moby · thaJeztah · May 19, 2022 · May 19, 2022
@@ -0,0 +1,86 @@
+#!/bin/bash
+set -eu
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)"
+
+OUT_DIR="${SCRIPT_DIR}/../integration-cli/fixtures/https"
+
+# generate CA
+echo 01 > "${OUT_DIR}/ca-rogue.srl"
+openssl genrsa -out "${OUT_DIR}/ca-rogue-key.pem"
+
+openssl req \
+	-new \
+	-x509 \
+	-days 3652 \
+	-subj "/C=US/ST=CA/L=SanFrancisco/O=Evil Inc/OU=changeme/CN=changeme/name=changeme/emailAddress=mail@host.domain" \
+	-nameopt compat \
+	-text \
+	-key "${OUT_DIR}/ca-rogue-key.pem" \
+	-out "${OUT_DIR}/ca-rogue.pem"
+
+# Now that we have a CA, create a server key and certificate signing request.
+# Make sure that `"Common Name (e.g. server FQDN or YOUR name)"` matches the hostname you will use
+# to connect or just use '*' for a certificate valid for any hostname:
+
+openssl genrsa -out "${OUT_DIR}/server-rogue-key.pem"
+openssl req -new \
+	-subj "/C=US/ST=CA/L=SanFrancisco/O=Evil Inc/OU=changeme/CN=changeme/name=changeme/emailAddress=mail@host.domain" \
+	-text \
+	-key "${OUT_DIR}/server-rogue-key.pem" \
+	-out "${OUT_DIR}/server-rogue.csr"
+
+# Options for server certificate
+cat > "${OUT_DIR}/server-rogue-options.cfg" << 'EOF'
+basicConstraints=CA:FALSE
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+extendedKeyUsage=serverAuth
+subjectAltName=DNS:*,DNS:localhost,IP:127.0.0.1,IP:::1
+EOF
+
+# Generate the certificate and sign with our CA
+openssl x509 \
+	-req \
+	-days 3652 \
+	-extfile "${OUT_DIR}/server-rogue-options.cfg" \
+	-CA "${OUT_DIR}/ca-rogue.pem" \
+	-CAkey "${OUT_DIR}/ca-rogue-key.pem" \
+	-nameopt compat \
+	-text \
+	-in "${OUT_DIR}/server-rogue.csr" \
+	-out "${OUT_DIR}/server-rogue-cert.pem"
+
+# For client authentication, create a client key and certificate signing request
+openssl genrsa -out "${OUT_DIR}/client-rogue-key.pem"
+openssl req -new \
+	-subj "/C=US/ST=CA/L=SanFrancisco/O=Evil Inc/OU=changeme/CN=changeme/name=changeme/emailAddress=mail@host.domain" \
+	-text \
+	-key "${OUT_DIR}/client-rogue-key.pem" \
+	-out "${OUT_DIR}/client-rogue.csr"
+
+# Options for client certificate
+cat > "${OUT_DIR}/client-rogue-options.cfg" << 'EOF'
+basicConstraints=CA:FALSE
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+extendedKeyUsage=clientAuth
+subjectAltName=DNS:*,DNS:localhost,IP:127.0.0.1,IP:::1
+EOF
+
+# Generate the certificate and sign with our CA:
+openssl x509 \
+	-req \
+	-days 3652 \
+	-extfile "${OUT_DIR}/client-rogue-options.cfg" \
+	-CA "${OUT_DIR}/ca-rogue.pem" \
+	-CAkey "${OUT_DIR}/ca-rogue-key.pem" \
+	-nameopt compat \
+	-text \
+	-in "${OUT_DIR}/client-rogue.csr" \
+	-out "${OUT_DIR}/client-rogue-cert.pem"
+
+rm "${OUT_DIR}/ca-rogue.srl"
+rm "${OUT_DIR}/ca-rogue-key.pem"
+rm "${OUT_DIR}"/*.cfg
+rm "${OUT_DIR}"/*.csr
diff --git a/integration-cli/fixtures/https/ca-rogue.pem b/integration-cli/fixtures/https/ca-rogue.pem
@@ -0,0 +1,83 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            35:19:be:ba:10:ce:03:ea:4d:f7:c9:e5:48:c6:bc:79:a7:49:0f:ac
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, ST=CA, L=SanFrancisco, O=Evil Inc, OU=changeme, CN=changeme/name=changeme/emailAddress=mail@host.domain
+        Validity
+            Not Before: May 12 02:04:15 2022 GMT
+            Not After : May 11 02:04:15 2032 GMT
+        Subject: C=US, ST=CA, L=SanFrancisco, O=Evil Inc, OU=changeme, CN=changeme/name=changeme/emailAddress=mail@host.domain
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:bf:af:80:18:34:78:00:01:a5:2c:16:86:d5:99:
+                    b7:db:15:d8:8b:94:83:d1:57:8c:eb:a4:68:72:42:
+                    c9:e6:5b:13:83:c6:00:11:dc:96:05:4e:3e:ea:91:
+                    29:ec:2f:50:44:da:f8:2b:2e:90:c4:a4:aa:42:dd:
+                    af:16:73:d4:58:c3:0f:d9:68:84:7d:fc:00:cd:5a:
+                    b3:9d:ef:0b:8e:2f:e0:ef:44:03:d0:13:07:e4:a7:
+                    2f:38:a7:6b:b2:1b:98:c2:19:2c:cc:4d:ff:9c:66:
+                    41:34:d4:eb:bb:ae:c4:82:2b:0b:22:73:b0:eb:11:
+                    30:87:1a:96:2b:df:ba:df:4e:b4:06:a4:e3:c7:c2:
+                    3c:54:6e:07:5f:0a:9b:15:f5:6d:ab:3c:4f:2b:24:
+                    42:ac:bb:06:88:f3:5e:bd:5e:4e:ca:8e:46:37:51:
+                    dc:2e:81:a3:7b:fd:98:98:5f:29:43:0a:1a:a3:83:
+                    41:8b:df:d5:b2:ec:6e:6d:04:01:7b:67:b7:04:4d:
+                    55:8b:b8:4c:2a:27:57:ff:f1:ee:88:13:4e:3f:31:
+                    2c:ba:95:82:3a:b6:d3:06:ac:ab:de:5a:86:4f:2a:
+                    ad:f9:96:36:9c:1f:fd:8b:60:2f:c0:51:cc:61:79:
+                    ff:3d:f7:bb:ec:f4:57:95:95:a1:38:1f:07:22:4c:
+                    73:39
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                51:EF:0E:E9:2C:C8:FE:F0:22:D9:C0:D9:5E:86:11:FD:44:A1:41:2E
+            X509v3 Authority Key Identifier: 
+                51:EF:0E:E9:2C:C8:FE:F0:22:D9:C0:D9:5E:86:11:FD:44:A1:41:2E
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: sha256WithRSAEncryption
+    Signature Value:
+        86:68:ad:2f:73:50:db:76:2a:38:01:23:7d:e3:94:44:7b:82:
+        ff:32:cc:6f:fd:c8:92:7e:4d:d9:e5:a6:e5:d4:e8:3f:5f:de:
+        fa:e1:3d:c7:a0:d7:e8:28:65:ef:0a:85:9b:b9:95:05:0e:90:
+        4d:6c:73:44:e4:1c:f5:36:6f:bc:02:65:cc:a8:a1:b0:c7:96:
+        8e:38:6a:c9:c4:9b:85:1a:44:5b:b1:6d:fc:d9:58:ab:5d:96:
+        20:56:e7:6b:bc:47:7f:04:47:fa:83:8a:87:5a:c7:3c:21:6e:
+        a1:84:ac:14:41:93:c4:52:3f:32:24:35:42:bb:97:21:db:6d:
+        35:3b:9f:6f:2a:7b:f4:70:80:9c:1a:7f:4d:11:36:29:54:35:
+        0f:19:6d:78:04:d7:8c:f6:0f:88:f5:35:f3:79:e2:7e:e9:21:
+        09:76:47:9f:ae:65:8f:8f:f6:60:e4:cf:37:da:18:c1:19:c5:
+        5b:19:1e:80:c5:aa:b0:d9:d6:6c:5c:1d:02:e1:7a:6d:11:ad:
+        da:4d:37:f3:78:90:21:db:2e:cd:21:fc:33:cf:d0:90:d3:28:
+        1e:9e:c0:0c:a5:17:97:c4:1d:ca:c7:10:1b:72:f4:7c:2a:0c:
+        0e:71:4f:cd:b0:31:e7:50:fd:35:07:03:de:1f:8d:c4:71:0b:
+        b4:17:6e:69
+-----BEGIN CERTIFICATE-----
+MIIEHzCCAwegAwIBAgIUNRm+uhDOA+pN98nlSMa8eadJD6wwDQYJKoZIhvcNAQEL
+BQAwgZ4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEVMBMGA1UEBwwMU2FuRnJh
+bmNpc2NvMREwDwYDVQQKDAhFdmlsIEluYzERMA8GA1UECwwIY2hhbmdlbWUxETAP
+BgNVBAMMCGNoYW5nZW1lMREwDwYDVQQpDAhjaGFuZ2VtZTEfMB0GCSqGSIb3DQEJ
+ARYQbWFpbEBob3N0LmRvbWFpbjAeFw0yMjA1MTIwMjA0MTVaFw0zMjA1MTEwMjA0
+MTVaMIGeMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFTATBgNVBAcMDFNhbkZy
+YW5jaXNjbzERMA8GA1UECgwIRXZpbCBJbmMxETAPBgNVBAsMCGNoYW5nZW1lMREw
+DwYDVQQDDAhjaGFuZ2VtZTERMA8GA1UEKQwIY2hhbmdlbWUxHzAdBgkqhkiG9w0B
+CQEWEG1haWxAaG9zdC5kb21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQC/r4AYNHgAAaUsFobVmbfbFdiLlIPRV4zrpGhyQsnmWxODxgAR3JYFTj7q
+kSnsL1BE2vgrLpDEpKpC3a8Wc9RYww/ZaIR9/ADNWrOd7wuOL+DvRAPQEwfkpy84
+p2uyG5jCGSzMTf+cZkE01Ou7rsSCKwsic7DrETCHGpYr37rfTrQGpOPHwjxUbgdf
+CpsV9W2rPE8rJEKsuwaI8169Xk7KjkY3UdwugaN7/ZiYXylDChqjg0GL39Wy7G5t
+BAF7Z7cETVWLuEwqJ1f/8e6IE04/MSy6lYI6ttMGrKveWoZPKq35ljacH/2LYC/A
+Ucxhef8997vs9FeVlaE4HwciTHM5AgMBAAGjUzBRMB0GA1UdDgQWBBRR7w7pLMj+
+8CLZwNlehhH9RKFBLjAfBgNVHSMEGDAWgBRR7w7pLMj+8CLZwNlehhH9RKFBLjAP
+BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCGaK0vc1Dbdio4ASN9
+45REe4L/Msxv/ciSfk3Z5abl1Og/X9764T3HoNfoKGXvCoWbuZUFDpBNbHNE5Bz1
+Nm+8AmXMqKGwx5aOOGrJxJuFGkRbsW382VirXZYgVudrvEd/BEf6g4qHWsc8IW6h
+hKwUQZPEUj8yJDVCu5ch2201O59vKnv0cICcGn9NETYpVDUPGW14BNeM9g+I9TXz
+eeJ+6SEJdkefrmWPj/Zg5M832hjBGcVbGR6Axaqw2dZsXB0C4XptEa3aTTfzeJAh
+2y7NIfwzz9CQ0ygensAMpReXxB3KxxAbcvR8KgwOcU/NsDHnUP01BwPeH43EcQu0
+F25p
+-----END CERTIFICATE-----
diff --git a/integration-cli/fixtures/https/client-rogue-cert.pem b/integration-cli/fixtures/https/client-rogue-cert.pem
@@ -1,73 +1,88 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number: 2 (0x2)
-    Signature Algorithm: sha1WithRSAEncryption
+        Serial Number:
+            52:93:3b:eb:8a:c5:e9:eb:36:99:4c:62:5f:9a:13:4d:7f:fc:e9:39
+        Signature Algorithm: sha256WithRSAEncryption
         Issuer: C=US, ST=CA, L=SanFrancisco, O=Evil Inc, OU=changeme, CN=changeme/name=changeme/emailAddress=mail@host.domain
         Validity
-            Not Before: Feb 24 17:54:59 2014 GMT
-            Not After : Feb 22 17:54:59 2024 GMT
-        Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=client/name=changeme/emailAddress=mail@host.domain
+            Not Before: May 12 02:04:15 2022 GMT
+            Not After : May 11 02:04:15 2032 GMT
+        Subject: C=US, ST=CA, L=SanFrancisco, O=Evil Inc, OU=changeme, CN=changeme/name=changeme/emailAddress=mail@host.domain
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                Public-Key: (1024 bit)
+                Public-Key: (2048 bit)
                 Modulus:
-                    00:e8:e2:2c:b8:d4:db:89:50:4f:47:1e:68:db:f7:
-                    e4:cc:47:41:63:75:03:37:50:7a:a8:4d:27:36:d5:
-                    15:01:08:b6:cf:56:f7:56:6d:3d:f9:e2:8d:1a:5d:
-                    bf:a0:24:5e:07:55:8e:d0:dc:f1:fa:19:87:1d:d6:
-                    b6:58:82:2e:ba:69:6d:e9:d9:c8:16:0d:1d:59:7f:
-                    f4:8e:58:10:01:3d:21:14:16:3c:ec:cd:8c:b7:0e:
-                    e6:7b:77:b4:f9:90:a5:17:01:bb:84:c6:b2:12:87:
-                    70:eb:9f:6d:4f:d0:68:8b:96:c0:e7:0b:51:b4:9d:
-                    1d:7b:6c:7b:be:89:6b:88:8b
+                    00:ae:8c:19:24:29:d3:ff:b1:55:1c:02:92:87:8d:
+                    fc:cf:db:5a:60:45:f0:df:eb:eb:b7:69:b5:6a:87:
+                    19:fa:96:a4:9d:2d:8c:71:cd:a1:33:39:22:bc:63:
+                    36:36:cb:e4:06:88:cd:0a:a4:a0:a9:5d:57:13:7f:
+                    15:9d:9b:d8:66:f1:f8:f5:71:db:a9:c8:a5:1e:f4:
+                    57:2c:24:b0:e3:67:02:24:d8:c1:8e:38:73:64:16:
+                    c3:82:87:63:d5:7e:43:a6:75:4e:74:08:93:82:3f:
+                    2e:96:2c:06:a4:65:6e:f4:33:3d:3d:ff:c3:66:38:
+                    17:54:65:29:ae:7f:30:91:29:0a:6b:03:d5:9d:89:
+                    21:3e:ff:ee:41:e5:fd:3f:1b:c9:5d:06:92:49:2c:
+                    34:e9:51:c5:6e:89:e9:1f:33:26:ca:98:24:8e:04:
+                    39:ef:3c:a5:97:90:8a:c9:2b:8e:05:e4:56:82:3a:
+                    e6:2d:51:c2:72:45:3b:2e:7c:9f:02:3c:66:96:5f:
+                    a9:21:4d:61:3a:37:6e:56:10:f8:40:fa:1b:b5:4d:
+                    bc:99:d5:81:04:ed:75:2e:52:ab:4b:de:f6:c3:41:
+                    27:8e:37:42:3b:34:68:6a:2d:d2:8f:42:07:58:9a:
+                    bc:6b:6a:7b:08:72:ba:ac:de:a3:44:5a:d8:8d:fa:
+                    ec:1b
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Basic Constraints: 
                 CA:FALSE
-            Netscape Comment: 
-                Easy-RSA Generated Certificate
             X509v3 Subject Key Identifier: 
-                9E:F8:49:D0:A2:76:30:5C:AB:2B:8A:B5:8D:C6:45:1F:A7:F8:CF:85
+                E4:08:A1:99:EE:3C:80:4E:E8:8C:FF:43:E1:4F:2A:49:3D:4E:49:A7
             X509v3 Authority Key Identifier: 
-                keyid:DC:A5:F1:76:DB:4E:CD:8E:EF:B1:23:56:1D:92:80:99:74:3B:EA:6F
-                DirName:/C=US/ST=CA/L=SanFrancisco/O=Evil Inc/OU=changeme/CN=changeme/name=changeme/emailAddress=mail@host.domain
-                serial:E7:21:1E:18:41:1B:96:83
-
+                51:EF:0E:E9:2C:C8:FE:F0:22:D9:C0:D9:5E:86:11:FD:44:A1:41:2E
             X509v3 Extended Key Usage: 
                 TLS Web Client Authentication
-            X509v3 Key Usage: 
-                Digital Signature
-    Signature Algorithm: sha1WithRSAEncryption
-         48:76:c0:18:fa:0a:ee:4e:1a:ec:02:9d:d4:83:ca:94:54:a1:
-         3f:51:2f:3e:4b:95:c3:42:9b:71:a0:4b:d9:af:47:23:b9:1c:
-         fb:85:ba:76:e2:09:cb:65:bb:d2:7d:44:3d:4b:67:ba:80:83:
-         be:a8:ed:c4:b9:ea:1a:1b:c7:59:3b:d9:5c:0d:46:d8:c9:92:
-         cb:10:c5:f2:1a:38:a4:aa:07:2c:e3:84:16:79:c7:95:09:e3:
-         01:d2:15:a2:77:0b:8b:bf:94:04:e9:7f:c0:cd:e6:2e:64:cd:
-         1e:a3:32:ec:11:cc:62:ce:c7:4e:cd:ad:48:5c:b1:b8:e9:76:
-         b3:f9
+            X509v3 Subject Alternative Name: 
+                DNS:*, DNS:localhost, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1
+    Signature Algorithm: sha256WithRSAEncryption
+    Signature Value:
+        5c:6b:b8:68:d0:5a:4b:fc:9f:6d:09:16:f7:4c:61:50:2a:d7:
+        1c:8e:56:93:0f:b2:95:3f:6c:18:5d:fc:7e:d3:8a:72:45:63:
+        8a:c0:a7:ce:76:f9:63:bf:31:98:fa:1d:b4:b9:be:b7:f2:61:
+        ee:76:be:4e:ab:71:9e:a1:62:fc:cf:f7:91:59:f0:76:58:f4:
+        a3:4e:0b:59:ee:17:b6:bf:ce:55:55:70:a5:6e:cd:30:03:c3:
+        ac:d4:7a:38:84:39:de:8a:6b:26:14:dc:04:98:ca:96:eb:b6:
+        d1:6e:c9:6f:61:c6:80:a5:4e:29:c5:98:d2:a1:43:84:c1:83:
+        83:f7:6f:a9:7b:3a:87:69:71:cd:f1:2c:7b:cf:65:17:62:be:
+        46:fa:95:f8:62:05:04:ac:b4:1b:58:02:01:77:f6:ed:72:17:
+        c4:9d:df:0d:ab:12:14:87:de:20:21:28:2c:3b:2f:93:3b:a6:
+        f2:79:d0:80:c0:94:4d:2b:61:0e:25:ae:a8:0e:d7:00:e5:55:
+        6a:31:be:bc:a5:69:ed:2e:f9:b1:eb:d0:d1:eb:a8:60:ad:81:
+        60:a9:d8:ca:a3:3b:18:41:13:b0:9e:78:99:bd:52:5f:17:0f:
+        f9:d1:60:6b:81:3a:06:af:6f:f2:b8:fd:f9:09:35:10:2b:f2:
+        57:0e:ac:8c
 -----BEGIN CERTIFICATE-----
-MIIEDTCCA3agAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBnjELMAkGA1UEBhMCVVMx
-CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xETAPBgNVBAoTCEV2
-aWwgSW5jMREwDwYDVQQLEwhjaGFuZ2VtZTERMA8GA1UEAxMIY2hhbmdlbWUxETAP
-BgNVBCkTCGNoYW5nZW1lMR8wHQYJKoZIhvcNAQkBFhBtYWlsQGhvc3QuZG9tYWlu
-MB4XDTE0MDIyNDE3NTQ1OVoXDTI0MDIyMjE3NTQ1OVowgaAxCzAJBgNVBAYTAlVT
-MQswCQYDVQQIEwJDQTEVMBMGA1UEBxMMU2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxG
-b3J0LUZ1bnN0b24xETAPBgNVBAsTCGNoYW5nZW1lMQ8wDQYDVQQDEwZjbGllbnQx
-ETAPBgNVBCkTCGNoYW5nZW1lMR8wHQYJKoZIhvcNAQkBFhBtYWlsQGhvc3QuZG9t
-YWluMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDo4iy41NuJUE9HHmjb9+TM
-R0FjdQM3UHqoTSc21RUBCLbPVvdWbT354o0aXb+gJF4HVY7Q3PH6GYcd1rZYgi66
-aW3p2cgWDR1Zf/SOWBABPSEUFjzszYy3DuZ7d7T5kKUXAbuExrISh3Drn21P0GiL
-lsDnC1G0nR17bHu+iWuIiwIDAQABo4IBVTCCAVEwCQYDVR0TBAIwADAtBglghkgB
-hvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
-BBSe+EnQonYwXKsrirWNxkUfp/jPhTCB0wYDVR0jBIHLMIHIgBTcpfF2207Nju+x
-I1YdkoCZdDvqb6GBpKSBoTCBnjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRUw
-EwYDVQQHEwxTYW5GcmFuY2lzY28xETAPBgNVBAoTCEV2aWwgSW5jMREwDwYDVQQL
-EwhjaGFuZ2VtZTERMA8GA1UEAxMIY2hhbmdlbWUxETAPBgNVBCkTCGNoYW5nZW1l
-MR8wHQYJKoZIhvcNAQkBFhBtYWlsQGhvc3QuZG9tYWluggkA5yEeGEEbloMwEwYD
-VR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBBQUAA4GB
-AEh2wBj6Cu5OGuwCndSDypRUoT9RLz5LlcNCm3GgS9mvRyO5HPuFunbiCctlu9J9
-RD1LZ7qAg76o7cS56hobx1k72VwNRtjJkssQxfIaOKSqByzjhBZ5x5UJ4wHSFaJ3
-C4u/lATpf8DN5i5kzR6jMuwRzGLOx07NrUhcsbjpdrP5
+MIIEYTCCA0mgAwIBAgIUUpM764rF6es2mUxiX5oTTX/86TkwDQYJKoZIhvcNAQEL
+BQAwgZ4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEVMBMGA1UEBwwMU2FuRnJh
+bmNpc2NvMREwDwYDVQQKDAhFdmlsIEluYzERMA8GA1UECwwIY2hhbmdlbWUxETAP
+BgNVBAMMCGNoYW5nZW1lMREwDwYDVQQpDAhjaGFuZ2VtZTEfMB0GCSqGSIb3DQEJ
+ARYQbWFpbEBob3N0LmRvbWFpbjAeFw0yMjA1MTIwMjA0MTVaFw0zMjA1MTEwMjA0
+MTVaMIGeMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFTATBgNVBAcMDFNhbkZy
+YW5jaXNjbzERMA8GA1UECgwIRXZpbCBJbmMxETAPBgNVBAsMCGNoYW5nZW1lMREw
+DwYDVQQDDAhjaGFuZ2VtZTERMA8GA1UEKQwIY2hhbmdlbWUxHzAdBgkqhkiG9w0B
+CQEWEG1haWxAaG9zdC5kb21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCujBkkKdP/sVUcApKHjfzP21pgRfDf6+u3abVqhxn6lqSdLYxxzaEzOSK8
+YzY2y+QGiM0KpKCpXVcTfxWdm9hm8fj1cdupyKUe9FcsJLDjZwIk2MGOOHNkFsOC
+h2PVfkOmdU50CJOCPy6WLAakZW70Mz09/8NmOBdUZSmufzCRKQprA9WdiSE+/+5B
+5f0/G8ldBpJJLDTpUcVuiekfMybKmCSOBDnvPKWXkIrJK44F5FaCOuYtUcJyRTsu
+fJ8CPGaWX6khTWE6N25WEPhA+hu1TbyZ1YEE7XUuUqtL3vbDQSeON0I7NGhqLdKP
+QgdYmrxransIcrqs3qNEWtiN+uwbAgMBAAGjgZQwgZEwCQYDVR0TBAIwADAdBgNV
+HQ4EFgQU5Aihme48gE7ojP9D4U8qST1OSacwHwYDVR0jBBgwFoAUUe8O6SzI/vAi
+2cDZXoYR/UShQS4wEwYDVR0lBAwwCgYIKwYBBQUHAwIwLwYDVR0RBCgwJoIBKoIJ
+bG9jYWxob3N0hwR/AAABhxAAAAAAAAAAAAAAAAAAAAABMA0GCSqGSIb3DQEBCwUA
+A4IBAQBca7ho0FpL/J9tCRb3TGFQKtccjlaTD7KVP2wYXfx+04pyRWOKwKfOdvlj
+vzGY+h20ub638mHudr5Oq3GeoWL8z/eRWfB2WPSjTgtZ7he2v85VVXClbs0wA8Os
+1Ho4hDneimsmFNwEmMqW67bRbslvYcaApU4pxZjSoUOEwYOD92+pezqHaXHN8Sx7
+z2UXYr5G+pX4YgUErLQbWAIBd/btchfEnd8NqxIUh94gISgsOy+TO6byedCAwJRN
+K2EOJa6oDtcA5VVqMb68pWntLvmx69DR66hgrYFgqdjKozsYQROwnniZvVJfFw/5
+0WBrgToGr2/yuP35CTUQK/JXDqyM
 -----END CERTIFICATE-----
diff --git a/integration-cli/fixtures/https/client-rogue-key.pem b/integration-cli/fixtures/https/client-rogue-key.pem
@@ -1,16 +1,28 @@
 -----BEGIN PRIVATE KEY-----
-MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAOjiLLjU24lQT0ce
-aNv35MxHQWN1AzdQeqhNJzbVFQEIts9W91ZtPfnijRpdv6AkXgdVjtDc8foZhx3W
-tliCLrppbenZyBYNHVl/9I5YEAE9IRQWPOzNjLcO5nt3tPmQpRcBu4TGshKHcOuf
-bU/QaIuWwOcLUbSdHXtse76Ja4iLAgMBAAECgYADs+TmI2xCKKa6CL++D5jxrohZ
-nnionnz0xBVFh+nHlG3jqgxQsXf0yydXLfpn/2wHTdLxezHVuiYt0UYg7iD0CglW
-+IjcgMebzyjLeYqYOE5llPlMvhp2HoEMYJNb+7bRrZ1WCITbu+Su0w1cgA7Cs+Ej
-VlfvGzN+qqnDThRUYQJBAPY0sMWZJKly8QhUmUvmcXdPczzSOf6Mm7gc5LR6wzxd
-vW7syuqk50qjqVqFpN81vCV7GoDxRUWbTM9ftf7JGFkCQQDyJc/1RMygE2o+enU1
-6UBxJyclXITEYtDn8aoEpLNc7RakP1WoPUKjZOnjkcoKcIkFNkSPeCfQujrb5f3F
-MkuDAkByAI/hzzmkpK5rFxEsjfX4Mve/L/DepyjrpaVY1IdWimlO1aJX6CeY7hNa
-8QsYt/74s/nfvtg+lNyKIV1aLq9xAkB+WSSNgfyTeg3x08vc+Xxajmdqoz/TiQwg
-OoTQL3A3iK5LvZBgXLasszcnOycFE3srcQmNItEDpGiZ3QPxJTEpAkEA45EE9NMJ
-SA7EGWSFlbz4f4u4oBeiDiJRJbGGfAyVxZlpCWUjPpg9+swsWoFEOjnGYaChAMk5
-nrOdMf15T6QF7Q==
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCujBkkKdP/sVUc
+ApKHjfzP21pgRfDf6+u3abVqhxn6lqSdLYxxzaEzOSK8YzY2y+QGiM0KpKCpXVcT
+fxWdm9hm8fj1cdupyKUe9FcsJLDjZwIk2MGOOHNkFsOCh2PVfkOmdU50CJOCPy6W
+LAakZW70Mz09/8NmOBdUZSmufzCRKQprA9WdiSE+/+5B5f0/G8ldBpJJLDTpUcVu
+iekfMybKmCSOBDnvPKWXkIrJK44F5FaCOuYtUcJyRTsufJ8CPGaWX6khTWE6N25W
+EPhA+hu1TbyZ1YEE7XUuUqtL3vbDQSeON0I7NGhqLdKPQgdYmrxransIcrqs3qNE
+WtiN+uwbAgMBAAECggEASZeQ/BHUq+ApGaut+xAu8LYzxxaGBesS0Zx0nEsE9YXx
+NsHfDpZbqlyjHBmaYIUbiXPBO4UIpg/QKEyzIOX12gWYaWfNbSrHD6OGY3q+x8oE
++eMXzG5ZnHAKk2yg94EKZdLctohtJQOdkTxTupl3q+c0oYDF8kGg+HjEl6lRoUmh
+sVkNeBN7UyEc/WfLm0fLWMDWdue3J0U1tl91NYa3PcYe2v7wIJfCvSrh6wM1P2p+
+Eax0WR4xxcdljWZSCJCSHbGSBAQE1DlxC2HTns98Yk1MY8JCuQJESVmt64VQ9Gpz
+rQ8ol1kTbwJ42mhEbNNQqnkl4p2GgJuUErSS7gPwEQKBgQDQVGvL021HdSpVLqdq
+aES0QCkuREuOvQSY3pPo7jiwYe+UDb3loj6XPeUL9t4D7fXINyLWk6Gbvenu6Cr6
+NBZdy1vmIO2c79uNXLXD2K4Tj2pglU9bJjX5+m6QpX6Y8qQPTraLeqFdeeBx1upa
+kIgURVwVIiy6H7hEG33xfecTCwKBgQDWfMJTDeLEQ+mUvAS4MbNrzrzeiMwUq3BU
+WDaPyVMZ1cyHd4HshVxEQOPdv96SmO/q+zs2Gqh+ruXqJghFmyK8AjZrbgziqa6K
+mG3jG40XjXw8ZqtN9fsPfmrUhKs/1PbeoobAzMK7CdF/5bAYUSvGFJzESDeMSUs4
+gkkH2s01MQKBgQCk9UPJyCbufwq/Gkr8CYXlSCyTcwZ1Bpw+Q3fQ59hBabrfe6YS
+z05KSXs05wvTBrgoCehvCcTcYht6zaFCLr5LFHw3E3myW4Z4P6G5argjytqLkY6d
+ePsibjbgF/rPNsnLSSNn+/kL4DZlTayRe4IUsvr/zOink/g/DZnC/1NaEwKBgQDW
+YEXdu1A+uF4bQb052Lsq8qxFg9buhde1BaIrHp8HgHB3qZPbMgPhWDYoKiCsx11s
+sIQi9Iwaanb0C+VSpNcXsOJxh8IrPktszSNvzda8hrZ4rGlld4jimIjwNlXva8z/
+AtTKmR280fhp68mQ1Hh695kkecXDWnJrXZTe2+sk0QKBgD9yS7m0aO3thdqtH5Bd
+HQ1AldohvZoAlqa6tiYeQ+jsnxmyLoqCMZXjTuW9Zd+TWJAboSOzGLcekilPE6yc
++Swac6Txm6ZvLyjyTRjrJOtqhMOBGZ8DmYM7ATbvDWHZVGAAAHbxqpfwm8LYv8gj
+7cPYj6iCPx5SXdCW3H0b4hJt
 -----END PRIVATE KEY-----