jfmartel/YULTek
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Ajout de la méthode de migration du CA Server dans les notes de développement et fichiers requis.

Browse Source
This commit is contained in:
jfmartel 2025-05-12 16:32:45 -04:00
parent c0dd8562fb
commit afffbcfb82
49 changed files with 9048 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
Doc interne/Notes de développement.docx
View File

Binary file not shown.

2579
OpenVPN/CA Server/easy-rsa/easyrsa Normal file
View File

File diff suppressed because it is too large Load Diff

138
OpenVPN/CA Server/easy-rsa/openssl-easyrsa.cnf Normal file
View File

@ -0,0 +1,138 @@
# For use with Easy-RSA 3.0+ and OpenSSL or LibreSSL
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::EASYRSA_PKI # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir/certs_by_serial # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = basic_exts # The extensions to add to the cert
# This allows a V2 CRL. Ancient browsers don't like it, but anything Easy-RSA
# is designed for will. In return, we get the Issuer attached to CRLs.
crl_extensions = crl_ext
default_days = $ENV::EASYRSA_CERT_EXPIRE # how long to certify for
default_crl_days= $ENV::EASYRSA_CRL_DAYS # how long before next CRL
default_md = $ENV::EASYRSA_DIGEST # use public key default MD
preserve = no # keep passed DN ordering
# This allows to renew certificates which have not been revoked
unique_subject = no
# A few different ways of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the 'anything' policy, which defines allowed DN fields
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
# Easy-RSA request handling
# We key off $DN_MODE to determine how to format the DN
[ req ]
default_bits = $ENV::EASYRSA_KEY_SIZE
default_keyfile = privkey.pem
default_md = $ENV::EASYRSA_DIGEST
distinguished_name = $ENV::EASYRSA_DN
x509_extensions = easyrsa_ca # The extensions to add to the self signed cert
# A placeholder to handle the $EXTRA_EXTS feature:
#%EXTRA_EXTS% # Do NOT remove or change this line as $EXTRA_EXTS support requires it
####################################################################
# Easy-RSA DN (Subject) handling
# Easy-RSA DN for cn_only support:
[ cn_only ]
commonName = Common Name (eg: your user, host, or server name)
commonName_max = 64
commonName_default = $ENV::EASYRSA_REQ_CN
# Easy-RSA DN for org support:
[ org ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::EASYRSA_REQ_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::EASYRSA_REQ_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::EASYRSA_REQ_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::EASYRSA_REQ_ORG
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = $ENV::EASYRSA_REQ_OU
commonName = Common Name (eg: your user, host, or server name)
commonName_max = 64
commonName_default = $ENV::EASYRSA_REQ_CN
emailAddress = Email Address
emailAddress_default = $ENV::EASYRSA_REQ_EMAIL
emailAddress_max = 64
####################################################################
# Easy-RSA cert extension handling
# This section is effectively unused as the main script sets extensions
# dynamically. This core section is left to support the odd usecase where
# a user calls openssl directly.
[ basic_exts ]
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always
# The Easy-RSA CA extensions
[ easyrsa_ca ]
# PKIX recommendations:
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This could be marked critical, but it's nice to support reading by any
# broken clients who attempt to do so.
basicConstraints = CA:true
# Limit key usage to CA tasks. If you really want to use the generated pair as
# a self-signed cert, comment this out.
keyUsage = cRLSign, keyCertSign
# nsCertType omitted by default. Let's try to let the deprecated stuff die.
# nsCertType = sslCA
# CRL extensions.
[ crl_ext ]
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always

20
OpenVPN/CA Server/easy-rsa/pki/ca.crt Normal file
View File

@ -0,0 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDRTCCAi2gAwIBAgIUXe37kz2yqgyL2xXfvaGRzlz7ywYwDQYJKoZIhvcNAQEL
BQAwFDESMBAGA1UEAwwJSkZfc2VydmVyMB4XDTIzMDIyMDIyMDkyMVoXDTMzMDIx
NzIyMDkyMVowFDESMBAGA1UEAwwJSkZfc2VydmVyMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAnLdVAj0W31TtWGxwdBeqsdIHyUdVAEG8bX+CcNZDP3M3
R/gJOmenjqsqHYBe5gZcky1hkqWaD7l/LNmyzZDZ1lVEWpcAZqxbsUZKiHU30bxq
84L5qtaAOpwTsumidq2hBqoDBMdBmh18e0QEW624mui7ckXTRRG3PA0ccXtXcTYU
ntmhYtQ2oaPauSmfJZIUfZTfVZbB8FkCgu+zJtCx5hq46vIHm8KX0m1zLIeUtGsI
hkly+5v52f3sEMlddyoZZkfjRddETk2co09q3oNaP1LYxN5G+TvZDhpdE+PrDsNT
wO4uU2d9hVIP3T49heLieZ6KVxyp1FsDYzo0CNlIDwIDAQABo4GOMIGLMB0GA1Ud
DgQWBBSKeJDl8FDnjHXkuMCh6OmbshqdMjBPBgNVHSMESDBGgBSKeJDl8FDnjHXk
uMCh6OmbshqdMqEYpBYwFDESMBAGA1UEAwwJSkZfc2VydmVyghRd7fuTPbKqDIvb
Fd+9oZHOXPvLBjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0B
AQsFAAOCAQEARIg2x4Tit/6ZydMlle6ku32t75OMCVQoe7fUkRjNe8pCkZjZXLy9
QIRwoqW3FRT8+mQjctZk3NsyLStF8Rc/fFvpjGY/hiEQ/RV1K2/IZ9hcswp/LRzQ
ElDwXhe4zlcDT10GjHYYx221SR+ijgicZcaXgb9f3uZKIrPgyb8qB4KCQS8gPtCV
1VmPM5/svVCI93G+xT92XBHa47fgV5GEn7Snah2UgFol5h7/KX/Sa2q0pfBlzqmt
CutfEbYcwSxkoLsEUIW8KMoEAIsO+KIsraS6EXlRdT82Ui+UZWVPZABlzifCl+AV
LzBrLwt2OeoEI1h65EyzzE7gDsjrE3JR/Q==
-----END CERTIFICATE-----

71
OpenVPN/CA Server/easy-rsa/pki/certs_by_serial/227AB3CB8805008CDFAF02BEAF63F959.pem Normal file
View File

@ -0,0 +1,71 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
22:7a:b3:cb:88:05:00:8c:df:af:02:be:af:63:f9:59
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=JF_server
Validity
Not Before: Feb 20 22:37:46 2023 GMT
Not After : May 25 22:37:46 2025 GMT
Subject: CN=jf
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:8d:38:ea:4f:29:bd:83:a9:33:a3:1c:33:8a:60:
8f:fa:19:81:00:73:44:81:98:1e:76:05:ee:f6:46:
d5:25:a8:c5:3b:bd:d6:fa:cf:c6:79:e0:b4:42:27:
80:e2:96:2d:30:50:c2:f6:9c:2c:13:f8:b9:46:b3:
0d:96:6c:9b:d2:45:15:a3:f0:4c:bc:6b:51:45:f8:
cb:59:04:b1:d0:47:b9:90:06:71:c7:eb:34:32:e2:
72:14:84:94:58:e3:34
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
C5:CE:72:8F:A3:8E:13:57:DD:0E:02:A1:24:F1:56:C3:AE:2F:65:8F
X509v3 Authority Key Identifier:
keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
DirName:/CN=JF_server
serial:5D:ED:FB:93:3D:B2:AA:0C:8B:DB:15:DF:BD:A1:91:CE:5C:FB:CB:06
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
3b:e8:1a:3e:ac:17:17:49:7c:4d:73:55:39:e9:1b:e4:d6:7f:
6d:6d:43:6c:e2:79:41:f4:26:a4:2d:18:59:24:a0:b1:e0:db:
03:07:f9:fb:24:f6:be:ed:8c:31:3e:c7:bb:74:b6:87:ba:43:
fc:d6:fb:2f:9f:1c:eb:d1:27:ad:60:eb:ab:87:c7:46:fe:22:
75:c1:bb:fb:23:ad:ba:1d:ab:41:45:29:d6:c4:89:99:94:40:
06:c7:3a:08:fe:d3:b5:f4:e7:52:57:aa:d1:a8:ec:74:e6:c9:
ec:9e:80:e0:ba:92:92:95:55:2e:d7:b2:d8:09:ee:72:fd:12:
ac:0a:0d:dc:ba:ac:4e:34:8c:37:19:76:60:7c:bd:ba:99:b7:
e5:47:c3:4b:67:2f:a9:5c:89:95:70:2d:2c:97:45:04:64:15:
47:04:d1:48:7d:d8:40:63:6c:05:8b:dc:ed:0f:a3:ae:3a:e8:
6f:49:34:54:de:99:4b:aa:28:6d:c9:3d:db:43:60:14:40:d5:
09:87:a8:b2:88:11:4c:8c:00:71:b1:38:25:91:5f:2f:93:7b:
42:64:38:db:d2:59:48:e8:ed:2e:92:69:4e:d4:2a:3b:e3:03:
94:2c:fc:ac:bc:ff:a9:b4:1e:ca:d3:d2:b5:fd:bf:33:bd:55:
12:75:db:f1
-----BEGIN CERTIFICATE-----
MIICnjCCAYagAwIBAgIQInqzy4gFAIzfrwK+r2P5WTANBgkqhkiG9w0BAQsFADAU
MRIwEAYDVQQDDAlKRl9zZXJ2ZXIwHhcNMjMwMjIwMjIzNzQ2WhcNMjUwNTI1MjIz
NzQ2WjANMQswCQYDVQQDDAJqZjB2MBAGByqGSM49AgEGBSuBBAAiA2IABI046k8p
vYOpM6McM4pgj/oZgQBzRIGYHnYF7vZG1SWoxTu91vrPxnngtEIngOKWLTBQwvac
LBP4uUazDZZsm9JFFaPwTLxrUUX4y1kEsdBHuZAGccfrNDLichSElFjjNKOBoDCB
nTAJBgNVHRMEAjAAMB0GA1UdDgQWBBTFznKPo44TV90OAqEk8VbDri9ljzBPBgNV
HSMESDBGgBSKeJDl8FDnjHXkuMCh6OmbshqdMqEYpBYwFDESMBAGA1UEAwwJSkZf
c2VydmVyghRd7fuTPbKqDIvbFd+9oZHOXPvLBjATBgNVHSUEDDAKBggrBgEFBQcD
AjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBADvoGj6sFxdJfE1zVTnp
G+TWf21tQ2zieUH0JqQtGFkkoLHg2wMH+fsk9r7tjDE+x7t0toe6Q/zW+y+fHOvR
J61g66uHx0b+InXBu/sjrbodq0FFKdbEiZmUQAbHOgj+07X051JXqtGo7HTmyeye
gOC6kpKVVS7XstgJ7nL9EqwKDdy6rE40jDcZdmB8vbqZt+VHw0tnL6lciZVwLSyX
RQRkFUcE0Uh92EBjbAWL3O0Po6466G9JNFTemUuqKG3JPdtDYBRA1QmHqLKIEUyM
AHGxOCWRXy+Te0JkONvSWUjo7S6SaU7UKjvjA5Qs/Ky8/6m0HsrT0rX9vzO9VRJ1
2/E=
-----END CERTIFICATE-----

73
OpenVPN/CA Server/easy-rsa/pki/certs_by_serial/2A951944ADF0A2C8E81A4C541C1899E5.pem Normal file
View File

@ -0,0 +1,73 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2a:95:19:44:ad:f0:a2:c8:e8:1a:4c:54:1c:18:99:e5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=JF_server
Validity
Not Before: Mar 17 18:35:11 2023 GMT
Not After : Jun 19 18:35:11 2025 GMT
Subject: CN=pascal
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:bd:c5:d0:8f:66:db:14:de:04:ca:5c:46:2b:39:
24:d2:17:c2:43:cc:c5:b1:37:e9:b8:3f:bb:25:ef:
be:9e:1c:bc:a7:60:e0:15:f7:87:10:97:90:79:c6:
4b:fa:46:16:9f:d7:6a:0a:96:d0:73:04:ef:f1:f4:
b6:14:2a:d4:d1:14:27:48:fa:74:89:92:4d:5b:87:
f7:3b:ce:ee:00:f5:be:15:8f:4d:de:65:b0:fb:70:
e2:27:c4:d6:7c:ed:5d
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
4D:A1:0A:C4:75:0C:FF:5A:3F:0A:0B:49:A7:19:48:B2:61:54:F0:CB
X509v3 Authority Key Identifier:
keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
DirName:/CN=JF_server
serial:5D:ED:FB:93:3D:B2:AA:0C:8B:DB:15:DF:BD:A1:91:CE:5C:FB:CB:06
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
DNS:pascal
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
57:3b:5a:bb:47:77:8f:dd:fd:9c:6d:68:ad:12:29:c0:7b:66:
2e:56:cc:13:64:5b:8f:e8:98:71:43:ab:76:0c:46:d1:a7:af:
b5:3a:c8:81:03:57:7e:cb:05:12:05:fb:e6:e2:4b:9c:09:93:
e7:1f:5d:35:b6:5d:e4:cd:58:ca:47:f4:10:9e:3e:64:22:14:
b5:49:d5:be:5b:7b:ed:3e:f2:a4:f9:13:65:58:69:5d:ec:3b:
f2:f6:c5:5e:8c:80:42:82:95:0e:5c:32:52:7b:80:c8:8d:8b:
fe:73:7e:15:f8:28:7c:81:d7:5f:85:61:ea:de:50:d4:ba:12:
8e:88:93:dc:5d:d2:c7:41:15:f8:f4:50:64:b4:56:2d:01:b8:
ee:ad:8f:7e:71:80:c7:97:fd:57:a5:c7:33:3a:8a:b0:bf:fb:
3c:36:d0:3b:92:03:e7:78:20:04:4a:f1:a9:82:63:8d:33:13:
1f:ba:cd:56:99:79:c5:5d:53:f9:c9:36:7b:26:ff:4f:cd:58:
39:35:02:b4:68:59:c3:a2:44:98:e3:47:44:92:9d:51:1e:60:
9a:84:2d:dc:f3:ad:7e:fa:ac:31:bf:8b:02:cf:cf:f7:f8:f8:
77:6d:ac:4d:8f:5c:91:8c:b6:77:4b:86:80:6d:ce:f1:10:22:
50:af:47:93
-----BEGIN CERTIFICATE-----
MIICtTCCAZ2gAwIBAgIQKpUZRK3wosjoGkxUHBiZ5TANBgkqhkiG9w0BAQsFADAU
MRIwEAYDVQQDDAlKRl9zZXJ2ZXIwHhcNMjMwMzE3MTgzNTExWhcNMjUwNjE5MTgz
NTExWjARMQ8wDQYDVQQDDAZwYXNjYWwwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAS9
xdCPZtsU3gTKXEYrOSTSF8JDzMWxN+m4P7sl776eHLynYOAV94cQl5B5xkv6Rhaf
12oKltBzBO/x9LYUKtTRFCdI+nSJkk1bh/c7zu4A9b4Vj03eZbD7cOInxNZ87V2j
gbMwgbAwCQYDVR0TBAIwADAdBgNVHQ4EFgQUTaEKxHUM/1o/CgtJpxlIsmFU8Msw
TwYDVR0jBEgwRoAUiniQ5fBQ54x15LjAoejpm7IanTKhGKQWMBQxEjAQBgNVBAMM
CUpGX3NlcnZlcoIUXe37kz2yqgyL2xXfvaGRzlz7ywYwEwYDVR0lBAwwCgYIKwYB
BQUHAwEwCwYDVR0PBAQDAgWgMBEGA1UdEQQKMAiCBnBhc2NhbDANBgkqhkiG9w0B
AQsFAAOCAQEAVztau0d3j939nG1orRIpwHtmLlbME2Rbj+iYcUOrdgxG0aevtTrI
gQNXfssFEgX75uJLnAmT5x9dNbZd5M1Yykf0EJ4+ZCIUtUnVvlt77T7ypPkTZVhp
Xew78vbFXoyAQoKVDlwyUnuAyI2L/nN+FfgofIHXX4Vh6t5Q1LoSjoiT3F3Sx0EV
+PRQZLRWLQG47q2PfnGAx5f9V6XHMzqKsL/7PDbQO5ID53ggBErxqYJjjTMTH7rN
Vpl5xV1T+ck2eyb/T81YOTUCtGhZw6JEmONHRJKdUR5gmoQt3POtfvqsMb+LAs/P
9/j4d22sTY9ckYy2d0uGgG3O8RAiUK9Hkw==
-----END CERTIFICATE-----

71
OpenVPN/CA Server/easy-rsa/pki/certs_by_serial/3509162241A87805B57226316EC39402.pem Normal file
View File

@ -0,0 +1,71 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
35:09:16:22:41:a8:78:05:b5:72:26:31:6e:c3:94:02
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=JF_server
Validity
Not Before: Jul 3 19:11:30 2023 GMT
Not After : Oct 5 19:11:30 2025 GMT
Subject: CN=edgerouterchambly
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:0e:fd:1c:60:83:5f:a7:64:79:a0:35:74:df:c0:
63:68:c5:3c:b1:02:95:a9:73:58:a9:a3:74:cc:d8:
5b:d8:7a:ab:aa:d3:1f:41:2d:68:86:bd:2f:e3:6c:
73:b5:e8:01:73:b4:12:f4:71:dd:dd:cb:9b:4e:b0:
f1:d4:04:00:d1:60:cf:fe:ea:3c:a5:f2:ae:ee:aa:
45:a3:21:71:e5:d2:b7:f0:22:30:c4:d4:27:58:79:
96:6c:f0:5c:ba:96:19
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
C1:2A:D4:21:E9:F3:08:CB:87:23:CC:2D:52:A3:DF:8F:BB:CF:BB:5A
X509v3 Authority Key Identifier:
keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
DirName:/CN=JF_server
serial:5D:ED:FB:93:3D:B2:AA:0C:8B:DB:15:DF:BD:A1:91:CE:5C:FB:CB:06
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
2e:c6:3c:76:fd:64:a8:ab:c7:02:86:e8:80:d5:a6:8b:2f:ed:
be:70:cd:96:23:a5:86:1f:19:0c:72:7b:0b:ec:d2:58:ad:39:
1d:ee:63:52:55:a3:f2:47:87:12:56:ad:cd:a1:ed:0d:ed:27:
55:4c:9b:47:cf:e8:d7:a2:70:d7:8a:d2:60:7e:57:b4:02:0d:
96:46:57:9d:f9:05:cf:f1:91:5c:1e:e2:a7:79:e1:5b:fe:46:
7a:1b:ab:bb:c0:0a:a5:70:68:83:88:1a:62:8a:36:4c:98:9c:
85:31:40:6b:ad:a7:11:d3:a3:cb:d9:8a:f3:e8:d4:2c:bd:8a:
66:57:ca:bb:ad:d9:b1:cf:6a:83:88:e3:5e:a4:2e:5b:7e:50:
26:16:5c:34:cd:6c:9b:35:d9:61:ef:63:87:7c:2a:2d:f0:dd:
ce:ab:9d:7e:14:46:98:d9:cb:9a:68:91:fb:a3:59:85:91:d5:
4f:0c:ee:e3:47:df:7c:93:f8:05:ec:0a:d1:84:dc:21:0f:8e:
6d:b5:14:e8:a3:bd:ea:21:1c:d1:5a:95:36:95:98:20:f0:0e:
07:54:56:27:d9:6d:cc:c6:09:f1:98:1c:69:d7:1b:52:0c:54:
38:32:fe:c6:50:07:74:ef:8c:05:03:bf:55:e0:c7:3b:e5:20:
f2:84:3e:9f
-----BEGIN CERTIFICATE-----
MIICrTCCAZWgAwIBAgIQNQkWIkGoeAW1ciYxbsOUAjANBgkqhkiG9w0BAQsFADAU
MRIwEAYDVQQDDAlKRl9zZXJ2ZXIwHhcNMjMwNzAzMTkxMTMwWhcNMjUxMDA1MTkx
MTMwWjAcMRowGAYDVQQDDBFlZGdlcm91dGVyY2hhbWJseTB2MBAGByqGSM49AgEG
BSuBBAAiA2IABA79HGCDX6dkeaA1dN/AY2jFPLEClalzWKmjdMzYW9h6q6rTH0Et
aIa9L+Nsc7XoAXO0EvRx3d3Lm06w8dQEANFgz/7qPKXyru6qRaMhceXSt/AiMMTU
J1h5lmzwXLqWGaOBoDCBnTAJBgNVHRMEAjAAMB0GA1UdDgQWBBTBKtQh6fMIy4cj
zC1So9+Pu8+7WjBPBgNVHSMESDBGgBSKeJDl8FDnjHXkuMCh6OmbshqdMqEYpBYw
FDESMBAGA1UEAwwJSkZfc2VydmVyghRd7fuTPbKqDIvbFd+9oZHOXPvLBjATBgNV
HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEB
AC7GPHb9ZKirxwKG6IDVposv7b5wzZYjpYYfGQxyewvs0litOR3uY1JVo/JHhxJW
rc2h7Q3tJ1VMm0fP6NeicNeK0mB+V7QCDZZGV535Bc/xkVwe4qd54Vv+Rnobq7vA
CqVwaIOIGmKKNkyYnIUxQGutpxHTo8vZivPo1Cy9imZXyrut2bHPaoOI416kLlt+
UCYWXDTNbJs12WHvY4d8Ki3w3c6rnX4URpjZy5pokfujWYWR1U8M7uNH33yT+AXs
CtGE3CEPjm21FOijveohHNFalTaVmCDwDgdUVifZbczGCfGYHGnXG1IMVDgy/sZQ
B3TvjAUDv1XgxzvlIPKEPp8=
-----END CERTIFICATE-----

71
OpenVPN/CA Server/easy-rsa/pki/certs_by_serial/35F253A0DF2EA1227A3926855218BBD5.pem Normal file
View File

@ -0,0 +1,71 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
35:f2:53:a0:df:2e:a1:22:7a:39:26:85:52:18:bb:d5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=JF_server
Validity
Not Before: Mar 17 19:08:30 2023 GMT
Not After : Jun 19 19:08:30 2025 GMT
Subject: CN=pascal
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:bd:c5:d0:8f:66:db:14:de:04:ca:5c:46:2b:39:
24:d2:17:c2:43:cc:c5:b1:37:e9:b8:3f:bb:25:ef:
be:9e:1c:bc:a7:60:e0:15:f7:87:10:97:90:79:c6:
4b:fa:46:16:9f:d7:6a:0a:96:d0:73:04:ef:f1:f4:
b6:14:2a:d4:d1:14:27:48:fa:74:89:92:4d:5b:87:
f7:3b:ce:ee:00:f5:be:15:8f:4d:de:65:b0:fb:70:
e2:27:c4:d6:7c:ed:5d
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
4D:A1:0A:C4:75:0C:FF:5A:3F:0A:0B:49:A7:19:48:B2:61:54:F0:CB
X509v3 Authority Key Identifier:
keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
DirName:/CN=JF_server
serial:5D:ED:FB:93:3D:B2:AA:0C:8B:DB:15:DF:BD:A1:91:CE:5C:FB:CB:06
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
90:1a:f6:1b:27:2f:bb:fb:e7:69:da:e2:9d:3d:1b:59:67:a0:
77:8d:a3:79:cd:1b:e9:6a:f1:22:17:a9:58:58:3f:b9:b6:66:
1d:43:d7:b7:2a:35:1d:ae:6b:f8:8e:a0:04:06:08:cf:f2:2f:
d8:cd:9f:dd:8c:8c:5e:dd:46:ee:19:95:a7:4e:f2:81:d7:b1:
b6:92:51:43:2e:6a:0b:b9:55:8b:9e:90:08:3f:2f:bc:7f:ff:
2d:a1:09:92:95:dd:ef:40:14:84:51:f4:a5:9b:7f:85:fc:bf:
7d:d3:a4:14:2c:94:72:6e:17:6d:79:9c:52:67:4b:fb:86:55:
02:fe:43:4c:77:4d:68:e0:84:d5:4b:64:c7:e8:30:fd:51:3d:
1f:0d:ad:a3:f1:bc:bb:fb:11:aa:5b:2d:18:61:9a:f8:9b:35:
d9:5e:a2:45:5c:a7:d6:79:0d:1c:3a:ad:b9:eb:cb:46:f4:b9:
2b:cf:41:da:15:d0:bf:49:a7:cc:c1:7d:f6:68:0a:60:76:54:
2b:d3:df:1c:88:77:7e:fb:19:86:d1:f4:a3:e7:3d:f6:17:8d:
84:27:aa:63:04:26:de:26:13:c3:9f:ce:61:6c:ee:6c:ff:76:
fb:8d:bf:e8:1d:34:1a:c4:29:f6:5f:b1:5d:46:24:40:1e:68:
c7:8f:18:49
-----BEGIN CERTIFICATE-----
MIICojCCAYqgAwIBAgIQNfJToN8uoSJ6OSaFUhi71TANBgkqhkiG9w0BAQsFADAU
MRIwEAYDVQQDDAlKRl9zZXJ2ZXIwHhcNMjMwMzE3MTkwODMwWhcNMjUwNjE5MTkw
ODMwWjARMQ8wDQYDVQQDDAZwYXNjYWwwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAS9
xdCPZtsU3gTKXEYrOSTSF8JDzMWxN+m4P7sl776eHLynYOAV94cQl5B5xkv6Rhaf
12oKltBzBO/x9LYUKtTRFCdI+nSJkk1bh/c7zu4A9b4Vj03eZbD7cOInxNZ87V2j
gaAwgZ0wCQYDVR0TBAIwADAdBgNVHQ4EFgQUTaEKxHUM/1o/CgtJpxlIsmFU8Msw
TwYDVR0jBEgwRoAUiniQ5fBQ54x15LjAoejpm7IanTKhGKQWMBQxEjAQBgNVBAMM
CUpGX3NlcnZlcoIUXe37kz2yqgyL2xXfvaGRzlz7ywYwEwYDVR0lBAwwCgYIKwYB
BQUHAwIwCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQCQGvYbJy+7++dp
2uKdPRtZZ6B3jaN5zRvpavEiF6lYWD+5tmYdQ9e3KjUdrmv4jqAEBgjP8i/YzZ/d
jIxe3UbuGZWnTvKB17G2klFDLmoLuVWLnpAIPy+8f/8toQmSld3vQBSEUfSlm3+F
/L9906QULJRybhdteZxSZ0v7hlUC/kNMd01o4ITVS2TH6DD9UT0fDa2j8by7+xGq
Wy0YYZr4mzXZXqJFXKfWeQ0cOq2568tG9Lkrz0HaFdC/SafMwX32aApgdlQr098c
iHd++xmG0fSj5z32F42EJ6pjBCbeJhPDn85hbO5s/3b7jb/oHTQaxCn2X7FdRiRA
HmjHjxhJ
-----END CERTIFICATE-----

71
OpenVPN/CA Server/easy-rsa/pki/certs_by_serial/44E31288C38E1632F41EBB13CA4D4C8D.pem Normal file
View File

@ -0,0 +1,71 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
44:e3:12:88:c3:8e:16:32:f4:1e:bb:13:ca:4d:4c:8d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=JF_server
Validity
Not Before: Jan 18 20:53:00 2025 GMT
Not After : Apr 23 20:53:00 2027 GMT
Subject: CN=Otarcik202501
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:40:90:47:89:d8:ec:72:20:95:c0:fb:8d:b7:10:
fc:52:1d:9b:ad:c1:65:91:e4:45:d5:0f:02:b0:31:
8e:55:b7:fa:31:9a:a6:5a:1f:e0:85:cd:e2:21:9d:
3c:95:7f:ad:80:f2:d1:63:e7:41:7d:e4:87:97:7e:
a4:d1:e7:d2:c9:3d:3b:66:9f:52:fe:11:72:d3:d7:
de:b9:f7:41:d5:7b:32:2b:01:94:4c:71:cb:ff:65:
76:67:3e:ae:1a:4e:4f
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
27:9B:8A:B2:AB:54:28:C6:F2:23:81:99:3D:AB:D5:4C:25:8D:95:0B
X509v3 Authority Key Identifier:
keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
DirName:/CN=JF_server
serial:5D:ED:FB:93:3D:B2:AA:0C:8B:DB:15:DF:BD:A1:91:CE:5C:FB:CB:06
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
5a:57:76:c3:9d:0e:55:d1:61:1d:43:2b:21:7c:ec:59:c0:07:
bf:76:f1:e6:c4:1b:3d:19:82:b0:b2:02:74:4c:d5:f2:7c:ba:
33:f4:24:d8:68:6f:29:fe:85:f9:be:ee:90:42:04:c5:25:15:
78:7e:8f:86:ef:ea:4d:15:d1:a5:dc:29:a4:50:99:74:a4:74:
53:ee:3f:6c:c3:a9:b9:af:e0:a3:e2:33:6a:4a:aa:20:21:92:
bc:e5:57:86:5b:53:c7:68:b8:05:43:c8:10:d7:06:68:58:9f:
c4:2a:51:50:f5:dd:7c:ae:e4:80:59:5a:55:83:e4:88:58:be:
be:8d:68:fe:7a:7a:95:fe:7d:67:f6:03:d5:09:4d:3d:11:24:
6d:03:33:40:5e:65:a2:c6:77:28:a0:60:aa:ea:df:08:31:7f:
d8:1f:94:8a:4e:2c:80:bc:8f:70:40:d3:14:72:a9:cd:9c:1f:
ef:b4:5d:a9:e6:65:49:fb:f7:e2:b3:ea:ce:59:c3:45:7d:05:
ca:16:fc:2b:ff:d9:fc:2d:c9:75:36:d4:60:a3:b7:03:5b:92:
85:0a:3a:e1:50:8a:39:6b:d3:d5:4b:61:58:c6:2d:fe:96:b0:
9d:26:6b:6d:d7:20:af:91:47:27:1f:13:61:34:33:f7:8a:16:
bd:da:ee:44
-----BEGIN CERTIFICATE-----
MIICqTCCAZGgAwIBAgIQROMSiMOOFjL0HrsTyk1MjTANBgkqhkiG9w0BAQsFADAU
MRIwEAYDVQQDDAlKRl9zZXJ2ZXIwHhcNMjUwMTE4MjA1MzAwWhcNMjcwNDIzMjA1
MzAwWjAYMRYwFAYDVQQDDA1PdGFyY2lrMjAyNTAxMHYwEAYHKoZIzj0CAQYFK4EE
ACIDYgAEQJBHidjsciCVwPuNtxD8Uh2brcFlkeRF1Q8CsDGOVbf6MZqmWh/ghc3i
IZ08lX+tgPLRY+dBfeSHl36k0efSyT07Zp9S/hFy09feufdB1XsyKwGUTHHL/2V2
Zz6uGk5Po4GgMIGdMAkGA1UdEwQCMAAwHQYDVR0OBBYEFCebirKrVCjG8iOBmT2r
1UwljZULME8GA1UdIwRIMEaAFIp4kOXwUOeMdeS4wKHo6ZuyGp0yoRikFjAUMRIw
EAYDVQQDDAlKRl9zZXJ2ZXKCFF3t+5M9sqoMi9sV372hkc5c+8sGMBMGA1UdJQQM
MAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAWld2
w50OVdFhHUMrIXzsWcAHv3bx5sQbPRmCsLICdEzV8ny6M/Qk2GhvKf6F+b7ukEIE
xSUVeH6Phu/qTRXRpdwppFCZdKR0U+4/bMOpua/go+IzakqqICGSvOVXhltTx2i4
BUPIENcGaFifxCpRUPXdfK7kgFlaVYPkiFi+vo1o/np6lf59Z/YD1QlNPREkbQMz
QF5losZ3KKBgqurfCDF/2B+Uik4sgLyPcEDTFHKpzZwf77RdqeZlSfv34rPqzlnD
RX0Fyhb8K//Z/C3JdTbUYKO3A1uShQo64VCKOWvT1UthWMYt/pawnSZrbdcgr5FH
Jx8TYTQz94oWvdruRA==
-----END CERTIFICATE-----

71
OpenVPN/CA Server/easy-rsa/pki/certs_by_serial/785E579993BEF247DACC6C8E0D713DF8.pem Normal file
View File

@ -0,0 +1,71 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
78:5e:57:99:93:be:f2:47:da:cc:6c:8e:0d:71:3d:f8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=JF_server
Validity
Not Before: May 5 13:33:22 2024 GMT
Not After : Aug 8 13:33:22 2026 GMT
Subject: CN=stationKA2401
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:8f:4f:26:6b:af:cb:49:0b:74:3e:65:aa:0e:9a:
9a:57:99:b1:f6:bf:dc:74:ae:d6:72:ed:d3:a8:04:
2f:a8:a0:43:63:f6:c8:e2:cd:dc:d8:fd:bf:69:93:
09:d7:bd:11:ab:d9:c5:ae:20:bc:00:ac:d7:ad:ea:
fb:c0:1e:44:6f:ba:20:63:9d:32:f7:38:8f:c0:d7:
bf:b4:23:15:16:4d:84:59:13:d5:4b:de:9e:7b:46:
d3:ce:ba:5d:d9:53:c4
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
68:18:F5:54:75:30:27:4D:B5:96:D3:34:8E:1C:3B:58:1E:BC:1B:78
X509v3 Authority Key Identifier:
keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
DirName:/CN=JF_server
serial:5D:ED:FB:93:3D:B2:AA:0C:8B:DB:15:DF:BD:A1:91:CE:5C:FB:CB:06
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
67:97:34:79:07:29:c3:cd:a6:7c:86:82:aa:94:0b:ca:69:ef:
79:5e:a6:35:97:c3:31:07:9f:cd:aa:89:95:e3:b1:26:4b:e9:
88:50:1f:3e:10:eb:d2:82:c5:6e:56:18:1e:ff:72:60:c1:de:
11:af:b8:e6:b6:bb:de:7d:52:f5:ba:1b:9b:4e:49:b2:05:25:
0a:e9:8a:f8:85:f7:0e:c8:db:fd:c4:b9:e9:a9:6f:85:0a:cb:
63:a3:d0:a7:77:e0:7f:ff:34:29:90:80:66:a7:8d:80:6a:bf:
23:74:80:77:ad:53:2d:5e:f6:02:d1:05:3f:9f:fa:17:11:8f:
7f:b4:a5:44:74:2b:57:1e:4b:7e:29:c8:95:48:a6:3a:fc:ae:
82:c2:7b:b2:26:4f:92:d5:af:73:71:30:8e:b6:b9:6a:f2:b0:
00:df:44:a2:3f:cd:4a:45:7e:ed:43:4b:d4:0e:07:25:94:37:
e0:5d:8d:0b:1b:fb:76:07:d0:41:da:c9:f3:19:fa:28:8b:46:
df:5a:19:82:ee:1e:e0:1a:be:39:c1:a9:65:b1:02:92:32:96:
2c:7e:3f:4e:ce:9e:b0:66:57:b4:74:2c:98:de:13:da:b2:27:
e5:7a:5b:30:df:3e:46:1b:6c:92:53:6f:c6:0e:88:6f:0d:ae:
89:ca:ea:ea
-----BEGIN CERTIFICATE-----
MIICqTCCAZGgAwIBAgIQeF5XmZO+8kfazGyODXE9+DANBgkqhkiG9w0BAQsFADAU
MRIwEAYDVQQDDAlKRl9zZXJ2ZXIwHhcNMjQwNTA1MTMzMzIyWhcNMjYwODA4MTMz
MzIyWjAYMRYwFAYDVQQDDA1zdGF0aW9uS0EyNDAxMHYwEAYHKoZIzj0CAQYFK4EE
ACIDYgAEj08ma6/LSQt0PmWqDpqaV5mx9r/cdK7Wcu3TqAQvqKBDY/bI4s3c2P2/
aZMJ170Rq9nFriC8AKzXrer7wB5Eb7ogY50y9ziPwNe/tCMVFk2EWRPVS96ee0bT
zrpd2VPEo4GgMIGdMAkGA1UdEwQCMAAwHQYDVR0OBBYEFGgY9VR1MCdNtZbTNI4c
O1gevBt4ME8GA1UdIwRIMEaAFIp4kOXwUOeMdeS4wKHo6ZuyGp0yoRikFjAUMRIw
EAYDVQQDDAlKRl9zZXJ2ZXKCFF3t+5M9sqoMi9sV372hkc5c+8sGMBMGA1UdJQQM
MAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAZ5c0
eQcpw82mfIaCqpQLymnveV6mNZfDMQefzaqJleOxJkvpiFAfPhDr0oLFblYYHv9y
YMHeEa+45ra73n1S9bobm05JsgUlCumK+IX3Dsjb/cS56alvhQrLY6PQp3fgf/80
KZCAZqeNgGq/I3SAd61TLV72AtEFP5/6FxGPf7SlRHQrVx5LfinIlUimOvyugsJ7
siZPktWvc3Ewjra5avKwAN9Eoj/NSkV+7UNL1A4HJZQ34F2NCxv7dgfQQdrJ8xn6
KItG31oZgu4e4Bq+OcGpZbECkjKWLH4/Ts6esGZXtHQsmN4T2rIn5XpbMN8+Rhts
klNvxg6Ibw2uicrq6g==
-----END CERTIFICATE-----

73
OpenVPN/CA Server/easy-rsa/pki/certs_by_serial/7A066FB2ED7056F494707BB17BDCBE73.pem Normal file
View File

@ -0,0 +1,73 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7a:06:6f:b2:ed:70:56:f4:94:70:7b:b1:7b:dc:be:73
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=JF_server
Validity
Not Before: Feb 20 22:27:55 2023 GMT
Not After : May 25 22:27:55 2025 GMT
Subject: CN=DO_server
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:2e:0a:88:e2:03:ad:14:3a:ee:00:51:96:3e:f5:
ec:24:cb:d6:5b:8d:d6:5d:0f:df:92:08:97:19:db:
b0:8d:c2:9d:d6:c6:a2:59:2e:94:d4:d9:d0:10:f8:
cd:d9:3c:90:80:e8:61:88:9a:be:ac:f8:ce:d2:44:
7f:21:98:ff:d7:53:48:26:d6:18:6f:8f:0d:61:d3:
36:f6:20:30:18:67:66:61:f7:25:da:ee:76:f5:ab:
16:cb:fd:40:52:95:3c
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
DF:EE:7B:FF:0B:6D:D0:D9:44:84:A9:FA:00:F6:A6:AB:D9:A4:D2:4F
X509v3 Authority Key Identifier:
keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
DirName:/CN=JF_server
serial:5D:ED:FB:93:3D:B2:AA:0C:8B:DB:15:DF:BD:A1:91:CE:5C:FB:CB:06
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
DNS:DO_server
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
2f:00:b3:78:70:fe:01:fc:cb:49:5d:8c:94:0a:fa:ed:91:63:
28:cc:a0:27:09:11:fd:ed:31:50:ef:d4:01:ba:1c:29:77:60:
01:2d:dd:7a:cd:ee:26:a1:1d:35:c9:08:b6:39:73:64:30:f7:
c0:21:8d:d3:36:28:7d:47:e4:92:8a:c4:23:a1:50:97:e3:2e:
5b:6c:a5:ce:87:80:c5:6e:a3:d0:56:79:2e:e8:c1:50:e2:28:
ec:31:14:fc:a4:82:29:9a:78:56:d2:07:7f:f9:7f:78:59:01:
74:ce:0e:49:cc:cb:8b:43:6b:50:d4:79:b2:9b:8d:d7:49:ac:
a4:63:e1:3b:2f:e7:41:89:b8:fe:65:84:f7:f3:bf:77:55:78:
c1:66:ac:27:d5:42:54:3b:a2:c3:ff:5d:1a:f5:db:8b:f0:3b:
23:05:23:c5:79:d7:00:db:60:03:51:60:79:4d:72:81:78:55:
11:55:95:9b:44:a0:21:b9:f4:85:2f:83:ce:03:67:ba:d3:80:
45:7e:cd:c5:0c:51:f4:03:56:30:cf:d7:e6:1f:ec:1f:8c:38:
29:cf:94:39:f7:c2:f6:21:0b:cf:33:3b:ba:05:5f:74:34:20:
da:e3:ec:50:f9:d4:3a:55:7e:cd:91:f2:bf:4e:fd:50:40:f3:
89:10:37:20
-----BEGIN CERTIFICATE-----
MIICuzCCAaOgAwIBAgIQegZvsu1wVvSUcHuxe9y+czANBgkqhkiG9w0BAQsFADAU
MRIwEAYDVQQDDAlKRl9zZXJ2ZXIwHhcNMjMwMjIwMjIyNzU1WhcNMjUwNTI1MjIy
NzU1WjAUMRIwEAYDVQQDDAlET19zZXJ2ZXIwdjAQBgcqhkjOPQIBBgUrgQQAIgNi
AAQuCojiA60UOu4AUZY+9ewky9ZbjdZdD9+SCJcZ27CNwp3WxqJZLpTU2dAQ+M3Z
PJCA6GGImr6s+M7SRH8hmP/XU0gm1hhvjw1h0zb2IDAYZ2Zh9yXa7nb1qxbL/UBS
lTyjgbYwgbMwCQYDVR0TBAIwADAdBgNVHQ4EFgQU3+57/wtt0NlEhKn6APamq9mk
0k8wTwYDVR0jBEgwRoAUiniQ5fBQ54x15LjAoejpm7IanTKhGKQWMBQxEjAQBgNV
BAMMCUpGX3NlcnZlcoIUXe37kz2yqgyL2xXfvaGRzlz7ywYwEwYDVR0lBAwwCgYI
KwYBBQUHAwEwCwYDVR0PBAQDAgWgMBQGA1UdEQQNMAuCCURPX3NlcnZlcjANBgkq
hkiG9w0BAQsFAAOCAQEALwCzeHD+AfzLSV2MlAr67ZFjKMygJwkR/e0xUO/UAboc
KXdgAS3des3uJqEdNckItjlzZDD3wCGN0zYofUfkkorEI6FQl+MuW2ylzoeAxW6j
0FZ5LujBUOIo7DEU/KSCKZp4VtIHf/l/eFkBdM4OSczLi0NrUNR5spuN10mspGPh
Oy/nQYm4/mWE9/O/d1V4wWasJ9VCVDuiw/9dGvXbi/A7IwUjxXnXANtgA1FgeU1y
gXhVEVWVm0SgIbn0hS+DzgNnutOARX7NxQxR9ANWMM/X5h/sH4w4Kc+UOffC9iEL
zzM7ugVfdDQg2uPsUPnUOlV+zZHyv079UEDziRA3IA==
-----END CERTIFICATE-----

71
OpenVPN/CA Server/easy-rsa/pki/certs_by_serial/A67F642294224A39B948259B999DAEA7.pem Normal file
View File

@ -0,0 +1,71 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
a6:7f:64:22:94:22:4a:39:b9:48:25:9b:99:9d:ae:a7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=JF_server
Validity
Not Before: Mar 17 19:30:32 2023 GMT
Not After : Jun 19 19:30:32 2025 GMT
Subject: CN=pascal
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:6e:d7:fc:29:a8:23:70:28:49:70:82:f4:1a:4f:
fc:e8:5a:d3:10:84:ef:0a:59:d9:3e:31:2e:5f:91:
8b:97:7e:32:c5:e4:9a:b1:df:8b:66:82:f7:a5:5a:
6d:90:ba:4d:4b:75:4e:1b:09:37:3b:23:5b:df:b8:
08:89:c7:a0:d6:3b:fa:3e:f8:b1:08:18:a6:ee:25:
02:25:b2:c5:43:ee:f5:03:82:9e:39:a0:82:d0:23:
49:eb:fe:be:3e:8f:7a
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
8E:E1:F2:13:12:D0:E0:C4:29:EA:29:E4:3D:94:2B:EC:0D:04:8F:BC
X509v3 Authority Key Identifier:
keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
DirName:/CN=JF_server
serial:5D:ED:FB:93:3D:B2:AA:0C:8B:DB:15:DF:BD:A1:91:CE:5C:FB:CB:06
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
7d:0b:3f:f6:58:09:f2:8a:8d:0e:1e:50:c9:e8:31:f0:8f:0a:
f5:65:66:55:d3:dd:2c:5d:42:d4:0f:a5:02:ed:6a:77:e1:1d:
39:c5:46:1c:a5:38:17:89:13:f1:cd:eb:ff:b8:a5:3d:e9:85:
6f:d2:96:9b:f4:a1:09:6c:1b:84:40:70:19:2b:e1:ac:91:c2:
df:bf:09:a4:4f:c4:31:44:fe:2b:a5:60:38:97:a8:b3:01:aa:
39:43:74:90:b5:c6:fc:85:63:26:9f:7f:54:ba:de:4a:b1:ae:
6d:85:00:35:4d:15:9f:9d:10:f4:bf:bb:67:45:7e:c6:ab:ee:
7e:ad:92:4a:b4:e8:76:65:be:94:40:5a:67:83:ab:6c:d9:f9:
7d:40:bd:70:87:1f:14:4d:eb:56:50:a5:c3:7e:4a:b3:42:b5:
95:fe:f8:7f:9b:c6:c0:81:04:62:fd:94:ef:da:dd:17:01:a0:
93:14:80:31:5a:a2:fa:c7:8c:2d:7c:df:8b:40:d5:5c:ce:5f:
a8:9f:9f:48:4f:49:49:dc:cc:37:7e:f7:55:84:74:8a:cd:68:
15:60:8b:e8:4a:75:3e:83:cb:33:be:45:e1:a1:76:52:1a:b9:
09:34:38:af:6e:af:98:e3:6d:ed:c2:24:97:de:08:83:6b:d5:
45:9e:91:3a
-----BEGIN CERTIFICATE-----
MIICozCCAYugAwIBAgIRAKZ/ZCKUIko5uUglm5mdrqcwDQYJKoZIhvcNAQELBQAw
FDESMBAGA1UEAwwJSkZfc2VydmVyMB4XDTIzMDMxNzE5MzAzMloXDTI1MDYxOTE5
MzAzMlowETEPMA0GA1UEAwwGcGFzY2FsMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE
btf8KagjcChJcIL0Gk/86FrTEITvClnZPjEuX5GLl34yxeSasd+LZoL3pVptkLpN
S3VOGwk3OyNb37gIiceg1jv6PvixCBim7iUCJbLFQ+71A4KeOaCC0CNJ6/6+Po96
o4GgMIGdMAkGA1UdEwQCMAAwHQYDVR0OBBYEFI7h8hMS0ODEKeop5D2UK+wNBI+8
ME8GA1UdIwRIMEaAFIp4kOXwUOeMdeS4wKHo6ZuyGp0yoRikFjAUMRIwEAYDVQQD
DAlKRl9zZXJ2ZXKCFF3t+5M9sqoMi9sV372hkc5c+8sGMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAfQs/9lgJ8oqN
Dh5Qyegx8I8K9WVmVdPdLF1C1A+lAu1qd+EdOcVGHKU4F4kT8c3r/7ilPemFb9KW
m/ShCWwbhEBwGSvhrJHC378JpE/EMUT+K6VgOJeoswGqOUN0kLXG/IVjJp9/VLre
SrGubYUANU0Vn50Q9L+7Z0V+xqvufq2SSrTodmW+lEBaZ4OrbNn5fUC9cIcfFE3r
VlClw35Ks0K1lf74f5vGwIEEYv2U79rdFwGgkxSAMVqi+seMLXzfi0DVXM5fqJ+f
SE9JSdzMN373VYR0is1oFWCL6Ep1PoPLM75F4aF2Uhq5CTQ4r26vmONt7cIkl94I
g2vVRZ6ROg==
-----END CERTIFICATE-----

71
OpenVPN/CA Server/easy-rsa/pki/certs_by_serial/ABBA5527AA06497B13DDF25BAE2708FE.pem Normal file
View File

@ -0,0 +1,71 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
ab:ba:55:27:aa:06:49:7b:13:dd:f2:5b:ae:27:08:fe
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=JF_server
Validity
Not Before: Jun 1 18:17:32 2023 GMT
Not After : Sep 3 18:17:32 2025 GMT
Subject: CN=fred
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:3e:78:ef:26:d9:87:bb:8b:08:47:fe:15:ad:96:
ae:f4:93:f1:d8:ce:e3:05:d2:96:46:fc:f6:47:c9:
ac:41:f5:01:1b:e3:25:61:f4:ee:6f:8d:13:dd:ab:
1b:d8:02:85:a3:fb:52:3d:02:d8:ad:0b:ed:e3:02:
88:c7:eb:06:52:ca:25:ac:8b:ac:eb:52:4c:43:52:
f9:c0:8c:f4:48:ea:72:a6:26:f7:5f:02:96:97:ad:
10:ac:6d:c8:d3:b1:28
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
3C:F6:00:C3:CF:A4:BB:8D:F1:1B:AB:A1:6F:24:44:2A:73:95:EB:46
X509v3 Authority Key Identifier:
keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
DirName:/CN=JF_server
serial:5D:ED:FB:93:3D:B2:AA:0C:8B:DB:15:DF:BD:A1:91:CE:5C:FB:CB:06
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
10:9c:49:d0:09:dc:52:df:2b:e1:ce:59:ef:f7:a0:96:13:05:
7e:30:ba:4b:6d:17:62:ed:89:39:cb:0e:c5:cc:df:0c:5a:68:
e7:0f:bc:c2:67:e0:b2:72:b6:9f:e7:9f:1f:4c:e5:da:d9:5c:
d8:53:44:ef:47:ea:47:9d:d7:1d:12:ab:75:c3:1f:c4:d8:ae:
65:7e:39:9d:98:f1:02:df:03:77:1e:7b:88:24:5f:7e:51:5c:
f2:9c:b8:1f:84:71:4b:f9:5a:6d:06:63:4d:e9:ab:27:f5:99:
fa:ac:25:7a:e2:a7:ba:94:a7:44:8b:2f:21:73:c1:db:1a:37:
38:d6:46:4a:a5:65:f7:24:35:08:40:9a:8e:d6:22:56:20:c9:
7b:52:b3:8f:ea:53:bf:00:bd:6a:23:bd:07:fe:af:2e:20:ee:
71:69:f8:66:b0:f3:00:5e:8d:2f:2a:37:b9:14:a6:bf:c8:25:
2e:1b:f4:86:58:94:33:2b:85:f9:08:3a:48:9e:49:42:66:5a:
37:10:10:5b:50:2e:f6:06:d0:fe:86:17:0d:9d:f5:dd:cb:ab:
92:39:de:d8:57:9d:0d:7e:14:b7:61:e5:bc:dc:62:00:22:8c:
23:df:90:d4:38:01:18:23:96:c6:7e:e8:c8:5e:c8:fd:a4:b2:
47:87:02:4f
-----BEGIN CERTIFICATE-----
MIICoTCCAYmgAwIBAgIRAKu6VSeqBkl7E93yW64nCP4wDQYJKoZIhvcNAQELBQAw
FDESMBAGA1UEAwwJSkZfc2VydmVyMB4XDTIzMDYwMTE4MTczMloXDTI1MDkwMzE4
MTczMlowDzENMAsGA1UEAwwEZnJlZDB2MBAGByqGSM49AgEGBSuBBAAiA2IABD54
7ybZh7uLCEf+Fa2WrvST8djO4wXSlkb89kfJrEH1ARvjJWH07m+NE92rG9gChaP7
Uj0C2K0L7eMCiMfrBlLKJayLrOtSTENS+cCM9EjqcqYm918ClpetEKxtyNOxKKOB
oDCBnTAJBgNVHRMEAjAAMB0GA1UdDgQWBBQ89gDDz6S7jfEbq6FvJEQqc5XrRjBP
BgNVHSMESDBGgBSKeJDl8FDnjHXkuMCh6OmbshqdMqEYpBYwFDESMBAGA1UEAwwJ
SkZfc2VydmVyghRd7fuTPbKqDIvbFd+9oZHOXPvLBjATBgNVHSUEDDAKBggrBgEF
BQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBABCcSdAJ3FLfK+HO
We/3oJYTBX4wukttF2LtiTnLDsXM3wxaaOcPvMJn4LJytp/nnx9M5drZXNhTRO9H
6ked1x0Sq3XDH8TYrmV+OZ2Y8QLfA3cee4gkX35RXPKcuB+EcUv5Wm0GY03pqyf1
mfqsJXrip7qUp0SLLyFzwdsaNzjWRkqlZfckNQhAmo7WIlYgyXtSs4/qU78AvWoj
vQf+ry4g7nFp+Gaw8wBejS8qN7kUpr/IJS4b9IZYlDMrhfkIOkieSUJmWjcQEFtQ
LvYG0P6GFw2d9d3Lq5I53thXnQ1+FLdh5bzcYgAijCPfkNQ4ARgjlsZ+6MheyP2k
skeHAk8=
-----END CERTIFICATE-----

71
OpenVPN/CA Server/easy-rsa/pki/certs_by_serial/D1AE61458E84E38E5B923FAABB819D59.pem Normal file
View File

@ -0,0 +1,71 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
d1:ae:61:45:8e:84:e3:8e:5b:92:3f:aa:bb:81:9d:59
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=JF_server
Validity
Not Before: Feb 23 20:30:31 2023 GMT
Not After : May 28 20:30:31 2025 GMT
Subject: CN=remoteclient
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:65:e9:86:35:01:c3:d7:0e:16:3d:89:90:3c:cb:
a0:5f:d2:04:f7:b6:32:84:1e:a0:dc:6a:1d:16:a0:
6f:47:a3:b5:7d:4c:39:bd:d0:70:18:34:e8:16:67:
d4:5b:4c:ca:ce:ea:f0:75:5f:55:72:09:4b:f5:dd:
80:f1:d5:db:e6:26:09:e4:34:3b:ca:89:f3:3a:40:
91:31:14:c6:ff:06:8d:8e:f9:ba:8f:47:df:40:41:
f4:6b:84:f8:e5:e8:70
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
23:F8:BF:EB:8E:A3:77:B3:2B:6A:FA:16:7A:39:B2:C2:47:31:9F:76
X509v3 Authority Key Identifier:
keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
DirName:/CN=JF_server
serial:5D:ED:FB:93:3D:B2:AA:0C:8B:DB:15:DF:BD:A1:91:CE:5C:FB:CB:06
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
27:af:ff:e0:98:8e:d1:6c:39:d7:40:97:df:ea:5a:fc:57:31:
a2:92:0c:d3:4c:4b:74:22:9e:47:01:9b:0f:e0:a4:6c:dc:ef:
14:b7:93:0f:99:93:ec:c9:96:dc:51:58:d3:ac:eb:f1:10:48:
ba:96:54:25:32:2a:89:66:cb:ca:13:b4:75:cc:4e:2a:5d:7c:
bb:b9:15:28:c0:32:59:f0:66:e5:fe:d8:14:14:2c:fb:df:6e:
1e:b6:53:c9:f0:77:68:54:b9:21:4b:0c:a4:d6:bc:4d:c2:a3:
de:d0:9f:ef:67:68:3e:c6:d4:da:d5:6c:92:80:cf:2e:8d:04:
59:c8:39:9f:22:4a:04:28:3e:e8:cf:02:73:73:a6:59:d4:e5:
9c:77:55:41:00:5c:c2:23:61:df:44:5c:ad:a8:bc:15:57:2d:
ae:89:99:a7:33:8f:d3:75:02:21:91:f6:38:34:23:68:70:8f:
99:0f:53:27:6d:52:9a:9b:f3:62:cf:20:bc:f5:91:41:78:fc:
92:09:2f:3e:bb:2d:9b:69:39:7f:c4:b1:a8:62:64:27:3f:27:
2d:16:c4:3e:0d:51:c9:f7:4f:40:f0:fd:55:a9:44:36:31:59:
b7:08:6a:3c:28:31:8a:43:c0:b9:05:44:75:48:6d:94:24:c6:
b2:fc:f7:33
-----BEGIN CERTIFICATE-----
MIICqTCCAZGgAwIBAgIRANGuYUWOhOOOW5I/qruBnVkwDQYJKoZIhvcNAQELBQAw
FDESMBAGA1UEAwwJSkZfc2VydmVyMB4XDTIzMDIyMzIwMzAzMVoXDTI1MDUyODIw
MzAzMVowFzEVMBMGA1UEAwwMcmVtb3RlY2xpZW50MHYwEAYHKoZIzj0CAQYFK4EE
ACIDYgAEZemGNQHD1w4WPYmQPMugX9IE97YyhB6g3GodFqBvR6O1fUw5vdBwGDTo
FmfUW0zKzurwdV9VcglL9d2A8dXb5iYJ5DQ7yonzOkCRMRTG/waNjvm6j0ffQEH0
a4T45ehwo4GgMIGdMAkGA1UdEwQCMAAwHQYDVR0OBBYEFCP4v+uOo3ezK2r6Fno5
ssJHMZ92ME8GA1UdIwRIMEaAFIp4kOXwUOeMdeS4wKHo6ZuyGp0yoRikFjAUMRIw
EAYDVQQDDAlKRl9zZXJ2ZXKCFF3t+5M9sqoMi9sV372hkc5c+8sGMBMGA1UdJQQM
MAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAJ6//
4JiO0Ww510CX3+pa/FcxopIM00xLdCKeRwGbD+CkbNzvFLeTD5mT7MmW3FFY06zr
8RBIupZUJTIqiWbLyhO0dcxOKl18u7kVKMAyWfBm5f7YFBQs+99uHrZTyfB3aFS5
IUsMpNa8TcKj3tCf72doPsbU2tVskoDPLo0EWcg5nyJKBCg+6M8Cc3OmWdTlnHdV
QQBcwiNh30Rcrai8FVctromZpzOP03UCIZH2ODQjaHCPmQ9TJ21SmpvzYs8gvPWR
QXj8kgkvPrstm2k5f8SxqGJkJz8nLRbEPg1RyfdPQPD9ValENjFZtwhqPCgxikPA
uQVEdUhtlCTGsvz3Mw==
-----END CERTIFICATE-----

10
OpenVPN/CA Server/easy-rsa/pki/index.txt Normal file
View File

@ -0,0 +1,10 @@
V 250525222755Z 7A066FB2ED7056F494707BB17BDCBE73 unknown /CN=DO_server
V 250525223746Z 227AB3CB8805008CDFAF02BEAF63F959 unknown /CN=jf
V 250528203031Z D1AE61458E84E38E5B923FAABB819D59 unknown /CN=remoteclient
V 250619183511Z 2A951944ADF0A2C8E81A4C541C1899E5 unknown /CN=pascal
V 250619190830Z 35F253A0DF2EA1227A3926855218BBD5 unknown /CN=pascal
V 250619193032Z A67F642294224A39B948259B999DAEA7 unknown /CN=pascal
V 250903181732Z ABBA5527AA06497B13DDF25BAE2708FE unknown /CN=fred
V 251005191130Z 3509162241A87805B57226316EC39402 unknown /CN=edgerouterchambly
V 260808133322Z 785E579993BEF247DACC6C8E0D713DF8 unknown /CN=stationKA2401
V 270423205300Z 44E31288C38E1632F41EBB13CA4D4C8D unknown /CN=Otarcik202501

1
OpenVPN/CA Server/easy-rsa/pki/index.txt.attr Normal file
View File

@ -0,0 +1 @@
unique_subject = no

1
OpenVPN/CA Server/easy-rsa/pki/index.txt.attr.old Normal file
View File

@ -0,0 +1 @@
unique_subject = no

9
OpenVPN/CA Server/easy-rsa/pki/index.txt.old Normal file
View File

@ -0,0 +1,9 @@
V 250525222755Z 7A066FB2ED7056F494707BB17BDCBE73 unknown /CN=DO_server
V 250525223746Z 227AB3CB8805008CDFAF02BEAF63F959 unknown /CN=jf
V 250528203031Z D1AE61458E84E38E5B923FAABB819D59 unknown /CN=remoteclient
V 250619183511Z 2A951944ADF0A2C8E81A4C541C1899E5 unknown /CN=pascal
V 250619190830Z 35F253A0DF2EA1227A3926855218BBD5 unknown /CN=pascal
V 250619193032Z A67F642294224A39B948259B999DAEA7 unknown /CN=pascal
V 250903181732Z ABBA5527AA06497B13DDF25BAE2708FE unknown /CN=fred
V 251005191130Z 3509162241A87805B57226316EC39402 unknown /CN=edgerouterchambly
V 260808133322Z 785E579993BEF247DACC6C8E0D713DF8 unknown /CN=stationKA2401

73
OpenVPN/CA Server/easy-rsa/pki/issued/DO_server.crt Normal file
View File

@ -0,0 +1,73 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7a:06:6f:b2:ed:70:56:f4:94:70:7b:b1:7b:dc:be:73
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=JF_server
Validity
Not Before: Feb 20 22:27:55 2023 GMT
Not After : May 25 22:27:55 2025 GMT
Subject: CN=DO_server
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:2e:0a:88:e2:03:ad:14:3a:ee:00:51:96:3e:f5:
ec:24:cb:d6:5b:8d:d6:5d:0f:df:92:08:97:19:db:
b0:8d:c2:9d:d6:c6:a2:59:2e:94:d4:d9:d0:10:f8:
cd:d9:3c:90:80:e8:61:88:9a:be:ac:f8:ce:d2:44:
7f:21:98:ff:d7:53:48:26:d6:18:6f:8f:0d:61:d3:
36:f6:20:30:18:67:66:61:f7:25:da:ee:76:f5:ab:
16:cb:fd:40:52:95:3c
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
DF:EE:7B:FF:0B:6D:D0:D9:44:84:A9:FA:00:F6:A6:AB:D9:A4:D2:4F
X509v3 Authority Key Identifier:
keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
DirName:/CN=JF_server
serial:5D:ED:FB:93:3D:B2:AA:0C:8B:DB:15:DF:BD:A1:91:CE:5C:FB:CB:06
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
DNS:DO_server
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
2f:00:b3:78:70:fe:01:fc:cb:49:5d:8c:94:0a:fa:ed:91:63:
28:cc:a0:27:09:11:fd:ed:31:50:ef:d4:01:ba:1c:29:77:60:
01:2d:dd:7a:cd:ee:26:a1:1d:35:c9:08:b6:39:73:64:30:f7:
c0:21:8d:d3:36:28:7d:47:e4:92:8a:c4:23:a1:50:97:e3:2e:
5b:6c:a5:ce:87:80:c5:6e:a3:d0:56:79:2e:e8:c1:50:e2:28:
ec:31:14:fc:a4:82:29:9a:78:56:d2:07:7f:f9:7f:78:59:01:
74:ce:0e:49:cc:cb:8b:43:6b:50:d4:79:b2:9b:8d:d7:49:ac:
a4:63:e1:3b:2f:e7:41:89:b8:fe:65:84:f7:f3:bf:77:55:78:
c1:66:ac:27:d5:42:54:3b:a2:c3:ff:5d:1a:f5:db:8b:f0:3b:
23:05:23:c5:79:d7:00:db:60:03:51:60:79:4d:72:81:78:55:
11:55:95:9b:44:a0:21:b9:f4:85:2f:83:ce:03:67:ba:d3:80:
45:7e:cd:c5:0c:51:f4:03:56:30:cf:d7:e6:1f:ec:1f:8c:38:
29:cf:94:39:f7:c2:f6:21:0b:cf:33:3b:ba:05:5f:74:34:20:
da:e3:ec:50:f9:d4:3a:55:7e:cd:91:f2:bf:4e:fd:50:40:f3:
89:10:37:20
-----BEGIN CERTIFICATE-----
MIICuzCCAaOgAwIBAgIQegZvsu1wVvSUcHuxe9y+czANBgkqhkiG9w0BAQsFADAU
MRIwEAYDVQQDDAlKRl9zZXJ2ZXIwHhcNMjMwMjIwMjIyNzU1WhcNMjUwNTI1MjIy
NzU1WjAUMRIwEAYDVQQDDAlET19zZXJ2ZXIwdjAQBgcqhkjOPQIBBgUrgQQAIgNi
AAQuCojiA60UOu4AUZY+9ewky9ZbjdZdD9+SCJcZ27CNwp3WxqJZLpTU2dAQ+M3Z
PJCA6GGImr6s+M7SRH8hmP/XU0gm1hhvjw1h0zb2IDAYZ2Zh9yXa7nb1qxbL/UBS
lTyjgbYwgbMwCQYDVR0TBAIwADAdBgNVHQ4EFgQU3+57/wtt0NlEhKn6APamq9mk
0k8wTwYDVR0jBEgwRoAUiniQ5fBQ54x15LjAoejpm7IanTKhGKQWMBQxEjAQBgNV
BAMMCUpGX3NlcnZlcoIUXe37kz2yqgyL2xXfvaGRzlz7ywYwEwYDVR0lBAwwCgYI
KwYBBQUHAwEwCwYDVR0PBAQDAgWgMBQGA1UdEQQNMAuCCURPX3NlcnZlcjANBgkq
hkiG9w0BAQsFAAOCAQEALwCzeHD+AfzLSV2MlAr67ZFjKMygJwkR/e0xUO/UAboc
KXdgAS3des3uJqEdNckItjlzZDD3wCGN0zYofUfkkorEI6FQl+MuW2ylzoeAxW6j
0FZ5LujBUOIo7DEU/KSCKZp4VtIHf/l/eFkBdM4OSczLi0NrUNR5spuN10mspGPh
Oy/nQYm4/mWE9/O/d1V4wWasJ9VCVDuiw/9dGvXbi/A7IwUjxXnXANtgA1FgeU1y
gXhVEVWVm0SgIbn0hS+DzgNnutOARX7NxQxR9ANWMM/X5h/sH4w4Kc+UOffC9iEL
zzM7ugVfdDQg2uPsUPnUOlV+zZHyv079UEDziRA3IA==
-----END CERTIFICATE-----

71
OpenVPN/CA Server/easy-rsa/pki/issued/Otarcik202501.crt Normal file
View File

@ -0,0 +1,71 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
44:e3:12:88:c3:8e:16:32:f4:1e:bb:13:ca:4d:4c:8d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=JF_server
Validity
Not Before: Jan 18 20:53:00 2025 GMT
Not After : Apr 23 20:53:00 2027 GMT
Subject: CN=Otarcik202501
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:40:90:47:89:d8:ec:72:20:95:c0:fb:8d:b7:10:
fc:52:1d:9b:ad:c1:65:91:e4:45:d5:0f:02:b0:31:
8e:55:b7:fa:31:9a:a6:5a:1f:e0:85:cd:e2:21:9d:
3c:95:7f:ad:80:f2:d1:63:e7:41:7d:e4:87:97:7e:
a4:d1:e7:d2:c9:3d:3b:66:9f:52:fe:11:72:d3:d7:
de:b9:f7:41:d5:7b:32:2b:01:94:4c:71:cb:ff:65:
76:67:3e:ae:1a:4e:4f
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
27:9B:8A:B2:AB:54:28:C6:F2:23:81:99:3D:AB:D5:4C:25:8D:95:0B
X509v3 Authority Key Identifier:
keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
DirName:/CN=JF_server
serial:5D:ED:FB:93:3D:B2:AA:0C:8B:DB:15:DF:BD:A1:91:CE:5C:FB:CB:06
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
5a:57:76:c3:9d:0e:55:d1:61:1d:43:2b:21:7c:ec:59:c0:07:
bf:76:f1:e6:c4:1b:3d:19:82:b0:b2:02:74:4c:d5:f2:7c:ba:
33:f4:24:d8:68:6f:29:fe:85:f9:be:ee:90:42:04:c5:25:15:
78:7e:8f:86:ef:ea:4d:15:d1:a5:dc:29:a4:50:99:74:a4:74:
53:ee:3f:6c:c3:a9:b9:af:e0:a3:e2:33:6a:4a:aa:20:21:92:
bc:e5:57:86:5b:53:c7:68:b8:05:43:c8:10:d7:06:68:58:9f:
c4:2a:51:50:f5:dd:7c:ae:e4:80:59:5a:55:83:e4:88:58:be:
be:8d:68:fe:7a:7a:95:fe:7d:67:f6:03:d5:09:4d:3d:11:24:
6d:03:33:40:5e:65:a2:c6:77:28:a0:60:aa:ea:df:08:31:7f:
d8:1f:94:8a:4e:2c:80:bc:8f:70:40:d3:14:72:a9:cd:9c:1f:
ef:b4:5d:a9:e6:65:49:fb:f7:e2:b3:ea:ce:59:c3:45:7d:05:
ca:16:fc:2b:ff:d9:fc:2d:c9:75:36:d4:60:a3:b7:03:5b:92:
85:0a:3a:e1:50:8a:39:6b:d3:d5:4b:61:58:c6:2d:fe:96:b0:
9d:26:6b:6d:d7:20:af:91:47:27:1f:13:61:34:33:f7:8a:16:
bd:da:ee:44
-----BEGIN CERTIFICATE-----
MIICqTCCAZGgAwIBAgIQROMSiMOOFjL0HrsTyk1MjTANBgkqhkiG9w0BAQsFADAU
MRIwEAYDVQQDDAlKRl9zZXJ2ZXIwHhcNMjUwMTE4MjA1MzAwWhcNMjcwNDIzMjA1
MzAwWjAYMRYwFAYDVQQDDA1PdGFyY2lrMjAyNTAxMHYwEAYHKoZIzj0CAQYFK4EE
ACIDYgAEQJBHidjsciCVwPuNtxD8Uh2brcFlkeRF1Q8CsDGOVbf6MZqmWh/ghc3i
IZ08lX+tgPLRY+dBfeSHl36k0efSyT07Zp9S/hFy09feufdB1XsyKwGUTHHL/2V2
Zz6uGk5Po4GgMIGdMAkGA1UdEwQCMAAwHQYDVR0OBBYEFCebirKrVCjG8iOBmT2r
1UwljZULME8GA1UdIwRIMEaAFIp4kOXwUOeMdeS4wKHo6ZuyGp0yoRikFjAUMRIw
EAYDVQQDDAlKRl9zZXJ2ZXKCFF3t+5M9sqoMi9sV372hkc5c+8sGMBMGA1UdJQQM
MAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAWld2
w50OVdFhHUMrIXzsWcAHv3bx5sQbPRmCsLICdEzV8ny6M/Qk2GhvKf6F+b7ukEIE
xSUVeH6Phu/qTRXRpdwppFCZdKR0U+4/bMOpua/go+IzakqqICGSvOVXhltTx2i4
BUPIENcGaFifxCpRUPXdfK7kgFlaVYPkiFi+vo1o/np6lf59Z/YD1QlNPREkbQMz
QF5losZ3KKBgqurfCDF/2B+Uik4sgLyPcEDTFHKpzZwf77RdqeZlSfv34rPqzlnD
RX0Fyhb8K//Z/C3JdTbUYKO3A1uShQo64VCKOWvT1UthWMYt/pawnSZrbdcgr5FH
Jx8TYTQz94oWvdruRA==
-----END CERTIFICATE-----

4095
OpenVPN/CA Server/easy-rsa/pki/issued/easyrsa Normal file
View File

File diff suppressed because it is too large Load Diff

71
OpenVPN/CA Server/easy-rsa/pki/issued/edgerouterchambly.crt Normal file
View File

@ -0,0 +1,71 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
35:09:16:22:41:a8:78:05:b5:72:26:31:6e:c3:94:02
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=JF_server
Validity
Not Before: Jul 3 19:11:30 2023 GMT
Not After : Oct 5 19:11:30 2025 GMT
Subject: CN=edgerouterchambly
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:0e:fd:1c:60:83:5f:a7:64:79:a0:35:74:df:c0:
63:68:c5:3c:b1:02:95:a9:73:58:a9:a3:74:cc:d8:
5b:d8:7a:ab:aa:d3:1f:41:2d:68:86:bd:2f:e3:6c:
73:b5:e8:01:73:b4:12:f4:71:dd:dd:cb:9b:4e:b0:
f1:d4:04:00:d1:60:cf:fe:ea:3c:a5:f2:ae:ee:aa:
45:a3:21:71:e5:d2:b7:f0:22:30:c4:d4:27:58:79:
96:6c:f0:5c:ba:96:19
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
C1:2A:D4:21:E9:F3:08:CB:87:23:CC:2D:52:A3:DF:8F:BB:CF:BB:5A
X509v3 Authority Key Identifier:
keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
DirName:/CN=JF_server
serial:5D:ED:FB:93:3D:B2:AA:0C:8B:DB:15:DF:BD:A1:91:CE:5C:FB:CB:06
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
2e:c6:3c:76:fd:64:a8:ab:c7:02:86:e8:80:d5:a6:8b:2f:ed:
be:70:cd:96:23:a5:86:1f:19:0c:72:7b:0b:ec:d2:58:ad:39:
1d:ee:63:52:55:a3:f2:47:87:12:56:ad:cd:a1:ed:0d:ed:27:
55:4c:9b:47:cf:e8:d7:a2:70:d7:8a:d2:60:7e:57:b4:02:0d:
96:46:57:9d:f9:05:cf:f1:91:5c:1e:e2:a7:79:e1:5b:fe:46:
7a:1b:ab:bb:c0:0a:a5:70:68:83:88:1a:62:8a:36:4c:98:9c:
85:31:40:6b:ad:a7:11:d3:a3:cb:d9:8a:f3:e8:d4:2c:bd:8a:
66:57:ca:bb:ad:d9:b1:cf:6a:83:88:e3:5e:a4:2e:5b:7e:50:
26:16:5c:34:cd:6c:9b:35:d9:61:ef:63:87:7c:2a:2d:f0:dd:
ce:ab:9d:7e:14:46:98:d9:cb:9a:68:91:fb:a3:59:85:91:d5:
4f:0c:ee:e3:47:df:7c:93:f8:05:ec:0a:d1:84:dc:21:0f:8e:
6d:b5:14:e8:a3:bd:ea:21:1c:d1:5a:95:36:95:98:20:f0:0e:
07:54:56:27:d9:6d:cc:c6:09:f1:98:1c:69:d7:1b:52:0c:54:
38:32:fe:c6:50:07:74:ef:8c:05:03:bf:55:e0:c7:3b:e5:20:
f2:84:3e:9f
-----BEGIN CERTIFICATE-----
MIICrTCCAZWgAwIBAgIQNQkWIkGoeAW1ciYxbsOUAjANBgkqhkiG9w0BAQsFADAU
MRIwEAYDVQQDDAlKRl9zZXJ2ZXIwHhcNMjMwNzAzMTkxMTMwWhcNMjUxMDA1MTkx
MTMwWjAcMRowGAYDVQQDDBFlZGdlcm91dGVyY2hhbWJseTB2MBAGByqGSM49AgEG
BSuBBAAiA2IABA79HGCDX6dkeaA1dN/AY2jFPLEClalzWKmjdMzYW9h6q6rTH0Et
aIa9L+Nsc7XoAXO0EvRx3d3Lm06w8dQEANFgz/7qPKXyru6qRaMhceXSt/AiMMTU
J1h5lmzwXLqWGaOBoDCBnTAJBgNVHRMEAjAAMB0GA1UdDgQWBBTBKtQh6fMIy4cj
zC1So9+Pu8+7WjBPBgNVHSMESDBGgBSKeJDl8FDnjHXkuMCh6OmbshqdMqEYpBYw
FDESMBAGA1UEAwwJSkZfc2VydmVyghRd7fuTPbKqDIvbFd+9oZHOXPvLBjATBgNV
HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEB
AC7GPHb9ZKirxwKG6IDVposv7b5wzZYjpYYfGQxyewvs0litOR3uY1JVo/JHhxJW
rc2h7Q3tJ1VMm0fP6NeicNeK0mB+V7QCDZZGV535Bc/xkVwe4qd54Vv+Rnobq7vA
CqVwaIOIGmKKNkyYnIUxQGutpxHTo8vZivPo1Cy9imZXyrut2bHPaoOI416kLlt+
UCYWXDTNbJs12WHvY4d8Ki3w3c6rnX4URpjZy5pokfujWYWR1U8M7uNH33yT+AXs
CtGE3CEPjm21FOijveohHNFalTaVmCDwDgdUVifZbczGCfGYHGnXG1IMVDgy/sZQ
B3TvjAUDv1XgxzvlIPKEPp8=
-----END CERTIFICATE-----

71
OpenVPN/CA Server/easy-rsa/pki/issued/fred.crt Normal file
View File

@ -0,0 +1,71 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
ab:ba:55:27:aa:06:49:7b:13:dd:f2:5b:ae:27:08:fe
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=JF_server
Validity
Not Before: Jun 1 18:17:32 2023 GMT
Not After : Sep 3 18:17:32 2025 GMT
Subject: CN=fred
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:3e:78:ef:26:d9:87:bb:8b:08:47:fe:15:ad:96:
ae:f4:93:f1:d8:ce:e3:05:d2:96:46:fc:f6:47:c9:
ac:41:f5:01:1b:e3:25:61:f4:ee:6f:8d:13:dd:ab:
1b:d8:02:85:a3:fb:52:3d:02:d8:ad:0b:ed:e3:02:
88:c7:eb:06:52:ca:25:ac:8b:ac:eb:52:4c:43:52:
f9:c0:8c:f4:48:ea:72:a6:26:f7:5f:02:96:97:ad:
10:ac:6d:c8:d3:b1:28
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
3C:F6:00:C3:CF:A4:BB:8D:F1:1B:AB:A1:6F:24:44:2A:73:95:EB:46
X509v3 Authority Key Identifier:
keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
DirName:/CN=JF_server
serial:5D:ED:FB:93:3D:B2:AA:0C:8B:DB:15:DF:BD:A1:91:CE:5C:FB:CB:06
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
10:9c:49:d0:09:dc:52:df:2b:e1:ce:59:ef:f7:a0:96:13:05:
7e:30:ba:4b:6d:17:62:ed:89:39:cb:0e:c5:cc:df:0c:5a:68:
e7:0f:bc:c2:67:e0:b2:72:b6:9f:e7:9f:1f:4c:e5:da:d9:5c:
d8:53:44:ef:47:ea:47:9d:d7:1d:12:ab:75:c3:1f:c4:d8:ae:
65:7e:39:9d:98:f1:02:df:03:77:1e:7b:88:24:5f:7e:51:5c:
f2:9c:b8:1f:84:71:4b:f9:5a:6d:06:63:4d:e9:ab:27:f5:99:
fa:ac:25:7a:e2:a7:ba:94:a7:44:8b:2f:21:73:c1:db:1a:37:
38:d6:46:4a:a5:65:f7:24:35:08:40:9a:8e:d6:22:56:20:c9:
7b:52:b3:8f:ea:53:bf:00:bd:6a:23:bd:07:fe:af:2e:20:ee:
71:69:f8:66:b0:f3:00:5e:8d:2f:2a:37:b9:14:a6:bf:c8:25:
2e:1b:f4:86:58:94:33:2b:85:f9:08:3a:48:9e:49:42:66:5a:
37:10:10:5b:50:2e:f6:06:d0:fe:86:17:0d:9d:f5:dd:cb:ab:
92:39:de:d8:57:9d:0d:7e:14:b7:61:e5:bc:dc:62:00:22:8c:
23:df:90:d4:38:01:18:23:96:c6:7e:e8:c8:5e:c8:fd:a4:b2:
47:87:02:4f
-----BEGIN CERTIFICATE-----
MIICoTCCAYmgAwIBAgIRAKu6VSeqBkl7E93yW64nCP4wDQYJKoZIhvcNAQELBQAw
FDESMBAGA1UEAwwJSkZfc2VydmVyMB4XDTIzMDYwMTE4MTczMloXDTI1MDkwMzE4
MTczMlowDzENMAsGA1UEAwwEZnJlZDB2MBAGByqGSM49AgEGBSuBBAAiA2IABD54
7ybZh7uLCEf+Fa2WrvST8djO4wXSlkb89kfJrEH1ARvjJWH07m+NE92rG9gChaP7
Uj0C2K0L7eMCiMfrBlLKJayLrOtSTENS+cCM9EjqcqYm918ClpetEKxtyNOxKKOB
oDCBnTAJBgNVHRMEAjAAMB0GA1UdDgQWBBQ89gDDz6S7jfEbq6FvJEQqc5XrRjBP
BgNVHSMESDBGgBSKeJDl8FDnjHXkuMCh6OmbshqdMqEYpBYwFDESMBAGA1UEAwwJ
SkZfc2VydmVyghRd7fuTPbKqDIvbFd+9oZHOXPvLBjATBgNVHSUEDDAKBggrBgEF
BQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBABCcSdAJ3FLfK+HO
We/3oJYTBX4wukttF2LtiTnLDsXM3wxaaOcPvMJn4LJytp/nnx9M5drZXNhTRO9H
6ked1x0Sq3XDH8TYrmV+OZ2Y8QLfA3cee4gkX35RXPKcuB+EcUv5Wm0GY03pqyf1
mfqsJXrip7qUp0SLLyFzwdsaNzjWRkqlZfckNQhAmo7WIlYgyXtSs4/qU78AvWoj
vQf+ry4g7nFp+Gaw8wBejS8qN7kUpr/IJS4b9IZYlDMrhfkIOkieSUJmWjcQEFtQ
LvYG0P6GFw2d9d3Lq5I53thXnQ1+FLdh5bzcYgAijCPfkNQ4ARgjlsZ+6MheyP2k
skeHAk8=
-----END CERTIFICATE-----

71
OpenVPN/CA Server/easy-rsa/pki/issued/jf.crt Normal file
View File

@ -0,0 +1,71 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
22:7a:b3:cb:88:05:00:8c:df:af:02:be:af:63:f9:59
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=JF_server
Validity
Not Before: Feb 20 22:37:46 2023 GMT
Not After : May 25 22:37:46 2025 GMT
Subject: CN=jf
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:8d:38:ea:4f:29:bd:83:a9:33:a3:1c:33:8a:60:
8f:fa:19:81:00:73:44:81:98:1e:76:05:ee:f6:46:
d5:25:a8:c5:3b:bd:d6:fa:cf:c6:79:e0:b4:42:27:
80:e2:96:2d:30:50:c2:f6:9c:2c:13:f8:b9:46:b3:
0d:96:6c:9b:d2:45:15:a3:f0:4c:bc:6b:51:45:f8:
cb:59:04:b1:d0:47:b9:90:06:71:c7:eb:34:32:e2:
72:14:84:94:58:e3:34
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
C5:CE:72:8F:A3:8E:13:57:DD:0E:02:A1:24:F1:56:C3:AE:2F:65:8F
X509v3 Authority Key Identifier:
keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
DirName:/CN=JF_server
serial:5D:ED:FB:93:3D:B2:AA:0C:8B:DB:15:DF:BD:A1:91:CE:5C:FB:CB:06
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
3b:e8:1a:3e:ac:17:17:49:7c:4d:73:55:39:e9:1b:e4:d6:7f:
6d:6d:43:6c:e2:79:41:f4:26:a4:2d:18:59:24:a0:b1:e0:db:
03:07:f9:fb:24:f6:be:ed:8c:31:3e:c7:bb:74:b6:87:ba:43:
fc:d6:fb:2f:9f:1c:eb:d1:27:ad:60:eb:ab:87:c7:46:fe:22:
75:c1:bb:fb:23:ad:ba:1d:ab:41:45:29:d6:c4:89:99:94:40:
06:c7:3a:08:fe:d3:b5:f4:e7:52:57:aa:d1:a8:ec:74:e6:c9:
ec:9e:80:e0:ba:92:92:95:55:2e:d7:b2:d8:09:ee:72:fd:12:
ac:0a:0d:dc:ba:ac:4e:34:8c:37:19:76:60:7c:bd:ba:99:b7:
e5:47:c3:4b:67:2f:a9:5c:89:95:70:2d:2c:97:45:04:64:15:
47:04:d1:48:7d:d8:40:63:6c:05:8b:dc:ed:0f:a3:ae:3a:e8:
6f:49:34:54:de:99:4b:aa:28:6d:c9:3d:db:43:60:14:40:d5:
09:87:a8:b2:88:11:4c:8c:00:71:b1:38:25:91:5f:2f:93:7b:
42:64:38:db:d2:59:48:e8:ed:2e:92:69:4e:d4:2a:3b:e3:03:
94:2c:fc:ac:bc:ff:a9:b4:1e:ca:d3:d2:b5:fd:bf:33:bd:55:
12:75:db:f1
-----BEGIN CERTIFICATE-----
MIICnjCCAYagAwIBAgIQInqzy4gFAIzfrwK+r2P5WTANBgkqhkiG9w0BAQsFADAU
MRIwEAYDVQQDDAlKRl9zZXJ2ZXIwHhcNMjMwMjIwMjIzNzQ2WhcNMjUwNTI1MjIz
NzQ2WjANMQswCQYDVQQDDAJqZjB2MBAGByqGSM49AgEGBSuBBAAiA2IABI046k8p
vYOpM6McM4pgj/oZgQBzRIGYHnYF7vZG1SWoxTu91vrPxnngtEIngOKWLTBQwvac
LBP4uUazDZZsm9JFFaPwTLxrUUX4y1kEsdBHuZAGccfrNDLichSElFjjNKOBoDCB
nTAJBgNVHRMEAjAAMB0GA1UdDgQWBBTFznKPo44TV90OAqEk8VbDri9ljzBPBgNV
HSMESDBGgBSKeJDl8FDnjHXkuMCh6OmbshqdMqEYpBYwFDESMBAGA1UEAwwJSkZf
c2VydmVyghRd7fuTPbKqDIvbFd+9oZHOXPvLBjATBgNVHSUEDDAKBggrBgEFBQcD
AjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBADvoGj6sFxdJfE1zVTnp
G+TWf21tQ2zieUH0JqQtGFkkoLHg2wMH+fsk9r7tjDE+x7t0toe6Q/zW+y+fHOvR
J61g66uHx0b+InXBu/sjrbodq0FFKdbEiZmUQAbHOgj+07X051JXqtGo7HTmyeye
gOC6kpKVVS7XstgJ7nL9EqwKDdy6rE40jDcZdmB8vbqZt+VHw0tnL6lciZVwLSyX
RQRkFUcE0Uh92EBjbAWL3O0Po6466G9JNFTemUuqKG3JPdtDYBRA1QmHqLKIEUyM
AHGxOCWRXy+Te0JkONvSWUjo7S6SaU7UKjvjA5Qs/Ky8/6m0HsrT0rX9vzO9VRJ1
2/E=
-----END CERTIFICATE-----

71
OpenVPN/CA Server/easy-rsa/pki/issued/pascal.crt Normal file
View File

@ -0,0 +1,71 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
a6:7f:64:22:94:22:4a:39:b9:48:25:9b:99:9d:ae:a7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=JF_server
Validity
Not Before: Mar 17 19:30:32 2023 GMT
Not After : Jun 19 19:30:32 2025 GMT
Subject: CN=pascal
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:6e:d7:fc:29:a8:23:70:28:49:70:82:f4:1a:4f:
fc:e8:5a:d3:10:84:ef:0a:59:d9:3e:31:2e:5f:91:
8b:97:7e:32:c5:e4:9a:b1:df:8b:66:82:f7:a5:5a:
6d:90:ba:4d:4b:75:4e:1b:09:37:3b:23:5b:df:b8:
08:89:c7:a0:d6:3b:fa:3e:f8:b1:08:18:a6:ee:25:
02:25:b2:c5:43:ee:f5:03:82:9e:39:a0:82:d0:23:
49:eb:fe:be:3e:8f:7a
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
8E:E1:F2:13:12:D0:E0:C4:29:EA:29:E4:3D:94:2B:EC:0D:04:8F:BC
X509v3 Authority Key Identifier:
keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
DirName:/CN=JF_server
serial:5D:ED:FB:93:3D:B2:AA:0C:8B:DB:15:DF:BD:A1:91:CE:5C:FB:CB:06
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
7d:0b:3f:f6:58:09:f2:8a:8d:0e:1e:50:c9:e8:31:f0:8f:0a:
f5:65:66:55:d3:dd:2c:5d:42:d4:0f:a5:02:ed:6a:77:e1:1d:
39:c5:46:1c:a5:38:17:89:13:f1:cd:eb:ff:b8:a5:3d:e9:85:
6f:d2:96:9b:f4:a1:09:6c:1b:84:40:70:19:2b:e1:ac:91:c2:
df:bf:09:a4:4f:c4:31:44:fe:2b:a5:60:38:97:a8:b3:01:aa:
39:43:74:90:b5:c6:fc:85:63:26:9f:7f:54:ba:de:4a:b1:ae:
6d:85:00:35:4d:15:9f:9d:10:f4:bf:bb:67:45:7e:c6:ab:ee:
7e:ad:92:4a:b4:e8:76:65:be:94:40:5a:67:83:ab:6c:d9:f9:
7d:40:bd:70:87:1f:14:4d:eb:56:50:a5:c3:7e:4a:b3:42:b5:
95:fe:f8:7f:9b:c6:c0:81:04:62:fd:94:ef:da:dd:17:01:a0:
93:14:80:31:5a:a2:fa:c7:8c:2d:7c:df:8b:40:d5:5c:ce:5f:
a8:9f:9f:48:4f:49:49:dc:cc:37:7e:f7:55:84:74:8a:cd:68:
15:60:8b:e8:4a:75:3e:83:cb:33:be:45:e1:a1:76:52:1a:b9:
09:34:38:af:6e:af:98:e3:6d:ed:c2:24:97:de:08:83:6b:d5:
45:9e:91:3a
-----BEGIN CERTIFICATE-----
MIICozCCAYugAwIBAgIRAKZ/ZCKUIko5uUglm5mdrqcwDQYJKoZIhvcNAQELBQAw
FDESMBAGA1UEAwwJSkZfc2VydmVyMB4XDTIzMDMxNzE5MzAzMloXDTI1MDYxOTE5
MzAzMlowETEPMA0GA1UEAwwGcGFzY2FsMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE
btf8KagjcChJcIL0Gk/86FrTEITvClnZPjEuX5GLl34yxeSasd+LZoL3pVptkLpN
S3VOGwk3OyNb37gIiceg1jv6PvixCBim7iUCJbLFQ+71A4KeOaCC0CNJ6/6+Po96
o4GgMIGdMAkGA1UdEwQCMAAwHQYDVR0OBBYEFI7h8hMS0ODEKeop5D2UK+wNBI+8
ME8GA1UdIwRIMEaAFIp4kOXwUOeMdeS4wKHo6ZuyGp0yoRikFjAUMRIwEAYDVQQD
DAlKRl9zZXJ2ZXKCFF3t+5M9sqoMi9sV372hkc5c+8sGMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAfQs/9lgJ8oqN
Dh5Qyegx8I8K9WVmVdPdLF1C1A+lAu1qd+EdOcVGHKU4F4kT8c3r/7ilPemFb9KW
m/ShCWwbhEBwGSvhrJHC378JpE/EMUT+K6VgOJeoswGqOUN0kLXG/IVjJp9/VLre
SrGubYUANU0Vn50Q9L+7Z0V+xqvufq2SSrTodmW+lEBaZ4OrbNn5fUC9cIcfFE3r
VlClw35Ks0K1lf74f5vGwIEEYv2U79rdFwGgkxSAMVqi+seMLXzfi0DVXM5fqJ+f
SE9JSdzMN373VYR0is1oFWCL6Ep1PoPLM75F4aF2Uhq5CTQ4r26vmONt7cIkl94I
g2vVRZ6ROg==
-----END CERTIFICATE-----

71
OpenVPN/CA Server/easy-rsa/pki/issued/remoteclient.crt Normal file
View File

@ -0,0 +1,71 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
d1:ae:61:45:8e:84:e3:8e:5b:92:3f:aa:bb:81:9d:59
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=JF_server
Validity
Not Before: Feb 23 20:30:31 2023 GMT
Not After : May 28 20:30:31 2025 GMT
Subject: CN=remoteclient
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:65:e9:86:35:01:c3:d7:0e:16:3d:89:90:3c:cb:
a0:5f:d2:04:f7:b6:32:84:1e:a0:dc:6a:1d:16:a0:
6f:47:a3:b5:7d:4c:39:bd:d0:70:18:34:e8:16:67:
d4:5b:4c:ca:ce:ea:f0:75:5f:55:72:09:4b:f5:dd:
80:f1:d5:db:e6:26:09:e4:34:3b:ca:89:f3:3a:40:
91:31:14:c6:ff:06:8d:8e:f9:ba:8f:47:df:40:41:
f4:6b:84:f8:e5:e8:70
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
23:F8:BF:EB:8E:A3:77:B3:2B:6A:FA:16:7A:39:B2:C2:47:31:9F:76
X509v3 Authority Key Identifier:
keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
DirName:/CN=JF_server
serial:5D:ED:FB:93:3D:B2:AA:0C:8B:DB:15:DF:BD:A1:91:CE:5C:FB:CB:06
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
27:af:ff:e0:98:8e:d1:6c:39:d7:40:97:df:ea:5a:fc:57:31:
a2:92:0c:d3:4c:4b:74:22:9e:47:01:9b:0f:e0:a4:6c:dc:ef:
14:b7:93:0f:99:93:ec:c9:96:dc:51:58:d3:ac:eb:f1:10:48:
ba:96:54:25:32:2a:89:66:cb:ca:13:b4:75:cc:4e:2a:5d:7c:
bb:b9:15:28:c0:32:59:f0:66:e5:fe:d8:14:14:2c:fb:df:6e:
1e:b6:53:c9:f0:77:68:54:b9:21:4b:0c:a4:d6:bc:4d:c2:a3:
de:d0:9f:ef:67:68:3e:c6:d4:da:d5:6c:92:80:cf:2e:8d:04:
59:c8:39:9f:22:4a:04:28:3e:e8:cf:02:73:73:a6:59:d4:e5:
9c:77:55:41:00:5c:c2:23:61:df:44:5c:ad:a8:bc:15:57:2d:
ae:89:99:a7:33:8f:d3:75:02:21:91:f6:38:34:23:68:70:8f:
99:0f:53:27:6d:52:9a:9b:f3:62:cf:20:bc:f5:91:41:78:fc:
92:09:2f:3e:bb:2d:9b:69:39:7f:c4:b1:a8:62:64:27:3f:27:
2d:16:c4:3e:0d:51:c9:f7:4f:40:f0:fd:55:a9:44:36:31:59:
b7:08:6a:3c:28:31:8a:43:c0:b9:05:44:75:48:6d:94:24:c6:
b2:fc:f7:33
-----BEGIN CERTIFICATE-----
MIICqTCCAZGgAwIBAgIRANGuYUWOhOOOW5I/qruBnVkwDQYJKoZIhvcNAQELBQAw
FDESMBAGA1UEAwwJSkZfc2VydmVyMB4XDTIzMDIyMzIwMzAzMVoXDTI1MDUyODIw
MzAzMVowFzEVMBMGA1UEAwwMcmVtb3RlY2xpZW50MHYwEAYHKoZIzj0CAQYFK4EE
ACIDYgAEZemGNQHD1w4WPYmQPMugX9IE97YyhB6g3GodFqBvR6O1fUw5vdBwGDTo
FmfUW0zKzurwdV9VcglL9d2A8dXb5iYJ5DQ7yonzOkCRMRTG/waNjvm6j0ffQEH0
a4T45ehwo4GgMIGdMAkGA1UdEwQCMAAwHQYDVR0OBBYEFCP4v+uOo3ezK2r6Fno5
ssJHMZ92ME8GA1UdIwRIMEaAFIp4kOXwUOeMdeS4wKHo6ZuyGp0yoRikFjAUMRIw
EAYDVQQDDAlKRl9zZXJ2ZXKCFF3t+5M9sqoMi9sV372hkc5c+8sGMBMGA1UdJQQM
MAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAJ6//
4JiO0Ww510CX3+pa/FcxopIM00xLdCKeRwGbD+CkbNzvFLeTD5mT7MmW3FFY06zr
8RBIupZUJTIqiWbLyhO0dcxOKl18u7kVKMAyWfBm5f7YFBQs+99uHrZTyfB3aFS5
IUsMpNa8TcKj3tCf72doPsbU2tVskoDPLo0EWcg5nyJKBCg+6M8Cc3OmWdTlnHdV
QQBcwiNh30Rcrai8FVctromZpzOP03UCIZH2ODQjaHCPmQ9TJ21SmpvzYs8gvPWR
QXj8kgkvPrstm2k5f8SxqGJkJz8nLRbEPg1RyfdPQPD9ValENjFZtwhqPCgxikPA
uQVEdUhtlCTGsvz3Mw==
-----END CERTIFICATE-----

71
OpenVPN/CA Server/easy-rsa/pki/issued/stationKA2401.crt Normal file
View File

@ -0,0 +1,71 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
78:5e:57:99:93:be:f2:47:da:cc:6c:8e:0d:71:3d:f8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=JF_server
Validity
Not Before: May 5 13:33:22 2024 GMT
Not After : Aug 8 13:33:22 2026 GMT
Subject: CN=stationKA2401
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:8f:4f:26:6b:af:cb:49:0b:74:3e:65:aa:0e:9a:
9a:57:99:b1:f6:bf:dc:74:ae:d6:72:ed:d3:a8:04:
2f:a8:a0:43:63:f6:c8:e2:cd:dc:d8:fd:bf:69:93:
09:d7:bd:11:ab:d9:c5:ae:20:bc:00:ac:d7:ad:ea:
fb:c0:1e:44:6f:ba:20:63:9d:32:f7:38:8f:c0:d7:
bf:b4:23:15:16:4d:84:59:13:d5:4b:de:9e:7b:46:
d3:ce:ba:5d:d9:53:c4
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
68:18:F5:54:75:30:27:4D:B5:96:D3:34:8E:1C:3B:58:1E:BC:1B:78
X509v3 Authority Key Identifier:
keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
DirName:/CN=JF_server
serial:5D:ED:FB:93:3D:B2:AA:0C:8B:DB:15:DF:BD:A1:91:CE:5C:FB:CB:06
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
67:97:34:79:07:29:c3:cd:a6:7c:86:82:aa:94:0b:ca:69:ef:
79:5e:a6:35:97:c3:31:07:9f:cd:aa:89:95:e3:b1:26:4b:e9:
88:50:1f:3e:10:eb:d2:82:c5:6e:56:18:1e:ff:72:60:c1:de:
11:af:b8:e6:b6:bb:de:7d:52:f5:ba:1b:9b:4e:49:b2:05:25:
0a:e9:8a:f8:85:f7:0e:c8:db:fd:c4:b9:e9:a9:6f:85:0a:cb:
63:a3:d0:a7:77:e0:7f:ff:34:29:90:80:66:a7:8d:80:6a:bf:
23:74:80:77:ad:53:2d:5e:f6:02:d1:05:3f:9f:fa:17:11:8f:
7f:b4:a5:44:74:2b:57:1e:4b:7e:29:c8:95:48:a6:3a:fc:ae:
82:c2:7b:b2:26:4f:92:d5:af:73:71:30:8e:b6:b9:6a:f2:b0:
00:df:44:a2:3f:cd:4a:45:7e:ed:43:4b:d4:0e:07:25:94:37:
e0:5d:8d:0b:1b:fb:76:07:d0:41:da:c9:f3:19:fa:28:8b:46:
df:5a:19:82:ee:1e:e0:1a:be:39:c1:a9:65:b1:02:92:32:96:
2c:7e:3f:4e:ce:9e:b0:66:57:b4:74:2c:98:de:13:da:b2:27:
e5:7a:5b:30:df:3e:46:1b:6c:92:53:6f:c6:0e:88:6f:0d:ae:
89:ca:ea:ea
-----BEGIN CERTIFICATE-----
MIICqTCCAZGgAwIBAgIQeF5XmZO+8kfazGyODXE9+DANBgkqhkiG9w0BAQsFADAU
MRIwEAYDVQQDDAlKRl9zZXJ2ZXIwHhcNMjQwNTA1MTMzMzIyWhcNMjYwODA4MTMz
MzIyWjAYMRYwFAYDVQQDDA1zdGF0aW9uS0EyNDAxMHYwEAYHKoZIzj0CAQYFK4EE
ACIDYgAEj08ma6/LSQt0PmWqDpqaV5mx9r/cdK7Wcu3TqAQvqKBDY/bI4s3c2P2/
aZMJ170Rq9nFriC8AKzXrer7wB5Eb7ogY50y9ziPwNe/tCMVFk2EWRPVS96ee0bT
zrpd2VPEo4GgMIGdMAkGA1UdEwQCMAAwHQYDVR0OBBYEFGgY9VR1MCdNtZbTNI4c
O1gevBt4ME8GA1UdIwRIMEaAFIp4kOXwUOeMdeS4wKHo6ZuyGp0yoRikFjAUMRIw
EAYDVQQDDAlKRl9zZXJ2ZXKCFF3t+5M9sqoMi9sV372hkc5c+8sGMBMGA1UdJQQM
MAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAZ5c0
eQcpw82mfIaCqpQLymnveV6mNZfDMQefzaqJleOxJkvpiFAfPhDr0oLFblYYHv9y
YMHeEa+45ra73n1S9bobm05JsgUlCumK+IX3Dsjb/cS56alvhQrLY6PQp3fgf/80
KZCAZqeNgGq/I3SAd61TLV72AtEFP5/6FxGPf7SlRHQrVx5LfinIlUimOvyugsJ7
siZPktWvc3Ewjra5avKwAN9Eoj/NSkV+7UNL1A4HJZQ34F2NCxv7dgfQQdrJ8xn6
KItG31oZgu4e4Bq+OcGpZbECkjKWLH4/Ts6esGZXtHQsmN4T2rIn5XpbMN8+Rhts
klNvxg6Ibw2uicrq6g==
-----END CERTIFICATE-----

138
OpenVPN/CA Server/easy-rsa/pki/openssl-easyrsa.cnf Normal file
View File

@ -0,0 +1,138 @@
# For use with Easy-RSA 3.0+ and OpenSSL or LibreSSL
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::EASYRSA_PKI # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir/certs_by_serial # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = basic_exts # The extensions to add to the cert
# This allows a V2 CRL. Ancient browsers don't like it, but anything Easy-RSA
# is designed for will. In return, we get the Issuer attached to CRLs.
crl_extensions = crl_ext
default_days = $ENV::EASYRSA_CERT_EXPIRE # how long to certify for
default_crl_days= $ENV::EASYRSA_CRL_DAYS # how long before next CRL
default_md = $ENV::EASYRSA_DIGEST # use public key default MD
preserve = no # keep passed DN ordering
# This allows to renew certificates which have not been revoked
unique_subject = no
# A few different ways of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the 'anything' policy, which defines allowed DN fields
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
# Easy-RSA request handling
# We key off $DN_MODE to determine how to format the DN
[ req ]
default_bits = $ENV::EASYRSA_KEY_SIZE
default_keyfile = privkey.pem
default_md = $ENV::EASYRSA_DIGEST
distinguished_name = $ENV::EASYRSA_DN
x509_extensions = easyrsa_ca # The extensions to add to the self signed cert
# A placeholder to handle the $EXTRA_EXTS feature:
#%EXTRA_EXTS% # Do NOT remove or change this line as $EXTRA_EXTS support requires it
####################################################################
# Easy-RSA DN (Subject) handling
# Easy-RSA DN for cn_only support:
[ cn_only ]
commonName = Common Name (eg: your user, host, or server name)
commonName_max = 64
commonName_default = $ENV::EASYRSA_REQ_CN
# Easy-RSA DN for org support:
[ org ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::EASYRSA_REQ_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::EASYRSA_REQ_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::EASYRSA_REQ_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::EASYRSA_REQ_ORG
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = $ENV::EASYRSA_REQ_OU
commonName = Common Name (eg: your user, host, or server name)
commonName_max = 64
commonName_default = $ENV::EASYRSA_REQ_CN
emailAddress = Email Address
emailAddress_default = $ENV::EASYRSA_REQ_EMAIL
emailAddress_max = 64
####################################################################
# Easy-RSA cert extension handling
# This section is effectively unused as the main script sets extensions
# dynamically. This core section is left to support the odd usecase where
# a user calls openssl directly.
[ basic_exts ]
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always
# The Easy-RSA CA extensions
[ easyrsa_ca ]
# PKIX recommendations:
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This could be marked critical, but it's nice to support reading by any
# broken clients who attempt to do so.
basicConstraints = CA:true
# Limit key usage to CA tasks. If you really want to use the generated pair as
# a self-signed cert, comment this out.
keyUsage = cRLSign, keyCertSign
# nsCertType omitted by default. Let's try to let the deprecated stuff die.
# nsCertType = sslCA
# CRL extensions.
[ crl_ext ]
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always

30
OpenVPN/CA Server/easy-rsa/pki/private/ca.key Normal file
View File

@ -0,0 +1,30 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIw1tnGvuox6gCAggA
MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBBdDd6JgGX1841NPsv9frZUBIIE
0HitEQ592ib/cprXIIKYNhpwikw5qFuaJh2ZyVLM6AUiBGLguWvebis/fhvXClDz
KjZsljyEoC8IIwBvTsavDvNdhUe2DLmA7D8u6bhTUY73dLbOudEsf8ddZu99pYRL
MD1sOawfvacCzazDhqjiZBnRDv+2G19bCX9dtb2yK+44ybMFD57k4uYBBkrxyzWR
5rJJVlSi2WQ0OLEg9pFZ66cp8wZPn9+vChsXP4MnTP+8Gvx4o1gdFmRENvgUL+rR
edf8gUKsbmOqTTv4upiydaT0D6knjdS/QfacGe+d61RS9PtidEMFVfqnSDO2VIkO
7DvyYP8RYiJv7QO9RZ7/yi/DGK0Ha25azAQuntSHH2f+zGb99PRxypOZY9iiKqs4
u0oAUaZETWZ7DPlc0sEIT8TwPEeAuNremllIt5w+9PdqBjA1CMTdA2b8Gn+FUuIh
wKeSgW++WnCWGYQfkE9rKDYdDCjNhnvDM2t379OKC+Kv0aEUnLdaf7Spvd43VrQm
hmz2cXMr4UkMmxk9vZ94mIo+ArVO4gzVam+IOlwr1QOLd1rijFkx4kLOSI9RiMAL
202lML0mT0tPyc1LxeVdjvvU+R4CaUG37VvkyLvV4FkS4A3UnQqV6JYsjby1vAB5
npJSPDQ7w9fklskkqK9UM2W5r4r9+sC7bSOq/iXbJpe+dzh29voKj3TbYVDqX3DE
c1SGI3K6rmD6WVWNgP+QMv2gqw90tQKVEikzRyC0A/oWgKtR8gt3AiKCsmDbbVru
sWh4QZJ1ebGQ3IFQG1HzCPu4m0My8zhqM1H+UnLay2s/GSS0o2S6iiH+Fp9t7zWv
+Jl3l5+9A0wkUbuabLyxEkyNEljwbLg7UTSLrPfU4rEKOjItiaa4Hbl89RLWhAr0
I1rWbEEv+ODDkX2jGjsFK2EvTsIcN2meUekmFe0VhRq8UH/jCQG2ACrft7/UtrC1
s9astkSNhftBH6huXzslPLay/AIb9wZAmuGUwfBHZmwB+D7invh7Uc7L0GlwQkAl
az5L0V97u3Fr9qvuq0ImOnvzxo7TGx6+EBtoXU1aXxcGYX0jfpSyUJ//50zXhhp5
uERwoy+VPmJjBbVsfyCTiSKWEM3eA0pTM2Z2gQ+65J7NEvqgvCNTVl4bomBnudQI
7y6qX4EEJQDQDy7BrX9FzdxCzvT3VUXAFtDZb5dQTiiwoUi4aAnB4oSrF/fdSUuS
UXWkQDOyvrbuitleHV0lf0qC4sdzo96KJvzd7884nNfHClQdYHkO4qridNCb1hax
5hntKqMwzYun4Ts3ZhlBOoKvQ4QCH4yNtc4K6CBm/ivjY51Cf8LBx1yHa1p3H9ix
pVrqHiAIBjTrQf8AZKs0JS3EZo4cbulXFkyGDZaSGlC2BL5Pvs3ICXxhTmzUNYa4
y4FZ3COTrRXk7lkS7Edh/eh17Xu4xvHH7Zf1vHqaBzRFL9BMcdNqXlPev3OESSCe
1XE2xba0GH9NKWlXwgu0zLPvrjygnQ3Z3E6irQvrZ0VIAeW9wW4dpbwKST+sxXMX
Kgel1WvSa7iPozLH75ia9YMw5jXi8NBip9nSRqHQqMVBoaHNlXhaUxXLmF2sk2kp
Tk4jKqLKc39QtjsetqfzUTVmIcLqXteC+BjjOIBCOtJD
-----END ENCRYPTED PRIVATE KEY-----

8
OpenVPN/CA Server/easy-rsa/pki/reqs/DO_server.req Normal file
View File

@ -0,0 +1,8 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIBDDCBkwIBADAUMRIwEAYDVQQDDAlET19zZXJ2ZXIwdjAQBgcqhkjOPQIBBgUr
gQQAIgNiAAQuCojiA60UOu4AUZY+9ewky9ZbjdZdD9+SCJcZ27CNwp3WxqJZLpTU
2dAQ+M3ZPJCA6GGImr6s+M7SRH8hmP/XU0gm1hhvjw1h0zb2IDAYZ2Zh9yXa7nb1
qxbL/UBSlTygADAKBggqhkjOPQQDBANoADBlAjBre9V6PcQqQZs3zymemhYWPiJp
CCXGC4I8MOnjVlSdeCgl2SKvxRx+87Ywvr1o8hQCMQCPuQ+ntCc1yCGOJ9JlDCE0
rxa71Os35Ma78TK+vuW/bv1zrTSoHxgJpCrnJS0V21o=
-----END CERTIFICATE REQUEST-----

8
OpenVPN/CA Server/easy-rsa/pki/reqs/Otarcik202501.req Normal file
View File

@ -0,0 +1,8 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIBEDCBlwIBADAYMRYwFAYDVQQDDA1PdGFyY2lrMjAyNTAxMHYwEAYHKoZIzj0C
AQYFK4EEACIDYgAEQJBHidjsciCVwPuNtxD8Uh2brcFlkeRF1Q8CsDGOVbf6MZqm
Wh/ghc3iIZ08lX+tgPLRY+dBfeSHl36k0efSyT07Zp9S/hFy09feufdB1XsyKwGU
THHL/2V2Zz6uGk5PoAAwCgYIKoZIzj0EAwQDaAAwZQIwRKy3o/Z419Oh8JHDBhEM
x4EAhdueoKp+PK5nKQ1FdI+TbwYSGEgoCpc5bjQB0TkVAjEAnV9R90TWM+kSr+R3
XUkUyfdkukpHyRMmH7HINp/hDf2idPQHdpm+y4CgtNpmTShp
-----END CERTIFICATE REQUEST-----

8
OpenVPN/CA Server/easy-rsa/pki/reqs/edgerouterchambly.req Normal file
View File

@ -0,0 +1,8 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIBFDCBmwIBADAcMRowGAYDVQQDDBFlZGdlcm91dGVyY2hhbWJseTB2MBAGByqG
SM49AgEGBSuBBAAiA2IABA79HGCDX6dkeaA1dN/AY2jFPLEClalzWKmjdMzYW9h6
q6rTH0EtaIa9L+Nsc7XoAXO0EvRx3d3Lm06w8dQEANFgz/7qPKXyru6qRaMhceXS
t/AiMMTUJ1h5lmzwXLqWGaAAMAoGCCqGSM49BAMEA2gAMGUCMCvrCc8hUdJ+NdGi
64TnDwHJ9Kl1HDBmW3fxYJzjXzBAY8ZhgLuw2Bn4GqIUYtdhqgIxAM5GStvPR0iy
Qp7iXmjAhg15YQL2hm/qckmm3S7SwMGMKqZkQvBk/XafYZe8VajM0Q==
-----END CERTIFICATE REQUEST-----

8
OpenVPN/CA Server/easy-rsa/pki/reqs/fred.req Normal file
View File

@ -0,0 +1,8 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIBCDCBjgIBADAPMQ0wCwYDVQQDDARmcmVkMHYwEAYHKoZIzj0CAQYFK4EEACID
YgAEPnjvJtmHu4sIR/4VrZau9JPx2M7jBdKWRvz2R8msQfUBG+MlYfTub40T3asb
2AKFo/tSPQLYrQvt4wKIx+sGUsolrIus61JMQ1L5wIz0SOpypib3XwKWl60QrG3I
07EooAAwCgYIKoZIzj0EAwQDaQAwZgIxAJmONNtX7d0nhO1ExxBRWzyjsripBfo2
pzMXN/wL70YmZ/JiVDB9FcZGKCGkqxGPUAIxAJQ766zGfSReyVeBWWkzZJQvhU7o
RNP2pIhWmCneLhb0hkiIxkgNm/ZQmHD1WCuT3w==
-----END CERTIFICATE REQUEST-----

8
OpenVPN/CA Server/easy-rsa/pki/reqs/jf.req Normal file
View File

@ -0,0 +1,8 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIBBjCBjAIBADANMQswCQYDVQQDDAJqZjB2MBAGByqGSM49AgEGBSuBBAAiA2IA
BI046k8pvYOpM6McM4pgj/oZgQBzRIGYHnYF7vZG1SWoxTu91vrPxnngtEIngOKW
LTBQwvacLBP4uUazDZZsm9JFFaPwTLxrUUX4y1kEsdBHuZAGccfrNDLichSElFjj
NKAAMAoGCCqGSM49BAMEA2kAMGYCMQCavWzeG/WWhQ6wkIJC72oie/5xCwYGrlSP
b4ijDgJlmyQfy920wbDcTLWFJ26lpeYCMQC2FDVLQ+AjZnsWvVkPWl2j10VfRQxF
lPJnbb+ajusWy7qLdOFeLWVKeQCYL2s1aMc=
-----END CERTIFICATE REQUEST-----

8
OpenVPN/CA Server/easy-rsa/pki/reqs/pascal.req Normal file
View File

@ -0,0 +1,8 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIBCTCBkAIBADARMQ8wDQYDVQQDDAZwYXNjYWwwdjAQBgcqhkjOPQIBBgUrgQQA
IgNiAARu1/wpqCNwKElwgvQaT/zoWtMQhO8KWdk+MS5fkYuXfjLF5Jqx34tmgvel
Wm2Quk1LdU4bCTc7I1vfuAiJx6DWO/o++LEIGKbuJQIlssVD7vUDgp45oILQI0nr
/r4+j3qgADAKBggqhkjOPQQDBANoADBlAjEA4IhMIxWjsYamRn2jr0X0Z2ilUyC6
IaPo9mE7gLQNxvvNlksKBlrIcOMoqp4RX58mAjAqGNEb63KjrKwaCVzbjiF4h4dg
c3PYjObVjwTwWQKSNHReGrqhgjCcrcAbK5pdofs=
-----END CERTIFICATE REQUEST-----

8
OpenVPN/CA Server/easy-rsa/pki/reqs/remoteclient.req Normal file
View File

@ -0,0 +1,8 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIBEDCBlgIBADAXMRUwEwYDVQQDDAxyZW1vdGVjbGllbnQwdjAQBgcqhkjOPQIB
BgUrgQQAIgNiAARl6YY1AcPXDhY9iZA8y6Bf0gT3tjKEHqDcah0WoG9Ho7V9TDm9
0HAYNOgWZ9RbTMrO6vB1X1VyCUv13YDx1dvmJgnkNDvKifM6QJExFMb/Bo2O+bqP
R99AQfRrhPjl6HCgADAKBggqhkjOPQQDBANpADBmAjEAorG1junRTCsKjo5zCAi/
VCT/LtoDyb3xpxDaTFX33WCB77AFc5m4PZ8w43sldxHQAjEAutGviIFXdGI/HM0g
Q7lGg4ch2v0y6SbZA7Fphp5FX1w/8uR7lvMBOSCE3KbnS5on
-----END CERTIFICATE REQUEST-----

8
OpenVPN/CA Server/easy-rsa/pki/reqs/stationKA2401.req Normal file
View File

@ -0,0 +1,8 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIBDzCBlwIBADAYMRYwFAYDVQQDDA1zdGF0aW9uS0EyNDAxMHYwEAYHKoZIzj0C
AQYFK4EEACIDYgAEj08ma6/LSQt0PmWqDpqaV5mx9r/cdK7Wcu3TqAQvqKBDY/bI
4s3c2P2/aZMJ170Rq9nFriC8AKzXrer7wB5Eb7ogY50y9ziPwNe/tCMVFk2EWRPV
S96ee0bTzrpd2VPEoAAwCgYIKoZIzj0EAwQDZwAwZAIwMhPuY2cvcd/nxcmEJjqV
5H+FLyOW+xTOFIF2EIptJqMw2fUt8xFg1A6S/m7FNG/nAjAVTYLqYdy7xw/o7Lz8
v5nTfxE1n2YsApc9ZmnrZOMiDPdWLMV5U8t+b3Vn574Tetc=
-----END CERTIFICATE REQUEST-----

138
OpenVPN/CA Server/easy-rsa/pki/safessl-easyrsa.cnf Normal file
View File

@ -0,0 +1,138 @@
# For use with Easy-RSA 3.0+ and OpenSSL or LibreSSL
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = /home/jfmartel/easy-rsa/pki # Where everything is kept
certs = /home/jfmartel/easy-rsa/pki # Where the issued certs are kept
crl_dir = /home/jfmartel/easy-rsa/pki # Where the issued crl are kept
database = /home/jfmartel/easy-rsa/pki/index.txt # database index file.
new_certs_dir = /home/jfmartel/easy-rsa/pki/certs_by_serial # default place for new certs.
certificate = /home/jfmartel/easy-rsa/pki/ca.crt # The CA certificate
serial = /home/jfmartel/easy-rsa/pki/serial # The current serial number
crl = /home/jfmartel/easy-rsa/pki/crl.pem # The current CRL
private_key = /home/jfmartel/easy-rsa/pki/private/ca.key # The private key
RANDFILE = /home/jfmartel/easy-rsa/pki/.rand # private random number file
x509_extensions = basic_exts # The extensions to add to the cert
# This allows a V2 CRL. Ancient browsers don't like it, but anything Easy-RSA
# is designed for will. In return, we get the Issuer attached to CRLs.
crl_extensions = crl_ext
default_days = 825 # how long to certify for
default_crl_days= 180 # how long before next CRL
default_md = sha256 # use public key default MD
preserve = no # keep passed DN ordering
# This allows to renew certificates which have not been revoked
unique_subject = no
# A few different ways of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the 'anything' policy, which defines allowed DN fields
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
# Easy-RSA request handling
# We key off $DN_MODE to determine how to format the DN
[ req ]
default_bits = 2048
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = cn_only
x509_extensions = easyrsa_ca # The extensions to add to the self signed cert
# A placeholder to handle the $EXTRA_EXTS feature:
#%EXTRA_EXTS% # Do NOT remove or change this line as $EXTRA_EXTS support requires it
####################################################################
# Easy-RSA DN (Subject) handling
# Easy-RSA DN for cn_only support:
[ cn_only ]
commonName = Common Name (eg: your user, host, or server name)
commonName_max = 64
commonName_default = ChangeMe
# Easy-RSA DN for org support:
[ org ]
countryName = Country Name (2 letter code)
countryName_default = US
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = California
localityName = Locality Name (eg, city)
localityName_default = San Francisco
0.organizationName = Organization Name (eg, company)
0.organizationName_default = Copyleft Certificate Co
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = My Organizational Unit
commonName = Common Name (eg: your user, host, or server name)
commonName_max = 64
commonName_default = ChangeMe
emailAddress = Email Address
emailAddress_default = me@example.net
emailAddress_max = 64
####################################################################
# Easy-RSA cert extension handling
# This section is effectively unused as the main script sets extensions
# dynamically. This core section is left to support the odd usecase where
# a user calls openssl directly.
[ basic_exts ]
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always
# The Easy-RSA CA extensions
[ easyrsa_ca ]
# PKIX recommendations:
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This could be marked critical, but it's nice to support reading by any
# broken clients who attempt to do so.
basicConstraints = CA:true
# Limit key usage to CA tasks. If you really want to use the generated pair as
# a self-signed cert, comment this out.
keyUsage = cRLSign, keyCertSign
# nsCertType omitted by default. Let's try to let the deprecated stuff die.
# nsCertType = sslCA
# CRL extensions.
[ crl_ext ]
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always

1
OpenVPN/CA Server/easy-rsa/pki/serial Normal file
View File

@ -0,0 +1 @@
44E31288C38E1632F41EBB13CA4D4C8E

1
OpenVPN/CA Server/easy-rsa/pki/serial.old Normal file
View File

@ -0,0 +1 @@
44e31288c38e1632f41ebb13ca4d4c8d

9
OpenVPN/CA Server/easy-rsa/vars Normal file
View File

@ -0,0 +1,9 @@
set_var EASYRSA_REQ_COUNTRY "CA"
set_var EASYRSA_REQ_PROVINCE "Quebec"
set_var EASYRSA_REQ_CITY "Montreal"
set_var EASYRSA_REQ_ORG "GrosGin"
set_var EASYRSA_REQ_EMAIL "jean-francois@jfmartel.ca"
set_var EASYRSA_REQ_OU "Community"
set_var EASYRSA_ALGO "ec"
set_var EASYRSA_DIGEST "sha512"
set_var EASYRSA_CERT_EXPIRE 3600

221
OpenVPN/CA Server/easy-rsa/vars.example Normal file
View File

@ -0,0 +1,221 @@
# Easy-RSA 3 parameter settings
# NOTE: If you installed Easy-RSA from your distro's package manager, don't edit
# this file in place -- instead, you should copy the entire easy-rsa directory
# to another location so future upgrades don't wipe out your changes.
# HOW TO USE THIS FILE
#
# vars.example contains built-in examples to Easy-RSA settings. You MUST name
# this file 'vars' if you want it to be used as a configuration file. If you do
# not, it WILL NOT be automatically read when you call easyrsa commands.
#
# It is not necessary to use this config file unless you wish to change
# operational defaults. These defaults should be fine for many uses without the
# need to copy and edit the 'vars' file.
#
# All of the editable settings are shown commented and start with the command
# 'set_var' -- this means any set_var command that is uncommented has been
# modified by the user. If you're happy with a default, there is no need to
# define the value to its default.
# NOTES FOR WINDOWS USERS
#
# Paths for Windows *MUST* use forward slashes, or optionally double-escaped
# backslashes (single forward slashes are recommended.) This means your path to
# the openssl binary might look like this:
# "C:/Program Files/OpenSSL-Win32/bin/openssl.exe"
# A little housekeeping: DON'T EDIT THIS SECTION
#
# Easy-RSA 3.x doesn't source into the environment directly.
# Complain if a user tries to do this:
if [ -z "$EASYRSA_CALLER" ]; then
echo "You appear to be sourcing an Easy-RSA 'vars' file." >&2
echo "This is no longer necessary and is disallowed. See the section called" >&2
echo "'How to use this file' near the top comments for more details." >&2
return 1
fi
# DO YOUR EDITS BELOW THIS POINT
# This variable is used as the base location of configuration files needed by
# easyrsa. More specific variables for specific files (e.g., EASYRSA_SSL_CONF)
# may override this default.
#
# The default value of this variable is the location of the easyrsa script
# itself, which is also where the configuration files are located in the
# easy-rsa tree.
#set_var EASYRSA "${0%/*}"
# If your OpenSSL command is not in the system PATH, you will need to define the
# path to it here. Normally this means a full path to the executable, otherwise
# you could have left it undefined here and the shown default would be used.
#
# Windows users, remember to use paths with forward-slashes (or escaped
# back-slashes.) Windows users should declare the full path to the openssl
# binary here if it is not in their system PATH.
#set_var EASYRSA_OPENSSL "openssl"
#
# This sample is in Windows syntax -- edit it for your path if not using PATH:
#set_var EASYRSA_OPENSSL "C:/Program Files/OpenSSL-Win32/bin/openssl.exe"
# Edit this variable to point to your soon-to-be-created key directory. By
# default, this will be "$PWD/pki" (i.e. the "pki" subdirectory of the
# directory you are currently in).
#
# WARNING: init-pki will do a rm -rf on this directory so make sure you define
# it correctly! (Interactive mode will prompt before acting.)
#set_var EASYRSA_PKI "$PWD/pki"
# Define directory for temporary subdirectories.
#set_var EASYRSA_TEMP_DIR "$EASYRSA_PKI"
# Define X509 DN mode.
# This is used to adjust what elements are included in the Subject field as the DN
# (this is the "Distinguished Name.")
# Note that in cn_only mode the Organizational fields further below aren't used.
#
# Choices are:
# cn_only - use just a CN value
# org - use the "traditional" Country/Province/City/Org/OU/email/CN format
#set_var EASYRSA_DN "cn_only"
# Organizational fields (used with 'org' mode and ignored in 'cn_only' mode.)
# These are the default values for fields which will be placed in the
# certificate. Don't leave any of these fields blank, although interactively
# you may omit any specific field by typing the "." symbol (not valid for
# email.)
#set_var EASYRSA_REQ_COUNTRY "US"
#set_var EASYRSA_REQ_PROVINCE "California"
#set_var EASYRSA_REQ_CITY "San Francisco"
#set_var EASYRSA_REQ_ORG "Copyleft Certificate Co"
#set_var EASYRSA_REQ_EMAIL "me@example.net"
#set_var EASYRSA_REQ_OU "My Organizational Unit"
# Choose a size in bits for your keypairs. The recommended value is 2048. Using
# 2048-bit keys is considered more than sufficient for many years into the
# future. Larger keysizes will slow down TLS negotiation and make key/DH param
# generation take much longer. Values up to 4096 should be accepted by most
# software. Only used when the crypto alg is rsa (see below.)
#set_var EASYRSA_KEY_SIZE 2048
# The default crypto mode is rsa; ec can enable elliptic curve support.
# Note that not all software supports ECC, so use care when enabling it.
# Choices for crypto alg are: (each in lower-case)
# * rsa
# * ec
# * ed
#set_var EASYRSA_ALGO rsa
# Define the named curve, used in ec & ed modes:
#set_var EASYRSA_CURVE secp384r1
# In how many days should the root CA key expire?
#set_var EASYRSA_CA_EXPIRE 3650
# In how many days should certificates expire?
#set_var EASYRSA_CERT_EXPIRE 825
# How many days until the next CRL publish date? Note that the CRL can still be
# parsed after this timeframe passes. It is only used for an expected next
# publication date.
#set_var EASYRSA_CRL_DAYS 180
# How many days before its expiration date a certificate is allowed to be
# renewed?
#set_var EASYRSA_CERT_RENEW 30
# Random serial numbers by default, set to no for the old incremental serial numbers
#
#set_var EASYRSA_RAND_SN "yes"
# Support deprecated "Netscape" extensions? (choices "yes" or "no".) The default
# is "no" to discourage use of deprecated extensions. If you require this
# feature to use with --ns-cert-type, set this to "yes" here. This support
# should be replaced with the more modern --remote-cert-tls feature. If you do
# not use --ns-cert-type in your configs, it is safe (and recommended) to leave
# this defined to "no". When set to "yes", server-signed certs get the
# nsCertType=server attribute, and also get any NS_COMMENT defined below in the
# nsComment field.
#set_var EASYRSA_NS_SUPPORT "no"
# When NS_SUPPORT is set to "yes", this field is added as the nsComment field.
# Set this blank to omit it. With NS_SUPPORT set to "no" this field is ignored.
#set_var EASYRSA_NS_COMMENT "Easy-RSA Generated Certificate"
# A temp file used to stage cert extensions during signing. The default should
# be fine for most users; however, some users might want an alternative under a
# RAM-based FS, such as /dev/shm or /tmp on some systems.
#set_var EASYRSA_TEMP_FILE "$EASYRSA_PKI/extensions.temp"
# !!
# NOTE: ADVANCED OPTIONS BELOW THIS POINT
# PLAY WITH THEM AT YOUR OWN RISK
# !!
# Broken shell command aliases: If you have a largely broken shell that is
# missing any of these POSIX-required commands used by Easy-RSA, you will need
# to define an alias to the proper path for the command. The symptom will be
# some form of a 'command not found' error from your shell. This means your
# shell is BROKEN, but you can hack around it here if you really need. These
# shown values are not defaults: it is up to you to know what you're doing if
# you touch these.
#
#alias awk="/alt/bin/awk"
#alias cat="/alt/bin/cat"
# X509 extensions directory:
# If you want to customize the X509 extensions used, set the directory to look
# for extensions here. Each cert type you sign must have a matching filename,
# and an optional file named 'COMMON' is included first when present. Note that
# when undefined here, default behaviour is to look in $EASYRSA_PKI first, then
# fallback to $EASYRSA for the 'x509-types' dir. You may override this
# detection with an explicit dir here.
#
#set_var EASYRSA_EXT_DIR "$EASYRSA/x509-types"
# If you want to generate KDC certificates, you need to set the realm here.
#set_var EASYRSA_KDC_REALM "CHANGEME.EXAMPLE.COM"
# OpenSSL config file:
# If you need to use a specific openssl config file, you can reference it here.
# Normally this file is auto-detected from a file named openssl-easyrsa.cnf from the
# EASYRSA_PKI or EASYRSA dir (in that order.) NOTE that this file is Easy-RSA
# specific and you cannot just use a standard config file, so this is an
# advanced feature.
#set_var EASYRSA_SSL_CONF "$EASYRSA/openssl-easyrsa.cnf"
# Default CN:
# This is best left alone. Interactively you will set this manually, and BATCH
# callers are expected to set this themselves.
#set_var EASYRSA_REQ_CN "ChangeMe"
# Cryptographic digest to use.
# Do not change this default unless you understand the security implications.
# Valid choices include: md5, sha1, sha256, sha224, sha384, sha512
#set_var EASYRSA_DIGEST "sha256"
# Batch mode. Leave this disabled unless you intend to call Easy-RSA explicitly
# in batch mode without any user input, confirmation on dangerous operations,
# or most output. Setting this to any non-blank string enables batch mode.
#set_var EASYRSA_BATCH ""

1
OpenVPN/ccd/Otarcik202501 Normal file
View File

@ -0,0 +1 @@
iroute 192.168.12.0 255.255.255.0

1
OpenVPN/ccd/remoteclient Normal file
View File

@ -0,0 +1 @@
iroute 192.168.10.0 255.255.255.0

1
OpenVPN/ccd/stationKA2401 Normal file
View File

@ -0,0 +1 @@
iroute 192.168.11.0 255.255.255.0

269
OpenVPN/jf2.ovpn Normal file
View File

@ -0,0 +1,269 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
;proto tcp
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote vpn.yultek.dev 1194
;remote 138.197.151.172 1194
;remote my-server-2 1194
# Choose a random host from the remote
# list for load-balancing. Otherwise
# try hosts in the order specified.
;remote-random
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Downgrade privileges after initialization (non-Windows only)
;user nobody
;group nobody
# Try to preserve some state across restarts.
persist-key
persist-tun
# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings
# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
;ca ca.crt
;cert client.crt
;key client.key
# Verify server certificate by checking that the
# certificate has the correct key usage set.
# This is an important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the keyUsage set to
# digitalSignature, keyEncipherment
# and the extendedKeyUsage to
# serverAuth
# EasyRSA can do this for you.
remote-cert-tls server
# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
# Note that v2.4 client/server will automatically
# negotiate AES-256-GCM in TLS mode.
# See also the data-ciphers option in the manpage
cipher AES-256-GCM
auth SHA256
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
#comp-lzo
# Set log file verbosity.
verb 3
# Silence repeating messages
;mute 20
key-direction 1
; script-security 2
; up /etc/openvpn/update-resolv-conf
; down /etc/openvpn/update-resolv-conf
; script-security 2
; up /etc/openvpn/update-systemd-resolved
; down /etc/openvpn/update-systemd-resolved
; down-pre
; dhcp-option DOMAIN-ROUTE .
<ca>
-----BEGIN CERTIFICATE-----
MIIDRTCCAi2gAwIBAgIUXe37kz2yqgyL2xXfvaGRzlz7ywYwDQYJKoZIhvcNAQEL
BQAwFDESMBAGA1UEAwwJSkZfc2VydmVyMB4XDTIzMDIyMDIyMDkyMVoXDTMzMDIx
NzIyMDkyMVowFDESMBAGA1UEAwwJSkZfc2VydmVyMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAnLdVAj0W31TtWGxwdBeqsdIHyUdVAEG8bX+CcNZDP3M3
R/gJOmenjqsqHYBe5gZcky1hkqWaD7l/LNmyzZDZ1lVEWpcAZqxbsUZKiHU30bxq
84L5qtaAOpwTsumidq2hBqoDBMdBmh18e0QEW624mui7ckXTRRG3PA0ccXtXcTYU
ntmhYtQ2oaPauSmfJZIUfZTfVZbB8FkCgu+zJtCx5hq46vIHm8KX0m1zLIeUtGsI
hkly+5v52f3sEMlddyoZZkfjRddETk2co09q3oNaP1LYxN5G+TvZDhpdE+PrDsNT
wO4uU2d9hVIP3T49heLieZ6KVxyp1FsDYzo0CNlIDwIDAQABo4GOMIGLMB0GA1Ud
DgQWBBSKeJDl8FDnjHXkuMCh6OmbshqdMjBPBgNVHSMESDBGgBSKeJDl8FDnjHXk
uMCh6OmbshqdMqEYpBYwFDESMBAGA1UEAwwJSkZfc2VydmVyghRd7fuTPbKqDIvb
Fd+9oZHOXPvLBjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0B
AQsFAAOCAQEARIg2x4Tit/6ZydMlle6ku32t75OMCVQoe7fUkRjNe8pCkZjZXLy9
QIRwoqW3FRT8+mQjctZk3NsyLStF8Rc/fFvpjGY/hiEQ/RV1K2/IZ9hcswp/LRzQ
ElDwXhe4zlcDT10GjHYYx221SR+ijgicZcaXgb9f3uZKIrPgyb8qB4KCQS8gPtCV
1VmPM5/svVCI93G+xT92XBHa47fgV5GEn7Snah2UgFol5h7/KX/Sa2q0pfBlzqmt
CutfEbYcwSxkoLsEUIW8KMoEAIsO+KIsraS6EXlRdT82Ui+UZWVPZABlzifCl+AV
LzBrLwt2OeoEI1h65EyzzE7gDsjrE3JR/Q==
-----END CERTIFICATE-----
</ca>
<cert>
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
49:6e:3c:e9:b5:30:c1:6a:89:b2:c8:b1:e9:96:32:9c
Signature Algorithm: sha512WithRSAEncryption
Issuer: CN=JF_server
Validity
Not Before: May 12 20:06:31 2025 GMT
Not After : Mar 21 20:06:31 2035 GMT
Subject: CN=jf2
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:53:3d:55:81:8e:b0:b2:39:47:1b:62:d6:1b:4f:
78:5d:02:48:c2:00:0a:80:08:74:d7:3a:da:c5:b4:
e5:fc:f6:c6:ad:25:b2:20:03:37:9d:99:67:20:81:
6b:87:69:e3:06:a6:7f:b7:3b:79:30:33:0c:78:c1:
9a:a2:fc:59:22:89:3c:ff:f1:ec:41:52:e7:0a:51:
a9:39:6d:72:40:ec:d0:fb:16:1a:f6:31:cb:2a:a3:
9b:e9:35:af:b2:6f:9e
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
B4:87:90:DC:D8:E1:64:DE:A9:92:1A:99:12:9C:27:62:CF:35:7C:24
X509v3 Authority Key Identifier:
keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
DirName:/CN=JF_server
serial:5D:ED:FB:93:3D:B2:AA:0C:8B:DB:15:DF:BD:A1:91:CE:5C:FB:CB:06
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha512WithRSAEncryption
Signature Value:
87:0c:f2:91:fe:7f:b9:c4:9f:8e:b1:72:0d:77:35:fe:53:a7:
6e:ec:70:14:ad:40:f3:b7:63:8c:e1:ab:97:11:0d:2e:9b:23:
4d:57:36:b1:8c:f5:85:cd:a2:23:af:f5:be:1d:7e:67:f6:95:
f0:83:99:d4:f9:d6:e9:fb:c6:9f:1c:e4:8c:f7:6a:ab:50:de:
68:50:24:69:7c:bc:41:55:c2:a2:b6:32:9c:41:19:6d:42:4c:
42:89:fe:4e:08:3d:9c:50:db:ff:e8:e5:47:5d:a8:ba:c3:03:
7a:ea:30:7d:00:e2:a2:de:36:23:1d:63:01:50:9d:f9:04:9c:
bb:51:f7:6a:0e:8a:3a:23:45:5c:d2:69:0a:1c:e1:6d:98:b0:
e9:31:a5:4e:4b:f6:c5:93:f1:21:e7:a9:8a:e6:21:2f:e8:35:
34:86:48:a8:54:6b:77:47:b7:84:44:04:09:84:4f:20:5a:ce:
0b:9b:29:c1:84:a6:1e:22:9f:6f:73:23:ff:a4:d3:90:3b:86:
f1:f1:37:45:04:2b:2c:e5:ab:c7:e7:ad:db:e2:3f:6f:27:2f:
90:78:5c:fc:cb:ca:c2:8e:31:2f:01:21:3e:20:0a:b9:a0:5a:
91:9a:46:21:b8:11:07:49:01:df:20:fc:23:08:f6:a2:4f:46:
f0:fc:01:f5
-----BEGIN CERTIFICATE-----
MIICnzCCAYegAwIBAgIQSW486bUwwWqJssix6ZYynDANBgkqhkiG9w0BAQ0FADAU
MRIwEAYDVQQDDAlKRl9zZXJ2ZXIwHhcNMjUwNTEyMjAwNjMxWhcNMzUwMzIxMjAw
NjMxWjAOMQwwCgYDVQQDDANqZjIwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARTPVWB
jrCyOUcbYtYbT3hdAkjCAAqACHTXOtrFtOX89satJbIgAzedmWcggWuHaeMGpn+3
O3kwMwx4wZqi/FkiiTz/8exBUucKUak5bXJA7ND7Fhr2Mcsqo5vpNa+yb56jgaAw
gZ0wCQYDVR0TBAIwADAdBgNVHQ4EFgQUtIeQ3NjhZN6pkhqZEpwnYs81fCQwTwYD
VR0jBEgwRoAUiniQ5fBQ54x15LjAoejpm7IanTKhGKQWMBQxEjAQBgNVBAMMCUpG
X3NlcnZlcoIUXe37kz2yqgyL2xXfvaGRzlz7ywYwEwYDVR0lBAwwCgYIKwYBBQUH
AwIwCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBDQUAA4IBAQCHDPKR/n+5xJ+OsXIN
dzX+U6du7HAUrUDzt2OM4auXEQ0umyNNVzaxjPWFzaIjr/W+HX5n9pXwg5nU+dbp
+8afHOSM92qrUN5oUCRpfLxBVcKitjKcQRltQkxCif5OCD2cUNv/6OVHXai6wwN6
6jB9AOKi3jYjHWMBUJ35BJy7UfdqDoo6I0Vc0mkKHOFtmLDpMaVOS/bFk/Eh56mK
5iEv6DU0hkioVGt3R7eERAQJhE8gWs4LmynBhKYeIp9vcyP/pNOQO4bx8TdFBCss
5avH563b4j9vJy+QeFz8y8rCjjEvASE+IAq5oFqRmkYhuBEHSQHfIPwjCPaiT0bw
/AH1
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBQv7N0YKNvqQhnUyHe
Dy00OLK8iRi1Zx3nC1QTTxNQKBDeXdg4EkRuY0By77lArkOhZANiAARTPVWBjrCy
OUcbYtYbT3hdAkjCAAqACHTXOtrFtOX89satJbIgAzedmWcggWuHaeMGpn+3O3kw
Mwx4wZqi/FkiiTz/8exBUucKUak5bXJA7ND7Fhr2Mcsqo5vpNa+yb54=
-----END PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
4c828cbf0e58f927758e9471c1b6f03b
2e77b2c634bad76df0570dd8f47184d6
3921e25c6e6cbe4af4b64aad89d12425
a9fca69ae08802b5ed583632c26678b0
cc28c481c3831d1b2204dc30cd466395
ccb8cd82cd2259c956b510c9a56e842a
8693c44dca462f0ab7be3856abe9bbe1
95a6ffd3b0237225b9497c7a0df05ad8
2f2e0a8bff97c927d2890906d0105947
fa3430fc779583772382534fb880add6
8d5592fa4ff384d3e96c560019b5835f
095da9b2fb33dbfbc1ffce9560908271
ee96e02ccecc9d51b9dda79a77704a1d
4407d7c805e6950854fe232adee02a12
b09af2d9bfe04868a9e2e942dc64eb81
9e062ab9f781e52d263195a58db72ebe
-----END OpenVPN Static key V1-----
</tls-crypt>

9
OpenVPN/server.conf
View File

@ -139,17 +139,9 @@ ifconfig-pool-persist /var/log/openvpn/ipp.txt
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
# Route le subnet de la station Otarcik 2023
push "route 192.168.10.0 255.255.255.0"
# Route le subnet de la statio Kayak
push "route 192.168.11.0 255.255.255.0"
#route le subnet de la station Otarcik 2025
push "route 192.168.12.0 255.255.255.0"
;push "route 192.168.30.0 255.255.255.0"
# To assign specific IP addresses to specific
@ -167,6 +159,7 @@ client-config-dir ccd
;route 192.168.40.128 255.255.255.248
route 192.168.10.0 255.255.255.0
route 192.168.11.0 255.255.255.0
route 192.168.12.0 255.255.255.0
# Then create a file ccd/Thelonious with this line:
# iroute 192.168.40.128 255.255.255.248

BIN
Otarcik_CAN/Config/Station.cfg
View File

Binary file not shown.

36
Otarcik_CAN/Logs/SystemLog.txt
View File

@ -1952,3 +1952,39 @@ Démarrage du logiciel Otarcik CAN version 1.08 le 2025-05-03 à 20:08:02
2025-05-03 20:08:07 Client MQTT metrics.yultek.dev déconnecté.
2025-05-03 20:08:07 Passage en mode buffering des messages MQTT pour metrics.yultek.dev
2025-05-03 20:08:07 Client MQTT 192.168.51.32 déconnecté.
********************************************************************
Démarrage du logiciel Otarcik CAN version 1.08 le 2025-05-08 à 13:37:29
********************************************************************
2025-05-08 13:37:29 Chargement de la configuration système...
2025-05-08 13:37:29 Configuration système chargée avec succès!
2025-05-08 13:37:29 Initialisation du dispositif [MasterCAN]
2025-05-08 13:37:29 Démarrage d'un module CAN...
2025-05-08 13:37:29 Impossible de trouver le module CAN sur le channel 1
2025-05-08 13:37:29 Démarrage du Watchdog CAN...
2025-05-08 13:37:29 Watchdog CAN initialisé pour le module sur le channel 1
2025-05-08 13:37:29 Démarrage du logiciel OtarcikCAN
2025-05-08 13:37:29 Client MQTT metrics.yultek.dev en cours de connexion...
2025-05-08 13:37:29 Client MQTT 192.168.51.32 en cours de connexion...
2025-05-08 13:37:30 Client MQTT 192.168.51.32 connecté.
2025-05-08 13:37:30 LAN Device 192.168.51.2 is now ONLINE on network
2025-05-08 13:37:30 LAN Device 192.168.50.100 is now ONLINE on network
2025-05-08 13:37:30 LAN Device 192.168.50.1 is now ONLINE on network
2025-05-08 13:37:30 LAN Device 192.168.51.32 is now ONLINE on network
2025-05-08 13:37:30 LAN Device 192.168.50.110 is now ONLINE on network
2025-05-08 13:37:30 Client MQTT metrics.yultek.dev connecté.
2025-05-08 13:37:30 Internet Connecté...
2025-05-08 13:37:40 Client MQTT 192.168.51.32 déconnecté.
2025-05-08 13:37:48 Client MQTT metrics.yultek.dev déconnecté.
2025-05-08 13:37:48 Passage en mode buffering des messages MQTT pour metrics.yultek.dev
2025-05-08 13:37:48 Client MQTT metrics.yultek.dev en cours de connexion...
2025-05-08 13:37:48 Client MQTT 192.168.51.32 en cours de connexion...
2025-05-08 13:37:48 Sauvegarde de la configuration système...
2025-05-08 13:37:48 Client MQTT 192.168.51.32 connecté.
2025-05-08 13:37:48 Client MQTT metrics.yultek.dev connecté.
2025-05-08 13:38:34 Déinitialisation du module PCAN USB ID 81
2025-05-08 13:38:34 Impossible de déinitialiser un module USB PCAN.. Error:The transmit buffer in CAN controller is full
2025-05-08 13:38:34 Client MQTT metrics.yultek.dev déconnecté.
2025-05-08 13:38:34 Passage en mode buffering des messages MQTT pour metrics.yultek.dev
2025-05-08 13:38:34 Client MQTT 192.168.51.32 déconnecté.