o.open/Office_Networks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Christoph
2018-05-08 03:01:03 +02:00
commit 1c4c595cd6
3256 changed files with 417972 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
Kanzlei-Kiel/openvpn/ccd/.wh..wh..opq Normal file
View File

7
Kanzlei-Kiel/openvpn/ccd/server-gw-ckubu/VPN-Kanzlei-Kiel-gw-ckubu Normal file
View File

@ -0,0 +1,7 @@
ifconfig-push 10.1.100.2 255.255.255.0
push "route 192.168.100.0 255.255.255.0 10.1.100.1"
push "route 192.168.101.0 255.255.255.0 10.1.100.1"
push "route 172.16.101.0 255.255.255.0 10.1.100.1"
push "route 172.16.102.0 255.255.255.0 10.1.100.1"
iroute 192.168.63.0 255.255.255.0
iroute 192.168.64.0 255.255.255.0

1
Kanzlei-Kiel/openvpn/ccd/server-home/VPN-Kanzlei-Kiel-axel Normal file
View File

@ -0,0 +1 @@
ifconfig-push 10.0.100.3 255.255.255.0

1
Kanzlei-Kiel/openvpn/ccd/server-home/VPN-Kanzlei-Kiel-chris Normal file
View File

@ -0,0 +1 @@
ifconfig-push 10.0.100.2 255.255.255.0

13
Kanzlei-Kiel/openvpn/crl.pem Normal file
View File

@ -0,0 +1,13 @@
-----BEGIN X509 CRL-----
MIIB+zCB5DANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUxDzANBgNVBAgT
BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNV
BAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56bGVpLUtpZWwx
GTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1
LWFkbUBvb3Blbi5kZRcNMTgwMzE2MDkyMzQ4WhcNMjgwMzEzMDkyMzQ4WjANBgkq
hkiG9w0BAQsFAAOCAQEAT3CEPPV+CZV4EIx8OjZG4sJIRVZDgf8x/eY43ZYgfrV1
8sXKR9WX9LN9EFIUEu0PMhVGyW0yb2/PhsCUHQlVX08Wm9IQ3/DYNW6yw3WPsv9S
FBFxeNhUCLAqPyEs+LsTjUpaeHRB9BbHztBE6HH5pDKrAg5+qOOEJdAEN8jonC+T
kVV2J6itavpMjfoPYdFB+ykb9GN3V4NcQdj1EFGc6Gzl/fgDbCQOrem13ZA+3loW
iOZvrZiKz4PDuHWP/kf8eMl7FoImamLNvBa7w5W8HoERNKqCWIeEF1q8tCfRod63
sBWXrkKj3iN+NifH8SHTtRLg4X1GOiEgNNNqfnx9Yw==
-----END X509 CRL-----

0
Kanzlei-Kiel/openvpn/easy-rsa/.wh..wh..opq Normal file
View File

1
Kanzlei-Kiel/openvpn/easy-rsa/build-ca Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-ca

1
Kanzlei-Kiel/openvpn/easy-rsa/build-dh Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-dh

1
Kanzlei-Kiel/openvpn/easy-rsa/build-inter Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-inter

1
Kanzlei-Kiel/openvpn/easy-rsa/build-key Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key

1
Kanzlei-Kiel/openvpn/easy-rsa/build-key-pass Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-pass

1
Kanzlei-Kiel/openvpn/easy-rsa/build-key-pkcs12 Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-pkcs12

1
Kanzlei-Kiel/openvpn/easy-rsa/build-key-server Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-server

1
Kanzlei-Kiel/openvpn/easy-rsa/build-req Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-req

1
Kanzlei-Kiel/openvpn/easy-rsa/build-req-pass Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-req-pass

1
Kanzlei-Kiel/openvpn/easy-rsa/clean-all Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/clean-all

1
Kanzlei-Kiel/openvpn/easy-rsa/inherit-inter Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/inherit-inter

1
Kanzlei-Kiel/openvpn/easy-rsa/list-crl Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/list-crl

268
Kanzlei-Kiel/openvpn/easy-rsa/openssl-0.9.6.cnf Normal file
View File

@ -0,0 +1,268 @@
# For use with easy-rsa version 2.0
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always

293
Kanzlei-Kiel/openvpn/easy-rsa/openssl-0.9.8.cnf Normal file
View File

@ -0,0 +1,293 @@
# For use with easy-rsa version 2.0
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0

288
Kanzlei-Kiel/openvpn/easy-rsa/openssl-1.0.0.cnf Normal file
View File

@ -0,0 +1,288 @@
# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 3650 # how long before next CRL
default_md = sha256 # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation after 2004).
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0

1
Kanzlei-Kiel/openvpn/easy-rsa/openssl.cnf Symbolic link
View File

@ -0,0 +1 @@
openssl-1.0.0.cnf

1
Kanzlei-Kiel/openvpn/easy-rsa/pkitool Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/pkitool

1
Kanzlei-Kiel/openvpn/easy-rsa/revoke-full Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/revoke-full

1
Kanzlei-Kiel/openvpn/easy-rsa/sign-req Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/sign-req

95
Kanzlei-Kiel/openvpn/easy-rsa/vars Normal file
View File

@ -0,0 +1,95 @@
# easy-rsa parameter settings
# NOTE: If you installed from an RPM,
# don't edit this file in place in
# /usr/share/openvpn/easy-rsa --
# instead, you should copy the whole
# easy-rsa directory to another location
# (such as /etc/openvpn) so that your
# edits will not be wiped out by a future
# OpenVPN package upgrade.
# This variable should point to
# the top level of the easy-rsa
# tree.
##export EASY_RSA="`pwd`"
export BASE_DIR="/etc/openvpn"
export EASY_RSA="$BASE_DIR/easy-rsa"
#
# This variable should point to
# the requested executables
#
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
# This variable should point to
# the openssl.cnf file included
# with easy-rsa.
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
# Edit this variable to point to
# your soon-to-be-created key
# directory.
#
# WARNING: clean-all will do
# a rm -rf on this directory
# so make sure you define
# it correctly!
##export KEY_DIR="$EASY_RSA/keys"
export KEY_DIR="$BASE_DIR/keys"
# Issue rm -rf warning
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
# PKCS11 fixes
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
# Increase this to 2048 if you
# are paranoid. This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
export KEY_SIZE=2048
# In how many days should the root CA key expire?
##export CA_EXPIRE=3650
export CA_EXPIRE=11688
# In how many days should certificates expire?
##export KEY_EXPIRE=3650
export KEY_EXPIRE=7305
# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
##export KEY_COUNTRY="US"
export KEY_COUNTRY="DE"
##export KEY_PROVINCE="CA"
export KEY_PROVINCE="Berlin"
##export KEY_CITY="SanFrancisco"
export KEY_CITY="Berlin"
##export KEY_ORG="Fort-Funston"
export KEY_ORG="O.OPEN"
##export KEY_EMAIL="me@myhost.mydomain"
export KEY_EMAIL="ckubu-adm@oopen.de"
##export KEY_OU="MyOrganizationalUnit"
export KEY_OU="Network Services"
# X509 Subject Field
##export KEY_NAME="EasyRSA"
export KEY_NAME="VPN Kanzlei Kiel"
# PKCS11 Smart Card
# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
# export PKCS11_PIN=1234
# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
## export KEY_CN="CommonName"
export KEY_CN="VPN-Kanzlei-Kiel"
export KEY_ALTNAMES="VPN Kanzlei Kiel"

80
Kanzlei-Kiel/openvpn/easy-rsa/vars.2017-06-28-0107 Normal file
View File

@ -0,0 +1,80 @@
# easy-rsa parameter settings
# NOTE: If you installed from an RPM,
# don't edit this file in place in
# /usr/share/openvpn/easy-rsa --
# instead, you should copy the whole
# easy-rsa directory to another location
# (such as /etc/openvpn) so that your
# edits will not be wiped out by a future
# OpenVPN package upgrade.
# This variable should point to
# the top level of the easy-rsa
# tree.
export EASY_RSA="`pwd`"
#
# This variable should point to
# the requested executables
#
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
# This variable should point to
# the openssl.cnf file included
# with easy-rsa.
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
# Edit this variable to point to
# your soon-to-be-created key
# directory.
#
# WARNING: clean-all will do
# a rm -rf on this directory
# so make sure you define
# it correctly!
export KEY_DIR="$EASY_RSA/keys"
# Issue rm -rf warning
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
# PKCS11 fixes
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
# Increase this to 2048 if you
# are paranoid. This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
export KEY_SIZE=2048
# In how many days should the root CA key expire?
export CA_EXPIRE=3650
# In how many days should certificates expire?
export KEY_EXPIRE=3650
# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="SanFrancisco"
export KEY_ORG="Fort-Funston"
export KEY_EMAIL="me@myhost.mydomain"
export KEY_OU="MyOrganizationalUnit"
# X509 Subject Field
export KEY_NAME="EasyRSA"
# PKCS11 Smart Card
# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
# export PKCS11_PIN=1234
# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
# export KEY_CN="CommonName"

1
Kanzlei-Kiel/openvpn/easy-rsa/whichopensslcnf Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/whichopensslcnf

0
Kanzlei-Kiel/openvpn/ipp.txt Normal file
View File

20
Kanzlei-Kiel/openvpn/keys-created.txt Normal file
View File

@ -0,0 +1,20 @@
key...............: chris.key
common name.......: VPN-Kanzlei-Kiel-chris
password..........: dbddhkpuka.&EadGl15E.
key...............: gw-ckubu.key
common name.......: VPN-Kanzlei-Kiel-gw-ckubu
password..........: uoziengeeyiephu5voh7eothu1Aex8ar
key...............: axel.key
common name.......: VPN-Kanzlei-Kiel-axel
password..........: vP26M8Wj2S
key...............: pc-hh.key
common name.......: VPN-Kanzlei-Kiel-pc-hh
password..........: CHtq9MsL93LW
key...............: doro.key
common name.......: VPN-Kanzlei-Kiel-doro
password..........: 20_Doro_16-45

0
Kanzlei-Kiel/openvpn/keys/.wh..wh..opq Normal file
View File

101
Kanzlei-Kiel/openvpn/keys/01.pem Normal file
View File

@ -0,0 +1,101 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Validity
Not Before: Jun 27 23:17:01 2017 GMT
Not After : Jun 27 23:17:01 2037 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-server/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:de:09:04:84:23:f6:19:a5:df:53:2e:a4:02:8f:
2b:b6:de:bb:82:19:e3:b9:f6:f4:0b:62:d4:51:a1:
c9:be:85:67:82:de:9f:97:af:92:ad:b8:d7:4b:69:
50:f6:61:d7:ce:03:0c:ee:46:2d:ab:b5:f6:44:a5:
a2:7e:86:db:ad:8d:12:35:e8:49:c6:98:45:c1:10:
3f:50:8e:2a:93:fd:e7:7a:4d:4f:e3:5c:2e:67:3f:
8b:9d:d6:11:26:1f:00:ff:13:47:dd:86:8b:ed:6a:
29:07:cf:c2:f0:a4:4d:c4:dc:68:db:a1:c1:43:55:
13:45:5f:41:f3:f0:9c:0a:ea:26:29:c6:e3:fc:ee:
9f:7c:86:f4:f0:c8:0c:5f:61:e1:b9:f1:bc:f6:02:
71:6c:07:fe:18:30:b2:8c:dc:18:50:de:5e:96:24:
04:94:14:ec:9a:50:a6:90:02:79:b2:1a:c8:79:da:
fb:06:7e:ad:a8:79:ef:92:68:3c:46:4e:5e:b6:bf:
f1:fa:bf:da:73:8b:c4:95:89:1a:e1:52:70:20:46:
48:8c:47:01:c2:13:56:c9:44:e1:a7:55:14:e5:41:
4d:ab:8f:d0:50:13:76:19:d9:f2:fd:8b:16:27:58:
dd:4f:18:83:05:70:c1:97:d4:68:41:d4:2b:63:89:
b5:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Netscape Comment:
Easy-RSA Generated Server Certificate
X509v3 Subject Key Identifier:
9B:58:FA:12:97:7F:35:4F:5B:72:6D:C5:68:AD:B2:76:AD:B9:F0:95
X509v3 Authority Key Identifier:
keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
serial:FE:59:AD:5E:BE:90:05:3E
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
DNS:server
Signature Algorithm: sha256WithRSAEncryption
c2:b9:b2:70:fe:e4:4f:9b:21:85:14:f4:4a:b2:b0:32:ef:0f:
a3:15:95:a4:f6:78:84:5b:d6:75:e2:a1:b4:57:8a:23:66:2f:
72:5a:21:a9:4c:38:b6:cd:41:a5:b4:3e:11:d8:62:1f:8a:a1:
ba:13:55:1e:3b:7c:4d:22:2e:cf:54:81:e5:0d:3d:05:fd:3f:
9c:fb:24:cb:be:61:96:ec:e3:e9:c9:7c:da:97:e8:ba:a0:fd:
a8:47:97:43:88:8c:b6:03:81:d7:71:49:f9:9b:9d:33:5d:6f:
26:79:b6:7a:d2:27:ba:b5:7e:c8:62:8d:76:75:96:7a:25:86:
21:e5:8f:82:8a:06:47:4b:59:32:1d:dd:81:4d:b9:ac:ef:93:
a3:f1:f4:65:09:10:d8:af:04:14:c5:1e:58:b7:6e:95:ab:ba:
f5:e8:39:65:dc:87:d2:14:b4:e5:e5:af:2a:da:b2:c0:49:e2:
07:1d:ad:b5:c7:48:c4:81:36:f1:45:09:b9:1c:ed:87:9d:da:
70:c8:16:65:26:44:5e:f3:dd:a7:eb:39:2a:80:23:0d:e4:d9:
62:3a:19:e0:60:9c:21:cd:8e:ad:b6:59:36:f8:86:4e:7b:32:
e9:8d:de:e5:4b:fe:c4:c7:fb:35:c6:6d:78:f3:26:65:be:60:
be:34:fa:f0
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgIBATANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzA2MjcyMzE3MDFaFw0zNzA2Mjcy
MzE3MDFaMIG7MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
aWNlczEgMB4GA1UEAxMXVlBOLUthbnpsZWktS2llbC1zZXJ2ZXIxGTAXBgNVBCkT
EFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Bl
bi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN4JBIQj9hml31Mu
pAKPK7beu4IZ47n29Ati1FGhyb6FZ4Len5evkq2410tpUPZh184DDO5GLau19kSl
on6G262NEjXoScaYRcEQP1COKpP953pNT+NcLmc/i53WESYfAP8TR92Gi+1qKQfP
wvCkTcTcaNuhwUNVE0VfQfPwnArqJinG4/zun3yG9PDIDF9h4bnxvPYCcWwH/hgw
sozcGFDeXpYkBJQU7JpQppACebIayHna+wZ+rah575JoPEZOXra/8fq/2nOLxJWJ
GuFScCBGSIxHAcITVslE4adVFOVBTauP0FATdhnZ8v2LFidY3U8YgwVwwZfUaEHU
K2OJtQsCAwEAAaOCAZgwggGUMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZA
MDQGCWCGSAGG+EIBDQQnFiVFYXN5LVJTQSBHZW5lcmF0ZWQgU2VydmVyIENlcnRp
ZmljYXRlMB0GA1UdDgQWBBSbWPoSl381T1tybcVorbJ2rbnwlTCB6QYDVR0jBIHh
MIHegBROgh4UgeubyHEssSJokL/u2dT/1KGBuqSBtzCBtDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAP5ZrV6+kAU+MBMGA1UdJQQMMAoGCCsG
AQUFBwMBMAsGA1UdDwQEAwIFoDARBgNVHREECjAIggZzZXJ2ZXIwDQYJKoZIhvcN
AQELBQADggEBAMK5snD+5E+bIYUU9EqysDLvD6MVlaT2eIRb1nXiobRXiiNmL3Ja
IalMOLbNQaW0PhHYYh+KoboTVR47fE0iLs9UgeUNPQX9P5z7JMu+YZbs4+nJfNqX
6Lqg/ahHl0OIjLYDgddxSfmbnTNdbyZ5tnrSJ7q1fshijXZ1lnolhiHlj4KKBkdL
WTId3YFNuazvk6Px9GUJENivBBTFHli3bpWruvXoOWXch9IUtOXlryrassBJ4gcd
rbXHSMSBNvFFCbkc7Yed2nDIFmUmRF7z3afrOSqAIw3k2WI6GeBgnCHNjq22WTb4
hk57MumN3uVL/sTH+zXGbXjzJmW+YL40+vA=
-----END CERTIFICATE-----

98
Kanzlei-Kiel/openvpn/keys/02.pem Normal file
View File

@ -0,0 +1,98 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Validity
Not Before: Jun 27 23:20:59 2017 GMT
Not After : Jun 27 23:20:59 2037 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-chris/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ea:fb:89:96:31:df:91:67:0f:62:5d:89:76:b7:
c1:e6:bd:5e:70:40:b7:6b:66:43:eb:51:0b:a8:8c:
d2:40:dd:ed:99:20:6e:23:4d:dc:7e:aa:8e:36:24:
3c:4e:fc:cf:8b:5f:ad:63:91:10:33:4c:f4:eb:91:
b6:25:a6:8a:d7:c3:40:55:b2:aa:67:a1:37:cb:3b:
53:07:af:cf:42:9a:c5:a0:91:ed:98:42:57:0f:44:
ac:a5:92:e2:c6:56:cc:c1:4c:65:ab:f7:79:b5:9b:
67:5c:e9:d7:19:7f:81:3e:c6:a7:d8:a6:42:e6:34:
fd:ef:8b:e2:d7:3f:8c:71:0a:6a:c9:59:f6:c3:88:
40:86:a7:f1:54:4f:6d:d1:95:41:50:36:df:b4:6a:
58:ff:93:1e:c1:66:2d:37:33:ef:6c:f0:9a:2d:ba:
29:46:fe:4b:73:8e:22:33:89:33:4d:45:ab:b8:dd:
d4:d5:ae:a0:cc:f7:c4:d3:7c:24:02:46:92:7d:9d:
a2:9c:27:be:12:11:45:33:30:f1:a3:ad:17:2e:94:
06:54:7c:7c:20:65:1a:b2:d1:60:86:89:37:2d:d5:
f3:4f:3e:00:f3:bb:81:ae:78:be:6c:4b:68:ac:d9:
07:f0:aa:f7:c7:79:b3:d3:f2:32:8b:fd:80:0d:d5:
bf:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
E8:1E:7E:7E:48:9B:34:7E:27:93:17:EB:2E:4E:45:D5:AB:B9:A9:0F
X509v3 Authority Key Identifier:
keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
serial:FE:59:AD:5E:BE:90:05:3E
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:chris
Signature Algorithm: sha256WithRSAEncryption
59:8d:36:12:7e:91:f2:0f:d2:74:5a:42:e2:56:0a:9d:16:72:
09:05:40:ea:75:1e:0a:0c:81:0f:b4:e6:82:47:cc:38:67:c5:
f4:76:94:78:b5:02:a1:98:7a:c4:5e:01:90:dd:f9:cd:7b:45:
6e:30:69:b2:9f:5d:b0:fe:e9:23:a6:3e:ae:dd:7d:dc:75:f8:
a2:08:f8:87:34:7b:50:ae:15:49:23:7a:d4:2a:70:c1:ad:04:
e5:af:cb:f4:c5:c9:37:42:fc:ef:00:53:a2:51:92:71:c7:58:
a6:9e:3e:0a:7f:f6:37:5c:c4:e8:b8:20:ae:52:71:b4:5b:34:
8f:26:4e:28:cf:dd:ac:72:4f:81:8e:b8:ce:68:ab:79:21:93:
27:1c:9f:71:fe:f3:00:07:cb:28:bc:91:20:c0:ae:37:0a:33:
cf:9e:25:c1:ce:42:a1:6e:32:07:d2:65:e5:b1:9d:1f:52:25:
0b:9a:af:08:fb:8a:7e:a5:a4:da:3b:fa:85:4a:9c:a8:0c:19:
5d:df:9c:4d:4c:78:1b:ab:03:48:da:ba:a1:cf:3f:a2:ad:9f:
3e:a8:d3:cb:22:74:0f:cf:17:1d:bb:40:63:4e:4b:ff:e6:94:
55:00:79:3a:5b:de:36:35:de:d1:61:fc:d8:d1:98:2d:5d:bc:
fe:b6:f1:8a
-----BEGIN CERTIFICATE-----
MIIFajCCBFKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzA2MjcyMzIwNTlaFw0zNzA2Mjcy
MzIwNTlaMIG6MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
aWNlczEfMB0GA1UEAxMWVlBOLUthbnpsZWktS2llbC1jaHJpczEZMBcGA1UEKRMQ
VlBOIEthbnpsZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVu
LmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6vuJljHfkWcPYl2J
drfB5r1ecEC3a2ZD61ELqIzSQN3tmSBuI03cfqqONiQ8TvzPi1+tY5EQM0z065G2
JaaK18NAVbKqZ6E3yztTB6/PQprFoJHtmEJXD0SspZLixlbMwUxlq/d5tZtnXOnX
GX+BPsan2KZC5jT974vi1z+McQpqyVn2w4hAhqfxVE9t0ZVBUDbftGpY/5MewWYt
NzPvbPCaLbopRv5Lc44iM4kzTUWruN3U1a6gzPfE03wkAkaSfZ2inCe+EhFFMzDx
o60XLpQGVHx8IGUastFghok3LdXzTz4A87uBrni+bEtorNkH8Kr3x3mz0/Iyi/2A
DdW/lwIDAQABo4IBfTCCAXkwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFz
eS1SU0EgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBToHn5+SJs0fieT
F+suTkXVq7mpDzCB6QYDVR0jBIHhMIHegBROgh4UgeubyHEssSJokL/u2dT/1KGB
uqSBtzCBtDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMG
QmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2Vydmlj
ZXMxGTAXBgNVBAMTEFZQTi1LYW56bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56
bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAP5Z
rV6+kAU+MBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREE
CTAHggVjaHJpczANBgkqhkiG9w0BAQsFAAOCAQEAWY02En6R8g/SdFpC4lYKnRZy
CQVA6nUeCgyBD7TmgkfMOGfF9HaUeLUCoZh6xF4BkN35zXtFbjBpsp9dsP7pI6Y+
rt193HX4ogj4hzR7UK4VSSN61Cpwwa0E5a/L9MXJN0L87wBTolGSccdYpp4+Cn/2
N1zE6LggrlJxtFs0jyZOKM/drHJPgY64zmireSGTJxyfcf7zAAfLKLyRIMCuNwoz
z54lwc5CoW4yB9Jl5bGdH1IlC5qvCPuKfqWk2jv6hUqcqAwZXd+cTUx4G6sDSNq6
oc8/oq2fPqjTyyJ0D88XHbtAY05L/+aUVQB5OlveNjXe0WH82NGYLV28/rbxig==
-----END CERTIFICATE-----

99
Kanzlei-Kiel/openvpn/keys/03.pem Normal file
View File

@ -0,0 +1,99 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Validity
Not Before: Jun 27 23:24:59 2017 GMT
Not After : Jun 27 23:24:59 2037 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-gw-ckubu/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:cb:3a:12:41:57:f6:08:8a:9d:c8:f2:7d:de:eb:
9a:0a:05:44:82:28:16:30:bf:be:20:50:93:61:6f:
a4:ed:ae:61:dc:2a:4b:61:03:a8:c5:c1:86:c2:88:
34:66:c7:49:3d:61:59:e9:d0:88:d3:ad:af:8d:92:
c8:5a:ad:a6:4d:0b:38:41:b1:85:61:34:8e:94:56:
55:d4:05:85:02:5e:6d:cc:3d:81:26:1d:93:04:0a:
38:d5:c0:93:22:00:93:bd:dc:1f:9b:af:1f:78:1c:
f1:2c:b0:11:7e:4e:cf:62:8b:ce:7e:e2:bc:b3:8e:
af:a9:c6:cc:f3:40:a2:30:d6:a0:4d:9e:3f:54:5e:
74:35:67:3b:c5:78:ef:f5:9e:b1:39:fc:ad:71:13:
e9:84:cf:11:55:78:59:49:26:e9:1e:35:62:66:8b:
d2:f8:d7:19:94:31:5f:28:6a:69:25:a1:f7:c7:23:
82:d3:48:e9:58:2d:b9:a7:8d:41:6e:dd:3b:cd:27:
16:bd:6c:4d:7b:35:62:fd:b7:5a:90:ce:bb:6d:31:
c7:53:b0:df:aa:08:eb:69:d5:11:c6:66:58:8d:02:
61:79:bb:a0:fd:fd:8d:5f:67:26:8b:a2:d6:09:e5:
78:e2:f0:7a:2f:f4:98:ec:98:7a:a8:5f:f3:64:c1:
82:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
19:56:3C:B0:C3:18:52:DE:13:D0:D0:A6:B9:FB:E2:71:73:EC:63:2B
X509v3 Authority Key Identifier:
keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
serial:FE:59:AD:5E:BE:90:05:3E
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:gw-ckubu
Signature Algorithm: sha256WithRSAEncryption
bb:0b:05:a8:4c:67:80:ce:29:fd:b2:8f:9a:e9:3b:e4:40:9d:
9d:96:27:46:0b:4e:cb:0e:48:9f:4e:78:b4:fe:5c:93:f2:54:
c6:55:c2:18:7a:b0:c9:6f:f5:8b:a5:e6:87:0a:0d:75:23:6f:
cd:a2:32:d6:89:39:ad:46:3c:27:e2:cd:5d:8a:6f:7b:6a:43:
65:60:9d:9c:22:a8:34:52:a7:29:f4:c4:ba:65:18:86:70:6d:
82:09:d5:b1:4b:7d:f4:1d:5d:9f:a3:89:36:6b:62:7b:01:ea:
41:76:4e:22:b2:8e:b9:b7:70:e1:9e:76:d8:f9:f7:0f:67:1f:
fc:cb:71:4a:af:aa:60:91:15:f4:df:52:2b:c6:1e:3e:63:87:
cd:86:1f:52:fb:73:9f:20:d3:77:20:41:c2:fc:b7:34:93:6e:
8f:6f:55:3f:9f:e9:17:1d:23:63:84:d1:55:94:bf:b8:9d:46:
f4:d9:bf:1c:09:99:b4:dc:d0:b1:65:d0:3b:d6:94:8a:fd:78:
c4:b3:d9:52:24:6d:88:56:f9:ff:bb:d9:c3:c8:0c:3d:b6:60:
ae:5d:2c:3a:79:2d:fc:3c:46:05:a1:9d:e7:ba:07:f7:f2:48:
88:1b:21:36:49:72:9a:e2:a9:6f:ca:84:89:f6:83:ea:0d:b1:
d1:95:1f:16
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzA2MjcyMzI0NTlaFw0zNzA2Mjcy
MzI0NTlaMIG9MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
aWNlczEiMCAGA1UEAxMZVlBOLUthbnpsZWktS2llbC1ndy1ja3VidTEZMBcGA1UE
KRMQVlBOIEthbnpsZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9v
cGVuLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyzoSQVf2CIqd
yPJ93uuaCgVEgigWML++IFCTYW+k7a5h3CpLYQOoxcGGwog0ZsdJPWFZ6dCI062v
jZLIWq2mTQs4QbGFYTSOlFZV1AWFAl5tzD2BJh2TBAo41cCTIgCTvdwfm68feBzx
LLARfk7PYovOfuK8s46vqcbM80CiMNagTZ4/VF50NWc7xXjv9Z6xOfytcRPphM8R
VXhZSSbpHjViZovS+NcZlDFfKGppJaH3xyOC00jpWC25p41Bbt07zScWvWxNezVi
/bdakM67bTHHU7DfqgjradURxmZYjQJhebug/f2NX2cmi6LWCeV44vB6L/SY7Jh6
qF/zZMGCZQIDAQABo4IBgDCCAXwwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYe
RWFzeS1SU0EgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQZVjywwxhS
3hPQ0Ka5++Jxc+xjKzCB6QYDVR0jBIHhMIHegBROgh4UgeubyHEssSJokL/u2dT/
1KGBuqSBtzCBtDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UE
BxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2Vy
dmljZXMxGTAXBgNVBAMTEFZQTi1LYW56bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBL
YW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJ
AP5ZrV6+kAU+MBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDATBgNV
HREEDDAKgghndy1ja3VidTANBgkqhkiG9w0BAQsFAAOCAQEAuwsFqExngM4p/bKP
muk75ECdnZYnRgtOyw5In054tP5ck/JUxlXCGHqwyW/1i6XmhwoNdSNvzaIy1ok5
rUY8J+LNXYpve2pDZWCdnCKoNFKnKfTEumUYhnBtggnVsUt99B1dn6OJNmtiewHq
QXZOIrKOubdw4Z522Pn3D2cf/MtxSq+qYJEV9N9SK8YePmOHzYYfUvtznyDTdyBB
wvy3NJNuj29VP5/pFx0jY4TRVZS/uJ1G9Nm/HAmZtNzQsWXQO9aUiv14xLPZUiRt
iFb5/7vZw8gMPbZgrl0sOnkt/DxGBaGd57oH9/JIiBshNklymuKpb8qEifaD6g2x
0ZUfFg==
-----END CERTIFICATE-----

98
Kanzlei-Kiel/openvpn/keys/04.pem Normal file
View File

@ -0,0 +1,98 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4 (0x4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Validity
Not Before: Jun 27 23:26:40 2017 GMT
Not After : Jun 27 23:26:40 2037 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-axel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:e5:35:af:6e:3a:87:14:35:5f:63:33:30:64:1b:
98:ec:5a:5c:cf:ac:ea:fb:aa:12:f4:6d:8e:b0:b6:
da:3f:71:e3:b6:63:54:de:86:ed:1d:f3:7f:d0:d9:
39:3b:1b:ae:51:80:ba:41:04:a1:28:fc:75:b9:b5:
db:c8:ae:cc:e3:0e:24:72:e7:7f:74:2a:2a:3a:f2:
b7:92:54:82:5a:a5:25:8a:e2:5d:3b:5d:c7:36:cc:
3f:40:7f:fe:ae:27:9e:b7:28:06:51:4c:da:e1:61:
eb:a8:ce:1e:25:c1:d5:3e:37:74:a2:a0:ae:6a:3a:
53:48:b1:72:f6:80:07:d9:37:a1:b9:50:6a:2a:96:
e6:00:bc:1f:2b:bd:db:72:dc:a0:60:62:ce:90:7b:
fe:3a:cc:be:1a:ec:90:70:16:70:69:ac:cb:59:3e:
c0:54:a4:b1:7e:27:d3:18:78:ea:ea:b4:cf:87:3a:
30:0b:64:04:fc:3f:e0:d2:a2:b5:71:51:40:63:0e:
5b:74:b6:c5:ef:43:c1:b5:48:3d:a2:79:1b:16:6e:
fe:75:aa:d8:e5:1b:b9:93:cf:c8:9b:13:91:27:6d:
55:70:61:df:46:78:9f:d2:62:bc:6f:e5:a9:e0:85:
c0:04:ba:62:ee:e5:6b:95:3f:31:5e:27:dc:54:68:
86:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
17:D3:57:7D:98:66:AD:F3:AC:E5:29:BE:F0:74:F9:E4:74:36:FE:C1
X509v3 Authority Key Identifier:
keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
serial:FE:59:AD:5E:BE:90:05:3E
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:axel
Signature Algorithm: sha256WithRSAEncryption
6c:fd:9c:bd:77:25:a5:9e:e0:2c:09:80:76:88:aa:77:3c:63:
7d:71:d3:21:d5:66:2d:88:b7:48:50:04:c1:63:84:35:a1:cd:
7e:2e:eb:7f:0c:f0:69:c1:66:81:28:00:fa:62:43:7e:cc:34:
43:98:7a:4d:05:b1:07:f7:2d:1d:0f:71:0d:56:4d:4f:7c:fd:
06:50:e8:52:f0:ee:28:63:2c:0e:b6:4e:c4:72:90:59:e5:57:
47:36:64:f2:a9:66:d4:b1:e6:7d:53:82:27:0b:1d:cb:c0:a4:
54:40:1f:cf:1c:01:91:2c:7a:7e:a6:d9:61:fa:77:8d:36:75:
f0:30:1c:cb:c9:2b:fa:2b:fe:1f:2f:c6:7d:66:9b:b1:37:6f:
c0:e8:ac:eb:01:57:1a:1f:84:96:83:8f:ba:c4:8f:a8:c5:0e:
3f:f5:58:42:ba:cf:25:2b:ca:d4:13:d6:2d:2e:a9:a6:90:c3:
9d:32:f0:ee:dc:31:3f:ad:8e:a7:4c:bf:ad:f6:1b:b3:7e:27:
c6:68:b3:87:2b:62:0f:49:2b:70:db:67:d1:b8:8f:96:10:6a:
09:e7:ee:d7:ea:9a:24:b1:22:75:5a:7a:c5:3d:39:d5:6a:bc:
30:51:b3:f4:06:1c:fc:ed:a7:df:c8:56:c0:7c:8c:a5:2a:02:
94:39:2e:12
-----BEGIN CERTIFICATE-----
MIIFaDCCBFCgAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzA2MjcyMzI2NDBaFw0zNzA2Mjcy
MzI2NDBaMIG5MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
aWNlczEeMBwGA1UEAxMVVlBOLUthbnpsZWktS2llbC1heGVsMRkwFwYDVQQpExBW
UE4gS2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4u
ZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDlNa9uOocUNV9jMzBk
G5jsWlzPrOr7qhL0bY6wtto/ceO2Y1Tehu0d83/Q2Tk7G65RgLpBBKEo/HW5tdvI
rszjDiRy5390Kio68reSVIJapSWK4l07Xcc2zD9Af/6uJ563KAZRTNrhYeuozh4l
wdU+N3SioK5qOlNIsXL2gAfZN6G5UGoqluYAvB8rvdty3KBgYs6Qe/46zL4a7JBw
FnBprMtZPsBUpLF+J9MYeOrqtM+HOjALZAT8P+DSorVxUUBjDlt0tsXvQ8G1SD2i
eRsWbv51qtjlG7mTz8ibE5EnbVVwYd9GeJ/SYrxv5anghcAEumLu5WuVPzFeJ9xU
aIa1AgMBAAGjggF8MIIBeDAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5
LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFBfTV32YZq3zrOUp
vvB0+eR0Nv7BMIHpBgNVHSMEgeEwgd6AFE6CHhSB65vIcSyxImiQv+7Z1P/UoYG6
pIG3MIG0MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
czEZMBcGA1UEAxMQVlBOLUthbnpsZWktS2llbDEZMBcGA1UEKRMQVlBOIEthbnps
ZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlggkA/lmt
Xr6QBT4wEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA8GA1UdEQQI
MAaCBGF4ZWwwDQYJKoZIhvcNAQELBQADggEBAGz9nL13JaWe4CwJgHaIqnc8Y31x
0yHVZi2It0hQBMFjhDWhzX4u638M8GnBZoEoAPpiQ37MNEOYek0FsQf3LR0PcQ1W
TU98/QZQ6FLw7ihjLA62TsRykFnlV0c2ZPKpZtSx5n1TgicLHcvApFRAH88cAZEs
en6m2WH6d402dfAwHMvJK/or/h8vxn1mm7E3b8DorOsBVxofhJaDj7rEj6jFDj/1
WEK6zyUrytQT1i0uqaaQw50y8O7cMT+tjqdMv632G7N+J8Zos4crYg9JK3DbZ9G4
j5YQagnn7tfqmiSxInVaesU9OdVqvDBRs/QGHPztp9/IVsB8jKUqApQ5LhI=
-----END CERTIFICATE-----

98
Kanzlei-Kiel/openvpn/keys/05.pem Normal file
View File

@ -0,0 +1,98 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5 (0x5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Validity
Not Before: Jun 27 23:34:37 2017 GMT
Not After : Jun 27 23:34:37 2037 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-pc-hh/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a8:75:0a:f0:f5:5e:f2:5d:05:60:43:b9:b5:10:
e4:0f:19:fc:2b:bb:59:d0:b9:59:6e:f0:f5:88:ec:
5b:2d:6b:97:6e:2c:a1:c8:40:bd:03:23:0d:90:69:
22:2c:4f:4c:a1:2a:e9:29:a7:8f:c7:0b:b8:f8:04:
3e:2b:7c:1e:14:a8:4f:d7:32:1e:dc:cd:4f:31:f5:
80:51:5a:1f:2e:f3:01:3a:c1:3a:8a:ab:ef:8e:41:
e3:09:7f:9a:4c:a7:11:e2:c8:e1:5d:9c:6f:57:31:
ad:ed:28:c7:70:8a:2b:c5:3f:bf:28:e5:aa:f8:41:
22:fa:8b:4d:35:10:4a:0c:42:9f:83:6b:f2:05:6b:
84:36:59:88:e9:f6:f0:43:64:e6:9a:9b:a3:37:26:
a9:33:93:03:4f:71:16:d4:29:ce:c6:ea:e8:af:34:
98:33:ec:1f:23:80:97:93:be:2a:97:f0:38:3f:a9:
bc:40:60:73:24:c5:ef:25:bd:64:39:6e:b6:d6:75:
a2:11:0a:d2:5e:5a:8b:2e:8c:f5:84:2e:bd:16:b1:
16:f7:1e:9b:bd:04:00:27:e1:15:45:60:f9:86:58:
70:39:eb:1e:4e:93:cf:0a:7b:39:44:33:50:74:83:
a6:b6:30:43:c8:af:cc:0a:bf:66:ad:22:c8:3f:81:
35:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
7C:B4:73:C3:8B:56:98:7E:8A:0C:20:58:7D:94:1B:B6:D8:56:83:C5
X509v3 Authority Key Identifier:
keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
serial:FE:59:AD:5E:BE:90:05:3E
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:pc-hh
Signature Algorithm: sha256WithRSAEncryption
a2:54:ef:2a:43:8d:28:8e:06:72:42:61:e2:a3:0c:1f:d9:a9:
7b:78:70:0c:9b:24:ad:8b:a6:db:27:4c:e9:d9:de:ad:fe:fd:
d4:dc:3b:ec:2c:dc:3d:29:7c:03:0c:da:1f:c3:f7:f4:63:e1:
c6:3a:a1:9a:a4:0d:34:06:58:ab:e2:62:3f:9b:9e:ae:77:56:
f0:1e:a3:00:dd:7e:20:7f:95:5f:5d:19:65:a8:4f:a7:1a:04:
84:c7:8f:a9:b8:c3:3b:f9:1c:d9:0b:2f:03:a6:fa:c9:cb:60:
92:d5:80:cf:d1:12:d6:0f:80:e7:23:2c:ed:f6:1e:50:1d:2d:
c2:5f:72:bb:fa:54:99:43:aa:e1:a4:78:cc:5a:32:be:1b:e8:
02:f5:ad:58:29:c9:a8:ca:f6:e4:e7:47:ad:9e:7f:83:42:4f:
cf:dd:ea:95:00:1b:bf:c7:00:92:b1:1e:d4:e3:ae:19:f3:5f:
00:5d:d4:46:ca:84:82:1e:db:c2:2d:07:ab:30:1c:7e:a4:79:
c7:9c:2d:6e:3c:22:d3:a2:cf:2b:ad:75:81:0b:3a:f6:c1:71:
9e:cb:39:14:17:c8:f2:a0:0e:ca:86:51:75:a6:35:c9:70:3b:
b7:45:e7:a3:81:35:99:77:94:26:42:a3:84:92:75:45:60:bb:
93:ec:6b:b7
-----BEGIN CERTIFICATE-----
MIIFajCCBFKgAwIBAgIBBTANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzA2MjcyMzM0MzdaFw0zNzA2Mjcy
MzM0MzdaMIG6MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
aWNlczEfMB0GA1UEAxMWVlBOLUthbnpsZWktS2llbC1wYy1oaDEZMBcGA1UEKRMQ
VlBOIEthbnpsZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVu
LmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqHUK8PVe8l0FYEO5
tRDkDxn8K7tZ0LlZbvD1iOxbLWuXbiyhyEC9AyMNkGkiLE9MoSrpKaePxwu4+AQ+
K3weFKhP1zIe3M1PMfWAUVofLvMBOsE6iqvvjkHjCX+aTKcR4sjhXZxvVzGt7SjH
cIorxT+/KOWq+EEi+otNNRBKDEKfg2vyBWuENlmI6fbwQ2TmmpujNyapM5MDT3EW
1CnOxurorzSYM+wfI4CXk74ql/A4P6m8QGBzJMXvJb1kOW621nWiEQrSXlqLLoz1
hC69FrEW9x6bvQQAJ+EVRWD5hlhwOeseTpPPCns5RDNQdIOmtjBDyK/MCr9mrSLI
P4E11wIDAQABo4IBfTCCAXkwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFz
eS1SU0EgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBR8tHPDi1aYfooM
IFh9lBu22FaDxTCB6QYDVR0jBIHhMIHegBROgh4UgeubyHEssSJokL/u2dT/1KGB
uqSBtzCBtDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMG
QmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2Vydmlj
ZXMxGTAXBgNVBAMTEFZQTi1LYW56bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56
bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAP5Z
rV6+kAU+MBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREE
CTAHggVwYy1oaDANBgkqhkiG9w0BAQsFAAOCAQEAolTvKkONKI4GckJh4qMMH9mp
e3hwDJskrYum2ydM6dnerf791Nw77CzcPSl8AwzaH8P39GPhxjqhmqQNNAZYq+Ji
P5uerndW8B6jAN1+IH+VX10ZZahPpxoEhMePqbjDO/kc2QsvA6b6yctgktWAz9ES
1g+A5yMs7fYeUB0twl9yu/pUmUOq4aR4zFoyvhvoAvWtWCnJqMr25OdHrZ5/g0JP
z93qlQAbv8cAkrEe1OOuGfNfAF3URsqEgh7bwi0HqzAcfqR5x5wtbjwi06LPK611
gQs69sFxnss5FBfI8qAOyoZRdaY1yXA7t0Xno4E1mXeUJkKjhJJ1RWC7k+xrtw==
-----END CERTIFICATE-----

98
Kanzlei-Kiel/openvpn/keys/06.pem Normal file
View File

@ -0,0 +1,98 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6 (0x6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Validity
Not Before: Jun 27 23:42:32 2017 GMT
Not After : Jun 27 23:42:32 2037 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-doro/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c6:3d:01:a9:e3:1e:54:11:53:26:ae:ab:33:8d:
91:e4:f6:ba:08:3d:8c:37:14:83:84:97:83:e4:80:
fd:04:b4:3a:f7:18:ce:d8:72:86:49:c9:f0:f4:7c:
cf:66:cc:8a:3e:5e:18:12:6d:f9:2d:ac:56:17:15:
0a:1c:94:62:17:f4:2e:b1:3f:81:c9:51:4f:0a:45:
8e:b4:ce:0f:bf:cd:cb:c1:e8:21:7d:dc:0b:13:74:
aa:5a:2f:29:3d:ec:63:13:2a:46:98:8c:ba:01:64:
a6:46:83:d9:22:1d:dc:d5:f5:19:5f:0b:39:88:39:
57:92:31:5a:8d:50:7e:a6:4a:ff:9e:57:77:c6:0f:
65:95:1c:a6:7a:6f:9f:03:00:15:e6:50:7c:49:62:
72:d8:0f:27:ea:84:f9:91:d5:b0:d2:86:23:78:bc:
cb:d9:33:91:30:28:75:13:46:38:a1:ca:20:66:3b:
28:58:3c:21:a9:e1:94:42:92:52:96:2d:51:16:bd:
a2:d3:32:ab:95:b3:3a:92:95:b6:20:bc:d6:5d:dc:
5f:a8:51:f0:d6:9e:22:ca:17:30:d1:c5:9e:f7:42:
cc:d5:56:b7:e8:43:fd:b7:5d:8a:c6:40:9b:39:ba:
61:42:6a:3e:3d:82:44:15:ad:43:a4:08:79:e0:61:
b0:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
BE:2A:6F:2C:EF:0C:B1:1D:B2:48:5E:3A:68:14:9B:EF:BC:E5:E6:86
X509v3 Authority Key Identifier:
keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
serial:FE:59:AD:5E:BE:90:05:3E
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:doro
Signature Algorithm: sha256WithRSAEncryption
9a:3d:1f:11:18:ff:a9:0b:b0:38:95:4a:98:69:a9:76:65:10:
d0:5e:04:60:da:81:46:bc:44:dc:55:a3:59:4f:24:b7:27:ff:
c6:b5:28:10:59:b7:b9:5e:78:c4:32:d6:f2:4c:e6:aa:05:75:
68:e4:fa:8b:84:98:c1:65:1b:f5:f5:1a:a6:66:3e:a1:27:58:
8b:ad:e9:b1:6e:e9:e4:92:08:96:18:ac:c1:d6:48:33:45:18:
14:f9:75:75:3b:a1:2b:4f:23:4d:de:34:0b:6e:a0:95:25:fd:
8b:89:d9:d6:dc:47:b1:c5:35:d1:ac:8b:29:a8:95:f3:a4:c0:
54:a0:7e:15:97:de:6d:4a:27:98:af:e2:0c:4c:28:94:b8:ab:
15:2f:0b:29:32:13:2c:ae:46:c1:52:87:88:8c:43:a4:47:b5:
b3:85:68:57:de:5a:95:a8:c6:69:56:07:52:15:6b:88:67:27:
3a:23:36:57:8d:c9:e6:76:75:06:fd:00:e9:f8:d6:b0:d9:d0:
4e:4d:9c:4b:8a:1f:84:fd:86:19:52:d9:9c:0d:30:cf:65:c5:
df:d8:b8:90:9b:7e:01:cc:07:ae:94:16:15:df:40:22:68:70:
c1:4d:3c:f0:e5:93:2a:d8:8e:4e:bd:13:09:0f:eb:ba:c1:f0:
9b:ae:67:97
-----BEGIN CERTIFICATE-----
MIIFaDCCBFCgAwIBAgIBBjANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzA2MjcyMzQyMzJaFw0zNzA2Mjcy
MzQyMzJaMIG5MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
aWNlczEeMBwGA1UEAxMVVlBOLUthbnpsZWktS2llbC1kb3JvMRkwFwYDVQQpExBW
UE4gS2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4u
ZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGPQGp4x5UEVMmrqsz
jZHk9roIPYw3FIOEl4PkgP0EtDr3GM7YcoZJyfD0fM9mzIo+XhgSbfktrFYXFQoc
lGIX9C6xP4HJUU8KRY60zg+/zcvB6CF93AsTdKpaLyk97GMTKkaYjLoBZKZGg9ki
HdzV9RlfCzmIOVeSMVqNUH6mSv+eV3fGD2WVHKZ6b58DABXmUHxJYnLYDyfqhPmR
1bDShiN4vMvZM5EwKHUTRjihyiBmOyhYPCGp4ZRCklKWLVEWvaLTMquVszqSlbYg
vNZd3F+oUfDWniLKFzDRxZ73QszVVrfoQ/23XYrGQJs5umFCaj49gkQVrUOkCHng
YbCbAgMBAAGjggF8MIIBeDAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5
LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFL4qbyzvDLEdskhe
OmgUm++85eaGMIHpBgNVHSMEgeEwgd6AFE6CHhSB65vIcSyxImiQv+7Z1P/UoYG6
pIG3MIG0MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
czEZMBcGA1UEAxMQVlBOLUthbnpsZWktS2llbDEZMBcGA1UEKRMQVlBOIEthbnps
ZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlggkA/lmt
Xr6QBT4wEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA8GA1UdEQQI
MAaCBGRvcm8wDQYJKoZIhvcNAQELBQADggEBAJo9HxEY/6kLsDiVSphpqXZlENBe
BGDagUa8RNxVo1lPJLcn/8a1KBBZt7leeMQy1vJM5qoFdWjk+ouEmMFlG/X1GqZm
PqEnWIut6bFu6eSSCJYYrMHWSDNFGBT5dXU7oStPI03eNAtuoJUl/YuJ2dbcR7HF
NdGsiymolfOkwFSgfhWX3m1KJ5iv4gxMKJS4qxUvCykyEyyuRsFSh4iMQ6RHtbOF
aFfeWpWoxmlWB1IVa4hnJzojNleNyeZ2dQb9AOn41rDZ0E5NnEuKH4T9hhlS2ZwN
MM9lxd/YuJCbfgHMB66UFhXfQCJocMFNPPDlkyrYjk69EwkP67rB8JuuZ5c=
-----END CERTIFICATE-----

98
Kanzlei-Kiel/openvpn/keys/axel.crt Normal file
View File

@ -0,0 +1,98 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4 (0x4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Validity
Not Before: Jun 27 23:26:40 2017 GMT
Not After : Jun 27 23:26:40 2037 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-axel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:e5:35:af:6e:3a:87:14:35:5f:63:33:30:64:1b:
98:ec:5a:5c:cf:ac:ea:fb:aa:12:f4:6d:8e:b0:b6:
da:3f:71:e3:b6:63:54:de:86:ed:1d:f3:7f:d0:d9:
39:3b:1b:ae:51:80:ba:41:04:a1:28:fc:75:b9:b5:
db:c8:ae:cc:e3:0e:24:72:e7:7f:74:2a:2a:3a:f2:
b7:92:54:82:5a:a5:25:8a:e2:5d:3b:5d:c7:36:cc:
3f:40:7f:fe:ae:27:9e:b7:28:06:51:4c:da:e1:61:
eb:a8:ce:1e:25:c1:d5:3e:37:74:a2:a0:ae:6a:3a:
53:48:b1:72:f6:80:07:d9:37:a1:b9:50:6a:2a:96:
e6:00:bc:1f:2b:bd:db:72:dc:a0:60:62:ce:90:7b:
fe:3a:cc:be:1a:ec:90:70:16:70:69:ac:cb:59:3e:
c0:54:a4:b1:7e:27:d3:18:78:ea:ea:b4:cf:87:3a:
30:0b:64:04:fc:3f:e0:d2:a2:b5:71:51:40:63:0e:
5b:74:b6:c5:ef:43:c1:b5:48:3d:a2:79:1b:16:6e:
fe:75:aa:d8:e5:1b:b9:93:cf:c8:9b:13:91:27:6d:
55:70:61:df:46:78:9f:d2:62:bc:6f:e5:a9:e0:85:
c0:04:ba:62:ee:e5:6b:95:3f:31:5e:27:dc:54:68:
86:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
17:D3:57:7D:98:66:AD:F3:AC:E5:29:BE:F0:74:F9:E4:74:36:FE:C1
X509v3 Authority Key Identifier:
keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
serial:FE:59:AD:5E:BE:90:05:3E
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:axel
Signature Algorithm: sha256WithRSAEncryption
6c:fd:9c:bd:77:25:a5:9e:e0:2c:09:80:76:88:aa:77:3c:63:
7d:71:d3:21:d5:66:2d:88:b7:48:50:04:c1:63:84:35:a1:cd:
7e:2e:eb:7f:0c:f0:69:c1:66:81:28:00:fa:62:43:7e:cc:34:
43:98:7a:4d:05:b1:07:f7:2d:1d:0f:71:0d:56:4d:4f:7c:fd:
06:50:e8:52:f0:ee:28:63:2c:0e:b6:4e:c4:72:90:59:e5:57:
47:36:64:f2:a9:66:d4:b1:e6:7d:53:82:27:0b:1d:cb:c0:a4:
54:40:1f:cf:1c:01:91:2c:7a:7e:a6:d9:61:fa:77:8d:36:75:
f0:30:1c:cb:c9:2b:fa:2b:fe:1f:2f:c6:7d:66:9b:b1:37:6f:
c0:e8:ac:eb:01:57:1a:1f:84:96:83:8f:ba:c4:8f:a8:c5:0e:
3f:f5:58:42:ba:cf:25:2b:ca:d4:13:d6:2d:2e:a9:a6:90:c3:
9d:32:f0:ee:dc:31:3f:ad:8e:a7:4c:bf:ad:f6:1b:b3:7e:27:
c6:68:b3:87:2b:62:0f:49:2b:70:db:67:d1:b8:8f:96:10:6a:
09:e7:ee:d7:ea:9a:24:b1:22:75:5a:7a:c5:3d:39:d5:6a:bc:
30:51:b3:f4:06:1c:fc:ed:a7:df:c8:56:c0:7c:8c:a5:2a:02:
94:39:2e:12
-----BEGIN CERTIFICATE-----
MIIFaDCCBFCgAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzA2MjcyMzI2NDBaFw0zNzA2Mjcy
MzI2NDBaMIG5MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
aWNlczEeMBwGA1UEAxMVVlBOLUthbnpsZWktS2llbC1heGVsMRkwFwYDVQQpExBW
UE4gS2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4u
ZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDlNa9uOocUNV9jMzBk
G5jsWlzPrOr7qhL0bY6wtto/ceO2Y1Tehu0d83/Q2Tk7G65RgLpBBKEo/HW5tdvI
rszjDiRy5390Kio68reSVIJapSWK4l07Xcc2zD9Af/6uJ563KAZRTNrhYeuozh4l
wdU+N3SioK5qOlNIsXL2gAfZN6G5UGoqluYAvB8rvdty3KBgYs6Qe/46zL4a7JBw
FnBprMtZPsBUpLF+J9MYeOrqtM+HOjALZAT8P+DSorVxUUBjDlt0tsXvQ8G1SD2i
eRsWbv51qtjlG7mTz8ibE5EnbVVwYd9GeJ/SYrxv5anghcAEumLu5WuVPzFeJ9xU
aIa1AgMBAAGjggF8MIIBeDAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5
LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFBfTV32YZq3zrOUp
vvB0+eR0Nv7BMIHpBgNVHSMEgeEwgd6AFE6CHhSB65vIcSyxImiQv+7Z1P/UoYG6
pIG3MIG0MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
czEZMBcGA1UEAxMQVlBOLUthbnpsZWktS2llbDEZMBcGA1UEKRMQVlBOIEthbnps
ZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlggkA/lmt
Xr6QBT4wEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA8GA1UdEQQI
MAaCBGF4ZWwwDQYJKoZIhvcNAQELBQADggEBAGz9nL13JaWe4CwJgHaIqnc8Y31x
0yHVZi2It0hQBMFjhDWhzX4u638M8GnBZoEoAPpiQ37MNEOYek0FsQf3LR0PcQ1W
TU98/QZQ6FLw7ihjLA62TsRykFnlV0c2ZPKpZtSx5n1TgicLHcvApFRAH88cAZEs
en6m2WH6d402dfAwHMvJK/or/h8vxn1mm7E3b8DorOsBVxofhJaDj7rEj6jFDj/1
WEK6zyUrytQT1i0uqaaQw50y8O7cMT+tjqdMv632G7N+J8Zos4crYg9JK3DbZ9G4
j5YQagnn7tfqmiSxInVaesU9OdVqvDBRs/QGHPztp9/IVsB8jKUqApQ5LhI=
-----END CERTIFICATE-----

19
Kanzlei-Kiel/openvpn/keys/axel.csr Normal file
View File

@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIC/zCCAecCAQAwgbkxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
IFNlcnZpY2VzMR4wHAYDVQQDExVWUE4tS2FuemxlaS1LaWVsLWF4ZWwxGTAXBgNV
BCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBv
b3Blbi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOU1r246hxQ1
X2MzMGQbmOxaXM+s6vuqEvRtjrC22j9x47ZjVN6G7R3zf9DZOTsbrlGAukEEoSj8
dbm128iuzOMOJHLnf3QqKjryt5JUglqlJYriXTtdxzbMP0B//q4nnrcoBlFM2uFh
66jOHiXB1T43dKKgrmo6U0ixcvaAB9k3oblQaiqW5gC8Hyu923LcoGBizpB7/jrM
vhrskHAWcGmsy1k+wFSksX4n0xh46uq0z4c6MAtkBPw/4NKitXFRQGMOW3S2xe9D
wbVIPaJ5GxZu/nWq2OUbuZPPyJsTkSdtVXBh30Z4n9JivG/lqeCFwAS6Yu7la5U/
MV4n3FRohrUCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQANXKMonvUBAcWYPmIh
tvhfIYy3ZfROFShhtI8VOXr2rO1dYbwOrYc06Z+d0/L04sWU88cnDMG8AUstytnE
PITNWoG4n4WxSuMKoC+K3JQxtBbj/vME8Nd6Oq1Lk0GqYSVQYcnNc+8+8Vby0GVk
4rFl7wh5+vzME6YWhja/0PNovWJejfef5MYkiK0zlb5ZwE5F/+SHrrmSlki4/1U6
aNQHyx58+MMJYFOAUoTvpqS3ZjXfvo5YjEaffmMxefhRdUnRSs1bT33A4UeqcywS
sWS7O2sbV/6GcxIE7SXadF75ZaSy+AWrSE1OBuhQzXWZGc10QQLgBnRFgxCMMtBi
SVvl
-----END CERTIFICATE REQUEST-----

30
Kanzlei-Kiel/openvpn/keys/axel.key Normal file
View File

@ -0,0 +1,30 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIeY8Z8uioO0MCAggA
MBQGCCqGSIb3DQMHBAhVquS8Svup+ASCBMhFkAI+gaQfB7nswLZ/KAimvU7auAfz
haUXnxIB5SKsyHT6ODhmNFM4KJmPo0dizYE10AsfMXxBdeAGLCLANNC/XX/jwRBM
BiXrW/4QqoWHNCBrvSAtqXPy7DgHxOAP/JP+13nRQxBl13z+kK4cTpcZEMxxQJed
awckJMHwQ5gyHfx5xcczCHZYCUwTeu3azyMJSCVS7NUGwmcUbXWNhb1guT3CikLz
19/BNjcT+51S67hfr50jvVKJApkwd76bu2bCM4/J4rLY8Ds/nQF3inEu8TcKwwNY
pI5cwtocvRwkCIiiqQokiHRRIR0TP/4NcG/WXMWLXAXSnKEAmrqwJpjUt5p8Ahcl
0fEe/AQmllE6y3l1zFiG2JiHNjy/FV3ymjTGhiD6xykyy5jflznH6Lh0cIx8nbyC
6e0dqV80t0rvQkqxRoeAJA2EvdjRI1udixXov7iLa/SbovXwpfMpWvk8NggTtgcx
gTumYMsqriYGgYdr/wXj6EbKNAzcskxLvP8kJorhO5l7juBf8Sx2AFI4XpufvQBW
Luq6VQMSz9JbvfGjlEpuSE6EnGoK98QO85J777Hnhyk5185wE8/2nCkVdafrKGVq
eSpapLZtsG1BF9SXgHh299Q9tJEnuRIu1ftJlJVV+vGUd9upJLxYCSY8jHziQ153
VXDXBP3/CuuKC37YHAgUd8Pi7s3SwDVFVry/ifxvwC47I28voVKFZz3/0QwCA6Xq
URagl3jNKwtXn6KMi7E/3BICOYPIRcgNb6sJzYlclq7HMrKS3baWiScXEX9qGiLi
5EHcyymSSej5cEXT2RxO55URG97mP5NWUXaJ8yvswHjxKksU3K7jvQTUtLcENA4K
WYydPhszCXDkAvMkMHro0G8wYZPpBikRmfc8PF3jVssOkB66rKaCi1EK00lASOTY
/x2Cyrl58wI3D35DJ8wp70jehwViQokUTAOaLF6D1GihkBD25sLNJSEL2HPlzPB3
G0OyMVbGNlrYL/glaAlsQf2jhjwQ2qKv+e1yEps+sXZLtBbck5YVAHdoFSrWzQcN
LTpIaA+MbsqqY4D8zFhn2WIH3l461ly49V2NIK8LIN8b00uHnoNEivJ6YexcDr9z
EXKQmfINl9pnuBPjdUzB7Fw2CfIZjxUcRpX3HxfEz8tWIj/ORv9GLQ4+MnJX5AP4
aKrStwi5CsPaovJ44/EINKUzo/IL324gudF2zMi5T6kAcSVU/+Z+0CBlZslh5Lu+
f1aBcEwjz6IyX8BUE3UYGQUTOBV0X8bnLARHK/RHcSUYoi1Zz19gIthICTtXWq6R
U3KbmNeoPxzgvLPbZohI8pb2RApctbaszLPeWaI4WQlkRcVO/N57Y9dPsM70fEZQ
1tcFe+ph6JazYnL+Kg3Jb1PmqOQciqHn8D+sre4y7JfF/CmZeWDtRNwXtcDWH1/p
vaIJJynHSSmN7nrZ0p/7kQ1GKK+d7AEzRU4yoq+D1aWLl5NoIFmpr/v1Vgf1qn1G
aRVKRldfE1/n9MFBTY1X8NYz7XQhebCqieOYlj14OF11YtWIdV16IkaBZvT1QcJw
+Cr1OqFjwXgQnoBYdqSxwtr7lFEHsDWhi8F8UxcNdTaKjQHHGoZ2Ta98hf9wE6z+
+s4=
-----END ENCRYPTED PRIVATE KEY-----

29
Kanzlei-Kiel/openvpn/keys/ca.crt Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIJAP5ZrV6+kAU+MA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEZMBcGA1UEAxMQ
VlBOLUthbnpsZWktS2llbDEZMBcGA1UEKRMQVlBOIEthbnpsZWkgS2llbDEhMB8G
CSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMB4XDTE3MDYyNzIzMDc1NloX
DTQ5MDYyNzIzMDc1NlowgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3
b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQp
ExBWUE4gS2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29w
ZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFxAf/gwUw+PD7
xYRGHHmYzbjP/hl+cx60qwGZYbyitlIGIZ/0EjzSxyvL47EAB0gBHWuSofYD2L1d
k9mYKLbBCAk+VdV+O1rPuE3DSc/T01vEEhlqYGfm6iTgKTLeIWFaPE4k5rNgGM+F
A0LZXdWnH6/xj7Vp55UWl/G7/rzptKY9XTdBuV8pqFl1Cvs0dLlFG8JMyrl0ozEf
w8cI8dyLsTSZWBEOEAaQQmwOE8WEPXwAhgXDzsQfXdMsKJlfMgM1nOlflux0AftE
0Hi+jgTV9uvcjssOetpyf7fmsjvLwsoEIrgZcYK9cUtpO/sAuvDIo/cgbV3SBNIP
68jXrrmvAgMBAAGjggEdMIIBGTAdBgNVHQ4EFgQUToIeFIHrm8hxLLEiaJC/7tnU
/9QwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU/9ShgbqkgbcwgbQx
CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
MA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYD
VQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4gS2FuemxlaSBLaWVs
MSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQD+Wa1evpAFPjAM
BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCxLfN8SL5ANfwfU0OKi0MH
cXlk2czIC9pcfrMaVp6gWgUKEqmNAC7NOqv8rN+fHXmfQhQ58s7SDqEJgYlfpwyW
mAIT6D72NN2z8t4iYhu48R1fV+Ml7g9LfCtSOpJXezpzylKvNKAQL7QYOYsfZN1N
SCIDyf9Ub65GLDiWmi3nrOUBlYO0yFddJ3c1MtU3aUAucMZGGGwORtEswqVzMcw1
ZbQppHcWiwJ4nFNmTC6d2nct1ELrv2ckaaPT+HazFHVtiqkQ2yoYQwoZhjZqOAPp
uxIR5f7mS9PtugPSuvf4aftN+7DZq6otfTEmOoIoN0dznV60Jc8xTQkzHuNRjwVi
-----END CERTIFICATE-----

28
Kanzlei-Kiel/openvpn/keys/ca.key Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDFxAf/gwUw+PD7
xYRGHHmYzbjP/hl+cx60qwGZYbyitlIGIZ/0EjzSxyvL47EAB0gBHWuSofYD2L1d
k9mYKLbBCAk+VdV+O1rPuE3DSc/T01vEEhlqYGfm6iTgKTLeIWFaPE4k5rNgGM+F
A0LZXdWnH6/xj7Vp55UWl/G7/rzptKY9XTdBuV8pqFl1Cvs0dLlFG8JMyrl0ozEf
w8cI8dyLsTSZWBEOEAaQQmwOE8WEPXwAhgXDzsQfXdMsKJlfMgM1nOlflux0AftE
0Hi+jgTV9uvcjssOetpyf7fmsjvLwsoEIrgZcYK9cUtpO/sAuvDIo/cgbV3SBNIP
68jXrrmvAgMBAAECggEAO/aPMkLorQueDci6rYNuvw0JT09NLZD8K216Q6ZlyrQb
NK63UArDlGk9d0mnXknW5DemaURgUpRB/oCYxlD58JdeLh9aZzbZ9wd71I2pzSFV
vqJ6QE3Q0ywFWE5FlSJr4S9NxlSI6Mc9DKiLeVrBMDYkY8reB6lnA/24FvdLElTi
MnTzgUdvOvqT6Jxnz6P4DDU4pjHo38OSX5kIwl2vGMonMRNsEUBPylV6TiStxVxt
YebCgm6Hcd66gW4HqbIRj0OBcx21OGm/ZuMxD+7hsdod1aXVXyTT1qbvauW3Djc9
uNs8LYv73tLME6aUjMgnrxRFoAjUxbuSVUlQnzxmWQKBgQDuVPzKBT6LMaudhSjY
XYnef7K5EpO8xnmpmXN2S2/JX/wBV40KhhmjkRBELr3w5facgdacykdppOTM+ZDI
SBE6JWb3Eueud6MDC0NmEDaHZG5FIPtBFuaE8WD8l90dkJJqdc21BuOYgPRwM0CF
xvtqkm/uPnRtMMjRDLg7DV4cNQKBgQDUbS/EisId0nlhKQql4sKCPHjvhS/tG95x
55a3h4JkGKM6gdpQ3usgWCMqGybViE8BbLlthR3Xq9NeV3u6/IpzA0nDrjUhvpjR
Lkvl5dR5RdY2KculAk74vWp1JhTgjD7eF63nqPmtPL/qAf2RcqF83lQG+NjP36yg
i7PLG1LS0wKBgH5+3SzcW7XFRzDz3Bn6i5JsdI+GLKOlNC2wJHhE0bAwIbEUpudP
BYyrEdced/HEHIA06ZOOSRjpTAb+7rlehsY109CPWChhl0OmVr91G3wA8gX+21xQ
q0kkVDW85L8sXInkvKm4XlQzHYnvqe9XDVojHwV0YJcTrYJHHgE5txmBAoGADwor
955bYAEm1toxBs2nN9FQPqUPX5o5hZb/9L6DXNLhu6K18kPWIdQbqT+C4FtmPJOW
DUr/ceWYcXWALRz0MHBrKI+M83arGyRL+1rqUCvBntQWtvgS30mJ4AFyOPO0/8Rt
a5lrE/jZHZhGe6XCCTU0fcngj9cmQbeiYx7sHkECgYBLGhs6aUJBXoVB+zbcQYOY
7vZCSvu9nwDJfuGz7tqWnQggK67zpg5/++sEwV+3sT2WxP8bNvfry+3PJm6kFilC
nogMCihx7nJvstHTTAmf/Fqr7aFDqLU+HlBpf/cebBfPcV/PivVzWLkJnKodHrtF
nt6p54bz6admeD3HllcUiA==
-----END PRIVATE KEY-----

98
Kanzlei-Kiel/openvpn/keys/chris.crt Normal file
View File

@ -0,0 +1,98 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Validity
Not Before: Jun 27 23:20:59 2017 GMT
Not After : Jun 27 23:20:59 2037 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-chris/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ea:fb:89:96:31:df:91:67:0f:62:5d:89:76:b7:
c1:e6:bd:5e:70:40:b7:6b:66:43:eb:51:0b:a8:8c:
d2:40:dd:ed:99:20:6e:23:4d:dc:7e:aa:8e:36:24:
3c:4e:fc:cf:8b:5f:ad:63:91:10:33:4c:f4:eb:91:
b6:25:a6:8a:d7:c3:40:55:b2:aa:67:a1:37:cb:3b:
53:07:af:cf:42:9a:c5:a0:91:ed:98:42:57:0f:44:
ac:a5:92:e2:c6:56:cc:c1:4c:65:ab:f7:79:b5:9b:
67:5c:e9:d7:19:7f:81:3e:c6:a7:d8:a6:42:e6:34:
fd:ef:8b:e2:d7:3f:8c:71:0a:6a:c9:59:f6:c3:88:
40:86:a7:f1:54:4f:6d:d1:95:41:50:36:df:b4:6a:
58:ff:93:1e:c1:66:2d:37:33:ef:6c:f0:9a:2d:ba:
29:46:fe:4b:73:8e:22:33:89:33:4d:45:ab:b8:dd:
d4:d5:ae:a0:cc:f7:c4:d3:7c:24:02:46:92:7d:9d:
a2:9c:27:be:12:11:45:33:30:f1:a3:ad:17:2e:94:
06:54:7c:7c:20:65:1a:b2:d1:60:86:89:37:2d:d5:
f3:4f:3e:00:f3:bb:81:ae:78:be:6c:4b:68:ac:d9:
07:f0:aa:f7:c7:79:b3:d3:f2:32:8b:fd:80:0d:d5:
bf:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
E8:1E:7E:7E:48:9B:34:7E:27:93:17:EB:2E:4E:45:D5:AB:B9:A9:0F
X509v3 Authority Key Identifier:
keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
serial:FE:59:AD:5E:BE:90:05:3E
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:chris
Signature Algorithm: sha256WithRSAEncryption
59:8d:36:12:7e:91:f2:0f:d2:74:5a:42:e2:56:0a:9d:16:72:
09:05:40:ea:75:1e:0a:0c:81:0f:b4:e6:82:47:cc:38:67:c5:
f4:76:94:78:b5:02:a1:98:7a:c4:5e:01:90:dd:f9:cd:7b:45:
6e:30:69:b2:9f:5d:b0:fe:e9:23:a6:3e:ae:dd:7d:dc:75:f8:
a2:08:f8:87:34:7b:50:ae:15:49:23:7a:d4:2a:70:c1:ad:04:
e5:af:cb:f4:c5:c9:37:42:fc:ef:00:53:a2:51:92:71:c7:58:
a6:9e:3e:0a:7f:f6:37:5c:c4:e8:b8:20:ae:52:71:b4:5b:34:
8f:26:4e:28:cf:dd:ac:72:4f:81:8e:b8:ce:68:ab:79:21:93:
27:1c:9f:71:fe:f3:00:07:cb:28:bc:91:20:c0:ae:37:0a:33:
cf:9e:25:c1:ce:42:a1:6e:32:07:d2:65:e5:b1:9d:1f:52:25:
0b:9a:af:08:fb:8a:7e:a5:a4:da:3b:fa:85:4a:9c:a8:0c:19:
5d:df:9c:4d:4c:78:1b:ab:03:48:da:ba:a1:cf:3f:a2:ad:9f:
3e:a8:d3:cb:22:74:0f:cf:17:1d:bb:40:63:4e:4b:ff:e6:94:
55:00:79:3a:5b:de:36:35:de:d1:61:fc:d8:d1:98:2d:5d:bc:
fe:b6:f1:8a
-----BEGIN CERTIFICATE-----
MIIFajCCBFKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzA2MjcyMzIwNTlaFw0zNzA2Mjcy
MzIwNTlaMIG6MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
aWNlczEfMB0GA1UEAxMWVlBOLUthbnpsZWktS2llbC1jaHJpczEZMBcGA1UEKRMQ
VlBOIEthbnpsZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVu
LmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6vuJljHfkWcPYl2J
drfB5r1ecEC3a2ZD61ELqIzSQN3tmSBuI03cfqqONiQ8TvzPi1+tY5EQM0z065G2
JaaK18NAVbKqZ6E3yztTB6/PQprFoJHtmEJXD0SspZLixlbMwUxlq/d5tZtnXOnX
GX+BPsan2KZC5jT974vi1z+McQpqyVn2w4hAhqfxVE9t0ZVBUDbftGpY/5MewWYt
NzPvbPCaLbopRv5Lc44iM4kzTUWruN3U1a6gzPfE03wkAkaSfZ2inCe+EhFFMzDx
o60XLpQGVHx8IGUastFghok3LdXzTz4A87uBrni+bEtorNkH8Kr3x3mz0/Iyi/2A
DdW/lwIDAQABo4IBfTCCAXkwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFz
eS1SU0EgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBToHn5+SJs0fieT
F+suTkXVq7mpDzCB6QYDVR0jBIHhMIHegBROgh4UgeubyHEssSJokL/u2dT/1KGB
uqSBtzCBtDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMG
QmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2Vydmlj
ZXMxGTAXBgNVBAMTEFZQTi1LYW56bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56
bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAP5Z
rV6+kAU+MBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREE
CTAHggVjaHJpczANBgkqhkiG9w0BAQsFAAOCAQEAWY02En6R8g/SdFpC4lYKnRZy
CQVA6nUeCgyBD7TmgkfMOGfF9HaUeLUCoZh6xF4BkN35zXtFbjBpsp9dsP7pI6Y+
rt193HX4ogj4hzR7UK4VSSN61Cpwwa0E5a/L9MXJN0L87wBTolGSccdYpp4+Cn/2
N1zE6LggrlJxtFs0jyZOKM/drHJPgY64zmireSGTJxyfcf7zAAfLKLyRIMCuNwoz
z54lwc5CoW4yB9Jl5bGdH1IlC5qvCPuKfqWk2jv6hUqcqAwZXd+cTUx4G6sDSNq6
oc8/oq2fPqjTyyJ0D88XHbtAY05L/+aUVQB5OlveNjXe0WH82NGYLV28/rbxig==
-----END CERTIFICATE-----

19
Kanzlei-Kiel/openvpn/keys/chris.csr Normal file
View File

@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIDADCCAegCAQAwgboxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
IFNlcnZpY2VzMR8wHQYDVQQDExZWUE4tS2FuemxlaS1LaWVsLWNocmlzMRkwFwYD
VQQpExBWUE4gS2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1A
b29wZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDq+4mWMd+R
Zw9iXYl2t8HmvV5wQLdrZkPrUQuojNJA3e2ZIG4jTdx+qo42JDxO/M+LX61jkRAz
TPTrkbYlporXw0BVsqpnoTfLO1MHr89CmsWgke2YQlcPRKylkuLGVszBTGWr93m1
m2dc6dcZf4E+xqfYpkLmNP3vi+LXP4xxCmrJWfbDiECGp/FUT23RlUFQNt+0alj/
kx7BZi03M+9s8JotuilG/ktzjiIziTNNRau43dTVrqDM98TTfCQCRpJ9naKcJ74S
EUUzMPGjrRculAZUfHwgZRqy0WCGiTct1fNPPgDzu4GueL5sS2is2QfwqvfHebPT
8jKL/YAN1b+XAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAW1h/JnCGSfjUzN98
IkkgXhZHVclV0mAPNqvJSVIOlmRORxbd1RyT01C29FT1p9cKrfuhP+FED1Zh+fgA
mw0blY9HAhtZKnKoGPsDu3yLa0ETX5ErcOQ6o/FKfi2lemGlEMabPDRLSoKgr1eX
dB/jBCaTUrqbInVWgq7E6pP1ZSuGmBRzc2gaygF0ZWcBQbESQOdltc4MZyHKy0Oj
E7tF5HryZSNakxV36axkUJcBVe8O9ozL5leqP8KtHXWIht29H+3dIxzfyhaaj1/t
c+cB7luBTvScnhDuuMTBSK9in9wpNMh7D2dUSuD8d7HFXGFwqVhS2ZMjOYjiNowu
t8xzHA==
-----END CERTIFICATE REQUEST-----

30
Kanzlei-Kiel/openvpn/keys/chris.key Normal file
View File

@ -0,0 +1,30 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI7NQsu8b6oEkCAggA
MBQGCCqGSIb3DQMHBAhW4mKMiCCRkwSCBMjbNU7viyJa22yM5e45+ppZXtM68JLl
Ql9d9mej94TSMuKgIQIeQDSQshGYJDecRMHrPbpTW/GvBDOXY/OFV+QDrB/Cp18C
QStR0Lg9RZ5XmJ7TncB1eIFNTbAJQkRbRWZfMTT1q5aNrNWVy88xajVoX9UlsAiZ
A1vvkBmwXTSM8l3VoHWuH7nxWOEX7R16TOcG9EwjwSCMlVsW3rqgqiTb4GtlA0kf
t3JOLCRwgjO4uFXCUob6t9O0FzwlsGapk4LIoHZivfj1oXL1d39ibIsC7sSTNjw7
v3CSRUfd4iMOLqGNKKtuiqdVxv88SKjKD3Au4sqowjdk+2kTOq8oCgKUn3HaiEr/
OW3ja8pF1dW5BGmv70D1Ujk1Wst4Cp4W3VHre+D2f/YJBYNEp+ADDVI7stYSyvln
01CBJPUnVskn3SHGtv5NLpKAEkF2LY2qZn8GENO4pKduXq8PNuAh4dcctssJ+WQr
rCQhy52SiEus6nvEzJFdyXQT0bwrFpILSbg8s9Fn3WNnVjU1uwySl+YEZ9/VJN81
4aPAAP3ysVqN5eTeK17RXklAkl+faC/7B07hzpMmPxm8qqo8XfergzjYGZfLwM/q
4NzN+2iBJbs04J/oWEDWRtcizgTwduu8nKGi2s73WyhVW9GoEgMevF71MRSPqtBK
LNHYVjdk04+Dum3KueUn+Uwfg/mLIY1QOgSnFg2AD58BjPFh7gLm78ZczG4q7Nr/
nnBUxpnYduQ/yAfRZPU50WI9+yvPBI9+7FweUH0vWlmsH42khTCd5Ijv02zGIbf+
pMsm49JLPLhNpgmg2jtF1TwOL1C2t+0YMeHPHQVV9pBsSMOp8peKS9hR86xPlfrN
qHc524TKpoiym/HR3KwQWhjrvjVUsbdRW5eVO7qFTm2OB9/BERU3sgbyXNvYGZQF
ES/T75FrDRh+ZHZIoo3i5q2/j6pQHw60zXeQz/7i+7S9dk7WWAFkzzzybsiwAbk4
6HwdYdsnHMZ5+kPnI69mKMj2ogNAlvFlknpCSSPiQFvgONN5j1slNUy7EEAfdhuJ
QxqN26991iE3xVD+qX4Gveqom1xjQ7rP7W6QfSrtpGckqeIa+jdhtQTYkyIBhJak
xlhjR5+PBO0VWOQSZOTSzVTL/71j5fK+GIblLaZ8wrSuO5N6BBpZucZ2HLBBPD45
hAkpaidhdmB8S8+0fmV5+iO7SjWguHgmfxavSqSYad09St7SD26HTgEDnaO3CVRm
AEoEMSt/YrS9bsLF/kHYRNOM2tSNGuARAfeNDKQuvRufKmTklJJ5anu7gXWlb5av
zDGSa/5woyBDhYOWWpnkLpHbJCvMHkiPZ036sXI+4czz5Oe3GpAfqGsGhKA6evm9
uI/xU+WF5ohdXPRhnzc6210EPpGLQFsq2WXbIuwu7Z7pylYICn3VjkA07gNLaNYu
nLIzrj/o3PbMs+owEgBJ+4lSOSkqGehY1tHeGlZY+zAFTg+VfB7Jtt1hK52ijPqn
mU+s1UXORlpl6zv9amyOrAenie0DBZff4IsnIfFbvlLCncSBCRpORDfdJmgeuJZS
Hfdamp4l1BsMjgDlD5jL0uhoTaA3lBW9E2w2+LcO6fv5NTpmSj7SKp8qhdfrnTZf
aMg=
-----END ENCRYPTED PRIVATE KEY-----

1
Kanzlei-Kiel/openvpn/keys/crl.pem Symbolic link
View File

@ -0,0 +1 @@
../crl.pem

8
Kanzlei-Kiel/openvpn/keys/dh2048.pem Normal file
View File

@ -0,0 +1,8 @@
-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEA65veL5KM+oaBkAiw3yXGFifQF5Ex5gIPVGhxN+cPWWjAEbV/n/jx
BDmxQ9zBfA74z6o+zqifNJxKYPeIzHOcXrZo3rXdZ8OjzIRRKNpHHJ57EnRrgjAb
wNCFqMOshZE6CgmFcBqC52jGrcE5LIiXI3fYSGdQpB6o+tOu7AMmRdWmuuWnlFN0
IZvI6xFxmLoKNK8/EtjFb4BMnBd9MNV1s4t7dJEos4IQ9jKvx9am4NJRTKavmbmM
t96DPguyce/CGeBdVGKA3XEPR1MeGLGtd6r9aZC3243vRU3R23cWmAQXFJn96QNm
Zt2f5tNA/3ep87/kFKrin1mnRAe001h08wIBAg==
-----END DH PARAMETERS-----

98
Kanzlei-Kiel/openvpn/keys/doro.crt Normal file
View File

@ -0,0 +1,98 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6 (0x6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Validity
Not Before: Jun 27 23:42:32 2017 GMT
Not After : Jun 27 23:42:32 2037 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-doro/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c6:3d:01:a9:e3:1e:54:11:53:26:ae:ab:33:8d:
91:e4:f6:ba:08:3d:8c:37:14:83:84:97:83:e4:80:
fd:04:b4:3a:f7:18:ce:d8:72:86:49:c9:f0:f4:7c:
cf:66:cc:8a:3e:5e:18:12:6d:f9:2d:ac:56:17:15:
0a:1c:94:62:17:f4:2e:b1:3f:81:c9:51:4f:0a:45:
8e:b4:ce:0f:bf:cd:cb:c1:e8:21:7d:dc:0b:13:74:
aa:5a:2f:29:3d:ec:63:13:2a:46:98:8c:ba:01:64:
a6:46:83:d9:22:1d:dc:d5:f5:19:5f:0b:39:88:39:
57:92:31:5a:8d:50:7e:a6:4a:ff:9e:57:77:c6:0f:
65:95:1c:a6:7a:6f:9f:03:00:15:e6:50:7c:49:62:
72:d8:0f:27:ea:84:f9:91:d5:b0:d2:86:23:78:bc:
cb:d9:33:91:30:28:75:13:46:38:a1:ca:20:66:3b:
28:58:3c:21:a9:e1:94:42:92:52:96:2d:51:16:bd:
a2:d3:32:ab:95:b3:3a:92:95:b6:20:bc:d6:5d:dc:
5f:a8:51:f0:d6:9e:22:ca:17:30:d1:c5:9e:f7:42:
cc:d5:56:b7:e8:43:fd:b7:5d:8a:c6:40:9b:39:ba:
61:42:6a:3e:3d:82:44:15:ad:43:a4:08:79:e0:61:
b0:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
BE:2A:6F:2C:EF:0C:B1:1D:B2:48:5E:3A:68:14:9B:EF:BC:E5:E6:86
X509v3 Authority Key Identifier:
keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
serial:FE:59:AD:5E:BE:90:05:3E
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:doro
Signature Algorithm: sha256WithRSAEncryption
9a:3d:1f:11:18:ff:a9:0b:b0:38:95:4a:98:69:a9:76:65:10:
d0:5e:04:60:da:81:46:bc:44:dc:55:a3:59:4f:24:b7:27:ff:
c6:b5:28:10:59:b7:b9:5e:78:c4:32:d6:f2:4c:e6:aa:05:75:
68:e4:fa:8b:84:98:c1:65:1b:f5:f5:1a:a6:66:3e:a1:27:58:
8b:ad:e9:b1:6e:e9:e4:92:08:96:18:ac:c1:d6:48:33:45:18:
14:f9:75:75:3b:a1:2b:4f:23:4d:de:34:0b:6e:a0:95:25:fd:
8b:89:d9:d6:dc:47:b1:c5:35:d1:ac:8b:29:a8:95:f3:a4:c0:
54:a0:7e:15:97:de:6d:4a:27:98:af:e2:0c:4c:28:94:b8:ab:
15:2f:0b:29:32:13:2c:ae:46:c1:52:87:88:8c:43:a4:47:b5:
b3:85:68:57:de:5a:95:a8:c6:69:56:07:52:15:6b:88:67:27:
3a:23:36:57:8d:c9:e6:76:75:06:fd:00:e9:f8:d6:b0:d9:d0:
4e:4d:9c:4b:8a:1f:84:fd:86:19:52:d9:9c:0d:30:cf:65:c5:
df:d8:b8:90:9b:7e:01:cc:07:ae:94:16:15:df:40:22:68:70:
c1:4d:3c:f0:e5:93:2a:d8:8e:4e:bd:13:09:0f:eb:ba:c1:f0:
9b:ae:67:97
-----BEGIN CERTIFICATE-----
MIIFaDCCBFCgAwIBAgIBBjANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzA2MjcyMzQyMzJaFw0zNzA2Mjcy
MzQyMzJaMIG5MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
aWNlczEeMBwGA1UEAxMVVlBOLUthbnpsZWktS2llbC1kb3JvMRkwFwYDVQQpExBW
UE4gS2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4u
ZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGPQGp4x5UEVMmrqsz
jZHk9roIPYw3FIOEl4PkgP0EtDr3GM7YcoZJyfD0fM9mzIo+XhgSbfktrFYXFQoc
lGIX9C6xP4HJUU8KRY60zg+/zcvB6CF93AsTdKpaLyk97GMTKkaYjLoBZKZGg9ki
HdzV9RlfCzmIOVeSMVqNUH6mSv+eV3fGD2WVHKZ6b58DABXmUHxJYnLYDyfqhPmR
1bDShiN4vMvZM5EwKHUTRjihyiBmOyhYPCGp4ZRCklKWLVEWvaLTMquVszqSlbYg
vNZd3F+oUfDWniLKFzDRxZ73QszVVrfoQ/23XYrGQJs5umFCaj49gkQVrUOkCHng
YbCbAgMBAAGjggF8MIIBeDAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5
LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFL4qbyzvDLEdskhe
OmgUm++85eaGMIHpBgNVHSMEgeEwgd6AFE6CHhSB65vIcSyxImiQv+7Z1P/UoYG6
pIG3MIG0MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
czEZMBcGA1UEAxMQVlBOLUthbnpsZWktS2llbDEZMBcGA1UEKRMQVlBOIEthbnps
ZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlggkA/lmt
Xr6QBT4wEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA8GA1UdEQQI
MAaCBGRvcm8wDQYJKoZIhvcNAQELBQADggEBAJo9HxEY/6kLsDiVSphpqXZlENBe
BGDagUa8RNxVo1lPJLcn/8a1KBBZt7leeMQy1vJM5qoFdWjk+ouEmMFlG/X1GqZm
PqEnWIut6bFu6eSSCJYYrMHWSDNFGBT5dXU7oStPI03eNAtuoJUl/YuJ2dbcR7HF
NdGsiymolfOkwFSgfhWX3m1KJ5iv4gxMKJS4qxUvCykyEyyuRsFSh4iMQ6RHtbOF
aFfeWpWoxmlWB1IVa4hnJzojNleNyeZ2dQb9AOn41rDZ0E5NnEuKH4T9hhlS2ZwN
MM9lxd/YuJCbfgHMB66UFhXfQCJocMFNPPDlkyrYjk69EwkP67rB8JuuZ5c=
-----END CERTIFICATE-----

19
Kanzlei-Kiel/openvpn/keys/doro.csr Normal file
View File

@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIC/zCCAecCAQAwgbkxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
IFNlcnZpY2VzMR4wHAYDVQQDExVWUE4tS2FuemxlaS1LaWVsLWRvcm8xGTAXBgNV
BCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBv
b3Blbi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMY9AanjHlQR
UyauqzONkeT2ugg9jDcUg4SXg+SA/QS0OvcYzthyhknJ8PR8z2bMij5eGBJt+S2s
VhcVChyUYhf0LrE/gclRTwpFjrTOD7/Ny8HoIX3cCxN0qlovKT3sYxMqRpiMugFk
pkaD2SId3NX1GV8LOYg5V5IxWo1QfqZK/55Xd8YPZZUcpnpvnwMAFeZQfElictgP
J+qE+ZHVsNKGI3i8y9kzkTAodRNGOKHKIGY7KFg8IanhlEKSUpYtURa9otMyq5Wz
OpKVtiC81l3cX6hR8NaeIsoXMNHFnvdCzNVWt+hD/bddisZAmzm6YUJqPj2CRBWt
Q6QIeeBhsJsCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQCemhex89Bim//Ou26k
1Yi9FGq3F4nayTfXRshqdGV/PRL7VsCZX3pkrt1cdVvCBP7limZpp3od63CyOR+9
bQemL8U5oIFygNQ2jGSw+2HqzcOVuhAr4w20udCf1VWdcD2LdjjPEvcgRldEBiTN
5yEK7Ln0ZZfZxI0fRJngsNjtvzqeZyOIRb6Swt2jtwc97uc9OKo/ZrQCnEm23vyI
rA1g0SzqwZBAtaUhVbPQte5SmuvYpqhpB8IHZVnO1V4y0EIEeZdpELiFB0t/a6qe
hwstnn00ovcLUE0vFgwjKbZBhSfkziUzzCgVjfbECC/wIl+QQtl6iNYlK6bjKKy6
tHe+
-----END CERTIFICATE REQUEST-----

30
Kanzlei-Kiel/openvpn/keys/doro.key Normal file
View File

@ -0,0 +1,30 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIvNHp38mi5asCAggA
MBQGCCqGSIb3DQMHBAijnDzI3KVJNgSCBMj1yRY6UmdvI/CpJOZ6b2GsUFF6qAga
w4BkahAck3p+VZDpYmXdO6t55U2vSty/SoiKWAUrFPnhtHqpo0g6Bo7JNysjmg0T
elf/+QJpAOYcJfRpBdDx9ct5R2oieYtUXGwIXEwD5YAAWPRnrSqlVqEK6Q2yhIvg
uqEkGQwIVh4S/32FLUleU6g/DrbgZUPhUlmuH78rJFAGMN+8OGXErY0vyHFJDQoy
Xf10tUA/34193Bqij4UxnDuS7ysKUZcoqFq73NIr53+Hlvkl+1dfoo8yU4VFf/nQ
Eh16pDpT4lIFI5IWXsjyAzM8ZpkX2siLHuGIl7lPYCo8biwY3Cc49csspdW1XET6
1kGxQnX4HjqzKsQ8XNNvR4glFbEPd9fdF/wXudBmie2vljDi22vDXhnToMQYuGIc
nabSSK7khaFu1X4kdFAiEtNnr0PkPPFVi5l08IPa86mMGIAcZ4x20yumpKsdakUM
oCxEA2eUlWfQSMfwaMTSHDjAG27ouy0r69bwPcOXrvRMw6Z0H8rVRHxIYbys2JJj
KWGoJAI2+fcGuEDKv5YUaOj72AttwfRPXOZwZveLrHuVxbWlFnYf9NdjGxbuxq+4
3qfpSM++Kc559Pt16C6bar5u+gY3cRrXORBMUXOQ6Zs6Zwfw5mNNPneX15puEYc0
72F3Qknxh72Sooi7VMJHkNFa2lvf2uciBURivTUy/YfpC+tXVyePtlRdSDyDnj2T
Qg6no9L0kh/EMUmbOLVo7w9XLQ7Z9PRirEam8/JkoGVX8d03cfeMlri6xhhs/GKs
4YwoMEA2TsH61Kk3j/BthjO9r/Sowa9aX2wgHxNblYUxOBmVIYBKVI6qMKjqH0ua
geEo3yOYaIA3Nz8M38boyuhReMx3Tuy0SIHvQU4eVsoobWockC+njS9uDV5UBiUC
AcGcdgBOZKSGNMjVSRpJHZQR66dPgGj3gbikmBIx6vjo5pXtN4TFBt216g6m5oDM
tvm0yMB9HWceZstmk3Y0NzJ15bEVDy9uzWGPtKaZewO1kgf5GSArdrxwAB+s5SD5
Qzo2s99OGOaO0oMGidQnuNgRqjpfTY/KMk6lBmJRQZ0+kUybZcoj40lYrFMVL0P/
SoLQYJF8OHVZ0fqXM7v/e6lHqAc3NyyGktr0iMueHETPasyVCs55w77JEj0GleMB
jueQ6G1jxkixlIma5kJKCzaileMzFewrWb72bS6zGcH+JSMqmISD7AMWDiuPXp7M
rXZXgJ2N2Sp5azBYvfOGtYaiiDH8avGVem/MW5q0s3FtfT7JaycE20HLx69P5TFH
ATRUtsoMU9QnnWwH6QN8S0tcB1pgRm3tJzoIWqYtau3EPwmll13GA+IqwaQHzlUj
ftf6Wtc1R+khK5Eq5y7TUyfrwzDSF1duTtg/5mkrZ916Lnu+QPJ+TJ738eOB6fqZ
1JW1UnxsizHpUMZWdPxQEjRWfRZpcjHK2D2CIipxLNfxo/W/85DG4MvACv71JErV
CYL4Pc7Kuf9rXI6TzE9GPYUxMQrFWX3Hesb+fDAsKRCLJBoBqeS4eE8b2V8Mq5zV
Uhd0TPZkk1VFDUFJBTyRW8skxjM/Vmi6fmIYW80hJUvLHtOJIQFg6+n7pnb/HPFn
e7o=
-----END ENCRYPTED PRIVATE KEY-----

99
Kanzlei-Kiel/openvpn/keys/gw-ckubu.crt Normal file
View File

@ -0,0 +1,99 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Validity
Not Before: Jun 27 23:24:59 2017 GMT
Not After : Jun 27 23:24:59 2037 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-gw-ckubu/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:cb:3a:12:41:57:f6:08:8a:9d:c8:f2:7d:de:eb:
9a:0a:05:44:82:28:16:30:bf:be:20:50:93:61:6f:
a4:ed:ae:61:dc:2a:4b:61:03:a8:c5:c1:86:c2:88:
34:66:c7:49:3d:61:59:e9:d0:88:d3:ad:af:8d:92:
c8:5a:ad:a6:4d:0b:38:41:b1:85:61:34:8e:94:56:
55:d4:05:85:02:5e:6d:cc:3d:81:26:1d:93:04:0a:
38:d5:c0:93:22:00:93:bd:dc:1f:9b:af:1f:78:1c:
f1:2c:b0:11:7e:4e:cf:62:8b:ce:7e:e2:bc:b3:8e:
af:a9:c6:cc:f3:40:a2:30:d6:a0:4d:9e:3f:54:5e:
74:35:67:3b:c5:78:ef:f5:9e:b1:39:fc:ad:71:13:
e9:84:cf:11:55:78:59:49:26:e9:1e:35:62:66:8b:
d2:f8:d7:19:94:31:5f:28:6a:69:25:a1:f7:c7:23:
82:d3:48:e9:58:2d:b9:a7:8d:41:6e:dd:3b:cd:27:
16:bd:6c:4d:7b:35:62:fd:b7:5a:90:ce:bb:6d:31:
c7:53:b0:df:aa:08:eb:69:d5:11:c6:66:58:8d:02:
61:79:bb:a0:fd:fd:8d:5f:67:26:8b:a2:d6:09:e5:
78:e2:f0:7a:2f:f4:98:ec:98:7a:a8:5f:f3:64:c1:
82:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
19:56:3C:B0:C3:18:52:DE:13:D0:D0:A6:B9:FB:E2:71:73:EC:63:2B
X509v3 Authority Key Identifier:
keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
serial:FE:59:AD:5E:BE:90:05:3E
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:gw-ckubu
Signature Algorithm: sha256WithRSAEncryption
bb:0b:05:a8:4c:67:80:ce:29:fd:b2:8f:9a:e9:3b:e4:40:9d:
9d:96:27:46:0b:4e:cb:0e:48:9f:4e:78:b4:fe:5c:93:f2:54:
c6:55:c2:18:7a:b0:c9:6f:f5:8b:a5:e6:87:0a:0d:75:23:6f:
cd:a2:32:d6:89:39:ad:46:3c:27:e2:cd:5d:8a:6f:7b:6a:43:
65:60:9d:9c:22:a8:34:52:a7:29:f4:c4:ba:65:18:86:70:6d:
82:09:d5:b1:4b:7d:f4:1d:5d:9f:a3:89:36:6b:62:7b:01:ea:
41:76:4e:22:b2:8e:b9:b7:70:e1:9e:76:d8:f9:f7:0f:67:1f:
fc:cb:71:4a:af:aa:60:91:15:f4:df:52:2b:c6:1e:3e:63:87:
cd:86:1f:52:fb:73:9f:20:d3:77:20:41:c2:fc:b7:34:93:6e:
8f:6f:55:3f:9f:e9:17:1d:23:63:84:d1:55:94:bf:b8:9d:46:
f4:d9:bf:1c:09:99:b4:dc:d0:b1:65:d0:3b:d6:94:8a:fd:78:
c4:b3:d9:52:24:6d:88:56:f9:ff:bb:d9:c3:c8:0c:3d:b6:60:
ae:5d:2c:3a:79:2d:fc:3c:46:05:a1:9d:e7:ba:07:f7:f2:48:
88:1b:21:36:49:72:9a:e2:a9:6f:ca:84:89:f6:83:ea:0d:b1:
d1:95:1f:16
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzA2MjcyMzI0NTlaFw0zNzA2Mjcy
MzI0NTlaMIG9MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
aWNlczEiMCAGA1UEAxMZVlBOLUthbnpsZWktS2llbC1ndy1ja3VidTEZMBcGA1UE
KRMQVlBOIEthbnpsZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9v
cGVuLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyzoSQVf2CIqd
yPJ93uuaCgVEgigWML++IFCTYW+k7a5h3CpLYQOoxcGGwog0ZsdJPWFZ6dCI062v
jZLIWq2mTQs4QbGFYTSOlFZV1AWFAl5tzD2BJh2TBAo41cCTIgCTvdwfm68feBzx
LLARfk7PYovOfuK8s46vqcbM80CiMNagTZ4/VF50NWc7xXjv9Z6xOfytcRPphM8R
VXhZSSbpHjViZovS+NcZlDFfKGppJaH3xyOC00jpWC25p41Bbt07zScWvWxNezVi
/bdakM67bTHHU7DfqgjradURxmZYjQJhebug/f2NX2cmi6LWCeV44vB6L/SY7Jh6
qF/zZMGCZQIDAQABo4IBgDCCAXwwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYe
RWFzeS1SU0EgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQZVjywwxhS
3hPQ0Ka5++Jxc+xjKzCB6QYDVR0jBIHhMIHegBROgh4UgeubyHEssSJokL/u2dT/
1KGBuqSBtzCBtDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UE
BxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2Vy
dmljZXMxGTAXBgNVBAMTEFZQTi1LYW56bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBL
YW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJ
AP5ZrV6+kAU+MBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDATBgNV
HREEDDAKgghndy1ja3VidTANBgkqhkiG9w0BAQsFAAOCAQEAuwsFqExngM4p/bKP
muk75ECdnZYnRgtOyw5In054tP5ck/JUxlXCGHqwyW/1i6XmhwoNdSNvzaIy1ok5
rUY8J+LNXYpve2pDZWCdnCKoNFKnKfTEumUYhnBtggnVsUt99B1dn6OJNmtiewHq
QXZOIrKOubdw4Z522Pn3D2cf/MtxSq+qYJEV9N9SK8YePmOHzYYfUvtznyDTdyBB
wvy3NJNuj29VP5/pFx0jY4TRVZS/uJ1G9Nm/HAmZtNzQsWXQO9aUiv14xLPZUiRt
iFb5/7vZw8gMPbZgrl0sOnkt/DxGBaGd57oH9/JIiBshNklymuKpb8qEifaD6g2x
0ZUfFg==
-----END CERTIFICATE-----

19
Kanzlei-Kiel/openvpn/keys/gw-ckubu.csr Normal file
View File

@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIDAzCCAesCAQAwgb0xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
IFNlcnZpY2VzMSIwIAYDVQQDExlWUE4tS2FuemxlaS1LaWVsLWd3LWNrdWJ1MRkw
FwYDVQQpExBWUE4gS2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1h
ZG1Ab29wZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLOhJB
V/YIip3I8n3e65oKBUSCKBYwv74gUJNhb6TtrmHcKkthA6jFwYbCiDRmx0k9YVnp
0IjTra+NksharaZNCzhBsYVhNI6UVlXUBYUCXm3MPYEmHZMECjjVwJMiAJO93B+b
rx94HPEssBF+Ts9ii85+4ryzjq+pxszzQKIw1qBNnj9UXnQ1ZzvFeO/1nrE5/K1x
E+mEzxFVeFlJJukeNWJmi9L41xmUMV8oamkloffHI4LTSOlYLbmnjUFu3TvNJxa9
bE17NWL9t1qQzrttMcdTsN+qCOtp1RHGZliNAmF5u6D9/Y1fZyaLotYJ5Xji8Hov
9JjsmHqoX/NkwYJlAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEANX/XLGR0DYwR
3r9pIWy6Y1EzF5oS+eP2dz0abeUWHp39/lhc6CSGQROoFUk1klUR8f2E8At/qTR0
OVBrutEZkQI77s7G9QItdpTV8yEoXeZd34h15fh78LRGfa94SCWHpCkZgD11Y60G
Tcju1sbCdg7lZE6HUjwOED83sosBlcTgwCeoPwHprvbNWCt/zwACUezzaZpgnGEs
h/MHvuHr/c4oqgoil3sE1gcS/MyZbXQUyZlVivdqQgx4EEkt1J5FpxZZb/185IxA
/eZqVhf598agAcWrBA+Vg3WKegUiTYB3ZKHAQ4D025KThDAR3aK6LPo8prKmIp2D
OTZYm+w1/w==
-----END CERTIFICATE REQUEST-----

30
Kanzlei-Kiel/openvpn/keys/gw-ckubu.key Normal file
View File

@ -0,0 +1,30 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIgzdhh+GFVpkCAggA
MBQGCCqGSIb3DQMHBAhQnYHUELQpXASCBMicbtCdvVEgK+pV8reDVVuacqqeIwQV
OIa/MCryNPukqS0P10WT6SLzIN2c/A3jVAmHbm+E5Zvk6bX5LmmAIClEulVnZsbV
qeXz/jlbKBZAj4hYVmvUfKMQUj99Hnn6JdGfEgvYauQIzhwujHvAyV7kfXufEQxj
kUrE5U97HPfbVj4f2kUNNcLU3gSX91ILoO5lGDUcTpceYQXO00EI0ftsdHp+qKgc
7kJ/ntt779n72r99BaFMXZ5V/DSuQeNvKE98+PIRQF1ffDW/aJZq1B1MUJC83esO
VC2Fxg3ZNRNTcyQXC2MzQ7ZLkQWdPOsElcZ1NDqrEXUQtbrVfNCjuFvPPNeorld0
3uLFOytLv0OTc/AMDmEFGMap8XmWBK4g63Rhi3WIwxECYp6+s7uFu5VC54poD0Fm
aerMKnVadW9FbH69Oe5+hfhRlJ6N/H5Wp5XMCl2ttzSFcZhiiufuTjaxUgAF2vLP
xKtrQAIQkOZJabeGrJR8zzIN/FsziWh8xHbnl3aO6gXS5SDpIypBADEvc2aibEAC
DhJkCasUTzETpZVdRfBD2CHXk0krg2HHo3HUyw8nb4aZg9EbbMiLK113hWDCr2z3
evhJzaTdZUvJlgNGTcLOd1ZgLpwXIil4r54LsT4A1skZ7CNgO1zVzxo/sBZ9V5J/
PMdhTmPeqFXwHp6cA0+Cr4r0oqEBbJ0OjjwtXA8RvbTDBkKi3Bq0YgudSoJ6mgt/
SwlsiL+FFQWnhhgWMfXXS7qEzTgHgkBM7AgupJYo2VqU/pcLOxSvbLs35MMj2cij
Bj12/78AqHDGEwlAhyD31ndTC4Lbpy/VcBcDi7RByXPgHH2R79qXuS1WQJD5Y2CT
UvkCFLCz+zlxyMFzRhJ+rTXPiCQTwtrnMRYmZTR+YyPa/nJcXJ5OH7aq6ypuP50C
IeeBci5fEuiBqEH1QPmUx/ByMXVhybxUnuN0V0u4TtJJOzQrXKDz3tulklVBFFp2
MFTU+20jAMxVmVHz03fCORZSjKShubS8AJR823lXXlW0CtcwErRqjyJyxk4svnJ9
bRENRA+5G329kCxGm04AO4po+NCf1w08wRTJsTE9GRzDKu3i27J5jf8SxfzbCX+5
isjOyhEgnTkM3fMWRk9t4ZSsKIg+BqwtwYQJq1AI6Now3FhxfGt+0jfO43jBOa8u
5LnTO9uZzJL1Go0LjsFS2kL6MGQ6wYtsG0Rl2KpUtuzZgph7BHbxUMYY1UUES8tp
S1fC9u3NIb/E4179WHzle5wBbUEZtHXxbfWzIi9fwQSKgJ3LPsjaVEjPknpzy9Sv
sfZKsef78D9XynCAyqP4GU1nvpLaZ8+SGPiuvXc1kjHgrUm06stmvXG4Tsxiv0Ag
aORlceD+G4tUms67AkeBWTZ+wTKukN6dfgbZqQxSC6ut0JkkDdoMOdSAl2E88XXj
/vJHw4YdaKsCuxcL7nVIX4fiL8E8Vr/haqmaj9xBvkXorqtpPHWiyn4+aW1ZVONe
1+kioFYClC3faJTQA1oFPfUcq38HNtLtHHh4e/JtjnYH2WE4C3vZCkEnZ60KwVh2
7S/Sc7lu5UEyCkiKudCfX59vWRpxrzBcLy6rlncqtpWtipQjBLU24mihofJvKRBO
qAg=
-----END ENCRYPTED PRIVATE KEY-----

6
Kanzlei-Kiel/openvpn/keys/index.txt Normal file
View File

@ -0,0 +1,6 @@
V 370627231701Z 01 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-server/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
V 370627232059Z 02 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-chris/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
V 370627232459Z 03 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-gw-ckubu/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
V 370627232640Z 04 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-axel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
V 370627233437Z 05 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-pc-hh/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
V 370627234232Z 06 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-doro/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de

1
Kanzlei-Kiel/openvpn/keys/index.txt.attr Normal file
View File

@ -0,0 +1 @@
unique_subject = yes

1
Kanzlei-Kiel/openvpn/keys/index.txt.attr.old Normal file
View File

@ -0,0 +1 @@
unique_subject = yes

5
Kanzlei-Kiel/openvpn/keys/index.txt.old Normal file
View File

@ -0,0 +1,5 @@
V 370627231701Z 01 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-server/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
V 370627232059Z 02 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-chris/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
V 370627232459Z 03 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-gw-ckubu/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
V 370627232640Z 04 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-axel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
V 370627233437Z 05 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-pc-hh/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de

98
Kanzlei-Kiel/openvpn/keys/pc-hh.crt Normal file
View File

@ -0,0 +1,98 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5 (0x5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Validity
Not Before: Jun 27 23:34:37 2017 GMT
Not After : Jun 27 23:34:37 2037 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-pc-hh/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a8:75:0a:f0:f5:5e:f2:5d:05:60:43:b9:b5:10:
e4:0f:19:fc:2b:bb:59:d0:b9:59:6e:f0:f5:88:ec:
5b:2d:6b:97:6e:2c:a1:c8:40:bd:03:23:0d:90:69:
22:2c:4f:4c:a1:2a:e9:29:a7:8f:c7:0b:b8:f8:04:
3e:2b:7c:1e:14:a8:4f:d7:32:1e:dc:cd:4f:31:f5:
80:51:5a:1f:2e:f3:01:3a:c1:3a:8a:ab:ef:8e:41:
e3:09:7f:9a:4c:a7:11:e2:c8:e1:5d:9c:6f:57:31:
ad:ed:28:c7:70:8a:2b:c5:3f:bf:28:e5:aa:f8:41:
22:fa:8b:4d:35:10:4a:0c:42:9f:83:6b:f2:05:6b:
84:36:59:88:e9:f6:f0:43:64:e6:9a:9b:a3:37:26:
a9:33:93:03:4f:71:16:d4:29:ce:c6:ea:e8:af:34:
98:33:ec:1f:23:80:97:93:be:2a:97:f0:38:3f:a9:
bc:40:60:73:24:c5:ef:25:bd:64:39:6e:b6:d6:75:
a2:11:0a:d2:5e:5a:8b:2e:8c:f5:84:2e:bd:16:b1:
16:f7:1e:9b:bd:04:00:27:e1:15:45:60:f9:86:58:
70:39:eb:1e:4e:93:cf:0a:7b:39:44:33:50:74:83:
a6:b6:30:43:c8:af:cc:0a:bf:66:ad:22:c8:3f:81:
35:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
7C:B4:73:C3:8B:56:98:7E:8A:0C:20:58:7D:94:1B:B6:D8:56:83:C5
X509v3 Authority Key Identifier:
keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
serial:FE:59:AD:5E:BE:90:05:3E
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:pc-hh
Signature Algorithm: sha256WithRSAEncryption
a2:54:ef:2a:43:8d:28:8e:06:72:42:61:e2:a3:0c:1f:d9:a9:
7b:78:70:0c:9b:24:ad:8b:a6:db:27:4c:e9:d9:de:ad:fe:fd:
d4:dc:3b:ec:2c:dc:3d:29:7c:03:0c:da:1f:c3:f7:f4:63:e1:
c6:3a:a1:9a:a4:0d:34:06:58:ab:e2:62:3f:9b:9e:ae:77:56:
f0:1e:a3:00:dd:7e:20:7f:95:5f:5d:19:65:a8:4f:a7:1a:04:
84:c7:8f:a9:b8:c3:3b:f9:1c:d9:0b:2f:03:a6:fa:c9:cb:60:
92:d5:80:cf:d1:12:d6:0f:80:e7:23:2c:ed:f6:1e:50:1d:2d:
c2:5f:72:bb:fa:54:99:43:aa:e1:a4:78:cc:5a:32:be:1b:e8:
02:f5:ad:58:29:c9:a8:ca:f6:e4:e7:47:ad:9e:7f:83:42:4f:
cf:dd:ea:95:00:1b:bf:c7:00:92:b1:1e:d4:e3:ae:19:f3:5f:
00:5d:d4:46:ca:84:82:1e:db:c2:2d:07:ab:30:1c:7e:a4:79:
c7:9c:2d:6e:3c:22:d3:a2:cf:2b:ad:75:81:0b:3a:f6:c1:71:
9e:cb:39:14:17:c8:f2:a0:0e:ca:86:51:75:a6:35:c9:70:3b:
b7:45:e7:a3:81:35:99:77:94:26:42:a3:84:92:75:45:60:bb:
93:ec:6b:b7
-----BEGIN CERTIFICATE-----
MIIFajCCBFKgAwIBAgIBBTANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzA2MjcyMzM0MzdaFw0zNzA2Mjcy
MzM0MzdaMIG6MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
aWNlczEfMB0GA1UEAxMWVlBOLUthbnpsZWktS2llbC1wYy1oaDEZMBcGA1UEKRMQ
VlBOIEthbnpsZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVu
LmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqHUK8PVe8l0FYEO5
tRDkDxn8K7tZ0LlZbvD1iOxbLWuXbiyhyEC9AyMNkGkiLE9MoSrpKaePxwu4+AQ+
K3weFKhP1zIe3M1PMfWAUVofLvMBOsE6iqvvjkHjCX+aTKcR4sjhXZxvVzGt7SjH
cIorxT+/KOWq+EEi+otNNRBKDEKfg2vyBWuENlmI6fbwQ2TmmpujNyapM5MDT3EW
1CnOxurorzSYM+wfI4CXk74ql/A4P6m8QGBzJMXvJb1kOW621nWiEQrSXlqLLoz1
hC69FrEW9x6bvQQAJ+EVRWD5hlhwOeseTpPPCns5RDNQdIOmtjBDyK/MCr9mrSLI
P4E11wIDAQABo4IBfTCCAXkwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFz
eS1SU0EgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBR8tHPDi1aYfooM
IFh9lBu22FaDxTCB6QYDVR0jBIHhMIHegBROgh4UgeubyHEssSJokL/u2dT/1KGB
uqSBtzCBtDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMG
QmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2Vydmlj
ZXMxGTAXBgNVBAMTEFZQTi1LYW56bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56
bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAP5Z
rV6+kAU+MBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREE
CTAHggVwYy1oaDANBgkqhkiG9w0BAQsFAAOCAQEAolTvKkONKI4GckJh4qMMH9mp
e3hwDJskrYum2ydM6dnerf791Nw77CzcPSl8AwzaH8P39GPhxjqhmqQNNAZYq+Ji
P5uerndW8B6jAN1+IH+VX10ZZahPpxoEhMePqbjDO/kc2QsvA6b6yctgktWAz9ES
1g+A5yMs7fYeUB0twl9yu/pUmUOq4aR4zFoyvhvoAvWtWCnJqMr25OdHrZ5/g0JP
z93qlQAbv8cAkrEe1OOuGfNfAF3URsqEgh7bwi0HqzAcfqR5x5wtbjwi06LPK611
gQs69sFxnss5FBfI8qAOyoZRdaY1yXA7t0Xno4E1mXeUJkKjhJJ1RWC7k+xrtw==
-----END CERTIFICATE-----

19
Kanzlei-Kiel/openvpn/keys/pc-hh.csr Normal file
View File

@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIDADCCAegCAQAwgboxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
IFNlcnZpY2VzMR8wHQYDVQQDExZWUE4tS2FuemxlaS1LaWVsLXBjLWhoMRkwFwYD
VQQpExBWUE4gS2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1A
b29wZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCodQrw9V7y
XQVgQ7m1EOQPGfwru1nQuVlu8PWI7Fsta5duLKHIQL0DIw2QaSIsT0yhKukpp4/H
C7j4BD4rfB4UqE/XMh7czU8x9YBRWh8u8wE6wTqKq++OQeMJf5pMpxHiyOFdnG9X
Ma3tKMdwiivFP78o5ar4QSL6i001EEoMQp+Da/IFa4Q2WYjp9vBDZOaam6M3Jqkz
kwNPcRbUKc7G6uivNJgz7B8jgJeTviqX8Dg/qbxAYHMkxe8lvWQ5brbWdaIRCtJe
WosujPWELr0WsRb3Hpu9BAAn4RVFYPmGWHA56x5Ok88KezlEM1B0g6a2MEPIr8wK
v2atIsg/gTXXAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAW4FTknRBM68NfbMf
8aMh0tfvSo69el5G62J4c62Lmbeu9tGcdjDhFOloHkkKG2ZqYw1NjSn/YvWKodIn
1JlGkVORZK+yXKTZcBpM2QmAr2S+/+TU9pyC6hNCsIPkelkTvJT01ro91/Q/WIHI
J+ZLE/eIF7NYMlLdM5hZBqjKRPt6m01xcb59kW5StyuwXOP0YVfuAbN0qlOnsCI5
yJKFOzJLXBnk1oVVx78hW0A5IuksbPWwnqcD5UVlMD7d7xWyOLsusgZYdVY+okug
fVgQkep1b6u1jLvjjWaj2tWWLR0umhnYnd/zMaXtwoBw4+dpeTRtEc4vOTYN/R/X
qTD0xg==
-----END CERTIFICATE REQUEST-----

30
Kanzlei-Kiel/openvpn/keys/pc-hh.key Normal file
View File

@ -0,0 +1,30 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIefX2XmGgePsCAggA
MBQGCCqGSIb3DQMHBAizPSbL1LAAGwSCBMgzSc0NUQFg5MHzG3x32yPhfeSpB/vI
voJVf+8AiWccB+eCqLuvOPJGXw+0LUXnyTmQ0oFu+Tg870FjwIr/nan76rBwFIGj
5dTKAtY/Wz8FG0l7VkdSIorI7jLON5xsmmYH1WqB2pEGD2SNrw8rJEzb+Gq2EzHt
+jeAJzXkfUPjTqNpDhHLZbEof/egtm08VbSrblnnyd+vQqemFyhTTqjGtkSlTtrK
LKS8e7m75AdW02Gl+2misibi0esHeVKBFW1OhXPtw9tmWIDNFAOX99BzVLiJNGxK
SMitMZf6Z3toWoyiov0ijGkKg/MmLDfHsakGg46Pauu2e4C7/oNJnX3V+RAoqNfk
+nJ61AX/951mGDepgnnDTQaQMlOFWyfn0eIGbwTP6OTB5Mh5vRhqtYrZkWn27Nsb
6ai3eR17D56H0IEQhGx6mXgzGJgkDvmd1UvFeDow/yy5uk6Ex1igYGGTXs6l52Lx
RAb0jZBKEHp/x2d0q7b0tgr8t53FiWY5jLnqr+0SyYmEmtUdR8nMRB817l+L9qYx
b9D0VGeIvYgDmrxRBaLB53psXjJpd2/GevEJxQ3MkHGf19pX8E20IeEdXTK00lrm
m0ZZVwkb6ryF1vSKDXatDYBf3ZClRbwyveMcmCxvqJcJ6GPKduviJAcPIz3ZPIlG
SxWxwH5fpAQN600hUFwFYRscLxywGavT+byawq8ErfnVHSH5Jvn9HWQjtbOdz7tx
apy1/uLK3pCB03cGniFU6wRxJSxnZXob861cxtk9dbpHelQBIkiBQSDrKzFsGk7E
UbDs9YtTnAq6OwonJcYuhpeappR4KrYIsUAC4SsLE6hPMv9+FQohnYL8LmtxhQdd
2FWEdcRkIzInRDPceEXoS3aOUmbsn6fx5A6v0R96bAPu0fYXhQyJmVAa+fH7blgF
8auDxPusYwiufjduA3GriPl33YiUz18ere7gbwU/dFEHbsONnOLykGsKmOvB+YzW
zj07vW+xViEglA4IV0q57Q3vxnm3NjVvmT2gHZ7G9CRQsiLrDVYQl8FC7c6kf8vJ
XaKHZW6xs0y5vlACrDj7oLHgSz2C3XA1bxgAUBMpqYpSe5MHtogbmMOsjBA4eAvF
nNxXQiiJzXilupZFejmkdnSnyVcBbPGEuS2kplqj72NxEVK3UoQsdJUoZ5/JjqnM
oWA32lsJDPhyFQ0yD/GvMwiM2CkfQ2j8HByNZhrPjCXFu2upeSuz7o7kukrFK694
A38/WByvnuUXB1dAY/NEYNn28LAZTwmKlEFW6m3EpURgxU8WV2RftEvPLekg6gCq
QleA4dQI0wZ65kAS8uF3iw+iPfhbH/aUJfR2lbM4W/lBUVuUKseCacRZZj5TXMu9
KahEkcZlDMOkt/vlpT7OencH+yoXMQWfSe34KS7d5EtGxBjTy7PiSSPN6dZqeygo
Lc7rnuNgXwGDtTZpIRyfbnwQoyRkLh+Jx9X3w/dzldGOd0e5R6hjoK0VqwGbYqpQ
Q2faURn4pB3kmPIOa5i2hqd9GSb9HmZAtxe7+Aka7Yb0rfn9o6i9TCISnaq2NkPg
wQZSKrboaydEmjWqzMn1LHlPXHI+OOpmgLPbENccx+Gj/VDN+qt+Rpdif1TJckMK
5XM=
-----END ENCRYPTED PRIVATE KEY-----

1
Kanzlei-Kiel/openvpn/keys/serial Normal file
View File

@ -0,0 +1 @@
07

1
Kanzlei-Kiel/openvpn/keys/serial.old Normal file
View File

@ -0,0 +1 @@
06

101
Kanzlei-Kiel/openvpn/keys/server.crt Normal file
View File

@ -0,0 +1,101 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Validity
Not Before: Jun 27 23:17:01 2017 GMT
Not After : Jun 27 23:17:01 2037 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-server/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:de:09:04:84:23:f6:19:a5:df:53:2e:a4:02:8f:
2b:b6:de:bb:82:19:e3:b9:f6:f4:0b:62:d4:51:a1:
c9:be:85:67:82:de:9f:97:af:92:ad:b8:d7:4b:69:
50:f6:61:d7:ce:03:0c:ee:46:2d:ab:b5:f6:44:a5:
a2:7e:86:db:ad:8d:12:35:e8:49:c6:98:45:c1:10:
3f:50:8e:2a:93:fd:e7:7a:4d:4f:e3:5c:2e:67:3f:
8b:9d:d6:11:26:1f:00:ff:13:47:dd:86:8b:ed:6a:
29:07:cf:c2:f0:a4:4d:c4:dc:68:db:a1:c1:43:55:
13:45:5f:41:f3:f0:9c:0a:ea:26:29:c6:e3:fc:ee:
9f:7c:86:f4:f0:c8:0c:5f:61:e1:b9:f1:bc:f6:02:
71:6c:07:fe:18:30:b2:8c:dc:18:50:de:5e:96:24:
04:94:14:ec:9a:50:a6:90:02:79:b2:1a:c8:79:da:
fb:06:7e:ad:a8:79:ef:92:68:3c:46:4e:5e:b6:bf:
f1:fa:bf:da:73:8b:c4:95:89:1a:e1:52:70:20:46:
48:8c:47:01:c2:13:56:c9:44:e1:a7:55:14:e5:41:
4d:ab:8f:d0:50:13:76:19:d9:f2:fd:8b:16:27:58:
dd:4f:18:83:05:70:c1:97:d4:68:41:d4:2b:63:89:
b5:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Netscape Comment:
Easy-RSA Generated Server Certificate
X509v3 Subject Key Identifier:
9B:58:FA:12:97:7F:35:4F:5B:72:6D:C5:68:AD:B2:76:AD:B9:F0:95
X509v3 Authority Key Identifier:
keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
serial:FE:59:AD:5E:BE:90:05:3E
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
DNS:server
Signature Algorithm: sha256WithRSAEncryption
c2:b9:b2:70:fe:e4:4f:9b:21:85:14:f4:4a:b2:b0:32:ef:0f:
a3:15:95:a4:f6:78:84:5b:d6:75:e2:a1:b4:57:8a:23:66:2f:
72:5a:21:a9:4c:38:b6:cd:41:a5:b4:3e:11:d8:62:1f:8a:a1:
ba:13:55:1e:3b:7c:4d:22:2e:cf:54:81:e5:0d:3d:05:fd:3f:
9c:fb:24:cb:be:61:96:ec:e3:e9:c9:7c:da:97:e8:ba:a0:fd:
a8:47:97:43:88:8c:b6:03:81:d7:71:49:f9:9b:9d:33:5d:6f:
26:79:b6:7a:d2:27:ba:b5:7e:c8:62:8d:76:75:96:7a:25:86:
21:e5:8f:82:8a:06:47:4b:59:32:1d:dd:81:4d:b9:ac:ef:93:
a3:f1:f4:65:09:10:d8:af:04:14:c5:1e:58:b7:6e:95:ab:ba:
f5:e8:39:65:dc:87:d2:14:b4:e5:e5:af:2a:da:b2:c0:49:e2:
07:1d:ad:b5:c7:48:c4:81:36:f1:45:09:b9:1c:ed:87:9d:da:
70:c8:16:65:26:44:5e:f3:dd:a7:eb:39:2a:80:23:0d:e4:d9:
62:3a:19:e0:60:9c:21:cd:8e:ad:b6:59:36:f8:86:4e:7b:32:
e9:8d:de:e5:4b:fe:c4:c7:fb:35:c6:6d:78:f3:26:65:be:60:
be:34:fa:f0
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgIBATANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzA2MjcyMzE3MDFaFw0zNzA2Mjcy
MzE3MDFaMIG7MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
aWNlczEgMB4GA1UEAxMXVlBOLUthbnpsZWktS2llbC1zZXJ2ZXIxGTAXBgNVBCkT
EFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Bl
bi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN4JBIQj9hml31Mu
pAKPK7beu4IZ47n29Ati1FGhyb6FZ4Len5evkq2410tpUPZh184DDO5GLau19kSl
on6G262NEjXoScaYRcEQP1COKpP953pNT+NcLmc/i53WESYfAP8TR92Gi+1qKQfP
wvCkTcTcaNuhwUNVE0VfQfPwnArqJinG4/zun3yG9PDIDF9h4bnxvPYCcWwH/hgw
sozcGFDeXpYkBJQU7JpQppACebIayHna+wZ+rah575JoPEZOXra/8fq/2nOLxJWJ
GuFScCBGSIxHAcITVslE4adVFOVBTauP0FATdhnZ8v2LFidY3U8YgwVwwZfUaEHU
K2OJtQsCAwEAAaOCAZgwggGUMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZA
MDQGCWCGSAGG+EIBDQQnFiVFYXN5LVJTQSBHZW5lcmF0ZWQgU2VydmVyIENlcnRp
ZmljYXRlMB0GA1UdDgQWBBSbWPoSl381T1tybcVorbJ2rbnwlTCB6QYDVR0jBIHh
MIHegBROgh4UgeubyHEssSJokL/u2dT/1KGBuqSBtzCBtDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAP5ZrV6+kAU+MBMGA1UdJQQMMAoGCCsG
AQUFBwMBMAsGA1UdDwQEAwIFoDARBgNVHREECjAIggZzZXJ2ZXIwDQYJKoZIhvcN
AQELBQADggEBAMK5snD+5E+bIYUU9EqysDLvD6MVlaT2eIRb1nXiobRXiiNmL3Ja
IalMOLbNQaW0PhHYYh+KoboTVR47fE0iLs9UgeUNPQX9P5z7JMu+YZbs4+nJfNqX
6Lqg/ahHl0OIjLYDgddxSfmbnTNdbyZ5tnrSJ7q1fshijXZ1lnolhiHlj4KKBkdL
WTId3YFNuazvk6Px9GUJENivBBTFHli3bpWruvXoOWXch9IUtOXlryrassBJ4gcd
rbXHSMSBNvFFCbkc7Yed2nDIFmUmRF7z3afrOSqAIw3k2WI6GeBgnCHNjq22WTb4
hk57MumN3uVL/sTH+zXGbXjzJmW+YL40+vA=
-----END CERTIFICATE-----

19
Kanzlei-Kiel/openvpn/keys/server.csr Normal file
View File

@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIDATCCAekCAQAwgbsxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
IFNlcnZpY2VzMSAwHgYDVQQDExdWUE4tS2FuemxlaS1LaWVsLXNlcnZlcjEZMBcG
A1UEKRMQVlBOIEthbnpsZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRt
QG9vcGVuLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3gkEhCP2
GaXfUy6kAo8rtt67ghnjufb0C2LUUaHJvoVngt6fl6+SrbjXS2lQ9mHXzgMM7kYt
q7X2RKWifobbrY0SNehJxphFwRA/UI4qk/3nek1P41wuZz+LndYRJh8A/xNH3YaL
7WopB8/C8KRNxNxo26HBQ1UTRV9B8/CcCuomKcbj/O6ffIb08MgMX2HhufG89gJx
bAf+GDCyjNwYUN5eliQElBTsmlCmkAJ5shrIedr7Bn6tqHnvkmg8Rk5etr/x+r/a
c4vElYka4VJwIEZIjEcBwhNWyUThp1UU5UFNq4/QUBN2Gdny/YsWJ1jdTxiDBXDB
l9RoQdQrY4m1CwIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBADCfcpDZ863ubN9N
htD/JOKgaBo+cAx2fvWwmwpJrKaXGJsbWtoySVSu0d4qEm3gbmJiLKlT6H+Ddowy
r9RbzD9UlMBKX06g8LESO/HFNmtdTTQK2dBa8mAUFrZOoBPY1+tsrOFi+vAwkn2U
bB58HIH9/Cj2Lcx/AqUrdZ1U7+F4JZ4T6LjVlGcFv3aJONIuB2klQaTJQI7LmLNJ
p5OCTE7oTNyx05k4iLPs1Az5I1QHxfRwltI5kXuswNfuR2/EE3V8KXHPU8H8pzzq
YlE5hbvQVnpQ6qVSCxm21F/X0hjIf9Y2ZKM2cJpUtxDm3Z0KX6M4aZko0QGJqpWu
vyuog9s=
-----END CERTIFICATE REQUEST-----

28
Kanzlei-Kiel/openvpn/keys/server.key Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDeCQSEI/YZpd9T
LqQCjyu23ruCGeO59vQLYtRRocm+hWeC3p+Xr5KtuNdLaVD2YdfOAwzuRi2rtfZE
paJ+htutjRI16EnGmEXBED9QjiqT/ed6TU/jXC5nP4ud1hEmHwD/E0fdhovtaikH
z8LwpE3E3GjbocFDVRNFX0Hz8JwK6iYpxuP87p98hvTwyAxfYeG58bz2AnFsB/4Y
MLKM3BhQ3l6WJASUFOyaUKaQAnmyGsh52vsGfq2oee+SaDxGTl62v/H6v9pzi8SV
iRrhUnAgRkiMRwHCE1bJROGnVRTlQU2rj9BQE3YZ2fL9ixYnWN1PGIMFcMGX1GhB
1CtjibULAgMBAAECggEAYRB8IvA9o9S5nnmjRWMlbxpLyoJa5W8qHNgljVI3Ccz0
BWghSIR+kOdfZx4xQKRhXTREMN4JFSnE8RmfwcRewK4NKffUWLc0t0PNCgA8aNn0
mai2peQkfQpwlJ2CfbHME7ZwEk3BWhawvTN8Owr43Himdm1uOWs1s3wDLwsejD4j
0bmQIbXzjYr+5I15rNHUloji2KIZ1t9nqNfh89lv3zVtUKrzwZ9xMAoSfs6YBVAs
ZtH0SUdI5n3BDOwPg55GK5cA6lgS0XRTIca1x8chDwSUeS9zt25dmq/78ND6eU9F
sbHLURpMGoMVXMBaIkIOcD7J+lsFPQ/pIBPEnY9x4QKBgQD0OZ5715O9wm1Ixzv6
Bf+OSoM0l3DE+7llwJdRRHhzEvNmLBl5cZM8OIfPtEeMT47wSPWRy7GB3IJVVceE
b9DjrMbDfoygjzlotNS0qlvWZ7WluUOieyTNWtTQgZT+4Bt9AK7VUpxB7/GO89+Y
DOCafn8F/p5Klp3y7qBjLB5ImQKBgQDovYRxaNWpPeAEaaD17o5446sjZ0OAky4H
lgawXRtlZsJPOuCrFS6eNkH7JWt741Jo/Vp5H61lJXVmR7vJ31aPTkPpuVPUfzK9
eDcXwd2FKwyFduzh8N1xa+LK0YjfFSBkKjaXNYerf3+iCILGXiCLa+LmXXgPUTpn
9Sz8J7p9QwKBgDUXfYuAjt6WsLk8jp5IxYiCTEmXjm1UJ7amCn8hOmoRuZYBijwr
Y42Y4HVXxKIM/Y7g3XmnZVxMuoygjDIPOML14XPIQ/v3hsxrWz43NqXCf+uZ/ckJ
qjN2RoNZWDGcOH2RM3Cud8ehyMqB256rVfxf+W8tLe4bFhUkqPtGMQMpAoGAAy2r
ZF0ZJeGJcKX8o78pRO9fA/HCEzxvUX00BC6RVDYuCyTzsoJsi46UIhjlueBl3Lcx
CBxtosb7LnVmVCBvry9TcBqu0WUXTU0Z+4ITQ2FOH3h7Ta6bZ5QgmcJ4ywsf0R5e
dnwtqSLpnE3fc1QPv7eudpTqMdNbJ9ZKUfs86b8CgYBCSdIW2SRFiBweuOYwmBqj
ihzMpL2ScCP1K0c6VtpHkAk2/5mHlUodvcSthc55Ubj74R0diPIzo4r0ecs6YVZj
MX2zE2S2rD4DHYji8To4JhFB/pzoje35WmFGWsaDJCdWqXjdb0cUS+6SIzT+un+X
lADyyiRCgVkCgdfkDPdgnA==
-----END PRIVATE KEY-----

21
Kanzlei-Kiel/openvpn/keys/ta.key Normal file
View File

@ -0,0 +1,21 @@
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
36188fa3977457d267ecae99373870f5
ef6e44a8899d4f5ccc831e9d2dbc31ac
e171c7e8e49e0d2edd43c3834a2d0099
236aa4924c80971b0a34310eb69b70e2
fbe85a7395cc10bea13ad09efa46d738
f594c332d26c068b289ba96bbb1f661d
efb873b76137057a62b4e27b522cfce6
aef7ea67ec2540b00b4782780352addf
2f7722d1edd40a8f3de3b0295e2da07e
b46d196a4cbfd85e47739dc320af6584
eb960e2c5ba27bf2f56381f8eb3ceaf7
cc72d829ab05aaca6fbb205b78606ff8
cc58bc336adb644adfb0034f9974b7d9
f2b1308249cd74ecb555a550af6af1ad
b15a3f03ecef5f89fa70d2fada97a1b8
6179b0d487a6e3196209d053597a7416
-----END OpenVPN Static key V1-----

317
Kanzlei-Kiel/openvpn/server-gw-ckubu.conf Normal file
View File

@ -0,0 +1,317 @@
#################################################
# Sample OpenVPN 2.0 config file for #
# multi-client server. #
# #
# This file is for the server side #
# of a many-clients <-> one-server #
# OpenVPN configuration. #
# #
# OpenVPN also supports #
# single-machine <-> single-machine #
# configurations (See the Examples page #
# on the web site for more info). #
# #
# This config should work on Windows #
# or Linux/BSD systems. Remember on #
# Windows to quote pathnames and use #
# double backslashes, e.g.: #
# "C:\Program Files\OpenVPN\config\foo.key" #
# #
# Comments are preceded with '#' or ';' #
#################################################
# Which local IP address should OpenVPN
# listen on? (optional)
;local a.b.c.d
# Which TCP/UDP port should OpenVPN listen on?
# If you want to run multiple OpenVPN instances
# on the same machine, use a different port
# number for each one. You will need to
# open up this port on your firewall.
port 1195
# TCP or UDP server?
;proto tcp
proto udp
topology subnet
route 192.168.63.0 255.255.255.0 10.1.100.1
route 192.168.64.0 255.255.255.0 10.1.100.1
# "dev tun" will create a routed IP tunnel,
# "dev tap" will create an ethernet tunnel.
# Use "dev tap" if you are ethernet bridging.
# If you want to control access policies
# over the VPN, you must create firewall
# rules for the the TUN/TAP interface.
# On non-Windows systems, you can give
# an explicit unit number, such as tun0.
# On Windows, use "dev-node" for this.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel if you
# have more than one. On XP SP2 or higher,
# you may need to selectively disable the
# Windows firewall for the TAP adapter.
# Non-Windows systems usually don't need this.
;dev-node MyTap
# SSL/TLS root certificate (ca), certificate
# (cert), and private key (key). Each client
# and the server must have their own cert and
# key file. The server and all clients will
# use the same ca file.
#
# See the "easy-rsa" directory for a series
# of scripts for generating RSA certificates
# and private keys. Remember to use
# a unique Common Name for the server
# and each of the client certificates.
#
# Any X509 key management system can be used.
# OpenVPN can also use a PKCS #12 formatted key file
# (see "pkcs12" directive in man page).
ca keys/ca.crt
cert keys/server.crt
key keys/server.key # This file should be kept secret
# Diffie hellman parameters.
# Generate your own with:
# openssl dhparam -out dh1024.pem 1024
# Substitute 2048 for 1024 if you are using
# 2048 bit keys.
dh keys/dh2048.pem
# Configure server mode and supply a VPN subnet
# for OpenVPN to draw client addresses from.
# The server will take 10.8.0.1 for itself,
# the rest will be made available to clients.
# Each client will be able to reach the server
# on 10.8.0.1. Comment this line out if you are
# ethernet bridging. See the man page for more info.
server 10.1.100.0 255.255.255.0
# Maintain a record of client <-> virtual IP address
# associations in this file. If OpenVPN goes down or
# is restarted, reconnecting clients can be assigned
# the same virtual IP address from the pool that was
# previously assigned.
ifconfig-pool-persist /etc/openvpn/ipp.txt
# Configure server mode for ethernet bridging.
# You must first use your OS's bridging capability
# to bridge the TAP interface with the ethernet
# NIC interface. Then you must manually set the
# IP/netmask on the bridge interface, here we
# assume 10.8.0.4/255.255.255.0. Finally we
# must set aside an IP range in this subnet
# (start=10.8.0.50 end=10.8.0.100) to allocate
# to connecting clients. Leave this line commented
# out unless you are ethernet bridging.
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
# Push routes to the client to allow it
# to reach other private subnets behind
# the server. Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
;push "route 10.8.0.0 255.255.255.0"
push "route 192.168.100.0 255.255.255.0"
# To assign specific IP addresses to specific
# clients or if a connecting client has a private
# subnet behind it that should also have VPN access,
# use the subdirectory "ccd" for client-specific
# configuration files (see man page for more info).
client-config-dir /etc/openvpn/ccd/server-gw-ckubu
# ---
# EXAMPLE: Suppose the client
# having the certificate common name "Thelonious"
# also has a small subnet behind his connecting
# machine, such as 192.168.40.128/255.255.255.248.
# First, uncomment out these lines:
;client-config-dir /etc/openvpn/ccd
;route 192.168.40.128 255.255.255.248
# Then create a file ccd/Thelonious with this line:
# iroute 192.168.40.128 255.255.255.248
# This will allow Thelonious' private subnet to
# access the VPN. This example will only work
# if you are routing, not bridging, i.e. you are
# using "dev tun" and "server" directives.
# ---
# ---
# EXAMPLE: Suppose you want to give
# Thelonious a fixed VPN IP address of 10.9.0.1.
# First uncomment out these lines:
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
# Then add this line to ccd/Thelonious:
# ifconfig-push 10.9.0.1 10.9.0.2
# ---
# ---
# Suppose that you want to enable different
# firewall access policies for different groups
# of clients. There are two methods:
# (1) Run multiple OpenVPN daemons, one for each
# group, and firewall the TUN/TAP interface
# for each group/daemon appropriately.
# (2) (Advanced) Create a script to dynamically
# modify the firewall in response to access
# from different clients. See man
# page for more info on learn-address script.
;learn-address ./script
# ---
# If enabled, this directive will configure
# all clients to redirect their default
# network gateway through the VPN, causing
# all IP traffic such as web browsing and
# and DNS lookups to go through the VPN
# (The OpenVPN server machine may need to NAT
# the TUN/TAP interface to the internet in
# order for this to work properly).
# CAVEAT: May break client's network config if
# client's local DHCP server packets get routed
# through the tunnel. Solution: make sure
# client's local DHCP server is reachable via
# a more specific route than the default route
# of 0.0.0.0/0.0.0.0.
;push "redirect-gateway"
# Certain Windows-specific network settings
# can be pushed to clients, such as DNS
# or WINS server addresses. CAVEAT:
# http://openvpn.net/faq.html#dhcpcaveats
;push "dhcp-option WINS 10.8.0.1"
# - Do NOT push DNS settings in THIS configuration. We use
# - this VPN tunnel as a static line, and the remote host
# - should user his own dns settings.
# -
;push "dhcp-option DNS 192.168.100.1"
;push "dhcp-option DOMAIN kanzlei-kiel.netz"
# Uncomment this directive to allow different
# clients to be able to "see" each other.
# By default, clients will only see the server.
# To force clients to only see the server, you
# will also need to appropriately firewall the
# server's TUN/TAP interface.
client-to-client
# Uncomment this directive if multiple clients
# might connect with the same certificate/key
# files or common names. This is recommended
# only for testing purposes. For production use,
# each client should have its own certificate/key
# pair.
#
# IF YOU HAVE NOT GENERATED INDIVIDUAL
# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
# UNCOMMENT THIS LINE OUT.
;duplicate-cn
# The keepalive directive causes ping-like
# messages to be sent back and forth over
# the link so that each side knows when
# the other side has gone down.
# Ping every 10 seconds, assume that remote
# peer is down if no ping received during
# a 120 second time period.
keepalive 10 120
# For extra security beyond that provided
# by SSL/TLS, create an "HMAC firewall"
# to help block DoS attacks and UDP port flooding.
#
# Generate with:
# openvpn --genkey --secret ta.key
#
# The server and each client must have
# a copy of this key.
# The second parameter should be '0'
# on the server and '1' on the clients.
;tls-auth ta.key 0 # This file is secret
tls-auth keys/ta.key 0
# Select a cryptographic cipher.
# This config item must be copied to
# the client config file as well.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
cipher AES-256-CBC
# Enable compression on the VPN link.
# If you enable it here, you must also
# enable it in the client config file.
comp-lzo
# The maximum number of concurrently connected
# clients we want to allow.
;max-clients 100
# It's a good idea to reduce the OpenVPN
# daemon's privileges after initialization.
#
# You can uncomment this out on
# non-Windows systems.
user nobody
group nogroup
# The persist options will try to avoid
# accessing certain resources on restart
# that may no longer be accessible because
# of the privilege downgrade.
persist-key
persist-tun
persist-local-ip
persist-remote-ip
# Output a short status file showing
# current connections, truncated
# and rewritten every minute.
status /var/log/openvpn/status-server-gw-ckubu.log
# By default, log messages will go to the syslog (or
# on Windows, if running as a service, they will go to
# the "\Program Files\OpenVPN\log" directory).
# Use log or log-append to override this default.
# "log" will truncate the log file on OpenVPN startup,
# while "log-append" will append to it. Use one
# or the other (but not both).
log /var/log/openvpn/server-gw-ckubu.log
;log-append openvpn.log
# Set the appropriate level of log
# file verbosity.
#
# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 4
# Silence repeating messages. At most 20
# sequential messages of the same message
# category will be output to the log.
;mute 20
#crl-verify /etc/openvpn/keys/crl.pem
crl-verify /etc/openvpn/crl.pem

312
Kanzlei-Kiel/openvpn/server-home.conf Normal file
View File

@ -0,0 +1,312 @@
#################################################
# Sample OpenVPN 2.0 config file for #
# multi-client server. #
# #
# This file is for the server side #
# of a many-clients <-> one-server #
# OpenVPN configuration. #
# #
# OpenVPN also supports #
# single-machine <-> single-machine #
# configurations (See the Examples page #
# on the web site for more info). #
# #
# This config should work on Windows #
# or Linux/BSD systems. Remember on #
# Windows to quote pathnames and use #
# double backslashes, e.g.: #
# "C:\Program Files\OpenVPN\config\foo.key" #
# #
# Comments are preceded with '#' or ';' #
#################################################
# Which local IP address should OpenVPN
# listen on? (optional)
;local a.b.c.d
# Which TCP/UDP port should OpenVPN listen on?
# If you want to run multiple OpenVPN instances
# on the same machine, use a different port
# number for each one. You will need to
# open up this port on your firewall.
port 1194
# TCP or UDP server?
;proto tcp
proto udp
topology subnet
#route 192.168.63.0 255.255.255.0 10.1.72.1
#route 192.168.64.0 255.255.255.0 10.1.72.1
# "dev tun" will create a routed IP tunnel,
# "dev tap" will create an ethernet tunnel.
# Use "dev tap" if you are ethernet bridging.
# If you want to control access policies
# over the VPN, you must create firewall
# rules for the the TUN/TAP interface.
# On non-Windows systems, you can give
# an explicit unit number, such as tun0.
# On Windows, use "dev-node" for this.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel if you
# have more than one. On XP SP2 or higher,
# you may need to selectively disable the
# Windows firewall for the TAP adapter.
# Non-Windows systems usually don't need this.
;dev-node MyTap
# SSL/TLS root certificate (ca), certificate
# (cert), and private key (key). Each client
# and the server must have their own cert and
# key file. The server and all clients will
# use the same ca file.
#
# See the "easy-rsa" directory for a series
# of scripts for generating RSA certificates
# and private keys. Remember to use
# a unique Common Name for the server
# and each of the client certificates.
#
# Any X509 key management system can be used.
# OpenVPN can also use a PKCS #12 formatted key file
# (see "pkcs12" directive in man page).
ca keys/ca.crt
cert keys/server.crt
key keys/server.key # This file should be kept secret
# Diffie hellman parameters.
# Generate your own with:
# openssl dhparam -out dh1024.pem 1024
# Substitute 2048 for 1024 if you are using
# 2048 bit keys.
dh keys/dh2048.pem
# Configure server mode and supply a VPN subnet
# for OpenVPN to draw client addresses from.
# The server will take 10.8.0.1 for itself,
# the rest will be made available to clients.
# Each client will be able to reach the server
# on 10.8.0.1. Comment this line out if you are
# ethernet bridging. See the man page for more info.
server 10.0.100.0 255.255.255.0
# Maintain a record of client <-> virtual IP address
# associations in this file. If OpenVPN goes down or
# is restarted, reconnecting clients can be assigned
# the same virtual IP address from the pool that was
# previously assigned.
ifconfig-pool-persist /etc/openvpn/ipp.txt
# Configure server mode for ethernet bridging.
# You must first use your OS's bridging capability
# to bridge the TAP interface with the ethernet
# NIC interface. Then you must manually set the
# IP/netmask on the bridge interface, here we
# assume 10.8.0.4/255.255.255.0. Finally we
# must set aside an IP range in this subnet
# (start=10.8.0.50 end=10.8.0.100) to allocate
# to connecting clients. Leave this line commented
# out unless you are ethernet bridging.
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
# Push routes to the client to allow it
# to reach other private subnets behind
# the server. Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
;push "route 10.8.0.0 255.255.255.0"
push "route 192.168.100.0 255.255.255.0"
# To assign specific IP addresses to specific
# clients or if a connecting client has a private
# subnet behind it that should also have VPN access,
# use the subdirectory "ccd" for client-specific
# configuration files (see man page for more info).
client-config-dir /etc/openvpn/ccd/server-home
# ---
# EXAMPLE: Suppose the client
# having the certificate common name "Thelonious"
# also has a small subnet behind his connecting
# machine, such as 192.168.40.128/255.255.255.248.
# First, uncomment out these lines:
;client-config-dir /etc/openvpn/ccd
;route 192.168.40.128 255.255.255.248
# Then create a file ccd/Thelonious with this line:
# iroute 192.168.40.128 255.255.255.248
# This will allow Thelonious' private subnet to
# access the VPN. This example will only work
# if you are routing, not bridging, i.e. you are
# using "dev tun" and "server" directives.
# ---
# ---
# EXAMPLE: Suppose you want to give
# Thelonious a fixed VPN IP address of 10.9.0.1.
# First uncomment out these lines:
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
# Then add this line to ccd/Thelonious:
# ifconfig-push 10.9.0.1 10.9.0.2
# ---
# ---
# Suppose that you want to enable different
# firewall access policies for different groups
# of clients. There are two methods:
# (1) Run multiple OpenVPN daemons, one for each
# group, and firewall the TUN/TAP interface
# for each group/daemon appropriately.
# (2) (Advanced) Create a script to dynamically
# modify the firewall in response to access
# from different clients. See man
# page for more info on learn-address script.
;learn-address ./script
# ---
# If enabled, this directive will configure
# all clients to redirect their default
# network gateway through the VPN, causing
# all IP traffic such as web browsing and
# and DNS lookups to go through the VPN
# (The OpenVPN server machine may need to NAT
# the TUN/TAP interface to the internet in
# order for this to work properly).
# CAVEAT: May break client's network config if
# client's local DHCP server packets get routed
# through the tunnel. Solution: make sure
# client's local DHCP server is reachable via
# a more specific route than the default route
# of 0.0.0.0/0.0.0.0.
;push "redirect-gateway"
# Certain Windows-specific network settings
# can be pushed to clients, such as DNS
# or WINS server addresses. CAVEAT:
# http://openvpn.net/faq.html#dhcpcaveats
;push "dhcp-option WINS 10.8.0.1"
push "dhcp-option DNS 192.168.100.1"
push "dhcp-option DOMAIN kanzlei-kiel.netz"
# Uncomment this directive to allow different
# clients to be able to "see" each other.
# By default, clients will only see the server.
# To force clients to only see the server, you
# will also need to appropriately firewall the
# server's TUN/TAP interface.
client-to-client
# Uncomment this directive if multiple clients
# might connect with the same certificate/key
# files or common names. This is recommended
# only for testing purposes. For production use,
# each client should have its own certificate/key
# pair.
#
# IF YOU HAVE NOT GENERATED INDIVIDUAL
# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
# UNCOMMENT THIS LINE OUT.
;duplicate-cn
# The keepalive directive causes ping-like
# messages to be sent back and forth over
# the link so that each side knows when
# the other side has gone down.
# Ping every 10 seconds, assume that remote
# peer is down if no ping received during
# a 120 second time period.
keepalive 10 120
# For extra security beyond that provided
# by SSL/TLS, create an "HMAC firewall"
# to help block DoS attacks and UDP port flooding.
#
# Generate with:
# openvpn --genkey --secret ta.key
#
# The server and each client must have
# a copy of this key.
# The second parameter should be '0'
# on the server and '1' on the clients.
;tls-auth ta.key 0 # This file is secret
tls-auth keys/ta.key 0
# Select a cryptographic cipher.
# This config item must be copied to
# the client config file as well.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
cipher AES-256-CBC
# Enable compression on the VPN link.
# If you enable it here, you must also
# enable it in the client config file.
comp-lzo
# The maximum number of concurrently connected
# clients we want to allow.
;max-clients 100
# It's a good idea to reduce the OpenVPN
# daemon's privileges after initialization.
#
# You can uncomment this out on
# non-Windows systems.
user nobody
group nogroup
# The persist options will try to avoid
# accessing certain resources on restart
# that may no longer be accessible because
# of the privilege downgrade.
persist-key
persist-tun
persist-local-ip
persist-remote-ip
# Output a short status file showing
# current connections, truncated
# and rewritten every minute.
status /var/log/openvpn/status-server-home.log
# By default, log messages will go to the syslog (or
# on Windows, if running as a service, they will go to
# the "\Program Files\OpenVPN\log" directory).
# Use log or log-append to override this default.
# "log" will truncate the log file on OpenVPN startup,
# while "log-append" will append to it. Use one
# or the other (but not both).
log /var/log/openvpn/server-home.log
;log-append openvpn.log
# Set the appropriate level of log
# file verbosity.
#
# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 4
# Silence repeating messages. At most 20
# sequential messages of the same message
# category will be output to the log.
;mute 20
#crl-verify /etc/openvpn/keys/crl.pem
crl-verify /etc/openvpn/crl.pem