From a6452061f878d5d94e98ccd81558871ebc55f816 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20R=C3=BChsen?= Date: Sun, 6 May 2018 17:30:36 +0200 Subject: [PATCH] Fix HTTPS tests * tests/Test-https-badcerts.px: Fix test return value * tests/Test-https-crl.px: Likewise * README: How to create certs with GnuTLS's certtool * tests/certs/revokedcrl.pem: Recreated revocation * tests/certs/server.crt: Recreated server cert with no expiry * tests/certs/test-ca-cert.pem: Recreated CA cert with no expiry --- tests/Test-https-badcerts.px | 10 +---- tests/Test-https-crl.px | 15 ++----- tests/certs/README | 87 ++++++++++++++++++++++++++++++++++++ tests/certs/revokedcrl.pem | 33 +++++++------- tests/certs/server.crt | 39 ++++++++-------- tests/certs/test-ca-cert.pem | 61 ++++++++++++------------- 6 files changed, 154 insertions(+), 91 deletions(-) create mode 100644 tests/certs/README diff --git a/tests/Test-https-badcerts.px b/tests/Test-https-badcerts.px index 5619377d..fdcd9809 100644 --- a/tests/Test-https-badcerts.px +++ b/tests/Test-https-badcerts.px @@ -123,17 +123,9 @@ my $retryssl = SSLTest->new(cmdline => $cmdline, input => \%urls, errcode => $expected_error_code, existing => \%existing_files, - output => \%expected_downloaded_files, certfile => $servercrt, keyfile => $serverkey, lhostname => $testhostname, sslport => $port); -if ($retryssl->run() == 0) -{ - exit 0; -} -else -{ - exit -1; -} +exit $retryssl->run(); # vim: et ts=4 sw=4 diff --git a/tests/Test-https-crl.px b/tests/Test-https-crl.px index 3e8eb67b..9b56f934 100755 --- a/tests/Test-https-crl.px +++ b/tests/Test-https-crl.px @@ -55,8 +55,8 @@ my $cacrt = "$srcdir/certs/test-ca-cert.pem"; my $cakey = "$srcdir/certs/test-ca-key.pem"; # Use a revoked certificate -my $servercrt = "$srcdir/certs/revoked.crt"; -my $serverkey = "$srcdir/certs/revoked.key"; +my $servercrt = "$srcdir/certs/server.crt"; +my $serverkey = "$srcdir/certs/server.key"; my $servercheck =`(openssl x509 -noout -modulus -in $servercrt | openssl md5 ; openssl rsa -noout -modulus -in $serverkey | openssl md5) | @@ -119,18 +119,9 @@ my $retryssl = SSLTest->new(cmdline => $cmdline, input => \%urls, errcode => $expected_error_code, existing => \%existing_files, - output => \%expected_downloaded_files, certfile => $servercrt, keyfile => $serverkey, lhostname => $testhostname, sslport => $port); -if ($retryssl->run() == 0) -{ - exit -1; -} -else -{ - print "Test successful.\n"; - exit 0; -} +exit $retryssl->run(); # vim: et ts=4 sw=4 diff --git a/tests/certs/README b/tests/certs/README new file mode 100644 index 00000000..963a7623 --- /dev/null +++ b/tests/certs/README @@ -0,0 +1,87 @@ +# create a CA certificate +$certtool --generate-privkey --outfile test-ca-key.pem +$certtool --generate-self-signed --load-privkey test-ca-key.pem --outfile test-ca-cert.pem + +Common name: Wget +UID: +Organizational unit name: Wget +Organization name: GNU Wget +Locality name: +State or province name: +Country name (2 chars): +Enter the subject's domain component (DC): +This field should not be used in new certificates. +E-mail: +Enter the certificate's serial number in decimal (default: 6080487640893163573): + +Activation/Expiration time. +The certificate will expire in (days): -1 + +Extensions. +Does the certificate belong to an authority? (y/N): y +Path length constraint (decimal, -1 for no constraint): +Is this a TLS web client certificate? (y/N): +Will the certificate be used for IPsec IKE operations? (y/N): +Is this a TLS web server certificate? (y/N): +Enter a dnsName of the subject of the certificate: +Enter a URI of the subject of the certificate: +Enter the IP address of the subject of the certificate: +Enter the e-mail of the subject of the certificate: +Will the certificate be used to sign other certificates? (y/N): y +Will the certificate be used to sign CRLs? (y/N): y +Will the certificate be used to sign code? (y/N): +Will the certificate be used to sign OCSP requests? (y/N): y +Will the certificate be used for time stamping? (y/N): +Enter the URI of the CRL distribution point: + + +# generate a server certificate +$ certtool --generate-privkey --outfile server.key --rsa +$ certtool --generate-certificate --load-privkey server.key --outfile server.crt --load-ca-certificate test-ca-cert.pem --load-ca-privkey test-ca-key.pem + +Please enter the details of the certificate's distinguished name. Just press enter to ignore a field. +Common name: WgetTestingServer +UID: +Organizational unit name: Wget +Organization name: GNU Wget +Locality name: +State or province name: +Country name (2 chars): +Enter the subject's domain component (DC): +This field should not be used in new certificates. +E-mail: +Enter the certificate's serial number in decimal (default: 6552424755099978648): + + +Activation/Expiration time. +The certificate will expire in (days): -1 + + +Extensions. +Does the certificate belong to an authority? (y/N): +Is this a TLS web client certificate? (y/N): +Will the certificate be used for IPsec IKE operations? (y/N): +Is this a TLS web server certificate? (y/N): y +Enter a dnsName of the subject of the certificate: 127.0.0.1 +Enter a dnsName of the subject of the certificate: ::1 +Enter a dnsName of the subject of the certificate: localhost +Enter a dnsName of the subject of the certificate: WgetTestingServer +Enter a dnsName of the subject of the certificate: +Enter a URI of the subject of the certificate: +Enter the IP address of the subject of the certificate: +Will the certificate be used for signing (DHE ciphersuites)? (Y/n): +Will the certificate be used for encryption (RSA ciphersuites)? (Y/n): +Will the certificate be used to sign OCSP requests? (y/N): +Will the certificate be used to sign code? (y/N): +Will the certificate be used for time stamping? (y/N): +Will the certificate be used for email protection? (y/N): + + +# create a CRL for the server certificate: +$ certtool --generate-crl --load-ca-privkey test-ca-key.pem --load-ca-certificate test-ca-cert.pem --load-certificate server.crt --outfile revokedcrl.pem + +Generating a signed CRL... +Update times. +The certificate will expire in (days): -1 +CRL Number (default: 6552487324127713992): + diff --git a/tests/certs/revokedcrl.pem b/tests/certs/revokedcrl.pem index f863d665..e6a1ceb5 100644 --- a/tests/certs/revokedcrl.pem +++ b/tests/certs/revokedcrl.pem @@ -1,19 +1,18 @@ -----BEGIN X509 CRL----- -MIIDCjCB8wIBATANBgkqhkiG9w0BAQUFADCBmTELMAkGA1UEBhMCVVMxCzAJBgNV -BAgMAkNBMREwDwYDVQQHDAhTYW4gSm9zZTEgMB4GA1UECgwXV2dldCBUZXN0aW5n -IERlcGFydG1lbnQxEDAOBgNVBAsMB1Rlc3RpbmcxFDASBgNVBAMMC1dnZXRUZXN0 -aW5nMSAwHgYJKoZIhvcNAQkBFhFidWdzLXdnZXRAZ251Lm9yZxcNMTcwNTA5MjIz -MjEyWhcNMTkwNTA5MjIzMjEyWjAVMBMCAhElFw0xNzA1MDkyMjMxMDBaoA4wDDAK -BgNVHRQEAwIBADANBgkqhkiG9w0BAQUFAAOCAgEADReMcnUQbWyXE1xYcPHlSAfh -bBBY2w7e/CUeuCXaalaM9cfdMz0trR+JApdoBg/g+UV/+q8xYXEeQM7wKXOXOax4 -tYpS3+EdCpm1r+e4hhuGBMp01qtoJD8v5y3a77ujXWldgCEJHz05qjtpBkya775V -w1UzLsbh6DVgrwSEOgMJHYfgJHuPwfD4PpCTSbAUSwNrHXIbDG6zPVyoBpl8WRCc -4uDWVeh2+N0fmTucbm3x1dBnOol1JXI7LvnVDr+mtQVcHLD9OknNylmLOiuMrpmc -9PENMdbgRKA4kkHcV9lg37elYubaIBA48Vkssnr90wU6nITLabojWYNEspjqQejG -QOE78ASG0bS8O4vKxCVx4pX/ZQwcO9BeCnuIOsTlV2KUYiCA6yxNPkPoBjpdfOAB -j3hu+Jk3S0aX6At1AHDvmtWErEnH4B0gGopt8VJL1ZBEglb9rUIg5OlbTr+x5vIX -7FVuxhZYSxl1AYGqajmcLIwvucidaIlwtgFGeZR8GZ0y3aFdIoKO8V+wyNEPjI5I -i9tvavJ23nlYFTQJwNgESIR0voipoiiYeSa8cED28rHfkQvnY2iNsCO+ztxZvC70 -4K0CAIbfhYx1eeIakeFFHdIGPSXf+oFGomij0yt3bZC2h4sFhsr7sYUIMb5KlSSW -mZ3uHBLaS0xQ9p1vSRo= +MIIC0TCBugIBATANBgkqhkiG9w0BAQsFADAxMQ0wCwYDVQQDEwRXZ2V0MQ0wCwYD +VQQLEwRXZ2V0MREwDwYDVQQKEwhHTlUgV2dldBcNMTgwNTA2MTUxNzE5WhgPOTk5 +OTEyMzEyMzU5NTlaMBswGQIIWu7jmTk1y5gXDTE4MDUwNjE1MTcxOVqgNjA0MB8G +A1UdIwQYMBaAFH681m4jgi27YaqRhfZ+jeWJEyn/MBEGA1UdFAQKAgha7xyBNeHa +yDANBgkqhkiG9w0BAQsFAAOCAgEAYLQQbcz/tfEC02QEIWu0S39e4+b+lssOsZ4u +ljcz0UfavagkLLTiunFQx64no0d+xRzk5c1IZd6HGmf2TokIK0+6bkTJejLLeL7G +3mmhzbFY8tQYcCEbcJL2fj5jmQAd33nr+wZkajQWLt6PbuGmpLpXz9lG27RKm8xc +5TD51+5RwwWUrsFLwEt7xnk7737zB4flZmjpvlHvGVDgp81SVndghVvpUcqQSCwq +XgvgbxYy+f1peHV0matV3it9jmwrCfOBkxD2zOX6UphUn4upXNGuHR0zLN37CINA +OoYlFtHRsabbW/c2b+qUBBw4OniH7g/HMH3/p8MUrMmInxE1/cZCmTcR+NUyogqo +VtDFAG8UV9MFyYK6vCfUqgrE3UzSXvKIXoX6DypOb4wgXdHF8dt93yUOSHVynjON +FbgpHz8XUj6r/o0OcJioACCSv3j34w7Hvwh/8jkHBKucjWly/IpyQjs+qiLbnGmN +Fqf/kuLKqxrXrkvePyPMts5w+eIXauGy+a5p72H58ZncoV3+w0v3LJpQ0G0lnjnV +nQGKm1MUAfcDZQr07iEva7DneoMCZIB1CZz1Yfp7/7oY1BRF1KsyknI5Fh+gSiUp +LdC4ycYcO1RSfPnKx7Hw+VeiFVy2Ka6Yi346zlJMAyFDyxqYG+tbHQLwF3flTtW7 +UYoG2xE= -----END X509 CRL----- diff --git a/tests/certs/server.crt b/tests/certs/server.crt index 0d6d1552..5131074c 100644 --- a/tests/certs/server.crt +++ b/tests/certs/server.crt @@ -1,28 +1,27 @@ -----BEGIN CERTIFICATE----- -MIIEsTCCApkCCQCFKV9Q4gGmRjANBgkqhkiG9w0BAQsFADCBmTELMAkGA1UEBhMC -VVMxCzAJBgNVBAgMAkNBMREwDwYDVQQHDAhTYW4gSm9zZTEgMB4GA1UECgwXV2dl -dCBUZXN0aW5nIERlcGFydG1lbnQxEDAOBgNVBAsMB1Rlc3RpbmcxFDASBgNVBAMM -C1dnZXRUZXN0aW5nMSAwHgYJKoZIhvcNAQkBFhFidWdzLXdnZXRAZ251Lm9yZzAe -Fw0xNzA0MDYyMTMxMTNaFw0xODA4MTkyMTMxMTNaMIGaMQswCQYDVQQGEwJVUzEL -MAkGA1UECAwCQ0ExETAPBgNVBAcMCFNhbiBKb3NlMRwwGgYDVQQKDBNXZ2V0IFRl -c3RpbmcgU2VydmVyMQ8wDQYDVQQLDAZTZXJ2ZXIxGjAYBgNVBAMMEVdnZXRUZXN0 -aW5nU2VydmVyMSAwHgYJKoZIhvcNAQkBFhFidWdzLXdnZXRAZ251Lm9yZzCCASIw +MIIEpDCCAoygAwIBAgIIWu7jmTk1y5gwDQYJKoZIhvcNAQELBQAwMTENMAsGA1UE +AxMEV2dldDENMAsGA1UECxMEV2dldDERMA8GA1UEChMIR05VIFdnZXQwIBcNMTgw +NTA2MTExNDM2WhgPOTk5OTEyMzEyMzU5NTlaMD4xGjAYBgNVBAMTEVdnZXRUZXN0 +aW5nU2VydmVyMQ0wCwYDVQQLEwRXZ2V0MREwDwYDVQQKEwhHTlUgV2dldDCCASIw DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANXGNSzoaeTX3B34xqiKuVXc2YzL /QQFexj+dyJ5XwwDF420gEv+zFjy8Y9wiGZ4rgHzF2TviNCoAy7ntlltA9Ab41jk CikwbZ9R81qsvmxc4HXRNgiKadNIb7BYNh6HljJjOSclkbF/LypJtdF5g7b6Qron ME/UuDIYLQV765emZh+2h/BJLtTXU+8n985gC+/9dw68WjLnWk9REzHYZPFU4UGK bCx+h7M/cVE5uIWjDC3Uq93jCweZJ8UFbmAnwlER8fXSEzy2SK5yqlRu+st8ae5w ZQAgXSeHF0jZ/lUgZBlq2QnqfzVlDd26CXMa/2OLZo9qUIoS/c0y5qLghTUCAwEA -ATANBgkqhkiG9w0BAQsFAAOCAgEACWiOsXM9Mu+mg0+eGAlhuHP4/nOR8nFrZ0A/ -RaBwsW6yBSZ6NAHLQKhApm3TOgxrMFM82hB+L9AW05p6dz6fHm25ajJKmefsbAGi -gqhBdEI9GJJKj6Wm5od7MT9jZ0z5edcPFXqnyapLXYJHps+Sm7ZJ81Mt/sTDjQCb -6I/Y5yQW6KomjtqfMIw6miOqXnabRDFN8CQ6nKzFBMviQVBn04G+pQRCJ5//4bSc -33erZb56C36xTnTXiIXKo6LkVhH+TG28dTxRh8d+xBYbqe8ZR9aCoCVVn7ca3UZZ -iQBOTfVKMRVUthHo2ntRs/jE5qhPYXA1km5rvUE2+sSIUdoqol4JTshK6bzt6VN9 -1bDKkmJa5IqcXEjcXADEJA62Zcr+I/8D1KxVf/CAPvtT1z4EqCWOeKk1uMjURZVR -BbFmjJ76LZ65YFTAJBm0EdVG917Yd9jsC8zCT/Lb+LFLuecXpBBp9tCcdp9z1MX+ -Pw4Co54keMBWXQeOnrtg8haGTXSwTOOp0F5wmWdUKjiwjhxanTgJZMZTjfcMLcNS -1GIhFt7sIEnc/PkX6vBOIeyFBppw9So+YYJE2MOsKaUvi+IX5XJXZf8R73k1+e0d -V8sKjQoYVDwavJSeOx19nJVKQa8fEvv5t5tPES3UlZ1FWAdKVEpDECiEKyQEfkmK -jQ9qZJU= +AaOBsDCBrTAMBgNVHRMBAf8EAjAAMDcGA1UdEQQwMC6CCTEyNy4wLjAuMYIDOjox +gglsb2NhbGhvc3SCEVdnZXRUZXN0aW5nU2VydmVyMBMGA1UdJQQMMAoGCCsGAQUF +BwMBMA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFOBZKlHSJ4GW2mOjJ4fkDhLr +X5mCMB8GA1UdIwQYMBaAFH681m4jgi27YaqRhfZ+jeWJEyn/MA0GCSqGSIb3DQEB +CwUAA4ICAQAwCcJs/+PLNhWF43YQOCB2ZXRELfE9j/p/H018rTr6vdYZunpdi0wf +AceI+xBylMQs6CG0zh8bOgf0wwaOwGd1ESg3a5qtLbp565KZ8VD0LvnwZQX+ZBwA +b5V1mrmtPzyLTSJScf6GiuqQJiwrQIDhpGlw00r8U0s9L+yuBP7XbUY+TFKNWhL1 +wkoalRc6vFOSWkc6SJHa/dDqMBXC86Q90OUu+DSNMiKk8ps0MpZAj17OADyf6Qu0 +IbB0+l+rJKKuOSl87pl3ACKZwSEopQBxjOuSmUZ641ZtZRy5HoMwM+LneoR3I1Re +a2xKgCT3qMNVrKI4gzN7zYAAXlVT7ZfZWzPYvRZ+1Hxlbsf/DrSmBIvaCx7fTyBL +etFKP8joarPrtffLu9XhXH5IB6G8spPOlkxGHg8WyCG67Y7hHzwDJH4cyG1OKiWj +gsaxaN7WQ8Nyyz/WoQq9NeAkjhMen1JXB4ueeVXI4wgQIl1jWb31foR0KylGdAj7 +H89v9QJtBf/1Jghi6t78faUq8t1dyfF0vAiLAOF9DKjvCUd7oU5zBZTB0inoWK1g +WoDaOddQKc76LajP74X4t78L8mGkQ0W2Kmnr508YXYGHU8eNlYgrSxBGNhW2QRFM +/cCToErw+hJAAXNWibGPW8yZTcen7jKQBQTVL18tRxDOSgjgoWbpRw== -----END CERTIFICATE----- diff --git a/tests/certs/test-ca-cert.pem b/tests/certs/test-ca-cert.pem index c3999543..2623576c 100644 --- a/tests/certs/test-ca-cert.pem +++ b/tests/certs/test-ca-cert.pem @@ -1,35 +1,30 @@ -----BEGIN CERTIFICATE----- -MIIGBzCCA++gAwIBAgIJAJlGYwAp0+gKMA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD -VQQGEwJVUzELMAkGA1UECAwCQ0ExETAPBgNVBAcMCFNhbiBKb3NlMSAwHgYDVQQK -DBdXZ2V0IFRlc3RpbmcgRGVwYXJ0bWVudDEQMA4GA1UECwwHVGVzdGluZzEUMBIG -A1UEAwwLV2dldFRlc3RpbmcxIDAeBgkqhkiG9w0BCQEWEWJ1Z3Mtd2dldEBnbnUu -b3JnMB4XDTE3MDQwNjIxMDEyOFoXDTE4MDQwNjIxMDEyOFowgZkxCzAJBgNVBAYT -AlVTMQswCQYDVQQIDAJDQTERMA8GA1UEBwwIU2FuIEpvc2UxIDAeBgNVBAoMF1dn -ZXQgVGVzdGluZyBEZXBhcnRtZW50MRAwDgYDVQQLDAdUZXN0aW5nMRQwEgYDVQQD -DAtXZ2V0VGVzdGluZzEgMB4GCSqGSIb3DQEJARYRYnVncy13Z2V0QGdudS5vcmcw -ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCvHmnQlY58T/PcZeR3ntBp -6YYELxmYTjrdiHLpa1HvDDkwYyVCaWxhi8R5mP/cUt7aZ0BrNMCVTy5/cEzl/w9R -VqERKDB68ZU0ku2A4YmDFenlyyUuVZhn5reovUUlhWo8p+Ir+1vwGyDPM/IQKaUJ -6tfDWVD7fgVzfpvDm8XDqKB6BvzLPk3n3K9mndv2KihTUnnJFMZOkSYaFStQ11Rz -YwR7ZvAuISB99WZf2hzaYiovB9G0WMky81vpmvjbKWVYLlpV5Inzq2QiG4tFBEP+ -ebLc1H9PGd7vrgGE2cn78g1XXpR8nPUDYF4UGFs90ftPqNDHcHFENB7DrpB7wRIa -5ZrpKyNbCGIKX+UnVR5Ra32mMM2pPiR95ZDNkqdsygLuHAsyaaj1+wvrmM81H2Jy -V/kVcFqnf3+C1aX2+hu5OL7rIskEYG8HgWwWxE0NW7Q8zTrBR7D932hM/7f8Yojx -SeqJP7vpGULeVzJF0CTksoWh+D1s+Q2b93DpoMW18VMTig2NFetQr3DdJmySed7a -g694qgY5iDv1P/CWBSj75TDBrw3Ji6PJxWES+ox29frxrCWtAjEwVI5zJ5qIZW5n -+BYir/tVloMkYSmeby9eSmTLGENZrepBwuocpvJ1yQRosdzYG42MjfI2JhlTFWvw -wdGCsFqsRcsfPTJqu801QQIDAQABo1AwTjAdBgNVHQ4EFgQUF+2TQ4+npgB11Oi2 -gg2IN37AbQgwHwYDVR0jBBgwFoAUF+2TQ4+npgB11Oi2gg2IN37AbQgwDAYDVR0T -BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAewaQ/hmPbjNI7FFNM63M1qnWHK+t -Zsm5qHWMk5WkcdavsqpexGDc3VxBYFzqqEjlCTseMgsNZ76FENZeNGNFtKScUHuR -J6Fp+pqEZJ9AoQy8WbkDuFjsKs+En3cMvqy4QUqVOFrKg1PKJEWlqvonMs+apzvJ -0bjj5Aj2w906XvpKYTnfR6QHJC5ZP5xTorJWLvAwWl0ZuqxQKT0fXKcPeAlE0c4b -3eJ5jFXPIFkYt0fJcUnZp6QJv608/METl9x+rTYfRsD6kQGC+281C19PxBacTzxH -fAjsesvP7t7pPlh+Chdd7w1QqFg4UUH9NfIkiq06UtIUoQHfCgT1FvXoFoPiRR5f -5m67jGE8Sn04nnGhvHnN03kOuwK/VIniLuHdWw0nwLBWIEpzZPbIQQSezoJd7ViY -2zBJQCtp1ewEDOXecBL+8CNIUXTiFoOxP/YMuLruoYB5dkLpIFbscHp3dZJMScoz -XJQHh68KH0oRm+/FnK3MLxn56nbwoV4uhdIr5FgLglh7PUfUa2wavFjhi3MY50qD -SsvoCmBny/N2KJK2tEBIGWbdYy1XBF/l8xaORdT/M4ILYV52Wf2AYy9NTYJxiB0V -LwVGbG5plMbJiBFDOZcram4pQrG6k21t2Xv2lkVf1AvOlx4qKfUN04TGWXwu5dAP -pnv5yEwOelBLq7Q= +MIIFKTCCAxGgAwIBAgIIWu7f2CMW9qgwDQYJKoZIhvcNAQELBQAwMTENMAsGA1UE +AxMEV2dldDENMAsGA1UECxMEV2dldDERMA8GA1UEChMIR05VIFdnZXQwIBcNMTgw +NTA2MTA1ODM0WhgPOTk5OTEyMzEyMzU5NTlaMDExDTALBgNVBAMTBFdnZXQxDTAL +BgNVBAsTBFdnZXQxETAPBgNVBAoTCEdOVSBXZ2V0MIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEArx5p0JWOfE/z3GXkd57QaemGBC8ZmE463Yhy6WtR7ww5 +MGMlQmlsYYvEeZj/3FLe2mdAazTAlU8uf3BM5f8PUVahESgwevGVNJLtgOGJgxXp +5cslLlWYZ+a3qL1FJYVqPKfiK/tb8BsgzzPyECmlCerXw1lQ+34Fc36bw5vFw6ig +egb8yz5N59yvZp3b9iooU1J5yRTGTpEmGhUrUNdUc2MEe2bwLiEgffVmX9oc2mIq +LwfRtFjJMvNb6Zr42yllWC5aVeSJ86tkIhuLRQRD/nmy3NR/Txne764BhNnJ+/IN +V16UfJz1A2BeFBhbPdH7T6jQx3BxRDQew66Qe8ESGuWa6SsjWwhiCl/lJ1UeUWt9 +pjDNqT4kfeWQzZKnbMoC7hwLMmmo9fsL65jPNR9iclf5FXBap39/gtWl9vobuTi+ +6yLJBGBvB4FsFsRNDVu0PM06wUew/d9oTP+3/GKI8UnqiT+76RlC3lcyRdAk5LKF +ofg9bPkNm/dw6aDFtfFTE4oNjRXrUK9w3SZsknne2oOveKoGOYg79T/wlgUo++Uw +wa8NyYujycVhEvqMdvX68awlrQIxMFSOcyeaiGVuZ/gWIq/7VZaDJGEpnm8vXkpk +yxhDWa3qQcLqHKbydckEaLHc2BuNjI3yNiYZUxVr8MHRgrBarEXLHz0yarvNNUEC +AwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYAMB0GA1Ud +DgQWBBR+vNZuI4Itu2GqkYX2fo3liRMp/zANBgkqhkiG9w0BAQsFAAOCAgEALbu9 +EGQtB7WSOL+bsj30/1dvzKngq71Mpv00jrXwPjtHbhc7ZWMqbcd0v9ws64bJX8sg +LrEv1zpqB4oS/yRKWZsCgLaBxPdPqPcCrmdLEBACkrIAl65LWzvFquMZ+XxXcruJ +vVTKmfTcTVGo5n9ixNtoZ41Sl4oT67AsViSmk6Yai2Eyi7LbXkZrCva758lMbWmw +QT3Scr4HDaHYVnPLqSicb6qWPssZidNtQyE7v96s9nXvjYs9UOYR6Dg8U2VOsPXn +XyevMumH/70Z4wfwkMwBOtgKe+UmxAfOwYh/N3AFpbK93cfGEFWBzo+uMkH1SeGw +ccDYk9riVe/ya4xutOqz9dJF05Els5Qq6SwBNClHedJNM0HWOgYvZqhBrngGjDQI +VP4Klxewn5Q4FTMud1sZEfr4wnZvgH0Axkl+vVvDkEcC0LnfXc4fUj3mpD9X0YKl +AYw/MPsDVA7kF3ayctbZDBqEoqVg6UkG2cv9Jt2nXDRTpANPzQg6J4XxVrF2m8fR +P7fiXtM6vczzpl9nwFvpon0sqD52sRlvyjB0DWuTFBU1V5fQOdCfnsQayyYvbigx +rHlw0D97+hhNQhWZw0i3+YcpoAGiftpSFSxIcbCp+aYFfmgmwVCYG5QVEjaH+TJp +cVBYPisU7ic8jq97R+D0Ot6kZtcaHeFzh1BYbF4= -----END CERTIFICATE-----