/*! \mainpage README.certs ============ 1. X.509 Certs and key files ---------------------------- In this directory you will find: a) rootCA_cert.pem -- ECC root CA PEM file; almost 10 years valid b) rootCA_key.pem -- encypted corresponding key file for signing - password 12345 c) rootCA_key.pem.plain -- unencypted corresponding key file for signing e) ::1_cert.pem -- ECC IPv6 localhost PEM cert f) ::1_key.pem -- encrypted corresponding key file for authentication - password testcert g) ::1_key.pem.plain -- unencrypted corresponding key file for authentication h) 127.0.0.1_cert.pem -- ECC IPv4 localhost PEM cert i) 127.0.0.1_key.pem -- enrypted corresponding key file for authentication - password testcert j) 127.0.0.1_key.pem.plain -- unencrypted corresponding key file for authentication k) localhost_cert.pem -- ECC generic localhost PEM cert l) localhost.pem -- encrypted corresponding key file for authentication - password testcert m) localhost.pem -- unencrypted corresponding key file for authentication n) chain6.pem -- chained ::1_cert.pam + rootCA_cert.pem o) chain4.pem -- chained 127.0.0.1_cert.pam + rootCA_cert.pem p) dh2048.pem -- Diffie-Hellman parameter file with 2048 bit All x509 certs are generated by means of the ECC prime256v1 algorithm. CA cert validity: About 10 years from September 2023. Other certs valdity is about 5 years starting at September 2023. 2. Usage -------- These x509 certs and key files are provided to allow an initial setup and test of UCSPI-SSL's sslserver and companions. The use of ECC signatures requires OpenSSL > 1.1.1 or LibreSSL > 3.3.1. 3. rootCA_cert.pem ------------------ Certificate: Data: Version: 3 (0x2) Serial Number: 2a:33:3a:76:03:ac:7a:0f:23:38:0a:5c:e3:43:f2:9d:74:9d:ae:99 Signature Algorithm: ecdsa-with-SHA256 Issuer: C = US, ST = New York, L = Brooklyn, O = ucspi-ssl research laboratory, CN = ucspi-ssl research ca Validity Not Before: Sep 20 13:04:38 2023 GMT Not After : Oct 17 13:04:38 2033 GMT Subject: C = US, ST = New York, L = Brooklyn, O = ucspi-ssl research laboratory, CN = ucspi-ssl research ca Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:74:87:e3:06:ee:44:a1:7b:4c:ca:d4:d9:13:fa: d2:8a:4c:08:42:84:ae:3f:f9:97:9d:c2:49:48:ad: 0f:3d:ba:c2:26:df:28:22:45:63:7c:fe:28:b1:e1: 90:1d:33:4f:62:3f:b0:ff:0c:04:52:0b:75:1b:6b: 72:76:a1:00:07 ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Subject Key Identifier: A5:33:0C:F4:15:5B:BD:10:6A:71:A2:79:EB:00:77:8C:7A:30:35:83 X509v3 Authority Key Identifier: keyid:A5:33:0C:F4:15:5B:BD:10:6A:71:A2:79:EB:00:77:8C:7A:30:35:83 X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: ecdsa-with-SHA256 30:45:02:21:00:99:53:0a:1c:5f:b2:1c:80:c0:05:17:05:f7: 75:96:28:87:bd:c3:d5:ca:2f:bf:a4:17:5e:66:ac:bb:4f:68: 50:02:20:37:25:2a:62:2e:5d:31:8f:d7:71:3a:4d:b9:39:6b: f8:02:5a:50:7b:c9:74:33:11:57:24:a9:2b:7a:39:37:b6 -----BEGIN CERTIFICATE----- MIICSzCCAfGgAwIBAgIUKjM6dgOseg8jOApc40PynXSdrpkwCgYIKoZIzj0EAwIw ezELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3JrMREwDwYDVQQHEwhCcm9v a2x5bjEmMCQGA1UEChMddWNzcGktc3NsIHJlc2VhcmNoIGxhYm9yYXRvcnkxHjAc BgNVBAMTFXVjc3BpLXNzbCByZXNlYXJjaCBjYTAeFw0yMzA5MjAxMzA0MzhaFw0z MzEwMTcxMzA0MzhaMHsxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhOZXcgWW9yazER MA8GA1UEBxMIQnJvb2tseW4xJjAkBgNVBAoTHXVjc3BpLXNzbCByZXNlYXJjaCBs YWJvcmF0b3J5MR4wHAYDVQQDExV1Y3NwaS1zc2wgcmVzZWFyY2ggY2EwWTATBgcq hkjOPQIBBggqhkjOPQMBBwNCAAR0h+MG7kShe0zK1NkT+tKKTAhChK4/+ZedwklI rQ89usIm3ygiRWN8/iix4ZAdM09iP7D/DARSC3Uba3J2oQAHo1MwUTAdBgNVHQ4E FgQUpTMM9BVbvRBqcaJ56wB3jHowNYMwHwYDVR0jBBgwFoAUpTMM9BVbvRBqcaJ5 6wB3jHowNYMwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNIADBFAiEAmVMK HF+yHIDABRcF93WWKIe9w9XKL7+kF15mrLtPaFACIDclKmIuXTGP13E6Tbk5a/gC WlB7yXQzEVckqSt6OTe2 -----END CERTIFICATE----- 4. ::1_cert.pem --------------- Certificate: Data: Version: 3 (0x2) Serial Number: 06:d5:47:e8:f3:8c:9e:62:65:2f:21:f4:32:e5:09:be:92:ad:4f:2f Signature Algorithm: ecdsa-with-SHA256 Issuer: C = US, ST = New York, L = Brooklyn, O = ucspi-ssl research laboratory, CN = loopback Validity Not Before: Sep 20 13:05:52 2023 GMT Not After : Dec 2 13:05:52 2028 GMT Subject: C = US, ST = New York, L = Brooklyn, O = ucspi-ssl research laboratory, CN = loopback Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:2c:04:f7:2e:0a:84:7f:26:b2:e2:02:6c:b4:c4: 9a:83:89:fa:a9:62:16:f8:0e:25:4d:2d:9c:a1:37: 4a:a4:3a:ee:42:ef:b8:31:4f:e1:94:94:c8:f1:1b: ed:60:fc:04:ed:0b:e7:eb:db:93:ad:05:24:38:04: 88:df:bb:4c:30 ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Key Usage: Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 Subject Alternative Name: IP Address:0:0:0:0:0:0:0:1, DNS:localhost X509v3 Authority Key Identifier: DirName:/C=US/ST=New York/L=Brooklyn/O=ucspi-ssl research laboratory/CN=loopback serial:06:D5:47:E8:F3:8C:9E:62:65:2F:21:F4:32:E5:09:BE:92:AD:4F:2F Signature Algorithm: ecdsa-with-SHA256 30:45:02:21:00:84:ca:6c:81:c7:cf:aa:43:c5:cf:e3:95:7c: 43:a7:09:3e:9a:b5:e4:ae:e8:55:a5:da:3f:6e:53:37:95:dc: ea:02:20:35:83:1c:1b:bd:8e:9e:8c:eb:be:88:0e:a9:c1:23: 00:d3:97:e7:ca:ea:cd:75:00:9b:89:2c:7f:89:ca:ac:cf -----BEGIN CERTIFICATE----- MIICzzCCAnWgAwIBAgIUBtVH6POMnmJlLyH0MuUJvpKtTy8wCgYIKoZIzj0EAwIw bjELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3JrMREwDwYDVQQHEwhCcm9v a2x5bjEmMCQGA1UEChMddWNzcGktc3NsIHJlc2VhcmNoIGxhYm9yYXRvcnkxETAP BgNVBAMTCGxvb3BiYWNrMB4XDTIzMDkyMDEzMDU1MloXDTI4MTIwMjEzMDU1Mlow bjELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3JrMREwDwYDVQQHEwhCcm9v a2x5bjEmMCQGA1UEChMddWNzcGktc3NsIHJlc2VhcmNoIGxhYm9yYXRvcnkxETAP BgNVBAMTCGxvb3BiYWNrMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELAT3LgqE fyay4gJstMSag4n6qWIW+A4lTS2coTdKpDruQu+4MU/hlJTI8RvtYPwE7Qvn69uT rQUkOASI37tMMKOB8DCB7TAJBgNVHRMEAjAAMAsGA1UdDwQEAwIFoDATBgNVHSUE DDAKBggrBgEFBQcDATAmBgNVHREEHzAdhxAAAAAAAAAAAAAAAAAAAAABgglsb2Nh bGhvc3QwgZUGA1UdIwSBjTCBiqFypHAwbjELMAkGA1UEBhMCVVMxETAPBgNVBAgT CE5ldyBZb3JrMREwDwYDVQQHEwhCcm9va2x5bjEmMCQGA1UEChMddWNzcGktc3Ns IHJlc2VhcmNoIGxhYm9yYXRvcnkxETAPBgNVBAMTCGxvb3BiYWNrghQG1Ufo84ye YmUvIfQy5Qm+kq1PLzAKBggqhkjOPQQDAgNIADBFAiEAhMpsgcfPqkPFz+OVfEOn CT6ateSu6FWl2j9uUzeV3OoCIDWDHBu9jp6M676IDqnBIwDTl+fK6s11AJuJLH+J yqzP -----END CERTIFICATE----- 5. 127.0.0.1_cert.pem --------------------- Certificate: Data: Version: 3 (0x2) Serial Number: 75:01:d6:e2:c8:06:cb:69:ab:1f:c0:78:db:5f:00:2b:ca:c3:70:3c Signature Algorithm: ecdsa-with-SHA256 Issuer: C = US, ST = New York, L = Brooklyn, O = ucspi-ssl research laboratory, CN = loopback Validity Not Before: Sep 20 13:05:14 2023 GMT Not After : Dec 2 13:05:14 2028 GMT Subject: C = US, ST = New York, L = Brooklyn, O = ucspi-ssl research laboratory, CN = loopback Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:98:39:f8:09:02:bd:81:7b:1d:4f:23:34:2e:b0: 5c:97:b7:77:98:bd:d7:8a:ed:d7:d0:48:25:c1:ff: a6:a4:97:8f:fc:56:00:04:9b:14:ba:3f:db:d3:76: d4:53:07:63:20:61:fb:c6:88:fa:09:06:b9:7f:85: d2:cf:7a:28:00 ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Key Usage: Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 Subject Alternative Name: IP Address:127.0.0.1, DNS:localhost X509v3 Authority Key Identifier: DirName:/C=US/ST=New York/L=Brooklyn/O=ucspi-ssl research laboratory/CN=loopback serial:75:01:D6:E2:C8:06:CB:69:AB:1F:C0:78:DB:5F:00:2B:CA:C3:70:3C Signature Algorithm: ecdsa-with-SHA256 30:44:02:20:5b:38:50:24:5e:1f:43:d4:24:ad:eb:8d:43:ec: db:2b:f5:04:bb:78:0a:f1:30:b0:5e:6d:69:6c:dd:00:57:9f: 02:20:2b:b1:26:72:21:0f:ce:72:9a:5d:77:13:07:c9:fd:37: 04:14:bc:c0:da:33:49:6a:a4:4d:17:c8:48:04:36:a0 -----BEGIN CERTIFICATE----- MIICwjCCAmmgAwIBAgIUdQHW4sgGy2mrH8B4218AK8rDcDwwCgYIKoZIzj0EAwIw bjELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3JrMREwDwYDVQQHEwhCcm9v a2x5bjEmMCQGA1UEChMddWNzcGktc3NsIHJlc2VhcmNoIGxhYm9yYXRvcnkxETAP BgNVBAMTCGxvb3BiYWNrMB4XDTIzMDkyMDEzMDUxNFoXDTI4MTIwMjEzMDUxNFow bjELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3JrMREwDwYDVQQHEwhCcm9v a2x5bjEmMCQGA1UEChMddWNzcGktc3NsIHJlc2VhcmNoIGxhYm9yYXRvcnkxETAP BgNVBAMTCGxvb3BiYWNrMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmDn4CQK9 gXsdTyM0LrBcl7d3mL3Xiu3X0Eglwf+mpJeP/FYABJsUuj/b03bUUwdjIGH7xoj6 CQa5f4XSz3ooAKOB5DCB4TAJBgNVHRMEAjAAMAsGA1UdDwQEAwIFoDATBgNVHSUE DDAKBggrBgEFBQcDATAaBgNVHREEEzARhwR/AAABgglsb2NhbGhvc3QwgZUGA1Ud IwSBjTCBiqFypHAwbjELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3JrMREw DwYDVQQHEwhCcm9va2x5bjEmMCQGA1UEChMddWNzcGktc3NsIHJlc2VhcmNoIGxh Ym9yYXRvcnkxETAPBgNVBAMTCGxvb3BiYWNrghR1AdbiyAbLaasfwHjbXwArysNw PDAKBggqhkjOPQQDAgNHADBEAiBbOFAkXh9D1CSt641D7Nsr9QS7eArxMLBebWls 3QBXnwIgK7EmciEPznKaXXcTB8n9NwQUvMDaM0lqpE0XyEgENqA= -----END CERTIFICATE----- 6. localhost_cert.pem --------------------- Certificate: Data: Version: 3 (0x2) Serial Number: 7a:6a:2a:23:7c:b4:99:26:bd:19:ee:88:72:b4:1c:8e:4d:3b:5a:40 Signature Algorithm: ecdsa-with-SHA256 Issuer: C = US, ST = New York, L = Brooklyn, O = ucspi-ssl research laboratory, CN = localhost Validity Not Before: Sep 20 13:06:24 2023 GMT Not After : Dec 2 13:06:24 2028 GMT Subject: C = US, ST = New York, L = Brooklyn, O = ucspi-ssl research laboratory, CN = localhost Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:13:bc:51:f1:ce:42:39:a5:da:fd:81:e7:4d:03: fd:3d:93:9d:63:ce:d7:32:0c:1b:c1:f3:1a:43:84: f4:c5:db:79:c9:7e:e5:3d:ad:de:ca:66:fd:f5:a7: 1c:80:18:20:b6:c6:b1:18:76:30:0a:3f:5f:ac:ca: a4:90:d4:8b:b0 ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Key Usage: Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Client Authentication X509v3 Subject Alternative Name: DNS:localhost, IP Address:0.0.0.0, IP Address:0:0:0:0:0:0:0:0 X509v3 Authority Key Identifier: DirName:/C=US/ST=New York/L=Brooklyn/O=ucspi-ssl research laboratory/CN=localhost serial:7A:6A:2A:23:7C:B4:99:26:BD:19:EE:88:72:B4:1C:8E:4D:3B:5A:40 Signature Algorithm: ecdsa-with-SHA256 30:45:02:20:71:4c:08:c1:2a:7e:31:a9:33:5a:92:cb:da:81: 85:ed:74:66:38:f8:5b:f1:55:1c:e4:bb:ba:3e:4e:83:76:fb: 02:21:00:d3:82:51:6f:87:b0:32:14:1e:e0:f0:8c:43:cf:1c: f2:2b:ca:70:a9:d3:26:55:00:91:94:29:87:06:8d:3e:3e -----BEGIN CERTIFICATE----- MIIC2DCCAn6gAwIBAgIUemoqI3y0mSa9Ge6IcrQcjk07WkAwCgYIKoZIzj0EAwIw bzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3JrMREwDwYDVQQHEwhCcm9v a2x5bjEmMCQGA1UEChMddWNzcGktc3NsIHJlc2VhcmNoIGxhYm9yYXRvcnkxEjAQ BgNVBAMTCWxvY2FsaG9zdDAeFw0yMzA5MjAxMzA2MjRaFw0yODEyMDIxMzA2MjRa MG8xCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhOZXcgWW9yazERMA8GA1UEBxMIQnJv b2tseW4xJjAkBgNVBAoTHXVjc3BpLXNzbCByZXNlYXJjaCBsYWJvcmF0b3J5MRIw EAYDVQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQTvFHx zkI5pdr9gedNA/09k51jztcyDBvB8xpDhPTF23nJfuU9rd7KZv31pxyAGCC2xrEY djAKP1+syqSQ1Iuwo4H3MIH0MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgMBMGA1Ud JQQMMAoGCCsGAQUFBwMCMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcEAAAAAIcQAAAA AAAAAAAAAAAAAAAAADCBlgYDVR0jBIGOMIGLoXOkcTBvMQswCQYDVQQGEwJVUzER MA8GA1UECBMITmV3IFlvcmsxETAPBgNVBAcTCEJyb29rbHluMSYwJAYDVQQKEx11 Y3NwaS1zc2wgcmVzZWFyY2ggbGFib3JhdG9yeTESMBAGA1UEAxMJbG9jYWxob3N0 ghR6aiojfLSZJr0Z7ohytByOTTtaQDAKBggqhkjOPQQDAgNIADBFAiBxTAjBKn4x qTNaksvagYXtdGY4+FvxVRzku7o+ToN2+wIhANOCUW+HsDIUHuDwjEPPHPIrynCp 0yZVAJGUKYcGjT4+ -----END CERTIFICATE-----