film42/0_cert.pem Secret

## 0_cert.pem
-----BEGIN CERTIFICATE-----
MIIFujCCA6KgAwIBAgIBATANBgkqhkiG9w0BAQsFADA8MTowOAYDVQQDDDFQdXBw
ZXQgQ0E6IHNiLXNhbmQtcHVwcGV0bWFzdGVyMS5zYW5kLmludGVybmFsLm14MB4X
DTE2MTEyODIzNTMxOFoXDTIxMTEyODIzNTMxOFowPDE6MDgGA1UEAwwxUHVwcGV0
IENBOiBzYi1zYW5kLXB1cHBldG1hc3RlcjEuc2FuZC5pbnRlcm5hbC5teDCCAiIw
DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKNxo2xDfAlcgHLWIxJR501nCpzn
k9fcX1/o3XRPJSc7OqJ0SjnYJ7e78EDdfIhH03buQQInHOCOEO2IET+F+//4F16M
UIif7S/h0FrV52/rludVwd3j8+JDy1XE9YOHIeR0PiRmVU2wuhaj6CpU5EdxtFMG
zK84gfofsokzq5UXg4UrZdLvw0sufZLOkEMP8DjZwcH9IKfCNKEGa7HsPvg5qp2H
Tg9kJ7h6BfKTg1FD38gUQVgqBY6UC265luNVBfa7F42fHC6E9MIN6VAZLbQtnUyw
LtXIy3mgawvcm1G+J1rYJke7VkE2mvbTZC/JCVbyJe1/uqw/g9NmSFOHkTOc3+Xu
zN1OfR9Rdgu7EhlLQ6OVylRWO74Wz0N6MaxOsWjcq5z7H+dxgyOT1Cxfn8WtIDy+
gTljL2vRVCcjbZTDlr4e1OGWHKzQZunVQHZfOcJoWfjXjcr6ur4fHvbCPGMEAQ57
KNdUpMEpzwAYhlG6LyzweFa+BhJ+I2JStcJcmnTtCqEfWa50EPTaz6DrvaUxJeex
eRkXWBJ+fKYSHaqeOa/nR5XEeyPw0feWKUKnmeitsZ85E9JBhOvGZDIo3p3Y3jl4
3MWpZeXCu3BAtjwqy2GTUiu2oIWO8/avSBF5GyLzhsDpHDPXI4VS+2nHxqx6/Z35
lLRC6nvN6JjggYDTAgMBAAGjgcYwgcMwMQYJYIZIAYb4QgENBCQWIlB1cHBldCBT
ZXJ2ZXIgSW50ZXJuYWwgQ2VydGlmaWNhdGUwTgYDVR0jBEcwRaFApD4wPDE6MDgG
A1UEAwwxUHVwcGV0IENBOiBzYi1zYW5kLXB1cHBldG1hc3RlcjEuc2FuZC5pbnRl
cm5hbC5teIIBATAdBgNVHQ4EFgQUPhFPLbUwlf/YnAC7YZL38hVizy8wDwYDVR0T
AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAIeG
Mu3LsNYYxlTimQtJ8+6xNbtW5oDS8a6EKd4UDKfh9fu1wMTG4dzQk39bsb8+Tdnv
6AixVH5kSq3Ik/XA7nR+w6jdFN4jJGweEu6A4NrsQoq5ZGDiNr50opSYwgyoln8o
Bs9KKN3f7S3UEh+JSgUbMV605S8Dc+nmlRJj1OnGmDpwJpkVmUGHqh+LY9HYgjgf
ILL/hDw6ZncUxAlLc17YdRhzuTXttkdG7V/TiR2l7DMMg3zfgRamvY+6x+ZxjAUH
hxcGosgFWi/lUoEPy6kZveTwqZ4vz6JB7PCAl5xxwQY0TdFkgkIZ5IdcLf7yruy9
cX/7BWMp/i4wOM3bhM1DXafn0zSKH9y5ARbZPxMhVSIHeskSdePmVFrJMqLgvqpu
+LEcOq5sIHXpIJHMbw+Rdx1IDLSotPeZUfi1h4Ck+tSOgFvr0Azajns7SQn43gPe
Yslg6hvzHxHCgKPmnEj2dClSnl6mWDtA7u43sRdzXl2TmbVpPcr383wIixi/MYwK
BLbCNxqWCKDc/+DN/2yHNIfExS7nLOSCGSlLyqWtumNwNCCQAyorLUWlV1WNdOkX
VadSSxQB2phahPO495EQ7+monTT28WNgRrLv9UNj0GVobiD/JK7LdiTzrumXEcz+
gpBQpew3tF8J48ZZj5oMw3xSjwm+JLaj/e8hHwOj
-----END CERTIFICATE-----

## 1_openssl_text_out
$ openssl x509 -in /etc/puppetlabs/puppet/ssl/certs/sb-sand-peter1.sand.internal.mx.pem -text -noout
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 317 (0x13d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=Puppet CA: sb-sand-puppetmaster1.sand.internal.mx
        Validity
            Not Before: Nov  5 22:45:09 2018 GMT
            Not After : Nov  5 22:45:09 2023 GMT
        Subject: CN=sb-sand-peter1.sand.internal.mx
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:c3:79:a6:c6:eb:1d:c1:ff:d2:ec:19:48:26:02:
                    8b:88:57:95:20:83:b7:68:62:20:99:51:96:01:d6:
                    6f:32:4b:0d:06:e4:75:99:a8:38:23:f6:7e:c0:68:
                    2d:d9:2b:fd:fa:de:53:be:f6:28:a0:7a:f8:e2:a9:
                    5f:10:c4:9d:a2:9a:67:20:55:24:ae:49:27:6e:af:
                    7d:17:0d:c8:71:c6:88:ea:09:d6:6e:47:ff:a9:3f:
                    08:4c:e1:2c:6a:f4:fb:27:da:8c:ac:0e:f0:0e:0b:
                    16:b0:09:84:c4:e6:74:e8:b7:98:45:e0:0a:87:f1:
                    6e:39:dd:9b:d8:f7:b0:00:03:79:d6:ee:21:3b:33:
                    d8:7c:b4:25:42:e7:43:f3:44:48:65:02:61:3f:90:
                    ba:f2:90:9c:d0:00:70:7e:60:21:76:2e:b1:0c:ae:
                    17:6a:3b:36:04:fb:66:70:55:06:de:86:0a:d8:9e:
                    13:9e:9f:0f:5d:ce:99:73:62:b4:8a:0b:a1:66:0c:
                    fb:63:c9:31:ef:28:7c:4c:00:4d:8f:85:9c:58:cb:
                    f0:f0:ba:07:8c:03:16:0e:87:6b:55:2e:fe:2c:d7:
                    5e:31:e8:20:22:da:3e:18:02:0e:2f:58:cc:38:02:
                    fc:cb:e8:1e:28:ba:26:16:94:13:85:cf:6b:5c:53:
                    8e:c1:c0:74:1e:8e:14:28:5f:5f:c9:94:c3:37:0b:
                    7a:64:82:88:7f:4d:31:b4:68:d3:be:c8:e4:97:56:
                    bc:ed:1d:7c:dc:4a:21:08:df:08:b6:86:bb:98:dc:
                    17:8e:b4:df:9a:45:fc:fd:09:9f:99:8a:44:73:22:
                    c2:54:c7:c3:1b:e5:5e:be:a2:09:21:70:3b:b6:8d:
                    7a:72:69:81:23:74:81:3d:3a:3c:01:41:6e:7b:64:
                    06:1c:d8:8c:d3:e9:42:f1:5d:38:c5:77:07:12:76:
                    09:e6:e3:e3:94:ff:13:9e:2d:4d:10:b8:25:05:ce:
                    e4:11:b5:28:8e:4c:8d:95:ec:a1:8c:43:4a:f7:ff:
                    ee:38:97:9c:b2:91:8f:a1:2d:56:0e:72:b5:96:b6:
                    34:4d:da:78:e6:a4:86:ae:27:ee:fb:e4:1a:b9:44:
                    75:28:de:82:e8:77:c9:19:77:39:3f:7e:dc:d0:b7:
                    02:90:41:18:ea:d9:2c:ec:33:25:01:e5:5b:0c:76:
                    c0:e4:93:a9:6a:92:db:62:9c:b2:73:36:6e:06:9b:
                    3f:32:b0:09:18:45:f3:01:a7:ae:c1:2b:07:6b:58:
                    62:a2:b9:47:e3:5d:bb:68:49:a5:37:4f:96:32:1b:
                    b4:2e:55:da:c1:63:97:a4:5a:64:41:52:b5:4d:63:
                    29:7c:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            Netscape Comment:
                .(Puppet Ruby/OpenSSL Internal Certificate
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: critical
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier:
                F0:E7:7A:B6:98:17:C2:64:13:3F:D7:95:BB:88:1D:0C:D6:B0:41:41
            X509v3 Authority Key Identifier:
                keyid:3E:11:4F:2D:B5:30:95:FF:D8:9C:00:BB:61:92:F7:F2:15:62:CF:2F

    Signature Algorithm: sha256WithRSAEncryption
         5c:c3:39:e3:c8:0c:31:87:f4:ad:86:e6:22:83:ba:a1:36:03:
         50:2c:6f:90:8b:8d:72:84:fb:2e:68:6a:c2:02:25:17:00:1f:
         0d:3c:7e:44:57:df:b9:57:c4:d3:7f:00:eb:64:82:02:be:30:
         8a:82:04:52:2f:2a:aa:0d:f2:4b:f8:24:d5:7e:84:f9:b6:1e:
         59:53:68:1f:3e:44:38:89:ee:06:c9:3b:6c:37:10:5c:8c:ad:
         a3:50:e1:fb:44:78:a4:cf:db:41:8e:01:5a:bb:ff:8a:b3:c4:
         6e:0c:08:60:6c:ba:0a:22:42:a3:68:11:50:b5:15:72:db:50:
         91:ec:c3:e3:1e:e0:39:d1:3c:02:30:cb:b7:9e:39:e1:95:1d:
         c9:82:09:f8:df:14:16:2f:50:ba:1e:26:f4:9c:ff:2d:ce:9e:
         25:7a:cc:f8:e7:10:e2:f1:60:2d:7c:61:c8:c0:02:cc:2f:bb:
         56:8c:f1:e5:fc:87:fc:c2:30:9b:2d:e4:99:dd:2d:78:52:49:
         2d:72:fc:9e:80:9e:3d:e0:71:2c:23:e7:66:52:2c:f2:22:e8:
         11:88:24:90:a2:15:ca:e4:58:20:40:27:f8:5d:16:70:b5:90:
         b4:29:d2:ad:75:f4:3b:3b:4f:02:7b:cf:76:1e:9e:d6:4f:f3:
         f0:f6:dd:ec:51:75:8e:b4:da:c2:8d:58:01:05:bc:2b:6d:66:
         89:42:d1:f4:8f:45:9c:44:2a:c8:13:4d:e1:d0:a7:ef:96:d4:
         61:b0:05:87:b2:cc:78:15:b4:ef:b1:de:d3:56:7e:80:8d:9c:
         89:d0:44:a5:51:08:83:ba:6e:c4:e2:db:cb:01:a3:86:19:7f:
         ec:53:b7:27:ff:15:32:61:77:d2:9a:52:cd:30:82:fa:60:7f:
         f4:cd:3b:46:07:3c:d6:3a:e8:b0:f5:a4:86:4b:3d:3e:c7:14:
         f9:d2:59:c5:44:78:17:5b:17:4c:1b:1b:15:77:1e:9c:a5:d7:
         3f:5a:c6:59:60:25:d1:ce:eb:1b:be:fd:28:62:1e:0b:00:7f:
         2d:01:40:f6:c4:c7:37:50:42:5e:75:bf:c3:24:29:2a:38:b1:
         4f:f6:d8:f3:f6:a5:09:3f:36:6b:a1:09:af:a5:57:c8:dc:21:
         ff:49:b1:a6:36:20:8a:69:69:00:6e:a3:96:fc:48:16:a7:0d:
         79:3a:46:e9:2b:f5:19:1d:6b:28:07:73:c8:be:af:6e:29:4a:
         ec:07:bb:79:05:c9:ce:34:e9:dc:68:cd:b4:e3:c4:61:63:e3:
         0a:78:41:fc:5e:41:65:e9:32:da:55:c8:0d:69:65:f7:5e:58:
         3a:55:c6:f1:82:08:59:c4

## 2_openssl_asn1_parse
$ openssl asn1parse -in /etc/puppetlabs/puppet/ssl/certs/ca.pem
    0:d=0  hl=4 l=1466 cons: SEQUENCE
    4:d=1  hl=4 l= 930 cons: SEQUENCE
    8:d=2  hl=2 l=   3 cons: cont [ 0 ]
   10:d=3  hl=2 l=   1 prim: INTEGER           :02
   13:d=2  hl=2 l=   1 prim: INTEGER           :01
   16:d=2  hl=2 l=  13 cons: SEQUENCE
   18:d=3  hl=2 l=   9 prim: OBJECT            :sha256WithRSAEncryption
   29:d=3  hl=2 l=   0 prim: NULL
   31:d=2  hl=2 l=  60 cons: SEQUENCE
   33:d=3  hl=2 l=  58 cons: SET
   35:d=4  hl=2 l=  56 cons: SEQUENCE
   37:d=5  hl=2 l=   3 prim: OBJECT            :commonName
   42:d=5  hl=2 l=  49 prim: UTF8STRING        :Puppet CA: sb-sand-puppetmaster1.sand.internal.mx
   93:d=2  hl=2 l=  30 cons: SEQUENCE
   95:d=3  hl=2 l=  13 prim: UTCTIME           :161128235318Z
  110:d=3  hl=2 l=  13 prim: UTCTIME           :211128235318Z
  125:d=2  hl=2 l=  60 cons: SEQUENCE
  127:d=3  hl=2 l=  58 cons: SET
  129:d=4  hl=2 l=  56 cons: SEQUENCE
  131:d=5  hl=2 l=   3 prim: OBJECT            :commonName
  136:d=5  hl=2 l=  49 prim: UTF8STRING        :Puppet CA: sb-sand-puppetmaster1.sand.internal.mx
  187:d=2  hl=4 l= 546 cons: SEQUENCE
  191:d=3  hl=2 l=  13 cons: SEQUENCE
  193:d=4  hl=2 l=   9 prim: OBJECT            :rsaEncryption
  204:d=4  hl=2 l=   0 prim: NULL
  206:d=3  hl=4 l= 527 prim: BIT STRING
  737:d=2  hl=3 l= 198 cons: cont [ 3 ]
  740:d=3  hl=3 l= 195 cons: SEQUENCE
  743:d=4  hl=2 l=  49 cons: SEQUENCE
  745:d=5  hl=2 l=   9 prim: OBJECT            :Netscape Comment
  756:d=5  hl=2 l=  36 prim: OCTET STRING      [HEX DUMP]:16225075707065742053657276657220496E7465726E616C204365727469666963617465
  794:d=4  hl=2 l=  78 cons: SEQUENCE
  796:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key Identifier
  801:d=5  hl=2 l=  71 prim: OCTET STRING      [HEX DUMP]:3045A140A43E303C313A303806035504030C315075707065742043413A2073622D73616E642D7075707065746D6173746572312E73616E642E696E7465726E616C2E6D78820101
  874:d=4  hl=2 l=  29 cons: SEQUENCE
  876:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Key Identifier
  881:d=5  hl=2 l=  22 prim: OCTET STRING      [HEX DUMP]:04143E114F2DB53095FFD89C00BB6192F7F21562CF2F
  905:d=4  hl=2 l=  15 cons: SEQUENCE
  907:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Basic Constraints
  912:d=5  hl=2 l=   1 prim: BOOLEAN           :255
  915:d=5  hl=2 l=   5 prim: OCTET STRING      [HEX DUMP]:30030101FF
  922:d=4  hl=2 l=  14 cons: SEQUENCE
  924:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
  929:d=5  hl=2 l=   1 prim: BOOLEAN           :255
  932:d=5  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:03020106
  938:d=1  hl=2 l=  13 cons: SEQUENCE
  940:d=2  hl=2 l=   9 prim: OBJECT            :sha256WithRSAEncryption
  951:d=2  hl=2 l=   0 prim: NULL
  953:d=1  hl=4 l= 513 prim: BIT STRING

## 3_openssl_ruby_extensions
irb(main):003:0> cert = OpenSSL::X509::Certificate.new(File.read("/etc/puppetlabs/puppet/ssl/certs/sb-sand-peter1.sand.internal.mx.pem"))
=> #<OpenSSL::X509::Certificate subject=/CN=sb-sand-peter1.sand.internal.mx, issuer=/CN=Puppet CA: sb-sand-puppetmaster1.sand.internal.mx, serial=317, not_before=2018-11-05 22:45:09 UTC, not_after=2023-11-05 22:45:09 UTC>

irb(main):004:0> pp cert.extensions.map(&:value)
[".(Puppet Ruby/OpenSSL Internal Certificate",
 "Digital Signature, Key Encipherment",
 "TLS Web Server Authentication, TLS Web Client Authentication",
 "CA:FALSE",
 "F0:E7:7A:B6:98:17:C2:64:13:3F:D7:95:BB:88:1D:0C:D6:B0:41:41",
 "keyid:3E:11:4F:2D:B5:30:95:FF:D8:9C:00:BB:61:92:F7:F2:15:62:CF:2F\n"]

 irb(main):005:0> pp cert.extensions.map(&:to_h)
[{"oid"=>"nsComment",
  "value"=>".(Puppet Ruby/OpenSSL Internal Certificate",
  "critical"=>false},
 {"oid"=>"keyUsage",
  "value"=>"Digital Signature, Key Encipherment",
  "critical"=>true},
 {"oid"=>"extendedKeyUsage",
  "value"=>"TLS Web Server Authentication, TLS Web Client Authentication",
  "critical"=>true},
 {"oid"=>"basicConstraints", "value"=>"CA:FALSE", "critical"=>true},
 {"oid"=>"subjectKeyIdentifier",
  "value"=>"F0:E7:7A:B6:98:17:C2:64:13:3F:D7:95:BB:88:1D:0C:D6:B0:41:41",
  "critical"=>false},
 {"oid"=>"authorityKeyIdentifier",
  "value"=>
   "keyid:3E:11:4F:2D:B5:30:95:FF:D8:9C:00:BB:61:92:F7:F2:15:62:CF:2F\n",
  "critical"=>false}]
	-----BEGIN CERTIFICATE-----
	MIIFujCCA6KgAwIBAgIBATANBgkqhkiG9w0BAQsFADA8MTowOAYDVQQDDDFQdXBw
	ZXQgQ0E6IHNiLXNhbmQtcHVwcGV0bWFzdGVyMS5zYW5kLmludGVybmFsLm14MB4X
	DTE2MTEyODIzNTMxOFoXDTIxMTEyODIzNTMxOFowPDE6MDgGA1UEAwwxUHVwcGV0
	IENBOiBzYi1zYW5kLXB1cHBldG1hc3RlcjEuc2FuZC5pbnRlcm5hbC5teDCCAiIw
	DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKNxo2xDfAlcgHLWIxJR501nCpzn
	k9fcX1/o3XRPJSc7OqJ0SjnYJ7e78EDdfIhH03buQQInHOCOEO2IET+F+//4F16M
	UIif7S/h0FrV52/rludVwd3j8+JDy1XE9YOHIeR0PiRmVU2wuhaj6CpU5EdxtFMG
	zK84gfofsokzq5UXg4UrZdLvw0sufZLOkEMP8DjZwcH9IKfCNKEGa7HsPvg5qp2H
	Tg9kJ7h6BfKTg1FD38gUQVgqBY6UC265luNVBfa7F42fHC6E9MIN6VAZLbQtnUyw
	LtXIy3mgawvcm1G+J1rYJke7VkE2mvbTZC/JCVbyJe1/uqw/g9NmSFOHkTOc3+Xu
	zN1OfR9Rdgu7EhlLQ6OVylRWO74Wz0N6MaxOsWjcq5z7H+dxgyOT1Cxfn8WtIDy+
	gTljL2vRVCcjbZTDlr4e1OGWHKzQZunVQHZfOcJoWfjXjcr6ur4fHvbCPGMEAQ57
	KNdUpMEpzwAYhlG6LyzweFa+BhJ+I2JStcJcmnTtCqEfWa50EPTaz6DrvaUxJeex
	eRkXWBJ+fKYSHaqeOa/nR5XEeyPw0feWKUKnmeitsZ85E9JBhOvGZDIo3p3Y3jl4
	3MWpZeXCu3BAtjwqy2GTUiu2oIWO8/avSBF5GyLzhsDpHDPXI4VS+2nHxqx6/Z35
	lLRC6nvN6JjggYDTAgMBAAGjgcYwgcMwMQYJYIZIAYb4QgENBCQWIlB1cHBldCBT
	ZXJ2ZXIgSW50ZXJuYWwgQ2VydGlmaWNhdGUwTgYDVR0jBEcwRaFApD4wPDE6MDgG
	A1UEAwwxUHVwcGV0IENBOiBzYi1zYW5kLXB1cHBldG1hc3RlcjEuc2FuZC5pbnRl
	cm5hbC5teIIBATAdBgNVHQ4EFgQUPhFPLbUwlf/YnAC7YZL38hVizy8wDwYDVR0T
	AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAIeG
	Mu3LsNYYxlTimQtJ8+6xNbtW5oDS8a6EKd4UDKfh9fu1wMTG4dzQk39bsb8+Tdnv
	6AixVH5kSq3Ik/XA7nR+w6jdFN4jJGweEu6A4NrsQoq5ZGDiNr50opSYwgyoln8o
	Bs9KKN3f7S3UEh+JSgUbMV605S8Dc+nmlRJj1OnGmDpwJpkVmUGHqh+LY9HYgjgf
	ILL/hDw6ZncUxAlLc17YdRhzuTXttkdG7V/TiR2l7DMMg3zfgRamvY+6x+ZxjAUH
	hxcGosgFWi/lUoEPy6kZveTwqZ4vz6JB7PCAl5xxwQY0TdFkgkIZ5IdcLf7yruy9
	cX/7BWMp/i4wOM3bhM1DXafn0zSKH9y5ARbZPxMhVSIHeskSdePmVFrJMqLgvqpu
	+LEcOq5sIHXpIJHMbw+Rdx1IDLSotPeZUfi1h4Ck+tSOgFvr0Azajns7SQn43gPe
	Yslg6hvzHxHCgKPmnEj2dClSnl6mWDtA7u43sRdzXl2TmbVpPcr383wIixi/MYwK
	BLbCNxqWCKDc/+DN/2yHNIfExS7nLOSCGSlLyqWtumNwNCCQAyorLUWlV1WNdOkX
	VadSSxQB2phahPO495EQ7+monTT28WNgRrLv9UNj0GVobiD/JK7LdiTzrumXEcz+
	gpBQpew3tF8J48ZZj5oMw3xSjwm+JLaj/e8hHwOj
	-----END CERTIFICATE-----
	$ openssl x509 -in /etc/puppetlabs/puppet/ssl/certs/sb-sand-peter1.sand.internal.mx.pem -text -noout
	Certificate:
	Data:
	Version: 3 (0x2)
	Serial Number: 317 (0x13d)
	Signature Algorithm: sha256WithRSAEncryption
	Issuer: CN=Puppet CA: sb-sand-puppetmaster1.sand.internal.mx
	Validity
	Not Before: Nov 5 22:45:09 2018 GMT
	Not After : Nov 5 22:45:09 2023 GMT
	Subject: CN=sb-sand-peter1.sand.internal.mx
	Subject Public Key Info:
	Public Key Algorithm: rsaEncryption
	Public-Key: (4096 bit)
	Modulus:
	00:c3:79:a6:c6:eb:1d:c1:ff:d2:ec:19:48:26:02:
	8b:88:57:95:20:83:b7:68:62:20:99:51:96:01:d6:
	6f:32:4b:0d:06:e4:75:99:a8:38:23:f6:7e:c0:68:
	2d:d9:2b:fd:fa:de:53:be:f6:28:a0:7a:f8:e2:a9:
	5f:10:c4:9d:a2:9a:67:20:55:24:ae:49:27:6e:af:
	7d:17:0d:c8:71:c6:88:ea:09:d6:6e:47:ff:a9:3f:
	08:4c:e1:2c:6a:f4:fb:27:da:8c:ac:0e:f0:0e:0b:
	16:b0:09:84:c4:e6:74:e8:b7:98:45:e0:0a:87:f1:
	6e:39:dd:9b:d8:f7:b0:00:03:79:d6:ee:21:3b:33:
	d8:7c:b4:25:42:e7:43:f3:44:48:65:02:61:3f:90:
	ba:f2:90:9c:d0:00:70:7e:60:21:76:2e:b1:0c:ae:
	17:6a:3b:36:04:fb:66:70:55:06:de:86:0a:d8:9e:
	13:9e:9f:0f:5d:ce:99:73:62:b4:8a:0b:a1:66:0c:
	fb:63:c9:31:ef:28:7c:4c:00:4d:8f:85:9c:58:cb:
	f0:f0:ba:07:8c:03:16:0e:87:6b:55:2e:fe:2c:d7:
	5e:31:e8:20:22:da:3e:18:02:0e:2f:58:cc:38:02:
	fc:cb:e8:1e:28:ba:26:16:94:13:85:cf:6b:5c:53:
	8e:c1:c0:74:1e:8e:14:28:5f:5f:c9:94:c3:37:0b:
	7a:64:82:88:7f:4d:31:b4:68:d3:be:c8:e4:97:56:
	bc:ed:1d:7c:dc:4a:21:08:df:08:b6:86:bb:98:dc:
	17:8e:b4:df:9a:45:fc:fd:09:9f:99:8a:44:73:22:
	c2:54:c7:c3:1b:e5:5e:be:a2:09:21:70:3b:b6:8d:
	7a:72:69:81:23:74:81:3d:3a:3c:01:41:6e:7b:64:
	06:1c:d8:8c:d3:e9:42:f1:5d:38:c5:77:07:12:76:
	09:e6:e3:e3:94:ff:13:9e:2d:4d:10:b8:25:05:ce:
	e4:11:b5:28:8e:4c:8d:95:ec:a1:8c:43:4a:f7:ff:
	ee:38:97:9c:b2:91:8f:a1:2d:56:0e:72:b5:96:b6:
	34:4d:da:78:e6:a4:86:ae:27:ee:fb:e4:1a:b9:44:
	75:28:de:82:e8:77:c9:19:77:39:3f:7e:dc:d0:b7:
	02:90:41:18:ea:d9:2c:ec:33:25:01:e5:5b:0c:76:
	c0:e4:93:a9:6a:92:db:62:9c:b2:73:36:6e:06:9b:
	3f:32:b0:09:18:45:f3:01:a7:ae:c1:2b:07:6b:58:
	62:a2:b9:47:e3:5d:bb:68:49:a5:37:4f:96:32:1b:
	b4:2e:55:da:c1:63:97:a4:5a:64:41:52:b5:4d:63:
	29:7c:a7
	Exponent: 65537 (0x10001)
	X509v3 extensions:
	Netscape Comment:
	.(Puppet Ruby/OpenSSL Internal Certificate
	X509v3 Key Usage: critical
	Digital Signature, Key Encipherment
	X509v3 Extended Key Usage: critical
	TLS Web Server Authentication, TLS Web Client Authentication
	X509v3 Basic Constraints: critical
	CA:FALSE
	X509v3 Subject Key Identifier:
	F0:E7:7A:B6:98:17:C2:64:13:3F:D7:95:BB:88:1D:0C:D6:B0:41:41
	X509v3 Authority Key Identifier:
	keyid:3E:11:4F:2D:B5:30:95:FF:D8:9C:00:BB:61:92:F7:F2:15:62:CF:2F

	Signature Algorithm: sha256WithRSAEncryption
	5c:c3:39:e3:c8:0c:31:87:f4:ad:86:e6:22:83:ba:a1:36:03:
	50:2c:6f:90:8b:8d:72:84:fb:2e:68:6a:c2:02:25:17:00:1f:
	0d:3c:7e:44:57:df:b9:57:c4:d3:7f:00:eb:64:82:02:be:30:
	8a:82:04:52:2f:2a:aa:0d:f2:4b:f8:24:d5:7e:84:f9:b6:1e:
	59:53:68:1f:3e:44:38:89:ee:06:c9:3b:6c:37:10:5c:8c:ad:
	a3:50:e1:fb:44:78:a4:cf:db:41:8e:01:5a:bb:ff:8a:b3:c4:
	6e:0c:08:60:6c:ba:0a:22:42:a3:68:11:50:b5:15:72:db:50:
	91:ec:c3:e3:1e:e0:39:d1:3c:02:30:cb:b7:9e:39:e1:95:1d:
	c9:82:09:f8:df:14:16:2f:50:ba:1e:26:f4:9c:ff:2d:ce:9e:
	25:7a:cc:f8:e7:10:e2:f1:60:2d:7c:61:c8:c0:02:cc:2f:bb:
	56:8c:f1:e5:fc:87:fc:c2:30:9b:2d:e4:99:dd:2d:78:52:49:
	2d:72:fc:9e:80:9e:3d:e0:71:2c:23:e7:66:52:2c:f2:22:e8:
	11:88:24:90:a2:15:ca:e4:58:20:40:27:f8:5d:16:70:b5:90:
	b4:29:d2:ad:75:f4:3b:3b:4f:02:7b:cf:76:1e:9e:d6:4f:f3:
	f0:f6:dd:ec:51:75:8e:b4:da:c2:8d:58:01:05:bc:2b:6d:66:
	89:42:d1:f4:8f:45:9c:44:2a:c8:13:4d:e1:d0:a7:ef:96:d4:
	61:b0:05:87:b2:cc:78:15:b4:ef:b1:de:d3:56:7e:80:8d:9c:
	89:d0:44:a5:51:08:83:ba:6e:c4:e2:db:cb:01:a3:86:19:7f:
	ec:53:b7:27:ff:15:32:61:77:d2:9a:52:cd:30:82:fa:60:7f:
	f4:cd:3b:46:07:3c:d6:3a:e8:b0:f5:a4:86:4b:3d:3e:c7:14:
	f9:d2:59:c5:44:78:17:5b:17:4c:1b:1b:15:77:1e:9c:a5:d7:
	3f:5a:c6:59:60:25:d1:ce:eb:1b:be:fd:28:62:1e:0b:00:7f:
	2d:01:40:f6:c4:c7:37:50:42:5e:75:bf:c3:24:29:2a:38:b1:
	4f:f6:d8:f3:f6:a5:09:3f:36:6b:a1:09:af:a5:57:c8:dc:21:
	ff:49:b1:a6:36:20:8a:69:69:00:6e:a3:96:fc:48:16:a7:0d:
	79:3a:46:e9:2b:f5:19:1d:6b:28:07:73:c8:be:af:6e:29:4a:
	ec:07:bb:79:05:c9:ce:34:e9:dc:68:cd:b4:e3:c4:61:63:e3:
	0a:78:41:fc:5e:41:65:e9:32:da:55:c8:0d:69:65:f7:5e:58:
	3a:55:c6:f1:82:08:59:c4
	$ openssl asn1parse -in /etc/puppetlabs/puppet/ssl/certs/ca.pem
	0:d=0 hl=4 l=1466 cons: SEQUENCE
	4:d=1 hl=4 l= 930 cons: SEQUENCE
	8:d=2 hl=2 l= 3 cons: cont [ 0 ]
	10:d=3 hl=2 l= 1 prim: INTEGER :02
	13:d=2 hl=2 l= 1 prim: INTEGER :01
	16:d=2 hl=2 l= 13 cons: SEQUENCE
	18:d=3 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
	29:d=3 hl=2 l= 0 prim: NULL
	31:d=2 hl=2 l= 60 cons: SEQUENCE
	33:d=3 hl=2 l= 58 cons: SET
	35:d=4 hl=2 l= 56 cons: SEQUENCE
	37:d=5 hl=2 l= 3 prim: OBJECT :commonName
	42:d=5 hl=2 l= 49 prim: UTF8STRING :Puppet CA: sb-sand-puppetmaster1.sand.internal.mx
	93:d=2 hl=2 l= 30 cons: SEQUENCE
	95:d=3 hl=2 l= 13 prim: UTCTIME :161128235318Z
	110:d=3 hl=2 l= 13 prim: UTCTIME :211128235318Z
	125:d=2 hl=2 l= 60 cons: SEQUENCE
	127:d=3 hl=2 l= 58 cons: SET
	129:d=4 hl=2 l= 56 cons: SEQUENCE
	131:d=5 hl=2 l= 3 prim: OBJECT :commonName
	136:d=5 hl=2 l= 49 prim: UTF8STRING :Puppet CA: sb-sand-puppetmaster1.sand.internal.mx
	187:d=2 hl=4 l= 546 cons: SEQUENCE
	191:d=3 hl=2 l= 13 cons: SEQUENCE
	193:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption
	204:d=4 hl=2 l= 0 prim: NULL
	206:d=3 hl=4 l= 527 prim: BIT STRING
	737:d=2 hl=3 l= 198 cons: cont [ 3 ]
	740:d=3 hl=3 l= 195 cons: SEQUENCE
	743:d=4 hl=2 l= 49 cons: SEQUENCE
	745:d=5 hl=2 l= 9 prim: OBJECT :Netscape Comment
	756:d=5 hl=2 l= 36 prim: OCTET STRING [HEX DUMP]:16225075707065742053657276657220496E7465726E616C204365727469666963617465
	794:d=4 hl=2 l= 78 cons: SEQUENCE
	796:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier
	801:d=5 hl=2 l= 71 prim: OCTET STRING [HEX DUMP]:3045A140A43E303C313A303806035504030C315075707065742043413A2073622D73616E642D7075707065746D6173746572312E73616E642E696E7465726E616C2E6D78820101
	874:d=4 hl=2 l= 29 cons: SEQUENCE
	876:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier
	881:d=5 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:04143E114F2DB53095FFD89C00BB6192F7F21562CF2F
	905:d=4 hl=2 l= 15 cons: SEQUENCE
	907:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
	912:d=5 hl=2 l= 1 prim: BOOLEAN :255
	915:d=5 hl=2 l= 5 prim: OCTET STRING [HEX DUMP]:30030101FF
	922:d=4 hl=2 l= 14 cons: SEQUENCE
	924:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage
	929:d=5 hl=2 l= 1 prim: BOOLEAN :255
	932:d=5 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:03020106
	938:d=1 hl=2 l= 13 cons: SEQUENCE
	940:d=2 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
	951:d=2 hl=2 l= 0 prim: NULL
	953:d=1 hl=4 l= 513 prim: BIT STRING
	irb(main):003:0> cert = OpenSSL::X509::Certificate.new(File.read("/etc/puppetlabs/puppet/ssl/certs/sb-sand-peter1.sand.internal.mx.pem"))
	=> #<OpenSSL::X509::Certificate subject=/CN=sb-sand-peter1.sand.internal.mx, issuer=/CN=Puppet CA: sb-sand-puppetmaster1.sand.internal.mx, serial=317, not_before=2018-11-05 22:45:09 UTC, not_after=2023-11-05 22:45:09 UTC>

	irb(main):004:0> pp cert.extensions.map(&:value)
	[".(Puppet Ruby/OpenSSL Internal Certificate",
	"Digital Signature, Key Encipherment",
	"TLS Web Server Authentication, TLS Web Client Authentication",
	"CA:FALSE",
	"F0:E7:7A:B6:98:17:C2:64:13:3F:D7:95:BB:88:1D:0C:D6:B0:41:41",
	"keyid:3E:11:4F:2D:B5:30:95:FF:D8:9C:00:BB:61:92:F7:F2:15:62:CF:2F\n"]

	irb(main):005:0> pp cert.extensions.map(&:to_h)
	[{"oid"=>"nsComment",
	"value"=>".(Puppet Ruby/OpenSSL Internal Certificate",
	"critical"=>false},
	{"oid"=>"keyUsage",
	"value"=>"Digital Signature, Key Encipherment",
	"critical"=>true},
	{"oid"=>"extendedKeyUsage",
	"value"=>"TLS Web Server Authentication, TLS Web Client Authentication",
	"critical"=>true},
	{"oid"=>"basicConstraints", "value"=>"CA:FALSE", "critical"=>true},
	{"oid"=>"subjectKeyIdentifier",
	"value"=>"F0:E7:7A:B6:98:17:C2:64:13:3F:D7:95:BB:88:1D:0C:D6:B0:41:41",
	"critical"=>false},
	{"oid"=>"authorityKeyIdentifier",
	"value"=>
	"keyid:3E:11:4F:2D:B5:30:95:FF:D8:9C:00:BB:61:92:F7:F2:15:62:CF:2F\n",
	"critical"=>false}]