diff options
Diffstat (limited to 'selftest/manage-ca/CA-samba.example.com/DCs')
27 files changed, 1733 insertions, 0 deletions
diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-cert.cer b/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-cert.cer Binary files differnew file mode 100644 index 0000000..15001a3 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-cert.cer diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-cert.pem b/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-cert.pem new file mode 100644 index 0000000..2e2a8b9 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-cert.pem @@ -0,0 +1,191 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=SambaState, L=SambaCity, O=SambaSelfTesting, OU=CA Administration, CN=CA of samba.example.com/emailAddress=ca-samba.example.com@samba.example.com + Validity + Not Before: Mar 16 23:29:25 2016 GMT + Not After : Mar 11 23:29:25 2036 GMT + Subject: C=US, ST=SambaState, O=SambaSelfTesting, OU=Domain Controllers, CN=addc.addom.samba.example.com/emailAddress=ca-samba.example.com@samba.example.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:a6:c4:a9:bf:75:ea:4c:8d:3b:fd:8a:0f:b0:a2: + b6:c7:a8:1f:e4:0e:3e:41:ef:d6:10:48:77:7b:4e: + 4c:59:e1:bf:6d:c7:18:7b:a8:01:a7:d5:d2:2c:21: + 3e:d0:1a:da:58:03:e8:42:f1:53:0e:a7:91:b9:2c: + b9:e7:7a:c9:de:5e:ed:4c:93:6b:cc:dd:17:d0:c7: + d1:f1:7c:3d:0d:6f:df:5d:53:5a:b1:1f:a3:7b:5b: + 41:65:0c:7c:ea:53:df:bb:da:41:15:da:49:e3:b9: + 2d:bb:b5:af:ef:8c:b8:84:74:d0:18:16:8e:5c:e4: + c2:e7:a1:87:8f:e3:87:8b:0b:bb:90:30:e8:e0:f3: + eb:c0:50:5f:b5:7f:54:9a:1b:34:43:fd:be:5a:80: + 6e:0f:63:a2:b3:79:42:4a:85:c8:07:c7:82:55:23: + 88:d4:4e:03:2f:f1:95:bd:ed:15:2d:3e:16:cd:ff: + c7:9b:03:29:36:a6:5d:c9:1a:1e:89:a5:ba:66:83: + 0f:96:a8:07:9f:24:b9:1b:8f:02:9a:b8:50:29:8b: + be:63:45:fa:45:c3:38:23:a0:98:3a:b4:6b:42:99: + 13:36:4b:84:ef:27:89:39:34:79:f8:67:16:7b:9c: + 2a:03:41:15:63:46:e4:db:2f:f2:3e:6d:fe:7c:20: + 1e:9f:02:48:a4:bc:15:42:a6:f8:38:86:dc:6b:7c: + 4e:67:a3:31:81:8e:b6:30:1a:eb:3d:08:25:19:5f: + 42:dc:39:ec:79:1d:30:0a:fb:16:8f:3d:19:14:cc: + f5:af:d7:c6:75:cf:b3:96:a2:b2:9b:d9:03:01:a3: + ca:88:1d:72:ed:6f:d1:bf:57:56:8e:b9:07:9b:b9: + 04:13:1e:0b:5a:06:6b:2b:43:a2:dc:d5:b7:f4:ba: + d3:ae:9d:ad:fd:d3:8a:7c:2f:87:32:fa:89:88:58: + 00:ae:16:2b:9c:1d:58:82:4d:e5:21:da:d5:6c:f7: + a8:40:8b:c7:02:d5:36:30:ef:3f:09:9b:a6:d2:31: + a3:bf:20:d4:a2:9e:26:c4:b4:c3:0f:0b:6c:00:d1: + 2c:16:b1:2a:eb:06:d9:d5:98:c3:cd:cb:20:68:ad: + 0a:2c:a1:2f:27:41:5c:91:de:49:62:ed:d8:3a:ef: + 68:1c:6d:fe:94:c3:28:68:32:60:08:65:cd:02:9f: + 97:96:2f:0f:87:27:3d:b9:0f:85:62:e8:2b:9a:b4: + f4:d3:d7:c1:93:96:27:23:29:88:b1:39:99:53:3a: + 20:aa:88:44:3b:4a:24:2a:8b:e0:b4:8d:dd:66:30: + df:a6:6e:b7:fc:21:43:16:9e:3e:12:20:c8:7a:30: + c1:3d:ab + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 CRL Distribution Points: + + Full Name: + URI:http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + + Netscape Cert Type: + SSL Server + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + Netscape Comment: + Domain Controller Certificate addc.addom.samba.example.com + X509v3 Subject Key Identifier: + 3D:BC:70:0C:74:D4:B8:85:49:1D:08:84:C4:1B:27:F2:AF:72:37:D3 + X509v3 Authority Key Identifier: + keyid:A2:3E:02:2A:A3:A7:4D:39:B4:08:4D:99:CC:0C:75:36:EA:27:C3:3E + + X509v3 Subject Alternative Name: + DNS:addc.addom.samba.example.com, othername:<unsupported> + X509v3 Issuer Alternative Name: + email:ca-samba.example.com@samba.example.com + Netscape CA Revocation Url: + http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + X509v3 Extended Key Usage: + TLS Web Client Authentication, TLS Web Server Authentication, msKDC + Signature Algorithm: sha256WithRSAEncryption + 9e:8b:bb:0a:7a:dc:c0:94:33:bc:18:a5:e6:4a:1f:ff:8e:21: + b1:8f:33:f0:3e:8b:6c:72:55:c4:47:71:5f:ce:e7:31:ef:5b: + 62:04:b7:57:8f:a8:27:9f:ed:69:d2:ec:a8:0d:e2:76:33:8d: + 41:3a:67:61:5c:53:60:c7:53:ed:d7:99:72:29:1d:ae:d3:ee: + c9:76:1c:6d:18:47:e9:94:dd:2e:97:3f:99:af:b5:f4:a1:7c: + 92:f6:4d:b5:c1:7a:0c:38:ba:d1:b6:19:9a:9f:e2:02:84:d4: + 54:01:38:7b:55:86:4a:ee:3d:85:48:01:da:34:09:69:43:25: + 7e:6e:06:73:e0:b9:7c:b5:9c:4e:9c:b5:52:85:32:62:62:25: + 39:fa:02:4b:51:2e:df:8e:52:17:02:50:f4:99:29:bf:7e:97: + 53:91:12:85:9a:69:62:45:59:c4:5b:3f:af:18:e6:7b:e4:86: + 5d:f1:9e:5a:2b:3e:14:6e:7e:d4:47:24:ef:d9:a8:ec:d9:a6: + cb:b8:4f:1a:86:d9:43:20:41:16:15:5f:81:0d:fe:6b:31:53: + c1:f6:84:4c:f3:03:64:d2:e6:44:3d:7a:60:79:d7:37:6f:33: + de:c0:a8:b9:6e:fe:b2:79:ac:b4:53:92:b8:0a:59:2b:cc:6b: + 37:c4:6f:c6:44:02:f7:7c:c5:c6:a6:6f:c2:ad:de:78:1e:48: + 96:cc:fe:59:2e:53:ce:34:d6:e8:f0:56:43:30:32:90:6f:f9: + 47:76:ab:99:63:e3:e8:a3:f3:83:98:e9:05:2b:ea:f9:f9:9d: + 66:70:c7:2c:00:c2:9e:57:3e:31:43:50:50:c8:db:a8:2d:21: + 4e:6f:39:c2:bd:ef:d8:47:99:27:0d:48:b2:58:f1:be:45:bd: + fe:c4:a2:56:fc:06:02:dc:19:33:85:53:ed:38:59:01:16:bc: + aa:c5:d3:4b:37:54:83:1b:e5:c1:4b:dd:34:6b:e5:d8:35:86: + 95:e6:9f:d2:22:84:b1:e2:4f:a7:2e:4d:e6:9c:eb:db:df:42: + e1:b4:66:e6:58:d3:28:10:34:97:f3:9c:6b:5f:05:2c:47:2c: + e3:75:eb:6f:74:0a:ec:d7:1d:30:80:56:44:12:26:f6:4e:5f: + ff:92:f4:62:02:36:9c:62:eb:39:98:53:68:68:95:fb:94:68: + 69:b8:3c:66:1a:ce:78:c4:cf:c4:6f:21:ac:a8:a6:f4:ab:69: + 2a:2e:00:5d:f7:67:06:b1:4f:97:58:88:55:d8:6e:eb:a5:98: + 50:36:21:70:3d:b0:a4:f5:3b:21:b3:1c:f5:a9:dd:c6:4a:c2: + 89:b8:5a:b3:bc:1f:21:ce:4c:68:5f:98:d8:39:70:d2:7e:a0: + 90:df:ad:a3:13:eb:3c:93:f6:b8:f4:d9:a7:51:b3:0d:ea:ee: + d4:57:aa:db:ca:7c:8a:a0:08:c3:98:9a:3a:b7:ba:2a:50:92: + 26:c2:e3:11:ba:12:60:24:b9:59:df:62:a8:d7:4d:a3:cb:ea: + 46:e8:39:f9:83:14:a8:5c:44:75:71:6b:7f:99:bd:68:58:d9: + 6b:d1:cd:c7:45:95:9e:44:1e:85:35:c0:30:2b:18:aa:eb:2f: + 93:d5:be:66:5d:70:ed:1d:04:f2:c1:1e:b5:ec:45:0c:04:f6: + 9d:88:d3:0c:20:5e:5b:23:df:34:a1:f5:ea:b4:a1:44:c0:da: + d5:ea:89:e8:b5:cb:dc:f8:92:ee:ac:8d:61:ed:bf:74:2b:28: + 79:1f:f4:9a:ff:63:bd:e6:aa:79:1d:2c:26:4a:b2:26:53:57: + ba:88:0e:eb:19:57:c0:10:a0:1e:81:2a:c0:56:2e:c3:2a:81: + bf:c1:5a:e7:48:ce:c1:6a:b9:6c:41:cc:44:a6:b8:70:e2:57: + 0e:6d:41:d6:61:da:bf:ac:20:2c:a7:2a:67:23:98:00:ba:ce: + 8b:a8:c2:45:66:a7:08:eb:7f:0a:b5:e7:9b:d6:f4:07:d5:b3: + 43:cd:27:d4:fa:c9:40:8f:af:b2:36:1c:e7:44:b4:4e:cc:5a: + 2b:73:ad:8f:c4:d9:47:a6:fb:2c:7d:1a:80:2a:55:b3:80:34: + 6f:8e:17:27:93:05:21:40:e9:8f:bf:47:6a:52:f5:2e:b5:18: + d1:8c:1d:83:04:80:55:fd:21:28:dc:7c:be:c8:c1:5f:e4:40: + d3:13:e4:66:bf:ad:92:4e:9b:db:c1:be:a3:42:74:da:c3:2c: + 0a:da:3f:94:14:ad:7e:de:81:c6:01:6a:f7:7a:b4:25:51:b0: + ab:cd:b3:3a:77:bf:c3:6b:04:44:30:73:41:ad:93:49:67:ee: + 43:d1:96:8e:36:83:2b:1b:6c:e7:cc:3e:d6:16:b9:88:4a:ab: + 56:c0:76:00:f6:9a:6a:8a:e3:e0:41:75:9d:3b:47:0f:c9:0a: + 8e:9f:9c:00:92:bb:ae:d8:42:56:35:64:eb:59:13:da:2c:63: + 83:c3:ec:68:91:b5:f3:71:85:48:54:c3:9d:a1:c8:63:f3:de: + 5d:a5:34:a9:1e:85:2c:2c:b5:d8:a9:62:8d:26:1f:b2:9e:a7: + 83:4d:df:69:63:b5:b7:e5:dd:e7:3b:18:e5:b3:77:df:c5:47: + b3:f7:8c:e7:5e:87:2e:46:e3:8f:b1:2b:9b:c6:26:2d:1a:28: + 30:13:10:86:5b:46:87:b1:2d:12:ce:b6:fe:1c:4e:44 +-----BEGIN CERTIFICATE----- +MIIJ9DCCBdygAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBxjELMAkGA1UEBhMCVVMx +EzARBgNVBAgMClNhbWJhU3RhdGUxEjAQBgNVBAcMCVNhbWJhQ2l0eTEZMBcGA1UE +CgwQU2FtYmFTZWxmVGVzdGluZzEaMBgGA1UECwwRQ0EgQWRtaW5pc3RyYXRpb24x +IDAeBgNVBAMMF0NBIG9mIHNhbWJhLmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkB +FiZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTAeFw0xNjAz +MTYyMzI5MjVaFw0zNjAzMTEyMzI5MjVaMIG4MQswCQYDVQQGEwJVUzETMBEGA1UE +CAwKU2FtYmFTdGF0ZTEZMBcGA1UECgwQU2FtYmFTZWxmVGVzdGluZzEbMBkGA1UE +CwwSRG9tYWluIENvbnRyb2xsZXJzMSUwIwYDVQQDDBxhZGRjLmFkZG9tLnNhbWJh +LmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkBFiZjYS1zYW1iYS5leGFtcGxlLmNv +bUBzYW1iYS5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBAKbEqb916kyNO/2KD7CitseoH+QOPkHv1hBId3tOTFnhv23HGHuoAafV0iwh +PtAa2lgD6ELxUw6nkbksued6yd5e7UyTa8zdF9DH0fF8PQ1v311TWrEfo3tbQWUM +fOpT37vaQRXaSeO5Lbu1r++MuIR00BgWjlzkwuehh4/jh4sLu5Aw6ODz68BQX7V/ +VJobNEP9vlqAbg9jorN5QkqFyAfHglUjiNROAy/xlb3tFS0+Fs3/x5sDKTamXcka +HomlumaDD5aoB58kuRuPApq4UCmLvmNF+kXDOCOgmDq0a0KZEzZLhO8niTk0efhn +FnucKgNBFWNG5Nsv8j5t/nwgHp8CSKS8FUKm+DiG3Gt8TmejMYGOtjAa6z0IJRlf +Qtw57HkdMAr7Fo89GRTM9a/XxnXPs5aispvZAwGjyogdcu1v0b9XVo65B5u5BBMe +C1oGaytDotzVt/S6066drf3TinwvhzL6iYhYAK4WK5wdWIJN5SHa1Wz3qECLxwLV +NjDvPwmbptIxo78g1KKeJsS0ww8LbADRLBaxKusG2dWYw83LIGitCiyhLydBXJHe +SWLt2DrvaBxt/pTDKGgyYAhlzQKfl5YvD4cnPbkPhWLoK5q09NPXwZOWJyMpiLE5 +mVM6IKqIRDtKJCqL4LSN3WYw36Zut/whQxaePhIgyHowwT2rAgMBAAGjggH3MIIB +8zAJBgNVHRMEAjAAME8GA1UdHwRIMEYwRKBCoECGPmh0dHA6Ly93d3cuc2FtYmEu +ZXhhbXBsZS5jb20vY3Jscy9DQS1zYW1iYS5leGFtcGxlLmNvbS1jcmwuY3JsMBEG +CWCGSAGG+EIBAQQEAwIGQDALBgNVHQ8EBAMCBeAwSQYJYIZIAYb4QgENBDwWOkRv +bWFpbiBDb250cm9sbGVyIENlcnRpZmljYXRlIGFkZGMuYWRkb20uc2FtYmEuZXhh +bXBsZS5jb20wHQYDVR0OBBYEFD28cAx01LiFSR0IhMQbJ/KvcjfTMB8GA1UdIwQY +MBaAFKI+Aiqjp005tAhNmcwMdTbqJ8M+MEAGA1UdEQQ5MDeCHGFkZGMuYWRkb20u +c2FtYmEuZXhhbXBsZS5jb22gFwYJKwYBBAGCNxkBoAoECAEjRWeJq83vMDEGA1Ud +EgQqMCiBJmNhLXNhbWJhLmV4YW1wbGUuY29tQHNhbWJhLmV4YW1wbGUuY29tME0G +CWCGSAGG+EIBBARAFj5odHRwOi8vd3d3LnNhbWJhLmV4YW1wbGUuY29tL2NybHMv +Q0Etc2FtYmEuZXhhbXBsZS5jb20tY3JsLmNybDAmBgNVHSUEHzAdBggrBgEFBQcD +AgYIKwYBBQUHAwEGBysGAQUCAwUwDQYJKoZIhvcNAQELBQADggQBAJ6Luwp63MCU +M7wYpeZKH/+OIbGPM/A+i2xyVcRHcV/O5zHvW2IEt1ePqCef7WnS7KgN4nYzjUE6 +Z2FcU2DHU+3XmXIpHa7T7sl2HG0YR+mU3S6XP5mvtfShfJL2TbXBegw4utG2GZqf +4gKE1FQBOHtVhkruPYVIAdo0CWlDJX5uBnPguXy1nE6ctVKFMmJiJTn6AktRLt+O +UhcCUPSZKb9+l1OREoWaaWJFWcRbP68Y5nvkhl3xnlorPhRuftRHJO/ZqOzZpsu4 +TxqG2UMgQRYVX4EN/msxU8H2hEzzA2TS5kQ9emB51zdvM97AqLlu/rJ5rLRTkrgK +WSvMazfEb8ZEAvd8xcamb8Kt3ngeSJbM/lkuU8401ujwVkMwMpBv+Ud2q5lj4+ij +84OY6QUr6vn5nWZwxywAwp5XPjFDUFDI26gtIU5vOcK979hHmScNSLJY8b5Fvf7E +olb8BgLcGTOFU+04WQEWvKrF00s3VIMb5cFL3TRr5dg1hpXmn9IihLHiT6cuTeac +69vfQuG0ZuZY0ygQNJfznGtfBSxHLON16290CuzXHTCAVkQSJvZOX/+S9GICNpxi +6zmYU2holfuUaGm4PGYaznjEz8RvIayopvSraSouAF33ZwaxT5dYiFXYbuulmFA2 +IXA9sKT1OyGzHPWp3cZKwom4WrO8HyHOTGhfmNg5cNJ+oJDfraMT6zyT9rj02adR +sw3q7tRXqtvKfIqgCMOYmjq3uipQkibC4xG6EmAkuVnfYqjXTaPL6kboOfmDFKhc +RHVxa3+ZvWhY2WvRzcdFlZ5EHoU1wDArGKrrL5PVvmZdcO0dBPLBHrXsRQwE9p2I +0wwgXlsj3zSh9eq0oUTA2tXqiei1y9z4ku6sjWHtv3QrKHkf9Jr/Y73mqnkdLCZK +siZTV7qIDusZV8AQoB6BKsBWLsMqgb/BWudIzsFquWxBzESmuHDiVw5tQdZh2r+s +ICynKmcjmAC6zouowkVmpwjrfwq155vW9AfVs0PNJ9T6yUCPr7I2HOdEtE7MWitz +rY/E2Uem+yx9GoAqVbOANG+OFyeTBSFA6Y+/R2pS9S61GNGMHYMEgFX9ISjcfL7I +wV/kQNMT5Ga/rZJOm9vBvqNCdNrDLAraP5QUrX7egcYBavd6tCVRsKvNszp3v8Nr +BEQwc0Gtk0ln7kPRlo42gysbbOfMPtYWuYhKq1bAdgD2mmqK4+BBdZ07Rw/JCo6f +nACSu67YQlY1ZOtZE9osY4PD7GiRtfNxhUhUw52hyGPz3l2lNKkehSwstdipYo0m +H7Kep4NN32ljtbfl3ec7GOWzd9/FR7P3jOdehy5G44+xK5vGJi0aKDATEIZbRoex +LRLOtv4cTkQ= +-----END CERTIFICATE----- diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-key.pem b/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-key.pem new file mode 100644 index 0000000..6f11ced --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-key.pem @@ -0,0 +1,54 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIJjjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIpUlK4cdzu/UCAggA +MBQGCCqGSIb3DQMHBAju3WkqK++BQgSCCUit3hNjGErKHafSn7CLnhKlNTzvtaAv +PwTStReWMNULMJ6Z1Rhm0jO8x5BBStEHy3A4h1GmWNSyIzOhZqGi3K2SqpBa9+TP +SSYzeNKCsv/06QeQ3GTJJF2GTKLw8I2tZOJnNy5wYprGDuz92AAncj645C8xBYb/ +RgN1YyHh3B2tkPlOVZZU8z8hH9iaDwKiXfY0+EgVDSCj1pHWKEzGzhx4UtyKhCc5 +1J4fyPA+8SzJ0tRAohLHdrm9KIn/tawbbS6Ce8iwLBad6A4k73WgYW4ZawMA+n1X +OIhyCR/dfIlPRPcojyN4c2O5uPmGCDErt6awUY7LyctZPRAUBbk83i69HbRvK/kq +JuyhTIWUbhVpvt6HZxCC0cFBy7tlSeOL3LXlu1JoWAEqCVm8vHQPs3WTwTTrShHP +kauortTdLstddxqPwWKmUcSLcviK+IfD54y3fJGYMr5goLdXCGfb7XZQoXANIYKP +di/jXOn6PTjKdC7/J8G0UZmRmjEvxp5CBPiNqr07YJUfu7IN4KxEKRf/aDyJ1npw +JEaMFiBvFx0Vr5nm7trQ43TdkuHbn7MY6nkPMbzC8a8KcKFGbnU/n6TIyeGYo2o5 +2ICW3QmXjzhrWiDzU+cEbSEs77UAQJNrSxRVuKKuwLEnuy6/pRhlxex6Hp6nNCOd +dTZKDeqHsntRa6zTuOleh+XOMHeSuHjhJdThxEszHPFsYzH/EtE8TaKiBQE9kecy +M+nbxfMqRTYitsl8wTPiuoTgrzDjUJcAAsS/jDNYUA63NCG2BT9Gq9qY48DwfWGM +YPMYj6CfRwsyAPSeC7hV31olnGAp15kBhM2TpxE6KqUnGuxL0ET9LJsHjaRsP+r1 +KMjNmibQSy948LIvHhEtdfg5/Jn5jv6JHmmSBktma4C+MUfQKBinzy6MM1IAaZlZ +hUdL14VnERFh9OGLjZGBOBlk/9FU2Yf4lfAtLgT95GezlYQIOqpG/Pkm04wH71+W +bfW+53gBQqcaSexM5QFsqRspq7yyLX0mElG6z5gOmEJN3rV+DZ2d+84dxKQ5rX++ ++mLYlfQKe1K/1F8HVXH/1ZMeAkzvxk1Odlm6fhwcTHciX3CSESAtJeLSD3PNgSE1 +f0Lep/CteZecOnM63T454jC4V49qXYgQBD32WuOHIbFhHd/lQ5Zj+3T5LgKlE5H3 +5oTUU/+DFgqFrwHlM5f1Ha9G8rjuHucjHyQ7ix7jNjEIoG82It8ESisIOoOwb3bc +Jjkfj3v7f5Axi0wyD94KLFntBCI64uhyTk+JuvagA2KnLQ5uWEFRgqhMXRNg3kbI +STOAopjoB2bnIvQZxQ8hxOT67EjKd7iJJXh2zfBAQ7dvnVKznvdSamTcB/Uh3IQR +RjOZE3ej3lEb4XCM2NCyqZvFgoU+Og4yg+4yainCE+6Jt1jYNvms2iabxC+ZQZ3t +/vCgVDvnULX5FJvphGK/Idua5FFIeSNLOoK9qjfrBNL9kdFVMWCyMyK0cIdsZFRp +2at32a9n8OU1rRYgFn8kaWK4JQqKelm1qVCixcHLUtI/cyp+t7vvjOGRnDrbfoK0 +ae+pt0De0aBsOMKmUetn3CXFXIyQa/FJ3W8X7yl82ctS3ZZmWcND0Lqhoa1JADdj +vbxxGzh1rJPsuPePwIXAVqtbVJD84i+dP0+i1oR/e5jNgRKj0tJcfZnnsvmSIldY +FvxDpIX2h/tDrTKfwQzFHBBuPA00ZuGfftGc4LD7SOVjVb6CF2GMX/0+zmKlPf56 +FvxvGl+GwLPz/BaSGlT/4DApF0HJEZ1AeSvzHGhdgWecbk4s/lMAnv17vH2YWql1 +uJ54FgDAT0ufzAb0aHAl3YO8pYDOOXGqHaqWRMJvtuh15FB52HYvt+Ojo2mzPu4j +lvUcOBRMzgPl8zcs0L/WgE0SggC6DpXGU+rK1/J91qlNRBJ664R6j0iyskPvdzYN +aJ8ZZSJ+yQPralfSD/Sd+RcRviP2draINoyVbFHSH2zvvhcZc0ETL24tNI/tSXpR +Cw86CajiN7T691pC3eZyQLSQJnMSY/0F0i12KU3J+1kq6eeMSoPc5EKItfH5wxjw +RPnJAU84HGIQEAhEn6Ht1XaZcMfo9xyr9WMpmyH4OoTLt1+gFGgSCfbjsusl9aNl +EDhcYmav8OFHE48qvEoYyHD7S3fwsxKFSCJpYTRweBRQaEzpq1z90tVxzhLZFpJe +A7sw/HpiOuty0hDHQ5JaiRBsQ+CiOsVdWZXzaI/H0aoaPbLbpursuTPPPG5OFqvL +WIIDfFYZ9rhy8t/YaAeTyFoLx1VU7m88ZZndyaVXhnqp7iaU14NXlelPeyKJ3ZXc +pd6gZ4l1XAJHbeyiBx+6khtZb6JTLbYpwfbjTqPmDtNw2PVb5rwF0ZSeP6LXKOEM ++WntayDMbWK67yUCBlkPTpY4k+8nV8pJ+th9sR8LlL7d9rZgbSjmxG8XgjC7HHg+ +4I2O7poGQMVgtMeIsGZRIS0cTpm1dpCRfFQPR0DOB6+wjDRPIRNNiTZQYdkpfHQ1 +QSpCskaWG9HzJQGSu+meN4LdaKEoXwNMMz77fCTWhXXkvy6Ujm44EpOOfaHXpg7T +AQagXzyII0xXj+rAFkqmnyygWgxpou6f3MkoWxIC/qYocC4Ci3oWMAZVssWfnhoP +T/ZormTZN3uQCZYtfwTjbjh5efFQc4I9THxkHV6eyhGE7MQO/D/5zjBzkwmNsU6b +GttZyyHto+oKlXMF9dNKxLkQbtVO8ZDIDuNP+sb/m7wj3GG2MNoklp6Cd7lckimv +PqkQP7PQa8h6EeFXmTKqi7vfgsQAEIzTfOLJDvfHhLC54pjbFPR8vY0T5Y2Dwe8w +rMPwFenW1ae6DjeGDHij3+QbQmTYZeu8Hblhs5DNhy7wtZX05IUsioVfJLC9QngN +Y5u7OuMGQLPdcPjWHBuZsl/lMdii1lOB/PrExrEIsybSGPQonDfK6x1pOeyIJsbr +fDnevcamxLpG6BU8U7AqE1QHa/sJGNO/lgsHGLrb5A2id1J+VttSxSG09sML49uw +T+vmgdVbVjsYRvMSjMfwRrVp4NARlXph5FUA2DxAKXvr1reicAleVgQDcokAHhLi +vGZ34XFIZHB+YZvHxd3tZxLcKvAMZQJTPlO6RdD9cx+84DEfevaJilUjyu6Ga4ty +HjA= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-openssl.cnf b/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-openssl.cnf new file mode 100644 index 0000000..bdd0364 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-openssl.cnf @@ -0,0 +1,250 @@ +# +# Based on the OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +#CRLDISTPT = [CRL Distribution Point; e.g., http://crl-list.base/w4edom-l4.base.crl] +CRLDISTPT = http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + +# Extra OBJECT IDENTIFIER info: +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] +# Ordinarily, certificates must have this oid as an enhanced key usage in order for Windows to allow them to be used as a login credential +scardLogin=1.3.6.1.4.1.311.20.2.2 +# Used in a smart card login certificate's subject alternative name +msUPN=1.3.6.1.4.1.311.20.2.3 +# Ordinarily, certificates must have this oid as an enhanced key usage in order for Windows to allow them to be used to identify a domain controller +msKDC=1.3.6.1.5.2.3.5 +# Identifies the AD GUID +msADGUID=1.3.6.1.4.1.311.25.1 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = CA-samba.example.com # Where everything is kept +certs = $dir/_none_certs # Where the issued certs are kept +crl_dir = $dir/_none_crl # Where the issued crl are kept +database = $dir/Private/CA-samba.example.com-index.txt # database index file. +unique_subject = yes # Set to 'no' to allow creation of + # several certificates with same subject. +new_certs_dir = $dir/NewCerts # default place for new certs. + +certificate = $dir/Public/CA-samba.example.com-cert.pem # The CA certificate +serial = $dir/Private/CA-samba.example.com-serial.txt # The current serial number +crlnumber = $dir/Private/CA-samba.example.com-crlnumber.txt # the current crl number + # must be commented out to leave a V1 CRL + +#crl = $dir/Public/CA-samba.example.com-crl.pem # The current CRL +crl = $dir/Public/CA-samba.example.com-crl.crl # The current CRL +private_key = $dir/Private/CA-samba.example.com-private-key.pem # The private key +RANDFILE = $dir/Private/CA-samba.example.com.rand # private random number file + +#x509_extensions = # The extensions to add to the cert +x509_extensions = template_x509_extensions + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +crl_extensions = crl_ext + +default_days = 7300 # how long to certify for +default_crl_days= 7300 # how long before next CRL +default_md = sha256 # use public key default MD +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = match +stateOrProvinceName = match +localityName = match +organizationName = match +organizationalUnitName = match +commonName = supplied +emailAddress = supplied + +#################################################################### +[ req ] +default_bits = 4096 +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extensions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString (PKIX recommendation before 2004) +# utf8only: only UTF8Strings (PKIX recommendation after 2004). +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. +string_mask = utf8only + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = US +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = SambaState + +localityName = Locality Name (eg, city) +localityName_default = SambaCity + +organizationName = Organization Name (eg, company) +organizationName_default = SambaSelfTesting + +organizationalUnitName = Organizational Unit Name (eg, section) +organizationalUnitName_default = Domain Controllers + +commonName = Common Name (eg, YOUR name) +commonName_default = addc.addom.samba.example.com +commonName_max = 64 + +emailAddress = Email Address +emailAddress_default = ca-samba.example.com@samba.example.com +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +#challengePassword = A challenge password +#challengePassword_min = 4 +#challengePassword_max = 20 +# +#unstructuredName = An optional company name + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] +# Extensions for a typical CA +# PKIX recommendation. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. +keyUsage = cRLSign, keyCertSign + +crlDistributionPoints=URI:$CRLDISTPT + +# Some might want this also +nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +subjectAltName=email:copy +# Copy issuer details +issuerAltName=issuer:copy + +[ crl_ext ] +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always + +#[ usr_cert_mskdc ] +[ template_x509_extensions ] + +# These extensions are added when 'ca' signs a request for a domain controller certificate. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE +crlDistributionPoints=URI:$CRLDISTPT + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +nsCertType = server + +# This is typical in keyUsage for a client certificate. +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "Domain Controller Certificate addc.addom.samba.example.com" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. + +subjectAltName=@dc_subjalt + +# Copy subject details +issuerAltName=issuer:copy + +nsCaRevocationUrl = $CRLDISTPT +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +#Extended Key requirements for our domain controller certs +# serverAuth - says cert can be used to identify an ssl/tls server +# msKDC - says cert can be used to identify a Kerberos Domain Controller. +extendedKeyUsage = clientAuth,serverAuth,msKDC + +[dc_subjalt] +DNS=addc.addom.samba.example.com +otherName=msADGUID;FORMAT:HEX,OCTETSTRING:0123456789ABCDEF diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-private-key.pem b/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-private-key.pem new file mode 100644 index 0000000..eec21e4 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-private-key.pem @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJJwIBAAKCAgEApsSpv3XqTI07/YoPsKK2x6gf5A4+Qe/WEEh3e05MWeG/bccY +e6gBp9XSLCE+0BraWAPoQvFTDqeRuSy553rJ3l7tTJNrzN0X0MfR8Xw9DW/fXVNa +sR+je1tBZQx86lPfu9pBFdpJ47ktu7Wv74y4hHTQGBaOXOTC56GHj+OHiwu7kDDo +4PPrwFBftX9Umhs0Q/2+WoBuD2Ois3lCSoXIB8eCVSOI1E4DL/GVve0VLT4Wzf/H +mwMpNqZdyRoeiaW6ZoMPlqgHnyS5G48CmrhQKYu+Y0X6RcM4I6CYOrRrQpkTNkuE +7yeJOTR5+GcWe5wqA0EVY0bk2y/yPm3+fCAenwJIpLwVQqb4OIbca3xOZ6MxgY62 +MBrrPQglGV9C3DnseR0wCvsWjz0ZFMz1r9fGdc+zlqKym9kDAaPKiB1y7W/Rv1dW +jrkHm7kEEx4LWgZrK0Oi3NW39LrTrp2t/dOKfC+HMvqJiFgArhYrnB1Ygk3lIdrV +bPeoQIvHAtU2MO8/CZum0jGjvyDUop4mxLTDDwtsANEsFrEq6wbZ1ZjDzcsgaK0K +LKEvJ0Fckd5JYu3YOu9oHG3+lMMoaDJgCGXNAp+Xli8Phyc9uQ+FYugrmrT009fB +k5YnIymIsTmZUzogqohEO0okKovgtI3dZjDfpm63/CFDFp4+EiDIejDBPasCAwEA +AQKCAgAloAU0PyRHdS3tu/JiRbO7RAE98MC3G6dOMStT1IyBUt9foyWw8Gy/Mwyi +DDYhuY09glQqlkvI6KGGB8NBqIBW/U/IkRInPFKdNhf1xbP4jh707VNu1taJhEMy +yyh7rcSym0FH7uHw0NyylwFEqJkQuVIhvSUNbEdU/yqYmhsAkfsVQxOnfSDZWMjf +KAUsZ6rZFCyYOpWaPz58A4WjTp+csbSEBOpgC+HINVc1bIH0nSeD/otIO+RWgh5y +usPdBlkRu8wOj4Z4r05cG13ZDnB3jyG7QBSBHNRTpW3zALWaZvLgsxUg5+ib0W0b +UBbQeKE57rsmlN4ZXa3ny+U4l/6QQDSMtrWPNBCMrkt1Q/52gQk1IGeONUAQdLQT +uBx0Vdn5ZvIFRBnkQl2KWOBWTdD2v0qxIHhXlsWX7tGVU7eh3GIAPoFzQZFHpPhA +RObE8fNg/3HMVGDUwXnd4k+6c1t+Ioa17FuLJE4lr5c55Klq2lJ4Oq2Jd6AfoGjv +anA45ChI6lrg2Kt7OhUEHIIHyZmm7eNmBHoGA3r+YJyiQQIGSiNjH+Up54KWa88z +p+ZY1u3VdOiNuKVlRn79q85Th4HyMlx7wuY+t8HAj42Vt03Uy7iDaaTfuPxehMyS +MqcRWR5MhavR5ShTtsIXwvUgWj/YcqaOb9Zfe2Y1RgFURKN3YQKCAQEA0I1hTnGs +KE5l9dGowKm2io6pZr8J2B8ITjp8pdAaY46Ws1tfcTkbbpBUvyrflCIgLIP9KTP3 +6cc4HrK11mf8rPD1pHNWJd7CjPTLQFMYu+h8YlBqKwrgA8owLzUWG4omS0vehCnG +6OIPi8ceUc2u6XW+TGKP4n8GXJrrKaw9hw83u6h9YQCpgfwF4QpwX8LzTMKnI7te +HxUQFlhKX3vci+dP4n29c6yGl57830E7LeQGRfjo/NAV3pAAcHk79cEzOJQCN1Wy +bNU2kcoOA3tGTI8tCfBdwpN11Sz2/tu4ytJE2weP5S7r9xOTq8t+iKQ9+NLhAvJU +8S2mIkyFAi8tWQKCAQEAzLWsJ3qxyaLHv4tOFTqenSj0CbB25OIzDQNLT++L4fYn +YAqL6/G83bRVbdYvfJ3ZdZdnseluGrR8ZcxdqioLCws66+O1vC8GkHI5aBKZt4MD +Um+SzD6ZnARYcTbtRmPUJHxIdny2dbYLe5dDlqTFIV+olWDR+1YMSzXt/VW+jx9I +tHhw8LJAxhMhDt0Gh+CxNFHQYdkdK/OuNTBufT/rxeT3E5t3TbSG29pU/F2Rce1G +CCy0nbFsTMjPusSzwFJILWHdvBAYJceOajvqZhlaTV11u/qrj9gb+nJkH+rKvJnA +pK2YyFWqomnGCZB61Y5LOfjk2b1BfVGCdqpRrBCOowKCAQBun3/NB1jlbGiDEvor +cBpmtrO+z3jeTd+u9zElFxTYWEsxyjb/LOaTKDX7zTcZMVzVoBGKaImJVOY8yljP +6QrLhWkXGSLKJbYW5MZnUWyeR/yqfbNDL5qSCA61C7i1VPtpF05p1msvHrJWV4GK +rMqqBY2yoNlnsC9ksbwpt7ZPTNAoV4BiEuLXEyLfMxVWhmdeASZ9Oqb7X8XPxHd2 +3JGpGEJ0hnQWxp4CERBbMBO/DOQS+6xCZfIjw0ioYHZgrmGIEmJ2jZt+RT6T6JS0 +XhB1DcE7M2fYjTWEpTxDBbOoyg5CDGnUjKYXwiejieaNfmls8hbu5DIQWEF2khY/ +iVzJAoIBAENOiGgCo2oUp3CHMQkx2Oz7hiGZb74Z0Yc5yg1iSa/l61Rco1zUgrCy +llQi1EI49EMBoQqSIa2OIkimRTWp1S+wZZMhr6NMIvBjXhSl6Py5iuIT5URaYM83 +bozq7mDyedH1Oy4aGzPgwy3DsmlZi6dJeHiE+QWWaTxhYvqksp8EPjd4UkoRkdKO +f5QPgBI1Ao6dR9KkPD8zQ9ghMHLmDXNnsQU1XKij7qNiygagDS5UQW52pHwk1eL5 +M7PI8QEPDMQ/JVSsRgRF9MFhKdSgCVzemdNQvA/zkl9qNRl5bWdNdlWu7kkQQaZc ++Mw0QO7udjV9bGFbJKk7n5W8slXMq9kCggEAJ2yzyZKdQZtuXpf6WN6sNqRJ6CHo +k9en+acEg9Y+5lVt2CRblprQxhdUV2KyN7G8GxV0hMwmHtMTeB4j6jhdZrAAZGVW +upqCfY2vSYQ/svCeB0Fs5DMEI4iCS5Drn8gKKi/zWAbox9sb+zaYT/Ot5p2Ki/HH +YIh+p8EE6IFWE3jChabPQieXVOC7tg/qaxWVHTv7Qe2fdZTY3XifTcN7hVghf/bH +Vn+VdU2u/7hE7X3y9YNETNSin5U3F0BSm1tUQimUzU50+9Nl2UGPBI39e+15qRz7 +JHocpq9h9+k3T7qWwJxX74YhcTqdb1pGsKUEmo7r6rPR4L5h5nCF3OgR9g== +-----END RSA PRIVATE KEY----- diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-private.p12 b/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-private.p12 Binary files differnew file mode 100644 index 0000000..994cba3 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-private.p12 diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-req.pem b/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-req.pem new file mode 100644 index 0000000..5b356fa --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-req.pem @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIFEjCCAvoCAQAwgcwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApTYW1iYVN0YXRl +MRIwEAYDVQQHDAlTYW1iYUNpdHkxGTAXBgNVBAoMEFNhbWJhU2VsZlRlc3Rpbmcx +GzAZBgNVBAsMEkRvbWFpbiBDb250cm9sbGVyczElMCMGA1UEAwwcYWRkYy5hZGRv +bS5zYW1iYS5leGFtcGxlLmNvbTE1MDMGCSqGSIb3DQEJARYmY2Etc2FtYmEuZXhh +bXBsZS5jb21Ac2FtYmEuZXhhbXBsZS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4IC +DwAwggIKAoICAQCmxKm/depMjTv9ig+worbHqB/kDj5B79YQSHd7TkxZ4b9txxh7 +qAGn1dIsIT7QGtpYA+hC8VMOp5G5LLnnesneXu1Mk2vM3RfQx9HxfD0Nb99dU1qx +H6N7W0FlDHzqU9+72kEV2knjuS27ta/vjLiEdNAYFo5c5MLnoYeP44eLC7uQMOjg +8+vAUF+1f1SaGzRD/b5agG4PY6KzeUJKhcgHx4JVI4jUTgMv8ZW97RUtPhbN/8eb +Ayk2pl3JGh6Jpbpmgw+WqAefJLkbjwKauFApi75jRfpFwzgjoJg6tGtCmRM2S4Tv +J4k5NHn4ZxZ7nCoDQRVjRuTbL/I+bf58IB6fAkikvBVCpvg4htxrfE5nozGBjrYw +Gus9CCUZX0LcOex5HTAK+xaPPRkUzPWv18Z1z7OWorKb2QMBo8qIHXLtb9G/V1aO +uQebuQQTHgtaBmsrQ6Lc1bf0utOuna3904p8L4cy+omIWACuFiucHViCTeUh2tVs +96hAi8cC1TYw7z8Jm6bSMaO/INSinibEtMMPC2wA0SwWsSrrBtnVmMPNyyBorQos +oS8nQVyR3kli7dg672gcbf6UwyhoMmAIZc0Cn5eWLw+HJz25D4Vi6CuatPTT18GT +licjKYixOZlTOiCqiEQ7SiQqi+C0jd1mMN+mbrf8IUMWnj4SIMh6MME9qwIDAQAB +oAAwDQYJKoZIhvcNAQELBQADggIBADLgdZz1gvzpnZPwd5KCxjwKgiotlUGBh6t6 +cLhyomCN02adMr0PPJP/n3r1Zsaq2db/zktP8J5fUYqA9vJZzYukzkKRHbl+rdHS +JVEvHmbsG3729V9cy40kuL0EAM0weBbfQZaeFxfcLxl5v14QOxvldrmYSK5GaLh8 +WSEz4uljrI8ee3q8Cn08xlZ2Dr3MoHI9unEcLJFXkpCwVBALFhw5dG8od3jl8AyS +WeMVbdD9fm4jnHE/RDSPDqUqMCGIYmrB5amGO5rSLDTWxDxrcHFRM7sa359nW2IA +GoZd+r8Vf2AZ8i/KRgH7uIFB2BJm4L0QiVlajy3odW3zhQIVXNh9p58aGzOFQGkq +Gsld4WI3gZZeSvGgGIjoB2+AYRjxTzUn5qSFVev5sFLK3cNdPZo66xltuPBhfXB/ +v/+/TQC80oZ8oZGdgYvBBT1IEg4pwB5Myqeps9J7kbJVmtxR2EGlq/aGN0yE/fy9 +S8ners0iXBJP18suSwbjj2unZQMBYLIgHLkzztxAMGYBlfEljSAvDfFCsK5Rkmya +soxd1qHHMG8Ap+WZagpkK9tv42HwmbYKVeDArGAHr53aC4ripgrSBnzpmkiSyi4p +mb3L5K/ZSOxo3xrS0wERq3p6FalF8/AhctgzWOgMvikVoTUy0xPsG/hulXPyk2UG +rYn+WPQz +-----END CERTIFICATE REQUEST----- diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-cert.pem b/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-cert.pem new file mode 120000 index 0000000..43b4b51 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-cert.pem @@ -0,0 +1 @@ +DC-addc.addom.samba.example.com-S02-cert.pem
\ No newline at end of file diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-private-key.pem b/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-private-key.pem new file mode 120000 index 0000000..3170fe7 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-private-key.pem @@ -0,0 +1 @@ +DC-addc.addom.samba.example.com-S02-private-key.pem
\ No newline at end of file diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-cert.cer b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-cert.cer Binary files differnew file mode 100644 index 0000000..f68d26d --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-cert.cer diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-cert.pem b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-cert.pem new file mode 100644 index 0000000..6b25079 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-cert.pem @@ -0,0 +1,191 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 6 (0x6) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=SambaState, L=SambaCity, O=SambaSelfTesting, OU=CA Administration, CN=CA of samba.example.com/emailAddress=ca-samba.example.com@samba.example.com + Validity + Not Before: Feb 28 13:30:28 2020 GMT + Not After : Feb 23 13:30:28 2040 GMT + Subject: C=US, ST=SambaState, O=SambaSelfTesting, OU=Domain Controllers, CN=addcsmb1.addom2.samba.example.com/emailAddress=ca-samba.example.com@samba.example.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:de:fe:5d:7a:30:99:bb:1e:11:56:ac:b0:d4:01: + 50:30:83:e1:71:0f:aa:3e:1a:b4:f7:9d:ea:93:69: + fc:be:51:19:4c:37:f7:a3:b3:3c:90:13:62:63:14: + 9d:b8:54:66:17:65:4a:67:8e:ce:96:7f:4d:c2:c6: + 6e:fd:3c:ae:bb:e2:5b:6c:ee:51:7b:db:37:17:94: + 99:02:3a:2f:a9:cb:d0:23:29:b7:43:33:08:fc:3f: + 15:3b:ed:3c:eb:69:5b:95:45:18:1e:85:5e:aa:31: + b6:3e:18:c8:2f:3a:48:2d:cc:c6:69:28:b6:5c:ac: + 24:03:b1:83:e8:e6:96:a7:06:6d:fe:73:13:04:d2: + 18:0f:d4:72:f7:88:22:40:5b:ab:68:a4:89:e2:3d: + c0:ca:e5:a7:ae:b6:f8:ea:8a:8c:39:9c:6d:1b:89: + ab:72:2c:04:27:40:7e:f5:d3:3f:5d:d8:0d:71:67: + 65:1d:e3:3d:65:b0:97:7f:14:ad:92:43:2f:3f:04: + ab:1e:31:52:07:7f:df:48:ac:9a:c0:28:d1:ab:eb: + f2:79:b3:d2:44:5f:e8:2d:92:d7:d8:be:03:fe:db: + 55:2b:4b:f8:9c:b4:ce:02:78:07:72:0f:d5:32:cd: + 01:1e:3d:b2:6e:25:29:fa:09:49:49:ab:ed:dc:2b: + 10:c5:3d:19:3c:c4:1e:da:ee:95:c2:ff:f8:50:b4: + f7:47:9a:a4:7d:1c:9a:8d:77:da:b6:a2:e6:4f:cd: + 80:b9:b1:f2:1d:dc:90:60:37:6f:39:5e:a6:03:e2: + 8b:44:d7:a4:45:fd:7e:4f:43:14:f0:68:0d:e6:84: + 8f:21:20:53:f6:b4:67:bd:fc:5d:f4:48:2a:95:1d: + 7d:79:ba:a1:ee:b8:f0:83:83:7f:ab:b1:eb:38:4e: + 3c:4b:8a:93:80:15:63:4c:43:1d:81:4b:c1:e6:d5: + b0:9f:6c:49:9d:04:92:66:6c:9f:7c:d3:62:50:72: + fc:77:65:87:39:d9:d0:ef:5e:53:49:32:4a:d3:1b: + 4a:88:45:f0:0f:a2:5e:33:29:bd:ab:3d:6b:3d:23: + bc:c6:9c:9d:98:9c:9d:8d:cc:32:3e:e1:8c:98:19: + 1c:44:ee:17:43:b3:b0:47:a5:fe:15:49:aa:5a:b7: + 76:43:4c:df:9a:e8:33:3d:52:e8:6c:2c:dd:3e:d8: + a9:e9:2d:36:c2:3a:43:75:b2:bc:d5:bd:81:8b:fc: + 63:37:61:88:24:bb:76:35:19:00:44:7a:3e:30:a8: + 9e:8f:df:74:14:09:0b:f5:8b:c9:b0:ed:be:d0:cf: + c0:7f:61:41:07:f8:6c:7d:0a:05:96:4f:6e:5f:cc: + 40:f3:f5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 CRL Distribution Points: + + Full Name: + URI:http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + + Netscape Cert Type: + SSL Server + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + Netscape Comment: + Domain Controller Certificate addcsmb1.addom2.samba.example.com + X509v3 Subject Key Identifier: + 5B:85:11:27:BF:F7:A6:2B:8F:51:93:D8:29:4E:0E:A2:67:AA:9D:80 + X509v3 Authority Key Identifier: + keyid:A2:3E:02:2A:A3:A7:4D:39:B4:08:4D:99:CC:0C:75:36:EA:27:C3:3E + + X509v3 Subject Alternative Name: + DNS:addcsmb1.addom2.samba.example.com, othername:<unsupported> + X509v3 Issuer Alternative Name: + email:ca-samba.example.com@samba.example.com + Netscape CA Revocation Url: + http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + X509v3 Extended Key Usage: + TLS Web Client Authentication, TLS Web Server Authentication, msKDC + Signature Algorithm: sha256WithRSAEncryption + 73:de:7a:35:bc:15:ac:32:44:5b:98:60:64:12:af:ea:42:46: + 7d:fb:b2:88:b3:47:61:c3:0b:6d:d1:68:92:3d:44:cd:37:86: + da:10:d2:18:db:19:29:03:31:1a:26:cd:70:d1:ec:13:ac:59: + 84:cd:be:9f:2b:c6:2d:10:aa:4b:4d:78:39:d3:6b:e1:4d:e8: + 10:a0:3e:97:d3:1c:19:11:e4:0f:26:7f:96:d7:26:17:23:02: + d9:4b:47:0c:af:c7:ef:28:ae:1c:28:e5:d2:7a:61:46:70:3b: + 49:5e:d0:65:54:4c:ae:14:27:c0:e4:17:41:2c:1a:42:0d:86: + 6c:37:48:65:80:02:21:b3:2b:1f:4f:34:a5:ce:7b:b0:fe:06: + a6:fe:c5:1b:ca:e5:e6:7e:d5:dc:01:d2:50:c4:f8:5e:73:6c: + 2c:56:81:d0:a4:73:bf:82:cb:d8:76:ca:7e:44:99:3a:5f:a9: + 97:89:a8:5c:5b:1b:38:0d:4d:cb:02:49:69:82:13:68:a6:be: + 4b:a3:57:a6:a6:e3:f0:dc:ad:1c:30:00:bf:ed:15:ca:c3:3d: + 5c:7b:dc:6d:e6:cb:bb:bc:a1:22:e7:32:95:e0:0f:6a:ab:40: + 0c:43:ed:f3:98:63:7c:2f:15:63:49:4e:5c:82:65:13:f2:53: + 26:d7:4c:c6:f8:7e:fa:bc:a8:22:44:f1:fb:a6:bb:27:64:ec: + 94:28:19:4a:af:09:7e:01:8e:9d:3e:43:e5:79:fd:16:ed:24: + b4:ab:58:02:e2:9e:f8:a1:b0:45:25:6d:2f:be:bb:88:90:c7: + d8:45:31:48:65:26:33:86:cc:46:69:53:6b:f1:d6:35:df:b1: + 39:ed:81:e1:23:f1:01:de:99:10:11:f0:3f:4d:5d:d3:8a:0c: + 44:78:f6:27:4a:32:1d:ab:0c:63:d0:71:25:62:67:f5:0c:7e: + 2c:7c:a4:ec:8d:de:00:6d:5f:69:5d:bf:e6:c7:59:75:87:5e: + 2c:12:dc:a5:1b:dd:c1:7a:c9:56:63:6a:3b:c6:9a:b7:fc:15: + 01:53:4d:c8:ca:c7:c8:81:50:a0:65:43:33:fb:aa:55:64:a0: + c3:2e:e2:f9:08:64:e5:75:ab:98:b3:38:ba:8d:53:e8:08:47: + ef:cf:a9:f2:16:25:1b:20:78:2d:6f:f5:83:ee:35:d4:b5:c5: + d6:d7:81:17:bf:9c:45:43:d1:88:74:22:1a:32:b2:45:73:a2: + 28:d4:da:ff:85:f9:75:1c:4f:84:6a:a5:1a:41:eb:8b:e0:1d: + 49:69:07:2f:5b:5e:e3:7b:00:f8:4b:67:5b:42:d7:51:de:1c: + 18:89:2f:f8:36:e7:b5:a3:6c:39:e3:88:dc:5d:7f:2f:d9:52: + b6:6b:9c:e9:1d:df:d0:18:68:25:70:7e:71:fb:b3:40:28:75: + e9:24:38:6f:70:5b:1a:f9:bf:e9:43:bd:4b:51:e3:df:e3:25: + 11:ae:30:4e:7e:55:58:43:b3:65:05:11:2d:0e:a4:3c:b8:8a: + 0c:f9:93:ab:27:28:c0:b2:17:76:52:9b:18:82:b7:fd:a6:4f: + 6e:a1:74:2b:19:59:ac:b1:d8:5e:fb:f3:69:37:16:59:01:4c: + fa:a9:57:52:04:d4:45:8f:10:08:8a:ab:88:aa:96:46:9a:aa: + 94:b5:c6:bf:e9:9e:9a:cd:40:f3:2a:ed:23:ff:a6:f7:9b:18: + 02:d9:ab:76:96:ac:15:6f:04:5d:92:d2:49:4c:4b:62:da:3d: + 2a:a4:59:22:1a:75:cd:6e:fb:62:50:da:ae:9d:28:7d:4d:32: + 2f:d8:cd:37:67:f9:1d:c1:d5:76:40:ba:34:f6:8c:92:5b:c0: + 65:f6:3c:90:6c:5b:67:09:0d:d3:14:90:38:03:82:06:c3:b7: + 85:74:7f:15:f4:5b:de:66:5f:71:a9:f1:ed:15:9b:a0:72:ee: + 05:d7:b3:92:30:65:2e:82:90:21:fe:f0:07:34:11:d3:87:41: + f4:35:04:0c:b4:28:f5:73:b8:d5:0e:e3:2a:53:ab:9a:3f:4d: + 59:f9:18:68:f0:31:90:1d:d6:25:c6:8b:33:e8:dc:06:93:7b: + cb:01:de:8b:1e:87:5a:26:a0:0d:5e:f6:6a:36:43:54:53:6d: + 87:10:ca:a8:15:1a:4a:37:95:a5:67:93:74:ba:c3:59:9b:f8: + b5:ab:10:98:fc:ff:d6:d2:61:17:5d:90:7e:b1:2a:16:ec:d5: + da:80:67:02:13:41:d7:bc:a2:af:0b:54:08:b3:2e:1b:05:50: + 80:f6:c7:9a:8c:ac:89:49:4a:f4:4b:71:73:bc:e7:8c:6f:0c: + 70:62:73:3d:ed:07:14:35:f0:15:0c:bb:d8:c3:f6:19:43:b7: + 45:a5:33:80:17:1f:c3:39:28:3d:6a:7c:d6:e0:37:66:58:bd: + e8:64:2c:ad:b7:e0:25:f5:41:ac:ae:cb:ca:c1:eb:5b:8b:e1: + 3d:1e:cc:09:63:d6:6c:c8:eb:b8:ae:6f:4b:02:98:4a:2a:1a: + 94:26:e7:a3:23:7c:e9:e5:02:e0:1f:f5:88:f9:14:74:81:01: + 1d:cd:7e:46:35:7c:1d:e3:64:60:88:a4:ed:86:06:0e:af:3a: + 2b:1d:f8:45:fe:53:8e:56:89:95:98:ff:2c:8a:fb:3a:7a:0c: + 46:6a:3d:32:78:ad:58:69:ba:3b:d5:95:51:55:f3:72 +-----BEGIN CERTIFICATE----- +MIIKAzCCBeugAwIBAgIBBjANBgkqhkiG9w0BAQsFADCBxjELMAkGA1UEBhMCVVMx +EzARBgNVBAgMClNhbWJhU3RhdGUxEjAQBgNVBAcMCVNhbWJhQ2l0eTEZMBcGA1UE +CgwQU2FtYmFTZWxmVGVzdGluZzEaMBgGA1UECwwRQ0EgQWRtaW5pc3RyYXRpb24x +IDAeBgNVBAMMF0NBIG9mIHNhbWJhLmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkB +FiZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTAeFw0yMDAy +MjgxMzMwMjhaFw00MDAyMjMxMzMwMjhaMIG9MQswCQYDVQQGEwJVUzETMBEGA1UE +CAwKU2FtYmFTdGF0ZTEZMBcGA1UECgwQU2FtYmFTZWxmVGVzdGluZzEbMBkGA1UE +CwwSRG9tYWluIENvbnRyb2xsZXJzMSowKAYDVQQDDCFhZGRjc21iMS5hZGRvbTIu +c2FtYmEuZXhhbXBsZS5jb20xNTAzBgkqhkiG9w0BCQEWJmNhLXNhbWJhLmV4YW1w +bGUuY29tQHNhbWJhLmV4YW1wbGUuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEA3v5dejCZux4RVqyw1AFQMIPhcQ+qPhq0953qk2n8vlEZTDf3o7M8 +kBNiYxSduFRmF2VKZ47Oln9NwsZu/Tyuu+JbbO5Re9s3F5SZAjovqcvQIym3QzMI +/D8VO+0862lblUUYHoVeqjG2PhjILzpILczGaSi2XKwkA7GD6OaWpwZt/nMTBNIY +D9Ry94giQFuraKSJ4j3AyuWnrrb46oqMOZxtG4mrciwEJ0B+9dM/XdgNcWdlHeM9 +ZbCXfxStkkMvPwSrHjFSB3/fSKyawCjRq+vyebPSRF/oLZLX2L4D/ttVK0v4nLTO +AngHcg/VMs0BHj2ybiUp+glJSavt3CsQxT0ZPMQe2u6Vwv/4ULT3R5qkfRyajXfa +tqLmT82AubHyHdyQYDdvOV6mA+KLRNekRf1+T0MU8GgN5oSPISBT9rRnvfxd9Egq +lR19ebqh7rjwg4N/q7HrOE48S4qTgBVjTEMdgUvB5tWwn2xJnQSSZmyffNNiUHL8 +d2WHOdnQ715TSTJK0xtKiEXwD6JeMym9qz1rPSO8xpydmJydjcwyPuGMmBkcRO4X +Q7OwR6X+FUmqWrd2Q0zfmugzPVLobCzdPtip6S02wjpDdbK81b2Bi/xjN2GIJLt2 +NRkARHo+MKiej990FAkL9YvJsO2+0M/Af2FBB/hsfQoFlk9uX8xA8/UCAwEAAaOC +AgEwggH9MAkGA1UdEwQCMAAwTwYDVR0fBEgwRjBEoEKgQIY+aHR0cDovL3d3dy5z +YW1iYS5leGFtcGxlLmNvbS9jcmxzL0NBLXNhbWJhLmV4YW1wbGUuY29tLWNybC5j +cmwwEQYJYIZIAYb4QgEBBAQDAgZAMAsGA1UdDwQEAwIF4DBOBglghkgBhvhCAQ0E +QRY/RG9tYWluIENvbnRyb2xsZXIgQ2VydGlmaWNhdGUgYWRkY3NtYjEuYWRkb20y +LnNhbWJhLmV4YW1wbGUuY29tMB0GA1UdDgQWBBRbhREnv/emK49Rk9gpTg6iZ6qd +gDAfBgNVHSMEGDAWgBSiPgIqo6dNObQITZnMDHU26ifDPjBFBgNVHREEPjA8giFh +ZGRjc21iMS5hZGRvbTIuc2FtYmEuZXhhbXBsZS5jb22gFwYJKwYBBAGCNxkBoAoE +CAEjRWeJq83vMDEGA1UdEgQqMCiBJmNhLXNhbWJhLmV4YW1wbGUuY29tQHNhbWJh +LmV4YW1wbGUuY29tME0GCWCGSAGG+EIBBARAFj5odHRwOi8vd3d3LnNhbWJhLmV4 +YW1wbGUuY29tL2NybHMvQ0Etc2FtYmEuZXhhbXBsZS5jb20tY3JsLmNybDAmBgNV +HSUEHzAdBggrBgEFBQcDAgYIKwYBBQUHAwEGBysGAQUCAwUwDQYJKoZIhvcNAQEL +BQADggQBAHPeejW8FawyRFuYYGQSr+pCRn37soizR2HDC23RaJI9RM03htoQ0hjb +GSkDMRomzXDR7BOsWYTNvp8rxi0QqktNeDnTa+FN6BCgPpfTHBkR5A8mf5bXJhcj +AtlLRwyvx+8orhwo5dJ6YUZwO0le0GVUTK4UJ8DkF0EsGkINhmw3SGWAAiGzKx9P +NKXOe7D+Bqb+xRvK5eZ+1dwB0lDE+F5zbCxWgdCkc7+Cy9h2yn5EmTpfqZeJqFxb +GzgNTcsCSWmCE2imvkujV6am4/DcrRwwAL/tFcrDPVx73G3my7u8oSLnMpXgD2qr +QAxD7fOYY3wvFWNJTlyCZRPyUybXTMb4fvq8qCJE8fumuydk7JQoGUqvCX4Bjp0+ +Q+V5/RbtJLSrWALinvihsEUlbS++u4iQx9hFMUhlJjOGzEZpU2vx1jXfsTntgeEj +8QHemRAR8D9NXdOKDER49idKMh2rDGPQcSViZ/UMfix8pOyN3gBtX2ldv+bHWXWH +XiwS3KUb3cF6yVZjajvGmrf8FQFTTcjKx8iBUKBlQzP7qlVkoMMu4vkIZOV1q5iz +OLqNU+gIR+/PqfIWJRsgeC1v9YPuNdS1xdbXgRe/nEVD0Yh0IhoyskVzoijU2v+F ++XUcT4RqpRpB64vgHUlpBy9bXuN7APhLZ1tC11HeHBiJL/g257WjbDnjiNxdfy/Z +UrZrnOkd39AYaCVwfnH7s0AodekkOG9wWxr5v+lDvUtR49/jJRGuME5+VVhDs2UF +ES0OpDy4igz5k6snKMCyF3ZSmxiCt/2mT26hdCsZWayx2F7782k3FlkBTPqpV1IE +1EWPEAiKq4iqlkaaqpS1xr/pnprNQPMq7SP/pvebGALZq3aWrBVvBF2S0klMS2La +PSqkWSIadc1u+2JQ2q6dKH1NMi/YzTdn+R3B1XZAujT2jJJbwGX2PJBsW2cJDdMU +kDgDggbDt4V0fxX0W95mX3Gp8e0Vm6By7gXXs5IwZS6CkCH+8Ac0EdOHQfQ1BAy0 +KPVzuNUO4ypTq5o/TVn5GGjwMZAd1iXGizPo3AaTe8sB3oseh1omoA1e9mo2Q1RT +bYcQyqgVGko3laVnk3S6w1mb+LWrEJj8/9bSYRddkH6xKhbs1dqAZwITQde8oq8L +VAizLhsFUID2x5qMrIlJSvRLcXO854xvDHBicz3tBxQ18BUMu9jD9hlDt0WlM4AX +H8M5KD1qfNbgN2ZYvehkLK234CX1Qayuy8rB61uL4T0ezAlj1mzI67iub0sCmEoq +GpQm56MjfOnlAuAf9Yj5FHSBAR3NfkY1fB3jZGCIpO2GBg6vOisd+EX+U45WiZWY +/yyK+zp6DEZqPTJ4rVhpujvVlVFV83I= +-----END CERTIFICATE----- diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-key.pem b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-key.pem new file mode 100644 index 0000000..98aae6c --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-key.pem @@ -0,0 +1,54 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIJjjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI9PC/3NcJal0CAggA +MBQGCCqGSIb3DQMHBAiLhharWWs8/QSCCUglchvaoRZ2KDAOpx1om+BnWFdmElQz +h/3v5NMjNzMrgjSkSU4blpuQdPj4xbyzlxIDJGQFRgcDouNl7FU59Eb1duPnIud/ +6zWBgQgnTbVgH1h+zhHhbpmqAYPAxwf+H5NVEWQva2uAGWrKMApuUPn1IpgesPRz +9WsWwdOyHkj0hQd5slbVdsxJL5wcHwBip9vzrH4IV+WM/vtem4+0629KGFl6hisW +iZD6D2nJHejIlVJMNy6Jkqa5hnJeMH7djaRFp8f22C7/5EbE1a+DGwh6RQG1SfvO +Z7ZTQKkPuq3MvKSb5tp5ArOyHvmQsphPD2TzTtWJD2LiBl5pe1zIiDNSMXWUPmbP +bfSNBswcATWweYUmL/9kuIqaZvNVjJpd1QuVQPMmhFyJyfDyM8WA/6kbeIjwuzku +BSBsBB1CMN26AHBEBxqmA5ml9ZBhL+kKJziYIJs3sdQcQWi+CiyQXKVzzXMhLFF9 +1VgrREMY7d49db3O4I8V4R0sVk5KxqCGULcPy7sMYgRuPr9hBD4i3oRVdokUyKRy +5XmZij7cHVS0pYrpdklkgjNFv4fNjA6goEM39JkzXkBbz0poYjNx/PXAx9wz6Ykc +X29HU6xyE76iwH8UNdqooe+9T75iihb6kccnEWC6uUi106rO5OGbyvtqEHcMlZic +ttfXUxtQT4n8BVK4GTji+o4U2Xfqf75W48ZnrLHMZpC028rrHXP0WMKtweYBCOtN +wt/T5fEqS29tCrnvYBUhlTyEECyfSBuxL9lBDUiS+opw338uGN/3ODXFwc3YCiUY +OoxhVnoLkJPMjIzMmBpIGnjvtVZ4t2FtTQXZMbDQwFJIkW2d70XMuPk86sjh2MWf +jd0rbd+6BrgDVlzxAOWQhXiVTiY7Y3Z8a4CkbyrbpxaNMnZn0DUYhF/LaUm3ylIM +vxXbcm2nTCqi9ly9jP98ZZI7uTAH65W1uhD6+SrOly0sijlZrg4lbdqY3isOuC4Y +BZuqHFWEKLx3J0SwtlV8aJvUAL8KFis5ktTEVO7WWkpODz6IUtiZ/eHbbNUeRyi2 +LmiQx7ywjuy0YIGRE9DeoLsURqtcTGtOkRGgRu8Pa+knl4N2rbuw9JY3ejh2Y775 +obIqyPPT/EgudHfywF4hsjn7i/4L14o/ZjQA53P+qC1swf7sz5LAspTbhHCCe/go +mT2ospx/XIoHLqxmYptKBMYHl5JR5kK8GAdoVzD1vv+MiIGZOHObsJ93X/DaEtT6 +/4/rlAC1ws8Mws4+kVDK0UXfADJLIipq2RP0FkapTQ51+ocIBDnXarAANhTpyokz +5gHLGrbQp1HOQQNnZfVEssJznjm/jiD0MxP/kXFjQuOThZCoKLTkfsjnKTMJE3HN +z96fo1kPemDQ4PUoac3LKUBUDIPxmwFCrcBcwDlrTHm1NmAb60cMUyDMZ073OwNL +3p16tcjn4j7HJ4g/BJ2HvnT5xVavNlFewELaQGN+Ywfl+5DSTNtyAvjgthOYps2F +Zl9sZ8qXL4c+GyaSUk8Rio+6Kggybvo75xdB/Ia5yp3IUC8z0+jVsaoCYf/fddyd +UaVFQvWdeN1tB+nTV7Ntki2LOxek417UV6BtH58zJCibDF2uld9LsIXySIFYvvqe +21kUWUWE7rlaCrDRJ2jwUtU+QYtBHl36WgwSf0C4HkeevRT8hLcFPyhKe6hYVcQL +sqFldps0VAMrfFzCwY8z5Vc1aehmOd9OXVBf/Fn04XBjUEoG46tkSdL18dBfJXI5 +RsfE6TAbB5LOEd7agmoGHJolL3rYwODDVKQWOj0519HR/xt1E7SgCfH/BisGl4Gr +4ZRUJG9unpEBsigN31JEbnXUbfx+rjXZM65F3HM9ir89ofIcVGPuJYflw2IPm1GI +ajEh+nDCt/hwvV66aBI/+JaQ7bHvqbC8tBMWXdlesSjJmWlB2mYdYqIhmqhy+0oj +ryKbsAT+7Fco5ymQACEG4Otw6y+weRTW/IFbibtjDui+P5arl5dRPIn4kCrV+ZMn +wuZVAw83mxSe05efsCt6YCoth64bIgPXVvl7EhGotheYsKfuOFI1Jvw1tDsgtoxk +v+6TnK3xJDMVkdV3dg/glAENdeo1NnHrvIb0Hq9ERMr5wmImQkGoL18r4HoUGin/ +HPi8Q+znxiw3NARCpm7RBwxCUzuYWQ88CKpxDtvGmJfpSNUQ3ETVs1rY9VlBP026 +Uufu5aMz9BURc8iaS4dl/oT0QjrhszeAdsXAoilY+SlmBUuAUieKAnaxLU48hqkX +FID6A/v/LxXm+VYgObFijv4i+ETUGNklhERTdkZ+YfwCWLqCLbGMK6ufVF3YPI9c +nLQ0/gPTW7YH8k1DQ7ehRdSEM3QcdE3x16x2q+dXRqOR1BG9uOsayhofQQWvlN66 +p4gbN8XgwSgf2SLaYUFbeiAiOuEsObPcTYyTekyuRbGcL7CKHY4tHb15VhqUJ0SA +7kiU1hC5cUxaMOKuWCOlqvBdfp+IowEbah2SKxZBWq1D8BKiT1es21NX6FEeJyWC +f+08KHLZWQL/OYrKof8dCcHVwMdQE05/6cXIn5xVMG0QbCyvC2izklQsaH+y4oy+ +iptmdBvXOE+t6wFJsT/jjbFGIbjAXT6xrc9nsL9lBoWJidfhREfzBrmW1LVbIE6L +8ltsECJ5NJ/OMm9Zj5MuQEc9kxsM9sAzk9KXP8xq5mJziTPoYK9QydtLRl/EJkW1 +P4Wp364sHiDnErHYkzsP/DpJ41BkJexEBLnzID/P6YTKfB0bDlnNbb/XQssEPQ7m +5nVBktXVV1UY0we/ACEkqmV6+7yE77ZF/hrzZuCu+M3aE8GjOSrSEpF4KP4V2n5W +ukD+Q5IZJkShjT6kG9lQELotChlU5n9YS147Y9C4HT//wNcQk1neEhUUf4L1cN62 +7JvKqVZTMyWbIIBEjMrKhQKRFAaf5AcFgx+scpGn0rZOY8wguSqHjLxMFrlc9/F7 +CpeM8QUGi9u9I61SiEY9Gmc+wDoONqSu6O9O+pWwWw7/Wh0qjK4TaRXSlVpS+1bK +umgkl3/Y1pDY6pCbHZ3O7AD1JaCZWP0k7oawIejkuV1UuLeFjodLfYkAh6y5Hlfv +/BJ2gHkAEePKibplUpudmOTkWlQChQtzmy3ZReqLydvrxK0H8eh9J/tB8cRP0M/j ++GU= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-openssl.cnf b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-openssl.cnf new file mode 100644 index 0000000..23c5e41 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-openssl.cnf @@ -0,0 +1,250 @@ +# +# Based on the OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +#CRLDISTPT = [CRL Distribution Point; e.g., http://crl-list.base/w4edom-l4.base.crl] +CRLDISTPT = http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + +# Extra OBJECT IDENTIFIER info: +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] +# Ordinarily, certificates must have this oid as an enhanced key usage in order for Windows to allow them to be used as a login credential +scardLogin=1.3.6.1.4.1.311.20.2.2 +# Used in a smart card login certificate's subject alternative name +msUPN=1.3.6.1.4.1.311.20.2.3 +# Ordinarily, certificates must have this oid as an enhanced key usage in order for Windows to allow them to be used to identify a domain controller +msKDC=1.3.6.1.5.2.3.5 +# Identifies the AD GUID +msADGUID=1.3.6.1.4.1.311.25.1 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = CA-samba.example.com # Where everything is kept +certs = $dir/_none_certs # Where the issued certs are kept +crl_dir = $dir/_none_crl # Where the issued crl are kept +database = $dir/Private/CA-samba.example.com-index.txt # database index file. +unique_subject = yes # Set to 'no' to allow creation of + # several certificates with same subject. +new_certs_dir = $dir/NewCerts # default place for new certs. + +certificate = $dir/Public/CA-samba.example.com-cert.pem # The CA certificate +serial = $dir/Private/CA-samba.example.com-serial.txt # The current serial number +crlnumber = $dir/Private/CA-samba.example.com-crlnumber.txt # the current crl number + # must be commented out to leave a V1 CRL + +#crl = $dir/Public/CA-samba.example.com-crl.pem # The current CRL +crl = $dir/Public/CA-samba.example.com-crl.crl # The current CRL +private_key = $dir/Private/CA-samba.example.com-private-key.pem # The private key +RANDFILE = $dir/Private/CA-samba.example.com.rand # private random number file + +#x509_extensions = # The extensions to add to the cert +x509_extensions = template_x509_extensions + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +crl_extensions = crl_ext + +default_days = 7300 # how long to certify for +default_crl_days= 7300 # how long before next CRL +default_md = sha256 # use public key default MD +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = match +stateOrProvinceName = match +localityName = match +organizationName = match +organizationalUnitName = match +commonName = supplied +emailAddress = supplied + +#################################################################### +[ req ] +default_bits = 4096 +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extensions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString (PKIX recommendation before 2004) +# utf8only: only UTF8Strings (PKIX recommendation after 2004). +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. +string_mask = utf8only + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = US +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = SambaState + +localityName = Locality Name (eg, city) +localityName_default = SambaCity + +organizationName = Organization Name (eg, company) +organizationName_default = SambaSelfTesting + +organizationalUnitName = Organizational Unit Name (eg, section) +organizationalUnitName_default = Domain Controllers + +commonName = Common Name (eg, YOUR name) +commonName_default = addcsmb1.addom2.samba.example.com +commonName_max = 64 + +emailAddress = Email Address +emailAddress_default = ca-samba.example.com@samba.example.com +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +#challengePassword = A challenge password +#challengePassword_min = 4 +#challengePassword_max = 20 +# +#unstructuredName = An optional company name + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] +# Extensions for a typical CA +# PKIX recommendation. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. +keyUsage = cRLSign, keyCertSign + +crlDistributionPoints=URI:$CRLDISTPT + +# Some might want this also +nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +subjectAltName=email:copy +# Copy issuer details +issuerAltName=issuer:copy + +[ crl_ext ] +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always + +#[ usr_cert_mskdc ] +[ template_x509_extensions ] + +# These extensions are added when 'ca' signs a request for a domain controller certificate. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE +crlDistributionPoints=URI:$CRLDISTPT + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +nsCertType = server + +# This is typical in keyUsage for a client certificate. +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "Domain Controller Certificate addcsmb1.addom2.samba.example.com" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. + +subjectAltName=@dc_subjalt + +# Copy subject details +issuerAltName=issuer:copy + +nsCaRevocationUrl = $CRLDISTPT +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +#Extended Key requirements for our domain controller certs +# serverAuth - says cert can be used to identify an ssl/tls server +# msKDC - says cert can be used to identify a Kerberos Domain Controller. +extendedKeyUsage = clientAuth,serverAuth,msKDC + +[dc_subjalt] +DNS=addcsmb1.addom2.samba.example.com +otherName=msADGUID;FORMAT:HEX,OCTETSTRING:0123456789ABCDEF diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-private-key.pem b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-private-key.pem new file mode 100644 index 0000000..82ccc60 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-private-key.pem @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJJwIBAAKCAgEA3v5dejCZux4RVqyw1AFQMIPhcQ+qPhq0953qk2n8vlEZTDf3 +o7M8kBNiYxSduFRmF2VKZ47Oln9NwsZu/Tyuu+JbbO5Re9s3F5SZAjovqcvQIym3 +QzMI/D8VO+0862lblUUYHoVeqjG2PhjILzpILczGaSi2XKwkA7GD6OaWpwZt/nMT +BNIYD9Ry94giQFuraKSJ4j3AyuWnrrb46oqMOZxtG4mrciwEJ0B+9dM/XdgNcWdl +HeM9ZbCXfxStkkMvPwSrHjFSB3/fSKyawCjRq+vyebPSRF/oLZLX2L4D/ttVK0v4 +nLTOAngHcg/VMs0BHj2ybiUp+glJSavt3CsQxT0ZPMQe2u6Vwv/4ULT3R5qkfRya +jXfatqLmT82AubHyHdyQYDdvOV6mA+KLRNekRf1+T0MU8GgN5oSPISBT9rRnvfxd +9EgqlR19ebqh7rjwg4N/q7HrOE48S4qTgBVjTEMdgUvB5tWwn2xJnQSSZmyffNNi +UHL8d2WHOdnQ715TSTJK0xtKiEXwD6JeMym9qz1rPSO8xpydmJydjcwyPuGMmBkc +RO4XQ7OwR6X+FUmqWrd2Q0zfmugzPVLobCzdPtip6S02wjpDdbK81b2Bi/xjN2GI +JLt2NRkARHo+MKiej990FAkL9YvJsO2+0M/Af2FBB/hsfQoFlk9uX8xA8/UCAwEA +AQKCAgBi3WOUSPffffUx+F5toCdtWwsYlVllL3IMVncp5FOqDUqqACZK7axsNCvq +wbkrgD/DH6VdRHNTRh2zvUZ3/+94XWMraH236/kA+2DbG/EF1tbwwA4APSA+tbk0 +WHop5Qw1oeyPm5Hc4y1pWpNmXPCjXaaZ+PLhI3DUMl/JYnJomvEpXtuPx5Xjbs2J +8VE+N2ZHfqujIr3XNvqg+35gfgytfizhiKf6dolg3bdsRbxSXveWz8CE/7q42xJP +xVsu/Zp01h0HxdYYfRkBn4T8rRxInNNkIdWXeu31RqVr8tLSq2uXRpdy4rZzYcPr +Thm37CwSvEffjZqOwI89mnxaoL1N4UxlIVTk8qapArHCZaucgxYr9acLT9H4sWCO +EgSc0nS1eHogUDZquNvdypJ++EmLAvNtBluRcuQC0DQqOlKPsqVyapTbEOscvk3m +SZ+JRQZi8qgN5nqNNAQAAy60krPGUDJCFOaONVQdjQljPJsg/112y5cBrQPXsknQ +o8u8TMcp9+I8Dp7qSCI7u5TDdERCWjg+wQxw5AzimcWDNRRN52yKzfEekrF6kV+l +eCcWMUv/eeWhJXCKNHAdVGQlHkSld3FdQRtr9PVQn8rSrb81HpodQhqPAUNW3NYf +hhxHimy3y5MLcLNU9A+ut+/lrDwD0enVlXhOiK4b7QqCv6ywAQKCAQEA90JbFJl7 +Ckfy1XpYtZQPVY+Zbv7Mukupin4+u9B1Ywd0j/RGTImNcQYEhQw1OM1FSSvpIzCS +H2JpJWCF0gG3PXYR0xn9JrErVXgh3hxOT9Ynk8ltUQwFAqeJXP1NqJdP0ipOEbyX +XYwBGXBDq42SXnj5TQgfQs/kc8UKBgFZ0LEaDcy5r3eXBi0SCPpFpQ7RWMS5orAt +e+NlthAJItSb6PVBrQUZ1JPZTfsR/35wSnlUQnHsf93wZ477O3g+wuTMmhTLFfU/ +JmcaV7QDIV/mRRO+O6KgSnoQ1sn4ay1b7jXCHOA+VApSxTZsPmuKHyvMpIwmqr5G +/wWJiNT6CI+r3QKCAQEA5uBpLVFxTjXi+TLtpDK1Cf3rd99o2y+uVaWIuq/aqPuB +/mAcpVcOMKsTU3woVgZW3hAArnomVSsEPf4pjqGqjiibGopmcg3f1J1Ee3vfznZ7 +kyOhfh52jNbWahLi5+4phC/wD++S44qDh4Kmi8g7kz0n0KmU9Xt5qCjJXSWTFO7z +8aLbhzdf/R0tRBmBLKZ5w/5CJ0tP9eRuVLgeFWxFZ7lKoSF9ZF4VOg7yVuGh9m6f +Nzo7ox+yEiv+81ZL14736u12vRmkxA+e1be+YDPytFtZ4t4JRWehJ+CeszDaBqLd +DXpB8Dlo6cbWqWqytMuI4zY5RjpMlt8FxSH/nO5S+QKCAQA8JHrNDuwbuxZ5ELJl +MGduc2hp1DZuFhteIYkW3ATBmr2iilNTKJ4r4L/WsPp9H4j73F9v/M9+LMzQl6LV +Sy+MFp0NUSP/dlbJCliKky4FQ10LGJKrhRXu6FuEL+Tk3jE/OKUWsV3MFlLqIiGD +qALzUc+qChC4iqLR+hqPDWMQXROuSZ7c7GTizrG1V1L7bBhF1EwnI11c5hoGZ+4g +98AYsRdRg40d5PyVeD2PfOzJYKu7IcTZ8V0Zg3DerUfu1gJidC5V3/qFV8zTimi8 +hHwZT00VamA83WYdKLFxOG5FCfR2W6EthflOGQfJQxUssdWsLJ73JyNTwsAKdWuA +C5pNAoIBAAXUjvNlBh56f+PZJGUsHqRE9EhPrP80AgwJpR1JyZTQ3SSGWtLWEvap +q1BFZ2Ncv57V+p5tWUB3WKEUJQqEDKGQZvJRomqo7Qkae5s+spUtKsu5b5+Wt1mx +JzMAjRhcTFIZP8+3Nhdm7RFj/D61bMO4HKRJVAiq+JSFiyg+BavWqPRmL3MHs/XZ +YcZBeqCdB6AqcJM7dKZ6AUtEZwYVeN84r6jIBrmdIp4XuIj3I7bsbjrfzpe8+is5 +TzPn7vxfkOUu3/vAhQeqeVFeVYFqbmudjvSKtOM6zbgLFRbjWe4m+LwZZUbivEKD +EfKvThoAtdE/Ek0ytbJtqWCkDidxYUkCggEAB2DIXKQb9OphTQf+18OGnslAa3b6 +vLZPcmv4ZskCApi9AM2AX6q42luovaYR3ul3IJKM3SKa30ZBdprb0epsrW/aJ6Fm ++ri1NrQ34zLNun/cX+Q+EzFbq1wNsCj4Wj0my8q5oyg+KtofeWYFYJmn75rGuZVz +UrmIC6MjrXi9tvh4BK3pfPzSGizPlLk+vXSQgU36bfUY3P6SZFu9W+IMfDJKKip7 +0MqQCVE3aMoFi1/1pJt7qWiHvYqLIjldJEdQpszTr7IeNsYo7OFJtOaHp6G7mZOU +/P+GGZiS4h20hS+y/IPBWqFmFiwy38z1L4lUi7W26oytuKYuiUZt3cy2IA== +-----END RSA PRIVATE KEY----- diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-private.p12 b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-private.p12 Binary files differnew file mode 100644 index 0000000..d44a18e --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-private.p12 diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-req.pem b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-req.pem new file mode 100644 index 0000000..a4d061e --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-req.pem @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIFFzCCAv8CAQAwgdExCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApTYW1iYVN0YXRl +MRIwEAYDVQQHDAlTYW1iYUNpdHkxGTAXBgNVBAoMEFNhbWJhU2VsZlRlc3Rpbmcx +GzAZBgNVBAsMEkRvbWFpbiBDb250cm9sbGVyczEqMCgGA1UEAwwhYWRkY3NtYjEu +YWRkb20yLnNhbWJhLmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkBFiZjYS1zYW1i +YS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEB +BQADggIPADCCAgoCggIBAN7+XXowmbseEVassNQBUDCD4XEPqj4atPed6pNp/L5R +GUw396OzPJATYmMUnbhUZhdlSmeOzpZ/TcLGbv08rrviW2zuUXvbNxeUmQI6L6nL +0CMpt0MzCPw/FTvtPOtpW5VFGB6FXqoxtj4YyC86SC3MxmkotlysJAOxg+jmlqcG +bf5zEwTSGA/UcveIIkBbq2ikieI9wMrlp662+OqKjDmcbRuJq3IsBCdAfvXTP13Y +DXFnZR3jPWWwl38UrZJDLz8Eqx4xUgd/30ismsAo0avr8nmz0kRf6C2S19i+A/7b +VStL+Jy0zgJ4B3IP1TLNAR49sm4lKfoJSUmr7dwrEMU9GTzEHtrulcL/+FC090ea +pH0cmo132rai5k/NgLmx8h3ckGA3bzlepgPii0TXpEX9fk9DFPBoDeaEjyEgU/a0 +Z738XfRIKpUdfXm6oe648IODf6ux6zhOPEuKk4AVY0xDHYFLwebVsJ9sSZ0EkmZs +n3zTYlBy/HdlhznZ0O9eU0kyStMbSohF8A+iXjMpvas9az0jvMacnZicnY3MMj7h +jJgZHETuF0OzsEel/hVJqlq3dkNM35roMz1S6Gws3T7YqektNsI6Q3WyvNW9gYv8 +YzdhiCS7djUZAER6PjCono/fdBQJC/WLybDtvtDPwH9hQQf4bH0KBZZPbl/MQPP1 +AgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAve93Lch8SWFi9pmWZgmcStRFALjR +RRa9iUSIpIgHmJWKAjIq2APh5xWfp4Ouh7DO6KIwHLbgQEXWpxehukhyUl4VlIMV +y50nVK9ibiu5X7MO0HMHGnULZvLDS7i64siX9e030xvP5cOwRg16TS84Ex4VVoaz +1t1yE083OoD4jqMvDvgMJ0OpnyZXUZctDLCc0aADkhJKC/V4q/mruPY1lZ0Nxl3T +Q06GhJtEaR87BLIoNUqD6SwyZm6F2Y96bLqdzgaGHYNGhGGeDpXp0l8grlRvpu+9 +zFdTsALPAwt6KSNmk4GsNuNyu7DS6v33+yaT0ZbbulbPZ6uVFjXrnFFXYBAcFJs+ +YFELavoIRtEOcBfJ5RL6Hcr3P1/4I70u5Uucesv5C/loNHnZPAo2s2KFtBtVgGHp +OYeFjzDvG3fLz2ZGjIDxTEh0fD/9wRL2CVtjEfN6V7tKmd3f7IEBtCw+7Hdu4uSN +GrjWrbzQWhyTT6lyDfCKsmQlCevI1MW9oDkVmaBkHwYuWTc4U6wL77wDKyShTKV7 +RFWyhfnhYp1Xpm/pZmCszUZc7Si7eGGJiKohH7K+3YnpcfPMq2t83SBeFMmaBBJX +I1KOjT5grWAzVIsIdFgFvoPqXNWmizEddBTtExnmhK3tAzudJL7bv+PhYSQ0wTOP +n2KpBr/vsEs9LeM= +-----END CERTIFICATE REQUEST----- diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-cert.pem b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-cert.pem new file mode 120000 index 0000000..97e86e7 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-cert.pem @@ -0,0 +1 @@ +DC-addcsmb1.addom2.samba.example.com-S06-cert.pem
\ No newline at end of file diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-private-key.pem b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-private-key.pem new file mode 120000 index 0000000..7259e86 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-private-key.pem @@ -0,0 +1 @@ +DC-addcsmb1.addom2.samba.example.com-S06-private-key.pem
\ No newline at end of file diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-cert.cer b/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-cert.cer Binary files differnew file mode 100644 index 0000000..4d7a875 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-cert.cer diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-cert.pem b/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-cert.pem new file mode 100644 index 0000000..7b1b6a1 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-cert.pem @@ -0,0 +1,190 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=SambaState, L=SambaCity, O=SambaSelfTesting, OU=CA Administration, CN=CA of samba.example.com/emailAddress=ca-samba.example.com@samba.example.com + Validity + Not Before: Mar 16 23:28:44 2016 GMT + Not After : Mar 11 23:28:44 2036 GMT + Subject: C=US, ST=SambaState, O=SambaSelfTesting, OU=Domain Controllers, CN=localdc.samba.example.com/emailAddress=ca-samba.example.com@samba.example.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:e6:a4:76:ce:e8:63:fe:57:f9:a3:ae:e0:ad:4d: + e2:15:8e:d8:27:c8:7d:7f:2b:b1:e8:aa:50:8f:94: + f9:c7:71:3f:52:32:91:d1:6d:52:22:5f:cd:8d:cc: + 62:16:7a:8b:58:65:ed:07:f7:ea:24:d3:88:d8:26: + ca:eb:ec:16:a7:84:1c:7e:15:46:64:09:22:46:b9: + dd:5c:07:84:50:a7:4e:31:3f:01:23:d1:f8:36:04: + 1a:bb:d4:e5:b6:d4:1b:5c:16:c9:9e:37:8a:3e:a9: + 7d:30:24:40:b2:b5:44:40:fa:5c:6f:d5:3e:ff:32: + c2:e7:24:0a:e4:e4:aa:9f:ff:4c:ac:be:37:58:22: + 08:16:0e:f6:a7:2f:b5:6c:4f:ac:7b:a4:82:a8:9f: + 38:64:17:6e:72:b6:7c:4c:c5:44:2a:0a:b4:25:0d: + b0:0c:ab:98:4a:f9:1a:1a:c9:a6:59:f4:00:a5:0a: + 6f:0a:d0:a5:34:ca:0f:f4:0e:fb:ba:d7:bb:3e:2c: + 7c:0c:68:6b:26:ff:1c:29:fe:77:f9:30:85:0d:44: + 8c:af:90:8a:70:93:5d:3a:b6:18:8b:a5:85:11:5c: + a3:5d:57:16:dd:c7:c8:00:f1:05:71:c2:6e:07:3c: + 37:69:36:7c:12:c5:9e:1b:69:11:45:44:1e:eb:b9: + b2:96:b1:89:cd:4d:fa:89:eb:92:49:f2:46:35:f3: + 9d:87:3c:be:e4:f8:b7:31:a7:36:4b:81:76:9b:b2: + 04:d5:80:7d:4f:e6:02:ed:24:4c:a0:03:c4:9d:00: + 9f:9d:71:93:0d:a5:b8:37:62:2b:03:c3:bd:24:25: + 2c:c3:43:d4:c8:27:b0:6d:05:d4:c6:c5:d8:5b:09: + 94:e8:27:6b:d9:6d:b7:bc:de:76:bf:d5:9c:36:26: + 04:b9:97:1d:f0:c9:8d:91:93:82:32:0d:b7:16:97: + 41:31:9a:22:0b:2e:ba:99:51:28:6b:f5:04:ba:c9: + 3d:57:0c:72:e8:e1:24:1a:d4:2a:6a:e7:e3:b6:b9: + 94:61:e3:4e:42:81:e5:43:e4:1e:ef:6d:c4:5d:a4: + f9:b4:ec:3a:8a:34:fe:b5:c7:a8:fe:19:8d:cf:7d: + 1b:60:21:ba:25:6f:35:cd:4f:72:28:42:7d:87:08: + aa:da:33:7e:63:e6:5b:5f:e7:01:a8:e3:0b:d3:08: + 5a:a6:df:ea:e7:2b:13:48:a7:83:32:96:c4:ba:d1: + ff:15:66:52:33:86:46:5f:c2:9f:59:4a:00:98:b7: + 1b:a1:87:25:df:ad:68:5b:f7:26:17:2b:eb:84:62: + 9d:c3:bd:99:67:6a:02:5d:70:72:3e:18:92:99:8c: + bd:d9:4f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 CRL Distribution Points: + + Full Name: + URI:http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + + Netscape Cert Type: + SSL Server + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + Netscape Comment: + Domain Controller Certificate localdc.samba.example.com + X509v3 Subject Key Identifier: + E1:DF:73:0B:F1:3E:86:43:A4:B3:E9:8D:44:7D:3C:B2:19:C1:BC:F2 + X509v3 Authority Key Identifier: + keyid:A2:3E:02:2A:A3:A7:4D:39:B4:08:4D:99:CC:0C:75:36:EA:27:C3:3E + + X509v3 Subject Alternative Name: + DNS:localdc.samba.example.com, othername:<unsupported> + X509v3 Issuer Alternative Name: + email:ca-samba.example.com@samba.example.com + Netscape CA Revocation Url: + http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + X509v3 Extended Key Usage: + TLS Web Client Authentication, TLS Web Server Authentication, msKDC + Signature Algorithm: sha256WithRSAEncryption + 89:2c:57:98:17:c1:73:a6:10:02:6f:a6:ac:47:1c:37:2d:1d: + a1:3c:c5:29:b6:3a:e6:e8:14:ec:3b:74:ee:da:db:2d:97:3e: + d3:8c:9d:42:7e:b0:46:e9:54:74:4f:34:df:9e:34:7f:9e:8a: + 9d:4d:b2:cf:fb:71:3f:cb:32:e6:45:e7:b4:d3:9e:e8:ca:a5: + cf:16:7b:76:b5:4e:e0:b9:bb:79:b1:82:a7:d3:23:cb:3c:46: + 63:63:96:b3:5b:62:9e:99:dc:02:17:f9:07:63:86:76:06:1a: + 02:1b:9a:df:1d:cd:e7:46:fe:9a:13:87:47:dd:e2:77:58:50: + a2:6c:c9:a0:f8:14:1f:3b:d7:59:9c:89:bd:2e:2d:ce:60:f4: + c6:2c:e3:63:cf:34:84:61:d9:90:2e:90:fc:5b:4f:a2:00:87: + e7:40:e0:fc:d1:24:8b:d0:28:01:d3:53:ac:b1:58:7f:87:29: + 38:56:93:dd:a2:14:4a:9a:94:b9:f8:94:b2:04:47:db:b8:38: + e6:85:2b:cf:d4:72:88:8b:0d:8e:a0:69:f9:9f:10:22:82:9c: + c5:ec:01:e3:07:a1:69:37:94:25:3a:cd:17:29:37:8d:24:d3: + 27:0f:4d:bf:b0:31:36:b8:c6:a8:69:0b:df:28:f8:e2:dc:da: + 95:3e:7f:d7:3f:a5:8f:92:6a:7d:ad:3a:ac:af:73:2b:5f:f1: + b3:22:92:ef:da:71:84:9e:4b:23:7b:69:b7:29:fc:c5:05:84: + 4b:ff:06:92:ee:f5:9b:14:2a:af:be:ef:02:e1:e7:d0:e8:d0: + 29:7c:48:40:f1:95:bb:08:b2:30:c5:81:80:a8:91:5b:2e:08: + 3b:30:44:07:b5:c4:0b:07:74:ca:5d:37:3d:75:f9:bc:6d:21: + a6:e0:91:d8:f9:27:88:05:58:a7:f4:36:eb:ba:40:63:36:15: + 42:98:0b:e2:d1:c9:11:0b:29:81:e1:c7:02:7e:fa:05:65:51: + 7b:d6:1a:33:46:fc:a5:d4:fd:64:e8:c8:11:d4:d1:41:d9:39: + 18:08:a3:ed:15:70:d9:14:f5:ba:c9:bb:3e:96:8d:5d:cc:c3: + 5c:b6:c8:79:02:2e:e2:a1:06:ba:a5:21:1c:bf:16:7f:2d:d9: + 93:07:92:b1:fa:ee:3f:e3:56:35:f3:30:aa:11:54:d3:71:cb: + 29:d4:60:e1:6c:ae:c4:24:e3:00:4f:5f:52:b0:3f:f4:76:f3: + 6d:db:bc:d8:65:c4:37:be:1a:87:9b:65:c4:20:dd:da:a9:4c: + 9f:86:33:2b:49:a6:f7:aa:ce:da:98:3b:e3:5f:ac:b8:1b:45: + 0e:56:59:fb:49:38:0f:b7:d4:49:f8:7b:ac:fa:d8:b8:1d:16: + db:b2:4c:15:d8:e7:eb:6b:38:ff:d2:69:26:a6:f6:50:15:45: + 2f:12:b2:05:d4:bf:6f:53:79:64:9b:d5:8b:a1:08:3e:43:ee: + 08:fe:9b:ea:83:89:8a:6a:53:98:1e:c5:91:4c:7a:99:2b:6d: + 97:dc:96:1b:de:27:c5:af:0f:dd:42:5c:23:7d:bc:6b:5b:ab: + 47:29:98:35:8f:9e:e6:e1:5f:96:6a:bd:cf:3c:47:89:8b:ad: + 21:de:20:da:99:82:c1:0e:9b:7c:38:21:d8:b1:1c:34:c5:4e: + f7:fe:7d:5e:a4:2f:f8:7d:5c:30:2c:9e:e6:5a:4f:d3:15:90: + e6:6f:69:ea:51:93:8f:2c:dd:a7:c3:3c:50:a8:d1:ba:0b:5c: + cc:2e:4e:57:71:21:08:a1:2c:bd:a7:20:4b:ae:5c:02:7a:cd: + 9a:fe:1e:db:ec:ce:3b:12:37:cb:96:20:7b:3b:b1:5a:2e:84: + 03:f9:0b:32:43:c0:4e:e3:ea:79:e7:9a:13:54:e5:a8:1a:17: + c4:79:78:25:63:ab:67:39:39:a0:6c:c4:c5:94:ac:16:92:3d: + f0:1a:1a:9e:ca:7a:84:1b:c1:5a:5f:4c:65:8a:30:a6:5e:6c: + 0e:ae:bf:ac:09:97:0f:83:5c:92:ce:e4:43:de:06:4b:96:f5: + 46:3b:7d:a8:e3:0f:d3:fe:00:c7:d4:79:4e:5f:bd:ec:59:12: + f9:65:23:fa:e7:97:a2:a6:39:3b:a3:1e:da:47:c5:18:5b:8d: + a7:7b:29:1c:5a:7a:06:c6:92:9e:b7:3b:f0:c5:56:e8:cf:84: + cd:dd:61:0f:21:25:f4:1e:2b:40:b6:74:28:8d:41:f6:2c:1d: + ce:b4:39:d1:e1:be:15:78:c9:d7:99:a1:9d:50:43:da:ec:40: + 69:6a:3b:17:af:28:22:09:e0:7d:38:9e:a7:ca:b7:f7:94:8a: + 2a:1b:32:4e:28:6d:18:95:ca:42:67:c8:bb:13:24:31:43:84: + 3e:95:66:08:5c:15:7f:6b:93:cc:8f:b8:76:7a:fd:74:4a:d6: + 6f:64:74:df:72:f7:34:a3:50:f0:db:bf:0a:2b:1b:48:b7:c9: + c0:97:23:27:b1:56:5b:9e:10:12:5a:bf:ff:38:61:da:41:75: + 15:c5:03:c2:20:fd:7f:84:c0:94:8e:11:ed:01:ba:f1:19:b5: + 05:1d:bf:89:ea:c9:38:4e:d2:cf:5b:24:c6:37:a1:8e:60:89: + 5c:52:ff:7d:5e:2d:c9:f8:b1:79:07:4c:2f:18:85:e8:ba:bf: + 3e:da:59:43:df:29:79:7e:00:38:d2:fc:a9:8e:3b:9d +-----BEGIN CERTIFICATE----- +MIIJ6zCCBdOgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBxjELMAkGA1UEBhMCVVMx +EzARBgNVBAgMClNhbWJhU3RhdGUxEjAQBgNVBAcMCVNhbWJhQ2l0eTEZMBcGA1UE +CgwQU2FtYmFTZWxmVGVzdGluZzEaMBgGA1UECwwRQ0EgQWRtaW5pc3RyYXRpb24x +IDAeBgNVBAMMF0NBIG9mIHNhbWJhLmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkB +FiZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTAeFw0xNjAz +MTYyMzI4NDRaFw0zNjAzMTEyMzI4NDRaMIG1MQswCQYDVQQGEwJVUzETMBEGA1UE +CAwKU2FtYmFTdGF0ZTEZMBcGA1UECgwQU2FtYmFTZWxmVGVzdGluZzEbMBkGA1UE +CwwSRG9tYWluIENvbnRyb2xsZXJzMSIwIAYDVQQDDBlsb2NhbGRjLnNhbWJhLmV4 +YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkBFiZjYS1zYW1iYS5leGFtcGxlLmNvbUBz +YW1iYS5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB +AOakds7oY/5X+aOu4K1N4hWO2CfIfX8rseiqUI+U+cdxP1IykdFtUiJfzY3MYhZ6 +i1hl7Qf36iTTiNgmyuvsFqeEHH4VRmQJIka53VwHhFCnTjE/ASPR+DYEGrvU5bbU +G1wWyZ43ij6pfTAkQLK1RED6XG/VPv8ywuckCuTkqp//TKy+N1giCBYO9qcvtWxP +rHukgqifOGQXbnK2fEzFRCoKtCUNsAyrmEr5GhrJpln0AKUKbwrQpTTKD/QO+7rX +uz4sfAxoayb/HCn+d/kwhQ1EjK+QinCTXTq2GIulhRFco11XFt3HyADxBXHCbgc8 +N2k2fBLFnhtpEUVEHuu5spaxic1N+onrkknyRjXznYc8vuT4tzGnNkuBdpuyBNWA +fU/mAu0kTKADxJ0An51xkw2luDdiKwPDvSQlLMND1MgnsG0F1MbF2FsJlOgna9lt +t7zedr/VnDYmBLmXHfDJjZGTgjINtxaXQTGaIgsuuplRKGv1BLrJPVcMcujhJBrU +Kmrn47a5lGHjTkKB5UPkHu9txF2k+bTsOoo0/rXHqP4Zjc99G2AhuiVvNc1PcihC +fYcIqtozfmPmW1/nAajjC9MIWqbf6ucrE0ingzKWxLrR/xVmUjOGRl/Cn1lKAJi3 +G6GHJd+taFv3Jhcr64RincO9mWdqAl1wcj4YkpmMvdlPAgMBAAGjggHxMIIB7TAJ +BgNVHRMEAjAAME8GA1UdHwRIMEYwRKBCoECGPmh0dHA6Ly93d3cuc2FtYmEuZXhh +bXBsZS5jb20vY3Jscy9DQS1zYW1iYS5leGFtcGxlLmNvbS1jcmwuY3JsMBEGCWCG +SAGG+EIBAQQEAwIGQDALBgNVHQ8EBAMCBeAwRgYJYIZIAYb4QgENBDkWN0RvbWFp +biBDb250cm9sbGVyIENlcnRpZmljYXRlIGxvY2FsZGMuc2FtYmEuZXhhbXBsZS5j +b20wHQYDVR0OBBYEFOHfcwvxPoZDpLPpjUR9PLIZwbzyMB8GA1UdIwQYMBaAFKI+ +Aiqjp005tAhNmcwMdTbqJ8M+MD0GA1UdEQQ2MDSCGWxvY2FsZGMuc2FtYmEuZXhh +bXBsZS5jb22gFwYJKwYBBAGCNxkBoAoECAEjRWeJq83vMDEGA1UdEgQqMCiBJmNh +LXNhbWJhLmV4YW1wbGUuY29tQHNhbWJhLmV4YW1wbGUuY29tME0GCWCGSAGG+EIB +BARAFj5odHRwOi8vd3d3LnNhbWJhLmV4YW1wbGUuY29tL2NybHMvQ0Etc2FtYmEu +ZXhhbXBsZS5jb20tY3JsLmNybDAmBgNVHSUEHzAdBggrBgEFBQcDAgYIKwYBBQUH +AwEGBysGAQUCAwUwDQYJKoZIhvcNAQELBQADggQBAIksV5gXwXOmEAJvpqxHHDct +HaE8xSm2OuboFOw7dO7a2y2XPtOMnUJ+sEbpVHRPNN+eNH+eip1Nss/7cT/LMuZF +57TTnujKpc8We3a1TuC5u3mxgqfTI8s8RmNjlrNbYp6Z3AIX+QdjhnYGGgIbmt8d +zedG/poTh0fd4ndYUKJsyaD4FB8711mcib0uLc5g9MYs42PPNIRh2ZAukPxbT6IA +h+dA4PzRJIvQKAHTU6yxWH+HKThWk92iFEqalLn4lLIER9u4OOaFK8/UcoiLDY6g +afmfECKCnMXsAeMHoWk3lCU6zRcpN40k0ycPTb+wMTa4xqhpC98o+OLc2pU+f9c/ +pY+San2tOqyvcytf8bMiku/acYSeSyN7abcp/MUFhEv/BpLu9ZsUKq++7wLh59Do +0Cl8SEDxlbsIsjDFgYCokVsuCDswRAe1xAsHdMpdNz11+bxtIabgkdj5J4gFWKf0 +Nuu6QGM2FUKYC+LRyRELKYHhxwJ++gVlUXvWGjNG/KXU/WToyBHU0UHZORgIo+0V +cNkU9brJuz6WjV3Mw1y2yHkCLuKhBrqlIRy/Fn8t2ZMHkrH67j/jVjXzMKoRVNNx +yynUYOFsrsQk4wBPX1KwP/R2823bvNhlxDe+GoebZcQg3dqpTJ+GMytJpveqztqY +O+NfrLgbRQ5WWftJOA+31En4e6z62LgdFtuyTBXY5+trOP/SaSam9lAVRS8SsgXU +v29TeWSb1YuhCD5D7gj+m+qDiYpqU5gexZFMepkrbZfclhveJ8WvD91CXCN9vGtb +q0cpmDWPnubhX5Zqvc88R4mLrSHeINqZgsEOm3w4IdixHDTFTvf+fV6kL/h9XDAs +nuZaT9MVkOZvaepRk48s3afDPFCo0boLXMwuTldxIQihLL2nIEuuXAJ6zZr+Htvs +zjsSN8uWIHs7sVouhAP5CzJDwE7j6nnnmhNU5agaF8R5eCVjq2c5OaBsxMWUrBaS +PfAaGp7KeoQbwVpfTGWKMKZebA6uv6wJlw+DXJLO5EPeBkuW9UY7fajjD9P+AMfU +eU5fvexZEvllI/rnl6KmOTujHtpHxRhbjad7KRxaegbGkp63O/DFVujPhM3dYQ8h +JfQeK0C2dCiNQfYsHc60OdHhvhV4ydeZoZ1QQ9rsQGlqOxevKCIJ4H04nqfKt/eU +iiobMk4obRiVykJnyLsTJDFDhD6VZghcFX9rk8yPuHZ6/XRK1m9kdN9y9zSjUPDb +vworG0i3ycCXIyexVlueEBJav/84YdpBdRXFA8Ig/X+EwJSOEe0BuvEZtQUdv4nq +yThO0s9bJMY3oY5giVxS/31eLcn4sXkHTC8Yhei6vz7aWUPfKXl+ADjS/KmOO50= +-----END CERTIFICATE----- diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-key.pem b/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-key.pem new file mode 100644 index 0000000..3443a50 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-key.pem @@ -0,0 +1,54 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIJjjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIc8U9D3UAcEQCAggA +MBQGCCqGSIb3DQMHBAiv8rBzGS//TQSCCUieV5YQyWsn3FFhKYI425pOXfnTsSUb +VEe7wO2H7D/S0RFfT5gILYv57TTH8Z9uAeX/wU5msKA4PZt16aMutNl2NWell8hy +IX5R4n6IzSP6IobZKsyFR5u/h683Eli1pBd4BbLJuYu94sxelB4HQdRp0QJIvIvO +TWqTyD7UmqqG/IVhTMQpzcepY/S4SGI6GODJtDLPRgv3x5/Z0/NsxiMKrXMi7HKc +Rzg8jm2mausukN+sSyPcvlEufQjRJgJXtCIX98FMLp0pkOq1rsVUSNg8Qza6tbyE +XhweHWbV9YZCVfmnhUalLt7CIoA7QeOQZbwTNpTo/4mSEA7lv1knvFSdMc9JvR6J +bZQOk5rPzuX2W84UQ3CkIwaRB2iFUv0gJy5Z2xbhWgAR5KZIhGTKupHBYOmD29QU +whgjXq4McdYWKquxELzSW5jXVPNwvREhEuKR1mt6g0NqXCbCeQHw7DWH1OGPz7jM +HXsCGVWpXqeWvRHhdF+NRfHa41hqGS3Onq29UJtgcMpNYpGQYY6Exq6hVVsmddwt +QU4COPfozJzeAlkUEem5AKnuh1JUxo/RieNP99sv1/8g8icc+oPXOIu/6HI3JGYB +4WTVBp1OccEcNlnUYhxcL3ODYXcLUhiLZh2DS+IDLS3Pbp0v1qz/JuzDxiYBnEYt +4Q5NWdhPF/TSS7wQHRl35LAyHHhBIu1kuDhnXjdq87h7ioNiffZ0DgSW4HFUzslk +4UZGFTKaDpepBfIp1qnYGPKCMv+MLaMWU3LOfVGT3ecntkMxUtntNMZ6qGaXhzda +65LD9xYJUrbo+qQSBiTNAhMOy6lHlwIulmML0j1YEcVc2EwgqdfbBeT9v9gh6If4 +85ba1Wvy4W/FN/xo/ECflLAvozjyYND8LMcZ73eJs4ncZkMZAkjfP3sg/qvTAtbf +D6c+SRQbxRJv0ZUb9NN7wx4flsyypscKNqk78mytUN7gGf2xJIOvMS/zH/Zf9EpD +bEY+lOY2llYtXhoEj95tnRPFhKaQeGZdkISsmoU5olLsw/tRkquGdAokh+fl+NtZ +WxgJF8Ft8NT4iXhEBRfgFO5ubGq565c66ayA6R6K00pg/IvS8OXPuxT+/e8EKqUO +R9RyWR5n+W8hWw5+pQWGNvwhLFLJFfCxHw2ucSyNCvtcb6ijV5yvi4cI+UuVnh3s +WW3mMaMOYIcbh/thp8wBs/dpAOGUWX7XBfaGsQ0D+ff0ufcUobhXVZgtC0LhgfrN +ZeHQF4bUXycyaAGWvstNb6Xj2QFVDG98eNDGmYDTD+0XwpPc/6/Ge4BLPAVcBpQw +DMCKUqSkPPWCqfipbQmpBxswhYmzx+DjdfRxHExWeGk1pwyfH4GBhO5fkcpYVtU+ +RyruFu0YNnQ+2Y4eg8+3IyJndxkUHmwsB1DB0P8XvJ0n/NnAnZ0sIpE0x3dOFhb+ +SK0dj8fo2aEHOimrTHc2EJ2ZscpSCVNQ1BsScM36FCWxRWbTr8rBFsdUJ5CMZ2hN +qHBtf38SgNkD3qBUmiPetsYt6qTKY9Rv25D4zL5IR2ZnV99oW6MTDhc49cxYn8Dy +MKlyzV3upykqGBMSKBKbafDI3sO8gB3upUetnogi1TMaNyu4qNzq8oNRfdf+RD1R +Rg4++U14UbYNvWRQnCqjJGUXDnVc8Gp9K8Z6p5eXihsFfpol1OGu0td1e0FRi3AH +INW9UEpfRbmbEPHhYQRNAyRlcQXJ1FBnxUCk6qgfkD0ziJk2VD4oFoaSlqy7l21z +zoH0Vp6PZGZEIs/mAODvtH5jsTEMUE8uuRmPqgnFqbi/gfQ5FJLR6dfCb8MJ2iJM +Hw4791wi7tS1aCYoHneDtxNFeWuuEmw1uMoA+C5euGNv86XAH5AV2OrTIt8SLFPN +mLBLQ3J9Kkitsy1JFz9IdJ5uY3K2CvpOaP+sx3l1Q4YVuSza8r7zRfTC1wPfbsvk +64zZQzA57WvRvpaZU49HbMV9/zDOlQfLtL7TdAbqLYjlVRpO5pHHEqLRR9eGQ2UY +zhfMFfcJahH4lDbgHf6EVjHnEuoW9fU8hLRVzUcQCVDsf36Et+g5G1JMhFnlVzdv +MaKiN9tzKeIqxUSlXMHYm+oIb849pshNo+KRzZ0K+r+wExnpIfCfVOjAvSQU+6y9 +1uIIQlJfk6uPFVriaooyUDrW9/83AgzJDrkpSMTnVmo/MTS8cAe8Ox5cr+mHqJko +cnHzBNI9Q0z59SpJdXucPVyk5MYPUdfyI2ouicm+nKidNvlp36O7UHMw0pJdeqDg +03vhaVif5uN8FNjBLp6xIipX6lor6XCOnkGR/zkis602sTAkE4nemOw9zy3rIBr+ +hYnSY7vMFCVYIERjqSOLE0k0d5RyOsGjSYr8yQMvpTGusla34qVPjrrpJ+OuczK/ +6KJeHV+WUw42g8JSs67j8YJ2ejc9gr9AVSRiES99QL+tlFnOTY28N40OjXqFJjYK +A0x0By1O6h4PMKtYchTuJAoEOB2KOP1Ta+NlL80zM4nWwv7NdO0AR/ATfUfix1GS +NiMC10C7eurYdAfxly3p9NgjQq+vaKsnSy0TbXPCgW8YTegnxKTUWJm+BEiYaE4M +A0c1CySusV+JO1catlXSeCB6ajddi/SKXsW26lJ3Q+8QqhA3EMivCE3Zh2Q5c1yp +gCV7IXtdryPdK16qmirO9LKkm6sCfBdhgBgi+IcyUhqxwHCwxrPqzEs75Sa3U/6k +kV3AqFwhHYtUj2fBNlfJ1efV8fW+WLboJkHbi2LXmL4NBvHTNjK3NprffFrQ/QJU +oYsMQdeWQZD+3p8w1fPb0sXEDL6LQgjAjyDaqOiX8XrQ8nr3n4FpTI38/OIIfS69 +IHtgo5yv0CMfN+C6LAHOE0aDHRoY6+TVVgr1Z/X2VqJQJONii0dQ5ttDHYnUpzu0 +vWsdvVjsyhkLa2yhUB7UyWusZo0HZRSAcf1pNlpp5rCtJad9to7OvOL3qb5GluAK +/5eZE6RzgyGOjtOx0IgQ+l4ThQCTbkoVEtB59IEeP/+Sq2RmFfdGiGgC3Wnrga8b +gkuXXbjZboptSku6N1ZO1r99wd0qIHzrtVCONGLGfVBy7X6nDO2pC9IUOXycMji7 +B5J0toyDWt6UzlLQasmz8Be7NZJCkDd2jlSKorZtdynsXbRkX1H4by9kI8kEcgK7 +ICE= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-openssl.cnf b/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-openssl.cnf new file mode 100644 index 0000000..bf4131f --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-openssl.cnf @@ -0,0 +1,250 @@ +# +# Based on the OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +#CRLDISTPT = [CRL Distribution Point; e.g., http://crl-list.base/w4edom-l4.base.crl] +CRLDISTPT = http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + +# Extra OBJECT IDENTIFIER info: +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] +# Ordinarily, certificates must have this oid as an enhanced key usage in order for Windows to allow them to be used as a login credential +scardLogin=1.3.6.1.4.1.311.20.2.2 +# Used in a smart card login certificate's subject alternative name +msUPN=1.3.6.1.4.1.311.20.2.3 +# Ordinarily, certificates must have this oid as an enhanced key usage in order for Windows to allow them to be used to identify a domain controller +msKDC=1.3.6.1.5.2.3.5 +# Identifies the AD GUID +msADGUID=1.3.6.1.4.1.311.25.1 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = CA-samba.example.com # Where everything is kept +certs = $dir/_none_certs # Where the issued certs are kept +crl_dir = $dir/_none_crl # Where the issued crl are kept +database = $dir/Private/CA-samba.example.com-index.txt # database index file. +unique_subject = yes # Set to 'no' to allow creation of + # several certificates with same subject. +new_certs_dir = $dir/NewCerts # default place for new certs. + +certificate = $dir/Public/CA-samba.example.com-cert.pem # The CA certificate +serial = $dir/Private/CA-samba.example.com-serial.txt # The current serial number +crlnumber = $dir/Private/CA-samba.example.com-crlnumber.txt # the current crl number + # must be commented out to leave a V1 CRL + +#crl = $dir/Public/CA-samba.example.com-crl.pem # The current CRL +crl = $dir/Public/CA-samba.example.com-crl.crl # The current CRL +private_key = $dir/Private/CA-samba.example.com-private-key.pem # The private key +RANDFILE = $dir/Private/CA-samba.example.com.rand # private random number file + +#x509_extensions = # The extensions to add to the cert +x509_extensions = template_x509_extensions + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +crl_extensions = crl_ext + +default_days = 7300 # how long to certify for +default_crl_days= 7300 # how long before next CRL +default_md = sha256 # use public key default MD +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = match +stateOrProvinceName = match +localityName = match +organizationName = match +organizationalUnitName = match +commonName = supplied +emailAddress = supplied + +#################################################################### +[ req ] +default_bits = 4096 +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extensions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString (PKIX recommendation before 2004) +# utf8only: only UTF8Strings (PKIX recommendation after 2004). +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. +string_mask = utf8only + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = US +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = SambaState + +localityName = Locality Name (eg, city) +localityName_default = SambaCity + +organizationName = Organization Name (eg, company) +organizationName_default = SambaSelfTesting + +organizationalUnitName = Organizational Unit Name (eg, section) +organizationalUnitName_default = Domain Controllers + +commonName = Common Name (eg, YOUR name) +commonName_default = localdc.samba.example.com +commonName_max = 64 + +emailAddress = Email Address +emailAddress_default = ca-samba.example.com@samba.example.com +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +#challengePassword = A challenge password +#challengePassword_min = 4 +#challengePassword_max = 20 +# +#unstructuredName = An optional company name + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] +# Extensions for a typical CA +# PKIX recommendation. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. +keyUsage = cRLSign, keyCertSign + +crlDistributionPoints=URI:$CRLDISTPT + +# Some might want this also +nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +subjectAltName=email:copy +# Copy issuer details +issuerAltName=issuer:copy + +[ crl_ext ] +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always + +#[ usr_cert_mskdc ] +[ template_x509_extensions ] + +# These extensions are added when 'ca' signs a request for a domain controller certificate. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE +crlDistributionPoints=URI:$CRLDISTPT + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +nsCertType = server + +# This is typical in keyUsage for a client certificate. +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "Domain Controller Certificate localdc.samba.example.com" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. + +subjectAltName=@dc_subjalt + +# Copy subject details +issuerAltName=issuer:copy + +nsCaRevocationUrl = $CRLDISTPT +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +#Extended Key requirements for our domain controller certs +# serverAuth - says cert can be used to identify an ssl/tls server +# msKDC - says cert can be used to identify a Kerberos Domain Controller. +extendedKeyUsage = clientAuth,serverAuth,msKDC + +[dc_subjalt] +DNS=localdc.samba.example.com +otherName=msADGUID;FORMAT:HEX,OCTETSTRING:0123456789ABCDEF diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-private-key.pem b/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-private-key.pem new file mode 100644 index 0000000..546b292 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-private-key.pem @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJJwIBAAKCAgEA5qR2zuhj/lf5o67grU3iFY7YJ8h9fyux6KpQj5T5x3E/UjKR +0W1SIl/NjcxiFnqLWGXtB/fqJNOI2CbK6+wWp4QcfhVGZAkiRrndXAeEUKdOMT8B +I9H4NgQau9TlttQbXBbJnjeKPql9MCRAsrVEQPpcb9U+/zLC5yQK5OSqn/9MrL43 +WCIIFg72py+1bE+se6SCqJ84ZBducrZ8TMVEKgq0JQ2wDKuYSvkaGsmmWfQApQpv +CtClNMoP9A77ute7Pix8DGhrJv8cKf53+TCFDUSMr5CKcJNdOrYYi6WFEVyjXVcW +3cfIAPEFccJuBzw3aTZ8EsWeG2kRRUQe67mylrGJzU36ieuSSfJGNfOdhzy+5Pi3 +Mac2S4F2m7IE1YB9T+YC7SRMoAPEnQCfnXGTDaW4N2IrA8O9JCUsw0PUyCewbQXU +xsXYWwmU6Cdr2W23vN52v9WcNiYEuZcd8MmNkZOCMg23FpdBMZoiCy66mVEoa/UE +usk9Vwxy6OEkGtQqaufjtrmUYeNOQoHlQ+Qe723EXaT5tOw6ijT+tceo/hmNz30b +YCG6JW81zU9yKEJ9hwiq2jN+Y+ZbX+cBqOML0whapt/q5ysTSKeDMpbEutH/FWZS +M4ZGX8KfWUoAmLcboYcl361oW/cmFyvrhGKdw72ZZ2oCXXByPhiSmYy92U8CAwEA +AQKCAgBqVMxJW64t5lU69zax70QZ+D8DKFVjObvNridx6pa1MiqlNJcxXBsPqedU +RjO6dUikumjq0Yrq63MdY9UNq0xOcoPIRPqsx+E7hhjdgsGnhVpxLcDSyMyL6pyA +mAhHn8X1ULQm8ygS94S1myEQwqzy3/mZvVBLyxU8BsvW9u0K0mKBCTjustHTiZaB +QWd8xcaZQiDSqIUQ8BSFYkgwBIoGb+TZaFQPo1SUy/8S9oBw3CMn84V6EPL5QWbV +d8rqOuciJNQTzFgKJHbRjXW2Nn5Avae2kQaiG+5RUP5D801D0denAq2SFbbJaFTA +O4kKYOKS6QGOjfj0Xh4ONveiaXxBSPpIJSvbjAV+Nq92NVkZ35jiPqGZzebhzzoD +mU6mMvRoL/FHs9PKNZF1Cd4EP1SdLhiImj+1eajfYvHAlz6kIJxTue0BFkh13uwp +amx48wB7e/W8t8lqixICf1HlCv+EQGN6aka5dHMqJobXhkt9npz53+AYdpc8Sjs9 +QlFplYoOgkaHvzLv9yeZPOT5Xr32weE6KpM+SwvpVxfttbkvqrWoOoEcDARuVqiS +TRzS/ZDiEn+Kcgm7pJ3i2nTAIBzwC4z91HJbeVXNpptkZJEgjXM8XjSArHjDrkl1 +EGKARlkTn576XMGWSkF/bmEBiG0KIhTu+DmwsQvR+564tjV98QKCAQEA+aS7ygjL +aRj5JZKMt3VWZRntK20m04iY0wGDNs+p+nFRJjCDAUhTTOl9++vlJYe8HO9iXzUv +O51tGnzrck9+gUVlFghrw0dJ+mY0+1bSt2aLNUmlfvv1uRpm9Pd3xbQ6e3Kpf/r1 +ew6IpG8I6pvpVJXJ3FQZpSOlTP9dyRxMNzdILGzzPrb+2r0j6Oc/y3+adBiXB3Yg +QPfFJRJZA4k2Wk/qSi9NR/yWHaY0krO68l8l2zn1AKaIoVVqtxVTQ7qUBWNXzVMe +ULtAvO1Bonh+C+zYcNJjSBeYWeJ7pbp/ozDe6M2DuJMv4aW6oV6tGcMF9NOd1pFx +qiC8vIVPZ3rJ9QKCAQEA7IPf9CAaDUScu2/Ry9z1RaISU4BMi/30poc80Zy2hC18 +vP8aiHVlQdkdzdKYGweaYNQpszGeBcHK51y6V11vwCNQRrCoUp9VbICp7ok2O4y8 +w9r+q4GcYthHeMhEnHDo4R/uHKEJCYS012RLlLSXMa0Dfl1sOv8mVuIEaZoRJrAq +Xzxz9KX7MFv5Zb8TvVL6fHEXmdMmmoiZnyNplH+3LMj6duoNaxjtsoixCkuRTXE7 +Cav118q+QWae+yhIonF+HRIa/G0doqHa+P9rl18FUnxfAf91Z70SSJ2oOtuWjd1J +37eG4d7skpAoWWdXNpCqpJnsPLlSlBqKmYrN5CM3swKCAQBAfV/Np0v00HC8Vgln +8zXoVDRCfaYEC0t/ZuqgpDDC87cE6I9PK4HpYoAbLis58MCVsPl2ouSav+ZJa2/f +Tc3eUzDz6iT8g1QHDZQuQZWZrzHTCD1qemhV8w4Zxjv4pMBe15YV65yyt2RxJgXl +pXU3VqKY+ljNolG3fFib9WVy9iL85wBHeTqJA0ddiS+fwE0EJL4PPWLDpb4V/5Fj +KnUSC4b4txN9vzCAZEk8hJWMuyuqYGR8UIkHNGum9ClYW8CVS76I2ioArP7iT2Af +OoVFS1/2dUMUgpPm1G0guPb0D1HmTgDzE4LRBeEagryw5QKK5oflwBje3ColgUKr +9rppAoIBAH9t9gXkHeU0KHXco16BaCziS5ltsNBkPaJTjvMoyjWhBGoX0EXhanL1 +9dblNkqp6AVviiAgBZH4fcf17/gOQZ116VSM7cPGURIqqGP6zZt8EmA756akKIwh +FzD+Rek79F0HBRWrteDI/V5njUlLm4KKQy2cTCnlOtTo5ZO4DLGZjNrPCXKw0wuV +ImQtdQc2Y/sUO7EHUO9F1e8l90apIRoiFsBnDl+7iKX+e9SeLmVZMoPdgJGJjMRT +9ChB5hCPsXEcRinm6GataftqMp/V9Foi5FWBO9JuziENwIwlr5Izvg+pJCUiJLg6 +r2KsCRM/EpGo1N1KxDFDs5VScegPCX0CggEAWCJ0+KmHbA4F+vDjYW1wNE1MBKee +4Q+nnX45oEHDM+J5da2Ov2IhblzVX/vJaVtI2rwSXCkM3x7ByAXwewNa4BA/eGG/ +v2MPs21f9GcLkpLv0xz+pILkeeNk+e0yIYE4jWQGFMlYh7cNLStDSw6XNU/9IKeO +r2gQjAqS/pMGBMS3FOcd2S+/gMjJom2GaWLhGdJAGdmtGh2EbFku5+WDL76pyAaN +BHEGD91PSER5nEGS9ho81IPDrIm0LVcp6xMRD6PWput/0gcC3Zun1ZDo9oJA1AsS +NMnm6c14ASh/1KQUx9XkC1hUmBVhb4UA4EshT4oXffTHpDMlA6yWqlkReg== +-----END RSA PRIVATE KEY----- diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-private.p12 b/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-private.p12 Binary files differnew file mode 100644 index 0000000..1d2e431 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-private.p12 diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-req.pem b/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-req.pem new file mode 100644 index 0000000..d2647cc --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-req.pem @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIFDzCCAvcCAQAwgckxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApTYW1iYVN0YXRl +MRIwEAYDVQQHDAlTYW1iYUNpdHkxGTAXBgNVBAoMEFNhbWJhU2VsZlRlc3Rpbmcx +GzAZBgNVBAsMEkRvbWFpbiBDb250cm9sbGVyczEiMCAGA1UEAwwZbG9jYWxkYy5z +YW1iYS5leGFtcGxlLmNvbTE1MDMGCSqGSIb3DQEJARYmY2Etc2FtYmEuZXhhbXBs +ZS5jb21Ac2FtYmEuZXhhbXBsZS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw +ggIKAoICAQDmpHbO6GP+V/mjruCtTeIVjtgnyH1/K7HoqlCPlPnHcT9SMpHRbVIi +X82NzGIWeotYZe0H9+ok04jYJsrr7BanhBx+FUZkCSJGud1cB4RQp04xPwEj0fg2 +BBq71OW21BtcFsmeN4o+qX0wJECytURA+lxv1T7/MsLnJArk5Kqf/0ysvjdYIggW +DvanL7VsT6x7pIKonzhkF25ytnxMxUQqCrQlDbAMq5hK+RoayaZZ9AClCm8K0KU0 +yg/0Dvu617s+LHwMaGsm/xwp/nf5MIUNRIyvkIpwk106thiLpYURXKNdVxbdx8gA +8QVxwm4HPDdpNnwSxZ4baRFFRB7rubKWsYnNTfqJ65JJ8kY1852HPL7k+LcxpzZL +gXabsgTVgH1P5gLtJEygA8SdAJ+dcZMNpbg3YisDw70kJSzDQ9TIJ7BtBdTGxdhb +CZToJ2vZbbe83na/1Zw2JgS5lx3wyY2Rk4IyDbcWl0ExmiILLrqZUShr9QS6yT1X +DHLo4SQa1Cpq5+O2uZRh405CgeVD5B7vbcRdpPm07DqKNP61x6j+GY3PfRtgIbol +bzXNT3IoQn2HCKraM35j5ltf5wGo4wvTCFqm3+rnKxNIp4MylsS60f8VZlIzhkZf +wp9ZSgCYtxuhhyXfrWhb9yYXK+uEYp3DvZlnagJdcHI+GJKZjL3ZTwIDAQABoAAw +DQYJKoZIhvcNAQELBQADggIBAFRI0PRZO7XlWIpWUC0wc3KjVvTGxieaalJdPC/j +dxT7lBkSTHGjbeLIkqjVAuhONziKT2RP9QxzK2sa9jxIi5zR1byZv500suTez+96 +KkqSnFTgM4nwJdv2S8x0uBPmlREL4K1I0FGZX29wd0bqFhBQqSzVQvQqGSiqSJfU +KkIys1tAIrC7DfNvfhogIrupuN8clluLe0T25qxGeaqXN+EYB7U/O+4FZccpGoeP +dHO2zYeRib0oGTlnk1noRmlqgXPEKfzoWMJ2cUkexlRy1ajW0r1rvcIgc1rPnB8h +6c6YhFGwbYW54/I6tLxJc5pyWCQNH/uYEeFnGs/w85lPKvLM0RXsQ7rfnDRv3LOj +Mex+3whmIs5dAVdQQMy0ngsbPpaR+5Ry8eWAPmwnRXwVaysGgmTysVCzFGqSO3ul +7FgbKEEM1cNe4+Gvl2LEl+aJ5CB1DBslDjXMQVwLMpAU2sthJurhujx3/j598IUp +why48F4056Uf33CncLSEriykIEFXUionXUxtDsCaS13+CfKw+gUJJRsg4ZWqrY6M +b0KHAtzq4g7lFZ+XaXpGdxntqGOrgxfcgWBRhJnp35ILoMFNV2OHjySnF6SWDJvP +AY9IQsUDiMruNjCS9s5zaH7KqmJJ+pgcjVSholozUEI2J3hUpq3KFsE20Cyi+YbO +kTlo +-----END CERTIFICATE REQUEST----- diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-cert.pem b/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-cert.pem new file mode 120000 index 0000000..b7549bb --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-cert.pem @@ -0,0 +1 @@ +DC-localdc.samba.example.com-S00-cert.pem
\ No newline at end of file diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-private-key.pem b/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-private-key.pem new file mode 120000 index 0000000..21601b4 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-private-key.pem @@ -0,0 +1 @@ +DC-localdc.samba.example.com-S00-private-key.pem
\ No newline at end of file |