Created
December 29, 2015 16:59
-
-
Save issacg/606e0b37dda524230b45 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
C:\Users\issacg\vlt-test2>vault mount -path ca pki | |
Successfully mounted 'pki' at 'ca'! | |
C:\Users\issacg\vlt-test2>vault mount -path int pki | |
Successfully mounted 'pki' at 'int'! | |
C:\Users\issacg\vlt-test2>vault write ca/root/generate/internal common_name=ca ttl=24h | |
Key Value | |
lease_id ca/root/generate/internal/207e3f59-c007-92a5-1c19-a4bdc207142b | |
lease_duration 86399 | |
lease_renewable false | |
certificate -----BEGIN CERTIFICATE----- | |
MIIDQTCCAimgAwIBAgIUXrXtjMd49ewhnZVqVwpSYBDyfWkwDQYJKoZIhvcNAQEL | |
BQAwDTELMAkGA1UEAxMCY2EwHhcNMTUxMjI5MTY0NzM0WhcNMTUxMjMwMTY0NzM0 | |
WjANMQswCQYDVQQDEwJjYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB | |
AOdofVjFRL+sPFKjTu1ZxvUEBAwT8NtO37nQBUPjrdjlkfIi4FdUTtynaY7jGZ3D | |
EV3nL5UzqwKvv3lRJMAXkxie8cHDvREEgsxGaBiOhS06530i1iEAsYObMqANnj9J | |
AE7Mcx17QGS7tb48vtg4b2pgM7avEdCZlz2O5hGIb4eHTnYo7TqjK3iQd4euZ6uT | |
rat3AI7jkHXdzcjvjuMHoJeLzzP7x9PLs9ri2TfBu2LCR58k79Uv61qp1YaqTVdQ | |
yvRBzyLvZHH0238JUbZ1vfuxMUNFrJbk/tjvlpqNpjGx9B4ft5zu2DTzOSQqfpkj | |
t87OMh2ES9eKh/shX5c0ZvECAwEAAaOBmDCBlTAOBgNVHQ8BAf8EBAMCAa4wIwYD | |
VR0lBBwwGgYEVR0lAAYIKwYBBQUHAwEGCCsGAQUFBwMCMA8GA1UdEwEB/wQFMAMB | |
Af8wHQYDVR0OBBYEFJk4OqGCebQZ/6o+XxQ3jGT8u6Q9MB8GA1UdIwQYMBaAFJk4 | |
OqGCebQZ/6o+XxQ3jGT8u6Q9MA0GA1UdEQQGMASCAmNhMA0GCSqGSIb3DQEBCwUA | |
A4IBAQAh8Pxlc4a9jrkJdnKVTspRJ06Mo9ptXtQjE/AExCDG1FoO1/UbyQj6G8Tq | |
E29RKcoGWIZ91GNZTzOJDfyObzTBENy2Om7eWxZd0MJ8M8PDnK6FbESE5xJBBQJl | |
+HIZaBpV9dkQYZ8H02SG+HJY/GFGmMUSg66Sw/Pd5EQpiotjXcUvZCWF0QXoe7SF | |
wDAMwIa3L5ekYbCjk86MabAbDG1qijxEiKt7DH+XA98Sg9hoqXgb/Wff5g7MsSla | |
5QvHuC5pv++iBso6QS2Y03mbDa5h2B7UII68WTFsk7K1mkmwdZmRdFa1fKjYxuvc | |
kNR76VWGiLCe42vf03AwOS6jadt5 | |
-----END CERTIFICATE----- | |
expiration 1.451494054e+09 | |
issuing_ca -----BEGIN CERTIFICATE----- | |
MIIDQTCCAimgAwIBAgIUXrXtjMd49ewhnZVqVwpSYBDyfWkwDQYJKoZIhvcNAQEL | |
BQAwDTELMAkGA1UEAxMCY2EwHhcNMTUxMjI5MTY0NzM0WhcNMTUxMjMwMTY0NzM0 | |
WjANMQswCQYDVQQDEwJjYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB | |
AOdofVjFRL+sPFKjTu1ZxvUEBAwT8NtO37nQBUPjrdjlkfIi4FdUTtynaY7jGZ3D | |
EV3nL5UzqwKvv3lRJMAXkxie8cHDvREEgsxGaBiOhS06530i1iEAsYObMqANnj9J | |
AE7Mcx17QGS7tb48vtg4b2pgM7avEdCZlz2O5hGIb4eHTnYo7TqjK3iQd4euZ6uT | |
rat3AI7jkHXdzcjvjuMHoJeLzzP7x9PLs9ri2TfBu2LCR58k79Uv61qp1YaqTVdQ | |
yvRBzyLvZHH0238JUbZ1vfuxMUNFrJbk/tjvlpqNpjGx9B4ft5zu2DTzOSQqfpkj | |
t87OMh2ES9eKh/shX5c0ZvECAwEAAaOBmDCBlTAOBgNVHQ8BAf8EBAMCAa4wIwYD | |
VR0lBBwwGgYEVR0lAAYIKwYBBQUHAwEGCCsGAQUFBwMCMA8GA1UdEwEB/wQFMAMB | |
Af8wHQYDVR0OBBYEFJk4OqGCebQZ/6o+XxQ3jGT8u6Q9MB8GA1UdIwQYMBaAFJk4 | |
OqGCebQZ/6o+XxQ3jGT8u6Q9MA0GA1UdEQQGMASCAmNhMA0GCSqGSIb3DQEBCwUA | |
A4IBAQAh8Pxlc4a9jrkJdnKVTspRJ06Mo9ptXtQjE/AExCDG1FoO1/UbyQj6G8Tq | |
E29RKcoGWIZ91GNZTzOJDfyObzTBENy2Om7eWxZd0MJ8M8PDnK6FbESE5xJBBQJl | |
+HIZaBpV9dkQYZ8H02SG+HJY/GFGmMUSg66Sw/Pd5EQpiotjXcUvZCWF0QXoe7SF | |
wDAMwIa3L5ekYbCjk86MabAbDG1qijxEiKt7DH+XA98Sg9hoqXgb/Wff5g7MsSla | |
5QvHuC5pv++iBso6QS2Y03mbDa5h2B7UII68WTFsk7K1mkmwdZmRdFa1fKjYxuvc | |
kNR76VWGiLCe42vf03AwOS6jadt5 | |
-----END CERTIFICATE----- | |
serial_number 5e:b5:ed:8c:c7:78:f5:ec:21:9d:95:6a:57:0a:52:60:10:f2:7d:69 | |
C:\Users\issacg\vlt-test2>notepad ca.crt | |
C:\Users\issacg\vlt-test2>vault write int/intermediate/generate/internal common_name=int | |
Key Value | |
csr -----BEGIN CERTIFICATE REQUEST----- | |
MIICdDCCAVwCAQAwDjEMMAoGA1UEAxMDaW50MIIBIjANBgkqhkiG9w0BAQEFAAOC | |
AQ8AMIIBCgKCAQEAlODupQvL/t1vHE5ZcdAdWE77L/zImS6jKTHYjyiphcF7bo+l | |
qnK7WNLecMUQ1UgDOWw4cGBqac1qU7sqEE+o5oCDzgdjTjJDhz09Yq44Th2EnTC7 | |
Asx53NdsRd9x5nOuUijwAiDJ4nnD7Vpw7Yjb+MkkOyKLwbWXdMJlv2PpO239sgvp | |
BiCyXLKYL1yd6aw3KUxMWjbP+BRRsY6CUExjOKQnAVlinDeOpbxX9jWxw6aHWgu2 | |
PSmnfotLPI43kl9XfZQKErME3VDn6eJC/EDKWuCTghpEiPPsCKX8k8eaufp8BbG6 | |
EuyCIL/6r7wcInoAYVS2l6bmd9KdZBbXOgKKIwIDAQABoCEwHwYJKoZIhvcNAQkO | |
MRIwEDAOBgNVHREEBzAFggNpbnQwDQYJKoZIhvcNAQELBQADggEBAHGl84tRvE2e | |
ef8qRXID4Pl4cYW55LI9AUYPaPM9+kiqxhUBKsscOtfzbJ850xqeYN4wIwvi7J6Q | |
dho/OBaSLj3tTPcRGgFyPQpmPhyN36yRAFlkgCtHAtxWatjdjZbylqvf9sOMynR1 | |
cWUfZx6EajxXq8zAJYbXQhwY8wpjM0C2fp0IoOb17tixEv2n+jbpkgWOWFplpt1l | |
Dguxer55ASUOFy5JXvKaBBFSvkxh1rffWiXQt9+WMuiktjXor68UEyF8vU/rg3al | |
RebWwnPxhA7ip5zr0nuKl4pXAyrwA1pGS0SPOG+Xu678YUeJuKOQQl7DWMxYo8KP | |
herIytGYBdE= | |
-----END CERTIFICATE REQUEST----- | |
C:\Users\issacg\vlt-test2>notepad int.csr | |
C:\Users\issacg\vlt-test2>vault write ca/root/sign-intermediate csr=@int.csr use_csr_values=true ttl=23h | |
Key Value | |
lease_id ca/root/sign-intermediate/69e4011b-8658-799c-5df6-e5ea980b374c | |
lease_duration 82799 | |
lease_renewable false | |
certificate -----BEGIN CERTIFICATE----- | |
MIIDQzCCAiugAwIBAgIUMnHhTmpmS9iwYdgjEiZh/f15++UwDQYJKoZIhvcNAQEL | |
BQAwDTELMAkGA1UEAxMCY2EwHhcNMTUxMjI5MTY0ODI3WhcNMTUxMjMwMTU0ODI3 | |
WjAOMQwwCgYDVQQDEwNpbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB | |
AQCU4O6lC8v+3W8cTllx0B1YTvsv/MiZLqMpMdiPKKmFwXtuj6WqcrtY0t5wxRDV | |
SAM5bDhwYGppzWpTuyoQT6jmgIPOB2NOMkOHPT1irjhOHYSdMLsCzHnc12xF33Hm | |
c65SKPACIMniecPtWnDtiNv4ySQ7IovBtZd0wmW/Y+k7bf2yC+kGILJcspgvXJ3p | |
rDcpTExaNs/4FFGxjoJQTGM4pCcBWWKcN46lvFf2NbHDpodaC7Y9Kad+i0s8jjeS | |
X1d9lAoSswTdUOfp4kL8QMpa4JOCGkSI8+wIpfyTx5q5+nwFsboS7IIgv/qvvBwi | |
egBhVLaXpuZ30p1kFtc6AoojAgMBAAGjgZkwgZYwDgYDVR0PAQH/BAQDAgGuMCMG | |
A1UdJQQcMBoGBFUdJQAGCCsGAQUFBwMBBggrBgEFBQcDAjAPBgNVHRMBAf8EBTAD | |
AQH/MB0GA1UdDgQWBBRrM3PkJrAu595rLvEJKbmd/MI6jDAfBgNVHSMEGDAWgBSZ | |
ODqhgnm0Gf+qPl8UN4xk/LukPTAOBgNVHREEBzAFggNpbnQwDQYJKoZIhvcNAQEL | |
BQADggEBAEaWtjmTjSZpETh0mKr+kAQRE+Cbmmga2hY66xWGoOBqRJgPQHV6uMsn | |
wMaiKtt+XL7RvLje2uDkbmH8NTb6D4eW7j5+pHzbudeUfc0+Mz77fk2HrSgOwQT+ | |
p3rKquJBbe66zY/KpaELgw0EyHM5LvY0hmzef7BAlW3/vKlo8KK9olIefvP1CXnh | |
GzPvrYf9yY9c3i6uiEsI8udcAlpxE3AN6Dvnrluxcr9tVsrd8iaZhC1mDJxs4XNX | |
1FYG9wlaFxUn140gusNpAR8zj6q+x1UpODh4O7Z1cOro5GMuyrzZxqMUHygIY7QK | |
r+F7QPTExU7pV9OOe4BtdAYEkvbYogg= | |
-----END CERTIFICATE----- | |
expiration 1.451490507e+09 | |
issuing_ca -----BEGIN CERTIFICATE----- | |
MIIDQTCCAimgAwIBAgIUXrXtjMd49ewhnZVqVwpSYBDyfWkwDQYJKoZIhvcNAQEL | |
BQAwDTELMAkGA1UEAxMCY2EwHhcNMTUxMjI5MTY0NzM0WhcNMTUxMjMwMTY0NzM0 | |
WjANMQswCQYDVQQDEwJjYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB | |
AOdofVjFRL+sPFKjTu1ZxvUEBAwT8NtO37nQBUPjrdjlkfIi4FdUTtynaY7jGZ3D | |
EV3nL5UzqwKvv3lRJMAXkxie8cHDvREEgsxGaBiOhS06530i1iEAsYObMqANnj9J | |
AE7Mcx17QGS7tb48vtg4b2pgM7avEdCZlz2O5hGIb4eHTnYo7TqjK3iQd4euZ6uT | |
rat3AI7jkHXdzcjvjuMHoJeLzzP7x9PLs9ri2TfBu2LCR58k79Uv61qp1YaqTVdQ | |
yvRBzyLvZHH0238JUbZ1vfuxMUNFrJbk/tjvlpqNpjGx9B4ft5zu2DTzOSQqfpkj | |
t87OMh2ES9eKh/shX5c0ZvECAwEAAaOBmDCBlTAOBgNVHQ8BAf8EBAMCAa4wIwYD | |
VR0lBBwwGgYEVR0lAAYIKwYBBQUHAwEGCCsGAQUFBwMCMA8GA1UdEwEB/wQFMAMB | |
Af8wHQYDVR0OBBYEFJk4OqGCebQZ/6o+XxQ3jGT8u6Q9MB8GA1UdIwQYMBaAFJk4 | |
OqGCebQZ/6o+XxQ3jGT8u6Q9MA0GA1UdEQQGMASCAmNhMA0GCSqGSIb3DQEBCwUA | |
A4IBAQAh8Pxlc4a9jrkJdnKVTspRJ06Mo9ptXtQjE/AExCDG1FoO1/UbyQj6G8Tq | |
E29RKcoGWIZ91GNZTzOJDfyObzTBENy2Om7eWxZd0MJ8M8PDnK6FbESE5xJBBQJl | |
+HIZaBpV9dkQYZ8H02SG+HJY/GFGmMUSg66Sw/Pd5EQpiotjXcUvZCWF0QXoe7SF | |
wDAMwIa3L5ekYbCjk86MabAbDG1qijxEiKt7DH+XA98Sg9hoqXgb/Wff5g7MsSla | |
5QvHuC5pv++iBso6QS2Y03mbDa5h2B7UII68WTFsk7K1mkmwdZmRdFa1fKjYxuvc | |
kNR76VWGiLCe42vf03AwOS6jadt5 | |
-----END CERTIFICATE----- | |
serial_number 32:71:e1:4e:6a:66:4b:d8:b0:61:d8:23:12:26:61:fd:fd:79:fb:e5 | |
C:\Users\issacg\vlt-test2>notepad int.ca | |
C:\Users\issacg\vlt-test2>vault write int/intermediate/set-signed certificate=@int.ca | |
Success! Data written to: int/intermediate/set-signed | |
C:\Users\issacg\vlt-test2>vault write int/roles/example.com allowed_domains="example.com" allow_subdomains=true | |
Success! Data written to: int/roles/example.com | |
C:\Users\issacg\vlt-test2>vault write int/issue/example.com common_name=test.example.com ttl=22h | |
Key Value | |
lease_id int/issue/example.com/b45a908c-a271-3ae5-8267-6b4595611e09 | |
lease_duration 79199 | |
lease_renewable false | |
certificate -----BEGIN CERTIFICATE----- | |
MIIDRzCCAi+gAwIBAgIUXmX+UMtMhSmr22VBNlHibBEbBT4wDQYJKoZIhvcNAQEL | |
BQAwDjEMMAoGA1UEAxMDaW50MB4XDTE1MTIyOTE2NDkwOFoXDTE1MTIzMDE0NDkw | |
OFowGzEZMBcGA1UEAxMQdGVzdC5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEB | |
BQADggEPADCCAQoCggEBAJeNG01Qi2RqEh6AeJc8YUhWAoMO2vFJkxzC6eWz6PA+ | |
FNFruF7c8K/nlhtKX+jF72M6y+oQQ5Tj+s29cctTETWhGJfEmkCdvAbBzlQ/iYbk | |
IJAAXqe6QkRuJXgMJqFdqYknHupduIh1napRo2SxmDLAuRKSKmnilBPsn2HqRtYF | |
xgtxkh4rWpR5KQZvsQUXJRm1ZGvI2/sY0hYZqY68kTv1sWLOpMs8EOiWXTE2tyFl | |
he07kPYWSgLmSmI/FRVcE9gxuQqac1uqUooFDy1JfvpM6WtKVCcvfZM5RbgO3r2e | |
Fcil95hHyrP21r88qaHsmnO7fUs3YrHNPCIhZfKAFQMCAwEAAaOBjzCBjDAOBgNV | |
HQ8BAf8EBAMCA6gwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1Ud | |
DgQWBBTgHv50FhCRjOFT8UC+afC7tv3NxTAfBgNVHSMEGDAWgBRrM3PkJrAu595r | |
LvEJKbmd/MI6jDAbBgNVHREEFDASghB0ZXN0LmV4YW1wbGUuY29tMA0GCSqGSIb3 | |
DQEBCwUAA4IBAQBNzrY+Pg5OlGXMQbyAFAMQaOq2MfzXe/NboG7ogM2iWTn1tYgN | |
ont3YP+z3b9U9PcmUcwamduMfb/Nr2bDsaBXSY27idVWNbM3nlSQnOwdRr1KO0Pp | |
xw0bnU72ncBkzOyaKPE7Ur1vObCZORBh87eRTN4uP1EcuobnLylFZRLmH25upRvn | |
fIYPn/vzM08cdiAF02+ehPVN1a+42Jm9ARqBmiMQY+jMdp2yzmFqPurDYkCvaJ8X | |
HrFVu8wHU6HqNyIKPUFOAegzwXgC10QIEcqDuLrnpd1KFZ4/2If9YZPX0fN/zX2k | |
jGJVecRoonH/AwNMw51KIdLltmxWfV/3VGnI | |
-----END CERTIFICATE----- | |
issuing_ca -----BEGIN CERTIFICATE----- | |
MIIDQzCCAiugAwIBAgIUMnHhTmpmS9iwYdgjEiZh/f15++UwDQYJKoZIhvcNAQEL | |
BQAwDTELMAkGA1UEAxMCY2EwHhcNMTUxMjI5MTY0ODI3WhcNMTUxMjMwMTU0ODI3 | |
WjAOMQwwCgYDVQQDEwNpbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB | |
AQCU4O6lC8v+3W8cTllx0B1YTvsv/MiZLqMpMdiPKKmFwXtuj6WqcrtY0t5wxRDV | |
SAM5bDhwYGppzWpTuyoQT6jmgIPOB2NOMkOHPT1irjhOHYSdMLsCzHnc12xF33Hm | |
c65SKPACIMniecPtWnDtiNv4ySQ7IovBtZd0wmW/Y+k7bf2yC+kGILJcspgvXJ3p | |
rDcpTExaNs/4FFGxjoJQTGM4pCcBWWKcN46lvFf2NbHDpodaC7Y9Kad+i0s8jjeS | |
X1d9lAoSswTdUOfp4kL8QMpa4JOCGkSI8+wIpfyTx5q5+nwFsboS7IIgv/qvvBwi | |
egBhVLaXpuZ30p1kFtc6AoojAgMBAAGjgZkwgZYwDgYDVR0PAQH/BAQDAgGuMCMG | |
A1UdJQQcMBoGBFUdJQAGCCsGAQUFBwMBBggrBgEFBQcDAjAPBgNVHRMBAf8EBTAD | |
AQH/MB0GA1UdDgQWBBRrM3PkJrAu595rLvEJKbmd/MI6jDAfBgNVHSMEGDAWgBSZ | |
ODqhgnm0Gf+qPl8UN4xk/LukPTAOBgNVHREEBzAFggNpbnQwDQYJKoZIhvcNAQEL | |
BQADggEBAEaWtjmTjSZpETh0mKr+kAQRE+Cbmmga2hY66xWGoOBqRJgPQHV6uMsn | |
wMaiKtt+XL7RvLje2uDkbmH8NTb6D4eW7j5+pHzbudeUfc0+Mz77fk2HrSgOwQT+ | |
p3rKquJBbe66zY/KpaELgw0EyHM5LvY0hmzef7BAlW3/vKlo8KK9olIefvP1CXnh | |
GzPvrYf9yY9c3i6uiEsI8udcAlpxE3AN6Dvnrluxcr9tVsrd8iaZhC1mDJxs4XNX | |
1FYG9wlaFxUn140gusNpAR8zj6q+x1UpODh4O7Z1cOro5GMuyrzZxqMUHygIY7QK | |
r+F7QPTExU7pV9OOe4BtdAYEkvbYogg= | |
-----END CERTIFICATE----- | |
private_key -----BEGIN RSA PRIVATE KEY----- | |
MIIEowIBAAKCAQEAl40bTVCLZGoSHoB4lzxhSFYCgw7a8UmTHMLp5bPo8D4U0Wu4 | |
Xtzwr+eWG0pf6MXvYzrL6hBDlOP6zb1xy1MRNaEYl8SaQJ28BsHOVD+JhuQgkABe | |
p7pCRG4leAwmoV2piSce6l24iHWdqlGjZLGYMsC5EpIqaeKUE+yfYepG1gXGC3GS | |
HitalHkpBm+xBRclGbVka8jb+xjSFhmpjryRO/WxYs6kyzwQ6JZdMTa3IWWF7TuQ | |
9hZKAuZKYj8VFVwT2DG5CppzW6pSigUPLUl++kzpa0pUJy99kzlFuA7evZ4VyKX3 | |
mEfKs/bWvzypoeyac7t9Szdisc08IiFl8oAVAwIDAQABAoIBAFvCq1I/v3aYJspj | |
HSDtBTYoJbM2zmgkFTfn6HkVWqgD3tUCNQrzGaRYQ3HYsYOePRjG4+qf2FuRQi1K | |
VFk4vYXMObjC6GbRWqR4ujYWlm2fOPwXzTgfNbp7OqKaMNWpgVoy3qwm/PFazZDv | |
h1ATm8S3HhfZembMMr5xmftOP3+b5sD3+Yyh3CEIKpNxfHm7zMEapOLdo/GDTIqU | |
fCaMwBpr+Hyj0Tkpo3gLoZnAhmF33hNwPPyRXdnhIyEcs6kiTr5KStSCQa+ZftAr | |
riec+ktw5Ay+opqpmXAABOR8/UhpZPha9WP9HNyA7nFjoLdtSHXVNw6rPdf5VvmE | |
j/GlxwECgYEAyNsDHC0WGcozQlz9tLAbgXNTnXp19+95vxVD8Rz0PhkJw7cQ5uhx | |
P0s6b5VpD3WDNVd71eMAG2N7rinrzOVCVVt1+DEsPLJ3gnM/3hGe4DMqFRc8rmte | |
+Vi9Ieilthb0TDTPjTPdY+WukA/M2kkyMmRhV4nD0SNGihSf5s7Sg4ECgYEAwSjG | |
fm2MV4nkYih3q4AVVQ1ynzYbEvc/AwRw58j0hPkGgKTUaBTtaEv617JvKOM3boSI | |
0dl0HM8FkvKbB6/2SadxGKryf87zgjCZRKxlwGgV7GAPvesQSdhtJ2Mx5atjRUXT | |
u8IepKbg0i0ueA7g3uoO8zjinTToanzcYbaDyoMCgYAv1PA1qosD00JHwItuly3F | |
sygrbXlgdPgiSDco2UNU8nN/1z3AL4SglRKydftSAiMf9dh4xBlHbHaMsFEGN2aH | |
m0NJurQVNE7/kuCXysxyCd0wrpr10n4IlVhdFeE4rti4uS7gKoTDgHQEvK6FIT9B | |
/uOrjBRE3siyo1y9A23ggQKBgQCvWr0YeYs2zVAwbFx3rUewdwzfzNa3WQ4zRwzY | |
325caVal4v2Rn64HSTLoLm0LyXrBMkCjga4PmUGOLgDf8ba9Fu1tX4PW06HtRwFd | |
fsTA7703Yd3opEWdRIWThFIAFp+Ae+vEQG5hO75OEAZnp9othH8d/z57SVTVl5Ta | |
gD8U0QKBgD3StdGxQukQd46iwphv3zrgwTl/WY1b1QGEmQmWy18UrTkZdOclc+hU | |
Rf07PIUFvD+dFF/G4NgZckcgiybCvf8Km83t/rWjM8C4xZEPHpFAwI/269A92m7c | |
tzitygqjnBr9zTdvNf7029RIgO/mPkEzC0jXoj8djrSywQkQPKKs | |
-----END RSA PRIVATE KEY----- | |
private_key_type rsa | |
serial_number 5e:65:fe:50:cb:4c:85:29:ab:db:65:41:36:51:e2:6c:11:1b:05:3e | |
C:\Users\issacg\vlt-test2>notepad cert.key | |
C:\Users\issacg\vlt-test2>notepad cert.crt | |
C:\Users\issacg\vlt-test2>notepad int.ca | |
C:\Users\issacg\vlt-test2>notepad ca.crt | |
C:\Users\issacg\vlt-test2>\openssl\bin\openssl.exe s_client -connect test.example.com:8201 -CAfile ca.crt | |
Loading 'screen' into random state - done | |
CONNECTED(000001CC) | |
depth=2 CN = ca | |
verify return:1 | |
depth=1 CN = int | |
verify return:1 | |
depth=0 CN = test.example.com | |
verify return:1 | |
--- | |
Certificate chain | |
0 s:/CN=test.example.com | |
i:/CN=int | |
1 s:/CN=int | |
i:/CN=ca | |
2 s:/CN=ca | |
i:/CN=ca | |
--- | |
Server certificate | |
-----BEGIN CERTIFICATE----- | |
MIIDRzCCAi+gAwIBAgIUXmX+UMtMhSmr22VBNlHibBEbBT4wDQYJKoZIhvcNAQEL | |
BQAwDjEMMAoGA1UEAxMDaW50MB4XDTE1MTIyOTE2NDkwOFoXDTE1MTIzMDE0NDkw | |
OFowGzEZMBcGA1UEAxMQdGVzdC5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEB | |
BQADggEPADCCAQoCggEBAJeNG01Qi2RqEh6AeJc8YUhWAoMO2vFJkxzC6eWz6PA+ | |
FNFruF7c8K/nlhtKX+jF72M6y+oQQ5Tj+s29cctTETWhGJfEmkCdvAbBzlQ/iYbk | |
IJAAXqe6QkRuJXgMJqFdqYknHupduIh1napRo2SxmDLAuRKSKmnilBPsn2HqRtYF | |
xgtxkh4rWpR5KQZvsQUXJRm1ZGvI2/sY0hYZqY68kTv1sWLOpMs8EOiWXTE2tyFl | |
he07kPYWSgLmSmI/FRVcE9gxuQqac1uqUooFDy1JfvpM6WtKVCcvfZM5RbgO3r2e | |
Fcil95hHyrP21r88qaHsmnO7fUs3YrHNPCIhZfKAFQMCAwEAAaOBjzCBjDAOBgNV | |
HQ8BAf8EBAMCA6gwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1Ud | |
DgQWBBTgHv50FhCRjOFT8UC+afC7tv3NxTAfBgNVHSMEGDAWgBRrM3PkJrAu595r | |
LvEJKbmd/MI6jDAbBgNVHREEFDASghB0ZXN0LmV4YW1wbGUuY29tMA0GCSqGSIb3 | |
DQEBCwUAA4IBAQBNzrY+Pg5OlGXMQbyAFAMQaOq2MfzXe/NboG7ogM2iWTn1tYgN | |
ont3YP+z3b9U9PcmUcwamduMfb/Nr2bDsaBXSY27idVWNbM3nlSQnOwdRr1KO0Pp | |
xw0bnU72ncBkzOyaKPE7Ur1vObCZORBh87eRTN4uP1EcuobnLylFZRLmH25upRvn | |
fIYPn/vzM08cdiAF02+ehPVN1a+42Jm9ARqBmiMQY+jMdp2yzmFqPurDYkCvaJ8X | |
HrFVu8wHU6HqNyIKPUFOAegzwXgC10QIEcqDuLrnpd1KFZ4/2If9YZPX0fN/zX2k | |
jGJVecRoonH/AwNMw51KIdLltmxWfV/3VGnI | |
-----END CERTIFICATE----- | |
subject=/CN=test.example.com | |
issuer=/CN=int | |
--- | |
No client certificate CA names sent | |
--- | |
SSL handshake has read 3159 bytes and written 443 bytes | |
--- | |
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 | |
Server public key is 2048 bit | |
Secure Renegotiation IS supported | |
Compression: NONE | |
Expansion: NONE | |
SSL-Session: | |
Protocol : TLSv1.2 | |
Cipher : ECDHE-RSA-AES256-GCM-SHA384 | |
Session-ID: 4190911973A94A3FA800345279A740282C4CAF11A6069DA7045715C730D01107 | |
Session-ID-ctx: | |
Master-Key: CA2AFE3ECB09CB641A3AE7E906D3DE66009A5352234E798B009E767C13C9C3BF1714BBB3DBD9F86E7DB7A275B658270A | |
Key-Arg : None | |
PSK identity: None | |
PSK identity hint: None | |
SRP username: None | |
TLS session ticket: | |
0000 - e5 3d a3 f4 3c 59 8f bb-4d 5a 73 f4 a8 27 c9 d5 .=..<Y..MZs..'.. | |
0010 - d3 69 d7 4d fb 83 29 60-d8 7b 38 c6 44 f4 6c e1 .i.M..)`.{8.D.l. | |
0020 - 71 77 d2 95 8c 46 24 a4-53 d2 ae f9 dc 1e aa 6e qw...F$.S......n | |
0030 - ca cb 14 50 00 3c 2d 29-c9 c6 5f d8 b0 b2 0d 9d ...P.<-).._..... | |
0040 - 7e 30 09 c0 ed 90 c7 80-da ee ae 13 31 aa 6e e3 ~0..........1.n. | |
0050 - 02 d5 34 0d 2e 7b bb a8-8c 75 4c 72 e5 44 da 18 ..4..{...uLr.D.. | |
0060 - 90 d3 cb 48 b7 e8 c9 61-12 d0 ae 03 e4 4c 58 05 ...H...a.....LX. | |
0070 - b5 d4 c7 36 51 c9 6f 85- ...6Q.o. | |
Start Time: 1451407846 | |
Timeout : 300 (sec) | |
Verify return code: 0 (ok) | |
--- | |
read:errno=10093 | |
C:\Users\issacg\vlt-test2>\openssl\bin\openssl.exe x509 -noout -purpose -in int.ca | |
Certificate purposes: | |
SSL client : Yes | |
SSL client CA : Yes | |
SSL server : Yes | |
SSL server CA : Yes | |
Netscape SSL server : Yes | |
Netscape SSL server CA : Yes | |
S/MIME signing : No | |
S/MIME signing CA : No | |
S/MIME encryption : No | |
S/MIME encryption CA : No | |
CRL signing : Yes | |
CRL signing CA : Yes | |
Any Purpose : Yes | |
Any Purpose CA : Yes | |
OCSP helper : Yes | |
OCSP helper CA : Yes | |
Time Stamp signing : No | |
Time Stamp signing CA : Yes |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
C:\Users\issacg>set VAULT_ADDR=http://127.0.0.1:8200 | |
C:\Users\issacg>mkdir vlt-test | |
C:\Users\issacg>cd vlt-test | |
C:\Users\issacg\vlt-test>vault mounts | |
Path Type Default TTL Max TTL Description | |
cubbyhole/ cubbyhole n/a n/a per-token private secret storage | |
secret/ generic system system generic secret storage | |
sys/ system n/a n/a system endpoints used for control, policy and debugging | |
C:\Users\issacg\vlt-test>vault mount -path ca pki | |
Successfully mounted 'pki' at 'ca'! | |
C:\Users\issacg\vlt-test>vault mount -path int pki | |
Successfully mounted 'pki' at 'int'! | |
C:\Users\issacg\vlt-test>vault write ca/root/generate/internal common_name=ca ttl=24h | |
Key Value | |
lease_id ca/root/generate/internal/c21bfd8f-050d-c556-44e7-3db0a6cc7cfa | |
lease_duration 86399 | |
lease_renewable false | |
certificate -----BEGIN CERTIFICATE----- | |
MIIDLTCCAhWgAwIBAgIULjMf8jYl1sug34Hn/GUJOjCIC+cwDQYJKoZIhvcNAQEL | |
BQAwDTELMAkGA1UEAxMCY2EwHhcNMTUxMjI5MTYxODAxWhcNMTUxMjMwMTYxODAx | |
WjANMQswCQYDVQQDEwJjYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB | |
AKUVfj4jsNWpdXF+pJE22q7ylPd74E9Ip0e2HIfuFqRd4U9cqi/kIqh1Ng1ZzD26 | |
1Nr7F3FAaYWIvYVlU9s4oByCf6XdqGlMegU17iiLsAy0FxZVePkDkzL3u/qQpK9+ | |
qPlYTx9QhVm/Gq4O5JM1qFqRfolpR4TD3xfzc1EoILu/0zWZtwQPHohyscmK5Soa | |
y3Ca7xu7vfU07El41Q8hwx2ui1kHm8lamDytz2jR/jMJSi3zZ1yfv66a4w+xdSsa | |
Dxx3LPxxUMELZOvTbznTC2De+dZb82YZQejzgHGIS+eB1/+36otQrw0W9zbXu+SN | |
NHLrwjW4/8aU/+NM8u/GDzsCAwEAAaOBhDCBgTAOBgNVHQ8BAf8EBAMCAa4wDwYD | |
VR0lBAgwBgYEVR0lADAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQjoF4wJUpG | |
ySCi9ayx6XIcs16I+TAfBgNVHSMEGDAWgBQjoF4wJUpGySCi9ayx6XIcs16I+TAN | |
BgNVHREEBjAEggJjYTANBgkqhkiG9w0BAQsFAAOCAQEAGIjXwqEPlh1lNblV/QhR | |
Nw9+eEzd9eE6IsuAiu8hCjtl0bOi9VNBkRsFBNASXoM/r5NH8eA/ilrJA9ZxShlc | |
+auXcRMiYCNTMTsuxxVPczBf8MO98fVvGAe/vm41wJlsrnkycoKEnGQ5SAFSUdCL | |
Evg9F/Lq9ug8Ch9DCA6aW5ZT7mY5zxi8pENnCKICGjFtqpU2FamN7/nytxd0P7lI | |
x2wJbqvgxrKbl9ulzW0qDKxcXKid1sUQbGsB3B85LvuMNoJ+PCCOd9UUam7ZsIR3 | |
83ULJX9wmA+IBSsctLakIJ9kRCIn2Fo1aGZ41bA5zSoaCWtNujz5bhRkQqlX6yqQ | |
FA== | |
-----END CERTIFICATE----- | |
expiration 1.451492281e+09 | |
issuing_ca -----BEGIN CERTIFICATE----- | |
MIIDLTCCAhWgAwIBAgIULjMf8jYl1sug34Hn/GUJOjCIC+cwDQYJKoZIhvcNAQEL | |
BQAwDTELMAkGA1UEAxMCY2EwHhcNMTUxMjI5MTYxODAxWhcNMTUxMjMwMTYxODAx | |
WjANMQswCQYDVQQDEwJjYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB | |
AKUVfj4jsNWpdXF+pJE22q7ylPd74E9Ip0e2HIfuFqRd4U9cqi/kIqh1Ng1ZzD26 | |
1Nr7F3FAaYWIvYVlU9s4oByCf6XdqGlMegU17iiLsAy0FxZVePkDkzL3u/qQpK9+ | |
qPlYTx9QhVm/Gq4O5JM1qFqRfolpR4TD3xfzc1EoILu/0zWZtwQPHohyscmK5Soa | |
y3Ca7xu7vfU07El41Q8hwx2ui1kHm8lamDytz2jR/jMJSi3zZ1yfv66a4w+xdSsa | |
Dxx3LPxxUMELZOvTbznTC2De+dZb82YZQejzgHGIS+eB1/+36otQrw0W9zbXu+SN | |
NHLrwjW4/8aU/+NM8u/GDzsCAwEAAaOBhDCBgTAOBgNVHQ8BAf8EBAMCAa4wDwYD | |
VR0lBAgwBgYEVR0lADAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQjoF4wJUpG | |
ySCi9ayx6XIcs16I+TAfBgNVHSMEGDAWgBQjoF4wJUpGySCi9ayx6XIcs16I+TAN | |
BgNVHREEBjAEggJjYTANBgkqhkiG9w0BAQsFAAOCAQEAGIjXwqEPlh1lNblV/QhR | |
Nw9+eEzd9eE6IsuAiu8hCjtl0bOi9VNBkRsFBNASXoM/r5NH8eA/ilrJA9ZxShlc | |
+auXcRMiYCNTMTsuxxVPczBf8MO98fVvGAe/vm41wJlsrnkycoKEnGQ5SAFSUdCL | |
Evg9F/Lq9ug8Ch9DCA6aW5ZT7mY5zxi8pENnCKICGjFtqpU2FamN7/nytxd0P7lI | |
x2wJbqvgxrKbl9ulzW0qDKxcXKid1sUQbGsB3B85LvuMNoJ+PCCOd9UUam7ZsIR3 | |
83ULJX9wmA+IBSsctLakIJ9kRCIn2Fo1aGZ41bA5zSoaCWtNujz5bhRkQqlX6yqQ | |
FA== | |
-----END CERTIFICATE----- | |
serial_number 2e:33:1f:f2:36:25:d6:cb:a0:df:81:e7:fc:65:09:3a:30:88:0b:e7 | |
C:\Users\issacg\vlt-test>notepad ca.crt | |
C:\Users\issacg\vlt-test>vault write int/intermediate/generate/internal common_name=int | |
Key Value | |
csr -----BEGIN CERTIFICATE REQUEST----- | |
MIICdDCCAVwCAQAwDjEMMAoGA1UEAxMDaW50MIIBIjANBgkqhkiG9w0BAQEFAAOC | |
AQ8AMIIBCgKCAQEAvB978Hti5YfiPVFnH7cmu/JuqeG2WAorlyfy1Xv3K9ScIIQ8 | |
PL8wYahv+5OUmb58uZpG3uOw314QixFWXDXFrP+X+alFNFTxh10W3HZp7Pl8PaIA | |
LjKoytJDEWxwrn3h8IRm8bKrJw1JE2v/BsSq5qNseOOqXyYC7Ldi0ERs0qVNGsJn | |
lP//a9j3V4PoGtGpy9l0sHbGfX0qfBpYOHKdrsFrlpFhaacUnTZPiQtmUV2UuP3/ | |
sWXi4xzJLtq5NnGC4Gcb5WefaEDm0nxUhavwLE2tSjmIoCtKiIYxmZWsJqafSoA2 | |
ovjF+9gh0bA41AAnE4/9d6uc1te9ZeSDBSjPjQIDAQABoCEwHwYJKoZIhvcNAQkO | |
MRIwEDAOBgNVHREEBzAFggNpbnQwDQYJKoZIhvcNAQELBQADggEBAAMN+MHohRH7 | |
iNmoSyMTZ+hew8HMQeNpTA7P0yd0vZo5Hx+0h21FsI9s0z9edM1EZB4odpk8qIzI | |
qlvGRfj+N0jXXamOL1OtrvCuT+Niqs/NIDPXTMc/hyVdz3FGHAsd2BlUDLErXLXU | |
6ICO/0DsbEXIzu+LFeg8DbT1ogQJQII9u3nAuwUSw1cA5SqQlI31srW6IIF8o6ou | |
b9CCyX9CMhyIWQLlzBmZsd2vo/SXrbJwiTT0f+sQx3pWodIDAO64ElLbZwq42Err | |
ijE94TvXk5apsj8G3IhHb5FVrv0+RJT1uTYKMcWtMOQ8JNc4CShWh30h1SstOGn8 | |
ABiJPVl8ihM= | |
-----END CERTIFICATE REQUEST----- | |
C:\Users\issacg\vlt-test>notepad int.csr | |
C:\Users\issacg\vlt-test>vault write ca/root/sign-intermediate csr=@int.csr use_csr_values=true ttl=23h | |
Key Value | |
lease_id ca/root/sign-intermediate/3ba73013-ba72-79cb-5528-07d060ffa32f | |
lease_duration 82799 | |
lease_renewable false | |
certificate -----BEGIN CERTIFICATE----- | |
MIIDLzCCAhegAwIBAgIUKBEZrTuuGdpyB7r/PEWrXCjR1fgwDQYJKoZIhvcNAQEL | |
BQAwDTELMAkGA1UEAxMCY2EwHhcNMTUxMjI5MTYxOTU1WhcNMTUxMjMwMTUxOTU1 | |
WjAOMQwwCgYDVQQDEwNpbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB | |
AQC8H3vwe2Llh+I9UWcftya78m6p4bZYCiuXJ/LVe/cr1JwghDw8vzBhqG/7k5SZ | |
vny5mkbe47DfXhCLEVZcNcWs/5f5qUU0VPGHXRbcdmns+Xw9ogAuMqjK0kMRbHCu | |
feHwhGbxsqsnDUkTa/8GxKrmo2x446pfJgLst2LQRGzSpU0awmeU//9r2PdXg+ga | |
0anL2XSwdsZ9fSp8Glg4cp2uwWuWkWFppxSdNk+JC2ZRXZS4/f+xZeLjHMku2rk2 | |
cYLgZxvlZ59oQObSfFSFq/AsTa1KOYigK0qIhjGZlawmpp9KgDai+MX72CHRsDjU | |
ACcTj/13q5zW171l5IMFKM+NAgMBAAGjgYUwgYIwDgYDVR0PAQH/BAQDAgGuMA8G | |
A1UdJQQIMAYGBFUdJQAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU7xVq0C9C | |
NasJZk97lMGEvBd4r34wHwYDVR0jBBgwFoAUI6BeMCVKRskgovWsselyHLNeiPkw | |
DgYDVR0RBAcwBYIDaW50MA0GCSqGSIb3DQEBCwUAA4IBAQBcovwKBEOAyGjocXia | |
gre4e0xjUpWL4mbkV2Wt8Xri9X4xCHFqb5kKaU26ilVXcX+w288BgV5ua8S8v+rO | |
PDcpl4WfF5jfxHaIIhiqSBU5Soaue+qyuYhB6oInVkBeTTtzt7W0mppiATbs9JW4 | |
2Qjk7+ByBV8hZRYNKobBjHO7jbjq85KuENw4NjlXpZqW9TiQ4sqzT59Qw71HTkoY | |
XRw1dGLZd7F4W9JSeztASwBH1TraFTzaKsfEwPdaeJCTuBZdp8tPkIodnM79wZT3 | |
YyEhe/TKdEvi19zIOJuVK2grUw6Gj1G0us2z9tsLdQjqUC+uBo8tb+p0tLfm0wB/ | |
AOJC | |
-----END CERTIFICATE----- | |
expiration 1.451488795e+09 | |
issuing_ca -----BEGIN CERTIFICATE----- | |
MIIDLTCCAhWgAwIBAgIULjMf8jYl1sug34Hn/GUJOjCIC+cwDQYJKoZIhvcNAQEL | |
BQAwDTELMAkGA1UEAxMCY2EwHhcNMTUxMjI5MTYxODAxWhcNMTUxMjMwMTYxODAx | |
WjANMQswCQYDVQQDEwJjYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB | |
AKUVfj4jsNWpdXF+pJE22q7ylPd74E9Ip0e2HIfuFqRd4U9cqi/kIqh1Ng1ZzD26 | |
1Nr7F3FAaYWIvYVlU9s4oByCf6XdqGlMegU17iiLsAy0FxZVePkDkzL3u/qQpK9+ | |
qPlYTx9QhVm/Gq4O5JM1qFqRfolpR4TD3xfzc1EoILu/0zWZtwQPHohyscmK5Soa | |
y3Ca7xu7vfU07El41Q8hwx2ui1kHm8lamDytz2jR/jMJSi3zZ1yfv66a4w+xdSsa | |
Dxx3LPxxUMELZOvTbznTC2De+dZb82YZQejzgHGIS+eB1/+36otQrw0W9zbXu+SN | |
NHLrwjW4/8aU/+NM8u/GDzsCAwEAAaOBhDCBgTAOBgNVHQ8BAf8EBAMCAa4wDwYD | |
VR0lBAgwBgYEVR0lADAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQjoF4wJUpG | |
ySCi9ayx6XIcs16I+TAfBgNVHSMEGDAWgBQjoF4wJUpGySCi9ayx6XIcs16I+TAN | |
BgNVHREEBjAEggJjYTANBgkqhkiG9w0BAQsFAAOCAQEAGIjXwqEPlh1lNblV/QhR | |
Nw9+eEzd9eE6IsuAiu8hCjtl0bOi9VNBkRsFBNASXoM/r5NH8eA/ilrJA9ZxShlc | |
+auXcRMiYCNTMTsuxxVPczBf8MO98fVvGAe/vm41wJlsrnkycoKEnGQ5SAFSUdCL | |
Evg9F/Lq9ug8Ch9DCA6aW5ZT7mY5zxi8pENnCKICGjFtqpU2FamN7/nytxd0P7lI | |
x2wJbqvgxrKbl9ulzW0qDKxcXKid1sUQbGsB3B85LvuMNoJ+PCCOd9UUam7ZsIR3 | |
83ULJX9wmA+IBSsctLakIJ9kRCIn2Fo1aGZ41bA5zSoaCWtNujz5bhRkQqlX6yqQ | |
FA== | |
-----END CERTIFICATE----- | |
serial_number 28:11:19:ad:3b:ae:19:da:72:07:ba:ff:3c:45:ab:5c:28:d1:d5:f8 | |
C:\Users\issacg\vlt-test>notepad int.ca | |
C:\Users\issacg\vlt-test>vault write int/intermediate/set-signed certificate=@int.ca | |
Success! Data written to: int/intermediate/set-signed | |
C:\Users\issacg\vlt-test>vault write int/roles/example.com allowed_domains="example.com" allow_subdomains=true | |
Success! Data written to: int/roles/example.com | |
C:\Users\issacg\vlt-test>vault write int/issue/example.com common_name=test.example.com ttl=22h | |
Key Value | |
lease_id int/issue/example.com/c8cf38f6-3fbf-ac85-9976-ad1b446403e0 | |
lease_duration 79199 | |
lease_renewable false | |
certificate -----BEGIN CERTIFICATE----- | |
MIIDRzCCAi+gAwIBAgIUUXTaz3lNvScDF9WTCpeZHQvj/uowDQYJKoZIhvcNAQEL | |
BQAwDjEMMAoGA1UEAxMDaW50MB4XDTE1MTIyOTE2MjE1MVoXDTE1MTIzMDE0MjE1 | |
MVowGzEZMBcGA1UEAxMQdGVzdC5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEB | |
BQADggEPADCCAQoCggEBALpuUcYqi17c6UQNmtgJd4dX3xS5Ulja+SJgjMd73LpA | |
/zoWCIOCKK9XyyWObxM7MRpkwTfn7v0NUDGTv46PKODhOKhb85VJBZAhf1a9Daa/ | |
mqUM7qdI1HbZATHtxd95h2bKMngmwcOekDa3Hv1NXwq2jS6SASkFdo/BEV+NQmHV | |
Xel0Ivlhr/2hGdTLfJ/IWbOcTiYKnQEcW7Rz0Uw11Mo+la9GVPzGmfGGKKISbKQZ | |
SDffOkgRxe8XegnzUTbL7PPs1FhoBBj1BGsNRCBXL8CuOJZIDVLtmc7P8usTem+A | |
dezx9HxlS+uu5mG/mA4ztYAjbsUjoJnSwCCCXHXE6p8CAwEAAaOBjzCBjDAOBgNV | |
HQ8BAf8EBAMCA6gwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1Ud | |
DgQWBBTbmeduCjENuwPrvAfPlY/zftQzqTAfBgNVHSMEGDAWgBTvFWrQL0I1qwlm | |
T3uUwYS8F3ivfjAbBgNVHREEFDASghB0ZXN0LmV4YW1wbGUuY29tMA0GCSqGSIb3 | |
DQEBCwUAA4IBAQBPOxCKT96gHOVZrQ3Np/ShKqjAnNAMF2FVPGZNqoa722+PBtVX | |
l6GWkNWABBdKeOTWkC3caYXGzaGQutTiVFgYoiidP8f54/RCYp0aWbMb0odo8fhY | |
b+9rJhG0+POmnZxIsWhNSgdy+sEXW4pA+IKInGZr8eyPQf0xAv/+Hqq1daXHbqYK | |
6H3ewSc9QKY74Rsh6b423+jYyOQlFA5UZ/5TPc2y5j0Y2ckQVx30E/eaclCqzqxg | |
6uQcj9i0yN6CiW9nHTwYiXHiqu6J2WIJwEIPEgMESHYSSFJXTahFqA5+qA0JRvUl | |
K27f3hAjeDXQl91jWSD9h3LGd/2x6DYkHjBv | |
-----END CERTIFICATE----- | |
issuing_ca -----BEGIN CERTIFICATE----- | |
MIIDLzCCAhegAwIBAgIUKBEZrTuuGdpyB7r/PEWrXCjR1fgwDQYJKoZIhvcNAQEL | |
BQAwDTELMAkGA1UEAxMCY2EwHhcNMTUxMjI5MTYxOTU1WhcNMTUxMjMwMTUxOTU1 | |
WjAOMQwwCgYDVQQDEwNpbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB | |
AQC8H3vwe2Llh+I9UWcftya78m6p4bZYCiuXJ/LVe/cr1JwghDw8vzBhqG/7k5SZ | |
vny5mkbe47DfXhCLEVZcNcWs/5f5qUU0VPGHXRbcdmns+Xw9ogAuMqjK0kMRbHCu | |
feHwhGbxsqsnDUkTa/8GxKrmo2x446pfJgLst2LQRGzSpU0awmeU//9r2PdXg+ga | |
0anL2XSwdsZ9fSp8Glg4cp2uwWuWkWFppxSdNk+JC2ZRXZS4/f+xZeLjHMku2rk2 | |
cYLgZxvlZ59oQObSfFSFq/AsTa1KOYigK0qIhjGZlawmpp9KgDai+MX72CHRsDjU | |
ACcTj/13q5zW171l5IMFKM+NAgMBAAGjgYUwgYIwDgYDVR0PAQH/BAQDAgGuMA8G | |
A1UdJQQIMAYGBFUdJQAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU7xVq0C9C | |
NasJZk97lMGEvBd4r34wHwYDVR0jBBgwFoAUI6BeMCVKRskgovWsselyHLNeiPkw | |
DgYDVR0RBAcwBYIDaW50MA0GCSqGSIb3DQEBCwUAA4IBAQBcovwKBEOAyGjocXia | |
gre4e0xjUpWL4mbkV2Wt8Xri9X4xCHFqb5kKaU26ilVXcX+w288BgV5ua8S8v+rO | |
PDcpl4WfF5jfxHaIIhiqSBU5Soaue+qyuYhB6oInVkBeTTtzt7W0mppiATbs9JW4 | |
2Qjk7+ByBV8hZRYNKobBjHO7jbjq85KuENw4NjlXpZqW9TiQ4sqzT59Qw71HTkoY | |
XRw1dGLZd7F4W9JSeztASwBH1TraFTzaKsfEwPdaeJCTuBZdp8tPkIodnM79wZT3 | |
YyEhe/TKdEvi19zIOJuVK2grUw6Gj1G0us2z9tsLdQjqUC+uBo8tb+p0tLfm0wB/ | |
AOJC | |
-----END CERTIFICATE----- | |
private_key -----BEGIN RSA PRIVATE KEY----- | |
MIIEogIBAAKCAQEAum5RxiqLXtzpRA2a2Al3h1ffFLlSWNr5ImCMx3vcukD/OhYI | |
g4Ior1fLJY5vEzsxGmTBN+fu/Q1QMZO/jo8o4OE4qFvzlUkFkCF/Vr0Npr+apQzu | |
p0jUdtkBMe3F33mHZsoyeCbBw56QNrce/U1fCraNLpIBKQV2j8ERX41CYdVd6XQi | |
+WGv/aEZ1Mt8n8hZs5xOJgqdARxbtHPRTDXUyj6Vr0ZU/MaZ8YYoohJspBlIN986 | |
SBHF7xd6CfNRNsvs8+zUWGgEGPUEaw1EIFcvwK44lkgNUu2Zzs/y6xN6b4B17PH0 | |
fGVL667mYb+YDjO1gCNuxSOgmdLAIIJcdcTqnwIDAQABAoIBADP98jZGxSmGiFNf | |
S/C16yzGl8Mqz8lSACrTLE+xvmP/Hm6vmF48nWYRIOlvaJC/cDlBIhWaTC8sWFIL | |
N1/lkuvsQ6XIRw06GSASB3ZEMRtw0gr3qVLj38TpTgkDm6xwMw+6kgqqHF2WyfdI | |
aI8R1dCiCouTUlmDWYZLvLGeLoYjxhcUVNHDFSavrjssyLdZRkAIJlh5XMwQkiHw | |
iva7xPnCkNpgObA6DNW4TbxdGl9Ingl95LvRVSchiPZQ6pDcbZlzmkRa5RX86jVM | |
VCjcFy0IY0KNxA5tzA3Y/Oh3kbaiMRgX2WxwT9Hj619kko6KRIPxqSK8AWtsj66N | |
VADd9kECgYEA0B1d2ZnUK8Pwi0ZFMhRySESt0yXGXpO244owXRlM58+NhZTrX48z | |
R2r1KUZubZAKLF0dnejb7XbBkHMk2vKxRfI6D9cj8RKgB3co9ENpzNix9LMMXBye | |
o7NctR+YhAPt1Q8ZwpUUN9uWb4v7POLL/ayMoI8eJSQNRRsnukA6nf8CgYEA5VO1 | |
MZpFKMPXAZ+j+Q00yzpCyAdtlnehTZsMvsQ7nHYjjxMDxCkENx4ooJuDaBS7QqbH | |
S1yBkOrfX2a8vsSICb3KhuBMhzY08CXKRGOOUpKbWVGT0E3iPBqC2SaH8bmiH6MS | |
w3wkLvBYmNpVfnb81RVgP5bq6NFyA2b+kvBq82ECgYBJkug34oM4ybeDdV9HGiVg | |
2S7eo88iZnRUsujwMN6YYS72F7SyfsyxJeXwJp8piq+eCXlL9yOxKre5motgAEad | |
pMnUCcoCEwSSPxUybZa8vasECDyJX/DRjLpsqfPgUAdHuGPx/4Q7Tx066DD00HUv | |
hE3fAVm15a3vTW9ZEBXo/wKBgC0ugNR1AIs3inTXbwbygyRHJkEitYSfrTgNBEXR | |
g60f2YGmzWcobZwuZPK/sPQgoYRQN5OxdhWHMNsq8qTjM6o3ql9Icctx8pwd1ewD | |
cVbza4f9epHfxmLxFjaSUNZfLIHvLxM0sixNTidPXOi9qLKSs5PTuBSGr1/cOuvY | |
UjoBAoGAezmOXLsTe7YZA+a/qnZnRhhdXyjcwX2VAOofWyV7DC9Xu+ZojPtRDrGe | |
wnrXwoECApuy7n/Hbc7WQc+xsCc4+sDxZxdWSrI/qBJjWqci3K1F2GzjCAZgTNIw | |
4StlMx+qVm/NDbBFI/YluXj//mIY6vwWYxJAahIuwtmCyuzuWJs= | |
-----END RSA PRIVATE KEY----- | |
private_key_type rsa | |
serial_number 51:74:da:cf:79:4d:bd:27:03:17:d5:93:0a:97:99:1d:0b:e3:fe:ea | |
C:\Users\issacg\vlt-test> | |
C:\Users\issacg\vlt-test>notepad cert.key | |
C:\Users\issacg\vlt-test>notepad cert.crt | |
C:\Users\issacg\vlt-test>\openssl\bin\openssl.exe s_client -connect test.example.com:8201 | |
Loading 'screen' into random state - done | |
CONNECTED(000001F4) | |
depth=2 CN = ca | |
verify error:num=19:self signed certificate in certificate chain | |
verify return:0 | |
--- | |
Certificate chain | |
0 s:/CN=test.example.com | |
i:/CN=int | |
1 s:/CN=int | |
i:/CN=ca | |
2 s:/CN=ca | |
i:/CN=ca | |
--- | |
Server certificate | |
-----BEGIN CERTIFICATE----- | |
MIIDRzCCAi+gAwIBAgIUUXTaz3lNvScDF9WTCpeZHQvj/uowDQYJKoZIhvcNAQEL | |
BQAwDjEMMAoGA1UEAxMDaW50MB4XDTE1MTIyOTE2MjE1MVoXDTE1MTIzMDE0MjE1 | |
MVowGzEZMBcGA1UEAxMQdGVzdC5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEB | |
BQADggEPADCCAQoCggEBALpuUcYqi17c6UQNmtgJd4dX3xS5Ulja+SJgjMd73LpA | |
/zoWCIOCKK9XyyWObxM7MRpkwTfn7v0NUDGTv46PKODhOKhb85VJBZAhf1a9Daa/ | |
mqUM7qdI1HbZATHtxd95h2bKMngmwcOekDa3Hv1NXwq2jS6SASkFdo/BEV+NQmHV | |
Xel0Ivlhr/2hGdTLfJ/IWbOcTiYKnQEcW7Rz0Uw11Mo+la9GVPzGmfGGKKISbKQZ | |
SDffOkgRxe8XegnzUTbL7PPs1FhoBBj1BGsNRCBXL8CuOJZIDVLtmc7P8usTem+A | |
dezx9HxlS+uu5mG/mA4ztYAjbsUjoJnSwCCCXHXE6p8CAwEAAaOBjzCBjDAOBgNV | |
HQ8BAf8EBAMCA6gwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1Ud | |
DgQWBBTbmeduCjENuwPrvAfPlY/zftQzqTAfBgNVHSMEGDAWgBTvFWrQL0I1qwlm | |
T3uUwYS8F3ivfjAbBgNVHREEFDASghB0ZXN0LmV4YW1wbGUuY29tMA0GCSqGSIb3 | |
DQEBCwUAA4IBAQBPOxCKT96gHOVZrQ3Np/ShKqjAnNAMF2FVPGZNqoa722+PBtVX | |
l6GWkNWABBdKeOTWkC3caYXGzaGQutTiVFgYoiidP8f54/RCYp0aWbMb0odo8fhY | |
b+9rJhG0+POmnZxIsWhNSgdy+sEXW4pA+IKInGZr8eyPQf0xAv/+Hqq1daXHbqYK | |
6H3ewSc9QKY74Rsh6b423+jYyOQlFA5UZ/5TPc2y5j0Y2ckQVx30E/eaclCqzqxg | |
6uQcj9i0yN6CiW9nHTwYiXHiqu6J2WIJwEIPEgMESHYSSFJXTahFqA5+qA0JRvUl | |
K27f3hAjeDXQl91jWSD9h3LGd/2x6DYkHjBv | |
-----END CERTIFICATE----- | |
subject=/CN=test.example.com | |
issuer=/CN=int | |
--- | |
No client certificate CA names sent | |
--- | |
SSL handshake has read 3119 bytes and written 443 bytes | |
--- | |
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 | |
Server public key is 2048 bit | |
Secure Renegotiation IS supported | |
Compression: NONE | |
Expansion: NONE | |
SSL-Session: | |
Protocol : TLSv1.2 | |
Cipher : ECDHE-RSA-AES256-GCM-SHA384 | |
Session-ID: DFD493C524E6CA9AFA21ACEECBB614A3A2258E8C5ADF73DDDABBBC29D5FD63AA | |
Session-ID-ctx: | |
Master-Key: CD0A15BE4EE87600232AA7536AE425439EDD793673933B8D6C1649AAF376B44981335A130729FFA95320CFBF7A2C936F | |
Key-Arg : None | |
PSK identity: None | |
PSK identity hint: None | |
SRP username: None | |
TLS session ticket: | |
0000 - 52 75 a4 ed 39 96 a8 cd-f7 ea 86 9e 25 5a 98 67 Ru..9.......%Z.g | |
0010 - 67 4a 66 a2 ae cc 54 64-6a 2d 52 13 15 82 9a 24 gJf...Tdj-R....$ | |
0020 - 71 03 d8 7a c2 b8 b3 a9-ff ac 68 4b 4f fc 2d 94 q..z......hKO.-. | |
0030 - fb 04 15 f2 7c 64 a1 7e-2b 5f aa 3f 3d 6c 52 1f ....|d.~+_.?=lR. | |
0040 - 5b cc c2 b4 17 45 5d 21-6c db 19 2f 66 78 6e 81 [....E]!l../fxn. | |
0050 - 0b 1f d6 00 ac 64 81 c8-d4 82 bb 83 8b a9 ec b7 .....d.......... | |
0060 - 09 5f e2 e5 4a 55 73 8f-59 66 75 3f eb cb 5a bd ._..JUs.Yfu?..Z. | |
0070 - 7e ac 4d ca a9 80 24 d2- ~.M...$. | |
Start Time: 1451406510 | |
Timeout : 300 (sec) | |
Verify return code: 19 (self signed certificate in certificate chain) | |
--- | |
read:errno=10093 | |
C:\Users\issacg\vlt-test>\openssl\bin\openssl.exe s_client -connect test.example.com:8201 -CAfile ca.crt | |
Loading 'screen' into random state - done | |
CONNECTED(000001EC) | |
depth=1 CN = int | |
verify error:num=26:unsupported certificate purpose | |
verify return:0 | |
--- | |
Certificate chain | |
0 s:/CN=test.example.com | |
i:/CN=int | |
1 s:/CN=int | |
i:/CN=ca | |
2 s:/CN=ca | |
i:/CN=ca | |
--- | |
Server certificate | |
-----BEGIN CERTIFICATE----- | |
MIIDRzCCAi+gAwIBAgIUUXTaz3lNvScDF9WTCpeZHQvj/uowDQYJKoZIhvcNAQEL | |
BQAwDjEMMAoGA1UEAxMDaW50MB4XDTE1MTIyOTE2MjE1MVoXDTE1MTIzMDE0MjE1 | |
MVowGzEZMBcGA1UEAxMQdGVzdC5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEB | |
BQADggEPADCCAQoCggEBALpuUcYqi17c6UQNmtgJd4dX3xS5Ulja+SJgjMd73LpA | |
/zoWCIOCKK9XyyWObxM7MRpkwTfn7v0NUDGTv46PKODhOKhb85VJBZAhf1a9Daa/ | |
mqUM7qdI1HbZATHtxd95h2bKMngmwcOekDa3Hv1NXwq2jS6SASkFdo/BEV+NQmHV | |
Xel0Ivlhr/2hGdTLfJ/IWbOcTiYKnQEcW7Rz0Uw11Mo+la9GVPzGmfGGKKISbKQZ | |
SDffOkgRxe8XegnzUTbL7PPs1FhoBBj1BGsNRCBXL8CuOJZIDVLtmc7P8usTem+A | |
dezx9HxlS+uu5mG/mA4ztYAjbsUjoJnSwCCCXHXE6p8CAwEAAaOBjzCBjDAOBgNV | |
HQ8BAf8EBAMCA6gwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1Ud | |
DgQWBBTbmeduCjENuwPrvAfPlY/zftQzqTAfBgNVHSMEGDAWgBTvFWrQL0I1qwlm | |
T3uUwYS8F3ivfjAbBgNVHREEFDASghB0ZXN0LmV4YW1wbGUuY29tMA0GCSqGSIb3 | |
DQEBCwUAA4IBAQBPOxCKT96gHOVZrQ3Np/ShKqjAnNAMF2FVPGZNqoa722+PBtVX | |
l6GWkNWABBdKeOTWkC3caYXGzaGQutTiVFgYoiidP8f54/RCYp0aWbMb0odo8fhY | |
b+9rJhG0+POmnZxIsWhNSgdy+sEXW4pA+IKInGZr8eyPQf0xAv/+Hqq1daXHbqYK | |
6H3ewSc9QKY74Rsh6b423+jYyOQlFA5UZ/5TPc2y5j0Y2ckQVx30E/eaclCqzqxg | |
6uQcj9i0yN6CiW9nHTwYiXHiqu6J2WIJwEIPEgMESHYSSFJXTahFqA5+qA0JRvUl | |
K27f3hAjeDXQl91jWSD9h3LGd/2x6DYkHjBv | |
-----END CERTIFICATE----- | |
subject=/CN=test.example.com | |
issuer=/CN=int | |
--- | |
No client certificate CA names sent | |
--- | |
SSL handshake has read 3119 bytes and written 443 bytes | |
--- | |
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 | |
Server public key is 2048 bit | |
Secure Renegotiation IS supported | |
Compression: NONE | |
Expansion: NONE | |
SSL-Session: | |
Protocol : TLSv1.2 | |
Cipher : ECDHE-RSA-AES256-GCM-SHA384 | |
Session-ID: 7BA9E5C5CD890267423CD0715AC8B8348E84006B3162AA402BBF08CD902C5CC5 | |
Session-ID-ctx: | |
Master-Key: C62C12D42134FDEF9E1038A0DDE37A4A7D60A0300A464A79D8455C9AC79252A4C578F14B0A5C57054871C289FE2DD4FA | |
Key-Arg : None | |
PSK identity: None | |
PSK identity hint: None | |
SRP username: None | |
TLS session ticket: | |
0000 - 52 75 a4 ed 39 96 a8 cd-f7 ea 86 9e 25 5a 98 67 Ru..9.......%Z.g | |
0010 - 5f 64 f4 81 86 54 88 93-88 23 49 4f 1f 28 22 61 _d...T...#IO.("a | |
0020 - 99 f1 fa 19 ea 7f a8 1a-b0 f5 e7 c5 75 a1 7f 32 ............u..2 | |
0030 - 43 38 5e fc 52 e1 a1 89-34 e7 05 23 14 b4 6e dc C8^.R...4..#..n. | |
0040 - 6d 6c 10 a3 ac b9 27 03-50 20 66 ef ec 74 34 86 ml....'.P f..t4. | |
0050 - 0a 8c b0 97 08 0b cb 0b-e1 c2 8e b7 80 db aa 3c ...............< | |
0060 - 3e 69 7d ec 32 89 9d 2a-43 06 f3 ce 4e 53 86 82 >i}.2..*C...NS.. | |
0070 - 48 9f 3a d0 b9 90 68 e3- H.:...h. | |
Start Time: 1451406519 | |
Timeout : 300 (sec) | |
Verify return code: 26 (unsupported certificate purpose) | |
--- | |
read:errno=10093 | |
C:\Users\issacg\vlt-test>\openssl\bin\openssl.exe x509 -noout -purpose -in int.ca | |
Certificate purposes: | |
SSL client : No | |
SSL client CA : No | |
SSL server : No | |
SSL server CA : No | |
Netscape SSL server : No | |
Netscape SSL server CA : No | |
S/MIME signing : No | |
S/MIME signing CA : No | |
S/MIME encryption : No | |
S/MIME encryption CA : No | |
CRL signing : Yes | |
CRL signing CA : Yes | |
Any Purpose : Yes | |
Any Purpose CA : Yes | |
OCSP helper : Yes | |
OCSP helper CA : Yes | |
Time Stamp signing : No | |
Time Stamp signing CA : Yes |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment