Hi,
Are you sure you have the same error description
(lib(47):func(131):reason(117):ts_rsp_sign.c:206:)? I have tested here
with a certificate containing "Digital Signature, Non Repudiation" key
usage and OpenSSL doesn't complain.
I'm attaching the timestamp certificate (with its key and its CA
certificate) that I used. Can you see if it is working for you?
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 2/22/2011 3:11 PM, Yessica De Ascencao wrote:
Hi Mounir IDRASSI!
I generated the certificate with ONLY Digital Signature, Non
Repudiation but I still have the same problem.
Thanks!
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
d8:e6:a3:f6:22:c7:a4:0c
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=ve, ST=distrito capital, O=suscerte, OU=acraiz,
CN=ac/emailAddress=a...@suscerte.gob.ve <mailto:a...@suscerte.gob.ve>
Validity
Not Before: Feb 22 14:08:20 2011 GMT
Not After : Feb 22 14:08:20 2012 GMT
Subject: C=ve, ST=distritocapital, L=caracas, O=tss,
OU=suscerte, CN=tsscompany/emailAddress=t...@company.com
<mailto:t...@company.com>
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:bd:6e:12:e5:72:37:f2:74:e4:95:f7:43:f2:c7:
00:7d:53:cb:2d:a9:49:68:4d:04:b7:40:8d:b7:cd:
56:23:89:8a:e1:78:d6:a8:bd:a3:ef:16:62:d6:37:
6d:25:ce:eb:9d:30:8a:5e:be:6a:68:6f:bf:cd:f7:
6b:cd:85:f8:c6:62:f3:ea:8e:32:79:2a:d2:38:40:
b9:d7:88:c9:18:5c:63:98:69:ea:b6:95:83:a2:ac:
1b:b4:17:9a:e7:ea:66:bc:c3:e6:c8:e6:47:94:9b:
36:3c:3b:e0:59:9e:85:90:a6:8f:ad:8a:0a:0b:9e:
51:de:ef:93:73:e5:6b:a9:f2:49:ec:c0:46:57:71:
27:fd:85:47:09:f7:90:f7:bb:c5:3a:83:0a:3c:cc:
f2:88:2f:69:5c:80:e2:7f:9e:28:d3:19:09:62:fb:
2b:61:a4:f8:4c:64:d6:72:cb:41:a9:68:69:38:8b:
3f:03:04:83:26:e0:9a:ce:be:1f:05:f0:6d:99:2c:
87:16:97:e2:7f:8b:2f:b1:eb:19:2f:10:45:00:2c:
8e:dd:f5:80:de:cf:c7:17:a0:cc:cf:0d:f3:48:19:
7f:5b:b0:dd:51:a8:80:e0:65:eb:79:ef:ea:fc:d8:
6d:a5:2d:e3:06:b0:83:83:14:7f:61:f9:dc:ea:a7:
7a:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Non Repudiation
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
FA:0C:6E:6E:88:58:51:F4:DF:F1:E3:CC:DD:9D:71:8C:CD:95:68:17
X509v3 Authority Key Identifier:
keyid:76:B9:CB:3B:5D:C8:B6:AB:02:74:86:D3:1C:C7:42:58:B1:AE:7E:76
X509v3 Subject Alternative Name:
email:t...@company.com <mailto:email%3a...@company.com>
X509v3 Extended Key Usage: critical
Time Stamping
Signature Algorithm: sha1WithRSAEncryption
3d:d4:76:9a:d7:2d:6a:93:62:d7:2c:29:87:cc:9c:72:97:19:
1a:2d:59:b8:fc:6c:86:22:ad:9c:ba:74:de:89:cb:55:c0:f8:
50:02:5d:7d:58:92:cb:0d:c9:9a:30:a9:2a:32:7e:2c:c6:a1:
19:eb:09:30:55:85:c8:30:d4:f1:51:9a:ca:77:58:8e:f8:a6:
b8:d9:92:63:10:fa:ad:06:79:aa:d9:5a:09:9c:5b:91:8b:7a:
04:66:f5:24:0b:25:25:69:a5:66:30:c1:4a:b8:cf:c7:51:e1:
5a:a0:a6:51:cf:b0:26:05:8d:c4:66:cd:3b:c6:08:a5:de:57:
81:af
2011/2/22 Mounir IDRASSI <mounir.idra...@idrix.net
<mailto:mounir.idra...@idrix.net>>
Hi,
I don't agree : from the error description
(lib(47):func(131):reason(117):ts_rsp_sign.c:206) it is clear that
OpenSSL loaded the certificate but the X509_check_purpose(signer,
X509_PURPOSE_TIMESTAMP_SIGN, 0) call in ts_rsp_sign failed.
Actaully, reading the certificate dump shows that the problem is
coming from the certificate Key Usage : it MUST NOT contain Key
Encipherment.
So, to resolve your problem, set the Key Usage to ONLY Digital
Signature, Non Repudiation.
I hope this will help.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 2/22/2011 2:40 PM, Patrick Patterson wrote:
Hi Yessica:
That error is fairly straightforward - it's can't load the
cert (meaning, it can't even load the file).
Have you made sure that the permissions are correct? Are you
absolutely sure that you have the right cert in the right
location?
Have fun.
Patrick.
On 2011-02-22, at 8:37 AM, Yessica De Ascencao wrote:
Hi!
This is the new certificate:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
d8:e6:a3:f6:22:c7:a4:0b
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=ve, ST=distrito capital, O=suscerte,
OU=acraiz, CN=ac/emailAddress=a...@suscerte.gob.ve
<mailto:a...@suscerte.gob.ve>
Validity
Not Before: Feb 21 20:15:08 2011 GMT
Not After : Feb 21 20:15:08 2012 GMT
Subject: C=ve, ST=distritocapital, L=caracas,
O=tss, OU=suscerte,
CN=tsscompany/emailAddress=t...@company.com
<mailto:t...@company.com>
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:bd:6e:12:e5:72:37:f2:74:e4:95:f7:43:f2:c7:
00:7d:53:cb:2d:a9:49:68:4d:04:b7:40:8d:b7:cd:
56:23:89:8a:e1:78:d6:a8:bd:a3:ef:16:62:d6:37:
6d:25:ce:eb:9d:30:8a:5e:be:6a:68:6f:bf:cd:f7:
6b:cd:85:f8:c6:62:f3:ea:8e:32:79:2a:d2:38:40:
b9:d7:88:c9:18:5c:63:98:69:ea:b6:95:83:a2:ac:
1b:b4:17:9a:e7:ea:66:bc:c3:e6:c8:e6:47:94:9b:
36:3c:3b:e0:59:9e:85:90:a6:8f:ad:8a:0a:0b:9e:
51:de:ef:93:73:e5:6b:a9:f2:49:ec:c0:46:57:71:
27:fd:85:47:09:f7:90:f7:bb:c5:3a:83:0a:3c:cc:
f2:88:2f:69:5c:80:e2:7f:9e:28:d3:19:09:62:fb:
2b:61:a4:f8:4c:64:d6:72:cb:41:a9:68:69:38:8b:
3f:03:04:83:26:e0:9a:ce:be:1f:05:f0:6d:99:2c:
87:16:97:e2:7f:8b:2f:b1:eb:19:2f:10:45:00:2c:
8e:dd:f5:80:de:cf:c7:17:a0:cc:cf:0d:f3:48:19:
7f:5b:b0:dd:51:a8:80:e0:65:eb:79:ef:ea:fc:d8:
6d:a5:2d:e3:06:b0:83:83:14:7f:61:f9:dc:ea:a7:
7a:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key
Encipherment
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
FA:0C:6E:6E:88:58:51:F4:DF:F1:E3:CC:DD:9D:71:8C:CD:95:68:17
X509v3 Authority Key Identifier:
keyid:76:B9:CB:3B:5D:C8:B6:AB:02:74:86:D3:1C:C7:42:58:B1:AE:7E:76
X509v3 Subject Alternative Name:
email:t...@company.com <mailto:email%3a...@company.com>
X509v3 Extended Key Usage: critical
Time Stamping
Signature Algorithm: sha1WithRSAEncryption
02:d1:fd:44:de:1e:9f:e0:29:66:35:8f:43:da:e6:b5:20:43:
52:90:b0:dc:8a:0f:09:92:9e:c2:6b:dc:14:ab:2c:9f:1b:8e:
02:76:9a:17:08:77:ca:26:06:13:25:9e:4a:e2:bf:bb:2b:4d:
cf:67:41:c0:2b:3a:1a:d0:ae:a8:88:3c:13:e2:0d:f6:9c:1e:
e7:ba:ef:22:c6:b8:18:3b:a8:5e:f9:0e:43:b8:de:82:b1:e0:
be:00:d2:57:9c:f3:d9:48:72:28:70:5d:06:d7:73:84:bc:f7:
5e:65:27:86:0d:e8:28:b4:dd:72:4d:8e:59:02:cc:39:0f:8d:
47:87
And this is the error:
[Mon Feb 21 20:15:37 2011] [error] mod_tsa:could not load
X.509 certificate: /usr/local/ssl/misc/demoCA/tss.pem
[Mon Feb 21 20:15:37 2011] [error]
mod_tsa:17262:error:2F083075:lib(47):func(131):reason(117):ts_rsp_sign.c:206:
[Mon Feb 21 20:15:37 2011] [emerg] exiting, fatal error
during mod_tsa initialisation.
Thanks!!!
2011/2/21 Jaroslav Imrich<jaroslav.imr...@gmail.com
<mailto:jaroslav.imr...@gmail.com>>
Hello Yessica,
please post new certificate and exact error you're getting.
--
Kind Regards / S pozdravom
Jaroslav Imrich
http://www.jariq.sk
On Mon, Feb 21, 2011 at 4:41 PM, Yessica De
Ascencao<yessima...@gmail.com
<mailto:yessima...@gmail.com>> wrote:
hello!!!
Thanks for the response!
Yes I needed the extension to Time Stamping, however when
I load the sample certificate in the OpenTSA page,
continues to show me the same error. I created a
certificate with the correct extension and likewise gives
me error.
I really do not know what may be happening.
Thank you very much!
2011/2/18 Jaroslav Imrich<jaroslav.imr...@gmail.com
<mailto:jaroslav.imr...@gmail.com>>
Hello Yessica,
this line in your logs tells you where the error occured:
[Thu Feb 17 19:23:09 2011] [error]
mod_tsa:1510:error:2F083075:lib(47):func(131):reason(117):ts_rsp_sign.c:206:
When you look into source code of openssl ts module -
http://cvs.openssl.org/fileview?f=openssl/crypto/ts/ts_rsp_sign.c&v=1.6.4.2
<http://cvs.openssl.org/fileview?f=openssl/crypto/ts/ts_rsp_sign.c&v=1.6.4.2>
- you can see that line 206 contains following code:
if (X509_check_purpose(signer,
X509_PURPOSE_TIMESTAMP_SIGN, 0) != 1)
{
TSerr(TS_F_TS_RESP_CTX_SET_SIGNER_CERT,
TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE);
return 0;
}
That means loading of TSA certificate failed because of
incorrect extensions.
Certificate you posted has critical mark on "X509v3
Subject Alternative Name" which is completely wrong in
this case. It is "Time Stamping" that has to be marked as
critical.
--
Kind Regards / S pozdravom
Jaroslav Imrich
http://www.jariq.sk
--
Saludos!
Yessica De Ascencao
0426-7142582
--
Saludos!
Yessica De Ascencao
0426-7142582
---
Patrick Patterson
Chief PKI Architect
Carillon Information Security Inc.
http://www.carillon.ca
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
<mailto:openssl-users@openssl.org>
Automated List Manager majord...@openssl.org
<mailto:majord...@openssl.org>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
<mailto:openssl-users@openssl.org>
Automated List Manager majord...@openssl.org
<mailto:majord...@openssl.org>
--
Saludos!
Yessica De Ascencao
0426-7142582
-----BEGIN CERTIFICATE-----
MIIEdDCCA1ygAwIBAgIJALPn3IdCBf3yMA0GCSqGSIb3DQEBBQUAMIGCMQswCQYD
VQQGEwJGUjEOMAwGA1UECBMFUGFyaXMxDjAMBgNVBAcTBVBhcmlzMQ4wDAYDVQQK
EwVJRFJJWDELMAkGA1UECxMCSVQxFTATBgNVBAMTDElEUklYIFRTQSBDQTEfMB0G
CSqGSIb3DQEJARYQY29udGFjdEBpZHJpeC5mcjAeFw0xMTAyMjMwMDEwMTRaFw0y
MTAxMDEwMDEwMTRaMIGCMQswCQYDVQQGEwJGUjEOMAwGA1UECBMFUGFyaXMxDjAM
BgNVBAcTBVBhcmlzMQ4wDAYDVQQKEwVJRFJJWDELMAkGA1UECxMCSVQxFTATBgNV
BAMTDElEUklYIFRTQSBDQTEfMB0GCSqGSIb3DQEJARYQY29udGFjdEBpZHJpeC5m
cjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMAvHn/pw3HsSBlmlohf
hifFY0E5BjnrejJvFDFjED+wS3gEwNB08MpEE/T6abNUIXWYn+5OEx9mJJtLt49K
aR5IPCm/1fRYXdRFJHBcG8BNUULd4ccOP+IrBF0QKWprL80/96aBtY2pwCNFCEwb
OvmzGPYXeCQkWFffDURHZkxN4cOXU6BiGPt42EB8XbHuIauYIKkEwV4vyJXvpLD2
OSQvRqJFFM4OvK8qRTdCVMuD4W/7xkgwaUPh/bX1y5navbaRO8KdyFlNfFDZeupf
RA97nf6MoW61KLjYSDAwYIMSJrJDJIBW3Tj776eTbhw0Ig/0b7lZvngq6Ew7OJpc
PEcCAwEAAaOB6jCB5zAdBgNVHQ4EFgQUNlCoGlA1MkDUhHdnIOhFyjLhzmwwgbcG
A1UdIwSBrzCBrIAUNlCoGlA1MkDUhHdnIOhFyjLhzmyhgYikgYUwgYIxCzAJBgNV
BAYTAkZSMQ4wDAYDVQQIEwVQYXJpczEOMAwGA1UEBxMFUGFyaXMxDjAMBgNVBAoT
BUlEUklYMQswCQYDVQQLEwJJVDEVMBMGA1UEAxMMSURSSVggVFNBIENBMR8wHQYJ
KoZIhvcNAQkBFhBjb250YWN0QGlkcml4LmZyggkAs+fch0IF/fIwDAYDVR0TBAUw
AwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAdiGqBDka+9NnBXuQhDuYLpxGhgra3LJi
4sTtGU3bHuKXgLKmTkDr/qt409/DYY8enskjuwO0aNfhuNRP8+XSrwji3atgW60R
L/2NMKAjImx+VMRCRrM4SpqVoDrMosBS2cL+UCrGfudXurtKSzRGD3C6UMP59d+J
V00/1nUwah+u8ucAdTAMm0DcBq5ujoBWqSkiCaV6NQCj9TUz4bZkJl3KUksFaO5l
sbHE+rVDeSnctMb7oDMJVo85ThejwGTxVrPm0Zl6iqusXQNrdScNH6DSApHIfUGZ
6e4CMvQ/FZ6usN0GrJl9dMbdhEwgJ7nFmE9wbTwhDU9br8CaGB3pNQ==
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=FR, ST=Paris, L=Paris, O=IDRIX, OU=IT, CN=IDRIX TSA
CA/emailAddress=cont...@idrix.fr
Validity
Not Before: Feb 23 00:17:12 2011 GMT
Not After : Feb 23 00:17:12 2012 GMT
Subject: C=FR, ST=Paris, O=IDRIX, OU=IT, CN=IDRIX Time
Service/emailAddress=cont...@idrix.fr
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:a8:e3:1a:1e:5e:e4:17:03:69:1f:0b:82:98:0b:
0d:f2:02:e9:ab:13:fc:13:dc:b4:8c:ba:eb:3d:3e:
1b:32:04:6f:26:ed:a0:06:bf:df:6d:d1:8c:d3:7d:
48:71:3d:8d:fa:30:bb:89:e8:81:fd:f1:85:8f:83:
a3:cf:16:97:82:d8:e3:27:28:3f:a5:d3:92:5c:ba:
44:08:38:2b:98:25:bf:72:73:8c:62:36:b1:01:01:
8a:a8:0f:a0:2d:da:84:5e:ea:fe:35:79:b8:33:53:
2e:09:f5:bc:13:f6:4f:5c:1f:4e:13:b3:33:63:2c:
e1:68:5a:cd:ba:51:dc:05:13:bd:01:ba:53:34:48:
9f:2f:4c:66:9f:e4:06:de:2a:95:4f:5d:78:aa:34:
67:78:44:a8:62:16:3c:69:55:dc:9d:e8:70:d1:8d:
1e:43:93:97:c0:af:09:fa:91:26:cf:e6:44:d2:56:
24:04:4e:00:e0:7c:c5:ac:e0:2b:9e:ea:41:0b:c5:
93:a2:dc:f9:13:a2:63:82:cb:92:c1:9a:7a:b7:23:
93:11:e1:6d:3f:eb:85:c9:ef:c8:ef:a7:26:d9:15:
bf:d6:41:87:ae:c4:8f:f0:36:1b:01:8c:49:d7:13:
19:ba:94:78:42:c6:5d:b1:7a:70:61:7a:2b:ab:30:
87:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Non Repudiation
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
3C:5F:BC:3F:D8:9C:4B:3E:C3:91:64:55:43:F0:76:4B:F6:62:0D:23
X509v3 Authority Key Identifier:
keyid:36:50:A8:1A:50:35:32:40:D4:84:77:67:20:E8:45:CA:32:E1:CE:6C
X509v3 Extended Key Usage: critical
Time Stamping
Signature Algorithm: sha1WithRSAEncryption
93:c2:b0:1b:5e:79:53:2b:ba:6b:5f:43:30:f0:89:b2:19:62:
23:be:fa:17:80:a8:f4:89:37:01:fa:50:0e:a0:1d:02:ca:eb:
39:13:c4:cf:1b:ed:08:1f:24:ad:ca:60:c8:18:1f:f3:19:6e:
d9:9c:9e:06:41:43:42:d7:c5:25:9b:9e:27:64:a5:d7:68:a0:
9e:47:af:38:7d:df:7d:7c:52:85:46:dd:8c:39:86:45:f6:09:
08:65:cd:20:c5:31:d9:57:a0:60:43:8c:6e:fc:75:98:de:14:
35:6b:1b:75:09:1e:09:92:9e:b9:b3:4d:3c:e4:4e:6a:f7:62:
61:a5:6d:48:cf:bd:7b:40:57:ba:ca:43:99:7c:5e:c2:20:04:
5d:8f:e7:c3:6b:df:44:fb:98:82:58:29:66:8f:4e:de:43:b2:
ea:d6:d9:da:03:00:9f:ee:38:9b:07:33:6e:5f:7a:14:cf:8f:
7f:6c:f8:69:e3:c2:73:82:12:43:5a:50:c5:ca:e7:43:f5:5b:
7e:9b:1f:99:6b:b9:e1:11:5f:a6:df:96:6a:71:ad:73:21:1d:
1e:0c:40:3d:62:87:be:f5:4c:55:92:27:8d:35:e3:50:b5:11:
5d:88:0e:fd:d8:a9:fb:46:e2:8b:1a:43:ee:e9:c8:5a:de:88:
98:19:65:aa
-----BEGIN CERTIFICATE-----
MIIEGDCCAwCgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UEBhMCRlIx
DjAMBgNVBAgTBVBhcmlzMQ4wDAYDVQQHEwVQYXJpczEOMAwGA1UEChMFSURSSVgx
CzAJBgNVBAsTAklUMRUwEwYDVQQDEwxJRFJJWCBUU0EgQ0ExHzAdBgkqhkiG9w0B
CQEWEGNvbnRhY3RAaWRyaXguZnIwHhcNMTEwMjIzMDAxNzEyWhcNMTIwMjIzMDAx
NzEyWjB4MQswCQYDVQQGEwJGUjEOMAwGA1UECBMFUGFyaXMxDjAMBgNVBAoTBUlE
UklYMQswCQYDVQQLEwJJVDEbMBkGA1UEAxMSSURSSVggVGltZSBTZXJ2aWNlMR8w
HQYJKoZIhvcNAQkBFhBjb250YWN0QGlkcml4LmZyMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAqOMaHl7kFwNpHwuCmAsN8gLpqxP8E9y0jLrrPT4bMgRv
Ju2gBr/fbdGM031IcT2N+jC7ieiB/fGFj4OjzxaXgtjjJyg/pdOSXLpECDgrmCW/
cnOMYjaxAQGKqA+gLdqEXur+NXm4M1MuCfW8E/ZPXB9OE7MzYyzhaFrNulHcBRO9
AbpTNEifL0xmn+QG3iqVT114qjRneESoYhY8aVXcnehw0Y0eQ5OXwK8J+pEmz+ZE
0lYkBE4A4HzFrOArnupBC8WTotz5E6JjgsuSwZp6tyOTEeFtP+uFye/I76cm2RW/
1kGHrsSP8DYbAYxJ1xMZupR4QsZdsXpwYXorqzCHmQIDAQABo4GhMIGeMAkGA1Ud
EwQCMAAwCwYDVR0PBAQDAgbAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUPF+8P9icSz7DkWRVQ/B2S/ZiDSMw
HwYDVR0jBBgwFoAUNlCoGlA1MkDUhHdnIOhFyjLhzmwwFgYDVR0lAQH/BAwwCgYI
KwYBBQUHAwgwDQYJKoZIhvcNAQEFBQADggEBAJPCsBteeVMrumtfQzDwibIZYiO+
+heAqPSJNwH6UA6gHQLK6zkTxM8b7QgfJK3KYMgYH/MZbtmcngZBQ0LXxSWbnidk
pddooJ5Hrzh93318UoVG3Yw5hkX2CQhlzSDFMdlXoGBDjG78dZjeFDVrG3UJHgmS
nrmzTTzkTmr3YmGlbUjPvXtAV7rKQ5l8XsIgBF2P58Nr30T7mIJYKWaPTt5DsurW
2doDAJ/uOJsHM25fehTPj39s+GnjwnOCEkNaUMXK50P1W36bH5lrueERX6bflmpx
rXMhHR4MQD1ih771TFWSJ40141C1EV2IDv3YqftG4osaQ+7pyFreiJgZZao=
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAqOMaHl7kFwNpHwuCmAsN8gLpqxP8E9y0jLrrPT4bMgRvJu2g
Br/fbdGM031IcT2N+jC7ieiB/fGFj4OjzxaXgtjjJyg/pdOSXLpECDgrmCW/cnOM
YjaxAQGKqA+gLdqEXur+NXm4M1MuCfW8E/ZPXB9OE7MzYyzhaFrNulHcBRO9AbpT
NEifL0xmn+QG3iqVT114qjRneESoYhY8aVXcnehw0Y0eQ5OXwK8J+pEmz+ZE0lYk
BE4A4HzFrOArnupBC8WTotz5E6JjgsuSwZp6tyOTEeFtP+uFye/I76cm2RW/1kGH
rsSP8DYbAYxJ1xMZupR4QsZdsXpwYXorqzCHmQIDAQABAoIBAE8wveyDvhv0Y3RF
J2U3ucBDEWJAqrB9isN6WheLaaEYZy4vuhuwGIob+hao5jEDFfG8rBNMTLfQajoT
Fdpi04RtQoX333BYNob4aDIadIaRHKYD/E2JK5I3MNcBDLCzh+Ih+jUE8BRQ6oON
EDWkBy5BF5ExM+VLBB60hUbaX3qZNcTfOqiCubwFMN6dBsUMW/ktEDCLKg5MpINd
ShymP1ZuA9dHFRfZ9MDwRSu8dGFcaVOwiPeb6U93uozWyIQ9JQq5qM8214qZ6R5f
gd061gv3ZhQto9d0b+wF+QJyr5k32PwU0axOEaeF0d/y7Mjma36bMKJWmR5zdG3d
++HsKwECgYEA0OaiCby1PtdtIgAPsSpKojJ4Ou39XVC1i7SGH6989pLIvWpbFU8e
gc2ieDLXpH5kvdBRTpJXCTg+JPVAJHkuv2dtZVmQtIz6bYhbpMRskxwfmlfHNIOL
1z2Qi32O+LVRSFbr5UdhEyR7h+4VfM5ZKk6aQcsrg+YO/mV2K+E8E2kCgYEAzvby
xQ/27NujYVEOUi+94rSWY4a0WAidAC/sEenP3kpTSCCT0RT877zbs3xedFMQxmcv
5cnlO3C4gTCCCwVcyxGz+LJMy2dFWGTUqVrtIb8gAxgB7erwijTRbXW6qQiqClVi
FRcquRRgTxVbVkp2J22ni8bV4tU6eHRjwOB2vLECgYEAiuI6qoSWb0AkIy2tQRkf
43PwcSVWhBqriEUtwpUWXIw7/4pdIe6nFp9TO9x5d7g8W+HKnJU4Xj3ROxr+WQFk
LgaiOXZxeUgdGoNEgmfA05EoBaIEI4qthx08IzEHw5wwfQqk7JsnE+X2ZunHyWEa
8MCvV7yuopNqNoHYLdYh7bkCgYEAvWzasDC3cPxqIfT9JY3avvdIOhmdUIG5qOUz
rQWSIsNmTDq87/3Er2vsre9jyBYK4XyqIyhRrcCyrlOGgq3Ky3YNgc83aGfB2XCY
D9VP+rYih5JembKRq/1BvWymhnWOpFyXo/QLP1B+AYPrkCQg1l+PnOhE9RLyLDNi
5bLMGlECgYEAyAFpEOy6RaFqdus1JWA4W2asOEicpLFigX+FR2CknJqWoW5batdk
AX0ZUtyTO+7HynQJEvXj0kBmbsPuXUEKDhdKinkj1j831CE70YZm0fz1LqUxChPM
Bnt3WOky7f2j+wQu1CjdSusZthUA+ulXVxsiRWAUWgt+krVOj05a3ew=
-----END RSA PRIVATE KEY-----
