From 853b82126baa1e8e408a10f91053c52626ffad29 Mon Sep 17 00:00:00 2001
From: hc <hc@email.ch>
Date: Wed, 20 Nov 2024 12:51:33 +0800
Subject: working

---
 config_files/certificate-authority/certs/root.crt  | 15 ++++++
 .../config/create_intermediate_csr.ini             | 22 +++++++++
 .../config/create_root_cert.ini                    | 55 ++++++++++++++++++++++
 .../certificate-authority/config/fullchain.crt     | 55 ++++++++++++++++++++++
 .../config/normalcli/client.crt                    | 24 ++++++++++
 .../config/normalcli/client.csr                    | 17 +++++++
 .../config/normalcli/client.key                    | 28 +++++++++++
 .../certificate-authority/config/server.crt        | 24 ++++++++++
 .../certificate-authority/config/server.csr        | 17 +++++++
 .../config/sign_intermediate_csr.ini               | 43 +++++++++++++++++
 .../config/sign_server_and_client_csrs.ini         | 45 ++++++++++++++++++
 .../certificate-authority/config/yubikey/yubi.crt  | 23 +++++++++
 .../config/yubikey/yubi.crt.pem                    | 23 +++++++++
 .../certificate-authority/config/yubikey/yubi.csr  | 16 +++++++
 .../config/yubikey/yubi_pubkey.pem                 |  9 ++++
 config_files/certificate-authority/index.txt       |  1 +
 config_files/certificate-authority/index.txt.attr  |  1 +
 config_files/certificate-authority/index.txt.old   |  0
 .../intermediate/certs/intermediate.crt            | 16 +++++++
 .../intermediate/csr/intermediate.csr              | 10 ++++
 .../certificate-authority/intermediate/index.txt   |  3 ++
 .../intermediate/index.txt.attr                    |  1 +
 .../intermediate/index.txt.attr.old                |  1 +
 .../intermediate/index.txt.old                     |  2 +
 .../74F214909A4F244A2352A2851BCC0F13109CB80E.pem   | 24 ++++++++++
 .../74F214909A4F244A2352A2851BCC0F13109CB80F.pem   | 23 +++++++++
 .../74F214909A4F244A2352A2851BCC0F13109CB810.pem   | 24 ++++++++++
 .../certificate-authority/intermediate/serial      |  1 +
 .../certificate-authority/intermediate/serial.old  |  1 +
 .../37CA4B18EB4D375F067A5A93EFE81BE534C446D7.pem   | 16 +++++++
 config_files/certificate-authority/serial          |  1 +
 31 files changed, 541 insertions(+)
 create mode 100644 config_files/certificate-authority/certs/root.crt
 create mode 100644 config_files/certificate-authority/config/create_intermediate_csr.ini
 create mode 100644 config_files/certificate-authority/config/create_root_cert.ini
 create mode 100644 config_files/certificate-authority/config/fullchain.crt
 create mode 100755 config_files/certificate-authority/config/normalcli/client.crt
 create mode 100755 config_files/certificate-authority/config/normalcli/client.csr
 create mode 100755 config_files/certificate-authority/config/normalcli/client.key
 create mode 100644 config_files/certificate-authority/config/server.crt
 create mode 100644 config_files/certificate-authority/config/server.csr
 create mode 100644 config_files/certificate-authority/config/sign_intermediate_csr.ini
 create mode 100644 config_files/certificate-authority/config/sign_server_and_client_csrs.ini
 create mode 100644 config_files/certificate-authority/config/yubikey/yubi.crt
 create mode 100644 config_files/certificate-authority/config/yubikey/yubi.crt.pem
 create mode 100644 config_files/certificate-authority/config/yubikey/yubi.csr
 create mode 100644 config_files/certificate-authority/config/yubikey/yubi_pubkey.pem
 create mode 100644 config_files/certificate-authority/index.txt
 create mode 100644 config_files/certificate-authority/index.txt.attr
 create mode 100644 config_files/certificate-authority/index.txt.old
 create mode 100644 config_files/certificate-authority/intermediate/certs/intermediate.crt
 create mode 100644 config_files/certificate-authority/intermediate/csr/intermediate.csr
 create mode 100644 config_files/certificate-authority/intermediate/index.txt
 create mode 100644 config_files/certificate-authority/intermediate/index.txt.attr
 create mode 100644 config_files/certificate-authority/intermediate/index.txt.attr.old
 create mode 100644 config_files/certificate-authority/intermediate/index.txt.old
 create mode 100644 config_files/certificate-authority/intermediate/newcerts/74F214909A4F244A2352A2851BCC0F13109CB80E.pem
 create mode 100644 config_files/certificate-authority/intermediate/newcerts/74F214909A4F244A2352A2851BCC0F13109CB80F.pem
 create mode 100644 config_files/certificate-authority/intermediate/newcerts/74F214909A4F244A2352A2851BCC0F13109CB810.pem
 create mode 100644 config_files/certificate-authority/intermediate/serial
 create mode 100644 config_files/certificate-authority/intermediate/serial.old
 create mode 100644 config_files/certificate-authority/newcerts/37CA4B18EB4D375F067A5A93EFE81BE534C446D7.pem
 create mode 100644 config_files/certificate-authority/serial

(limited to 'config_files/certificate-authority')

diff --git a/config_files/certificate-authority/certs/root.crt b/config_files/certificate-authority/certs/root.crt
new file mode 100644
index 0000000..9bbdff0
--- /dev/null
+++ b/config_files/certificate-authority/certs/root.crt
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICYDCCAeagAwIBAgIUKzrohjd0kem8ZlOdZ3Z/WCacRW4wCgYIKoZIzj0EAwQw
+XzELMAkGA1UEBhMCc2cxCzAJBgNVBAgMAmhpMQswCQYDVQQKDAJoaTEhMB8GA1UE
+CwwYaGkgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRMwEQYDVQQDDApoaSBSb290IENB
+MB4XDTI0MTExMjE5Mjg1OFoXDTM0MTExMDE5Mjg1OFowXzELMAkGA1UEBhMCc2cx
+CzAJBgNVBAgMAmhpMQswCQYDVQQKDAJoaTEhMB8GA1UECwwYaGkgQ2VydGlmaWNh
+dGUgQXV0aG9yaXR5MRMwEQYDVQQDDApoaSBSb290IENBMHYwEAYHKoZIzj0CAQYF
+K4EEACIDYgAEDu8tCkFEHPtSprQKEp+QNUxEMQHPPYAqOtLFYLQrgZV862d/tCms
+2ZN610YgJ4Q2jzPoG+OT75/cA66bqfRik0GY6Uc/YIzXVjFIdnLPv36w0gUnazdZ
+7J3U95JZ9006o2MwYTAdBgNVHQ4EFgQUNSN4SMcTIdbae4OEkVZowIMhGqUwHwYD
+VR0jBBgwFoAUNSN4SMcTIdbae4OEkVZowIMhGqUwDwYDVR0TAQH/BAUwAwEB/zAO
+BgNVHQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwQDaAAwZQIwDwyap3b/a6em5Q2AOCf7
+sWJfyC1WW/6UAZ3smu5LT5zd+nBeuiQ5OinIWm8xAXUDAjEAxjDUWD1avBtFV6sw
+FHb91laAakaee7EgVkEng1kqEkzza9cNGghek2aIPV5nHXH+
+-----END CERTIFICATE-----
diff --git a/config_files/certificate-authority/config/create_intermediate_csr.ini b/config_files/certificate-authority/config/create_intermediate_csr.ini
new file mode 100644
index 0000000..1929141
--- /dev/null
+++ b/config_files/certificate-authority/config/create_intermediate_csr.ini
@@ -0,0 +1,22 @@
+[ req ]
+# Options for the `req` tool (`man req`).
+default_bits        = 4096
+distinguished_name  = req_distinguished_name
+string_mask         = utf8only
+prompt              = no
+
+# SHA-1 is deprecated, so use SHA-2 instead.
+[ v3_ca ]
+# Extensions for a typical CA (`man x509v3_config`).
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+default_md          = sha512
+
+[ req_distinguished_name ]
+C                   = SG
+ST                  = singapore
+O                   = company name
+OU                  = companyname Certificate Authority
+CN                  = hi Intermediate CA
diff --git a/config_files/certificate-authority/config/create_root_cert.ini b/config_files/certificate-authority/config/create_root_cert.ini
new file mode 100644
index 0000000..3321dd4
--- /dev/null
+++ b/config_files/certificate-authority/config/create_root_cert.ini
@@ -0,0 +1,55 @@
+[ ca ]
+# `man ca`
+default_ca = CA_default
+
+[ CA_default ]
+# Directory and file locations.
+dir               = /opt/certificate-authority
+certs             = $dir/certs
+crl_dir           = $dir/crl
+new_certs_dir     = $dir/newcerts
+database          = $dir/index.txt
+serial            = $dir/serial
+
+# SHA-1 is deprecated, so use SHA-2 instead.
+default_md        = sha512
+
+name_opt          = ca_default
+cert_opt          = ca_default
+default_days      = 375
+preserve          = no
+policy            = policy_strict
+
+[ policy_strict ]
+# The root CA should only sign intermediate certificates that match.
+# See the POLICY FORMAT section of `man ca`.
+countryName             = match
+stateOrProvinceName     = match
+organizationName        = match
+organizationalUnitName  = optional
+commonName              = supplied
+emailAddress            = optional
+
+[ req ]
+# Options for the `req` tool (`man req`).
+default_bits        = 4096
+distinguished_name  = req_distinguished_name
+string_mask         = utf8only
+prompt              = no
+
+# SHA-1 is deprecated, so use SHA-2 instead.
+default_md          = sha512
+
+[ req_distinguished_name ]
+C                   = sg
+ST                  = hi
+O                   = hi
+OU                  = hi Certificate Authority
+CN                  = hi Root CA
+
+[ v3_ca ]
+# Extensions for a typical CA (`man x509v3_config`).
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
diff --git a/config_files/certificate-authority/config/fullchain.crt b/config_files/certificate-authority/config/fullchain.crt
new file mode 100644
index 0000000..d17d14e
--- /dev/null
+++ b/config_files/certificate-authority/config/fullchain.crt
@@ -0,0 +1,55 @@
+-----BEGIN CERTIFICATE-----
+MIIEEzCCA5mgAwIBAgIUdPIUkJpPJEojUqKFG8wPExCcuA4wCgYIKoZIzj0EAwQw
+gYExCzAJBgNVBAYTAlNHMRIwEAYDVQQIDAlzaW5nYXBvcmUxFTATBgNVBAoMDGNv
+bXBhbnkgbmFtZTEqMCgGA1UECwwhY29tcGFueW5hbWUgQ2VydGlmaWNhdGUgQXV0
+aG9yaXR5MRswGQYDVQQDDBJoaSBJbnRlcm1lZGlhdGUgQ0EwHhcNMjQxMTEyMTk0
+ODE3WhcNMjUxMTIyMTk0ODE3WjBoMQswCQYDVQQGEwJVUzESMBAGA1UECAwJWW91
+clN0YXRlMREwDwYDVQQHDAhZb3VyQ2l0eTEZMBcGA1UECgwQWW91ck9yZ2FuaXph
+dGlvbjEXMBUGA1UEAwwOeW91cmRvbWFpbi5jb20wggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQCSxTDiQWEArAFdVLF8fYnY5jqCUiYo4CPE1GLL/vI2t/0u
+8a//yWWuZaOK0z3Mj0FRuUofXEJGGXB2fFs1qStuyYBEpwJaJm7uhm1zNLakC4I7
+V12Bs5/edw8qMQLmGu7kqQ0PiOMTuS2GS2EhPUnKIErqhiQBgv56hW4o86SGjnYb
+rGSBCAys6NpaqPC8oMOXjJs5T0bbyHaT8ga2zaLlD4pBcho+2sWITWtv9eMZFuva
+kE8vHNR48mbR5FuZ1CJenxU62NHZcfIaMChYN5KjGdHGqCFbPXzxehaX0Ofhghc6
+Z28KiP+AbQwaMEAqRrvU0V7GTLmE6DAWvmYJslGxAgMBAAGjggE6MIIBNjAJBgNV
+HRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAzBglghkgBhvhCAQ0EJhYkT3BlblNT
+TCBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1UdDgQWBBScPhckKM30
+e6q7bJiXfbXIk6qhSzCBnAYDVR0jBIGUMIGRgBQSutLIyJsePNmzX9GhghKTR5XT
+w6FjpGEwXzELMAkGA1UEBhMCc2cxCzAJBgNVBAgMAmhpMQswCQYDVQQKDAJoaTEh
+MB8GA1UECwwYaGkgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRMwEQYDVQQDDApoaSBS
+b290IENBghQ3yksY6003XwZ6WpPv6BvlNMRG1zAOBgNVHQ8BAf8EBAMCBaAwEwYD
+VR0lBAwwCgYIKwYBBQUHAwEwCgYIKoZIzj0EAwQDaAAwZQIwEwNmLeDtForhC2WY
+JCcijzNBlKLGvKRP0KXGh3Uhfl+ZZOhmTYM5lnbZ1XDrZG2YAjEA9oU5b7AEqtIO
+5uYkFrKJ49qA8crVH84thHvfYrOMMJNO8v1fgDtiKayzHnQq+61V
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIChjCCAgygAwIBAgIUN8pLGOtNN18GelqT7+gb5TTERtcwCgYIKoZIzj0EAwQw
+XzELMAkGA1UEBhMCc2cxCzAJBgNVBAgMAmhpMQswCQYDVQQKDAJoaTEhMB8GA1UE
+CwwYaGkgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRMwEQYDVQQDDApoaSBSb290IENB
+MB4XDTI0MTExMjE5MzYwNVoXDTI5MTExMTE5MzYwNVowgYExCzAJBgNVBAYTAlNH
+MRIwEAYDVQQIDAlzaW5nYXBvcmUxFTATBgNVBAoMDGNvbXBhbnkgbmFtZTEqMCgG
+A1UECwwhY29tcGFueW5hbWUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRswGQYDVQQD
+DBJoaSBJbnRlcm1lZGlhdGUgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQHjbSZ
+S/10AselloIpzwY56f1pntc622qiJ/lB3O9WDkSEt5UpdXumtehRVKHkTCK2U6Wc
+ldyBA5aVkj4DpSFgLgfWI/+23WzI5bzYtyEW7VuwsEwWTq6y2PpWVULZzUijZjBk
+MB0GA1UdDgQWBBQSutLIyJsePNmzX9GhghKTR5XTwzAfBgNVHSMEGDAWgBQ1I3hI
+xxMh1tp7g4SRVmjAgyEapTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQE
+AwIBhjAKBggqhkjOPQQDBANoADBlAjBpqaP5p29kRuZrdmjTJq/laWpenSZiXK4m
+rJVaBV2V0ajCB4eqTnS4KJORjTfLVOMCMQCf6T3ZH5TN+f1QkHxDM9DUOkyOqOzv
+FXvgRTHcWckPqceCIgO4IWFS7WxgyvEmlr4=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICYDCCAeagAwIBAgIUKzrohjd0kem8ZlOdZ3Z/WCacRW4wCgYIKoZIzj0EAwQw
+XzELMAkGA1UEBhMCc2cxCzAJBgNVBAgMAmhpMQswCQYDVQQKDAJoaTEhMB8GA1UE
+CwwYaGkgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRMwEQYDVQQDDApoaSBSb290IENB
+MB4XDTI0MTExMjE5Mjg1OFoXDTM0MTExMDE5Mjg1OFowXzELMAkGA1UEBhMCc2cx
+CzAJBgNVBAgMAmhpMQswCQYDVQQKDAJoaTEhMB8GA1UECwwYaGkgQ2VydGlmaWNh
+dGUgQXV0aG9yaXR5MRMwEQYDVQQDDApoaSBSb290IENBMHYwEAYHKoZIzj0CAQYF
+K4EEACIDYgAEDu8tCkFEHPtSprQKEp+QNUxEMQHPPYAqOtLFYLQrgZV862d/tCms
+2ZN610YgJ4Q2jzPoG+OT75/cA66bqfRik0GY6Uc/YIzXVjFIdnLPv36w0gUnazdZ
+7J3U95JZ9006o2MwYTAdBgNVHQ4EFgQUNSN4SMcTIdbae4OEkVZowIMhGqUwHwYD
+VR0jBBgwFoAUNSN4SMcTIdbae4OEkVZowIMhGqUwDwYDVR0TAQH/BAUwAwEB/zAO
+BgNVHQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwQDaAAwZQIwDwyap3b/a6em5Q2AOCf7
+sWJfyC1WW/6UAZ3smu5LT5zd+nBeuiQ5OinIWm8xAXUDAjEAxjDUWD1avBtFV6sw
+FHb91laAakaee7EgVkEng1kqEkzza9cNGghek2aIPV5nHXH+
+-----END CERTIFICATE-----
diff --git a/config_files/certificate-authority/config/normalcli/client.crt b/config_files/certificate-authority/config/normalcli/client.crt
new file mode 100755
index 0000000..e7bcb9a
--- /dev/null
+++ b/config_files/certificate-authority/config/normalcli/client.crt
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEBDCCA4mgAwIBAgIUdPIUkJpPJEojUqKFG8wPExCcuBAwCgYIKoZIzj0EAwQw
+gYExCzAJBgNVBAYTAlNHMRIwEAYDVQQIDAlzaW5nYXBvcmUxFTATBgNVBAoMDGNv
+bXBhbnkgbmFtZTEqMCgGA1UECwwhY29tcGFueW5hbWUgQ2VydGlmaWNhdGUgQXV0
+aG9yaXR5MRswGQYDVQQDDBJoaSBJbnRlcm1lZGlhdGUgQ0EwHhcNMjQxMTEyMjIw
+MjQ0WhcNMjUxMTIyMjIwMjQ0WjBYMQswCQYDVQQGEwJVUzESMBAGA1UECAwJWW91
+clN0YXRlMREwDwYDVQQHDAhZb3VyQ2l0eTEQMA4GA1UECgwHWW91ck9yZzEQMA4G
+A1UEAwwHY2xpZW50MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANik
+xK/PaOCf2ewyWsZ2paKGWTBmu+72qDDIIJHYAT+7vp/n7m91K0+MhzOsDwdJH/vH
+oT1Wy30Q6eGRG6EgiL6oHbWWp+Rp6zDHAHXc+IYDWqs6ipUOYBbaXllHirnlkG3z
+XJ11d05gxWPsXjDw96O91CKJPtSIC0kyVU4E22SM0Qcv0IaHsBG1+bYOtOT0wNE5
+v/pvNJYP7Oe4H+8s6rZZr+S5AT+JdU7B4+tyzI40M+4cjrVi987C3Y1qZ80MN4L6
+IWSjSVOwe8I1Ktj7fJ11GBGsWrxeOu4G9KtpVTyI+TNyg6UMR805J6c+BR6t7C5Z
+aUdsAaqX66Nsw3pNDo8CAwEAAaOCATowggE2MAkGA1UdEwQCMAAwEQYJYIZIAYb4
+QgEBBAQDAgeAMDMGCWCGSAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBDbGll
+bnQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFNh/IRK0n80go6/SriULim3nGAkKMIGc
+BgNVHSMEgZQwgZGAFBK60sjImx482bNf0aGCEpNHldPDoWOkYTBfMQswCQYDVQQG
+EwJzZzELMAkGA1UECAwCaGkxCzAJBgNVBAoMAmhpMSEwHwYDVQQLDBhoaSBDZXJ0
+aWZpY2F0ZSBBdXRob3JpdHkxEzARBgNVBAMMCmhpIFJvb3QgQ0GCFDfKSxjrTTdf
+Bnpak+/oG+U0xEbXMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcD
+AjAKBggqhkjOPQQDBANpADBmAjEA6gSZO2a0iijgvcYOm9fB8vIgwYDlrEytmIt4
+DWSRP7k9/a+CW6CfNf8IWNDmfNOmAjEAsbP8DRJ3Bb5iEwE3XAACAHANnMNWCJ05
+1FLmX4pIQee05665Uao7HcTCPAGNJpRY
+-----END CERTIFICATE-----
diff --git a/config_files/certificate-authority/config/normalcli/client.csr b/config_files/certificate-authority/config/normalcli/client.csr
new file mode 100755
index 0000000..356b308
--- /dev/null
+++ b/config_files/certificate-authority/config/normalcli/client.csr
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICnTCCAYUCAQAwWDELMAkGA1UEBhMCVVMxEjAQBgNVBAgMCVlvdXJTdGF0ZTER
+MA8GA1UEBwwIWW91ckNpdHkxEDAOBgNVBAoMB1lvdXJPcmcxEDAOBgNVBAMMB2Ns
+aWVudDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYpMSvz2jgn9ns
+MlrGdqWihlkwZrvu9qgwyCCR2AE/u76f5+5vdStPjIczrA8HSR/7x6E9Vst9EOnh
+kRuhIIi+qB21lqfkaeswxwB13PiGA1qrOoqVDmAW2l5ZR4q55ZBt81yddXdOYMVj
+7F4w8PejvdQiiT7UiAtJMlVOBNtkjNEHL9CGh7ARtfm2DrTk9MDROb/6bzSWD+zn
+uB/vLOq2Wa/kuQE/iXVOwePrcsyONDPuHI61YvfOwt2NamfNDDeC+iFko0lTsHvC
+NSrY+3yddRgRrFq8XjruBvSraVU8iPkzcoOlDEfNOSenPgUerewuWWlHbAGql+uj
+bMN6TQ6PAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAwj/+j8IWQZ99yV/qE2us
+/YK7VJWCZgRpYbmrUTOH67evwiRlPEj1reXdyTBHISJ9tnE57mcXn0nbvAWI9tpk
+4/KMJx9g1Jfuid5SgD74ShsFiHn0SP+9O9OEHTZIL5nyQIDu8L6X3KwsB6TsodbH
+pYGBp/jnhz46LBynsTTDIoxa5i+M0dz43oYpLlJqXZE8Srgm/uR8ye2AS/QPvcuC
+bVgw52YgAGNu3PlE3hf0ORtwWasekl6uCTRVTzIf2qptkx3AuUGgSy0biPotyHxt
+rf0NGodVZyb0L4lF/t+4Wk7SyP9zuxq0sA938kLQb3Ob9hTM2i0T4msJplz5He37
+eA==
+-----END CERTIFICATE REQUEST-----
diff --git a/config_files/certificate-authority/config/normalcli/client.key b/config_files/certificate-authority/config/normalcli/client.key
new file mode 100755
index 0000000..4dd0ac4
--- /dev/null
+++ b/config_files/certificate-authority/config/normalcli/client.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDYpMSvz2jgn9ns
+MlrGdqWihlkwZrvu9qgwyCCR2AE/u76f5+5vdStPjIczrA8HSR/7x6E9Vst9EOnh
+kRuhIIi+qB21lqfkaeswxwB13PiGA1qrOoqVDmAW2l5ZR4q55ZBt81yddXdOYMVj
+7F4w8PejvdQiiT7UiAtJMlVOBNtkjNEHL9CGh7ARtfm2DrTk9MDROb/6bzSWD+zn
+uB/vLOq2Wa/kuQE/iXVOwePrcsyONDPuHI61YvfOwt2NamfNDDeC+iFko0lTsHvC
+NSrY+3yddRgRrFq8XjruBvSraVU8iPkzcoOlDEfNOSenPgUerewuWWlHbAGql+uj
+bMN6TQ6PAgMBAAECggEAUkh2id3plBMypnLTpnhu3aVQX8FNVOwrImgIcsxLYSUS
+OFLTbVLf0dVqjpYlmRtNgggm9hCutgBEDI/cIh0kwuFAc3VWrDsMgJi81IdKfz/r
+4ogYFZgBp/xlhFxXVNbbvd8GSKnSWBsKLbMbbVRAglj5pupgykEnpDPxUXInz+63
+Ccmwcz82mYw5oAXwGbFWF9P0wfCbBkr13uH7l4yk9jawm2DNC7IlBQ/TzFv8qI0I
+kUM/JB3/LIgqAL/9tniMt5uGJd5WUTagICJCI+bCRKMJVvjq37096gjbLG2LCPn3
+iQ6/0Or202hlpIBWZBcyXW4d2/0EvI5Rz8C0aV0K+QKBgQDyB10vEFUVKqub+AVu
+VEJJSscuhNH/5PpDV2uOycx9bWwIeofcUFyiDCvorJmCtlU8hvyTjdaBbWR8UhEr
+qewf0ZYfO1WVUP1egz5u5Ralph1IYHUoxwStR2knp+JHtuIHuCSnal2Vu8p57uoZ
+i3nNTzadof0XJq2uiSPWGAxYGQKBgQDlJkUA8eZLb4JVrTcOch3OAHlmxizPgJPJ
+SxsGsaQn/636fk9GHiCtRt2oD7tgGpxzBrf6i0Bs1K0wzBbmPtb6JhE+z5nhKirk
+CPXbb/6XN8svQHkIqKlHOqaSTQ96mHfEfcOurpeuYzQDt09Rppgo4eXExRXig1lI
+g0KN4+gQ5wKBgERKh6SL+zXpwFpV9VJYPAvqKaGaoJaPyX3O4O59SlHp2h3aVRN5
+KWof/RO9/+K+B/b4L7SCxQ/oCf56OZYUcCfaP324hEGJhLRyW992jJlY8dJGRUio
+P02VZLpnyJVrqQN8lfsXLCjfwBX/r9ZdYJTp0QNRfdRWeZNR5ua2CmWhAoGBAMRG
+hl5r1K2SotnOF1WJS5wy7cmpP6Kw6GVHrquKJyiXqSbhX/eYQLcK9ztH1mBYCt+/
+xoCVHCbb+EjO12J6OttjFexuF8k0vC48upIuGKzf/mrH16QiC3TWeOzhkruYsyWb
+76vFImkd0eTI8+jlQHnsHEnx4m/1v9kLjUtKBnHLAoGAXyAN75ZRy69QOvrXpjPI
+8Rq48hwCrwwUtIMWNKZFHUA+SlT6fYACfKDwajdkNQjTqJ/KpA/oDVA7He8K2wlM
+2RnYraXx1eivGXIfQvUWcuHOq6CmcJEp+WiVUbLlyKMyPS7hB3PYuWrnYpAwaiBn
+uWGX6LvdsBajP4hpEDM6o7o=
+-----END PRIVATE KEY-----
diff --git a/config_files/certificate-authority/config/server.crt b/config_files/certificate-authority/config/server.crt
new file mode 100644
index 0000000..84447b1
--- /dev/null
+++ b/config_files/certificate-authority/config/server.crt
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEEzCCA5mgAwIBAgIUdPIUkJpPJEojUqKFG8wPExCcuA4wCgYIKoZIzj0EAwQw
+gYExCzAJBgNVBAYTAlNHMRIwEAYDVQQIDAlzaW5nYXBvcmUxFTATBgNVBAoMDGNv
+bXBhbnkgbmFtZTEqMCgGA1UECwwhY29tcGFueW5hbWUgQ2VydGlmaWNhdGUgQXV0
+aG9yaXR5MRswGQYDVQQDDBJoaSBJbnRlcm1lZGlhdGUgQ0EwHhcNMjQxMTEyMTk0
+ODE3WhcNMjUxMTIyMTk0ODE3WjBoMQswCQYDVQQGEwJVUzESMBAGA1UECAwJWW91
+clN0YXRlMREwDwYDVQQHDAhZb3VyQ2l0eTEZMBcGA1UECgwQWW91ck9yZ2FuaXph
+dGlvbjEXMBUGA1UEAwwOeW91cmRvbWFpbi5jb20wggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQCSxTDiQWEArAFdVLF8fYnY5jqCUiYo4CPE1GLL/vI2t/0u
+8a//yWWuZaOK0z3Mj0FRuUofXEJGGXB2fFs1qStuyYBEpwJaJm7uhm1zNLakC4I7
+V12Bs5/edw8qMQLmGu7kqQ0PiOMTuS2GS2EhPUnKIErqhiQBgv56hW4o86SGjnYb
+rGSBCAys6NpaqPC8oMOXjJs5T0bbyHaT8ga2zaLlD4pBcho+2sWITWtv9eMZFuva
+kE8vHNR48mbR5FuZ1CJenxU62NHZcfIaMChYN5KjGdHGqCFbPXzxehaX0Ofhghc6
+Z28KiP+AbQwaMEAqRrvU0V7GTLmE6DAWvmYJslGxAgMBAAGjggE6MIIBNjAJBgNV
+HRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAzBglghkgBhvhCAQ0EJhYkT3BlblNT
+TCBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1UdDgQWBBScPhckKM30
+e6q7bJiXfbXIk6qhSzCBnAYDVR0jBIGUMIGRgBQSutLIyJsePNmzX9GhghKTR5XT
+w6FjpGEwXzELMAkGA1UEBhMCc2cxCzAJBgNVBAgMAmhpMQswCQYDVQQKDAJoaTEh
+MB8GA1UECwwYaGkgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRMwEQYDVQQDDApoaSBS
+b290IENBghQ3yksY6003XwZ6WpPv6BvlNMRG1zAOBgNVHQ8BAf8EBAMCBaAwEwYD
+VR0lBAwwCgYIKwYBBQUHAwEwCgYIKoZIzj0EAwQDaAAwZQIwEwNmLeDtForhC2WY
+JCcijzNBlKLGvKRP0KXGh3Uhfl+ZZOhmTYM5lnbZ1XDrZG2YAjEA9oU5b7AEqtIO
+5uYkFrKJ49qA8crVH84thHvfYrOMMJNO8v1fgDtiKayzHnQq+61V
+-----END CERTIFICATE-----
diff --git a/config_files/certificate-authority/config/server.csr b/config_files/certificate-authority/config/server.csr
new file mode 100644
index 0000000..9e5e167
--- /dev/null
+++ b/config_files/certificate-authority/config/server.csr
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICrTCCAZUCAQAwaDELMAkGA1UEBhMCVVMxEjAQBgNVBAgMCVlvdXJTdGF0ZTER
+MA8GA1UEBwwIWW91ckNpdHkxGTAXBgNVBAoMEFlvdXJPcmdhbml6YXRpb24xFzAV
+BgNVBAMMDnlvdXJkb21haW4uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAksUw4kFhAKwBXVSxfH2J2OY6glImKOAjxNRiy/7yNrf9LvGv/8llrmWj
+itM9zI9BUblKH1xCRhlwdnxbNakrbsmARKcCWiZu7oZtczS2pAuCO1ddgbOf3ncP
+KjEC5hru5KkND4jjE7kthkthIT1JyiBK6oYkAYL+eoVuKPOkho52G6xkgQgMrOja
+WqjwvKDDl4ybOU9G28h2k/IGts2i5Q+KQXIaPtrFiE1rb/XjGRbr2pBPLxzUePJm
+0eRbmdQiXp8VOtjR2XHyGjAoWDeSoxnRxqghWz188XoWl9Dn4YIXOmdvCoj/gG0M
+GjBAKka71NFexky5hOgwFr5mCbJRsQIDAQABoAAwDQYJKoZIhvcNAQELBQADggEB
+ABrlYpipRamlAk0zMYb2J/Yk/sw6T41OzWhG4Z6n6V5KSmCbTO/KgUIjeRMmIilE
+yE2LTJL1aUFDkAib7SJu02U4iZquRDsGSzQbT4xnhzTz4esOowkXEZGFdCV/qhDK
+lN34yFV+oNGT9nO3TjKE2SJPiDlfgMdRikoYPNWo6yv+0l3a4jWiTqq7Xn0derEu
+ZHPBhAuJvWzrD3ixap4BOlSKNp9C0dFuLhbnu9SAuy4uL/rjWsOH+KZVW388MlzA
+CibAN3GHmm7xzNUTrXrX3w5w3mU1O3IKKWu1u/EQTPq8/WfmRcvOg+xhqlOEvCGx
+YrwlWlETn28qAuq0WTa3+Gg=
+-----END CERTIFICATE REQUEST-----
diff --git a/config_files/certificate-authority/config/sign_intermediate_csr.ini b/config_files/certificate-authority/config/sign_intermediate_csr.ini
new file mode 100644
index 0000000..09a20f7
--- /dev/null
+++ b/config_files/certificate-authority/config/sign_intermediate_csr.ini
@@ -0,0 +1,43 @@
+[ ca ]
+# `man ca`
+default_ca = CA_default
+
+[ CA_default ]
+# Directory and file locations.
+dir               = /opt/certificate-authority
+certs             = $dir/certs
+crl_dir           = $dir/crl
+new_certs_dir     = $dir/newcerts
+database          = $dir/index.txt
+serial            = $dir/serial
+
+# The root key and root certificate.
+private_key       = pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0104964;token=SmartCard-HSM%20%28UserPIN%29;id=%BA%6C%1F%2B%2B%16%E9%7B%4F%31%B0%91%19%73%2F%C8%DF%78%3A%FD;object=root;type=private
+certificate       = ../certs/root.crt
+
+# SHA-1 is deprecated, so use SHA-2 instead.
+default_md        = sha512
+
+name_opt          = ca_default
+cert_opt          = ca_default
+default_days      = 375
+preserve          = no
+policy            = policy_loose
+
+[ policy_loose ]
+# Allow the intermediate CA to sign a more diverse range of certificates.
+# See the POLICY FORMAT section of the `ca` man page.
+countryName             = optional
+stateOrProvinceName     = optional
+localityName            = optional
+organizationName        = optional
+organizationalUnitName  = optional
+commonName              = supplied
+emailAddress            = optional
+
+[ v3_intermediate_ca ]
+# Extensions for a typical intermediate CA (`man x509v3_config`).
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true, pathlen:0
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
diff --git a/config_files/certificate-authority/config/sign_server_and_client_csrs.ini b/config_files/certificate-authority/config/sign_server_and_client_csrs.ini
new file mode 100644
index 0000000..0cffc13
--- /dev/null
+++ b/config_files/certificate-authority/config/sign_server_and_client_csrs.ini
@@ -0,0 +1,45 @@
+[ ca ]
+default_ca = CA_default
+
+[ CA_default ]
+dir               = /opt/certificate-authority/intermediate
+certs             = $dir/certs
+crl_dir           = $dir/crl
+new_certs_dir     = $dir/newcerts
+database          = $dir/index.txt
+serial            = $dir/serial
+private_key       = pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0104964;token=SmartCard-HSM%20%28UserPIN%29;id=%D6%0E%28%C8%ED%2B%D5%FF%87%6B%88%06%4F%5B%70%1A%E5%F7%B4%99;object=intermediate;type=private
+certificate       = $dir/certs/intermediate.crt
+default_md        = sha512
+name_opt         = ca_default
+cert_opt         = ca_default
+default_days     = 375
+preserve         = no
+policy           = policy_loose
+
+[ policy_loose ]
+countryName             = optional
+stateOrProvinceName     = optional
+localityName            = optional
+organizationName        = optional
+organizationalUnitName  = optional
+commonName              = supplied
+emailAddress            = optional
+
+[ server_cert ]
+basicConstraints = CA:FALSE
+nsCertType = server
+nsComment = "OpenSSL Generated Server Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+keyUsage = critical, digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth
+
+[ client_cert ]
+basicConstraints = CA:FALSE
+nsCertType = client
+nsComment = "OpenSSL Generated Client Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+keyUsage = critical, digitalSignature
+extendedKeyUsage = clientAuth
diff --git a/config_files/certificate-authority/config/yubikey/yubi.crt b/config_files/certificate-authority/config/yubikey/yubi.crt
new file mode 100644
index 0000000..7cd308b
--- /dev/null
+++ b/config_files/certificate-authority/config/yubikey/yubi.crt
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID5zCCA2ygAwIBAgIUdPIUkJpPJEojUqKFG8wPExCcuA8wCgYIKoZIzj0EAwQw
+gYExCzAJBgNVBAYTAlNHMRIwEAYDVQQIDAlzaW5nYXBvcmUxFTATBgNVBAoMDGNv
+bXBhbnkgbmFtZTEqMCgGA1UECwwhY29tcGFueW5hbWUgQ2VydGlmaWNhdGUgQXV0
+aG9yaXR5MRswGQYDVQQDDBJoaSBJbnRlcm1lZGlhdGUgQ0EwHhcNMjQxMTEyMjAw
+NDQ4WhcNMjUxMTIyMjAwNDQ4WjA7MQswCQYDVQQGEwJVUzEVMBMGA1UECgwMRXhh
+bXBsZSBDb3JwMRUwEwYDVQQDDAxoaWkgVXNlbmFtZXIwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDJUjjRY+PpNWuR7Zt81ZLtAzTLSP0BwRhOtUB0JM2Y
+sYm/xaxHDvVORIrn58y7SLEo+k2mWdC5CfyelN7hQEw8BakW2n4ka3BMef7Cd+Hp
+ICTIBvRdecYd5Swl3BB22Pus+WuuY9AP1c1+sMUJ5fRp9TG6MdmyYXDbmNmIUvbU
+1NYhaUS9BmE8+Tgcg5BQvvArofk9sR8GVmrfeWRdCIh+Ma+X08UoZLGtkJG3Z51c
+qTUoNBgU61CiRqAEH4PZ5V7zaXgYOpUrr8/ql2e7/WCpn4qmjWDd7DnUCC1VR58z
+lUjFYw9OPPmPZ30IB8fp48Z3tgwynLVX0/iw2o7nPRQtAgMBAAGjggE6MIIBNjAJ
+BgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIHgDAzBglghkgBhvhCAQ0EJhYkT3Bl
+blNTTCBHZW5lcmF0ZWQgQ2xpZW50IENlcnRpZmljYXRlMB0GA1UdDgQWBBQiJrOh
+Pna4bxHGNpRqmaV/IC/jxzCBnAYDVR0jBIGUMIGRgBQSutLIyJsePNmzX9GhghKT
+R5XTw6FjpGEwXzELMAkGA1UEBhMCc2cxCzAJBgNVBAgMAmhpMQswCQYDVQQKDAJo
+aTEhMB8GA1UECwwYaGkgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRMwEQYDVQQDDApo
+aSBSb290IENBghQ3yksY6003XwZ6WpPv6BvlNMRG1zAOBgNVHQ8BAf8EBAMCB4Aw
+EwYDVR0lBAwwCgYIKwYBBQUHAwIwCgYIKoZIzj0EAwQDaQAwZgIxAI0V54UBZJqA
+SWYihKikCdS6S6PB9F0OgibPPgWWSVztbImzZsFGAdVpwS8SDp8JMQIxAMVFxqBk
+29UXxX1SvENRXPKZO6a7iMh6E8VmOd/ZXDVkstuL6sUWTRVuiv3YoBPK3A==
+-----END CERTIFICATE-----
diff --git a/config_files/certificate-authority/config/yubikey/yubi.crt.pem b/config_files/certificate-authority/config/yubikey/yubi.crt.pem
new file mode 100644
index 0000000..7cd308b
--- /dev/null
+++ b/config_files/certificate-authority/config/yubikey/yubi.crt.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID5zCCA2ygAwIBAgIUdPIUkJpPJEojUqKFG8wPExCcuA8wCgYIKoZIzj0EAwQw
+gYExCzAJBgNVBAYTAlNHMRIwEAYDVQQIDAlzaW5nYXBvcmUxFTATBgNVBAoMDGNv
+bXBhbnkgbmFtZTEqMCgGA1UECwwhY29tcGFueW5hbWUgQ2VydGlmaWNhdGUgQXV0
+aG9yaXR5MRswGQYDVQQDDBJoaSBJbnRlcm1lZGlhdGUgQ0EwHhcNMjQxMTEyMjAw
+NDQ4WhcNMjUxMTIyMjAwNDQ4WjA7MQswCQYDVQQGEwJVUzEVMBMGA1UECgwMRXhh
+bXBsZSBDb3JwMRUwEwYDVQQDDAxoaWkgVXNlbmFtZXIwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDJUjjRY+PpNWuR7Zt81ZLtAzTLSP0BwRhOtUB0JM2Y
+sYm/xaxHDvVORIrn58y7SLEo+k2mWdC5CfyelN7hQEw8BakW2n4ka3BMef7Cd+Hp
+ICTIBvRdecYd5Swl3BB22Pus+WuuY9AP1c1+sMUJ5fRp9TG6MdmyYXDbmNmIUvbU
+1NYhaUS9BmE8+Tgcg5BQvvArofk9sR8GVmrfeWRdCIh+Ma+X08UoZLGtkJG3Z51c
+qTUoNBgU61CiRqAEH4PZ5V7zaXgYOpUrr8/ql2e7/WCpn4qmjWDd7DnUCC1VR58z
+lUjFYw9OPPmPZ30IB8fp48Z3tgwynLVX0/iw2o7nPRQtAgMBAAGjggE6MIIBNjAJ
+BgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIHgDAzBglghkgBhvhCAQ0EJhYkT3Bl
+blNTTCBHZW5lcmF0ZWQgQ2xpZW50IENlcnRpZmljYXRlMB0GA1UdDgQWBBQiJrOh
+Pna4bxHGNpRqmaV/IC/jxzCBnAYDVR0jBIGUMIGRgBQSutLIyJsePNmzX9GhghKT
+R5XTw6FjpGEwXzELMAkGA1UEBhMCc2cxCzAJBgNVBAgMAmhpMQswCQYDVQQKDAJo
+aTEhMB8GA1UECwwYaGkgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRMwEQYDVQQDDApo
+aSBSb290IENBghQ3yksY6003XwZ6WpPv6BvlNMRG1zAOBgNVHQ8BAf8EBAMCB4Aw
+EwYDVR0lBAwwCgYIKwYBBQUHAwIwCgYIKoZIzj0EAwQDaQAwZgIxAI0V54UBZJqA
+SWYihKikCdS6S6PB9F0OgibPPgWWSVztbImzZsFGAdVpwS8SDp8JMQIxAMVFxqBk
+29UXxX1SvENRXPKZO6a7iMh6E8VmOd/ZXDVkstuL6sUWTRVuiv3YoBPK3A==
+-----END CERTIFICATE-----
diff --git a/config_files/certificate-authority/config/yubikey/yubi.csr b/config_files/certificate-authority/config/yubikey/yubi.csr
new file mode 100644
index 0000000..f001530
--- /dev/null
+++ b/config_files/certificate-authority/config/yubikey/yubi.csr
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICgDCCAWgCAQAwOzEVMBMGA1UEAwwMaGlpIFVzZW5hbWVyMRUwEwYDVQQKDAxF
+eGFtcGxlIENvcnAxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAyVI40WPj6TVrke2bfNWS7QM0y0j9AcEYTrVAdCTNmLGJv8WsRw71
+TkSK5+fMu0ixKPpNplnQuQn8npTe4UBMPAWpFtp+JGtwTHn+wnfh6SAkyAb0XXnG
+HeUsJdwQdtj7rPlrrmPQD9XNfrDFCeX0afUxujHZsmFw25jZiFL21NTWIWlEvQZh
+PPk4HIOQUL7wK6H5PbEfBlZq33lkXQiIfjGvl9PFKGSxrZCRt2edXKk1KDQYFOtQ
+okagBB+D2eVe82l4GDqVK6/P6pdnu/1gqZ+Kpo1g3ew51AgtVUefM5VIxWMPTjz5
+j2d9CAfH6ePGd7YMMpy1V9P4sNqO5z0ULQIDAQABoAAwDQYJKoZIhvcNAQELBQAD
+ggEBADcx0k7zRU4d9F8yQ7aBLhraIDJ9ZURvEptoUTuzFUu95ACZWOoiATSeLoiJ
+6nnHGksOQjYWCRUNu7lYuyE0SfxeFGCKEH8J2jkX8Z5JhKyc+VZeuaD+pu8gH3gz
+RIl2Dz8L9npMQGSQrdAwJyyohHERYNSrW0OWwHP38yqqpA4rRUGHDmZtPRUjirnq
+zABvt5rJAM7nx1Q+OGYupdzrg5fFtlN3JNWl2EZpe2e65A13k+nBNSSBt2aLyfVV
+9GXblWRhei/OAIJTThXW+dex5aU8ujDgeGnHrtR5r7OqkL72+4TI3UZie+k2NOBZ
+zD2XpFWYvUMcvi1oLaTyQ4fulLE=
+-----END CERTIFICATE REQUEST-----
diff --git a/config_files/certificate-authority/config/yubikey/yubi_pubkey.pem b/config_files/certificate-authority/config/yubikey/yubi_pubkey.pem
new file mode 100644
index 0000000..4979331
--- /dev/null
+++ b/config_files/certificate-authority/config/yubikey/yubi_pubkey.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyVI40WPj6TVrke2bfNWS
+7QM0y0j9AcEYTrVAdCTNmLGJv8WsRw71TkSK5+fMu0ixKPpNplnQuQn8npTe4UBM
+PAWpFtp+JGtwTHn+wnfh6SAkyAb0XXnGHeUsJdwQdtj7rPlrrmPQD9XNfrDFCeX0
+afUxujHZsmFw25jZiFL21NTWIWlEvQZhPPk4HIOQUL7wK6H5PbEfBlZq33lkXQiI
+fjGvl9PFKGSxrZCRt2edXKk1KDQYFOtQokagBB+D2eVe82l4GDqVK6/P6pdnu/1g
+qZ+Kpo1g3ew51AgtVUefM5VIxWMPTjz5j2d9CAfH6ePGd7YMMpy1V9P4sNqO5z0U
+LQIDAQAB
+-----END PUBLIC KEY-----
diff --git a/config_files/certificate-authority/index.txt b/config_files/certificate-authority/index.txt
new file mode 100644
index 0000000..f389103
--- /dev/null
+++ b/config_files/certificate-authority/index.txt
@@ -0,0 +1 @@
+V	291111193605Z		37CA4B18EB4D375F067A5A93EFE81BE534C446D7	unknown	/C=SG/ST=singapore/O=company name/OU=companyname Certificate Authority/CN=hi Intermediate CA
diff --git a/config_files/certificate-authority/index.txt.attr b/config_files/certificate-authority/index.txt.attr
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/config_files/certificate-authority/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/config_files/certificate-authority/index.txt.old b/config_files/certificate-authority/index.txt.old
new file mode 100644
index 0000000..e69de29
diff --git a/config_files/certificate-authority/intermediate/certs/intermediate.crt b/config_files/certificate-authority/intermediate/certs/intermediate.crt
new file mode 100644
index 0000000..544c552
--- /dev/null
+++ b/config_files/certificate-authority/intermediate/certs/intermediate.crt
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIIChjCCAgygAwIBAgIUN8pLGOtNN18GelqT7+gb5TTERtcwCgYIKoZIzj0EAwQw
+XzELMAkGA1UEBhMCc2cxCzAJBgNVBAgMAmhpMQswCQYDVQQKDAJoaTEhMB8GA1UE
+CwwYaGkgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRMwEQYDVQQDDApoaSBSb290IENB
+MB4XDTI0MTExMjE5MzYwNVoXDTI5MTExMTE5MzYwNVowgYExCzAJBgNVBAYTAlNH
+MRIwEAYDVQQIDAlzaW5nYXBvcmUxFTATBgNVBAoMDGNvbXBhbnkgbmFtZTEqMCgG
+A1UECwwhY29tcGFueW5hbWUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRswGQYDVQQD
+DBJoaSBJbnRlcm1lZGlhdGUgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQHjbSZ
+S/10AselloIpzwY56f1pntc622qiJ/lB3O9WDkSEt5UpdXumtehRVKHkTCK2U6Wc
+ldyBA5aVkj4DpSFgLgfWI/+23WzI5bzYtyEW7VuwsEwWTq6y2PpWVULZzUijZjBk
+MB0GA1UdDgQWBBQSutLIyJsePNmzX9GhghKTR5XTwzAfBgNVHSMEGDAWgBQ1I3hI
+xxMh1tp7g4SRVmjAgyEapTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQE
+AwIBhjAKBggqhkjOPQQDBANoADBlAjBpqaP5p29kRuZrdmjTJq/laWpenSZiXK4m
+rJVaBV2V0ajCB4eqTnS4KJORjTfLVOMCMQCf6T3ZH5TN+f1QkHxDM9DUOkyOqOzv
+FXvgRTHcWckPqceCIgO4IWFS7WxgyvEmlr4=
+-----END CERTIFICATE-----
diff --git a/config_files/certificate-authority/intermediate/csr/intermediate.csr b/config_files/certificate-authority/intermediate/csr/intermediate.csr
new file mode 100644
index 0000000..b9d5e3f
--- /dev/null
+++ b/config_files/certificate-authority/intermediate/csr/intermediate.csr
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBezCCAQECAQAwgYExCzAJBgNVBAYTAlNHMRIwEAYDVQQIDAlzaW5nYXBvcmUx
+FTATBgNVBAoMDGNvbXBhbnkgbmFtZTEqMCgGA1UECwwhY29tcGFueW5hbWUgQ2Vy
+dGlmaWNhdGUgQXV0aG9yaXR5MRswGQYDVQQDDBJoaSBJbnRlcm1lZGlhdGUgQ0Ew
+djAQBgcqhkjOPQIBBgUrgQQAIgNiAAQHjbSZS/10AselloIpzwY56f1pntc622qi
+J/lB3O9WDkSEt5UpdXumtehRVKHkTCK2U6WcldyBA5aVkj4DpSFgLgfWI/+23WzI
+5bzYtyEW7VuwsEwWTq6y2PpWVULZzUigADAKBggqhkjOPQQDBANoADBlAjAwViQS
+f1Bk2z0kdYI5RVorbdJ0nDgxIJ61NmqO0zAB6Rozpgpz13V4G0ozK9D3J68CMQDl
+KAr4P5yRuN8yzKUb+kl4WwnAu5NRtly7xc/uzlqhNOyUcHPRnr8YygbqhjKujBg=
+-----END CERTIFICATE REQUEST-----
diff --git a/config_files/certificate-authority/intermediate/index.txt b/config_files/certificate-authority/intermediate/index.txt
new file mode 100644
index 0000000..248f6f5
--- /dev/null
+++ b/config_files/certificate-authority/intermediate/index.txt
@@ -0,0 +1,3 @@
+V	251122194817Z		74F214909A4F244A2352A2851BCC0F13109CB80E	unknown	/C=US/ST=YourState/L=YourCity/O=YourOrganization/CN=yourdomain.com
+V	251122200448Z		74F214909A4F244A2352A2851BCC0F13109CB80F	unknown	/C=US/O=Example Corp/CN=hii Usenamer
+V	251122220244Z		74F214909A4F244A2352A2851BCC0F13109CB810	unknown	/C=US/ST=YourState/L=YourCity/O=YourOrg/CN=client2
diff --git a/config_files/certificate-authority/intermediate/index.txt.attr b/config_files/certificate-authority/intermediate/index.txt.attr
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/config_files/certificate-authority/intermediate/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/config_files/certificate-authority/intermediate/index.txt.attr.old b/config_files/certificate-authority/intermediate/index.txt.attr.old
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/config_files/certificate-authority/intermediate/index.txt.attr.old
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/config_files/certificate-authority/intermediate/index.txt.old b/config_files/certificate-authority/intermediate/index.txt.old
new file mode 100644
index 0000000..a701b7b
--- /dev/null
+++ b/config_files/certificate-authority/intermediate/index.txt.old
@@ -0,0 +1,2 @@
+V	251122194817Z		74F214909A4F244A2352A2851BCC0F13109CB80E	unknown	/C=US/ST=YourState/L=YourCity/O=YourOrganization/CN=yourdomain.com
+V	251122200448Z		74F214909A4F244A2352A2851BCC0F13109CB80F	unknown	/C=US/O=Example Corp/CN=hii Usenamer
diff --git a/config_files/certificate-authority/intermediate/newcerts/74F214909A4F244A2352A2851BCC0F13109CB80E.pem b/config_files/certificate-authority/intermediate/newcerts/74F214909A4F244A2352A2851BCC0F13109CB80E.pem
new file mode 100644
index 0000000..84447b1
--- /dev/null
+++ b/config_files/certificate-authority/intermediate/newcerts/74F214909A4F244A2352A2851BCC0F13109CB80E.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEEzCCA5mgAwIBAgIUdPIUkJpPJEojUqKFG8wPExCcuA4wCgYIKoZIzj0EAwQw
+gYExCzAJBgNVBAYTAlNHMRIwEAYDVQQIDAlzaW5nYXBvcmUxFTATBgNVBAoMDGNv
+bXBhbnkgbmFtZTEqMCgGA1UECwwhY29tcGFueW5hbWUgQ2VydGlmaWNhdGUgQXV0
+aG9yaXR5MRswGQYDVQQDDBJoaSBJbnRlcm1lZGlhdGUgQ0EwHhcNMjQxMTEyMTk0
+ODE3WhcNMjUxMTIyMTk0ODE3WjBoMQswCQYDVQQGEwJVUzESMBAGA1UECAwJWW91
+clN0YXRlMREwDwYDVQQHDAhZb3VyQ2l0eTEZMBcGA1UECgwQWW91ck9yZ2FuaXph
+dGlvbjEXMBUGA1UEAwwOeW91cmRvbWFpbi5jb20wggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQCSxTDiQWEArAFdVLF8fYnY5jqCUiYo4CPE1GLL/vI2t/0u
+8a//yWWuZaOK0z3Mj0FRuUofXEJGGXB2fFs1qStuyYBEpwJaJm7uhm1zNLakC4I7
+V12Bs5/edw8qMQLmGu7kqQ0PiOMTuS2GS2EhPUnKIErqhiQBgv56hW4o86SGjnYb
+rGSBCAys6NpaqPC8oMOXjJs5T0bbyHaT8ga2zaLlD4pBcho+2sWITWtv9eMZFuva
+kE8vHNR48mbR5FuZ1CJenxU62NHZcfIaMChYN5KjGdHGqCFbPXzxehaX0Ofhghc6
+Z28KiP+AbQwaMEAqRrvU0V7GTLmE6DAWvmYJslGxAgMBAAGjggE6MIIBNjAJBgNV
+HRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAzBglghkgBhvhCAQ0EJhYkT3BlblNT
+TCBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1UdDgQWBBScPhckKM30
+e6q7bJiXfbXIk6qhSzCBnAYDVR0jBIGUMIGRgBQSutLIyJsePNmzX9GhghKTR5XT
+w6FjpGEwXzELMAkGA1UEBhMCc2cxCzAJBgNVBAgMAmhpMQswCQYDVQQKDAJoaTEh
+MB8GA1UECwwYaGkgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRMwEQYDVQQDDApoaSBS
+b290IENBghQ3yksY6003XwZ6WpPv6BvlNMRG1zAOBgNVHQ8BAf8EBAMCBaAwEwYD
+VR0lBAwwCgYIKwYBBQUHAwEwCgYIKoZIzj0EAwQDaAAwZQIwEwNmLeDtForhC2WY
+JCcijzNBlKLGvKRP0KXGh3Uhfl+ZZOhmTYM5lnbZ1XDrZG2YAjEA9oU5b7AEqtIO
+5uYkFrKJ49qA8crVH84thHvfYrOMMJNO8v1fgDtiKayzHnQq+61V
+-----END CERTIFICATE-----
diff --git a/config_files/certificate-authority/intermediate/newcerts/74F214909A4F244A2352A2851BCC0F13109CB80F.pem b/config_files/certificate-authority/intermediate/newcerts/74F214909A4F244A2352A2851BCC0F13109CB80F.pem
new file mode 100644
index 0000000..7cd308b
--- /dev/null
+++ b/config_files/certificate-authority/intermediate/newcerts/74F214909A4F244A2352A2851BCC0F13109CB80F.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID5zCCA2ygAwIBAgIUdPIUkJpPJEojUqKFG8wPExCcuA8wCgYIKoZIzj0EAwQw
+gYExCzAJBgNVBAYTAlNHMRIwEAYDVQQIDAlzaW5nYXBvcmUxFTATBgNVBAoMDGNv
+bXBhbnkgbmFtZTEqMCgGA1UECwwhY29tcGFueW5hbWUgQ2VydGlmaWNhdGUgQXV0
+aG9yaXR5MRswGQYDVQQDDBJoaSBJbnRlcm1lZGlhdGUgQ0EwHhcNMjQxMTEyMjAw
+NDQ4WhcNMjUxMTIyMjAwNDQ4WjA7MQswCQYDVQQGEwJVUzEVMBMGA1UECgwMRXhh
+bXBsZSBDb3JwMRUwEwYDVQQDDAxoaWkgVXNlbmFtZXIwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDJUjjRY+PpNWuR7Zt81ZLtAzTLSP0BwRhOtUB0JM2Y
+sYm/xaxHDvVORIrn58y7SLEo+k2mWdC5CfyelN7hQEw8BakW2n4ka3BMef7Cd+Hp
+ICTIBvRdecYd5Swl3BB22Pus+WuuY9AP1c1+sMUJ5fRp9TG6MdmyYXDbmNmIUvbU
+1NYhaUS9BmE8+Tgcg5BQvvArofk9sR8GVmrfeWRdCIh+Ma+X08UoZLGtkJG3Z51c
+qTUoNBgU61CiRqAEH4PZ5V7zaXgYOpUrr8/ql2e7/WCpn4qmjWDd7DnUCC1VR58z
+lUjFYw9OPPmPZ30IB8fp48Z3tgwynLVX0/iw2o7nPRQtAgMBAAGjggE6MIIBNjAJ
+BgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIHgDAzBglghkgBhvhCAQ0EJhYkT3Bl
+blNTTCBHZW5lcmF0ZWQgQ2xpZW50IENlcnRpZmljYXRlMB0GA1UdDgQWBBQiJrOh
+Pna4bxHGNpRqmaV/IC/jxzCBnAYDVR0jBIGUMIGRgBQSutLIyJsePNmzX9GhghKT
+R5XTw6FjpGEwXzELMAkGA1UEBhMCc2cxCzAJBgNVBAgMAmhpMQswCQYDVQQKDAJo
+aTEhMB8GA1UECwwYaGkgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRMwEQYDVQQDDApo
+aSBSb290IENBghQ3yksY6003XwZ6WpPv6BvlNMRG1zAOBgNVHQ8BAf8EBAMCB4Aw
+EwYDVR0lBAwwCgYIKwYBBQUHAwIwCgYIKoZIzj0EAwQDaQAwZgIxAI0V54UBZJqA
+SWYihKikCdS6S6PB9F0OgibPPgWWSVztbImzZsFGAdVpwS8SDp8JMQIxAMVFxqBk
+29UXxX1SvENRXPKZO6a7iMh6E8VmOd/ZXDVkstuL6sUWTRVuiv3YoBPK3A==
+-----END CERTIFICATE-----
diff --git a/config_files/certificate-authority/intermediate/newcerts/74F214909A4F244A2352A2851BCC0F13109CB810.pem b/config_files/certificate-authority/intermediate/newcerts/74F214909A4F244A2352A2851BCC0F13109CB810.pem
new file mode 100644
index 0000000..e7bcb9a
--- /dev/null
+++ b/config_files/certificate-authority/intermediate/newcerts/74F214909A4F244A2352A2851BCC0F13109CB810.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEBDCCA4mgAwIBAgIUdPIUkJpPJEojUqKFG8wPExCcuBAwCgYIKoZIzj0EAwQw
+gYExCzAJBgNVBAYTAlNHMRIwEAYDVQQIDAlzaW5nYXBvcmUxFTATBgNVBAoMDGNv
+bXBhbnkgbmFtZTEqMCgGA1UECwwhY29tcGFueW5hbWUgQ2VydGlmaWNhdGUgQXV0
+aG9yaXR5MRswGQYDVQQDDBJoaSBJbnRlcm1lZGlhdGUgQ0EwHhcNMjQxMTEyMjIw
+MjQ0WhcNMjUxMTIyMjIwMjQ0WjBYMQswCQYDVQQGEwJVUzESMBAGA1UECAwJWW91
+clN0YXRlMREwDwYDVQQHDAhZb3VyQ2l0eTEQMA4GA1UECgwHWW91ck9yZzEQMA4G
+A1UEAwwHY2xpZW50MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANik
+xK/PaOCf2ewyWsZ2paKGWTBmu+72qDDIIJHYAT+7vp/n7m91K0+MhzOsDwdJH/vH
+oT1Wy30Q6eGRG6EgiL6oHbWWp+Rp6zDHAHXc+IYDWqs6ipUOYBbaXllHirnlkG3z
+XJ11d05gxWPsXjDw96O91CKJPtSIC0kyVU4E22SM0Qcv0IaHsBG1+bYOtOT0wNE5
+v/pvNJYP7Oe4H+8s6rZZr+S5AT+JdU7B4+tyzI40M+4cjrVi987C3Y1qZ80MN4L6
+IWSjSVOwe8I1Ktj7fJ11GBGsWrxeOu4G9KtpVTyI+TNyg6UMR805J6c+BR6t7C5Z
+aUdsAaqX66Nsw3pNDo8CAwEAAaOCATowggE2MAkGA1UdEwQCMAAwEQYJYIZIAYb4
+QgEBBAQDAgeAMDMGCWCGSAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBDbGll
+bnQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFNh/IRK0n80go6/SriULim3nGAkKMIGc
+BgNVHSMEgZQwgZGAFBK60sjImx482bNf0aGCEpNHldPDoWOkYTBfMQswCQYDVQQG
+EwJzZzELMAkGA1UECAwCaGkxCzAJBgNVBAoMAmhpMSEwHwYDVQQLDBhoaSBDZXJ0
+aWZpY2F0ZSBBdXRob3JpdHkxEzARBgNVBAMMCmhpIFJvb3QgQ0GCFDfKSxjrTTdf
+Bnpak+/oG+U0xEbXMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcD
+AjAKBggqhkjOPQQDBANpADBmAjEA6gSZO2a0iijgvcYOm9fB8vIgwYDlrEytmIt4
+DWSRP7k9/a+CW6CfNf8IWNDmfNOmAjEAsbP8DRJ3Bb5iEwE3XAACAHANnMNWCJ05
+1FLmX4pIQee05665Uao7HcTCPAGNJpRY
+-----END CERTIFICATE-----
diff --git a/config_files/certificate-authority/intermediate/serial b/config_files/certificate-authority/intermediate/serial
new file mode 100644
index 0000000..0d3c40b
--- /dev/null
+++ b/config_files/certificate-authority/intermediate/serial
@@ -0,0 +1 @@
+74F214909A4F244A2352A2851BCC0F13109CB811
diff --git a/config_files/certificate-authority/intermediate/serial.old b/config_files/certificate-authority/intermediate/serial.old
new file mode 100644
index 0000000..85ab993
--- /dev/null
+++ b/config_files/certificate-authority/intermediate/serial.old
@@ -0,0 +1 @@
+74F214909A4F244A2352A2851BCC0F13109CB810
diff --git a/config_files/certificate-authority/newcerts/37CA4B18EB4D375F067A5A93EFE81BE534C446D7.pem b/config_files/certificate-authority/newcerts/37CA4B18EB4D375F067A5A93EFE81BE534C446D7.pem
new file mode 100644
index 0000000..544c552
--- /dev/null
+++ b/config_files/certificate-authority/newcerts/37CA4B18EB4D375F067A5A93EFE81BE534C446D7.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIIChjCCAgygAwIBAgIUN8pLGOtNN18GelqT7+gb5TTERtcwCgYIKoZIzj0EAwQw
+XzELMAkGA1UEBhMCc2cxCzAJBgNVBAgMAmhpMQswCQYDVQQKDAJoaTEhMB8GA1UE
+CwwYaGkgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRMwEQYDVQQDDApoaSBSb290IENB
+MB4XDTI0MTExMjE5MzYwNVoXDTI5MTExMTE5MzYwNVowgYExCzAJBgNVBAYTAlNH
+MRIwEAYDVQQIDAlzaW5nYXBvcmUxFTATBgNVBAoMDGNvbXBhbnkgbmFtZTEqMCgG
+A1UECwwhY29tcGFueW5hbWUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRswGQYDVQQD
+DBJoaSBJbnRlcm1lZGlhdGUgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQHjbSZ
+S/10AselloIpzwY56f1pntc622qiJ/lB3O9WDkSEt5UpdXumtehRVKHkTCK2U6Wc
+ldyBA5aVkj4DpSFgLgfWI/+23WzI5bzYtyEW7VuwsEwWTq6y2PpWVULZzUijZjBk
+MB0GA1UdDgQWBBQSutLIyJsePNmzX9GhghKTR5XTwzAfBgNVHSMEGDAWgBQ1I3hI
+xxMh1tp7g4SRVmjAgyEapTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQE
+AwIBhjAKBggqhkjOPQQDBANoADBlAjBpqaP5p29kRuZrdmjTJq/laWpenSZiXK4m
+rJVaBV2V0ajCB4eqTnS4KJORjTfLVOMCMQCf6T3ZH5TN+f1QkHxDM9DUOkyOqOzv
+FXvgRTHcWckPqceCIgO4IWFS7WxgyvEmlr4=
+-----END CERTIFICATE-----
diff --git a/config_files/certificate-authority/serial b/config_files/certificate-authority/serial
new file mode 100644
index 0000000..0e25be1
--- /dev/null
+++ b/config_files/certificate-authority/serial
@@ -0,0 +1 @@
+37CA4B18EB4D375F067A5A93EFE81BE534C446D8
-- 
cgit v1.2.3-70-g09d2