From b4c8efc973c2d59cddec4ae36184cfcaf1f6e247 Mon Sep 17 00:00:00 2001 From: James Smith Date: Tue, 27 Nov 2018 12:39:24 -0600 Subject: [PATCH 01/11] Reflect the reality of the database **Why**: The db/schema.rb and migrations got out of sync. **How**: Update the db/schema.rb to reflect what the migrations build. --- app/services/ocsp_service.rb | 4 ++-- db/schema.rb | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/app/services/ocsp_service.rb b/app/services/ocsp_service.rb index bf659e34f..2f28cb2c8 100644 --- a/app/services/ocsp_service.rb +++ b/app/services/ocsp_service.rb @@ -31,9 +31,9 @@ def build_request end def ocsp_url_for_subject - authority.ocsp_url.presence || begin + authority.ocsp_http_url.presence || begin uri = subject.ocsp_http_url - authority.ocsp_url = uri + authority.ocsp_http_url = uri authority.save! uri end diff --git a/db/schema.rb b/db/schema.rb index 76ae39be7..2203b62a5 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -23,7 +23,7 @@ t.datetime "valid_not_after", null: false t.datetime "created_at", null: false t.datetime "updated_at", null: false - t.string "ocsp_url" + t.string "ocsp_http_url" t.index ["key"], name: "index_certificate_authorities_on_key", unique: true end From c73bcd3c517afd0b00432144b69b58951385a055 Mon Sep 17 00:00:00 2001 From: Andy Brody Date: Mon, 28 Jan 2019 18:30:24 -0500 Subject: [PATCH 02/11] Add pentest CA. --- config/application.yml.example | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/config/application.yml.example b/config/application.yml.example index 5297eee25..0283c43dd 100644 --- a/config/application.yml.example +++ b/config/application.yml.example @@ -14,7 +14,8 @@ trusted_ca_root_identifiers: "\ 49:74:BB:0C:5E:BA:7A:FE:02:54:EF:7B:A0:C6:95:C6:09:80:70:96,\ 68:84:15:48:8C:54:70:7F:2D:12:58:0E:EC:1C:78:EF:3C:2E:59:64,\ 6C:8A:94:A2:77:B1:80:72:1D:81:7A:16:AA:F2:DC:CE:66:EE:45:C0,\ - BD:C1:B9:6B:4D:F4:1D:EC:30:90:BF:62:73:C0:84:33:F2:71:24:85" + BD:C1:B9:6B:4D:F4:1D:EC:30:90:BF:62:73:C0:84:33:F2:71:24:85,\ + 9C:16:31:A2:B4:29:8C:2E:04:62:57:87:11:E4:0F:4A:86:F4:75:48" # temporarily add 9C:16:31:A2:B4:29:8C:2E:04:62:57:87:11:E4:0F:4A:86:F4:75:48 for pen test required_policies: | [ From 26a69a3deed381d6016e597db721f9e190c0a610 Mon Sep 17 00:00:00 2001 From: Jonathan Hooper Date: Mon, 9 Dec 2019 10:12:46 -0500 Subject: [PATCH 03/11] Deploy RC 98 to staging (#93) --- Gemfile | 2 +- Gemfile.lock | 10 ++-- app/controllers/identify_controller.rb | 13 ++++- app/models/certificate.rb | 8 +++ app/services/ocsp_service.rb | 3 ++ config/application.yml.example | 3 ++ ...naged Services SSP CA CGKPO7PXWW4722S6.pem | 36 +++++++++++++ ...naged Services SSP CA W472GK2S8WPO7CPX.pem | 33 ++++++++++++ spec/controllers/identify_controller_spec.rb | 53 +++++++++++++++++++ 9 files changed, 153 insertions(+), 8 deletions(-) create mode 100644 config/certs/C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services SSP CA CGKPO7PXWW4722S6.pem create mode 100644 config/certs/C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services SSP CA W472GK2S8WPO7CPX.pem diff --git a/Gemfile b/Gemfile index 20f6f7b18..33b400257 100644 --- a/Gemfile +++ b/Gemfile @@ -15,7 +15,7 @@ gem 'mini_cache' gem 'newrelic_rpm' gem 'pg' gem 'pry-rails' -gem 'puma', '~> 3.7' +gem 'puma', '~> 3.12' gem 'rgl' group :development, :test do diff --git a/Gemfile.lock b/Gemfile.lock index a39e80025..18f2ed781 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -865,7 +865,7 @@ GEM concurrent-ruby (1.1.5) crack (0.4.3) safe_yaml (~> 1.0.0) - crass (1.0.4) + crass (1.0.5) daemons (1.3.1) database_cleaner (1.7.0) debug_inspector (0.0.3) @@ -935,7 +935,7 @@ GEM rb-fsevent (~> 0.9, >= 0.9.4) rb-inotify (~> 0.9, >= 0.9.7) ruby_dep (~> 1.2) - loofah (2.2.3) + loofah (2.3.1) crass (~> 1.0.2) nokogiri (>= 1.5.9) lumberjack (1.0.13) @@ -953,7 +953,7 @@ GEM nenv (0.3.0) newrelic_rpm (6.5.0.357) nio4r (2.4.0) - nokogiri (1.10.4) + nokogiri (1.10.5) mini_portile2 (~> 2.4.0) notiffany (0.1.3) nenv (~> 0.1) @@ -975,7 +975,7 @@ GEM pry (>= 0.10.4) psych (3.1.0) public_suffix (3.1.1) - puma (3.12.1) + puma (3.12.2) rack (2.0.7) rack-mini-profiler (1.0.2) rack (>= 1.2.0) @@ -1134,7 +1134,7 @@ DEPENDENCIES pg pry-byebug pry-rails - puma (~> 3.7) + puma (~> 3.12) rack-mini-profiler rails (~> 5.2, >= 5.2.2.1) rails-controller-testing diff --git a/app/controllers/identify_controller.rb b/app/controllers/identify_controller.rb index fab563793..ace9a00f9 100644 --- a/app/controllers/identify_controller.rb +++ b/app/controllers/identify_controller.rb @@ -8,6 +8,9 @@ class IdentifyController < ApplicationController delegate :logger, to: Rails + rescue_from URI::InvalidURIError, with: :render_bad_referrer_error + rescue_from ActionController::ParameterMissing, with: :render_missing_param_error + def create if referrer # given a valid certificate from the client, return a token @@ -18,8 +21,6 @@ def create else render_bad_request('No referrer') end - rescue URI::InvalidURIError - render_bad_request('Bad referrer') end private @@ -29,6 +30,14 @@ def render_bad_request(reason) render plain: 'Invalid request', status: :bad_request end + def render_bad_referrer_error + render_bad_request('Bad referrer') + end + + def render_missing_param_error(exception) + render_bad_request("Missing #{exception.param} param") + end + # :reek:UtilityFunction def token_for_referrer cert_pem = client_cert diff --git a/app/models/certificate.rb b/app/models/certificate.rb index 845c38f26..aa460bcbb 100644 --- a/app/models/certificate.rb +++ b/app/models/certificate.rb @@ -61,6 +61,14 @@ def validate_cert end def validate_untrusted_root + validate_untrusted_root_with_exceptions + rescue OpenSSL::OCSP::OCSPError + 'ocsp_error' + rescue Timeout::Error + 'timeout' + end + + def validate_untrusted_root_with_exceptions if self_signed? 'self-signed cert' elsif !signature_verified? diff --git a/app/services/ocsp_service.rb b/app/services/ocsp_service.rb index 8e81b8d99..a38568ab7 100644 --- a/app/services/ocsp_service.rb +++ b/app/services/ocsp_service.rb @@ -91,6 +91,9 @@ def make_single_http_request(uri, request, retries = 1) # :reek:UtilityFunction def make_single_http_request!(uri, request) http = Net::HTTP.new(uri.hostname, uri.port) + env = Figaro.env + http.open_timeout = env.http_open_timeout.to_i + http.read_timeout = env.http_read_timeout.to_i http.post(uri.path.presence || '/', request, 'content-type' => 'application/ocsp-request') end diff --git a/config/application.yml.example b/config/application.yml.example index 0283c43dd..9699f80f5 100644 --- a/config/application.yml.example +++ b/config/application.yml.example @@ -8,6 +8,9 @@ # The others are DoD certs 2-4 from the archive available at # http://iasecontent.disa.mil/pki-pke/Certificates_PKCS7_v5.0u1_DoD.zip aws_http_timeout: '5' +http_read_timeout: '5' +http_open_timeout: '5' + trusted_ca_root_identifiers: "\ AD:0C:7A:75:5C:E5:F3:98:C4:79:98:0E:AC:28:FD:97:F4:E7:02:FC,\ 17:4B:B8:26:BA:69:7A:AD:12:50:57:45:31:9E:57:BB:74:A5:DA:2F,\ diff --git a/config/certs/C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services SSP CA CGKPO7PXWW4722S6.pem b/config/certs/C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services SSP CA CGKPO7PXWW4722S6.pem new file mode 100644 index 000000000..1940bcb78 --- /dev/null +++ b/config/certs/C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services SSP CA CGKPO7PXWW4722S6.pem @@ -0,0 +1,36 @@ +Subject: /C=US/O=Entrust/OU=Certification Authorities/OU=Entrust Managed Services SSP CA +Issuer: /C=US/O=Entrust/OU=Certification Authorities/OU=Entrust Managed Services Root CA +-----BEGIN CERTIFICATE----- +MIIFuzCCBKOgAwIBAgIERIEHtjANBgkqhkiG9w0BAQsFADBuMQswCQYDVQQGEwJV +UzEQMA4GA1UEChMHRW50cnVzdDEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRo +b3JpdGllczEpMCcGA1UECxMgRW50cnVzdCBNYW5hZ2VkIFNlcnZpY2VzIFJvb3Qg +Q0EwHhcNMTkwODEzMTU0NjI5WhcNMjkwNzEzMTYxNjI5WjBtMQswCQYDVQQGEwJV +UzEQMA4GA1UEChMHRW50cnVzdDEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRo +b3JpdGllczEoMCYGA1UECxMfRW50cnVzdCBNYW5hZ2VkIFNlcnZpY2VzIFNTUCBD +QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANjtFQkAPFlMQRrHGBGI +zgXekI4wz+uu+neolkME7eAh+bBOopDwZkrp+TO/r9H1YLpvSmphwd7RBE6sWQEn +Fbez48ZY6V0PND8j13DEqO7ODIA4KHGmomuF3CFxjC5wYgpT0dPrSkMwmc4dr2xs +7801L1ekJj8+eybcZVd+45ok4283sgyn0cVDzV1w5WOg0lhWz7CwuWhNOh1ZeZi3 +1T49i9ETppBF86GR05UlBlaPBgUO85t9asxIrj8ejIWW89EVTtsnZ3r5SOkKtojP +QMEM88RHqwkiBMyEtftSc3LvkJgcQWXQ+0c4zMOjMDZD/4yn69dg8OWTsuXjw0qi +n/cCAwEAAaOCAmAwggJcMA4GA1UdDwEB/wQEAwIBhjB5BgNVHSAEcjBwMAwGCmCG +SAFlAwIBAwYwDAYKYIZIAWUDAgEDBzAMBgpghkgBZQMCAQMIMAwGCmCGSAFlAwIB +Aw0wDAYKYIZIAWUDAgEDETAMBgpghkgBZQMCAQMnMAwGCmCGSAFlAwIBAygwDAYK +YIZIAWUDAgEDKTASBgNVHRMBAf8ECDAGAQH/AgEAMIGkBggrBgEFBQcBAQSBlzCB +lDBNBggrBgEFBQcwAoZBaHR0cDovL3Jvb3R3ZWIubWFuYWdlZC5lbnRydXN0LmNv +bS9BSUEvQ2VydHNJc3N1ZWRUb0VNU1Jvb3RDQS5wN2MwQwYIKwYBBQUHMAGGN2h0 +dHA6Ly9vY3NwLm1hbmFnZWQuZW50cnVzdC5jb20vT0NTUC9FTVNSb290Q0FSZXNw +b25kZXIwgdMGA1UdHwSByzCByDA8oDqgOIY2aHR0cDovL3Jvb3R3ZWIubWFuYWdl +ZC5lbnRydXN0LmNvbS9DUkxzL0VNU1Jvb3RDQTMuY3JsMIGHoIGEoIGBpH8wfTEL +MAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VudHJ1c3QxIjAgBgNVBAsTGUNlcnRpZmlj +YXRpb24gQXV0aG9yaXRpZXMxKTAnBgNVBAsTIEVudHJ1c3QgTWFuYWdlZCBTZXJ2 +aWNlcyBSb290IENBMQ0wCwYDVQQDEwRDUkwxMB8GA1UdIwQYMBaAFElUkUxpRDvE ++AIs9PgtM1aJdZgQMB0GA1UdDgQWBBTm3RoHGstruiC5ljmT+BTcmAM3JzANBgkq +hkiG9w0BAQsFAAOCAQEA1zN6YX5CcwAqUOYGU7QQ4QIZaZvpnTN/KDEYHGDIhTYS +KlkAXz0ncwe5P3V9YfnF+UwDJFwBZVtzxIy+2lIbEvkkIezYKwJm6K2PHweePL6E +WpCaVhe39WrOo3LRjKIWO+Lp502Rkb/cBJVG2M2OE1ve4Ydt5GlPWXXi1uGoHJHW +U8jc2aPDIK5KTCtzh2tfEG6dkjykPosx5ZwNjcZ8IkTFoIh7hsLxniu8kHhOd2k0 +6nM+ctNiBdl2nCQ7GpDSJaL+1MJsXkVjav8ZCBRL9CXwAZSodu2RpkSuNSwrmLmw +V0lxFBzM+0lGoM8FlV31siMrQBoi0pjDgSjkkJFMFA== +-----END CERTIFICATE----- + diff --git a/config/certs/C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services SSP CA W472GK2S8WPO7CPX.pem b/config/certs/C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services SSP CA W472GK2S8WPO7CPX.pem new file mode 100644 index 000000000..d224c2b62 --- /dev/null +++ b/config/certs/C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services SSP CA W472GK2S8WPO7CPX.pem @@ -0,0 +1,33 @@ +Subject: /C=US/O=Entrust/OU=Certification Authorities/OU=Entrust Managed Services Root CA +Issuer: /C=US/O=U.S. Government/OU=FPKI/CN=Federal Common Policy CA +-----BEGIN CERTIFICATE----- +MIIFKTCCBBGgAwIBAgICc0owDQYJKoZIhvcNAQELBQAwWTELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDENMAsGA1UECxMERlBLSTEhMB8GA1UE +AxMYRmVkZXJhbCBDb21tb24gUG9saWN5IENBMB4XDTE5MDgxNDE1Mzk0NloXDTI5 +MDgxNDE1MzY0MlowbjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VudHJ1c3QxIjAg +BgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxKTAnBgNVBAsTIEVudHJ1 +c3QgTWFuYWdlZCBTZXJ2aWNlcyBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEA572gaoFb74+gsCeMrlon3dv5pjLJyU4nCO0QqiShzXK8Zqgw +Na47z+KdF3w1ofeRxYsu0qg/6gzlQU5s1DblG8CeNsXXowjaYwDAMosDSR4HrsLt +tr1C/4xxLkKejX4GQ01kpTHWMejtpioGMH3FqgK+E9Ga7hGU9rgy0CeVM2/LoJ3e +kt36xdpndCEbUfe9yQIliEICbJbKhxcMebJKAOb6g8jyr0CzeKXnDqwVMUEn4RED +sVxQgEzmQMryWdr/LBZckS40AEEhc4D1ojtssABvKrb9NzpGnSCPSDFXFY8N5C++ +CmA2OhZaZOHg//p85PExb4AVBmyZceIay1wezQIDAQABo4IB5DCCAeAwDwYDVR0T +AQH/BAUwAwEB/zBPBggrBgEFBQcBAQRDMEEwPwYIKwYBBQUHMAKGM2h0dHA6Ly9o +dHRwLmZwa2kuZ292L2ZjcGNhL2NhQ2VydHNJc3N1ZWRUb2ZjcGNhLnA3YzAPBgNV +HSQECDAGgAEAgQEAMAoGA1UdNgQDAgEAMHkGA1UdIARyMHAwDAYKYIZIAWUDAgED +BjAMBgpghkgBZQMCAQMHMAwGCmCGSAFlAwIBAwgwDAYKYIZIAWUDAgEDDTAMBgpg +hkgBZQMCAQMRMAwGCmCGSAFlAwIBAycwDAYKYIZIAWUDAgEDKDAMBgpghkgBZQMC +AQMpMF0GCCsGAQUFBwELBFEwTzBNBggrBgEFBQcwBYZBaHR0cDovL3Jvb3R3ZWIu +bWFuYWdlZC5lbnRydXN0LmNvbS9TSUEvQ2VydHNJc3N1ZWRCeUVNU1Jvb3RDQS5w +N2MwDgYDVR0PAQH/BAQDAgGGMB8GA1UdIwQYMBaAFK0MenVc5fOYxHmYDqwo/Zf0 +5wL8MDUGA1UdHwQuMCwwKqAooCaGJGh0dHA6Ly9odHRwLmZwa2kuZ292L2ZjcGNh +L2ZjcGNhLmNybDAdBgNVHQ4EFgQUSVSRTGlEO8T4Aiz0+C0zVol1mBAwDQYJKoZI +hvcNAQELBQADggEBAMX/TfukCGAdHdlIuDuBG3wg5+GIRzf5Vgt/gEl+dNR3BdVO +FrA+yKdPwnV9A+HZtxwC6YrIgxHsD8iImvF6WCuDWwNl2mNg0AynC3FNfyJlzMCw +kPbs2n4VqmcaP5hqVCiKVv+omQ7CwRM18ms4Ia0oHNFCaV3yvZb/QMFKUM3CaK0s +qZNmmBAqf6+XVeha45kKNtI20HXhUBzGyvmo/3vNfzJTQIQMqV10QP5ectlFvlLv +TjP+7mNJvuo3M5avGucbsNQLZrGsQMgIVcdhc4Juf3cklUNDJxAiyFbX3LEcP2SD ++6w/aYn9eB1GK8AqFv1dNfMK5dKBmrDRhMmxIqg= +-----END CERTIFICATE----- + diff --git a/spec/controllers/identify_controller_spec.rb b/spec/controllers/identify_controller_spec.rb index 2ad012767..3f8ba85de 100644 --- a/spec/controllers/identify_controller_spec.rb +++ b/spec/controllers/identify_controller_spec.rb @@ -221,6 +221,52 @@ end end + describe 'with a certificate timeout' do + before(:each) do + allow_any_instance_of(OCSPService).to receive(:make_http_request).and_raise(Timeout::Error) + end + + it 'returns a token as timeout' do + ca = CertificateAuthority.find_or_create_for_certificate( + Certificate.new(root_cert) + ) + + @request.headers['X-Client-Cert'] = CGI.escape(client_cert_pem) + expect(CertificateLoggerService).to receive(:log_certificate) + + get :create, params: { nonce: '123' } + expect(response).to have_http_status(:found) + expect(response.has_header?('Location')).to be_truthy + expect(token).to be_truthy + + expect(token_contents['error']).to eq 'certificate.timeout' + expect(token_contents['nonce']).to eq '123' + end + end + + describe 'with a certificate ocsp error' do + before(:each) do + allow_any_instance_of(OCSPService).to receive(:make_http_request).and_raise(OpenSSL::OCSP::OCSPError) + end + + it 'returns a token as ocsp error' do + ca = CertificateAuthority.find_or_create_for_certificate( + Certificate.new(root_cert) + ) + + @request.headers['X-Client-Cert'] = CGI.escape(client_cert_pem) + expect(CertificateLoggerService).to receive(:log_certificate) + + get :create, params: { nonce: '123' } + expect(response).to have_http_status(:found) + expect(response.has_header?('Location')).to be_truthy + expect(token).to be_truthy + + expect(token_contents['error']).to eq 'certificate.ocsp_error' + expect(token_contents['nonce']).to eq '123' + end + end + describe 'a certificate signed by an unrecognized authority' do let(:other_root_cert_and_key) do create_root_certificate( @@ -258,6 +304,13 @@ expect(token_contents['nonce']).to eq '123' end end + + context 'when the nonce param is missing' do + it 'returns a bad request' do + get :create, params: {} + expect(response).to have_http_status(:bad_request) + end + end end end end From f7cfcd9969d209abd20a58a30fab8943c6c01391 Mon Sep 17 00:00:00 2001 From: Jonathan Hooper Date: Mon, 9 Dec 2019 10:13:09 -0500 Subject: [PATCH 04/11] Deploy RC 98 to prod (#94) --- Gemfile | 2 +- Gemfile.lock | 10 ++-- app/controllers/identify_controller.rb | 13 ++++- app/models/certificate.rb | 8 +++ app/services/ocsp_service.rb | 3 ++ config/application.yml.example | 3 ++ ...naged Services SSP CA CGKPO7PXWW4722S6.pem | 36 +++++++++++++ ...naged Services SSP CA W472GK2S8WPO7CPX.pem | 33 ++++++++++++ spec/controllers/identify_controller_spec.rb | 53 +++++++++++++++++++ 9 files changed, 153 insertions(+), 8 deletions(-) create mode 100644 config/certs/C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services SSP CA CGKPO7PXWW4722S6.pem create mode 100644 config/certs/C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services SSP CA W472GK2S8WPO7CPX.pem diff --git a/Gemfile b/Gemfile index 20f6f7b18..33b400257 100644 --- a/Gemfile +++ b/Gemfile @@ -15,7 +15,7 @@ gem 'mini_cache' gem 'newrelic_rpm' gem 'pg' gem 'pry-rails' -gem 'puma', '~> 3.7' +gem 'puma', '~> 3.12' gem 'rgl' group :development, :test do diff --git a/Gemfile.lock b/Gemfile.lock index a39e80025..18f2ed781 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -865,7 +865,7 @@ GEM concurrent-ruby (1.1.5) crack (0.4.3) safe_yaml (~> 1.0.0) - crass (1.0.4) + crass (1.0.5) daemons (1.3.1) database_cleaner (1.7.0) debug_inspector (0.0.3) @@ -935,7 +935,7 @@ GEM rb-fsevent (~> 0.9, >= 0.9.4) rb-inotify (~> 0.9, >= 0.9.7) ruby_dep (~> 1.2) - loofah (2.2.3) + loofah (2.3.1) crass (~> 1.0.2) nokogiri (>= 1.5.9) lumberjack (1.0.13) @@ -953,7 +953,7 @@ GEM nenv (0.3.0) newrelic_rpm (6.5.0.357) nio4r (2.4.0) - nokogiri (1.10.4) + nokogiri (1.10.5) mini_portile2 (~> 2.4.0) notiffany (0.1.3) nenv (~> 0.1) @@ -975,7 +975,7 @@ GEM pry (>= 0.10.4) psych (3.1.0) public_suffix (3.1.1) - puma (3.12.1) + puma (3.12.2) rack (2.0.7) rack-mini-profiler (1.0.2) rack (>= 1.2.0) @@ -1134,7 +1134,7 @@ DEPENDENCIES pg pry-byebug pry-rails - puma (~> 3.7) + puma (~> 3.12) rack-mini-profiler rails (~> 5.2, >= 5.2.2.1) rails-controller-testing diff --git a/app/controllers/identify_controller.rb b/app/controllers/identify_controller.rb index fab563793..ace9a00f9 100644 --- a/app/controllers/identify_controller.rb +++ b/app/controllers/identify_controller.rb @@ -8,6 +8,9 @@ class IdentifyController < ApplicationController delegate :logger, to: Rails + rescue_from URI::InvalidURIError, with: :render_bad_referrer_error + rescue_from ActionController::ParameterMissing, with: :render_missing_param_error + def create if referrer # given a valid certificate from the client, return a token @@ -18,8 +21,6 @@ def create else render_bad_request('No referrer') end - rescue URI::InvalidURIError - render_bad_request('Bad referrer') end private @@ -29,6 +30,14 @@ def render_bad_request(reason) render plain: 'Invalid request', status: :bad_request end + def render_bad_referrer_error + render_bad_request('Bad referrer') + end + + def render_missing_param_error(exception) + render_bad_request("Missing #{exception.param} param") + end + # :reek:UtilityFunction def token_for_referrer cert_pem = client_cert diff --git a/app/models/certificate.rb b/app/models/certificate.rb index 845c38f26..aa460bcbb 100644 --- a/app/models/certificate.rb +++ b/app/models/certificate.rb @@ -61,6 +61,14 @@ def validate_cert end def validate_untrusted_root + validate_untrusted_root_with_exceptions + rescue OpenSSL::OCSP::OCSPError + 'ocsp_error' + rescue Timeout::Error + 'timeout' + end + + def validate_untrusted_root_with_exceptions if self_signed? 'self-signed cert' elsif !signature_verified? diff --git a/app/services/ocsp_service.rb b/app/services/ocsp_service.rb index 8e81b8d99..a38568ab7 100644 --- a/app/services/ocsp_service.rb +++ b/app/services/ocsp_service.rb @@ -91,6 +91,9 @@ def make_single_http_request(uri, request, retries = 1) # :reek:UtilityFunction def make_single_http_request!(uri, request) http = Net::HTTP.new(uri.hostname, uri.port) + env = Figaro.env + http.open_timeout = env.http_open_timeout.to_i + http.read_timeout = env.http_read_timeout.to_i http.post(uri.path.presence || '/', request, 'content-type' => 'application/ocsp-request') end diff --git a/config/application.yml.example b/config/application.yml.example index 0283c43dd..9699f80f5 100644 --- a/config/application.yml.example +++ b/config/application.yml.example @@ -8,6 +8,9 @@ # The others are DoD certs 2-4 from the archive available at # http://iasecontent.disa.mil/pki-pke/Certificates_PKCS7_v5.0u1_DoD.zip aws_http_timeout: '5' +http_read_timeout: '5' +http_open_timeout: '5' + trusted_ca_root_identifiers: "\ AD:0C:7A:75:5C:E5:F3:98:C4:79:98:0E:AC:28:FD:97:F4:E7:02:FC,\ 17:4B:B8:26:BA:69:7A:AD:12:50:57:45:31:9E:57:BB:74:A5:DA:2F,\ diff --git a/config/certs/C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services SSP CA CGKPO7PXWW4722S6.pem b/config/certs/C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services SSP CA CGKPO7PXWW4722S6.pem new file mode 100644 index 000000000..1940bcb78 --- /dev/null +++ b/config/certs/C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services SSP CA CGKPO7PXWW4722S6.pem @@ -0,0 +1,36 @@ +Subject: /C=US/O=Entrust/OU=Certification Authorities/OU=Entrust Managed Services SSP CA +Issuer: /C=US/O=Entrust/OU=Certification Authorities/OU=Entrust Managed Services Root CA +-----BEGIN CERTIFICATE----- +MIIFuzCCBKOgAwIBAgIERIEHtjANBgkqhkiG9w0BAQsFADBuMQswCQYDVQQGEwJV +UzEQMA4GA1UEChMHRW50cnVzdDEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRo +b3JpdGllczEpMCcGA1UECxMgRW50cnVzdCBNYW5hZ2VkIFNlcnZpY2VzIFJvb3Qg +Q0EwHhcNMTkwODEzMTU0NjI5WhcNMjkwNzEzMTYxNjI5WjBtMQswCQYDVQQGEwJV +UzEQMA4GA1UEChMHRW50cnVzdDEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRo +b3JpdGllczEoMCYGA1UECxMfRW50cnVzdCBNYW5hZ2VkIFNlcnZpY2VzIFNTUCBD +QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANjtFQkAPFlMQRrHGBGI +zgXekI4wz+uu+neolkME7eAh+bBOopDwZkrp+TO/r9H1YLpvSmphwd7RBE6sWQEn +Fbez48ZY6V0PND8j13DEqO7ODIA4KHGmomuF3CFxjC5wYgpT0dPrSkMwmc4dr2xs +7801L1ekJj8+eybcZVd+45ok4283sgyn0cVDzV1w5WOg0lhWz7CwuWhNOh1ZeZi3 +1T49i9ETppBF86GR05UlBlaPBgUO85t9asxIrj8ejIWW89EVTtsnZ3r5SOkKtojP +QMEM88RHqwkiBMyEtftSc3LvkJgcQWXQ+0c4zMOjMDZD/4yn69dg8OWTsuXjw0qi +n/cCAwEAAaOCAmAwggJcMA4GA1UdDwEB/wQEAwIBhjB5BgNVHSAEcjBwMAwGCmCG +SAFlAwIBAwYwDAYKYIZIAWUDAgEDBzAMBgpghkgBZQMCAQMIMAwGCmCGSAFlAwIB +Aw0wDAYKYIZIAWUDAgEDETAMBgpghkgBZQMCAQMnMAwGCmCGSAFlAwIBAygwDAYK +YIZIAWUDAgEDKTASBgNVHRMBAf8ECDAGAQH/AgEAMIGkBggrBgEFBQcBAQSBlzCB +lDBNBggrBgEFBQcwAoZBaHR0cDovL3Jvb3R3ZWIubWFuYWdlZC5lbnRydXN0LmNv +bS9BSUEvQ2VydHNJc3N1ZWRUb0VNU1Jvb3RDQS5wN2MwQwYIKwYBBQUHMAGGN2h0 +dHA6Ly9vY3NwLm1hbmFnZWQuZW50cnVzdC5jb20vT0NTUC9FTVNSb290Q0FSZXNw +b25kZXIwgdMGA1UdHwSByzCByDA8oDqgOIY2aHR0cDovL3Jvb3R3ZWIubWFuYWdl +ZC5lbnRydXN0LmNvbS9DUkxzL0VNU1Jvb3RDQTMuY3JsMIGHoIGEoIGBpH8wfTEL +MAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VudHJ1c3QxIjAgBgNVBAsTGUNlcnRpZmlj +YXRpb24gQXV0aG9yaXRpZXMxKTAnBgNVBAsTIEVudHJ1c3QgTWFuYWdlZCBTZXJ2 +aWNlcyBSb290IENBMQ0wCwYDVQQDEwRDUkwxMB8GA1UdIwQYMBaAFElUkUxpRDvE ++AIs9PgtM1aJdZgQMB0GA1UdDgQWBBTm3RoHGstruiC5ljmT+BTcmAM3JzANBgkq +hkiG9w0BAQsFAAOCAQEA1zN6YX5CcwAqUOYGU7QQ4QIZaZvpnTN/KDEYHGDIhTYS +KlkAXz0ncwe5P3V9YfnF+UwDJFwBZVtzxIy+2lIbEvkkIezYKwJm6K2PHweePL6E +WpCaVhe39WrOo3LRjKIWO+Lp502Rkb/cBJVG2M2OE1ve4Ydt5GlPWXXi1uGoHJHW +U8jc2aPDIK5KTCtzh2tfEG6dkjykPosx5ZwNjcZ8IkTFoIh7hsLxniu8kHhOd2k0 +6nM+ctNiBdl2nCQ7GpDSJaL+1MJsXkVjav8ZCBRL9CXwAZSodu2RpkSuNSwrmLmw +V0lxFBzM+0lGoM8FlV31siMrQBoi0pjDgSjkkJFMFA== +-----END CERTIFICATE----- + diff --git a/config/certs/C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services SSP CA W472GK2S8WPO7CPX.pem b/config/certs/C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services SSP CA W472GK2S8WPO7CPX.pem new file mode 100644 index 000000000..d224c2b62 --- /dev/null +++ b/config/certs/C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services SSP CA W472GK2S8WPO7CPX.pem @@ -0,0 +1,33 @@ +Subject: /C=US/O=Entrust/OU=Certification Authorities/OU=Entrust Managed Services Root CA +Issuer: /C=US/O=U.S. Government/OU=FPKI/CN=Federal Common Policy CA +-----BEGIN CERTIFICATE----- +MIIFKTCCBBGgAwIBAgICc0owDQYJKoZIhvcNAQELBQAwWTELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDENMAsGA1UECxMERlBLSTEhMB8GA1UE +AxMYRmVkZXJhbCBDb21tb24gUG9saWN5IENBMB4XDTE5MDgxNDE1Mzk0NloXDTI5 +MDgxNDE1MzY0MlowbjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VudHJ1c3QxIjAg +BgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxKTAnBgNVBAsTIEVudHJ1 +c3QgTWFuYWdlZCBTZXJ2aWNlcyBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEA572gaoFb74+gsCeMrlon3dv5pjLJyU4nCO0QqiShzXK8Zqgw +Na47z+KdF3w1ofeRxYsu0qg/6gzlQU5s1DblG8CeNsXXowjaYwDAMosDSR4HrsLt +tr1C/4xxLkKejX4GQ01kpTHWMejtpioGMH3FqgK+E9Ga7hGU9rgy0CeVM2/LoJ3e +kt36xdpndCEbUfe9yQIliEICbJbKhxcMebJKAOb6g8jyr0CzeKXnDqwVMUEn4RED +sVxQgEzmQMryWdr/LBZckS40AEEhc4D1ojtssABvKrb9NzpGnSCPSDFXFY8N5C++ +CmA2OhZaZOHg//p85PExb4AVBmyZceIay1wezQIDAQABo4IB5DCCAeAwDwYDVR0T +AQH/BAUwAwEB/zBPBggrBgEFBQcBAQRDMEEwPwYIKwYBBQUHMAKGM2h0dHA6Ly9o +dHRwLmZwa2kuZ292L2ZjcGNhL2NhQ2VydHNJc3N1ZWRUb2ZjcGNhLnA3YzAPBgNV +HSQECDAGgAEAgQEAMAoGA1UdNgQDAgEAMHkGA1UdIARyMHAwDAYKYIZIAWUDAgED +BjAMBgpghkgBZQMCAQMHMAwGCmCGSAFlAwIBAwgwDAYKYIZIAWUDAgEDDTAMBgpg +hkgBZQMCAQMRMAwGCmCGSAFlAwIBAycwDAYKYIZIAWUDAgEDKDAMBgpghkgBZQMC +AQMpMF0GCCsGAQUFBwELBFEwTzBNBggrBgEFBQcwBYZBaHR0cDovL3Jvb3R3ZWIu +bWFuYWdlZC5lbnRydXN0LmNvbS9TSUEvQ2VydHNJc3N1ZWRCeUVNU1Jvb3RDQS5w +N2MwDgYDVR0PAQH/BAQDAgGGMB8GA1UdIwQYMBaAFK0MenVc5fOYxHmYDqwo/Zf0 +5wL8MDUGA1UdHwQuMCwwKqAooCaGJGh0dHA6Ly9odHRwLmZwa2kuZ292L2ZjcGNh +L2ZjcGNhLmNybDAdBgNVHQ4EFgQUSVSRTGlEO8T4Aiz0+C0zVol1mBAwDQYJKoZI +hvcNAQELBQADggEBAMX/TfukCGAdHdlIuDuBG3wg5+GIRzf5Vgt/gEl+dNR3BdVO +FrA+yKdPwnV9A+HZtxwC6YrIgxHsD8iImvF6WCuDWwNl2mNg0AynC3FNfyJlzMCw +kPbs2n4VqmcaP5hqVCiKVv+omQ7CwRM18ms4Ia0oHNFCaV3yvZb/QMFKUM3CaK0s +qZNmmBAqf6+XVeha45kKNtI20HXhUBzGyvmo/3vNfzJTQIQMqV10QP5ectlFvlLv +TjP+7mNJvuo3M5avGucbsNQLZrGsQMgIVcdhc4Juf3cklUNDJxAiyFbX3LEcP2SD ++6w/aYn9eB1GK8AqFv1dNfMK5dKBmrDRhMmxIqg= +-----END CERTIFICATE----- + diff --git a/spec/controllers/identify_controller_spec.rb b/spec/controllers/identify_controller_spec.rb index 2ad012767..3f8ba85de 100644 --- a/spec/controllers/identify_controller_spec.rb +++ b/spec/controllers/identify_controller_spec.rb @@ -221,6 +221,52 @@ end end + describe 'with a certificate timeout' do + before(:each) do + allow_any_instance_of(OCSPService).to receive(:make_http_request).and_raise(Timeout::Error) + end + + it 'returns a token as timeout' do + ca = CertificateAuthority.find_or_create_for_certificate( + Certificate.new(root_cert) + ) + + @request.headers['X-Client-Cert'] = CGI.escape(client_cert_pem) + expect(CertificateLoggerService).to receive(:log_certificate) + + get :create, params: { nonce: '123' } + expect(response).to have_http_status(:found) + expect(response.has_header?('Location')).to be_truthy + expect(token).to be_truthy + + expect(token_contents['error']).to eq 'certificate.timeout' + expect(token_contents['nonce']).to eq '123' + end + end + + describe 'with a certificate ocsp error' do + before(:each) do + allow_any_instance_of(OCSPService).to receive(:make_http_request).and_raise(OpenSSL::OCSP::OCSPError) + end + + it 'returns a token as ocsp error' do + ca = CertificateAuthority.find_or_create_for_certificate( + Certificate.new(root_cert) + ) + + @request.headers['X-Client-Cert'] = CGI.escape(client_cert_pem) + expect(CertificateLoggerService).to receive(:log_certificate) + + get :create, params: { nonce: '123' } + expect(response).to have_http_status(:found) + expect(response.has_header?('Location')).to be_truthy + expect(token).to be_truthy + + expect(token_contents['error']).to eq 'certificate.ocsp_error' + expect(token_contents['nonce']).to eq '123' + end + end + describe 'a certificate signed by an unrecognized authority' do let(:other_root_cert_and_key) do create_root_certificate( @@ -258,6 +304,13 @@ expect(token_contents['nonce']).to eq '123' end end + + context 'when the nonce param is missing' do + it 'returns a bad request' do + get :create, params: {} + expect(response).to have_http_status(:bad_request) + end + end end end end From d63e385ad999b7f961d8b98ceff22e2d0c7a21ed Mon Sep 17 00:00:00 2001 From: Jonathan Hooper Date: Sun, 13 Dec 2020 16:38:27 -0500 Subject: [PATCH 05/11] Revert "Upgrade to Rails 6 (#173)" This reverts commit 854188c3105d52a142d180e6cf045bb3dfbaf8e6. --- Gemfile | 2 +- Gemfile.lock | 1248 +++++++++++++++++++++----------------------------- 2 files changed, 525 insertions(+), 725 deletions(-) diff --git a/Gemfile b/Gemfile index f94e14fcf..4b4472666 100644 --- a/Gemfile +++ b/Gemfile @@ -3,7 +3,7 @@ git_source(:github) { |repo_name| "https://github.com/#{repo_name}.git" } ruby '~> 2.6.5' -gem 'rails', '~> 6.0', '>= 6.0.3.4' +gem 'rails', '~> 5.2', '>= 5.2.4.4' gem 'activerecord-import', '>= 1.0.2' gem 'aws-sdk', require: false diff --git a/Gemfile.lock b/Gemfile.lock index f89db9031..71b6ce8dc 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,643 +1,521 @@ GIT remote: https://github.com/18F/identity-hostdata.git - revision: da013056e3a5ffcb46001a3f4fca21b80640838e + revision: b5587588601670f762bbc79f0f4a8468064d9401 branch: master specs: - identity-hostdata (0.4.1) + identity-hostdata (0.3.3) aws-sdk-s3 (~> 1.8) GEM remote: https://rubygems.org/ specs: - actioncable (6.0.3.4) - actionpack (= 6.0.3.4) + actioncable (5.2.4.4) + actionpack (= 5.2.4.4) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.0.3.4) - actionpack (= 6.0.3.4) - activejob (= 6.0.3.4) - activerecord (= 6.0.3.4) - activestorage (= 6.0.3.4) - activesupport (= 6.0.3.4) - mail (>= 2.7.1) - actionmailer (6.0.3.4) - actionpack (= 6.0.3.4) - actionview (= 6.0.3.4) - activejob (= 6.0.3.4) + actionmailer (5.2.4.4) + actionpack (= 5.2.4.4) + actionview (= 5.2.4.4) + activejob (= 5.2.4.4) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.0.3.4) - actionview (= 6.0.3.4) - activesupport (= 6.0.3.4) + actionpack (5.2.4.4) + actionview (= 5.2.4.4) + activesupport (= 5.2.4.4) rack (~> 2.0, >= 2.0.8) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.0.3.4) - actionpack (= 6.0.3.4) - activerecord (= 6.0.3.4) - activestorage (= 6.0.3.4) - activesupport (= 6.0.3.4) - nokogiri (>= 1.8.5) - actionview (6.0.3.4) - activesupport (= 6.0.3.4) + rails-html-sanitizer (~> 1.0, >= 1.0.2) + actionview (5.2.4.4) + activesupport (= 5.2.4.4) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.0.3.4) - activesupport (= 6.0.3.4) + rails-html-sanitizer (~> 1.0, >= 1.0.3) + activejob (5.2.4.4) + activesupport (= 5.2.4.4) globalid (>= 0.3.6) - activemodel (6.0.3.4) - activesupport (= 6.0.3.4) - activerecord (6.0.3.4) - activemodel (= 6.0.3.4) - activesupport (= 6.0.3.4) - activerecord-import (1.0.7) + activemodel (5.2.4.4) + activesupport (= 5.2.4.4) + activerecord (5.2.4.4) + activemodel (= 5.2.4.4) + activesupport (= 5.2.4.4) + arel (>= 9.0) + activerecord-import (1.0.4) activerecord (>= 3.2) - activestorage (6.0.3.4) - actionpack (= 6.0.3.4) - activejob (= 6.0.3.4) - activerecord (= 6.0.3.4) + activestorage (5.2.4.4) + actionpack (= 5.2.4.4) + activerecord (= 5.2.4.4) marcel (~> 0.3.1) - activesupport (6.0.3.4) + activesupport (5.2.4.4) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) - zeitwerk (~> 2.2, >= 2.2.2) - addressable (2.7.0) - public_suffix (>= 2.0.2, < 5.0) + addressable (2.6.0) + public_suffix (>= 2.0.2, < 4.0) + arel (9.0.0) ast (2.4.1) - aws-eventstream (1.1.0) - aws-partitions (1.396.0) + aws-eventstream (1.0.3) + aws-partitions (1.206.0) aws-sdk (3.0.1) aws-sdk-resources (~> 3) - aws-sdk-accessanalyzer (1.14.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-acm (1.25.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-acm (1.38.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-acmpca (1.20.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-acmpca (1.30.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-alexaforbusiness (1.30.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-alexaforbusiness (1.43.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-amplify (1.10.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-amplify (1.27.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-apigateway (1.34.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-apigateway (1.56.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-apigatewaymanagementapi (1.9.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-apigatewaymanagementapi (1.19.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-apigatewayv2 (1.13.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-apigatewayv2 (1.29.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-applicationautoscaling (1.29.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-appconfig (1.12.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-applicationdiscoveryservice (1.21.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-appflow (1.3.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-applicationinsights (1.3.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-applicationautoscaling (1.48.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-appmesh (1.15.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-applicationdiscoveryservice (1.33.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-appstream (1.35.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-applicationinsights (1.15.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-appsync (1.20.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-appmesh (1.32.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-athena (1.19.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-appregistry (1.0.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-autoscaling (1.28.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-appstream (1.48.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-autoscalingplans (1.18.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-appsync (1.37.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-backup (1.9.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-athena (1.33.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-batch (1.25.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-augmentedairuntime (1.10.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-budgets (1.25.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-autoscaling (1.50.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-chime (1.13.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-autoscalingplans (1.28.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-cloud9 (1.17.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-backup (1.25.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-clouddirectory (1.20.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-batch (1.40.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-cloudformation (1.25.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-braket (1.5.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-cloudfront (1.22.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-budgets (1.36.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-cloudhsm (1.18.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-chime (1.38.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-cloudhsmv2 (1.18.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-cloud9 (1.29.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-cloudsearch (1.15.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-clouddirectory (1.29.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-cloudsearchdomain (1.15.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-cloudformation (1.45.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-cloudtrail (1.17.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-cloudfront (1.46.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-cloudwatch (1.28.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-cloudhsm (1.27.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-cloudwatchevents (1.24.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-cloudhsmv2 (1.30.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-cloudwatchlogs (1.25.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-cloudsearch (1.26.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-codebuild (1.40.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-cloudsearchdomain (1.22.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-codecommit (1.28.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-cloudtrail (1.29.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-codedeploy (1.26.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-cloudwatch (1.46.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-codepipeline (1.23.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-cloudwatchevents (1.40.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-codestar (1.17.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-cloudwatchlogs (1.38.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-cognitoidentity (1.16.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-codeartifact (1.5.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-cognitoidentityprovider (1.25.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-codebuild (1.64.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-cognitosync (1.15.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-codecommit (1.40.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-comprehend (1.25.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-codedeploy (1.37.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-comprehendmedical (1.9.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-codeguruprofiler (1.12.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-configservice (1.35.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-codegurureviewer (1.13.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-connect (1.19.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-codepipeline (1.38.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-codestar (1.27.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-codestarconnections (1.11.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-codestarnotifications (1.8.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-cognitoidentity (1.27.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-cognitoidentityprovider (1.47.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-cognitosync (1.24.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-comprehend (1.41.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-comprehendmedical (1.23.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-computeoptimizer (1.9.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-configservice (1.53.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-connect (1.35.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-connectparticipant (1.8.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-core (3.109.3) - aws-eventstream (~> 1, >= 1.0.2) - aws-partitions (~> 1, >= 1.239.0) + aws-sdk-core (3.64.0) + aws-eventstream (~> 1.0, >= 1.0.2) + aws-partitions (~> 1.0) aws-sigv4 (~> 1.1) jmespath (~> 1.0) - aws-sdk-costandusagereportservice (1.28.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-costandusagereportservice (1.17.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-costexplorer (1.53.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-costexplorer (1.29.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-databasemigrationservice (1.47.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-databasemigrationservice (1.27.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-dataexchange (1.10.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-datapipeline (1.15.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-datapipeline (1.24.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-datasync (1.12.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-datasync (1.28.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-dax (1.17.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-dax (1.27.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-devicefarm (1.27.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-detective (1.11.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-directconnect (1.24.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-devicefarm (1.39.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-directoryservice (1.21.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-directconnect (1.37.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-dlm (1.18.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-directoryservice (1.35.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-docdb (1.10.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-dlm (1.36.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-dynamodb (1.34.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-docdb (1.26.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-dynamodbstreams (1.15.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-dynamodb (1.57.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-ec2 (1.106.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-dynamodbstreams (1.26.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-ec2instanceconnect (1.2.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-ebs (1.11.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-ecr (1.20.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-ec2 (1.210.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-ecs (1.46.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-ec2instanceconnect (1.11.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-efs (1.21.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-ecr (1.39.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-eks (1.24.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-ecs (1.71.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-elasticache (1.24.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-efs (1.36.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-elasticbeanstalk (1.25.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-eks (1.45.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-elasticloadbalancing (1.18.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-elasticache (1.46.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-elasticloadbalancingv2 (1.33.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-elasticbeanstalk (1.39.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-elasticsearchservice (1.26.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-elasticinference (1.10.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-elastictranscoder (1.17.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-elasticloadbalancing (1.29.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-emr (1.21.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-elasticloadbalancingv2 (1.56.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-eventbridge (1.1.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-elasticsearchservice (1.46.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-firehose (1.20.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-elastictranscoder (1.27.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-fms (1.18.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-emr (1.39.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-forecastqueryservice (1.0.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-eventbridge (1.18.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-forecastservice (1.0.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-firehose (1.35.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-fsx (1.11.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-fms (1.33.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-gamelift (1.23.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-forecastqueryservice (1.10.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-glacier (1.25.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-forecastservice (1.12.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-globalaccelerator (1.10.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-frauddetector (1.14.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-glue (1.43.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-fsx (1.32.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-greengrass (1.24.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-gamelift (1.38.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-groundstation (1.3.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-glacier (1.35.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-guardduty (1.23.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-globalaccelerator (1.25.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-health (1.19.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-glue (1.79.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-iam (1.29.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-gluedatabrew (1.0.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-greengrass (1.37.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-groundstation (1.15.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-guardduty (1.42.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-health (1.31.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-honeycode (1.3.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-iam (1.46.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-identitystore (1.3.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-imagebuilder (1.16.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-importexport (1.24.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-importexport (1.15.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv2 (~> 1.0) - aws-sdk-inspector (1.32.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-iot (1.62.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-iot1clickdevicesservice (1.26.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-iot1clickprojects (1.26.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-iotanalytics (1.35.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-inspector (1.22.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-iotdataplane (1.26.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-iot (1.37.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-iotevents (1.20.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-iot1clickdevicesservice (1.17.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-ioteventsdata (1.13.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-iot1clickprojects (1.17.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-iotjobsdataplane (1.25.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-iotanalytics (1.24.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-iotsecuretunneling (1.9.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-iotdataplane (1.15.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-iotsitewise (1.14.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-iotevents (1.4.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-iotthingsgraph (1.12.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-ioteventsdata (1.4.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-ivs (1.5.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-iotjobsdataplane (1.16.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-kafka (1.29.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-iotthingsgraph (1.3.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-kendra (1.18.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-kafka (1.12.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-kinesis (1.30.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-kinesis (1.19.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-kinesisanalytics (1.29.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-kinesisanalytics (1.19.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-kinesisanalyticsv2 (1.24.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-kinesisanalyticsv2 (1.10.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-kinesisvideo (1.30.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-kinesisvideo (1.19.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-kinesisvideoarchivedmedia (1.29.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-kinesisvideoarchivedmedia (1.18.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-kinesisvideomedia (1.26.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-kinesisvideomedia (1.17.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-kinesisvideosignalingchannels (1.8.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-kms (1.24.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-kms (1.39.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-lakeformation (1.0.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-lakeformation (1.11.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-lambda (1.29.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-lambda (1.53.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-lambdapreview (1.15.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-lambdapreview (1.24.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-lex (1.19.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-lex (1.33.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-lexmodelbuildingservice (1.21.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-lexmodelbuildingservice (1.41.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-licensemanager (1.9.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-licensemanager (1.20.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-lightsail (1.24.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-lightsail (1.40.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-machinelearning (1.16.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-machinelearning (1.25.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-macie (1.15.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-macie (1.25.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-managedblockchain (1.6.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-macie2 (1.17.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-marketplacecommerceanalytics (1.15.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-managedblockchain (1.17.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-marketplaceentitlementservice (1.15.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-marketplacecatalog (1.9.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-marketplacemetering (1.18.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-marketplacecommerceanalytics (1.30.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-mediaconnect (1.13.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-marketplaceentitlementservice (1.24.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-mediaconvert (1.34.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-marketplacemetering (1.32.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-medialive (1.36.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-mediaconnect (1.28.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-mediapackage (1.22.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-mediaconvert (1.59.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-mediapackagevod (1.5.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-medialive (1.60.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-mediastore (1.19.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-mediapackage (1.36.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-mediastoredata (1.18.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-mediapackagevod (1.19.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-mediatailor (1.20.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-mediastore (1.30.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-migrationhub (1.17.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-mediastoredata (1.27.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-mobile (1.15.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-mediatailor (1.33.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-mq (1.20.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-migrationhub (1.29.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-mturk (1.18.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-migrationhubconfig (1.9.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-neptune (1.18.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-mobile (1.24.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-opsworks (1.20.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-mq (1.34.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-opsworkscm (1.24.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-mturk (1.27.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-organizations (1.31.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-neptune (1.31.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-personalize (1.4.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-networkfirewall (1.0.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-personalizeevents (1.3.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-networkmanager (1.8.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-personalizeruntime (1.4.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-opsworks (1.30.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-pi (1.15.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-opsworkscm (1.40.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-pinpoint (1.27.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-organizations (1.55.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-pinpointemail (1.14.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-outposts (1.11.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-pinpointsmsvoice (1.12.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-personalize (1.19.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-polly (1.26.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-personalizeevents (1.14.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-pricing (1.15.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-personalizeruntime (1.19.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-quicksight (1.12.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-pi (1.24.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-ram (1.10.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-pinpoint (1.47.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-rds (1.64.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-pinpointemail (1.24.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-rdsdataservice (1.11.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-pinpointsmsvoice (1.21.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-redshift (1.31.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-polly (1.38.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-rekognition (1.30.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-pricing (1.24.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-resourcegroups (1.20.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-qldb (1.11.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-resourcegroupstaggingapi (1.17.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-qldbsession (1.9.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-quicksight (1.36.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-ram (1.22.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-rds (1.106.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-rdsdataservice (1.23.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-redshift (1.51.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-redshiftdataapiservice (1.2.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-rekognition (1.47.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-resourcegroups (1.32.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-resourcegroupstaggingapi (1.34.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-resources (3.87.0) - aws-sdk-accessanalyzer (~> 1) + aws-sdk-resources (3.52.0) aws-sdk-acm (~> 1) aws-sdk-acmpca (~> 1) aws-sdk-alexaforbusiness (~> 1) @@ -645,22 +523,17 @@ GEM aws-sdk-apigateway (~> 1) aws-sdk-apigatewaymanagementapi (~> 1) aws-sdk-apigatewayv2 (~> 1) - aws-sdk-appconfig (~> 1) - aws-sdk-appflow (~> 1) aws-sdk-applicationautoscaling (~> 1) aws-sdk-applicationdiscoveryservice (~> 1) aws-sdk-applicationinsights (~> 1) aws-sdk-appmesh (~> 1) - aws-sdk-appregistry (~> 1) aws-sdk-appstream (~> 1) aws-sdk-appsync (~> 1) aws-sdk-athena (~> 1) - aws-sdk-augmentedairuntime (~> 1) aws-sdk-autoscaling (~> 1) aws-sdk-autoscalingplans (~> 1) aws-sdk-backup (~> 1) aws-sdk-batch (~> 1) - aws-sdk-braket (~> 1) aws-sdk-budgets (~> 1) aws-sdk-chime (~> 1) aws-sdk-cloud9 (~> 1) @@ -675,33 +548,24 @@ GEM aws-sdk-cloudwatch (~> 1) aws-sdk-cloudwatchevents (~> 1) aws-sdk-cloudwatchlogs (~> 1) - aws-sdk-codeartifact (~> 1) aws-sdk-codebuild (~> 1) aws-sdk-codecommit (~> 1) aws-sdk-codedeploy (~> 1) - aws-sdk-codeguruprofiler (~> 1) - aws-sdk-codegurureviewer (~> 1) aws-sdk-codepipeline (~> 1) aws-sdk-codestar (~> 1) - aws-sdk-codestarconnections (~> 1) - aws-sdk-codestarnotifications (~> 1) aws-sdk-cognitoidentity (~> 1) aws-sdk-cognitoidentityprovider (~> 1) aws-sdk-cognitosync (~> 1) aws-sdk-comprehend (~> 1) aws-sdk-comprehendmedical (~> 1) - aws-sdk-computeoptimizer (~> 1) aws-sdk-configservice (~> 1) aws-sdk-connect (~> 1) - aws-sdk-connectparticipant (~> 1) aws-sdk-costandusagereportservice (~> 1) aws-sdk-costexplorer (~> 1) aws-sdk-databasemigrationservice (~> 1) - aws-sdk-dataexchange (~> 1) aws-sdk-datapipeline (~> 1) aws-sdk-datasync (~> 1) aws-sdk-dax (~> 1) - aws-sdk-detective (~> 1) aws-sdk-devicefarm (~> 1) aws-sdk-directconnect (~> 1) aws-sdk-directoryservice (~> 1) @@ -709,7 +573,6 @@ GEM aws-sdk-docdb (~> 1) aws-sdk-dynamodb (~> 1) aws-sdk-dynamodbstreams (~> 1) - aws-sdk-ebs (~> 1) aws-sdk-ec2 (~> 1) aws-sdk-ec2instanceconnect (~> 1) aws-sdk-ecr (~> 1) @@ -718,7 +581,6 @@ GEM aws-sdk-eks (~> 1) aws-sdk-elasticache (~> 1) aws-sdk-elasticbeanstalk (~> 1) - aws-sdk-elasticinference (~> 1) aws-sdk-elasticloadbalancing (~> 1) aws-sdk-elasticloadbalancingv2 (~> 1) aws-sdk-elasticsearchservice (~> 1) @@ -729,21 +591,16 @@ GEM aws-sdk-fms (~> 1) aws-sdk-forecastqueryservice (~> 1) aws-sdk-forecastservice (~> 1) - aws-sdk-frauddetector (~> 1) aws-sdk-fsx (~> 1) aws-sdk-gamelift (~> 1) aws-sdk-glacier (~> 1) aws-sdk-globalaccelerator (~> 1) aws-sdk-glue (~> 1) - aws-sdk-gluedatabrew (~> 1) aws-sdk-greengrass (~> 1) aws-sdk-groundstation (~> 1) aws-sdk-guardduty (~> 1) aws-sdk-health (~> 1) - aws-sdk-honeycode (~> 1) aws-sdk-iam (~> 1) - aws-sdk-identitystore (~> 1) - aws-sdk-imagebuilder (~> 1) aws-sdk-importexport (~> 1) aws-sdk-inspector (~> 1) aws-sdk-iot (~> 1) @@ -754,19 +611,14 @@ GEM aws-sdk-iotevents (~> 1) aws-sdk-ioteventsdata (~> 1) aws-sdk-iotjobsdataplane (~> 1) - aws-sdk-iotsecuretunneling (~> 1) - aws-sdk-iotsitewise (~> 1) aws-sdk-iotthingsgraph (~> 1) - aws-sdk-ivs (~> 1) aws-sdk-kafka (~> 1) - aws-sdk-kendra (~> 1) aws-sdk-kinesis (~> 1) aws-sdk-kinesisanalytics (~> 1) aws-sdk-kinesisanalyticsv2 (~> 1) aws-sdk-kinesisvideo (~> 1) aws-sdk-kinesisvideoarchivedmedia (~> 1) aws-sdk-kinesisvideomedia (~> 1) - aws-sdk-kinesisvideosignalingchannels (~> 1) aws-sdk-kms (~> 1) aws-sdk-lakeformation (~> 1) aws-sdk-lambda (~> 1) @@ -777,9 +629,7 @@ GEM aws-sdk-lightsail (~> 1) aws-sdk-machinelearning (~> 1) aws-sdk-macie (~> 1) - aws-sdk-macie2 (~> 1) aws-sdk-managedblockchain (~> 1) - aws-sdk-marketplacecatalog (~> 1) aws-sdk-marketplacecommerceanalytics (~> 1) aws-sdk-marketplaceentitlementservice (~> 1) aws-sdk-marketplacemetering (~> 1) @@ -792,17 +642,13 @@ GEM aws-sdk-mediastoredata (~> 1) aws-sdk-mediatailor (~> 1) aws-sdk-migrationhub (~> 1) - aws-sdk-migrationhubconfig (~> 1) aws-sdk-mobile (~> 1) aws-sdk-mq (~> 1) aws-sdk-mturk (~> 1) aws-sdk-neptune (~> 1) - aws-sdk-networkfirewall (~> 1) - aws-sdk-networkmanager (~> 1) aws-sdk-opsworks (~> 1) aws-sdk-opsworkscm (~> 1) aws-sdk-organizations (~> 1) - aws-sdk-outposts (~> 1) aws-sdk-personalize (~> 1) aws-sdk-personalizeevents (~> 1) aws-sdk-personalizeruntime (~> 1) @@ -812,14 +658,11 @@ GEM aws-sdk-pinpointsmsvoice (~> 1) aws-sdk-polly (~> 1) aws-sdk-pricing (~> 1) - aws-sdk-qldb (~> 1) - aws-sdk-qldbsession (~> 1) aws-sdk-quicksight (~> 1) aws-sdk-ram (~> 1) aws-sdk-rds (~> 1) aws-sdk-rdsdataservice (~> 1) aws-sdk-redshift (~> 1) - aws-sdk-redshiftdataapiservice (~> 1) aws-sdk-rekognition (~> 1) aws-sdk-resourcegroups (~> 1) aws-sdk-resourcegroupstaggingapi (~> 1) @@ -829,11 +672,8 @@ GEM aws-sdk-route53resolver (~> 1) aws-sdk-s3 (~> 1) aws-sdk-s3control (~> 1) - aws-sdk-s3outposts (~> 1) aws-sdk-sagemaker (~> 1) aws-sdk-sagemakerruntime (~> 1) - aws-sdk-savingsplans (~> 1) - aws-sdk-schemas (~> 1) aws-sdk-secretsmanager (~> 1) aws-sdk-securityhub (~> 1) aws-sdk-serverlessapplicationrepository (~> 1) @@ -841,7 +681,6 @@ GEM aws-sdk-servicediscovery (~> 1) aws-sdk-servicequotas (~> 1) aws-sdk-ses (~> 1) - aws-sdk-sesv2 (~> 1) aws-sdk-shield (~> 1) aws-sdk-signer (~> 1) aws-sdk-simpledb (~> 1) @@ -850,183 +689,143 @@ GEM aws-sdk-sns (~> 1) aws-sdk-sqs (~> 1) aws-sdk-ssm (~> 1) - aws-sdk-ssoadmin (~> 1) - aws-sdk-ssooidc (~> 1) aws-sdk-states (~> 1) aws-sdk-storagegateway (~> 1) aws-sdk-support (~> 1) aws-sdk-swf (~> 1) - aws-sdk-synthetics (~> 1) aws-sdk-textract (~> 1) - aws-sdk-timestreamquery (~> 1) - aws-sdk-timestreamwrite (~> 1) aws-sdk-transcribeservice (~> 1) aws-sdk-transcribestreamingservice (~> 1) aws-sdk-transfer (~> 1) aws-sdk-translate (~> 1) aws-sdk-waf (~> 1) aws-sdk-wafregional (~> 1) - aws-sdk-wafv2 (~> 1) aws-sdk-workdocs (~> 1) aws-sdk-worklink (~> 1) aws-sdk-workmail (~> 1) - aws-sdk-workmailmessageflow (~> 1) aws-sdk-workspaces (~> 1) aws-sdk-xray (~> 1) - aws-sdk-robomaker (1.31.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-robomaker (1.14.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-route53 (1.44.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-route53 (1.29.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-route53domains (1.28.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-route53domains (1.17.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-route53resolver (1.21.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-route53resolver (1.10.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-s3 (1.84.1) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-s3 (1.46.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sdk-kms (~> 1) aws-sigv4 (~> 1.1) - aws-sdk-s3control (1.25.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-s3outposts (1.0.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-sagemaker (1.72.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-sagemakerruntime (1.27.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-s3control (1.12.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-savingsplans (1.12.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-sagemaker (1.43.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-schemas (1.10.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-sagemakerruntime (1.16.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-secretsmanager (1.43.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-secretsmanager (1.31.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-securityhub (1.35.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-securityhub (1.13.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-serverlessapplicationrepository (1.32.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-serverlessapplicationrepository (1.21.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-servicecatalog (1.55.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-servicecatalog (1.32.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-servicediscovery (1.31.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-servicediscovery (1.18.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-servicequotas (1.11.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-servicequotas (1.2.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-ses (1.36.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-ses (1.25.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-sesv2 (1.14.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-shield (1.20.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-shield (1.33.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-signer (1.15.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-signer (1.26.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-simpledb (1.24.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-simpledb (1.15.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv2 (~> 1.0) - aws-sdk-sms (1.27.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-snowball (1.35.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-sns (1.36.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-sqs (1.34.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-ssm (1.98.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-ssoadmin (1.3.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-sms (1.16.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-ssooidc (1.8.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-snowball (1.20.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-states (1.36.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-sns (1.19.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-storagegateway (1.52.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-sqs (1.21.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-support (1.28.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-ssm (1.55.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-swf (1.25.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-states (1.20.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-synthetics (1.10.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-storagegateway (1.31.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-textract (1.22.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-support (1.15.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-timestreamquery (1.1.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-swf (1.16.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-timestreamwrite (1.1.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-textract (1.10.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-transcribeservice (1.50.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-transcribeservice (1.27.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-transcribestreamingservice (1.23.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-transcribestreamingservice (1.8.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-transfer (1.28.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-transfer (1.13.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-translate (1.28.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-translate (1.17.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-waf (1.36.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-waf (1.24.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-wafregional (1.37.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-wafregional (1.25.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-wafv2 (1.14.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-workdocs (1.18.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-workdocs (1.28.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-worklink (1.11.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-worklink (1.21.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-workmail (1.18.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-workmail (1.33.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-workspaces (1.27.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-workmailmessageflow (1.9.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-workspaces (1.48.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-xray (1.35.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-xray (1.20.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) aws-sigv2 (1.0.1) - aws-sigv4 (1.2.2) - aws-eventstream (~> 1, >= 1.0.2) + aws-sigv4 (1.1.0) + aws-eventstream (~> 1.0, >= 1.0.2) axe-matchers (1.3.4) dumb_delegator (~> 0.8) virtus (~> 1.0) @@ -1034,8 +833,8 @@ GEM descendants_tracker (~> 0.0.4) ice_nine (~> 0.11.0) thread_safe (~> 0.3, >= 0.3.1) - benchmark-ips (2.8.3) - better_errors (2.9.1) + benchmark-ips (2.8.2) + better_errors (2.7.1) coderay (>= 1.0.0) erubi (>= 1.0.0) rack (>= 0.9.0) @@ -1043,7 +842,7 @@ GEM debug_inspector (>= 0.0.1) bloomfilter-rb (2.1.1) redis - brakeman (4.10.0) + brakeman (4.6.1) builder (3.2.4) bullet (6.1.0) activesupport (>= 3.0.0) @@ -1051,8 +850,9 @@ GEM bummr (0.5.0) rainbow thor - byebug (11.1.3) - childprocess (4.0.0) + byebug (11.0.1) + childprocess (0.9.0) + ffi (~> 1.0, >= 1.0.11) choice (0.2.0) codeclimate-test-reporter (1.0.9) simplecov (<= 0.13) @@ -1061,49 +861,52 @@ GEM descendants_tracker (~> 0.0.1) colorize (0.8.1) concurrent-ruby (1.1.7) - crack (0.4.4) + crack (0.4.3) + safe_yaml (~> 1.0.0) crass (1.0.6) daemons (1.3.1) - database_cleaner (1.8.5) + database_cleaner (1.7.0) debug_inspector (0.0.3) derailed (0.1.0) derailed_benchmarks - derailed_benchmarks (1.8.1) + derailed_benchmarks (1.7.0) benchmark-ips (~> 2) get_process_mem (~> 0) heapy (~> 0) memory_profiler (~> 0) - mini_histogram (>= 0.2.1) + mini_histogram (~> 0) rack (>= 1) rake (> 10, < 14) ruby-statistics (>= 2.1) thor (>= 0.19, < 2) + unicode_plot (>= 0.0.4, < 1.0.0) descendants_tracker (0.0.4) thread_safe (~> 0.3, >= 0.3.1) diff-lcs (1.4.4) docile (1.1.5) - dumb_delegator (0.8.1) + dumb_delegator (0.8.0) + enumerable-statistics (2.0.1) equalizer (0.0.11) - erubi (1.10.0) + erubi (1.9.0) eventmachine (1.2.7) factory_bot (6.1.0) activesupport (>= 5.0.0) factory_bot_rails (6.1.0) factory_bot (~> 6.1.0) railties (>= 5.0.0) - fakefs (1.2.2) - fasterer (0.8.3) + fakefs (0.20.1) + fasterer (0.8.1) colorize (~> 0.7) ruby_parser (>= 3.14.1) ffi (1.13.1) - figaro (1.2.0) - thor (>= 0.14.0, < 2) + figaro (1.1.1) + thor (~> 0.14) formatador (0.2.5) - get_process_mem (0.2.7) + get_process_mem (0.2.5) ffi (~> 1.0) globalid (0.4.2) activesupport (>= 4.2.0) - guard (2.16.2) + guard (2.15.0) formatador (>= 0.2.4) listen (>= 2.7, < 4.0) lumberjack (>= 1.0.12, < 2.0) @@ -1117,81 +920,80 @@ GEM guard (~> 2.1) guard-compat (~> 1.1) rspec (>= 2.99.0, < 4.0) - hashdiff (1.0.1) + hashdiff (1.0.0) health_check (3.0.0) railties (>= 5.0) - heapy (0.2.0) - thor + heapy (0.1.4) i18n (1.8.5) concurrent-ruby (~> 1.0) ice_nine (0.11.2) - iniparse (1.5.0) + iniparse (1.4.4) + jaro_winkler (1.5.4) jmespath (1.4.0) - json (2.3.1) + json (2.3.0) lazy_priority_queue (0.1.1) - listen (3.3.1) - rb-fsevent (~> 0.10, >= 0.10.3) - rb-inotify (~> 0.9, >= 0.9.10) + listen (3.1.5) + rb-fsevent (~> 0.9, >= 0.9.4) + rb-inotify (~> 0.9, >= 0.9.7) + ruby_dep (~> 1.2) loofah (2.7.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) - lumberjack (1.2.8) + lumberjack (1.0.13) mail (2.7.1) mini_mime (>= 0.1.1) marcel (0.3.3) mimemagic (~> 0.3.2) memory_profiler (0.9.14) - method_source (1.0.0) + method_source (0.9.2) mimemagic (0.3.5) mini_cache (1.1.0) - mini_histogram (0.3.1) + mini_histogram (0.1.3) mini_mime (1.0.2) mini_portile2 (2.4.0) minitest (5.14.2) nenv (0.3.0) - newrelic_rpm (6.13.1) - nio4r (2.5.4) + newrelic_rpm (6.5.0.357) + nio4r (2.5.3) nokogiri (1.10.10) mini_portile2 (~> 2.4.0) notiffany (0.1.3) nenv (~> 0.1) shellany (~> 0.0) - overcommit (0.57.0) - childprocess (>= 0.6.3, < 5) + overcommit (0.47.0) + childprocess (~> 0.6, >= 0.6.3) iniparse (~> 1.4) - parallel (1.20.0) - parser (2.7.2.0) - ast (~> 2.4.1) - pg (1.2.3) - pry (0.13.1) - coderay (~> 1.1) - method_source (~> 1.0) - pry-byebug (3.9.0) + parallel (1.19.1) + parser (2.6.5.0) + ast (~> 2.4.0) + pg (1.1.4) + pry (0.12.2) + coderay (~> 1.1.0) + method_source (~> 0.9.0) + pry-byebug (3.7.0) byebug (~> 11.0) - pry (~> 0.13.0) + pry (~> 0.10) pry-rails (0.3.9) pry (>= 0.10.4) - public_suffix (4.0.6) + public_suffix (3.1.1) puma (3.12.6) rack (2.2.3) - rack-mini-profiler (2.2.0) + rack-mini-profiler (2.0.2) rack (>= 1.2.0) rack-test (1.1.0) rack (>= 1.0, < 3) - rails (6.0.3.4) - actioncable (= 6.0.3.4) - actionmailbox (= 6.0.3.4) - actionmailer (= 6.0.3.4) - actionpack (= 6.0.3.4) - actiontext (= 6.0.3.4) - actionview (= 6.0.3.4) - activejob (= 6.0.3.4) - activemodel (= 6.0.3.4) - activerecord (= 6.0.3.4) - activestorage (= 6.0.3.4) - activesupport (= 6.0.3.4) + rails (5.2.4.4) + actioncable (= 5.2.4.4) + actionmailer (= 5.2.4.4) + actionpack (= 5.2.4.4) + actionview (= 5.2.4.4) + activejob (= 5.2.4.4) + activemodel (= 5.2.4.4) + activerecord (= 5.2.4.4) + activestorage (= 5.2.4.4) + activesupport (= 5.2.4.4) bundler (>= 1.3.0) - railties (= 6.0.3.4) + railties (= 5.2.4.4) sprockets-rails (>= 2.0.0) rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) @@ -1207,66 +1009,63 @@ GEM ruby-graphviz (~> 1.2) rails-html-sanitizer (1.3.0) loofah (~> 2.3) - railties (6.0.3.4) - actionpack (= 6.0.3.4) - activesupport (= 6.0.3.4) + railties (5.2.4.4) + actionpack (= 5.2.4.4) + activesupport (= 5.2.4.4) method_source rake (>= 0.8.7) - thor (>= 0.20.3, < 2.0) + thor (>= 0.19.0, < 2.0) rainbow (3.0.0) rake (13.0.1) - rb-fsevent (0.10.4) - rb-inotify (0.10.1) + rb-fsevent (0.10.3) + rb-inotify (0.10.0) ffi (~> 1.0) - redis (4.2.4) - regexp_parser (1.8.2) + redis (4.1.2) rexml (3.2.4) rgl (0.5.6) lazy_priority_queue (~> 0.1.0) stream (~> 0.5.2) - rspec (3.10.0) - rspec-core (~> 3.10.0) - rspec-expectations (~> 3.10.0) - rspec-mocks (~> 3.10.0) - rspec-core (3.10.0) - rspec-support (~> 3.10.0) - rspec-expectations (3.10.0) + rspec (3.8.0) + rspec-core (~> 3.8.0) + rspec-expectations (~> 3.8.0) + rspec-mocks (~> 3.8.0) + rspec-core (3.8.2) + rspec-support (~> 3.8.0) + rspec-expectations (3.8.6) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.10.0) - rspec-mocks (3.10.0) + rspec-support (~> 3.8.0) + rspec-mocks (3.8.2) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.10.0) - rspec-rails (4.0.1) - actionpack (>= 4.2) - activesupport (>= 4.2) - railties (>= 4.2) - rspec-core (~> 3.9) - rspec-expectations (~> 3.9) - rspec-mocks (~> 3.9) - rspec-support (~> 3.9) - rspec-support (3.10.0) - rubocop (1.3.1) + rspec-support (~> 3.8.0) + rspec-rails (3.8.3) + actionpack (>= 3.0) + activesupport (>= 3.0) + railties (>= 3.0) + rspec-core (~> 3.8.0) + rspec-expectations (~> 3.8.0) + rspec-mocks (~> 3.8.0) + rspec-support (~> 3.8.0) + rspec-support (3.8.3) + rubocop (0.78.0) + jaro_winkler (~> 1.5.1) parallel (~> 1.10) - parser (>= 2.7.1.5) + parser (>= 2.6) rainbow (>= 2.2.2, < 4.0) - regexp_parser (>= 1.8) - rexml - rubocop-ast (>= 1.1.1) ruby-progressbar (~> 1.7) - unicode-display_width (>= 1.4.0, < 2.0) - rubocop-ast (1.1.1) - parser (>= 2.7.1.5) - rubocop-rails (2.8.1) - activesupport (>= 4.2.0) + unicode-display_width (>= 1.4.0, < 1.7) + rubocop-rails (2.5.2) + activesupport rack (>= 1.1) - rubocop (>= 0.87.0) + rubocop (>= 0.72.0) ruby-graphviz (1.2.5) rexml ruby-progressbar (1.10.1) ruby-statistics (2.1.2) - ruby_parser (3.15.0) + ruby_dep (1.5.0) + ruby_parser (3.14.1) sexp_processor (~> 4.9) - sexp_processor (4.15.1) + safe_yaml (1.0.5) + sexp_processor (4.13.0) shellany (0.0.1) shoulda-matchers (3.1.3) activesupport (>= 4.0.0) @@ -1278,35 +1077,36 @@ GEM sprockets (4.0.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (3.2.2) + sprockets-rails (3.2.1) actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) stream (0.5.2) - thin (1.8.0) + thin (1.7.2) daemons (~> 1.0, >= 1.0.9) eventmachine (~> 1.0, >= 1.0.4) rack (>= 1, < 3) - thor (1.0.1) + thor (0.20.3) thread_safe (0.3.6) - timecop (0.9.2) - tzinfo (1.2.8) + timecop (0.9.1) + tzinfo (1.2.7) thread_safe (~> 0.1) - unicode-display_width (1.7.0) + unicode-display_width (1.6.1) + unicode_plot (0.0.4) + enumerable-statistics (>= 2.0.1) uniform_notifier (1.13.0) virtus (1.0.5) axiom-types (~> 0.1) coercible (~> 1.0) descendants_tracker (~> 0.0, >= 0.0.3) equalizer (~> 0.0, >= 0.0.9) - webmock (3.10.0) + webmock (3.6.2) addressable (>= 2.3.6) crack (>= 0.3.2) hashdiff (>= 0.4.0, < 2.0.0) websocket-driver (0.7.3) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) - zeitwerk (2.4.1) zonebie (0.6.1) PLATFORMS @@ -1340,7 +1140,7 @@ DEPENDENCIES pry-rails puma (~> 3.12, >= 3.12.6) rack-mini-profiler (>= 1.0.2) - rails (~> 6.0, >= 6.0.3.4) + rails (~> 5.2, >= 5.2.4.4) rails-controller-testing (>= 1.0.4) rails-erd (>= 1.6.0) rgl @@ -1359,4 +1159,4 @@ RUBY VERSION ruby 2.6.5p114 BUNDLED WITH - 2.0.2 + 1.17.3 From d9f68a386a36f554e6aa17fa4dd69258f85121b5 Mon Sep 17 00:00:00 2001 From: Mitchell Henke Date: Wed, 10 Feb 2021 09:01:25 -0600 Subject: [PATCH 06/11] Merge Rails 6 --- Gemfile | 2 +- Gemfile.lock | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile b/Gemfile index e936879c3..fa750433f 100644 --- a/Gemfile +++ b/Gemfile @@ -3,7 +3,7 @@ git_source(:github) { |repo_name| "https://github.com/#{repo_name}.git" } ruby '~> 2.6.5' -gem 'rails', '~> 5.2', '>= 5.2.4.4' +gem 'rails', '~> 6.0', '>= 6.0.3.4' gem 'activerecord-import', '>= 1.0.2' gem 'aws-sdk', require: false diff --git a/Gemfile.lock b/Gemfile.lock index f34ee089d..c4ab17a11 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1361,4 +1361,4 @@ RUBY VERSION ruby 2.6.5p114 BUNDLED WITH - 2.1.4 \ No newline at end of file + 2.1.4 From fb992bb3661278b36fd1bb92abcbc7a33845fcd1 Mon Sep 17 00:00:00 2001 From: Mitchell Henke Date: Mon, 17 May 2021 15:59:16 -0500 Subject: [PATCH 07/11] Deploy RC 20 to Prod (#232) * Update hostdata version to support imdsv2 (#229) * Use identity-hostdata v3.2.0 Co-authored-by: Zach Margolis * Bump rexml from 3.2.4 to 3.2.5 (#230) Bumps [rexml](https://github.com/ruby/rexml) from 3.2.4 to 3.2.5. - [Release notes](https://github.com/ruby/rexml/releases) - [Changelog](https://github.com/ruby/rexml/blob/master/NEWS.md) - [Commits](https://github.com/ruby/rexml/compare/v3.2.4...v3.2.5) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * do not enforce case insensitive uniqueness for piv_cac uuid or dn_signature (#231) * do not enforce case insensitive uniqueness for piv_cac uuid or dn_signature * update rails Co-authored-by: Brian Crissup Co-authored-by: Zach Margolis Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile | 2 +- Gemfile.lock | 120 ++++++++++++++++++------------------ app/models/piv_cac.rb | 4 +- spec/models/piv_cac_spec.rb | 4 +- 4 files changed, 65 insertions(+), 65 deletions(-) diff --git a/Gemfile b/Gemfile index 2e5cef853..5ac18fcd5 100644 --- a/Gemfile +++ b/Gemfile @@ -9,7 +9,7 @@ gem 'activerecord-import', '>= 1.0.2' gem 'aws-sdk', require: false gem 'bloomfilter-rb' gem 'health_check', '>= 3.0.0' -gem 'identity-hostdata', github: '18F/identity-hostdata', tag: 'v3.1.0' +gem 'identity-hostdata', github: '18F/identity-hostdata', tag: 'v3.2.0' gem 'identity-logging', github: '18F/identity-logging', tag: 'v0.1.0' gem 'mini_cache' gem 'newrelic_rpm' diff --git a/Gemfile.lock b/Gemfile.lock index 0e8a1d093..a582c99b8 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,9 +1,9 @@ GIT remote: https://github.com/18F/identity-hostdata.git - revision: 4f978b9f2e573e99f54c69869846c7aae983c4ae - tag: v3.1.0 + revision: 0583a0a5abd9052c8c95d96c821f9564c04e82c4 + tag: v3.2.0 specs: - identity-hostdata (3.1.0) + identity-hostdata (3.2.0) activesupport (~> 6.1) aws-sdk-s3 (~> 1.8) @@ -19,62 +19,62 @@ GIT GEM remote: https://rubygems.org/ specs: - actioncable (6.1.3.1) - actionpack (= 6.1.3.1) - activesupport (= 6.1.3.1) + actioncable (6.1.3.2) + actionpack (= 6.1.3.2) + activesupport (= 6.1.3.2) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.1.3.1) - actionpack (= 6.1.3.1) - activejob (= 6.1.3.1) - activerecord (= 6.1.3.1) - activestorage (= 6.1.3.1) - activesupport (= 6.1.3.1) + actionmailbox (6.1.3.2) + actionpack (= 6.1.3.2) + activejob (= 6.1.3.2) + activerecord (= 6.1.3.2) + activestorage (= 6.1.3.2) + activesupport (= 6.1.3.2) mail (>= 2.7.1) - actionmailer (6.1.3.1) - actionpack (= 6.1.3.1) - actionview (= 6.1.3.1) - activejob (= 6.1.3.1) - activesupport (= 6.1.3.1) + actionmailer (6.1.3.2) + actionpack (= 6.1.3.2) + actionview (= 6.1.3.2) + activejob (= 6.1.3.2) + activesupport (= 6.1.3.2) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.1.3.1) - actionview (= 6.1.3.1) - activesupport (= 6.1.3.1) + actionpack (6.1.3.2) + actionview (= 6.1.3.2) + activesupport (= 6.1.3.2) rack (~> 2.0, >= 2.0.9) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.3.1) - actionpack (= 6.1.3.1) - activerecord (= 6.1.3.1) - activestorage (= 6.1.3.1) - activesupport (= 6.1.3.1) + actiontext (6.1.3.2) + actionpack (= 6.1.3.2) + activerecord (= 6.1.3.2) + activestorage (= 6.1.3.2) + activesupport (= 6.1.3.2) nokogiri (>= 1.8.5) - actionview (6.1.3.1) - activesupport (= 6.1.3.1) + actionview (6.1.3.2) + activesupport (= 6.1.3.2) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.1.3.1) - activesupport (= 6.1.3.1) + activejob (6.1.3.2) + activesupport (= 6.1.3.2) globalid (>= 0.3.6) - activemodel (6.1.3.1) - activesupport (= 6.1.3.1) - activerecord (6.1.3.1) - activemodel (= 6.1.3.1) - activesupport (= 6.1.3.1) + activemodel (6.1.3.2) + activesupport (= 6.1.3.2) + activerecord (6.1.3.2) + activemodel (= 6.1.3.2) + activesupport (= 6.1.3.2) activerecord-import (1.0.8) activerecord (>= 3.2) - activestorage (6.1.3.1) - actionpack (= 6.1.3.1) - activejob (= 6.1.3.1) - activerecord (= 6.1.3.1) - activesupport (= 6.1.3.1) + activestorage (6.1.3.2) + actionpack (= 6.1.3.2) + activejob (= 6.1.3.2) + activerecord (= 6.1.3.2) + activesupport (= 6.1.3.2) marcel (~> 1.0.0) mini_mime (~> 1.0.2) - activesupport (6.1.3.1) + activesupport (6.1.3.2) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) @@ -1149,7 +1149,7 @@ GEM activesupport (>= 4) railties (>= 4) request_store (~> 1.0) - loofah (2.9.0) + loofah (2.9.1) crass (~> 1.0.2) nokogiri (>= 1.5.9) lumberjack (1.2.8) @@ -1161,12 +1161,12 @@ GEM mini_cache (1.1.0) mini_histogram (0.3.1) mini_mime (1.0.3) - mini_portile2 (2.5.0) + mini_portile2 (2.5.1) minitest (5.14.4) nenv (0.3.0) newrelic_rpm (6.13.1) nio4r (2.5.7) - nokogiri (1.11.2) + nokogiri (1.11.3) mini_portile2 (~> 2.5.0) racc (~> 1.4) notiffany (0.1.3) @@ -1195,20 +1195,20 @@ GEM rack (>= 1.2.0) rack-test (1.1.0) rack (>= 1.0, < 3) - rails (6.1.3.1) - actioncable (= 6.1.3.1) - actionmailbox (= 6.1.3.1) - actionmailer (= 6.1.3.1) - actionpack (= 6.1.3.1) - actiontext (= 6.1.3.1) - actionview (= 6.1.3.1) - activejob (= 6.1.3.1) - activemodel (= 6.1.3.1) - activerecord (= 6.1.3.1) - activestorage (= 6.1.3.1) - activesupport (= 6.1.3.1) + rails (6.1.3.2) + actioncable (= 6.1.3.2) + actionmailbox (= 6.1.3.2) + actionmailer (= 6.1.3.2) + actionpack (= 6.1.3.2) + actiontext (= 6.1.3.2) + actionview (= 6.1.3.2) + activejob (= 6.1.3.2) + activemodel (= 6.1.3.2) + activerecord (= 6.1.3.2) + activestorage (= 6.1.3.2) + activesupport (= 6.1.3.2) bundler (>= 1.15.0) - railties (= 6.1.3.1) + railties (= 6.1.3.2) sprockets-rails (>= 2.0.0) rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) @@ -1224,9 +1224,9 @@ GEM ruby-graphviz (~> 1.2) rails-html-sanitizer (1.3.0) loofah (~> 2.3) - railties (6.1.3.1) - actionpack (= 6.1.3.1) - activesupport (= 6.1.3.1) + railties (6.1.3.2) + actionpack (= 6.1.3.2) + activesupport (= 6.1.3.2) method_source rake (>= 0.8.7) thor (~> 1.0) @@ -1240,7 +1240,7 @@ GEM regexp_parser (1.8.2) request_store (1.5.0) rack (>= 1.4) - rexml (3.2.4) + rexml (3.2.5) rgl (0.5.6) lazy_priority_queue (~> 0.1.0) stream (~> 0.5.2) diff --git a/app/models/piv_cac.rb b/app/models/piv_cac.rb index 550f8e164..5a71f8335 100644 --- a/app/models/piv_cac.rb +++ b/app/models/piv_cac.rb @@ -7,8 +7,8 @@ class PivCac < ApplicationRecord before_validation :create_uuid, on: :create - validates :dn_signature, presence: true, uniqueness: { case_sensitive: false } - validates :uuid, presence: true, uniqueness: { case_sensitive: false } + validates :dn_signature, presence: true, uniqueness: true + validates :uuid, presence: true, uniqueness: true def dn=(raw) self.dn_signature = PivCac.make_dn_signature(raw) diff --git a/spec/models/piv_cac_spec.rb b/spec/models/piv_cac_spec.rb index ccef9d534..3871d718b 100644 --- a/spec/models/piv_cac_spec.rb +++ b/spec/models/piv_cac_spec.rb @@ -5,9 +5,9 @@ subject { piv_cac } it { is_expected.to validate_presence_of :uuid } - it { is_expected.to validate_uniqueness_of(:uuid).case_insensitive } + it { is_expected.to validate_uniqueness_of(:uuid) } it { is_expected.to validate_presence_of :dn_signature } - it { is_expected.to validate_uniqueness_of(:dn_signature).case_insensitive } + it { is_expected.to validate_uniqueness_of(:dn_signature) } describe '#find_or_create_by' do it 'returns nil when dn is not provided' do From 62e373cc092b1cf4fa9400e0e4e76f4985577d6c Mon Sep 17 00:00:00 2001 From: Zach Margolis Date: Mon, 3 Jan 2022 12:20:01 -0800 Subject: [PATCH 08/11] Revert "Merge pull request #265 from 18F/stages/rc-2022-01-03" This reverts commit 50db54ad4e4fef98c0350428f36f1c955f7afb2d, reversing changes made to c0615882950132434bc19af3f15cebad2a277c5d. --- config/application.yml.default | 2 ++ ..., OU=DoD, OU=PKI, CN=DOD DERILITY CA-1.pem | 30 +++++++++++++++++ ...nt, OU=DoD, OU=PKI, CN=DOD EMAIL CA-49.pem | 30 +++++++++++++++++ ...nt, OU=DoD, OU=PKI, CN=DOD EMAIL CA-50.pem | 30 +++++++++++++++++ ...nt, OU=DoD, OU=PKI, CN=DOD EMAIL CA-51.pem | 30 +++++++++++++++++ ...nt, OU=DoD, OU=PKI, CN=DOD EMAIL CA-52.pem | 30 +++++++++++++++++ ...nt, OU=DoD, OU=PKI, CN=DOD EMAIL CA-59.pem | 30 +++++++++++++++++ ...nt, OU=DoD, OU=PKI, CN=DOD EMAIL CA-62.pem | 30 +++++++++++++++++ ...nt, OU=DoD, OU=PKI, CN=DOD EMAIL CA-63.pem | 30 +++++++++++++++++ ...nt, OU=DoD, OU=PKI, CN=DOD EMAIL CA-64.pem | 30 +++++++++++++++++ ...nt, OU=DoD, OU=PKI, CN=DOD EMAIL CA-65.pem | 30 +++++++++++++++++ ...nment, OU=DoD, OU=PKI, CN=DOD ID CA-49.pem | 30 +++++++++++++++++ ...nment, OU=DoD, OU=PKI, CN=DOD ID CA-50.pem | 30 +++++++++++++++++ ...nment, OU=DoD, OU=PKI, CN=DOD ID CA-51.pem | 30 +++++++++++++++++ ...nment, OU=DoD, OU=PKI, CN=DOD ID CA-52.pem | 30 +++++++++++++++++ ...nment, OU=DoD, OU=PKI, CN=DOD ID CA-59.pem | 30 +++++++++++++++++ ...nment, OU=DoD, OU=PKI, CN=DOD ID CA-62.pem | 30 +++++++++++++++++ ...nment, OU=DoD, OU=PKI, CN=DOD ID CA-63.pem | 30 +++++++++++++++++ ...nment, OU=DoD, OU=PKI, CN=DOD ID CA-64.pem | 30 +++++++++++++++++ ...nment, OU=DoD, OU=PKI, CN=DOD ID CA-65.pem | 30 +++++++++++++++++ ...nt, OU=DoD, OU=PKI, CN=DOD ID SW CA-45.pem | 30 +++++++++++++++++ ...nt, OU=DoD, OU=PKI, CN=DOD ID SW CA-46.pem | 30 +++++++++++++++++ ...nment, OU=DoD, OU=PKI, CN=DOD SW CA-53.pem | 29 +++++++++++++++++ ...nment, OU=DoD, OU=PKI, CN=DOD SW CA-54.pem | 29 +++++++++++++++++ ...nment, OU=DoD, OU=PKI, CN=DOD SW CA-60.pem | 29 +++++++++++++++++ ...nment, OU=DoD, OU=PKI, CN=DOD SW CA-66.pem | 29 +++++++++++++++++ ...nment, OU=DoD, OU=PKI, CN=DOD SW CA-67.pem | 29 +++++++++++++++++ ...ment, OU=DoD, OU=PKI, CN=DoD Root CA 3.pem | 32 +++++++++++++++++++ 28 files changed, 809 insertions(+) create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD DERILITY CA-1.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-49.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-50.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-51.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-52.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-59.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-62.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-63.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-64.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-65.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-49.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-50.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-51.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-52.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-59.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-62.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-63.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-64.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-65.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID SW CA-45.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID SW CA-46.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-53.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-54.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-60.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-66.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-67.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DoD Root CA 3.pem diff --git a/config/application.yml.default b/config/application.yml.default index 1d86529b4..9fbd174c0 100644 --- a/config/application.yml.default +++ b/config/application.yml.default @@ -41,10 +41,12 @@ trusted_ca_root_identifiers: "\ # DoD root identifiers: # 49:74:BB:0C:5E:BA:7A:FE:02:54:EF:7B:A0:C6:95:C6:09:80:70:96 - DoD Root CA 2 +# 6C:8A:94:A2:77:B1:80:72:1D:81:7A:16:AA:F2:DC:CE:66:EE:45:C0 - DoD Root CA 3 # BD:C1:B9:6B:4D:F4:1D:EC:30:90:BF:62:73:C0:84:33:F2:71:24:85 - DoD Root CA 4 dod_root_identifiers: "\ 49:74:BB:0C:5E:BA:7A:FE:02:54:EF:7B:A0:C6:95:C6:09:80:70:96,\ + 6C:8A:94:A2:77:B1:80:72:1D:81:7A:16:AA:F2:DC:CE:66:EE:45:C0,\ BD:C1:B9:6B:4D:F4:1D:EC:30:90:BF:62:73:C0:84:33:F2:71:24:85" required_policies: | diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD DERILITY CA-1.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD DERILITY CA-1.pem new file mode 100644 index 000000000..692dd277f --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD DERILITY CA-1.pem @@ -0,0 +1,30 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD DERILITY CA-1 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEsDCCA5igAwIBAgICBMIwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMjEwMTE5MTQ1NTM3WhcN +MjcwMTIwMTQ1NTM3WjBfMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEaMBgGA1UEAxMRRE9E +IERFUklMSVRZIENBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDU ++oux8F1k37D9HStMm9I+r6EUj8qssrcvCwAzwAMX6dC29KzikC5gbzYCB3Y5Bf+b +ui+mBdNbzo7kgDq+VBIZn4WqM6thlb7JQgvlejt2eJByfVcVoKfYf26Sa62qbKcd +Q3O2S8pC+Hdbwo2dbubNOui5BLxW/gzW6pS/VkJgwn1IdT3WrHTK4wsH5h7j372O +kE5D5XbkM/aSjiWobyGnP4aHhIMurV7heZ3c0SK2AGrtWfaM6JjK4UW8at0p3kWr +2c5kNoXKe7AMAWFIXmYHzT9WMYiQwn2eBw2kvgwXJsaQ3KHea9+7xbtv6EZLf/uf +nd4Ayxhy+3IBiE3bzcPnAgMBAAGjggF4MIIBdDAfBgNVHSMEGDAWgBRsipSid7GA +ch2Behaq8tzOZu5FwDAdBgNVHQ4EFgQUCIk6zhO8HPI6LZgxC6n+OHn9giIwDgYD +VR0PAQH/BAQDAgGGMFkGA1UdIARSMFAwCwYJYIZIAWUCAQskMAsGCWCGSAFlAgEL +JzALBglghkgBZQIBCyowCwYJYIZIAWUCAQs7MAwGCmCGSAFlAwIBAygwDAYKYIZI +AWUDAgEDKTASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOAAQAwNwYDVR0f +BDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9EUk9PVENBMy5j +cmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8vY3JsLmRpc2Eu +bWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUFBzABhhRodHRw +Oi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEAkAjLcFmNd6APpZXi +vYvo//JoFo680eLc2dCYOx48VHzI1M00mMov69uitCBRZSqVeI9NmlIGQBhLAfea +QxSd3XxIdbUsYul5/vylbUZpKTBQ03A8t76pOtPPzksG8aBfYx+SzXwqzpAbz396 +BVtRErX5yDOPK3+LBy+Eq+0Nh6h0CkPmSKBMAHLVZL2Nqe5MIRFn/FlKJEbtpTEq +FELs8KtqM6X5uLKGPUhjGOeLBijzYxF+nd1GM9kRiyw5v7j06jrVTuIVwcSQPcsX +pHNtbzW/Tx2dRfHn0w8WkSQdDvwSTuo1pWOYBo6yJhRwSm3/4rmawxlp3p8lXuiB +SlUDxA== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-49.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-49.pem new file mode 100644 index 000000000..badcb806d --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-49.pem @@ -0,0 +1,30 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-49 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEvDCCA6SgAwIBAgICASMwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0MzE0WhcN +MjIxMTIzMTM0MzE0WjBdMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEYMBYGA1UEAwwPRE9E +IEVNQUlMIENBLTQ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAus23 +xtOAbfLxPh+OS8U3N/c7ZsnTNZGki6KjnEg4EVHnUKwBB1pWLeQbZTVp01dHWlxR +KyvANnk+8ozM8tucowx0q6fo5J/YteD9qHFAoWjJQpRB6Hvn2vvHvUbu7iAY5Pel +0B6A0NN/lKW26tTlim6NkV1MuCcvpCGrwH0f2TOCzkDf7IPqQDvLWOjPQP9nmNMG +nS+qCvF5F0iGFXTH1NDeI8EPvKMBQE+LgJ4PAF8eFdDo0mDE6iLfPAIXBzfYUdFk +MS3eVpJOWPzOEYeRLcWQkORvczfxN0obxSH3TGoBLB3ubELOoiqgsTF7rLKE1Kyz +Wrao15uoYf29O9jatQIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHId +gXoWqvLczmbuRcAwHQYDVR0OBBYEFGlEHxqVTqUaf4g6zHsSOSwfzxoxMA4GA1Ud +DwEB/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycw +CwYJYIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFl +AwIBAxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQF +MAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwv +RE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRw +Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsG +AQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEA +XDNkaD2Gwe4ZoWklwvAvveoOYK5s8fJbjZOjI2V1tZjIP5edw8YSvLDGTqsaDlao +28hCVhoOU0+V234p0CAGKNKID6WCR46s7uAALaaWfd4aHDzf20qYsnMrl0eKCv6F +sUtKBkIYJBjxpoaIpudRCnSmQkxweKzCGCtjWCT2MGSJro2Q0eQWTDxnJX9/v8z7 +dZ8ddZO1zgoU1xnAx9LxdrVl6H2VcB17z6t2d5TqSLM/OnuSHT7LWqYbVJERf38D +U0WSQ7VOp2x1SkInJqpewvi+0rl/yh97UoDZuS/GUkVIMFbpJkbcadiEGBINErRl +R5vQZDesBpGqUxNYuIIJbA== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-50.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-50.pem new file mode 100644 index 000000000..ac55c5b9a --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-50.pem @@ -0,0 +1,30 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-50 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEvDCCA6SgAwIBAgICASQwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0NTAwWhcN +MjIxMTIzMTM0NTAwWjBdMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEYMBYGA1UEAwwPRE9E +IEVNQUlMIENBLTUwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAorU5 +fwMKXKwK4SrttozvWb8Zx9g+7pGrzD+cbaZbISrTvNTi9MhDYASMo23nzG/ShHQM +c0qCc10AVUqpAfwRhm9FbphD3r30SWKQsrKeObBW63iMeB6gfhg/+zScvkJxlqj6 +x5cHglMCFQfdqjgmjtcuWIGr7cDf1WQJLGfCz6ilKH/H2no0a3AyoFEAglrUyhC5 +n0IVsmyrWY4Hy9A/0xe84hl+68cJfB4VD+8A+YrUqEgspiqzocvzcuN/GNdeD9Lw +XPqylqnF8SN0HYoHmjbimscIn86wCxARO0siWZ7hStrcbkb+cgFoY5aScdldUkni +YI2cmRy0C5jv+wAfXwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHId +gXoWqvLczmbuRcAwHQYDVR0OBBYEFGUKe10mGzDKLdz81nPHHsF/BIzIMA4GA1Ud +DwEB/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycw +CwYJYIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFl +AwIBAxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQF +MAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwv +RE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRw +Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsG +AQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEA +VnLKwRdYBaPnEONJnTpHoC4znIQMHBsEpQbR8P5j49IXtHRjCpl5PKRIwuAc+Ff3 +ixM3jv/G+LBi26G0ZNGZ4iI11rJ3TLxUqHT12/WXTuS91jePA/f3WIHkGBEFeRs+ +wiROXSAveyMAt1ThK9Bil7BYlLmpgfci7eiKHC6OlA7VZo4OrS03VZTlaaBaU5Te ++tX8XYQ7Kllh9LreXZ2Cks14oNBlS4vzOcZOpw1bamaEbIA13IsGyY/kF7LqSPW2 +b7Jy628ObLeU3a+0lm+nIkjH25FDvtfxD9+2qQHEpRaRclskwIGTmA/Tg/YrrS2Z +am9RD+6E/tsgIIlQE09NEA== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-51.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-51.pem new file mode 100644 index 000000000..97629f711 --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-51.pem @@ -0,0 +1,30 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-51 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEvDCCA6SgAwIBAgICASUwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0NjQ5WhcN +MjIxMTIzMTM0NjQ5WjBdMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEYMBYGA1UEAwwPRE9E +IEVNQUlMIENBLTUxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnw7P +Taj5UGSMi8whxGpPsoChGMjVQRk1Fzp9J/mPjx/oXc2MwMahK3xpE3YB86q/SeH1 +Cv5hc9Pa99HtSF/RaHAo3frFoPnRNoPDLj6ihPGmEWwMKywUgOCnTQcGSlNqR0es +tYrMTxti9bKE3uc0hgWibZYlukiGYg0UygYPS4+afMtzaBljiUWeQFrmCaEgeG3B +UvX/zgNdSqtG9KX1LjqtNZB91hIDrRUNohX5xSLxPMpojC5d391u/0GfAEXeKyAy +bPN8BdVjqJ7FlyueVKUgIAB/t/k6NO3lKEiC+QsrhrwaFI3Yme9JfRsZU8/Yhv0L +wKeJhoz3552oT0e4PwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHId +gXoWqvLczmbuRcAwHQYDVR0OBBYEFDXvECJsuhIPvcJNGeTOfY8FV1w0MA4GA1Ud +DwEB/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycw +CwYJYIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFl +AwIBAxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQF +MAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwv +RE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRw +Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsG +AQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEA +Y2UKHMi98mslNJ9qUBT8ZNGKim+nYkfLfBgdP136smJYYDcwUOXwHt3b1aOy4sXI +0BkNNS6tO5fdvZ7W4/zYFouIVnImaa8hjDiJNoAi5dYKDxkB8iOWYlAP8TZwpKNy +sbGh4EQHWWQ8wDuFcdA5/9ElnxpQ/JJzSgUOHhtGm8vrEQmmJKW0FvbGXhGydHx2 +I5GtDvGHqlpF8GFIAA5HNAaw1s5De2StEYCTS/y95naqZafCxYG62cGbHir8dp0U +KQOUQt88tTh0TAqzcLKz1OJIoIkbfpzV6XiXuL0VSob+W0peZeqTVq+w7nWP1cNr +44ligwwVjeF04L3sZKA54w== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-52.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-52.pem new file mode 100644 index 000000000..dbe07dfcf --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-52.pem @@ -0,0 +1,30 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-52 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEvDCCA6SgAwIBAgICASYwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0NzI4WhcN +MjIxMTIzMTM0NzI4WjBdMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEYMBYGA1UEAwwPRE9E +IEVNQUlMIENBLTUyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw4pb +qFZ5LPm9gcWT24lCj8yLQHYdzntTWgMqPVyveG88rA+bXiAWO6zWUsjPlYQHfxiN +qTZemKgK8OUkVQA4oiQ59EzcNiRsZp1hy7nvDpFcW/0WJzHY5M84ThI57zRH20Ac +iNw1DB7XmR5yJFKTFusipWgsqwWRTtpJlLGJXhTHyG6aNxP6HEXbTLAM4x/0LM9Z +Q2yYihUufgtJYGeLapNb1pPLsPVchhJOQjLFyp3Kx9W1xfjUFftE9FQAwCBJHyC7 +tFMk6DlITy4s7ptst1nNbPYdzGmiix/P7+I702Yn8H3YbmhFD3d+fkhCXqsjio0y +0wWFDaa6vmm3RqF1GQIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHId +gXoWqvLczmbuRcAwHQYDVR0OBBYEFOlmDFyb4lpKsgM2NP18yab4qwc5MA4GA1Ud +DwEB/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycw +CwYJYIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFl +AwIBAxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQF +MAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwv +RE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRw +Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsG +AQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEA +dYEfuTkBoJLwzyIZ/lrxB3ECCes2zWMLe1RsRrQ3QUhkeLcqxxwG1z+UbbmWkrSS +JS0Q1XeLRiT7P1x+ycs1Gvoy5V4CFOryb5eNaDpOclJdXOiRjOGvS0wSeSLGnT/d +lRPrQZcoEm+DFvtSMasu/zR8DnaepKpWLvyFXwvoimvsQVvz4tOS2o4u400KLPBo +MQbTwpDmk39wxf4Aq4m8hznf2BhAy20YH6jY08gXg0pNDVh4CZIxyF2gmE0TDXPv +sx77lxYKW3Bx0ZxHIcfBKifjSiTrGlLeEP9LfEQdpCjJqhG/3BFy6flzwJDEHqHH +swhN9DCJn+3xTeq25PUXPg== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-59.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-59.pem new file mode 100644 index 000000000..6e7a3bed9 --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-59.pem @@ -0,0 +1,30 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-59 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEvDCCA6SgAwIBAgICAwQwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTkwNDAyMTMzNzI1WhcN +MjUwNDAyMTMzNzI1WjBdMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEYMBYGA1UEAxMPRE9E +IEVNQUlMIENBLTU5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwI2I +/xPsPkPeK6/VctAEs89py3igMCuNCUdlcOP/LouzD4fYcNkIMhxs9BHKHU6T5QRN +u9BEzvg6WQQ64BiQn+k6Q58WElvl0OrVH5oh13mudjXf6gNCIMgDLWmrXbG5TiwG +hxdXQKTBNKrayxykzJ4I0nzjrj2tf1jY0uamTWCPWzGceHvtpckqJ8TcqZT36tZ7 +BYOD/kqBqKkLLxL1ZJVFCK9OZGACsmqByKcPiIn3cTom0cuDwwMxMqjOsSWu9GjQ +RKqYMorElGwULIiBcg3+fb3oBjV8iyR2CWNhCDMEWVfD1y5nd9LpOsg+IUdZe2Y4 +W6xov3oLh/BDN6mPLwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHId +gXoWqvLczmbuRcAwHQYDVR0OBBYEFHcUQaZdlSbQHf+VO2KM6re1XTuSMA4GA1Ud +DwEB/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycw +CwYJYIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFl +AwIBAxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQF +MAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwv +RE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRw +Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsG +AQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEA +TcvN12U8mLuGAdHNyUjTgFzmJWMnM8UKXrvNMlhWMv5IIz4BJEm/B9rXj25FSt1j +gNlLhH0RXZVZeh2UUWcGelgNDuG0YYSkGJCAqcOjSkgSu6w9vjgN50YqlDp984ul +auf6ZNtCpeilrDd5KQKtOXKnJ4gHhQzL2M7mDonHX/n8cYKkm3bGdJgYlyfukGQi +nnsG7K7Z+Fy3VBw7GzfyneMOzYL3ccqLlycthwdRluCC1xwAYqVJ+1u1Ob114fYs +vN4t0IFNN5B8JS7ZhFeXwrPVRPGBttxoTZ4m4q/NwaJlyvIjhT7gaVu26MrQN9t2 +vY21E6kLlBE/cTfmLh6e9A== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-62.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-62.pem new file mode 100644 index 000000000..ae80b82fd --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-62.pem @@ -0,0 +1,30 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-62 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEvDCCA6SgAwIBAgICBV0wDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMjEwNjA4MTM1MTM4WhcN +MjcwNjA5MTM1MTM4WjBdMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEYMBYGA1UEAxMPRE9E +IEVNQUlMIENBLTYyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtelD +jabqJkL0EnJlJ1CTLkrQoDs1TiB164u5Wi5fj300mgkDxFF9hXxwRcoCHfAS/Br3 +oHAm7sTowUidd5PugwFo9moZYhsl8k25s2oYmyKOkDVq+8hfNjUvatTs1HqF7W8A +Aar1qOVeTM5lJKJg+/3svf9fb3ZUl2LjJF+McRT0c7wd2WlsCVoTUu7kbCNS9B9+ +VlDXRrR7WAK3fLCXNcI2RVoDfFFjtdekqV+otL+IMPxCQwORnOklx2GBnM3wldq5 +U8hNw+ebpp20aRv71gK4fZ4AqKPZJ/HLZmB/tzxXubUvrmpswyjy/T3wJXVK0I1N +/ytrQE2DNYrBeNV2zQIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHId +gXoWqvLczmbuRcAwHQYDVR0OBBYEFM3F5uPkJReXcLqqk+K5vkGjkivnMA4GA1Ud +DwEB/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycw +CwYJYIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFl +AwIBAxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQF +MAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwv +RE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRw +Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsG +AQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEA +SF8g2dpY+b+ozXWCtP7fjnL+Tcukwj4Wbc+SrNL2I7DUUayNqwuOLj4a4I7sDL9F +lrFul69WuV8PiFBbKTV913PpkFFP1NhXDdBkcBFrXnt0UMAU9yvaUCyTcr7ikUEH +wVEeE70FQy7Dx23aZf9XSOzcMuSmIo2N8P2OdU3VdKLhOabdR2JlvEMqXEihTn81 +ABzGae0tDXVsmnykPUIClsLjHNjUBSqF76TuZv5foLJAKOo1xeDrjRajawjBsN0M +nZPRC6X+eodQgzNuTpcscspsVuBnOsInkBZd4RXm9PuPjSH77hB8an7bPrWaufE+ +e45aFpkQzFArjrFNz/R/4Q== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-63.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-63.pem new file mode 100644 index 000000000..0204f1d18 --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-63.pem @@ -0,0 +1,30 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-63 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEvDCCA6SgAwIBAgICBUgwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMjEwNjAxMTQwMjIxWhcN +MjcwNjAyMTQwMjIxWjBdMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEYMBYGA1UEAxMPRE9E +IEVNQUlMIENBLTYzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7GFm +nf9Dhw3p6lGHhZTUTr9rNWyihovYscqV6qFF6floDLD70Wizru84tvMGosp1PkWt +KU/ObjvqQjhjdvppaDHYxmUxCHIt0lGhnmkfzTbtjLANTG+Lm7PArrW6osRGsMV7 +jRhgLStj+52QgCkQNAqbqTB4o3OQSQd6Akn9YrWpbuVFl/ZY0B/4By/Xg0qvd90d +EgwKw9FPe1O/KRyjea0zow6mDqeS7ZdwSgbAHfbQNahk6QzYRAY/J0pUQ4TDAgFe +8tCHL3h4JdwAdBP5zL2sfE9FoZV4xbjk6eP/S7riQw5aXJmsZHLqFX/wSUVCaPTk +iGan8Dpo5b28VE0GjwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHId +gXoWqvLczmbuRcAwHQYDVR0OBBYEFE0xrVHWTld+Z2kzJQN+ximl3brzMA4GA1Ud +DwEB/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycw +CwYJYIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFl +AwIBAxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQF +MAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwv +RE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRw +Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsG +AQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEA +QS+92B7pNsK55GuIAZV+h42MR0dTfiidbgldvXxPtLUBh2Ab0EqRbboXw4s/mxDG +85vN9Qke4/v30MtHa9i9IwyzFDq5GfCC7ygi2RKOGShmVxE5gBrzF8Ok0O4BS8i5 +8+Q7wJywx5pC7TgrtziP0zMKw7QVYHYqeRsu0lTLIEu76HAWRdZwVPcz3Kph0bRH +zFrJ2ZIDfVzn1EG8qosPWN2vzBE633eBfm9VWobMR4Uxs7ZiFzJFRDy/ai5DGJ1j +fxVglI8q1YD4UU0/yaeMVgaGwoCx9sb+q5XCXEn9MV2dbmVf4D+jVm12xYYd146M +G6vK43wgw7eLa6LNYNCF1g== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-64.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-64.pem new file mode 100644 index 000000000..905054b1e --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-64.pem @@ -0,0 +1,30 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-64 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEvDCCA6SgAwIBAgICBUkwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMjEwNjAxMTQwNTE5WhcN +MjcwNjAyMTQwNTE5WjBdMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEYMBYGA1UEAxMPRE9E +IEVNQUlMIENBLTY0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz084 +CMrLDnhLu2b3yBkRp4B03zV4O7pAVqDz8Q4zOWehm6kJs60Q2dXXzuXk0Jx70aFd +k4I8k84SSfCzvMhSz3SvrTK14yjCFVhlVgyQcST5WvnXwMMH4npGg/ZG8eNYxdYD ++JLLNeZPlZEdGwMHq9Ue6LuNVQP3d2FMRJahUZ0eP786zBeI8bebSG/7WBZSz/RI +2fwLg9Rv9aKjmy/j5ZZ3pi7GcezdVgcClNqhrFg96t46GXM6R7i8rgFEECXj9NiW +JllqveM0nV8Ty5q8yP5M52Y0Eyo9Xy7EPa5fA4v7TbM6dYCny4SYUTG+8qDx39vR +7RF5IoRrXniIyWWsuQIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHId +gXoWqvLczmbuRcAwHQYDVR0OBBYEFIuQfSHrvBoVe8KwTn5zUcgOtty2MA4GA1Ud +DwEB/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycw +CwYJYIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFl +AwIBAxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQF +MAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwv +RE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRw +Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsG +AQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEA +ixpW3FOdC8mBhMVhIVrMeIDgMzDHtI/0TVsfFUwASajibCl51loMCvy9MN0zlWKF +/ae4yzmnzk+TT+KCksF2iClCmuk5Ikz1OUOJvtP4osZEo8gHsvM9IOYc+pGqCCwj +AN1AKunjJzC48fe1I03Y6B2ts497pia3Tn/Dkkg0MKICdJuT9+oFSrqHu1tnuoti +VBMY6Lk4tLqfRhWIUDmhkEa0GLjvmx3m6kytA+SNmI0kUHFW1FeZvNBgnjrEY2SM +HlW1pTJsObYjfiicDIPuqJu633MKEaQgQRukOLEfV0CSEt7PLaVcD/JLjuHGttwd +0019mApk8G9z4Le8G22i4w== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-65.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-65.pem new file mode 100644 index 000000000..b73707044 --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-65.pem @@ -0,0 +1,30 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-65 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEvDCCA6SgAwIBAgICBV4wDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMjEwNjA4MTM1NTI2WhcN +MjcwNjA5MTM1NTI2WjBdMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEYMBYGA1UEAxMPRE9E +IEVNQUlMIENBLTY1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmfoi +70QEnrxvxQL4sWn9qcloOqVve/7q7mebsN6uUJpdUPabQrN+N144LME2pQzelq5n +6QuX5Sl10DfFoyXEPTaz8/2bQqzlVzMfWDRDgi6IJl7R327HZi1xXLxieDy5jJLw +SL9UBtljD4MBUNFmk7Ug3VV7U30sFFBDLMaix5KTwdl/5BsUXhtlZjlhw5HKFXE0 +SDtVkCLkYMzdGpQd9sGNxTf7c3j0xd7GhBPdlBGG5JHsR9DWr3dfm3+KPzD9+GK0 +KViESzWLiGGhT/1EXePNzjs2S0cpNJwGAWjU4pQpDKnj4ehNs4GSXz4MUaefn7cC +UJvxQc0erx3dI7tNtwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHId +gXoWqvLczmbuRcAwHQYDVR0OBBYEFJi2NAob7QSaUwqKBXP6QmfNEGa2MA4GA1Ud +DwEB/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycw +CwYJYIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFl +AwIBAxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQF +MAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwv +RE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRw +Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsG +AQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEA +Fg38R0SkiBIPthRzFDUWLbkUI0fpQ4S60LiM5fNAkApMw8rXzDHkErQGbz4EjnZY +DIpqINdGlkjheLK9gIEsXXKfQ4LjpagBJd8xNPF1LZq0SW49YY5mD/Zol8DOmRVe +wJh+ns9FThJZ+QAGqaFL26vf+xCNz+rdMZ9zXVvSGnh63bM82Sl5GnQ1Z4TNBRCM +VhlDnPZ7+nygeq98BXVTDI4F7PaUdaZSk0ZCbztBcj+4Sq86jx0EOFA1BPyTRGru +1Qu0IIeCr4AP7Of2SOaqRQPBV2k//HWVZ/R1BKjgfLzWwueVLTZRkNhmYere4Mt7 +7Jlk9Ls1gI1VGp3JiQdfFg== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-49.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-49.pem new file mode 100644 index 000000000..d0002c3bc --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-49.pem @@ -0,0 +1,30 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-49 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEuTCCA6GgAwIBAgICAScwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0ODE1WhcN +MjIxMTIzMTM0ODE1WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E +IElEIENBLTQ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2EngKIwP +Cl9+dsIByO2uONNLKhpnFypBAE+LM8+kekt4/HG6StaU/fmqFTRiVI0Uh+td9BWe +8NXOYrhQRo6FVSxBkLtWZX8Px2IHxiqQ1lnrZK9UlCo8h3MPpiN8VEjH2bP/WSa0 +oZEWzEDKLB5tSKerddc+QL2uEHb+Gfym6i+5qPOLXjV00FY24FdNOyHaRjQTM/Lf +sjWoFItHTKp5B9QogdKnyg+WkAARYtbd1nqtDXv6Fph5HaT39SEnRhc+lkrRDpDY +c+HAU6Xywik+stgv2yFk1MhFpF5/rndEwMLIST0+lSpahJKGmYtg1VKcnDcq5CER +C31gl6Yr7ffjAwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW +qvLczmbuRcAwHQYDVR0OBBYEFNhnk8pG3MmVppSzBBicziU6lhxNMA4GA1UdDwEB +/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ +YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB +AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA +AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E +Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v +Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF +BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEATmfP +QPkolF5PB0fS/9DrngX0tmdSwlidBtrkY6vL/V7IMKqJk7r+hHW6k9+nxijHFj6Y +J1+4ElpH/PwWPsqwVIshQxECvJKfo3OfN3a8Mn6Hog5kXJl5dMb0vJOpWQ9UhmG2 +m9UUZ9847wSlbW0vMHL0puuTso0365vilPO5JkapEXcFXdc3LDxXW8BR5NHyaN3V +mvfD/qAqe4BiBx2+WAxsolTJQ5IMjG5tIN7WE6VJdUAm6EIgbuFfvG1KiWQJLHkL +XdTvwdUTqX9JQYswfvoCwvHRh+I2mZX+/iH5HKLcaxqW8b9JnHCtfMSBZqLdI3nG +IBw48tRul8lbrg0mJw== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-50.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-50.pem new file mode 100644 index 000000000..3ec32dfea --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-50.pem @@ -0,0 +1,30 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-50 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEuTCCA6GgAwIBAgICASgwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0ODQ3WhcN +MjIxMTIzMTM0ODQ3WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E +IElEIENBLTUwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy1ncM1bN +JJHiu1Bh5jQ8r+Y1L2pvw+6YDLGE71z5gquBqisOC6XLKffKdBSF2U55vvp0m5J8 +WdF5DSfyfdAJ7S1HlzFYVW+0KjGLELKV5tWZh/aXu8V85ZaaYkvJeeEU5cIYWLKK +RAr1iygwnslhy1Kb7xhYV7gLYc29Wm1EgZiJ2Xm9M11FIauo40EXmQFniz4FLE/S +4JB1lbYiP1jGa4zJrdnec1k65tZk/K4hdi2diS+9mEUz3PWrzNqjrHKxFocnh9qS +NGqJfyfXxXgKTrZw2UG83IxHKvIpMPodX4SYUwRm5HRbrG6c1Fx12NC2go16w3dD +ilH+aUduTNpmFQIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW +qvLczmbuRcAwHQYDVR0OBBYEFDYuUt50qp7sux+T0b62ULXGaQv5MA4GA1UdDwEB +/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ +YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB +AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA +AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E +Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v +Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF +BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEAbAli +o7+gWX5YytmPMD9ic+aX2s0NaSdSauFYmb6khtN0CCocIqTI/TyfRJTjhI6wRNoa +ckcjVa5H3EOp4vOrtLN4TxbhNqdE+IHafWE4/btDstI5PrA2hlFZb1zvM5EQC8u0 +BZQ/DqyShOjypvxldvol6UGjys7wecPxt3cBJC7uroY+nqfxHnOIxRFoJGdC7pSm +f90/uDcX87oCbK/FrzJBO+/V2lGHiByC7ahcP59a4Xd69lHSMtRWquclAyBEy1Mx +p7Bx/v5kCpv14JE6SBlYEwhFrTt4aT49FQEQ9aJFKRv7j20sS/6wxPzGx24HE0Gb +XwusK9jo5skGLLUC3g== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-51.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-51.pem new file mode 100644 index 000000000..a0b406554 --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-51.pem @@ -0,0 +1,30 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-51 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEuTCCA6GgAwIBAgICASkwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0OTI3WhcN +MjIxMTIzMTM0OTI3WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E +IElEIENBLTUxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjjtDs/iL +TIf25t9SGGMP49gCFIYXcEtvTtc/vh+Cghf7qVwiNvUYCaGMq5q7F/pgL5xsw6Bn +iCMau2bZtLfl5xnMk2VMl2GRwUayHQ/0lyteeKid6fa8sfnlyNLh8lvPuHqQFJZX +5vpfAC24NDQCrr8YIkkNRyxJihCpj8HHYuzTplDRIpMljahhAWCsQkUqlq/5Lite +XHYA/+EnT2hspkitSU+FUIWo0FKK95oo+i2uXX8x3cXWEUCXoR23Slk5NrGTwAsf +TUd16xWA1acvksunx8eK3uOVCV02Q0sldVN19NaGm8lpoBfbtiNz3lo/j1VT558q +35LmOYWI6KzSTwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW +qvLczmbuRcAwHQYDVR0OBBYEFJ2kwVzT+WZxSaiEIwO24a8pdy2uMA4GA1UdDwEB +/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ +YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB +AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA +AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E +Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v +Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF +BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEAigQ4 +aOduTUCpDvC0ue0B0GV49B0aek8HXWKc10bPb1iUCQL2DT4aIf0u+yQqrzVpTw/x +5mVPRn2Zi2iEV5A8PsN4dReF3lblQSrSVvKFw7cq66Z8ab2ijXjpAMTJCUIOir8w +KoOV03cnVcaW0VDTH+gOslXnm95kPqdfbxJMh06Q00XfvWfRjfnB9D8ZDXbytM5X +mkZRyuUvWY+DKyJUy1HAuardaFpgA5WowjeQm9sAvx72LzaS7zmv+hxOliGXYOn7 +gbJATcT+zt1Ffwa9M19FjoQDSzWihW8P5cFRt6xVEwZHeD8VG++jcQfAujwX0v7U +hFKu8gxm3wlNXOalzA== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-52.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-52.pem new file mode 100644 index 000000000..caff9d9ef --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-52.pem @@ -0,0 +1,30 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-52 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEuTCCA6GgAwIBAgICASowDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0OTU3WhcN +MjIxMTIzMTM0OTU3WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E +IElEIENBLTUyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAltzcMp2O +02t+fwd7rTlugoKqYF8eo/3M+JVdppPAHTiJVaVt0JSeM4xyZsKNoPBoFW/yshnx +lRv/LyNx0VBbn+4mJ7Ea1U4FBPxCSZ68VYqKdV64UMhndawVBJM3Oy8Y3ZxPldTD +f9ApCg4dZXSEiSnShO8YuphrNbYAd6YrdUn1IhDAhw90VTU3GMLru4vx60vFHscW +eZHpHfET8AsClbAyqu65bsa1+o0XvGLQy2GTMzEVaR1NhYVWKRSwgqW57gbE8pV+ +63WYNwi8XIr/2TaJ5GvgBVCbgJWAwsSfFTz21ZqOou0d5xYu79iIIue5DEoRW1bm +qserHNG7gsMvHwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW +qvLczmbuRcAwHQYDVR0OBBYEFJroUayRVNeUmgRI+iJ5/8bV7oYrMA4GA1UdDwEB +/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ +YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB +AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA +AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E +Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v +Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF +BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEAkxvd +sbOh2zGZCsj3nu9fHEMClJVtK4kJzPJZPi44gdSn+U8X5lbtT0kxsRrqCAZntlgQ +mp+DxnQClr35fjao3wF79nQaIOP2789a9VWZgyJfPrV2KLsxAH4/oOd2ZYdUtHfC +lbfZwbpxFulBqPWxysKQOx3XC/3LszCR0YFqbV/c5hBRB1A4sWBlF8KRGQyKdAyc +K7PrLcSMnLq04ugd5MfYWuJjJx/USNNWlil/LzqyCFzxPp4nGBB8y8s2LcZyvofh +HIBN9qxl3+EXcJyeyqyNiVZcgJi+DLSmBCckb2J6lN9tbGWV02WK+8OiAiZ31CfJ +/sezZ58EZayGYS031Q== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-59.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-59.pem new file mode 100644 index 000000000..a13d7e2cb --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-59.pem @@ -0,0 +1,30 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-59 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEuTCCA6GgAwIBAgICAwUwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTkwNDAyMTMzODMyWhcN +MjUwNDAyMTMzODMyWjBaMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEVMBMGA1UEAxMMRE9E +IElEIENBLTU5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzBeEny3B +CletEU01Vz8kRy8cD2OWvbtwMTyunFaShu+kIk6g5VRsnvbhK3Ho61MBmlGJc1pL +SONGBhpbpyr2l2eONAzmi8c8917V7BpnJZvYj66qGRmY4FXX6UZQ6GdALKKedJKr +MQfU8LmcBJ/LGcJ0F4635QocGs9UoFS5hLgVyflDTC/6x8EPbi/JXk6N6iod5JIA +xNp6qW/5ZBvhiuMo19oYX5LuUy9B6W7cA0cRygvYcwKKYK+cIdBoxAj34yw2HJI8 +RQt490QPGClZhz0WYFuNSnUJgTHsdh2VNEn2AEe2zYhPFNlCu3gSmOSp5vxpZWbM +IQ8cTv4pRWG47wIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW +qvLczmbuRcAwHQYDVR0OBBYEFHUJphUTroc8+nOUAPLw9Xm5snIUMA4GA1UdDwEB +/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ +YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB +AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA +AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E +Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v +Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF +BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEAOQUb +0g6nPvWoc1cJ5gkhxSyGA3bQKu8HnKbg+vvMpMFEwo2p30RdYHGvA/3GGtrlhxBq +AcOqeYF5TcXZ4+Fa9CbKE/AgloCuTjEYt2/0iaSvdw7y9Vqk7jyT9H1lFIAQHHN3 +TEwN1nr7HEWVkkg41GXFxU01UHfR7vgqTTz+3zZL2iCqADVDspna0W5pF6yMla6g +n4u0TmWu2SeqBpctvdcfSFXkzQBZGT1aD/W2Fv00KwoQgB2l2eiVk56mEjN/MeI5 +Kp4n57mpREsHutP4XnLQ01ZN2qgn+844JRrzPQ0pazPYiSl4PeI2FUItErA6Ob/D +PF0ba2y3k4dFkUTApw== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-62.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-62.pem new file mode 100644 index 000000000..2812e8ccf --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-62.pem @@ -0,0 +1,30 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-62 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEuTCCA6GgAwIBAgICBUowDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMjEwNjAxMTQwNzMxWhcN +MjcwNjAyMTQwNzMxWjBaMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEVMBMGA1UEAxMMRE9E +IElEIENBLTYyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwNbqJeQ ++d89t/E7vLSYF7ivkWMG6g8d0y7EbV7yd8r8suoNsfF/aKeApZbwumJ+ja4pbggt +OqLolW/GyyJdAzhtEBOIBXMK4CEAcTTrAX40xKiKCFoY5X/ss0jiOwVDptHmvQeC +UlG0oAR5/tgkGOpRdjBdYxEWkXIkQxE1mPpQZ56Vmbtr9onsnKjTr1ufmJaaquPr +M3eXnwU8KOJmdpgO1sSLsIxy8JFedyrqO1TuZw6riMMOuK6P1XW6IpMGiu8+k0tf +Gk/tL4yI3p17Ney+oZIvmuJu43V+NnRLRcwtsQRsRfj20fjH0o2uouWkUV1FuJoD +OhceArDpkr1xlQIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW +qvLczmbuRcAwHQYDVR0OBBYEFG57IARNEcmB6RY1kNTLwltC1gdYMA4GA1UdDwEB +/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ +YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB +AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA +AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E +Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v +Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF +BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEAA3It +1175xvpIzhP2duSRdNq3TfxaEGoc5vnzGnCtURC5rIfnY5V9F+W50u0yePUPbiNa +S3ZljgnSoCCM6f6DGNSlG1mLjnnYdg3ojFKWR9m2S55V53/v0Z7JIPRmDTZ2dVw/ +EiGg1VDRj9/ucI5fJF1jQZxdYGUDIi8AYkQ1LejD20avqkH/gUag6j/3mUXZF4rd +ikORTbPtqDRVo+bNf4dGYjuihmru4GE0lMPK9keGf/ZfeZ0g00/iqyWVZwbdep4G +s4VWiWbcJCB744R93TsBRQ6Cmes/dh1RFtEkcOMC6t+NJV9aSIF20CZv2NlNcD4T +L7MvBU75kWmaG+2/kA== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-63.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-63.pem new file mode 100644 index 000000000..de2a0843f --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-63.pem @@ -0,0 +1,30 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-63 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEuTCCA6GgAwIBAgICBQ8wDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMjEwNDA2MTM1NTU0WhcN +MjcwNDA3MTM1NTU0WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEVMBMGA1UEAxMMRE9E +IElEIENBLTYzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxRJd1oB+ +otf7tUrvO5XB15Qe3TrMte630pcpz4IBEgCv64xJX2r465Jk+qKGqtW5lefR20jl +azfMDO1dgOQ+ba4TEQn/VAutj8lO/7ag3GhZ7Z2NdTAB7OckX0LnfFktlndct5mi +zji8CIB/gGFwoeykFF7NXbniXudxhNzPXvPBhBY38yXTzzNHxDZOBDXhyogYx69v +dIaDLvXCwWTHsw5wBJaiTMGdKcFsCUUL4kOY0hv60VYkcduOF9+e7WmrsJLWMM5I +ZS5MvLQUpzvl/XDnJek7aIaIU3ltZoty/8Lr6SBNr7havx6zLxxEwZ/EUfU38gKu +QxOoo50o2sRcnQIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW +qvLczmbuRcAwHQYDVR0OBBYEFBfmS8gaS8mnpnC0TE1eyPY21DCYMA4GA1UdDwEB +/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ +YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB +AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA +AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E +Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v +Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF +BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEABhvV +L1UcOJApwxlu50RO3dD7Tp/8VMfrAwYSt7ucLBSpddHxuwUsJkEakJ7W8HoiRQPX +SGW0jrZAxdXH331DLhyRPtn/2zhVkLiPU6+wUvmen0t3otT61Ea5oJuU8REupc51 +6rS+DNyCJL5WDGmjMQSyxhMctretmi2cb9xCGvtoD6lUgqHdDQNkPKG6EYJKPwNN +YG3zCHENRRKgZd82xoVCB9h3NhZ3M1uS+YXOtcOtkwfBKKHMQ8W14NJUvDL3xjyL ++5K1Yi6Jtf5G3pAvxZQgf/vfR3D6zxtO4Qy/q8qYW2eyyJnRa9vm1kfjUd2R0NmT +6NaUjDpi3EZ0riF7FQ== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-64.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-64.pem new file mode 100644 index 000000000..185c5c123 --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-64.pem @@ -0,0 +1,30 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-64 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEuTCCA6GgAwIBAgICBUswDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMjEwNjAxMTQwOTM3WhcN +MjcwNjAyMTQwOTM3WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEVMBMGA1UEAxMMRE9E +IElEIENBLTY0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjsvhd1Q/ +aKpj5/vTYmydA08Od1W2AOjjDsK0iot8jWIt693OEq9x8bSQ1K6eStv4Y3f1jj9c +SMvnP050SWqlF2Xmw8jifyk626E54rs67jhbuY5gc2+1BoComnq8IvN/tVbbPQkF +mR/tlvcyV6SJp+PUFTy/vKwBVkyV42BTa9Dgq0z7XHq+Z7bjf2ZYDi1v+BxFW3Ni +lv3CVmaQExf7S8JX9+5twtUtg4e9fl3wU98yW1SWu7A6KdqxDnMGqYxfX6FNWDbK +8y/4evrhAoV1lRCuTMvP7OdGbAjhUDHXNen3FoCxxu3pB4v32HjlMAi3Q2Rd3pCj +ENEIzp17/k3yIwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW +qvLczmbuRcAwHQYDVR0OBBYEFFe8wF7bias73Uepch6uy0IZax56MA4GA1UdDwEB +/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ +YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB +AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA +AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E +Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v +Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF +BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEAXr0y +V7GzeW4yhuPP193deLxBfBDdG7yNWjI5tSGnvx/mvaJqj7oqiAftY/EbyTepYzbo +6/Q09s+Ael+wftRZXbbZwzRuYigpQZy50eDi+6s/tc/ItUJ37oQszUPTcsFt3qjt +lH8FFTtLyPwxtalkwL5w7ACTv+1vD5avoXmJwHhFDGL8fKIQxCgfgU0AoL6XtLGT +XdAQ5Xd9viVDaWsva1HX/RS7uZ5+n34OFM5SZBuMAtIcWYRouML4FpCsXMYcAYB9 +nh5gG9qMkIX0b/oTkF5loV2Pq7p09Pj48Ebbv8B32vqnaUOQLjRANb/sIQLHXoXH +qwTizQlR8MkIO8+F+Q== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-65.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-65.pem new file mode 100644 index 000000000..dfe6ba212 --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-65.pem @@ -0,0 +1,30 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-65 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEuTCCA6GgAwIBAgICBUwwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMjEwNjAxMTQxMTIzWhcN +MjcwNjAyMTQxMTIzWjBaMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEVMBMGA1UEAxMMRE9E +IElEIENBLTY1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnkK9OCQ+ +D0b/7SLsEs0LCElhKIzGtiZDBw9VLqCaxTHlxaYEPV/B/X9NGoP5PE4ToBOSramL +CMPbwjadhNk8O0gEInZCuEzV17vvx6O4xg+FJ9OO76LU1KeXJnnvX1YnCKz3uxrn +3sw1jQugEEd1yPwKoHMjJ2Sr7Vgrm1e983EgiRint9lble7x/MDLvEZDELeeqhPZ +vRiz1qwVG+/p2ks980qFLFLl1INOUSPnSLIbafg7cWE9yTC5i99s4pJnP2ThyBv6 +JsgFzbbj9FEYGyh75GjIMEv8ulcQ3ATOSBREUPzrd6sQmideeqvxXrDYxo8Qel6b +rZiti+5vEr3OzQIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW +qvLczmbuRcAwHQYDVR0OBBYEFGLgSDhWbW9rJb67w4hYsaycQ8lbMA4GA1UdDwEB +/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ +YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB +AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA +AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E +Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v +Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF +BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEAF8Uj +33K0ZM9adtfd8IM2ebqwgbgRxi22Pb6bKkKOkGV2NU4wMckpuRpUrQGJmy6CIXZ8 +4QWz9DZSNAU0nyHXB6PLbSV0jnzKygWO7IOv83M6dcnCG8QUP1o20V0NGhzNBEtK +jxWENZCYHEruxm+2rB+MBngPhkBgdni2npetHX2e1cmsgMS6G1PUh2idhZ8Mpdof +nr+V0GuKLpwiNz3hLnKehl2Bs6aHG2IIOm/PdzvsKCP2eiGzS3SiiCf6fukYoYBN +edL8fHfFNyM4UPNgc4eG+bu0GJK4wKPVjiX7xYDdGaYZ2m4Y++zrKuMq+Oar6DQG +q3SERMAZCDYsEt3z2g== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID SW CA-45.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID SW CA-45.pem new file mode 100644 index 000000000..7e190a006 --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID SW CA-45.pem @@ -0,0 +1,30 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID SW CA-45 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIErjCCA5agAwIBAgIBYzANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEY +MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsT +A1BLSTEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgMzAeFw0xNjAzMDgxMzI4NTZaFw0y +MjAzMDkxMzI4NTZaMF0xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVy +bm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRgwFgYDVQQDEw9ET0Qg +SUQgU1cgQ0EtNDUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVVtcp +RJMdLbl4C4dfjcBCfAqUMLRbXiKiDRnAMXn3c5IrYEND7uJKJTCrQklQ8YC570Za +YXxhSaKiFbcR0MA7oHEF8HWglB53GSmFowqtAiERS/AWbMJoXlh/MBJweeSVUzat +CPO8V3q56Y/5OFglW5YV3tA3Kgv+BvlqjYCzWNeBwfyeglkB8EWi58llAiyjsGPd +QpN71LOyqHK16SCv22E6mIyrxfFgeaWIxIBeXzgVxDzZ2djbsqYyrJlAdUCbGzh/ +O9N0MhEC0mMRcgo7uER0olnWri1oOWtJl2Ok8ZvMqGQbdkxkkmxCthUWyxFoVq7P +xU7IYmBiBn27SyF7AgMBAAGjggF5MIIBdTAfBgNVHSMEGDAWgBRsipSid7GAch2B +ehaq8tzOZu5FwDAdBgNVHQ4EFgQUy/0Vpppg8S5OW5UcjD8djcKjIhswDgYDVR0P +AQH/BAQDAgGGMFoGA1UdIARTMFEwCwYJYIZIAWUCAQskMAsGCWCGSAFlAgELJzAL +BglghkgBZQIBCyowDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMRMAwGCmCGSAFl +AwIBAycwEgYDVR0TAQH/BAgwBgEB/wIBADAMBgNVHSQEBTADgAEAMDcGA1UdHwQw +MC4wLKAqoCiGJmh0dHA6Ly9jcmwuZGlzYS5taWwvY3JsL0RPRFJPT1RDQTMuY3Js +MGwGCCsGAQUFBwEBBGAwXjA6BggrBgEFBQcwAoYuaHR0cDovL2NybC5kaXNhLm1p +bC9pc3N1ZWR0by9ET0RST09UQ0EzX0lULnA3YzAgBggrBgEFBQcwAYYUaHR0cDov +L29jc3AuZGlzYS5taWwwDQYJKoZIhvcNAQELBQADggEBADPubZ/kZNDB/hkuGuuK +OmiGZJC2C1dBGkuM0SXewWzGHEPKapa4rNDrgDSTQMOLeMUCmr4XbHbMo1mqIDBc +SioVFiq+CooCskj3D+gj1Y+dbfi+IW8/IlbHVDxlApDlJ11v3nvNJNHp7gA0hFVD +Da2Upj9wVsYr0ReXvHRz0Zb6a1/7R6to41c8wwg3hWCGCXsPvnILaQK5JmxNVX1i +HT95UKDxnysb+vw+GxxJgaIH87HkgxZtOc7WUnP+GFALfKQyLsR8J3vkIkI2DJfP +FjtBblgXWn9lCI5lYgeH3VbKjVvowcUWuw2F8PJaaNHpVpWwv+XfzLmUCdLGjZrB +zBQ= +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID SW CA-46.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID SW CA-46.pem new file mode 100644 index 000000000..62901c5d3 --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID SW CA-46.pem @@ -0,0 +1,30 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID SW CA-46 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIErjCCA5agAwIBAgIBZDANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEY +MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsT +A1BLSTEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgMzAeFw0xNjAzMDgxNDIyMjdaFw0y +MjAzMDkxNDIyMjdaMF0xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVy +bm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRgwFgYDVQQDEw9ET0Qg +SUQgU1cgQ0EtNDYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB8t7O +izHtqCLUKXdNcAOYlJDNyNoqW22ZB75KiU3GJna5ww499SOnBaEU4OvRSMI3FcKS +lZRvJJIbNpcUbn6X/4cEH6g64lCGSXcm8nl/rU1W0onf7l/fk8tcaVRG0hP9iTbe +7fjlJ7hEWwKEXSk7Xkr/3e09bvKIHVtiCsV6cOlNsK6H7JbEhRw4yPOkqdXtrpQX +mNh9Y6OGya91I1vzYO+zcexr2+MOoHFJyADBVF/+LrMWdRqVI0Fl8r8NXKnGXpC7 +yPns28gz1egmxJ5NsJtQ8p4WHMQnA6J3wPr+7na+5MKzLgCIoMxD2vIJ0FU28ODE +WrAb9clqWqv/Jte/AgMBAAGjggF5MIIBdTAfBgNVHSMEGDAWgBRsipSid7GAch2B +ehaq8tzOZu5FwDAdBgNVHQ4EFgQUW2dpXrVYC5wfCdw1fZvWJ+5iqpwwDgYDVR0P +AQH/BAQDAgGGMFoGA1UdIARTMFEwCwYJYIZIAWUCAQskMAsGCWCGSAFlAgELJzAL +BglghkgBZQIBCyowDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMRMAwGCmCGSAFl +AwIBAycwEgYDVR0TAQH/BAgwBgEB/wIBADAMBgNVHSQEBTADgAEAMDcGA1UdHwQw +MC4wLKAqoCiGJmh0dHA6Ly9jcmwuZGlzYS5taWwvY3JsL0RPRFJPT1RDQTMuY3Js +MGwGCCsGAQUFBwEBBGAwXjA6BggrBgEFBQcwAoYuaHR0cDovL2NybC5kaXNhLm1p +bC9pc3N1ZWR0by9ET0RST09UQ0EzX0lULnA3YzAgBggrBgEFBQcwAYYUaHR0cDov +L29jc3AuZGlzYS5taWwwDQYJKoZIhvcNAQELBQADggEBAHrAmFSy86ZAscEU5KID +UdXtfC3+OV/I1BYnYiZHJKJj8zRuqvdWvsulKtCGKZo1wFv446n/14YRbI3TKno2 +Q/c4J6uz+MOsIGLyPvPmwO5Y6Gaqj5EDD6rgyYSRdHrmBlLE1aUmedc86UOMKAz6 +OwmUFRru8aXF/YSEWQmkeIWX4saImbv8Evb2vqjDPFERjH6BebYDRI7ZpMWg8jJt +LnQFoKOhCOTnHJz0vd/vnh4IC+7+KNgbg+RZ0O3H9dnBeULcLGeHtw2F2jBMrlyW +d0Iyn7vj9cOGkdrkggSpdGqqlXiNkVsYhyPXztL8jOqmyY7ndXubEQCsYxMIIXur +SEQ= +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-53.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-53.pem new file mode 100644 index 000000000..37fee6b84 --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-53.pem @@ -0,0 +1,29 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD SW CA-53 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEjzCCA3egAwIBAgICASswDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM1MDM1WhcN +MjIxMTIzMTM1MDM1WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E +IFNXIENBLTUzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwTewS9iv +ChYtMvNBYEOjVcVqr+3VOAEgyjt7ieJUVPrFDgtL9Sz+eXX+uBXkJwYjS0gtex6L +RuNtdcLkukoJu34ZxnfUwc8rgTwNV8VtIyI2GJq/u/FjGwK8fHkzslOzwF8KoA6N +NTYvKy9XohBDrrYGpRq/RuDttVfiJ4Yvcii5J6+uZTvT9035EksqjV7A+sJkFVqI +3MZ83kN9O0ZJf4dEj4h4DKqQYHTRrpy/BL4pTGxmSpnQHne63ToqsoZntTYCYhB5 +6izOakbsUTYVauwYqlNVf0j20IwcZibztp7wqV2NgGzA81LndhYLQh+8KsDabTSV +sZMvLHfEAeLdhwIDAQABo4IBXDCCAVgwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW +qvLczmbuRcAwHQYDVR0OBBYEFFHEizOZlMB+uzYd4+I6Bb0ydJ1TMA4GA1UdDwEB +/wQEAwIBhjA9BgNVHSAENjA0MAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ +YIZIAWUCAQsqMAsGCWCGSAFlAgELOzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1Ud +JAQFMAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9j +cmwvRE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5o +dHRwOi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAG +CCsGAQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOC +AQEACZtxX9lr6sye0RUSOLYzLCU4jVDNSQgz3qq8Kk7dJ97GdsuBzACcCIwFDpNd +tjMtD+mwNjgfeRY5ovyMEH3ZzVhIqGpQo4WLeE+bjy3fNcU3rsb2SHNaEpRddWQ3 +jnOc3jlyg/sHaR6Jg4JfQ1G9za46AReVa1nJLHjt/BO5m/3D4iJmpJvq2Qp6N4eF +a2VL6s8uAZKnLCocjZU2B3wYZMyaSgppaE4TOe/Hc5HJw245/cFLUL8I02iYfv9E +KQDuTGqNzGrBuKp9LMpRrBWb0boFrZaONcVXjtCqi05fo1Fd/JhuvfraTpgxmVXi +1OvgVGwq5lsxW2pbjSpBFebaRw== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-54.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-54.pem new file mode 100644 index 000000000..59b66acb3 --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-54.pem @@ -0,0 +1,29 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD SW CA-54 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEjzCCA3egAwIBAgICASwwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM1MTI4WhcN +MjIxMTIzMTM1MTI4WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E +IFNXIENBLTU0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq0wnaj/j +ZzXRnZnNDN5rMZW7OmPPcrG+8IQW6oHretQqvj/HCnAyX3sl5TvT6bLCG4UfLBAx +4VRCvpsVW9fME/43E+N8pyUDjlhYe8BHO9e0RfbVjMgDh6tLagvjN3MfThg8E94C +6TRisdifkP6WonplO1sbv8YD49GjmBWLs8KtU3xzw/StQrwNfymY8aW4lXJQa/Ca ++FXzz/tRh7Mclrlz6QCzgdHAliWK4s5tsXDxeZls2/tvTaZQCVCiyccDdc//lYzL +UIwg3lnPcoV6CPhhw+QW4q42Y4oSu48Z9g/fAvqhrK1U0S9mHl1vWLDTHI3hkwmd +T/O2WgKh8nvx8wIDAQABo4IBXDCCAVgwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW +qvLczmbuRcAwHQYDVR0OBBYEFLC3KL8sBImKdCavqhOMAhBVgXmxMA4GA1UdDwEB +/wQEAwIBhjA9BgNVHSAENjA0MAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ +YIZIAWUCAQsqMAsGCWCGSAFlAgELOzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1Ud +JAQFMAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9j +cmwvRE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5o +dHRwOi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAG +CCsGAQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOC +AQEAZF047yS8bq8lkMpoxFrJjmbdD1TNpjnWRmImQ32uPwNkrDbspNJ4GdqAh3N6 +ueIMcPUSmrIEs9GRZGJzOeTQ6tcQKCyWy+npsI1DQ/k5Xz0H375Bw17gnq2Bpjdy +s8zeg8I+2lDOjSNr7RgVWWB+2sVWXdvILx4Wkh6vX57uEud046HBmc4NeDiHAer8 +NIac5A7e379NRyuusNGXkAm3g7GsE/Y7MrFsKKsMlHb+gFXVgD0DBhtF22YqmA/R +QvTz7Ij1AD++Gv5I4IIzJFMryN6ED6XduWcTtk9Cnf0uY0z+VY8RFw9nOkECFc2b +BA8L2LlruBOzMWbFy4kH7G/hrA== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-60.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-60.pem new file mode 100644 index 000000000..a42fb40be --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-60.pem @@ -0,0 +1,29 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD SW CA-60 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEjzCCA3egAwIBAgICAwMwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTkwNDAyMTMzNDQ5WhcN +MjUwNDAyMTMzNDQ5WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEVMBMGA1UEAxMMRE9E +IFNXIENBLTYwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/MzAiiVC +G61CNrHuJ+6kXRAlG9ppLKXje1S3mw0LXOynYAyX7OIyFXkeNj54DV/4HTvK4eHd +G8XTfiUr8cqWki2nHPJivaZOKu/jObshywNZ3UAKmtz8bPDO+wJ8QrAxKaQYH4CM +mHlEjetmM7CMRznfMDqjwB9us5Y1FwKPlh+2Y6rdDfU1xR/dGD2iQk4laduxCCr4 +ULI7eFFToxnr5rUt95FBi5DlIPs3XETIywIWJ7Z59m0JBrReqKnFZr1NR06DGCOO +YULORCXiZFJlbRMjwvd3BPu+auP39/qq6aKLmTy0iTPflGum94W4bkvupB3r6Vkb +ptNsZrFq0IYZkQIDAQABo4IBXDCCAVgwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW +qvLczmbuRcAwHQYDVR0OBBYEFH3+8BAXOb/TcoT9rSlw+OI9mfMYMA4GA1UdDwEB +/wQEAwIBhjA9BgNVHSAENjA0MAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ +YIZIAWUCAQsqMAsGCWCGSAFlAgELOzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1Ud +JAQFMAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9j +cmwvRE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5o +dHRwOi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAG +CCsGAQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOC +AQEAn4OSx5FWM4e2vd2Igv63CCpfvrQqv5bjuoyQhoIJbEpjx6xtof1SNSwtPDjD +tSawzhabKYTgSajw28zIyJ4TpFUiABOSNkA4aYWvtjjHPKPrIjVTck0DArWH2Lr9 +x0dvpCIInDyfIib9dcE0cdGVlEpeAEMQFjpUbmCNpTlKUtSroY8CfZCOmi+Rp/fT +0N9PoO/Izxl1UvHb9xxfu4vasVjt3L/Fu8PIw8GJ70u/Ws+mg3ga8uDOluYn+VDq +O1Le2QJvSK0J9dS21rwV6SCtf+en2Razi0/S44tzOFa4fRdJLHTYPutu69p6+YMh +Sul++7G14BLwhmWa2iRcjw+AlQ== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-66.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-66.pem new file mode 100644 index 000000000..eb34d9855 --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-66.pem @@ -0,0 +1,29 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD SW CA-66 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEjzCCA3egAwIBAgICBV8wDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMjEwNjA4MTM1NzE4WhcN +MjcwNjA5MTM1NzE4WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEVMBMGA1UEAxMMRE9E +IFNXIENBLTY2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4houoVX/ +Li3VkkGqzLIUOLda1i73PJvtWBdSDIed8ovWFa+tQJ0/vCluSctLGgV171iHWItg +laOFkozk4pdBu5dW4N51jfkTYbzPt0tBZqJ0B20c/uxQUkIq8leMAiBnj5n1XRvE +IPmpch8rvGAVwDNOjK+7GiBlmm9Afi2dRvDOanB1C5NkvySwshIx8191HQaVxwEe +5CFoHr1/N1CFDZ65jLsHlF+OFRA0UQnsT4aRMsdUtUm8IQ81WgCSBkYE1iVfm+cY +Gp9IAJ4pjHeJt3VjYhCUZA1tISiEbjwt8Hos/oQny5jW3A0cKuKCN9D+CVzobb2Z +j1n9KtXGwo7RpQIDAQABo4IBXDCCAVgwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW +qvLczmbuRcAwHQYDVR0OBBYEFOsGU5gwhp7fXosLoSYm+qZhD7mUMA4GA1UdDwEB +/wQEAwIBhjA9BgNVHSAENjA0MAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ +YIZIAWUCAQsqMAsGCWCGSAFlAgELOzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1Ud +JAQFMAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9j +cmwvRE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5o +dHRwOi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAG +CCsGAQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOC +AQEAEI/fMsnGS7EdXp9T+SU22yw7TOMPnZns0nQbcx09aKV9LS5DC6j5siNUUs37 +bEeJLPSDN5JqC2jHA7C5USJ6+Qe65kvlUCvCuAKwtfOnv0KewpZnxBcRaEebbpRX +nzFb+2x/RbQYz3b0oN+srKyKEFie0USItyuVAB4eYolSbUQ5kXIMDbD7jxSkMsfi +2t8cpHXpNvPEGAMz8KFUR5ESYtE4uePZB4gOXBP2x7XbC4+mbSqXgapf+0L0dWXo +PGHQZWrPXMJq8nJ9Crps8KucamtlRge++MgsWRi5B/oTaJNBfabD7bZcI+tG8MSm +jYDkgfOi5nuRC+HuYQJfnN/JLw== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-67.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-67.pem new file mode 100644 index 000000000..4e203faa2 --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-67.pem @@ -0,0 +1,29 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD SW CA-67 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEjzCCA3egAwIBAgICBWAwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMjEwNjA4MTM1ODI1WhcN +MjcwNjA5MTM1ODI1WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEVMBMGA1UEAxMMRE9E +IFNXIENBLTY3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmGxEAz4E +AAC1INxpZpWcvBvGADE1EcLCF6yl2Q+px7dol+M3iFran2xRnG+PatJ7MyHflYFT +iMrjfNBjgd0WhcjdYIQqwA47vFwMDK9GAr4DpF9Th8Xa3Sz1W2PQj1isHKNodKvk +ICOBudf38e+6xhQyPxC/ryPKa8OzHRvzzVGhxjQjg8mWNxf1tDHaj1F1vOu3rDxj +k2BGbGKTSQ354E2jCkDLqKzCCzpsKVNPtkuC1LwUflrPBJreFq6pYOlFFBu9YgTZ +q5D6O4mr9388Yl3UJEeZq70POfwd+Lg8oPDS8geVtXuxohCdE0lw3UrW5oGO10e/ +DwhxvmyBkYjlGwIDAQABo4IBXDCCAVgwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW +qvLczmbuRcAwHQYDVR0OBBYEFNu0q6OMKUW9rSpWN8xUXbzX/SonMA4GA1UdDwEB +/wQEAwIBhjA9BgNVHSAENjA0MAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ +YIZIAWUCAQsqMAsGCWCGSAFlAgELOzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1Ud +JAQFMAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9j +cmwvRE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5o +dHRwOi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAG +CCsGAQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOC +AQEAIW6zNzaq6wiJST/lHGj8X4TEhezpoVDdVf9a4yD8mzDlTgGpwYNYD0eXm3/B +3/DXJR1DUKoNjb7fPomrn0mqMbsjn9PorjBvrjHGk8hnzTaWxny/UjKOZPunOrqr +xNAdG77sc1TbYABaVr7R/qBV5vYGEYG0zG4lwgwOGfzHs5DCWlcZ9RXeMC8FmpU2 +V5prrgy4oUb9W+Pe240i5bTFFgk0KZpGzGwxmmip47hvnn2WoOjXuMCO8oFPID97 +b7HtqVw44FdhcX91iSsF94227L97FWj2qIh+hg9Hr7+lnUV2jnw78VDAAGYoC2j+ +wFDemBg6D/gOGokJXlfr5G3RtQ== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DoD Root CA 3.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DoD Root CA 3.pem new file mode 100644 index 000000000..cd2969bff --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DoD Root CA 3.pem @@ -0,0 +1,32 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Interoperability Root CA 2 +-----BEGIN CERTIFICATE----- +MIIFKjCCBBKgAwIBAgICBWYwDQYJKoZIhvcNAQELBQAwbDELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxJzAlBgNVBAMTHkRvRCBJbnRlcm9wZXJhYmlsaXR5IFJvb3QgQ0EgMjAe +Fw0xOTAxMjIxNTIyNTZaFw0yMjAxMjIxNTIyNTZaMFsxCzAJBgNVBAYTAlVTMRgw +FgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMD +UEtJMRYwFAYDVQQDEw1Eb0QgUm9vdCBDQSAzMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAqewUcoroS3Cj2hADhKb7pzYNKjpSFr8wFVKGBUcgz6qmzXXE +ZG7v8WAjywpmQK60yGgqAFFoSTfpWTJNlbxDJ+lAjToQzhS8Qxih+d7M54V2c14Y +GiNbvT8f8u2NGcwD0UCkj6cgAkwnWnk29qM3IY4AWgYWytNVlm8xKbtyDsviSFHy +1DekNdZv7hezsQarCxmG6CNtMRsoeGXF3mJSvMF96+6gXVQE+7LLK7IjVJGCTPC/ +unRAOwwERYBnXMXrolfDGn8KLb1/udzBmbDIB+QMhjaUOiUv8n3mlzwblLSXWQbJ +OuQL2erp/DtzNG/955jk86HCkF8c9T8u1xnTfwIDAQABo4IB5TCCAeEwHwYDVR0j +BBgwFoAU//iuE4uSK3mSQaN2XCyBnprFnHgwDwYDVR0TAQH/BAUwAwEB/zAOBgNV +HQ8BAf8EBAMCAQYwRwYDVR0fBEAwPjA8oDqgOIY2aHR0cDovL2NybC5kaXNhLm1p +bC9jcmwvRE9ESU5URVJPUEVSQUJJTElUWVJPT1RDQTIuY3JsMB0GA1UdDgQWBBRs +ipSid7GAch2Behaq8tzOZu5FwDB8BggrBgEFBQcBAQRwMG4wSgYIKwYBBQUHMAKG +Pmh0dHA6Ly9jcmwuZGlzYS5taWwvaXNzdWVkdG8vRE9ESU5URVJPUEVSQUJJTElU +WVJPT1RDQTJfSVQucDdjMCAGCCsGAQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1p +bDBaBgNVHSAEUzBRMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJYIZIAWUC +AQsqMAwGCmCGSAFlAwIBAw0wDAYKYIZIAWUDAgEDETAMBgpghkgBZQMCAQMnMA8G +A1UdJAEB/wQFMAOAAQAwSgYIKwYBBQUHAQsEPjA8MDoGCCsGAQUFBzAFhi5odHRw +Oi8vY3JsLmRpc2EubWlsL2lzc3VlZGJ5L0RPRFJPT1RDQTNfSUIucDdjMA0GCSqG +SIb3DQEBCwUAA4IBAQAUo+3yHXSh8j5yBbpTAr7dqhSQDFjxRk0Sq+nL62ceChhT +mEvzAKWK441/JPNF8VCO9xG80TBm2ngxL4R0wXahxG177YQ9h+ZYd1meye6+Ly1V +P8B9XSk++f4zDMlxB1pWMgDnUE/h/MHO5w7zxuqGxOZpqTBtSh0P+7qQfLVy68Mo +M3qHxAQ7JC9pEyRZ4MHlKNRHO8XgiEKK5MZJAjhynCzbQMGUlayQkSMUuhIRwV6c +Ek1Z2dikykwfepCAtkQcqlnwPxqk+l3t4Ejr4FNObkToY84Xh/3YaNw5Efw6CpRH +9nIb7WxSfMxlx7U0+HfI2oVixbQ55MKJGpZy6VSe +-----END CERTIFICATE----- From 404887a41d77f5b814f254177b48b0030d3ec746 Mon Sep 17 00:00:00 2001 From: Zach Margolis Date: Fri, 25 Nov 2022 07:29:36 -0800 Subject: [PATCH 09/11] Remove certs that expire on 2022-11-23 (#329) (#330) * Update certificate bundles - "rake certs:generate_certificate_bundles" --- config/cert_bundles/ficam_bundle.pem | 369 ++++++++---------- config/cert_bundles/login_bundle.pem | 298 -------------- ...nt, OU=DoD, OU=PKI, CN=DOD EMAIL CA-49.pem | 30 -- ...nt, OU=DoD, OU=PKI, CN=DOD EMAIL CA-50.pem | 30 -- ...nt, OU=DoD, OU=PKI, CN=DOD EMAIL CA-51.pem | 30 -- ...nt, OU=DoD, OU=PKI, CN=DOD EMAIL CA-52.pem | 30 -- ...nment, OU=DoD, OU=PKI, CN=DOD ID CA-49.pem | 30 -- ...nment, OU=DoD, OU=PKI, CN=DOD ID CA-50.pem | 30 -- ...nment, OU=DoD, OU=PKI, CN=DOD ID CA-51.pem | 30 -- ...nment, OU=DoD, OU=PKI, CN=DOD ID CA-52.pem | 30 -- ...nment, OU=DoD, OU=PKI, CN=DOD SW CA-53.pem | 29 -- ...nment, OU=DoD, OU=PKI, CN=DOD SW CA-54.pem | 29 -- 12 files changed, 155 insertions(+), 810 deletions(-) delete mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-49.pem delete mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-50.pem delete mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-51.pem delete mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-52.pem delete mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-49.pem delete mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-50.pem delete mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-51.pem delete mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-52.pem delete mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-53.pem delete mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-54.pem diff --git a/config/cert_bundles/ficam_bundle.pem b/config/cert_bundles/ficam_bundle.pem index b990801a7..199dd68fa 100644 --- a/config/cert_bundles/ficam_bundle.pem +++ b/config/cert_bundles/ficam_bundle.pem @@ -864,6 +864,45 @@ OPc7eF125ABdU/KJcabt3YSE5mrRu7yRvmskGLPcJ3dHIxNhW5BZiPXu/V0dFnzy uM8djQ6nH2eHXTRoTIYueWfrZLuG/UGCe4if2gM3ZQbDEoz3lkVd9rJVGNRBcnSe aHPkF2w1nDb0EHrnM0m+G70= -----END CERTIFICATE----- +Subject: /C=US/O=IdenTrust/OU=IdenTrust Global Common/CN=IGC CA 1 +Issuer: /C=US/O=IdenTrust/CN=IdenTrust Global Common Root CA 1 +-----BEGIN CERTIFICATE----- +MIIGeDCCBGCgAwIBAgIQCgFCgAAAAUXYsJAMAAAAAjANBgkqhkiG9w0BAQsFADBN +MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVu +VHJ1c3QgR2xvYmFsIENvbW1vbiBSb290IENBIDEwHhcNMTQwNDE0MTYzMTAwWhcN +MjQwNDE0MTYzMTAwWjBWMQswCQYDVQQGEwJVUzESMBAGA1UECgwJSWRlblRydXN0 +MSAwHgYDVQQLDBdJZGVuVHJ1c3QgR2xvYmFsIENvbW1vbjERMA8GA1UEAwwISUdD +IENBIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+PjUxzWmD/upc +/DwguPonIC8WbR/FJZ8/uEGLbCya/aLewhSD4UHXyVjUnpWMjUGyVXlK18RfbHtN +Jo6FYqaFQN82VxU35orHEswMoBbo5aywtIjh18Go0AZxr3T+L+x+lsvsLLH+PlbN +z/W2kS77EO37AJHTjI21iNNHGLd5x0sANxKy/m9/t/zoZiiL8UPlpD4TAHSfOxqn +JQrRfgjbmTny7Dc5v0/zU/Cb8ZFjCGyrVvebddI9J6e8FqXkx9ksjUoYerdsNd4G +t5QIpd7fnKPeKvrwksm0XlFj9ptUwihPvIxcaBTCnOB8BfvCirgFBVZgCsrZYX7E +ILEhdDd3AgMBAAGjggJJMIICRTAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgw +BgEB/wIBADCCARsGA1UdIASCARIwggEOMA0GC2CGSAGG+S8AZAIBMA0GC2CGSAGG ++S8AZAICMA0GC2CGSAGG+S8AZAMBMA0GC2CGSAGG+S8AZAMCMA0GC2CGSAGG+S8A +ZA4BMA0GC2CGSAGG+S8AZA4CMA0GC2CGSAGG+S8AZAwBMA0GC2CGSAGG+S8AZAwC +MA0GC2CGSAGG+S8AZA8BMA0GC2CGSAGG+S8AZA8CMA0GC2CGSAGG+S8AZBIAMA0G +C2CGSAGG+S8AZBIBMA0GC2CGSAGG+S8AZBICMA0GC2CGSAGG+S8AZBIDMA0GC2CG +SAGG+S8AZBMBMA0GC2CGSAGG+S8AZBQBMA0GC2CGSAGG+S8AZCUBMA0GC2CGSAGG ++S8AZCYBMB0GA1UdDgQWBBQI5V2BrnkUHLwYoMEGAv8eqpS87TBDBgNVHR8EPDA6 +MDigNqA0hjJodHRwOi8vdmFsaWRhdGlvbi5pZGVudHJ1c3QuY29tL2NybC9pZ2Ny +b290Y2ExLmNybDB7BggrBgEFBQcBAQRvMG0wKQYIKwYBBQUHMAGGHWh0dHA6Ly9p +Z2Mub2NzcC5pZGVudHJ1c3QuY29tMEAGCCsGAQUFBzAChjRodHRwOi8vdmFsaWRh +dGlvbi5pZGVudHJ1c3QuY29tL3Jvb3RzL2lnY3Jvb3RjYTEucDdjMB8GA1UdIwQY +MBaAFPj5iy9/kEOfj+aMLLVJuE+SixZ0MA0GCSqGSIb3DQEBCwUAA4ICAQDWBv9j +aO6PdpYtsxjRkmG9Nogsv/95bXIPG0wefaRvodVQxaiGg2sCI4eRg/fkEDGnz+0c +au1S+rERFIJKkwpUWTA2If0jLb+a/u0fJjfUdWqBDuYHXxtESQIagy+I56253SBv +enIcNiJNJmERjkCkhJPQBDRHgYfR/JVsbhpl3sjLzAZNUlSoU3NVBXbM+Dn38NRf +8W1TfVWNAMKbZXgL3RjerlKnhl5Pi23UfOYkgZi/OC5GiiGtPbdxqPhbqk7LgwN1 +sHMA6t06S16XbBoqW62uf0nuLWXwpkMbU2pjUAGjdDS23YgZBRbYaC/XqmPHm2XS +nqDtYKABOcLAgGvUcoMMhzuiIeCpxv5CSElXzJh6K9wkmlNwCYzTDWttc5TVaFev +0b0/zuiw4E4LJk7PaO5W3DdJy95pKW+BamxGPVLyxTNdQQmSqhOuL7vOTG821cH9 +TzO/FfFDQB0bT3eVsODxDUNugKnvw+PH+qIVCqcONllznoz5G7A54LD45oz+lDsG +uPGrWTKpBgBk4AcfNd5nWh3bfI+docNDLqrfRCYPPM5BfF4xAsfZoDrdEeBqSG3Y +8hQLVF9qx+7OT6K7jCTS0Gxuu7IvRlcICdHJFJsOW3I9JX2xl0g7GklzSYs+j+5j +8KEGcVRC5ZzO8teG+qhxpaDbcPgwzWnYOy6mKQ== +-----END CERTIFICATE----- Subject: /C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 SSP Intermediate CA - G3 Issuer: /C=US/O=U.S. Government/OU=FPKI/CN=Federal Bridge CA G4 -----BEGIN CERTIFICATE----- @@ -977,41 +1016,6 @@ A843vFQuVRgIwp1M+D4xnvxnLbehLzqEZ6ZSSIPoHXzitfz9/oycCfUbIyYE4TW9 8wEwfpj4wCO1Gldl+2rZYUEb5mjkkltR1O8s5rYqoxVSVKUrAD/fHYdOzteWkNQk yiTo/Q== -----END CERTIFICATE----- -Subject: /C=RO/O=Trans Sped SRL/OU=Individual Subscriber CA/CN=Trans Sped Mobile eIDAS QCA G2 -Issuer: /C=US/O=SAFE Identity/OU=Certification Authorities/CN=SAFE Identity Bridge CA ------BEGIN CERTIFICATE----- -MIIFszCCA5ugAwIBAgIQQ/LGUr4uY07oqGTBcT/RhjANBgkqhkiG9w0BAQwFADBr -MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNU0FGRSBJZGVudGl0eTEiMCAGA1UECxMZ -Q2VydGlmaWNhdGlvbiBBdXRob3JpdGllczEgMB4GA1UEAxMXU0FGRSBJZGVudGl0 -eSBCcmlkZ2UgQ0EwHhcNMjExMDI4MDAwMDAwWhcNMjIxMDMxMjM1OTU5WjByMQsw -CQYDVQQGEwJSTzEXMBUGA1UECgwOVHJhbnMgU3BlZCBTUkwxITAfBgNVBAsMGElu -ZGl2aWR1YWwgU3Vic2NyaWJlciBDQTEnMCUGA1UEAwweVHJhbnMgU3BlZCBNb2Jp -bGUgZUlEQVMgUUNBIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA -3BHY3CN+UsqMX6OWd35+0AzS7bBVsSWHjS98sRj4kRAJ7tt5HkxgmSBJG/yNmhZq -a7K5VAb3sjfbH4x+NWKxzHUD+8pKSaeJQplaIbnPboqYXHwP88pn+B3QL7o8ZCbJ -XMGgQtWFvE6g0GgpbIOVNXw+nSxxhSZy6r760nxcWc24q657BGtkicR1ve2FrJbF -safRHKeZzMcuYQm852Ef9mLvQ3DbVKHwfE7dzr8BnvvX8gAwYV0HXMHdPAGVhbnU -3eH0BTtky7nEQCxf7EULGBlIUn6spgy9uRyCvNyeSQeX1n5BMCZ7bYHZWllRNnxj -WGM9fhAEi2MMGDPW0CgKlQIDAQABo4IBSjCCAUYwHQYDVR0OBBYEFB1QTkWLI0AU -1WsXehfWWjbrz039MBIGA1UdEwEB/wQIMAYBAf8CAQEwFwYDVR0gBBAwDjAMBgor -BgEEAYG0fQEGMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwubWFrZWlkZW50 -aXR5c2FmZS5jb20vc2liY2EuY3JsMA4GA1UdDwEB/wQEAwIBBjAKBgNVHTYEAwIB -ADASBgNVHSQBAf8ECDAGgAEAgQEAMCQGA1UdIQQdMBswGQYKKwYBBAGBtH0BBgYL -KwYBBAGCuB0EAQEwRQYIKwYBBQUHAQEEOTA3MDUGCCsGAQUFBzAChilodHRwOi8v -YWlhLm1ha2VpZGVudGl0eXNhZmUuY29tL3NpYmNhLnA3YzAfBgNVHSMEGDAWgBSZ -pBrN3G/GqAg+rbaWbH7XzzekyTANBgkqhkiG9w0BAQwFAAOCAgEAkDbOAxvY3HoL -/VXaUGKmSs09GLxacbIDQXTUmbf2RDTux53HOOKnPIpxxRSS7op1ypWZd9YXM4Dk -d/wasPxgeZJUPxNgu8VpSsUpviYP6ULBn5YddbjN5LHP9Lv/vffwGDeDrLcuvniw -3KXsw4eO9VXJW9OwoofKgRcksDaLCA9fXYrHahcBazJMllGGsDsOEG7W9+69iX+n -tuyLago8ZO/OXwNHki4BWzULKXVvre5vKe5PvjG1Y4OZvoPQ480tptOIa3Mzp0Sb -nKmuGU1ne61VxyqShywKKx/jMwa1yYd60YFrXYxLYqo/v5gRw+J45kb8ifY8CStC -wF8DyVSYWMOsv2FEWvyE4M18htjv938KY/lK5wCnXLXiuszpV9pXDD4GoA0Hi7BE -PvshUl1U1ojLh83E4u2GfA4SEAlTwGGWN3Dxx4B/Yp2HiU+71SNXxZ9S2mezJtL6 -DZoYPd2zAbu/H1VBtpnrJ+0o3LJoTsw4KyOlY+H3W96BvHsFVMFF73CdxnYBDxZT -WLlTd0bv0Pf3Otb4rK80sVhwjofeEtYXFDCjN7Z6LVk8ZmckGTMfcas+5ozHEeFq -SjAZ7tX8Cnzs83qtae0plvEvbDTQ8PGPzHhl312CLpNjMFop3CuZRkHgfFd6VhnS -fKt6GZJ+1zxSn/I2LSbnavn+6XYQJAs= ------END CERTIFICATE----- Subject: /C=US/O=Entrust/OU=Certification Authorities/OU=Entrust NFI Medium Assurance SSP CA Issuer: /C=US/O=Entrust/OU=Certification Authorities/OU=Entrust Managed Services NFI Root CA -----BEGIN CERTIFICATE----- @@ -1454,6 +1458,43 @@ crIvEFw/sWREWggc7YAQtaIr+W4SgFst5VGJ4AAU6icCNCepUiquHg06f7xWsoQ+ yTNIyG7YliWqXCDGNouPfUfAjredXmQWntjHxMc51c3Pzt+AqsYxnrggK2KwNtg9 l1Db -----END CERTIFICATE----- +Subject: /C=US/O=SAIC LLC/OU=IdenTrust Global Common/CN=SAIC FBCA Cloud PKI CA 1 +Issuer: /C=US/O=IdenTrust/CN=IdenTrust Global Common Root CA 1 +-----BEGIN CERTIFICATE----- +MIIGBzCCA++gAwIBAgIQQAF/Za/230FD7PhazbuqyzANBgkqhkiG9w0BAQsFADBN +MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVu +VHJ1c3QgR2xvYmFsIENvbW1vbiBSb290IENBIDEwHhcNMjIwMzA3MTg0MTQ1WhcN +MzAwMzA3MTg0MTQ1WjBlMQswCQYDVQQGEwJVUzERMA8GA1UEChMIU0FJQyBMTEMx +IDAeBgNVBAsTF0lkZW5UcnVzdCBHbG9iYWwgQ29tbW9uMSEwHwYDVQQDExhTQUlD +IEZCQ0EgQ2xvdWQgUEtJIENBIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDS4n3Ajwua7dpm2vCApM5iZ/sAxonZvOylpHhxlccZSh7+/0F7/yeIK+Xn +TvJID0dHLK/veqzSL4PPcUqlDWvhhHwAH0v7HY7I/3PMoo4iGDHuxjDNMCn2UDVz +L+Amvyf/tGgbwysHORP6bk5DnwuyIxX7DO/7nxmxtu/Dg5KE28JGYNuAAk4zqd+j +Eftxj5vU1yaotAHzJGTrEgoyxkLL5yKZp5M3G3nnSmpfhj1zvXez5fjhrwYvL4Ov +598670HkjRLgIosiMGdkz3OdCA++lHDAAhAPHlwGJ/nV6fUclf7k7h+21eeVt9OW +iOymNSKQa7BYRwvcATU0vr9weM3NAgMBAAGjggHJMIIBxTASBgNVHRMBAf8ECDAG +AQH/AgEAMA4GA1UdDwEB/wQEAwIBhjB7BggrBgEFBQcBAQRvMG0wQAYIKwYBBQUH +MAKGNGh0dHA6Ly92YWxpZGF0aW9uLmlkZW50cnVzdC5jb20vcm9vdHMvaWdjcm9v +dGNhMS5wN2MwKQYIKwYBBQUHMAGGHWh0dHA6Ly9pZ2Mub2NzcC5pZGVudHJ1c3Qu +Y29tMB8GA1UdIwQYMBaAFPj5iy9/kEOfj+aMLLVJuE+SixZ0MIGBBgNVHSAEejB4 +MA0GC2CGSAGG+S8AZAIBMA0GC2CGSAGG+S8AZAICMA0GC2CGSAGG+S8AZAIDMA0G +C2CGSAGG+S8AZAIEMA0GC2CGSAGG+S8AZAIFMA0GC2CGSAGG+S8AZAIGMA0GC2CG +SAGG+S8AZAIHMA0GC2CGSAGG+S8AZAIIMD8GA1UdHwQ4MDYwNKAyoDCGLmh0dHA6 +Ly92YWxpZGF0aW9uLmlkZW50cnVzdC5jb20vY3JsL2lnY2NhMS5jcmwwHQYDVR0O +BBYEFEF/tiyWzrBqd7c0C6JctJumE4rHMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggr +BgEFBQcDBDANBgkqhkiG9w0BAQsFAAOCAgEAXA3quFSCYKiWYWjPPh8kR/RYjy6s +wtJwq1X/OQFIhhRRBR5lnXwuB1pv2kOWE9YvIT0LIIMBu9W+v0Vkobrt6Gr0O60r +U/t0ZJKz0z4b0txr3I6klJmI0S7x5LZM+l4CB/8Cl1Tlv9GNEpIWwep/qn1RMw6W +uljIgd/kI5K8c79rz0SlxsQsfSuJIo8xCfRLv4Vty5YUdtZZfVBGHjiuccQdFezh +FIjRVGJ+6VGb7rqZiRZo03YnDNfN7GAdq15F3QwVk7EqQ2gEXx80FcSfe6as6W2M +PKayzFQI9N6YBjWxrMBd2c9Ka5XaZC73uEJsA6dDR77gFnnSeE9/Wu5THk8WqmvT +7pWJ/ElLW4TfsVrQUDzqpZ5iqXRjdY3HmAc71MWe1wpiZBftIYo2JCgr/WmJdiro +68DUBj5STHt3JScYBMfAy0FfNrmGeAQf7KiV/fDdkqbEYbb0Tb3053yfR+36E7Mp +dCii9tKKW8Yr7GW7KvREZT+8h9+iroZqiWSzB3B9zaTVJp3KRgI7jTb+BIPiRiku +K0brRAvxWaw64t2up4jgZp1dCY8gHLZ+sqITfBBEVXqbA8FOp2qbSN1NVg4qWCqq +vLs4cplcx3EwHSUpSwVT4Op6Mfn/SZx1zXRRoI9Pf/l3CLA7qIbA/G/I5GQjV/6D +e+JXq/PFM6EMAL4= +-----END CERTIFICATE----- Subject: /C=US/O=U.S. Government/OU=Department of Commerce/CN=Bureau of the Census Agency CA Issuer: /C=US/O=Symantec Corporation/CN=Symantec SSP Intermediate CA - G4 -----BEGIN CERTIFICATE----- @@ -1877,50 +1918,44 @@ q1q/XYClv/3L0L8lvaG82+IZpQIzGrphIFmuw25nMaUkT3NzRQaIPaZxRRzXOFvh uh8vuWzo4YP2hPOfVO18EMXH0M639REKtqDMIkllBuNOHD8RcMu+CJ/xSxdUrra5 Kao6TKIjbio9/JhCr5XL7ee3a0tjkt9p -----END CERTIFICATE----- -Subject: /C=CA/O=Carillon Information Security Inc./OU=Certification Authorities/CN=Carillon PKI Services G2 Root CA 3 -Issuer: /C=US/O=SAFE Identity/OU=Certification Authorities/CN=SAFE Identity Bridge CA ------BEGIN CERTIFICATE----- -MIIHnTCCBYWgAwIBAgIQC6yv7m8fVCFW0BOX6R0S0jANBgkqhkiG9w0BAQwFADBr -MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNU0FGRSBJZGVudGl0eTEiMCAGA1UECxMZ -Q2VydGlmaWNhdGlvbiBBdXRob3JpdGllczEgMB4GA1UEAxMXU0FGRSBJZGVudGl0 -eSBCcmlkZ2UgQ0EwHhcNMjExMDI4MDAwMDAwWhcNMjIxMDMxMjM1OTU5WjCBizEL -MAkGA1UEBhMCQ0ExKzApBgNVBAoTIkNhcmlsbG9uIEluZm9ybWF0aW9uIFNlY3Vy -aXR5IEluYy4xIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxKzAp -BgNVBAMTIkNhcmlsbG9uIFBLSSBTZXJ2aWNlcyBHMiBSb290IENBIDMwggIiMA0G -CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDyJSAjmhFSnyjquDuf4cPyuJ8dvJPn -bq9Fk6/9tILWkr/LwTYrLR+wMCGql2XvoUnXsDzTxLX96PHxmG5KRnUGD37ZMwCc -5ALFr1hAUS7PQdcSj7aUAjxeclMKt4HerQp72j4KVaR3kdm0Mvdy3VqVIydk5NCJ -xhTmcsBy+hAIXz7y/V6OG/P2a0gVcAJ/hYFyoXRvvomTvhte4Ki1utblUx/s2H3O -/xOTyC5sfO/c4X5wNOEyB7kFGoikbwrFU9ZkWZm/vwl9aLuqPfAf5BGGTa09TD4W -wtKG/v2sUX0iqk/KRbdOW+CD5UPo2AX6NEqkg0l0yVonfSO+6uDayasQTUtI8Qxk -hF7Y1mNJhZZSymktBVnojkRHKC1WhZ1d3CyTB61iSeYBfSKKqErMcQy5u4CeSPi5 -pZQK+OfLB7DN6OwjS+ZVCRnP96SwSi3h7Y8yus8obRLn33kDwqoskhmHMayLkeW/ -NMJg/6JEDB7+VRrQ6PIEPMiJxWs4c4nVopMtdjVCgoSvpF/M7UfI7E+kfKsbMjHQ -FenxIcCrDSD+qidbI4/RV6M8lN79oQOQHodPEBJTS6LGsQK9uK2bml1ur0wDYNvg -yC2DmGqkrW1sNfZRgBbcJDbBx0E52DAuNQaCAeD5WCukqH2hFd5wYAx+7TNlasfq -1h/MY5tvfhlSTwIDAQABo4ICGjCCAhYwEgYDVR0TAQH/BAgwBgEB/wIBATA6BgNV -HR8EMzAxMC+gLaArhilodHRwOi8vY3JsLm1ha2VpZGVudGl0eXNhZmUuY29tL3Np -YmNhLmNybDAOBgNVHQ8BAf8EBAMCAQYwCgYDVR02BAMCAQAwEgYDVR0kAQH/BAgw -BoABAIEBADAdBgNVHQ4EFgQUXjd0qkEonho9dbrtSgkN28QQk+kwXQYDVR0gBFYw -VDAMBgorBgEEAYG0fQEEMAwGCisGAQQBgbR9ARIwDAYKKwYBBAGBtH0BBTAMBgor -BgEEAYG0fQEGMAwGCisGAQQBgbR9ARswDAYKKwYBBAGBtH0BHDCBrQYDVR0hBIGl -MIGiMBkGCisGAQQBgbR9AQQGCysGAQQBgcNeAwEJMBkGCisGAQQBgbR9ARIGCysG -AQQBgcNeAwEKMBkGCisGAQQBgbR9AQUGCysGAQQBgcNeAwELMBkGCisGAQQBgbR9 -AQYGCysGAQQBgcNeAwEMMBkGCisGAQQBgbR9ARsGCysGAQQBgcNeAwENMBkGCisG -AQQBgbR9ARwGCysGAQQBgcNeAwEOMEUGCCsGAQUFBwEBBDkwNzA1BggrBgEFBQcw -AoYpaHR0cDovL2FpYS5tYWtlaWRlbnRpdHlzYWZlLmNvbS9zaWJjYS5wN2MwHwYD -VR0jBBgwFoAUmaQazdxvxqgIPq22lmx+1883pMkwDQYJKoZIhvcNAQEMBQADggIB -ACLfWUQQ6v6kpM9doK3nPmdAexO1S6mgIMvv9zCefUuh5MkvN34lV6n+75O5mPoY -jlC4AsiA6pYaNj+9TW1JeKA66LS20LnAt+LkprNaX5qjsJ1G06V5r4uv5myZ5xHx -GGz4qyeMrWtv1HbvYRMMV9szsvNa+4MLuHg+2XfJOVsWz9y0nQwvzy0iAhANg+av -4Y+5Dv4PV9BpAIiZ5MFoayMJjVfC/bc4D0zAzNKLwAekHskqz8yaElDIwBi/opxH -5RzGe9NuYjt+ahc5To0wm44UVQnsHFXiq/xLOfA/sIttxvlHmmBGm+nOAb3MtyaP -Kf5MBzF03im7JJNllpdBnc6kRlUTTL6de7o3HxgVag2yjMHGtZ0ihrDtLZ14vJF+ -cdHyV9rx5452yG0L5fSdSWtELL092HCKUzJ4/wg9V8TMup0DbdeJbVIMYURADhV6 -yRUIgAR0EBAMyCwjvQTIgkSHCRRKmSRyvN6BSaFSQwyEmL5MEd/o+Cwy0wfoZmbW -qpQJN21PmY8zvnuvNSbyY59m7260mIkD6kZDahmPwBdSCewMIqnPgWV8XAZ2RtXz -uFPAsqom2MFAimGAx3bZgyYK7nYN8J1UDVQZVBWM9KpyVuzB6ZjB0pqQ8+nJaDEZ -MCxwf87KgqQFigREZinWwk3qPORjs901LfUyWTfrRqXd +Subject: /C=US/O=IdenTrust/OU=IdenTrust Global Common/CN=IGC Device CA 2 +Issuer: /C=US/O=IdenTrust/CN=IdenTrust Global Common Root CA 1 +-----BEGIN CERTIFICATE----- +MIIGiTCCBHGgAwIBAgIQQAGDzXXwJtgoZhgWEUwLMDANBgkqhkiG9w0BAQsFADBN +MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVu +VHJ1c3QgR2xvYmFsIENvbW1vbiBSb290IENBIDEwHhcNMjIxMDEyMTgzMDAyWhcN +MzIxMDExMTgzMDAyWjBdMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0 +MSAwHgYDVQQLExdJZGVuVHJ1c3QgR2xvYmFsIENvbW1vbjEYMBYGA1UEAxMPSUdD +IERldmljZSBDQSAyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwpvo ++EM/nDcIW3G5zRNdYZnWr2JO/H+K2l0kVZJlg22+GuloB3ybZxGys0hCeSbXD6Ob +XQ61aJfl5a/KzG7T3lh/3GZIbx+lgZhDSeAWc4YNzsvaQbqIh4aDgsCrwwlNP3ht +sDctfQPsJzMLtdLgJQF+qLOELwj8ngN4Lb5hkCOQaJ7CeHm6KUS+HS9uhggp8jjm +k21xjX/cMoPROKmfLCMYUlFglh44COFsJWGy6txilg0UQRGR+rU3cGhTghAJHcpC +LsirkWM/hsZYWOfYv480cExy0ChUBUs3lGhrrEzuthHqQAkCEj3a5Sm6xPXvucyH +RtGdxrK7Bo03Xvb2/zCbFsuzt1vgqNtX3UCd9/Y3r5KNquFqJQyLngVs675Xhtz0 +XTyV1hHW4IoJaUxc8tiCFSEC9gVoQdxsdyrNF1EJuUMgVdAy8y5I96o9NyMtwNyF +T5oSclN1MuPVINpwT/wFQH6vQX4pZs+ZFedClDJjC+sXlhN3RTn5WY9t8bCVaw7s +XIChkRpdFvNX/D1wjUcqcDFltkdLsa7rJcPLNYqeByX2AFsNX6PEPcqVTkYRkSOW +/1KU6XAnXlteDm2zvkZgMt3Czw3yC1PeemjcHGTziR+ylqI1U4+bgRf6Bbfn2dTh +MSuexPnHHVpI/pxF+/pQx9FXQxjgmJM8G/P26YcCAwEAAaOCAVMwggFPMBIGA1Ud +EwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMHsGCCsGAQUFBwEBBG8wbTAp +BggrBgEFBQcwAYYdaHR0cDovL2lnYy5vY3NwLmlkZW50cnVzdC5jb20wQAYIKwYB +BQUHMAKGNGh0dHA6Ly92YWxpZGF0aW9uLmlkZW50cnVzdC5jb20vcm9vdHMvaWdj +cm9vdGNhMS5wN2MwHwYDVR0jBBgwFoAU+PmLL3+QQ5+P5owstUm4T5KLFnQwJwYD +VR0gBCAwHjANBgtghkgBhvkvAGQlAjANBgtghkgBhvkvAGQmAjBDBgNVHR8EPDA6 +MDigNqA0hjJodHRwOi8vdmFsaWRhdGlvbi5pZGVudHJ1c3QuY29tL2NybC9pZ2Ny +b290Y2ExLmNybDAdBgNVHQ4EFgQUP4tHrmEd62UjlcQ6Le27SNUjKSIwDQYJKoZI +hvcNAQELBQADggIBAF0Qgd08wpH5nbXLq3GVt3dLl0anW0+X9SWgyqvQYfq4VMUF +V1j6aTGtvhcROkE68sWniXL2QwLDN7MA4/Oi38gQezUlk3WITxYsacerJpCarttv +HTbY00f5i+nWlWc+6eNZVS6+HhxypTqqkUfdKIzPcMXphBlZ/FFM4QxaMotCDsbn +gw9E6nk8b+1IReXKaVE15WEmScEJpFryNVkRvnIltYWCMuNT/6DkE/0Q1urJMTzV +M4r5oeTRDYDTyAi4wuBOOI8RE9UhxVo1N2nhPq/qHWFsZDCwpbEmOXLIzBH3I2T1 +Xe9KQ4VUsTUWPBVx/1h0py/qebJPiNRWGQxnm4b++NJ+8nLPULcTsviEp4YB9BRv +vgtrT0qqgaVCtlxPtG03b0r+Q5ewyEzmK2y8IJ6icpbqIqE9QjtYgd25UnPm1TVG +KRHHsixosuEJZ3V752XB4lGh6atQKb4EI0mSpC3AqlD9eWInsM1FlpHDkGvYFHmW +tN4TN0ixHIbAABxDCv5z5EiTlR/v+sE8BTwKmoCr6OII9A6Shzq0Ti4amANCGNc0 +/K8UzhrTNIlWEDi5p6L2CULOSl3E+DPkTMY4hHVUYKtLWGPgAlGs/4rKOH8h43PY +4DVWy7fM3QGn1gdwykTA7Jw/aCBharoTFoRVSRJwGQTrfJsBKaZIeQJhK9Xc -----END CERTIFICATE----- Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD SW CA-60 Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 @@ -3419,49 +3454,6 @@ DFgkQ3k6J5eQsT9+dIXdY42UIFsJzDjkObIuguuIsPlNd3/Sf9vI334Qhw9JdNFX YIhhv6p5vJh33iJaGj/fXof0EW3FresyG5chZvTv46fCq8Yo8rgjzRKaJzMhPp9L zDS03oNFf3kzEEf56IoXbkXniLgpNw6Uas2dDb7AB37ammqnQwgP4X49 -----END CERTIFICATE----- -Subject: /C=US/O=U.S. Government/OU=FPKI/CN=Federal Bridge CA G4 -Issuer: /C=US/O=U.S. Government/OU=FPKI/CN=Federal Common Policy CA G2 ------BEGIN CERTIFICATE----- -MIIHNDCCBRygAwIBAgIUI0IAvqptraZY9TtAP0GClSkMroIwDQYJKoZIhvcNAQEM -BQAwXDELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDENMAsG -A1UECxMERlBLSTEkMCIGA1UEAxMbRmVkZXJhbCBDb21tb24gUG9saWN5IENBIEcy -MB4XDTIwMTAxNTE1NTI0NloXDTI5MTIwNjE2NTI0NlowVTELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDENMAsGA1UECxMERlBLSTEdMBsGA1UE -AxMURmVkZXJhbCBCcmlkZ2UgQ0EgRzQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw -ggEKAoIBAQDlJxRYAIEBQGhhiUzNMWWrVUSvyQ4Lc+6ltq+L6l+023wOsa+VFdcz -CUJQHT9v75gUXQ+RQpFOzvp8xp6jz7rGtSj9avrPw3n9c2nhkg8sHQhYyfkzMrXM -qxh3QwELhMGwZHUQZMZWr8Vr0Vwx8DddhGxyQwpyv7GusjVwJ79qEduI38fl6hxa -ju8LrfN8oBFeDhWpAM6Dip0vY60TK2ymVoRvI8zy3Gy4fjOlSbnjwNpf0knOyKXY -xYCdmUmIbeVZffIK+pNxidx96khD6F/q5w/7QnI50srpKGURzhkJgGggb2SfA7dy -YVNptvl01B7dww3f02vrUol1VUwn+37fAgMBAAGjggLzMIIC7zAdBgNVHQ4EFgQU -efAASet/d8JdQQJlNIqQI5seB28wHwYDVR0jBBgwFoAU9CdcqcN8R/T6pqewWZeq -3TUmF+MwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgfkGA1UdIASB -8TCB7jAMBgpghkgBZQMCAQMBMAwGCmCGSAFlAwIBAwIwDAYKYIZIAWUDAgEDDjAM -BgpghkgBZQMCAQMPMAwGCmCGSAFlAwIBAxIwDAYKYIZIAWUDAgEDEzAMBgpghkgB -ZQMCAQMUMAwGCmCGSAFlAwIBAwYwDAYKYIZIAWUDAgEDBzAMBgpghkgBZQMCAQMI -MAwGCmCGSAFlAwIBAyQwDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMQMAwGCmCG -SAFlAwIBAxEwDAYKYIZIAWUDAgEDJzAMBgpghkgBZQMCAQMoMAwGCmCGSAFlAwIB -AykwgY0GA1UdIQSBhTCBgjAYBgpghkgBZQMCAQMGBgpghkgBZQMCAQMDMBgGCmCG -SAFlAwIBAwcGCmCGSAFlAwIBAwwwGAYKYIZIAWUDAgEDEAYKYIZIAWUDAgEDBDAY -BgpghkgBZQMCAQMIBgpghkgBZQMCAQMlMBgGCmCGSAFlAwIBAyQGCmCGSAFlAwIB -AyYwUQYIKwYBBQUHAQsERTBDMEEGCCsGAQUFBzAFhjVodHRwOi8vcmVwby5mcGtp -Lmdvdi9icmlkZ2UvY2FDZXJ0c0lzc3VlZEJ5ZmJjYWc0LnA3YzASBgNVHSQBAf8E -CDAGgAEAgQECMA0GA1UdNgEB/wQDAgEAMFEGCCsGAQUFBwEBBEUwQzBBBggrBgEF -BQcwAoY1aHR0cDovL3JlcG8uZnBraS5nb3YvZmNwY2EvY2FDZXJ0c0lzc3VlZFRv -ZmNwY2FnMi5wN2MwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL3JlcG8uZnBraS5n -b3YvZmNwY2EvZmNwY2FnMi5jcmwwDQYJKoZIhvcNAQEMBQADggIBABqJXcmGT7KQ -FbGtDn1t2sSlzjk7uneiOkIhtBECXHm0tCAdgbhfaFpaKP6tRwVMgurJRxRFo+Ei -LtJOSx8VvBLMlrNznKP5NIPIHi1LQbJyigx4Vku+XND41XYFgr4Tid6oDAfrKR/5 -IDhcuK4wQ7ygAw8gXfCqp0Xh6M1hJyJv5UgecKxXh2mt6SY5ymJWfQHwCOBjDfQa -WV6DRgJKtWtyB3KDGPOo3Ri8sxnVD3whUMiCp4g4iiKAlWafsRMSxrT5QA+nMA5s -D/i+YyYO6oUOfLzLGai6EVXHG2oDeUD+Z15h88K0O3hQqzlWI/6hyZqVDB63NPVm -AYDyDcvAIFcaVKcjh/7v26D6d0YqA6mD0GaKKMBHuEvdasZ1nSUm0mj37U97mTL4 -UQoRy2pCw20EidhxP81obO5wCw9ZNWh96/pGQ4Bof/jiSmIP75ZulsvtVbVE3aFm -0ejfwNahXtwEgMAsxlv1KvXN0Cj8f6QgYojJuavgpXdUSQmqN3iZj+cpmPuGC9EZ -pjk3DSnKqqgZdGNgAba7DsDGWQ5ZTqAVKvuQSPeL/wGpghuX75cNkPKG9XnCxAI5 -9sOJp+xyuKHSr/YQ+/H0Im2Oq9YWIbwV5b4vfdihUbA9Y4n2EyDCrkcypREh1zbj -ESKiXDB4NvDPciGH+u3lXW8kKBMYV2t8 ------END CERTIFICATE----- Subject: /DC=sbu/DC=state/CN=Configuration/CN=Services/CN=Public Key Services/CN=AIA/CN=U.S. Department of State AD Root CA Issuer: /DC=sbu/DC=state/CN=Configuration/CN=Services/CN=Public Key Services/CN=AIA/CN=U.S. Department of State AD Root CA -----BEGIN CERTIFICATE----- @@ -4232,49 +4224,6 @@ Fiw7W6mV82lJnysChQkKqNVzzXB3b+9lhNHsZKJJ4Rh4cjA7/t8KcCu8vrZJw57t 6SnukBX3949BynMFFUH1UVMgi0/QOBWAoL76Kd9dfuXD1OnOchysB4agvveJ2nF5 ppanUX30 -----END CERTIFICATE----- -Subject: /C=US/O=IdenTrust/OU=IdenTrust Global Common/CN=IGC CA 1 -Issuer: /C=US/O=IdenTrust/CN=IdenTrust Global Common Root CA 1 ------BEGIN CERTIFICATE----- -MIIHOzCCBSOgAwIBAgIQQAFfogGydKNMgHydFcQtITANBgkqhkiG9w0BAQsFADBN -MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVu -VHJ1c3QgR2xvYmFsIENvbW1vbiBSb290IENBIDEwHhcNMTcxMTA5MTgxOTAxWhcN -MjcxMTA3MTgxOTAxWjBWMQswCQYDVQQGEwJVUzESMBAGA1UECgwJSWRlblRydXN0 -MSAwHgYDVQQLDBdJZGVuVHJ1c3QgR2xvYmFsIENvbW1vbjERMA8GA1UEAwwISUdD -IENBIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+PjUxzWmD/upc -/DwguPonIC8WbR/FJZ8/uEGLbCya/aLewhSD4UHXyVjUnpWMjUGyVXlK18RfbHtN -Jo6FYqaFQN82VxU35orHEswMoBbo5aywtIjh18Go0AZxr3T+L+x+lsvsLLH+PlbN -z/W2kS77EO37AJHTjI21iNNHGLd5x0sANxKy/m9/t/zoZiiL8UPlpD4TAHSfOxqn -JQrRfgjbmTny7Dc5v0/zU/Cb8ZFjCGyrVvebddI9J6e8FqXkx9ksjUoYerdsNd4G -t5QIpd7fnKPeKvrwksm0XlFj9ptUwihPvIxcaBTCnOB8BfvCirgFBVZgCsrZYX7E -ILEhdDd3AgMBAAGjggMMMIIDCDASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB -/wQEAwIBhjB7BggrBgEFBQcBAQRvMG0wKQYIKwYBBQUHMAGGHWh0dHA6Ly9pZ2Mu -b2NzcC5pZGVudHJ1c3QuY29tMEAGCCsGAQUFBzAChjRodHRwOi8vdmFsaWRhdGlv -bi5pZGVudHJ1c3QuY29tL3Jvb3RzL2lnY3Jvb3RjYTEucDdjMB8GA1UdIwQYMBaA -FPj5iy9/kEOfj+aMLLVJuE+SixZ0MIIB3gYDVR0gBIIB1TCCAdEwDQYLYIZIAYb5 -LwBkAgEwDQYLYIZIAYb5LwBkAgIwDQYLYIZIAYb5LwBkAgMwDQYLYIZIAYb5LwBk -AgQwDQYLYIZIAYb5LwBkAgUwDQYLYIZIAYb5LwBkAgYwDQYLYIZIAYb5LwBkAgcw -DQYLYIZIAYb5LwBkAggwDQYLYIZIAYb5LwBkAwEwDQYLYIZIAYb5LwBkAwIwDQYL -YIZIAYb5LwBkAwMwDQYLYIZIAYb5LwBkAwQwDQYLYIZIAYb5LwBkAwUwDQYLYIZI -AYb5LwBkAwYwDQYLYIZIAYb5LwBkDgEwDQYLYIZIAYb5LwBkDgIwDQYLYIZIAYb5 -LwBkDAEwDQYLYIZIAYb5LwBkDAIwDQYLYIZIAYb5LwBkDAMwDQYLYIZIAYb5LwBk -DAQwDQYLYIZIAYb5LwBkDwEwDQYLYIZIAYb5LwBkDwIwDQYLYIZIAYb5LwBkDwMw -DQYLYIZIAYb5LwBkDwQwDQYLYIZIAYb5LwBkEgAwDQYLYIZIAYb5LwBkEgEwDQYL -YIZIAYb5LwBkEgIwDQYLYIZIAYb5LwBkEwEwDQYLYIZIAYb5LwBkFAEwDQYLYIZI -AYb5LwBkJQEwDQYLYIZIAYb5LwBkJgEwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDov -L3ZhbGlkYXRpb24uaWRlbnRydXN0LmNvbS9jcmwvaWdjcm9vdGNhMS5jcmwwHQYD -VR0OBBYEFAjlXYGueRQcvBigwQYC/x6qlLztMA0GCSqGSIb3DQEBCwUAA4ICAQAH -cbu3cVlaewD3mhydu2reXMPnMXIysZjgI9WQV+uvsJy9uk42eAsobNqdaFo+FJNf -9JyhNr0PBTb+n7E9tbd2yyhTPJyoALg3y2n1LvJ05WDNNPdTF79jtfblt/Q7Jthz -HVxLSpDxzCd3ugjCFqWvOCRpPmwguyY9LAZHf0BmhPnhH+H/MeyU+hAIGnDb9vu4 -ZAYoxnE8U1qg5j8878iMeUP2hldI1XoONWIGTXSY2Bn08m6pEqag+/x22nFHMmdx -NWwdvRFAw6skOoSFGj6B/p+N8g78ZK/VeVsOCXNU12fhbwU4Vz4B4Ot0SJIzzCN8 -865XMnZhkF8dNi80pCzdPDQUmtJjo0jRmSNCyaNQ4JyG3h/cCNvfZGYpBGWIePlW -wbrr90NhpD6kEWi5U5t/lFM+4ZLFJ0SPdB/E7Cjkq3LNn1uXWQCTu/qSn/RjWXuh -jr3RfROu3M0goUeX65g4WicpXF0NM+aOUefQUFuzcx7PAOR2uO6Ks2Q2z09QV4hq -nS5BXUkxOHfUD0rdSKmKIrIodaU4+1dkdTnXEnAAMVYawVW+vlr36noAtBnGOEZz -+9+RvcReHhEH5fWdowSGxm7dtLZ/naVDQdgHTkyjeTVru3SyfaHUH0Do/QaXwHvV -cQU6yDQaVUIyUiHcl/PJUKA5KpKujllZYMgPAUW//w== ------END CERTIFICATE----- Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-62 Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 -----BEGIN CERTIFICATE----- @@ -4807,6 +4756,47 @@ aNTZANvU3e/U+O7jo8+PrRpIzCqY72QLKxAHw9VknWmEzWjkkWBYltdzka9CPuM0 6rHkpFYOQic91Z59ExUlHmHb9+GYlyYBvJX5LnrDi+Ai6CvLqCLnmldOnm7rPyyf mzywCD7A3TRBcaiksPGLPQtIoRL4qpGNoI6/iwbmCf+ZJRsGCXVAwg== -----END CERTIFICATE----- +Subject: /DC=gov/DC=uspto/CN=Configuration/CN=Services/CN=Public Key Services/CN=AIA/CN=USPTO_INTR_CA1 +Issuer: /C=US/O=U.S. Government/OU=FPKI/CN=Federal Bridge CA G4 +-----BEGIN CERTIFICATE----- +MIIG2zCCBcOgAwIBAgIUF4oefEkZ1zCoDQiv0rj+pmvf8PYwDQYJKoZIhvcNAQEL +BQAwVTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDENMAsG +A1UECxMERlBLSTEdMBsGA1UEAxMURmVkZXJhbCBCcmlkZ2UgQ0EgRzQwHhcNMjIx +MTA5MTQ0NTU1WhcNMjUxMTA5MTQ0NTU1WjCBnDETMBEGCgmSJomT8ixkARkWA2dv +djEVMBMGCgmSJomT8ixkARkWBXVzcHRvMRYwFAYDVQQDEw1Db25maWd1cmF0aW9u +MREwDwYDVQQDEwhTZXJ2aWNlczEcMBoGA1UEAxMTUHVibGljIEtleSBTZXJ2aWNl +czEMMAoGA1UEAxMDQUlBMRcwFQYDVQQDFA5VU1BUT19JTlRSX0NBMTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBANV2rJoHW5W0anbgBM0m4kQqFZYtOl5q +lovpVS9r5KziQRDGBT9/C+gyOwR2ClCSRnh6Layh/uD3OfnVQtRttJ/fZBhM52hy +BTV9m1EmazHNNtLgUlpnYRRWK7RbiIrz5/uq82Z3X+uwBKPEIB9t5LT6aiaGRg55 +zjcirF8iWNJQH5oL7n24RBtA5zpYZsDXDcc5hd0A5bGCGG0EuZ47yOUQIPr5s5Ld +bHTEx5+jerNn0v6xZ8h4m0vqUo5GYV/Q/1V1b7zvqhfJgwWps9Y2sopdXAkIKj6l +32ry7AGrG6onBmkojI0bM/IsGzmisxEur8YYlJRqXO6ZlzATxe+ZjqkCAwEAAaOC +A1kwggNVMB0GA1UdDgQWBBSNR0rRXkXq7i9RWEchTxLrynqhXzAfBgNVHSMEGDAW +gBR58ABJ6393wl1BAmU0ipAjmx4HbzAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ +BAUwAwEB/zCBiAYDVR0gBIGAMH4wDAYKYIZIAWUDAgEDAjAMBgpghkgBZQMCAQMD +MAwGCmCGSAFlAwIBAwwwDAYKYIZIAWUDAgEDJTAMBgpghkgBZQMCAQMmMAwGCmCG +SAFlAwIBAw0wDAYKYIZIAWUDAgEDETAMBgpghkgBZQMCAQMnMAwGCmCGSAFlAwIB +AwgwgY0GA1UdIQSBhTCBgjAYBgpghkgBZQMCAQMCBgpghkgBZQMCAQIHMBgGCmCG +SAFlAwIBAwMGCmCGSAFlAwIBAggwGAYKYIZIAWUDAgEDDAYKYIZIAWUDAgECCTAY +BgpghkgBZQMCAQMlBgpghkgBZQMCAQILMBgGCmCGSAFlAwIBAyYGCmCGSAFlAwIB +AgwwTAYIKwYBBQUHAQsEQDA+MDwGCCsGAQUFBzAFhjBodHRwOi8vaXBraS51c3B0 +by5nb3YvSVBLSS9DZXJ0cy9JUEtJQ0FDZXJ0cy5wN2MwgdkGA1UdHgEB/wSBzjCB +y6CByDAwpC4wLDETMBEGCgmSJomT8ixkARkWA2dvdjEVMBMGCgmSJomT8ixkARkW +BXVzcHRvMDCkLjAsMRMwEQYKCZImiZPyLGQBGRYDZ292MRUwEwYKCZImiZPyLGQB +GRYFVVNQVE8wMKQuMCwxEzARBgoJkiaJk/IsZAEZFgNHT1YxFTATBgoJkiaJk/Is +ZAEZFgVVU1BUTzAwpC4wLDETMBEGCgmSJomT8ixkARkWA0dPVjEVMBMGCgmSJomT +8ixkARkWBXVzcHRvMBIGA1UdJAEB/wQIMAaAAQCBAQAwDQYDVR02AQH/BAMCAQAw +UQYIKwYBBQUHAQEERTBDMEEGCCsGAQUFBzAChjVodHRwOi8vcmVwby5mcGtpLmdv +di9icmlkZ2UvY2FDZXJ0c0lzc3VlZFRvZmJjYWc0LnA3YzA3BgNVHR8EMDAuMCyg +KqAohiZodHRwOi8vcmVwby5mcGtpLmdvdi9icmlkZ2UvZmJjYWc0LmNybDANBgkq +hkiG9w0BAQsFAAOCAQEAHaAwTjGPDU7ZF8XnYR30GeDivsU8SSdRsrtFN3d/utKX +bKNRQd9CIQIf8YWGh4ahNe+LPhF/lclj739gXfL+o1jV7jCIOQ5dhAC/LCQY1ybc +eZ1+2oMcnZajLao8LYh8wE2e8uH5Nj9Pe3a2rr3fXbty5BahCwYEczGBCWIK8YWi +WG5ip/OWETl0Otdy7hP0uN6QBWIk89xUPDXYRFpfS9RDN2hPxmnxLeMY45yMrZVO +yNHsrX+iH7ovDd8rjLHI0DmuY233fP+L6EWTYDqYN/3zeI/PVZUo1BeQ5ug3/W1X +k4slu5Vhcxmo9tAqRekXOiyudrx84HMWXWAn5Sc8oQ== +-----END CERTIFICATE----- Subject: /C=US/O=U.S. Government/OU=U.S. Nuclear Regulatory Commission/CN=NRC SSP Agency CA G3 Issuer: /C=US/O=Symantec Corporation/CN=Symantec SSP Intermediate CA - G4 -----BEGIN CERTIFICATE----- @@ -5301,55 +5291,6 @@ AjHO8CdE4oGsdTGUsJ63ippR7Bi8KVCJfteI5N9jM9T7UI7W6mVd8xqzM57ELpgj Uqb3ET0D/Z0GRKolWwdPO97u6iGr3B9ZwRdI7oNXeZ4QI1No3gsHp3yL3VJ85Vxj C1AMhdxFtgQHKP/1A0E= -----END CERTIFICATE----- -Subject: /C=US/O=IdenTrust/OU=IdenTrust Global Common/CN=IdenTrust SAFE-BioPharma CA 1 -Issuer: /C=US/O=SAFE Identity/OU=Certification Authorities/CN=SAFE Identity Bridge CA ------BEGIN CERTIFICATE----- -MIIIbDCCBlSgAwIBAgIQG6FgKejX7Se7UmgqGI/hwjANBgkqhkiG9w0BAQwFADBr -MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNU0FGRSBJZGVudGl0eTEiMCAGA1UECxMZ -Q2VydGlmaWNhdGlvbiBBdXRob3JpdGllczEgMB4GA1UEAxMXU0FGRSBJZGVudGl0 -eSBCcmlkZ2UgQ0EwHhcNMjExMDI4MDAwMDAwWhcNMjIxMDMxMjM1OTU5WjBrMQsw -CQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MSAwHgYDVQQLExdJZGVuVHJ1 -c3QgR2xvYmFsIENvbW1vbjEmMCQGA1UEAxMdSWRlblRydXN0IFNBRkUtQmlvUGhh -cm1hIENBIDEwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDHOwA/1648 -j9RoHQjXun713vwN7mwfSqafNKlZdqkhKFwaHfWUaP5+TAywwNYZQu+IXku14X32 -0iAhQxqL7vnAJ0Uo5t3xfFwgv2Uru24g2qslGZ+08dDe6dxoHgcuQ0GYZWxIkvAq -tVIcr80I0iZhI9pRXjc3MHRi5MtseoTQJp9B7MRDQGDRQSA2eiF33YbJ6fqVVOD6 -QarCoxA6tDTbMMpc/4EvEIi/lpyZIvZkqhQrfBZgJbjWstwVbwstSwrOM5lQWfTa -8FXG8h+Fsycz2zJY9DzITWEktV0cHIc8ouLHo4HIz2zGDjhAqcDEi7zzb7B3X1tN -j8DiyptSkUFjM0ivYXTuuOc6STBzk+qJ3BVMeZVZ4I6+MUf0+Omo7deXi8hgjVp5 -P7wqK3GpiRr9AvxP2fMFlDs2uCaMRZqtTHGmlcIhSHUciR8/UcoEI9wQis3zIxCz -U2nnuPXdHuNgAdna/GFxpiyLozF59Wkyk/3G4MBS3ifw0a+4lkDmhCkCAwEAAaOC -A4owggOGMB0GA1UdDgQWBBQMfkYIOWv/Lia7rkeT+X4qD65wKDASBgNVHRMBAf8E -CDAGAQH/AgEBMGsGA1UdIARkMGIwDAYKKwYBBAGBtH0BBDAMBgorBgEEAYG0fQES -MAwGCisGAQQBgbR9AQUwDAYKKwYBBAGBtH0BBjAMBgorBgEEAYG0fQEIMAwGCisG -AQQBgbR9ARswDAYKKwYBBAGBtH0BHDA6BgNVHR8EMzAxMC+gLaArhilodHRwOi8v -Y3JsLm1ha2VpZGVudGl0eXNhZmUuY29tL3NpYmNhLmNybDAOBgNVHQ8BAf8EBAMC -AQYwCgYDVR02BAMCAQAwEgYDVR0kAQH/BAgwBoABAIEBADCCAg4GA1UdIQSCAgUw -ggIBMBkGCisGAQQBgbR9AQQGC2CGSAGG+S8AZAIDMBkGCisGAQQBgbR9AQQGC2CG -SAGG+S8AZAIEMBkGCisGAQQBgbR9ARIGC2CGSAGG+S8AZAIFMBkGCisGAQQBgbR9 -ARIGC2CGSAGG+S8AZAIGMBkGCisGAQQBgbR9ARIGC2CGSAGG+S8AZAIIMBkGCisG -AQQBgbR9AQUGC2CGSAGG+S8AZAMBMBkGCisGAQQBgbR9AQUGC2CGSAGG+S8AZAMC -MBkGCisGAQQBgbR9AQUGC2CGSAGG+S8AZA4BMBkGCisGAQQBgbR9AQUGC2CGSAGG -+S8AZA4CMBkGCisGAQQBgbR9AQYGC2CGSAGG+S8AZAwBMBkGCisGAQQBgbR9AQYG -C2CGSAGG+S8AZAwCMBkGCisGAQQBgbR9AQYGC2CGSAGG+S8AZAwEMBkGCisGAQQB -gbR9AQYGC2CGSAGG+S8AZA8BMBkGCisGAQQBgbR9AQYGC2CGSAGG+S8AZA8CMBkG -CisGAQQBgbR9AQYGC2CGSAGG+S8AZA8EMBkGCisGAQQBgbR9AQgGC2CGSAGG+S8A -ZAMDMBkGCisGAQQBgbR9AQgGC2CGSAGG+S8AZAMEMBkGCisGAQQBgbR9ARsGC2CG -SAGG+S8AZCUBMBkGCisGAQQBgbR9ARwGC2CGSAGG+S8AZCYBMEUGCCsGAQUFBwEB -BDkwNzA1BggrBgEFBQcwAoYpaHR0cDovL2FpYS5tYWtlaWRlbnRpdHlzYWZlLmNv -bS9zaWJjYS5wN2MwHwYDVR0jBBgwFoAUmaQazdxvxqgIPq22lmx+1883pMkwDQYJ -KoZIhvcNAQEMBQADggIBAI7W6/+E22pGpkWhbsdsIkzHofF9LrS4CdjbHopgC7dh -2U1nitjRsXwqJSCn1kXjJ1dX+6vkJmpQdmVSOLkqLx2tLoj9x1x9C2biDHFJTPSe -jFHQLYlJV40pB3aqFeql/4WtlCX4MGNcAIa2lXloPVFyUp6OLE5WEC/BuxBKyRaB -X4aurWEFq8JG/m/62XuAspzd/rhu/yz8UGlChOXjOUkExFwsO4/l1DhqpyutkiPA -Y8AAwauKSY0QHUj5d0bfV7kY2HxV5zlFCQKCzyJ2smUAUb9a6ZLMCx62K20ghLPN -xz0baZX/S6x6aCDwUZyC7osKvd7CwgX1WjLS5U+FqBFY7tw1RLFwKeMP4aWlRZeL -EmJ1UHxoL0FTnXPoGlKstgqf6GVmwCG7wA32hIWGBn2eH7H9HHt/uBCMr4Lf7oeB -fD31NJNaFQo5JbDNy+s6j0wdlLWQCMtMID1MdB58asN0uSM/KSZ2SUd+8TuegSmJ -7qpc9+B8NZ9Hg2aOGhlf7eYPx6FOz51WPsON37aULx7I19f9sLLRUVeLmL6VAQVH -+rUX+PxJxXmUtu8nos6imbswMmo2wMpHMUGnAn44sREF13uCxzxZWbapYHLewD26 -fD6T16RGOqUE7kEDJRiTZrPu4zWotd8hg08YZqqbJwVEMPLLzzJwxL24pIAcHo49 ------END CERTIFICATE----- Subject: /DC=gov/DC=va/OU=Services/OU=PKI/CN=Veterans Affairs CA B3 Issuer: /C=US/O=Verizon/OU=SSP/CN=Verizon SSP CA A2 -----BEGIN CERTIFICATE----- diff --git a/config/cert_bundles/login_bundle.pem b/config/cert_bundles/login_bundle.pem index 15a0182f8..54bfc3ab9 100644 --- a/config/cert_bundles/login_bundle.pem +++ b/config/cert_bundles/login_bundle.pem @@ -291,35 +291,6 @@ zFrJ2ZIDfVzn1EG8qosPWN2vzBE633eBfm9VWobMR4Uxs7ZiFzJFRDy/ai5DGJ1j fxVglI8q1YD4UU0/yaeMVgaGwoCx9sb+q5XCXEn9MV2dbmVf4D+jVm12xYYd146M G6vK43wgw7eLa6LNYNCF1g== -----END CERTIFICATE----- -Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD SW CA-53 -Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 ------BEGIN CERTIFICATE----- -MIIEjzCCA3egAwIBAgICASswDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL -EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM1MDM1WhcN -MjIxMTIzMTM1MDM1WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl -cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E -IFNXIENBLTUzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwTewS9iv -ChYtMvNBYEOjVcVqr+3VOAEgyjt7ieJUVPrFDgtL9Sz+eXX+uBXkJwYjS0gtex6L -RuNtdcLkukoJu34ZxnfUwc8rgTwNV8VtIyI2GJq/u/FjGwK8fHkzslOzwF8KoA6N -NTYvKy9XohBDrrYGpRq/RuDttVfiJ4Yvcii5J6+uZTvT9035EksqjV7A+sJkFVqI -3MZ83kN9O0ZJf4dEj4h4DKqQYHTRrpy/BL4pTGxmSpnQHne63ToqsoZntTYCYhB5 -6izOakbsUTYVauwYqlNVf0j20IwcZibztp7wqV2NgGzA81LndhYLQh+8KsDabTSV -sZMvLHfEAeLdhwIDAQABo4IBXDCCAVgwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW -qvLczmbuRcAwHQYDVR0OBBYEFFHEizOZlMB+uzYd4+I6Bb0ydJ1TMA4GA1UdDwEB -/wQEAwIBhjA9BgNVHSAENjA0MAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ -YIZIAWUCAQsqMAsGCWCGSAFlAgELOzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1Ud -JAQFMAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9j -cmwvRE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5o -dHRwOi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAG -CCsGAQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOC -AQEACZtxX9lr6sye0RUSOLYzLCU4jVDNSQgz3qq8Kk7dJ97GdsuBzACcCIwFDpNd -tjMtD+mwNjgfeRY5ovyMEH3ZzVhIqGpQo4WLeE+bjy3fNcU3rsb2SHNaEpRddWQ3 -jnOc3jlyg/sHaR6Jg4JfQ1G9za46AReVa1nJLHjt/BO5m/3D4iJmpJvq2Qp6N4eF -a2VL6s8uAZKnLCocjZU2B3wYZMyaSgppaE4TOe/Hc5HJw245/cFLUL8I02iYfv9E -KQDuTGqNzGrBuKp9LMpRrBWb0boFrZaONcVXjtCqi05fo1Fd/JhuvfraTpgxmVXi -1OvgVGwq5lsxW2pbjSpBFebaRw== ------END CERTIFICATE----- Subject: /C=US/O=U.S. Government/OU=U.S. Department of Transportation/CN=U.S. Department of Transportation Device CA G5 Issuer: /C=US/O=DigiCert, Inc./CN=DigiCert Federal SSP Intermediate CA - G5 -----BEGIN CERTIFICATE----- @@ -420,35 +391,6 @@ BTZMdZmvoNtjemqmgcBXHsf0ctVm0m6tH5uYqyVxu8tfyUis6Cf303PHj+spWP1k gc5PYnVF0ot7qAmNFENIpbKg3BdusBkF9rGxLaDSUBvSc7+s9iQz9d/iRuAebrYu +eqUlJ2lsjS1U8qyPmlH+spfPNbAEQEsuP32Aw== -----END CERTIFICATE----- -Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD SW CA-54 -Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 ------BEGIN CERTIFICATE----- -MIIEjzCCA3egAwIBAgICASwwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL -EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM1MTI4WhcN -MjIxMTIzMTM1MTI4WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl -cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E -IFNXIENBLTU0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq0wnaj/j -ZzXRnZnNDN5rMZW7OmPPcrG+8IQW6oHretQqvj/HCnAyX3sl5TvT6bLCG4UfLBAx -4VRCvpsVW9fME/43E+N8pyUDjlhYe8BHO9e0RfbVjMgDh6tLagvjN3MfThg8E94C -6TRisdifkP6WonplO1sbv8YD49GjmBWLs8KtU3xzw/StQrwNfymY8aW4lXJQa/Ca -+FXzz/tRh7Mclrlz6QCzgdHAliWK4s5tsXDxeZls2/tvTaZQCVCiyccDdc//lYzL -UIwg3lnPcoV6CPhhw+QW4q42Y4oSu48Z9g/fAvqhrK1U0S9mHl1vWLDTHI3hkwmd -T/O2WgKh8nvx8wIDAQABo4IBXDCCAVgwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW -qvLczmbuRcAwHQYDVR0OBBYEFLC3KL8sBImKdCavqhOMAhBVgXmxMA4GA1UdDwEB -/wQEAwIBhjA9BgNVHSAENjA0MAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ -YIZIAWUCAQsqMAsGCWCGSAFlAgELOzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1Ud -JAQFMAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9j -cmwvRE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5o -dHRwOi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAG -CCsGAQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOC -AQEAZF047yS8bq8lkMpoxFrJjmbdD1TNpjnWRmImQ32uPwNkrDbspNJ4GdqAh3N6 -ueIMcPUSmrIEs9GRZGJzOeTQ6tcQKCyWy+npsI1DQ/k5Xz0H375Bw17gnq2Bpjdy -s8zeg8I+2lDOjSNr7RgVWWB+2sVWXdvILx4Wkh6vX57uEud046HBmc4NeDiHAer8 -NIac5A7e379NRyuusNGXkAm3g7GsE/Y7MrFsKKsMlHb+gFXVgD0DBhtF22YqmA/R -QvTz7Ij1AD++Gv5I4IIzJFMryN6ED6XduWcTtk9Cnf0uY0z+VY8RFw9nOkECFc2b -BA8L2LlruBOzMWbFy4kH7G/hrA== ------END CERTIFICATE----- Subject: /C=US/O=U.S. Government/OU=Department of the Treasury/OU=Certification Authorities/OU=US Treasury Root CA Issuer: /C=US/O=U.S. Government/OU=Department of the Treasury/OU=Certification Authorities/OU=US Treasury Root CA -----BEGIN CERTIFICATE----- @@ -1001,36 +943,6 @@ x0dvpCIInDyfIib9dcE0cdGVlEpeAEMQFjpUbmCNpTlKUtSroY8CfZCOmi+Rp/fT O1Le2QJvSK0J9dS21rwV6SCtf+en2Razi0/S44tzOFa4fRdJLHTYPutu69p6+YMh Sul++7G14BLwhmWa2iRcjw+AlQ== -----END CERTIFICATE----- -Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-50 -Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 ------BEGIN CERTIFICATE----- -MIIEuTCCA6GgAwIBAgICASgwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL -EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0ODQ3WhcN -MjIxMTIzMTM0ODQ3WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl -cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E -IElEIENBLTUwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy1ncM1bN -JJHiu1Bh5jQ8r+Y1L2pvw+6YDLGE71z5gquBqisOC6XLKffKdBSF2U55vvp0m5J8 -WdF5DSfyfdAJ7S1HlzFYVW+0KjGLELKV5tWZh/aXu8V85ZaaYkvJeeEU5cIYWLKK -RAr1iygwnslhy1Kb7xhYV7gLYc29Wm1EgZiJ2Xm9M11FIauo40EXmQFniz4FLE/S -4JB1lbYiP1jGa4zJrdnec1k65tZk/K4hdi2diS+9mEUz3PWrzNqjrHKxFocnh9qS -NGqJfyfXxXgKTrZw2UG83IxHKvIpMPodX4SYUwRm5HRbrG6c1Fx12NC2go16w3dD -ilH+aUduTNpmFQIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW -qvLczmbuRcAwHQYDVR0OBBYEFDYuUt50qp7sux+T0b62ULXGaQv5MA4GA1UdDwEB -/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ -YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB -AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA -AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E -Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v -Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF -BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEAbAli -o7+gWX5YytmPMD9ic+aX2s0NaSdSauFYmb6khtN0CCocIqTI/TyfRJTjhI6wRNoa -ckcjVa5H3EOp4vOrtLN4TxbhNqdE+IHafWE4/btDstI5PrA2hlFZb1zvM5EQC8u0 -BZQ/DqyShOjypvxldvol6UGjys7wecPxt3cBJC7uroY+nqfxHnOIxRFoJGdC7pSm -f90/uDcX87oCbK/FrzJBO+/V2lGHiByC7ahcP59a4Xd69lHSMtRWquclAyBEy1Mx -p7Bx/v5kCpv14JE6SBlYEwhFrTt4aT49FQEQ9aJFKRv7j20sS/6wxPzGx24HE0Gb -XwusK9jo5skGLLUC3g== ------END CERTIFICATE----- Subject: /C=US/O=U.S. Government/OU=Department of Energy/OU=Certification Authorities/CN=DOE SSP CA Issuer: /C=US/O=Entrust/OU=Certification Authorities/OU=Entrust Managed Services Root CA -----BEGIN CERTIFICATE----- @@ -1276,36 +1188,6 @@ FELs8KtqM6X5uLKGPUhjGOeLBijzYxF+nd1GM9kRiyw5v7j06jrVTuIVwcSQPcsX pHNtbzW/Tx2dRfHn0w8WkSQdDvwSTuo1pWOYBo6yJhRwSm3/4rmawxlp3p8lXuiB SlUDxA== -----END CERTIFICATE----- -Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-49 -Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 ------BEGIN CERTIFICATE----- -MIIEuTCCA6GgAwIBAgICAScwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL -EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0ODE1WhcN -MjIxMTIzMTM0ODE1WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl -cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E -IElEIENBLTQ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2EngKIwP -Cl9+dsIByO2uONNLKhpnFypBAE+LM8+kekt4/HG6StaU/fmqFTRiVI0Uh+td9BWe -8NXOYrhQRo6FVSxBkLtWZX8Px2IHxiqQ1lnrZK9UlCo8h3MPpiN8VEjH2bP/WSa0 -oZEWzEDKLB5tSKerddc+QL2uEHb+Gfym6i+5qPOLXjV00FY24FdNOyHaRjQTM/Lf -sjWoFItHTKp5B9QogdKnyg+WkAARYtbd1nqtDXv6Fph5HaT39SEnRhc+lkrRDpDY -c+HAU6Xywik+stgv2yFk1MhFpF5/rndEwMLIST0+lSpahJKGmYtg1VKcnDcq5CER -C31gl6Yr7ffjAwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW -qvLczmbuRcAwHQYDVR0OBBYEFNhnk8pG3MmVppSzBBicziU6lhxNMA4GA1UdDwEB -/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ -YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB -AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA -AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E -Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v -Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF -BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEATmfP -QPkolF5PB0fS/9DrngX0tmdSwlidBtrkY6vL/V7IMKqJk7r+hHW6k9+nxijHFj6Y -J1+4ElpH/PwWPsqwVIshQxECvJKfo3OfN3a8Mn6Hog5kXJl5dMb0vJOpWQ9UhmG2 -m9UUZ9847wSlbW0vMHL0puuTso0365vilPO5JkapEXcFXdc3LDxXW8BR5NHyaN3V -mvfD/qAqe4BiBx2+WAxsolTJQ5IMjG5tIN7WE6VJdUAm6EIgbuFfvG1KiWQJLHkL -XdTvwdUTqX9JQYswfvoCwvHRh+I2mZX+/iH5HKLcaxqW8b9JnHCtfMSBZqLdI3nG -IBw48tRul8lbrg0mJw== ------END CERTIFICATE----- Subject: /C=US/O=U.S. Government/OU=U.S. Department of Education/CN=U.S. Department of Education Agency CA - G5 Issuer: /C=US/O=DigiCert, Inc./CN=DigiCert Federal SSP Intermediate CA - G5 -----BEGIN CERTIFICATE----- @@ -1373,36 +1255,6 @@ U8jc2aPDIK5KTCtzh2tfEG6dkjykPosx5ZwNjcZ8IkTFoIh7hsLxniu8kHhOd2k0 6nM+ctNiBdl2nCQ7GpDSJaL+1MJsXkVjav8ZCBRL9CXwAZSodu2RpkSuNSwrmLmw V0lxFBzM+0lGoM8FlV31siMrQBoi0pjDgSjkkJFMFA== -----END CERTIFICATE----- -Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-52 -Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 ------BEGIN CERTIFICATE----- -MIIEvDCCA6SgAwIBAgICASYwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL -EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0NzI4WhcN -MjIxMTIzMTM0NzI4WjBdMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl -cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEYMBYGA1UEAwwPRE9E -IEVNQUlMIENBLTUyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw4pb -qFZ5LPm9gcWT24lCj8yLQHYdzntTWgMqPVyveG88rA+bXiAWO6zWUsjPlYQHfxiN -qTZemKgK8OUkVQA4oiQ59EzcNiRsZp1hy7nvDpFcW/0WJzHY5M84ThI57zRH20Ac -iNw1DB7XmR5yJFKTFusipWgsqwWRTtpJlLGJXhTHyG6aNxP6HEXbTLAM4x/0LM9Z -Q2yYihUufgtJYGeLapNb1pPLsPVchhJOQjLFyp3Kx9W1xfjUFftE9FQAwCBJHyC7 -tFMk6DlITy4s7ptst1nNbPYdzGmiix/P7+I702Yn8H3YbmhFD3d+fkhCXqsjio0y -0wWFDaa6vmm3RqF1GQIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHId -gXoWqvLczmbuRcAwHQYDVR0OBBYEFOlmDFyb4lpKsgM2NP18yab4qwc5MA4GA1Ud -DwEB/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycw -CwYJYIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFl -AwIBAxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQF -MAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwv -RE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRw -Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsG -AQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEA -dYEfuTkBoJLwzyIZ/lrxB3ECCes2zWMLe1RsRrQ3QUhkeLcqxxwG1z+UbbmWkrSS -JS0Q1XeLRiT7P1x+ycs1Gvoy5V4CFOryb5eNaDpOclJdXOiRjOGvS0wSeSLGnT/d -lRPrQZcoEm+DFvtSMasu/zR8DnaepKpWLvyFXwvoimvsQVvz4tOS2o4u400KLPBo -MQbTwpDmk39wxf4Aq4m8hznf2BhAy20YH6jY08gXg0pNDVh4CZIxyF2gmE0TDXPv -sx77lxYKW3Bx0ZxHIcfBKifjSiTrGlLeEP9LfEQdpCjJqhG/3BFy6flzwJDEHqHH -swhN9DCJn+3xTeq25PUXPg== ------END CERTIFICATE----- Subject: /C=US/O=U.S. Government/OU=Department of Veterans Affairs/OU=Certification Authorities/OU=Department of Veterans Affairs CA Issuer: /C=US/O=U.S. Government/OU=Department of the Treasury/OU=Certification Authorities/OU=US Treasury Root CA -----BEGIN CERTIFICATE----- @@ -1554,36 +1406,6 @@ Tlyy7D2vD4jtU5pzzLIcZfjdL9xydeb00ElrEcEUG3dsS9YBod8hfIz84s7UffaL 6Igr+uBfalHjzhjOdBtVitlpSW2gkj535BjwMO5yGtfz2j8za4+pHPhSsp6EErWz UH9cx4yPX6UoeQn16s8X2RNER/JZ5t+otYRevg== -----END CERTIFICATE----- -Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-52 -Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 ------BEGIN CERTIFICATE----- -MIIEuTCCA6GgAwIBAgICASowDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL -EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0OTU3WhcN -MjIxMTIzMTM0OTU3WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl -cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E -IElEIENBLTUyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAltzcMp2O -02t+fwd7rTlugoKqYF8eo/3M+JVdppPAHTiJVaVt0JSeM4xyZsKNoPBoFW/yshnx -lRv/LyNx0VBbn+4mJ7Ea1U4FBPxCSZ68VYqKdV64UMhndawVBJM3Oy8Y3ZxPldTD -f9ApCg4dZXSEiSnShO8YuphrNbYAd6YrdUn1IhDAhw90VTU3GMLru4vx60vFHscW -eZHpHfET8AsClbAyqu65bsa1+o0XvGLQy2GTMzEVaR1NhYVWKRSwgqW57gbE8pV+ -63WYNwi8XIr/2TaJ5GvgBVCbgJWAwsSfFTz21ZqOou0d5xYu79iIIue5DEoRW1bm -qserHNG7gsMvHwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW -qvLczmbuRcAwHQYDVR0OBBYEFJroUayRVNeUmgRI+iJ5/8bV7oYrMA4GA1UdDwEB -/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ -YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB -AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA -AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E -Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v -Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF -BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEAkxvd -sbOh2zGZCsj3nu9fHEMClJVtK4kJzPJZPi44gdSn+U8X5lbtT0kxsRrqCAZntlgQ -mp+DxnQClr35fjao3wF79nQaIOP2789a9VWZgyJfPrV2KLsxAH4/oOd2ZYdUtHfC -lbfZwbpxFulBqPWxysKQOx3XC/3LszCR0YFqbV/c5hBRB1A4sWBlF8KRGQyKdAyc -K7PrLcSMnLq04ugd5MfYWuJjJx/USNNWlil/LzqyCFzxPp4nGBB8y8s2LcZyvofh -HIBN9qxl3+EXcJyeyqyNiVZcgJi+DLSmBCckb2J6lN9tbGWV02WK+8OiAiZ31CfJ -/sezZ58EZayGYS031Q== ------END CERTIFICATE----- Subject: /C=GB/O=Exostar UK Limited/CN=Exostar Digital Certificate Service Signing CA 1 Issuer: /C=US/O=Exostar LLC/OU=Certification Authorities/CN=Exostar Federated Identity Service Root CA 2 -----BEGIN CERTIFICATE----- @@ -1614,36 +1436,6 @@ ZmXvNKKeBi/JmMdMP11csWCCN66ISagssDkTfvWjb7zyfU7UtLOM40jbYgqeT5NV I+mASpi8tL7F7wVU7fpKammnKaKEirRz9W0yrd7UqtsJx4Tstv41OaS184IheHrt uKsGw9eQRzgNSJJmQQT3lMyc6CXT -----END CERTIFICATE----- -Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-49 -Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 ------BEGIN CERTIFICATE----- -MIIEvDCCA6SgAwIBAgICASMwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL -EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0MzE0WhcN -MjIxMTIzMTM0MzE0WjBdMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl -cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEYMBYGA1UEAwwPRE9E -IEVNQUlMIENBLTQ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAus23 -xtOAbfLxPh+OS8U3N/c7ZsnTNZGki6KjnEg4EVHnUKwBB1pWLeQbZTVp01dHWlxR -KyvANnk+8ozM8tucowx0q6fo5J/YteD9qHFAoWjJQpRB6Hvn2vvHvUbu7iAY5Pel -0B6A0NN/lKW26tTlim6NkV1MuCcvpCGrwH0f2TOCzkDf7IPqQDvLWOjPQP9nmNMG -nS+qCvF5F0iGFXTH1NDeI8EPvKMBQE+LgJ4PAF8eFdDo0mDE6iLfPAIXBzfYUdFk -MS3eVpJOWPzOEYeRLcWQkORvczfxN0obxSH3TGoBLB3ubELOoiqgsTF7rLKE1Kyz -Wrao15uoYf29O9jatQIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHId -gXoWqvLczmbuRcAwHQYDVR0OBBYEFGlEHxqVTqUaf4g6zHsSOSwfzxoxMA4GA1Ud -DwEB/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycw -CwYJYIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFl -AwIBAxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQF -MAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwv -RE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRw -Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsG -AQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEA -XDNkaD2Gwe4ZoWklwvAvveoOYK5s8fJbjZOjI2V1tZjIP5edw8YSvLDGTqsaDlao -28hCVhoOU0+V234p0CAGKNKID6WCR46s7uAALaaWfd4aHDzf20qYsnMrl0eKCv6F -sUtKBkIYJBjxpoaIpudRCnSmQkxweKzCGCtjWCT2MGSJro2Q0eQWTDxnJX9/v8z7 -dZ8ddZO1zgoU1xnAx9LxdrVl6H2VcB17z6t2d5TqSLM/OnuSHT7LWqYbVJERf38D -U0WSQ7VOp2x1SkInJqpewvi+0rl/yh97UoDZuS/GUkVIMFbpJkbcadiEGBINErRl -R5vQZDesBpGqUxNYuIIJbA== ------END CERTIFICATE----- Subject: /C=US/O=Entrust/OU=Certification Authorities/OU=Entrust Managed Services Root CA Issuer: /C=US/O=Entrust/OU=Certification Authorities/OU=Entrust Managed Services Root CA -----BEGIN CERTIFICATE----- @@ -2293,66 +2085,6 @@ ENHMsB3X0MJDxV8JmqT3sJ0eLGFf/4iEEZCuj5Bwk3byddnJimxXdk54Txd+vCg1 +yRLzU6xwep+SiFmZMd7kjSq3jX3Y4I2xiLpymIgX4qw28fXjA2Yq7JCb0lNTHvZ orq3DN/saJE3L1yiArkPGug8NQWXyFhIcEP+ -----END CERTIFICATE----- -Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-50 -Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 ------BEGIN CERTIFICATE----- -MIIEvDCCA6SgAwIBAgICASQwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL -EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0NTAwWhcN -MjIxMTIzMTM0NTAwWjBdMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl -cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEYMBYGA1UEAwwPRE9E -IEVNQUlMIENBLTUwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAorU5 -fwMKXKwK4SrttozvWb8Zx9g+7pGrzD+cbaZbISrTvNTi9MhDYASMo23nzG/ShHQM -c0qCc10AVUqpAfwRhm9FbphD3r30SWKQsrKeObBW63iMeB6gfhg/+zScvkJxlqj6 -x5cHglMCFQfdqjgmjtcuWIGr7cDf1WQJLGfCz6ilKH/H2no0a3AyoFEAglrUyhC5 -n0IVsmyrWY4Hy9A/0xe84hl+68cJfB4VD+8A+YrUqEgspiqzocvzcuN/GNdeD9Lw -XPqylqnF8SN0HYoHmjbimscIn86wCxARO0siWZ7hStrcbkb+cgFoY5aScdldUkni -YI2cmRy0C5jv+wAfXwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHId -gXoWqvLczmbuRcAwHQYDVR0OBBYEFGUKe10mGzDKLdz81nPHHsF/BIzIMA4GA1Ud -DwEB/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycw -CwYJYIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFl -AwIBAxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQF -MAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwv -RE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRw -Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsG -AQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEA -VnLKwRdYBaPnEONJnTpHoC4znIQMHBsEpQbR8P5j49IXtHRjCpl5PKRIwuAc+Ff3 -ixM3jv/G+LBi26G0ZNGZ4iI11rJ3TLxUqHT12/WXTuS91jePA/f3WIHkGBEFeRs+ -wiROXSAveyMAt1ThK9Bil7BYlLmpgfci7eiKHC6OlA7VZo4OrS03VZTlaaBaU5Te -+tX8XYQ7Kllh9LreXZ2Cks14oNBlS4vzOcZOpw1bamaEbIA13IsGyY/kF7LqSPW2 -b7Jy628ObLeU3a+0lm+nIkjH25FDvtfxD9+2qQHEpRaRclskwIGTmA/Tg/YrrS2Z -am9RD+6E/tsgIIlQE09NEA== ------END CERTIFICATE----- -Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-51 -Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 ------BEGIN CERTIFICATE----- -MIIEvDCCA6SgAwIBAgICASUwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL -EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0NjQ5WhcN -MjIxMTIzMTM0NjQ5WjBdMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl -cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEYMBYGA1UEAwwPRE9E -IEVNQUlMIENBLTUxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnw7P -Taj5UGSMi8whxGpPsoChGMjVQRk1Fzp9J/mPjx/oXc2MwMahK3xpE3YB86q/SeH1 -Cv5hc9Pa99HtSF/RaHAo3frFoPnRNoPDLj6ihPGmEWwMKywUgOCnTQcGSlNqR0es -tYrMTxti9bKE3uc0hgWibZYlukiGYg0UygYPS4+afMtzaBljiUWeQFrmCaEgeG3B -UvX/zgNdSqtG9KX1LjqtNZB91hIDrRUNohX5xSLxPMpojC5d391u/0GfAEXeKyAy -bPN8BdVjqJ7FlyueVKUgIAB/t/k6NO3lKEiC+QsrhrwaFI3Yme9JfRsZU8/Yhv0L -wKeJhoz3552oT0e4PwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHId -gXoWqvLczmbuRcAwHQYDVR0OBBYEFDXvECJsuhIPvcJNGeTOfY8FV1w0MA4GA1Ud -DwEB/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycw -CwYJYIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFl -AwIBAxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQF -MAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwv -RE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRw -Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsG -AQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEA -Y2UKHMi98mslNJ9qUBT8ZNGKim+nYkfLfBgdP136smJYYDcwUOXwHt3b1aOy4sXI -0BkNNS6tO5fdvZ7W4/zYFouIVnImaa8hjDiJNoAi5dYKDxkB8iOWYlAP8TZwpKNy -sbGh4EQHWWQ8wDuFcdA5/9ElnxpQ/JJzSgUOHhtGm8vrEQmmJKW0FvbGXhGydHx2 -I5GtDvGHqlpF8GFIAA5HNAaw1s5De2StEYCTS/y95naqZafCxYG62cGbHir8dp0U -KQOUQt88tTh0TAqzcLKz1OJIoIkbfpzV6XiXuL0VSob+W0peZeqTVq+w7nWP1cNr -44ligwwVjeF04L3sZKA54w== ------END CERTIFICATE----- Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-62 Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 -----BEGIN CERTIFICATE----- @@ -2901,36 +2633,6 @@ K+Lz8WhxNEXJHA9vnS2lk5k/Tw5HM9xKYGgzBS3vD7TJ552mYga52pXdL+Jicgeo 45NO+AFwQrFDdo9bQMPQ/HfXkmaRazn+fCZRa/yvb1juMH94YytSl/yuCgxcBRfh Btk6EbqrFsx3nD13jLsLMdNorzV2L0TIxg== -----END CERTIFICATE----- -Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-51 -Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 ------BEGIN CERTIFICATE----- -MIIEuTCCA6GgAwIBAgICASkwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL -EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0OTI3WhcN -MjIxMTIzMTM0OTI3WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl -cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E -IElEIENBLTUxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjjtDs/iL -TIf25t9SGGMP49gCFIYXcEtvTtc/vh+Cghf7qVwiNvUYCaGMq5q7F/pgL5xsw6Bn -iCMau2bZtLfl5xnMk2VMl2GRwUayHQ/0lyteeKid6fa8sfnlyNLh8lvPuHqQFJZX -5vpfAC24NDQCrr8YIkkNRyxJihCpj8HHYuzTplDRIpMljahhAWCsQkUqlq/5Lite -XHYA/+EnT2hspkitSU+FUIWo0FKK95oo+i2uXX8x3cXWEUCXoR23Slk5NrGTwAsf -TUd16xWA1acvksunx8eK3uOVCV02Q0sldVN19NaGm8lpoBfbtiNz3lo/j1VT558q -35LmOYWI6KzSTwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW -qvLczmbuRcAwHQYDVR0OBBYEFJ2kwVzT+WZxSaiEIwO24a8pdy2uMA4GA1UdDwEB -/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ -YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB -AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA -AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E -Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v -Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF -BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEAigQ4 -aOduTUCpDvC0ue0B0GV49B0aek8HXWKc10bPb1iUCQL2DT4aIf0u+yQqrzVpTw/x -5mVPRn2Zi2iEV5A8PsN4dReF3lblQSrSVvKFw7cq66Z8ab2ijXjpAMTJCUIOir8w -KoOV03cnVcaW0VDTH+gOslXnm95kPqdfbxJMh06Q00XfvWfRjfnB9D8ZDXbytM5X -mkZRyuUvWY+DKyJUy1HAuardaFpgA5WowjeQm9sAvx72LzaS7zmv+hxOliGXYOn7 -gbJATcT+zt1Ffwa9M19FjoQDSzWihW8P5cFRt6xVEwZHeD8VG++jcQfAujwX0v7U -hFKu8gxm3wlNXOalzA== ------END CERTIFICATE----- Subject: /DC=com/DC=evincible/CN=Exostar Federated Identity Service Signing CA 3 Issuer: /C=US/O=Exostar LLC/OU=Certification Authorities/CN=Exostar Federated Identity Service Root CA 2 -----BEGIN CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-49.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-49.pem deleted file mode 100644 index badcb806d..000000000 --- a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-49.pem +++ /dev/null @@ -1,30 +0,0 @@ -Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-49 -Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 ------BEGIN CERTIFICATE----- -MIIEvDCCA6SgAwIBAgICASMwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL -EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0MzE0WhcN -MjIxMTIzMTM0MzE0WjBdMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl -cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEYMBYGA1UEAwwPRE9E -IEVNQUlMIENBLTQ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAus23 -xtOAbfLxPh+OS8U3N/c7ZsnTNZGki6KjnEg4EVHnUKwBB1pWLeQbZTVp01dHWlxR -KyvANnk+8ozM8tucowx0q6fo5J/YteD9qHFAoWjJQpRB6Hvn2vvHvUbu7iAY5Pel -0B6A0NN/lKW26tTlim6NkV1MuCcvpCGrwH0f2TOCzkDf7IPqQDvLWOjPQP9nmNMG -nS+qCvF5F0iGFXTH1NDeI8EPvKMBQE+LgJ4PAF8eFdDo0mDE6iLfPAIXBzfYUdFk -MS3eVpJOWPzOEYeRLcWQkORvczfxN0obxSH3TGoBLB3ubELOoiqgsTF7rLKE1Kyz -Wrao15uoYf29O9jatQIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHId -gXoWqvLczmbuRcAwHQYDVR0OBBYEFGlEHxqVTqUaf4g6zHsSOSwfzxoxMA4GA1Ud -DwEB/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycw -CwYJYIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFl -AwIBAxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQF -MAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwv -RE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRw -Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsG -AQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEA -XDNkaD2Gwe4ZoWklwvAvveoOYK5s8fJbjZOjI2V1tZjIP5edw8YSvLDGTqsaDlao -28hCVhoOU0+V234p0CAGKNKID6WCR46s7uAALaaWfd4aHDzf20qYsnMrl0eKCv6F -sUtKBkIYJBjxpoaIpudRCnSmQkxweKzCGCtjWCT2MGSJro2Q0eQWTDxnJX9/v8z7 -dZ8ddZO1zgoU1xnAx9LxdrVl6H2VcB17z6t2d5TqSLM/OnuSHT7LWqYbVJERf38D -U0WSQ7VOp2x1SkInJqpewvi+0rl/yh97UoDZuS/GUkVIMFbpJkbcadiEGBINErRl -R5vQZDesBpGqUxNYuIIJbA== ------END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-50.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-50.pem deleted file mode 100644 index ac55c5b9a..000000000 --- a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-50.pem +++ /dev/null @@ -1,30 +0,0 @@ -Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-50 -Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 ------BEGIN CERTIFICATE----- -MIIEvDCCA6SgAwIBAgICASQwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL -EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0NTAwWhcN -MjIxMTIzMTM0NTAwWjBdMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl -cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEYMBYGA1UEAwwPRE9E -IEVNQUlMIENBLTUwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAorU5 -fwMKXKwK4SrttozvWb8Zx9g+7pGrzD+cbaZbISrTvNTi9MhDYASMo23nzG/ShHQM -c0qCc10AVUqpAfwRhm9FbphD3r30SWKQsrKeObBW63iMeB6gfhg/+zScvkJxlqj6 -x5cHglMCFQfdqjgmjtcuWIGr7cDf1WQJLGfCz6ilKH/H2no0a3AyoFEAglrUyhC5 -n0IVsmyrWY4Hy9A/0xe84hl+68cJfB4VD+8A+YrUqEgspiqzocvzcuN/GNdeD9Lw -XPqylqnF8SN0HYoHmjbimscIn86wCxARO0siWZ7hStrcbkb+cgFoY5aScdldUkni -YI2cmRy0C5jv+wAfXwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHId -gXoWqvLczmbuRcAwHQYDVR0OBBYEFGUKe10mGzDKLdz81nPHHsF/BIzIMA4GA1Ud -DwEB/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycw -CwYJYIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFl -AwIBAxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQF -MAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwv -RE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRw -Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsG -AQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEA -VnLKwRdYBaPnEONJnTpHoC4znIQMHBsEpQbR8P5j49IXtHRjCpl5PKRIwuAc+Ff3 -ixM3jv/G+LBi26G0ZNGZ4iI11rJ3TLxUqHT12/WXTuS91jePA/f3WIHkGBEFeRs+ -wiROXSAveyMAt1ThK9Bil7BYlLmpgfci7eiKHC6OlA7VZo4OrS03VZTlaaBaU5Te -+tX8XYQ7Kllh9LreXZ2Cks14oNBlS4vzOcZOpw1bamaEbIA13IsGyY/kF7LqSPW2 -b7Jy628ObLeU3a+0lm+nIkjH25FDvtfxD9+2qQHEpRaRclskwIGTmA/Tg/YrrS2Z -am9RD+6E/tsgIIlQE09NEA== ------END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-51.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-51.pem deleted file mode 100644 index 97629f711..000000000 --- a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-51.pem +++ /dev/null @@ -1,30 +0,0 @@ -Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-51 -Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 ------BEGIN CERTIFICATE----- -MIIEvDCCA6SgAwIBAgICASUwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL -EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0NjQ5WhcN -MjIxMTIzMTM0NjQ5WjBdMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl -cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEYMBYGA1UEAwwPRE9E -IEVNQUlMIENBLTUxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnw7P -Taj5UGSMi8whxGpPsoChGMjVQRk1Fzp9J/mPjx/oXc2MwMahK3xpE3YB86q/SeH1 -Cv5hc9Pa99HtSF/RaHAo3frFoPnRNoPDLj6ihPGmEWwMKywUgOCnTQcGSlNqR0es -tYrMTxti9bKE3uc0hgWibZYlukiGYg0UygYPS4+afMtzaBljiUWeQFrmCaEgeG3B -UvX/zgNdSqtG9KX1LjqtNZB91hIDrRUNohX5xSLxPMpojC5d391u/0GfAEXeKyAy -bPN8BdVjqJ7FlyueVKUgIAB/t/k6NO3lKEiC+QsrhrwaFI3Yme9JfRsZU8/Yhv0L -wKeJhoz3552oT0e4PwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHId -gXoWqvLczmbuRcAwHQYDVR0OBBYEFDXvECJsuhIPvcJNGeTOfY8FV1w0MA4GA1Ud -DwEB/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycw -CwYJYIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFl -AwIBAxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQF -MAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwv -RE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRw -Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsG -AQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEA -Y2UKHMi98mslNJ9qUBT8ZNGKim+nYkfLfBgdP136smJYYDcwUOXwHt3b1aOy4sXI -0BkNNS6tO5fdvZ7W4/zYFouIVnImaa8hjDiJNoAi5dYKDxkB8iOWYlAP8TZwpKNy -sbGh4EQHWWQ8wDuFcdA5/9ElnxpQ/JJzSgUOHhtGm8vrEQmmJKW0FvbGXhGydHx2 -I5GtDvGHqlpF8GFIAA5HNAaw1s5De2StEYCTS/y95naqZafCxYG62cGbHir8dp0U -KQOUQt88tTh0TAqzcLKz1OJIoIkbfpzV6XiXuL0VSob+W0peZeqTVq+w7nWP1cNr -44ligwwVjeF04L3sZKA54w== ------END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-52.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-52.pem deleted file mode 100644 index dbe07dfcf..000000000 --- a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-52.pem +++ /dev/null @@ -1,30 +0,0 @@ -Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-52 -Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 ------BEGIN CERTIFICATE----- -MIIEvDCCA6SgAwIBAgICASYwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL -EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0NzI4WhcN -MjIxMTIzMTM0NzI4WjBdMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl -cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEYMBYGA1UEAwwPRE9E -IEVNQUlMIENBLTUyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw4pb -qFZ5LPm9gcWT24lCj8yLQHYdzntTWgMqPVyveG88rA+bXiAWO6zWUsjPlYQHfxiN -qTZemKgK8OUkVQA4oiQ59EzcNiRsZp1hy7nvDpFcW/0WJzHY5M84ThI57zRH20Ac -iNw1DB7XmR5yJFKTFusipWgsqwWRTtpJlLGJXhTHyG6aNxP6HEXbTLAM4x/0LM9Z -Q2yYihUufgtJYGeLapNb1pPLsPVchhJOQjLFyp3Kx9W1xfjUFftE9FQAwCBJHyC7 -tFMk6DlITy4s7ptst1nNbPYdzGmiix/P7+I702Yn8H3YbmhFD3d+fkhCXqsjio0y -0wWFDaa6vmm3RqF1GQIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHId -gXoWqvLczmbuRcAwHQYDVR0OBBYEFOlmDFyb4lpKsgM2NP18yab4qwc5MA4GA1Ud -DwEB/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycw -CwYJYIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFl -AwIBAxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQF -MAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwv -RE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRw -Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsG -AQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEA -dYEfuTkBoJLwzyIZ/lrxB3ECCes2zWMLe1RsRrQ3QUhkeLcqxxwG1z+UbbmWkrSS -JS0Q1XeLRiT7P1x+ycs1Gvoy5V4CFOryb5eNaDpOclJdXOiRjOGvS0wSeSLGnT/d -lRPrQZcoEm+DFvtSMasu/zR8DnaepKpWLvyFXwvoimvsQVvz4tOS2o4u400KLPBo -MQbTwpDmk39wxf4Aq4m8hznf2BhAy20YH6jY08gXg0pNDVh4CZIxyF2gmE0TDXPv -sx77lxYKW3Bx0ZxHIcfBKifjSiTrGlLeEP9LfEQdpCjJqhG/3BFy6flzwJDEHqHH -swhN9DCJn+3xTeq25PUXPg== ------END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-49.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-49.pem deleted file mode 100644 index d0002c3bc..000000000 --- a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-49.pem +++ /dev/null @@ -1,30 +0,0 @@ -Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-49 -Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 ------BEGIN CERTIFICATE----- -MIIEuTCCA6GgAwIBAgICAScwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL -EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0ODE1WhcN -MjIxMTIzMTM0ODE1WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl -cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E -IElEIENBLTQ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2EngKIwP -Cl9+dsIByO2uONNLKhpnFypBAE+LM8+kekt4/HG6StaU/fmqFTRiVI0Uh+td9BWe -8NXOYrhQRo6FVSxBkLtWZX8Px2IHxiqQ1lnrZK9UlCo8h3MPpiN8VEjH2bP/WSa0 -oZEWzEDKLB5tSKerddc+QL2uEHb+Gfym6i+5qPOLXjV00FY24FdNOyHaRjQTM/Lf -sjWoFItHTKp5B9QogdKnyg+WkAARYtbd1nqtDXv6Fph5HaT39SEnRhc+lkrRDpDY -c+HAU6Xywik+stgv2yFk1MhFpF5/rndEwMLIST0+lSpahJKGmYtg1VKcnDcq5CER -C31gl6Yr7ffjAwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW -qvLczmbuRcAwHQYDVR0OBBYEFNhnk8pG3MmVppSzBBicziU6lhxNMA4GA1UdDwEB -/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ -YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB -AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA -AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E -Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v -Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF -BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEATmfP -QPkolF5PB0fS/9DrngX0tmdSwlidBtrkY6vL/V7IMKqJk7r+hHW6k9+nxijHFj6Y -J1+4ElpH/PwWPsqwVIshQxECvJKfo3OfN3a8Mn6Hog5kXJl5dMb0vJOpWQ9UhmG2 -m9UUZ9847wSlbW0vMHL0puuTso0365vilPO5JkapEXcFXdc3LDxXW8BR5NHyaN3V -mvfD/qAqe4BiBx2+WAxsolTJQ5IMjG5tIN7WE6VJdUAm6EIgbuFfvG1KiWQJLHkL -XdTvwdUTqX9JQYswfvoCwvHRh+I2mZX+/iH5HKLcaxqW8b9JnHCtfMSBZqLdI3nG -IBw48tRul8lbrg0mJw== ------END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-50.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-50.pem deleted file mode 100644 index 3ec32dfea..000000000 --- a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-50.pem +++ /dev/null @@ -1,30 +0,0 @@ -Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-50 -Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 ------BEGIN CERTIFICATE----- -MIIEuTCCA6GgAwIBAgICASgwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL -EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0ODQ3WhcN -MjIxMTIzMTM0ODQ3WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl -cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E -IElEIENBLTUwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy1ncM1bN -JJHiu1Bh5jQ8r+Y1L2pvw+6YDLGE71z5gquBqisOC6XLKffKdBSF2U55vvp0m5J8 -WdF5DSfyfdAJ7S1HlzFYVW+0KjGLELKV5tWZh/aXu8V85ZaaYkvJeeEU5cIYWLKK -RAr1iygwnslhy1Kb7xhYV7gLYc29Wm1EgZiJ2Xm9M11FIauo40EXmQFniz4FLE/S -4JB1lbYiP1jGa4zJrdnec1k65tZk/K4hdi2diS+9mEUz3PWrzNqjrHKxFocnh9qS -NGqJfyfXxXgKTrZw2UG83IxHKvIpMPodX4SYUwRm5HRbrG6c1Fx12NC2go16w3dD -ilH+aUduTNpmFQIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW -qvLczmbuRcAwHQYDVR0OBBYEFDYuUt50qp7sux+T0b62ULXGaQv5MA4GA1UdDwEB -/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ -YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB -AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA -AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E -Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v -Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF -BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEAbAli -o7+gWX5YytmPMD9ic+aX2s0NaSdSauFYmb6khtN0CCocIqTI/TyfRJTjhI6wRNoa -ckcjVa5H3EOp4vOrtLN4TxbhNqdE+IHafWE4/btDstI5PrA2hlFZb1zvM5EQC8u0 -BZQ/DqyShOjypvxldvol6UGjys7wecPxt3cBJC7uroY+nqfxHnOIxRFoJGdC7pSm -f90/uDcX87oCbK/FrzJBO+/V2lGHiByC7ahcP59a4Xd69lHSMtRWquclAyBEy1Mx -p7Bx/v5kCpv14JE6SBlYEwhFrTt4aT49FQEQ9aJFKRv7j20sS/6wxPzGx24HE0Gb -XwusK9jo5skGLLUC3g== ------END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-51.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-51.pem deleted file mode 100644 index a0b406554..000000000 --- a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-51.pem +++ /dev/null @@ -1,30 +0,0 @@ -Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-51 -Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 ------BEGIN CERTIFICATE----- -MIIEuTCCA6GgAwIBAgICASkwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL -EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0OTI3WhcN -MjIxMTIzMTM0OTI3WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl -cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E -IElEIENBLTUxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjjtDs/iL -TIf25t9SGGMP49gCFIYXcEtvTtc/vh+Cghf7qVwiNvUYCaGMq5q7F/pgL5xsw6Bn -iCMau2bZtLfl5xnMk2VMl2GRwUayHQ/0lyteeKid6fa8sfnlyNLh8lvPuHqQFJZX -5vpfAC24NDQCrr8YIkkNRyxJihCpj8HHYuzTplDRIpMljahhAWCsQkUqlq/5Lite -XHYA/+EnT2hspkitSU+FUIWo0FKK95oo+i2uXX8x3cXWEUCXoR23Slk5NrGTwAsf -TUd16xWA1acvksunx8eK3uOVCV02Q0sldVN19NaGm8lpoBfbtiNz3lo/j1VT558q -35LmOYWI6KzSTwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW -qvLczmbuRcAwHQYDVR0OBBYEFJ2kwVzT+WZxSaiEIwO24a8pdy2uMA4GA1UdDwEB -/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ -YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB -AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA -AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E -Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v -Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF -BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEAigQ4 -aOduTUCpDvC0ue0B0GV49B0aek8HXWKc10bPb1iUCQL2DT4aIf0u+yQqrzVpTw/x -5mVPRn2Zi2iEV5A8PsN4dReF3lblQSrSVvKFw7cq66Z8ab2ijXjpAMTJCUIOir8w -KoOV03cnVcaW0VDTH+gOslXnm95kPqdfbxJMh06Q00XfvWfRjfnB9D8ZDXbytM5X -mkZRyuUvWY+DKyJUy1HAuardaFpgA5WowjeQm9sAvx72LzaS7zmv+hxOliGXYOn7 -gbJATcT+zt1Ffwa9M19FjoQDSzWihW8P5cFRt6xVEwZHeD8VG++jcQfAujwX0v7U -hFKu8gxm3wlNXOalzA== ------END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-52.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-52.pem deleted file mode 100644 index caff9d9ef..000000000 --- a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-52.pem +++ /dev/null @@ -1,30 +0,0 @@ -Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-52 -Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 ------BEGIN CERTIFICATE----- -MIIEuTCCA6GgAwIBAgICASowDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL -EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0OTU3WhcN -MjIxMTIzMTM0OTU3WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl -cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E -IElEIENBLTUyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAltzcMp2O -02t+fwd7rTlugoKqYF8eo/3M+JVdppPAHTiJVaVt0JSeM4xyZsKNoPBoFW/yshnx -lRv/LyNx0VBbn+4mJ7Ea1U4FBPxCSZ68VYqKdV64UMhndawVBJM3Oy8Y3ZxPldTD -f9ApCg4dZXSEiSnShO8YuphrNbYAd6YrdUn1IhDAhw90VTU3GMLru4vx60vFHscW -eZHpHfET8AsClbAyqu65bsa1+o0XvGLQy2GTMzEVaR1NhYVWKRSwgqW57gbE8pV+ -63WYNwi8XIr/2TaJ5GvgBVCbgJWAwsSfFTz21ZqOou0d5xYu79iIIue5DEoRW1bm -qserHNG7gsMvHwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW -qvLczmbuRcAwHQYDVR0OBBYEFJroUayRVNeUmgRI+iJ5/8bV7oYrMA4GA1UdDwEB -/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ -YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB -AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA -AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E -Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v -Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF -BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEAkxvd -sbOh2zGZCsj3nu9fHEMClJVtK4kJzPJZPi44gdSn+U8X5lbtT0kxsRrqCAZntlgQ -mp+DxnQClr35fjao3wF79nQaIOP2789a9VWZgyJfPrV2KLsxAH4/oOd2ZYdUtHfC -lbfZwbpxFulBqPWxysKQOx3XC/3LszCR0YFqbV/c5hBRB1A4sWBlF8KRGQyKdAyc -K7PrLcSMnLq04ugd5MfYWuJjJx/USNNWlil/LzqyCFzxPp4nGBB8y8s2LcZyvofh -HIBN9qxl3+EXcJyeyqyNiVZcgJi+DLSmBCckb2J6lN9tbGWV02WK+8OiAiZ31CfJ -/sezZ58EZayGYS031Q== ------END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-53.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-53.pem deleted file mode 100644 index 37fee6b84..000000000 --- a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-53.pem +++ /dev/null @@ -1,29 +0,0 @@ -Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD SW CA-53 -Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 ------BEGIN CERTIFICATE----- -MIIEjzCCA3egAwIBAgICASswDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL -EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM1MDM1WhcN -MjIxMTIzMTM1MDM1WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl -cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E -IFNXIENBLTUzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwTewS9iv -ChYtMvNBYEOjVcVqr+3VOAEgyjt7ieJUVPrFDgtL9Sz+eXX+uBXkJwYjS0gtex6L -RuNtdcLkukoJu34ZxnfUwc8rgTwNV8VtIyI2GJq/u/FjGwK8fHkzslOzwF8KoA6N -NTYvKy9XohBDrrYGpRq/RuDttVfiJ4Yvcii5J6+uZTvT9035EksqjV7A+sJkFVqI -3MZ83kN9O0ZJf4dEj4h4DKqQYHTRrpy/BL4pTGxmSpnQHne63ToqsoZntTYCYhB5 -6izOakbsUTYVauwYqlNVf0j20IwcZibztp7wqV2NgGzA81LndhYLQh+8KsDabTSV -sZMvLHfEAeLdhwIDAQABo4IBXDCCAVgwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW -qvLczmbuRcAwHQYDVR0OBBYEFFHEizOZlMB+uzYd4+I6Bb0ydJ1TMA4GA1UdDwEB -/wQEAwIBhjA9BgNVHSAENjA0MAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ -YIZIAWUCAQsqMAsGCWCGSAFlAgELOzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1Ud -JAQFMAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9j -cmwvRE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5o -dHRwOi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAG -CCsGAQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOC -AQEACZtxX9lr6sye0RUSOLYzLCU4jVDNSQgz3qq8Kk7dJ97GdsuBzACcCIwFDpNd -tjMtD+mwNjgfeRY5ovyMEH3ZzVhIqGpQo4WLeE+bjy3fNcU3rsb2SHNaEpRddWQ3 -jnOc3jlyg/sHaR6Jg4JfQ1G9za46AReVa1nJLHjt/BO5m/3D4iJmpJvq2Qp6N4eF -a2VL6s8uAZKnLCocjZU2B3wYZMyaSgppaE4TOe/Hc5HJw245/cFLUL8I02iYfv9E -KQDuTGqNzGrBuKp9LMpRrBWb0boFrZaONcVXjtCqi05fo1Fd/JhuvfraTpgxmVXi -1OvgVGwq5lsxW2pbjSpBFebaRw== ------END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-54.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-54.pem deleted file mode 100644 index 59b66acb3..000000000 --- a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-54.pem +++ /dev/null @@ -1,29 +0,0 @@ -Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD SW CA-54 -Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 ------BEGIN CERTIFICATE----- -MIIEjzCCA3egAwIBAgICASwwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL -EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM1MTI4WhcN -MjIxMTIzMTM1MTI4WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl -cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E -IFNXIENBLTU0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq0wnaj/j -ZzXRnZnNDN5rMZW7OmPPcrG+8IQW6oHretQqvj/HCnAyX3sl5TvT6bLCG4UfLBAx -4VRCvpsVW9fME/43E+N8pyUDjlhYe8BHO9e0RfbVjMgDh6tLagvjN3MfThg8E94C -6TRisdifkP6WonplO1sbv8YD49GjmBWLs8KtU3xzw/StQrwNfymY8aW4lXJQa/Ca -+FXzz/tRh7Mclrlz6QCzgdHAliWK4s5tsXDxeZls2/tvTaZQCVCiyccDdc//lYzL -UIwg3lnPcoV6CPhhw+QW4q42Y4oSu48Z9g/fAvqhrK1U0S9mHl1vWLDTHI3hkwmd -T/O2WgKh8nvx8wIDAQABo4IBXDCCAVgwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW -qvLczmbuRcAwHQYDVR0OBBYEFLC3KL8sBImKdCavqhOMAhBVgXmxMA4GA1UdDwEB -/wQEAwIBhjA9BgNVHSAENjA0MAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ -YIZIAWUCAQsqMAsGCWCGSAFlAgELOzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1Ud -JAQFMAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9j -cmwvRE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5o -dHRwOi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAG -CCsGAQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOC -AQEAZF047yS8bq8lkMpoxFrJjmbdD1TNpjnWRmImQ32uPwNkrDbspNJ4GdqAh3N6 -ueIMcPUSmrIEs9GRZGJzOeTQ6tcQKCyWy+npsI1DQ/k5Xz0H375Bw17gnq2Bpjdy -s8zeg8I+2lDOjSNr7RgVWWB+2sVWXdvILx4Wkh6vX57uEud046HBmc4NeDiHAer8 -NIac5A7e379NRyuusNGXkAm3g7GsE/Y7MrFsKKsMlHb+gFXVgD0DBhtF22YqmA/R -QvTz7Ij1AD++Gv5I4IIzJFMryN6ED6XduWcTtk9Cnf0uY0z+VY8RFw9nOkECFc2b -BA8L2LlruBOzMWbFy4kH7G/hrA== ------END CERTIFICATE----- From 68a02aa8b84e19ae53a5122c7810a506a12504c7 Mon Sep 17 00:00:00 2001 From: Mitchell Henke Date: Thu, 14 Sep 2023 09:45:56 -0500 Subject: [PATCH 10/11] Update CI Image (#406) --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index f04f0dc8b..6b49bdedd 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -6,7 +6,7 @@ variables: ECR_REGISTRY: '${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com' IDP_WORKER_IMAGE_TAG: 'main' - PIVCAC_CI_SHA: 'sha256:1b280037c653d00685e10890afe01f83c943ed409a810c398ee9dcb90cdfbd11' + PIVCAC_CI_SHA: 'sha256:41c2b811ee61aa06c662e2d631812cda04d06a0dd15e177ec04997dcaeb1cc9c' CI: 'true' default: From c92bec0e4c3cfbe0a31de6c462b72605f277f26f Mon Sep 17 00:00:00 2001 From: "timothy.spencer" Date: Wed, 11 Sep 2024 21:03:58 +0000 Subject: [PATCH 11/11] This is to get an image that we can use in kubernetes-land in a production-like way. * Add prod pivcac image * Make sure image is largely read-only to the app user * Add RDS cert bundle * Add nginx image * make prod pivcac image and nginx images be built automatically by gitlab --- .gitlab-ci.yml | 80 +++++++++++++++++++ Dockerfile | 79 ++++++++++++++++-- Gemfile.lock | 2 +- k8.Dockerfile | 8 +- k8files/nginx-prod.conf | 172 ++++++++++++++++++++++++++++++++++++++++ k8files/update-ips.sh | 21 +++++ nginx.Dockerfile | 11 +++ prod.Dockerfile | 153 +++++++++++++++++++++++++++++++++++ 8 files changed, 513 insertions(+), 13 deletions(-) create mode 100644 k8files/nginx-prod.conf create mode 100755 k8files/update-ips.sh create mode 100644 nginx.Dockerfile create mode 100644 prod.Dockerfile diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 2b34e26e7..2d4d55bda 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -210,6 +210,86 @@ build-pivcac-image: --compressed-caching=false --build-arg "http_proxy=${http_proxy}" --build-arg "https_proxy=${https_proxy}" --build-arg "no_proxy=${no_proxy}" +# Build a container image async, and don't block CI tests +# Cache intermediate images for 1 week (168 hours) +build-prod-pivcac-image: + stage: review + needs: [] + interruptible: true + variables: + BRANCH_TAGGING_STRING: "" + rules: + - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH + variables: + BRANCH_TAGGING_STRING: "--destination ${ECR_REGISTRY}/identity-pivcac/review:main" + - if: $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH + - if: $CI_PIPELINE_SOURCE != "merge_request_event" + when: never + tags: + - build-pool + image: + name: gcr.io/kaniko-project/executor:debug + entrypoint: [''] + script: + - mkdir -p /kaniko/.docker + - |- + KANIKOCFG="\"credsStore\":\"ecr-login\"" + if [ "x${http_proxy}" != "x" -o "x${https_proxy}" != "x" ]; then + KANIKOCFG="${KANIKOCFG}, \"proxies\": { \"default\": { \"httpProxy\": \"${http_proxy}\", \"httpsProxy\": \"${https_proxy}\", \"noProxy\": \"${no_proxy}\"}}" + fi + KANIKOCFG="{ ${KANIKOCFG} }" + echo "${KANIKOCFG}" > /kaniko/.docker/config.json + - >- + /kaniko/executor + --context "${CI_PROJECT_DIR}" + --dockerfile "${CI_PROJECT_DIR}/prod.Dockerfile" + --destination "${ECR_REGISTRY}/identity-pivcac/pivcac:${CI_COMMIT_SHA}" + ${BRANCH_TAGGING_STRING} + --cache-repo="${ECR_REGISTRY}/identity-pivcac/pivcac/cache" + --cache-ttl=168h + --cache=true + --compressed-caching=false + --build-arg "http_proxy=${http_proxy}" --build-arg "https_proxy=${https_proxy}" --build-arg "no_proxy=${no_proxy}" + +build-prod-nginx-image: + stage: review + needs: [] + interruptible: true + variables: + BRANCH_TAGGING_STRING: "" + rules: + - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH + variables: + BRANCH_TAGGING_STRING: "--destination ${ECR_REGISTRY}/identity-pivcac/review:main" + - if: $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH + - if: $CI_PIPELINE_SOURCE != "merge_request_event" + when: never + tags: + - build-pool + image: + name: gcr.io/kaniko-project/executor:debug + entrypoint: [''] + script: + - mkdir -p /kaniko/.docker + - |- + KANIKOCFG="\"credsStore\":\"ecr-login\"" + if [ "x${http_proxy}" != "x" -o "x${https_proxy}" != "x" ]; then + KANIKOCFG="${KANIKOCFG}, \"proxies\": { \"default\": { \"httpProxy\": \"${http_proxy}\", \"httpsProxy\": \"${https_proxy}\", \"noProxy\": \"${no_proxy}\"}}" + fi + KANIKOCFG="{ ${KANIKOCFG} }" + echo "${KANIKOCFG}" > /kaniko/.docker/config.json + - >- + /kaniko/executor + --context "${CI_PROJECT_DIR}" + --dockerfile "${CI_PROJECT_DIR}/nginx.Dockerfile" + --destination "${ECR_REGISTRY}/identity-pivcac/nginx:${CI_COMMIT_SHA}" + ${BRANCH_TAGGING_STRING} + --cache-repo="${ECR_REGISTRY}/identity-pivcac/pivcac/cache" + --cache-ttl=168h + --cache=true + --compressed-caching=false + --build-arg "http_proxy=${http_proxy}" --build-arg "https_proxy=${https_proxy}" --build-arg "no_proxy=${no_proxy}" + review-app: stage: review allow_failure: true diff --git a/Dockerfile b/Dockerfile index 440c1efe0..d7613a141 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,27 @@ # Use the official Ruby image because the Rails images have been deprecated -FROM logindotgov/build as build +FROM ruby:3.3.1-slim as build + +RUN apt-get update && \ + apt-get install -y \ + git-core \ + build-essential \ + git-lfs \ + curl \ + zlib1g-dev \ + libssl-dev \ + libreadline-dev \ + libyaml-dev \ + libsqlite3-dev \ + sqlite3 \ + libxml2-dev \ + libxslt1-dev \ + libcurl4-openssl-dev \ + software-properties-common \ + libffi-dev \ + libpq-dev \ + xz-utils \ + unzip && \ + rm -rf /var/lib/apt/lists/* # Everything happens here from now on WORKDIR /pivcac @@ -9,20 +31,61 @@ COPY Gemfile* ./ RUN gem install bundler --conservative && \ bundle install --without deploy production -# Copy everything else over -COPY . . +# Generate and place SSL certificates for puma +RUN mkdir -p /pivcac/keys +RUN openssl req -x509 -sha256 -nodes -newkey rsa:2048 -days 1825 \ + -keyout /pivcac/keys/localhost.key \ + -out /pivcac/keys/localhost.crt \ + -subj "/C=US/ST=Fake/L=Fakerton/O=Dis/CN=localhost" && \ + chmod 644 /pivcac/keys/localhost.key /pivcac/keys/localhost.crt + +# Download RDS Combined CA Bundle +RUN mkdir -p /usr/local/share/aws \ + && curl https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem > /usr/local/share/aws/rds-combined-ca-bundle.pem \ + && chmod 644 /usr/local/share/aws/rds-combined-ca-bundle.pem + # Switch to base image -FROM logindotgov/base +FROM ruby:3.3.1-slim WORKDIR /pivcac +RUN apt-get update && \ + apt-get install -y \ + curl \ + zlib1g-dev \ + libssl-dev \ + libreadline-dev \ + libyaml-dev \ + libxml2-dev \ + libxslt1-dev \ + libcurl4-openssl-dev \ + libffi-dev \ + libpq-dev && \ + rm -rf /var/lib/apt/lists/* + # Copy Gems, NPMs, and other relevant items from build layer -COPY --chown=appuser:appuser --from=build /pivcac . +COPY --from=build /pivcac . # Copy in whole source (minus items matched in .dockerignore) -COPY --chown=appuser:appuser . . +COPY . . + +# Create a new user and set up the working directory +RUN addgroup --gid 1000 app && \ + adduser --uid 1000 --gid 1000 --disabled-password --gecos "" app && \ + mkdir -p /pivcac && \ + mkdir -p /pivcac/tmp/pids && \ + mkdir -p /pivcac/log + +# make everything the proper perms after everything is initialized +RUN chown -R app:app /pivcac/tmp && \ + chown -R app:app /pivcac/log && \ + find /pivcac -type d | xargs chmod 755 + +# get rid of suid/sgid binaries +RUN find / -perm /4000 -type f | xargs chmod u-s +RUN find / -perm /2000 -type f | xargs chmod g-s -USER appuser +USER app EXPOSE 8443 -CMD ["bundle", "exec", "rackup", "config.ru", "--host", "ssl://localhost:8443?key=config/local-certs/server.key&cert=config/local-certs/server.crt"] +CMD ["bundle", "exec", "rackup", "config.ru", "--host", "ssl://0.0.0.0:3000?key=/pivcac/keys/localhost.key&cert=/pivcac/keys/localhost.crt"] diff --git a/Gemfile.lock b/Gemfile.lock index a2bb377f3..d8fbe290f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -260,7 +260,7 @@ GEM regexp_parser (2.7.0) request_store (1.5.1) rack (>= 1.4) - rexml (3.3.3) + rexml (3.3.6) strscan rgl (0.5.6) lazy_priority_queue (~> 0.1.0) diff --git a/k8.Dockerfile b/k8.Dockerfile index 250c80f46..099a8bfa6 100644 --- a/k8.Dockerfile +++ b/k8.Dockerfile @@ -21,13 +21,13 @@ ENV TZ=Etc/UTC RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone # Install dependencies -RUN apt-get update && apt-get install -y \ +RUN apt-get update && apt-get install -y \ build-essential \ cron \ - curl \ + curl \ gettext-base \ git-core \ - tar \ + tar \ unzip \ jq \ libcurl4-openssl-dev \ @@ -99,7 +99,7 @@ COPY --chmod=644 ./k8files/status.conf /opt/nginx/conf/sites.d/ COPY ./k8files/pivcac.conf /opt/nginx/conf/sites.d/pivcac.conftemp # Download RDS Combined CA Bundles -RUN wget -P /usr/local/share/aws/ https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem +RUN wget -P /usr/local/share/aws/ https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem # Create cron jobs RUN echo '* */4 * * * websrv flock -n /tmp/update_cert_revocations.lock -c /usr/local/bin/update_cert_revocations' > /etc/cron.d/update_cert_revocations; \ diff --git a/k8files/nginx-prod.conf b/k8files/nginx-prod.conf new file mode 100644 index 000000000..416475ba4 --- /dev/null +++ b/k8files/nginx-prod.conf @@ -0,0 +1,172 @@ +#user nginx; +worker_processes 2; +worker_rlimit_nofile 2048; +pid /var/run/nginx.pid; +daemon off; +load_module /usr/lib/nginx/modules/ngx_http_headers_more_filter_module.so; + + +events { + worker_connections 1024; +} + +http { + include mime.types; + default_type application/octet-stream; + + sendfile on; + tcp_nopush off; + keepalive_timeout 60 50; + gzip on; + gzip_types text/plain text/css application/xml application/javascript application/json image/jpg image/jpeg image/png image/gif image/svg+xml font/woff2 woff2; + + # Timeouts definition + client_body_timeout 10; + client_header_timeout 10; + send_timeout 10; + # Set buffer size limits + client_body_buffer_size 1k; + client_header_buffer_size 1k; + client_max_body_size 20k; + large_client_header_buffers 2 20k; + # Limit connections + limit_conn addr 20; + limit_conn_status 429; + limit_conn_zone $binary_remote_addr zone=addr:5m; + # Disable sending server info and versions + server_tokens off; + more_clear_headers Server; + more_clear_headers X-Powered-By; + # Prevent clickJacking attack + add_header X-Frame-Options SAMEORIGIN; + # Disable content-type sniffing + add_header X-Content-Type-Options nosniff; + # Enable XSS filter + add_header X-XSS-Protection "1; mode=block"; + + # Enables nginx to check multiple set_real_ip_from lines + real_ip_recursive on; + + real_ip_header X-Forwarded-For; + + # Exclude all private IPv4 space from client source calculation when + # processing the X-Forewarded-For header + set_real_ip_from 10.0.0.0/8; + set_real_ip_from 100.64.0.0/10; + set_real_ip_from 172.16.0.0/12; + set_real_ip_from 192.168.0.0/16; + # TODO - IPv6 CIDR for VPCs will require autoconfiguration + + # Add CloudFront source address ranges to trusted CIDR range for real ip computation + include /etc/nginx/cloudfront-ips.conf; + + # logging + access_log /dev/stdout; + error_log /dev/stdout info; + + # Specify a key=value format useful for machine parsing + log_format kv escape=json + '{' + '"time": "$time_local", ' + '"hostname": "$host", ' + '"dest_port": "$server_port", ' + '"dest_ip": "$server_addr", ' + '"src": "$remote_addr", ' + '"src_ip": "$realip_remote_addr", ' + '"user": "$remote_user", ' + '"protocol": "$server_protocol", ' + '"http_method": "$request_method", ' + '"status": "$status", ' + '"bytes_out": "$body_bytes_sent", ' + '"bytes_in": "$request_length", ' + '"http_referer": "$http_referer", ' + '"http_user_agent": "$http_user_agent", ' + '"nginx_version": "$nginx_version", ' + '"http_cloudfront_viewer_address": "$http_cloudfront_viewer_address", ' + '"http_cloudfront_viewer_http_version": "$http_cloudfront_viewer_http_version", ' + '"http_cloudfront_viewer_tls": "$http_cloudfront_viewer_tls", ' + '"http_cloudfront_viewer_country": "$http_cloudfront_viewer_country", ' + '"http_cloudfront_viewer_country_region": "$http_cloudfront_viewer_country_region", ' + '"http_x_forwarded_for": "$http_x_forwarded_for", ' + '"http_x_amzn_trace_id": "$http_x_amzn_trace_id", ' + '"response_time": "$upstream_response_time", ' + '"request_time": "$request_time", ' + '"request": "$request", ' + '"tls_protocol": "$ssl_protocol", ' + '"tls_cipher": "$ssl_cipher", ' + '"uri_path": "$uri", ' + '"uri_query": "$query_string",' + '"log_filename": "nginx_access.log"' + '}'; + + # Get $status_reason variable, a human readable version of $status + include status-map.conf; + + # Set HSTS header only if not already set by app. Some clients get unhappy if + # you set multiple Strict-Transport-Security headers. + # https://serverfault.com/a/598106 + map $upstream_http_strict_transport_security $sts_value { + '' "max-age=31536000; preload"; + } + + # Always add a HSTS header - This is still inside the http block, so will not + # conflict with headers set in nginx.conf + add_header Strict-Transport-Security $sts_value always; + + server { + listen 8443 ssl; + server_name _; + access_log /dev/stdout kv; + + ssl_certificate /keys/tls.crt; + ssl_certificate_key /keys/tls.key; + ssl_client_certificate /etc/nginx/ficam_bundle.pem; + ssl_verify_client optional_no_ca; # on; + ssl_verify_depth 10; + + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!ECDHE-RSA-AES256-SHA384:!ECDHE-RSA-AES256-SHA:!DHE-RSA-AES256-SHA256:!DHE-RSA-AES256-SHA'; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_prefer_server_ciphers on; + ssl_protocols TLSv1.2; + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 5m; + ssl_stapling on; + ssl_stapling_verify on; + proxy_buffer_size 32k; + proxy_buffers 8 32k; + proxy_busy_buffers_size 64k; + + location ~* \.(html|txt|ico|png|json)$ { + root "/srv"; + try_files $uri @backend; + } + + location / { + proxy_pass https://0.0.0.0:3000; + + proxy_set_header X-Real-Host $host; + proxy_set_header X-Real-Ip $remote_addr; + proxy_set_header X-Real-Proto https; + proxy_set_header X-Client-Verify $ssl_client_verify; + proxy_set_header X-Client-S-Dn $ssl_client_s_dn; + proxy_set_header X-Client-I-Dn $ssl_client_i_dn; + proxy_set_header X-Client-Serial $ssl_client_serial; + proxy_set_header X-Client-Fingerprint $ssl_client_fingerprint; + proxy_set_header X-Client-Cert $ssl_client_escaped_cert; + } + + location @backend { + proxy_pass https://0.0.0.0:3000; + + proxy_set_header X-Real-Host $host; + proxy_set_header X-Real-Ip $remote_addr; + proxy_set_header X-Real-Proto https; + proxy_set_header X-Client-Verify $ssl_client_verify; + proxy_set_header X-Client-S-Dn $ssl_client_s_dn; + proxy_set_header X-Client-I-Dn $ssl_client_i_dn; + proxy_set_header X-Client-Serial $ssl_client_serial; + proxy_set_header X-Client-Fingerprint $ssl_client_fingerprint; + proxy_set_header X-Client-Cert $ssl_client_escaped_cert; + } + } +} diff --git a/k8files/update-ips.sh b/k8files/update-ips.sh new file mode 100755 index 000000000..102c2ee86 --- /dev/null +++ b/k8files/update-ips.sh @@ -0,0 +1,21 @@ +#!/bin/sh +# +# This script updates the ips.conf file so that we have +# up-to-date cloudfront IP information. +# +set -e + +IPS_CONF="/etc/nginx/cloudfront-ips.conf" +echo "Updating $IPS_CONF" + +rm -f "$IPS_CONF" +echo '# cloudfront IP ranges' > $IPS_CONF +echo '# ' >> $IPS_CONF + +curl -s https://ip-ranges.amazonaws.com/ip-ranges.json | jq -r '.prefixes[] | select(.service=="CLOUDFRONT_ORIGIN_FACING") | .ip_prefix' | while read i ; do + echo "set_real_ip_from $i;" >> $IPS_CONF +done + +curl -s https://ip-ranges.amazonaws.com/ip-ranges.json | jq -r '.ipv6_prefixes[] | select(.service=="CLOUDFRONT") | .ipv6_prefix' | while read i ; do + echo "set_real_ip_from $i;" >> $IPS_CONF +done diff --git a/nginx.Dockerfile b/nginx.Dockerfile new file mode 100644 index 000000000..c79e52043 --- /dev/null +++ b/nginx.Dockerfile @@ -0,0 +1,11 @@ +FROM public.ecr.aws/docker/library/alpine:3 + +RUN apk add --no-cache jq curl nginx nginx-mod-http-headers-more + +COPY ./k8files/update-ips.sh /update-ips.sh +COPY ./k8files/nginx-prod.conf /etc/nginx/nginx.conf +COPY ./k8files/status-map.conf /etc/nginx/ +COPY ./config/cert_bundles/ficam_bundle.pem /etc/nginx/ +RUN /update-ips.sh + +ENTRYPOINT ["/usr/sbin/nginx"] diff --git a/prod.Dockerfile b/prod.Dockerfile new file mode 100644 index 000000000..b6e740240 --- /dev/null +++ b/prod.Dockerfile @@ -0,0 +1,153 @@ +# this part builds everything +FROM ruby:3.3.4-slim-bullseye as builder + +# Set environment variables +ENV RAILS_ROOT /app +ENV RAILS_ENV production +ENV BUNDLE_PATH /app/vendor/bundle +ENV NGINX_VERSION 1.22.0 + +# Install dependencies +RUN apt-get update && apt-get install -y \ + build-essential \ + curl \ + gettext-base \ + git-core \ + tar \ + unzip \ + jq \ + libcurl4-openssl-dev \ + libjemalloc-dev \ + libpcre3 \ + libpcre3-dev \ + libssl-dev \ + libpq-dev \ + patch \ + python3 \ + python3-pip \ + python3-venv \ + util-linux \ + wget \ + && rm -rf /var/lib/apt/lists/* + +# Download RDS Combined CA Bundle +RUN mkdir -p /usr/local/share/aws \ + && curl https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem > /usr/local/share/aws/rds-combined-ca-bundle.pem \ + && chmod 644 /usr/local/share/aws/rds-combined-ca-bundle.pem + +# Create working directory +WORKDIR $RAILS_ROOT + +# do a bundle install +COPY .ruby-version $RAILS_ROOT/.ruby-version +COPY Gemfile $RAILS_ROOT/Gemfile +COPY Gemfile.lock $RAILS_ROOT/Gemfile.lock +RUN bundle config build.nokogiri --use-system-libraries +RUN bundle config set --local deployment 'true' +RUN bundle config set --local path $BUNDLE_PATH +RUN bundle config set --local without 'deploy development doc test' +RUN bundle install --jobs $(nproc) +RUN bundle binstubs --all + + + +##################################################### +# here is where the actual image gets built +FROM ruby:3.3.4-slim-bullseye + +SHELL ["/bin/bash", "-c"] + +# Set environment variables +ENV RAILS_ROOT /app +ENV RAILS_ENV production +ENV BUNDLE_PATH /app/vendor/bundle + +# Prevent documentation installation +RUN echo 'path-exclude=/usr/share/doc/*' > /etc/dpkg/dpkg.cfg.d/00_nodoc && \ + echo 'path-exclude=/usr/share/man/*' >> /etc/dpkg/dpkg.cfg.d/00_nodoc && \ + echo 'path-exclude=/usr/share/groff/*' >> /etc/dpkg/dpkg.cfg.d/00_nodoc && \ + echo 'path-exclude=/usr/share/info/*' >> /etc/dpkg/dpkg.cfg.d/00_nodoc && \ + echo 'path-exclude=/usr/share/lintian/*' >> /etc/dpkg/dpkg.cfg.d/00_nodoc && \ + echo 'path-exclude=/usr/share/linda/*' >> /etc/dpkg/dpkg.cfg.d/00_nodoc + +# Setup timezone data +ENV TZ=Etc/UTC +RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone + +# Install dependencies +RUN apt-get update && apt-get install -y \ + gettext-base \ + git-core \ + curl \ + libcurl4-openssl-dev \ + libjemalloc-dev \ + libpcre3 \ + libpcre3-dev \ + libssl-dev \ + libpq-dev \ + patch \ + util-linux \ + postgresql-contrib \ + && rm -rf /var/lib/apt/lists/* + +# Create user and setup working directory +RUN addgroup --gid 1000 app && \ + adduser --uid 1000 --gid 1000 --disabled-password --gecos "" app && \ + mkdir -p $RAILS_ROOT && \ + mkdir -p $RAILS_ROOT/tmp/pids && \ + mkdir -p $RAILS_ROOT/log + +# copy rds cert from builder +COPY --from=builder /usr/local/share/aws/rds-combined-ca-bundle.pem /usr/local/share/aws/rds-combined-ca-bundle.pem + +# Copy bundle in +COPY --from=builder $RAILS_ROOT $RAILS_ROOT + +COPY package.json $RAILS_ROOT/package.json + +WORKDIR $RAILS_ROOT + +# Copy Application Code +COPY ./lib ./lib +COPY ./app ./app +COPY ./config ./config +COPY ./config.ru ./config.ru +COPY ./db ./db +COPY ./bin ./bin +COPY ./public ./public +COPY ./spec ./spec +COPY ./vendor ./vendor +COPY ./Rakefile ./Rakefile +COPY ./Makefile ./Makefile +COPY ./Procfile ./Procfile +COPY ./log ./log +COPY ./tmp ./tmp +RUN mkdir -p ${RAILS_ROOT}/keys; chmod -R 0755 ${RAILS_ROOT}/keys; \ + mkdir -p ${RAILS_ROOT}/tmp/cache; chmod -R 0755 ${RAILS_ROOT}/tmp/cache; \ + mkdir -p ${RAILS_ROOT}/tmp/pids; chmod -R 0755 ${RAILS_ROOT}/tmp/pids; \ + mkdir -p ${RAILS_ROOT}/tmp/sockets; chmod -R 0755 ${RAILS_ROOT}/tmp/sockets; \ + mkdir -p ${RAILS_ROOT}/config/puma; chmod -R 0755 ${RAILS_ROOT}/config/puma; +COPY --chmod=644 ./k8files/newrelic.yml ./config/newrelic.yml + +# set bundler up +RUN bundle config build.nokogiri --use-system-libraries +RUN bundle config set --local deployment 'true' +RUN bundle config set --local path $BUNDLE_PATH +RUN bundle config set --local without 'deploy development doc test' + +# make everything the proper perms after everything is initialized +RUN chown -R app:app $RAILS_ROOT/tmp && \ + chown -R app:app $RAILS_ROOT/log && \ + find $RAILS_ROOT -type d | xargs chmod 755 + +# get rid of suid/sgid binaries +RUN find / -perm /4000 -type f | xargs chmod u-s +RUN find / -perm /2000 -type f | xargs chmod g-s + +# Expose port the app runs on +EXPOSE 443 + +USER app + +# The keys here are getting mapped in from a secret in the deployment. +CMD ["bundle", "exec", "rackup", "config.ru", "--host", "ssl://0.0.0.0:3000?key=/app/keys/tls.key&cert=/app/keys/tls.crt"]