Seems I've fixed this.
I had TSAESSCertIdChain On in the tsa.conf file for the mod_tsa module. I am including the audit certificate using "TSACertificateChain conf/intcert.pem" on the apache server so as the intermediate certificate comes across in the response so I only need procure the root CA. With TSAESSCertIdChain set to Off, the verify works. Brad _____ From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of bradmrem...@iinet.net.au Sent: Wednesday, December 17, 2008 10:18 AM To: openssl-users@openssl.org Subject: Re: verification of timestamp (certificate chain) I've being using the OpenTSA software under apache2 on solaris in order to mimic other RFC3163 compliant Time Stamp Servers and work this in with software I'm in the process of writing. One of the commercial providers we are looking at using is Digistamp. They differ in the way that they issuer certificates from other demo TSAs (and maybe even commercial?) in that they issue an "audit" certificate from their root CA which then is used to issue the actual signing certificate for the TSA. Back to me trying to mimic this setup with certificates. I have a self-signed root CA which issues a CA certificate which then issues the TSA certificate, and the verify seems to work fine: # openssl verify -CAfile ca-cert.pem intcert.pem intcert.pem: OK # openssl verify -CAfile ca-cert.pem -untrusted intcert.pem tsacert.pem tsacert.pem: OK However, when I actually verify the output from the TSA: # openssl ts -verify -queryfile test.req -in trocg1.out -CAfile ca-cert.pem -untrusted intcert.pem Verification: FAILED 18446744071543990224:error:2F067065:time stamp routines:TS_CHECK_SIGNING_CERTS:ess signing certificate error:ts_rsp_verify.c:303: As far as I can tell, the certificates are fine. At first I thought it was the absence of digiSignatures, certificate signing etc from the key usage in intcert.pem but this didnt' seem to be the case. I do have verification working fine for a simple CA -> TSA Certificate situation. Would appreciate any suggestions, opinions. I've also attached the tsa request (query file) and the output. Brad ------------------------ These are the certificates: CA Certificate # openssl x509 -in ca-cert.pem -text Certificate: Data: Version: 3 (0x2) Serial Number: c3:3c:97:b1:f9:f0:d0:20 Signature Algorithm: sha1WithRSAEncryption Issuer: CN=caremote3.magentatech.com.au, C=AU, ST=NSW, L=Sydney, O=Magenta Technologies Pty Ltd/emailaddress=br...@magentatech.com.au Validity Not Before: Dec 16 23:18:20 2008 GMT Not After : Dec 15 23:18:20 2013 GMT Subject: CN=caremote3.magentatech.com.au, C=AU, ST=NSW, L=Sydney, O=Magenta Technologies Pty Ltd/emailaddress=br...@magentatech.com.au Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:c2:ac:cd:da:65:ff:15:63:da:d3:75:21:7f:13: c1:b5:af:2a:82:b3:76:63:3d:bd:b3:56:57:3b:73: b7:1c:53:b4:b0:41:f6:78:78:88:3d:f4:14:08:b8: 89:54:0f:96:e4:89:c9:bf:78:b3:b8:36:62:3c:73: 5f:76:5f:5f:49:26:6b:6d:75:f4:04:49:ed:70:ae: 16:7c:8a:4d:02:c9:26:c2:7a:0d:67:93:bc:77:0e: 92:cf:72:12:f4:0a:2e:5a:ff:cc:41:fd:3e:65:a9: d7:a2:6f:6f:7c:f5:19:6b:12:2f:6d:33:68:47:20: b1:0e:21:cc:e9:5e:9a:90:19:eb:d3:88:a9:24:96: 2c:cc:7c:a5:0c:c3:12:fc:ea:41:f9:ab:f5:a4:78: 22:3e:91:d9:b7:8f:8b:38:96:61:b0:95:9a:99:be: 08:ae:5b:97:d5:a4:14:1a:66:ba:7c:bc:b8:a0:da: 63:3f:42:98:e8:ec:44:75:be:1f:b4:7c:e6:2d:d5: 5e:5b:7e:a3:b9:ad:e4:d4:b1:53:dd:8e:bb:2b:72: a0:8d:a7:8d:77:8f:33:9c:64:d0:76:ef:e3:9f:e2: a5:ba:97:d9:7a:5d:f0:fa:04:48:0f:37:05:a5:96: ca:9c:94:8d:4d:19:f8:b2:ea:96:ba:48:f9:f8:7d: 6e:2f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 53:F8:19:1C:FB:BD:61:7D:BA:B1:FC:65:60:35:BB:04:26:FD:DF:B8 X509v3 Authority Key Identifier: keyid:53:F8:19:1C:FB:BD:61:7D:BA:B1:FC:65:60:35:BB:04:26:FD:DF:B8 DirName:/CN=caremote3.magentatech.com.au/C=AU/ST=NSW/L=Sydney/O=Magenta Technologies Pty Ltd/emailaddress=br...@magentatech.com.au serial:C3:3C:97:B1:F9:F0:D0:20 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha1WithRSAEncryption 68:4e:d1:b0:8e:fc:83:cf:e9:28:27:ca:8d:91:e4:c7:de:e4: b5:da:1d:c2:d8:44:89:8d:f2:d3:bc:d2:44:3c:d0:75:b4:68: a9:22:39:10:bf:30:71:17:cc:19:4f:09:c5:9c:e9:ba:cf:e9: 6e:4b:e4:6a:66:8c:ec:37:ba:55:97:ce:7f:b5:01:c8:44:68: 6a:aa:7d:d4:bb:4e:ea:e3:15:92:32:53:7f:4a:ff:bd:7a:89: 39:65:09:2e:65:7c:5a:ec:13:46:52:5c:22:1d:68:d1:02:19: fa:2e:20:c1:7f:c8:65:43:0a:42:2d:1f:ff:6b:3e:66:25:c7: ba:ec:17:ea:86:ee:c5:48:e0:2f:97:d4:d5:0b:33:70:57:17: 6a:05:c9:5a:8d:ea:cd:77:89:86:2a:74:23:b2:83:7d:06:b8: 0b:ee:41:41:fb:26:9c:85:36:54:4f:a3:87:75:45:e3:c9:8a: b2:6d:ff:59:71:26:65:3a:a2:f8:3b:cf:ac:60:5d:aa:84:a3: 09:c5:14:c1:03:bf:28:40:83:f7:c5:6a:06:c0:f3:e0:e9:47: b1:34:bc:cd:a9:2d:75:61:6f:de:fd:3c:16:e7:b4:f0:fd:1c: 1e:7d:13:d0:98:b7:80:42:40:73:54:0b:88:84:71:89:9f:22: dc:3c:7a:08 -----BEGIN CERTIFICATE----- MIIE2TCCA8GgAwIBAgIJAMM8l7H58NAgMA0GCSqGSIb3DQEBBQUAMIGjMSUwIwYD VQQDExxjYXJlbW90ZTMubWFnZW50YXRlY2guY29tLmF1MQswCQYDVQQGEwJBVTEM MAoGA1UECBMDTlNXMQ8wDQYDVQQHEwZTeWRuZXkxJTAjBgNVBAoTHE1hZ2VudGEg VGVjaG5vbG9naWVzIFB0eSBMdGQxJzAlBgkqhkiG9w0BCQEWGGJyYWRtQG1hZ2Vu dGF0ZWNoLmNvbS5hdTAeFw0wODEyMTYyMzE4MjBaFw0xMzEyMTUyMzE4MjBaMIGj MSUwIwYDVQQDExxjYXJlbW90ZTMubWFnZW50YXRlY2guY29tLmF1MQswCQYDVQQG EwJBVTEMMAoGA1UECBMDTlNXMQ8wDQYDVQQHEwZTeWRuZXkxJTAjBgNVBAoTHE1h Z2VudGEgVGVjaG5vbG9naWVzIFB0eSBMdGQxJzAlBgkqhkiG9w0BCQEWGGJyYWRt QG1hZ2VudGF0ZWNoLmNvbS5hdTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAMKszdpl/xVj2tN1IX8TwbWvKoKzdmM9vbNWVztztxxTtLBB9nh4iD30FAi4 iVQPluSJyb94s7g2YjxzX3ZfX0kma2119ARJ7XCuFnyKTQLJJsJ6DWeTvHcOks9y EvQKLlr/zEH9PmWp16Jvb3z1GWsSL20zaEcgsQ4hzOlempAZ69OIqSSWLMx8pQzD EvzqQfmr9aR4Ij6R2bePiziWYbCVmpm+CK5bl9WkFBpmuny8uKDaYz9CmOjsRHW+ H7R85i3VXlt+o7mt5NSxU92OuytyoI2njXePM5xk0Hbv45/ipbqX2Xpd8PoESA83 BaWWypyUjU0Z+LLqlrpI+fh9bi8CAwEAAaOCAQwwggEIMB0GA1UdDgQWBBRT+Bkc +71hfbqx/GVgNbsEJv3fuDCB2AYDVR0jBIHQMIHNgBRT+Bkc+71hfbqx/GVgNbsE Jv3fuKGBqaSBpjCBozElMCMGA1UEAxMcY2FyZW1vdGUzLm1hZ2VudGF0ZWNoLmNv bS5hdTELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5 MSUwIwYDVQQKExxNYWdlbnRhIFRlY2hub2xvZ2llcyBQdHkgTHRkMScwJQYJKoZI hvcNAQkBFhhicmFkbUBtYWdlbnRhdGVjaC5jb20uYXWCCQDDPJex+fDQIDAMBgNV HRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQBoTtGwjvyDz+koJ8qNkeTH3uS1 2h3C2ESJjfLTvNJEPNB1tGipIjkQvzBxF8wZTwnFnOm6z+luS+RqZozsN7pVl85/ tQHIRGhqqn3Uu07q4xWSMlN/Sv+9eok5ZQkuZXxa7BNGUlwiHWjRAhn6LiDBf8hl QwpCLR//az5mJce67Bfqhu7FSOAvl9TVCzNwVxdqBclajerNd4mGKnQjsoN9BrgL 7kFB+yachTZUT6OHdUXjyYqybf9ZcSZlOqL4O8+sYF2qhKMJxRTBA78oQIP3xWoG wPPg6UexNLzNqS11YW/e/TwW57Tw/RwefRPQmLeAQkBzVAuIhHGJnyLcPHoI -----END CERTIFICATE----- Intermediate/audit certificate # openssl x509 -in intcert.pem -text Certificate: Data: Version: 3 (0x2) Serial Number: 8 (0x8) Signature Algorithm: sha1WithRSAEncryption Issuer: CN=caremote3.magentatech.com.au, C=AU, ST=NSW, L=Sydney, O=Magenta Technologies Pty Ltd/emailaddress=br...@magentatech.com.au Validity Not Before: Dec 16 23:49:59 2008 GMT Not After : Dec 16 23:49:59 2009 GMT Subject: C=AU, ST=NSW, O=Magenta Technologies Pty Ltd, CN=int3.magentatech.com.au/emailaddress=br...@magentatech.com.au Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:e6:66:9c:1c:68:18:d7:f5:ec:aa:c3:cf:f5:20: 97:07:83:6e:05:55:1d:c4:8b:3a:fc:fb:b9:c2:f8: e6:85:7f:b2:b3:61:6e:a4:2b:86:36:76:67:a7:e3: 7e:9f:0a:5a:05:0f:e1:cf:95:22:ee:8a:c8:33:31: fb:4a:36:d5:97:e5:da:70:25:c6:de:ae:28:36:64: d9:bf:58:93:32:b7:a1:97:6a:67:2d:65:31:6d:82: 22:ea:45:dc:ab:af:52:fa:0d:29:f5:84:e7:b9:36: 99:cc:43:78:6c:eb:9c:c6:b5:34:87:79:8b:b6:16: f4:db:e5:5a:1f:db:ee:73:58:6f:25:aa:2c:9a:0c: 02:7d:86:d3:3e:d6:ff:1a:5a:1c:8a:ca:02:00:a6: c0:2d:12:4d:cb:8b:24:7b:f8:12:14:88:6e:59:72: f5:59:22:9d:29:04:95:17:d7:a9:74:ef:d9:7a:b7: 73:65:94:2c:4d:8b:60:9f:69:1c:7d:e8:74:5b:47: 59:28:88:f9:b2:ae:9e:08:ed:7b:0e:d1:0f:7f:33: d7:5a:76:9f:9a:d4:98:42:8f:cc:6d:77:be:ba:7a: a6:aa:dc:5d:81:2b:64:78:3a:cd:cb:1f:b3:58:c0: 5e:35:80:87:bf:a3:81:5f:94:88:33:25:3a:e5:39: 5f:bb Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 8B:01:C5:7F:1F:C2:B1:96:80:D3:0B:12:E7:28:07:A5:07:D6:3D:89 X509v3 Authority Key Identifier: keyid:53:F8:19:1C:FB:BD:61:7D:BA:B1:FC:65:60:35:BB:04:26:FD:DF:B8 DirName:/CN=caremote3.magentatech.com.au/C=AU/ST=NSW/L=Sydney/O=Magenta Technologies Pty Ltd/emailaddress=br...@magentatech.com.au serial:C3:3C:97:B1:F9:F0:D0:20 X509v3 Basic Constraints: CA:TRUE X509v3 Key Usage: critical Digital Signature, Non Repudiation, Certificate Sign Signature Algorithm: sha1WithRSAEncryption 9e:02:36:f3:74:65:c5:a2:d8:e5:c5:d1:50:81:ab:28:31:a6: 27:cd:cd:52:09:82:cb:25:f6:fe:12:7c:f9:9d:03:ab:4e:32: 28:9a:89:87:9f:4a:46:bf:c0:52:b0:8a:ef:02:92:ae:43:56: a1:9d:7e:9f:82:66:fc:be:90:97:b0:c7:d0:1a:f3:36:ee:2b: 21:ff:60:d5:4f:60:fb:58:98:ae:59:0b:79:db:c6:5f:e5:90: 7e:60:67:47:9f:19:7a:32:22:e7:0c:34:75:3a:7e:8d:95:db: c2:6d:9b:53:27:4e:6c:ed:e8:f9:41:81:3b:d2:1f:8f:cf:af: ae:88:9f:f2:08:de:61:83:7f:c3:b7:8b:72:64:ac:a0:55:21: 60:8b:d4:96:17:53:0b:b4:67:93:96:53:90:45:65:8d:d7:5f: 7e:52:5e:ac:0e:ac:28:28:a5:eb:72:37:0d:4f:3c:27:90:10: bf:68:45:bf:60:30:63:24:75:45:f6:0e:15:e6:96:17:f9:b5: a2:05:81:ea:93:d6:a7:51:fa:3d:77:a7:2d:84:4f:f3:9a:ae: 1a:48:42:38:85:d0:43:19:d8:e1:48:6b:ca:c7:94:66:64:9e: 9e:6c:cb:f3:01:47:2d:1d:c8:64:65:c0:dc:69:8d:b6:7d:6d: 8c:6c:8d:99 -----BEGIN CERTIFICATE----- MIIEyzCCA7OgAwIBAgIBCDANBgkqhkiG9w0BAQUFADCBozElMCMGA1UEAxMcY2Fy ZW1vdGUzLm1hZ2VudGF0ZWNoLmNvbS5hdTELMAkGA1UEBhMCQVUxDDAKBgNVBAgT A05TVzEPMA0GA1UEBxMGU3lkbmV5MSUwIwYDVQQKExxNYWdlbnRhIFRlY2hub2xv Z2llcyBQdHkgTHRkMScwJQYJKoZIhvcNAQkBFhhicmFkbUBtYWdlbnRhdGVjaC5j b20uYXUwHhcNMDgxMjE2MjM0OTU5WhcNMDkxMjE2MjM0OTU5WjCBjTELMAkGA1UE BhMCQVUxDDAKBgNVBAgTA05TVzElMCMGA1UEChMcTWFnZW50YSBUZWNobm9sb2dp ZXMgUHR5IEx0ZDEgMB4GA1UEAxMXaW50My5tYWdlbnRhdGVjaC5jb20uYXUxJzAl BgkqhkiG9w0BCQEWGGJyYWRtQG1hZ2VudGF0ZWNoLmNvbS5hdTCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAOZmnBxoGNf17KrDz/UglweDbgVVHcSLOvz7 ucL45oV/srNhbqQrhjZ2Z6fjfp8KWgUP4c+VIu6KyDMx+0o21Zfl2nAlxt6uKDZk 2b9YkzK3oZdqZy1lMW2CIupF3KuvUvoNKfWE57k2mcxDeGzrnMa1NId5i7YW9Nvl Wh/b7nNYbyWqLJoMAn2G0z7W/xpaHIrKAgCmwC0STcuLJHv4EhSIblly9VkinSkE lRfXqXTv2Xq3c2WULE2LYJ9pHH3odFtHWSiI+bKungjtew7RD38z11p2n5rUmEKP zG13vrp6pqrcXYErZHg6zcsfs1jAXjWAh7+jgV+UiDMlOuU5X7sCAwEAAaOCARww ggEYMB0GA1UdDgQWBBSLAcV/H8KxloDTCxLnKAelB9Y9iTCB2AYDVR0jBIHQMIHN gBRT+Bkc+71hfbqx/GVgNbsEJv3fuKGBqaSBpjCBozElMCMGA1UEAxMcY2FyZW1v dGUzLm1hZ2VudGF0ZWNoLmNvbS5hdTELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA05T VzEPMA0GA1UEBxMGU3lkbmV5MSUwIwYDVQQKExxNYWdlbnRhIFRlY2hub2xvZ2ll cyBQdHkgTHRkMScwJQYJKoZIhvcNAQkBFhhicmFkbUBtYWdlbnRhdGVjaC5jb20u YXWCCQDDPJex+fDQIDAMBgNVHRMEBTADAQH/MA4GA1UdDwEB/wQEAwICxDANBgkq hkiG9w0BAQUFAAOCAQEAngI283RlxaLY5cXRUIGrKDGmJ83NUgmCyyX2/hJ8+Z0D q04yKJqJh59KRr/AUrCK7wKSrkNWoZ1+n4Jm/L6Ql7DH0BrzNu4rIf9g1U9g+1iY rlkLedvGX+WQfmBnR58ZejIi5ww0dTp+jZXbwm2bUydObO3o+UGBO9Ifj8+vroif 8gjeYYN/w7eLcmSsoFUhYIvUlhdTC7Rnk5ZTkEVljddfflJerA6sKCil63I3DU88 J5AQv2hFv2AwYyR1RfYOFeaWF/m1ogWB6pPWp1H6PXenLYRP85quGkhCOIXQQxnY 4UhryseUZmSenmzL8wFHLR3IZGXA3GmNtn1tjGyNmQ== -----END CERTIFICATE----- TSA Signing Certificate # openssl x509 -in tsacert.pem -text Certificate: Data: Version: 3 (0x2) Serial Number: 9 (0x9) Signature Algorithm: sha1WithRSAEncryption Issuer: C=AU, ST=NSW, O=Magenta Technologies Pty Ltd, CN=int3.magentatech.com.au/emailaddress=br...@magentatech.com.au Validity Not Before: Dec 16 23:51:21 2008 GMT Not After : Mar 16 23:51:21 2009 GMT Subject: C=AU, ST=NSW, O=Magenta Technologies Pty Ltd, CN=tsaremote3.magentatech.com.au/emailaddress=br...@magentatech.com.au Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:97:44:7b:87:bb:c7:b2:7b:9f:50:79:a4:02:4e: 9e:16:a9:f5:f1:58:3e:09:34:45:a3:dd:ad:44:5b: 8c:f5:bf:6d:5f:4f:f8:b2:af:6d:c6:7a:15:2e:6f: d9:30:32:15:9d:96:1d:ef:e5:8c:ba:e1:b3:f5:7a: 1f:b1:55:3c:99:8f:a4:2b:76:a9:58:a6:5c:f0:9a: 9e:26:7a:ce:c7:0c:bf:ff:33:ce:65:e6:3c:b6:3d: 83:08:87:13:82:1b:24:54:46:69:3d:07:c8:eb:1a: 29:17:34:e9:a4:e2:af:4a:5a:e8:77:51:59:63:16: c1:11:bc:9e:14:6a:58:85:94:2b:8d:5b:a8:07:0a: 4b:4a:86:0f:6e:b1:44:df:8c:de:19:83:b8:9b:80: e7:13:80:7a:8c:d1:9e:81:41:85:b0:06:30:5d:6d: 99:6e:80:86:b4:88:33:b5:96:5d:6c:d9:79:1f:f7: 17:cc:dd:8b:cd:90:1a:dd:0d:2c:20:dc:55:28:08: 83:2e:40:09:b5:ff:d6:25:99:a2:a7:73:ab:17:c0: 09:17:38:f3:8e:ec:e3:a6:35:30:93:9a:a8:42:c4: 8f:51:ee:31:b1:63:89:6d:a6:95:91:e2:7c:97:7a: 96:f3:86:12:cb:51:8b:ba:4d:ad:fe:ad:fb:5a:a1: b6:63 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Subject Key Identifier: 99:30:36:BE:F9:34:8C:6D:B6:89:C1:98:F0:BC:91:86:21:37:26:6B X509v3 Authority Key Identifier: keyid:8B:01:C5:7F:1F:C2:B1:96:80:D3:0B:12:E7:28:07:A5:07:D6:3D:89 DirName:/CN=caremote3.magentatech.com.au/C=AU/ST=NSW/L=Sydney/O=Magenta Technologies Pty Ltd/emailaddress=br...@magentatech.com.au serial:08 X509v3 Extended Key Usage: critical Time Stamping Netscape CA Revocation Url: https://www.magentatech.com.au/ca-crl.pem Signature Algorithm: sha1WithRSAEncryption 7f:d6:b9:2d:ae:b5:3b:6a:66:4b:4c:7a:61:8c:7b:f8:02:e9: 5a:df:57:bc:2d:d7:bd:37:27:5e:7b:b5:4d:71:d9:eb:0d:07: 5d:e1:ea:82:1d:e4:10:e1:74:a0:34:7d:df:ed:12:ca:df:c2: 2d:e3:ed:22:09:3c:b2:29:af:81:88:2d:94:5e:4b:81:ee:f2: 3c:16:d1:5f:40:e2:60:c7:a6:09:70:6a:c7:77:77:c8:d8:6c: 1a:ee:c6:80:22:75:62:f1:3b:f2:b6:77:bb:bb:5b:cb:09:6f: e7:7b:8e:e2:c1:1b:c8:3e:1e:2e:0c:d8:30:5d:4c:d0:e5:45: 18:3f:c3:dd:54:e2:c8:2c:cc:fc:35:77:e5:56:bf:fc:d5:47: 7d:78:33:a6:7f:29:55:45:01:e9:75:84:22:48:3f:9b:1f:0e: 0b:5b:b3:04:f6:a9:73:b5:a9:33:62:46:56:b3:28:46:b9:0e: a0:bd:2a:54:40:bc:f4:65:3a:dc:59:08:93:4c:ac:c9:38:51: e6:43:9e:98:ab:73:33:05:c5:84:b4:94:f7:f4:80:0f:9e:ba: 4f:41:f1:d7:1d:a5:1d:ef:58:ae:2e:a7:ac:ba:ab:71:74:ca: 51:aa:cf:ca:ff:e3:23:f0:8e:46:21:ec:a2:69:9d:e8:a2:78: f4:1a:4d:f2 -----BEGIN CERTIFICATE----- MIIE8jCCA9qgAwIBAgIBCTANBgkqhkiG9w0BAQUFADCBjTELMAkGA1UEBhMCQVUx DDAKBgNVBAgTA05TVzElMCMGA1UEChMcTWFnZW50YSBUZWNobm9sb2dpZXMgUHR5 IEx0ZDEgMB4GA1UEAxMXaW50My5tYWdlbnRhdGVjaC5jb20uYXUxJzAlBgkqhkiG 9w0BCQEWGGJyYWRtQG1hZ2VudGF0ZWNoLmNvbS5hdTAeFw0wODEyMTYyMzUxMjFa Fw0wOTAzMTYyMzUxMjFaMIGTMQswCQYDVQQGEwJBVTEMMAoGA1UECBMDTlNXMSUw IwYDVQQKExxNYWdlbnRhIFRlY2hub2xvZ2llcyBQdHkgTHRkMSYwJAYDVQQDEx10 c2FyZW1vdGUzLm1hZ2VudGF0ZWNoLmNvbS5hdTEnMCUGCSqGSIb3DQEJARYYYnJh ZG1AbWFnZW50YXRlY2guY29tLmF1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEAl0R7h7vHsnufUHmkAk6eFqn18Vg+CTRFo92tRFuM9b9tX0/4sq9txnoV Lm/ZMDIVnZYd7+WMuuGz9XofsVU8mY+kK3apWKZc8JqeJnrOxwy//zPOZeY8tj2D CIcTghskVEZpPQfI6xopFzTppOKvSlrod1FZYxbBEbyeFGpYhZQrjVuoBwpLSoYP brFE34zeGYO4m4DnE4B6jNGegUGFsAYwXW2ZboCGtIgztZZdbNl5H/cXzN2LzZAa 3Q0sINxVKAiDLkAJtf/WJZmip3OrF8AJFzjzjuzjpjUwk5qoQsSPUe4xsWOJbaaV keJ8l3qW84YSy1GLuk2t/q37WqG2YwIDAQABo4IBUzCCAU8wCQYDVR0TBAIwADAd BgNVHQ4EFgQUmTA2vvk0jG22icGY8LyRhiE3JmswgdAGA1UdIwSByDCBxYAUiwHF fx/CsZaA0wsS5ygHpQfWPYmhgamkgaYwgaMxJTAjBgNVBAMTHGNhcmVtb3RlMy5t YWdlbnRhdGVjaC5jb20uYXUxCzAJBgNVBAYTAkFVMQwwCgYDVQQIEwNOU1cxDzAN BgNVBAcTBlN5ZG5leTElMCMGA1UEChMcTWFnZW50YSBUZWNobm9sb2dpZXMgUHR5 IEx0ZDEnMCUGCSqGSIb3DQEJARYYYnJhZG1AbWFnZW50YXRlY2guY29tLmF1ggEI MBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMDgGCWCGSAGG+EIBBAQrFilodHRwczov L3d3dy5tYWdlbnRhdGVjaC5jb20uYXUvY2EtY3JsLnBlbTANBgkqhkiG9w0BAQUF AAOCAQEAf9a5La61O2pmS0x6YYx7+ALpWt9XvC3XvTcnXnu1TXHZ6w0HXeHqgh3k EOF0oDR93+0Syt/CLePtIgk8simvgYgtlF5Lge7yPBbRX0DiYMemCXBqx3d3yNhs Gu7GgCJ1YvE78rZ3u7tbywlv53uO4sEbyD4eLgzYMF1M0OVFGD/D3VTiyCzM/DV3 5Va//NVHfXgzpn8pVUUB6XWEIkg/mx8OC1uzBPapc7WpM2JGVrMoRrkOoL0qVEC8 9GU63FkIk0ysyThR5kOemKtzMwXFhLSU9/SAD566T0Hx1x2lHe9Yri6nrLqrcXTK UarPyv/jI/CORiHsommd6KJ49BpN8g== -----END CERTIFICATE----- No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.176 / Virus Database: 270.9.17/1847 - Release Date: 12/16/2008 6:11 PM
