summaryrefslogtreecommitdiffstats
path: root/bin/tests/system/doth/CA
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 15:59:48 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 15:59:48 +0000
commit3b9b6d0b8e7f798023c9d109c490449d528fde80 (patch)
tree2e1c188dd7b8d7475cd163de9ae02c428343669b /bin/tests/system/doth/CA
parentInitial commit. (diff)
downloadbind9-3b9b6d0b8e7f798023c9d109c490449d528fde80.tar.xz
bind9-3b9b6d0b8e7f798023c9d109c490449d528fde80.zip
Adding upstream version 1:9.18.19.upstream/1%9.18.19
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'bin/tests/system/doth/CA')
-rw-r--r--bin/tests/system/doth/CA/CA.cfg121
-rw-r--r--bin/tests/system/doth/CA/CA.pem29
-rw-r--r--bin/tests/system/doth/CA/README2
-rw-r--r--bin/tests/system/doth/CA/certs/srv01.client01.example.com.key6
-rw-r--r--bin/tests/system/doth/CA/certs/srv01.client01.example.com.pem68
-rw-r--r--bin/tests/system/doth/CA/certs/srv01.client02-ns2.example.com.key6
-rw-r--r--bin/tests/system/doth/CA/certs/srv01.client02-ns2.example.com.pem68
-rw-r--r--bin/tests/system/doth/CA/certs/srv01.client03-ns2-expired.example.com.key6
-rw-r--r--bin/tests/system/doth/CA/certs/srv01.client03-ns2-expired.example.com.pem69
-rw-r--r--bin/tests/system/doth/CA/certs/srv01.crt01.example.com.key6
-rw-r--r--bin/tests/system/doth/CA/certs/srv01.crt01.example.com.pem69
-rw-r--r--bin/tests/system/doth/CA/certs/srv01.crt02-no-san.example.com.key6
-rw-r--r--bin/tests/system/doth/CA/certs/srv01.crt02-no-san.example.com.pem64
-rw-r--r--bin/tests/system/doth/CA/certs/srv01.crt03-expired.example.com.key6
-rw-r--r--bin/tests/system/doth/CA/certs/srv01.crt03-expired.example.com.pem69
-rw-r--r--bin/tests/system/doth/CA/certs/srv02.crt01.example.com.key6
-rw-r--r--bin/tests/system/doth/CA/certs/srv02.crt01.example.com.pem69
-rw-r--r--bin/tests/system/doth/CA/certs/srv03.crt01.example.com.key6
-rw-r--r--bin/tests/system/doth/CA/certs/srv03.crt01.example.com.pem69
-rw-r--r--bin/tests/system/doth/CA/certs/srv04.crt01.example.com.key6
-rw-r--r--bin/tests/system/doth/CA/certs/srv04.crt01.example.com.pem69
-rw-r--r--bin/tests/system/doth/CA/index.txt9
-rw-r--r--bin/tests/system/doth/CA/index.txt.attr1
-rw-r--r--bin/tests/system/doth/CA/newcerts/6BB3183CDEF52001.pem69
-rw-r--r--bin/tests/system/doth/CA/newcerts/6BB3183CDEF52002.pem64
-rw-r--r--bin/tests/system/doth/CA/newcerts/6BB3183CDEF52003.pem69
-rw-r--r--bin/tests/system/doth/CA/newcerts/6BB3183CDEF52004.pem69
-rw-r--r--bin/tests/system/doth/CA/newcerts/6BB3183CDEF52005.pem69
-rw-r--r--bin/tests/system/doth/CA/newcerts/6BB3183CDEF52006.pem69
-rw-r--r--bin/tests/system/doth/CA/newcerts/6BB3183CDEF52007.pem68
-rw-r--r--bin/tests/system/doth/CA/newcerts/6BB3183CDEF52008.pem68
-rw-r--r--bin/tests/system/doth/CA/newcerts/6BB3183CDEF52009.pem69
-rw-r--r--bin/tests/system/doth/CA/private/CA.key39
-rw-r--r--bin/tests/system/doth/CA/serial1
34 files changed, 1484 insertions, 0 deletions
diff --git a/bin/tests/system/doth/CA/CA.cfg b/bin/tests/system/doth/CA/CA.cfg
new file mode 100644
index 0000000..97ea088
--- /dev/null
+++ b/bin/tests/system/doth/CA/CA.cfg
@@ -0,0 +1,121 @@
+## How To
+# To issue a certificate:
+#
+# 1. Generate the next certificate serial (if the file does not exist):
+# xxd -l 8 -u -ps /dev/urandom > ./serial
+# 2. Create the new certificate request (e.g. for foo.example.com):
+# openssl req -config ./CA.cfg -new -subj "/CN=foo.example.com" \
+# -addext "subjectAltName=DNS:foo.example.com,IP=X.X.X.X" \
+# -newkey rsa -keyout ./certs/foo.example.com.key \
+# -out ./certs/foo.example.com.csr
+#
+# The above will generate request for an RSA-based certificate. One
+# can issue an ECDSA-based certificate by replacing "-newkey rsa" with
+# "-newkey ec -pkeyopt ec_paramgen_curve:secp384r1".
+#
+# 3. Issue the certificate:
+# openssl ca -config ./CA.cfg -in ./certs/foo.example.com.csr \
+# -out ./certs/foo.example.com.pem
+#
+# To cleanup the internal database from expired certificates:
+#
+# 1. openssl ca -config ./CA.cfg -updatedb
+#
+# To revoke a certificate:
+#
+# 1. Revoke the certificate via file (e.g. for foo.example.com):
+# openssl ca -config ./CA.cfg -revoke ./certs/foo.example.com.pem
+# 2. Optionally remove the certificate file if you do not need it anymore:
+# rm ./certs/foo.example.com.pem
+# 3. Generate the certificate revocation list file: CRL (e.g. revoked.crl):
+# openssl ca -config ./CA.cfg -gencrl > ./revoked.crl
+#
+# The key for CA was generated like follows
+# openssl genrsa -out ./CA.key 3072
+# openssl req -x509 -new -key ./CA.key -days 10950 -out ./CA.pem
+#
+# See also:
+#
+# - https://jamielinux.com/docs/openssl-certificate-authority/index.html
+# - https://www.openssl.org/docs/man1.1.1/man1/ca.html
+# - https://www.openssl.org/docs/man1.1.1/man1/openssl-req.html
+# - https://security.stackexchange.com/questions/74345/provide-subjectaltname-to-openssl-directly-on-the-command-line
+# - https://security.stackexchange.com/a/190646 - for ECDSA certificates
+# - https://gist.github.com/Soarez/9688998
+# - https://habr.com/ru/post/192446/ - Beware, your screen might "go Cyrillic"!
+
+# certificate authority configuration
+[ca]
+default_ca = CA_default # The default ca section
+
+[CA_default]
+dir = .
+new_certs_dir = $dir/newcerts # new certs dir (must be created)
+certificate = $dir/CA.pem # The CA cert
+private_key = $dir/private/CA.key # CA private key
+
+serial = $dir/serial # serial number file for the next certificate
+ # Update before issuing it:
+ # xxd -l 8 -u -ps /dev/urandom > ./serial
+database = $dir/index.txt # (must be created manually: touch ./index.txt)
+
+default_days = 10950 # how long to certify for
+
+#default_crl_days = 30 # the number of days before the
+default_crl_days = 10950 # next CRL is due. That is the
+ # days from now to place in the
+ # CRL nextUpdate field. If CRL
+ # is expired, certificate
+ # verifications will fail even
+ # for otherwise valid
+ # certificates. Clients might
+ # cache the CRL, so the expiry
+ # period should normally be
+ # relatively short (default:
+ # 30) for production CAs.
+
+default_md = sha256 # digest to use
+
+policy = policy_default # default policy
+email_in_dn = no # Don't add the email into cert DN
+
+name_opt = ca_default # Subject name display option
+cert_opt = ca_default # Certificate display option
+
+# We need the following in order to copy Subject Alt Name(s) from a
+# request to the certificate.
+copy_extensions = copy # copy extensions from request
+
+[policy_default]
+countryName = optional
+stateOrProvinceName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# default certificate requests settings
+[req]
+# Options for the `req` tool (`man req`).
+default_bits = 3072 # for RSA only
+distinguished_name = req_default
+string_mask = utf8only
+# SHA-1 is deprecated, so use SHA-256 instead.
+default_md = sha256
+# do not encrypt the private key file
+encrypt_key = no
+
+[req_default]
+# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
+countryName = Country Name (2 letter code)
+stateOrProvinceName = State or Province Name (full name)
+localityName = Locality Name (e.g., city)
+0.organizationName = Organization Name (e.g., company)
+organizationalUnitName = Organizational Unit Name (e.g. department)
+commonName = Common Name (e.g. server FQDN or YOUR name)
+emailAddress = Email Address
+# defaults
+countryName_default = UA
+stateOrProvinceName_default = Kharkiv Oblast
+localityName_default = Kharkiv
+0.organizationName_default = ISC
+organizationalUnitName_default = Software Engeneering (BIND 9)
diff --git a/bin/tests/system/doth/CA/CA.pem b/bin/tests/system/doth/CA/CA.pem
new file mode 100644
index 0000000..1f725db
--- /dev/null
+++ b/bin/tests/system/doth/CA/CA.pem
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIE3TCCA0WgAwIBAgIUeZPKrvbGEBZaRc2jNczlIsJXyPYwDQYJKoZIhvcNAQEL
+BQAwfTELMAkGA1UEBhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4G
+A1UEBwwHS2hhcmtpdjEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0
+aXVtMRwwGgYDVQQDDBNjYS50ZXN0LmV4YW1wbGUuY29tMCAXDTIyMDEyNDEyNDA1
+NFoYDzIwNTIwMTE3MTI0MDU0WjB9MQswCQYDVQQGEwJVQTEYMBYGA1UECAwPS2hh
+cmtpdiBPYmxhc3QnMRAwDgYDVQQHDAdLaGFya2l2MSQwIgYDVQQKDBtJbnRlcm5l
+dCBTeXN0ZW1zIENvbnNvcnRpdW0xHDAaBgNVBAMME2NhLnRlc3QuZXhhbXBsZS5j
+b20wggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCi6hEegBzpUKbE1NTo
+Z7uz7EMUY7TBckkiw/7ydTLKNa8YI4JpBguFvWQsDY0dGFJIoVwyHyNx3seW/LoI
+B5zWPZ2xbOvLLceA+t2NZpbc98E7jUOVS123yED+nqlfZjCq9Zt0r/ezwnQtjnFF
+ko1mcU4H9Jvg8aIgnU2AxE78zciU9CY8799pFFNThIjbooI8oVbfjbzbpmLzxjA5
+3rDmZBTh+ySTlMa2U2oT4WPjRltZWnJVegRRLpG95GnTbQ1fkJAbj1Iu10XTkCee
+wBOqaA1UJem0a6pby5odE414Y7c0ETKcmaJtYENQyO0IJwZWDKtVe5OTIAklakia
+eyFTCAw1h5tHCYLaJW/Yu2wlLl5RNQcRZ9+cWXnldTY+TI1iBjfmADjLdKJYUlhX
+z7kWJtTi63Sdv6WYcEXxaWpxT+R3e2kaR/R7GOo4gdkWpX1siGlRteHHH2/36CSQ
+ZD2etcTUpGW+KDHFR4grnEfL1rt9UgvCjpa4KcssmZtWSSUCAwEAAaNTMFEwHQYD
+VR0OBBYEFHyJ6Fzr5R9ySATFj/uSCJz1YCY5MB8GA1UdIwQYMBaAFHyJ6Fzr5R9y
+SATFj/uSCJz1YCY5MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggGB
+AF3y0hvzyZWtmuG1JwIcOcc1aPl1KdRy8bao/5iHYGYYrsdDgcO5/e+y9S/izalc
+TdW7SKB5iBOCiE8fBNtToCvGP+fxNxHijpAmTr37G5sWuSo1T1VYFizHWL+df/Ig
+TcSvDrEjSnAwaEdNJUWtjoIC4VzNKTLtZf16QIATTzTZa3bfgSetpWS7LhLQbHod
+CSGI2QB1LRbqGC+a1Y85QxHv81jWzPWPzXYvnOLrDdQyBMOBcxDzrN4b6zg+5Itz
+qGYt+IS71jAH0IhxAyD/U5n1jGJv02BnSq0ynLEOD6gsnZjqAwPbt/PM9pGbtbXO
+70Q9rxr+vQc1IISKAEiH3txaEPi10wU98d6LbInJvQrmgHo/ntet8skWNYuxlEzS
+wvynuE9KvvQtOTodWt5AePtKrhHdxu527a4CHVp59nYUjKSdMKjvmhMRXM1cNjFE
+rA/pyyhozR47w3RzHMJVHw2GJ2B/HeqmxpXr1CmJjoRP38QCR7N+mqiZy85Fq2j2
+8Q==
+-----END CERTIFICATE-----
diff --git a/bin/tests/system/doth/CA/README b/bin/tests/system/doth/CA/README
new file mode 100644
index 0000000..13069ca
--- /dev/null
+++ b/bin/tests/system/doth/CA/README
@@ -0,0 +1,2 @@
+Please take a look at the contents of the CA.cfg file for further
+instructions and configurations options.
diff --git a/bin/tests/system/doth/CA/certs/srv01.client01.example.com.key b/bin/tests/system/doth/CA/certs/srv01.client01.example.com.key
new file mode 100644
index 0000000..9da02dd
--- /dev/null
+++ b/bin/tests/system/doth/CA/certs/srv01.client01.example.com.key
@@ -0,0 +1,6 @@
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCq9Z95YLiCPSevj5Xm
+lB/ijFFlZb8AT2bHUyL1fmivBm8JfjSa/j3pZePAF7rltyChZANiAARek2p62nXM
+ZAjk+PkvK4U27uHf+s1MYPFEtRZ7+QPPoAhnb64no5WKaB5jq88uIGJS54w+Hu/e
+DWlkZbbk3/4aSPhodYSDEfuBWQ7Blkh/JNoR3azLCsUJeCQxOt835rM=
+-----END PRIVATE KEY-----
diff --git a/bin/tests/system/doth/CA/certs/srv01.client01.example.com.pem b/bin/tests/system/doth/CA/certs/srv01.client01.example.com.pem
new file mode 100644
index 0000000..0b4c115
--- /dev/null
+++ b/bin/tests/system/doth/CA/certs/srv01.client01.example.com.pem
@@ -0,0 +1,68 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 7760573232607207431 (0x6bb3183cdef52007)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
+ Validity
+ Not Before: Feb 10 17:44:20 2022 GMT
+ Not After : Feb 3 17:44:20 2052 GMT
+ Subject: CN=srv01.client01.example.com
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:5e:93:6a:7a:da:75:cc:64:08:e4:f8:f9:2f:2b:
+ 85:36:ee:e1:df:fa:cd:4c:60:f1:44:b5:16:7b:f9:
+ 03:cf:a0:08:67:6f:ae:27:a3:95:8a:68:1e:63:ab:
+ cf:2e:20:62:52:e7:8c:3e:1e:ef:de:0d:69:64:65:
+ b6:e4:df:fe:1a:48:f8:68:75:84:83:11:fb:81:59:
+ 0e:c1:96:48:7f:24:da:11:dd:ac:cb:0a:c5:09:78:
+ 24:31:3a:df:37:e6:b3
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Subject Alternative Name:
+ DNS:srv01.client01.example.com
+ Signature Algorithm: sha256WithRSAEncryption
+ 82:bd:eb:8f:4e:a5:d2:46:c7:d8:70:3c:34:1d:58:43:1b:81:
+ 16:5d:c2:b0:76:4b:a9:f2:10:14:23:e4:ef:dc:59:03:b6:7f:
+ b0:40:34:e5:d0:82:4b:95:a6:07:9a:45:51:94:cf:08:c2:4e:
+ c9:44:d5:f3:b6:ed:f2:a0:01:94:ad:e0:0e:0f:ab:85:6f:35:
+ 4b:07:c8:97:25:fb:69:ff:a1:99:bc:ec:70:6c:51:b5:32:95:
+ e9:c9:45:cf:45:e2:c5:5e:b1:59:a2:e1:f2:83:c8:87:68:c4:
+ 60:e2:db:50:6c:18:64:1b:9a:9a:cc:7c:e7:fd:d9:f2:b7:d1:
+ de:1d:ec:29:c9:58:db:7b:9a:a1:06:9a:ce:36:a0:45:10:dc:
+ 7d:81:24:21:34:30:4c:71:f9:fc:96:37:d6:cf:0d:9d:11:12:
+ c7:62:bc:19:5b:79:e5:e0:37:e8:17:36:4b:13:af:fa:2c:2e:
+ 36:d9:be:53:e1:c3:f9:bc:94:a6:7a:97:14:99:36:f9:14:38:
+ 11:20:3a:2a:9d:fd:64:63:d0:a2:8f:f0:99:a9:02:ca:57:48:
+ d2:7d:65:44:b6:85:a0:38:ec:e8:19:7e:c2:48:e3:1d:22:53:
+ cf:3b:d4:0a:98:e1:72:62:ec:8b:01:3f:5a:ea:26:2c:8c:16:
+ c3:80:5a:c2:5d:40:c5:65:1c:e2:9a:e3:d6:65:16:ee:dc:17:
+ 30:d8:26:87:92:d0:ef:c7:72:07:99:86:05:9e:49:35:41:33:
+ b9:bb:cb:1b:25:50:70:85:e3:0f:c7:b9:b2:37:00:1b:87:a2:
+ 47:97:34:5b:cd:dc:66:22:e5:de:25:ec:57:fe:37:75:2c:03:
+ 10:f4:d4:a7:cc:f5:4b:0b:ff:eb:d3:a6:78:2e:cd:8f:65:51:
+ a7:8c:ef:83:67:ec:94:13:c2:1f:74:74:55:7c:a3:0b:b7:2f:
+ 80:5a:62:04:1d:a2:c0:c1:de:b2:7d:31:3b:a1:fa:f7:40:a7:
+ bd:12:25:95:5b:8b
+-----BEGIN CERTIFICATE-----
+MIIDITCCAYmgAwIBAgIIa7MYPN71IAcwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
+BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
+djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
+DBNjYS50ZXN0LmV4YW1wbGUuY29tMCAXDTIyMDIxMDE3NDQyMFoYDzIwNTIwMjAz
+MTc0NDIwWjAlMSMwIQYDVQQDDBpzcnYwMS5jbGllbnQwMS5leGFtcGxlLmNvbTB2
+MBAGByqGSM49AgEGBSuBBAAiA2IABF6TanradcxkCOT4+S8rhTbu4d/6zUxg8US1
+Fnv5A8+gCGdvriejlYpoHmOrzy4gYlLnjD4e794NaWRltuTf/hpI+Gh1hIMR+4FZ
+DsGWSH8k2hHdrMsKxQl4JDE63zfms6MpMCcwJQYDVR0RBB4wHIIac3J2MDEuY2xp
+ZW50MDEuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADggGBAIK9649OpdJGx9hw
+PDQdWEMbgRZdwrB2S6nyEBQj5O/cWQO2f7BANOXQgkuVpgeaRVGUzwjCTslE1fO2
+7fKgAZSt4A4Pq4VvNUsHyJcl+2n/oZm87HBsUbUylenJRc9F4sVesVmi4fKDyIdo
+xGDi21BsGGQbmprMfOf92fK30d4d7CnJWNt7mqEGms42oEUQ3H2BJCE0MExx+fyW
+N9bPDZ0REsdivBlbeeXgN+gXNksTr/osLjbZvlPhw/m8lKZ6lxSZNvkUOBEgOiqd
+/WRj0KKP8JmpAspXSNJ9ZUS2haA47OgZfsJI4x0iU8871AqY4XJi7IsBP1rqJiyM
+FsOAWsJdQMVlHOKa49ZlFu7cFzDYJoeS0O/HcgeZhgWeSTVBM7m7yxslUHCF4w/H
+ubI3ABuHokeXNFvN3GYi5d4l7Ff+N3UsAxD01KfM9UsL/+vTpnguzY9lUaeM74Nn
+7JQTwh90dFV8owu3L4BaYgQdosDB3rJ9MTuh+vdAp70SJZVbiw==
+-----END CERTIFICATE-----
diff --git a/bin/tests/system/doth/CA/certs/srv01.client02-ns2.example.com.key b/bin/tests/system/doth/CA/certs/srv01.client02-ns2.example.com.key
new file mode 100644
index 0000000..91cb6ca
--- /dev/null
+++ b/bin/tests/system/doth/CA/certs/srv01.client02-ns2.example.com.key
@@ -0,0 +1,6 @@
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDD1/sp/yNsAc9Z6TPhm
+0xT0ZhSf/9XJD6daSpdUDJ/nEJKa+sBXDWJHuXrbNRqUK2qhZANiAATmRfpXEmxZ
+ECOLelx2M+s7Qfq3HJCzLzMtRXvj5baloqKkFPRQnbDGOLrpRWWkZbkQMi+Tm9XY
+z7QpW9xOyOymn1h2JPTF0UhVUutdsIWThe4+uMSxzQhZlRL/e5vuark=
+-----END PRIVATE KEY-----
diff --git a/bin/tests/system/doth/CA/certs/srv01.client02-ns2.example.com.pem b/bin/tests/system/doth/CA/certs/srv01.client02-ns2.example.com.pem
new file mode 100644
index 0000000..1b43bbd
--- /dev/null
+++ b/bin/tests/system/doth/CA/certs/srv01.client02-ns2.example.com.pem
@@ -0,0 +1,68 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 7760573232607207432 (0x6bb3183cdef52008)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
+ Validity
+ Not Before: Feb 11 13:21:12 2022 GMT
+ Not After : Feb 4 13:21:12 2052 GMT
+ Subject: CN=srv01.client02-ns2.example.com
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:e6:45:fa:57:12:6c:59:10:23:8b:7a:5c:76:33:
+ eb:3b:41:fa:b7:1c:90:b3:2f:33:2d:45:7b:e3:e5:
+ b6:a5:a2:a2:a4:14:f4:50:9d:b0:c6:38:ba:e9:45:
+ 65:a4:65:b9:10:32:2f:93:9b:d5:d8:cf:b4:29:5b:
+ dc:4e:c8:ec:a6:9f:58:76:24:f4:c5:d1:48:55:52:
+ eb:5d:b0:85:93:85:ee:3e:b8:c4:b1:cd:08:59:95:
+ 12:ff:7b:9b:ee:6a:b9
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Subject Alternative Name:
+ DNS:srv01.client02-ns2.example.com
+ Signature Algorithm: sha256WithRSAEncryption
+ 43:ec:0f:62:17:f6:f4:90:3b:7c:36:21:f2:18:94:a6:42:51:
+ 1e:1d:2a:43:8f:05:b7:8d:3c:ca:f0:20:2f:65:4b:be:48:ad:
+ 6a:0a:cc:2d:1f:d6:27:1d:af:4a:36:86:ed:0d:03:75:c5:71:
+ ec:58:9b:ec:f9:0f:e4:83:ef:6f:91:da:20:73:47:ac:e7:c7:
+ 8b:22:b2:d1:6e:a0:b0:d6:1c:4c:70:1e:74:08:1d:7f:61:06:
+ e5:be:f3:e8:c4:15:60:e2:b0:02:9b:f0:13:af:76:5b:a8:c7:
+ 91:2c:10:5f:0d:32:89:51:5a:7f:17:1b:7c:c6:46:97:ee:e7:
+ bb:8a:48:38:a2:52:d4:ff:3b:1c:ec:4a:a9:8c:a5:23:3a:04:
+ bb:d7:b8:ad:5b:69:7f:1d:be:ca:96:e0:eb:56:05:43:ee:c8:
+ ff:2c:48:03:00:c6:c2:ac:fc:4e:15:47:86:c5:33:ed:70:f6:
+ 98:bc:0b:07:b9:5b:1a:ec:fd:3c:bf:26:61:68:fc:db:02:55:
+ 07:ae:76:0e:be:ff:c5:b8:56:fb:52:54:a4:b1:2d:64:b4:1d:
+ 55:02:4f:da:06:bd:26:e4:22:d2:94:1f:7e:29:c4:97:10:d1:
+ 75:7d:41:53:be:46:52:70:b1:d9:ff:bb:9f:96:19:e3:a0:ba:
+ d0:4a:5a:8d:da:22:73:89:f0:4c:e6:18:80:53:be:bd:64:56:
+ 6a:c9:58:71:40:66:9e:4a:3e:31:3b:74:9e:6e:6a:f5:65:ca:
+ 93:06:52:00:74:65:a0:3a:eb:2e:56:56:d2:a5:4b:0e:85:17:
+ 25:78:cb:f3:f9:53:7b:85:f9:82:15:87:bc:36:70:b5:69:64:
+ 48:11:79:b9:2c:2e:cc:09:fd:0f:b0:b7:cd:97:3b:c7:0f:49:
+ 1a:fc:15:49:d6:1c:a9:dc:14:ff:44:d2:be:5a:36:00:66:0c:
+ d5:b8:bf:16:9e:60:27:79:c0:f5:b4:ff:2f:af:8c:b2:49:75:
+ 61:44:05:1a:e8:cd
+-----BEGIN CERTIFICATE-----
+MIIDKTCCAZGgAwIBAgIIa7MYPN71IAgwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
+BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
+djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
+DBNjYS50ZXN0LmV4YW1wbGUuY29tMCAXDTIyMDIxMTEzMjExMloYDzIwNTIwMjA0
+MTMyMTEyWjApMScwJQYDVQQDDB5zcnYwMS5jbGllbnQwMi1uczIuZXhhbXBsZS5j
+b20wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATmRfpXEmxZECOLelx2M+s7Qfq3HJCz
+LzMtRXvj5baloqKkFPRQnbDGOLrpRWWkZbkQMi+Tm9XYz7QpW9xOyOymn1h2JPTF
+0UhVUutdsIWThe4+uMSxzQhZlRL/e5vuarmjLTArMCkGA1UdEQQiMCCCHnNydjAx
+LmNsaWVudDAyLW5zMi5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAYEAQ+wP
+Yhf29JA7fDYh8hiUpkJRHh0qQ48Ft408yvAgL2VLvkitagrMLR/WJx2vSjaG7Q0D
+dcVx7Fib7PkP5IPvb5HaIHNHrOfHiyKy0W6gsNYcTHAedAgdf2EG5b7z6MQVYOKw
+ApvwE692W6jHkSwQXw0yiVFafxcbfMZGl+7nu4pIOKJS1P87HOxKqYylIzoEu9e4
+rVtpfx2+ypbg61YFQ+7I/yxIAwDGwqz8ThVHhsUz7XD2mLwLB7lbGuz9PL8mYWj8
+2wJVB652Dr7/xbhW+1JUpLEtZLQdVQJP2ga9JuQi0pQffinElxDRdX1BU75GUnCx
+2f+7n5YZ46C60Epajdoic4nwTOYYgFO+vWRWaslYcUBmnko+MTt0nm5q9WXKkwZS
+AHRloDrrLlZW0qVLDoUXJXjL8/lTe4X5ghWHvDZwtWlkSBF5uSwuzAn9D7C3zZc7
+xw9JGvwVSdYcqdwU/0TSvlo2AGYM1bi/Fp5gJ3nA9bT/L6+Mskl1YUQFGujN
+-----END CERTIFICATE-----
diff --git a/bin/tests/system/doth/CA/certs/srv01.client03-ns2-expired.example.com.key b/bin/tests/system/doth/CA/certs/srv01.client03-ns2-expired.example.com.key
new file mode 100644
index 0000000..5d3d283
--- /dev/null
+++ b/bin/tests/system/doth/CA/certs/srv01.client03-ns2-expired.example.com.key
@@ -0,0 +1,6 @@
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCQvnl9FD/mrb+KQaC8
+VMhKW2sxrYFHhZnUYBc3Luz/X3vECNVqLVc5asLu+NrkioyhZANiAAQ4mpvCaoKm
+0VCKeHrRvmG+1LbT1qICl6RIUMDFHdgtIxklbpECHWnCd9bxqE9Kmh08aVqJQQry
+4GRXGw6e359MezxC3CHILJWrs0xfVsRw7oqk5EbEnpj1yHuyc9dFk/A=
+-----END PRIVATE KEY-----
diff --git a/bin/tests/system/doth/CA/certs/srv01.client03-ns2-expired.example.com.pem b/bin/tests/system/doth/CA/certs/srv01.client03-ns2-expired.example.com.pem
new file mode 100644
index 0000000..99e4a71
--- /dev/null
+++ b/bin/tests/system/doth/CA/certs/srv01.client03-ns2-expired.example.com.pem
@@ -0,0 +1,69 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 7760573232607207433 (0x6bb3183cdef52009)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
+ Validity
+ Not Before: Aug 14 05:00:00 2012 GMT
+ Not After : Aug 14 06:00:00 2012 GMT
+ Subject: CN=srv01.client03-ns2-expired.example.com
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:38:9a:9b:c2:6a:82:a6:d1:50:8a:78:7a:d1:be:
+ 61:be:d4:b6:d3:d6:a2:02:97:a4:48:50:c0:c5:1d:
+ d8:2d:23:19:25:6e:91:02:1d:69:c2:77:d6:f1:a8:
+ 4f:4a:9a:1d:3c:69:5a:89:41:0a:f2:e0:64:57:1b:
+ 0e:9e:df:9f:4c:7b:3c:42:dc:21:c8:2c:95:ab:b3:
+ 4c:5f:56:c4:70:ee:8a:a4:e4:46:c4:9e:98:f5:c8:
+ 7b:b2:73:d7:45:93:f0
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Subject Alternative Name:
+ DNS:srv01.client03-ns2-expired.example.com
+ Signature Algorithm: sha256WithRSAEncryption
+ 38:12:1f:5f:26:b6:8e:9b:3f:77:89:5a:b8:e8:46:78:c3:d6:
+ f0:0c:67:5f:d5:a3:9c:f6:f2:0a:ae:9c:87:74:9f:a3:5b:8a:
+ 27:58:47:e5:78:1a:e9:db:b5:cc:28:a7:f8:18:e3:e7:20:43:
+ cf:82:06:5d:a1:d0:82:ab:15:be:86:46:1e:e6:4d:ad:78:a4:
+ 16:6c:99:41:3d:29:21:c8:6b:9d:3d:4a:cd:93:37:1f:1c:88:
+ c7:ae:b6:7c:73:42:57:57:32:9d:e8:c6:e2:3e:da:12:57:3e:
+ c8:56:4a:bb:d4:01:fc:8e:30:8d:19:fe:61:3d:5e:02:64:65:
+ a2:46:b3:6e:ea:f9:cb:4e:f0:b9:f6:bc:6b:38:10:19:d0:93:
+ f8:f7:d9:4c:d2:87:2c:7f:dc:f5:00:c6:29:dd:00:5e:d2:f4:
+ df:52:fb:7a:5a:ad:98:36:77:72:1f:01:ed:48:91:48:16:2d:
+ 35:a5:15:21:98:ff:7e:5d:a1:45:c9:5f:9d:c2:3e:e5:98:e2:
+ ee:ce:4d:18:76:3d:8a:0a:64:9b:f1:19:9d:b6:82:af:1b:15:
+ d3:48:69:f1:9b:67:76:1b:41:8e:1d:69:d5:31:64:95:01:41:
+ 73:c1:a9:29:53:6b:f3:29:ad:e0:96:52:8e:3e:8d:c1:8e:d8:
+ b5:0c:94:5f:a2:6c:3c:0f:3e:5b:10:af:21:00:74:d0:b7:30:
+ 6c:44:fb:3d:09:46:8d:1d:e6:c2:e4:0a:5b:f4:eb:e1:71:c7:
+ d5:36:13:90:05:fe:65:16:61:24:b5:41:f2:10:bd:2c:c3:34:
+ 69:15:25:d1:32:f2:b3:d7:da:23:1b:e9:5b:33:63:43:c8:dc:
+ 68:f2:31:b5:93:0e:64:ea:9a:45:36:9f:96:44:38:1e:4e:d8:
+ 45:ba:37:68:06:4d:da:d4:16:d3:3e:77:86:4e:8d:58:d6:06:
+ a8:60:11:4d:d9:81:f3:85:2b:ee:58:50:6e:ea:2b:f7:84:00:
+ 9c:ec:a1:90:d4:94
+-----BEGIN CERTIFICATE-----
+MIIDNzCCAZ+gAwIBAgIIa7MYPN71IAkwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
+BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
+djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
+DBNjYS50ZXN0LmV4YW1wbGUuY29tMB4XDTEyMDgxNDA1MDAwMFoXDTEyMDgxNDA2
+MDAwMFowMTEvMC0GA1UEAwwmc3J2MDEuY2xpZW50MDMtbnMyLWV4cGlyZWQuZXhh
+bXBsZS5jb20wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQ4mpvCaoKm0VCKeHrRvmG+
+1LbT1qICl6RIUMDFHdgtIxklbpECHWnCd9bxqE9Kmh08aVqJQQry4GRXGw6e359M
+ezxC3CHILJWrs0xfVsRw7oqk5EbEnpj1yHuyc9dFk/CjNTAzMDEGA1UdEQQqMCiC
+JnNydjAxLmNsaWVudDAzLW5zMi1leHBpcmVkLmV4YW1wbGUuY29tMA0GCSqGSIb3
+DQEBCwUAA4IBgQA4Eh9fJraOmz93iVq46EZ4w9bwDGdf1aOc9vIKrpyHdJ+jW4on
+WEfleBrp27XMKKf4GOPnIEPPggZdodCCqxW+hkYe5k2teKQWbJlBPSkhyGudPUrN
+kzcfHIjHrrZ8c0JXVzKd6MbiPtoSVz7IVkq71AH8jjCNGf5hPV4CZGWiRrNu6vnL
+TvC59rxrOBAZ0JP499lM0ocsf9z1AMYp3QBe0vTfUvt6Wq2YNndyHwHtSJFIFi01
+pRUhmP9+XaFFyV+dwj7lmOLuzk0Ydj2KCmSb8RmdtoKvGxXTSGnxm2d2G0GOHWnV
+MWSVAUFzwakpU2vzKa3gllKOPo3Bjti1DJRfomw8Dz5bEK8hAHTQtzBsRPs9CUaN
+HebC5Apb9OvhccfVNhOQBf5lFmEktUHyEL0swzRpFSXRMvKz19ojG+lbM2NDyNxo
+8jG1kw5k6ppFNp+WRDgeTthFujdoBk3a1BbTPneGTo1Y1gaoYBFN2YHzhSvuWFBu
+6iv3hACc7KGQ1JQ=
+-----END CERTIFICATE-----
diff --git a/bin/tests/system/doth/CA/certs/srv01.crt01.example.com.key b/bin/tests/system/doth/CA/certs/srv01.crt01.example.com.key
new file mode 100644
index 0000000..a4194bd
--- /dev/null
+++ b/bin/tests/system/doth/CA/certs/srv01.crt01.example.com.key
@@ -0,0 +1,6 @@
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDB/BdYjkgkVy4gTuXX3
+20DWo80uWsQkKDwMeOoaQ2cYy5Cm2AdTALDdBihGKRfACPqhZANiAAQSoXsPefIp
+9Y9qBtAogxRDjxlMKZE2MA8GplbnV5tYLJ78nKNO9uNvkEDVCf2Ulo4UaHRv6Ken
+q4w1lvLWj12XXdG5IlvvMRWh4ettb6+xL4Dlpak48m/5ZRRwp6Ws4Ro=
+-----END PRIVATE KEY-----
diff --git a/bin/tests/system/doth/CA/certs/srv01.crt01.example.com.pem b/bin/tests/system/doth/CA/certs/srv01.crt01.example.com.pem
new file mode 100644
index 0000000..8671dd3
--- /dev/null
+++ b/bin/tests/system/doth/CA/certs/srv01.crt01.example.com.pem
@@ -0,0 +1,69 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 7760573232607207425 (0x6bb3183cdef52001)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
+ Validity
+ Not Before: Feb 8 17:18:52 2022 GMT
+ Not After : Feb 1 17:18:52 2052 GMT
+ Subject: CN=srv01.crt01.example.com
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:12:a1:7b:0f:79:f2:29:f5:8f:6a:06:d0:28:83:
+ 14:43:8f:19:4c:29:91:36:30:0f:06:a6:56:e7:57:
+ 9b:58:2c:9e:fc:9c:a3:4e:f6:e3:6f:90:40:d5:09:
+ fd:94:96:8e:14:68:74:6f:e8:a7:a7:ab:8c:35:96:
+ f2:d6:8f:5d:97:5d:d1:b9:22:5b:ef:31:15:a1:e1:
+ eb:6d:6f:af:b1:2f:80:e5:a5:a9:38:f2:6f:f9:65:
+ 14:70:a7:a5:ac:e1:1a
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Subject Alternative Name:
+ DNS:srv01.crt01.example.com, IP Address:10.53.0.1, IP Address:FD92:7065:B8E:FFFF:0:0:0:1
+ Signature Algorithm: sha256WithRSAEncryption
+ 79:0f:08:ab:18:cc:f9:7a:bd:47:21:99:a1:a3:76:04:7f:d7:
+ 08:33:91:49:3d:2d:fc:8d:ff:c5:c1:8d:b8:70:05:65:32:cd:
+ e2:26:21:49:19:66:a2:94:4f:42:7d:83:3c:4f:ed:c1:87:89:
+ 5b:73:2c:64:64:67:29:f5:73:83:23:72:b7:a8:2e:d6:9a:de:
+ 13:0c:ba:35:d3:38:b1:c4:51:7d:81:fc:25:ca:a6:d9:d2:fa:
+ bb:6d:1f:a4:61:90:50:2d:8a:ed:70:1a:eb:56:2f:fc:7b:f3:
+ 76:df:68:8d:e8:a4:7d:82:b9:5c:c6:cb:d8:06:f7:78:dc:a7:
+ 94:35:d4:83:98:28:51:36:1c:73:47:e4:5b:32:d2:cd:de:1c:
+ 44:f6:de:37:8a:46:d0:14:8d:71:e5:10:22:b1:f9:73:f7:1b:
+ 4f:82:e1:a1:00:73:18:17:71:a2:bf:a2:0c:59:aa:43:58:46:
+ 82:f8:38:c4:5a:5a:9f:13:d7:a9:54:1f:58:9b:5d:52:16:d3:
+ a0:ba:6b:aa:cf:68:3a:d1:12:9c:94:ac:78:6b:7e:bc:69:6c:
+ 75:07:5d:fb:68:cd:e8:8d:bb:8c:b0:7c:6c:9e:f6:a5:7c:32:
+ 74:ef:c5:b1:1f:1d:ec:7b:2f:79:c0:3b:52:60:9b:48:89:09:
+ b4:46:34:69:d3:7b:1b:15:ef:0c:dd:64:1d:58:fe:a7:0b:b1:
+ 9d:28:1f:1e:9e:3c:c0:b1:a6:38:ab:9d:54:24:0e:75:6c:9e:
+ 90:13:b9:39:dc:43:fe:37:e3:14:0f:78:7e:2b:56:a2:d2:60:
+ 51:57:88:3b:4c:cf:24:67:36:77:21:bb:c8:07:eb:48:f7:b0:
+ 1e:e4:99:61:84:15:bb:61:3a:21:55:df:31:43:67:73:8f:6b:
+ e9:04:83:be:2d:8b:94:39:89:cf:40:d5:04:f7:6b:c9:c6:8c:
+ 6e:36:0f:5d:7a:9b:57:86:36:76:2c:75:35:47:50:ed:9a:84:
+ 7e:37:83:b5:21:a2
+-----BEGIN CERTIFICATE-----
+MIIDMzCCAZugAwIBAgIIa7MYPN71IAEwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
+BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
+djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
+DBNjYS50ZXN0LmV4YW1wbGUuY29tMCAXDTIyMDIwODE3MTg1MloYDzIwNTIwMjAx
+MTcxODUyWjAiMSAwHgYDVQQDDBdzcnYwMS5jcnQwMS5leGFtcGxlLmNvbTB2MBAG
+ByqGSM49AgEGBSuBBAAiA2IABBKhew958in1j2oG0CiDFEOPGUwpkTYwDwamVudX
+m1gsnvyco07242+QQNUJ/ZSWjhRodG/op6erjDWW8taPXZdd0bkiW+8xFaHh621v
+r7EvgOWlqTjyb/llFHCnpazhGqM+MDwwOgYDVR0RBDMwMYIXc3J2MDEuY3J0MDEu
+ZXhhbXBsZS5jb22HBAo1AAGHEP2ScGULjv//AAAAAAAAAAEwDQYJKoZIhvcNAQEL
+BQADggGBAHkPCKsYzPl6vUchmaGjdgR/1wgzkUk9LfyN/8XBjbhwBWUyzeImIUkZ
+ZqKUT0J9gzxP7cGHiVtzLGRkZyn1c4MjcreoLtaa3hMMujXTOLHEUX2B/CXKptnS
++rttH6RhkFAtiu1wGutWL/x783bfaI3opH2CuVzGy9gG93jcp5Q11IOYKFE2HHNH
+5Fsy0s3eHET23jeKRtAUjXHlECKx+XP3G0+C4aEAcxgXcaK/ogxZqkNYRoL4OMRa
+Wp8T16lUH1ibXVIW06C6a6rPaDrREpyUrHhrfrxpbHUHXftozeiNu4ywfGye9qV8
+MnTvxbEfHex7L3nAO1Jgm0iJCbRGNGnTexsV7wzdZB1Y/qcLsZ0oHx6ePMCxpjir
+nVQkDnVsnpATuTncQ/434xQPeH4rVqLSYFFXiDtMzyRnNnchu8gH60j3sB7kmWGE
+FbthOiFV3zFDZ3OPa+kEg74ti5Q5ic9A1QT3a8nGjG42D116m1eGNnYsdTVHUO2a
+hH43g7Uhog==
+-----END CERTIFICATE-----
diff --git a/bin/tests/system/doth/CA/certs/srv01.crt02-no-san.example.com.key b/bin/tests/system/doth/CA/certs/srv01.crt02-no-san.example.com.key
new file mode 100644
index 0000000..db770c1
--- /dev/null
+++ b/bin/tests/system/doth/CA/certs/srv01.crt02-no-san.example.com.key
@@ -0,0 +1,6 @@
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDC3sc7RaI9GyH5Z1e0D
+WcccNjr43zpavmMqA8bcS9dBBjkiEdvGH47r3EIXTjp0f46hZANiAASjLTP9kpDc
+A+82+aSokPFHab7ojmUI2uWzgmMcr5o3tHV8zkb7GRe8kHJPdLZFOfeWs0SFHK1q
+26R2hu6OJz33YXjf4QSK65GLAWe2aTJUUBxWhtov7+Q9lLr3WwIUtRM=
+-----END PRIVATE KEY-----
diff --git a/bin/tests/system/doth/CA/certs/srv01.crt02-no-san.example.com.pem b/bin/tests/system/doth/CA/certs/srv01.crt02-no-san.example.com.pem
new file mode 100644
index 0000000..65f0f9f
--- /dev/null
+++ b/bin/tests/system/doth/CA/certs/srv01.crt02-no-san.example.com.pem
@@ -0,0 +1,64 @@
+Certificate:
+ Data:
+ Version: 1 (0x0)
+ Serial Number: 7760573232607207426 (0x6bb3183cdef52002)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
+ Validity
+ Not Before: Feb 8 17:21:43 2022 GMT
+ Not After : Feb 1 17:21:43 2052 GMT
+ Subject: CN=srv01.crt02-no-san.example.com
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:a3:2d:33:fd:92:90:dc:03:ef:36:f9:a4:a8:90:
+ f1:47:69:be:e8:8e:65:08:da:e5:b3:82:63:1c:af:
+ 9a:37:b4:75:7c:ce:46:fb:19:17:bc:90:72:4f:74:
+ b6:45:39:f7:96:b3:44:85:1c:ad:6a:db:a4:76:86:
+ ee:8e:27:3d:f7:61:78:df:e1:04:8a:eb:91:8b:01:
+ 67:b6:69:32:54:50:1c:56:86:da:2f:ef:e4:3d:94:
+ ba:f7:5b:02:14:b5:13
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ Signature Algorithm: sha256WithRSAEncryption
+ 07:20:2a:a6:7a:52:52:ba:1e:b7:79:cf:e6:11:9c:ca:3f:43:
+ 2b:f3:d7:2e:74:74:57:81:a1:aa:e6:68:c9:fd:d1:a8:a6:5b:
+ a2:ff:ea:f7:f0:b7:46:dc:a0:5a:64:5f:ce:e7:0f:76:63:14:
+ 6d:c2:51:4b:30:ea:51:7e:4a:1b:d3:b2:f8:c2:3d:3f:c1:bf:
+ ad:db:4d:f8:28:31:e7:75:ae:84:37:90:00:e5:0b:6b:dc:23:
+ 98:69:d5:ef:ce:e2:0d:e7:19:f1:31:01:1f:2a:6c:23:a3:94:
+ 62:7a:bf:b3:b0:13:d0:62:fc:a5:a6:0d:52:bb:f4:31:ff:f3:
+ ce:3a:74:66:30:7f:29:04:8d:34:90:7a:9b:8f:da:82:2e:5c:
+ 81:dd:af:fa:3a:a1:4e:bb:0a:4c:62:01:40:39:67:9c:29:27:
+ 6e:2f:76:81:2d:33:68:ee:ee:ed:00:7f:12:7a:af:43:00:7b:
+ 2d:34:8a:26:9a:66:1c:e5:96:17:7c:f8:6d:1e:8c:17:39:ce:
+ 4f:0b:9e:40:72:e1:5e:33:3f:9e:84:b5:07:f5:ab:58:d7:37:
+ ed:d0:29:ad:ce:02:0d:fa:6f:96:a9:0e:6c:6e:32:d2:dc:11:
+ 23:a3:4a:60:54:b4:98:31:db:8f:4b:4c:58:64:39:4f:ff:27:
+ d0:02:e5:cc:b2:17:e8:46:dc:aa:cb:dc:3d:ed:14:52:ec:6d:
+ a6:cd:04:2f:fd:54:16:6c:7e:63:34:17:f1:1d:b8:37:dd:20:
+ 6c:f6:21:19:6f:bb:62:dd:bc:6c:41:34:ad:b1:90:eb:2a:e0:
+ 63:ea:70:60:6a:02:e8:fe:46:51:b1:9d:3c:54:54:73:25:b7:
+ 41:d1:4c:34:aa:88:48:b8:01:21:ae:d8:d3:06:38:05:65:78:
+ e7:38:f0:f6:e6:2e:61:c0:42:5e:3b:09:59:eb:09:48:4d:55:
+ 7c:af:f4:de:c1:09:a0:b4:60:f7:9e:a2:d5:46:fc:05:61:69:
+ e0:c1:2d:26:dc:42
+-----BEGIN CERTIFICATE-----
+MIIC9TCCAV0CCGuzGDze9SACMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNVBAYTAlVB
+MRgwFgYDVQQIDA9LaGFya2l2IE9ibGFzdCcxEDAOBgNVBAcMB0toYXJraXYxJDAi
+BgNVBAoMG0ludGVybmV0IFN5c3RlbXMgQ29uc29ydGl1bTEcMBoGA1UEAwwTY2Eu
+dGVzdC5leGFtcGxlLmNvbTAgFw0yMjAyMDgxNzIxNDNaGA8yMDUyMDIwMTE3MjE0
+M1owKTEnMCUGA1UEAwwec3J2MDEuY3J0MDItbm8tc2FuLmV4YW1wbGUuY29tMHYw
+EAYHKoZIzj0CAQYFK4EEACIDYgAEoy0z/ZKQ3APvNvmkqJDxR2m+6I5lCNrls4Jj
+HK+aN7R1fM5G+xkXvJByT3S2RTn3lrNEhRytatukdobujic992F43+EEiuuRiwFn
+tmkyVFAcVobaL+/kPZS691sCFLUTMA0GCSqGSIb3DQEBCwUAA4IBgQAHICqmelJS
+uh63ec/mEZzKP0Mr89cudHRXgaGq5mjJ/dGoplui/+r38LdG3KBaZF/O5w92YxRt
+wlFLMOpRfkob07L4wj0/wb+t2034KDHnda6EN5AA5Qtr3COYadXvzuIN5xnxMQEf
+Kmwjo5Rier+zsBPQYvylpg1Su/Qx//POOnRmMH8pBI00kHqbj9qCLlyB3a/6OqFO
+uwpMYgFAOWecKSduL3aBLTNo7u7tAH8Seq9DAHstNIommmYc5ZYXfPhtHowXOc5P
+C55AcuFeMz+ehLUH9atY1zft0CmtzgIN+m+WqQ5sbjLS3BEjo0pgVLSYMduPS0xY
+ZDlP/yfQAuXMshfoRtyqy9w97RRS7G2mzQQv/VQWbH5jNBfxHbg33SBs9iEZb7ti
+3bxsQTStsZDrKuBj6nBgagLo/kZRsZ08VFRzJbdB0Uw0qohIuAEhrtjTBjgFZXjn
+OPD25i5hwEJeOwlZ6wlITVV8r/TewQmgtGD3nqLVRvwFYWngwS0m3EI=
+-----END CERTIFICATE-----
diff --git a/bin/tests/system/doth/CA/certs/srv01.crt03-expired.example.com.key b/bin/tests/system/doth/CA/certs/srv01.crt03-expired.example.com.key
new file mode 100644
index 0000000..caef1f0
--- /dev/null
+++ b/bin/tests/system/doth/CA/certs/srv01.crt03-expired.example.com.key
@@ -0,0 +1,6 @@
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAtAQNSdzyxR3sm6gyx
+2Ob3SNCsYvdsE6+gobSUJWYbdus0CCFBIN6Qpms9oc0hAgqhZANiAAQf1Xurc7Jw
+Ff0zJgJcdhaADHB9V4N1rDy3SgJGNcEbwXq9vvIEmn9pg39UmhsQYtdwve8mkFFQ
+EHdWtxovRF6RRjbhLqRMZy5iqH8aFRBEaIsY6s+4lgm/tTrR7xCPn7s=
+-----END PRIVATE KEY-----
diff --git a/bin/tests/system/doth/CA/certs/srv01.crt03-expired.example.com.pem b/bin/tests/system/doth/CA/certs/srv01.crt03-expired.example.com.pem
new file mode 100644
index 0000000..4befde4
--- /dev/null
+++ b/bin/tests/system/doth/CA/certs/srv01.crt03-expired.example.com.pem
@@ -0,0 +1,69 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 7760573232607207430 (0x6bb3183cdef52006)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
+ Validity
+ Not Before: Aug 15 08:00:00 2012 GMT
+ Not After : Aug 15 09:00:00 2012 GMT
+ Subject: CN=srv01.crt03-expired.example.com
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:1f:d5:7b:ab:73:b2:70:15:fd:33:26:02:5c:76:
+ 16:80:0c:70:7d:57:83:75:ac:3c:b7:4a:02:46:35:
+ c1:1b:c1:7a:bd:be:f2:04:9a:7f:69:83:7f:54:9a:
+ 1b:10:62:d7:70:bd:ef:26:90:51:50:10:77:56:b7:
+ 1a:2f:44:5e:91:46:36:e1:2e:a4:4c:67:2e:62:a8:
+ 7f:1a:15:10:44:68:8b:18:ea:cf:b8:96:09:bf:b5:
+ 3a:d1:ef:10:8f:9f:bb
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Subject Alternative Name:
+ DNS:srv01.crt03-expired.example.com, IP Address:10.53.0.1, IP Address:FD92:7065:B8E:FFFF:0:0:0:1
+ Signature Algorithm: sha256WithRSAEncryption
+ 25:35:08:f6:e7:f0:83:81:be:65:31:1b:78:a8:04:84:fe:6a:
+ 2a:1a:5d:c1:73:20:88:08:11:d8:27:be:a5:8e:3c:df:e2:a6:
+ 19:c5:41:40:ea:01:91:85:99:8d:17:4e:4d:9a:3c:03:f9:78:
+ 4c:8a:20:41:5e:96:d6:64:83:2f:b2:fe:e7:77:09:f9:91:bd:
+ 22:1a:57:8b:f6:24:bc:7b:48:2b:2e:14:b7:32:bd:46:91:99:
+ 5e:21:9a:d3:15:a7:27:e1:c0:3a:c7:f5:f9:94:3f:6d:14:7e:
+ 0b:02:bf:05:d9:ac:10:8a:7e:b0:37:36:cd:cb:4a:b4:e1:01:
+ c7:04:8d:83:f3:c6:79:ff:ff:6c:f0:a4:bf:3c:12:61:ea:15:
+ ac:30:62:26:e3:c3:4e:7d:5c:68:d8:88:de:35:8d:44:75:8c:
+ a8:c1:0d:07:67:b5:d0:42:43:41:1f:39:a0:47:35:46:d7:0f:
+ 89:aa:e8:d3:86:45:9a:fb:33:01:06:23:64:53:24:48:5b:69:
+ fa:cf:d9:81:fb:5e:7e:7b:82:65:56:c6:46:65:5c:e1:4f:f2:
+ 3c:09:3c:28:5f:c9:e3:a5:24:e3:7b:aa:b5:b1:8a:6a:b2:02:
+ 32:5f:24:05:f1:67:c8:54:17:0c:cd:ca:3d:e4:44:3e:23:3a:
+ 7c:63:b6:f9:61:3a:21:e7:8f:27:ad:c3:26:86:39:49:6c:41:
+ 40:7f:1d:48:69:8d:db:6f:42:e4:09:fe:24:62:bd:8e:2e:54:
+ 25:f0:14:c2:d8:43:95:09:2e:5f:72:4f:43:b5:9a:8b:bb:8c:
+ 44:c6:77:c9:05:fb:1a:9f:d7:b6:a6:42:d9:5c:3d:a5:09:0f:
+ 9e:e0:c7:06:32:f1:ff:c9:53:5e:42:d4:2a:33:ad:06:ea:ec:
+ b0:26:d3:3c:ef:65:af:15:8e:7b:20:49:ad:f1:56:ef:17:6b:
+ fc:f4:d8:7c:82:9f:30:19:d0:bc:9c:79:e2:dc:9d:a7:f9:6b:
+ 6f:65:ae:21:a0:94
+-----BEGIN CERTIFICATE-----
+MIIDQTCCAamgAwIBAgIIa7MYPN71IAYwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
+BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
+djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
+DBNjYS50ZXN0LmV4YW1wbGUuY29tMB4XDTEyMDgxNTA4MDAwMFoXDTEyMDgxNTA5
+MDAwMFowKjEoMCYGA1UEAwwfc3J2MDEuY3J0MDMtZXhwaXJlZC5leGFtcGxlLmNv
+bTB2MBAGByqGSM49AgEGBSuBBAAiA2IABB/Ve6tzsnAV/TMmAlx2FoAMcH1Xg3Ws
+PLdKAkY1wRvBer2+8gSaf2mDf1SaGxBi13C97yaQUVAQd1a3Gi9EXpFGNuEupExn
+LmKofxoVEERoixjqz7iWCb+1OtHvEI+fu6NGMEQwQgYDVR0RBDswOYIfc3J2MDEu
+Y3J0MDMtZXhwaXJlZC5leGFtcGxlLmNvbYcECjUAAYcQ/ZJwZQuO//8AAAAAAAAA
+ATANBgkqhkiG9w0BAQsFAAOCAYEAJTUI9ufwg4G+ZTEbeKgEhP5qKhpdwXMgiAgR
+2Ce+pY483+KmGcVBQOoBkYWZjRdOTZo8A/l4TIogQV6W1mSDL7L+53cJ+ZG9IhpX
+i/YkvHtIKy4UtzK9RpGZXiGa0xWnJ+HAOsf1+ZQ/bRR+CwK/BdmsEIp+sDc2zctK
+tOEBxwSNg/PGef//bPCkvzwSYeoVrDBiJuPDTn1caNiI3jWNRHWMqMENB2e10EJD
+QR85oEc1RtcPiaro04ZFmvszAQYjZFMkSFtp+s/ZgftefnuCZVbGRmVc4U/yPAk8
+KF/J46Uk43uqtbGKarICMl8kBfFnyFQXDM3KPeREPiM6fGO2+WE6IeePJ63DJoY5
+SWxBQH8dSGmN229C5An+JGK9ji5UJfAUwthDlQkuX3JPQ7Wai7uMRMZ3yQX7Gp/X
+tqZC2Vw9pQkPnuDHBjLx/8lTXkLUKjOtBurssCbTPO9lrxWOeyBJrfFW7xdr/PTY
+fIKfMBnQvJx54tydp/lrb2WuIaCU
+-----END CERTIFICATE-----
diff --git a/bin/tests/system/doth/CA/certs/srv02.crt01.example.com.key b/bin/tests/system/doth/CA/certs/srv02.crt01.example.com.key
new file mode 100644
index 0000000..cf495c1
--- /dev/null
+++ b/bin/tests/system/doth/CA/certs/srv02.crt01.example.com.key
@@ -0,0 +1,6 @@
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDC/rdGBnhOuZ8hc7fUO
+6v0LO2xd2LMjTS0TCb0pVwsccYN/f6OxWJtu0uGSt0DaN6ihZANiAARD1PvMuIhg
+lRaqKtAxlss+qFzkdqzBv807ZYW7LMv6w0g8g8gI7txZFZciuEIXjHUJ+T62nPLF
+2122impDSAqi3RPCNuRzs2RUebv41H5I9AW+DHdjAf5PMLCqYrzy7fk=
+-----END PRIVATE KEY-----
diff --git a/bin/tests/system/doth/CA/certs/srv02.crt01.example.com.pem b/bin/tests/system/doth/CA/certs/srv02.crt01.example.com.pem
new file mode 100644
index 0000000..d061c2c
--- /dev/null
+++ b/bin/tests/system/doth/CA/certs/srv02.crt01.example.com.pem
@@ -0,0 +1,69 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 7760573232607207427 (0x6bb3183cdef52003)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
+ Validity
+ Not Before: Feb 8 17:57:59 2022 GMT
+ Not After : Feb 1 17:57:59 2052 GMT
+ Subject: CN=srv02.crt01.example.com
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:43:d4:fb:cc:b8:88:60:95:16:aa:2a:d0:31:96:
+ cb:3e:a8:5c:e4:76:ac:c1:bf:cd:3b:65:85:bb:2c:
+ cb:fa:c3:48:3c:83:c8:08:ee:dc:59:15:97:22:b8:
+ 42:17:8c:75:09:f9:3e:b6:9c:f2:c5:db:5d:b6:8a:
+ 6a:43:48:0a:a2:dd:13:c2:36:e4:73:b3:64:54:79:
+ bb:f8:d4:7e:48:f4:05:be:0c:77:63:01:fe:4f:30:
+ b0:aa:62:bc:f2:ed:f9
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Subject Alternative Name:
+ DNS:srv02.crt01.example.com, IP Address:10.53.0.2, IP Address:FD92:7065:B8E:FFFF:0:0:0:2
+ Signature Algorithm: sha256WithRSAEncryption
+ 89:ba:ae:4f:f8:3e:da:48:1f:5c:8f:ff:ee:d8:42:b0:0b:9b:
+ f1:b5:e2:90:c9:76:40:09:77:a3:31:d5:73:8f:eb:7d:69:94:
+ 1c:2b:10:31:da:d4:0c:29:e7:80:4e:61:53:ba:15:9d:e1:e8:
+ 0c:0d:19:77:2b:a8:74:46:e3:03:ae:ab:96:ea:af:80:c3:18:
+ e0:93:8e:e9:58:0e:79:47:98:a4:06:95:6b:8f:2c:d1:f7:29:
+ b1:98:85:e8:a4:9c:45:52:ad:c8:60:20:dc:3a:6a:40:78:15:
+ d1:b4:d0:c3:c5:f3:ac:fe:ec:d3:94:ef:66:0b:d7:8c:46:f3:
+ 62:30:c4:c2:78:65:de:40:4e:d8:26:84:8e:18:a7:71:f2:b7:
+ 65:d8:d0:c2:c8:e6:a0:fb:ea:01:de:2f:03:8a:50:3d:f6:6c:
+ 0b:ef:ce:f5:25:1f:80:54:3e:c2:6d:2c:d3:2b:bd:23:b7:3b:
+ 82:6b:91:7f:ea:ff:e6:11:37:d3:f0:d4:db:9f:32:ac:12:cc:
+ ec:25:25:81:58:16:18:90:73:c3:ad:7c:09:a7:08:99:16:ce:
+ e8:6c:4b:9a:e6:09:96:11:c2:f1:cf:19:43:a6:a6:81:f2:57:
+ 21:fa:b1:91:58:39:76:17:89:32:4c:4b:df:fa:59:03:b2:32:
+ b4:b3:95:89:af:f4:5e:94:b1:df:e9:bf:21:73:14:06:5d:08:
+ 1e:0f:d2:84:14:44:20:91:19:72:b9:38:0b:3c:2e:4f:ea:3a:
+ 9b:ef:93:61:e7:36:82:df:49:e2:d7:45:ea:87:45:1d:74:36:
+ 18:f4:aa:30:d5:65:da:1f:c7:98:61:ab:64:2a:49:98:64:a1:
+ 8c:33:3a:a5:97:4a:69:a6:9d:6f:00:b9:6b:81:8d:09:0f:98:
+ 63:0f:85:ae:e4:21:70:a3:da:5a:27:eb:df:6d:82:ac:bb:48:
+ 6b:01:4e:36:95:5a:d3:f0:b9:30:43:72:87:af:41:7a:30:13:
+ f2:92:15:f1:69:e7
+-----BEGIN CERTIFICATE-----
+MIIDMzCCAZugAwIBAgIIa7MYPN71IAMwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
+BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
+djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
+DBNjYS50ZXN0LmV4YW1wbGUuY29tMCAXDTIyMDIwODE3NTc1OVoYDzIwNTIwMjAx
+MTc1NzU5WjAiMSAwHgYDVQQDDBdzcnYwMi5jcnQwMS5leGFtcGxlLmNvbTB2MBAG
+ByqGSM49AgEGBSuBBAAiA2IABEPU+8y4iGCVFqoq0DGWyz6oXOR2rMG/zTtlhbss
+y/rDSDyDyAju3FkVlyK4QheMdQn5Prac8sXbXbaKakNICqLdE8I25HOzZFR5u/jU
+fkj0Bb4Md2MB/k8wsKpivPLt+aM+MDwwOgYDVR0RBDMwMYIXc3J2MDIuY3J0MDEu
+ZXhhbXBsZS5jb22HBAo1AAKHEP2ScGULjv//AAAAAAAAAAIwDQYJKoZIhvcNAQEL
+BQADggGBAIm6rk/4PtpIH1yP/+7YQrALm/G14pDJdkAJd6Mx1XOP631plBwrEDHa
+1Awp54BOYVO6FZ3h6AwNGXcrqHRG4wOuq5bqr4DDGOCTjulYDnlHmKQGlWuPLNH3
+KbGYheiknEVSrchgINw6akB4FdG00MPF86z+7NOU72YL14xG82IwxMJ4Zd5ATtgm
+hI4Yp3Hyt2XY0MLI5qD76gHeLwOKUD32bAvvzvUlH4BUPsJtLNMrvSO3O4JrkX/q
+/+YRN9Pw1NufMqwSzOwlJYFYFhiQc8OtfAmnCJkWzuhsS5rmCZYRwvHPGUOmpoHy
+VyH6sZFYOXYXiTJMS9/6WQOyMrSzlYmv9F6Usd/pvyFzFAZdCB4P0oQURCCRGXK5
+OAs8Lk/qOpvvk2HnNoLfSeLXReqHRR10Nhj0qjDVZdofx5hhq2QqSZhkoYwzOqWX
+SmmmnW8AuWuBjQkPmGMPha7kIXCj2lon699tgqy7SGsBTjaVWtPwuTBDcoevQXow
+E/KSFfFp5w==
+-----END CERTIFICATE-----
diff --git a/bin/tests/system/doth/CA/certs/srv03.crt01.example.com.key b/bin/tests/system/doth/CA/certs/srv03.crt01.example.com.key
new file mode 100644
index 0000000..72f8a40
--- /dev/null
+++ b/bin/tests/system/doth/CA/certs/srv03.crt01.example.com.key
@@ -0,0 +1,6 @@
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBMJxQaJB76ywjBuhZI
+LUz05LQuwmDBAFeZFqe10HG+r0cZvVw4Cr5M7jr2RVLqKRChZANiAARF27kbN2W/
+saGKWjkAjUoVO0OauC//qH2Zg6ic3LbCqp/4UaEOLpcPkBMiTIvx/zxr65EpfUzf
+fAXdrepKTK0K1m+OUbCIWEKILBbURx24j7NODRLfTBT2JyA/lJojgUg=
+-----END PRIVATE KEY-----
diff --git a/bin/tests/system/doth/CA/certs/srv03.crt01.example.com.pem b/bin/tests/system/doth/CA/certs/srv03.crt01.example.com.pem
new file mode 100644
index 0000000..39b48ee
--- /dev/null
+++ b/bin/tests/system/doth/CA/certs/srv03.crt01.example.com.pem
@@ -0,0 +1,69 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 7760573232607207428 (0x6bb3183cdef52004)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
+ Validity
+ Not Before: Feb 8 17:58:15 2022 GMT
+ Not After : Feb 1 17:58:15 2052 GMT
+ Subject: CN=srv03.crt01.example.com
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:45:db:b9:1b:37:65:bf:b1:a1:8a:5a:39:00:8d:
+ 4a:15:3b:43:9a:b8:2f:ff:a8:7d:99:83:a8:9c:dc:
+ b6:c2:aa:9f:f8:51:a1:0e:2e:97:0f:90:13:22:4c:
+ 8b:f1:ff:3c:6b:eb:91:29:7d:4c:df:7c:05:dd:ad:
+ ea:4a:4c:ad:0a:d6:6f:8e:51:b0:88:58:42:88:2c:
+ 16:d4:47:1d:b8:8f:b3:4e:0d:12:df:4c:14:f6:27:
+ 20:3f:94:9a:23:81:48
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Subject Alternative Name:
+ DNS:srv03.crt01.example.com, IP Address:10.53.0.3, IP Address:FD92:7065:B8E:FFFF:0:0:0:3
+ Signature Algorithm: sha256WithRSAEncryption
+ 8f:96:88:82:94:76:8e:97:b6:75:8b:e9:2b:4f:f3:8f:14:5c:
+ 50:00:ca:67:96:9e:2e:bd:53:25:25:40:6d:c5:56:e6:1a:f6:
+ cb:fb:58:fc:b3:56:9d:fc:0b:e2:8e:99:7e:e8:e6:ad:b6:e7:
+ e6:3e:8a:59:ef:3e:76:a4:ed:7b:58:fd:a3:4b:aa:4e:11:e1:
+ 57:bf:b1:23:a5:a1:00:f8:95:07:c8:7d:ee:ac:a7:c8:24:ee:
+ cf:e8:c5:a4:9f:96:27:c9:47:c1:7d:11:de:66:d0:6d:d1:8d:
+ e7:8f:a0:0f:46:d9:2e:70:f3:9f:ac:6a:b0:3f:5a:dc:70:d4:
+ b9:a5:f3:ff:5c:21:50:5d:c2:a2:46:26:25:2a:2f:8a:aa:7a:
+ fd:76:31:5f:e0:25:a3:ee:df:36:f0:ab:05:a1:5d:0d:3c:6b:
+ 2c:1d:d5:c5:73:9c:a0:57:1f:c4:26:e6:dc:a1:7c:25:08:21:
+ 61:28:e2:b3:f5:51:83:20:73:14:19:8f:47:79:69:bc:2b:22:
+ f2:17:62:1d:83:f7:4f:a9:c4:51:68:e0:a9:d7:9f:17:6a:d2:
+ fd:f7:04:ce:a4:f5:8e:eb:31:b4:bf:c6:2d:da:0c:70:6e:0c:
+ a5:75:21:54:3c:f6:3d:36:b8:8a:d8:b6:7b:77:7e:54:1d:9f:
+ 91:8f:02:a6:d1:2c:a7:30:d1:cc:e6:d9:6b:76:80:15:4b:ba:
+ fd:55:20:cc:b2:99:85:57:60:11:97:c5:e7:28:50:a6:17:af:
+ d2:bd:1b:7e:06:48:7f:63:dc:70:f8:3f:22:9f:41:a1:66:f5:
+ a7:81:99:cb:07:0e:8a:9a:bb:12:f6:c0:fe:59:0c:00:37:15:
+ b2:9d:f0:f9:93:d1:1a:b6:f8:0a:6b:bd:9e:92:32:45:f5:a2:
+ 44:f0:45:8d:1a:d0:10:b2:db:98:c4:c7:5e:c1:e8:f3:94:33:
+ 6c:06:f5:1a:cc:51:23:72:ae:37:2f:57:d4:f8:ac:1f:25:b4:
+ d3:bf:99:9b:ac:fc
+-----BEGIN CERTIFICATE-----
+MIIDMzCCAZugAwIBAgIIa7MYPN71IAQwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
+BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
+djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
+DBNjYS50ZXN0LmV4YW1wbGUuY29tMCAXDTIyMDIwODE3NTgxNVoYDzIwNTIwMjAx
+MTc1ODE1WjAiMSAwHgYDVQQDDBdzcnYwMy5jcnQwMS5leGFtcGxlLmNvbTB2MBAG
+ByqGSM49AgEGBSuBBAAiA2IABEXbuRs3Zb+xoYpaOQCNShU7Q5q4L/+ofZmDqJzc
+tsKqn/hRoQ4ulw+QEyJMi/H/PGvrkSl9TN98Bd2t6kpMrQrWb45RsIhYQogsFtRH
+HbiPs04NEt9MFPYnID+UmiOBSKM+MDwwOgYDVR0RBDMwMYIXc3J2MDMuY3J0MDEu
+ZXhhbXBsZS5jb22HBAo1AAOHEP2ScGULjv//AAAAAAAAAAMwDQYJKoZIhvcNAQEL
+BQADggGBAI+WiIKUdo6XtnWL6StP848UXFAAymeWni69UyUlQG3FVuYa9sv7WPyz
+Vp38C+KOmX7o5q225+Y+ilnvPnak7XtY/aNLqk4R4Ve/sSOloQD4lQfIfe6sp8gk
+7s/oxaSflifJR8F9Ed5m0G3RjeePoA9G2S5w85+sarA/Wtxw1Lml8/9cIVBdwqJG
+JiUqL4qqev12MV/gJaPu3zbwqwWhXQ08aywd1cVznKBXH8Qm5tyhfCUIIWEo4rP1
+UYMgcxQZj0d5abwrIvIXYh2D90+pxFFo4KnXnxdq0v33BM6k9Y7rMbS/xi3aDHBu
+DKV1IVQ89j02uIrYtnt3flQdn5GPAqbRLKcw0czm2Wt2gBVLuv1VIMyymYVXYBGX
+xecoUKYXr9K9G34GSH9j3HD4PyKfQaFm9aeBmcsHDoqauxL2wP5ZDAA3FbKd8PmT
+0Rq2+AprvZ6SMkX1okTwRY0a0BCy25jEx17B6POUM2wG9RrMUSNyrjcvV9T4rB8l
+tNO/mZus/A==
+-----END CERTIFICATE-----
diff --git a/bin/tests/system/doth/CA/certs/srv04.crt01.example.com.key b/bin/tests/system/doth/CA/certs/srv04.crt01.example.com.key
new file mode 100644
index 0000000..5356fc1
--- /dev/null
+++ b/bin/tests/system/doth/CA/certs/srv04.crt01.example.com.key
@@ -0,0 +1,6 @@
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDq5a0oiMxJiOdwaSmk
+U2NPPJXOWPZVWpIGxB0kczGcCS6Xq0VinNqLe5YI9M1YwXehZANiAASeQ9fMKeGO
+SzWhj7ePMA9Ws1t/wGKbIyFwsSvnc/nqOAFmS1JDMc8QaRW/awjzaQc/mbu4cNA7
+iSId8iVCWj5VkcP8tL7HLYZRFMSr/nxUNGfHXtuGhMxm61SvnX3czhg=
+-----END PRIVATE KEY-----
diff --git a/bin/tests/system/doth/CA/certs/srv04.crt01.example.com.pem b/bin/tests/system/doth/CA/certs/srv04.crt01.example.com.pem
new file mode 100644
index 0000000..b4e2d22
--- /dev/null
+++ b/bin/tests/system/doth/CA/certs/srv04.crt01.example.com.pem
@@ -0,0 +1,69 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 7760573232607207429 (0x6bb3183cdef52005)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
+ Validity
+ Not Before: Feb 8 17:59:14 2022 GMT
+ Not After : Feb 1 17:59:14 2052 GMT
+ Subject: CN=srv04.crt01.example.com
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:9e:43:d7:cc:29:e1:8e:4b:35:a1:8f:b7:8f:30:
+ 0f:56:b3:5b:7f:c0:62:9b:23:21:70:b1:2b:e7:73:
+ f9:ea:38:01:66:4b:52:43:31:cf:10:69:15:bf:6b:
+ 08:f3:69:07:3f:99:bb:b8:70:d0:3b:89:22:1d:f2:
+ 25:42:5a:3e:55:91:c3:fc:b4:be:c7:2d:86:51:14:
+ c4:ab:fe:7c:54:34:67:c7:5e:db:86:84:cc:66:eb:
+ 54:af:9d:7d:dc:ce:18
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Subject Alternative Name:
+ DNS:srv04.crt01.example.com, IP Address:10.53.0.4, IP Address:FD92:7065:B8E:FFFF:0:0:0:4
+ Signature Algorithm: sha256WithRSAEncryption
+ 48:b5:38:59:79:e6:51:a6:ea:80:d7:d1:3c:29:03:70:31:e4:
+ 43:b4:e3:09:e7:e1:37:8c:d0:0f:2a:19:7a:f2:5a:6d:76:cd:
+ 17:7a:66:1c:3e:74:56:24:b8:29:06:55:b2:1c:af:9a:42:05:
+ 93:a4:70:cb:a5:68:85:ab:71:53:da:d9:29:a3:f4:2a:1e:df:
+ 0c:ec:7d:52:55:fa:9b:e6:a0:18:d5:4c:da:e6:d2:60:da:bc:
+ 09:5b:13:53:6d:c7:d2:30:b9:a8:a5:02:7f:a3:66:28:34:93:
+ de:55:a0:de:b5:c8:dc:43:7b:b9:03:06:1f:ce:8c:5f:82:d8:
+ af:40:56:ce:f8:b9:d4:73:1c:ae:c9:cb:1d:0f:a2:52:71:9b:
+ 8b:05:f4:d6:0b:1e:a8:db:0f:29:a0:43:b5:2f:56:09:d8:68:
+ 58:9c:e5:6a:df:38:91:56:9d:44:e5:d2:ca:9a:b1:41:a1:01:
+ 0c:68:a0:f5:0a:f7:98:4f:d5:a0:6f:99:59:a0:e0:cb:49:57:
+ 26:20:09:5a:fa:c2:75:40:f6:1b:6a:ac:55:47:50:8d:38:81:
+ 61:79:44:e7:d5:d1:b3:c7:3b:db:ec:44:59:ef:e1:82:31:a3:
+ 38:4c:de:40:11:31:52:8b:bb:1c:af:be:ce:c5:2b:f5:0d:c0:
+ 60:13:fb:7e:da:22:41:d4:85:5e:4d:ba:db:f8:f7:26:61:32:
+ 26:fe:fe:9e:37:a3:cc:25:3b:3c:c8:b5:a7:a5:5c:d9:4d:8f:
+ a8:f2:86:98:79:b3:00:08:0f:f2:c9:1f:c6:3f:07:ad:e4:a7:
+ 8d:86:3d:15:fa:5b:1a:0f:96:67:b6:0a:78:0a:bb:6e:05:a6:
+ 54:29:48:b4:f9:48:0d:7f:f0:13:65:32:2f:c5:ee:ab:b8:e8:
+ 0d:b2:f9:c9:96:d2:cf:51:a2:64:3c:58:0f:65:6f:c6:99:93:
+ 76:2c:42:08:d9:f3:f3:13:cd:41:b6:67:8f:1d:9a:2f:da:93:
+ 3d:26:4c:9a:11:c1
+-----BEGIN CERTIFICATE-----
+MIIDMzCCAZugAwIBAgIIa7MYPN71IAUwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
+BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
+djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
+DBNjYS50ZXN0LmV4YW1wbGUuY29tMCAXDTIyMDIwODE3NTkxNFoYDzIwNTIwMjAx
+MTc1OTE0WjAiMSAwHgYDVQQDDBdzcnYwNC5jcnQwMS5leGFtcGxlLmNvbTB2MBAG
+ByqGSM49AgEGBSuBBAAiA2IABJ5D18wp4Y5LNaGPt48wD1azW3/AYpsjIXCxK+dz
++eo4AWZLUkMxzxBpFb9rCPNpBz+Zu7hw0DuJIh3yJUJaPlWRw/y0vscthlEUxKv+
+fFQ0Z8de24aEzGbrVK+dfdzOGKM+MDwwOgYDVR0RBDMwMYIXc3J2MDQuY3J0MDEu
+ZXhhbXBsZS5jb22HBAo1AASHEP2ScGULjv//AAAAAAAAAAQwDQYJKoZIhvcNAQEL
+BQADggGBAEi1OFl55lGm6oDX0TwpA3Ax5EO04wnn4TeM0A8qGXryWm12zRd6Zhw+
+dFYkuCkGVbIcr5pCBZOkcMulaIWrcVPa2Smj9Coe3wzsfVJV+pvmoBjVTNrm0mDa
+vAlbE1Ntx9IwuailAn+jZig0k95VoN61yNxDe7kDBh/OjF+C2K9AVs74udRzHK7J
+yx0PolJxm4sF9NYLHqjbDymgQ7UvVgnYaFic5WrfOJFWnUTl0sqasUGhAQxooPUK
+95hP1aBvmVmg4MtJVyYgCVr6wnVA9htqrFVHUI04gWF5ROfV0bPHO9vsRFnv4YIx
+ozhM3kARMVKLuxyvvs7FK/UNwGAT+37aIkHUhV5Nutv49yZhMib+/p43o8wlOzzI
+taelXNlNj6jyhph5swAID/LJH8Y/B63kp42GPRX6WxoPlme2CngKu24FplQpSLT5
+SA1/8BNlMi/F7qu46A2y+cmW0s9RomQ8WA9lb8aZk3YsQgjZ8/MTzUG2Z48dmi/a
+kz0mTJoRwQ==
+-----END CERTIFICATE-----
diff --git a/bin/tests/system/doth/CA/index.txt b/bin/tests/system/doth/CA/index.txt
new file mode 100644
index 0000000..230127d
--- /dev/null
+++ b/bin/tests/system/doth/CA/index.txt
@@ -0,0 +1,9 @@
+V 20520201171852Z 6BB3183CDEF52001 unknown /CN=srv01.crt01.example.com
+V 20520201172143Z 6BB3183CDEF52002 unknown /CN=srv01.crt02-no-san.example.com
+V 20520201175759Z 6BB3183CDEF52003 unknown /CN=srv02.crt01.example.com
+V 20520201175815Z 6BB3183CDEF52004 unknown /CN=srv03.crt01.example.com
+V 20520201175914Z 6BB3183CDEF52005 unknown /CN=srv04.crt01.example.com
+V 120815090000Z 6BB3183CDEF52006 unknown /CN=srv01.crt03-expired.example.com
+V 20520203174420Z 6BB3183CDEF52007 unknown /CN=srv01.client01.example.com
+V 20520204132112Z 6BB3183CDEF52008 unknown /CN=srv01.client02-ns2.example.com
+V 120814060000Z 6BB3183CDEF52009 unknown /CN=srv01.client03-ns2-expired.example.com
diff --git a/bin/tests/system/doth/CA/index.txt.attr b/bin/tests/system/doth/CA/index.txt.attr
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/bin/tests/system/doth/CA/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/bin/tests/system/doth/CA/newcerts/6BB3183CDEF52001.pem b/bin/tests/system/doth/CA/newcerts/6BB3183CDEF52001.pem
new file mode 100644
index 0000000..8671dd3
--- /dev/null
+++ b/bin/tests/system/doth/CA/newcerts/6BB3183CDEF52001.pem
@@ -0,0 +1,69 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 7760573232607207425 (0x6bb3183cdef52001)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
+ Validity
+ Not Before: Feb 8 17:18:52 2022 GMT
+ Not After : Feb 1 17:18:52 2052 GMT
+ Subject: CN=srv01.crt01.example.com
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:12:a1:7b:0f:79:f2:29:f5:8f:6a:06:d0:28:83:
+ 14:43:8f:19:4c:29:91:36:30:0f:06:a6:56:e7:57:
+ 9b:58:2c:9e:fc:9c:a3:4e:f6:e3:6f:90:40:d5:09:
+ fd:94:96:8e:14:68:74:6f:e8:a7:a7:ab:8c:35:96:
+ f2:d6:8f:5d:97:5d:d1:b9:22:5b:ef:31:15:a1:e1:
+ eb:6d:6f:af:b1:2f:80:e5:a5:a9:38:f2:6f:f9:65:
+ 14:70:a7:a5:ac:e1:1a
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Subject Alternative Name:
+ DNS:srv01.crt01.example.com, IP Address:10.53.0.1, IP Address:FD92:7065:B8E:FFFF:0:0:0:1
+ Signature Algorithm: sha256WithRSAEncryption
+ 79:0f:08:ab:18:cc:f9:7a:bd:47:21:99:a1:a3:76:04:7f:d7:
+ 08:33:91:49:3d:2d:fc:8d:ff:c5:c1:8d:b8:70:05:65:32:cd:
+ e2:26:21:49:19:66:a2:94:4f:42:7d:83:3c:4f:ed:c1:87:89:
+ 5b:73:2c:64:64:67:29:f5:73:83:23:72:b7:a8:2e:d6:9a:de:
+ 13:0c:ba:35:d3:38:b1:c4:51:7d:81:fc:25:ca:a6:d9:d2:fa:
+ bb:6d:1f:a4:61:90:50:2d:8a:ed:70:1a:eb:56:2f:fc:7b:f3:
+ 76:df:68:8d:e8:a4:7d:82:b9:5c:c6:cb:d8:06:f7:78:dc:a7:
+ 94:35:d4:83:98:28:51:36:1c:73:47:e4:5b:32:d2:cd:de:1c:
+ 44:f6:de:37:8a:46:d0:14:8d:71:e5:10:22:b1:f9:73:f7:1b:
+ 4f:82:e1:a1:00:73:18:17:71:a2:bf:a2:0c:59:aa:43:58:46:
+ 82:f8:38:c4:5a:5a:9f:13:d7:a9:54:1f:58:9b:5d:52:16:d3:
+ a0:ba:6b:aa:cf:68:3a:d1:12:9c:94:ac:78:6b:7e:bc:69:6c:
+ 75:07:5d:fb:68:cd:e8:8d:bb:8c:b0:7c:6c:9e:f6:a5:7c:32:
+ 74:ef:c5:b1:1f:1d:ec:7b:2f:79:c0:3b:52:60:9b:48:89:09:
+ b4:46:34:69:d3:7b:1b:15:ef:0c:dd:64:1d:58:fe:a7:0b:b1:
+ 9d:28:1f:1e:9e:3c:c0:b1:a6:38:ab:9d:54:24:0e:75:6c:9e:
+ 90:13:b9:39:dc:43:fe:37:e3:14:0f:78:7e:2b:56:a2:d2:60:
+ 51:57:88:3b:4c:cf:24:67:36:77:21:bb:c8:07:eb:48:f7:b0:
+ 1e:e4:99:61:84:15:bb:61:3a:21:55:df:31:43:67:73:8f:6b:
+ e9:04:83:be:2d:8b:94:39:89:cf:40:d5:04:f7:6b:c9:c6:8c:
+ 6e:36:0f:5d:7a:9b:57:86:36:76:2c:75:35:47:50:ed:9a:84:
+ 7e:37:83:b5:21:a2
+-----BEGIN CERTIFICATE-----
+MIIDMzCCAZugAwIBAgIIa7MYPN71IAEwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
+BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
+djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
+DBNjYS50ZXN0LmV4YW1wbGUuY29tMCAXDTIyMDIwODE3MTg1MloYDzIwNTIwMjAx
+MTcxODUyWjAiMSAwHgYDVQQDDBdzcnYwMS5jcnQwMS5leGFtcGxlLmNvbTB2MBAG
+ByqGSM49AgEGBSuBBAAiA2IABBKhew958in1j2oG0CiDFEOPGUwpkTYwDwamVudX
+m1gsnvyco07242+QQNUJ/ZSWjhRodG/op6erjDWW8taPXZdd0bkiW+8xFaHh621v
+r7EvgOWlqTjyb/llFHCnpazhGqM+MDwwOgYDVR0RBDMwMYIXc3J2MDEuY3J0MDEu
+ZXhhbXBsZS5jb22HBAo1AAGHEP2ScGULjv//AAAAAAAAAAEwDQYJKoZIhvcNAQEL
+BQADggGBAHkPCKsYzPl6vUchmaGjdgR/1wgzkUk9LfyN/8XBjbhwBWUyzeImIUkZ
+ZqKUT0J9gzxP7cGHiVtzLGRkZyn1c4MjcreoLtaa3hMMujXTOLHEUX2B/CXKptnS
++rttH6RhkFAtiu1wGutWL/x783bfaI3opH2CuVzGy9gG93jcp5Q11IOYKFE2HHNH
+5Fsy0s3eHET23jeKRtAUjXHlECKx+XP3G0+C4aEAcxgXcaK/ogxZqkNYRoL4OMRa
+Wp8T16lUH1ibXVIW06C6a6rPaDrREpyUrHhrfrxpbHUHXftozeiNu4ywfGye9qV8
+MnTvxbEfHex7L3nAO1Jgm0iJCbRGNGnTexsV7wzdZB1Y/qcLsZ0oHx6ePMCxpjir
+nVQkDnVsnpATuTncQ/434xQPeH4rVqLSYFFXiDtMzyRnNnchu8gH60j3sB7kmWGE
+FbthOiFV3zFDZ3OPa+kEg74ti5Q5ic9A1QT3a8nGjG42D116m1eGNnYsdTVHUO2a
+hH43g7Uhog==
+-----END CERTIFICATE-----
diff --git a/bin/tests/system/doth/CA/newcerts/6BB3183CDEF52002.pem b/bin/tests/system/doth/CA/newcerts/6BB3183CDEF52002.pem
new file mode 100644
index 0000000..65f0f9f
--- /dev/null
+++ b/bin/tests/system/doth/CA/newcerts/6BB3183CDEF52002.pem
@@ -0,0 +1,64 @@
+Certificate:
+ Data:
+ Version: 1 (0x0)
+ Serial Number: 7760573232607207426 (0x6bb3183cdef52002)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
+ Validity
+ Not Before: Feb 8 17:21:43 2022 GMT
+ Not After : Feb 1 17:21:43 2052 GMT
+ Subject: CN=srv01.crt02-no-san.example.com
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:a3:2d:33:fd:92:90:dc:03:ef:36:f9:a4:a8:90:
+ f1:47:69:be:e8:8e:65:08:da:e5:b3:82:63:1c:af:
+ 9a:37:b4:75:7c:ce:46:fb:19:17:bc:90:72:4f:74:
+ b6:45:39:f7:96:b3:44:85:1c:ad:6a:db:a4:76:86:
+ ee:8e:27:3d:f7:61:78:df:e1:04:8a:eb:91:8b:01:
+ 67:b6:69:32:54:50:1c:56:86:da:2f:ef:e4:3d:94:
+ ba:f7:5b:02:14:b5:13
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ Signature Algorithm: sha256WithRSAEncryption
+ 07:20:2a:a6:7a:52:52:ba:1e:b7:79:cf:e6:11:9c:ca:3f:43:
+ 2b:f3:d7:2e:74:74:57:81:a1:aa:e6:68:c9:fd:d1:a8:a6:5b:
+ a2:ff:ea:f7:f0:b7:46:dc:a0:5a:64:5f:ce:e7:0f:76:63:14:
+ 6d:c2:51:4b:30:ea:51:7e:4a:1b:d3:b2:f8:c2:3d:3f:c1:bf:
+ ad:db:4d:f8:28:31:e7:75:ae:84:37:90:00:e5:0b:6b:dc:23:
+ 98:69:d5:ef:ce:e2:0d:e7:19:f1:31:01:1f:2a:6c:23:a3:94:
+ 62:7a:bf:b3:b0:13:d0:62:fc:a5:a6:0d:52:bb:f4:31:ff:f3:
+ ce:3a:74:66:30:7f:29:04:8d:34:90:7a:9b:8f:da:82:2e:5c:
+ 81:dd:af:fa:3a:a1:4e:bb:0a:4c:62:01:40:39:67:9c:29:27:
+ 6e:2f:76:81:2d:33:68:ee:ee:ed:00:7f:12:7a:af:43:00:7b:
+ 2d:34:8a:26:9a:66:1c:e5:96:17:7c:f8:6d:1e:8c:17:39:ce:
+ 4f:0b:9e:40:72:e1:5e:33:3f:9e:84:b5:07:f5:ab:58:d7:37:
+ ed:d0:29:ad:ce:02:0d:fa:6f:96:a9:0e:6c:6e:32:d2:dc:11:
+ 23:a3:4a:60:54:b4:98:31:db:8f:4b:4c:58:64:39:4f:ff:27:
+ d0:02:e5:cc:b2:17:e8:46:dc:aa:cb:dc:3d:ed:14:52:ec:6d:
+ a6:cd:04:2f:fd:54:16:6c:7e:63:34:17:f1:1d:b8:37:dd:20:
+ 6c:f6:21:19:6f:bb:62:dd:bc:6c:41:34:ad:b1:90:eb:2a:e0:
+ 63:ea:70:60:6a:02:e8:fe:46:51:b1:9d:3c:54:54:73:25:b7:
+ 41:d1:4c:34:aa:88:48:b8:01:21:ae:d8:d3:06:38:05:65:78:
+ e7:38:f0:f6:e6:2e:61:c0:42:5e:3b:09:59:eb:09:48:4d:55:
+ 7c:af:f4:de:c1:09:a0:b4:60:f7:9e:a2:d5:46:fc:05:61:69:
+ e0:c1:2d:26:dc:42
+-----BEGIN CERTIFICATE-----
+MIIC9TCCAV0CCGuzGDze9SACMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNVBAYTAlVB
+MRgwFgYDVQQIDA9LaGFya2l2IE9ibGFzdCcxEDAOBgNVBAcMB0toYXJraXYxJDAi
+BgNVBAoMG0ludGVybmV0IFN5c3RlbXMgQ29uc29ydGl1bTEcMBoGA1UEAwwTY2Eu
+dGVzdC5leGFtcGxlLmNvbTAgFw0yMjAyMDgxNzIxNDNaGA8yMDUyMDIwMTE3MjE0
+M1owKTEnMCUGA1UEAwwec3J2MDEuY3J0MDItbm8tc2FuLmV4YW1wbGUuY29tMHYw
+EAYHKoZIzj0CAQYFK4EEACIDYgAEoy0z/ZKQ3APvNvmkqJDxR2m+6I5lCNrls4Jj
+HK+aN7R1fM5G+xkXvJByT3S2RTn3lrNEhRytatukdobujic992F43+EEiuuRiwFn
+tmkyVFAcVobaL+/kPZS691sCFLUTMA0GCSqGSIb3DQEBCwUAA4IBgQAHICqmelJS
+uh63ec/mEZzKP0Mr89cudHRXgaGq5mjJ/dGoplui/+r38LdG3KBaZF/O5w92YxRt
+wlFLMOpRfkob07L4wj0/wb+t2034KDHnda6EN5AA5Qtr3COYadXvzuIN5xnxMQEf
+Kmwjo5Rier+zsBPQYvylpg1Su/Qx//POOnRmMH8pBI00kHqbj9qCLlyB3a/6OqFO
+uwpMYgFAOWecKSduL3aBLTNo7u7tAH8Seq9DAHstNIommmYc5ZYXfPhtHowXOc5P
+C55AcuFeMz+ehLUH9atY1zft0CmtzgIN+m+WqQ5sbjLS3BEjo0pgVLSYMduPS0xY
+ZDlP/yfQAuXMshfoRtyqy9w97RRS7G2mzQQv/VQWbH5jNBfxHbg33SBs9iEZb7ti
+3bxsQTStsZDrKuBj6nBgagLo/kZRsZ08VFRzJbdB0Uw0qohIuAEhrtjTBjgFZXjn
+OPD25i5hwEJeOwlZ6wlITVV8r/TewQmgtGD3nqLVRvwFYWngwS0m3EI=
+-----END CERTIFICATE-----
diff --git a/bin/tests/system/doth/CA/newcerts/6BB3183CDEF52003.pem b/bin/tests/system/doth/CA/newcerts/6BB3183CDEF52003.pem
new file mode 100644
index 0000000..d061c2c
--- /dev/null
+++ b/bin/tests/system/doth/CA/newcerts/6BB3183CDEF52003.pem
@@ -0,0 +1,69 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 7760573232607207427 (0x6bb3183cdef52003)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
+ Validity
+ Not Before: Feb 8 17:57:59 2022 GMT
+ Not After : Feb 1 17:57:59 2052 GMT
+ Subject: CN=srv02.crt01.example.com
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:43:d4:fb:cc:b8:88:60:95:16:aa:2a:d0:31:96:
+ cb:3e:a8:5c:e4:76:ac:c1:bf:cd:3b:65:85:bb:2c:
+ cb:fa:c3:48:3c:83:c8:08:ee:dc:59:15:97:22:b8:
+ 42:17:8c:75:09:f9:3e:b6:9c:f2:c5:db:5d:b6:8a:
+ 6a:43:48:0a:a2:dd:13:c2:36:e4:73:b3:64:54:79:
+ bb:f8:d4:7e:48:f4:05:be:0c:77:63:01:fe:4f:30:
+ b0:aa:62:bc:f2:ed:f9
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Subject Alternative Name:
+ DNS:srv02.crt01.example.com, IP Address:10.53.0.2, IP Address:FD92:7065:B8E:FFFF:0:0:0:2
+ Signature Algorithm: sha256WithRSAEncryption
+ 89:ba:ae:4f:f8:3e:da:48:1f:5c:8f:ff:ee:d8:42:b0:0b:9b:
+ f1:b5:e2:90:c9:76:40:09:77:a3:31:d5:73:8f:eb:7d:69:94:
+ 1c:2b:10:31:da:d4:0c:29:e7:80:4e:61:53:ba:15:9d:e1:e8:
+ 0c:0d:19:77:2b:a8:74:46:e3:03:ae:ab:96:ea:af:80:c3:18:
+ e0:93:8e:e9:58:0e:79:47:98:a4:06:95:6b:8f:2c:d1:f7:29:
+ b1:98:85:e8:a4:9c:45:52:ad:c8:60:20:dc:3a:6a:40:78:15:
+ d1:b4:d0:c3:c5:f3:ac:fe:ec:d3:94:ef:66:0b:d7:8c:46:f3:
+ 62:30:c4:c2:78:65:de:40:4e:d8:26:84:8e:18:a7:71:f2:b7:
+ 65:d8:d0:c2:c8:e6:a0:fb:ea:01:de:2f:03:8a:50:3d:f6:6c:
+ 0b:ef:ce:f5:25:1f:80:54:3e:c2:6d:2c:d3:2b:bd:23:b7:3b:
+ 82:6b:91:7f:ea:ff:e6:11:37:d3:f0:d4:db:9f:32:ac:12:cc:
+ ec:25:25:81:58:16:18:90:73:c3:ad:7c:09:a7:08:99:16:ce:
+ e8:6c:4b:9a:e6:09:96:11:c2:f1:cf:19:43:a6:a6:81:f2:57:
+ 21:fa:b1:91:58:39:76:17:89:32:4c:4b:df:fa:59:03:b2:32:
+ b4:b3:95:89:af:f4:5e:94:b1:df:e9:bf:21:73:14:06:5d:08:
+ 1e:0f:d2:84:14:44:20:91:19:72:b9:38:0b:3c:2e:4f:ea:3a:
+ 9b:ef:93:61:e7:36:82:df:49:e2:d7:45:ea:87:45:1d:74:36:
+ 18:f4:aa:30:d5:65:da:1f:c7:98:61:ab:64:2a:49:98:64:a1:
+ 8c:33:3a:a5:97:4a:69:a6:9d:6f:00:b9:6b:81:8d:09:0f:98:
+ 63:0f:85:ae:e4:21:70:a3:da:5a:27:eb:df:6d:82:ac:bb:48:
+ 6b:01:4e:36:95:5a:d3:f0:b9:30:43:72:87:af:41:7a:30:13:
+ f2:92:15:f1:69:e7
+-----BEGIN CERTIFICATE-----
+MIIDMzCCAZugAwIBAgIIa7MYPN71IAMwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
+BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
+djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
+DBNjYS50ZXN0LmV4YW1wbGUuY29tMCAXDTIyMDIwODE3NTc1OVoYDzIwNTIwMjAx
+MTc1NzU5WjAiMSAwHgYDVQQDDBdzcnYwMi5jcnQwMS5leGFtcGxlLmNvbTB2MBAG
+ByqGSM49AgEGBSuBBAAiA2IABEPU+8y4iGCVFqoq0DGWyz6oXOR2rMG/zTtlhbss
+y/rDSDyDyAju3FkVlyK4QheMdQn5Prac8sXbXbaKakNICqLdE8I25HOzZFR5u/jU
+fkj0Bb4Md2MB/k8wsKpivPLt+aM+MDwwOgYDVR0RBDMwMYIXc3J2MDIuY3J0MDEu
+ZXhhbXBsZS5jb22HBAo1AAKHEP2ScGULjv//AAAAAAAAAAIwDQYJKoZIhvcNAQEL
+BQADggGBAIm6rk/4PtpIH1yP/+7YQrALm/G14pDJdkAJd6Mx1XOP631plBwrEDHa
+1Awp54BOYVO6FZ3h6AwNGXcrqHRG4wOuq5bqr4DDGOCTjulYDnlHmKQGlWuPLNH3
+KbGYheiknEVSrchgINw6akB4FdG00MPF86z+7NOU72YL14xG82IwxMJ4Zd5ATtgm
+hI4Yp3Hyt2XY0MLI5qD76gHeLwOKUD32bAvvzvUlH4BUPsJtLNMrvSO3O4JrkX/q
+/+YRN9Pw1NufMqwSzOwlJYFYFhiQc8OtfAmnCJkWzuhsS5rmCZYRwvHPGUOmpoHy
+VyH6sZFYOXYXiTJMS9/6WQOyMrSzlYmv9F6Usd/pvyFzFAZdCB4P0oQURCCRGXK5
+OAs8Lk/qOpvvk2HnNoLfSeLXReqHRR10Nhj0qjDVZdofx5hhq2QqSZhkoYwzOqWX
+SmmmnW8AuWuBjQkPmGMPha7kIXCj2lon699tgqy7SGsBTjaVWtPwuTBDcoevQXow
+E/KSFfFp5w==
+-----END CERTIFICATE-----
diff --git a/bin/tests/system/doth/CA/newcerts/6BB3183CDEF52004.pem b/bin/tests/system/doth/CA/newcerts/6BB3183CDEF52004.pem
new file mode 100644
index 0000000..39b48ee
--- /dev/null
+++ b/bin/tests/system/doth/CA/newcerts/6BB3183CDEF52004.pem
@@ -0,0 +1,69 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 7760573232607207428 (0x6bb3183cdef52004)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
+ Validity
+ Not Before: Feb 8 17:58:15 2022 GMT
+ Not After : Feb 1 17:58:15 2052 GMT
+ Subject: CN=srv03.crt01.example.com
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:45:db:b9:1b:37:65:bf:b1:a1:8a:5a:39:00:8d:
+ 4a:15:3b:43:9a:b8:2f:ff:a8:7d:99:83:a8:9c:dc:
+ b6:c2:aa:9f:f8:51:a1:0e:2e:97:0f:90:13:22:4c:
+ 8b:f1:ff:3c:6b:eb:91:29:7d:4c:df:7c:05:dd:ad:
+ ea:4a:4c:ad:0a:d6:6f:8e:51:b0:88:58:42:88:2c:
+ 16:d4:47:1d:b8:8f:b3:4e:0d:12:df:4c:14:f6:27:
+ 20:3f:94:9a:23:81:48
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Subject Alternative Name:
+ DNS:srv03.crt01.example.com, IP Address:10.53.0.3, IP Address:FD92:7065:B8E:FFFF:0:0:0:3
+ Signature Algorithm: sha256WithRSAEncryption
+ 8f:96:88:82:94:76:8e:97:b6:75:8b:e9:2b:4f:f3:8f:14:5c:
+ 50:00:ca:67:96:9e:2e:bd:53:25:25:40:6d:c5:56:e6:1a:f6:
+ cb:fb:58:fc:b3:56:9d:fc:0b:e2:8e:99:7e:e8:e6:ad:b6:e7:
+ e6:3e:8a:59:ef:3e:76:a4:ed:7b:58:fd:a3:4b:aa:4e:11:e1:
+ 57:bf:b1:23:a5:a1:00:f8:95:07:c8:7d:ee:ac:a7:c8:24:ee:
+ cf:e8:c5:a4:9f:96:27:c9:47:c1:7d:11:de:66:d0:6d:d1:8d:
+ e7:8f:a0:0f:46:d9:2e:70:f3:9f:ac:6a:b0:3f:5a:dc:70:d4:
+ b9:a5:f3:ff:5c:21:50:5d:c2:a2:46:26:25:2a:2f:8a:aa:7a:
+ fd:76:31:5f:e0:25:a3:ee:df:36:f0:ab:05:a1:5d:0d:3c:6b:
+ 2c:1d:d5:c5:73:9c:a0:57:1f:c4:26:e6:dc:a1:7c:25:08:21:
+ 61:28:e2:b3:f5:51:83:20:73:14:19:8f:47:79:69:bc:2b:22:
+ f2:17:62:1d:83:f7:4f:a9:c4:51:68:e0:a9:d7:9f:17:6a:d2:
+ fd:f7:04:ce:a4:f5:8e:eb:31:b4:bf:c6:2d:da:0c:70:6e:0c:
+ a5:75:21:54:3c:f6:3d:36:b8:8a:d8:b6:7b:77:7e:54:1d:9f:
+ 91:8f:02:a6:d1:2c:a7:30:d1:cc:e6:d9:6b:76:80:15:4b:ba:
+ fd:55:20:cc:b2:99:85:57:60:11:97:c5:e7:28:50:a6:17:af:
+ d2:bd:1b:7e:06:48:7f:63:dc:70:f8:3f:22:9f:41:a1:66:f5:
+ a7:81:99:cb:07:0e:8a:9a:bb:12:f6:c0:fe:59:0c:00:37:15:
+ b2:9d:f0:f9:93:d1:1a:b6:f8:0a:6b:bd:9e:92:32:45:f5:a2:
+ 44:f0:45:8d:1a:d0:10:b2:db:98:c4:c7:5e:c1:e8:f3:94:33:
+ 6c:06:f5:1a:cc:51:23:72:ae:37:2f:57:d4:f8:ac:1f:25:b4:
+ d3:bf:99:9b:ac:fc
+-----BEGIN CERTIFICATE-----
+MIIDMzCCAZugAwIBAgIIa7MYPN71IAQwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
+BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
+djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
+DBNjYS50ZXN0LmV4YW1wbGUuY29tMCAXDTIyMDIwODE3NTgxNVoYDzIwNTIwMjAx
+MTc1ODE1WjAiMSAwHgYDVQQDDBdzcnYwMy5jcnQwMS5leGFtcGxlLmNvbTB2MBAG
+ByqGSM49AgEGBSuBBAAiA2IABEXbuRs3Zb+xoYpaOQCNShU7Q5q4L/+ofZmDqJzc
+tsKqn/hRoQ4ulw+QEyJMi/H/PGvrkSl9TN98Bd2t6kpMrQrWb45RsIhYQogsFtRH
+HbiPs04NEt9MFPYnID+UmiOBSKM+MDwwOgYDVR0RBDMwMYIXc3J2MDMuY3J0MDEu
+ZXhhbXBsZS5jb22HBAo1AAOHEP2ScGULjv//AAAAAAAAAAMwDQYJKoZIhvcNAQEL
+BQADggGBAI+WiIKUdo6XtnWL6StP848UXFAAymeWni69UyUlQG3FVuYa9sv7WPyz
+Vp38C+KOmX7o5q225+Y+ilnvPnak7XtY/aNLqk4R4Ve/sSOloQD4lQfIfe6sp8gk
+7s/oxaSflifJR8F9Ed5m0G3RjeePoA9G2S5w85+sarA/Wtxw1Lml8/9cIVBdwqJG
+JiUqL4qqev12MV/gJaPu3zbwqwWhXQ08aywd1cVznKBXH8Qm5tyhfCUIIWEo4rP1
+UYMgcxQZj0d5abwrIvIXYh2D90+pxFFo4KnXnxdq0v33BM6k9Y7rMbS/xi3aDHBu
+DKV1IVQ89j02uIrYtnt3flQdn5GPAqbRLKcw0czm2Wt2gBVLuv1VIMyymYVXYBGX
+xecoUKYXr9K9G34GSH9j3HD4PyKfQaFm9aeBmcsHDoqauxL2wP5ZDAA3FbKd8PmT
+0Rq2+AprvZ6SMkX1okTwRY0a0BCy25jEx17B6POUM2wG9RrMUSNyrjcvV9T4rB8l
+tNO/mZus/A==
+-----END CERTIFICATE-----
diff --git a/bin/tests/system/doth/CA/newcerts/6BB3183CDEF52005.pem b/bin/tests/system/doth/CA/newcerts/6BB3183CDEF52005.pem
new file mode 100644
index 0000000..b4e2d22
--- /dev/null
+++ b/bin/tests/system/doth/CA/newcerts/6BB3183CDEF52005.pem
@@ -0,0 +1,69 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 7760573232607207429 (0x6bb3183cdef52005)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
+ Validity
+ Not Before: Feb 8 17:59:14 2022 GMT
+ Not After : Feb 1 17:59:14 2052 GMT
+ Subject: CN=srv04.crt01.example.com
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:9e:43:d7:cc:29:e1:8e:4b:35:a1:8f:b7:8f:30:
+ 0f:56:b3:5b:7f:c0:62:9b:23:21:70:b1:2b:e7:73:
+ f9:ea:38:01:66:4b:52:43:31:cf:10:69:15:bf:6b:
+ 08:f3:69:07:3f:99:bb:b8:70:d0:3b:89:22:1d:f2:
+ 25:42:5a:3e:55:91:c3:fc:b4:be:c7:2d:86:51:14:
+ c4:ab:fe:7c:54:34:67:c7:5e:db:86:84:cc:66:eb:
+ 54:af:9d:7d:dc:ce:18
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Subject Alternative Name:
+ DNS:srv04.crt01.example.com, IP Address:10.53.0.4, IP Address:FD92:7065:B8E:FFFF:0:0:0:4
+ Signature Algorithm: sha256WithRSAEncryption
+ 48:b5:38:59:79:e6:51:a6:ea:80:d7:d1:3c:29:03:70:31:e4:
+ 43:b4:e3:09:e7:e1:37:8c:d0:0f:2a:19:7a:f2:5a:6d:76:cd:
+ 17:7a:66:1c:3e:74:56:24:b8:29:06:55:b2:1c:af:9a:42:05:
+ 93:a4:70:cb:a5:68:85:ab:71:53:da:d9:29:a3:f4:2a:1e:df:
+ 0c:ec:7d:52:55:fa:9b:e6:a0:18:d5:4c:da:e6:d2:60:da:bc:
+ 09:5b:13:53:6d:c7:d2:30:b9:a8:a5:02:7f:a3:66:28:34:93:
+ de:55:a0:de:b5:c8:dc:43:7b:b9:03:06:1f:ce:8c:5f:82:d8:
+ af:40:56:ce:f8:b9:d4:73:1c:ae:c9:cb:1d:0f:a2:52:71:9b:
+ 8b:05:f4:d6:0b:1e:a8:db:0f:29:a0:43:b5:2f:56:09:d8:68:
+ 58:9c:e5:6a:df:38:91:56:9d:44:e5:d2:ca:9a:b1:41:a1:01:
+ 0c:68:a0:f5:0a:f7:98:4f:d5:a0:6f:99:59:a0:e0:cb:49:57:
+ 26:20:09:5a:fa:c2:75:40:f6:1b:6a:ac:55:47:50:8d:38:81:
+ 61:79:44:e7:d5:d1:b3:c7:3b:db:ec:44:59:ef:e1:82:31:a3:
+ 38:4c:de:40:11:31:52:8b:bb:1c:af:be:ce:c5:2b:f5:0d:c0:
+ 60:13:fb:7e:da:22:41:d4:85:5e:4d:ba:db:f8:f7:26:61:32:
+ 26:fe:fe:9e:37:a3:cc:25:3b:3c:c8:b5:a7:a5:5c:d9:4d:8f:
+ a8:f2:86:98:79:b3:00:08:0f:f2:c9:1f:c6:3f:07:ad:e4:a7:
+ 8d:86:3d:15:fa:5b:1a:0f:96:67:b6:0a:78:0a:bb:6e:05:a6:
+ 54:29:48:b4:f9:48:0d:7f:f0:13:65:32:2f:c5:ee:ab:b8:e8:
+ 0d:b2:f9:c9:96:d2:cf:51:a2:64:3c:58:0f:65:6f:c6:99:93:
+ 76:2c:42:08:d9:f3:f3:13:cd:41:b6:67:8f:1d:9a:2f:da:93:
+ 3d:26:4c:9a:11:c1
+-----BEGIN CERTIFICATE-----
+MIIDMzCCAZugAwIBAgIIa7MYPN71IAUwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
+BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
+djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
+DBNjYS50ZXN0LmV4YW1wbGUuY29tMCAXDTIyMDIwODE3NTkxNFoYDzIwNTIwMjAx
+MTc1OTE0WjAiMSAwHgYDVQQDDBdzcnYwNC5jcnQwMS5leGFtcGxlLmNvbTB2MBAG
+ByqGSM49AgEGBSuBBAAiA2IABJ5D18wp4Y5LNaGPt48wD1azW3/AYpsjIXCxK+dz
++eo4AWZLUkMxzxBpFb9rCPNpBz+Zu7hw0DuJIh3yJUJaPlWRw/y0vscthlEUxKv+
+fFQ0Z8de24aEzGbrVK+dfdzOGKM+MDwwOgYDVR0RBDMwMYIXc3J2MDQuY3J0MDEu
+ZXhhbXBsZS5jb22HBAo1AASHEP2ScGULjv//AAAAAAAAAAQwDQYJKoZIhvcNAQEL
+BQADggGBAEi1OFl55lGm6oDX0TwpA3Ax5EO04wnn4TeM0A8qGXryWm12zRd6Zhw+
+dFYkuCkGVbIcr5pCBZOkcMulaIWrcVPa2Smj9Coe3wzsfVJV+pvmoBjVTNrm0mDa
+vAlbE1Ntx9IwuailAn+jZig0k95VoN61yNxDe7kDBh/OjF+C2K9AVs74udRzHK7J
+yx0PolJxm4sF9NYLHqjbDymgQ7UvVgnYaFic5WrfOJFWnUTl0sqasUGhAQxooPUK
+95hP1aBvmVmg4MtJVyYgCVr6wnVA9htqrFVHUI04gWF5ROfV0bPHO9vsRFnv4YIx
+ozhM3kARMVKLuxyvvs7FK/UNwGAT+37aIkHUhV5Nutv49yZhMib+/p43o8wlOzzI
+taelXNlNj6jyhph5swAID/LJH8Y/B63kp42GPRX6WxoPlme2CngKu24FplQpSLT5
+SA1/8BNlMi/F7qu46A2y+cmW0s9RomQ8WA9lb8aZk3YsQgjZ8/MTzUG2Z48dmi/a
+kz0mTJoRwQ==
+-----END CERTIFICATE-----
diff --git a/bin/tests/system/doth/CA/newcerts/6BB3183CDEF52006.pem b/bin/tests/system/doth/CA/newcerts/6BB3183CDEF52006.pem
new file mode 100644
index 0000000..4befde4
--- /dev/null
+++ b/bin/tests/system/doth/CA/newcerts/6BB3183CDEF52006.pem
@@ -0,0 +1,69 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 7760573232607207430 (0x6bb3183cdef52006)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
+ Validity
+ Not Before: Aug 15 08:00:00 2012 GMT
+ Not After : Aug 15 09:00:00 2012 GMT
+ Subject: CN=srv01.crt03-expired.example.com
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:1f:d5:7b:ab:73:b2:70:15:fd:33:26:02:5c:76:
+ 16:80:0c:70:7d:57:83:75:ac:3c:b7:4a:02:46:35:
+ c1:1b:c1:7a:bd:be:f2:04:9a:7f:69:83:7f:54:9a:
+ 1b:10:62:d7:70:bd:ef:26:90:51:50:10:77:56:b7:
+ 1a:2f:44:5e:91:46:36:e1:2e:a4:4c:67:2e:62:a8:
+ 7f:1a:15:10:44:68:8b:18:ea:cf:b8:96:09:bf:b5:
+ 3a:d1:ef:10:8f:9f:bb
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Subject Alternative Name:
+ DNS:srv01.crt03-expired.example.com, IP Address:10.53.0.1, IP Address:FD92:7065:B8E:FFFF:0:0:0:1
+ Signature Algorithm: sha256WithRSAEncryption
+ 25:35:08:f6:e7:f0:83:81:be:65:31:1b:78:a8:04:84:fe:6a:
+ 2a:1a:5d:c1:73:20:88:08:11:d8:27:be:a5:8e:3c:df:e2:a6:
+ 19:c5:41:40:ea:01:91:85:99:8d:17:4e:4d:9a:3c:03:f9:78:
+ 4c:8a:20:41:5e:96:d6:64:83:2f:b2:fe:e7:77:09:f9:91:bd:
+ 22:1a:57:8b:f6:24:bc:7b:48:2b:2e:14:b7:32:bd:46:91:99:
+ 5e:21:9a:d3:15:a7:27:e1:c0:3a:c7:f5:f9:94:3f:6d:14:7e:
+ 0b:02:bf:05:d9:ac:10:8a:7e:b0:37:36:cd:cb:4a:b4:e1:01:
+ c7:04:8d:83:f3:c6:79:ff:ff:6c:f0:a4:bf:3c:12:61:ea:15:
+ ac:30:62:26:e3:c3:4e:7d:5c:68:d8:88:de:35:8d:44:75:8c:
+ a8:c1:0d:07:67:b5:d0:42:43:41:1f:39:a0:47:35:46:d7:0f:
+ 89:aa:e8:d3:86:45:9a:fb:33:01:06:23:64:53:24:48:5b:69:
+ fa:cf:d9:81:fb:5e:7e:7b:82:65:56:c6:46:65:5c:e1:4f:f2:
+ 3c:09:3c:28:5f:c9:e3:a5:24:e3:7b:aa:b5:b1:8a:6a:b2:02:
+ 32:5f:24:05:f1:67:c8:54:17:0c:cd:ca:3d:e4:44:3e:23:3a:
+ 7c:63:b6:f9:61:3a:21:e7:8f:27:ad:c3:26:86:39:49:6c:41:
+ 40:7f:1d:48:69:8d:db:6f:42:e4:09:fe:24:62:bd:8e:2e:54:
+ 25:f0:14:c2:d8:43:95:09:2e:5f:72:4f:43:b5:9a:8b:bb:8c:
+ 44:c6:77:c9:05:fb:1a:9f:d7:b6:a6:42:d9:5c:3d:a5:09:0f:
+ 9e:e0:c7:06:32:f1:ff:c9:53:5e:42:d4:2a:33:ad:06:ea:ec:
+ b0:26:d3:3c:ef:65:af:15:8e:7b:20:49:ad:f1:56:ef:17:6b:
+ fc:f4:d8:7c:82:9f:30:19:d0:bc:9c:79:e2:dc:9d:a7:f9:6b:
+ 6f:65:ae:21:a0:94
+-----BEGIN CERTIFICATE-----
+MIIDQTCCAamgAwIBAgIIa7MYPN71IAYwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
+BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
+djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
+DBNjYS50ZXN0LmV4YW1wbGUuY29tMB4XDTEyMDgxNTA4MDAwMFoXDTEyMDgxNTA5
+MDAwMFowKjEoMCYGA1UEAwwfc3J2MDEuY3J0MDMtZXhwaXJlZC5leGFtcGxlLmNv
+bTB2MBAGByqGSM49AgEGBSuBBAAiA2IABB/Ve6tzsnAV/TMmAlx2FoAMcH1Xg3Ws
+PLdKAkY1wRvBer2+8gSaf2mDf1SaGxBi13C97yaQUVAQd1a3Gi9EXpFGNuEupExn
+LmKofxoVEERoixjqz7iWCb+1OtHvEI+fu6NGMEQwQgYDVR0RBDswOYIfc3J2MDEu
+Y3J0MDMtZXhwaXJlZC5leGFtcGxlLmNvbYcECjUAAYcQ/ZJwZQuO//8AAAAAAAAA
+ATANBgkqhkiG9w0BAQsFAAOCAYEAJTUI9ufwg4G+ZTEbeKgEhP5qKhpdwXMgiAgR
+2Ce+pY483+KmGcVBQOoBkYWZjRdOTZo8A/l4TIogQV6W1mSDL7L+53cJ+ZG9IhpX
+i/YkvHtIKy4UtzK9RpGZXiGa0xWnJ+HAOsf1+ZQ/bRR+CwK/BdmsEIp+sDc2zctK
+tOEBxwSNg/PGef//bPCkvzwSYeoVrDBiJuPDTn1caNiI3jWNRHWMqMENB2e10EJD
+QR85oEc1RtcPiaro04ZFmvszAQYjZFMkSFtp+s/ZgftefnuCZVbGRmVc4U/yPAk8
+KF/J46Uk43uqtbGKarICMl8kBfFnyFQXDM3KPeREPiM6fGO2+WE6IeePJ63DJoY5
+SWxBQH8dSGmN229C5An+JGK9ji5UJfAUwthDlQkuX3JPQ7Wai7uMRMZ3yQX7Gp/X
+tqZC2Vw9pQkPnuDHBjLx/8lTXkLUKjOtBurssCbTPO9lrxWOeyBJrfFW7xdr/PTY
+fIKfMBnQvJx54tydp/lrb2WuIaCU
+-----END CERTIFICATE-----
diff --git a/bin/tests/system/doth/CA/newcerts/6BB3183CDEF52007.pem b/bin/tests/system/doth/CA/newcerts/6BB3183CDEF52007.pem
new file mode 100644
index 0000000..0b4c115
--- /dev/null
+++ b/bin/tests/system/doth/CA/newcerts/6BB3183CDEF52007.pem
@@ -0,0 +1,68 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 7760573232607207431 (0x6bb3183cdef52007)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
+ Validity
+ Not Before: Feb 10 17:44:20 2022 GMT
+ Not After : Feb 3 17:44:20 2052 GMT
+ Subject: CN=srv01.client01.example.com
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:5e:93:6a:7a:da:75:cc:64:08:e4:f8:f9:2f:2b:
+ 85:36:ee:e1:df:fa:cd:4c:60:f1:44:b5:16:7b:f9:
+ 03:cf:a0:08:67:6f:ae:27:a3:95:8a:68:1e:63:ab:
+ cf:2e:20:62:52:e7:8c:3e:1e:ef:de:0d:69:64:65:
+ b6:e4:df:fe:1a:48:f8:68:75:84:83:11:fb:81:59:
+ 0e:c1:96:48:7f:24:da:11:dd:ac:cb:0a:c5:09:78:
+ 24:31:3a:df:37:e6:b3
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Subject Alternative Name:
+ DNS:srv01.client01.example.com
+ Signature Algorithm: sha256WithRSAEncryption
+ 82:bd:eb:8f:4e:a5:d2:46:c7:d8:70:3c:34:1d:58:43:1b:81:
+ 16:5d:c2:b0:76:4b:a9:f2:10:14:23:e4:ef:dc:59:03:b6:7f:
+ b0:40:34:e5:d0:82:4b:95:a6:07:9a:45:51:94:cf:08:c2:4e:
+ c9:44:d5:f3:b6:ed:f2:a0:01:94:ad:e0:0e:0f:ab:85:6f:35:
+ 4b:07:c8:97:25:fb:69:ff:a1:99:bc:ec:70:6c:51:b5:32:95:
+ e9:c9:45:cf:45:e2:c5:5e:b1:59:a2:e1:f2:83:c8:87:68:c4:
+ 60:e2:db:50:6c:18:64:1b:9a:9a:cc:7c:e7:fd:d9:f2:b7:d1:
+ de:1d:ec:29:c9:58:db:7b:9a:a1:06:9a:ce:36:a0:45:10:dc:
+ 7d:81:24:21:34:30:4c:71:f9:fc:96:37:d6:cf:0d:9d:11:12:
+ c7:62:bc:19:5b:79:e5:e0:37:e8:17:36:4b:13:af:fa:2c:2e:
+ 36:d9:be:53:e1:c3:f9:bc:94:a6:7a:97:14:99:36:f9:14:38:
+ 11:20:3a:2a:9d:fd:64:63:d0:a2:8f:f0:99:a9:02:ca:57:48:
+ d2:7d:65:44:b6:85:a0:38:ec:e8:19:7e:c2:48:e3:1d:22:53:
+ cf:3b:d4:0a:98:e1:72:62:ec:8b:01:3f:5a:ea:26:2c:8c:16:
+ c3:80:5a:c2:5d:40:c5:65:1c:e2:9a:e3:d6:65:16:ee:dc:17:
+ 30:d8:26:87:92:d0:ef:c7:72:07:99:86:05:9e:49:35:41:33:
+ b9:bb:cb:1b:25:50:70:85:e3:0f:c7:b9:b2:37:00:1b:87:a2:
+ 47:97:34:5b:cd:dc:66:22:e5:de:25:ec:57:fe:37:75:2c:03:
+ 10:f4:d4:a7:cc:f5:4b:0b:ff:eb:d3:a6:78:2e:cd:8f:65:51:
+ a7:8c:ef:83:67:ec:94:13:c2:1f:74:74:55:7c:a3:0b:b7:2f:
+ 80:5a:62:04:1d:a2:c0:c1:de:b2:7d:31:3b:a1:fa:f7:40:a7:
+ bd:12:25:95:5b:8b
+-----BEGIN CERTIFICATE-----
+MIIDITCCAYmgAwIBAgIIa7MYPN71IAcwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
+BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
+djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
+DBNjYS50ZXN0LmV4YW1wbGUuY29tMCAXDTIyMDIxMDE3NDQyMFoYDzIwNTIwMjAz
+MTc0NDIwWjAlMSMwIQYDVQQDDBpzcnYwMS5jbGllbnQwMS5leGFtcGxlLmNvbTB2
+MBAGByqGSM49AgEGBSuBBAAiA2IABF6TanradcxkCOT4+S8rhTbu4d/6zUxg8US1
+Fnv5A8+gCGdvriejlYpoHmOrzy4gYlLnjD4e794NaWRltuTf/hpI+Gh1hIMR+4FZ
+DsGWSH8k2hHdrMsKxQl4JDE63zfms6MpMCcwJQYDVR0RBB4wHIIac3J2MDEuY2xp
+ZW50MDEuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADggGBAIK9649OpdJGx9hw
+PDQdWEMbgRZdwrB2S6nyEBQj5O/cWQO2f7BANOXQgkuVpgeaRVGUzwjCTslE1fO2
+7fKgAZSt4A4Pq4VvNUsHyJcl+2n/oZm87HBsUbUylenJRc9F4sVesVmi4fKDyIdo
+xGDi21BsGGQbmprMfOf92fK30d4d7CnJWNt7mqEGms42oEUQ3H2BJCE0MExx+fyW
+N9bPDZ0REsdivBlbeeXgN+gXNksTr/osLjbZvlPhw/m8lKZ6lxSZNvkUOBEgOiqd
+/WRj0KKP8JmpAspXSNJ9ZUS2haA47OgZfsJI4x0iU8871AqY4XJi7IsBP1rqJiyM
+FsOAWsJdQMVlHOKa49ZlFu7cFzDYJoeS0O/HcgeZhgWeSTVBM7m7yxslUHCF4w/H
+ubI3ABuHokeXNFvN3GYi5d4l7Ff+N3UsAxD01KfM9UsL/+vTpnguzY9lUaeM74Nn
+7JQTwh90dFV8owu3L4BaYgQdosDB3rJ9MTuh+vdAp70SJZVbiw==
+-----END CERTIFICATE-----
diff --git a/bin/tests/system/doth/CA/newcerts/6BB3183CDEF52008.pem b/bin/tests/system/doth/CA/newcerts/6BB3183CDEF52008.pem
new file mode 100644
index 0000000..1b43bbd
--- /dev/null
+++ b/bin/tests/system/doth/CA/newcerts/6BB3183CDEF52008.pem
@@ -0,0 +1,68 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 7760573232607207432 (0x6bb3183cdef52008)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
+ Validity
+ Not Before: Feb 11 13:21:12 2022 GMT
+ Not After : Feb 4 13:21:12 2052 GMT
+ Subject: CN=srv01.client02-ns2.example.com
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:e6:45:fa:57:12:6c:59:10:23:8b:7a:5c:76:33:
+ eb:3b:41:fa:b7:1c:90:b3:2f:33:2d:45:7b:e3:e5:
+ b6:a5:a2:a2:a4:14:f4:50:9d:b0:c6:38:ba:e9:45:
+ 65:a4:65:b9:10:32:2f:93:9b:d5:d8:cf:b4:29:5b:
+ dc:4e:c8:ec:a6:9f:58:76:24:f4:c5:d1:48:55:52:
+ eb:5d:b0:85:93:85:ee:3e:b8:c4:b1:cd:08:59:95:
+ 12:ff:7b:9b:ee:6a:b9
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Subject Alternative Name:
+ DNS:srv01.client02-ns2.example.com
+ Signature Algorithm: sha256WithRSAEncryption
+ 43:ec:0f:62:17:f6:f4:90:3b:7c:36:21:f2:18:94:a6:42:51:
+ 1e:1d:2a:43:8f:05:b7:8d:3c:ca:f0:20:2f:65:4b:be:48:ad:
+ 6a:0a:cc:2d:1f:d6:27:1d:af:4a:36:86:ed:0d:03:75:c5:71:
+ ec:58:9b:ec:f9:0f:e4:83:ef:6f:91:da:20:73:47:ac:e7:c7:
+ 8b:22:b2:d1:6e:a0:b0:d6:1c:4c:70:1e:74:08:1d:7f:61:06:
+ e5:be:f3:e8:c4:15:60:e2:b0:02:9b:f0:13:af:76:5b:a8:c7:
+ 91:2c:10:5f:0d:32:89:51:5a:7f:17:1b:7c:c6:46:97:ee:e7:
+ bb:8a:48:38:a2:52:d4:ff:3b:1c:ec:4a:a9:8c:a5:23:3a:04:
+ bb:d7:b8:ad:5b:69:7f:1d:be:ca:96:e0:eb:56:05:43:ee:c8:
+ ff:2c:48:03:00:c6:c2:ac:fc:4e:15:47:86:c5:33:ed:70:f6:
+ 98:bc:0b:07:b9:5b:1a:ec:fd:3c:bf:26:61:68:fc:db:02:55:
+ 07:ae:76:0e:be:ff:c5:b8:56:fb:52:54:a4:b1:2d:64:b4:1d:
+ 55:02:4f:da:06:bd:26:e4:22:d2:94:1f:7e:29:c4:97:10:d1:
+ 75:7d:41:53:be:46:52:70:b1:d9:ff:bb:9f:96:19:e3:a0:ba:
+ d0:4a:5a:8d:da:22:73:89:f0:4c:e6:18:80:53:be:bd:64:56:
+ 6a:c9:58:71:40:66:9e:4a:3e:31:3b:74:9e:6e:6a:f5:65:ca:
+ 93:06:52:00:74:65:a0:3a:eb:2e:56:56:d2:a5:4b:0e:85:17:
+ 25:78:cb:f3:f9:53:7b:85:f9:82:15:87:bc:36:70:b5:69:64:
+ 48:11:79:b9:2c:2e:cc:09:fd:0f:b0:b7:cd:97:3b:c7:0f:49:
+ 1a:fc:15:49:d6:1c:a9:dc:14:ff:44:d2:be:5a:36:00:66:0c:
+ d5:b8:bf:16:9e:60:27:79:c0:f5:b4:ff:2f:af:8c:b2:49:75:
+ 61:44:05:1a:e8:cd
+-----BEGIN CERTIFICATE-----
+MIIDKTCCAZGgAwIBAgIIa7MYPN71IAgwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
+BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
+djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
+DBNjYS50ZXN0LmV4YW1wbGUuY29tMCAXDTIyMDIxMTEzMjExMloYDzIwNTIwMjA0
+MTMyMTEyWjApMScwJQYDVQQDDB5zcnYwMS5jbGllbnQwMi1uczIuZXhhbXBsZS5j
+b20wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATmRfpXEmxZECOLelx2M+s7Qfq3HJCz
+LzMtRXvj5baloqKkFPRQnbDGOLrpRWWkZbkQMi+Tm9XYz7QpW9xOyOymn1h2JPTF
+0UhVUutdsIWThe4+uMSxzQhZlRL/e5vuarmjLTArMCkGA1UdEQQiMCCCHnNydjAx
+LmNsaWVudDAyLW5zMi5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAYEAQ+wP
+Yhf29JA7fDYh8hiUpkJRHh0qQ48Ft408yvAgL2VLvkitagrMLR/WJx2vSjaG7Q0D
+dcVx7Fib7PkP5IPvb5HaIHNHrOfHiyKy0W6gsNYcTHAedAgdf2EG5b7z6MQVYOKw
+ApvwE692W6jHkSwQXw0yiVFafxcbfMZGl+7nu4pIOKJS1P87HOxKqYylIzoEu9e4
+rVtpfx2+ypbg61YFQ+7I/yxIAwDGwqz8ThVHhsUz7XD2mLwLB7lbGuz9PL8mYWj8
+2wJVB652Dr7/xbhW+1JUpLEtZLQdVQJP2ga9JuQi0pQffinElxDRdX1BU75GUnCx
+2f+7n5YZ46C60Epajdoic4nwTOYYgFO+vWRWaslYcUBmnko+MTt0nm5q9WXKkwZS
+AHRloDrrLlZW0qVLDoUXJXjL8/lTe4X5ghWHvDZwtWlkSBF5uSwuzAn9D7C3zZc7
+xw9JGvwVSdYcqdwU/0TSvlo2AGYM1bi/Fp5gJ3nA9bT/L6+Mskl1YUQFGujN
+-----END CERTIFICATE-----
diff --git a/bin/tests/system/doth/CA/newcerts/6BB3183CDEF52009.pem b/bin/tests/system/doth/CA/newcerts/6BB3183CDEF52009.pem
new file mode 100644
index 0000000..99e4a71
--- /dev/null
+++ b/bin/tests/system/doth/CA/newcerts/6BB3183CDEF52009.pem
@@ -0,0 +1,69 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 7760573232607207433 (0x6bb3183cdef52009)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
+ Validity
+ Not Before: Aug 14 05:00:00 2012 GMT
+ Not After : Aug 14 06:00:00 2012 GMT
+ Subject: CN=srv01.client03-ns2-expired.example.com
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:38:9a:9b:c2:6a:82:a6:d1:50:8a:78:7a:d1:be:
+ 61:be:d4:b6:d3:d6:a2:02:97:a4:48:50:c0:c5:1d:
+ d8:2d:23:19:25:6e:91:02:1d:69:c2:77:d6:f1:a8:
+ 4f:4a:9a:1d:3c:69:5a:89:41:0a:f2:e0:64:57:1b:
+ 0e:9e:df:9f:4c:7b:3c:42:dc:21:c8:2c:95:ab:b3:
+ 4c:5f:56:c4:70:ee:8a:a4:e4:46:c4:9e:98:f5:c8:
+ 7b:b2:73:d7:45:93:f0
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Subject Alternative Name:
+ DNS:srv01.client03-ns2-expired.example.com
+ Signature Algorithm: sha256WithRSAEncryption
+ 38:12:1f:5f:26:b6:8e:9b:3f:77:89:5a:b8:e8:46:78:c3:d6:
+ f0:0c:67:5f:d5:a3:9c:f6:f2:0a:ae:9c:87:74:9f:a3:5b:8a:
+ 27:58:47:e5:78:1a:e9:db:b5:cc:28:a7:f8:18:e3:e7:20:43:
+ cf:82:06:5d:a1:d0:82:ab:15:be:86:46:1e:e6:4d:ad:78:a4:
+ 16:6c:99:41:3d:29:21:c8:6b:9d:3d:4a:cd:93:37:1f:1c:88:
+ c7:ae:b6:7c:73:42:57:57:32:9d:e8:c6:e2:3e:da:12:57:3e:
+ c8:56:4a:bb:d4:01:fc:8e:30:8d:19:fe:61:3d:5e:02:64:65:
+ a2:46:b3:6e:ea:f9:cb:4e:f0:b9:f6:bc:6b:38:10:19:d0:93:
+ f8:f7:d9:4c:d2:87:2c:7f:dc:f5:00:c6:29:dd:00:5e:d2:f4:
+ df:52:fb:7a:5a:ad:98:36:77:72:1f:01:ed:48:91:48:16:2d:
+ 35:a5:15:21:98:ff:7e:5d:a1:45:c9:5f:9d:c2:3e:e5:98:e2:
+ ee:ce:4d:18:76:3d:8a:0a:64:9b:f1:19:9d:b6:82:af:1b:15:
+ d3:48:69:f1:9b:67:76:1b:41:8e:1d:69:d5:31:64:95:01:41:
+ 73:c1:a9:29:53:6b:f3:29:ad:e0:96:52:8e:3e:8d:c1:8e:d8:
+ b5:0c:94:5f:a2:6c:3c:0f:3e:5b:10:af:21:00:74:d0:b7:30:
+ 6c:44:fb:3d:09:46:8d:1d:e6:c2:e4:0a:5b:f4:eb:e1:71:c7:
+ d5:36:13:90:05:fe:65:16:61:24:b5:41:f2:10:bd:2c:c3:34:
+ 69:15:25:d1:32:f2:b3:d7:da:23:1b:e9:5b:33:63:43:c8:dc:
+ 68:f2:31:b5:93:0e:64:ea:9a:45:36:9f:96:44:38:1e:4e:d8:
+ 45:ba:37:68:06:4d:da:d4:16:d3:3e:77:86:4e:8d:58:d6:06:
+ a8:60:11:4d:d9:81:f3:85:2b:ee:58:50:6e:ea:2b:f7:84:00:
+ 9c:ec:a1:90:d4:94
+-----BEGIN CERTIFICATE-----
+MIIDNzCCAZ+gAwIBAgIIa7MYPN71IAkwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
+BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
+djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
+DBNjYS50ZXN0LmV4YW1wbGUuY29tMB4XDTEyMDgxNDA1MDAwMFoXDTEyMDgxNDA2
+MDAwMFowMTEvMC0GA1UEAwwmc3J2MDEuY2xpZW50MDMtbnMyLWV4cGlyZWQuZXhh
+bXBsZS5jb20wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQ4mpvCaoKm0VCKeHrRvmG+
+1LbT1qICl6RIUMDFHdgtIxklbpECHWnCd9bxqE9Kmh08aVqJQQry4GRXGw6e359M
+ezxC3CHILJWrs0xfVsRw7oqk5EbEnpj1yHuyc9dFk/CjNTAzMDEGA1UdEQQqMCiC
+JnNydjAxLmNsaWVudDAzLW5zMi1leHBpcmVkLmV4YW1wbGUuY29tMA0GCSqGSIb3
+DQEBCwUAA4IBgQA4Eh9fJraOmz93iVq46EZ4w9bwDGdf1aOc9vIKrpyHdJ+jW4on
+WEfleBrp27XMKKf4GOPnIEPPggZdodCCqxW+hkYe5k2teKQWbJlBPSkhyGudPUrN
+kzcfHIjHrrZ8c0JXVzKd6MbiPtoSVz7IVkq71AH8jjCNGf5hPV4CZGWiRrNu6vnL
+TvC59rxrOBAZ0JP499lM0ocsf9z1AMYp3QBe0vTfUvt6Wq2YNndyHwHtSJFIFi01
+pRUhmP9+XaFFyV+dwj7lmOLuzk0Ydj2KCmSb8RmdtoKvGxXTSGnxm2d2G0GOHWnV
+MWSVAUFzwakpU2vzKa3gllKOPo3Bjti1DJRfomw8Dz5bEK8hAHTQtzBsRPs9CUaN
+HebC5Apb9OvhccfVNhOQBf5lFmEktUHyEL0swzRpFSXRMvKz19ojG+lbM2NDyNxo
+8jG1kw5k6ppFNp+WRDgeTthFujdoBk3a1BbTPneGTo1Y1gaoYBFN2YHzhSvuWFBu
+6iv3hACc7KGQ1JQ=
+-----END CERTIFICATE-----
diff --git a/bin/tests/system/doth/CA/private/CA.key b/bin/tests/system/doth/CA/private/CA.key
new file mode 100644
index 0000000..2d5419d
--- /dev/null
+++ b/bin/tests/system/doth/CA/private/CA.key
@@ -0,0 +1,39 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIG5AIBAAKCAYEAouoRHoAc6VCmxNTU6Ge7s+xDFGO0wXJJIsP+8nUyyjWvGCOC
+aQYLhb1kLA2NHRhSSKFcMh8jcd7Hlvy6CAec1j2dsWzryy3HgPrdjWaW3PfBO41D
+lUtdt8hA/p6pX2YwqvWbdK/3s8J0LY5xRZKNZnFOB/Sb4PGiIJ1NgMRO/M3IlPQm
+PO/faRRTU4SI26KCPKFW342826Zi88YwOd6w5mQU4fskk5TGtlNqE+Fj40ZbWVpy
+VXoEUS6RveRp020NX5CQG49SLtdF05AnnsATqmgNVCXptGuqW8uaHRONeGO3NBEy
+nJmibWBDUMjtCCcGVgyrVXuTkyAJJWpImnshUwgMNYebRwmC2iVv2LtsJS5eUTUH
+EWffnFl55XU2PkyNYgY35gA4y3SiWFJYV8+5FibU4ut0nb+lmHBF8WlqcU/kd3tp
+Gkf0exjqOIHZFqV9bIhpUbXhxx9v9+gkkGQ9nrXE1KRlvigxxUeIK5xHy9a7fVIL
+wo6WuCnLLJmbVkklAgMBAAECggGBAI5ZV3v/FUQIZK+4CBDKEwizeClotZgR9DWc
+bDgOj8KABe5hmKGL1qWVRuH3NUYm6j7sP1LMQnxM3LjhOuupOzE3xYIyWhW+eoQI
+r23OJiQNl5ohZNweblUXdTMGD5h8AipfUOY0m4tGbZ0gyXixBTxt5HCvG0UB3VgC
+GqZY4Wujo5ADhSXZsqxuRiDDvZGr/YBcuTu87Tg/ulam5ZyrKIcnC9gpSVxqsva9
+DAMy/cSoxUjd7ukhJISK3G3AF3fV4GSslQcJTlyJ2D3+LnqPuHJKYTI4hc46lN3x
+E2g24GdSCPYf6SoEPwACXtbavV8TXwQPJrHN+f+0/ePCI4jkYe5NoA3gwVgMb/WB
+wFchxzVh3V4e8tPGiG+ofKl81DSAW8VZCJLUIbTEce9oxafPT78WJxdC0wWbh5S8
+V/qN6sW/yWnK3oY9SilWhJGRwKOZ+8xtStaDeCzyCaOqEcWi8ZR0QfC33UozlhdC
+SrMKnOXmn/rUuXGrVR56IzIl0M7YAQKBwQDM3GJDdlFuHn6L0syKYdHDS8gXD9ke
+s+ochIP6jvkEPcayaEoZGl8s7RT3iztqXod7wLaZdotktxfDAZnJfeuOcVrCu+Bx
+HLytnBvV6czMfp3REGgQAJQeusSgtlBCTHHVOsDzIjdnkY3WBa7IiFYWO5wnYrGx
+r3ucnwnHaUVDMj1r4YI7mYIpCuYQl6eGyW7mhWewyhVwoQXKbifdrXxjvOigL0Cp
+tgsoU9pql3hpphOaYMX6hLOincTfaMxfnCECgcEAy5UXp3dA0OwK+4iDGKr+cUpk
+AtGTheiE+8zEVh2KYFLt921mW/QZiB1+xtnkknp3c7u07Ugk8jAEXzCkwMnN5ZCx
+LrJ72fC+cLIAbRm6/vMMP8iz83wyttao4qNMeoOBBfE9rEiP+lrugpv282V3ZHYa
+IUZWTeugJbckUHTbD3RZQExmQcRVG3m/TzonBfoZ8HoRj/n3d7V2T911cHUhi8Xn
+RQIi2m63VofOIep86LgartlKneMWnL0oOPq4RKyFAoHAZUzpDkD4nUJZAx025Yrf
+ZfoYNEcy7vq6XmWsuX5vZoiBs4DcezNOMvH9NzdTJxMdXbV61cIHxcK/7j7hZABv
+NZ2Z6sdqgaRbLGIQZaPaEJjfwxygyKDwnY1vY6UjZNVWSMFn3hJiYUVZZKakuiao
+ow/Q9KzZ/2ot7tG5zTCh/ktekfUOKBiNg2wPPc8wGPeMblMzZflXxrzpFyOHdRev
+dcZZJbSX/hO1yrhEPgculNd5xBHsdCegiF4JlwvEW9bhAoHAZQQiy5bx03j8bhkr
+q6bVQFPAUmG5iL16lxLg7TYVPnyH1bk0DDaQIKk6CeN+dmxML2IZgY/FvWK0GKOj
+bIH2J43nTRuFNvwtEvBQI9KbpfvlvRSSriOXaoATJvoObdAoylEM4BrVTk2mgapw
+HA/h8Thk+NPU6S8ctPouC7ogJIf/7Va7erC35j0//0kEqgOSsW9wnXdUItMo1LI3
+nsiQD7Hwcp5/utErKcWTM+MNfdA0dUQesT9ILhfyCGvn2TOdAoHBAKldZkDyRcu9
+r9uDF1bhUEnpV2k4hgvTuCvQ3rzyx3WrVT8ChEmePC8Ke5A54ffu/YdbpDLbdf2c
+j4n5CQhHbMIZs3P2hB3WqDCImApCfMbXaltfBbaT0j7uLJPMp+2+f/wWYpc3R+bn
+HVnaRI2PoXXmG9OjQSQdVZ5gNpkEuemAo3dJOSS6BMqQaSxUynGy7o/a/d4izBjd
+B58Fwq3sZI/Xv90Se9+b6ICST3YJ3p0vn8RKzmlCQjLg/xynpCByiw==
+-----END RSA PRIVATE KEY-----
diff --git a/bin/tests/system/doth/CA/serial b/bin/tests/system/doth/CA/serial
new file mode 100644
index 0000000..a20b068
--- /dev/null
+++ b/bin/tests/system/doth/CA/serial
@@ -0,0 +1 @@
+6BB3183CDEF5200A