add CRL functionality from authnid

ssl/client-certs/README.md

@@ -0,0 +1,30 @@
+Right now, we have two client certificates:
+
+- atat.mil.crt: beautiful, good, works great
+- bad-atat.mil.crt: banned, very bad, is on the CRL
+
+I more or less used [this article](https://access.redhat.com/documentation/en-us/red_hat_update_infrastructure/2.1/html/administration_guide/chap-red_hat_update_infrastructure-administration_guide-certification_revocation_list_crl) to generate the CRL. Note that I departed from it slightly and used a variation on the openssl config recommended by the ca man page (`man ca`).
+
+I added the new crl:
+
+```
+openssl crl -inform pem -in ssl/client-certs/client-ca.crl -outform der -out crl/simon.crl
+```
+
+Running the scripts verifies that the good one is good and the bad one is bad.
+
+We can also verify with OpenSSL. First concatenate the CA Bundle and the CRL:
+
+```
+cat ssl/server-certs/ca-chain.pem ssl/client-certs/client-ca.crl > /tmp/test.pem
+```
+
+Verify the certs:
+
+```
+openssl verify -verbose -CAfile /tmp/test.pem -crl_check ssl/client-certs/bad-atat.mil.crt
+> error 23 at 0 depth lookup:certificate revoked
+openssl verify -verbose -CAfile /tmp/test.pem -crl_check ssl/client-certs/atat.mil.crt
+> atat.mil.crt: OK
+```
+

ssl/client-certs/atat.mil.crt

@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDqTCCApECCQCoSzDcVuoXYzANBgkqhkiG9w0BAQsFADCBjTELMAkGA1UEBhMC
+VVMxFTATBgNVBAgTDFBlbm5zeWx2YW5pYTEVMBMGA1UEBxMMUGhpbGFkZWxwaGlh
+MRAwDgYDVQQKEwdGYXV4RG9EMQswCQYDVQQLEwJQVzERMA8GA1UEAxMIRmF1eCBE
+b0QxHjAcBgkqhkiG9w0BCQEWD2ZhdXhkb2RAZG9kLmNvbTAeFw0xODA3MjQyMDM0
+MDJaFw0xOTA3MjQyMDM0MDJaMIGeMQswCQYDVQQGEwJVUzEVMBMGA1UECBMMUGVu
+bnN5bHZhbmlhMRUwEwYDVQQHEwxQaGlsYWRlbHBoaWExDDAKBgNVBAoTA0RvRDEL
+MAkGA1UECxMCUFcxITAfBgNVBAMTGEFSVC5HQVJGVU5LRUwuMTIzNDU2Nzg5MDEj
+MCEGCSqGSIb3DQEJARYUYWdhcmZ1bmtlbEBzYW5kZy5jb20wggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDCRftouylCKDN9GoKRJMWA3gnfEshRxi4P1xU9
+xm0qgPIzTpeZCNUcDbSQzovXQ58ElrDTdUeMv0OV/RLOnNFKgPSAd2f1F4BE1rJR
+WHLFjG6mPj769Wl1BhGAwOY/zdhfHYjTKZSApUfP6MuKsD2nciOnJFlqJ439R4LC
+S8Fv3RnnKMQlSTMiudOMhtzr8v1poDlxVzu9IF7i/MZKCBFz3e1G2LFIr5ZL+djg
+4rsI4lNPVNt1sRiXy/+kltBY8RIbPPP70iT+zmrr6PmEeDSwDSKgW+TBCGK3yFCr
+kPXjMZhWOt+7eLanL2KJNrohEkJFzI3tb7zVm6zg5SC1GTIFAgMBAAEwDQYJKoZI
+hvcNAQELBQADggEBAKm4W2mAqtRUpwCstCqJCdoOsIgW9pZKTczLERbODHvbfXZA
+MfGGnYQiuoOddu9K9UJQIHZLMUYmF9gj9HdY60ttNWeH5XRXIXn6t1Pn8W7q042Q
+RqeJ/uOtNG1UXRtHQhK1j73xD3ZSTGw7rTIA2qDgRQMp1h28405kZIiNVRFdNjFh
+irAvtQkIXWhIGSr/Lwop98RmTsV17v4iK14Uf2i5QUjdIECiGqGSlk9Jmj8dajzN
+cSarkhWDuQmlCplF1lTNcXenC66d1bE/KXb3dEGg+h99KfZVw1+9c5DbWag6IVgG
+Xts4GcPhuiKF/pJWRO11L2CfyCveoGM9Osz/vvc=
+-----END CERTIFICATE-----

ssl/client-certs/atat.mil.csr

@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC5DCCAcwCAQAwgZ4xCzAJBgNVBAYTAlVTMRUwEwYDVQQIEwxQZW5uc3lsdmFu
+aWExFTATBgNVBAcTDFBoaWxhZGVscGhpYTEMMAoGA1UEChMDRG9EMQswCQYDVQQL
+EwJQVzEhMB8GA1UEAxMYQVJULkdBUkZVTktFTC4xMjM0NTY3ODkwMSMwIQYJKoZI
+hvcNAQkBFhRhZ2FyZnVua2VsQHNhbmRnLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAMJF+2i7KUIoM30agpEkxYDeCd8SyFHGLg/XFT3GbSqA8jNO
+l5kI1RwNtJDOi9dDnwSWsNN1R4y/Q5X9Es6c0UqA9IB3Z/UXgETWslFYcsWMbqY+
+Pvr1aXUGEYDA5j/N2F8diNMplIClR8/oy4qwPadyI6ckWWonjf1HgsJLwW/dGeco
+xCVJMyK504yG3Ovy/WmgOXFXO70gXuL8xkoIEXPd7UbYsUivlkv52ODiuwjiU09U
+23WxGJfL/6SW0FjxEhs88/vSJP7Oauvo+YR4NLANIqBb5MEIYrfIUKuQ9eMxmFY6
+37t4tqcvYok2uiESQkXMje1vvNWbrODlILUZMgUCAwEAAaAAMA0GCSqGSIb3DQEB
+BQUAA4IBAQCvnKvR8agOyJmLFcrROWGWLdGsr6CFmkcQe1eJ2GFP9XsIbuIjxssn
+K2yEK1hY6BAAPl76Arh3WkHOXVQjuzW3hlsu+uwKJnYDecG3I9btP+NkPNyKWrbr
+S2GIqa71oKadncV/P9DKsc2+KL2BFo8+IbvwVSPGj63JlJh2T9JFPeAqxeKCUiuO
+ac+dgxNtMQRSEYwE1kgdaJu5yRBfepZaeNGJ2KjCivQdsgnlVllPCNwtjciIRLWl
+UBdt8kh6Dx0RVIkck5fViFiJodxbfw9filjYITgRuANEJHytNzo3ChsWflZ0UYi/
+j8jAvoqL2d+D/a2ijaxlQeCqu5MUB4wR
+-----END CERTIFICATE REQUEST-----

ssl/client-certs/atat.mil.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAwkX7aLspQigzfRqCkSTFgN4J3xLIUcYuD9cVPcZtKoDyM06X
+mQjVHA20kM6L10OfBJaw03VHjL9Dlf0SzpzRSoD0gHdn9ReARNayUVhyxYxupj4+
++vVpdQYRgMDmP83YXx2I0ymUgKVHz+jLirA9p3IjpyRZaieN/UeCwkvBb90Z5yjE
+JUkzIrnTjIbc6/L9aaA5cVc7vSBe4vzGSggRc93tRtixSK+WS/nY4OK7COJTT1Tb
+dbEYl8v/pJbQWPESGzzz+9Ik/s5q6+j5hHg0sA0ioFvkwQhit8hQq5D14zGYVjrf
+u3i2py9iiTa6IRJCRcyN7W+81Zus4OUgtRkyBQIDAQABAoIBAQC0+nSmsBRTaRfu
+J1AS3mqPDkmr4ddzNmeaogdLsRnpSo5WdZSMH8pHhAz+CSwEsR3mLGs10j+BQnw3
+sbZfe38NJOyg8JuLmwUHG+qqFPd2SMibXclWCGDhf3G2u/zC24QBt4XLESUiYtZv
+PLLA1EXbQ10rS5VwasC/fmq1jdT52yEi4viXdMOSfjYCWg+xIwBsyCQs/lWLsqWD
+ZKLYfUAFsYqQ1Axz96yiscgNfPfoPRMoTvU3TuQlGhiQ1ygG5f4xlLEuHXpj1yWw
+/liSZVq/a+WQlVAKdlA4IXiC8szPagNSa/beEaj3R+ifoCad5hp/Fsj2JQlHmm30
+D8PAAVFRAoGBAPnRytHsicCuqck0oa2c2nE7gExrZhrO+rZoDHPBXjQiTFstil8r
+wK1OCjeeX9TV18szPhkimCVel+goNhSmW4n3BcAM1HTFdZlKY7dwVN/tvtl852Sw
+gVhGd3kFDkjUBTlK7W+IW7dzW3KwoSbcBpPRtIX9kKR5Braek4h4pUv3AoGBAMcU
+ZMqlHB6k1HH+3bZhyTk1BBAF2PcocqOkI9ahSQjDmVGMSa+nVxC7qE0l+hRRpaFd
+Ck6zn41p87Yos1nwNwOBcT3AIk0CNYGTJXJQQnkVzjB2yTdKDC/nAH++WOE2daw6
+0n1kIygOeL6na6r+jCQbsmwmORlqZ1nLPjCIPlrjAoGASpNiJICkLqz1amcXzKgC
+XcMRbb6x4FbhaQpujS+wW4fRm3Zg1EBPaGzfh/LzUKn1nWdSplY5bQ5r8pXubwOq
+V+kyAj7SPXmkvXoDgoM6Ew755hrvSJOYSS3gBHSJ6xu/43aGosDmAEGjjv1DXkJY
+hFAZv9YOE8s9Qc7c4+SAE8kCgYEAm+JPLhJtW11r8LtF9orJWt81iCpcAuSMJ7De
+UzDFlHQ8uIsmI8Hfvf2DQq2rDYAFNr441Pl3xO6i5A8oqRMcsMUJ2/V3pl9FcGm9
+F67a7h9x7acF1iJIOrYiQOTWibrwF2WT7pWbpcD3MSq9dw6Mw7VgV6jyawFTXg90
+aeI1GUsCgYEA2/7tNN0Of5W/Ff/2lm9ePhYsZSr+9NoBBQvai7+m5qpSzvoE304Q
+1qPW+T5pA4Da34nG+fGJMop0QX9rRTdyE9Ct++8ybIdLFAf35fDxgciohkziji8+
+0BHK7f+GqTDF+KoIZDZYPQgJX17/h8XNtBBSbP7WX8WZHIco/0BtOrc=
+-----END RSA PRIVATE KEY-----

ssl/client-certs/bad-atat.mil.crt

@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn4CCQDe7V0Kcecn2TANBgkqhkiG9w0BAQUFADCBjTELMAkGA1UEBhMC
+VVMxFTATBgNVBAgTDFBlbm5zeWx2YW5pYTEVMBMGA1UEBxMMUGhpbGFkZWxwaGlh
+MRAwDgYDVQQKEwdGYXV4RG9EMQswCQYDVQQLEwJQVzERMA8GA1UEAxMIRmF1eCBE
+b0QxHjAcBgkqhkiG9w0BCQEWD2ZhdXhkb2RAZG9kLmNvbTAeFw0xODA2MjAyMDQz
+MTlaFw0xODA3MjAyMDQzMTlaMIGLMQswCQYDVQQGEwJVUzEVMBMGA1UECBMMUGVu
+bnN5bHZhbmlhMRUwEwYDVQQHEwxQaGlsYWRlbHBoaWExDDAKBgNVBAoUA1MmRzEe
+MBwGA1UEAxMVU0lNT04uUEFVTC4zODU2MTM1OTAxMSAwHgYJKoZIhvcNAQkBFhFz
+aW1vbkBzX2FuZF9nLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AKao36qwC9Sk5hMujFQm5h7B6WoRFqbWpTw7VSAZeW2ykwWbOBmsEAfgOJ+ctyHq
+oMG0S23zJxSkfjO1PLXvu9r1ML0zXtm0uUiTJOMEMyrUBbfCV8zJ3TMuA7voWLi7
+QKsXh1bHdDIXbYP6dLC3w3CnBnr9VihzLth5KLEpz9ePX5gZljHVGldNY4ZR3UbD
+IeL7GD0z/jdcNuHxLYsI9gnnfxrOx8LmzDHDwTNsvKYNRjkdu+pja0ojDrE3T61g
+nKrWQsDwP9T7v27AfhrF1sxy+5K3YiQkDGtbvwFtKBIG3DJBw8qAqEPbtXw9FpYt
+7p8Ti/QYM5SGr/+w3yOgvrkCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAgVarfkoj
+YtZ4X/uNzaSTYO10nyPblebmCGdJW4Cwgk7tcyB+ufLKPrWaC0+Y6XPZwCkAM8UF
+KqwYVnMWTkYdUI2ff1vst9tZRiANGXuQLgbdGAP2TrcBk/N5Glm6J4wrpT5VAXjR
+gBeVxMIWkGb5geDXISJujzrQU26roxEm3F4oUwvAgvMQd/Ha/pzXioaLycc0k91J
+apCafD39u5A+X/Y4QG/GfLG0kqOS2ioJDIlb+EJRzIL7s4cvv530p+VLu+AYEgKx
+MmGOnmML3qO/+oeL3Y32TP4Hzm2asNScseoi8a1ygyV88rLjLaVrsj7CFp9zJL0O
+Ksoovip0wuSVdQ==
+-----END CERTIFICATE-----

ssl/client-certs/bad-atat.mil.csr

@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC0TCCAbkCAQAwgYsxCzAJBgNVBAYTAlVTMRUwEwYDVQQIEwxQZW5uc3lsdmFu
+aWExFTATBgNVBAcTDFBoaWxhZGVscGhpYTEMMAoGA1UEChQDUyZHMR4wHAYDVQQD
+ExVTSU1PTi5QQVVMLjM4NTYxMzU5MDExIDAeBgkqhkiG9w0BCQEWEXNpbW9uQHNf
+YW5kX2cuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApqjfqrAL
+1KTmEy6MVCbmHsHpahEWptalPDtVIBl5bbKTBZs4GawQB+A4n5y3IeqgwbRLbfMn
+FKR+M7U8te+72vUwvTNe2bS5SJMk4wQzKtQFt8JXzMndMy4Du+hYuLtAqxeHVsd0
+Mhdtg/p0sLfDcKcGev1WKHMu2HkosSnP149fmBmWMdUaV01jhlHdRsMh4vsYPTP+
+N1w24fEtiwj2Ced/Gs7HwubMMcPBM2y8pg1GOR276mNrSiMOsTdPrWCcqtZCwPA/
+1Pu/bsB+GsXWzHL7krdiJCQMa1u/AW0oEgbcMkHDyoCoQ9u1fD0Wli3unxOL9Bgz
+lIav/7DfI6C+uQIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBAHQg3idmnhAX9CyO
+xbzfrTQ989vs110lTRh8VY+64ufkS2bxGO4fQik+VfSi9wFshTGaUlhtgiBrdfAt
+9udaQprWmZabBmiDnoUWiM5srJfYHL5yytrYynwpVe7Y3kPvPT/Zd+B9NBr+G0aq
+SxIDce7236vAcjocgCv8gmkdrfkpOTR87gx5q3b1BBv/we4+dUKysloC1Aw23/de
+Fi49SH9Xt8ZWUBsW5MesrmTfCXPTauYgYRt8bKtA0qvzzmiE5Ydihpi9HilGuCMr
+2LKBQETR6m4FgNXNcsRIlqPR+EY8llTYMEu7LvvHn2RmVpeIT2v5TADV0AighQyB
+++ZbkbE=
+-----END CERTIFICATE REQUEST-----

ssl/client-certs/bad-atat.mil.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpgIBAAKCAQEApqjfqrAL1KTmEy6MVCbmHsHpahEWptalPDtVIBl5bbKTBZs4
+GawQB+A4n5y3IeqgwbRLbfMnFKR+M7U8te+72vUwvTNe2bS5SJMk4wQzKtQFt8JX
+zMndMy4Du+hYuLtAqxeHVsd0Mhdtg/p0sLfDcKcGev1WKHMu2HkosSnP149fmBmW
+MdUaV01jhlHdRsMh4vsYPTP+N1w24fEtiwj2Ced/Gs7HwubMMcPBM2y8pg1GOR27
+6mNrSiMOsTdPrWCcqtZCwPA/1Pu/bsB+GsXWzHL7krdiJCQMa1u/AW0oEgbcMkHD
+yoCoQ9u1fD0Wli3unxOL9BgzlIav/7DfI6C+uQIDAQABAoIBAQCJUEiAzO3idT7v
+fQG38BjYLLLRZmUAb4fS2Zvoh7SpsmE6VEpjtIW8x3w/3hJxSmzLTG59l8KSWnl0
+xxXPXUetPym6KZIz05h5eGsC9Jnn5qsTXXeTzpqHKZmAAA7hnb7JeOhUkp9lCjJ8
+dCYi2DWaIrPPL94GE+j8CM+DMM0Db9QmShQC5XbZPgsHiHvvffuvd4G90XcANEM/
+KHuwSoZ9xgySZDG+ENlqYu93GGrL3DYUozjMUChzVKZYyYySxII1ja11oznXcAyG
+nj5xeBmKv6KzYD5LOMIapWfVTNHLG1FM7bhVccrWKIAVKW4Lqd+gcMC+/wU2YIx9
+K9WGV8RlAoGBANWTrGCvaM9r2piXlGB6VB/KmZXFI9R7wjE+waW+3XBZ6YVZiMGQ
+jebeT+PPbeaggaDMIxZ70vJ+rNbS2MYrI44AIIueq636PoT7JtjfhakgZ7LBqc37
+F56rvObPTuFCElVKS1/nIaNAnvoNUoSqt42t7+VzkNfLYCalkHHpsXxHAoGBAMfD
+eUhuUaPTDT02NVjrNAA0yIkRIoyrbv7KGKuJStoPy7W4L6aZC0iFWZmwXTYBuC73
+ulZQ88X3bexKS0NkfQJBLPTQFYNUYS/H+OCwkuFj160tysZbG8rx/IsfZwWqoitH
+wR1Bgz++k5AApcgjMEWmt8l0NT5Mr6M0waylWGz/AoGBALQa3giCo14XU7XOTZ+2
+SO6uSSoVnwt2eeJRS7fb5pzyFY0QXdTtc9y2qKQxrjoILIhO3V/+d3tq+5IFKCyl
+AEylKszSt2/1UXeO28mTZQGkhA4oZmt/TQHPTXNOavRmZVNrXXi4TpN+0RGI3odl
+93gQr/bMp95ycNjmUZLeQX/NAoGBAI6PT5SDNjwFuCMA9p1YbSnggWRgGBnvliy6
+qVRxjDuGnkg3A7qO6eB9We42UK7kFz9dh1tmNjIHXCkO9BtKMXRUcvLbNR8eLqVc
+vp4LJSc4i4iJb3aTOohgnWvjozAGD+l3MbfhMvtg1AomjCkCA8cRLYPVLNIjBA0i
+7zx4W1ydAoGBAKS26yBJT9ZbIKLtoqZ6wOdz0l4r+ZaHmO+LjiGuFUh7w2s2MsPR
+Q1JwE5aXaXP9gY7md/gz7Fcm3ebjwRkdcvGvIQyncv4mF64b+FFnpgjQFHg5+OqD
+A57e0VDFI2LYhFstVHNZ1sRA+tBKQygd7Hzlz4BZdSD6EY7fvWNSJ7/j
+-----END RSA PRIVATE KEY-----

ssl/client-certs/client-ca.crt

@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIElTCCA32gAwIBAgIJAN5qDki+VlfPMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYD
+VQQGEwJVUzEVMBMGA1UECBMMUGVubnN5bHZhbmlhMRUwEwYDVQQHEwxQaGlsYWRl
+bHBoaWExEDAOBgNVBAoTB0ZhdXhEb0QxCzAJBgNVBAsTAlBXMREwDwYDVQQDEwhG
+YXV4IERvRDEeMBwGCSqGSIb3DQEJARYPZmF1eGRvZEBkb2QuY29tMB4XDTE4MDYy
+MDIwMzg0N1oXDTE5MDYyMDIwMzg0N1owgY0xCzAJBgNVBAYTAlVTMRUwEwYDVQQI
+EwxQZW5uc3lsdmFuaWExFTATBgNVBAcTDFBoaWxhZGVscGhpYTEQMA4GA1UEChMH
+RmF1eERvRDELMAkGA1UECxMCUFcxETAPBgNVBAMTCEZhdXggRG9EMR4wHAYJKoZI
+hvcNAQkBFg9mYXV4ZG9kQGRvZC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDyQUFcuQ+YKOEJtv4XjKOTpOLp8IdbsaFwU8YgenMdvAc1ONZRL/2o
+jaCZx+kB2QSCVH2jaLUQ/2i4uz4rE21Ngpx+EHa1hgDQANle3d5CWrn2Q10/pdPe
+rJHYkMSiZ3cNWfFPBfHDtJrLlRUwJkgy+lUSLnOaipmBZMYXbV8/qUh69nWJQNXi
+AvmSUw8jwUPfTrpQVzftkOYz+0HVJyvKijTsj1LaPZTR3D8OhbFnvZWIlhIUjJZO
+jap/xQ3YEOcNF+gfx8hDQG2SnltWgecPsgiBRXmZK2IqDv39DE2DNiukEclZLhbN
+SpTibNZwkVzcTSRV2mSOHKXqTcH0wTvpAgMBAAGjgfUwgfIwHQYDVR0OBBYEFAo/
+6auHcKMK1ItTElg1Kk4MyoB5MIHCBgNVHSMEgbowgbeAFAo/6auHcKMK1ItTElg1
+Kk4MyoB5oYGTpIGQMIGNMQswCQYDVQQGEwJVUzEVMBMGA1UECBMMUGVubnN5bHZh
+bmlhMRUwEwYDVQQHEwxQaGlsYWRlbHBoaWExEDAOBgNVBAoTB0ZhdXhEb0QxCzAJ
+BgNVBAsTAlBXMREwDwYDVQQDEwhGYXV4IERvRDEeMBwGCSqGSIb3DQEJARYPZmF1
+eGRvZEBkb2QuY29tggkA3moOSL5WV88wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B
+AQUFAAOCAQEAp4fVYeSKYJICBQt37NOF6qZ+dv8GBDI+oZy7vC+VcjiRaODkiz9w
+IO5dBZxx/ldH5sD24Oc2SH+48S6UjE/D5kDpM/nIddfVfL2f222sE14RsqgrhmbG
+qRaEB8NXWiSQyKOKX63v8scioUqb9hFY+gtwb8HDFiOZFx+67L/NaXSh6VA8BbLj
+o55EafjTgr+Yad7SrZI5f6Q2iQ+uuHcJsf7fEe3Kts5Uwt5KXBBfMxeaSyQRxNX+
+JBBmy6MaxddPtus3MH+eIgI2Wp2rofH/PtGnSoizBj5IZXBkc18x1DG5pAJL4205
+EKQoicsafE27XBw45dK3cRBLXPWt8JrCBg==
+-----END CERTIFICATE-----

ssl/client-certs/client-ca.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEA8kFBXLkPmCjhCbb+F4yjk6Ti6fCHW7GhcFPGIHpzHbwHNTjW
+US/9qI2gmcfpAdkEglR9o2i1EP9ouLs+KxNtTYKcfhB2tYYA0ADZXt3eQlq59kNd
+P6XT3qyR2JDEomd3DVnxTwXxw7Say5UVMCZIMvpVEi5zmoqZgWTGF21fP6lIevZ1
+iUDV4gL5klMPI8FD3066UFc37ZDmM/tB1Scryoo07I9S2j2U0dw/DoWxZ72ViJYS
+FIyWTo2qf8UN2BDnDRfoH8fIQ0Btkp5bVoHnD7IIgUV5mStiKg79/QxNgzYrpBHJ
+WS4WzUqU4mzWcJFc3E0kVdpkjhyl6k3B9ME76QIDAQABAoIBAQCC7bnBv1MqTY2y
+jnAtkhkmRstM3G6LpCk4aE6AZy2oOGM85IcQQfu6CTFva5gHI59IQRnWI1UY5rFW
+hfxHk6xTY+/oQkWmPdJamNriZs8k1ZwD+MyBBcLIakQ446UikQDK+n1s1C2iNA4l
+UWGuMEJ9KsanmOtp7tagFDLrnnUIFgyfQv5JI/QBZSMd9UReRv3xQrdv+KK58zJE
+/zsuFFO00YS0xzDYwikuwabDXaWCt8/9rDDlthIEaJRzTxZiLK90k6DaywRnO7rJ
+Q4Q/1WUGzdA7wfkQOWLozP1To2d6Q/KK1TiRaY0uieGvTvT7kXVDne4+lb3zAmAW
+IxdyNYBxAoGBAPtgEjGapRzPLcgJqVuup5W+/gc8NWcSK4NJWAwFWN9n6wOf+jQu
+YkwVUoF0KN0g9a1rymvnv+fHdvqQ+uDtdqCMcU3DNVx1uwTf0V/kPsxSwhTjrQ3h
+4tMXL4EzOUhYV1us/PtrmSlKS1SuQXbBdgNM7n71X0zWgsHeDvIf4YQTAoGBAPa2
+OqNOUFiA8Yz7wG/Aw1LiPX+DJZVmH05yXDSWicwSyrhorxktweMNd1e+syYW+5Qe
+GFu3qaxmOlPL9M5IvbUiAV7nmiVcezBnLxBLmOdc9rk8CU8qakZDESsy/pC741/U
+y6MQZzsbKIhxG4djbl+9Mr8wom+DGQtkFJ7RvqeTAoGBAOrJRLUIGAfcioo4W/LC
+Isz+4w2m8soecn3hV1eC9wtTaHKuTWfHmxAtKi63bCN90Xn1H8/BWcEG0N4f4/OK
+WC6Efp9/IKwHWnKnCkxiRzVYZuZT8SLyRIWdNkWarnof6Rg7bt72FMw4FDw3tfVR
+pQRYKrpyPFzsTpz850DG/j/5AoGAZ5BxpxH96lkejRc1XfQmSknMlRWBlmiLJcwd
+5rl22OLelHDlaAVsSZriiUP1Qj0NmMzVXtMHd+Zl/70zY9DnSf0fZC6G574dvGDk
+QcvqQN0mePW51rCwchQ/RcofULR+q0DRxv7gxtAMwNHyQ3A66herENUiqvr2bXCy
+s0TK6t8CgYEA7IS8e3x9SvXwfjGyJslbxhI4P7cBuVU5aL1SqYpaNx61JdmnPct4
+ruQntKHL5DvPNNRwFUvySkH93zjvjOWqF1g8kSO2ZPDj+WajStAHwA1TmVYIfkpV
+xfv5mlcKUfyLmoJ6nKuCf/pt49Gmp3vRsmxZrEcbBqGAVBI7LslQQr4=
+-----END RSA PRIVATE KEY-----

ssl/client-certs/client-ca.pem.crl

@@ -0,0 +1,13 @@
+-----BEGIN X509 CRL-----
+MIIB8jCB2zANBgkqhkiG9w0BAQQFADCBjTELMAkGA1UEBhMCVVMxFTATBgNVBAgT
+DFBlbm5zeWx2YW5pYTEVMBMGA1UEBxMMUGhpbGFkZWxwaGlhMRAwDgYDVQQKEwdG
+YXV4RG9EMQswCQYDVQQLEwJQVzERMA8GA1UEAxMIRmF1eCBEb0QxHjAcBgkqhkiG
+9w0BCQEWD2ZhdXhkb2RAZG9kLmNvbRcNMTgwNzMwMjEyOTAxWhcNMTgwODI5MjEy
+OTAxWjAcMBoCCQDe7V0Kcecn2RcNMTgwNjIwMjA0NjExWjANBgkqhkiG9w0BAQQF
+AAOCAQEAfZSS51Axnx04iSfMd1k5/TvH1R6NvUM20S/rZjJYt/uLqRElnJd7R7aI
+lLQQzSdbsuHm8HcfcMS7ZUMv989chKXMbPml+ZXkK/zp7LdjaL5THs09ek0NOM2l
+yhJcdE3K5bntk6qSgbsUpBOWLHzrp20is3BPl6gY+JRb0nnZ/SXTr4zfDctGfcot
+fSAGs3QA0Q/dpJOlSkGzxlzjB7dXDuoHTaJwy2s48IriNvvtVktM2AS+B/843vMC
+ToI5ZUh3RkSCgGvKexobg85Ke1QwWTYuj392JhakpIu/Qc71BK0jtbY9mVuFLwqW
+RFXDKIzRiL4S7iZWu/bpqTYyqmCmeA==
+-----END X509 CRL-----

ssl/client-certs/crl_openssl.conf

@@ -0,0 +1,26 @@
+[ ca ]
+default_ca      = CA_default            # The default ca section
+
+[ CA_default ]
+
+dir            = ./ # top dir
+database       = $dir/index.txt        # index file.
+# new_certs_dir  = $dir/newcerts         # new certs dir
+
+default_days   = 365                   # how long to certify for
+default_crl_days= 30                   # how long before next CRL
+default_md     = md5                   # md to use
+
+policy         = policy_any            # default policy
+email_in_dn    = no                    # Don't add the email into cert DN
+name_opt       = ca_default            # Subject name display option
+cert_opt       = ca_default            # Certificate display option
+copy_extensions = none                 # Don't copy extensions from request
+
+[ policy_any ]
+countryName            = supplied
+stateOrProvinceName    = optional
+organizationName       = optional
+organizationalUnitName = optional
+commonName             = supplied
+emailAddress           = optional

ssl/client-certs/index.txt

@@ -0,0 +1 @@
+R	180720204319Z	180620204611Z	DEED5D0A71E727D9	unknown	/C=US/ST=Pennsylvania/L=Philadelphia/O=S&G/CN=SIMON.PAUL.3856135901/emailAddress=simon@s_and_g.com

ssl/client-certs/index.txt.attr

@@ -0,0 +1 @@
+unique_subject = yes