summaryrefslogtreecommitdiffstats
path: root/selftest/manage-ca/CA-samba.example.com/NewCerts
diff options
context:
space:
mode:
Diffstat (limited to 'selftest/manage-ca/CA-samba.example.com/NewCerts')
-rw-r--r--selftest/manage-ca/CA-samba.example.com/NewCerts/00.pem190
-rw-r--r--selftest/manage-ca/CA-samba.example.com/NewCerts/01.pem169
-rw-r--r--selftest/manage-ca/CA-samba.example.com/NewCerts/02.pem191
-rw-r--r--selftest/manage-ca/CA-samba.example.com/NewCerts/03.pem169
-rw-r--r--selftest/manage-ca/CA-samba.example.com/NewCerts/04.pem168
-rw-r--r--selftest/manage-ca/CA-samba.example.com/NewCerts/05.pem168
-rw-r--r--selftest/manage-ca/CA-samba.example.com/NewCerts/06.pem191
-rw-r--r--selftest/manage-ca/CA-samba.example.com/NewCerts/07.pem169
-rw-r--r--selftest/manage-ca/CA-samba.example.com/NewCerts/08.pem169
9 files changed, 1584 insertions, 0 deletions
diff --git a/selftest/manage-ca/CA-samba.example.com/NewCerts/00.pem b/selftest/manage-ca/CA-samba.example.com/NewCerts/00.pem
new file mode 100644
index 0000000..7b1b6a1
--- /dev/null
+++ b/selftest/manage-ca/CA-samba.example.com/NewCerts/00.pem
@@ -0,0 +1,190 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 0 (0x0)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=US, ST=SambaState, L=SambaCity, O=SambaSelfTesting, OU=CA Administration, CN=CA of samba.example.com/emailAddress=ca-samba.example.com@samba.example.com
+ Validity
+ Not Before: Mar 16 23:28:44 2016 GMT
+ Not After : Mar 11 23:28:44 2036 GMT
+ Subject: C=US, ST=SambaState, O=SambaSelfTesting, OU=Domain Controllers, CN=localdc.samba.example.com/emailAddress=ca-samba.example.com@samba.example.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (4096 bit)
+ Modulus:
+ 00:e6:a4:76:ce:e8:63:fe:57:f9:a3:ae:e0:ad:4d:
+ e2:15:8e:d8:27:c8:7d:7f:2b:b1:e8:aa:50:8f:94:
+ f9:c7:71:3f:52:32:91:d1:6d:52:22:5f:cd:8d:cc:
+ 62:16:7a:8b:58:65:ed:07:f7:ea:24:d3:88:d8:26:
+ ca:eb:ec:16:a7:84:1c:7e:15:46:64:09:22:46:b9:
+ dd:5c:07:84:50:a7:4e:31:3f:01:23:d1:f8:36:04:
+ 1a:bb:d4:e5:b6:d4:1b:5c:16:c9:9e:37:8a:3e:a9:
+ 7d:30:24:40:b2:b5:44:40:fa:5c:6f:d5:3e:ff:32:
+ c2:e7:24:0a:e4:e4:aa:9f:ff:4c:ac:be:37:58:22:
+ 08:16:0e:f6:a7:2f:b5:6c:4f:ac:7b:a4:82:a8:9f:
+ 38:64:17:6e:72:b6:7c:4c:c5:44:2a:0a:b4:25:0d:
+ b0:0c:ab:98:4a:f9:1a:1a:c9:a6:59:f4:00:a5:0a:
+ 6f:0a:d0:a5:34:ca:0f:f4:0e:fb:ba:d7:bb:3e:2c:
+ 7c:0c:68:6b:26:ff:1c:29:fe:77:f9:30:85:0d:44:
+ 8c:af:90:8a:70:93:5d:3a:b6:18:8b:a5:85:11:5c:
+ a3:5d:57:16:dd:c7:c8:00:f1:05:71:c2:6e:07:3c:
+ 37:69:36:7c:12:c5:9e:1b:69:11:45:44:1e:eb:b9:
+ b2:96:b1:89:cd:4d:fa:89:eb:92:49:f2:46:35:f3:
+ 9d:87:3c:be:e4:f8:b7:31:a7:36:4b:81:76:9b:b2:
+ 04:d5:80:7d:4f:e6:02:ed:24:4c:a0:03:c4:9d:00:
+ 9f:9d:71:93:0d:a5:b8:37:62:2b:03:c3:bd:24:25:
+ 2c:c3:43:d4:c8:27:b0:6d:05:d4:c6:c5:d8:5b:09:
+ 94:e8:27:6b:d9:6d:b7:bc:de:76:bf:d5:9c:36:26:
+ 04:b9:97:1d:f0:c9:8d:91:93:82:32:0d:b7:16:97:
+ 41:31:9a:22:0b:2e:ba:99:51:28:6b:f5:04:ba:c9:
+ 3d:57:0c:72:e8:e1:24:1a:d4:2a:6a:e7:e3:b6:b9:
+ 94:61:e3:4e:42:81:e5:43:e4:1e:ef:6d:c4:5d:a4:
+ f9:b4:ec:3a:8a:34:fe:b5:c7:a8:fe:19:8d:cf:7d:
+ 1b:60:21:ba:25:6f:35:cd:4f:72:28:42:7d:87:08:
+ aa:da:33:7e:63:e6:5b:5f:e7:01:a8:e3:0b:d3:08:
+ 5a:a6:df:ea:e7:2b:13:48:a7:83:32:96:c4:ba:d1:
+ ff:15:66:52:33:86:46:5f:c2:9f:59:4a:00:98:b7:
+ 1b:a1:87:25:df:ad:68:5b:f7:26:17:2b:eb:84:62:
+ 9d:c3:bd:99:67:6a:02:5d:70:72:3e:18:92:99:8c:
+ bd:d9:4f
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 CRL Distribution Points:
+
+ Full Name:
+ URI:http://www.samba.example.com/crls/CA-samba.example.com-crl.crl
+
+ Netscape Cert Type:
+ SSL Server
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ Netscape Comment:
+ Domain Controller Certificate localdc.samba.example.com
+ X509v3 Subject Key Identifier:
+ E1:DF:73:0B:F1:3E:86:43:A4:B3:E9:8D:44:7D:3C:B2:19:C1:BC:F2
+ X509v3 Authority Key Identifier:
+ keyid:A2:3E:02:2A:A3:A7:4D:39:B4:08:4D:99:CC:0C:75:36:EA:27:C3:3E
+
+ X509v3 Subject Alternative Name:
+ DNS:localdc.samba.example.com, othername:<unsupported>
+ X509v3 Issuer Alternative Name:
+ email:ca-samba.example.com@samba.example.com
+ Netscape CA Revocation Url:
+ http://www.samba.example.com/crls/CA-samba.example.com-crl.crl
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication, TLS Web Server Authentication, msKDC
+ Signature Algorithm: sha256WithRSAEncryption
+ 89:2c:57:98:17:c1:73:a6:10:02:6f:a6:ac:47:1c:37:2d:1d:
+ a1:3c:c5:29:b6:3a:e6:e8:14:ec:3b:74:ee:da:db:2d:97:3e:
+ d3:8c:9d:42:7e:b0:46:e9:54:74:4f:34:df:9e:34:7f:9e:8a:
+ 9d:4d:b2:cf:fb:71:3f:cb:32:e6:45:e7:b4:d3:9e:e8:ca:a5:
+ cf:16:7b:76:b5:4e:e0:b9:bb:79:b1:82:a7:d3:23:cb:3c:46:
+ 63:63:96:b3:5b:62:9e:99:dc:02:17:f9:07:63:86:76:06:1a:
+ 02:1b:9a:df:1d:cd:e7:46:fe:9a:13:87:47:dd:e2:77:58:50:
+ a2:6c:c9:a0:f8:14:1f:3b:d7:59:9c:89:bd:2e:2d:ce:60:f4:
+ c6:2c:e3:63:cf:34:84:61:d9:90:2e:90:fc:5b:4f:a2:00:87:
+ e7:40:e0:fc:d1:24:8b:d0:28:01:d3:53:ac:b1:58:7f:87:29:
+ 38:56:93:dd:a2:14:4a:9a:94:b9:f8:94:b2:04:47:db:b8:38:
+ e6:85:2b:cf:d4:72:88:8b:0d:8e:a0:69:f9:9f:10:22:82:9c:
+ c5:ec:01:e3:07:a1:69:37:94:25:3a:cd:17:29:37:8d:24:d3:
+ 27:0f:4d:bf:b0:31:36:b8:c6:a8:69:0b:df:28:f8:e2:dc:da:
+ 95:3e:7f:d7:3f:a5:8f:92:6a:7d:ad:3a:ac:af:73:2b:5f:f1:
+ b3:22:92:ef:da:71:84:9e:4b:23:7b:69:b7:29:fc:c5:05:84:
+ 4b:ff:06:92:ee:f5:9b:14:2a:af:be:ef:02:e1:e7:d0:e8:d0:
+ 29:7c:48:40:f1:95:bb:08:b2:30:c5:81:80:a8:91:5b:2e:08:
+ 3b:30:44:07:b5:c4:0b:07:74:ca:5d:37:3d:75:f9:bc:6d:21:
+ a6:e0:91:d8:f9:27:88:05:58:a7:f4:36:eb:ba:40:63:36:15:
+ 42:98:0b:e2:d1:c9:11:0b:29:81:e1:c7:02:7e:fa:05:65:51:
+ 7b:d6:1a:33:46:fc:a5:d4:fd:64:e8:c8:11:d4:d1:41:d9:39:
+ 18:08:a3:ed:15:70:d9:14:f5:ba:c9:bb:3e:96:8d:5d:cc:c3:
+ 5c:b6:c8:79:02:2e:e2:a1:06:ba:a5:21:1c:bf:16:7f:2d:d9:
+ 93:07:92:b1:fa:ee:3f:e3:56:35:f3:30:aa:11:54:d3:71:cb:
+ 29:d4:60:e1:6c:ae:c4:24:e3:00:4f:5f:52:b0:3f:f4:76:f3:
+ 6d:db:bc:d8:65:c4:37:be:1a:87:9b:65:c4:20:dd:da:a9:4c:
+ 9f:86:33:2b:49:a6:f7:aa:ce:da:98:3b:e3:5f:ac:b8:1b:45:
+ 0e:56:59:fb:49:38:0f:b7:d4:49:f8:7b:ac:fa:d8:b8:1d:16:
+ db:b2:4c:15:d8:e7:eb:6b:38:ff:d2:69:26:a6:f6:50:15:45:
+ 2f:12:b2:05:d4:bf:6f:53:79:64:9b:d5:8b:a1:08:3e:43:ee:
+ 08:fe:9b:ea:83:89:8a:6a:53:98:1e:c5:91:4c:7a:99:2b:6d:
+ 97:dc:96:1b:de:27:c5:af:0f:dd:42:5c:23:7d:bc:6b:5b:ab:
+ 47:29:98:35:8f:9e:e6:e1:5f:96:6a:bd:cf:3c:47:89:8b:ad:
+ 21:de:20:da:99:82:c1:0e:9b:7c:38:21:d8:b1:1c:34:c5:4e:
+ f7:fe:7d:5e:a4:2f:f8:7d:5c:30:2c:9e:e6:5a:4f:d3:15:90:
+ e6:6f:69:ea:51:93:8f:2c:dd:a7:c3:3c:50:a8:d1:ba:0b:5c:
+ cc:2e:4e:57:71:21:08:a1:2c:bd:a7:20:4b:ae:5c:02:7a:cd:
+ 9a:fe:1e:db:ec:ce:3b:12:37:cb:96:20:7b:3b:b1:5a:2e:84:
+ 03:f9:0b:32:43:c0:4e:e3:ea:79:e7:9a:13:54:e5:a8:1a:17:
+ c4:79:78:25:63:ab:67:39:39:a0:6c:c4:c5:94:ac:16:92:3d:
+ f0:1a:1a:9e:ca:7a:84:1b:c1:5a:5f:4c:65:8a:30:a6:5e:6c:
+ 0e:ae:bf:ac:09:97:0f:83:5c:92:ce:e4:43:de:06:4b:96:f5:
+ 46:3b:7d:a8:e3:0f:d3:fe:00:c7:d4:79:4e:5f:bd:ec:59:12:
+ f9:65:23:fa:e7:97:a2:a6:39:3b:a3:1e:da:47:c5:18:5b:8d:
+ a7:7b:29:1c:5a:7a:06:c6:92:9e:b7:3b:f0:c5:56:e8:cf:84:
+ cd:dd:61:0f:21:25:f4:1e:2b:40:b6:74:28:8d:41:f6:2c:1d:
+ ce:b4:39:d1:e1:be:15:78:c9:d7:99:a1:9d:50:43:da:ec:40:
+ 69:6a:3b:17:af:28:22:09:e0:7d:38:9e:a7:ca:b7:f7:94:8a:
+ 2a:1b:32:4e:28:6d:18:95:ca:42:67:c8:bb:13:24:31:43:84:
+ 3e:95:66:08:5c:15:7f:6b:93:cc:8f:b8:76:7a:fd:74:4a:d6:
+ 6f:64:74:df:72:f7:34:a3:50:f0:db:bf:0a:2b:1b:48:b7:c9:
+ c0:97:23:27:b1:56:5b:9e:10:12:5a:bf:ff:38:61:da:41:75:
+ 15:c5:03:c2:20:fd:7f:84:c0:94:8e:11:ed:01:ba:f1:19:b5:
+ 05:1d:bf:89:ea:c9:38:4e:d2:cf:5b:24:c6:37:a1:8e:60:89:
+ 5c:52:ff:7d:5e:2d:c9:f8:b1:79:07:4c:2f:18:85:e8:ba:bf:
+ 3e:da:59:43:df:29:79:7e:00:38:d2:fc:a9:8e:3b:9d
+-----BEGIN CERTIFICATE-----
+MIIJ6zCCBdOgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBxjELMAkGA1UEBhMCVVMx
+EzARBgNVBAgMClNhbWJhU3RhdGUxEjAQBgNVBAcMCVNhbWJhQ2l0eTEZMBcGA1UE
+CgwQU2FtYmFTZWxmVGVzdGluZzEaMBgGA1UECwwRQ0EgQWRtaW5pc3RyYXRpb24x
+IDAeBgNVBAMMF0NBIG9mIHNhbWJhLmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkB
+FiZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTAeFw0xNjAz
+MTYyMzI4NDRaFw0zNjAzMTEyMzI4NDRaMIG1MQswCQYDVQQGEwJVUzETMBEGA1UE
+CAwKU2FtYmFTdGF0ZTEZMBcGA1UECgwQU2FtYmFTZWxmVGVzdGluZzEbMBkGA1UE
+CwwSRG9tYWluIENvbnRyb2xsZXJzMSIwIAYDVQQDDBlsb2NhbGRjLnNhbWJhLmV4
+YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkBFiZjYS1zYW1iYS5leGFtcGxlLmNvbUBz
+YW1iYS5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
+AOakds7oY/5X+aOu4K1N4hWO2CfIfX8rseiqUI+U+cdxP1IykdFtUiJfzY3MYhZ6
+i1hl7Qf36iTTiNgmyuvsFqeEHH4VRmQJIka53VwHhFCnTjE/ASPR+DYEGrvU5bbU
+G1wWyZ43ij6pfTAkQLK1RED6XG/VPv8ywuckCuTkqp//TKy+N1giCBYO9qcvtWxP
+rHukgqifOGQXbnK2fEzFRCoKtCUNsAyrmEr5GhrJpln0AKUKbwrQpTTKD/QO+7rX
+uz4sfAxoayb/HCn+d/kwhQ1EjK+QinCTXTq2GIulhRFco11XFt3HyADxBXHCbgc8
+N2k2fBLFnhtpEUVEHuu5spaxic1N+onrkknyRjXznYc8vuT4tzGnNkuBdpuyBNWA
+fU/mAu0kTKADxJ0An51xkw2luDdiKwPDvSQlLMND1MgnsG0F1MbF2FsJlOgna9lt
+t7zedr/VnDYmBLmXHfDJjZGTgjINtxaXQTGaIgsuuplRKGv1BLrJPVcMcujhJBrU
+Kmrn47a5lGHjTkKB5UPkHu9txF2k+bTsOoo0/rXHqP4Zjc99G2AhuiVvNc1PcihC
+fYcIqtozfmPmW1/nAajjC9MIWqbf6ucrE0ingzKWxLrR/xVmUjOGRl/Cn1lKAJi3
+G6GHJd+taFv3Jhcr64RincO9mWdqAl1wcj4YkpmMvdlPAgMBAAGjggHxMIIB7TAJ
+BgNVHRMEAjAAME8GA1UdHwRIMEYwRKBCoECGPmh0dHA6Ly93d3cuc2FtYmEuZXhh
+bXBsZS5jb20vY3Jscy9DQS1zYW1iYS5leGFtcGxlLmNvbS1jcmwuY3JsMBEGCWCG
+SAGG+EIBAQQEAwIGQDALBgNVHQ8EBAMCBeAwRgYJYIZIAYb4QgENBDkWN0RvbWFp
+biBDb250cm9sbGVyIENlcnRpZmljYXRlIGxvY2FsZGMuc2FtYmEuZXhhbXBsZS5j
+b20wHQYDVR0OBBYEFOHfcwvxPoZDpLPpjUR9PLIZwbzyMB8GA1UdIwQYMBaAFKI+
+Aiqjp005tAhNmcwMdTbqJ8M+MD0GA1UdEQQ2MDSCGWxvY2FsZGMuc2FtYmEuZXhh
+bXBsZS5jb22gFwYJKwYBBAGCNxkBoAoECAEjRWeJq83vMDEGA1UdEgQqMCiBJmNh
+LXNhbWJhLmV4YW1wbGUuY29tQHNhbWJhLmV4YW1wbGUuY29tME0GCWCGSAGG+EIB
+BARAFj5odHRwOi8vd3d3LnNhbWJhLmV4YW1wbGUuY29tL2NybHMvQ0Etc2FtYmEu
+ZXhhbXBsZS5jb20tY3JsLmNybDAmBgNVHSUEHzAdBggrBgEFBQcDAgYIKwYBBQUH
+AwEGBysGAQUCAwUwDQYJKoZIhvcNAQELBQADggQBAIksV5gXwXOmEAJvpqxHHDct
+HaE8xSm2OuboFOw7dO7a2y2XPtOMnUJ+sEbpVHRPNN+eNH+eip1Nss/7cT/LMuZF
+57TTnujKpc8We3a1TuC5u3mxgqfTI8s8RmNjlrNbYp6Z3AIX+QdjhnYGGgIbmt8d
+zedG/poTh0fd4ndYUKJsyaD4FB8711mcib0uLc5g9MYs42PPNIRh2ZAukPxbT6IA
+h+dA4PzRJIvQKAHTU6yxWH+HKThWk92iFEqalLn4lLIER9u4OOaFK8/UcoiLDY6g
+afmfECKCnMXsAeMHoWk3lCU6zRcpN40k0ycPTb+wMTa4xqhpC98o+OLc2pU+f9c/
+pY+San2tOqyvcytf8bMiku/acYSeSyN7abcp/MUFhEv/BpLu9ZsUKq++7wLh59Do
+0Cl8SEDxlbsIsjDFgYCokVsuCDswRAe1xAsHdMpdNz11+bxtIabgkdj5J4gFWKf0
+Nuu6QGM2FUKYC+LRyRELKYHhxwJ++gVlUXvWGjNG/KXU/WToyBHU0UHZORgIo+0V
+cNkU9brJuz6WjV3Mw1y2yHkCLuKhBrqlIRy/Fn8t2ZMHkrH67j/jVjXzMKoRVNNx
+yynUYOFsrsQk4wBPX1KwP/R2823bvNhlxDe+GoebZcQg3dqpTJ+GMytJpveqztqY
+O+NfrLgbRQ5WWftJOA+31En4e6z62LgdFtuyTBXY5+trOP/SaSam9lAVRS8SsgXU
+v29TeWSb1YuhCD5D7gj+m+qDiYpqU5gexZFMepkrbZfclhveJ8WvD91CXCN9vGtb
+q0cpmDWPnubhX5Zqvc88R4mLrSHeINqZgsEOm3w4IdixHDTFTvf+fV6kL/h9XDAs
+nuZaT9MVkOZvaepRk48s3afDPFCo0boLXMwuTldxIQihLL2nIEuuXAJ6zZr+Htvs
+zjsSN8uWIHs7sVouhAP5CzJDwE7j6nnnmhNU5agaF8R5eCVjq2c5OaBsxMWUrBaS
+PfAaGp7KeoQbwVpfTGWKMKZebA6uv6wJlw+DXJLO5EPeBkuW9UY7fajjD9P+AMfU
+eU5fvexZEvllI/rnl6KmOTujHtpHxRhbjad7KRxaegbGkp63O/DFVujPhM3dYQ8h
+JfQeK0C2dCiNQfYsHc60OdHhvhV4ydeZoZ1QQ9rsQGlqOxevKCIJ4H04nqfKt/eU
+iiobMk4obRiVykJnyLsTJDFDhD6VZghcFX9rk8yPuHZ6/XRK1m9kdN9y9zSjUPDb
+vworG0i3ycCXIyexVlueEBJav/84YdpBdRXFA8Ig/X+EwJSOEe0BuvEZtQUdv4nq
+yThO0s9bJMY3oY5giVxS/31eLcn4sXkHTC8Yhei6vz7aWUPfKXl+ADjS/KmOO50=
+-----END CERTIFICATE-----
diff --git a/selftest/manage-ca/CA-samba.example.com/NewCerts/01.pem b/selftest/manage-ca/CA-samba.example.com/NewCerts/01.pem
new file mode 100644
index 0000000..4ab5d5a
--- /dev/null
+++ b/selftest/manage-ca/CA-samba.example.com/NewCerts/01.pem
@@ -0,0 +1,169 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 1 (0x1)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=US, ST=SambaState, L=SambaCity, O=SambaSelfTesting, OU=CA Administration, CN=CA of samba.example.com/emailAddress=ca-samba.example.com@samba.example.com
+ Validity
+ Not Before: Mar 16 23:29:04 2016 GMT
+ Not After : Mar 11 23:29:04 2036 GMT
+ Subject: C=US, ST=SambaState, O=SambaSelfTesting, OU=Users, CN=administrator@samba.example.com/emailAddress=administrator@samba.example.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:af:87:9e:1e:7f:c0:ab:da:47:22:74:d0:df:01:
+ f1:67:6c:ac:c4:b7:d9:18:97:e5:7a:62:76:33:b6:
+ 52:f2:92:90:75:ac:a3:94:7e:0c:29:75:c9:83:2f:
+ 19:66:60:84:45:ff:d5:a9:bd:c5:3a:a2:d8:25:cf:
+ 15:8a:23:3e:09:73:2f:99:1d:24:1f:e6:96:7e:7b:
+ c4:1e:8d:55:5b:c1:18:69:cd:1d:b4:22:d5:7b:db:
+ 5e:7c:91:f2:8e:c1:03:30:ee:63:46:5a:54:d5:40:
+ ac:79:55:00:71:07:8d:3e:0e:ed:ff:93:6c:f1:2d:
+ 84:c1:51:a3:7c:49:cf:ff:85:7b:c0:64:c1:ba:c8:
+ 66:7a:ff:17:2a:74:ea:16:6a:1d:97:c0:27:57:10:
+ be:76:f5:9a:63:56:c7:25:c6:fc:a7:5e:00:a6:1a:
+ 3d:21:bd:7a:f9:e3:03:60:ce:df:16:06:fc:05:bc:
+ d1:c8:5d:e7:33:ed:52:8b:60:5b:60:c5:70:13:1d:
+ c1:b3:08:13:09:3b:05:e8:02:40:12:45:89:af:87:
+ 1f:6a:8f:62:ce:1e:17:13:34:82:81:86:e9:bb:85:
+ 5b:75:1d:f4:3a:02:b4:a6:58:23:fe:c3:3a:35:09:
+ 95:bb:f7:79:bc:e3:97:e6:6d:77:24:aa:2d:51:50:
+ 37:69
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 CRL Distribution Points:
+
+ Full Name:
+ URI:http://www.samba.example.com/crls/CA-samba.example.com-crl.crl
+
+ Netscape Cert Type:
+ SSL Client, S/MIME
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ Netscape Comment:
+ Smart Card Login Certificate for administrator@samba.example.com
+ X509v3 Subject Key Identifier:
+ 45:DA:4B:8D:05:9C:62:4E:62:C3:D7:5C:5F:D3:D9:85:B4:9B:F2:2C
+ X509v3 Authority Key Identifier:
+ keyid:A2:3E:02:2A:A3:A7:4D:39:B4:08:4D:99:CC:0C:75:36:EA:27:C3:3E
+
+ X509v3 Subject Alternative Name:
+ email:administrator@samba.example.com, othername:<unsupported>
+ X509v3 Issuer Alternative Name:
+ email:ca-samba.example.com@samba.example.com
+ Netscape CA Revocation Url:
+ http://www.samba.example.com/crls/CA-samba.example.com-crl.crl
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication, scardLogin
+ Signature Algorithm: sha256WithRSAEncryption
+ a2:bb:e6:97:67:3c:b6:6e:6e:dd:34:99:16:c6:80:91:08:bf:
+ 91:ba:51:62:5d:76:2f:e5:53:91:3d:99:03:18:a9:84:69:73:
+ 76:66:c3:eb:56:d7:c5:40:91:15:da:de:b2:76:48:7d:8a:8c:
+ 80:79:3c:e6:da:0e:a6:c3:53:d6:74:ee:5f:29:b7:03:46:de:
+ 89:32:14:22:03:30:68:2e:7e:06:d4:ac:9e:82:c0:02:16:7f:
+ 81:ba:ee:7a:e7:8b:f7:fb:99:7f:8c:eb:78:54:97:4e:28:44:
+ da:f4:e2:1b:f8:3e:ac:ca:cc:e3:e3:71:90:91:47:9c:78:ed:
+ 6f:bc:b7:98:12:ea:75:e5:15:f7:26:56:a7:5c:d6:74:a8:13:
+ 7b:23:35:4e:6a:01:f6:a9:f5:5b:9b:d0:ea:ba:0f:c3:c4:1a:
+ e0:b9:a3:ed:5d:28:cb:7f:1d:3e:8a:9a:af:4c:88:00:3c:10:
+ f0:49:85:24:60:e6:cb:d6:9e:00:46:78:4d:90:22:68:4f:10:
+ 39:84:3b:e2:7c:3d:ed:23:41:19:7e:6f:45:59:89:a9:9f:26:
+ c1:f9:7d:4d:0a:b4:10:f9:31:7d:cc:87:d0:4b:62:14:70:86:
+ c8:7d:14:ff:e4:68:e2:de:42:ca:01:c7:aa:2d:5a:a5:72:64:
+ f1:4c:fa:6e:60:15:22:08:68:e6:c6:6a:75:63:24:b5:54:76:
+ d1:97:4f:e0:e8:bc:eb:d0:62:84:4a:b4:3a:07:38:5f:b9:a6:
+ 6a:31:14:47:33:81:bd:d0:a4:a2:da:2b:92:0d:dc:42:c4:0f:
+ 28:0d:b6:1b:33:b5:88:df:1b:a8:d8:90:9a:11:ce:df:d4:14:
+ e9:ac:94:94:95:bb:bc:6e:f1:be:85:29:3f:17:ab:41:14:d8:
+ 20:ba:e0:a2:a3:d3:d4:8b:1e:4b:32:22:8d:0d:c1:e6:39:1a:
+ ce:cd:f3:1d:f1:82:85:d5:e7:80:34:90:a4:0e:d4:af:32:c8:
+ 79:4e:25:32:b6:1e:06:3a:26:42:38:47:1a:32:96:71:5b:fe:
+ 5b:b0:ef:7d:fe:58:ca:eb:b5:c9:4b:2f:12:cb:89:36:22:7c:
+ a6:39:ab:20:c1:2d:cd:6b:34:e1:cd:bc:ed:45:45:12:4a:65:
+ 4b:ab:45:f2:6d:7a:9d:f8:b5:52:78:1b:da:2f:e0:ce:f7:e2:
+ b0:fa:6f:40:3d:dd:e9:39:c3:63:68:ab:77:53:be:3b:dd:9a:
+ bc:d7:d7:fa:6a:bf:bf:74:f7:11:80:87:f9:d3:45:eb:1e:8e:
+ d1:a9:a0:2e:66:e7:20:67:1c:4c:22:43:77:85:ff:1a:23:37:
+ cc:49:de:51:ee:f2:04:2f:a8:98:88:0f:b6:18:53:eb:e2:49:
+ 15:5e:02:8b:1e:7b:e6:c5:d1:0c:df:84:4e:d9:bd:fe:21:48:
+ d4:a4:11:01:27:57:51:d6:c1:b2:a1:1c:11:9a:a7:d1:ab:f0:
+ 99:16:b2:c8:3f:74:25:68:0b:1a:cf:58:0d:cd:cc:1a:6d:8b:
+ ec:1f:70:82:02:40:97:0f:75:2c:53:87:c1:42:5c:d1:7e:19:
+ 78:2c:2c:88:73:33:81:63:38:84:07:0f:16:bb:7c:54:59:03:
+ 94:e7:b8:85:d7:f8:5e:53:35:65:2e:e5:27:65:be:f0:89:65:
+ f6:ab:3f:6e:a5:bd:c1:1a:9e:31:30:68:6e:50:af:54:4c:33:
+ f8:73:2f:41:60:4f:4c:85:1b:ad:7d:db:62:42:dc:87:96:b4:
+ cf:ce:12:50:ed:6c:01:5f:e2:f9:03:f5:f7:4c:6c:8f:2b:5b:
+ 7a:64:7d:19:e8:20:f2:e9:10:58:f3:71:0e:1e:58:68:f2:59:
+ 3c:06:53:7a:f3:60:62:5b:c7:b7:83:58:1d:3d:a6:17:db:33:
+ cc:91:14:af:d6:b9:08:bf:60:af:ac:3e:fe:8b:74:71:20:c7:
+ e7:31:5e:26:6c:28:52:67:12:1e:c3:9b:89:23:5d:88:ee:b0:
+ 6b:db:cc:94:8b:9b:1b:40:b7:66:bc:7d:1d:e1:08:00:20:ba:
+ 41:cd:17:d6:4c:7b:c4:5a:fd:cf:6b:20:e2:b8:86:9c:31:17:
+ c2:d7:7f:1c:3a:d0:fc:1d:f5:7f:c9:96:04:27:de:b8:ef:8d:
+ 38:9a:b3:56:60:ac:c2:07:38:64:19:39:9e:73:6f:ba:59:15:
+ ac:45:42:4d:bb:79:60:7f:ae:c3:8d:63:4a:27:16:0a:ca:92:
+ 7f:f7:a2:02:76:f5:e6:7c:ec:ba:ea:18:cd:9c:3b:ee:37:2c:
+ 9d:78:4e:c9:40:6d:94:cc:ce:ca:f4:33:fc:a4:dd:05:62:d6:
+ 0f:1e:19:63:af:10:c3:ff:02:1a:0a:48:fd:af:f2:a4:0e:64:
+ dd:90:f4:4f:14:1b:90:1f:9e:29:b0:0b:94:a4:d1:2a:87:b9:
+ 3a:76:c2:b6:af:c3:d4:84:6e:85:1c:64:73:46:d0:df:72:c0:
+ 3c:42:91:c4:30:10:11:18:36:bc:e5:17:36:22:5f:c2:3f:ac:
+ 1d:2e:9d:87:11:be:a7:ac:b2:62:35:74:b9:27:27:95:bc:c1:
+ 11:44:f8:64:36:60:74:06:a2:e7:e9:76:be:a7:86:5e:18:1e:
+ bd:dc:b0:aa:ae:92:d6:dd:d6:25:80:d6:c1:be:c1:21:1c:01:
+ 6f:83:20:ae:b7:54:4f:3d:2d:12:fc:a2:cc:49:fd:59
+-----BEGIN CERTIFICATE-----
+MIII/TCCBOWgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBxjELMAkGA1UEBhMCVVMx
+EzARBgNVBAgMClNhbWJhU3RhdGUxEjAQBgNVBAcMCVNhbWJhQ2l0eTEZMBcGA1UE
+CgwQU2FtYmFTZWxmVGVzdGluZzEaMBgGA1UECwwRQ0EgQWRtaW5pc3RyYXRpb24x
+IDAeBgNVBAMMF0NBIG9mIHNhbWJhLmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkB
+FiZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTAeFw0xNjAz
+MTYyMzI5MDRaFw0zNjAzMTEyMzI5MDRaMIGnMQswCQYDVQQGEwJVUzETMBEGA1UE
+CAwKU2FtYmFTdGF0ZTEZMBcGA1UECgwQU2FtYmFTZWxmVGVzdGluZzEOMAwGA1UE
+CwwFVXNlcnMxKDAmBgNVBAMMH2FkbWluaXN0cmF0b3JAc2FtYmEuZXhhbXBsZS5j
+b20xLjAsBgkqhkiG9w0BCQEWH2FkbWluaXN0cmF0b3JAc2FtYmEuZXhhbXBsZS5j
+b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvh54ef8Cr2kcidNDf
+AfFnbKzEt9kYl+V6YnYztlLykpB1rKOUfgwpdcmDLxlmYIRF/9WpvcU6otglzxWK
+Iz4Jcy+ZHSQf5pZ+e8QejVVbwRhpzR20ItV72158kfKOwQMw7mNGWlTVQKx5VQBx
+B40+Du3/k2zxLYTBUaN8Sc//hXvAZMG6yGZ6/xcqdOoWah2XwCdXEL529ZpjVscl
+xvynXgCmGj0hvXr54wNgzt8WBvwFvNHIXecz7VKLYFtgxXATHcGzCBMJOwXoAkAS
+RYmvhx9qj2LOHhcTNIKBhum7hVt1HfQ6ArSmWCP+wzo1CZW793m845fmbXckqi1R
+UDdpAgMBAAGjggIRMIICDTAJBgNVHRMEAjAAME8GA1UdHwRIMEYwRKBCoECGPmh0
+dHA6Ly93d3cuc2FtYmEuZXhhbXBsZS5jb20vY3Jscy9DQS1zYW1iYS5leGFtcGxl
+LmNvbS1jcmwuY3JsMBEGCWCGSAGG+EIBAQQEAwIFoDALBgNVHQ8EBAMCBeAwTwYJ
+YIZIAYb4QgENBEIWQFNtYXJ0IENhcmQgTG9naW4gQ2VydGlmaWNhdGUgZm9yIGFk
+bWluaXN0cmF0b3JAc2FtYmEuZXhhbXBsZS5jb20wHQYDVR0OBBYEFEXaS40FnGJO
+YsPXXF/T2YW0m/IsMB8GA1UdIwQYMBaAFKI+Aiqjp005tAhNmcwMdTbqJ8M+MFsG
+A1UdEQRUMFKBH2FkbWluaXN0cmF0b3JAc2FtYmEuZXhhbXBsZS5jb22gLwYKKwYB
+BAGCNxQCA6AhDB9hZG1pbmlzdHJhdG9yQHNhbWJhLmV4YW1wbGUuY29tMDEGA1Ud
+EgQqMCiBJmNhLXNhbWJhLmV4YW1wbGUuY29tQHNhbWJhLmV4YW1wbGUuY29tME0G
+CWCGSAGG+EIBBARAFj5odHRwOi8vd3d3LnNhbWJhLmV4YW1wbGUuY29tL2NybHMv
+Q0Etc2FtYmEuZXhhbXBsZS5jb20tY3JsLmNybDAfBgNVHSUEGDAWBggrBgEFBQcD
+AgYKKwYBBAGCNxQCAjANBgkqhkiG9w0BAQsFAAOCBAEAorvml2c8tm5u3TSZFsaA
+kQi/kbpRYl12L+VTkT2ZAxiphGlzdmbD61bXxUCRFdresnZIfYqMgHk85toOpsNT
+1nTuXym3A0beiTIUIgMwaC5+BtSsnoLAAhZ/gbrueueL9/uZf4zreFSXTihE2vTi
+G/g+rMrM4+NxkJFHnHjtb7y3mBLqdeUV9yZWp1zWdKgTeyM1TmoB9qn1W5vQ6roP
+w8Qa4Lmj7V0oy38dPoqar0yIADwQ8EmFJGDmy9aeAEZ4TZAiaE8QOYQ74nw97SNB
+GX5vRVmJqZ8mwfl9TQq0EPkxfcyH0EtiFHCGyH0U/+Ro4t5CygHHqi1apXJk8Uz6
+bmAVIgho5sZqdWMktVR20ZdP4Oi869BihEq0Ogc4X7mmajEURzOBvdCkotorkg3c
+QsQPKA22GzO1iN8bqNiQmhHO39QU6ayUlJW7vG7xvoUpPxerQRTYILrgoqPT1Ise
+SzIijQ3B5jkazs3zHfGChdXngDSQpA7UrzLIeU4lMrYeBjomQjhHGjKWcVv+W7Dv
+ff5Yyuu1yUsvEsuJNiJ8pjmrIMEtzWs04c287UVFEkplS6tF8m16nfi1Ungb2i/g
+zvfisPpvQD3d6TnDY2ird1O+O92avNfX+mq/v3T3EYCH+dNF6x6O0amgLmbnIGcc
+TCJDd4X/GiM3zEneUe7yBC+omIgPthhT6+JJFV4Cix575sXRDN+ETtm9/iFI1KQR
+ASdXUdbBsqEcEZqn0avwmRayyD90JWgLGs9YDc3MGm2L7B9wggJAlw91LFOHwUJc
+0X4ZeCwsiHMzgWM4hAcPFrt8VFkDlOe4hdf4XlM1ZS7lJ2W+8Ill9qs/bqW9wRqe
+MTBoblCvVEwz+HMvQWBPTIUbrX3bYkLch5a0z84SUO1sAV/i+QP190xsjytbemR9
+Gegg8ukQWPNxDh5YaPJZPAZTevNgYlvHt4NYHT2mF9szzJEUr9a5CL9gr6w+/ot0
+cSDH5zFeJmwoUmcSHsObiSNdiO6wa9vMlIubG0C3Zrx9HeEIACC6Qc0X1kx7xFr9
+z2sg4riGnDEXwtd/HDrQ/B31f8mWBCfeuO+NOJqzVmCswgc4ZBk5nnNvulkVrEVC
+Tbt5YH+uw41jSicWCsqSf/eiAnb15nzsuuoYzZw77jcsnXhOyUBtlMzOyvQz/KTd
+BWLWDx4ZY68Qw/8CGgpI/a/ypA5k3ZD0TxQbkB+eKbALlKTRKoe5OnbCtq/D1IRu
+hRxkc0bQ33LAPEKRxDAQERg2vOUXNiJfwj+sHS6dhxG+p6yyYjV0uScnlbzBEUT4
+ZDZgdAai5+l2vqeGXhgevdywqq6S1t3WJYDWwb7BIRwBb4MgrrdUTz0tEvyizEn9
+WQ==
+-----END CERTIFICATE-----
diff --git a/selftest/manage-ca/CA-samba.example.com/NewCerts/02.pem b/selftest/manage-ca/CA-samba.example.com/NewCerts/02.pem
new file mode 100644
index 0000000..2e2a8b9
--- /dev/null
+++ b/selftest/manage-ca/CA-samba.example.com/NewCerts/02.pem
@@ -0,0 +1,191 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 2 (0x2)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=US, ST=SambaState, L=SambaCity, O=SambaSelfTesting, OU=CA Administration, CN=CA of samba.example.com/emailAddress=ca-samba.example.com@samba.example.com
+ Validity
+ Not Before: Mar 16 23:29:25 2016 GMT
+ Not After : Mar 11 23:29:25 2036 GMT
+ Subject: C=US, ST=SambaState, O=SambaSelfTesting, OU=Domain Controllers, CN=addc.addom.samba.example.com/emailAddress=ca-samba.example.com@samba.example.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (4096 bit)
+ Modulus:
+ 00:a6:c4:a9:bf:75:ea:4c:8d:3b:fd:8a:0f:b0:a2:
+ b6:c7:a8:1f:e4:0e:3e:41:ef:d6:10:48:77:7b:4e:
+ 4c:59:e1:bf:6d:c7:18:7b:a8:01:a7:d5:d2:2c:21:
+ 3e:d0:1a:da:58:03:e8:42:f1:53:0e:a7:91:b9:2c:
+ b9:e7:7a:c9:de:5e:ed:4c:93:6b:cc:dd:17:d0:c7:
+ d1:f1:7c:3d:0d:6f:df:5d:53:5a:b1:1f:a3:7b:5b:
+ 41:65:0c:7c:ea:53:df:bb:da:41:15:da:49:e3:b9:
+ 2d:bb:b5:af:ef:8c:b8:84:74:d0:18:16:8e:5c:e4:
+ c2:e7:a1:87:8f:e3:87:8b:0b:bb:90:30:e8:e0:f3:
+ eb:c0:50:5f:b5:7f:54:9a:1b:34:43:fd:be:5a:80:
+ 6e:0f:63:a2:b3:79:42:4a:85:c8:07:c7:82:55:23:
+ 88:d4:4e:03:2f:f1:95:bd:ed:15:2d:3e:16:cd:ff:
+ c7:9b:03:29:36:a6:5d:c9:1a:1e:89:a5:ba:66:83:
+ 0f:96:a8:07:9f:24:b9:1b:8f:02:9a:b8:50:29:8b:
+ be:63:45:fa:45:c3:38:23:a0:98:3a:b4:6b:42:99:
+ 13:36:4b:84:ef:27:89:39:34:79:f8:67:16:7b:9c:
+ 2a:03:41:15:63:46:e4:db:2f:f2:3e:6d:fe:7c:20:
+ 1e:9f:02:48:a4:bc:15:42:a6:f8:38:86:dc:6b:7c:
+ 4e:67:a3:31:81:8e:b6:30:1a:eb:3d:08:25:19:5f:
+ 42:dc:39:ec:79:1d:30:0a:fb:16:8f:3d:19:14:cc:
+ f5:af:d7:c6:75:cf:b3:96:a2:b2:9b:d9:03:01:a3:
+ ca:88:1d:72:ed:6f:d1:bf:57:56:8e:b9:07:9b:b9:
+ 04:13:1e:0b:5a:06:6b:2b:43:a2:dc:d5:b7:f4:ba:
+ d3:ae:9d:ad:fd:d3:8a:7c:2f:87:32:fa:89:88:58:
+ 00:ae:16:2b:9c:1d:58:82:4d:e5:21:da:d5:6c:f7:
+ a8:40:8b:c7:02:d5:36:30:ef:3f:09:9b:a6:d2:31:
+ a3:bf:20:d4:a2:9e:26:c4:b4:c3:0f:0b:6c:00:d1:
+ 2c:16:b1:2a:eb:06:d9:d5:98:c3:cd:cb:20:68:ad:
+ 0a:2c:a1:2f:27:41:5c:91:de:49:62:ed:d8:3a:ef:
+ 68:1c:6d:fe:94:c3:28:68:32:60:08:65:cd:02:9f:
+ 97:96:2f:0f:87:27:3d:b9:0f:85:62:e8:2b:9a:b4:
+ f4:d3:d7:c1:93:96:27:23:29:88:b1:39:99:53:3a:
+ 20:aa:88:44:3b:4a:24:2a:8b:e0:b4:8d:dd:66:30:
+ df:a6:6e:b7:fc:21:43:16:9e:3e:12:20:c8:7a:30:
+ c1:3d:ab
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 CRL Distribution Points:
+
+ Full Name:
+ URI:http://www.samba.example.com/crls/CA-samba.example.com-crl.crl
+
+ Netscape Cert Type:
+ SSL Server
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ Netscape Comment:
+ Domain Controller Certificate addc.addom.samba.example.com
+ X509v3 Subject Key Identifier:
+ 3D:BC:70:0C:74:D4:B8:85:49:1D:08:84:C4:1B:27:F2:AF:72:37:D3
+ X509v3 Authority Key Identifier:
+ keyid:A2:3E:02:2A:A3:A7:4D:39:B4:08:4D:99:CC:0C:75:36:EA:27:C3:3E
+
+ X509v3 Subject Alternative Name:
+ DNS:addc.addom.samba.example.com, othername:<unsupported>
+ X509v3 Issuer Alternative Name:
+ email:ca-samba.example.com@samba.example.com
+ Netscape CA Revocation Url:
+ http://www.samba.example.com/crls/CA-samba.example.com-crl.crl
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication, TLS Web Server Authentication, msKDC
+ Signature Algorithm: sha256WithRSAEncryption
+ 9e:8b:bb:0a:7a:dc:c0:94:33:bc:18:a5:e6:4a:1f:ff:8e:21:
+ b1:8f:33:f0:3e:8b:6c:72:55:c4:47:71:5f:ce:e7:31:ef:5b:
+ 62:04:b7:57:8f:a8:27:9f:ed:69:d2:ec:a8:0d:e2:76:33:8d:
+ 41:3a:67:61:5c:53:60:c7:53:ed:d7:99:72:29:1d:ae:d3:ee:
+ c9:76:1c:6d:18:47:e9:94:dd:2e:97:3f:99:af:b5:f4:a1:7c:
+ 92:f6:4d:b5:c1:7a:0c:38:ba:d1:b6:19:9a:9f:e2:02:84:d4:
+ 54:01:38:7b:55:86:4a:ee:3d:85:48:01:da:34:09:69:43:25:
+ 7e:6e:06:73:e0:b9:7c:b5:9c:4e:9c:b5:52:85:32:62:62:25:
+ 39:fa:02:4b:51:2e:df:8e:52:17:02:50:f4:99:29:bf:7e:97:
+ 53:91:12:85:9a:69:62:45:59:c4:5b:3f:af:18:e6:7b:e4:86:
+ 5d:f1:9e:5a:2b:3e:14:6e:7e:d4:47:24:ef:d9:a8:ec:d9:a6:
+ cb:b8:4f:1a:86:d9:43:20:41:16:15:5f:81:0d:fe:6b:31:53:
+ c1:f6:84:4c:f3:03:64:d2:e6:44:3d:7a:60:79:d7:37:6f:33:
+ de:c0:a8:b9:6e:fe:b2:79:ac:b4:53:92:b8:0a:59:2b:cc:6b:
+ 37:c4:6f:c6:44:02:f7:7c:c5:c6:a6:6f:c2:ad:de:78:1e:48:
+ 96:cc:fe:59:2e:53:ce:34:d6:e8:f0:56:43:30:32:90:6f:f9:
+ 47:76:ab:99:63:e3:e8:a3:f3:83:98:e9:05:2b:ea:f9:f9:9d:
+ 66:70:c7:2c:00:c2:9e:57:3e:31:43:50:50:c8:db:a8:2d:21:
+ 4e:6f:39:c2:bd:ef:d8:47:99:27:0d:48:b2:58:f1:be:45:bd:
+ fe:c4:a2:56:fc:06:02:dc:19:33:85:53:ed:38:59:01:16:bc:
+ aa:c5:d3:4b:37:54:83:1b:e5:c1:4b:dd:34:6b:e5:d8:35:86:
+ 95:e6:9f:d2:22:84:b1:e2:4f:a7:2e:4d:e6:9c:eb:db:df:42:
+ e1:b4:66:e6:58:d3:28:10:34:97:f3:9c:6b:5f:05:2c:47:2c:
+ e3:75:eb:6f:74:0a:ec:d7:1d:30:80:56:44:12:26:f6:4e:5f:
+ ff:92:f4:62:02:36:9c:62:eb:39:98:53:68:68:95:fb:94:68:
+ 69:b8:3c:66:1a:ce:78:c4:cf:c4:6f:21:ac:a8:a6:f4:ab:69:
+ 2a:2e:00:5d:f7:67:06:b1:4f:97:58:88:55:d8:6e:eb:a5:98:
+ 50:36:21:70:3d:b0:a4:f5:3b:21:b3:1c:f5:a9:dd:c6:4a:c2:
+ 89:b8:5a:b3:bc:1f:21:ce:4c:68:5f:98:d8:39:70:d2:7e:a0:
+ 90:df:ad:a3:13:eb:3c:93:f6:b8:f4:d9:a7:51:b3:0d:ea:ee:
+ d4:57:aa:db:ca:7c:8a:a0:08:c3:98:9a:3a:b7:ba:2a:50:92:
+ 26:c2:e3:11:ba:12:60:24:b9:59:df:62:a8:d7:4d:a3:cb:ea:
+ 46:e8:39:f9:83:14:a8:5c:44:75:71:6b:7f:99:bd:68:58:d9:
+ 6b:d1:cd:c7:45:95:9e:44:1e:85:35:c0:30:2b:18:aa:eb:2f:
+ 93:d5:be:66:5d:70:ed:1d:04:f2:c1:1e:b5:ec:45:0c:04:f6:
+ 9d:88:d3:0c:20:5e:5b:23:df:34:a1:f5:ea:b4:a1:44:c0:da:
+ d5:ea:89:e8:b5:cb:dc:f8:92:ee:ac:8d:61:ed:bf:74:2b:28:
+ 79:1f:f4:9a:ff:63:bd:e6:aa:79:1d:2c:26:4a:b2:26:53:57:
+ ba:88:0e:eb:19:57:c0:10:a0:1e:81:2a:c0:56:2e:c3:2a:81:
+ bf:c1:5a:e7:48:ce:c1:6a:b9:6c:41:cc:44:a6:b8:70:e2:57:
+ 0e:6d:41:d6:61:da:bf:ac:20:2c:a7:2a:67:23:98:00:ba:ce:
+ 8b:a8:c2:45:66:a7:08:eb:7f:0a:b5:e7:9b:d6:f4:07:d5:b3:
+ 43:cd:27:d4:fa:c9:40:8f:af:b2:36:1c:e7:44:b4:4e:cc:5a:
+ 2b:73:ad:8f:c4:d9:47:a6:fb:2c:7d:1a:80:2a:55:b3:80:34:
+ 6f:8e:17:27:93:05:21:40:e9:8f:bf:47:6a:52:f5:2e:b5:18:
+ d1:8c:1d:83:04:80:55:fd:21:28:dc:7c:be:c8:c1:5f:e4:40:
+ d3:13:e4:66:bf:ad:92:4e:9b:db:c1:be:a3:42:74:da:c3:2c:
+ 0a:da:3f:94:14:ad:7e:de:81:c6:01:6a:f7:7a:b4:25:51:b0:
+ ab:cd:b3:3a:77:bf:c3:6b:04:44:30:73:41:ad:93:49:67:ee:
+ 43:d1:96:8e:36:83:2b:1b:6c:e7:cc:3e:d6:16:b9:88:4a:ab:
+ 56:c0:76:00:f6:9a:6a:8a:e3:e0:41:75:9d:3b:47:0f:c9:0a:
+ 8e:9f:9c:00:92:bb:ae:d8:42:56:35:64:eb:59:13:da:2c:63:
+ 83:c3:ec:68:91:b5:f3:71:85:48:54:c3:9d:a1:c8:63:f3:de:
+ 5d:a5:34:a9:1e:85:2c:2c:b5:d8:a9:62:8d:26:1f:b2:9e:a7:
+ 83:4d:df:69:63:b5:b7:e5:dd:e7:3b:18:e5:b3:77:df:c5:47:
+ b3:f7:8c:e7:5e:87:2e:46:e3:8f:b1:2b:9b:c6:26:2d:1a:28:
+ 30:13:10:86:5b:46:87:b1:2d:12:ce:b6:fe:1c:4e:44
+-----BEGIN CERTIFICATE-----
+MIIJ9DCCBdygAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBxjELMAkGA1UEBhMCVVMx
+EzARBgNVBAgMClNhbWJhU3RhdGUxEjAQBgNVBAcMCVNhbWJhQ2l0eTEZMBcGA1UE
+CgwQU2FtYmFTZWxmVGVzdGluZzEaMBgGA1UECwwRQ0EgQWRtaW5pc3RyYXRpb24x
+IDAeBgNVBAMMF0NBIG9mIHNhbWJhLmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkB
+FiZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTAeFw0xNjAz
+MTYyMzI5MjVaFw0zNjAzMTEyMzI5MjVaMIG4MQswCQYDVQQGEwJVUzETMBEGA1UE
+CAwKU2FtYmFTdGF0ZTEZMBcGA1UECgwQU2FtYmFTZWxmVGVzdGluZzEbMBkGA1UE
+CwwSRG9tYWluIENvbnRyb2xsZXJzMSUwIwYDVQQDDBxhZGRjLmFkZG9tLnNhbWJh
+LmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkBFiZjYS1zYW1iYS5leGFtcGxlLmNv
+bUBzYW1iYS5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
+ggIBAKbEqb916kyNO/2KD7CitseoH+QOPkHv1hBId3tOTFnhv23HGHuoAafV0iwh
+PtAa2lgD6ELxUw6nkbksued6yd5e7UyTa8zdF9DH0fF8PQ1v311TWrEfo3tbQWUM
+fOpT37vaQRXaSeO5Lbu1r++MuIR00BgWjlzkwuehh4/jh4sLu5Aw6ODz68BQX7V/
+VJobNEP9vlqAbg9jorN5QkqFyAfHglUjiNROAy/xlb3tFS0+Fs3/x5sDKTamXcka
+HomlumaDD5aoB58kuRuPApq4UCmLvmNF+kXDOCOgmDq0a0KZEzZLhO8niTk0efhn
+FnucKgNBFWNG5Nsv8j5t/nwgHp8CSKS8FUKm+DiG3Gt8TmejMYGOtjAa6z0IJRlf
+Qtw57HkdMAr7Fo89GRTM9a/XxnXPs5aispvZAwGjyogdcu1v0b9XVo65B5u5BBMe
+C1oGaytDotzVt/S6066drf3TinwvhzL6iYhYAK4WK5wdWIJN5SHa1Wz3qECLxwLV
+NjDvPwmbptIxo78g1KKeJsS0ww8LbADRLBaxKusG2dWYw83LIGitCiyhLydBXJHe
+SWLt2DrvaBxt/pTDKGgyYAhlzQKfl5YvD4cnPbkPhWLoK5q09NPXwZOWJyMpiLE5
+mVM6IKqIRDtKJCqL4LSN3WYw36Zut/whQxaePhIgyHowwT2rAgMBAAGjggH3MIIB
+8zAJBgNVHRMEAjAAME8GA1UdHwRIMEYwRKBCoECGPmh0dHA6Ly93d3cuc2FtYmEu
+ZXhhbXBsZS5jb20vY3Jscy9DQS1zYW1iYS5leGFtcGxlLmNvbS1jcmwuY3JsMBEG
+CWCGSAGG+EIBAQQEAwIGQDALBgNVHQ8EBAMCBeAwSQYJYIZIAYb4QgENBDwWOkRv
+bWFpbiBDb250cm9sbGVyIENlcnRpZmljYXRlIGFkZGMuYWRkb20uc2FtYmEuZXhh
+bXBsZS5jb20wHQYDVR0OBBYEFD28cAx01LiFSR0IhMQbJ/KvcjfTMB8GA1UdIwQY
+MBaAFKI+Aiqjp005tAhNmcwMdTbqJ8M+MEAGA1UdEQQ5MDeCHGFkZGMuYWRkb20u
+c2FtYmEuZXhhbXBsZS5jb22gFwYJKwYBBAGCNxkBoAoECAEjRWeJq83vMDEGA1Ud
+EgQqMCiBJmNhLXNhbWJhLmV4YW1wbGUuY29tQHNhbWJhLmV4YW1wbGUuY29tME0G
+CWCGSAGG+EIBBARAFj5odHRwOi8vd3d3LnNhbWJhLmV4YW1wbGUuY29tL2NybHMv
+Q0Etc2FtYmEuZXhhbXBsZS5jb20tY3JsLmNybDAmBgNVHSUEHzAdBggrBgEFBQcD
+AgYIKwYBBQUHAwEGBysGAQUCAwUwDQYJKoZIhvcNAQELBQADggQBAJ6Luwp63MCU
+M7wYpeZKH/+OIbGPM/A+i2xyVcRHcV/O5zHvW2IEt1ePqCef7WnS7KgN4nYzjUE6
+Z2FcU2DHU+3XmXIpHa7T7sl2HG0YR+mU3S6XP5mvtfShfJL2TbXBegw4utG2GZqf
+4gKE1FQBOHtVhkruPYVIAdo0CWlDJX5uBnPguXy1nE6ctVKFMmJiJTn6AktRLt+O
+UhcCUPSZKb9+l1OREoWaaWJFWcRbP68Y5nvkhl3xnlorPhRuftRHJO/ZqOzZpsu4
+TxqG2UMgQRYVX4EN/msxU8H2hEzzA2TS5kQ9emB51zdvM97AqLlu/rJ5rLRTkrgK
+WSvMazfEb8ZEAvd8xcamb8Kt3ngeSJbM/lkuU8401ujwVkMwMpBv+Ud2q5lj4+ij
+84OY6QUr6vn5nWZwxywAwp5XPjFDUFDI26gtIU5vOcK979hHmScNSLJY8b5Fvf7E
+olb8BgLcGTOFU+04WQEWvKrF00s3VIMb5cFL3TRr5dg1hpXmn9IihLHiT6cuTeac
+69vfQuG0ZuZY0ygQNJfznGtfBSxHLON16290CuzXHTCAVkQSJvZOX/+S9GICNpxi
+6zmYU2holfuUaGm4PGYaznjEz8RvIayopvSraSouAF33ZwaxT5dYiFXYbuulmFA2
+IXA9sKT1OyGzHPWp3cZKwom4WrO8HyHOTGhfmNg5cNJ+oJDfraMT6zyT9rj02adR
+sw3q7tRXqtvKfIqgCMOYmjq3uipQkibC4xG6EmAkuVnfYqjXTaPL6kboOfmDFKhc
+RHVxa3+ZvWhY2WvRzcdFlZ5EHoU1wDArGKrrL5PVvmZdcO0dBPLBHrXsRQwE9p2I
+0wwgXlsj3zSh9eq0oUTA2tXqiei1y9z4ku6sjWHtv3QrKHkf9Jr/Y73mqnkdLCZK
+siZTV7qIDusZV8AQoB6BKsBWLsMqgb/BWudIzsFquWxBzESmuHDiVw5tQdZh2r+s
+ICynKmcjmAC6zouowkVmpwjrfwq155vW9AfVs0PNJ9T6yUCPr7I2HOdEtE7MWitz
+rY/E2Uem+yx9GoAqVbOANG+OFyeTBSFA6Y+/R2pS9S61GNGMHYMEgFX9ISjcfL7I
+wV/kQNMT5Ga/rZJOm9vBvqNCdNrDLAraP5QUrX7egcYBavd6tCVRsKvNszp3v8Nr
+BEQwc0Gtk0ln7kPRlo42gysbbOfMPtYWuYhKq1bAdgD2mmqK4+BBdZ07Rw/JCo6f
+nACSu67YQlY1ZOtZE9osY4PD7GiRtfNxhUhUw52hyGPz3l2lNKkehSwstdipYo0m
+H7Kep4NN32ljtbfl3ec7GOWzd9/FR7P3jOdehy5G44+xK5vGJi0aKDATEIZbRoex
+LRLOtv4cTkQ=
+-----END CERTIFICATE-----
diff --git a/selftest/manage-ca/CA-samba.example.com/NewCerts/03.pem b/selftest/manage-ca/CA-samba.example.com/NewCerts/03.pem
new file mode 100644
index 0000000..7486a63
--- /dev/null
+++ b/selftest/manage-ca/CA-samba.example.com/NewCerts/03.pem
@@ -0,0 +1,169 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 3 (0x3)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=US, ST=SambaState, L=SambaCity, O=SambaSelfTesting, OU=CA Administration, CN=CA of samba.example.com/emailAddress=ca-samba.example.com@samba.example.com
+ Validity
+ Not Before: Mar 16 23:29:41 2016 GMT
+ Not After : Mar 11 23:29:41 2036 GMT
+ Subject: C=US, ST=SambaState, O=SambaSelfTesting, OU=Users, CN=administrator@addom.samba.example.com/emailAddress=administrator@addom.samba.example.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:be:91:64:f2:1b:2b:ed:9b:40:bc:0d:46:23:49:
+ 77:32:74:fe:cb:9a:46:86:33:1e:56:bd:c8:da:dd:
+ e6:2a:07:34:61:1c:f0:b8:71:29:24:2b:90:f3:43:
+ 99:6f:69:f6:ff:8d:b9:b7:3f:f3:36:6a:99:90:90:
+ d6:95:63:4e:88:5a:d7:41:89:7f:73:13:64:49:c7:
+ de:42:65:08:5d:ca:04:b2:68:3a:40:7f:6a:05:df:
+ 56:30:2f:ac:1b:8b:0f:c3:15:3c:38:0f:90:50:44:
+ 00:bb:59:40:f6:d2:e8:5b:73:03:0d:f6:7d:38:5d:
+ 2f:99:c3:0d:13:0f:74:d0:9e:ef:1e:92:42:c4:46:
+ 7c:dc:85:7e:e9:af:91:4e:9d:5f:82:af:58:60:18:
+ a5:ac:91:6e:dd:cf:a7:32:3c:d2:f4:e9:81:be:80:
+ 9e:0c:ca:1f:1a:be:98:c4:fe:e6:25:c1:89:fe:16:
+ 0a:30:90:d3:d4:e5:af:89:24:64:12:d0:4f:19:e2:
+ 1b:86:fb:06:a9:63:d1:47:10:89:dc:2b:52:24:dc:
+ 66:a9:56:c2:cb:f4:ec:35:12:f4:ad:5e:fc:ff:86:
+ e9:b1:f9:1f:b3:ce:44:fb:be:04:af:8d:42:9b:56:
+ a5:02:7f:c5:cf:5f:23:41:1c:69:ee:33:97:7a:81:
+ 50:8b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 CRL Distribution Points:
+
+ Full Name:
+ URI:http://www.samba.example.com/crls/CA-samba.example.com-crl.crl
+
+ Netscape Cert Type:
+ SSL Client, S/MIME
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ Netscape Comment:
+ Smart Card Login Certificate for administrator@addom.samba.example.com
+ X509v3 Subject Key Identifier:
+ 30:10:6E:1F:7E:52:33:8C:C8:85:E5:92:74:5D:76:7E:E9:33:5B:36
+ X509v3 Authority Key Identifier:
+ keyid:A2:3E:02:2A:A3:A7:4D:39:B4:08:4D:99:CC:0C:75:36:EA:27:C3:3E
+
+ X509v3 Subject Alternative Name:
+ email:administrator@addom.samba.example.com, othername:<unsupported>
+ X509v3 Issuer Alternative Name:
+ email:ca-samba.example.com@samba.example.com
+ Netscape CA Revocation Url:
+ http://www.samba.example.com/crls/CA-samba.example.com-crl.crl
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication, scardLogin
+ Signature Algorithm: sha256WithRSAEncryption
+ 53:3e:51:d2:5d:2c:69:23:5b:dd:05:1a:23:ff:39:5d:54:63:
+ e5:da:e1:4b:60:8c:09:7c:4e:8e:da:8a:bb:63:5d:bc:2d:a0:
+ d4:ce:9e:d2:ce:38:d7:32:67:ba:4a:a6:d1:1d:c4:c7:50:e8:
+ 9a:9e:44:56:1a:9c:f4:8f:b9:8e:39:84:21:db:0f:60:8a:60:
+ b4:0f:4f:3c:35:a0:d2:37:3d:88:e8:0a:18:a7:a7:2d:19:e3:
+ aa:d3:8e:18:8f:35:ef:3e:4a:95:c4:d3:9b:f4:cf:89:c2:70:
+ b9:8c:5c:ef:8a:9e:7a:56:73:13:eb:8b:b7:d9:e1:88:5b:c4:
+ 62:47:42:45:8d:7b:2d:cf:71:83:1b:48:9d:84:8f:65:66:97:
+ 61:fc:f6:30:34:e8:88:2a:34:91:48:dc:7a:b7:65:bc:9c:98:
+ 00:4c:e7:49:fe:4d:a9:56:ea:87:d6:6c:46:39:f2:98:5b:56:
+ 14:82:f2:9e:b8:ad:fd:89:36:48:87:4e:5c:ef:3f:e0:35:ff:
+ 72:5f:5b:e1:c2:fd:d9:6e:40:2b:35:ad:50:08:74:94:87:89:
+ c4:cd:c7:ab:a7:19:4e:ba:f2:1d:83:0f:b0:cf:9c:e6:df:73:
+ 36:88:cf:42:9c:a3:72:27:0f:f7:bf:5b:cc:6b:e5:20:03:b5:
+ 4a:1c:f3:7d:ae:92:43:aa:bb:13:07:a4:3a:77:3d:34:01:00:
+ f1:89:aa:e8:1b:09:7b:b8:b0:e1:54:03:ff:3d:8d:be:35:b9:
+ 13:b2:59:58:32:48:93:f8:e7:d7:3d:49:70:01:44:e6:2b:21:
+ b3:75:49:ae:44:7a:50:15:b8:65:f3:c3:48:96:df:c8:d9:2a:
+ f7:c5:2a:7e:2c:68:77:af:2d:78:1b:fc:1a:d8:f4:8b:a6:86:
+ 35:d2:f0:87:e9:d6:30:0a:76:65:f8:71:e9:80:0d:1f:16:86:
+ 89:92:81:34:d9:be:9b:41:25:ec:65:a9:0a:56:b2:03:91:54:
+ 02:21:97:99:74:61:8c:4a:2e:f4:d0:b1:8b:f1:e6:26:52:bc:
+ f6:f2:e0:bd:96:66:22:c3:4e:51:2f:c3:c4:65:65:c7:97:b5:
+ 1b:29:23:7a:c0:7b:fb:49:33:a0:a9:6a:b7:2f:f3:44:6b:5b:
+ 0c:2c:0d:75:f2:50:d5:82:ba:9a:ab:e0:89:0a:b6:b5:8a:5e:
+ 1a:67:ab:d9:a7:21:22:75:61:1e:d7:21:36:15:6a:da:a8:39:
+ 4d:95:50:2b:e6:ac:c4:f6:38:74:c9:c5:ac:ce:2f:b3:c8:d4:
+ ad:18:a7:93:d4:1a:be:c2:be:9e:39:e6:a7:b1:0e:93:d0:9e:
+ cf:b0:ac:53:7d:08:1f:9d:a5:98:2b:4e:f6:80:e4:df:ea:43:
+ a2:f9:64:bf:84:b2:ff:1c:93:36:60:74:08:4e:5b:d6:24:9a:
+ f8:ac:c7:81:f9:2a:a9:00:28:44:15:6a:31:b9:b5:08:89:c8:
+ 31:15:1e:8f:9d:2c:d0:e3:a8:32:2c:68:42:41:19:6c:43:8e:
+ 69:c0:44:01:ba:1c:c4:ea:f4:ff:c8:57:03:ba:df:3f:5e:a5:
+ 03:da:75:31:2e:07:67:a7:5c:02:55:c3:6f:8f:11:f5:8c:56:
+ a1:f7:4b:bb:46:d0:e5:ff:68:c1:77:3d:0d:35:12:f5:40:af:
+ cd:05:5c:53:74:ff:54:e0:c0:c6:10:5c:e8:33:06:0a:50:47:
+ 7e:71:3a:36:66:aa:f8:de:97:2a:ae:bf:8d:6d:d4:39:c4:fd:
+ b3:03:1d:a5:9c:47:39:8c:c0:b3:73:f8:3a:d6:34:ac:49:4f:
+ b3:87:74:11:20:8f:c0:aa:24:a7:30:20:0c:c0:d9:1c:44:ee:
+ ae:c8:b8:13:63:e5:f8:5e:8f:b0:5a:46:c5:83:3d:41:62:06:
+ e4:62:a6:0a:40:cc:8e:59:ad:8a:36:4e:20:e6:f2:32:04:6e:
+ ee:4e:7d:97:88:dc:ea:74:90:c4:ab:a8:b5:bc:6c:81:b1:64:
+ 77:a6:93:34:44:e4:60:38:b1:0c:2b:29:3a:4a:f7:17:d7:3a:
+ c8:42:7e:db:4d:5f:09:92:ae:6c:90:e1:7d:9f:96:9c:1a:82:
+ bd:45:02:76:29:62:e5:b9:14:53:01:53:c0:5a:d5:34:53:7a:
+ 25:49:3e:3d:db:19:7e:29:57:80:78:67:ea:21:3e:3d:59:36:
+ e0:8b:da:75:57:9b:c8:9d:a1:18:18:e2:5c:35:35:9e:62:2c:
+ f5:0f:c0:8f:55:16:a5:d4:9e:cd:0e:78:87:9d:53:d3:01:e1:
+ 18:61:36:1c:06:c3:3a:43:f3:8a:13:e6:4e:52:32:fd:46:21:
+ cd:62:18:1f:ae:f5:f2:1a:ea:7a:01:3b:a1:3f:1d:16:00:91:
+ 5e:94:78:f4:60:33:54:a9:fc:1c:0a:75:f9:17:aa:dd:12:91:
+ 66:4b:f0:d1:60:25:d4:06:d1:99:9c:c5:64:01:4b:ba:d9:66:
+ ba:9c:f7:68:75:fd:11:3a:eb:6e:fb:8f:a6:17:8a:cd:bc:1a:
+ 59:f9:a9:cd:33:db:7d:71:26:7d:c7:be:de:eb:2e:c0:7e:db:
+ 29:08:0e:82:63:1e:8c:8f:e6:21:1c:b1:49:13:9e:df:78:3b:
+ 68:01:17:0f:df:97:96:58:32:48:1e:5c:ff:fa:db:90:b5:05:
+ 84:68:fd:7c:c0:a5:35:d9:75:1e:ea:cc:25:25:3f:6e
+-----BEGIN CERTIFICATE-----
+MIIJGzCCBQOgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBxjELMAkGA1UEBhMCVVMx
+EzARBgNVBAgMClNhbWJhU3RhdGUxEjAQBgNVBAcMCVNhbWJhQ2l0eTEZMBcGA1UE
+CgwQU2FtYmFTZWxmVGVzdGluZzEaMBgGA1UECwwRQ0EgQWRtaW5pc3RyYXRpb24x
+IDAeBgNVBAMMF0NBIG9mIHNhbWJhLmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkB
+FiZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTAeFw0xNjAz
+MTYyMzI5NDFaFw0zNjAzMTEyMzI5NDFaMIGzMQswCQYDVQQGEwJVUzETMBEGA1UE
+CAwKU2FtYmFTdGF0ZTEZMBcGA1UECgwQU2FtYmFTZWxmVGVzdGluZzEOMAwGA1UE
+CwwFVXNlcnMxLjAsBgNVBAMMJWFkbWluaXN0cmF0b3JAYWRkb20uc2FtYmEuZXhh
+bXBsZS5jb20xNDAyBgkqhkiG9w0BCQEWJWFkbWluaXN0cmF0b3JAYWRkb20uc2Ft
+YmEuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+
+kWTyGyvtm0C8DUYjSXcydP7LmkaGMx5Wvcja3eYqBzRhHPC4cSkkK5DzQ5lvafb/
+jbm3P/M2apmQkNaVY06IWtdBiX9zE2RJx95CZQhdygSyaDpAf2oF31YwL6wbiw/D
+FTw4D5BQRAC7WUD20uhbcwMN9n04XS+Zww0TD3TQnu8ekkLERnzchX7pr5FOnV+C
+r1hgGKWskW7dz6cyPNL06YG+gJ4Myh8avpjE/uYlwYn+FgowkNPU5a+JJGQS0E8Z
+4huG+wapY9FHEIncK1Ik3GapVsLL9Ow1EvStXvz/humx+R+zzkT7vgSvjUKbVqUC
+f8XPXyNBHGnuM5d6gVCLAgMBAAGjggIjMIICHzAJBgNVHRMEAjAAME8GA1UdHwRI
+MEYwRKBCoECGPmh0dHA6Ly93d3cuc2FtYmEuZXhhbXBsZS5jb20vY3Jscy9DQS1z
+YW1iYS5leGFtcGxlLmNvbS1jcmwuY3JsMBEGCWCGSAGG+EIBAQQEAwIFoDALBgNV
+HQ8EBAMCBeAwVQYJYIZIAYb4QgENBEgWRlNtYXJ0IENhcmQgTG9naW4gQ2VydGlm
+aWNhdGUgZm9yIGFkbWluaXN0cmF0b3JAYWRkb20uc2FtYmEuZXhhbXBsZS5jb20w
+HQYDVR0OBBYEFDAQbh9+UjOMyIXlknRddn7pM1s2MB8GA1UdIwQYMBaAFKI+Aiqj
+p005tAhNmcwMdTbqJ8M+MGcGA1UdEQRgMF6BJWFkbWluaXN0cmF0b3JAYWRkb20u
+c2FtYmEuZXhhbXBsZS5jb22gNQYKKwYBBAGCNxQCA6AnDCVhZG1pbmlzdHJhdG9y
+QGFkZG9tLnNhbWJhLmV4YW1wbGUuY29tMDEGA1UdEgQqMCiBJmNhLXNhbWJhLmV4
+YW1wbGUuY29tQHNhbWJhLmV4YW1wbGUuY29tME0GCWCGSAGG+EIBBARAFj5odHRw
+Oi8vd3d3LnNhbWJhLmV4YW1wbGUuY29tL2NybHMvQ0Etc2FtYmEuZXhhbXBsZS5j
+b20tY3JsLmNybDAfBgNVHSUEGDAWBggrBgEFBQcDAgYKKwYBBAGCNxQCAjANBgkq
+hkiG9w0BAQsFAAOCBAEAUz5R0l0saSNb3QUaI/85XVRj5drhS2CMCXxOjtqKu2Nd
+vC2g1M6e0s441zJnukqm0R3Ex1Domp5EVhqc9I+5jjmEIdsPYIpgtA9PPDWg0jc9
+iOgKGKenLRnjqtOOGI817z5KlcTTm/TPicJwuYxc74qeelZzE+uLt9nhiFvEYkdC
+RY17Lc9xgxtInYSPZWaXYfz2MDToiCo0kUjcerdlvJyYAEznSf5NqVbqh9ZsRjny
+mFtWFILynrit/Yk2SIdOXO8/4DX/cl9b4cL92W5AKzWtUAh0lIeJxM3Hq6cZTrry
+HYMPsM+c5t9zNojPQpyjcicP979bzGvlIAO1Shzzfa6SQ6q7EwekOnc9NAEA8Ymq
+6BsJe7iw4VQD/z2NvjW5E7JZWDJIk/jn1z1JcAFE5ishs3VJrkR6UBW4ZfPDSJbf
+yNkq98Uqfixod68teBv8Gtj0i6aGNdLwh+nWMAp2Zfhx6YANHxaGiZKBNNm+m0El
+7GWpClayA5FUAiGXmXRhjEou9NCxi/HmJlK89vLgvZZmIsNOUS/DxGVlx5e1Gykj
+esB7+0kzoKlqty/zRGtbDCwNdfJQ1YK6mqvgiQq2tYpeGmer2achInVhHtchNhVq
+2qg5TZVQK+asxPY4dMnFrM4vs8jUrRink9QavsK+njnmp7EOk9Cez7CsU30IH52l
+mCtO9oDk3+pDovlkv4Sy/xyTNmB0CE5b1iSa+KzHgfkqqQAoRBVqMbm1CInIMRUe
+j50s0OOoMixoQkEZbEOOacBEAbocxOr0/8hXA7rfP16lA9p1MS4HZ6dcAlXDb48R
+9YxWofdLu0bQ5f9owXc9DTUS9UCvzQVcU3T/VODAxhBc6DMGClBHfnE6Nmaq+N6X
+Kq6/jW3UOcT9swMdpZxHOYzAs3P4OtY0rElPs4d0ESCPwKokpzAgDMDZHETursi4
+E2Pl+F6PsFpGxYM9QWIG5GKmCkDMjlmtijZOIObyMgRu7k59l4jc6nSQxKuotbxs
+gbFkd6aTNETkYDixDCspOkr3F9c6yEJ+201fCZKubJDhfZ+WnBqCvUUCdili5bkU
+UwFTwFrVNFN6JUk+PdsZfilXgHhn6iE+PVk24IvadVebyJ2hGBjiXDU1nmIs9Q/A
+j1UWpdSezQ54h51T0wHhGGE2HAbDOkPzihPmTlIy/UYhzWIYH6718hrqegE7oT8d
+FgCRXpR49GAzVKn8HAp1+Req3RKRZkvw0WAl1AbRmZzFZAFLutlmupz3aHX9ETrr
+bvuPpheKzbwaWfmpzTPbfXEmfce+3usuwH7bKQgOgmMejI/mIRyxSROe33g7aAEX
+D9+XllgySB5c//rbkLUFhGj9fMClNdl1HurMJSU/bg==
+-----END CERTIFICATE-----
diff --git a/selftest/manage-ca/CA-samba.example.com/NewCerts/04.pem b/selftest/manage-ca/CA-samba.example.com/NewCerts/04.pem
new file mode 100644
index 0000000..730b824
--- /dev/null
+++ b/selftest/manage-ca/CA-samba.example.com/NewCerts/04.pem
@@ -0,0 +1,168 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4 (0x4)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=US, ST=SambaState, L=SambaCity, O=SambaSelfTesting, OU=CA Administration, CN=CA of samba.example.com/emailAddress=ca-samba.example.com@samba.example.com
+ Validity
+ Not Before: Jun 3 19:30:29 2016 GMT
+ Not After : May 29 19:30:29 2036 GMT
+ Subject: C=US, ST=SambaState, O=SambaSelfTesting, OU=Users, CN=pkinit@samba.example.com/emailAddress=pkinit@samba.example.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:dd:c4:48:44:a5:e9:6b:b4:41:03:6a:dc:34:1f:
+ d6:41:ce:f7:cb:b2:44:a7:a3:0e:89:16:ff:0d:62:
+ 23:e0:8b:24:db:82:82:68:29:22:1b:57:44:12:c6:
+ ea:10:2d:6f:3a:4b:75:b1:2e:76:62:01:62:ff:ba:
+ 3d:67:e1:39:0d:12:38:b0:fc:b3:e5:0e:dd:77:73:
+ 2b:99:25:86:d5:15:84:08:be:b0:8b:38:d7:64:9d:
+ d6:e7:dc:4d:9a:fb:ea:17:41:bb:d1:cf:1a:b9:5b:
+ 0b:8a:e5:8c:5a:b7:2d:ab:bd:f7:c3:91:ae:26:c2:
+ e3:97:27:ea:3f:be:c9:22:af:d6:76:35:45:b0:72:
+ 86:f2:bd:bf:e2:d3:e3:e3:68:52:26:db:f0:a6:6a:
+ 0e:63:05:9b:17:6d:13:ee:c4:15:41:96:27:06:90:
+ fd:10:b5:f9:6c:74:be:b0:a8:bb:70:f7:a2:25:da:
+ f7:f1:91:c2:69:6c:40:c4:63:e8:06:83:e0:1d:b7:
+ 2b:29:d3:75:d1:df:c1:d2:90:af:b9:81:47:78:f3:
+ f1:1a:c9:20:e3:1b:6f:e4:fd:2e:0b:65:a7:6f:b1:
+ b2:a0:d3:e3:d2:2f:2b:ef:fd:01:5b:27:e7:1b:c1:
+ 0e:bc:bd:f0:7b:b2:34:a9:9b:4d:2c:c8:65:33:c8:
+ 33:17
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 CRL Distribution Points:
+
+ Full Name:
+ URI:http://www.samba.example.com/crls/CA-samba.example.com-crl.crl
+
+ Netscape Cert Type:
+ SSL Client, S/MIME
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ Netscape Comment:
+ Smart Card Login Certificate for pkinit@samba.example.com
+ X509v3 Subject Key Identifier:
+ E9:67:66:B8:3D:F1:39:AB:1A:4D:00:9D:EC:CE:FF:4B:50:D8:5D:A2
+ X509v3 Authority Key Identifier:
+ keyid:A2:3E:02:2A:A3:A7:4D:39:B4:08:4D:99:CC:0C:75:36:EA:27:C3:3E
+
+ X509v3 Subject Alternative Name:
+ email:pkinit@samba.example.com, othername:<unsupported>
+ X509v3 Issuer Alternative Name:
+ email:ca-samba.example.com@samba.example.com
+ Netscape CA Revocation Url:
+ http://www.samba.example.com/crls/CA-samba.example.com-crl.crl
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication, scardLogin
+ Signature Algorithm: sha256WithRSAEncryption
+ 88:3e:f3:98:08:ef:cd:53:3a:07:d5:1c:fd:26:7c:f1:96:2e:
+ b9:06:87:f2:5b:e2:be:d1:04:6e:38:59:14:49:9d:46:ef:7e:
+ 6c:08:02:3e:18:09:09:61:a8:1d:a9:da:59:40:58:5f:d2:ca:
+ 4f:76:0e:7e:01:db:05:03:fb:78:c7:89:86:aa:1b:dc:02:bb:
+ 86:a5:02:7c:01:54:dd:ad:e0:43:c5:d9:ec:86:c2:47:b5:5a:
+ 1c:8c:06:0e:fe:11:ad:a5:57:37:f5:0a:35:65:a4:f2:27:14:
+ 2f:bf:53:48:66:e1:da:b9:58:95:a2:d1:95:9c:ae:0a:ca:29:
+ a6:ef:7a:58:74:86:40:ea:2a:c6:18:9f:1a:d9:70:e2:a8:aa:
+ 8d:f1:22:bf:b6:e4:61:d4:21:ee:bf:17:e1:aa:d1:cf:0b:35:
+ 82:c7:3f:a1:be:d1:a5:bd:4e:04:0d:cf:11:2d:d6:0c:7e:47:
+ 5c:5e:84:d2:10:60:7e:97:d7:52:be:a1:cd:2d:85:da:b2:dd:
+ 68:88:12:a4:88:5f:16:0c:ae:6f:60:7f:da:58:5f:91:bd:8d:
+ 15:20:c2:74:94:0b:93:65:80:7c:77:15:a2:70:bb:98:be:41:
+ 1a:2e:c5:78:52:64:e7:44:03:3f:64:97:10:a9:1b:17:f3:79:
+ f9:51:0c:4c:58:e7:03:e7:bb:fd:34:ff:c0:4a:ad:b1:7a:ba:
+ 97:3c:f8:e0:9e:30:3d:e7:5f:be:ac:6a:b3:c1:1e:50:7c:cd:
+ ce:18:bd:96:73:fb:9c:90:e7:ae:e0:be:c5:65:29:9a:1c:da:
+ c3:64:2a:99:dc:93:61:32:9a:70:1a:45:83:72:38:0f:57:de:
+ 0d:f5:64:71:97:de:b5:64:99:43:30:6d:3f:25:82:b5:3e:a1:
+ ba:39:d2:fc:b8:df:7e:57:da:fc:be:c2:84:2e:99:41:52:a2:
+ 18:f4:99:c7:e2:b9:af:2a:84:32:5c:cb:ba:26:86:6b:8e:58:
+ 30:d8:4f:5b:60:34:fd:30:de:c5:a0:7a:8c:e7:34:2b:bc:81:
+ 6d:4c:a8:b5:ba:b5:52:b9:42:e5:d8:7e:be:31:a3:8e:b0:c3:
+ f6:16:28:92:e7:9d:3f:c8:cf:a0:4a:b0:3a:ae:75:59:ab:19:
+ 91:e4:2e:76:57:3f:58:88:5f:2e:7b:c5:8f:11:25:0f:cd:8f:
+ e3:91:80:2f:d4:7b:5a:80:c3:c9:7c:0a:aa:01:bf:5c:8c:0e:
+ 57:84:bf:72:ad:7b:0a:b9:95:27:0f:aa:9b:96:08:8e:bb:63:
+ 56:5a:1d:ad:0c:5b:1c:04:38:ae:2b:88:d4:d1:68:20:f2:a0:
+ 9b:77:9c:95:db:17:cb:cf:79:4a:13:66:c9:34:36:f6:c6:f9:
+ 8b:4b:92:5e:59:a3:5d:75:4e:fa:f2:fa:d5:d9:66:80:82:a4:
+ 8d:e2:d8:b6:ed:c5:a3:ca:a2:70:64:9c:b9:1c:49:b2:2f:46:
+ b3:13:3b:88:a7:5a:8e:22:b7:90:f5:74:27:21:06:a4:94:bb:
+ b1:cb:e7:e4:92:f0:e9:80:15:94:82:1a:97:34:d0:cf:aa:37:
+ b1:27:a5:38:39:7c:8d:ba:a1:12:dd:30:48:44:90:0c:35:0f:
+ cc:e6:13:e7:c9:06:36:1d:b0:c9:be:28:0f:47:1c:b0:47:a3:
+ 20:d1:bb:a1:85:1a:80:c2:9b:70:61:9f:a7:82:46:3c:80:28:
+ 0c:17:f6:fc:75:83:be:ff:5c:da:bc:be:2c:65:a6:c0:fc:c1:
+ 32:ae:9a:bf:d1:7c:fb:b3:26:3b:77:03:fe:a9:e9:ae:4c:72:
+ 58:a9:6e:ce:ad:c0:1f:30:b2:06:32:65:af:5f:db:3d:2b:ab:
+ c5:46:5c:0a:df:50:b5:7e:31:c8:b0:7e:50:e2:aa:d8:01:8e:
+ ea:e7:3c:8b:90:73:de:77:9f:47:ea:af:16:0d:a5:c0:89:6f:
+ 86:a4:84:f7:1f:03:fd:7d:f8:a8:7d:9c:9a:f1:13:c8:d5:5b:
+ 9c:2f:71:c1:c0:c2:17:89:39:6d:28:2d:20:31:ca:60:cf:7f:
+ 78:42:5c:a3:28:76:19:a8:ca:e6:07:22:6d:7f:04:b1:20:ab:
+ 70:40:33:e9:a3:fa:da:b5:7c:ee:70:0b:c6:a2:6a:90:1a:10:
+ fe:8a:9b:56:5c:44:85:f1:b4:41:67:0b:c1:a3:68:2f:ff:b1:
+ 48:f3:38:4b:28:4e:52:36:0c:9b:37:aa:7e:82:63:c3:61:33:
+ a9:05:b3:af:13:07:b3:9e:4d:4c:3c:c4:47:34:ce:f3:6e:55:
+ 69:d7:af:dc:e4:82:34:9b:fe:cc:d9:db:1f:08:3e:3c:3a:9b:
+ ac:a7:7e:61:3f:5f:01:0c:d8:f3:63:31:31:07:e2:05:84:30:
+ 65:f4:b0:a6:cc:ad:63:fe:06:db:d7:e9:2f:9d:db:2c:64:af:
+ d6:d1:cc:9e:c3:11:09:ad:7d:e2:06:6d:21:ad:a5:4f:a6:87:
+ 9b:ee:db:6c:e9:69:a7:6a:eb:93:67:e2:e9:6f:23:f8:2e:95:
+ 78:5f:a8:66:ae:7e:2c:5e:6b:07:3e:02:ad:20:af:61:9c:0e:
+ 1d:c6:7a:31:5a:33:bd:61:1a:67:5b:a9:42:3c:17:67:f8:dd:
+ 80:e3:ab:62:a0:42:53:33:1f:f7:79:ea:32:d1:26:dd:bb:c6:
+ 26:aa:2c:ac:16:7e:24:b4:ae:7d:ce:77:e8:5f:2d:97
+-----BEGIN CERTIFICATE-----
+MIII2jCCBMKgAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBxjELMAkGA1UEBhMCVVMx
+EzARBgNVBAgMClNhbWJhU3RhdGUxEjAQBgNVBAcMCVNhbWJhQ2l0eTEZMBcGA1UE
+CgwQU2FtYmFTZWxmVGVzdGluZzEaMBgGA1UECwwRQ0EgQWRtaW5pc3RyYXRpb24x
+IDAeBgNVBAMMF0NBIG9mIHNhbWJhLmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkB
+FiZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTAeFw0xNjA2
+MDMxOTMwMjlaFw0zNjA1MjkxOTMwMjlaMIGZMQswCQYDVQQGEwJVUzETMBEGA1UE
+CAwKU2FtYmFTdGF0ZTEZMBcGA1UECgwQU2FtYmFTZWxmVGVzdGluZzEOMAwGA1UE
+CwwFVXNlcnMxITAfBgNVBAMMGHBraW5pdEBzYW1iYS5leGFtcGxlLmNvbTEnMCUG
+CSqGSIb3DQEJARYYcGtpbml0QHNhbWJhLmV4YW1wbGUuY29tMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3cRIRKXpa7RBA2rcNB/WQc73y7JEp6MOiRb/
+DWIj4Isk24KCaCkiG1dEEsbqEC1vOkt1sS52YgFi/7o9Z+E5DRI4sPyz5Q7dd3Mr
+mSWG1RWECL6wizjXZJ3W59xNmvvqF0G70c8auVsLiuWMWrctq733w5GuJsLjlyfq
+P77JIq/WdjVFsHKG8r2/4tPj42hSJtvwpmoOYwWbF20T7sQVQZYnBpD9ELX5bHS+
+sKi7cPeiJdr38ZHCaWxAxGPoBoPgHbcrKdN10d/B0pCvuYFHePPxGskg4xtv5P0u
+C2Wnb7GyoNPj0i8r7/0BWyfnG8EOvL3we7I0qZtNLMhlM8gzFwIDAQABo4IB/DCC
+AfgwCQYDVR0TBAIwADBPBgNVHR8ESDBGMESgQqBAhj5odHRwOi8vd3d3LnNhbWJh
+LmV4YW1wbGUuY29tL2NybHMvQ0Etc2FtYmEuZXhhbXBsZS5jb20tY3JsLmNybDAR
+BglghkgBhvhCAQEEBAMCBaAwCwYDVR0PBAQDAgXgMEgGCWCGSAGG+EIBDQQ7FjlT
+bWFydCBDYXJkIExvZ2luIENlcnRpZmljYXRlIGZvciBwa2luaXRAc2FtYmEuZXhh
+bXBsZS5jb20wHQYDVR0OBBYEFOlnZrg98TmrGk0AnezO/0tQ2F2iMB8GA1UdIwQY
+MBaAFKI+Aiqjp005tAhNmcwMdTbqJ8M+ME0GA1UdEQRGMESBGHBraW5pdEBzYW1i
+YS5leGFtcGxlLmNvbaAoBgorBgEEAYI3FAIDoBoMGHBraW5pdEBzYW1iYS5leGFt
+cGxlLmNvbTAxBgNVHRIEKjAogSZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5l
+eGFtcGxlLmNvbTBNBglghkgBhvhCAQQEQBY+aHR0cDovL3d3dy5zYW1iYS5leGFt
+cGxlLmNvbS9jcmxzL0NBLXNhbWJhLmV4YW1wbGUuY29tLWNybC5jcmwwHwYDVR0l
+BBgwFgYIKwYBBQUHAwIGCisGAQQBgjcUAgIwDQYJKoZIhvcNAQELBQADggQBAIg+
+85gI781TOgfVHP0mfPGWLrkGh/Jb4r7RBG44WRRJnUbvfmwIAj4YCQlhqB2p2llA
+WF/Syk92Dn4B2wUD+3jHiYaqG9wCu4alAnwBVN2t4EPF2eyGwke1WhyMBg7+Ea2l
+Vzf1CjVlpPInFC+/U0hm4dq5WJWi0ZWcrgrKKabvelh0hkDqKsYYnxrZcOKoqo3x
+Ir+25GHUIe6/F+Gq0c8LNYLHP6G+0aW9TgQNzxEt1gx+R1xehNIQYH6X11K+oc0t
+hdqy3WiIEqSIXxYMrm9gf9pYX5G9jRUgwnSUC5NlgHx3FaJwu5i+QRouxXhSZOdE
+Az9klxCpGxfzeflRDExY5wPnu/00/8BKrbF6upc8+OCeMD3nX76sarPBHlB8zc4Y
+vZZz+5yQ567gvsVlKZoc2sNkKpnck2EymnAaRYNyOA9X3g31ZHGX3rVkmUMwbT8l
+grU+obo50vy4335X2vy+woQumUFSohj0mcfiua8qhDJcy7omhmuOWDDYT1tgNP0w
+3sWgeoznNCu8gW1MqLW6tVK5QuXYfr4xo46ww/YWKJLnnT/Iz6BKsDqudVmrGZHk
+LnZXP1iIXy57xY8RJQ/Nj+ORgC/Ue1qAw8l8CqoBv1yMDleEv3Ktewq5lScPqpuW
+CI67Y1ZaHa0MWxwEOK4riNTRaCDyoJt3nJXbF8vPeUoTZsk0NvbG+YtLkl5Zo111
+Tvry+tXZZoCCpI3i2LbtxaPKonBknLkcSbIvRrMTO4inWo4it5D1dCchBqSUu7HL
+5+SS8OmAFZSCGpc00M+qN7EnpTg5fI26oRLdMEhEkAw1D8zmE+fJBjYdsMm+KA9H
+HLBHoyDRu6GFGoDCm3Bhn6eCRjyAKAwX9vx1g77/XNq8vixlpsD8wTKumr/RfPuz
+Jjt3A/6p6a5Mclipbs6twB8wsgYyZa9f2z0rq8VGXArfULV+MciwflDiqtgBjurn
+PIuQc953n0fqrxYNpcCJb4akhPcfA/19+Kh9nJrxE8jVW5wvccHAwheJOW0oLSAx
+ymDPf3hCXKModhmoyuYHIm1/BLEgq3BAM+mj+tq1fO5wC8aiapAaEP6Km1ZcRIXx
+tEFnC8GjaC//sUjzOEsoTlI2DJs3qn6CY8NhM6kFs68TB7OeTUw8xEc0zvNuVWnX
+r9zkgjSb/szZ2x8IPjw6m6ynfmE/XwEM2PNjMTEH4gWEMGX0sKbMrWP+BtvX6S+d
+2yxkr9bRzJ7DEQmtfeIGbSGtpU+mh5vu22zpaadq65Nn4ulvI/gulXhfqGaufixe
+awc+Aq0gr2GcDh3GejFaM71hGmdbqUI8F2f43YDjq2KgQlMzH/d56jLRJt27xiaq
+LKwWfiS0rn3Od+hfLZc=
+-----END CERTIFICATE-----
diff --git a/selftest/manage-ca/CA-samba.example.com/NewCerts/05.pem b/selftest/manage-ca/CA-samba.example.com/NewCerts/05.pem
new file mode 100644
index 0000000..997dfd3
--- /dev/null
+++ b/selftest/manage-ca/CA-samba.example.com/NewCerts/05.pem
@@ -0,0 +1,168 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 5 (0x5)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=US, ST=SambaState, L=SambaCity, O=SambaSelfTesting, OU=CA Administration, CN=CA of samba.example.com/emailAddress=ca-samba.example.com@samba.example.com
+ Validity
+ Not Before: Jun 3 19:30:47 2016 GMT
+ Not After : May 29 19:30:47 2036 GMT
+ Subject: C=US, ST=SambaState, O=SambaSelfTesting, OU=Users, CN=pkinit@addom.samba.example.com/emailAddress=pkinit@addom.samba.example.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:b3:a4:e8:bd:c8:4f:6a:71:c6:15:a8:dd:00:d6:
+ 61:74:00:e4:8f:b5:c4:0e:98:d9:51:aa:aa:4f:c7:
+ 8c:f9:6c:37:5c:60:55:da:7c:55:9c:d3:cd:e2:f1:
+ ed:51:39:25:d5:fa:69:7e:a7:67:9c:a9:61:1b:5c:
+ 73:50:d0:6f:ba:ce:3a:df:fe:ae:95:95:8e:97:ab:
+ c6:bb:6a:c3:60:0b:ca:c2:9c:31:ff:c6:2f:52:bb:
+ cb:2f:f6:2c:4d:be:20:e1:16:49:d3:22:36:66:4f:
+ 5c:c4:30:12:07:34:8b:00:4e:5b:51:7d:40:35:81:
+ dc:5c:0e:af:be:78:63:80:69:67:87:53:97:d0:3f:
+ d7:66:8d:26:8a:0a:24:95:f9:db:dd:93:0e:48:54:
+ c8:30:e4:77:0d:65:ef:a4:6a:de:29:91:77:97:40:
+ 5c:2e:ed:35:5e:b9:0f:37:ad:d9:70:76:99:77:45:
+ 8c:4a:65:63:13:72:d5:c4:53:37:57:85:0a:6d:74:
+ 30:8c:69:7f:83:f0:7f:f5:67:05:79:80:27:d4:38:
+ 6d:49:2f:8d:2a:97:2e:33:1f:d0:e0:c1:76:1b:bf:
+ bf:b1:75:8a:c9:b1:3f:3f:f2:4e:c5:b0:68:5e:76:
+ 8a:7e:9c:57:b2:ec:3d:18:83:e2:65:d5:30:5e:b5:
+ f4:c7
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 CRL Distribution Points:
+
+ Full Name:
+ URI:http://www.samba.example.com/crls/CA-samba.example.com-crl.crl
+
+ Netscape Cert Type:
+ SSL Client, S/MIME
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ Netscape Comment:
+ Smart Card Login Certificate for pkinit@addom.samba.example.com
+ X509v3 Subject Key Identifier:
+ 3E:81:65:A1:E3:7E:18:BE:80:FE:15:93:CC:20:15:FD:08:D4:A4:3D
+ X509v3 Authority Key Identifier:
+ keyid:A2:3E:02:2A:A3:A7:4D:39:B4:08:4D:99:CC:0C:75:36:EA:27:C3:3E
+
+ X509v3 Subject Alternative Name:
+ email:pkinit@addom.samba.example.com, othername:<unsupported>
+ X509v3 Issuer Alternative Name:
+ email:ca-samba.example.com@samba.example.com
+ Netscape CA Revocation Url:
+ http://www.samba.example.com/crls/CA-samba.example.com-crl.crl
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication, scardLogin
+ Signature Algorithm: sha256WithRSAEncryption
+ 7b:47:4c:55:7c:77:8b:8f:ca:23:3e:51:6a:51:c1:49:44:0d:
+ 72:56:27:79:f7:54:48:ef:74:37:5e:2a:33:68:dc:04:8a:de:
+ b2:8e:7b:26:6f:67:f5:bc:0a:e1:ec:74:12:86:5a:6b:56:7d:
+ 75:24:d0:df:c7:1e:c4:28:e8:a5:c0:e5:3a:a0:74:f8:95:70:
+ 61:44:a1:9c:e3:54:d8:cf:1b:e2:2f:35:d3:ca:1a:5f:07:e9:
+ ce:fe:79:e1:20:ac:9e:94:74:a5:80:2e:38:75:bc:bc:d7:2d:
+ e0:54:c1:17:9a:8e:07:42:7e:5f:2e:17:93:63:ab:ae:ed:c6:
+ 29:0f:91:c8:8a:99:ad:21:5b:52:a7:dd:0c:2f:32:dc:0d:36:
+ 9c:98:02:aa:eb:8f:2d:3a:86:1a:cf:f8:f5:da:0b:70:7e:14:
+ 9c:79:bc:8a:6c:c7:06:8d:3e:3b:26:2a:50:a1:05:ca:47:79:
+ d1:ba:55:06:cd:d2:3a:10:27:8d:cb:ee:b4:f7:90:ff:f2:fb:
+ 67:f0:73:0b:4f:51:5e:0b:8d:e4:94:cb:da:56:2d:18:91:b8:
+ 51:0f:ee:48:99:cc:ae:8b:6b:ac:d8:38:1e:5e:5e:d9:1a:29:
+ 52:04:52:49:49:30:60:3b:fa:4e:c9:0c:a0:67:20:e1:4a:9f:
+ 84:44:c8:ca:35:d5:28:a6:06:7e:dc:c3:81:8d:40:12:3d:ae:
+ 0d:51:42:5a:16:92:78:2e:70:0b:ba:7f:8e:52:b7:2e:a8:f1:
+ 72:32:ba:6f:30:92:1e:40:0f:bf:09:14:5b:63:c6:1d:b3:ac:
+ eb:e7:69:f0:1b:3c:b8:4a:ec:a2:22:e2:58:ad:ef:22:77:9c:
+ e2:51:ec:38:bf:47:d8:1e:43:77:61:3d:60:54:c7:ba:6a:be:
+ 87:ea:f7:9e:46:74:90:70:c3:d9:74:21:be:90:78:12:2f:30:
+ d2:56:3b:9a:24:27:17:1b:d0:8c:49:e7:65:a8:d2:d9:0f:f8:
+ e9:5e:51:8c:97:cf:90:37:e5:ad:dc:88:ac:c1:54:57:7a:9a:
+ f4:5a:80:25:85:7c:d0:b7:17:03:8c:b3:43:20:59:c7:f3:68:
+ 72:f5:53:75:df:a0:00:12:f0:28:d5:dc:70:ec:9e:c2:33:bd:
+ 73:e9:8c:62:b8:2f:0d:55:a3:3d:d2:21:59:4f:3a:d7:50:aa:
+ 43:72:25:05:a0:2f:e0:f1:79:59:2a:57:e6:b9:91:21:b9:9f:
+ 07:f9:49:fc:d7:97:f7:be:a7:81:69:ac:6c:9a:7c:25:5e:6b:
+ 48:37:90:89:ac:37:02:b5:be:41:01:56:93:71:f4:e9:75:3c:
+ aa:0a:9b:d6:a3:09:64:51:30:d7:2c:1a:dd:bc:83:2e:45:b5:
+ 90:a5:ad:16:ba:18:56:1c:88:73:b5:ee:77:6d:65:3e:11:dc:
+ 36:45:6a:08:99:5d:24:86:93:da:45:95:2a:de:80:96:2e:db:
+ d7:87:b3:f1:70:3c:b5:56:eb:ca:62:dc:3c:49:84:3c:f8:6d:
+ d9:44:e0:81:33:5e:f7:22:27:8b:09:05:12:a6:c1:79:56:c7:
+ 7f:e2:80:d6:ab:4d:e5:1a:ff:ae:9a:fd:3b:7b:aa:15:ca:10:
+ c2:6a:98:c4:70:63:6e:7d:94:8e:87:0a:24:bd:b1:59:85:67:
+ 5b:e8:2e:ff:d7:43:8c:46:06:1a:a8:ba:72:e7:0d:ef:5f:6c:
+ 2d:5c:14:56:ad:5d:56:a5:21:09:7b:16:44:4a:74:9d:1a:03:
+ aa:1a:41:29:e5:78:e4:7c:9e:53:18:61:d8:5a:d1:e8:a8:0e:
+ f4:d3:40:d6:6b:cd:c9:e4:a3:3d:51:54:c3:d6:09:4c:48:9e:
+ 34:2a:23:ad:83:ab:9a:99:c2:bf:7b:85:98:d7:b6:21:fc:c4:
+ 17:6c:56:46:95:98:da:e8:6c:f3:67:4e:33:fc:68:b8:af:86:
+ 07:8b:8e:f3:16:2c:ec:82:e7:b8:47:64:5c:f5:bd:37:75:b5:
+ 94:d3:09:3c:3d:6a:6d:47:81:e0:1b:df:5e:d7:6c:92:7d:23:
+ 91:3e:29:06:21:5b:52:62:47:87:e8:7e:20:ab:fa:cb:3f:9e:
+ ab:7e:55:7e:d2:76:7d:3e:ce:49:f5:ad:a1:f8:13:ba:9a:d6:
+ 54:bb:e9:f0:e0:a6:77:27:95:33:84:48:ff:29:87:fc:65:94:
+ d4:56:44:88:fc:40:0a:64:32:15:13:36:bf:fb:10:65:35:94:
+ 66:ad:d7:e4:16:08:c5:8b:2f:c7:a1:14:99:60:69:66:39:3f:
+ 8d:f3:d3:46:ae:c9:ad:85:94:9b:06:6f:7e:f9:84:b4:e7:fb:
+ 7c:79:1b:75:00:f7:10:19:86:57:48:ea:d5:24:eb:f5:d6:42:
+ 43:73:36:db:9a:15:73:01:75:db:e5:4f:d0:68:3a:3b:35:ce:
+ 19:ab:08:e8:75:c4:7d:b0:d8:c9:64:f9:de:e4:ae:df:a5:24:
+ 19:dd:b8:d1:88:40:48:2a:13:6c:ad:72:23:46:45:2c:78:0c:
+ d4:68:15:11:7f:e2:47:2d:ce:d0:ce:ae:43:8b:08:af:42:12:
+ 85:6f:4d:8b:39:e0:a1:d9:65:08:b1:dc:00:e2:e8:f0:e1:f6:
+ 8f:21:8e:81:cd:de:8a:d0:92:58:22:d0:b0:29:fa:f8:98:6f:
+ c6:e0:68:37:b4:57:90:c2:c4:7c:38:64:51:d7:61:5a
+-----BEGIN CERTIFICATE-----
+MIII+DCCBOCgAwIBAgIBBTANBgkqhkiG9w0BAQsFADCBxjELMAkGA1UEBhMCVVMx
+EzARBgNVBAgMClNhbWJhU3RhdGUxEjAQBgNVBAcMCVNhbWJhQ2l0eTEZMBcGA1UE
+CgwQU2FtYmFTZWxmVGVzdGluZzEaMBgGA1UECwwRQ0EgQWRtaW5pc3RyYXRpb24x
+IDAeBgNVBAMMF0NBIG9mIHNhbWJhLmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkB
+FiZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTAeFw0xNjA2
+MDMxOTMwNDdaFw0zNjA1MjkxOTMwNDdaMIGlMQswCQYDVQQGEwJVUzETMBEGA1UE
+CAwKU2FtYmFTdGF0ZTEZMBcGA1UECgwQU2FtYmFTZWxmVGVzdGluZzEOMAwGA1UE
+CwwFVXNlcnMxJzAlBgNVBAMMHnBraW5pdEBhZGRvbS5zYW1iYS5leGFtcGxlLmNv
+bTEtMCsGCSqGSIb3DQEJARYecGtpbml0QGFkZG9tLnNhbWJhLmV4YW1wbGUuY29t
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6TovchPanHGFajdANZh
+dADkj7XEDpjZUaqqT8eM+Ww3XGBV2nxVnNPN4vHtUTkl1fppfqdnnKlhG1xzUNBv
+us463/6ulZWOl6vGu2rDYAvKwpwx/8YvUrvLL/YsTb4g4RZJ0yI2Zk9cxDASBzSL
+AE5bUX1ANYHcXA6vvnhjgGlnh1OX0D/XZo0migoklfnb3ZMOSFTIMOR3DWXvpGre
+KZF3l0BcLu01XrkPN63ZcHaZd0WMSmVjE3LVxFM3V4UKbXQwjGl/g/B/9WcFeYAn
+1DhtSS+NKpcuMx/Q4MF2G7+/sXWKybE/P/JOxbBoXnaKfpxXsuw9GIPiZdUwXrX0
+xwIDAQABo4ICDjCCAgowCQYDVR0TBAIwADBPBgNVHR8ESDBGMESgQqBAhj5odHRw
+Oi8vd3d3LnNhbWJhLmV4YW1wbGUuY29tL2NybHMvQ0Etc2FtYmEuZXhhbXBsZS5j
+b20tY3JsLmNybDARBglghkgBhvhCAQEEBAMCBaAwCwYDVR0PBAQDAgXgME4GCWCG
+SAGG+EIBDQRBFj9TbWFydCBDYXJkIExvZ2luIENlcnRpZmljYXRlIGZvciBwa2lu
+aXRAYWRkb20uc2FtYmEuZXhhbXBsZS5jb20wHQYDVR0OBBYEFD6BZaHjfhi+gP4V
+k8wgFf0I1KQ9MB8GA1UdIwQYMBaAFKI+Aiqjp005tAhNmcwMdTbqJ8M+MFkGA1Ud
+EQRSMFCBHnBraW5pdEBhZGRvbS5zYW1iYS5leGFtcGxlLmNvbaAuBgorBgEEAYI3
+FAIDoCAMHnBraW5pdEBhZGRvbS5zYW1iYS5leGFtcGxlLmNvbTAxBgNVHRIEKjAo
+gSZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTBNBglghkgB
+hvhCAQQEQBY+aHR0cDovL3d3dy5zYW1iYS5leGFtcGxlLmNvbS9jcmxzL0NBLXNh
+bWJhLmV4YW1wbGUuY29tLWNybC5jcmwwHwYDVR0lBBgwFgYIKwYBBQUHAwIGCisG
+AQQBgjcUAgIwDQYJKoZIhvcNAQELBQADggQBAHtHTFV8d4uPyiM+UWpRwUlEDXJW
+J3n3VEjvdDdeKjNo3ASK3rKOeyZvZ/W8CuHsdBKGWmtWfXUk0N/HHsQo6KXA5Tqg
+dPiVcGFEoZzjVNjPG+IvNdPKGl8H6c7+eeEgrJ6UdKWALjh1vLzXLeBUwReajgdC
+fl8uF5Njq67txikPkciKma0hW1Kn3QwvMtwNNpyYAqrrjy06hhrP+PXaC3B+FJx5
+vIpsxwaNPjsmKlChBcpHedG6VQbN0joQJ43L7rT3kP/y+2fwcwtPUV4LjeSUy9pW
+LRiRuFEP7kiZzK6La6zYOB5eXtkaKVIEUklJMGA7+k7JDKBnIOFKn4REyMo11Sim
+Bn7cw4GNQBI9rg1RQloWkngucAu6f45Sty6o8XIyum8wkh5AD78JFFtjxh2zrOvn
+afAbPLhK7KIi4lit7yJ3nOJR7Di/R9geQ3dhPWBUx7pqvofq955GdJBww9l0Ib6Q
+eBIvMNJWO5okJxcb0IxJ52Wo0tkP+OleUYyXz5A35a3ciKzBVFd6mvRagCWFfNC3
+FwOMs0MgWcfzaHL1U3XfoAAS8CjV3HDsnsIzvXPpjGK4Lw1Voz3SIVlPOtdQqkNy
+JQWgL+DxeVkqV+a5kSG5nwf5SfzXl/e+p4FprGyafCVea0g3kImsNwK1vkEBVpNx
+9Ol1PKoKm9ajCWRRMNcsGt28gy5FtZClrRa6GFYciHO17ndtZT4R3DZFagiZXSSG
+k9pFlSregJYu29eHs/FwPLVW68pi3DxJhDz4bdlE4IEzXvciJ4sJBRKmwXlWx3/i
+gNarTeUa/66a/Tt7qhXKEMJqmMRwY259lI6HCiS9sVmFZ1voLv/XQ4xGBhqounLn
+De9fbC1cFFatXValIQl7FkRKdJ0aA6oaQSnleOR8nlMYYdha0eioDvTTQNZrzcnk
+oz1RVMPWCUxInjQqI62Dq5qZwr97hZjXtiH8xBdsVkaVmNrobPNnTjP8aLivhgeL
+jvMWLOyC57hHZFz1vTd1tZTTCTw9am1HgeAb317XbJJ9I5E+KQYhW1JiR4fofiCr
++ss/nqt+VX7Sdn0+zkn1raH4E7qa1lS76fDgpncnlTOESP8ph/xllNRWRIj8QApk
+MhUTNr/7EGU1lGat1+QWCMWLL8ehFJlgaWY5P43z00auya2FlJsGb375hLTn+3x5
+G3UA9xAZhldI6tUk6/XWQkNzNtuaFXMBddvlT9BoOjs1zhmrCOh1xH2w2Mlk+d7k
+rt+lJBnduNGIQEgqE2ytciNGRSx4DNRoFRF/4kctztDOrkOLCK9CEoVvTYs54KHZ
+ZQix3ADi6PDh9o8hjoHN3orQklgi0LAp+viYb8bgaDe0V5DCxHw4ZFHXYVo=
+-----END CERTIFICATE-----
diff --git a/selftest/manage-ca/CA-samba.example.com/NewCerts/06.pem b/selftest/manage-ca/CA-samba.example.com/NewCerts/06.pem
new file mode 100644
index 0000000..6b25079
--- /dev/null
+++ b/selftest/manage-ca/CA-samba.example.com/NewCerts/06.pem
@@ -0,0 +1,191 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 6 (0x6)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=US, ST=SambaState, L=SambaCity, O=SambaSelfTesting, OU=CA Administration, CN=CA of samba.example.com/emailAddress=ca-samba.example.com@samba.example.com
+ Validity
+ Not Before: Feb 28 13:30:28 2020 GMT
+ Not After : Feb 23 13:30:28 2040 GMT
+ Subject: C=US, ST=SambaState, O=SambaSelfTesting, OU=Domain Controllers, CN=addcsmb1.addom2.samba.example.com/emailAddress=ca-samba.example.com@samba.example.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (4096 bit)
+ Modulus:
+ 00:de:fe:5d:7a:30:99:bb:1e:11:56:ac:b0:d4:01:
+ 50:30:83:e1:71:0f:aa:3e:1a:b4:f7:9d:ea:93:69:
+ fc:be:51:19:4c:37:f7:a3:b3:3c:90:13:62:63:14:
+ 9d:b8:54:66:17:65:4a:67:8e:ce:96:7f:4d:c2:c6:
+ 6e:fd:3c:ae:bb:e2:5b:6c:ee:51:7b:db:37:17:94:
+ 99:02:3a:2f:a9:cb:d0:23:29:b7:43:33:08:fc:3f:
+ 15:3b:ed:3c:eb:69:5b:95:45:18:1e:85:5e:aa:31:
+ b6:3e:18:c8:2f:3a:48:2d:cc:c6:69:28:b6:5c:ac:
+ 24:03:b1:83:e8:e6:96:a7:06:6d:fe:73:13:04:d2:
+ 18:0f:d4:72:f7:88:22:40:5b:ab:68:a4:89:e2:3d:
+ c0:ca:e5:a7:ae:b6:f8:ea:8a:8c:39:9c:6d:1b:89:
+ ab:72:2c:04:27:40:7e:f5:d3:3f:5d:d8:0d:71:67:
+ 65:1d:e3:3d:65:b0:97:7f:14:ad:92:43:2f:3f:04:
+ ab:1e:31:52:07:7f:df:48:ac:9a:c0:28:d1:ab:eb:
+ f2:79:b3:d2:44:5f:e8:2d:92:d7:d8:be:03:fe:db:
+ 55:2b:4b:f8:9c:b4:ce:02:78:07:72:0f:d5:32:cd:
+ 01:1e:3d:b2:6e:25:29:fa:09:49:49:ab:ed:dc:2b:
+ 10:c5:3d:19:3c:c4:1e:da:ee:95:c2:ff:f8:50:b4:
+ f7:47:9a:a4:7d:1c:9a:8d:77:da:b6:a2:e6:4f:cd:
+ 80:b9:b1:f2:1d:dc:90:60:37:6f:39:5e:a6:03:e2:
+ 8b:44:d7:a4:45:fd:7e:4f:43:14:f0:68:0d:e6:84:
+ 8f:21:20:53:f6:b4:67:bd:fc:5d:f4:48:2a:95:1d:
+ 7d:79:ba:a1:ee:b8:f0:83:83:7f:ab:b1:eb:38:4e:
+ 3c:4b:8a:93:80:15:63:4c:43:1d:81:4b:c1:e6:d5:
+ b0:9f:6c:49:9d:04:92:66:6c:9f:7c:d3:62:50:72:
+ fc:77:65:87:39:d9:d0:ef:5e:53:49:32:4a:d3:1b:
+ 4a:88:45:f0:0f:a2:5e:33:29:bd:ab:3d:6b:3d:23:
+ bc:c6:9c:9d:98:9c:9d:8d:cc:32:3e:e1:8c:98:19:
+ 1c:44:ee:17:43:b3:b0:47:a5:fe:15:49:aa:5a:b7:
+ 76:43:4c:df:9a:e8:33:3d:52:e8:6c:2c:dd:3e:d8:
+ a9:e9:2d:36:c2:3a:43:75:b2:bc:d5:bd:81:8b:fc:
+ 63:37:61:88:24:bb:76:35:19:00:44:7a:3e:30:a8:
+ 9e:8f:df:74:14:09:0b:f5:8b:c9:b0:ed:be:d0:cf:
+ c0:7f:61:41:07:f8:6c:7d:0a:05:96:4f:6e:5f:cc:
+ 40:f3:f5
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 CRL Distribution Points:
+
+ Full Name:
+ URI:http://www.samba.example.com/crls/CA-samba.example.com-crl.crl
+
+ Netscape Cert Type:
+ SSL Server
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ Netscape Comment:
+ Domain Controller Certificate addcsmb1.addom2.samba.example.com
+ X509v3 Subject Key Identifier:
+ 5B:85:11:27:BF:F7:A6:2B:8F:51:93:D8:29:4E:0E:A2:67:AA:9D:80
+ X509v3 Authority Key Identifier:
+ keyid:A2:3E:02:2A:A3:A7:4D:39:B4:08:4D:99:CC:0C:75:36:EA:27:C3:3E
+
+ X509v3 Subject Alternative Name:
+ DNS:addcsmb1.addom2.samba.example.com, othername:<unsupported>
+ X509v3 Issuer Alternative Name:
+ email:ca-samba.example.com@samba.example.com
+ Netscape CA Revocation Url:
+ http://www.samba.example.com/crls/CA-samba.example.com-crl.crl
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication, TLS Web Server Authentication, msKDC
+ Signature Algorithm: sha256WithRSAEncryption
+ 73:de:7a:35:bc:15:ac:32:44:5b:98:60:64:12:af:ea:42:46:
+ 7d:fb:b2:88:b3:47:61:c3:0b:6d:d1:68:92:3d:44:cd:37:86:
+ da:10:d2:18:db:19:29:03:31:1a:26:cd:70:d1:ec:13:ac:59:
+ 84:cd:be:9f:2b:c6:2d:10:aa:4b:4d:78:39:d3:6b:e1:4d:e8:
+ 10:a0:3e:97:d3:1c:19:11:e4:0f:26:7f:96:d7:26:17:23:02:
+ d9:4b:47:0c:af:c7:ef:28:ae:1c:28:e5:d2:7a:61:46:70:3b:
+ 49:5e:d0:65:54:4c:ae:14:27:c0:e4:17:41:2c:1a:42:0d:86:
+ 6c:37:48:65:80:02:21:b3:2b:1f:4f:34:a5:ce:7b:b0:fe:06:
+ a6:fe:c5:1b:ca:e5:e6:7e:d5:dc:01:d2:50:c4:f8:5e:73:6c:
+ 2c:56:81:d0:a4:73:bf:82:cb:d8:76:ca:7e:44:99:3a:5f:a9:
+ 97:89:a8:5c:5b:1b:38:0d:4d:cb:02:49:69:82:13:68:a6:be:
+ 4b:a3:57:a6:a6:e3:f0:dc:ad:1c:30:00:bf:ed:15:ca:c3:3d:
+ 5c:7b:dc:6d:e6:cb:bb:bc:a1:22:e7:32:95:e0:0f:6a:ab:40:
+ 0c:43:ed:f3:98:63:7c:2f:15:63:49:4e:5c:82:65:13:f2:53:
+ 26:d7:4c:c6:f8:7e:fa:bc:a8:22:44:f1:fb:a6:bb:27:64:ec:
+ 94:28:19:4a:af:09:7e:01:8e:9d:3e:43:e5:79:fd:16:ed:24:
+ b4:ab:58:02:e2:9e:f8:a1:b0:45:25:6d:2f:be:bb:88:90:c7:
+ d8:45:31:48:65:26:33:86:cc:46:69:53:6b:f1:d6:35:df:b1:
+ 39:ed:81:e1:23:f1:01:de:99:10:11:f0:3f:4d:5d:d3:8a:0c:
+ 44:78:f6:27:4a:32:1d:ab:0c:63:d0:71:25:62:67:f5:0c:7e:
+ 2c:7c:a4:ec:8d:de:00:6d:5f:69:5d:bf:e6:c7:59:75:87:5e:
+ 2c:12:dc:a5:1b:dd:c1:7a:c9:56:63:6a:3b:c6:9a:b7:fc:15:
+ 01:53:4d:c8:ca:c7:c8:81:50:a0:65:43:33:fb:aa:55:64:a0:
+ c3:2e:e2:f9:08:64:e5:75:ab:98:b3:38:ba:8d:53:e8:08:47:
+ ef:cf:a9:f2:16:25:1b:20:78:2d:6f:f5:83:ee:35:d4:b5:c5:
+ d6:d7:81:17:bf:9c:45:43:d1:88:74:22:1a:32:b2:45:73:a2:
+ 28:d4:da:ff:85:f9:75:1c:4f:84:6a:a5:1a:41:eb:8b:e0:1d:
+ 49:69:07:2f:5b:5e:e3:7b:00:f8:4b:67:5b:42:d7:51:de:1c:
+ 18:89:2f:f8:36:e7:b5:a3:6c:39:e3:88:dc:5d:7f:2f:d9:52:
+ b6:6b:9c:e9:1d:df:d0:18:68:25:70:7e:71:fb:b3:40:28:75:
+ e9:24:38:6f:70:5b:1a:f9:bf:e9:43:bd:4b:51:e3:df:e3:25:
+ 11:ae:30:4e:7e:55:58:43:b3:65:05:11:2d:0e:a4:3c:b8:8a:
+ 0c:f9:93:ab:27:28:c0:b2:17:76:52:9b:18:82:b7:fd:a6:4f:
+ 6e:a1:74:2b:19:59:ac:b1:d8:5e:fb:f3:69:37:16:59:01:4c:
+ fa:a9:57:52:04:d4:45:8f:10:08:8a:ab:88:aa:96:46:9a:aa:
+ 94:b5:c6:bf:e9:9e:9a:cd:40:f3:2a:ed:23:ff:a6:f7:9b:18:
+ 02:d9:ab:76:96:ac:15:6f:04:5d:92:d2:49:4c:4b:62:da:3d:
+ 2a:a4:59:22:1a:75:cd:6e:fb:62:50:da:ae:9d:28:7d:4d:32:
+ 2f:d8:cd:37:67:f9:1d:c1:d5:76:40:ba:34:f6:8c:92:5b:c0:
+ 65:f6:3c:90:6c:5b:67:09:0d:d3:14:90:38:03:82:06:c3:b7:
+ 85:74:7f:15:f4:5b:de:66:5f:71:a9:f1:ed:15:9b:a0:72:ee:
+ 05:d7:b3:92:30:65:2e:82:90:21:fe:f0:07:34:11:d3:87:41:
+ f4:35:04:0c:b4:28:f5:73:b8:d5:0e:e3:2a:53:ab:9a:3f:4d:
+ 59:f9:18:68:f0:31:90:1d:d6:25:c6:8b:33:e8:dc:06:93:7b:
+ cb:01:de:8b:1e:87:5a:26:a0:0d:5e:f6:6a:36:43:54:53:6d:
+ 87:10:ca:a8:15:1a:4a:37:95:a5:67:93:74:ba:c3:59:9b:f8:
+ b5:ab:10:98:fc:ff:d6:d2:61:17:5d:90:7e:b1:2a:16:ec:d5:
+ da:80:67:02:13:41:d7:bc:a2:af:0b:54:08:b3:2e:1b:05:50:
+ 80:f6:c7:9a:8c:ac:89:49:4a:f4:4b:71:73:bc:e7:8c:6f:0c:
+ 70:62:73:3d:ed:07:14:35:f0:15:0c:bb:d8:c3:f6:19:43:b7:
+ 45:a5:33:80:17:1f:c3:39:28:3d:6a:7c:d6:e0:37:66:58:bd:
+ e8:64:2c:ad:b7:e0:25:f5:41:ac:ae:cb:ca:c1:eb:5b:8b:e1:
+ 3d:1e:cc:09:63:d6:6c:c8:eb:b8:ae:6f:4b:02:98:4a:2a:1a:
+ 94:26:e7:a3:23:7c:e9:e5:02:e0:1f:f5:88:f9:14:74:81:01:
+ 1d:cd:7e:46:35:7c:1d:e3:64:60:88:a4:ed:86:06:0e:af:3a:
+ 2b:1d:f8:45:fe:53:8e:56:89:95:98:ff:2c:8a:fb:3a:7a:0c:
+ 46:6a:3d:32:78:ad:58:69:ba:3b:d5:95:51:55:f3:72
+-----BEGIN CERTIFICATE-----
+MIIKAzCCBeugAwIBAgIBBjANBgkqhkiG9w0BAQsFADCBxjELMAkGA1UEBhMCVVMx
+EzARBgNVBAgMClNhbWJhU3RhdGUxEjAQBgNVBAcMCVNhbWJhQ2l0eTEZMBcGA1UE
+CgwQU2FtYmFTZWxmVGVzdGluZzEaMBgGA1UECwwRQ0EgQWRtaW5pc3RyYXRpb24x
+IDAeBgNVBAMMF0NBIG9mIHNhbWJhLmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkB
+FiZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTAeFw0yMDAy
+MjgxMzMwMjhaFw00MDAyMjMxMzMwMjhaMIG9MQswCQYDVQQGEwJVUzETMBEGA1UE
+CAwKU2FtYmFTdGF0ZTEZMBcGA1UECgwQU2FtYmFTZWxmVGVzdGluZzEbMBkGA1UE
+CwwSRG9tYWluIENvbnRyb2xsZXJzMSowKAYDVQQDDCFhZGRjc21iMS5hZGRvbTIu
+c2FtYmEuZXhhbXBsZS5jb20xNTAzBgkqhkiG9w0BCQEWJmNhLXNhbWJhLmV4YW1w
+bGUuY29tQHNhbWJhLmV4YW1wbGUuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+MIICCgKCAgEA3v5dejCZux4RVqyw1AFQMIPhcQ+qPhq0953qk2n8vlEZTDf3o7M8
+kBNiYxSduFRmF2VKZ47Oln9NwsZu/Tyuu+JbbO5Re9s3F5SZAjovqcvQIym3QzMI
+/D8VO+0862lblUUYHoVeqjG2PhjILzpILczGaSi2XKwkA7GD6OaWpwZt/nMTBNIY
+D9Ry94giQFuraKSJ4j3AyuWnrrb46oqMOZxtG4mrciwEJ0B+9dM/XdgNcWdlHeM9
+ZbCXfxStkkMvPwSrHjFSB3/fSKyawCjRq+vyebPSRF/oLZLX2L4D/ttVK0v4nLTO
+AngHcg/VMs0BHj2ybiUp+glJSavt3CsQxT0ZPMQe2u6Vwv/4ULT3R5qkfRyajXfa
+tqLmT82AubHyHdyQYDdvOV6mA+KLRNekRf1+T0MU8GgN5oSPISBT9rRnvfxd9Egq
+lR19ebqh7rjwg4N/q7HrOE48S4qTgBVjTEMdgUvB5tWwn2xJnQSSZmyffNNiUHL8
+d2WHOdnQ715TSTJK0xtKiEXwD6JeMym9qz1rPSO8xpydmJydjcwyPuGMmBkcRO4X
+Q7OwR6X+FUmqWrd2Q0zfmugzPVLobCzdPtip6S02wjpDdbK81b2Bi/xjN2GIJLt2
+NRkARHo+MKiej990FAkL9YvJsO2+0M/Af2FBB/hsfQoFlk9uX8xA8/UCAwEAAaOC
+AgEwggH9MAkGA1UdEwQCMAAwTwYDVR0fBEgwRjBEoEKgQIY+aHR0cDovL3d3dy5z
+YW1iYS5leGFtcGxlLmNvbS9jcmxzL0NBLXNhbWJhLmV4YW1wbGUuY29tLWNybC5j
+cmwwEQYJYIZIAYb4QgEBBAQDAgZAMAsGA1UdDwQEAwIF4DBOBglghkgBhvhCAQ0E
+QRY/RG9tYWluIENvbnRyb2xsZXIgQ2VydGlmaWNhdGUgYWRkY3NtYjEuYWRkb20y
+LnNhbWJhLmV4YW1wbGUuY29tMB0GA1UdDgQWBBRbhREnv/emK49Rk9gpTg6iZ6qd
+gDAfBgNVHSMEGDAWgBSiPgIqo6dNObQITZnMDHU26ifDPjBFBgNVHREEPjA8giFh
+ZGRjc21iMS5hZGRvbTIuc2FtYmEuZXhhbXBsZS5jb22gFwYJKwYBBAGCNxkBoAoE
+CAEjRWeJq83vMDEGA1UdEgQqMCiBJmNhLXNhbWJhLmV4YW1wbGUuY29tQHNhbWJh
+LmV4YW1wbGUuY29tME0GCWCGSAGG+EIBBARAFj5odHRwOi8vd3d3LnNhbWJhLmV4
+YW1wbGUuY29tL2NybHMvQ0Etc2FtYmEuZXhhbXBsZS5jb20tY3JsLmNybDAmBgNV
+HSUEHzAdBggrBgEFBQcDAgYIKwYBBQUHAwEGBysGAQUCAwUwDQYJKoZIhvcNAQEL
+BQADggQBAHPeejW8FawyRFuYYGQSr+pCRn37soizR2HDC23RaJI9RM03htoQ0hjb
+GSkDMRomzXDR7BOsWYTNvp8rxi0QqktNeDnTa+FN6BCgPpfTHBkR5A8mf5bXJhcj
+AtlLRwyvx+8orhwo5dJ6YUZwO0le0GVUTK4UJ8DkF0EsGkINhmw3SGWAAiGzKx9P
+NKXOe7D+Bqb+xRvK5eZ+1dwB0lDE+F5zbCxWgdCkc7+Cy9h2yn5EmTpfqZeJqFxb
+GzgNTcsCSWmCE2imvkujV6am4/DcrRwwAL/tFcrDPVx73G3my7u8oSLnMpXgD2qr
+QAxD7fOYY3wvFWNJTlyCZRPyUybXTMb4fvq8qCJE8fumuydk7JQoGUqvCX4Bjp0+
+Q+V5/RbtJLSrWALinvihsEUlbS++u4iQx9hFMUhlJjOGzEZpU2vx1jXfsTntgeEj
+8QHemRAR8D9NXdOKDER49idKMh2rDGPQcSViZ/UMfix8pOyN3gBtX2ldv+bHWXWH
+XiwS3KUb3cF6yVZjajvGmrf8FQFTTcjKx8iBUKBlQzP7qlVkoMMu4vkIZOV1q5iz
+OLqNU+gIR+/PqfIWJRsgeC1v9YPuNdS1xdbXgRe/nEVD0Yh0IhoyskVzoijU2v+F
++XUcT4RqpRpB64vgHUlpBy9bXuN7APhLZ1tC11HeHBiJL/g257WjbDnjiNxdfy/Z
+UrZrnOkd39AYaCVwfnH7s0AodekkOG9wWxr5v+lDvUtR49/jJRGuME5+VVhDs2UF
+ES0OpDy4igz5k6snKMCyF3ZSmxiCt/2mT26hdCsZWayx2F7782k3FlkBTPqpV1IE
+1EWPEAiKq4iqlkaaqpS1xr/pnprNQPMq7SP/pvebGALZq3aWrBVvBF2S0klMS2La
+PSqkWSIadc1u+2JQ2q6dKH1NMi/YzTdn+R3B1XZAujT2jJJbwGX2PJBsW2cJDdMU
+kDgDggbDt4V0fxX0W95mX3Gp8e0Vm6By7gXXs5IwZS6CkCH+8Ac0EdOHQfQ1BAy0
+KPVzuNUO4ypTq5o/TVn5GGjwMZAd1iXGizPo3AaTe8sB3oseh1omoA1e9mo2Q1RT
+bYcQyqgVGko3laVnk3S6w1mb+LWrEJj8/9bSYRddkH6xKhbs1dqAZwITQde8oq8L
+VAizLhsFUID2x5qMrIlJSvRLcXO854xvDHBicz3tBxQ18BUMu9jD9hlDt0WlM4AX
+H8M5KD1qfNbgN2ZYvehkLK234CX1Qayuy8rB61uL4T0ezAlj1mzI67iub0sCmEoq
+GpQm56MjfOnlAuAf9Yj5FHSBAR3NfkY1fB3jZGCIpO2GBg6vOisd+EX+U45WiZWY
+/yyK+zp6DEZqPTJ4rVhpujvVlVFV83I=
+-----END CERTIFICATE-----
diff --git a/selftest/manage-ca/CA-samba.example.com/NewCerts/07.pem b/selftest/manage-ca/CA-samba.example.com/NewCerts/07.pem
new file mode 100644
index 0000000..2d0735a
--- /dev/null
+++ b/selftest/manage-ca/CA-samba.example.com/NewCerts/07.pem
@@ -0,0 +1,169 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 7 (0x7)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=US, ST=SambaState, L=SambaCity, O=SambaSelfTesting, OU=CA Administration, CN=CA of samba.example.com/emailAddress=ca-samba.example.com@samba.example.com
+ Validity
+ Not Before: Feb 28 13:31:01 2020 GMT
+ Not After : Feb 23 13:31:01 2040 GMT
+ Subject: C=US, ST=SambaState, O=SambaSelfTesting, OU=Users, CN=administrator@addom2.samba.example.com/emailAddress=administrator@addom2.samba.example.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:eb:0e:b0:1d:53:4f:3c:0f:f8:90:d6:33:64:68:
+ 7e:ed:7c:46:96:c6:77:9c:0a:07:ed:8c:13:da:e7:
+ bb:b3:79:63:4b:ec:5a:2a:59:57:7c:38:69:50:c0:
+ a1:b4:ba:f8:1d:56:78:77:95:b3:44:13:12:83:df:
+ 20:95:12:01:e5:1e:1a:5b:38:69:48:86:e8:a6:0a:
+ 32:f4:38:36:f8:84:bd:5b:a9:70:48:c5:49:25:79:
+ 70:98:23:a7:58:3e:09:97:6d:67:b1:95:fa:08:86:
+ 2d:d6:b7:c5:d2:06:aa:5b:b8:f5:93:e6:c5:20:9a:
+ 9b:0c:90:2b:c7:2e:20:2f:e8:07:45:03:f3:4d:2c:
+ d9:eb:9c:91:d2:68:cc:fe:57:78:5c:2e:57:5b:a6:
+ 0e:10:6a:b8:05:ce:ab:12:31:49:e8:34:7c:3f:91:
+ 63:ce:3e:a6:ff:c0:7b:1b:95:b7:9b:99:a9:c7:ec:
+ d6:45:b7:9e:24:ee:c0:2b:a3:4c:a2:f9:04:5b:18:
+ 2f:0e:8b:2b:16:89:5d:cc:92:fa:49:dd:09:92:72:
+ 14:ba:8f:48:bd:6e:9b:88:14:98:6f:bc:0c:e3:bb:
+ a9:d1:0a:a8:93:6b:75:70:98:f9:a8:d8:0f:c5:e6:
+ a9:a4:e5:b3:72:81:76:07:73:c9:3e:d2:43:62:fe:
+ 1a:3b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 CRL Distribution Points:
+
+ Full Name:
+ URI:http://www.samba.example.com/crls/CA-samba.example.com-crl.crl
+
+ Netscape Cert Type:
+ SSL Client, S/MIME
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ Netscape Comment:
+ Smart Card Login Certificate for administrator@addom2.samba.example.com
+ X509v3 Subject Key Identifier:
+ 54:FB:DA:B4:F9:26:58:9A:8F:C2:D2:0A:95:B0:95:F6:D2:F6:1B:AE
+ X509v3 Authority Key Identifier:
+ keyid:A2:3E:02:2A:A3:A7:4D:39:B4:08:4D:99:CC:0C:75:36:EA:27:C3:3E
+
+ X509v3 Subject Alternative Name:
+ email:administrator@addom2.samba.example.com, othername:<unsupported>
+ X509v3 Issuer Alternative Name:
+ email:ca-samba.example.com@samba.example.com
+ Netscape CA Revocation Url:
+ http://www.samba.example.com/crls/CA-samba.example.com-crl.crl
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication, scardLogin
+ Signature Algorithm: sha256WithRSAEncryption
+ a3:8d:f9:4e:77:ba:67:28:63:6e:3e:70:91:64:3f:51:b3:69:
+ ab:ff:10:04:e4:39:d1:98:bf:7e:c7:da:d3:4e:d5:29:f7:ae:
+ ca:e2:b1:f7:ea:67:38:7e:bb:a8:55:33:c1:de:79:6a:49:56:
+ 6a:48:8c:3b:43:8b:03:f4:30:11:ac:ee:88:28:ed:11:6c:37:
+ 33:13:7f:25:aa:d6:71:99:d2:f8:fb:4f:7a:44:c7:20:78:b2:
+ 22:44:17:d8:56:10:a2:4c:48:1c:3a:ad:bf:82:d7:e5:e0:66:
+ e9:ac:a1:11:23:b3:f8:f7:a7:84:5f:b7:d2:30:89:b7:bc:3f:
+ 9c:61:d8:12:bb:a4:fe:af:53:f9:f7:26:8e:be:9a:79:53:47:
+ b6:2b:d3:31:60:e1:39:11:11:c3:32:b8:32:d2:e2:6d:8a:05:
+ ae:f5:7e:f7:03:33:1c:6c:07:8e:81:a4:26:f2:0d:22:af:fe:
+ 48:12:48:a8:09:e2:98:4e:b9:c5:07:16:5d:a3:b2:73:7c:4c:
+ a7:3e:24:e9:d8:cc:72:a3:87:dd:c7:69:8d:58:dd:2e:27:69:
+ 72:b4:fb:62:cf:66:c4:7a:8b:8b:c4:03:16:b6:9d:7f:7b:f5:
+ 44:c2:04:a7:17:80:9c:f7:32:ba:3a:05:e1:71:28:16:88:6a:
+ 9c:f8:0e:5e:c9:0b:81:eb:2c:05:3c:4c:ff:ba:72:10:da:99:
+ 95:e1:ef:d2:dd:95:7d:d0:24:f6:8f:e0:1c:75:25:64:80:0e:
+ 16:9f:c1:d7:76:7e:45:85:27:a8:85:80:c3:62:40:58:1b:75:
+ c3:8e:40:0c:d9:f1:5b:a0:6b:1e:47:99:4f:00:11:68:19:93:
+ 77:4b:1b:56:94:79:95:f6:b8:92:49:14:e0:8f:2b:40:4c:82:
+ 4c:5b:a0:e2:0f:d4:f3:d1:3c:f3:e6:4c:c4:3d:2a:4c:e8:ca:
+ 10:c0:39:81:64:db:68:80:12:07:3f:92:7c:e0:09:aa:42:77:
+ 51:1e:ee:ad:33:c8:8f:f4:f2:35:2b:c7:b7:57:7c:2e:c8:27:
+ 71:c8:5b:1a:f2:83:fa:4f:85:13:ea:ce:0b:2f:b7:76:86:77:
+ 00:82:46:2f:bf:1c:b2:de:5d:52:40:64:41:54:0b:9f:8c:84:
+ d9:dd:08:02:51:d0:06:d0:07:6f:a1:ef:74:f4:d9:f5:30:9c:
+ 15:c3:d6:89:b7:f5:81:5a:c0:44:3d:99:54:e8:25:56:1f:63:
+ be:5c:f7:be:f1:9c:24:e0:55:46:c4:a5:7e:3f:82:20:b9:4a:
+ d6:14:82:45:14:d8:91:75:33:c5:df:86:9c:19:17:a4:31:4a:
+ 37:a2:9e:b9:11:84:ab:df:bc:21:2b:9b:96:83:b7:1b:13:78:
+ 07:b2:c5:5f:97:48:3b:7e:43:10:34:68:e8:25:bd:51:a0:ae:
+ 17:52:62:47:3c:c9:f0:b5:55:95:cd:68:d3:5f:aa:85:be:ea:
+ fb:2a:8a:e4:50:3d:96:5b:b3:a9:e5:45:e4:2d:da:da:8d:f0:
+ ae:c0:98:47:8e:ca:46:c2:21:68:a6:f9:17:41:a2:c6:21:b9:
+ bc:73:a7:c3:84:a9:31:b7:54:04:33:2a:fb:57:32:47:93:e1:
+ b2:ff:58:5b:f3:19:66:bc:65:8e:00:29:9d:56:60:7d:28:b2:
+ 6d:a5:a9:eb:04:7c:d3:e7:d7:af:2d:fe:df:1e:9c:3b:a9:bb:
+ a0:14:e4:02:7f:e6:e7:0a:b2:37:bd:fd:67:32:82:4f:c0:41:
+ 89:96:9a:f2:9a:04:eb:82:ee:81:8a:00:15:5e:b2:d0:e1:72:
+ 74:47:2f:97:fb:33:f1:8c:b9:25:8f:02:71:75:b7:21:10:74:
+ 4f:5f:5f:61:51:4a:69:d1:03:6b:7a:51:e4:08:03:1f:c2:a7:
+ 2c:c2:10:b8:27:9f:aa:01:15:61:71:72:d6:ca:23:7f:d7:60:
+ b8:65:51:ca:65:8e:ef:74:2e:fc:89:23:0b:55:b5:83:d7:0b:
+ 8c:16:ab:1a:be:3a:79:62:b3:6e:64:d1:c2:48:af:81:0e:d4:
+ 1f:2e:2f:c7:47:16:79:a9:b9:cc:08:29:2e:da:d5:75:96:53:
+ b1:be:2c:5a:5a:9c:6b:40:16:e5:92:63:49:64:99:44:c1:bc:
+ 2a:40:fc:3c:50:c3:dd:07:31:ee:1d:46:38:1b:c8:12:a0:16:
+ 9d:1c:f6:0e:a7:66:8a:b0:2f:11:19:03:1d:66:6f:fe:cc:3a:
+ 6c:99:ce:60:b7:f1:e9:56:40:4d:fc:ac:eb:a5:04:de:85:7c:
+ 19:c7:16:c1:e1:26:43:03:da:f3:50:25:16:99:e0:fa:cd:59:
+ c7:8b:52:cf:fc:20:d0:68:50:b9:83:36:bb:44:7b:1f:92:5f:
+ f6:19:5b:91:de:33:2c:f9:80:25:b9:30:4c:fa:92:5b:6d:c2:
+ 65:10:98:1c:c6:61:51:9e:d0:c9:49:1b:c5:c5:8a:89:72:d0:
+ b7:ff:db:03:f9:95:f2:a0:de:d9:dc:32:c6:20:02:e1:7c:89:
+ 2d:6e:72:12:12:c3:97:56:eb:7c:58:88:1f:9d:ad:4c:b4:6a:
+ 97:4b:0c:87:f3:41:bb:2a:ff:a6:bf:90:70:91:9b:b7:b1:e1:
+ cc:0f:c6:33:a5:05:03:db:f9:fb:79:5c:20:78:f9:1c:88:d4:
+ 84:bd:2f:9b:12:30:02:36:cd:8a:f3:42:4a:9c:dc:c3
+-----BEGIN CERTIFICATE-----
+MIIJIDCCBQigAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBxjELMAkGA1UEBhMCVVMx
+EzARBgNVBAgMClNhbWJhU3RhdGUxEjAQBgNVBAcMCVNhbWJhQ2l0eTEZMBcGA1UE
+CgwQU2FtYmFTZWxmVGVzdGluZzEaMBgGA1UECwwRQ0EgQWRtaW5pc3RyYXRpb24x
+IDAeBgNVBAMMF0NBIG9mIHNhbWJhLmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkB
+FiZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTAeFw0yMDAy
+MjgxMzMxMDFaFw00MDAyMjMxMzMxMDFaMIG1MQswCQYDVQQGEwJVUzETMBEGA1UE
+CAwKU2FtYmFTdGF0ZTEZMBcGA1UECgwQU2FtYmFTZWxmVGVzdGluZzEOMAwGA1UE
+CwwFVXNlcnMxLzAtBgNVBAMMJmFkbWluaXN0cmF0b3JAYWRkb20yLnNhbWJhLmV4
+YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkBFiZhZG1pbmlzdHJhdG9yQGFkZG9tMi5z
+YW1iYS5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AOsOsB1TTzwP+JDWM2Rofu18RpbGd5wKB+2ME9rnu7N5Y0vsWipZV3w4aVDAobS6
++B1WeHeVs0QTEoPfIJUSAeUeGls4aUiG6KYKMvQ4NviEvVupcEjFSSV5cJgjp1g+
+CZdtZ7GV+giGLda3xdIGqlu49ZPmxSCamwyQK8cuIC/oB0UD800s2euckdJozP5X
+eFwuV1umDhBquAXOqxIxSeg0fD+RY84+pv/AexuVt5uZqcfs1kW3niTuwCujTKL5
+BFsYLw6LKxaJXcyS+kndCZJyFLqPSL1um4gUmG+8DOO7qdEKqJNrdXCY+ajYD8Xm
+qaTls3KBdgdzyT7SQ2L+GjsCAwEAAaOCAiYwggIiMAkGA1UdEwQCMAAwTwYDVR0f
+BEgwRjBEoEKgQIY+aHR0cDovL3d3dy5zYW1iYS5leGFtcGxlLmNvbS9jcmxzL0NB
+LXNhbWJhLmV4YW1wbGUuY29tLWNybC5jcmwwEQYJYIZIAYb4QgEBBAQDAgWgMAsG
+A1UdDwQEAwIF4DBWBglghkgBhvhCAQ0ESRZHU21hcnQgQ2FyZCBMb2dpbiBDZXJ0
+aWZpY2F0ZSBmb3IgYWRtaW5pc3RyYXRvckBhZGRvbTIuc2FtYmEuZXhhbXBsZS5j
+b20wHQYDVR0OBBYEFFT72rT5Jliaj8LSCpWwlfbS9huuMB8GA1UdIwQYMBaAFKI+
+Aiqjp005tAhNmcwMdTbqJ8M+MGkGA1UdEQRiMGCBJmFkbWluaXN0cmF0b3JAYWRk
+b20yLnNhbWJhLmV4YW1wbGUuY29toDYGCisGAQQBgjcUAgOgKAwmYWRtaW5pc3Ry
+YXRvckBhZGRvbTIuc2FtYmEuZXhhbXBsZS5jb20wMQYDVR0SBCowKIEmY2Etc2Ft
+YmEuZXhhbXBsZS5jb21Ac2FtYmEuZXhhbXBsZS5jb20wTQYJYIZIAYb4QgEEBEAW
+Pmh0dHA6Ly93d3cuc2FtYmEuZXhhbXBsZS5jb20vY3Jscy9DQS1zYW1iYS5leGFt
+cGxlLmNvbS1jcmwuY3JsMB8GA1UdJQQYMBYGCCsGAQUFBwMCBgorBgEEAYI3FAIC
+MA0GCSqGSIb3DQEBCwUAA4IEAQCjjflOd7pnKGNuPnCRZD9Rs2mr/xAE5DnRmL9+
+x9rTTtUp967K4rH36mc4fruoVTPB3nlqSVZqSIw7Q4sD9DARrO6IKO0RbDczE38l
+qtZxmdL4+096RMcgeLIiRBfYVhCiTEgcOq2/gtfl4GbprKERI7P496eEX7fSMIm3
+vD+cYdgSu6T+r1P59yaOvpp5U0e2K9MxYOE5ERHDMrgy0uJtigWu9X73AzMcbAeO
+gaQm8g0ir/5IEkioCeKYTrnFBxZdo7JzfEynPiTp2Mxyo4fdx2mNWN0uJ2lytPti
+z2bEeouLxAMWtp1/e/VEwgSnF4Cc9zK6OgXhcSgWiGqc+A5eyQuB6ywFPEz/unIQ
+2pmV4e/S3ZV90CT2j+AcdSVkgA4Wn8HXdn5FhSeohYDDYkBYG3XDjkAM2fFboGse
+R5lPABFoGZN3SxtWlHmV9riSSRTgjytATIJMW6DiD9Tz0Tzz5kzEPSpM6MoQwDmB
+ZNtogBIHP5J84AmqQndRHu6tM8iP9PI1K8e3V3wuyCdxyFsa8oP6T4UT6s4LL7d2
+hncAgkYvvxyy3l1SQGRBVAufjITZ3QgCUdAG0Advoe909Nn1MJwVw9aJt/WBWsBE
+PZlU6CVWH2O+XPe+8Zwk4FVGxKV+P4IguUrWFIJFFNiRdTPF34acGRekMUo3op65
+EYSr37whK5uWg7cbE3gHssVfl0g7fkMQNGjoJb1RoK4XUmJHPMnwtVWVzWjTX6qF
+vur7KorkUD2WW7Op5UXkLdrajfCuwJhHjspGwiFopvkXQaLGIbm8c6fDhKkxt1QE
+Myr7VzJHk+Gy/1hb8xlmvGWOACmdVmB9KLJtpanrBHzT59evLf7fHpw7qbugFOQC
+f+bnCrI3vf1nMoJPwEGJlprymgTrgu6BigAVXrLQ4XJ0Ry+X+zPxjLkljwJxdbch
+EHRPX19hUUpp0QNrelHkCAMfwqcswhC4J5+qARVhcXLWyiN/12C4ZVHKZY7vdC78
+iSMLVbWD1wuMFqsavjp5YrNuZNHCSK+BDtQfLi/HRxZ5qbnMCCku2tV1llOxvixa
+WpxrQBblkmNJZJlEwbwqQPw8UMPdBzHuHUY4G8gSoBadHPYOp2aKsC8RGQMdZm/+
+zDpsmc5gt/HpVkBN/KzrpQTehXwZxxbB4SZDA9rzUCUWmeD6zVnHi1LP/CDQaFC5
+gza7RHsfkl/2GVuR3jMs+YAluTBM+pJbbcJlEJgcxmFRntDJSRvFxYqJctC3/9sD
++ZXyoN7Z3DLGIALhfIktbnISEsOXVut8WIgfna1MtGqXSwyH80G7Kv+mv5BwkZu3
+seHMD8YzpQUD2/n7eVwgePkciNSEvS+bEjACNs2K80JKnNzD
+-----END CERTIFICATE-----
diff --git a/selftest/manage-ca/CA-samba.example.com/NewCerts/08.pem b/selftest/manage-ca/CA-samba.example.com/NewCerts/08.pem
new file mode 100644
index 0000000..794f9c2
--- /dev/null
+++ b/selftest/manage-ca/CA-samba.example.com/NewCerts/08.pem
@@ -0,0 +1,169 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 8 (0x8)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=US, ST=SambaState, L=SambaCity, O=SambaSelfTesting, OU=CA Administration, CN=CA of samba.example.com/emailAddress=ca-samba.example.com@samba.example.com
+ Validity
+ Not Before: Feb 28 13:31:30 2020 GMT
+ Not After : Feb 23 13:31:30 2040 GMT
+ Subject: C=US, ST=SambaState, O=SambaSelfTesting, OU=Users, CN=pkinit@addom2.samba.example.com/emailAddress=pkinit@addom2.samba.example.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:dc:33:db:43:5e:d5:91:27:95:35:d2:86:b2:e5:
+ 70:ac:b8:cf:74:01:2c:60:4d:67:b2:2c:2d:ef:c4:
+ 04:53:4d:08:9b:ce:55:ca:7a:ab:02:29:5d:3d:27:
+ ee:3e:a3:23:2e:3e:36:8d:f1:ca:8f:a7:4b:8b:a9:
+ 39:d3:33:39:d0:b9:f4:9b:c4:14:2c:41:67:be:6a:
+ 32:b6:86:0d:70:0e:eb:6c:b1:d1:ef:92:70:ec:70:
+ 70:2d:5f:4f:ea:6c:3e:9f:ee:9a:11:32:93:5f:b0:
+ e3:51:24:e2:33:08:22:ee:69:07:c6:10:a2:3f:43:
+ 67:3c:0b:48:b6:d1:92:99:22:de:fe:da:28:e9:12:
+ ba:a7:d6:54:76:c4:3c:56:a7:c9:e4:28:18:fd:89:
+ 8a:eb:02:42:88:27:59:61:f5:bd:5f:0d:eb:ce:80:
+ 4a:84:29:e5:38:93:1d:d9:0a:50:e3:eb:72:ec:b2:
+ 73:16:ab:75:33:3a:74:fd:6c:b8:a9:b9:09:c0:30:
+ 0a:74:d4:01:3e:00:0e:89:cf:87:aa:19:f5:7b:c4:
+ 0d:4f:b1:f1:40:59:54:67:28:aa:ca:18:75:7d:96:
+ d4:4d:99:e3:b1:84:bc:e7:65:80:ea:f6:dd:30:ce:
+ cf:14:67:b5:27:09:5f:83:a5:8c:87:62:8f:5a:22:
+ d5:75
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 CRL Distribution Points:
+
+ Full Name:
+ URI:http://www.samba.example.com/crls/CA-samba.example.com-crl.crl
+
+ Netscape Cert Type:
+ SSL Client, S/MIME
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ Netscape Comment:
+ Smart Card Login Certificate for pkinit@addom2.samba.example.com
+ X509v3 Subject Key Identifier:
+ 6A:36:04:8E:C5:C3:2C:C9:17:BA:52:66:D3:AB:0D:C3:F2:25:1A:CD
+ X509v3 Authority Key Identifier:
+ keyid:A2:3E:02:2A:A3:A7:4D:39:B4:08:4D:99:CC:0C:75:36:EA:27:C3:3E
+
+ X509v3 Subject Alternative Name:
+ email:pkinit@addom2.samba.example.com, othername:<unsupported>
+ X509v3 Issuer Alternative Name:
+ email:ca-samba.example.com@samba.example.com
+ Netscape CA Revocation Url:
+ http://www.samba.example.com/crls/CA-samba.example.com-crl.crl
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication, scardLogin
+ Signature Algorithm: sha256WithRSAEncryption
+ 4d:5b:aa:28:b6:e0:a4:61:63:ed:09:7a:0e:2b:b2:c9:83:73:
+ f5:28:17:2b:d5:4e:c7:7b:01:99:5d:b9:c5:93:b3:a5:e2:64:
+ 33:96:38:55:c4:a4:84:9a:d1:dc:40:56:ec:da:a7:a5:3b:7c:
+ 91:c7:8d:03:44:44:9d:a5:0a:9e:de:6a:9d:c2:80:49:93:db:
+ 4d:74:fa:3c:fd:54:de:99:9c:f8:82:63:ba:5e:81:9e:4d:ae:
+ a2:a1:09:dd:81:5a:3e:81:31:8b:ff:85:32:ae:30:9e:1a:d6:
+ 04:d9:1c:bd:a5:0e:83:29:86:f4:be:0f:81:9a:84:f4:42:42:
+ 6d:20:18:16:ef:21:ac:51:b3:34:bd:0f:b5:2c:7e:c5:21:3d:
+ f7:77:95:1e:8f:45:3e:f8:79:93:ad:35:dd:cd:97:95:fe:b6:
+ 5f:88:e7:b8:38:54:15:29:61:2f:17:91:99:74:0c:66:9a:55:
+ 5c:dd:22:19:a1:8e:c1:a5:23:45:a4:85:f2:b2:98:3b:2c:85:
+ d8:2a:8e:9c:4d:6c:9e:9e:ef:80:24:2f:57:f3:a1:1f:09:c4:
+ 44:4d:11:d2:84:87:2a:57:f0:cc:9e:38:2c:3a:68:ee:0b:be:
+ e9:48:67:ff:87:2b:29:03:25:22:8e:00:33:f8:2a:7c:11:91:
+ 17:42:fc:6c:d1:94:c6:f0:7f:ad:c3:97:cf:9f:cc:a5:be:25:
+ 33:af:d4:c4:06:17:a7:be:11:bf:51:5e:6e:b8:26:56:1e:d5:
+ d6:ce:85:05:62:02:62:92:63:48:d9:d2:0b:e4:f9:2c:a2:53:
+ 4f:5e:3d:31:07:4d:5b:c4:48:bc:d5:f0:66:98:fd:85:45:26:
+ 4b:98:4f:a2:ac:05:a0:df:ee:4e:c9:9c:2f:3c:ee:74:9d:54:
+ 83:03:d8:42:a1:ba:57:a1:d4:43:93:a0:94:e3:0c:3b:cb:eb:
+ e6:05:73:60:18:32:81:25:21:55:14:99:2b:9d:0e:b2:72:31:
+ 63:73:5a:94:b2:30:e7:16:16:4c:33:68:cb:e6:87:aa:20:c6:
+ 9c:f1:26:3b:f5:76:7a:9b:07:f7:d9:c0:6c:50:04:d6:14:06:
+ 37:e5:fc:58:18:d5:a7:c8:29:56:9e:3c:fd:03:96:e8:4e:1a:
+ 7e:6e:e3:c9:aa:e6:3f:5d:1a:cd:86:f3:17:82:3b:ff:4c:8e:
+ 6b:d2:11:84:ce:36:cc:c8:fe:31:80:43:23:fa:fe:3c:8c:57:
+ a0:a1:1e:b9:08:c1:03:af:8f:3b:6b:cb:12:e4:6a:31:94:86:
+ 7a:17:c5:9f:80:bc:bc:e0:42:7b:5a:57:ef:b7:d3:0c:5f:98:
+ 71:aa:4e:cf:b4:c7:25:33:96:54:7b:ca:90:79:6f:f8:f0:c3:
+ e7:9d:e7:d0:67:4d:7b:20:7b:9d:d0:91:4f:ab:a3:a2:99:fa:
+ 9a:74:37:33:64:0c:bf:b6:94:3f:62:5f:a5:76:1e:60:54:e6:
+ bf:3a:11:5b:f0:ba:62:12:2e:9b:99:a2:37:9f:4c:b9:e8:8e:
+ d2:81:1f:0f:26:23:3b:9a:3b:69:70:09:e4:ae:05:65:04:3e:
+ 55:06:43:1f:5e:fb:2d:e6:03:b6:c4:ca:47:66:f0:d3:2b:a0:
+ 79:e8:45:a4:df:8f:31:fd:7e:67:ca:50:e0:b0:99:9d:2c:6a:
+ 16:f0:39:01:da:7f:d7:66:15:d1:99:3b:d7:7c:8a:bf:b7:d4:
+ b1:d3:fb:e2:fc:75:82:47:fc:96:42:57:ce:4a:d5:12:07:99:
+ 5b:ae:1a:c2:98:f1:fa:3d:a7:19:88:75:c8:fa:81:60:1f:19:
+ 21:0c:25:84:a1:c3:88:30:a7:80:da:85:85:e1:42:98:76:37:
+ ab:48:75:60:2d:1d:f9:05:6e:04:e2:2b:ce:37:75:17:27:0d:
+ 87:11:d6:2b:fa:37:bf:b7:e3:d2:96:b9:d8:92:18:4a:00:45:
+ 6d:9d:c6:20:d0:6b:2c:ed:33:06:08:d7:0f:56:44:5e:68:9f:
+ 9f:20:fc:57:a8:27:68:c9:f5:f5:2e:4d:0b:3c:a9:2e:92:2b:
+ d3:88:a9:18:27:24:0f:33:90:23:b3:41:99:5b:ec:bd:ef:ba:
+ 5b:4a:b6:a9:6c:b5:a5:d4:47:1e:9c:e7:32:0c:72:98:e7:8c:
+ a4:aa:72:8f:2b:90:5f:2d:23:bf:99:62:75:47:2f:9a:79:5e:
+ 4b:8a:8c:f2:28:df:30:59:6b:62:45:4b:b6:e5:39:ab:77:f0:
+ 51:4b:b7:6f:42:0a:81:a7:c0:c9:8a:c6:09:2a:e8:35:36:53:
+ c9:5b:93:dc:a5:1e:17:b1:cc:b4:13:b5:bb:b0:df:b8:cd:68:
+ 8a:10:18:8c:de:07:33:31:68:6b:f4:6a:dc:d0:17:10:c4:2d:
+ ec:66:51:c3:01:b3:2a:f0:0e:b9:c2:4d:7c:8d:d8:ab:c0:76:
+ 79:ca:e6:ff:a4:36:da:c1:8d:2e:13:7d:15:21:72:86:ad:4b:
+ 1b:73:4f:46:2f:fa:1e:ae:e8:8f:dd:79:6c:46:57:0a:05:ef:
+ 11:04:ae:a0:c5:13:86:6a:a3:cc:9c:b7:80:ef:18:5f:67:f7:
+ 43:ef:e2:94:4f:85:06:2f:d1:7a:97:07:ed:89:7d:aa:1e:e0:
+ cf:52:63:b9:28:95:aa:6d:ca:f2:20:c2:f3:07:83:c5:f4:a2:
+ ee:20:61:88:34:12:62:05:67:8d:f2:83:25:0b:9a:89
+-----BEGIN CERTIFICATE-----
+MIII/TCCBOWgAwIBAgIBCDANBgkqhkiG9w0BAQsFADCBxjELMAkGA1UEBhMCVVMx
+EzARBgNVBAgMClNhbWJhU3RhdGUxEjAQBgNVBAcMCVNhbWJhQ2l0eTEZMBcGA1UE
+CgwQU2FtYmFTZWxmVGVzdGluZzEaMBgGA1UECwwRQ0EgQWRtaW5pc3RyYXRpb24x
+IDAeBgNVBAMMF0NBIG9mIHNhbWJhLmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkB
+FiZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTAeFw0yMDAy
+MjgxMzMxMzBaFw00MDAyMjMxMzMxMzBaMIGnMQswCQYDVQQGEwJVUzETMBEGA1UE
+CAwKU2FtYmFTdGF0ZTEZMBcGA1UECgwQU2FtYmFTZWxmVGVzdGluZzEOMAwGA1UE
+CwwFVXNlcnMxKDAmBgNVBAMMH3BraW5pdEBhZGRvbTIuc2FtYmEuZXhhbXBsZS5j
+b20xLjAsBgkqhkiG9w0BCQEWH3BraW5pdEBhZGRvbTIuc2FtYmEuZXhhbXBsZS5j
+b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcM9tDXtWRJ5U10oay
+5XCsuM90ASxgTWeyLC3vxARTTQibzlXKeqsCKV09J+4+oyMuPjaN8cqPp0uLqTnT
+MznQufSbxBQsQWe+ajK2hg1wDutssdHvknDscHAtX0/qbD6f7poRMpNfsONRJOIz
+CCLuaQfGEKI/Q2c8C0i20ZKZIt7+2ijpErqn1lR2xDxWp8nkKBj9iYrrAkKIJ1lh
+9b1fDevOgEqEKeU4kx3ZClDj63LssnMWq3UzOnT9bLipuQnAMAp01AE+AA6Jz4eq
+GfV7xA1PsfFAWVRnKKrKGHV9ltRNmeOxhLznZYDq9t0wzs8UZ7UnCV+DpYyHYo9a
+ItV1AgMBAAGjggIRMIICDTAJBgNVHRMEAjAAME8GA1UdHwRIMEYwRKBCoECGPmh0
+dHA6Ly93d3cuc2FtYmEuZXhhbXBsZS5jb20vY3Jscy9DQS1zYW1iYS5leGFtcGxl
+LmNvbS1jcmwuY3JsMBEGCWCGSAGG+EIBAQQEAwIFoDALBgNVHQ8EBAMCBeAwTwYJ
+YIZIAYb4QgENBEIWQFNtYXJ0IENhcmQgTG9naW4gQ2VydGlmaWNhdGUgZm9yIHBr
+aW5pdEBhZGRvbTIuc2FtYmEuZXhhbXBsZS5jb20wHQYDVR0OBBYEFGo2BI7FwyzJ
+F7pSZtOrDcPyJRrNMB8GA1UdIwQYMBaAFKI+Aiqjp005tAhNmcwMdTbqJ8M+MFsG
+A1UdEQRUMFKBH3BraW5pdEBhZGRvbTIuc2FtYmEuZXhhbXBsZS5jb22gLwYKKwYB
+BAGCNxQCA6AhDB9wa2luaXRAYWRkb20yLnNhbWJhLmV4YW1wbGUuY29tMDEGA1Ud
+EgQqMCiBJmNhLXNhbWJhLmV4YW1wbGUuY29tQHNhbWJhLmV4YW1wbGUuY29tME0G
+CWCGSAGG+EIBBARAFj5odHRwOi8vd3d3LnNhbWJhLmV4YW1wbGUuY29tL2NybHMv
+Q0Etc2FtYmEuZXhhbXBsZS5jb20tY3JsLmNybDAfBgNVHSUEGDAWBggrBgEFBQcD
+AgYKKwYBBAGCNxQCAjANBgkqhkiG9w0BAQsFAAOCBAEATVuqKLbgpGFj7Ql6Diuy
+yYNz9SgXK9VOx3sBmV25xZOzpeJkM5Y4VcSkhJrR3EBW7NqnpTt8kceNA0REnaUK
+nt5qncKASZPbTXT6PP1U3pmc+IJjul6Bnk2uoqEJ3YFaPoExi/+FMq4wnhrWBNkc
+vaUOgymG9L4PgZqE9EJCbSAYFu8hrFGzNL0PtSx+xSE993eVHo9FPvh5k6013c2X
+lf62X4jnuDhUFSlhLxeRmXQMZppVXN0iGaGOwaUjRaSF8rKYOyyF2CqOnE1snp7v
+gCQvV/OhHwnERE0R0oSHKlfwzJ44LDpo7gu+6Uhn/4crKQMlIo4AM/gqfBGRF0L8
+bNGUxvB/rcOXz5/Mpb4lM6/UxAYXp74Rv1FebrgmVh7V1s6FBWICYpJjSNnSC+T5
+LKJTT149MQdNW8RIvNXwZpj9hUUmS5hPoqwFoN/uTsmcLzzudJ1UgwPYQqG6V6HU
+Q5OglOMMO8vr5gVzYBgygSUhVRSZK50OsnIxY3NalLIw5xYWTDNoy+aHqiDGnPEm
+O/V2epsH99nAbFAE1hQGN+X8WBjVp8gpVp48/QOW6E4afm7jyarmP10azYbzF4I7
+/0yOa9IRhM42zMj+MYBDI/r+PIxXoKEeuQjBA6+PO2vLEuRqMZSGehfFn4C8vOBC
+e1pX77fTDF+YcapOz7THJTOWVHvKkHlv+PDD553n0GdNeyB7ndCRT6ujopn6mnQ3
+M2QMv7aUP2JfpXYeYFTmvzoRW/C6YhIum5miN59MueiO0oEfDyYjO5o7aXAJ5K4F
+ZQQ+VQZDH177LeYDtsTKR2bw0yugeehFpN+PMf1+Z8pQ4LCZnSxqFvA5Adp/12YV
+0Zk713yKv7fUsdP74vx1gkf8lkJXzkrVEgeZW64awpjx+j2nGYh1yPqBYB8ZIQwl
+hKHDiDCngNqFheFCmHY3q0h1YC0d+QVuBOIrzjd1FycNhxHWK/o3v7fj0pa52JIY
+SgBFbZ3GINBrLO0zBgjXD1ZEXmifnyD8V6gnaMn19S5NCzypLpIr04ipGCckDzOQ
+I7NBmVvsve+6W0q2qWy1pdRHHpznMgxymOeMpKpyjyuQXy0jv5lidUcvmnleS4qM
+8ijfMFlrYkVLtuU5q3fwUUu3b0IKgafAyYrGCSroNTZTyVuT3KUeF7HMtBO1u7Df
+uM1oihAYjN4HMzFoa/Rq3NAXEMQt7GZRwwGzKvAOucJNfI3Yq8B2ecrm/6Q22sGN
+LhN9FSFyhq1LG3NPRi/6Hq7oj915bEZXCgXvEQSuoMUThmqjzJy3gO8YX2f3Q+/i
+lE+FBi/RepcH7Yl9qh7gz1JjuSiVqm3K8iDC8weDxfSi7iBhiDQSYgVnjfKDJQua
+iQ==
+-----END CERTIFICATE-----
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-09 13:59:14 +0000