We use ns2 as the primary, and ns3 as the secondary server.
bin/tests/system/masterfile/knowngood.include
bin/tests/system/masterfile/knowngood.ttl1
bin/tests/system/masterfile/knowngood.ttl2
+ bin/tests/system/notify/CA/CA.cfg
+ bin/tests/system/notify/CA/README
+ bin/tests/system/notify/CA/index.txt
+ bin/tests/system/notify/CA/index.txt.attr
+ bin/tests/system/notify/CA/serial
bin/tests/system/notify/ns4/named.port.in
bin/tests/system/nsupdate/CA/CA.cfg
bin/tests/system/nsupdate/CA/README
--- /dev/null
+# temporary files generated by "openssl ca"
+/CA/*.old
+# there is little point in keeping the certificate requests
+# for the issued certificates
+/CA/certs/*.csr
--- /dev/null
+# See ../../doth/CA/ca.cfg for more information
+
+# certificate authority configuration
+[ca]
+default_ca = CA_default # The default ca section
+
+[CA_default]
+dir = .
+new_certs_dir = $dir/newcerts # new certs dir (must be created)
+certificate = $dir/CA.pem # The CA cert
+private_key = $dir/private/CA.key # CA private key
+
+serial = $dir/serial # serial number file for the next certificate
+ # Update before issuing it:
+ # xxd -l 8 -u -ps /dev/urandom > ./serial
+database = $dir/index.txt # (must be created manually: touch ./index.txt)
+
+default_days = 1 # how long to certify for
+
+#default_crl_days = 30 # the number of days before the
+default_crl_days = 10950 # next CRL is due. That is the
+ # days from now to place in the
+ # CRL nextUpdate field. If CRL
+ # is expired, certificate
+ # verifications will fail even
+ # for otherwise valid
+ # certificates. Clients might
+ # cache the CRL, so the expiry
+ # period should normally be
+ # relatively short (default:
+ # 30) for production CAs.
+
+default_md = sha256 # digest to use
+
+policy = policy_default # default policy
+email_in_dn = no # Don't add the email into cert DN
+
+name_opt = ca_default # Subject name display option
+cert_opt = ca_default # Certificate display option
+
+# We need the following in order to copy Subject Alt Name(s) from a
+# request to the certificate.
+copy_extensions = copy # copy extensions from request
+
+[policy_default]
+countryName = optional
+stateOrProvinceName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# default certificate requests settings
+[req]
+# Options for the `req` tool (`man req`).
+default_bits = 3072 # for RSA only
+distinguished_name = req_default
+string_mask = utf8only
+# SHA-1 is deprecated, so use SHA-256 instead.
+default_md = sha256
+# do not encrypt the private key file
+encrypt_key = no
+
+[req_default]
+# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
+countryName = Country Name (2 letter code)
+stateOrProvinceName = State or Province Name (full name)
+localityName = Locality Name (e.g., city)
+0.organizationName = Organization Name (e.g., company)
+organizationalUnitName = Organizational Unit Name (e.g. department)
+commonName = Common Name (e.g. server FQDN or YOUR name)
+emailAddress = Email Address
+# defaults
+countryName_default = UA
+stateOrProvinceName_default = Kharkiv Oblast
+localityName_default = Kharkiv
+0.organizationName_default = ISC
+organizationalUnitName_default = Software Engeneering (BIND 9)
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIE3TCCA0WgAwIBAgIUeZPKrvbGEBZaRc2jNczlIsJXyPYwDQYJKoZIhvcNAQEL
+BQAwfTELMAkGA1UEBhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4G
+A1UEBwwHS2hhcmtpdjEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0
+aXVtMRwwGgYDVQQDDBNjYS50ZXN0LmV4YW1wbGUuY29tMCAXDTIyMDEyNDEyNDA1
+NFoYDzIwNTIwMTE3MTI0MDU0WjB9MQswCQYDVQQGEwJVQTEYMBYGA1UECAwPS2hh
+cmtpdiBPYmxhc3QnMRAwDgYDVQQHDAdLaGFya2l2MSQwIgYDVQQKDBtJbnRlcm5l
+dCBTeXN0ZW1zIENvbnNvcnRpdW0xHDAaBgNVBAMME2NhLnRlc3QuZXhhbXBsZS5j
+b20wggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCi6hEegBzpUKbE1NTo
+Z7uz7EMUY7TBckkiw/7ydTLKNa8YI4JpBguFvWQsDY0dGFJIoVwyHyNx3seW/LoI
+B5zWPZ2xbOvLLceA+t2NZpbc98E7jUOVS123yED+nqlfZjCq9Zt0r/ezwnQtjnFF
+ko1mcU4H9Jvg8aIgnU2AxE78zciU9CY8799pFFNThIjbooI8oVbfjbzbpmLzxjA5
+3rDmZBTh+ySTlMa2U2oT4WPjRltZWnJVegRRLpG95GnTbQ1fkJAbj1Iu10XTkCee
+wBOqaA1UJem0a6pby5odE414Y7c0ETKcmaJtYENQyO0IJwZWDKtVe5OTIAklakia
+eyFTCAw1h5tHCYLaJW/Yu2wlLl5RNQcRZ9+cWXnldTY+TI1iBjfmADjLdKJYUlhX
+z7kWJtTi63Sdv6WYcEXxaWpxT+R3e2kaR/R7GOo4gdkWpX1siGlRteHHH2/36CSQ
+ZD2etcTUpGW+KDHFR4grnEfL1rt9UgvCjpa4KcssmZtWSSUCAwEAAaNTMFEwHQYD
+VR0OBBYEFHyJ6Fzr5R9ySATFj/uSCJz1YCY5MB8GA1UdIwQYMBaAFHyJ6Fzr5R9y
+SATFj/uSCJz1YCY5MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggGB
+AF3y0hvzyZWtmuG1JwIcOcc1aPl1KdRy8bao/5iHYGYYrsdDgcO5/e+y9S/izalc
+TdW7SKB5iBOCiE8fBNtToCvGP+fxNxHijpAmTr37G5sWuSo1T1VYFizHWL+df/Ig
+TcSvDrEjSnAwaEdNJUWtjoIC4VzNKTLtZf16QIATTzTZa3bfgSetpWS7LhLQbHod
+CSGI2QB1LRbqGC+a1Y85QxHv81jWzPWPzXYvnOLrDdQyBMOBcxDzrN4b6zg+5Itz
+qGYt+IS71jAH0IhxAyD/U5n1jGJv02BnSq0ynLEOD6gsnZjqAwPbt/PM9pGbtbXO
+70Q9rxr+vQc1IISKAEiH3txaEPi10wU98d6LbInJvQrmgHo/ntet8skWNYuxlEzS
+wvynuE9KvvQtOTodWt5AePtKrhHdxu527a4CHVp59nYUjKSdMKjvmhMRXM1cNjFE
+rA/pyyhozR47w3RzHMJVHw2GJ2B/HeqmxpXr1CmJjoRP38QCR7N+mqiZy85Fq2j2
+8Q==
+-----END CERTIFICATE-----
--- /dev/null
+Please take a look at the contents of the CA.cfg file for further
+instructions and configurations options.
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAxARyCz9Aq5XQpE4SV
+IKYvvz2K9IjosWKkcbxjh0rW62RGyi4c3pSo6so8tpvHXzmhZANiAAQ2bCdh34Lt
+hA8MzF7BeZhYfvUODFH3fSSAJuRDMSaO02f294+E2Icy91W9AhFetSceZa0Dhldc
+aVVaPVm3bhhjvLUGFImFmccFtNtQj/llRCbY9VFtbfXaY/Vq5243EAg=
+-----END PRIVATE KEY-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ c5:86:68:39:7b:1c:c4:9f
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
+ Validity
+ Not Before: Sep 3 15:33:14 2024 GMT
+ Not After : Aug 27 15:33:14 2054 GMT
+ Subject: CN=srv02.crt01.example.com
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:36:6c:27:61:df:82:ed:84:0f:0c:cc:5e:c1:79:
+ 98:58:7e:f5:0e:0c:51:f7:7d:24:80:26:e4:43:31:
+ 26:8e:d3:67:f6:f7:8f:84:d8:87:32:f7:55:bd:02:
+ 11:5e:b5:27:1e:65:ad:03:86:57:5c:69:55:5a:3d:
+ 59:b7:6e:18:63:bc:b5:06:14:89:85:99:c7:05:b4:
+ db:50:8f:f9:65:44:26:d8:f5:51:6d:6d:f5:da:63:
+ f5:6a:e7:6e:37:10:08
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Subject Alternative Name:
+ DNS:srv02.crt01.example.com, IP Address:10.53.0.2
+ X509v3 Subject Key Identifier:
+ 4C:A6:2B:5F:55:DF:2E:1E:FA:E8:C6:3F:05:25:20:69:BA:60:3B:E2
+ X509v3 Authority Key Identifier:
+ 7C:89:E8:5C:EB:E5:1F:72:48:04:C5:8F:FB:92:08:9C:F5:60:26:39
+ Signature Algorithm: sha256WithRSAEncryption
+ Signature Value:
+ 1d:22:c4:60:42:9a:d8:ac:54:cf:77:be:17:d0:eb:b4:7d:44:
+ b1:ad:bf:53:0e:be:61:37:bf:7b:a6:78:7e:a0:3f:aa:21:cd:
+ 09:3a:d4:41:b5:9f:31:a2:c9:db:df:94:a4:05:02:dd:98:04:
+ 38:55:af:20:3a:4d:82:cd:37:0f:a5:b8:9c:dc:0d:f8:07:c9:
+ 9d:8e:0a:4f:df:f1:8d:0c:53:9b:56:a2:35:7e:0a:3d:47:89:
+ ad:76:8f:6c:f5:15:0e:3f:05:af:fb:f8:97:97:a3:91:a6:cf:
+ 22:04:c0:35:24:84:b4:e5:4d:c0:bf:e0:8d:8b:59:bf:71:2e:
+ c3:d8:8e:c9:9d:ba:0a:32:cb:0f:b8:b8:e3:91:f9:77:78:55:
+ 17:9f:6e:09:d6:29:86:25:b6:0d:9b:52:b7:0a:75:f7:cd:09:
+ 5d:04:83:9f:08:8f:eb:8c:23:73:e0:14:2b:be:ba:22:96:8f:
+ 68:f8:c7:39:a7:44:9b:1d:ce:cb:eb:04:33:c0:da:b8:03:c0:
+ 5b:7a:3c:a1:f5:28:92:93:06:f2:32:c3:38:fe:68:5d:64:21:
+ 6e:3f:8b:80:f8:01:8f:19:5c:fa:13:6c:5e:27:55:19:70:87:
+ 70:02:80:79:d2:37:d3:d9:05:b1:8e:50:37:24:f0:32:33:bb:
+ e9:f2:26:f8:19:92:d5:ad:2a:09:c1:b0:48:52:f4:e3:62:cd:
+ e1:b4:51:d9:0a:88:e3:fb:1e:c9:5c:a5:83:fe:30:9d:cf:83:
+ 22:ba:1a:cd:c9:a9:e0:3d:cc:8d:f7:68:9e:17:a2:36:78:ab:
+ 6f:01:de:20:a1:0d:a2:30:12:ee:45:14:b6:f7:c4:e4:d3:4e:
+ c7:0b:d7:14:b2:49:5c:f8:3a:fc:29:43:fa:97:d1:70:46:54:
+ c0:a9:c6:eb:f0:91:59:0e:24:8f:e5:38:79:38:fb:86:ab:3c:
+ b1:ea:d2:a3:4c:2c:e4:29:1a:03:da:54:a0:a6:73:ac:b4:c8:
+ 02:5a:4c:38:e0:23
+-----BEGIN CERTIFICATE-----
+MIIDYjCCAcqgAwIBAgIJAMWGaDl7HMSfMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNV
+BAYTAlVBMRgwFgYDVQQIDA9LaGFya2l2IE9ibGFzdCcxEDAOBgNVBAcMB0toYXJr
+aXYxJDAiBgNVBAoMG0ludGVybmV0IFN5c3RlbXMgQ29uc29ydGl1bTEcMBoGA1UE
+AwwTY2EudGVzdC5leGFtcGxlLmNvbTAgFw0yNDA5MDMxNTMzMTRaGA8yMDU0MDgy
+NzE1MzMxNFowIjEgMB4GA1UEAwwXc3J2MDIuY3J0MDEuZXhhbXBsZS5jb20wdjAQ
+BgcqhkjOPQIBBgUrgQQAIgNiAAQ2bCdh34LthA8MzF7BeZhYfvUODFH3fSSAJuRD
+MSaO02f294+E2Icy91W9AhFetSceZa0DhldcaVVaPVm3bhhjvLUGFImFmccFtNtQ
+j/llRCbY9VFtbfXaY/Vq5243EAijbDBqMCgGA1UdEQQhMB+CF3NydjAyLmNydDAx
+LmV4YW1wbGUuY29thwQKNQACMB0GA1UdDgQWBBRMpitfVd8uHvroxj8FJSBpumA7
+4jAfBgNVHSMEGDAWgBR8iehc6+UfckgExY/7kgic9WAmOTANBgkqhkiG9w0BAQsF
+AAOCAYEAHSLEYEKa2KxUz3e+F9DrtH1Esa2/Uw6+YTe/e6Z4fqA/qiHNCTrUQbWf
+MaLJ29+UpAUC3ZgEOFWvIDpNgs03D6W4nNwN+AfJnY4KT9/xjQxTm1aiNX4KPUeJ
+rXaPbPUVDj8Fr/v4l5ejkabPIgTANSSEtOVNwL/gjYtZv3Euw9iOyZ26CjLLD7i4
+45H5d3hVF59uCdYphiW2DZtStwp1980JXQSDnwiP64wjc+AUK766IpaPaPjHOadE
+mx3Oy+sEM8DauAPAW3o8ofUokpMG8jLDOP5oXWQhbj+LgPgBjxlc+hNsXidVGXCH
+cAKAedI309kFsY5QNyTwMjO76fIm+BmS1a0qCcGwSFL042LN4bRR2QqI4/seyVyl
+g/4wnc+DIroazcmp4D3MjfdonheiNnirbwHeIKENojAS7kUUtvfE5NNOxwvXFLJJ
+XPg6/ClD+pfRcEZUwKnG6/CRWQ4kj+U4eTj7hqs8serSo0ws5CkaA9pUoKZzrLTI
+AlpMOOAj
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDVfQs1V2UjdqTM0Z0P
+DDtGwwtGUR2P6PEyDQgebPRUpWxbVGf4W0N0DWy5C9UkMJihZANiAARNrIyo/8cA
+Dc5puRjsTirIBvu+vKntuMfEUganjXfqO/nYzh3XtC3xGv8NcE+KqZz6pMQw8OXY
+Pd1i8n1Ajl/cV2zdVDggDr7milzE6feVSPk0JrxduaqV+MnXJity65Q=
+-----END PRIVATE KEY-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ c5:86:68:39:7b:1c:c4:a1
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
+ Validity
+ Not Before: Sep 2 15:33:27 2024 GMT
+ Not After : Sep 3 15:33:27 2024 GMT
+ Subject: CN=srv03.crt01-expired.example.com
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:4d:ac:8c:a8:ff:c7:00:0d:ce:69:b9:18:ec:4e:
+ 2a:c8:06:fb:be:bc:a9:ed:b8:c7:c4:52:06:a7:8d:
+ 77:ea:3b:f9:d8:ce:1d:d7:b4:2d:f1:1a:ff:0d:70:
+ 4f:8a:a9:9c:fa:a4:c4:30:f0:e5:d8:3d:dd:62:f2:
+ 7d:40:8e:5f:dc:57:6c:dd:54:38:20:0e:be:e6:8a:
+ 5c:c4:e9:f7:95:48:f9:34:26:bc:5d:b9:aa:95:f8:
+ c9:d7:26:2b:72:eb:94
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Subject Alternative Name:
+ DNS:srv03.crt01-expired.example.com, IP Address:10.53.0.3
+ X509v3 Subject Key Identifier:
+ 72:38:25:01:CB:38:FF:CB:D3:78:24:43:BA:64:EA:76:FB:58:F6:EA
+ X509v3 Authority Key Identifier:
+ 7C:89:E8:5C:EB:E5:1F:72:48:04:C5:8F:FB:92:08:9C:F5:60:26:39
+ Signature Algorithm: sha256WithRSAEncryption
+ Signature Value:
+ 4a:f3:59:df:4d:ff:fd:de:fc:c8:bc:34:4c:e1:39:00:62:09:
+ c8:34:2b:d0:3e:52:91:ea:ae:da:86:94:7d:83:84:48:5d:50:
+ ac:b7:a5:70:87:f4:62:f0:c6:9a:73:d2:78:29:cf:21:20:ae:
+ 0e:b0:55:36:1d:6c:c1:7f:0f:b7:26:d8:14:43:64:c6:58:8b:
+ 68:87:fd:cc:3f:d1:c1:f5:67:71:bc:71:7b:d4:f1:02:b0:4c:
+ dd:b2:4a:18:99:46:3a:44:b2:6b:c4:61:79:8f:be:e8:19:d4:
+ cc:f7:95:32:b0:74:18:76:c6:df:5f:c1:90:24:3c:a6:5d:2a:
+ 6f:90:7d:94:43:f3:df:1f:80:70:ff:8a:c8:b9:1f:c5:4e:08:
+ d1:54:f0:d8:72:af:07:30:9f:8a:65:66:ff:ff:a4:37:de:10:
+ 01:a6:00:c7:31:08:dd:f0:0a:5f:d3:e6:dd:d1:37:43:f2:44:
+ 13:bc:9e:68:40:bd:96:84:16:73:0f:01:95:40:65:ba:70:93:
+ a9:81:27:6e:b6:fb:ad:10:36:46:a3:75:94:00:62:f3:10:32:
+ c2:4a:0e:3a:bf:ab:07:14:a3:68:fd:eb:c7:c8:16:90:30:80:
+ f1:28:5c:64:a7:ba:8e:fa:27:09:4c:0b:08:d9:56:77:cd:25:
+ 7c:1f:58:78:48:c1:8c:73:10:39:f2:06:79:7c:8d:b9:ca:25:
+ 7c:b1:75:62:68:a7:14:c6:5b:00:78:67:e4:d8:e1:62:0b:6e:
+ 8d:5a:e6:23:d2:d4:dd:28:71:32:16:88:ad:b3:ee:a6:69:e7:
+ ff:1e:85:62:3c:65:88:c7:47:0c:1d:a0:d9:12:5c:31:98:01:
+ cd:a4:28:52:ad:dc:8b:1a:e6:d4:62:3d:1b:c6:52:00:b5:34:
+ 9d:1d:d8:6b:d3:ce:63:52:62:13:74:2a:7c:ff:0a:d7:0b:99:
+ a9:2b:b3:ba:e8:cf:a0:77:f0:85:12:ba:4c:54:71:74:dd:32:
+ 13:ca:44:c2:0f:d9
+-----BEGIN CERTIFICATE-----
+MIIDcDCCAdigAwIBAgIJAMWGaDl7HMShMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNV
+BAYTAlVBMRgwFgYDVQQIDA9LaGFya2l2IE9ibGFzdCcxEDAOBgNVBAcMB0toYXJr
+aXYxJDAiBgNVBAoMG0ludGVybmV0IFN5c3RlbXMgQ29uc29ydGl1bTEcMBoGA1UE
+AwwTY2EudGVzdC5leGFtcGxlLmNvbTAeFw0yNDA5MDIxNTMzMjdaFw0yNDA5MDMx
+NTMzMjdaMCoxKDAmBgNVBAMMH3NydjAzLmNydDAxLWV4cGlyZWQuZXhhbXBsZS5j
+b20wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARNrIyo/8cADc5puRjsTirIBvu+vKnt
+uMfEUganjXfqO/nYzh3XtC3xGv8NcE+KqZz6pMQw8OXYPd1i8n1Ajl/cV2zdVDgg
+Dr7milzE6feVSPk0JrxduaqV+MnXJity65SjdDByMDAGA1UdEQQpMCeCH3NydjAz
+LmNydDAxLWV4cGlyZWQuZXhhbXBsZS5jb22HBAo1AAMwHQYDVR0OBBYEFHI4JQHL
+OP/L03gkQ7pk6nb7WPbqMB8GA1UdIwQYMBaAFHyJ6Fzr5R9ySATFj/uSCJz1YCY5
+MA0GCSqGSIb3DQEBCwUAA4IBgQBK81nfTf/93vzIvDRM4TkAYgnINCvQPlKR6q7a
+hpR9g4RIXVCst6Vwh/Ri8Maac9J4Kc8hIK4OsFU2HWzBfw+3JtgUQ2TGWItoh/3M
+P9HB9WdxvHF71PECsEzdskoYmUY6RLJrxGF5j77oGdTM95UysHQYdsbfX8GQJDym
+XSpvkH2UQ/PfH4Bw/4rIuR/FTgjRVPDYcq8HMJ+KZWb//6Q33hABpgDHMQjd8Apf
+0+bd0TdD8kQTvJ5oQL2WhBZzDwGVQGW6cJOpgSdutvutEDZGo3WUAGLzEDLCSg46
+v6sHFKNo/evHyBaQMIDxKFxkp7qO+icJTAsI2VZ3zSV8H1h4SMGMcxA58gZ5fI25
+yiV8sXViaKcUxlsAeGfk2OFiC26NWuYj0tTdKHEyFoits+6maef/HoViPGWIx0cM
+HaDZElwxmAHNpChSrdyLGubUYj0bxlIAtTSdHdhr085jUmITdCp8/wrXC5mpK7O6
+6M+gd/CFErpMVHF03TITykTCD9k=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAEmVA9V00diOvZfEJV
+N7piEbfN7fULRHWg2k4g7V2Ivpn9LfBsaYh5+Acf271G0mKhZANiAAQSbFty27Ro
+RO7BPZFI9yM5V64xIUGMe4o4LYBA6cKhFFCVO0fX6h6bO0wgh2fCgYbWOq2X6Q1X
+/x36gVJCzgXSBXPNktdMIxki9cttREvXo1cmELKl/n+PXDgxcbg/RbM=
+-----END PRIVATE KEY-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ c5:86:68:39:7b:1c:c4:a0
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
+ Validity
+ Not Before: Sep 3 15:33:18 2024 GMT
+ Not After : Aug 27 15:33:18 2054 GMT
+ Subject: CN=srv03.crt01.example.com
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:12:6c:5b:72:db:b4:68:44:ee:c1:3d:91:48:f7:
+ 23:39:57:ae:31:21:41:8c:7b:8a:38:2d:80:40:e9:
+ c2:a1:14:50:95:3b:47:d7:ea:1e:9b:3b:4c:20:87:
+ 67:c2:81:86:d6:3a:ad:97:e9:0d:57:ff:1d:fa:81:
+ 52:42:ce:05:d2:05:73:cd:92:d7:4c:23:19:22:f5:
+ cb:6d:44:4b:d7:a3:57:26:10:b2:a5:fe:7f:8f:5c:
+ 38:31:71:b8:3f:45:b3
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Subject Alternative Name:
+ DNS:srv03.crt01.example.com, IP Address:10.53.0.3
+ X509v3 Subject Key Identifier:
+ 6A:4F:85:19:52:0E:08:29:28:1B:96:53:84:97:0E:AA:35:C3:96:27
+ X509v3 Authority Key Identifier:
+ 7C:89:E8:5C:EB:E5:1F:72:48:04:C5:8F:FB:92:08:9C:F5:60:26:39
+ Signature Algorithm: sha256WithRSAEncryption
+ Signature Value:
+ 62:05:bb:62:4e:2a:6a:46:00:49:3e:83:b3:a7:ff:40:68:02:
+ 36:06:1f:e7:c9:47:db:72:09:be:78:bc:e6:c5:b4:8c:51:7c:
+ d5:93:06:ec:24:ad:11:a7:32:16:3a:55:79:a3:ab:4c:68:10:
+ 78:f2:e8:24:b3:c0:9c:3a:cd:11:45:7a:22:37:3e:a3:9d:5d:
+ 3e:ed:91:bd:58:04:2d:f6:6d:2e:0f:61:1d:4f:ab:d7:47:11:
+ 1b:c7:06:9d:1d:2d:df:85:93:fa:08:dc:27:32:3a:70:37:61:
+ 7a:58:95:0a:ca:62:ea:28:64:a1:2d:37:0e:7d:f9:0a:6c:71:
+ 23:20:6a:5d:2d:6b:f2:fe:23:f8:7b:89:51:21:e3:dd:2d:52:
+ e7:a3:bc:b9:62:86:65:21:de:90:6a:66:f8:ef:25:aa:da:e5:
+ b7:5f:f1:8e:ab:2d:5a:50:5f:b8:98:8a:00:d0:7b:e3:51:ec:
+ d8:a5:67:ee:2a:93:b5:62:84:9b:f5:c7:cd:72:de:53:99:a8:
+ 45:b3:f6:4c:31:58:f2:5c:cd:a3:ec:f1:1c:3a:29:cf:8e:b8:
+ 60:ba:c3:cd:d9:7d:bd:9a:b0:41:b3:dd:fb:37:0f:56:54:5b:
+ 5e:99:d1:a7:58:57:ac:9e:52:c5:74:3e:c2:df:72:82:07:bf:
+ b2:48:87:9e:16:d8:03:3b:3b:a2:0a:03:55:83:69:44:f2:14:
+ c8:6b:50:20:89:85:16:b4:be:c6:6c:42:91:00:09:d7:55:9f:
+ c3:0c:9b:5f:58:bf:43:9d:42:ca:f3:25:1f:d8:f4:b2:87:86:
+ a8:59:60:e9:53:23:2e:27:e8:97:02:d6:a6:91:9a:81:fb:28:
+ e4:47:86:c3:3a:55:ca:f0:24:1f:be:dd:00:d3:db:6a:20:5c:
+ a3:b0:7a:5f:d9:a7:9b:35:f7:23:c7:2b:9d:98:f9:5c:89:5a:
+ 6d:d4:ed:1c:d7:ec:40:0c:b0:c2:92:24:4b:78:a1:ab:7e:27:
+ cf:19:2c:ec:3a:77
+-----BEGIN CERTIFICATE-----
+MIIDYjCCAcqgAwIBAgIJAMWGaDl7HMSgMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNV
+BAYTAlVBMRgwFgYDVQQIDA9LaGFya2l2IE9ibGFzdCcxEDAOBgNVBAcMB0toYXJr
+aXYxJDAiBgNVBAoMG0ludGVybmV0IFN5c3RlbXMgQ29uc29ydGl1bTEcMBoGA1UE
+AwwTY2EudGVzdC5leGFtcGxlLmNvbTAgFw0yNDA5MDMxNTMzMThaGA8yMDU0MDgy
+NzE1MzMxOFowIjEgMB4GA1UEAwwXc3J2MDMuY3J0MDEuZXhhbXBsZS5jb20wdjAQ
+BgcqhkjOPQIBBgUrgQQAIgNiAAQSbFty27RoRO7BPZFI9yM5V64xIUGMe4o4LYBA
+6cKhFFCVO0fX6h6bO0wgh2fCgYbWOq2X6Q1X/x36gVJCzgXSBXPNktdMIxki9ctt
+REvXo1cmELKl/n+PXDgxcbg/RbOjbDBqMCgGA1UdEQQhMB+CF3NydjAzLmNydDAx
+LmV4YW1wbGUuY29thwQKNQADMB0GA1UdDgQWBBRqT4UZUg4IKSgbllOElw6qNcOW
+JzAfBgNVHSMEGDAWgBR8iehc6+UfckgExY/7kgic9WAmOTANBgkqhkiG9w0BAQsF
+AAOCAYEAYgW7Yk4qakYAST6Ds6f/QGgCNgYf58lH23IJvni85sW0jFF81ZMG7CSt
+EacyFjpVeaOrTGgQePLoJLPAnDrNEUV6Ijc+o51dPu2RvVgELfZtLg9hHU+r10cR
+G8cGnR0t34WT+gjcJzI6cDdheliVCspi6ihkoS03Dn35CmxxIyBqXS1r8v4j+HuJ
+USHj3S1S56O8uWKGZSHekGpm+O8lqtrlt1/xjqstWlBfuJiKANB741Hs2KVn7iqT
+tWKEm/XHzXLeU5moRbP2TDFY8lzNo+zxHDopz464YLrDzdl9vZqwQbPd+zcPVlRb
+XpnRp1hXrJ5SxXQ+wt9ygge/skiHnhbYAzs7ogoDVYNpRPIUyGtQIImFFrS+xmxC
+kQAJ11WfwwybX1i/Q51CyvMlH9j0soeGqFlg6VMjLifolwLWppGagfso5EeGwzpV
+yvAkH77dANPbaiBco7B6X9mnmzX3I8crnZj5XIlabdTtHNfsQAywwpIkS3ihq34n
+zxks7Dp3
+-----END CERTIFICATE-----
--- /dev/null
+V 20540827153314Z C58668397B1CC49F unknown /CN=srv02.crt01.example.com
+V 20540827153318Z C58668397B1CC4A0 unknown /CN=srv03.crt01.example.com
+V 240903153327Z C58668397B1CC4A1 unknown /CN=srv03.crt01-expired.example.com
--- /dev/null
+unique_subject = yes
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ c5:86:68:39:7b:1c:c4:9f
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
+ Validity
+ Not Before: Sep 3 15:33:14 2024 GMT
+ Not After : Aug 27 15:33:14 2054 GMT
+ Subject: CN=srv02.crt01.example.com
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:36:6c:27:61:df:82:ed:84:0f:0c:cc:5e:c1:79:
+ 98:58:7e:f5:0e:0c:51:f7:7d:24:80:26:e4:43:31:
+ 26:8e:d3:67:f6:f7:8f:84:d8:87:32:f7:55:bd:02:
+ 11:5e:b5:27:1e:65:ad:03:86:57:5c:69:55:5a:3d:
+ 59:b7:6e:18:63:bc:b5:06:14:89:85:99:c7:05:b4:
+ db:50:8f:f9:65:44:26:d8:f5:51:6d:6d:f5:da:63:
+ f5:6a:e7:6e:37:10:08
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Subject Alternative Name:
+ DNS:srv02.crt01.example.com, IP Address:10.53.0.2
+ X509v3 Subject Key Identifier:
+ 4C:A6:2B:5F:55:DF:2E:1E:FA:E8:C6:3F:05:25:20:69:BA:60:3B:E2
+ X509v3 Authority Key Identifier:
+ 7C:89:E8:5C:EB:E5:1F:72:48:04:C5:8F:FB:92:08:9C:F5:60:26:39
+ Signature Algorithm: sha256WithRSAEncryption
+ Signature Value:
+ 1d:22:c4:60:42:9a:d8:ac:54:cf:77:be:17:d0:eb:b4:7d:44:
+ b1:ad:bf:53:0e:be:61:37:bf:7b:a6:78:7e:a0:3f:aa:21:cd:
+ 09:3a:d4:41:b5:9f:31:a2:c9:db:df:94:a4:05:02:dd:98:04:
+ 38:55:af:20:3a:4d:82:cd:37:0f:a5:b8:9c:dc:0d:f8:07:c9:
+ 9d:8e:0a:4f:df:f1:8d:0c:53:9b:56:a2:35:7e:0a:3d:47:89:
+ ad:76:8f:6c:f5:15:0e:3f:05:af:fb:f8:97:97:a3:91:a6:cf:
+ 22:04:c0:35:24:84:b4:e5:4d:c0:bf:e0:8d:8b:59:bf:71:2e:
+ c3:d8:8e:c9:9d:ba:0a:32:cb:0f:b8:b8:e3:91:f9:77:78:55:
+ 17:9f:6e:09:d6:29:86:25:b6:0d:9b:52:b7:0a:75:f7:cd:09:
+ 5d:04:83:9f:08:8f:eb:8c:23:73:e0:14:2b:be:ba:22:96:8f:
+ 68:f8:c7:39:a7:44:9b:1d:ce:cb:eb:04:33:c0:da:b8:03:c0:
+ 5b:7a:3c:a1:f5:28:92:93:06:f2:32:c3:38:fe:68:5d:64:21:
+ 6e:3f:8b:80:f8:01:8f:19:5c:fa:13:6c:5e:27:55:19:70:87:
+ 70:02:80:79:d2:37:d3:d9:05:b1:8e:50:37:24:f0:32:33:bb:
+ e9:f2:26:f8:19:92:d5:ad:2a:09:c1:b0:48:52:f4:e3:62:cd:
+ e1:b4:51:d9:0a:88:e3:fb:1e:c9:5c:a5:83:fe:30:9d:cf:83:
+ 22:ba:1a:cd:c9:a9:e0:3d:cc:8d:f7:68:9e:17:a2:36:78:ab:
+ 6f:01:de:20:a1:0d:a2:30:12:ee:45:14:b6:f7:c4:e4:d3:4e:
+ c7:0b:d7:14:b2:49:5c:f8:3a:fc:29:43:fa:97:d1:70:46:54:
+ c0:a9:c6:eb:f0:91:59:0e:24:8f:e5:38:79:38:fb:86:ab:3c:
+ b1:ea:d2:a3:4c:2c:e4:29:1a:03:da:54:a0:a6:73:ac:b4:c8:
+ 02:5a:4c:38:e0:23
+-----BEGIN CERTIFICATE-----
+MIIDYjCCAcqgAwIBAgIJAMWGaDl7HMSfMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNV
+BAYTAlVBMRgwFgYDVQQIDA9LaGFya2l2IE9ibGFzdCcxEDAOBgNVBAcMB0toYXJr
+aXYxJDAiBgNVBAoMG0ludGVybmV0IFN5c3RlbXMgQ29uc29ydGl1bTEcMBoGA1UE
+AwwTY2EudGVzdC5leGFtcGxlLmNvbTAgFw0yNDA5MDMxNTMzMTRaGA8yMDU0MDgy
+NzE1MzMxNFowIjEgMB4GA1UEAwwXc3J2MDIuY3J0MDEuZXhhbXBsZS5jb20wdjAQ
+BgcqhkjOPQIBBgUrgQQAIgNiAAQ2bCdh34LthA8MzF7BeZhYfvUODFH3fSSAJuRD
+MSaO02f294+E2Icy91W9AhFetSceZa0DhldcaVVaPVm3bhhjvLUGFImFmccFtNtQ
+j/llRCbY9VFtbfXaY/Vq5243EAijbDBqMCgGA1UdEQQhMB+CF3NydjAyLmNydDAx
+LmV4YW1wbGUuY29thwQKNQACMB0GA1UdDgQWBBRMpitfVd8uHvroxj8FJSBpumA7
+4jAfBgNVHSMEGDAWgBR8iehc6+UfckgExY/7kgic9WAmOTANBgkqhkiG9w0BAQsF
+AAOCAYEAHSLEYEKa2KxUz3e+F9DrtH1Esa2/Uw6+YTe/e6Z4fqA/qiHNCTrUQbWf
+MaLJ29+UpAUC3ZgEOFWvIDpNgs03D6W4nNwN+AfJnY4KT9/xjQxTm1aiNX4KPUeJ
+rXaPbPUVDj8Fr/v4l5ejkabPIgTANSSEtOVNwL/gjYtZv3Euw9iOyZ26CjLLD7i4
+45H5d3hVF59uCdYphiW2DZtStwp1980JXQSDnwiP64wjc+AUK766IpaPaPjHOadE
+mx3Oy+sEM8DauAPAW3o8ofUokpMG8jLDOP5oXWQhbj+LgPgBjxlc+hNsXidVGXCH
+cAKAedI309kFsY5QNyTwMjO76fIm+BmS1a0qCcGwSFL042LN4bRR2QqI4/seyVyl
+g/4wnc+DIroazcmp4D3MjfdonheiNnirbwHeIKENojAS7kUUtvfE5NNOxwvXFLJJ
+XPg6/ClD+pfRcEZUwKnG6/CRWQ4kj+U4eTj7hqs8serSo0ws5CkaA9pUoKZzrLTI
+AlpMOOAj
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ c5:86:68:39:7b:1c:c4:a0
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
+ Validity
+ Not Before: Sep 3 15:33:18 2024 GMT
+ Not After : Aug 27 15:33:18 2054 GMT
+ Subject: CN=srv03.crt01.example.com
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:12:6c:5b:72:db:b4:68:44:ee:c1:3d:91:48:f7:
+ 23:39:57:ae:31:21:41:8c:7b:8a:38:2d:80:40:e9:
+ c2:a1:14:50:95:3b:47:d7:ea:1e:9b:3b:4c:20:87:
+ 67:c2:81:86:d6:3a:ad:97:e9:0d:57:ff:1d:fa:81:
+ 52:42:ce:05:d2:05:73:cd:92:d7:4c:23:19:22:f5:
+ cb:6d:44:4b:d7:a3:57:26:10:b2:a5:fe:7f:8f:5c:
+ 38:31:71:b8:3f:45:b3
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Subject Alternative Name:
+ DNS:srv03.crt01.example.com, IP Address:10.53.0.3
+ X509v3 Subject Key Identifier:
+ 6A:4F:85:19:52:0E:08:29:28:1B:96:53:84:97:0E:AA:35:C3:96:27
+ X509v3 Authority Key Identifier:
+ 7C:89:E8:5C:EB:E5:1F:72:48:04:C5:8F:FB:92:08:9C:F5:60:26:39
+ Signature Algorithm: sha256WithRSAEncryption
+ Signature Value:
+ 62:05:bb:62:4e:2a:6a:46:00:49:3e:83:b3:a7:ff:40:68:02:
+ 36:06:1f:e7:c9:47:db:72:09:be:78:bc:e6:c5:b4:8c:51:7c:
+ d5:93:06:ec:24:ad:11:a7:32:16:3a:55:79:a3:ab:4c:68:10:
+ 78:f2:e8:24:b3:c0:9c:3a:cd:11:45:7a:22:37:3e:a3:9d:5d:
+ 3e:ed:91:bd:58:04:2d:f6:6d:2e:0f:61:1d:4f:ab:d7:47:11:
+ 1b:c7:06:9d:1d:2d:df:85:93:fa:08:dc:27:32:3a:70:37:61:
+ 7a:58:95:0a:ca:62:ea:28:64:a1:2d:37:0e:7d:f9:0a:6c:71:
+ 23:20:6a:5d:2d:6b:f2:fe:23:f8:7b:89:51:21:e3:dd:2d:52:
+ e7:a3:bc:b9:62:86:65:21:de:90:6a:66:f8:ef:25:aa:da:e5:
+ b7:5f:f1:8e:ab:2d:5a:50:5f:b8:98:8a:00:d0:7b:e3:51:ec:
+ d8:a5:67:ee:2a:93:b5:62:84:9b:f5:c7:cd:72:de:53:99:a8:
+ 45:b3:f6:4c:31:58:f2:5c:cd:a3:ec:f1:1c:3a:29:cf:8e:b8:
+ 60:ba:c3:cd:d9:7d:bd:9a:b0:41:b3:dd:fb:37:0f:56:54:5b:
+ 5e:99:d1:a7:58:57:ac:9e:52:c5:74:3e:c2:df:72:82:07:bf:
+ b2:48:87:9e:16:d8:03:3b:3b:a2:0a:03:55:83:69:44:f2:14:
+ c8:6b:50:20:89:85:16:b4:be:c6:6c:42:91:00:09:d7:55:9f:
+ c3:0c:9b:5f:58:bf:43:9d:42:ca:f3:25:1f:d8:f4:b2:87:86:
+ a8:59:60:e9:53:23:2e:27:e8:97:02:d6:a6:91:9a:81:fb:28:
+ e4:47:86:c3:3a:55:ca:f0:24:1f:be:dd:00:d3:db:6a:20:5c:
+ a3:b0:7a:5f:d9:a7:9b:35:f7:23:c7:2b:9d:98:f9:5c:89:5a:
+ 6d:d4:ed:1c:d7:ec:40:0c:b0:c2:92:24:4b:78:a1:ab:7e:27:
+ cf:19:2c:ec:3a:77
+-----BEGIN CERTIFICATE-----
+MIIDYjCCAcqgAwIBAgIJAMWGaDl7HMSgMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNV
+BAYTAlVBMRgwFgYDVQQIDA9LaGFya2l2IE9ibGFzdCcxEDAOBgNVBAcMB0toYXJr
+aXYxJDAiBgNVBAoMG0ludGVybmV0IFN5c3RlbXMgQ29uc29ydGl1bTEcMBoGA1UE
+AwwTY2EudGVzdC5leGFtcGxlLmNvbTAgFw0yNDA5MDMxNTMzMThaGA8yMDU0MDgy
+NzE1MzMxOFowIjEgMB4GA1UEAwwXc3J2MDMuY3J0MDEuZXhhbXBsZS5jb20wdjAQ
+BgcqhkjOPQIBBgUrgQQAIgNiAAQSbFty27RoRO7BPZFI9yM5V64xIUGMe4o4LYBA
+6cKhFFCVO0fX6h6bO0wgh2fCgYbWOq2X6Q1X/x36gVJCzgXSBXPNktdMIxki9ctt
+REvXo1cmELKl/n+PXDgxcbg/RbOjbDBqMCgGA1UdEQQhMB+CF3NydjAzLmNydDAx
+LmV4YW1wbGUuY29thwQKNQADMB0GA1UdDgQWBBRqT4UZUg4IKSgbllOElw6qNcOW
+JzAfBgNVHSMEGDAWgBR8iehc6+UfckgExY/7kgic9WAmOTANBgkqhkiG9w0BAQsF
+AAOCAYEAYgW7Yk4qakYAST6Ds6f/QGgCNgYf58lH23IJvni85sW0jFF81ZMG7CSt
+EacyFjpVeaOrTGgQePLoJLPAnDrNEUV6Ijc+o51dPu2RvVgELfZtLg9hHU+r10cR
+G8cGnR0t34WT+gjcJzI6cDdheliVCspi6ihkoS03Dn35CmxxIyBqXS1r8v4j+HuJ
+USHj3S1S56O8uWKGZSHekGpm+O8lqtrlt1/xjqstWlBfuJiKANB741Hs2KVn7iqT
+tWKEm/XHzXLeU5moRbP2TDFY8lzNo+zxHDopz464YLrDzdl9vZqwQbPd+zcPVlRb
+XpnRp1hXrJ5SxXQ+wt9ygge/skiHnhbYAzs7ogoDVYNpRPIUyGtQIImFFrS+xmxC
+kQAJ11WfwwybX1i/Q51CyvMlH9j0soeGqFlg6VMjLifolwLWppGagfso5EeGwzpV
+yvAkH77dANPbaiBco7B6X9mnmzX3I8crnZj5XIlabdTtHNfsQAywwpIkS3ihq34n
+zxks7Dp3
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ c5:86:68:39:7b:1c:c4:a1
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
+ Validity
+ Not Before: Sep 2 15:33:27 2024 GMT
+ Not After : Sep 3 15:33:27 2024 GMT
+ Subject: CN=srv03.crt01-expired.example.com
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:4d:ac:8c:a8:ff:c7:00:0d:ce:69:b9:18:ec:4e:
+ 2a:c8:06:fb:be:bc:a9:ed:b8:c7:c4:52:06:a7:8d:
+ 77:ea:3b:f9:d8:ce:1d:d7:b4:2d:f1:1a:ff:0d:70:
+ 4f:8a:a9:9c:fa:a4:c4:30:f0:e5:d8:3d:dd:62:f2:
+ 7d:40:8e:5f:dc:57:6c:dd:54:38:20:0e:be:e6:8a:
+ 5c:c4:e9:f7:95:48:f9:34:26:bc:5d:b9:aa:95:f8:
+ c9:d7:26:2b:72:eb:94
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Subject Alternative Name:
+ DNS:srv03.crt01-expired.example.com, IP Address:10.53.0.3
+ X509v3 Subject Key Identifier:
+ 72:38:25:01:CB:38:FF:CB:D3:78:24:43:BA:64:EA:76:FB:58:F6:EA
+ X509v3 Authority Key Identifier:
+ 7C:89:E8:5C:EB:E5:1F:72:48:04:C5:8F:FB:92:08:9C:F5:60:26:39
+ Signature Algorithm: sha256WithRSAEncryption
+ Signature Value:
+ 4a:f3:59:df:4d:ff:fd:de:fc:c8:bc:34:4c:e1:39:00:62:09:
+ c8:34:2b:d0:3e:52:91:ea:ae:da:86:94:7d:83:84:48:5d:50:
+ ac:b7:a5:70:87:f4:62:f0:c6:9a:73:d2:78:29:cf:21:20:ae:
+ 0e:b0:55:36:1d:6c:c1:7f:0f:b7:26:d8:14:43:64:c6:58:8b:
+ 68:87:fd:cc:3f:d1:c1:f5:67:71:bc:71:7b:d4:f1:02:b0:4c:
+ dd:b2:4a:18:99:46:3a:44:b2:6b:c4:61:79:8f:be:e8:19:d4:
+ cc:f7:95:32:b0:74:18:76:c6:df:5f:c1:90:24:3c:a6:5d:2a:
+ 6f:90:7d:94:43:f3:df:1f:80:70:ff:8a:c8:b9:1f:c5:4e:08:
+ d1:54:f0:d8:72:af:07:30:9f:8a:65:66:ff:ff:a4:37:de:10:
+ 01:a6:00:c7:31:08:dd:f0:0a:5f:d3:e6:dd:d1:37:43:f2:44:
+ 13:bc:9e:68:40:bd:96:84:16:73:0f:01:95:40:65:ba:70:93:
+ a9:81:27:6e:b6:fb:ad:10:36:46:a3:75:94:00:62:f3:10:32:
+ c2:4a:0e:3a:bf:ab:07:14:a3:68:fd:eb:c7:c8:16:90:30:80:
+ f1:28:5c:64:a7:ba:8e:fa:27:09:4c:0b:08:d9:56:77:cd:25:
+ 7c:1f:58:78:48:c1:8c:73:10:39:f2:06:79:7c:8d:b9:ca:25:
+ 7c:b1:75:62:68:a7:14:c6:5b:00:78:67:e4:d8:e1:62:0b:6e:
+ 8d:5a:e6:23:d2:d4:dd:28:71:32:16:88:ad:b3:ee:a6:69:e7:
+ ff:1e:85:62:3c:65:88:c7:47:0c:1d:a0:d9:12:5c:31:98:01:
+ cd:a4:28:52:ad:dc:8b:1a:e6:d4:62:3d:1b:c6:52:00:b5:34:
+ 9d:1d:d8:6b:d3:ce:63:52:62:13:74:2a:7c:ff:0a:d7:0b:99:
+ a9:2b:b3:ba:e8:cf:a0:77:f0:85:12:ba:4c:54:71:74:dd:32:
+ 13:ca:44:c2:0f:d9
+-----BEGIN CERTIFICATE-----
+MIIDcDCCAdigAwIBAgIJAMWGaDl7HMShMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNV
+BAYTAlVBMRgwFgYDVQQIDA9LaGFya2l2IE9ibGFzdCcxEDAOBgNVBAcMB0toYXJr
+aXYxJDAiBgNVBAoMG0ludGVybmV0IFN5c3RlbXMgQ29uc29ydGl1bTEcMBoGA1UE
+AwwTY2EudGVzdC5leGFtcGxlLmNvbTAeFw0yNDA5MDIxNTMzMjdaFw0yNDA5MDMx
+NTMzMjdaMCoxKDAmBgNVBAMMH3NydjAzLmNydDAxLWV4cGlyZWQuZXhhbXBsZS5j
+b20wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARNrIyo/8cADc5puRjsTirIBvu+vKnt
+uMfEUganjXfqO/nYzh3XtC3xGv8NcE+KqZz6pMQw8OXYPd1i8n1Ajl/cV2zdVDgg
+Dr7milzE6feVSPk0JrxduaqV+MnXJity65SjdDByMDAGA1UdEQQpMCeCH3NydjAz
+LmNydDAxLWV4cGlyZWQuZXhhbXBsZS5jb22HBAo1AAMwHQYDVR0OBBYEFHI4JQHL
+OP/L03gkQ7pk6nb7WPbqMB8GA1UdIwQYMBaAFHyJ6Fzr5R9ySATFj/uSCJz1YCY5
+MA0GCSqGSIb3DQEBCwUAA4IBgQBK81nfTf/93vzIvDRM4TkAYgnINCvQPlKR6q7a
+hpR9g4RIXVCst6Vwh/Ri8Maac9J4Kc8hIK4OsFU2HWzBfw+3JtgUQ2TGWItoh/3M
+P9HB9WdxvHF71PECsEzdskoYmUY6RLJrxGF5j77oGdTM95UysHQYdsbfX8GQJDym
+XSpvkH2UQ/PfH4Bw/4rIuR/FTgjRVPDYcq8HMJ+KZWb//6Q33hABpgDHMQjd8Apf
+0+bd0TdD8kQTvJ5oQL2WhBZzDwGVQGW6cJOpgSdutvutEDZGo3WUAGLzEDLCSg46
+v6sHFKNo/evHyBaQMIDxKFxkp7qO+icJTAsI2VZ3zSV8H1h4SMGMcxA58gZ5fI25
+yiV8sXViaKcUxlsAeGfk2OFiC26NWuYj0tTdKHEyFoits+6maef/HoViPGWIx0cM
+HaDZElwxmAHNpChSrdyLGubUYj0bxlIAtTSdHdhr085jUmITdCp8/wrXC5mpK7O6
+6M+gd/CFErpMVHF03TITykTCD9k=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIIG5AIBAAKCAYEAouoRHoAc6VCmxNTU6Ge7s+xDFGO0wXJJIsP+8nUyyjWvGCOC
+aQYLhb1kLA2NHRhSSKFcMh8jcd7Hlvy6CAec1j2dsWzryy3HgPrdjWaW3PfBO41D
+lUtdt8hA/p6pX2YwqvWbdK/3s8J0LY5xRZKNZnFOB/Sb4PGiIJ1NgMRO/M3IlPQm
+PO/faRRTU4SI26KCPKFW342826Zi88YwOd6w5mQU4fskk5TGtlNqE+Fj40ZbWVpy
+VXoEUS6RveRp020NX5CQG49SLtdF05AnnsATqmgNVCXptGuqW8uaHRONeGO3NBEy
+nJmibWBDUMjtCCcGVgyrVXuTkyAJJWpImnshUwgMNYebRwmC2iVv2LtsJS5eUTUH
+EWffnFl55XU2PkyNYgY35gA4y3SiWFJYV8+5FibU4ut0nb+lmHBF8WlqcU/kd3tp
+Gkf0exjqOIHZFqV9bIhpUbXhxx9v9+gkkGQ9nrXE1KRlvigxxUeIK5xHy9a7fVIL
+wo6WuCnLLJmbVkklAgMBAAECggGBAI5ZV3v/FUQIZK+4CBDKEwizeClotZgR9DWc
+bDgOj8KABe5hmKGL1qWVRuH3NUYm6j7sP1LMQnxM3LjhOuupOzE3xYIyWhW+eoQI
+r23OJiQNl5ohZNweblUXdTMGD5h8AipfUOY0m4tGbZ0gyXixBTxt5HCvG0UB3VgC
+GqZY4Wujo5ADhSXZsqxuRiDDvZGr/YBcuTu87Tg/ulam5ZyrKIcnC9gpSVxqsva9
+DAMy/cSoxUjd7ukhJISK3G3AF3fV4GSslQcJTlyJ2D3+LnqPuHJKYTI4hc46lN3x
+E2g24GdSCPYf6SoEPwACXtbavV8TXwQPJrHN+f+0/ePCI4jkYe5NoA3gwVgMb/WB
+wFchxzVh3V4e8tPGiG+ofKl81DSAW8VZCJLUIbTEce9oxafPT78WJxdC0wWbh5S8
+V/qN6sW/yWnK3oY9SilWhJGRwKOZ+8xtStaDeCzyCaOqEcWi8ZR0QfC33UozlhdC
+SrMKnOXmn/rUuXGrVR56IzIl0M7YAQKBwQDM3GJDdlFuHn6L0syKYdHDS8gXD9ke
+s+ochIP6jvkEPcayaEoZGl8s7RT3iztqXod7wLaZdotktxfDAZnJfeuOcVrCu+Bx
+HLytnBvV6czMfp3REGgQAJQeusSgtlBCTHHVOsDzIjdnkY3WBa7IiFYWO5wnYrGx
+r3ucnwnHaUVDMj1r4YI7mYIpCuYQl6eGyW7mhWewyhVwoQXKbifdrXxjvOigL0Cp
+tgsoU9pql3hpphOaYMX6hLOincTfaMxfnCECgcEAy5UXp3dA0OwK+4iDGKr+cUpk
+AtGTheiE+8zEVh2KYFLt921mW/QZiB1+xtnkknp3c7u07Ugk8jAEXzCkwMnN5ZCx
+LrJ72fC+cLIAbRm6/vMMP8iz83wyttao4qNMeoOBBfE9rEiP+lrugpv282V3ZHYa
+IUZWTeugJbckUHTbD3RZQExmQcRVG3m/TzonBfoZ8HoRj/n3d7V2T911cHUhi8Xn
+RQIi2m63VofOIep86LgartlKneMWnL0oOPq4RKyFAoHAZUzpDkD4nUJZAx025Yrf
+ZfoYNEcy7vq6XmWsuX5vZoiBs4DcezNOMvH9NzdTJxMdXbV61cIHxcK/7j7hZABv
+NZ2Z6sdqgaRbLGIQZaPaEJjfwxygyKDwnY1vY6UjZNVWSMFn3hJiYUVZZKakuiao
+ow/Q9KzZ/2ot7tG5zTCh/ktekfUOKBiNg2wPPc8wGPeMblMzZflXxrzpFyOHdRev
+dcZZJbSX/hO1yrhEPgculNd5xBHsdCegiF4JlwvEW9bhAoHAZQQiy5bx03j8bhkr
+q6bVQFPAUmG5iL16lxLg7TYVPnyH1bk0DDaQIKk6CeN+dmxML2IZgY/FvWK0GKOj
+bIH2J43nTRuFNvwtEvBQI9KbpfvlvRSSriOXaoATJvoObdAoylEM4BrVTk2mgapw
+HA/h8Thk+NPU6S8ctPouC7ogJIf/7Va7erC35j0//0kEqgOSsW9wnXdUItMo1LI3
+nsiQD7Hwcp5/utErKcWTM+MNfdA0dUQesT9ILhfyCGvn2TOdAoHBAKldZkDyRcu9
+r9uDF1bhUEnpV2k4hgvTuCvQ3rzyx3WrVT8ChEmePC8Ke5A54ffu/YdbpDLbdf2c
+j4n5CQhHbMIZs3P2hB3WqDCImApCfMbXaltfBbaT0j7uLJPMp+2+f/wWYpc3R+bn
+HVnaRI2PoXXmG9OjQSQdVZ5gNpkEuemAo3dJOSS6BMqQaSxUynGy7o/a/d4izBjd
+B58Fwq3sZI/Xv90Se9+b6ICST3YJ3p0vn8RKzmlCQjLg/xynpCByiw==
+-----END RSA PRIVATE KEY-----
--- /dev/null
+C58668397B1CC4A2
--- /dev/null
+-----BEGIN DH PARAMETERS-----
+MIIBiAKCAYEA5D/Oioe+G+EMf/9RVxmcV4rZAtqZpVTFHcX0ZulvdiQGCQmopm6K
+3+0uoU2J6WVMjhna5nHD2NO9miRDI/jIxX9g9k6PedSB4o3fSTtkAnGtUbB8S+Ab
+EHtWfd7FTES8P1n16HN7BfPXVbP8zTcK+jO63KdQoxueYoETcrw0Myi9Lm8ri8os
+O4oQ+XAH7GzZ60bcYV9jge0XIRUGVnYZDjWMlnwMvZyjLivxKXTC9HPNA6FF1/0H
+0LPhsfjdoLNsVHFzfQz7QELMfHbTd0C8y0UMDQw9FqUp0esHZ5gsTlqnDHp2ZHoR
+JDfNl4yVO5Gv4HiFJ0NSdggefhESU3FRAOhMmUkctOCxk5hyPqGMsvofOajY2MBp
+eCffrKuAU6/dGUeq8inwrZlAMIZ20WyskHmbHnc4DXo2Uo6xSZo3xyEq1ofXXwTZ
+vPw4e12so3RJAT2a8UsHf7DG1tH+9ke7HCAJQWxUizRFRsMi1Nl/7ikS4f3zgIbX
+GKz9+uk5eS6jAgEC
+-----END DH PARAMETERS-----
--- /dev/null
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+tls tls-forward-secrecy {
+ protocols { TLSv1.2; };
+ ciphers "HIGH:!kRSA:!aNULL:!eNULL:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA256:!SHA384";
+ dhparam-file "../dhparam3072.pem";
+ ca-file "../CA/CA.pem";
+};
+
+tls tls-forward-secrecy-remote-hostname {
+ protocols { TLSv1.2; };
+ ca-file "../CA/CA.pem";
+ remote-hostname "srv03.crt01.example.com";
+};
+
+tls tls-forward-secrecy-bad-remote-hostname {
+ protocols { TLSv1.2; };
+ ca-file "../CA/CA.pem";
+ remote-hostname "srv03-bad.crt01.example.com";
+};
+
+tls tls-forward-secrecy-mutual-tls {
+ protocols { TLSv1.2; };
+ ciphers "HIGH:!kRSA:!aNULL:!eNULL:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA256:!SHA384";
+ key-file "../CA/certs/srv02.crt01.example.com.key";
+ cert-file "../CA/certs/srv02.crt01.example.com.pem";
+ dhparam-file "../dhparam3072.pem";
+ ca-file "../CA/CA.pem";
+};
+
+tls tls-expired {
+ protocols { TLSv1.2; };
+ ciphers "HIGH:!kRSA:!aNULL:!eNULL:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA256:!SHA384";
+ prefer-server-ciphers yes;
+ dhparam-file "../dhparam3072.pem";
+ ca-file "../CA/CA.pem";
+};
+
+zone tls-x1 {
+ type primary;
+ file "generic.db";
+ notify explicit;
+ also-notify { 10.53.0.3 tls ephemeral; };
+};
+
+zone tls-x2 {
+ type primary;
+ file "generic.db";
+ notify explicit;
+ also-notify { 10.53.0.3 port @EXTRAPORT1@ tls tls-expired; };
+};
+
+zone tls-x3 {
+ type primary;
+ file "generic.db";
+ notify explicit;
+ also-notify { 10.53.0.3 port @EXTRAPORT1@ tls tls-forward-secrecy-remote-hostname; };
+};
+
+zone tls-x4 {
+ type primary;
+ file "generic.db";
+ notify explicit;
+ also-notify { 10.53.0.3 port @EXTRAPORT1@ tls tls-forward-secrecy-bad-remote-hostname; };
+};
+
+zone tls-x5 {
+ type primary;
+ file "generic.db";
+ notify explicit;
+ also-notify { 10.53.0.3 port @EXTRAPORT3@ tls tls-forward-secrecy-mutual-tls; };
+};
+
+zone tls-x6 {
+ type primary;
+ file "generic.db";
+ notify explicit;
+ also-notify { 10.53.0.3 port @EXTRAPORT4@ tls tls-expired; };
+};
* information regarding copyright ownership.
*/
+include "named-tls.conf";
+
options {
query-source address 10.53.0.2;
notify-source 10.53.0.2;
notify-source-v6 fd92:7065:b8e:ffff::2;
transfer-source 10.53.0.2;
port @PORT@;
+ include "options-tls.conf";
pid-file "named.pid";
listen-on { 10.53.0.2; };
listen-on-v6 { none; };
--- /dev/null
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+ tls-port @TLSPORT@;
--- /dev/null
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+tls tls-forward-secrecy {
+ protocols { TLSv1.2; };
+ ciphers "HIGH:!kRSA:!aNULL:!eNULL:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA256:!SHA384";
+ prefer-server-ciphers yes;
+ key-file "../CA/certs/srv03.crt01.example.com.key";
+ cert-file "../CA/certs/srv03.crt01.example.com.pem";
+ dhparam-file "../dhparam3072.pem";
+};
+
+tls tls-forward-secrecy-mutual-tls {
+ protocols { TLSv1.2; };
+ ciphers "HIGH:!kRSA:!aNULL:!eNULL:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA256:!SHA384";
+ prefer-server-ciphers yes;
+ key-file "../CA/certs/srv03.crt01.example.com.key";
+ cert-file "../CA/certs/srv03.crt01.example.com.pem";
+ dhparam-file "../dhparam3072.pem";
+ ca-file "../CA/CA.pem";
+};
+
+tls tls-expired {
+ protocols { TLSv1.2; };
+ ciphers "HIGH:!kRSA:!aNULL:!eNULL:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA256:!SHA384";
+ prefer-server-ciphers yes;
+ key-file "../CA/certs/srv03.crt01-expired.example.com.key";
+ cert-file "../CA/certs/srv03.crt01-expired.example.com.pem";
+ dhparam-file "../dhparam3072.pem";
+};
* information regarding copyright ownership.
*/
+include "named-tls.conf";
+
options {
query-source address 10.53.0.3;
notify-source 10.53.0.3;
transfer-source 10.53.0.3;
port @PORT@;
+ include "options-tls.conf";
pid-file "named.pid";
listen-on { 10.53.0.3; };
listen-on-v6 { fd92:7065:b8e:ffff::3; };
--- /dev/null
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+ tls-port @TLSPORT@;
+ listen-on tls ephemeral { 10.53.0.3; };
+ listen-on port @EXTRAPORT1@ tls tls-forward-secrecy { 10.53.0.3; };
+ listen-on port @EXTRAPORT3@ tls tls-forward-secrecy-mutual-tls { 10.53.0.3; };
+ listen-on port @EXTRAPORT4@ tls tls-expired { 10.53.0.3; };
. ../conf.sh
copy_setports ns1/named.conf.in ns1/named.conf
-copy_setports ns2/named.conf.in ns2/named.conf
-copy_setports ns3/named.conf.in ns3/named.conf
+if $FEATURETEST --have-fips-dh; then
+ copy_setports ns2/named-tls.conf.in ns2/named-tls.conf
+ copy_setports ns2/options-tls.conf.in ns2/options-tls.conf
+ copy_setports ns2/named.conf.in ns2/named.conf
+else
+ cp /dev/null ns2/named-tls.conf
+ cp /dev/null ns2/options-tls.conf
+ copy_setports ns2/named.conf.in ns2/named.conf
+fi
+if $FEATURETEST --have-fips-dh; then
+ copy_setports ns3/named-tls.conf.in ns3/named-tls.conf
+ copy_setports ns3/options-tls.conf.in ns3/options-tls.conf
+ copy_setports ns3/named.conf.in ns3/named.conf
+else
+ cp /dev/null ns3/named-tls.conf
+ cp /dev/null ns3/options-tls.conf
+ copy_setports ns3/named.conf.in ns3/named.conf
+fi
copy_setports ns4/named.conf.in ns4/named.conf
copy_setports ns5/named.conf.in ns5/named.conf
grep 'refused notify from non-primary: fd92:7065:b8e:ffff::2#[0-9][0-9]*$' ns3/named.run >/dev/null || ret=1
test_end
+test_start "checking notify over TLS successful"
+grep "zone tls-x1/IN: notify to 10.53.0.3#${TLSPORT} successful" ns2/named.run >/dev/null || ret=1
+grep "zone tls-x2/IN: notify to 10.53.0.3#${EXTRAPORT1} successful" ns2/named.run >/dev/null || ret=1
+grep "zone tls-x3/IN: notify to 10.53.0.3#${EXTRAPORT1} successful" ns2/named.run >/dev/null || ret=1
+grep "zone tls-x5/IN: notify to 10.53.0.3#${EXTRAPORT3} successful" ns2/named.run >/dev/null || ret=1
+test_end
+
+test_start "checking notify over TLS failed"
+grep "zone tls-x4/IN: notify to 10.53.0.3#${EXTRAPORT1} failed: TLS peer certificate verification failed" ns2/named.run >/dev/null || ret=1
+grep "zone tls-x6/IN: notify to 10.53.0.3#${EXTRAPORT4} failed: TLS peer certificate verification failed" ns2/named.run >/dev/null || ret=1
+test_end
+
test_start "checking example2 loaded"
dig_plus_opts a.example. @10.53.0.2 a >dig.out.ns2.test$n || ret=1
grep "10.0.0.2" dig.out.ns2.test$n >/dev/null || ret=1
projects / thirdparty / bind9.git / commitdiff
