diff --git a/config/http_config_test.go b/config/http_config_test.go index 14791f9f..fdd3fb13 100644 --- a/config/http_config_test.go +++ b/config/http_config_test.go @@ -39,9 +39,9 @@ const ( TLSCAChainPath = "testdata/tls-ca-chain.pem" ServerCertificatePath = "testdata/server.crt" ServerKeyPath = "testdata/server.key" - BarneyCertificatePath = "testdata/barney.crt" - BarneyKeyNoPassPath = "testdata/barney-no-pass.key" - InvalidCA = "testdata/barney-no-pass.key" + ClientCertificatePath = "testdata/client.crt" + ClientKeyNoPassPath = "testdata/client-no-pass.key" + InvalidCA = "testdata/client-no-pass.key" WrongClientCertPath = "testdata/self-signed-client.crt" WrongClientKeyPath = "testdata/self-signed-client.key" EmptyFile = "testdata/empty" @@ -113,8 +113,8 @@ func TestNewClientFromConfig(t *testing.T) { clientConfig: HTTPClientConfig{ TLSConfig: TLSConfig{ CAFile: "", - CertFile: BarneyCertificatePath, - KeyFile: BarneyKeyNoPassPath, + CertFile: ClientCertificatePath, + KeyFile: ClientKeyNoPassPath, ServerName: "", InsecureSkipVerify: true}, }, @@ -125,8 +125,8 @@ func TestNewClientFromConfig(t *testing.T) { clientConfig: HTTPClientConfig{ TLSConfig: TLSConfig{ CAFile: TLSCAChainPath, - CertFile: BarneyCertificatePath, - KeyFile: BarneyKeyNoPassPath, + CertFile: ClientCertificatePath, + KeyFile: ClientKeyNoPassPath, ServerName: "", InsecureSkipVerify: false}, }, @@ -138,8 +138,8 @@ func TestNewClientFromConfig(t *testing.T) { BearerToken: BearerToken, TLSConfig: TLSConfig{ CAFile: TLSCAChainPath, - CertFile: BarneyCertificatePath, - KeyFile: BarneyKeyNoPassPath, + CertFile: ClientCertificatePath, + KeyFile: ClientKeyNoPassPath, ServerName: "", InsecureSkipVerify: false}, }, @@ -157,8 +157,8 @@ func TestNewClientFromConfig(t *testing.T) { BearerTokenFile: BearerTokenFile, TLSConfig: TLSConfig{ CAFile: TLSCAChainPath, - CertFile: BarneyCertificatePath, - KeyFile: BarneyKeyNoPassPath, + CertFile: ClientCertificatePath, + KeyFile: ClientKeyNoPassPath, ServerName: "", InsecureSkipVerify: false}, }, @@ -179,8 +179,8 @@ func TestNewClientFromConfig(t *testing.T) { }, TLSConfig: TLSConfig{ CAFile: TLSCAChainPath, - CertFile: BarneyCertificatePath, - KeyFile: BarneyKeyNoPassPath, + CertFile: ClientCertificatePath, + KeyFile: ClientKeyNoPassPath, ServerName: "", InsecureSkipVerify: false}, }, @@ -274,8 +274,8 @@ func TestMissingBearerAuthFile(t *testing.T) { BearerTokenFile: MissingBearerTokenFile, TLSConfig: TLSConfig{ CAFile: TLSCAChainPath, - CertFile: BarneyCertificatePath, - KeyFile: BarneyKeyNoPassPath, + CertFile: ClientCertificatePath, + KeyFile: ClientKeyNoPassPath, ServerName: "", InsecureSkipVerify: false}, } @@ -361,8 +361,8 @@ func TestBearerAuthFileRoundTripper(t *testing.T) { func TestTLSConfig(t *testing.T) { configTLSConfig := TLSConfig{ CAFile: TLSCAChainPath, - CertFile: BarneyCertificatePath, - KeyFile: BarneyKeyNoPassPath, + CertFile: ClientCertificatePath, + KeyFile: ClientKeyNoPassPath, ServerName: "localhost", InsecureSkipVerify: false} @@ -384,17 +384,17 @@ func TestTLSConfig(t *testing.T) { t.Fatalf("Can't create a new TLS Config from a configuration (%s).", err) } - barneyCertificate, err := tls.LoadX509KeyPair(BarneyCertificatePath, BarneyKeyNoPassPath) + clientCertificate, err := tls.LoadX509KeyPair(ClientCertificatePath, ClientKeyNoPassPath) if err != nil { t.Fatalf("Can't load the client key pair ('%s' and '%s'). Reason: %s", - BarneyCertificatePath, BarneyKeyNoPassPath, err) + ClientCertificatePath, ClientKeyNoPassPath, err) } cert, err := tlsConfig.GetClientCertificate(nil) if err != nil { t.Fatalf("unexpected error returned by tlsConfig.GetClientCertificate(): %s", err) } - if !reflect.DeepEqual(cert, &barneyCertificate) { - t.Fatalf("Unexpected client certificate result: \n\n%+v\n expected\n\n%+v", cert, barneyCertificate) + if !reflect.DeepEqual(cert, &clientCertificate) { + t.Fatalf("Unexpected client certificate result: \n\n%+v\n expected\n\n%+v", cert, clientCertificate) } // non-nil functions are never equal. @@ -440,18 +440,18 @@ func TestTLSConfigInvalidCA(t *testing.T) { configTLSConfig: TLSConfig{ CAFile: "", CertFile: MissingCert, - KeyFile: BarneyKeyNoPassPath, + KeyFile: ClientKeyNoPassPath, ServerName: "", InsecureSkipVerify: false}, - errorMessage: fmt.Sprintf("unable to use specified client cert (%s) & key (%s):", MissingCert, BarneyKeyNoPassPath), + errorMessage: fmt.Sprintf("unable to use specified client cert (%s) & key (%s):", MissingCert, ClientKeyNoPassPath), }, { configTLSConfig: TLSConfig{ CAFile: "", - CertFile: BarneyCertificatePath, + CertFile: ClientCertificatePath, KeyFile: MissingKey, ServerName: "", InsecureSkipVerify: false}, - errorMessage: fmt.Sprintf("unable to use specified client cert (%s) & key (%s):", BarneyCertificatePath, MissingKey), + errorMessage: fmt.Sprintf("unable to use specified client cert (%s) & key (%s):", ClientCertificatePath, MissingKey), }, } @@ -548,8 +548,8 @@ func TestBasicAuthPasswordFile(t *testing.T) { func getCertificateBlobs(t *testing.T) map[string][]byte { files := []string{ TLSCAChainPath, - BarneyCertificatePath, - BarneyKeyNoPassPath, + ClientCertificatePath, + ClientKeyNoPassPath, ServerCertificatePath, ServerKeyPath, WrongClientCertPath, @@ -608,14 +608,14 @@ func TestTLSRoundTripper(t *testing.T) { { // Valid certs. ca: TLSCAChainPath, - cert: BarneyCertificatePath, - key: BarneyKeyNoPassPath, + cert: ClientCertificatePath, + key: ClientKeyNoPassPath, }, { // CA not matching. - ca: BarneyCertificatePath, - cert: BarneyCertificatePath, - key: BarneyKeyNoPassPath, + ca: ClientCertificatePath, + cert: ClientCertificatePath, + key: ClientKeyNoPassPath, errMsg: "certificate signed by unknown authority", }, @@ -630,8 +630,8 @@ func TestTLSRoundTripper(t *testing.T) { { // CA file empty ca: EmptyFile, - cert: BarneyCertificatePath, - key: BarneyKeyNoPassPath, + cert: ClientCertificatePath, + key: ClientKeyNoPassPath, errMsg: "unable to use specified CA cert", }, @@ -639,14 +639,14 @@ func TestTLSRoundTripper(t *testing.T) { // cert file empty ca: TLSCAChainPath, cert: EmptyFile, - key: BarneyKeyNoPassPath, + key: ClientKeyNoPassPath, errMsg: "failed to find any PEM data in certificate input", }, { // key file empty ca: TLSCAChainPath, - cert: BarneyCertificatePath, + cert: ClientCertificatePath, key: EmptyFile, errMsg: "failed to find any PEM data in key input", @@ -654,8 +654,8 @@ func TestTLSRoundTripper(t *testing.T) { { // Valid certs again. ca: TLSCAChainPath, - cert: BarneyCertificatePath, - key: BarneyKeyNoPassPath, + cert: ClientCertificatePath, + key: ClientKeyNoPassPath, }, } @@ -745,8 +745,8 @@ func TestTLSRoundTripperRaces(t *testing.T) { var c *http.Client writeCertificate(bs, TLSCAChainPath, ca) - writeCertificate(bs, BarneyCertificatePath, cert) - writeCertificate(bs, BarneyKeyNoPassPath, key) + writeCertificate(bs, ClientCertificatePath, cert) + writeCertificate(bs, ClientKeyNoPassPath, key) c, err = NewClientFromConfig(cfg, "test") if err != nil { t.Fatalf("Error creating HTTP Client: %v", err) @@ -785,7 +785,7 @@ func TestTLSRoundTripperRaces(t *testing.T) { tick := time.NewTicker(10 * time.Millisecond) <-tick.C if i%2 == 0 { - writeCertificate(bs, BarneyCertificatePath, ca) + writeCertificate(bs, ClientCertificatePath, ca) } else { writeCertificate(bs, TLSCAChainPath, ca) } diff --git a/config/testdata/barney-no-pass.key b/config/testdata/barney-no-pass.key deleted file mode 100644 index b8e44f55..00000000 --- a/config/testdata/barney-no-pass.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpQIBAAKCAQEAxmYjfBZhZbAup9uSULehoqPCv/U+77ETxUNyS2nviWEHDAb/ -pFS8Btx4oCQ1ECVSyxcUmXSlrvDjMY4sisOHvndNRlGi274M5a8Q5yD1BUqvxq3u -XB/+SYNVShBzaswrSjpzMe89AlOPxPjnE14OXh00j2hHunOG4jhlWgJnY0YyvUQQ -YWO6KrmKMiZ4MgmY0SWh/ZhlkDJPtkp3aUVM2sheCru/70E9viLGfdlhc2pIMshy -wNp4/5IkHBZwbqXFFGX4sRtSXI/auZNvcHOBse+3e3BonWvBWS2lIYbzpX3vLB7B -E9BGIxWn1fgNQr14yFPaccSszBvgtmEUONolnwIDAQABAoIBAQC7nBhQHgXKGBl2 -Z97rb0pstrjRtsLl/Cg68LWi9LEr0tHMIM4bgnkvb8qtfK+k7fZl0BSNrE2EqYvd -75jVO2MgzEYJieccLpKZm7u7JGIut9qSYSU2fpaCw6uiVv4dbqY9EhqejKG/km8w -j0JMATRK8Qkj1zOE7/wL7dKBlCZaK3u+OT17spuA/21PG/cLiPaSGSA3CU/eqbkU -BD6JeBxp33XNTytwWoOvarsigpL0dGqQ7+qhGq6t69qFfWoe9rimV7Ya+tB9zF/U -HzOIEspOYvzxe+C7VJjlVFr4haMYmsrO9qRUJ2ofp49OLVdfEANsdVISSvS63BEp -gBZN8Ko5AoGBAO1z8y8YCsI+2vBG6nxZ1eMba0KHi3bS8db1TaenJBV22w6WQATh -hEaU6VLMFcMvrOUjXN/7HJfnEMyvFT6gb9obPDVEMZw88s9lVN6njgGLZR/jodyN -7N7utLopN043Ra0WfEILAXPSz8esT1yn05OZV6AFHxJEWMrX3/4+spCLAoGBANXl -RomieVY4u3FF/uzhbzKNNb9ETxrQuexfbangKp5eLniwnr2SQWIbyPzeurwp15J8 -HvxB2vpNvs1khSwNx9dQfMdiUVPGLWj7MimAHTHsnQ9LVV9W28ghuSWbjQDGTUt1 -WCCu1MkKIOzupbi+zgsNlI33yilRQKAb9SRxdy29AoGBAOKpvyZiPcrkMxwPpb/k -BU7QGpgcSR25CQ+Xg3QZEVHH7h1DgYLnPtwdQ4g8tj1mohTsp7hKvSWndRrdulrY -zUyWmOeD3BN2/pTI9rW/nceNp49EPHsLo2O+2xelRlzMWB98ikqEtPM59gt1SSB6 -N3X6d3GR0fIe+d9PKEtK0Cs3AoGAZ9r8ReXSvm+ra5ON9Nx8znHMEAON2TpRnBi1 -uY7zgpO+QrGXUfqKrqVJEKbgym4SkribnuYm+fP32eid1McYKk6VV4ZAcMm/0MJv -F8Fx64S0ufFdEX6uFl1xdXYyn5apfyMJ2EyrWrYFSKWTZ8GVb753S/tteGRQWa1Z -eQly0Y0CgYEAnI6G9KFvXI+MLu5y2LPYAwsesDFzaWwyDl96ioQTA9hNSrjR33Vw -xwpiEe0T/WKF8NQ0QWnrQDbTvuCvZUK37TVxscYWuItL6vnBrYqr4Ck0j1BcGwV5 -jT581A/Vw8JJiR/vfcxgmrFYqoUmkMKDmCN1oImfz09GtQ4jQ1rlxz8= ------END RSA PRIVATE KEY----- diff --git a/config/testdata/barney.crt b/config/testdata/barney.crt deleted file mode 100644 index e2f95048..00000000 --- a/config/testdata/barney.crt +++ /dev/null @@ -1,96 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 2 (0x2) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=NO, O=Green AS, OU=Green Certificate Authority, CN=Green TLS CA - Validity - Not Before: Jul 13 04:02:47 2017 GMT - Not After : Jul 13 04:02:47 2019 GMT - Subject: C=NO, O=Telenor AS, OU=Support, CN=Barney Rubble - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:c6:66:23:7c:16:61:65:b0:2e:a7:db:92:50:b7: - a1:a2:a3:c2:bf:f5:3e:ef:b1:13:c5:43:72:4b:69: - ef:89:61:07:0c:06:ff:a4:54:bc:06:dc:78:a0:24: - 35:10:25:52:cb:17:14:99:74:a5:ae:f0:e3:31:8e: - 2c:8a:c3:87:be:77:4d:46:51:a2:db:be:0c:e5:af: - 10:e7:20:f5:05:4a:af:c6:ad:ee:5c:1f:fe:49:83: - 55:4a:10:73:6a:cc:2b:4a:3a:73:31:ef:3d:02:53: - 8f:c4:f8:e7:13:5e:0e:5e:1d:34:8f:68:47:ba:73: - 86:e2:38:65:5a:02:67:63:46:32:bd:44:10:61:63: - ba:2a:b9:8a:32:26:78:32:09:98:d1:25:a1:fd:98: - 65:90:32:4f:b6:4a:77:69:45:4c:da:c8:5e:0a:bb: - bf:ef:41:3d:be:22:c6:7d:d9:61:73:6a:48:32:c8: - 72:c0:da:78:ff:92:24:1c:16:70:6e:a5:c5:14:65: - f8:b1:1b:52:5c:8f:da:b9:93:6f:70:73:81:b1:ef: - b7:7b:70:68:9d:6b:c1:59:2d:a5:21:86:f3:a5:7d: - ef:2c:1e:c1:13:d0:46:23:15:a7:d5:f8:0d:42:bd: - 78:c8:53:da:71:c4:ac:cc:1b:e0:b6:61:14:38:da: - 25:9f - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Key Usage: critical - Digital Signature - X509v3 Basic Constraints: - CA:FALSE - X509v3 Extended Key Usage: - TLS Web Client Authentication - X509v3 Subject Key Identifier: - F4:17:02:DD:1B:01:AB:C5:BC:17:A4:5C:4B:75:8E:EC:B1:E0:C8:F1 - X509v3 Authority Key Identifier: - keyid:AE:42:88:75:DD:05:A6:8E:48:7F:50:69:F9:B7:34:23:49:B8:B4:71 - - Authority Information Access: - CA Issuers - URI:http://green.no/ca/tls-ca.cer - - X509v3 CRL Distribution Points: - - Full Name: - URI:http://green.no/ca/tls-ca.crl - - X509v3 Subject Alternative Name: - email:barney@telenor.no - Signature Algorithm: sha1WithRSAEncryption - 96:9a:c5:41:8a:2f:4a:c4:80:d9:2b:1a:cf:07:85:e9:b6:18: - 01:20:41:b9:c3:d4:ca:d3:2d:66:c3:1d:52:7f:25:d7:92:0c: - e9:a9:ae:e6:2e:fa:9d:0a:cf:84:b9:03:f2:63:e3:d3:c9:70: - 6a:ac:04:5e:a9:2d:a2:43:7a:34:60:f7:a9:32:e1:48:ec:c6: - 03:ac:b3:06:2e:48:6e:d0:35:11:31:3d:0c:04:66:41:e6:b2: - ec:8c:68:f8:e4:bc:47:85:39:60:69:a9:8a:ee:2f:56:88:8a: - 19:45:d0:84:8e:c2:27:2c:82:9c:07:6c:34:ae:41:61:63:f9: - 32:cb:8b:33:ea:2c:15:5f:f9:35:b0:3c:51:4d:5f:30:de:0b: - 88:28:94:79:f3:bd:69:37:ad:12:20:e1:6b:1d:b6:77:d9:83: - db:81:a4:53:6c:0f:6a:17:5e:2b:c1:94:c6:42:e3:73:cd:9e: - 79:1b:8c:89:cd:da:ce:b0:f4:21:c5:32:25:04:6e:68:9f:a7: - ca:f4:c5:86:e5:4e:d9:fd:69:73:e6:15:50:6e:76:0f:73:5e: - 7a:a3:f4:dc:15:4a:ab:bb:3c:9a:fa:9f:01:7a:5c:47:a9:a3: - 68:1c:49:e0:37:37:77:af:87:07:16:e4:e1:d7:98:39:15:a6: - 51:5d:4c:db ------BEGIN CERTIFICATE----- -MIIEITCCAwmgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBdMQswCQYDVQQGEwJOTzER -MA8GA1UECgwIR3JlZW4gQVMxJDAiBgNVBAsMG0dyZWVuIENlcnRpZmljYXRlIEF1 -dGhvcml0eTEVMBMGA1UEAwwMR3JlZW4gVExTIENBMB4XDTE3MDcxMzA0MDI0N1oX -DTE5MDcxMzA0MDI0N1owTDELMAkGA1UEBhMCTk8xEzARBgNVBAoMClRlbGVub3Ig -QVMxEDAOBgNVBAsMB1N1cHBvcnQxFjAUBgNVBAMMDUJhcm5leSBSdWJibGUwggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGZiN8FmFlsC6n25JQt6Gio8K/ -9T7vsRPFQ3JLae+JYQcMBv+kVLwG3HigJDUQJVLLFxSZdKWu8OMxjiyKw4e+d01G -UaLbvgzlrxDnIPUFSq/Gre5cH/5Jg1VKEHNqzCtKOnMx7z0CU4/E+OcTXg5eHTSP -aEe6c4biOGVaAmdjRjK9RBBhY7oquYoyJngyCZjRJaH9mGWQMk+2SndpRUzayF4K -u7/vQT2+IsZ92WFzakgyyHLA2nj/kiQcFnBupcUUZfixG1Jcj9q5k29wc4Gx77d7 -cGida8FZLaUhhvOlfe8sHsET0EYjFafV+A1CvXjIU9pxxKzMG+C2YRQ42iWfAgMB -AAGjgfwwgfkwDgYDVR0PAQH/BAQDAgeAMAkGA1UdEwQCMAAwEwYDVR0lBAwwCgYI -KwYBBQUHAwIwHQYDVR0OBBYEFPQXAt0bAavFvBekXEt1juyx4MjxMB8GA1UdIwQY -MBaAFK5CiHXdBaaOSH9Qafm3NCNJuLRxMDkGCCsGAQUFBwEBBC0wKzApBggrBgEF -BQcwAoYdaHR0cDovL2dyZWVuLm5vL2NhL3Rscy1jYS5jZXIwLgYDVR0fBCcwJTAj -oCGgH4YdaHR0cDovL2dyZWVuLm5vL2NhL3Rscy1jYS5jcmwwHAYDVR0RBBUwE4ER -YmFybmV5QHRlbGVub3Iubm8wDQYJKoZIhvcNAQEFBQADggEBAJaaxUGKL0rEgNkr -Gs8Hhem2GAEgQbnD1MrTLWbDHVJ/JdeSDOmpruYu+p0Kz4S5A/Jj49PJcGqsBF6p -LaJDejRg96ky4UjsxgOsswYuSG7QNRExPQwEZkHmsuyMaPjkvEeFOWBpqYruL1aI -ihlF0ISOwicsgpwHbDSuQWFj+TLLizPqLBVf+TWwPFFNXzDeC4golHnzvWk3rRIg -4WsdtnfZg9uBpFNsD2oXXivBlMZC43PNnnkbjInN2s6w9CHFMiUEbmifp8r0xYbl -Ttn9aXPmFVBudg9zXnqj9NwVSqu7PJr6nwF6XEepo2gcSeA3N3evhwcW5OHXmDkV -plFdTNs= ------END CERTIFICATE----- diff --git a/config/testdata/client-no-pass.key b/config/testdata/client-no-pass.key new file mode 100644 index 00000000..ac0e28a5 --- /dev/null +++ b/config/testdata/client-no-pass.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC307b8Il9zajKw +mkOih8sfYI+O9gSTvvyQN7Bh+Bu6lLN+XhtRxt+ZqOHfqo30EuPmdScMrqregqup +VPGKgfkXVP3hF5rYdWqZx4XOKdyxbaarZupkAv2gtVNEBSmVSj8urt5WZOJVnF7Q +GmhCAHpx34L5CCPYDXJBd5ExLwGIByKxQNugor7dJx8ehmVkGKto01GWjgY+sPYp +lV9KxvD49ygXYQ6VAqgt/V2EG/PMmT0/jUtmM2tYDFztPkSISJg0vB/f9zHlYIdD +GjkBjngekAij77T93xEuouox25UtXmg6ApqvDVEiBxZmN5Dt70HBsQ+IftENEUoY +8jhrImwBAgMBAAECggEBAJNlgjK3SPvdKlnqx9KZuagmH9YMs+zX1eG5lYdojqtT +snzf7l3q7b1i6gIS2pHbV7uhMjd8EmwqMIStJKPfxaAMuSj0aWeo9lnp3wNJE7l8 +54hGFCkvMLjcy7Adx5L6HqFK++IgME9e+7M3iWNqyMNn6bfO7Ba/6V5PBi9+tmaf +nZWqgY2Kf8A2iNnm9RvmiwQ42nsjVsKcXzGdBmFTp69ar/QWtk1dWDajUVw/NctM +cs+IypPjZiAE3CgyyiLKzG9CWCjkfMEd14uxFE73q2SAG6RWYSnv1M3WOupAF0rP +ll/NMXaMjLlq2q3B9v2ZAaojbbWlHLDdEpE/jwXkkwECgYEA5iWN7SGH8ZE6wDfO +EYuTQKpqYt1WbCQxv77leuGcm1KlFYfV8LsB/9xiocVtGm7N126zuwfgzfkIZWQD +KrpoFUkz1jUg+kHCqf4FO8hzR0By3hbdTImJQILtC/K3fHJtexFKiW82mb40lgYc ++Mk6Nb5CmL6VCX5u8MNBvD8WaLECgYEAzHofIneLLLqF2f2uVzF743CdgP1h0fPI +BS3akp56/8qzQWNW+natJRxiTh2R8gdvB+P/UtEZR8E+FbSzZ4dIRrxIi44ew0Cr +sROaP4LkaZFflKS/fD8S1M7yZQhussRoRWH0BDvM0hsu6UTGlESHX73b7js4AHpB +2q4frJMTDFECgYBr2f2Aus3yLpTRr1Uqc7Y1/6aLXh4531xQ9yyjQUcaosgqJtXj +Uj/Fn4m5NcPDN1nPM1mWtEJtQ97jZNL3GxPbpcpc/9jMbjTDZP8e3Pjo0xMBcMWU +MH/Zc4GSr9O8xgL4QUokzbFQqwoJpCO/ks1skhSzb9x37oAe4+HSTd46gQKBgQCk ++9hJSCl8kpdTl5Nm+R9cGU6MeGXIMKnwO9pDOSpHX7cZCF1yw/Tan7dWDhfnMEZP +GJC3ss1yDyLYArBK1WXk5SCnsalyo6ikvQtVOXixEUIMvo1eY8n++WetS4t+JGl5 +qhponBOcZ6CHSR3tHgoYnyloZFHAWOTv3FTkOttAsQKBgQCzWSO2TA4v/vIKIrSV +Lf2cI51imcy/JCsYUU+o66VQ6QdIJlfamuAKaKYAwfJtHtZOzAgrh09JV3qEEtN5 +duBdXiuygAz8eHbqSoSe5FYgImI0BREDq8Zm3ArgUhv6S9aBeg/mS1W/5ZfmV2cT +0MdlE8vUtcbDkmKpi7CaklzMNw== +-----END PRIVATE KEY----- diff --git a/config/testdata/client.crt b/config/testdata/client.crt new file mode 100644 index 00000000..b406f392 --- /dev/null +++ b/config/testdata/client.crt @@ -0,0 +1,96 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3 (0x3) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, O=Prometheus, OU=Prometheus Certificate Authority, CN=Prometheus TLS CA + Validity + Not Before: Apr 5 08:10:12 2019 GMT + Not After : Mar 26 08:10:12 2059 GMT + Subject: C=US, O=Prometheus, CN=Client + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:b7:d3:b6:fc:22:5f:73:6a:32:b0:9a:43:a2:87: + cb:1f:60:8f:8e:f6:04:93:be:fc:90:37:b0:61:f8: + 1b:ba:94:b3:7e:5e:1b:51:c6:df:99:a8:e1:df:aa: + 8d:f4:12:e3:e6:75:27:0c:ae:aa:de:82:ab:a9:54: + f1:8a:81:f9:17:54:fd:e1:17:9a:d8:75:6a:99:c7: + 85:ce:29:dc:b1:6d:a6:ab:66:ea:64:02:fd:a0:b5: + 53:44:05:29:95:4a:3f:2e:ae:de:56:64:e2:55:9c: + 5e:d0:1a:68:42:00:7a:71:df:82:f9:08:23:d8:0d: + 72:41:77:91:31:2f:01:88:07:22:b1:40:db:a0:a2: + be:dd:27:1f:1e:86:65:64:18:ab:68:d3:51:96:8e: + 06:3e:b0:f6:29:95:5f:4a:c6:f0:f8:f7:28:17:61: + 0e:95:02:a8:2d:fd:5d:84:1b:f3:cc:99:3d:3f:8d: + 4b:66:33:6b:58:0c:5c:ed:3e:44:88:48:98:34:bc: + 1f:df:f7:31:e5:60:87:43:1a:39:01:8e:78:1e:90: + 08:a3:ef:b4:fd:df:11:2e:a2:ea:31:db:95:2d:5e: + 68:3a:02:9a:af:0d:51:22:07:16:66:37:90:ed:ef: + 41:c1:b1:0f:88:7e:d1:0d:11:4a:18:f2:38:6b:22: + 6c:01 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature + X509v3 Basic Constraints: + CA:FALSE + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Subject Key Identifier: + 3A:46:D1:C5:8C:42:60:AC:EF:0C:DD:4B:55:1E:F0:D7:5C:76:C3:33 + X509v3 Authority Key Identifier: + keyid:4D:02:BF:71:95:6A:AA:58:C5:9C:B8:83:67:5E:64:16:99:E1:2A:9E + + Authority Information Access: + CA Issuers - URI:http://example.com/ca/tls-ca.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://example.com/ca/tls-ca.crl + + X509v3 Subject Alternative Name: + email:client@prometheus.example.com + Signature Algorithm: sha1WithRSAEncryption + 73:fc:87:f2:cf:e3:b1:df:2f:f7:bf:f9:74:dc:0b:f0:7f:95: + ef:77:ba:6a:7d:c6:c5:f3:d9:d6:c7:eb:f8:a8:30:d3:90:d5: + a5:0c:32:33:95:85:a2:05:6e:78:a7:07:a5:e0:cf:f4:65:ef: + d2:6d:86:66:2a:7f:13:78:2f:90:dd:9d:a4:34:d4:8f:df:41: + 1b:0f:17:99:99:06:2d:26:86:e2:58:3e:84:ca:13:9e:00:ca: + 82:07:63:e7:6c:df:e9:47:d6:b3:f7:51:1a:31:f4:3d:79:95: + e7:ea:bf:40:84:48:09:23:ba:31:b1:67:cd:05:50:ec:e6:0a: + d8:2b:7d:7d:73:7a:8a:5f:f7:72:28:57:9f:15:2d:b1:4e:a1: + 3c:06:53:60:6e:b2:f9:04:08:81:3a:f2:ba:5d:7e:ac:93:f7: + 3b:1a:de:07:6e:14:a2:0b:e2:28:6a:50:2d:d8:9b:3c:25:e2: + 82:6b:90:7e:45:7b:dd:3a:7a:8e:71:99:a7:e8:88:5f:06:71: + 5b:3f:18:85:70:f9:eb:c7:26:43:2b:49:8f:17:90:aa:ba:86: + 8a:52:63:83:9f:9d:5d:79:53:af:6d:1a:7e:47:0d:ea:3f:33: + 18:c0:5f:90:d0:c5:04:8b:e3:4a:45:3d:a6:8c:c3:d1:47:1c: + 45:70:a4:75 +-----BEGIN CERTIFICATE----- +MIIEKjCCAxKgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBpMQswCQYDVQQGEwJVUzET +MBEGA1UECgwKUHJvbWV0aGV1czEpMCcGA1UECwwgUHJvbWV0aGV1cyBDZXJ0aWZp +Y2F0ZSBBdXRob3JpdHkxGjAYBgNVBAMMEVByb21ldGhldXMgVExTIENBMCAXDTE5 +MDQwNTA4MTAxMloYDzIwNTkwMzI2MDgxMDEyWjAzMQswCQYDVQQGEwJVUzETMBEG +A1UECgwKUHJvbWV0aGV1czEPMA0GA1UEAwwGQ2xpZW50MIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAt9O2/CJfc2oysJpDoofLH2CPjvYEk778kDewYfgb +upSzfl4bUcbfmajh36qN9BLj5nUnDK6q3oKrqVTxioH5F1T94Rea2HVqmceFzinc +sW2mq2bqZAL9oLVTRAUplUo/Lq7eVmTiVZxe0BpoQgB6cd+C+Qgj2A1yQXeRMS8B +iAcisUDboKK+3ScfHoZlZBiraNNRlo4GPrD2KZVfSsbw+PcoF2EOlQKoLf1dhBvz +zJk9P41LZjNrWAxc7T5EiEiYNLwf3/cx5WCHQxo5AY54HpAIo++0/d8RLqLqMduV +LV5oOgKarw1RIgcWZjeQ7e9BwbEPiH7RDRFKGPI4ayJsAQIDAQABo4IBDzCCAQsw +DgYDVR0PAQH/BAQDAgeAMAkGA1UdEwQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwIw +HQYDVR0OBBYEFDpG0cWMQmCs7wzdS1Ue8NdcdsMzMB8GA1UdIwQYMBaAFE0Cv3GV +aqpYxZy4g2deZBaZ4SqeMDwGCCsGAQUFBwEBBDAwLjAsBggrBgEFBQcwAoYgaHR0 +cDovL2V4YW1wbGUuY29tL2NhL3Rscy1jYS5jZXIwMQYDVR0fBCowKDAmoCSgIoYg +aHR0cDovL2V4YW1wbGUuY29tL2NhL3Rscy1jYS5jcmwwKAYDVR0RBCEwH4EdY2xp +ZW50QHByb21ldGhldXMuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQEFBQADggEBAHP8 +h/LP47HfL/e/+XTcC/B/le93ump9xsXz2dbH6/ioMNOQ1aUMMjOVhaIFbninB6Xg +z/Rl79JthmYqfxN4L5DdnaQ01I/fQRsPF5mZBi0mhuJYPoTKE54AyoIHY+ds3+lH +1rP3URox9D15lefqv0CESAkjujGxZ80FUOzmCtgrfX1zeopf93IoV58VLbFOoTwG +U2BusvkECIE68rpdfqyT9zsa3gduFKIL4ihqUC3Ymzwl4oJrkH5Fe906eo5xmafo +iF8GcVs/GIVw+evHJkMrSY8XkKq6hopSY4OfnV15U69tGn5HDeo/MxjAX5DQxQSL +40pFPaaMw9FHHEVwpHU= +-----END CERTIFICATE----- diff --git a/config/testdata/server.crt b/config/testdata/server.crt index 87ad202f..2ead9698 100644 --- a/config/testdata/server.crt +++ b/config/testdata/server.crt @@ -1,35 +1,35 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 4 (0x4) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=NO, O=Green AS, OU=Green Certificate Authority, CN=Green TLS CA + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, O=Prometheus, OU=Prometheus Certificate Authority, CN=Prometheus TLS CA Validity - Not Before: Jul 26 12:47:08 2017 GMT - Not After : Jul 26 12:47:08 2019 GMT - Subject: C=NO, O=Green AS, OU=Green Certificate Authority, CN=Green TLS CA + Not Before: Apr 5 08:06:57 2019 GMT + Not After : Mar 26 08:06:57 2059 GMT + Subject: C=US, O=Prometheus, CN=prometheus.example.com Subject Public Key Info: Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) + RSA Public-Key: (2048 bit) Modulus: - 00:97:43:c5:f6:24:b8:ce:30:12:70:ea:17:9c:c0: - ce:f2:ef:58:8b:12:7d:46:5e:01:f1:1a:93:b2:3e: - d8:cf:99:bc:10:32:f1:12:b0:ef:00:6c:d6:c4:45: - 85:a8:33:7b:cd:ec:8f:4a:92:d0:5a:4a:41:69:7f: - e3:dd:7e:71:d2:21:9c:df:43:b5:6c:60:bb:2a:12: - a8:08:cf:c5:ee:08:7d:48:ea:4b:54:e4:82:d9:88: - b0:b8:5e:02:12:cb:0e:09:99:b7:5f:42:b6:d7:26: - 34:0f:4a:e7:fc:ac:9c:59:cd:a1:50:4c:88:5f:f1: - d2:7e:5b:21:41:f0:37:50:80:48:71:50:26:61:26: - 79:64:4b:7e:91:8d:0e:f4:27:fe:19:80:bf:39:55: - b7:f3:d0:cd:61:6c:d8:c1:c7:d3:26:77:92:1a:14: - 42:56:cb:bc:fd:1a:4a:eb:17:d8:8d:af:d1:c0:46: - 9f:f0:40:5e:0e:34:2f:e7:db:be:66:fd:89:0b:6b: - 8c:71:c1:0b:0a:c5:c4:c4:eb:7f:44:c1:75:36:23: - fd:ed:b6:ee:87:d9:88:47:e1:4b:7c:60:53:e7:85: - 1c:2f:82:4b:2b:5e:63:1a:49:17:36:2c:fc:39:23: - 49:22:4d:43:b5:51:22:12:24:9e:31:44:d8:16:4e: - a8:eb + 00:bd:6c:b6:7f:d1:2f:be:e4:41:eb:5d:ff:50:78: + 03:2b:76:03:da:01:48:20:13:90:66:c9:ce:6e:06: + e5:fa:2d:0d:c0:b0:46:28:44:10:a0:61:79:87:a2: + 98:4c:29:fa:f9:bb:0f:44:c7:90:5c:5c:55:60:cd: + 45:da:b8:e4:dd:28:72:c8:8b:a1:3e:4b:00:09:82: + b0:2c:dc:d6:17:c9:02:f4:cd:26:c7:11:28:f3:77: + b5:97:c2:76:c2:e0:07:d7:34:5b:e0:ed:1a:59:a5: + b4:b7:16:09:3d:35:bd:d9:03:07:9d:7c:3b:f0:63: + bd:5e:02:99:cf:32:e1:ac:4c:7a:3e:4c:b2:8e:98: + 68:07:4f:59:dc:0d:bf:cc:83:04:5c:d8:90:f0:73: + da:2b:08:17:c4:36:a7:d8:94:3d:b6:c0:af:29:0a: + d3:19:5f:eb:7d:cc:4d:05:56:11:0a:ee:b1:f3:d7: + c9:5a:3c:8c:57:16:91:51:14:f8:20:4e:0f:29:9e: + 04:21:e6:f1:e4:e8:44:af:d7:25:92:08:64:fc:2c: + 1c:2e:4f:71:53:91:53:1d:e5:f9:7b:52:0f:21:da: + 5c:dd:19:68:96:ca:70:6a:f1:c4:0d:07:af:f8:65: + 13:92:e9:ef:65:b3:89:86:fd:c0:74:5c:a4:6b:49: + 62:c5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical @@ -39,58 +39,58 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Subject Key Identifier: - 70:A9:FB:44:66:3C:63:96:E6:05:B2:74:47:C8:18:7E:43:6D:EE:8B + 00:61:01:AD:25:44:8A:EF:E1:2C:EC:83:5A:3A:3B:EA:A0:BD:E1:45 X509v3 Authority Key Identifier: - keyid:AE:42:88:75:DD:05:A6:8E:48:7F:50:69:F9:B7:34:23:49:B8:B4:71 + keyid:4D:02:BF:71:95:6A:AA:58:C5:9C:B8:83:67:5E:64:16:99:E1:2A:9E Authority Information Access: - CA Issuers - URI:http://green.no/ca/tls-ca.cer + CA Issuers - URI:http://example.com/ca/tls-ca.cer X509v3 CRL Distribution Points: Full Name: - URI:http://green.no/ca/tls-ca.crl + URI:http://example.com/ca/tls-ca.crl X509v3 Subject Alternative Name: IP Address:127.0.0.1, IP Address:127.0.0.0, DNS:localhost Signature Algorithm: sha1WithRSAEncryption - 56:1e:b8:52:ba:f5:72:42:ad:15:71:c1:5e:00:63:c9:4d:56: - f2:8d:a3:a9:91:db:d0:b5:1b:88:80:93:80:28:48:b2:d0:a9: - d0:ea:de:40:78:cc:57:8c:00:b8:65:99:68:95:98:9b:fb:a2: - 43:21:ea:00:37:01:77:c7:3b:1a:ec:58:2d:25:9c:ad:23:41: - 5e:ae:fd:ac:2f:26:81:b8:a7:49:9b:5a:10:fe:ad:c3:86:ab: - 59:67:b0:c7:81:72:95:60:b5:cb:fc:9f:ad:27:16:50:85:76: - 33:16:20:2c:1f:c6:14:09:0c:48:9f:c0:19:16:c9:fa:b0:d8: - bf:b7:8d:a7:aa:eb:fe:f8:6f:dd:2b:83:ee:c7:8a:df:c8:59: - e6:2e:13:1f:57:cc:6f:31:db:f7:b7:5c:3f:78:ad:22:2c:48: - bb:6d:c4:ab:dc:c1:76:34:29:d9:1e:67:e0:ac:37:2b:90:f9: - 71:bd:cf:a1:01:b9:eb:0b:0b:79:2e:8b:52:3d:8e:13:97:c8: - 05:a3:ef:68:82:49:12:2a:25:1a:48:49:b8:7c:3c:66:0d:74: - f9:00:8c:5b:57:d7:76:b1:26:95:86:b2:2e:a3:b2:9c:e0:eb: - 2d:fc:77:03:8f:cd:56:46:3a:c9:6a:fa:72:e3:19:d8:ef:de: - 4b:36:95:79 + 77:97:e4:ef:db:10:8e:62:50:96:4a:6e:f5:a4:f9:1f:19:3b: + c8:a4:dd:b3:f6:11:41:1a:fb:e3:f8:dd:0e:64:e5:2b:00:b9: + e6:25:9f:2e:e1:d2:9a:cd:b6:f2:41:4d:27:dd:2c:9a:af:97: + 79:e8:cf:61:fb:cf:be:25:c6:e1:19:a0:c8:90:44:a0:76:8a: + 45:d4:37:22:e5:d4:80:b4:b3:0f:a8:33:08:24:ad:21:0b:b7: + 98:46:93:90:8a:ae:77:0c:cb:b8:59:d3:3b:9b:fb:16:5a:22: + ca:c2:97:9d:78:1b:fc:23:fc:a0:42:54:40:de:88:4b:07:2b: + 19:4e:0e:79:bf:c9:9f:01:a6:46:c5:55:fa:9f:c0:0d:8a:a6: + e1:47:16:a6:0e:be:23:c9:e9:58:d6:31:71:8c:80:9c:16:64: + f0:14:08:22:a1:23:7c:98:b9:62:d1:4a:ce:e3:5c:59:fb:41: + 87:a5:3b:36:dd:3d:45:48:b0:b0:77:6f:de:58:2a:27:4d:56: + 20:54:08:20:c8:6d:79:b5:b9:e6:3a:03:24:0f:6d:67:39:20: + 78:10:2f:47:85:83:c1:4d:17:33:79:84:75:27:fa:47:67:59: + 56:cc:33:7b:a5:77:aa:59:9a:98:30:10:1a:78:43:34:8f:ed: + c2:a1:a3:ea -----BEGIN CERTIFICATE----- -MIIEQjCCAyqgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBdMQswCQYDVQQGEwJOTzER -MA8GA1UECgwIR3JlZW4gQVMxJDAiBgNVBAsMG0dyZWVuIENlcnRpZmljYXRlIEF1 -dGhvcml0eTEVMBMGA1UEAwwMR3JlZW4gVExTIENBMB4XDTE3MDcyNjEyNDcwOFoX -DTE5MDcyNjEyNDcwOFowXTELMAkGA1UEBhMCTk8xETAPBgNVBAoMCEdyZWVuIEFT -MSQwIgYDVQQLDBtHcmVlbiBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxFTATBgNVBAMM -DEdyZWVuIFRMUyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJdD -xfYkuM4wEnDqF5zAzvLvWIsSfUZeAfEak7I+2M+ZvBAy8RKw7wBs1sRFhagze83s -j0qS0FpKQWl/491+cdIhnN9DtWxguyoSqAjPxe4IfUjqS1TkgtmIsLheAhLLDgmZ -t19CttcmNA9K5/ysnFnNoVBMiF/x0n5bIUHwN1CASHFQJmEmeWRLfpGNDvQn/hmA -vzlVt/PQzWFs2MHH0yZ3khoUQlbLvP0aSusX2I2v0cBGn/BAXg40L+fbvmb9iQtr -jHHBCwrFxMTrf0TBdTYj/e227ofZiEfhS3xgU+eFHC+CSyteYxpJFzYs/DkjSSJN -Q7VRIhIknjFE2BZOqOsCAwEAAaOCAQswggEHMA4GA1UdDwEB/wQEAwIFoDAJBgNV -HRMEAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU -cKn7RGY8Y5bmBbJ0R8gYfkNt7oswHwYDVR0jBBgwFoAUrkKIdd0Fpo5If1Bp+bc0 -I0m4tHEwOQYIKwYBBQUHAQEELTArMCkGCCsGAQUFBzAChh1odHRwOi8vZ3JlZW4u -bm8vY2EvdGxzLWNhLmNlcjAuBgNVHR8EJzAlMCOgIaAfhh1odHRwOi8vZ3JlZW4u -bm8vY2EvdGxzLWNhLmNybDAgBgNVHREEGTAXhwR/AAABhwR/AAAAgglsb2NhbGhv -c3QwDQYJKoZIhvcNAQEFBQADggEBAFYeuFK69XJCrRVxwV4AY8lNVvKNo6mR29C1 -G4iAk4AoSLLQqdDq3kB4zFeMALhlmWiVmJv7okMh6gA3AXfHOxrsWC0lnK0jQV6u -/awvJoG4p0mbWhD+rcOGq1lnsMeBcpVgtcv8n60nFlCFdjMWICwfxhQJDEifwBkW -yfqw2L+3jaeq6/74b90rg+7Hit/IWeYuEx9XzG8x2/e3XD94rSIsSLttxKvcwXY0 -KdkeZ+CsNyuQ+XG9z6EBuesLC3kui1I9jhOXyAWj72iCSRIqJRpISbh8PGYNdPkA -jFtX13axJpWGsi6jspzg6y38dwOPzVZGOslq+nLjGdjv3ks2lXk= +MIIEPDCCAySgAwIBAgIBATANBgkqhkiG9w0BAQUFADBpMQswCQYDVQQGEwJVUzET +MBEGA1UECgwKUHJvbWV0aGV1czEpMCcGA1UECwwgUHJvbWV0aGV1cyBDZXJ0aWZp +Y2F0ZSBBdXRob3JpdHkxGjAYBgNVBAMMEVByb21ldGhldXMgVExTIENBMCAXDTE5 +MDQwNTA4MDY1N1oYDzIwNTkwMzI2MDgwNjU3WjBDMQswCQYDVQQGEwJVUzETMBEG +A1UECgwKUHJvbWV0aGV1czEfMB0GA1UEAwwWcHJvbWV0aGV1cy5leGFtcGxlLmNv +bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL1stn/RL77kQetd/1B4 +Ayt2A9oBSCATkGbJzm4G5fotDcCwRihEEKBheYeimEwp+vm7D0THkFxcVWDNRdq4 +5N0ocsiLoT5LAAmCsCzc1hfJAvTNJscRKPN3tZfCdsLgB9c0W+DtGlmltLcWCT01 +vdkDB518O/BjvV4Cmc8y4axMej5Mso6YaAdPWdwNv8yDBFzYkPBz2isIF8Q2p9iU +PbbArykK0xlf633MTQVWEQrusfPXyVo8jFcWkVEU+CBODymeBCHm8eToRK/XJZII +ZPwsHC5PcVORUx3l+XtSDyHaXN0ZaJbKcGrxxA0Hr/hlE5Lp72WziYb9wHRcpGtJ +YsUCAwEAAaOCAREwggENMA4GA1UdDwEB/wQEAwIFoDAJBgNVHRMEAjAAMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUAGEBrSVEiu/hLOyD +Wjo76qC94UUwHwYDVR0jBBgwFoAUTQK/cZVqqljFnLiDZ15kFpnhKp4wPAYIKwYB +BQUHAQEEMDAuMCwGCCsGAQUFBzAChiBodHRwOi8vZXhhbXBsZS5jb20vY2EvdGxz +LWNhLmNlcjAxBgNVHR8EKjAoMCagJKAihiBodHRwOi8vZXhhbXBsZS5jb20vY2Ev +dGxzLWNhLmNybDAgBgNVHREEGTAXhwR/AAABhwR/AAAAgglsb2NhbGhvc3QwDQYJ +KoZIhvcNAQEFBQADggEBAHeX5O/bEI5iUJZKbvWk+R8ZO8ik3bP2EUEa++P43Q5k +5SsAueYlny7h0prNtvJBTSfdLJqvl3noz2H7z74lxuEZoMiQRKB2ikXUNyLl1IC0 +sw+oMwgkrSELt5hGk5CKrncMy7hZ0zub+xZaIsrCl514G/wj/KBCVEDeiEsHKxlO +Dnm/yZ8BpkbFVfqfwA2KpuFHFqYOviPJ6VjWMXGMgJwWZPAUCCKhI3yYuWLRSs7j +XFn7QYelOzbdPUVIsLB3b95YKidNViBUCCDIbXm1ueY6AyQPbWc5IHgQL0eFg8FN +FzN5hHUn+kdnWVbMM3uld6pZmpgwEBp4QzSP7cKho+o= -----END CERTIFICATE----- diff --git a/config/testdata/server.key b/config/testdata/server.key index 126c1b5d..e1226c0e 100644 --- a/config/testdata/server.key +++ b/config/testdata/server.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCXQ8X2JLjOMBJw -6hecwM7y71iLEn1GXgHxGpOyPtjPmbwQMvESsO8AbNbERYWoM3vN7I9KktBaSkFp -f+PdfnHSIZzfQ7VsYLsqEqgIz8XuCH1I6ktU5ILZiLC4XgISyw4JmbdfQrbXJjQP -Suf8rJxZzaFQTIhf8dJ+WyFB8DdQgEhxUCZhJnlkS36RjQ70J/4ZgL85Vbfz0M1h -bNjBx9Mmd5IaFEJWy7z9GkrrF9iNr9HARp/wQF4ONC/n275m/YkLa4xxwQsKxcTE -639EwXU2I/3ttu6H2YhH4Ut8YFPnhRwvgksrXmMaSRc2LPw5I0kiTUO1USISJJ4x -RNgWTqjrAgMBAAECggEAVurwo4FyV7gzwIIi00XPJLT3ceJL7dUy1HHrEG8gchnq -gHxlHdJhYyMnPVydcosyxp75r2YxJtCoSZDdRHbVvGLoGzpy0zW6FnDl8TpCh4aF -RxKp+rvbnFf5A9ew5U+cX1PelHRnT7V6EJeAOiaNKOUJnnR7oHX59/UxZQw9HJnX -3H4xUdRDmSS3BGKXEswbd7beQjqJtEIkbConfaw32yEod0w2MC0LI4miZ87/6Hsk -pyvfpeYxXp4z3BTvFBbf/GEBFuozu63VWHayB9PDmEN/TlphoQpJQihdR2r1lz/H -I5QwVlFTDvUSFitNLu+FoaHOfgLprQndbojBXb+tcQKBgQDHCPyM4V7k97RvJgmB -ELgZiDYufDrjRLXvFzrrZ7ySU3N+nx3Gz/EhtgbHicDjnRVagHBIwi/QAfBJksCd -xcioY5k2OW+8PSTsfFZTAA6XwJp/LGfJik/JjvAVv5CnxBu9lYG4WiSBJFp59ojC -zTmfEuB4GPwrjQvzjlqaSpij9QKBgQDCjriwAB2UJIdlgK+DkryLqgim5I4cteB3 -+juVKz+S8ufFmVvmIXkyDcpyy/26VLC6esy8dV0JoWc4EeitoJvQD1JVZ5+CBTY+ -r9umx18oe2A/ZgcEf/A3Zd94jM1MwriF6YC+eIOhwhpi7T1xTLf3hc9B0OJ5B1mA -vob9rGDtXwKBgD4rkW+UCictNIAvenKFPWxEPuBgT6ij0sx/DhlwCtgOFxprK0rp -syFbkVyMq+KtM3lUez5O4c5wfJUOsPnXSOlISxhD8qHy23C/GdvNPcGrGNc2kKjE -ek20R0wTzWSJ/jxG0gE6rwJjz5sfJfLrVd9ZbyI0c7hK03vdcHGXcXxtAoGAeGHl -BwnbQ3niyTx53VijD2wTVGjhQgSLstEDowYSnTNtk8eTpG6b1gvQc32jLnMOsyQe -oJGiEr5q5re2GBDjuDZyxGOMv9/Hs7wOlkCQsbS9Vh0kRHWBRlXjk2zT7yYhFMLp -pXFeSW2X9BRFS2CkCCUkm93K9AZHLDE3x6ishNMCgYEAsDsUCzGhI49Aqe+CMP2l -WPZl7SEMYS5AtdC5sLtbLYBl8+rMXVGL2opKXqVFYBYkqMJiHGdX3Ub6XSVKLYkN -vm4PWmlQS24ZT+jlUl4jk6JU6SAlM/o6ixZl5KNR7yQm6zN2O/RHDeYm0urUQ9tF -9dux7LbIFeOoJmoDTWG2+fI= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC9bLZ/0S++5EHr +Xf9QeAMrdgPaAUggE5Bmyc5uBuX6LQ3AsEYoRBCgYXmHophMKfr5uw9Ex5BcXFVg +zUXauOTdKHLIi6E+SwAJgrAs3NYXyQL0zSbHESjzd7WXwnbC4AfXNFvg7RpZpbS3 +Fgk9Nb3ZAwedfDvwY71eApnPMuGsTHo+TLKOmGgHT1ncDb/MgwRc2JDwc9orCBfE +NqfYlD22wK8pCtMZX+t9zE0FVhEK7rHz18laPIxXFpFRFPggTg8pngQh5vHk6ESv +1yWSCGT8LBwuT3FTkVMd5fl7Ug8h2lzdGWiWynBq8cQNB6/4ZROS6e9ls4mG/cB0 +XKRrSWLFAgMBAAECggEAezQ0V1o11dEc1vuiTjJgzWnLA4aF5OcUquZjb8jo2Blp +soR0fUgYEFiV9RRaPl+nr7ptKe0rBgfAOGALKUHNCdN/JNU8oQmjEoyADg3s6jeB +xruQlzWgDwszf2uqVwHj16Nkhx1wYBKZQeQBSmCkBHwl/daKHcahqn3CkLOleKx+ +Qlc3BzWNaGte6qpJMs0It3by1FuxRwVz5VkL8uhzj0WIOYMA84t0gTnFH9gfRO3F +licotxg/Nl5M36wWcfL8Jq++72AtaKcD1jUEwuQpogrVeqflmeHwn/TlL++Hv6Xe +Lq0jt3OCUKUV40eq9c5uEgTmyrVHMDkfFdXzutdMAQKBgQDsSMXk7P4SX6u6uTjV +In9eWw6ZyJ2aL6VB9co/NMsj49GrrFT8VX9d+JPe9P/n6tuGcFbymNep22njRksR +0ItpW1NFRR/R3g0kYe1EhkRpNm6fhY9oIuR9xhcNnPNYkqAKT3T/dxrzbwsNhomi +X8aht/eCz4ZsK/KdOGTkPozxgQKBgQDNOvrclT1Wl4bxONp9pEV5XpRSD/qigfIp +i5wxy7ihX/QY9RToIWJDnzMVLnEYe64RB2WB8/4WwNPOQcuaxXbFUFct/2NdhTnS +ToJPgPe819zW9t1FLTf1fHtsRBpGFtbhdlUDOiOtJiMXYiwlRh2uyWFhjOo8TNUE +qMwai0vLRQKBgQCDH4t6lC4W4jK5x2oLlT5bjWqX2uXjF8e8x/q5gsGspBPKEjOD +aKrq6jSdSRbui73RaGxH6pvb7iBf+LVWKIYFLKIUUdzrqS9f3lw+Z8h1HrjbG9JO +dvaX+aL3cf71S0E3F4sU7fLt3tSiZ+PfUQk424+mbyXox6a2qwIKS9AJgQKBgHCu +dHROYJo9ojKpo5Ueb6K+4jLYYSV+sYZMCBtzHlFETNKzJaJ6SeiU7Ugw8pmdtqnU +5M/gNl8pymFR0MeOqbKWdPdlZJpBfsjQoE2kouEFqFRCwKStui7IBUAheEeJXLv3 +659U+aek69l35oMkp0GDgjs8UpN/H+pp/36Hgrr9AoGAftWU405rpStHEdRVrazP +FibQesT9HOdJgmm1gNIhj+PnFs7lKER9p0Wdl79QnIqjwyhjCXL94TFerzTKLY2c +IRj5dcRHiiT0iK8wq8bzGNYCqV73oQXaUFMiutNAArXwzwuvPFPWNBQsjLzeDLeC +mcOsCcPAk8cLYtVfZo2sP3g= -----END PRIVATE KEY----- diff --git a/config/testdata/tls-ca-chain.pem b/config/testdata/tls-ca-chain.pem index 03e4189e..722264d8 100644 --- a/config/testdata/tls-ca-chain.pem +++ b/config/testdata/tls-ca-chain.pem @@ -2,34 +2,34 @@ Certificate: Data: Version: 3 (0x2) Serial Number: 2 (0x2) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=NO, O=Green AS, OU=Green Certificate Authority, CN=Green Root CA + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, O=Prometheus, OU=Prometheus Certificate Authority, CN=Prometheus Root CA Validity - Not Before: Jul 13 03:47:20 2017 GMT - Not After : Jul 13 03:47:20 2027 GMT - Subject: C=NO, O=Green AS, OU=Green Certificate Authority, CN=Green TLS CA + Not Before: Apr 5 08:00:37 2019 GMT + Not After : Mar 26 08:00:37 2059 GMT + Subject: C=US, O=Prometheus, OU=Prometheus Certificate Authority, CN=Prometheus TLS CA Subject Public Key Info: Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) + RSA Public-Key: (2048 bit) Modulus: - 00:b5:5a:b3:7a:7f:6a:5b:e9:ee:62:ee:4f:61:42: - 79:93:06:bf:81:fc:9a:1f:b5:80:83:7c:b3:a6:94: - 54:58:8a:b1:74:cb:c3:b8:3c:23:a8:69:1f:ca:2b: - af:be:97:ba:31:73:b5:b8:ce:d9:bf:bf:9a:7a:cf: - 3a:64:51:83:c9:36:d2:f7:3b:3a:0e:4c:c7:66:2e: - bf:1a:df:ce:10:aa:3d:0f:19:74:03:7e:b5:10:bb: - e8:37:bd:62:f0:42:2d:df:3d:ca:70:50:10:17:ce: - a9:ec:55:8e:87:6f:ce:9a:04:36:14:96:cb:d1:a5: - 48:d5:d2:87:02:62:93:4e:21:4a:ff:be:44:f1:d2: - 7e:ed:74:da:c2:51:26:8e:03:a0:c2:bd:bd:5f:b0: - 50:11:78:fd:ab:1d:04:86:6c:c1:8d:20:bd:05:5f: - 51:67:c6:d3:07:95:92:2d:92:90:00:c6:9f:2d:dd: - 36:5c:dc:78:10:7c:f6:68:39:1d:2c:e0:e1:26:64: - 4f:36:34:66:a7:84:6a:90:15:3a:94:b7:79:b1:47: - f5:d2:51:95:54:bf:92:76:9a:b9:88:ee:63:f9:6c: - 0d:38:c6:b6:1c:06:43:ed:24:1d:bb:6c:72:48:cc: - 8c:f4:35:bc:43:fe:a6:96:4c:31:5f:82:0d:0d:20: - 2a:3d + 00:aa:d2:34:6b:ed:f1:f4:01:08:e5:00:9f:75:c8: + ba:fc:4b:72:c6:04:93:af:f1:f6:b5:ce:01:0d:c6: + bd:d3:16:98:9d:e5:51:56:12:58:16:ee:18:6e:f0: + 68:a9:42:16:65:cf:e3:31:f5:90:79:9d:13:32:87: + 3b:1f:65:fd:84:88:a4:56:3d:26:54:69:05:27:5a: + ea:89:02:e7:31:9b:7d:7f:76:93:54:70:bc:17:92: + 06:9f:9f:90:4a:8a:cf:82:a7:7b:7c:71:c4:fa:34: + 56:00:32:1a:85:c5:f8:e4:4a:63:43:37:9d:60:84: + 4d:78:6e:87:12:c4:2b:1f:93:a5:fe:cc:5e:f1:df: + c1:97:ff:b7:3e:20:38:1d:71:15:11:ec:6c:7a:cc: + 0e:87:52:31:b1:b9:74:c3:07:1c:42:4b:1e:c1:17: + bc:e4:13:b7:b0:20:2e:c4:07:93:bd:a8:11:f9:da: + a7:d0:df:4a:48:be:9b:6d:65:c3:ae:58:56:c0:9f: + 17:c5:d8:32:b1:04:22:fb:5b:18:f6:20:10:50:ec: + 2d:10:4f:cc:48:8f:f2:75:dd:33:a4:0e:f5:55:da: + 2c:89:a1:3a:52:bb:11:11:0b:97:27:17:73:35:da: + 10:71:b3:9f:a8:42:91:e6:3a:66:00:f9:e5:11:8f: + 5b:57 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical @@ -37,90 +37,91 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE, pathlen:0 X509v3 Subject Key Identifier: - AE:42:88:75:DD:05:A6:8E:48:7F:50:69:F9:B7:34:23:49:B8:B4:71 + 4D:02:BF:71:95:6A:AA:58:C5:9C:B8:83:67:5E:64:16:99:E1:2A:9E X509v3 Authority Key Identifier: - keyid:60:93:53:2F:C7:CF:2A:D7:F3:09:28:F6:3C:AE:9C:50:EC:93:63:E5 + keyid:3C:1E:A8:C6:4C:05:4D:20:EC:88:DB:29:D4:7B:F9:12:5D:CE:EA:1A Authority Information Access: - CA Issuers - URI:http://green.no/ca/root-ca.cer + CA Issuers - URI:https://example.com/ca/root-ca.cer X509v3 CRL Distribution Points: Full Name: - URI:http://green.no/ca/root-ca.crl + URI:https://example.com/ca/root-ca.crl Signature Algorithm: sha1WithRSAEncryption - 15:a7:ac:d7:25:9e:2a:d4:d1:14:b4:99:38:3d:2f:73:61:2a: - d9:b6:8b:13:ea:fe:db:78:d9:0a:6c:df:26:6e:c1:d5:4a:97: - 42:19:dd:97:05:03:e4:2b:fc:1e:1f:38:3c:4e:b0:3b:8c:38: - ad:2b:65:fa:35:2d:81:8e:e0:f6:0a:89:4c:38:97:01:4b:9c: - ac:4e:e1:55:17:ef:0a:ad:a7:eb:1e:4b:86:23:12:f1:52:69: - cb:a3:8a:ce:fb:14:8b:86:d7:bb:81:5e:bd:2a:c7:a7:79:58: - 00:10:c0:db:ff:d4:a5:b9:19:74:b3:23:19:4a:1f:78:4b:a8: - b6:f6:20:26:c1:69:f9:89:7f:b8:1c:3b:a2:f9:37:31:80:2c: - b0:b6:2b:d2:84:44:d7:42:e4:e6:44:51:04:35:d9:1c:a4:48: - c6:b7:35:de:f2:ae:da:4b:ba:c8:09:42:8d:ed:7a:81:dc:ed: - 9d:f0:de:6e:21:b9:01:1c:ad:64:3d:25:4c:91:94:f1:13:18: - bb:89:e9:48:ac:05:73:07:c8:db:bd:69:8e:6f:02:9d:b0:18: - c0:b9:e1:a8:b1:17:50:3d:ac:05:6e:6f:63:4f:b1:73:33:60: - 9a:77:d2:81:8a:01:38:43:e9:4c:3c:90:63:a4:99:4b:d2:1b: - f9:1b:ec:ee + 63:fc:ba:30:a5:05:d6:76:14:f1:77:38:b1:41:6f:81:d9:b4: + 02:fd:bc:e5:f6:d9:e6:73:e0:71:cf:4c:fb:13:b5:6b:bd:b9: + c6:f6:28:18:36:e1:8c:d9:93:b3:78:4a:3d:39:1b:f4:fb:69: + 75:24:ae:e1:a0:2f:94:05:bf:10:3c:3e:d2:2b:a8:f3:31:25: + 2e:ed:13:ad:60:5d:22:9a:26:15:20:86:98:73:4c:f6:4b:48: + b8:1f:67:ba:4e:c9:47:ed:85:dc:38:dc:02:0c:fb:54:d5:2e: + 6c:b4:95:18:51:d1:ae:ea:e8:fb:b4:19:50:04:bc:31:7e:51: + 9e:85:29:4d:c8:f7:26:d6:d6:8d:35:2d:9e:e2:06:16:38:e2: + 56:80:ec:f3:a3:34:e3:28:c4:e8:10:d0:8a:a6:6f:20:9a:b9: + dc:b9:90:6b:ba:8a:27:2c:29:72:28:55:e7:59:a6:a7:90:ec: + 32:e8:d0:26:4a:c1:44:dd:20:bf:dc:4d:1e:7e:cc:e5:a2:5b: + e8:df:3d:4b:01:aa:48:56:17:e9:29:d8:71:83:05:36:8c:11: + 4f:77:b8:95:20:b7:c7:21:06:c2:87:97:b4:6b:d3:f7:23:ba: + 4d:5f:15:d1:0c:4d:6e:f1:6a:9d:57:5c:02:6a:d7:31:18:ef: + 5c:fc:f8:04 -----BEGIN CERTIFICATE----- -MIIECzCCAvOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJOTzER -MA8GA1UECgwIR3JlZW4gQVMxJDAiBgNVBAsMG0dyZWVuIENlcnRpZmljYXRlIEF1 -dGhvcml0eTEWMBQGA1UEAwwNR3JlZW4gUm9vdCBDQTAeFw0xNzA3MTMwMzQ3MjBa -Fw0yNzA3MTMwMzQ3MjBaMF0xCzAJBgNVBAYTAk5PMREwDwYDVQQKDAhHcmVlbiBB -UzEkMCIGA1UECwwbR3JlZW4gQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRUwEwYDVQQD -DAxHcmVlbiBUTFMgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1 -WrN6f2pb6e5i7k9hQnmTBr+B/JoftYCDfLOmlFRYirF0y8O4PCOoaR/KK6++l7ox -c7W4ztm/v5p6zzpkUYPJNtL3OzoOTMdmLr8a384Qqj0PGXQDfrUQu+g3vWLwQi3f -PcpwUBAXzqnsVY6Hb86aBDYUlsvRpUjV0ocCYpNOIUr/vkTx0n7tdNrCUSaOA6DC -vb1fsFAReP2rHQSGbMGNIL0FX1FnxtMHlZItkpAAxp8t3TZc3HgQfPZoOR0s4OEm -ZE82NGanhGqQFTqUt3mxR/XSUZVUv5J2mrmI7mP5bA04xrYcBkPtJB27bHJIzIz0 -NbxD/qaWTDFfgg0NICo9AgMBAAGjgdQwgdEwDgYDVR0PAQH/BAQDAgEGMBIGA1Ud -EwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFK5CiHXdBaaOSH9Qafm3NCNJuLRxMB8G -A1UdIwQYMBaAFGCTUy/HzyrX8wko9jyunFDsk2PlMDoGCCsGAQUFBwEBBC4wLDAq -BggrBgEFBQcwAoYeaHR0cDovL2dyZWVuLm5vL2NhL3Jvb3QtY2EuY2VyMC8GA1Ud -HwQoMCYwJKAioCCGHmh0dHA6Ly9ncmVlbi5uby9jYS9yb290LWNhLmNybDANBgkq -hkiG9w0BAQUFAAOCAQEAFaes1yWeKtTRFLSZOD0vc2Eq2baLE+r+23jZCmzfJm7B -1UqXQhndlwUD5Cv8Hh84PE6wO4w4rStl+jUtgY7g9gqJTDiXAUucrE7hVRfvCq2n -6x5LhiMS8VJpy6OKzvsUi4bXu4FevSrHp3lYABDA2//UpbkZdLMjGUofeEuotvYg -JsFp+Yl/uBw7ovk3MYAssLYr0oRE10Lk5kRRBDXZHKRIxrc13vKu2ku6yAlCje16 -gdztnfDebiG5ARytZD0lTJGU8RMYu4npSKwFcwfI271pjm8CnbAYwLnhqLEXUD2s -BW5vY0+xczNgmnfSgYoBOEPpTDyQY6SZS9Ib+Rvs7g== +MIIELTCCAxWgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzET +MBEGA1UECgwKUHJvbWV0aGV1czEpMCcGA1UECwwgUHJvbWV0aGV1cyBDZXJ0aWZp +Y2F0ZSBBdXRob3JpdHkxGzAZBgNVBAMMElByb21ldGhldXMgUm9vdCBDQTAgFw0x +OTA0MDUwODAwMzdaGA8yMDU5MDMyNjA4MDAzN1owaTELMAkGA1UEBhMCVVMxEzAR +BgNVBAoMClByb21ldGhldXMxKTAnBgNVBAsMIFByb21ldGhldXMgQ2VydGlmaWNh +dGUgQXV0aG9yaXR5MRowGAYDVQQDDBFQcm9tZXRoZXVzIFRMUyBDQTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKrSNGvt8fQBCOUAn3XIuvxLcsYEk6/x +9rXOAQ3GvdMWmJ3lUVYSWBbuGG7waKlCFmXP4zH1kHmdEzKHOx9l/YSIpFY9JlRp +BSda6okC5zGbfX92k1RwvBeSBp+fkEqKz4Kne3xxxPo0VgAyGoXF+ORKY0M3nWCE +TXhuhxLEKx+Tpf7MXvHfwZf/tz4gOB1xFRHsbHrMDodSMbG5dMMHHEJLHsEXvOQT +t7AgLsQHk72oEfnap9DfSki+m21lw65YVsCfF8XYMrEEIvtbGPYgEFDsLRBPzEiP +8nXdM6QO9VXaLImhOlK7ERELlycXczXaEHGzn6hCkeY6ZgD55RGPW1cCAwEAAaOB +3DCB2TAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4E +FgQUTQK/cZVqqljFnLiDZ15kFpnhKp4wHwYDVR0jBBgwFoAUPB6oxkwFTSDsiNsp +1Hv5El3O6howPgYIKwYBBQUHAQEEMjAwMC4GCCsGAQUFBzAChiJodHRwczovL2V4 +YW1wbGUuY29tL2NhL3Jvb3QtY2EuY2VyMDMGA1UdHwQsMCowKKAmoCSGImh0dHBz +Oi8vZXhhbXBsZS5jb20vY2Evcm9vdC1jYS5jcmwwDQYJKoZIhvcNAQEFBQADggEB +AGP8ujClBdZ2FPF3OLFBb4HZtAL9vOX22eZz4HHPTPsTtWu9ucb2KBg24YzZk7N4 +Sj05G/T7aXUkruGgL5QFvxA8PtIrqPMxJS7tE61gXSKaJhUghphzTPZLSLgfZ7pO +yUfthdw43AIM+1TVLmy0lRhR0a7q6Pu0GVAEvDF+UZ6FKU3I9ybW1o01LZ7iBhY4 +4laA7POjNOMoxOgQ0IqmbyCaudy5kGu6iicsKXIoVedZpqeQ7DLo0CZKwUTdIL/c +TR5+zOWiW+jfPUsBqkhWF+kp2HGDBTaMEU93uJUgt8chBsKHl7Rr0/cjuk1fFdEM +TW7xap1XXAJq1zEY71z8+AQ= -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=NO, O=Green AS, OU=Green Certificate Authority, CN=Green Root CA + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, O=Prometheus, OU=Prometheus Certificate Authority, CN=Prometheus Root CA Validity - Not Before: Jul 13 03:44:39 2017 GMT - Not After : Dec 31 23:59:59 2030 GMT - Subject: C=NO, O=Green AS, OU=Green Certificate Authority, CN=Green Root CA + Not Before: Apr 5 07:55:00 2019 GMT + Not After : Mar 26 07:55:00 2059 GMT + Subject: C=US, O=Prometheus, OU=Prometheus Certificate Authority, CN=Prometheus Root CA Subject Public Key Info: Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) + RSA Public-Key: (2048 bit) Modulus: - 00:a7:e8:ed:de:d4:54:08:41:07:40:d5:c0:43:d6: - ab:d3:9e:21:87:c6:13:bf:a7:cf:3d:08:4f:c1:fe: - 8f:e5:6c:c5:89:97:e5:27:75:26:c3:2a:73:2d:34: - 7c:6f:35:8d:40:66:61:05:c0:eb:e9:b3:38:47:f8: - 8b:26:35:2c:df:dc:24:31:fe:72:e3:87:10:d1:f7: - a0:57:b7:f3:b1:1a:fe:c7:4b:f8:7b:14:6d:73:08: - 54:eb:63:3c:0c:ce:22:95:5f:3f:f2:6f:89:ae:63: - da:80:74:36:21:13:e8:91:01:58:77:cc:c2:f2:42: - bf:eb:b3:60:a7:21:ed:88:24:7f:eb:ff:07:41:9b: - 93:c8:5f:6a:8e:a6:1a:15:3c:bc:e7:0d:fd:05:fd: - 3c:c1:1c:1d:1f:57:2b:40:27:62:a1:7c:48:63:c1: - 45:e7:2f:20:ed:92:1c:42:94:e4:58:70:7a:b6:d2: - 85:c5:61:d8:cd:c6:37:6b:72:3b:7f:af:55:81:d6: - 9d:dc:10:c9:d8:0e:81:e4:5e:40:13:2f:20:e8:6b: - 46:81:ce:88:47:dd:38:71:3d:ef:21:cc:c0:67:cf: - 0a:f4:e9:3f:a8:9d:26:25:2e:23:1e:a3:11:18:cb: - d1:70:1c:9e:7d:09:b1:a4:20:dc:95:15:1d:49:cf: - 1b:ad + 00:bf:b9:e2:ab:5f:61:22:e1:4e:cd:ee:da:b0:26: + 2e:bb:b0:7e:1c:ce:10:be:16:29:35:0c:0c:1d:93: + 01:29:2a:f6:f9:c2:6e:5c:10:44:ca:f8:dc:ad:7a: + 06:64:0f:8a:18:ad:b2:a2:94:49:c9:ba:8c:45:94: + 7c:d9:e0:11:45:d8:16:79:a2:20:9f:8c:63:60:72: + 2a:5b:f9:66:80:ac:85:67:01:5a:eb:91:c1:d2:88: + 87:9e:4c:18:c9:f2:f0:7a:18:c0:e6:ab:2c:78:de: + 5f:b2:22:4e:94:9c:f5:cd:e6:e2:33:30:e9:20:10: + a6:a1:75:eb:59:ab:45:a9:f7:3e:54:40:ae:05:25: + be:74:c5:3a:fd:af:73:16:60:45:7c:4a:e0:0e:0d: + a1:15:7f:9a:1f:c2:a7:04:ad:ef:b3:e4:f6:00:2c: + 4e:0b:04:90:49:ee:d3:db:a6:12:c4:91:0b:32:4f: + 11:84:c7:c4:8a:ef:51:66:7a:b0:20:2f:cb:95:8d: + 96:57:60:66:5e:f9:4f:5a:94:9c:71:ad:eb:ca:70: + 3e:62:06:c2:3a:29:f8:9e:86:af:da:07:78:f8:31: + af:42:48:49:9e:4a:df:1b:27:1f:44:35:81:6d:fa: + 7a:c5:6a:0a:35:23:c7:c4:d5:fe:c9:9e:61:c9:30: + cd:1f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical @@ -128,45 +129,45 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: - 60:93:53:2F:C7:CF:2A:D7:F3:09:28:F6:3C:AE:9C:50:EC:93:63:E5 + 3C:1E:A8:C6:4C:05:4D:20:EC:88:DB:29:D4:7B:F9:12:5D:CE:EA:1A X509v3 Authority Key Identifier: - keyid:60:93:53:2F:C7:CF:2A:D7:F3:09:28:F6:3C:AE:9C:50:EC:93:63:E5 + keyid:3C:1E:A8:C6:4C:05:4D:20:EC:88:DB:29:D4:7B:F9:12:5D:CE:EA:1A Signature Algorithm: sha1WithRSAEncryption - a7:77:71:8b:1a:e5:5a:5b:87:54:08:bf:07:3e:cb:99:2f:dc: - 0e:8d:63:94:95:83:19:c9:92:82:d5:cb:5b:8f:1f:86:55:bc: - 70:01:1d:33:46:ec:99:de:6b:1f:c3:c2:7a:dd:ef:69:ab:96: - 58:ec:6c:6f:6c:70:82:71:8a:7f:f0:3b:80:90:d5:64:fa:80: - 27:b8:7b:50:69:98:4b:37:99:ad:bf:a2:5b:93:22:5e:96:44: - 3c:5a:cf:0c:f4:62:63:4a:6f:72:a7:f6:89:1d:09:26:3d:8f: - a8:86:d4:b4:bc:dd:b3:38:ca:c0:59:16:8c:20:1f:89:35:12: - b4:2d:c0:e9:de:93:e0:39:76:32:fc:80:db:da:44:26:fd:01: - 32:74:97:f8:44:ae:fe:05:b1:34:96:13:34:56:73:b4:93:a5: - 55:56:d1:01:51:9d:9c:55:e7:38:53:28:12:4e:38:72:0c:8f: - bd:91:4c:45:48:3b:e1:0d:03:5f:58:40:c9:d3:a0:ac:b3:89: - ce:af:27:8a:0f:ab:ec:72:4d:40:77:30:6b:36:fd:32:46:9f: - ee:f9:c4:f5:17:06:0f:4b:d3:88:f5:a4:2f:3d:87:9e:f5:26: - 74:f0:c9:dc:cb:ad:d9:a7:8a:d3:71:15:00:d3:5d:9f:4c:59: - 3e:24:63:f5 + 56:2f:79:e5:12:91:f5:19:a7:d1:32:28:fd:e3:9d:8f:e1:3c: + bb:a3:a5:f2:55:8a:03:ad:2c:1d:18:82:e1:7f:19:75:d9:47: + 5b:e7:7c:e4:a5:e0:eb:dc:7e:24:a3:7d:99:1a:cf:39:ba:a5: + b4:b8:45:68:83:cf:70:ad:56:f2:34:73:65:fc:6c:b0:53:9a: + 79:04:f7:3e:7e:4b:22:1b:e7:76:23:20:bc:9c:05:a2:5d:01: + d2:f0:09:49:17:b2:61:74:1a:5b:f4:e0:fd:ce:11:ba:13:4a: + e6:07:11:7d:30:e2:11:87:ee:33:1a:68:de:67:f4:ac:b5:58: + 1a:ac:cf:7a:2d:fd:c3:44:5b:4b:cd:6c:ff:f6:49:b4:55:4a: + 09:a0:92:2d:57:3b:69:85:54:3e:e9:ec:ef:b2:a5:7a:29:75: + 2b:f8:eb:4b:d4:cf:68:ee:3e:c8:63:7e:12:eb:e4:2f:63:a3: + a7:c8:0f:e9:39:ff:5c:29:65:7f:25:f0:42:bf:07:ba:06:b8: + 5e:d6:56:ba:f8:67:56:1b:42:aa:b3:04:d8:6e:88:10:a5:70: + b5:81:04:a4:90:a3:f0:83:4d:0c:6b:12:5d:a4:4c:83:5a:ff: + a8:7a:86:61:ff:0f:4c:e5:0f:17:d1:64:3c:bd:d9:22:7e:b7: + fa:9b:83:ba -----BEGIN CERTIFICATE----- -MIIDnDCCAoSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJOTzER -MA8GA1UECgwIR3JlZW4gQVMxJDAiBgNVBAsMG0dyZWVuIENlcnRpZmljYXRlIEF1 -dGhvcml0eTEWMBQGA1UEAwwNR3JlZW4gUm9vdCBDQTAgFw0xNzA3MTMwMzQ0Mzla -GA8yMDMwMTIzMTIzNTk1OVowXjELMAkGA1UEBhMCTk8xETAPBgNVBAoMCEdyZWVu -IEFTMSQwIgYDVQQLDBtHcmVlbiBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxFjAUBgNV -BAMMDUdyZWVuIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB -AQCn6O3e1FQIQQdA1cBD1qvTniGHxhO/p889CE/B/o/lbMWJl+UndSbDKnMtNHxv -NY1AZmEFwOvpszhH+IsmNSzf3CQx/nLjhxDR96BXt/OxGv7HS/h7FG1zCFTrYzwM -ziKVXz/yb4muY9qAdDYhE+iRAVh3zMLyQr/rs2CnIe2IJH/r/wdBm5PIX2qOphoV -PLznDf0F/TzBHB0fVytAJ2KhfEhjwUXnLyDtkhxClORYcHq20oXFYdjNxjdrcjt/ -r1WB1p3cEMnYDoHkXkATLyDoa0aBzohH3ThxPe8hzMBnzwr06T+onSYlLiMeoxEY -y9FwHJ59CbGkINyVFR1JzxutAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNV -HRMBAf8EBTADAQH/MB0GA1UdDgQWBBRgk1Mvx88q1/MJKPY8rpxQ7JNj5TAfBgNV -HSMEGDAWgBRgk1Mvx88q1/MJKPY8rpxQ7JNj5TANBgkqhkiG9w0BAQUFAAOCAQEA -p3dxixrlWluHVAi/Bz7LmS/cDo1jlJWDGcmSgtXLW48fhlW8cAEdM0bsmd5rH8PC -et3vaauWWOxsb2xwgnGKf/A7gJDVZPqAJ7h7UGmYSzeZrb+iW5MiXpZEPFrPDPRi -Y0pvcqf2iR0JJj2PqIbUtLzdszjKwFkWjCAfiTUStC3A6d6T4Dl2MvyA29pEJv0B -MnSX+ESu/gWxNJYTNFZztJOlVVbRAVGdnFXnOFMoEk44cgyPvZFMRUg74Q0DX1hA -ydOgrLOJzq8nig+r7HJNQHcwazb9Mkaf7vnE9RcGD0vTiPWkLz2HnvUmdPDJ3Mut -2aeK03EVANNdn0xZPiRj9Q== +MIIDtDCCApygAwIBAgIBATANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzET +MBEGA1UECgwKUHJvbWV0aGV1czEpMCcGA1UECwwgUHJvbWV0aGV1cyBDZXJ0aWZp +Y2F0ZSBBdXRob3JpdHkxGzAZBgNVBAMMElByb21ldGhldXMgUm9vdCBDQTAgFw0x +OTA0MDUwNzU1MDBaGA8yMDU5MDMyNjA3NTUwMFowajELMAkGA1UEBhMCVVMxEzAR +BgNVBAoMClByb21ldGhldXMxKTAnBgNVBAsMIFByb21ldGhldXMgQ2VydGlmaWNh +dGUgQXV0aG9yaXR5MRswGQYDVQQDDBJQcm9tZXRoZXVzIFJvb3QgQ0EwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/ueKrX2Ei4U7N7tqwJi67sH4czhC+ +Fik1DAwdkwEpKvb5wm5cEETK+NytegZkD4oYrbKilEnJuoxFlHzZ4BFF2BZ5oiCf +jGNgcipb+WaArIVnAVrrkcHSiIeeTBjJ8vB6GMDmqyx43l+yIk6UnPXN5uIzMOkg +EKahdetZq0Wp9z5UQK4FJb50xTr9r3MWYEV8SuAODaEVf5ofwqcEre+z5PYALE4L +BJBJ7tPbphLEkQsyTxGEx8SK71FmerAgL8uVjZZXYGZe+U9alJxxrevKcD5iBsI6 +Kfiehq/aB3j4Ma9CSEmeSt8bJx9ENYFt+nrFago1I8fE1f7JnmHJMM0fAgMBAAGj +YzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQ8 +HqjGTAVNIOyI2ynUe/kSXc7qGjAfBgNVHSMEGDAWgBQ8HqjGTAVNIOyI2ynUe/kS +Xc7qGjANBgkqhkiG9w0BAQUFAAOCAQEAVi955RKR9Rmn0TIo/eOdj+E8u6Ol8lWK +A60sHRiC4X8ZddlHW+d85KXg69x+JKN9mRrPObqltLhFaIPPcK1W8jRzZfxssFOa +eQT3Pn5LIhvndiMgvJwFol0B0vAJSReyYXQaW/Tg/c4RuhNK5gcRfTDiEYfuMxpo +3mf0rLVYGqzPei39w0RbS81s//ZJtFVKCaCSLVc7aYVUPuns77Kleil1K/jrS9TP +aO4+yGN+EuvkL2Ojp8gP6Tn/XCllfyXwQr8Huga4XtZWuvhnVhtCqrME2G6IEKVw +tYEEpJCj8INNDGsSXaRMg1r/qHqGYf8PTOUPF9FkPL3ZIn63+puDug== -----END CERTIFICATE-----