New Certificate information (new cert to be deployed October 31st, 2018)
The Comodo/InCommon certificate trust chain
- USERTrust RSA Certification Authority (intermediate, see below for PEM-encoded version)
- InCommon RSA Server CA (intermediate, see below for PEM-encoded version)
- Comodo's AddTrust External CA Root certificate download page
See also: CAS TLS Certificates
Overview
We will deploy new certificates signed by Comodo's InCommon RSA Server CA intermediate, which in turn is signed by the USERTrust RSA CA intermediate, which finally is signed by the AddTrust External root CA.
The deployment timeline
- October 24th, 2018: Newer Comodo certificates will be installed on the dir.calnet.b.e cluster. Cluster will be upgraded to the last LDAP software.
- October 31st, 2018: The ldap.berkeley.edu DNS name will be pointed to the dir.calnet.b.e cluster.
Update and validation road map for LDAP clients
-
Starting October 24th, all LDAP clients can access dir.calnet.b.e via SSL/TLS to validate that their trust stores have at least the Comodo root CA certificate installed. This will allow implicit trust of the new host certificate installed on the cluster. See above for information about the new Comodo certificate trust chain.
In the case of Java trust stores, since (1) applications may use trust stores other than the default cacerts file, and since (2) more than one JVM may be installed on a system, be sure that you have identified the correct trust store file being used by your application. Also, a restart of the JVM is probably necessary for any change in the trust store content to be recognized.
- Once the same validation procedure is completed, clients should return to using the ldap.b.e name during the DNS transition.
-
When using OpenSSL-based libraries, it may be necessary to create symbolic links to the actual certificate files using a procedure such as the following:
Generate a symbolic link based on the hash value for the certificate:ln -s COMODO-RootCA.crt \
$(openssl x509 -hash -noout < COMODO-RootCA.crt).0
For questions, please write to the calnet-developers@lists.b.e list or send directly to calnet-admin@lists.b.e
Workaround if needed for untrusted certificates
If your TLS/SSL libraries do not accept the dir.calnet.b.e (to later become ldap.b.e), certificates as trusted, here are some suggested workarounds if installing the Comodo AddTrust root CA alone, or the root CA together with the intermediate CAs, does not provide a proper chain of trust. Typically, using the RootCA or the RootCA plus intermediate CA certificate(s) would be sufficient, but in some cases these workarounds are required or desired:
- Not recommended: Disable certificate validation checking.
- Recommended, only if needed: Add the host certificate directly to your trust store rather than depending on the Root CA signature to chain the trust. See below for the included host certificate needed for this option. Using this option (2) means that any change of the LDAP server host certificate in the future will require establishing trust again via this procedure and using the new LDAP server host certificate when it becomes available.
Steps for option 1 (not recommended) for OpenLDAP clients like ldapsearch
Set TLS_REQCERT allow in /etc/openldap/ldap.conf, or, for temporary disablement, set an environment variable as in the following example for the bash shell:
Do this at some point before using the LDAP client.
Steps for option 2 (recommended, only if needed)
We have the dir.calnet.b.e (later to become ldap.b.e), host certificate PEM-encoded below. Only if needed (see above), import this file into your application's or JVM's trusted Root CA storage.
new ldap.b.e/dir.calnet.b.e, host X.509 cert, PEM-encoded
deployed October 24, 2018 to dir.calnet.berkele.edu
deployed October 31, 2018 to ldap.berkeley.edu
-----BEGIN CERTIFICATE----- MIII3zCCB8egAwIBAgIQJgINIUe+9YB7zOyQbFYb4TANBgkqhkiG9w0BAQsFADB2 MQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUkxEjAQBgNVBAcTCUFubiBBcmJvcjES MBAGA1UEChMJSW50ZXJuZXQyMREwDwYDVQQLEwhJbkNvbW1vbjEfMB0GA1UEAxMW SW5Db21tb24gUlNBIFNlcnZlciBDQTAeFw0xODA5MjYwMDAwMDBaFw0yMDA5MjUy MzU5NTlaMIHfMQswCQYDVQQGEwJVUzEOMAwGA1UEERMFOTQ3MjAxCzAJBgNVBAgT AkNBMREwDwYDVQQHEwhCZXJrZWxleTEiMCAGA1UECQwZMjAwIENhbGlmb3JuaWEg SGFsbCAjMTUwMDFIMEYGA1UEChM/VW5pdmVyc2l0eSBvZiBDYWxpZm9ybmlhLCBC ZXJrZWxleSAoUmVnZW50cyBvZiB0aGUgVW5pdi4gb2YgQ0EpMRYwFAYDVQQLEw1J U1QtQ2FsTmV0SWRNMRowGAYDVQQDExFsZGFwLmJlcmtlbGV5LmVkdTCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMAEhQqvyaRo8Zm1dh0dhjaCAMig3TMw B3f5ulo/F3EmSNJaeDCr9OlumIZCQ1Fyo80gyIjO80Q0gzMjIJOpZwLy/4TkKEkU kJvObVrGh7ycyhJOLh/61Mbamuwlc4J4Rt8p1r/ulv77O5fOVENgENvO2AAGT7m8 V+ykqFH41XT9aHLuPEiXAcAmlb08Qy8lPeAPV0SR6dcGVBlZlGgXn30UqX2HpUi+ 9tAPwxEhA/evmlrzp1ukjf3ziwzNH0bqO2mO+HVlM3xeAOaKNPhOlEgeepQsNCt5 xqKzrNR2uYsJAO8qANzI7N6e2EI0ZIC3KfQxs1O1tz56q9ZoPhc0YSMCAwEAAaOC BP0wggT5MB8GA1UdIwQYMBaAFB4Fo3ePbJbiW4dLprSGrHEADOc4MB0GA1UdDgQW BBS68LDjYlrPpfMg2Oe7j9VQV2FdgDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/ BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwZwYDVR0gBGAwXjBS BgwrBgEEAa4jAQQDAQEwQjBABggrBgEFBQcCARY0aHR0cHM6Ly93d3cuaW5jb21t b24ub3JnL2NlcnQvcmVwb3NpdG9yeS9jcHNfc3NsLnBkZjAIBgZngQwBAgIwRAYD VR0fBD0wOzA5oDegNYYzaHR0cDovL2NybC5pbmNvbW1vbi1yc2Eub3JnL0luQ29t bW9uUlNBU2VydmVyQ0EuY3JsMHUGCCsGAQUFBwEBBGkwZzA+BggrBgEFBQcwAoYy aHR0cDovL2NydC51c2VydHJ1c3QuY29tL0luQ29tbW9uUlNBU2VydmVyQ0FfMi5j cnQwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wggHRBgNV HREEggHIMIIBxIIRbGRhcC5iZXJrZWxleS5lZHWCIWRpci1hdXRoLmNhbG5ldC4x OTE4LmJlcmtlbGV5LmVkdYIaZGlyLXAxLmNhbG5ldC5iZXJrZWxleS5lZHWCIGRp ci1wMTAuY2FsbmV0LjE5MTguYmVya2VsZXkuZWR1ghpkaXItcDIuY2FsbmV0LmJl cmtlbGV5LmVkdYIaZGlyLXAzLmNhbG5ldC5iZXJrZWxleS5lZHWCH2Rpci1wNC5j YWxuZXQuMTkxOC5iZXJrZWxleS5lZHWCH2Rpci1wNS5jYWxuZXQuMTkxOC5iZXJr ZWxleS5lZHWCGmRpci1wNi5jYWxuZXQuYmVya2VsZXkuZWR1ghpkaXItcDcuY2Fs bmV0LmJlcmtlbGV5LmVkdYIaZGlyLXA4LmNhbG5ldC5iZXJrZWxleS5lZHWCGmRp ci1wOS5jYWxuZXQuYmVya2VsZXkuZWR1ghdkaXIuY2FsbmV0LmJlcmtlbGV5LmVk dYIgbGRhcC1vZmZzaXRlLmNhbG5ldC5iZXJrZWxleS5lZHWCEG5kcy5iZXJrZWxl eS5lZHWCF25kcy5jYWxuZXQuYmVya2VsZXkuZWR1MIIBfQYKKwYBBAHWeQIEAgSC AW0EggFpAWcAdgDuS723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAWYX G2HiAAAEAwBHMEUCIQCXT1G+BDAdc1HHVgvV5c6xDThYQDSbZpOnYhVRryJLqwIg QBeoTPLO37FrU6fXtw9b4DZ+q6QqWVwRDgCX07Nz1b0AdgBep3P531bA57U2SH3Q SeAyepGaDIShEhKEGHWWgXFFWAAAAWYXG2IsAAAEAwBHMEUCIBxW+YlY2tbhxedk 5kxaNBHBvmwWSAk+jTucTxn2wJW+AiEAjSnbK2JzyeV38JG5X5oD8xw1EyiJtwm4 lPtIcoDL6rwAdQBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAWYX G2H9AAAEAwBGMEQCIHkFSIm0MS3zUcZJZCbuX0GJZYYLObV/EjqgoBqFtWhrAiB+ zc3GSYdqut6nmA3NyXnV8I/yLSc9L+5KCtzudbAr4jANBgkqhkiG9w0BAQsFAAOC AQEAF9ebnqdXy+ROh8e+/+gyBI5s1HuMl6z1I2mXvPjPyocqToOgOxlTVE7SBBk+ CPVbp0h0xNI/aK7QlprdFaNGmyqukMkIRJaHd3Hgsqj5aQ0caQNdv5MuhdWTWnbG L3UZqJ+/X5uGfIsIlUltFEa/4w0IsLiC5CJ9WbTt4mqd8le2WMPAXOIh98NBrLZ9 iD7ApyI9VSz0ZhtWifuCLI+l3WpwrOaIXNqtlEJr1AMpCOfbbFEoe5w8WnS8ZeWH Fzy9OHKQfnjL32U3NatoWNn/usL0N4gbL22e6QIMGVmJPxShzf3LCbnD5saPI0hN yr6szqpPLBEtfo0Ax7O14Oa+Mg== -----END CERTIFICATE-----
-----BEGIN CERTIFICATE----- MIIHUjCCBjqgAwIBAgIRAMzjq00nDocBs2FtLDh7I04wDQYJKoZIhvcNAQELBQAw djELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1JMRIwEAYDVQQHEwlBbm4gQXJib3Ix EjAQBgNVBAoTCUludGVybmV0MjERMA8GA1UECxMISW5Db21tb24xHzAdBgNVBAMT FkluQ29tbW9uIFJTQSBTZXJ2ZXIgQ0EwHhcNMTUxMjA3MDAwMDAwWhcNMTgxMjA2 MjM1OTU5WjCB6zELMAkGA1UEBhMCVVMxEjAQBgNVBBETCTk0NzIwMTUwMDETMBEG A1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIQmVya2VsZXkxIjAgBgNVBAkMGTIw MCBDYWxpZm9ybmlhIEhhbGwgIzE1MDAxSDBGBgNVBAoTP1VuaXZlcnNpdHkgb2Yg Q2FsaWZvcm5pYSwgQmVya2VsZXkgKFJlZ2VudHMgb2YgdGhlIFVuaXYuIG9mIENB KTEWMBQGA1UECxMNSVNULUNhbE5ldElkTTEaMBgGA1UEAxMRbGRhcC5iZXJrZWxl eS5lZHUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCq7kPfPCt1TUaM WBLvPZAD61t8XYSEHRx1l0fVxf06YUzGxDoFw3lcvoEbqqGInWxK8xESzI4WOsEq iI8xd7z6rACZ+dn5aMx9e7NARpP8FrqNtLVIkBKE6hNZLyYDqVWQDuiSr1biocwK uR3NB/nIjrPFJ5MmrqwnyK98asZ5nTTBXrjkH+xlVpDN8ApBQwK3QOUEZTmE/hUF yhUoT/lNIGBt2cvT5uAy0qf6ejKTC9b6nbXKHIgrc43V6lBYY1SQrs8IwA4dgfru lBJiduXG/wfbYsIB+p9v8PHVjRQsQNwKsSfYHCjiYcqEyWsuQRJxosc4Qr6JNIaq GqmnpJYJAgMBAAGjggNjMIIDXzAfBgNVHSMEGDAWgBQeBaN3j2yW4luHS6a0hqxx AAznODAdBgNVHQ4EFgQUdnVIg/c/MD9Ftd3TKBHA7cWvGgowDgYDVR0PAQH/BAQD AgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC MGcGA1UdIARgMF4wUgYMKwYBBAGuIwEEAwEBMEIwQAYIKwYBBQUHAgEWNGh0dHBz Oi8vd3d3LmluY29tbW9uLm9yZy9jZXJ0L3JlcG9zaXRvcnkvY3BzX3NzbC5wZGYw CAYGZ4EMAQICMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwuaW5jb21tb24t cnNhLm9yZy9JbkNvbW1vblJTQVNlcnZlckNBLmNybDB1BggrBgEFBQcBAQRpMGcw PgYIKwYBBQUHMAKGMmh0dHA6Ly9jcnQudXNlcnRydXN0LmNvbS9JbkNvbW1vblJT QVNlcnZlckNBXzIuY3J0MCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1 c3QuY29tMIIBuAYDVR0RBIIBrzCCAauCEWxkYXAuYmVya2VsZXkuZWR1giBsZGFw LW9mZnNpdGUuY2FsbmV0LmJlcmtlbGV5LmVkdYIhbmRzLWF1dGguY2FsbmV0LjE5 MTguYmVya2VsZXkuZWR1ghpuZHMtcDEuY2FsbmV0LmJlcmtlbGV5LmVkdYIgbmRz LXAxMC5jYWxuZXQuMTkxOC5iZXJrZWxleS5lZHWCGm5kcy1wMi5jYWxuZXQuYmVy a2VsZXkuZWR1ghpuZHMtcDMuY2FsbmV0LmJlcmtlbGV5LmVkdYIfbmRzLXA0LmNh bG5ldC4xOTE4LmJlcmtlbGV5LmVkdYIfbmRzLXA1LmNhbG5ldC4xOTE4LmJlcmtl bGV5LmVkdYIabmRzLXA2LmNhbG5ldC5iZXJrZWxleS5lZHWCGm5kcy1wNy5jYWxu ZXQuYmVya2VsZXkuZWR1ghpuZHMtcDguY2FsbmV0LmJlcmtlbGV5LmVkdYIabmRz LXA5LmNhbG5ldC5iZXJrZWxleS5lZHWCEG5kcy5iZXJrZWxleS5lZHWCF25kcy5j YWxuZXQuYmVya2VsZXkuZWR1MA0GCSqGSIb3DQEBCwUAA4IBAQA5yVftduiAaBJO OhpvofFT8nEWYvrs9c32NMta7PZ8T9ppzUkZz9H5gOELVc5FO8isVujJI+PXjveQ wyAZV87n1FD1ZdOGvUxWtM4vFna+MSdP2GM6hxBW4na5ti10VNQygq7dihso77ZY Ttx8bajil0Y2FwJYuZdXuxTC4i1UiD1s51omBRuaM8Ug7HAdQofsP3Rc2kVqHbA0 2QapRxzha7yyBD2JmtQGcK/Py2cv/801Sk2MqlgXgAmO8Hi3Z3pcQravsXPtKk0X 5fXsEkFCeUwrjpdZJH17Ei1NGFkvviHtVU9tpYhDaffvQw8Qi6FKXiDWgwsHO3kA 9qWWWzuG -----END CERTIFICATE-----
USERTrust RSA Certification Authority
-----BEGIN CERTIFICATE----- MIIFdzCCBF+gAwIBAgIQE+oocFv07O0MNmMJgGFDNjANBgkqhkiG9w0BAQwFADBv MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjAN BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sIs9CsVw127c0n00yt UINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnGvDoZtF+mvX2do2NC tnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQIjy8/hPwhxR79uQf jtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfbIWax1Jt4A8BQOujM 8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0tyA9yn8iNK5+O2hm AUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97Exwzf4TKuzJM7UXiV Z4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNVicQNwZNUMBkTrNN9 N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5D9kCnusSTJV882sF qV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJWBp/kjbmUZIO8yZ9 HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ5lhCLkMaTLTwJUdZ +gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzGKAgEJTm4Diup8kyX HAc/DVL17e8vgg8CAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTv A73gJMtUGjAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/ BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1Ud HwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4 dGVybmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0 dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAJNl9jeD lQ9ew4IcH9Z35zyKwKoJ8OkLJvHgwmp1ocd5yblSYMgpEg7wrQPWCcR23+WmgZWn RtqCV6mVksW2jwMibDN3wXsyF24HzloUQToFJBv2FAY7qCUkDrvMKnXduXBBP3zQ YzYhBx9G/2CkkeFnvN4ffhkUyWNnkepnB2u0j4vAbkN9w6GAbLIevFOFfdyQoaS8 Le9Gclc1Bb+7RrtubTeZtv8jkpHGbkD4jylW6l/VXxRTrPBPYer3IsynVgviuDQf Jtl7GQVoP7o81DgGotPmjw7jtHFtQELFhLRAlSv0ZaBIefYdgWOWnU914Ph85I6p 0fKtirOMxyHNwu8= -----END CERTIFICATE-----
InCommon RSA Server CA
-----BEGIN CERTIFICATE----- MIIF+TCCA+GgAwIBAgIQRyDQ+oVGGn4XoWQCkYRjdDANBgkqhkiG9w0BAQwFADCB iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTQx MDA2MDAwMDAwWhcNMjQxMDA1MjM1OTU5WjB2MQswCQYDVQQGEwJVUzELMAkGA1UE CBMCTUkxEjAQBgNVBAcTCUFubiBBcmJvcjESMBAGA1UEChMJSW50ZXJuZXQyMREw DwYDVQQLEwhJbkNvbW1vbjEfMB0GA1UEAxMWSW5Db21tb24gUlNBIFNlcnZlciBD QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJwb8bsvf2MYFVFRVA+e xU5NEFj6MJsXKZDmMwysE1N8VJG06thum4ltuzM+j9INpun5uukNDBqeso7JcC7v HgV9lestjaKpTbOc5/MZNrun8XzmCB5hJ0R6lvSoNNviQsil2zfVtefkQnI/tBPP iwckRR6MkYNGuQmm/BijBgLsNI0yZpUn6uGX6Ns1oytW61fo8BBZ321wDGZq0GTl qKOYMa0dYtX6kuOaQ80tNfvZnjNbRX3EhigsZhLI2w8ZMA0/6fDqSl5AB8f2IHpT eIFken5FahZv9JNYyWL7KSd9oX8hzudPR9aKVuDjZvjs3YncJowZaDuNi+L7RyML fzcCAwEAAaOCAW4wggFqMB8GA1UdIwQYMBaAFFN5v1qqK0rPVIDh2JvAnfKyA2bL MB0GA1UdDgQWBBQeBaN3j2yW4luHS6a0hqxxAAznODAOBgNVHQ8BAf8EBAMCAYYw EgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH AwIwGwYDVR0gBBQwEjAGBgRVHSAAMAgGBmeBDAECAjBQBgNVHR8ESTBHMEWgQ6BB hj9odHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQ2VydGlmaWNh dGlvbkF1dGhvcml0eS5jcmwwdgYIKwYBBQUHAQEEajBoMD8GCCsGAQUFBzAChjNo dHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQWRkVHJ1c3RDQS5j cnQwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZI hvcNAQEMBQADggIBAC0RBjjW29dYaK+qOGcXjeIT16MUJNkGE+vrkS/fT2ctyNMU 11ZlUp5uH5gIjppIG8GLWZqjV5vbhvhZQPwZsHURKsISNrqOcooGTie3jVgU0W+0 +Wj8mN2knCVANt69F2YrA394gbGAdJ5fOrQmL2pIhDY0jqco74fzYefbZ/VS29fR 5jBxu4uj1P+5ZImem4Gbj1e4ZEzVBhmO55GFfBjRidj26h1oFBHZ7heDH1Bjzw72 hipu47Gkyfr2NEx3KoCGMLCj3Btx7ASn5Ji8FoU+hCazwOU1VX55mKPU1I2250Lo RCASN18JyfsD5PVldJbtyrmz9gn/TKbRXTr80U2q5JhyvjhLf4lOJo/UzL5WCXED Smyj4jWG3R7Z8TED9xNNCxGBMXnMete+3PvzdhssvbORDwBZByogQ9xL2LUZFI/i eoQp0UM/L8zfP527vWjEzuDN5xwxMnhi+vCToh7J159o5ah29mP+aJnvujbXEnGa nrNxHzu+AGOePV8hwrGGG7hOIcPDQwkuYwzN/xT29iLp/cqf9ZhEtkGcQcIImH3b oJ8ifsCnSbu0GB9L06Yqh7lcyvKDTEADslIaeSEINxhO2Y1fmcYFX/Fqrrp1WnhH OjplXuXE0OPa0utaKC25Aplgom88L2Z8mEWcyfoB7zKOfD759AN7JKZWCYwk -----END CERTIFICATE-----