On Tue, Jul 10, 2018 at 12:55:38PM -0400, James B. Byrne wrote:
> We are migrating our Postfix MX services and in the process have
> disrupted a setup which has been very stable for the past couple of
> years. One of the remaining items is this sort of message which only
> started very recently:
What is the MX hostname associated with this Postfix instance? What
domains does it serve? That has bearing on the TLSA records seen
by the connecting SMTP client.
> Jul 10 11:55:30 mx31 postfix-p25/smtpd[70030]: warning: TLS library
> problem: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad
> certificate:/usr/src/crypto/openssl/ssl/s3_pkt.c:1493:SSL alert number > 42:
The client rejected the server's certificate chain. The details
are known only to the client.
> I thought that these errors were the result of a misconfigured
> certificate or private key for the postfix service. However, I have
> examined these and they appear to be correct:
"Correct" is in the eye of the beholder. Did the certificate chain
match the associated DANE TLSA records? Might samba.org have reason
to expect to authenticate your server via WebPKI? You're using a
private CA...
> CN=mx31.harte-lyne.ca
Its current cert chain seems to match the TLSA records for the above
name, though two of the three TLSA records seem redundant:
mx31.harte-lyne.ca. IN A 216.185.71.31 ; AD=1 NoError
mx31.harte-lyne.ca. IN AAAA ? ; AD=1 NODATA
_25._tcp.mx31.harte-lyne.ca. IN CNAME _tlsa._dane.trust.harte-lyne.ca. ;
AD=1 NoError
_tlsa._dane.trust.harte-lyne.ca. IN TLSA 2 0 2
67274b355428905895c6b581950e0ed4f7d043f31f7e7020b716b7faa06776b6aadd33e127624b6e8c75c520a01d9cad3bd29f18fa7dcb3d5fd3917510e6722a
; AD=1 NoError
_tlsa._dane.trust.harte-lyne.ca. IN TLSA 2 1 2
380259229e21a1946b38cfc594cbc993b61bc93762b7b6c6637b3eef9c5a2bb70c589b91beb73bd1304eac11b3917e33819e2b47d25d4966435a2a3e83c1f80f
; AD=1 NoError
_tlsa._dane.trust.harte-lyne.ca. IN TLSA 2 1 2
c26e0ec16a46a97386e8f31f8ecc971f2d73136aa377dfdaac2b2b00f7cab4bb29b17d913c82093b41fd0d9e40b66a68361c126f1f4017f9ce60eabc5adba90e
; AD=1 NoError
mx31.harte-lyne.ca[216.185.71.31]: pass: TLSA match: depth = 1, name =
mx31.harte-lyne.ca
TLS = TLS12 with ECDHE-RSA-AES256GCM-SHA384
name = mx31.harte-lyne.ca
name = mx31
name = mx31.hamilton
name = mx31.hamilton.harte-lyne.ca
depth = 0
Issuer CommonName = CA_HLL_ISSUER_2016
Issuer Organization = Harte & Lyne Limited
notBefore = 2018-06-01T00:00:00Z
notAfter = 2023-06-30T23:59:59Z
Subject CommonName = mx31.harte-lyne.ca
Subject Organization = Harte & Lyne Limited
pkey sha256 [nomatch] <- 3 1 1
3fa3dae08e2fecff0611a75767ee0995a115e308a181ad79a6d163315742b270
cert sha512 [nomatch] <- 3 0 2
cc5bd085ba7e1c136539083bf32ad6512b6c0fe5a31a8f2f775b627ab1c6525d7464c751191a4e1747072f5bd63d364713e48a4636ca25e31532ca0657444c7f
pkey sha512 [nomatch] <- 3 1 2
39248e9342c4fc8fb67dac3f51e7a2d9e77d7a37df6fac0272006cc7d757e5346c9e11f93f7f8c34cacf95cd0e60d1ab5b3fc2b9881551fa9bc9a6fb6e3300a8
depth = 1
Issuer CommonName = CA_HLL_ROOT_2016
Issuer Organization = Harte & Lyne Limited
notBefore = 2016-11-01T00:00:00Z
notAfter = 2035-11-01T23:59:59Z
Subject CommonName = CA_HLL_ISSUER_2016
Subject Organization = Harte & Lyne Limited
pkey sha256 [nomatch] <- 2 1 1
9c19d0fed453f6c49cd9f569af9b5da75ef6d8baabd26308eee88adb2d06a3b5
cert sha512 [nomatch] <- 2 0 2
ab23a715c42f6cf8a2502b725969adedf1f6c6bedbb483fb49badc5470232297b34a3a7716b2dd7eb086bd6e462599db95f9af3415209eadea71450c72af942a
pkey sha512 [matched] <- 2 1 2
380259229e21a1946b38cfc594cbc993b61bc93762b7b6c6637b3eef9c5a2bb70c589b91beb73bd1304eac11b3917e33819e2b47d25d4966435a2a3e83c1f80f
depth = 2
Issuer CommonName = CA_HLL_ROOT_2016
Issuer Organization = Harte & Lyne Limited
notBefore = 2016-11-01T00:00:00Z
notAfter = 2036-10-31T23:59:59Z
Subject CommonName = CA_HLL_ROOT_2016
Subject Organization = Harte & Lyne Limited
pkey sha256 [nomatch] <- 2 1 1
4bd5dd98b37237136d1a5b2e45ee8ed1c9f2c2569b6dc94f0951da5af6d090c4
cert sha512 [nomatch] <- 2 0 2
4a4ea8374f20e46009b03bd19793598b5f4e0d38aeba39644f6b8659057ca16a4c5bfd7f3779ec83c1d26c732edbc9d41454f9866d25109bcde177eae58a4481
pkey sha512 [matched] <- 2 1 2
c26e0ec16a46a97386e8f31f8ecc971f2d73136aa377dfdaac2b2b00f7cab4bb29b17d913c82093b41fd0d9e40b66a68361c126f1f4017f9ce60eabc5adba90e
[ 4096-bit keys are IMHO overkill. ]
--
Viktor.
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 538312766 (0x2016003e)
Signature Algorithm: sha512WithRSAEncryption
Issuer: CN=CA_HLL_ISSUER_2016, OU=Networked Data Services, O=Harte &
Lyne Limited, L=Hamilton, ST=Ontario, C=CA, DC=harte-lyne, DC=ca
Validity
Not Before: Jun 1 00:00:00 2018 GMT
Not After : Jun 30 23:59:59 2023 GMT
Subject: CN=mx31.harte-lyne.ca, OU=Networked Data Services, O=Harte &
Lyne Limited, L=Hamilton, ST=Ontario, C=CA, DC=hamilton, DC=harte-lyne, DC=ca
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:cf:e4:7c:aa:94:06:06:8c:c5:bd:6d:34:cb:56:
f4:9d:4e:c4:a5:27:f5:bd:09:6f:03:55:6f:9d:12:
a4:ac:16:ab:b6:61:eb:ea:88:88:fc:f0:a2:42:49:
8f:80:01:33:77:d2:d2:6e:b4:3e:61:f9:bb:44:6d:
49:09:c5:98:22:f4:86:b0:31:ae:d9:46:01:53:4c:
3a:ad:1e:1f:12:c6:57:44:11:61:51:aa:39:0f:ff:
f2:bc:35:00:8c:19:29:cc:46:95:5d:ac:85:e6:f8:
c7:a3:58:ca:6c:c3:1a:9e:d1:6c:06:e2:bb:9d:a5:
59:76:de:cf:84:5c:ce:71:93:79:4a:70:fe:b1:b0:
3f:14:49:b2:d0:ab:0e:be:e9:61:cd:31:78:20:de:
63:c9:78:cc:58:f0:c4:4c:ed:18:34:f2:a5:d4:9a:
95:93:2d:20:dc:7e:52:ce:ff:a8:58:43:5c:48:29:
1a:9c:97:a3:18:ca:82:6f:a3:ff:00:5b:e0:f1:5c:
58:84:fe:36:47:61:0a:dd:cf:d0:a6:ef:3a:51:75:
a0:65:ab:4f:43:d4:09:37:9a:03:61:4b:c0:d5:b0:
d3:58:d0:f2:a7:76:a4:d7:60:e4:1f:33:40:5d:d2:
47:ac:a0:7f:77:a5:d5:aa:b9:f1:8c:9d:ef:22:9b:
ed:5f:bf:8d:d8:e6:6c:2d:c1:89:6a:4e:6b:c7:cd:
9d:da:34:54:c9:61:72:12:0d:66:0c:48:15:1d:d7:
52:a4:4b:d5:80:2d:da:a3:3c:60:7e:6b:40:4e:38:
90:bb:cb:df:d1:70:89:0b:2a:a3:ea:f2:dd:27:b5:
d4:4d:4b:26:69:e2:7a:30:cb:9e:a5:f3:f4:c8:85:
07:24:a4:a2:7f:e5:75:9b:a3:6d:6e:fc:d1:0d:5f:
87:f1:17:dd:91:b5:bc:4b:4f:b4:81:1d:f8:60:55:
01:26:36:10:4d:01:70:11:18:5a:e5:02:98:ea:42:
b8:78:54:ca:9a:4f:c0:92:d2:e7:86:d9:e5:c0:74:
21:33:09:23:ba:4c:10:88:a8:4c:e6:4b:5d:f0:d9:
80:dc:1e:5e:37:7c:18:77:a4:cf:e1:c8:20:d8:cc:
a7:68:d1:e1:b1:7a:02:a0:27:9e:ae:16:53:6f:2d:
b3:6d:60:36:03:b1:ab:52:94:99:7a:77:7b:88:28:
43:66:5c:3c:6b:5a:de:28:24:94:54:d6:d1:0e:64:
bb:13:9e:85:af:8a:4d:14:7d:c3:31:c4:7e:7a:aa:
7a:50:57:e8:f4:16:40:01:c5:56:9e:38:58:60:c7:
cc:32:9d:78:2f:b1:37:4f:62:96:ce:56:fe:97:72:
64:0c:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
Netscape CA Revocation Url:
http://ca.harte-lyne.ca/CA_HLL_ISSUER_2016/crl-v1.crl
Authority Information Access:
CA Issuers -
URI:http://ca.harte-lyne.ca/CA_HLL_ISSUER_2016/ca.crt
X509v3 CRL Distribution Points:
Full Name:
URI:http://ca.harte-lyne.ca/CA_HLL_ISSUER_2016/crl-v2.crl
X509v3 Subject Key Identifier:
DF:A5:29:08:15:FF:F2:79:0F:4E:E9:99:EB:93:A7:C0:0C:2C:34:66
X509v3 Authority Key Identifier:
keyid:FD:C6:20:77:C5:AA:E8:34:43:99:C4:3D:5B:65:9A:3C:2D:14:8E:AF
DirName:/CN=CA_HLL_ROOT_2016/ST=Ontario/O=Harte & Lyne
Limited/OU=Networked Data Services/C=CA/DC=harte-lyne/DC=ca/L=Hamilton
serial:02
X509v3 Issuer Alternative Name:
email:certifica...@harte-lyne.ca, URI:http://ca.harte-lyne.ca
X509v3 Subject Alternative Name:
email:supp...@harte-lyne.ca, DNS:mx31.harte-lyne.ca, DNS:mx31,
DNS:mx31.hamilton, DNS:mx31.hamilton.harte-lyne.ca, IP Address:216.185.71.31,
IP Address:192.168.209.31, IP Address:192.168.216.31
Netscape Cert Type:
SSL Client, SSL Server, S/MIME
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication,
E-mail Protection
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.44880.100.10.10.3.1
CPS: http://ca.harte-lyne.ca/CPS
User Notice:
Explicit Text: Limited Liability, see
http://ca.harte-lyne.ca/CPS
Signature Algorithm: sha512WithRSAEncryption
46:63:88:4e:c7:05:46:65:ae:77:df:bd:39:ab:e4:f0:06:46:
1a:e7:6c:a2:d9:dd:ae:4f:04:26:fd:b4:f0:92:94:b3:f8:a4:
34:02:03:56:d5:ee:4d:ab:59:2b:b7:ad:43:9b:fa:e8:ec:33:
ed:d5:c3:87:75:6f:90:fe:6b:a3:1f:e0:76:87:5d:ef:5b:21:
c0:04:3b:e3:8c:ab:60:88:6b:41:18:3e:f8:01:c5:a8:31:3d:
cd:fc:21:b7:ef:cc:2b:44:47:cf:c5:a9:47:e2:e7:a1:d9:79:
ae:1f:2d:ff:91:d8:da:dc:d6:4c:ba:f8:ff:0e:f6:51:9e:98:
c9:fa:88:2c:db:1a:a5:5a:e8:25:b8:e5:e9:07:1b:b0:ba:6f:
d6:bc:f4:50:44:63:cf:67:db:c3:6d:d6:c9:ef:35:ef:b7:e4:
8c:20:0d:8b:52:af:dc:56:80:9f:68:4f:77:77:fb:72:9a:d3:
89:4e:61:27:52:86:bd:02:34:c5:e2:8f:f3:3e:7f:d1:49:65:
d9:8f:8d:2e:39:77:9a:4a:83:de:a3:f4:de:30:47:1d:90:92:
41:ee:3d:46:1e:bd:66:5e:b6:33:2c:a6:18:0a:ca:bf:a5:bc:
b6:42:11:e1:e0:cc:33:d0:61:f4:e3:de:9b:12:a4:aa:f6:09:
80:55:3c:09:09:73:26:aa:85:38:ad:c7:75:48:37:f4:9b:b1:
d3:12:35:c6:f3:ce:3e:6e:96:5e:3e:9e:4e:b7:f3:c4:55:8c:
5a:50:f2:f9:f0:d9:a1:41:8a:71:d6:8f:92:a2:35:37:51:ca:
5d:35:38:5a:35:91:d0:9a:6a:f2:22:93:ed:3a:60:d1:6b:28:
59:b5:42:5d:77:9a:e8:af:47:68:e1:66:bf:91:9a:10:a9:80:
9d:e5:22:54:24:8a:df:17:49:6f:aa:0a:6f:44:af:3d:6e:c8:
d6:2d:a8:08:da:77:56:ae:c0:9e:b0:50:10:cf:c2:46:33:f5:
4f:f4:60:31:6f:16:d5:43:b1:b0:91:f6:6a:5d:15:03:aa:91:
a1:f4:62:80:a2:e3:16:87:26:79:b4:e1:9c:c3:d0:5b:d0:9c:
37:28:a6:e3:02:bf:c7:03:b4:c5:3e:a2:ce:66:e4:3b:3f:ff:
6a:06:e2:13:c8:64:44:6e:3b:09:ae:7b:dc:b6:fe:8d:c9:25:
0f:99:d5:3e:6d:1d:a0:5a:9c:4e:40:f6:ad:d1:85:74:18:58:
b2:dd:48:f9:8d:37:20:5b:ab:87:29:e5:c6:f5:81:2d:f0:14:
01:49:70:e2:ce:63:d9:5e:31:55:2e:59:df:1d:56:79:61:87:
33:40:31:c9:ff:f2:38:77
-----BEGIN CERTIFICATE-----
MIIJnDCCB4SgAwIBAgIEIBYAPjANBgkqhkiG9w0BAQ0FADCBwDEbMBkGA1UEAxQS
Q0FfSExMX0lTU1VFUl8yMDE2MSAwHgYDVQQLExdOZXR3b3JrZWQgRGF0YSBTZXJ2
aWNlczEdMBsGA1UEChQUSGFydGUgJiBMeW5lIExpbWl0ZWQxETAPBgNVBAcTCEhh
bWlsdG9uMRAwDgYDVQQIEwdPbnRhcmlvMQswCQYDVQQGEwJDQTEaMBgGCgmSJomT
8ixkARkTCmhhcnRlLWx5bmUxEjAQBgoJkiaJk/IsZAEZEwJjYTAiGA8yMDE4MDYw
MTAwMDAwMFoYDzIwMjMwNjMwMjM1OTU5WjCB2jEbMBkGA1UEAxMSbXgzMS5oYXJ0
ZS1seW5lLmNhMSAwHgYDVQQLExdOZXR3b3JrZWQgRGF0YSBTZXJ2aWNlczEdMBsG
A1UEChQUSGFydGUgJiBMeW5lIExpbWl0ZWQxETAPBgNVBAcTCEhhbWlsdG9uMRAw
DgYDVQQIEwdPbnRhcmlvMQswCQYDVQQGEwJDQTEYMBYGCgmSJomT8ixkARkTCGhh
bWlsdG9uMRowGAYKCZImiZPyLGQBGRMKaGFydGUtbHluZTESMBAGCgmSJomT8ixk
ARkTAmNhMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAz+R8qpQGBozF
vW00y1b0nU7EpSf1vQlvA1VvnRKkrBartmHr6oiI/PCiQkmPgAEzd9LSbrQ+Yfm7
RG1JCcWYIvSGsDGu2UYBU0w6rR4fEsZXRBFhUao5D//yvDUAjBkpzEaVXayF5vjH
o1jKbMMantFsBuK7naVZdt7PhFzOcZN5SnD+sbA/FEmy0KsOvulhzTF4IN5jyXjM
WPDETO0YNPKl1JqVky0g3H5Szv+oWENcSCkanJejGMqCb6P/AFvg8VxYhP42R2EK
3c/Qpu86UXWgZatPQ9QJN5oDYUvA1bDTWNDyp3ak12DkHzNAXdJHrKB/d6XVqrnx
jJ3vIpvtX7+N2OZsLcGJak5rx82d2jRUyWFyEg1mDEgVHddSpEvVgC3aozxgfmtA
TjiQu8vf0XCJCyqj6vLdJ7XUTUsmaeJ6MMuepfP0yIUHJKSif+V1m6NtbvzRDV+H
8RfdkbW8S0+0gR34YFUBJjYQTQFwERha5QKY6kK4eFTKmk/AktLnhtnlwHQhMwkj
ukwQiKhM5ktd8NmA3B5eN3wYd6TP4cgg2MynaNHhsXoCoCeerhZTby2zbWA2A7Gr
UpSZend7iChDZlw8a1reKCSUVNbRDmS7E56Fr4pNFH3DMcR+eqp6UFfo9BZAAcVW
njhYYMfMMp14L7E3T2KWzlb+l3JkDHsCAwEAAaOCA3wwggN4MEQGCWCGSAGG+EIB
BAQ3FjVodHRwOi8vY2EuaGFydGUtbHluZS5jYS9DQV9ITExfSVNTVUVSXzIwMTYv
Y3JsLXYxLmNybDBNBggrBgEFBQcBAQRBMD8wPQYIKwYBBQUHMAKGMWh0dHA6Ly9j
YS5oYXJ0ZS1seW5lLmNhL0NBX0hMTF9JU1NVRVJfMjAxNi9jYS5jcnQwRgYDVR0f
BD8wPTA7oDmgN4Y1aHR0cDovL2NhLmhhcnRlLWx5bmUuY2EvQ0FfSExMX0lTU1VF
Ul8yMDE2L2NybC12Mi5jcmwwHQYDVR0OBBYEFN+lKQgV//J5D07pmeuTp8AMLDRm
MIHrBgNVHSMEgeMwgeCAFP3GIHfFqug0Q5nEPVtlmjwtFI6voYHEpIHBMIG+MRkw
FwYDVQQDFBBDQV9ITExfUk9PVF8yMDE2MRAwDgYDVQQIEwdPbnRhcmlvMR0wGwYD
VQQKFBRIYXJ0ZSAmIEx5bmUgTGltaXRlZDEgMB4GA1UECxMXTmV0d29ya2VkIERh
dGEgU2VydmljZXMxCzAJBgNVBAYTAkNBMRowGAYKCZImiZPyLGQBGRMKaGFydGUt
bHluZTESMBAGCgmSJomT8ixkARkTAmNhMREwDwYDVQQHEwhIYW1pbHRvboIBAjA+
BgNVHRIENzA1gRpjZXJ0aWZpY2F0ZXNAaGFydGUtbHluZS5jYYYXaHR0cDovL2Nh
LmhhcnRlLWx5bmUuY2EweAYDVR0RBHEwb4EVc3VwcG9ydEBoYXJ0ZS1seW5lLmNh
ghJteDMxLmhhcnRlLWx5bmUuY2GCBG14MzGCDW14MzEuaGFtaWx0b26CG214MzEu
aGFtaWx0b24uaGFydGUtbHluZS5jYYcE2LlHH4cEwKjRH4cEwKjYHzARBglghkgB
hvhCAQEEBAMCBeAwCwYDVR0PBAQDAgXgMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggr
BgEFBQcDAgYIKwYBBQUHAwQwgYgGA1UdIASBgDB+MHwGDSsGAQQBgt5QZAoKAwEw
azAnBggrBgEFBQcCARYbaHR0cDovL2NhLmhhcnRlLWx5bmUuY2EvQ1BTMEAGCCsG
AQUFBwICMDQaMkxpbWl0ZWQgTGlhYmlsaXR5LCBzZWUgaHR0cDovL2NhLmhhcnRl
LWx5bmUuY2EvQ1BTMA0GCSqGSIb3DQEBDQUAA4ICAQBGY4hOxwVGZa533705q+Tw
BkYa52yi2d2uTwQm/bTwkpSz+KQ0AgNW1e5Nq1krt61Dm/ro7DPt1cOHdW+Q/muj
H+B2h13vWyHABDvjjKtgiGtBGD74AcWoMT3N/CG378wrREfPxalH4ueh2XmuHy3/
kdja3NZMuvj/DvZRnpjJ+ogs2xqlWugluOXpBxuwum/WvPRQRGPPZ9vDbdbJ7zXv
t+SMIA2LUq/cVoCfaE93d/tymtOJTmEnUoa9AjTF4o/zPn/RSWXZj40uOXeaSoPe
o/TeMEcdkJJB7j1GHr1mXrYzLKYYCsq/pby2QhHh4Mwz0GH0496bEqSq9gmAVTwJ
CXMmqoU4rcd1SDf0m7HTEjXG884+bpZePp5Ot/PEVYxaUPL58NmhQYpx1o+SojU3
UcpdNThaNZHQmmryIpPtOmDRayhZtUJdd5ror0do4Wa/kZoQqYCd5SJUJIrfF0lv
qgpvRK89bsjWLagI2ndWrsCesFAQz8JGM/VP9GAxbxbVQ7GwkfZqXRUDqpGh9GKA
ouMWhyZ5tOGcw9Bb0Jw3KKbjAr/HA7TFPqLOZuQ7P/9qBuITyGREbjsJrnvctv6N
ySUPmdU+bR2gWpxOQPat0YV0GFiy3Uj5jTcgW6uHKeXG9YEt8BQBSXDizmPZXjFV
LlnfHVZ5YYczQDHJ//I4dw==
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha512WithRSAEncryption
Issuer: CN=CA_HLL_ROOT_2016, ST=Ontario, O=Harte & Lyne Limited,
OU=Networked Data Services, C=CA, DC=harte-lyne, DC=ca, L=Hamilton
Validity
Not Before: Nov 1 00:00:00 2016 GMT
Not After : Nov 1 23:59:59 2035 GMT
Subject: CN=CA_HLL_ISSUER_2016, OU=Networked Data Services, O=Harte &
Lyne Limited, L=Hamilton, ST=Ontario, C=CA, DC=harte-lyne, DC=ca
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:ea:df:72:9e:28:70:5a:07:2b:c5:0c:19:69:75:
bd:f1:27:57:9e:af:19:6b:8c:4b:f5:d3:02:8d:2b:
24:35:0a:17:88:28:f6:b4:f0:36:f2:6b:48:92:42:
4d:bf:bb:5b:c3:4a:ec:e2:85:1b:70:44:58:bc:08:
5d:20:1d:a3:a1:eb:66:85:3a:a1:d8:26:ee:1e:05:
f6:ca:e6:90:69:11:a3:27:d7:0e:7e:a7:b3:60:b0:
38:36:97:09:a2:a6:80:3c:90:36:48:09:e9:58:23:
e3:35:d2:ad:4f:f9:aa:35:6c:61:03:e6:cf:c9:74:
41:98:7b:bf:f3:21:b9:b4:a2:32:c0:14:46:43:20:
11:5d:71:6d:ed:45:8f:fc:0c:ea:81:37:a4:ba:14:
ce:05:84:c3:ab:89:77:3f:65:a7:c6:32:9a:17:e4:
6e:9f:f7:94:8e:28:76:81:80:b4:49:79:7d:a3:63:
b0:e2:93:cb:39:c1:2d:a0:28:e8:25:31:b9:61:fd:
d5:bf:da:4e:e0:64:7f:c4:68:5b:a4:ae:d9:9b:3e:
6f:03:51:dc:13:a8:9e:ea:b1:af:d4:e4:68:f2:6e:
7c:8a:46:5e:70:30:26:ee:bd:72:3c:44:a5:90:8b:
e4:0c:4d:e2:e7:cd:99:e5:5e:0d:5d:9c:b8:22:79:
27:59:14:30:8b:ca:3c:1a:51:ec:98:8e:53:90:11:
d4:03:a3:39:9e:cb:a7:97:8a:98:4c:df:df:ff:1e:
f9:20:07:31:05:60:b7:47:11:4b:ce:4f:94:34:34:
44:da:43:f3:51:5e:72:6c:7a:75:dc:1d:44:87:b8:
38:34:1d:68:d0:f0:52:bf:47:e5:9f:7a:f9:22:24:
0a:33:5f:3c:33:54:de:a2:a0:af:b6:fb:2e:6e:c6:
a5:6b:61:c3:1c:fe:3b:42:e9:32:ca:51:fc:99:1d:
f3:70:7f:bd:98:a9:a3:95:1b:3a:ea:04:07:fa:bd:
6d:9b:45:a7:74:29:6d:9a:66:a0:8f:86:ad:34:e0:
e7:e0:1f:7b:03:1c:00:ad:72:40:0a:ab:84:17:83:
74:df:00:97:b5:eb:d2:cb:80:e0:49:bf:5d:b9:9e:
f3:d5:90:6c:d2:2b:ea:b5:9a:67:cd:11:cb:7e:74:
10:01:fc:f5:85:13:61:b7:1f:3e:d4:36:44:2c:de:
2a:9c:af:25:59:6a:53:92:d4:2f:ed:90:ea:55:78:
f1:b2:56:03:bf:8b:9b:88:5d:74:6b:16:6b:06:18:
d8:26:36:71:9e:b3:7b:74:6c:64:73:03:20:bb:66:
2f:86:e1:c4:0a:1a:d6:57:f6:b2:b2:15:5e:a7:9b:
7e:97:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:C6:20:77:C5:AA:E8:34:43:99:C4:3D:5B:65:9A:3C:2D:14:8E:AF
X509v3 Authority Key Identifier:
keyid:97:E4:A1:87:94:49:91:8D:DA:DD:5A:A6:31:8B:55:CF:CA:0F:65:CB
DirName:/CN=CA_HLL_ROOT_2016/ST=Ontario/O=Harte & Lyne
Limited/OU=Networked Data Services/C=CA/DC=harte-lyne/DC=ca/L=Hamilton
serial:01
X509v3 Issuer Alternative Name:
email:certifica...@harte-lyne.ca, URI:http://ca.harte-lyne.ca
X509v3 Subject Alternative Name:
email:certifica...@harte-lyne.ca
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:0
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Netscape Cert Type:
SSL CA, S/MIME CA, Object Signing CA
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.44880.100.10.10.2.1
CPS: http://ca.harte-lyne.ca/CPS
User Notice:
Explicit Text: Limited Liability, see
http://ca.harte-lyne.ca/CPS
Netscape CA Revocation Url:
http://ca.harte-lyne.ca/CA_HLL_ROOT_2016/crl-v1.crl
Authority Information Access:
CA Issuers - URI:http://ca.harte-lyne.ca/CA_HLL_ROOT_2016/ca.crt
X509v3 CRL Distribution Points:
Full Name:
URI:http://ca.harte-lyne.ca/CA_HLL_ROOT_2016/crl-v2.crl
Signature Algorithm: sha512WithRSAEncryption
78:f5:2f:82:dc:25:a4:24:23:f1:fe:c4:c0:5e:54:ee:b4:a4:
d9:b6:a2:2d:20:7f:57:1e:78:69:c2:9a:66:36:3c:e1:b1:a0:
25:08:14:a0:5b:a1:e7:f2:0c:a7:2e:67:a5:1d:81:db:6a:7b:
7f:33:95:32:57:a4:f0:7b:6d:b4:11:0c:e4:30:32:aa:4d:ec:
93:44:0d:f8:0b:17:9e:01:ed:e6:7e:e5:37:2c:36:ee:58:99:
74:46:88:9e:77:37:60:a7:12:c0:4f:ef:36:c7:0a:5c:52:83:
3d:9c:a8:bb:a3:95:8b:37:44:7f:6a:8a:e8:ed:66:04:ed:95:
39:5d:40:67:06:50:f5:86:fb:90:71:c5:2c:d6:6b:72:c6:b9:
6b:08:cd:c7:ce:80:47:e4:1e:40:1b:e8:b3:c4:55:00:27:f0:
e1:5a:b1:d6:21:23:53:d8:fb:3a:65:a3:e8:5d:97:ba:c2:07:
e4:80:1c:b3:37:7a:40:23:58:56:4c:fe:f2:c8:ec:71:80:68:
c6:20:6d:c5:c1:da:a4:e1:c0:e5:dc:3f:86:c8:8a:21:f6:a7:
90:79:ba:28:d5:e4:19:b7:6d:f4:ae:9d:69:1d:93:02:7a:f9:
c2:2c:c9:5b:ca:06:13:5c:f9:bf:d5:61:f6:35:0c:35:1b:20:
91:d9:ce:db:8f:cf:24:70:4d:d2:c3:16:71:c6:20:a1:01:52:
94:8e:b5:41:91:cf:b7:cf:b3:43:22:d0:46:70:72:d7:54:68:
4b:8e:f7:47:67:88:b6:0b:a9:ce:27:2f:d7:10:bd:09:9f:77:
ac:a1:5d:01:3c:39:34:8a:b7:26:50:fa:2b:45:44:44:83:28:
6d:e2:69:aa:2b:a7:ab:48:73:64:9d:5d:d8:48:ca:a6:61:75:
45:47:4a:a1:fb:65:61:8c:06:e3:d8:a4:11:fa:a1:95:d4:a6:
4d:f3:e1:7a:99:d5:d3:06:8b:0c:85:5e:d2:14:2c:b9:ad:19:
35:c9:06:62:52:58:9a:27:60:e2:2f:bd:2f:c2:be:c1:81:5a:
d9:fd:dd:ff:a2:de:04:7b:dd:6a:6f:30:58:b0:09:69:9a:2e:
23:e1:0a:3d:46:84:a5:cc:8d:34:f4:e0:4c:e3:38:01:d3:b9:
f8:1a:e3:b9:e3:88:d6:ab:31:28:11:06:e9:6e:e5:ed:9a:0a:
85:b3:d8:f2:d5:4b:54:b9:e2:72:53:c4:7f:23:7c:71:33:11:
24:1b:4a:72:aa:a4:df:31:f7:d7:6f:d1:3d:32:7c:6b:a5:33:
48:3c:34:bf:ba:92:b7:88:7e:7c:27:53:b3:13:45:59:3b:38:
47:36:e9:00:ed:b2:80:74
-----BEGIN CERTIFICATE-----
MIIJEjCCBvqgAwIBAgIBAjANBgkqhkiG9w0BAQ0FADCBvjEZMBcGA1UEAxQQQ0Ff
SExMX1JPT1RfMjAxNjEQMA4GA1UECBMHT250YXJpbzEdMBsGA1UEChQUSGFydGUg
JiBMeW5lIExpbWl0ZWQxIDAeBgNVBAsTF05ldHdvcmtlZCBEYXRhIFNlcnZpY2Vz
MQswCQYDVQQGEwJDQTEaMBgGCgmSJomT8ixkARkTCmhhcnRlLWx5bmUxEjAQBgoJ
kiaJk/IsZAEZEwJjYTERMA8GA1UEBxMISGFtaWx0b24wIhgPMjAxNjExMDEwMDAw
MDBaGA8yMDM1MTEwMTIzNTk1OVowgcAxGzAZBgNVBAMUEkNBX0hMTF9JU1NVRVJf
MjAxNjEgMB4GA1UECxMXTmV0d29ya2VkIERhdGEgU2VydmljZXMxHTAbBgNVBAoU
FEhhcnRlICYgTHluZSBMaW1pdGVkMREwDwYDVQQHEwhIYW1pbHRvbjEQMA4GA1UE
CBMHT250YXJpbzELMAkGA1UEBhMCQ0ExGjAYBgoJkiaJk/IsZAEZEwpoYXJ0ZS1s
eW5lMRIwEAYKCZImiZPyLGQBGRMCY2EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
ggIKAoICAQDq33KeKHBaByvFDBlpdb3xJ1eerxlrjEv10wKNKyQ1CheIKPa08Dby
a0iSQk2/u1vDSuzihRtwRFi8CF0gHaOh62aFOqHYJu4eBfbK5pBpEaMn1w5+p7Ng
sDg2lwmipoA8kDZICelYI+M10q1P+ao1bGED5s/JdEGYe7/zIbm0ojLAFEZDIBFd
cW3tRY/8DOqBN6S6FM4FhMOriXc/ZafGMpoX5G6f95SOKHaBgLRJeX2jY7Dik8s5
wS2gKOglMblh/dW/2k7gZH/EaFukrtmbPm8DUdwTqJ7qsa/U5GjybnyKRl5wMCbu
vXI8RKWQi+QMTeLnzZnlXg1dnLgieSdZFDCLyjwaUeyYjlOQEdQDozmey6eXiphM
39//HvkgBzEFYLdHEUvOT5Q0NETaQ/NRXnJsenXcHUSHuDg0HWjQ8FK/R+Wfevki
JAozXzwzVN6ioK+2+y5uxqVrYcMc/jtC6TLKUfyZHfNwf72YqaOVGzrqBAf6vW2b
Rad0KW2aZqCPhq004OfgH3sDHACtckAKq4QXg3TfAJe169LLgOBJv125nvPVkGzS
K+q1mmfNEct+dBAB/PWFE2G3Hz7UNkQs3iqcryVZalOS1C/tkOpVePGyVgO/i5uI
XXRrFmsGGNgmNnGes3t0bGRzAyC7Zi+G4cQKGtZX9rKyFV6nm36XqQIDAQABo4ID
ETCCAw0wHQYDVR0OBBYEFP3GIHfFqug0Q5nEPVtlmjwtFI6vMIHrBgNVHSMEgeMw
geCAFJfkoYeUSZGN2t1apjGLVc/KD2XLoYHEpIHBMIG+MRkwFwYDVQQDFBBDQV9I
TExfUk9PVF8yMDE2MRAwDgYDVQQIEwdPbnRhcmlvMR0wGwYDVQQKFBRIYXJ0ZSAm
IEx5bmUgTGltaXRlZDEgMB4GA1UECxMXTmV0d29ya2VkIERhdGEgU2VydmljZXMx
CzAJBgNVBAYTAkNBMRowGAYKCZImiZPyLGQBGRMKaGFydGUtbHluZTESMBAGCgmS
JomT8ixkARkTAmNhMREwDwYDVQQHEwhIYW1pbHRvboIBATA+BgNVHRIENzA1gRpj
ZXJ0aWZpY2F0ZXNAaGFydGUtbHluZS5jYYYXaHR0cDovL2NhLmhhcnRlLWx5bmUu
Y2EwJQYDVR0RBB4wHIEaY2VydGlmaWNhdGVzQGhhcnRlLWx5bmUuY2EwEgYDVR0T
AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAH
MIGIBgNVHSAEgYAwfjB8Bg0rBgEEAYLeUGQKCgIBMGswJwYIKwYBBQUHAgEWG2h0
dHA6Ly9jYS5oYXJ0ZS1seW5lLmNhL0NQUzBABggrBgEFBQcCAjA0GjJMaW1pdGVk
IExpYWJpbGl0eSwgc2VlIGh0dHA6Ly9jYS5oYXJ0ZS1seW5lLmNhL0NQUzBCBglg
hkgBhvhCAQQENRYzaHR0cDovL2NhLmhhcnRlLWx5bmUuY2EvQ0FfSExMX1JPT1Rf
MjAxNi9jcmwtdjEuY3JsMEsGCCsGAQUFBwEBBD8wPTA7BggrBgEFBQcwAoYvaHR0
cDovL2NhLmhhcnRlLWx5bmUuY2EvQ0FfSExMX1JPT1RfMjAxNi9jYS5jcnQwRAYD
VR0fBD0wOzA5oDegNYYzaHR0cDovL2NhLmhhcnRlLWx5bmUuY2EvQ0FfSExMX1JP
T1RfMjAxNi9jcmwtdjIuY3JsMA0GCSqGSIb3DQEBDQUAA4ICAQB49S+C3CWkJCPx
/sTAXlTutKTZtqItIH9XHnhpwppmNjzhsaAlCBSgW6Hn8gynLmelHYHbant/M5Uy
V6Twe220EQzkMDKqTeyTRA34CxeeAe3mfuU3LDbuWJl0RoiedzdgpxLAT+82xwpc
UoM9nKi7o5WLN0R/aoro7WYE7ZU5XUBnBlD1hvuQccUs1mtyxrlrCM3HzoBH5B5A
G+izxFUAJ/DhWrHWISNT2Ps6ZaPoXZe6wgfkgByzN3pAI1hWTP7yyOxxgGjGIG3F
wdqk4cDl3D+GyIoh9qeQeboo1eQZt230rp1pHZMCevnCLMlbygYTXPm/1WH2NQw1
GyCR2c7bj88kcE3SwxZxxiChAVKUjrVBkc+3z7NDItBGcHLXVGhLjvdHZ4i2C6nO
Jy/XEL0Jn3esoV0BPDk0ircmUPorRUREgyht4mmqK6erSHNknV3YSMqmYXVFR0qh
+2VhjAbj2KQR+qGV1KZN8+F6mdXTBosMhV7SFCy5rRk1yQZiUliaJ2DiL70vwr7B
gVrZ/d3/ot4Ee91qbzBYsAlpmi4j4Qo9RoSlzI009OBM4zgB07n4GuO544jWqzEo
EQbpbuXtmgqFs9jy1UtUueJyU8R/I3xxMxEkG0pyqqTfMffXb9E9MnxrpTNIPDS/
upK3iH58J1OzE0VZOzhHNukA7bKAdA==
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha512WithRSAEncryption
Issuer: CN=CA_HLL_ROOT_2016, ST=Ontario, O=Harte & Lyne Limited,
OU=Networked Data Services, C=CA, DC=harte-lyne, DC=ca, L=Hamilton
Validity
Not Before: Nov 1 00:00:00 2016 GMT
Not After : Oct 31 23:59:59 2036 GMT
Subject: CN=CA_HLL_ROOT_2016, ST=Ontario, O=Harte & Lyne Limited,
OU=Networked Data Services, C=CA, DC=harte-lyne, DC=ca, L=Hamilton
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:ba:52:2c:49:5b:32:63:09:94:22:4d:82:e9:3b:
e9:3e:89:51:3c:f1:91:e1:1d:b8:8a:44:45:d9:d7:
91:dd:17:b4:24:7b:e1:97:8a:40:c5:d4:5b:2e:35:
5e:38:a8:3a:ef:6f:4e:be:e7:ba:59:8a:f2:6a:f7:
93:7a:b3:5f:5c:4c:e4:cf:68:f2:2b:c9:b5:0b:5b:
af:4c:a8:ca:39:3d:6b:40:91:ad:6f:f3:a4:9f:c2:
9a:75:4d:8a:ad:2a:d0:2f:39:b9:cb:9a:92:64:2f:
a8:46:db:aa:22:90:4b:b2:19:2f:9b:cd:2f:5b:3f:
4d:25:27:74:d2:1f:c1:d4:77:b9:28:f6:0c:ec:e4:
79:33:92:01:16:cf:e8:62:41:49:3c:d3:46:00:61:
2c:3f:11:c4:82:60:90:90:28:f7:71:a7:fb:98:10:
60:8b:e6:53:11:75:76:c2:5a:19:88:ab:78:0b:ef:
4e:66:83:38:85:20:0a:36:a8:55:88:59:a5:8d:69:
e8:1d:67:03:16:7d:bf:5d:d3:e6:55:a5:4c:c4:62:
b5:32:9e:cc:fa:e3:af:70:80:d3:40:2c:0a:72:6b:
03:be:1b:69:ac:49:2c:ab:b1:4b:90:8e:cb:9e:22:
64:91:cb:54:82:f0:8c:f7:29:e2:4d:76:54:bc:0c:
69:ed:8b:1e:ed:81:a8:c2:35:03:05:c5:16:15:5d:
8f:79:81:bd:7b:67:ef:33:f4:85:7f:f2:93:4a:31:
3e:da:a7:6c:e0:f1:c3:1e:91:bb:2b:04:34:01:56:
6f:9c:c1:b5:49:58:f0:b5:2d:ab:ff:5b:11:a0:e5:
3c:46:f7:60:cf:d5:20:c7:0f:72:f7:76:ab:cb:04:
bc:c4:36:6d:9b:4c:e5:bd:04:4d:f2:b1:60:e5:fb:
c5:12:63:93:45:81:3d:02:ef:20:dd:7b:99:3f:b7:
81:f5:5e:2b:0c:bd:1f:1f:93:a0:2d:81:26:df:e3:
bc:25:0b:a8:ec:4f:2b:28:e0:72:b0:ed:77:03:05:
3b:ba:96:d5:41:95:ef:29:b8:17:a5:c4:38:b4:ce:
e6:4c:f9:d4:87:c6:52:df:d4:91:5a:a8:f4:7c:9b:
34:9f:78:f6:12:03:a2:07:c1:c4:31:a7:fe:cf:ff:
ad:e9:71:86:c5:c4:e4:42:c4:69:fb:67:81:14:af:
b9:77:91:40:f8:70:05:99:8c:67:a4:70:58:16:81:
5e:d3:6f:c3:26:f9:71:1f:f2:58:5a:97:2d:d1:4f:
d4:95:2f:51:dc:47:1b:5b:dd:c6:e1:c4:74:cb:db:
05:94:c9:7e:ba:8d:30:44:30:35:8f:89:6a:09:27:
3f:c1:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
97:E4:A1:87:94:49:91:8D:DA:DD:5A:A6:31:8B:55:CF:CA:0F:65:CB
X509v3 Authority Key Identifier:
keyid:97:E4:A1:87:94:49:91:8D:DA:DD:5A:A6:31:8B:55:CF:CA:0F:65:CB
DirName:/CN=CA_HLL_ROOT_2016/ST=Ontario/O=Harte & Lyne
Limited/OU=Networked Data Services/C=CA/DC=harte-lyne/DC=ca/L=Hamilton
serial:01
X509v3 Issuer Alternative Name:
email:certifica...@harte-lyne.ca, URI:http://ca.harte-lyne.ca
X509v3 Subject Alternative Name:
email:certifica...@harte-lyne.ca
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Netscape Cert Type:
SSL CA, S/MIME CA, Object Signing CA
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.44880.100.10.10.2.1
CPS: http://ca.harte-lyne.ca/CPS
User Notice:
Explicit Text: Limited Liability, see
http://ca.harte-lyne.ca/CPS
Netscape CA Revocation Url:
http://ca.harte-lyne.ca/CA_HLL_ROOT_2016/crl-v1.crl
Authority Information Access:
CA Issuers - URI:http://ca.harte-lyne.ca/CA_HLL_ROOT_2016/ca.crt
X509v3 CRL Distribution Points:
Full Name:
URI:http://ca.harte-lyne.ca/CA_HLL_ROOT_2016/crl-v2.crl
Signature Algorithm: sha512WithRSAEncryption
3e:76:c1:d8:ec:e7:86:02:9c:06:7d:96:92:51:8b:f0:13:7a:
5c:3b:d7:a5:28:52:3e:1f:8c:c9:ff:b2:68:e6:10:52:fa:e0:
85:08:fd:7d:31:e7:62:45:7d:f1:71:53:fd:88:0d:6d:c7:74:
07:cc:78:3b:f0:57:a2:c6:63:3e:46:cd:66:48:a5:b9:66:4b:
2b:fa:d9:d2:71:03:03:15:5b:ac:03:49:9d:ae:d5:df:ec:db:
a6:91:99:aa:8d:05:91:97:43:a1:8b:ea:cb:ed:c0:69:4a:43:
02:f1:46:64:b6:21:89:8e:67:56:b9:c6:8b:72:18:bb:cf:03:
f8:42:92:a0:ed:3e:9c:63:2d:14:53:26:6f:57:bf:8f:cc:6f:
e1:ac:3c:a7:35:ad:f8:3a:c9:6f:c8:9d:d5:69:91:d5:8f:2e:
ab:40:6c:00:f4:c9:3a:2a:4c:44:f5:a9:0e:b4:a5:ea:48:13:
93:f8:85:c8:76:b5:cf:a9:7e:f4:7f:e0:29:9e:68:d5:8b:5e:
49:d7:b8:54:f5:4f:43:57:d7:14:e0:55:70:fa:13:e0:8a:72:
72:3c:cf:86:e3:1f:c5:1c:db:ee:93:16:62:bd:d8:21:a6:ef:
f5:37:b6:4a:4e:3d:c4:60:ed:df:2f:30:f1:94:2a:34:11:f6:
f1:ee:cd:0d:c5:fc:3f:6a:f0:f4:15:83:20:ef:7a:ea:eb:8c:
73:79:20:01:c6:fc:59:c3:f1:bb:01:e2:cb:4c:6b:16:49:ce:
62:46:73:e4:04:f3:44:89:d2:dc:34:61:7d:1a:36:23:a6:27:
5e:62:9e:57:67:72:e3:7f:b9:47:2f:ad:0f:3b:7f:58:47:4c:
9f:d2:47:9f:13:65:46:bd:07:14:c7:c7:82:2d:09:fb:1c:90:
0c:0c:8b:ea:a6:d5:66:45:44:db:c7:3b:c7:a6:8a:18:cd:85:
de:1e:bf:a3:f5:e9:ad:e1:4a:5c:49:64:fa:00:fe:65:a6:ce:
ca:f5:85:e7:0b:91:3d:9e:21:b9:8e:86:f4:85:fe:1c:e6:63:
29:e8:4e:ec:fd:c1:bc:37:1b:56:03:85:15:ab:0c:e8:02:40:
43:6e:86:ba:24:57:f9:a0:21:b1:ff:f1:d8:16:c5:7c:51:4b:
a2:00:7b:83:7f:fe:34:26:71:e6:39:62:e1:7e:30:5a:50:5b:
6c:3f:61:55:04:06:2c:3c:1a:f1:98:48:ad:8d:00:34:cf:01:
c4:70:47:4d:ba:bc:36:88:d2:eb:7f:c9:75:b6:ff:7c:08:48:
c2:8e:91:d5:7c:2f:a5:89:99:15:0d:fe:42:17:15:3d:42:3c:
bf:a5:99:17:6c:0e:c5:c5
-----BEGIN CERTIFICATE-----
MIIJDTCCBvWgAwIBAgIBATANBgkqhkiG9w0BAQ0FADCBvjEZMBcGA1UEAxQQQ0Ff
SExMX1JPT1RfMjAxNjEQMA4GA1UECBMHT250YXJpbzEdMBsGA1UEChQUSGFydGUg
JiBMeW5lIExpbWl0ZWQxIDAeBgNVBAsTF05ldHdvcmtlZCBEYXRhIFNlcnZpY2Vz
MQswCQYDVQQGEwJDQTEaMBgGCgmSJomT8ixkARkTCmhhcnRlLWx5bmUxEjAQBgoJ
kiaJk/IsZAEZEwJjYTERMA8GA1UEBxMISGFtaWx0b24wIhgPMjAxNjExMDEwMDAw
MDBaGA8yMDM2MTAzMTIzNTk1OVowgb4xGTAXBgNVBAMUEENBX0hMTF9ST09UXzIw
MTYxEDAOBgNVBAgTB09udGFyaW8xHTAbBgNVBAoUFEhhcnRlICYgTHluZSBMaW1p
dGVkMSAwHgYDVQQLExdOZXR3b3JrZWQgRGF0YSBTZXJ2aWNlczELMAkGA1UEBhMC
Q0ExGjAYBgoJkiaJk/IsZAEZEwpoYXJ0ZS1seW5lMRIwEAYKCZImiZPyLGQBGRMC
Y2ExETAPBgNVBAcTCEhhbWlsdG9uMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
CgKCAgEAulIsSVsyYwmUIk2C6TvpPolRPPGR4R24ikRF2deR3Re0JHvhl4pAxdRb
LjVeOKg6729Ovue6WYryaveTerNfXEzkz2jyK8m1C1uvTKjKOT1rQJGtb/Okn8Ka
dU2KrSrQLzm5y5qSZC+oRtuqIpBLshkvm80vWz9NJSd00h/B1He5KPYM7OR5M5IB
Fs/oYkFJPNNGAGEsPxHEgmCQkCj3caf7mBBgi+ZTEXV2wloZiKt4C+9OZoM4hSAK
NqhViFmljWnoHWcDFn2/XdPmVaVMxGK1Mp7M+uOvcIDTQCwKcmsDvhtprEksq7FL
kI7LniJkkctUgvCM9yniTXZUvAxp7Yse7YGowjUDBcUWFV2PeYG9e2fvM/SFf/KT
SjE+2qds4PHDHpG7KwQ0AVZvnMG1SVjwtS2r/1sRoOU8Rvdgz9Ugxw9y93arywS8
xDZtm0zlvQRN8rFg5fvFEmOTRYE9Au8g3XuZP7eB9V4rDL0fH5OgLYEm3+O8JQuo
7E8rKOBysO13AwU7upbVQZXvKbgXpcQ4tM7mTPnUh8ZS39SRWqj0fJs0n3j2EgOi
B8HEMaf+z/+t6XGGxcTkQsRp+2eBFK+5d5FA+HAFmYxnpHBYFoFe02/DJvlxH/JY
Wpct0U/UlS9R3EcbW93G4cR0y9sFlMl+uo0wRDA1j4lqCSc/wScCAwEAAaOCAw4w
ggMKMB0GA1UdDgQWBBSX5KGHlEmRjdrdWqYxi1XPyg9lyzCB6wYDVR0jBIHjMIHg
gBSX5KGHlEmRjdrdWqYxi1XPyg9ly6GBxKSBwTCBvjEZMBcGA1UEAxQQQ0FfSExM
X1JPT1RfMjAxNjEQMA4GA1UECBMHT250YXJpbzEdMBsGA1UEChQUSGFydGUgJiBM
eW5lIExpbWl0ZWQxIDAeBgNVBAsTF05ldHdvcmtlZCBEYXRhIFNlcnZpY2VzMQsw
CQYDVQQGEwJDQTEaMBgGCgmSJomT8ixkARkTCmhhcnRlLWx5bmUxEjAQBgoJkiaJ
k/IsZAEZEwJjYTERMA8GA1UEBxMISGFtaWx0b26CAQEwPgYDVR0SBDcwNYEaY2Vy
dGlmaWNhdGVzQGhhcnRlLWx5bmUuY2GGF2h0dHA6Ly9jYS5oYXJ0ZS1seW5lLmNh
MCUGA1UdEQQeMByBGmNlcnRpZmljYXRlc0BoYXJ0ZS1seW5lLmNhMA8GA1UdEwEB
/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzCBiAYD
VR0gBIGAMH4wfAYNKwYBBAGC3lBkCgoCATBrMCcGCCsGAQUFBwIBFhtodHRwOi8v
Y2EuaGFydGUtbHluZS5jYS9DUFMwQAYIKwYBBQUHAgIwNBoyTGltaXRlZCBMaWFi
aWxpdHksIHNlZSBodHRwOi8vY2EuaGFydGUtbHluZS5jYS9DUFMwQgYJYIZIAYb4
QgEEBDUWM2h0dHA6Ly9jYS5oYXJ0ZS1seW5lLmNhL0NBX0hMTF9ST09UXzIwMTYv
Y3JsLXYxLmNybDBLBggrBgEFBQcBAQQ/MD0wOwYIKwYBBQUHMAKGL2h0dHA6Ly9j
YS5oYXJ0ZS1seW5lLmNhL0NBX0hMTF9ST09UXzIwMTYvY2EuY3J0MEQGA1UdHwQ9
MDswOaA3oDWGM2h0dHA6Ly9jYS5oYXJ0ZS1seW5lLmNhL0NBX0hMTF9ST09UXzIw
MTYvY3JsLXYyLmNybDANBgkqhkiG9w0BAQ0FAAOCAgEAPnbB2OznhgKcBn2WklGL
8BN6XDvXpShSPh+Myf+yaOYQUvrghQj9fTHnYkV98XFT/YgNbcd0B8x4O/BXosZj
PkbNZkiluWZLK/rZ0nEDAxVbrANJna7V3+zbppGZqo0FkZdDoYvqy+3AaUpDAvFG
ZLYhiY5nVrnGi3IYu88D+EKSoO0+nGMtFFMmb1e/j8xv4aw8pzWt+DrJb8id1WmR
1Y8uq0BsAPTJOipMRPWpDrSl6kgTk/iFyHa1z6l+9H/gKZ5o1YteSde4VPVPQ1fX
FOBVcPoT4IpycjzPhuMfxRzb7pMWYr3YIabv9Te2Sk49xGDt3y8w8ZQqNBH28e7N
DcX8P2rw9BWDIO966uuMc3kgAcb8WcPxuwHiy0xrFknOYkZz5ATzRInS3DRhfRo2
I6YnXmKeV2dy43+5Ry+tDzt/WEdMn9JHnxNlRr0HFMfHgi0J+xyQDAyL6qbVZkVE
28c7x6aKGM2F3h6/o/XpreFKXElk+gD+ZabOyvWF5wuRPZ4huY6G9IX+HOZjKehO
7P3BvDcbVgOFFasM6AJAQ26GuiRX+aAhsf/x2BbFfFFLogB7g3/+NCZx5jli4X4w
WlBbbD9hVQQGLDwa8ZhIrY0ANM8BxHBHTbq8NojS63/Jdbb/fAhIwo6R1XwvpYmZ
FQ3+QhcVPUI8v6WZF2wOxcU=
-----END CERTIFICATE-----
