Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Aia ca issuers must have http only #852

Merged
Merged
Show file tree
Hide file tree
Changes from 36 commits
Commits
Show all changes
37 commits
Select commit Hold shift + click to select a range
6c23670
lint about the encoding of qcstatements for PSD2
Feb 4, 2020
4666bb7
Revert "lint about the encoding of qcstatements for PSD2"
Feb 4, 2020
01996c6
Merge https://github.com/zmap/zlint
Aug 26, 2020
28481cc
Merge https://github.com/zmap/zlint
Sep 1, 2021
749d896
Merge https://github.com/zmap/zlint
Oct 21, 2021
e56e2a0
util: gtld_map autopull updates for 2021-10-21T07:25:20 UTC
web-flow Oct 21, 2021
8600050
Merge pull request #1 from mtgag/zlint-gtld-update
mtgag Oct 21, 2021
30b096e
Merge https://github.com/zmap/zlint
mtgag Apr 19, 2023
92e659c
always check and perform the operation in the execution
mtgag Apr 27, 2023
351a379
Merge branch 'master' into master
christopher-henderson May 14, 2023
b52111b
Merge https://github.com/zmap/zlint
mtgag May 16, 2023
526f9be
Merge https://github.com/zmap/zlint
mtgag Jun 9, 2023
92902fc
Merge https://github.com/zmap/zlint
mtgag Jul 1, 2023
1652cfa
synchronised with project
mtgag Jul 5, 2023
d4f2f9f
synchronised with project
mtgag Aug 30, 2023
88c933e
Merge https://github.com/zmap/zlint
mtgag Aug 30, 2023
cee805f
Merge https://github.com/zmap/zlint
mtgag Dec 3, 2023
2408543
synchronised with project
mtgag Dec 14, 2023
67537e9
synchronised with project
mtgag Dec 14, 2023
e77fae1
synchronised with project
mtgag Jan 24, 2024
51d498f
synchronised with project
mtgag Feb 13, 2024
31e1845
Merge https://github.com/zmap/zlint
mtgag Feb 25, 2024
d10444e
Merge https://github.com/zmap/zlint
mtgag Mar 4, 2024
53b911e
fixed merge error
mtgag Mar 5, 2024
f1a66db
Merge https://github.com/zmap/zlint
mtgag Mar 10, 2024
795d206
Merge https://github.com/zmap/zlint
mtgag Apr 5, 2024
bad73ee
synchronised with project
mtgag Apr 5, 2024
2cd7d08
synchronised with project
mtgag Apr 9, 2024
63cf8e8
Revert "synchronised with project"
mtgag Apr 9, 2024
b3a86b3
Revert "synchronised with project"
mtgag Apr 9, 2024
4d46729
Merge https://github.com/zmap/zlint
mtgag Apr 9, 2024
f0991f9
Merge https://github.com/zmap/zlint
mtgag Jun 6, 2024
9a1c3ac
new lint; The id-ad-caIssuers accessMethod must contain an HTTP URL o…
mtgag Jun 6, 2024
ba03ee3
update to consider HTTPS (not only HTTP) URLs also.
mtgag Jun 8, 2024
6167d1a
this is already covered by PR #846
mtgag Jun 10, 2024
bbb82c7
addressing issues in PR discussion
mtgag Jun 10, 2024
566c6e0
Merge branch 'master' into aia_ca_issuers_must_have_http_only
christopher-henderson Jun 16, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
78 changes: 78 additions & 0 deletions v3/lints/cabf_br/lint_aia_ca_issuers_must_have_http_only.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
package cabf_br

/*
* ZLint Copyright 2024 Regents of the University of Michigan
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy
* of the License at http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
* implied. See the License for the specific language governing
* permissions and limitations under the License.
*/

import (
"fmt"
"net/url"

"github.com/zmap/zcrypto/x509"
"github.com/zmap/zlint/v3/lint"
"github.com/zmap/zlint/v3/util"
)

type bRAIACAIssuersHasHTTPOnly struct{}

/************************************************************************
7.1.2.7.7 Subscriber Certificate Authority Information Access
The AuthorityInfoAccessSyntax MUST contain one or more AccessDescriptions. Each
AccessDescription MUST only contain a permitted accessMethod, as detailed below, and
each accessLocation MUST be encoded as the specified GeneralName type.
The AuthorityInfoAccessSyntax MAY contain multiple AccessDescriptions with the
same accessMethod, if permitted for that accessMethod. When multiple
AccessDescriptions are present with the same accessMethod, each accessLocation
MUST be unique, and each AccessDescription MUST be ordered in priority for that
accessMethod, with the most‐preferred accessLocation being the first
AccessDescription. No ordering requirements are given for AccessDescriptions that
contain different accessMethods, provided that previous requirement is satisfied.

id-ad-caIssuers
1.3.6.1.5.5.7.48.2 uniformResourceIdentifier SHOULD A HTTP URL of the
Issuing CA’s certificate
*************************************************************************/

func init() {
lint.RegisterCertificateLint(&lint.CertificateLint{
LintMetadata: lint.LintMetadata{
Name: "e_aia_ca_issuers_must_have_http_only",
Description: "The id-ad-caIssuers accessMethod must contain an HTTP URL of the Issuing CA’s certificate. Other schemes are not allowed.",
Citation: "BRs: 7.1.2.7.7",
Source: lint.CABFBaselineRequirements,
EffectiveDate: util.SC62EffectiveDate,
},
Lint: NewBRAIACAIssuersHasHTTPOnly,
})
}

func NewBRAIACAIssuersHasHTTPOnly() lint.LintInterface {
return &bRAIACAIssuersHasHTTPOnly{}
}

func (l *bRAIACAIssuersHasHTTPOnly) CheckApplies(c *x509.Certificate) bool {
return len(c.IssuingCertificateURL) > 0 && util.IsSubscriberCert(c)
}

func (l *bRAIACAIssuersHasHTTPOnly) Execute(c *x509.Certificate) *lint.LintResult {
for _, u := range c.IssuingCertificateURL {
purl, err := url.Parse(u)
if err != nil {
return &lint.LintResult{Status: lint.Error, Details: "Could not parse caIssuers in AIA."}
}
if purl.Scheme != "http" {
return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Found scheme %s in caIssuers of AIA, which is not allowed.", purl.Scheme)}
}
}
return &lint.LintResult{Status: lint.Pass}
}
92 changes: 92 additions & 0 deletions v3/lints/cabf_br/lint_aia_ca_issuers_must_have_http_only_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,92 @@
package cabf_br

/*
* ZLint Copyright 2024 Regents of the University of Michigan
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy
* of the License at http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
* implied. See the License for the specific language governing
* permissions and limitations under the License.
*/

import (
"testing"

"github.com/zmap/zlint/v3/lint"
"github.com/zmap/zlint/v3/test"
)

func TestBRAIACAIssuersHasHTTPOnly(t *testing.T) {
testCases := []struct {
Name string
InputFilename string

ExpectedResult lint.LintStatus
ExpectedDetails string
}{
{
Name: "error - AIA has an FTP URI for id-ad-caIssuers accessMethod.",
InputFilename: "aiaCaIssuersFTPOnly.pem",

ExpectedResult: lint.Error,
ExpectedDetails: "Found scheme ftp in caIssuers of AIA, which is not allowed.",
},
{
Name: "error - AIA has an HTTP and an LDAP URI for id-ad-caIssuers accessMethod.",
InputFilename: "aiaCaIssuersHTTPAndLDAP.pem",

ExpectedResult: lint.Error,
ExpectedDetails: "Found scheme ldap in caIssuers of AIA, which is not allowed.",
},
{
Name: "pass - AIA has only one HTTP URI for id-ad-caIssuers accessMethod.",
InputFilename: "aiaCaIssuersHTTPOnly.pem",

ExpectedResult: lint.Pass,
},
{
Name: "error - AIA has only one HTTPS URI for id-ad-caIssuers accessMethod.",
InputFilename: "aiaCaIssuersHttpsOnly.pem",

ExpectedResult: lint.Error,
ExpectedDetails: "Found scheme https in caIssuers of AIA, which is not allowed.",
},
{
Name: "NE - AIA has only one HTTP URI for id-ad-caIssuers accessMethod and it is issued before September 15th 2023.",
InputFilename: "aiaCaIssuersHttpOnlyNE.pem",

ExpectedResult: lint.NE,
},
{
Name: "NA - AIA has only an id-ad-ocsp accessMethod.",
InputFilename: "aiaCaIssuersHttpOnlyNoCAIssuers.pem",

ExpectedResult: lint.NA,
},
{
Name: "error - AIA has an LDAP URI for id-ad-caIssuers accessMethod.",
InputFilename: "aiaCaIssuersLDAPOnly.pem",

ExpectedResult: lint.Error,
ExpectedDetails: "Found scheme ldap in caIssuers of AIA, which is not allowed.",
},
}

for _, tc := range testCases {
t.Run(tc.Name, func(t *testing.T) {
result := test.TestLint("e_aia_ca_issuers_must_have_http_only", tc.InputFilename)
if result.Status != tc.ExpectedResult {
t.Errorf("expected result %v was %v", tc.ExpectedResult, result.Status)
}

if tc.ExpectedResult == lint.Error && tc.ExpectedDetails != result.Details {
t.Errorf("expected details: %q, was %q", tc.ExpectedDetails, result.Details)
}
})
}
}
44 changes: 44 additions & 0 deletions v3/testdata/aiaCaIssuersFTPOnly.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
a4:f4:6d:4f:10:ca:7e:ef:f9:e3:c0:85
Signature Algorithm: ecdsa-with-SHA256
Issuer: CN = Lint CA, O = Lint, C = DE
Validity
Not Before: Sep 15 00:00:00 2023 GMT
Not After : Sep 15 00:00:00 2024 GMT
Subject:
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:8f:74:a1:d5:84:f6:c9:04:2a:ef:8d:3a:91:9c:
35:d7:17:7a:ac:99:09:31:97:93:42:41:d2:81:51:
ff:59:82:62:7c:8e:30:b8:ec:52:a5:c3:6e:bf:73:
22:b7:01:22:1b:da:cb:8b:0a:7c:ab:35:ab:6a:b6:
81:8f:0c:33:de
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1

Authority Information Access:
CA Issuers - URI:ftp://issuers.example.com/

Signature Algorithm: ecdsa-with-SHA256
30:46:02:21:00:a5:9f:fc:9d:ed:7f:10:2d:5f:ea:c2:ee:f9:
92:62:56:52:63:fe:f3:12:27:5f:1d:81:e0:01:c3:dc:aa:bd:
2e:02:21:00:db:a7:aa:01:00:8d:53:c4:5f:d5:46:b2:42:31:
87:03:77:f5:ad:83:49:e2:31:38:58:7d:8e:d9:03:d0:11:34
-----BEGIN CERTIFICATE-----
MIIBeTCCAR6gAwIBAgINAKT0bU8Qyn7v+ePAhTAKBggqhkjOPQQDAjAuMRAwDgYD
VQQDDAdMaW50IENBMQ0wCwYDVQQKDARMaW50MQswCQYDVQQGEwJERTAeFw0yMzA5
MTUwMDAwMDBaFw0yNDA5MTUwMDAwMDBaMAAwWTATBgcqhkjOPQIBBggqhkjOPQMB
BwNCAASPdKHVhPbJBCrvjTqRnDXXF3qsmQkxl5NCQdKBUf9ZgmJ8jjC47FKlw26/
cyK3ASIb2suLCnyrNatqtoGPDDPeo08wTTATBgNVHSAEDDAKMAgGBmeBDAECATA2
BggrBgEFBQcBAQQqMCgwJgYIKwYBBQUHMAKGGmZ0cDovL2lzc3VlcnMuZXhhbXBs
ZS5jb20vMAoGCCqGSM49BAMCA0kAMEYCIQCln/yd7X8QLV/qwu75kmJWUmP+8xIn
Xx2B4AHD3Kq9LgIhANunqgEAjVPEX9VGskIxhwN39a2DSeIxOFh9jtkD0BE0
-----END CERTIFICATE-----
46 changes: 46 additions & 0 deletions v3/testdata/aiaCaIssuersHTTPAndLDAP.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
cf:1d:3e:98:ec:3f:f1:df:cf:85:a6:75
Signature Algorithm: ecdsa-with-SHA256
Issuer: CN = Lint CA, O = Lint, C = DE
Validity
Not Before: Sep 15 00:00:00 2023 GMT
Not After : Sep 15 00:00:00 2024 GMT
Subject:
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:ae:5e:8e:a1:a7:00:e1:75:66:4f:b8:b0:35:70:
2c:cb:6e:fb:83:fc:9c:f8:7b:67:cf:2d:71:e3:2d:
f2:1f:30:ea:ef:63:09:8b:ee:df:f2:ae:54:2d:5f:
9d:47:17:4d:09:2f:6e:bb:d2:5f:0a:f8:83:26:6c:
df:4f:6e:f3:39
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1

Authority Information Access:
CA Issuers - URI:http://issuers.example.com/ca
CA Issuers - URI:ldap://issuers.example.com/

Signature Algorithm: ecdsa-with-SHA256
30:45:02:20:28:e6:e6:7c:c9:b7:6a:af:ba:ae:ab:d3:39:39:
48:2d:da:d4:a9:79:b0:e1:51:bf:10:70:6b:2b:90:4e:fd:db:
02:21:00:9e:0d:0e:42:a1:19:38:e9:b8:72:e5:c2:25:bc:fd:
ef:15:93:65:20:f9:75:3f:41:8f:2b:ad:77:52:70:e7:6d
-----BEGIN CERTIFICATE-----
MIIBpDCCAUqgAwIBAgINAM8dPpjsP/Hfz4WmdTAKBggqhkjOPQQDAjAuMRAwDgYD
VQQDDAdMaW50IENBMQ0wCwYDVQQKDARMaW50MQswCQYDVQQGEwJERTAeFw0yMzA5
MTUwMDAwMDBaFw0yNDA5MTUwMDAwMDBaMAAwWTATBgcqhkjOPQIBBggqhkjOPQMB
BwNCAASuXo6hpwDhdWZPuLA1cCzLbvuD/Jz4e2fPLXHjLfIfMOrvYwmL7t/yrlQt
X51HF00JL2670l8K+IMmbN9PbvM5o3sweTATBgNVHSAEDDAKMAgGBmeBDAECATBi
BggrBgEFBQcBAQRWMFQwKQYIKwYBBQUHMAKGHWh0dHA6Ly9pc3N1ZXJzLmV4YW1w
bGUuY29tL2NhMCcGCCsGAQUFBzAChhtsZGFwOi8vaXNzdWVycy5leGFtcGxlLmNv
bS8wCgYIKoZIzj0EAwIDSAAwRQIgKObmfMm3aq+6rqvTOTlILdrUqXmw4VG/EHBr
K5BO/dsCIQCeDQ5CoRk46bhy5cIlvP3vFZNlIPl1P0GPK613UnDnbQ==
-----END CERTIFICATE-----
44 changes: 44 additions & 0 deletions v3/testdata/aiaCaIssuersHTTPOnly.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
e6:d6:fc:e0:b2:b6:a4:38:42:83:b0:2c
Signature Algorithm: ecdsa-with-SHA256
Issuer: CN = Lint CA, O = Lint, C = DE
Validity
Not Before: Sep 15 00:00:00 2023 GMT
Not After : Sep 15 00:00:00 2024 GMT
Subject:
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:bf:30:2a:6f:9d:8c:bf:17:ce:e6:b5:6c:a6:2a:
a0:44:c8:22:62:09:d2:0f:b3:48:70:e3:b8:8a:f3:
75:78:4b:4f:b6:ae:31:13:3e:e3:27:3f:2b:7c:89:
61:cb:07:eb:3d:99:30:15:36:e9:2f:ba:92:0b:ef:
ee:07:d2:63:90
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1

Authority Information Access:
CA Issuers - URI:http://ocsp.example.com/ocsp

Signature Algorithm: ecdsa-with-SHA256
30:45:02:21:00:a0:69:ca:bb:32:bd:b4:49:4a:e1:81:93:25:
38:34:34:77:8a:bf:d8:5e:08:af:8a:f6:f3:66:b3:a9:e2:76:
fa:02:20:33:35:c3:07:ec:11:92:9a:02:a0:cb:7b:11:a0:84:
e6:28:1d:0d:6c:f7:09:d8:76:a5:e1:09:36:e9:48:de:b2
-----BEGIN CERTIFICATE-----
MIIBejCCASCgAwIBAgINAObW/OCytqQ4QoOwLDAKBggqhkjOPQQDAjAuMRAwDgYD
VQQDDAdMaW50IENBMQ0wCwYDVQQKDARMaW50MQswCQYDVQQGEwJERTAeFw0yMzA5
MTUwMDAwMDBaFw0yNDA5MTUwMDAwMDBaMAAwWTATBgcqhkjOPQIBBggqhkjOPQMB
BwNCAAS/MCpvnYy/F87mtWymKqBEyCJiCdIPs0hw47iK83V4S0+2rjETPuMnPyt8
iWHLB+s9mTAVNukvupIL7+4H0mOQo1EwTzATBgNVHSAEDDAKMAgGBmeBDAECATA4
BggrBgEFBQcBAQQsMCowKAYIKwYBBQUHMAKGHGh0dHA6Ly9vY3NwLmV4YW1wbGUu
Y29tL29jc3AwCgYIKoZIzj0EAwIDSAAwRQIhAKBpyrsyvbRJSuGBkyU4NDR3ir/Y
XgivivbzZrOp4nb6AiAzNcMH7BGSmgKgy3sRoITmKB0NbPcJ2Hal4Qk26Ujesg==
-----END CERTIFICATE-----
44 changes: 44 additions & 0 deletions v3/testdata/aiaCaIssuersHttpOnlyNE.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
ba:05:bc:a4:0a:2a:63:34:48:e4:43:32
Signature Algorithm: ecdsa-with-SHA256
Issuer: CN = Lint CA, O = Lint, C = DE
Validity
Not Before: Sep 14 23:59:59 2023 GMT
Not After : Sep 14 23:59:59 2024 GMT
Subject:
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:b5:35:3a:dd:12:97:00:f4:d2:59:df:2f:8b:50:
92:a2:b8:e8:1c:a7:0b:cb:c0:b1:fd:0b:28:af:9c:
aa:a0:84:14:5a:b0:fb:d0:f2:19:ff:46:73:0d:48:
a6:e8:c8:f0:11:f1:df:61:46:f6:e0:26:f9:c4:1a:
d6:e7:82:2e:24
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1

Authority Information Access:
CA Issuers - URI:http://issuers.example.com/

Signature Algorithm: ecdsa-with-SHA256
30:44:02:20:1e:a4:c4:b3:68:4c:fd:e4:13:c2:c6:35:d0:49:
cd:9f:70:22:af:79:02:c5:58:a0:f1:fa:ba:e8:3b:4c:2d:09:
02:20:4c:52:61:be:dc:ad:61:f1:98:08:0f:d4:40:0a:9a:b3:
ba:80:c6:8d:4d:1d:0b:8e:39:79:a7:b9:b9:9d:c2:c6
-----BEGIN CERTIFICATE-----
MIIBeDCCAR+gAwIBAgINALoFvKQKKmM0SORDMjAKBggqhkjOPQQDAjAuMRAwDgYD
VQQDDAdMaW50IENBMQ0wCwYDVQQKDARMaW50MQswCQYDVQQGEwJERTAeFw0yMzA5
MTQyMzU5NTlaFw0yNDA5MTQyMzU5NTlaMAAwWTATBgcqhkjOPQIBBggqhkjOPQMB
BwNCAAS1NTrdEpcA9NJZ3y+LUJKiuOgcpwvLwLH9CyivnKqghBRasPvQ8hn/RnMN
SKboyPAR8d9hRvbgJvnEGtbngi4ko1AwTjATBgNVHSAEDDAKMAgGBmeBDAECATA3
BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly9pc3N1ZXJzLmV4YW1w
bGUuY29tLzAKBggqhkjOPQQDAgNHADBEAiAepMSzaEz95BPCxjXQSc2fcCKveQLF
WKDx+rroO0wtCQIgTFJhvtytYfGYCA/UQAqas7qAxo1NHQuOOXmnubmdwsY=
-----END CERTIFICATE-----
44 changes: 44 additions & 0 deletions v3/testdata/aiaCaIssuersHttpOnlyNoCAIssuers.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
af:a9:43:14:a9:7a:a0:5d:2c:45:49:7b
Signature Algorithm: ecdsa-with-SHA256
Issuer: CN = Lint CA, O = Lint, C = DE
Validity
Not Before: Sep 15 00:00:00 2023 GMT
Not After : Sep 15 00:00:00 2024 GMT
Subject:
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:3c:16:95:eb:6d:bc:30:86:2f:16:32:94:43:d3:
fc:44:d9:b9:29:83:d1:7c:e3:58:b4:4b:80:bf:98:
79:e2:51:cc:3f:c0:55:c7:8b:da:d3:0d:a5:da:6e:
42:75:12:aa:56:65:e9:d0:00:dc:f4:94:34:b4:33:
ee:ef:3f:45:70
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1

Authority Information Access:
OCSP - URI:http://ocsp.example.com/ocsp

Signature Algorithm: ecdsa-with-SHA256
30:45:02:20:70:53:45:99:31:5a:4f:bd:2e:28:59:7e:6b:e5:
e0:a7:eb:bc:ef:ac:51:eb:e7:e9:c3:58:65:4b:42:14:a5:85:
02:21:00:fd:b4:78:6d:7f:05:6d:04:b4:ba:b9:53:5b:ef:74:
ea:4b:8e:75:56:fc:e0:fb:ec:59:fe:1e:7c:c5:43:2c:1c
-----BEGIN CERTIFICATE-----
MIIBejCCASCgAwIBAgINAK+pQxSpeqBdLEVJezAKBggqhkjOPQQDAjAuMRAwDgYD
VQQDDAdMaW50IENBMQ0wCwYDVQQKDARMaW50MQswCQYDVQQGEwJERTAeFw0yMzA5
MTUwMDAwMDBaFw0yNDA5MTUwMDAwMDBaMAAwWTATBgcqhkjOPQIBBggqhkjOPQMB
BwNCAAQ8FpXrbbwwhi8WMpRD0/xE2bkpg9F841i0S4C/mHniUcw/wFXHi9rTDaXa
bkJ1EqpWZenQANz0lDS0M+7vP0Vwo1EwTzATBgNVHSAEDDAKMAgGBmeBDAECATA4
BggrBgEFBQcBAQQsMCowKAYIKwYBBQUHMAGGHGh0dHA6Ly9vY3NwLmV4YW1wbGUu
Y29tL29jc3AwCgYIKoZIzj0EAwIDSAAwRQIgcFNFmTFaT70uKFl+a+Xgp+u876xR
6+fpw1hlS0IUpYUCIQD9tHhtfwVtBLS6uVNb73TqS451Vvzg++xZ/h58xUMsHA==
-----END CERTIFICATE-----
Loading
Loading