From: Noel Power Date: Fri, 28 Feb 2020 13:32:01 +0000 (+0000) Subject: selftest/manage-ca: Add certificiate etc. for DC addcsmb1 X-Git-Tag: ldb-2.2.0~1115 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fc0d10d02350b450f6304ea76caa99e361cdfbc8;p=thirdparty%2Fsamba.git selftest/manage-ca: Add certificiate etc. for DC addcsmb1 Preparatory commit pre adding new addc_smb1 environment. In order to support new addc_smb1 test environment we need new certificate(s) in order to satisfy some tests (e.g. samba4.blackbox.pkinit.*) Signed-off-by: Noel Power Reviewed-by: Ralph Boehme --- diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-cert.cer b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-cert.cer new file mode 100644 index 00000000000..f68d26d585d Binary files /dev/null and b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-cert.cer differ diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-cert.pem b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-cert.pem new file mode 100644 index 00000000000..6b25079d889 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-cert.pem @@ -0,0 +1,191 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 6 (0x6) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=SambaState, L=SambaCity, O=SambaSelfTesting, OU=CA Administration, CN=CA of samba.example.com/emailAddress=ca-samba.example.com@samba.example.com + Validity + Not Before: Feb 28 13:30:28 2020 GMT + Not After : Feb 23 13:30:28 2040 GMT + Subject: C=US, ST=SambaState, O=SambaSelfTesting, OU=Domain Controllers, CN=addcsmb1.addom2.samba.example.com/emailAddress=ca-samba.example.com@samba.example.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:de:fe:5d:7a:30:99:bb:1e:11:56:ac:b0:d4:01: + 50:30:83:e1:71:0f:aa:3e:1a:b4:f7:9d:ea:93:69: + fc:be:51:19:4c:37:f7:a3:b3:3c:90:13:62:63:14: + 9d:b8:54:66:17:65:4a:67:8e:ce:96:7f:4d:c2:c6: + 6e:fd:3c:ae:bb:e2:5b:6c:ee:51:7b:db:37:17:94: + 99:02:3a:2f:a9:cb:d0:23:29:b7:43:33:08:fc:3f: + 15:3b:ed:3c:eb:69:5b:95:45:18:1e:85:5e:aa:31: + b6:3e:18:c8:2f:3a:48:2d:cc:c6:69:28:b6:5c:ac: + 24:03:b1:83:e8:e6:96:a7:06:6d:fe:73:13:04:d2: + 18:0f:d4:72:f7:88:22:40:5b:ab:68:a4:89:e2:3d: + c0:ca:e5:a7:ae:b6:f8:ea:8a:8c:39:9c:6d:1b:89: + ab:72:2c:04:27:40:7e:f5:d3:3f:5d:d8:0d:71:67: + 65:1d:e3:3d:65:b0:97:7f:14:ad:92:43:2f:3f:04: + ab:1e:31:52:07:7f:df:48:ac:9a:c0:28:d1:ab:eb: + f2:79:b3:d2:44:5f:e8:2d:92:d7:d8:be:03:fe:db: + 55:2b:4b:f8:9c:b4:ce:02:78:07:72:0f:d5:32:cd: + 01:1e:3d:b2:6e:25:29:fa:09:49:49:ab:ed:dc:2b: + 10:c5:3d:19:3c:c4:1e:da:ee:95:c2:ff:f8:50:b4: + f7:47:9a:a4:7d:1c:9a:8d:77:da:b6:a2:e6:4f:cd: + 80:b9:b1:f2:1d:dc:90:60:37:6f:39:5e:a6:03:e2: + 8b:44:d7:a4:45:fd:7e:4f:43:14:f0:68:0d:e6:84: + 8f:21:20:53:f6:b4:67:bd:fc:5d:f4:48:2a:95:1d: + 7d:79:ba:a1:ee:b8:f0:83:83:7f:ab:b1:eb:38:4e: + 3c:4b:8a:93:80:15:63:4c:43:1d:81:4b:c1:e6:d5: + b0:9f:6c:49:9d:04:92:66:6c:9f:7c:d3:62:50:72: + fc:77:65:87:39:d9:d0:ef:5e:53:49:32:4a:d3:1b: + 4a:88:45:f0:0f:a2:5e:33:29:bd:ab:3d:6b:3d:23: + bc:c6:9c:9d:98:9c:9d:8d:cc:32:3e:e1:8c:98:19: + 1c:44:ee:17:43:b3:b0:47:a5:fe:15:49:aa:5a:b7: + 76:43:4c:df:9a:e8:33:3d:52:e8:6c:2c:dd:3e:d8: + a9:e9:2d:36:c2:3a:43:75:b2:bc:d5:bd:81:8b:fc: + 63:37:61:88:24:bb:76:35:19:00:44:7a:3e:30:a8: + 9e:8f:df:74:14:09:0b:f5:8b:c9:b0:ed:be:d0:cf: + c0:7f:61:41:07:f8:6c:7d:0a:05:96:4f:6e:5f:cc: + 40:f3:f5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 CRL Distribution Points: + + Full Name: + URI:http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + + Netscape Cert Type: + SSL Server + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + Netscape Comment: + Domain Controller Certificate addcsmb1.addom2.samba.example.com + X509v3 Subject Key Identifier: + 5B:85:11:27:BF:F7:A6:2B:8F:51:93:D8:29:4E:0E:A2:67:AA:9D:80 + X509v3 Authority Key Identifier: + keyid:A2:3E:02:2A:A3:A7:4D:39:B4:08:4D:99:CC:0C:75:36:EA:27:C3:3E + + X509v3 Subject Alternative Name: + DNS:addcsmb1.addom2.samba.example.com, othername: + X509v3 Issuer Alternative Name: + email:ca-samba.example.com@samba.example.com + Netscape CA Revocation Url: + http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + X509v3 Extended Key Usage: + TLS Web Client Authentication, TLS Web Server Authentication, msKDC + Signature Algorithm: sha256WithRSAEncryption + 73:de:7a:35:bc:15:ac:32:44:5b:98:60:64:12:af:ea:42:46: + 7d:fb:b2:88:b3:47:61:c3:0b:6d:d1:68:92:3d:44:cd:37:86: + da:10:d2:18:db:19:29:03:31:1a:26:cd:70:d1:ec:13:ac:59: + 84:cd:be:9f:2b:c6:2d:10:aa:4b:4d:78:39:d3:6b:e1:4d:e8: + 10:a0:3e:97:d3:1c:19:11:e4:0f:26:7f:96:d7:26:17:23:02: + d9:4b:47:0c:af:c7:ef:28:ae:1c:28:e5:d2:7a:61:46:70:3b: + 49:5e:d0:65:54:4c:ae:14:27:c0:e4:17:41:2c:1a:42:0d:86: + 6c:37:48:65:80:02:21:b3:2b:1f:4f:34:a5:ce:7b:b0:fe:06: + a6:fe:c5:1b:ca:e5:e6:7e:d5:dc:01:d2:50:c4:f8:5e:73:6c: + 2c:56:81:d0:a4:73:bf:82:cb:d8:76:ca:7e:44:99:3a:5f:a9: + 97:89:a8:5c:5b:1b:38:0d:4d:cb:02:49:69:82:13:68:a6:be: + 4b:a3:57:a6:a6:e3:f0:dc:ad:1c:30:00:bf:ed:15:ca:c3:3d: + 5c:7b:dc:6d:e6:cb:bb:bc:a1:22:e7:32:95:e0:0f:6a:ab:40: + 0c:43:ed:f3:98:63:7c:2f:15:63:49:4e:5c:82:65:13:f2:53: + 26:d7:4c:c6:f8:7e:fa:bc:a8:22:44:f1:fb:a6:bb:27:64:ec: + 94:28:19:4a:af:09:7e:01:8e:9d:3e:43:e5:79:fd:16:ed:24: + b4:ab:58:02:e2:9e:f8:a1:b0:45:25:6d:2f:be:bb:88:90:c7: + d8:45:31:48:65:26:33:86:cc:46:69:53:6b:f1:d6:35:df:b1: + 39:ed:81:e1:23:f1:01:de:99:10:11:f0:3f:4d:5d:d3:8a:0c: + 44:78:f6:27:4a:32:1d:ab:0c:63:d0:71:25:62:67:f5:0c:7e: + 2c:7c:a4:ec:8d:de:00:6d:5f:69:5d:bf:e6:c7:59:75:87:5e: + 2c:12:dc:a5:1b:dd:c1:7a:c9:56:63:6a:3b:c6:9a:b7:fc:15: + 01:53:4d:c8:ca:c7:c8:81:50:a0:65:43:33:fb:aa:55:64:a0: + c3:2e:e2:f9:08:64:e5:75:ab:98:b3:38:ba:8d:53:e8:08:47: + ef:cf:a9:f2:16:25:1b:20:78:2d:6f:f5:83:ee:35:d4:b5:c5: + d6:d7:81:17:bf:9c:45:43:d1:88:74:22:1a:32:b2:45:73:a2: + 28:d4:da:ff:85:f9:75:1c:4f:84:6a:a5:1a:41:eb:8b:e0:1d: + 49:69:07:2f:5b:5e:e3:7b:00:f8:4b:67:5b:42:d7:51:de:1c: + 18:89:2f:f8:36:e7:b5:a3:6c:39:e3:88:dc:5d:7f:2f:d9:52: + b6:6b:9c:e9:1d:df:d0:18:68:25:70:7e:71:fb:b3:40:28:75: + e9:24:38:6f:70:5b:1a:f9:bf:e9:43:bd:4b:51:e3:df:e3:25: + 11:ae:30:4e:7e:55:58:43:b3:65:05:11:2d:0e:a4:3c:b8:8a: + 0c:f9:93:ab:27:28:c0:b2:17:76:52:9b:18:82:b7:fd:a6:4f: + 6e:a1:74:2b:19:59:ac:b1:d8:5e:fb:f3:69:37:16:59:01:4c: + fa:a9:57:52:04:d4:45:8f:10:08:8a:ab:88:aa:96:46:9a:aa: + 94:b5:c6:bf:e9:9e:9a:cd:40:f3:2a:ed:23:ff:a6:f7:9b:18: + 02:d9:ab:76:96:ac:15:6f:04:5d:92:d2:49:4c:4b:62:da:3d: + 2a:a4:59:22:1a:75:cd:6e:fb:62:50:da:ae:9d:28:7d:4d:32: + 2f:d8:cd:37:67:f9:1d:c1:d5:76:40:ba:34:f6:8c:92:5b:c0: + 65:f6:3c:90:6c:5b:67:09:0d:d3:14:90:38:03:82:06:c3:b7: + 85:74:7f:15:f4:5b:de:66:5f:71:a9:f1:ed:15:9b:a0:72:ee: + 05:d7:b3:92:30:65:2e:82:90:21:fe:f0:07:34:11:d3:87:41: + f4:35:04:0c:b4:28:f5:73:b8:d5:0e:e3:2a:53:ab:9a:3f:4d: + 59:f9:18:68:f0:31:90:1d:d6:25:c6:8b:33:e8:dc:06:93:7b: + cb:01:de:8b:1e:87:5a:26:a0:0d:5e:f6:6a:36:43:54:53:6d: + 87:10:ca:a8:15:1a:4a:37:95:a5:67:93:74:ba:c3:59:9b:f8: + b5:ab:10:98:fc:ff:d6:d2:61:17:5d:90:7e:b1:2a:16:ec:d5: + da:80:67:02:13:41:d7:bc:a2:af:0b:54:08:b3:2e:1b:05:50: + 80:f6:c7:9a:8c:ac:89:49:4a:f4:4b:71:73:bc:e7:8c:6f:0c: + 70:62:73:3d:ed:07:14:35:f0:15:0c:bb:d8:c3:f6:19:43:b7: + 45:a5:33:80:17:1f:c3:39:28:3d:6a:7c:d6:e0:37:66:58:bd: + e8:64:2c:ad:b7:e0:25:f5:41:ac:ae:cb:ca:c1:eb:5b:8b:e1: + 3d:1e:cc:09:63:d6:6c:c8:eb:b8:ae:6f:4b:02:98:4a:2a:1a: + 94:26:e7:a3:23:7c:e9:e5:02:e0:1f:f5:88:f9:14:74:81:01: + 1d:cd:7e:46:35:7c:1d:e3:64:60:88:a4:ed:86:06:0e:af:3a: + 2b:1d:f8:45:fe:53:8e:56:89:95:98:ff:2c:8a:fb:3a:7a:0c: + 46:6a:3d:32:78:ad:58:69:ba:3b:d5:95:51:55:f3:72 +-----BEGIN CERTIFICATE----- +MIIKAzCCBeugAwIBAgIBBjANBgkqhkiG9w0BAQsFADCBxjELMAkGA1UEBhMCVVMx +EzARBgNVBAgMClNhbWJhU3RhdGUxEjAQBgNVBAcMCVNhbWJhQ2l0eTEZMBcGA1UE +CgwQU2FtYmFTZWxmVGVzdGluZzEaMBgGA1UECwwRQ0EgQWRtaW5pc3RyYXRpb24x +IDAeBgNVBAMMF0NBIG9mIHNhbWJhLmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkB +FiZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTAeFw0yMDAy +MjgxMzMwMjhaFw00MDAyMjMxMzMwMjhaMIG9MQswCQYDVQQGEwJVUzETMBEGA1UE +CAwKU2FtYmFTdGF0ZTEZMBcGA1UECgwQU2FtYmFTZWxmVGVzdGluZzEbMBkGA1UE +CwwSRG9tYWluIENvbnRyb2xsZXJzMSowKAYDVQQDDCFhZGRjc21iMS5hZGRvbTIu +c2FtYmEuZXhhbXBsZS5jb20xNTAzBgkqhkiG9w0BCQEWJmNhLXNhbWJhLmV4YW1w +bGUuY29tQHNhbWJhLmV4YW1wbGUuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEA3v5dejCZux4RVqyw1AFQMIPhcQ+qPhq0953qk2n8vlEZTDf3o7M8 +kBNiYxSduFRmF2VKZ47Oln9NwsZu/Tyuu+JbbO5Re9s3F5SZAjovqcvQIym3QzMI +/D8VO+0862lblUUYHoVeqjG2PhjILzpILczGaSi2XKwkA7GD6OaWpwZt/nMTBNIY +D9Ry94giQFuraKSJ4j3AyuWnrrb46oqMOZxtG4mrciwEJ0B+9dM/XdgNcWdlHeM9 +ZbCXfxStkkMvPwSrHjFSB3/fSKyawCjRq+vyebPSRF/oLZLX2L4D/ttVK0v4nLTO +AngHcg/VMs0BHj2ybiUp+glJSavt3CsQxT0ZPMQe2u6Vwv/4ULT3R5qkfRyajXfa +tqLmT82AubHyHdyQYDdvOV6mA+KLRNekRf1+T0MU8GgN5oSPISBT9rRnvfxd9Egq +lR19ebqh7rjwg4N/q7HrOE48S4qTgBVjTEMdgUvB5tWwn2xJnQSSZmyffNNiUHL8 +d2WHOdnQ715TSTJK0xtKiEXwD6JeMym9qz1rPSO8xpydmJydjcwyPuGMmBkcRO4X +Q7OwR6X+FUmqWrd2Q0zfmugzPVLobCzdPtip6S02wjpDdbK81b2Bi/xjN2GIJLt2 +NRkARHo+MKiej990FAkL9YvJsO2+0M/Af2FBB/hsfQoFlk9uX8xA8/UCAwEAAaOC +AgEwggH9MAkGA1UdEwQCMAAwTwYDVR0fBEgwRjBEoEKgQIY+aHR0cDovL3d3dy5z +YW1iYS5leGFtcGxlLmNvbS9jcmxzL0NBLXNhbWJhLmV4YW1wbGUuY29tLWNybC5j +cmwwEQYJYIZIAYb4QgEBBAQDAgZAMAsGA1UdDwQEAwIF4DBOBglghkgBhvhCAQ0E +QRY/RG9tYWluIENvbnRyb2xsZXIgQ2VydGlmaWNhdGUgYWRkY3NtYjEuYWRkb20y +LnNhbWJhLmV4YW1wbGUuY29tMB0GA1UdDgQWBBRbhREnv/emK49Rk9gpTg6iZ6qd +gDAfBgNVHSMEGDAWgBSiPgIqo6dNObQITZnMDHU26ifDPjBFBgNVHREEPjA8giFh +ZGRjc21iMS5hZGRvbTIuc2FtYmEuZXhhbXBsZS5jb22gFwYJKwYBBAGCNxkBoAoE +CAEjRWeJq83vMDEGA1UdEgQqMCiBJmNhLXNhbWJhLmV4YW1wbGUuY29tQHNhbWJh +LmV4YW1wbGUuY29tME0GCWCGSAGG+EIBBARAFj5odHRwOi8vd3d3LnNhbWJhLmV4 +YW1wbGUuY29tL2NybHMvQ0Etc2FtYmEuZXhhbXBsZS5jb20tY3JsLmNybDAmBgNV +HSUEHzAdBggrBgEFBQcDAgYIKwYBBQUHAwEGBysGAQUCAwUwDQYJKoZIhvcNAQEL +BQADggQBAHPeejW8FawyRFuYYGQSr+pCRn37soizR2HDC23RaJI9RM03htoQ0hjb +GSkDMRomzXDR7BOsWYTNvp8rxi0QqktNeDnTa+FN6BCgPpfTHBkR5A8mf5bXJhcj +AtlLRwyvx+8orhwo5dJ6YUZwO0le0GVUTK4UJ8DkF0EsGkINhmw3SGWAAiGzKx9P +NKXOe7D+Bqb+xRvK5eZ+1dwB0lDE+F5zbCxWgdCkc7+Cy9h2yn5EmTpfqZeJqFxb +GzgNTcsCSWmCE2imvkujV6am4/DcrRwwAL/tFcrDPVx73G3my7u8oSLnMpXgD2qr +QAxD7fOYY3wvFWNJTlyCZRPyUybXTMb4fvq8qCJE8fumuydk7JQoGUqvCX4Bjp0+ +Q+V5/RbtJLSrWALinvihsEUlbS++u4iQx9hFMUhlJjOGzEZpU2vx1jXfsTntgeEj +8QHemRAR8D9NXdOKDER49idKMh2rDGPQcSViZ/UMfix8pOyN3gBtX2ldv+bHWXWH +XiwS3KUb3cF6yVZjajvGmrf8FQFTTcjKx8iBUKBlQzP7qlVkoMMu4vkIZOV1q5iz +OLqNU+gIR+/PqfIWJRsgeC1v9YPuNdS1xdbXgRe/nEVD0Yh0IhoyskVzoijU2v+F ++XUcT4RqpRpB64vgHUlpBy9bXuN7APhLZ1tC11HeHBiJL/g257WjbDnjiNxdfy/Z +UrZrnOkd39AYaCVwfnH7s0AodekkOG9wWxr5v+lDvUtR49/jJRGuME5+VVhDs2UF +ES0OpDy4igz5k6snKMCyF3ZSmxiCt/2mT26hdCsZWayx2F7782k3FlkBTPqpV1IE +1EWPEAiKq4iqlkaaqpS1xr/pnprNQPMq7SP/pvebGALZq3aWrBVvBF2S0klMS2La +PSqkWSIadc1u+2JQ2q6dKH1NMi/YzTdn+R3B1XZAujT2jJJbwGX2PJBsW2cJDdMU +kDgDggbDt4V0fxX0W95mX3Gp8e0Vm6By7gXXs5IwZS6CkCH+8Ac0EdOHQfQ1BAy0 +KPVzuNUO4ypTq5o/TVn5GGjwMZAd1iXGizPo3AaTe8sB3oseh1omoA1e9mo2Q1RT +bYcQyqgVGko3laVnk3S6w1mb+LWrEJj8/9bSYRddkH6xKhbs1dqAZwITQde8oq8L +VAizLhsFUID2x5qMrIlJSvRLcXO854xvDHBicz3tBxQ18BUMu9jD9hlDt0WlM4AX +H8M5KD1qfNbgN2ZYvehkLK234CX1Qayuy8rB61uL4T0ezAlj1mzI67iub0sCmEoq +GpQm56MjfOnlAuAf9Yj5FHSBAR3NfkY1fB3jZGCIpO2GBg6vOisd+EX+U45WiZWY +/yyK+zp6DEZqPTJ4rVhpujvVlVFV83I= +-----END CERTIFICATE----- diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-key.pem b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-key.pem new file mode 100644 index 00000000000..98aae6c46ef --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-key.pem @@ -0,0 +1,54 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIJjjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI9PC/3NcJal0CAggA +MBQGCCqGSIb3DQMHBAiLhharWWs8/QSCCUglchvaoRZ2KDAOpx1om+BnWFdmElQz +h/3v5NMjNzMrgjSkSU4blpuQdPj4xbyzlxIDJGQFRgcDouNl7FU59Eb1duPnIud/ +6zWBgQgnTbVgH1h+zhHhbpmqAYPAxwf+H5NVEWQva2uAGWrKMApuUPn1IpgesPRz +9WsWwdOyHkj0hQd5slbVdsxJL5wcHwBip9vzrH4IV+WM/vtem4+0629KGFl6hisW +iZD6D2nJHejIlVJMNy6Jkqa5hnJeMH7djaRFp8f22C7/5EbE1a+DGwh6RQG1SfvO +Z7ZTQKkPuq3MvKSb5tp5ArOyHvmQsphPD2TzTtWJD2LiBl5pe1zIiDNSMXWUPmbP +bfSNBswcATWweYUmL/9kuIqaZvNVjJpd1QuVQPMmhFyJyfDyM8WA/6kbeIjwuzku +BSBsBB1CMN26AHBEBxqmA5ml9ZBhL+kKJziYIJs3sdQcQWi+CiyQXKVzzXMhLFF9 +1VgrREMY7d49db3O4I8V4R0sVk5KxqCGULcPy7sMYgRuPr9hBD4i3oRVdokUyKRy +5XmZij7cHVS0pYrpdklkgjNFv4fNjA6goEM39JkzXkBbz0poYjNx/PXAx9wz6Ykc +X29HU6xyE76iwH8UNdqooe+9T75iihb6kccnEWC6uUi106rO5OGbyvtqEHcMlZic +ttfXUxtQT4n8BVK4GTji+o4U2Xfqf75W48ZnrLHMZpC028rrHXP0WMKtweYBCOtN +wt/T5fEqS29tCrnvYBUhlTyEECyfSBuxL9lBDUiS+opw338uGN/3ODXFwc3YCiUY +OoxhVnoLkJPMjIzMmBpIGnjvtVZ4t2FtTQXZMbDQwFJIkW2d70XMuPk86sjh2MWf +jd0rbd+6BrgDVlzxAOWQhXiVTiY7Y3Z8a4CkbyrbpxaNMnZn0DUYhF/LaUm3ylIM +vxXbcm2nTCqi9ly9jP98ZZI7uTAH65W1uhD6+SrOly0sijlZrg4lbdqY3isOuC4Y +BZuqHFWEKLx3J0SwtlV8aJvUAL8KFis5ktTEVO7WWkpODz6IUtiZ/eHbbNUeRyi2 +LmiQx7ywjuy0YIGRE9DeoLsURqtcTGtOkRGgRu8Pa+knl4N2rbuw9JY3ejh2Y775 +obIqyPPT/EgudHfywF4hsjn7i/4L14o/ZjQA53P+qC1swf7sz5LAspTbhHCCe/go +mT2ospx/XIoHLqxmYptKBMYHl5JR5kK8GAdoVzD1vv+MiIGZOHObsJ93X/DaEtT6 +/4/rlAC1ws8Mws4+kVDK0UXfADJLIipq2RP0FkapTQ51+ocIBDnXarAANhTpyokz +5gHLGrbQp1HOQQNnZfVEssJznjm/jiD0MxP/kXFjQuOThZCoKLTkfsjnKTMJE3HN +z96fo1kPemDQ4PUoac3LKUBUDIPxmwFCrcBcwDlrTHm1NmAb60cMUyDMZ073OwNL +3p16tcjn4j7HJ4g/BJ2HvnT5xVavNlFewELaQGN+Ywfl+5DSTNtyAvjgthOYps2F +Zl9sZ8qXL4c+GyaSUk8Rio+6Kggybvo75xdB/Ia5yp3IUC8z0+jVsaoCYf/fddyd +UaVFQvWdeN1tB+nTV7Ntki2LOxek417UV6BtH58zJCibDF2uld9LsIXySIFYvvqe +21kUWUWE7rlaCrDRJ2jwUtU+QYtBHl36WgwSf0C4HkeevRT8hLcFPyhKe6hYVcQL +sqFldps0VAMrfFzCwY8z5Vc1aehmOd9OXVBf/Fn04XBjUEoG46tkSdL18dBfJXI5 +RsfE6TAbB5LOEd7agmoGHJolL3rYwODDVKQWOj0519HR/xt1E7SgCfH/BisGl4Gr +4ZRUJG9unpEBsigN31JEbnXUbfx+rjXZM65F3HM9ir89ofIcVGPuJYflw2IPm1GI +ajEh+nDCt/hwvV66aBI/+JaQ7bHvqbC8tBMWXdlesSjJmWlB2mYdYqIhmqhy+0oj +ryKbsAT+7Fco5ymQACEG4Otw6y+weRTW/IFbibtjDui+P5arl5dRPIn4kCrV+ZMn +wuZVAw83mxSe05efsCt6YCoth64bIgPXVvl7EhGotheYsKfuOFI1Jvw1tDsgtoxk +v+6TnK3xJDMVkdV3dg/glAENdeo1NnHrvIb0Hq9ERMr5wmImQkGoL18r4HoUGin/ +HPi8Q+znxiw3NARCpm7RBwxCUzuYWQ88CKpxDtvGmJfpSNUQ3ETVs1rY9VlBP026 +Uufu5aMz9BURc8iaS4dl/oT0QjrhszeAdsXAoilY+SlmBUuAUieKAnaxLU48hqkX +FID6A/v/LxXm+VYgObFijv4i+ETUGNklhERTdkZ+YfwCWLqCLbGMK6ufVF3YPI9c +nLQ0/gPTW7YH8k1DQ7ehRdSEM3QcdE3x16x2q+dXRqOR1BG9uOsayhofQQWvlN66 +p4gbN8XgwSgf2SLaYUFbeiAiOuEsObPcTYyTekyuRbGcL7CKHY4tHb15VhqUJ0SA +7kiU1hC5cUxaMOKuWCOlqvBdfp+IowEbah2SKxZBWq1D8BKiT1es21NX6FEeJyWC +f+08KHLZWQL/OYrKof8dCcHVwMdQE05/6cXIn5xVMG0QbCyvC2izklQsaH+y4oy+ +iptmdBvXOE+t6wFJsT/jjbFGIbjAXT6xrc9nsL9lBoWJidfhREfzBrmW1LVbIE6L +8ltsECJ5NJ/OMm9Zj5MuQEc9kxsM9sAzk9KXP8xq5mJziTPoYK9QydtLRl/EJkW1 +P4Wp364sHiDnErHYkzsP/DpJ41BkJexEBLnzID/P6YTKfB0bDlnNbb/XQssEPQ7m +5nVBktXVV1UY0we/ACEkqmV6+7yE77ZF/hrzZuCu+M3aE8GjOSrSEpF4KP4V2n5W +ukD+Q5IZJkShjT6kG9lQELotChlU5n9YS147Y9C4HT//wNcQk1neEhUUf4L1cN62 +7JvKqVZTMyWbIIBEjMrKhQKRFAaf5AcFgx+scpGn0rZOY8wguSqHjLxMFrlc9/F7 +CpeM8QUGi9u9I61SiEY9Gmc+wDoONqSu6O9O+pWwWw7/Wh0qjK4TaRXSlVpS+1bK +umgkl3/Y1pDY6pCbHZ3O7AD1JaCZWP0k7oawIejkuV1UuLeFjodLfYkAh6y5Hlfv +/BJ2gHkAEePKibplUpudmOTkWlQChQtzmy3ZReqLydvrxK0H8eh9J/tB8cRP0M/j ++GU= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-openssl.cnf b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-openssl.cnf new file mode 100644 index 00000000000..23c5e41b08e --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-openssl.cnf @@ -0,0 +1,250 @@ +# +# Based on the OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +#CRLDISTPT = [CRL Distribution Point; e.g., http://crl-list.base/w4edom-l4.base.crl] +CRLDISTPT = http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + +# Extra OBJECT IDENTIFIER info: +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] +# Ordinarily, certificates must have this oid as an enhanced key usage in order for Windows to allow them to be used as a login credential +scardLogin=1.3.6.1.4.1.311.20.2.2 +# Used in a smart card login certificate's subject alternative name +msUPN=1.3.6.1.4.1.311.20.2.3 +# Ordinarily, certificates must have this oid as an enhanced key usage in order for Windows to allow them to be used to identify a domain controller +msKDC=1.3.6.1.5.2.3.5 +# Identifies the AD GUID +msADGUID=1.3.6.1.4.1.311.25.1 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = CA-samba.example.com # Where everything is kept +certs = $dir/_none_certs # Where the issued certs are kept +crl_dir = $dir/_none_crl # Where the issued crl are kept +database = $dir/Private/CA-samba.example.com-index.txt # database index file. +unique_subject = yes # Set to 'no' to allow creation of + # several certificates with same subject. +new_certs_dir = $dir/NewCerts # default place for new certs. + +certificate = $dir/Public/CA-samba.example.com-cert.pem # The CA certificate +serial = $dir/Private/CA-samba.example.com-serial.txt # The current serial number +crlnumber = $dir/Private/CA-samba.example.com-crlnumber.txt # the current crl number + # must be commented out to leave a V1 CRL + +#crl = $dir/Public/CA-samba.example.com-crl.pem # The current CRL +crl = $dir/Public/CA-samba.example.com-crl.crl # The current CRL +private_key = $dir/Private/CA-samba.example.com-private-key.pem # The private key +RANDFILE = $dir/Private/CA-samba.example.com.rand # private random number file + +#x509_extensions = # The extensions to add to the cert +x509_extensions = template_x509_extensions + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +crl_extensions = crl_ext + +default_days = 7300 # how long to certify for +default_crl_days= 7300 # how long before next CRL +default_md = sha256 # use public key default MD +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = match +stateOrProvinceName = match +localityName = match +organizationName = match +organizationalUnitName = match +commonName = supplied +emailAddress = supplied + +#################################################################### +[ req ] +default_bits = 4096 +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extensions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString (PKIX recommendation before 2004) +# utf8only: only UTF8Strings (PKIX recommendation after 2004). +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. +string_mask = utf8only + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = US +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = SambaState + +localityName = Locality Name (eg, city) +localityName_default = SambaCity + +organizationName = Organization Name (eg, company) +organizationName_default = SambaSelfTesting + +organizationalUnitName = Organizational Unit Name (eg, section) +organizationalUnitName_default = Domain Controllers + +commonName = Common Name (eg, YOUR name) +commonName_default = addcsmb1.addom2.samba.example.com +commonName_max = 64 + +emailAddress = Email Address +emailAddress_default = ca-samba.example.com@samba.example.com +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +#challengePassword = A challenge password +#challengePassword_min = 4 +#challengePassword_max = 20 +# +#unstructuredName = An optional company name + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] +# Extensions for a typical CA +# PKIX recommendation. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. +keyUsage = cRLSign, keyCertSign + +crlDistributionPoints=URI:$CRLDISTPT + +# Some might want this also +nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +subjectAltName=email:copy +# Copy issuer details +issuerAltName=issuer:copy + +[ crl_ext ] +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always + +#[ usr_cert_mskdc ] +[ template_x509_extensions ] + +# These extensions are added when 'ca' signs a request for a domain controller certificate. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE +crlDistributionPoints=URI:$CRLDISTPT + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +nsCertType = server + +# This is typical in keyUsage for a client certificate. +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "Domain Controller Certificate addcsmb1.addom2.samba.example.com" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. + +subjectAltName=@dc_subjalt + +# Copy subject details +issuerAltName=issuer:copy + +nsCaRevocationUrl = $CRLDISTPT +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +#Extended Key requirements for our domain controller certs +# serverAuth - says cert can be used to identify an ssl/tls server +# msKDC - says cert can be used to identify a Kerberos Domain Controller. +extendedKeyUsage = clientAuth,serverAuth,msKDC + +[dc_subjalt] +DNS=addcsmb1.addom2.samba.example.com +otherName=msADGUID;FORMAT:HEX,OCTETSTRING:0123456789ABCDEF diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-private-key.pem b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-private-key.pem new file mode 100644 index 00000000000..82ccc607203 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-private-key.pem @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJJwIBAAKCAgEA3v5dejCZux4RVqyw1AFQMIPhcQ+qPhq0953qk2n8vlEZTDf3 +o7M8kBNiYxSduFRmF2VKZ47Oln9NwsZu/Tyuu+JbbO5Re9s3F5SZAjovqcvQIym3 +QzMI/D8VO+0862lblUUYHoVeqjG2PhjILzpILczGaSi2XKwkA7GD6OaWpwZt/nMT +BNIYD9Ry94giQFuraKSJ4j3AyuWnrrb46oqMOZxtG4mrciwEJ0B+9dM/XdgNcWdl +HeM9ZbCXfxStkkMvPwSrHjFSB3/fSKyawCjRq+vyebPSRF/oLZLX2L4D/ttVK0v4 +nLTOAngHcg/VMs0BHj2ybiUp+glJSavt3CsQxT0ZPMQe2u6Vwv/4ULT3R5qkfRya +jXfatqLmT82AubHyHdyQYDdvOV6mA+KLRNekRf1+T0MU8GgN5oSPISBT9rRnvfxd +9EgqlR19ebqh7rjwg4N/q7HrOE48S4qTgBVjTEMdgUvB5tWwn2xJnQSSZmyffNNi +UHL8d2WHOdnQ715TSTJK0xtKiEXwD6JeMym9qz1rPSO8xpydmJydjcwyPuGMmBkc +RO4XQ7OwR6X+FUmqWrd2Q0zfmugzPVLobCzdPtip6S02wjpDdbK81b2Bi/xjN2GI +JLt2NRkARHo+MKiej990FAkL9YvJsO2+0M/Af2FBB/hsfQoFlk9uX8xA8/UCAwEA +AQKCAgBi3WOUSPffffUx+F5toCdtWwsYlVllL3IMVncp5FOqDUqqACZK7axsNCvq +wbkrgD/DH6VdRHNTRh2zvUZ3/+94XWMraH236/kA+2DbG/EF1tbwwA4APSA+tbk0 +WHop5Qw1oeyPm5Hc4y1pWpNmXPCjXaaZ+PLhI3DUMl/JYnJomvEpXtuPx5Xjbs2J +8VE+N2ZHfqujIr3XNvqg+35gfgytfizhiKf6dolg3bdsRbxSXveWz8CE/7q42xJP +xVsu/Zp01h0HxdYYfRkBn4T8rRxInNNkIdWXeu31RqVr8tLSq2uXRpdy4rZzYcPr +Thm37CwSvEffjZqOwI89mnxaoL1N4UxlIVTk8qapArHCZaucgxYr9acLT9H4sWCO +EgSc0nS1eHogUDZquNvdypJ++EmLAvNtBluRcuQC0DQqOlKPsqVyapTbEOscvk3m +SZ+JRQZi8qgN5nqNNAQAAy60krPGUDJCFOaONVQdjQljPJsg/112y5cBrQPXsknQ +o8u8TMcp9+I8Dp7qSCI7u5TDdERCWjg+wQxw5AzimcWDNRRN52yKzfEekrF6kV+l +eCcWMUv/eeWhJXCKNHAdVGQlHkSld3FdQRtr9PVQn8rSrb81HpodQhqPAUNW3NYf +hhxHimy3y5MLcLNU9A+ut+/lrDwD0enVlXhOiK4b7QqCv6ywAQKCAQEA90JbFJl7 +Ckfy1XpYtZQPVY+Zbv7Mukupin4+u9B1Ywd0j/RGTImNcQYEhQw1OM1FSSvpIzCS +H2JpJWCF0gG3PXYR0xn9JrErVXgh3hxOT9Ynk8ltUQwFAqeJXP1NqJdP0ipOEbyX +XYwBGXBDq42SXnj5TQgfQs/kc8UKBgFZ0LEaDcy5r3eXBi0SCPpFpQ7RWMS5orAt +e+NlthAJItSb6PVBrQUZ1JPZTfsR/35wSnlUQnHsf93wZ477O3g+wuTMmhTLFfU/ +JmcaV7QDIV/mRRO+O6KgSnoQ1sn4ay1b7jXCHOA+VApSxTZsPmuKHyvMpIwmqr5G +/wWJiNT6CI+r3QKCAQEA5uBpLVFxTjXi+TLtpDK1Cf3rd99o2y+uVaWIuq/aqPuB +/mAcpVcOMKsTU3woVgZW3hAArnomVSsEPf4pjqGqjiibGopmcg3f1J1Ee3vfznZ7 +kyOhfh52jNbWahLi5+4phC/wD++S44qDh4Kmi8g7kz0n0KmU9Xt5qCjJXSWTFO7z +8aLbhzdf/R0tRBmBLKZ5w/5CJ0tP9eRuVLgeFWxFZ7lKoSF9ZF4VOg7yVuGh9m6f +Nzo7ox+yEiv+81ZL14736u12vRmkxA+e1be+YDPytFtZ4t4JRWehJ+CeszDaBqLd +DXpB8Dlo6cbWqWqytMuI4zY5RjpMlt8FxSH/nO5S+QKCAQA8JHrNDuwbuxZ5ELJl +MGduc2hp1DZuFhteIYkW3ATBmr2iilNTKJ4r4L/WsPp9H4j73F9v/M9+LMzQl6LV +Sy+MFp0NUSP/dlbJCliKky4FQ10LGJKrhRXu6FuEL+Tk3jE/OKUWsV3MFlLqIiGD +qALzUc+qChC4iqLR+hqPDWMQXROuSZ7c7GTizrG1V1L7bBhF1EwnI11c5hoGZ+4g +98AYsRdRg40d5PyVeD2PfOzJYKu7IcTZ8V0Zg3DerUfu1gJidC5V3/qFV8zTimi8 +hHwZT00VamA83WYdKLFxOG5FCfR2W6EthflOGQfJQxUssdWsLJ73JyNTwsAKdWuA +C5pNAoIBAAXUjvNlBh56f+PZJGUsHqRE9EhPrP80AgwJpR1JyZTQ3SSGWtLWEvap +q1BFZ2Ncv57V+p5tWUB3WKEUJQqEDKGQZvJRomqo7Qkae5s+spUtKsu5b5+Wt1mx +JzMAjRhcTFIZP8+3Nhdm7RFj/D61bMO4HKRJVAiq+JSFiyg+BavWqPRmL3MHs/XZ +YcZBeqCdB6AqcJM7dKZ6AUtEZwYVeN84r6jIBrmdIp4XuIj3I7bsbjrfzpe8+is5 +TzPn7vxfkOUu3/vAhQeqeVFeVYFqbmudjvSKtOM6zbgLFRbjWe4m+LwZZUbivEKD +EfKvThoAtdE/Ek0ytbJtqWCkDidxYUkCggEAB2DIXKQb9OphTQf+18OGnslAa3b6 +vLZPcmv4ZskCApi9AM2AX6q42luovaYR3ul3IJKM3SKa30ZBdprb0epsrW/aJ6Fm ++ri1NrQ34zLNun/cX+Q+EzFbq1wNsCj4Wj0my8q5oyg+KtofeWYFYJmn75rGuZVz +UrmIC6MjrXi9tvh4BK3pfPzSGizPlLk+vXSQgU36bfUY3P6SZFu9W+IMfDJKKip7 +0MqQCVE3aMoFi1/1pJt7qWiHvYqLIjldJEdQpszTr7IeNsYo7OFJtOaHp6G7mZOU +/P+GGZiS4h20hS+y/IPBWqFmFiwy38z1L4lUi7W26oytuKYuiUZt3cy2IA== +-----END RSA PRIVATE KEY----- diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-private.p12 b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-private.p12 new file mode 100644 index 00000000000..d44a18eb830 Binary files /dev/null and b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-private.p12 differ diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-req.pem b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-req.pem new file mode 100644 index 00000000000..a4d061e4487 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-req.pem @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIFFzCCAv8CAQAwgdExCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApTYW1iYVN0YXRl +MRIwEAYDVQQHDAlTYW1iYUNpdHkxGTAXBgNVBAoMEFNhbWJhU2VsZlRlc3Rpbmcx +GzAZBgNVBAsMEkRvbWFpbiBDb250cm9sbGVyczEqMCgGA1UEAwwhYWRkY3NtYjEu +YWRkb20yLnNhbWJhLmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkBFiZjYS1zYW1i +YS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEB +BQADggIPADCCAgoCggIBAN7+XXowmbseEVassNQBUDCD4XEPqj4atPed6pNp/L5R +GUw396OzPJATYmMUnbhUZhdlSmeOzpZ/TcLGbv08rrviW2zuUXvbNxeUmQI6L6nL +0CMpt0MzCPw/FTvtPOtpW5VFGB6FXqoxtj4YyC86SC3MxmkotlysJAOxg+jmlqcG +bf5zEwTSGA/UcveIIkBbq2ikieI9wMrlp662+OqKjDmcbRuJq3IsBCdAfvXTP13Y +DXFnZR3jPWWwl38UrZJDLz8Eqx4xUgd/30ismsAo0avr8nmz0kRf6C2S19i+A/7b +VStL+Jy0zgJ4B3IP1TLNAR49sm4lKfoJSUmr7dwrEMU9GTzEHtrulcL/+FC090ea +pH0cmo132rai5k/NgLmx8h3ckGA3bzlepgPii0TXpEX9fk9DFPBoDeaEjyEgU/a0 +Z738XfRIKpUdfXm6oe648IODf6ux6zhOPEuKk4AVY0xDHYFLwebVsJ9sSZ0EkmZs +n3zTYlBy/HdlhznZ0O9eU0kyStMbSohF8A+iXjMpvas9az0jvMacnZicnY3MMj7h +jJgZHETuF0OzsEel/hVJqlq3dkNM35roMz1S6Gws3T7YqektNsI6Q3WyvNW9gYv8 +YzdhiCS7djUZAER6PjCono/fdBQJC/WLybDtvtDPwH9hQQf4bH0KBZZPbl/MQPP1 +AgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAve93Lch8SWFi9pmWZgmcStRFALjR +RRa9iUSIpIgHmJWKAjIq2APh5xWfp4Ouh7DO6KIwHLbgQEXWpxehukhyUl4VlIMV +y50nVK9ibiu5X7MO0HMHGnULZvLDS7i64siX9e030xvP5cOwRg16TS84Ex4VVoaz +1t1yE083OoD4jqMvDvgMJ0OpnyZXUZctDLCc0aADkhJKC/V4q/mruPY1lZ0Nxl3T +Q06GhJtEaR87BLIoNUqD6SwyZm6F2Y96bLqdzgaGHYNGhGGeDpXp0l8grlRvpu+9 +zFdTsALPAwt6KSNmk4GsNuNyu7DS6v33+yaT0ZbbulbPZ6uVFjXrnFFXYBAcFJs+ +YFELavoIRtEOcBfJ5RL6Hcr3P1/4I70u5Uucesv5C/loNHnZPAo2s2KFtBtVgGHp +OYeFjzDvG3fLz2ZGjIDxTEh0fD/9wRL2CVtjEfN6V7tKmd3f7IEBtCw+7Hdu4uSN +GrjWrbzQWhyTT6lyDfCKsmQlCevI1MW9oDkVmaBkHwYuWTc4U6wL77wDKyShTKV7 +RFWyhfnhYp1Xpm/pZmCszUZc7Si7eGGJiKohH7K+3YnpcfPMq2t83SBeFMmaBBJX +I1KOjT5grWAzVIsIdFgFvoPqXNWmizEddBTtExnmhK3tAzudJL7bv+PhYSQ0wTOP +n2KpBr/vsEs9LeM= +-----END CERTIFICATE REQUEST----- diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-cert.pem b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-cert.pem new file mode 120000 index 00000000000..97e86e71dc7 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-cert.pem @@ -0,0 +1 @@ +DC-addcsmb1.addom2.samba.example.com-S06-cert.pem \ No newline at end of file diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-private-key.pem b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-private-key.pem new file mode 120000 index 00000000000..7259e865194 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-private-key.pem @@ -0,0 +1 @@ +DC-addcsmb1.addom2.samba.example.com-S06-private-key.pem \ No newline at end of file diff --git a/selftest/manage-ca/CA-samba.example.com/NewCerts/06.pem b/selftest/manage-ca/CA-samba.example.com/NewCerts/06.pem new file mode 100644 index 00000000000..6b25079d889 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/NewCerts/06.pem @@ -0,0 +1,191 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 6 (0x6) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=SambaState, L=SambaCity, O=SambaSelfTesting, OU=CA Administration, CN=CA of samba.example.com/emailAddress=ca-samba.example.com@samba.example.com + Validity + Not Before: Feb 28 13:30:28 2020 GMT + Not After : Feb 23 13:30:28 2040 GMT + Subject: C=US, ST=SambaState, O=SambaSelfTesting, OU=Domain Controllers, CN=addcsmb1.addom2.samba.example.com/emailAddress=ca-samba.example.com@samba.example.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:de:fe:5d:7a:30:99:bb:1e:11:56:ac:b0:d4:01: + 50:30:83:e1:71:0f:aa:3e:1a:b4:f7:9d:ea:93:69: + fc:be:51:19:4c:37:f7:a3:b3:3c:90:13:62:63:14: + 9d:b8:54:66:17:65:4a:67:8e:ce:96:7f:4d:c2:c6: + 6e:fd:3c:ae:bb:e2:5b:6c:ee:51:7b:db:37:17:94: + 99:02:3a:2f:a9:cb:d0:23:29:b7:43:33:08:fc:3f: + 15:3b:ed:3c:eb:69:5b:95:45:18:1e:85:5e:aa:31: + b6:3e:18:c8:2f:3a:48:2d:cc:c6:69:28:b6:5c:ac: + 24:03:b1:83:e8:e6:96:a7:06:6d:fe:73:13:04:d2: + 18:0f:d4:72:f7:88:22:40:5b:ab:68:a4:89:e2:3d: + c0:ca:e5:a7:ae:b6:f8:ea:8a:8c:39:9c:6d:1b:89: + ab:72:2c:04:27:40:7e:f5:d3:3f:5d:d8:0d:71:67: + 65:1d:e3:3d:65:b0:97:7f:14:ad:92:43:2f:3f:04: + ab:1e:31:52:07:7f:df:48:ac:9a:c0:28:d1:ab:eb: + f2:79:b3:d2:44:5f:e8:2d:92:d7:d8:be:03:fe:db: + 55:2b:4b:f8:9c:b4:ce:02:78:07:72:0f:d5:32:cd: + 01:1e:3d:b2:6e:25:29:fa:09:49:49:ab:ed:dc:2b: + 10:c5:3d:19:3c:c4:1e:da:ee:95:c2:ff:f8:50:b4: + f7:47:9a:a4:7d:1c:9a:8d:77:da:b6:a2:e6:4f:cd: + 80:b9:b1:f2:1d:dc:90:60:37:6f:39:5e:a6:03:e2: + 8b:44:d7:a4:45:fd:7e:4f:43:14:f0:68:0d:e6:84: + 8f:21:20:53:f6:b4:67:bd:fc:5d:f4:48:2a:95:1d: + 7d:79:ba:a1:ee:b8:f0:83:83:7f:ab:b1:eb:38:4e: + 3c:4b:8a:93:80:15:63:4c:43:1d:81:4b:c1:e6:d5: + b0:9f:6c:49:9d:04:92:66:6c:9f:7c:d3:62:50:72: + fc:77:65:87:39:d9:d0:ef:5e:53:49:32:4a:d3:1b: + 4a:88:45:f0:0f:a2:5e:33:29:bd:ab:3d:6b:3d:23: + bc:c6:9c:9d:98:9c:9d:8d:cc:32:3e:e1:8c:98:19: + 1c:44:ee:17:43:b3:b0:47:a5:fe:15:49:aa:5a:b7: + 76:43:4c:df:9a:e8:33:3d:52:e8:6c:2c:dd:3e:d8: + a9:e9:2d:36:c2:3a:43:75:b2:bc:d5:bd:81:8b:fc: + 63:37:61:88:24:bb:76:35:19:00:44:7a:3e:30:a8: + 9e:8f:df:74:14:09:0b:f5:8b:c9:b0:ed:be:d0:cf: + c0:7f:61:41:07:f8:6c:7d:0a:05:96:4f:6e:5f:cc: + 40:f3:f5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 CRL Distribution Points: + + Full Name: + URI:http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + + Netscape Cert Type: + SSL Server + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + Netscape Comment: + Domain Controller Certificate addcsmb1.addom2.samba.example.com + X509v3 Subject Key Identifier: + 5B:85:11:27:BF:F7:A6:2B:8F:51:93:D8:29:4E:0E:A2:67:AA:9D:80 + X509v3 Authority Key Identifier: + keyid:A2:3E:02:2A:A3:A7:4D:39:B4:08:4D:99:CC:0C:75:36:EA:27:C3:3E + + X509v3 Subject Alternative Name: + DNS:addcsmb1.addom2.samba.example.com, othername: + X509v3 Issuer Alternative Name: + email:ca-samba.example.com@samba.example.com + Netscape CA Revocation Url: + http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + X509v3 Extended Key Usage: + TLS Web Client Authentication, TLS Web Server Authentication, msKDC + Signature Algorithm: sha256WithRSAEncryption + 73:de:7a:35:bc:15:ac:32:44:5b:98:60:64:12:af:ea:42:46: + 7d:fb:b2:88:b3:47:61:c3:0b:6d:d1:68:92:3d:44:cd:37:86: + da:10:d2:18:db:19:29:03:31:1a:26:cd:70:d1:ec:13:ac:59: + 84:cd:be:9f:2b:c6:2d:10:aa:4b:4d:78:39:d3:6b:e1:4d:e8: + 10:a0:3e:97:d3:1c:19:11:e4:0f:26:7f:96:d7:26:17:23:02: + d9:4b:47:0c:af:c7:ef:28:ae:1c:28:e5:d2:7a:61:46:70:3b: + 49:5e:d0:65:54:4c:ae:14:27:c0:e4:17:41:2c:1a:42:0d:86: + 6c:37:48:65:80:02:21:b3:2b:1f:4f:34:a5:ce:7b:b0:fe:06: + a6:fe:c5:1b:ca:e5:e6:7e:d5:dc:01:d2:50:c4:f8:5e:73:6c: + 2c:56:81:d0:a4:73:bf:82:cb:d8:76:ca:7e:44:99:3a:5f:a9: + 97:89:a8:5c:5b:1b:38:0d:4d:cb:02:49:69:82:13:68:a6:be: + 4b:a3:57:a6:a6:e3:f0:dc:ad:1c:30:00:bf:ed:15:ca:c3:3d: + 5c:7b:dc:6d:e6:cb:bb:bc:a1:22:e7:32:95:e0:0f:6a:ab:40: + 0c:43:ed:f3:98:63:7c:2f:15:63:49:4e:5c:82:65:13:f2:53: + 26:d7:4c:c6:f8:7e:fa:bc:a8:22:44:f1:fb:a6:bb:27:64:ec: + 94:28:19:4a:af:09:7e:01:8e:9d:3e:43:e5:79:fd:16:ed:24: + b4:ab:58:02:e2:9e:f8:a1:b0:45:25:6d:2f:be:bb:88:90:c7: + d8:45:31:48:65:26:33:86:cc:46:69:53:6b:f1:d6:35:df:b1: + 39:ed:81:e1:23:f1:01:de:99:10:11:f0:3f:4d:5d:d3:8a:0c: + 44:78:f6:27:4a:32:1d:ab:0c:63:d0:71:25:62:67:f5:0c:7e: + 2c:7c:a4:ec:8d:de:00:6d:5f:69:5d:bf:e6:c7:59:75:87:5e: + 2c:12:dc:a5:1b:dd:c1:7a:c9:56:63:6a:3b:c6:9a:b7:fc:15: + 01:53:4d:c8:ca:c7:c8:81:50:a0:65:43:33:fb:aa:55:64:a0: + c3:2e:e2:f9:08:64:e5:75:ab:98:b3:38:ba:8d:53:e8:08:47: + ef:cf:a9:f2:16:25:1b:20:78:2d:6f:f5:83:ee:35:d4:b5:c5: + d6:d7:81:17:bf:9c:45:43:d1:88:74:22:1a:32:b2:45:73:a2: + 28:d4:da:ff:85:f9:75:1c:4f:84:6a:a5:1a:41:eb:8b:e0:1d: + 49:69:07:2f:5b:5e:e3:7b:00:f8:4b:67:5b:42:d7:51:de:1c: + 18:89:2f:f8:36:e7:b5:a3:6c:39:e3:88:dc:5d:7f:2f:d9:52: + b6:6b:9c:e9:1d:df:d0:18:68:25:70:7e:71:fb:b3:40:28:75: + e9:24:38:6f:70:5b:1a:f9:bf:e9:43:bd:4b:51:e3:df:e3:25: + 11:ae:30:4e:7e:55:58:43:b3:65:05:11:2d:0e:a4:3c:b8:8a: + 0c:f9:93:ab:27:28:c0:b2:17:76:52:9b:18:82:b7:fd:a6:4f: + 6e:a1:74:2b:19:59:ac:b1:d8:5e:fb:f3:69:37:16:59:01:4c: + fa:a9:57:52:04:d4:45:8f:10:08:8a:ab:88:aa:96:46:9a:aa: + 94:b5:c6:bf:e9:9e:9a:cd:40:f3:2a:ed:23:ff:a6:f7:9b:18: + 02:d9:ab:76:96:ac:15:6f:04:5d:92:d2:49:4c:4b:62:da:3d: + 2a:a4:59:22:1a:75:cd:6e:fb:62:50:da:ae:9d:28:7d:4d:32: + 2f:d8:cd:37:67:f9:1d:c1:d5:76:40:ba:34:f6:8c:92:5b:c0: + 65:f6:3c:90:6c:5b:67:09:0d:d3:14:90:38:03:82:06:c3:b7: + 85:74:7f:15:f4:5b:de:66:5f:71:a9:f1:ed:15:9b:a0:72:ee: + 05:d7:b3:92:30:65:2e:82:90:21:fe:f0:07:34:11:d3:87:41: + f4:35:04:0c:b4:28:f5:73:b8:d5:0e:e3:2a:53:ab:9a:3f:4d: + 59:f9:18:68:f0:31:90:1d:d6:25:c6:8b:33:e8:dc:06:93:7b: + cb:01:de:8b:1e:87:5a:26:a0:0d:5e:f6:6a:36:43:54:53:6d: + 87:10:ca:a8:15:1a:4a:37:95:a5:67:93:74:ba:c3:59:9b:f8: + b5:ab:10:98:fc:ff:d6:d2:61:17:5d:90:7e:b1:2a:16:ec:d5: + da:80:67:02:13:41:d7:bc:a2:af:0b:54:08:b3:2e:1b:05:50: + 80:f6:c7:9a:8c:ac:89:49:4a:f4:4b:71:73:bc:e7:8c:6f:0c: + 70:62:73:3d:ed:07:14:35:f0:15:0c:bb:d8:c3:f6:19:43:b7: + 45:a5:33:80:17:1f:c3:39:28:3d:6a:7c:d6:e0:37:66:58:bd: + e8:64:2c:ad:b7:e0:25:f5:41:ac:ae:cb:ca:c1:eb:5b:8b:e1: + 3d:1e:cc:09:63:d6:6c:c8:eb:b8:ae:6f:4b:02:98:4a:2a:1a: + 94:26:e7:a3:23:7c:e9:e5:02:e0:1f:f5:88:f9:14:74:81:01: + 1d:cd:7e:46:35:7c:1d:e3:64:60:88:a4:ed:86:06:0e:af:3a: + 2b:1d:f8:45:fe:53:8e:56:89:95:98:ff:2c:8a:fb:3a:7a:0c: + 46:6a:3d:32:78:ad:58:69:ba:3b:d5:95:51:55:f3:72 +-----BEGIN CERTIFICATE----- +MIIKAzCCBeugAwIBAgIBBjANBgkqhkiG9w0BAQsFADCBxjELMAkGA1UEBhMCVVMx +EzARBgNVBAgMClNhbWJhU3RhdGUxEjAQBgNVBAcMCVNhbWJhQ2l0eTEZMBcGA1UE +CgwQU2FtYmFTZWxmVGVzdGluZzEaMBgGA1UECwwRQ0EgQWRtaW5pc3RyYXRpb24x +IDAeBgNVBAMMF0NBIG9mIHNhbWJhLmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkB +FiZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTAeFw0yMDAy +MjgxMzMwMjhaFw00MDAyMjMxMzMwMjhaMIG9MQswCQYDVQQGEwJVUzETMBEGA1UE +CAwKU2FtYmFTdGF0ZTEZMBcGA1UECgwQU2FtYmFTZWxmVGVzdGluZzEbMBkGA1UE +CwwSRG9tYWluIENvbnRyb2xsZXJzMSowKAYDVQQDDCFhZGRjc21iMS5hZGRvbTIu +c2FtYmEuZXhhbXBsZS5jb20xNTAzBgkqhkiG9w0BCQEWJmNhLXNhbWJhLmV4YW1w +bGUuY29tQHNhbWJhLmV4YW1wbGUuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEA3v5dejCZux4RVqyw1AFQMIPhcQ+qPhq0953qk2n8vlEZTDf3o7M8 +kBNiYxSduFRmF2VKZ47Oln9NwsZu/Tyuu+JbbO5Re9s3F5SZAjovqcvQIym3QzMI +/D8VO+0862lblUUYHoVeqjG2PhjILzpILczGaSi2XKwkA7GD6OaWpwZt/nMTBNIY +D9Ry94giQFuraKSJ4j3AyuWnrrb46oqMOZxtG4mrciwEJ0B+9dM/XdgNcWdlHeM9 +ZbCXfxStkkMvPwSrHjFSB3/fSKyawCjRq+vyebPSRF/oLZLX2L4D/ttVK0v4nLTO +AngHcg/VMs0BHj2ybiUp+glJSavt3CsQxT0ZPMQe2u6Vwv/4ULT3R5qkfRyajXfa +tqLmT82AubHyHdyQYDdvOV6mA+KLRNekRf1+T0MU8GgN5oSPISBT9rRnvfxd9Egq +lR19ebqh7rjwg4N/q7HrOE48S4qTgBVjTEMdgUvB5tWwn2xJnQSSZmyffNNiUHL8 +d2WHOdnQ715TSTJK0xtKiEXwD6JeMym9qz1rPSO8xpydmJydjcwyPuGMmBkcRO4X +Q7OwR6X+FUmqWrd2Q0zfmugzPVLobCzdPtip6S02wjpDdbK81b2Bi/xjN2GIJLt2 +NRkARHo+MKiej990FAkL9YvJsO2+0M/Af2FBB/hsfQoFlk9uX8xA8/UCAwEAAaOC +AgEwggH9MAkGA1UdEwQCMAAwTwYDVR0fBEgwRjBEoEKgQIY+aHR0cDovL3d3dy5z +YW1iYS5leGFtcGxlLmNvbS9jcmxzL0NBLXNhbWJhLmV4YW1wbGUuY29tLWNybC5j +cmwwEQYJYIZIAYb4QgEBBAQDAgZAMAsGA1UdDwQEAwIF4DBOBglghkgBhvhCAQ0E +QRY/RG9tYWluIENvbnRyb2xsZXIgQ2VydGlmaWNhdGUgYWRkY3NtYjEuYWRkb20y +LnNhbWJhLmV4YW1wbGUuY29tMB0GA1UdDgQWBBRbhREnv/emK49Rk9gpTg6iZ6qd +gDAfBgNVHSMEGDAWgBSiPgIqo6dNObQITZnMDHU26ifDPjBFBgNVHREEPjA8giFh +ZGRjc21iMS5hZGRvbTIuc2FtYmEuZXhhbXBsZS5jb22gFwYJKwYBBAGCNxkBoAoE +CAEjRWeJq83vMDEGA1UdEgQqMCiBJmNhLXNhbWJhLmV4YW1wbGUuY29tQHNhbWJh +LmV4YW1wbGUuY29tME0GCWCGSAGG+EIBBARAFj5odHRwOi8vd3d3LnNhbWJhLmV4 +YW1wbGUuY29tL2NybHMvQ0Etc2FtYmEuZXhhbXBsZS5jb20tY3JsLmNybDAmBgNV +HSUEHzAdBggrBgEFBQcDAgYIKwYBBQUHAwEGBysGAQUCAwUwDQYJKoZIhvcNAQEL +BQADggQBAHPeejW8FawyRFuYYGQSr+pCRn37soizR2HDC23RaJI9RM03htoQ0hjb +GSkDMRomzXDR7BOsWYTNvp8rxi0QqktNeDnTa+FN6BCgPpfTHBkR5A8mf5bXJhcj +AtlLRwyvx+8orhwo5dJ6YUZwO0le0GVUTK4UJ8DkF0EsGkINhmw3SGWAAiGzKx9P +NKXOe7D+Bqb+xRvK5eZ+1dwB0lDE+F5zbCxWgdCkc7+Cy9h2yn5EmTpfqZeJqFxb +GzgNTcsCSWmCE2imvkujV6am4/DcrRwwAL/tFcrDPVx73G3my7u8oSLnMpXgD2qr +QAxD7fOYY3wvFWNJTlyCZRPyUybXTMb4fvq8qCJE8fumuydk7JQoGUqvCX4Bjp0+ +Q+V5/RbtJLSrWALinvihsEUlbS++u4iQx9hFMUhlJjOGzEZpU2vx1jXfsTntgeEj +8QHemRAR8D9NXdOKDER49idKMh2rDGPQcSViZ/UMfix8pOyN3gBtX2ldv+bHWXWH +XiwS3KUb3cF6yVZjajvGmrf8FQFTTcjKx8iBUKBlQzP7qlVkoMMu4vkIZOV1q5iz +OLqNU+gIR+/PqfIWJRsgeC1v9YPuNdS1xdbXgRe/nEVD0Yh0IhoyskVzoijU2v+F ++XUcT4RqpRpB64vgHUlpBy9bXuN7APhLZ1tC11HeHBiJL/g257WjbDnjiNxdfy/Z +UrZrnOkd39AYaCVwfnH7s0AodekkOG9wWxr5v+lDvUtR49/jJRGuME5+VVhDs2UF +ES0OpDy4igz5k6snKMCyF3ZSmxiCt/2mT26hdCsZWayx2F7782k3FlkBTPqpV1IE +1EWPEAiKq4iqlkaaqpS1xr/pnprNQPMq7SP/pvebGALZq3aWrBVvBF2S0klMS2La +PSqkWSIadc1u+2JQ2q6dKH1NMi/YzTdn+R3B1XZAujT2jJJbwGX2PJBsW2cJDdMU +kDgDggbDt4V0fxX0W95mX3Gp8e0Vm6By7gXXs5IwZS6CkCH+8Ac0EdOHQfQ1BAy0 +KPVzuNUO4ypTq5o/TVn5GGjwMZAd1iXGizPo3AaTe8sB3oseh1omoA1e9mo2Q1RT +bYcQyqgVGko3laVnk3S6w1mb+LWrEJj8/9bSYRddkH6xKhbs1dqAZwITQde8oq8L +VAizLhsFUID2x5qMrIlJSvRLcXO854xvDHBicz3tBxQ18BUMu9jD9hlDt0WlM4AX +H8M5KD1qfNbgN2ZYvehkLK234CX1Qayuy8rB61uL4T0ezAlj1mzI67iub0sCmEoq +GpQm56MjfOnlAuAf9Yj5FHSBAR3NfkY1fB3jZGCIpO2GBg6vOisd+EX+U45WiZWY +/yyK+zp6DEZqPTJ4rVhpujvVlVFV83I= +-----END CERTIFICATE----- diff --git a/selftest/manage-ca/CA-samba.example.com/NewCerts/07.pem b/selftest/manage-ca/CA-samba.example.com/NewCerts/07.pem new file mode 100644 index 00000000000..2d0735a30f2 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/NewCerts/07.pem @@ -0,0 +1,169 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 7 (0x7) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=SambaState, L=SambaCity, O=SambaSelfTesting, OU=CA Administration, CN=CA of samba.example.com/emailAddress=ca-samba.example.com@samba.example.com + Validity + Not Before: Feb 28 13:31:01 2020 GMT + Not After : Feb 23 13:31:01 2040 GMT + Subject: C=US, ST=SambaState, O=SambaSelfTesting, OU=Users, CN=administrator@addom2.samba.example.com/emailAddress=administrator@addom2.samba.example.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:eb:0e:b0:1d:53:4f:3c:0f:f8:90:d6:33:64:68: + 7e:ed:7c:46:96:c6:77:9c:0a:07:ed:8c:13:da:e7: + bb:b3:79:63:4b:ec:5a:2a:59:57:7c:38:69:50:c0: + a1:b4:ba:f8:1d:56:78:77:95:b3:44:13:12:83:df: + 20:95:12:01:e5:1e:1a:5b:38:69:48:86:e8:a6:0a: + 32:f4:38:36:f8:84:bd:5b:a9:70:48:c5:49:25:79: + 70:98:23:a7:58:3e:09:97:6d:67:b1:95:fa:08:86: + 2d:d6:b7:c5:d2:06:aa:5b:b8:f5:93:e6:c5:20:9a: + 9b:0c:90:2b:c7:2e:20:2f:e8:07:45:03:f3:4d:2c: + d9:eb:9c:91:d2:68:cc:fe:57:78:5c:2e:57:5b:a6: + 0e:10:6a:b8:05:ce:ab:12:31:49:e8:34:7c:3f:91: + 63:ce:3e:a6:ff:c0:7b:1b:95:b7:9b:99:a9:c7:ec: + d6:45:b7:9e:24:ee:c0:2b:a3:4c:a2:f9:04:5b:18: + 2f:0e:8b:2b:16:89:5d:cc:92:fa:49:dd:09:92:72: + 14:ba:8f:48:bd:6e:9b:88:14:98:6f:bc:0c:e3:bb: + a9:d1:0a:a8:93:6b:75:70:98:f9:a8:d8:0f:c5:e6: + a9:a4:e5:b3:72:81:76:07:73:c9:3e:d2:43:62:fe: + 1a:3b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 CRL Distribution Points: + + Full Name: + URI:http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + + Netscape Cert Type: + SSL Client, S/MIME + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + Netscape Comment: + Smart Card Login Certificate for administrator@addom2.samba.example.com + X509v3 Subject Key Identifier: + 54:FB:DA:B4:F9:26:58:9A:8F:C2:D2:0A:95:B0:95:F6:D2:F6:1B:AE + X509v3 Authority Key Identifier: + keyid:A2:3E:02:2A:A3:A7:4D:39:B4:08:4D:99:CC:0C:75:36:EA:27:C3:3E + + X509v3 Subject Alternative Name: + email:administrator@addom2.samba.example.com, othername: + X509v3 Issuer Alternative Name: + email:ca-samba.example.com@samba.example.com + Netscape CA Revocation Url: + http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + X509v3 Extended Key Usage: + TLS Web Client Authentication, scardLogin + Signature Algorithm: sha256WithRSAEncryption + a3:8d:f9:4e:77:ba:67:28:63:6e:3e:70:91:64:3f:51:b3:69: + ab:ff:10:04:e4:39:d1:98:bf:7e:c7:da:d3:4e:d5:29:f7:ae: + ca:e2:b1:f7:ea:67:38:7e:bb:a8:55:33:c1:de:79:6a:49:56: + 6a:48:8c:3b:43:8b:03:f4:30:11:ac:ee:88:28:ed:11:6c:37: + 33:13:7f:25:aa:d6:71:99:d2:f8:fb:4f:7a:44:c7:20:78:b2: + 22:44:17:d8:56:10:a2:4c:48:1c:3a:ad:bf:82:d7:e5:e0:66: + e9:ac:a1:11:23:b3:f8:f7:a7:84:5f:b7:d2:30:89:b7:bc:3f: + 9c:61:d8:12:bb:a4:fe:af:53:f9:f7:26:8e:be:9a:79:53:47: + b6:2b:d3:31:60:e1:39:11:11:c3:32:b8:32:d2:e2:6d:8a:05: + ae:f5:7e:f7:03:33:1c:6c:07:8e:81:a4:26:f2:0d:22:af:fe: + 48:12:48:a8:09:e2:98:4e:b9:c5:07:16:5d:a3:b2:73:7c:4c: + a7:3e:24:e9:d8:cc:72:a3:87:dd:c7:69:8d:58:dd:2e:27:69: + 72:b4:fb:62:cf:66:c4:7a:8b:8b:c4:03:16:b6:9d:7f:7b:f5: + 44:c2:04:a7:17:80:9c:f7:32:ba:3a:05:e1:71:28:16:88:6a: + 9c:f8:0e:5e:c9:0b:81:eb:2c:05:3c:4c:ff:ba:72:10:da:99: + 95:e1:ef:d2:dd:95:7d:d0:24:f6:8f:e0:1c:75:25:64:80:0e: + 16:9f:c1:d7:76:7e:45:85:27:a8:85:80:c3:62:40:58:1b:75: + c3:8e:40:0c:d9:f1:5b:a0:6b:1e:47:99:4f:00:11:68:19:93: + 77:4b:1b:56:94:79:95:f6:b8:92:49:14:e0:8f:2b:40:4c:82: + 4c:5b:a0:e2:0f:d4:f3:d1:3c:f3:e6:4c:c4:3d:2a:4c:e8:ca: + 10:c0:39:81:64:db:68:80:12:07:3f:92:7c:e0:09:aa:42:77: + 51:1e:ee:ad:33:c8:8f:f4:f2:35:2b:c7:b7:57:7c:2e:c8:27: + 71:c8:5b:1a:f2:83:fa:4f:85:13:ea:ce:0b:2f:b7:76:86:77: + 00:82:46:2f:bf:1c:b2:de:5d:52:40:64:41:54:0b:9f:8c:84: + d9:dd:08:02:51:d0:06:d0:07:6f:a1:ef:74:f4:d9:f5:30:9c: + 15:c3:d6:89:b7:f5:81:5a:c0:44:3d:99:54:e8:25:56:1f:63: + be:5c:f7:be:f1:9c:24:e0:55:46:c4:a5:7e:3f:82:20:b9:4a: + d6:14:82:45:14:d8:91:75:33:c5:df:86:9c:19:17:a4:31:4a: + 37:a2:9e:b9:11:84:ab:df:bc:21:2b:9b:96:83:b7:1b:13:78: + 07:b2:c5:5f:97:48:3b:7e:43:10:34:68:e8:25:bd:51:a0:ae: + 17:52:62:47:3c:c9:f0:b5:55:95:cd:68:d3:5f:aa:85:be:ea: + fb:2a:8a:e4:50:3d:96:5b:b3:a9:e5:45:e4:2d:da:da:8d:f0: + ae:c0:98:47:8e:ca:46:c2:21:68:a6:f9:17:41:a2:c6:21:b9: + bc:73:a7:c3:84:a9:31:b7:54:04:33:2a:fb:57:32:47:93:e1: + b2:ff:58:5b:f3:19:66:bc:65:8e:00:29:9d:56:60:7d:28:b2: + 6d:a5:a9:eb:04:7c:d3:e7:d7:af:2d:fe:df:1e:9c:3b:a9:bb: + a0:14:e4:02:7f:e6:e7:0a:b2:37:bd:fd:67:32:82:4f:c0:41: + 89:96:9a:f2:9a:04:eb:82:ee:81:8a:00:15:5e:b2:d0:e1:72: + 74:47:2f:97:fb:33:f1:8c:b9:25:8f:02:71:75:b7:21:10:74: + 4f:5f:5f:61:51:4a:69:d1:03:6b:7a:51:e4:08:03:1f:c2:a7: + 2c:c2:10:b8:27:9f:aa:01:15:61:71:72:d6:ca:23:7f:d7:60: + b8:65:51:ca:65:8e:ef:74:2e:fc:89:23:0b:55:b5:83:d7:0b: + 8c:16:ab:1a:be:3a:79:62:b3:6e:64:d1:c2:48:af:81:0e:d4: + 1f:2e:2f:c7:47:16:79:a9:b9:cc:08:29:2e:da:d5:75:96:53: + b1:be:2c:5a:5a:9c:6b:40:16:e5:92:63:49:64:99:44:c1:bc: + 2a:40:fc:3c:50:c3:dd:07:31:ee:1d:46:38:1b:c8:12:a0:16: + 9d:1c:f6:0e:a7:66:8a:b0:2f:11:19:03:1d:66:6f:fe:cc:3a: + 6c:99:ce:60:b7:f1:e9:56:40:4d:fc:ac:eb:a5:04:de:85:7c: + 19:c7:16:c1:e1:26:43:03:da:f3:50:25:16:99:e0:fa:cd:59: + c7:8b:52:cf:fc:20:d0:68:50:b9:83:36:bb:44:7b:1f:92:5f: + f6:19:5b:91:de:33:2c:f9:80:25:b9:30:4c:fa:92:5b:6d:c2: + 65:10:98:1c:c6:61:51:9e:d0:c9:49:1b:c5:c5:8a:89:72:d0: + b7:ff:db:03:f9:95:f2:a0:de:d9:dc:32:c6:20:02:e1:7c:89: + 2d:6e:72:12:12:c3:97:56:eb:7c:58:88:1f:9d:ad:4c:b4:6a: + 97:4b:0c:87:f3:41:bb:2a:ff:a6:bf:90:70:91:9b:b7:b1:e1: + cc:0f:c6:33:a5:05:03:db:f9:fb:79:5c:20:78:f9:1c:88:d4: + 84:bd:2f:9b:12:30:02:36:cd:8a:f3:42:4a:9c:dc:c3 +-----BEGIN CERTIFICATE----- +MIIJIDCCBQigAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBxjELMAkGA1UEBhMCVVMx +EzARBgNVBAgMClNhbWJhU3RhdGUxEjAQBgNVBAcMCVNhbWJhQ2l0eTEZMBcGA1UE +CgwQU2FtYmFTZWxmVGVzdGluZzEaMBgGA1UECwwRQ0EgQWRtaW5pc3RyYXRpb24x +IDAeBgNVBAMMF0NBIG9mIHNhbWJhLmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkB +FiZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTAeFw0yMDAy +MjgxMzMxMDFaFw00MDAyMjMxMzMxMDFaMIG1MQswCQYDVQQGEwJVUzETMBEGA1UE +CAwKU2FtYmFTdGF0ZTEZMBcGA1UECgwQU2FtYmFTZWxmVGVzdGluZzEOMAwGA1UE +CwwFVXNlcnMxLzAtBgNVBAMMJmFkbWluaXN0cmF0b3JAYWRkb20yLnNhbWJhLmV4 +YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkBFiZhZG1pbmlzdHJhdG9yQGFkZG9tMi5z +YW1iYS5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AOsOsB1TTzwP+JDWM2Rofu18RpbGd5wKB+2ME9rnu7N5Y0vsWipZV3w4aVDAobS6 ++B1WeHeVs0QTEoPfIJUSAeUeGls4aUiG6KYKMvQ4NviEvVupcEjFSSV5cJgjp1g+ +CZdtZ7GV+giGLda3xdIGqlu49ZPmxSCamwyQK8cuIC/oB0UD800s2euckdJozP5X +eFwuV1umDhBquAXOqxIxSeg0fD+RY84+pv/AexuVt5uZqcfs1kW3niTuwCujTKL5 +BFsYLw6LKxaJXcyS+kndCZJyFLqPSL1um4gUmG+8DOO7qdEKqJNrdXCY+ajYD8Xm +qaTls3KBdgdzyT7SQ2L+GjsCAwEAAaOCAiYwggIiMAkGA1UdEwQCMAAwTwYDVR0f +BEgwRjBEoEKgQIY+aHR0cDovL3d3dy5zYW1iYS5leGFtcGxlLmNvbS9jcmxzL0NB +LXNhbWJhLmV4YW1wbGUuY29tLWNybC5jcmwwEQYJYIZIAYb4QgEBBAQDAgWgMAsG +A1UdDwQEAwIF4DBWBglghkgBhvhCAQ0ESRZHU21hcnQgQ2FyZCBMb2dpbiBDZXJ0 +aWZpY2F0ZSBmb3IgYWRtaW5pc3RyYXRvckBhZGRvbTIuc2FtYmEuZXhhbXBsZS5j +b20wHQYDVR0OBBYEFFT72rT5Jliaj8LSCpWwlfbS9huuMB8GA1UdIwQYMBaAFKI+ +Aiqjp005tAhNmcwMdTbqJ8M+MGkGA1UdEQRiMGCBJmFkbWluaXN0cmF0b3JAYWRk +b20yLnNhbWJhLmV4YW1wbGUuY29toDYGCisGAQQBgjcUAgOgKAwmYWRtaW5pc3Ry +YXRvckBhZGRvbTIuc2FtYmEuZXhhbXBsZS5jb20wMQYDVR0SBCowKIEmY2Etc2Ft +YmEuZXhhbXBsZS5jb21Ac2FtYmEuZXhhbXBsZS5jb20wTQYJYIZIAYb4QgEEBEAW +Pmh0dHA6Ly93d3cuc2FtYmEuZXhhbXBsZS5jb20vY3Jscy9DQS1zYW1iYS5leGFt +cGxlLmNvbS1jcmwuY3JsMB8GA1UdJQQYMBYGCCsGAQUFBwMCBgorBgEEAYI3FAIC +MA0GCSqGSIb3DQEBCwUAA4IEAQCjjflOd7pnKGNuPnCRZD9Rs2mr/xAE5DnRmL9+ +x9rTTtUp967K4rH36mc4fruoVTPB3nlqSVZqSIw7Q4sD9DARrO6IKO0RbDczE38l +qtZxmdL4+096RMcgeLIiRBfYVhCiTEgcOq2/gtfl4GbprKERI7P496eEX7fSMIm3 +vD+cYdgSu6T+r1P59yaOvpp5U0e2K9MxYOE5ERHDMrgy0uJtigWu9X73AzMcbAeO +gaQm8g0ir/5IEkioCeKYTrnFBxZdo7JzfEynPiTp2Mxyo4fdx2mNWN0uJ2lytPti +z2bEeouLxAMWtp1/e/VEwgSnF4Cc9zK6OgXhcSgWiGqc+A5eyQuB6ywFPEz/unIQ +2pmV4e/S3ZV90CT2j+AcdSVkgA4Wn8HXdn5FhSeohYDDYkBYG3XDjkAM2fFboGse +R5lPABFoGZN3SxtWlHmV9riSSRTgjytATIJMW6DiD9Tz0Tzz5kzEPSpM6MoQwDmB +ZNtogBIHP5J84AmqQndRHu6tM8iP9PI1K8e3V3wuyCdxyFsa8oP6T4UT6s4LL7d2 +hncAgkYvvxyy3l1SQGRBVAufjITZ3QgCUdAG0Advoe909Nn1MJwVw9aJt/WBWsBE +PZlU6CVWH2O+XPe+8Zwk4FVGxKV+P4IguUrWFIJFFNiRdTPF34acGRekMUo3op65 +EYSr37whK5uWg7cbE3gHssVfl0g7fkMQNGjoJb1RoK4XUmJHPMnwtVWVzWjTX6qF +vur7KorkUD2WW7Op5UXkLdrajfCuwJhHjspGwiFopvkXQaLGIbm8c6fDhKkxt1QE +Myr7VzJHk+Gy/1hb8xlmvGWOACmdVmB9KLJtpanrBHzT59evLf7fHpw7qbugFOQC +f+bnCrI3vf1nMoJPwEGJlprymgTrgu6BigAVXrLQ4XJ0Ry+X+zPxjLkljwJxdbch +EHRPX19hUUpp0QNrelHkCAMfwqcswhC4J5+qARVhcXLWyiN/12C4ZVHKZY7vdC78 +iSMLVbWD1wuMFqsavjp5YrNuZNHCSK+BDtQfLi/HRxZ5qbnMCCku2tV1llOxvixa +WpxrQBblkmNJZJlEwbwqQPw8UMPdBzHuHUY4G8gSoBadHPYOp2aKsC8RGQMdZm/+ +zDpsmc5gt/HpVkBN/KzrpQTehXwZxxbB4SZDA9rzUCUWmeD6zVnHi1LP/CDQaFC5 +gza7RHsfkl/2GVuR3jMs+YAluTBM+pJbbcJlEJgcxmFRntDJSRvFxYqJctC3/9sD ++ZXyoN7Z3DLGIALhfIktbnISEsOXVut8WIgfna1MtGqXSwyH80G7Kv+mv5BwkZu3 +seHMD8YzpQUD2/n7eVwgePkciNSEvS+bEjACNs2K80JKnNzD +-----END CERTIFICATE----- diff --git a/selftest/manage-ca/CA-samba.example.com/NewCerts/08.pem b/selftest/manage-ca/CA-samba.example.com/NewCerts/08.pem new file mode 100644 index 00000000000..794f9c2fbc8 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/NewCerts/08.pem @@ -0,0 +1,169 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 8 (0x8) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=SambaState, L=SambaCity, O=SambaSelfTesting, OU=CA Administration, CN=CA of samba.example.com/emailAddress=ca-samba.example.com@samba.example.com + Validity + Not Before: Feb 28 13:31:30 2020 GMT + Not After : Feb 23 13:31:30 2040 GMT + Subject: C=US, ST=SambaState, O=SambaSelfTesting, OU=Users, CN=pkinit@addom2.samba.example.com/emailAddress=pkinit@addom2.samba.example.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:dc:33:db:43:5e:d5:91:27:95:35:d2:86:b2:e5: + 70:ac:b8:cf:74:01:2c:60:4d:67:b2:2c:2d:ef:c4: + 04:53:4d:08:9b:ce:55:ca:7a:ab:02:29:5d:3d:27: + ee:3e:a3:23:2e:3e:36:8d:f1:ca:8f:a7:4b:8b:a9: + 39:d3:33:39:d0:b9:f4:9b:c4:14:2c:41:67:be:6a: + 32:b6:86:0d:70:0e:eb:6c:b1:d1:ef:92:70:ec:70: + 70:2d:5f:4f:ea:6c:3e:9f:ee:9a:11:32:93:5f:b0: + e3:51:24:e2:33:08:22:ee:69:07:c6:10:a2:3f:43: + 67:3c:0b:48:b6:d1:92:99:22:de:fe:da:28:e9:12: + ba:a7:d6:54:76:c4:3c:56:a7:c9:e4:28:18:fd:89: + 8a:eb:02:42:88:27:59:61:f5:bd:5f:0d:eb:ce:80: + 4a:84:29:e5:38:93:1d:d9:0a:50:e3:eb:72:ec:b2: + 73:16:ab:75:33:3a:74:fd:6c:b8:a9:b9:09:c0:30: + 0a:74:d4:01:3e:00:0e:89:cf:87:aa:19:f5:7b:c4: + 0d:4f:b1:f1:40:59:54:67:28:aa:ca:18:75:7d:96: + d4:4d:99:e3:b1:84:bc:e7:65:80:ea:f6:dd:30:ce: + cf:14:67:b5:27:09:5f:83:a5:8c:87:62:8f:5a:22: + d5:75 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 CRL Distribution Points: + + Full Name: + URI:http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + + Netscape Cert Type: + SSL Client, S/MIME + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + Netscape Comment: + Smart Card Login Certificate for pkinit@addom2.samba.example.com + X509v3 Subject Key Identifier: + 6A:36:04:8E:C5:C3:2C:C9:17:BA:52:66:D3:AB:0D:C3:F2:25:1A:CD + X509v3 Authority Key Identifier: + keyid:A2:3E:02:2A:A3:A7:4D:39:B4:08:4D:99:CC:0C:75:36:EA:27:C3:3E + + X509v3 Subject Alternative Name: + email:pkinit@addom2.samba.example.com, othername: + X509v3 Issuer Alternative Name: + email:ca-samba.example.com@samba.example.com + Netscape CA Revocation Url: + http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + X509v3 Extended Key Usage: + TLS Web Client Authentication, scardLogin + Signature Algorithm: sha256WithRSAEncryption + 4d:5b:aa:28:b6:e0:a4:61:63:ed:09:7a:0e:2b:b2:c9:83:73: + f5:28:17:2b:d5:4e:c7:7b:01:99:5d:b9:c5:93:b3:a5:e2:64: + 33:96:38:55:c4:a4:84:9a:d1:dc:40:56:ec:da:a7:a5:3b:7c: + 91:c7:8d:03:44:44:9d:a5:0a:9e:de:6a:9d:c2:80:49:93:db: + 4d:74:fa:3c:fd:54:de:99:9c:f8:82:63:ba:5e:81:9e:4d:ae: + a2:a1:09:dd:81:5a:3e:81:31:8b:ff:85:32:ae:30:9e:1a:d6: + 04:d9:1c:bd:a5:0e:83:29:86:f4:be:0f:81:9a:84:f4:42:42: + 6d:20:18:16:ef:21:ac:51:b3:34:bd:0f:b5:2c:7e:c5:21:3d: + f7:77:95:1e:8f:45:3e:f8:79:93:ad:35:dd:cd:97:95:fe:b6: + 5f:88:e7:b8:38:54:15:29:61:2f:17:91:99:74:0c:66:9a:55: + 5c:dd:22:19:a1:8e:c1:a5:23:45:a4:85:f2:b2:98:3b:2c:85: + d8:2a:8e:9c:4d:6c:9e:9e:ef:80:24:2f:57:f3:a1:1f:09:c4: + 44:4d:11:d2:84:87:2a:57:f0:cc:9e:38:2c:3a:68:ee:0b:be: + e9:48:67:ff:87:2b:29:03:25:22:8e:00:33:f8:2a:7c:11:91: + 17:42:fc:6c:d1:94:c6:f0:7f:ad:c3:97:cf:9f:cc:a5:be:25: + 33:af:d4:c4:06:17:a7:be:11:bf:51:5e:6e:b8:26:56:1e:d5: + d6:ce:85:05:62:02:62:92:63:48:d9:d2:0b:e4:f9:2c:a2:53: + 4f:5e:3d:31:07:4d:5b:c4:48:bc:d5:f0:66:98:fd:85:45:26: + 4b:98:4f:a2:ac:05:a0:df:ee:4e:c9:9c:2f:3c:ee:74:9d:54: + 83:03:d8:42:a1:ba:57:a1:d4:43:93:a0:94:e3:0c:3b:cb:eb: + e6:05:73:60:18:32:81:25:21:55:14:99:2b:9d:0e:b2:72:31: + 63:73:5a:94:b2:30:e7:16:16:4c:33:68:cb:e6:87:aa:20:c6: + 9c:f1:26:3b:f5:76:7a:9b:07:f7:d9:c0:6c:50:04:d6:14:06: + 37:e5:fc:58:18:d5:a7:c8:29:56:9e:3c:fd:03:96:e8:4e:1a: + 7e:6e:e3:c9:aa:e6:3f:5d:1a:cd:86:f3:17:82:3b:ff:4c:8e: + 6b:d2:11:84:ce:36:cc:c8:fe:31:80:43:23:fa:fe:3c:8c:57: + a0:a1:1e:b9:08:c1:03:af:8f:3b:6b:cb:12:e4:6a:31:94:86: + 7a:17:c5:9f:80:bc:bc:e0:42:7b:5a:57:ef:b7:d3:0c:5f:98: + 71:aa:4e:cf:b4:c7:25:33:96:54:7b:ca:90:79:6f:f8:f0:c3: + e7:9d:e7:d0:67:4d:7b:20:7b:9d:d0:91:4f:ab:a3:a2:99:fa: + 9a:74:37:33:64:0c:bf:b6:94:3f:62:5f:a5:76:1e:60:54:e6: + bf:3a:11:5b:f0:ba:62:12:2e:9b:99:a2:37:9f:4c:b9:e8:8e: + d2:81:1f:0f:26:23:3b:9a:3b:69:70:09:e4:ae:05:65:04:3e: + 55:06:43:1f:5e:fb:2d:e6:03:b6:c4:ca:47:66:f0:d3:2b:a0: + 79:e8:45:a4:df:8f:31:fd:7e:67:ca:50:e0:b0:99:9d:2c:6a: + 16:f0:39:01:da:7f:d7:66:15:d1:99:3b:d7:7c:8a:bf:b7:d4: + b1:d3:fb:e2:fc:75:82:47:fc:96:42:57:ce:4a:d5:12:07:99: + 5b:ae:1a:c2:98:f1:fa:3d:a7:19:88:75:c8:fa:81:60:1f:19: + 21:0c:25:84:a1:c3:88:30:a7:80:da:85:85:e1:42:98:76:37: + ab:48:75:60:2d:1d:f9:05:6e:04:e2:2b:ce:37:75:17:27:0d: + 87:11:d6:2b:fa:37:bf:b7:e3:d2:96:b9:d8:92:18:4a:00:45: + 6d:9d:c6:20:d0:6b:2c:ed:33:06:08:d7:0f:56:44:5e:68:9f: + 9f:20:fc:57:a8:27:68:c9:f5:f5:2e:4d:0b:3c:a9:2e:92:2b: + d3:88:a9:18:27:24:0f:33:90:23:b3:41:99:5b:ec:bd:ef:ba: + 5b:4a:b6:a9:6c:b5:a5:d4:47:1e:9c:e7:32:0c:72:98:e7:8c: + a4:aa:72:8f:2b:90:5f:2d:23:bf:99:62:75:47:2f:9a:79:5e: + 4b:8a:8c:f2:28:df:30:59:6b:62:45:4b:b6:e5:39:ab:77:f0: + 51:4b:b7:6f:42:0a:81:a7:c0:c9:8a:c6:09:2a:e8:35:36:53: + c9:5b:93:dc:a5:1e:17:b1:cc:b4:13:b5:bb:b0:df:b8:cd:68: + 8a:10:18:8c:de:07:33:31:68:6b:f4:6a:dc:d0:17:10:c4:2d: + ec:66:51:c3:01:b3:2a:f0:0e:b9:c2:4d:7c:8d:d8:ab:c0:76: + 79:ca:e6:ff:a4:36:da:c1:8d:2e:13:7d:15:21:72:86:ad:4b: + 1b:73:4f:46:2f:fa:1e:ae:e8:8f:dd:79:6c:46:57:0a:05:ef: + 11:04:ae:a0:c5:13:86:6a:a3:cc:9c:b7:80:ef:18:5f:67:f7: + 43:ef:e2:94:4f:85:06:2f:d1:7a:97:07:ed:89:7d:aa:1e:e0: + cf:52:63:b9:28:95:aa:6d:ca:f2:20:c2:f3:07:83:c5:f4:a2: + ee:20:61:88:34:12:62:05:67:8d:f2:83:25:0b:9a:89 +-----BEGIN CERTIFICATE----- +MIII/TCCBOWgAwIBAgIBCDANBgkqhkiG9w0BAQsFADCBxjELMAkGA1UEBhMCVVMx +EzARBgNVBAgMClNhbWJhU3RhdGUxEjAQBgNVBAcMCVNhbWJhQ2l0eTEZMBcGA1UE +CgwQU2FtYmFTZWxmVGVzdGluZzEaMBgGA1UECwwRQ0EgQWRtaW5pc3RyYXRpb24x +IDAeBgNVBAMMF0NBIG9mIHNhbWJhLmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkB +FiZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTAeFw0yMDAy +MjgxMzMxMzBaFw00MDAyMjMxMzMxMzBaMIGnMQswCQYDVQQGEwJVUzETMBEGA1UE +CAwKU2FtYmFTdGF0ZTEZMBcGA1UECgwQU2FtYmFTZWxmVGVzdGluZzEOMAwGA1UE +CwwFVXNlcnMxKDAmBgNVBAMMH3BraW5pdEBhZGRvbTIuc2FtYmEuZXhhbXBsZS5j +b20xLjAsBgkqhkiG9w0BCQEWH3BraW5pdEBhZGRvbTIuc2FtYmEuZXhhbXBsZS5j +b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcM9tDXtWRJ5U10oay +5XCsuM90ASxgTWeyLC3vxARTTQibzlXKeqsCKV09J+4+oyMuPjaN8cqPp0uLqTnT +MznQufSbxBQsQWe+ajK2hg1wDutssdHvknDscHAtX0/qbD6f7poRMpNfsONRJOIz +CCLuaQfGEKI/Q2c8C0i20ZKZIt7+2ijpErqn1lR2xDxWp8nkKBj9iYrrAkKIJ1lh +9b1fDevOgEqEKeU4kx3ZClDj63LssnMWq3UzOnT9bLipuQnAMAp01AE+AA6Jz4eq +GfV7xA1PsfFAWVRnKKrKGHV9ltRNmeOxhLznZYDq9t0wzs8UZ7UnCV+DpYyHYo9a +ItV1AgMBAAGjggIRMIICDTAJBgNVHRMEAjAAME8GA1UdHwRIMEYwRKBCoECGPmh0 +dHA6Ly93d3cuc2FtYmEuZXhhbXBsZS5jb20vY3Jscy9DQS1zYW1iYS5leGFtcGxl +LmNvbS1jcmwuY3JsMBEGCWCGSAGG+EIBAQQEAwIFoDALBgNVHQ8EBAMCBeAwTwYJ +YIZIAYb4QgENBEIWQFNtYXJ0IENhcmQgTG9naW4gQ2VydGlmaWNhdGUgZm9yIHBr +aW5pdEBhZGRvbTIuc2FtYmEuZXhhbXBsZS5jb20wHQYDVR0OBBYEFGo2BI7FwyzJ +F7pSZtOrDcPyJRrNMB8GA1UdIwQYMBaAFKI+Aiqjp005tAhNmcwMdTbqJ8M+MFsG +A1UdEQRUMFKBH3BraW5pdEBhZGRvbTIuc2FtYmEuZXhhbXBsZS5jb22gLwYKKwYB +BAGCNxQCA6AhDB9wa2luaXRAYWRkb20yLnNhbWJhLmV4YW1wbGUuY29tMDEGA1Ud +EgQqMCiBJmNhLXNhbWJhLmV4YW1wbGUuY29tQHNhbWJhLmV4YW1wbGUuY29tME0G +CWCGSAGG+EIBBARAFj5odHRwOi8vd3d3LnNhbWJhLmV4YW1wbGUuY29tL2NybHMv +Q0Etc2FtYmEuZXhhbXBsZS5jb20tY3JsLmNybDAfBgNVHSUEGDAWBggrBgEFBQcD +AgYKKwYBBAGCNxQCAjANBgkqhkiG9w0BAQsFAAOCBAEATVuqKLbgpGFj7Ql6Diuy +yYNz9SgXK9VOx3sBmV25xZOzpeJkM5Y4VcSkhJrR3EBW7NqnpTt8kceNA0REnaUK +nt5qncKASZPbTXT6PP1U3pmc+IJjul6Bnk2uoqEJ3YFaPoExi/+FMq4wnhrWBNkc +vaUOgymG9L4PgZqE9EJCbSAYFu8hrFGzNL0PtSx+xSE993eVHo9FPvh5k6013c2X +lf62X4jnuDhUFSlhLxeRmXQMZppVXN0iGaGOwaUjRaSF8rKYOyyF2CqOnE1snp7v +gCQvV/OhHwnERE0R0oSHKlfwzJ44LDpo7gu+6Uhn/4crKQMlIo4AM/gqfBGRF0L8 +bNGUxvB/rcOXz5/Mpb4lM6/UxAYXp74Rv1FebrgmVh7V1s6FBWICYpJjSNnSC+T5 +LKJTT149MQdNW8RIvNXwZpj9hUUmS5hPoqwFoN/uTsmcLzzudJ1UgwPYQqG6V6HU +Q5OglOMMO8vr5gVzYBgygSUhVRSZK50OsnIxY3NalLIw5xYWTDNoy+aHqiDGnPEm +O/V2epsH99nAbFAE1hQGN+X8WBjVp8gpVp48/QOW6E4afm7jyarmP10azYbzF4I7 +/0yOa9IRhM42zMj+MYBDI/r+PIxXoKEeuQjBA6+PO2vLEuRqMZSGehfFn4C8vOBC +e1pX77fTDF+YcapOz7THJTOWVHvKkHlv+PDD553n0GdNeyB7ndCRT6ujopn6mnQ3 +M2QMv7aUP2JfpXYeYFTmvzoRW/C6YhIum5miN59MueiO0oEfDyYjO5o7aXAJ5K4F +ZQQ+VQZDH177LeYDtsTKR2bw0yugeehFpN+PMf1+Z8pQ4LCZnSxqFvA5Adp/12YV +0Zk713yKv7fUsdP74vx1gkf8lkJXzkrVEgeZW64awpjx+j2nGYh1yPqBYB8ZIQwl +hKHDiDCngNqFheFCmHY3q0h1YC0d+QVuBOIrzjd1FycNhxHWK/o3v7fj0pa52JIY +SgBFbZ3GINBrLO0zBgjXD1ZEXmifnyD8V6gnaMn19S5NCzypLpIr04ipGCckDzOQ +I7NBmVvsve+6W0q2qWy1pdRHHpznMgxymOeMpKpyjyuQXy0jv5lidUcvmnleS4qM +8ijfMFlrYkVLtuU5q3fwUUu3b0IKgafAyYrGCSroNTZTyVuT3KUeF7HMtBO1u7Df +uM1oihAYjN4HMzFoa/Rq3NAXEMQt7GZRwwGzKvAOucJNfI3Yq8B2ecrm/6Q22sGN +LhN9FSFyhq1LG3NPRi/6Hq7oj915bEZXCgXvEQSuoMUThmqjzJy3gO8YX2f3Q+/i +lE+FBi/RepcH7Yl9qh7gz1JjuSiVqm3K8iDC8weDxfSi7iBhiDQSYgVnjfKDJQua +iQ== +-----END CERTIFICATE----- diff --git a/selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-index.txt b/selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-index.txt index 8f7f1cfba2b..53eb2a5dfd8 100644 --- a/selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-index.txt +++ b/selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-index.txt @@ -4,3 +4,6 @@ V 360311232925Z 02 unknown /C=US/ST=SambaState/O=SambaSelfTesting/OU=Domain Con V 360311232941Z 03 unknown /C=US/ST=SambaState/O=SambaSelfTesting/OU=Users/CN=administrator@addom.samba.example.com/emailAddress=administrator@addom.samba.example.com V 360529193029Z 04 unknown /C=US/ST=SambaState/O=SambaSelfTesting/OU=Users/CN=pkinit@samba.example.com/emailAddress=pkinit@samba.example.com V 360529193047Z 05 unknown /C=US/ST=SambaState/O=SambaSelfTesting/OU=Users/CN=pkinit@addom.samba.example.com/emailAddress=pkinit@addom.samba.example.com +V 400223133028Z 06 unknown /C=US/ST=SambaState/O=SambaSelfTesting/OU=Domain Controllers/CN=addcsmb1.addom2.samba.example.com/emailAddress=ca-samba.example.com@samba.example.com +V 400223133101Z 07 unknown /C=US/ST=SambaState/O=SambaSelfTesting/OU=Users/CN=administrator@addom2.samba.example.com/emailAddress=administrator@addom2.samba.example.com +V 400223133130Z 08 unknown /C=US/ST=SambaState/O=SambaSelfTesting/OU=Users/CN=pkinit@addom2.samba.example.com/emailAddress=pkinit@addom2.samba.example.com diff --git a/selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-index.txt.old b/selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-index.txt.old index 756e7ba1a0e..28644e4671c 100644 --- a/selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-index.txt.old +++ b/selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-index.txt.old @@ -3,3 +3,6 @@ V 360311232904Z 01 unknown /C=US/ST=SambaState/O=SambaSelfTesting/OU=Users/CN=a V 360311232925Z 02 unknown /C=US/ST=SambaState/O=SambaSelfTesting/OU=Domain Controllers/CN=addc.addom.samba.example.com/emailAddress=ca-samba.example.com@samba.example.com V 360311232941Z 03 unknown /C=US/ST=SambaState/O=SambaSelfTesting/OU=Users/CN=administrator@addom.samba.example.com/emailAddress=administrator@addom.samba.example.com V 360529193029Z 04 unknown /C=US/ST=SambaState/O=SambaSelfTesting/OU=Users/CN=pkinit@samba.example.com/emailAddress=pkinit@samba.example.com +V 360529193047Z 05 unknown /C=US/ST=SambaState/O=SambaSelfTesting/OU=Users/CN=pkinit@addom.samba.example.com/emailAddress=pkinit@addom.samba.example.com +V 400223133028Z 06 unknown /C=US/ST=SambaState/O=SambaSelfTesting/OU=Domain Controllers/CN=addcsmb1.addom2.samba.example.com/emailAddress=ca-samba.example.com@samba.example.com +V 400223133101Z 07 unknown /C=US/ST=SambaState/O=SambaSelfTesting/OU=Users/CN=administrator@addom2.samba.example.com/emailAddress=administrator@addom2.samba.example.com diff --git a/selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-serial.txt b/selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-serial.txt index cd672a533b7..86397e5c10b 100644 --- a/selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-serial.txt +++ b/selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-serial.txt @@ -1 +1 @@ -06 +09 diff --git a/selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-serial.txt.old b/selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-serial.txt.old index eeee65ec419..adb9de8ee03 100644 --- a/selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-serial.txt.old +++ b/selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-serial.txt.old @@ -1 +1 @@ -05 +08 diff --git a/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-cert.cer b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-cert.cer new file mode 100644 index 00000000000..918ddc1da49 Binary files /dev/null and b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-cert.cer differ diff --git a/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-cert.pem b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-cert.pem new file mode 100644 index 00000000000..2d0735a30f2 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-cert.pem @@ -0,0 +1,169 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 7 (0x7) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=SambaState, L=SambaCity, O=SambaSelfTesting, OU=CA Administration, CN=CA of samba.example.com/emailAddress=ca-samba.example.com@samba.example.com + Validity + Not Before: Feb 28 13:31:01 2020 GMT + Not After : Feb 23 13:31:01 2040 GMT + Subject: C=US, ST=SambaState, O=SambaSelfTesting, OU=Users, CN=administrator@addom2.samba.example.com/emailAddress=administrator@addom2.samba.example.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:eb:0e:b0:1d:53:4f:3c:0f:f8:90:d6:33:64:68: + 7e:ed:7c:46:96:c6:77:9c:0a:07:ed:8c:13:da:e7: + bb:b3:79:63:4b:ec:5a:2a:59:57:7c:38:69:50:c0: + a1:b4:ba:f8:1d:56:78:77:95:b3:44:13:12:83:df: + 20:95:12:01:e5:1e:1a:5b:38:69:48:86:e8:a6:0a: + 32:f4:38:36:f8:84:bd:5b:a9:70:48:c5:49:25:79: + 70:98:23:a7:58:3e:09:97:6d:67:b1:95:fa:08:86: + 2d:d6:b7:c5:d2:06:aa:5b:b8:f5:93:e6:c5:20:9a: + 9b:0c:90:2b:c7:2e:20:2f:e8:07:45:03:f3:4d:2c: + d9:eb:9c:91:d2:68:cc:fe:57:78:5c:2e:57:5b:a6: + 0e:10:6a:b8:05:ce:ab:12:31:49:e8:34:7c:3f:91: + 63:ce:3e:a6:ff:c0:7b:1b:95:b7:9b:99:a9:c7:ec: + d6:45:b7:9e:24:ee:c0:2b:a3:4c:a2:f9:04:5b:18: + 2f:0e:8b:2b:16:89:5d:cc:92:fa:49:dd:09:92:72: + 14:ba:8f:48:bd:6e:9b:88:14:98:6f:bc:0c:e3:bb: + a9:d1:0a:a8:93:6b:75:70:98:f9:a8:d8:0f:c5:e6: + a9:a4:e5:b3:72:81:76:07:73:c9:3e:d2:43:62:fe: + 1a:3b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 CRL Distribution Points: + + Full Name: + URI:http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + + Netscape Cert Type: + SSL Client, S/MIME + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + Netscape Comment: + Smart Card Login Certificate for administrator@addom2.samba.example.com + X509v3 Subject Key Identifier: + 54:FB:DA:B4:F9:26:58:9A:8F:C2:D2:0A:95:B0:95:F6:D2:F6:1B:AE + X509v3 Authority Key Identifier: + keyid:A2:3E:02:2A:A3:A7:4D:39:B4:08:4D:99:CC:0C:75:36:EA:27:C3:3E + + X509v3 Subject Alternative Name: + email:administrator@addom2.samba.example.com, othername: + X509v3 Issuer Alternative Name: + email:ca-samba.example.com@samba.example.com + Netscape CA Revocation Url: + http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + X509v3 Extended Key Usage: + TLS Web Client Authentication, scardLogin + Signature Algorithm: sha256WithRSAEncryption + a3:8d:f9:4e:77:ba:67:28:63:6e:3e:70:91:64:3f:51:b3:69: + ab:ff:10:04:e4:39:d1:98:bf:7e:c7:da:d3:4e:d5:29:f7:ae: + ca:e2:b1:f7:ea:67:38:7e:bb:a8:55:33:c1:de:79:6a:49:56: + 6a:48:8c:3b:43:8b:03:f4:30:11:ac:ee:88:28:ed:11:6c:37: + 33:13:7f:25:aa:d6:71:99:d2:f8:fb:4f:7a:44:c7:20:78:b2: + 22:44:17:d8:56:10:a2:4c:48:1c:3a:ad:bf:82:d7:e5:e0:66: + e9:ac:a1:11:23:b3:f8:f7:a7:84:5f:b7:d2:30:89:b7:bc:3f: + 9c:61:d8:12:bb:a4:fe:af:53:f9:f7:26:8e:be:9a:79:53:47: + b6:2b:d3:31:60:e1:39:11:11:c3:32:b8:32:d2:e2:6d:8a:05: + ae:f5:7e:f7:03:33:1c:6c:07:8e:81:a4:26:f2:0d:22:af:fe: + 48:12:48:a8:09:e2:98:4e:b9:c5:07:16:5d:a3:b2:73:7c:4c: + a7:3e:24:e9:d8:cc:72:a3:87:dd:c7:69:8d:58:dd:2e:27:69: + 72:b4:fb:62:cf:66:c4:7a:8b:8b:c4:03:16:b6:9d:7f:7b:f5: + 44:c2:04:a7:17:80:9c:f7:32:ba:3a:05:e1:71:28:16:88:6a: + 9c:f8:0e:5e:c9:0b:81:eb:2c:05:3c:4c:ff:ba:72:10:da:99: + 95:e1:ef:d2:dd:95:7d:d0:24:f6:8f:e0:1c:75:25:64:80:0e: + 16:9f:c1:d7:76:7e:45:85:27:a8:85:80:c3:62:40:58:1b:75: + c3:8e:40:0c:d9:f1:5b:a0:6b:1e:47:99:4f:00:11:68:19:93: + 77:4b:1b:56:94:79:95:f6:b8:92:49:14:e0:8f:2b:40:4c:82: + 4c:5b:a0:e2:0f:d4:f3:d1:3c:f3:e6:4c:c4:3d:2a:4c:e8:ca: + 10:c0:39:81:64:db:68:80:12:07:3f:92:7c:e0:09:aa:42:77: + 51:1e:ee:ad:33:c8:8f:f4:f2:35:2b:c7:b7:57:7c:2e:c8:27: + 71:c8:5b:1a:f2:83:fa:4f:85:13:ea:ce:0b:2f:b7:76:86:77: + 00:82:46:2f:bf:1c:b2:de:5d:52:40:64:41:54:0b:9f:8c:84: + d9:dd:08:02:51:d0:06:d0:07:6f:a1:ef:74:f4:d9:f5:30:9c: + 15:c3:d6:89:b7:f5:81:5a:c0:44:3d:99:54:e8:25:56:1f:63: + be:5c:f7:be:f1:9c:24:e0:55:46:c4:a5:7e:3f:82:20:b9:4a: + d6:14:82:45:14:d8:91:75:33:c5:df:86:9c:19:17:a4:31:4a: + 37:a2:9e:b9:11:84:ab:df:bc:21:2b:9b:96:83:b7:1b:13:78: + 07:b2:c5:5f:97:48:3b:7e:43:10:34:68:e8:25:bd:51:a0:ae: + 17:52:62:47:3c:c9:f0:b5:55:95:cd:68:d3:5f:aa:85:be:ea: + fb:2a:8a:e4:50:3d:96:5b:b3:a9:e5:45:e4:2d:da:da:8d:f0: + ae:c0:98:47:8e:ca:46:c2:21:68:a6:f9:17:41:a2:c6:21:b9: + bc:73:a7:c3:84:a9:31:b7:54:04:33:2a:fb:57:32:47:93:e1: + b2:ff:58:5b:f3:19:66:bc:65:8e:00:29:9d:56:60:7d:28:b2: + 6d:a5:a9:eb:04:7c:d3:e7:d7:af:2d:fe:df:1e:9c:3b:a9:bb: + a0:14:e4:02:7f:e6:e7:0a:b2:37:bd:fd:67:32:82:4f:c0:41: + 89:96:9a:f2:9a:04:eb:82:ee:81:8a:00:15:5e:b2:d0:e1:72: + 74:47:2f:97:fb:33:f1:8c:b9:25:8f:02:71:75:b7:21:10:74: + 4f:5f:5f:61:51:4a:69:d1:03:6b:7a:51:e4:08:03:1f:c2:a7: + 2c:c2:10:b8:27:9f:aa:01:15:61:71:72:d6:ca:23:7f:d7:60: + b8:65:51:ca:65:8e:ef:74:2e:fc:89:23:0b:55:b5:83:d7:0b: + 8c:16:ab:1a:be:3a:79:62:b3:6e:64:d1:c2:48:af:81:0e:d4: + 1f:2e:2f:c7:47:16:79:a9:b9:cc:08:29:2e:da:d5:75:96:53: + b1:be:2c:5a:5a:9c:6b:40:16:e5:92:63:49:64:99:44:c1:bc: + 2a:40:fc:3c:50:c3:dd:07:31:ee:1d:46:38:1b:c8:12:a0:16: + 9d:1c:f6:0e:a7:66:8a:b0:2f:11:19:03:1d:66:6f:fe:cc:3a: + 6c:99:ce:60:b7:f1:e9:56:40:4d:fc:ac:eb:a5:04:de:85:7c: + 19:c7:16:c1:e1:26:43:03:da:f3:50:25:16:99:e0:fa:cd:59: + c7:8b:52:cf:fc:20:d0:68:50:b9:83:36:bb:44:7b:1f:92:5f: + f6:19:5b:91:de:33:2c:f9:80:25:b9:30:4c:fa:92:5b:6d:c2: + 65:10:98:1c:c6:61:51:9e:d0:c9:49:1b:c5:c5:8a:89:72:d0: + b7:ff:db:03:f9:95:f2:a0:de:d9:dc:32:c6:20:02:e1:7c:89: + 2d:6e:72:12:12:c3:97:56:eb:7c:58:88:1f:9d:ad:4c:b4:6a: + 97:4b:0c:87:f3:41:bb:2a:ff:a6:bf:90:70:91:9b:b7:b1:e1: + cc:0f:c6:33:a5:05:03:db:f9:fb:79:5c:20:78:f9:1c:88:d4: + 84:bd:2f:9b:12:30:02:36:cd:8a:f3:42:4a:9c:dc:c3 +-----BEGIN CERTIFICATE----- +MIIJIDCCBQigAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBxjELMAkGA1UEBhMCVVMx +EzARBgNVBAgMClNhbWJhU3RhdGUxEjAQBgNVBAcMCVNhbWJhQ2l0eTEZMBcGA1UE +CgwQU2FtYmFTZWxmVGVzdGluZzEaMBgGA1UECwwRQ0EgQWRtaW5pc3RyYXRpb24x +IDAeBgNVBAMMF0NBIG9mIHNhbWJhLmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkB +FiZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTAeFw0yMDAy +MjgxMzMxMDFaFw00MDAyMjMxMzMxMDFaMIG1MQswCQYDVQQGEwJVUzETMBEGA1UE +CAwKU2FtYmFTdGF0ZTEZMBcGA1UECgwQU2FtYmFTZWxmVGVzdGluZzEOMAwGA1UE +CwwFVXNlcnMxLzAtBgNVBAMMJmFkbWluaXN0cmF0b3JAYWRkb20yLnNhbWJhLmV4 +YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkBFiZhZG1pbmlzdHJhdG9yQGFkZG9tMi5z +YW1iYS5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AOsOsB1TTzwP+JDWM2Rofu18RpbGd5wKB+2ME9rnu7N5Y0vsWipZV3w4aVDAobS6 ++B1WeHeVs0QTEoPfIJUSAeUeGls4aUiG6KYKMvQ4NviEvVupcEjFSSV5cJgjp1g+ +CZdtZ7GV+giGLda3xdIGqlu49ZPmxSCamwyQK8cuIC/oB0UD800s2euckdJozP5X +eFwuV1umDhBquAXOqxIxSeg0fD+RY84+pv/AexuVt5uZqcfs1kW3niTuwCujTKL5 +BFsYLw6LKxaJXcyS+kndCZJyFLqPSL1um4gUmG+8DOO7qdEKqJNrdXCY+ajYD8Xm +qaTls3KBdgdzyT7SQ2L+GjsCAwEAAaOCAiYwggIiMAkGA1UdEwQCMAAwTwYDVR0f +BEgwRjBEoEKgQIY+aHR0cDovL3d3dy5zYW1iYS5leGFtcGxlLmNvbS9jcmxzL0NB +LXNhbWJhLmV4YW1wbGUuY29tLWNybC5jcmwwEQYJYIZIAYb4QgEBBAQDAgWgMAsG +A1UdDwQEAwIF4DBWBglghkgBhvhCAQ0ESRZHU21hcnQgQ2FyZCBMb2dpbiBDZXJ0 +aWZpY2F0ZSBmb3IgYWRtaW5pc3RyYXRvckBhZGRvbTIuc2FtYmEuZXhhbXBsZS5j +b20wHQYDVR0OBBYEFFT72rT5Jliaj8LSCpWwlfbS9huuMB8GA1UdIwQYMBaAFKI+ +Aiqjp005tAhNmcwMdTbqJ8M+MGkGA1UdEQRiMGCBJmFkbWluaXN0cmF0b3JAYWRk +b20yLnNhbWJhLmV4YW1wbGUuY29toDYGCisGAQQBgjcUAgOgKAwmYWRtaW5pc3Ry +YXRvckBhZGRvbTIuc2FtYmEuZXhhbXBsZS5jb20wMQYDVR0SBCowKIEmY2Etc2Ft +YmEuZXhhbXBsZS5jb21Ac2FtYmEuZXhhbXBsZS5jb20wTQYJYIZIAYb4QgEEBEAW +Pmh0dHA6Ly93d3cuc2FtYmEuZXhhbXBsZS5jb20vY3Jscy9DQS1zYW1iYS5leGFt +cGxlLmNvbS1jcmwuY3JsMB8GA1UdJQQYMBYGCCsGAQUFBwMCBgorBgEEAYI3FAIC +MA0GCSqGSIb3DQEBCwUAA4IEAQCjjflOd7pnKGNuPnCRZD9Rs2mr/xAE5DnRmL9+ +x9rTTtUp967K4rH36mc4fruoVTPB3nlqSVZqSIw7Q4sD9DARrO6IKO0RbDczE38l +qtZxmdL4+096RMcgeLIiRBfYVhCiTEgcOq2/gtfl4GbprKERI7P496eEX7fSMIm3 +vD+cYdgSu6T+r1P59yaOvpp5U0e2K9MxYOE5ERHDMrgy0uJtigWu9X73AzMcbAeO +gaQm8g0ir/5IEkioCeKYTrnFBxZdo7JzfEynPiTp2Mxyo4fdx2mNWN0uJ2lytPti +z2bEeouLxAMWtp1/e/VEwgSnF4Cc9zK6OgXhcSgWiGqc+A5eyQuB6ywFPEz/unIQ +2pmV4e/S3ZV90CT2j+AcdSVkgA4Wn8HXdn5FhSeohYDDYkBYG3XDjkAM2fFboGse +R5lPABFoGZN3SxtWlHmV9riSSRTgjytATIJMW6DiD9Tz0Tzz5kzEPSpM6MoQwDmB +ZNtogBIHP5J84AmqQndRHu6tM8iP9PI1K8e3V3wuyCdxyFsa8oP6T4UT6s4LL7d2 +hncAgkYvvxyy3l1SQGRBVAufjITZ3QgCUdAG0Advoe909Nn1MJwVw9aJt/WBWsBE +PZlU6CVWH2O+XPe+8Zwk4FVGxKV+P4IguUrWFIJFFNiRdTPF34acGRekMUo3op65 +EYSr37whK5uWg7cbE3gHssVfl0g7fkMQNGjoJb1RoK4XUmJHPMnwtVWVzWjTX6qF +vur7KorkUD2WW7Op5UXkLdrajfCuwJhHjspGwiFopvkXQaLGIbm8c6fDhKkxt1QE +Myr7VzJHk+Gy/1hb8xlmvGWOACmdVmB9KLJtpanrBHzT59evLf7fHpw7qbugFOQC +f+bnCrI3vf1nMoJPwEGJlprymgTrgu6BigAVXrLQ4XJ0Ry+X+zPxjLkljwJxdbch +EHRPX19hUUpp0QNrelHkCAMfwqcswhC4J5+qARVhcXLWyiN/12C4ZVHKZY7vdC78 +iSMLVbWD1wuMFqsavjp5YrNuZNHCSK+BDtQfLi/HRxZ5qbnMCCku2tV1llOxvixa +WpxrQBblkmNJZJlEwbwqQPw8UMPdBzHuHUY4G8gSoBadHPYOp2aKsC8RGQMdZm/+ +zDpsmc5gt/HpVkBN/KzrpQTehXwZxxbB4SZDA9rzUCUWmeD6zVnHi1LP/CDQaFC5 +gza7RHsfkl/2GVuR3jMs+YAluTBM+pJbbcJlEJgcxmFRntDJSRvFxYqJctC3/9sD ++ZXyoN7Z3DLGIALhfIktbnISEsOXVut8WIgfna1MtGqXSwyH80G7Kv+mv5BwkZu3 +seHMD8YzpQUD2/n7eVwgePkciNSEvS+bEjACNs2K80JKnNzD +-----END CERTIFICATE----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-key.pem b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-key.pem new file mode 100644 index 00000000000..a02f6ed50d8 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-key.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIxaygDRmw72ICAggA +MBQGCCqGSIb3DQMHBAgu9NwWonUgGwSCBMjCCAaRQSglNmeXddY1GpRd9s7mCp0a +vUHtfHk4qSiPpw/qURTJfeMtZU0XTFeMd9ZSIDIuV9CVUPaaCqASlUwbmJRaGPdS +1O3xP+0V3VaB3k1c6rCdpERXf/moNSwEnnL2i6twOkW7I9+N7jIqFpeh8RHG1iEJ +ys8jm6ojtvGRQpF0aT5eboydb5f4d3vq59HXvm/h55LlzC5uao7Kuk03oU5uUeZm +CDWBwHkgBvsbD/fVaIjHrdMqsCeXQ7AMd8caJsm3GZqorCw/IzrVWXRz30Ianv/u +WzajtVtYBA69gRHPiiZ9jHbf7DR2TDRA8azpCWFpBBcp37je5RkigBAsZQDhLuN0 +oe9rk/RkIEYEhteSFnkr6AaG/44ln3EEEM3QUKuGQMi5yTQ1qHXcqHRaivR6mO9A +IOTxQ2dFdz+lbZwqas6TIEVarm1uBbeJUWtC3XRd1T1zOKmBHShUcOAyPC01Tbwc +qjFDlx1DC3c+mCNHrBgKZ71KDld6GGOPjIbAuEn6Clvo618bFlofgRa9qHTJ08KG +dxNpjpVkRCBmanTrZj5V0DFW2iEpNCoAi/eCirm82hvet4zofoS46wdoN2DBabCy +WqqrP6VHq1YRC8K6z9jimhoNmamuVYsLDBr6uDcNqX8dkgMU/AGZH0iefuJgN9iZ +sDaOU9RLTdFOlUGJ1VD5+VJVaikTQacEfsmgfz+sh8hshXGU5y1yHLC3wzXZ0ESc +ZStyFbI/a+Loul7eTulnAnDLkmHJIBXQZ/ARiY1G07iydHGLY0NZjPfPEJ42d2aM +C3DBN6AvZvZx9dAFMVLxIIfsdSiHRfiDLARO5N/frkSp8+5TFswBNLcz+1J/mVdw +VGubugfKyqJLYPhCNhk46c77Fj/OaCOOaJZBW7hmyUZY67p/K/XUFK0zsrrnGRp8 +igPM8KEOHsdcZsgDXI1gXOc33lBcOa0u9gIT7Ec8TtBo/5sqOBdPKuYniOKiO9Oy +dPeyPUqIikzgp5n/SbdHA5V35hvE1Nf8RwiR1xrFkeHOnLHlmDXNOuw/oKr2P6jw +KsvooGxZT4yT8g8D58jVs2yIn/dFjfk380hxB7aMaxyYf+4MjCYT/zYnP2/bEdcz +/k86GfmHUqT322n6SiHw4QH1blJRkOPNUehMBt3Sr5G1Mq0cCWsFuaBfmy3CcCqW +jx7DSYLaHRZxnELFceXWrJe8qCyLoFKETIMKw8g6lsvKMmAePD6DN284tJPxzXs9 +1FfRTeDgpBsbx19/vv5CgIzvcUqcFkGHHtlo2LYYYLYzflWcYtdYrfsHeNGjjk6Z +SfQcHDuQ4NeS8cgt8AyOyj5pWaD4Xiz0anrM1sry1NT82aQzEU+bIiMSnBxHGVhX +1hHDR4JATfbU7PDGpy648MIN6Ox7cHW+maRLH/MyLtavnrkFSnvf6aFt58IfKga3 +GwsCzUoXWLdSEicGPPcgW0+S9NL/C8xu67n//oijIe/9eHuw9R9J7u6hhjmWTk/S +Osq7ilvRc6ueKkFjysR+HBtQgfwXoTHXb2X5tpCBUKVJkOlin6JJW0CIfdeBKgjQ +R4hEhQ4aXHCG+IZ29IAXRvAPyrdw5Zv7lBZl5hKXk+KKMshAkR0nLBkiRJw45fR5 +SJk= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-openssl.cnf b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-openssl.cnf new file mode 100644 index 00000000000..35a120e83a6 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-openssl.cnf @@ -0,0 +1,242 @@ +# +# Based on the OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +#CRLDISTPT = [CRL Distribution Point; e.g., http://crl-list.base/w4edom-l4.base.crl] +CRLDISTPT = http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + +# Extra OBJECT IDENTIFIER info: +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] +# Ordinarily, certificates must have this oid as an enhanced key usage in order for Windows to allow them to be used as a login credential +scardLogin=1.3.6.1.4.1.311.20.2.2 +# Used in a smart card login certificate's subject alternative name +msUPN=1.3.6.1.4.1.311.20.2.3 +# Ordinarily, certificates must have this oid as an enhanced key usage in order for Windows to allow them to be used to identify a domain controller +msKDC=1.3.6.1.5.2.3.5 +# Identifies the AD GUID +msADGUID=1.3.6.1.4.1.311.25.1 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = CA-samba.example.com # Where everything is kept +certs = $dir/_none_certs # Where the issued certs are kept +crl_dir = $dir/_none_crl # Where the issued crl are kept +database = $dir/Private/CA-samba.example.com-index.txt # database index file. +unique_subject = yes # Set to 'no' to allow creation of + # several certificates with same subject. +new_certs_dir = $dir/NewCerts # default place for new certs. + +certificate = $dir/Public/CA-samba.example.com-cert.pem # The CA certificate +serial = $dir/Private/CA-samba.example.com-serial.txt # The current serial number +crlnumber = $dir/Private/CA-samba.example.com-crlnumber.txt # the current crl number + # must be commented out to leave a V1 CRL + +#crl = $dir/Public/CA-samba.example.com-crl.pem # The current CRL +crl = $dir/Public/CA-samba.example.com-crl.crl # The current CRL +private_key = $dir/Private/CA-samba.example.com-private-key.pem # The private key +RANDFILE = $dir/Private/CA-samba.example.com.rand # private random number file + +#x509_extensions = # The extensions to add to the cert +x509_extensions = template_x509_extensions + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +crl_extensions = crl_ext + +default_days = 7300 # how long to certify for +default_crl_days= 7300 # how long before next CRL +default_md = sha256 # use public key default MD +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = match +stateOrProvinceName = match +localityName = match +organizationName = match +organizationalUnitName = match +commonName = supplied +emailAddress = supplied + +#################################################################### +[ req ] +default_bits = 2048 +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extensions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString (PKIX recommendation before 2004) +# utf8only: only UTF8Strings (PKIX recommendation after 2004). +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. +string_mask = utf8only + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = US +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = SambaState + +localityName = Locality Name (eg, city) +localityName_default = SambaCity + +organizationName = Organization Name (eg, company) +organizationName_default = SambaSelfTesting + +organizationalUnitName = Organizational Unit Name (eg, section) +organizationalUnitName_default = Users + +commonName = Common Name (eg, YOUR name) +commonName_default = administrator@addom2.samba.example.com +commonName_max = 64 + +emailAddress = Email Address +emailAddress_default = administrator@addom2.samba.example.com +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +#challengePassword = A challenge password +#challengePassword_min = 4 +#challengePassword_max = 20 +# +#unstructuredName = An optional company name + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] +# Extensions for a typical CA +# PKIX recommendation. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. +keyUsage = cRLSign, keyCertSign + +crlDistributionPoints=URI:$CRLDISTPT + +# Some might want this also +nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +subjectAltName=email:copy +# Copy issuer details +issuerAltName=issuer:copy + +[ crl_ext ] +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always + +#[ usr_cert_scarduser ] +[ template_x509_extensions ] + +# These extensions are added when 'ca' signs a request for a certificate that will be used to login from a smart card + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE +crlDistributionPoints=URI:$CRLDISTPT + +# For normal client use this is typical +nsCertType = client, email + +# This is typical in keyUsage for a client certificate. +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "Smart Card Login Certificate for administrator@addom2.samba.example.com" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. + +subjectAltName=email:copy,otherName:msUPN;UTF8:administrator@addom2.samba.example.com + +# Copy subject details +issuerAltName=issuer:copy + +nsCaRevocationUrl = $CRLDISTPT +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +#Extended Key requirements for client certs +extendedKeyUsage = clientAuth,scardLogin + diff --git a/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-private-key.pem b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-private-key.pem new file mode 100644 index 00000000000..bfd9bf6f782 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-private-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA6w6wHVNPPA/4kNYzZGh+7XxGlsZ3nAoH7YwT2ue7s3ljS+xa +KllXfDhpUMChtLr4HVZ4d5WzRBMSg98glRIB5R4aWzhpSIbopgoy9Dg2+IS9W6lw +SMVJJXlwmCOnWD4Jl21nsZX6CIYt1rfF0gaqW7j1k+bFIJqbDJArxy4gL+gHRQPz +TSzZ65yR0mjM/ld4XC5XW6YOEGq4Bc6rEjFJ6DR8P5Fjzj6m/8B7G5W3m5mpx+zW +RbeeJO7AK6NMovkEWxgvDosrFoldzJL6Sd0JknIUuo9IvW6biBSYb7wM47up0Qqo +k2t1cJj5qNgPxeappOWzcoF2B3PJPtJDYv4aOwIDAQABAoIBAGEgSJVVf0AKOWNf +nwy2QPxQhbp3d6T6YBw/7VRevKiEWAtfNkKZeBTUGnBLqIXNXAiDWnPPX6uZVeU3 +pXbzYeUSc0GOJbLaS/eP704KjGxULQpbERKAsqDRdTzoPpWvzLbNdjNjDVXIW9iF +RzBpoKsV2iOrD3lRaQ/f4rcC0Dn6k3ViM14twahAZI9TU/LcUQhmjI4xkmEOZtxi +yocK+aibj4NYiOPfDFOVmNUJnKzsBiMFH++1YlzC1BlWL+ILwA/paBxGMz7/dMPO +3kHJttV9IAZ9EoxDCRxREXOFjKEIdo/mVAIoh+IlELo9z5SDsgL/5ny/8+X3+cK+ +a9BCQcECgYEA/NHSgTC/Bf/REb+nqYhF2QLe0EUIbJAaVy9QZEkWouwdjpV4GFZ+ +cnDYP2V2NP0D3jrWr9Nfhr3vb2liraFZaMcHLJ11Ke+vUEsSLut5qTpp+L66OhDO +m7kHk1ilH2Y5GbgfV4w7QgWKXymk+OT+1G5M22Ssc79vGo+qfd/A+oUCgYEA7gOq +EJ+Ok4FKqSRNGDW1BGspqr1khsefow+6VdFyX7WhejDxUsMTnvENx0udt39ExNRM +C3o8Fu2kLQXq7F8QpryWy3t2gpPOS31ihhZkDRXR6F8VVMTF6eIDSPXl/r8usgz/ +2a7P6Etl2c3KZz+2PCeuKCzuCRuDNc4pONuDvb8CgYA70xrQ30wUi1hZrtRp1YlR +tNAs0GkR53eUMeoAERt+KglEeDIW8ECzq+g/+C5kk4qax6mNqaLtK3zBDFsBYzDZ +Dl+wOwJCjikaAummmKoNVXlGFzvSCbAaQUp9n3hTWckhQOSJvvE2ykDYC+6xxt5W +PlOJhuUX7rDHxD8/0fbEUQKBgQChZDyyTu8n2DjfHm1kaC6Zk2zKiOgceEooEKci +QAaVHZ0kNQG+Q+cPFJdqNzz3y0W/TdFOyxDp3zQ/D08v/npVBXYe/lXqzvzItXnU +QGSRduVB8w+Mzm0BXa8qjwroxYyNUUE/w0jZVB75JJEFl+8jNSjjtyulY1GCb4wG +MNtREwKBgCxPG7IYC5YTubvUE6AH9ZVm1e1QxEKF8v8YYlVwLTlmZQYVBNEQw0+M +WPScm27j3qUJG7AHG9R+nSSj3A9IeUY0trD5KCMTNuQQcXK1e0kdOlR2uGd2YUL5 +hZ9g7PjNolIpCV5Ifi6Lb8JbAOyvbcgEljGse9hN1gppmbnNndU1 +-----END RSA PRIVATE KEY----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-private.p12 b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-private.p12 new file mode 100644 index 00000000000..8c5f7690a02 Binary files /dev/null and b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-private.p12 differ diff --git a/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-req.pem b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-req.pem new file mode 100644 index 00000000000..db7f078735e --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-req.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIDDzCCAfcCAQAwgckxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApTYW1iYVN0YXRl +MRIwEAYDVQQHDAlTYW1iYUNpdHkxGTAXBgNVBAoMEFNhbWJhU2VsZlRlc3Rpbmcx +DjAMBgNVBAsMBVVzZXJzMS8wLQYDVQQDDCZhZG1pbmlzdHJhdG9yQGFkZG9tMi5z +YW1iYS5leGFtcGxlLmNvbTE1MDMGCSqGSIb3DQEJARYmYWRtaW5pc3RyYXRvckBh +ZGRvbTIuc2FtYmEuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQDrDrAdU088D/iQ1jNkaH7tfEaWxnecCgftjBPa57uzeWNL7FoqWVd8 +OGlQwKG0uvgdVnh3lbNEExKD3yCVEgHlHhpbOGlIhuimCjL0ODb4hL1bqXBIxUkl +eXCYI6dYPgmXbWexlfoIhi3Wt8XSBqpbuPWT5sUgmpsMkCvHLiAv6AdFA/NNLNnr +nJHSaMz+V3hcLldbpg4QargFzqsSMUnoNHw/kWPOPqb/wHsblbebmanH7NZFt54k +7sAro0yi+QRbGC8OiysWiV3MkvpJ3QmSchS6j0i9bpuIFJhvvAzju6nRCqiTa3Vw +mPmo2A/F5qmk5bNygXYHc8k+0kNi/ho7AgMBAAGgADANBgkqhkiG9w0BAQsFAAOC +AQEAJndP6nZGzsmKplQ/4elWObJD5ye2mN64G9+Tcd+A1Y1j9XpizETi+IrikScJ +T1BDqUhCVT5fjCy3qgKBD5zeHmakZltcRki8HJT7eWWZFXhEB+buQ9KBgrrS/dX+ +6wflVgrSfe3x+506Dx6y8UDWDVy2P1r/X64uqcxOLUdrG+p8T8OYalNYcO5qQ4Dn +b5ei4bIAeE9UebUvPxfdN5UT/S/fL33fVCr8OTT60/QL4ez0KjFCLeeEv94qVaqW +Hxe9ykS7S446RhANWvH6VAeSY2Bhm+WPu9urtRe4m8qR6JC27cOAubHID9szA0ID +eHTbyblfQdALQ08lUDpNuJDVCQ== +-----END CERTIFICATE REQUEST----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-cert.pem b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-cert.pem new file mode 120000 index 00000000000..0e23e5bede3 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-cert.pem @@ -0,0 +1 @@ +USER-administrator@addom2.samba.example.com-S07-cert.pem \ No newline at end of file diff --git a/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-private-key.pem b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-private-key.pem new file mode 120000 index 00000000000..5a874f3175a --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-private-key.pem @@ -0,0 +1 @@ +USER-administrator@addom2.samba.example.com-S07-private-key.pem \ No newline at end of file diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-cert.cer b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-cert.cer new file mode 100644 index 00000000000..857f73de313 Binary files /dev/null and b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-cert.cer differ diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-cert.pem b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-cert.pem new file mode 100644 index 00000000000..794f9c2fbc8 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-cert.pem @@ -0,0 +1,169 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 8 (0x8) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=SambaState, L=SambaCity, O=SambaSelfTesting, OU=CA Administration, CN=CA of samba.example.com/emailAddress=ca-samba.example.com@samba.example.com + Validity + Not Before: Feb 28 13:31:30 2020 GMT + Not After : Feb 23 13:31:30 2040 GMT + Subject: C=US, ST=SambaState, O=SambaSelfTesting, OU=Users, CN=pkinit@addom2.samba.example.com/emailAddress=pkinit@addom2.samba.example.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:dc:33:db:43:5e:d5:91:27:95:35:d2:86:b2:e5: + 70:ac:b8:cf:74:01:2c:60:4d:67:b2:2c:2d:ef:c4: + 04:53:4d:08:9b:ce:55:ca:7a:ab:02:29:5d:3d:27: + ee:3e:a3:23:2e:3e:36:8d:f1:ca:8f:a7:4b:8b:a9: + 39:d3:33:39:d0:b9:f4:9b:c4:14:2c:41:67:be:6a: + 32:b6:86:0d:70:0e:eb:6c:b1:d1:ef:92:70:ec:70: + 70:2d:5f:4f:ea:6c:3e:9f:ee:9a:11:32:93:5f:b0: + e3:51:24:e2:33:08:22:ee:69:07:c6:10:a2:3f:43: + 67:3c:0b:48:b6:d1:92:99:22:de:fe:da:28:e9:12: + ba:a7:d6:54:76:c4:3c:56:a7:c9:e4:28:18:fd:89: + 8a:eb:02:42:88:27:59:61:f5:bd:5f:0d:eb:ce:80: + 4a:84:29:e5:38:93:1d:d9:0a:50:e3:eb:72:ec:b2: + 73:16:ab:75:33:3a:74:fd:6c:b8:a9:b9:09:c0:30: + 0a:74:d4:01:3e:00:0e:89:cf:87:aa:19:f5:7b:c4: + 0d:4f:b1:f1:40:59:54:67:28:aa:ca:18:75:7d:96: + d4:4d:99:e3:b1:84:bc:e7:65:80:ea:f6:dd:30:ce: + cf:14:67:b5:27:09:5f:83:a5:8c:87:62:8f:5a:22: + d5:75 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 CRL Distribution Points: + + Full Name: + URI:http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + + Netscape Cert Type: + SSL Client, S/MIME + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + Netscape Comment: + Smart Card Login Certificate for pkinit@addom2.samba.example.com + X509v3 Subject Key Identifier: + 6A:36:04:8E:C5:C3:2C:C9:17:BA:52:66:D3:AB:0D:C3:F2:25:1A:CD + X509v3 Authority Key Identifier: + keyid:A2:3E:02:2A:A3:A7:4D:39:B4:08:4D:99:CC:0C:75:36:EA:27:C3:3E + + X509v3 Subject Alternative Name: + email:pkinit@addom2.samba.example.com, othername: + X509v3 Issuer Alternative Name: + email:ca-samba.example.com@samba.example.com + Netscape CA Revocation Url: + http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + X509v3 Extended Key Usage: + TLS Web Client Authentication, scardLogin + Signature Algorithm: sha256WithRSAEncryption + 4d:5b:aa:28:b6:e0:a4:61:63:ed:09:7a:0e:2b:b2:c9:83:73: + f5:28:17:2b:d5:4e:c7:7b:01:99:5d:b9:c5:93:b3:a5:e2:64: + 33:96:38:55:c4:a4:84:9a:d1:dc:40:56:ec:da:a7:a5:3b:7c: + 91:c7:8d:03:44:44:9d:a5:0a:9e:de:6a:9d:c2:80:49:93:db: + 4d:74:fa:3c:fd:54:de:99:9c:f8:82:63:ba:5e:81:9e:4d:ae: + a2:a1:09:dd:81:5a:3e:81:31:8b:ff:85:32:ae:30:9e:1a:d6: + 04:d9:1c:bd:a5:0e:83:29:86:f4:be:0f:81:9a:84:f4:42:42: + 6d:20:18:16:ef:21:ac:51:b3:34:bd:0f:b5:2c:7e:c5:21:3d: + f7:77:95:1e:8f:45:3e:f8:79:93:ad:35:dd:cd:97:95:fe:b6: + 5f:88:e7:b8:38:54:15:29:61:2f:17:91:99:74:0c:66:9a:55: + 5c:dd:22:19:a1:8e:c1:a5:23:45:a4:85:f2:b2:98:3b:2c:85: + d8:2a:8e:9c:4d:6c:9e:9e:ef:80:24:2f:57:f3:a1:1f:09:c4: + 44:4d:11:d2:84:87:2a:57:f0:cc:9e:38:2c:3a:68:ee:0b:be: + e9:48:67:ff:87:2b:29:03:25:22:8e:00:33:f8:2a:7c:11:91: + 17:42:fc:6c:d1:94:c6:f0:7f:ad:c3:97:cf:9f:cc:a5:be:25: + 33:af:d4:c4:06:17:a7:be:11:bf:51:5e:6e:b8:26:56:1e:d5: + d6:ce:85:05:62:02:62:92:63:48:d9:d2:0b:e4:f9:2c:a2:53: + 4f:5e:3d:31:07:4d:5b:c4:48:bc:d5:f0:66:98:fd:85:45:26: + 4b:98:4f:a2:ac:05:a0:df:ee:4e:c9:9c:2f:3c:ee:74:9d:54: + 83:03:d8:42:a1:ba:57:a1:d4:43:93:a0:94:e3:0c:3b:cb:eb: + e6:05:73:60:18:32:81:25:21:55:14:99:2b:9d:0e:b2:72:31: + 63:73:5a:94:b2:30:e7:16:16:4c:33:68:cb:e6:87:aa:20:c6: + 9c:f1:26:3b:f5:76:7a:9b:07:f7:d9:c0:6c:50:04:d6:14:06: + 37:e5:fc:58:18:d5:a7:c8:29:56:9e:3c:fd:03:96:e8:4e:1a: + 7e:6e:e3:c9:aa:e6:3f:5d:1a:cd:86:f3:17:82:3b:ff:4c:8e: + 6b:d2:11:84:ce:36:cc:c8:fe:31:80:43:23:fa:fe:3c:8c:57: + a0:a1:1e:b9:08:c1:03:af:8f:3b:6b:cb:12:e4:6a:31:94:86: + 7a:17:c5:9f:80:bc:bc:e0:42:7b:5a:57:ef:b7:d3:0c:5f:98: + 71:aa:4e:cf:b4:c7:25:33:96:54:7b:ca:90:79:6f:f8:f0:c3: + e7:9d:e7:d0:67:4d:7b:20:7b:9d:d0:91:4f:ab:a3:a2:99:fa: + 9a:74:37:33:64:0c:bf:b6:94:3f:62:5f:a5:76:1e:60:54:e6: + bf:3a:11:5b:f0:ba:62:12:2e:9b:99:a2:37:9f:4c:b9:e8:8e: + d2:81:1f:0f:26:23:3b:9a:3b:69:70:09:e4:ae:05:65:04:3e: + 55:06:43:1f:5e:fb:2d:e6:03:b6:c4:ca:47:66:f0:d3:2b:a0: + 79:e8:45:a4:df:8f:31:fd:7e:67:ca:50:e0:b0:99:9d:2c:6a: + 16:f0:39:01:da:7f:d7:66:15:d1:99:3b:d7:7c:8a:bf:b7:d4: + b1:d3:fb:e2:fc:75:82:47:fc:96:42:57:ce:4a:d5:12:07:99: + 5b:ae:1a:c2:98:f1:fa:3d:a7:19:88:75:c8:fa:81:60:1f:19: + 21:0c:25:84:a1:c3:88:30:a7:80:da:85:85:e1:42:98:76:37: + ab:48:75:60:2d:1d:f9:05:6e:04:e2:2b:ce:37:75:17:27:0d: + 87:11:d6:2b:fa:37:bf:b7:e3:d2:96:b9:d8:92:18:4a:00:45: + 6d:9d:c6:20:d0:6b:2c:ed:33:06:08:d7:0f:56:44:5e:68:9f: + 9f:20:fc:57:a8:27:68:c9:f5:f5:2e:4d:0b:3c:a9:2e:92:2b: + d3:88:a9:18:27:24:0f:33:90:23:b3:41:99:5b:ec:bd:ef:ba: + 5b:4a:b6:a9:6c:b5:a5:d4:47:1e:9c:e7:32:0c:72:98:e7:8c: + a4:aa:72:8f:2b:90:5f:2d:23:bf:99:62:75:47:2f:9a:79:5e: + 4b:8a:8c:f2:28:df:30:59:6b:62:45:4b:b6:e5:39:ab:77:f0: + 51:4b:b7:6f:42:0a:81:a7:c0:c9:8a:c6:09:2a:e8:35:36:53: + c9:5b:93:dc:a5:1e:17:b1:cc:b4:13:b5:bb:b0:df:b8:cd:68: + 8a:10:18:8c:de:07:33:31:68:6b:f4:6a:dc:d0:17:10:c4:2d: + ec:66:51:c3:01:b3:2a:f0:0e:b9:c2:4d:7c:8d:d8:ab:c0:76: + 79:ca:e6:ff:a4:36:da:c1:8d:2e:13:7d:15:21:72:86:ad:4b: + 1b:73:4f:46:2f:fa:1e:ae:e8:8f:dd:79:6c:46:57:0a:05:ef: + 11:04:ae:a0:c5:13:86:6a:a3:cc:9c:b7:80:ef:18:5f:67:f7: + 43:ef:e2:94:4f:85:06:2f:d1:7a:97:07:ed:89:7d:aa:1e:e0: + cf:52:63:b9:28:95:aa:6d:ca:f2:20:c2:f3:07:83:c5:f4:a2: + ee:20:61:88:34:12:62:05:67:8d:f2:83:25:0b:9a:89 +-----BEGIN CERTIFICATE----- +MIII/TCCBOWgAwIBAgIBCDANBgkqhkiG9w0BAQsFADCBxjELMAkGA1UEBhMCVVMx +EzARBgNVBAgMClNhbWJhU3RhdGUxEjAQBgNVBAcMCVNhbWJhQ2l0eTEZMBcGA1UE +CgwQU2FtYmFTZWxmVGVzdGluZzEaMBgGA1UECwwRQ0EgQWRtaW5pc3RyYXRpb24x +IDAeBgNVBAMMF0NBIG9mIHNhbWJhLmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkB +FiZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTAeFw0yMDAy +MjgxMzMxMzBaFw00MDAyMjMxMzMxMzBaMIGnMQswCQYDVQQGEwJVUzETMBEGA1UE +CAwKU2FtYmFTdGF0ZTEZMBcGA1UECgwQU2FtYmFTZWxmVGVzdGluZzEOMAwGA1UE +CwwFVXNlcnMxKDAmBgNVBAMMH3BraW5pdEBhZGRvbTIuc2FtYmEuZXhhbXBsZS5j +b20xLjAsBgkqhkiG9w0BCQEWH3BraW5pdEBhZGRvbTIuc2FtYmEuZXhhbXBsZS5j +b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcM9tDXtWRJ5U10oay +5XCsuM90ASxgTWeyLC3vxARTTQibzlXKeqsCKV09J+4+oyMuPjaN8cqPp0uLqTnT +MznQufSbxBQsQWe+ajK2hg1wDutssdHvknDscHAtX0/qbD6f7poRMpNfsONRJOIz +CCLuaQfGEKI/Q2c8C0i20ZKZIt7+2ijpErqn1lR2xDxWp8nkKBj9iYrrAkKIJ1lh +9b1fDevOgEqEKeU4kx3ZClDj63LssnMWq3UzOnT9bLipuQnAMAp01AE+AA6Jz4eq +GfV7xA1PsfFAWVRnKKrKGHV9ltRNmeOxhLznZYDq9t0wzs8UZ7UnCV+DpYyHYo9a +ItV1AgMBAAGjggIRMIICDTAJBgNVHRMEAjAAME8GA1UdHwRIMEYwRKBCoECGPmh0 +dHA6Ly93d3cuc2FtYmEuZXhhbXBsZS5jb20vY3Jscy9DQS1zYW1iYS5leGFtcGxl +LmNvbS1jcmwuY3JsMBEGCWCGSAGG+EIBAQQEAwIFoDALBgNVHQ8EBAMCBeAwTwYJ +YIZIAYb4QgENBEIWQFNtYXJ0IENhcmQgTG9naW4gQ2VydGlmaWNhdGUgZm9yIHBr +aW5pdEBhZGRvbTIuc2FtYmEuZXhhbXBsZS5jb20wHQYDVR0OBBYEFGo2BI7FwyzJ +F7pSZtOrDcPyJRrNMB8GA1UdIwQYMBaAFKI+Aiqjp005tAhNmcwMdTbqJ8M+MFsG +A1UdEQRUMFKBH3BraW5pdEBhZGRvbTIuc2FtYmEuZXhhbXBsZS5jb22gLwYKKwYB +BAGCNxQCA6AhDB9wa2luaXRAYWRkb20yLnNhbWJhLmV4YW1wbGUuY29tMDEGA1Ud +EgQqMCiBJmNhLXNhbWJhLmV4YW1wbGUuY29tQHNhbWJhLmV4YW1wbGUuY29tME0G +CWCGSAGG+EIBBARAFj5odHRwOi8vd3d3LnNhbWJhLmV4YW1wbGUuY29tL2NybHMv +Q0Etc2FtYmEuZXhhbXBsZS5jb20tY3JsLmNybDAfBgNVHSUEGDAWBggrBgEFBQcD +AgYKKwYBBAGCNxQCAjANBgkqhkiG9w0BAQsFAAOCBAEATVuqKLbgpGFj7Ql6Diuy +yYNz9SgXK9VOx3sBmV25xZOzpeJkM5Y4VcSkhJrR3EBW7NqnpTt8kceNA0REnaUK +nt5qncKASZPbTXT6PP1U3pmc+IJjul6Bnk2uoqEJ3YFaPoExi/+FMq4wnhrWBNkc +vaUOgymG9L4PgZqE9EJCbSAYFu8hrFGzNL0PtSx+xSE993eVHo9FPvh5k6013c2X +lf62X4jnuDhUFSlhLxeRmXQMZppVXN0iGaGOwaUjRaSF8rKYOyyF2CqOnE1snp7v +gCQvV/OhHwnERE0R0oSHKlfwzJ44LDpo7gu+6Uhn/4crKQMlIo4AM/gqfBGRF0L8 +bNGUxvB/rcOXz5/Mpb4lM6/UxAYXp74Rv1FebrgmVh7V1s6FBWICYpJjSNnSC+T5 +LKJTT149MQdNW8RIvNXwZpj9hUUmS5hPoqwFoN/uTsmcLzzudJ1UgwPYQqG6V6HU +Q5OglOMMO8vr5gVzYBgygSUhVRSZK50OsnIxY3NalLIw5xYWTDNoy+aHqiDGnPEm +O/V2epsH99nAbFAE1hQGN+X8WBjVp8gpVp48/QOW6E4afm7jyarmP10azYbzF4I7 +/0yOa9IRhM42zMj+MYBDI/r+PIxXoKEeuQjBA6+PO2vLEuRqMZSGehfFn4C8vOBC +e1pX77fTDF+YcapOz7THJTOWVHvKkHlv+PDD553n0GdNeyB7ndCRT6ujopn6mnQ3 +M2QMv7aUP2JfpXYeYFTmvzoRW/C6YhIum5miN59MueiO0oEfDyYjO5o7aXAJ5K4F +ZQQ+VQZDH177LeYDtsTKR2bw0yugeehFpN+PMf1+Z8pQ4LCZnSxqFvA5Adp/12YV +0Zk713yKv7fUsdP74vx1gkf8lkJXzkrVEgeZW64awpjx+j2nGYh1yPqBYB8ZIQwl +hKHDiDCngNqFheFCmHY3q0h1YC0d+QVuBOIrzjd1FycNhxHWK/o3v7fj0pa52JIY +SgBFbZ3GINBrLO0zBgjXD1ZEXmifnyD8V6gnaMn19S5NCzypLpIr04ipGCckDzOQ +I7NBmVvsve+6W0q2qWy1pdRHHpznMgxymOeMpKpyjyuQXy0jv5lidUcvmnleS4qM +8ijfMFlrYkVLtuU5q3fwUUu3b0IKgafAyYrGCSroNTZTyVuT3KUeF7HMtBO1u7Df +uM1oihAYjN4HMzFoa/Rq3NAXEMQt7GZRwwGzKvAOucJNfI3Yq8B2ecrm/6Q22sGN +LhN9FSFyhq1LG3NPRi/6Hq7oj915bEZXCgXvEQSuoMUThmqjzJy3gO8YX2f3Q+/i +lE+FBi/RepcH7Yl9qh7gz1JjuSiVqm3K8iDC8weDxfSi7iBhiDQSYgVnjfKDJQua +iQ== +-----END CERTIFICATE----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-key.pem b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-key.pem new file mode 100644 index 00000000000..1e615004607 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-key.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIV6+MM3EXFiACAggA +MBQGCCqGSIb3DQMHBAjsohDWEPj6zgSCBMgedcAX42Jx6DI9zhBX9GTM5t734KMA +5QsAoALazfaMdUZ2oULJJeFon4s497Wc8amj661+TkvhIJNi1zRZA1ZC1xphQDsr +yjJx8elNBHUvaJDKEE9aN+EEJ2+TkExTX6BAYeewNN0VgjV9Kpwy0ejD8gZZKBa0 +oGtmqCQTMrGdmKTuPa2H463oexgr+6futCbR/qxp9k/lRBGy6z7+sM7FvS9NVLN5 +gRrXjwFGA01Rb4Ch4ZmbU04EyJh+0EvjXC5e2t76GLp3EtjVpOuNuaZOiHQ7t/ah +xaU5fHwoBWwuXjZc2diFvcuNNnJ0e7K9AMkfIuk/Bn4wEyo8jSAZPzEzatZf6gxg +DoGkXaoB7Yf2+Mb0qg8IiMf/1IICHF046liDxNmnbAHOsREXJtwtV2H6gUuh+zX1 ++B/jwhAXt62FUwnd4WdCHyo4NjOBwQADibiTTcgvdnkn+XKYzyNii6RGjA95mpbp +loA71aV2QoBZH4bQ18YrCNshAf1tanZvxByjB/61IeMxz4m0BlwZbIT06rrpNLqh +k6w7wmW2sdgN9kWb772+zUJFahNmJU4qfr8Kg/NIvqj63HMXwgCfuGLI7vUFmmhp +dkqfadcu32XxitWYHZkvJPtCFb3AKcIR7OzWc117VuHu+kWSVhfst70LROSOXiwa +TajBA0P83LccmR6z67/JWRvQwDc9uF+6xVM3tZga+odi/Fee/N0c2yYqxlrebmqU +Qlp6xzjIrpTpwCBEBXgJQsv+kcIQIpDPhG8+y44OHBcHoGaDFVYX8KNcO98b1EYC +EW6cy6PrmaE5AkC+jlPPQqcTRJvCVeq3MIUmJg2M3ivsTdlSqbCVfnJgYTnGD9sS +pAtc1I+7OqOfp5jqHgCmnK0pdbmFLDuKJNuzNb356nNFA+CUejWzZGPth6pVFGyq +9234oSwUCjP3kKG89JVSEflvTAEsySWHO3Vs4lyu0/1Dd1k1Bfc6YYgGH0JiXvtf +y2Ys7u51m9NL4BgpbMvLpNmKvZlztJhGqw9Og1g/GdcURhqgajK8HGNJz1hpgzq5 +frlMKP8NnCwhID7IZzaQbcBMA9OUQds6XrB6Fd60vmTx4UMg6fIBCzLOR1lSmxcn +64QUkepM9+jBKlWla9MlMECB2csxdlRCpSYIdguyd+i0ftEmq1ZG77+c5/9LNFSh +SMDUJ5qg6UsFBVCmJezG0yrkPcTEmTQxAAcWN+C37cMq/3htAw3njfOGaiJliYUn +vKc4+yZH9PQxaZB+l2pVOjJYmetcmEDnfrrUVst+xzusVzT/IyYEyC+DTi3U2Suh +AOUoAZP2QnAEYRWsN4dcClKJt/fSBcQIIqYeljAxzi+DmxOBALHkuUd7AhozpV7P +3F0hHD2lD3/9ncIHjHZ+DshiWVmxgvPcKFi2spbeb/CBpJ7YmkFww7C9YOctP5eq +vIsesf2ZsGaKNbogfBRKuQP1o0FkWGqUnzVe0Ww56uGerz5EU+I/LecLAmS0e5jt +FtAlVXcRKo7UtXMJHekQRnF70xk9gYV3qZIP7bXDh01gX/TVEL7PHeBZBkej5Mrk +debSOuvlVxnnAYyreZl1MtnneT8L7nwi+lKRkq5aps82iUa2sKPgoFQODZrLBAyM +HOE= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-openssl.cnf b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-openssl.cnf new file mode 100644 index 00000000000..effde23f80a --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-openssl.cnf @@ -0,0 +1,242 @@ +# +# Based on the OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +#CRLDISTPT = [CRL Distribution Point; e.g., http://crl-list.base/w4edom-l4.base.crl] +CRLDISTPT = http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + +# Extra OBJECT IDENTIFIER info: +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] +# Ordinarily, certificates must have this oid as an enhanced key usage in order for Windows to allow them to be used as a login credential +scardLogin=1.3.6.1.4.1.311.20.2.2 +# Used in a smart card login certificate's subject alternative name +msUPN=1.3.6.1.4.1.311.20.2.3 +# Ordinarily, certificates must have this oid as an enhanced key usage in order for Windows to allow them to be used to identify a domain controller +msKDC=1.3.6.1.5.2.3.5 +# Identifies the AD GUID +msADGUID=1.3.6.1.4.1.311.25.1 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = CA-samba.example.com # Where everything is kept +certs = $dir/_none_certs # Where the issued certs are kept +crl_dir = $dir/_none_crl # Where the issued crl are kept +database = $dir/Private/CA-samba.example.com-index.txt # database index file. +unique_subject = yes # Set to 'no' to allow creation of + # several certificates with same subject. +new_certs_dir = $dir/NewCerts # default place for new certs. + +certificate = $dir/Public/CA-samba.example.com-cert.pem # The CA certificate +serial = $dir/Private/CA-samba.example.com-serial.txt # The current serial number +crlnumber = $dir/Private/CA-samba.example.com-crlnumber.txt # the current crl number + # must be commented out to leave a V1 CRL + +#crl = $dir/Public/CA-samba.example.com-crl.pem # The current CRL +crl = $dir/Public/CA-samba.example.com-crl.crl # The current CRL +private_key = $dir/Private/CA-samba.example.com-private-key.pem # The private key +RANDFILE = $dir/Private/CA-samba.example.com.rand # private random number file + +#x509_extensions = # The extensions to add to the cert +x509_extensions = template_x509_extensions + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +crl_extensions = crl_ext + +default_days = 7300 # how long to certify for +default_crl_days= 7300 # how long before next CRL +default_md = sha256 # use public key default MD +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = match +stateOrProvinceName = match +localityName = match +organizationName = match +organizationalUnitName = match +commonName = supplied +emailAddress = supplied + +#################################################################### +[ req ] +default_bits = 2048 +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extensions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString (PKIX recommendation before 2004) +# utf8only: only UTF8Strings (PKIX recommendation after 2004). +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. +string_mask = utf8only + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = US +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = SambaState + +localityName = Locality Name (eg, city) +localityName_default = SambaCity + +organizationName = Organization Name (eg, company) +organizationName_default = SambaSelfTesting + +organizationalUnitName = Organizational Unit Name (eg, section) +organizationalUnitName_default = Users + +commonName = Common Name (eg, YOUR name) +commonName_default = pkinit@addom2.samba.example.com +commonName_max = 64 + +emailAddress = Email Address +emailAddress_default = pkinit@addom2.samba.example.com +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +#challengePassword = A challenge password +#challengePassword_min = 4 +#challengePassword_max = 20 +# +#unstructuredName = An optional company name + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] +# Extensions for a typical CA +# PKIX recommendation. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. +keyUsage = cRLSign, keyCertSign + +crlDistributionPoints=URI:$CRLDISTPT + +# Some might want this also +nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +subjectAltName=email:copy +# Copy issuer details +issuerAltName=issuer:copy + +[ crl_ext ] +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always + +#[ usr_cert_scarduser ] +[ template_x509_extensions ] + +# These extensions are added when 'ca' signs a request for a certificate that will be used to login from a smart card + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE +crlDistributionPoints=URI:$CRLDISTPT + +# For normal client use this is typical +nsCertType = client, email + +# This is typical in keyUsage for a client certificate. +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "Smart Card Login Certificate for pkinit@addom2.samba.example.com" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. + +subjectAltName=email:copy,otherName:msUPN;UTF8:pkinit@addom2.samba.example.com + +# Copy subject details +issuerAltName=issuer:copy + +nsCaRevocationUrl = $CRLDISTPT +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +#Extended Key requirements for client certs +extendedKeyUsage = clientAuth,scardLogin + diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-private-key.pem b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-private-key.pem new file mode 100644 index 00000000000..a0b894c78f7 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-private-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA3DPbQ17VkSeVNdKGsuVwrLjPdAEsYE1nsiwt78QEU00Im85V +ynqrAildPSfuPqMjLj42jfHKj6dLi6k50zM50Ln0m8QULEFnvmoytoYNcA7rbLHR +75Jw7HBwLV9P6mw+n+6aETKTX7DjUSTiMwgi7mkHxhCiP0NnPAtIttGSmSLe/too +6RK6p9ZUdsQ8VqfJ5CgY/YmK6wJCiCdZYfW9Xw3rzoBKhCnlOJMd2QpQ4+ty7LJz +Fqt1Mzp0/Wy4qbkJwDAKdNQBPgAOic+Hqhn1e8QNT7HxQFlUZyiqyhh1fZbUTZnj +sYS852WA6vbdMM7PFGe1Jwlfg6WMh2KPWiLVdQIDAQABAoIBAHKz6HEtgx37enPw +2A10Cr9N/XI18kGv0GY1MTCF8KLbq7JNRs8UGuQjW9gxZp7mJ7s82PoTiypNQMLd +QavMMT+SveItvzxWTY4Yj5YYOgO3IdcawXqD06K15xkbXuuDuxNgHIz8xVvBLofk +KJfgkyGRQGVh4MIHgEz8q8HfZPezBGIxxfjXPkZ7NEJGcVUKyhSaEn0uJ2wcWkzf +eCx4ZNNp82MHR9OO7sMc87oJDKm38JbZPKnONU75L8Kjk+qBljCLNT71pqIFQfVD +QFUsGDLs2aBqsP/AZjeUX6+AinBV7CQ43EB4Y8t1U62k+AaNqocg+QjdspUGsTVd +V3XRxoECgYEA/6JFdxUnOtV0DRi/TGCN27nfASsa7JkVZLY+mJMBrPOKqK1IfXmC +isqykMY0NLKK5pgjQqWuoiri9uuzPNwK8OfNOvJUZAsElr4OlH15yz3vjG4Jr9Hx +EPIL1J95Nuo4mCtNx/DUHiDCWR5qvTXteKRa5Zb0FpT7BwSnzhC9KaUCgYEA3ISY +HOiXzWiEbG5cnklPGsnkfl5br77jFbFwu1HSO+pcDTRs4yRt9CSRvtv/f82yPVw1 +p7ZU4kqos2sSgdyqr/LYzRBXpcfK8yKZB0S1irNgS5G7FRgRj4MhnIfB8zwAmWAJ +TdIkiZHpP1LRs/A4EAveE3HbVkKR8CkgrMabE5ECgYEA9ONA5IkxIZ1mJT211LcS +bpGq3nWqv0kPQ4GKiaMakdJk3J3Tuc/zjH4Nfb9CN9FqWukXrjsGBnhLIPw+omix +WoLVCkknKwebB8VeNkXVrSvSFZc8VGAsLW2Sg8eZ2U+bk7q4Mne03H/JbpJC8qt8 +qHvaT+LCRffGWrzM/AzxCbkCgYEAu2wCsQdLBi0f59zA4VNjZVxU1Maz3KI79VMT +glHfgkcFJ7/4D/IFdeyi5vmqpWAZbqdxfvKsIIzd52hImZEIjXS0qU2LgP5XUuCD ++bZ/KbydSn046YvEWRpVtel4gZfs1m7WWYsSvM4D1Ws5ilrP+2tqu1IY3q7DxL/f +4pkGctECgYBa4TCPS3pxG6trEA5J2U4GaL5poK1MXXSd1CAkdij3npxYP2siRNz5 +SMA/TvJEA6wzhsbA6kqpESmPFim6IfywGdE6WbNu/dEA00EmLW+YeBGVBGVaUro4 +gz3ruHdztghRJFNrN4sjYGiPjKTG74U/aUNIGZXsxTJA8R8U0Y8KPw== +-----END RSA PRIVATE KEY----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-private.p12 b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-private.p12 new file mode 100644 index 00000000000..ea4d241b388 Binary files /dev/null and b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-private.p12 differ diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-req.pem b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-req.pem new file mode 100644 index 00000000000..7c0934a47ec --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-req.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIDATCCAekCAQAwgbsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApTYW1iYVN0YXRl +MRIwEAYDVQQHDAlTYW1iYUNpdHkxGTAXBgNVBAoMEFNhbWJhU2VsZlRlc3Rpbmcx +DjAMBgNVBAsMBVVzZXJzMSgwJgYDVQQDDB9wa2luaXRAYWRkb20yLnNhbWJhLmV4 +YW1wbGUuY29tMS4wLAYJKoZIhvcNAQkBFh9wa2luaXRAYWRkb20yLnNhbWJhLmV4 +YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3DPbQ17V +kSeVNdKGsuVwrLjPdAEsYE1nsiwt78QEU00Im85VynqrAildPSfuPqMjLj42jfHK +j6dLi6k50zM50Ln0m8QULEFnvmoytoYNcA7rbLHR75Jw7HBwLV9P6mw+n+6aETKT +X7DjUSTiMwgi7mkHxhCiP0NnPAtIttGSmSLe/too6RK6p9ZUdsQ8VqfJ5CgY/YmK +6wJCiCdZYfW9Xw3rzoBKhCnlOJMd2QpQ4+ty7LJzFqt1Mzp0/Wy4qbkJwDAKdNQB +PgAOic+Hqhn1e8QNT7HxQFlUZyiqyhh1fZbUTZnjsYS852WA6vbdMM7PFGe1Jwlf +g6WMh2KPWiLVdQIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAFdpb3Rsn94pfog0 +u423+MP/Y3Kt/mjLUV++hmGzIi8rAFLAjQTSlM+uGF3895+kIzH9k+y0d8nYiN2n +GPhsj4KKKurtiAsykKdE3+da0sQ/DdL7FXq7AvjzQOcoUpU3tRncNApW8mD91Yuk +YpOMysX1PhNbUK8+E+jzP8lngs6cu5yKbeK8JF/0GI74XoCB4+oVKO23SgjXOrmw +4lDKMYD7L9+N8/a6g29JEhwjxx+BTKjwjehQlkO0zT2ZRzEGk9LPoJY8CWiS31l0 +FHlUhO+drJygaFDqSd82hmo6oBSO81evk3Vow7po/E9UGVJY2X9nfGXS9+HlV/kW +IYOVlmQ= +-----END CERTIFICATE REQUEST----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-cert.pem b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-cert.pem new file mode 120000 index 00000000000..aa6521d8e68 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-cert.pem @@ -0,0 +1 @@ +USER-pkinit@addom2.samba.example.com-S08-cert.pem \ No newline at end of file diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-private-key.pem b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-private-key.pem new file mode 120000 index 00000000000..3784f3fb036 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-private-key.pem @@ -0,0 +1 @@ +USER-pkinit@addom2.samba.example.com-S08-private-key.pem \ No newline at end of file diff --git a/selftest/manage-ca/manage-CA-samba.example.com.sh b/selftest/manage-ca/manage-CA-samba.example.com.sh index bf642ce4d5c..12762fea9db 100644 --- a/selftest/manage-ca/manage-CA-samba.example.com.sh +++ b/selftest/manage-ca/manage-CA-samba.example.com.sh @@ -19,3 +19,7 @@ set -x # DONE # ./manage-ca.sh manage-CA-samba.example.com.cnf create_user pkinit@samba.example.com # DONE # ./manage-ca.sh manage-CA-samba.example.com.cnf create_user pkinit@addom.samba.example.com + +#DONE # ./manage-ca.sh manage-CA-samba.example.com.cnf create_dc addcsmb1.addom2.samba.example.com 0123456789ABCDEF +#DONE # ./manage-ca.sh manage-CA-samba.example.com.cnf create_user administrator@addom2.samba.example.com +#DONE # ./manage-ca.sh manage-CA-samba.example.com.cnf create_user pkinit@addom2.samba.example.com