o.open/Office_Networks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Christoph
2018-05-08 03:01:03 +02:00
commit 1c4c595cd6
3256 changed files with 417972 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
SPR-BE/openvpn/gw-ckubu/ccd/server-gw-ckubu/VPN-SPR-gw-ckubu
+7
View File
@@ -0,0 +1,7 @@
ifconfig-push 10.1.92.2 255.255.255.0
push "route 192.168.92.0 255.255.255.0 10.1.92.1"
push "route 192.168.93.0 255.255.255.0 10.1.92.1"
push "route 192.168.150.0 255.255.255.0 10.1.92.1"
push "route 172.16.92.0 255.255.255.0 10.1.92.1"
iroute 192.168.63.0 255.255.255.0
iroute 192.168.64.0 255.255.255.0
SPR-BE/openvpn/gw-ckubu/client-configs/gw-ckubu.conf
+270
View File
@@ -0,0 +1,270 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote gw-spr.oopen.de 1195
topology subnet
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIGzDCCBLSgAwIBAgIJAMzhic2M9z96MA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMH
VlBOLVNQUjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwIBcNMTgwMzE4MTM1NDAzWhgPMjA1MDAzMTgxMzU0MDNaMIGeMQsw
CQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzAN
BgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UE
AxMHVlBOLVNQUjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJn
dXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDU3Y3K
UW+th51pqc+MttFyQNVQ+TwGUFptpoES5KIDqXifbqQfTLNUch1us+C0e6qt6B/t
ZSotqwAqBgA9bT4ws02sMP2U7U0+sn+rxvb9H/6Q0H4KixfsyTTxqrstEphEE2aF
eC9L3Z4QlJuafsuUWIxT9LW1KnaPV5CIDz/cJZIO/Xc7/TRyiO0ylgf6+br2zAFH
Rm8Tnr1TDUm2ftB0ukG2wsmGhd/+lXPBrXWwC83NBYjFi0o9OZZmAUekyNWUTHQY
UJ1fLJAPLdpoVuxbV0BK6HQdpRvj4KyMBt/kEcGMXSLuAr1/848wI1EI8AuFyaZV
RQdnS6yHxZ4+Mi8YSdXEj+nb/SwBGxz9kmmVUQCTlPm/B4Y5I+3ivS9PxihpSwHo
zJkr8tr+xwfnFXSXB3wPdYu9rD8KmY3/uDYy9iWLg0/xW6keL4luDCVNjltMjc0x
03MOpv9cjN2eBwGyU2dHyyfDPSqSsQi9FZeWmgCzwJ0rL4WywDRc5paXbaWtzdqQ
98gVox7lFbmQIE5VoFc4VTKEIY9D/cLdmZpWzPHOn3vPEc5eAFKb5qZv2IlN420Q
CSCFJAb5orrIj9ALAIvFXfvTv5o7G+ZEvk4eMP39nK1ZXc6/cL7/IapPfy3/vUs0
tEph6pRHP39bcH9pxVAA7WkTS5ZEUshA7NrUEwIDAQABo4IBBzCCAQMwHQYDVR0O
BBYEFHHdskSE3v+RJciX4ZEOWD5SJZ+qMIHTBgNVHSMEgcswgciAFHHdskSE3v+R
JciX4ZEOWD5SJZ+qoYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
TmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLVNQUjEQMA4GA1UEKRMHVlBO
IFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDM4YnNjPc/ejAM
BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQB1cA8o2Fo78xQ8jRdyfbvK
GFH8+SMoOh/8qxj9prk0kLYAro5QnzEBmftHhf3sXevEAUWpr77VL1FxhTXgKUp2
S06S/meC24M/KclxM+W/7AuG9yrJuW122l61OuWUcDWA24oj0KG896Mbw13ieeWS
7XmC1YU5Lix3wiWnjD7QZ+E4dg09z722+zwUi1UwRekzJZmB8pTHHmbX4Yig/K27
STnxQEiVZzlzcvjY6QvC3Sj/aA3YCSNl0bsSwH6GwXXJZ3BEKmm6w+ZRQMTz7+72
q0ybGf43XH4sj2OBm1YvCD8LehygPy2uJYlDxG8zRq2kxYxiWLbncs1x9Acusd7l
Te+k8YArRTqsWLN5Q47sGO4H1clz4ay80TTuz4Vc6JQ3banHDmMFV2nMsR2YtKX6
lKD3lXvMU04ZvZe2SolP1uTto3Jw3cNarigj/nHjn5s16uvy6Q3x4TyVUqyAOqrG
cuGrbYAEqtVnMrrovGZTj73HSwAx2PD+3jJKZH+suwBIijNL90wbkNlsNHlNcQeQ
zQAlYRBdCYWFU+7d86kUWYYrActGZc2MJmBZzZ/Tt7YoOIw6NMnWcpMMTUV+zToP
WWrD5OMDc7EX9BmMg7uif46UF6ol2puGXpQIF/yVRbFk1IiPwhc1ZyCuh+1ugh5+
CZSTeKgLDVjfXlqH1ErAvQ==
-----END CERTIFICATE-----
</ca>
# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIHLjCCBRagAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1TUFIx
EDAOBgNVBCkTB1ZQTiBTUFIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
MB4XDTE4MDMxODIyMTMwNloXDTM4MDMxODIyMTMwNlowgacxCzAJBgNVBAYTAkRF
MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tU1BS
LWd3LWNrdWJ1MRAwDgYDVQQpEwdWUE4gU1BSMR0wGwYJKoZIhvcNAQkBFg5hcmd1
c0Bvb3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANmowNDa
f1Pz+ACS/w8DzUiRIu7i6yfteeWBnVTh4pF0wmmbIV6sq7nFXHefINYYju/szU5D
jqm1750YUPKVmJi7c+CNKkQt2kNa80qPENaZ50TuQAWjHgIgVC1IPpkjk/+2dIk4
rVKPwC0B2qolvH8lj1VXgt6ieRU6CwLCuB5JtvKbOEz0wCS2sCKPscz0R+/9jf+9
DAB6Cr1t4MkawJ7h3mn17N3tmfDUqyGr3hf8nvJgMFBTJsRLKcgdNEfDUGYT1cJ5
8rqNlBjssx24T2Kv/V72tvgv0Y88jDQLJIAO/swqWcYaqKHQAvvmg3zYfri10V9M
sExKswfEvGLgly+3EkMhPuEU9Jqi+c5m4awKGx6Ww0YgJJkhgHw+D8/7/EjiaXM2
sVwSWijStYRmf/LmYlS2Ts38MHAC0WjTd2j8iOB1a4djDv2jGSv0iq3zpv63I0FC
DqVqTWhzJGkMsUowk4AyWrnKNsMfC4ZHG2c8DThAAuKW/OOu+hamGAkUuNC6SYMh
GZus/VoPJudF5vp+5AkthAo/N5wPxIm/nWJXV8Nr9Cd24TIb7TeX6ESWCkZMs/O3
1BWxJZ93n5Pv6uEPlBp1bh5oj69F2vVm9kal8YmpO8jkuwzuwJgs7f300aiG+JJF
+Pz68w/5B170pguuybyq8UQNJJhYMyo9L9nBAgMBAAGjggFqMIIBZjAJBgNVHRME
AjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNh
dGUwHQYDVR0OBBYEFBNSxrpHA9HfrvuHjvuKZnTXkdN2MIHTBgNVHSMEgcswgciA
FHHdskSE3v+RJciX4ZEOWD5SJZ+qoYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0G
A1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZ
MBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLVNQUjEQMA4G
A1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDM
4YnNjPc/ejATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0R
BAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBAEDGKiwnx2nlVB4VpK+H
4fE6KYLjqGCpZLliRxXD2V/zLwXt63hYGMPUxUmqq+nnQAIzbReOf4/3avwuaoMc
h8PGmbTdoZic5Qxu0FwN7f24eemYuEtC8R6jrLVHffuCmNX+n94T9Fw8dh5Z4BY9
W3JHr62y5CkRE03VTWgiu4nRluknwyJFYFcj8p8h6kt9qIoSpcaOTfyrhUUgxu4n
jECCw7ZjZbLvaWq4k5Sea9zBL/5p9phJVvgmZBfioMXKbYrg9MUunWxMDJ2+DRdL
vV7wWwByHrMhfbZ71KPAeJF8MsXR6WHaHTzckqOh0l8O5BPzU07IJxhKh2HI2joa
ZfEf5df99ARtH7yUi9qb2/OgqUe2uF/Z6MDUuuipoK95PACf8yvGGEprzqAEusoS
kvXJAkTHBajNPZf3M909Wqy0C8rRVC06+y9AT1Toba3yTb2wUEOFQ4vwJK+Iwi3d
16za6vzZArEgpij2me5RVblwVoSDlqbTTKN/obTOm3Vr2tBX1NCdVaQuwwWTcAmj
zuMd+bluEOOnlBfATuLdnRdgZAA0LbtQAxOcpdUsxR6KxyXFqlo7wPefx7GJKeTa
At0U50Jw76gTAwxTgdgyBuol998pZheyuFavjH9KmWY/q1N+WyOtPgF30VjbpDNf
GXH8zFh56LyFtBxdpjuVSUEj
-----END CERTIFICATE-----
</cert>
# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJpDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIsMy/MytYtzsCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECM8bcaVcNffeBIIJUNOSqKmf153a
NBjm25drvNrgo+bEd2kxywgcjqIyl/csUjkbx3WWANZZAdRIFgtM2mN6xiGPAzpB
AMU+0FhbMeSC4aaoE6kbu0QREcHxgLemoA1+3c/VMfzTXJQ5xtr84pyBfj7lwYTh
uOC8k5WYV0VCWWwj39TAAfF/eqIzfuN4L2ybSgQyHHyWQPvCgfEPMZi5lBcPtZT5
OQgS30tFTgNOmz+wTex6uOJi0Qqo6MvH3rWv5rRwO17FZU6v+SLXcopvZfrO4WLN
AMHzjIvvfwmO+7/ypLnVdBYCd+CpvBUwcEbPVqrddWhNgidlOkoQzVnK34wexRvm
eDjmm8JbTHFQP8+DMEAODlMPNxMD1vCC/vM7bKMjCNYGjRwrxtL9Z8drp1wgzULJ
8AY3J72+lL1yMQNoch0Niuda3RDBs68FeVvGaFmGCPlzDdfTlex0Pi+BFeuTao0Q
7Y9zfcjyv+p4HxMg6YoIIQYOEogWO58GF1UL0zOJD81j4ihkT7HTWtOskw5E6Kfq
WEWyW5Oe4xR0PZpHNrYVURNg6kIxEBwRFfskFofGac36tKJ2fJseESkuqvXLenNt
Y0Epi/AxwEZa0E+G2ewNPNoBAIvRlOx0CBWWQKeCVaOgsOD0zyqYPsCGFWDl+2d5
i8afGhTw/8oqhwNwr25tWhW1xKbMEGchycywGGQloGvquv7kchJb6lDADZtF1++v
4wgRwtiBYOvkqXSLOpFiZinvmUMmqXD7PqG9yWF7XlnRV8JJ61RP2cuKCTXXCGfI
dtzLnet/4lUV7S0Wd3g1US2iPz6LJ+ngOBQEbAqFvInBiZFyduPwQJo0yswDyJYd
WNhmHumuFSSCdnAF6qVjuKhsNhftY5w+xww6RhAqst1idoVqYSt1LLODwKVQfIPs
uctF108LBYPBGf5tEC5Z1KRpDQO41q3F91eTZTVEH8Su1pW7IbMGt8XTUVRJESbQ
SYH5ELMdd+tb1ccD2fZZV3R6V7vI7ejAzOWdmjqaITtPGsFcMevc36YmJ18OQVBe
mTZJjdx28sGrsoqCSvgc7ii0DFLWZrRs4WRrgoxQq/G0zKLuuGXhlEgVw9QhIfeo
fMj1ebR0oElSimcqwPJYI/DDfhYZUA5Mx2Ewnfs1NS+CGoo+UcDKNHQRR3uEmP7T
1Mhg+MQ3b6ssZ8uZQut1E6bALf9ipH5xkN6rgniJsBL3lzvkN+/5XiE5qz16bmkN
gpF1+8G0/pjDi7a0Fw602ffdD1XAfcV6SMobDgTyMmjybgZHzf6cFy9gKrRa6WV0
do4Oc+uv0Nmj6wrAYO4s/nuJnpeTY0wbuHJgcYnTmUX15kIw+bPJ2UIGjyS8QpkF
evX8XeN48U9mknoQv1OfC6+kE6jgqQiDzigy9nSHFc4kIQWsihO6NKDEia11RWCn
QN3t8sHDNZdFY3dy7nnQRIhFNEy6InjLnUbfhuzgZVaVoaqULH8EmoE78z25zi0H
Xt6P+hkW8zZthYHsucVvyiNqZmIb50MK/5VHuORXsepWD9hX/rEyFxsv71AyBl9x
TSHjk4cgBqVh3uRH8NxNNvWnx7Th03Zk4/2dzNUc5taj3WX2jCH1vaKBMI1BBHJD
QWNIrwCExUOIAbYJLGkyihnTv4PCRlZrYQtMyx0laxYRdWR6lsIk83jcMWkWfhPf
YbYd/XIIR+hOFrUIM28Y2TTPHpJhbuORP7z18o2heUV0ZD3LdMi27/JtsSZHlbOu
nqdP9reWG8Kx6mjEdSFe5hTD0VmZ3Yks1jGp3QBcxQivAbLoXsP5VOMOPr7zXmb1
m9uWqtC+/1L6lAg5iH0YNyvrmRL02uzMiEXBQQDx0CYqcWJY+hwaXU6MnSyUMH7F
H7wAW2cqq1XCBVFWUIPI6P63LUlgewzmseaAGgD7tfbGSsx7BwseMXUwtdOYt+Rp
H8/3QeLLAfgD2Kl7Mv8F8l+KsBRNpaSJVYCqYH5ogzjRiuwDwsOmRdHKRh+r825g
fAJsI3grgZOd7poDQSisRZKOAF/ytTclreostJGfwLEE7IpUA/R7yLPCTI/mdPwT
4zRZ2N0fovkApA6hvhIpnhaA5XXuY7gmN8E0tgokZ7NsiL0JgFUFevEwzvZhlCJI
7edh2kPl379+bT1lgy37Z0V8ntU0S3I/g+6RsepDuWtCGsW434Z+iAAv7aKPJz0H
UqNHS4vElG8tQKBkO+qWRdC19hmM5itQoy/nD935hyZgRBZKFTmO3kNPPyvHVTdJ
hYTN/WAuXAMrP5HvkMv4AXZLQSk/YJCcJsPN5p8Kd40oEuwMumI8HCwXlSnpHnro
prdZrrCCUQ2232zCw5qQ4KZl7i5LB8AkLmNXtMUscHf6Nge3GSTILFaKoFYrDPF5
P6u21fO1R2HcA+b7xKzK6ecpPZA25ggxPMqvRwCnT/gueVSXjOIhd3f2pEs3yVWM
W0HenWuiWcbryuzcPAJytianU1KqtrEYhqFTxcdJAYa4xvFbCtGrmVuJ8NRomSg3
BdL8lOfdYxE5R8VYfVxw2jcLiK4o2Bqjt17kHTzzP95E8Eybkzgo5vycmMedOBsn
rBOUJXYFSo6hONNiMR1vlIxNi2Tdo9w5wKHUerVdXhVSLgvC7SeJeArN6+To+MVR
n73jBAA48VcA8d5miDNnfwEDguP/Fg3+vo9VAWccR3lq9tHT1GkNyz0gyYLxmwoV
2w+QkNYM2SzbrsDJ0GEN7s8gEkeQHuwcXHsdyJnLJQJsTrZaaHDd65BMXseE9dwu
Lgf0zuiq2DCDTJEvabd9siS7wDOxJAKzd3atP1O4ylnzSHgvi7DNQJ8Xeu8FF43L
Sn6KmWhdtfIhL3uNAvI2/6434qWKU4WE5Ro/TjI4uMxmfkTTQPmffJTGnH9nYJjJ
aURTTNSKQGbeyBS9KEUjSyQAAXBaDka4zP93eOi66aeUNaMcod1aKLo9r1LpjVqe
3qLBy7cCP56qaMTJChhwhYWtwyu5AqX2fk4LRAOrm7olFNlbJ/QMYEahztZzFuiO
hCCGNebRqk7IYmXnvoA1gJ7VJEov1QYeLX9xnZqF+qwHzs29pNZwADtvBlWn+MT4
yCy2JxLwIwfVuMsJWRzvHcpeOzmgtDIgUkqGzpjPB5bdtbr7GFbFkpms29DmGLtT
Ujfylfy4W1TZtS1ryCsskAiOrTpXH0G7
-----END ENCRYPTED PRIVATE KEY-----
</key>
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
#
# Note!
# The option "ns-cert-type" has been deprecated since
# version 2.4 and will be removed from later distributions.
#
# Use the modern equivalent "remote-cert-tls"
#
;ns-cert-type server
remote-cert-tls server
# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
50c09d4cd2d32cbfadcc9ebff8e624d2
f7a5730ff6b708aad8a6bb14b3a7619d
e32764bbe875f11ce46213a35500cc2c
fd0b6bf2e7b8cc2392a478ad7f4e7c7a
3fbe2e50a781ea9a4fd83cfaf64725db
98b4740b145e2d948b3b09975866c03b
a268f82e767fa2517b469ec3e563d321
8156f8f192f75bf8385697aeed6b9f33
fd74e02426437c42dc7a85afd828012a
911e7d8e837249d33a4209dbd0a2c017
c0ee31207a0e5ba05e736fa1c9af1cbb
0b39dab31939eb37df367d1eccf61ff3
28135f42ba70344179186cdd0cac5058
9cb4bac7dd08436d1efbd452b72416e8
59bc9118c2c6aba6107faca0604d947f
ff8569318b234e4ddbb68189b1504969
-----END OpenVPN Static key V1-----
</tls-auth>
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
cipher AES-256-CBC
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
;comp-lzo
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1
# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull
SPR-BE/openvpn/gw-ckubu/crl.pem
+18
View File
@@ -0,0 +1,18 @@
-----BEGIN X509 CRL-----
MIIC5zCB0DANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUxDzANBgNVBAgT
BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNV
BAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1TUFIxEDAOBgNVBCkT
B1ZQTiBTUFIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlFw0xODAzMTgx
NTU5NTZaGA8yMDUwMDMxODE1NTk1NlowDQYJKoZIhvcNAQELBQADggIBAHiAKVWa
aJxRcohJGD6hfhXEOhBqV1GxWWuoEP1ONgdgsXTEfEDdK+lTS4P0PNyxEkbFS8OH
TuRfg5OhmONezKAi6C3rGZHeM/jYwlCaoD1mNABgwkBKiU7BeXfdho1j3dhjgZ6f
IYVEcWFM+0UDJsnZHeA6zkpjRTL1AlB0I+mYg5f8fb85SVoxNIk3C8Hh22X19wVd
MHYb4/F/k6AAcetLwuptdgS7nsWQama8BkJ1d9nBLV+aKdx39ZSOWKy4TuExicN3
B41kh1qOqOnTYGkKjLLxn8AGdk4cqvZprraO6UEL4xV7WWRk3n6eaWsp0WLUnpTq
5y3QhdSwne/nT/WAsUVE0qoKz/0LIHwL3YyEFNPpfdKn+0ulp1loqlPfZiGDEZ9s
qs1lPAb8hSj8Gtoh6Ehb9rjH3ia78EVhzG/Npnzcq8IkJW9U9KjvJkjLUYQB0cE9
gAKjMtJ1XWf1G/H6jYHSt85FM/fq8gnQX/yBVJzXlVdYWL4giS1K3kATJ9OjH3TL
xyB0Evi15vG4a5HlbNT6g/a6GvEEfS6ANaBC82uRFK1AjELRCiKvjnOT5AndB/uV
Q/tgplEqJJX2CQrH+BRUe0PWtOl0UYC84fGNr1lySHeWaI3Z3UUYeBIgJ+Y3d7/4
5u5CE+zRVhxqCD1bxxZdJq8F8zQe4fOlWR3L
-----END X509 CRL-----
SPR-BE/openvpn/gw-ckubu/easy-rsa/build-ca
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/build-ca
SPR-BE/openvpn/gw-ckubu/easy-rsa/build-dh
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/build-dh
SPR-BE/openvpn/gw-ckubu/easy-rsa/build-inter
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/build-inter
SPR-BE/openvpn/gw-ckubu/easy-rsa/build-key
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/build-key
SPR-BE/openvpn/gw-ckubu/easy-rsa/build-key-pass
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-pass
SPR-BE/openvpn/gw-ckubu/easy-rsa/build-key-pkcs12
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-pkcs12
SPR-BE/openvpn/gw-ckubu/easy-rsa/build-key-server
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-server
SPR-BE/openvpn/gw-ckubu/easy-rsa/build-req
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/build-req
SPR-BE/openvpn/gw-ckubu/easy-rsa/build-req-pass
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/build-req-pass
SPR-BE/openvpn/gw-ckubu/easy-rsa/clean-all
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/clean-all
SPR-BE/openvpn/gw-ckubu/easy-rsa/inherit-inter
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/inherit-inter
SPR-BE/openvpn/gw-ckubu/easy-rsa/list-crl
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/list-crl
SPR-BE/openvpn/gw-ckubu/easy-rsa/openssl-0.9.6.cnf
+268
View File
@@ -0,0 +1,268 @@
# For use with easy-rsa version 2.0
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
SPR-BE/openvpn/gw-ckubu/easy-rsa/openssl-0.9.8.cnf
+293
View File
@@ -0,0 +1,293 @@
# For use with easy-rsa version 2.0
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0
SPR-BE/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf
+290
View File
@@ -0,0 +1,290 @@
# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
#default_days = 3650 # how long to certify for
default_days = 11688
#default_crl_days= 30 # how long before next CRL
default_crl_days = 11688
default_md = sha256 # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation after 2004).
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0
SPR-BE/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf.ORIG
+288
View File
@@ -0,0 +1,288 @@
# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation after 2004).
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0
SPR-BE/openvpn/gw-ckubu/easy-rsa/openssl.cnf
Symlink
+1
View File
@@ -0,0 +1 @@
/etc/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf
SPR-BE/openvpn/gw-ckubu/easy-rsa/pkitool
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/pkitool
SPR-BE/openvpn/gw-ckubu/easy-rsa/revoke-full
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/revoke-full
SPR-BE/openvpn/gw-ckubu/easy-rsa/sign-req
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/sign-req
SPR-BE/openvpn/gw-ckubu/easy-rsa/vars
+96
View File
@@ -0,0 +1,96 @@
# easy-rsa parameter settings
# NOTE: If you installed from an RPM,
# don't edit this file in place in
# /usr/share/openvpn/easy-rsa --
# instead, you should copy the whole
# easy-rsa directory to another location
# (such as /etc/openvpn) so that your
# edits will not be wiped out by a future
# OpenVPN package upgrade.
# This variable should point to
# the top level of the easy-rsa
# tree.
##export EASY_RSA="`pwd`"
export BASE_DIR="/etc/openvpn/gw-ckubu"
export EASY_RSA="$BASE_DIR/easy-rsa"
#
# This variable should point to
# the requested executables
#
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
# This variable should point to
# the openssl.cnf file included
# with easy-rsa.
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
# Edit this variable to point to
# your soon-to-be-created key
# directory.
#
# WARNING: clean-all will do
# a rm -rf on this directory
# so make sure you define
# it correctly!
##export KEY_DIR="$EASY_RSA/keys"
export KEY_DIR="$BASE_DIR/keys"
# Issue rm -rf warning
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
# PKCS11 fixes
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
# Increase this to 2048 if you
# are paranoid. This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
##export KEY_SIZE=2048
export KEY_SIZE=4096
# In how many days should the root CA key expire?
##export CA_EXPIRE=3650
export CA_EXPIRE=11688
# In how many days should certificates expire?
##export KEY_EXPIRE=3650
export KEY_EXPIRE=7305
# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
##export KEY_COUNTRY="US"
export KEY_COUNTRY="DE"
##export KEY_PROVINCE="CA"
export KEY_PROVINCE="Berlin"
##export KEY_CITY="SanFrancisco"
export KEY_CITY="Berlin"
##export KEY_ORG="Fort-Funston"
export KEY_ORG="o.open"
##export KEY_EMAIL="me@myhost.mydomain"
export KEY_EMAIL="argus@oopen.de"
##export KEY_OU="MyOrganizationalUnit"
export KEY_OU="Network Services"
# X509 Subject Field
##export KEY_NAME="EasyRSA"
export KEY_NAME="VPN SPR"
# PKCS11 Smart Card
# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
# export PKCS11_PIN=1234
# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
## export KEY_CN="CommonName"
export KEY_CN="VPN-SPR"
export KEY_ALTNAMES="VPN-SPR"
SPR-BE/openvpn/gw-ckubu/easy-rsa/vars.2018-03-18-1452
+80
View File
@@ -0,0 +1,80 @@
# easy-rsa parameter settings
# NOTE: If you installed from an RPM,
# don't edit this file in place in
# /usr/share/openvpn/easy-rsa --
# instead, you should copy the whole
# easy-rsa directory to another location
# (such as /etc/openvpn) so that your
# edits will not be wiped out by a future
# OpenVPN package upgrade.
# This variable should point to
# the top level of the easy-rsa
# tree.
export EASY_RSA="`pwd`"
#
# This variable should point to
# the requested executables
#
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
# This variable should point to
# the openssl.cnf file included
# with easy-rsa.
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
# Edit this variable to point to
# your soon-to-be-created key
# directory.
#
# WARNING: clean-all will do
# a rm -rf on this directory
# so make sure you define
# it correctly!
export KEY_DIR="$EASY_RSA/keys"
# Issue rm -rf warning
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
# PKCS11 fixes
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
# Increase this to 2048 if you
# are paranoid. This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
export KEY_SIZE=2048
# In how many days should the root CA key expire?
export CA_EXPIRE=3650
# In how many days should certificates expire?
export KEY_EXPIRE=3650
# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="SanFrancisco"
export KEY_ORG="Fort-Funston"
export KEY_EMAIL="me@myhost.mydomain"
export KEY_OU="MyOrganizationalUnit"
# X509 Subject Field
export KEY_NAME="EasyRSA"
# PKCS11 Smart Card
# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
# export PKCS11_PIN=1234
# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
# export KEY_CN="CommonName"
SPR-BE/openvpn/gw-ckubu/easy-rsa/whichopensslcnf
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/whichopensslcnf
SPR-BE/openvpn/gw-ckubu/ipp.txt
View File
SPR-BE/openvpn/gw-ckubu/keys-created.txt
+4
View File
@@ -0,0 +1,4 @@
key...............: gw-ckubu.key
common name.......: VPN-SPR-gw-ckubu
password..........: uoziengeeyiephu5voh7eothu1Aex8ar
SPR-BE/openvpn/gw-ckubu/keys/01.pem
+141
View File
@@ -0,0 +1,141 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
Validity
Not Before: Mar 18 15:59:51 2018 GMT
Not After : Mar 18 15:59:51 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR-server/name=VPN SPR/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:a3:49:18:ae:69:4f:5c:4a:34:b1:85:9a:4d:a5:
ce:f6:2d:b5:6a:9e:40:27:02:3b:57:e0:75:ee:1c:
fd:eb:20:56:eb:ed:24:f1:57:a5:cb:ad:0d:09:af:
15:f3:9d:a4:67:8d:e5:a8:67:d5:1b:b8:36:f6:e6:
9c:d3:e8:29:08:d6:8f:a3:5e:e1:e5:30:eb:07:bc:
03:c2:95:a4:93:cc:19:86:c1:89:fb:9d:f5:38:9b:
10:01:6b:74:d2:20:8e:4a:65:34:17:1a:85:39:d4:
35:2b:04:f3:37:4f:f5:93:12:06:fa:c5:04:c3:73:
30:30:1f:33:69:86:bc:60:cf:fb:38:ae:6f:8a:21:
0e:76:35:7e:ba:0d:ad:ae:4c:6b:d0:cf:3b:73:a9:
1e:58:cf:ce:bf:45:8c:52:75:ee:da:a3:f4:6c:24:
8b:bd:b6:f2:db:59:fe:b7:7b:ef:8e:b8:30:ad:67:
dc:bf:3d:ca:d6:e4:b3:86:bc:60:fc:f9:a5:ba:5a:
0c:9d:c9:72:ec:ab:73:6d:2b:f5:9b:f0:a6:a5:c2:
31:6c:5c:a6:54:47:1e:65:73:2b:47:80:bc:27:29:
28:be:45:12:77:5c:44:51:cc:91:55:d3:36:5d:dd:
f1:01:18:68:c5:08:de:ee:06:9b:0c:d3:a7:94:c7:
99:75:c2:bb:f8:2e:19:46:db:d8:13:70:7d:a1:96:
6e:21:8b:32:1b:d6:8d:74:4b:a9:1d:43:53:d2:11:
3b:d9:63:b0:6a:ac:a8:e2:70:15:62:aa:c2:15:d2:
1e:df:34:1e:45:3a:30:b7:54:1a:25:2f:73:c0:d8:
1a:6d:8f:80:aa:7e:86:1a:84:e3:0a:c0:89:61:3f:
fd:bd:19:40:b3:cb:de:2d:aa:97:af:dd:cd:a2:28:
33:17:ae:50:bb:2b:00:d1:01:8a:25:32:56:d8:09:
fd:58:22:fe:33:a1:f3:b5:16:cc:59:ca:d8:d3:8e:
dc:62:13:25:05:c6:6a:02:fb:82:83:35:7b:e4:33:
84:71:18:fa:bb:6e:48:3f:ec:be:72:a2:dd:38:bd:
7a:69:89:28:6c:46:79:bf:34:30:39:5a:9f:a7:e3:
9d:15:73:29:f3:24:f0:84:51:27:38:8a:20:5d:cd:
d6:47:e8:2e:7c:6c:e1:8c:10:29:0a:79:96:24:fa:
94:29:a1:6f:dc:d8:94:fd:d6:f7:62:24:6d:a5:cc:
42:89:94:ee:8c:c4:19:31:0a:49:9d:e2:87:0a:29:
cc:f0:b1:ab:8f:d8:11:71:46:de:2c:d3:a7:5b:2e:
5c:f7:54:92:97:f8:1f:7b:42:23:b9:1e:47:0d:57:
2a:24:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Netscape Comment:
Easy-RSA Generated Server Certificate
X509v3 Subject Key Identifier:
BD:B0:0D:2A:D9:8E:FF:E1:91:B4:A5:26:9C:C4:D3:E8:44:B2:BB:D5
X509v3 Authority Key Identifier:
keyid:71:DD:B2:44:84:DE:FF:91:25:C8:97:E1:91:0E:58:3E:52:25:9F:AA
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
serial:CC:E1:89:CD:8C:F7:3F:7A
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
DNS:server
Signature Algorithm: sha256WithRSAEncryption
5a:36:4b:aa:dc:7c:3a:1d:93:f5:e3:d3:b4:cd:45:e9:ff:64:
9a:61:36:57:06:91:e7:39:24:cf:3c:4d:4a:3a:48:97:49:dc:
90:96:d4:4b:0c:35:a2:88:01:47:f6:a0:5a:74:71:cb:7d:08:
60:2f:4e:ba:de:99:20:e1:8e:75:d1:f6:96:69:9f:53:ed:e6:
7a:31:4a:e2:2a:10:10:94:1b:61:ac:e7:ee:f9:6a:37:ff:80:
49:12:35:f8:65:3e:1e:7d:9f:8a:31:cf:0b:31:cb:a2:37:d3:
7d:1c:41:cd:c9:0c:34:da:bf:5a:d5:52:da:6d:71:fa:37:10:
f1:73:02:5e:0d:01:34:ab:fb:88:5f:ea:ee:9e:e0:1a:e5:58:
e1:b7:f2:a6:01:62:bc:80:2c:42:c0:7a:b9:1d:9e:00:0a:bd:
87:d6:e4:a5:19:ba:65:c5:24:ba:e5:b7:a5:81:3d:34:b2:20:
1c:29:93:98:02:7f:1c:49:53:eb:c9:ef:73:35:cf:31:61:f8:
34:1f:cb:76:58:22:fe:4b:ab:93:b3:83:71:93:1a:5d:78:66:
29:3f:f4:f6:d5:4b:d5:ff:ff:f4:83:2d:f3:73:c3:d9:33:f2:
af:97:4f:f2:f3:f7:54:80:32:30:5b:b3:db:cb:a9:23:e0:df:
e1:d6:bd:db:3a:36:55:52:19:e7:1e:6e:72:0c:25:43:31:c3:
b5:01:27:af:72:85:e9:ab:ce:5a:62:8b:c0:73:be:67:52:56:
a2:6c:04:74:66:46:ab:fb:03:d3:3a:89:e9:7c:8a:0b:e5:d1:
01:52:00:41:f1:aa:fe:48:8b:ab:af:e1:4b:40:16:2e:f0:3e:
50:cb:6d:d9:bb:95:1f:f3:56:17:6e:67:aa:00:bd:da:9b:2c:
8c:b5:dc:3c:41:0d:87:7b:05:5a:6f:a5:a2:d2:cf:bb:a0:7e:
d5:aa:d1:cc:d8:57:9a:81:cb:ef:7f:ad:76:95:eb:65:6f:c0:
2e:21:61:fa:9c:6a:ee:f3:f9:d3:7a:9c:e1:5a:37:83:1d:61:
85:01:70:26:54:29:bf:52:50:7c:ff:5c:24:94:0a:5e:f5:37:
a8:36:2a:83:c8:d1:1a:ae:bb:19:b3:1b:a1:68:14:ef:33:a5:
7a:d1:b7:ff:74:d5:69:08:91:f7:f2:d6:e1:12:c2:17:70:e2:
13:f8:17:92:31:19:46:35:a9:13:79:f9:cf:2a:b9:8b:7a:2b:
b4:76:d0:0f:3b:75:0c:99:99:a7:dd:26:f1:da:82:7b:f7:d7:
67:8c:cc:c8:16:63:c9:c2:23:47:71:a1:cd:34:88:a9:8a:fa:
59:f3:1f:08:ab:e1:33:a6
-----BEGIN CERTIFICATE-----
MIIHRDCCBSygAwIBAgIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1TUFIx
EDAOBgNVBCkTB1ZQTiBTUFIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
MB4XDTE4MDMxODE1NTk1MVoXDTM4MDMxODE1NTk1MVowgaUxCzAJBgNVBAYTAkRF
MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRcwFQYDVQQDEw5WUE4tU1BS
LXNlcnZlcjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCjSRiuaU9c
SjSxhZpNpc72LbVqnkAnAjtX4HXuHP3rIFbr7STxV6XLrQ0JrxXznaRnjeWoZ9Ub
uDb25pzT6CkI1o+jXuHlMOsHvAPClaSTzBmGwYn7nfU4mxABa3TSII5KZTQXGoU5
1DUrBPM3T/WTEgb6xQTDczAwHzNphrxgz/s4rm+KIQ52NX66Da2uTGvQzztzqR5Y
z86/RYxSde7ao/RsJIu9tvLbWf63e++OuDCtZ9y/PcrW5LOGvGD8+aW6WgydyXLs
q3NtK/Wb8KalwjFsXKZURx5lcytHgLwnKSi+RRJ3XERRzJFV0zZd3fEBGGjFCN7u
BpsM06eUx5l1wrv4LhlG29gTcH2hlm4hizIb1o10S6kdQ1PSETvZY7BqrKjicBVi
qsIV0h7fNB5FOjC3VBolL3PA2Bptj4CqfoYahOMKwIlhP/29GUCzy94tqpev3c2i
KDMXrlC7KwDRAYolMlbYCf1YIv4zofO1FsxZytjTjtxiEyUFxmoC+4KDNXvkM4Rx
GPq7bkg/7L5yot04vXppiShsRnm/NDA5Wp+n450VcynzJPCEUSc4iiBdzdZH6C58
bOGMECkKeZYk+pQpoW/c2JT91vdiJG2lzEKJlO6MxBkxCkmd4ocKKczwsauP2BFx
Rt4s06dbLlz3VJKX+B97QiO5HkcNVyokuwIDAQABo4IBgjCCAX4wCQYDVR0TBAIw
ADARBglghkgBhvhCAQEEBAMCBkAwNAYJYIZIAYb4QgENBCcWJUVhc3ktUlNBIEdl
bmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFL2wDSrZjv/hkbSl
JpzE0+hEsrvVMIHTBgNVHSMEgcswgciAFHHdskSE3v+RJciX4ZEOWD5SJZ+qoYGk
pIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
ZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
czEQMA4GA1UEAxMHVlBOLVNQUjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3
DQEJARYOYXJndXNAb29wZW4uZGWCCQDM4YnNjPc/ejATBgNVHSUEDDAKBggrBgEF
BQcDATALBgNVHQ8EBAMCBaAwEQYDVR0RBAowCIIGc2VydmVyMA0GCSqGSIb3DQEB
CwUAA4ICAQBaNkuq3Hw6HZP149O0zUXp/2SaYTZXBpHnOSTPPE1KOkiXSdyQltRL
DDWiiAFH9qBadHHLfQhgL0663pkg4Y510faWaZ9T7eZ6MUriKhAQlBthrOfu+Wo3
/4BJEjX4ZT4efZ+KMc8LMcuiN9N9HEHNyQw02r9a1VLabXH6NxDxcwJeDQE0q/uI
X+runuAa5Vjht/KmAWK8gCxCwHq5HZ4ACr2H1uSlGbplxSS65belgT00siAcKZOY
An8cSVPrye9zNc8xYfg0H8t2WCL+S6uTs4NxkxpdeGYpP/T21UvV///0gy3zc8PZ
M/Kvl0/y8/dUgDIwW7Pby6kj4N/h1r3bOjZVUhnnHm5yDCVDMcO1ASevcoXpq85a
YovAc75nUlaibAR0Zkar+wPTOonpfIoL5dEBUgBB8ar+SIurr+FLQBYu8D5Qy23Z
u5Uf81YXbmeqAL3amyyMtdw8QQ2HewVab6Wi0s+7oH7VqtHM2Feagcvvf612letl
b8AuIWH6nGru8/nTepzhWjeDHWGFAXAmVCm/UlB8/1wklApe9TeoNiqDyNEarrsZ
sxuhaBTvM6V60bf/dNVpCJH38tbhEsIXcOIT+BeSMRlGNakTefnPKrmLeiu0dtAP
O3UMmZmn3Sbx2oJ799dnjMzIFmPJwiNHcaHNNIipivpZ8x8Iq+Ezpg==
-----END CERTIFICATE-----
SPR-BE/openvpn/gw-ckubu/keys/02.pem
+139
View File
@@ -0,0 +1,139 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
Validity
Not Before: Mar 18 22:13:06 2018 GMT
Not After : Mar 18 22:13:06 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR-gw-ckubu/name=VPN SPR/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:d9:a8:c0:d0:da:7f:53:f3:f8:00:92:ff:0f:03:
cd:48:91:22:ee:e2:eb:27:ed:79:e5:81:9d:54:e1:
e2:91:74:c2:69:9b:21:5e:ac:ab:b9:c5:5c:77:9f:
20:d6:18:8e:ef:ec:cd:4e:43:8e:a9:b5:ef:9d:18:
50:f2:95:98:98:bb:73:e0:8d:2a:44:2d:da:43:5a:
f3:4a:8f:10:d6:99:e7:44:ee:40:05:a3:1e:02:20:
54:2d:48:3e:99:23:93:ff:b6:74:89:38:ad:52:8f:
c0:2d:01:da:aa:25:bc:7f:25:8f:55:57:82:de:a2:
79:15:3a:0b:02:c2:b8:1e:49:b6:f2:9b:38:4c:f4:
c0:24:b6:b0:22:8f:b1:cc:f4:47:ef:fd:8d:ff:bd:
0c:00:7a:0a:bd:6d:e0:c9:1a:c0:9e:e1:de:69:f5:
ec:dd:ed:99:f0:d4:ab:21:ab:de:17:fc:9e:f2:60:
30:50:53:26:c4:4b:29:c8:1d:34:47:c3:50:66:13:
d5:c2:79:f2:ba:8d:94:18:ec:b3:1d:b8:4f:62:af:
fd:5e:f6:b6:f8:2f:d1:8f:3c:8c:34:0b:24:80:0e:
fe:cc:2a:59:c6:1a:a8:a1:d0:02:fb:e6:83:7c:d8:
7e:b8:b5:d1:5f:4c:b0:4c:4a:b3:07:c4:bc:62:e0:
97:2f:b7:12:43:21:3e:e1:14:f4:9a:a2:f9:ce:66:
e1:ac:0a:1b:1e:96:c3:46:20:24:99:21:80:7c:3e:
0f:cf:fb:fc:48:e2:69:73:36:b1:5c:12:5a:28:d2:
b5:84:66:7f:f2:e6:62:54:b6:4e:cd:fc:30:70:02:
d1:68:d3:77:68:fc:88:e0:75:6b:87:63:0e:fd:a3:
19:2b:f4:8a:ad:f3:a6:fe:b7:23:41:42:0e:a5:6a:
4d:68:73:24:69:0c:b1:4a:30:93:80:32:5a:b9:ca:
36:c3:1f:0b:86:47:1b:67:3c:0d:38:40:02:e2:96:
fc:e3:ae:fa:16:a6:18:09:14:b8:d0:ba:49:83:21:
19:9b:ac:fd:5a:0f:26:e7:45:e6:fa:7e:e4:09:2d:
84:0a:3f:37:9c:0f:c4:89:bf:9d:62:57:57:c3:6b:
f4:27:76:e1:32:1b:ed:37:97:e8:44:96:0a:46:4c:
b3:f3:b7:d4:15:b1:25:9f:77:9f:93:ef:ea:e1:0f:
94:1a:75:6e:1e:68:8f:af:45:da:f5:66:f6:46:a5:
f1:89:a9:3b:c8:e4:bb:0c:ee:c0:98:2c:ed:fd:f4:
d1:a8:86:f8:92:45:f8:fc:fa:f3:0f:f9:07:5e:f4:
a6:0b:ae:c9:bc:aa:f1:44:0d:24:98:58:33:2a:3d:
2f:d9:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
13:52:C6:BA:47:03:D1:DF:AE:FB:87:8E:FB:8A:66:74:D7:91:D3:76
X509v3 Authority Key Identifier:
keyid:71:DD:B2:44:84:DE:FF:91:25:C8:97:E1:91:0E:58:3E:52:25:9F:AA
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
serial:CC:E1:89:CD:8C:F7:3F:7A
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:gw-ckubu
Signature Algorithm: sha256WithRSAEncryption
40:c6:2a:2c:27:c7:69:e5:54:1e:15:a4:af:87:e1:f1:3a:29:
82:e3:a8:60:a9:64:b9:62:47:15:c3:d9:5f:f3:2f:05:ed:eb:
78:58:18:c3:d4:c5:49:aa:ab:e9:e7:40:02:33:6d:17:8e:7f:
8f:f7:6a:fc:2e:6a:83:1c:87:c3:c6:99:b4:dd:a1:98:9c:e5:
0c:6e:d0:5c:0d:ed:fd:b8:79:e9:98:b8:4b:42:f1:1e:a3:ac:
b5:47:7d:fb:82:98:d5:fe:9f:de:13:f4:5c:3c:76:1e:59:e0:
16:3d:5b:72:47:af:ad:b2:e4:29:11:13:4d:d5:4d:68:22:bb:
89:d1:96:e9:27:c3:22:45:60:57:23:f2:9f:21:ea:4b:7d:a8:
8a:12:a5:c6:8e:4d:fc:ab:85:45:20:c6:ee:27:8c:40:82:c3:
b6:63:65:b2:ef:69:6a:b8:93:94:9e:6b:dc:c1:2f:fe:69:f6:
98:49:56:f8:26:64:17:e2:a0:c5:ca:6d:8a:e0:f4:c5:2e:9d:
6c:4c:0c:9d:be:0d:17:4b:bd:5e:f0:5b:00:72:1e:b3:21:7d:
b6:7b:d4:a3:c0:78:91:7c:32:c5:d1:e9:61:da:1d:3c:dc:92:
a3:a1:d2:5f:0e:e4:13:f3:53:4e:c8:27:18:4a:87:61:c8:da:
3a:1a:65:f1:1f:e5:d7:fd:f4:04:6d:1f:bc:94:8b:da:9b:db:
f3:a0:a9:47:b6:b8:5f:d9:e8:c0:d4:ba:e8:a9:a0:af:79:3c:
00:9f:f3:2b:c6:18:4a:6b:ce:a0:04:ba:ca:12:92:f5:c9:02:
44:c7:05:a8:cd:3d:97:f7:33:dd:3d:5a:ac:b4:0b:ca:d1:54:
2d:3a:fb:2f:40:4f:54:e8:6d:ad:f2:4d:bd:b0:50:43:85:43:
8b:f0:24:af:88:c2:2d:dd:d7:ac:da:ea:fc:d9:02:b1:20:a6:
28:f6:99:ee:51:55:b9:70:56:84:83:96:a6:d3:4c:a3:7f:a1:
b4:ce:9b:75:6b:da:d0:57:d4:d0:9d:55:a4:2e:c3:05:93:70:
09:a3:ce:e3:1d:f9:b9:6e:10:e3:a7:94:17:c0:4e:e2:dd:9d:
17:60:64:00:34:2d:bb:50:03:13:9c:a5:d5:2c:c5:1e:8a:c7:
25:c5:aa:5a:3b:c0:f7:9f:c7:b1:89:29:e4:da:02:dd:14:e7:
42:70:ef:a8:13:03:0c:53:81:d8:32:06:ea:25:f7:df:29:66:
17:b2:b8:56:af:8c:7f:4a:99:66:3f:ab:53:7e:5b:23:ad:3e:
01:77:d1:58:db:a4:33:5f:19:71:fc:cc:58:79:e8:bc:85:b4:
1c:5d:a6:3b:95:49:41:23
-----BEGIN CERTIFICATE-----
MIIHLjCCBRagAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1TUFIx
EDAOBgNVBCkTB1ZQTiBTUFIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
MB4XDTE4MDMxODIyMTMwNloXDTM4MDMxODIyMTMwNlowgacxCzAJBgNVBAYTAkRF
MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tU1BS
LWd3LWNrdWJ1MRAwDgYDVQQpEwdWUE4gU1BSMR0wGwYJKoZIhvcNAQkBFg5hcmd1
c0Bvb3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANmowNDa
f1Pz+ACS/w8DzUiRIu7i6yfteeWBnVTh4pF0wmmbIV6sq7nFXHefINYYju/szU5D
jqm1750YUPKVmJi7c+CNKkQt2kNa80qPENaZ50TuQAWjHgIgVC1IPpkjk/+2dIk4
rVKPwC0B2qolvH8lj1VXgt6ieRU6CwLCuB5JtvKbOEz0wCS2sCKPscz0R+/9jf+9
DAB6Cr1t4MkawJ7h3mn17N3tmfDUqyGr3hf8nvJgMFBTJsRLKcgdNEfDUGYT1cJ5
8rqNlBjssx24T2Kv/V72tvgv0Y88jDQLJIAO/swqWcYaqKHQAvvmg3zYfri10V9M
sExKswfEvGLgly+3EkMhPuEU9Jqi+c5m4awKGx6Ww0YgJJkhgHw+D8/7/EjiaXM2
sVwSWijStYRmf/LmYlS2Ts38MHAC0WjTd2j8iOB1a4djDv2jGSv0iq3zpv63I0FC
DqVqTWhzJGkMsUowk4AyWrnKNsMfC4ZHG2c8DThAAuKW/OOu+hamGAkUuNC6SYMh
GZus/VoPJudF5vp+5AkthAo/N5wPxIm/nWJXV8Nr9Cd24TIb7TeX6ESWCkZMs/O3
1BWxJZ93n5Pv6uEPlBp1bh5oj69F2vVm9kal8YmpO8jkuwzuwJgs7f300aiG+JJF
+Pz68w/5B170pguuybyq8UQNJJhYMyo9L9nBAgMBAAGjggFqMIIBZjAJBgNVHRME
AjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNh
dGUwHQYDVR0OBBYEFBNSxrpHA9HfrvuHjvuKZnTXkdN2MIHTBgNVHSMEgcswgciA
FHHdskSE3v+RJciX4ZEOWD5SJZ+qoYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0G
A1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZ
MBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLVNQUjEQMA4G
A1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDM
4YnNjPc/ejATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0R
BAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBAEDGKiwnx2nlVB4VpK+H
4fE6KYLjqGCpZLliRxXD2V/zLwXt63hYGMPUxUmqq+nnQAIzbReOf4/3avwuaoMc
h8PGmbTdoZic5Qxu0FwN7f24eemYuEtC8R6jrLVHffuCmNX+n94T9Fw8dh5Z4BY9
W3JHr62y5CkRE03VTWgiu4nRluknwyJFYFcj8p8h6kt9qIoSpcaOTfyrhUUgxu4n
jECCw7ZjZbLvaWq4k5Sea9zBL/5p9phJVvgmZBfioMXKbYrg9MUunWxMDJ2+DRdL
vV7wWwByHrMhfbZ71KPAeJF8MsXR6WHaHTzckqOh0l8O5BPzU07IJxhKh2HI2joa
ZfEf5df99ARtH7yUi9qb2/OgqUe2uF/Z6MDUuuipoK95PACf8yvGGEprzqAEusoS
kvXJAkTHBajNPZf3M909Wqy0C8rRVC06+y9AT1Toba3yTb2wUEOFQ4vwJK+Iwi3d
16za6vzZArEgpij2me5RVblwVoSDlqbTTKN/obTOm3Vr2tBX1NCdVaQuwwWTcAmj
zuMd+bluEOOnlBfATuLdnRdgZAA0LbtQAxOcpdUsxR6KxyXFqlo7wPefx7GJKeTa
At0U50Jw76gTAwxTgdgyBuol998pZheyuFavjH9KmWY/q1N+WyOtPgF30VjbpDNf
GXH8zFh56LyFtBxdpjuVSUEj
-----END CERTIFICATE-----
SPR-BE/openvpn/gw-ckubu/keys/ca.crt
+39
View File
@@ -0,0 +1,39 @@
-----BEGIN CERTIFICATE-----
MIIGzDCCBLSgAwIBAgIJAMzhic2M9z96MA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMH
VlBOLVNQUjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwIBcNMTgwMzE4MTM1NDAzWhgPMjA1MDAzMTgxMzU0MDNaMIGeMQsw
CQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzAN
BgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UE
AxMHVlBOLVNQUjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJn
dXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDU3Y3K
UW+th51pqc+MttFyQNVQ+TwGUFptpoES5KIDqXifbqQfTLNUch1us+C0e6qt6B/t
ZSotqwAqBgA9bT4ws02sMP2U7U0+sn+rxvb9H/6Q0H4KixfsyTTxqrstEphEE2aF
eC9L3Z4QlJuafsuUWIxT9LW1KnaPV5CIDz/cJZIO/Xc7/TRyiO0ylgf6+br2zAFH
Rm8Tnr1TDUm2ftB0ukG2wsmGhd/+lXPBrXWwC83NBYjFi0o9OZZmAUekyNWUTHQY
UJ1fLJAPLdpoVuxbV0BK6HQdpRvj4KyMBt/kEcGMXSLuAr1/848wI1EI8AuFyaZV
RQdnS6yHxZ4+Mi8YSdXEj+nb/SwBGxz9kmmVUQCTlPm/B4Y5I+3ivS9PxihpSwHo
zJkr8tr+xwfnFXSXB3wPdYu9rD8KmY3/uDYy9iWLg0/xW6keL4luDCVNjltMjc0x
03MOpv9cjN2eBwGyU2dHyyfDPSqSsQi9FZeWmgCzwJ0rL4WywDRc5paXbaWtzdqQ
98gVox7lFbmQIE5VoFc4VTKEIY9D/cLdmZpWzPHOn3vPEc5eAFKb5qZv2IlN420Q
CSCFJAb5orrIj9ALAIvFXfvTv5o7G+ZEvk4eMP39nK1ZXc6/cL7/IapPfy3/vUs0
tEph6pRHP39bcH9pxVAA7WkTS5ZEUshA7NrUEwIDAQABo4IBBzCCAQMwHQYDVR0O
BBYEFHHdskSE3v+RJciX4ZEOWD5SJZ+qMIHTBgNVHSMEgcswgciAFHHdskSE3v+R
JciX4ZEOWD5SJZ+qoYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
TmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLVNQUjEQMA4GA1UEKRMHVlBO
IFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDM4YnNjPc/ejAM
BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQB1cA8o2Fo78xQ8jRdyfbvK
GFH8+SMoOh/8qxj9prk0kLYAro5QnzEBmftHhf3sXevEAUWpr77VL1FxhTXgKUp2
S06S/meC24M/KclxM+W/7AuG9yrJuW122l61OuWUcDWA24oj0KG896Mbw13ieeWS
7XmC1YU5Lix3wiWnjD7QZ+E4dg09z722+zwUi1UwRekzJZmB8pTHHmbX4Yig/K27
STnxQEiVZzlzcvjY6QvC3Sj/aA3YCSNl0bsSwH6GwXXJZ3BEKmm6w+ZRQMTz7+72
q0ybGf43XH4sj2OBm1YvCD8LehygPy2uJYlDxG8zRq2kxYxiWLbncs1x9Acusd7l
Te+k8YArRTqsWLN5Q47sGO4H1clz4ay80TTuz4Vc6JQ3banHDmMFV2nMsR2YtKX6
lKD3lXvMU04ZvZe2SolP1uTto3Jw3cNarigj/nHjn5s16uvy6Q3x4TyVUqyAOqrG
cuGrbYAEqtVnMrrovGZTj73HSwAx2PD+3jJKZH+suwBIijNL90wbkNlsNHlNcQeQ
zQAlYRBdCYWFU+7d86kUWYYrActGZc2MJmBZzZ/Tt7YoOIw6NMnWcpMMTUV+zToP
WWrD5OMDc7EX9BmMg7uif46UF6ol2puGXpQIF/yVRbFk1IiPwhc1ZyCuh+1ugh5+
CZSTeKgLDVjfXlqH1ErAvQ==
-----END CERTIFICATE-----
SPR-BE/openvpn/gw-ckubu/keys/ca.key
+52
View File
@@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDU3Y3KUW+th51p
qc+MttFyQNVQ+TwGUFptpoES5KIDqXifbqQfTLNUch1us+C0e6qt6B/tZSotqwAq
BgA9bT4ws02sMP2U7U0+sn+rxvb9H/6Q0H4KixfsyTTxqrstEphEE2aFeC9L3Z4Q
lJuafsuUWIxT9LW1KnaPV5CIDz/cJZIO/Xc7/TRyiO0ylgf6+br2zAFHRm8Tnr1T
DUm2ftB0ukG2wsmGhd/+lXPBrXWwC83NBYjFi0o9OZZmAUekyNWUTHQYUJ1fLJAP
LdpoVuxbV0BK6HQdpRvj4KyMBt/kEcGMXSLuAr1/848wI1EI8AuFyaZVRQdnS6yH
xZ4+Mi8YSdXEj+nb/SwBGxz9kmmVUQCTlPm/B4Y5I+3ivS9PxihpSwHozJkr8tr+
xwfnFXSXB3wPdYu9rD8KmY3/uDYy9iWLg0/xW6keL4luDCVNjltMjc0x03MOpv9c
jN2eBwGyU2dHyyfDPSqSsQi9FZeWmgCzwJ0rL4WywDRc5paXbaWtzdqQ98gVox7l
FbmQIE5VoFc4VTKEIY9D/cLdmZpWzPHOn3vPEc5eAFKb5qZv2IlN420QCSCFJAb5
orrIj9ALAIvFXfvTv5o7G+ZEvk4eMP39nK1ZXc6/cL7/IapPfy3/vUs0tEph6pRH
P39bcH9pxVAA7WkTS5ZEUshA7NrUEwIDAQABAoICAGlmxyXOCzFuvFgsuFOh1rXv
OnEc6EbsFMrErpbvVPXhPZQcUfIZpZaD5uUA9pwHvCzeiqie9jKkwLEORaIk7K1q
q2Q+4eGTWzNXaXZiT7xo0kFcq3yHATLDMo8Tjhk0YucagCJIr4quUu082Iu4iw+K
hPmxayQowYoavrtQabuVcuwvP5IZv5WTDXiF56+zZot72oozax7Y9EAijURrKMcT
zyQy8VzF/3LtB+N4A5VHUwFY4y+F2B3W3QznR1VmCLOk47uCd1pAE5kgiEwv9lsI
KhKtZYmkTtoYTvgLE2O4ExFwsLIP80tfC6C3bBGz4tC9V7pTMuZIB0c3aDK94KkL
geojeQg/D81yRzrIImcQDW+6asJJBdV6fdjeWW7oMG6pvweg5xKG53dUgqrcC4yz
EC4mMO4MF4oTUnOv2yYnQOA2GIy7myf87rFKonqB6vzlA7KoE7aOvX3ZTiuydBZ+
StIZ6aJIK7IINa/4QE1TZBLG51GO+u8SE8BMlm96HB//TVp+AmgtrXlqlbREfYHk
CgUB4aIYsvtcfBoy/T0tWREByIFBTDZMO68Ifcaspvys62y1H879BmKTGiq9XCX/
PPQduHUBzcS1wUmnRerSOyvhqqsOvJMEXjbQAJP2J8mBWd8TLaQWtftFb7Y4XXjt
lTsjK5+a+Vux+bugK4rZAoIBAQD5Mvwd9ETTGrW33Gss2u5GswzFIWQymjYHaXlJ
j9YgqmUMRnClBFRCODmBONjw5A866/adXi5N8ZZAxCQUOnrCLJ0TdMb5JnhcH//G
dPHO2iiZV+JUsZbOaxD9m2SPogStqSGVt9i1CRyVC/SWGAxgKdHB52kEfDp/PhOH
dY5iH+kPaPvQd7DSrIjuY9vqlavDAMZ4Wf/Pigeh1/j1LvALZoqb0fAj/qD81U9W
+4BnPBQz/fMhOTu/z+lUC5T4l2WT5zmQ89knkSeUOboCjQ9Int9FH8DFGXY0YKmC
5y9HBt1xypWesnqGCCESiU8lWXvM5T3V6zXyOHpF/72+p/e9AoIBAQDarLnG24Ef
SoIQgEgOuTwajsjducGl/YuHtz6fKLD1OtAbQDYmQCUSUraJXFtYVe0sZa1dQPj3
yGJ0whJW1Po8tIAIfacjJ/gQ6F4xNhqxmbcxGEvMDCWFyyxKOTcmY4tT/Q00Cv4z
Oz+RGWD1Mnw90fFs+KLe7gAfbZgXZ/CDriSEyBPGLARZYCrpQ74FogUGAVcAhZb9
l/2vxaMBr4EVkuIrpd7yP8tWEdnta4ACeW6CcX2KIAGi12o6Z35RO4nfo3BZszUy
pnA4Lau2TmzSqV3/hn2M6tJP9mXaiF7HnvGw2t+/o5nTv2clBm2L2MZOEpNANS3J
YUVVb5W+XZAPAoIBAQCgZb+/bAWMt6l1YaueYIB0AzVaAUckBvx1wt7tiWZy+ho2
T3Sb0nCFevkQgs2oJ7Lh4xWGbyNwyepDX7w1RPrU1rB34Hdd0PQxn+sbCxTFZsgx
A09L4k7GKEX0ZrvQc6F9Qdq7Km2TAP1jtiFFJs94ahJ4M4H2ABwK4KLjUrhF0nJJ
l/JVWWT4BVPR1XasxI+c4Xfd6VftdtO4yXGWJxMc03CuIO/nyzJF6uq5ewJH8HS0
jmWa4eLicGmnzhih9ZjNHUyBT2Nbw2NtVcazc6X9wTzGmkyS0POzfPA+sJ1Oo02P
u6yYTBrvAHaBHt5RlQpJdNhbQ50iflW9joHMIQMlAoIBAQDU/ucZjhcQPoe/wOPv
C3hCug9nARdhMjylXdSuPHlY9Adec8YKrfIuDcjktMP4oAGbfBJIQg//cfyMk7g/
QcXYOUx4eMPC15ymA2Az+Oo5UWuBc5Po1W/7CTJDvcU9LDq6/UHODmMZzb0V/S1W
x+0CXisVpH0oPZR7CEnbio9YA9hoSWYRYjB+SdCiUyyU2gKgnc97n6O5sUEV46Dp
9GP8eoy4TSGCvqa1WD/4JPyT7Gm6vwaz8ocFcWN0Lfh48VBTOCQoCwlnI30tCzc1
JOCUtQns6bgC+XsPDgaZvLjtIaFzTU4hoR4lhUrXYpJzZBuMUkWBhgrqG0fodv7Z
ZNL7AoIBAFiZkq/ccCajhfGw/3XJaGsT9n+X5IZFr4HwK8ucZhVsBidrV7MVT/iU
gzmicc0vj3gktvUJt4WpwYxkneriS0Pxlf9yPny499TczgVgkqxaLVdFTUNPE4zv
MIhvqgtyaSBo1sG9zP01hk7sdUroSnn28TOAPnLXCPgRvdK5q78NflsztokHMGnf
48RE4kEs8x+1u1xHOOe1SwXSeGjQ2HCiEtHjcHuCkeyIMuc3g7ihHAkflKx3jdRd
KbQNVAvuMy+9lUzUXgXWbbk3sU27WGP87pP5D+BlAEA2ZeJ+CmxV+jy+9MEVFVi0
liKWQWNz50yAIjjVr0jSOoWfnCLxXb4=
-----END PRIVATE KEY-----
SPR-BE/openvpn/gw-ckubu/keys/crl.pem
Symlink
+1
View File
@@ -0,0 +1 @@
../crl.pem
SPR-BE/openvpn/gw-ckubu/keys/dh4096.pem
+13
View File
@@ -0,0 +1,13 @@
-----BEGIN DH PARAMETERS-----
MIICCAKCAgEA8AcG6srQW5kZUMnDpQ3FlcyKqlJ4qL10h72+PfKfbXeKwg3a5n0v
kiUIFNSsPZ9Zei9mpEVvVAfy9y1WeewVzvTN+rp5W5gUfMDZHJLSMZt038iWeEhK
x2Regp3Bb+2suBrG53YfVmKLjxyrtb5lZc25YJWnholXMaf19dCl7B301vLKS5dA
RXhHqHWrzZ8Mr6Z1IijOZyOY9tK4zpACS/5qs+lPNam89WdTxdRfwNuxdyDWpWV2
NL5pIJ3D81gslw68bNqVVO2GGjIJlG33CxgvkyR8/WC5YyhkGhufQzyMxmFHeaVb
bsgF57LhjDCKz7HmmNnwhJJnfoeYis3BGHJsTO2tDh4bxJeyNqtqvAnh0DnK1KED
QExIcnCrx7UcaoeFZTtYfRzwPejfB3lhlXckvVHcKiDZvCotCJRXyYQJVQja5mYS
k8a4Qbxx07h94FeEXErHKsLcLqzKXa+RzX07+yzwgWsphWFtmeBroOUzVr+dCtK4
YLzYcZYq+LBMtl7d6NXXsFS1P5Rw5iu0G1o7CuiXeez6bsoj622gghhc23d727Nx
phmv74FINMjJsdraJShpwuYwbwVQCevfvE3FddDf/eR5WMqLx1EdpX3WT+udGQ3l
2oVss5bY7eMFtNnT1eX7G8C9iUSWC9kJEu5ERA8JS0x6eb3pcAy+lWsCAQI=
-----END DH PARAMETERS-----
SPR-BE/openvpn/gw-ckubu/keys/gw-ckubu.crt
+139
View File
@@ -0,0 +1,139 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
Validity
Not Before: Mar 18 22:13:06 2018 GMT
Not After : Mar 18 22:13:06 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR-gw-ckubu/name=VPN SPR/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:d9:a8:c0:d0:da:7f:53:f3:f8:00:92:ff:0f:03:
cd:48:91:22:ee:e2:eb:27:ed:79:e5:81:9d:54:e1:
e2:91:74:c2:69:9b:21:5e:ac:ab:b9:c5:5c:77:9f:
20:d6:18:8e:ef:ec:cd:4e:43:8e:a9:b5:ef:9d:18:
50:f2:95:98:98:bb:73:e0:8d:2a:44:2d:da:43:5a:
f3:4a:8f:10:d6:99:e7:44:ee:40:05:a3:1e:02:20:
54:2d:48:3e:99:23:93:ff:b6:74:89:38:ad:52:8f:
c0:2d:01:da:aa:25:bc:7f:25:8f:55:57:82:de:a2:
79:15:3a:0b:02:c2:b8:1e:49:b6:f2:9b:38:4c:f4:
c0:24:b6:b0:22:8f:b1:cc:f4:47:ef:fd:8d:ff:bd:
0c:00:7a:0a:bd:6d:e0:c9:1a:c0:9e:e1:de:69:f5:
ec:dd:ed:99:f0:d4:ab:21:ab:de:17:fc:9e:f2:60:
30:50:53:26:c4:4b:29:c8:1d:34:47:c3:50:66:13:
d5:c2:79:f2:ba:8d:94:18:ec:b3:1d:b8:4f:62:af:
fd:5e:f6:b6:f8:2f:d1:8f:3c:8c:34:0b:24:80:0e:
fe:cc:2a:59:c6:1a:a8:a1:d0:02:fb:e6:83:7c:d8:
7e:b8:b5:d1:5f:4c:b0:4c:4a:b3:07:c4:bc:62:e0:
97:2f:b7:12:43:21:3e:e1:14:f4:9a:a2:f9:ce:66:
e1:ac:0a:1b:1e:96:c3:46:20:24:99:21:80:7c:3e:
0f:cf:fb:fc:48:e2:69:73:36:b1:5c:12:5a:28:d2:
b5:84:66:7f:f2:e6:62:54:b6:4e:cd:fc:30:70:02:
d1:68:d3:77:68:fc:88:e0:75:6b:87:63:0e:fd:a3:
19:2b:f4:8a:ad:f3:a6:fe:b7:23:41:42:0e:a5:6a:
4d:68:73:24:69:0c:b1:4a:30:93:80:32:5a:b9:ca:
36:c3:1f:0b:86:47:1b:67:3c:0d:38:40:02:e2:96:
fc:e3:ae:fa:16:a6:18:09:14:b8:d0:ba:49:83:21:
19:9b:ac:fd:5a:0f:26:e7:45:e6:fa:7e:e4:09:2d:
84:0a:3f:37:9c:0f:c4:89:bf:9d:62:57:57:c3:6b:
f4:27:76:e1:32:1b:ed:37:97:e8:44:96:0a:46:4c:
b3:f3:b7:d4:15:b1:25:9f:77:9f:93:ef:ea:e1:0f:
94:1a:75:6e:1e:68:8f:af:45:da:f5:66:f6:46:a5:
f1:89:a9:3b:c8:e4:bb:0c:ee:c0:98:2c:ed:fd:f4:
d1:a8:86:f8:92:45:f8:fc:fa:f3:0f:f9:07:5e:f4:
a6:0b:ae:c9:bc:aa:f1:44:0d:24:98:58:33:2a:3d:
2f:d9:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
13:52:C6:BA:47:03:D1:DF:AE:FB:87:8E:FB:8A:66:74:D7:91:D3:76
X509v3 Authority Key Identifier:
keyid:71:DD:B2:44:84:DE:FF:91:25:C8:97:E1:91:0E:58:3E:52:25:9F:AA
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
serial:CC:E1:89:CD:8C:F7:3F:7A
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:gw-ckubu
Signature Algorithm: sha256WithRSAEncryption
40:c6:2a:2c:27:c7:69:e5:54:1e:15:a4:af:87:e1:f1:3a:29:
82:e3:a8:60:a9:64:b9:62:47:15:c3:d9:5f:f3:2f:05:ed:eb:
78:58:18:c3:d4:c5:49:aa:ab:e9:e7:40:02:33:6d:17:8e:7f:
8f:f7:6a:fc:2e:6a:83:1c:87:c3:c6:99:b4:dd:a1:98:9c:e5:
0c:6e:d0:5c:0d:ed:fd:b8:79:e9:98:b8:4b:42:f1:1e:a3:ac:
b5:47:7d:fb:82:98:d5:fe:9f:de:13:f4:5c:3c:76:1e:59:e0:
16:3d:5b:72:47:af:ad:b2:e4:29:11:13:4d:d5:4d:68:22:bb:
89:d1:96:e9:27:c3:22:45:60:57:23:f2:9f:21:ea:4b:7d:a8:
8a:12:a5:c6:8e:4d:fc:ab:85:45:20:c6:ee:27:8c:40:82:c3:
b6:63:65:b2:ef:69:6a:b8:93:94:9e:6b:dc:c1:2f:fe:69:f6:
98:49:56:f8:26:64:17:e2:a0:c5:ca:6d:8a:e0:f4:c5:2e:9d:
6c:4c:0c:9d:be:0d:17:4b:bd:5e:f0:5b:00:72:1e:b3:21:7d:
b6:7b:d4:a3:c0:78:91:7c:32:c5:d1:e9:61:da:1d:3c:dc:92:
a3:a1:d2:5f:0e:e4:13:f3:53:4e:c8:27:18:4a:87:61:c8:da:
3a:1a:65:f1:1f:e5:d7:fd:f4:04:6d:1f:bc:94:8b:da:9b:db:
f3:a0:a9:47:b6:b8:5f:d9:e8:c0:d4:ba:e8:a9:a0:af:79:3c:
00:9f:f3:2b:c6:18:4a:6b:ce:a0:04:ba:ca:12:92:f5:c9:02:
44:c7:05:a8:cd:3d:97:f7:33:dd:3d:5a:ac:b4:0b:ca:d1:54:
2d:3a:fb:2f:40:4f:54:e8:6d:ad:f2:4d:bd:b0:50:43:85:43:
8b:f0:24:af:88:c2:2d:dd:d7:ac:da:ea:fc:d9:02:b1:20:a6:
28:f6:99:ee:51:55:b9:70:56:84:83:96:a6:d3:4c:a3:7f:a1:
b4:ce:9b:75:6b:da:d0:57:d4:d0:9d:55:a4:2e:c3:05:93:70:
09:a3:ce:e3:1d:f9:b9:6e:10:e3:a7:94:17:c0:4e:e2:dd:9d:
17:60:64:00:34:2d:bb:50:03:13:9c:a5:d5:2c:c5:1e:8a:c7:
25:c5:aa:5a:3b:c0:f7:9f:c7:b1:89:29:e4:da:02:dd:14:e7:
42:70:ef:a8:13:03:0c:53:81:d8:32:06:ea:25:f7:df:29:66:
17:b2:b8:56:af:8c:7f:4a:99:66:3f:ab:53:7e:5b:23:ad:3e:
01:77:d1:58:db:a4:33:5f:19:71:fc:cc:58:79:e8:bc:85:b4:
1c:5d:a6:3b:95:49:41:23
-----BEGIN CERTIFICATE-----
MIIHLjCCBRagAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1TUFIx
EDAOBgNVBCkTB1ZQTiBTUFIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
MB4XDTE4MDMxODIyMTMwNloXDTM4MDMxODIyMTMwNlowgacxCzAJBgNVBAYTAkRF
MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tU1BS
LWd3LWNrdWJ1MRAwDgYDVQQpEwdWUE4gU1BSMR0wGwYJKoZIhvcNAQkBFg5hcmd1
c0Bvb3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANmowNDa
f1Pz+ACS/w8DzUiRIu7i6yfteeWBnVTh4pF0wmmbIV6sq7nFXHefINYYju/szU5D
jqm1750YUPKVmJi7c+CNKkQt2kNa80qPENaZ50TuQAWjHgIgVC1IPpkjk/+2dIk4
rVKPwC0B2qolvH8lj1VXgt6ieRU6CwLCuB5JtvKbOEz0wCS2sCKPscz0R+/9jf+9
DAB6Cr1t4MkawJ7h3mn17N3tmfDUqyGr3hf8nvJgMFBTJsRLKcgdNEfDUGYT1cJ5
8rqNlBjssx24T2Kv/V72tvgv0Y88jDQLJIAO/swqWcYaqKHQAvvmg3zYfri10V9M
sExKswfEvGLgly+3EkMhPuEU9Jqi+c5m4awKGx6Ww0YgJJkhgHw+D8/7/EjiaXM2
sVwSWijStYRmf/LmYlS2Ts38MHAC0WjTd2j8iOB1a4djDv2jGSv0iq3zpv63I0FC
DqVqTWhzJGkMsUowk4AyWrnKNsMfC4ZHG2c8DThAAuKW/OOu+hamGAkUuNC6SYMh
GZus/VoPJudF5vp+5AkthAo/N5wPxIm/nWJXV8Nr9Cd24TIb7TeX6ESWCkZMs/O3
1BWxJZ93n5Pv6uEPlBp1bh5oj69F2vVm9kal8YmpO8jkuwzuwJgs7f300aiG+JJF
+Pz68w/5B170pguuybyq8UQNJJhYMyo9L9nBAgMBAAGjggFqMIIBZjAJBgNVHRME
AjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNh
dGUwHQYDVR0OBBYEFBNSxrpHA9HfrvuHjvuKZnTXkdN2MIHTBgNVHSMEgcswgciA
FHHdskSE3v+RJciX4ZEOWD5SJZ+qoYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0G
A1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZ
MBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLVNQUjEQMA4G
A1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDM
4YnNjPc/ejATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0R
BAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBAEDGKiwnx2nlVB4VpK+H
4fE6KYLjqGCpZLliRxXD2V/zLwXt63hYGMPUxUmqq+nnQAIzbReOf4/3avwuaoMc
h8PGmbTdoZic5Qxu0FwN7f24eemYuEtC8R6jrLVHffuCmNX+n94T9Fw8dh5Z4BY9
W3JHr62y5CkRE03VTWgiu4nRluknwyJFYFcj8p8h6kt9qIoSpcaOTfyrhUUgxu4n
jECCw7ZjZbLvaWq4k5Sea9zBL/5p9phJVvgmZBfioMXKbYrg9MUunWxMDJ2+DRdL
vV7wWwByHrMhfbZ71KPAeJF8MsXR6WHaHTzckqOh0l8O5BPzU07IJxhKh2HI2joa
ZfEf5df99ARtH7yUi9qb2/OgqUe2uF/Z6MDUuuipoK95PACf8yvGGEprzqAEusoS
kvXJAkTHBajNPZf3M909Wqy0C8rRVC06+y9AT1Toba3yTb2wUEOFQ4vwJK+Iwi3d
16za6vzZArEgpij2me5RVblwVoSDlqbTTKN/obTOm3Vr2tBX1NCdVaQuwwWTcAmj
zuMd+bluEOOnlBfATuLdnRdgZAA0LbtQAxOcpdUsxR6KxyXFqlo7wPefx7GJKeTa
At0U50Jw76gTAwxTgdgyBuol998pZheyuFavjH9KmWY/q1N+WyOtPgF30VjbpDNf
GXH8zFh56LyFtBxdpjuVSUEj
-----END CERTIFICATE-----
SPR-BE/openvpn/gw-ckubu/keys/gw-ckubu.csr
+29
View File
@@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIE7TCCAtUCAQAwgacxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
IFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tU1BSLWd3LWNrdWJ1MRAwDgYDVQQpEwdW
UE4gU1BSMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCAiIwDQYJKoZI
hvcNAQEBBQADggIPADCCAgoCggIBANmowNDaf1Pz+ACS/w8DzUiRIu7i6yfteeWB
nVTh4pF0wmmbIV6sq7nFXHefINYYju/szU5Djqm1750YUPKVmJi7c+CNKkQt2kNa
80qPENaZ50TuQAWjHgIgVC1IPpkjk/+2dIk4rVKPwC0B2qolvH8lj1VXgt6ieRU6
CwLCuB5JtvKbOEz0wCS2sCKPscz0R+/9jf+9DAB6Cr1t4MkawJ7h3mn17N3tmfDU
qyGr3hf8nvJgMFBTJsRLKcgdNEfDUGYT1cJ58rqNlBjssx24T2Kv/V72tvgv0Y88
jDQLJIAO/swqWcYaqKHQAvvmg3zYfri10V9MsExKswfEvGLgly+3EkMhPuEU9Jqi
+c5m4awKGx6Ww0YgJJkhgHw+D8/7/EjiaXM2sVwSWijStYRmf/LmYlS2Ts38MHAC
0WjTd2j8iOB1a4djDv2jGSv0iq3zpv63I0FCDqVqTWhzJGkMsUowk4AyWrnKNsMf
C4ZHG2c8DThAAuKW/OOu+hamGAkUuNC6SYMhGZus/VoPJudF5vp+5AkthAo/N5wP
xIm/nWJXV8Nr9Cd24TIb7TeX6ESWCkZMs/O31BWxJZ93n5Pv6uEPlBp1bh5oj69F
2vVm9kal8YmpO8jkuwzuwJgs7f300aiG+JJF+Pz68w/5B170pguuybyq8UQNJJhY
Myo9L9nBAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAGvhTaDqObFzTbnEdTmfM
Oyatagcmh3GIrnyfrn1YK6eZcLCbAodoJMoQE7h0vY32wgwBb59LmjCHElE3GZLG
8OF/cF8qWwSeQYH3rQ7+xsL1b5VF0pdM6UVFfGWUQZJEybj7Hg99ZDjb3co9NdkZ
a1qUub+fi6K9ldcZuFfK92eb6ujj8dGCWNcPIsnqbO+hJAvyZBdJxeeEuiaEvPI0
cv+jaqcuf1txzDwsUG4GVZFjaL2bbk9C+PWKO1lH5dtT0EYhHCGMMthp9dGR513X
M0CLQZhBSFKVt/ZeYD6u4T5fnMylMkSw10vGFmFZTrOa0mvh8QjRzdOJvlxv1lnr
9ZRYIBhzZ47I3N7Hm0xopXpLx22em0P1rk6cXyu5Rjt0NQuyLQHbgKV1r5Z/l9KI
0MN3zB/NSRB/SU+60w0f5Vm4n/6radE4BSXlwMyL9AJy5UpKMePEkSI2eTe58JnH
bIpphpJapGTKdkKyEegdZql7VuZKEoitZLcsIiY040rMYIPTr4w9QADHHFdF1TGy
oIYwgJF0KagHLCTUAte35B9WZ+23ASnUIuYFtv2HgpVCGMrW94Psy8efFI+iM+Yk
zJp3mTVhihoypS36XPnOSgMZJzRkdd0i1tAGSRzfuSqTCHz4CcerXl7W/d7vX5YC
kE4SPiTbo4N2pDtRsu0leQA=
-----END CERTIFICATE REQUEST-----
SPR-BE/openvpn/gw-ckubu/keys/gw-ckubu.key
+54
View File
@@ -0,0 +1,54 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJpDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIsMy/MytYtzsCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECM8bcaVcNffeBIIJUNOSqKmf153a
NBjm25drvNrgo+bEd2kxywgcjqIyl/csUjkbx3WWANZZAdRIFgtM2mN6xiGPAzpB
AMU+0FhbMeSC4aaoE6kbu0QREcHxgLemoA1+3c/VMfzTXJQ5xtr84pyBfj7lwYTh
uOC8k5WYV0VCWWwj39TAAfF/eqIzfuN4L2ybSgQyHHyWQPvCgfEPMZi5lBcPtZT5
OQgS30tFTgNOmz+wTex6uOJi0Qqo6MvH3rWv5rRwO17FZU6v+SLXcopvZfrO4WLN
AMHzjIvvfwmO+7/ypLnVdBYCd+CpvBUwcEbPVqrddWhNgidlOkoQzVnK34wexRvm
eDjmm8JbTHFQP8+DMEAODlMPNxMD1vCC/vM7bKMjCNYGjRwrxtL9Z8drp1wgzULJ
8AY3J72+lL1yMQNoch0Niuda3RDBs68FeVvGaFmGCPlzDdfTlex0Pi+BFeuTao0Q
7Y9zfcjyv+p4HxMg6YoIIQYOEogWO58GF1UL0zOJD81j4ihkT7HTWtOskw5E6Kfq
WEWyW5Oe4xR0PZpHNrYVURNg6kIxEBwRFfskFofGac36tKJ2fJseESkuqvXLenNt
Y0Epi/AxwEZa0E+G2ewNPNoBAIvRlOx0CBWWQKeCVaOgsOD0zyqYPsCGFWDl+2d5
i8afGhTw/8oqhwNwr25tWhW1xKbMEGchycywGGQloGvquv7kchJb6lDADZtF1++v
4wgRwtiBYOvkqXSLOpFiZinvmUMmqXD7PqG9yWF7XlnRV8JJ61RP2cuKCTXXCGfI
dtzLnet/4lUV7S0Wd3g1US2iPz6LJ+ngOBQEbAqFvInBiZFyduPwQJo0yswDyJYd
WNhmHumuFSSCdnAF6qVjuKhsNhftY5w+xww6RhAqst1idoVqYSt1LLODwKVQfIPs
uctF108LBYPBGf5tEC5Z1KRpDQO41q3F91eTZTVEH8Su1pW7IbMGt8XTUVRJESbQ
SYH5ELMdd+tb1ccD2fZZV3R6V7vI7ejAzOWdmjqaITtPGsFcMevc36YmJ18OQVBe
mTZJjdx28sGrsoqCSvgc7ii0DFLWZrRs4WRrgoxQq/G0zKLuuGXhlEgVw9QhIfeo
fMj1ebR0oElSimcqwPJYI/DDfhYZUA5Mx2Ewnfs1NS+CGoo+UcDKNHQRR3uEmP7T
1Mhg+MQ3b6ssZ8uZQut1E6bALf9ipH5xkN6rgniJsBL3lzvkN+/5XiE5qz16bmkN
gpF1+8G0/pjDi7a0Fw602ffdD1XAfcV6SMobDgTyMmjybgZHzf6cFy9gKrRa6WV0
do4Oc+uv0Nmj6wrAYO4s/nuJnpeTY0wbuHJgcYnTmUX15kIw+bPJ2UIGjyS8QpkF
evX8XeN48U9mknoQv1OfC6+kE6jgqQiDzigy9nSHFc4kIQWsihO6NKDEia11RWCn
QN3t8sHDNZdFY3dy7nnQRIhFNEy6InjLnUbfhuzgZVaVoaqULH8EmoE78z25zi0H
Xt6P+hkW8zZthYHsucVvyiNqZmIb50MK/5VHuORXsepWD9hX/rEyFxsv71AyBl9x
TSHjk4cgBqVh3uRH8NxNNvWnx7Th03Zk4/2dzNUc5taj3WX2jCH1vaKBMI1BBHJD
QWNIrwCExUOIAbYJLGkyihnTv4PCRlZrYQtMyx0laxYRdWR6lsIk83jcMWkWfhPf
YbYd/XIIR+hOFrUIM28Y2TTPHpJhbuORP7z18o2heUV0ZD3LdMi27/JtsSZHlbOu
nqdP9reWG8Kx6mjEdSFe5hTD0VmZ3Yks1jGp3QBcxQivAbLoXsP5VOMOPr7zXmb1
m9uWqtC+/1L6lAg5iH0YNyvrmRL02uzMiEXBQQDx0CYqcWJY+hwaXU6MnSyUMH7F
H7wAW2cqq1XCBVFWUIPI6P63LUlgewzmseaAGgD7tfbGSsx7BwseMXUwtdOYt+Rp
H8/3QeLLAfgD2Kl7Mv8F8l+KsBRNpaSJVYCqYH5ogzjRiuwDwsOmRdHKRh+r825g
fAJsI3grgZOd7poDQSisRZKOAF/ytTclreostJGfwLEE7IpUA/R7yLPCTI/mdPwT
4zRZ2N0fovkApA6hvhIpnhaA5XXuY7gmN8E0tgokZ7NsiL0JgFUFevEwzvZhlCJI
7edh2kPl379+bT1lgy37Z0V8ntU0S3I/g+6RsepDuWtCGsW434Z+iAAv7aKPJz0H
UqNHS4vElG8tQKBkO+qWRdC19hmM5itQoy/nD935hyZgRBZKFTmO3kNPPyvHVTdJ
hYTN/WAuXAMrP5HvkMv4AXZLQSk/YJCcJsPN5p8Kd40oEuwMumI8HCwXlSnpHnro
prdZrrCCUQ2232zCw5qQ4KZl7i5LB8AkLmNXtMUscHf6Nge3GSTILFaKoFYrDPF5
P6u21fO1R2HcA+b7xKzK6ecpPZA25ggxPMqvRwCnT/gueVSXjOIhd3f2pEs3yVWM
W0HenWuiWcbryuzcPAJytianU1KqtrEYhqFTxcdJAYa4xvFbCtGrmVuJ8NRomSg3
BdL8lOfdYxE5R8VYfVxw2jcLiK4o2Bqjt17kHTzzP95E8Eybkzgo5vycmMedOBsn
rBOUJXYFSo6hONNiMR1vlIxNi2Tdo9w5wKHUerVdXhVSLgvC7SeJeArN6+To+MVR
n73jBAA48VcA8d5miDNnfwEDguP/Fg3+vo9VAWccR3lq9tHT1GkNyz0gyYLxmwoV
2w+QkNYM2SzbrsDJ0GEN7s8gEkeQHuwcXHsdyJnLJQJsTrZaaHDd65BMXseE9dwu
Lgf0zuiq2DCDTJEvabd9siS7wDOxJAKzd3atP1O4ylnzSHgvi7DNQJ8Xeu8FF43L
Sn6KmWhdtfIhL3uNAvI2/6434qWKU4WE5Ro/TjI4uMxmfkTTQPmffJTGnH9nYJjJ
aURTTNSKQGbeyBS9KEUjSyQAAXBaDka4zP93eOi66aeUNaMcod1aKLo9r1LpjVqe
3qLBy7cCP56qaMTJChhwhYWtwyu5AqX2fk4LRAOrm7olFNlbJ/QMYEahztZzFuiO
hCCGNebRqk7IYmXnvoA1gJ7VJEov1QYeLX9xnZqF+qwHzs29pNZwADtvBlWn+MT4
yCy2JxLwIwfVuMsJWRzvHcpeOzmgtDIgUkqGzpjPB5bdtbr7GFbFkpms29DmGLtT
Ujfylfy4W1TZtS1ryCsskAiOrTpXH0G7
-----END ENCRYPTED PRIVATE KEY-----
SPR-BE/openvpn/gw-ckubu/keys/index.txt
+2
View File
@@ -0,0 +1,2 @@
V 380318155951Z 01 unknown /C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR-server/name=VPN SPR/emailAddress=argus@oopen.de
V 380318221306Z 02 unknown /C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR-gw-ckubu/name=VPN SPR/emailAddress=argus@oopen.de
SPR-BE/openvpn/gw-ckubu/keys/index.txt.attr
+1
View File
@@ -0,0 +1 @@
unique_subject = yes
SPR-BE/openvpn/gw-ckubu/keys/index.txt.attr.old
+1
View File
@@ -0,0 +1 @@
unique_subject = yes
SPR-BE/openvpn/gw-ckubu/keys/index.txt.old
+1
View File
@@ -0,0 +1 @@
V 380318155951Z 01 unknown /C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR-server/name=VPN SPR/emailAddress=argus@oopen.de
SPR-BE/openvpn/gw-ckubu/keys/serial
+1
View File
@@ -0,0 +1 @@
03
SPR-BE/openvpn/gw-ckubu/keys/serial.old
+1
View File
@@ -0,0 +1 @@
02
SPR-BE/openvpn/gw-ckubu/keys/server.crt
+141
View File
@@ -0,0 +1,141 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
Validity
Not Before: Mar 18 15:59:51 2018 GMT
Not After : Mar 18 15:59:51 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR-server/name=VPN SPR/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:a3:49:18:ae:69:4f:5c:4a:34:b1:85:9a:4d:a5:
ce:f6:2d:b5:6a:9e:40:27:02:3b:57:e0:75:ee:1c:
fd:eb:20:56:eb:ed:24:f1:57:a5:cb:ad:0d:09:af:
15:f3:9d:a4:67:8d:e5:a8:67:d5:1b:b8:36:f6:e6:
9c:d3:e8:29:08:d6:8f:a3:5e:e1:e5:30:eb:07:bc:
03:c2:95:a4:93:cc:19:86:c1:89:fb:9d:f5:38:9b:
10:01:6b:74:d2:20:8e:4a:65:34:17:1a:85:39:d4:
35:2b:04:f3:37:4f:f5:93:12:06:fa:c5:04:c3:73:
30:30:1f:33:69:86:bc:60:cf:fb:38:ae:6f:8a:21:
0e:76:35:7e:ba:0d:ad:ae:4c:6b:d0:cf:3b:73:a9:
1e:58:cf:ce:bf:45:8c:52:75:ee:da:a3:f4:6c:24:
8b:bd:b6:f2:db:59:fe:b7:7b:ef:8e:b8:30:ad:67:
dc:bf:3d:ca:d6:e4:b3:86:bc:60:fc:f9:a5:ba:5a:
0c:9d:c9:72:ec:ab:73:6d:2b:f5:9b:f0:a6:a5:c2:
31:6c:5c:a6:54:47:1e:65:73:2b:47:80:bc:27:29:
28:be:45:12:77:5c:44:51:cc:91:55:d3:36:5d:dd:
f1:01:18:68:c5:08:de:ee:06:9b:0c:d3:a7:94:c7:
99:75:c2:bb:f8:2e:19:46:db:d8:13:70:7d:a1:96:
6e:21:8b:32:1b:d6:8d:74:4b:a9:1d:43:53:d2:11:
3b:d9:63:b0:6a:ac:a8:e2:70:15:62:aa:c2:15:d2:
1e:df:34:1e:45:3a:30:b7:54:1a:25:2f:73:c0:d8:
1a:6d:8f:80:aa:7e:86:1a:84:e3:0a:c0:89:61:3f:
fd:bd:19:40:b3:cb:de:2d:aa:97:af:dd:cd:a2:28:
33:17:ae:50:bb:2b:00:d1:01:8a:25:32:56:d8:09:
fd:58:22:fe:33:a1:f3:b5:16:cc:59:ca:d8:d3:8e:
dc:62:13:25:05:c6:6a:02:fb:82:83:35:7b:e4:33:
84:71:18:fa:bb:6e:48:3f:ec:be:72:a2:dd:38:bd:
7a:69:89:28:6c:46:79:bf:34:30:39:5a:9f:a7:e3:
9d:15:73:29:f3:24:f0:84:51:27:38:8a:20:5d:cd:
d6:47:e8:2e:7c:6c:e1:8c:10:29:0a:79:96:24:fa:
94:29:a1:6f:dc:d8:94:fd:d6:f7:62:24:6d:a5:cc:
42:89:94:ee:8c:c4:19:31:0a:49:9d:e2:87:0a:29:
cc:f0:b1:ab:8f:d8:11:71:46:de:2c:d3:a7:5b:2e:
5c:f7:54:92:97:f8:1f:7b:42:23:b9:1e:47:0d:57:
2a:24:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Netscape Comment:
Easy-RSA Generated Server Certificate
X509v3 Subject Key Identifier:
BD:B0:0D:2A:D9:8E:FF:E1:91:B4:A5:26:9C:C4:D3:E8:44:B2:BB:D5
X509v3 Authority Key Identifier:
keyid:71:DD:B2:44:84:DE:FF:91:25:C8:97:E1:91:0E:58:3E:52:25:9F:AA
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
serial:CC:E1:89:CD:8C:F7:3F:7A
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
DNS:server
Signature Algorithm: sha256WithRSAEncryption
5a:36:4b:aa:dc:7c:3a:1d:93:f5:e3:d3:b4:cd:45:e9:ff:64:
9a:61:36:57:06:91:e7:39:24:cf:3c:4d:4a:3a:48:97:49:dc:
90:96:d4:4b:0c:35:a2:88:01:47:f6:a0:5a:74:71:cb:7d:08:
60:2f:4e:ba:de:99:20:e1:8e:75:d1:f6:96:69:9f:53:ed:e6:
7a:31:4a:e2:2a:10:10:94:1b:61:ac:e7:ee:f9:6a:37:ff:80:
49:12:35:f8:65:3e:1e:7d:9f:8a:31:cf:0b:31:cb:a2:37:d3:
7d:1c:41:cd:c9:0c:34:da:bf:5a:d5:52:da:6d:71:fa:37:10:
f1:73:02:5e:0d:01:34:ab:fb:88:5f:ea:ee:9e:e0:1a:e5:58:
e1:b7:f2:a6:01:62:bc:80:2c:42:c0:7a:b9:1d:9e:00:0a:bd:
87:d6:e4:a5:19:ba:65:c5:24:ba:e5:b7:a5:81:3d:34:b2:20:
1c:29:93:98:02:7f:1c:49:53:eb:c9:ef:73:35:cf:31:61:f8:
34:1f:cb:76:58:22:fe:4b:ab:93:b3:83:71:93:1a:5d:78:66:
29:3f:f4:f6:d5:4b:d5:ff:ff:f4:83:2d:f3:73:c3:d9:33:f2:
af:97:4f:f2:f3:f7:54:80:32:30:5b:b3:db:cb:a9:23:e0:df:
e1:d6:bd:db:3a:36:55:52:19:e7:1e:6e:72:0c:25:43:31:c3:
b5:01:27:af:72:85:e9:ab:ce:5a:62:8b:c0:73:be:67:52:56:
a2:6c:04:74:66:46:ab:fb:03:d3:3a:89:e9:7c:8a:0b:e5:d1:
01:52:00:41:f1:aa:fe:48:8b:ab:af:e1:4b:40:16:2e:f0:3e:
50:cb:6d:d9:bb:95:1f:f3:56:17:6e:67:aa:00:bd:da:9b:2c:
8c:b5:dc:3c:41:0d:87:7b:05:5a:6f:a5:a2:d2:cf:bb:a0:7e:
d5:aa:d1:cc:d8:57:9a:81:cb:ef:7f:ad:76:95:eb:65:6f:c0:
2e:21:61:fa:9c:6a:ee:f3:f9:d3:7a:9c:e1:5a:37:83:1d:61:
85:01:70:26:54:29:bf:52:50:7c:ff:5c:24:94:0a:5e:f5:37:
a8:36:2a:83:c8:d1:1a:ae:bb:19:b3:1b:a1:68:14:ef:33:a5:
7a:d1:b7:ff:74:d5:69:08:91:f7:f2:d6:e1:12:c2:17:70:e2:
13:f8:17:92:31:19:46:35:a9:13:79:f9:cf:2a:b9:8b:7a:2b:
b4:76:d0:0f:3b:75:0c:99:99:a7:dd:26:f1:da:82:7b:f7:d7:
67:8c:cc:c8:16:63:c9:c2:23:47:71:a1:cd:34:88:a9:8a:fa:
59:f3:1f:08:ab:e1:33:a6
-----BEGIN CERTIFICATE-----
MIIHRDCCBSygAwIBAgIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1TUFIx
EDAOBgNVBCkTB1ZQTiBTUFIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
MB4XDTE4MDMxODE1NTk1MVoXDTM4MDMxODE1NTk1MVowgaUxCzAJBgNVBAYTAkRF
MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRcwFQYDVQQDEw5WUE4tU1BS
LXNlcnZlcjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCjSRiuaU9c
SjSxhZpNpc72LbVqnkAnAjtX4HXuHP3rIFbr7STxV6XLrQ0JrxXznaRnjeWoZ9Ub
uDb25pzT6CkI1o+jXuHlMOsHvAPClaSTzBmGwYn7nfU4mxABa3TSII5KZTQXGoU5
1DUrBPM3T/WTEgb6xQTDczAwHzNphrxgz/s4rm+KIQ52NX66Da2uTGvQzztzqR5Y
z86/RYxSde7ao/RsJIu9tvLbWf63e++OuDCtZ9y/PcrW5LOGvGD8+aW6WgydyXLs
q3NtK/Wb8KalwjFsXKZURx5lcytHgLwnKSi+RRJ3XERRzJFV0zZd3fEBGGjFCN7u
BpsM06eUx5l1wrv4LhlG29gTcH2hlm4hizIb1o10S6kdQ1PSETvZY7BqrKjicBVi
qsIV0h7fNB5FOjC3VBolL3PA2Bptj4CqfoYahOMKwIlhP/29GUCzy94tqpev3c2i
KDMXrlC7KwDRAYolMlbYCf1YIv4zofO1FsxZytjTjtxiEyUFxmoC+4KDNXvkM4Rx
GPq7bkg/7L5yot04vXppiShsRnm/NDA5Wp+n450VcynzJPCEUSc4iiBdzdZH6C58
bOGMECkKeZYk+pQpoW/c2JT91vdiJG2lzEKJlO6MxBkxCkmd4ocKKczwsauP2BFx
Rt4s06dbLlz3VJKX+B97QiO5HkcNVyokuwIDAQABo4IBgjCCAX4wCQYDVR0TBAIw
ADARBglghkgBhvhCAQEEBAMCBkAwNAYJYIZIAYb4QgENBCcWJUVhc3ktUlNBIEdl
bmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFL2wDSrZjv/hkbSl
JpzE0+hEsrvVMIHTBgNVHSMEgcswgciAFHHdskSE3v+RJciX4ZEOWD5SJZ+qoYGk
pIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
ZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
czEQMA4GA1UEAxMHVlBOLVNQUjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3
DQEJARYOYXJndXNAb29wZW4uZGWCCQDM4YnNjPc/ejATBgNVHSUEDDAKBggrBgEF
BQcDATALBgNVHQ8EBAMCBaAwEQYDVR0RBAowCIIGc2VydmVyMA0GCSqGSIb3DQEB
CwUAA4ICAQBaNkuq3Hw6HZP149O0zUXp/2SaYTZXBpHnOSTPPE1KOkiXSdyQltRL
DDWiiAFH9qBadHHLfQhgL0663pkg4Y510faWaZ9T7eZ6MUriKhAQlBthrOfu+Wo3
/4BJEjX4ZT4efZ+KMc8LMcuiN9N9HEHNyQw02r9a1VLabXH6NxDxcwJeDQE0q/uI
X+runuAa5Vjht/KmAWK8gCxCwHq5HZ4ACr2H1uSlGbplxSS65belgT00siAcKZOY
An8cSVPrye9zNc8xYfg0H8t2WCL+S6uTs4NxkxpdeGYpP/T21UvV///0gy3zc8PZ
M/Kvl0/y8/dUgDIwW7Pby6kj4N/h1r3bOjZVUhnnHm5yDCVDMcO1ASevcoXpq85a
YovAc75nUlaibAR0Zkar+wPTOonpfIoL5dEBUgBB8ar+SIurr+FLQBYu8D5Qy23Z
u5Uf81YXbmeqAL3amyyMtdw8QQ2HewVab6Wi0s+7oH7VqtHM2Feagcvvf612letl
b8AuIWH6nGru8/nTepzhWjeDHWGFAXAmVCm/UlB8/1wklApe9TeoNiqDyNEarrsZ
sxuhaBTvM6V60bf/dNVpCJH38tbhEsIXcOIT+BeSMRlGNakTefnPKrmLeiu0dtAP
O3UMmZmn3Sbx2oJ799dnjMzIFmPJwiNHcaHNNIipivpZ8x8Iq+Ezpg==
-----END CERTIFICATE-----
SPR-BE/openvpn/gw-ckubu/keys/server.csr
+29
View File
@@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIE6zCCAtMCAQAwgaUxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
IFNlcnZpY2VzMRcwFQYDVQQDEw5WUE4tU1BSLXNlcnZlcjEQMA4GA1UEKRMHVlBO
IFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwggIiMA0GCSqGSIb3
DQEBAQUAA4ICDwAwggIKAoICAQCjSRiuaU9cSjSxhZpNpc72LbVqnkAnAjtX4HXu
HP3rIFbr7STxV6XLrQ0JrxXznaRnjeWoZ9UbuDb25pzT6CkI1o+jXuHlMOsHvAPC
laSTzBmGwYn7nfU4mxABa3TSII5KZTQXGoU51DUrBPM3T/WTEgb6xQTDczAwHzNp
hrxgz/s4rm+KIQ52NX66Da2uTGvQzztzqR5Yz86/RYxSde7ao/RsJIu9tvLbWf63
e++OuDCtZ9y/PcrW5LOGvGD8+aW6WgydyXLsq3NtK/Wb8KalwjFsXKZURx5lcytH
gLwnKSi+RRJ3XERRzJFV0zZd3fEBGGjFCN7uBpsM06eUx5l1wrv4LhlG29gTcH2h
lm4hizIb1o10S6kdQ1PSETvZY7BqrKjicBViqsIV0h7fNB5FOjC3VBolL3PA2Bpt
j4CqfoYahOMKwIlhP/29GUCzy94tqpev3c2iKDMXrlC7KwDRAYolMlbYCf1YIv4z
ofO1FsxZytjTjtxiEyUFxmoC+4KDNXvkM4RxGPq7bkg/7L5yot04vXppiShsRnm/
NDA5Wp+n450VcynzJPCEUSc4iiBdzdZH6C58bOGMECkKeZYk+pQpoW/c2JT91vdi
JG2lzEKJlO6MxBkxCkmd4ocKKczwsauP2BFxRt4s06dbLlz3VJKX+B97QiO5HkcN
VyokuwIDAQABoAAwDQYJKoZIhvcNAQELBQADggIBAI6QRLHWK/ezt9t8yLbpFx4M
mtORWMRiS1JWK3so4CHiXNihm8RIAUkigfKk8PLn25DO9ZRuv4uoB6/lOcYX448Z
CuAW3y1ciej3uNYh3ok+rqrd2QMSiNsq1ZKSrxH3apzm7Bx2RcXUzE/1pYbWXcY5
6VbuKjHmMcGMtRXr2DJyhZURmFs03d38b2qJ+TtbpEQJQr/J9nnC2bouFo9MiV8A
drBS2mfFtjby7kdvHOGMuE4uoy8ANXdde1dMfpIyy+znsX8o0Byi91wWqKueaWpV
62TxyJfXCA0BbZH0oeaVDReSYK7Q1oLOai2sGjWpK0JmZV6t+X7Ra3SqWNgQrgPw
n/W+U/hcKFSedhaY5xu+HnonNUVDLNhHH1P4LngaCpUOGLdW/deJm3DoFGj2jSp3
eDbLCFdj2Hi+LXYrpN7GNYnz5WdkRhsd2AWDnvxNi+LrQUbM4n0JCCVAglSTHnze
c/zG1ssuD9AuU5RcvBd9no4EWdeygxr3MFNB85cMuKF5x/fkPcP7XM2JXlEgDusU
UvJp9VnWNgB/zvpjetqbL5KCfUdXyRAxuQ7NK01vtZzVz3pjiV/iT21ocobIySPB
LPI9ZpVvWwkQPM1wLmez4nLg7+Kj6fyrX/kx6fAaCQVjOrJI22IoKMg/rNxDgkQe
Y2UEmQLAqTK8ichJa/Pi
-----END CERTIFICATE REQUEST-----
SPR-BE/openvpn/gw-ckubu/keys/server.key
+52
View File
@@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCjSRiuaU9cSjSx
hZpNpc72LbVqnkAnAjtX4HXuHP3rIFbr7STxV6XLrQ0JrxXznaRnjeWoZ9UbuDb2
5pzT6CkI1o+jXuHlMOsHvAPClaSTzBmGwYn7nfU4mxABa3TSII5KZTQXGoU51DUr
BPM3T/WTEgb6xQTDczAwHzNphrxgz/s4rm+KIQ52NX66Da2uTGvQzztzqR5Yz86/
RYxSde7ao/RsJIu9tvLbWf63e++OuDCtZ9y/PcrW5LOGvGD8+aW6WgydyXLsq3Nt
K/Wb8KalwjFsXKZURx5lcytHgLwnKSi+RRJ3XERRzJFV0zZd3fEBGGjFCN7uBpsM
06eUx5l1wrv4LhlG29gTcH2hlm4hizIb1o10S6kdQ1PSETvZY7BqrKjicBViqsIV
0h7fNB5FOjC3VBolL3PA2Bptj4CqfoYahOMKwIlhP/29GUCzy94tqpev3c2iKDMX
rlC7KwDRAYolMlbYCf1YIv4zofO1FsxZytjTjtxiEyUFxmoC+4KDNXvkM4RxGPq7
bkg/7L5yot04vXppiShsRnm/NDA5Wp+n450VcynzJPCEUSc4iiBdzdZH6C58bOGM
ECkKeZYk+pQpoW/c2JT91vdiJG2lzEKJlO6MxBkxCkmd4ocKKczwsauP2BFxRt4s
06dbLlz3VJKX+B97QiO5HkcNVyokuwIDAQABAoICAEX72Vk/h6UdpPIFOjpXe5nl
w2C8DPDrMvYaHVF+GZKCHN8nl/LcxxHBzNm+siDlCwbbOXhxcFReIyi1dLgaRCQm
mg/CZf1udv2spsvqiUxTaQlpwDMY43Zsd3K0VLCPBY17TNUuJ7W+bz9N8tRdL/rl
+hnXAZCnuRqW9Nkgx3KTEbCciu/f9SvTB8rEfBE9beRkPa336SrVfl5ad6cMJuCM
7wC+tSoN1I8RRmvr8aPw6+QWpPVOjbaG9S8lZEho05BIcinaoqgvX9yFv9IjVbmr
vrUcDKoIhU2kDAOseHgsWusZ/a0s3ZdVn2DyktWuf1Ih3R2+DJZmPGRF/wh0eB/i
gbht0nQXCylbiA0BxwS3HtRg2eqU7xE07YEuo19hKl8JmWe2aFwqs9L7WvkNU1Y9
Ega62Z83vPZdDkdWKhEj/y6lgbMj0N8OLHAjXRVfecMM3X5Rq5l6sTpwu6Np2jH4
J0QSPGipFt1Z1WWrgxuMTh+O0vMYRzZHoBqRORT1fFClAxbBe9NA7hia+uq8c+PQ
cE2jb8o2gsqm8x236RjgIg0jA8yjryx8KNnpYyN+IHKaXrgykNS6LPM0t7NjpXEA
Ym98u4Vw6Wx/PjE/uFVvP7IJO0705la7He3Mokqk6Irln5JRyaJcKIPF6goP3UmT
4cLakO3Rz0jA69T/d6HxAoIBAQDUTjJks9jGOwkOb38Kao761IUUfl2LjNV4SFUm
S83ZO+8yqEbI2ylcR8WmGGc+y+8RtXDkDEcR/UungnqrmDFMt8DxPlYSvD6AYvnF
OxBhrR86YF780kIaGR5HCliNyj1nbUsbmPcAZN+DtzPwJ/JcH0hVI77CkaDHaQTM
CDmJRCW6nThvAkNG5vNEajvdTXW+2WeHtQKBET7foDoEy63E9ic+1bKUeonlsTvN
JnPSzKzhEQ2mInUF5ujpPrJJLQrkCck0cFrsckGXpYuhtxJKfCy7UUo0JKN2oN5k
ENXP+yx3/VTs9w8wg5/NtxXfcGTlyExEVRGb8vsAbQ6NNrFTAoIBAQDE5Cv1IoRD
Wo9pgbQIkr9I1bbqLPN9e2abdGyclvKSr+cs978ZTijo/FEJQZYvs59Gb70hBkHF
rRXivviLw5Y0Fzf8W9pCh98RfQMuki+eJg9tERvcoqZwYRIJ4lvkiG4WCDdNFV08
rJTebgUXPExkBjG0iKuFe8Fex2dOSaIpBSf10Y7mEdWgtENySAymvpJrU+Z3S8o5
c4k3qPuTBLJKCSZ6uAX6CaVsS0kdb1IrnI8h2xrW/rhP14JH/+qEvi7qNOO6X/n3
cn8RoB8q1O7i9tPnytiQ34MuzIL9qddcK0juXkZHta61rLs+s5mMgOMr0XrYcImB
LY6H9+O6HUn5AoIBAQCgUykFGTejgyN0rkg+wneU/fY9oqvb3Y+7VMxQrkAWQ4eA
Nsm1lqOmV2Dv7E/TgUfZlK5a2Na2xBRkvEkM2lKof7+JrqxrW5LLe3LpOZBGYulJ
OUuiGtnmQX+24B49fTNfro5gmeQ1fPe5zRjAzDnezZTfDq5Y2oaS8EC6H5/rg/YF
9gKO+iN6IKAm0x7AIWXAqQbg2ZW5iB912tbVlkZ0jfrXHaPNMrh+J5hkdRxUXVJU
aH9pLW439cd/lGQolIY77RPvsMVI94OHFHHcvpZmf118W4fw1pZG2Hb5FCmS9TgA
qOOAS5ZB6bQ9MnynDoZzbA4EMEWrAhQAn1q000+XAoIBADXifGVKXQhR8I3fgXYX
M2KrmrPcOYdODnbdFhyE8z5SBeK4qwQx7+BTrZnq6T+E2UJdslUncTi4dhToTv1x
OdpnwFrAiKtMpDAVFpnYSE/v+qjO1eE8YnC/IEC0QpH5BKfi97+Q6UOBt/xn/9ys
E/wL9e6CuO5/QBzAVfWHEWpIjvcnswQkPWMN8qeEMHIyFcBp5dkgVOgERrmE9dT2
pBS/DFjppDkaCrvonsn/fW2SG1oYrO/KJoczY+Rwla5enlhawThwq+ic3UnlmKIQ
RJC5HKWDTmHXyf802WSy5s3CyuLxyio1/uqZq2Utoghh/cowOn6hzgAch7WOkjSN
b4ECggEBALCHLM/0yNro6VoT+4t7xt4qAySwgqHGVB6p6ab4gQlE6vxVc/VizUSg
Tv+u4TRAvT6zWesaw7rk3EdK+0Rh3YEJRQdA0dPhHF6uKoM3Sm5dBQwbH/EUbpL+
mfq25Q0ODC63967tx+/w8he5jrjcHUblVCSYbGpap3edOEpTkF+y4afJqqJtDico
hxog9InN+dO1cQ8VstVVt0WEtBWtCF5MsE8y07UYw1fwagbbrUsX13oqF0iRP3yy
oZOKgOBMpSMwgHEtQSOxM72GRAMbiqE+NX7TGjCH8TqarSf9d0F16tIx+ThYDrva
tFQ3nrI6uytJXZJKQ6yzsnPZyLYxRE0=
-----END PRIVATE KEY-----
SPR-BE/openvpn/gw-ckubu/keys/ta.key
+21
View File
@@ -0,0 +1,21 @@
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
50c09d4cd2d32cbfadcc9ebff8e624d2
f7a5730ff6b708aad8a6bb14b3a7619d
e32764bbe875f11ce46213a35500cc2c
fd0b6bf2e7b8cc2392a478ad7f4e7c7a
3fbe2e50a781ea9a4fd83cfaf64725db
98b4740b145e2d948b3b09975866c03b
a268f82e767fa2517b469ec3e563d321
8156f8f192f75bf8385697aeed6b9f33
fd74e02426437c42dc7a85afd828012a
911e7d8e837249d33a4209dbd0a2c017
c0ee31207a0e5ba05e736fa1c9af1cbb
0b39dab31939eb37df367d1eccf61ff3
28135f42ba70344179186cdd0cac5058
9cb4bac7dd08436d1efbd452b72416e8
59bc9118c2c6aba6107faca0604d947f
ff8569318b234e4ddbb68189b1504969
-----END OpenVPN Static key V1-----