From 7f4f066a859850e551fa60d546ac9d8b5acd450b Mon Sep 17 00:00:00 2001
From: Brooke <brooke.souza@topcoder.com>
Date: Mon, 1 Aug 2022 14:21:49 -0700
Subject: [PATCH 1/2] PROD-2738 #comment add a readme and make the cert last
 longer #time 30m

---
 ssl/README.md   | 73 +++++++++++++++++++++++++++++++++++++++++++++++++
 ssl/cert.conf   |  9 ++++++
 ssl/csr.conf    | 14 ++++++++++
 ssl/rootCA.crt  | 18 ++++++++++++
 ssl/rootCA.key  | 28 +++++++++++++++++++
 ssl/rootCA.srl  |  1 +
 ssl/server.cert | 20 --------------
 ssl/server.crt  | 23 ++++++++++++++++
 ssl/server.csr  | 17 ++++++++++++
 ssl/server.key  | 55 ++++++++++++++++++-------------------
 start-ssl.sh    |  2 +-
 11 files changed, 211 insertions(+), 49 deletions(-)
 create mode 100644 ssl/README.md
 create mode 100644 ssl/cert.conf
 create mode 100644 ssl/csr.conf
 create mode 100644 ssl/rootCA.crt
 create mode 100644 ssl/rootCA.key
 create mode 100644 ssl/rootCA.srl
 delete mode 100644 ssl/server.cert
 create mode 100644 ssl/server.crt
 create mode 100644 ssl/server.csr

diff --git a/ssl/README.md b/ssl/README.md
new file mode 100644
index 000000000..d4b9b8246
--- /dev/null
+++ b/ssl/README.md
@@ -0,0 +1,73 @@
+# Instructions for Creating a Self-Signed Cert
+
+These are based off:
+(https://devopscube.com/create-self-signed-certificates-openssl/)[https://devopscube.com/create-self-signed-certificates-openssl/]
+
+## Create the Certificate Authority
+
+```
+openssl req -x509 \
+            -sha256 -days 356 \
+            -nodes \
+            -newkey rsa:2048 \
+            -subj "/CN=*.topcoder-dev.com/C=US/L=Los Angeles" \
+            -keyout rootCA.key -out rootCA.crt 
+```
+
+## Create the Server Private Key
+
+```
+openssl genrsa -out server.key 2048
+```
+
+## Create Cert Signing Request Config
+
+```
+cat > csr.conf <<EOF
+[ req ]
+default_bits = 2048
+prompt = no
+default_md = sha256
+distinguished_name = dn
+
+[ dn ]
+C = US
+ST = California
+L = Los Angeles
+O = Topcoder
+OU = Topcoder Dev
+CN = *.topcoder-dev.com
+
+EOF
+```
+
+## Generate Cert Signing Request (CSR)
+
+```
+openssl req -new -key server.key -out server.csr -config csr.conf
+```
+
+## Create External File
+
+```
+cat > cert.conf <<EOF
+
+authorityKeyIdentifier=keyid,issuer
+basicConstraints=CA:FALSE
+keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = *.topcoder-dev.com
+```
+
+## Generate SSL Cert w/Self-Signed CA
+
+```
+openssl x509 -req \
+    -in server.csr \
+    -CA rootCA.crt -CAkey rootCA.key \
+    -CAcreateserial -out server.crt \
+    -days 365 \
+    -sha256 -extfile cert.conf
+```
diff --git a/ssl/cert.conf b/ssl/cert.conf
new file mode 100644
index 000000000..7e1e268bd
--- /dev/null
+++ b/ssl/cert.conf
@@ -0,0 +1,9 @@
+
+authorityKeyIdentifier=keyid,issuer
+basicConstraints=CA:FALSE
+keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = *.topcoder-dev.com
+
diff --git a/ssl/csr.conf b/ssl/csr.conf
new file mode 100644
index 000000000..e8b348bf4
--- /dev/null
+++ b/ssl/csr.conf
@@ -0,0 +1,14 @@
+[ req ]
+default_bits = 2048
+prompt = no
+default_md = sha256
+distinguished_name = dn
+
+[ dn ]
+C = US
+ST = California
+L = Los Angeles
+O = Topcoder
+OU = Topcoder Dev
+CN = *.topcoder-dev.com
+
diff --git a/ssl/rootCA.crt b/ssl/rootCA.crt
new file mode 100644
index 000000000..240cbb7a4
--- /dev/null
+++ b/ssl/rootCA.crt
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC/DCCAeQCCQCpwc5kEHDsdDANBgkqhkiG9w0BAQsFADBAMRswGQYDVQQDDBIq
+LnRvcGNvZGVyLWRldi5jb20xCzAJBgNVBAYTAlVTMRQwEgYDVQQHDAtMb3MgQW5n
+ZWxlczAeFw0yMjA4MDEyMDAyNTZaFw0yMzA3MjMyMDAyNTZaMEAxGzAZBgNVBAMM
+EioudG9wY29kZXItZGV2LmNvbTELMAkGA1UEBhMCVVMxFDASBgNVBAcMC0xvcyBB
+bmdlbGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwd908Oaapq6J
+ehpUWKVApWsmyFOcYAOTT1Pci46mlFUwT/NIF1oGgzn4NuIqrFD73H+zEN0YQvUT
+ANbC1Pjks/BuX1pIwhVzR9X1U9x4pPqRlJTYXJ6DPXbW8oE5OYxVhh3L/o24GNcO
+lUHJZVzxV9g2VxbtursrZj6Z/6v66+LSPC4DX4q/OwQq09SbtqhXDCoa1VYTsoCX
+fwWaNhTe5/KYejETLkhkjIR2GFOZqWgyWKiKc3c2PNey+OuiyXJu2N84LOEp8FJL
+yWTcJBAG70FcxWg5O5pWwhJ8d5exYUz5DfG89OxJ+bQS1vSX7ZS9OM9wTaEX5VnV
+JEXLZtb58QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAcOSomJQ3rKqqUF0aRFlu6
+PQ04OXhylktUqzRVS7R3/x2ki2CQriC1Vsvfp46U7AfqnqivB4aAG7nSL4nbH6r7
+4SGW5USls7K3eAC8wdy1KX/qLYFW7NneV/ncpS0uS04BlJmvdQsPcuTN4bhbeXkL
+tN73wXmX9NzLcrIWWhr6Wa4Ki6/oj//gdbOTNEs68iduK+NZISbdU7NeqWMmPkGb
+oEEh3vOzISsHtm+68uitnylKCniuTRsbisZQvQ7mqGbwiexLvj6UEHbbBdzJ+rS5
+Zm+uyRd0PpOAM4Sh5Dewm/oD+iWJtosSIoKWJjTdnSKqDmGUC1l2DqFoRhOuVXzk
+-----END CERTIFICATE-----
diff --git a/ssl/rootCA.key b/ssl/rootCA.key
new file mode 100644
index 000000000..f7391dd55
--- /dev/null
+++ b/ssl/rootCA.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDB33Tw5pqmrol6
+GlRYpUClaybIU5xgA5NPU9yLjqaUVTBP80gXWgaDOfg24iqsUPvcf7MQ3RhC9RMA
+1sLU+OSz8G5fWkjCFXNH1fVT3Hik+pGUlNhcnoM9dtbygTk5jFWGHcv+jbgY1w6V
+QcllXPFX2DZXFu26uytmPpn/q/rr4tI8LgNfir87BCrT1Ju2qFcMKhrVVhOygJd/
+BZo2FN7n8ph6MRMuSGSMhHYYU5mpaDJYqIpzdzY817L466LJcm7Y3zgs4SnwUkvJ
+ZNwkEAbvQVzFaDk7mlbCEnx3l7FhTPkN8bz07En5tBLW9JftlL04z3BNoRflWdUk
+Rctm1vnxAgMBAAECggEACqTH+MnQR8JhTdDQPKWl7O77DBh7B1Jq7fn+q7LDNnWO
+13TVymJo5R9znx+/lAJGMY7ZN93LjTGDP5KK08JuW+qhRJ7iS7V9xL3cYCREg1o2
+T9/0GPGi5ub1Wg76I0yvDVPpdSo2pzZ3WH5qHiSCI359TT63An9wHIbnUYARoI2U
+4TkEJsjlxHOptRpfMD2ZYpFYKag21UtnxjT1nh+CzUDcwH1Z34k4ntR9Q5b7LzZ6
+cVVT6mOXxmG2kP1qSB+F5Y7zV8SwzJlXdvJF6Lh8bFDSd/IN+fZv5mTHqIrJWu0z
+NlrtRCQRFGJsuDLwzR2QqyylpHi5i4AHqP0q8rmWIQKBgQDkGgCT7BSFxk+/bJiC
+DAn2x9woR57CzQspyotzaRXZ4Vvu+pZCAscWJXjQ++Amf8ERJuYqQc7NZLk0FFQ1
+6si2ahf7YNWYcohVGd7CO3LZ2FvL17sy9Tf0O/L29HcF0dPeHdCMvo5uZUfgPSDF
+lDAl0fDg8+hAwbWf1yYqghLo7QKBgQDZlbvH+gESOh3+6knh+6yh/4Vkm6KBUE9b
+qQp1Ibo46UxhZddE8KgktGDgcfTjkSE/qQYqI79O8ns1alskL8nhDc+RsyPciODe
+ncE82BQzb5qo7Dc0YRuHUiKBk3Xqel97KlIqupyrBd89p/B+0HkZIMN27/dPObp3
+ionumQYIlQKBgGmCBYZmis+d/UFED/8HZox5wcH37t2YTnOUNpC5qNvRO978lggO
+lNwPlSTFfNcR/NHcNlaRfgDPeEM4rAMMiK6nwFQMZIBRafJDNyCMswFE7KELNpHJ
+j4ovOKE2Tt+oQOHa1J5lfihePLLiU4hQlTzJMSw8Zc+eSk6XDBZZeDm5AoGAVljt
+pHa6ZhlaPgeMOno+ECvvK/X3j4nndGCpHcK8vEkZXq2juGAo2igbKfcPUCAQKctR
+/vcgvJvN+WyzrrCoVP++F/wXhzVqx+2i+hpmKeNoZREY91hyLEmUGAgFC4B009P/
+t6VG9zflV/qFnk3tQOOXrmOcqXwnW7lG88EWe+ECgYAMC0Zw9ZTa47av82xLLUPJ
+T7455Rn/Tt9rwHWzHjq2Pua7UbK1REtB0GwWBwdG/JC3kos+KA6bX/bOSROC1eYk
+7v4ZSoT61yB4r3acD4iHVfG61Inb3/uqgrNmQqUOo5p2mSDtJ6uzb0HpnA2EuqvT
+qH4K+FIz4k57zyFCKqNsuQ==
+-----END PRIVATE KEY-----
diff --git a/ssl/rootCA.srl b/ssl/rootCA.srl
new file mode 100644
index 000000000..f3ab8756c
--- /dev/null
+++ b/ssl/rootCA.srl
@@ -0,0 +1 @@
+B68CD946B1475D5E
diff --git a/ssl/server.cert b/ssl/server.cert
deleted file mode 100644
index 16d0506b6..000000000
--- a/ssl/server.cert
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDWjCCAkICCQD6eL8GshOMiTANBgkqhkiG9w0BAQsFADBvMQswCQYDVQQGEwJV
-UzELMAkGA1UECAwCQ0ExFDASBgNVBAcMC0xvcyBBbmdlbGVzMREwDwYDVQQKDAhU
-b3Bjb2RlcjEPMA0GA1UECwwGTWVtYmVyMRkwFwYDVQQDDBB0b3Bjb2Rlci1kZXYu
-Y29tMB4XDTIyMDcwMTE3MTcyNFoXDTIyMDczMTE3MTcyNFowbzELMAkGA1UEBhMC
-VVMxCzAJBgNVBAgMAkNBMRQwEgYDVQQHDAtMb3MgQW5nZWxlczERMA8GA1UECgwI
-VG9wY29kZXIxDzANBgNVBAsMBk1lbWJlcjEZMBcGA1UEAwwQdG9wY29kZXItZGV2
-LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN6CVXm1EdrDg2DE
-NlJ84sETPFIoKIHb8QuBpH/PYnLt1QoIdMEYB0ERJRL8dma2iorqUu0xwmxoHxXJ
-ULRTK/0wtRLwTp7ajHh9USFAqN03VS6IyXWQeWndeBGt2e7aAChhr/5qeeQusXog
-9ZXjKrPk9hVWanonqdRp4Av3icklFIHzXDVyVuNddUjOhNout5t7MsHWYaUla8YY
-LgU0SMg4SXKj6aRCmUR4VIPGmIyH+gN5e9YTah+U75q8nNrslf4oN7EJH0Cgc6Y8
-tM6AVNsla4468vd/upTccBIL5qs7H6Px4mXFRj+Nwsn3W/0vNaa9lqgLFC6z/9h3
-DcW30w0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAumEHPbgEqgqWHzYkj9T2OavJ
-3xgZ2GTe7lNPNJcORyHHnqmtIN0KqKcUKZgItsYNCqpXGXMWQ5BrhvmI2QyHbEWV
-QfRE6XBRkV3zT2hht1zyVzgQxA0fsCFN3ztC7EGq8roK4mRku6PwRdNeRN3WHhRU
-58mbOOYP9ctsvbdMTq2gY1+VNdzv1jlLF0rrxaq9qw4D6W5366rXEqKarij03M91
-vwq78mxLBiNWe6OuUJwSB21IU3hSCDOugjYX4j+1CJZPrUOPGfIW1RchB6wfUoWx
-aVLbiWoE+ht33DvPTv49PIjLGikh4IBuikU1TUvpknk/ZbLhD2DCWAzUU1XYew==
------END CERTIFICATE-----
diff --git a/ssl/server.crt b/ssl/server.crt
new file mode 100644
index 000000000..11aa75476
--- /dev/null
+++ b/ssl/server.crt
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID2TCCAsGgAwIBAgIJALaM2UaxR11eMA0GCSqGSIb3DQEBCwUAMEAxGzAZBgNV
+BAMMEioudG9wY29kZXItZGV2LmNvbTELMAkGA1UEBhMCVVMxFDASBgNVBAcMC0xv
+cyBBbmdlbGVzMB4XDTIyMDgwMTIwMDcwOFoXDTIzMDgwMTIwMDcwOFowfzELMAkG
+A1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC0xvcyBBbmdl
+bGVzMREwDwYDVQQKDAhUb3Bjb2RlcjEVMBMGA1UECwwMVG9wY29kZXIgRGV2MRsw
+GQYDVQQDDBIqLnRvcGNvZGVyLWRldi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQCqiG3PB8bm/LlrVrnqCYUVFxCM8hlFWDpf1wJKA32j4VBK56N+
+YH7Zc0paDFTuMK2NAssZzTHHGSf7Gx2Up8NxdskEwltJzNRxwMm3MZTZ9TzzOM9Q
+FN9dNx+IyoIqShlAmc51eiA7O41UEcOCiDB3ij6AqzhnomzbRKYbIBHOHWRmBJ4C
+RSWpOHGRlvPSO10YIpEsH7bV/RerXRTdUCF8l0Vr1tGl6I458jPfC/joxAWgmSWP
+hO9xg+GHByXnxMffVHpWrug0bcTSKQ9RS8Stgl/gXQavJj+cPjlBtnWGo+IOWvMD
+k2CxZh13+LFgNvUaQbXMbjChkuL3lgnfQkoBAgMBAAGjgZYwgZMwWgYDVR0jBFMw
+UaFEpEIwQDEbMBkGA1UEAwwSKi50b3Bjb2Rlci1kZXYuY29tMQswCQYDVQQGEwJV
+UzEUMBIGA1UEBwwLTG9zIEFuZ2VsZXOCCQCpwc5kEHDsdDAJBgNVHRMEAjAAMAsG
+A1UdDwQEAwIE8DAdBgNVHREEFjAUghIqLnRvcGNvZGVyLWRldi5jb20wDQYJKoZI
+hvcNAQELBQADggEBAB/yUCSXSN631qzdIarDzCQ7Xp0tf4FNe5TFfBd866cNR4sT
++AHbX9xjQkEBmGCdiFc3/mvr2W1cJZGeC+Ca5uV/TS8SRsPNWTCjziuFYN+3+L5a
+GnznVrIg0vBP1m4/7NechMUNM97qQ8k9Jlfg82VUF4HawNZ2sEfPaUb4wgbcbN2U
+99VDaPCOjB0aWtPChhPj8g4oeyOOUi7+aMN07VDxDUW3n90q23mGMNPIQF4E9kJr
+2XNJnkJBfYXmdx2lmnYe9HlbsiBGIGvJ1KFfyDmf2wMzirWZT6BTBgPaa8KpNTQA
+fJXWTk7PsM+3rJUwErqchZ31vmYcPNT2jhKEr2A=
+-----END CERTIFICATE-----
diff --git a/ssl/server.csr b/ssl/server.csr
new file mode 100644
index 000000000..ab3ff55e6
--- /dev/null
+++ b/ssl/server.csr
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICxDCCAawCAQAwfzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWEx
+FDASBgNVBAcMC0xvcyBBbmdlbGVzMREwDwYDVQQKDAhUb3Bjb2RlcjEVMBMGA1UE
+CwwMVG9wY29kZXIgRGV2MRswGQYDVQQDDBIqLnRvcGNvZGVyLWRldi5jb20wggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqiG3PB8bm/LlrVrnqCYUVFxCM
+8hlFWDpf1wJKA32j4VBK56N+YH7Zc0paDFTuMK2NAssZzTHHGSf7Gx2Up8NxdskE
+wltJzNRxwMm3MZTZ9TzzOM9QFN9dNx+IyoIqShlAmc51eiA7O41UEcOCiDB3ij6A
+qzhnomzbRKYbIBHOHWRmBJ4CRSWpOHGRlvPSO10YIpEsH7bV/RerXRTdUCF8l0Vr
+1tGl6I458jPfC/joxAWgmSWPhO9xg+GHByXnxMffVHpWrug0bcTSKQ9RS8Stgl/g
+XQavJj+cPjlBtnWGo+IOWvMDk2CxZh13+LFgNvUaQbXMbjChkuL3lgnfQkoBAgMB
+AAGgADANBgkqhkiG9w0BAQsFAAOCAQEAEJMfJxvyCRNNFtOnE2W9Rtantm04+M2q
+kQgS9w+RNQLvnvQW+65uxLTn/t2Cs9qsTof8Q8nTyMp/reSKYS/jPNyahrn+1i6c
+Z1UYBA+/ltokQpDLttzNazbTMhSsD5cPGd38H07NVSvFeKQ/Wb+DURuvAsrsJtBF
+7hcYI1AkarrmPCBUBLn1Xvc1nO7hC3P5C4yUsGbyku+MBUq9/JmCF/v+qBDm2Gp6
+4qhCUyYPQxSR31IavcjT9B2ddp0Rhjzyp/uec5/dvUv4GcJoeTttaqlkZQuNTszv
+Czvqx6MqVOjOhMZSUMbiwjg0QOCLnCmzYFMeoW3e3LtkF476fRR4Ow==
+-----END CERTIFICATE REQUEST-----
diff --git a/ssl/server.key b/ssl/server.key
index 156309c88..ad584409c 100644
--- a/ssl/server.key
+++ b/ssl/server.key
@@ -1,28 +1,27 @@
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDeglV5tRHaw4Ng
-xDZSfOLBEzxSKCiB2/ELgaR/z2Jy7dUKCHTBGAdBESUS/HZmtoqK6lLtMcJsaB8V
-yVC0Uyv9MLUS8E6e2ox4fVEhQKjdN1UuiMl1kHlp3XgRrdnu2gAoYa/+annkLrF6
-IPWV4yqz5PYVVmp6J6nUaeAL94nJJRSB81w1clbjXXVIzoTaLrebezLB1mGlJWvG
-GC4FNEjIOElyo+mkQplEeFSDxpiMh/oDeXvWE2oflO+avJza7JX+KDexCR9AoHOm
-PLTOgFTbJWuOOvL3f7qU3HASC+arOx+j8eJlxUY/jcLJ91v9LzWmvZaoCxQus//Y
-dw3Ft9MNAgMBAAECggEAD2ybfj9WCIMrFUckuN0dXuL1eIB+JlpXwENxYsa+fVcN
-QI/LgCMpRZJproI/tukKe4y4yOZ9IsSo+vqklIt7bia1NqXf3VUrDaMqP5La4dLX
-Hc2voW2tbPBERX12sP79qc7zw0AgSPgPp3anb4d6y1Og12PRJ7yeIjJgrJOxQncl
-eLiXuoekblkB+3vm+hJjwOfQnSZ9m1aLD8GaONkTl1X8/c4IotfzKwuHPKyc4yfw
-iyvXeIP6JUrczjTXMxM0AJnKcxrjd1NXTXBt4rb201NTF06P+TGt8xR7HcXNr/VV
-5VisjHROF0aZfhFyq2eVyivRGTCVf+Pg/U0POuhhxQKBgQDwZCqH4zrG2Jx0KJOc
-T1ipPGXnHvSlj4KPrSQR47PCGncLEf9EuwXXVtYYWBSksBiGuUjWxCpGLWZPd3WG
-EXVvYD+vd+vVrmuul874wnWKuO8XOm64U5/cjX6ZC1H9ZBgMWPbdHEGCk4eAynJz
-/EfTFLlhZQSSVduM/sRj+PLTJwKBgQDs9O1DRKwKjGQ7pXLzecw0ZC3VwMxHZHZD
-mKmdp7ZCeLJK17XOZFR6+70KvW0BHc/FKSWey4D3shx5pYYCcwBNrcEj7NpscKHU
-K7CMQPayyco5zprZrL21+igDpDrthIBX8hV0dZbHskv58dRRnM+mivA+rAYvxiwU
-VzADV7H4qwKBgAPkSz/58MipVxcWVRVxv2i1/pxYRvOrOBzlW7Eic5WP4h9+whg1
-wulykXLBckwcQblkpIY9lMWgFIjy0SdDfxg3gbBwi5PhCANCl+o1E7wUNGK24nX/
-fJYQgF0v7rrgdPc2NYDs5S6c/tOZ83JnQi5rpniqLwHDfBNzSHCp5hx/AoGBAJ5T
-8Yz2/7V0pSytmidRhL6lCXNABb7WQ6dbBEqRW1kC6K7Vf2dO5pveRSw98e3DC6cD
-nV2DQMNAwYIOtYJBcTx2Ew18H15By//GyYqNhclkx7jkcddscr57Te1Q+QbneBJL
-cUaFo5//ZIC3s1Rs4Nq5D1nw+5lEYwOcVjqFiCdNAoGAdGLPu40FKz8gCG3MAy8T
-kcv33tzqPtbDKfxuMKMFSNTSfCZOHquuic5rELcupFq99TcNzeXn2P56wrav+FWy
-KNyj6V97RUAcpKdJb4i5Hc914zVICnW6Cg+er4vHh8WP0RitGka1Cz5ptI+zGHoQ
-nGFfqfPeuyv6gjxi01nrUNM=
------END PRIVATE KEY-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAqohtzwfG5vy5a1a56gmFFRcQjPIZRVg6X9cCSgN9o+FQSuej
+fmB+2XNKWgxU7jCtjQLLGc0xxxkn+xsdlKfDcXbJBMJbSczUccDJtzGU2fU88zjP
+UBTfXTcfiMqCKkoZQJnOdXogOzuNVBHDgogwd4o+gKs4Z6Js20SmGyARzh1kZgSe
+AkUlqThxkZbz0jtdGCKRLB+21f0Xq10U3VAhfJdFa9bRpeiOOfIz3wv46MQFoJkl
+j4TvcYPhhwcl58TH31R6Vq7oNG3E0ikPUUvErYJf4F0GryY/nD45QbZ1hqPiDlrz
+A5NgsWYdd/ixYDb1GkG1zG4woZLi95YJ30JKAQIDAQABAoIBAQCBf36bk5VIfSu0
+xjQB9F66KDyqO4JTNW+GrfiQCdyT4Rqe9w4hftd0+2a/wNOR2SdBiJiArGCbh4/j
+0LCC3W6+L+zwj0LRZRkClNrZIW6eoOs6664Kav8/gweQUe/Me153vxSYAziMomlt
+KNwluJPNgw55mQwJLr+pNpVIze6XbF8l5IRreYBSHK3xRmXFEA07SI/zXLO36TwC
+SJvqi4gC7L5wsAW+EoedhF46LKg7aMd9hff0wwvR1JJvNoNFVDHs7Iu1tqhkceN+
+PnvgyWnwJm0k8eWnOFK/uS8GLEqIC8FLGdHs5BtwzGWsoToMO086Kvpfd9BpsuAB
+JHet8K1dAoGBANIKesf+NVT8m1N5MsAnRsSy24zYjfBOI60QVnSgXDWZ4nGrChkc
+3SfoMrJ6/B42dsbvmApo+Is+B1gOrLsPe3GkZMGYd9ROa7iERq+NMH+mKlkNUhZl
+qTFh4oModeRdBehmSgJeDh0kQ0h11eyzB0X+gyIZPuis1z3+AvwP5mC3AoGBAM/Y
+5MELP5FSt7twdaez/909pOiZz+i8I1NOTOWNZFW8YUBN2vO2CZXhV5P1Mx02fH4m
+qkdMKo91GIbL3vhIyGBNL07jmYHPJZFHxKlxFiMrDSo5KR7QTUNaypSj8o4a9d+n
+i8nHu6JJzrXUofxHzUmsBX/OUCLgJ9bPQfhvSIMHAoGAb2gBkdyC2y4VEORjB8qN
+Xb1keENQndpEUAIvaTK5VfDmS9YlyAYoQ4eEhGh5G2lV/NSOd08QLYLcEFfQRHPE
+zRUeIBVH0cM6nacDew/PXpV7Nrq7BIgtgrThmSG3zkWM4aSHstPCdrCKQ3/E1QRs
+YjLJySdM18r9a7M0UA/66OcCgYAyGKDqNn/X0wwdzXlONoBRHu6Eca4+9jm9dn3q
+Ri4MzB7UlO9VFmcxDONC8jKjs+JFtaQNEzqe4SZMNw9C4KgLLg9dAFabhwYTAi1Q
+ecVQLKw7pRNYLfSxa0ywjuODhNQGWCfFNrLu5sM/6EQyvkuomiGpMFz4SvbPO502
+9/uOOQKBgAx/gTzTHjJ9ZsxD3zY7VAjlf8pAQELbo/VTM7PmNjt2/XeIvKByaLYi
+LBIuk7ufMJkTfuOgQZSX3Nesp5Gz0iZGKE+DCMUd/KxyvM6BJ1NPnFBDf8ysSZcs
+1R8pJsDgbsZz5f0DO/coMPATPUMe3CeaWvJnB50Xllddq8bHZjf6
+-----END RSA PRIVATE KEY-----
diff --git a/start-ssl.sh b/start-ssl.sh
index 4273c8e11..3c8a5e296 100644
--- a/start-ssl.sh
+++ b/start-ssl.sh
@@ -1,5 +1,5 @@
 export HTTPS=true
-export SSL_CRT_FILE=ssl/server.cert
+export SSL_CRT_FILE=ssl/server.crt
 export SSL_KEY_FILE=ssl/server.key
 export HOST=local.topcoder-dev.com
 export PORT=3003

From 605e6988dbdc4612149bcc7c16c1810647a3d5da Mon Sep 17 00:00:00 2001
From: Brooke <brooke.souza@topcoder.com>
Date: Mon, 1 Aug 2022 14:24:42 -0700
Subject: [PATCH 2/2] PROD-2738 #comment improve readme #time 5m

---
 ssl/README.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ssl/README.md b/ssl/README.md
index d4b9b8246..45c261e20 100644
--- a/ssl/README.md
+++ b/ssl/README.md
@@ -71,3 +71,7 @@ openssl x509 -req \
     -days 365 \
     -sha256 -extfile cert.conf
 ```
+
+## Add the new RootCA cert as trusted in your browser
+
+Each OS/Browser combo has a different way to import a root cert authority, so you'll need to Google it.