added a subsidiary Duck Research CA
authorAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 4 Nov 2009 17:13:06 +0000 (18:13 +0100)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 4 Nov 2009 17:13:06 +0000 (18:13 +0100)
17 files changed:
testing/hosts/winnetou/etc/openssl/duck/.rand [new file with mode: 0644]
testing/hosts/winnetou/etc/openssl/duck/crlnumber [new file with mode: 0644]
testing/hosts/winnetou/etc/openssl/duck/duckCert.pem [new file with mode: 0644]
testing/hosts/winnetou/etc/openssl/duck/duckKey.pem [new file with mode: 0644]
testing/hosts/winnetou/etc/openssl/duck/duckReq.pem [new file with mode: 0644]
testing/hosts/winnetou/etc/openssl/duck/index.txt [new file with mode: 0644]
testing/hosts/winnetou/etc/openssl/duck/index.txt.attr [new file with mode: 0644]
testing/hosts/winnetou/etc/openssl/duck/index.txt.old [new file with mode: 0644]
testing/hosts/winnetou/etc/openssl/duck/newcerts/01.pem [new file with mode: 0644]
testing/hosts/winnetou/etc/openssl/duck/openssl.cnf [new file with mode: 0644]
testing/hosts/winnetou/etc/openssl/duck/serial [new file with mode: 0644]
testing/hosts/winnetou/etc/openssl/duck/serial.old [new file with mode: 0644]
testing/hosts/winnetou/etc/openssl/research/index.txt
testing/hosts/winnetou/etc/openssl/research/index.txt.old
testing/hosts/winnetou/etc/openssl/research/newcerts/05.pem [new file with mode: 0644]
testing/hosts/winnetou/etc/openssl/research/serial
testing/hosts/winnetou/etc/openssl/research/serial.old

diff --git a/testing/hosts/winnetou/etc/openssl/duck/.rand b/testing/hosts/winnetou/etc/openssl/duck/.rand
new file mode 100644 (file)
index 0000000..49c5667
Binary files /dev/null and b/testing/hosts/winnetou/etc/openssl/duck/.rand differ
diff --git a/testing/hosts/winnetou/etc/openssl/duck/crlnumber b/testing/hosts/winnetou/etc/openssl/duck/crlnumber
new file mode 100644 (file)
index 0000000..8a0f05e
--- /dev/null
@@ -0,0 +1 @@
+01
diff --git a/testing/hosts/winnetou/etc/openssl/duck/duckCert.pem b/testing/hosts/winnetou/etc/openssl/duck/duckCert.pem
new file mode 100644 (file)
index 0000000..bb205a0
--- /dev/null
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID0jCCArqgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA5MTEwNDE2MTUwM1oXDTE1MTEwMzE2MTUw
+M1owVjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
+BgNVBAsTCFJlc2VhcmNoMRkwFwYDVQQDExBEdWNrIFJlc2VhcmNoIENBMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApIBRSgHCxHhMjsVZo4PtFnENkHNu
+MfyRDsc7m1KRDVt8N4h/EcbduU7xeq/RjxZSmlc1q6EWEgDv3KwDYY0sX+qrpQKa
+ub5AgsRa2fOOR9xfyf0Q7Nc3oR3keWqQUiigCuaw9NQRtdMm/JFdXLNY3r60tBsO
+UHOJAPZNoGPey5UL9ZjjsN6ROUVTh0NAkFwkmnTRwmUvY5bi/T7ulsSkO9BrfqKD
+h/pliP7uZANd0ZpPcrIc68WwrelpI1zu0kYGqu/y8HZpuPuAXtGqS2jctrjSieeY
+i9wFLnS2tgV3ID4LzEEICSeqVqOvYgGKbarqLkARdxmdRKM9QYpu+5J+YQIDAQAB
+o4GvMIGsMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBR2
+KqikMafGcY8wJbwCZpvLF1SNIDBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
+891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
+YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDzANBgkqhkiG9w0BAQsF
+AAOCAQEAsHR1vDlz2sPQpD9xnt1PL4qX7XWSSM6d+QG3cjdiKCjH8t78ecEm1duv
+YozLg6SYHGUF9qYuPz2SAZjQjmIWLlkQpBfQm8/orG+jbsQl5HkXFYX0UWAKZFGx
+rjHnOzmQxnmIWHky4uMDT/UmhmWy6kuCmZbKeeOqkBR2gVxfLyzelTSbF4ntEm1C
+1XqqtM4OfTOD5QUPD+6rZ5RoIPId9+2A8pJ2NyCUCf47FbkmYzU5+oiChhcGzsC5
+wDlgP32NA88kSiSJ2p2ZveYveRqcyZXZDAiTxRaIwJY0bt2Dk4wKicvy6vPdLA5v
+DSlBqDpnqK8tEI9V9YeroihTcygrEg==
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/duck/duckKey.pem b/testing/hosts/winnetou/etc/openssl/duck/duckKey.pem
new file mode 100644 (file)
index 0000000..5fff907
--- /dev/null
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEApIBRSgHCxHhMjsVZo4PtFnENkHNuMfyRDsc7m1KRDVt8N4h/
+EcbduU7xeq/RjxZSmlc1q6EWEgDv3KwDYY0sX+qrpQKaub5AgsRa2fOOR9xfyf0Q
+7Nc3oR3keWqQUiigCuaw9NQRtdMm/JFdXLNY3r60tBsOUHOJAPZNoGPey5UL9Zjj
+sN6ROUVTh0NAkFwkmnTRwmUvY5bi/T7ulsSkO9BrfqKDh/pliP7uZANd0ZpPcrIc
+68WwrelpI1zu0kYGqu/y8HZpuPuAXtGqS2jctrjSieeYi9wFLnS2tgV3ID4LzEEI
+CSeqVqOvYgGKbarqLkARdxmdRKM9QYpu+5J+YQIDAQABAoIBADfb0r6cpnRsnSKF
+5RBfReyu6vo4GB0lNGSeRqFRgivU+vMoiG2S58t7AQi2FyTNYbNDFdh31LS8WLbI
+OkWv2HehijN4FO4pqmI9JtSHnbLNJEHEizDBTASLz/9irisX3HCXMVORh4oEb2Ko
+QdmulOjePSJDZbLv6H/JI0bpYsgiAw26KEoB8cnHwiApF69a4uPJA6gW98nsabyq
+9NQVW5QAmUFDnzA6upFRBUeBBpufYMvP82zfntFx72yLBmXgBnyZW23WwZfQZSzw
+FChhl40mwykOE8jpeGgxmdWyPc29roF+kuvaOUaSF2nmyl4qhLCISdr0eHXHAGDH
+2RjVJ6ECgYEA0YW38d4309J1QegK5vhPWehnxpZHpK86DENevYaS7zRcCu1BRZc0
+aBAceTYCZHYofOWmeIns0qtMfzzuemPCiOZWy9VYgJrJ0YkmNin3DM1/13pWiKqn
+EkQCFa6K5AiB0umTOwJoAHlJYlJ2k4bw7Rm/LtiHC2fnRq2KJeKmg60CgYEAyP30
+5D8sUkih9rRfZRHAPo0x1qJpJQC+cFUBMIuOXFIz37TqbZcGDkRRb+ewywNxT73t
+TfVDvR7tD3cYTi78dVz539Dwl9mt10QLGsQJ4825uY/LQqUe8F2qz+E3lWqoo+yJ
+WlTAqbHI2a4g4CjFC4/+i6lKQ+NpmJLZIPz3HAUCgYEAiduy4Ti2gPAb6OZ1re05
+wM1y4q5kq04EIqd9QbS3Hx7TZPkgllpbyBC5u2M3BcTc9PjhpLQTl7XQGnQL8YmM
+KSlteKaCmfO+0NitxLut6sWX1T6Qi1HFpfYLbRqwFkQmr5CyKAR4S7+B8miRzpXe
+FhN3wKoFiRKvkMiEelL7/u0CgYEAnh4TWsBL+MuFBxTs+xDU4SCotYZ9GwwTxUFK
+N0uCiiRtBK9JwT8PF4gtXNCzZ3Jk4Ou0VSD+0jgTHJh/eXpDR30GYkn4DC3GMdQo
+vDy+3wSH+HAj4mEODuBRMUqnNJd85cB+aZ7FFnpzXLQ8zrukEC2OfYaHkxLDjrDv
+uaDoMZUCgYEAhD89Cj849LXbJEmjX0MGUCCBO9EBR2Ux2nbuB+TQnvwz7VT0Jkds
+Db1IfljoDefqzyFfH/0Z3bNg4EpidAG3BMC4MwY7WzR1rfnXwNluaWM5gmUzFNw0
+mBGXonIf6nRMIO9eeTFI8VfFb6BYvosNxz+9QA/5rpamGN1cKdMjgPc=
+-----END RSA PRIVATE KEY-----
diff --git a/testing/hosts/winnetou/etc/openssl/duck/duckReq.pem b/testing/hosts/winnetou/etc/openssl/duck/duckReq.pem
new file mode 100644 (file)
index 0000000..b5d3bcf
--- /dev/null
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICmzCCAYMCAQAwVjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9u
+Z1N3YW4xETAPBgNVBAsTCFJlc2VhcmNoMRkwFwYDVQQDExBEdWNrIFJlc2VhcmNo
+IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApIBRSgHCxHhMjsVZ
+o4PtFnENkHNuMfyRDsc7m1KRDVt8N4h/EcbduU7xeq/RjxZSmlc1q6EWEgDv3KwD
+YY0sX+qrpQKaub5AgsRa2fOOR9xfyf0Q7Nc3oR3keWqQUiigCuaw9NQRtdMm/JFd
+XLNY3r60tBsOUHOJAPZNoGPey5UL9ZjjsN6ROUVTh0NAkFwkmnTRwmUvY5bi/T7u
+lsSkO9BrfqKDh/pliP7uZANd0ZpPcrIc68WwrelpI1zu0kYGqu/y8HZpuPuAXtGq
+S2jctrjSieeYi9wFLnS2tgV3ID4LzEEICSeqVqOvYgGKbarqLkARdxmdRKM9QYpu
++5J+YQIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBAIDZVgYXbPT9NMLOv5Uc6w06
+D5bvQ3/j3W4J8bMpYM/kbvIjwnsNmVggxhYeMmRDhidUcj849ybKRoJo7zrzTfvK
+BR1v9xCenB+0mnJQWfxIt1aspEW0Y6Z9g3jW47WOxSQagS5BVKVCcw1qxLJ4q3JS
+QqZJeQheHYNu9BQCa2w2rJeE0TT2WohcHxt0RpERZyjMfAlOOEUOB/m8Yx1N7/Zd
+wJIWCd3o+HYoDqUCS11y3EN+VO6H/+8gcRANe7tKE5+gqc9+7gDpKLTL7hc0S6sh
+e3yYo2CHZ8U2hsJGRFz7sFnZpwFi5KeI4+sKgyUurM2lxvcCzTC3DplG+4Wtcls=
+-----END CERTIFICATE REQUEST-----
diff --git a/testing/hosts/winnetou/etc/openssl/duck/index.txt b/testing/hosts/winnetou/etc/openssl/duck/index.txt
new file mode 100644 (file)
index 0000000..759a85b
--- /dev/null
@@ -0,0 +1 @@
+V      141103162335Z           01      unknown /C=CH/O=Linux strongSwan/OU=Duck Research/CN=carol@strongswan.org
diff --git a/testing/hosts/winnetou/etc/openssl/duck/index.txt.attr b/testing/hosts/winnetou/etc/openssl/duck/index.txt.attr
new file mode 100644 (file)
index 0000000..8f7e63a
--- /dev/null
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/testing/hosts/winnetou/etc/openssl/duck/index.txt.old b/testing/hosts/winnetou/etc/openssl/duck/index.txt.old
new file mode 100644 (file)
index 0000000..e69de29
diff --git a/testing/hosts/winnetou/etc/openssl/duck/newcerts/01.pem b/testing/hosts/winnetou/etc/openssl/duck/newcerts/01.pem
new file mode 100644 (file)
index 0000000..4e13b52
--- /dev/null
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEBzCCAu+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxGTAX
+BgNVBAMTEER1Y2sgUmVzZWFyY2ggQ0EwHhcNMDkxMTA0MTYyMzM1WhcNMTQxMTAz
+MTYyMzM1WjBfMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dh
+bjEWMBQGA1UECxMNRHVjayBSZXNlYXJjaDEdMBsGA1UEAxQUY2Fyb2xAc3Ryb25n
+c3dhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6LueCi67Y
+IGRDKP5bkysGWZHrFrztq7elIFCPPSUxyIOYo4Upzr5WsvO0dIfcZY3agV2NcAI2
+30sATlfTUp+obedZMHbzE3VBvQuLjgK42ox2XIXDj23Vy496mVqlwUQulhBcAhMb
+jnBb4T0aR7WCnJvfzyckEyWrTN0ajRyQhJEmTn+spYNQX/2lg6hEn/K1T/3Py7sG
+veeF6BRenHR5L60NSK7qV7AU+hM4R0UIvgwYqzxSStgGS9G6Bwj9QTOWwSV1tuii
+ABiRdZSBoON0uMMpRjgEzuVe0f4VbOCIEXO8MtdpCu7Rwa9tc8OwneLcGCYVomr5
+7KKRJdvC5As3AgMBAAGjgdYwgdMwCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYD
+VR0OBBYEFFSYDz2TYOMxfyrIx20NhPPHTCOIMHkGA1UdIwRyMHCAFHYqqKQxp8Zx
+jzAlvAJmm8sXVI0goVWkUzBRMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXgg
+c3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDASBgNVBAMTC1Jlc2VhcmNo
+IENBggEFMB8GA1UdEQQYMBaBFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMA0GCSqGSIb3
+DQEBCwUAA4IBAQBIpl8SH4Nytgr6KvmXzns80u615WnDmP6oJrnwIZUkunVns8HH
+TFUVjvDKoQ+8CvuaH9Ifo2dokGjtGObeO4Y38y0xBIkUO+JpwfTa3SeCEhdOZb3G
+4e9WxHhV9IGfRyPsXQG+3JpAMaHYH+PNKiv7RBTq6rGaHzvgUEXRMTbv/bJI+Fs6
+Yfd/XxIur/ftVh4dZocyC74MUyXy5tyZJkHe1aBszOa0iT1852fq93lNUQPQqw0O
+3q3Lg7CvbNSdWqeAMqUgeBqh6oQItY9Exrwh0tfuCsjZ0oWXUBghsuiV+GTmZ6ok
+BiGmSmtX5OD4UtKcicuMRqnK2MYJHp1z1goE
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/duck/openssl.cnf b/testing/hosts/winnetou/etc/openssl/duck/openssl.cnf
new file mode 100644 (file)
index 0000000..8b5511e
--- /dev/null
@@ -0,0 +1,178 @@
+# openssl.cnf -  OpenSSL configuration file for the ZHW PKI
+# Mario Strasser <mario.strasser@zhwin.ch>
+#      
+
+# This definitions were set by the ca_init script DO NOT change
+# them manualy.
+CAHOME                 = /etc/openssl/duck
+RANDFILE               = $CAHOME/.rand
+
+# Extra OBJECT IDENTIFIER info:
+oid_section            = new_oids
+
+[ new_oids ]
+SmartcardLogin         = 1.3.6.1.4.1.311.20.2
+ClientAuthentication   = 1.3.6.1.4.1.311.20.2.2
+
+####################################################################
+
+[ ca ]
+default_ca     = root_ca               # The default ca section
+
+####################################################################
+
+[ root_ca ]                            
+
+dir            = $CAHOME
+certs          = $dir/certs              # Where the issued certs are kept
+crl_dir                = $dir/crl                # Where the issued crl are kept
+database       = $dir/index.txt          # database index file.
+new_certs_dir   = $dir/newcerts           # default place for new certs.
+
+certificate     = $dir/duckCert.pem       # The CA certificate
+serial          = $dir/serial             # The current serial number
+crl             = $dir/crl.pem            # The current CRL
+crlnumber       = $dir/crlnumber          # The current CRL serial number
+private_key     = $dir/duckKey.pem        # The private key
+RANDFILE        = $dir/.rand              # private random number file
+
+x509_extensions = host_ext               # The extentions to add to the cert
+
+crl_extensions = crl_ext                 # The extentions to add to the CRL
+
+default_days    = 1825                    # how long to certify for
+default_crl_days= 30                     # how long before next CRL
+default_md      = sha256                  # which md to use.
+preserve        = no                      # keep passed DN ordering
+email_in_dn    = no                      # allow/forbid EMail in DN
+
+policy          = policy_match           # specifying how similar the request must look
+
+####################################################################
+
+# the 'match' policy
+[ policy_match ]
+countryName            = match
+stateOrProvinceName    = optional
+localityName            = optional
+organizationName       = match
+organizationalUnitName = optional
+userId                 = optional
+commonName             = supplied
+emailAddress           = optional
+
+# the 'anything' policy
+[ policy_anything ]
+countryName            = optional
+stateOrProvinceName    = optional
+localityName           = optional
+organizationName       = optional
+organizationalUnitName = optional
+commonName             = supplied
+emailAddress           = optional
+
+####################################################################
+
+[ req ]
+default_bits           = 1024
+default_keyfile        = privkey.pem
+distinguished_name     = req_distinguished_name
+attributes             = req_attributes
+x509_extensions                = ca_ext        # The extentions to add to the self signed cert
+# req_extensions       = v3_req        # The extensions to add to a certificate request
+
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix  : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask                    = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+####################################################################
+
+[ req_distinguished_name ]
+countryName                    = Country Name (2 letter code)
+countryName_default            = CH
+countryName_min                        = 2
+countryName_max                        = 2
+
+#stateOrProvinceName           = State or Province Name (full name)
+#stateOrProvinceName_default   = ZH
+
+#localityName                  = Locality Name (eg, city)
+#localityName_default          = Winterthur
+
+organizationName               = Organization Name (eg, company)
+organizationName_default       = Linux strongSwan
+
+0.organizationalUnitName               = Organizational Unit Name (eg, section)
+0.organizationalUnitName_default       = Duck Research
+
+#1.organizationalUnitName      = Type (eg, Staff)
+#1.organizationalUnitName_default = Staff
+
+#userId                                = UID 
+
+commonName                     = Common Name (eg, YOUR name)
+commonName_default             = $ENV::COMMON_NAME
+commonName_max                 = 64
+
+#0.emailAddress                        = Email Address (eg, foo@bar.com)
+#0.emailAddress_min              = 0
+#0.emailAddress_max              = 40
+
+#1.emailAddress                  = Second Email Address (eg, foo@bar.com)
+#1.emailAddress_min              = 0
+#1.emailAddress_max              = 40
+
+####################################################################
+
+[ req_attributes ]
+
+####################################################################
+
+[ host_ext ]
+
+basicConstraints               = CA:FALSE
+keyUsage                       = digitalSignature, keyEncipherment, keyAgreement
+subjectKeyIdentifier            = hash
+authorityKeyIdentifier          = keyid, issuer:always
+subjectAltName                 = DNS:$ENV::COMMON_NAME
+#extendedKeyUsage              = OCSPSigning
+
+####################################################################
+
+[ user_ext ]
+
+basicConstraints               = CA:FALSE
+keyUsage                        = digitalSignature, keyEncipherment, keyAgreement
+subjectKeyIdentifier            = hash
+authorityKeyIdentifier          = keyid, issuer:always
+subjectAltName                  = email:$ENV::COMMON_NAME 
+
+####################################################################
+
+[ ca_ext ]
+
+basicConstraints                       = critical, CA:TRUE
+keyUsage                        = cRLSign, keyCertSign
+subjectKeyIdentifier           = hash
+authorityKeyIdentifier         = keyid, issuer:always
+
+####################################################################
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+#issuerAltName                 = issuer:copy
+authorityKeyIdentifier         = keyid:always, issuer:always
+
+# eof
diff --git a/testing/hosts/winnetou/etc/openssl/duck/serial b/testing/hosts/winnetou/etc/openssl/duck/serial
new file mode 100644 (file)
index 0000000..9e22bcb
--- /dev/null
@@ -0,0 +1 @@
+02
diff --git a/testing/hosts/winnetou/etc/openssl/duck/serial.old b/testing/hosts/winnetou/etc/openssl/duck/serial.old
new file mode 100644 (file)
index 0000000..8a0f05e
--- /dev/null
@@ -0,0 +1 @@
+01
index 26e68d4..75e87f2 100644 (file)
@@ -2,3 +2,4 @@ V       100322070423Z           01      unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strong
 V      100615195710Z           02      unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=Sales CA
 V      120323210330Z           03      unknown /C=CH/O=Linux strongSwan/OU=Research OCSP Signing Authority/CN=ocsp.research.strongswan.org
 V      140323203747Z           04      unknown /C=CH/O=Linux strongSwan/OU=Research no CDP/CN=carol@strongswan.org
+V      151103161503Z           05      unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Duck Research CA
index 2ccf648..26e68d4 100644 (file)
@@ -1,3 +1,4 @@
 V      100322070423Z           01      unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org
 V      100615195710Z           02      unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=Sales CA
 V      120323210330Z           03      unknown /C=CH/O=Linux strongSwan/OU=Research OCSP Signing Authority/CN=ocsp.research.strongswan.org
+V      140323203747Z           04      unknown /C=CH/O=Linux strongSwan/OU=Research no CDP/CN=carol@strongswan.org
diff --git a/testing/hosts/winnetou/etc/openssl/research/newcerts/05.pem b/testing/hosts/winnetou/etc/openssl/research/newcerts/05.pem
new file mode 100644 (file)
index 0000000..bb205a0
--- /dev/null
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID0jCCArqgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA5MTEwNDE2MTUwM1oXDTE1MTEwMzE2MTUw
+M1owVjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
+BgNVBAsTCFJlc2VhcmNoMRkwFwYDVQQDExBEdWNrIFJlc2VhcmNoIENBMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApIBRSgHCxHhMjsVZo4PtFnENkHNu
+MfyRDsc7m1KRDVt8N4h/EcbduU7xeq/RjxZSmlc1q6EWEgDv3KwDYY0sX+qrpQKa
+ub5AgsRa2fOOR9xfyf0Q7Nc3oR3keWqQUiigCuaw9NQRtdMm/JFdXLNY3r60tBsO
+UHOJAPZNoGPey5UL9ZjjsN6ROUVTh0NAkFwkmnTRwmUvY5bi/T7ulsSkO9BrfqKD
+h/pliP7uZANd0ZpPcrIc68WwrelpI1zu0kYGqu/y8HZpuPuAXtGqS2jctrjSieeY
+i9wFLnS2tgV3ID4LzEEICSeqVqOvYgGKbarqLkARdxmdRKM9QYpu+5J+YQIDAQAB
+o4GvMIGsMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBR2
+KqikMafGcY8wJbwCZpvLF1SNIDBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
+891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
+YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDzANBgkqhkiG9w0BAQsF
+AAOCAQEAsHR1vDlz2sPQpD9xnt1PL4qX7XWSSM6d+QG3cjdiKCjH8t78ecEm1duv
+YozLg6SYHGUF9qYuPz2SAZjQjmIWLlkQpBfQm8/orG+jbsQl5HkXFYX0UWAKZFGx
+rjHnOzmQxnmIWHky4uMDT/UmhmWy6kuCmZbKeeOqkBR2gVxfLyzelTSbF4ntEm1C
+1XqqtM4OfTOD5QUPD+6rZ5RoIPId9+2A8pJ2NyCUCf47FbkmYzU5+oiChhcGzsC5
+wDlgP32NA88kSiSJ2p2ZveYveRqcyZXZDAiTxRaIwJY0bt2Dk4wKicvy6vPdLA5v
+DSlBqDpnqK8tEI9V9YeroihTcygrEg==
+-----END CERTIFICATE-----