diff --git a/README.md b/README.md
index f9b419a..4f25dfb 100644
--- a/README.md
+++ b/README.md
@@ -38,6 +38,7 @@ A modern, Bootstrap 5-powered Yii2 application template designed for rapid web-a
- ✅ **Multi-language Support** - Built-in internationalization (i18n) support with message translations.
- ✅ **Ready-to-Use Pages** - Pre-built pages including home, about, contact, and error handling.
- ✅ **Security Features** - Built-in CSRF protection, input validation, and secure configurations.
+- ✅ **SSL Support** - Configured for secure HTTPS connections with SSL (mkcert).
- ✅ **Testing Ready** - Codeception test suite with examples for functional and unit testing.
## Environment support
@@ -120,10 +121,10 @@ http://localhost:8080/
http://localhost:8080/
# For FrankenPHP
-http://localhost:8082/
+http://localhost:8081/
# For Nginx
-http://localhost:8081/
+http://localhost:8082/
```
### Basic usage
diff --git a/composer.lock b/composer.lock
index 93e003f..42c15b7 100644
--- a/composer.lock
+++ b/composer.lock
@@ -221,16 +221,16 @@
},
{
"name": "composer/composer",
- "version": "2.8.9",
+ "version": "2.8.10",
"source": {
"type": "git",
"url": "https://github.com/composer/composer.git",
- "reference": "b4e6bff2db7ce756ddb77ecee958a0f41f42bd9d"
+ "reference": "53834f587d7ab2527eb237459d7b94d1fb9d4c5a"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/composer/composer/zipball/b4e6bff2db7ce756ddb77ecee958a0f41f42bd9d",
- "reference": "b4e6bff2db7ce756ddb77ecee958a0f41f42bd9d",
+ "url": "https://api.github.com/repos/composer/composer/zipball/53834f587d7ab2527eb237459d7b94d1fb9d4c5a",
+ "reference": "53834f587d7ab2527eb237459d7b94d1fb9d4c5a",
"shasum": ""
},
"require": {
@@ -315,7 +315,7 @@
"irc": "ircs://irc.libera.chat:6697/composer",
"issues": "https://github.com/composer/composer/issues",
"security": "https://github.com/composer/composer/security/policy",
- "source": "https://github.com/composer/composer/tree/2.8.9"
+ "source": "https://github.com/composer/composer/tree/2.8.10"
},
"funding": [
{
@@ -331,7 +331,7 @@
"type": "tidelift"
}
],
- "time": "2025-05-13T12:01:37+00:00"
+ "time": "2025-07-10T17:08:33+00:00"
},
{
"name": "composer/metadata-minifier",
diff --git a/docker-compose.frankenphp.yml b/docker-compose.frankenphp.yml
index 0d25d69..a6559c1 100644
--- a/docker-compose.frankenphp.yml
+++ b/docker-compose.frankenphp.yml
@@ -11,9 +11,9 @@ services:
- caddy_data:/data
- caddy_config:/config
ports:
- - '8082:80'
- - '8443:443'
- - '8443:443/udp'
+ - '8081:80'
+ - '8444:443'
+ - '8444:443/udp'
environment:
TZ: "UTC"
tty: true
diff --git a/docker-compose.nginx.yml b/docker-compose.nginx.yml
index 187f615..9742102 100644
--- a/docker-compose.nginx.yml
+++ b/docker-compose.nginx.yml
@@ -9,6 +9,7 @@ services:
- ./:/app
- ~/.composer-docker/cache:/root/.composer/cache:delegated
ports:
- - '8081:80'
+ - '8082:80'
+ - '8445:443'
environment:
TZ: "UTC"
diff --git a/docker-compose.yml b/docker-compose.yml
index 819629d..2e33c68 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -11,5 +11,6 @@ services:
- ~/.composer-docker/cache:/root/.composer/cache:delegated
ports:
- '8080:80'
+ - '8443:443'
environment:
TZ: "UTC"
diff --git a/docker/apache/Dockerfile b/docker/apache/Dockerfile
index 3944a98..ad5c9fc 100644
--- a/docker/apache/Dockerfile
+++ b/docker/apache/Dockerfile
@@ -1,13 +1,18 @@
FROM yiisoftware/yii2-php:8.4-apache
-# change web server config
+# Enable SSL modules and configure ports before copying config
+RUN a2enmod ssl rewrite headers mime \
+ && echo "Listen 80" > /etc/apache2/ports.conf \
+ && echo "Listen 443 ssl" >> /etc/apache2/ports.conf
+
+# Change web server config
COPY docker/apache/apache.conf /etc/apache2/apache2.conf
COPY docker/apache/vhost.conf /etc/apache2/sites-available/000-default.conf
-# change PHP config
+# Change PHP config
COPY docker/php/php.ini /usr/local/etc/php/conf.d/base.ini
-# install supervisord and Node.js (includes npm)
+# Install supervisord and Node.js (includes npm)
RUN apt-get update && apt-get install -y \
supervisor \
curl \
@@ -17,14 +22,14 @@ RUN apt-get update && apt-get install -y \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
-# copy supervisord config
+# Copy supervisord config
COPY docker/apache/supervisord/supervisord.conf /etc/supervisor/supervisord.conf
-# copy supervisord program configs
+# Copy supervisord program configs
COPY docker/apache/supervisord/conf.d/apache2.conf /etc/supervisor/conf.d/apache2.conf
-# copy queue worker config uncommented for use with yii2-queue
+# Copy queue worker config uncommented for use with yii2-queue
#COPY docker/apache/supervisord/conf.d/queue.conf /etc/supervisor/conf.d/queue.conf
-# run supervisord
+# Run supervisord
CMD ["supervisord", "-c", "/etc/supervisor/supervisord.conf"]
diff --git a/docker/apache/vhost.conf b/docker/apache/vhost.conf
index cf6f1ff..943a9f9 100644
--- a/docker/apache/vhost.conf
+++ b/docker/apache/vhost.conf
@@ -1,36 +1,71 @@
+# Global configuration for the public directory
Options FollowSymLinks
AllowOverride All
Require all granted
+
+ # Ensure Apache serves static files directly
+
+ Header unset ETag
+ FileETag None
+
+ # Completely disable PHP processing for these files
+ RemoveHandler .php
+ SetHandler default-handler
+
+# HTTP Virtual Host - Redirect to HTTPS
- # The ServerName directive sets the request scheme, hostname and port that
- # the server uses to identify itself. This is used when creating
- # redirection URLs. In the context of virtual hosts, the ServerName
- # specifies what hostname must appear in the request's Host: header to
- # match this virtual host. For the default virtual host (this file) this
- # value is not decisive as it is used as a last resort host regardless.
- # However, you must set it for any further virtual host explicitly.
- #ServerName example.com
- #ServerAlias www.example.com
-
ServerAdmin webmaster@localhost
DocumentRoot /app/public
- # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
- # error, crit, alert, emerg.
- # It is also possible to configure the loglevel for particular
- # modules, e.g.
- #LogLevel info ssl:warn
+ # Redirect all HTTP to HTTPS
+ RewriteEngine On
+ RewriteCond %{HTTPS} off
+ RewriteRule ^(.*)$ https://localhost:8443%{REQUEST_URI} [R=301,L]
+ # Logging configuration
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+
+# HTTPS Virtual Host
+
+ # ServerName directive, which sets the request scheme, hostname and port that
+ ServerName localhost
+ ServerAdmin webmaster@localhost
+ DocumentRoot /app/public
+
+ # SSL Configuration
+ SSLEngine on
+ SSLCertificateFile /app/docker/ssl/localhost.pem
+ SSLCertificateKeyFile /app/docker/ssl/localhost-key.pem
+
+ # Enable rewrite logging for debugging (remove in production)
+ LogLevel warn rewrite:trace6
+
+ # Yii2 URL Rewriting Configuration
+ RewriteEngine On
+
+ # Step 1: Exclude static files by extension completely
+ RewriteRule \.(css|js|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot|map)$ - [L,QSA]
+
+ # Step 2: Exclude specific asset directories by path
+ RewriteRule ^(assets|image|images|css|js|fonts|media)/ - [L,QSA]
+
+ # Step 3: If it's an existing file, serve it directly
+ RewriteCond %{REQUEST_FILENAME} -f
+ RewriteRule ^ - [L]
+
+ # Step 4: If it's an existing directory, serve it directly
+ RewriteCond %{REQUEST_FILENAME} -d
+ RewriteRule ^ - [L]
+
+ # Step 5: Only if none of the above apply, send to index.php
+ RewriteRule ^(.*)$ index.php [L,QSA]
- # For most configuration files from conf-available/, which are
- # enabled or disabled at a global level, it is possible to
- # include a line for only one particular virtual host. For example the
- # following line enables the CGI configuration for this host only
- # after it has been globally disabled with "a2disconf".
- #Include conf-available/serve-cgi-bin.conf
-
\ No newline at end of file
+ # Logging configuration for SSL
+ ErrorLog ${APACHE_LOG_DIR}/ssl_error.log
+ CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
+
diff --git a/docker/frankenphp/Caddyfile b/docker/frankenphp/Caddyfile
index 573f105..9f83f5f 100644
--- a/docker/frankenphp/Caddyfile
+++ b/docker/frankenphp/Caddyfile
@@ -3,8 +3,11 @@
auto_https off
}
-# Main server block
-:80 {
+# HTTPS server block using mkcert certificates
+https://localhost:443 {
+ # Specify mkcert certificates
+ tls /app/docker/ssl/localhost.pem /app/docker/ssl/localhost-key.pem
+
# Document root
root * /app/public
@@ -16,6 +19,7 @@
X-Frame-Options "SAMEORIGIN"
X-XSS-Protection "1; mode=block"
X-Content-Type-Options "nosniff"
+ Strict-Transport-Security "max-age=31536000; includeSubDomains"
-Server
}
@@ -50,3 +54,9 @@
# Try files for Yii2 URL rewriting
try_files {path} {path}/ /index.php?{query}
}
+
+# HTTP server block - redirect to HTTPS
+http://localhost:80 {
+ # Redirect all HTTP traffic to HTTPS
+ redir https://localhost:8444{uri} permanent
+}
diff --git a/docker/frankenphp/Dockerfile b/docker/frankenphp/Dockerfile
index 9a9d6f4..118869c 100644
--- a/docker/frankenphp/Dockerfile
+++ b/docker/frankenphp/Dockerfile
@@ -1,12 +1,12 @@
FROM dunglas/frankenphp:1.8-php8.4
-# change web server config
+# Change web server config
COPY docker/frankenphp/Caddyfile /etc/caddy/Caddyfile
-# set document root to /app/public (Yii2 structure)
+# Set document root to /app/public (Yii2 structure)
WORKDIR /app
-# install required system packages for PHP extensions for Yii 2.0 Framework
+# Install required system packages for PHP extensions for Yii 2.0 Framework
COPY --from=mlocati/php-extension-installer /usr/bin/install-php-extensions /usr/local/bin/
RUN install-php-extensions \
bcmath \
@@ -22,13 +22,13 @@ RUN install-php-extensions \
xdebug \
zip
-# set composer environment
+# Set composer environment
ENV COMPOSER_ALLOW_SUPERUSER=1
-# change PHP config
+# Change PHP config
COPY docker/php/php.ini /usr/local/etc/php/conf.d/base.ini
-# install supervisord and Node.js (includes npm)
+# Install supervisord and Node.js (includes npm)
RUN apt-get update && apt-get install -y \
supervisor \
curl \
@@ -38,13 +38,13 @@ RUN apt-get update && apt-get install -y \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
-# copy supervisord config
+# Copy supervisord config
COPY docker/frankenphp/supervisord/supervisord.conf /etc/supervisor/supervisord.conf
-# copy supervisord program configs
+# Copy supervisord program configs
COPY docker/frankenphp/supervisord/conf.d/frankenphp.conf /etc/supervisor/conf.d/frankenphp.conf
-# copy queue worker config uncommented for use with yii2-queue
+# Copy queue worker config uncommented for use with yii2-queue
#COPY docker/frankenphp/supervisord/conf.d/queue.conf /etc/supervisor/conf.d/queue.conf
RUN mkdir -p /var/run && chown -R www-data:www-data /var/run
diff --git a/docker/nginx/Dockerfile b/docker/nginx/Dockerfile
index 6992598..b46a8d1 100644
--- a/docker/nginx/Dockerfile
+++ b/docker/nginx/Dockerfile
@@ -1,13 +1,13 @@
FROM yiisoftware/yii2-php:8.4-fpm-nginx
-# change nginx config
+# Change nginx config
COPY docker/nginx/nginx.conf /etc/nginx/nginx.conf
COPY docker/nginx/default.conf /etc/nginx/conf.d/default.conf
-# change PHP config
+# Change PHP config
COPY docker/php/php.ini /usr/local/etc/php/conf.d/base.ini
-# install supervisord and Node.js (includes npm)
+# Install supervisord and Node.js (includes npm)
RUN apt-get update && apt-get install -y \
supervisor \
curl \
@@ -17,15 +17,15 @@ RUN apt-get update && apt-get install -y \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
-# copy supervisord config
+# Copy supervisord config
COPY docker/nginx/supervisord/supervisord.conf /etc/supervisor/supervisord.conf
-# copy supervisord program configs
+# Copy supervisord program configs
COPY docker/nginx/supervisord/conf.d/nginx.conf /etc/supervisor/conf.d/nginx.conf
COPY docker/nginx/supervisord/conf.d/php-fpm.conf /etc/supervisor/conf.d/php-fpm.conf
-# copy queue worker config uncommented for use with yii2-queue
+# Copy queue worker config uncommented for use with yii2-queue
#COPY docker/apache/supervisord/conf.d/queue.conf /etc/supervisor/conf.d/queue.conf
-# run supervisord
+# Run supervisord
CMD ["supervisord", "-c", "/etc/supervisor/supervisord.conf"]
diff --git a/docker/nginx/default.conf b/docker/nginx/default.conf
index d82fe08..995d710 100644
--- a/docker/nginx/default.conf
+++ b/docker/nginx/default.conf
@@ -1,28 +1,50 @@
+# HTTP server - Redirect to HTTPS
+server {
+ listen 80;
+ server_name localhost;
+
+ # Redirect all HTTP to HTTPS
+ return 301 https://localhost:8445$request_uri;
+}
+
+# HTTPS server
server {
charset utf-8;
client_max_body_size 128M;
- listen 80;
+ listen 443 ssl http2;
server_name localhost;
- # document root and index file
+ # SSL Configuration
+ ssl_certificate /app/docker/ssl/localhost.pem;
+ ssl_certificate_key /app/docker/ssl/localhost-key.pem;
+
+ # SSL Security Settings
+ ssl_protocols TLSv1.2 TLSv1.3;
+ ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
+ ssl_prefer_server_ciphers off;
+ ssl_session_cache shared:SSL:10m;
+ ssl_session_timeout 10m;
+
+ # Document root and index file
root /app/public;
index index.php;
- # security headers
+ # Security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
+ add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
- # logging
- access_log /var/log/nginx/access.log;
- error_log /var/log/nginx/error.log;
+ # Logging
+ access_log /var/log/nginx/ssl_access.log;
+ error_log /var/log/nginx/ssl_error.log;
# Yii URL rewriting (CRITICAL for Yii2)
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
- # deny PHP execution in /assets before the generic handler (Yii2 security)
+ # Deny PHP execution in /assets before the generic handler (Yii2 security)
location ~ ^/assets/.*\.php$ {
deny all;
return 403;
@@ -32,6 +54,7 @@ server {
location ~ \.php$ {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+ fastcgi_param HTTPS on;
fastcgi_pass 127.0.0.1:9000;
try_files $uri =404;
@@ -42,7 +65,7 @@ server {
fastcgi_busy_buffers_size 256k;
}
- # block access to sensitive files
+ # Block access to sensitive files
location ~ /\.git {
deny all;
}
@@ -51,19 +74,19 @@ server {
deny all;
}
- # block access to hidden files/directories
+ # Block access to hidden files/directories
location ~* /\. {
deny all;
}
- # static files handling with caching
+ # Static files handling with caching
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
expires 1y;
add_header Cache-Control "public, immutable";
try_files $uri =404;
}
- # deny access to PHP files in specific directories (ajustado a tu estructura)
+ # Deny access to PHP files in specific directories
location ~ ^/(vendor|runtime)/.+\.php$ {
deny all;
return 404;
diff --git a/docker/nginx/nginx.conf b/docker/nginx/nginx.conf
index af7722a..8a6b419 100644
--- a/docker/nginx/nginx.conf
+++ b/docker/nginx/nginx.conf
@@ -27,7 +27,6 @@ http {
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM';
ssl_ecdh_curve X25519:P-256;
ssl_prefer_server_ciphers on;
- ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Logging Settings
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
diff --git a/docker/ssl/localhost-key.pem b/docker/ssl/localhost-key.pem
new file mode 100644
index 0000000..4677e62
--- /dev/null
+++ b/docker/ssl/localhost-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDJXRl0fj4a5Myo
+WpAN8jevuPIlvS19Yk2243GIXf9rNt7/th4ujMYa7DyGmFE4UiXz/gj5y9vq6/3d
+JNrVPqfcBHKgDdGt4V+c6bauzxhs+QilYzft/9/y/Mglt6Z9ibsvIGnRn6R8gc6W
+dV2KPRUNDTdb83R0Y7CFRydTkTEYl1/mldAz5MNrlIYrr55PbQTG2fZlMXcfmJOh
+TzGvux3skPRD4igTV8rxd0x5RDvcVdSCOx3vpI2ZJ3Vh28Bp934mTNo4Ihsmkn4A
+nzUJsyRNAcXp//8xz9upvmy4FfqXhhR5/oOit4INMjFxkEA2CrX7CYz/EiRhyxWt
+jGmxKXSVAgMBAAECggEARIxC7BtFvRYCbZVW0MiSGGnXVO2PnM1oM0g+D/QfzTnC
+tD4lDCe0ENo2yIL1szyT2vmxyIeTd+eaZjvzmwBXWFjTRJUvuges6tfM7rllUUN9
+o/+gvI6MiEVxRRW9waKvbB2WqFu2PQRbdXDCxRqCHg1PuSepjy2Ym+ZbBuG4Wuwh
+q9vbbqe0isp0YZr8oCeNTbR2Mi2q2DPUTP+WdA0TXulx+IwlIlYnIk0a2IGcdGpX
+io9Mt3/aspZhx7uQf3yBoVMiOWRx/04t4Yc0oxuwLP4atGd7jhKZ2dfgCo6jPPet
+ojIpJgN7vW3o4xRnrv0UuTq9vm2W0ZtV5Zfx4sp/gQKBgQDMBGV5s5itMXSdqoXg
+4xtELye0oMYEd1ih8+ql+VP08nUeflV7vD6+Ci8/x++Azqpr9SU1KBG/9Cj2jK8k
+uLdeKcEuac8DjU1eELGmDnIk4m0supEP3JyrTQCVQYw9Pwvv+jGNz2zi0xppIzoP
+eObU/ftoV3Ue32c9tjMMvzlpBQKBgQD8q57knuAqTVJiIqo1LsRj+j5XQ3IpCYY7
+bVHHi607JywBE8JyerkycYCs6BU4AyZNe8Wp6YJM6qINHgvD13j7CjzSg/YEQVla
+O196Ka08Latvu6D3BqR9oKy+5vto/QNxD0hGToWySZCVjbsc5QRxCbq77GZ05EpI
+owj0Wz9yUQKBgEpFJ3Pgj6otINjs5QPzaU+vIvM8vBmQIPIES93UIF5BjaVmNFRx
+OR4RsxWzAVuQ4LWgbsUlKyEID4mBuZjSrd5XsP3mgvg2Dn458ZIUHDWVQE1SNdDi
+bR5nT9kGHbmGJCBeon+PjYIde7XenxpW1yGevFFF1VtB1OHAXGE9k/bJAoGBAJDa
+wylGfDVERurD/NioiybWHE9i91vXfgEr1yqTRSkYd/3WGjAPc4Ub1S1LkH6gL6FU
+SCn1GSKHkYf7pbsNGOqzH9OAm9YssNEuILqkkhBiDlrsMofsYvky2FZJjfDOvN5g
+aIsGEVf5HM7ghlk2Yql7bna2PLbe+kdSUJvmhCVBAoGBAMY9+yNm9zpHYDLfgmeG
+mUjUrw73G7j+ucRQI6/owgaqJWKlfULG2CQ18XhcpjJcI7R1gADwNwlJN7AjGDtg
+gskDn8yoAGBvaBgkkkv3Z8rKTCGR8mh4bY6G89agY9NphigsaUJrn+4iX59K2/eK
+DNFgybL+X7Mh7P8tmBt1Adua
+-----END PRIVATE KEY-----
diff --git a/docker/ssl/localhost.pem b/docker/ssl/localhost.pem
new file mode 100644
index 0000000..7338a1f
--- /dev/null
+++ b/docker/ssl/localhost.pem
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEYjCCAsqgAwIBAgIRAMJ3dsZ62GwPUcMuKwB/pBQwDQYJKoZIhvcNAQELBQAw
+gYcxHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTEuMCwGA1UECwwlVGVy
+YWJ5dGVzb2Z0d1xkZXZlbG9wZXJAVGVyYWJ5dGVzb2Z0dzE1MDMGA1UEAwwsbWtj
+ZXJ0IFRlcmFieXRlc29mdHdcZGV2ZWxvcGVyQFRlcmFieXRlc29mdHcwHhcNMjUw
+NzEwMjIxNjI2WhcNMjcxMDEwMjExNjI2WjBZMScwJQYDVQQKEx5ta2NlcnQgZGV2
+ZWxvcG1lbnQgY2VydGlmaWNhdGUxLjAsBgNVBAsMJVRlcmFieXRlc29mdHdcZGV2
+ZWxvcGVyQFRlcmFieXRlc29mdHcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDJXRl0fj4a5MyoWpAN8jevuPIlvS19Yk2243GIXf9rNt7/th4ujMYa7DyG
+mFE4UiXz/gj5y9vq6/3dJNrVPqfcBHKgDdGt4V+c6bauzxhs+QilYzft/9/y/Mgl
+t6Z9ibsvIGnRn6R8gc6WdV2KPRUNDTdb83R0Y7CFRydTkTEYl1/mldAz5MNrlIYr
+r55PbQTG2fZlMXcfmJOhTzGvux3skPRD4igTV8rxd0x5RDvcVdSCOx3vpI2ZJ3Vh
+28Bp934mTNo4Ihsmkn4AnzUJsyRNAcXp//8xz9upvmy4FfqXhhR5/oOit4INMjFx
+kEA2CrX7CYz/EiRhyxWtjGmxKXSVAgMBAAGjdjB0MA4GA1UdDwEB/wQEAwIFoDAT
+BgNVHSUEDDAKBggrBgEFBQcDATAfBgNVHSMEGDAWgBRlhRQpnl7nIy6O/r3UOcaY
+LgXBSzAsBgNVHREEJTAjgglsb2NhbGhvc3SHBH8AAAGHEAAAAAAAAAAAAAAAAAAA
+AAEwDQYJKoZIhvcNAQELBQADggGBAIR0dkwyUST+W8TATCZbYThwiYuTSLYyQvyX
+7ieIYWW31nAfcL/WvMt5d80p67mLPvGoGLZSayId7uf6j0LVY2Y94G1z7HOdRd7s
+D7InIrLI0G7pKSXI8mSCczgpx2FD2yIkHaDCdZIYXpkkAhJ6I4hghSG2KZoJ0vhA
+JPTd9VW8ydYykfE619wjZ68RUlve4wtNkmQCrJAWOZMWCNl8O/iz5cWafTr0p4kD
+6qdE/gKvfyWQdc1XgPpZJkpYNw+CGVcpfE7i/++FfspTTY+XyYZClbQjMD1hNGq/
+ATsl8DR4xH5ztUaAkLBRDXpXGal7VyNoBpBot9scDR71YMsTTKf/1NdIt8gPLF4P
+ULwW7UvaHQAj3klPcanEaTv/bgQxor6b8tSwMLqHcU+SdQBjYnWLuAzKTCvL9m73
+MQRRt/N+Z9McSApps0F82eSR3a1HaU5lyH6Es6dLkVnY/ksmzqwi5FADsORSH95M
+GvP9WbrnCQvIW/n3T3pvmuV/BeRkVg==
+-----END CERTIFICATE-----