EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "testcon", "test\testcon.vcxproj", "{D67EEF66-B323-4BCF-9E3C-3A640B9949B7}"
EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "openssl", "..\win32\openssl\openssl.2015.vcxproj", "{25BD39B1-C8BF-4676-A738-9CABD9C6BC79}"
+EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|x64 = Debug|x64
{D67EEF66-B323-4BCF-9E3C-3A640B9949B7}.ReleaseDLL|x64.Build.0 = Release|x64
{D67EEF66-B323-4BCF-9E3C-3A640B9949B7}.ReleaseDLL|x86.ActiveCfg = Release|Win32
{D67EEF66-B323-4BCF-9E3C-3A640B9949B7}.ReleaseDLL|x86.Build.0 = Release|Win32
+ {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.Debug|x64.ActiveCfg = Debug|x64
+ {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.Debug|x64.Build.0 = Debug|x64
+ {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.Debug|x86.ActiveCfg = Debug|Win32
+ {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.Debug|x86.Build.0 = Debug|Win32
+ {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.DebugDLL|x64.ActiveCfg = Debug|x64
+ {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.DebugDLL|x64.Build.0 = Debug|x64
+ {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.DebugDLL|x86.ActiveCfg = Debug|Win32
+ {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.DebugDLL|x86.Build.0 = Debug|Win32
+ {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.Release|x64.ActiveCfg = Release|x64
+ {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.Release|x64.Build.0 = Release|x64
+ {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.Release|x86.ActiveCfg = Release|Win32
+ {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.Release|x86.Build.0 = Release|Win32
+ {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.ReleaseDLL|x64.ActiveCfg = Release|x64
+ {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.ReleaseDLL|x64.Build.0 = Release|x64
+ {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.ReleaseDLL|x86.ActiveCfg = Release|Win32
+ {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.ReleaseDLL|x86.Build.0 = Release|Win32
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
blade_transport_t *transport;
blade_transport_callbacks_t *callbacks;
+ const char *ssl_key;
+ const char *ssl_cert;
+ const char *ssl_chain;
ks_sockaddr_t endpoints_ipv4[BLADE_MODULE_WSS_ENDPOINTS_MULTIHOME_MAX];
ks_sockaddr_t endpoints_ipv6[BLADE_MODULE_WSS_ENDPOINTS_MULTIHOME_MAX];
int32_t endpoints_ipv4_length;
int32_t endpoints_ipv6_length;
int32_t endpoints_backlog;
+ const char *endpoints_ssl_key;
+ const char *endpoints_ssl_cert;
+ const char *endpoints_ssl_chain;
volatile ks_bool_t shutdown;
const char *session_id;
ks_socket_t sock;
kws_t *kws;
+ SSL_CTX *ssl;
};
if (btwssl->session_id) ks_pool_free(&btwssl->session_id);
if (btwssl->kws) kws_destroy(&btwssl->kws);
else ks_socket_close(&btwssl->sock);
+ if (btwssl->ssl) SSL_CTX_free(btwssl->ssl);
break;
case KS_MPCL_DESTROY:
break;
return KS_STATUS_SUCCESS;
}
+ks_status_t blade_transport_wss_link_ssl_init(blade_transport_wss_link_t *btwssl, ks_bool_t server)
+{
+ const SSL_METHOD *method = NULL;
+ const char *key = NULL;
+ const char *cert = NULL;
+ const char *chain = NULL;
+
+ ks_assert(btwssl);
+
+ method = server ? TLSv1_2_server_method() : TLSv1_2_client_method();
+ key = server ? btwssl->transport->endpoints_ssl_key : btwssl->transport->ssl_key;
+ cert = server ? btwssl->transport->endpoints_ssl_cert : btwssl->transport->ssl_cert;
+ chain = server ? btwssl->transport->endpoints_ssl_chain : btwssl->transport->ssl_chain;
+
+ if (key && cert) {
+ btwssl->ssl = SSL_CTX_new(method);
+
+ // @todo probably manage this through configuration, but TLS 1.2 is preferred
+ SSL_CTX_set_options(btwssl->ssl, SSL_OP_NO_SSLv2);
+ SSL_CTX_set_options(btwssl->ssl, SSL_OP_NO_SSLv3);
+ SSL_CTX_set_options(btwssl->ssl, SSL_OP_NO_TLSv1);
+ SSL_CTX_set_options(btwssl->ssl, SSL_OP_NO_TLSv1_1);
+ SSL_CTX_set_options(btwssl->ssl, SSL_OP_NO_DTLSv1);
+ SSL_CTX_set_options(btwssl->ssl, SSL_OP_NO_COMPRESSION);
+ if (server) SSL_CTX_set_verify(btwssl->ssl, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
+
+ if (chain) {
+ if (!SSL_CTX_use_certificate_chain_file(btwssl->ssl, chain)) {
+ ks_log(KS_LOG_DEBUG, "SSL Chain File Error\n");
+ return KS_STATUS_FAIL;
+ }
+ if (!SSL_CTX_load_verify_locations(btwssl->ssl, chain, NULL)) {
+ ks_log(KS_LOG_DEBUG, "SSL Verify File Error\n");
+ return KS_STATUS_FAIL;
+ }
+ }
+
+ if (!SSL_CTX_use_certificate_file(btwssl->ssl, cert, SSL_FILETYPE_PEM)) {
+ ks_log(KS_LOG_DEBUG, "SSL Cert File Error\n");
+ return KS_STATUS_FAIL;
+ }
+
+ if (!SSL_CTX_use_PrivateKey_file(btwssl->ssl, key, SSL_FILETYPE_PEM)) {
+ ks_log(KS_LOG_DEBUG, "SSL Key File Error\n");
+ return KS_STATUS_FAIL;
+ }
+
+ if (!SSL_CTX_check_private_key(btwssl->ssl)) {
+ ks_log(KS_LOG_DEBUG, "SSL Key File Verification Error\n");
+ return KS_STATUS_FAIL;
+ }
+
+ SSL_CTX_set_cipher_list(btwssl->ssl, "HIGH:!DSS:!aNULL@STRENGTH");
+ }
+
+ return KS_STATUS_SUCCESS;
+}
+
ks_status_t blade_transport_wss_config(blade_transport_wss_t *btwss, config_setting_t *config)
{
+ ks_pool_t *pool = NULL;
config_setting_t *transport = NULL;
config_setting_t *transport_wss = NULL;
+ config_setting_t *transport_wss_ssl = NULL;
config_setting_t *transport_wss_endpoints = NULL;
config_setting_t *transport_wss_endpoints_ipv4 = NULL;
config_setting_t *transport_wss_endpoints_ipv6 = NULL;
- config_setting_t *transport_wss_ssl = NULL;
- config_setting_t *element;
+ config_setting_t *transport_wss_endpoints_ssl = NULL;
+ config_setting_t *element;
config_setting_t *tmp1;
config_setting_t *tmp2;
+ const char *ssl_key = NULL;
+ const char *ssl_cert = NULL;
+ const char *ssl_chain = NULL;
ks_sockaddr_t endpoints_ipv4[BLADE_MODULE_WSS_ENDPOINTS_MULTIHOME_MAX];
ks_sockaddr_t endpoints_ipv6[BLADE_MODULE_WSS_ENDPOINTS_MULTIHOME_MAX];
int32_t endpoints_ipv4_length = 0;
int32_t endpoints_ipv6_length = 0;
int32_t endpoints_backlog = 8;
+ const char *endpoints_ssl_key = NULL;
+ const char *endpoints_ssl_cert = NULL;
+ const char *endpoints_ssl_chain = NULL;
ks_assert(btwss);
ks_assert(config);
+ pool = ks_pool_get(btwss);
+
if (!config_setting_is_group(config)) {
ks_log(KS_LOG_DEBUG, "!config_setting_is_group(config)\n");
return KS_STATUS_FAIL;
if (transport) {
transport_wss = config_setting_get_member(transport, "wss");
if (transport_wss) {
- transport_wss_endpoints = config_setting_get_member(transport_wss, "endpoints");
- if (!transport_wss_endpoints) {
- ks_log(KS_LOG_DEBUG, "!wss_endpoints\n");
- return KS_STATUS_FAIL;
+ transport_wss_ssl = config_setting_get_member(transport_wss, "ssl");
+ if (transport_wss_ssl) {
+ tmp1 = config_setting_get_member(transport_wss_ssl, "key");
+ if (tmp1) ssl_key = config_setting_get_string(tmp1);
+ tmp1 = config_setting_get_member(transport_wss_ssl, "cert");
+ if (tmp1) ssl_cert = config_setting_get_string(tmp1);
+ tmp1 = config_setting_get_member(transport_wss_ssl, "chain");
+ if (tmp1) ssl_chain = config_setting_get_string(tmp1);
+ if (!ssl_key || !ssl_cert || !ssl_chain) return KS_STATUS_FAIL;
+ ks_log(KS_LOG_DEBUG,
+ "Using SSL: %s, %s, %s\n",
+ ssl_key,
+ ssl_cert,
+ ssl_chain);
}
- transport_wss_endpoints_ipv4 = config_lookup_from(transport_wss_endpoints, "ipv4");
- transport_wss_endpoints_ipv6 = config_lookup_from(transport_wss_endpoints, "ipv6");
- if (transport_wss_endpoints_ipv4) {
- if (config_setting_type(transport_wss_endpoints_ipv4) != CONFIG_TYPE_LIST) return KS_STATUS_FAIL;
- if ((endpoints_ipv4_length = config_setting_length(transport_wss_endpoints_ipv4)) > BLADE_MODULE_WSS_ENDPOINTS_MULTIHOME_MAX)
- return KS_STATUS_FAIL;
-
- for (int32_t index = 0; index < endpoints_ipv4_length; ++index) {
- element = config_setting_get_elem(transport_wss_endpoints_ipv4, index);
- tmp1 = config_lookup_from(element, "address");
- tmp2 = config_lookup_from(element, "port");
- if (!tmp1 || !tmp2) return KS_STATUS_FAIL;
- if (config_setting_type(tmp1) != CONFIG_TYPE_STRING) return KS_STATUS_FAIL;
- if (config_setting_type(tmp2) != CONFIG_TYPE_INT) return KS_STATUS_FAIL;
-
- if (ks_addr_set(&endpoints_ipv4[index],
- config_setting_get_string(tmp1),
- config_setting_get_int(tmp2),
- AF_INET) != KS_STATUS_SUCCESS) return KS_STATUS_FAIL;
- ks_log(KS_LOG_DEBUG,
- "Binding to IPV4 %s on port %d\n",
- ks_addr_get_host(&endpoints_ipv4[index]),
- ks_addr_get_port(&endpoints_ipv4[index]));
+
+ transport_wss_endpoints = config_setting_get_member(transport_wss, "endpoints");
+ if (transport_wss_endpoints) {
+ transport_wss_endpoints_ipv4 = config_setting_get_member(transport_wss_endpoints, "ipv4");
+ transport_wss_endpoints_ipv6 = config_setting_get_member(transport_wss_endpoints, "ipv6");
+ if (transport_wss_endpoints_ipv4) {
+ if (config_setting_type(transport_wss_endpoints_ipv4) != CONFIG_TYPE_LIST) return KS_STATUS_FAIL;
+ if ((endpoints_ipv4_length = config_setting_length(transport_wss_endpoints_ipv4)) > BLADE_MODULE_WSS_ENDPOINTS_MULTIHOME_MAX)
+ return KS_STATUS_FAIL;
+
+ for (int32_t index = 0; index < endpoints_ipv4_length; ++index) {
+ element = config_setting_get_elem(transport_wss_endpoints_ipv4, index);
+ tmp1 = config_setting_get_member(element, "address");
+ tmp2 = config_setting_get_member(element, "port");
+ if (!tmp1 || !tmp2) return KS_STATUS_FAIL;
+ if (config_setting_type(tmp1) != CONFIG_TYPE_STRING) return KS_STATUS_FAIL;
+ if (config_setting_type(tmp2) != CONFIG_TYPE_INT) return KS_STATUS_FAIL;
+
+ if (ks_addr_set(&endpoints_ipv4[index],
+ config_setting_get_string(tmp1),
+ config_setting_get_int(tmp2),
+ AF_INET) != KS_STATUS_SUCCESS) return KS_STATUS_FAIL;
+ ks_log(KS_LOG_DEBUG,
+ "Binding to IPV4 %s on port %d\n",
+ ks_addr_get_host(&endpoints_ipv4[index]),
+ ks_addr_get_port(&endpoints_ipv4[index]));
+ }
}
- }
- if (transport_wss_endpoints_ipv6) {
- if (config_setting_type(transport_wss_endpoints_ipv6) != CONFIG_TYPE_LIST) return KS_STATUS_FAIL;
- if ((endpoints_ipv6_length = config_setting_length(transport_wss_endpoints_ipv6)) > BLADE_MODULE_WSS_ENDPOINTS_MULTIHOME_MAX)
- return KS_STATUS_FAIL;
-
- for (int32_t index = 0; index < endpoints_ipv6_length; ++index) {
- element = config_setting_get_elem(transport_wss_endpoints_ipv6, index);
- tmp1 = config_lookup_from(element, "address");
- tmp2 = config_lookup_from(element, "port");
- if (!tmp1 || !tmp2) return KS_STATUS_FAIL;
- if (config_setting_type(tmp1) != CONFIG_TYPE_STRING) return KS_STATUS_FAIL;
- if (config_setting_type(tmp2) != CONFIG_TYPE_INT) return KS_STATUS_FAIL;
-
-
- if (ks_addr_set(&endpoints_ipv6[index],
- config_setting_get_string(tmp1),
- config_setting_get_int(tmp2),
- AF_INET6) != KS_STATUS_SUCCESS) return KS_STATUS_FAIL;
+ if (transport_wss_endpoints_ipv6) {
+ if (config_setting_type(transport_wss_endpoints_ipv6) != CONFIG_TYPE_LIST) return KS_STATUS_FAIL;
+ if ((endpoints_ipv6_length = config_setting_length(transport_wss_endpoints_ipv6)) > BLADE_MODULE_WSS_ENDPOINTS_MULTIHOME_MAX)
+ return KS_STATUS_FAIL;
+
+ for (int32_t index = 0; index < endpoints_ipv6_length; ++index) {
+ element = config_setting_get_elem(transport_wss_endpoints_ipv6, index);
+ tmp1 = config_setting_get_member(element, "address");
+ tmp2 = config_setting_get_member(element, "port");
+ if (!tmp1 || !tmp2) return KS_STATUS_FAIL;
+ if (config_setting_type(tmp1) != CONFIG_TYPE_STRING) return KS_STATUS_FAIL;
+ if (config_setting_type(tmp2) != CONFIG_TYPE_INT) return KS_STATUS_FAIL;
+
+
+ if (ks_addr_set(&endpoints_ipv6[index],
+ config_setting_get_string(tmp1),
+ config_setting_get_int(tmp2),
+ AF_INET6) != KS_STATUS_SUCCESS) return KS_STATUS_FAIL;
+ ks_log(KS_LOG_DEBUG,
+ "Binding to IPV6 %s on port %d\n",
+ ks_addr_get_host(&endpoints_ipv6[index]),
+ ks_addr_get_port(&endpoints_ipv6[index]));
+ }
+ }
+ if (endpoints_ipv4_length + endpoints_ipv6_length <= 0) return KS_STATUS_FAIL;
+ tmp1 = config_setting_get_member(transport_wss_endpoints, "backlog");
+ if (tmp1) {
+ if (config_setting_type(tmp1) != CONFIG_TYPE_INT) return KS_STATUS_FAIL;
+ endpoints_backlog = config_setting_get_int(tmp1);
+ }
+ transport_wss_endpoints_ssl = config_setting_get_member(transport_wss_endpoints, "ssl");
+ if (transport_wss_endpoints_ssl) {
+ tmp1 = config_setting_get_member(transport_wss_endpoints_ssl, "key");
+ if (tmp1) endpoints_ssl_key = config_setting_get_string(tmp1);
+ tmp1 = config_setting_get_member(transport_wss_endpoints_ssl, "cert");
+ if (tmp1) endpoints_ssl_cert = config_setting_get_string(tmp1);
+ tmp1 = config_setting_get_member(transport_wss_endpoints_ssl, "chain");
+ if (tmp1) endpoints_ssl_chain = config_setting_get_string(tmp1);
+ if (!endpoints_ssl_key || !endpoints_ssl_cert || !endpoints_ssl_chain) return KS_STATUS_FAIL;
ks_log(KS_LOG_DEBUG,
- "Binding to IPV6 %s on port %d\n",
- ks_addr_get_host(&endpoints_ipv6[index]),
- ks_addr_get_port(&endpoints_ipv6[index]));
+ "Using Endpoint SSL: %s, %s, %s\n",
+ endpoints_ssl_key,
+ endpoints_ssl_cert,
+ endpoints_ssl_chain);
}
}
- if (endpoints_ipv4_length + endpoints_ipv6_length <= 0) return KS_STATUS_FAIL;
- tmp1 = config_lookup_from(transport_wss_endpoints, "backlog");
- if (tmp1) {
- if (config_setting_type(tmp1) != CONFIG_TYPE_INT) return KS_STATUS_FAIL;
- endpoints_backlog = config_setting_get_int(tmp1);
- }
- transport_wss_ssl = config_setting_get_member(transport_wss, "ssl");
- if (transport_wss_ssl) {
- // @todo: SSL stuffs from wss_ssl into config_wss_ssl envelope
- }
}
}
// Configuration is valid, now assign it to the variables that are used
// If the configuration was invalid, then this does not get changed
+ if (ssl_key) {
+ btwss->ssl_key = ks_pstrdup(pool, ssl_key);
+ btwss->ssl_cert = ks_pstrdup(pool, ssl_cert);
+ btwss->ssl_chain = ks_pstrdup(pool, ssl_chain);
+ }
+
for (int32_t index = 0; index < endpoints_ipv4_length; ++index)
btwss->endpoints_ipv4[index] = endpoints_ipv4[index];
for (int32_t index = 0; index < endpoints_ipv6_length; ++index)
btwss->endpoints_ipv4_length = endpoints_ipv4_length;
btwss->endpoints_ipv6_length = endpoints_ipv6_length;
btwss->endpoints_backlog = endpoints_backlog;
- //btwss->ssl = ssl;
+ if (endpoints_ssl_key) {
+ btwss->endpoints_ssl_key = ks_pstrdup(pool, endpoints_ssl_key);
+ btwss->endpoints_ssl_cert = ks_pstrdup(pool, endpoints_ssl_cert);
+ btwss->endpoints_ssl_chain = ks_pstrdup(pool, endpoints_ssl_chain);
+ }
ks_log(KS_LOG_DEBUG, "Configured\n");
btwssl = (blade_transport_wss_link_t *)blade_connection_transport_get(bc);
- // @todo: SSL init stuffs based on data from config to pass into kws_init
- if (kws_init(&btwssl->kws, btwssl->sock, NULL, NULL, KWS_BLOCK, ks_pool_get(btwssl)) != KS_STATUS_SUCCESS) {
+ if (blade_transport_wss_link_ssl_init(btwssl, KS_TRUE) != KS_STATUS_SUCCESS) {
+ ret = BLADE_CONNECTION_STATE_HOOK_DISCONNECT;
+ goto done;
+ }
+
+ if (kws_init(&btwssl->kws, btwssl->sock, btwssl->ssl, NULL, KWS_BLOCK, ks_pool_get(btwssl)) != KS_STATUS_SUCCESS) {
ks_log(KS_LOG_DEBUG, "Failed websocket init\n");
ret = BLADE_CONNECTION_STATE_HOOK_DISCONNECT;
goto done;
cJSON_AddStringToObject(json_result, "nodeid", nodeid);
+ // @todo process automatic identity registration from remote SANS entries
+
pool = ks_pool_get(bh);
blade_upstreammgr_masterid_copy(blade_handle_upstreammgr_get(bh), pool, &master_nodeid);
if (!master_nodeid) {
btwssl = (blade_transport_wss_link_t *)blade_connection_transport_get(bc);
pool = ks_pool_get(bh);
- // @todo: SSL init stuffs based on data from config to pass into kws_init
- if (kws_init(&btwssl->kws, btwssl->sock, NULL, "/blade:blade.invalid:blade", KWS_BLOCK, ks_pool_get(btwssl)) != KS_STATUS_SUCCESS) {
+ if (blade_transport_wss_link_ssl_init(btwssl, KS_FALSE) != KS_STATUS_SUCCESS) {
+ ret = BLADE_CONNECTION_STATE_HOOK_DISCONNECT;
+ goto done;
+ }
+
+ if (kws_init(&btwssl->kws, btwssl->sock, btwssl->ssl, "/blade:blade.invalid:blade", KWS_BLOCK, ks_pool_get(btwssl)) != KS_STATUS_SUCCESS) {
ks_log(KS_LOG_DEBUG, "Failed websocket init\n");
ret = BLADE_CONNECTION_STATE_HOOK_DISCONNECT;
goto done;
goto done;
}
+ // @todo parse and process automatic identity registration coming from local SANS entries, but given back in the connect response in case there are any errors (IE: missing realm or duplicate identity)
+
master_nodeid = cJSON_GetObjectCstr(json_result, "master-nodeid");
if (!master_nodeid) {
ks_log(KS_LOG_DEBUG, "Received message 'result' is missing 'master-nodeid'\n");
{
enabled = true;
nodeid = "00000000-0000-0000-0000-000000000000";
- realms = ( "mydomain.com" );
+ realms = ( "freeswitch" );
};
transport:
{
endpoints:
{
ipv4 = ( { address = "0.0.0.0", port = 2100 } );
- ipv6 = ( { address = "::", port = 2100 } );
- backlog = 128;
- };
- # SSL group is optional, disabled when absent
- ssl:
- {
- # todo: server SSL stuffs here
- };
- };
+ ipv6 = ( { address = "::", port = 2100 } );
+ backlog = 128;
+ ssl:
+ {
+ key = "../test/ca/intermediate/private/master@freeswitch-downstream.key.pem";
+ cert = "../test/ca/intermediate/certs/master@freeswitch-downstream.cert.pem";
+ chain = "../test/ca/intermediate/certs/ca-chain.cert.pem";
+ };
+ };
+ };
};
};
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIFxDCCA6ygAwIBAgIJANi9lXvHAbx4MA0GCSqGSIb3DQEBCwUAMG8xCzAJBgNV
+BAYTAlVTMREwDwYDVQQIDAhJbGxpbm9pczEQMA4GA1UEBwwHQ2hpY2FnbzETMBEG
+A1UECgwKRnJlZVNXSVRDSDEOMAwGA1UECwwFQmxhZGUxFjAUBgNVBAMMDUJsYWRl
+IFJvb3QgQ0EwHhcNMTcwOTA3MDkyNDE2WhcNMjcwOTA1MDkyNDE2WjBvMQswCQYD
+VQQGEwJVUzERMA8GA1UECAwISWxsaW5vaXMxEDAOBgNVBAcMB0NoaWNhZ28xEzAR
+BgNVBAoMCkZyZWVTV0lUQ0gxDjAMBgNVBAsMBUJsYWRlMRYwFAYDVQQDDA1CbGFk
+ZSBSb290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3Pt3X1j8
+YaRuGb4ENkhfazwZl0K4VlaPhGj4h4wiL5S2Tp8E83HoRkoyQRX0fhKCrHtjNucO
+ODkVbf+QMlv1mgEwCq+3SIEA6keBzsUv5sahunfPd+Vgh6+lgp1sAfjFuFlxrRvi
+ghO/yHHKE6P2BBgIz3t5QSakE/fLPwejZ98dacyAIxklzLvt4xHRVP7rxfiNFXKR
+XHsQd1iaWGSUBNMkUspCl8wO5IAPX75RiFGeA80IjZ518YVjiFBjCdzQfJb9iGJC
+GzrOcPJahfum+tzyIO/rIj+ldFyLPY0wbpa0wKeF58HWt52p3HmKnK5FUa7L8RNA
+fc3/H+6qyDeBFx92+T6J30q61dcmPayKooUJNsTKslrZ5L2OicWZepa/Oc5dagyz
+GEUc+Z11Mgl8/4pT4rUOna29v1d8+StJPN8XgWAHxmwpZ/cY/9GluSq5oB+6PTPc
+Q0aFHHUAI97QqfpGOeAWjtVd/3YUcNo82Pa3577rRgh55X+XEySQmBiPWNOsfuCZ
+ZvYGOkLmby1SYR/LOwH8opKJyG/bOiZq23aaTPkmEQQSLRzsKxWc2jlE/UllpYX3
+FCu8nFn+L7Tam495IImi8FrpEX16ZpTGhr7YnfbOkMYw+LaRA36U55e5DToJAB5T
+CsC2CLhk8QDVoIMPfpYpY4XpdmA4EfDHOG0CAwEAAaNjMGEwHQYDVR0OBBYEFFoz
+OX01zWns+ANZ9/6m9g510yWWMB8GA1UdIwQYMBaAFFozOX01zWns+ANZ9/6m9g51
+0yWWMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB
+CwUAA4ICAQAg74tSgyZKqZtqJPXt/fadZJqWS75cW5TN0rXTKWfzdDXnPfMD2dhZ
+h0bH1ZQRamXmXWZni0LpWaOjvqaVNB2TMVStyjEIjLhcBLzR9fhBSXB0BkdVKXvF
+Y/pmGN0ZM7BRwbbltgTPYIefftU6BvAyUP5k6y0JJZGy6RTYp7SN2iJ00msqfie/
+zmF83arhFAmW8wjDXMPsSz958+TNgeetFeQjrJ5sbMaApCE21QazHcZw6/zPMRvX
+Gr+TPyx/p335MViz5SjeFThQ7XES871pZSbOhmIrugCHO8LJOat3oOlnsc8HkZ/T
+AfUjka0SSPA/sRqPxjLWw/OwDn7g5GpbXl7RXpRsKR8CDIRMVrzD71Nk0SOEb3T9
+Dv7UTl6NDYlyYYqx35t/KsiwWjnPtr6Xcl8O9l/tuzf5Tjt1mz9i80BybE9wXHYi
+Y3/1SGloKYVXC+HLLrLm1MEldi9GcYZDzxlydAPfHhSHlYWrvOS/J2Dq6uhH7RHn
+JV0nE3bVQE01e6iR4BZMYSj4e3BrhMQvkMX67NndYEmoK6+9d77MsK7wblSXja7t
+YyXysfQhcudaN/A00CLJt8VNq+h8Q9BR5PFmvIv6/jzV3kmLO4nX9z0CdERyBBUr
+cFXfDn2TBpwlLvOQbEWvZPlEh7Vx2hXRRZr97NstLmFLGTdnVdAl9w==
+-----END CERTIFICATE-----
--- /dev/null
+V 270905092804Z 1000 unknown /C=US/ST=Illinois/O=FreeSWITCH/OU=Blade/CN=Blade Intermediate CA
--- /dev/null
+unique_subject = yes
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIFtjCCA56gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwbzELMAkGA1UEBhMCVVMx
+ETAPBgNVBAgMCElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApG
+cmVlU1dJVENIMQ4wDAYDVQQLDAVCbGFkZTEWMBQGA1UEAwwNQmxhZGUgUm9vdCBD
+QTAeFw0xNzA5MDcwOTI4MDRaFw0yNzA5MDUwOTI4MDRaMGUxCzAJBgNVBAYTAlVT
+MREwDwYDVQQIDAhJbGxpbm9pczETMBEGA1UECgwKRnJlZVNXSVRDSDEOMAwGA1UE
+CwwFQmxhZGUxHjAcBgNVBAMMFUJsYWRlIEludGVybWVkaWF0ZSBDQTCCAiIwDQYJ
+KoZIhvcNAQEBBQADggIPADCCAgoCggIBALIlY1JmV9z6wjE6iEIXHUl2CRnsa1jD
++uDk4I/OncOdezpfv2mRO9C7VkcefXb5yDrda/qq8r9pNVm6Q2wCJICIlrK9uK90
+SLsB8WsO8Dnrv9E5Tx96U6J5qDx5Ma3IFM7fF1KUP1LVawpS4lMMKFhcyd/P1dAN
+ZWlzHCBoM4O9HMo4sKYx4fzxn00yKNK+RU4Wyd3ecntOOg/Dtx3FHt1bExUFuPUW
+sgVUR8b+R6Z/1U6iWe+3x/XBAUVCBhyzt7OrCpY0g3TX7wVCh7CafpZnTe54gjMo
+1lqSraJ5Dr4Sn1LV1gRa8cVQrNbUZ+m2aHsNLxmpEviHDLTd267x5qXEDCNajesJ
+iSALRpQzAJE/neQvVa2fiaV7PbPGlxtUcyR8J9sGfuuby48/RulPQ1CjL1+sI+IE
+lnMZqTiab+1TT5OyKMYYRjQ4k3R/gUGn0MhQBcy1VOP6GVGEgeOYACbDSjvYO9HZ
+dyM9ivpxLhV3BMVM2B0PmFxLgFdyBlIPkP36/5kBzOFJWdYrMLP/vahFVmTgevDm
+8Uhi3PvEt6kKUnWHkBHdajzDKLvbh8y+Ucgap7PtT8apZR+8J9TX87gMFzH5r4Xc
+SF97inJ/q098V8dyoPJpL6PRAzigBXGmB2fFhLgtoXfuKfI/nfgQHO7MbYCCFP4z
+Och2kFZYehBTAgMBAAGjZjBkMB0GA1UdDgQWBBT24ScXvFFEdGFsK+X5SxmWnAmd
+/jAfBgNVHSMEGDAWgBRaMzl9Nc1p7PgDWff+pvYOddMlljASBgNVHRMBAf8ECDAG
+AQH/AgEAMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAgGzDCfJm
+weo6oeSFmSLTmlBlTJZO+7igFWf8tunmTkg8wvKe+lCyDd2efNgUocI/NA+X4kRj
+YtDH+hq0H+JlDu/p4y4/t6Srx/dh33Ow7eCv2wtuSCeK5Y0euysXhI9gmPquUGOC
+HlHkmQcG03NbbrWt0+4IaPAaKxMuV0FR7KArudZvr+8gp9S8o0AkQVFZSbW41HQe
+a7DAJmLF0vLQWoVz/YltKjwAMs/ws8OWxUdvcOA3w6XmWmjAFn5hc2MgHgu513c4
+Vbq0535ghU0Eneqc23y2ELa+8hbn5yS5wcK1AS2HG4VoDqOJw+pv4Ko3T33mCR6X
+bUABSB+znX5kEZn8KQaP8sLm07kERGjCI3FLPscM1S851tah/iqBgddlIUn/YNpM
+9uYQ2PWu6UWvqyZfhgVIlb2LYJNERtKZPeI05SRIbUW93wUTiC6A93fl8SEE7XHa
+LMJt6+HLysR2IsXLqlSRZw3rIoT0B3G4uS9Xop89znLAknrOI57OvVAMLaeBrtkl
+jepE7RrNX6VcyEY+Ar1p30ax4UJNxjxd3rszIznccerWQzuLo5wYUkuZEfNtnAFB
+Z/4qlIn7wkbRevafgmlf/bhP6ZkeJFhqEjOq36Zci5JrnRu3rM/+Vex2ibHVat0E
+IZjeGxeofAPEwTaLfPJT7EIWZ+33ZHMcz+8=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFxDCCA6ygAwIBAgIJANi9lXvHAbx4MA0GCSqGSIb3DQEBCwUAMG8xCzAJBgNV
+BAYTAlVTMREwDwYDVQQIDAhJbGxpbm9pczEQMA4GA1UEBwwHQ2hpY2FnbzETMBEG
+A1UECgwKRnJlZVNXSVRDSDEOMAwGA1UECwwFQmxhZGUxFjAUBgNVBAMMDUJsYWRl
+IFJvb3QgQ0EwHhcNMTcwOTA3MDkyNDE2WhcNMjcwOTA1MDkyNDE2WjBvMQswCQYD
+VQQGEwJVUzERMA8GA1UECAwISWxsaW5vaXMxEDAOBgNVBAcMB0NoaWNhZ28xEzAR
+BgNVBAoMCkZyZWVTV0lUQ0gxDjAMBgNVBAsMBUJsYWRlMRYwFAYDVQQDDA1CbGFk
+ZSBSb290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3Pt3X1j8
+YaRuGb4ENkhfazwZl0K4VlaPhGj4h4wiL5S2Tp8E83HoRkoyQRX0fhKCrHtjNucO
+ODkVbf+QMlv1mgEwCq+3SIEA6keBzsUv5sahunfPd+Vgh6+lgp1sAfjFuFlxrRvi
+ghO/yHHKE6P2BBgIz3t5QSakE/fLPwejZ98dacyAIxklzLvt4xHRVP7rxfiNFXKR
+XHsQd1iaWGSUBNMkUspCl8wO5IAPX75RiFGeA80IjZ518YVjiFBjCdzQfJb9iGJC
+GzrOcPJahfum+tzyIO/rIj+ldFyLPY0wbpa0wKeF58HWt52p3HmKnK5FUa7L8RNA
+fc3/H+6qyDeBFx92+T6J30q61dcmPayKooUJNsTKslrZ5L2OicWZepa/Oc5dagyz
+GEUc+Z11Mgl8/4pT4rUOna29v1d8+StJPN8XgWAHxmwpZ/cY/9GluSq5oB+6PTPc
+Q0aFHHUAI97QqfpGOeAWjtVd/3YUcNo82Pa3577rRgh55X+XEySQmBiPWNOsfuCZ
+ZvYGOkLmby1SYR/LOwH8opKJyG/bOiZq23aaTPkmEQQSLRzsKxWc2jlE/UllpYX3
+FCu8nFn+L7Tam495IImi8FrpEX16ZpTGhr7YnfbOkMYw+LaRA36U55e5DToJAB5T
+CsC2CLhk8QDVoIMPfpYpY4XpdmA4EfDHOG0CAwEAAaNjMGEwHQYDVR0OBBYEFFoz
+OX01zWns+ANZ9/6m9g510yWWMB8GA1UdIwQYMBaAFFozOX01zWns+ANZ9/6m9g51
+0yWWMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB
+CwUAA4ICAQAg74tSgyZKqZtqJPXt/fadZJqWS75cW5TN0rXTKWfzdDXnPfMD2dhZ
+h0bH1ZQRamXmXWZni0LpWaOjvqaVNB2TMVStyjEIjLhcBLzR9fhBSXB0BkdVKXvF
+Y/pmGN0ZM7BRwbbltgTPYIefftU6BvAyUP5k6y0JJZGy6RTYp7SN2iJ00msqfie/
+zmF83arhFAmW8wjDXMPsSz958+TNgeetFeQjrJ5sbMaApCE21QazHcZw6/zPMRvX
+Gr+TPyx/p335MViz5SjeFThQ7XES871pZSbOhmIrugCHO8LJOat3oOlnsc8HkZ/T
+AfUjka0SSPA/sRqPxjLWw/OwDn7g5GpbXl7RXpRsKR8CDIRMVrzD71Nk0SOEb3T9
+Dv7UTl6NDYlyYYqx35t/KsiwWjnPtr6Xcl8O9l/tuzf5Tjt1mz9i80BybE9wXHYi
+Y3/1SGloKYVXC+HLLrLm1MEldi9GcYZDzxlydAPfHhSHlYWrvOS/J2Dq6uhH7RHn
+JV0nE3bVQE01e6iR4BZMYSj4e3BrhMQvkMX67NndYEmoK6+9d77MsK7wblSXja7t
+YyXysfQhcudaN/A00CLJt8VNq+h8Q9BR5PFmvIv6/jzV3kmLO4nX9z0CdERyBBUr
+cFXfDn2TBpwlLvOQbEWvZPlEh7Vx2hXRRZr97NstLmFLGTdnVdAl9w==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIFPDCCAySgAwIBAgICEAMwDQYJKoZIhvcNAQELBQAwZTELMAkGA1UEBhMCVVMx
+ETAPBgNVBAgMCElsbGlub2lzMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQL
+DAVCbGFkZTEeMBwGA1UEAwwVQmxhZGUgSW50ZXJtZWRpYXRlIENBMB4XDTE3MDkw
+NzEyMDgwNloXDTI3MDkwNTEyMDgwNlowdzELMAkGA1UEBhMCVVMxETAPBgNVBAgM
+CElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENI
+MQ4wDAYDVQQLDAVCbGFkZTEeMBwGA1UEAwwVQmxhZGUgQ2xpZW50IFVwc3RyZWFt
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7QkR1NA64HPzuYYko7LT
+ciwCWu1JLGuA3/7DkskMZ180+sQ3dBG4UjujKMRc0h65oFZc//WYIfmfUznLvLsR
+ygghlevPqgGRGdf9WHIMjo9+hLM6MgZ51Eqqydh42L7sen/2bO85gh/pfxno3+uP
+FGIJtX6GFiJ5Hp86wF+cqnfRRUFo+0L34+rLY08fITEkTbPjNg5R2jcWa+dWJXIJ
+i3pud+ulWPTKalYiUvsqN8tucjJIZb279yzrxsV2qjRqHBCToBj9/kcJHD8gKrpE
+f1HsiLLJ7PEAID1fMONTL5sVXCJ1TXpjWNZTlcTCCMAhrEghGMZV0FIm7GS//naq
+ywIDAQABo4HjMIHgMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgWgMDMGCWCG
+SAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBDbGllbnQgQ2VydGlmaWNhdGUw
+HQYDVR0OBBYEFCZDQ3rDX5H3YjuUjV5wsBi/GYyhMB8GA1UdIwQYMBaAFPbhJxe8
+UUR0YWwr5flLGZacCZ3+MA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEF
+BQcDAgYIKwYBBQUHAwQwHAYDVR0RBBUwE4IRY2xpZW50QGZyZWVzd2l0Y2gwDQYJ
+KoZIhvcNAQELBQADggIBAETxSF12VHvtjQA/uP6oUyENmu7wSbINUQZznzyJZSUQ
+X0eym9llkUqviMeT9g6wRIoFGSnoMuDkxKbG5k6xVIw6xBUeS+Ce40nhH3qmMkRi
+2DZgoqpQHb4DrTszJlXCxLhnnE83DuGDGxN2MbdY1HhCUo8yHqlCiA27hnxk46xh
+Xuyx44zoYsdpnROppSwBAeaW9Ewanp7GL8ayWUkbBy0kGV+8wH7u9bpijevmGZSC
+iykbYBM7V+RvDvZoywfNSP+l9H77Tv3SI6G40Pfc55M5MbFOa/Po+XjNVeoTOFCu
+YIgIm/kA2OUySyBiOy54HfxG5BecZYW+uUm2KIrDX5bS2tZcCww2eo4AKCXEYWrh
+1NM1xbeZCregMQ+2gRap4jhB5a49JoH3KPrjFc+1fhnv68bmSAUWwF0twwxev1Aq
+ugYwx5lOhAl9+wAZbtsUsmsCp0AmzsIzgv43H6lMXUMjwH8v770J7vpKgMzvXlu8
+wWxFKVMfyocQqvOvBQ3i9SwptnA0ORO8Y8/+Tyu8uW8as/H7z9qaHBcCOWl1RZkR
+diBrb5f+OtnamvmDM32APxYtfomj9pgWyxK9vmeCpCILdga3c41iBHbGNJDaNz9q
+y9N8z9w887aKQT+HUjoDD2/Zb92Nia1tY+NU0Qd3AQZysJjz1Pq/Eu7KRpHAirTC
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIFmDCCA4CgAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwZTELMAkGA1UEBhMCVVMx
+ETAPBgNVBAgMCElsbGlub2lzMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQL
+DAVCbGFkZTEeMBwGA1UEAwwVQmxhZGUgSW50ZXJtZWRpYXRlIENBMB4XDTE3MDkw
+NzA5NTIxNloXDTI3MDkwNTA5NTIxNlowfTELMAkGA1UEBhMCVVMxETAPBgNVBAgM
+CElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENI
+MQ4wDAYDVQQLDAVCbGFkZTEkMCIGA1UEAwwbQmxhZGUgQ29udHJvbGxlciBEb3du
+c3RyZWFtMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwEA1njlU4qAG
+2/KskXthKBI35KDTND92Dqg6gkAvbC/IGEJJyzxw7Fd2AjNMAbNLuaasK9HFRwPh
+ZXOLQjvl+wjwtBEAgGw+gLqrLdC3RVuiWlxGsbfB4tAYn9Av44jURYc1Prprnvqz
+l8+DIU6UTuRh9JimoyL6NC4rqgcvo8LjR01RNn27RdyeO/VhDjdiU2/vC/OujUqn
+InhtGvTB/KrDJtxLEcl15zBGe0PBoolYCF2+8FS2cMFw8y2aeeNeOfvjlzMXOxGG
+4vohxUNx/DZh6aNUzbh9Fp7gvJQ8ZRsRNqtI3AgGW4+7Bt4US9ekM8RQjRb51Vk/
+NcFhOKejswIDAQABo4IBODCCATQwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMC
+BkAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJhdGVkIFNlcnZlciBDZXJ0
+aWZpY2F0ZTAdBgNVHQ4EFgQUowMxPRDVCvF5Ax/Nvn+quWWny/kwgZoGA1UdIwSB
+kjCBj4AU9uEnF7xRRHRhbCvl+UsZlpwJnf6hc6RxMG8xCzAJBgNVBAYTAlVTMREw
+DwYDVQQIDAhJbGxpbm9pczEQMA4GA1UEBwwHQ2hpY2FnbzETMBEGA1UECgwKRnJl
+ZVNXSVRDSDEOMAwGA1UECwwFQmxhZGUxFjAUBgNVBAMMDUJsYWRlIFJvb3QgQ0GC
+AhAAMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG
+9w0BAQsFAAOCAgEAayl96eapLsMHWJDT/p1qfNhMYR+JtO7xaaGLJ+yiibY6T1Be
+1R5dLhG7y00Ww1Os9B4F3rWScFxpGqI9GgX8FAGo94Rm3c6+qLAKj/IZmXC6Dgg/
+VzqppcxMt+wo4HsYYhiamVLCyPTrOpPZ82X0+rlR+7iQRbEQ09ubfrb1ec/rDbfU
+Kucr1ugwAyOLCmTsK+PAXhAdT/9ci/pL2uO9AxKYgSqvc9VnxoyUusq4Qouxb76I
+qmbkGxVN0iP67tJ9jecyaXSoAJ6kBUPAdOesp9shPXmxnU6sPbk5FuJqNU5uZmK+
+KFwGMycLOl8wGAtK88GlupSYHmUT1CDo5rKFtOtyD0wcjM1p+lieQIFYDRV4OLXh
+qTa3gtgVRqEcXdn2GdtNFlO87HWR8ptr4gA3jfm/yaC3WGqsgbZtXyPerSIUSd3B
+op+5tvE8oqaIahCJV+Lj5XbmXoQkVKGel1xQjZ9rZavBxvwT4BlTNjYBZQHN0wsk
+T9Pd1jbytZ9Ffwf3BO/vnkeo4mXSybYN+Ohfh3+bDPMu+NDL7m2/V8ZhIuRCJP0w
+YBrlHHxvn4wjVOMix/KXcYXMlVenL0V1xTUHhFhQhBWQ9V4TzzWq/YeZH18MyB/Q
+J9vGivKGGFUcs2F7ze+juVOPuUv/hE4ypdPAa4uq+v4HUQAD3mYZkeJnq8o=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIFVjCCAz6gAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwZTELMAkGA1UEBhMCVVMx
+ETAPBgNVBAgMCElsbGlub2lzMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQL
+DAVCbGFkZTEeMBwGA1UEAwwVQmxhZGUgSW50ZXJtZWRpYXRlIENBMB4XDTE3MDkw
+NzA5NTY1MFoXDTI3MDkwNTA5NTY1MFowezELMAkGA1UEBhMCVVMxETAPBgNVBAgM
+CElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENI
+MQ4wDAYDVQQLDAVCbGFkZTEiMCAGA1UEAwwZQmxhZGUgQ29udHJvbGxlciBVcHN0
+cmVhbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOLeR7h7lhJR2/T3
+uaG8P20ko4Zo9wudGS/GN+aFv5EpFjlnRRxxbaqc5FFxWSWoJpMvrciX+4izC/jg
+mVSU9L7TdK2svGT8rqbXz31H3wEIBP4irKLtW22UbOZL2JoiW8kDUMcyOsc3jTqp
+Ewm96PSiYUJHvP6aTJRJdsAlmxZoJu46hxg8tNuy0V6YVPBZFU9NODEosm/wwAFo
+Aly70lvUD/kXBZFPBbgMy6xHVPrXKdou2p4IwfWNqm4VmS652YkjG7avSSAnTaph
+taTTCvtwOkCvrjJHvg4AG+zgwPdRxSZRqm7+zQdAIyC3zQzQRkbOizlZXej+ffXj
+EiPNmNMCAwEAAaOB+TCB9jAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAz
+BglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xpZW50IENlcnRpZmlj
+YXRlMB0GA1UdDgQWBBSmUpL+sqt/zQFJU1CnvyTAKVEttzAfBgNVHSMEGDAWgBT2
+4ScXvFFEdGFsK+X5SxmWnAmd/jAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYI
+KwYBBQUHAwIGCCsGAQUFBwMEMDIGA1UdEQQrMCmCFWNvbnRyb2xsZXJAZnJlZXN3
+aXRjaIIQY29udHJvbGxlckBibGFkZTANBgkqhkiG9w0BAQsFAAOCAgEASJ0KLhWJ
+74j+jbHNAKMvqjrhCBSrAr6Ma94L7ut35umYx9jVQhlvW5FQnI+cGU9s+RRm/tkK
+bze6aP+FaQdQvQMaxH9P7nCUjEXvKutzATwmXdRNv8MS+i9xVxX1vodZz2nSJ4uE
+4GqwiS+HtF5W4DCSId55RQ/1lMsTHsDNi0SspV5nubGJ4qDv/EA6vgkEUMbR6X3J
+phLcVTNeM+MvwYFZWZtnXkLnejZUYXMvtCCPwOW3fMQP8lWzNHwCOT+rZCboCnba
+NMAOKKkZDiz525wYUsYqDrLN8Q94m1EwgCjIhd9Vn4aLZTBouKAouFW+//L8WWHA
+rHFQuw4fy/efZzd1B+AaiM5FfWcKZuGQqa2LJS//GHDQGbRYZZOX505qOSKonSBU
+vTLFDYIE4gIYWFFUZqzVOJnafRUGEVl1V5xLZajM7HWMuhCK8p+XA6QM7HQXDUMd
+tMa9+EhU5nDF5V+gQmzjNDkh3xGLMbkZceEIP4nSRT9rTEVfILsQ8Q6G9pWYfYf7
+NsSBmax/F/8Jbx2gw9UVo7HVDx6dA5FRht4K8qiT6aA/5pRSOADMRz6ISM2idiF9
+NjadbBo+nVPtKosSF5ZGKxTAdYMUb34FMdp1N7J4UzG1ZBiLpNa3+7R3GGbtlNy5
+WLn35rnLEHYt9KvftBeYz58KVaiPQz/af8c=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIFtjCCA56gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwbzELMAkGA1UEBhMCVVMx
+ETAPBgNVBAgMCElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApG
+cmVlU1dJVENIMQ4wDAYDVQQLDAVCbGFkZTEWMBQGA1UEAwwNQmxhZGUgUm9vdCBD
+QTAeFw0xNzA5MDcwOTI4MDRaFw0yNzA5MDUwOTI4MDRaMGUxCzAJBgNVBAYTAlVT
+MREwDwYDVQQIDAhJbGxpbm9pczETMBEGA1UECgwKRnJlZVNXSVRDSDEOMAwGA1UE
+CwwFQmxhZGUxHjAcBgNVBAMMFUJsYWRlIEludGVybWVkaWF0ZSBDQTCCAiIwDQYJ
+KoZIhvcNAQEBBQADggIPADCCAgoCggIBALIlY1JmV9z6wjE6iEIXHUl2CRnsa1jD
++uDk4I/OncOdezpfv2mRO9C7VkcefXb5yDrda/qq8r9pNVm6Q2wCJICIlrK9uK90
+SLsB8WsO8Dnrv9E5Tx96U6J5qDx5Ma3IFM7fF1KUP1LVawpS4lMMKFhcyd/P1dAN
+ZWlzHCBoM4O9HMo4sKYx4fzxn00yKNK+RU4Wyd3ecntOOg/Dtx3FHt1bExUFuPUW
+sgVUR8b+R6Z/1U6iWe+3x/XBAUVCBhyzt7OrCpY0g3TX7wVCh7CafpZnTe54gjMo
+1lqSraJ5Dr4Sn1LV1gRa8cVQrNbUZ+m2aHsNLxmpEviHDLTd267x5qXEDCNajesJ
+iSALRpQzAJE/neQvVa2fiaV7PbPGlxtUcyR8J9sGfuuby48/RulPQ1CjL1+sI+IE
+lnMZqTiab+1TT5OyKMYYRjQ4k3R/gUGn0MhQBcy1VOP6GVGEgeOYACbDSjvYO9HZ
+dyM9ivpxLhV3BMVM2B0PmFxLgFdyBlIPkP36/5kBzOFJWdYrMLP/vahFVmTgevDm
+8Uhi3PvEt6kKUnWHkBHdajzDKLvbh8y+Ucgap7PtT8apZR+8J9TX87gMFzH5r4Xc
+SF97inJ/q098V8dyoPJpL6PRAzigBXGmB2fFhLgtoXfuKfI/nfgQHO7MbYCCFP4z
+Och2kFZYehBTAgMBAAGjZjBkMB0GA1UdDgQWBBT24ScXvFFEdGFsK+X5SxmWnAmd
+/jAfBgNVHSMEGDAWgBRaMzl9Nc1p7PgDWff+pvYOddMlljASBgNVHRMBAf8ECDAG
+AQH/AgEAMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAgGzDCfJm
+weo6oeSFmSLTmlBlTJZO+7igFWf8tunmTkg8wvKe+lCyDd2efNgUocI/NA+X4kRj
+YtDH+hq0H+JlDu/p4y4/t6Srx/dh33Ow7eCv2wtuSCeK5Y0euysXhI9gmPquUGOC
+HlHkmQcG03NbbrWt0+4IaPAaKxMuV0FR7KArudZvr+8gp9S8o0AkQVFZSbW41HQe
+a7DAJmLF0vLQWoVz/YltKjwAMs/ws8OWxUdvcOA3w6XmWmjAFn5hc2MgHgu513c4
+Vbq0535ghU0Eneqc23y2ELa+8hbn5yS5wcK1AS2HG4VoDqOJw+pv4Ko3T33mCR6X
+bUABSB+znX5kEZn8KQaP8sLm07kERGjCI3FLPscM1S851tah/iqBgddlIUn/YNpM
+9uYQ2PWu6UWvqyZfhgVIlb2LYJNERtKZPeI05SRIbUW93wUTiC6A93fl8SEE7XHa
+LMJt6+HLysR2IsXLqlSRZw3rIoT0B3G4uS9Xop89znLAknrOI57OvVAMLaeBrtkl
+jepE7RrNX6VcyEY+Ar1p30ax4UJNxjxd3rszIznccerWQzuLo5wYUkuZEfNtnAFB
+Z/4qlIn7wkbRevafgmlf/bhP6ZkeJFhqEjOq36Zci5JrnRu3rM/+Vex2ibHVat0E
+IZjeGxeofAPEwTaLfPJT7EIWZ+33ZHMcz+8=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIFwDCCA6igAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwZTELMAkGA1UEBhMCVVMx
+ETAPBgNVBAgMCElsbGlub2lzMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQL
+DAVCbGFkZTEeMBwGA1UEAwwVQmxhZGUgSW50ZXJtZWRpYXRlIENBMB4XDTE3MDkw
+NzA5NDQ1OVoXDTI3MDkwNTA5NDQ1OVoweTELMAkGA1UEBhMCVVMxETAPBgNVBAgM
+CElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENI
+MQ4wDAYDVQQLDAVCbGFkZTEgMB4GA1UEAwwXQmxhZGUgTWFzdGVyIERvd25zdHJl
+YW0wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDK8mciD1y9F1fz08+4
+V1d6VZfv87h0V4/JihsjFEAlvog1W1BsfMPw1eNGmykDVZPVgmmgjP95UZYBm9gW
+P26ze6hzA/7wpqdCs/tG0XsiCS5NsyP/9g33hcXJqzhTQXoqn0cGRJzrre2AfPoX
+2CijWpjH3ufUMyZzN7fP7/VCYNEDR/4Geyp3RjBnqw4PlFqroME2762kNC5jGkCh
+hPUpYrKwNE6mvQ6H0DwjJl9cHR9ynssU81h0TDa98N6kKcDLzK7BAoFtFGRKrFkL
+db8LtvbG6zyLZrpJtwkcgfyOoKtXMuHGfISnnMtbgi6IyZPfo/9RcKK6q6a3/ZHE
+plwJAgMBAAGjggFkMIIBYDAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAz
+BglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmlj
+YXRlMB0GA1UdDgQWBBT5po36vCPKHCecbSz1ueDbFDZ1jjCBmgYDVR0jBIGSMIGP
+gBT24ScXvFFEdGFsK+X5SxmWnAmd/qFzpHEwbzELMAkGA1UEBhMCVVMxETAPBgNV
+BAgMCElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJ
+VENIMQ4wDAYDVQQLDAVCbGFkZTEWMBQGA1UEAwwNQmxhZGUgUm9vdCBDQYICEAAw
+DgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMCoGA1UdEQQjMCGC
+EW1hc3RlckBmcmVlc3dpdGNoggxtYXN0ZXJAYmxhZGUwDQYJKoZIhvcNAQELBQAD
+ggIBAJ73CuGQvtFkzQxhVvmWcg7TOHeV6I1IycBXDgyEdL3MEC+z2vXpz7NwzcnD
+F0gYBVXAszSkNsLxmzUsxSr2IOy6rTJ/5R/GP9/3NLfjF1H2r1lxytfngMokp6ts
+AiCPu5fiIyYPlwj3Gcbw0+n8LL06oPKGf291eHRjWlJbbI0grUW2W1Mdajd9U42z
+vadoY0NAtWiZI3sM+OpicAg8hsYLN40KsnEag3Y6JdsDNiT05qKDhUcqVROlVcu4
+CT4u1gNROClAt/iUGA2s8jsPutPEedtGuAcIHqDk60C6D0v1+PokdFGG2ZBgHZLg
+fXRsPYzAtsqhyUW3jyR3XYEoIj1tU+zHRZT7B5wPczhOBk5LOHf+QYVVzwV3Ff5x
+8de8KRXRSg2ygLQGpBWTqMzzrjVgeSBNzC5nW/WaQHkMxmSGvUyvpUVUX/ySpDFf
+r4JfpYHmxSNWVdRVBmCzTBq2qM8npaPWsagXWOv/hdZcrTTi6nnrWxSIFogiY9DX
+YW2GUENt56AlXlyhiKd/NCWkQN5c/pRjV8EVUSTNuLNwFsGWmdZdjiaOUeILxHQS
+OyzvTgKohqHikECl1wISRuDY8Fbu+xfqUaERsSfS35CBKW3qtmnmg+9meE6MRj7I
+sbWoHXx7dJZst7vcDDsBptUPNUFKsgHKqfaGrb7hJGro/vTV
+-----END CERTIFICATE-----
--- /dev/null
+# OpenSSL intermediate CA configuration file.
+# Copy to `/root/ca/intermediate/openssl.cnf`.
+
+[ ca ]
+# `man ca`
+default_ca = CA_default
+
+[ CA_default ]
+# Directory and file locations.
+dir = .
+certs = $dir/certs
+crl_dir = $dir/crl
+new_certs_dir = $dir/newcerts
+database = $dir/index.txt
+serial = $dir/serial
+RANDFILE = $dir/private/.rand
+
+# The root key and root certificate.
+private_key = $dir/private/intermediate.key.pem
+certificate = $dir/certs/intermediate.cert.pem
+
+# For certificate revocation lists.
+crlnumber = $dir/crlnumber
+crl = $dir/crl/intermediate.crl.pem
+crl_extensions = crl_ext
+default_crl_days = 30
+
+# SHA-1 is deprecated, so use SHA-2 instead.
+default_md = sha256
+
+name_opt = ca_default
+cert_opt = ca_default
+default_days = 375
+preserve = no
+policy = policy_loose
+
+[ policy_strict ]
+# The root CA should only sign intermediate certificates that match.
+# See the POLICY FORMAT section of `man ca`.
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+[ policy_loose ]
+# Allow the intermediate CA to sign a more diverse range of certificates.
+# See the POLICY FORMAT section of the `ca` man page.
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+[ req ]
+# Options for the `req` tool (`man req`).
+default_bits = 2048
+distinguished_name = req_distinguished_name
+string_mask = utf8only
+
+# SHA-1 is deprecated, so use SHA-2 instead.
+default_md = sha256
+
+# Extension to add when the -x509 option is used.
+x509_extensions = v3_ca
+
+[ req_distinguished_name ]
+# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
+countryName = Country Name (2 letter code)
+stateOrProvinceName = State or Province Name
+localityName = Locality Name
+0.organizationName = Organization Name
+organizationalUnitName = Organizational Unit Name
+commonName = Common Name
+emailAddress = Email Address
+
+# Optionally, specify some defaults.
+countryName_default = US
+stateOrProvinceName_default = Illinois
+localityName_default = Chicago
+0.organizationName_default = FreeSWITCH
+organizationalUnitName_default = Blade
+emailAddress_default =
+
+[ v3_ca ]
+# Extensions for a typical CA (`man x509v3_config`).
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+
+[ v3_intermediate_ca ]
+# Extensions for a typical intermediate CA (`man x509v3_config`).
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true, pathlen:0
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+
+[ usr_cert ]
+# Extensions for client certificates (`man x509v3_config`).
+basicConstraints = CA:FALSE
+nsCertType = client, email
+nsComment = "OpenSSL Generated Client Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
+extendedKeyUsage = clientAuth, emailProtection
+subjectAltName = DNS: client@freeswitch
+
+[ server_cert ]
+# Extensions for server certificates (`man x509v3_config`).
+basicConstraints = CA:FALSE
+nsCertType = server
+nsComment = "OpenSSL Generated Server Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+keyUsage = critical, digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth
+
+[ crl_ext ]
+# Extension for CRLs (`man x509v3_config`).
+authorityKeyIdentifier=keyid:always
+
+[ ocsp ]
+# Extension for OCSP signing certificates (`man ocsp`).
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer
+keyUsage = critical, digitalSignature
+extendedKeyUsage = critical, OCSPSigning
\ No newline at end of file
--- /dev/null
+# OpenSSL intermediate CA configuration file.
+# Copy to `/root/ca/intermediate/openssl.cnf`.
+
+[ ca ]
+# `man ca`
+default_ca = CA_default
+
+[ CA_default ]
+# Directory and file locations.
+dir = .
+certs = $dir/certs
+crl_dir = $dir/crl
+new_certs_dir = $dir/newcerts
+database = $dir/index.txt
+serial = $dir/serial
+RANDFILE = $dir/private/.rand
+
+# The root key and root certificate.
+private_key = $dir/private/intermediate.key.pem
+certificate = $dir/certs/intermediate.cert.pem
+
+# For certificate revocation lists.
+crlnumber = $dir/crlnumber
+crl = $dir/crl/intermediate.crl.pem
+crl_extensions = crl_ext
+default_crl_days = 30
+
+# SHA-1 is deprecated, so use SHA-2 instead.
+default_md = sha256
+
+name_opt = ca_default
+cert_opt = ca_default
+default_days = 375
+preserve = no
+policy = policy_loose
+
+[ policy_strict ]
+# The root CA should only sign intermediate certificates that match.
+# See the POLICY FORMAT section of `man ca`.
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+[ policy_loose ]
+# Allow the intermediate CA to sign a more diverse range of certificates.
+# See the POLICY FORMAT section of the `ca` man page.
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+[ req ]
+# Options for the `req` tool (`man req`).
+default_bits = 2048
+distinguished_name = req_distinguished_name
+string_mask = utf8only
+
+# SHA-1 is deprecated, so use SHA-2 instead.
+default_md = sha256
+
+# Extension to add when the -x509 option is used.
+x509_extensions = v3_ca
+
+[ req_distinguished_name ]
+# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
+countryName = Country Name (2 letter code)
+stateOrProvinceName = State or Province Name
+localityName = Locality Name
+0.organizationName = Organization Name
+organizationalUnitName = Organizational Unit Name
+commonName = Common Name
+emailAddress = Email Address
+
+# Optionally, specify some defaults.
+countryName_default = US
+stateOrProvinceName_default = Illinois
+localityName_default = Chicago
+0.organizationName_default = FreeSWITCH
+organizationalUnitName_default = Blade
+emailAddress_default =
+
+[ v3_ca ]
+# Extensions for a typical CA (`man x509v3_config`).
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+
+[ v3_intermediate_ca ]
+# Extensions for a typical intermediate CA (`man x509v3_config`).
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true, pathlen:0
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+
+[ usr_cert ]
+# Extensions for client certificates (`man x509v3_config`).
+basicConstraints = CA:FALSE
+nsCertType = client, email
+nsComment = "OpenSSL Generated Client Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
+extendedKeyUsage = clientAuth, emailProtection
+subjectAltName = DNS: controller@freeswitch, DNS: controller@blade
+
+[ server_cert ]
+# Extensions for server certificates (`man x509v3_config`).
+basicConstraints = CA:FALSE
+nsCertType = server
+nsComment = "OpenSSL Generated Server Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+keyUsage = critical, digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth
+
+[ crl_ext ]
+# Extension for CRLs (`man x509v3_config`).
+authorityKeyIdentifier=keyid:always
+
+[ ocsp ]
+# Extension for OCSP signing certificates (`man ocsp`).
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer
+keyUsage = critical, digitalSignature
+extendedKeyUsage = critical, OCSPSigning
\ No newline at end of file
--- /dev/null
+# OpenSSL intermediate CA configuration file.
+# Copy to `/root/ca/intermediate/openssl.cnf`.
+
+[ ca ]
+# `man ca`
+default_ca = CA_default
+
+[ CA_default ]
+# Directory and file locations.
+dir = .
+certs = $dir/certs
+crl_dir = $dir/crl
+new_certs_dir = $dir/newcerts
+database = $dir/index.txt
+serial = $dir/serial
+RANDFILE = $dir/private/.rand
+
+# The root key and root certificate.
+private_key = $dir/private/intermediate.key.pem
+certificate = $dir/certs/intermediate.cert.pem
+
+# For certificate revocation lists.
+crlnumber = $dir/crlnumber
+crl = $dir/crl/intermediate.crl.pem
+crl_extensions = crl_ext
+default_crl_days = 30
+
+# SHA-1 is deprecated, so use SHA-2 instead.
+default_md = sha256
+
+name_opt = ca_default
+cert_opt = ca_default
+default_days = 375
+preserve = no
+policy = policy_loose
+
+[ policy_strict ]
+# The root CA should only sign intermediate certificates that match.
+# See the POLICY FORMAT section of `man ca`.
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+[ policy_loose ]
+# Allow the intermediate CA to sign a more diverse range of certificates.
+# See the POLICY FORMAT section of the `ca` man page.
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+[ req ]
+# Options for the `req` tool (`man req`).
+default_bits = 2048
+distinguished_name = req_distinguished_name
+string_mask = utf8only
+
+# SHA-1 is deprecated, so use SHA-2 instead.
+default_md = sha256
+
+# Extension to add when the -x509 option is used.
+x509_extensions = v3_ca
+
+[ req_distinguished_name ]
+# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
+countryName = Country Name (2 letter code)
+stateOrProvinceName = State or Province Name
+localityName = Locality Name
+0.organizationName = Organization Name
+organizationalUnitName = Organizational Unit Name
+commonName = Common Name
+emailAddress = Email Address
+
+# Optionally, specify some defaults.
+countryName_default = US
+stateOrProvinceName_default = Illinois
+localityName_default = Chicago
+0.organizationName_default = FreeSWITCH
+organizationalUnitName_default = Blade
+emailAddress_default =
+
+[ v3_ca ]
+# Extensions for a typical CA (`man x509v3_config`).
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+
+[ v3_intermediate_ca ]
+# Extensions for a typical intermediate CA (`man x509v3_config`).
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true, pathlen:0
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+
+[ usr_cert ]
+# Extensions for client certificates (`man x509v3_config`).
+basicConstraints = CA:FALSE
+nsCertType = client, email
+nsComment = "OpenSSL Generated Client Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
+extendedKeyUsage = clientAuth, emailProtection
+
+[ server_cert ]
+# Extensions for server certificates (`man x509v3_config`).
+basicConstraints = CA:FALSE
+nsCertType = server
+nsComment = "OpenSSL Generated Server Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+keyUsage = critical, digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth
+subjectAltName = DNS: master@freeswitch, DNS: master@blade
+
+[ crl_ext ]
+# Extension for CRLs (`man x509v3_config`).
+authorityKeyIdentifier=keyid:always
+
+[ ocsp ]
+# Extension for OCSP signing certificates (`man ocsp`).
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer
+keyUsage = critical, digitalSignature
+extendedKeyUsage = critical, OCSPSigning
\ No newline at end of file
--- /dev/null
+1000
\ No newline at end of file
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxETAPBgNVBAgMCElsbGlub2lzMRAw
+DgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQLDAVC
+bGFkZTEeMBwGA1UEAwwVQmxhZGUgQ2xpZW50IFVwc3RyZWFtMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7QkR1NA64HPzuYYko7LTciwCWu1JLGuA3/7D
+kskMZ180+sQ3dBG4UjujKMRc0h65oFZc//WYIfmfUznLvLsRygghlevPqgGRGdf9
+WHIMjo9+hLM6MgZ51Eqqydh42L7sen/2bO85gh/pfxno3+uPFGIJtX6GFiJ5Hp86
+wF+cqnfRRUFo+0L34+rLY08fITEkTbPjNg5R2jcWa+dWJXIJi3pud+ulWPTKalYi
+UvsqN8tucjJIZb279yzrxsV2qjRqHBCToBj9/kcJHD8gKrpEf1HsiLLJ7PEAID1f
+MONTL5sVXCJ1TXpjWNZTlcTCCMAhrEghGMZV0FIm7GS//naqywIDAQABoAAwDQYJ
+KoZIhvcNAQELBQADggEBAJd+fNwHr5soFlNbWb5kMP5utXwJhElEfnQ25puC0jhP
+I03z63MS8Chi1Uaxo9MBpFnC84LVmhPT+7RwpRBubVJEWq2WUjZRvbt5dih+kGum
+zC7dDhHAMx8Gk8TwsYnnzCDkcvetCCTfrn5otYlVxc/36PWoMB4dL426XSi5JVx0
+nxeXmbiIpZP9udwXDl6J6i8HhjtGpveiVIV3RrfleApYHAxFa5pVP9l3pwMt9RqX
++TbqXexAXrJoVoi8JENjDMGl2H/95UaXB7W/6iIHc/1hy3ebk5OCahxeIoS8LHgX
+LsLKJDVsz5eOmfo5rF7lT1WVgp2TTS+W6ys2uX3j/cY=
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIICwjCCAaoCAQAwfTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCElsbGlub2lzMRAw
+DgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQLDAVC
+bGFkZTEkMCIGA1UEAwwbQmxhZGUgQ29udHJvbGxlciBEb3duc3RyZWFtMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwEA1njlU4qAG2/KskXthKBI35KDT
+ND92Dqg6gkAvbC/IGEJJyzxw7Fd2AjNMAbNLuaasK9HFRwPhZXOLQjvl+wjwtBEA
+gGw+gLqrLdC3RVuiWlxGsbfB4tAYn9Av44jURYc1Prprnvqzl8+DIU6UTuRh9Jim
+oyL6NC4rqgcvo8LjR01RNn27RdyeO/VhDjdiU2/vC/OujUqnInhtGvTB/KrDJtxL
+Ecl15zBGe0PBoolYCF2+8FS2cMFw8y2aeeNeOfvjlzMXOxGG4vohxUNx/DZh6aNU
+zbh9Fp7gvJQ8ZRsRNqtI3AgGW4+7Bt4US9ekM8RQjRb51Vk/NcFhOKejswIDAQAB
+oAAwDQYJKoZIhvcNAQELBQADggEBAHvlM/HiAI9fO2QlQRX4lAo0Y+pLYZDI0kjY
+2PWsLEzI69mBYLTGFrvzYaSzwDUzkHBuypV69BTsWHQBbnMfRRvvqXQCObYcnMUa
+IDaM4m4YLSYICWUYe+aCQZIMjg13TRspR8H1DlbRUlYFvsYumMeaeAauHW0t6xfL
+H5vaFtNs0G4apJpb++CoCW/2cWS5Iyj4oViGitX1ajl4oRBzjPMqRQFlqUWExcM8
+a/XA1STOcIw8qlIWZw9hL7StOoMcAFhybjadZIGLYSI8Y1vCl2+Ur+bRNEU0VY4h
+k9jhjr09pI0rHcXhXziZ88NRIQL4rT04MJnjR2G7AY18bKIGnqk=
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIICwDCCAagCAQAwezELMAkGA1UEBhMCVVMxETAPBgNVBAgMCElsbGlub2lzMRAw
+DgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQLDAVC
+bGFkZTEiMCAGA1UEAwwZQmxhZGUgQ29udHJvbGxlciBVcHN0cmVhbTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAOLeR7h7lhJR2/T3uaG8P20ko4Zo9wud
+GS/GN+aFv5EpFjlnRRxxbaqc5FFxWSWoJpMvrciX+4izC/jgmVSU9L7TdK2svGT8
+rqbXz31H3wEIBP4irKLtW22UbOZL2JoiW8kDUMcyOsc3jTqpEwm96PSiYUJHvP6a
+TJRJdsAlmxZoJu46hxg8tNuy0V6YVPBZFU9NODEosm/wwAFoAly70lvUD/kXBZFP
+BbgMy6xHVPrXKdou2p4IwfWNqm4VmS652YkjG7avSSAnTaphtaTTCvtwOkCvrjJH
+vg4AG+zgwPdRxSZRqm7+zQdAIyC3zQzQRkbOizlZXej+ffXjEiPNmNMCAwEAAaAA
+MA0GCSqGSIb3DQEBCwUAA4IBAQDTJmaPVFGJ7lgj2TOJi66WSLkXUc3wKCX7dkX/
+GIGXyr2hsabYT3FOkWlL0W/CI2KXkFEItnHPE4Plit9E+O/fZYGWjfSHhVUa6rzF
+w+rM2EWklAl6s/zH1/MoliRG68aluyqv8aIyovRNfAj3F3FaDW5qiIaSVtp3Znlu
+OlrIQD3ixqIa4na0+kr9MEV+wehDl5Uib0j8GLf7dM/drEywzWVkjaPRttrgvu/M
+loill3Ta13RQMs0qzu1zx36mbb+hyahq5kyrabWDisV6cmWxbcSCIGCOCfgHdXMl
+KYupqGBp1ey7KEl3erB4WQ8Rhl7z01+5QEhd875pNmHRE5/w
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIEvDCCAqQCAQAwdzELMAkGA1UEBhMCVVMxETAPBgNVBAgMCElsbGlub2lzMRAw
+DgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQLDAVC
+bGFkZTEeMBwGA1UEAwwVQmxhZGUgSW50ZXJtZWRpYXRlIENBMIICIjANBgkqhkiG
+9w0BAQEFAAOCAg8AMIICCgKCAgEAsiVjUmZX3PrCMTqIQhcdSXYJGexrWMP64OTg
+j86dw517Ol+/aZE70LtWRx59dvnIOt1r+qryv2k1WbpDbAIkgIiWsr24r3RIuwHx
+aw7wOeu/0TlPH3pTonmoPHkxrcgUzt8XUpQ/UtVrClLiUwwoWFzJ38/V0A1laXMc
+IGgzg70cyjiwpjHh/PGfTTIo0r5FThbJ3d5ye046D8O3HcUe3VsTFQW49RayBVRH
+xv5Hpn/VTqJZ77fH9cEBRUIGHLO3s6sKljSDdNfvBUKHsJp+lmdN7niCMyjWWpKt
+onkOvhKfUtXWBFrxxVCs1tRn6bZoew0vGakS+IcMtN3brvHmpcQMI1qN6wmJIAtG
+lDMAkT+d5C9VrZ+JpXs9s8aXG1RzJHwn2wZ+65vLjz9G6U9DUKMvX6wj4gSWcxmp
+OJpv7VNPk7IoxhhGNDiTdH+BQafQyFAFzLVU4/oZUYSB45gAJsNKO9g70dl3Iz2K
++nEuFXcExUzYHQ+YXEuAV3IGUg+Q/fr/mQHM4UlZ1isws/+9qEVWZOB68ObxSGLc
++8S3qQpSdYeQEd1qPMMou9uHzL5RyBqns+1PxqllH7wn1NfzuAwXMfmvhdxIX3uK
+cn+rT3xXx3Kg8mkvo9EDOKAFcaYHZ8WEuC2hd+4p8j+d+BAc7sxtgIIU/jM5yHaQ
+Vlh6EFMCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4ICAQBjDnbyUJMn5Av78pt611u3
+/QrYxH1SHEwjtSwPcusmoTCNhMIF07GLlRuLNB1teyNLFtLzq345d/sr+o9BmFAS
+ODpW0rN5RGXnZKvHPrBARFRb/UdyZDlvbl/ksVT6b9fzroPRtU3IqgdAXvKnvJ7G
+1RCaIxyZd7T856Z7Eq2tmn0AblyXJLWy2JpBy6CzRK4KFCuNHbs+HrVBXeHD6Tgc
+pcbtIKohHw/x3r+OX2uf6hr0bfewePE7y5pf4yVb+eaN6TMQQHHSN+oIVSNi8yKk
+Sr1wd8F5OEp6teYKj4Nlrc8giOkrIV91a1XUJsKgYfzpT4GevIw+8U1uIa8qB3Ow
+ZchgdsltZAFR0MGmwJNKGQ6JAmFmZTGD2G43P3Y9EnXDiGYWo5k0UkdghaoJIIAO
+DYxGhEGOINjHmJyQik0ha+38+cLAWoItrSIShZaHDMSXx5ujaFBrZxPa662BwkF4
+zUXmAW09ww64owAYZ+a1EuujTcLDYszSzIbF6UqBoCeDpq3L5wEgFzl0zktVIwWI
+YQ99IKOj0JVbsIbikFoteXFbE1x0dR05Mgx9NaCDrIlmmydnsNW5xvwQISYnr92U
+HgS0/xfgaPo8hqDpl6rjlfwj0Ay/LZTAfH/xGjN69DZbTgf55PRhkTdwMLiQuY6e
+ENqjprP7sJ7aYdND59jAmQ==
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIICvjCCAaYCAQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCElsbGlub2lzMRAw
+DgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQLDAVC
+bGFkZTEgMB4GA1UEAwwXQmxhZGUgTWFzdGVyIERvd25zdHJlYW0wggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDK8mciD1y9F1fz08+4V1d6VZfv87h0V4/J
+ihsjFEAlvog1W1BsfMPw1eNGmykDVZPVgmmgjP95UZYBm9gWP26ze6hzA/7wpqdC
+s/tG0XsiCS5NsyP/9g33hcXJqzhTQXoqn0cGRJzrre2AfPoX2CijWpjH3ufUMyZz
+N7fP7/VCYNEDR/4Geyp3RjBnqw4PlFqroME2762kNC5jGkChhPUpYrKwNE6mvQ6H
+0DwjJl9cHR9ynssU81h0TDa98N6kKcDLzK7BAoFtFGRKrFkLdb8LtvbG6zyLZrpJ
+twkcgfyOoKtXMuHGfISnnMtbgi6IyZPfo/9RcKK6q6a3/ZHEplwJAgMBAAGgADAN
+BgkqhkiG9w0BAQsFAAOCAQEAGJ9T9wIQ5i8X8bkvsNKJMWBWWx6O5ihP77ve6Pet
+BHvfJyV++lFbaU4Af/5R5eE5aOXpfIzMm6MHmvE3sSSL9+Bkaqw+VL1jKieG919C
++5CEC1T053QWjbqYG7dp5wVTMJ3MSawvsrkD6sr2rSHhu2pcmEeF5bFcaaYSXVsG
+vmCGQh7lUj8N79xdiuQvYUM1Lpgo/81WeUWXjCaMVkv6Hdzp0Hx9avCSweb6kklE
+dSUjOkOKGA/+IoCXmFiLxNs0hzxrkG85aVCmv1x5fcm9mqNVoqBY2YqWWguavDnz
+DT88l92ZDGqJpVmB+a5H1pC9JY54UUyii462ZMcDmrMK7g==
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+V 270905094459Z 1000 unknown /C=US/ST=Illinois/L=Chicago/O=FreeSWITCH/OU=Blade/CN=Blade Master Downstream
+V 270905095216Z 1001 unknown /C=US/ST=Illinois/L=Chicago/O=FreeSWITCH/OU=Blade/CN=Blade Controller Downstream
+V 270905095650Z 1002 unknown /C=US/ST=Illinois/L=Chicago/O=FreeSWITCH/OU=Blade/CN=Blade Controller Upstream
+V 270905120806Z 1003 unknown /C=US/ST=Illinois/L=Chicago/O=FreeSWITCH/OU=Blade/CN=Blade Client Upstream
--- /dev/null
+unique_subject = yes
--- /dev/null
+unique_subject = yes
--- /dev/null
+V 270905094459Z 1000 unknown /C=US/ST=Illinois/L=Chicago/O=FreeSWITCH/OU=Blade/CN=Blade Master Downstream
+V 270905095216Z 1001 unknown /C=US/ST=Illinois/L=Chicago/O=FreeSWITCH/OU=Blade/CN=Blade Controller Downstream
+V 270905095650Z 1002 unknown /C=US/ST=Illinois/L=Chicago/O=FreeSWITCH/OU=Blade/CN=Blade Controller Upstream
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIFwDCCA6igAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwZTELMAkGA1UEBhMCVVMx
+ETAPBgNVBAgMCElsbGlub2lzMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQL
+DAVCbGFkZTEeMBwGA1UEAwwVQmxhZGUgSW50ZXJtZWRpYXRlIENBMB4XDTE3MDkw
+NzA5NDQ1OVoXDTI3MDkwNTA5NDQ1OVoweTELMAkGA1UEBhMCVVMxETAPBgNVBAgM
+CElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENI
+MQ4wDAYDVQQLDAVCbGFkZTEgMB4GA1UEAwwXQmxhZGUgTWFzdGVyIERvd25zdHJl
+YW0wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDK8mciD1y9F1fz08+4
+V1d6VZfv87h0V4/JihsjFEAlvog1W1BsfMPw1eNGmykDVZPVgmmgjP95UZYBm9gW
+P26ze6hzA/7wpqdCs/tG0XsiCS5NsyP/9g33hcXJqzhTQXoqn0cGRJzrre2AfPoX
+2CijWpjH3ufUMyZzN7fP7/VCYNEDR/4Geyp3RjBnqw4PlFqroME2762kNC5jGkCh
+hPUpYrKwNE6mvQ6H0DwjJl9cHR9ynssU81h0TDa98N6kKcDLzK7BAoFtFGRKrFkL
+db8LtvbG6zyLZrpJtwkcgfyOoKtXMuHGfISnnMtbgi6IyZPfo/9RcKK6q6a3/ZHE
+plwJAgMBAAGjggFkMIIBYDAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAz
+BglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmlj
+YXRlMB0GA1UdDgQWBBT5po36vCPKHCecbSz1ueDbFDZ1jjCBmgYDVR0jBIGSMIGP
+gBT24ScXvFFEdGFsK+X5SxmWnAmd/qFzpHEwbzELMAkGA1UEBhMCVVMxETAPBgNV
+BAgMCElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJ
+VENIMQ4wDAYDVQQLDAVCbGFkZTEWMBQGA1UEAwwNQmxhZGUgUm9vdCBDQYICEAAw
+DgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMCoGA1UdEQQjMCGC
+EW1hc3RlckBmcmVlc3dpdGNoggxtYXN0ZXJAYmxhZGUwDQYJKoZIhvcNAQELBQAD
+ggIBAJ73CuGQvtFkzQxhVvmWcg7TOHeV6I1IycBXDgyEdL3MEC+z2vXpz7NwzcnD
+F0gYBVXAszSkNsLxmzUsxSr2IOy6rTJ/5R/GP9/3NLfjF1H2r1lxytfngMokp6ts
+AiCPu5fiIyYPlwj3Gcbw0+n8LL06oPKGf291eHRjWlJbbI0grUW2W1Mdajd9U42z
+vadoY0NAtWiZI3sM+OpicAg8hsYLN40KsnEag3Y6JdsDNiT05qKDhUcqVROlVcu4
+CT4u1gNROClAt/iUGA2s8jsPutPEedtGuAcIHqDk60C6D0v1+PokdFGG2ZBgHZLg
+fXRsPYzAtsqhyUW3jyR3XYEoIj1tU+zHRZT7B5wPczhOBk5LOHf+QYVVzwV3Ff5x
+8de8KRXRSg2ygLQGpBWTqMzzrjVgeSBNzC5nW/WaQHkMxmSGvUyvpUVUX/ySpDFf
+r4JfpYHmxSNWVdRVBmCzTBq2qM8npaPWsagXWOv/hdZcrTTi6nnrWxSIFogiY9DX
+YW2GUENt56AlXlyhiKd/NCWkQN5c/pRjV8EVUSTNuLNwFsGWmdZdjiaOUeILxHQS
+OyzvTgKohqHikECl1wISRuDY8Fbu+xfqUaERsSfS35CBKW3qtmnmg+9meE6MRj7I
+sbWoHXx7dJZst7vcDDsBptUPNUFKsgHKqfaGrb7hJGro/vTV
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIFmDCCA4CgAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwZTELMAkGA1UEBhMCVVMx
+ETAPBgNVBAgMCElsbGlub2lzMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQL
+DAVCbGFkZTEeMBwGA1UEAwwVQmxhZGUgSW50ZXJtZWRpYXRlIENBMB4XDTE3MDkw
+NzA5NTIxNloXDTI3MDkwNTA5NTIxNlowfTELMAkGA1UEBhMCVVMxETAPBgNVBAgM
+CElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENI
+MQ4wDAYDVQQLDAVCbGFkZTEkMCIGA1UEAwwbQmxhZGUgQ29udHJvbGxlciBEb3du
+c3RyZWFtMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwEA1njlU4qAG
+2/KskXthKBI35KDTND92Dqg6gkAvbC/IGEJJyzxw7Fd2AjNMAbNLuaasK9HFRwPh
+ZXOLQjvl+wjwtBEAgGw+gLqrLdC3RVuiWlxGsbfB4tAYn9Av44jURYc1Prprnvqz
+l8+DIU6UTuRh9JimoyL6NC4rqgcvo8LjR01RNn27RdyeO/VhDjdiU2/vC/OujUqn
+InhtGvTB/KrDJtxLEcl15zBGe0PBoolYCF2+8FS2cMFw8y2aeeNeOfvjlzMXOxGG
+4vohxUNx/DZh6aNUzbh9Fp7gvJQ8ZRsRNqtI3AgGW4+7Bt4US9ekM8RQjRb51Vk/
+NcFhOKejswIDAQABo4IBODCCATQwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMC
+BkAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJhdGVkIFNlcnZlciBDZXJ0
+aWZpY2F0ZTAdBgNVHQ4EFgQUowMxPRDVCvF5Ax/Nvn+quWWny/kwgZoGA1UdIwSB
+kjCBj4AU9uEnF7xRRHRhbCvl+UsZlpwJnf6hc6RxMG8xCzAJBgNVBAYTAlVTMREw
+DwYDVQQIDAhJbGxpbm9pczEQMA4GA1UEBwwHQ2hpY2FnbzETMBEGA1UECgwKRnJl
+ZVNXSVRDSDEOMAwGA1UECwwFQmxhZGUxFjAUBgNVBAMMDUJsYWRlIFJvb3QgQ0GC
+AhAAMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG
+9w0BAQsFAAOCAgEAayl96eapLsMHWJDT/p1qfNhMYR+JtO7xaaGLJ+yiibY6T1Be
+1R5dLhG7y00Ww1Os9B4F3rWScFxpGqI9GgX8FAGo94Rm3c6+qLAKj/IZmXC6Dgg/
+VzqppcxMt+wo4HsYYhiamVLCyPTrOpPZ82X0+rlR+7iQRbEQ09ubfrb1ec/rDbfU
+Kucr1ugwAyOLCmTsK+PAXhAdT/9ci/pL2uO9AxKYgSqvc9VnxoyUusq4Qouxb76I
+qmbkGxVN0iP67tJ9jecyaXSoAJ6kBUPAdOesp9shPXmxnU6sPbk5FuJqNU5uZmK+
+KFwGMycLOl8wGAtK88GlupSYHmUT1CDo5rKFtOtyD0wcjM1p+lieQIFYDRV4OLXh
+qTa3gtgVRqEcXdn2GdtNFlO87HWR8ptr4gA3jfm/yaC3WGqsgbZtXyPerSIUSd3B
+op+5tvE8oqaIahCJV+Lj5XbmXoQkVKGel1xQjZ9rZavBxvwT4BlTNjYBZQHN0wsk
+T9Pd1jbytZ9Ffwf3BO/vnkeo4mXSybYN+Ohfh3+bDPMu+NDL7m2/V8ZhIuRCJP0w
+YBrlHHxvn4wjVOMix/KXcYXMlVenL0V1xTUHhFhQhBWQ9V4TzzWq/YeZH18MyB/Q
+J9vGivKGGFUcs2F7ze+juVOPuUv/hE4ypdPAa4uq+v4HUQAD3mYZkeJnq8o=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIFVjCCAz6gAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwZTELMAkGA1UEBhMCVVMx
+ETAPBgNVBAgMCElsbGlub2lzMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQL
+DAVCbGFkZTEeMBwGA1UEAwwVQmxhZGUgSW50ZXJtZWRpYXRlIENBMB4XDTE3MDkw
+NzA5NTY1MFoXDTI3MDkwNTA5NTY1MFowezELMAkGA1UEBhMCVVMxETAPBgNVBAgM
+CElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENI
+MQ4wDAYDVQQLDAVCbGFkZTEiMCAGA1UEAwwZQmxhZGUgQ29udHJvbGxlciBVcHN0
+cmVhbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOLeR7h7lhJR2/T3
+uaG8P20ko4Zo9wudGS/GN+aFv5EpFjlnRRxxbaqc5FFxWSWoJpMvrciX+4izC/jg
+mVSU9L7TdK2svGT8rqbXz31H3wEIBP4irKLtW22UbOZL2JoiW8kDUMcyOsc3jTqp
+Ewm96PSiYUJHvP6aTJRJdsAlmxZoJu46hxg8tNuy0V6YVPBZFU9NODEosm/wwAFo
+Aly70lvUD/kXBZFPBbgMy6xHVPrXKdou2p4IwfWNqm4VmS652YkjG7avSSAnTaph
+taTTCvtwOkCvrjJHvg4AG+zgwPdRxSZRqm7+zQdAIyC3zQzQRkbOizlZXej+ffXj
+EiPNmNMCAwEAAaOB+TCB9jAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAz
+BglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xpZW50IENlcnRpZmlj
+YXRlMB0GA1UdDgQWBBSmUpL+sqt/zQFJU1CnvyTAKVEttzAfBgNVHSMEGDAWgBT2
+4ScXvFFEdGFsK+X5SxmWnAmd/jAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYI
+KwYBBQUHAwIGCCsGAQUFBwMEMDIGA1UdEQQrMCmCFWNvbnRyb2xsZXJAZnJlZXN3
+aXRjaIIQY29udHJvbGxlckBibGFkZTANBgkqhkiG9w0BAQsFAAOCAgEASJ0KLhWJ
+74j+jbHNAKMvqjrhCBSrAr6Ma94L7ut35umYx9jVQhlvW5FQnI+cGU9s+RRm/tkK
+bze6aP+FaQdQvQMaxH9P7nCUjEXvKutzATwmXdRNv8MS+i9xVxX1vodZz2nSJ4uE
+4GqwiS+HtF5W4DCSId55RQ/1lMsTHsDNi0SspV5nubGJ4qDv/EA6vgkEUMbR6X3J
+phLcVTNeM+MvwYFZWZtnXkLnejZUYXMvtCCPwOW3fMQP8lWzNHwCOT+rZCboCnba
+NMAOKKkZDiz525wYUsYqDrLN8Q94m1EwgCjIhd9Vn4aLZTBouKAouFW+//L8WWHA
+rHFQuw4fy/efZzd1B+AaiM5FfWcKZuGQqa2LJS//GHDQGbRYZZOX505qOSKonSBU
+vTLFDYIE4gIYWFFUZqzVOJnafRUGEVl1V5xLZajM7HWMuhCK8p+XA6QM7HQXDUMd
+tMa9+EhU5nDF5V+gQmzjNDkh3xGLMbkZceEIP4nSRT9rTEVfILsQ8Q6G9pWYfYf7
+NsSBmax/F/8Jbx2gw9UVo7HVDx6dA5FRht4K8qiT6aA/5pRSOADMRz6ISM2idiF9
+NjadbBo+nVPtKosSF5ZGKxTAdYMUb34FMdp1N7J4UzG1ZBiLpNa3+7R3GGbtlNy5
+WLn35rnLEHYt9KvftBeYz58KVaiPQz/af8c=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIFPDCCAySgAwIBAgICEAMwDQYJKoZIhvcNAQELBQAwZTELMAkGA1UEBhMCVVMx
+ETAPBgNVBAgMCElsbGlub2lzMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQL
+DAVCbGFkZTEeMBwGA1UEAwwVQmxhZGUgSW50ZXJtZWRpYXRlIENBMB4XDTE3MDkw
+NzEyMDgwNloXDTI3MDkwNTEyMDgwNlowdzELMAkGA1UEBhMCVVMxETAPBgNVBAgM
+CElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENI
+MQ4wDAYDVQQLDAVCbGFkZTEeMBwGA1UEAwwVQmxhZGUgQ2xpZW50IFVwc3RyZWFt
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7QkR1NA64HPzuYYko7LT
+ciwCWu1JLGuA3/7DkskMZ180+sQ3dBG4UjujKMRc0h65oFZc//WYIfmfUznLvLsR
+ygghlevPqgGRGdf9WHIMjo9+hLM6MgZ51Eqqydh42L7sen/2bO85gh/pfxno3+uP
+FGIJtX6GFiJ5Hp86wF+cqnfRRUFo+0L34+rLY08fITEkTbPjNg5R2jcWa+dWJXIJ
+i3pud+ulWPTKalYiUvsqN8tucjJIZb279yzrxsV2qjRqHBCToBj9/kcJHD8gKrpE
+f1HsiLLJ7PEAID1fMONTL5sVXCJ1TXpjWNZTlcTCCMAhrEghGMZV0FIm7GS//naq
+ywIDAQABo4HjMIHgMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgWgMDMGCWCG
+SAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBDbGllbnQgQ2VydGlmaWNhdGUw
+HQYDVR0OBBYEFCZDQ3rDX5H3YjuUjV5wsBi/GYyhMB8GA1UdIwQYMBaAFPbhJxe8
+UUR0YWwr5flLGZacCZ3+MA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEF
+BQcDAgYIKwYBBQUHAwQwHAYDVR0RBBUwE4IRY2xpZW50QGZyZWVzd2l0Y2gwDQYJ
+KoZIhvcNAQELBQADggIBAETxSF12VHvtjQA/uP6oUyENmu7wSbINUQZznzyJZSUQ
+X0eym9llkUqviMeT9g6wRIoFGSnoMuDkxKbG5k6xVIw6xBUeS+Ce40nhH3qmMkRi
+2DZgoqpQHb4DrTszJlXCxLhnnE83DuGDGxN2MbdY1HhCUo8yHqlCiA27hnxk46xh
+Xuyx44zoYsdpnROppSwBAeaW9Ewanp7GL8ayWUkbBy0kGV+8wH7u9bpijevmGZSC
+iykbYBM7V+RvDvZoywfNSP+l9H77Tv3SI6G40Pfc55M5MbFOa/Po+XjNVeoTOFCu
+YIgIm/kA2OUySyBiOy54HfxG5BecZYW+uUm2KIrDX5bS2tZcCww2eo4AKCXEYWrh
+1NM1xbeZCregMQ+2gRap4jhB5a49JoH3KPrjFc+1fhnv68bmSAUWwF0twwxev1Aq
+ugYwx5lOhAl9+wAZbtsUsmsCp0AmzsIzgv43H6lMXUMjwH8v770J7vpKgMzvXlu8
+wWxFKVMfyocQqvOvBQ3i9SwptnA0ORO8Y8/+Tyu8uW8as/H7z9qaHBcCOWl1RZkR
+diBrb5f+OtnamvmDM32APxYtfomj9pgWyxK9vmeCpCILdga3c41iBHbGNJDaNz9q
+y9N8z9w887aKQT+HUjoDD2/Zb92Nia1tY+NU0Qd3AQZysJjz1Pq/Eu7KRpHAirTC
+-----END CERTIFICATE-----
--- /dev/null
+# OpenSSL intermediate CA configuration file.
+# Copy to `/root/ca/intermediate/openssl.cnf`.
+
+[ ca ]
+# `man ca`
+default_ca = CA_default
+
+[ CA_default ]
+# Directory and file locations.
+dir = .
+certs = $dir/certs
+crl_dir = $dir/crl
+new_certs_dir = $dir/newcerts
+database = $dir/index.txt
+serial = $dir/serial
+RANDFILE = $dir/private/.rand
+
+# The root key and root certificate.
+private_key = $dir/private/intermediate.key.pem
+certificate = $dir/certs/intermediate.cert.pem
+
+# For certificate revocation lists.
+crlnumber = $dir/crlnumber
+crl = $dir/crl/intermediate.crl.pem
+crl_extensions = crl_ext
+default_crl_days = 30
+
+# SHA-1 is deprecated, so use SHA-2 instead.
+default_md = sha256
+
+name_opt = ca_default
+cert_opt = ca_default
+default_days = 375
+preserve = no
+policy = policy_loose
+
+[ policy_strict ]
+# The root CA should only sign intermediate certificates that match.
+# See the POLICY FORMAT section of `man ca`.
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+[ policy_loose ]
+# Allow the intermediate CA to sign a more diverse range of certificates.
+# See the POLICY FORMAT section of the `ca` man page.
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+[ req ]
+# Options for the `req` tool (`man req`).
+default_bits = 2048
+distinguished_name = req_distinguished_name
+string_mask = utf8only
+
+# SHA-1 is deprecated, so use SHA-2 instead.
+default_md = sha256
+
+# Extension to add when the -x509 option is used.
+x509_extensions = v3_ca
+
+[ req_distinguished_name ]
+# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
+countryName = Country Name (2 letter code)
+stateOrProvinceName = State or Province Name
+localityName = Locality Name
+0.organizationName = Organization Name
+organizationalUnitName = Organizational Unit Name
+commonName = Common Name
+emailAddress = Email Address
+
+# Optionally, specify some defaults.
+countryName_default = US
+stateOrProvinceName_default = Illinois
+localityName_default = Chicago
+0.organizationName_default = FreeSWITCH
+organizationalUnitName_default = Blade
+emailAddress_default =
+
+[ v3_ca ]
+# Extensions for a typical CA (`man x509v3_config`).
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+
+[ v3_intermediate_ca ]
+# Extensions for a typical intermediate CA (`man x509v3_config`).
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true, pathlen:0
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+
+[ usr_cert ]
+# Extensions for client certificates (`man x509v3_config`).
+basicConstraints = CA:FALSE
+nsCertType = client, email
+nsComment = "OpenSSL Generated Client Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
+extendedKeyUsage = clientAuth, emailProtection
+
+[ server_cert ]
+# Extensions for server certificates (`man x509v3_config`).
+basicConstraints = CA:FALSE
+nsCertType = server
+nsComment = "OpenSSL Generated Server Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+keyUsage = critical, digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth
+
+[ crl_ext ]
+# Extension for CRLs (`man x509v3_config`).
+authorityKeyIdentifier=keyid:always
+
+[ ocsp ]
+# Extension for OCSP signing certificates (`man ocsp`).
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer
+keyUsage = critical, digitalSignature
+extendedKeyUsage = critical, OCSPSigning
\ No newline at end of file
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA7QkR1NA64HPzuYYko7LTciwCWu1JLGuA3/7DkskMZ180+sQ3
+dBG4UjujKMRc0h65oFZc//WYIfmfUznLvLsRygghlevPqgGRGdf9WHIMjo9+hLM6
+MgZ51Eqqydh42L7sen/2bO85gh/pfxno3+uPFGIJtX6GFiJ5Hp86wF+cqnfRRUFo
++0L34+rLY08fITEkTbPjNg5R2jcWa+dWJXIJi3pud+ulWPTKalYiUvsqN8tucjJI
+Zb279yzrxsV2qjRqHBCToBj9/kcJHD8gKrpEf1HsiLLJ7PEAID1fMONTL5sVXCJ1
+TXpjWNZTlcTCCMAhrEghGMZV0FIm7GS//naqywIDAQABAoIBABSZ9TLJ5lQbv9Mg
+FY8ku7vwl0PP28xAi7LsMZNQZgOWAsTIyQkNgTekd0nTxz177iZBW1PjxJUvXOme
+3FZK7ADjNAgTtrjP6gyU+S/2uaCqWBSwfx5Z8bzBwJZKejZcYbFD7ecJ47WrkF+7
+oMHVd1oOK0na9Ux3Mo+2xyRxKuyl0ngwYp71pDh2QyCqZUXBEeY/gD6rPOf6Bt02
++fEjsePe0wGJUpiTpThwJuYH8nHQviXIN/zEK5CN3kOFC+fVVRLrXENmOrVBUMjC
+l8falZza/dtzStDDKsC5gQw+GZM3TC/1zo0eb+uzTeTLDH3o5GWsCAKC9MMImZo/
+gu9KkgECgYEA+Ecnv+nfAn6REU4jztFYcAHGMs0dEJPJK1AD/TkwMYC7Ve2uUNuz
+/0KsKiz0SyqhQxsvBHnj2FVlTZCxGQFe2KhVF3cp5miALMHlH/mbQyP2nnoO2+Ny
+A8GBizPNvugdDKUrnj/6jIp6S+2jhR5OfEtY2KgA5QjGRMIxndhsNo0CgYEA9Ghm
+Hk+UtutZ7NPXoZBH0iuBiDj3NOfqX/84mUb4XAQ+EVUw62pGpTf2OU8RRuHgGoHf
+aRcrfga/wtKx3/UA2m31xNhIWIHSGE35neyzQQXBp6fB2bhUCpPBgFCJz+fQCdOj
+fcCw3vrMf2H5oS/0azIsgsDRVp9lNAOtgdfFXLcCgYB5IgZTzSBAUE4o+k3gLyWN
+6F+yE38VwnUJC84Wcxt/W4aLIx7EVp0YcogbP7mlHtR1MEMdVPcEao21bV3qjE+h
+N2fkvgAUaXH35FYM5rSI6nf91CGByROsn3G73/eHKCpcLA3+9MoiXcHTX8tDPIkg
+fYaIlldxZ3mMvI6Gq7wIVQKBgQCba0P85GhSRalCg5fson45dPcC9A6ncw7Eityo
+A8xtXzlE9mKMYWGZMNP/r3ryEzLaSFoUTuqWUp5gunDoVLl9LU2LJmoi9jLux68D
+MQDwSUPTZEdONvwiWcFD4nMwZV4S0aV2kzEmKmAeZOREDuWjwR0y7IByUBwgDnKo
+TdiwUwKBgQDJ8OYzNPvp6wJ0vGg3s7ula8tiHCPmFCRJVLV6H1a+UDQD4MY2DdFa
+MgyxbetwglrSJNI4KJnc+WRYKspvTHlIkkr/GyJRW1EtBBED+drkOmvZE7vc51mN
+vj79bK66jJls/ul7YQxaKPHhB77zVNFJzWfZ8BrOCMhNTuxIE1xpRA==
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAwEA1njlU4qAG2/KskXthKBI35KDTND92Dqg6gkAvbC/IGEJJ
+yzxw7Fd2AjNMAbNLuaasK9HFRwPhZXOLQjvl+wjwtBEAgGw+gLqrLdC3RVuiWlxG
+sbfB4tAYn9Av44jURYc1Prprnvqzl8+DIU6UTuRh9JimoyL6NC4rqgcvo8LjR01R
+Nn27RdyeO/VhDjdiU2/vC/OujUqnInhtGvTB/KrDJtxLEcl15zBGe0PBoolYCF2+
+8FS2cMFw8y2aeeNeOfvjlzMXOxGG4vohxUNx/DZh6aNUzbh9Fp7gvJQ8ZRsRNqtI
+3AgGW4+7Bt4US9ekM8RQjRb51Vk/NcFhOKejswIDAQABAoIBAQCPBjXdhGF2R/9S
+WnOvt85L9WHHoS3/TMcTmGwOwpmFLvb5tTcZD9oiud59PJRrH2xSrYChCOpvLp/c
+zdzoZY9u9vO7wnpREDZfpn/7Ea+G1ekuuD+Pr1l61726BzPZXs4s+63NAPtXxsMd
+SbAQc1k6aAXH5ljyPO9PKpopYDc86FCJwPikedeYAHzRG7o5msMUiyTQJkiti505
+cpK+YC6F0KxLzhYKKy5UlWW9J/j5rZf1UkK9keaP+dWxi3u1177aaZh3f/RMl04I
+QFxhfIElyuzcJK84uC3Ddmwjk88ix9RqP3Ho7EY+ly5WpHcuHJVXxKgOQXheRYeH
+4GQN2nBBAoGBAPOwQGPrwYkHjjWUAZ6NAvhxwUfJipjcdj0mF1J9aHzg6nn3PpE3
+nbFipPGdfTIf+v6QdpQJ4BEwCEgXNctfcqyu5UUv6S5TR4vAIpkuffA10GQaxcX0
+OXkdi/KgcHle0RQW+FJXMBfkr7DXidMy4XFK06kp0VPsECrINpM4B8hJAoGBAMn2
+sCrHn8zq3N1hO9gRPCjyArLLJEwL1QzwY07oIjPQFUsIHmt9ixh3VcipMoChqxfn
+dPSWqeLiq/t0e3ekSGLQf9juivoKZzv5KQqFoPg8/9eWnM988OuXQ525AgnaQIq2
+Sb1I+Yo5pS+PUShHrDBTI7Di+wMkljERZ4qy0WQbAoGAdkXU+qoyBI/mNZrgLlPC
+XVLYvD7VRdu6h3M1XpP/YpzHMOsPMuwLXUzDQYFugiWDbIoxAyjH14+4dUTOlyZ8
+QdOg8zONuS4yS2G1aSNnfG6h9fQIiUs/mcj9Y4T7Ee0zDM0ZON2YOgCERRBXlGnd
+gV8P28qwDktEjX8e/dTz8gECgYEAugjSHZXkTQ3KhOGcDltR3yWN9sPIm4QKq/CC
+iZyqZK+37XV9D+aEyfSiwEOakYJZ55r80JA3zRae9PFHCd36D4ufOGQDAG+0yDmq
+5FZTAFawFBZYO4gLI/giAJb6mbjA2wUux30A36JZ1oVdbI0YvyrWJYnvTeXVsz0k
+803kMyECgYAZW+NOhX4mXr2N4qfpQqE2JZZCPY9SlOJLwbS117xXqeOuE5Ht5owr
+DUO7z5Ps5dvDFdcvWf7wE4L8ZTxUNywFUbONb3dIH7AuIQXn8wcu3LqQbt15g9f3
+7vpm6snlbgebSMWarvE+W8DhklceuYizodI639HSjd8qNqCsiVWLbw==
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA4t5HuHuWElHb9Pe5obw/bSSjhmj3C50ZL8Y35oW/kSkWOWdF
+HHFtqpzkUXFZJagmky+tyJf7iLML+OCZVJT0vtN0ray8ZPyuptfPfUffAQgE/iKs
+ou1bbZRs5kvYmiJbyQNQxzI6xzeNOqkTCb3o9KJhQke8/ppMlEl2wCWbFmgm7jqH
+GDy027LRXphU8FkVT004MSiyb/DAAWgCXLvSW9QP+RcFkU8FuAzLrEdU+tcp2i7a
+ngjB9Y2qbhWZLrnZiSMbtq9JICdNqmG1pNMK+3A6QK+uMke+DgAb7ODA91HFJlGq
+bv7NB0AjILfNDNBGRs6LOVld6P599eMSI82Y0wIDAQABAoIBADhwdAdBN6R3GPFo
+b5X87wqIAuZ9VnhdLNblySJgQ7gpMI43Usowrce0IFjiifsEShRz2Bf/N2Rapq/T
+sFGKfRi8IlrSjkvRUOHQ7p2MM75d8GAI4EnoIsawFid01v4BbjQjzwS/SkAlYc0m
+IsZZqIqzmt6SWkI8wLBjVleXA24fIvzgb/k0scAK51Zu4sgEYQmZYzzIdEjPoaj3
+SgU3YgsHFkTl6fwu56BqIyXIymmKIYmMyljFXXvEzqePsLAxH3nBoOjViIzybCRz
+twoCY2Ww3ddNJpJmldccs+0pB0i+rdnxg8lS0QCExI8cLNy8fzEQmKX5BQtGnd13
+8dO+0AECgYEA/gx5Oe5GZGMFtwVkUpAdwlGHB4chaX3BWAG2aHM6qmEoV6GntQog
+FMko6ifHY2oFt7gLR18bYQqgvpqkRlFieG89Y5Crsz6rSqu9HtBezuLibQ+9DRaZ
+MdGDrNjZ9gIv4W4bwakp9SHnvIyVDXzvX464XBF4Xp7B3kGkIPkQh4ECgYEA5Jxc
+3DYy8G2svF5hln3DmR2EKsoAfC0pdq+pxCxPDE5v6GONuwPnSB6YdP0nAZuMr+CY
+VZuiajH8lbZTjKYLAvi31B8hNV7s68YegUKYM21mzlGvlc9agjkuIQsHullHN/8R
+A7wuXoBC93m+0sQ86gX4Yw56kzHvmt3bt/R2qlMCgYBzYazpP6veyg59akh/Kw8p
+AyglphzpsYDPfK+gzrzVRx0wd64Yjkm1xwr7Fif7odqI72DIAI0JzO7mwotbmHj1
+o+gowTsKRKs9VbSmOxLkOa2GxQAi4qGfO73nEfIkRigC5aRbl34D5GtAekT0BEsf
+hk17G0AlEUuRqxRlGVmFgQKBgQCybpjMCEGaBwBbxg7FN0QDrlYKT8AxK87BJDqN
+M0g/grk12P42icVrNPYp2a0oRBB69gHwT5lk6b8L21M65B6UIyzYE7QHxB+HpwsI
+OMIy4aDsSDWT6FPscFTg1Ysil6xOuHa/Q5GtkM6z+gJG34Pr5N0J87MYUFGDvsZP
+vi8goQKBgQDWvwsSBOdVp0A5CxjjCDdIZWSg9VnHDulNiKg1uk3Ohg/N12ZmK0ZY
+HBy5hHSYBIx0PixfdKC6fkjbDdWCeKCoLqeUN3NU7WyDb+hnvDHI4uYU12CkXBnE
+sSdNVzfzCouLg1czYdxnlItwYRc5pTnTdEvdZJC4lNDSvrx+wM1GeA==
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKQIBAAKCAgEAsiVjUmZX3PrCMTqIQhcdSXYJGexrWMP64OTgj86dw517Ol+/
+aZE70LtWRx59dvnIOt1r+qryv2k1WbpDbAIkgIiWsr24r3RIuwHxaw7wOeu/0TlP
+H3pTonmoPHkxrcgUzt8XUpQ/UtVrClLiUwwoWFzJ38/V0A1laXMcIGgzg70cyjiw
+pjHh/PGfTTIo0r5FThbJ3d5ye046D8O3HcUe3VsTFQW49RayBVRHxv5Hpn/VTqJZ
+77fH9cEBRUIGHLO3s6sKljSDdNfvBUKHsJp+lmdN7niCMyjWWpKtonkOvhKfUtXW
+BFrxxVCs1tRn6bZoew0vGakS+IcMtN3brvHmpcQMI1qN6wmJIAtGlDMAkT+d5C9V
+rZ+JpXs9s8aXG1RzJHwn2wZ+65vLjz9G6U9DUKMvX6wj4gSWcxmpOJpv7VNPk7Io
+xhhGNDiTdH+BQafQyFAFzLVU4/oZUYSB45gAJsNKO9g70dl3Iz2K+nEuFXcExUzY
+HQ+YXEuAV3IGUg+Q/fr/mQHM4UlZ1isws/+9qEVWZOB68ObxSGLc+8S3qQpSdYeQ
+Ed1qPMMou9uHzL5RyBqns+1PxqllH7wn1NfzuAwXMfmvhdxIX3uKcn+rT3xXx3Kg
+8mkvo9EDOKAFcaYHZ8WEuC2hd+4p8j+d+BAc7sxtgIIU/jM5yHaQVlh6EFMCAwEA
+AQKCAgA4vlX7qiO0fJ8cZSN/wbMPciyF+FtdA9fGiMDKraps452bw2HJ83vVCcb6
+kkiue/N+ZIb/ajI2LAHVWdId9jTASEGQH4RTRrvf7UeDrVdxa5lGwHVmdmVrbErd
+MFFVpFSUbFUWdagR727P9ASpJUc4lh2rT50wTwQNaZ/85pP6E2O3OgVyepMcKa5v
+PVnpfre+nt2f8ToP8qPl35ZVQjOJmHfki1UVpCwCLI1MYjRaYX+FM4toIubrbZXF
+BLnDrK8H6KRPodx5fEpjJ4TnCN7nc3JMUlBOkWRtpyjthpfejTn4fapU6s715bOY
+HkIXHIX9I/7rsoIbbZDrj3tpJx4rCM1SkbjIylOvgWe7fEa5awiHnVQYL2Mwx60w
+Ag35r+ZvChu7+rNP/xXh812jNPOoFfwdXktJ0QSIbZp2dJGJLwaaaf2WscuYtKii
+0L4eY4wuJFd08nIIKDSxx+U+kO9JImZE1gxrFZJFBkt5fR1HtiK5904AUExVHcFC
+Bkkar++TztO4rZSRm5kcIQQ8e0zFFSnQNX3FAgRPt+FG7Rqq2TbN0QnyCu6WtY/a
+66sUgFoJHv/kkiukUYZgzHLsUuQn12U1hl6hPKjxQFaYUQU+ZDVuT8dJ1C/XQbPO
+V5REaV5gcATsCIvcWIb6R1gqqT6xaDK8AfDUdcBG7RAZFP3g6QKCAQEA2Usr0l2r
+xUSSfvQEd/YgORwZaCBmDpPi+MmLDZGij44aUemo+3QlzJBu88sCQRHAHBsxshA5
+8aQxb2gLyKyhbYjp7PQwlvJdWXrsTYtQaJ5j41x62PDqZg3EuBs6hmmpHk9srl3J
+RS171C4GrY+hvCetpfBFjvBpGMkS5xxuf7ghtfEqihHeWEfhoBFxCovyTcEG5EpV
+bIGkAQmEqjihUkwqSs1beR7Uo3lbBQv7TJ8IpqJoO2KguuCmrqxJD7blAGA09XoC
+Ndjum3/xLUVv8X1aLa3NkGgsfNBYyEVOxmbxmtrEXmrOQ7ryr6XUQcbiWCpiRJUB
+le1UX5wOgOP25wKCAQEA0eELKk6nfhizZ4RT9Va5W70gidIcXk6n2bVxACybj+cZ
+yDMClyYQCREl2N/ndxWzlMAJG5v8+4fzhUHMvzh6HJirdJXWU0AD8ujPHDTEO1Ot
+3S8GXj+q6t9Q2Ov1bmAHIlT97rrPqiMKjgl6NrCg8LUJ5FiVqAONlPdb/vk7GRvi
+KdyccJPwEO8hXWljXRMx0Rb2g7OWXfTWxTi3APf5HVAYWIpPzzAAlNfnM8i+rPxM
+YnWPj3BZXNfo2T5dyL8tFvW0aNp8wSe8y31FXtanwzfkhEune9aeS6me/SJnTuVZ
+D4IVS5QmBl5uxp9EM3f5Q12wx8wQf6k7CSt26IKptQKCAQAaWwjEqkHkWm3eYiCM
+oFjGNIdMXumiCQP1oxRvn+N0wAqnNs0dOrg++KHMhioO1GVVw2Kis18j1QN9/MO5
+Il8uFvYwnGmsVVdHPCafPS+SkOuSryvjVk1H9ZGPtxXBKd2uZHnNKGj6MAsd8Ds1
+H//A/5sLTnpRXQ2SSQk26PbqHN5R4B+FwacTVBykupjYa6MHFUuNswprb8oBqjLi
+Jp5CiiRzEDdxGHE4JscIdKyVXZDCDV7RHSRbplXxR8pQ0qEyC3lA8PyFpXtDdyA8
+mnh6dPbUJYmSY2BJ/0dVezqTy/awDqrUvOWpx2oaLeXx2HqpsPJcWSppEfEy643C
+ymOvAoIBAQCBw2pr1gWo6QzDTAW9AsnH9r9PdyEjDe6ppI0hVnM4HeLK7P8FBPuV
+H40O8iDieAB4T+NRtrhLrFrcYTp+YCTf2WToyFujTUkjvt2OyvEo3Sv6PUDqtOKw
+JTKPbBRrEeRXTcVS/R24S8IS37k4ZyyaptRe4oZlQw0etXGjy+TGOX8z8rqmwFEF
+p1QxtR9CRMPgSxpPg5HMtby0Y8SCTM8xWHw1Ag8mQr+ZR4QjeFKsEbIIjjccsJIP
+3U6SQwUpQUpXj8LjsXLA2hjYl7N0V7OR99TKFxyObLuifFVYnRTSqurNs9gGyqpX
+9br4AzDfwaXUCPFsFrd8tt1RZhY229KhAoIBAQCO7m9O9VCPVff5G8ZPyBx0dBa5
+9izwZ+eOJVXAMJUlw6uA5rgzne6di3JS8IOzaKOrNVK2cXESbS97n1pBybqqHibg
+bBOMESsoin8VdQZVic5rGYr3f8llMrv3yaVK8UievCNBdVPXlBY58uVyZIxrkVyo
+Xv2x/+6EcarY46CT874zLhYHRcq/ZNWfQpUx5V2ySO/eNgSbbob4dzEdP52HpPx1
+JAGpTHiOkicORAu1RWN1HvGxMITz6q/pY81cEwOI4QsQJQs+Qk0xMKLqW6f1EZY1
+dgvQq8YnwSo1fOrVM0TL5jvbXK7vRVT2zQ/RkEMIza1qvfeGbpCDD8/O21so
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAyvJnIg9cvRdX89PPuFdXelWX7/O4dFePyYobIxRAJb6INVtQ
+bHzD8NXjRpspA1WT1YJpoIz/eVGWAZvYFj9us3uocwP+8KanQrP7RtF7IgkuTbMj
+//YN94XFyas4U0F6Kp9HBkSc663tgHz6F9goo1qYx97n1DMmcze3z+/1QmDRA0f+
+Bnsqd0YwZ6sOD5Raq6DBNu+tpDQuYxpAoYT1KWKysDROpr0Oh9A8IyZfXB0fcp7L
+FPNYdEw2vfDepCnAy8yuwQKBbRRkSqxZC3W/C7b2xus8i2a6SbcJHIH8jqCrVzLh
+xnyEp5zLW4IuiMmT36P/UXCiuqumt/2RxKZcCQIDAQABAoIBADimja9uRl7qQzzm
+5Vb52otllTIAAH9JafPCP2z9XCKtGux5/uspsLBrpDOzYDF0E/5HlyCf+zhsU8lD
+LYCYWFh1rkHc3a9jddEi2IOeOhb4JRq/ZM8wahmsF9gBmYlz/5wiNftD7+HB/Uge
+mtlJF57xzTANwvzzAkqrRP4gZ4ANct1zlqfsSojObV7a8BN7nk5xWw9lfQ2JmB8/
+ZLcXqKOyHZzH7A1XigeBoFglONWbBkxaziWiTld5QT1CiL4u3vke3QefLEUtOQq0
+ti8iaapS9q/qMcBzJuBvlEG1QdrHpz7moLlinplnLJy0tVdPFBr2ICX5im+SxHik
+nUJd+QECgYEA90618dSSxGguB7EWm51yIuLw7TXlh3FPzD3O3FNhxcmdfd9HrNRO
+lJYev/z8j1c2YK0F2n4zn5XRyiu2NKa6U3EpF55+LW61WibkK494HwkzLpRWQUJE
+aoDVz6iNhmZQDMTecKl6xVJSIhYV2wf6uh+PRbxlxNAyFIB0dPf0cLkCgYEA0hSI
+XM4l0w3goTVqAVfbm92gRi6KEq1iMO6kXTCMs3SN6b3X8BW4AgD6rIOszrhbpkqp
+Y6qkPSsOoo0x0er4ErQIZgnNH+eDQIxRaj84zpkwj8NKw43NYSurK9VGDPsJz6dS
+dcJPIe6jKCrYPp/XDx8fZorcAqXOHscKFFVsfdECgYEAyYbVkzxzYSO4JsJzNtol
+cTJXvCWIZke7DCdt03MLIJ77/N+fS8IySrjOVAr3UGN0R3GXbIYc0TXIICRgtSUM
+fwSexMV98s3dcJpyouCltTzM/W8ZntI+aD+WfELRGS10nAMtdMdW6Ub88RPoOXWW
+JmejW+N7VteFh9lpjQuloNkCgYEAgwTtOrwS2PsZslDmyOmrfB0PvVV/JUDfMVdU
+SQ5jYfR6IWIWD5TsCsvjir4gg1h1SFPeKtuczM1StkxK2vmpN7jyV/ka5h/0OsiI
+ajP90NO3dqG8uhNxGH4spgzAQI48Qza+ddT2l1oGhaGa9guoC7VEVyaZKkmQMJ/A
+CIhyPlECgYAxxTfosu1A7ZrceRPONl6rgVFGoWlqsI5COL5fcNmrl8rGfTkSOMQF
+ZPNO/7rl/3Ziaah6CZf06qMSG9atVfOJ9OQ6bPcS6JLSIHGwU9NVlAjGpFSAlM2m
+/KEffzPMJlyz6c7sXLt1Hb+hjO15yYsDpHZynFSSffd91GHNx8Lhew==
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIFtjCCA56gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwbzELMAkGA1UEBhMCVVMx
+ETAPBgNVBAgMCElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApG
+cmVlU1dJVENIMQ4wDAYDVQQLDAVCbGFkZTEWMBQGA1UEAwwNQmxhZGUgUm9vdCBD
+QTAeFw0xNzA5MDcwOTI4MDRaFw0yNzA5MDUwOTI4MDRaMGUxCzAJBgNVBAYTAlVT
+MREwDwYDVQQIDAhJbGxpbm9pczETMBEGA1UECgwKRnJlZVNXSVRDSDEOMAwGA1UE
+CwwFQmxhZGUxHjAcBgNVBAMMFUJsYWRlIEludGVybWVkaWF0ZSBDQTCCAiIwDQYJ
+KoZIhvcNAQEBBQADggIPADCCAgoCggIBALIlY1JmV9z6wjE6iEIXHUl2CRnsa1jD
++uDk4I/OncOdezpfv2mRO9C7VkcefXb5yDrda/qq8r9pNVm6Q2wCJICIlrK9uK90
+SLsB8WsO8Dnrv9E5Tx96U6J5qDx5Ma3IFM7fF1KUP1LVawpS4lMMKFhcyd/P1dAN
+ZWlzHCBoM4O9HMo4sKYx4fzxn00yKNK+RU4Wyd3ecntOOg/Dtx3FHt1bExUFuPUW
+sgVUR8b+R6Z/1U6iWe+3x/XBAUVCBhyzt7OrCpY0g3TX7wVCh7CafpZnTe54gjMo
+1lqSraJ5Dr4Sn1LV1gRa8cVQrNbUZ+m2aHsNLxmpEviHDLTd267x5qXEDCNajesJ
+iSALRpQzAJE/neQvVa2fiaV7PbPGlxtUcyR8J9sGfuuby48/RulPQ1CjL1+sI+IE
+lnMZqTiab+1TT5OyKMYYRjQ4k3R/gUGn0MhQBcy1VOP6GVGEgeOYACbDSjvYO9HZ
+dyM9ivpxLhV3BMVM2B0PmFxLgFdyBlIPkP36/5kBzOFJWdYrMLP/vahFVmTgevDm
+8Uhi3PvEt6kKUnWHkBHdajzDKLvbh8y+Ucgap7PtT8apZR+8J9TX87gMFzH5r4Xc
+SF97inJ/q098V8dyoPJpL6PRAzigBXGmB2fFhLgtoXfuKfI/nfgQHO7MbYCCFP4z
+Och2kFZYehBTAgMBAAGjZjBkMB0GA1UdDgQWBBT24ScXvFFEdGFsK+X5SxmWnAmd
+/jAfBgNVHSMEGDAWgBRaMzl9Nc1p7PgDWff+pvYOddMlljASBgNVHRMBAf8ECDAG
+AQH/AgEAMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAgGzDCfJm
+weo6oeSFmSLTmlBlTJZO+7igFWf8tunmTkg8wvKe+lCyDd2efNgUocI/NA+X4kRj
+YtDH+hq0H+JlDu/p4y4/t6Srx/dh33Ow7eCv2wtuSCeK5Y0euysXhI9gmPquUGOC
+HlHkmQcG03NbbrWt0+4IaPAaKxMuV0FR7KArudZvr+8gp9S8o0AkQVFZSbW41HQe
+a7DAJmLF0vLQWoVz/YltKjwAMs/ws8OWxUdvcOA3w6XmWmjAFn5hc2MgHgu513c4
+Vbq0535ghU0Eneqc23y2ELa+8hbn5yS5wcK1AS2HG4VoDqOJw+pv4Ko3T33mCR6X
+bUABSB+znX5kEZn8KQaP8sLm07kERGjCI3FLPscM1S851tah/iqBgddlIUn/YNpM
+9uYQ2PWu6UWvqyZfhgVIlb2LYJNERtKZPeI05SRIbUW93wUTiC6A93fl8SEE7XHa
+LMJt6+HLysR2IsXLqlSRZw3rIoT0B3G4uS9Xop89znLAknrOI57OvVAMLaeBrtkl
+jepE7RrNX6VcyEY+Ar1p30ax4UJNxjxd3rszIznccerWQzuLo5wYUkuZEfNtnAFB
+Z/4qlIn7wkbRevafgmlf/bhP6ZkeJFhqEjOq36Zci5JrnRu3rM/+Vex2ibHVat0E
+IZjeGxeofAPEwTaLfPJT7EIWZ+33ZHMcz+8=
+-----END CERTIFICATE-----
--- /dev/null
+# OpenSSL root CA configuration file.
+# Copy to `/root/ca/openssl.cnf`.
+
+[ ca ]
+# `man ca`
+default_ca = CA_default
+
+[ CA_default ]
+# Directory and file locations.
+dir = .
+certs = $dir/certs
+crl_dir = $dir/crl
+new_certs_dir = $dir/newcerts
+database = $dir/index.txt
+serial = $dir/serial
+RANDFILE = $dir/private/.rand
+
+# The root key and root certificate.
+private_key = $dir/private/ca.key.pem
+certificate = $dir/certs/ca.cert.pem
+
+# For certificate revocation lists.
+crlnumber = $dir/crlnumber
+crl = $dir/crl/ca.crl.pem
+crl_extensions = crl_ext
+default_crl_days = 30
+
+# SHA-1 is deprecated, so use SHA-2 instead.
+default_md = sha256
+
+name_opt = ca_default
+cert_opt = ca_default
+default_days = 375
+preserve = no
+policy = policy_strict
+
+[ policy_strict ]
+# The root CA should only sign intermediate certificates that match.
+# See the POLICY FORMAT section of `man ca`.
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+[ policy_loose ]
+# Allow the intermediate CA to sign a more diverse range of certificates.
+# See the POLICY FORMAT section of the `ca` man page.
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+[ req ]
+# Options for the `req` tool (`man req`).
+default_bits = 2048
+distinguished_name = req_distinguished_name
+string_mask = utf8only
+
+# SHA-1 is deprecated, so use SHA-2 instead.
+default_md = sha256
+
+# Extension to add when the -x509 option is used.
+x509_extensions = v3_ca
+
+[ req_distinguished_name ]
+# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
+countryName = Country Name (2 letter code)
+stateOrProvinceName = State or Province Name
+localityName = Locality Name
+0.organizationName = Organization Name
+organizationalUnitName = Organizational Unit Name
+commonName = Common Name
+emailAddress = Email Address
+
+# Optionally, specify some defaults.
+countryName_default = US
+stateOrProvinceName_default = Illinois
+localityName_default = Chicago
+0.organizationName_default = FreeSWITCH
+organizationalUnitName_default = Blade
+emailAddress_default =
+
+[ v3_ca ]
+# Extensions for a typical CA (`man x509v3_config`).
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+
+[ v3_intermediate_ca ]
+# Extensions for a typical intermediate CA (`man x509v3_config`).
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true, pathlen:0
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+
+[ usr_cert ]
+# Extensions for client certificates (`man x509v3_config`).
+basicConstraints = CA:FALSE
+nsCertType = client, email
+nsComment = "OpenSSL Generated Client Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
+extendedKeyUsage = clientAuth, emailProtection
+
+[ server_cert ]
+# Extensions for server certificates (`man x509v3_config`).
+basicConstraints = CA:FALSE
+nsCertType = server
+nsComment = "OpenSSL Generated Server Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+keyUsage = critical, digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth
+
+[ crl_ext ]
+# Extension for CRLs (`man x509v3_config`).
+authorityKeyIdentifier=keyid:always
+
+[ ocsp ]
+# Extension for OCSP signing certificates (`man ocsp`).
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer
+keyUsage = critical, digitalSignature
+extendedKeyUsage = critical, OCSPSigning
\ No newline at end of file
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKAIBAAKCAgEA3Pt3X1j8YaRuGb4ENkhfazwZl0K4VlaPhGj4h4wiL5S2Tp8E
+83HoRkoyQRX0fhKCrHtjNucOODkVbf+QMlv1mgEwCq+3SIEA6keBzsUv5sahunfP
+d+Vgh6+lgp1sAfjFuFlxrRvighO/yHHKE6P2BBgIz3t5QSakE/fLPwejZ98dacyA
+IxklzLvt4xHRVP7rxfiNFXKRXHsQd1iaWGSUBNMkUspCl8wO5IAPX75RiFGeA80I
+jZ518YVjiFBjCdzQfJb9iGJCGzrOcPJahfum+tzyIO/rIj+ldFyLPY0wbpa0wKeF
+58HWt52p3HmKnK5FUa7L8RNAfc3/H+6qyDeBFx92+T6J30q61dcmPayKooUJNsTK
+slrZ5L2OicWZepa/Oc5dagyzGEUc+Z11Mgl8/4pT4rUOna29v1d8+StJPN8XgWAH
+xmwpZ/cY/9GluSq5oB+6PTPcQ0aFHHUAI97QqfpGOeAWjtVd/3YUcNo82Pa3577r
+Rgh55X+XEySQmBiPWNOsfuCZZvYGOkLmby1SYR/LOwH8opKJyG/bOiZq23aaTPkm
+EQQSLRzsKxWc2jlE/UllpYX3FCu8nFn+L7Tam495IImi8FrpEX16ZpTGhr7YnfbO
+kMYw+LaRA36U55e5DToJAB5TCsC2CLhk8QDVoIMPfpYpY4XpdmA4EfDHOG0CAwEA
+AQKCAgEAiAH9pqGONEqPuShKT16b29RRq9dUvU7pZgV1cXe+Uqqkyh71XSBuZVSl
+OYnZwP6DjsUie1gaWGBJ4Dm69kPDFdZFS0568BT2CzuXmTukD9WRFMNI3fI/R0PE
+Cm/5Wf1TM/NZE8Jl1slw8F2Ykh4H/N0ODyVfq8mskt2gKlr5J6Ua5VMISpHfwfKo
+p2j//eAoHOCtdNXewZy8tbfCx0SgFZgecxYphmQBhoGK9NKeO9h/+Lbo3MD6tnvy
+lqNjUV6mswf7Y0WWikvXY4zGSlBopV33aG5BugKSQtvylx+e/3GiLjDtKYcUME7J
+jPkBZw2bfHqo6ud+ee+fZnfuhOwkdoHCGPA4aN7L3B19XJBKsI4zAoQNlUAteegg
+D59Fdnq8362xLE0F0crEgwMFYj4Qg9jy12em3iSvuKa17o0FuovGug4nHiQQ5asH
+nmjadXNfM6xAoQqCgbwjrVYD+i+/ofFAqDhPbjH+nOxS8l4MD+0i7nzQAIqIjsvl
+S5XM548ufxcEgwpMGc2bbJS5qg1weIgHZGT/RqnzeqFfHaJ8VN33Lbk2H5w6Qj87
+QFNqE6ZxFnf/k8FRF1QJB6BhmkhExvYgiK51DElnkinDDa6nkbwlkr1dE5zVv2zQ
+jLmQdBoHw2dBWEmik0lZ4m6rIvMD5rkR45oNPcyZ2wA8dKgr6AECggEBAPjmq0vK
+ur8RSpqEIXvI6dvGNXayGAFM0KLaHYfB6+qWXP6j+cn2wJHvH9sxl9vmUdE8auj+
+DaoaK6XeFcvBryO4+EwzrnY4eVU6QW/UiCgmSnRupLBxeyQOSgbok+3gMeJieSPw
+CpyH5cC3v9mWpg5X5dmm+ENUqv3d4hjsZzxwkJ/k92/29F7eaCVmlEOPw2skkz3O
+4BBznOSL9foKp0zAx/hqV2hkJmnb6DK14D6QkX+A0o8mOvhq1NjJ0isMUtllVzkq
+Lro3J8NEwkMhwYfVMOoj/URdZ8iskp5T6ez/BmIPE5zE9F8ZKmU4PkmpMoHISzDz
+5zTJOBCJ9AslNuECggEBAONI81qE5gxk1DCXLkfdCDe1paoy2DTGFX2MXTeDipv+
+C466l/odu9JQZASfXgpVkyjAPKFTCgAZL20V3izuk2izskZKN16KaNG3SJWmwWx1
+o2Gle2Z0Jd8AqaXvPzAKDFio/6MfD/EQFzOv9+BEBAlCFCz39Q19neSarhS6Ckv8
+kljsOambnjGtSliPZkrFueG9BLRqaTCU3yZpXsS8DqCVTqw4xmNcMGADkhn568Jq
+664iFXjD5aiAnrmBKzW7GLY7mbH4oyxmL+NNj0mwjB80evFZ8RIQuJ4tmIRFK0vo
+czNWo6CPOVbd4qMbhsHk4Pm1gH7LHbbT1PFlrsZ0Tw0CggEAWFHJoLhMMbZaCaAv
+HXR6fzDDEd46JGP0eIT7C4wlQXWfg//9h8vWIzJ91FKxtybwC1Xr/ccAZEarDE1U
+4JtWoU9mU+vW0T5S14o3ZA4/TjfgHZaRO8bY0j97xx3KOBNgwBr/L2Bi845JWWwa
+WIRbYiWQev4DhCjMEA8mxn9EVq7+sq4VmxY/OlajD/ppS9v8lM1CriD1YwETQAnl
++5bCLLsPejeJ0pIPC2sr5qqg6rJz3pGApakELdgCtPZQbFQQJfIO1EsCj7M4mdKR
+OC8HNELS+5JPsW2PgSazVBkknaMUycDdzbgZmpEceRRPDeZK9MB05eb2OMXZ7gx1
+m2rWIQKCAQB6rpLk5l2CjR5YCBKsKavY3kzI3N8FRXKuLQjYAUHdR7iXVzLXiBss
+v8XtFNTfASgI1BMmBTudp/qIiEg/upuI5Y4yELdoaY+Au80LMlKvp6QD/h3oxIL4
+p1PrRIO3+4SEitxKAWdKeKP9e1tyC2SeVrOrPkBhAtAqaC/U8kLCl1erdf7+BQjT
+ybUarnTJoYbfSXbzp4iV95WoFzJXQScoGM+5eH/lfAqEmQjQyq0uaSZD/RPX9u3N
+EXgbq5RWUWJaYztn7Eyvl4z7xY61eP15jotaIXFVjf8JKpVruCZRt+wO5xI1hXmu
+4OAHqMEJgfDJ+OWeCydD233Su08mwfs1AoIBABnzt5VGd6K835vpZHsXiAxmCh5y
+rk85wcnWy/Id1IpP91bDkHF/ilD/IpegS+dKGrmaEauKpRy+mRT+KyhUQAzS/Xnv
+k/6wbbwzLFvmD3zm1pID4/LucetyyFQmM/45V+sDTNsf1sWA92we0n4q+MiR3Xep
+apQoO90u3q2I811UlwfUzeLknnGr0+5FiQ2Lkt34GAgUr3ydNNw31fR9uWU4FRLq
+JZNXYQcaeH7NoAW4bhS0fo3+KKl6Yqza8O4iu1v8wqbTgVuNd/OJSvYZSc76yDrc
+Ghju++Rz9enWJfA00sTebHC+TDm97ASS6uZH2gwR6xjKggUbxlJ3uw/yQK4=
+-----END RSA PRIVATE KEY-----
blade:
{
+ transport:
+ {
+ wss:
+ {
+ ssl:
+ {
+ key = "./ca/intermediate/private/client@freeswitch-upstream.key.pem";
+ cert = "./ca/intermediate/certs/client@freeswitch-upstream.cert.pem";
+ chain = "./ca/intermediate/certs/ca-chain.cert.pem";
+ };
+ };
+ };
};
{
wss:
{
+ ssl:
+ {
+ key = "./ca/intermediate/private/controller@freeswitch-upstream.key.pem";
+ cert = "./ca/intermediate/certs/controller@freeswitch-upstream.cert.pem";
+ chain = "./ca/intermediate/certs/ca-chain.cert.pem";
+ };
endpoints:
{
ipv4 = ( { address = "0.0.0.0", port = 2101 } );
ipv6 = ( { address = "::", port = 2101 } );
backlog = 128;
- };
- # SSL group is optional, disabled when absent
- ssl:
- {
- # todo: server SSL stuffs here
+ ssl:
+ {
+ key = "./ca/intermediate/private/controller@freeswitch-downstream.key.pem";
+ cert = "./ca/intermediate/cert/controller@freeswitch-downstream.cert.pem";
+ chain = "./ca/intermediate/cert/ca-chain.cert.pem";
+ };
};
};
};
#include <openssl/ssl.h>
#include <openssl/engine.h>
+#include <openssl/x509v3.h>
KS_BEGIN_EXTERN_C
KS_DECLARE(ks_ssize_t) kws_close(kws_t *kws, int16_t reason);
KS_DECLARE(void) kws_destroy(kws_t **kwsP);
KS_DECLARE(ks_status_t) kws_get_buffer(kws_t *kws, char **bufP, ks_size_t *buflen);
+KS_DECLARE(ks_size_t) kws_sans_count(kws_t *kws);
+KS_DECLARE(const char *) kws_sans_get(kws_t *kws, ks_size_t index);
+
is_init = 1;
SSL_library_init();
+ SSL_load_error_strings();
if (ssl_count == 0) {
num = CRYPTO_num_locks();
char *req_uri;
char *req_host;
char *req_proto;
+
+ char **sans;
+ ks_size_t sans_count;
};
}
if (code < 0) {
- if (code == -1 && SSL_get_error(kws->ssl, code) != SSL_ERROR_WANT_READ) {
+ int sslerr = SSL_get_error(kws->ssl, code);
+ if (code == -1 && sslerr != SSL_ERROR_WANT_READ) {
return -1;
}
}
goto err;
}
+ if (kws->type == KWS_SERVER)
+ {
+ X509 *cert = SSL_get_peer_certificate(kws->ssl);
+
+ if (cert && SSL_get_verify_result(kws->ssl) == X509_V_OK) {
+ GENERAL_NAMES *sans = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
+ if (sans) {
+ kws->sans_count = (ks_size_t)sk_GENERAL_NAME_num(sans);
+ if (kws->sans_count) kws->sans = ks_pool_calloc(pool, kws->sans_count, sizeof(char *));
+ for (ks_size_t i = 0; i < kws->sans_count; i++) {
+ const GENERAL_NAME *gname = sk_GENERAL_NAME_value(sans, (int)i);
+ char *name = (char *)ASN1_STRING_data(gname->d.dNSName);
+ kws->sans[i] = ks_pstrdup(pool, name);
+ }
+ sk_GENERAL_NAME_pop_free(sans, GENERAL_NAME_free);
+ }
+ }
+
+ if (cert) X509_free(cert);
+ }
+
*kwsP = kws;
return KS_STATUS_SUCCESS;
#endif
}
+KS_DECLARE(ks_status_t) kws_peer_sans(kws_t *kws, char *buf, ks_size_t buflen)
+{
+ ks_status_t ret = KS_STATUS_SUCCESS;
+ X509 *cert = NULL;
+
+ ks_assert(kws);
+ ks_assert(buf);
+ ks_assert(buflen);
+
+ cert = SSL_get_peer_certificate(kws->ssl);
+ if (!cert) {
+ ret = KS_STATUS_FAIL;
+ goto done;
+ }
+
+ if (SSL_get_verify_result(kws->ssl) != X509_V_OK) {
+ ret = KS_STATUS_FAIL;
+ goto done;
+ }
+
+ //if (X509_NAME_get_text_by_NID(X509_get_subject_name(cert), NID_commonName, buf, (int)buflen) < 0) {
+ // ret = KS_STATUS_FAIL;
+ // goto done;
+ //}
+
+ GENERAL_NAMES *san_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
+ if (san_names) {
+ int san_names_nb = sk_GENERAL_NAME_num(san_names);
+ for (int i = 0; i < san_names_nb; i++) {
+ const GENERAL_NAME *current_name = sk_GENERAL_NAME_value(san_names, i);
+ char *name = (char *)ASN1_STRING_data(current_name->d.dNSName);
+ if (name) continue;
+ }
+ sk_GENERAL_NAME_pop_free(san_names, GENERAL_NAME_free);
+ }
+done:
+ if (cert) X509_free(cert);
+
+ return ret;
+}
KS_DECLARE(ks_ssize_t) kws_read_frame(kws_t *kws, kws_opcode_t *oc, uint8_t **data)
{
return KS_STATUS_SUCCESS;
}
+
+KS_DECLARE(ks_size_t) kws_sans_count(kws_t *kws)
+{
+ ks_assert(kws);
+
+ return kws->sans_count;
+}
+
+KS_DECLARE(const char *) kws_sans_get(kws_t *kws, ks_size_t index)
+{
+ ks_assert(kws);
+ if (index >= kws->sans_count) return NULL;
+ return kws->sans[index];
+}
projects / thirdparty / freeswitch.git / commitdiff
