diff --git a/Pipfile b/Pipfile index 076d21db..d7cef862 100644 --- a/Pipfile +++ b/Pipfile @@ -18,6 +18,8 @@ flask-sqlalchemy = "*" flask-assets = "*" flask-session = "*" flask-wtf = "*" +pyopenssl = "*" +requests = "*" [dev-packages] bandit = "*" diff --git a/Pipfile.lock b/Pipfile.lock index 2a25ba15..0bc39077 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "0738d50fa0153e356ddd9ce23bcc781914ed0fe860044457a9db9fc0e1cff46b" + "sha256": "647d98b5384d1942bbe6bfe7930b1cd249886da2f47645802cd6f93369f44538" }, "pipfile-spec": 6, "requires": { @@ -24,6 +24,64 @@ "index": "pypi", "version": "==1.0.0" }, + "asn1crypto": { + "hashes": [ + "sha256:2f1adbb7546ed199e3c90ef23ec95c5cf3585bac7d11fb7eb562a3fe89c64e87", + "sha256:9d5c20441baf0cb60a4ac34cc447c6c189024b6b4c6cd7877034f4965c464e49" + ], + "version": "==0.24.0" + }, + "certifi": { + "hashes": [ + "sha256:13e698f54293db9f89122b0581843a782ad0934a4fe0172d2a980ba77fc61bb7", + "sha256:9fa520c1bacfb634fa7af20a76bcbd3d5fb390481724c597da32c719a7dca4b0" + ], + "version": "==2018.4.16" + }, + "cffi": { + "hashes": [ + "sha256:151b7eefd035c56b2b2e1eb9963c90c6302dc15fbd8c1c0a83a163ff2c7d7743", + "sha256:1553d1e99f035ace1c0544050622b7bc963374a00c467edafac50ad7bd276aef", + "sha256:1b0493c091a1898f1136e3f4f991a784437fac3673780ff9de3bcf46c80b6b50", + "sha256:2ba8a45822b7aee805ab49abfe7eec16b90587f7f26df20c71dd89e45a97076f", + "sha256:3bb6bd7266598f318063e584378b8e27c67de998a43362e8fce664c54ee52d30", + "sha256:3c85641778460581c42924384f5e68076d724ceac0f267d66c757f7535069c93", + "sha256:3eb6434197633b7748cea30bf0ba9f66727cdce45117a712b29a443943733257", + "sha256:495c5c2d43bf6cebe0178eb3e88f9c4aa48d8934aa6e3cddb865c058da76756b", + "sha256:4c91af6e967c2015729d3e69c2e51d92f9898c330d6a851bf8f121236f3defd3", + "sha256:57b2533356cb2d8fac1555815929f7f5f14d68ac77b085d2326b571310f34f6e", + "sha256:770f3782b31f50b68627e22f91cb182c48c47c02eb405fd689472aa7b7aa16dc", + "sha256:79f9b6f7c46ae1f8ded75f68cf8ad50e5729ed4d590c74840471fc2823457d04", + "sha256:7a33145e04d44ce95bcd71e522b478d282ad0eafaf34fe1ec5bbd73e662f22b6", + "sha256:857959354ae3a6fa3da6651b966d13b0a8bed6bbc87a0de7b38a549db1d2a359", + "sha256:87f37fe5130574ff76c17cab61e7d2538a16f843bb7bca8ebbc4b12de3078596", + "sha256:95d5251e4b5ca00061f9d9f3d6fe537247e145a8524ae9fd30a2f8fbce993b5b", + "sha256:9d1d3e63a4afdc29bd76ce6aa9d58c771cd1599fbba8cf5057e7860b203710dd", + "sha256:a36c5c154f9d42ec176e6e620cb0dd275744aa1d804786a71ac37dc3661a5e95", + "sha256:a6a5cb8809091ec9ac03edde9304b3ad82ad4466333432b16d78ef40e0cce0d5", + "sha256:ae5e35a2c189d397b91034642cb0eab0e346f776ec2eb44a49a459e6615d6e2e", + "sha256:b0f7d4a3df8f06cf49f9f121bead236e328074de6449866515cea4907bbc63d6", + "sha256:b75110fb114fa366b29a027d0c9be3709579602ae111ff61674d28c93606acca", + "sha256:ba5e697569f84b13640c9e193170e89c13c6244c24400fc57e88724ef610cd31", + "sha256:be2a9b390f77fd7676d80bc3cdc4f8edb940d8c198ed2d8c0be1319018c778e1", + "sha256:ca1bd81f40adc59011f58159e4aa6445fc585a32bb8ac9badf7a2c1aa23822f2", + "sha256:d5d8555d9bfc3f02385c1c37e9f998e2011f0db4f90e250e5bc0c0a85a813085", + "sha256:e55e22ac0a30023426564b1059b035973ec82186ddddbac867078435801c7801", + "sha256:e90f17980e6ab0f3c2f3730e56d1fe9bcba1891eeea58966e89d352492cc74f4", + "sha256:ecbb7b01409e9b782df5ded849c178a0aa7c906cf8c5a67368047daab282b184", + "sha256:ed01918d545a38998bfa5902c7c00e0fee90e957ce036a4000a88e3fe2264917", + "sha256:edabd457cd23a02965166026fd9bfd196f4324fe6032e866d0f3bd0301cd486f", + "sha256:fdf1c1dc5bafc32bc5d08b054f94d659422b05aba244d6be4ddc1c72d9aa70fb" + ], + "version": "==1.11.5" + }, + "chardet": { + "hashes": [ + "sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae", + "sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691" + ], + "version": "==3.0.4" + }, "click": { "hashes": [ "sha256:29f99fc6125fbc931b758dc053b3114e55c77a6e4c6c3a2674a2dc986016381d", @@ -31,6 +89,30 @@ ], "version": "==6.7" }, + "cryptography": { + "hashes": [ + "sha256:21af753934f2f6d1a10fe8f4c0a64315af209ef6adeaee63ca349797d747d687", + "sha256:27bb401a20a838d6d0ea380f08c6ead3ccd8c9d8a0232dc9adcc0e4994576a66", + "sha256:29720c4253263cff9aea64585adbbe85013ba647f6e98367efff9db2d7193ded", + "sha256:2a35b7570d8f247889784010aac8b384fd2e4a47b33e15c4a60b45a7c1944120", + "sha256:42c531a6a354407f42ee07fda5c2c0dc822cf6d52744949c182f2b295fbd4183", + "sha256:5eb86f03f9c4f0ac2336ac5431271072ddf7ecc76b338e26366732cfac58aa19", + "sha256:67f7f57eae8dede577f3f7775957f5bec93edd6bdb6ce597bb5b28e1bdf3d4fb", + "sha256:6ec84edcbc966ae460560a51a90046503ff0b5b66157a9efc61515c68059f6c8", + "sha256:7ba834564daef87557e7fcd35c3c3183a4147b0b3a57314e53317360b9b201b3", + "sha256:7d7f084cbe1fdb82be5a0545062b59b1ad3637bc5a48612ac2eb428ff31b31ea", + "sha256:82409f5150e529d699e5c33fa8fd85e965104db03bc564f5f4b6a9199e591f7c", + "sha256:87d092a7c2a44e5f7414ab02fb4145723ebba411425e1a99773531dd4c0e9b8d", + "sha256:8c56ef989342e42b9fcaba7c74b446f0cc9bed546dd00034fa7ad66fc00307ef", + "sha256:9449f5d4d7c516a6118fa9210c4a00f34384cb1d2028672100ee0c6cce49d7f6", + "sha256:bc2301170986ad82d9349a91eb8884e0e191209c45f5541b16aa7c0cfb135978", + "sha256:c132bab45d4bd0fff1d3fe294d92b0a6eb8404e93337b3127bdec9f21de117e6", + "sha256:c3d945b7b577f07a477700f618f46cbc287af3a9222cd73035c6ef527ef2c363", + "sha256:cee18beb4c807b5c0b178f4fa2fae03cef9d51821a358c6890f8b23465b7e5d2", + "sha256:d01dfc5c2b3495184f683574e03c70022674ca9a7be88589c5aba130d835ea90" + ], + "version": "==2.3" + }, "flask": { "hashes": [ "sha256:2271c0070dbcb5275fad4a82e29f23ab92682dc45f9dfbc22c02ba9b9322ce48", @@ -70,6 +152,13 @@ "index": "pypi", "version": "==0.14.2" }, + "idna": { + "hashes": [ + "sha256:156a6814fb5ac1fc6850fb002e0852d56c0c8d2531923a51032d1b70760e186e", + "sha256:684a38a6f903c1d71d6d5fac066b58d7768af4de2b832e426ec79c30daa94a16" + ], + "version": "==2.7" + }, "itsdangerous": { "hashes": [ "sha256:cbb3fcf8d3e33df861709ecaf89d9e6629cff0a217bc2848f1b41cd30d360519" @@ -150,6 +239,20 @@ "index": "pypi", "version": "==2.7.5" }, + "pycparser": { + "hashes": [ + "sha256:99a8ca03e29851d96616ad0404b4aad7d9ee16f25c9f9708a11faf2810f7b226" + ], + "version": "==2.18" + }, + "pyopenssl": { + "hashes": [ + "sha256:26ff56a6b5ecaf3a2a59f132681e2a80afcc76b4f902f612f518f92c2a1bf854", + "sha256:6488f1423b00f73b7ad5167885312bb0ce410d3312eb212393795b53c8caa580" + ], + "index": "pypi", + "version": "==18.0.0" + }, "python-dateutil": { "hashes": [ "sha256:1adb80e7a782c12e52ef9a8182bebeb73f1d7e24e374397af06fb4956c8dc5c0", @@ -168,7 +271,6 @@ "sha256:1d936da41ee06216d89fdc7ead1ee9a5da2811a8787515a976b646e110c3f622", "sha256:e4ef42e82b0b493c5849eed98b5ab49d6767caf982127e9a33167f1153b36cc5" ], - "markers": "python_version != '3.2.*' and python_version != '3.3.*' and python_version != '3.0.*' and python_version != '3.1.*' and python_version >= '2.7'", "version": "==2018.5" }, "redis": { @@ -179,6 +281,14 @@ "index": "pypi", "version": "==2.10.6" }, + "requests": { + "hashes": [ + "sha256:63b52e3c866428a224f97cab011de738c36aec0185aa91cfacd418b5d58911d1", + "sha256:ec22d826a36ed72a7358ff3fe56cbd4ba69dd7a6718ffd450ff0e9df7a47ce6a" + ], + "index": "pypi", + "version": "==2.19.1" + }, "six": { "hashes": [ "sha256:70e8a77beed4562e7f14fe23a786b54f6296e34344c23bc42f07b15018ff98e9", @@ -214,6 +324,13 @@ "index": "pypi", "version": "==1.1" }, + "urllib3": { + "hashes": [ + "sha256:a68ac5e15e76e7e5dd2b8f94007233e01effe3e50e8daddf69acfd81cb686baf", + "sha256:b5725a0bd4ba422ab0e66e89e030c806576753ea3ee08554382c14e685d117b5" + ], + "version": "==1.23" + }, "webassets": { "hashes": [ "sha256:e7d9c8887343123fd5b32309b33167428cb1318cdda97ece12d0907fd69d38db" @@ -402,7 +519,6 @@ "sha256:b9c40e9750f3d77e6e4d441d8b0266cf555e7cdabdcff33c4fd06366ca761ef8", "sha256:ec9ef8f4a9bc6f71eec99e1806bfa2de401650d996c59330782b89a5555c1497" ], - "markers": "python_version != '3.2.*' and python_version != '3.1.*' and python_version != '3.3.*' and python_version >= '2.7' and python_version != '3.0.*'", "version": "==4.3.4" }, "itsdangerous": { @@ -520,7 +636,6 @@ "sha256:6e3836e39f4d36ae72840833db137f7b7d35105079aee6ec4a62d9f80d594dd1", "sha256:95eb8364a4708392bae89035f45341871286a333f749c3141c20573d2b3876e1" ], - "markers": "python_version != '3.2.*' and python_version != '3.1.*' and python_version != '3.3.*' and python_version >= '2.7' and python_version != '3.0.*'", "version": "==0.7.1" }, "prompt-toolkit": { @@ -543,7 +658,6 @@ "sha256:3fd59af7435864e1a243790d322d763925431213b6b8529c6ca71081ace3bbf7", "sha256:e31fb2767eb657cbde86c454f02e99cb846d3cd9d61b318525140214fdc0e98e" ], - "markers": "python_version != '3.2.*' and python_version != '3.1.*' and python_version != '3.3.*' and python_version >= '2.7' and python_version != '3.0.*'", "version": "==1.5.4" }, "pygments": { @@ -593,11 +707,15 @@ }, "pyyaml": { "hashes": [ + "sha256:1cbc199009e78f92d9edf554be4fe40fb7b0bef71ba688602a00e97a51909110", "sha256:254bf6fda2b7c651837acb2c718e213df29d531eebf00edb54743d10bcb694eb", "sha256:3108529b78577327d15eec243f0ff348a0640b0c3478d67ad7f5648f93bac3e2", "sha256:3c17fb92c8ba2f525e4b5f7941d850e7a48c3a59b32d331e2502a3cdc6648e76", + "sha256:6f89b5c95e93945b597776163403d47af72d243f366bf4622ff08bdfd1c950b7", "sha256:8d6d96001aa7f0a6a4a95e8143225b5d06e41b1131044913fecb8f85a125714b", - "sha256:c8a88edd93ee29ede719080b2be6cb2333dfee1dccba213b422a9c8e97f2967b" + "sha256:be622cc81696e24d0836ba71f6272a2b5767669b0d79fdcf0295d51ac2e156c8", + "sha256:c8a88edd93ee29ede719080b2be6cb2333dfee1dccba213b422a9c8e97f2967b", + "sha256:f39411e380e2182ad33be039e8ee5770a5d9efe01a2bfb7ae58d9ba31c4a2a9d" ], "version": "==4.2b4" }, diff --git a/atst/domain/authnid/__init__.py b/atst/domain/authnid/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/atst/domain/authnid/crl/util.py b/atst/domain/authnid/crl/util.py new file mode 100644 index 00000000..13e8106d --- /dev/null +++ b/atst/domain/authnid/crl/util.py @@ -0,0 +1,72 @@ +import requests +import re +import os +from html.parser import HTMLParser + +_DISA_CRLS = "https://iasecontent.disa.mil/pki-pke/data/crls/dod_crldps.htm" + + +def fetch_disa(): + response = requests.get(_DISA_CRLS) + return response.text + + +class DISAParser(HTMLParser): + crl_list = [] + _CRL_MATCH = re.compile("DOD(ROOT|EMAIL|ID)?CA") + + def handle_starttag(self, tag, attrs): + if tag == "a": + href = [pair[1] for pair in attrs if pair[0] == "href"].pop() + if re.search(self._CRL_MATCH, href): + self.crl_list.append(href) + + +def crl_list_from_disa_html(html): + parser = DISAParser() + parser.reset() + parser.feed(html) + return parser.crl_list + + +def write_crl(out_dir, crl_location): + name = re.split("/", crl_location)[-1] + crl = os.path.join(out_dir, name) + with requests.get(crl_location, stream=True) as r: + with open(crl, "wb") as crl_file: + for chunk in r.iter_content(chunk_size=1024): + if chunk: + crl_file.write(chunk) + + +def refresh_crls(out_dir, logger=None): + disa_html = fetch_disa() + crl_list = crl_list_from_disa_html(disa_html) + for crl_location in crl_list: + if logger: + logger.info("updating CRL from {}".format(crl_location)) + try: + write_crl(out_dir, crl_location) + except requests.exceptions.ChunkedEncodingError: + if logger: + logger.error( + "Error downloading {}, continuing anyway".format(crl_location) + ) + + +if __name__ == "__main__": + import sys + import datetime + import logging + + logging.basicConfig( + level=logging.INFO, format="[%(asctime)s]:%(levelname)s: %(message)s" + ) + logger = logging.getLogger() + logger.info("Updating CRLs") + try: + refresh_crls(sys.argv[1], logger=logger) + except Exception as err: + logger.exception("Fatal error encountered, stopping") + sys.exit(1) + logger.info("Finished updating CRLs") diff --git a/atst/domain/authnid/crl/validator.py b/atst/domain/authnid/crl/validator.py new file mode 100644 index 00000000..409a8bf7 --- /dev/null +++ b/atst/domain/authnid/crl/validator.py @@ -0,0 +1,124 @@ +import sys +import os +import re +import hashlib +from OpenSSL import crypto, SSL + + +def sha256_checksum(filename, block_size=65536): + sha256 = hashlib.sha256() + with open(filename, "rb") as f: + for block in iter(lambda: f.read(block_size), b""): + sha256.update(block) + return sha256.hexdigest() + + +class Validator: + + _PEM_RE = re.compile( + b"-----BEGIN CERTIFICATE-----\r?.+?\r?-----END CERTIFICATE-----\r?\n?", + re.DOTALL, + ) + + def __init__(self, crl_locations=[], roots=[], base_store=crypto.X509Store): + self.errors = [] + self.crl_locations = crl_locations + self.roots = roots + self.base_store = base_store + self._reset() + + def _reset(self): + self.cache = {} + self.store = self.base_store() + self._add_crls(self.crl_locations) + self._add_roots(self.roots) + self.store.set_flags(crypto.X509StoreFlags.CRL_CHECK) + + def _add_crls(self, locations): + for filename in locations: + try: + self._add_crl(filename) + except crypto.Error as err: + self.errors.append( + "CRL could not be parsed. Filename: {}, Error: {}, args: {}".format( + filename, type(err), err.args + ) + ) + + # This caches the CRL issuer with the CRL filepath and a checksum, in addition to adding the CRL to the store. + + def _add_crl(self, filename): + with open(filename, "rb") as crl_file: + crl = crypto.load_crl(crypto.FILETYPE_ASN1, crl_file.read()) + self.cache[crl.get_issuer().der()] = (filename, sha256_checksum(filename)) + self._add_carefully("add_crl", crl) + + def _parse_roots(self, root_str): + return [match.group(0) for match in self._PEM_RE.finditer(root_str)] + + def _add_roots(self, roots): + for filename in roots: + with open(filename, "rb") as f: + for raw_ca in self._parse_roots(f.read()): + ca = crypto.load_certificate(crypto.FILETYPE_PEM, raw_ca) + self._add_carefully("add_cert", ca) + + # in testing, it seems that openssl is maintaining a local cache of certs + # in a hash table and throws errors if you try to add redundant certs or + # CRLs. For now, we catch and ignore that error with great specificity. + + def _add_carefully(self, method_name, obj): + try: + getattr(self.store, method_name)(obj) + except crypto.Error as error: + if self._is_preloaded_error(error): + pass + else: + raise error + + PRELOADED_CRL = ( + [ + ( + "x509 certificate routines", + "X509_STORE_add_crl", + "cert already in hash table", + ) + ], + ) + PRELOADED_CERT = ( + [ + ( + "x509 certificate routines", + "X509_STORE_add_cert", + "cert already in hash table", + ) + ], + ) + + def _is_preloaded_error(self, error): + return error.args == self.PRELOADED_CRL or error.args == self.PRELOADED_CERT + + # Checks that the CRL currently in-memory is up-to-date via the checksum. + + def refresh_cache(self, cert): + der = cert.get_issuer().der() + if der in self.cache: + filename, checksum = self.cache[der] + if sha256_checksum(filename) != checksum: + self._reset() + + def validate(self, cert): + parsed = crypto.load_certificate(crypto.FILETYPE_PEM, cert) + self.refresh_cache(parsed) + context = crypto.X509StoreContext(self.store, parsed) + try: + context.verify_certificate() + return True + + except crypto.X509StoreContextError as err: + self.errors.append( + "Certificate revoked or errored. Error: {}. Args: {}".format( + type(err), err.args + ) + ) + return False diff --git a/script/sync-crls b/script/sync-crls new file mode 100755 index 00000000..d4535173 --- /dev/null +++ b/script/sync-crls @@ -0,0 +1,16 @@ +#!/bin/bash + +# script/sync-crls: update the DOD CRLs and place them where authnid expects them +set -e +cd "$(dirname "$0")/.." + +mkdir -p crl-tmp +pipenv run python ./authnid/crl/util.py crl-tmp +mkdir -p crl +rsync -rq crl-tmp/. crl/. +rm -rf crl-tmp + +if [[ $FLASK_ENV != "production" ]]; then + # place our test CRL there + cp ssl/client-certs/client-ca.der.crl crl/ +fi diff --git a/script/sync-dod-certs b/script/sync-dod-certs new file mode 100755 index 00000000..043629c1 --- /dev/null +++ b/script/sync-dod-certs @@ -0,0 +1,25 @@ +#!/bin/bash + +# script/sync-dod-certs: update the CA bundle with DOD intermediate and root CAs + +CAS_FILE_NAME="Certificates_PKCS7_v5.3_DoD" +CA_CHAIN="ssl/server-certs/ca-chain.pem" + +echo "Resetting CA bundle..." +rm ssl/server-certs/ca-chain.pem &> /dev/null || true +touch $CA_CHAIN + +if [[ $FLASK_ENV != "production" ]]; then + # only for testing and development + echo "Copy in testing client CA..." + cat ssl/client-certs/client-ca.crt >> $CA_CHAIN +fi + +# dod intermediate certs +echo "Adding DoD root certs" +rm -rf tmp || true +mkdir tmp +curl --silent -o tmp/dod-cas.zip "https://iasecontent.disa.mil/pki-pke/$CAS_FILE_NAME.zip" +unzip tmp/dod-cas.zip -d tmp/ &> /dev/null +openssl pkcs7 -in "tmp/$CAS_FILE_NAME/$CAS_FILE_NAME.pem.p7b" -print_certs >> $CA_CHAIN +rm -rf tmp diff --git a/ssl/certificate-authority/ca.crt b/ssl/certificate-authority/ca.crt new file mode 100644 index 00000000..60ed3ff2 --- /dev/null +++ b/ssl/certificate-authority/ca.crt @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEJDCCAwygAwIBAgIJAK4JGo3BBGhVMA0GCSqGSIb3DQEBCwUAMGkxCzAJBgNV +BAYTAlVTMRUwEwYDVQQIEwxQZW5uc3lsdmFuaWExFTATBgNVBAcTDFBoaWxhZGVs +cGhpYTEMMAoGA1UEChMDRG9EMQwwCgYDVQQLEwNERFMxEDAOBgNVBAMTB0FUQVQg +Q0EwHhcNMTgwNjAxMTk0NjIyWhcNMzgwNTI3MTk0NjIyWjBpMQswCQYDVQQGEwJV +UzEVMBMGA1UECBMMUGVubnN5bHZhbmlhMRUwEwYDVQQHEwxQaGlsYWRlbHBoaWEx +DDAKBgNVBAoTA0RvRDEMMAoGA1UECxMDRERTMRAwDgYDVQQDEwdBVEFUIENBMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzYU7UbstArnnVliaC/TB6Vir +kVWMnAEYMUZA1BKP8DZaNEKbzFH2+mMw7O0BY7Ph9x0hEZ1kXLr6U93xcKyUWNPo +13i5EwUUCSh2MdPfS8ZZt8DUIIKC7XzFnKyKSKQmr0Mt9dC44rryPKTBvmI60rQ8 +VZkFEgvs8FCP0M4Ar6/gtJ24ZLEtilu5dQBSlru4nPGXg07r2C2JgEZWshtMBtbH +LkOM2gtp/pkYCCG0zqeU+0s3H8IqDq0uYkONOfVeCumbg1/AtjgrZu7aOVPKyibk +aI6sTTooXE5aSZkfkx0z6+fKM2nPSe30HgiBODtb7G+44ln08d0isjpQ67OvGQID +AQABo4HOMIHLMB0GA1UdDgQWBBSl7CUAWPbx8XqotKKKAufPh0wn4DCBmwYDVR0j +BIGTMIGQgBSl7CUAWPbx8XqotKKKAufPh0wn4KFtpGswaTELMAkGA1UEBhMCVVMx +FTATBgNVBAgTDFBlbm5zeWx2YW5pYTEVMBMGA1UEBxMMUGhpbGFkZWxwaGlhMQww +CgYDVQQKEwNEb0QxDDAKBgNVBAsTA0REUzEQMA4GA1UEAxMHQVRBVCBDQYIJAK4J +Go3BBGhVMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBABguwdFk42YP +8U6Du5HQ6Is1jfc1KEOowdh0d2MCH8q0KNktqiu6kWzjH1gRjRwc07bAkAWqXPB6 +6gkRGYe/FRgi2Rn+Uo5UC5ahI4cXkE8OitCIEP3Br9fUw+vj/3Iiov0QZ6Hv81Kl +ZTZhLiZbjAg5maL/vufnUp+n15qzm67APh3/2hcgO93UlE9o9vXohWy1lHs8u12o +hPLxghSmGc9eKalEWEs61OrohpOtCHUEd1isq76WhaiXSwSUrBxgy89Z517A7ffC +BjzLo5AVo6a9ou+ONVeZk8qw6YR6X9J7axy8YuTWt+Z82WFvOF0ubkqjm72d001M +7R9zCOQ3O+g= +-----END CERTIFICATE----- diff --git a/ssl/certificate-authority/ca.key b/ssl/certificate-authority/ca.key new file mode 100644 index 00000000..529761e9 --- /dev/null +++ b/ssl/certificate-authority/ca.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAzYU7UbstArnnVliaC/TB6VirkVWMnAEYMUZA1BKP8DZaNEKb +zFH2+mMw7O0BY7Ph9x0hEZ1kXLr6U93xcKyUWNPo13i5EwUUCSh2MdPfS8ZZt8DU +IIKC7XzFnKyKSKQmr0Mt9dC44rryPKTBvmI60rQ8VZkFEgvs8FCP0M4Ar6/gtJ24 +ZLEtilu5dQBSlru4nPGXg07r2C2JgEZWshtMBtbHLkOM2gtp/pkYCCG0zqeU+0s3 +H8IqDq0uYkONOfVeCumbg1/AtjgrZu7aOVPKyibkaI6sTTooXE5aSZkfkx0z6+fK +M2nPSe30HgiBODtb7G+44ln08d0isjpQ67OvGQIDAQABAoIBAHR4EInc3UEyQVu5 +knM8Hbgzu+b86FZweFlUSuDkNBYZdz0ukkRUHvb+x3c9SRBLnL8CDv+AhqPWgo6M +tIr6Aofkb4vMqnWQ5y3ZdEIApAa5PZbY/F4AGFql3wdO8H8CJ7ojBCTOSDiVYTnk +1Lcjy9okshyAP1Ne1sPJo/bdB56HtXs+wqok1NntIQwiXjjD9xUuc1EZk0J4M97L +vBUjUGNX942UjtRiey5zwhRp3bTPasTduHcA01NaIbOVYlRFwc2W+cflz0l6ml2p +14TNEEvIMMMCNKnlPrpGI23n0psAvE4nbuxZQGVYAFvXrWn+Gyvz0Yag2EoMUCEs +ziLED9ECgYEA6IByu+xqIuIAhj/PwIIxV4+lkuV4TXIlfAFLR4JuokOVfbRsmu2e +9EfeOUD9LfQ4KsG5mu4Abpja0k/VKRKRGRjV6Oe2C6VK942HFP6Kpn0hgIuomZkD +eVv8naDezZjAvVace38zjRWB2GXTpapwBAgf/YflPPsDZ8bi/weqZCMCgYEA4kqx +Ka489Rr7+cSXpMeS5lLufhlaE5OVQc5HVFREDAI5vXU8BM2sLiHTC/BHjis2JvLm +aRJ0UsxUoIUURl2KjTbx3zns4HDVkzBrSpoDXWxBjAo0oEg7JVc+6+qEqbDHHS1L +/UJ6mlUegsE42MkFWG3YJQuHxyLZqPXIwNAyhZMCgYEA5cxnGnSt5rJoAEi7xzMn +H7s71Hf3stw6TlldFV3GiZyw+aDFo09vR1RtQTuJwczbYu88yvOn+6gax7neHo1a +WmrgqiWzGcmS0iDRPZ/kXG/bGBlxV/cTpvSTNx0UejMbdUhQvANaaXyzbLYgPWK6 ++lEphUW2/tG+aOj73UOvVu8CgYA5L8sJz4CUKJeZDTeNauoSzs56i4mZ/OfxU2Hv +S8ROjJlu6ZubUya6Gc4t7DEJGp56xVO5JfLDoeOZFUiEZ8tF2KbTVN4p8hnnMotK +tRU4nM0LyOB3yQk5bIz4LbIM+CG5m+LiQ9Sb//rP7GijUFnLeSbwZbOQfZwn+MUd +BQBfhQKBgQDmuX8tJdPkjE133IhQhZHbHHt6AEQA3aXkFdvPvbYD9VbGTZ8wnpFO +VJrDDWnIKAgO2FerIX9oq+H9a5fggYtTMeAX1cOA6b9SnLmFjt0utxrQKxf7p5I+ +n+EsmcAWfb+KRQwoB0L/mE9Ool14AeJ15kHyNIrCrMPv0J4zoC0Jdg== +-----END RSA PRIVATE KEY----- diff --git a/ssl/certificate-authority/ca.srl b/ssl/certificate-authority/ca.srl new file mode 100644 index 00000000..a23185d3 --- /dev/null +++ b/ssl/certificate-authority/ca.srl @@ -0,0 +1 @@ +F4D74F1607DD3C83 diff --git a/ssl/client-certs/README.md b/ssl/client-certs/README.md new file mode 100644 index 00000000..10ab5fd3 --- /dev/null +++ b/ssl/client-certs/README.md @@ -0,0 +1,30 @@ +Right now, we have two client certificates: + +- atat.mil.crt: beautiful, good, works great +- bad-atat.mil.crt: banned, very bad, is on the CRL + +I more or less used [this article](https://access.redhat.com/documentation/en-us/red_hat_update_infrastructure/2.1/html/administration_guide/chap-red_hat_update_infrastructure-administration_guide-certification_revocation_list_crl) to generate the CRL. Note that I departed from it slightly and used a variation on the openssl config recommended by the ca man page (`man ca`). + +I added the new crl: + +``` +openssl crl -inform pem -in ssl/client-certs/client-ca.crl -outform der -out crl/simon.crl +``` + +Running the scripts verifies that the good one is good and the bad one is bad. + +We can also verify with OpenSSL. First concatenate the CA Bundle and the CRL: + +``` +cat ssl/server-certs/ca-chain.pem ssl/client-certs/client-ca.crl > /tmp/test.pem +``` + +Verify the certs: + +``` +openssl verify -verbose -CAfile /tmp/test.pem -crl_check ssl/client-certs/bad-atat.mil.crt +> error 23 at 0 depth lookup:certificate revoked +openssl verify -verbose -CAfile /tmp/test.pem -crl_check ssl/client-certs/atat.mil.crt +> atat.mil.crt: OK +``` + diff --git a/ssl/client-certs/atat.mil.crt b/ssl/client-certs/atat.mil.crt new file mode 100644 index 00000000..59dcb67f --- /dev/null +++ b/ssl/client-certs/atat.mil.crt @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDqTCCApECCQCoSzDcVuoXYzANBgkqhkiG9w0BAQsFADCBjTELMAkGA1UEBhMC +VVMxFTATBgNVBAgTDFBlbm5zeWx2YW5pYTEVMBMGA1UEBxMMUGhpbGFkZWxwaGlh +MRAwDgYDVQQKEwdGYXV4RG9EMQswCQYDVQQLEwJQVzERMA8GA1UEAxMIRmF1eCBE +b0QxHjAcBgkqhkiG9w0BCQEWD2ZhdXhkb2RAZG9kLmNvbTAeFw0xODA3MjQyMDM0 +MDJaFw0xOTA3MjQyMDM0MDJaMIGeMQswCQYDVQQGEwJVUzEVMBMGA1UECBMMUGVu +bnN5bHZhbmlhMRUwEwYDVQQHEwxQaGlsYWRlbHBoaWExDDAKBgNVBAoTA0RvRDEL +MAkGA1UECxMCUFcxITAfBgNVBAMTGEFSVC5HQVJGVU5LRUwuMTIzNDU2Nzg5MDEj +MCEGCSqGSIb3DQEJARYUYWdhcmZ1bmtlbEBzYW5kZy5jb20wggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDCRftouylCKDN9GoKRJMWA3gnfEshRxi4P1xU9 +xm0qgPIzTpeZCNUcDbSQzovXQ58ElrDTdUeMv0OV/RLOnNFKgPSAd2f1F4BE1rJR +WHLFjG6mPj769Wl1BhGAwOY/zdhfHYjTKZSApUfP6MuKsD2nciOnJFlqJ439R4LC +S8Fv3RnnKMQlSTMiudOMhtzr8v1poDlxVzu9IF7i/MZKCBFz3e1G2LFIr5ZL+djg +4rsI4lNPVNt1sRiXy/+kltBY8RIbPPP70iT+zmrr6PmEeDSwDSKgW+TBCGK3yFCr +kPXjMZhWOt+7eLanL2KJNrohEkJFzI3tb7zVm6zg5SC1GTIFAgMBAAEwDQYJKoZI +hvcNAQELBQADggEBAKm4W2mAqtRUpwCstCqJCdoOsIgW9pZKTczLERbODHvbfXZA +MfGGnYQiuoOddu9K9UJQIHZLMUYmF9gj9HdY60ttNWeH5XRXIXn6t1Pn8W7q042Q +RqeJ/uOtNG1UXRtHQhK1j73xD3ZSTGw7rTIA2qDgRQMp1h28405kZIiNVRFdNjFh +irAvtQkIXWhIGSr/Lwop98RmTsV17v4iK14Uf2i5QUjdIECiGqGSlk9Jmj8dajzN +cSarkhWDuQmlCplF1lTNcXenC66d1bE/KXb3dEGg+h99KfZVw1+9c5DbWag6IVgG +Xts4GcPhuiKF/pJWRO11L2CfyCveoGM9Osz/vvc= +-----END CERTIFICATE----- diff --git a/ssl/client-certs/atat.mil.csr b/ssl/client-certs/atat.mil.csr new file mode 100644 index 00000000..79695986 --- /dev/null +++ b/ssl/client-certs/atat.mil.csr @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIC5DCCAcwCAQAwgZ4xCzAJBgNVBAYTAlVTMRUwEwYDVQQIEwxQZW5uc3lsdmFu +aWExFTATBgNVBAcTDFBoaWxhZGVscGhpYTEMMAoGA1UEChMDRG9EMQswCQYDVQQL +EwJQVzEhMB8GA1UEAxMYQVJULkdBUkZVTktFTC4xMjM0NTY3ODkwMSMwIQYJKoZI +hvcNAQkBFhRhZ2FyZnVua2VsQHNhbmRnLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAMJF+2i7KUIoM30agpEkxYDeCd8SyFHGLg/XFT3GbSqA8jNO +l5kI1RwNtJDOi9dDnwSWsNN1R4y/Q5X9Es6c0UqA9IB3Z/UXgETWslFYcsWMbqY+ +Pvr1aXUGEYDA5j/N2F8diNMplIClR8/oy4qwPadyI6ckWWonjf1HgsJLwW/dGeco +xCVJMyK504yG3Ovy/WmgOXFXO70gXuL8xkoIEXPd7UbYsUivlkv52ODiuwjiU09U +23WxGJfL/6SW0FjxEhs88/vSJP7Oauvo+YR4NLANIqBb5MEIYrfIUKuQ9eMxmFY6 +37t4tqcvYok2uiESQkXMje1vvNWbrODlILUZMgUCAwEAAaAAMA0GCSqGSIb3DQEB +BQUAA4IBAQCvnKvR8agOyJmLFcrROWGWLdGsr6CFmkcQe1eJ2GFP9XsIbuIjxssn +K2yEK1hY6BAAPl76Arh3WkHOXVQjuzW3hlsu+uwKJnYDecG3I9btP+NkPNyKWrbr +S2GIqa71oKadncV/P9DKsc2+KL2BFo8+IbvwVSPGj63JlJh2T9JFPeAqxeKCUiuO +ac+dgxNtMQRSEYwE1kgdaJu5yRBfepZaeNGJ2KjCivQdsgnlVllPCNwtjciIRLWl +UBdt8kh6Dx0RVIkck5fViFiJodxbfw9filjYITgRuANEJHytNzo3ChsWflZ0UYi/ +j8jAvoqL2d+D/a2ijaxlQeCqu5MUB4wR +-----END CERTIFICATE REQUEST----- diff --git a/ssl/client-certs/atat.mil.key b/ssl/client-certs/atat.mil.key new file mode 100644 index 00000000..5fc2040f --- /dev/null +++ b/ssl/client-certs/atat.mil.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAwkX7aLspQigzfRqCkSTFgN4J3xLIUcYuD9cVPcZtKoDyM06X +mQjVHA20kM6L10OfBJaw03VHjL9Dlf0SzpzRSoD0gHdn9ReARNayUVhyxYxupj4+ ++vVpdQYRgMDmP83YXx2I0ymUgKVHz+jLirA9p3IjpyRZaieN/UeCwkvBb90Z5yjE +JUkzIrnTjIbc6/L9aaA5cVc7vSBe4vzGSggRc93tRtixSK+WS/nY4OK7COJTT1Tb +dbEYl8v/pJbQWPESGzzz+9Ik/s5q6+j5hHg0sA0ioFvkwQhit8hQq5D14zGYVjrf +u3i2py9iiTa6IRJCRcyN7W+81Zus4OUgtRkyBQIDAQABAoIBAQC0+nSmsBRTaRfu +J1AS3mqPDkmr4ddzNmeaogdLsRnpSo5WdZSMH8pHhAz+CSwEsR3mLGs10j+BQnw3 +sbZfe38NJOyg8JuLmwUHG+qqFPd2SMibXclWCGDhf3G2u/zC24QBt4XLESUiYtZv +PLLA1EXbQ10rS5VwasC/fmq1jdT52yEi4viXdMOSfjYCWg+xIwBsyCQs/lWLsqWD +ZKLYfUAFsYqQ1Axz96yiscgNfPfoPRMoTvU3TuQlGhiQ1ygG5f4xlLEuHXpj1yWw +/liSZVq/a+WQlVAKdlA4IXiC8szPagNSa/beEaj3R+ifoCad5hp/Fsj2JQlHmm30 +D8PAAVFRAoGBAPnRytHsicCuqck0oa2c2nE7gExrZhrO+rZoDHPBXjQiTFstil8r +wK1OCjeeX9TV18szPhkimCVel+goNhSmW4n3BcAM1HTFdZlKY7dwVN/tvtl852Sw +gVhGd3kFDkjUBTlK7W+IW7dzW3KwoSbcBpPRtIX9kKR5Braek4h4pUv3AoGBAMcU +ZMqlHB6k1HH+3bZhyTk1BBAF2PcocqOkI9ahSQjDmVGMSa+nVxC7qE0l+hRRpaFd +Ck6zn41p87Yos1nwNwOBcT3AIk0CNYGTJXJQQnkVzjB2yTdKDC/nAH++WOE2daw6 +0n1kIygOeL6na6r+jCQbsmwmORlqZ1nLPjCIPlrjAoGASpNiJICkLqz1amcXzKgC +XcMRbb6x4FbhaQpujS+wW4fRm3Zg1EBPaGzfh/LzUKn1nWdSplY5bQ5r8pXubwOq +V+kyAj7SPXmkvXoDgoM6Ew755hrvSJOYSS3gBHSJ6xu/43aGosDmAEGjjv1DXkJY +hFAZv9YOE8s9Qc7c4+SAE8kCgYEAm+JPLhJtW11r8LtF9orJWt81iCpcAuSMJ7De +UzDFlHQ8uIsmI8Hfvf2DQq2rDYAFNr441Pl3xO6i5A8oqRMcsMUJ2/V3pl9FcGm9 +F67a7h9x7acF1iJIOrYiQOTWibrwF2WT7pWbpcD3MSq9dw6Mw7VgV6jyawFTXg90 +aeI1GUsCgYEA2/7tNN0Of5W/Ff/2lm9ePhYsZSr+9NoBBQvai7+m5qpSzvoE304Q +1qPW+T5pA4Da34nG+fGJMop0QX9rRTdyE9Ct++8ybIdLFAf35fDxgciohkziji8+ +0BHK7f+GqTDF+KoIZDZYPQgJX17/h8XNtBBSbP7WX8WZHIco/0BtOrc= +-----END RSA PRIVATE KEY----- diff --git a/ssl/client-certs/bad-atat.mil.crt b/ssl/client-certs/bad-atat.mil.crt new file mode 100644 index 00000000..8923a87a --- /dev/null +++ b/ssl/client-certs/bad-atat.mil.crt @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDljCCAn4CCQDe7V0Kcecn2TANBgkqhkiG9w0BAQUFADCBjTELMAkGA1UEBhMC +VVMxFTATBgNVBAgTDFBlbm5zeWx2YW5pYTEVMBMGA1UEBxMMUGhpbGFkZWxwaGlh +MRAwDgYDVQQKEwdGYXV4RG9EMQswCQYDVQQLEwJQVzERMA8GA1UEAxMIRmF1eCBE +b0QxHjAcBgkqhkiG9w0BCQEWD2ZhdXhkb2RAZG9kLmNvbTAeFw0xODA2MjAyMDQz +MTlaFw0xODA3MjAyMDQzMTlaMIGLMQswCQYDVQQGEwJVUzEVMBMGA1UECBMMUGVu +bnN5bHZhbmlhMRUwEwYDVQQHEwxQaGlsYWRlbHBoaWExDDAKBgNVBAoUA1MmRzEe +MBwGA1UEAxMVU0lNT04uUEFVTC4zODU2MTM1OTAxMSAwHgYJKoZIhvcNAQkBFhFz +aW1vbkBzX2FuZF9nLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AKao36qwC9Sk5hMujFQm5h7B6WoRFqbWpTw7VSAZeW2ykwWbOBmsEAfgOJ+ctyHq +oMG0S23zJxSkfjO1PLXvu9r1ML0zXtm0uUiTJOMEMyrUBbfCV8zJ3TMuA7voWLi7 +QKsXh1bHdDIXbYP6dLC3w3CnBnr9VihzLth5KLEpz9ePX5gZljHVGldNY4ZR3UbD +IeL7GD0z/jdcNuHxLYsI9gnnfxrOx8LmzDHDwTNsvKYNRjkdu+pja0ojDrE3T61g +nKrWQsDwP9T7v27AfhrF1sxy+5K3YiQkDGtbvwFtKBIG3DJBw8qAqEPbtXw9FpYt +7p8Ti/QYM5SGr/+w3yOgvrkCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAgVarfkoj +YtZ4X/uNzaSTYO10nyPblebmCGdJW4Cwgk7tcyB+ufLKPrWaC0+Y6XPZwCkAM8UF +KqwYVnMWTkYdUI2ff1vst9tZRiANGXuQLgbdGAP2TrcBk/N5Glm6J4wrpT5VAXjR +gBeVxMIWkGb5geDXISJujzrQU26roxEm3F4oUwvAgvMQd/Ha/pzXioaLycc0k91J +apCafD39u5A+X/Y4QG/GfLG0kqOS2ioJDIlb+EJRzIL7s4cvv530p+VLu+AYEgKx +MmGOnmML3qO/+oeL3Y32TP4Hzm2asNScseoi8a1ygyV88rLjLaVrsj7CFp9zJL0O +Ksoovip0wuSVdQ== +-----END CERTIFICATE----- diff --git a/ssl/client-certs/bad-atat.mil.csr b/ssl/client-certs/bad-atat.mil.csr new file mode 100644 index 00000000..ecd99873 --- /dev/null +++ b/ssl/client-certs/bad-atat.mil.csr @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIC0TCCAbkCAQAwgYsxCzAJBgNVBAYTAlVTMRUwEwYDVQQIEwxQZW5uc3lsdmFu +aWExFTATBgNVBAcTDFBoaWxhZGVscGhpYTEMMAoGA1UEChQDUyZHMR4wHAYDVQQD +ExVTSU1PTi5QQVVMLjM4NTYxMzU5MDExIDAeBgkqhkiG9w0BCQEWEXNpbW9uQHNf +YW5kX2cuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApqjfqrAL +1KTmEy6MVCbmHsHpahEWptalPDtVIBl5bbKTBZs4GawQB+A4n5y3IeqgwbRLbfMn +FKR+M7U8te+72vUwvTNe2bS5SJMk4wQzKtQFt8JXzMndMy4Du+hYuLtAqxeHVsd0 +Mhdtg/p0sLfDcKcGev1WKHMu2HkosSnP149fmBmWMdUaV01jhlHdRsMh4vsYPTP+ +N1w24fEtiwj2Ced/Gs7HwubMMcPBM2y8pg1GOR276mNrSiMOsTdPrWCcqtZCwPA/ +1Pu/bsB+GsXWzHL7krdiJCQMa1u/AW0oEgbcMkHDyoCoQ9u1fD0Wli3unxOL9Bgz +lIav/7DfI6C+uQIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBAHQg3idmnhAX9CyO +xbzfrTQ989vs110lTRh8VY+64ufkS2bxGO4fQik+VfSi9wFshTGaUlhtgiBrdfAt +9udaQprWmZabBmiDnoUWiM5srJfYHL5yytrYynwpVe7Y3kPvPT/Zd+B9NBr+G0aq +SxIDce7236vAcjocgCv8gmkdrfkpOTR87gx5q3b1BBv/we4+dUKysloC1Aw23/de +Fi49SH9Xt8ZWUBsW5MesrmTfCXPTauYgYRt8bKtA0qvzzmiE5Ydihpi9HilGuCMr +2LKBQETR6m4FgNXNcsRIlqPR+EY8llTYMEu7LvvHn2RmVpeIT2v5TADV0AighQyB +++ZbkbE= +-----END CERTIFICATE REQUEST----- diff --git a/ssl/client-certs/bad-atat.mil.key b/ssl/client-certs/bad-atat.mil.key new file mode 100644 index 00000000..1c655bef --- /dev/null +++ b/ssl/client-certs/bad-atat.mil.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpgIBAAKCAQEApqjfqrAL1KTmEy6MVCbmHsHpahEWptalPDtVIBl5bbKTBZs4 +GawQB+A4n5y3IeqgwbRLbfMnFKR+M7U8te+72vUwvTNe2bS5SJMk4wQzKtQFt8JX +zMndMy4Du+hYuLtAqxeHVsd0Mhdtg/p0sLfDcKcGev1WKHMu2HkosSnP149fmBmW +MdUaV01jhlHdRsMh4vsYPTP+N1w24fEtiwj2Ced/Gs7HwubMMcPBM2y8pg1GOR27 +6mNrSiMOsTdPrWCcqtZCwPA/1Pu/bsB+GsXWzHL7krdiJCQMa1u/AW0oEgbcMkHD +yoCoQ9u1fD0Wli3unxOL9BgzlIav/7DfI6C+uQIDAQABAoIBAQCJUEiAzO3idT7v +fQG38BjYLLLRZmUAb4fS2Zvoh7SpsmE6VEpjtIW8x3w/3hJxSmzLTG59l8KSWnl0 +xxXPXUetPym6KZIz05h5eGsC9Jnn5qsTXXeTzpqHKZmAAA7hnb7JeOhUkp9lCjJ8 +dCYi2DWaIrPPL94GE+j8CM+DMM0Db9QmShQC5XbZPgsHiHvvffuvd4G90XcANEM/ +KHuwSoZ9xgySZDG+ENlqYu93GGrL3DYUozjMUChzVKZYyYySxII1ja11oznXcAyG +nj5xeBmKv6KzYD5LOMIapWfVTNHLG1FM7bhVccrWKIAVKW4Lqd+gcMC+/wU2YIx9 +K9WGV8RlAoGBANWTrGCvaM9r2piXlGB6VB/KmZXFI9R7wjE+waW+3XBZ6YVZiMGQ +jebeT+PPbeaggaDMIxZ70vJ+rNbS2MYrI44AIIueq636PoT7JtjfhakgZ7LBqc37 +F56rvObPTuFCElVKS1/nIaNAnvoNUoSqt42t7+VzkNfLYCalkHHpsXxHAoGBAMfD +eUhuUaPTDT02NVjrNAA0yIkRIoyrbv7KGKuJStoPy7W4L6aZC0iFWZmwXTYBuC73 +ulZQ88X3bexKS0NkfQJBLPTQFYNUYS/H+OCwkuFj160tysZbG8rx/IsfZwWqoitH +wR1Bgz++k5AApcgjMEWmt8l0NT5Mr6M0waylWGz/AoGBALQa3giCo14XU7XOTZ+2 +SO6uSSoVnwt2eeJRS7fb5pzyFY0QXdTtc9y2qKQxrjoILIhO3V/+d3tq+5IFKCyl +AEylKszSt2/1UXeO28mTZQGkhA4oZmt/TQHPTXNOavRmZVNrXXi4TpN+0RGI3odl +93gQr/bMp95ycNjmUZLeQX/NAoGBAI6PT5SDNjwFuCMA9p1YbSnggWRgGBnvliy6 +qVRxjDuGnkg3A7qO6eB9We42UK7kFz9dh1tmNjIHXCkO9BtKMXRUcvLbNR8eLqVc +vp4LJSc4i4iJb3aTOohgnWvjozAGD+l3MbfhMvtg1AomjCkCA8cRLYPVLNIjBA0i +7zx4W1ydAoGBAKS26yBJT9ZbIKLtoqZ6wOdz0l4r+ZaHmO+LjiGuFUh7w2s2MsPR +Q1JwE5aXaXP9gY7md/gz7Fcm3ebjwRkdcvGvIQyncv4mF64b+FFnpgjQFHg5+OqD +A57e0VDFI2LYhFstVHNZ1sRA+tBKQygd7Hzlz4BZdSD6EY7fvWNSJ7/j +-----END RSA PRIVATE KEY----- diff --git a/ssl/client-certs/client-ca.crt b/ssl/client-certs/client-ca.crt new file mode 100644 index 00000000..80007c82 --- /dev/null +++ b/ssl/client-certs/client-ca.crt @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIElTCCA32gAwIBAgIJAN5qDki+VlfPMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYD +VQQGEwJVUzEVMBMGA1UECBMMUGVubnN5bHZhbmlhMRUwEwYDVQQHEwxQaGlsYWRl +bHBoaWExEDAOBgNVBAoTB0ZhdXhEb0QxCzAJBgNVBAsTAlBXMREwDwYDVQQDEwhG +YXV4IERvRDEeMBwGCSqGSIb3DQEJARYPZmF1eGRvZEBkb2QuY29tMB4XDTE4MDYy +MDIwMzg0N1oXDTE5MDYyMDIwMzg0N1owgY0xCzAJBgNVBAYTAlVTMRUwEwYDVQQI +EwxQZW5uc3lsdmFuaWExFTATBgNVBAcTDFBoaWxhZGVscGhpYTEQMA4GA1UEChMH +RmF1eERvRDELMAkGA1UECxMCUFcxETAPBgNVBAMTCEZhdXggRG9EMR4wHAYJKoZI +hvcNAQkBFg9mYXV4ZG9kQGRvZC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQDyQUFcuQ+YKOEJtv4XjKOTpOLp8IdbsaFwU8YgenMdvAc1ONZRL/2o +jaCZx+kB2QSCVH2jaLUQ/2i4uz4rE21Ngpx+EHa1hgDQANle3d5CWrn2Q10/pdPe +rJHYkMSiZ3cNWfFPBfHDtJrLlRUwJkgy+lUSLnOaipmBZMYXbV8/qUh69nWJQNXi +AvmSUw8jwUPfTrpQVzftkOYz+0HVJyvKijTsj1LaPZTR3D8OhbFnvZWIlhIUjJZO +jap/xQ3YEOcNF+gfx8hDQG2SnltWgecPsgiBRXmZK2IqDv39DE2DNiukEclZLhbN +SpTibNZwkVzcTSRV2mSOHKXqTcH0wTvpAgMBAAGjgfUwgfIwHQYDVR0OBBYEFAo/ +6auHcKMK1ItTElg1Kk4MyoB5MIHCBgNVHSMEgbowgbeAFAo/6auHcKMK1ItTElg1 +Kk4MyoB5oYGTpIGQMIGNMQswCQYDVQQGEwJVUzEVMBMGA1UECBMMUGVubnN5bHZh +bmlhMRUwEwYDVQQHEwxQaGlsYWRlbHBoaWExEDAOBgNVBAoTB0ZhdXhEb0QxCzAJ +BgNVBAsTAlBXMREwDwYDVQQDEwhGYXV4IERvRDEeMBwGCSqGSIb3DQEJARYPZmF1 +eGRvZEBkb2QuY29tggkA3moOSL5WV88wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B +AQUFAAOCAQEAp4fVYeSKYJICBQt37NOF6qZ+dv8GBDI+oZy7vC+VcjiRaODkiz9w +IO5dBZxx/ldH5sD24Oc2SH+48S6UjE/D5kDpM/nIddfVfL2f222sE14RsqgrhmbG +qRaEB8NXWiSQyKOKX63v8scioUqb9hFY+gtwb8HDFiOZFx+67L/NaXSh6VA8BbLj +o55EafjTgr+Yad7SrZI5f6Q2iQ+uuHcJsf7fEe3Kts5Uwt5KXBBfMxeaSyQRxNX+ +JBBmy6MaxddPtus3MH+eIgI2Wp2rofH/PtGnSoizBj5IZXBkc18x1DG5pAJL4205 +EKQoicsafE27XBw45dK3cRBLXPWt8JrCBg== +-----END CERTIFICATE----- diff --git a/ssl/client-certs/client-ca.der.crl b/ssl/client-certs/client-ca.der.crl new file mode 100644 index 00000000..8ec9e37f Binary files /dev/null and b/ssl/client-certs/client-ca.der.crl differ diff --git a/ssl/client-certs/client-ca.key b/ssl/client-certs/client-ca.key new file mode 100644 index 00000000..dc6229c6 --- /dev/null +++ b/ssl/client-certs/client-ca.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA8kFBXLkPmCjhCbb+F4yjk6Ti6fCHW7GhcFPGIHpzHbwHNTjW +US/9qI2gmcfpAdkEglR9o2i1EP9ouLs+KxNtTYKcfhB2tYYA0ADZXt3eQlq59kNd +P6XT3qyR2JDEomd3DVnxTwXxw7Say5UVMCZIMvpVEi5zmoqZgWTGF21fP6lIevZ1 +iUDV4gL5klMPI8FD3066UFc37ZDmM/tB1Scryoo07I9S2j2U0dw/DoWxZ72ViJYS +FIyWTo2qf8UN2BDnDRfoH8fIQ0Btkp5bVoHnD7IIgUV5mStiKg79/QxNgzYrpBHJ +WS4WzUqU4mzWcJFc3E0kVdpkjhyl6k3B9ME76QIDAQABAoIBAQCC7bnBv1MqTY2y +jnAtkhkmRstM3G6LpCk4aE6AZy2oOGM85IcQQfu6CTFva5gHI59IQRnWI1UY5rFW +hfxHk6xTY+/oQkWmPdJamNriZs8k1ZwD+MyBBcLIakQ446UikQDK+n1s1C2iNA4l +UWGuMEJ9KsanmOtp7tagFDLrnnUIFgyfQv5JI/QBZSMd9UReRv3xQrdv+KK58zJE +/zsuFFO00YS0xzDYwikuwabDXaWCt8/9rDDlthIEaJRzTxZiLK90k6DaywRnO7rJ +Q4Q/1WUGzdA7wfkQOWLozP1To2d6Q/KK1TiRaY0uieGvTvT7kXVDne4+lb3zAmAW +IxdyNYBxAoGBAPtgEjGapRzPLcgJqVuup5W+/gc8NWcSK4NJWAwFWN9n6wOf+jQu +YkwVUoF0KN0g9a1rymvnv+fHdvqQ+uDtdqCMcU3DNVx1uwTf0V/kPsxSwhTjrQ3h +4tMXL4EzOUhYV1us/PtrmSlKS1SuQXbBdgNM7n71X0zWgsHeDvIf4YQTAoGBAPa2 +OqNOUFiA8Yz7wG/Aw1LiPX+DJZVmH05yXDSWicwSyrhorxktweMNd1e+syYW+5Qe +GFu3qaxmOlPL9M5IvbUiAV7nmiVcezBnLxBLmOdc9rk8CU8qakZDESsy/pC741/U +y6MQZzsbKIhxG4djbl+9Mr8wom+DGQtkFJ7RvqeTAoGBAOrJRLUIGAfcioo4W/LC +Isz+4w2m8soecn3hV1eC9wtTaHKuTWfHmxAtKi63bCN90Xn1H8/BWcEG0N4f4/OK +WC6Efp9/IKwHWnKnCkxiRzVYZuZT8SLyRIWdNkWarnof6Rg7bt72FMw4FDw3tfVR +pQRYKrpyPFzsTpz850DG/j/5AoGAZ5BxpxH96lkejRc1XfQmSknMlRWBlmiLJcwd +5rl22OLelHDlaAVsSZriiUP1Qj0NmMzVXtMHd+Zl/70zY9DnSf0fZC6G574dvGDk +QcvqQN0mePW51rCwchQ/RcofULR+q0DRxv7gxtAMwNHyQ3A66herENUiqvr2bXCy +s0TK6t8CgYEA7IS8e3x9SvXwfjGyJslbxhI4P7cBuVU5aL1SqYpaNx61JdmnPct4 +ruQntKHL5DvPNNRwFUvySkH93zjvjOWqF1g8kSO2ZPDj+WajStAHwA1TmVYIfkpV +xfv5mlcKUfyLmoJ6nKuCf/pt49Gmp3vRsmxZrEcbBqGAVBI7LslQQr4= +-----END RSA PRIVATE KEY----- diff --git a/ssl/client-certs/client-ca.pem.crl b/ssl/client-certs/client-ca.pem.crl new file mode 100644 index 00000000..d4110181 --- /dev/null +++ b/ssl/client-certs/client-ca.pem.crl @@ -0,0 +1,13 @@ +-----BEGIN X509 CRL----- +MIIB8jCB2zANBgkqhkiG9w0BAQQFADCBjTELMAkGA1UEBhMCVVMxFTATBgNVBAgT +DFBlbm5zeWx2YW5pYTEVMBMGA1UEBxMMUGhpbGFkZWxwaGlhMRAwDgYDVQQKEwdG +YXV4RG9EMQswCQYDVQQLEwJQVzERMA8GA1UEAxMIRmF1eCBEb0QxHjAcBgkqhkiG +9w0BCQEWD2ZhdXhkb2RAZG9kLmNvbRcNMTgwNzMwMjEyOTAxWhcNMTgwODI5MjEy +OTAxWjAcMBoCCQDe7V0Kcecn2RcNMTgwNjIwMjA0NjExWjANBgkqhkiG9w0BAQQF +AAOCAQEAfZSS51Axnx04iSfMd1k5/TvH1R6NvUM20S/rZjJYt/uLqRElnJd7R7aI +lLQQzSdbsuHm8HcfcMS7ZUMv989chKXMbPml+ZXkK/zp7LdjaL5THs09ek0NOM2l +yhJcdE3K5bntk6qSgbsUpBOWLHzrp20is3BPl6gY+JRb0nnZ/SXTr4zfDctGfcot +fSAGs3QA0Q/dpJOlSkGzxlzjB7dXDuoHTaJwy2s48IriNvvtVktM2AS+B/843vMC +ToI5ZUh3RkSCgGvKexobg85Ke1QwWTYuj392JhakpIu/Qc71BK0jtbY9mVuFLwqW +RFXDKIzRiL4S7iZWu/bpqTYyqmCmeA== +-----END X509 CRL----- diff --git a/ssl/client-certs/crl_openssl.conf b/ssl/client-certs/crl_openssl.conf new file mode 100644 index 00000000..5c061883 --- /dev/null +++ b/ssl/client-certs/crl_openssl.conf @@ -0,0 +1,26 @@ +[ ca ] +default_ca = CA_default # The default ca section + +[ CA_default ] + +dir = ./ # top dir +database = $dir/index.txt # index file. +# new_certs_dir = $dir/newcerts # new certs dir + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = md5 # md to use + +policy = policy_any # default policy +email_in_dn = no # Don't add the email into cert DN +name_opt = ca_default # Subject name display option +cert_opt = ca_default # Certificate display option +copy_extensions = none # Don't copy extensions from request + +[ policy_any ] +countryName = supplied +stateOrProvinceName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional diff --git a/ssl/client-certs/index.txt b/ssl/client-certs/index.txt new file mode 100644 index 00000000..ada74bef --- /dev/null +++ b/ssl/client-certs/index.txt @@ -0,0 +1 @@ +R 180720204319Z 180620204611Z DEED5D0A71E727D9 unknown /C=US/ST=Pennsylvania/L=Philadelphia/O=S&G/CN=SIMON.PAUL.3856135901/emailAddress=simon@s_and_g.com diff --git a/ssl/client-certs/index.txt.attr b/ssl/client-certs/index.txt.attr new file mode 100644 index 00000000..8f7e63a3 --- /dev/null +++ b/ssl/client-certs/index.txt.attr @@ -0,0 +1 @@ +unique_subject = yes diff --git a/ssl/client-certs/index.txt.old b/ssl/client-certs/index.txt.old new file mode 100644 index 00000000..e69de29b diff --git a/ssl/make-certs.sh b/ssl/make-certs.sh new file mode 100755 index 00000000..8f1afd19 --- /dev/null +++ b/ssl/make-certs.sh @@ -0,0 +1,18 @@ +#!/bin/bash +# Generate the root (GIVE IT A PASSWORD IF YOU'RE NOT AUTOMATING SIGNING!): +echo 'MAKING CA' +openssl genrsa -out certificate-authority/ca.key 2048 +openssl req -new -x509 -days 7300 -key certificate-authority/ca.key -sha256 -extensions v3_ca -out certificate-authority/ca.crt + +# Generate the domain key: +openssl genrsa -out server-certs/dev.cac.atat.codes.key 2048 + +echo 'MAKING CSR' +# Generate the certificate signing request +openssl req -nodes -sha256 -new -key server-certs/dev.cac.atat.codes.key -out server-certs/dev.cac.atat.codes.csr -reqexts SAN -config <(cat req.cnf <(printf "[SAN]\nsubjectAltName=DNS.1:dev.cac.atat.codes,DNS.2:cac.atat.codes,DNS.3:backend")) + +# Sign the request with your root key +openssl x509 -sha256 -req -in server-certs/dev.cac.atat.codes.csr -CA certificate-authority/ca.crt -CAkey certificate-authority/ca.key -CAcreateserial -out server-certs/dev.cac.atat.codes.crt -days 7300 -extfile <(cat req.cnf <(printf "[SAN]\nsubjectAltName=DNS.1:dev.cac.atat.codes,DNS.2:cac.atat.codes,DNS.3:backend")) -extensions SAN + +# Check your homework: +openssl verify -CAfile certificate-authority/ca.crt server-certs/dev.cac.atat.codes.crt diff --git a/ssl/req.cnf b/ssl/req.cnf new file mode 100644 index 00000000..a3e14495 --- /dev/null +++ b/ssl/req.cnf @@ -0,0 +1,26 @@ +[req] + +distinguished_name = req_distinguished_name +x509_extensions = v3_req +prompt = no + +[req_distinguished_name] + +C = US +ST = VA +L = SomeCity +O = MyCompany +OU = MyDivision +CN = dev.cac.atat.codes + +[v3_req] + +keyUsage = keyEncipherment, dataEncipherment +extendedKeyUsage = serverAuth +subjectAltName = @alt_names + +[alt_names] + +DNS.1 = dev.cac.atat.codes +DNS.2 = cac.atat.codes +DNS.3 = backend diff --git a/ssl/server-certs/ca-chain.pem b/ssl/server-certs/ca-chain.pem new file mode 100644 index 00000000..0d6f3703 --- /dev/null +++ b/ssl/server-certs/ca-chain.pem @@ -0,0 +1,1352 @@ +-----BEGIN CERTIFICATE----- +MIIElTCCA32gAwIBAgIJAN5qDki+VlfPMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYD +VQQGEwJVUzEVMBMGA1UECBMMUGVubnN5bHZhbmlhMRUwEwYDVQQHEwxQaGlsYWRl +bHBoaWExEDAOBgNVBAoTB0ZhdXhEb0QxCzAJBgNVBAsTAlBXMREwDwYDVQQDEwhG +YXV4IERvRDEeMBwGCSqGSIb3DQEJARYPZmF1eGRvZEBkb2QuY29tMB4XDTE4MDYy +MDIwMzg0N1oXDTE5MDYyMDIwMzg0N1owgY0xCzAJBgNVBAYTAlVTMRUwEwYDVQQI +EwxQZW5uc3lsdmFuaWExFTATBgNVBAcTDFBoaWxhZGVscGhpYTEQMA4GA1UEChMH +RmF1eERvRDELMAkGA1UECxMCUFcxETAPBgNVBAMTCEZhdXggRG9EMR4wHAYJKoZI +hvcNAQkBFg9mYXV4ZG9kQGRvZC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQDyQUFcuQ+YKOEJtv4XjKOTpOLp8IdbsaFwU8YgenMdvAc1ONZRL/2o +jaCZx+kB2QSCVH2jaLUQ/2i4uz4rE21Ngpx+EHa1hgDQANle3d5CWrn2Q10/pdPe +rJHYkMSiZ3cNWfFPBfHDtJrLlRUwJkgy+lUSLnOaipmBZMYXbV8/qUh69nWJQNXi +AvmSUw8jwUPfTrpQVzftkOYz+0HVJyvKijTsj1LaPZTR3D8OhbFnvZWIlhIUjJZO +jap/xQ3YEOcNF+gfx8hDQG2SnltWgecPsgiBRXmZK2IqDv39DE2DNiukEclZLhbN +SpTibNZwkVzcTSRV2mSOHKXqTcH0wTvpAgMBAAGjgfUwgfIwHQYDVR0OBBYEFAo/ +6auHcKMK1ItTElg1Kk4MyoB5MIHCBgNVHSMEgbowgbeAFAo/6auHcKMK1ItTElg1 +Kk4MyoB5oYGTpIGQMIGNMQswCQYDVQQGEwJVUzEVMBMGA1UECBMMUGVubnN5bHZh +bmlhMRUwEwYDVQQHEwxQaGlsYWRlbHBoaWExEDAOBgNVBAoTB0ZhdXhEb0QxCzAJ +BgNVBAsTAlBXMREwDwYDVQQDEwhGYXV4IERvRDEeMBwGCSqGSIb3DQEJARYPZmF1 +eGRvZEBkb2QuY29tggkA3moOSL5WV88wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B +AQUFAAOCAQEAp4fVYeSKYJICBQt37NOF6qZ+dv8GBDI+oZy7vC+VcjiRaODkiz9w +IO5dBZxx/ldH5sD24Oc2SH+48S6UjE/D5kDpM/nIddfVfL2f222sE14RsqgrhmbG +qRaEB8NXWiSQyKOKX63v8scioUqb9hFY+gtwb8HDFiOZFx+67L/NaXSh6VA8BbLj +o55EafjTgr+Yad7SrZI5f6Q2iQ+uuHcJsf7fEe3Kts5Uwt5KXBBfMxeaSyQRxNX+ +JBBmy6MaxddPtus3MH+eIgI2Wp2rofH/PtGnSoizBj5IZXBkc18x1DG5pAJL4205 +EKQoicsafE27XBw45dK3cRBLXPWt8JrCBg== +-----END CERTIFICATE----- +subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD SW CA-58 +issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 5 +-----BEGIN CERTIFICATE----- +MIIDHTCCAqOgAwIBAgIBETAKBggqhkjOPQQDAzBbMQswCQYDVQQGEwJVUzEYMBYG +A1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BL +STEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgNTAeFw0xNjEyMTMxNDQwNTJaFw0yMjEy +MTIxNDQwNTJaMFoxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1l +bnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRUwEwYDVQQDEwxET0QgU1cg +Q0EtNTgwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASi6z3lLSwaqQ6FPQrMxlIW2VBf +xYzA7f+z3pBb2AzNVnMVsRMbMe2f3LCLaAK3kVHbf2MFvd00UCQTaJNoBLrsL7pz +SA3jHtBglzOwI5755VNZydC2aK5Ozw+a2yMQrv+jggE6MIIBNjAfBgNVHSMEGDAW +gBSGwBVC+3F23D4tEVshEEQ1ysHcFDAdBgNVHQ4EFgQUJFUaC5AhLNYjqojSnum4 +raKAfdwwDgYDVR0PAQH/BAQDAgEGMD0GA1UdIAQ2MDQwCwYJYIZIAWUCAQsmMAsG +CWCGSAFlAgELKTALBglghkgBZQIBCywwCwYJYIZIAWUCAQs7MBIGA1UdEwEB/wQI +MAYBAf8CAQAwDAYDVR0kBAUwA4ABADA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8v +Y3JsLmRpc2EubWlsL2NybC9ET0RST09UQ0E1LmNybDBKBggrBgEFBQcBAQQ+MDww +OgYIKwYBBQUHMAKGLmh0dHA6Ly9jcmwuZGlzYS5taWwvaXNzdWVkdG8vRE9EUk9P +VENBNV9JVC5wN2MwCgYIKoZIzj0EAwMDaAAwZQIxAKil1qozXdz7E7kAOhaZ7rOG +81/dVR5o2KGPFavrto3g9eBE1SboimiKKiiveNnhtQIwLNAaeZukpj9sDs2e16vu +s4rRqS3tuansdH1Fy8j9InJojBLaYeJR60j0AchyqvaG +-----END CERTIFICATE----- + +subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD SW CA-57 +issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 5 +-----BEGIN CERTIFICATE----- +MIIDHTCCAqOgAwIBAgIBEDAKBggqhkjOPQQDAzBbMQswCQYDVQQGEwJVUzEYMBYG +A1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BL +STEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgNTAeFw0xNjEyMTMxNDM5NDlaFw0yMjEy +MTIxNDM5NDlaMFoxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1l +bnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRUwEwYDVQQDEwxET0QgU1cg +Q0EtNTcwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARnTnlhX1XAyZxEwrGRe6CpxNu/ +/EDg3NjbHIEknhq5sh7gCEwtpy3+B37ss64mWq88JTWrtjdmmsuWDQgU6Y6x6QUM +8NnU/iEILAdH+d8YC/OCoxxUdz13Hhkdlt1JB/6jggE6MIIBNjAfBgNVHSMEGDAW +gBSGwBVC+3F23D4tEVshEEQ1ysHcFDAdBgNVHQ4EFgQUWhIprDfUjj71jVO1IvA6 +BAnRo+swDgYDVR0PAQH/BAQDAgEGMD0GA1UdIAQ2MDQwCwYJYIZIAWUCAQsmMAsG +CWCGSAFlAgELKTALBglghkgBZQIBCywwCwYJYIZIAWUCAQs7MBIGA1UdEwEB/wQI +MAYBAf8CAQAwDAYDVR0kBAUwA4ABADA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8v +Y3JsLmRpc2EubWlsL2NybC9ET0RST09UQ0E1LmNybDBKBggrBgEFBQcBAQQ+MDww +OgYIKwYBBQUHMAKGLmh0dHA6Ly9jcmwuZGlzYS5taWwvaXNzdWVkdG8vRE9EUk9P +VENBNV9JVC5wN2MwCgYIKoZIzj0EAwMDaAAwZQIxAJ0s/tXCmJaEmNjh96qg3PQR +JidParsm6DRIOPgL2umoWx9QQP5mCHebRXk/KBOvpwIwUEw7/IxrYi5bF+kZNnw0 +qansI3GZB9080HFde2/owhIWZ5GMDV8mKKhoNVn3kY/D +-----END CERTIFICATE----- + +subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 5 +issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 5 +-----BEGIN CERTIFICATE----- +MIICJDCCAaqgAwIBAgIBDzAKBggqhkjOPQQDAzBbMQswCQYDVQQGEwJVUzEYMBYG +A1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BL +STEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgNTAeFw0xNjA2MTQxNzE3MjdaFw00MTA2 +MTQxNzE3MjdaMFsxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1l +bnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRYwFAYDVQQDEw1Eb0QgUm9v +dCBDQSA1MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAENmLeC07Ax9cpRTp/HJnmKiF2 +sQDdjEf/wLG0+s46TlL7p+02LRweHJCNl6orpuLTc3N8XBzQZ/QKKdOQhOtR5fFe +HMDShoTFbdEkSQ7sF4nkaMjeGlwaBtA4GTMpARqBo0IwQDAdBgNVHQ4EFgQUhsAV +Qvtxdtw+LRFbIRBENcrB3BQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB +Af8wCgYIKoZIzj0EAwMDaAAwZQIwQQbk3t5iNJ3fuKoW2W2iOB85IlfJcIQfkw9X +fgUvpUszzRXqV9XSKx+bjXzOarbMAjEAt4HS4TuTzxFk3AsvF9Jt1dgF5FByYmXc +pDzKYaUGmsn77cQwyXuJ4KW+Y1XmnBHj +-----END CERTIFICATE----- + +subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD SW CA-56 +issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 4 +-----BEGIN CERTIFICATE----- +MIIC4zCCAoigAwIBAgIBSTAMBggqhkjOPQQDAgUAMFsxCzAJBgNVBAYTAlVTMRgw +FgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMD +UEtJMRYwFAYDVQQDEw1Eb0QgUm9vdCBDQSA0MB4XDTE2MTEyMjE1NDgyMloXDTIy +MTEyMzE1NDgyMlowWjELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD1UuUy4gR292ZXJu +bWVudDEMMAoGA1UECwwDRG9EMQwwCgYDVQQLDANQS0kxFTATBgNVBAMMDERPRCBT +VyBDQS01NjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJ8P6wqfbu85tSo6iiVb +QpyTzVfDbEcUuojsnZxa2ZviI59J9fOB6LkSxvoaclcIDG2CQHb/cTFRlYnmny28 +qhajggE6MIIBNjAfBgNVHSMEGDAWgBS9wblrTfQd7DCQv2JzwIQz8nEkhTAdBgNV +HQ4EFgQUvPL0UZ0qy+OdEFZjBXZWyd261FswDgYDVR0PAQH/BAQDAgGGMD0GA1Ud +IAQ2MDQwCwYJYIZIAWUCAQslMAsGCWCGSAFlAgELKDALBglghkgBZQIBCyswCwYJ +YIZIAWUCAQs7MBIGA1UdEwEB/wQIMAYBAf8CAQAwDAYDVR0kBAUwA4ABADA3BgNV +HR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmRpc2EubWlsL2NybC9ET0RST09UQ0E0 +LmNybDBKBggrBgEFBQcBAQQ+MDwwOgYIKwYBBQUHMAKGLmh0dHA6Ly9jcmwuZGlz +YS5taWwvaXNzdWVkdG8vRE9EUk9PVENBNF9JVC5wN2MwDAYIKoZIzj0EAwIFAANH +ADBEAiBjgR3FzwuqcKfmIAyyghC85+C4WZWLlLV/pnA+KF16igIgdT3W8YPHEMGh +WPpqVeBR1xJfFBl4H+a8OxmJ8RTZdUQ= +-----END CERTIFICATE----- + +subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD SW CA-55 +issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 4 +-----BEGIN CERTIFICATE----- +MIIC5TCCAoigAwIBAgIBSDAMBggqhkjOPQQDAgUAMFsxCzAJBgNVBAYTAlVTMRgw +FgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMD +UEtJMRYwFAYDVQQDEw1Eb0QgUm9vdCBDQSA0MB4XDTE2MTEyMjE1NDY0NloXDTIy +MTEyMzE1NDY0NlowWjELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD1UuUy4gR292ZXJu +bWVudDEMMAoGA1UECwwDRG9EMQwwCgYDVQQLDANQS0kxFTATBgNVBAMMDERPRCBT +VyBDQS01NTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDmzh2HFjUhGEaKxXU5E +jVU66fMJbN52tWk4QsBIU8rCcuKdzyoY3DTULRv5WdF4mjPHBTfycuWOmxztrU64 +N+ajggE6MIIBNjAfBgNVHSMEGDAWgBS9wblrTfQd7DCQv2JzwIQz8nEkhTAdBgNV +HQ4EFgQUpW9LHZK1y9132ba9SAa+BkgJNBgwDgYDVR0PAQH/BAQDAgGGMD0GA1Ud +IAQ2MDQwCwYJYIZIAWUCAQslMAsGCWCGSAFlAgELKDALBglghkgBZQIBCyswCwYJ +YIZIAWUCAQs7MBIGA1UdEwEB/wQIMAYBAf8CAQAwDAYDVR0kBAUwA4ABADA3BgNV +HR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmRpc2EubWlsL2NybC9ET0RST09UQ0E0 +LmNybDBKBggrBgEFBQcBAQQ+MDwwOgYIKwYBBQUHMAKGLmh0dHA6Ly9jcmwuZGlz +YS5taWwvaXNzdWVkdG8vRE9EUk9PVENBNF9JVC5wN2MwDAYIKoZIzj0EAwIFAANJ +ADBGAiEA8zQA+T3anaM0b1QsYSEvu8Y95S03GGy8fG2Hoi661FICIQCDCbwQZD1Z +8NhnjbOBDEonqzFEdiXgGiq26ss/1ejDaw== +-----END CERTIFICATE----- + +subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID SW CA-48 +issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 4 +-----BEGIN CERTIFICATE----- +MIIC2jCCAn6gAwIBAgIBCjAMBggqhkjOPQQDAgUAMFsxCzAJBgNVBAYTAlVTMRgw +FgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMD +UEtJMRYwFAYDVQQDEw1Eb0QgUm9vdCBDQSA0MB4XDTE2MDQxMjEzMTk0OVoXDTIy +MDQxMzEzMTk0OVowXTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJu +bWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQLEwNQS0kxGDAWBgNVBAMTD0RPRCBJ +RCBTVyBDQS00ODBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHP3gMIrM5XHrtPg +Np7Bm42eqJiheI0fMNe9WDJkFdJbJeTrdxUtYQJfb4nYmLlnGG7Bw3RLHhLhS0vi +MO0inc2jggEtMIIBKTAfBgNVHSMEGDAWgBS9wblrTfQd7DCQv2JzwIQz8nEkhTAd +BgNVHQ4EFgQUtraXanDTuzYAuelFdC8nlSryWQkwDgYDVR0PAQH/BAQDAgGGMDAG +A1UdIAQpMCcwCwYJYIZIAWUCAQsoMAsGCWCGSAFlAgELKzALBglghkgBZQIBCyUw +EgYDVR0TAQH/BAgwBgEB/wIBADAMBgNVHSQEBTADgAEAMDcGA1UdHwQwMC4wLKAq +oCiGJmh0dHA6Ly9jcmwuZGlzYS5taWwvY3JsL0RPRFJPT1RDQTQuY3JsMEoGCCsG +AQUFBwEBBD4wPDA6BggrBgEFBQcwAoYuaHR0cDovL2NybC5kaXNhLm1pbC9pc3N1 +ZWR0by9ET0RST09UQ0E0X0lULnA3YzAMBggqhkjOPQQDAgUAA0gAMEUCIQC+iGG8 +kjbV/VNcKlxuuufzU0hVa3nbY+AH1G/019EVGgIgOBioOJjL2DEOswswow0z0Way +O+Dq52y9IIt1LNiEuQw= +-----END CERTIFICATE----- + +subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID SW CA-47 +issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 4 +-----BEGIN CERTIFICATE----- +MIIC2zCCAn6gAwIBAgIBCTAMBggqhkjOPQQDAgUAMFsxCzAJBgNVBAYTAlVTMRgw +FgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMD +UEtJMRYwFAYDVQQDEw1Eb0QgUm9vdCBDQSA0MB4XDTE2MDQxMjEzMTI0M1oXDTIy +MDQxMzEzMTI0M1owXTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJu +bWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQLEwNQS0kxGDAWBgNVBAMTD0RPRCBJ +RCBTVyBDQS00NzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABIXYA5Gtzjuc8KIc +kgMu3+mgBPldfBkOr9i+4whQzY84FDKvzsc78BbuQicWDsbJDXN45N5ACoAkwrIz +MP1NRZyjggEtMIIBKTAfBgNVHSMEGDAWgBS9wblrTfQd7DCQv2JzwIQz8nEkhTAd +BgNVHQ4EFgQUowEMSwGcEB8madmOXGcnxdqsNnowDgYDVR0PAQH/BAQDAgGGMDAG +A1UdIAQpMCcwCwYJYIZIAWUCAQsoMAsGCWCGSAFlAgELKzALBglghkgBZQIBCyUw +EgYDVR0TAQH/BAgwBgEB/wIBADAMBgNVHSQEBTADgAEAMDcGA1UdHwQwMC4wLKAq +oCiGJmh0dHA6Ly9jcmwuZGlzYS5taWwvY3JsL0RPRFJPT1RDQTQuY3JsMEoGCCsG +AQUFBwEBBD4wPDA6BggrBgEFBQcwAoYuaHR0cDovL2NybC5kaXNhLm1pbC9pc3N1 +ZWR0by9ET0RST09UQ0E0X0lULnA3YzAMBggqhkjOPQQDAgUAA0kAMEYCIQCN7jJe +h0KGZ05OTCbxZKgvqR7N3hco4qTXcETpm1mPmAIhAPZWclBf54lOCDQku0UBz8gW +lYdeVXmiuKz7DveFthis +-----END CERTIFICATE----- + +subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 4 +issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 4 +-----BEGIN CERTIFICATE----- +MIIB6zCCAY+gAwIBAgIBATAMBggqhkjOPQQDAgUAMFsxCzAJBgNVBAYTAlVTMRgw +FgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMD +UEtJMRYwFAYDVQQDEw1Eb0QgUm9vdCBDQSA0MB4XDTEyMDczMDE5NDgyM1oXDTMy +MDcyNTE5NDgyM1owWzELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJu +bWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQLEwNQS0kxFjAUBgNVBAMTDURvRCBS +b290IENBIDQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR2yNhDyw8H0iwPKtA4 +8YLNQlXn3B1agLcIkUtU1k+yZoU0lo0uPvTgSpF8zM2GnxHgUqFmgsbLkCPsX1/1 +8DxFo0IwQDAdBgNVHQ4EFgQUvcG5a030HewwkL9ic8CEM/JxJIUwDgYDVR0PAQH/ +BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wDAYIKoZIzj0EAwIFAANIADBFAiEA6GGK +99yqCaUH0kSeggNaRFNHhCOZz1zT3kpe1rs1NUYCIHYPuMR8FjV/1BLtiD2AEWtk +B0xFZd9Trl8B7fFD0vW3 +-----END CERTIFICATE----- + +subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID SW CA-46 +issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIErjCCA5agAwIBAgIBZDANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEY +MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsT +A1BLSTEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgMzAeFw0xNjAzMDgxNDIyMjdaFw0y +MjAzMDkxNDIyMjdaMF0xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVy +bm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRgwFgYDVQQDEw9ET0Qg +SUQgU1cgQ0EtNDYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB8t7O +izHtqCLUKXdNcAOYlJDNyNoqW22ZB75KiU3GJna5ww499SOnBaEU4OvRSMI3FcKS +lZRvJJIbNpcUbn6X/4cEH6g64lCGSXcm8nl/rU1W0onf7l/fk8tcaVRG0hP9iTbe +7fjlJ7hEWwKEXSk7Xkr/3e09bvKIHVtiCsV6cOlNsK6H7JbEhRw4yPOkqdXtrpQX +mNh9Y6OGya91I1vzYO+zcexr2+MOoHFJyADBVF/+LrMWdRqVI0Fl8r8NXKnGXpC7 +yPns28gz1egmxJ5NsJtQ8p4WHMQnA6J3wPr+7na+5MKzLgCIoMxD2vIJ0FU28ODE +WrAb9clqWqv/Jte/AgMBAAGjggF5MIIBdTAfBgNVHSMEGDAWgBRsipSid7GAch2B +ehaq8tzOZu5FwDAdBgNVHQ4EFgQUW2dpXrVYC5wfCdw1fZvWJ+5iqpwwDgYDVR0P +AQH/BAQDAgGGMFoGA1UdIARTMFEwCwYJYIZIAWUCAQskMAsGCWCGSAFlAgELJzAL +BglghkgBZQIBCyowDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMRMAwGCmCGSAFl +AwIBAycwEgYDVR0TAQH/BAgwBgEB/wIBADAMBgNVHSQEBTADgAEAMDcGA1UdHwQw +MC4wLKAqoCiGJmh0dHA6Ly9jcmwuZGlzYS5taWwvY3JsL0RPRFJPT1RDQTMuY3Js +MGwGCCsGAQUFBwEBBGAwXjA6BggrBgEFBQcwAoYuaHR0cDovL2NybC5kaXNhLm1p +bC9pc3N1ZWR0by9ET0RST09UQ0EzX0lULnA3YzAgBggrBgEFBQcwAYYUaHR0cDov +L29jc3AuZGlzYS5taWwwDQYJKoZIhvcNAQELBQADggEBAHrAmFSy86ZAscEU5KID +UdXtfC3+OV/I1BYnYiZHJKJj8zRuqvdWvsulKtCGKZo1wFv446n/14YRbI3TKno2 +Q/c4J6uz+MOsIGLyPvPmwO5Y6Gaqj5EDD6rgyYSRdHrmBlLE1aUmedc86UOMKAz6 +OwmUFRru8aXF/YSEWQmkeIWX4saImbv8Evb2vqjDPFERjH6BebYDRI7ZpMWg8jJt +LnQFoKOhCOTnHJz0vd/vnh4IC+7+KNgbg+RZ0O3H9dnBeULcLGeHtw2F2jBMrlyW +d0Iyn7vj9cOGkdrkggSpdGqqlXiNkVsYhyPXztL8jOqmyY7ndXubEQCsYxMIIXur +SEQ= +-----END CERTIFICATE----- + +subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID SW CA-45 +issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIErjCCA5agAwIBAgIBYzANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEY +MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsT +A1BLSTEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgMzAeFw0xNjAzMDgxMzI4NTZaFw0y +MjAzMDkxMzI4NTZaMF0xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVy +bm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRgwFgYDVQQDEw9ET0Qg +SUQgU1cgQ0EtNDUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVVtcp +RJMdLbl4C4dfjcBCfAqUMLRbXiKiDRnAMXn3c5IrYEND7uJKJTCrQklQ8YC570Za +YXxhSaKiFbcR0MA7oHEF8HWglB53GSmFowqtAiERS/AWbMJoXlh/MBJweeSVUzat +CPO8V3q56Y/5OFglW5YV3tA3Kgv+BvlqjYCzWNeBwfyeglkB8EWi58llAiyjsGPd +QpN71LOyqHK16SCv22E6mIyrxfFgeaWIxIBeXzgVxDzZ2djbsqYyrJlAdUCbGzh/ +O9N0MhEC0mMRcgo7uER0olnWri1oOWtJl2Ok8ZvMqGQbdkxkkmxCthUWyxFoVq7P +xU7IYmBiBn27SyF7AgMBAAGjggF5MIIBdTAfBgNVHSMEGDAWgBRsipSid7GAch2B +ehaq8tzOZu5FwDAdBgNVHQ4EFgQUy/0Vpppg8S5OW5UcjD8djcKjIhswDgYDVR0P +AQH/BAQDAgGGMFoGA1UdIARTMFEwCwYJYIZIAWUCAQskMAsGCWCGSAFlAgELJzAL +BglghkgBZQIBCyowDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMRMAwGCmCGSAFl +AwIBAycwEgYDVR0TAQH/BAgwBgEB/wIBADAMBgNVHSQEBTADgAEAMDcGA1UdHwQw +MC4wLKAqoCiGJmh0dHA6Ly9jcmwuZGlzYS5taWwvY3JsL0RPRFJPT1RDQTMuY3Js +MGwGCCsGAQUFBwEBBGAwXjA6BggrBgEFBQcwAoYuaHR0cDovL2NybC5kaXNhLm1p +bC9pc3N1ZWR0by9ET0RST09UQ0EzX0lULnA3YzAgBggrBgEFBQcwAYYUaHR0cDov +L29jc3AuZGlzYS5taWwwDQYJKoZIhvcNAQELBQADggEBADPubZ/kZNDB/hkuGuuK +OmiGZJC2C1dBGkuM0SXewWzGHEPKapa4rNDrgDSTQMOLeMUCmr4XbHbMo1mqIDBc +SioVFiq+CooCskj3D+gj1Y+dbfi+IW8/IlbHVDxlApDlJ11v3nvNJNHp7gA0hFVD +Da2Upj9wVsYr0ReXvHRz0Zb6a1/7R6to41c8wwg3hWCGCXsPvnILaQK5JmxNVX1i +HT95UKDxnysb+vw+GxxJgaIH87HkgxZtOc7WUnP+GFALfKQyLsR8J3vkIkI2DJfP +FjtBblgXWn9lCI5lYgeH3VbKjVvowcUWuw2F8PJaaNHpVpWwv+XfzLmUCdLGjZrB +zBQ= +-----END CERTIFICATE----- + +subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-44 +issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEnTCCA4WgAwIBAgIBGzANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEY +MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsT +A1BLSTEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgMzAeFw0xNTExMDkxNjE4MTRaFw0y +MTExMDkxNjE4MTRaMFoxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVy +bm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRUwEwYDVQQDEwxET0Qg +SUQgQ0EtNDQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDG3+Tty+pD +oTJGbJvbL/uQUD5vXkR1G6vSxNSbFskImmrpLV2hr8uCGAFDL+Kb3dPaYLTEeaK9 +34LqDC02+Cw4mLamoXKtfBGlFT1T3AHzpS4wJAhfrSGFGRBdY76jpTn1eiaWs+nb +CLiJjpxQOQhp7caytsZnGvLNOFUc+QZJFsyAf06cpWEmo/iAx7KXLMPV6sbGTLqm +kyqNxYPvqd1Ryyq2vi5Pqyw0swg2+wvkMhGIZ39ryJhgaU5vcAhd39z53tNU1ttp +xP506Z4uDG9TmBciUFfs4uZbz9aOzT9YYs6enlh172PU48WfCFIQSOXjRcB9/XkD +btghMxTcmzgRAgMBAAGjggFrMIIBZzAfBgNVHSMEGDAWgBRsipSid7GAch2Behaq +8tzOZu5FwDAdBgNVHQ4EFgQUMPnNVHOQG4Lyco6N7lZGokQpv/owDgYDVR0PAQH/ +BAQDAgGGMEwGA1UdIARFMEMwCwYJYIZIAWUCAQskMAsGCWCGSAFlAgELJzALBglg +hkgBZQIBCyowDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMRMBIGA1UdEwEB/wQI +MAYBAf8CAQAwDAYDVR0kBAUwA4ABADA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8v +Y3JsLmRpc2EubWlsL2NybC9ET0RST09UQ0EzLmNybDBsBggrBgEFBQcBAQRgMF4w +OgYIKwYBBQUHMAKGLmh0dHA6Ly9jcmwuZGlzYS5taWwvaXNzdWVkdG8vRE9EUk9P +VENBM19JVC5wN2MwIAYIKwYBBQUHMAGGFGh0dHA6Ly9vY3NwLmRpc2EubWlsMA0G +CSqGSIb3DQEBCwUAA4IBAQCnFaVDUuNpbT4YazfYL4qKc/e0Zqd1wM10uqo+ayjz +zP5HXLL2frAudguRVxFDC1WzjB16tc1GODUWY4OOxPCyUNKUJTU3G8qcXMabjEvC +y9wLu/5FTvE0iumpvdpSGJb2v/pBc+Tofe17SgCTpOW+METZM5fiV6e8VrYaZalg +YXrHg+DvdBpGSteccLFLORhZoq0ZpHh7QoHNVOi9sxLhEuhRTSGebRhTkYN99PzC +BdD6ljQ0uShqB3r8uX1pVpBskdovm2JWSX40/QahFVDMwJPImlJ7lXRNvRrkqLHH +PaTJ4R5spBJULmUEbqVfFXG5p/I9vNVF7YZCE5nzegTf +-----END CERTIFICATE----- + +subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-43 +issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEnTCCA4WgAwIBAgIBGjANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEY +MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsT +A1BLSTEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgMzAeFw0xNTExMDkxNjE2MDFaFw0y +MTExMDkxNjE2MDFaMFoxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVy +bm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRUwEwYDVQQDEwxET0Qg +SUQgQ0EtNDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCib5WKgEkw +yV+HYIReCPRrFLoBoue/va3ODbll8dZITF5Dkj/Qpn/aE3cCVXkd1Oy38k+7MFGo +I93xCKkxq+gdkeLGXEZ8tuwpuqeVHW7rjgd+2DgDuNWsXkN8UqfJvaMccLSjLfTI +MS420x3sMtE5aOC+Zib6Ei7YlT5GUatw33BKSTZIsXqWa9tag6daktv1JonQOs9W +z+zCwZ806AmJhygNzv5scv0+Wtbns91UzwyTBSpYi8Go03YXU1znT/hciQC6uXRY +xUWbBRkuJyc4AsGb2mwfcfG7Tv3LoO1sv1VUV0FswWGP9dFRX3DqjIzs5ylk58oo +CXTCrwOYIXGPAgMBAAGjggFrMIIBZzAfBgNVHSMEGDAWgBRsipSid7GAch2Behaq +8tzOZu5FwDAdBgNVHQ4EFgQUN6mSY1xcxJ27IUhTKKrUZFBmmkUwDgYDVR0PAQH/ +BAQDAgGGMEwGA1UdIARFMEMwCwYJYIZIAWUCAQskMAsGCWCGSAFlAgELJzALBglg +hkgBZQIBCyowDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMRMBIGA1UdEwEB/wQI +MAYBAf8CAQAwDAYDVR0kBAUwA4ABADA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8v +Y3JsLmRpc2EubWlsL2NybC9ET0RST09UQ0EzLmNybDBsBggrBgEFBQcBAQRgMF4w +OgYIKwYBBQUHMAKGLmh0dHA6Ly9jcmwuZGlzYS5taWwvaXNzdWVkdG8vRE9EUk9P +VENBM19JVC5wN2MwIAYIKwYBBQUHMAGGFGh0dHA6Ly9vY3NwLmRpc2EubWlsMA0G +CSqGSIb3DQEBCwUAA4IBAQBqUrzdeqnC2ohoGUExkxayPe+h3TKunmYUBgFHOLtT +w89DiGAypywUHgjSOqb1DQD7Z2JohlU2rRRn0ajIAii5DtPgGN4mB9Z5HsmdfZ8L ++CMr/Jw7oYeaRLnyWoRW6cvGiM3opBewNo1192dqv7JYHaAGIVKSdLcESJNwp347 +nDD5MauXa8/2a20lsOOrcU8PgpBHhyRPDQoBaxjjSFtH+aA7KwvFaqsUpvgiTqNp +5j41K0ayV0rdd/K3zRKcA2weMONqDXagcvDSCMOu3S6jS/M7oc3Sv4kKk8Vjhcom +hCvw6EHyLSiUMqNzlO71q5q3qMj9QOD6T4PK6/UxRD7D +-----END CERTIFICATE----- + +subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-42 +issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEnTCCA4WgAwIBAgIBGTANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEY +MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsT +A1BLSTEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgMzAeFw0xNTExMDkxNjE1MDJaFw0y +MTExMDkxNjE1MDJaMFoxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVy +bm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRUwEwYDVQQDEwxET0Qg +SUQgQ0EtNDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCt4/+9beDb +3g9kGg2MlznUY93COtiDLetMCks4aQ5/MYaSti6eoDw5L7EHlkNfnrO5XXKbQHZ7 +HqipwyE6uZ36WPEvU6ufin57Fr++aIYNk3xLAH4me6jT8qyrzn9FUBXh2UsnqCMo +5jHl+6FJbsTq2/sSpIZl8SMUS4w6wNi/gRSrhdVfmJibhQgEj6QbvUr8aASzlyS9 ++zvMRTZq7JBDEPlbdsfE3mbGWvO0+PD8HMsNrj5rKL7wdoAzQDB/YisF/9ffJw8L +cFPsUisUdZsFTk9L7qMCcgSfCtGfw5AEw4lcmIAiHRX0Apd/iJM4kADuHUFPYzM2 +EN4ngjDxK6jVAgMBAAGjggFrMIIBZzAfBgNVHSMEGDAWgBRsipSid7GAch2Behaq +8tzOZu5FwDAdBgNVHQ4EFgQUMqAAylmLxM58e9veGSoQioZB0eMwDgYDVR0PAQH/ +BAQDAgGGMEwGA1UdIARFMEMwCwYJYIZIAWUCAQskMAsGCWCGSAFlAgELJzALBglg +hkgBZQIBCyowDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMRMBIGA1UdEwEB/wQI +MAYBAf8CAQAwDAYDVR0kBAUwA4ABADA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8v +Y3JsLmRpc2EubWlsL2NybC9ET0RST09UQ0EzLmNybDBsBggrBgEFBQcBAQRgMF4w +OgYIKwYBBQUHMAKGLmh0dHA6Ly9jcmwuZGlzYS5taWwvaXNzdWVkdG8vRE9EUk9P +VENBM19JVC5wN2MwIAYIKwYBBQUHMAGGFGh0dHA6Ly9vY3NwLmRpc2EubWlsMA0G +CSqGSIb3DQEBCwUAA4IBAQA5hIjoPl6je1176wDm7i4FNGehuKkrM6KOqEZLyze2 +bkSRZXV8wIve6CkMxL89PLEa9BPXF/PpF5Wn2to4YZgZmx0j+3M9kIuIzDxKHAHB +tfLoOXHiT/g9U9Scl09RiWVfhul13R7+Q6CQdKO1yu69bNtvL1Uxsz2LaGP3pFaS +QklM+Ns56N3a2YJ3qNyjGnMoksBDFSkitYJJrWteHSv1iBv9FVge/d3SE9+Pq/WD +Q22yK/0ph3gTEw61e9EYZ/TAeNb01Ju56bNo5lVHAz2UawrwGhRklJQhf/i9JRda +gykYg4Zkczl+ZXN+0bfJDZ+kpis0wlcPrVzNKNpAVnzf +-----END CERTIFICATE----- + +subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-41 +issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEnTCCA4WgAwIBAgIBGDANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEY +MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsT +A1BLSTEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgMzAeFw0xNTExMDkxNjEzNTZaFw0y +MTExMDkxNjEzNTZaMFoxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVy +bm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRUwEwYDVQQDEwxET0Qg +SUQgQ0EtNDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3yXSI2Ca+ +LJHgzmhn2NH9Xk02+QoEPtO4K3oHa+XKeP2Mdk4ooFy3SLvizf84zDWzqVPoofEd +pF1NpDT89rm5JOjaI5PBm9ct4rV0ZqH34DlARMVjthW6ySUp2YDDK5dGkZTACqkn +E2AaL777RyPLRESDp1p/J2yInUMvCc3wsJmqteSW5dUDpl7+S9SV2D+urf7zB5oB +06D9i4YknSh3nnthtqHSCvNF0QtpynTydycBrZZ2Cv4lF/iVPpi89WDTAjwWc3u7 +HVxHqCi9Z6zB7eIIXtIRcKBJrqL7oExvAGu0C/1D6/dQfOqHa4cPEgllXfy38Zxf +nUrFCih4TjD1AgMBAAGjggFrMIIBZzAfBgNVHSMEGDAWgBRsipSid7GAch2Behaq +8tzOZu5FwDAdBgNVHQ4EFgQUW5HGRDbyKPL4z7LCyMpjSWGbIAowDgYDVR0PAQH/ +BAQDAgGGMEwGA1UdIARFMEMwCwYJYIZIAWUCAQskMAsGCWCGSAFlAgELJzALBglg +hkgBZQIBCyowDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMRMBIGA1UdEwEB/wQI +MAYBAf8CAQAwDAYDVR0kBAUwA4ABADA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8v +Y3JsLmRpc2EubWlsL2NybC9ET0RST09UQ0EzLmNybDBsBggrBgEFBQcBAQRgMF4w +OgYIKwYBBQUHMAKGLmh0dHA6Ly9jcmwuZGlzYS5taWwvaXNzdWVkdG8vRE9EUk9P +VENBM19JVC5wN2MwIAYIKwYBBQUHMAGGFGh0dHA6Ly9vY3NwLmRpc2EubWlsMA0G +CSqGSIb3DQEBCwUAA4IBAQCh4rRiX98I1sgwJ/wFaLDtM3GlKTulDu7VGpGllllh +bUpZiaHQ8pMV2goFboAOPXxMnl2N2UM/U4/9S2uW4mosQo2gbcNT7rbi/QhlEk4Z +u6tZek3SvhFIq+fn/XhMqiMwIOUNqroh5BnvPGLQcMqfnLebTJmkcG4I6OmXP6en +jh/JcdNnxMhZ1ZUju61+Sw8g14fKV6kAUdrGhQPZAceZyLvUajDRXLdxFX7LWip0 +IIFPD4eM2pLx94MPpbwFo4/l+rO8LK5BLxG4YV7hIiyauwtcREoNwjRyE0TJ8qTf +mzXUzM7YyjBQytyeKHaEyDbULAe0vfUb9p1joxoGSOue +-----END CERTIFICATE----- + +subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-44 +issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEoDCCA4igAwIBAgIBFzANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEY +MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsT +A1BLSTEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgMzAeFw0xNTExMDkxNjEyMTZaFw0y +MTExMDkxNjEyMTZaMF0xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVy +bm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRgwFgYDVQQDEw9ET0Qg +RU1BSUwgQ0EtNDQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5wjjc +RPtz4s4DzWJURVpAl0MhxzRT1SHv3Sju/LkVaagrEfNxEZbnkTHKciFhScbCIco4 +458+LtRXmwMZiXSPSVquEuhYjpmQggqVUs8eozfV4uMnI88FBEGUhwA8zfgwRMLF +RQnJ4SCB3oGbZHh4sV1MutprCDwd6qrG0k8b8/GF9h1vyPZbNNBHODlfdDraBD5/ +bdX5lQ4L6J7uT5vYtTQQIRM+fk1Nlmxr2okKH4wcwK5FQ9I/kYAs7QoF9My8nAOO +sAAYPBxq+V5UWwRqqdSSxX72YEHAyitxmwng3VMHu5pNCnmEsYSVH7C7FfQaXk/e +Q4+o36slG0x/jys7AgMBAAGjggFrMIIBZzAfBgNVHSMEGDAWgBRsipSid7GAch2B +ehaq8tzOZu5FwDAdBgNVHQ4EFgQUoItn0eFgZHWnOazJuDWNmJJ0c6UwDgYDVR0P +AQH/BAQDAgGGMEwGA1UdIARFMEMwCwYJYIZIAWUCAQskMAsGCWCGSAFlAgELJzAL +BglghkgBZQIBCyowDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMRMBIGA1UdEwEB +/wQIMAYBAf8CAQAwDAYDVR0kBAUwA4ABADA3BgNVHR8EMDAuMCygKqAohiZodHRw +Oi8vY3JsLmRpc2EubWlsL2NybC9ET0RST09UQ0EzLmNybDBsBggrBgEFBQcBAQRg +MF4wOgYIKwYBBQUHMAKGLmh0dHA6Ly9jcmwuZGlzYS5taWwvaXNzdWVkdG8vRE9E +Uk9PVENBM19JVC5wN2MwIAYIKwYBBQUHMAGGFGh0dHA6Ly9vY3NwLmRpc2EubWls +MA0GCSqGSIb3DQEBCwUAA4IBAQCSY9dTLozPHVTcrSBDSPRiAts6kmKFip1T2qP+ +zDqETUs7FpS/EkLka8n0qjmYMtNWD9zsWKi8FbZeZ1se5tSFxL9waupfibMFsJT4 +Mnvmk3ihhUfTZYpERBmgeX7cd80+WO9SB1P+dCLw/7MjTdN8j0aOcjh+I6KLWLjA +LfVNhpZ7/8LgsOl3sHgZ7537YsA6Ti+yezGD0jM7nKpfyg78nbK2imWutiuEyHui +OdwcJOQpsKuoyNa5yzyuXK5ygG/PMEzJr6rfJykd6UMpADgaCZmSWueJqzMxfrI2 +ZoXlZzmX0xG2CuhOEhcqwLLvKgqu+dUKwzE4VxQYgtRtzzJf +-----END CERTIFICATE----- + +subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-43 +issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEoDCCA4igAwIBAgIBFjANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEY +MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsT +A1BLSTEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgMzAeFw0xNTExMDkxNjExMDJaFw0y +MTExMDkxNjExMDJaMF0xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVy +bm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRgwFgYDVQQDEw9ET0Qg +RU1BSUwgQ0EtNDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCr3inR +YhAew1kjGebIpt5eR5BSz/xqDhz6KvPNiri3gbRar7lAu7XVGAn+LYB+NyuJt3Wu +6tSmXvvqxLPKXr47tFAkjpX2My1IGM+Y59iMsuvK+T1xeFvbZFtnC8EgntEwR0Uo +UWtUZAdb5IdKGquolt89RTt6W1mgMhbuYEewydSknxxUI+yNvMQ6NGeaRzu9IRIm +AmtSHUpkE5vxto8lmxRtF09LcmLSiElx7InsL3olAQSjzw2AWbHEMr4WDVTugJXn +VLfmC8/fuTENvmLRDGnTA+li0fjORzMqmGIok5eoU3X24Qv3Ii7/XvGFyNGAKPy4 +oKAXEGn5eZtar4kvAgMBAAGjggFrMIIBZzAfBgNVHSMEGDAWgBRsipSid7GAch2B +ehaq8tzOZu5FwDAdBgNVHQ4EFgQU9x/xRjhVv7xxi7IGO44rGLJeu7QwDgYDVR0P +AQH/BAQDAgGGMEwGA1UdIARFMEMwCwYJYIZIAWUCAQskMAsGCWCGSAFlAgELJzAL +BglghkgBZQIBCyowDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMRMBIGA1UdEwEB +/wQIMAYBAf8CAQAwDAYDVR0kBAUwA4ABADA3BgNVHR8EMDAuMCygKqAohiZodHRw +Oi8vY3JsLmRpc2EubWlsL2NybC9ET0RST09UQ0EzLmNybDBsBggrBgEFBQcBAQRg +MF4wOgYIKwYBBQUHMAKGLmh0dHA6Ly9jcmwuZGlzYS5taWwvaXNzdWVkdG8vRE9E +Uk9PVENBM19JVC5wN2MwIAYIKwYBBQUHMAGGFGh0dHA6Ly9vY3NwLmRpc2EubWls +MA0GCSqGSIb3DQEBCwUAA4IBAQBb0OxJQPngXOTSzqqxRWBYjiK+4vEf/nwj7cj0 +OT07FIrRsRpyZwpENffCtMU5yv2GHqlS8JKiqw9oGNMtqoW4BtXEE0Oo7W0dnQGk +wLv55eRN1FDI0JgpTu4zixq7NMpYx7XVADi6+3E11efmOesF20po7+Gg2MGsJTNR +EMXh7yHcDqs6nMkPtcl1u4qivfohdRcKsIvwC1Z4cV+bjZ9A5KOBZeWsa86FzNBl +jKTdLxebUz091aA6tjUZ/k576OPKiR1k8awlDsz5j/S9xK1Ht5KV2x8Edvgreiw4 +Dt8Disz/fX0T330P2n6GbPOcgL/wiktRjCq2BnnlmDLFwxJe +-----END CERTIFICATE----- + +subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-42 +issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEoDCCA4igAwIBAgIBFTANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEY +MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsT +A1BLSTEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgMzAeFw0xNTExMDkxNjA5NDJaFw0y +MTExMDkxNjA5NDJaMF0xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVy +bm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRgwFgYDVQQDEw9ET0Qg +RU1BSUwgQ0EtNDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmnSX1 +j25X0lrlxl7FTi65DxzSaXlUQwPPILHxQh4pWMbA7Rff4r+duETma3mrPmaej45H +KYPF+1jFiV+jLiPFXzQKcsrrImratXcABFus0lA8xBtvhjZTE/vmGSXZpBPFAkyb +jof3OJBzzWwo+kPrK/je0Kbrlq4jekNcpXDeR4Qp2FXtwMgeS9RnMGUWbO7sv/iJ +ceUkXD9WG6IY2GW3EMsx5MJtxe6M7ACsMb0J3eN+2BAxAZZGjMRjPa2C+2kc922j +Bsr4mfQ9hEbWEu5wWLwiJLBH+9NaTBxlqcGS8yyX0xQktvLHlrmnIUpQksH3x/6F +UnzXQ1CKhaENi4lvAgMBAAGjggFrMIIBZzAfBgNVHSMEGDAWgBRsipSid7GAch2B +ehaq8tzOZu5FwDAdBgNVHQ4EFgQUbwWkXaLEr5VbQZHfC3gLFu8cCW4wDgYDVR0P +AQH/BAQDAgGGMEwGA1UdIARFMEMwCwYJYIZIAWUCAQskMAsGCWCGSAFlAgELJzAL +BglghkgBZQIBCyowDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMRMBIGA1UdEwEB +/wQIMAYBAf8CAQAwDAYDVR0kBAUwA4ABADA3BgNVHR8EMDAuMCygKqAohiZodHRw +Oi8vY3JsLmRpc2EubWlsL2NybC9ET0RST09UQ0EzLmNybDBsBggrBgEFBQcBAQRg +MF4wOgYIKwYBBQUHMAKGLmh0dHA6Ly9jcmwuZGlzYS5taWwvaXNzdWVkdG8vRE9E +Uk9PVENBM19JVC5wN2MwIAYIKwYBBQUHMAGGFGh0dHA6Ly9vY3NwLmRpc2EubWls +MA0GCSqGSIb3DQEBCwUAA4IBAQB+0vQGArx8bB3kLkQtlSq/JQdzYG9ZxTu1W+nv +eaBUzXyhUyBP1OEA0ZvyiAt7km95y3/H65mZqtBRQuz+jYf0Hxxd0fFw2cXrU8oN +pf9of8SIit3g7H/lPvCzQrixjBPJyIZiuF/1tGqS7OmQP/4jU3+R8uvVhUi3AX2D +XAm4VTcBpCsG3ozOCpJykAQZJxaOgqSJHFLNdPByr1fMvpsFOkSWwlGzmWObh4Xw +ud0+naP4pbqKYjue/MeAGqgmxMJTn4hFXS5bHMViscJpnZtJz1J6XsA8aSiZO/ul +iO/vQx3CzdEWCMB1ZCGP0xdzfDipKEMDPRpA3ucPj3dgb3Mr +-----END CERTIFICATE----- + +subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-41 +issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEoDCCA4igAwIBAgIBFDANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEY +MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsT +A1BLSTEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgMzAeFw0xNTExMDkxNjA1MjdaFw0y +MTExMDkxNjA1MjdaMF0xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVy +bm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRgwFgYDVQQDEw9ET0Qg +RU1BSUwgQ0EtNDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCUuycR +DCMw4iPGIbeq1Yuw/9S+tkQnTdtDE1RSp/AhVU+sIILIH0Ay5GiJYuZ1L4NdUGnJ +rsAeRJIFUZae/eMfzARtUtnHyPteXJB1DYh8eK5b5E7RFUz5lae4AdhuUtPSRDm0 +YdH8nXJ8Fgm0w+pMCltZJLIGhfgphXbcZleyFJrRk/k30PIfNdZSoxI0dn8tJRui +8H50cXpDbCd5Ksi+jEsdYR3Mcza6VTZRmvepwAiF9fpEqlyVqltq2OWLg8ky628V +ODeDZ188HSx8rgpZfOxHQJpMnIyOKHH35WeXEMGC7spvrRP+d/BZsIRGmVx25FTi +jbCFfTQeD91cb6ifAgMBAAGjggFrMIIBZzAfBgNVHSMEGDAWgBRsipSid7GAch2B +ehaq8tzOZu5FwDAdBgNVHQ4EFgQUOSmoCGTij4OqgWFHEZEz+Fo3puQwDgYDVR0P +AQH/BAQDAgGGMEwGA1UdIARFMEMwCwYJYIZIAWUCAQskMAsGCWCGSAFlAgELJzAL +BglghkgBZQIBCyowDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMRMBIGA1UdEwEB +/wQIMAYBAf8CAQAwDAYDVR0kBAUwA4ABADA3BgNVHR8EMDAuMCygKqAohiZodHRw +Oi8vY3JsLmRpc2EubWlsL2NybC9ET0RST09UQ0EzLmNybDBsBggrBgEFBQcBAQRg +MF4wOgYIKwYBBQUHMAKGLmh0dHA6Ly9jcmwuZGlzYS5taWwvaXNzdWVkdG8vRE9E +Uk9PVENBM19JVC5wN2MwIAYIKwYBBQUHMAGGFGh0dHA6Ly9vY3NwLmRpc2EubWls +MA0GCSqGSIb3DQEBCwUAA4IBAQAhEvHTWyebz05Ox9hW+neUMYI1686yzQA3er3T +lmapTCnxNyNeGP0dcLuFqHZu7wiw6n362ygHDB4e2GQm/IFHsdPXBEQiDBtBOe24 +EOxXMEp4Ku0znOFgZEV/kng/ST4rsoyb4MVCzhCR/5lfzk0zWD5oUgnJ5YwWIITN +zCO10fxQYiCBFDGPcMGJ/biBdcXFtzvPmrzIHDgitll91kI4Rtq5Z8K7988yqqsM +Dm/Ec1t7aL+A+PH9CSLMLNYfllANDvpS2qGV9vh4RGjO4d8P8WAejNczrcuQ4GEA +1aInA29sNdhLFOKAt3BDKvSjxJM/b3J3jkg6CDzmccXolN/y +-----END CERTIFICATE----- + +subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID SW CA-38 +issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEoDCCA4igAwIBAgIBEzANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEY +MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsT +A1BLSTEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgMzAeFw0xNTA5MjMxNTI0NTFaFw0y +MTA5MjMxNTI0NTFaMF0xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVy +bm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRgwFgYDVQQDEw9ET0Qg +SUQgU1cgQ0EtMzgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMtw2M +Q24eg6nE7h/ZXMiN0GTHnybtceAlYm5NmOWZNzr1/s22At1aN3NSilt5T2MAq7IJ +OOPVqtQ4e8YjvwnZMl/vhk6Z4rwAePshr9HvlO8CXl257RP3uN8HgRBRyiBzJh08 +Q8W+Hrb77XMn0CzdQ7h+0+hJjdwRjSAgHfHBagAFIilYBUHtresJNB7zk/jedaIu +v6xoTkJttS+USSWJ91Rqn1hvAZfd4XbweSqCPNFXXWvudII7DZ9G3ViymCXqXJDZ +KXW+iEOFewY9K1BMnI+NOV/qOv335oitPYeRqnIOiQmV0J2ArCYoWfQputQuHD6Y +y3dzTEj6dFH9CbuXAgMBAAGjggFrMIIBZzAfBgNVHSMEGDAWgBRsipSid7GAch2B +ehaq8tzOZu5FwDAdBgNVHQ4EFgQUjsW5zPzOjlO0Ks7oESrPmylsZ8owDgYDVR0P +AQH/BAQDAgGGMEwGA1UdIARFMEMwCwYJYIZIAWUCAQskMAsGCWCGSAFlAgELJzAL +BglghkgBZQIBCyowDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMRMBIGA1UdEwEB +/wQIMAYBAf8CAQAwDAYDVR0kBAUwA4ABADA3BgNVHR8EMDAuMCygKqAohiZodHRw +Oi8vY3JsLmRpc2EubWlsL2NybC9ET0RST09UQ0EzLmNybDBsBggrBgEFBQcBAQRg +MF4wOgYIKwYBBQUHMAKGLmh0dHA6Ly9jcmwuZGlzYS5taWwvaXNzdWVkdG8vRE9E +Uk9PVENBM19JVC5wN2MwIAYIKwYBBQUHMAGGFGh0dHA6Ly9vY3NwLmRpc2EubWls +MA0GCSqGSIb3DQEBCwUAA4IBAQChLaZGtZEevrRh4hyMrywIePJ1h8t8K766TTUB +8AY2y5/BolEoHxKTOis7BRolriRFsa4PVFUSIXUsGQxrA2h8pa0v2irrEE2ixZGN +h5rSXXhC+UtALDF8PlWUvD/M1WLOIW277YHQ4JNjMl5OEhsrVoxJZ3I32bTG8EZp +EDmBbVPsBINRf1kjBd69xb7kk67DfUEs4fUjTHRDOflV388bX2877//UaADPfjGK +6g9AxY++pf/4can/DhxhJ40+oKiDN29apuwmeNrfAi+CqL9uFu6JSxSUGOy4ZDLA +vmAQHGI6r+mRBcu8U/9xuaYpkO8jAoDNn7yS4H0STEoDorrR +-----END CERTIFICATE----- + +subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID SW CA-37 +issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEoDCCA4igAwIBAgIBEjANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEY +MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsT +A1BLSTEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgMzAeFw0xNTA5MjMxNTIzMDVaFw0y +MTA5MjMxNTIzMDVaMF0xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVy +bm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRgwFgYDVQQDEw9ET0Qg +SUQgU1cgQ0EtMzcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsrnKi +qfWUYvBZ5poN5GMO6qotl7XJ4GGfg/lr8ipbPcgYScw8HLXrxakW0wA+uEk3Yka/ +/bfUgtiLCqr2/SMYVISjXisglAHUiK1pnXl6ANJ3FGX4eio9XdbvifXjcMu462T3 +XoZAcbbwkk7j5G2P4uJn88h2GmprYJzePNLC38yMgi4FMRsPchVYpX3Fxk2wXEOg +hyeSYvueXWOzEtEDCEyrumQxHfW3Oru0b6JrTZMpztOlaTd9ngKLrIcKaXEyGtrj +lCokBmTALc6xnyKmUNf4R9Imo+lVbwSIycGnePOTrJccRTUbZsfXsFeD0lIWGnHY +rws1w9xarvIN7Gm9AgMBAAGjggFrMIIBZzAfBgNVHSMEGDAWgBRsipSid7GAch2B +ehaq8tzOZu5FwDAdBgNVHQ4EFgQUFiR+9y3B75I/vkTnVF7p/he686EwDgYDVR0P +AQH/BAQDAgGGMEwGA1UdIARFMEMwCwYJYIZIAWUCAQskMAsGCWCGSAFlAgELJzAL +BglghkgBZQIBCyowDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMRMBIGA1UdEwEB +/wQIMAYBAf8CAQAwDAYDVR0kBAUwA4ABADA3BgNVHR8EMDAuMCygKqAohiZodHRw +Oi8vY3JsLmRpc2EubWlsL2NybC9ET0RST09UQ0EzLmNybDBsBggrBgEFBQcBAQRg +MF4wOgYIKwYBBQUHMAKGLmh0dHA6Ly9jcmwuZGlzYS5taWwvaXNzdWVkdG8vRE9E +Uk9PVENBM19JVC5wN2MwIAYIKwYBBQUHMAGGFGh0dHA6Ly9vY3NwLmRpc2EubWls +MA0GCSqGSIb3DQEBCwUAA4IBAQBZDRYy0oP+yD3OiDqM3liOggDDqJidDSkqmPMB +pxTL9iyXCAqS5OUhzKQ2/N8gRYzO1o7JNIqez7kuwj1HJ0LH94jbjyMnvrWV34mh +m1OzbG1y/88FvheQXLgld+tjojxYVhErbFGHnxMPw1X0VpbRTWrAcetlfMNKdwPU +AH1GDfFmczuSfqwqZcapgJal9BWMIJoCXH1sUOHXmg/6anXx1d30OH9iTYV0to76 +oHTg6PEw7nwxNDgGcVgLDVyDAyTpfQCfhV4fSLI9cDTs4nA0SUgUga01d2h1Sp4r +0PtksjJINJlYvLggvRWucI/MokLw5F6m+w6BN+t+kEggLn6T +-----END CERTIFICATE----- + +subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIDczCCAlugAwIBAgIBATANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEY +MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsT +A1BLSTEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgMzAeFw0xMjAzMjAxODQ2NDFaFw0y +OTEyMzAxODQ2NDFaMFsxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVy +bm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRYwFAYDVQQDEw1Eb0Qg +Um9vdCBDQSAzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqewUcoro +S3Cj2hADhKb7pzYNKjpSFr8wFVKGBUcgz6qmzXXEZG7v8WAjywpmQK60yGgqAFFo +STfpWTJNlbxDJ+lAjToQzhS8Qxih+d7M54V2c14YGiNbvT8f8u2NGcwD0UCkj6cg +AkwnWnk29qM3IY4AWgYWytNVlm8xKbtyDsviSFHy1DekNdZv7hezsQarCxmG6CNt +MRsoeGXF3mJSvMF96+6gXVQE+7LLK7IjVJGCTPC/unRAOwwERYBnXMXrolfDGn8K +Lb1/udzBmbDIB+QMhjaUOiUv8n3mlzwblLSXWQbJOuQL2erp/DtzNG/955jk86HC +kF8c9T8u1xnTfwIDAQABo0IwQDAdBgNVHQ4EFgQUbIqUonexgHIdgXoWqvLczmbu +RcAwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL +BQADggEBAJ9xpMC2ltKAQ6BI6R92BPnFPK1mGFhjm8O26GiKhVpCZhK00uaLiH+H +9Jj1qMYJyR/wLB/sgrj0pUc4wTMr30x+mr4LC7HLD3xQKBDPio2i6bqshtfUsZNf +Io+WBbRODHWRfdPy55TClBR2T48MqxCHWDKFB3WGEgte6lO0CshMhJIf6+hBhjy6 +9E5BStFsWEdBw4Za8u7p8pgnguouNtb4Bl6C8aBSk0QJutKpGVpYo6hdIG1PZPgw +hxuQE0iBzcqQxw3B1Jg/jvIOV2gzEo6ZCbHw5PYQ9DbySb3qozjIVkEjg5rfoRs1 +fOs/QbP1b0s6Xq5vk3aY0vGZnUXEjnI= +-----END CERTIFICATE----- + +subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD SW CA-54 +issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEjzCCA3egAwIBAgICASwwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM1MTI4WhcN +MjIxMTIzMTM1MTI4WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E +IFNXIENBLTU0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq0wnaj/j +ZzXRnZnNDN5rMZW7OmPPcrG+8IQW6oHretQqvj/HCnAyX3sl5TvT6bLCG4UfLBAx +4VRCvpsVW9fME/43E+N8pyUDjlhYe8BHO9e0RfbVjMgDh6tLagvjN3MfThg8E94C +6TRisdifkP6WonplO1sbv8YD49GjmBWLs8KtU3xzw/StQrwNfymY8aW4lXJQa/Ca ++FXzz/tRh7Mclrlz6QCzgdHAliWK4s5tsXDxeZls2/tvTaZQCVCiyccDdc//lYzL +UIwg3lnPcoV6CPhhw+QW4q42Y4oSu48Z9g/fAvqhrK1U0S9mHl1vWLDTHI3hkwmd +T/O2WgKh8nvx8wIDAQABo4IBXDCCAVgwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW +qvLczmbuRcAwHQYDVR0OBBYEFLC3KL8sBImKdCavqhOMAhBVgXmxMA4GA1UdDwEB +/wQEAwIBhjA9BgNVHSAENjA0MAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ +YIZIAWUCAQsqMAsGCWCGSAFlAgELOzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1Ud +JAQFMAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9j +cmwvRE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5o +dHRwOi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAG +CCsGAQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOC +AQEAZF047yS8bq8lkMpoxFrJjmbdD1TNpjnWRmImQ32uPwNkrDbspNJ4GdqAh3N6 +ueIMcPUSmrIEs9GRZGJzOeTQ6tcQKCyWy+npsI1DQ/k5Xz0H375Bw17gnq2Bpjdy +s8zeg8I+2lDOjSNr7RgVWWB+2sVWXdvILx4Wkh6vX57uEud046HBmc4NeDiHAer8 +NIac5A7e379NRyuusNGXkAm3g7GsE/Y7MrFsKKsMlHb+gFXVgD0DBhtF22YqmA/R +QvTz7Ij1AD++Gv5I4IIzJFMryN6ED6XduWcTtk9Cnf0uY0z+VY8RFw9nOkECFc2b +BA8L2LlruBOzMWbFy4kH7G/hrA== +-----END CERTIFICATE----- + +subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD SW CA-53 +issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEjzCCA3egAwIBAgICASswDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM1MDM1WhcN +MjIxMTIzMTM1MDM1WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E +IFNXIENBLTUzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwTewS9iv +ChYtMvNBYEOjVcVqr+3VOAEgyjt7ieJUVPrFDgtL9Sz+eXX+uBXkJwYjS0gtex6L +RuNtdcLkukoJu34ZxnfUwc8rgTwNV8VtIyI2GJq/u/FjGwK8fHkzslOzwF8KoA6N +NTYvKy9XohBDrrYGpRq/RuDttVfiJ4Yvcii5J6+uZTvT9035EksqjV7A+sJkFVqI +3MZ83kN9O0ZJf4dEj4h4DKqQYHTRrpy/BL4pTGxmSpnQHne63ToqsoZntTYCYhB5 +6izOakbsUTYVauwYqlNVf0j20IwcZibztp7wqV2NgGzA81LndhYLQh+8KsDabTSV +sZMvLHfEAeLdhwIDAQABo4IBXDCCAVgwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW +qvLczmbuRcAwHQYDVR0OBBYEFFHEizOZlMB+uzYd4+I6Bb0ydJ1TMA4GA1UdDwEB +/wQEAwIBhjA9BgNVHSAENjA0MAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ +YIZIAWUCAQsqMAsGCWCGSAFlAgELOzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1Ud +JAQFMAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9j +cmwvRE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5o +dHRwOi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAG +CCsGAQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOC +AQEACZtxX9lr6sye0RUSOLYzLCU4jVDNSQgz3qq8Kk7dJ97GdsuBzACcCIwFDpNd +tjMtD+mwNjgfeRY5ovyMEH3ZzVhIqGpQo4WLeE+bjy3fNcU3rsb2SHNaEpRddWQ3 +jnOc3jlyg/sHaR6Jg4JfQ1G9za46AReVa1nJLHjt/BO5m/3D4iJmpJvq2Qp6N4eF +a2VL6s8uAZKnLCocjZU2B3wYZMyaSgppaE4TOe/Hc5HJw245/cFLUL8I02iYfv9E +KQDuTGqNzGrBuKp9LMpRrBWb0boFrZaONcVXjtCqi05fo1Fd/JhuvfraTpgxmVXi +1OvgVGwq5lsxW2pbjSpBFebaRw== +-----END CERTIFICATE----- + +subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-52 +issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEuTCCA6GgAwIBAgICASowDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0OTU3WhcN +MjIxMTIzMTM0OTU3WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E +IElEIENBLTUyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAltzcMp2O +02t+fwd7rTlugoKqYF8eo/3M+JVdppPAHTiJVaVt0JSeM4xyZsKNoPBoFW/yshnx +lRv/LyNx0VBbn+4mJ7Ea1U4FBPxCSZ68VYqKdV64UMhndawVBJM3Oy8Y3ZxPldTD +f9ApCg4dZXSEiSnShO8YuphrNbYAd6YrdUn1IhDAhw90VTU3GMLru4vx60vFHscW +eZHpHfET8AsClbAyqu65bsa1+o0XvGLQy2GTMzEVaR1NhYVWKRSwgqW57gbE8pV+ +63WYNwi8XIr/2TaJ5GvgBVCbgJWAwsSfFTz21ZqOou0d5xYu79iIIue5DEoRW1bm +qserHNG7gsMvHwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW +qvLczmbuRcAwHQYDVR0OBBYEFJroUayRVNeUmgRI+iJ5/8bV7oYrMA4GA1UdDwEB +/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ +YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB +AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA +AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E +Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v +Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF +BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEAkxvd +sbOh2zGZCsj3nu9fHEMClJVtK4kJzPJZPi44gdSn+U8X5lbtT0kxsRrqCAZntlgQ +mp+DxnQClr35fjao3wF79nQaIOP2789a9VWZgyJfPrV2KLsxAH4/oOd2ZYdUtHfC +lbfZwbpxFulBqPWxysKQOx3XC/3LszCR0YFqbV/c5hBRB1A4sWBlF8KRGQyKdAyc +K7PrLcSMnLq04ugd5MfYWuJjJx/USNNWlil/LzqyCFzxPp4nGBB8y8s2LcZyvofh +HIBN9qxl3+EXcJyeyqyNiVZcgJi+DLSmBCckb2J6lN9tbGWV02WK+8OiAiZ31CfJ +/sezZ58EZayGYS031Q== +-----END CERTIFICATE----- + +subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-51 +issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEuTCCA6GgAwIBAgICASkwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0OTI3WhcN +MjIxMTIzMTM0OTI3WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E +IElEIENBLTUxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjjtDs/iL +TIf25t9SGGMP49gCFIYXcEtvTtc/vh+Cghf7qVwiNvUYCaGMq5q7F/pgL5xsw6Bn +iCMau2bZtLfl5xnMk2VMl2GRwUayHQ/0lyteeKid6fa8sfnlyNLh8lvPuHqQFJZX +5vpfAC24NDQCrr8YIkkNRyxJihCpj8HHYuzTplDRIpMljahhAWCsQkUqlq/5Lite +XHYA/+EnT2hspkitSU+FUIWo0FKK95oo+i2uXX8x3cXWEUCXoR23Slk5NrGTwAsf +TUd16xWA1acvksunx8eK3uOVCV02Q0sldVN19NaGm8lpoBfbtiNz3lo/j1VT558q +35LmOYWI6KzSTwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW +qvLczmbuRcAwHQYDVR0OBBYEFJ2kwVzT+WZxSaiEIwO24a8pdy2uMA4GA1UdDwEB +/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ +YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB +AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA +AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E +Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v +Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF +BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEAigQ4 +aOduTUCpDvC0ue0B0GV49B0aek8HXWKc10bPb1iUCQL2DT4aIf0u+yQqrzVpTw/x +5mVPRn2Zi2iEV5A8PsN4dReF3lblQSrSVvKFw7cq66Z8ab2ijXjpAMTJCUIOir8w +KoOV03cnVcaW0VDTH+gOslXnm95kPqdfbxJMh06Q00XfvWfRjfnB9D8ZDXbytM5X +mkZRyuUvWY+DKyJUy1HAuardaFpgA5WowjeQm9sAvx72LzaS7zmv+hxOliGXYOn7 +gbJATcT+zt1Ffwa9M19FjoQDSzWihW8P5cFRt6xVEwZHeD8VG++jcQfAujwX0v7U +hFKu8gxm3wlNXOalzA== +-----END CERTIFICATE----- + +subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-50 +issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEuTCCA6GgAwIBAgICASgwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0ODQ3WhcN +MjIxMTIzMTM0ODQ3WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E +IElEIENBLTUwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy1ncM1bN +JJHiu1Bh5jQ8r+Y1L2pvw+6YDLGE71z5gquBqisOC6XLKffKdBSF2U55vvp0m5J8 +WdF5DSfyfdAJ7S1HlzFYVW+0KjGLELKV5tWZh/aXu8V85ZaaYkvJeeEU5cIYWLKK +RAr1iygwnslhy1Kb7xhYV7gLYc29Wm1EgZiJ2Xm9M11FIauo40EXmQFniz4FLE/S +4JB1lbYiP1jGa4zJrdnec1k65tZk/K4hdi2diS+9mEUz3PWrzNqjrHKxFocnh9qS +NGqJfyfXxXgKTrZw2UG83IxHKvIpMPodX4SYUwRm5HRbrG6c1Fx12NC2go16w3dD +ilH+aUduTNpmFQIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW +qvLczmbuRcAwHQYDVR0OBBYEFDYuUt50qp7sux+T0b62ULXGaQv5MA4GA1UdDwEB +/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ +YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB +AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA +AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E +Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v +Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF +BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEAbAli +o7+gWX5YytmPMD9ic+aX2s0NaSdSauFYmb6khtN0CCocIqTI/TyfRJTjhI6wRNoa +ckcjVa5H3EOp4vOrtLN4TxbhNqdE+IHafWE4/btDstI5PrA2hlFZb1zvM5EQC8u0 +BZQ/DqyShOjypvxldvol6UGjys7wecPxt3cBJC7uroY+nqfxHnOIxRFoJGdC7pSm +f90/uDcX87oCbK/FrzJBO+/V2lGHiByC7ahcP59a4Xd69lHSMtRWquclAyBEy1Mx +p7Bx/v5kCpv14JE6SBlYEwhFrTt4aT49FQEQ9aJFKRv7j20sS/6wxPzGx24HE0Gb +XwusK9jo5skGLLUC3g== +-----END CERTIFICATE----- + +subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-49 +issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEuTCCA6GgAwIBAgICAScwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0ODE1WhcN +MjIxMTIzMTM0ODE1WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E +IElEIENBLTQ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2EngKIwP +Cl9+dsIByO2uONNLKhpnFypBAE+LM8+kekt4/HG6StaU/fmqFTRiVI0Uh+td9BWe +8NXOYrhQRo6FVSxBkLtWZX8Px2IHxiqQ1lnrZK9UlCo8h3MPpiN8VEjH2bP/WSa0 +oZEWzEDKLB5tSKerddc+QL2uEHb+Gfym6i+5qPOLXjV00FY24FdNOyHaRjQTM/Lf +sjWoFItHTKp5B9QogdKnyg+WkAARYtbd1nqtDXv6Fph5HaT39SEnRhc+lkrRDpDY +c+HAU6Xywik+stgv2yFk1MhFpF5/rndEwMLIST0+lSpahJKGmYtg1VKcnDcq5CER +C31gl6Yr7ffjAwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW +qvLczmbuRcAwHQYDVR0OBBYEFNhnk8pG3MmVppSzBBicziU6lhxNMA4GA1UdDwEB +/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ +YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB +AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA +AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E +Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v +Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF +BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEATmfP +QPkolF5PB0fS/9DrngX0tmdSwlidBtrkY6vL/V7IMKqJk7r+hHW6k9+nxijHFj6Y +J1+4ElpH/PwWPsqwVIshQxECvJKfo3OfN3a8Mn6Hog5kXJl5dMb0vJOpWQ9UhmG2 +m9UUZ9847wSlbW0vMHL0puuTso0365vilPO5JkapEXcFXdc3LDxXW8BR5NHyaN3V +mvfD/qAqe4BiBx2+WAxsolTJQ5IMjG5tIN7WE6VJdUAm6EIgbuFfvG1KiWQJLHkL +XdTvwdUTqX9JQYswfvoCwvHRh+I2mZX+/iH5HKLcaxqW8b9JnHCtfMSBZqLdI3nG +IBw48tRul8lbrg0mJw== +-----END CERTIFICATE----- + +subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-52 +issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEvDCCA6SgAwIBAgICASYwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0NzI4WhcN +MjIxMTIzMTM0NzI4WjBdMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEYMBYGA1UEAwwPRE9E +IEVNQUlMIENBLTUyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw4pb +qFZ5LPm9gcWT24lCj8yLQHYdzntTWgMqPVyveG88rA+bXiAWO6zWUsjPlYQHfxiN +qTZemKgK8OUkVQA4oiQ59EzcNiRsZp1hy7nvDpFcW/0WJzHY5M84ThI57zRH20Ac +iNw1DB7XmR5yJFKTFusipWgsqwWRTtpJlLGJXhTHyG6aNxP6HEXbTLAM4x/0LM9Z +Q2yYihUufgtJYGeLapNb1pPLsPVchhJOQjLFyp3Kx9W1xfjUFftE9FQAwCBJHyC7 +tFMk6DlITy4s7ptst1nNbPYdzGmiix/P7+I702Yn8H3YbmhFD3d+fkhCXqsjio0y +0wWFDaa6vmm3RqF1GQIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHId +gXoWqvLczmbuRcAwHQYDVR0OBBYEFOlmDFyb4lpKsgM2NP18yab4qwc5MA4GA1Ud +DwEB/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycw +CwYJYIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFl +AwIBAxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQF +MAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwv +RE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRw +Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsG +AQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEA +dYEfuTkBoJLwzyIZ/lrxB3ECCes2zWMLe1RsRrQ3QUhkeLcqxxwG1z+UbbmWkrSS +JS0Q1XeLRiT7P1x+ycs1Gvoy5V4CFOryb5eNaDpOclJdXOiRjOGvS0wSeSLGnT/d +lRPrQZcoEm+DFvtSMasu/zR8DnaepKpWLvyFXwvoimvsQVvz4tOS2o4u400KLPBo +MQbTwpDmk39wxf4Aq4m8hznf2BhAy20YH6jY08gXg0pNDVh4CZIxyF2gmE0TDXPv +sx77lxYKW3Bx0ZxHIcfBKifjSiTrGlLeEP9LfEQdpCjJqhG/3BFy6flzwJDEHqHH +swhN9DCJn+3xTeq25PUXPg== +-----END CERTIFICATE----- + +subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-51 +issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEvDCCA6SgAwIBAgICASUwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0NjQ5WhcN +MjIxMTIzMTM0NjQ5WjBdMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEYMBYGA1UEAwwPRE9E +IEVNQUlMIENBLTUxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnw7P +Taj5UGSMi8whxGpPsoChGMjVQRk1Fzp9J/mPjx/oXc2MwMahK3xpE3YB86q/SeH1 +Cv5hc9Pa99HtSF/RaHAo3frFoPnRNoPDLj6ihPGmEWwMKywUgOCnTQcGSlNqR0es +tYrMTxti9bKE3uc0hgWibZYlukiGYg0UygYPS4+afMtzaBljiUWeQFrmCaEgeG3B +UvX/zgNdSqtG9KX1LjqtNZB91hIDrRUNohX5xSLxPMpojC5d391u/0GfAEXeKyAy +bPN8BdVjqJ7FlyueVKUgIAB/t/k6NO3lKEiC+QsrhrwaFI3Yme9JfRsZU8/Yhv0L +wKeJhoz3552oT0e4PwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHId +gXoWqvLczmbuRcAwHQYDVR0OBBYEFDXvECJsuhIPvcJNGeTOfY8FV1w0MA4GA1Ud +DwEB/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycw +CwYJYIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFl +AwIBAxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQF +MAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwv +RE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRw +Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsG +AQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEA +Y2UKHMi98mslNJ9qUBT8ZNGKim+nYkfLfBgdP136smJYYDcwUOXwHt3b1aOy4sXI +0BkNNS6tO5fdvZ7W4/zYFouIVnImaa8hjDiJNoAi5dYKDxkB8iOWYlAP8TZwpKNy +sbGh4EQHWWQ8wDuFcdA5/9ElnxpQ/JJzSgUOHhtGm8vrEQmmJKW0FvbGXhGydHx2 +I5GtDvGHqlpF8GFIAA5HNAaw1s5De2StEYCTS/y95naqZafCxYG62cGbHir8dp0U +KQOUQt88tTh0TAqzcLKz1OJIoIkbfpzV6XiXuL0VSob+W0peZeqTVq+w7nWP1cNr +44ligwwVjeF04L3sZKA54w== +-----END CERTIFICATE----- + +subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-50 +issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEvDCCA6SgAwIBAgICASQwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0NTAwWhcN +MjIxMTIzMTM0NTAwWjBdMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEYMBYGA1UEAwwPRE9E +IEVNQUlMIENBLTUwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAorU5 +fwMKXKwK4SrttozvWb8Zx9g+7pGrzD+cbaZbISrTvNTi9MhDYASMo23nzG/ShHQM +c0qCc10AVUqpAfwRhm9FbphD3r30SWKQsrKeObBW63iMeB6gfhg/+zScvkJxlqj6 +x5cHglMCFQfdqjgmjtcuWIGr7cDf1WQJLGfCz6ilKH/H2no0a3AyoFEAglrUyhC5 +n0IVsmyrWY4Hy9A/0xe84hl+68cJfB4VD+8A+YrUqEgspiqzocvzcuN/GNdeD9Lw +XPqylqnF8SN0HYoHmjbimscIn86wCxARO0siWZ7hStrcbkb+cgFoY5aScdldUkni +YI2cmRy0C5jv+wAfXwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHId +gXoWqvLczmbuRcAwHQYDVR0OBBYEFGUKe10mGzDKLdz81nPHHsF/BIzIMA4GA1Ud +DwEB/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycw +CwYJYIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFl +AwIBAxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQF +MAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwv +RE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRw +Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsG +AQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEA +VnLKwRdYBaPnEONJnTpHoC4znIQMHBsEpQbR8P5j49IXtHRjCpl5PKRIwuAc+Ff3 +ixM3jv/G+LBi26G0ZNGZ4iI11rJ3TLxUqHT12/WXTuS91jePA/f3WIHkGBEFeRs+ +wiROXSAveyMAt1ThK9Bil7BYlLmpgfci7eiKHC6OlA7VZo4OrS03VZTlaaBaU5Te ++tX8XYQ7Kllh9LreXZ2Cks14oNBlS4vzOcZOpw1bamaEbIA13IsGyY/kF7LqSPW2 +b7Jy628ObLeU3a+0lm+nIkjH25FDvtfxD9+2qQHEpRaRclskwIGTmA/Tg/YrrS2Z +am9RD+6E/tsgIIlQE09NEA== +-----END CERTIFICATE----- + +subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-49 +issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEvDCCA6SgAwIBAgICASMwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0MzE0WhcN +MjIxMTIzMTM0MzE0WjBdMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEYMBYGA1UEAwwPRE9E +IEVNQUlMIENBLTQ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAus23 +xtOAbfLxPh+OS8U3N/c7ZsnTNZGki6KjnEg4EVHnUKwBB1pWLeQbZTVp01dHWlxR +KyvANnk+8ozM8tucowx0q6fo5J/YteD9qHFAoWjJQpRB6Hvn2vvHvUbu7iAY5Pel +0B6A0NN/lKW26tTlim6NkV1MuCcvpCGrwH0f2TOCzkDf7IPqQDvLWOjPQP9nmNMG +nS+qCvF5F0iGFXTH1NDeI8EPvKMBQE+LgJ4PAF8eFdDo0mDE6iLfPAIXBzfYUdFk +MS3eVpJOWPzOEYeRLcWQkORvczfxN0obxSH3TGoBLB3ubELOoiqgsTF7rLKE1Kyz +Wrao15uoYf29O9jatQIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHId +gXoWqvLczmbuRcAwHQYDVR0OBBYEFGlEHxqVTqUaf4g6zHsSOSwfzxoxMA4GA1Ud +DwEB/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycw +CwYJYIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFl +AwIBAxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQF +MAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwv +RE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRw +Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsG +AQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEA +XDNkaD2Gwe4ZoWklwvAvveoOYK5s8fJbjZOjI2V1tZjIP5edw8YSvLDGTqsaDlao +28hCVhoOU0+V234p0CAGKNKID6WCR46s7uAALaaWfd4aHDzf20qYsnMrl0eKCv6F +sUtKBkIYJBjxpoaIpudRCnSmQkxweKzCGCtjWCT2MGSJro2Q0eQWTDxnJX9/v8z7 +dZ8ddZO1zgoU1xnAx9LxdrVl6H2VcB17z6t2d5TqSLM/OnuSHT7LWqYbVJERf38D +U0WSQ7VOp2x1SkInJqpewvi+0rl/yh97UoDZuS/GUkVIMFbpJkbcadiEGBINErRl +R5vQZDesBpGqUxNYuIIJbA== +-----END CERTIFICATE----- + +subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-40 +issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 2 +-----BEGIN CERTIFICATE----- +MIIEuDCCA6CgAwIBAgICB8QwDQYJKoZIhvcNAQEFBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDIwHhcNMTUxMTA5MTQyMjU0WhcN +MjExMTA4MTQyMjU0WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEVMBMGA1UEAxMMRE9E +IElEIENBLTQwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsC0FbWsI +la6+NfHD63GReLt85F4jdzs5mlNrXkjVlXJzksaIkmlHfqAWyo6ea8ShhqwdNnXg +PlIb7ej4RoXFqXJIwsCrxQ7rev+sCdkL5UtxOxPq40wbjV+AcjF8Qmp9xoPyImxz +lLebWWJ8HDgJl2HSLrIFibrRFeD0t6GLsT8JhOdQmqE8wRNypZH6oDIhygX3lhBe +RDxuK/6zLMJ+srqG8DMJFJhz0kHh36ugbJJOPLyEGxwjyEicBqk44NFcmr8YWC24 +RM28QjruqwotlsI3woCaTHkVm37fc0xmbAPg4eggxrzXn3dFQE+cw40WBLpy0d0G +05PMAC1LKPdccwIDAQABo4IBhTCCAYEwHQYDVR0OBBYEFM1bl5X91Ceq5yXxnIfW +8gfX0Yc+MB8GA1UdIwQYMBaAFEl0uwxeunr+AlTve6DGlcYJgHCWMBIGA1UdEwEB +/wQIMAYBAf8CAQAwDAYDVR0kBAUwA4ABADAOBgNVHQ8BAf8EBAMCAYYwZgYDVR0g +BF8wXTALBglghkgBZQIBCwUwCwYJYIZIAWUCAQsJMAsGCWCGSAFlAgELETALBglg +hkgBZQIBCxIwCwYJYIZIAWUCAQsTMAwGCmCGSAFlAwIBAxowDAYKYIZIAWUDAgED +GzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmRpc2EubWlsL2NybC9ET0RS +T09UQ0EyLmNybDBsBggrBgEFBQcBAQRgMF4wOgYIKwYBBQUHMAKGLmh0dHA6Ly9j +cmwuZGlzYS5taWwvaXNzdWVkdG8vRE9EUk9PVENBMl9JVC5wN2MwIAYIKwYBBQUH +MAGGFGh0dHA6Ly9vY3NwLmRpc2EubWlsMA0GCSqGSIb3DQEBBQUAA4IBAQBFRhX2 +izaXm5Yu4omDw2mbNo59EYAaITQCcUKbK6pwkmRYICu8DsjLMVhciOgeK4fn4OFA +mYbLXWAtgSknNc+Hugb4WFoLWSb3EKZs8ocb/fR4eJLOKoY1PuRCuozS4yZFPet8 +RFInX8l7NQ41Zyu4O4QNzmcMz4pct0E+7nOisGEjh7/29Q0UmITPek60iVGEBIzz +skjlclPzu7+qJseMF+cIV+DU5hFtEjXZ5HPn4fS2B/Fa15vkbnA9MvkxjFYjgLa6 +Xb/3zH5yYN2b20FluCxWyWD29UKXS5vwnXVGn4d+LIt5LPXbkgYt7uxgGCIkX2ha +hR0L51Yz9q3/sVvm +-----END CERTIFICATE----- + +subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-39 +issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 2 +-----BEGIN CERTIFICATE----- +MIIEuDCCA6CgAwIBAgICB8MwDQYJKoZIhvcNAQEFBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDIwHhcNMTUxMTA5MTQyMTU3WhcN +MjExMTA4MTQyMTU3WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEVMBMGA1UEAxMMRE9E +IElEIENBLTM5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHukMtcV +I9MuUvhC55JlteAPugFH0iElnuOH1uST9FQVwCueIgZEXFQ1HtQyK/N/Dt2nM89Q +FT6lJ55kAPhJtqYpGZYdfrirxWRTNzisQI2GoDTzID9iMYxd4wTikDvuTpV4H0s1 +sU6r9UqdouRFMZ+PrClHyTji8P9PrHY6+YSSLXu76fJgfKNdDBtIGaUhTA9CMOXv +TJGJLiZTuViJobP9hAEWtgd/8C2GIdTwbQPb/R7fsM/joH94HX59A00Q6q2COz1J +G6LB/GqvfIGpIx2NmLx6beRDQ1OpCs3mzqUTXmfQpZD6vweTXkyIGqlEgav5yahv +vjm2Pp7O3VjbEwIDAQABo4IBhTCCAYEwHQYDVR0OBBYEFKrDk9xwD3lROQQd5f8p +6BbIrpPGMB8GA1UdIwQYMBaAFEl0uwxeunr+AlTve6DGlcYJgHCWMBIGA1UdEwEB +/wQIMAYBAf8CAQAwDAYDVR0kBAUwA4ABADAOBgNVHQ8BAf8EBAMCAYYwZgYDVR0g +BF8wXTALBglghkgBZQIBCwUwCwYJYIZIAWUCAQsJMAsGCWCGSAFlAgELETALBglg +hkgBZQIBCxIwCwYJYIZIAWUCAQsTMAwGCmCGSAFlAwIBAxowDAYKYIZIAWUDAgED +GzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmRpc2EubWlsL2NybC9ET0RS +T09UQ0EyLmNybDBsBggrBgEFBQcBAQRgMF4wOgYIKwYBBQUHMAKGLmh0dHA6Ly9j +cmwuZGlzYS5taWwvaXNzdWVkdG8vRE9EUk9PVENBMl9JVC5wN2MwIAYIKwYBBQUH +MAGGFGh0dHA6Ly9vY3NwLmRpc2EubWlsMA0GCSqGSIb3DQEBBQUAA4IBAQCvxzdd ++7fyM+exiin8pLYIADkJ4pUEnO3xxayqEviFgD/kqy6VInSIWP+eajXsTAHQwsUi +aV9i8ba+ejpZpkU83XgyWR873P0Vycg4o2pUdx1jhXzoMqEq/iZBvV6SEKqHRmK3 +8eZ0mzAevAE8vEfr8o1RtwoPO+4Uh6pZpBcj4NWYgL9l+CDotlKivAMIy0nN+NFJ +4SqPWXODhmFlBsCtGY0sJWRWn9sGi0kaEU0sOyqfSnGwchTS34D7MuaDYk7Usgx3 +Sto/Cpp7scmHsVq56evon9YHVxclT3NoWKy9HHxsMIjVVAEGpXOZ05LYW6O02Eds +oZ/0UDsa8A8aV5aL +-----END CERTIFICATE----- + +subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-40 +issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 2 +-----BEGIN CERTIFICATE----- +MIIEuzCCA6OgAwIBAgICB8IwDQYJKoZIhvcNAQEFBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDIwHhcNMTUxMTA5MTQxODQzWhcN +MjExMTA4MTQxODQzWjBdMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEYMBYGA1UEAxMPRE9E +IEVNQUlMIENBLTQwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzNjg +O6XMNXsXqOPEk9Q7ZmS8o3JNb1NhmvC5hpfRuA7GUDT0eFJYt0uWgMqFdSvMTrRs +JW86RfWnuAz9dnszgUPcfimp+6LNy3yEb/NUWQXiiYCKmuDLo8YWkkfzoMIAzVH+ +Dy++wzc7lOngm5ZgDzdVuGd/QRQ880HyJ9HYnJFkMT9vXvlbYDN7HopIWJntpeaa +tqudwm29Iz3wq6/wba8tDd6aWnOwfRfL9uCe8EGuw4xJh1uvpFfMq2N5GhUIb6kS +q4gai+t+b2cfNJ2OIwKQnysfcO5kJne1Za4oI7GP03IDtRyygvBANOTrBnxKUhMX +MjbCxRxNGm6/GJCz5QIDAQABo4IBhTCCAYEwHQYDVR0OBBYEFJuBtqJZi+3pgB/w +Jz1XBT6JL7bMMB8GA1UdIwQYMBaAFEl0uwxeunr+AlTve6DGlcYJgHCWMBIGA1Ud +EwEB/wQIMAYBAf8CAQAwDAYDVR0kBAUwA4ABADAOBgNVHQ8BAf8EBAMCAYYwZgYD +VR0gBF8wXTALBglghkgBZQIBCwUwCwYJYIZIAWUCAQsJMAsGCWCGSAFlAgELETAL +BglghkgBZQIBCxIwCwYJYIZIAWUCAQsTMAwGCmCGSAFlAwIBAxowDAYKYIZIAWUD +AgEDGzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmRpc2EubWlsL2NybC9E +T0RST09UQ0EyLmNybDBsBggrBgEFBQcBAQRgMF4wOgYIKwYBBQUHMAKGLmh0dHA6 +Ly9jcmwuZGlzYS5taWwvaXNzdWVkdG8vRE9EUk9PVENBMl9JVC5wN2MwIAYIKwYB +BQUHMAGGFGh0dHA6Ly9vY3NwLmRpc2EubWlsMA0GCSqGSIb3DQEBBQUAA4IBAQAv +ty5uG7qcbmzT2hU1riC3WUF7fYN6qCRBGRe1beziZqr7NWsJYUWDu9iIvHTRsXdI +SgYgtqseBl9zCmY49iyXWBOs26RF6CyVOOi9cDPMzzuXHfsrFRrlgotvgI/IxJkt +DH41GbkFmx/yZXkCd8wEM5Ud7Gy61zquEvD1qsYM8qUuDCcT0sB70njKQ+ETKQBW +uQdqRDyUSHbnFZaHS8/uGpCL93ie9vVRJEBuGl0fgJXblXDcJsM0YOVgLImGCxnk +lfWCaIA7QtkWmd249PPR+KgM0WW+QXHLEsULo5iUrZxOgPUoo4auLR/Alk4KFmql +8AJej2z9iMmg6Jb1BbG1 +-----END CERTIFICATE----- + +subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-39 +issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 2 +-----BEGIN CERTIFICATE----- +MIIEuzCCA6OgAwIBAgICB8EwDQYJKoZIhvcNAQEFBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDIwHhcNMTUxMTA5MTQxNDQ3WhcN +MjExMTA4MTQxNDQ3WjBdMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEYMBYGA1UEAxMPRE9E +IEVNQUlMIENBLTM5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/Gg +vdig7X8ajfgi1iqHWM3n+GGoqt9cQwGfORbowgjHwIDb7tNQqMPRG2pVYSlST5nl +Nkoe+XRTI/vhExMRYvTDkBmxcFpHAmi4lVFeYHfGYvYn7Ai9SndbTlK4G8tx9BPu +rYjrI7z+TYdlNfcxcqU9Zus3L7VSjo4Nz/oGu1QPdZ3e5W27mrBrGVodhYrGd9zb +vclzDGKpANfrrF6Wm0/t07/j2opYuXDrp3CSVPgHXRCLueDJ+xyIth8oZ/uq7l1u +O2a+4xixCQpuGnTjVfBkC19jSG8WylKn8crduVPLCmRTp65IXgTBAV6gpjta1veA +8+hFLGswsSKzVTy2YwIDAQABo4IBhTCCAYEwHQYDVR0OBBYEFKyd+MRMc6BDXwgl +fUYPZRvLoLCAMB8GA1UdIwQYMBaAFEl0uwxeunr+AlTve6DGlcYJgHCWMBIGA1Ud +EwEB/wQIMAYBAf8CAQAwDAYDVR0kBAUwA4ABADAOBgNVHQ8BAf8EBAMCAYYwZgYD +VR0gBF8wXTALBglghkgBZQIBCwUwCwYJYIZIAWUCAQsJMAsGCWCGSAFlAgELETAL +BglghkgBZQIBCxIwCwYJYIZIAWUCAQsTMAwGCmCGSAFlAwIBAxowDAYKYIZIAWUD +AgEDGzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmRpc2EubWlsL2NybC9E +T0RST09UQ0EyLmNybDBsBggrBgEFBQcBAQRgMF4wOgYIKwYBBQUHMAKGLmh0dHA6 +Ly9jcmwuZGlzYS5taWwvaXNzdWVkdG8vRE9EUk9PVENBMl9JVC5wN2MwIAYIKwYB +BQUHMAGGFGh0dHA6Ly9vY3NwLmRpc2EubWlsMA0GCSqGSIb3DQEBBQUAA4IBAQCa +8QoBL1IVhci+xe1rnO2hJlMnKKWwsRXmxC0qq+sSqdEcq0hmwDFlQeKyI7hByp60 +9J+i5yhu5ebOHGsQuU71/ENMAMOczUYt+MYJocGcwe1g1b/XZtZshgo9N6Gwrlny +WFwbr5CnX6yswooBmUl0xdYvcd/ZZ6/5djuVUu4n6/bIwbWcqkkyEDPGGFNXxenT +DuS3BgRAaggyMcNhQNdH3gcc8DbQ57lB57uBNO0cHcaVa2Nk+TGt3eRoLTeqNHoS +4ZQbg9v4OhAZJtwhKydCtxZAcHcxL2qFXMiT2ots/NmWZyS3sJqSgWcz77a2xREb +is7L2sM8/f9lDnpymyuz +-----END CERTIFICATE----- + +subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID SW CA-36 +issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 2 +-----BEGIN CERTIFICATE----- +MIIEuzCCA6OgAwIBAgICB6EwDQYJKoZIhvcNAQEFBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDIwHhcNMTUwOTIzMTM0NDQyWhcN +MjEwOTIyMTM0NDQyWjBdMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEYMBYGA1UEAxMPRE9E +IElEIFNXIENBLTM2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtnkW +Y6AlD+M3jiVf9vhsodsLFGnoiYi3dQoseibOrPSU555Ft/5GHGmj+nCXW9twRmGp +AckwzWakNR6nyDh56c5OhJxWKEg594B2i9SBmTXicTzBPa3tZNoJh6Ml6/Ofch+G +XR9u/FFdDWs7ubEF2K7u82MQUsYif+tePRAssI0CToGPF5SPw3+CcijFwY73JFFy +my55gZtb9jiEEp1aWrIgJ9nJczyWbFOV15I5tZPQiWlaXq0BGFh1hJiTGhgGs3fZ +H+yqMmOL91Msb9u99TAr4R4A6yDV/s313JkV4kWIJ1CNSPZHsXOY5WXj6zq/CDhM +JqozUbreJREFadAfwwIDAQABo4IBhTCCAYEwHQYDVR0OBBYEFGcaNjy6u2+FA+cj +iK3FZ5ClTLqEMB8GA1UdIwQYMBaAFEl0uwxeunr+AlTve6DGlcYJgHCWMBIGA1Ud +EwEB/wQIMAYBAf8CAQAwDAYDVR0kBAUwA4ABADAOBgNVHQ8BAf8EBAMCAYYwZgYD +VR0gBF8wXTALBglghkgBZQIBCwUwCwYJYIZIAWUCAQsJMAsGCWCGSAFlAgELETAL +BglghkgBZQIBCxIwCwYJYIZIAWUCAQsTMAwGCmCGSAFlAwIBAxowDAYKYIZIAWUD +AgEDGzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmRpc2EubWlsL2NybC9E +T0RST09UQ0EyLmNybDBsBggrBgEFBQcBAQRgMF4wOgYIKwYBBQUHMAKGLmh0dHA6 +Ly9jcmwuZGlzYS5taWwvaXNzdWVkdG8vRE9EUk9PVENBMl9JVC5wN2MwIAYIKwYB +BQUHMAGGFGh0dHA6Ly9vY3NwLmRpc2EubWlsMA0GCSqGSIb3DQEBBQUAA4IBAQB7 +r4RGlVKvdqeCAoErpvW10WRPIn4mmMJbOwzwfgLPzGKvnNQR0CWPWgb8Y7QZYtIT +cbBcWE8awZwB+OWDgTOoxrD0+euOw2CvZg36Z0P7mbS4IF6ElxDd/tzw5Hqr8vkw +hH/F2f6k7+tRznt4+cMQwJmIDKGwoZ+3Atd7CKcouBzXZLcNEbbohJF5z54EYwRU +J5agPcnTZMBDkQfSs9ku1nPrGQfATEBybLTAe31untM6oMzMHw8PYn3Sh7xWTCDG +SFSnPYhzlNKdMb8BKi3spVOxt6t3VHzNXDo8FXRbNpBY/fS7RAmHPPrz5pa9KNtJ +cKENmIqQ5QbjB/P8UX3i +-----END CERTIFICATE----- + +subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-34 +issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 2 +-----BEGIN CERTIFICATE----- +MIIEuzCCA6OgAwIBAgICB6AwDQYJKoZIhvcNAQEFBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDIwHhcNMTUwOTIzMTM0MTU0WhcN +MjEwOTIyMTM0MTU0WjBdMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEYMBYGA1UEAxMPRE9E +IEVNQUlMIENBLTM0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl9rP +JyF3FMlTkbUCbyRbHPGfd9K7RKdmnCE257ehsNm7nM7Q9zxc8SpbTSDbOaP3Wqov +S5bmsSE+leWR/MhTGV4VMKztZmkGea8WYd5zooz+OrmfuoxEoCy5Ciya+RT+wLOw +H0ApD4doIkrkZd2Q2ZJeL/8pDDj1hPAMLpTfJbekNsQ3hsWnKp7AWVsliY4lR8u0 +RYmX4LHYM5hN+qf6uiOLK6U/pcXcyRa3ymxiqq0gkVKqzybqKjlF4JucUU9zTc/R +cm2XSQEFl5niGI1YRRcrwGdl88TEYqcD8LfqAfKtVHvKy6nQ49L2S8qXQi7p9DmB +bGf0c9gZFxG2SAo19wIDAQABo4IBhTCCAYEwHQYDVR0OBBYEFA+GWX7j+ucT+zE7 +wTkMfGCLQMLdMB8GA1UdIwQYMBaAFEl0uwxeunr+AlTve6DGlcYJgHCWMBIGA1Ud +EwEB/wQIMAYBAf8CAQAwDAYDVR0kBAUwA4ABADAOBgNVHQ8BAf8EBAMCAYYwZgYD +VR0gBF8wXTALBglghkgBZQIBCwUwCwYJYIZIAWUCAQsJMAsGCWCGSAFlAgELETAL +BglghkgBZQIBCxIwCwYJYIZIAWUCAQsTMAwGCmCGSAFlAwIBAxowDAYKYIZIAWUD +AgEDGzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmRpc2EubWlsL2NybC9E +T0RST09UQ0EyLmNybDBsBggrBgEFBQcBAQRgMF4wOgYIKwYBBQUHMAKGLmh0dHA6 +Ly9jcmwuZGlzYS5taWwvaXNzdWVkdG8vRE9EUk9PVENBMl9JVC5wN2MwIAYIKwYB +BQUHMAGGFGh0dHA6Ly9vY3NwLmRpc2EubWlsMA0GCSqGSIb3DQEBBQUAA4IBAQBU +9C9y03/5bT/I09cfBTJDhgP5zoFm45xTzfA47ENg9zj7VntEUG9KH4lkgnIxrD+p +hx5kGZgpxK218MWlQKWutYtrFeeS+RBisyVEGEtF2JjYEmQ4dUAOfVEy2iE/6jlg +7JWB3nPNCVYjWsvYAwrtciclM/xdAbuBm1valn5TFGwp3UQNMfkbiYs6luVubPmO +760ruzCJyDwcOopbraZJ3BNqMVbPHL68axpk8mKE83k6WgqMYIEsolA2F95OSPuB ++3jjC6U0fehSz5Ud4xmFdFV4AiW6mgCYy1RZxwPO7HovxjRs+tg8UtwcOjnVBPpM +5Qh8+8BEUs7sjKlow1tH +-----END CERTIFICATE----- + +subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-34 +issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 2 +-----BEGIN CERTIFICATE----- +MIIEuDCCA6CgAwIBAgICB58wDQYJKoZIhvcNAQEFBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDIwHhcNMTUwOTIzMTM0MDMwWhcN +MjEwOTIyMTM0MDMwWjBaMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEVMBMGA1UEAxMMRE9E +IElEIENBLTM0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz7At/wMM +qpI56sRrQlphyt7hTUYitQma2jYHROcUqaROcqW7Q+sZQuH5lENLlRP6xd/mIYac ++w390E2kPbMQwA46yb399LTve7pJoeukdfNUhgLtBJ1R9Kg3IRJhgr8J9vnY5m5S +y+MsGKhwA5XHcGtJtC0NiKYuxnqZpHpa4pDHNFaRQFl+nka12K15qxPgyf6+ro4m +LHJcD2Mk/KE82ETlBgI5TRxxSVLeO9PnFPcNyLMxD2IKe/1zdoHTpDU6lIEjln2v +22QN2Ibr1HBwOACwITWeMMr9tUg2fQtIBzLkybJbWxgo9J5kPpoqQih2Eo6ZKky5 +dSdcuOQrwr2OYwIDAQABo4IBhTCCAYEwHQYDVR0OBBYEFBgkTL1Wlo/EyOP9BWWL +mIjjiHDGMB8GA1UdIwQYMBaAFEl0uwxeunr+AlTve6DGlcYJgHCWMBIGA1UdEwEB +/wQIMAYBAf8CAQAwDAYDVR0kBAUwA4ABADAOBgNVHQ8BAf8EBAMCAYYwZgYDVR0g +BF8wXTALBglghkgBZQIBCwUwCwYJYIZIAWUCAQsJMAsGCWCGSAFlAgELETALBglg +hkgBZQIBCxIwCwYJYIZIAWUCAQsTMAwGCmCGSAFlAwIBAxowDAYKYIZIAWUDAgED +GzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmRpc2EubWlsL2NybC9ET0RS +T09UQ0EyLmNybDBsBggrBgEFBQcBAQRgMF4wOgYIKwYBBQUHMAKGLmh0dHA6Ly9j +cmwuZGlzYS5taWwvaXNzdWVkdG8vRE9EUk9PVENBMl9JVC5wN2MwIAYIKwYBBQUH +MAGGFGh0dHA6Ly9vY3NwLmRpc2EubWlsMA0GCSqGSIb3DQEBBQUAA4IBAQAGxypr +9mbQvdY2thCJ3ANDuIn1MK8IhiX3We5joBshmTcfh71DFKsNvUps4BPdjfNGcHng +CTlgHwe4MEsNzUpSkD3e2nm7jPriXh4tRL5RJFEK6yxDL+k3LTL0c/gVjjhsnZoi +mr2a8JoWyDUVdUJmHly4M6GtDWw2l6CiEro3Lv3pEuURrgE+demq3WMhb5IZw7+N +Zi4GapdONX/a+e3028H9KVOC2IbfH9FZGhL96g5YtASd+twKydAen61NE49wYZqZ +rn0E2PywQSqZjiuiEM9F3QNzGVd9geux4TIYvzyQl0ywWkimZlCQPkQUe/hOUdZW +MFJfAy8EW8z4XsPc +-----END CERTIFICATE----- + +subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID SW CA-35 +issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 2 +-----BEGIN CERTIFICATE----- +MIIEuzCCA6OgAwIBAgICB54wDQYJKoZIhvcNAQEFBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDIwHhcNMTUwOTIzMTMzNzUwWhcN +MjEwOTIyMTMzNzUwWjBdMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEYMBYGA1UEAxMPRE9E +IElEIFNXIENBLTM1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAivXY +eDP8GJB+ao4zla/UEtJDKEflwOSda8kGxkfbz9mMLQFB0iamHa+g/ldgulIUr/pr +upUb959Q2i26GrWHRozgWniOdLU6/X4ZQnic2cM8ejit9TK45jGmr9Krk7+Gvt+i +XtDHTVAQKyVJOKBZyexFE/zBeGjEv5d4tnLy2rjqrgfskXTAYTBJfOkJvHogmuP2 +hrMcEkC/b6LYAAFy7obVdmZcv7B9c4brzml6ZdW/Hjp/S9Z+qY+WnDr+hnbN0Oc+ +qxAaxZxY7kMBMBCEMXH9wBnGFEVQ0CFW918zYKXaIDizkcMCC7GlORKGnQh3gxKn +r7NOc5mSlVK6W5az9wIDAQABo4IBhTCCAYEwHQYDVR0OBBYEFN7CRmPJB/WsEhyq +mREdH+pT5lQyMB8GA1UdIwQYMBaAFEl0uwxeunr+AlTve6DGlcYJgHCWMBIGA1Ud +EwEB/wQIMAYBAf8CAQAwDAYDVR0kBAUwA4ABADAOBgNVHQ8BAf8EBAMCAYYwZgYD +VR0gBF8wXTALBglghkgBZQIBCwUwCwYJYIZIAWUCAQsJMAsGCWCGSAFlAgELETAL +BglghkgBZQIBCxIwCwYJYIZIAWUCAQsTMAwGCmCGSAFlAwIBAxowDAYKYIZIAWUD +AgEDGzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmRpc2EubWlsL2NybC9E +T0RST09UQ0EyLmNybDBsBggrBgEFBQcBAQRgMF4wOgYIKwYBBQUHMAKGLmh0dHA6 +Ly9jcmwuZGlzYS5taWwvaXNzdWVkdG8vRE9EUk9PVENBMl9JVC5wN2MwIAYIKwYB +BQUHMAGGFGh0dHA6Ly9vY3NwLmRpc2EubWlsMA0GCSqGSIb3DQEBBQUAA4IBAQCW +F8rvKyx7YtnMtonV/LyPXUHpCnFbGeg8drZ7qNKLVxxLraVBSs6rQz1XiKTcyzpu +zYfPyDIHvxaugkJg3cL/oruKJ3GZ/wxQdNzcljfhAcpuz0BCv3nGzHy2khAoFbds +ZbjTeeP189okGF8hV9Wv0jImfvgAyQJV4Sve7KBQvwwBJRRLA92WTPmkbSi/LtO7 +2FyOiuoaRA68xmptPiL1xjap0fHJfovs6imAGl8DuVERDsuPiNoQzsDDkPaNQ9j+ +/sAFszlaatFIBKTmZ0hWk9PHnSLb5vlP1zyFJuUSK6Ab5s0jWUFed/YGCPalQSys +aBRL9SJlA8HhG84Ywl2q +-----END CERTIFICATE----- + +subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-33 +issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 2 +-----BEGIN CERTIFICATE----- +MIIEuzCCA6OgAwIBAgICB50wDQYJKoZIhvcNAQEFBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDIwHhcNMTUwOTIzMTMzNDU3WhcN +MjEwOTIyMTMzNDU3WjBdMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEYMBYGA1UEAxMPRE9E +IEVNQUlMIENBLTMzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwSKS +bVjWCG5J6MNxhYf1FAiXnHuZFVMZ0b3XTV9rE944yOfKBGT76dCBIAvegMB2HqB2 +ijX/ME5JB6o/YKHHq1DfWTKKiBc++0Pu2L/5EGQfqMMEr7e44hmydzjVrIfM+1/s +wV8C+kTqDtK6CnQio/E4sKnALwcMKi6QhdNotGRuHPQzYFvu3CXWhekic6hD4rFK +jKKhi92f00nMGs2uKtkHZZ/zfqZqi0B1ngDMIO2nklz8MIlHtuyy6aVe1kjd7j/z +7rYBISC0u7MtH7nDWXTS9H/jer7/NPH6Jv84euHwYZoiW+XJsV+n39N6fUz6A3DH +VEjdltOveeCBC1LI8QIDAQABo4IBhTCCAYEwHQYDVR0OBBYEFBVlzf0tkBZKr/w4 +lwDc6kOw3yCXMB8GA1UdIwQYMBaAFEl0uwxeunr+AlTve6DGlcYJgHCWMBIGA1Ud +EwEB/wQIMAYBAf8CAQAwDAYDVR0kBAUwA4ABADAOBgNVHQ8BAf8EBAMCAYYwZgYD +VR0gBF8wXTALBglghkgBZQIBCwUwCwYJYIZIAWUCAQsJMAsGCWCGSAFlAgELETAL +BglghkgBZQIBCxIwCwYJYIZIAWUCAQsTMAwGCmCGSAFlAwIBAxowDAYKYIZIAWUD +AgEDGzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmRpc2EubWlsL2NybC9E +T0RST09UQ0EyLmNybDBsBggrBgEFBQcBAQRgMF4wOgYIKwYBBQUHMAKGLmh0dHA6 +Ly9jcmwuZGlzYS5taWwvaXNzdWVkdG8vRE9EUk9PVENBMl9JVC5wN2MwIAYIKwYB +BQUHMAGGFGh0dHA6Ly9vY3NwLmRpc2EubWlsMA0GCSqGSIb3DQEBBQUAA4IBAQA0 +aN8RNdEAXOx0WqWKmJoBt2y8LJv1EYbhSWoUP+U0OLTPpkrz0nH4/vR/EYtpkbHV +KOAlXWzlyCigMI8spRUKuAtpyq4BFE4kppL8jBc977oLPTFu/Xw+Hw1U2W07fL8n +VbxxYQZltrMu6yYztK/GuNpXnSWD17ZgtypvkefzttygHUfyVTqMsYBpYWncSu9E +ju6VtYJVikCqDfevloX6tX+4pUPsyyxkUMe0xm8YvO4iN/OX3ABW0IGPtGxhIMWz +/aE9BFtgUY45gnpcAagoqN8I1FYq+zaeflPb0h3yevoypAzRqAt3FftEXDHlcEdj +P6LrZrEWHn3iSLihEODb +-----END CERTIFICATE----- + +subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-33 +issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 2 +-----BEGIN CERTIFICATE----- +MIIEuDCCA6CgAwIBAgICB5wwDQYJKoZIhvcNAQEFBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDIwHhcNMTUwOTIzMTMzMjMyWhcN +MjEwOTIyMTMzMjMyWjBaMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEVMBMGA1UEAxMMRE9E +IElEIENBLTMzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx3397Vyy +U8iwnti8z0835m6o5N6b9ZbPg2AwbGZsBHEA0aW9LrgWqVNdRrFN+L73IVfYhrpd +B9SO72ZGsBfekTPAK4/g0WPwoxDeO+jpBDDbrp/mOrxWlZseY6jpSvETmYdBHuql +dnh+HbnuM7/c863NrUHZvq9T5+wEJekvhJOkta92+WPQhTmoRGDz/C0k7EYVIxWB +XqNDSqbb4eT+9kavdZKMuALhV/Qvij1UC7EyxYGT5GPclNvCDtRxmo397vmiZMpr +LuXqy8DJNnQmQfRSEknYRG13+UAQsYs2GmBc2M7nUXhzmfmAjG3DQNs7F6D0mwym +PurM27FE6rQx8wIDAQABo4IBhTCCAYEwHQYDVR0OBBYEFC2O2dSD8uKQjEufb/lG +52pLzbwnMB8GA1UdIwQYMBaAFEl0uwxeunr+AlTve6DGlcYJgHCWMBIGA1UdEwEB +/wQIMAYBAf8CAQAwDAYDVR0kBAUwA4ABADAOBgNVHQ8BAf8EBAMCAYYwZgYDVR0g +BF8wXTALBglghkgBZQIBCwUwCwYJYIZIAWUCAQsJMAsGCWCGSAFlAgELETALBglg +hkgBZQIBCxIwCwYJYIZIAWUCAQsTMAwGCmCGSAFlAwIBAxowDAYKYIZIAWUDAgED +GzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmRpc2EubWlsL2NybC9ET0RS +T09UQ0EyLmNybDBsBggrBgEFBQcBAQRgMF4wOgYIKwYBBQUHMAKGLmh0dHA6Ly9j +cmwuZGlzYS5taWwvaXNzdWVkdG8vRE9EUk9PVENBMl9JVC5wN2MwIAYIKwYBBQUH +MAGGFGh0dHA6Ly9vY3NwLmRpc2EubWlsMA0GCSqGSIb3DQEBBQUAA4IBAQCzqB2z +CqvPEhgEgFD9/ebtFDm6a3c5JtW+1GRgvw2Bm0rVQ3NNecr+C1YnwTv4fut+75rd +a2R77MDyszJYzM6i0nO6f30xm5dGKPgGS7HiPD3Ph47XLY/N+cuAj0mowXCOWK56 +n0uvXU5DKxrAeqlbaUOYakyCw67Pzz+FBNSWlTxrjEkG8rqzUIY7VXX8MtectJ65 +rahntartTt+gsOzECELWFwoRvPzV7pUrY9VSnKR8sjusnxK4J/b0cRk2RblXUe3G +Un9fXfDDnUQ3CgQtbScfDWOeAbPJdLYWW75YSzsyW03amrOi2aBJZU1E+7hvJkm7 +cw8ckAW5tJD5SRim +-----END CERTIFICATE----- + +subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 2 +issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 2 +-----BEGIN CERTIFICATE----- +MIIDcDCCAligAwIBAgIBBTANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQGEwJVUzEY +MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsT +A1BLSTEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgMjAeFw0wNDEyMTMxNTAwMTBaFw0y +OTEyMDUxNTAwMTBaMFsxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVy +bm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRYwFAYDVQQDEw1Eb0Qg +Um9vdCBDQSAyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwCzB9o07 +rP8/PNZxvrh0IgfscEEV/KtA4weqwcPYn/7aTDq/P8jYKHtLNgHArEUlw9IOCo+F +GGQQPRoTcCpvjtfcjZOzQQ84Ic2tq8I9KgXTVxE3Dc2MUfmT48xGSSGOFLTNyxQ+ +OM1yMe6rEvJl6jQuVl3/7mN1y226kTT8nvP0LRy+UMRC31mI/2qz+qhsPctWcXEF +lrufgOWARVlnQbDrw61gpIB1BhecDvRD4JkOG/t/9bPMsoGCsf0ywbi+QaRktWA6 +WlEwjM7eQSwZR1xJEGS5dKmHQa99brrBuKG/ZTE6BGf5tbuOkooAY7ix5ow4X4P/ +UNU7ol1rshDMYwIDAQABoz8wPTAdBgNVHQ4EFgQUSXS7DF66ev4CVO97oMaVxgmA +cJYwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD +ggEBAJiRjT+JyLv1wGlzKTs1rLqzCHY9cAmS6YREIQF9FHYb7lFsHY0VNy17MWn0 +mkS4r0bMNPojywMnGdKDIXUr5+AbmSbchECV6KjSzPZYXGbvP0qXEIIdugqi3VsG +K52nZE7rLgE1pLQ/E61V5NVzqGmbEfGY8jEeb0DU+HifjpGgb3AEkGaqBivO4XqS +tX3h4NGW56E6LcyxnR8FRO2HmdNNGnA5wQQM5X7Z8a/XIA7xInolpHOZzD+kByeW +qKKV7YK5FtOeC4fCwfKI9WLfaN/HvGlR7bFc3FRUKQ8JOZqsA8HbDE2ubwp6Fknx +v5HSOJTT9pUst2zJQraNypCNhdk= +-----END CERTIFICATE----- + +subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-32 +issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 2 +-----BEGIN CERTIFICATE----- +MIIFUjCCBDqgAwIBAgICA6IwDQYJKoZIhvcNAQEFBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDIwHhcNMTMwMjA0MjA0ODEyWhcN +MTkwMjA0MjA0ODEyWjBdMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEYMBYGA1UEAxMPRE9E +IEVNQUlMIENBLTMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/qq +hsqKGhsDTnFtQbbZZZpu/zYqPwLTfJVliFqk969jt1LHGvu7lXMHQmGLSqZ76VYH +NhuqNwIgHKTO+7bQaav8OEzI20ZW96JefucxtO7B/81kv3mCQSt30vh9q0yP98Ye +PPiOLz0Ug9qSmAnY0MZaWTaLh6KJ3b5KXsvNtkd+QaYJVGxBlnRbBsPUwS5GfV42 +342iRnGsSrrEsffJFwov3aPshCHPqAXqueMub59+fbsdFnVPkh0D5hE4mDZ6odQA +PK0QWK8VxzZL4zubTbW0kL6tq9PAhLP83BWICYwRUFAv5HDstwquSlPiNsQFboB1 +Eo03RvJLDDgcSR+sgwIDAQABo4ICHDCCAhgwHQYDVR0OBBYEFAqwqjhWR3sWfb6r +k5a8VN2F++0sMB8GA1UdIwQYMBaAFEl0uwxeunr+AlTve6DGlcYJgHCWMBIGA1Ud +EwEB/wQIMAYBAf8CAQAwDAYDVR0kBAUwA4ABADAOBgNVHQ8BAf8EBAMCAYYwZgYD +VR0gBF8wXTALBglghkgBZQIBCwUwCwYJYIZIAWUCAQsJMAsGCWCGSAFlAgELETAL +BglghkgBZQIBCxIwCwYJYIZIAWUCAQsTMAwGCmCGSAFlAwIBAxowDAYKYIZIAWUD +AgEDGzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmRpc2EubWlsL2NybC9E +T0RST09UQ0EyLmNybDCCAQEGCCsGAQUFBwEBBIH0MIHxMDoGCCsGAQUFBzAChi5o +dHRwOi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTJfSVQucDdjMCAG +CCsGAQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDCBkAYIKwYBBQUHMAKGgYNs +ZGFwOi8vY3JsLmdkcy5kaXNhLm1pbC9jbiUzZERvRCUyMFJvb3QlMjBDQSUyMDIl +MmNvdSUzZFBLSSUyY291JTNkRG9EJTJjbyUzZFUuUy4lMjBHb3Zlcm5tZW50JTJj +YyUzZFVTP2Nyb3NzQ2VydGlmaWNhdGVQYWlyO2JpbmFyeTANBgkqhkiG9w0BAQUF +AAOCAQEAD72PR/+5yb1D5c6+tfM5y0UWWaPftlIkPAlVS9m/lXq9dtngMIfNSqmj +LZ7ZKATGlq4BFIDQJVbxWANV79KoIlKrge8A/q/HSdKMIC6kcYH3JssOpW3VQXd7 +LTO7m7N8nD89/8LuefKJChCMkHRdNGdwvgL+gEYZB859L5aoxBPQ758psTSpuYyl +iTSzjD5H+GaMkdHuq8HqcYXJX7Cp7tsA1DAqQs5XYxAiMKichkESXb5QfBP66yhz +X3IziV9/DWikPf0WJugKk/57H4aBgCe+Z3GGG33Hb7epcQHGY7NzfQFrMyLteYmK +DuZyAnM3P8sxge2k+wtqO1KEukz3jg== +-----END CERTIFICATE----- + +subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD CA-32 +issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 2 +-----BEGIN CERTIFICATE----- +MIIFTDCCBDSgAwIBAgICA6EwDQYJKoZIhvcNAQEFBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDIwHhcNMTMwMjA0MjA0NDA1WhcN +MTkwMjA0MjA0NDA1WjBXMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTESMBAGA1UEAxMJRE9E +IENBLTMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+KVHZM2LSWl +Dv146e/qk9E6ydhXvRnf0cei0ejZ/dKOFajdvT5k9Lb+nAPfS7Blt6sEGDIZbBMB +UtHmtchBEre+O8tNQBCIyp62/TV3bSb2ZK0RhwypJXpYn7C9mPaTXxvv77KXrfgV +59zmoGp1DVHfVR1oQVJJLsecaFdWR4/e9lIugW9WvAaJEpSfI70/gceGAnUwXjOh +3OETu/15VgE8Shn0LOuQZGTX6AovUYbVCJuE+/npi0LKZdKQBxyCl4xEI1cGLHVp +KHCy7T5M1eOWdxX9upXPW5ZpAnfWgNmPhynj5wV2r8qNEmA0cseznThuTJYynpA1 +rXWL0WJACQIDAQABo4ICHDCCAhgwHQYDVR0OBBYEFC/Kk1MDrG919Xb6vv6O6hCL +t+eQMB8GA1UdIwQYMBaAFEl0uwxeunr+AlTve6DGlcYJgHCWMBIGA1UdEwEB/wQI +MAYBAf8CAQAwDAYDVR0kBAUwA4ABADAOBgNVHQ8BAf8EBAMCAYYwZgYDVR0gBF8w +XTALBglghkgBZQIBCwUwCwYJYIZIAWUCAQsJMAsGCWCGSAFlAgELETALBglghkgB +ZQIBCxIwCwYJYIZIAWUCAQsTMAwGCmCGSAFlAwIBAxowDAYKYIZIAWUDAgEDGzA3 +BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmRpc2EubWlsL2NybC9ET0RST09U +Q0EyLmNybDCCAQEGCCsGAQUFBwEBBIH0MIHxMDoGCCsGAQUFBzAChi5odHRwOi8v +Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTJfSVQucDdjMCAGCCsGAQUF +BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDCBkAYIKwYBBQUHMAKGgYNsZGFwOi8v +Y3JsLmdkcy5kaXNhLm1pbC9jbiUzZERvRCUyMFJvb3QlMjBDQSUyMDIlMmNvdSUz +ZFBLSSUyY291JTNkRG9EJTJjbyUzZFUuUy4lMjBHb3Zlcm5tZW50JTJjYyUzZFVT +P2Nyb3NzQ2VydGlmaWNhdGVQYWlyO2JpbmFyeTANBgkqhkiG9w0BAQUFAAOCAQEA +MI3VVmO9mQaLTbbSDgO5xoTSm3dBGojS/8Pa4uZnYb3Zeu04OV6rC1g0+droYnmv +OXLzSqfjTjkQzenSCOrUnpqnNTWTkwJZ4kwAHPP8ayFTSoxh52HL0EYL0T+cafXv +UIrwQLMrVloda2JZBbOPJxgFCkNbAu/dUl5bwKkcVuOVbJdPAYNWcl3XfVHjWlQu +uJj9ck4lj4sW0bDhM+OSfBBVMyRmrw8zBlNIA4eftGR0tdI9InK30Y43ERM5357n +0AwLilkRMmX/9rlGvT82nqeUAFfwwBnhLNxM9y9MkB1D764I43OeOr+Z7CK5B1iu +2TVSS1G7gTaPn24hCqaOhw== +-----END CERTIFICATE----- + +subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-31 +issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 2 +-----BEGIN CERTIFICATE----- +MIIFUjCCBDqgAwIBAgICA58wDQYJKoZIhvcNAQEFBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDIwHhcNMTMwMTE2MTQ1MjQzWhcN +MTkwMTE2MTQ1MjQzWjBdMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEYMBYGA1UEAxMPRE9E +IEVNQUlMIENBLTMxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6K4C +LEBMOlLoi3OStHfnOEvA8KpKGFzH9zXDSvDwlnell74n78REIYDqFjS3MNFEOH8q +zgTGkWWpblB8yE7+vcC1SxbkOFIV27O391M98rEH25FmXcG38ndmxFGaY5QRSwId +DUt8swBHB3kY+nizkx/Udm2ZBMUeNkb8BjQL42hvHnyfLM9huEv/tN8Gn6BflF7r +Nf8JXTVAB/Kd7ZYJ2Xbq/m4x/sv0ResweEhobKEpPoZ9k0FK6ucMTOWRUCqlQ2a8 +IsD8Gyzk8y9iHgTUIb+sHyZ3NdAdvOK7RsLy6+QUrviza7P6cTiwcSnt0Ysb1wIb +3srsfu6h3Eil8T6UqQIDAQABo4ICHDCCAhgwHQYDVR0OBBYEFIbxW2hv3TDzlIJo +1Ez3RB24ymiBMB8GA1UdIwQYMBaAFEl0uwxeunr+AlTve6DGlcYJgHCWMBIGA1Ud +EwEB/wQIMAYBAf8CAQAwDAYDVR0kBAUwA4ABADAOBgNVHQ8BAf8EBAMCAYYwZgYD +VR0gBF8wXTALBglghkgBZQIBCwUwCwYJYIZIAWUCAQsJMAsGCWCGSAFlAgELETAL +BglghkgBZQIBCxIwCwYJYIZIAWUCAQsTMAwGCmCGSAFlAwIBAxowDAYKYIZIAWUD +AgEDGzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmRpc2EubWlsL2NybC9E +T0RST09UQ0EyLmNybDCCAQEGCCsGAQUFBwEBBIH0MIHxMDoGCCsGAQUFBzAChi5o +dHRwOi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTJfSVQucDdjMCAG +CCsGAQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDCBkAYIKwYBBQUHMAKGgYNs +ZGFwOi8vY3JsLmdkcy5kaXNhLm1pbC9jbiUzZERvRCUyMFJvb3QlMjBDQSUyMDIl +MmNvdSUzZFBLSSUyY291JTNkRG9EJTJjbyUzZFUuUy4lMjBHb3Zlcm5tZW50JTJj +YyUzZFVTP2Nyb3NzQ2VydGlmaWNhdGVQYWlyO2JpbmFyeTANBgkqhkiG9w0BAQUF +AAOCAQEAWTKtqsP435xknHEJNMG9vGMAHi3b7anICOO5GOSvyq4Uwd27+XODg1eO +lMmgqgMHzmecteUXWT8ouBc22rqNw5YRAWpQ1gbaaKRK0guFfM2I3/9ed+b1pEiR +0E6iZ2r4aO+qF0Xv2JYK3c/wPoe2v4g/01S+PhLOofkLbzLRVL+EWzWg2wdktavp +eR7i8qp0cueREvfHu27u5XSQECSLt+fNnIWQR+Tib38gvSy7g5YjTahM2H4uXhUp +uCV9VzULLRVUjKnc4OU3nahPIJWDK8USNj2oc+FOiEmlubv6CUooWjO55JJ5W3v4 +pU/zyTTNmYywumB+n4Q+5jz6flrr5g== +-----END CERTIFICATE----- + +subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD CA-31 +issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 2 +-----BEGIN CERTIFICATE----- +MIIFTDCCBDSgAwIBAgICA50wDQYJKoZIhvcNAQEFBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDIwHhcNMTMwMTE2MTQ0OTMwWhcN +MTkwMTE2MTQ0OTMwWjBXMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTESMBAGA1UEAxMJRE9E +IENBLTMxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxicQL5CWONnf +5l8/uon7ZoLrtqXt8FaQFkDnbKKweWZZ15hiMdEzIlPjHlykVmamTVb7w+JCEqv5 +wEpLQO+RE4Y5MFHWbo4nt0GJKQHuWEZzBHFEXGlDPjLmZN+za5kscKLQPk3YWBJt +RfA9k1S+3+L7zxH//IoBN++nLrpADGo+HOQKMoBpvSI57Et2ybFakzwhhDjdcxOC ++V0MgQqpslN02QuOwOiXuz1fE4y1uTvs9rudjiD2a7ydFDLcfrniY7BqwYC5FvyR +76yyCZ9SR1gTXmJ+mhKGW8UgH+GOZgB2U+znIokhTF+56b6gUpMOpsjezLeCrSJt +i9AwUzZVVwIDAQABo4ICHDCCAhgwHQYDVR0OBBYEFETjRqNB7mCxXqeTJfSgU+63 +Sb67MB8GA1UdIwQYMBaAFEl0uwxeunr+AlTve6DGlcYJgHCWMBIGA1UdEwEB/wQI +MAYBAf8CAQAwDAYDVR0kBAUwA4ABADAOBgNVHQ8BAf8EBAMCAYYwZgYDVR0gBF8w +XTALBglghkgBZQIBCwUwCwYJYIZIAWUCAQsJMAsGCWCGSAFlAgELETALBglghkgB +ZQIBCxIwCwYJYIZIAWUCAQsTMAwGCmCGSAFlAwIBAxowDAYKYIZIAWUDAgEDGzA3 +BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmRpc2EubWlsL2NybC9ET0RST09U +Q0EyLmNybDCCAQEGCCsGAQUFBwEBBIH0MIHxMDoGCCsGAQUFBzAChi5odHRwOi8v +Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTJfSVQucDdjMCAGCCsGAQUF +BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDCBkAYIKwYBBQUHMAKGgYNsZGFwOi8v +Y3JsLmdkcy5kaXNhLm1pbC9jbiUzZERvRCUyMFJvb3QlMjBDQSUyMDIlMmNvdSUz +ZFBLSSUyY291JTNkRG9EJTJjbyUzZFUuUy4lMjBHb3Zlcm5tZW50JTJjYyUzZFVT +P2Nyb3NzQ2VydGlmaWNhdGVQYWlyO2JpbmFyeTANBgkqhkiG9w0BAQUFAAOCAQEA +R1FS3PSgc5pC5wvsI5GNJXW0RII0qvlGdVHD9g745+MvtCDD76FlNOCdh8HmLmLw +J+jrxc81ldJAgIuSCbamG9USZDHbtdQO3wqKtlb1vHaSkxl8v2V9coHYZHs5NIp2 +WMwdQ/cHzxyDA3O+OBfbdK1pCRF87djWAo1mPatryjPbx3pmxd6nJ0gPZhLuaCTA +75HqBhkqUFgT4CL8DrEk++uOQgIPd4gVi+by9VO3fOBVmxPWtnDKc3DjUyXBKB57 +xCxJbpDbqstbAxvCh4f1q75RcXNtJmZ7mx0X4O3jwN4dJ7HtDTRGPt0uXvSCcNrR +kxt53dZK5875P3MfzormFg== +-----END CERTIFICATE----- + diff --git a/ssl/server-certs/dev.cac.atat.codes.crt b/ssl/server-certs/dev.cac.atat.codes.crt new file mode 100644 index 00000000..86b81ccb --- /dev/null +++ b/ssl/server-certs/dev.cac.atat.codes.crt @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDmTCCAoGgAwIBAgIJAPTXTxYH3TyDMA0GCSqGSIb3DQEBCwUAMGkxCzAJBgNV +BAYTAlVTMRUwEwYDVQQIEwxQZW5uc3lsdmFuaWExFTATBgNVBAcTDFBoaWxhZGVs +cGhpYTEMMAoGA1UEChMDRG9EMQwwCgYDVQQLEwNERFMxEDAOBgNVBAMTB0FUQVQg +Q0EwHhcNMTgwNjAxMTk0NjIyWhcNMzgwNTI3MTk0NjIyWjBzMQswCQYDVQQGEwJV +UzELMAkGA1UECAwCVkExETAPBgNVBAcMCFNvbWVDaXR5MRIwEAYDVQQKDAlNeUNv +bXBhbnkxEzARBgNVBAsMCk15RGl2aXNpb24xGzAZBgNVBAMMEmRldi5jYWMuYXRh +dC5jb2RlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOGjINZSzsSH +MP0e+PxJhuM7v0juaB51UyzEp1tnrICKygQ+JaVLUmvZTiwsILfAFJ0Atxr50nga +CG5R+QN+JAOBJ6v1tKW/NQ7kWCM8tyC5f1aU0rf5Yvl6dhZXJKszOTROG+3Qg/cH +DM57/YrbOBnm30PaEAFD/s13hKEZklVgX3wYyaB2oRmXBbvWog9uFl3PLQBmnCPr +q7aFlr2S3THO46PqHITtijwEDQViXgE+K5wm6ogi/cXzuD4aYq0PVk+6WaorXBOZ +pOWnRyyX2OaJMyFzjuTBKQ80NMivcuh+fRQIhviSepeNuXeyZkWzQtixZPh22/Rv +3lmWW4mY3D0CAwEAAaM6MDgwNgYDVR0RBC8wLYISZGV2LmNhYy5hdGF0LmNvZGVz +gg5jYWMuYXRhdC5jb2Rlc4IHYmFja2VuZDANBgkqhkiG9w0BAQsFAAOCAQEALeJM +LAPCxoqi/RirJcY5beiHZgLGLgolDHJEE8ZzKtuNqJvGWPwrTRGmr+mm31Qnl8IP +M/skIC5CtYTdJRHD3AYNyFOFWmTuDS929mWxg50eZr8xdpS5sQ5AqiBclToXgOTI +qRje/ojofTVl8RdT1q1gH0f+Ul60fywckngtSzJu2EkMTjy1xRCzmm137PakGuwc +IZE+4trl2adE7GVWhYsF+SaroiLMIxFCcJqeqtbPK3OfuGMLUUr20O42fWfZskqa +xenWST0R4M5ixMx1L3mou3vqQxHjihRpCaFDgpVJ0EbHbw2j3gqSiVF7q6N0mxFk +RZ088LtbYUr/LL3TCg== +-----END CERTIFICATE----- diff --git a/ssl/server-certs/dev.cac.atat.codes.csr b/ssl/server-certs/dev.cac.atat.codes.csr new file mode 100644 index 00000000..224ceb04 --- /dev/null +++ b/ssl/server-certs/dev.cac.atat.codes.csr @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIDATCCAekCAQAwczELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlZBMREwDwYDVQQH +DAhTb21lQ2l0eTESMBAGA1UECgwJTXlDb21wYW55MRMwEQYDVQQLDApNeURpdmlz +aW9uMRswGQYDVQQDDBJkZXYuY2FjLmF0YXQuY29kZXMwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQDhoyDWUs7EhzD9Hvj8SYbjO79I7mgedVMsxKdbZ6yA +isoEPiWlS1Jr2U4sLCC3wBSdALca+dJ4GghuUfkDfiQDgSer9bSlvzUO5FgjPLcg +uX9WlNK3+WL5enYWVySrMzk0Thvt0IP3BwzOe/2K2zgZ5t9D2hABQ/7Nd4ShGZJV +YF98GMmgdqEZlwW71qIPbhZdzy0AZpwj66u2hZa9kt0xzuOj6hyE7Yo8BA0FYl4B +PiucJuqIIv3F87g+GmKtD1ZPulmqK1wTmaTlp0csl9jmiTMhc47kwSkPNDTIr3Lo +fn0UCIb4knqXjbl3smZFs0LYsWT4dtv0b95ZlluJmNw9AgMBAAGgSTBHBgkqhkiG +9w0BCQ4xOjA4MDYGA1UdEQQvMC2CEmRldi5jYWMuYXRhdC5jb2Rlc4IOY2FjLmF0 +YXQuY29kZXOCB2JhY2tlbmQwDQYJKoZIhvcNAQELBQADggEBAJgWiXenFnBMAL+H +tM3RvgsVXVd5ccAL0tiiRplm88JrtEPylDmN4HG1pp7Y11ziMoZvP5TZBJEVrArw +ONT6VacOs+5UBw9lQDU7KYNbUEZlcCfPBA/cfxdWUgV0pDV/tOVUeB16HOZjIrNA +3s6r2GhI7fnUEWhbmEKe7DvUyX0seMmpMl/E48b7FQ4i+1frhSjH5SC1GwKJLM3P +Sq5JALYUFUdn9yNCMc4tGtRwrJkPoUAzUQRlczJ4KsHl0ma5uAQ+B80H3spWgb/j +/25+mQl8vzLE3m/mVcCGikAapJTyA56EQhxp2Zrmy29bXsWhaR7xzRxWtrIGUXlE +g8vKEEc= +-----END CERTIFICATE REQUEST----- diff --git a/ssl/server-certs/dev.cac.atat.codes.key b/ssl/server-certs/dev.cac.atat.codes.key new file mode 100644 index 00000000..c7ff3d88 --- /dev/null +++ b/ssl/server-certs/dev.cac.atat.codes.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA4aMg1lLOxIcw/R74/EmG4zu/SO5oHnVTLMSnW2esgIrKBD4l +pUtSa9lOLCwgt8AUnQC3GvnSeBoIblH5A34kA4Enq/W0pb81DuRYIzy3ILl/VpTS +t/li+Xp2FlckqzM5NE4b7dCD9wcMznv9its4GebfQ9oQAUP+zXeEoRmSVWBffBjJ +oHahGZcFu9aiD24WXc8tAGacI+urtoWWvZLdMc7jo+ochO2KPAQNBWJeAT4rnCbq +iCL9xfO4PhpirQ9WT7pZqitcE5mk5adHLJfY5okzIXOO5MEpDzQ0yK9y6H59FAiG ++JJ6l425d7JmRbNC2LFk+Hbb9G/eWZZbiZjcPQIDAQABAoIBAQDDpyxGLC/XAlNc +aYsFWMx6JcjMeM4X+yxQWYW1IMTYAYEDBNCn8BRcKGY8r1b/frNhIMmlvpLeSdSd +tL70ZGDeGRRJbBlkz9Q2QZKbm35ABhmA/jNqC/ni0mmrHY1SVmx4CnL1WCXWAmr8 +cU99JHIVI7jdoSzXrBo6GDUNbJsTI4kLmJO31zTnO3A10r6eTG6+t0kqdprcG3oE +pTpJnycy+z5cXf/8gv+yMicDpSzts0YjeSFvG0TPNVrvINsoXK837M0DycotUsik +0I1TyWMR66b8ceP34A86eWPjVQw/jU0kdDD0AN4Key/EymS21vGVml1vVNP3ZvkH +A6pE9scRAoGBAPmwb6VfRtJRPIieexqatilO6hH5B+A05FvopGdFEs7aDdnsBKXS +FalEp0ArR0DRu65c4nF0NNBUkciq5VrEdoNyz5OKIV6ypl+FOtoDpaDlgQEGctE/ +fjjw4EAt0uvCJYMjrSpeiS6aIHb9QPU5kTEjfJrIvkorRxGa4XQzvcBPAoGBAOdX +EZEEZP9Qy0GE60j12VQ9jkVrmCfWyDd1qR09iN0fXFcTr1mj5E+nQimI+3OX1ymg +EgPOqTxxGj7W9erEEpT2xlERuBVP9CnBQPjl4llTJtMNpYsX76OLCRe9QYvCkVsE +1rvCu9Kdbrok/GZIyZxPShMsxg0SnFsEKvpu2AuzAoGBAPCuv2AUcEspnYU/5wBl +I7S76et7NrlLothpb5hQP+n+zR1EYdKJqPGqSOIVFbEIurY/uNOOJZ6v9nsNKNqO +yIK6+BaLLtF+udsXrPwcSdrHf8vCMIk9f+lZX4Dd6xPw6IH5sOFHkUrHrQWl56i6 +XheU0nbNjIgoIXB58Fs3yPAHAoGAGYdCKP6TJpmD1HcWf7ahhOpGCOMWp07MSVJy +lwdzUvNi/Tju4LV1PFT4uBylotveonlHg6QKiODyRHz0JjP82PNibw/FgJSSHQl2 +YgD8OV8zqZaX7gF2MFXnavc3hHS0FZczGwUiNNuqnF/4elEN7nHResw2Drs/Bcwv +8fLJZIECgYEA17uHOALkj6m9oFeepMddgVzfTtEzhjwJIB3/dhv9K5Y6UkxOrwvE +d813gvlXziZ6StMMbbwW+TPU87Z8B92y2rMP/e3ui4Z3/ObMfeSCWX6892M3jfAu +RB4FLpR4us5RWZ7rpSyZzmA4/4NaBMxz8b6fD8vImjbbwYfJbq7oKFI= +-----END RSA PRIVATE KEY----- diff --git a/ssl/ssl.conf b/ssl/ssl.conf new file mode 100644 index 00000000..ff411a96 --- /dev/null +++ b/ssl/ssl.conf @@ -0,0 +1,39 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + ssl_certificate /etc/ssl/dev.cac.atat.codes.crt; + ssl_certificate_key /etc/ssl/dev.cac.atat.codes.key; + ssl_session_timeout 1d; + ssl_session_cache shared:SSL:50m; + ssl_session_tickets off; + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; + ssl_prefer_server_ciphers on; + + ssl_verify_client optional; + ssl_verify_depth 10; + ssl_client_certificate /etc/ssl/ca-chain.pem; + error_log /var/log/nginx/authnid.error.log debug; + + add_header Strict-Transport-Security max-age=15768000; + #ssl_stapling on; + #ssl_stapling_verify on; + + location / { + try_files $uri @app; + } + + location @app { + include uwsgi_params; + uwsgi_pass unix:///tmp/uwsgi.sock; + uwsgi_param HTTP_X_SSL_CLIENT_VERIFY $ssl_client_verify; + uwsgi_param HTTP_X_SSL_CLIENT_CERT $ssl_client_raw_cert; + uwsgi_param HTTP_X_SSL_CLIENT_S_DN $ssl_client_s_dn; + } + + location /static { + alias /app/static; + } +} diff --git a/tests/domain/authnid/test_crl.py b/tests/domain/authnid/test_crl.py new file mode 100644 index 00000000..6bfdd99e --- /dev/null +++ b/tests/domain/authnid/test_crl.py @@ -0,0 +1,86 @@ +# Import installed packages +import pytest +import re +import os +import shutil +from OpenSSL import crypto, SSL +from atst.domain.authnid.crl.validator import Validator +import atst.domain.authnid.crl.util as util + + +class MockX509Store(): + def __init__(self): + self.crls = [] + self.certs = [] + + def add_crl(self, crl): + self.crls.append(crl) + + def add_cert(self, cert): + self.certs.append(cert) + + def set_flags(self, flag): + pass + +def test_can_build_crl_list(monkeypatch): + location = 'ssl/client-certs/client-ca.der.crl' + validator = Validator(crl_locations=[location], base_store=MockX509Store) + assert len(validator.store.crls) == 1 + +def test_can_build_trusted_root_list(): + location = 'ssl/server-certs/ca-chain.pem' + validator = Validator(roots=[location], base_store=MockX509Store) + with open(location) as f: + content = f.read() + assert len(validator.store.certs) == content.count('BEGIN CERT') + +def test_can_validate_certificate(): + validator = Validator( + roots=['ssl/server-certs/ca-chain.pem'], + crl_locations=['ssl/client-certs/client-ca.der.crl'] + ) + good_cert = open('ssl/client-certs/atat.mil.crt', 'rb').read() + bad_cert = open('ssl/client-certs/bad-atat.mil.crt', 'rb').read() + assert validator.validate(good_cert) + assert validator.validate(bad_cert) == False + +def test_can_dynamically_update_crls(tmpdir): + crl_file = tmpdir.join('test.crl') + shutil.copyfile('ssl/client-certs/client-ca.der.crl', crl_file) + validator = Validator( + roots=['ssl/server-certs/ca-chain.pem'], + crl_locations=[crl_file] + ) + cert = open('ssl/client-certs/atat.mil.crt', 'rb').read() + assert validator.validate(cert) + # override the original CRL with one that revokes atat.mil.crt + shutil.copyfile('tests/fixtures/test.der.crl', crl_file) + assert validator.validate(cert) == False + +def test_parse_disa_pki_list(): + with open('tests/fixtures/disa-pki.html') as disa: + disa_html = disa.read() + crl_list = util.crl_list_from_disa_html(disa_html) + href_matches = re.findall('DOD(ROOT|EMAIL|ID)?CA', disa_html) + assert len(crl_list) > 0 + assert len(crl_list) == len(href_matches) + +class MockStreamingResponse(): + def __init__(self, content_chunks): + self.content_chunks = content_chunks + + def iter_content(self, chunk_size=0): + return self.content_chunks + + def __enter__(self): + return self + + def __exit__(self, *args): + pass + +def test_write_crl(tmpdir, monkeypatch): + monkeypatch.setattr('requests.get', lambda u, **kwargs: MockStreamingResponse([b'it worked'])) + crl = 'crl_1' + util.write_crl(tmpdir, crl) + assert [p.basename for p in tmpdir.listdir()] == [crl] + assert [p.read() for p in tmpdir.listdir()] == ['it worked'] diff --git a/tests/fixtures/disa-pki.html b/tests/fixtures/disa-pki.html new file mode 100644 index 00000000..9510ab9f --- /dev/null +++ b/tests/fixtures/disa-pki.html @@ -0,0 +1,75 @@ + + + + +DoD PKI CRLDPs + + + +

UNCLASSIFIED
+ +

This list is provided by DoD PKE Engineering. It is updated as new CAs come online.
+This is a list of CRL Distribution Points (CRLDPs) for all DoD CAs.

+

Updated April 5, 2018

+ +DoD Root CA 2
+DoD Root CA 3
+DoD Root CA 4
+DoD Root CA 5
+DoD Interoperability Root CA 1
+DoD Interoperability Root CA 2
+NIPR INTERNAL NPE ROOT CA 1
+DoD NPE Root CA 1
+DoD WCF Root CA 1
+DoD CCEB Interoperability Root CA 1
+DoD CCEB Interoperability Root CA 2
+DoD DMDN Signing CA 1
+DoD CA-31
+DoD CA-32
+DoD ID CA-33
+DoD ID CA-34
+DoD ID SW CA-35
+DoD ID SW CA-36
+DoD ID SW CA-37
+DoD ID SW CA-38
+DoD ID CA-39
+DoD ID CA-40
+DoD ID CA-41
+DoD ID CA-42
+DoD ID CA-43
+DoD ID CA-44
+DoD ID SW CA-45
+DoD ID SW CA-46
+DoD ID SW CA-47
+DoD ID SW CA-48
+DoD ID CA-49
+DoD ID CA-50
+DoD ID CA-51
+DoD ID CA-52
+DoD EMAIL CA-31
+DoD EMAIL CA-32
+DoD EMAIL CA-33
+DoD EMAIL CA-34
+DoD EMAIL CA-39
+DoD EMAIL CA-40
+DoD EMAIL CA-41
+DoD EMAIL CA-42
+DoD EMAIL CA-43
+DoD EMAIL CA-44
+DoD EMAIL CA-49
+DoD EMAIL CA-50
+DoD EMAIL CA-51
+DoD EMAIL CA-52
+DoD SW CA-53
+DoD SW CA-54
+DoD SW CA-55
+DoD SW CA-56
+DoD SW CA-57
+DoD SW CA-58
+ + + + +

UNCLASSIFIED
+ + diff --git a/tests/fixtures/test.der.crl b/tests/fixtures/test.der.crl new file mode 100644 index 00000000..dc8310f2 --- /dev/null +++ b/tests/fixtures/test.der.crl @@ -0,0 +1,14 @@ +-----BEGIN X509 CRL----- +MIICDjCB9zANBgkqhkiG9w0BAQQFADCBjTELMAkGA1UEBhMCVVMxFTATBgNVBAgT +DFBlbm5zeWx2YW5pYTEVMBMGA1UEBxMMUGhpbGFkZWxwaGlhMRAwDgYDVQQKEwdG +YXV4RG9EMQswCQYDVQQLEwJQVzERMA8GA1UEAxMIRmF1eCBEb0QxHjAcBgkqhkiG +9w0BCQEWD2ZhdXhkb2RAZG9kLmNvbRcNMTgwNzMwMjEzMzQ3WhcNMTgwODI5MjEz +MzQ3WjA4MBoCCQCoSzDcVuoXYxcNMTgwNzMwMjEzMzAxWjAaAgkA3u1dCnHnJ9kX +DTE4MDYyMDIwNDYxMVowDQYJKoZIhvcNAQEEBQADggEBAIYH2GbZUfqbqAaNJW2W +jREAbHnk2x5PSUri/YL9nH7ZAviZARtjuy5WKmu4hhAc/RwarwITT3NtP3BddLTF +RCd1vdsKWh4s7QqEZQSXaXb4/uEP2rsLVmbWoZxIp2gXrQXSA5kkKx0N3pY3kETg +vuMax8E2GdoJLNJe0xm0+hk4C9HcOf+WPL26n1+J4ZIhKf67BfZli0eFZue1PeVA +Ow2XBnKI/yw4GA9+OFcZ4JzJnRMdx/O9bjbzj3gkx9t22Ukzo66BVklplqWmb4YQ +PaRl0LxZtP/GLE6Ej8QmwK2SC26M60F6ceIFtgY3gor5J3oWmXGYz5xm4PWLj5fp +v2w= +-----END X509 CRL-----