Initial commit
This commit is contained in:
257
AK/openvpn/ak/chris.conf
Normal file
257
AK/openvpn/ak/chris.conf
Normal file
@ -0,0 +1,257 @@
|
||||
##############################################
|
||||
# Sample client-side OpenVPN 2.0 config file #
|
||||
# for connecting to multi-client server. #
|
||||
# #
|
||||
# This configuration can be used by multiple #
|
||||
# clients, however each client should have #
|
||||
# its own cert and key files. #
|
||||
# #
|
||||
# On Windows, you might want to rename this #
|
||||
# file so it has a .ovpn extension #
|
||||
##############################################
|
||||
|
||||
# Specify that we are a client and that we
|
||||
# will be pulling certain config file directives
|
||||
# from the server.
|
||||
client
|
||||
|
||||
# Use the same setting as you are using on
|
||||
# the server.
|
||||
# On most systems, the VPN will not function
|
||||
# unless you partially or fully disable
|
||||
# the firewall for the TUN/TAP interface.
|
||||
;dev tap
|
||||
dev tun
|
||||
|
||||
# Are we connecting to a TCP or
|
||||
# UDP server? Use the same setting as
|
||||
# on the server
|
||||
proto udp
|
||||
|
||||
# The hostname/IP and port of the server.
|
||||
# You can have multiple remote entries
|
||||
# to load balance between the servers.
|
||||
remote gw-ak.oopen.de 1194
|
||||
|
||||
topology subnet
|
||||
|
||||
# Keep trying indefinitely to resolve the
|
||||
# host name of the OpenVPN server. Very useful
|
||||
# on machines which are not permanently connected
|
||||
# to the internet such as laptops.
|
||||
resolv-retry infinite
|
||||
|
||||
# Most clients don't need to bind to
|
||||
# a specific local port number.
|
||||
nobind
|
||||
|
||||
# Try to preserve some state across restarts.
|
||||
persist-key
|
||||
persist-tun
|
||||
|
||||
# Server CA
|
||||
<ca>
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIGxjCCBK6gAwIBAgIJAOsCU4dMDXNfMA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD
|
||||
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
|
||||
BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEPMA0GA1UEAxMG
|
||||
VlBOLUFLMQ8wDQYDVQQpEwZWUE4gQUsxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
|
||||
cGVuLmRlMCAXDTE4MDIwNjEyMTIxNVoYDzIwNTAwMjA2MTIxMjE1WjCBnDELMAkG
|
||||
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
|
||||
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMT
|
||||
BlZQTi1BSzEPMA0GA1UEKRMGVlBOIEFLMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
|
||||
b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKYNRn3v3bgu
|
||||
7yd9rSSHGfKeKuCoT/KQg8054E0HB7zOjCpI3HMrK+UaA/BB47k82aj4zrGBz179
|
||||
Gw3E7EqlMXUeUfWa46FADakj6QrimSzaIctCy5bCHCogBV0HhVaMnTO6+GCoPuLP
|
||||
D779zJ/YzIO3476pWIVuK5AAgqobyGaJ5OPR0rUWrl1yQK48yYQfSbnU0IcchDny
|
||||
VS42E64k+TbOixg5dRHxr/8JQ6UbPHJWE5oePbm5Rx345jV2dU3QjfJTe8HtoUeL
|
||||
TwHsSE+JilWxq1ID4sEIY7+5bvaQCsjVUwim5XHg/8iv0ekHlwmFmz/ycQ1+xMcz
|
||||
NzBqpuZCqkY4NJHclZGwS5L1dEfaLLEAKueUbqFURsyMSoKb0N5S78Gf96E6PgJV
|
||||
De+YtbdxM3S3EAa0Y0NkukBHUGOPiBd9g2EnbW4GfKhsPPWMOWFANl22xupgt5SU
|
||||
HnqF71ofKCNi2Zkc32lJzbHQNIO86N52wI2E8F8iy9SJ2+969SsCxNhBKP8pRFaG
|
||||
9HSeRoi8nTsDcYczERlEb5qhA8+rWho4XpWgDXE4qrT0wmuMqoo1bTPCDsGSkzUe
|
||||
CdUD5/m174RVrnc0o+SyHLIGuS2XpU9KuPBLV4d8CzKakGLudUG/4ikntBZBW7hL
|
||||
IJOOGAv3kaWOj3GbfF/zNza2lC/WvMiXAgMBAAGjggEFMIIBATAdBgNVHQ4EFgQU
|
||||
6meVlB1GjkS/l6QJvUA9ANnT7kAwgdEGA1UdIwSByTCBxoAU6meVlB1GjkS/l6QJ
|
||||
vUA9ANnT7kChgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
|
||||
DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3
|
||||
b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tQUsxDzANBgNVBCkTBlZQTiBBSzEd
|
||||
MBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDrAlOHTA1zXzAMBgNVHRME
|
||||
BTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQAMzcwewxPfcS4H5YYlvYgmy4iCUson
|
||||
vz4RVsyQxinlmnBDMZc7YrkERSQ8O9GWq2Qzge0c0xaEMZxhrkosQi7mAL4JrFjr
|
||||
i1fWYYsocBd/6ZXNkro3uJ231RyOiNWGaFNc3kkorWeGlQmlJsYSK2jtEZtezTGu
|
||||
4yEHZwDLK7ArI1IydUAJ1K4k/P0YLsQw4fcMXtJF5GRpunwy2VGXBOF2WlIMHaMU
|
||||
XKpFDOZGlvnbshIoDuNhdTSVZ3UWkNQSfMnVjv1UDNsxleeJWIjpvB/wNDsIgMmd
|
||||
y4DWJzYO8p9w4bBq4GEdvhiL5tNFdHPRS3v42zAmsjvyJChUbFWApXRdb8p8dmtP
|
||||
qneRvgUKTc+03nv5z7bO653yzuxRCk/4g8SqMKC6qIMeKEOcG9ZDEGs3YJ3d2NMg
|
||||
OHSEkfXSJKGkQfaM3vORjF3zuC6ZFpNSYMMVctAwLfwu7q0YdOfIWPsUFgAtaePp
|
||||
JRDpVjbWGk+/WDVIWO/tVEFmy1xT7CPMEMgMbTGl1mGPezPBeAqgs4LXWlYgQfox
|
||||
K2BhLOD+YwlfvDUaJPhp10oJ6rhfnveTPhmhGslTZzaLYShP1Bg5J21gZf7+Wou7
|
||||
fwpliRLlB8gFk6czpGspmyGdTPjqXOvVxIqffmxRtzsMZJSEJWV/6023AxQdnFz2
|
||||
U7OFfF99B7LFVw==
|
||||
-----END CERTIFICATE-----
|
||||
</ca>
|
||||
|
||||
# Client Certificate
|
||||
<cert>
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIHIjCCBQqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
|
||||
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
|
||||
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1BSzEP
|
||||
MA0GA1UEKRMGVlBOIEFLMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
|
||||
Fw0xODAyMDYxMzM3NTRaFw0zODAyMDYxMzM3NTRaMIGiMQswCQYDVQQGEwJERTEP
|
||||
MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
|
||||
bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEVMBMGA1UEAxMMVlBOLUFLLWNo
|
||||
cmlzMQ8wDQYDVQQpEwZWUE4gQUsxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
|
||||
LmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAm9o3YQBBbQtW48vI
|
||||
VigK2757feiRej46t4mRxAERSB3J+XAookCyrouPslZ1eV+yb5Yf4riDwXWz+dJC
|
||||
RKLGA0jFCRf8dxPPOqeyczkQB7k7oCjo2oIHhxeGk5W/+l0qOWiMbtWO/ZvObCgT
|
||||
ijPwarQXBz/RfaWl/KDjJnNJCrrXhG+kU+zv5xc7yrad0ohCFtzAUN5e0sWIuSjw
|
||||
A9dehs28WX7i1tWj7c+X3trgzcgNlvoGxbxtedBlq2717qmI3Y77LHZIcxC3WosF
|
||||
rJLfzqfImOLEEKFK95u4wLlZlJ2olVlJ4ckp1p4Z97Soqp6SBLplEUi7+C7sCKSz
|
||||
Ny4u0tZKzvzeFRh4NJe5luPBmPkPZ33qTRK68n/0nmGB5GHf7lXWF7NLwBuvMJ9/
|
||||
p5OBZhQtCH6DXddXXCHyQ0nfUJpYLfizy9VakQyQR1njXniCk2zbgn4iclxHjtlJ
|
||||
Kmme2PFwN9BpggVCEgLX8ni5iOr+kprVILTbiuhU62EmBd0xWbLhk5pDgsBV/9SM
|
||||
0Lq99sSaWHMUO5aqAf4tyX/3tZMupxl/YKsB57EqGqJOhabZe5J6zuPeUKyPZdVt
|
||||
nV4r0YbeByJWGAVSV4XKziWAaS83dNzKPkLZBffEWncm0+xSLgJSYQDEBqj6TSNC
|
||||
g3Ywbz1OeqYX/l4GpYehN9r7vIcCAwEAAaOCAWUwggFhMAkGA1UdEwQCMAAwLQYJ
|
||||
YIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV
|
||||
HQ4EFgQULsSnl6CMeLmzJQ6wxK6kQGqCpz8wgdEGA1UdIwSByTCBxoAU6meVlB1G
|
||||
jkS/l6QJvUA9ANnT7kChgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC
|
||||
ZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQL
|
||||
ExBOZXR3b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tQUsxDzANBgNVBCkTBlZQ
|
||||
TiBBSzEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDrAlOHTA1zXzAT
|
||||
BgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEAYDVR0RBAkwB4IFY2hy
|
||||
aXMwDQYJKoZIhvcNAQELBQADggIBAGfnOVfi7lZodG1UTw0dwcMhOkzv4zFArpvn
|
||||
rxwj6lji+pf+4wG4MroLCxlJA5LTht/lV9fVUQAoURH9I+ihUUcoBilKF8WTOrhf
|
||||
kVipTa+QfcoV4AM+oC4bibrLkY/tUHp7p45USFQ2kh2BaweL+nPhFjA8rSqStxUD
|
||||
eIEnmTa+982RZCWQJyt2cHf/pMjIeS2NORxsVsV7XLIK5nfiFC4hbsVhCDeeieji
|
||||
wgaczpO2K4Lp2+7ZHB7OG0ChybGndrqWgCo2QOLwPWjLzI6zD2IUlQzHNM/guJTS
|
||||
eTKgugfZpxC+hPtK3dBAB1+Pu1JwT0a+c88OKREqUrPjV7BybqNHYh9T1ceKMlQT
|
||||
C2iO1o//LUNsC6w41oFvpFdpPCco2mBCAaq5TjGK3kfFXLIcn5SOk7g+hfDWpkVJ
|
||||
OhTXrtLzV8AElbgNgvH1pJDGMi5ysrRcVp77ehalIayO48JImHME2nO5BBQJfVW5
|
||||
U3FilEruSXpzbEteAl2N721g2elpKRCXqf1NndCcyKcmDX/CsumVF3sxJX5D5i/u
|
||||
I8OxfNUOHFxcSfLKHQbm7OtAIYqMWbTgmgj69TU0vRzF6N301f97rFsZFdddCRz+
|
||||
JQfnsH6tSuB4BY0quHzSmk0ZC9UVA/nG/r0vbN4mOx44RG93E3u1CTqzvFT6OFYF
|
||||
rlg1WFOF
|
||||
-----END CERTIFICATE-----
|
||||
</cert>
|
||||
|
||||
# Client Key
|
||||
<key>
|
||||
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
||||
MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI8D+IDkooTeUCAggA
|
||||
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECOeFJGd9/t0cBIIJSBRyHxbI/0Jv
|
||||
mraoNvyjbi4l27LhE8fsI6p7f5YIg2kMATDHyrnt4uPUnv8d1ah+C39TdNpu9Sbt
|
||||
HPEljwfULWlkWQbkCvvESfIufjhdiIphA4krzxTdofs/afR24v6HehYa2F9rnWoH
|
||||
iEb+c0El8YV+AvWU7mp1Mr3l6DYGvnioSGm6a+G1Ww2RouKFKAOSsKE2ozUNGAsr
|
||||
jXROHfpk4MdlsZBySHuMfmatoDyPYEYcnvJ67n378aShBb4OXP15Q4qY3O4nnwe4
|
||||
/QeBSjiuumcJE3Xu+QpiyftnaPH4jgOiCKqUQtXIgTzR0MbosE5epsvZHj0BeCGF
|
||||
VUq52VV6sFnsOphairq186juiFs3HRIfW1xcjk8uQVk88gKf/JswYDeBvXxRfOde
|
||||
gO2LhE9Q1Jej4buqet0xWuVe4r3YAcittfesXrsVjx+9NJPujBm5Iz/wbW72xo0J
|
||||
+OqLQiq9DOcO/K7Gzt6x6TJ1VfG1bbAii52YyOK5acCzJFPp/C385jTv7yF8NGDY
|
||||
E6ROoGzU5jMkLs0WYiJvQimMeX4rPWXxVyCCerSyBFAfSDkY++9yXjjtgWICDYzd
|
||||
GJKOSnp52T1gHEf+IPdxUwPm6MrVcbY+dQqyXXSeKZdGkPuRK5WVz8qtAIAMvoKo
|
||||
jjSI55MLhxSGdJFX0nYOfbzU4LTlnKeTzSby929dyWwDu1/tRVzhWkiyDCBxUVkA
|
||||
MXc6csOSRm9gV4lgILQlc+XLTa+5mOdCz//sP49DdoiPuosclRfJPQp1LIXGoKm6
|
||||
s0Qwvw6hpa5aPUrzDpAtgA6j59YZU1QSE57vYUNVoyDJo/6X/bk0hwh+LE18XC6l
|
||||
KchLtOWf3D8Ca2TLWpIsUWuW7zuySG35A5OQhmzJXe7Fbx02MW1ppvDDRP6t366a
|
||||
qMlIQgQYhN9Bj3lNYdrMragqURfUQhCTWQG5CXfbKXgQHSQsA8F0XnpmtXq9gtaq
|
||||
7foW3ecw6asOfTM2imgTfLGFtkybRfA0ZInUgz2WSikZwrG7wIjeSJ0OIg4ckI9y
|
||||
bKLDMwNJGeyGZcdcsJVBxjaKje0Il9UZJxJGQ+p+BAj82cWrMFbloVNgnHEcOu5v
|
||||
KI88ucMUTOaPS/bPSo2Orj5UQIID/2lqymoqXvFLqX2ftYQT/xkGFdm2cjB/7x3T
|
||||
jsvFZezPjUcWp5t0oJncER0vWM29aTSwWyybyeGX1TWrvul85aRBr3RU4OZ2e/9P
|
||||
/W4g/pDXDuuYxqIWkxwAlcuncmcb0OfR+GBKelIPKsItlyoBS2tRFAaUCjItV4PJ
|
||||
PAopqedq4QT4mypmw+5MKObRqfdpxDoKCHzJhakDmw77miXdON2V1M7xWk+kfD9B
|
||||
H8t1QdJyzB87FQwsXlrMVh1jF+m0PIytM3l4DNqIft8AYEulbinkeB67XAhWGIqo
|
||||
IAmxhYpFfhWxmECDwUQ+nrrz6jW0LJtZKwUITH5C42BBw0I5OmVJhYNlStj8VayR
|
||||
ykkAeoiC361DKvlqHabh6KRZT/yhNtQ2TH13UGgOBDeXUQMGaKhYmdUiEjnuek4P
|
||||
lbu4cG1BtjIHtpD1LRON29rvRGw44FEEeuxmd+KyJfLdJWJQ/zjXg3owM/cZzAum
|
||||
t1qbMwxEE/EZJdRhD5cyVoWiAiFmgRfjPpv3CUCPP88QvdueRURe+i53TbqFGVqR
|
||||
dRs5hC6gjJ/nTnmF5ZjsbYqy+IKWCiGNjZA8P3pKzgXY4J45y6rRD8HNVZqWzIen
|
||||
rD2OOpvchPVCJPJUk5L7AreaMZENAyciKuLtBOp+D2INo+exE+IVaBtM5NeNnKXn
|
||||
7veiczJguLkUXMQXyxYLv7J49RbAA2WQNRcbLGuJklFVkyWYdtB+nGejMdiHjkri
|
||||
bVJcGazlJmFXhBhwEHROEJW3SOLcPwsfxjDE7LmzF80uCZbG6HFDVjPkyGZGz6y5
|
||||
g9+Kh4dQuboCT+3nhGYTUxcRe6FzHWBplq/tBPmyJNeTCvNBpOD8xVlNOi/2PUTx
|
||||
FsaIE3XGnJH9E5GpLoYA9K6oHW0w1rb7U5P0Z9arTKhPyeQYlUJwNjrLUAw++pgl
|
||||
QfY3MR8VMLAzZ/jbp0k30JE2SPAE8Bnoe3U0oQOwhGJCS36hQnMsWtW+CF+OIeV1
|
||||
Uwz+OysJKWQbB1QLUDYN36D5XRIwwcDyt3+RIl34hSai8PWC/IA52SytS8d0z+bc
|
||||
L4bavw/5JNVgGTmrMYYvFa2vY2f5VHoLnfdB7hnZJzHfbkpziuD4qB9Q/bxmywDF
|
||||
lYnZq19t2LHtE+z8Arv+NEhJULUz86O7bZq2PjWe46FhNwzVxZdtsJWH/KSg137S
|
||||
DcdAc7a4yNk3602EFBUTIKWeEuEr6SsPG9IjBq6gZbCiPbSRj8EhH8pk2d40/64B
|
||||
1ZMS/7Qd1qES1G/ggC7Xby0ggRGR9D8Uu9Ismd6EOZ1pnNP8bfeajnCyNo17MAsH
|
||||
I/2W2ZF847wjoC8kmPHxWiN3pbGaHeZb4bwNw5PxuQboGxY4nR8yf7qxOgv4ST7T
|
||||
08V+nDawKDL43vSz9cWK6Q0Cdhpsc6H72rv3eMXcQ9+6oOrsG/VsqNtUxXX0dAUB
|
||||
nqlgPLfmyneVJwBfRboDEicxEvsJtxLDNe5PKyYk1ilCmD1vi8hWu9JPp4LBmLgm
|
||||
wr9HEL0qNz8E8QLQkBPxmdOXH4bx9bagN2/TMd7As9h2klZ1gru+Vq9VZ7/gE+gh
|
||||
kbG5VlmhGQycNP2b0JZauA9fsNwAFEqsHczGw7fKdtAscm4b09DJe3o8gpdVqIFe
|
||||
qi+zdZl9NhUyvcNU67hfoTxe7hmy2Ht7hkrNnlUfCPPLIip6a75TiEOUsZMpEHBV
|
||||
h2NNoWmnOBiFT8ptA9vSAuJZifrsjK3DPDuLIN6Le/XAMLOMA2mYdxA/fB6A67Vc
|
||||
9Sr/DgK6DCTZ1Z3PaND6W+tY6LM73LfolSPOGYGcL10F0exEcIkWDEF9z3lqfUrg
|
||||
mPnbi3GzA/zFz0HE8+4wcb9zUzmfunaZGSemPXVtDkco/UgsTOfduyV7C2FDYhTQ
|
||||
yXlrj+lZYazKF2wu7kDvho4kmudkKTmfsv6/1k2+GybWisNIQmxCe8KsjZVB+f9E
|
||||
dQq6AzY/4SWMmC2h0E9ou5x4qWiVZPyX6l5dN9kmkwleGZQf/kTJaL5SKcR8RFy7
|
||||
v0RsRna9sOxc6YrsiqAeGg==
|
||||
-----END ENCRYPTED PRIVATE KEY-----
|
||||
</key>
|
||||
|
||||
# Verify server certificate by checking
|
||||
# that the certicate has the nsCertType
|
||||
# field set to "server". This is an
|
||||
# important precaution to protect against
|
||||
# a potential attack discussed here:
|
||||
# http://openvpn.net/howto.html#mitm
|
||||
#
|
||||
# To use this feature, you will need to generate
|
||||
# your server certificates with the nsCertType
|
||||
# field set to "server". The build-key-serve
|
||||
ns-cert-type server
|
||||
|
||||
# If a tls-auth key is used on the server
|
||||
# then every client must also have the key.
|
||||
#
|
||||
# Don't forget to set the 'key-direction' Parameter if using
|
||||
# Inline Key. Usualy , sever has key direction '0', while client
|
||||
# has ke direction '1'.
|
||||
#
|
||||
key-direction 1
|
||||
<tls-auth>
|
||||
-----BEGIN OpenVPN Static key V1-----
|
||||
6ba2290fe261ac9beea46806d40e5667
|
||||
f5f0149c4b65bbad8c2c5ee859b29c49
|
||||
ea7edf2232bd81b43f1e9409d4c39d92
|
||||
de7d1d585330fdf6a617531896bff6af
|
||||
7cb96947de1e4153efc626fa93641f60
|
||||
7f3ce648d309155f2724318b119e6212
|
||||
d8f736d8997ee84ed55050d526c2849e
|
||||
685c531da93df302ee6ec2cf6c32c2c7
|
||||
0a08aee8d9efc3ef0a2a3611b92dcc88
|
||||
13aba6c2a566f297bbb63470b4cc098a
|
||||
e8631344b68825a1299101e3d0995274
|
||||
f0b404ed4a34579ceb3235a7f7597158
|
||||
ed052b0d74f3fca57344151330858dd4
|
||||
741deb038c30416db61b6ebd984957f2
|
||||
f5483a7dc8ac95c5d5a0ca9fa8f26901
|
||||
f85d64bac4b39ed010e52c07f0d30b68
|
||||
-----END OpenVPN Static key V1-----
|
||||
</tls-auth>
|
||||
|
||||
# Select a cryptographic cipher.
|
||||
# If the cipher option is used on the server
|
||||
# then you must also specify it here.
|
||||
|
||||
# Enable compression on the VPN link.
|
||||
# Don't enable this unless it is also
|
||||
# enabled in the server config file.
|
||||
comp-lzo
|
||||
|
||||
# Verbosity level.
|
||||
# 0 -- quiet except for fatal errors.
|
||||
# 1 -- mostly quiet, but display non-fatal network errors.
|
||||
# 3 -- medium output, good for normal operation.
|
||||
# 9 -- verbose, good for troubleshooting
|
||||
verb 1
|
||||
|
||||
# Setting 'pull' on the client takes care to get the 'push' durectives
|
||||
# from the server
|
||||
pull
|
||||
18
AK/openvpn/ak/crl.pem
Normal file
18
AK/openvpn/ak/crl.pem
Normal file
@ -0,0 +1,18 @@
|
||||
-----BEGIN X509 CRL-----
|
||||
MIIC5TCBzjANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUxDzANBgNVBAgT
|
||||
BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNV
|
||||
BAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1BSzEPMA0GA1UEKRMG
|
||||
VlBOIEFLMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZRcNMTgwMjA2MTIz
|
||||
NzIzWhgPMjA1MDAyMDYxMjM3MjNaMA0GCSqGSIb3DQEBCwUAA4ICAQAdBAzogWGb
|
||||
pzQi6FLfTzN/5T8lyZ2ogSE80/Z0kOinhuMwSso5Bp6urQIjp94sc6476FxAOYWF
|
||||
I081NS+a87QNNI77Z8moFZ/5cqeUPhfCHD5XnGCGd9LxAkqsxG2MwQS9ageErWYp
|
||||
9swB9OHd/d7W5f1qSpCZuCtoFVsJS3Bjuvd2qkW2V8uzsmyXHg+Jk0NhcE04K9n9
|
||||
Ri8ZILOG84UHex1P2rpaK7G5HntAxUqe/6mkh6a1bliMNr37D9ufgj2nwuooL59S
|
||||
AxFMXK3dH2H2mrBc4i+oo/6b9P3VvRjsZGb34Mzcp8fefV/aogh2ZawC/fKGIwgT
|
||||
DZi41VPtNZm1akQtR9ILHaXLbFIkA0jFRzFSJUdVIaXLfyHC8AtpZhg0jHrVZYXz
|
||||
gsgaAA405mCwKJguRdwE8wQRgQ7om8qa4mSA99HeQq2655eSS77laLMrxG9LtmwJ
|
||||
7QTtWT/lIuK9svVL/2ucAq3UDDFRdn1eaX2mS9bKZ88N4SPmnDi2muvNGfQHXNZD
|
||||
kkvgmOkkz2SgDOJ5oTBcUJx1h74LXMi6TBs/hWEKIqQcfq1vNes1/qu9PWYP7sB6
|
||||
THyq6coO+WU7YXYidzBwyerYEg4nHZ0bxWyJziCvHZPTeX3m8r2sHoxG6/s+jKiU
|
||||
0uxTXsuGKNLhDbJFxQX16xw8rYQXt2wRxg==
|
||||
-----END X509 CRL-----
|
||||
1
AK/openvpn/ak/easy-rsa/build-ca
Symbolic link
1
AK/openvpn/ak/easy-rsa/build-ca
Symbolic link
@ -0,0 +1 @@
|
||||
/usr/share/easy-rsa/build-ca
|
||||
1
AK/openvpn/ak/easy-rsa/build-dh
Symbolic link
1
AK/openvpn/ak/easy-rsa/build-dh
Symbolic link
@ -0,0 +1 @@
|
||||
/usr/share/easy-rsa/build-dh
|
||||
1
AK/openvpn/ak/easy-rsa/build-inter
Symbolic link
1
AK/openvpn/ak/easy-rsa/build-inter
Symbolic link
@ -0,0 +1 @@
|
||||
/usr/share/easy-rsa/build-inter
|
||||
1
AK/openvpn/ak/easy-rsa/build-key
Symbolic link
1
AK/openvpn/ak/easy-rsa/build-key
Symbolic link
@ -0,0 +1 @@
|
||||
/usr/share/easy-rsa/build-key
|
||||
1
AK/openvpn/ak/easy-rsa/build-key-pass
Symbolic link
1
AK/openvpn/ak/easy-rsa/build-key-pass
Symbolic link
@ -0,0 +1 @@
|
||||
/usr/share/easy-rsa/build-key-pass
|
||||
1
AK/openvpn/ak/easy-rsa/build-key-pkcs12
Symbolic link
1
AK/openvpn/ak/easy-rsa/build-key-pkcs12
Symbolic link
@ -0,0 +1 @@
|
||||
/usr/share/easy-rsa/build-key-pkcs12
|
||||
1
AK/openvpn/ak/easy-rsa/build-key-server
Symbolic link
1
AK/openvpn/ak/easy-rsa/build-key-server
Symbolic link
@ -0,0 +1 @@
|
||||
/usr/share/easy-rsa/build-key-server
|
||||
1
AK/openvpn/ak/easy-rsa/build-req
Symbolic link
1
AK/openvpn/ak/easy-rsa/build-req
Symbolic link
@ -0,0 +1 @@
|
||||
/usr/share/easy-rsa/build-req
|
||||
1
AK/openvpn/ak/easy-rsa/build-req-pass
Symbolic link
1
AK/openvpn/ak/easy-rsa/build-req-pass
Symbolic link
@ -0,0 +1 @@
|
||||
/usr/share/easy-rsa/build-req-pass
|
||||
1
AK/openvpn/ak/easy-rsa/clean-all
Symbolic link
1
AK/openvpn/ak/easy-rsa/clean-all
Symbolic link
@ -0,0 +1 @@
|
||||
/usr/share/easy-rsa/clean-all
|
||||
1
AK/openvpn/ak/easy-rsa/inherit-inter
Symbolic link
1
AK/openvpn/ak/easy-rsa/inherit-inter
Symbolic link
@ -0,0 +1 @@
|
||||
/usr/share/easy-rsa/inherit-inter
|
||||
1
AK/openvpn/ak/easy-rsa/list-crl
Symbolic link
1
AK/openvpn/ak/easy-rsa/list-crl
Symbolic link
@ -0,0 +1 @@
|
||||
/usr/share/easy-rsa/list-crl
|
||||
268
AK/openvpn/ak/easy-rsa/openssl-0.9.6.cnf
Normal file
268
AK/openvpn/ak/easy-rsa/openssl-0.9.6.cnf
Normal file
@ -0,0 +1,268 @@
|
||||
# For use with easy-rsa version 2.0
|
||||
|
||||
#
|
||||
# OpenSSL example configuration file.
|
||||
# This is mostly being used for generation of certificate requests.
|
||||
#
|
||||
|
||||
# This definition stops the following lines choking if HOME isn't
|
||||
# defined.
|
||||
HOME = .
|
||||
RANDFILE = $ENV::HOME/.rnd
|
||||
|
||||
# Extra OBJECT IDENTIFIER info:
|
||||
#oid_file = $ENV::HOME/.oid
|
||||
oid_section = new_oids
|
||||
|
||||
# To use this configuration file with the "-extfile" option of the
|
||||
# "openssl x509" utility, name here the section containing the
|
||||
# X.509v3 extensions to use:
|
||||
# extensions =
|
||||
# (Alternatively, use a configuration file that has only
|
||||
# X.509v3 extensions in its main [= default] section.)
|
||||
|
||||
[ new_oids ]
|
||||
|
||||
# We can add new OIDs in here for use by 'ca' and 'req'.
|
||||
# Add a simple OID like this:
|
||||
# testoid1=1.2.3.4
|
||||
# Or use config file substitution like this:
|
||||
# testoid2=${testoid1}.5.6
|
||||
|
||||
####################################################################
|
||||
[ ca ]
|
||||
default_ca = CA_default # The default ca section
|
||||
|
||||
####################################################################
|
||||
[ CA_default ]
|
||||
|
||||
dir = $ENV::KEY_DIR # Where everything is kept
|
||||
certs = $dir # Where the issued certs are kept
|
||||
crl_dir = $dir # Where the issued crl are kept
|
||||
database = $dir/index.txt # database index file.
|
||||
new_certs_dir = $dir # default place for new certs.
|
||||
|
||||
certificate = $dir/ca.crt # The CA certificate
|
||||
serial = $dir/serial # The current serial number
|
||||
crl = $dir/crl.pem # The current CRL
|
||||
private_key = $dir/ca.key # The private key
|
||||
RANDFILE = $dir/.rand # private random number file
|
||||
|
||||
x509_extensions = usr_cert # The extentions to add to the cert
|
||||
|
||||
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
|
||||
# so this is commented out by default to leave a V1 CRL.
|
||||
# crl_extensions = crl_ext
|
||||
|
||||
default_days = 3650 # how long to certify for
|
||||
default_crl_days= 30 # how long before next CRL
|
||||
default_md = sha256 # which md to use.
|
||||
preserve = no # keep passed DN ordering
|
||||
|
||||
# A few difference way of specifying how similar the request should look
|
||||
# For type CA, the listed attributes must be the same, and the optional
|
||||
# and supplied fields are just that :-)
|
||||
policy = policy_anything
|
||||
|
||||
# For the CA policy
|
||||
[ policy_match ]
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
# For the 'anything' policy
|
||||
# At this point in time, you must list all acceptable 'object'
|
||||
# types.
|
||||
[ policy_anything ]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
####################################################################
|
||||
[ req ]
|
||||
default_bits = $ENV::KEY_SIZE
|
||||
default_keyfile = privkey.pem
|
||||
default_md = sha256
|
||||
distinguished_name = req_distinguished_name
|
||||
attributes = req_attributes
|
||||
x509_extensions = v3_ca # The extentions to add to the self signed cert
|
||||
|
||||
# Passwords for private keys if not present they will be prompted for
|
||||
# input_password = secret
|
||||
# output_password = secret
|
||||
|
||||
# This sets a mask for permitted string types. There are several options.
|
||||
# default: PrintableString, T61String, BMPString.
|
||||
# pkix : PrintableString, BMPString.
|
||||
# utf8only: only UTF8Strings.
|
||||
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
|
||||
# MASK:XXXX a literal mask value.
|
||||
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
|
||||
# so use this option with caution!
|
||||
string_mask = nombstr
|
||||
|
||||
# req_extensions = v3_req # The extensions to add to a certificate request
|
||||
|
||||
[ req_distinguished_name ]
|
||||
countryName = Country Name (2 letter code)
|
||||
countryName_default = $ENV::KEY_COUNTRY
|
||||
countryName_min = 2
|
||||
countryName_max = 2
|
||||
|
||||
stateOrProvinceName = State or Province Name (full name)
|
||||
stateOrProvinceName_default = $ENV::KEY_PROVINCE
|
||||
|
||||
localityName = Locality Name (eg, city)
|
||||
localityName_default = $ENV::KEY_CITY
|
||||
|
||||
0.organizationName = Organization Name (eg, company)
|
||||
0.organizationName_default = $ENV::KEY_ORG
|
||||
|
||||
# we can do this but it is not needed normally :-)
|
||||
#1.organizationName = Second Organization Name (eg, company)
|
||||
#1.organizationName_default = World Wide Web Pty Ltd
|
||||
|
||||
organizationalUnitName = Organizational Unit Name (eg, section)
|
||||
#organizationalUnitName_default =
|
||||
|
||||
commonName = Common Name (eg, your name or your server\'s hostname)
|
||||
commonName_max = 64
|
||||
|
||||
emailAddress = Email Address
|
||||
emailAddress_default = $ENV::KEY_EMAIL
|
||||
emailAddress_max = 40
|
||||
|
||||
# JY -- added for batch mode
|
||||
organizationalUnitName_default = $ENV::KEY_OU
|
||||
commonName_default = $ENV::KEY_CN
|
||||
|
||||
# SET-ex3 = SET extension number 3
|
||||
|
||||
[ req_attributes ]
|
||||
challengePassword = A challenge password
|
||||
challengePassword_min = 4
|
||||
challengePassword_max = 20
|
||||
|
||||
unstructuredName = An optional company name
|
||||
|
||||
[ usr_cert ]
|
||||
|
||||
# These extensions are added when 'ca' signs a request.
|
||||
|
||||
# This goes against PKIX guidelines but some CAs do it and some software
|
||||
# requires this to avoid interpreting an end user certificate as a CA.
|
||||
|
||||
basicConstraints=CA:FALSE
|
||||
|
||||
# Here are some examples of the usage of nsCertType. If it is omitted
|
||||
# the certificate can be used for anything *except* object signing.
|
||||
|
||||
# This is OK for an SSL server.
|
||||
# nsCertType = server
|
||||
|
||||
# For an object signing certificate this would be used.
|
||||
# nsCertType = objsign
|
||||
|
||||
# For normal client use this is typical
|
||||
# nsCertType = client, email
|
||||
|
||||
# and for everything including object signing:
|
||||
# nsCertType = client, email, objsign
|
||||
|
||||
# This is typical in keyUsage for a client certificate.
|
||||
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
||||
|
||||
# This will be displayed in Netscape's comment listbox.
|
||||
nsComment = "Easy-RSA Generated Certificate"
|
||||
|
||||
# PKIX recommendations harmless if included in all certificates.
|
||||
subjectKeyIdentifier=hash
|
||||
authorityKeyIdentifier=keyid,issuer:always
|
||||
extendedKeyUsage=clientAuth
|
||||
keyUsage = digitalSignature
|
||||
|
||||
# This stuff is for subjectAltName and issuerAltname.
|
||||
# Import the email address.
|
||||
# subjectAltName=email:copy
|
||||
subjectAltName=$ENV::KEY_ALTNAMES
|
||||
|
||||
# Copy subject details
|
||||
# issuerAltName=issuer:copy
|
||||
|
||||
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
|
||||
#nsBaseUrl
|
||||
#nsRevocationUrl
|
||||
#nsRenewalUrl
|
||||
#nsCaPolicyUrl
|
||||
#nsSslServerName
|
||||
|
||||
[ server ]
|
||||
|
||||
# JY ADDED -- Make a cert with nsCertType set to "server"
|
||||
basicConstraints=CA:FALSE
|
||||
nsCertType = server
|
||||
nsComment = "Easy-RSA Generated Server Certificate"
|
||||
subjectKeyIdentifier=hash
|
||||
authorityKeyIdentifier=keyid,issuer:always
|
||||
extendedKeyUsage=serverAuth
|
||||
keyUsage = digitalSignature, keyEncipherment
|
||||
subjectAltName=$ENV::KEY_ALTNAMES
|
||||
|
||||
[ v3_req ]
|
||||
|
||||
# Extensions to add to a certificate request
|
||||
|
||||
basicConstraints = CA:FALSE
|
||||
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
||||
|
||||
[ v3_ca ]
|
||||
|
||||
|
||||
# Extensions for a typical CA
|
||||
|
||||
|
||||
# PKIX recommendation.
|
||||
|
||||
subjectKeyIdentifier=hash
|
||||
|
||||
authorityKeyIdentifier=keyid:always,issuer:always
|
||||
|
||||
# This is what PKIX recommends but some broken software chokes on critical
|
||||
# extensions.
|
||||
#basicConstraints = critical,CA:true
|
||||
# So we do this instead.
|
||||
basicConstraints = CA:true
|
||||
|
||||
# Key usage: this is typical for a CA certificate. However since it will
|
||||
# prevent it being used as an test self-signed certificate it is best
|
||||
# left out by default.
|
||||
# keyUsage = cRLSign, keyCertSign
|
||||
|
||||
# Some might want this also
|
||||
# nsCertType = sslCA, emailCA
|
||||
|
||||
# Include email address in subject alt name: another PKIX recommendation
|
||||
# subjectAltName=email:copy
|
||||
# Copy issuer details
|
||||
# issuerAltName=issuer:copy
|
||||
|
||||
# DER hex encoding of an extension: beware experts only!
|
||||
# obj=DER:02:03
|
||||
# Where 'obj' is a standard or added object
|
||||
# You can even override a supported extension:
|
||||
# basicConstraints= critical, DER:30:03:01:01:FF
|
||||
|
||||
[ crl_ext ]
|
||||
|
||||
# CRL extensions.
|
||||
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
|
||||
|
||||
# issuerAltName=issuer:copy
|
||||
authorityKeyIdentifier=keyid:always,issuer:always
|
||||
293
AK/openvpn/ak/easy-rsa/openssl-0.9.8.cnf
Normal file
293
AK/openvpn/ak/easy-rsa/openssl-0.9.8.cnf
Normal file
@ -0,0 +1,293 @@
|
||||
# For use with easy-rsa version 2.0
|
||||
|
||||
#
|
||||
# OpenSSL example configuration file.
|
||||
# This is mostly being used for generation of certificate requests.
|
||||
#
|
||||
|
||||
# This definition stops the following lines choking if HOME isn't
|
||||
# defined.
|
||||
HOME = .
|
||||
RANDFILE = $ENV::HOME/.rnd
|
||||
openssl_conf = openssl_init
|
||||
|
||||
[ openssl_init ]
|
||||
# Extra OBJECT IDENTIFIER info:
|
||||
#oid_file = $ENV::HOME/.oid
|
||||
oid_section = new_oids
|
||||
engines = engine_section
|
||||
|
||||
# To use this configuration file with the "-extfile" option of the
|
||||
# "openssl x509" utility, name here the section containing the
|
||||
# X.509v3 extensions to use:
|
||||
# extensions =
|
||||
# (Alternatively, use a configuration file that has only
|
||||
# X.509v3 extensions in its main [= default] section.)
|
||||
|
||||
[ new_oids ]
|
||||
|
||||
# We can add new OIDs in here for use by 'ca' and 'req'.
|
||||
# Add a simple OID like this:
|
||||
# testoid1=1.2.3.4
|
||||
# Or use config file substitution like this:
|
||||
# testoid2=${testoid1}.5.6
|
||||
|
||||
####################################################################
|
||||
[ ca ]
|
||||
default_ca = CA_default # The default ca section
|
||||
|
||||
####################################################################
|
||||
[ CA_default ]
|
||||
|
||||
dir = $ENV::KEY_DIR # Where everything is kept
|
||||
certs = $dir # Where the issued certs are kept
|
||||
crl_dir = $dir # Where the issued crl are kept
|
||||
database = $dir/index.txt # database index file.
|
||||
new_certs_dir = $dir # default place for new certs.
|
||||
|
||||
certificate = $dir/ca.crt # The CA certificate
|
||||
serial = $dir/serial # The current serial number
|
||||
crl = $dir/crl.pem # The current CRL
|
||||
private_key = $dir/ca.key # The private key
|
||||
RANDFILE = $dir/.rand # private random number file
|
||||
|
||||
x509_extensions = usr_cert # The extentions to add to the cert
|
||||
|
||||
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
|
||||
# so this is commented out by default to leave a V1 CRL.
|
||||
# crl_extensions = crl_ext
|
||||
|
||||
default_days = 3650 # how long to certify for
|
||||
default_crl_days= 30 # how long before next CRL
|
||||
default_md = sha256 # which md to use.
|
||||
preserve = no # keep passed DN ordering
|
||||
|
||||
# A few difference way of specifying how similar the request should look
|
||||
# For type CA, the listed attributes must be the same, and the optional
|
||||
# and supplied fields are just that :-)
|
||||
policy = policy_anything
|
||||
|
||||
# For the CA policy
|
||||
[ policy_match ]
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
name = optional
|
||||
emailAddress = optional
|
||||
|
||||
# For the 'anything' policy
|
||||
# At this point in time, you must list all acceptable 'object'
|
||||
# types.
|
||||
[ policy_anything ]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
name = optional
|
||||
emailAddress = optional
|
||||
|
||||
####################################################################
|
||||
[ req ]
|
||||
default_bits = $ENV::KEY_SIZE
|
||||
default_keyfile = privkey.pem
|
||||
default_md = sha256
|
||||
distinguished_name = req_distinguished_name
|
||||
attributes = req_attributes
|
||||
x509_extensions = v3_ca # The extentions to add to the self signed cert
|
||||
|
||||
# Passwords for private keys if not present they will be prompted for
|
||||
# input_password = secret
|
||||
# output_password = secret
|
||||
|
||||
# This sets a mask for permitted string types. There are several options.
|
||||
# default: PrintableString, T61String, BMPString.
|
||||
# pkix : PrintableString, BMPString.
|
||||
# utf8only: only UTF8Strings.
|
||||
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
|
||||
# MASK:XXXX a literal mask value.
|
||||
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
|
||||
# so use this option with caution!
|
||||
string_mask = nombstr
|
||||
|
||||
# req_extensions = v3_req # The extensions to add to a certificate request
|
||||
|
||||
[ req_distinguished_name ]
|
||||
countryName = Country Name (2 letter code)
|
||||
countryName_default = $ENV::KEY_COUNTRY
|
||||
countryName_min = 2
|
||||
countryName_max = 2
|
||||
|
||||
stateOrProvinceName = State or Province Name (full name)
|
||||
stateOrProvinceName_default = $ENV::KEY_PROVINCE
|
||||
|
||||
localityName = Locality Name (eg, city)
|
||||
localityName_default = $ENV::KEY_CITY
|
||||
|
||||
0.organizationName = Organization Name (eg, company)
|
||||
0.organizationName_default = $ENV::KEY_ORG
|
||||
|
||||
# we can do this but it is not needed normally :-)
|
||||
#1.organizationName = Second Organization Name (eg, company)
|
||||
#1.organizationName_default = World Wide Web Pty Ltd
|
||||
|
||||
organizationalUnitName = Organizational Unit Name (eg, section)
|
||||
#organizationalUnitName_default =
|
||||
|
||||
commonName = Common Name (eg, your name or your server\'s hostname)
|
||||
commonName_max = 64
|
||||
|
||||
name = Name
|
||||
name_max = 64
|
||||
|
||||
emailAddress = Email Address
|
||||
emailAddress_default = $ENV::KEY_EMAIL
|
||||
emailAddress_max = 40
|
||||
|
||||
# JY -- added for batch mode
|
||||
organizationalUnitName_default = $ENV::KEY_OU
|
||||
commonName_default = $ENV::KEY_CN
|
||||
name_default = $ENV::KEY_NAME
|
||||
|
||||
# SET-ex3 = SET extension number 3
|
||||
|
||||
[ req_attributes ]
|
||||
challengePassword = A challenge password
|
||||
challengePassword_min = 4
|
||||
challengePassword_max = 20
|
||||
|
||||
unstructuredName = An optional company name
|
||||
|
||||
[ usr_cert ]
|
||||
|
||||
# These extensions are added when 'ca' signs a request.
|
||||
|
||||
# This goes against PKIX guidelines but some CAs do it and some software
|
||||
# requires this to avoid interpreting an end user certificate as a CA.
|
||||
|
||||
basicConstraints=CA:FALSE
|
||||
|
||||
# Here are some examples of the usage of nsCertType. If it is omitted
|
||||
# the certificate can be used for anything *except* object signing.
|
||||
|
||||
# This is OK for an SSL server.
|
||||
# nsCertType = server
|
||||
|
||||
# For an object signing certificate this would be used.
|
||||
# nsCertType = objsign
|
||||
|
||||
# For normal client use this is typical
|
||||
# nsCertType = client, email
|
||||
|
||||
# and for everything including object signing:
|
||||
# nsCertType = client, email, objsign
|
||||
|
||||
# This is typical in keyUsage for a client certificate.
|
||||
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
||||
|
||||
# This will be displayed in Netscape's comment listbox.
|
||||
nsComment = "Easy-RSA Generated Certificate"
|
||||
|
||||
# PKIX recommendations harmless if included in all certificates.
|
||||
subjectKeyIdentifier=hash
|
||||
authorityKeyIdentifier=keyid,issuer:always
|
||||
extendedKeyUsage=clientAuth
|
||||
keyUsage = digitalSignature
|
||||
|
||||
# This stuff is for subjectAltName and issuerAltname.
|
||||
# Import the email address.
|
||||
# subjectAltName=email:copy
|
||||
subjectAltName=$ENV::KEY_ALTNAMES
|
||||
|
||||
# Copy subject details
|
||||
# issuerAltName=issuer:copy
|
||||
|
||||
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
|
||||
#nsBaseUrl
|
||||
#nsRevocationUrl
|
||||
#nsRenewalUrl
|
||||
#nsCaPolicyUrl
|
||||
#nsSslServerName
|
||||
|
||||
[ server ]
|
||||
|
||||
# JY ADDED -- Make a cert with nsCertType set to "server"
|
||||
basicConstraints=CA:FALSE
|
||||
nsCertType = server
|
||||
nsComment = "Easy-RSA Generated Server Certificate"
|
||||
subjectKeyIdentifier=hash
|
||||
authorityKeyIdentifier=keyid,issuer:always
|
||||
extendedKeyUsage=serverAuth
|
||||
keyUsage = digitalSignature, keyEncipherment
|
||||
subjectAltName=$ENV::KEY_ALTNAMES
|
||||
|
||||
[ v3_req ]
|
||||
|
||||
# Extensions to add to a certificate request
|
||||
|
||||
basicConstraints = CA:FALSE
|
||||
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
||||
|
||||
[ v3_ca ]
|
||||
|
||||
|
||||
# Extensions for a typical CA
|
||||
|
||||
|
||||
# PKIX recommendation.
|
||||
|
||||
subjectKeyIdentifier=hash
|
||||
|
||||
authorityKeyIdentifier=keyid:always,issuer:always
|
||||
|
||||
# This is what PKIX recommends but some broken software chokes on critical
|
||||
# extensions.
|
||||
#basicConstraints = critical,CA:true
|
||||
# So we do this instead.
|
||||
basicConstraints = CA:true
|
||||
|
||||
# Key usage: this is typical for a CA certificate. However since it will
|
||||
# prevent it being used as an test self-signed certificate it is best
|
||||
# left out by default.
|
||||
# keyUsage = cRLSign, keyCertSign
|
||||
|
||||
# Some might want this also
|
||||
# nsCertType = sslCA, emailCA
|
||||
|
||||
# Include email address in subject alt name: another PKIX recommendation
|
||||
# subjectAltName=email:copy
|
||||
# Copy issuer details
|
||||
# issuerAltName=issuer:copy
|
||||
|
||||
# DER hex encoding of an extension: beware experts only!
|
||||
# obj=DER:02:03
|
||||
# Where 'obj' is a standard or added object
|
||||
# You can even override a supported extension:
|
||||
# basicConstraints= critical, DER:30:03:01:01:FF
|
||||
|
||||
[ crl_ext ]
|
||||
|
||||
# CRL extensions.
|
||||
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
|
||||
|
||||
# issuerAltName=issuer:copy
|
||||
authorityKeyIdentifier=keyid:always,issuer:always
|
||||
|
||||
[ engine_section ]
|
||||
#
|
||||
# If you are using PKCS#11
|
||||
# Install engine_pkcs11 of opensc (www.opensc.org)
|
||||
# And uncomment the following
|
||||
# verify that dynamic_path points to the correct location
|
||||
#
|
||||
#pkcs11 = pkcs11_section
|
||||
|
||||
[ pkcs11_section ]
|
||||
engine_id = pkcs11
|
||||
dynamic_path = /usr/lib/engines/engine_pkcs11.so
|
||||
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
|
||||
PIN = $ENV::PKCS11_PIN
|
||||
init = 0
|
||||
290
AK/openvpn/ak/easy-rsa/openssl-1.0.0.cnf
Normal file
290
AK/openvpn/ak/easy-rsa/openssl-1.0.0.cnf
Normal file
@ -0,0 +1,290 @@
|
||||
# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
|
||||
|
||||
# This definition stops the following lines choking if HOME isn't
|
||||
# defined.
|
||||
HOME = .
|
||||
RANDFILE = $ENV::HOME/.rnd
|
||||
openssl_conf = openssl_init
|
||||
|
||||
[ openssl_init ]
|
||||
# Extra OBJECT IDENTIFIER info:
|
||||
#oid_file = $ENV::HOME/.oid
|
||||
oid_section = new_oids
|
||||
engines = engine_section
|
||||
|
||||
# To use this configuration file with the "-extfile" option of the
|
||||
# "openssl x509" utility, name here the section containing the
|
||||
# X.509v3 extensions to use:
|
||||
# extensions =
|
||||
# (Alternatively, use a configuration file that has only
|
||||
# X.509v3 extensions in its main [= default] section.)
|
||||
|
||||
[ new_oids ]
|
||||
|
||||
# We can add new OIDs in here for use by 'ca' and 'req'.
|
||||
# Add a simple OID like this:
|
||||
# testoid1=1.2.3.4
|
||||
# Or use config file substitution like this:
|
||||
# testoid2=${testoid1}.5.6
|
||||
|
||||
####################################################################
|
||||
[ ca ]
|
||||
default_ca = CA_default # The default ca section
|
||||
|
||||
####################################################################
|
||||
[ CA_default ]
|
||||
|
||||
dir = $ENV::KEY_DIR # Where everything is kept
|
||||
certs = $dir # Where the issued certs are kept
|
||||
crl_dir = $dir # Where the issued crl are kept
|
||||
database = $dir/index.txt # database index file.
|
||||
new_certs_dir = $dir # default place for new certs.
|
||||
|
||||
certificate = $dir/ca.crt # The CA certificate
|
||||
serial = $dir/serial # The current serial number
|
||||
crl = $dir/crl.pem # The current CRL
|
||||
private_key = $dir/ca.key # The private key
|
||||
RANDFILE = $dir/.rand # private random number file
|
||||
|
||||
x509_extensions = usr_cert # The extentions to add to the cert
|
||||
|
||||
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
|
||||
# so this is commented out by default to leave a V1 CRL.
|
||||
# crl_extensions = crl_ext
|
||||
|
||||
#default_days = 3650 # how long to certify for
|
||||
default_days = 11688
|
||||
#default_crl_days= 30 # how long before next CRL
|
||||
default_crl_days = 11688
|
||||
default_md = sha256 # use public key default MD
|
||||
preserve = no # keep passed DN ordering
|
||||
|
||||
# A few difference way of specifying how similar the request should look
|
||||
# For type CA, the listed attributes must be the same, and the optional
|
||||
# and supplied fields are just that :-)
|
||||
policy = policy_anything
|
||||
|
||||
# For the CA policy
|
||||
[ policy_match ]
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
name = optional
|
||||
emailAddress = optional
|
||||
|
||||
# For the 'anything' policy
|
||||
# At this point in time, you must list all acceptable 'object'
|
||||
# types.
|
||||
[ policy_anything ]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
name = optional
|
||||
emailAddress = optional
|
||||
|
||||
####################################################################
|
||||
[ req ]
|
||||
default_bits = $ENV::KEY_SIZE
|
||||
default_keyfile = privkey.pem
|
||||
default_md = sha256
|
||||
distinguished_name = req_distinguished_name
|
||||
attributes = req_attributes
|
||||
x509_extensions = v3_ca # The extentions to add to the self signed cert
|
||||
|
||||
# Passwords for private keys if not present they will be prompted for
|
||||
# input_password = secret
|
||||
# output_password = secret
|
||||
|
||||
# This sets a mask for permitted string types. There are several options.
|
||||
# default: PrintableString, T61String, BMPString.
|
||||
# pkix : PrintableString, BMPString (PKIX recommendation after 2004).
|
||||
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
|
||||
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
|
||||
# MASK:XXXX a literal mask value.
|
||||
string_mask = nombstr
|
||||
|
||||
# req_extensions = v3_req # The extensions to add to a certificate request
|
||||
|
||||
[ req_distinguished_name ]
|
||||
countryName = Country Name (2 letter code)
|
||||
countryName_default = $ENV::KEY_COUNTRY
|
||||
countryName_min = 2
|
||||
countryName_max = 2
|
||||
|
||||
stateOrProvinceName = State or Province Name (full name)
|
||||
stateOrProvinceName_default = $ENV::KEY_PROVINCE
|
||||
|
||||
localityName = Locality Name (eg, city)
|
||||
localityName_default = $ENV::KEY_CITY
|
||||
|
||||
0.organizationName = Organization Name (eg, company)
|
||||
0.organizationName_default = $ENV::KEY_ORG
|
||||
|
||||
# we can do this but it is not needed normally :-)
|
||||
#1.organizationName = Second Organization Name (eg, company)
|
||||
#1.organizationName_default = World Wide Web Pty Ltd
|
||||
|
||||
organizationalUnitName = Organizational Unit Name (eg, section)
|
||||
#organizationalUnitName_default =
|
||||
|
||||
commonName = Common Name (eg, your name or your server\'s hostname)
|
||||
commonName_max = 64
|
||||
|
||||
name = Name
|
||||
name_max = 64
|
||||
|
||||
emailAddress = Email Address
|
||||
emailAddress_default = $ENV::KEY_EMAIL
|
||||
emailAddress_max = 40
|
||||
|
||||
# JY -- added for batch mode
|
||||
organizationalUnitName_default = $ENV::KEY_OU
|
||||
commonName_default = $ENV::KEY_CN
|
||||
name_default = $ENV::KEY_NAME
|
||||
|
||||
|
||||
# SET-ex3 = SET extension number 3
|
||||
|
||||
[ req_attributes ]
|
||||
challengePassword = A challenge password
|
||||
challengePassword_min = 4
|
||||
challengePassword_max = 20
|
||||
|
||||
unstructuredName = An optional company name
|
||||
|
||||
[ usr_cert ]
|
||||
|
||||
# These extensions are added when 'ca' signs a request.
|
||||
|
||||
# This goes against PKIX guidelines but some CAs do it and some software
|
||||
# requires this to avoid interpreting an end user certificate as a CA.
|
||||
|
||||
basicConstraints=CA:FALSE
|
||||
|
||||
# Here are some examples of the usage of nsCertType. If it is omitted
|
||||
# the certificate can be used for anything *except* object signing.
|
||||
|
||||
# This is OK for an SSL server.
|
||||
# nsCertType = server
|
||||
|
||||
# For an object signing certificate this would be used.
|
||||
# nsCertType = objsign
|
||||
|
||||
# For normal client use this is typical
|
||||
# nsCertType = client, email
|
||||
|
||||
# and for everything including object signing:
|
||||
# nsCertType = client, email, objsign
|
||||
|
||||
# This is typical in keyUsage for a client certificate.
|
||||
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
||||
|
||||
# This will be displayed in Netscape's comment listbox.
|
||||
nsComment = "Easy-RSA Generated Certificate"
|
||||
|
||||
# PKIX recommendations harmless if included in all certificates.
|
||||
subjectKeyIdentifier=hash
|
||||
authorityKeyIdentifier=keyid,issuer:always
|
||||
extendedKeyUsage=clientAuth
|
||||
keyUsage = digitalSignature
|
||||
|
||||
|
||||
# This stuff is for subjectAltName and issuerAltname.
|
||||
# Import the email address.
|
||||
# subjectAltName=email:copy
|
||||
subjectAltName=$ENV::KEY_ALTNAMES
|
||||
|
||||
# Copy subject details
|
||||
# issuerAltName=issuer:copy
|
||||
|
||||
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
|
||||
#nsBaseUrl
|
||||
#nsRevocationUrl
|
||||
#nsRenewalUrl
|
||||
#nsCaPolicyUrl
|
||||
#nsSslServerName
|
||||
|
||||
[ server ]
|
||||
|
||||
# JY ADDED -- Make a cert with nsCertType set to "server"
|
||||
basicConstraints=CA:FALSE
|
||||
nsCertType = server
|
||||
nsComment = "Easy-RSA Generated Server Certificate"
|
||||
subjectKeyIdentifier=hash
|
||||
authorityKeyIdentifier=keyid,issuer:always
|
||||
extendedKeyUsage=serverAuth
|
||||
keyUsage = digitalSignature, keyEncipherment
|
||||
subjectAltName=$ENV::KEY_ALTNAMES
|
||||
|
||||
[ v3_req ]
|
||||
|
||||
# Extensions to add to a certificate request
|
||||
|
||||
basicConstraints = CA:FALSE
|
||||
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
||||
|
||||
[ v3_ca ]
|
||||
|
||||
|
||||
# Extensions for a typical CA
|
||||
|
||||
|
||||
# PKIX recommendation.
|
||||
|
||||
subjectKeyIdentifier=hash
|
||||
|
||||
authorityKeyIdentifier=keyid:always,issuer:always
|
||||
|
||||
# This is what PKIX recommends but some broken software chokes on critical
|
||||
# extensions.
|
||||
#basicConstraints = critical,CA:true
|
||||
# So we do this instead.
|
||||
basicConstraints = CA:true
|
||||
|
||||
# Key usage: this is typical for a CA certificate. However since it will
|
||||
# prevent it being used as an test self-signed certificate it is best
|
||||
# left out by default.
|
||||
# keyUsage = cRLSign, keyCertSign
|
||||
|
||||
# Some might want this also
|
||||
# nsCertType = sslCA, emailCA
|
||||
|
||||
# Include email address in subject alt name: another PKIX recommendation
|
||||
# subjectAltName=email:copy
|
||||
# Copy issuer details
|
||||
# issuerAltName=issuer:copy
|
||||
|
||||
# DER hex encoding of an extension: beware experts only!
|
||||
# obj=DER:02:03
|
||||
# Where 'obj' is a standard or added object
|
||||
# You can even override a supported extension:
|
||||
# basicConstraints= critical, DER:30:03:01:01:FF
|
||||
|
||||
[ crl_ext ]
|
||||
|
||||
# CRL extensions.
|
||||
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
|
||||
|
||||
# issuerAltName=issuer:copy
|
||||
authorityKeyIdentifier=keyid:always,issuer:always
|
||||
|
||||
[ engine_section ]
|
||||
#
|
||||
# If you are using PKCS#11
|
||||
# Install engine_pkcs11 of opensc (www.opensc.org)
|
||||
# And uncomment the following
|
||||
# verify that dynamic_path points to the correct location
|
||||
#
|
||||
#pkcs11 = pkcs11_section
|
||||
|
||||
[ pkcs11_section ]
|
||||
engine_id = pkcs11
|
||||
dynamic_path = /usr/lib/engines/engine_pkcs11.so
|
||||
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
|
||||
PIN = $ENV::PKCS11_PIN
|
||||
init = 0
|
||||
288
AK/openvpn/ak/easy-rsa/openssl-1.0.0.cnf.ORIG
Normal file
288
AK/openvpn/ak/easy-rsa/openssl-1.0.0.cnf.ORIG
Normal file
@ -0,0 +1,288 @@
|
||||
# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
|
||||
|
||||
# This definition stops the following lines choking if HOME isn't
|
||||
# defined.
|
||||
HOME = .
|
||||
RANDFILE = $ENV::HOME/.rnd
|
||||
openssl_conf = openssl_init
|
||||
|
||||
[ openssl_init ]
|
||||
# Extra OBJECT IDENTIFIER info:
|
||||
#oid_file = $ENV::HOME/.oid
|
||||
oid_section = new_oids
|
||||
engines = engine_section
|
||||
|
||||
# To use this configuration file with the "-extfile" option of the
|
||||
# "openssl x509" utility, name here the section containing the
|
||||
# X.509v3 extensions to use:
|
||||
# extensions =
|
||||
# (Alternatively, use a configuration file that has only
|
||||
# X.509v3 extensions in its main [= default] section.)
|
||||
|
||||
[ new_oids ]
|
||||
|
||||
# We can add new OIDs in here for use by 'ca' and 'req'.
|
||||
# Add a simple OID like this:
|
||||
# testoid1=1.2.3.4
|
||||
# Or use config file substitution like this:
|
||||
# testoid2=${testoid1}.5.6
|
||||
|
||||
####################################################################
|
||||
[ ca ]
|
||||
default_ca = CA_default # The default ca section
|
||||
|
||||
####################################################################
|
||||
[ CA_default ]
|
||||
|
||||
dir = $ENV::KEY_DIR # Where everything is kept
|
||||
certs = $dir # Where the issued certs are kept
|
||||
crl_dir = $dir # Where the issued crl are kept
|
||||
database = $dir/index.txt # database index file.
|
||||
new_certs_dir = $dir # default place for new certs.
|
||||
|
||||
certificate = $dir/ca.crt # The CA certificate
|
||||
serial = $dir/serial # The current serial number
|
||||
crl = $dir/crl.pem # The current CRL
|
||||
private_key = $dir/ca.key # The private key
|
||||
RANDFILE = $dir/.rand # private random number file
|
||||
|
||||
x509_extensions = usr_cert # The extentions to add to the cert
|
||||
|
||||
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
|
||||
# so this is commented out by default to leave a V1 CRL.
|
||||
# crl_extensions = crl_ext
|
||||
|
||||
default_days = 3650 # how long to certify for
|
||||
default_crl_days= 30 # how long before next CRL
|
||||
default_md = sha256 # use public key default MD
|
||||
preserve = no # keep passed DN ordering
|
||||
|
||||
# A few difference way of specifying how similar the request should look
|
||||
# For type CA, the listed attributes must be the same, and the optional
|
||||
# and supplied fields are just that :-)
|
||||
policy = policy_anything
|
||||
|
||||
# For the CA policy
|
||||
[ policy_match ]
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
name = optional
|
||||
emailAddress = optional
|
||||
|
||||
# For the 'anything' policy
|
||||
# At this point in time, you must list all acceptable 'object'
|
||||
# types.
|
||||
[ policy_anything ]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
name = optional
|
||||
emailAddress = optional
|
||||
|
||||
####################################################################
|
||||
[ req ]
|
||||
default_bits = $ENV::KEY_SIZE
|
||||
default_keyfile = privkey.pem
|
||||
default_md = sha256
|
||||
distinguished_name = req_distinguished_name
|
||||
attributes = req_attributes
|
||||
x509_extensions = v3_ca # The extentions to add to the self signed cert
|
||||
|
||||
# Passwords for private keys if not present they will be prompted for
|
||||
# input_password = secret
|
||||
# output_password = secret
|
||||
|
||||
# This sets a mask for permitted string types. There are several options.
|
||||
# default: PrintableString, T61String, BMPString.
|
||||
# pkix : PrintableString, BMPString (PKIX recommendation after 2004).
|
||||
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
|
||||
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
|
||||
# MASK:XXXX a literal mask value.
|
||||
string_mask = nombstr
|
||||
|
||||
# req_extensions = v3_req # The extensions to add to a certificate request
|
||||
|
||||
[ req_distinguished_name ]
|
||||
countryName = Country Name (2 letter code)
|
||||
countryName_default = $ENV::KEY_COUNTRY
|
||||
countryName_min = 2
|
||||
countryName_max = 2
|
||||
|
||||
stateOrProvinceName = State or Province Name (full name)
|
||||
stateOrProvinceName_default = $ENV::KEY_PROVINCE
|
||||
|
||||
localityName = Locality Name (eg, city)
|
||||
localityName_default = $ENV::KEY_CITY
|
||||
|
||||
0.organizationName = Organization Name (eg, company)
|
||||
0.organizationName_default = $ENV::KEY_ORG
|
||||
|
||||
# we can do this but it is not needed normally :-)
|
||||
#1.organizationName = Second Organization Name (eg, company)
|
||||
#1.organizationName_default = World Wide Web Pty Ltd
|
||||
|
||||
organizationalUnitName = Organizational Unit Name (eg, section)
|
||||
#organizationalUnitName_default =
|
||||
|
||||
commonName = Common Name (eg, your name or your server\'s hostname)
|
||||
commonName_max = 64
|
||||
|
||||
name = Name
|
||||
name_max = 64
|
||||
|
||||
emailAddress = Email Address
|
||||
emailAddress_default = $ENV::KEY_EMAIL
|
||||
emailAddress_max = 40
|
||||
|
||||
# JY -- added for batch mode
|
||||
organizationalUnitName_default = $ENV::KEY_OU
|
||||
commonName_default = $ENV::KEY_CN
|
||||
name_default = $ENV::KEY_NAME
|
||||
|
||||
|
||||
# SET-ex3 = SET extension number 3
|
||||
|
||||
[ req_attributes ]
|
||||
challengePassword = A challenge password
|
||||
challengePassword_min = 4
|
||||
challengePassword_max = 20
|
||||
|
||||
unstructuredName = An optional company name
|
||||
|
||||
[ usr_cert ]
|
||||
|
||||
# These extensions are added when 'ca' signs a request.
|
||||
|
||||
# This goes against PKIX guidelines but some CAs do it and some software
|
||||
# requires this to avoid interpreting an end user certificate as a CA.
|
||||
|
||||
basicConstraints=CA:FALSE
|
||||
|
||||
# Here are some examples of the usage of nsCertType. If it is omitted
|
||||
# the certificate can be used for anything *except* object signing.
|
||||
|
||||
# This is OK for an SSL server.
|
||||
# nsCertType = server
|
||||
|
||||
# For an object signing certificate this would be used.
|
||||
# nsCertType = objsign
|
||||
|
||||
# For normal client use this is typical
|
||||
# nsCertType = client, email
|
||||
|
||||
# and for everything including object signing:
|
||||
# nsCertType = client, email, objsign
|
||||
|
||||
# This is typical in keyUsage for a client certificate.
|
||||
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
||||
|
||||
# This will be displayed in Netscape's comment listbox.
|
||||
nsComment = "Easy-RSA Generated Certificate"
|
||||
|
||||
# PKIX recommendations harmless if included in all certificates.
|
||||
subjectKeyIdentifier=hash
|
||||
authorityKeyIdentifier=keyid,issuer:always
|
||||
extendedKeyUsage=clientAuth
|
||||
keyUsage = digitalSignature
|
||||
|
||||
|
||||
# This stuff is for subjectAltName and issuerAltname.
|
||||
# Import the email address.
|
||||
# subjectAltName=email:copy
|
||||
subjectAltName=$ENV::KEY_ALTNAMES
|
||||
|
||||
# Copy subject details
|
||||
# issuerAltName=issuer:copy
|
||||
|
||||
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
|
||||
#nsBaseUrl
|
||||
#nsRevocationUrl
|
||||
#nsRenewalUrl
|
||||
#nsCaPolicyUrl
|
||||
#nsSslServerName
|
||||
|
||||
[ server ]
|
||||
|
||||
# JY ADDED -- Make a cert with nsCertType set to "server"
|
||||
basicConstraints=CA:FALSE
|
||||
nsCertType = server
|
||||
nsComment = "Easy-RSA Generated Server Certificate"
|
||||
subjectKeyIdentifier=hash
|
||||
authorityKeyIdentifier=keyid,issuer:always
|
||||
extendedKeyUsage=serverAuth
|
||||
keyUsage = digitalSignature, keyEncipherment
|
||||
subjectAltName=$ENV::KEY_ALTNAMES
|
||||
|
||||
[ v3_req ]
|
||||
|
||||
# Extensions to add to a certificate request
|
||||
|
||||
basicConstraints = CA:FALSE
|
||||
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
||||
|
||||
[ v3_ca ]
|
||||
|
||||
|
||||
# Extensions for a typical CA
|
||||
|
||||
|
||||
# PKIX recommendation.
|
||||
|
||||
subjectKeyIdentifier=hash
|
||||
|
||||
authorityKeyIdentifier=keyid:always,issuer:always
|
||||
|
||||
# This is what PKIX recommends but some broken software chokes on critical
|
||||
# extensions.
|
||||
#basicConstraints = critical,CA:true
|
||||
# So we do this instead.
|
||||
basicConstraints = CA:true
|
||||
|
||||
# Key usage: this is typical for a CA certificate. However since it will
|
||||
# prevent it being used as an test self-signed certificate it is best
|
||||
# left out by default.
|
||||
# keyUsage = cRLSign, keyCertSign
|
||||
|
||||
# Some might want this also
|
||||
# nsCertType = sslCA, emailCA
|
||||
|
||||
# Include email address in subject alt name: another PKIX recommendation
|
||||
# subjectAltName=email:copy
|
||||
# Copy issuer details
|
||||
# issuerAltName=issuer:copy
|
||||
|
||||
# DER hex encoding of an extension: beware experts only!
|
||||
# obj=DER:02:03
|
||||
# Where 'obj' is a standard or added object
|
||||
# You can even override a supported extension:
|
||||
# basicConstraints= critical, DER:30:03:01:01:FF
|
||||
|
||||
[ crl_ext ]
|
||||
|
||||
# CRL extensions.
|
||||
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
|
||||
|
||||
# issuerAltName=issuer:copy
|
||||
authorityKeyIdentifier=keyid:always,issuer:always
|
||||
|
||||
[ engine_section ]
|
||||
#
|
||||
# If you are using PKCS#11
|
||||
# Install engine_pkcs11 of opensc (www.opensc.org)
|
||||
# And uncomment the following
|
||||
# verify that dynamic_path points to the correct location
|
||||
#
|
||||
#pkcs11 = pkcs11_section
|
||||
|
||||
[ pkcs11_section ]
|
||||
engine_id = pkcs11
|
||||
dynamic_path = /usr/lib/engines/engine_pkcs11.so
|
||||
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
|
||||
PIN = $ENV::PKCS11_PIN
|
||||
init = 0
|
||||
1
AK/openvpn/ak/easy-rsa/openssl.cnf
Symbolic link
1
AK/openvpn/ak/easy-rsa/openssl.cnf
Symbolic link
@ -0,0 +1 @@
|
||||
/etc/openvpn/ak/easy-rsa/openssl-1.0.0.cnf
|
||||
1
AK/openvpn/ak/easy-rsa/pkitool
Symbolic link
1
AK/openvpn/ak/easy-rsa/pkitool
Symbolic link
@ -0,0 +1 @@
|
||||
/usr/share/easy-rsa/pkitool
|
||||
1
AK/openvpn/ak/easy-rsa/revoke-full
Symbolic link
1
AK/openvpn/ak/easy-rsa/revoke-full
Symbolic link
@ -0,0 +1 @@
|
||||
/usr/share/easy-rsa/revoke-full
|
||||
1
AK/openvpn/ak/easy-rsa/sign-req
Symbolic link
1
AK/openvpn/ak/easy-rsa/sign-req
Symbolic link
@ -0,0 +1 @@
|
||||
/usr/share/easy-rsa/sign-req
|
||||
96
AK/openvpn/ak/easy-rsa/vars
Normal file
96
AK/openvpn/ak/easy-rsa/vars
Normal file
@ -0,0 +1,96 @@
|
||||
# easy-rsa parameter settings
|
||||
|
||||
# NOTE: If you installed from an RPM,
|
||||
# don't edit this file in place in
|
||||
# /usr/share/openvpn/easy-rsa --
|
||||
# instead, you should copy the whole
|
||||
# easy-rsa directory to another location
|
||||
# (such as /etc/openvpn) so that your
|
||||
# edits will not be wiped out by a future
|
||||
# OpenVPN package upgrade.
|
||||
|
||||
# This variable should point to
|
||||
# the top level of the easy-rsa
|
||||
# tree.
|
||||
##export EASY_RSA="`pwd`"
|
||||
export BASE_DIR="/etc/openvpn/ak"
|
||||
export EASY_RSA="$BASE_DIR/easy-rsa"
|
||||
|
||||
#
|
||||
# This variable should point to
|
||||
# the requested executables
|
||||
#
|
||||
export OPENSSL="openssl"
|
||||
export PKCS11TOOL="pkcs11-tool"
|
||||
export GREP="grep"
|
||||
|
||||
|
||||
# This variable should point to
|
||||
# the openssl.cnf file included
|
||||
# with easy-rsa.
|
||||
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
|
||||
|
||||
# Edit this variable to point to
|
||||
# your soon-to-be-created key
|
||||
# directory.
|
||||
#
|
||||
# WARNING: clean-all will do
|
||||
# a rm -rf on this directory
|
||||
# so make sure you define
|
||||
# it correctly!
|
||||
##export KEY_DIR="$EASY_RSA/keys"
|
||||
export KEY_DIR="$BASE_DIR/keys"
|
||||
|
||||
# Issue rm -rf warning
|
||||
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
|
||||
|
||||
# PKCS11 fixes
|
||||
export PKCS11_MODULE_PATH="dummy"
|
||||
export PKCS11_PIN="dummy"
|
||||
|
||||
# Increase this to 2048 if you
|
||||
# are paranoid. This will slow
|
||||
# down TLS negotiation performance
|
||||
# as well as the one-time DH parms
|
||||
# generation process.
|
||||
##export KEY_SIZE=2048
|
||||
export KEY_SIZE=4096
|
||||
|
||||
# In how many days should the root CA key expire?
|
||||
##export CA_EXPIRE=3650
|
||||
export CA_EXPIRE=11688
|
||||
|
||||
# In how many days should certificates expire?
|
||||
##export KEY_EXPIRE=3650
|
||||
export KEY_EXPIRE=7305
|
||||
|
||||
# These are the default values for fields
|
||||
# which will be placed in the certificate.
|
||||
# Don't leave any of these fields blank.
|
||||
##export KEY_COUNTRY="US"
|
||||
export KEY_COUNTRY="DE"
|
||||
##export KEY_PROVINCE="CA"
|
||||
export KEY_PROVINCE="Berlin"
|
||||
##export KEY_CITY="SanFrancisco"
|
||||
export KEY_CITY="Berlin"
|
||||
##export KEY_ORG="Fort-Funston"
|
||||
export KEY_ORG="o.open"
|
||||
##export KEY_EMAIL="me@myhost.mydomain"
|
||||
export KEY_EMAIL="argus@oopen.de"
|
||||
##export KEY_OU="MyOrganizationalUnit"
|
||||
export KEY_OU="Network Services"
|
||||
|
||||
# X509 Subject Field
|
||||
##export KEY_NAME="EasyRSA"
|
||||
export KEY_NAME="VPN AK"
|
||||
|
||||
# PKCS11 Smart Card
|
||||
# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
|
||||
# export PKCS11_PIN=1234
|
||||
|
||||
# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
|
||||
# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
|
||||
## export KEY_CN="CommonName"
|
||||
export KEY_CN="VPN-AK"
|
||||
|
||||
export KEY_ALTNAMES="VPN AK"
|
||||
80
AK/openvpn/ak/easy-rsa/vars.2018-02-06-1310
Normal file
80
AK/openvpn/ak/easy-rsa/vars.2018-02-06-1310
Normal file
@ -0,0 +1,80 @@
|
||||
# easy-rsa parameter settings
|
||||
|
||||
# NOTE: If you installed from an RPM,
|
||||
# don't edit this file in place in
|
||||
# /usr/share/openvpn/easy-rsa --
|
||||
# instead, you should copy the whole
|
||||
# easy-rsa directory to another location
|
||||
# (such as /etc/openvpn) so that your
|
||||
# edits will not be wiped out by a future
|
||||
# OpenVPN package upgrade.
|
||||
|
||||
# This variable should point to
|
||||
# the top level of the easy-rsa
|
||||
# tree.
|
||||
export EASY_RSA="`pwd`"
|
||||
|
||||
#
|
||||
# This variable should point to
|
||||
# the requested executables
|
||||
#
|
||||
export OPENSSL="openssl"
|
||||
export PKCS11TOOL="pkcs11-tool"
|
||||
export GREP="grep"
|
||||
|
||||
|
||||
# This variable should point to
|
||||
# the openssl.cnf file included
|
||||
# with easy-rsa.
|
||||
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
|
||||
|
||||
# Edit this variable to point to
|
||||
# your soon-to-be-created key
|
||||
# directory.
|
||||
#
|
||||
# WARNING: clean-all will do
|
||||
# a rm -rf on this directory
|
||||
# so make sure you define
|
||||
# it correctly!
|
||||
export KEY_DIR="$EASY_RSA/keys"
|
||||
|
||||
# Issue rm -rf warning
|
||||
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
|
||||
|
||||
# PKCS11 fixes
|
||||
export PKCS11_MODULE_PATH="dummy"
|
||||
export PKCS11_PIN="dummy"
|
||||
|
||||
# Increase this to 2048 if you
|
||||
# are paranoid. This will slow
|
||||
# down TLS negotiation performance
|
||||
# as well as the one-time DH parms
|
||||
# generation process.
|
||||
export KEY_SIZE=2048
|
||||
|
||||
# In how many days should the root CA key expire?
|
||||
export CA_EXPIRE=3650
|
||||
|
||||
# In how many days should certificates expire?
|
||||
export KEY_EXPIRE=3650
|
||||
|
||||
# These are the default values for fields
|
||||
# which will be placed in the certificate.
|
||||
# Don't leave any of these fields blank.
|
||||
export KEY_COUNTRY="US"
|
||||
export KEY_PROVINCE="CA"
|
||||
export KEY_CITY="SanFrancisco"
|
||||
export KEY_ORG="Fort-Funston"
|
||||
export KEY_EMAIL="me@myhost.mydomain"
|
||||
export KEY_OU="MyOrganizationalUnit"
|
||||
|
||||
# X509 Subject Field
|
||||
export KEY_NAME="EasyRSA"
|
||||
|
||||
# PKCS11 Smart Card
|
||||
# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
|
||||
# export PKCS11_PIN=1234
|
||||
|
||||
# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
|
||||
# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
|
||||
# export KEY_CN="CommonName"
|
||||
1
AK/openvpn/ak/easy-rsa/whichopensslcnf
Symbolic link
1
AK/openvpn/ak/easy-rsa/whichopensslcnf
Symbolic link
@ -0,0 +1 @@
|
||||
/usr/share/easy-rsa/whichopensslcnf
|
||||
1
AK/openvpn/ak/ipp.txt
Normal file
1
AK/openvpn/ak/ipp.txt
Normal file
@ -0,0 +1 @@
|
||||
VPN-AK-chris,10.0.0.2
|
||||
4
AK/openvpn/ak/keys-created.txt
Normal file
4
AK/openvpn/ak/keys-created.txt
Normal file
@ -0,0 +1,4 @@
|
||||
|
||||
key...............: chris.key
|
||||
common name.......: VPN-AK-chris
|
||||
password..........: dbddhkpuka.&EadGl15E.
|
||||
141
AK/openvpn/ak/keys/01.pem
Normal file
141
AK/openvpn/ak/keys/01.pem
Normal file
@ -0,0 +1,141 @@
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number: 1 (0x1)
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AK/name=VPN AK/emailAddress=argus@oopen.de
|
||||
Validity
|
||||
Not Before: Feb 6 12:37:16 2018 GMT
|
||||
Not After : Feb 6 12:37:16 2038 GMT
|
||||
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AK-server/name=VPN AK/emailAddress=argus@oopen.de
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
Public-Key: (4096 bit)
|
||||
Modulus:
|
||||
00:c3:e5:c6:ea:48:8b:ac:0a:03:79:75:38:5b:f0:
|
||||
4a:42:eb:30:af:31:fe:cd:81:25:29:7d:eb:7c:fb:
|
||||
2d:fe:73:f3:3a:bd:fc:fa:09:c7:36:3a:dc:52:22:
|
||||
d3:7f:01:d3:3d:c3:86:01:c0:ec:76:6a:89:0c:49:
|
||||
e9:12:41:72:8e:41:b0:35:23:d0:35:5f:21:00:3f:
|
||||
be:80:03:ac:e2:f8:05:3a:bc:19:0a:48:13:8a:56:
|
||||
4d:65:ea:9a:8d:00:51:52:4f:8c:1f:8a:fa:bd:39:
|
||||
41:e2:7e:a6:d9:5c:42:a6:40:2a:88:59:54:91:5b:
|
||||
6d:69:ec:21:84:aa:fa:41:75:7b:8d:08:1f:7a:f9:
|
||||
71:60:73:60:9b:31:73:32:27:5c:34:2e:7f:ff:f8:
|
||||
be:26:eb:dd:aa:c1:b6:c2:70:d1:90:b5:47:e3:c9:
|
||||
2e:d3:bc:3d:11:69:58:aa:36:93:1a:11:b5:94:ca:
|
||||
e2:44:1a:9b:4d:3b:04:63:cd:d8:28:57:8c:f6:35:
|
||||
70:bd:fe:bb:ef:8c:95:82:91:a8:c1:2a:8d:d4:77:
|
||||
57:64:a5:cc:57:f3:b1:8a:2f:52:d8:d8:8d:e2:e1:
|
||||
3c:21:49:bf:b0:42:71:3a:71:cf:4f:5a:18:99:79:
|
||||
44:d1:72:06:4a:7d:30:29:fe:a7:43:2c:92:23:9b:
|
||||
69:2f:d2:88:3c:6c:c9:d1:8e:cd:d3:5d:24:3e:c9:
|
||||
f3:b5:8b:60:99:48:ff:90:bf:ad:f3:f7:3b:c6:7d:
|
||||
27:8f:d2:b8:88:02:0a:03:91:8a:3d:3c:25:53:6d:
|
||||
07:59:6c:b1:0d:f8:e5:93:02:58:54:60:0b:29:08:
|
||||
39:92:71:01:dc:0d:8d:b2:94:87:4b:08:39:20:cf:
|
||||
a7:e5:3b:66:91:c5:01:15:3c:2c:df:6a:9d:4b:48:
|
||||
b5:5e:fa:3f:6d:49:11:2b:92:bc:7a:46:70:b0:cf:
|
||||
cd:79:be:90:e1:ce:41:fa:43:31:cd:bb:b7:34:5f:
|
||||
c7:71:80:75:83:6e:f6:45:a0:ee:a7:b4:de:43:f1:
|
||||
fc:df:19:d8:6d:00:b5:ae:59:17:f7:7d:19:cd:c8:
|
||||
b7:4a:92:da:6d:ad:3c:d5:b0:db:6e:5b:b8:2d:62:
|
||||
d5:5f:e4:23:b0:65:8c:b5:da:d8:27:0a:34:9e:32:
|
||||
02:7e:bc:89:39:aa:7f:b2:07:26:2e:39:0a:21:c6:
|
||||
da:4e:d2:cf:53:45:9f:c2:9c:d0:c6:86:37:20:60:
|
||||
9c:7d:14:3a:2f:1c:5c:50:36:5d:d3:15:2e:94:f1:
|
||||
04:b8:22:4b:c9:85:6a:ec:59:ec:e2:01:e3:c9:e1:
|
||||
02:56:40:c1:8f:01:61:68:26:72:89:de:ba:29:2f:
|
||||
15:8f:d5
|
||||
Exponent: 65537 (0x10001)
|
||||
X509v3 extensions:
|
||||
X509v3 Basic Constraints:
|
||||
CA:FALSE
|
||||
Netscape Cert Type:
|
||||
SSL Server
|
||||
Netscape Comment:
|
||||
Easy-RSA Generated Server Certificate
|
||||
X509v3 Subject Key Identifier:
|
||||
3F:C0:FA:95:43:C6:88:A3:2E:18:8E:43:3C:BA:1C:97:2F:70:C7:59
|
||||
X509v3 Authority Key Identifier:
|
||||
keyid:EA:67:95:94:1D:46:8E:44:BF:97:A4:09:BD:40:3D:00:D9:D3:EE:40
|
||||
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AK/name=VPN AK/emailAddress=argus@oopen.de
|
||||
serial:EB:02:53:87:4C:0D:73:5F
|
||||
|
||||
X509v3 Extended Key Usage:
|
||||
TLS Web Server Authentication
|
||||
X509v3 Key Usage:
|
||||
Digital Signature, Key Encipherment
|
||||
X509v3 Subject Alternative Name:
|
||||
DNS:server
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
14:3a:a6:f8:86:88:7c:db:9b:ce:b1:59:57:de:3e:e0:34:7d:
|
||||
ce:a3:95:15:f8:89:54:e3:d4:02:0e:b8:51:35:14:4d:e9:31:
|
||||
21:25:3c:77:55:d4:b2:9b:f0:d5:b1:80:6d:ef:e7:86:f4:e7:
|
||||
e9:03:5a:12:c2:5b:42:e5:90:8a:8e:e5:f9:83:13:6d:60:43:
|
||||
aa:13:1f:f2:99:3d:66:84:ec:21:1f:68:a6:b5:64:ad:c3:e2:
|
||||
d0:6f:96:9f:eb:37:94:12:a7:89:94:de:5c:69:4c:8f:f8:75:
|
||||
b8:76:c7:81:c7:88:81:34:6d:cf:ea:23:eb:05:87:a1:fd:d7:
|
||||
e8:88:a0:34:81:f4:15:a6:cb:ff:53:47:10:e6:04:86:49:09:
|
||||
7e:0f:ed:0c:47:5a:df:bc:a3:23:ed:80:4d:e0:88:81:be:32:
|
||||
1c:0f:16:c6:c0:6e:0c:d7:24:63:1e:88:e2:82:e7:00:f2:a6:
|
||||
0c:01:b1:a6:7e:4d:69:4e:9f:8a:e3:78:12:cb:fa:d2:b9:a6:
|
||||
b7:ac:07:98:9e:38:aa:a8:56:81:9b:06:c2:11:ec:f1:4f:e5:
|
||||
5a:21:45:ed:8f:b1:a0:48:21:e7:ba:7b:5f:5b:a9:7a:51:ca:
|
||||
6d:84:1b:b9:78:38:18:91:9c:e0:ca:0e:97:e0:e7:bd:36:10:
|
||||
ed:c9:80:0a:73:c1:ae:0c:d6:b1:dd:be:fc:7b:a7:83:4f:0d:
|
||||
b6:7c:2f:15:4b:b6:e1:b0:5f:81:bb:c5:4d:3e:fd:84:82:65:
|
||||
65:8a:4e:f5:66:19:e4:4d:9f:31:9d:d2:21:44:7c:9e:ff:55:
|
||||
1f:f3:17:bc:d4:d3:e2:c4:51:fd:f9:f6:b8:b8:53:42:11:94:
|
||||
f0:aa:df:6e:0f:07:0a:1d:2f:31:7a:6e:28:32:63:1d:a7:fa:
|
||||
da:93:9d:37:25:3e:53:f7:f4:f2:e8:97:23:d9:39:dd:1d:39:
|
||||
c1:1c:03:b6:b1:b9:21:6f:ed:a6:c9:b8:e4:aa:f5:6f:d6:33:
|
||||
94:d4:70:e6:c7:e2:38:6c:33:3c:d9:19:4e:af:90:0c:13:f5:
|
||||
b3:d8:fc:7a:21:8a:3e:43:e5:14:3f:4f:72:de:2a:71:13:db:
|
||||
7e:b6:d9:aa:1c:d1:f9:ed:f6:cc:c1:ae:c9:c1:4e:4e:f8:dd:
|
||||
85:ec:4f:b7:7a:7a:90:26:44:8b:a7:8d:67:26:0e:82:02:92:
|
||||
14:d4:ad:38:28:ff:36:e8:59:3e:dc:1a:76:bb:b6:cc:b1:32:
|
||||
d9:44:85:f5:c4:45:db:92:55:54:78:05:88:db:0a:fb:42:17:
|
||||
e0:b7:76:0f:c2:c8:69:67:ed:fb:b4:e8:72:e7:ee:6a:03:d9:
|
||||
8b:4d:22:d5:ed:00:68:6d
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIHPjCCBSagAwIBAgIBATANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
|
||||
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
|
||||
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1BSzEP
|
||||
MA0GA1UEKRMGVlBOIEFLMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
|
||||
Fw0xODAyMDYxMjM3MTZaFw0zODAyMDYxMjM3MTZaMIGjMQswCQYDVQQGEwJERTEP
|
||||
MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
|
||||
bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEWMBQGA1UEAxMNVlBOLUFLLXNl
|
||||
cnZlcjEPMA0GA1UEKRMGVlBOIEFLMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Bl
|
||||
bi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMPlxupIi6wKA3l1
|
||||
OFvwSkLrMK8x/s2BJSl963z7Lf5z8zq9/PoJxzY63FIi038B0z3DhgHA7HZqiQxJ
|
||||
6RJBco5BsDUj0DVfIQA/voADrOL4BTq8GQpIE4pWTWXqmo0AUVJPjB+K+r05QeJ+
|
||||
ptlcQqZAKohZVJFbbWnsIYSq+kF1e40IH3r5cWBzYJsxczInXDQuf//4vibr3arB
|
||||
tsJw0ZC1R+PJLtO8PRFpWKo2kxoRtZTK4kQam007BGPN2ChXjPY1cL3+u++MlYKR
|
||||
qMEqjdR3V2SlzFfzsYovUtjYjeLhPCFJv7BCcTpxz09aGJl5RNFyBkp9MCn+p0Ms
|
||||
kiObaS/SiDxsydGOzdNdJD7J87WLYJlI/5C/rfP3O8Z9J4/SuIgCCgORij08JVNt
|
||||
B1lssQ345ZMCWFRgCykIOZJxAdwNjbKUh0sIOSDPp+U7ZpHFARU8LN9qnUtItV76
|
||||
P21JESuSvHpGcLDPzXm+kOHOQfpDMc27tzRfx3GAdYNu9kWg7qe03kPx/N8Z2G0A
|
||||
ta5ZF/d9Gc3It0qS2m2tPNWw225buC1i1V/kI7BljLXa2CcKNJ4yAn68iTmqf7IH
|
||||
Ji45CiHG2k7Sz1NFn8Kc0MaGNyBgnH0UOi8cXFA2XdMVLpTxBLgiS8mFauxZ7OIB
|
||||
48nhAlZAwY8BYWgmconeuikvFY/VAgMBAAGjggGAMIIBfDAJBgNVHRMEAjAAMBEG
|
||||
CWCGSAGG+EIBAQQEAwIGQDA0BglghkgBhvhCAQ0EJxYlRWFzeS1SU0EgR2VuZXJh
|
||||
dGVkIFNlcnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUP8D6lUPGiKMuGI5DPLoc
|
||||
ly9wx1kwgdEGA1UdIwSByTCBxoAU6meVlB1GjkS/l6QJvUA9ANnT7kChgaKkgZ8w
|
||||
gZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxp
|
||||
bjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMQ8w
|
||||
DQYDVQQDEwZWUE4tQUsxDzANBgNVBCkTBlZQTiBBSzEdMBsGCSqGSIb3DQEJARYO
|
||||
YXJndXNAb29wZW4uZGWCCQDrAlOHTA1zXzATBgNVHSUEDDAKBggrBgEFBQcDATAL
|
||||
BgNVHQ8EBAMCBaAwEQYDVR0RBAowCIIGc2VydmVyMA0GCSqGSIb3DQEBCwUAA4IC
|
||||
AQAUOqb4hoh825vOsVlX3j7gNH3Oo5UV+IlU49QCDrhRNRRN6TEhJTx3VdSym/DV
|
||||
sYBt7+eG9OfpA1oSwltC5ZCKjuX5gxNtYEOqEx/ymT1mhOwhH2imtWStw+LQb5af
|
||||
6zeUEqeJlN5caUyP+HW4dseBx4iBNG3P6iPrBYeh/dfoiKA0gfQVpsv/U0cQ5gSG
|
||||
SQl+D+0MR1rfvKMj7YBN4IiBvjIcDxbGwG4M1yRjHojigucA8qYMAbGmfk1pTp+K
|
||||
43gSy/rSuaa3rAeYnjiqqFaBmwbCEezxT+VaIUXtj7GgSCHnuntfW6l6UcpthBu5
|
||||
eDgYkZzgyg6X4Oe9NhDtyYAKc8GuDNax3b78e6eDTw22fC8VS7bhsF+Bu8VNPv2E
|
||||
gmVlik71ZhnkTZ8xndIhRHye/1Uf8xe81NPixFH9+fa4uFNCEZTwqt9uDwcKHS8x
|
||||
em4oMmMdp/rak503JT5T9/Ty6Jcj2TndHTnBHAO2sbkhb+2mybjkqvVv1jOU1HDm
|
||||
x+I4bDM82RlOr5AME/Wz2Px6IYo+Q+UUP09y3ipxE9t+ttmqHNH57fbMwa7JwU5O
|
||||
+N2F7E+3enqQJkSLp41nJg6CApIU1K04KP826Fk+3Bp2u7bMsTLZRIX1xEXbklVU
|
||||
eAWI2wr7Qhfgt3YPwshpZ+37tOhy5+5qA9mLTSLV7QBobQ==
|
||||
-----END CERTIFICATE-----
|
||||
139
AK/openvpn/ak/keys/02.pem
Normal file
139
AK/openvpn/ak/keys/02.pem
Normal file
@ -0,0 +1,139 @@
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number: 2 (0x2)
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AK/name=VPN AK/emailAddress=argus@oopen.de
|
||||
Validity
|
||||
Not Before: Feb 6 13:37:54 2018 GMT
|
||||
Not After : Feb 6 13:37:54 2038 GMT
|
||||
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AK-chris/name=VPN AK/emailAddress=argus@oopen.de
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
Public-Key: (4096 bit)
|
||||
Modulus:
|
||||
00:9b:da:37:61:00:41:6d:0b:56:e3:cb:c8:56:28:
|
||||
0a:db:be:7b:7d:e8:91:7a:3e:3a:b7:89:91:c4:01:
|
||||
11:48:1d:c9:f9:70:28:a2:40:b2:ae:8b:8f:b2:56:
|
||||
75:79:5f:b2:6f:96:1f:e2:b8:83:c1:75:b3:f9:d2:
|
||||
42:44:a2:c6:03:48:c5:09:17:fc:77:13:cf:3a:a7:
|
||||
b2:73:39:10:07:b9:3b:a0:28:e8:da:82:07:87:17:
|
||||
86:93:95:bf:fa:5d:2a:39:68:8c:6e:d5:8e:fd:9b:
|
||||
ce:6c:28:13:8a:33:f0:6a:b4:17:07:3f:d1:7d:a5:
|
||||
a5:fc:a0:e3:26:73:49:0a:ba:d7:84:6f:a4:53:ec:
|
||||
ef:e7:17:3b:ca:b6:9d:d2:88:42:16:dc:c0:50:de:
|
||||
5e:d2:c5:88:b9:28:f0:03:d7:5e:86:cd:bc:59:7e:
|
||||
e2:d6:d5:a3:ed:cf:97:de:da:e0:cd:c8:0d:96:fa:
|
||||
06:c5:bc:6d:79:d0:65:ab:6e:f5:ee:a9:88:dd:8e:
|
||||
fb:2c:76:48:73:10:b7:5a:8b:05:ac:92:df:ce:a7:
|
||||
c8:98:e2:c4:10:a1:4a:f7:9b:b8:c0:b9:59:94:9d:
|
||||
a8:95:59:49:e1:c9:29:d6:9e:19:f7:b4:a8:aa:9e:
|
||||
92:04:ba:65:11:48:bb:f8:2e:ec:08:a4:b3:37:2e:
|
||||
2e:d2:d6:4a:ce:fc:de:15:18:78:34:97:b9:96:e3:
|
||||
c1:98:f9:0f:67:7d:ea:4d:12:ba:f2:7f:f4:9e:61:
|
||||
81:e4:61:df:ee:55:d6:17:b3:4b:c0:1b:af:30:9f:
|
||||
7f:a7:93:81:66:14:2d:08:7e:83:5d:d7:57:5c:21:
|
||||
f2:43:49:df:50:9a:58:2d:f8:b3:cb:d5:5a:91:0c:
|
||||
90:47:59:e3:5e:78:82:93:6c:db:82:7e:22:72:5c:
|
||||
47:8e:d9:49:2a:69:9e:d8:f1:70:37:d0:69:82:05:
|
||||
42:12:02:d7:f2:78:b9:88:ea:fe:92:9a:d5:20:b4:
|
||||
db:8a:e8:54:eb:61:26:05:dd:31:59:b2:e1:93:9a:
|
||||
43:82:c0:55:ff:d4:8c:d0:ba:bd:f6:c4:9a:58:73:
|
||||
14:3b:96:aa:01:fe:2d:c9:7f:f7:b5:93:2e:a7:19:
|
||||
7f:60:ab:01:e7:b1:2a:1a:a2:4e:85:a6:d9:7b:92:
|
||||
7a:ce:e3:de:50:ac:8f:65:d5:6d:9d:5e:2b:d1:86:
|
||||
de:07:22:56:18:05:52:57:85:ca:ce:25:80:69:2f:
|
||||
37:74:dc:ca:3e:42:d9:05:f7:c4:5a:77:26:d3:ec:
|
||||
52:2e:02:52:61:00:c4:06:a8:fa:4d:23:42:83:76:
|
||||
30:6f:3d:4e:7a:a6:17:fe:5e:06:a5:87:a1:37:da:
|
||||
fb:bc:87
|
||||
Exponent: 65537 (0x10001)
|
||||
X509v3 extensions:
|
||||
X509v3 Basic Constraints:
|
||||
CA:FALSE
|
||||
Netscape Comment:
|
||||
Easy-RSA Generated Certificate
|
||||
X509v3 Subject Key Identifier:
|
||||
2E:C4:A7:97:A0:8C:78:B9:B3:25:0E:B0:C4:AE:A4:40:6A:82:A7:3F
|
||||
X509v3 Authority Key Identifier:
|
||||
keyid:EA:67:95:94:1D:46:8E:44:BF:97:A4:09:BD:40:3D:00:D9:D3:EE:40
|
||||
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AK/name=VPN AK/emailAddress=argus@oopen.de
|
||||
serial:EB:02:53:87:4C:0D:73:5F
|
||||
|
||||
X509v3 Extended Key Usage:
|
||||
TLS Web Client Authentication
|
||||
X509v3 Key Usage:
|
||||
Digital Signature
|
||||
X509v3 Subject Alternative Name:
|
||||
DNS:chris
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
67:e7:39:57:e2:ee:56:68:74:6d:54:4f:0d:1d:c1:c3:21:3a:
|
||||
4c:ef:e3:31:40:ae:9b:e7:af:1c:23:ea:58:e2:fa:97:fe:e3:
|
||||
01:b8:32:ba:0b:0b:19:49:03:92:d3:86:df:e5:57:d7:d5:51:
|
||||
00:28:51:11:fd:23:e8:a1:51:47:28:06:29:4a:17:c5:93:3a:
|
||||
b8:5f:91:58:a9:4d:af:90:7d:ca:15:e0:03:3e:a0:2e:1b:89:
|
||||
ba:cb:91:8f:ed:50:7a:7b:a7:8e:54:48:54:36:92:1d:81:6b:
|
||||
07:8b:fa:73:e1:16:30:3c:ad:2a:92:b7:15:03:78:81:27:99:
|
||||
36:be:f7:cd:91:64:25:90:27:2b:76:70:77:ff:a4:c8:c8:79:
|
||||
2d:8d:39:1c:6c:56:c5:7b:5c:b2:0a:e6:77:e2:14:2e:21:6e:
|
||||
c5:61:08:37:9e:89:e8:e2:c2:06:9c:ce:93:b6:2b:82:e9:db:
|
||||
ee:d9:1c:1e:ce:1b:40:a1:c9:b1:a7:76:ba:96:80:2a:36:40:
|
||||
e2:f0:3d:68:cb:cc:8e:b3:0f:62:14:95:0c:c7:34:cf:e0:b8:
|
||||
94:d2:79:32:a0:ba:07:d9:a7:10:be:84:fb:4a:dd:d0:40:07:
|
||||
5f:8f:bb:52:70:4f:46:be:73:cf:0e:29:11:2a:52:b3:e3:57:
|
||||
b0:72:6e:a3:47:62:1f:53:d5:c7:8a:32:54:13:0b:68:8e:d6:
|
||||
8f:ff:2d:43:6c:0b:ac:38:d6:81:6f:a4:57:69:3c:27:28:da:
|
||||
60:42:01:aa:b9:4e:31:8a:de:47:c5:5c:b2:1c:9f:94:8e:93:
|
||||
b8:3e:85:f0:d6:a6:45:49:3a:14:d7:ae:d2:f3:57:c0:04:95:
|
||||
b8:0d:82:f1:f5:a4:90:c6:32:2e:72:b2:b4:5c:56:9e:fb:7a:
|
||||
16:a5:21:ac:8e:e3:c2:48:98:73:04:da:73:b9:04:14:09:7d:
|
||||
55:b9:53:71:62:94:4a:ee:49:7a:73:6c:4b:5e:02:5d:8d:ef:
|
||||
6d:60:d9:e9:69:29:10:97:a9:fd:4d:9d:d0:9c:c8:a7:26:0d:
|
||||
7f:c2:b2:e9:95:17:7b:31:25:7e:43:e6:2f:ee:23:c3:b1:7c:
|
||||
d5:0e:1c:5c:5c:49:f2:ca:1d:06:e6:ec:eb:40:21:8a:8c:59:
|
||||
b4:e0:9a:08:fa:f5:35:34:bd:1c:c5:e8:dd:f4:d5:ff:7b:ac:
|
||||
5b:19:15:d7:5d:09:1c:fe:25:07:e7:b0:7e:ad:4a:e0:78:05:
|
||||
8d:2a:b8:7c:d2:9a:4d:19:0b:d5:15:03:f9:c6:fe:bd:2f:6c:
|
||||
de:26:3b:1e:38:44:6f:77:13:7b:b5:09:3a:b3:bc:54:fa:38:
|
||||
56:05:ae:58:35:58:53:85
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIHIjCCBQqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
|
||||
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
|
||||
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1BSzEP
|
||||
MA0GA1UEKRMGVlBOIEFLMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
|
||||
Fw0xODAyMDYxMzM3NTRaFw0zODAyMDYxMzM3NTRaMIGiMQswCQYDVQQGEwJERTEP
|
||||
MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
|
||||
bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEVMBMGA1UEAxMMVlBOLUFLLWNo
|
||||
cmlzMQ8wDQYDVQQpEwZWUE4gQUsxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
|
||||
LmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAm9o3YQBBbQtW48vI
|
||||
VigK2757feiRej46t4mRxAERSB3J+XAookCyrouPslZ1eV+yb5Yf4riDwXWz+dJC
|
||||
RKLGA0jFCRf8dxPPOqeyczkQB7k7oCjo2oIHhxeGk5W/+l0qOWiMbtWO/ZvObCgT
|
||||
ijPwarQXBz/RfaWl/KDjJnNJCrrXhG+kU+zv5xc7yrad0ohCFtzAUN5e0sWIuSjw
|
||||
A9dehs28WX7i1tWj7c+X3trgzcgNlvoGxbxtedBlq2717qmI3Y77LHZIcxC3WosF
|
||||
rJLfzqfImOLEEKFK95u4wLlZlJ2olVlJ4ckp1p4Z97Soqp6SBLplEUi7+C7sCKSz
|
||||
Ny4u0tZKzvzeFRh4NJe5luPBmPkPZ33qTRK68n/0nmGB5GHf7lXWF7NLwBuvMJ9/
|
||||
p5OBZhQtCH6DXddXXCHyQ0nfUJpYLfizy9VakQyQR1njXniCk2zbgn4iclxHjtlJ
|
||||
Kmme2PFwN9BpggVCEgLX8ni5iOr+kprVILTbiuhU62EmBd0xWbLhk5pDgsBV/9SM
|
||||
0Lq99sSaWHMUO5aqAf4tyX/3tZMupxl/YKsB57EqGqJOhabZe5J6zuPeUKyPZdVt
|
||||
nV4r0YbeByJWGAVSV4XKziWAaS83dNzKPkLZBffEWncm0+xSLgJSYQDEBqj6TSNC
|
||||
g3Ywbz1OeqYX/l4GpYehN9r7vIcCAwEAAaOCAWUwggFhMAkGA1UdEwQCMAAwLQYJ
|
||||
YIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV
|
||||
HQ4EFgQULsSnl6CMeLmzJQ6wxK6kQGqCpz8wgdEGA1UdIwSByTCBxoAU6meVlB1G
|
||||
jkS/l6QJvUA9ANnT7kChgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC
|
||||
ZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQL
|
||||
ExBOZXR3b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tQUsxDzANBgNVBCkTBlZQ
|
||||
TiBBSzEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDrAlOHTA1zXzAT
|
||||
BgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEAYDVR0RBAkwB4IFY2hy
|
||||
aXMwDQYJKoZIhvcNAQELBQADggIBAGfnOVfi7lZodG1UTw0dwcMhOkzv4zFArpvn
|
||||
rxwj6lji+pf+4wG4MroLCxlJA5LTht/lV9fVUQAoURH9I+ihUUcoBilKF8WTOrhf
|
||||
kVipTa+QfcoV4AM+oC4bibrLkY/tUHp7p45USFQ2kh2BaweL+nPhFjA8rSqStxUD
|
||||
eIEnmTa+982RZCWQJyt2cHf/pMjIeS2NORxsVsV7XLIK5nfiFC4hbsVhCDeeieji
|
||||
wgaczpO2K4Lp2+7ZHB7OG0ChybGndrqWgCo2QOLwPWjLzI6zD2IUlQzHNM/guJTS
|
||||
eTKgugfZpxC+hPtK3dBAB1+Pu1JwT0a+c88OKREqUrPjV7BybqNHYh9T1ceKMlQT
|
||||
C2iO1o//LUNsC6w41oFvpFdpPCco2mBCAaq5TjGK3kfFXLIcn5SOk7g+hfDWpkVJ
|
||||
OhTXrtLzV8AElbgNgvH1pJDGMi5ysrRcVp77ehalIayO48JImHME2nO5BBQJfVW5
|
||||
U3FilEruSXpzbEteAl2N721g2elpKRCXqf1NndCcyKcmDX/CsumVF3sxJX5D5i/u
|
||||
I8OxfNUOHFxcSfLKHQbm7OtAIYqMWbTgmgj69TU0vRzF6N301f97rFsZFdddCRz+
|
||||
JQfnsH6tSuB4BY0quHzSmk0ZC9UVA/nG/r0vbN4mOx44RG93E3u1CTqzvFT6OFYF
|
||||
rlg1WFOF
|
||||
-----END CERTIFICATE-----
|
||||
39
AK/openvpn/ak/keys/ca.crt
Normal file
39
AK/openvpn/ak/keys/ca.crt
Normal file
@ -0,0 +1,39 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIGxjCCBK6gAwIBAgIJAOsCU4dMDXNfMA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD
|
||||
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
|
||||
BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEPMA0GA1UEAxMG
|
||||
VlBOLUFLMQ8wDQYDVQQpEwZWUE4gQUsxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
|
||||
cGVuLmRlMCAXDTE4MDIwNjEyMTIxNVoYDzIwNTAwMjA2MTIxMjE1WjCBnDELMAkG
|
||||
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
|
||||
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMT
|
||||
BlZQTi1BSzEPMA0GA1UEKRMGVlBOIEFLMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
|
||||
b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKYNRn3v3bgu
|
||||
7yd9rSSHGfKeKuCoT/KQg8054E0HB7zOjCpI3HMrK+UaA/BB47k82aj4zrGBz179
|
||||
Gw3E7EqlMXUeUfWa46FADakj6QrimSzaIctCy5bCHCogBV0HhVaMnTO6+GCoPuLP
|
||||
D779zJ/YzIO3476pWIVuK5AAgqobyGaJ5OPR0rUWrl1yQK48yYQfSbnU0IcchDny
|
||||
VS42E64k+TbOixg5dRHxr/8JQ6UbPHJWE5oePbm5Rx345jV2dU3QjfJTe8HtoUeL
|
||||
TwHsSE+JilWxq1ID4sEIY7+5bvaQCsjVUwim5XHg/8iv0ekHlwmFmz/ycQ1+xMcz
|
||||
NzBqpuZCqkY4NJHclZGwS5L1dEfaLLEAKueUbqFURsyMSoKb0N5S78Gf96E6PgJV
|
||||
De+YtbdxM3S3EAa0Y0NkukBHUGOPiBd9g2EnbW4GfKhsPPWMOWFANl22xupgt5SU
|
||||
HnqF71ofKCNi2Zkc32lJzbHQNIO86N52wI2E8F8iy9SJ2+969SsCxNhBKP8pRFaG
|
||||
9HSeRoi8nTsDcYczERlEb5qhA8+rWho4XpWgDXE4qrT0wmuMqoo1bTPCDsGSkzUe
|
||||
CdUD5/m174RVrnc0o+SyHLIGuS2XpU9KuPBLV4d8CzKakGLudUG/4ikntBZBW7hL
|
||||
IJOOGAv3kaWOj3GbfF/zNza2lC/WvMiXAgMBAAGjggEFMIIBATAdBgNVHQ4EFgQU
|
||||
6meVlB1GjkS/l6QJvUA9ANnT7kAwgdEGA1UdIwSByTCBxoAU6meVlB1GjkS/l6QJ
|
||||
vUA9ANnT7kChgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
|
||||
DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3
|
||||
b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tQUsxDzANBgNVBCkTBlZQTiBBSzEd
|
||||
MBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDrAlOHTA1zXzAMBgNVHRME
|
||||
BTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQAMzcwewxPfcS4H5YYlvYgmy4iCUson
|
||||
vz4RVsyQxinlmnBDMZc7YrkERSQ8O9GWq2Qzge0c0xaEMZxhrkosQi7mAL4JrFjr
|
||||
i1fWYYsocBd/6ZXNkro3uJ231RyOiNWGaFNc3kkorWeGlQmlJsYSK2jtEZtezTGu
|
||||
4yEHZwDLK7ArI1IydUAJ1K4k/P0YLsQw4fcMXtJF5GRpunwy2VGXBOF2WlIMHaMU
|
||||
XKpFDOZGlvnbshIoDuNhdTSVZ3UWkNQSfMnVjv1UDNsxleeJWIjpvB/wNDsIgMmd
|
||||
y4DWJzYO8p9w4bBq4GEdvhiL5tNFdHPRS3v42zAmsjvyJChUbFWApXRdb8p8dmtP
|
||||
qneRvgUKTc+03nv5z7bO653yzuxRCk/4g8SqMKC6qIMeKEOcG9ZDEGs3YJ3d2NMg
|
||||
OHSEkfXSJKGkQfaM3vORjF3zuC6ZFpNSYMMVctAwLfwu7q0YdOfIWPsUFgAtaePp
|
||||
JRDpVjbWGk+/WDVIWO/tVEFmy1xT7CPMEMgMbTGl1mGPezPBeAqgs4LXWlYgQfox
|
||||
K2BhLOD+YwlfvDUaJPhp10oJ6rhfnveTPhmhGslTZzaLYShP1Bg5J21gZf7+Wou7
|
||||
fwpliRLlB8gFk6czpGspmyGdTPjqXOvVxIqffmxRtzsMZJSEJWV/6023AxQdnFz2
|
||||
U7OFfF99B7LFVw==
|
||||
-----END CERTIFICATE-----
|
||||
52
AK/openvpn/ak/keys/ca.key
Normal file
52
AK/openvpn/ak/keys/ca.key
Normal file
@ -0,0 +1,52 @@
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCmDUZ97924Lu8n
|
||||
fa0khxnynirgqE/ykIPNOeBNBwe8zowqSNxzKyvlGgPwQeO5PNmo+M6xgc9e/RsN
|
||||
xOxKpTF1HlH1muOhQA2pI+kK4pks2iHLQsuWwhwqIAVdB4VWjJ0zuvhgqD7izw++
|
||||
/cyf2MyDt+O+qViFbiuQAIKqG8hmieTj0dK1Fq5dckCuPMmEH0m51NCHHIQ58lUu
|
||||
NhOuJPk2zosYOXUR8a//CUOlGzxyVhOaHj25uUcd+OY1dnVN0I3yU3vB7aFHi08B
|
||||
7EhPiYpVsatSA+LBCGO/uW72kArI1VMIpuVx4P/Ir9HpB5cJhZs/8nENfsTHMzcw
|
||||
aqbmQqpGODSR3JWRsEuS9XRH2iyxACrnlG6hVEbMjEqCm9DeUu/Bn/ehOj4CVQ3v
|
||||
mLW3cTN0txAGtGNDZLpAR1Bjj4gXfYNhJ21uBnyobDz1jDlhQDZdtsbqYLeUlB56
|
||||
he9aHygjYtmZHN9pSc2x0DSDvOjedsCNhPBfIsvUidvvevUrAsTYQSj/KURWhvR0
|
||||
nkaIvJ07A3GHMxEZRG+aoQPPq1oaOF6VoA1xOKq09MJrjKqKNW0zwg7BkpM1HgnV
|
||||
A+f5te+EVa53NKPkshyyBrktl6VPSrjwS1eHfAsympBi7nVBv+IpJ7QWQVu4SyCT
|
||||
jhgL95Gljo9xm3xf8zc2tpQv1rzIlwIDAQABAoICAA4dhMeB02QrwTKnMUewoFkK
|
||||
bvSn+hvRgxK3/8Qse9Dl8e5KQUsc+V9BReJvh28gqBQACnn2Ye1eMKWL/tYdksW0
|
||||
7RymrQDxE/gz0ESXnJO+ey7vH6VSHNjL3gjZcdE4pMhX9XMp+iaHmXwP0QwpfsEX
|
||||
qal0dczp35QfJvxU3kUxJZ7kIDg6lFnnM25cRnkPu9GrMIq7ttXCLtF90VB1XiX1
|
||||
isdlYvlChUZ1wCVR2mKRxJrORUr7X/tBRDh5OGGD//0Acb27eIE/a1jrf/4a4AKG
|
||||
1txi7iygjPIoTjFxbylBUQykO07h5Hxnzb00YvdxPxBBiLCv/QQ960wXVNawBg9M
|
||||
9TH/PZ2nx2xYdTbz6YNMAjkTfAXkMnkBiHGtxSWjLfAKNg0CvBT+7dOJUO4MWD6H
|
||||
rg3Q3HKTPl7qLq3I47YB/Buc4FfRg6YPmzhTzlqfzpOeAsLlZSZgKu4MMT8jh+FZ
|
||||
swvAfVshdRDlWH0A1v+QcOaXq3WHFjzmyvRs+IuR5bR6cVfzkBywSPygsIxDi3gq
|
||||
9Y74CIlywJdwuLQc7owJ/wjrzVanerwlTXe1u8YGCOsE/NkjHOhfLqQAD2RE8pee
|
||||
q0qfqqUKNhDRCWae9HMd65teX9XQ+yg/+LIEGyisKAuLpx5Xpcnqhu8RRorrTUIx
|
||||
FzjkQxcqFRveeNsDLUUpAoIBAQDWhbV2+mSBYTCveVeSA1tBII3mO4/RQ/GlHM0u
|
||||
8XLY0NhKk+TTSPYXOpZlVdcMwnuEVKPY1y8+/H0sdjdLPKbX3qAebus8jQc8Xvcr
|
||||
p8FM/TAr3g4KfyjGWtuYns5f0msiuDwu8Bc8T8dlw40Ba+m3mhxxW8wtS0LiCjtp
|
||||
iaJV3A4OOmRAL2UH/okd9DBLxi4X2AjY0EqH8o+GaMD8b6VUfpROENV3KfsRMaYo
|
||||
z6ep7v0QWwxK5L2XIJy7tQQEXumHBbt0P6TaiV4rBFEpQ9wpdfUnk8oEkXHRvu44
|
||||
jV7EYOBfqVGVIdzYol7pGcmznCBWd6SM/lAkOGxu0Alcw20DAoIBAQDGKGgeH0tD
|
||||
i2UU+Cmf3OggTCZpRDy+Io2E6XW5wkRy1Xg8/Bp57mWqAV8Hss25HixYtSjqbHGJ
|
||||
XkQdB9nZKD7NhlomFYBEm2subgLVWSE01XzrzjZxJXQPgf24jETC6xHsNAt6ONyP
|
||||
tiUftIskoHVkjpFmkVksAypyBALVaGJgemUwabFubq0xUPSRl3W1RnOyIDqXe/jQ
|
||||
tKMB9/r8i3mBoC5oK3Vwp6o3rQf3M6FBa7FAzapYXDCqHCBmjjStthNfvAUX31Kw
|
||||
a1kLzvpIpo8BhXXsy91pdhy6nxfCHv5bAbwLJdWYDARUifzw1ROhjj408v56nnBB
|
||||
IMwLuCJuYY/dAoIBAEU+T36iAAMK/g4F2tBUqQXynhrsqtVfWwZyr4Axi2KUttwL
|
||||
tNbGPDjvPlBjTtDdjcT/FQwPGT75fOX3Go38e9Y+E+z+3Itk8ir4dEvxECHrr7rZ
|
||||
KCsXNHAiL7Opvu+LGe3RDgwQj092aOReJIuK65vJ8NheSx9rpaEUsGy2cmHIb/kD
|
||||
vAxDwBa+gD/c7CHpTEOCBgkF4qjTEKTP90sENpd5bCFuqZiXQmUgY4PU00e0zpaS
|
||||
7PrXrqKzciPcn/lRMYvVu9YgHPQ1VuIHuLLbJptzabhmqdSjpduQB5DVgPteUc5O
|
||||
9vhuP7zlXEFdg4+oG4ANil3AUNoAJG/4Uq1Qn0UCggEBAKAUHmBPKY8MOgFhpMan
|
||||
P8Jvogwh+uwin67Cpr8EyCT4fGTPyFe+FdTrvKhMctLcJDkZSE9wgZvWUjIdmIhM
|
||||
cce4hHUFo5RI9aIRbyqJEUFMQdmAwgxPlF2+xofikN3h5p2pQahf7RYPsBfX0xwo
|
||||
oA02+xEf1Ciw+gYXZW6fH/IOjlY43AR5VmJjot9GuulRW7+HN64OkWeQtaqueMyx
|
||||
o9vq2fJ/QSVb3S+TEb9KrzdZV10hiD5PY2TYyffvY3D9iNMq4fZyC6vHXK0kbJ5q
|
||||
J1a0SRqdamV67CR6x0ejoBlG4nEjBFULSCg/PN4VVAGMFobR0nCeM9L5Or0w6GfB
|
||||
WuUCggEAckvTl30f7e+8hEq6GyXmc8445JxoDOWtVpUMO0wfKQFjBctIX4LDRuHx
|
||||
lssvyoVzZAPvcZxSC0vAOz3vB+QqDrPZBUT76uFYmuwmtOyu5bylwFfj52cwYciZ
|
||||
4Capr7HRwA8Q8/fDFZNey1vmw1paCEsr6Javw3wW6jz1ojMANQfwxcNrWlVAyxOM
|
||||
fMhIkAvgV6x2YLwurmMPxUnmnEuo6KIRy0oMpPIVTCghjU2nygTkB+DISzPTd53m
|
||||
ln8pIUtg5vyDpMQnt0KgCT7xwaYdHdkokzrXWi01pZtp/n7A0Rh3uLCFUmtV4OTj
|
||||
4Oj5DBZmk/i6ez4YnL7/SoQRfBdtlw==
|
||||
-----END PRIVATE KEY-----
|
||||
139
AK/openvpn/ak/keys/chris.crt
Normal file
139
AK/openvpn/ak/keys/chris.crt
Normal file
@ -0,0 +1,139 @@
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number: 2 (0x2)
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AK/name=VPN AK/emailAddress=argus@oopen.de
|
||||
Validity
|
||||
Not Before: Feb 6 13:37:54 2018 GMT
|
||||
Not After : Feb 6 13:37:54 2038 GMT
|
||||
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AK-chris/name=VPN AK/emailAddress=argus@oopen.de
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
Public-Key: (4096 bit)
|
||||
Modulus:
|
||||
00:9b:da:37:61:00:41:6d:0b:56:e3:cb:c8:56:28:
|
||||
0a:db:be:7b:7d:e8:91:7a:3e:3a:b7:89:91:c4:01:
|
||||
11:48:1d:c9:f9:70:28:a2:40:b2:ae:8b:8f:b2:56:
|
||||
75:79:5f:b2:6f:96:1f:e2:b8:83:c1:75:b3:f9:d2:
|
||||
42:44:a2:c6:03:48:c5:09:17:fc:77:13:cf:3a:a7:
|
||||
b2:73:39:10:07:b9:3b:a0:28:e8:da:82:07:87:17:
|
||||
86:93:95:bf:fa:5d:2a:39:68:8c:6e:d5:8e:fd:9b:
|
||||
ce:6c:28:13:8a:33:f0:6a:b4:17:07:3f:d1:7d:a5:
|
||||
a5:fc:a0:e3:26:73:49:0a:ba:d7:84:6f:a4:53:ec:
|
||||
ef:e7:17:3b:ca:b6:9d:d2:88:42:16:dc:c0:50:de:
|
||||
5e:d2:c5:88:b9:28:f0:03:d7:5e:86:cd:bc:59:7e:
|
||||
e2:d6:d5:a3:ed:cf:97:de:da:e0:cd:c8:0d:96:fa:
|
||||
06:c5:bc:6d:79:d0:65:ab:6e:f5:ee:a9:88:dd:8e:
|
||||
fb:2c:76:48:73:10:b7:5a:8b:05:ac:92:df:ce:a7:
|
||||
c8:98:e2:c4:10:a1:4a:f7:9b:b8:c0:b9:59:94:9d:
|
||||
a8:95:59:49:e1:c9:29:d6:9e:19:f7:b4:a8:aa:9e:
|
||||
92:04:ba:65:11:48:bb:f8:2e:ec:08:a4:b3:37:2e:
|
||||
2e:d2:d6:4a:ce:fc:de:15:18:78:34:97:b9:96:e3:
|
||||
c1:98:f9:0f:67:7d:ea:4d:12:ba:f2:7f:f4:9e:61:
|
||||
81:e4:61:df:ee:55:d6:17:b3:4b:c0:1b:af:30:9f:
|
||||
7f:a7:93:81:66:14:2d:08:7e:83:5d:d7:57:5c:21:
|
||||
f2:43:49:df:50:9a:58:2d:f8:b3:cb:d5:5a:91:0c:
|
||||
90:47:59:e3:5e:78:82:93:6c:db:82:7e:22:72:5c:
|
||||
47:8e:d9:49:2a:69:9e:d8:f1:70:37:d0:69:82:05:
|
||||
42:12:02:d7:f2:78:b9:88:ea:fe:92:9a:d5:20:b4:
|
||||
db:8a:e8:54:eb:61:26:05:dd:31:59:b2:e1:93:9a:
|
||||
43:82:c0:55:ff:d4:8c:d0:ba:bd:f6:c4:9a:58:73:
|
||||
14:3b:96:aa:01:fe:2d:c9:7f:f7:b5:93:2e:a7:19:
|
||||
7f:60:ab:01:e7:b1:2a:1a:a2:4e:85:a6:d9:7b:92:
|
||||
7a:ce:e3:de:50:ac:8f:65:d5:6d:9d:5e:2b:d1:86:
|
||||
de:07:22:56:18:05:52:57:85:ca:ce:25:80:69:2f:
|
||||
37:74:dc:ca:3e:42:d9:05:f7:c4:5a:77:26:d3:ec:
|
||||
52:2e:02:52:61:00:c4:06:a8:fa:4d:23:42:83:76:
|
||||
30:6f:3d:4e:7a:a6:17:fe:5e:06:a5:87:a1:37:da:
|
||||
fb:bc:87
|
||||
Exponent: 65537 (0x10001)
|
||||
X509v3 extensions:
|
||||
X509v3 Basic Constraints:
|
||||
CA:FALSE
|
||||
Netscape Comment:
|
||||
Easy-RSA Generated Certificate
|
||||
X509v3 Subject Key Identifier:
|
||||
2E:C4:A7:97:A0:8C:78:B9:B3:25:0E:B0:C4:AE:A4:40:6A:82:A7:3F
|
||||
X509v3 Authority Key Identifier:
|
||||
keyid:EA:67:95:94:1D:46:8E:44:BF:97:A4:09:BD:40:3D:00:D9:D3:EE:40
|
||||
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AK/name=VPN AK/emailAddress=argus@oopen.de
|
||||
serial:EB:02:53:87:4C:0D:73:5F
|
||||
|
||||
X509v3 Extended Key Usage:
|
||||
TLS Web Client Authentication
|
||||
X509v3 Key Usage:
|
||||
Digital Signature
|
||||
X509v3 Subject Alternative Name:
|
||||
DNS:chris
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
67:e7:39:57:e2:ee:56:68:74:6d:54:4f:0d:1d:c1:c3:21:3a:
|
||||
4c:ef:e3:31:40:ae:9b:e7:af:1c:23:ea:58:e2:fa:97:fe:e3:
|
||||
01:b8:32:ba:0b:0b:19:49:03:92:d3:86:df:e5:57:d7:d5:51:
|
||||
00:28:51:11:fd:23:e8:a1:51:47:28:06:29:4a:17:c5:93:3a:
|
||||
b8:5f:91:58:a9:4d:af:90:7d:ca:15:e0:03:3e:a0:2e:1b:89:
|
||||
ba:cb:91:8f:ed:50:7a:7b:a7:8e:54:48:54:36:92:1d:81:6b:
|
||||
07:8b:fa:73:e1:16:30:3c:ad:2a:92:b7:15:03:78:81:27:99:
|
||||
36:be:f7:cd:91:64:25:90:27:2b:76:70:77:ff:a4:c8:c8:79:
|
||||
2d:8d:39:1c:6c:56:c5:7b:5c:b2:0a:e6:77:e2:14:2e:21:6e:
|
||||
c5:61:08:37:9e:89:e8:e2:c2:06:9c:ce:93:b6:2b:82:e9:db:
|
||||
ee:d9:1c:1e:ce:1b:40:a1:c9:b1:a7:76:ba:96:80:2a:36:40:
|
||||
e2:f0:3d:68:cb:cc:8e:b3:0f:62:14:95:0c:c7:34:cf:e0:b8:
|
||||
94:d2:79:32:a0:ba:07:d9:a7:10:be:84:fb:4a:dd:d0:40:07:
|
||||
5f:8f:bb:52:70:4f:46:be:73:cf:0e:29:11:2a:52:b3:e3:57:
|
||||
b0:72:6e:a3:47:62:1f:53:d5:c7:8a:32:54:13:0b:68:8e:d6:
|
||||
8f:ff:2d:43:6c:0b:ac:38:d6:81:6f:a4:57:69:3c:27:28:da:
|
||||
60:42:01:aa:b9:4e:31:8a:de:47:c5:5c:b2:1c:9f:94:8e:93:
|
||||
b8:3e:85:f0:d6:a6:45:49:3a:14:d7:ae:d2:f3:57:c0:04:95:
|
||||
b8:0d:82:f1:f5:a4:90:c6:32:2e:72:b2:b4:5c:56:9e:fb:7a:
|
||||
16:a5:21:ac:8e:e3:c2:48:98:73:04:da:73:b9:04:14:09:7d:
|
||||
55:b9:53:71:62:94:4a:ee:49:7a:73:6c:4b:5e:02:5d:8d:ef:
|
||||
6d:60:d9:e9:69:29:10:97:a9:fd:4d:9d:d0:9c:c8:a7:26:0d:
|
||||
7f:c2:b2:e9:95:17:7b:31:25:7e:43:e6:2f:ee:23:c3:b1:7c:
|
||||
d5:0e:1c:5c:5c:49:f2:ca:1d:06:e6:ec:eb:40:21:8a:8c:59:
|
||||
b4:e0:9a:08:fa:f5:35:34:bd:1c:c5:e8:dd:f4:d5:ff:7b:ac:
|
||||
5b:19:15:d7:5d:09:1c:fe:25:07:e7:b0:7e:ad:4a:e0:78:05:
|
||||
8d:2a:b8:7c:d2:9a:4d:19:0b:d5:15:03:f9:c6:fe:bd:2f:6c:
|
||||
de:26:3b:1e:38:44:6f:77:13:7b:b5:09:3a:b3:bc:54:fa:38:
|
||||
56:05:ae:58:35:58:53:85
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIHIjCCBQqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
|
||||
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
|
||||
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1BSzEP
|
||||
MA0GA1UEKRMGVlBOIEFLMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
|
||||
Fw0xODAyMDYxMzM3NTRaFw0zODAyMDYxMzM3NTRaMIGiMQswCQYDVQQGEwJERTEP
|
||||
MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
|
||||
bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEVMBMGA1UEAxMMVlBOLUFLLWNo
|
||||
cmlzMQ8wDQYDVQQpEwZWUE4gQUsxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
|
||||
LmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAm9o3YQBBbQtW48vI
|
||||
VigK2757feiRej46t4mRxAERSB3J+XAookCyrouPslZ1eV+yb5Yf4riDwXWz+dJC
|
||||
RKLGA0jFCRf8dxPPOqeyczkQB7k7oCjo2oIHhxeGk5W/+l0qOWiMbtWO/ZvObCgT
|
||||
ijPwarQXBz/RfaWl/KDjJnNJCrrXhG+kU+zv5xc7yrad0ohCFtzAUN5e0sWIuSjw
|
||||
A9dehs28WX7i1tWj7c+X3trgzcgNlvoGxbxtedBlq2717qmI3Y77LHZIcxC3WosF
|
||||
rJLfzqfImOLEEKFK95u4wLlZlJ2olVlJ4ckp1p4Z97Soqp6SBLplEUi7+C7sCKSz
|
||||
Ny4u0tZKzvzeFRh4NJe5luPBmPkPZ33qTRK68n/0nmGB5GHf7lXWF7NLwBuvMJ9/
|
||||
p5OBZhQtCH6DXddXXCHyQ0nfUJpYLfizy9VakQyQR1njXniCk2zbgn4iclxHjtlJ
|
||||
Kmme2PFwN9BpggVCEgLX8ni5iOr+kprVILTbiuhU62EmBd0xWbLhk5pDgsBV/9SM
|
||||
0Lq99sSaWHMUO5aqAf4tyX/3tZMupxl/YKsB57EqGqJOhabZe5J6zuPeUKyPZdVt
|
||||
nV4r0YbeByJWGAVSV4XKziWAaS83dNzKPkLZBffEWncm0+xSLgJSYQDEBqj6TSNC
|
||||
g3Ywbz1OeqYX/l4GpYehN9r7vIcCAwEAAaOCAWUwggFhMAkGA1UdEwQCMAAwLQYJ
|
||||
YIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV
|
||||
HQ4EFgQULsSnl6CMeLmzJQ6wxK6kQGqCpz8wgdEGA1UdIwSByTCBxoAU6meVlB1G
|
||||
jkS/l6QJvUA9ANnT7kChgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC
|
||||
ZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQL
|
||||
ExBOZXR3b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tQUsxDzANBgNVBCkTBlZQ
|
||||
TiBBSzEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDrAlOHTA1zXzAT
|
||||
BgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEAYDVR0RBAkwB4IFY2hy
|
||||
aXMwDQYJKoZIhvcNAQELBQADggIBAGfnOVfi7lZodG1UTw0dwcMhOkzv4zFArpvn
|
||||
rxwj6lji+pf+4wG4MroLCxlJA5LTht/lV9fVUQAoURH9I+ihUUcoBilKF8WTOrhf
|
||||
kVipTa+QfcoV4AM+oC4bibrLkY/tUHp7p45USFQ2kh2BaweL+nPhFjA8rSqStxUD
|
||||
eIEnmTa+982RZCWQJyt2cHf/pMjIeS2NORxsVsV7XLIK5nfiFC4hbsVhCDeeieji
|
||||
wgaczpO2K4Lp2+7ZHB7OG0ChybGndrqWgCo2QOLwPWjLzI6zD2IUlQzHNM/guJTS
|
||||
eTKgugfZpxC+hPtK3dBAB1+Pu1JwT0a+c88OKREqUrPjV7BybqNHYh9T1ceKMlQT
|
||||
C2iO1o//LUNsC6w41oFvpFdpPCco2mBCAaq5TjGK3kfFXLIcn5SOk7g+hfDWpkVJ
|
||||
OhTXrtLzV8AElbgNgvH1pJDGMi5ysrRcVp77ehalIayO48JImHME2nO5BBQJfVW5
|
||||
U3FilEruSXpzbEteAl2N721g2elpKRCXqf1NndCcyKcmDX/CsumVF3sxJX5D5i/u
|
||||
I8OxfNUOHFxcSfLKHQbm7OtAIYqMWbTgmgj69TU0vRzF6N301f97rFsZFdddCRz+
|
||||
JQfnsH6tSuB4BY0quHzSmk0ZC9UVA/nG/r0vbN4mOx44RG93E3u1CTqzvFT6OFYF
|
||||
rlg1WFOF
|
||||
-----END CERTIFICATE-----
|
||||
29
AK/openvpn/ak/keys/chris.csr
Normal file
29
AK/openvpn/ak/keys/chris.csr
Normal file
@ -0,0 +1,29 @@
|
||||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIIE6DCCAtACAQAwgaIxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
|
||||
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
|
||||
IFNlcnZpY2VzMRUwEwYDVQQDEwxWUE4tQUstY2hyaXMxDzANBgNVBCkTBlZQTiBB
|
||||
SzEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEB
|
||||
AQUAA4ICDwAwggIKAoICAQCb2jdhAEFtC1bjy8hWKArbvnt96JF6Pjq3iZHEARFI
|
||||
Hcn5cCiiQLKui4+yVnV5X7Jvlh/iuIPBdbP50kJEosYDSMUJF/x3E886p7JzORAH
|
||||
uTugKOjaggeHF4aTlb/6XSo5aIxu1Y79m85sKBOKM/BqtBcHP9F9paX8oOMmc0kK
|
||||
uteEb6RT7O/nFzvKtp3SiEIW3MBQ3l7SxYi5KPAD116GzbxZfuLW1aPtz5fe2uDN
|
||||
yA2W+gbFvG150GWrbvXuqYjdjvssdkhzELdaiwWskt/Op8iY4sQQoUr3m7jAuVmU
|
||||
naiVWUnhySnWnhn3tKiqnpIEumURSLv4LuwIpLM3Li7S1krO/N4VGHg0l7mW48GY
|
||||
+Q9nfepNErryf/SeYYHkYd/uVdYXs0vAG68wn3+nk4FmFC0IfoNd11dcIfJDSd9Q
|
||||
mlgt+LPL1VqRDJBHWeNeeIKTbNuCfiJyXEeO2UkqaZ7Y8XA30GmCBUISAtfyeLmI
|
||||
6v6SmtUgtNuK6FTrYSYF3TFZsuGTmkOCwFX/1IzQur32xJpYcxQ7lqoB/i3Jf/e1
|
||||
ky6nGX9gqwHnsSoaok6Fptl7knrO495QrI9l1W2dXivRht4HIlYYBVJXhcrOJYBp
|
||||
Lzd03Mo+QtkF98RadybT7FIuAlJhAMQGqPpNI0KDdjBvPU56phf+Xgalh6E32vu8
|
||||
hwIDAQABoAAwDQYJKoZIhvcNAQELBQADggIBAGhjr8r2wIjgRUBCHjdtz8PpAiCs
|
||||
EcsgSy8gPqueiora4B6IVMtHu1x/SahQRUASzBDrwaRuo+6nppiVfNOEa2ep63Gb
|
||||
AKnn1RzhPLAUpSkUBeFW0yNdbaNTReDUvlNTLNMxqQDL1DcWWer1GjIz3+lw7E5w
|
||||
mzwDOhyIh4LYCnRCC5wzeOABys5XDgo/KJsBQSbMRRsvsE/Q52GS0+giVZ6RZydu
|
||||
efkugGAAocvxPGlYSMScjwZVwqvbjTMnjq4NKMp38Z0RjwzBqZJ2UMEx4ZRUrlke
|
||||
SFvRT7m8zLe9fdBJLD+tVEBVyeyhNooGMSf0EKtqp78WpEfSIoFDg/CAXJi5+CCE
|
||||
MeelEI6bh6H7YTyNGsqgVJokFq/SYwiPBRSOty0yVn4HY1TMGPVT245ytnyJ1IaA
|
||||
e3eBF7RK4okXyVmsCsVYHM1qLroLOKcJvNVXkVuVw2FsyAooSmGHENRYTeYseGIo
|
||||
CmZOMuHc2CeimB8rHcZEN8aVyeE34EqNNAALQD+wL46XcdkO/P2MRbvBbCnc/7hH
|
||||
ocs8vL7idg14wk0bZTJI2Cb8RHdbUaFBRoUHGU+bwM7FK2J+KVRrTNAJBx0eeNQ3
|
||||
cvR6MRCl9Qt3/Ug/QmCWzxkmJ1b9oXWRR9YZBGyli0ODGKAJReo/q3tg1MOQosB5
|
||||
e90Bda4vLDdfzUk5
|
||||
-----END CERTIFICATE REQUEST-----
|
||||
54
AK/openvpn/ak/keys/chris.key
Normal file
54
AK/openvpn/ak/keys/chris.key
Normal file
@ -0,0 +1,54 @@
|
||||
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
||||
MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI8D+IDkooTeUCAggA
|
||||
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECOeFJGd9/t0cBIIJSBRyHxbI/0Jv
|
||||
mraoNvyjbi4l27LhE8fsI6p7f5YIg2kMATDHyrnt4uPUnv8d1ah+C39TdNpu9Sbt
|
||||
HPEljwfULWlkWQbkCvvESfIufjhdiIphA4krzxTdofs/afR24v6HehYa2F9rnWoH
|
||||
iEb+c0El8YV+AvWU7mp1Mr3l6DYGvnioSGm6a+G1Ww2RouKFKAOSsKE2ozUNGAsr
|
||||
jXROHfpk4MdlsZBySHuMfmatoDyPYEYcnvJ67n378aShBb4OXP15Q4qY3O4nnwe4
|
||||
/QeBSjiuumcJE3Xu+QpiyftnaPH4jgOiCKqUQtXIgTzR0MbosE5epsvZHj0BeCGF
|
||||
VUq52VV6sFnsOphairq186juiFs3HRIfW1xcjk8uQVk88gKf/JswYDeBvXxRfOde
|
||||
gO2LhE9Q1Jej4buqet0xWuVe4r3YAcittfesXrsVjx+9NJPujBm5Iz/wbW72xo0J
|
||||
+OqLQiq9DOcO/K7Gzt6x6TJ1VfG1bbAii52YyOK5acCzJFPp/C385jTv7yF8NGDY
|
||||
E6ROoGzU5jMkLs0WYiJvQimMeX4rPWXxVyCCerSyBFAfSDkY++9yXjjtgWICDYzd
|
||||
GJKOSnp52T1gHEf+IPdxUwPm6MrVcbY+dQqyXXSeKZdGkPuRK5WVz8qtAIAMvoKo
|
||||
jjSI55MLhxSGdJFX0nYOfbzU4LTlnKeTzSby929dyWwDu1/tRVzhWkiyDCBxUVkA
|
||||
MXc6csOSRm9gV4lgILQlc+XLTa+5mOdCz//sP49DdoiPuosclRfJPQp1LIXGoKm6
|
||||
s0Qwvw6hpa5aPUrzDpAtgA6j59YZU1QSE57vYUNVoyDJo/6X/bk0hwh+LE18XC6l
|
||||
KchLtOWf3D8Ca2TLWpIsUWuW7zuySG35A5OQhmzJXe7Fbx02MW1ppvDDRP6t366a
|
||||
qMlIQgQYhN9Bj3lNYdrMragqURfUQhCTWQG5CXfbKXgQHSQsA8F0XnpmtXq9gtaq
|
||||
7foW3ecw6asOfTM2imgTfLGFtkybRfA0ZInUgz2WSikZwrG7wIjeSJ0OIg4ckI9y
|
||||
bKLDMwNJGeyGZcdcsJVBxjaKje0Il9UZJxJGQ+p+BAj82cWrMFbloVNgnHEcOu5v
|
||||
KI88ucMUTOaPS/bPSo2Orj5UQIID/2lqymoqXvFLqX2ftYQT/xkGFdm2cjB/7x3T
|
||||
jsvFZezPjUcWp5t0oJncER0vWM29aTSwWyybyeGX1TWrvul85aRBr3RU4OZ2e/9P
|
||||
/W4g/pDXDuuYxqIWkxwAlcuncmcb0OfR+GBKelIPKsItlyoBS2tRFAaUCjItV4PJ
|
||||
PAopqedq4QT4mypmw+5MKObRqfdpxDoKCHzJhakDmw77miXdON2V1M7xWk+kfD9B
|
||||
H8t1QdJyzB87FQwsXlrMVh1jF+m0PIytM3l4DNqIft8AYEulbinkeB67XAhWGIqo
|
||||
IAmxhYpFfhWxmECDwUQ+nrrz6jW0LJtZKwUITH5C42BBw0I5OmVJhYNlStj8VayR
|
||||
ykkAeoiC361DKvlqHabh6KRZT/yhNtQ2TH13UGgOBDeXUQMGaKhYmdUiEjnuek4P
|
||||
lbu4cG1BtjIHtpD1LRON29rvRGw44FEEeuxmd+KyJfLdJWJQ/zjXg3owM/cZzAum
|
||||
t1qbMwxEE/EZJdRhD5cyVoWiAiFmgRfjPpv3CUCPP88QvdueRURe+i53TbqFGVqR
|
||||
dRs5hC6gjJ/nTnmF5ZjsbYqy+IKWCiGNjZA8P3pKzgXY4J45y6rRD8HNVZqWzIen
|
||||
rD2OOpvchPVCJPJUk5L7AreaMZENAyciKuLtBOp+D2INo+exE+IVaBtM5NeNnKXn
|
||||
7veiczJguLkUXMQXyxYLv7J49RbAA2WQNRcbLGuJklFVkyWYdtB+nGejMdiHjkri
|
||||
bVJcGazlJmFXhBhwEHROEJW3SOLcPwsfxjDE7LmzF80uCZbG6HFDVjPkyGZGz6y5
|
||||
g9+Kh4dQuboCT+3nhGYTUxcRe6FzHWBplq/tBPmyJNeTCvNBpOD8xVlNOi/2PUTx
|
||||
FsaIE3XGnJH9E5GpLoYA9K6oHW0w1rb7U5P0Z9arTKhPyeQYlUJwNjrLUAw++pgl
|
||||
QfY3MR8VMLAzZ/jbp0k30JE2SPAE8Bnoe3U0oQOwhGJCS36hQnMsWtW+CF+OIeV1
|
||||
Uwz+OysJKWQbB1QLUDYN36D5XRIwwcDyt3+RIl34hSai8PWC/IA52SytS8d0z+bc
|
||||
L4bavw/5JNVgGTmrMYYvFa2vY2f5VHoLnfdB7hnZJzHfbkpziuD4qB9Q/bxmywDF
|
||||
lYnZq19t2LHtE+z8Arv+NEhJULUz86O7bZq2PjWe46FhNwzVxZdtsJWH/KSg137S
|
||||
DcdAc7a4yNk3602EFBUTIKWeEuEr6SsPG9IjBq6gZbCiPbSRj8EhH8pk2d40/64B
|
||||
1ZMS/7Qd1qES1G/ggC7Xby0ggRGR9D8Uu9Ismd6EOZ1pnNP8bfeajnCyNo17MAsH
|
||||
I/2W2ZF847wjoC8kmPHxWiN3pbGaHeZb4bwNw5PxuQboGxY4nR8yf7qxOgv4ST7T
|
||||
08V+nDawKDL43vSz9cWK6Q0Cdhpsc6H72rv3eMXcQ9+6oOrsG/VsqNtUxXX0dAUB
|
||||
nqlgPLfmyneVJwBfRboDEicxEvsJtxLDNe5PKyYk1ilCmD1vi8hWu9JPp4LBmLgm
|
||||
wr9HEL0qNz8E8QLQkBPxmdOXH4bx9bagN2/TMd7As9h2klZ1gru+Vq9VZ7/gE+gh
|
||||
kbG5VlmhGQycNP2b0JZauA9fsNwAFEqsHczGw7fKdtAscm4b09DJe3o8gpdVqIFe
|
||||
qi+zdZl9NhUyvcNU67hfoTxe7hmy2Ht7hkrNnlUfCPPLIip6a75TiEOUsZMpEHBV
|
||||
h2NNoWmnOBiFT8ptA9vSAuJZifrsjK3DPDuLIN6Le/XAMLOMA2mYdxA/fB6A67Vc
|
||||
9Sr/DgK6DCTZ1Z3PaND6W+tY6LM73LfolSPOGYGcL10F0exEcIkWDEF9z3lqfUrg
|
||||
mPnbi3GzA/zFz0HE8+4wcb9zUzmfunaZGSemPXVtDkco/UgsTOfduyV7C2FDYhTQ
|
||||
yXlrj+lZYazKF2wu7kDvho4kmudkKTmfsv6/1k2+GybWisNIQmxCe8KsjZVB+f9E
|
||||
dQq6AzY/4SWMmC2h0E9ou5x4qWiVZPyX6l5dN9kmkwleGZQf/kTJaL5SKcR8RFy7
|
||||
v0RsRna9sOxc6YrsiqAeGg==
|
||||
-----END ENCRYPTED PRIVATE KEY-----
|
||||
1
AK/openvpn/ak/keys/crl.pem
Symbolic link
1
AK/openvpn/ak/keys/crl.pem
Symbolic link
@ -0,0 +1 @@
|
||||
../crl.pem
|
||||
13
AK/openvpn/ak/keys/dh4096.pem
Normal file
13
AK/openvpn/ak/keys/dh4096.pem
Normal file
@ -0,0 +1,13 @@
|
||||
-----BEGIN DH PARAMETERS-----
|
||||
MIICCAKCAgEAmxffquckZfZCrGEUJ5w3NnbbyHYlpyaqhZw9HumlHGhKq2K8bnIq
|
||||
fTwPNvpUqYK14yJxjbw2ZZIEQhP5qacYeWVLHGOegjqgWgGzZZUgnbBzfrvzFVEQ
|
||||
ewif3TFNpFN9k53or+MyWyORs/XdpOO0TalkTdwWprk3fAPJBgE3ExXremHp7qgI
|
||||
KfLWHTF1vGPuzgLYnYFSymcEgJhbt6VoS3LmwccoTkycvyXoz0M5w9gwMao0rJJh
|
||||
mCeLE1vgbQBJkMw6EU59HS68TmNvAEzwzg7MWWORVzl047/8MukFGqWbdJdhVqd3
|
||||
TilZWOdv44r0d0R+TdlT/+zMrDwYOfh/E72ofxGcf7awz4AekmL4kEg1yUX2biiF
|
||||
Ex2A09wGklSJWrGr/k2zTSx0I6gBso2Y/8MFaUnTsBM6XEPD+CpDvEc1y++aDUyP
|
||||
UvBdL9tqwNZ44u8ijWjxyqdUmUKo+wBCK0ztH2yl07bL5CJxqIGFjZpoIj4WKskI
|
||||
OM5bIoyDEcK5qVJxfCBmuszhcQh254iS7xZkzZ/sDyN2L3B6v+rYgK8OUAK0gIOY
|
||||
f4iHtiPVG9Xxpt4XniAcvs9VB/aYOhgCMdTg5CVQXyK66fnTgicslU9smMOoGDew
|
||||
ARruSU55xTFZb9Fi6nu7XZbodP1ANUGZROvl0V8zyoq89LLoMSVtIvsCAQI=
|
||||
-----END DH PARAMETERS-----
|
||||
2
AK/openvpn/ak/keys/index.txt
Normal file
2
AK/openvpn/ak/keys/index.txt
Normal file
@ -0,0 +1,2 @@
|
||||
V 380206123716Z 01 unknown /C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AK-server/name=VPN AK/emailAddress=argus@oopen.de
|
||||
V 380206133754Z 02 unknown /C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AK-chris/name=VPN AK/emailAddress=argus@oopen.de
|
||||
1
AK/openvpn/ak/keys/index.txt.attr
Normal file
1
AK/openvpn/ak/keys/index.txt.attr
Normal file
@ -0,0 +1 @@
|
||||
unique_subject = yes
|
||||
1
AK/openvpn/ak/keys/index.txt.attr.old
Normal file
1
AK/openvpn/ak/keys/index.txt.attr.old
Normal file
@ -0,0 +1 @@
|
||||
unique_subject = yes
|
||||
1
AK/openvpn/ak/keys/index.txt.old
Normal file
1
AK/openvpn/ak/keys/index.txt.old
Normal file
@ -0,0 +1 @@
|
||||
V 380206123716Z 01 unknown /C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AK-server/name=VPN AK/emailAddress=argus@oopen.de
|
||||
1
AK/openvpn/ak/keys/serial
Normal file
1
AK/openvpn/ak/keys/serial
Normal file
@ -0,0 +1 @@
|
||||
03
|
||||
1
AK/openvpn/ak/keys/serial.old
Normal file
1
AK/openvpn/ak/keys/serial.old
Normal file
@ -0,0 +1 @@
|
||||
02
|
||||
141
AK/openvpn/ak/keys/server.crt
Normal file
141
AK/openvpn/ak/keys/server.crt
Normal file
@ -0,0 +1,141 @@
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number: 1 (0x1)
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AK/name=VPN AK/emailAddress=argus@oopen.de
|
||||
Validity
|
||||
Not Before: Feb 6 12:37:16 2018 GMT
|
||||
Not After : Feb 6 12:37:16 2038 GMT
|
||||
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AK-server/name=VPN AK/emailAddress=argus@oopen.de
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
Public-Key: (4096 bit)
|
||||
Modulus:
|
||||
00:c3:e5:c6:ea:48:8b:ac:0a:03:79:75:38:5b:f0:
|
||||
4a:42:eb:30:af:31:fe:cd:81:25:29:7d:eb:7c:fb:
|
||||
2d:fe:73:f3:3a:bd:fc:fa:09:c7:36:3a:dc:52:22:
|
||||
d3:7f:01:d3:3d:c3:86:01:c0:ec:76:6a:89:0c:49:
|
||||
e9:12:41:72:8e:41:b0:35:23:d0:35:5f:21:00:3f:
|
||||
be:80:03:ac:e2:f8:05:3a:bc:19:0a:48:13:8a:56:
|
||||
4d:65:ea:9a:8d:00:51:52:4f:8c:1f:8a:fa:bd:39:
|
||||
41:e2:7e:a6:d9:5c:42:a6:40:2a:88:59:54:91:5b:
|
||||
6d:69:ec:21:84:aa:fa:41:75:7b:8d:08:1f:7a:f9:
|
||||
71:60:73:60:9b:31:73:32:27:5c:34:2e:7f:ff:f8:
|
||||
be:26:eb:dd:aa:c1:b6:c2:70:d1:90:b5:47:e3:c9:
|
||||
2e:d3:bc:3d:11:69:58:aa:36:93:1a:11:b5:94:ca:
|
||||
e2:44:1a:9b:4d:3b:04:63:cd:d8:28:57:8c:f6:35:
|
||||
70:bd:fe:bb:ef:8c:95:82:91:a8:c1:2a:8d:d4:77:
|
||||
57:64:a5:cc:57:f3:b1:8a:2f:52:d8:d8:8d:e2:e1:
|
||||
3c:21:49:bf:b0:42:71:3a:71:cf:4f:5a:18:99:79:
|
||||
44:d1:72:06:4a:7d:30:29:fe:a7:43:2c:92:23:9b:
|
||||
69:2f:d2:88:3c:6c:c9:d1:8e:cd:d3:5d:24:3e:c9:
|
||||
f3:b5:8b:60:99:48:ff:90:bf:ad:f3:f7:3b:c6:7d:
|
||||
27:8f:d2:b8:88:02:0a:03:91:8a:3d:3c:25:53:6d:
|
||||
07:59:6c:b1:0d:f8:e5:93:02:58:54:60:0b:29:08:
|
||||
39:92:71:01:dc:0d:8d:b2:94:87:4b:08:39:20:cf:
|
||||
a7:e5:3b:66:91:c5:01:15:3c:2c:df:6a:9d:4b:48:
|
||||
b5:5e:fa:3f:6d:49:11:2b:92:bc:7a:46:70:b0:cf:
|
||||
cd:79:be:90:e1:ce:41:fa:43:31:cd:bb:b7:34:5f:
|
||||
c7:71:80:75:83:6e:f6:45:a0:ee:a7:b4:de:43:f1:
|
||||
fc:df:19:d8:6d:00:b5:ae:59:17:f7:7d:19:cd:c8:
|
||||
b7:4a:92:da:6d:ad:3c:d5:b0:db:6e:5b:b8:2d:62:
|
||||
d5:5f:e4:23:b0:65:8c:b5:da:d8:27:0a:34:9e:32:
|
||||
02:7e:bc:89:39:aa:7f:b2:07:26:2e:39:0a:21:c6:
|
||||
da:4e:d2:cf:53:45:9f:c2:9c:d0:c6:86:37:20:60:
|
||||
9c:7d:14:3a:2f:1c:5c:50:36:5d:d3:15:2e:94:f1:
|
||||
04:b8:22:4b:c9:85:6a:ec:59:ec:e2:01:e3:c9:e1:
|
||||
02:56:40:c1:8f:01:61:68:26:72:89:de:ba:29:2f:
|
||||
15:8f:d5
|
||||
Exponent: 65537 (0x10001)
|
||||
X509v3 extensions:
|
||||
X509v3 Basic Constraints:
|
||||
CA:FALSE
|
||||
Netscape Cert Type:
|
||||
SSL Server
|
||||
Netscape Comment:
|
||||
Easy-RSA Generated Server Certificate
|
||||
X509v3 Subject Key Identifier:
|
||||
3F:C0:FA:95:43:C6:88:A3:2E:18:8E:43:3C:BA:1C:97:2F:70:C7:59
|
||||
X509v3 Authority Key Identifier:
|
||||
keyid:EA:67:95:94:1D:46:8E:44:BF:97:A4:09:BD:40:3D:00:D9:D3:EE:40
|
||||
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AK/name=VPN AK/emailAddress=argus@oopen.de
|
||||
serial:EB:02:53:87:4C:0D:73:5F
|
||||
|
||||
X509v3 Extended Key Usage:
|
||||
TLS Web Server Authentication
|
||||
X509v3 Key Usage:
|
||||
Digital Signature, Key Encipherment
|
||||
X509v3 Subject Alternative Name:
|
||||
DNS:server
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
14:3a:a6:f8:86:88:7c:db:9b:ce:b1:59:57:de:3e:e0:34:7d:
|
||||
ce:a3:95:15:f8:89:54:e3:d4:02:0e:b8:51:35:14:4d:e9:31:
|
||||
21:25:3c:77:55:d4:b2:9b:f0:d5:b1:80:6d:ef:e7:86:f4:e7:
|
||||
e9:03:5a:12:c2:5b:42:e5:90:8a:8e:e5:f9:83:13:6d:60:43:
|
||||
aa:13:1f:f2:99:3d:66:84:ec:21:1f:68:a6:b5:64:ad:c3:e2:
|
||||
d0:6f:96:9f:eb:37:94:12:a7:89:94:de:5c:69:4c:8f:f8:75:
|
||||
b8:76:c7:81:c7:88:81:34:6d:cf:ea:23:eb:05:87:a1:fd:d7:
|
||||
e8:88:a0:34:81:f4:15:a6:cb:ff:53:47:10:e6:04:86:49:09:
|
||||
7e:0f:ed:0c:47:5a:df:bc:a3:23:ed:80:4d:e0:88:81:be:32:
|
||||
1c:0f:16:c6:c0:6e:0c:d7:24:63:1e:88:e2:82:e7:00:f2:a6:
|
||||
0c:01:b1:a6:7e:4d:69:4e:9f:8a:e3:78:12:cb:fa:d2:b9:a6:
|
||||
b7:ac:07:98:9e:38:aa:a8:56:81:9b:06:c2:11:ec:f1:4f:e5:
|
||||
5a:21:45:ed:8f:b1:a0:48:21:e7:ba:7b:5f:5b:a9:7a:51:ca:
|
||||
6d:84:1b:b9:78:38:18:91:9c:e0:ca:0e:97:e0:e7:bd:36:10:
|
||||
ed:c9:80:0a:73:c1:ae:0c:d6:b1:dd:be:fc:7b:a7:83:4f:0d:
|
||||
b6:7c:2f:15:4b:b6:e1:b0:5f:81:bb:c5:4d:3e:fd:84:82:65:
|
||||
65:8a:4e:f5:66:19:e4:4d:9f:31:9d:d2:21:44:7c:9e:ff:55:
|
||||
1f:f3:17:bc:d4:d3:e2:c4:51:fd:f9:f6:b8:b8:53:42:11:94:
|
||||
f0:aa:df:6e:0f:07:0a:1d:2f:31:7a:6e:28:32:63:1d:a7:fa:
|
||||
da:93:9d:37:25:3e:53:f7:f4:f2:e8:97:23:d9:39:dd:1d:39:
|
||||
c1:1c:03:b6:b1:b9:21:6f:ed:a6:c9:b8:e4:aa:f5:6f:d6:33:
|
||||
94:d4:70:e6:c7:e2:38:6c:33:3c:d9:19:4e:af:90:0c:13:f5:
|
||||
b3:d8:fc:7a:21:8a:3e:43:e5:14:3f:4f:72:de:2a:71:13:db:
|
||||
7e:b6:d9:aa:1c:d1:f9:ed:f6:cc:c1:ae:c9:c1:4e:4e:f8:dd:
|
||||
85:ec:4f:b7:7a:7a:90:26:44:8b:a7:8d:67:26:0e:82:02:92:
|
||||
14:d4:ad:38:28:ff:36:e8:59:3e:dc:1a:76:bb:b6:cc:b1:32:
|
||||
d9:44:85:f5:c4:45:db:92:55:54:78:05:88:db:0a:fb:42:17:
|
||||
e0:b7:76:0f:c2:c8:69:67:ed:fb:b4:e8:72:e7:ee:6a:03:d9:
|
||||
8b:4d:22:d5:ed:00:68:6d
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIHPjCCBSagAwIBAgIBATANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
|
||||
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
|
||||
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1BSzEP
|
||||
MA0GA1UEKRMGVlBOIEFLMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
|
||||
Fw0xODAyMDYxMjM3MTZaFw0zODAyMDYxMjM3MTZaMIGjMQswCQYDVQQGEwJERTEP
|
||||
MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
|
||||
bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEWMBQGA1UEAxMNVlBOLUFLLXNl
|
||||
cnZlcjEPMA0GA1UEKRMGVlBOIEFLMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Bl
|
||||
bi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMPlxupIi6wKA3l1
|
||||
OFvwSkLrMK8x/s2BJSl963z7Lf5z8zq9/PoJxzY63FIi038B0z3DhgHA7HZqiQxJ
|
||||
6RJBco5BsDUj0DVfIQA/voADrOL4BTq8GQpIE4pWTWXqmo0AUVJPjB+K+r05QeJ+
|
||||
ptlcQqZAKohZVJFbbWnsIYSq+kF1e40IH3r5cWBzYJsxczInXDQuf//4vibr3arB
|
||||
tsJw0ZC1R+PJLtO8PRFpWKo2kxoRtZTK4kQam007BGPN2ChXjPY1cL3+u++MlYKR
|
||||
qMEqjdR3V2SlzFfzsYovUtjYjeLhPCFJv7BCcTpxz09aGJl5RNFyBkp9MCn+p0Ms
|
||||
kiObaS/SiDxsydGOzdNdJD7J87WLYJlI/5C/rfP3O8Z9J4/SuIgCCgORij08JVNt
|
||||
B1lssQ345ZMCWFRgCykIOZJxAdwNjbKUh0sIOSDPp+U7ZpHFARU8LN9qnUtItV76
|
||||
P21JESuSvHpGcLDPzXm+kOHOQfpDMc27tzRfx3GAdYNu9kWg7qe03kPx/N8Z2G0A
|
||||
ta5ZF/d9Gc3It0qS2m2tPNWw225buC1i1V/kI7BljLXa2CcKNJ4yAn68iTmqf7IH
|
||||
Ji45CiHG2k7Sz1NFn8Kc0MaGNyBgnH0UOi8cXFA2XdMVLpTxBLgiS8mFauxZ7OIB
|
||||
48nhAlZAwY8BYWgmconeuikvFY/VAgMBAAGjggGAMIIBfDAJBgNVHRMEAjAAMBEG
|
||||
CWCGSAGG+EIBAQQEAwIGQDA0BglghkgBhvhCAQ0EJxYlRWFzeS1SU0EgR2VuZXJh
|
||||
dGVkIFNlcnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUP8D6lUPGiKMuGI5DPLoc
|
||||
ly9wx1kwgdEGA1UdIwSByTCBxoAU6meVlB1GjkS/l6QJvUA9ANnT7kChgaKkgZ8w
|
||||
gZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxp
|
||||
bjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMQ8w
|
||||
DQYDVQQDEwZWUE4tQUsxDzANBgNVBCkTBlZQTiBBSzEdMBsGCSqGSIb3DQEJARYO
|
||||
YXJndXNAb29wZW4uZGWCCQDrAlOHTA1zXzATBgNVHSUEDDAKBggrBgEFBQcDATAL
|
||||
BgNVHQ8EBAMCBaAwEQYDVR0RBAowCIIGc2VydmVyMA0GCSqGSIb3DQEBCwUAA4IC
|
||||
AQAUOqb4hoh825vOsVlX3j7gNH3Oo5UV+IlU49QCDrhRNRRN6TEhJTx3VdSym/DV
|
||||
sYBt7+eG9OfpA1oSwltC5ZCKjuX5gxNtYEOqEx/ymT1mhOwhH2imtWStw+LQb5af
|
||||
6zeUEqeJlN5caUyP+HW4dseBx4iBNG3P6iPrBYeh/dfoiKA0gfQVpsv/U0cQ5gSG
|
||||
SQl+D+0MR1rfvKMj7YBN4IiBvjIcDxbGwG4M1yRjHojigucA8qYMAbGmfk1pTp+K
|
||||
43gSy/rSuaa3rAeYnjiqqFaBmwbCEezxT+VaIUXtj7GgSCHnuntfW6l6UcpthBu5
|
||||
eDgYkZzgyg6X4Oe9NhDtyYAKc8GuDNax3b78e6eDTw22fC8VS7bhsF+Bu8VNPv2E
|
||||
gmVlik71ZhnkTZ8xndIhRHye/1Uf8xe81NPixFH9+fa4uFNCEZTwqt9uDwcKHS8x
|
||||
em4oMmMdp/rak503JT5T9/Ty6Jcj2TndHTnBHAO2sbkhb+2mybjkqvVv1jOU1HDm
|
||||
x+I4bDM82RlOr5AME/Wz2Px6IYo+Q+UUP09y3ipxE9t+ttmqHNH57fbMwa7JwU5O
|
||||
+N2F7E+3enqQJkSLp41nJg6CApIU1K04KP826Fk+3Bp2u7bMsTLZRIX1xEXbklVU
|
||||
eAWI2wr7Qhfgt3YPwshpZ+37tOhy5+5qA9mLTSLV7QBobQ==
|
||||
-----END CERTIFICATE-----
|
||||
29
AK/openvpn/ak/keys/server.csr
Normal file
29
AK/openvpn/ak/keys/server.csr
Normal file
@ -0,0 +1,29 @@
|
||||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIIE6TCCAtECAQAwgaMxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
|
||||
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
|
||||
IFNlcnZpY2VzMRYwFAYDVQQDEw1WUE4tQUstc2VydmVyMQ8wDQYDVQQpEwZWUE4g
|
||||
QUsxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0B
|
||||
AQEFAAOCAg8AMIICCgKCAgEAw+XG6kiLrAoDeXU4W/BKQuswrzH+zYElKX3rfPst
|
||||
/nPzOr38+gnHNjrcUiLTfwHTPcOGAcDsdmqJDEnpEkFyjkGwNSPQNV8hAD++gAOs
|
||||
4vgFOrwZCkgTilZNZeqajQBRUk+MH4r6vTlB4n6m2VxCpkAqiFlUkVttaewhhKr6
|
||||
QXV7jQgfevlxYHNgmzFzMidcNC5///i+JuvdqsG2wnDRkLVH48ku07w9EWlYqjaT
|
||||
GhG1lMriRBqbTTsEY83YKFeM9jVwvf6774yVgpGowSqN1HdXZKXMV/Oxii9S2NiN
|
||||
4uE8IUm/sEJxOnHPT1oYmXlE0XIGSn0wKf6nQyySI5tpL9KIPGzJ0Y7N010kPsnz
|
||||
tYtgmUj/kL+t8/c7xn0nj9K4iAIKA5GKPTwlU20HWWyxDfjlkwJYVGALKQg5knEB
|
||||
3A2NspSHSwg5IM+n5TtmkcUBFTws32qdS0i1Xvo/bUkRK5K8ekZwsM/Neb6Q4c5B
|
||||
+kMxzbu3NF/HcYB1g272RaDup7TeQ/H83xnYbQC1rlkX930Zzci3SpLaba081bDb
|
||||
blu4LWLVX+QjsGWMtdrYJwo0njICfryJOap/sgcmLjkKIcbaTtLPU0WfwpzQxoY3
|
||||
IGCcfRQ6LxxcUDZd0xUulPEEuCJLyYVq7Fns4gHjyeECVkDBjwFhaCZyid66KS8V
|
||||
j9UCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4ICAQC5aW3rFx5zyYIB//RCPRps8/Mk
|
||||
6kVL28rh6PWtHgiftPEc06Zk5eKK9E/4yefavu+vqQXC2ZbhjG/YNUyMeyEOGnmn
|
||||
LXXnMSdx/xHvv3LlB6AJC5knkNjtKllXez+t49Q4siB9TFIPUI/6dLZnGNNoWhZk
|
||||
+HNvcGkXeMKgUxje6B9t7p80PdFJkwSLGinydCWwMU3a9yXKE3Bc/NA6JL2P1flJ
|
||||
Pfql2037CgUeOTCuej7mJ0Qfs0kheVjAdJg94A8Yg+Szl3ycmU12UFl3us23Aw30
|
||||
R9fF+KFeQsb0OV/IvWwvSgnpKfHUMM+M1SNQezd3fA4d8YC8ayBTXS3VFFzefd12
|
||||
x8e58j1fUVpvCDG4+uVfnL3jh4Wndp/t3RQKu8i+VPeuAD80FaH7wsFtPVGtI7UZ
|
||||
0NOrC69914a/sMC5MQNTBj4ed9+Lux4Q8afk1UOfBf7vL9CoLpkJINu5MXFz3tGA
|
||||
oqtDRLHbcanDoEvveFx8DcYNy6UFpiyqSbxKLBjSlvIfzJJzBmLfinS6JGxOwLv5
|
||||
JpqxtEtrG+f18GxThQT8I/57HU6VH1VQ3rUKjN6b3syQVFCdFuNhy6LzgIzHd3wa
|
||||
hVlJwrbidnTVxv/69vsAicdwAdPDOmxvZXN4hOj+tMCI8Ez3iiPl8UlJrecC4efh
|
||||
sepxiWMN9PHGwj58wA==
|
||||
-----END CERTIFICATE REQUEST-----
|
||||
52
AK/openvpn/ak/keys/server.key
Normal file
52
AK/openvpn/ak/keys/server.key
Normal file
@ -0,0 +1,52 @@
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQDD5cbqSIusCgN5
|
||||
dThb8EpC6zCvMf7NgSUpfet8+y3+c/M6vfz6Ccc2OtxSItN/AdM9w4YBwOx2aokM
|
||||
SekSQXKOQbA1I9A1XyEAP76AA6zi+AU6vBkKSBOKVk1l6pqNAFFST4wfivq9OUHi
|
||||
fqbZXEKmQCqIWVSRW21p7CGEqvpBdXuNCB96+XFgc2CbMXMyJ1w0Ln//+L4m692q
|
||||
wbbCcNGQtUfjyS7TvD0RaViqNpMaEbWUyuJEGptNOwRjzdgoV4z2NXC9/rvvjJWC
|
||||
kajBKo3Ud1dkpcxX87GKL1LY2I3i4TwhSb+wQnE6cc9PWhiZeUTRcgZKfTAp/qdD
|
||||
LJIjm2kv0og8bMnRjs3TXSQ+yfO1i2CZSP+Qv63z9zvGfSeP0riIAgoDkYo9PCVT
|
||||
bQdZbLEN+OWTAlhUYAspCDmScQHcDY2ylIdLCDkgz6flO2aRxQEVPCzfap1LSLVe
|
||||
+j9tSRErkrx6RnCwz815vpDhzkH6QzHNu7c0X8dxgHWDbvZFoO6ntN5D8fzfGdht
|
||||
ALWuWRf3fRnNyLdKktptrTzVsNtuW7gtYtVf5COwZYy12tgnCjSeMgJ+vIk5qn+y
|
||||
ByYuOQohxtpO0s9TRZ/CnNDGhjcgYJx9FDovHFxQNl3TFS6U8QS4IkvJhWrsWezi
|
||||
AePJ4QJWQMGPAWFoJnKJ3ropLxWP1QIDAQABAoICAGSW9FEQ90dbzPTtEAeFl1xN
|
||||
UC5lyaTUj7SCiA0hHTjvaRHcxK3Pn49lIgS7BUbONR4d7A2ydrlHcx/wQ9Gv8ZbC
|
||||
fCyNOzhspJFwKe2p9XiGSokiVOlGoWIDdrLCiKGmbBuL5TO9NYs8f2xCBILQMRkV
|
||||
EcH5vMb233PoYD2zXdWG8e41IZUPyPvxwsVt2u0B8QKKbgeOPnXV33jzB1lIfROF
|
||||
QmjgwT7QBbuPEIw2gcp9FXRVyWGXF+/MQjDNXhU4/5TdVAr7Zp1W3t6w1Kp7o2BZ
|
||||
93IjAI6Y/60pJ61ZZWH+rdWZ/OgQ9ftAvWbNqJwF/SRfHIPbTIQD0vdXR6MpBhU2
|
||||
PeqFBVA1+FEuZMqEwCoRqG7+HK0XyT2dpxqwnEn5+JGGC2bn1VvWZJY4iXwNQpMf
|
||||
lJj3ybj4WVN4sSiIBsTrNasMomzacwHALxfNkjo945I5U4VMxuBP1ZofBf0gunDT
|
||||
Qb9kBXmNN0sveZSRYLq2innU79Tl7cfMvCD8n0in4mhE4dKBifZYOIElYDVKghSj
|
||||
No6dzkRXzgesOxH7iiNyCXEe8UD9Flq8/LLb78GEcFR2CmA4l9CgC2w9XvDi3dsM
|
||||
BCUZok1eKcOLoD9R5KLDOQPxSgjIl1wKmHqysJEcBBrBiCaN49ebDAyztUAsvZLh
|
||||
MU80aau8N2sF+pHZl5/xAoIBAQDmepHNcx+VeNub6HDtW2RYwyuTPM/5seWH6RUq
|
||||
414cNmQeY0NSZXun6Zr5tSWka5WNJ2gVjF8EPFMM1HrIEBF6JxtsteMKiy37rKdA
|
||||
vgaB2EEO6bn4ZwpHHVhE45eH+qve+cttWoWQ2TjuHEry8XDpKSnkeI24ZJs2TfNZ
|
||||
Gv9sbyYMX1SF+Hgs9dZ6NEQj8j1zA3GF/POLNjyBwgbttY5mhkhJOp8AD0gTnrvT
|
||||
TJMLuwHag62Y647BgfgeHyhAvEisw9DJZDVmSXLxfoP1UzE95gRNMpcXJju3iH8Q
|
||||
s6K0ba1jJTAK8jXoYOitzFeJTpWkI/nwvnS5+KdLtufPqlMfAoIBAQDZlu0mBOR2
|
||||
FlIbzlf/gdbMSxUcjYIV/tCUtwPJUBKBgw6RqxhYPt3pEP5OoDfO+el6n/KJdKbO
|
||||
LGgeHBVt+m0NV0R2UFhX/n4rRq0KUFyk4ksWPp9vIyLcXVBH/udCv+LEM/sXANN/
|
||||
lD8PCtFCEFSX20w9abmBqf9hV5EdP6430myyrHY6SuBxSnZojZD0IAsAWy1WEvas
|
||||
8dIXlrG+VtfNLIPv3j7pEzjbDCIRv9/pxOp3NhrJDwG5tDUUymv8JdG5TI5srsSm
|
||||
l+8L2BCVyi+ld+KvAY2X+D5KRz6xahcNLBfRmWCfDzvp/N4oOniv5x6d3JkRivDx
|
||||
0qcLWQGANdKLAoIBAAeho1ZEK5WNbOgaqDKTxhzSSY0UhGZmJ416gELtSF5yxpni
|
||||
+4Ws6o1CxOjjwJ1TGp6T4XRlM3g2byGLn40kSw/aX6QX2a6tsRYWP2t7X0fJW04d
|
||||
GxVIhCSaqiONzaSo/ivh5YR3bNjA+IuZ0Dl/GRf/Tu3LuBWU7za7GgWnSTHT9FSQ
|
||||
i4HsGj6S3Ukqld8C1FoMkSO4nm/LmfFJ9WTFkDOA2r/h+wXLe716kgmLDYtj48nS
|
||||
dlsL4awym36T1YdfNKDT0wP4F3SNlgq8/62N1aGRDi9oL2yKzYtkL6Dj8c07nHQd
|
||||
9RtHrdVF8C5hB7z6JyZKMqpwA/lsbE2rfr13jE0CggEAXs42+AjLrnQdRIZMq0Rc
|
||||
XdkdErrJgmHradCwMqfT2GBNGcUtr019DQ7db0654lHbnBVS7PdJsq2AlBXydF/X
|
||||
4icy6kYpp/V37c02mjbXlvQOeVvBxf/OMavqzePPybKn0ItBjQ1MGdty+k/hS2Ko
|
||||
KR5hAqUtMcTrQ/OOg+r6MtJZkCQ6wz1au6IRI48DKItJn9caUtWia0pWGvcK7P8T
|
||||
ug76UapJSO6aKD8KHSe4HTgyXMzTMOV7//j3494q3MtxrMYhjFM91cR/YG69Ezbs
|
||||
ObGZsF0B38RHB8AxHcY20wNyQV4NzmAp39LQzUBk02flXC0A+LbMMuFw7S3TzJQm
|
||||
7wKCAQALfyxJuegfxtmOViXFMp5jedBH+KnKegSJVpA70zIF3aNZmZJxoEt6ycq5
|
||||
DdsyyGBXeyO8+ezMnarjH78mjYjkBzQ7rjT9UDsVurHe/G7iRiZOqprHLG8doDq0
|
||||
EKQY3Tv7Me/gxNtMfK4bbFSMNHmnAGdN694eWMdK+vHmWTsIV8nmnKLnuvtEqjJL
|
||||
mOQVKpjYHwuI1UvT5fx8nrSXjAAZgzbhJ4PRyeLcauD+2HexvYlVdJCw6is4F3p3
|
||||
hmWdl5ymlriQCeklYGHOB4GTi7vYtqUCluBgAXAG+IqxZyNcHl9bnr+/AZiEza1T
|
||||
eLSf7Xmij6hlGsHXShHU2/Rq5iar
|
||||
-----END PRIVATE KEY-----
|
||||
21
AK/openvpn/ak/keys/ta.key
Normal file
21
AK/openvpn/ak/keys/ta.key
Normal file
@ -0,0 +1,21 @@
|
||||
#
|
||||
# 2048 bit OpenVPN static key
|
||||
#
|
||||
-----BEGIN OpenVPN Static key V1-----
|
||||
6ba2290fe261ac9beea46806d40e5667
|
||||
f5f0149c4b65bbad8c2c5ee859b29c49
|
||||
ea7edf2232bd81b43f1e9409d4c39d92
|
||||
de7d1d585330fdf6a617531896bff6af
|
||||
7cb96947de1e4153efc626fa93641f60
|
||||
7f3ce648d309155f2724318b119e6212
|
||||
d8f736d8997ee84ed55050d526c2849e
|
||||
685c531da93df302ee6ec2cf6c32c2c7
|
||||
0a08aee8d9efc3ef0a2a3611b92dcc88
|
||||
13aba6c2a566f297bbb63470b4cc098a
|
||||
e8631344b68825a1299101e3d0995274
|
||||
f0b404ed4a34579ceb3235a7f7597158
|
||||
ed052b0d74f3fca57344151330858dd4
|
||||
741deb038c30416db61b6ebd984957f2
|
||||
f5483a7dc8ac95c5d5a0ca9fa8f26901
|
||||
f85d64bac4b39ed010e52c07f0d30b68
|
||||
-----END OpenVPN Static key V1-----
|
||||
Reference in New Issue
Block a user