000..60ed3ff2
--- /dev/null
+++ b/ssl/certificate-authority/ca.crt
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEJDCCAwygAwIBAgIJAK4JGo3BBGhVMA0GCSqGSIb3DQEBCwUAMGkxCzAJBgNV
+BAYTAlVTMRUwEwYDVQQIEwxQZW5uc3lsdmFuaWExFTATBgNVBAcTDFBoaWxhZGVs
+cGhpYTEMMAoGA1UEChMDRG9EMQwwCgYDVQQLEwNERFMxEDAOBgNVBAMTB0FUQVQg
+Q0EwHhcNMTgwNjAxMTk0NjIyWhcNMzgwNTI3MTk0NjIyWjBpMQswCQYDVQQGEwJV
+UzEVMBMGA1UECBMMUGVubnN5bHZhbmlhMRUwEwYDVQQHEwxQaGlsYWRlbHBoaWEx
+DDAKBgNVBAoTA0RvRDEMMAoGA1UECxMDRERTMRAwDgYDVQQDEwdBVEFUIENBMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzYU7UbstArnnVliaC/TB6Vir
+kVWMnAEYMUZA1BKP8DZaNEKbzFH2+mMw7O0BY7Ph9x0hEZ1kXLr6U93xcKyUWNPo
+13i5EwUUCSh2MdPfS8ZZt8DUIIKC7XzFnKyKSKQmr0Mt9dC44rryPKTBvmI60rQ8
+VZkFEgvs8FCP0M4Ar6/gtJ24ZLEtilu5dQBSlru4nPGXg07r2C2JgEZWshtMBtbH
+LkOM2gtp/pkYCCG0zqeU+0s3H8IqDq0uYkONOfVeCumbg1/AtjgrZu7aOVPKyibk
+aI6sTTooXE5aSZkfkx0z6+fKM2nPSe30HgiBODtb7G+44ln08d0isjpQ67OvGQID
+AQABo4HOMIHLMB0GA1UdDgQWBBSl7CUAWPbx8XqotKKKAufPh0wn4DCBmwYDVR0j
+BIGTMIGQgBSl7CUAWPbx8XqotKKKAufPh0wn4KFtpGswaTELMAkGA1UEBhMCVVMx
+FTATBgNVBAgTDFBlbm5zeWx2YW5pYTEVMBMGA1UEBxMMUGhpbGFkZWxwaGlhMQww
+CgYDVQQKEwNEb0QxDDAKBgNVBAsTA0REUzEQMA4GA1UEAxMHQVRBVCBDQYIJAK4J
+Go3BBGhVMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBABguwdFk42YP
+8U6Du5HQ6Is1jfc1KEOowdh0d2MCH8q0KNktqiu6kWzjH1gRjRwc07bAkAWqXPB6
+6gkRGYe/FRgi2Rn+Uo5UC5ahI4cXkE8OitCIEP3Br9fUw+vj/3Iiov0QZ6Hv81Kl
+ZTZhLiZbjAg5maL/vufnUp+n15qzm67APh3/2hcgO93UlE9o9vXohWy1lHs8u12o
+hPLxghSmGc9eKalEWEs61OrohpOtCHUEd1isq76WhaiXSwSUrBxgy89Z517A7ffC
+BjzLo5AVo6a9ou+ONVeZk8qw6YR6X9J7axy8YuTWt+Z82WFvOF0ubkqjm72d001M
+7R9zCOQ3O+g=
+-----END CERTIFICATE-----
diff --git a/ssl/certificate-authority/ca.key b/ssl/certificate-authority/ca.key
new file mode 100644
index 00000000..529761e9
--- /dev/null
+++ b/ssl/certificate-authority/ca.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAzYU7UbstArnnVliaC/TB6VirkVWMnAEYMUZA1BKP8DZaNEKb
+zFH2+mMw7O0BY7Ph9x0hEZ1kXLr6U93xcKyUWNPo13i5EwUUCSh2MdPfS8ZZt8DU
+IIKC7XzFnKyKSKQmr0Mt9dC44rryPKTBvmI60rQ8VZkFEgvs8FCP0M4Ar6/gtJ24
+ZLEtilu5dQBSlru4nPGXg07r2C2JgEZWshtMBtbHLkOM2gtp/pkYCCG0zqeU+0s3
+H8IqDq0uYkONOfVeCumbg1/AtjgrZu7aOVPKyibkaI6sTTooXE5aSZkfkx0z6+fK
+M2nPSe30HgiBODtb7G+44ln08d0isjpQ67OvGQIDAQABAoIBAHR4EInc3UEyQVu5
+knM8Hbgzu+b86FZweFlUSuDkNBYZdz0ukkRUHvb+x3c9SRBLnL8CDv+AhqPWgo6M
+tIr6Aofkb4vMqnWQ5y3ZdEIApAa5PZbY/F4AGFql3wdO8H8CJ7ojBCTOSDiVYTnk
+1Lcjy9okshyAP1Ne1sPJo/bdB56HtXs+wqok1NntIQwiXjjD9xUuc1EZk0J4M97L
+vBUjUGNX942UjtRiey5zwhRp3bTPasTduHcA01NaIbOVYlRFwc2W+cflz0l6ml2p
+14TNEEvIMMMCNKnlPrpGI23n0psAvE4nbuxZQGVYAFvXrWn+Gyvz0Yag2EoMUCEs
+ziLED9ECgYEA6IByu+xqIuIAhj/PwIIxV4+lkuV4TXIlfAFLR4JuokOVfbRsmu2e
+9EfeOUD9LfQ4KsG5mu4Abpja0k/VKRKRGRjV6Oe2C6VK942HFP6Kpn0hgIuomZkD
+eVv8naDezZjAvVace38zjRWB2GXTpapwBAgf/YflPPsDZ8bi/weqZCMCgYEA4kqx
+Ka489Rr7+cSXpMeS5lLufhlaE5OVQc5HVFREDAI5vXU8BM2sLiHTC/BHjis2JvLm
+aRJ0UsxUoIUURl2KjTbx3zns4HDVkzBrSpoDXWxBjAo0oEg7JVc+6+qEqbDHHS1L
+/UJ6mlUegsE42MkFWG3YJQuHxyLZqPXIwNAyhZMCgYEA5cxnGnSt5rJoAEi7xzMn
+H7s71Hf3stw6TlldFV3GiZyw+aDFo09vR1RtQTuJwczbYu88yvOn+6gax7neHo1a
+WmrgqiWzGcmS0iDRPZ/kXG/bGBlxV/cTpvSTNx0UejMbdUhQvANaaXyzbLYgPWK6
++lEphUW2/tG+aOj73UOvVu8CgYA5L8sJz4CUKJeZDTeNauoSzs56i4mZ/OfxU2Hv
+S8ROjJlu6ZubUya6Gc4t7DEJGp56xVO5JfLDoeOZFUiEZ8tF2KbTVN4p8hnnMotK
+tRU4nM0LyOB3yQk5bIz4LbIM+CG5m+LiQ9Sb//rP7GijUFnLeSbwZbOQfZwn+MUd
+BQBfhQKBgQDmuX8tJdPkjE133IhQhZHbHHt6AEQA3aXkFdvPvbYD9VbGTZ8wnpFO
+VJrDDWnIKAgO2FerIX9oq+H9a5fggYtTMeAX1cOA6b9SnLmFjt0utxrQKxf7p5I+
+n+EsmcAWfb+KRQwoB0L/mE9Ool14AeJ15kHyNIrCrMPv0J4zoC0Jdg==
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/certificate-authority/ca.srl b/ssl/certificate-authority/ca.srl
new file mode 100644
index 00000000..a23185d3
--- /dev/null
+++ b/ssl/certificate-authority/ca.srl
@@ -0,0 +1 @@
+F4D74F1607DD3C83
diff --git a/ssl/client-certs/README.md b/ssl/client-certs/README.md
new file mode 100644
index 00000000..10ab5fd3
--- /dev/null
+++ b/ssl/client-certs/README.md
@@ -0,0 +1,30 @@
+Right now, we have two client certificates:
+
+- atat.mil.crt: beautiful, good, works great
+- bad-atat.mil.crt: banned, very bad, is on the CRL
+
+I more or less used [this article](https://access.redhat.com/documentation/en-us/red_hat_update_infrastructure/2.1/html/administration_guide/chap-red_hat_update_infrastructure-administration_guide-certification_revocation_list_crl) to generate the CRL. Note that I departed from it slightly and used a variation on the openssl config recommended by the ca man page (`man ca`).
+
+I added the new crl:
+
+```
+openssl crl -inform pem -in ssl/client-certs/client-ca.crl -outform der -out crl/simon.crl
+```
+
+Running the scripts verifies that the good one is good and the bad one is bad.
+
+We can also verify with OpenSSL. First concatenate the CA Bundle and the CRL:
+
+```
+cat ssl/server-certs/ca-chain.pem ssl/client-certs/client-ca.crl > /tmp/test.pem
+```
+
+Verify the certs:
+
+```
+openssl verify -verbose -CAfile /tmp/test.pem -crl_check ssl/client-certs/bad-atat.mil.crt
+> error 23 at 0 depth lookup:certificate revoked
+openssl verify -verbose -CAfile /tmp/test.pem -crl_check ssl/client-certs/atat.mil.crt
+> atat.mil.crt: OK
+```
+
diff --git a/ssl/client-certs/atat.mil.crt b/ssl/client-certs/atat.mil.crt
new file mode 100644
index 00000000..59dcb67f
--- /dev/null
+++ b/ssl/client-certs/atat.mil.crt
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDqTCCApECCQCoSzDcVuoXYzANBgkqhkiG9w0BAQsFADCBjTELMAkGA1UEBhMC
+VVMxFTATBgNVBAgTDFBlbm5zeWx2YW5pYTEVMBMGA1UEBxMMUGhpbGFkZWxwaGlh
+MRAwDgYDVQQKEwdGYXV4RG9EMQswCQYDVQQLEwJQVzERMA8GA1UEAxMIRmF1eCBE
+b0QxHjAcBgkqhkiG9w0BCQEWD2ZhdXhkb2RAZG9kLmNvbTAeFw0xODA3MjQyMDM0
+MDJaFw0xOTA3MjQyMDM0MDJaMIGeMQswCQYDVQQGEwJVUzEVMBMGA1UECBMMUGVu
+bnN5bHZhbmlhMRUwEwYDVQQHEwxQaGlsYWRlbHBoaWExDDAKBgNVBAoTA0RvRDEL
+MAkGA1UECxMCUFcxITAfBgNVBAMTGEFSVC5HQVJGVU5LRUwuMTIzNDU2Nzg5MDEj
+MCEGCSqGSIb3DQEJARYUYWdhcmZ1bmtlbEBzYW5kZy5jb20wggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDCRftouylCKDN9GoKRJMWA3gnfEshRxi4P1xU9
+xm0qgPIzTpeZCNUcDbSQzovXQ58ElrDTdUeMv0OV/RLOnNFKgPSAd2f1F4BE1rJR
+WHLFjG6mPj769Wl1BhGAwOY/zdhfHYjTKZSApUfP6MuKsD2nciOnJFlqJ439R4LC
+S8Fv3RnnKMQlSTMiudOMhtzr8v1poDlxVzu9IF7i/MZKCBFz3e1G2LFIr5ZL+djg
+4rsI4lNPVNt1sRiXy/+kltBY8RIbPPP70iT+zmrr6PmEeDSwDSKgW+TBCGK3yFCr
+kPXjMZhWOt+7eLanL2KJNrohEkJFzI3tb7zVm6zg5SC1GTIFAgMBAAEwDQYJKoZI
+hvcNAQELBQADggEBAKm4W2mAqtRUpwCstCqJCdoOsIgW9pZKTczLERbODHvbfXZA
+MfGGnYQiuoOddu9K9UJQIHZLMUYmF9gj9HdY60ttNWeH5XRXIXn6t1Pn8W7q042Q
+RqeJ/uOtNG1UXRtHQhK1j73xD3ZSTGw7rTIA2qDgRQMp1h28405kZIiNVRFdNjFh
+irAvtQkIXWhIGSr/Lwop98RmTsV17v4iK14Uf2i5QUjdIECiGqGSlk9Jmj8dajzN
+cSarkhWDuQmlCplF1lTNcXenC66d1bE/KXb3dEGg+h99KfZVw1+9c5DbWag6IVgG
+Xts4GcPhuiKF/pJWRO11L2CfyCveoGM9Osz/vvc=
+-----END CERTIFICATE-----
diff --git a/ssl/client-certs/atat.mil.csr b/ssl/client-certs/atat.mil.csr
new file mode 100644
index 00000000..79695986
--- /dev/null
+++ b/ssl/client-certs/atat.mil.csr
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC5DCCAcwCAQAwgZ4xCzAJBgNVBAYTAlVTMRUwEwYDVQQIEwxQZW5uc3lsdmFu
+aWExFTATBgNVBAcTDFBoaWxhZGVscGhpYTEMMAoGA1UEChMDRG9EMQswCQYDVQQL
+EwJQVzEhMB8GA1UEAxMYQVJULkdBUkZVTktFTC4xMjM0NTY3ODkwMSMwIQYJKoZI
+hvcNAQkBFhRhZ2FyZnVua2VsQHNhbmRnLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAMJF+2i7KUIoM30agpEkxYDeCd8SyFHGLg/XFT3GbSqA8jNO
+l5kI1RwNtJDOi9dDnwSWsNN1R4y/Q5X9Es6c0UqA9IB3Z/UXgETWslFYcsWMbqY+
+Pvr1aXUGEYDA5j/N2F8diNMplIClR8/oy4qwPadyI6ckWWonjf1HgsJLwW/dGeco
+xCVJMyK504yG3Ovy/WmgOXFXO70gXuL8xkoIEXPd7UbYsUivlkv52ODiuwjiU09U
+23WxGJfL/6SW0FjxEhs88/vSJP7Oauvo+YR4NLANIqBb5MEIYrfIUKuQ9eMxmFY6
+37t4tqcvYok2uiESQkXMje1vvNWbrODlILUZMgUCAwEAAaAAMA0GCSqGSIb3DQEB
+BQUAA4IBAQCvnKvR8agOyJmLFcrROWGWLdGsr6CFmkcQe1eJ2GFP9XsIbuIjxssn
+K2yEK1hY6BAAPl76Arh3WkHOXVQjuzW3hlsu+uwKJnYDecG3I9btP+NkPNyKWrbr
+S2GIqa71oKadncV/P9DKsc2+KL2BFo8+IbvwVSPGj63JlJh2T9JFPeAqxeKCUiuO
+ac+dgxNtMQRSEYwE1kgdaJu5yRBfepZaeNGJ2KjCivQdsgnlVllPCNwtjciIRLWl
+UBdt8kh6Dx0RVIkck5fViFiJodxbfw9filjYITgRuANEJHytNzo3ChsWflZ0UYi/
+j8jAvoqL2d+D/a2ijaxlQeCqu5MUB4wR
+-----END CERTIFICATE REQUEST-----
diff --git a/ssl/client-certs/atat.mil.key b/ssl/client-certs/atat.mil.key
new file mode 100644
index 00000000..5fc2040f
--- /dev/null
+++ b/ssl/client-certs/atat.mil.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAwkX7aLspQigzfRqCkSTFgN4J3xLIUcYuD9cVPcZtKoDyM06X
+mQjVHA20kM6L10OfBJaw03VHjL9Dlf0SzpzRSoD0gHdn9ReARNayUVhyxYxupj4+
++vVpdQYRgMDmP83YXx2I0ymUgKVHz+jLirA9p3IjpyRZaieN/UeCwkvBb90Z5yjE
+JUkzIrnTjIbc6/L9aaA5cVc7vSBe4vzGSggRc93tRtixSK+WS/nY4OK7COJTT1Tb
+dbEYl8v/pJbQWPESGzzz+9Ik/s5q6+j5hHg0sA0ioFvkwQhit8hQq5D14zGYVjrf
+u3i2py9iiTa6IRJCRcyN7W+81Zus4OUgtRkyBQIDAQABAoIBAQC0+nSmsBRTaRfu
+J1AS3mqPDkmr4ddzNmeaogdLsRnpSo5WdZSMH8pHhAz+CSwEsR3mLGs10j+BQnw3
+sbZfe38NJOyg8JuLmwUHG+qqFPd2SMibXclWCGDhf3G2u/zC24QBt4XLESUiYtZv
+PLLA1EXbQ10rS5VwasC/fmq1jdT52yEi4viXdMOSfjYCWg+xIwBsyCQs/lWLsqWD
+ZKLYfUAFsYqQ1Axz96yiscgNfPfoPRMoTvU3TuQlGhiQ1ygG5f4xlLEuHXpj1yWw
+/liSZVq/a+WQlVAKdlA4IXiC8szPagNSa/beEaj3R+ifoCad5hp/Fsj2JQlHmm30
+D8PAAVFRAoGBAPnRytHsicCuqck0oa2c2nE7gExrZhrO+rZoDHPBXjQiTFstil8r
+wK1OCjeeX9TV18szPhkimCVel+goNhSmW4n3BcAM1HTFdZlKY7dwVN/tvtl852Sw
+gVhGd3kFDkjUBTlK7W+IW7dzW3KwoSbcBpPRtIX9kKR5Braek4h4pUv3AoGBAMcU
+ZMqlHB6k1HH+3bZhyTk1BBAF2PcocqOkI9ahSQjDmVGMSa+nVxC7qE0l+hRRpaFd
+Ck6zn41p87Yos1nwNwOBcT3AIk0CNYGTJXJQQnkVzjB2yTdKDC/nAH++WOE2daw6
+0n1kIygOeL6na6r+jCQbsmwmORlqZ1nLPjCIPlrjAoGASpNiJICkLqz1amcXzKgC
+XcMRbb6x4FbhaQpujS+wW4fRm3Zg1EBPaGzfh/LzUKn1nWdSplY5bQ5r8pXubwOq
+V+kyAj7SPXmkvXoDgoM6Ew755hrvSJOYSS3gBHSJ6xu/43aGosDmAEGjjv1DXkJY
+hFAZv9YOE8s9Qc7c4+SAE8kCgYEAm+JPLhJtW11r8LtF9orJWt81iCpcAuSMJ7De
+UzDFlHQ8uIsmI8Hfvf2DQq2rDYAFNr441Pl3xO6i5A8oqRMcsMUJ2/V3pl9FcGm9
+F67a7h9x7acF1iJIOrYiQOTWibrwF2WT7pWbpcD3MSq9dw6Mw7VgV6jyawFTXg90
+aeI1GUsCgYEA2/7tNN0Of5W/Ff/2lm9ePhYsZSr+9NoBBQvai7+m5qpSzvoE304Q
+1qPW+T5pA4Da34nG+fGJMop0QX9rRTdyE9Ct++8ybIdLFAf35fDxgciohkziji8+
+0BHK7f+GqTDF+KoIZDZYPQgJX17/h8XNtBBSbP7WX8WZHIco/0BtOrc=
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/client-certs/bad-atat.mil.crt b/ssl/client-certs/bad-atat.mil.crt
new file mode 100644
index 00000000..8923a87a
--- /dev/null
+++ b/ssl/client-certs/bad-atat.mil.crt
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn4CCQDe7V0Kcecn2TANBgkqhkiG9w0BAQUFADCBjTELMAkGA1UEBhMC
+VVMxFTATBgNVBAgTDFBlbm5zeWx2YW5pYTEVMBMGA1UEBxMMUGhpbGFkZWxwaGlh
+MRAwDgYDVQQKEwdGYXV4RG9EMQswCQYDVQQLEwJQVzERMA8GA1UEAxMIRmF1eCBE
+b0QxHjAcBgkqhkiG9w0BCQEWD2ZhdXhkb2RAZG9kLmNvbTAeFw0xODA2MjAyMDQz
+MTlaFw0xODA3MjAyMDQzMTlaMIGLMQswCQYDVQQGEwJVUzEVMBMGA1UECBMMUGVu
+bnN5bHZhbmlhMRUwEwYDVQQHEwxQaGlsYWRlbHBoaWExDDAKBgNVBAoUA1MmRzEe
+MBwGA1UEAxMVU0lNT04uUEFVTC4zODU2MTM1OTAxMSAwHgYJKoZIhvcNAQkBFhFz
+aW1vbkBzX2FuZF9nLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AKao36qwC9Sk5hMujFQm5h7B6WoRFqbWpTw7VSAZeW2ykwWbOBmsEAfgOJ+ctyHq
+oMG0S23zJxSkfjO1PLXvu9r1ML0zXtm0uUiTJOMEMyrUBbfCV8zJ3TMuA7voWLi7
+QKsXh1bHdDIXbYP6dLC3w3CnBnr9VihzLth5KLEpz9ePX5gZljHVGldNY4ZR3UbD
+IeL7GD0z/jdcNuHxLYsI9gnnfxrOx8LmzDHDwTNsvKYNRjkdu+pja0ojDrE3T61g
+nKrWQsDwP9T7v27AfhrF1sxy+5K3YiQkDGtbvwFtKBIG3DJBw8qAqEPbtXw9FpYt
+7p8Ti/QYM5SGr/+w3yOgvrkCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAgVarfkoj
+YtZ4X/uNzaSTYO10nyPblebmCGdJW4Cwgk7tcyB+ufLKPrWaC0+Y6XPZwCkAM8UF
+KqwYVnMWTkYdUI2ff1vst9tZRiANGXuQLgbdGAP2TrcBk/N5Glm6J4wrpT5VAXjR
+gBeVxMIWkGb5geDXISJujzrQU26roxEm3F4oUwvAgvMQd/Ha/pzXioaLycc0k91J
+apCafD39u5A+X/Y4QG/GfLG0kqOS2ioJDIlb+EJRzIL7s4cvv530p+VLu+AYEgKx
+MmGOnmML3qO/+oeL3Y32TP4Hzm2asNScseoi8a1ygyV88rLjLaVrsj7CFp9zJL0O
+Ksoovip0wuSVdQ==
+-----END CERTIFICATE-----
diff --git a/ssl/client-certs/bad-atat.mil.csr b/ssl/client-certs/bad-atat.mil.csr
new file mode 100644
index 00000000..ecd99873
--- /dev/null
+++ b/ssl/client-certs/bad-atat.mil.csr
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC0TCCAbkCAQAwgYsxCzAJBgNVBAYTAlVTMRUwEwYDVQQIEwxQZW5uc3lsdmFu
+aWExFTATBgNVBAcTDFBoaWxhZGVscGhpYTEMMAoGA1UEChQDUyZHMR4wHAYDVQQD
+ExVTSU1PTi5QQVVMLjM4NTYxMzU5MDExIDAeBgkqhkiG9w0BCQEWEXNpbW9uQHNf
+YW5kX2cuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApqjfqrAL
+1KTmEy6MVCbmHsHpahEWptalPDtVIBl5bbKTBZs4GawQB+A4n5y3IeqgwbRLbfMn
+FKR+M7U8te+72vUwvTNe2bS5SJMk4wQzKtQFt8JXzMndMy4Du+hYuLtAqxeHVsd0
+Mhdtg/p0sLfDcKcGev1WKHMu2HkosSnP149fmBmWMdUaV01jhlHdRsMh4vsYPTP+
+N1w24fEtiwj2Ced/Gs7HwubMMcPBM2y8pg1GOR276mNrSiMOsTdPrWCcqtZCwPA/
+1Pu/bsB+GsXWzHL7krdiJCQMa1u/AW0oEgbcMkHDyoCoQ9u1fD0Wli3unxOL9Bgz
+lIav/7DfI6C+uQIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBAHQg3idmnhAX9CyO
+xbzfrTQ989vs110lTRh8VY+64ufkS2bxGO4fQik+VfSi9wFshTGaUlhtgiBrdfAt
+9udaQprWmZabBmiDnoUWiM5srJfYHL5yytrYynwpVe7Y3kPvPT/Zd+B9NBr+G0aq
+SxIDce7236vAcjocgCv8gmkdrfkpOTR87gx5q3b1BBv/we4+dUKysloC1Aw23/de
+Fi49SH9Xt8ZWUBsW5MesrmTfCXPTauYgYRt8bKtA0qvzzmiE5Ydihpi9HilGuCMr
+2LKBQETR6m4FgNXNcsRIlqPR+EY8llTYMEu7LvvHn2RmVpeIT2v5TADV0AighQyB
+++ZbkbE=
+-----END CERTIFICATE REQUEST-----
diff --git a/ssl/client-certs/bad-atat.mil.key b/ssl/client-certs/bad-atat.mil.key
new file mode 100644
index 00000000..1c655bef
--- /dev/null
+++ b/ssl/client-certs/bad-atat.mil.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpgIBAAKCAQEApqjfqrAL1KTmEy6MVCbmHsHpahEWptalPDtVIBl5bbKTBZs4
+GawQB+A4n5y3IeqgwbRLbfMnFKR+M7U8te+72vUwvTNe2bS5SJMk4wQzKtQFt8JX
+zMndMy4Du+hYuLtAqxeHVsd0Mhdtg/p0sLfDcKcGev1WKHMu2HkosSnP149fmBmW
+MdUaV01jhlHdRsMh4vsYPTP+N1w24fEtiwj2Ced/Gs7HwubMMcPBM2y8pg1GOR27
+6mNrSiMOsTdPrWCcqtZCwPA/1Pu/bsB+GsXWzHL7krdiJCQMa1u/AW0oEgbcMkHD
+yoCoQ9u1fD0Wli3unxOL9BgzlIav/7DfI6C+uQIDAQABAoIBAQCJUEiAzO3idT7v
+fQG38BjYLLLRZmUAb4fS2Zvoh7SpsmE6VEpjtIW8x3w/3hJxSmzLTG59l8KSWnl0
+xxXPXUetPym6KZIz05h5eGsC9Jnn5qsTXXeTzpqHKZmAAA7hnb7JeOhUkp9lCjJ8
+dCYi2DWaIrPPL94GE+j8CM+DMM0Db9QmShQC5XbZPgsHiHvvffuvd4G90XcANEM/
+KHuwSoZ9xgySZDG+ENlqYu93GGrL3DYUozjMUChzVKZYyYySxII1ja11oznXcAyG
+nj5xeBmKv6KzYD5LOMIapWfVTNHLG1FM7bhVccrWKIAVKW4Lqd+gcMC+/wU2YIx9
+K9WGV8RlAoGBANWTrGCvaM9r2piXlGB6VB/KmZXFI9R7wjE+waW+3XBZ6YVZiMGQ
+jebeT+PPbeaggaDMIxZ70vJ+rNbS2MYrI44AIIueq636PoT7JtjfhakgZ7LBqc37
+F56rvObPTuFCElVKS1/nIaNAnvoNUoSqt42t7+VzkNfLYCalkHHpsXxHAoGBAMfD
+eUhuUaPTDT02NVjrNAA0yIkRIoyrbv7KGKuJStoPy7W4L6aZC0iFWZmwXTYBuC73
+ulZQ88X3bexKS0NkfQJBLPTQFYNUYS/H+OCwkuFj160tysZbG8rx/IsfZwWqoitH
+wR1Bgz++k5AApcgjMEWmt8l0NT5Mr6M0waylWGz/AoGBALQa3giCo14XU7XOTZ+2
+SO6uSSoVnwt2eeJRS7fb5pzyFY0QXdTtc9y2qKQxrjoILIhO3V/+d3tq+5IFKCyl
+AEylKszSt2/1UXeO28mTZQGkhA4oZmt/TQHPTXNOavRmZVNrXXi4TpN+0RGI3odl
+93gQr/bMp95ycNjmUZLeQX/NAoGBAI6PT5SDNjwFuCMA9p1YbSnggWRgGBnvliy6
+qVRxjDuGnkg3A7qO6eB9We42UK7kFz9dh1tmNjIHXCkO9BtKMXRUcvLbNR8eLqVc
+vp4LJSc4i4iJb3aTOohgnWvjozAGD+l3MbfhMvtg1AomjCkCA8cRLYPVLNIjBA0i
+7zx4W1ydAoGBAKS26yBJT9ZbIKLtoqZ6wOdz0l4r+ZaHmO+LjiGuFUh7w2s2MsPR
+Q1JwE5aXaXP9gY7md/gz7Fcm3ebjwRkdcvGvIQyncv4mF64b+FFnpgjQFHg5+OqD
+A57e0VDFI2LYhFstVHNZ1sRA+tBKQygd7Hzlz4BZdSD6EY7fvWNSJ7/j
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/client-certs/client-ca.crt b/ssl/client-certs/client-ca.crt
new file mode 100644
index 00000000..80007c82
--- /dev/null
+++ b/ssl/client-certs/client-ca.crt
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIElTCCA32gAwIBAgIJAN5qDki+VlfPMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYD
+VQQGEwJVUzEVMBMGA1UECBMMUGVubnN5bHZhbmlhMRUwEwYDVQQHEwxQaGlsYWRl
+bHBoaWExEDAOBgNVBAoTB0ZhdXhEb0QxCzAJBgNVBAsTAlBXMREwDwYDVQQDEwhG
+YXV4IERvRDEeMBwGCSqGSIb3DQEJARYPZmF1eGRvZEBkb2QuY29tMB4XDTE4MDYy
+MDIwMzg0N1oXDTE5MDYyMDIwMzg0N1owgY0xCzAJBgNVBAYTAlVTMRUwEwYDVQQI
+EwxQZW5uc3lsdmFuaWExFTATBgNVBAcTDFBoaWxhZGVscGhpYTEQMA4GA1UEChMH
+RmF1eERvRDELMAkGA1UECxMCUFcxETAPBgNVBAMTCEZhdXggRG9EMR4wHAYJKoZI
+hvcNAQkBFg9mYXV4ZG9kQGRvZC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDyQUFcuQ+YKOEJtv4XjKOTpOLp8IdbsaFwU8YgenMdvAc1ONZRL/2o
+jaCZx+kB2QSCVH2jaLUQ/2i4uz4rE21Ngpx+EHa1hgDQANle3d5CWrn2Q10/pdPe
+rJHYkMSiZ3cNWfFPBfHDtJrLlRUwJkgy+lUSLnOaipmBZMYXbV8/qUh69nWJQNXi
+AvmSUw8jwUPfTrpQVzftkOYz+0HVJyvKijTsj1LaPZTR3D8OhbFnvZWIlhIUjJZO
+jap/xQ3YEOcNF+gfx8hDQG2SnltWgecPsgiBRXmZK2IqDv39DE2DNiukEclZLhbN
+SpTibNZwkVzcTSRV2mSOHKXqTcH0wTvpAgMBAAGjgfUwgfIwHQYDVR0OBBYEFAo/
+6auHcKMK1ItTElg1Kk4MyoB5MIHCBgNVHSMEgbowgbeAFAo/6auHcKMK1ItTElg1
+Kk4MyoB5oYGTpIGQMIGNMQswCQYDVQQGEwJVUzEVMBMGA1UECBMMUGVubnN5bHZh
+bmlhMRUwEwYDVQQHEwxQaGlsYWRlbHBoaWExEDAOBgNVBAoTB0ZhdXhEb0QxCzAJ
+BgNVBAsTAlBXMREwDwYDVQQDEwhGYXV4IERvRDEeMBwGCSqGSIb3DQEJARYPZmF1
+eGRvZEBkb2QuY29tggkA3moOSL5WV88wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B
+AQUFAAOCAQEAp4fVYeSKYJICBQt37NOF6qZ+dv8GBDI+oZy7vC+VcjiRaODkiz9w
+IO5dBZxx/ldH5sD24Oc2SH+48S6UjE/D5kDpM/nIddfVfL2f222sE14RsqgrhmbG
+qRaEB8NXWiSQyKOKX63v8scioUqb9hFY+gtwb8HDFiOZFx+67L/NaXSh6VA8BbLj
+o55EafjTgr+Yad7SrZI5f6Q2iQ+uuHcJsf7fEe3Kts5Uwt5KXBBfMxeaSyQRxNX+
+JBBmy6MaxddPtus3MH+eIgI2Wp2rofH/PtGnSoizBj5IZXBkc18x1DG5pAJL4205
+EKQoicsafE27XBw45dK3cRBLXPWt8JrCBg==
+-----END CERTIFICATE-----
diff --git a/ssl/client-certs/client-ca.der.crl b/ssl/client-certs/client-ca.der.crl
new file mode 100644
index 00000000..8ec9e37f
Binary files /dev/null and b/ssl/client-certs/client-ca.der.crl differ
diff --git a/ssl/client-certs/client-ca.key b/ssl/client-certs/client-ca.key
new file mode 100644
index 00000000..dc6229c6
--- /dev/null
+++ b/ssl/client-certs/client-ca.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEA8kFBXLkPmCjhCbb+F4yjk6Ti6fCHW7GhcFPGIHpzHbwHNTjW
+US/9qI2gmcfpAdkEglR9o2i1EP9ouLs+KxNtTYKcfhB2tYYA0ADZXt3eQlq59kNd
+P6XT3qyR2JDEomd3DVnxTwXxw7Say5UVMCZIMvpVEi5zmoqZgWTGF21fP6lIevZ1
+iUDV4gL5klMPI8FD3066UFc37ZDmM/tB1Scryoo07I9S2j2U0dw/DoWxZ72ViJYS
+FIyWTo2qf8UN2BDnDRfoH8fIQ0Btkp5bVoHnD7IIgUV5mStiKg79/QxNgzYrpBHJ
+WS4WzUqU4mzWcJFc3E0kVdpkjhyl6k3B9ME76QIDAQABAoIBAQCC7bnBv1MqTY2y
+jnAtkhkmRstM3G6LpCk4aE6AZy2oOGM85IcQQfu6CTFva5gHI59IQRnWI1UY5rFW
+hfxHk6xTY+/oQkWmPdJamNriZs8k1ZwD+MyBBcLIakQ446UikQDK+n1s1C2iNA4l
+UWGuMEJ9KsanmOtp7tagFDLrnnUIFgyfQv5JI/QBZSMd9UReRv3xQrdv+KK58zJE
+/zsuFFO00YS0xzDYwikuwabDXaWCt8/9rDDlthIEaJRzTxZiLK90k6DaywRnO7rJ
+Q4Q/1WUGzdA7wfkQOWLozP1To2d6Q/KK1TiRaY0uieGvTvT7kXVDne4+lb3zAmAW
+IxdyNYBxAoGBAPtgEjGapRzPLcgJqVuup5W+/gc8NWcSK4NJWAwFWN9n6wOf+jQu
+YkwVUoF0KN0g9a1rymvnv+fHdvqQ+uDtdqCMcU3DNVx1uwTf0V/kPsxSwhTjrQ3h
+4tMXL4EzOUhYV1us/PtrmSlKS1SuQXbBdgNM7n71X0zWgsHeDvIf4YQTAoGBAPa2
+OqNOUFiA8Yz7wG/Aw1LiPX+DJZVmH05yXDSWicwSyrhorxktweMNd1e+syYW+5Qe
+GFu3qaxmOlPL9M5IvbUiAV7nmiVcezBnLxBLmOdc9rk8CU8qakZDESsy/pC741/U
+y6MQZzsbKIhxG4djbl+9Mr8wom+DGQtkFJ7RvqeTAoGBAOrJRLUIGAfcioo4W/LC
+Isz+4w2m8soecn3hV1eC9wtTaHKuTWfHmxAtKi63bCN90Xn1H8/BWcEG0N4f4/OK
+WC6Efp9/IKwHWnKnCkxiRzVYZuZT8SLyRIWdNkWarnof6Rg7bt72FMw4FDw3tfVR
+pQRYKrpyPFzsTpz850DG/j/5AoGAZ5BxpxH96lkejRc1XfQmSknMlRWBlmiLJcwd
+5rl22OLelHDlaAVsSZriiUP1Qj0NmMzVXtMHd+Zl/70zY9DnSf0fZC6G574dvGDk
+QcvqQN0mePW51rCwchQ/RcofULR+q0DRxv7gxtAMwNHyQ3A66herENUiqvr2bXCy
+s0TK6t8CgYEA7IS8e3x9SvXwfjGyJslbxhI4P7cBuVU5aL1SqYpaNx61JdmnPct4
+ruQntKHL5DvPNNRwFUvySkH93zjvjOWqF1g8kSO2ZPDj+WajStAHwA1TmVYIfkpV
+xfv5mlcKUfyLmoJ6nKuCf/pt49Gmp3vRsmxZrEcbBqGAVBI7LslQQr4=
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/client-certs/client-ca.pem.crl b/ssl/client-certs/client-ca.pem.crl
new file mode 100644
index 00000000..d4110181
--- /dev/null
+++ b/ssl/client-certs/client-ca.pem.crl
@@ -0,0 +1,13 @@
+-----BEGIN X509 CRL-----
+MIIB8jCB2zANBgkqhkiG9w0BAQQFADCBjTELMAkGA1UEBhMCVVMxFTATBgNVBAgT
+DFBlbm5zeWx2YW5pYTEVMBMGA1UEBxMMUGhpbGFkZWxwaGlhMRAwDgYDVQQKEwdG
+YXV4RG9EMQswCQYDVQQLEwJQVzERMA8GA1UEAxMIRmF1eCBEb0QxHjAcBgkqhkiG
+9w0BCQEWD2ZhdXhkb2RAZG9kLmNvbRcNMTgwNzMwMjEyOTAxWhcNMTgwODI5MjEy
+OTAxWjAcMBoCCQDe7V0Kcecn2RcNMTgwNjIwMjA0NjExWjANBgkqhkiG9w0BAQQF
+AAOCAQEAfZSS51Axnx04iSfMd1k5/TvH1R6NvUM20S/rZjJYt/uLqRElnJd7R7aI
+lLQQzSdbsuHm8HcfcMS7ZUMv989chKXMbPml+ZXkK/zp7LdjaL5THs09ek0NOM2l
+yhJcdE3K5bntk6qSgbsUpBOWLHzrp20is3BPl6gY+JRb0nnZ/SXTr4zfDctGfcot
+fSAGs3QA0Q/dpJOlSkGzxlzjB7dXDuoHTaJwy2s48IriNvvtVktM2AS+B/843vMC
+ToI5ZUh3RkSCgGvKexobg85Ke1QwWTYuj392JhakpIu/Qc71BK0jtbY9mVuFLwqW
+RFXDKIzRiL4S7iZWu/bpqTYyqmCmeA==
+-----END X509 CRL-----
diff --git a/ssl/client-certs/crl_openssl.conf b/ssl/client-certs/crl_openssl.conf
new file mode 100644
index 00000000..5c061883
--- /dev/null
+++ b/ssl/client-certs/crl_openssl.conf
@@ -0,0 +1,26 @@
+[ ca ]
+default_ca = CA_default # The default ca section
+
+[ CA_default ]
+
+dir = ./ # top dir
+database = $dir/index.txt # index file.
+# new_certs_dir = $dir/newcerts # new certs dir
+
+default_days = 365 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = md5 # md to use
+
+policy = policy_any # default policy
+email_in_dn = no # Don't add the email into cert DN
+name_opt = ca_default # Subject name display option
+cert_opt = ca_default # Certificate display option
+copy_extensions = none # Don't copy extensions from request
+
+[ policy_any ]
+countryName = supplied
+stateOrProvinceName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
diff --git a/ssl/client-certs/index.txt b/ssl/client-certs/index.txt
new file mode 100644
index 00000000..ada74bef
--- /dev/null
+++ b/ssl/client-certs/index.txt
@@ -0,0 +1 @@
+R 180720204319Z 180620204611Z DEED5D0A71E727D9 unknown /C=US/ST=Pennsylvania/L=Philadelphia/O=S&G/CN=SIMON.PAUL.3856135901/emailAddress=simon@s_and_g.com
diff --git a/ssl/client-certs/index.txt.attr b/ssl/client-certs/index.txt.attr
new file mode 100644
index 00000000..8f7e63a3
--- /dev/null
+++ b/ssl/client-certs/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/ssl/client-certs/index.txt.old b/ssl/client-certs/index.txt.old
new file mode 100644
index 00000000..e69de29b
diff --git a/ssl/make-certs.sh b/ssl/make-certs.sh
new file mode 100755
index 00000000..8f1afd19
--- /dev/null
+++ b/ssl/make-certs.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+# Generate the root (GIVE IT A PASSWORD IF YOU'RE NOT AUTOMATING SIGNING!):
+echo 'MAKING CA'
+openssl genrsa -out certificate-authority/ca.key 2048
+openssl req -new -x509 -days 7300 -key certificate-authority/ca.key -sha256 -extensions v3_ca -out certificate-authority/ca.crt
+
+# Generate the domain key:
+openssl genrsa -out server-certs/dev.cac.atat.codes.key 2048
+
+echo 'MAKING CSR'
+# Generate the certificate signing request
+openssl req -nodes -sha256 -new -key server-certs/dev.cac.atat.codes.key -out server-certs/dev.cac.atat.codes.csr -reqexts SAN -config <(cat req.cnf <(printf "[SAN]\nsubjectAltName=DNS.1:dev.cac.atat.codes,DNS.2:cac.atat.codes,DNS.3:backend"))
+
+# Sign the request with your root key
+openssl x509 -sha256 -req -in server-certs/dev.cac.atat.codes.csr -CA certificate-authority/ca.crt -CAkey certificate-authority/ca.key -CAcreateserial -out server-certs/dev.cac.atat.codes.crt -days 7300 -extfile <(cat req.cnf <(printf "[SAN]\nsubjectAltName=DNS.1:dev.cac.atat.codes,DNS.2:cac.atat.codes,DNS.3:backend")) -extensions SAN
+
+# Check your homework:
+openssl verify -CAfile certificate-authority/ca.crt server-certs/dev.cac.atat.codes.crt
diff --git a/ssl/req.cnf b/ssl/req.cnf
new file mode 100644
index 00000000..a3e14495
--- /dev/null
+++ b/ssl/req.cnf
@@ -0,0 +1,26 @@
+[req]
+
+distinguished_name = req_distinguished_name
+x509_extensions = v3_req
+prompt = no
+
+[req_distinguished_name]
+
+C = US
+ST = VA
+L = SomeCity
+O = MyCompany
+OU = MyDivision
+CN = dev.cac.atat.codes
+
+[v3_req]
+
+keyUsage = keyEncipherment, dataEncipherment
+extendedKeyUsage = serverAuth
+subjectAltName = @alt_names
+
+[alt_names]
+
+DNS.1 = dev.cac.atat.codes
+DNS.2 = cac.atat.codes
+DNS.3 = backend
diff --git a/ssl/server-certs/ca-chain.pem b/ssl/server-certs/ca-chain.pem
new file mode 100644
index 00000000..0d6f3703
--- /dev/null
+++ b/ssl/server-certs/ca-chain.pem
@@ -0,0 +1,1352 @@
+-----BEGIN CERTIFICATE-----
+MIIElTCCA32gAwIBAgIJAN5qDki+VlfPMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYD
+VQQGEwJVUzEVMBMGA1UECBMMUGVubnN5bHZhbmlhMRUwEwYDVQQHEwxQaGlsYWRl
+bHBoaWExEDAOBgNVBAoTB0ZhdXhEb0QxCzAJBgNVBAsTAlBXMREwDwYDVQQDEwhG
+YXV4IERvRDEeMBwGCSqGSIb3DQEJARYPZmF1eGRvZEBkb2QuY29tMB4XDTE4MDYy
+MDIwMzg0N1oXDTE5MDYyMDIwMzg0N1owgY0xCzAJBgNVBAYTAlVTMRUwEwYDVQQI
+EwxQZW5uc3lsdmFuaWExFTATBgNVBAcTDFBoaWxhZGVscGhpYTEQMA4GA1UEChMH
+RmF1eERvRDELMAkGA1UECxMCUFcxETAPBgNVBAMTCEZhdXggRG9EMR4wHAYJKoZI
+hvcNAQkBFg9mYXV4ZG9kQGRvZC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDyQUFcuQ+YKOEJtv4XjKOTpOLp8IdbsaFwU8YgenMdvAc1ONZRL/2o
+jaCZx+kB2QSCVH2jaLUQ/2i4uz4rE21Ngpx+EHa1hgDQANle3d5CWrn2Q10/pdPe
+rJHYkMSiZ3cNWfFPBfHDtJrLlRUwJkgy+lUSLnOaipmBZMYXbV8/qUh69nWJQNXi
+AvmSUw8jwUPfTrpQVzftkOYz+0HVJyvKijTsj1LaPZTR3D8OhbFnvZWIlhIUjJZO
+jap/xQ3YEOcNF+gfx8hDQG2SnltWgecPsgiBRXmZK2IqDv39DE2DNiukEclZLhbN
+SpTibNZwkVzcTSRV2mSOHKXqTcH0wTvpAgMBAAGjgfUwgfIwHQYDVR0OBBYEFAo/
+6auHcKMK1ItTElg1Kk4MyoB5MIHCBgNVHSMEgbowgbeAFAo/6auHcKMK1ItTElg1
+Kk4MyoB5oYGTpIGQMIGNMQswCQYDVQQGEwJVUzEVMBMGA1UECBMMUGVubnN5bHZh
+bmlhMRUwEwYDVQQHEwxQaGlsYWRlbHBoaWExEDAOBgNVBAoTB0ZhdXhEb0QxCzAJ
+BgNVBAsTAlBXMREwDwYDVQQDEwhGYXV4IERvRDEeMBwGCSqGSIb3DQEJARYPZmF1
+eGRvZEBkb2QuY29tggkA3moOSL5WV88wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B
+AQUFAAOCAQEAp4fVYeSKYJICBQt37NOF6qZ+dv8GBDI+oZy7vC+VcjiRaODkiz9w
+IO5dBZxx/ldH5sD24Oc2SH+48S6UjE/D5kDpM/nIddfVfL2f222sE14RsqgrhmbG
+qRaEB8NXWiSQyKOKX63v8scioUqb9hFY+gtwb8HDFiOZFx+67L/NaXSh6VA8BbLj
+o55EafjTgr+Yad7SrZI5f6Q2iQ+uuHcJsf7fEe3Kts5Uwt5KXBBfMxeaSyQRxNX+
+JBBmy6MaxddPtus3MH+eIgI2Wp2rofH/PtGnSoizBj5IZXBkc18x1DG5pAJL4205
+EKQoicsafE27XBw45dK3cRBLXPWt8JrCBg==
+-----END CERTIFICATE-----
+subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD SW CA-58
+issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 5
+-----BEGIN CERTIFICATE-----
+MIIDHTCCAqOgAwIBAgIBETAKBggqhkjOPQQDAzBbMQswCQYDVQQGEwJVUzEYMBYG
+A1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BL
+STEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgNTAeFw0xNjEyMTMxNDQwNTJaFw0yMjEy
+MTIxNDQwNTJaMFoxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1l
+bnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRUwEwYDVQQDEwxET0QgU1cg
+Q0EtNTgwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASi6z3lLSwaqQ6FPQrMxlIW2VBf
+xYzA7f+z3pBb2AzNVnMVsRMbMe2f3LCLaAK3kVHbf2MFvd00UCQTaJNoBLrsL7pz
+SA3jHtBglzOwI5755VNZydC2aK5Ozw+a2yMQrv+jggE6MIIBNjAfBgNVHSMEGDAW
+gBSGwBVC+3F23D4tEVshEEQ1ysHcFDAdBgNVHQ4EFgQUJFUaC5AhLNYjqojSnum4
+raKAfdwwDgYDVR0PAQH/BAQDAgEGMD0GA1UdIAQ2MDQwCwYJYIZIAWUCAQsmMAsG
+CWCGSAFlAgELKTALBglghkgBZQIBCywwCwYJYIZIAWUCAQs7MBIGA1UdEwEB/wQI
+MAYBAf8CAQAwDAYDVR0kBAUwA4ABADA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8v
+Y3JsLmRpc2EubWlsL2NybC9ET0RST09UQ0E1LmNybDBKBggrBgEFBQcBAQQ+MDww
+OgYIKwYBBQUHMAKGLmh0dHA6Ly9jcmwuZGlzYS5taWwvaXNzdWVkdG8vRE9EUk9P
+VENBNV9JVC5wN2MwCgYIKoZIzj0EAwMDaAAwZQIxAKil1qozXdz7E7kAOhaZ7rOG
+81/dVR5o2KGPFavrto3g9eBE1SboimiKKiiveNnhtQIwLNAaeZukpj9sDs2e16vu
+s4rRqS3tuansdH1Fy8j9InJojBLaYeJR60j0AchyqvaG
+-----END CERTIFICATE-----
+
+subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD SW CA-57
+issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 5
+-----BEGIN CERTIFICATE-----
+MIIDHTCCAqOgAwIBAgIBEDAKBggqhkjOPQQDAzBbMQswCQYDVQQGEwJVUzEYMBYG
+A1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BL
+STEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgNTAeFw0xNjEyMTMxNDM5NDlaFw0yMjEy
+MTIxNDM5NDlaMFoxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1l
+bnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRUwEwYDVQQDEwxET0QgU1cg
+Q0EtNTcwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARnTnlhX1XAyZxEwrGRe6CpxNu/
+/EDg3NjbHIEknhq5sh7gCEwtpy3+B37ss64mWq88JTWrtjdmmsuWDQgU6Y6x6QUM
+8NnU/iEILAdH+d8YC/OCoxxUdz13Hhkdlt1JB/6jggE6MIIBNjAfBgNVHSMEGDAW
+gBSGwBVC+3F23D4tEVshEEQ1ysHcFDAdBgNVHQ4EFgQUWhIprDfUjj71jVO1IvA6
+BAnRo+swDgYDVR0PAQH/BAQDAgEGMD0GA1UdIAQ2MDQwCwYJYIZIAWUCAQsmMAsG
+CWCGSAFlAgELKTALBglghkgBZQIBCywwCwYJYIZIAWUCAQs7MBIGA1UdEwEB/wQI
+MAYBAf8CAQAwDAYDVR0kBAUwA4ABADA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8v
+Y3JsLmRpc2EubWlsL2NybC9ET0RST09UQ0E1LmNybDBKBggrBgEFBQcBAQQ+MDww
+OgYIKwYBBQUHMAKGLmh0dHA6Ly9jcmwuZGlzYS5taWwvaXNzdWVkdG8vRE9EUk9P
+VENBNV9JVC5wN2MwCgYIKoZIzj0EAwMDaAAwZQIxAJ0s/tXCmJaEmNjh96qg3PQR
+JidParsm6DRIOPgL2umoWx9QQP5mCHebRXk/KBOvpwIwUEw7/IxrYi5bF+kZNnw0
+qansI3GZB9080HFde2/owhIWZ5GMDV8mKKhoNVn3kY/D
+-----END CERTIFICATE-----
+
+subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 5
+issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 5
+-----BEGIN CERTIFICATE-----
+MIICJDCCAaqgAwIBAgIBDzAKBggqhkjOPQQDAzBbMQswCQYDVQQGEwJVUzEYMBYG
+A1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BL
+STEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgNTAeFw0xNjA2MTQxNzE3MjdaFw00MTA2
+MTQxNzE3MjdaMFsxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1l
+bnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRYwFAYDVQQDEw1Eb0QgUm9v
+dCBDQSA1MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAENmLeC07Ax9cpRTp/HJnmKiF2
+sQDdjEf/wLG0+s46TlL7p+02LRweHJCNl6orpuLTc3N8XBzQZ/QKKdOQhOtR5fFe
+HMDShoTFbdEkSQ7sF4nkaMjeGlwaBtA4GTMpARqBo0IwQDAdBgNVHQ4EFgQUhsAV
+Qvtxdtw+LRFbIRBENcrB3BQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB
+Af8wCgYIKoZIzj0EAwMDaAAwZQIwQQbk3t5iNJ3fuKoW2W2iOB85IlfJcIQfkw9X
+fgUvpUszzRXqV9XSKx+bjXzOarbMAjEAt4HS4TuTzxFk3AsvF9Jt1dgF5FByYmXc
+pDzKYaUGmsn77cQwyXuJ4KW+Y1XmnBHj
+-----END CERTIFICATE-----
+
+subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD SW CA-56
+issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 4
+-----BEGIN CERTIFICATE-----
+MIIC4zCCAoigAwIBAgIBSTAMBggqhkjOPQQDAgUAMFsxCzAJBgNVBAYTAlVTMRgw
+FgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMD
+UEtJMRYwFAYDVQQDEw1Eb0QgUm9vdCBDQSA0MB4XDTE2MTEyMjE1NDgyMloXDTIy
+MTEyMzE1NDgyMlowWjELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD1UuUy4gR292ZXJu
+bWVudDEMMAoGA1UECwwDRG9EMQwwCgYDVQQLDANQS0kxFTATBgNVBAMMDERPRCBT
+VyBDQS01NjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJ8P6wqfbu85tSo6iiVb
+QpyTzVfDbEcUuojsnZxa2ZviI59J9fOB6LkSxvoaclcIDG2CQHb/cTFRlYnmny28
+qhajggE6MIIBNjAfBgNVHSMEGDAWgBS9wblrTfQd7DCQv2JzwIQz8nEkhTAdBgNV
+HQ4EFgQUvPL0UZ0qy+OdEFZjBXZWyd261FswDgYDVR0PAQH/BAQDAgGGMD0GA1Ud
+IAQ2MDQwCwYJYIZIAWUCAQslMAsGCWCGSAFlAgELKDALBglghkgBZQIBCyswCwYJ
+YIZIAWUCAQs7MBIGA1UdEwEB/wQIMAYBAf8CAQAwDAYDVR0kBAUwA4ABADA3BgNV
+HR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmRpc2EubWlsL2NybC9ET0RST09UQ0E0
+LmNybDBKBggrBgEFBQcBAQQ+MDwwOgYIKwYBBQUHMAKGLmh0dHA6Ly9jcmwuZGlz
+YS5taWwvaXNzdWVkdG8vRE9EUk9PVENBNF9JVC5wN2MwDAYIKoZIzj0EAwIFAANH
+ADBEAiBjgR3FzwuqcKfmIAyyghC85+C4WZWLlLV/pnA+KF16igIgdT3W8YPHEMGh
+WPpqVeBR1xJfFBl4H+a8OxmJ8RTZdUQ=
+-----END CERTIFICATE-----
+
+subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD SW CA-55
+issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 4
+-----BEGIN CERTIFICATE-----
+MIIC5TCCAoigAwIBAgIBSDAMBggqhkjOPQQDAgUAMFsxCzAJBgNVBAYTAlVTMRgw
+FgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMD
+UEtJMRYwFAYDVQQDEw1Eb0QgUm9vdCBDQSA0MB4XDTE2MTEyMjE1NDY0NloXDTIy
+MTEyMzE1NDY0NlowWjELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD1UuUy4gR292ZXJu
+bWVudDEMMAoGA1UECwwDRG9EMQwwCgYDVQQLDANQS0kxFTATBgNVBAMMDERPRCBT
+VyBDQS01NTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDmzh2HFjUhGEaKxXU5E
+jVU66fMJbN52tWk4QsBIU8rCcuKdzyoY3DTULRv5WdF4mjPHBTfycuWOmxztrU64
+N+ajggE6MIIBNjAfBgNVHSMEGDAWgBS9wblrTfQd7DCQv2JzwIQz8nEkhTAdBgNV
+HQ4EFgQUpW9LHZK1y9132ba9SAa+BkgJNBgwDgYDVR0PAQH/BAQDAgGGMD0GA1Ud
+IAQ2MDQwCwYJYIZIAWUCAQslMAsGCWCGSAFlAgELKDALBglghkgBZQIBCyswCwYJ
+YIZIAWUCAQs7MBIGA1UdEwEB/wQIMAYBAf8CAQAwDAYDVR0kBAUwA4ABADA3BgNV
+HR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmRpc2EubWlsL2NybC9ET0RST09UQ0E0
+LmNybDBKBggrBgEFBQcBAQQ+MDwwOgYIKwYBBQUHMAKGLmh0dHA6Ly9jcmwuZGlz
+YS5taWwvaXNzdWVkdG8vRE9EUk9PVENBNF9JVC5wN2MwDAYIKoZIzj0EAwIFAANJ
+ADBGAiEA8zQA+T3anaM0b1QsYSEvu8Y95S03GGy8fG2Hoi661FICIQCDCbwQZD1Z
+8NhnjbOBDEonqzFEdiXgGiq26ss/1ejDaw==
+-----END CERTIFICATE-----
+
+subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID SW CA-48
+issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 4
+-----BEGIN CERTIFICATE-----
+MIIC2jCCAn6gAwIBAgIBCjAMBggqhkjOPQQDAgUAMFsxCzAJBgNVBAYTAlVTMRgw
+FgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMD
+UEtJMRYwFAYDVQQDEw1Eb0QgUm9vdCBDQSA0MB4XDTE2MDQxMjEzMTk0OVoXDTIy
+MDQxMzEzMTk0OVowXTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJu
+bWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQLEwNQS0kxGDAWBgNVBAMTD0RPRCBJ
+RCBTVyBDQS00ODBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHP3gMIrM5XHrtPg
+Np7Bm42eqJiheI0fMNe9WDJkFdJbJeTrdxUtYQJfb4nYmLlnGG7Bw3RLHhLhS0vi
+MO0inc2jggEtMIIBKTAfBgNVHSMEGDAWgBS9wblrTfQd7DCQv2JzwIQz8nEkhTAd
+BgNVHQ4EFgQUtraXanDTuzYAuelFdC8nlSryWQkwDgYDVR0PAQH/BAQDAgGGMDAG
+A1UdIAQpMCcwCwYJYIZIAWUCAQsoMAsGCWCGSAFlAgELKzALBglghkgBZQIBCyUw
+EgYDVR0TAQH/BAgwBgEB/wIBADAMBgNVHSQEBTADgAEAMDcGA1UdHwQwMC4wLKAq
+oCiGJmh0dHA6Ly9jcmwuZGlzYS5taWwvY3JsL0RPRFJPT1RDQTQuY3JsMEoGCCsG
+AQUFBwEBBD4wPDA6BggrBgEFBQcwAoYuaHR0cDovL2NybC5kaXNhLm1pbC9pc3N1
+ZWR0by9ET0RST09UQ0E0X0lULnA3YzAMBggqhkjOPQQDAgUAA0gAMEUCIQC+iGG8
+kjbV/VNcKlxuuufzU0hVa3nbY+AH1G/019EVGgIgOBioOJjL2DEOswswow0z0Way
+O+Dq52y9IIt1LNiEuQw=
+-----END CERTIFICATE-----
+
+subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID SW CA-47
+issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 4
+-----BEGIN CERTIFICATE-----
+MIIC2zCCAn6gAwIBAgIBCTAMBggqhkjOPQQDAgUAMFsxCzAJBgNVBAYTAlVTMRgw
+FgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMD
+UEtJMRYwFAYDVQQDEw1Eb0QgUm9vdCBDQSA0MB4XDTE2MDQxMjEzMTI0M1oXDTIy
+MDQxMzEzMTI0M1owXTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJu
+bWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQLEwNQS0kxGDAWBgNVBAMTD0RPRCBJ
+RCBTVyBDQS00NzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABIXYA5Gtzjuc8KIc
+kgMu3+mgBPldfBkOr9i+4whQzY84FDKvzsc78BbuQicWDsbJDXN45N5ACoAkwrIz
+MP1NRZyjggEtMIIBKTAfBgNVHSMEGDAWgBS9wblrTfQd7DCQv2JzwIQz8nEkhTAd
+BgNVHQ4EFgQUowEMSwGcEB8madmOXGcnxdqsNnowDgYDVR0PAQH/BAQDAgGGMDAG
+A1UdIAQpMCcwCwYJYIZIAWUCAQsoMAsGCWCGSAFlAgELKzALBglghkgBZQIBCyUw
+EgYDVR0TAQH/BAgwBgEB/wIBADAMBgNVHSQEBTADgAEAMDcGA1UdHwQwMC4wLKAq
+oCiGJmh0dHA6Ly9jcmwuZGlzYS5taWwvY3JsL0RPRFJPT1RDQTQuY3JsMEoGCCsG
+AQUFBwEBBD4wPDA6BggrBgEFBQcwAoYuaHR0cDovL2NybC5kaXNhLm1pbC9pc3N1
+ZWR0by9ET0RST09UQ0E0X0lULnA3YzAMBggqhkjOPQQDAgUAA0kAMEYCIQCN7jJe
+h0KGZ05OTCbxZKgvqR7N3hco4qTXcETpm1mPmAIhAPZWclBf54lOCDQku0UBz8gW
+lYdeVXmiuKz7DveFthis
+-----END CERTIFICATE-----
+
+subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 4
+issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 4
+-----BEGIN CERTIFICATE-----
+MIIB6zCCAY+gAwIBAgIBATAMBggqhkjOPQQDAgUAMFsxCzAJBgNVBAYTAlVTMRgw
+FgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMD
+UEtJMRYwFAYDVQQDEw1Eb0QgUm9vdCBDQSA0MB4XDTEyMDczMDE5NDgyM1oXDTMy
+MDcyNTE5NDgyM1owWzELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJu
+bWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQLEwNQS0kxFjAUBgNVBAMTDURvRCBS
+b290IENBIDQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR2yNhDyw8H0iwPKtA4
+8YLNQlXn3B1agLcIkUtU1k+yZoU0lo0uPvTgSpF8zM2GnxHgUqFmgsbLkCPsX1/1
+8DxFo0IwQDAdBgNVHQ4EFgQUvcG5a030HewwkL9ic8CEM/JxJIUwDgYDVR0PAQH/
+BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wDAYIKoZIzj0EAwIFAANIADBFAiEA6GGK
+99yqCaUH0kSeggNaRFNHhCOZz1zT3kpe1rs1NUYCIHYPuMR8FjV/1BLtiD2AEWtk
+B0xFZd9Trl8B7fFD0vW3
+-----END CERTIFICATE-----
+
+subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID SW CA-46
+issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3
+-----BEGIN CERTIFICATE-----
+MIIErjCCA5agAwIBAgIBZDANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEY
+MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsT
+A1BLSTEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgMzAeFw0xNjAzMDgxNDIyMjdaFw0y
+MjAzMDkxNDIyMjdaMF0xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVy
+bm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRgwFgYDVQQDEw9ET0Qg
+SUQgU1cgQ0EtNDYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB8t7O
+izHtqCLUKXdNcAOYlJDNyNoqW22ZB75KiU3GJna5ww499SOnBaEU4OvRSMI3FcKS
+lZRvJJIbNpcUbn6X/4cEH6g64lCGSXcm8nl/rU1W0onf7l/fk8tcaVRG0hP9iTbe
+7fjlJ7hEWwKEXSk7Xkr/3e09bvKIHVtiCsV6cOlNsK6H7JbEhRw4yPOkqdXtrpQX
+mNh9Y6OGya91I1vzYO+zcexr2+MOoHFJyADBVF/+LrMWdRqVI0Fl8r8NXKnGXpC7
+yPns28gz1egmxJ5NsJtQ8p4WHMQnA6J3wPr+7na+5MKzLgCIoMxD2vIJ0FU28ODE
+WrAb9clqWqv/Jte/AgMBAAGjggF5MIIBdTAfBgNVHSMEGDAWgBRsipSid7GAch2B
+ehaq8tzOZu5FwDAdBgNVHQ4EFgQUW2dpXrVYC5wfCdw1fZvWJ+5iqpwwDgYDVR0P
+AQH/BAQDAgGGMFoGA1UdIARTMFEwCwYJYIZIAWUCAQskMAsGCWCGSAFlAgELJzAL
+BglghkgBZQIBCyowDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMRMAwGCmCGSAFl
+AwIBAycwEgYDVR0TAQH/BAgwBgEB/wIBADAMBgNVHSQEBTADgAEAMDcGA1UdHwQw
+MC4wLKAqoCiGJmh0dHA6Ly9jcmwuZGlzYS5taWwvY3JsL0RPRFJPT1RDQTMuY3Js
+MGwGCCsGAQUFBwEBBGAwXjA6BggrBgEFBQcwAoYuaHR0cDovL2NybC5kaXNhLm1p
+bC9pc3N1ZWR0by9ET0RST09UQ0EzX0lULnA3YzAgBggrBgEFBQcwAYYUaHR0cDov
+L29jc3AuZGlzYS5taWwwDQYJKoZIhvcNAQELBQADggEBAHrAmFSy86ZAscEU5KID
+UdXtfC3+OV/I1BYnYiZHJKJj8zRuqvdWvsulKtCGKZo1wFv446n/14YRbI3TKno2
+Q/c4J6uz+MOsIGLyPvPmwO5Y6Gaqj5EDD6rgyYSRdHrmBlLE1aUmedc86UOMKAz6
+OwmUFRru8aXF/YSEWQmkeIWX4saImbv8Evb2vqjDPFERjH6BebYDRI7ZpMWg8jJt
+LnQFoKOhCOTnHJz0vd/vnh4IC+7+KNgbg+RZ0O3H9dnBeULcLGeHtw2F2jBMrlyW
+d0Iyn7vj9cOGkdrkggSpdGqqlXiNkVsYhyPXztL8jOqmyY7ndXubEQCsYxMIIXur
+SEQ=
+-----END CERTIFICATE-----
+
+subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID SW CA-45
+issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3
+-----BEGIN CERTIFICATE-----
+MIIErjCCA5agAwIBAgIBYzANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEY
+MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsT
+A1BLSTEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgMzAeFw0xNjAzMDgxMzI4NTZaFw0y
+MjAzMDkxMzI4NTZaMF0xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVy
+bm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRgwFgYDVQQDEw9ET0Qg
+SUQgU1cgQ0EtNDUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVVtcp
+RJMdLbl4C4dfjcBCfAqUMLRbXiKiDRnAMXn3c5IrYEND7uJKJTCrQklQ8YC570Za
+YXxhSaKiFbcR0MA7oHEF8HWglB53GSmFowqtAiERS/AWbMJoXlh/MBJweeSVUzat
+CPO8V3q56Y/5OFglW5YV3tA3Kgv+BvlqjYCzWNeBwfyeglkB8EWi58llAiyjsGPd
+QpN71LOyqHK16SCv22E6mIyrxfFgeaWIxIBeXzgVxDzZ2djbsqYyrJlAdUCbGzh/
+O9N0MhEC0mMRcgo7uER0olnWri1oOWtJl2Ok8ZvMqGQbdkxkkmxCthUWyxFoVq7P
+xU7IYmBiBn27SyF7AgMBAAGjggF5MIIBdTAfBgNVHSMEGDAWgBRsipSid7GAch2B
+ehaq8tzOZu5FwDAdBgNVHQ4EFgQUy/0Vpppg8S5OW5UcjD8djcKjIhswDgYDVR0P
+AQH/BAQDAgGGMFoGA1UdIARTMFEwCwYJYIZIAWUCAQskMAsGCWCGSAFlAgELJzAL
+BglghkgBZQIBCyowDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMRMAwGCmCGSAFl
+AwIBAycwEgYDVR0TAQH/BAgwBgEB/wIBADAMBgNVHSQEBTADgAEAMDcGA1UdHwQw
+MC4wLKAqoCiGJmh0dHA6Ly9jcmwuZGlzYS5taWwvY3JsL0RPRFJPT1RDQTMuY3Js
+MGwGCCsGAQUFBwEBBGAwXjA6BggrBgEFBQcwAoYuaHR0cDovL2NybC5kaXNhLm1p
+bC9pc3N1ZWR0by9ET0RST09UQ0EzX0lULnA3YzAgBggrBgEFBQcwAYYUaHR0cDov
+L29jc3AuZGlzYS5taWwwDQYJKoZIhvcNAQELBQADggEBADPubZ/kZNDB/hkuGuuK
+OmiGZJC2C1dBGkuM0SXewWzGHEPKapa4rNDrgDSTQMOLeMUCmr4XbHbMo1mqIDBc
+SioVFiq+CooCskj3D+gj1Y+dbfi+IW8/IlbHVDxlApDlJ11v3nvNJNHp7gA0hFVD
+Da2Upj9wVsYr0ReXvHRz0Zb6a1/7R6to41c8wwg3hWCGCXsPvnILaQK5JmxNVX1i
+HT95UKDxnysb+vw+GxxJgaIH87HkgxZtOc7WUnP+GFALfKQyLsR8J3vkIkI2DJfP
+FjtBblgXWn9lCI5lYgeH3VbKjVvowcUWuw2F8PJaaNHpVpWwv+XfzLmUCdLGjZrB
+zBQ=
+-----END CERTIFICATE-----
+
+subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-44
+issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3
+-----BEGIN CERTIFICATE-----
+MIIEnTCCA4WgAwIBAgIBGzANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEY
+MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsT
+A1BLSTEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgMzAeFw0xNTExMDkxNjE4MTRaFw0y
+MTExMDkxNjE4MTRaMFoxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVy
+bm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRUwEwYDVQQDEwxET0Qg
+SUQgQ0EtNDQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDG3+Tty+pD
+oTJGbJvbL/uQUD5vXkR1G6vSxNSbFskImmrpLV2hr8uCGAFDL+Kb3dPaYLTEeaK9
+34LqDC02+Cw4mLamoXKtfBGlFT1T3AHzpS4wJAhfrSGFGRBdY76jpTn1eiaWs+nb
+CLiJjpxQOQhp7caytsZnGvLNOFUc+QZJFsyAf06cpWEmo/iAx7KXLMPV6sbGTLqm
+kyqNxYPvqd1Ryyq2vi5Pqyw0swg2+wvkMhGIZ39ryJhgaU5vcAhd39z53tNU1ttp
+xP506Z4uDG9TmBciUFfs4uZbz9aOzT9YYs6enlh172PU48WfCFIQSOXjRcB9/XkD
+btghMxTcmzgRAgMBAAGjggFrMIIBZzAfBgNVHSMEGDAWgBRsipSid7GAch2Behaq
+8tzOZu5FwDAdBgNVHQ4EFgQUMPnNVHOQG4Lyco6N7lZGokQpv/owDgYDVR0PAQH/
+BAQDAgGGMEwGA1UdIARFMEMwCwYJYIZIAWUCAQskMAsGCWCGSAFlAgELJzALBglg
+hkgBZQIBCyowDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMRMBIGA1UdEwEB/wQI
+MAYBAf8CAQAwDAYDVR0kBAUwA4ABADA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8v
+Y3JsLmRpc2EubWlsL2NybC9ET0RST09UQ0EzLmNybDBsBggrBgEFBQcBAQRgMF4w
+OgYIKwYBBQUHMAKGLmh0dHA6Ly9jcmwuZGlzYS5taWwvaXNzdWVkdG8vRE9EUk9P
+VENBM19JVC5wN2MwIAYIKwYBBQUHMAGGFGh0dHA6Ly9vY3NwLmRpc2EubWlsMA0G
+CSqGSIb3DQEBCwUAA4IBAQCnFaVDUuNpbT4YazfYL4qKc/e0Zqd1wM10uqo+ayjz
+zP5HXLL2frAudguRVxFDC1WzjB16tc1GODUWY4OOxPCyUNKUJTU3G8qcXMabjEvC
+y9wLu/5FTvE0iumpvdpSGJb2v/pBc+Tofe17SgCTpOW+METZM5fiV6e8VrYaZalg
+YXrHg+DvdBpGSteccLFLORhZoq0ZpHh7QoHNVOi9sxLhEuhRTSGebRhTkYN99PzC
+BdD6ljQ0uShqB3r8uX1pVpBskdovm2JWSX40/QahFVDMwJPImlJ7lXRNvRrkqLHH
+PaTJ4R5spBJULmUEbqVfFXG5p/I9vNVF7YZCE5nzegTf
+-----END CERTIFICATE-----
+
+subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-43
+issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3
+-----BEGIN CERTIFICATE-----
+MIIEnTCCA4WgAwIBAgIBGjANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEY
+MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsT
+A1BLSTEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgMzAeFw0xNTExMDkxNjE2MDFaFw0y
+MTExMDkxNjE2MDFaMFoxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVy
+bm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRUwEwYDVQQDEwxET0Qg
+SUQgQ0EtNDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCib5WKgEkw
+yV+HYIReCPRrFLoBoue/va3ODbll8dZITF5Dkj/Qpn/aE3cCVXkd1Oy38k+7MFGo
+I93xCKkxq+gdkeLGXEZ8tuwpuqeVHW7rjgd+2DgDuNWsXkN8UqfJvaMccLSjLfTI
+MS420x3sMtE5aOC+Zib6Ei7YlT5GUatw33BKSTZIsXqWa9tag6daktv1JonQOs9W
+z+zCwZ806AmJhygNzv5scv0+Wtbns91UzwyTBSpYi8Go03YXU1znT/hciQC6uXRY
+xUWbBRkuJyc4AsGb2mwfcfG7Tv3LoO1sv1VUV0FswWGP9dFRX3DqjIzs5ylk58oo
+CXTCrwOYIXGPAgMBAAGjggFrMIIBZzAfBgNVHSMEGDAWgBRsipSid7GAch2Behaq
+8tzOZu5FwDAdBgNVHQ4EFgQUN6mSY1xcxJ27IUhTKKrUZFBmmkUwDgYDVR0PAQH/
+BAQDAgGGMEwGA1UdIARFMEMwCwYJYIZIAWUCAQskMAsGCWCGSAFlAgELJzALBglg
+hkgBZQIBCyowDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMRMBIGA1UdEwEB/wQI
+MAYBAf8CAQAwDAYDVR0kBAUwA4ABADA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8v
+Y3JsLmRpc2EubWlsL2NybC9ET0RST09UQ0EzLmNybDBsBggrBgEFBQcBAQRgMF4w
+OgYIKwYBBQUHMAKGLmh0dHA6Ly9jcmwuZGlzYS5taWwvaXNzdWVkdG8vRE9EUk9P
+VENBM19JVC5wN2MwIAYIKwYBBQUHMAGGFGh0dHA6Ly9vY3NwLmRpc2EubWlsMA0G
+CSqGSIb3DQEBCwUAA4IBAQBqUrzdeqnC2ohoGUExkxayPe+h3TKunmYUBgFHOLtT
+w89DiGAypywUHgjSOqb1DQD7Z2JohlU2rRRn0ajIAii5DtPgGN4mB9Z5HsmdfZ8L
++CMr/Jw7oYeaRLnyWoRW6cvGiM3opBewNo1192dqv7JYHaAGIVKSdLcESJNwp347
+nDD5MauXa8/2a20lsOOrcU8PgpBHhyRPDQoBaxjjSFtH+aA7KwvFaqsUpvgiTqNp
+5j41K0ayV0rdd/K3zRKcA2weMONqDXagcvDSCMOu3S6jS/M7oc3Sv4kKk8Vjhcom
+hCvw6EHyLSiUMqNzlO71q5q3qMj9QOD6T4PK6/UxRD7D
+-----END CERTIFICATE-----
+
+subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-42
+issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3
+-----BEGIN CERTIFICATE-----
+MIIEnTCCA4WgAwIBAgIBGTANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEY
+MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsT
+A1BLSTEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgMzAeFw0xNTExMDkxNjE1MDJaFw0y
+MTExMDkxNjE1MDJaMFoxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVy
+bm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRUwEwYDVQQDEwxET0Qg
+SUQgQ0EtNDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCt4/+9beDb
+3g9kGg2MlznUY93COtiDLetMCks4aQ5/MYaSti6eoDw5L7EHlkNfnrO5XXKbQHZ7
+HqipwyE6uZ36WPEvU6ufin57Fr++aIYNk3xLAH4me6jT8qyrzn9FUBXh2UsnqCMo
+5jHl+6FJbsTq2/sSpIZl8SMUS4w6wNi/gRSrhdVfmJibhQgEj6QbvUr8aASzlyS9
++zvMRTZq7JBDEPlbdsfE3mbGWvO0+PD8HMsNrj5rKL7wdoAzQDB/YisF/9ffJw8L
+cFPsUisUdZsFTk9L7qMCcgSfCtGfw5AEw4lcmIAiHRX0Apd/iJM4kADuHUFPYzM2
+EN4ngjDxK6jVAgMBAAGjggFrMIIBZzAfBgNVHSMEGDAWgBRsipSid7GAch2Behaq
+8tzOZu5FwDAdBgNVHQ4EFgQUMqAAylmLxM58e9veGSoQioZB0eMwDgYDVR0PAQH/
+BAQDAgGGMEwGA1UdIARFMEMwCwYJYIZIAWUCAQskMAsGCWCGSAFlAgELJzALBglg
+hkgBZQIBCyowDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMRMBIGA1UdEwEB/wQI
+MAYBAf8CAQAwDAYDVR0kBAUwA4ABADA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8v
+Y3JsLmRpc2EubWlsL2NybC9ET0RST09UQ0EzLmNybDBsBggrBgEFBQcBAQRgMF4w
+OgYIKwYBBQUHMAKGLmh0dHA6Ly9jcmwuZGlzYS5taWwvaXNzdWVkdG8vRE9EUk9P
+VENBM19JVC5wN2MwIAYIKwYBBQUHMAGGFGh0dHA6Ly9vY3NwLmRpc2EubWlsMA0G
+CSqGSIb3DQEBCwUAA4IBAQA5hIjoPl6je1176wDm7i4FNGehuKkrM6KOqEZLyze2
+bkSRZXV8wIve6CkMxL89PLEa9BPXF/PpF5Wn2to4YZgZmx0j+3M9kIuIzDxKHAHB
+tfLoOXHiT/g9U9Scl09RiWVfhul13R7+Q6CQdKO1yu69bNtvL1Uxsz2LaGP3pFaS
+QklM+Ns56N3a2YJ3qNyjGnMoksBDFSkitYJJrWteHSv1iBv9FVge/d3SE9+Pq/WD
+Q22yK/0ph3gTEw61e9EYZ/TAeNb01Ju56bNo5lVHAz2UawrwGhRklJQhf/i9JRda
+gykYg4Zkczl+ZXN+0bfJDZ+kpis0wlcPrVzNKNpAVnzf
+-----END CERTIFICATE-----
+
+subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-41
+issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3
+-----BEGIN CERTIFICATE-----
+MIIEnTCCA4WgAwIBAgIBGDANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEY
+MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsT
+A1BLSTEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgMzAeFw0xNTExMDkxNjEzNTZaFw0y
+MTExMDkxNjEzNTZaMFoxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVy
+bm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRUwEwYDVQQDEwxET0Qg
+SUQgQ0EtNDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3yXSI2Ca+
+LJHgzmhn2NH9Xk02+QoEPtO4K3oHa+XKeP2Mdk4ooFy3SLvizf84zDWzqVPoofEd
+pF1NpDT89rm5JOjaI5PBm9ct4rV0ZqH34DlARMVjthW6ySUp2YDDK5dGkZTACqkn
+E2AaL777RyPLRESDp1p/J2yInUMvCc3wsJmqteSW5dUDpl7+S9SV2D+urf7zB5oB
+06D9i4YknSh3nnthtqHSCvNF0QtpynTydycBrZZ2Cv4lF/iVPpi89WDTAjwWc3u7
+HVxHqCi9Z6zB7eIIXtIRcKBJrqL7oExvAGu0C/1D6/dQfOqHa4cPEgllXfy38Zxf
+nUrFCih4TjD1AgMBAAGjggFrMIIBZzAfBgNVHSMEGDAWgBRsipSid7GAch2Behaq
+8tzOZu5FwDAdBgNVHQ4EFgQUW5HGRDbyKPL4z7LCyMpjSWGbIAowDgYDVR0PAQH/
+BAQDAgGGMEwGA1UdIARFMEMwCwYJYIZIAWUCAQskMAsGCWCGSAFlAgELJzALBglg
+hkgBZQIBCyowDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMRMBIGA1UdEwEB/wQI
+MAYBAf8CAQAwDAYDVR0kBAUwA4ABADA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8v
+Y3JsLmRpc2EubWlsL2NybC9ET0RST09UQ0EzLmNybDBsBggrBgEFBQcBAQRgMF4w
+OgYIKwYBBQUHMAKGLmh0dHA6Ly9jcmwuZGlzYS5taWwvaXNzdWVkdG8vRE9EUk9P
+VENBM19JVC5wN2MwIAYIKwYBBQUHMAGGFGh0dHA6Ly9vY3NwLmRpc2EubWlsMA0G
+CSqGSIb3DQEBCwUAA4IBAQCh4rRiX98I1sgwJ/wFaLDtM3GlKTulDu7VGpGllllh
+bUpZiaHQ8pMV2goFboAOPXxMnl2N2UM/U4/9S2uW4mosQo2gbcNT7rbi/QhlEk4Z
+u6tZek3SvhFIq+fn/XhMqiMwIOUNqroh5BnvPGLQcMqfnLebTJmkcG4I6OmXP6en
+jh/JcdNnxMhZ1ZUju61+Sw8g14fKV6kAUdrGhQPZAceZyLvUajDRXLdxFX7LWip0
+IIFPD4eM2pLx94MPpbwFo4/l+rO8LK5BLxG4YV7hIiyauwtcREoNwjRyE0TJ8qTf
+mzXUzM7YyjBQytyeKHaEyDbULAe0vfUb9p1joxoGSOue
+-----END CERTIFICATE-----
+
+subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-44
+issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3
+-----BEGIN CERTIFICATE-----
+MIIEoDCCA4igAwIBAgIBFzANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEY
+MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsT
+A1BLSTEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgMzAeFw0xNTExMDkxNjEyMTZaFw0y
+MTExMDkxNjEyMTZaMF0xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVy
+bm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRgwFgYDVQQDEw9ET0Qg
+RU1BSUwgQ0EtNDQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5wjjc
+RPtz4s4DzWJURVpAl0MhxzRT1SHv3Sju/LkVaagrEfNxEZbnkTHKciFhScbCIco4
+458+LtRXmwMZiXSPSVquEuhYjpmQggqVUs8eozfV4uMnI88FBEGUhwA8zfgwRMLF
+RQnJ4SCB3oGbZHh4sV1MutprCDwd6qrG0k8b8/GF9h1vyPZbNNBHODlfdDraBD5/
+bdX5lQ4L6J7uT5vYtTQQIRM+fk1Nlmxr2okKH4wcwK5FQ9I/kYAs7QoF9My8nAOO
+sAAYPBxq+V5UWwRqqdSSxX72YEHAyitxmwng3VMHu5pNCnmEsYSVH7C7FfQaXk/e
+Q4+o36slG0x/jys7AgMBAAGjggFrMIIBZzAfBgNVHSMEGDAWgBRsipSid7GAch2B
+ehaq8tzOZu5FwDAdBgNVHQ4EFgQUoItn0eFgZHWnOazJuDWNmJJ0c6UwDgYDVR0P
+AQH/BAQDAgGGMEwGA1UdIARFMEMwCwYJYIZIAWUCAQskMAsGCWCGSAFlAgELJzAL
+BglghkgBZQIBCyowDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMRMBIGA1UdEwEB
+/wQIMAYBAf8CAQAwDAYDVR0kBAUwA4ABADA3BgNVHR8EMDAuMCygKqAohiZodHRw
+Oi8vY3JsLmRpc2EubWlsL2NybC9ET0RST09UQ0EzLmNybDBsBggrBgEFBQcBAQRg
+MF4wOgYIKwYBBQUHMAKGLmh0dHA6Ly9jcmwuZGlzYS5taWwvaXNzdWVkdG8vRE9E
+Uk9PVENBM19JVC5wN2MwIAYIKwYBBQUHMAGGFGh0dHA6Ly9vY3NwLmRpc2EubWls
+MA0GCSqGSIb3DQEBCwUAA4IBAQCSY9dTLozPHVTcrSBDSPRiAts6kmKFip1T2qP+
+zDqETUs7FpS/EkLka8n0qjmYMtNWD9zsWKi8FbZeZ1se5tSFxL9waupfibMFsJT4
+Mnvmk3ihhUfTZYpERBmgeX7cd80+WO9SB1P+dCLw/7MjTdN8j0aOcjh+I6KLWLjA
+LfVNhpZ7/8LgsOl3sHgZ7537YsA6Ti+yezGD0jM7nKpfyg78nbK2imWutiuEyHui
+OdwcJOQpsKuoyNa5yzyuXK5ygG/PMEzJr6rfJykd6UMpADgaCZmSWueJqzMxfrI2
+ZoXlZzmX0xG2CuhOEhcqwLLvKgqu+dUKwzE4VxQYgtRtzzJf
+-----END CERTIFICATE-----
+
+subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-43
+issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3
+-----BEGIN CERTIFICATE-----
+MIIEoDCCA4igAwIBAgIBFjANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEY
+MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsT
+A1BLSTEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgMzAeFw0xNTExMDkxNjExMDJaFw0y
+MTExMDkxNjExMDJaMF0xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVy
+bm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRgwFgYDVQQDEw9ET0Qg
+RU1BSUwgQ0EtNDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCr3inR
+YhAew1kjGebIpt5eR5BSz/xqDhz6KvPNiri3gbRar7lAu7XVGAn+LYB+NyuJt3Wu
+6tSmXvvqxLPKXr47tFAkjpX2My1IGM+Y59iMsuvK+T1xeFvbZFtnC8EgntEwR0Uo
+UWtUZAdb5IdKGquolt89RTt6W1mgMhbuYEewydSknxxUI+yNvMQ6NGeaRzu9IRIm
+AmtSHUpkE5vxto8lmxRtF09LcmLSiElx7InsL3olAQSjzw2AWbHEMr4WDVTugJXn
+VLfmC8/fuTENvmLRDGnTA+li0fjORzMqmGIok5eoU3X24Qv3Ii7/XvGFyNGAKPy4
+oKAXEGn5eZtar4kvAgMBAAGjggFrMIIBZzAfBgNVHSMEGDAWgBRsipSid7GAch2B
+ehaq8tzOZu5FwDAdBgNVHQ4EFgQU9x/xRjhVv7xxi7IGO44rGLJeu7QwDgYDVR0P
+AQH/BAQDAgGGMEwGA1UdIARFMEMwCwYJYIZIAWUCAQskMAsGCWCGSAFlAgELJzAL
+BglghkgBZQIBCyowDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMRMBIGA1UdEwEB
+/wQIMAYBAf8CAQAwDAYDVR0kBAUwA4ABADA3BgNVHR8EMDAuMCygKqAohiZodHRw
+Oi8vY3JsLmRpc2EubWlsL2NybC9ET0RST09UQ0EzLmNybDBsBggrBgEFBQcBAQRg
+MF4wOgYIKwYBBQUHMAKGLmh0dHA6Ly9jcmwuZGlzYS5taWwvaXNzdWVkdG8vRE9E
+Uk9PVENBM19JVC5wN2MwIAYIKwYBBQUHMAGGFGh0dHA6Ly9vY3NwLmRpc2EubWls
+MA0GCSqGSIb3DQEBCwUAA4IBAQBb0OxJQPngXOTSzqqxRWBYjiK+4vEf/nwj7cj0
+OT07FIrRsRpyZwpENffCtMU5yv2GHqlS8JKiqw9oGNMtqoW4BtXEE0Oo7W0dnQGk
+wLv55eRN1FDI0JgpTu4zixq7NMpYx7XVADi6+3E11efmOesF20po7+Gg2MGsJTNR
+EMXh7yHcDqs6nMkPtcl1u4qivfohdRcKsIvwC1Z4cV+bjZ9A5KOBZeWsa86FzNBl
+jKTdLxebUz091aA6tjUZ/k576OPKiR1k8awlDsz5j/S9xK1Ht5KV2x8Edvgreiw4
+Dt8Disz/fX0T330P2n6GbPOcgL/wiktRjCq2BnnlmDLFwxJe
+-----END CERTIFICATE-----
+
+subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-42
+issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3
+-----BEGIN CERTIFICATE-----
+MIIEoDCCA4igAwIBAgIBFTANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEY
+MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsT
+A1BLSTEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgMzAeFw0xNTExMDkxNjA5NDJaFw0y
+MTExMDkxNjA5NDJaMF0xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVy
+bm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRgwFgYDVQQDEw9ET0Qg
+RU1BSUwgQ0EtNDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmnSX1
+j25X0lrlxl7FTi65DxzSaXlUQwPPILHxQh4pWMbA7Rff4r+duETma3mrPmaej45H
+KYPF+1jFiV+jLiPFXzQKcsrrImratXcABFus0lA8xBtvhjZTE/vmGSXZpBPFAkyb
+jof3OJBzzWwo+kPrK/je0Kbrlq4jekNcpXDeR4Qp2FXtwMgeS9RnMGUWbO7sv/iJ
+ceUkXD9WG6IY2GW3EMsx5MJtxe6M7ACsMb0J3eN+2BAxAZZGjMRjPa2C+2kc922j
+Bsr4mfQ9hEbWEu5wWLwiJLBH+9NaTBxlqcGS8yyX0xQktvLHlrmnIUpQksH3x/6F
+UnzXQ1CKhaENi4lvAgMBAAGjggFrMIIBZzAfBgNVHSMEGDAWgBRsipSid7GAch2B
+ehaq8tzOZu5FwDAdBgNVHQ4EFgQUbwWkXaLEr5VbQZHfC3gLFu8cCW4wDgYDVR0P
+AQH/BAQDAgGGMEwGA1UdIARFMEMwCwYJYIZIAWUCAQskMAsGCWCGSAFlAgELJzAL
+BglghkgBZQIBCyowDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMRMBIGA1UdEwEB
+/wQIMAYBAf8CAQAwDAYDVR0kBAUwA4ABADA3BgNVHR8EMDAuMCygKqAohiZodHRw
+Oi8vY3JsLmRpc2EubWlsL2NybC9ET0RST09UQ0EzLmNybDBsBggrBgEFBQcBAQRg
+MF4wOgYIKwYBBQUHMAKGLmh0dHA6Ly9jcmwuZGlzYS5taWwvaXNzdWVkdG8vRE9E
+Uk9PVENBM19JVC5wN2MwIAYIKwYBBQUHMAGGFGh0dHA6Ly9vY3NwLmRpc2EubWls
+MA0GCSqGSIb3DQEBCwUAA4IBAQB+0vQGArx8bB3kLkQtlSq/JQdzYG9ZxTu1W+nv
+eaBUzXyhUyBP1OEA0ZvyiAt7km95y3/H65mZqtBRQuz+jYf0Hxxd0fFw2cXrU8oN
+pf9of8SIit3g7H/lPvCzQrixjBPJyIZiuF/1tGqS7OmQP/4jU3+R8uvVhUi3AX2D
+XAm4VTcBpCsG3ozOCpJykAQZJxaOgqSJHFLNdPByr1fMvpsFOkSWwlGzmWObh4Xw
+ud0+naP4pbqKYjue/MeAGqgmxMJTn4hFXS5bHMViscJpnZtJz1J6XsA8aSiZO/ul
+iO/vQx3CzdEWCMB1ZCGP0xdzfDipKEMDPRpA3ucPj3dgb3Mr
+-----END CERTIFICATE-----
+
+subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-41
+issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3
+-----BEGIN CERTIFICATE-----
+MIIEoDCCA4igAwIBAgIBFDANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEY
+MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsT
+A1BLSTEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgMzAeFw0xNTExMDkxNjA1MjdaFw0y
+MTExMDkxNjA1MjdaMF0xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVy
+bm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRgwFgYDVQQDEw9ET0Qg
+RU1BSUwgQ0EtNDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCUuycR
+DCMw4iPGIbeq1Yuw/9S+tkQnTdtDE1RSp/AhVU+sIILIH0Ay5GiJYuZ1L4NdUGnJ
+rsAeRJIFUZae/eMfzARtUtnHyPteXJB1DYh8eK5b5E7RFUz5lae4AdhuUtPSRDm0
+YdH8nXJ8Fgm0w+pMCltZJLIGhfgphXbcZleyFJrRk/k30PIfNdZSoxI0dn8tJRui
+8H50cXpDbCd5Ksi+jEsdYR3Mcza6VTZRmvepwAiF9fpEqlyVqltq2OWLg8ky628V
+ODeDZ188HSx8rgpZfOxHQJpMnIyOKHH35WeXEMGC7spvrRP+d/BZsIRGmVx25FTi
+jbCFfTQeD91cb6ifAgMBAAGjggFrMIIBZzAfBgNVHSMEGDAWgBRsipSid7GAch2B
+ehaq8tzOZu5FwDAdBgNVHQ4EFgQUOSmoCGTij4OqgWFHEZEz+Fo3puQwDgYDVR0P
+AQH/BAQDAgGGMEwGA1UdIARFMEMwCwYJYIZIAWUCAQskMAsGCWCGSAFlAgELJzAL
+BglghkgBZQIBCyowDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMRMBIGA1UdEwEB
+/wQIMAYBAf8CAQAwDAYDVR0kBAUwA4ABADA3BgNVHR8EMDAuMCygKqAohiZodHRw
+Oi8vY3JsLmRpc2EubWlsL2NybC9ET0RST09UQ0EzLmNybDBsBggrBgEFBQcBAQRg
+MF4wOgYIKwYBBQUHMAKGLmh0dHA6Ly9jcmwuZGlzYS5taWwvaXNzdWVkdG8vRE9E
+Uk9PVENBM19JVC5wN2MwIAYIKwYBBQUHMAGGFGh0dHA6Ly9vY3NwLmRpc2EubWls
+MA0GCSqGSIb3DQEBCwUAA4IBAQAhEvHTWyebz05Ox9hW+neUMYI1686yzQA3er3T
+lmapTCnxNyNeGP0dcLuFqHZu7wiw6n362ygHDB4e2GQm/IFHsdPXBEQiDBtBOe24
+EOxXMEp4Ku0znOFgZEV/kng/ST4rsoyb4MVCzhCR/5lfzk0zWD5oUgnJ5YwWIITN
+zCO10fxQYiCBFDGPcMGJ/biBdcXFtzvPmrzIHDgitll91kI4Rtq5Z8K7988yqqsM
+Dm/Ec1t7aL+A+PH9CSLMLNYfllANDvpS2qGV9vh4RGjO4d8P8WAejNczrcuQ4GEA
+1aInA29sNdhLFOKAt3BDKvSjxJM/b3J3jkg6CDzmccXolN/y
+-----END CERTIFICATE-----
+
+subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID SW CA-38
+issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3
+-----BEGIN CERTIFICATE-----
+MIIEoDCCA4igAwIBAgIBEzANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEY
+MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsT
+A1BLSTEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgMzAeFw0xNTA5MjMxNTI0NTFaFw0y
+MTA5MjMxNTI0NTFaMF0xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVy
+bm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRgwFgYDVQQDEw9ET0Qg
+SUQgU1cgQ0EtMzgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMtw2M
+Q24eg6nE7h/ZXMiN0GTHnybtceAlYm5NmOWZNzr1/s22At1aN3NSilt5T2MAq7IJ
+OOPVqtQ4e8YjvwnZMl/vhk6Z4rwAePshr9HvlO8CXl257RP3uN8HgRBRyiBzJh08
+Q8W+Hrb77XMn0CzdQ7h+0+hJjdwRjSAgHfHBagAFIilYBUHtresJNB7zk/jedaIu
+v6xoTkJttS+USSWJ91Rqn1hvAZfd4XbweSqCPNFXXWvudII7DZ9G3ViymCXqXJDZ
+KXW+iEOFewY9K1BMnI+NOV/qOv335oitPYeRqnIOiQmV0J2ArCYoWfQputQuHD6Y
+y3dzTEj6dFH9CbuXAgMBAAGjggFrMIIBZzAfBgNVHSMEGDAWgBRsipSid7GAch2B
+ehaq8tzOZu5FwDAdBgNVHQ4EFgQUjsW5zPzOjlO0Ks7oESrPmylsZ8owDgYDVR0P
+AQH/BAQDAgGGMEwGA1UdIARFMEMwCwYJYIZIAWUCAQskMAsGCWCGSAFlAgELJzAL
+BglghkgBZQIBCyowDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMRMBIGA1UdEwEB
+/wQIMAYBAf8CAQAwDAYDVR0kBAUwA4ABADA3BgNVHR8EMDAuMCygKqAohiZodHRw
+Oi8vY3JsLmRpc2EubWlsL2NybC9ET0RST09UQ0EzLmNybDBsBggrBgEFBQcBAQRg
+MF4wOgYIKwYBBQUHMAKGLmh0dHA6Ly9jcmwuZGlzYS5taWwvaXNzdWVkdG8vRE9E
+Uk9PVENBM19JVC5wN2MwIAYIKwYBBQUHMAGGFGh0dHA6Ly9vY3NwLmRpc2EubWls
+MA0GCSqGSIb3DQEBCwUAA4IBAQChLaZGtZEevrRh4hyMrywIePJ1h8t8K766TTUB
+8AY2y5/BolEoHxKTOis7BRolriRFsa4PVFUSIXUsGQxrA2h8pa0v2irrEE2ixZGN
+h5rSXXhC+UtALDF8PlWUvD/M1WLOIW277YHQ4JNjMl5OEhsrVoxJZ3I32bTG8EZp
+EDmBbVPsBINRf1kjBd69xb7kk67DfUEs4fUjTHRDOflV388bX2877//UaADPfjGK
+6g9AxY++pf/4can/DhxhJ40+oKiDN29apuwmeNrfAi+CqL9uFu6JSxSUGOy4ZDLA
+vmAQHGI6r+mRBcu8U/9xuaYpkO8jAoDNn7yS4H0STEoDorrR
+-----END CERTIFICATE-----
+
+subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID SW CA-37
+issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3
+-----BEGIN CERTIFICATE-----
+MIIEoDCCA4igAwIBAgIBEjANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEY
+MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsT
+A1BLSTEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgMzAeFw0xNTA5MjMxNTIzMDVaFw0y
+MTA5MjMxNTIzMDVaMF0xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVy
+bm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRgwFgYDVQQDEw9ET0Qg
+SUQgU1cgQ0EtMzcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsrnKi
+qfWUYvBZ5poN5GMO6qotl7XJ4GGfg/lr8ipbPcgYScw8HLXrxakW0wA+uEk3Yka/
+/bfUgtiLCqr2/SMYVISjXisglAHUiK1pnXl6ANJ3FGX4eio9XdbvifXjcMu462T3
+XoZAcbbwkk7j5G2P4uJn88h2GmprYJzePNLC38yMgi4FMRsPchVYpX3Fxk2wXEOg
+hyeSYvueXWOzEtEDCEyrumQxHfW3Oru0b6JrTZMpztOlaTd9ngKLrIcKaXEyGtrj
+lCokBmTALc6xnyKmUNf4R9Imo+lVbwSIycGnePOTrJccRTUbZsfXsFeD0lIWGnHY
+rws1w9xarvIN7Gm9AgMBAAGjggFrMIIBZzAfBgNVHSMEGDAWgBRsipSid7GAch2B
+ehaq8tzOZu5FwDAdBgNVHQ4EFgQUFiR+9y3B75I/vkTnVF7p/he686EwDgYDVR0P
+AQH/BAQDAgGGMEwGA1UdIARFMEMwCwYJYIZIAWUCAQskMAsGCWCGSAFlAgELJzAL
+BglghkgBZQIBCyowDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMRMBIGA1UdEwEB
+/wQIMAYBAf8CAQAwDAYDVR0kBAUwA4ABADA3BgNVHR8EMDAuMCygKqAohiZodHRw
+Oi8vY3JsLmRpc2EubWlsL2NybC9ET0RST09UQ0EzLmNybDBsBggrBgEFBQcBAQRg
+MF4wOgYIKwYBBQUHMAKGLmh0dHA6Ly9jcmwuZGlzYS5taWwvaXNzdWVkdG8vRE9E
+Uk9PVENBM19JVC5wN2MwIAYIKwYBBQUHMAGGFGh0dHA6Ly9vY3NwLmRpc2EubWls
+MA0GCSqGSIb3DQEBCwUAA4IBAQBZDRYy0oP+yD3OiDqM3liOggDDqJidDSkqmPMB
+pxTL9iyXCAqS5OUhzKQ2/N8gRYzO1o7JNIqez7kuwj1HJ0LH94jbjyMnvrWV34mh
+m1OzbG1y/88FvheQXLgld+tjojxYVhErbFGHnxMPw1X0VpbRTWrAcetlfMNKdwPU
+AH1GDfFmczuSfqwqZcapgJal9BWMIJoCXH1sUOHXmg/6anXx1d30OH9iTYV0to76
+oHTg6PEw7nwxNDgGcVgLDVyDAyTpfQCfhV4fSLI9cDTs4nA0SUgUga01d2h1Sp4r
+0PtksjJINJlYvLggvRWucI/MokLw5F6m+w6BN+t+kEggLn6T
+-----END CERTIFICATE-----
+
+subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3
+issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3
+-----BEGIN CERTIFICATE-----
+MIIDczCCAlugAwIBAgIBATANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEY
+MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsT
+A1BLSTEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgMzAeFw0xMjAzMjAxODQ2NDFaFw0y
+OTEyMzAxODQ2NDFaMFsxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVy
+bm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRYwFAYDVQQDEw1Eb0Qg
+Um9vdCBDQSAzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqewUcoro
+S3Cj2hADhKb7pzYNKjpSFr8wFVKGBUcgz6qmzXXEZG7v8WAjywpmQK60yGgqAFFo
+STfpWTJNlbxDJ+lAjToQzhS8Qxih+d7M54V2c14YGiNbvT8f8u2NGcwD0UCkj6cg
+AkwnWnk29qM3IY4AWgYWytNVlm8xKbtyDsviSFHy1DekNdZv7hezsQarCxmG6CNt
+MRsoeGXF3mJSvMF96+6gXVQE+7LLK7IjVJGCTPC/unRAOwwERYBnXMXrolfDGn8K
+Lb1/udzBmbDIB+QMhjaUOiUv8n3mlzwblLSXWQbJOuQL2erp/DtzNG/955jk86HC
+kF8c9T8u1xnTfwIDAQABo0IwQDAdBgNVHQ4EFgQUbIqUonexgHIdgXoWqvLczmbu
+RcAwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL
+BQADggEBAJ9xpMC2ltKAQ6BI6R92BPnFPK1mGFhjm8O26GiKhVpCZhK00uaLiH+H
+9Jj1qMYJyR/wLB/sgrj0pUc4wTMr30x+mr4LC7HLD3xQKBDPio2i6bqshtfUsZNf
+Io+WBbRODHWRfdPy55TClBR2T48MqxCHWDKFB3WGEgte6lO0CshMhJIf6+hBhjy6
+9E5BStFsWEdBw4Za8u7p8pgnguouNtb4Bl6C8aBSk0QJutKpGVpYo6hdIG1PZPgw
+hxuQE0iBzcqQxw3B1Jg/jvIOV2gzEo6ZCbHw5PYQ9DbySb3qozjIVkEjg5rfoRs1
+fOs/QbP1b0s6Xq5vk3aY0vGZnUXEjnI=
+-----END CERTIFICATE-----
+
+subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD SW CA-54
+issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3
+-----BEGIN CERTIFICATE-----
+MIIEjzCCA3egAwIBAgICASwwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx
+GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL
+EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM1MTI4WhcN
+MjIxMTIzMTM1MTI4WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl
+cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E
+IFNXIENBLTU0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq0wnaj/j
+ZzXRnZnNDN5rMZW7OmPPcrG+8IQW6oHretQqvj/HCnAyX3sl5TvT6bLCG4UfLBAx
+4VRCvpsVW9fME/43E+N8pyUDjlhYe8BHO9e0RfbVjMgDh6tLagvjN3MfThg8E94C
+6TRisdifkP6WonplO1sbv8YD49GjmBWLs8KtU3xzw/StQrwNfymY8aW4lXJQa/Ca
++FXzz/tRh7Mclrlz6QCzgdHAliWK4s5tsXDxeZls2/tvTaZQCVCiyccDdc//lYzL
+UIwg3lnPcoV6CPhhw+QW4q42Y4oSu48Z9g/fAvqhrK1U0S9mHl1vWLDTHI3hkwmd
+T/O2WgKh8nvx8wIDAQABo4IBXDCCAVgwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW
+qvLczmbuRcAwHQYDVR0OBBYEFLC3KL8sBImKdCavqhOMAhBVgXmxMA4GA1UdDwEB
+/wQEAwIBhjA9BgNVHSAENjA0MAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ
+YIZIAWUCAQsqMAsGCWCGSAFlAgELOzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1Ud
+JAQFMAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9j
+cmwvRE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5o
+dHRwOi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAG
+CCsGAQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOC
+AQEAZF047yS8bq8lkMpoxFrJjmbdD1TNpjnWRmImQ32uPwNkrDbspNJ4GdqAh3N6
+ueIMcPUSmrIEs9GRZGJzOeTQ6tcQKCyWy+npsI1DQ/k5Xz0H375Bw17gnq2Bpjdy
+s8zeg8I+2lDOjSNr7RgVWWB+2sVWXdvILx4Wkh6vX57uEud046HBmc4NeDiHAer8
+NIac5A7e379NRyuusNGXkAm3g7GsE/Y7MrFsKKsMlHb+gFXVgD0DBhtF22YqmA/R
+QvTz7Ij1AD++Gv5I4IIzJFMryN6ED6XduWcTtk9Cnf0uY0z+VY8RFw9nOkECFc2b
+BA8L2LlruBOzMWbFy4kH7G/hrA==
+-----END CERTIFICATE-----
+
+subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD SW CA-53
+issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3
+-----BEGIN CERTIFICATE-----
+MIIEjzCCA3egAwIBAgICASswDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx
+GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL
+EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM1MDM1WhcN
+MjIxMTIzMTM1MDM1WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl
+cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E
+IFNXIENBLTUzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwTewS9iv
+ChYtMvNBYEOjVcVqr+3VOAEgyjt7ieJUVPrFDgtL9Sz+eXX+uBXkJwYjS0gtex6L
+RuNtdcLkukoJu34ZxnfUwc8rgTwNV8VtIyI2GJq/u/FjGwK8fHkzslOzwF8KoA6N
+NTYvKy9XohBDrrYGpRq/RuDttVfiJ4Yvcii5J6+uZTvT9035EksqjV7A+sJkFVqI
+3MZ83kN9O0ZJf4dEj4h4DKqQYHTRrpy/BL4pTGxmSpnQHne63ToqsoZntTYCYhB5
+6izOakbsUTYVauwYqlNVf0j20IwcZibztp7wqV2NgGzA81LndhYLQh+8KsDabTSV
+sZMvLHfEAeLdhwIDAQABo4IBXDCCAVgwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW
+qvLczmbuRcAwHQYDVR0OBBYEFFHEizOZlMB+uzYd4+I6Bb0ydJ1TMA4GA1UdDwEB
+/wQEAwIBhjA9BgNVHSAENjA0MAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ
+YIZIAWUCAQsqMAsGCWCGSAFlAgELOzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1Ud
+JAQFMAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9j
+cmwvRE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5o
+dHRwOi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAG
+CCsGAQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOC
+AQEACZtxX9lr6sye0RUSOLYzLCU4jVDNSQgz3qq8Kk7dJ97GdsuBzACcCIwFDpNd
+tjMtD+mwNjgfeRY5ovyMEH3ZzVhIqGpQo4WLeE+bjy3fNcU3rsb2SHNaEpRddWQ3
+jnOc3jlyg/sHaR6Jg4JfQ1G9za46AReVa1nJLHjt/BO5m/3D4iJmpJvq2Qp6N4eF
+a2VL6s8uAZKnLCocjZU2B3wYZMyaSgppaE4TOe/Hc5HJw245/cFLUL8I02iYfv9E
+KQDuTGqNzGrBuKp9LMpRrBWb0boFrZaONcVXjtCqi05fo1Fd/JhuvfraTpgxmVXi
+1OvgVGwq5lsxW2pbjSpBFebaRw==
+-----END CERTIFICATE-----
+
+subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-52
+issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3
+-----BEGIN CERTIFICATE-----
+MIIEuTCCA6GgAwIBAgICASowDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx
+GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL
+EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0OTU3WhcN
+MjIxMTIzMTM0OTU3WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl
+cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E
+IElEIENBLTUyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAltzcMp2O
+02t+fwd7rTlugoKqYF8eo/3M+JVdppPAHTiJVaVt0JSeM4xyZsKNoPBoFW/yshnx
+lRv/LyNx0VBbn+4mJ7Ea1U4FBPxCSZ68VYqKdV64UMhndawVBJM3Oy8Y3ZxPldTD
+f9ApCg4dZXSEiSnShO8YuphrNbYAd6YrdUn1IhDAhw90VTU3GMLru4vx60vFHscW
+eZHpHfET8AsClbAyqu65bsa1+o0XvGLQy2GTMzEVaR1NhYVWKRSwgqW57gbE8pV+
+63WYNwi8XIr/2TaJ5GvgBVCbgJWAwsSfFTz21ZqOou0d5xYu79iIIue5DEoRW1bm
+qserHNG7gsMvHwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW
+qvLczmbuRcAwHQYDVR0OBBYEFJroUayRVNeUmgRI+iJ5/8bV7oYrMA4GA1UdDwEB
+/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ
+YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB
+AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA
+AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E
+Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v
+Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF
+BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEAkxvd
+sbOh2zGZCsj3nu9fHEMClJVtK4kJzPJZPi44gdSn+U8X5lbtT0kxsRrqCAZntlgQ
+mp+DxnQClr35fjao3wF79nQaIOP2789a9VWZgyJfPrV2KLsxAH4/oOd2ZYdUtHfC
+lbfZwbpxFulBqPWxysKQOx3XC/3LszCR0YFqbV/c5hBRB1A4sWBlF8KRGQyKdAyc
+K7PrLcSMnLq04ugd5MfYWuJjJx/USNNWlil/LzqyCFzxPp4nGBB8y8s2LcZyvofh
+HIBN9qxl3+EXcJyeyqyNiVZcgJi+DLSmBCckb2J6lN9tbGWV02WK+8OiAiZ31CfJ
+/sezZ58EZayGYS031Q==
+-----END CERTIFICATE-----
+
+subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-51
+issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3
+-----BEGIN CERTIFICATE-----
+MIIEuTCCA6GgAwIBAgICASkwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx
+GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL
+EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0OTI3WhcN
+MjIxMTIzMTM0OTI3WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl
+cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E
+IElEIENBLTUxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjjtDs/iL
+TIf25t9SGGMP49gCFIYXcEtvTtc/vh+Cghf7qVwiNvUYCaGMq5q7F/pgL5xsw6Bn
+iCMau2bZtLfl5xnMk2VMl2GRwUayHQ/0lyteeKid6fa8sfnlyNLh8lvPuHqQFJZX
+5vpfAC24NDQCrr8YIkkNRyxJihCpj8HHYuzTplDRIpMljahhAWCsQkUqlq/5Lite
+XHYA/+EnT2hspkitSU+FUIWo0FKK95oo+i2uXX8x3cXWEUCXoR23Slk5NrGTwAsf
+TUd16xWA1acvksunx8eK3uOVCV02Q0sldVN19NaGm8lpoBfbtiNz3lo/j1VT558q
+35LmOYWI6KzSTwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW
+qvLczmbuRcAwHQYDVR0OBBYEFJ2kwVzT+WZxSaiEIwO24a8pdy2uMA4GA1UdDwEB
+/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ
+YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB
+AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA
+AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E
+Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v
+Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF
+BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEAigQ4
+aOduTUCpDvC0ue0B0GV49B0aek8HXWKc10bPb1iUCQL2DT4aIf0u+yQqrzVpTw/x
+5mVPRn2Zi2iEV5A8PsN4dReF3lblQSrSVvKFw7cq66Z8ab2ijXjpAMTJCUIOir8w
+KoOV03cnVcaW0VDTH+gOslXnm95kPqdfbxJMh06Q00XfvWfRjfnB9D8ZDXbytM5X
+mkZRyuUvWY+DKyJUy1HAuardaFpgA5WowjeQm9sAvx72LzaS7zmv+hxOliGXYOn7
+gbJATcT+zt1Ffwa9M19FjoQDSzWihW8P5cFRt6xVEwZHeD8VG++jcQfAujwX0v7U
+hFKu8gxm3wlNXOalzA==
+-----END CERTIFICATE-----
+
+subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-50
+issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3
+-----BEGIN CERTIFICATE-----
+MIIEuTCCA6GgAwIBAgICASgwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx
+GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL
+EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0ODQ3WhcN
+MjIxMTIzMTM0ODQ3WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl
+cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E
+IElEIENBLTUwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy1ncM1bN
+JJHiu1Bh5jQ8r+Y1L2pvw+6YDLGE71z5gquBqisOC6XLKffKdBSF2U55vvp0m5J8
+WdF5DSfyfdAJ7S1HlzFYVW+0KjGLELKV5tWZh/aXu8V85ZaaYkvJeeEU5cIYWLKK
+RAr1iygwnslhy1Kb7xhYV7gLYc29Wm1EgZiJ2Xm9M11FIauo40EXmQFniz4FLE/S
+4JB1lbYiP1jGa4zJrdnec1k65tZk/K4hdi2diS+9mEUz3PWrzNqjrHKxFocnh9qS
+NGqJfyfXxXgKTrZw2UG83IxHKvIpMPodX4SYUwRm5HRbrG6c1Fx12NC2go16w3dD
+ilH+aUduTNpmFQIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW
+qvLczmbuRcAwHQYDVR0OBBYEFDYuUt50qp7sux+T0b62ULXGaQv5MA4GA1UdDwEB
+/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ
+YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB
+AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA
+AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E
+Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v
+Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF
+BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEAbAli
+o7+gWX5YytmPMD9ic+aX2s0NaSdSauFYmb6khtN0CCocIqTI/TyfRJTjhI6wRNoa
+ckcjVa5H3EOp4vOrtLN4TxbhNqdE+IHafWE4/btDstI5PrA2hlFZb1zvM5EQC8u0
+BZQ/DqyShOjypvxldvol6UGjys7wecPxt3cBJC7uroY+nqfxHnOIxRFoJGdC7pSm
+f90/uDcX87oCbK/FrzJBO+/V2lGHiByC7ahcP59a4Xd69lHSMtRWquclAyBEy1Mx
+p7Bx/v5kCpv14JE6SBlYEwhFrTt4aT49FQEQ9aJFKRv7j20sS/6wxPzGx24HE0Gb
+XwusK9jo5skGLLUC3g==
+-----END CERTIFICATE-----
+
+subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-49
+issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3
+-----BEGIN CERTIFICATE-----
+MIIEuTCCA6GgAwIBAgICAScwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx
+GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL
+EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0ODE1WhcN
+MjIxMTIzMTM0ODE1WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl
+cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E
+IElEIENBLTQ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2EngKIwP
+Cl9+dsIByO2uONNLKhpnFypBAE+LM8+kekt4/HG6StaU/fmqFTRiVI0Uh+td9BWe
+8NXOYrhQRo6FVSxBkLtWZX8Px2IHxiqQ1lnrZK9UlCo8h3MPpiN8VEjH2bP/WSa0
+oZEWzEDKLB5tSKerddc+QL2uEHb+Gfym6i+5qPOLXjV00FY24FdNOyHaRjQTM/Lf
+sjWoFItHTKp5B9QogdKnyg+WkAARYtbd1nqtDXv6Fph5HaT39SEnRhc+lkrRDpDY
+c+HAU6Xywik+stgv2yFk1MhFpF5/rndEwMLIST0+lSpahJKGmYtg1VKcnDcq5CER
+C31gl6Yr7ffjAwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW
+qvLczmbuRcAwHQYDVR0OBBYEFNhnk8pG3MmVppSzBBicziU6lhxNMA4GA1UdDwEB
+/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ
+YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB
+AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA
+AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E
+Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v
+Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF
+BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEATmfP
+QPkolF5PB0fS/9DrngX0tmdSwlidBtrkY6vL/V7IMKqJk7r+hHW6k9+nxijHFj6Y
+J1+4ElpH/PwWPsqwVIshQxECvJKfo3OfN3a8Mn6Hog5kXJl5dMb0vJOpWQ9UhmG2
+m9UUZ9847wSlbW0vMHL0puuTso0365vilPO5JkapEXcFXdc3LDxXW8BR5NHyaN3V
+mvfD/qAqe4BiBx2+WAxsolTJQ5IMjG5tIN7WE6VJdUAm6EIgbuFfvG1KiWQJLHkL
+XdTvwdUTqX9JQYswfvoCwvHRh+I2mZX+/iH5HKLcaxqW8b9JnHCtfMSBZqLdI3nG
+IBw48tRul8lbrg0mJw==
+-----END CERTIFICATE-----
+
+subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-52
+issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3
+-----BEGIN CERTIFICATE-----
+MIIEvDCCA6SgAwIBAgICASYwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx
+GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL
+EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0NzI4WhcN
+MjIxMTIzMTM0NzI4WjBdMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl
+cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEYMBYGA1UEAwwPRE9E
+IEVNQUlMIENBLTUyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw4pb
+qFZ5LPm9gcWT24lCj8yLQHYdzntTWgMqPVyveG88rA+bXiAWO6zWUsjPlYQHfxiN
+qTZemKgK8OUkVQA4oiQ59EzcNiRsZp1hy7nvDpFcW/0WJzHY5M84ThI57zRH20Ac
+iNw1DB7XmR5yJFKTFusipWgsqwWRTtpJlLGJXhTHyG6aNxP6HEXbTLAM4x/0LM9Z
+Q2yYihUufgtJYGeLapNb1pPLsPVchhJOQjLFyp3Kx9W1xfjUFftE9FQAwCBJHyC7
+tFMk6DlITy4s7ptst1nNbPYdzGmiix/P7+I702Yn8H3YbmhFD3d+fkhCXqsjio0y
+0wWFDaa6vmm3RqF1GQIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHId
+gXoWqvLczmbuRcAwHQYDVR0OBBYEFOlmDFyb4lpKsgM2NP18yab4qwc5MA4GA1Ud
+DwEB/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycw
+CwYJYIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFl
+AwIBAxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQF
+MAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwv
+RE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRw
+Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsG
+AQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEA
+dYEfuTkBoJLwzyIZ/lrxB3ECCes2zWMLe1RsRrQ3QUhkeLcqxxwG1z+UbbmWkrSS
+JS0Q1XeLRiT7P1x+ycs1Gvoy5V4CFOryb5eNaDpOclJdXOiRjOGvS0wSeSLGnT/d
+lRPrQZcoEm+DFvtSMasu/zR8DnaepKpWLvyFXwvoimvsQVvz4tOS2o4u400KLPBo
+MQbTwpDmk39wxf4Aq4m8hznf2BhAy20YH6jY08gXg0pNDVh4CZIxyF2gmE0TDXPv
+sx77lxYKW3Bx0ZxHIcfBKifjSiTrGlLeEP9LfEQdpCjJqhG/3BFy6flzwJDEHqHH
+swhN9DCJn+3xTeq25PUXPg==
+-----END CERTIFICATE-----
+
+subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-51
+issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3
+-----BEGIN CERTIFICATE-----
+MIIEvDCCA6SgAwIBAgICASUwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx
+GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL
+EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0NjQ5WhcN
+MjIxMTIzMTM0NjQ5WjBdMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl
+cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEYMBYGA1UEAwwPRE9E
+IEVNQUlMIENBLTUxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnw7P
+Taj5UGSMi8whxGpPsoChGMjVQRk1Fzp9J/mPjx/oXc2MwMahK3xpE3YB86q/SeH1
+Cv5hc9Pa99HtSF/RaHAo3frFoPnRNoPDLj6ihPGmEWwMKywUgOCnTQcGSlNqR0es
+tYrMTxti9bKE3uc0hgWibZYlukiGYg0UygYPS4+afMtzaBljiUWeQFrmCaEgeG3B
+UvX/zgNdSqtG9KX1LjqtNZB91hIDrRUNohX5xSLxPMpojC5d391u/0GfAEXeKyAy
+bPN8BdVjqJ7FlyueVKUgIAB/t/k6NO3lKEiC+QsrhrwaFI3Yme9JfRsZU8/Yhv0L
+wKeJhoz3552oT0e4PwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHId
+gXoWqvLczmbuRcAwHQYDVR0OBBYEFDXvECJsuhIPvcJNGeTOfY8FV1w0MA4GA1Ud
+DwEB/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycw
+CwYJYIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFl
+AwIBAxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQF
+MAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwv
+RE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRw
+Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsG
+AQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEA
+Y2UKHMi98mslNJ9qUBT8ZNGKim+nYkfLfBgdP136smJYYDcwUOXwHt3b1aOy4sXI
+0BkNNS6tO5fdvZ7W4/zYFouIVnImaa8hjDiJNoAi5dYKDxkB8iOWYlAP8TZwpKNy
+sbGh4EQHWWQ8wDuFcdA5/9ElnxpQ/JJzSgUOHhtGm8vrEQmmJKW0FvbGXhGydHx2
+I5GtDvGHqlpF8GFIAA5HNAaw1s5De2StEYCTS/y95naqZafCxYG62cGbHir8dp0U
+KQOUQt88tTh0TAqzcLKz1OJIoIkbfpzV6XiXuL0VSob+W0peZeqTVq+w7nWP1cNr
+44ligwwVjeF04L3sZKA54w==
+-----END CERTIFICATE-----
+
+subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-50
+issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3
+-----BEGIN CERTIFICATE-----
+MIIEvDCCA6SgAwIBAgICASQwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx
+GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL
+EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0NTAwWhcN
+MjIxMTIzMTM0NTAwWjBdMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl
+cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEYMBYGA1UEAwwPRE9E
+IEVNQUlMIENBLTUwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAorU5
+fwMKXKwK4SrttozvWb8Zx9g+7pGrzD+cbaZbISrTvNTi9MhDYASMo23nzG/ShHQM
+c0qCc10AVUqpAfwRhm9FbphD3r30SWKQsrKeObBW63iMeB6gfhg/+zScvkJxlqj6
+x5cHglMCFQfdqjgmjtcuWIGr7cDf1WQJLGfCz6ilKH/H2no0a3AyoFEAglrUyhC5
+n0IVsmyrWY4Hy9A/0xe84hl+68cJfB4VD+8A+YrUqEgspiqzocvzcuN/GNdeD9Lw
+XPqylqnF8SN0HYoHmjbimscIn86wCxARO0siWZ7hStrcbkb+cgFoY5aScdldUkni
+YI2cmRy0C5jv+wAfXwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHId
+gXoWqvLczmbuRcAwHQYDVR0OBBYEFGUKe10mGzDKLdz81nPHHsF/BIzIMA4GA1Ud
+DwEB/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycw
+CwYJYIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFl
+AwIBAxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQF
+MAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwv
+RE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRw
+Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsG
+AQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEA
+VnLKwRdYBaPnEONJnTpHoC4znIQMHBsEpQbR8P5j49IXtHRjCpl5PKRIwuAc+Ff3
+ixM3jv/G+LBi26G0ZNGZ4iI11rJ3TLxUqHT12/WXTuS91jePA/f3WIHkGBEFeRs+
+wiROXSAveyMAt1ThK9Bil7BYlLmpgfci7eiKHC6OlA7VZo4OrS03VZTlaaBaU5Te
++tX8XYQ7Kllh9LreXZ2Cks14oNBlS4vzOcZOpw1bamaEbIA13IsGyY/kF7LqSPW2
+b7Jy628ObLeU3a+0lm+nIkjH25FDvtfxD9+2qQHEpRaRclskwIGTmA/Tg/YrrS2Z
+am9RD+6E/tsgIIlQE09NEA==
+-----END CERTIFICATE-----
+
+subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-49
+issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3
+-----BEGIN CERTIFICATE-----
+MIIEvDCCA6SgAwIBAgICASMwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx
+GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL
+EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0MzE0WhcN
+MjIxMTIzMTM0MzE0WjBdMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl
+cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEYMBYGA1UEAwwPRE9E
+IEVNQUlMIENBLTQ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAus23
+xtOAbfLxPh+OS8U3N/c7ZsnTNZGki6KjnEg4EVHnUKwBB1pWLeQbZTVp01dHWlxR
+KyvANnk+8ozM8tucowx0q6fo5J/YteD9qHFAoWjJQpRB6Hvn2vvHvUbu7iAY5Pel
+0B6A0NN/lKW26tTlim6NkV1MuCcvpCGrwH0f2TOCzkDf7IPqQDvLWOjPQP9nmNMG
+nS+qCvF5F0iGFXTH1NDeI8EPvKMBQE+LgJ4PAF8eFdDo0mDE6iLfPAIXBzfYUdFk
+MS3eVpJOWPzOEYeRLcWQkORvczfxN0obxSH3TGoBLB3ubELOoiqgsTF7rLKE1Kyz
+Wrao15uoYf29O9jatQIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHId
+gXoWqvLczmbuRcAwHQYDVR0OBBYEFGlEHxqVTqUaf4g6zHsSOSwfzxoxMA4GA1Ud
+DwEB/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycw
+CwYJYIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFl
+AwIBAxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQF
+MAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwv
+RE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRw
+Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsG
+AQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEA
+XDNkaD2Gwe4ZoWklwvAvveoOYK5s8fJbjZOjI2V1tZjIP5edw8YSvLDGTqsaDlao
+28hCVhoOU0+V234p0CAGKNKID6WCR46s7uAALaaWfd4aHDzf20qYsnMrl0eKCv6F
+sUtKBkIYJBjxpoaIpudRCnSmQkxweKzCGCtjWCT2MGSJro2Q0eQWTDxnJX9/v8z7
+dZ8ddZO1zgoU1xnAx9LxdrVl6H2VcB17z6t2d5TqSLM/OnuSHT7LWqYbVJERf38D
+U0WSQ7VOp2x1SkInJqpewvi+0rl/yh97UoDZuS/GUkVIMFbpJkbcadiEGBINErRl
+R5vQZDesBpGqUxNYuIIJbA==
+-----END CERTIFICATE-----
+
+subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-40
+issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 2
+-----BEGIN CERTIFICATE-----
+MIIEuDCCA6CgAwIBAgICB8QwDQYJKoZIhvcNAQEFBQAwWzELMAkGA1UEBhMCVVMx
+GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL
+EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDIwHhcNMTUxMTA5MTQyMjU0WhcN
+MjExMTA4MTQyMjU0WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl
+cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEVMBMGA1UEAxMMRE9E
+IElEIENBLTQwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsC0FbWsI
+la6+NfHD63GReLt85F4jdzs5mlNrXkjVlXJzksaIkmlHfqAWyo6ea8ShhqwdNnXg
+PlIb7ej4RoXFqXJIwsCrxQ7rev+sCdkL5UtxOxPq40wbjV+AcjF8Qmp9xoPyImxz
+lLebWWJ8HDgJl2HSLrIFibrRFeD0t6GLsT8JhOdQmqE8wRNypZH6oDIhygX3lhBe
+RDxuK/6zLMJ+srqG8DMJFJhz0kHh36ugbJJOPLyEGxwjyEicBqk44NFcmr8YWC24
+RM28QjruqwotlsI3woCaTHkVm37fc0xmbAPg4eggxrzXn3dFQE+cw40WBLpy0d0G
+05PMAC1LKPdccwIDAQABo4IBhTCCAYEwHQYDVR0OBBYEFM1bl5X91Ceq5yXxnIfW
+8gfX0Yc+MB8GA1UdIwQYMBaAFEl0uwxeunr+AlTve6DGlcYJgHCWMBIGA1UdEwEB
+/wQIMAYBAf8CAQAwDAYDVR0kBAUwA4ABADAOBgNVHQ8BAf8EBAMCAYYwZgYDVR0g
+BF8wXTALBglghkgBZQIBCwUwCwYJYIZIAWUCAQsJMAsGCWCGSAFlAgELETALBglg
+hkgBZQIBCxIwCwYJYIZIAWUCAQsTMAwGCmCGSAFlAwIBAxowDAYKYIZIAWUDAgED
+GzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmRpc2EubWlsL2NybC9ET0RS
+T09UQ0EyLmNybDBsBggrBgEFBQcBAQRgMF4wOgYIKwYBBQUHMAKGLmh0dHA6Ly9j
+cmwuZGlzYS5taWwvaXNzdWVkdG8vRE9EUk9PVENBMl9JVC5wN2MwIAYIKwYBBQUH
+MAGGFGh0dHA6Ly9vY3NwLmRpc2EubWlsMA0GCSqGSIb3DQEBBQUAA4IBAQBFRhX2
+izaXm5Yu4omDw2mbNo59EYAaITQCcUKbK6pwkmRYICu8DsjLMVhciOgeK4fn4OFA
+mYbLXWAtgSknNc+Hugb4WFoLWSb3EKZs8ocb/fR4eJLOKoY1PuRCuozS4yZFPet8
+RFInX8l7NQ41Zyu4O4QNzmcMz4pct0E+7nOisGEjh7/29Q0UmITPek60iVGEBIzz
+skjlclPzu7+qJseMF+cIV+DU5hFtEjXZ5HPn4fS2B/Fa15vkbnA9MvkxjFYjgLa6
+Xb/3zH5yYN2b20FluCxWyWD29UKXS5vwnXVGn4d+LIt5LPXbkgYt7uxgGCIkX2ha
+hR0L51Yz9q3/sVvm
+-----END CERTIFICATE-----
+
+subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-39
+issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 2
+-----BEGIN CERTIFICATE-----
+MIIEuDCCA6CgAwIBAgICB8MwDQYJKoZIhvcNAQEFBQAwWzELMAkGA1UEBhMCVVMx
+GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL
+EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDIwHhcNMTUxMTA5MTQyMTU3WhcN
+MjExMTA4MTQyMTU3WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl
+cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEVMBMGA1UEAxMMRE9E
+IElEIENBLTM5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHukMtcV
+I9MuUvhC55JlteAPugFH0iElnuOH1uST9FQVwCueIgZEXFQ1HtQyK/N/Dt2nM89Q
+FT6lJ55kAPhJtqYpGZYdfrirxWRTNzisQI2GoDTzID9iMYxd4wTikDvuTpV4H0s1
+sU6r9UqdouRFMZ+PrClHyTji8P9PrHY6+YSSLXu76fJgfKNdDBtIGaUhTA9CMOXv
+TJGJLiZTuViJobP9hAEWtgd/8C2GIdTwbQPb/R7fsM/joH94HX59A00Q6q2COz1J
+G6LB/GqvfIGpIx2NmLx6beRDQ1OpCs3mzqUTXmfQpZD6vweTXkyIGqlEgav5yahv
+vjm2Pp7O3VjbEwIDAQABo4IBhTCCAYEwHQYDVR0OBBYEFKrDk9xwD3lROQQd5f8p
+6BbIrpPGMB8GA1UdIwQYMBaAFEl0uwxeunr+AlTve6DGlcYJgHCWMBIGA1UdEwEB
+/wQIMAYBAf8CAQAwDAYDVR0kBAUwA4ABADAOBgNVHQ8BAf8EBAMCAYYwZgYDVR0g
+BF8wXTALBglghkgBZQIBCwUwCwYJYIZIAWUCAQsJMAsGCWCGSAFlAgELETALBglg
+hkgBZQIBCxIwCwYJYIZIAWUCAQsTMAwGCmCGSAFlAwIBAxowDAYKYIZIAWUDAgED
+GzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmRpc2EubWlsL2NybC9ET0RS
+T09UQ0EyLmNybDBsBggrBgEFBQcBAQRgMF4wOgYIKwYBBQUHMAKGLmh0dHA6Ly9j
+cmwuZGlzYS5taWwvaXNzdWVkdG8vRE9EUk9PVENBMl9JVC5wN2MwIAYIKwYBBQUH
+MAGGFGh0dHA6Ly9vY3NwLmRpc2EubWlsMA0GCSqGSIb3DQEBBQUAA4IBAQCvxzdd
++7fyM+exiin8pLYIADkJ4pUEnO3xxayqEviFgD/kqy6VInSIWP+eajXsTAHQwsUi
+aV9i8ba+ejpZpkU83XgyWR873P0Vycg4o2pUdx1jhXzoMqEq/iZBvV6SEKqHRmK3
+8eZ0mzAevAE8vEfr8o1RtwoPO+4Uh6pZpBcj4NWYgL9l+CDotlKivAMIy0nN+NFJ
+4SqPWXODhmFlBsCtGY0sJWRWn9sGi0kaEU0sOyqfSnGwchTS34D7MuaDYk7Usgx3
+Sto/Cpp7scmHsVq56evon9YHVxclT3NoWKy9HHxsMIjVVAEGpXOZ05LYW6O02Eds
+oZ/0UDsa8A8aV5aL
+-----END CERTIFICATE-----
+
+subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-40
+issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 2
+-----BEGIN CERTIFICATE-----
+MIIEuzCCA6OgAwIBAgICB8IwDQYJKoZIhvcNAQEFBQAwWzELMAkGA1UEBhMCVVMx
+GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL
+EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDIwHhcNMTUxMTA5MTQxODQzWhcN
+MjExMTA4MTQxODQzWjBdMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl
+cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEYMBYGA1UEAxMPRE9E
+IEVNQUlMIENBLTQwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzNjg
+O6XMNXsXqOPEk9Q7ZmS8o3JNb1NhmvC5hpfRuA7GUDT0eFJYt0uWgMqFdSvMTrRs
+JW86RfWnuAz9dnszgUPcfimp+6LNy3yEb/NUWQXiiYCKmuDLo8YWkkfzoMIAzVH+
+Dy++wzc7lOngm5ZgDzdVuGd/QRQ880HyJ9HYnJFkMT9vXvlbYDN7HopIWJntpeaa
+tqudwm29Iz3wq6/wba8tDd6aWnOwfRfL9uCe8EGuw4xJh1uvpFfMq2N5GhUIb6kS
+q4gai+t+b2cfNJ2OIwKQnysfcO5kJne1Za4oI7GP03IDtRyygvBANOTrBnxKUhMX
+MjbCxRxNGm6/GJCz5QIDAQABo4IBhTCCAYEwHQYDVR0OBBYEFJuBtqJZi+3pgB/w
+Jz1XBT6JL7bMMB8GA1UdIwQYMBaAFEl0uwxeunr+AlTve6DGlcYJgHCWMBIGA1Ud
+EwEB/wQIMAYBAf8CAQAwDAYDVR0kBAUwA4ABADAOBgNVHQ8BAf8EBAMCAYYwZgYD
+VR0gBF8wXTALBglghkgBZQIBCwUwCwYJYIZIAWUCAQsJMAsGCWCGSAFlAgELETAL
+BglghkgBZQIBCxIwCwYJYIZIAWUCAQsTMAwGCmCGSAFlAwIBAxowDAYKYIZIAWUD
+AgEDGzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmRpc2EubWlsL2NybC9E
+T0RST09UQ0EyLmNybDBsBggrBgEFBQcBAQRgMF4wOgYIKwYBBQUHMAKGLmh0dHA6
+Ly9jcmwuZGlzYS5taWwvaXNzdWVkdG8vRE9EUk9PVENBMl9JVC5wN2MwIAYIKwYB
+BQUHMAGGFGh0dHA6Ly9vY3NwLmRpc2EubWlsMA0GCSqGSIb3DQEBBQUAA4IBAQAv
+ty5uG7qcbmzT2hU1riC3WUF7fYN6qCRBGRe1beziZqr7NWsJYUWDu9iIvHTRsXdI
+SgYgtqseBl9zCmY49iyXWBOs26RF6CyVOOi9cDPMzzuXHfsrFRrlgotvgI/IxJkt
+DH41GbkFmx/yZXkCd8wEM5Ud7Gy61zquEvD1qsYM8qUuDCcT0sB70njKQ+ETKQBW
+uQdqRDyUSHbnFZaHS8/uGpCL93ie9vVRJEBuGl0fgJXblXDcJsM0YOVgLImGCxnk
+lfWCaIA7QtkWmd249PPR+KgM0WW+QXHLEsULo5iUrZxOgPUoo4auLR/Alk4KFmql
+8AJej2z9iMmg6Jb1BbG1
+-----END CERTIFICATE-----
+
+subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-39
+issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 2
+-----BEGIN CERTIFICATE-----
+MIIEuzCCA6OgAwIBAgICB8EwDQYJKoZIhvcNAQEFBQAwWzELMAkGA1UEBhMCVVMx
+GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL
+EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDIwHhcNMTUxMTA5MTQxNDQ3WhcN
+MjExMTA4MTQxNDQ3WjBdMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl
+cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEYMBYGA1UEAxMPRE9E
+IEVNQUlMIENBLTM5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/Gg
+vdig7X8ajfgi1iqHWM3n+GGoqt9cQwGfORbowgjHwIDb7tNQqMPRG2pVYSlST5nl
+Nkoe+XRTI/vhExMRYvTDkBmxcFpHAmi4lVFeYHfGYvYn7Ai9SndbTlK4G8tx9BPu
+rYjrI7z+TYdlNfcxcqU9Zus3L7VSjo4Nz/oGu1QPdZ3e5W27mrBrGVodhYrGd9zb
+vclzDGKpANfrrF6Wm0/t07/j2opYuXDrp3CSVPgHXRCLueDJ+xyIth8oZ/uq7l1u
+O2a+4xixCQpuGnTjVfBkC19jSG8WylKn8crduVPLCmRTp65IXgTBAV6gpjta1veA
+8+hFLGswsSKzVTy2YwIDAQABo4IBhTCCAYEwHQYDVR0OBBYEFKyd+MRMc6BDXwgl
+fUYPZRvLoLCAMB8GA1UdIwQYMBaAFEl0uwxeunr+AlTve6DGlcYJgHCWMBIGA1Ud
+EwEB/wQIMAYBAf8CAQAwDAYDVR0kBAUwA4ABADAOBgNVHQ8BAf8EBAMCAYYwZgYD
+VR0gBF8wXTALBglghkgBZQIBCwUwCwYJYIZIAWUCAQsJMAsGCWCGSAFlAgELETAL
+BglghkgBZQIBCxIwCwYJYIZIAWUCAQsTMAwGCmCGSAFlAwIBAxowDAYKYIZIAWUD
+AgEDGzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmRpc2EubWlsL2NybC9E
+T0RST09UQ0EyLmNybDBsBggrBgEFBQcBAQRgMF4wOgYIKwYBBQUHMAKGLmh0dHA6
+Ly9jcmwuZGlzYS5taWwvaXNzdWVkdG8vRE9EUk9PVENBMl9JVC5wN2MwIAYIKwYB
+BQUHMAGGFGh0dHA6Ly9vY3NwLmRpc2EubWlsMA0GCSqGSIb3DQEBBQUAA4IBAQCa
+8QoBL1IVhci+xe1rnO2hJlMnKKWwsRXmxC0qq+sSqdEcq0hmwDFlQeKyI7hByp60
+9J+i5yhu5ebOHGsQuU71/ENMAMOczUYt+MYJocGcwe1g1b/XZtZshgo9N6Gwrlny
+WFwbr5CnX6yswooBmUl0xdYvcd/ZZ6/5djuVUu4n6/bIwbWcqkkyEDPGGFNXxenT
+DuS3BgRAaggyMcNhQNdH3gcc8DbQ57lB57uBNO0cHcaVa2Nk+TGt3eRoLTeqNHoS
+4ZQbg9v4OhAZJtwhKydCtxZAcHcxL2qFXMiT2ots/NmWZyS3sJqSgWcz77a2xREb
+is7L2sM8/f9lDnpymyuz
+-----END CERTIFICATE-----
+
+subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID SW CA-36
+issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 2
+-----BEGIN CERTIFICATE-----
+MIIEuzCCA6OgAwIBAgICB6EwDQYJKoZIhvcNAQEFBQAwWzELMAkGA1UEBhMCVVMx
+GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL
+EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDIwHhcNMTUwOTIzMTM0NDQyWhcN
+MjEwOTIyMTM0NDQyWjBdMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl
+cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEYMBYGA1UEAxMPRE9E
+IElEIFNXIENBLTM2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtnkW
+Y6AlD+M3jiVf9vhsodsLFGnoiYi3dQoseibOrPSU555Ft/5GHGmj+nCXW9twRmGp
+AckwzWakNR6nyDh56c5OhJxWKEg594B2i9SBmTXicTzBPa3tZNoJh6Ml6/Ofch+G
+XR9u/FFdDWs7ubEF2K7u82MQUsYif+tePRAssI0CToGPF5SPw3+CcijFwY73JFFy
+my55gZtb9jiEEp1aWrIgJ9nJczyWbFOV15I5tZPQiWlaXq0BGFh1hJiTGhgGs3fZ
+H+yqMmOL91Msb9u99TAr4R4A6yDV/s313JkV4kWIJ1CNSPZHsXOY5WXj6zq/CDhM
+JqozUbreJREFadAfwwIDAQABo4IBhTCCAYEwHQYDVR0OBBYEFGcaNjy6u2+FA+cj
+iK3FZ5ClTLqEMB8GA1UdIwQYMBaAFEl0uwxeunr+AlTve6DGlcYJgHCWMBIGA1Ud
+EwEB/wQIMAYBAf8CAQAwDAYDVR0kBAUwA4ABADAOBgNVHQ8BAf8EBAMCAYYwZgYD
+VR0gBF8wXTALBglghkgBZQIBCwUwCwYJYIZIAWUCAQsJMAsGCWCGSAFlAgELETAL
+BglghkgBZQIBCxIwCwYJYIZIAWUCAQsTMAwGCmCGSAFlAwIBAxowDAYKYIZIAWUD
+AgEDGzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmRpc2EubWlsL2NybC9E
+T0RST09UQ0EyLmNybDBsBggrBgEFBQcBAQRgMF4wOgYIKwYBBQUHMAKGLmh0dHA6
+Ly9jcmwuZGlzYS5taWwvaXNzdWVkdG8vRE9EUk9PVENBMl9JVC5wN2MwIAYIKwYB
+BQUHMAGGFGh0dHA6Ly9vY3NwLmRpc2EubWlsMA0GCSqGSIb3DQEBBQUAA4IBAQB7
+r4RGlVKvdqeCAoErpvW10WRPIn4mmMJbOwzwfgLPzGKvnNQR0CWPWgb8Y7QZYtIT
+cbBcWE8awZwB+OWDgTOoxrD0+euOw2CvZg36Z0P7mbS4IF6ElxDd/tzw5Hqr8vkw
+hH/F2f6k7+tRznt4+cMQwJmIDKGwoZ+3Atd7CKcouBzXZLcNEbbohJF5z54EYwRU
+J5agPcnTZMBDkQfSs9ku1nPrGQfATEBybLTAe31untM6oMzMHw8PYn3Sh7xWTCDG
+SFSnPYhzlNKdMb8BKi3spVOxt6t3VHzNXDo8FXRbNpBY/fS7RAmHPPrz5pa9KNtJ
+cKENmIqQ5QbjB/P8UX3i
+-----END CERTIFICATE-----
+
+subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-34
+issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 2
+-----BEGIN CERTIFICATE-----
+MIIEuzCCA6OgAwIBAgICB6AwDQYJKoZIhvcNAQEFBQAwWzELMAkGA1UEBhMCVVMx
+GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL
+EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDIwHhcNMTUwOTIzMTM0MTU0WhcN
+MjEwOTIyMTM0MTU0WjBdMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl
+cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEYMBYGA1UEAxMPRE9E
+IEVNQUlMIENBLTM0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl9rP
+JyF3FMlTkbUCbyRbHPGfd9K7RKdmnCE257ehsNm7nM7Q9zxc8SpbTSDbOaP3Wqov
+S5bmsSE+leWR/MhTGV4VMKztZmkGea8WYd5zooz+OrmfuoxEoCy5Ciya+RT+wLOw
+H0ApD4doIkrkZd2Q2ZJeL/8pDDj1hPAMLpTfJbekNsQ3hsWnKp7AWVsliY4lR8u0
+RYmX4LHYM5hN+qf6uiOLK6U/pcXcyRa3ymxiqq0gkVKqzybqKjlF4JucUU9zTc/R
+cm2XSQEFl5niGI1YRRcrwGdl88TEYqcD8LfqAfKtVHvKy6nQ49L2S8qXQi7p9DmB
+bGf0c9gZFxG2SAo19wIDAQABo4IBhTCCAYEwHQYDVR0OBBYEFA+GWX7j+ucT+zE7
+wTkMfGCLQMLdMB8GA1UdIwQYMBaAFEl0uwxeunr+AlTve6DGlcYJgHCWMBIGA1Ud
+EwEB/wQIMAYBAf8CAQAwDAYDVR0kBAUwA4ABADAOBgNVHQ8BAf8EBAMCAYYwZgYD
+VR0gBF8wXTALBglghkgBZQIBCwUwCwYJYIZIAWUCAQsJMAsGCWCGSAFlAgELETAL
+BglghkgBZQIBCxIwCwYJYIZIAWUCAQsTMAwGCmCGSAFlAwIBAxowDAYKYIZIAWUD
+AgEDGzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmRpc2EubWlsL2NybC9E
+T0RST09UQ0EyLmNybDBsBggrBgEFBQcBAQRgMF4wOgYIKwYBBQUHMAKGLmh0dHA6
+Ly9jcmwuZGlzYS5taWwvaXNzdWVkdG8vRE9EUk9PVENBMl9JVC5wN2MwIAYIKwYB
+BQUHMAGGFGh0dHA6Ly9vY3NwLmRpc2EubWlsMA0GCSqGSIb3DQEBBQUAA4IBAQBU
+9C9y03/5bT/I09cfBTJDhgP5zoFm45xTzfA47ENg9zj7VntEUG9KH4lkgnIxrD+p
+hx5kGZgpxK218MWlQKWutYtrFeeS+RBisyVEGEtF2JjYEmQ4dUAOfVEy2iE/6jlg
+7JWB3nPNCVYjWsvYAwrtciclM/xdAbuBm1valn5TFGwp3UQNMfkbiYs6luVubPmO
+760ruzCJyDwcOopbraZJ3BNqMVbPHL68axpk8mKE83k6WgqMYIEsolA2F95OSPuB
++3jjC6U0fehSz5Ud4xmFdFV4AiW6mgCYy1RZxwPO7HovxjRs+tg8UtwcOjnVBPpM
+5Qh8+8BEUs7sjKlow1tH
+-----END CERTIFICATE-----
+
+subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-34
+issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 2
+-----BEGIN CERTIFICATE-----
+MIIEuDCCA6CgAwIBAgICB58wDQYJKoZIhvcNAQEFBQAwWzELMAkGA1UEBhMCVVMx
+GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL
+EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDIwHhcNMTUwOTIzMTM0MDMwWhcN
+MjEwOTIyMTM0MDMwWjBaMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl
+cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEVMBMGA1UEAxMMRE9E
+IElEIENBLTM0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz7At/wMM
+qpI56sRrQlphyt7hTUYitQma2jYHROcUqaROcqW7Q+sZQuH5lENLlRP6xd/mIYac
++w390E2kPbMQwA46yb399LTve7pJoeukdfNUhgLtBJ1R9Kg3IRJhgr8J9vnY5m5S
+y+MsGKhwA5XHcGtJtC0NiKYuxnqZpHpa4pDHNFaRQFl+nka12K15qxPgyf6+ro4m
+LHJcD2Mk/KE82ETlBgI5TRxxSVLeO9PnFPcNyLMxD2IKe/1zdoHTpDU6lIEjln2v
+22QN2Ibr1HBwOACwITWeMMr9tUg2fQtIBzLkybJbWxgo9J5kPpoqQih2Eo6ZKky5
+dSdcuOQrwr2OYwIDAQABo4IBhTCCAYEwHQYDVR0OBBYEFBgkTL1Wlo/EyOP9BWWL
+mIjjiHDGMB8GA1UdIwQYMBaAFEl0uwxeunr+AlTve6DGlcYJgHCWMBIGA1UdEwEB
+/wQIMAYBAf8CAQAwDAYDVR0kBAUwA4ABADAOBgNVHQ8BAf8EBAMCAYYwZgYDVR0g
+BF8wXTALBglghkgBZQIBCwUwCwYJYIZIAWUCAQsJMAsGCWCGSAFlAgELETALBglg
+hkgBZQIBCxIwCwYJYIZIAWUCAQsTMAwGCmCGSAFlAwIBAxowDAYKYIZIAWUDAgED
+GzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmRpc2EubWlsL2NybC9ET0RS
+T09UQ0EyLmNybDBsBggrBgEFBQcBAQRgMF4wOgYIKwYBBQUHMAKGLmh0dHA6Ly9j
+cmwuZGlzYS5taWwvaXNzdWVkdG8vRE9EUk9PVENBMl9JVC5wN2MwIAYIKwYBBQUH
+MAGGFGh0dHA6Ly9vY3NwLmRpc2EubWlsMA0GCSqGSIb3DQEBBQUAA4IBAQAGxypr
+9mbQvdY2thCJ3ANDuIn1MK8IhiX3We5joBshmTcfh71DFKsNvUps4BPdjfNGcHng
+CTlgHwe4MEsNzUpSkD3e2nm7jPriXh4tRL5RJFEK6yxDL+k3LTL0c/gVjjhsnZoi
+mr2a8JoWyDUVdUJmHly4M6GtDWw2l6CiEro3Lv3pEuURrgE+demq3WMhb5IZw7+N
+Zi4GapdONX/a+e3028H9KVOC2IbfH9FZGhL96g5YtASd+twKydAen61NE49wYZqZ
+rn0E2PywQSqZjiuiEM9F3QNzGVd9geux4TIYvzyQl0ywWkimZlCQPkQUe/hOUdZW
+MFJfAy8EW8z4XsPc
+-----END CERTIFICATE-----
+
+subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID SW CA-35
+issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 2
+-----BEGIN CERTIFICATE-----
+MIIEuzCCA6OgAwIBAgICB54wDQYJKoZIhvcNAQEFBQAwWzELMAkGA1UEBhMCVVMx
+GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL
+EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDIwHhcNMTUwOTIzMTMzNzUwWhcN
+MjEwOTIyMTMzNzUwWjBdMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl
+cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEYMBYGA1UEAxMPRE9E
+IElEIFNXIENBLTM1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAivXY
+eDP8GJB+ao4zla/UEtJDKEflwOSda8kGxkfbz9mMLQFB0iamHa+g/ldgulIUr/pr
+upUb959Q2i26GrWHRozgWniOdLU6/X4ZQnic2cM8ejit9TK45jGmr9Krk7+Gvt+i
+XtDHTVAQKyVJOKBZyexFE/zBeGjEv5d4tnLy2rjqrgfskXTAYTBJfOkJvHogmuP2
+hrMcEkC/b6LYAAFy7obVdmZcv7B9c4brzml6ZdW/Hjp/S9Z+qY+WnDr+hnbN0Oc+
+qxAaxZxY7kMBMBCEMXH9wBnGFEVQ0CFW918zYKXaIDizkcMCC7GlORKGnQh3gxKn
+r7NOc5mSlVK6W5az9wIDAQABo4IBhTCCAYEwHQYDVR0OBBYEFN7CRmPJB/WsEhyq
+mREdH+pT5lQyMB8GA1UdIwQYMBaAFEl0uwxeunr+AlTve6DGlcYJgHCWMBIGA1Ud
+EwEB/wQIMAYBAf8CAQAwDAYDVR0kBAUwA4ABADAOBgNVHQ8BAf8EBAMCAYYwZgYD
+VR0gBF8wXTALBglghkgBZQIBCwUwCwYJYIZIAWUCAQsJMAsGCWCGSAFlAgELETAL
+BglghkgBZQIBCxIwCwYJYIZIAWUCAQsTMAwGCmCGSAFlAwIBAxowDAYKYIZIAWUD
+AgEDGzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmRpc2EubWlsL2NybC9E
+T0RST09UQ0EyLmNybDBsBggrBgEFBQcBAQRgMF4wOgYIKwYBBQUHMAKGLmh0dHA6
+Ly9jcmwuZGlzYS5taWwvaXNzdWVkdG8vRE9EUk9PVENBMl9JVC5wN2MwIAYIKwYB
+BQUHMAGGFGh0dHA6Ly9vY3NwLmRpc2EubWlsMA0GCSqGSIb3DQEBBQUAA4IBAQCW
+F8rvKyx7YtnMtonV/LyPXUHpCnFbGeg8drZ7qNKLVxxLraVBSs6rQz1XiKTcyzpu
+zYfPyDIHvxaugkJg3cL/oruKJ3GZ/wxQdNzcljfhAcpuz0BCv3nGzHy2khAoFbds
+ZbjTeeP189okGF8hV9Wv0jImfvgAyQJV4Sve7KBQvwwBJRRLA92WTPmkbSi/LtO7
+2FyOiuoaRA68xmptPiL1xjap0fHJfovs6imAGl8DuVERDsuPiNoQzsDDkPaNQ9j+
+/sAFszlaatFIBKTmZ0hWk9PHnSLb5vlP1zyFJuUSK6Ab5s0jWUFed/YGCPalQSys
+aBRL9SJlA8HhG84Ywl2q
+-----END CERTIFICATE-----
+
+subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-33
+issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 2
+-----BEGIN CERTIFICATE-----
+MIIEuzCCA6OgAwIBAgICB50wDQYJKoZIhvcNAQEFBQAwWzELMAkGA1UEBhMCVVMx
+GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL
+EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDIwHhcNMTUwOTIzMTMzNDU3WhcN
+MjEwOTIyMTMzNDU3WjBdMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl
+cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEYMBYGA1UEAxMPRE9E
+IEVNQUlMIENBLTMzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwSKS
+bVjWCG5J6MNxhYf1FAiXnHuZFVMZ0b3XTV9rE944yOfKBGT76dCBIAvegMB2HqB2
+ijX/ME5JB6o/YKHHq1DfWTKKiBc++0Pu2L/5EGQfqMMEr7e44hmydzjVrIfM+1/s
+wV8C+kTqDtK6CnQio/E4sKnALwcMKi6QhdNotGRuHPQzYFvu3CXWhekic6hD4rFK
+jKKhi92f00nMGs2uKtkHZZ/zfqZqi0B1ngDMIO2nklz8MIlHtuyy6aVe1kjd7j/z
+7rYBISC0u7MtH7nDWXTS9H/jer7/NPH6Jv84euHwYZoiW+XJsV+n39N6fUz6A3DH
+VEjdltOveeCBC1LI8QIDAQABo4IBhTCCAYEwHQYDVR0OBBYEFBVlzf0tkBZKr/w4
+lwDc6kOw3yCXMB8GA1UdIwQYMBaAFEl0uwxeunr+AlTve6DGlcYJgHCWMBIGA1Ud
+EwEB/wQIMAYBAf8CAQAwDAYDVR0kBAUwA4ABADAOBgNVHQ8BAf8EBAMCAYYwZgYD
+VR0gBF8wXTALBglghkgBZQIBCwUwCwYJYIZIAWUCAQsJMAsGCWCGSAFlAgELETAL
+BglghkgBZQIBCxIwCwYJYIZIAWUCAQsTMAwGCmCGSAFlAwIBAxowDAYKYIZIAWUD
+AgEDGzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmRpc2EubWlsL2NybC9E
+T0RST09UQ0EyLmNybDBsBggrBgEFBQcBAQRgMF4wOgYIKwYBBQUHMAKGLmh0dHA6
+Ly9jcmwuZGlzYS5taWwvaXNzdWVkdG8vRE9EUk9PVENBMl9JVC5wN2MwIAYIKwYB
+BQUHMAGGFGh0dHA6Ly9vY3NwLmRpc2EubWlsMA0GCSqGSIb3DQEBBQUAA4IBAQA0
+aN8RNdEAXOx0WqWKmJoBt2y8LJv1EYbhSWoUP+U0OLTPpkrz0nH4/vR/EYtpkbHV
+KOAlXWzlyCigMI8spRUKuAtpyq4BFE4kppL8jBc977oLPTFu/Xw+Hw1U2W07fL8n
+VbxxYQZltrMu6yYztK/GuNpXnSWD17ZgtypvkefzttygHUfyVTqMsYBpYWncSu9E
+ju6VtYJVikCqDfevloX6tX+4pUPsyyxkUMe0xm8YvO4iN/OX3ABW0IGPtGxhIMWz
+/aE9BFtgUY45gnpcAagoqN8I1FYq+zaeflPb0h3yevoypAzRqAt3FftEXDHlcEdj
+P6LrZrEWHn3iSLihEODb
+-----END CERTIFICATE-----
+
+subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-33
+issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 2
+-----BEGIN CERTIFICATE-----
+MIIEuDCCA6CgAwIBAgICB5wwDQYJKoZIhvcNAQEFBQAwWzELMAkGA1UEBhMCVVMx
+GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL
+EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDIwHhcNMTUwOTIzMTMzMjMyWhcN
+MjEwOTIyMTMzMjMyWjBaMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl
+cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEVMBMGA1UEAxMMRE9E
+IElEIENBLTMzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx3397Vyy
+U8iwnti8z0835m6o5N6b9ZbPg2AwbGZsBHEA0aW9LrgWqVNdRrFN+L73IVfYhrpd
+B9SO72ZGsBfekTPAK4/g0WPwoxDeO+jpBDDbrp/mOrxWlZseY6jpSvETmYdBHuql
+dnh+HbnuM7/c863NrUHZvq9T5+wEJekvhJOkta92+WPQhTmoRGDz/C0k7EYVIxWB
+XqNDSqbb4eT+9kavdZKMuALhV/Qvij1UC7EyxYGT5GPclNvCDtRxmo397vmiZMpr
+LuXqy8DJNnQmQfRSEknYRG13+UAQsYs2GmBc2M7nUXhzmfmAjG3DQNs7F6D0mwym
+PurM27FE6rQx8wIDAQABo4IBhTCCAYEwHQYDVR0OBBYEFC2O2dSD8uKQjEufb/lG
+52pLzbwnMB8GA1UdIwQYMBaAFEl0uwxeunr+AlTve6DGlcYJgHCWMBIGA1UdEwEB
+/wQIMAYBAf8CAQAwDAYDVR0kBAUwA4ABADAOBgNVHQ8BAf8EBAMCAYYwZgYDVR0g
+BF8wXTALBglghkgBZQIBCwUwCwYJYIZIAWUCAQsJMAsGCWCGSAFlAgELETALBglg
+hkgBZQIBCxIwCwYJYIZIAWUCAQsTMAwGCmCGSAFlAwIBAxowDAYKYIZIAWUDAgED
+GzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmRpc2EubWlsL2NybC9ET0RS
+T09UQ0EyLmNybDBsBggrBgEFBQcBAQRgMF4wOgYIKwYBBQUHMAKGLmh0dHA6Ly9j
+cmwuZGlzYS5taWwvaXNzdWVkdG8vRE9EUk9PVENBMl9JVC5wN2MwIAYIKwYBBQUH
+MAGGFGh0dHA6Ly9vY3NwLmRpc2EubWlsMA0GCSqGSIb3DQEBBQUAA4IBAQCzqB2z
+CqvPEhgEgFD9/ebtFDm6a3c5JtW+1GRgvw2Bm0rVQ3NNecr+C1YnwTv4fut+75rd
+a2R77MDyszJYzM6i0nO6f30xm5dGKPgGS7HiPD3Ph47XLY/N+cuAj0mowXCOWK56
+n0uvXU5DKxrAeqlbaUOYakyCw67Pzz+FBNSWlTxrjEkG8rqzUIY7VXX8MtectJ65
+rahntartTt+gsOzECELWFwoRvPzV7pUrY9VSnKR8sjusnxK4J/b0cRk2RblXUe3G
+Un9fXfDDnUQ3CgQtbScfDWOeAbPJdLYWW75YSzsyW03amrOi2aBJZU1E+7hvJkm7
+cw8ckAW5tJD5SRim
+-----END CERTIFICATE-----
+
+subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 2
+issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 2
+-----BEGIN CERTIFICATE-----
+MIIDcDCCAligAwIBAgIBBTANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQGEwJVUzEY
+MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsT
+A1BLSTEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgMjAeFw0wNDEyMTMxNTAwMTBaFw0y
+OTEyMDUxNTAwMTBaMFsxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVy
+bm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRYwFAYDVQQDEw1Eb0Qg
+Um9vdCBDQSAyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwCzB9o07
+rP8/PNZxvrh0IgfscEEV/KtA4weqwcPYn/7aTDq/P8jYKHtLNgHArEUlw9IOCo+F
+GGQQPRoTcCpvjtfcjZOzQQ84Ic2tq8I9KgXTVxE3Dc2MUfmT48xGSSGOFLTNyxQ+
+OM1yMe6rEvJl6jQuVl3/7mN1y226kTT8nvP0LRy+UMRC31mI/2qz+qhsPctWcXEF
+lrufgOWARVlnQbDrw61gpIB1BhecDvRD4JkOG/t/9bPMsoGCsf0ywbi+QaRktWA6
+WlEwjM7eQSwZR1xJEGS5dKmHQa99brrBuKG/ZTE6BGf5tbuOkooAY7ix5ow4X4P/
+UNU7ol1rshDMYwIDAQABoz8wPTAdBgNVHQ4EFgQUSXS7DF66ev4CVO97oMaVxgmA
+cJYwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
+ggEBAJiRjT+JyLv1wGlzKTs1rLqzCHY9cAmS6YREIQF9FHYb7lFsHY0VNy17MWn0
+mkS4r0bMNPojywMnGdKDIXUr5+AbmSbchECV6KjSzPZYXGbvP0qXEIIdugqi3VsG
+K52nZE7rLgE1pLQ/E61V5NVzqGmbEfGY8jEeb0DU+HifjpGgb3AEkGaqBivO4XqS
+tX3h4NGW56E6LcyxnR8FRO2HmdNNGnA5wQQM5X7Z8a/XIA7xInolpHOZzD+kByeW
+qKKV7YK5FtOeC4fCwfKI9WLfaN/HvGlR7bFc3FRUKQ8JOZqsA8HbDE2ubwp6Fknx
+v5HSOJTT9pUst2zJQraNypCNhdk=
+-----END CERTIFICATE-----
+
+subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-32
+issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 2
+-----BEGIN CERTIFICATE-----
+MIIFUjCCBDqgAwIBAgICA6IwDQYJKoZIhvcNAQEFBQAwWzELMAkGA1UEBhMCVVMx
+GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL
+EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDIwHhcNMTMwMjA0MjA0ODEyWhcN
+MTkwMjA0MjA0ODEyWjBdMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl
+cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEYMBYGA1UEAxMPRE9E
+IEVNQUlMIENBLTMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/qq
+hsqKGhsDTnFtQbbZZZpu/zYqPwLTfJVliFqk969jt1LHGvu7lXMHQmGLSqZ76VYH
+NhuqNwIgHKTO+7bQaav8OEzI20ZW96JefucxtO7B/81kv3mCQSt30vh9q0yP98Ye
+PPiOLz0Ug9qSmAnY0MZaWTaLh6KJ3b5KXsvNtkd+QaYJVGxBlnRbBsPUwS5GfV42
+342iRnGsSrrEsffJFwov3aPshCHPqAXqueMub59+fbsdFnVPkh0D5hE4mDZ6odQA
+PK0QWK8VxzZL4zubTbW0kL6tq9PAhLP83BWICYwRUFAv5HDstwquSlPiNsQFboB1
+Eo03RvJLDDgcSR+sgwIDAQABo4ICHDCCAhgwHQYDVR0OBBYEFAqwqjhWR3sWfb6r
+k5a8VN2F++0sMB8GA1UdIwQYMBaAFEl0uwxeunr+AlTve6DGlcYJgHCWMBIGA1Ud
+EwEB/wQIMAYBAf8CAQAwDAYDVR0kBAUwA4ABADAOBgNVHQ8BAf8EBAMCAYYwZgYD
+VR0gBF8wXTALBglghkgBZQIBCwUwCwYJYIZIAWUCAQsJMAsGCWCGSAFlAgELETAL
+BglghkgBZQIBCxIwCwYJYIZIAWUCAQsTMAwGCmCGSAFlAwIBAxowDAYKYIZIAWUD
+AgEDGzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmRpc2EubWlsL2NybC9E
+T0RST09UQ0EyLmNybDCCAQEGCCsGAQUFBwEBBIH0MIHxMDoGCCsGAQUFBzAChi5o
+dHRwOi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTJfSVQucDdjMCAG
+CCsGAQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDCBkAYIKwYBBQUHMAKGgYNs
+ZGFwOi8vY3JsLmdkcy5kaXNhLm1pbC9jbiUzZERvRCUyMFJvb3QlMjBDQSUyMDIl
+MmNvdSUzZFBLSSUyY291JTNkRG9EJTJjbyUzZFUuUy4lMjBHb3Zlcm5tZW50JTJj
+YyUzZFVTP2Nyb3NzQ2VydGlmaWNhdGVQYWlyO2JpbmFyeTANBgkqhkiG9w0BAQUF
+AAOCAQEAD72PR/+5yb1D5c6+tfM5y0UWWaPftlIkPAlVS9m/lXq9dtngMIfNSqmj
+LZ7ZKATGlq4BFIDQJVbxWANV79KoIlKrge8A/q/HSdKMIC6kcYH3JssOpW3VQXd7
+LTO7m7N8nD89/8LuefKJChCMkHRdNGdwvgL+gEYZB859L5aoxBPQ758psTSpuYyl
+iTSzjD5H+GaMkdHuq8HqcYXJX7Cp7tsA1DAqQs5XYxAiMKichkESXb5QfBP66yhz
+X3IziV9/DWikPf0WJugKk/57H4aBgCe+Z3GGG33Hb7epcQHGY7NzfQFrMyLteYmK
+DuZyAnM3P8sxge2k+wtqO1KEukz3jg==
+-----END CERTIFICATE-----
+
+subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD CA-32
+issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 2
+-----BEGIN CERTIFICATE-----
+MIIFTDCCBDSgAwIBAgICA6EwDQYJKoZIhvcNAQEFBQAwWzELMAkGA1UEBhMCVVMx
+GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL
+EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDIwHhcNMTMwMjA0MjA0NDA1WhcN
+MTkwMjA0MjA0NDA1WjBXMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl
+cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTESMBAGA1UEAxMJRE9E
+IENBLTMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+KVHZM2LSWl
+Dv146e/qk9E6ydhXvRnf0cei0ejZ/dKOFajdvT5k9Lb+nAPfS7Blt6sEGDIZbBMB
+UtHmtchBEre+O8tNQBCIyp62/TV3bSb2ZK0RhwypJXpYn7C9mPaTXxvv77KXrfgV
+59zmoGp1DVHfVR1oQVJJLsecaFdWR4/e9lIugW9WvAaJEpSfI70/gceGAnUwXjOh
+3OETu/15VgE8Shn0LOuQZGTX6AovUYbVCJuE+/npi0LKZdKQBxyCl4xEI1cGLHVp
+KHCy7T5M1eOWdxX9upXPW5ZpAnfWgNmPhynj5wV2r8qNEmA0cseznThuTJYynpA1
+rXWL0WJACQIDAQABo4ICHDCCAhgwHQYDVR0OBBYEFC/Kk1MDrG919Xb6vv6O6hCL
+t+eQMB8GA1UdIwQYMBaAFEl0uwxeunr+AlTve6DGlcYJgHCWMBIGA1UdEwEB/wQI
+MAYBAf8CAQAwDAYDVR0kBAUwA4ABADAOBgNVHQ8BAf8EBAMCAYYwZgYDVR0gBF8w
+XTALBglghkgBZQIBCwUwCwYJYIZIAWUCAQsJMAsGCWCGSAFlAgELETALBglghkgB
+ZQIBCxIwCwYJYIZIAWUCAQsTMAwGCmCGSAFlAwIBAxowDAYKYIZIAWUDAgEDGzA3
+BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmRpc2EubWlsL2NybC9ET0RST09U
+Q0EyLmNybDCCAQEGCCsGAQUFBwEBBIH0MIHxMDoGCCsGAQUFBzAChi5odHRwOi8v
+Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTJfSVQucDdjMCAGCCsGAQUF
+BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDCBkAYIKwYBBQUHMAKGgYNsZGFwOi8v
+Y3JsLmdkcy5kaXNhLm1pbC9jbiUzZERvRCUyMFJvb3QlMjBDQSUyMDIlMmNvdSUz
+ZFBLSSUyY291JTNkRG9EJTJjbyUzZFUuUy4lMjBHb3Zlcm5tZW50JTJjYyUzZFVT
+P2Nyb3NzQ2VydGlmaWNhdGVQYWlyO2JpbmFyeTANBgkqhkiG9w0BAQUFAAOCAQEA
+MI3VVmO9mQaLTbbSDgO5xoTSm3dBGojS/8Pa4uZnYb3Zeu04OV6rC1g0+droYnmv
+OXLzSqfjTjkQzenSCOrUnpqnNTWTkwJZ4kwAHPP8ayFTSoxh52HL0EYL0T+cafXv
+UIrwQLMrVloda2JZBbOPJxgFCkNbAu/dUl5bwKkcVuOVbJdPAYNWcl3XfVHjWlQu
+uJj9ck4lj4sW0bDhM+OSfBBVMyRmrw8zBlNIA4eftGR0tdI9InK30Y43ERM5357n
+0AwLilkRMmX/9rlGvT82nqeUAFfwwBnhLNxM9y9MkB1D764I43OeOr+Z7CK5B1iu
+2TVSS1G7gTaPn24hCqaOhw==
+-----END CERTIFICATE-----
+
+subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-31
+issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 2
+-----BEGIN CERTIFICATE-----
+MIIFUjCCBDqgAwIBAgICA58wDQYJKoZIhvcNAQEFBQAwWzELMAkGA1UEBhMCVVMx
+GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL
+EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDIwHhcNMTMwMTE2MTQ1MjQzWhcN
+MTkwMTE2MTQ1MjQzWjBdMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl
+cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEYMBYGA1UEAxMPRE9E
+IEVNQUlMIENBLTMxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6K4C
+LEBMOlLoi3OStHfnOEvA8KpKGFzH9zXDSvDwlnell74n78REIYDqFjS3MNFEOH8q
+zgTGkWWpblB8yE7+vcC1SxbkOFIV27O391M98rEH25FmXcG38ndmxFGaY5QRSwId
+DUt8swBHB3kY+nizkx/Udm2ZBMUeNkb8BjQL42hvHnyfLM9huEv/tN8Gn6BflF7r
+Nf8JXTVAB/Kd7ZYJ2Xbq/m4x/sv0ResweEhobKEpPoZ9k0FK6ucMTOWRUCqlQ2a8
+IsD8Gyzk8y9iHgTUIb+sHyZ3NdAdvOK7RsLy6+QUrviza7P6cTiwcSnt0Ysb1wIb
+3srsfu6h3Eil8T6UqQIDAQABo4ICHDCCAhgwHQYDVR0OBBYEFIbxW2hv3TDzlIJo
+1Ez3RB24ymiBMB8GA1UdIwQYMBaAFEl0uwxeunr+AlTve6DGlcYJgHCWMBIGA1Ud
+EwEB/wQIMAYBAf8CAQAwDAYDVR0kBAUwA4ABADAOBgNVHQ8BAf8EBAMCAYYwZgYD
+VR0gBF8wXTALBglghkgBZQIBCwUwCwYJYIZIAWUCAQsJMAsGCWCGSAFlAgELETAL
+BglghkgBZQIBCxIwCwYJYIZIAWUCAQsTMAwGCmCGSAFlAwIBAxowDAYKYIZIAWUD
+AgEDGzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmRpc2EubWlsL2NybC9E
+T0RST09UQ0EyLmNybDCCAQEGCCsGAQUFBwEBBIH0MIHxMDoGCCsGAQUFBzAChi5o
+dHRwOi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTJfSVQucDdjMCAG
+CCsGAQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDCBkAYIKwYBBQUHMAKGgYNs
+ZGFwOi8vY3JsLmdkcy5kaXNhLm1pbC9jbiUzZERvRCUyMFJvb3QlMjBDQSUyMDIl
+MmNvdSUzZFBLSSUyY291JTNkRG9EJTJjbyUzZFUuUy4lMjBHb3Zlcm5tZW50JTJj
+YyUzZFVTP2Nyb3NzQ2VydGlmaWNhdGVQYWlyO2JpbmFyeTANBgkqhkiG9w0BAQUF
+AAOCAQEAWTKtqsP435xknHEJNMG9vGMAHi3b7anICOO5GOSvyq4Uwd27+XODg1eO
+lMmgqgMHzmecteUXWT8ouBc22rqNw5YRAWpQ1gbaaKRK0guFfM2I3/9ed+b1pEiR
+0E6iZ2r4aO+qF0Xv2JYK3c/wPoe2v4g/01S+PhLOofkLbzLRVL+EWzWg2wdktavp
+eR7i8qp0cueREvfHu27u5XSQECSLt+fNnIWQR+Tib38gvSy7g5YjTahM2H4uXhUp
+uCV9VzULLRVUjKnc4OU3nahPIJWDK8USNj2oc+FOiEmlubv6CUooWjO55JJ5W3v4
+pU/zyTTNmYywumB+n4Q+5jz6flrr5g==
+-----END CERTIFICATE-----
+
+subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD CA-31
+issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 2
+-----BEGIN CERTIFICATE-----
+MIIFTDCCBDSgAwIBAgICA50wDQYJKoZIhvcNAQEFBQAwWzELMAkGA1UEBhMCVVMx
+GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL
+EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDIwHhcNMTMwMTE2MTQ0OTMwWhcN
+MTkwMTE2MTQ0OTMwWjBXMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl
+cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTESMBAGA1UEAxMJRE9E
+IENBLTMxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxicQL5CWONnf
+5l8/uon7ZoLrtqXt8FaQFkDnbKKweWZZ15hiMdEzIlPjHlykVmamTVb7w+JCEqv5
+wEpLQO+RE4Y5MFHWbo4nt0GJKQHuWEZzBHFEXGlDPjLmZN+za5kscKLQPk3YWBJt
+RfA9k1S+3+L7zxH//IoBN++nLrpADGo+HOQKMoBpvSI57Et2ybFakzwhhDjdcxOC
++V0MgQqpslN02QuOwOiXuz1fE4y1uTvs9rudjiD2a7ydFDLcfrniY7BqwYC5FvyR
+76yyCZ9SR1gTXmJ+mhKGW8UgH+GOZgB2U+znIokhTF+56b6gUpMOpsjezLeCrSJt
+i9AwUzZVVwIDAQABo4ICHDCCAhgwHQYDVR0OBBYEFETjRqNB7mCxXqeTJfSgU+63
+Sb67MB8GA1UdIwQYMBaAFEl0uwxeunr+AlTve6DGlcYJgHCWMBIGA1UdEwEB/wQI
+MAYBAf8CAQAwDAYDVR0kBAUwA4ABADAOBgNVHQ8BAf8EBAMCAYYwZgYDVR0gBF8w
+XTALBglghkgBZQIBCwUwCwYJYIZIAWUCAQsJMAsGCWCGSAFlAgELETALBglghkgB
+ZQIBCxIwCwYJYIZIAWUCAQsTMAwGCmCGSAFlAwIBAxowDAYKYIZIAWUDAgEDGzA3
+BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmRpc2EubWlsL2NybC9ET0RST09U
+Q0EyLmNybDCCAQEGCCsGAQUFBwEBBIH0MIHxMDoGCCsGAQUFBzAChi5odHRwOi8v
+Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTJfSVQucDdjMCAGCCsGAQUF
+BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDCBkAYIKwYBBQUHMAKGgYNsZGFwOi8v
+Y3JsLmdkcy5kaXNhLm1pbC9jbiUzZERvRCUyMFJvb3QlMjBDQSUyMDIlMmNvdSUz
+ZFBLSSUyY291JTNkRG9EJTJjbyUzZFUuUy4lMjBHb3Zlcm5tZW50JTJjYyUzZFVT
+P2Nyb3NzQ2VydGlmaWNhdGVQYWlyO2JpbmFyeTANBgkqhkiG9w0BAQUFAAOCAQEA
+R1FS3PSgc5pC5wvsI5GNJXW0RII0qvlGdVHD9g745+MvtCDD76FlNOCdh8HmLmLw
+J+jrxc81ldJAgIuSCbamG9USZDHbtdQO3wqKtlb1vHaSkxl8v2V9coHYZHs5NIp2
+WMwdQ/cHzxyDA3O+OBfbdK1pCRF87djWAo1mPatryjPbx3pmxd6nJ0gPZhLuaCTA
+75HqBhkqUFgT4CL8DrEk++uOQgIPd4gVi+by9VO3fOBVmxPWtnDKc3DjUyXBKB57
+xCxJbpDbqstbAxvCh4f1q75RcXNtJmZ7mx0X4O3jwN4dJ7HtDTRGPt0uXvSCcNrR
+kxt53dZK5875P3MfzormFg==
+-----END CERTIFICATE-----
+
diff --git a/ssl/server-certs/dev.cac.atat.codes.crt b/ssl/server-certs/dev.cac.atat.codes.crt
new file mode 100644
index 00000000..86b81ccb
--- /dev/null
+++ b/ssl/server-certs/dev.cac.atat.codes.crt
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDmTCCAoGgAwIBAgIJAPTXTxYH3TyDMA0GCSqGSIb3DQEBCwUAMGkxCzAJBgNV
+BAYTAlVTMRUwEwYDVQQIEwxQZW5uc3lsdmFuaWExFTATBgNVBAcTDFBoaWxhZGVs
+cGhpYTEMMAoGA1UEChMDRG9EMQwwCgYDVQQLEwNERFMxEDAOBgNVBAMTB0FUQVQg
+Q0EwHhcNMTgwNjAxMTk0NjIyWhcNMzgwNTI3MTk0NjIyWjBzMQswCQYDVQQGEwJV
+UzELMAkGA1UECAwCVkExETAPBgNVBAcMCFNvbWVDaXR5MRIwEAYDVQQKDAlNeUNv
+bXBhbnkxEzARBgNVBAsMCk15RGl2aXNpb24xGzAZBgNVBAMMEmRldi5jYWMuYXRh
+dC5jb2RlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOGjINZSzsSH
+MP0e+PxJhuM7v0juaB51UyzEp1tnrICKygQ+JaVLUmvZTiwsILfAFJ0Atxr50nga
+CG5R+QN+JAOBJ6v1tKW/NQ7kWCM8tyC5f1aU0rf5Yvl6dhZXJKszOTROG+3Qg/cH
+DM57/YrbOBnm30PaEAFD/s13hKEZklVgX3wYyaB2oRmXBbvWog9uFl3PLQBmnCPr
+q7aFlr2S3THO46PqHITtijwEDQViXgE+K5wm6ogi/cXzuD4aYq0PVk+6WaorXBOZ
+pOWnRyyX2OaJMyFzjuTBKQ80NMivcuh+fRQIhviSepeNuXeyZkWzQtixZPh22/Rv
+3lmWW4mY3D0CAwEAAaM6MDgwNgYDVR0RBC8wLYISZGV2LmNhYy5hdGF0LmNvZGVz
+gg5jYWMuYXRhdC5jb2Rlc4IHYmFja2VuZDANBgkqhkiG9w0BAQsFAAOCAQEALeJM
+LAPCxoqi/RirJcY5beiHZgLGLgolDHJEE8ZzKtuNqJvGWPwrTRGmr+mm31Qnl8IP
+M/skIC5CtYTdJRHD3AYNyFOFWmTuDS929mWxg50eZr8xdpS5sQ5AqiBclToXgOTI
+qRje/ojofTVl8RdT1q1gH0f+Ul60fywckngtSzJu2EkMTjy1xRCzmm137PakGuwc
+IZE+4trl2adE7GVWhYsF+SaroiLMIxFCcJqeqtbPK3OfuGMLUUr20O42fWfZskqa
+xenWST0R4M5ixMx1L3mou3vqQxHjihRpCaFDgpVJ0EbHbw2j3gqSiVF7q6N0mxFk
+RZ088LtbYUr/LL3TCg==
+-----END CERTIFICATE-----
diff --git a/ssl/server-certs/dev.cac.atat.codes.csr b/ssl/server-certs/dev.cac.atat.codes.csr
new file mode 100644
index 00000000..224ceb04
--- /dev/null
+++ b/ssl/server-certs/dev.cac.atat.codes.csr
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIDATCCAekCAQAwczELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlZBMREwDwYDVQQH
+DAhTb21lQ2l0eTESMBAGA1UECgwJTXlDb21wYW55MRMwEQYDVQQLDApNeURpdmlz
+aW9uMRswGQYDVQQDDBJkZXYuY2FjLmF0YXQuY29kZXMwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDhoyDWUs7EhzD9Hvj8SYbjO79I7mgedVMsxKdbZ6yA
+isoEPiWlS1Jr2U4sLCC3wBSdALca+dJ4GghuUfkDfiQDgSer9bSlvzUO5FgjPLcg
+uX9WlNK3+WL5enYWVySrMzk0Thvt0IP3BwzOe/2K2zgZ5t9D2hABQ/7Nd4ShGZJV
+YF98GMmgdqEZlwW71qIPbhZdzy0AZpwj66u2hZa9kt0xzuOj6hyE7Yo8BA0FYl4B
+PiucJuqIIv3F87g+GmKtD1ZPulmqK1wTmaTlp0csl9jmiTMhc47kwSkPNDTIr3Lo
+fn0UCIb4knqXjbl3smZFs0LYsWT4dtv0b95ZlluJmNw9AgMBAAGgSTBHBgkqhkiG
+9w0BCQ4xOjA4MDYGA1UdEQQvMC2CEmRldi5jYWMuYXRhdC5jb2Rlc4IOY2FjLmF0
+YXQuY29kZXOCB2JhY2tlbmQwDQYJKoZIhvcNAQELBQADggEBAJgWiXenFnBMAL+H
+tM3RvgsVXVd5ccAL0tiiRplm88JrtEPylDmN4HG1pp7Y11ziMoZvP5TZBJEVrArw
+ONT6VacOs+5UBw9lQDU7KYNbUEZlcCfPBA/cfxdWUgV0pDV/tOVUeB16HOZjIrNA
+3s6r2GhI7fnUEWhbmEKe7DvUyX0seMmpMl/E48b7FQ4i+1frhSjH5SC1GwKJLM3P
+Sq5JALYUFUdn9yNCMc4tGtRwrJkPoUAzUQRlczJ4KsHl0ma5uAQ+B80H3spWgb/j
+/25+mQl8vzLE3m/mVcCGikAapJTyA56EQhxp2Zrmy29bXsWhaR7xzRxWtrIGUXlE
+g8vKEEc=
+-----END CERTIFICATE REQUEST-----
diff --git a/ssl/server-certs/dev.cac.atat.codes.key b/ssl/server-certs/dev.cac.atat.codes.key
new file mode 100644
index 00000000..c7ff3d88
--- /dev/null
+++ b/ssl/server-certs/dev.cac.atat.codes.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEA4aMg1lLOxIcw/R74/EmG4zu/SO5oHnVTLMSnW2esgIrKBD4l
+pUtSa9lOLCwgt8AUnQC3GvnSeBoIblH5A34kA4Enq/W0pb81DuRYIzy3ILl/VpTS
+t/li+Xp2FlckqzM5NE4b7dCD9wcMznv9its4GebfQ9oQAUP+zXeEoRmSVWBffBjJ
+oHahGZcFu9aiD24WXc8tAGacI+urtoWWvZLdMc7jo+ochO2KPAQNBWJeAT4rnCbq
+iCL9xfO4PhpirQ9WT7pZqitcE5mk5adHLJfY5okzIXOO5MEpDzQ0yK9y6H59FAiG
++JJ6l425d7JmRbNC2LFk+Hbb9G/eWZZbiZjcPQIDAQABAoIBAQDDpyxGLC/XAlNc
+aYsFWMx6JcjMeM4X+yxQWYW1IMTYAYEDBNCn8BRcKGY8r1b/frNhIMmlvpLeSdSd
+tL70ZGDeGRRJbBlkz9Q2QZKbm35ABhmA/jNqC/ni0mmrHY1SVmx4CnL1WCXWAmr8
+cU99JHIVI7jdoSzXrBo6GDUNbJsTI4kLmJO31zTnO3A10r6eTG6+t0kqdprcG3oE
+pTpJnycy+z5cXf/8gv+yMicDpSzts0YjeSFvG0TPNVrvINsoXK837M0DycotUsik
+0I1TyWMR66b8ceP34A86eWPjVQw/jU0kdDD0AN4Key/EymS21vGVml1vVNP3ZvkH
+A6pE9scRAoGBAPmwb6VfRtJRPIieexqatilO6hH5B+A05FvopGdFEs7aDdnsBKXS
+FalEp0ArR0DRu65c4nF0NNBUkciq5VrEdoNyz5OKIV6ypl+FOtoDpaDlgQEGctE/
+fjjw4EAt0uvCJYMjrSpeiS6aIHb9QPU5kTEjfJrIvkorRxGa4XQzvcBPAoGBAOdX
+EZEEZP9Qy0GE60j12VQ9jkVrmCfWyDd1qR09iN0fXFcTr1mj5E+nQimI+3OX1ymg
+EgPOqTxxGj7W9erEEpT2xlERuBVP9CnBQPjl4llTJtMNpYsX76OLCRe9QYvCkVsE
+1rvCu9Kdbrok/GZIyZxPShMsxg0SnFsEKvpu2AuzAoGBAPCuv2AUcEspnYU/5wBl
+I7S76et7NrlLothpb5hQP+n+zR1EYdKJqPGqSOIVFbEIurY/uNOOJZ6v9nsNKNqO
+yIK6+BaLLtF+udsXrPwcSdrHf8vCMIk9f+lZX4Dd6xPw6IH5sOFHkUrHrQWl56i6
+XheU0nbNjIgoIXB58Fs3yPAHAoGAGYdCKP6TJpmD1HcWf7ahhOpGCOMWp07MSVJy
+lwdzUvNi/Tju4LV1PFT4uBylotveonlHg6QKiODyRHz0JjP82PNibw/FgJSSHQl2
+YgD8OV8zqZaX7gF2MFXnavc3hHS0FZczGwUiNNuqnF/4elEN7nHResw2Drs/Bcwv
+8fLJZIECgYEA17uHOALkj6m9oFeepMddgVzfTtEzhjwJIB3/dhv9K5Y6UkxOrwvE
+d813gvlXziZ6StMMbbwW+TPU87Z8B92y2rMP/e3ui4Z3/ObMfeSCWX6892M3jfAu
+RB4FLpR4us5RWZ7rpSyZzmA4/4NaBMxz8b6fD8vImjbbwYfJbq7oKFI=
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/ssl.conf b/ssl/ssl.conf
new file mode 100644
index 00000000..ff411a96
--- /dev/null
+++ b/ssl/ssl.conf
@@ -0,0 +1,39 @@
+server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+
+ ssl_certificate /etc/ssl/dev.cac.atat.codes.crt;
+ ssl_certificate_key /etc/ssl/dev.cac.atat.codes.key;
+ ssl_session_timeout 1d;
+ ssl_session_cache shared:SSL:50m;
+ ssl_session_tickets off;
+
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
+ ssl_prefer_server_ciphers on;
+
+ ssl_verify_client optional;
+ ssl_verify_depth 10;
+ ssl_client_certificate /etc/ssl/ca-chain.pem;
+ error_log /var/log/nginx/authnid.error.log debug;
+
+ add_header Strict-Transport-Security max-age=15768000;
+ #ssl_stapling on;
+ #ssl_stapling_verify on;
+
+ location / {
+ try_files $uri @app;
+ }
+
+ location @app {
+ include uwsgi_params;
+ uwsgi_pass unix:///tmp/uwsgi.sock;
+ uwsgi_param HTTP_X_SSL_CLIENT_VERIFY $ssl_client_verify;
+ uwsgi_param HTTP_X_SSL_CLIENT_CERT $ssl_client_raw_cert;
+ uwsgi_param HTTP_X_SSL_CLIENT_S_DN $ssl_client_s_dn;
+ }
+
+ location /static {
+ alias /app/static;
+ }
+}
diff --git a/tests/domain/authnid/test_crl.py b/tests/domain/authnid/test_crl.py
new file mode 100644
index 00000000..6bfdd99e
--- /dev/null
+++ b/tests/domain/authnid/test_crl.py
@@ -0,0 +1,86 @@
+# Import installed packages
+import pytest
+import re
+import os
+import shutil
+from OpenSSL import crypto, SSL
+from atst.domain.authnid.crl.validator import Validator
+import atst.domain.authnid.crl.util as util
+
+
+class MockX509Store():
+ def __init__(self):
+ self.crls = []
+ self.certs = []
+
+ def add_crl(self, crl):
+ self.crls.append(crl)
+
+ def add_cert(self, cert):
+ self.certs.append(cert)
+
+ def set_flags(self, flag):
+ pass
+
+def test_can_build_crl_list(monkeypatch):
+ location = 'ssl/client-certs/client-ca.der.crl'
+ validator = Validator(crl_locations=[location], base_store=MockX509Store)
+ assert len(validator.store.crls) == 1
+
+def test_can_build_trusted_root_list():
+ location = 'ssl/server-certs/ca-chain.pem'
+ validator = Validator(roots=[location], base_store=MockX509Store)
+ with open(location) as f:
+ content = f.read()
+ assert len(validator.store.certs) == content.count('BEGIN CERT')
+
+def test_can_validate_certificate():
+ validator = Validator(
+ roots=['ssl/server-certs/ca-chain.pem'],
+ crl_locations=['ssl/client-certs/client-ca.der.crl']
+ )
+ good_cert = open('ssl/client-certs/atat.mil.crt', 'rb').read()
+ bad_cert = open('ssl/client-certs/bad-atat.mil.crt', 'rb').read()
+ assert validator.validate(good_cert)
+ assert validator.validate(bad_cert) == False
+
+def test_can_dynamically_update_crls(tmpdir):
+ crl_file = tmpdir.join('test.crl')
+ shutil.copyfile('ssl/client-certs/client-ca.der.crl', crl_file)
+ validator = Validator(
+ roots=['ssl/server-certs/ca-chain.pem'],
+ crl_locations=[crl_file]
+ )
+ cert = open('ssl/client-certs/atat.mil.crt', 'rb').read()
+ assert validator.validate(cert)
+ # override the original CRL with one that revokes atat.mil.crt
+ shutil.copyfile('tests/fixtures/test.der.crl', crl_file)
+ assert validator.validate(cert) == False
+
+def test_parse_disa_pki_list():
+ with open('tests/fixtures/disa-pki.html') as disa:
+ disa_html = disa.read()
+ crl_list = util.crl_list_from_disa_html(disa_html)
+ href_matches = re.findall('DOD(ROOT|EMAIL|ID)?CA', disa_html)
+ assert len(crl_list) > 0
+ assert len(crl_list) == len(href_matches)
+
+class MockStreamingResponse():
+ def __init__(self, content_chunks):
+ self.content_chunks = content_chunks
+
+ def iter_content(self, chunk_size=0):
+ return self.content_chunks
+
+ def __enter__(self):
+ return self
+
+ def __exit__(self, *args):
+ pass
+
+def test_write_crl(tmpdir, monkeypatch):
+ monkeypatch.setattr('requests.get', lambda u, **kwargs: MockStreamingResponse([b'it worked']))
+ crl = 'crl_1'
+ util.write_crl(tmpdir, crl)
+ assert [p.basename for p in tmpdir.listdir()] == [crl]
+ assert [p.read() for p in tmpdir.listdir()] == ['it worked']
diff --git a/tests/fixtures/disa-pki.html b/tests/fixtures/disa-pki.html
new file mode 100644
index 00000000..9510ab9f
--- /dev/null
+++ b/tests/fixtures/disa-pki.html
@@ -0,0 +1,75 @@
+
+
+
+
+DoD PKI CRLDPs
+
+
+
+UNCLASSIFIED
+
+
This list is provided by DoD PKE Engineering. It is updated as new CAs come online.
+This is a list of CRL Distribution Points (CRLDPs) for all DoD CAs.
+Updated April 5, 2018
+
+DoD Root CA 2
+DoD Root CA 3
+DoD Root CA 4
+DoD Root CA 5
+DoD Interoperability Root CA 1
+DoD Interoperability Root CA 2
+NIPR INTERNAL NPE ROOT CA 1
+DoD NPE Root CA 1
+DoD WCF Root CA 1
+DoD CCEB Interoperability Root CA 1
+DoD CCEB Interoperability Root CA 2
+DoD DMDN Signing CA 1
+DoD CA-31
+DoD CA-32
+DoD ID CA-33
+DoD ID CA-34
+DoD ID SW CA-35
+DoD ID SW CA-36
+DoD ID SW CA-37
+DoD ID SW CA-38
+DoD ID CA-39
+DoD ID CA-40
+DoD ID CA-41
+DoD ID CA-42
+DoD ID CA-43
+DoD ID CA-44
+DoD ID SW CA-45
+DoD ID SW CA-46
+DoD ID SW CA-47
+DoD ID SW CA-48
+DoD ID CA-49
+DoD ID CA-50
+DoD ID CA-51
+DoD ID CA-52
+DoD EMAIL CA-31
+DoD EMAIL CA-32
+DoD EMAIL CA-33
+DoD EMAIL CA-34
+DoD EMAIL CA-39
+DoD EMAIL CA-40
+DoD EMAIL CA-41
+DoD EMAIL CA-42
+DoD EMAIL CA-43
+DoD EMAIL CA-44
+DoD EMAIL CA-49
+DoD EMAIL CA-50
+DoD EMAIL CA-51
+DoD EMAIL CA-52
+DoD SW CA-53
+DoD SW CA-54
+DoD SW CA-55
+DoD SW CA-56
+DoD SW CA-57
+DoD SW CA-58
+
+
+
+
+UNCLASSIFIED
+
+
diff --git a/tests/fixtures/test.der.crl b/tests/fixtures/test.der.crl
new file mode 100644
index 00000000..dc8310f2
--- /dev/null
+++ b/tests/fixtures/test.der.crl
@@ -0,0 +1,14 @@
+-----BEGIN X509 CRL-----
+MIICDjCB9zANBgkqhkiG9w0BAQQFADCBjTELMAkGA1UEBhMCVVMxFTATBgNVBAgT
+DFBlbm5zeWx2YW5pYTEVMBMGA1UEBxMMUGhpbGFkZWxwaGlhMRAwDgYDVQQKEwdG
+YXV4RG9EMQswCQYDVQQLEwJQVzERMA8GA1UEAxMIRmF1eCBEb0QxHjAcBgkqhkiG
+9w0BCQEWD2ZhdXhkb2RAZG9kLmNvbRcNMTgwNzMwMjEzMzQ3WhcNMTgwODI5MjEz
+MzQ3WjA4MBoCCQCoSzDcVuoXYxcNMTgwNzMwMjEzMzAxWjAaAgkA3u1dCnHnJ9kX
+DTE4MDYyMDIwNDYxMVowDQYJKoZIhvcNAQEEBQADggEBAIYH2GbZUfqbqAaNJW2W
+jREAbHnk2x5PSUri/YL9nH7ZAviZARtjuy5WKmu4hhAc/RwarwITT3NtP3BddLTF
+RCd1vdsKWh4s7QqEZQSXaXb4/uEP2rsLVmbWoZxIp2gXrQXSA5kkKx0N3pY3kETg
+vuMax8E2GdoJLNJe0xm0+hk4C9HcOf+WPL26n1+J4ZIhKf67BfZli0eFZue1PeVA
+Ow2XBnKI/yw4GA9+OFcZ4JzJnRMdx/O9bjbzj3gkx9t22Ukzo66BVklplqWmb4YQ
+PaRl0LxZtP/GLE6Ej8QmwK2SC26M60F6ceIFtgY3gor5J3oWmXGYz5xm4PWLj5fp
+v2w=
+-----END X509 CRL-----