From b4c8efc973c2d59cddec4ae36184cfcaf1f6e247 Mon Sep 17 00:00:00 2001 From: James Smith Date: Tue, 27 Nov 2018 12:39:24 -0600 Subject: [PATCH 01/18] Reflect the reality of the database **Why**: The db/schema.rb and migrations got out of sync. **How**: Update the db/schema.rb to reflect what the migrations build. --- app/services/ocsp_service.rb | 4 ++-- db/schema.rb | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/app/services/ocsp_service.rb b/app/services/ocsp_service.rb index bf659e34f..2f28cb2c8 100644 --- a/app/services/ocsp_service.rb +++ b/app/services/ocsp_service.rb @@ -31,9 +31,9 @@ def build_request end def ocsp_url_for_subject - authority.ocsp_url.presence || begin + authority.ocsp_http_url.presence || begin uri = subject.ocsp_http_url - authority.ocsp_url = uri + authority.ocsp_http_url = uri authority.save! uri end diff --git a/db/schema.rb b/db/schema.rb index 76ae39be7..2203b62a5 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -23,7 +23,7 @@ t.datetime "valid_not_after", null: false t.datetime "created_at", null: false t.datetime "updated_at", null: false - t.string "ocsp_url" + t.string "ocsp_http_url" t.index ["key"], name: "index_certificate_authorities_on_key", unique: true end From c73bcd3c517afd0b00432144b69b58951385a055 Mon Sep 17 00:00:00 2001 From: Andy Brody Date: Mon, 28 Jan 2019 18:30:24 -0500 Subject: [PATCH 02/18] Add pentest CA. --- config/application.yml.example | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/config/application.yml.example b/config/application.yml.example index 5297eee25..0283c43dd 100644 --- a/config/application.yml.example +++ b/config/application.yml.example @@ -14,7 +14,8 @@ trusted_ca_root_identifiers: "\ 49:74:BB:0C:5E:BA:7A:FE:02:54:EF:7B:A0:C6:95:C6:09:80:70:96,\ 68:84:15:48:8C:54:70:7F:2D:12:58:0E:EC:1C:78:EF:3C:2E:59:64,\ 6C:8A:94:A2:77:B1:80:72:1D:81:7A:16:AA:F2:DC:CE:66:EE:45:C0,\ - BD:C1:B9:6B:4D:F4:1D:EC:30:90:BF:62:73:C0:84:33:F2:71:24:85" + BD:C1:B9:6B:4D:F4:1D:EC:30:90:BF:62:73:C0:84:33:F2:71:24:85,\ + 9C:16:31:A2:B4:29:8C:2E:04:62:57:87:11:E4:0F:4A:86:F4:75:48" # temporarily add 9C:16:31:A2:B4:29:8C:2E:04:62:57:87:11:E4:0F:4A:86:F4:75:48 for pen test required_policies: | [ From 26a69a3deed381d6016e597db721f9e190c0a610 Mon Sep 17 00:00:00 2001 From: Jonathan Hooper Date: Mon, 9 Dec 2019 10:12:46 -0500 Subject: [PATCH 03/18] Deploy RC 98 to staging (#93) --- Gemfile | 2 +- Gemfile.lock | 10 ++-- app/controllers/identify_controller.rb | 13 ++++- app/models/certificate.rb | 8 +++ app/services/ocsp_service.rb | 3 ++ config/application.yml.example | 3 ++ ...naged Services SSP CA CGKPO7PXWW4722S6.pem | 36 +++++++++++++ ...naged Services SSP CA W472GK2S8WPO7CPX.pem | 33 ++++++++++++ spec/controllers/identify_controller_spec.rb | 53 +++++++++++++++++++ 9 files changed, 153 insertions(+), 8 deletions(-) create mode 100644 config/certs/C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services SSP CA CGKPO7PXWW4722S6.pem create mode 100644 config/certs/C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services SSP CA W472GK2S8WPO7CPX.pem diff --git a/Gemfile b/Gemfile index 20f6f7b18..33b400257 100644 --- a/Gemfile +++ b/Gemfile @@ -15,7 +15,7 @@ gem 'mini_cache' gem 'newrelic_rpm' gem 'pg' gem 'pry-rails' -gem 'puma', '~> 3.7' +gem 'puma', '~> 3.12' gem 'rgl' group :development, :test do diff --git a/Gemfile.lock b/Gemfile.lock index a39e80025..18f2ed781 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -865,7 +865,7 @@ GEM concurrent-ruby (1.1.5) crack (0.4.3) safe_yaml (~> 1.0.0) - crass (1.0.4) + crass (1.0.5) daemons (1.3.1) database_cleaner (1.7.0) debug_inspector (0.0.3) @@ -935,7 +935,7 @@ GEM rb-fsevent (~> 0.9, >= 0.9.4) rb-inotify (~> 0.9, >= 0.9.7) ruby_dep (~> 1.2) - loofah (2.2.3) + loofah (2.3.1) crass (~> 1.0.2) nokogiri (>= 1.5.9) lumberjack (1.0.13) @@ -953,7 +953,7 @@ GEM nenv (0.3.0) newrelic_rpm (6.5.0.357) nio4r (2.4.0) - nokogiri (1.10.4) + nokogiri (1.10.5) mini_portile2 (~> 2.4.0) notiffany (0.1.3) nenv (~> 0.1) @@ -975,7 +975,7 @@ GEM pry (>= 0.10.4) psych (3.1.0) public_suffix (3.1.1) - puma (3.12.1) + puma (3.12.2) rack (2.0.7) rack-mini-profiler (1.0.2) rack (>= 1.2.0) @@ -1134,7 +1134,7 @@ DEPENDENCIES pg pry-byebug pry-rails - puma (~> 3.7) + puma (~> 3.12) rack-mini-profiler rails (~> 5.2, >= 5.2.2.1) rails-controller-testing diff --git a/app/controllers/identify_controller.rb b/app/controllers/identify_controller.rb index fab563793..ace9a00f9 100644 --- a/app/controllers/identify_controller.rb +++ b/app/controllers/identify_controller.rb @@ -8,6 +8,9 @@ class IdentifyController < ApplicationController delegate :logger, to: Rails + rescue_from URI::InvalidURIError, with: :render_bad_referrer_error + rescue_from ActionController::ParameterMissing, with: :render_missing_param_error + def create if referrer # given a valid certificate from the client, return a token @@ -18,8 +21,6 @@ def create else render_bad_request('No referrer') end - rescue URI::InvalidURIError - render_bad_request('Bad referrer') end private @@ -29,6 +30,14 @@ def render_bad_request(reason) render plain: 'Invalid request', status: :bad_request end + def render_bad_referrer_error + render_bad_request('Bad referrer') + end + + def render_missing_param_error(exception) + render_bad_request("Missing #{exception.param} param") + end + # :reek:UtilityFunction def token_for_referrer cert_pem = client_cert diff --git a/app/models/certificate.rb b/app/models/certificate.rb index 845c38f26..aa460bcbb 100644 --- a/app/models/certificate.rb +++ b/app/models/certificate.rb @@ -61,6 +61,14 @@ def validate_cert end def validate_untrusted_root + validate_untrusted_root_with_exceptions + rescue OpenSSL::OCSP::OCSPError + 'ocsp_error' + rescue Timeout::Error + 'timeout' + end + + def validate_untrusted_root_with_exceptions if self_signed? 'self-signed cert' elsif !signature_verified? diff --git a/app/services/ocsp_service.rb b/app/services/ocsp_service.rb index 8e81b8d99..a38568ab7 100644 --- a/app/services/ocsp_service.rb +++ b/app/services/ocsp_service.rb @@ -91,6 +91,9 @@ def make_single_http_request(uri, request, retries = 1) # :reek:UtilityFunction def make_single_http_request!(uri, request) http = Net::HTTP.new(uri.hostname, uri.port) + env = Figaro.env + http.open_timeout = env.http_open_timeout.to_i + http.read_timeout = env.http_read_timeout.to_i http.post(uri.path.presence || '/', request, 'content-type' => 'application/ocsp-request') end diff --git a/config/application.yml.example b/config/application.yml.example index 0283c43dd..9699f80f5 100644 --- a/config/application.yml.example +++ b/config/application.yml.example @@ -8,6 +8,9 @@ # The others are DoD certs 2-4 from the archive available at # http://iasecontent.disa.mil/pki-pke/Certificates_PKCS7_v5.0u1_DoD.zip aws_http_timeout: '5' +http_read_timeout: '5' +http_open_timeout: '5' + trusted_ca_root_identifiers: "\ AD:0C:7A:75:5C:E5:F3:98:C4:79:98:0E:AC:28:FD:97:F4:E7:02:FC,\ 17:4B:B8:26:BA:69:7A:AD:12:50:57:45:31:9E:57:BB:74:A5:DA:2F,\ diff --git a/config/certs/C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services SSP CA CGKPO7PXWW4722S6.pem b/config/certs/C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services SSP CA CGKPO7PXWW4722S6.pem new file mode 100644 index 000000000..1940bcb78 --- /dev/null +++ b/config/certs/C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services SSP CA CGKPO7PXWW4722S6.pem @@ -0,0 +1,36 @@ +Subject: /C=US/O=Entrust/OU=Certification Authorities/OU=Entrust Managed Services SSP CA +Issuer: /C=US/O=Entrust/OU=Certification Authorities/OU=Entrust Managed Services Root CA +-----BEGIN CERTIFICATE----- +MIIFuzCCBKOgAwIBAgIERIEHtjANBgkqhkiG9w0BAQsFADBuMQswCQYDVQQGEwJV +UzEQMA4GA1UEChMHRW50cnVzdDEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRo +b3JpdGllczEpMCcGA1UECxMgRW50cnVzdCBNYW5hZ2VkIFNlcnZpY2VzIFJvb3Qg +Q0EwHhcNMTkwODEzMTU0NjI5WhcNMjkwNzEzMTYxNjI5WjBtMQswCQYDVQQGEwJV +UzEQMA4GA1UEChMHRW50cnVzdDEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRo +b3JpdGllczEoMCYGA1UECxMfRW50cnVzdCBNYW5hZ2VkIFNlcnZpY2VzIFNTUCBD +QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANjtFQkAPFlMQRrHGBGI +zgXekI4wz+uu+neolkME7eAh+bBOopDwZkrp+TO/r9H1YLpvSmphwd7RBE6sWQEn +Fbez48ZY6V0PND8j13DEqO7ODIA4KHGmomuF3CFxjC5wYgpT0dPrSkMwmc4dr2xs +7801L1ekJj8+eybcZVd+45ok4283sgyn0cVDzV1w5WOg0lhWz7CwuWhNOh1ZeZi3 +1T49i9ETppBF86GR05UlBlaPBgUO85t9asxIrj8ejIWW89EVTtsnZ3r5SOkKtojP +QMEM88RHqwkiBMyEtftSc3LvkJgcQWXQ+0c4zMOjMDZD/4yn69dg8OWTsuXjw0qi +n/cCAwEAAaOCAmAwggJcMA4GA1UdDwEB/wQEAwIBhjB5BgNVHSAEcjBwMAwGCmCG +SAFlAwIBAwYwDAYKYIZIAWUDAgEDBzAMBgpghkgBZQMCAQMIMAwGCmCGSAFlAwIB +Aw0wDAYKYIZIAWUDAgEDETAMBgpghkgBZQMCAQMnMAwGCmCGSAFlAwIBAygwDAYK +YIZIAWUDAgEDKTASBgNVHRMBAf8ECDAGAQH/AgEAMIGkBggrBgEFBQcBAQSBlzCB +lDBNBggrBgEFBQcwAoZBaHR0cDovL3Jvb3R3ZWIubWFuYWdlZC5lbnRydXN0LmNv +bS9BSUEvQ2VydHNJc3N1ZWRUb0VNU1Jvb3RDQS5wN2MwQwYIKwYBBQUHMAGGN2h0 +dHA6Ly9vY3NwLm1hbmFnZWQuZW50cnVzdC5jb20vT0NTUC9FTVNSb290Q0FSZXNw +b25kZXIwgdMGA1UdHwSByzCByDA8oDqgOIY2aHR0cDovL3Jvb3R3ZWIubWFuYWdl +ZC5lbnRydXN0LmNvbS9DUkxzL0VNU1Jvb3RDQTMuY3JsMIGHoIGEoIGBpH8wfTEL +MAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VudHJ1c3QxIjAgBgNVBAsTGUNlcnRpZmlj +YXRpb24gQXV0aG9yaXRpZXMxKTAnBgNVBAsTIEVudHJ1c3QgTWFuYWdlZCBTZXJ2 +aWNlcyBSb290IENBMQ0wCwYDVQQDEwRDUkwxMB8GA1UdIwQYMBaAFElUkUxpRDvE ++AIs9PgtM1aJdZgQMB0GA1UdDgQWBBTm3RoHGstruiC5ljmT+BTcmAM3JzANBgkq +hkiG9w0BAQsFAAOCAQEA1zN6YX5CcwAqUOYGU7QQ4QIZaZvpnTN/KDEYHGDIhTYS +KlkAXz0ncwe5P3V9YfnF+UwDJFwBZVtzxIy+2lIbEvkkIezYKwJm6K2PHweePL6E +WpCaVhe39WrOo3LRjKIWO+Lp502Rkb/cBJVG2M2OE1ve4Ydt5GlPWXXi1uGoHJHW +U8jc2aPDIK5KTCtzh2tfEG6dkjykPosx5ZwNjcZ8IkTFoIh7hsLxniu8kHhOd2k0 +6nM+ctNiBdl2nCQ7GpDSJaL+1MJsXkVjav8ZCBRL9CXwAZSodu2RpkSuNSwrmLmw +V0lxFBzM+0lGoM8FlV31siMrQBoi0pjDgSjkkJFMFA== +-----END CERTIFICATE----- + diff --git a/config/certs/C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services SSP CA W472GK2S8WPO7CPX.pem b/config/certs/C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services SSP CA W472GK2S8WPO7CPX.pem new file mode 100644 index 000000000..d224c2b62 --- /dev/null +++ b/config/certs/C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services SSP CA W472GK2S8WPO7CPX.pem @@ -0,0 +1,33 @@ +Subject: /C=US/O=Entrust/OU=Certification Authorities/OU=Entrust Managed Services Root CA +Issuer: /C=US/O=U.S. Government/OU=FPKI/CN=Federal Common Policy CA +-----BEGIN CERTIFICATE----- +MIIFKTCCBBGgAwIBAgICc0owDQYJKoZIhvcNAQELBQAwWTELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDENMAsGA1UECxMERlBLSTEhMB8GA1UE +AxMYRmVkZXJhbCBDb21tb24gUG9saWN5IENBMB4XDTE5MDgxNDE1Mzk0NloXDTI5 +MDgxNDE1MzY0MlowbjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VudHJ1c3QxIjAg +BgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxKTAnBgNVBAsTIEVudHJ1 +c3QgTWFuYWdlZCBTZXJ2aWNlcyBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEA572gaoFb74+gsCeMrlon3dv5pjLJyU4nCO0QqiShzXK8Zqgw +Na47z+KdF3w1ofeRxYsu0qg/6gzlQU5s1DblG8CeNsXXowjaYwDAMosDSR4HrsLt +tr1C/4xxLkKejX4GQ01kpTHWMejtpioGMH3FqgK+E9Ga7hGU9rgy0CeVM2/LoJ3e +kt36xdpndCEbUfe9yQIliEICbJbKhxcMebJKAOb6g8jyr0CzeKXnDqwVMUEn4RED +sVxQgEzmQMryWdr/LBZckS40AEEhc4D1ojtssABvKrb9NzpGnSCPSDFXFY8N5C++ +CmA2OhZaZOHg//p85PExb4AVBmyZceIay1wezQIDAQABo4IB5DCCAeAwDwYDVR0T +AQH/BAUwAwEB/zBPBggrBgEFBQcBAQRDMEEwPwYIKwYBBQUHMAKGM2h0dHA6Ly9o +dHRwLmZwa2kuZ292L2ZjcGNhL2NhQ2VydHNJc3N1ZWRUb2ZjcGNhLnA3YzAPBgNV +HSQECDAGgAEAgQEAMAoGA1UdNgQDAgEAMHkGA1UdIARyMHAwDAYKYIZIAWUDAgED +BjAMBgpghkgBZQMCAQMHMAwGCmCGSAFlAwIBAwgwDAYKYIZIAWUDAgEDDTAMBgpg +hkgBZQMCAQMRMAwGCmCGSAFlAwIBAycwDAYKYIZIAWUDAgEDKDAMBgpghkgBZQMC +AQMpMF0GCCsGAQUFBwELBFEwTzBNBggrBgEFBQcwBYZBaHR0cDovL3Jvb3R3ZWIu +bWFuYWdlZC5lbnRydXN0LmNvbS9TSUEvQ2VydHNJc3N1ZWRCeUVNU1Jvb3RDQS5w +N2MwDgYDVR0PAQH/BAQDAgGGMB8GA1UdIwQYMBaAFK0MenVc5fOYxHmYDqwo/Zf0 +5wL8MDUGA1UdHwQuMCwwKqAooCaGJGh0dHA6Ly9odHRwLmZwa2kuZ292L2ZjcGNh +L2ZjcGNhLmNybDAdBgNVHQ4EFgQUSVSRTGlEO8T4Aiz0+C0zVol1mBAwDQYJKoZI +hvcNAQELBQADggEBAMX/TfukCGAdHdlIuDuBG3wg5+GIRzf5Vgt/gEl+dNR3BdVO +FrA+yKdPwnV9A+HZtxwC6YrIgxHsD8iImvF6WCuDWwNl2mNg0AynC3FNfyJlzMCw +kPbs2n4VqmcaP5hqVCiKVv+omQ7CwRM18ms4Ia0oHNFCaV3yvZb/QMFKUM3CaK0s +qZNmmBAqf6+XVeha45kKNtI20HXhUBzGyvmo/3vNfzJTQIQMqV10QP5ectlFvlLv +TjP+7mNJvuo3M5avGucbsNQLZrGsQMgIVcdhc4Juf3cklUNDJxAiyFbX3LEcP2SD ++6w/aYn9eB1GK8AqFv1dNfMK5dKBmrDRhMmxIqg= +-----END CERTIFICATE----- + diff --git a/spec/controllers/identify_controller_spec.rb b/spec/controllers/identify_controller_spec.rb index 2ad012767..3f8ba85de 100644 --- a/spec/controllers/identify_controller_spec.rb +++ b/spec/controllers/identify_controller_spec.rb @@ -221,6 +221,52 @@ end end + describe 'with a certificate timeout' do + before(:each) do + allow_any_instance_of(OCSPService).to receive(:make_http_request).and_raise(Timeout::Error) + end + + it 'returns a token as timeout' do + ca = CertificateAuthority.find_or_create_for_certificate( + Certificate.new(root_cert) + ) + + @request.headers['X-Client-Cert'] = CGI.escape(client_cert_pem) + expect(CertificateLoggerService).to receive(:log_certificate) + + get :create, params: { nonce: '123' } + expect(response).to have_http_status(:found) + expect(response.has_header?('Location')).to be_truthy + expect(token).to be_truthy + + expect(token_contents['error']).to eq 'certificate.timeout' + expect(token_contents['nonce']).to eq '123' + end + end + + describe 'with a certificate ocsp error' do + before(:each) do + allow_any_instance_of(OCSPService).to receive(:make_http_request).and_raise(OpenSSL::OCSP::OCSPError) + end + + it 'returns a token as ocsp error' do + ca = CertificateAuthority.find_or_create_for_certificate( + Certificate.new(root_cert) + ) + + @request.headers['X-Client-Cert'] = CGI.escape(client_cert_pem) + expect(CertificateLoggerService).to receive(:log_certificate) + + get :create, params: { nonce: '123' } + expect(response).to have_http_status(:found) + expect(response.has_header?('Location')).to be_truthy + expect(token).to be_truthy + + expect(token_contents['error']).to eq 'certificate.ocsp_error' + expect(token_contents['nonce']).to eq '123' + end + end + describe 'a certificate signed by an unrecognized authority' do let(:other_root_cert_and_key) do create_root_certificate( @@ -258,6 +304,13 @@ expect(token_contents['nonce']).to eq '123' end end + + context 'when the nonce param is missing' do + it 'returns a bad request' do + get :create, params: {} + expect(response).to have_http_status(:bad_request) + end + end end end end From f7cfcd9969d209abd20a58a30fab8943c6c01391 Mon Sep 17 00:00:00 2001 From: Jonathan Hooper Date: Mon, 9 Dec 2019 10:13:09 -0500 Subject: [PATCH 04/18] Deploy RC 98 to prod (#94) --- Gemfile | 2 +- Gemfile.lock | 10 ++-- app/controllers/identify_controller.rb | 13 ++++- app/models/certificate.rb | 8 +++ app/services/ocsp_service.rb | 3 ++ config/application.yml.example | 3 ++ ...naged Services SSP CA CGKPO7PXWW4722S6.pem | 36 +++++++++++++ ...naged Services SSP CA W472GK2S8WPO7CPX.pem | 33 ++++++++++++ spec/controllers/identify_controller_spec.rb | 53 +++++++++++++++++++ 9 files changed, 153 insertions(+), 8 deletions(-) create mode 100644 config/certs/C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services SSP CA CGKPO7PXWW4722S6.pem create mode 100644 config/certs/C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services SSP CA W472GK2S8WPO7CPX.pem diff --git a/Gemfile b/Gemfile index 20f6f7b18..33b400257 100644 --- a/Gemfile +++ b/Gemfile @@ -15,7 +15,7 @@ gem 'mini_cache' gem 'newrelic_rpm' gem 'pg' gem 'pry-rails' -gem 'puma', '~> 3.7' +gem 'puma', '~> 3.12' gem 'rgl' group :development, :test do diff --git a/Gemfile.lock b/Gemfile.lock index a39e80025..18f2ed781 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -865,7 +865,7 @@ GEM concurrent-ruby (1.1.5) crack (0.4.3) safe_yaml (~> 1.0.0) - crass (1.0.4) + crass (1.0.5) daemons (1.3.1) database_cleaner (1.7.0) debug_inspector (0.0.3) @@ -935,7 +935,7 @@ GEM rb-fsevent (~> 0.9, >= 0.9.4) rb-inotify (~> 0.9, >= 0.9.7) ruby_dep (~> 1.2) - loofah (2.2.3) + loofah (2.3.1) crass (~> 1.0.2) nokogiri (>= 1.5.9) lumberjack (1.0.13) @@ -953,7 +953,7 @@ GEM nenv (0.3.0) newrelic_rpm (6.5.0.357) nio4r (2.4.0) - nokogiri (1.10.4) + nokogiri (1.10.5) mini_portile2 (~> 2.4.0) notiffany (0.1.3) nenv (~> 0.1) @@ -975,7 +975,7 @@ GEM pry (>= 0.10.4) psych (3.1.0) public_suffix (3.1.1) - puma (3.12.1) + puma (3.12.2) rack (2.0.7) rack-mini-profiler (1.0.2) rack (>= 1.2.0) @@ -1134,7 +1134,7 @@ DEPENDENCIES pg pry-byebug pry-rails - puma (~> 3.7) + puma (~> 3.12) rack-mini-profiler rails (~> 5.2, >= 5.2.2.1) rails-controller-testing diff --git a/app/controllers/identify_controller.rb b/app/controllers/identify_controller.rb index fab563793..ace9a00f9 100644 --- a/app/controllers/identify_controller.rb +++ b/app/controllers/identify_controller.rb @@ -8,6 +8,9 @@ class IdentifyController < ApplicationController delegate :logger, to: Rails + rescue_from URI::InvalidURIError, with: :render_bad_referrer_error + rescue_from ActionController::ParameterMissing, with: :render_missing_param_error + def create if referrer # given a valid certificate from the client, return a token @@ -18,8 +21,6 @@ def create else render_bad_request('No referrer') end - rescue URI::InvalidURIError - render_bad_request('Bad referrer') end private @@ -29,6 +30,14 @@ def render_bad_request(reason) render plain: 'Invalid request', status: :bad_request end + def render_bad_referrer_error + render_bad_request('Bad referrer') + end + + def render_missing_param_error(exception) + render_bad_request("Missing #{exception.param} param") + end + # :reek:UtilityFunction def token_for_referrer cert_pem = client_cert diff --git a/app/models/certificate.rb b/app/models/certificate.rb index 845c38f26..aa460bcbb 100644 --- a/app/models/certificate.rb +++ b/app/models/certificate.rb @@ -61,6 +61,14 @@ def validate_cert end def validate_untrusted_root + validate_untrusted_root_with_exceptions + rescue OpenSSL::OCSP::OCSPError + 'ocsp_error' + rescue Timeout::Error + 'timeout' + end + + def validate_untrusted_root_with_exceptions if self_signed? 'self-signed cert' elsif !signature_verified? diff --git a/app/services/ocsp_service.rb b/app/services/ocsp_service.rb index 8e81b8d99..a38568ab7 100644 --- a/app/services/ocsp_service.rb +++ b/app/services/ocsp_service.rb @@ -91,6 +91,9 @@ def make_single_http_request(uri, request, retries = 1) # :reek:UtilityFunction def make_single_http_request!(uri, request) http = Net::HTTP.new(uri.hostname, uri.port) + env = Figaro.env + http.open_timeout = env.http_open_timeout.to_i + http.read_timeout = env.http_read_timeout.to_i http.post(uri.path.presence || '/', request, 'content-type' => 'application/ocsp-request') end diff --git a/config/application.yml.example b/config/application.yml.example index 0283c43dd..9699f80f5 100644 --- a/config/application.yml.example +++ b/config/application.yml.example @@ -8,6 +8,9 @@ # The others are DoD certs 2-4 from the archive available at # http://iasecontent.disa.mil/pki-pke/Certificates_PKCS7_v5.0u1_DoD.zip aws_http_timeout: '5' +http_read_timeout: '5' +http_open_timeout: '5' + trusted_ca_root_identifiers: "\ AD:0C:7A:75:5C:E5:F3:98:C4:79:98:0E:AC:28:FD:97:F4:E7:02:FC,\ 17:4B:B8:26:BA:69:7A:AD:12:50:57:45:31:9E:57:BB:74:A5:DA:2F,\ diff --git a/config/certs/C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services SSP CA CGKPO7PXWW4722S6.pem b/config/certs/C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services SSP CA CGKPO7PXWW4722S6.pem new file mode 100644 index 000000000..1940bcb78 --- /dev/null +++ b/config/certs/C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services SSP CA CGKPO7PXWW4722S6.pem @@ -0,0 +1,36 @@ +Subject: /C=US/O=Entrust/OU=Certification Authorities/OU=Entrust Managed Services SSP CA +Issuer: /C=US/O=Entrust/OU=Certification Authorities/OU=Entrust Managed Services Root CA +-----BEGIN CERTIFICATE----- +MIIFuzCCBKOgAwIBAgIERIEHtjANBgkqhkiG9w0BAQsFADBuMQswCQYDVQQGEwJV +UzEQMA4GA1UEChMHRW50cnVzdDEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRo +b3JpdGllczEpMCcGA1UECxMgRW50cnVzdCBNYW5hZ2VkIFNlcnZpY2VzIFJvb3Qg +Q0EwHhcNMTkwODEzMTU0NjI5WhcNMjkwNzEzMTYxNjI5WjBtMQswCQYDVQQGEwJV +UzEQMA4GA1UEChMHRW50cnVzdDEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRo +b3JpdGllczEoMCYGA1UECxMfRW50cnVzdCBNYW5hZ2VkIFNlcnZpY2VzIFNTUCBD +QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANjtFQkAPFlMQRrHGBGI +zgXekI4wz+uu+neolkME7eAh+bBOopDwZkrp+TO/r9H1YLpvSmphwd7RBE6sWQEn +Fbez48ZY6V0PND8j13DEqO7ODIA4KHGmomuF3CFxjC5wYgpT0dPrSkMwmc4dr2xs +7801L1ekJj8+eybcZVd+45ok4283sgyn0cVDzV1w5WOg0lhWz7CwuWhNOh1ZeZi3 +1T49i9ETppBF86GR05UlBlaPBgUO85t9asxIrj8ejIWW89EVTtsnZ3r5SOkKtojP +QMEM88RHqwkiBMyEtftSc3LvkJgcQWXQ+0c4zMOjMDZD/4yn69dg8OWTsuXjw0qi +n/cCAwEAAaOCAmAwggJcMA4GA1UdDwEB/wQEAwIBhjB5BgNVHSAEcjBwMAwGCmCG +SAFlAwIBAwYwDAYKYIZIAWUDAgEDBzAMBgpghkgBZQMCAQMIMAwGCmCGSAFlAwIB +Aw0wDAYKYIZIAWUDAgEDETAMBgpghkgBZQMCAQMnMAwGCmCGSAFlAwIBAygwDAYK +YIZIAWUDAgEDKTASBgNVHRMBAf8ECDAGAQH/AgEAMIGkBggrBgEFBQcBAQSBlzCB +lDBNBggrBgEFBQcwAoZBaHR0cDovL3Jvb3R3ZWIubWFuYWdlZC5lbnRydXN0LmNv +bS9BSUEvQ2VydHNJc3N1ZWRUb0VNU1Jvb3RDQS5wN2MwQwYIKwYBBQUHMAGGN2h0 +dHA6Ly9vY3NwLm1hbmFnZWQuZW50cnVzdC5jb20vT0NTUC9FTVNSb290Q0FSZXNw +b25kZXIwgdMGA1UdHwSByzCByDA8oDqgOIY2aHR0cDovL3Jvb3R3ZWIubWFuYWdl +ZC5lbnRydXN0LmNvbS9DUkxzL0VNU1Jvb3RDQTMuY3JsMIGHoIGEoIGBpH8wfTEL +MAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VudHJ1c3QxIjAgBgNVBAsTGUNlcnRpZmlj +YXRpb24gQXV0aG9yaXRpZXMxKTAnBgNVBAsTIEVudHJ1c3QgTWFuYWdlZCBTZXJ2 +aWNlcyBSb290IENBMQ0wCwYDVQQDEwRDUkwxMB8GA1UdIwQYMBaAFElUkUxpRDvE ++AIs9PgtM1aJdZgQMB0GA1UdDgQWBBTm3RoHGstruiC5ljmT+BTcmAM3JzANBgkq +hkiG9w0BAQsFAAOCAQEA1zN6YX5CcwAqUOYGU7QQ4QIZaZvpnTN/KDEYHGDIhTYS +KlkAXz0ncwe5P3V9YfnF+UwDJFwBZVtzxIy+2lIbEvkkIezYKwJm6K2PHweePL6E +WpCaVhe39WrOo3LRjKIWO+Lp502Rkb/cBJVG2M2OE1ve4Ydt5GlPWXXi1uGoHJHW +U8jc2aPDIK5KTCtzh2tfEG6dkjykPosx5ZwNjcZ8IkTFoIh7hsLxniu8kHhOd2k0 +6nM+ctNiBdl2nCQ7GpDSJaL+1MJsXkVjav8ZCBRL9CXwAZSodu2RpkSuNSwrmLmw +V0lxFBzM+0lGoM8FlV31siMrQBoi0pjDgSjkkJFMFA== +-----END CERTIFICATE----- + diff --git a/config/certs/C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services SSP CA W472GK2S8WPO7CPX.pem b/config/certs/C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services SSP CA W472GK2S8WPO7CPX.pem new file mode 100644 index 000000000..d224c2b62 --- /dev/null +++ b/config/certs/C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services SSP CA W472GK2S8WPO7CPX.pem @@ -0,0 +1,33 @@ +Subject: /C=US/O=Entrust/OU=Certification Authorities/OU=Entrust Managed Services Root CA +Issuer: /C=US/O=U.S. Government/OU=FPKI/CN=Federal Common Policy CA +-----BEGIN CERTIFICATE----- +MIIFKTCCBBGgAwIBAgICc0owDQYJKoZIhvcNAQELBQAwWTELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDENMAsGA1UECxMERlBLSTEhMB8GA1UE +AxMYRmVkZXJhbCBDb21tb24gUG9saWN5IENBMB4XDTE5MDgxNDE1Mzk0NloXDTI5 +MDgxNDE1MzY0MlowbjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VudHJ1c3QxIjAg +BgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxKTAnBgNVBAsTIEVudHJ1 +c3QgTWFuYWdlZCBTZXJ2aWNlcyBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEA572gaoFb74+gsCeMrlon3dv5pjLJyU4nCO0QqiShzXK8Zqgw +Na47z+KdF3w1ofeRxYsu0qg/6gzlQU5s1DblG8CeNsXXowjaYwDAMosDSR4HrsLt +tr1C/4xxLkKejX4GQ01kpTHWMejtpioGMH3FqgK+E9Ga7hGU9rgy0CeVM2/LoJ3e +kt36xdpndCEbUfe9yQIliEICbJbKhxcMebJKAOb6g8jyr0CzeKXnDqwVMUEn4RED +sVxQgEzmQMryWdr/LBZckS40AEEhc4D1ojtssABvKrb9NzpGnSCPSDFXFY8N5C++ +CmA2OhZaZOHg//p85PExb4AVBmyZceIay1wezQIDAQABo4IB5DCCAeAwDwYDVR0T +AQH/BAUwAwEB/zBPBggrBgEFBQcBAQRDMEEwPwYIKwYBBQUHMAKGM2h0dHA6Ly9o +dHRwLmZwa2kuZ292L2ZjcGNhL2NhQ2VydHNJc3N1ZWRUb2ZjcGNhLnA3YzAPBgNV +HSQECDAGgAEAgQEAMAoGA1UdNgQDAgEAMHkGA1UdIARyMHAwDAYKYIZIAWUDAgED +BjAMBgpghkgBZQMCAQMHMAwGCmCGSAFlAwIBAwgwDAYKYIZIAWUDAgEDDTAMBgpg +hkgBZQMCAQMRMAwGCmCGSAFlAwIBAycwDAYKYIZIAWUDAgEDKDAMBgpghkgBZQMC +AQMpMF0GCCsGAQUFBwELBFEwTzBNBggrBgEFBQcwBYZBaHR0cDovL3Jvb3R3ZWIu +bWFuYWdlZC5lbnRydXN0LmNvbS9TSUEvQ2VydHNJc3N1ZWRCeUVNU1Jvb3RDQS5w +N2MwDgYDVR0PAQH/BAQDAgGGMB8GA1UdIwQYMBaAFK0MenVc5fOYxHmYDqwo/Zf0 +5wL8MDUGA1UdHwQuMCwwKqAooCaGJGh0dHA6Ly9odHRwLmZwa2kuZ292L2ZjcGNh +L2ZjcGNhLmNybDAdBgNVHQ4EFgQUSVSRTGlEO8T4Aiz0+C0zVol1mBAwDQYJKoZI +hvcNAQELBQADggEBAMX/TfukCGAdHdlIuDuBG3wg5+GIRzf5Vgt/gEl+dNR3BdVO +FrA+yKdPwnV9A+HZtxwC6YrIgxHsD8iImvF6WCuDWwNl2mNg0AynC3FNfyJlzMCw +kPbs2n4VqmcaP5hqVCiKVv+omQ7CwRM18ms4Ia0oHNFCaV3yvZb/QMFKUM3CaK0s +qZNmmBAqf6+XVeha45kKNtI20HXhUBzGyvmo/3vNfzJTQIQMqV10QP5ectlFvlLv +TjP+7mNJvuo3M5avGucbsNQLZrGsQMgIVcdhc4Juf3cklUNDJxAiyFbX3LEcP2SD ++6w/aYn9eB1GK8AqFv1dNfMK5dKBmrDRhMmxIqg= +-----END CERTIFICATE----- + diff --git a/spec/controllers/identify_controller_spec.rb b/spec/controllers/identify_controller_spec.rb index 2ad012767..3f8ba85de 100644 --- a/spec/controllers/identify_controller_spec.rb +++ b/spec/controllers/identify_controller_spec.rb @@ -221,6 +221,52 @@ end end + describe 'with a certificate timeout' do + before(:each) do + allow_any_instance_of(OCSPService).to receive(:make_http_request).and_raise(Timeout::Error) + end + + it 'returns a token as timeout' do + ca = CertificateAuthority.find_or_create_for_certificate( + Certificate.new(root_cert) + ) + + @request.headers['X-Client-Cert'] = CGI.escape(client_cert_pem) + expect(CertificateLoggerService).to receive(:log_certificate) + + get :create, params: { nonce: '123' } + expect(response).to have_http_status(:found) + expect(response.has_header?('Location')).to be_truthy + expect(token).to be_truthy + + expect(token_contents['error']).to eq 'certificate.timeout' + expect(token_contents['nonce']).to eq '123' + end + end + + describe 'with a certificate ocsp error' do + before(:each) do + allow_any_instance_of(OCSPService).to receive(:make_http_request).and_raise(OpenSSL::OCSP::OCSPError) + end + + it 'returns a token as ocsp error' do + ca = CertificateAuthority.find_or_create_for_certificate( + Certificate.new(root_cert) + ) + + @request.headers['X-Client-Cert'] = CGI.escape(client_cert_pem) + expect(CertificateLoggerService).to receive(:log_certificate) + + get :create, params: { nonce: '123' } + expect(response).to have_http_status(:found) + expect(response.has_header?('Location')).to be_truthy + expect(token).to be_truthy + + expect(token_contents['error']).to eq 'certificate.ocsp_error' + expect(token_contents['nonce']).to eq '123' + end + end + describe 'a certificate signed by an unrecognized authority' do let(:other_root_cert_and_key) do create_root_certificate( @@ -258,6 +304,13 @@ expect(token_contents['nonce']).to eq '123' end end + + context 'when the nonce param is missing' do + it 'returns a bad request' do + get :create, params: {} + expect(response).to have_http_status(:bad_request) + end + end end end end From d63e385ad999b7f961d8b98ceff22e2d0c7a21ed Mon Sep 17 00:00:00 2001 From: Jonathan Hooper Date: Sun, 13 Dec 2020 16:38:27 -0500 Subject: [PATCH 05/18] Revert "Upgrade to Rails 6 (#173)" This reverts commit 854188c3105d52a142d180e6cf045bb3dfbaf8e6. --- Gemfile | 2 +- Gemfile.lock | 1248 +++++++++++++++++++++----------------------------- 2 files changed, 525 insertions(+), 725 deletions(-) diff --git a/Gemfile b/Gemfile index f94e14fcf..4b4472666 100644 --- a/Gemfile +++ b/Gemfile @@ -3,7 +3,7 @@ git_source(:github) { |repo_name| "https://github.com/#{repo_name}.git" } ruby '~> 2.6.5' -gem 'rails', '~> 6.0', '>= 6.0.3.4' +gem 'rails', '~> 5.2', '>= 5.2.4.4' gem 'activerecord-import', '>= 1.0.2' gem 'aws-sdk', require: false diff --git a/Gemfile.lock b/Gemfile.lock index f89db9031..71b6ce8dc 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,643 +1,521 @@ GIT remote: https://github.com/18F/identity-hostdata.git - revision: da013056e3a5ffcb46001a3f4fca21b80640838e + revision: b5587588601670f762bbc79f0f4a8468064d9401 branch: master specs: - identity-hostdata (0.4.1) + identity-hostdata (0.3.3) aws-sdk-s3 (~> 1.8) GEM remote: https://rubygems.org/ specs: - actioncable (6.0.3.4) - actionpack (= 6.0.3.4) + actioncable (5.2.4.4) + actionpack (= 5.2.4.4) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.0.3.4) - actionpack (= 6.0.3.4) - activejob (= 6.0.3.4) - activerecord (= 6.0.3.4) - activestorage (= 6.0.3.4) - activesupport (= 6.0.3.4) - mail (>= 2.7.1) - actionmailer (6.0.3.4) - actionpack (= 6.0.3.4) - actionview (= 6.0.3.4) - activejob (= 6.0.3.4) + actionmailer (5.2.4.4) + actionpack (= 5.2.4.4) + actionview (= 5.2.4.4) + activejob (= 5.2.4.4) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.0.3.4) - actionview (= 6.0.3.4) - activesupport (= 6.0.3.4) + actionpack (5.2.4.4) + actionview (= 5.2.4.4) + activesupport (= 5.2.4.4) rack (~> 2.0, >= 2.0.8) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.0.3.4) - actionpack (= 6.0.3.4) - activerecord (= 6.0.3.4) - activestorage (= 6.0.3.4) - activesupport (= 6.0.3.4) - nokogiri (>= 1.8.5) - actionview (6.0.3.4) - activesupport (= 6.0.3.4) + rails-html-sanitizer (~> 1.0, >= 1.0.2) + actionview (5.2.4.4) + activesupport (= 5.2.4.4) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.0.3.4) - activesupport (= 6.0.3.4) + rails-html-sanitizer (~> 1.0, >= 1.0.3) + activejob (5.2.4.4) + activesupport (= 5.2.4.4) globalid (>= 0.3.6) - activemodel (6.0.3.4) - activesupport (= 6.0.3.4) - activerecord (6.0.3.4) - activemodel (= 6.0.3.4) - activesupport (= 6.0.3.4) - activerecord-import (1.0.7) + activemodel (5.2.4.4) + activesupport (= 5.2.4.4) + activerecord (5.2.4.4) + activemodel (= 5.2.4.4) + activesupport (= 5.2.4.4) + arel (>= 9.0) + activerecord-import (1.0.4) activerecord (>= 3.2) - activestorage (6.0.3.4) - actionpack (= 6.0.3.4) - activejob (= 6.0.3.4) - activerecord (= 6.0.3.4) + activestorage (5.2.4.4) + actionpack (= 5.2.4.4) + activerecord (= 5.2.4.4) marcel (~> 0.3.1) - activesupport (6.0.3.4) + activesupport (5.2.4.4) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) - zeitwerk (~> 2.2, >= 2.2.2) - addressable (2.7.0) - public_suffix (>= 2.0.2, < 5.0) + addressable (2.6.0) + public_suffix (>= 2.0.2, < 4.0) + arel (9.0.0) ast (2.4.1) - aws-eventstream (1.1.0) - aws-partitions (1.396.0) + aws-eventstream (1.0.3) + aws-partitions (1.206.0) aws-sdk (3.0.1) aws-sdk-resources (~> 3) - aws-sdk-accessanalyzer (1.14.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-acm (1.25.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-acm (1.38.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-acmpca (1.20.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-acmpca (1.30.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-alexaforbusiness (1.30.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-alexaforbusiness (1.43.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-amplify (1.10.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-amplify (1.27.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-apigateway (1.34.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-apigateway (1.56.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-apigatewaymanagementapi (1.9.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-apigatewaymanagementapi (1.19.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-apigatewayv2 (1.13.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-apigatewayv2 (1.29.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-applicationautoscaling (1.29.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-appconfig (1.12.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-applicationdiscoveryservice (1.21.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-appflow (1.3.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-applicationinsights (1.3.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-applicationautoscaling (1.48.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-appmesh (1.15.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-applicationdiscoveryservice (1.33.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-appstream (1.35.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-applicationinsights (1.15.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-appsync (1.20.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-appmesh (1.32.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-athena (1.19.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-appregistry (1.0.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-autoscaling (1.28.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-appstream (1.48.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-autoscalingplans (1.18.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-appsync (1.37.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-backup (1.9.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-athena (1.33.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-batch (1.25.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-augmentedairuntime (1.10.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-budgets (1.25.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-autoscaling (1.50.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-chime (1.13.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-autoscalingplans (1.28.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-cloud9 (1.17.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-backup (1.25.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-clouddirectory (1.20.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-batch (1.40.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-cloudformation (1.25.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-braket (1.5.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-cloudfront (1.22.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-budgets (1.36.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-cloudhsm (1.18.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-chime (1.38.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-cloudhsmv2 (1.18.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-cloud9 (1.29.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-cloudsearch (1.15.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-clouddirectory (1.29.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-cloudsearchdomain (1.15.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-cloudformation (1.45.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-cloudtrail (1.17.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-cloudfront (1.46.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-cloudwatch (1.28.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-cloudhsm (1.27.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-cloudwatchevents (1.24.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-cloudhsmv2 (1.30.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-cloudwatchlogs (1.25.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-cloudsearch (1.26.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-codebuild (1.40.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-cloudsearchdomain (1.22.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-codecommit (1.28.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-cloudtrail (1.29.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-codedeploy (1.26.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-cloudwatch (1.46.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-codepipeline (1.23.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-cloudwatchevents (1.40.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-codestar (1.17.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-cloudwatchlogs (1.38.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-cognitoidentity (1.16.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-codeartifact (1.5.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-cognitoidentityprovider (1.25.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-codebuild (1.64.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-cognitosync (1.15.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-codecommit (1.40.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-comprehend (1.25.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-codedeploy (1.37.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-comprehendmedical (1.9.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-codeguruprofiler (1.12.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-configservice (1.35.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-codegurureviewer (1.13.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-connect (1.19.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-codepipeline (1.38.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-codestar (1.27.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-codestarconnections (1.11.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-codestarnotifications (1.8.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-cognitoidentity (1.27.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-cognitoidentityprovider (1.47.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-cognitosync (1.24.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-comprehend (1.41.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-comprehendmedical (1.23.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-computeoptimizer (1.9.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-configservice (1.53.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-connect (1.35.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-connectparticipant (1.8.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-core (3.109.3) - aws-eventstream (~> 1, >= 1.0.2) - aws-partitions (~> 1, >= 1.239.0) + aws-sdk-core (3.64.0) + aws-eventstream (~> 1.0, >= 1.0.2) + aws-partitions (~> 1.0) aws-sigv4 (~> 1.1) jmespath (~> 1.0) - aws-sdk-costandusagereportservice (1.28.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-costandusagereportservice (1.17.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-costexplorer (1.53.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-costexplorer (1.29.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-databasemigrationservice (1.47.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-databasemigrationservice (1.27.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-dataexchange (1.10.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-datapipeline (1.15.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-datapipeline (1.24.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-datasync (1.12.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-datasync (1.28.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-dax (1.17.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-dax (1.27.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-devicefarm (1.27.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-detective (1.11.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-directconnect (1.24.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-devicefarm (1.39.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-directoryservice (1.21.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-directconnect (1.37.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-dlm (1.18.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-directoryservice (1.35.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-docdb (1.10.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-dlm (1.36.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-dynamodb (1.34.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-docdb (1.26.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-dynamodbstreams (1.15.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-dynamodb (1.57.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-ec2 (1.106.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-dynamodbstreams (1.26.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-ec2instanceconnect (1.2.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-ebs (1.11.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-ecr (1.20.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-ec2 (1.210.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-ecs (1.46.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-ec2instanceconnect (1.11.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-efs (1.21.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-ecr (1.39.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-eks (1.24.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-ecs (1.71.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-elasticache (1.24.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-efs (1.36.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-elasticbeanstalk (1.25.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-eks (1.45.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-elasticloadbalancing (1.18.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-elasticache (1.46.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-elasticloadbalancingv2 (1.33.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-elasticbeanstalk (1.39.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-elasticsearchservice (1.26.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-elasticinference (1.10.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-elastictranscoder (1.17.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-elasticloadbalancing (1.29.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-emr (1.21.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-elasticloadbalancingv2 (1.56.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-eventbridge (1.1.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-elasticsearchservice (1.46.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-firehose (1.20.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-elastictranscoder (1.27.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-fms (1.18.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-emr (1.39.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-forecastqueryservice (1.0.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-eventbridge (1.18.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-forecastservice (1.0.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-firehose (1.35.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-fsx (1.11.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-fms (1.33.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-gamelift (1.23.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-forecastqueryservice (1.10.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-glacier (1.25.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-forecastservice (1.12.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-globalaccelerator (1.10.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-frauddetector (1.14.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-glue (1.43.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-fsx (1.32.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-greengrass (1.24.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-gamelift (1.38.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-groundstation (1.3.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-glacier (1.35.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-guardduty (1.23.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-globalaccelerator (1.25.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-health (1.19.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-glue (1.79.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-iam (1.29.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-gluedatabrew (1.0.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-greengrass (1.37.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-groundstation (1.15.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-guardduty (1.42.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-health (1.31.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-honeycode (1.3.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-iam (1.46.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-identitystore (1.3.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-imagebuilder (1.16.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-importexport (1.24.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-importexport (1.15.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv2 (~> 1.0) - aws-sdk-inspector (1.32.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-iot (1.62.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-iot1clickdevicesservice (1.26.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-iot1clickprojects (1.26.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-iotanalytics (1.35.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-inspector (1.22.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-iotdataplane (1.26.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-iot (1.37.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-iotevents (1.20.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-iot1clickdevicesservice (1.17.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-ioteventsdata (1.13.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-iot1clickprojects (1.17.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-iotjobsdataplane (1.25.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-iotanalytics (1.24.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-iotsecuretunneling (1.9.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-iotdataplane (1.15.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-iotsitewise (1.14.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-iotevents (1.4.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-iotthingsgraph (1.12.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-ioteventsdata (1.4.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-ivs (1.5.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-iotjobsdataplane (1.16.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-kafka (1.29.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-iotthingsgraph (1.3.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-kendra (1.18.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-kafka (1.12.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-kinesis (1.30.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-kinesis (1.19.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-kinesisanalytics (1.29.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-kinesisanalytics (1.19.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-kinesisanalyticsv2 (1.24.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-kinesisanalyticsv2 (1.10.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-kinesisvideo (1.30.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-kinesisvideo (1.19.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-kinesisvideoarchivedmedia (1.29.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-kinesisvideoarchivedmedia (1.18.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-kinesisvideomedia (1.26.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-kinesisvideomedia (1.17.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-kinesisvideosignalingchannels (1.8.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-kms (1.24.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-kms (1.39.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-lakeformation (1.0.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-lakeformation (1.11.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-lambda (1.29.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-lambda (1.53.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-lambdapreview (1.15.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-lambdapreview (1.24.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-lex (1.19.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-lex (1.33.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-lexmodelbuildingservice (1.21.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-lexmodelbuildingservice (1.41.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-licensemanager (1.9.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-licensemanager (1.20.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-lightsail (1.24.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-lightsail (1.40.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-machinelearning (1.16.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-machinelearning (1.25.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-macie (1.15.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-macie (1.25.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-managedblockchain (1.6.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-macie2 (1.17.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-marketplacecommerceanalytics (1.15.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-managedblockchain (1.17.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-marketplaceentitlementservice (1.15.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-marketplacecatalog (1.9.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-marketplacemetering (1.18.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-marketplacecommerceanalytics (1.30.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-mediaconnect (1.13.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-marketplaceentitlementservice (1.24.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-mediaconvert (1.34.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-marketplacemetering (1.32.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-medialive (1.36.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-mediaconnect (1.28.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-mediapackage (1.22.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-mediaconvert (1.59.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-mediapackagevod (1.5.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-medialive (1.60.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-mediastore (1.19.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-mediapackage (1.36.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-mediastoredata (1.18.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-mediapackagevod (1.19.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-mediatailor (1.20.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-mediastore (1.30.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-migrationhub (1.17.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-mediastoredata (1.27.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-mobile (1.15.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-mediatailor (1.33.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-mq (1.20.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-migrationhub (1.29.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-mturk (1.18.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-migrationhubconfig (1.9.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-neptune (1.18.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-mobile (1.24.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-opsworks (1.20.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-mq (1.34.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-opsworkscm (1.24.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-mturk (1.27.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-organizations (1.31.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-neptune (1.31.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-personalize (1.4.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-networkfirewall (1.0.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-personalizeevents (1.3.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-networkmanager (1.8.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-personalizeruntime (1.4.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-opsworks (1.30.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-pi (1.15.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-opsworkscm (1.40.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-pinpoint (1.27.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-organizations (1.55.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-pinpointemail (1.14.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-outposts (1.11.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-pinpointsmsvoice (1.12.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-personalize (1.19.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-polly (1.26.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-personalizeevents (1.14.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-pricing (1.15.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-personalizeruntime (1.19.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-quicksight (1.12.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-pi (1.24.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-ram (1.10.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-pinpoint (1.47.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-rds (1.64.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-pinpointemail (1.24.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-rdsdataservice (1.11.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-pinpointsmsvoice (1.21.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-redshift (1.31.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-polly (1.38.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-rekognition (1.30.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-pricing (1.24.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-resourcegroups (1.20.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-qldb (1.11.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-resourcegroupstaggingapi (1.17.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-qldbsession (1.9.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-quicksight (1.36.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-ram (1.22.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-rds (1.106.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-rdsdataservice (1.23.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-redshift (1.51.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-redshiftdataapiservice (1.2.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-rekognition (1.47.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-resourcegroups (1.32.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-resourcegroupstaggingapi (1.34.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-resources (3.87.0) - aws-sdk-accessanalyzer (~> 1) + aws-sdk-resources (3.52.0) aws-sdk-acm (~> 1) aws-sdk-acmpca (~> 1) aws-sdk-alexaforbusiness (~> 1) @@ -645,22 +523,17 @@ GEM aws-sdk-apigateway (~> 1) aws-sdk-apigatewaymanagementapi (~> 1) aws-sdk-apigatewayv2 (~> 1) - aws-sdk-appconfig (~> 1) - aws-sdk-appflow (~> 1) aws-sdk-applicationautoscaling (~> 1) aws-sdk-applicationdiscoveryservice (~> 1) aws-sdk-applicationinsights (~> 1) aws-sdk-appmesh (~> 1) - aws-sdk-appregistry (~> 1) aws-sdk-appstream (~> 1) aws-sdk-appsync (~> 1) aws-sdk-athena (~> 1) - aws-sdk-augmentedairuntime (~> 1) aws-sdk-autoscaling (~> 1) aws-sdk-autoscalingplans (~> 1) aws-sdk-backup (~> 1) aws-sdk-batch (~> 1) - aws-sdk-braket (~> 1) aws-sdk-budgets (~> 1) aws-sdk-chime (~> 1) aws-sdk-cloud9 (~> 1) @@ -675,33 +548,24 @@ GEM aws-sdk-cloudwatch (~> 1) aws-sdk-cloudwatchevents (~> 1) aws-sdk-cloudwatchlogs (~> 1) - aws-sdk-codeartifact (~> 1) aws-sdk-codebuild (~> 1) aws-sdk-codecommit (~> 1) aws-sdk-codedeploy (~> 1) - aws-sdk-codeguruprofiler (~> 1) - aws-sdk-codegurureviewer (~> 1) aws-sdk-codepipeline (~> 1) aws-sdk-codestar (~> 1) - aws-sdk-codestarconnections (~> 1) - aws-sdk-codestarnotifications (~> 1) aws-sdk-cognitoidentity (~> 1) aws-sdk-cognitoidentityprovider (~> 1) aws-sdk-cognitosync (~> 1) aws-sdk-comprehend (~> 1) aws-sdk-comprehendmedical (~> 1) - aws-sdk-computeoptimizer (~> 1) aws-sdk-configservice (~> 1) aws-sdk-connect (~> 1) - aws-sdk-connectparticipant (~> 1) aws-sdk-costandusagereportservice (~> 1) aws-sdk-costexplorer (~> 1) aws-sdk-databasemigrationservice (~> 1) - aws-sdk-dataexchange (~> 1) aws-sdk-datapipeline (~> 1) aws-sdk-datasync (~> 1) aws-sdk-dax (~> 1) - aws-sdk-detective (~> 1) aws-sdk-devicefarm (~> 1) aws-sdk-directconnect (~> 1) aws-sdk-directoryservice (~> 1) @@ -709,7 +573,6 @@ GEM aws-sdk-docdb (~> 1) aws-sdk-dynamodb (~> 1) aws-sdk-dynamodbstreams (~> 1) - aws-sdk-ebs (~> 1) aws-sdk-ec2 (~> 1) aws-sdk-ec2instanceconnect (~> 1) aws-sdk-ecr (~> 1) @@ -718,7 +581,6 @@ GEM aws-sdk-eks (~> 1) aws-sdk-elasticache (~> 1) aws-sdk-elasticbeanstalk (~> 1) - aws-sdk-elasticinference (~> 1) aws-sdk-elasticloadbalancing (~> 1) aws-sdk-elasticloadbalancingv2 (~> 1) aws-sdk-elasticsearchservice (~> 1) @@ -729,21 +591,16 @@ GEM aws-sdk-fms (~> 1) aws-sdk-forecastqueryservice (~> 1) aws-sdk-forecastservice (~> 1) - aws-sdk-frauddetector (~> 1) aws-sdk-fsx (~> 1) aws-sdk-gamelift (~> 1) aws-sdk-glacier (~> 1) aws-sdk-globalaccelerator (~> 1) aws-sdk-glue (~> 1) - aws-sdk-gluedatabrew (~> 1) aws-sdk-greengrass (~> 1) aws-sdk-groundstation (~> 1) aws-sdk-guardduty (~> 1) aws-sdk-health (~> 1) - aws-sdk-honeycode (~> 1) aws-sdk-iam (~> 1) - aws-sdk-identitystore (~> 1) - aws-sdk-imagebuilder (~> 1) aws-sdk-importexport (~> 1) aws-sdk-inspector (~> 1) aws-sdk-iot (~> 1) @@ -754,19 +611,14 @@ GEM aws-sdk-iotevents (~> 1) aws-sdk-ioteventsdata (~> 1) aws-sdk-iotjobsdataplane (~> 1) - aws-sdk-iotsecuretunneling (~> 1) - aws-sdk-iotsitewise (~> 1) aws-sdk-iotthingsgraph (~> 1) - aws-sdk-ivs (~> 1) aws-sdk-kafka (~> 1) - aws-sdk-kendra (~> 1) aws-sdk-kinesis (~> 1) aws-sdk-kinesisanalytics (~> 1) aws-sdk-kinesisanalyticsv2 (~> 1) aws-sdk-kinesisvideo (~> 1) aws-sdk-kinesisvideoarchivedmedia (~> 1) aws-sdk-kinesisvideomedia (~> 1) - aws-sdk-kinesisvideosignalingchannels (~> 1) aws-sdk-kms (~> 1) aws-sdk-lakeformation (~> 1) aws-sdk-lambda (~> 1) @@ -777,9 +629,7 @@ GEM aws-sdk-lightsail (~> 1) aws-sdk-machinelearning (~> 1) aws-sdk-macie (~> 1) - aws-sdk-macie2 (~> 1) aws-sdk-managedblockchain (~> 1) - aws-sdk-marketplacecatalog (~> 1) aws-sdk-marketplacecommerceanalytics (~> 1) aws-sdk-marketplaceentitlementservice (~> 1) aws-sdk-marketplacemetering (~> 1) @@ -792,17 +642,13 @@ GEM aws-sdk-mediastoredata (~> 1) aws-sdk-mediatailor (~> 1) aws-sdk-migrationhub (~> 1) - aws-sdk-migrationhubconfig (~> 1) aws-sdk-mobile (~> 1) aws-sdk-mq (~> 1) aws-sdk-mturk (~> 1) aws-sdk-neptune (~> 1) - aws-sdk-networkfirewall (~> 1) - aws-sdk-networkmanager (~> 1) aws-sdk-opsworks (~> 1) aws-sdk-opsworkscm (~> 1) aws-sdk-organizations (~> 1) - aws-sdk-outposts (~> 1) aws-sdk-personalize (~> 1) aws-sdk-personalizeevents (~> 1) aws-sdk-personalizeruntime (~> 1) @@ -812,14 +658,11 @@ GEM aws-sdk-pinpointsmsvoice (~> 1) aws-sdk-polly (~> 1) aws-sdk-pricing (~> 1) - aws-sdk-qldb (~> 1) - aws-sdk-qldbsession (~> 1) aws-sdk-quicksight (~> 1) aws-sdk-ram (~> 1) aws-sdk-rds (~> 1) aws-sdk-rdsdataservice (~> 1) aws-sdk-redshift (~> 1) - aws-sdk-redshiftdataapiservice (~> 1) aws-sdk-rekognition (~> 1) aws-sdk-resourcegroups (~> 1) aws-sdk-resourcegroupstaggingapi (~> 1) @@ -829,11 +672,8 @@ GEM aws-sdk-route53resolver (~> 1) aws-sdk-s3 (~> 1) aws-sdk-s3control (~> 1) - aws-sdk-s3outposts (~> 1) aws-sdk-sagemaker (~> 1) aws-sdk-sagemakerruntime (~> 1) - aws-sdk-savingsplans (~> 1) - aws-sdk-schemas (~> 1) aws-sdk-secretsmanager (~> 1) aws-sdk-securityhub (~> 1) aws-sdk-serverlessapplicationrepository (~> 1) @@ -841,7 +681,6 @@ GEM aws-sdk-servicediscovery (~> 1) aws-sdk-servicequotas (~> 1) aws-sdk-ses (~> 1) - aws-sdk-sesv2 (~> 1) aws-sdk-shield (~> 1) aws-sdk-signer (~> 1) aws-sdk-simpledb (~> 1) @@ -850,183 +689,143 @@ GEM aws-sdk-sns (~> 1) aws-sdk-sqs (~> 1) aws-sdk-ssm (~> 1) - aws-sdk-ssoadmin (~> 1) - aws-sdk-ssooidc (~> 1) aws-sdk-states (~> 1) aws-sdk-storagegateway (~> 1) aws-sdk-support (~> 1) aws-sdk-swf (~> 1) - aws-sdk-synthetics (~> 1) aws-sdk-textract (~> 1) - aws-sdk-timestreamquery (~> 1) - aws-sdk-timestreamwrite (~> 1) aws-sdk-transcribeservice (~> 1) aws-sdk-transcribestreamingservice (~> 1) aws-sdk-transfer (~> 1) aws-sdk-translate (~> 1) aws-sdk-waf (~> 1) aws-sdk-wafregional (~> 1) - aws-sdk-wafv2 (~> 1) aws-sdk-workdocs (~> 1) aws-sdk-worklink (~> 1) aws-sdk-workmail (~> 1) - aws-sdk-workmailmessageflow (~> 1) aws-sdk-workspaces (~> 1) aws-sdk-xray (~> 1) - aws-sdk-robomaker (1.31.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-robomaker (1.14.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-route53 (1.44.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-route53 (1.29.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-route53domains (1.28.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-route53domains (1.17.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-route53resolver (1.21.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-route53resolver (1.10.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-s3 (1.84.1) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-s3 (1.46.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sdk-kms (~> 1) aws-sigv4 (~> 1.1) - aws-sdk-s3control (1.25.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-s3outposts (1.0.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-sagemaker (1.72.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-sagemakerruntime (1.27.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-s3control (1.12.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-savingsplans (1.12.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-sagemaker (1.43.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-schemas (1.10.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-sagemakerruntime (1.16.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-secretsmanager (1.43.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-secretsmanager (1.31.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-securityhub (1.35.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-securityhub (1.13.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-serverlessapplicationrepository (1.32.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-serverlessapplicationrepository (1.21.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-servicecatalog (1.55.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-servicecatalog (1.32.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-servicediscovery (1.31.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-servicediscovery (1.18.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-servicequotas (1.11.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-servicequotas (1.2.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-ses (1.36.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-ses (1.25.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-sesv2 (1.14.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-shield (1.20.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-shield (1.33.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-signer (1.15.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-signer (1.26.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-simpledb (1.24.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-simpledb (1.15.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv2 (~> 1.0) - aws-sdk-sms (1.27.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-snowball (1.35.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-sns (1.36.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-sqs (1.34.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-ssm (1.98.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-ssoadmin (1.3.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-sms (1.16.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-ssooidc (1.8.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-snowball (1.20.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-states (1.36.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-sns (1.19.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-storagegateway (1.52.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-sqs (1.21.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-support (1.28.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-ssm (1.55.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-swf (1.25.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-states (1.20.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-synthetics (1.10.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-storagegateway (1.31.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-textract (1.22.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-support (1.15.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-timestreamquery (1.1.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-swf (1.16.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-timestreamwrite (1.1.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-textract (1.10.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-transcribeservice (1.50.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-transcribeservice (1.27.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-transcribestreamingservice (1.23.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-transcribestreamingservice (1.8.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-transfer (1.28.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-transfer (1.13.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-translate (1.28.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-translate (1.17.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-waf (1.36.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-waf (1.24.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-wafregional (1.37.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-wafregional (1.25.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-wafv2 (1.14.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-workdocs (1.18.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-workdocs (1.28.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-worklink (1.11.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-worklink (1.21.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-workmail (1.18.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-workmail (1.33.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-workspaces (1.27.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) - aws-sdk-workmailmessageflow (1.9.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-workspaces (1.48.0) - aws-sdk-core (~> 3, >= 3.109.0) - aws-sigv4 (~> 1.1) - aws-sdk-xray (1.35.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-xray (1.20.0) + aws-sdk-core (~> 3, >= 3.61.1) aws-sigv4 (~> 1.1) aws-sigv2 (1.0.1) - aws-sigv4 (1.2.2) - aws-eventstream (~> 1, >= 1.0.2) + aws-sigv4 (1.1.0) + aws-eventstream (~> 1.0, >= 1.0.2) axe-matchers (1.3.4) dumb_delegator (~> 0.8) virtus (~> 1.0) @@ -1034,8 +833,8 @@ GEM descendants_tracker (~> 0.0.4) ice_nine (~> 0.11.0) thread_safe (~> 0.3, >= 0.3.1) - benchmark-ips (2.8.3) - better_errors (2.9.1) + benchmark-ips (2.8.2) + better_errors (2.7.1) coderay (>= 1.0.0) erubi (>= 1.0.0) rack (>= 0.9.0) @@ -1043,7 +842,7 @@ GEM debug_inspector (>= 0.0.1) bloomfilter-rb (2.1.1) redis - brakeman (4.10.0) + brakeman (4.6.1) builder (3.2.4) bullet (6.1.0) activesupport (>= 3.0.0) @@ -1051,8 +850,9 @@ GEM bummr (0.5.0) rainbow thor - byebug (11.1.3) - childprocess (4.0.0) + byebug (11.0.1) + childprocess (0.9.0) + ffi (~> 1.0, >= 1.0.11) choice (0.2.0) codeclimate-test-reporter (1.0.9) simplecov (<= 0.13) @@ -1061,49 +861,52 @@ GEM descendants_tracker (~> 0.0.1) colorize (0.8.1) concurrent-ruby (1.1.7) - crack (0.4.4) + crack (0.4.3) + safe_yaml (~> 1.0.0) crass (1.0.6) daemons (1.3.1) - database_cleaner (1.8.5) + database_cleaner (1.7.0) debug_inspector (0.0.3) derailed (0.1.0) derailed_benchmarks - derailed_benchmarks (1.8.1) + derailed_benchmarks (1.7.0) benchmark-ips (~> 2) get_process_mem (~> 0) heapy (~> 0) memory_profiler (~> 0) - mini_histogram (>= 0.2.1) + mini_histogram (~> 0) rack (>= 1) rake (> 10, < 14) ruby-statistics (>= 2.1) thor (>= 0.19, < 2) + unicode_plot (>= 0.0.4, < 1.0.0) descendants_tracker (0.0.4) thread_safe (~> 0.3, >= 0.3.1) diff-lcs (1.4.4) docile (1.1.5) - dumb_delegator (0.8.1) + dumb_delegator (0.8.0) + enumerable-statistics (2.0.1) equalizer (0.0.11) - erubi (1.10.0) + erubi (1.9.0) eventmachine (1.2.7) factory_bot (6.1.0) activesupport (>= 5.0.0) factory_bot_rails (6.1.0) factory_bot (~> 6.1.0) railties (>= 5.0.0) - fakefs (1.2.2) - fasterer (0.8.3) + fakefs (0.20.1) + fasterer (0.8.1) colorize (~> 0.7) ruby_parser (>= 3.14.1) ffi (1.13.1) - figaro (1.2.0) - thor (>= 0.14.0, < 2) + figaro (1.1.1) + thor (~> 0.14) formatador (0.2.5) - get_process_mem (0.2.7) + get_process_mem (0.2.5) ffi (~> 1.0) globalid (0.4.2) activesupport (>= 4.2.0) - guard (2.16.2) + guard (2.15.0) formatador (>= 0.2.4) listen (>= 2.7, < 4.0) lumberjack (>= 1.0.12, < 2.0) @@ -1117,81 +920,80 @@ GEM guard (~> 2.1) guard-compat (~> 1.1) rspec (>= 2.99.0, < 4.0) - hashdiff (1.0.1) + hashdiff (1.0.0) health_check (3.0.0) railties (>= 5.0) - heapy (0.2.0) - thor + heapy (0.1.4) i18n (1.8.5) concurrent-ruby (~> 1.0) ice_nine (0.11.2) - iniparse (1.5.0) + iniparse (1.4.4) + jaro_winkler (1.5.4) jmespath (1.4.0) - json (2.3.1) + json (2.3.0) lazy_priority_queue (0.1.1) - listen (3.3.1) - rb-fsevent (~> 0.10, >= 0.10.3) - rb-inotify (~> 0.9, >= 0.9.10) + listen (3.1.5) + rb-fsevent (~> 0.9, >= 0.9.4) + rb-inotify (~> 0.9, >= 0.9.7) + ruby_dep (~> 1.2) loofah (2.7.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) - lumberjack (1.2.8) + lumberjack (1.0.13) mail (2.7.1) mini_mime (>= 0.1.1) marcel (0.3.3) mimemagic (~> 0.3.2) memory_profiler (0.9.14) - method_source (1.0.0) + method_source (0.9.2) mimemagic (0.3.5) mini_cache (1.1.0) - mini_histogram (0.3.1) + mini_histogram (0.1.3) mini_mime (1.0.2) mini_portile2 (2.4.0) minitest (5.14.2) nenv (0.3.0) - newrelic_rpm (6.13.1) - nio4r (2.5.4) + newrelic_rpm (6.5.0.357) + nio4r (2.5.3) nokogiri (1.10.10) mini_portile2 (~> 2.4.0) notiffany (0.1.3) nenv (~> 0.1) shellany (~> 0.0) - overcommit (0.57.0) - childprocess (>= 0.6.3, < 5) + overcommit (0.47.0) + childprocess (~> 0.6, >= 0.6.3) iniparse (~> 1.4) - parallel (1.20.0) - parser (2.7.2.0) - ast (~> 2.4.1) - pg (1.2.3) - pry (0.13.1) - coderay (~> 1.1) - method_source (~> 1.0) - pry-byebug (3.9.0) + parallel (1.19.1) + parser (2.6.5.0) + ast (~> 2.4.0) + pg (1.1.4) + pry (0.12.2) + coderay (~> 1.1.0) + method_source (~> 0.9.0) + pry-byebug (3.7.0) byebug (~> 11.0) - pry (~> 0.13.0) + pry (~> 0.10) pry-rails (0.3.9) pry (>= 0.10.4) - public_suffix (4.0.6) + public_suffix (3.1.1) puma (3.12.6) rack (2.2.3) - rack-mini-profiler (2.2.0) + rack-mini-profiler (2.0.2) rack (>= 1.2.0) rack-test (1.1.0) rack (>= 1.0, < 3) - rails (6.0.3.4) - actioncable (= 6.0.3.4) - actionmailbox (= 6.0.3.4) - actionmailer (= 6.0.3.4) - actionpack (= 6.0.3.4) - actiontext (= 6.0.3.4) - actionview (= 6.0.3.4) - activejob (= 6.0.3.4) - activemodel (= 6.0.3.4) - activerecord (= 6.0.3.4) - activestorage (= 6.0.3.4) - activesupport (= 6.0.3.4) + rails (5.2.4.4) + actioncable (= 5.2.4.4) + actionmailer (= 5.2.4.4) + actionpack (= 5.2.4.4) + actionview (= 5.2.4.4) + activejob (= 5.2.4.4) + activemodel (= 5.2.4.4) + activerecord (= 5.2.4.4) + activestorage (= 5.2.4.4) + activesupport (= 5.2.4.4) bundler (>= 1.3.0) - railties (= 6.0.3.4) + railties (= 5.2.4.4) sprockets-rails (>= 2.0.0) rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) @@ -1207,66 +1009,63 @@ GEM ruby-graphviz (~> 1.2) rails-html-sanitizer (1.3.0) loofah (~> 2.3) - railties (6.0.3.4) - actionpack (= 6.0.3.4) - activesupport (= 6.0.3.4) + railties (5.2.4.4) + actionpack (= 5.2.4.4) + activesupport (= 5.2.4.4) method_source rake (>= 0.8.7) - thor (>= 0.20.3, < 2.0) + thor (>= 0.19.0, < 2.0) rainbow (3.0.0) rake (13.0.1) - rb-fsevent (0.10.4) - rb-inotify (0.10.1) + rb-fsevent (0.10.3) + rb-inotify (0.10.0) ffi (~> 1.0) - redis (4.2.4) - regexp_parser (1.8.2) + redis (4.1.2) rexml (3.2.4) rgl (0.5.6) lazy_priority_queue (~> 0.1.0) stream (~> 0.5.2) - rspec (3.10.0) - rspec-core (~> 3.10.0) - rspec-expectations (~> 3.10.0) - rspec-mocks (~> 3.10.0) - rspec-core (3.10.0) - rspec-support (~> 3.10.0) - rspec-expectations (3.10.0) + rspec (3.8.0) + rspec-core (~> 3.8.0) + rspec-expectations (~> 3.8.0) + rspec-mocks (~> 3.8.0) + rspec-core (3.8.2) + rspec-support (~> 3.8.0) + rspec-expectations (3.8.6) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.10.0) - rspec-mocks (3.10.0) + rspec-support (~> 3.8.0) + rspec-mocks (3.8.2) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.10.0) - rspec-rails (4.0.1) - actionpack (>= 4.2) - activesupport (>= 4.2) - railties (>= 4.2) - rspec-core (~> 3.9) - rspec-expectations (~> 3.9) - rspec-mocks (~> 3.9) - rspec-support (~> 3.9) - rspec-support (3.10.0) - rubocop (1.3.1) + rspec-support (~> 3.8.0) + rspec-rails (3.8.3) + actionpack (>= 3.0) + activesupport (>= 3.0) + railties (>= 3.0) + rspec-core (~> 3.8.0) + rspec-expectations (~> 3.8.0) + rspec-mocks (~> 3.8.0) + rspec-support (~> 3.8.0) + rspec-support (3.8.3) + rubocop (0.78.0) + jaro_winkler (~> 1.5.1) parallel (~> 1.10) - parser (>= 2.7.1.5) + parser (>= 2.6) rainbow (>= 2.2.2, < 4.0) - regexp_parser (>= 1.8) - rexml - rubocop-ast (>= 1.1.1) ruby-progressbar (~> 1.7) - unicode-display_width (>= 1.4.0, < 2.0) - rubocop-ast (1.1.1) - parser (>= 2.7.1.5) - rubocop-rails (2.8.1) - activesupport (>= 4.2.0) + unicode-display_width (>= 1.4.0, < 1.7) + rubocop-rails (2.5.2) + activesupport rack (>= 1.1) - rubocop (>= 0.87.0) + rubocop (>= 0.72.0) ruby-graphviz (1.2.5) rexml ruby-progressbar (1.10.1) ruby-statistics (2.1.2) - ruby_parser (3.15.0) + ruby_dep (1.5.0) + ruby_parser (3.14.1) sexp_processor (~> 4.9) - sexp_processor (4.15.1) + safe_yaml (1.0.5) + sexp_processor (4.13.0) shellany (0.0.1) shoulda-matchers (3.1.3) activesupport (>= 4.0.0) @@ -1278,35 +1077,36 @@ GEM sprockets (4.0.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (3.2.2) + sprockets-rails (3.2.1) actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) stream (0.5.2) - thin (1.8.0) + thin (1.7.2) daemons (~> 1.0, >= 1.0.9) eventmachine (~> 1.0, >= 1.0.4) rack (>= 1, < 3) - thor (1.0.1) + thor (0.20.3) thread_safe (0.3.6) - timecop (0.9.2) - tzinfo (1.2.8) + timecop (0.9.1) + tzinfo (1.2.7) thread_safe (~> 0.1) - unicode-display_width (1.7.0) + unicode-display_width (1.6.1) + unicode_plot (0.0.4) + enumerable-statistics (>= 2.0.1) uniform_notifier (1.13.0) virtus (1.0.5) axiom-types (~> 0.1) coercible (~> 1.0) descendants_tracker (~> 0.0, >= 0.0.3) equalizer (~> 0.0, >= 0.0.9) - webmock (3.10.0) + webmock (3.6.2) addressable (>= 2.3.6) crack (>= 0.3.2) hashdiff (>= 0.4.0, < 2.0.0) websocket-driver (0.7.3) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) - zeitwerk (2.4.1) zonebie (0.6.1) PLATFORMS @@ -1340,7 +1140,7 @@ DEPENDENCIES pry-rails puma (~> 3.12, >= 3.12.6) rack-mini-profiler (>= 1.0.2) - rails (~> 6.0, >= 6.0.3.4) + rails (~> 5.2, >= 5.2.4.4) rails-controller-testing (>= 1.0.4) rails-erd (>= 1.6.0) rgl @@ -1359,4 +1159,4 @@ RUBY VERSION ruby 2.6.5p114 BUNDLED WITH - 2.0.2 + 1.17.3 From d9f68a386a36f554e6aa17fa4dd69258f85121b5 Mon Sep 17 00:00:00 2001 From: Mitchell Henke Date: Wed, 10 Feb 2021 09:01:25 -0600 Subject: [PATCH 06/18] Merge Rails 6 --- Gemfile | 2 +- Gemfile.lock | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile b/Gemfile index e936879c3..fa750433f 100644 --- a/Gemfile +++ b/Gemfile @@ -3,7 +3,7 @@ git_source(:github) { |repo_name| "https://github.com/#{repo_name}.git" } ruby '~> 2.6.5' -gem 'rails', '~> 5.2', '>= 5.2.4.4' +gem 'rails', '~> 6.0', '>= 6.0.3.4' gem 'activerecord-import', '>= 1.0.2' gem 'aws-sdk', require: false diff --git a/Gemfile.lock b/Gemfile.lock index f34ee089d..c4ab17a11 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1361,4 +1361,4 @@ RUBY VERSION ruby 2.6.5p114 BUNDLED WITH - 2.1.4 \ No newline at end of file + 2.1.4 From fb992bb3661278b36fd1bb92abcbc7a33845fcd1 Mon Sep 17 00:00:00 2001 From: Mitchell Henke Date: Mon, 17 May 2021 15:59:16 -0500 Subject: [PATCH 07/18] Deploy RC 20 to Prod (#232) * Update hostdata version to support imdsv2 (#229) * Use identity-hostdata v3.2.0 Co-authored-by: Zach Margolis * Bump rexml from 3.2.4 to 3.2.5 (#230) Bumps [rexml](https://github.com/ruby/rexml) from 3.2.4 to 3.2.5. - [Release notes](https://github.com/ruby/rexml/releases) - [Changelog](https://github.com/ruby/rexml/blob/master/NEWS.md) - [Commits](https://github.com/ruby/rexml/compare/v3.2.4...v3.2.5) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * do not enforce case insensitive uniqueness for piv_cac uuid or dn_signature (#231) * do not enforce case insensitive uniqueness for piv_cac uuid or dn_signature * update rails Co-authored-by: Brian Crissup Co-authored-by: Zach Margolis Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile | 2 +- Gemfile.lock | 120 ++++++++++++++++++------------------ app/models/piv_cac.rb | 4 +- spec/models/piv_cac_spec.rb | 4 +- 4 files changed, 65 insertions(+), 65 deletions(-) diff --git a/Gemfile b/Gemfile index 2e5cef853..5ac18fcd5 100644 --- a/Gemfile +++ b/Gemfile @@ -9,7 +9,7 @@ gem 'activerecord-import', '>= 1.0.2' gem 'aws-sdk', require: false gem 'bloomfilter-rb' gem 'health_check', '>= 3.0.0' -gem 'identity-hostdata', github: '18F/identity-hostdata', tag: 'v3.1.0' +gem 'identity-hostdata', github: '18F/identity-hostdata', tag: 'v3.2.0' gem 'identity-logging', github: '18F/identity-logging', tag: 'v0.1.0' gem 'mini_cache' gem 'newrelic_rpm' diff --git a/Gemfile.lock b/Gemfile.lock index 0e8a1d093..a582c99b8 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,9 +1,9 @@ GIT remote: https://github.com/18F/identity-hostdata.git - revision: 4f978b9f2e573e99f54c69869846c7aae983c4ae - tag: v3.1.0 + revision: 0583a0a5abd9052c8c95d96c821f9564c04e82c4 + tag: v3.2.0 specs: - identity-hostdata (3.1.0) + identity-hostdata (3.2.0) activesupport (~> 6.1) aws-sdk-s3 (~> 1.8) @@ -19,62 +19,62 @@ GIT GEM remote: https://rubygems.org/ specs: - actioncable (6.1.3.1) - actionpack (= 6.1.3.1) - activesupport (= 6.1.3.1) + actioncable (6.1.3.2) + actionpack (= 6.1.3.2) + activesupport (= 6.1.3.2) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.1.3.1) - actionpack (= 6.1.3.1) - activejob (= 6.1.3.1) - activerecord (= 6.1.3.1) - activestorage (= 6.1.3.1) - activesupport (= 6.1.3.1) + actionmailbox (6.1.3.2) + actionpack (= 6.1.3.2) + activejob (= 6.1.3.2) + activerecord (= 6.1.3.2) + activestorage (= 6.1.3.2) + activesupport (= 6.1.3.2) mail (>= 2.7.1) - actionmailer (6.1.3.1) - actionpack (= 6.1.3.1) - actionview (= 6.1.3.1) - activejob (= 6.1.3.1) - activesupport (= 6.1.3.1) + actionmailer (6.1.3.2) + actionpack (= 6.1.3.2) + actionview (= 6.1.3.2) + activejob (= 6.1.3.2) + activesupport (= 6.1.3.2) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.1.3.1) - actionview (= 6.1.3.1) - activesupport (= 6.1.3.1) + actionpack (6.1.3.2) + actionview (= 6.1.3.2) + activesupport (= 6.1.3.2) rack (~> 2.0, >= 2.0.9) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.3.1) - actionpack (= 6.1.3.1) - activerecord (= 6.1.3.1) - activestorage (= 6.1.3.1) - activesupport (= 6.1.3.1) + actiontext (6.1.3.2) + actionpack (= 6.1.3.2) + activerecord (= 6.1.3.2) + activestorage (= 6.1.3.2) + activesupport (= 6.1.3.2) nokogiri (>= 1.8.5) - actionview (6.1.3.1) - activesupport (= 6.1.3.1) + actionview (6.1.3.2) + activesupport (= 6.1.3.2) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.1.3.1) - activesupport (= 6.1.3.1) + activejob (6.1.3.2) + activesupport (= 6.1.3.2) globalid (>= 0.3.6) - activemodel (6.1.3.1) - activesupport (= 6.1.3.1) - activerecord (6.1.3.1) - activemodel (= 6.1.3.1) - activesupport (= 6.1.3.1) + activemodel (6.1.3.2) + activesupport (= 6.1.3.2) + activerecord (6.1.3.2) + activemodel (= 6.1.3.2) + activesupport (= 6.1.3.2) activerecord-import (1.0.8) activerecord (>= 3.2) - activestorage (6.1.3.1) - actionpack (= 6.1.3.1) - activejob (= 6.1.3.1) - activerecord (= 6.1.3.1) - activesupport (= 6.1.3.1) + activestorage (6.1.3.2) + actionpack (= 6.1.3.2) + activejob (= 6.1.3.2) + activerecord (= 6.1.3.2) + activesupport (= 6.1.3.2) marcel (~> 1.0.0) mini_mime (~> 1.0.2) - activesupport (6.1.3.1) + activesupport (6.1.3.2) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) @@ -1149,7 +1149,7 @@ GEM activesupport (>= 4) railties (>= 4) request_store (~> 1.0) - loofah (2.9.0) + loofah (2.9.1) crass (~> 1.0.2) nokogiri (>= 1.5.9) lumberjack (1.2.8) @@ -1161,12 +1161,12 @@ GEM mini_cache (1.1.0) mini_histogram (0.3.1) mini_mime (1.0.3) - mini_portile2 (2.5.0) + mini_portile2 (2.5.1) minitest (5.14.4) nenv (0.3.0) newrelic_rpm (6.13.1) nio4r (2.5.7) - nokogiri (1.11.2) + nokogiri (1.11.3) mini_portile2 (~> 2.5.0) racc (~> 1.4) notiffany (0.1.3) @@ -1195,20 +1195,20 @@ GEM rack (>= 1.2.0) rack-test (1.1.0) rack (>= 1.0, < 3) - rails (6.1.3.1) - actioncable (= 6.1.3.1) - actionmailbox (= 6.1.3.1) - actionmailer (= 6.1.3.1) - actionpack (= 6.1.3.1) - actiontext (= 6.1.3.1) - actionview (= 6.1.3.1) - activejob (= 6.1.3.1) - activemodel (= 6.1.3.1) - activerecord (= 6.1.3.1) - activestorage (= 6.1.3.1) - activesupport (= 6.1.3.1) + rails (6.1.3.2) + actioncable (= 6.1.3.2) + actionmailbox (= 6.1.3.2) + actionmailer (= 6.1.3.2) + actionpack (= 6.1.3.2) + actiontext (= 6.1.3.2) + actionview (= 6.1.3.2) + activejob (= 6.1.3.2) + activemodel (= 6.1.3.2) + activerecord (= 6.1.3.2) + activestorage (= 6.1.3.2) + activesupport (= 6.1.3.2) bundler (>= 1.15.0) - railties (= 6.1.3.1) + railties (= 6.1.3.2) sprockets-rails (>= 2.0.0) rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) @@ -1224,9 +1224,9 @@ GEM ruby-graphviz (~> 1.2) rails-html-sanitizer (1.3.0) loofah (~> 2.3) - railties (6.1.3.1) - actionpack (= 6.1.3.1) - activesupport (= 6.1.3.1) + railties (6.1.3.2) + actionpack (= 6.1.3.2) + activesupport (= 6.1.3.2) method_source rake (>= 0.8.7) thor (~> 1.0) @@ -1240,7 +1240,7 @@ GEM regexp_parser (1.8.2) request_store (1.5.0) rack (>= 1.4) - rexml (3.2.4) + rexml (3.2.5) rgl (0.5.6) lazy_priority_queue (~> 0.1.0) stream (~> 0.5.2) diff --git a/app/models/piv_cac.rb b/app/models/piv_cac.rb index 550f8e164..5a71f8335 100644 --- a/app/models/piv_cac.rb +++ b/app/models/piv_cac.rb @@ -7,8 +7,8 @@ class PivCac < ApplicationRecord before_validation :create_uuid, on: :create - validates :dn_signature, presence: true, uniqueness: { case_sensitive: false } - validates :uuid, presence: true, uniqueness: { case_sensitive: false } + validates :dn_signature, presence: true, uniqueness: true + validates :uuid, presence: true, uniqueness: true def dn=(raw) self.dn_signature = PivCac.make_dn_signature(raw) diff --git a/spec/models/piv_cac_spec.rb b/spec/models/piv_cac_spec.rb index ccef9d534..3871d718b 100644 --- a/spec/models/piv_cac_spec.rb +++ b/spec/models/piv_cac_spec.rb @@ -5,9 +5,9 @@ subject { piv_cac } it { is_expected.to validate_presence_of :uuid } - it { is_expected.to validate_uniqueness_of(:uuid).case_insensitive } + it { is_expected.to validate_uniqueness_of(:uuid) } it { is_expected.to validate_presence_of :dn_signature } - it { is_expected.to validate_uniqueness_of(:dn_signature).case_insensitive } + it { is_expected.to validate_uniqueness_of(:dn_signature) } describe '#find_or_create_by' do it 'returns nil when dn is not provided' do From 62e373cc092b1cf4fa9400e0e4e76f4985577d6c Mon Sep 17 00:00:00 2001 From: Zach Margolis Date: Mon, 3 Jan 2022 12:20:01 -0800 Subject: [PATCH 08/18] Revert "Merge pull request #265 from 18F/stages/rc-2022-01-03" This reverts commit 50db54ad4e4fef98c0350428f36f1c955f7afb2d, reversing changes made to c0615882950132434bc19af3f15cebad2a277c5d. --- config/application.yml.default | 2 ++ ..., OU=DoD, OU=PKI, CN=DOD DERILITY CA-1.pem | 30 +++++++++++++++++ ...nt, OU=DoD, OU=PKI, CN=DOD EMAIL CA-49.pem | 30 +++++++++++++++++ ...nt, OU=DoD, OU=PKI, CN=DOD EMAIL CA-50.pem | 30 +++++++++++++++++ ...nt, OU=DoD, OU=PKI, CN=DOD EMAIL CA-51.pem | 30 +++++++++++++++++ ...nt, OU=DoD, OU=PKI, CN=DOD EMAIL CA-52.pem | 30 +++++++++++++++++ ...nt, OU=DoD, OU=PKI, CN=DOD EMAIL CA-59.pem | 30 +++++++++++++++++ ...nt, OU=DoD, OU=PKI, CN=DOD EMAIL CA-62.pem | 30 +++++++++++++++++ ...nt, OU=DoD, OU=PKI, CN=DOD EMAIL CA-63.pem | 30 +++++++++++++++++ ...nt, OU=DoD, OU=PKI, CN=DOD EMAIL CA-64.pem | 30 +++++++++++++++++ ...nt, OU=DoD, OU=PKI, CN=DOD EMAIL CA-65.pem | 30 +++++++++++++++++ ...nment, OU=DoD, OU=PKI, CN=DOD ID CA-49.pem | 30 +++++++++++++++++ ...nment, OU=DoD, OU=PKI, CN=DOD ID CA-50.pem | 30 +++++++++++++++++ ...nment, OU=DoD, OU=PKI, CN=DOD ID CA-51.pem | 30 +++++++++++++++++ ...nment, OU=DoD, OU=PKI, CN=DOD ID CA-52.pem | 30 +++++++++++++++++ ...nment, OU=DoD, OU=PKI, CN=DOD ID CA-59.pem | 30 +++++++++++++++++ ...nment, OU=DoD, OU=PKI, CN=DOD ID CA-62.pem | 30 +++++++++++++++++ ...nment, OU=DoD, OU=PKI, CN=DOD ID CA-63.pem | 30 +++++++++++++++++ ...nment, OU=DoD, OU=PKI, CN=DOD ID CA-64.pem | 30 +++++++++++++++++ ...nment, OU=DoD, OU=PKI, CN=DOD ID CA-65.pem | 30 +++++++++++++++++ ...nt, OU=DoD, OU=PKI, CN=DOD ID SW CA-45.pem | 30 +++++++++++++++++ ...nt, OU=DoD, OU=PKI, CN=DOD ID SW CA-46.pem | 30 +++++++++++++++++ ...nment, OU=DoD, OU=PKI, CN=DOD SW CA-53.pem | 29 +++++++++++++++++ ...nment, OU=DoD, OU=PKI, CN=DOD SW CA-54.pem | 29 +++++++++++++++++ ...nment, OU=DoD, OU=PKI, CN=DOD SW CA-60.pem | 29 +++++++++++++++++ ...nment, OU=DoD, OU=PKI, CN=DOD SW CA-66.pem | 29 +++++++++++++++++ ...nment, OU=DoD, OU=PKI, CN=DOD SW CA-67.pem | 29 +++++++++++++++++ ...ment, OU=DoD, OU=PKI, CN=DoD Root CA 3.pem | 32 +++++++++++++++++++ 28 files changed, 809 insertions(+) create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD DERILITY CA-1.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-49.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-50.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-51.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-52.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-59.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-62.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-63.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-64.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-65.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-49.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-50.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-51.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-52.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-59.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-62.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-63.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-64.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-65.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID SW CA-45.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID SW CA-46.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-53.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-54.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-60.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-66.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-67.pem create mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DoD Root CA 3.pem diff --git a/config/application.yml.default b/config/application.yml.default index 1d86529b4..9fbd174c0 100644 --- a/config/application.yml.default +++ b/config/application.yml.default @@ -41,10 +41,12 @@ trusted_ca_root_identifiers: "\ # DoD root identifiers: # 49:74:BB:0C:5E:BA:7A:FE:02:54:EF:7B:A0:C6:95:C6:09:80:70:96 - DoD Root CA 2 +# 6C:8A:94:A2:77:B1:80:72:1D:81:7A:16:AA:F2:DC:CE:66:EE:45:C0 - DoD Root CA 3 # BD:C1:B9:6B:4D:F4:1D:EC:30:90:BF:62:73:C0:84:33:F2:71:24:85 - DoD Root CA 4 dod_root_identifiers: "\ 49:74:BB:0C:5E:BA:7A:FE:02:54:EF:7B:A0:C6:95:C6:09:80:70:96,\ + 6C:8A:94:A2:77:B1:80:72:1D:81:7A:16:AA:F2:DC:CE:66:EE:45:C0,\ BD:C1:B9:6B:4D:F4:1D:EC:30:90:BF:62:73:C0:84:33:F2:71:24:85" required_policies: | diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD DERILITY CA-1.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD DERILITY CA-1.pem new file mode 100644 index 000000000..692dd277f --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD DERILITY CA-1.pem @@ -0,0 +1,30 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD DERILITY CA-1 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEsDCCA5igAwIBAgICBMIwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMjEwMTE5MTQ1NTM3WhcN +MjcwMTIwMTQ1NTM3WjBfMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEaMBgGA1UEAxMRRE9E +IERFUklMSVRZIENBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDU ++oux8F1k37D9HStMm9I+r6EUj8qssrcvCwAzwAMX6dC29KzikC5gbzYCB3Y5Bf+b +ui+mBdNbzo7kgDq+VBIZn4WqM6thlb7JQgvlejt2eJByfVcVoKfYf26Sa62qbKcd +Q3O2S8pC+Hdbwo2dbubNOui5BLxW/gzW6pS/VkJgwn1IdT3WrHTK4wsH5h7j372O +kE5D5XbkM/aSjiWobyGnP4aHhIMurV7heZ3c0SK2AGrtWfaM6JjK4UW8at0p3kWr +2c5kNoXKe7AMAWFIXmYHzT9WMYiQwn2eBw2kvgwXJsaQ3KHea9+7xbtv6EZLf/uf +nd4Ayxhy+3IBiE3bzcPnAgMBAAGjggF4MIIBdDAfBgNVHSMEGDAWgBRsipSid7GA +ch2Behaq8tzOZu5FwDAdBgNVHQ4EFgQUCIk6zhO8HPI6LZgxC6n+OHn9giIwDgYD +VR0PAQH/BAQDAgGGMFkGA1UdIARSMFAwCwYJYIZIAWUCAQskMAsGCWCGSAFlAgEL +JzALBglghkgBZQIBCyowCwYJYIZIAWUCAQs7MAwGCmCGSAFlAwIBAygwDAYKYIZI +AWUDAgEDKTASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOAAQAwNwYDVR0f +BDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9EUk9PVENBMy5j +cmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8vY3JsLmRpc2Eu +bWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUFBzABhhRodHRw +Oi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEAkAjLcFmNd6APpZXi +vYvo//JoFo680eLc2dCYOx48VHzI1M00mMov69uitCBRZSqVeI9NmlIGQBhLAfea +QxSd3XxIdbUsYul5/vylbUZpKTBQ03A8t76pOtPPzksG8aBfYx+SzXwqzpAbz396 +BVtRErX5yDOPK3+LBy+Eq+0Nh6h0CkPmSKBMAHLVZL2Nqe5MIRFn/FlKJEbtpTEq +FELs8KtqM6X5uLKGPUhjGOeLBijzYxF+nd1GM9kRiyw5v7j06jrVTuIVwcSQPcsX +pHNtbzW/Tx2dRfHn0w8WkSQdDvwSTuo1pWOYBo6yJhRwSm3/4rmawxlp3p8lXuiB +SlUDxA== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-49.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-49.pem new file mode 100644 index 000000000..badcb806d --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-49.pem @@ -0,0 +1,30 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-49 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEvDCCA6SgAwIBAgICASMwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0MzE0WhcN +MjIxMTIzMTM0MzE0WjBdMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEYMBYGA1UEAwwPRE9E +IEVNQUlMIENBLTQ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAus23 +xtOAbfLxPh+OS8U3N/c7ZsnTNZGki6KjnEg4EVHnUKwBB1pWLeQbZTVp01dHWlxR +KyvANnk+8ozM8tucowx0q6fo5J/YteD9qHFAoWjJQpRB6Hvn2vvHvUbu7iAY5Pel +0B6A0NN/lKW26tTlim6NkV1MuCcvpCGrwH0f2TOCzkDf7IPqQDvLWOjPQP9nmNMG +nS+qCvF5F0iGFXTH1NDeI8EPvKMBQE+LgJ4PAF8eFdDo0mDE6iLfPAIXBzfYUdFk +MS3eVpJOWPzOEYeRLcWQkORvczfxN0obxSH3TGoBLB3ubELOoiqgsTF7rLKE1Kyz +Wrao15uoYf29O9jatQIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHId +gXoWqvLczmbuRcAwHQYDVR0OBBYEFGlEHxqVTqUaf4g6zHsSOSwfzxoxMA4GA1Ud +DwEB/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycw +CwYJYIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFl +AwIBAxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQF +MAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwv +RE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRw +Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsG +AQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEA +XDNkaD2Gwe4ZoWklwvAvveoOYK5s8fJbjZOjI2V1tZjIP5edw8YSvLDGTqsaDlao +28hCVhoOU0+V234p0CAGKNKID6WCR46s7uAALaaWfd4aHDzf20qYsnMrl0eKCv6F +sUtKBkIYJBjxpoaIpudRCnSmQkxweKzCGCtjWCT2MGSJro2Q0eQWTDxnJX9/v8z7 +dZ8ddZO1zgoU1xnAx9LxdrVl6H2VcB17z6t2d5TqSLM/OnuSHT7LWqYbVJERf38D +U0WSQ7VOp2x1SkInJqpewvi+0rl/yh97UoDZuS/GUkVIMFbpJkbcadiEGBINErRl +R5vQZDesBpGqUxNYuIIJbA== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-50.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-50.pem new file mode 100644 index 000000000..ac55c5b9a --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-50.pem @@ -0,0 +1,30 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-50 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEvDCCA6SgAwIBAgICASQwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0NTAwWhcN +MjIxMTIzMTM0NTAwWjBdMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEYMBYGA1UEAwwPRE9E +IEVNQUlMIENBLTUwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAorU5 +fwMKXKwK4SrttozvWb8Zx9g+7pGrzD+cbaZbISrTvNTi9MhDYASMo23nzG/ShHQM +c0qCc10AVUqpAfwRhm9FbphD3r30SWKQsrKeObBW63iMeB6gfhg/+zScvkJxlqj6 +x5cHglMCFQfdqjgmjtcuWIGr7cDf1WQJLGfCz6ilKH/H2no0a3AyoFEAglrUyhC5 +n0IVsmyrWY4Hy9A/0xe84hl+68cJfB4VD+8A+YrUqEgspiqzocvzcuN/GNdeD9Lw +XPqylqnF8SN0HYoHmjbimscIn86wCxARO0siWZ7hStrcbkb+cgFoY5aScdldUkni +YI2cmRy0C5jv+wAfXwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHId +gXoWqvLczmbuRcAwHQYDVR0OBBYEFGUKe10mGzDKLdz81nPHHsF/BIzIMA4GA1Ud +DwEB/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycw +CwYJYIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFl +AwIBAxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQF +MAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwv +RE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRw +Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsG +AQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEA +VnLKwRdYBaPnEONJnTpHoC4znIQMHBsEpQbR8P5j49IXtHRjCpl5PKRIwuAc+Ff3 +ixM3jv/G+LBi26G0ZNGZ4iI11rJ3TLxUqHT12/WXTuS91jePA/f3WIHkGBEFeRs+ +wiROXSAveyMAt1ThK9Bil7BYlLmpgfci7eiKHC6OlA7VZo4OrS03VZTlaaBaU5Te ++tX8XYQ7Kllh9LreXZ2Cks14oNBlS4vzOcZOpw1bamaEbIA13IsGyY/kF7LqSPW2 +b7Jy628ObLeU3a+0lm+nIkjH25FDvtfxD9+2qQHEpRaRclskwIGTmA/Tg/YrrS2Z +am9RD+6E/tsgIIlQE09NEA== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-51.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-51.pem new file mode 100644 index 000000000..97629f711 --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-51.pem @@ -0,0 +1,30 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-51 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEvDCCA6SgAwIBAgICASUwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0NjQ5WhcN +MjIxMTIzMTM0NjQ5WjBdMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEYMBYGA1UEAwwPRE9E +IEVNQUlMIENBLTUxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnw7P +Taj5UGSMi8whxGpPsoChGMjVQRk1Fzp9J/mPjx/oXc2MwMahK3xpE3YB86q/SeH1 +Cv5hc9Pa99HtSF/RaHAo3frFoPnRNoPDLj6ihPGmEWwMKywUgOCnTQcGSlNqR0es +tYrMTxti9bKE3uc0hgWibZYlukiGYg0UygYPS4+afMtzaBljiUWeQFrmCaEgeG3B +UvX/zgNdSqtG9KX1LjqtNZB91hIDrRUNohX5xSLxPMpojC5d391u/0GfAEXeKyAy +bPN8BdVjqJ7FlyueVKUgIAB/t/k6NO3lKEiC+QsrhrwaFI3Yme9JfRsZU8/Yhv0L +wKeJhoz3552oT0e4PwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHId +gXoWqvLczmbuRcAwHQYDVR0OBBYEFDXvECJsuhIPvcJNGeTOfY8FV1w0MA4GA1Ud +DwEB/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycw +CwYJYIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFl +AwIBAxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQF +MAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwv +RE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRw +Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsG +AQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEA +Y2UKHMi98mslNJ9qUBT8ZNGKim+nYkfLfBgdP136smJYYDcwUOXwHt3b1aOy4sXI +0BkNNS6tO5fdvZ7W4/zYFouIVnImaa8hjDiJNoAi5dYKDxkB8iOWYlAP8TZwpKNy +sbGh4EQHWWQ8wDuFcdA5/9ElnxpQ/JJzSgUOHhtGm8vrEQmmJKW0FvbGXhGydHx2 +I5GtDvGHqlpF8GFIAA5HNAaw1s5De2StEYCTS/y95naqZafCxYG62cGbHir8dp0U +KQOUQt88tTh0TAqzcLKz1OJIoIkbfpzV6XiXuL0VSob+W0peZeqTVq+w7nWP1cNr +44ligwwVjeF04L3sZKA54w== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-52.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-52.pem new file mode 100644 index 000000000..dbe07dfcf --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-52.pem @@ -0,0 +1,30 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-52 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEvDCCA6SgAwIBAgICASYwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0NzI4WhcN +MjIxMTIzMTM0NzI4WjBdMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEYMBYGA1UEAwwPRE9E +IEVNQUlMIENBLTUyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw4pb +qFZ5LPm9gcWT24lCj8yLQHYdzntTWgMqPVyveG88rA+bXiAWO6zWUsjPlYQHfxiN +qTZemKgK8OUkVQA4oiQ59EzcNiRsZp1hy7nvDpFcW/0WJzHY5M84ThI57zRH20Ac +iNw1DB7XmR5yJFKTFusipWgsqwWRTtpJlLGJXhTHyG6aNxP6HEXbTLAM4x/0LM9Z +Q2yYihUufgtJYGeLapNb1pPLsPVchhJOQjLFyp3Kx9W1xfjUFftE9FQAwCBJHyC7 +tFMk6DlITy4s7ptst1nNbPYdzGmiix/P7+I702Yn8H3YbmhFD3d+fkhCXqsjio0y +0wWFDaa6vmm3RqF1GQIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHId +gXoWqvLczmbuRcAwHQYDVR0OBBYEFOlmDFyb4lpKsgM2NP18yab4qwc5MA4GA1Ud +DwEB/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycw +CwYJYIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFl +AwIBAxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQF +MAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwv +RE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRw +Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsG +AQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEA +dYEfuTkBoJLwzyIZ/lrxB3ECCes2zWMLe1RsRrQ3QUhkeLcqxxwG1z+UbbmWkrSS +JS0Q1XeLRiT7P1x+ycs1Gvoy5V4CFOryb5eNaDpOclJdXOiRjOGvS0wSeSLGnT/d +lRPrQZcoEm+DFvtSMasu/zR8DnaepKpWLvyFXwvoimvsQVvz4tOS2o4u400KLPBo +MQbTwpDmk39wxf4Aq4m8hznf2BhAy20YH6jY08gXg0pNDVh4CZIxyF2gmE0TDXPv +sx77lxYKW3Bx0ZxHIcfBKifjSiTrGlLeEP9LfEQdpCjJqhG/3BFy6flzwJDEHqHH +swhN9DCJn+3xTeq25PUXPg== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-59.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-59.pem new file mode 100644 index 000000000..6e7a3bed9 --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-59.pem @@ -0,0 +1,30 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-59 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEvDCCA6SgAwIBAgICAwQwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTkwNDAyMTMzNzI1WhcN +MjUwNDAyMTMzNzI1WjBdMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEYMBYGA1UEAxMPRE9E +IEVNQUlMIENBLTU5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwI2I +/xPsPkPeK6/VctAEs89py3igMCuNCUdlcOP/LouzD4fYcNkIMhxs9BHKHU6T5QRN +u9BEzvg6WQQ64BiQn+k6Q58WElvl0OrVH5oh13mudjXf6gNCIMgDLWmrXbG5TiwG +hxdXQKTBNKrayxykzJ4I0nzjrj2tf1jY0uamTWCPWzGceHvtpckqJ8TcqZT36tZ7 +BYOD/kqBqKkLLxL1ZJVFCK9OZGACsmqByKcPiIn3cTom0cuDwwMxMqjOsSWu9GjQ +RKqYMorElGwULIiBcg3+fb3oBjV8iyR2CWNhCDMEWVfD1y5nd9LpOsg+IUdZe2Y4 +W6xov3oLh/BDN6mPLwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHId +gXoWqvLczmbuRcAwHQYDVR0OBBYEFHcUQaZdlSbQHf+VO2KM6re1XTuSMA4GA1Ud +DwEB/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycw +CwYJYIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFl +AwIBAxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQF +MAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwv +RE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRw +Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsG +AQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEA +TcvN12U8mLuGAdHNyUjTgFzmJWMnM8UKXrvNMlhWMv5IIz4BJEm/B9rXj25FSt1j +gNlLhH0RXZVZeh2UUWcGelgNDuG0YYSkGJCAqcOjSkgSu6w9vjgN50YqlDp984ul +auf6ZNtCpeilrDd5KQKtOXKnJ4gHhQzL2M7mDonHX/n8cYKkm3bGdJgYlyfukGQi +nnsG7K7Z+Fy3VBw7GzfyneMOzYL3ccqLlycthwdRluCC1xwAYqVJ+1u1Ob114fYs +vN4t0IFNN5B8JS7ZhFeXwrPVRPGBttxoTZ4m4q/NwaJlyvIjhT7gaVu26MrQN9t2 +vY21E6kLlBE/cTfmLh6e9A== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-62.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-62.pem new file mode 100644 index 000000000..ae80b82fd --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-62.pem @@ -0,0 +1,30 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-62 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEvDCCA6SgAwIBAgICBV0wDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMjEwNjA4MTM1MTM4WhcN +MjcwNjA5MTM1MTM4WjBdMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEYMBYGA1UEAxMPRE9E +IEVNQUlMIENBLTYyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtelD +jabqJkL0EnJlJ1CTLkrQoDs1TiB164u5Wi5fj300mgkDxFF9hXxwRcoCHfAS/Br3 +oHAm7sTowUidd5PugwFo9moZYhsl8k25s2oYmyKOkDVq+8hfNjUvatTs1HqF7W8A +Aar1qOVeTM5lJKJg+/3svf9fb3ZUl2LjJF+McRT0c7wd2WlsCVoTUu7kbCNS9B9+ +VlDXRrR7WAK3fLCXNcI2RVoDfFFjtdekqV+otL+IMPxCQwORnOklx2GBnM3wldq5 +U8hNw+ebpp20aRv71gK4fZ4AqKPZJ/HLZmB/tzxXubUvrmpswyjy/T3wJXVK0I1N +/ytrQE2DNYrBeNV2zQIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHId +gXoWqvLczmbuRcAwHQYDVR0OBBYEFM3F5uPkJReXcLqqk+K5vkGjkivnMA4GA1Ud +DwEB/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycw +CwYJYIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFl +AwIBAxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQF +MAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwv +RE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRw +Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsG +AQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEA +SF8g2dpY+b+ozXWCtP7fjnL+Tcukwj4Wbc+SrNL2I7DUUayNqwuOLj4a4I7sDL9F +lrFul69WuV8PiFBbKTV913PpkFFP1NhXDdBkcBFrXnt0UMAU9yvaUCyTcr7ikUEH +wVEeE70FQy7Dx23aZf9XSOzcMuSmIo2N8P2OdU3VdKLhOabdR2JlvEMqXEihTn81 +ABzGae0tDXVsmnykPUIClsLjHNjUBSqF76TuZv5foLJAKOo1xeDrjRajawjBsN0M +nZPRC6X+eodQgzNuTpcscspsVuBnOsInkBZd4RXm9PuPjSH77hB8an7bPrWaufE+ +e45aFpkQzFArjrFNz/R/4Q== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-63.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-63.pem new file mode 100644 index 000000000..0204f1d18 --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-63.pem @@ -0,0 +1,30 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-63 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEvDCCA6SgAwIBAgICBUgwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMjEwNjAxMTQwMjIxWhcN +MjcwNjAyMTQwMjIxWjBdMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEYMBYGA1UEAxMPRE9E +IEVNQUlMIENBLTYzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7GFm +nf9Dhw3p6lGHhZTUTr9rNWyihovYscqV6qFF6floDLD70Wizru84tvMGosp1PkWt +KU/ObjvqQjhjdvppaDHYxmUxCHIt0lGhnmkfzTbtjLANTG+Lm7PArrW6osRGsMV7 +jRhgLStj+52QgCkQNAqbqTB4o3OQSQd6Akn9YrWpbuVFl/ZY0B/4By/Xg0qvd90d +EgwKw9FPe1O/KRyjea0zow6mDqeS7ZdwSgbAHfbQNahk6QzYRAY/J0pUQ4TDAgFe +8tCHL3h4JdwAdBP5zL2sfE9FoZV4xbjk6eP/S7riQw5aXJmsZHLqFX/wSUVCaPTk +iGan8Dpo5b28VE0GjwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHId +gXoWqvLczmbuRcAwHQYDVR0OBBYEFE0xrVHWTld+Z2kzJQN+ximl3brzMA4GA1Ud +DwEB/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycw +CwYJYIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFl +AwIBAxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQF +MAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwv +RE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRw +Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsG +AQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEA +QS+92B7pNsK55GuIAZV+h42MR0dTfiidbgldvXxPtLUBh2Ab0EqRbboXw4s/mxDG +85vN9Qke4/v30MtHa9i9IwyzFDq5GfCC7ygi2RKOGShmVxE5gBrzF8Ok0O4BS8i5 +8+Q7wJywx5pC7TgrtziP0zMKw7QVYHYqeRsu0lTLIEu76HAWRdZwVPcz3Kph0bRH +zFrJ2ZIDfVzn1EG8qosPWN2vzBE633eBfm9VWobMR4Uxs7ZiFzJFRDy/ai5DGJ1j +fxVglI8q1YD4UU0/yaeMVgaGwoCx9sb+q5XCXEn9MV2dbmVf4D+jVm12xYYd146M +G6vK43wgw7eLa6LNYNCF1g== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-64.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-64.pem new file mode 100644 index 000000000..905054b1e --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-64.pem @@ -0,0 +1,30 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-64 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEvDCCA6SgAwIBAgICBUkwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMjEwNjAxMTQwNTE5WhcN +MjcwNjAyMTQwNTE5WjBdMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEYMBYGA1UEAxMPRE9E +IEVNQUlMIENBLTY0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz084 +CMrLDnhLu2b3yBkRp4B03zV4O7pAVqDz8Q4zOWehm6kJs60Q2dXXzuXk0Jx70aFd +k4I8k84SSfCzvMhSz3SvrTK14yjCFVhlVgyQcST5WvnXwMMH4npGg/ZG8eNYxdYD ++JLLNeZPlZEdGwMHq9Ue6LuNVQP3d2FMRJahUZ0eP786zBeI8bebSG/7WBZSz/RI +2fwLg9Rv9aKjmy/j5ZZ3pi7GcezdVgcClNqhrFg96t46GXM6R7i8rgFEECXj9NiW +JllqveM0nV8Ty5q8yP5M52Y0Eyo9Xy7EPa5fA4v7TbM6dYCny4SYUTG+8qDx39vR +7RF5IoRrXniIyWWsuQIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHId +gXoWqvLczmbuRcAwHQYDVR0OBBYEFIuQfSHrvBoVe8KwTn5zUcgOtty2MA4GA1Ud +DwEB/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycw +CwYJYIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFl +AwIBAxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQF +MAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwv +RE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRw +Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsG +AQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEA +ixpW3FOdC8mBhMVhIVrMeIDgMzDHtI/0TVsfFUwASajibCl51loMCvy9MN0zlWKF +/ae4yzmnzk+TT+KCksF2iClCmuk5Ikz1OUOJvtP4osZEo8gHsvM9IOYc+pGqCCwj +AN1AKunjJzC48fe1I03Y6B2ts497pia3Tn/Dkkg0MKICdJuT9+oFSrqHu1tnuoti +VBMY6Lk4tLqfRhWIUDmhkEa0GLjvmx3m6kytA+SNmI0kUHFW1FeZvNBgnjrEY2SM +HlW1pTJsObYjfiicDIPuqJu633MKEaQgQRukOLEfV0CSEt7PLaVcD/JLjuHGttwd +0019mApk8G9z4Le8G22i4w== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-65.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-65.pem new file mode 100644 index 000000000..b73707044 --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-65.pem @@ -0,0 +1,30 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-65 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEvDCCA6SgAwIBAgICBV4wDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMjEwNjA4MTM1NTI2WhcN +MjcwNjA5MTM1NTI2WjBdMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEYMBYGA1UEAxMPRE9E +IEVNQUlMIENBLTY1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmfoi +70QEnrxvxQL4sWn9qcloOqVve/7q7mebsN6uUJpdUPabQrN+N144LME2pQzelq5n +6QuX5Sl10DfFoyXEPTaz8/2bQqzlVzMfWDRDgi6IJl7R327HZi1xXLxieDy5jJLw +SL9UBtljD4MBUNFmk7Ug3VV7U30sFFBDLMaix5KTwdl/5BsUXhtlZjlhw5HKFXE0 +SDtVkCLkYMzdGpQd9sGNxTf7c3j0xd7GhBPdlBGG5JHsR9DWr3dfm3+KPzD9+GK0 +KViESzWLiGGhT/1EXePNzjs2S0cpNJwGAWjU4pQpDKnj4ehNs4GSXz4MUaefn7cC +UJvxQc0erx3dI7tNtwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHId +gXoWqvLczmbuRcAwHQYDVR0OBBYEFJi2NAob7QSaUwqKBXP6QmfNEGa2MA4GA1Ud +DwEB/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycw +CwYJYIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFl +AwIBAxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQF +MAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwv +RE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRw +Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsG +AQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEA +Fg38R0SkiBIPthRzFDUWLbkUI0fpQ4S60LiM5fNAkApMw8rXzDHkErQGbz4EjnZY +DIpqINdGlkjheLK9gIEsXXKfQ4LjpagBJd8xNPF1LZq0SW49YY5mD/Zol8DOmRVe +wJh+ns9FThJZ+QAGqaFL26vf+xCNz+rdMZ9zXVvSGnh63bM82Sl5GnQ1Z4TNBRCM +VhlDnPZ7+nygeq98BXVTDI4F7PaUdaZSk0ZCbztBcj+4Sq86jx0EOFA1BPyTRGru +1Qu0IIeCr4AP7Of2SOaqRQPBV2k//HWVZ/R1BKjgfLzWwueVLTZRkNhmYere4Mt7 +7Jlk9Ls1gI1VGp3JiQdfFg== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-49.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-49.pem new file mode 100644 index 000000000..d0002c3bc --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-49.pem @@ -0,0 +1,30 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-49 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEuTCCA6GgAwIBAgICAScwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0ODE1WhcN +MjIxMTIzMTM0ODE1WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E +IElEIENBLTQ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2EngKIwP +Cl9+dsIByO2uONNLKhpnFypBAE+LM8+kekt4/HG6StaU/fmqFTRiVI0Uh+td9BWe +8NXOYrhQRo6FVSxBkLtWZX8Px2IHxiqQ1lnrZK9UlCo8h3MPpiN8VEjH2bP/WSa0 +oZEWzEDKLB5tSKerddc+QL2uEHb+Gfym6i+5qPOLXjV00FY24FdNOyHaRjQTM/Lf +sjWoFItHTKp5B9QogdKnyg+WkAARYtbd1nqtDXv6Fph5HaT39SEnRhc+lkrRDpDY +c+HAU6Xywik+stgv2yFk1MhFpF5/rndEwMLIST0+lSpahJKGmYtg1VKcnDcq5CER +C31gl6Yr7ffjAwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW +qvLczmbuRcAwHQYDVR0OBBYEFNhnk8pG3MmVppSzBBicziU6lhxNMA4GA1UdDwEB +/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ +YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB +AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA +AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E +Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v +Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF +BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEATmfP +QPkolF5PB0fS/9DrngX0tmdSwlidBtrkY6vL/V7IMKqJk7r+hHW6k9+nxijHFj6Y +J1+4ElpH/PwWPsqwVIshQxECvJKfo3OfN3a8Mn6Hog5kXJl5dMb0vJOpWQ9UhmG2 +m9UUZ9847wSlbW0vMHL0puuTso0365vilPO5JkapEXcFXdc3LDxXW8BR5NHyaN3V +mvfD/qAqe4BiBx2+WAxsolTJQ5IMjG5tIN7WE6VJdUAm6EIgbuFfvG1KiWQJLHkL +XdTvwdUTqX9JQYswfvoCwvHRh+I2mZX+/iH5HKLcaxqW8b9JnHCtfMSBZqLdI3nG +IBw48tRul8lbrg0mJw== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-50.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-50.pem new file mode 100644 index 000000000..3ec32dfea --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-50.pem @@ -0,0 +1,30 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-50 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEuTCCA6GgAwIBAgICASgwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0ODQ3WhcN +MjIxMTIzMTM0ODQ3WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E +IElEIENBLTUwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy1ncM1bN +JJHiu1Bh5jQ8r+Y1L2pvw+6YDLGE71z5gquBqisOC6XLKffKdBSF2U55vvp0m5J8 +WdF5DSfyfdAJ7S1HlzFYVW+0KjGLELKV5tWZh/aXu8V85ZaaYkvJeeEU5cIYWLKK +RAr1iygwnslhy1Kb7xhYV7gLYc29Wm1EgZiJ2Xm9M11FIauo40EXmQFniz4FLE/S +4JB1lbYiP1jGa4zJrdnec1k65tZk/K4hdi2diS+9mEUz3PWrzNqjrHKxFocnh9qS +NGqJfyfXxXgKTrZw2UG83IxHKvIpMPodX4SYUwRm5HRbrG6c1Fx12NC2go16w3dD +ilH+aUduTNpmFQIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW +qvLczmbuRcAwHQYDVR0OBBYEFDYuUt50qp7sux+T0b62ULXGaQv5MA4GA1UdDwEB +/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ +YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB +AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA +AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E +Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v +Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF +BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEAbAli +o7+gWX5YytmPMD9ic+aX2s0NaSdSauFYmb6khtN0CCocIqTI/TyfRJTjhI6wRNoa +ckcjVa5H3EOp4vOrtLN4TxbhNqdE+IHafWE4/btDstI5PrA2hlFZb1zvM5EQC8u0 +BZQ/DqyShOjypvxldvol6UGjys7wecPxt3cBJC7uroY+nqfxHnOIxRFoJGdC7pSm +f90/uDcX87oCbK/FrzJBO+/V2lGHiByC7ahcP59a4Xd69lHSMtRWquclAyBEy1Mx +p7Bx/v5kCpv14JE6SBlYEwhFrTt4aT49FQEQ9aJFKRv7j20sS/6wxPzGx24HE0Gb +XwusK9jo5skGLLUC3g== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-51.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-51.pem new file mode 100644 index 000000000..a0b406554 --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-51.pem @@ -0,0 +1,30 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-51 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEuTCCA6GgAwIBAgICASkwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0OTI3WhcN +MjIxMTIzMTM0OTI3WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E +IElEIENBLTUxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjjtDs/iL +TIf25t9SGGMP49gCFIYXcEtvTtc/vh+Cghf7qVwiNvUYCaGMq5q7F/pgL5xsw6Bn +iCMau2bZtLfl5xnMk2VMl2GRwUayHQ/0lyteeKid6fa8sfnlyNLh8lvPuHqQFJZX +5vpfAC24NDQCrr8YIkkNRyxJihCpj8HHYuzTplDRIpMljahhAWCsQkUqlq/5Lite +XHYA/+EnT2hspkitSU+FUIWo0FKK95oo+i2uXX8x3cXWEUCXoR23Slk5NrGTwAsf +TUd16xWA1acvksunx8eK3uOVCV02Q0sldVN19NaGm8lpoBfbtiNz3lo/j1VT558q +35LmOYWI6KzSTwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW +qvLczmbuRcAwHQYDVR0OBBYEFJ2kwVzT+WZxSaiEIwO24a8pdy2uMA4GA1UdDwEB +/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ +YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB +AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA +AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E +Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v +Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF +BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEAigQ4 +aOduTUCpDvC0ue0B0GV49B0aek8HXWKc10bPb1iUCQL2DT4aIf0u+yQqrzVpTw/x +5mVPRn2Zi2iEV5A8PsN4dReF3lblQSrSVvKFw7cq66Z8ab2ijXjpAMTJCUIOir8w +KoOV03cnVcaW0VDTH+gOslXnm95kPqdfbxJMh06Q00XfvWfRjfnB9D8ZDXbytM5X +mkZRyuUvWY+DKyJUy1HAuardaFpgA5WowjeQm9sAvx72LzaS7zmv+hxOliGXYOn7 +gbJATcT+zt1Ffwa9M19FjoQDSzWihW8P5cFRt6xVEwZHeD8VG++jcQfAujwX0v7U +hFKu8gxm3wlNXOalzA== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-52.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-52.pem new file mode 100644 index 000000000..caff9d9ef --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-52.pem @@ -0,0 +1,30 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-52 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEuTCCA6GgAwIBAgICASowDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0OTU3WhcN +MjIxMTIzMTM0OTU3WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E +IElEIENBLTUyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAltzcMp2O +02t+fwd7rTlugoKqYF8eo/3M+JVdppPAHTiJVaVt0JSeM4xyZsKNoPBoFW/yshnx +lRv/LyNx0VBbn+4mJ7Ea1U4FBPxCSZ68VYqKdV64UMhndawVBJM3Oy8Y3ZxPldTD +f9ApCg4dZXSEiSnShO8YuphrNbYAd6YrdUn1IhDAhw90VTU3GMLru4vx60vFHscW +eZHpHfET8AsClbAyqu65bsa1+o0XvGLQy2GTMzEVaR1NhYVWKRSwgqW57gbE8pV+ +63WYNwi8XIr/2TaJ5GvgBVCbgJWAwsSfFTz21ZqOou0d5xYu79iIIue5DEoRW1bm +qserHNG7gsMvHwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW +qvLczmbuRcAwHQYDVR0OBBYEFJroUayRVNeUmgRI+iJ5/8bV7oYrMA4GA1UdDwEB +/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ +YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB +AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA +AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E +Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v +Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF +BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEAkxvd +sbOh2zGZCsj3nu9fHEMClJVtK4kJzPJZPi44gdSn+U8X5lbtT0kxsRrqCAZntlgQ +mp+DxnQClr35fjao3wF79nQaIOP2789a9VWZgyJfPrV2KLsxAH4/oOd2ZYdUtHfC +lbfZwbpxFulBqPWxysKQOx3XC/3LszCR0YFqbV/c5hBRB1A4sWBlF8KRGQyKdAyc +K7PrLcSMnLq04ugd5MfYWuJjJx/USNNWlil/LzqyCFzxPp4nGBB8y8s2LcZyvofh +HIBN9qxl3+EXcJyeyqyNiVZcgJi+DLSmBCckb2J6lN9tbGWV02WK+8OiAiZ31CfJ +/sezZ58EZayGYS031Q== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-59.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-59.pem new file mode 100644 index 000000000..a13d7e2cb --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-59.pem @@ -0,0 +1,30 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-59 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEuTCCA6GgAwIBAgICAwUwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTkwNDAyMTMzODMyWhcN +MjUwNDAyMTMzODMyWjBaMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEVMBMGA1UEAxMMRE9E +IElEIENBLTU5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzBeEny3B +CletEU01Vz8kRy8cD2OWvbtwMTyunFaShu+kIk6g5VRsnvbhK3Ho61MBmlGJc1pL +SONGBhpbpyr2l2eONAzmi8c8917V7BpnJZvYj66qGRmY4FXX6UZQ6GdALKKedJKr +MQfU8LmcBJ/LGcJ0F4635QocGs9UoFS5hLgVyflDTC/6x8EPbi/JXk6N6iod5JIA +xNp6qW/5ZBvhiuMo19oYX5LuUy9B6W7cA0cRygvYcwKKYK+cIdBoxAj34yw2HJI8 +RQt490QPGClZhz0WYFuNSnUJgTHsdh2VNEn2AEe2zYhPFNlCu3gSmOSp5vxpZWbM +IQ8cTv4pRWG47wIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW +qvLczmbuRcAwHQYDVR0OBBYEFHUJphUTroc8+nOUAPLw9Xm5snIUMA4GA1UdDwEB +/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ +YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB +AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA +AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E +Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v +Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF +BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEAOQUb +0g6nPvWoc1cJ5gkhxSyGA3bQKu8HnKbg+vvMpMFEwo2p30RdYHGvA/3GGtrlhxBq +AcOqeYF5TcXZ4+Fa9CbKE/AgloCuTjEYt2/0iaSvdw7y9Vqk7jyT9H1lFIAQHHN3 +TEwN1nr7HEWVkkg41GXFxU01UHfR7vgqTTz+3zZL2iCqADVDspna0W5pF6yMla6g +n4u0TmWu2SeqBpctvdcfSFXkzQBZGT1aD/W2Fv00KwoQgB2l2eiVk56mEjN/MeI5 +Kp4n57mpREsHutP4XnLQ01ZN2qgn+844JRrzPQ0pazPYiSl4PeI2FUItErA6Ob/D +PF0ba2y3k4dFkUTApw== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-62.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-62.pem new file mode 100644 index 000000000..2812e8ccf --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-62.pem @@ -0,0 +1,30 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-62 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEuTCCA6GgAwIBAgICBUowDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMjEwNjAxMTQwNzMxWhcN +MjcwNjAyMTQwNzMxWjBaMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEVMBMGA1UEAxMMRE9E +IElEIENBLTYyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwNbqJeQ ++d89t/E7vLSYF7ivkWMG6g8d0y7EbV7yd8r8suoNsfF/aKeApZbwumJ+ja4pbggt +OqLolW/GyyJdAzhtEBOIBXMK4CEAcTTrAX40xKiKCFoY5X/ss0jiOwVDptHmvQeC +UlG0oAR5/tgkGOpRdjBdYxEWkXIkQxE1mPpQZ56Vmbtr9onsnKjTr1ufmJaaquPr +M3eXnwU8KOJmdpgO1sSLsIxy8JFedyrqO1TuZw6riMMOuK6P1XW6IpMGiu8+k0tf +Gk/tL4yI3p17Ney+oZIvmuJu43V+NnRLRcwtsQRsRfj20fjH0o2uouWkUV1FuJoD +OhceArDpkr1xlQIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW +qvLczmbuRcAwHQYDVR0OBBYEFG57IARNEcmB6RY1kNTLwltC1gdYMA4GA1UdDwEB +/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ +YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB +AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA +AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E +Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v +Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF +BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEAA3It +1175xvpIzhP2duSRdNq3TfxaEGoc5vnzGnCtURC5rIfnY5V9F+W50u0yePUPbiNa +S3ZljgnSoCCM6f6DGNSlG1mLjnnYdg3ojFKWR9m2S55V53/v0Z7JIPRmDTZ2dVw/ +EiGg1VDRj9/ucI5fJF1jQZxdYGUDIi8AYkQ1LejD20avqkH/gUag6j/3mUXZF4rd +ikORTbPtqDRVo+bNf4dGYjuihmru4GE0lMPK9keGf/ZfeZ0g00/iqyWVZwbdep4G +s4VWiWbcJCB744R93TsBRQ6Cmes/dh1RFtEkcOMC6t+NJV9aSIF20CZv2NlNcD4T +L7MvBU75kWmaG+2/kA== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-63.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-63.pem new file mode 100644 index 000000000..de2a0843f --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-63.pem @@ -0,0 +1,30 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-63 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEuTCCA6GgAwIBAgICBQ8wDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMjEwNDA2MTM1NTU0WhcN +MjcwNDA3MTM1NTU0WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEVMBMGA1UEAxMMRE9E +IElEIENBLTYzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxRJd1oB+ +otf7tUrvO5XB15Qe3TrMte630pcpz4IBEgCv64xJX2r465Jk+qKGqtW5lefR20jl +azfMDO1dgOQ+ba4TEQn/VAutj8lO/7ag3GhZ7Z2NdTAB7OckX0LnfFktlndct5mi +zji8CIB/gGFwoeykFF7NXbniXudxhNzPXvPBhBY38yXTzzNHxDZOBDXhyogYx69v +dIaDLvXCwWTHsw5wBJaiTMGdKcFsCUUL4kOY0hv60VYkcduOF9+e7WmrsJLWMM5I +ZS5MvLQUpzvl/XDnJek7aIaIU3ltZoty/8Lr6SBNr7havx6zLxxEwZ/EUfU38gKu +QxOoo50o2sRcnQIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW +qvLczmbuRcAwHQYDVR0OBBYEFBfmS8gaS8mnpnC0TE1eyPY21DCYMA4GA1UdDwEB +/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ +YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB +AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA +AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E +Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v +Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF +BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEABhvV +L1UcOJApwxlu50RO3dD7Tp/8VMfrAwYSt7ucLBSpddHxuwUsJkEakJ7W8HoiRQPX +SGW0jrZAxdXH331DLhyRPtn/2zhVkLiPU6+wUvmen0t3otT61Ea5oJuU8REupc51 +6rS+DNyCJL5WDGmjMQSyxhMctretmi2cb9xCGvtoD6lUgqHdDQNkPKG6EYJKPwNN +YG3zCHENRRKgZd82xoVCB9h3NhZ3M1uS+YXOtcOtkwfBKKHMQ8W14NJUvDL3xjyL ++5K1Yi6Jtf5G3pAvxZQgf/vfR3D6zxtO4Qy/q8qYW2eyyJnRa9vm1kfjUd2R0NmT +6NaUjDpi3EZ0riF7FQ== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-64.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-64.pem new file mode 100644 index 000000000..185c5c123 --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-64.pem @@ -0,0 +1,30 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-64 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEuTCCA6GgAwIBAgICBUswDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMjEwNjAxMTQwOTM3WhcN +MjcwNjAyMTQwOTM3WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEVMBMGA1UEAxMMRE9E +IElEIENBLTY0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjsvhd1Q/ +aKpj5/vTYmydA08Od1W2AOjjDsK0iot8jWIt693OEq9x8bSQ1K6eStv4Y3f1jj9c +SMvnP050SWqlF2Xmw8jifyk626E54rs67jhbuY5gc2+1BoComnq8IvN/tVbbPQkF +mR/tlvcyV6SJp+PUFTy/vKwBVkyV42BTa9Dgq0z7XHq+Z7bjf2ZYDi1v+BxFW3Ni +lv3CVmaQExf7S8JX9+5twtUtg4e9fl3wU98yW1SWu7A6KdqxDnMGqYxfX6FNWDbK +8y/4evrhAoV1lRCuTMvP7OdGbAjhUDHXNen3FoCxxu3pB4v32HjlMAi3Q2Rd3pCj +ENEIzp17/k3yIwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW +qvLczmbuRcAwHQYDVR0OBBYEFFe8wF7bias73Uepch6uy0IZax56MA4GA1UdDwEB +/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ +YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB +AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA +AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E +Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v +Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF +BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEAXr0y +V7GzeW4yhuPP193deLxBfBDdG7yNWjI5tSGnvx/mvaJqj7oqiAftY/EbyTepYzbo +6/Q09s+Ael+wftRZXbbZwzRuYigpQZy50eDi+6s/tc/ItUJ37oQszUPTcsFt3qjt +lH8FFTtLyPwxtalkwL5w7ACTv+1vD5avoXmJwHhFDGL8fKIQxCgfgU0AoL6XtLGT +XdAQ5Xd9viVDaWsva1HX/RS7uZ5+n34OFM5SZBuMAtIcWYRouML4FpCsXMYcAYB9 +nh5gG9qMkIX0b/oTkF5loV2Pq7p09Pj48Ebbv8B32vqnaUOQLjRANb/sIQLHXoXH +qwTizQlR8MkIO8+F+Q== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-65.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-65.pem new file mode 100644 index 000000000..dfe6ba212 --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-65.pem @@ -0,0 +1,30 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-65 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEuTCCA6GgAwIBAgICBUwwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMjEwNjAxMTQxMTIzWhcN +MjcwNjAyMTQxMTIzWjBaMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEVMBMGA1UEAxMMRE9E +IElEIENBLTY1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnkK9OCQ+ +D0b/7SLsEs0LCElhKIzGtiZDBw9VLqCaxTHlxaYEPV/B/X9NGoP5PE4ToBOSramL +CMPbwjadhNk8O0gEInZCuEzV17vvx6O4xg+FJ9OO76LU1KeXJnnvX1YnCKz3uxrn +3sw1jQugEEd1yPwKoHMjJ2Sr7Vgrm1e983EgiRint9lble7x/MDLvEZDELeeqhPZ +vRiz1qwVG+/p2ks980qFLFLl1INOUSPnSLIbafg7cWE9yTC5i99s4pJnP2ThyBv6 +JsgFzbbj9FEYGyh75GjIMEv8ulcQ3ATOSBREUPzrd6sQmideeqvxXrDYxo8Qel6b +rZiti+5vEr3OzQIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW +qvLczmbuRcAwHQYDVR0OBBYEFGLgSDhWbW9rJb67w4hYsaycQ8lbMA4GA1UdDwEB +/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ +YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB +AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA +AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E +Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v +Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF +BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEAF8Uj +33K0ZM9adtfd8IM2ebqwgbgRxi22Pb6bKkKOkGV2NU4wMckpuRpUrQGJmy6CIXZ8 +4QWz9DZSNAU0nyHXB6PLbSV0jnzKygWO7IOv83M6dcnCG8QUP1o20V0NGhzNBEtK +jxWENZCYHEruxm+2rB+MBngPhkBgdni2npetHX2e1cmsgMS6G1PUh2idhZ8Mpdof +nr+V0GuKLpwiNz3hLnKehl2Bs6aHG2IIOm/PdzvsKCP2eiGzS3SiiCf6fukYoYBN +edL8fHfFNyM4UPNgc4eG+bu0GJK4wKPVjiX7xYDdGaYZ2m4Y++zrKuMq+Oar6DQG +q3SERMAZCDYsEt3z2g== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID SW CA-45.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID SW CA-45.pem new file mode 100644 index 000000000..7e190a006 --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID SW CA-45.pem @@ -0,0 +1,30 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID SW CA-45 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIErjCCA5agAwIBAgIBYzANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEY +MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsT +A1BLSTEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgMzAeFw0xNjAzMDgxMzI4NTZaFw0y +MjAzMDkxMzI4NTZaMF0xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVy +bm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRgwFgYDVQQDEw9ET0Qg +SUQgU1cgQ0EtNDUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVVtcp +RJMdLbl4C4dfjcBCfAqUMLRbXiKiDRnAMXn3c5IrYEND7uJKJTCrQklQ8YC570Za +YXxhSaKiFbcR0MA7oHEF8HWglB53GSmFowqtAiERS/AWbMJoXlh/MBJweeSVUzat +CPO8V3q56Y/5OFglW5YV3tA3Kgv+BvlqjYCzWNeBwfyeglkB8EWi58llAiyjsGPd +QpN71LOyqHK16SCv22E6mIyrxfFgeaWIxIBeXzgVxDzZ2djbsqYyrJlAdUCbGzh/ +O9N0MhEC0mMRcgo7uER0olnWri1oOWtJl2Ok8ZvMqGQbdkxkkmxCthUWyxFoVq7P +xU7IYmBiBn27SyF7AgMBAAGjggF5MIIBdTAfBgNVHSMEGDAWgBRsipSid7GAch2B +ehaq8tzOZu5FwDAdBgNVHQ4EFgQUy/0Vpppg8S5OW5UcjD8djcKjIhswDgYDVR0P +AQH/BAQDAgGGMFoGA1UdIARTMFEwCwYJYIZIAWUCAQskMAsGCWCGSAFlAgELJzAL +BglghkgBZQIBCyowDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMRMAwGCmCGSAFl +AwIBAycwEgYDVR0TAQH/BAgwBgEB/wIBADAMBgNVHSQEBTADgAEAMDcGA1UdHwQw +MC4wLKAqoCiGJmh0dHA6Ly9jcmwuZGlzYS5taWwvY3JsL0RPRFJPT1RDQTMuY3Js +MGwGCCsGAQUFBwEBBGAwXjA6BggrBgEFBQcwAoYuaHR0cDovL2NybC5kaXNhLm1p +bC9pc3N1ZWR0by9ET0RST09UQ0EzX0lULnA3YzAgBggrBgEFBQcwAYYUaHR0cDov +L29jc3AuZGlzYS5taWwwDQYJKoZIhvcNAQELBQADggEBADPubZ/kZNDB/hkuGuuK +OmiGZJC2C1dBGkuM0SXewWzGHEPKapa4rNDrgDSTQMOLeMUCmr4XbHbMo1mqIDBc +SioVFiq+CooCskj3D+gj1Y+dbfi+IW8/IlbHVDxlApDlJ11v3nvNJNHp7gA0hFVD +Da2Upj9wVsYr0ReXvHRz0Zb6a1/7R6to41c8wwg3hWCGCXsPvnILaQK5JmxNVX1i +HT95UKDxnysb+vw+GxxJgaIH87HkgxZtOc7WUnP+GFALfKQyLsR8J3vkIkI2DJfP +FjtBblgXWn9lCI5lYgeH3VbKjVvowcUWuw2F8PJaaNHpVpWwv+XfzLmUCdLGjZrB +zBQ= +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID SW CA-46.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID SW CA-46.pem new file mode 100644 index 000000000..62901c5d3 --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID SW CA-46.pem @@ -0,0 +1,30 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID SW CA-46 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIErjCCA5agAwIBAgIBZDANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEY +MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsT +A1BLSTEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgMzAeFw0xNjAzMDgxNDIyMjdaFw0y +MjAzMDkxNDIyMjdaMF0xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVy +bm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRgwFgYDVQQDEw9ET0Qg +SUQgU1cgQ0EtNDYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB8t7O +izHtqCLUKXdNcAOYlJDNyNoqW22ZB75KiU3GJna5ww499SOnBaEU4OvRSMI3FcKS +lZRvJJIbNpcUbn6X/4cEH6g64lCGSXcm8nl/rU1W0onf7l/fk8tcaVRG0hP9iTbe +7fjlJ7hEWwKEXSk7Xkr/3e09bvKIHVtiCsV6cOlNsK6H7JbEhRw4yPOkqdXtrpQX +mNh9Y6OGya91I1vzYO+zcexr2+MOoHFJyADBVF/+LrMWdRqVI0Fl8r8NXKnGXpC7 +yPns28gz1egmxJ5NsJtQ8p4WHMQnA6J3wPr+7na+5MKzLgCIoMxD2vIJ0FU28ODE +WrAb9clqWqv/Jte/AgMBAAGjggF5MIIBdTAfBgNVHSMEGDAWgBRsipSid7GAch2B +ehaq8tzOZu5FwDAdBgNVHQ4EFgQUW2dpXrVYC5wfCdw1fZvWJ+5iqpwwDgYDVR0P +AQH/BAQDAgGGMFoGA1UdIARTMFEwCwYJYIZIAWUCAQskMAsGCWCGSAFlAgELJzAL +BglghkgBZQIBCyowDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMRMAwGCmCGSAFl +AwIBAycwEgYDVR0TAQH/BAgwBgEB/wIBADAMBgNVHSQEBTADgAEAMDcGA1UdHwQw +MC4wLKAqoCiGJmh0dHA6Ly9jcmwuZGlzYS5taWwvY3JsL0RPRFJPT1RDQTMuY3Js +MGwGCCsGAQUFBwEBBGAwXjA6BggrBgEFBQcwAoYuaHR0cDovL2NybC5kaXNhLm1p +bC9pc3N1ZWR0by9ET0RST09UQ0EzX0lULnA3YzAgBggrBgEFBQcwAYYUaHR0cDov +L29jc3AuZGlzYS5taWwwDQYJKoZIhvcNAQELBQADggEBAHrAmFSy86ZAscEU5KID +UdXtfC3+OV/I1BYnYiZHJKJj8zRuqvdWvsulKtCGKZo1wFv446n/14YRbI3TKno2 +Q/c4J6uz+MOsIGLyPvPmwO5Y6Gaqj5EDD6rgyYSRdHrmBlLE1aUmedc86UOMKAz6 +OwmUFRru8aXF/YSEWQmkeIWX4saImbv8Evb2vqjDPFERjH6BebYDRI7ZpMWg8jJt +LnQFoKOhCOTnHJz0vd/vnh4IC+7+KNgbg+RZ0O3H9dnBeULcLGeHtw2F2jBMrlyW +d0Iyn7vj9cOGkdrkggSpdGqqlXiNkVsYhyPXztL8jOqmyY7ndXubEQCsYxMIIXur +SEQ= +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-53.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-53.pem new file mode 100644 index 000000000..37fee6b84 --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-53.pem @@ -0,0 +1,29 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD SW CA-53 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEjzCCA3egAwIBAgICASswDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM1MDM1WhcN +MjIxMTIzMTM1MDM1WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E +IFNXIENBLTUzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwTewS9iv +ChYtMvNBYEOjVcVqr+3VOAEgyjt7ieJUVPrFDgtL9Sz+eXX+uBXkJwYjS0gtex6L +RuNtdcLkukoJu34ZxnfUwc8rgTwNV8VtIyI2GJq/u/FjGwK8fHkzslOzwF8KoA6N +NTYvKy9XohBDrrYGpRq/RuDttVfiJ4Yvcii5J6+uZTvT9035EksqjV7A+sJkFVqI +3MZ83kN9O0ZJf4dEj4h4DKqQYHTRrpy/BL4pTGxmSpnQHne63ToqsoZntTYCYhB5 +6izOakbsUTYVauwYqlNVf0j20IwcZibztp7wqV2NgGzA81LndhYLQh+8KsDabTSV +sZMvLHfEAeLdhwIDAQABo4IBXDCCAVgwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW +qvLczmbuRcAwHQYDVR0OBBYEFFHEizOZlMB+uzYd4+I6Bb0ydJ1TMA4GA1UdDwEB +/wQEAwIBhjA9BgNVHSAENjA0MAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ +YIZIAWUCAQsqMAsGCWCGSAFlAgELOzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1Ud +JAQFMAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9j +cmwvRE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5o +dHRwOi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAG +CCsGAQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOC +AQEACZtxX9lr6sye0RUSOLYzLCU4jVDNSQgz3qq8Kk7dJ97GdsuBzACcCIwFDpNd +tjMtD+mwNjgfeRY5ovyMEH3ZzVhIqGpQo4WLeE+bjy3fNcU3rsb2SHNaEpRddWQ3 +jnOc3jlyg/sHaR6Jg4JfQ1G9za46AReVa1nJLHjt/BO5m/3D4iJmpJvq2Qp6N4eF +a2VL6s8uAZKnLCocjZU2B3wYZMyaSgppaE4TOe/Hc5HJw245/cFLUL8I02iYfv9E +KQDuTGqNzGrBuKp9LMpRrBWb0boFrZaONcVXjtCqi05fo1Fd/JhuvfraTpgxmVXi +1OvgVGwq5lsxW2pbjSpBFebaRw== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-54.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-54.pem new file mode 100644 index 000000000..59b66acb3 --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-54.pem @@ -0,0 +1,29 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD SW CA-54 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEjzCCA3egAwIBAgICASwwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM1MTI4WhcN +MjIxMTIzMTM1MTI4WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E +IFNXIENBLTU0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq0wnaj/j +ZzXRnZnNDN5rMZW7OmPPcrG+8IQW6oHretQqvj/HCnAyX3sl5TvT6bLCG4UfLBAx +4VRCvpsVW9fME/43E+N8pyUDjlhYe8BHO9e0RfbVjMgDh6tLagvjN3MfThg8E94C +6TRisdifkP6WonplO1sbv8YD49GjmBWLs8KtU3xzw/StQrwNfymY8aW4lXJQa/Ca ++FXzz/tRh7Mclrlz6QCzgdHAliWK4s5tsXDxeZls2/tvTaZQCVCiyccDdc//lYzL +UIwg3lnPcoV6CPhhw+QW4q42Y4oSu48Z9g/fAvqhrK1U0S9mHl1vWLDTHI3hkwmd +T/O2WgKh8nvx8wIDAQABo4IBXDCCAVgwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW +qvLczmbuRcAwHQYDVR0OBBYEFLC3KL8sBImKdCavqhOMAhBVgXmxMA4GA1UdDwEB +/wQEAwIBhjA9BgNVHSAENjA0MAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ +YIZIAWUCAQsqMAsGCWCGSAFlAgELOzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1Ud +JAQFMAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9j +cmwvRE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5o +dHRwOi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAG +CCsGAQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOC +AQEAZF047yS8bq8lkMpoxFrJjmbdD1TNpjnWRmImQ32uPwNkrDbspNJ4GdqAh3N6 +ueIMcPUSmrIEs9GRZGJzOeTQ6tcQKCyWy+npsI1DQ/k5Xz0H375Bw17gnq2Bpjdy +s8zeg8I+2lDOjSNr7RgVWWB+2sVWXdvILx4Wkh6vX57uEud046HBmc4NeDiHAer8 +NIac5A7e379NRyuusNGXkAm3g7GsE/Y7MrFsKKsMlHb+gFXVgD0DBhtF22YqmA/R +QvTz7Ij1AD++Gv5I4IIzJFMryN6ED6XduWcTtk9Cnf0uY0z+VY8RFw9nOkECFc2b +BA8L2LlruBOzMWbFy4kH7G/hrA== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-60.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-60.pem new file mode 100644 index 000000000..a42fb40be --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-60.pem @@ -0,0 +1,29 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD SW CA-60 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEjzCCA3egAwIBAgICAwMwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTkwNDAyMTMzNDQ5WhcN +MjUwNDAyMTMzNDQ5WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEVMBMGA1UEAxMMRE9E +IFNXIENBLTYwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/MzAiiVC +G61CNrHuJ+6kXRAlG9ppLKXje1S3mw0LXOynYAyX7OIyFXkeNj54DV/4HTvK4eHd +G8XTfiUr8cqWki2nHPJivaZOKu/jObshywNZ3UAKmtz8bPDO+wJ8QrAxKaQYH4CM +mHlEjetmM7CMRznfMDqjwB9us5Y1FwKPlh+2Y6rdDfU1xR/dGD2iQk4laduxCCr4 +ULI7eFFToxnr5rUt95FBi5DlIPs3XETIywIWJ7Z59m0JBrReqKnFZr1NR06DGCOO +YULORCXiZFJlbRMjwvd3BPu+auP39/qq6aKLmTy0iTPflGum94W4bkvupB3r6Vkb +ptNsZrFq0IYZkQIDAQABo4IBXDCCAVgwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW +qvLczmbuRcAwHQYDVR0OBBYEFH3+8BAXOb/TcoT9rSlw+OI9mfMYMA4GA1UdDwEB +/wQEAwIBhjA9BgNVHSAENjA0MAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ +YIZIAWUCAQsqMAsGCWCGSAFlAgELOzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1Ud +JAQFMAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9j +cmwvRE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5o +dHRwOi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAG +CCsGAQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOC +AQEAn4OSx5FWM4e2vd2Igv63CCpfvrQqv5bjuoyQhoIJbEpjx6xtof1SNSwtPDjD +tSawzhabKYTgSajw28zIyJ4TpFUiABOSNkA4aYWvtjjHPKPrIjVTck0DArWH2Lr9 +x0dvpCIInDyfIib9dcE0cdGVlEpeAEMQFjpUbmCNpTlKUtSroY8CfZCOmi+Rp/fT +0N9PoO/Izxl1UvHb9xxfu4vasVjt3L/Fu8PIw8GJ70u/Ws+mg3ga8uDOluYn+VDq +O1Le2QJvSK0J9dS21rwV6SCtf+en2Razi0/S44tzOFa4fRdJLHTYPutu69p6+YMh +Sul++7G14BLwhmWa2iRcjw+AlQ== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-66.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-66.pem new file mode 100644 index 000000000..eb34d9855 --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-66.pem @@ -0,0 +1,29 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD SW CA-66 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEjzCCA3egAwIBAgICBV8wDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMjEwNjA4MTM1NzE4WhcN +MjcwNjA5MTM1NzE4WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEVMBMGA1UEAxMMRE9E +IFNXIENBLTY2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4houoVX/ +Li3VkkGqzLIUOLda1i73PJvtWBdSDIed8ovWFa+tQJ0/vCluSctLGgV171iHWItg +laOFkozk4pdBu5dW4N51jfkTYbzPt0tBZqJ0B20c/uxQUkIq8leMAiBnj5n1XRvE +IPmpch8rvGAVwDNOjK+7GiBlmm9Afi2dRvDOanB1C5NkvySwshIx8191HQaVxwEe +5CFoHr1/N1CFDZ65jLsHlF+OFRA0UQnsT4aRMsdUtUm8IQ81WgCSBkYE1iVfm+cY +Gp9IAJ4pjHeJt3VjYhCUZA1tISiEbjwt8Hos/oQny5jW3A0cKuKCN9D+CVzobb2Z +j1n9KtXGwo7RpQIDAQABo4IBXDCCAVgwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW +qvLczmbuRcAwHQYDVR0OBBYEFOsGU5gwhp7fXosLoSYm+qZhD7mUMA4GA1UdDwEB +/wQEAwIBhjA9BgNVHSAENjA0MAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ +YIZIAWUCAQsqMAsGCWCGSAFlAgELOzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1Ud +JAQFMAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9j +cmwvRE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5o +dHRwOi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAG +CCsGAQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOC +AQEAEI/fMsnGS7EdXp9T+SU22yw7TOMPnZns0nQbcx09aKV9LS5DC6j5siNUUs37 +bEeJLPSDN5JqC2jHA7C5USJ6+Qe65kvlUCvCuAKwtfOnv0KewpZnxBcRaEebbpRX +nzFb+2x/RbQYz3b0oN+srKyKEFie0USItyuVAB4eYolSbUQ5kXIMDbD7jxSkMsfi +2t8cpHXpNvPEGAMz8KFUR5ESYtE4uePZB4gOXBP2x7XbC4+mbSqXgapf+0L0dWXo +PGHQZWrPXMJq8nJ9Crps8KucamtlRge++MgsWRi5B/oTaJNBfabD7bZcI+tG8MSm +jYDkgfOi5nuRC+HuYQJfnN/JLw== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-67.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-67.pem new file mode 100644 index 000000000..4e203faa2 --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-67.pem @@ -0,0 +1,29 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD SW CA-67 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +-----BEGIN CERTIFICATE----- +MIIEjzCCA3egAwIBAgICBWAwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMjEwNjA4MTM1ODI1WhcN +MjcwNjA5MTM1ODI1WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl +cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEVMBMGA1UEAxMMRE9E +IFNXIENBLTY3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmGxEAz4E +AAC1INxpZpWcvBvGADE1EcLCF6yl2Q+px7dol+M3iFran2xRnG+PatJ7MyHflYFT +iMrjfNBjgd0WhcjdYIQqwA47vFwMDK9GAr4DpF9Th8Xa3Sz1W2PQj1isHKNodKvk +ICOBudf38e+6xhQyPxC/ryPKa8OzHRvzzVGhxjQjg8mWNxf1tDHaj1F1vOu3rDxj +k2BGbGKTSQ354E2jCkDLqKzCCzpsKVNPtkuC1LwUflrPBJreFq6pYOlFFBu9YgTZ +q5D6O4mr9388Yl3UJEeZq70POfwd+Lg8oPDS8geVtXuxohCdE0lw3UrW5oGO10e/ +DwhxvmyBkYjlGwIDAQABo4IBXDCCAVgwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW +qvLczmbuRcAwHQYDVR0OBBYEFNu0q6OMKUW9rSpWN8xUXbzX/SonMA4GA1UdDwEB +/wQEAwIBhjA9BgNVHSAENjA0MAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ +YIZIAWUCAQsqMAsGCWCGSAFlAgELOzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1Ud +JAQFMAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9j +cmwvRE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5o +dHRwOi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAG +CCsGAQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOC +AQEAIW6zNzaq6wiJST/lHGj8X4TEhezpoVDdVf9a4yD8mzDlTgGpwYNYD0eXm3/B +3/DXJR1DUKoNjb7fPomrn0mqMbsjn9PorjBvrjHGk8hnzTaWxny/UjKOZPunOrqr +xNAdG77sc1TbYABaVr7R/qBV5vYGEYG0zG4lwgwOGfzHs5DCWlcZ9RXeMC8FmpU2 +V5prrgy4oUb9W+Pe240i5bTFFgk0KZpGzGwxmmip47hvnn2WoOjXuMCO8oFPID97 +b7HtqVw44FdhcX91iSsF94227L97FWj2qIh+hg9Hr7+lnUV2jnw78VDAAGYoC2j+ +wFDemBg6D/gOGokJXlfr5G3RtQ== +-----END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DoD Root CA 3.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DoD Root CA 3.pem new file mode 100644 index 000000000..cd2969bff --- /dev/null +++ b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DoD Root CA 3.pem @@ -0,0 +1,32 @@ +Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Interoperability Root CA 2 +-----BEGIN CERTIFICATE----- +MIIFKjCCBBKgAwIBAgICBWYwDQYJKoZIhvcNAQELBQAwbDELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxJzAlBgNVBAMTHkRvRCBJbnRlcm9wZXJhYmlsaXR5IFJvb3QgQ0EgMjAe +Fw0xOTAxMjIxNTIyNTZaFw0yMjAxMjIxNTIyNTZaMFsxCzAJBgNVBAYTAlVTMRgw +FgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMD +UEtJMRYwFAYDVQQDEw1Eb0QgUm9vdCBDQSAzMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAqewUcoroS3Cj2hADhKb7pzYNKjpSFr8wFVKGBUcgz6qmzXXE +ZG7v8WAjywpmQK60yGgqAFFoSTfpWTJNlbxDJ+lAjToQzhS8Qxih+d7M54V2c14Y +GiNbvT8f8u2NGcwD0UCkj6cgAkwnWnk29qM3IY4AWgYWytNVlm8xKbtyDsviSFHy +1DekNdZv7hezsQarCxmG6CNtMRsoeGXF3mJSvMF96+6gXVQE+7LLK7IjVJGCTPC/ +unRAOwwERYBnXMXrolfDGn8KLb1/udzBmbDIB+QMhjaUOiUv8n3mlzwblLSXWQbJ +OuQL2erp/DtzNG/955jk86HCkF8c9T8u1xnTfwIDAQABo4IB5TCCAeEwHwYDVR0j +BBgwFoAU//iuE4uSK3mSQaN2XCyBnprFnHgwDwYDVR0TAQH/BAUwAwEB/zAOBgNV +HQ8BAf8EBAMCAQYwRwYDVR0fBEAwPjA8oDqgOIY2aHR0cDovL2NybC5kaXNhLm1p +bC9jcmwvRE9ESU5URVJPUEVSQUJJTElUWVJPT1RDQTIuY3JsMB0GA1UdDgQWBBRs +ipSid7GAch2Behaq8tzOZu5FwDB8BggrBgEFBQcBAQRwMG4wSgYIKwYBBQUHMAKG +Pmh0dHA6Ly9jcmwuZGlzYS5taWwvaXNzdWVkdG8vRE9ESU5URVJPUEVSQUJJTElU +WVJPT1RDQTJfSVQucDdjMCAGCCsGAQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1p +bDBaBgNVHSAEUzBRMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJYIZIAWUC +AQsqMAwGCmCGSAFlAwIBAw0wDAYKYIZIAWUDAgEDETAMBgpghkgBZQMCAQMnMA8G +A1UdJAEB/wQFMAOAAQAwSgYIKwYBBQUHAQsEPjA8MDoGCCsGAQUFBzAFhi5odHRw +Oi8vY3JsLmRpc2EubWlsL2lzc3VlZGJ5L0RPRFJPT1RDQTNfSUIucDdjMA0GCSqG +SIb3DQEBCwUAA4IBAQAUo+3yHXSh8j5yBbpTAr7dqhSQDFjxRk0Sq+nL62ceChhT +mEvzAKWK441/JPNF8VCO9xG80TBm2ngxL4R0wXahxG177YQ9h+ZYd1meye6+Ly1V +P8B9XSk++f4zDMlxB1pWMgDnUE/h/MHO5w7zxuqGxOZpqTBtSh0P+7qQfLVy68Mo +M3qHxAQ7JC9pEyRZ4MHlKNRHO8XgiEKK5MZJAjhynCzbQMGUlayQkSMUuhIRwV6c +Ek1Z2dikykwfepCAtkQcqlnwPxqk+l3t4Ejr4FNObkToY84Xh/3YaNw5Efw6CpRH +9nIb7WxSfMxlx7U0+HfI2oVixbQ55MKJGpZy6VSe +-----END CERTIFICATE----- From 404887a41d77f5b814f254177b48b0030d3ec746 Mon Sep 17 00:00:00 2001 From: Zach Margolis Date: Fri, 25 Nov 2022 07:29:36 -0800 Subject: [PATCH 09/18] Remove certs that expire on 2022-11-23 (#329) (#330) * Update certificate bundles - "rake certs:generate_certificate_bundles" --- config/cert_bundles/ficam_bundle.pem | 369 ++++++++---------- config/cert_bundles/login_bundle.pem | 298 -------------- ...nt, OU=DoD, OU=PKI, CN=DOD EMAIL CA-49.pem | 30 -- ...nt, OU=DoD, OU=PKI, CN=DOD EMAIL CA-50.pem | 30 -- ...nt, OU=DoD, OU=PKI, CN=DOD EMAIL CA-51.pem | 30 -- ...nt, OU=DoD, OU=PKI, CN=DOD EMAIL CA-52.pem | 30 -- ...nment, OU=DoD, OU=PKI, CN=DOD ID CA-49.pem | 30 -- ...nment, OU=DoD, OU=PKI, CN=DOD ID CA-50.pem | 30 -- ...nment, OU=DoD, OU=PKI, CN=DOD ID CA-51.pem | 30 -- ...nment, OU=DoD, OU=PKI, CN=DOD ID CA-52.pem | 30 -- ...nment, OU=DoD, OU=PKI, CN=DOD SW CA-53.pem | 29 -- ...nment, OU=DoD, OU=PKI, CN=DOD SW CA-54.pem | 29 -- 12 files changed, 155 insertions(+), 810 deletions(-) delete mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-49.pem delete mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-50.pem delete mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-51.pem delete mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-52.pem delete mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-49.pem delete mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-50.pem delete mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-51.pem delete mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-52.pem delete mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-53.pem delete mode 100644 config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-54.pem diff --git a/config/cert_bundles/ficam_bundle.pem b/config/cert_bundles/ficam_bundle.pem index b990801a7..199dd68fa 100644 --- a/config/cert_bundles/ficam_bundle.pem +++ b/config/cert_bundles/ficam_bundle.pem @@ -864,6 +864,45 @@ OPc7eF125ABdU/KJcabt3YSE5mrRu7yRvmskGLPcJ3dHIxNhW5BZiPXu/V0dFnzy uM8djQ6nH2eHXTRoTIYueWfrZLuG/UGCe4if2gM3ZQbDEoz3lkVd9rJVGNRBcnSe aHPkF2w1nDb0EHrnM0m+G70= -----END CERTIFICATE----- +Subject: /C=US/O=IdenTrust/OU=IdenTrust Global Common/CN=IGC CA 1 +Issuer: /C=US/O=IdenTrust/CN=IdenTrust Global Common Root CA 1 +-----BEGIN CERTIFICATE----- +MIIGeDCCBGCgAwIBAgIQCgFCgAAAAUXYsJAMAAAAAjANBgkqhkiG9w0BAQsFADBN +MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVu +VHJ1c3QgR2xvYmFsIENvbW1vbiBSb290IENBIDEwHhcNMTQwNDE0MTYzMTAwWhcN +MjQwNDE0MTYzMTAwWjBWMQswCQYDVQQGEwJVUzESMBAGA1UECgwJSWRlblRydXN0 +MSAwHgYDVQQLDBdJZGVuVHJ1c3QgR2xvYmFsIENvbW1vbjERMA8GA1UEAwwISUdD +IENBIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+PjUxzWmD/upc +/DwguPonIC8WbR/FJZ8/uEGLbCya/aLewhSD4UHXyVjUnpWMjUGyVXlK18RfbHtN +Jo6FYqaFQN82VxU35orHEswMoBbo5aywtIjh18Go0AZxr3T+L+x+lsvsLLH+PlbN +z/W2kS77EO37AJHTjI21iNNHGLd5x0sANxKy/m9/t/zoZiiL8UPlpD4TAHSfOxqn +JQrRfgjbmTny7Dc5v0/zU/Cb8ZFjCGyrVvebddI9J6e8FqXkx9ksjUoYerdsNd4G +t5QIpd7fnKPeKvrwksm0XlFj9ptUwihPvIxcaBTCnOB8BfvCirgFBVZgCsrZYX7E +ILEhdDd3AgMBAAGjggJJMIICRTAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgw +BgEB/wIBADCCARsGA1UdIASCARIwggEOMA0GC2CGSAGG+S8AZAIBMA0GC2CGSAGG ++S8AZAICMA0GC2CGSAGG+S8AZAMBMA0GC2CGSAGG+S8AZAMCMA0GC2CGSAGG+S8A +ZA4BMA0GC2CGSAGG+S8AZA4CMA0GC2CGSAGG+S8AZAwBMA0GC2CGSAGG+S8AZAwC +MA0GC2CGSAGG+S8AZA8BMA0GC2CGSAGG+S8AZA8CMA0GC2CGSAGG+S8AZBIAMA0G +C2CGSAGG+S8AZBIBMA0GC2CGSAGG+S8AZBICMA0GC2CGSAGG+S8AZBIDMA0GC2CG +SAGG+S8AZBMBMA0GC2CGSAGG+S8AZBQBMA0GC2CGSAGG+S8AZCUBMA0GC2CGSAGG ++S8AZCYBMB0GA1UdDgQWBBQI5V2BrnkUHLwYoMEGAv8eqpS87TBDBgNVHR8EPDA6 +MDigNqA0hjJodHRwOi8vdmFsaWRhdGlvbi5pZGVudHJ1c3QuY29tL2NybC9pZ2Ny +b290Y2ExLmNybDB7BggrBgEFBQcBAQRvMG0wKQYIKwYBBQUHMAGGHWh0dHA6Ly9p +Z2Mub2NzcC5pZGVudHJ1c3QuY29tMEAGCCsGAQUFBzAChjRodHRwOi8vdmFsaWRh +dGlvbi5pZGVudHJ1c3QuY29tL3Jvb3RzL2lnY3Jvb3RjYTEucDdjMB8GA1UdIwQY +MBaAFPj5iy9/kEOfj+aMLLVJuE+SixZ0MA0GCSqGSIb3DQEBCwUAA4ICAQDWBv9j +aO6PdpYtsxjRkmG9Nogsv/95bXIPG0wefaRvodVQxaiGg2sCI4eRg/fkEDGnz+0c +au1S+rERFIJKkwpUWTA2If0jLb+a/u0fJjfUdWqBDuYHXxtESQIagy+I56253SBv +enIcNiJNJmERjkCkhJPQBDRHgYfR/JVsbhpl3sjLzAZNUlSoU3NVBXbM+Dn38NRf +8W1TfVWNAMKbZXgL3RjerlKnhl5Pi23UfOYkgZi/OC5GiiGtPbdxqPhbqk7LgwN1 +sHMA6t06S16XbBoqW62uf0nuLWXwpkMbU2pjUAGjdDS23YgZBRbYaC/XqmPHm2XS +nqDtYKABOcLAgGvUcoMMhzuiIeCpxv5CSElXzJh6K9wkmlNwCYzTDWttc5TVaFev +0b0/zuiw4E4LJk7PaO5W3DdJy95pKW+BamxGPVLyxTNdQQmSqhOuL7vOTG821cH9 +TzO/FfFDQB0bT3eVsODxDUNugKnvw+PH+qIVCqcONllznoz5G7A54LD45oz+lDsG +uPGrWTKpBgBk4AcfNd5nWh3bfI+docNDLqrfRCYPPM5BfF4xAsfZoDrdEeBqSG3Y +8hQLVF9qx+7OT6K7jCTS0Gxuu7IvRlcICdHJFJsOW3I9JX2xl0g7GklzSYs+j+5j +8KEGcVRC5ZzO8teG+qhxpaDbcPgwzWnYOy6mKQ== +-----END CERTIFICATE----- Subject: /C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 SSP Intermediate CA - G3 Issuer: /C=US/O=U.S. Government/OU=FPKI/CN=Federal Bridge CA G4 -----BEGIN CERTIFICATE----- @@ -977,41 +1016,6 @@ A843vFQuVRgIwp1M+D4xnvxnLbehLzqEZ6ZSSIPoHXzitfz9/oycCfUbIyYE4TW9 8wEwfpj4wCO1Gldl+2rZYUEb5mjkkltR1O8s5rYqoxVSVKUrAD/fHYdOzteWkNQk yiTo/Q== -----END CERTIFICATE----- -Subject: /C=RO/O=Trans Sped SRL/OU=Individual Subscriber CA/CN=Trans Sped Mobile eIDAS QCA G2 -Issuer: /C=US/O=SAFE Identity/OU=Certification Authorities/CN=SAFE Identity Bridge CA ------BEGIN CERTIFICATE----- -MIIFszCCA5ugAwIBAgIQQ/LGUr4uY07oqGTBcT/RhjANBgkqhkiG9w0BAQwFADBr -MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNU0FGRSBJZGVudGl0eTEiMCAGA1UECxMZ -Q2VydGlmaWNhdGlvbiBBdXRob3JpdGllczEgMB4GA1UEAxMXU0FGRSBJZGVudGl0 -eSBCcmlkZ2UgQ0EwHhcNMjExMDI4MDAwMDAwWhcNMjIxMDMxMjM1OTU5WjByMQsw -CQYDVQQGEwJSTzEXMBUGA1UECgwOVHJhbnMgU3BlZCBTUkwxITAfBgNVBAsMGElu -ZGl2aWR1YWwgU3Vic2NyaWJlciBDQTEnMCUGA1UEAwweVHJhbnMgU3BlZCBNb2Jp -bGUgZUlEQVMgUUNBIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA -3BHY3CN+UsqMX6OWd35+0AzS7bBVsSWHjS98sRj4kRAJ7tt5HkxgmSBJG/yNmhZq -a7K5VAb3sjfbH4x+NWKxzHUD+8pKSaeJQplaIbnPboqYXHwP88pn+B3QL7o8ZCbJ -XMGgQtWFvE6g0GgpbIOVNXw+nSxxhSZy6r760nxcWc24q657BGtkicR1ve2FrJbF -safRHKeZzMcuYQm852Ef9mLvQ3DbVKHwfE7dzr8BnvvX8gAwYV0HXMHdPAGVhbnU -3eH0BTtky7nEQCxf7EULGBlIUn6spgy9uRyCvNyeSQeX1n5BMCZ7bYHZWllRNnxj -WGM9fhAEi2MMGDPW0CgKlQIDAQABo4IBSjCCAUYwHQYDVR0OBBYEFB1QTkWLI0AU -1WsXehfWWjbrz039MBIGA1UdEwEB/wQIMAYBAf8CAQEwFwYDVR0gBBAwDjAMBgor -BgEEAYG0fQEGMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwubWFrZWlkZW50 -aXR5c2FmZS5jb20vc2liY2EuY3JsMA4GA1UdDwEB/wQEAwIBBjAKBgNVHTYEAwIB -ADASBgNVHSQBAf8ECDAGgAEAgQEAMCQGA1UdIQQdMBswGQYKKwYBBAGBtH0BBgYL -KwYBBAGCuB0EAQEwRQYIKwYBBQUHAQEEOTA3MDUGCCsGAQUFBzAChilodHRwOi8v -YWlhLm1ha2VpZGVudGl0eXNhZmUuY29tL3NpYmNhLnA3YzAfBgNVHSMEGDAWgBSZ -pBrN3G/GqAg+rbaWbH7XzzekyTANBgkqhkiG9w0BAQwFAAOCAgEAkDbOAxvY3HoL -/VXaUGKmSs09GLxacbIDQXTUmbf2RDTux53HOOKnPIpxxRSS7op1ypWZd9YXM4Dk -d/wasPxgeZJUPxNgu8VpSsUpviYP6ULBn5YddbjN5LHP9Lv/vffwGDeDrLcuvniw -3KXsw4eO9VXJW9OwoofKgRcksDaLCA9fXYrHahcBazJMllGGsDsOEG7W9+69iX+n -tuyLago8ZO/OXwNHki4BWzULKXVvre5vKe5PvjG1Y4OZvoPQ480tptOIa3Mzp0Sb -nKmuGU1ne61VxyqShywKKx/jMwa1yYd60YFrXYxLYqo/v5gRw+J45kb8ifY8CStC -wF8DyVSYWMOsv2FEWvyE4M18htjv938KY/lK5wCnXLXiuszpV9pXDD4GoA0Hi7BE -PvshUl1U1ojLh83E4u2GfA4SEAlTwGGWN3Dxx4B/Yp2HiU+71SNXxZ9S2mezJtL6 -DZoYPd2zAbu/H1VBtpnrJ+0o3LJoTsw4KyOlY+H3W96BvHsFVMFF73CdxnYBDxZT -WLlTd0bv0Pf3Otb4rK80sVhwjofeEtYXFDCjN7Z6LVk8ZmckGTMfcas+5ozHEeFq -SjAZ7tX8Cnzs83qtae0plvEvbDTQ8PGPzHhl312CLpNjMFop3CuZRkHgfFd6VhnS -fKt6GZJ+1zxSn/I2LSbnavn+6XYQJAs= ------END CERTIFICATE----- Subject: /C=US/O=Entrust/OU=Certification Authorities/OU=Entrust NFI Medium Assurance SSP CA Issuer: /C=US/O=Entrust/OU=Certification Authorities/OU=Entrust Managed Services NFI Root CA -----BEGIN CERTIFICATE----- @@ -1454,6 +1458,43 @@ crIvEFw/sWREWggc7YAQtaIr+W4SgFst5VGJ4AAU6icCNCepUiquHg06f7xWsoQ+ yTNIyG7YliWqXCDGNouPfUfAjredXmQWntjHxMc51c3Pzt+AqsYxnrggK2KwNtg9 l1Db -----END CERTIFICATE----- +Subject: /C=US/O=SAIC LLC/OU=IdenTrust Global Common/CN=SAIC FBCA Cloud PKI CA 1 +Issuer: /C=US/O=IdenTrust/CN=IdenTrust Global Common Root CA 1 +-----BEGIN CERTIFICATE----- +MIIGBzCCA++gAwIBAgIQQAF/Za/230FD7PhazbuqyzANBgkqhkiG9w0BAQsFADBN +MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVu +VHJ1c3QgR2xvYmFsIENvbW1vbiBSb290IENBIDEwHhcNMjIwMzA3MTg0MTQ1WhcN +MzAwMzA3MTg0MTQ1WjBlMQswCQYDVQQGEwJVUzERMA8GA1UEChMIU0FJQyBMTEMx +IDAeBgNVBAsTF0lkZW5UcnVzdCBHbG9iYWwgQ29tbW9uMSEwHwYDVQQDExhTQUlD +IEZCQ0EgQ2xvdWQgUEtJIENBIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDS4n3Ajwua7dpm2vCApM5iZ/sAxonZvOylpHhxlccZSh7+/0F7/yeIK+Xn +TvJID0dHLK/veqzSL4PPcUqlDWvhhHwAH0v7HY7I/3PMoo4iGDHuxjDNMCn2UDVz +L+Amvyf/tGgbwysHORP6bk5DnwuyIxX7DO/7nxmxtu/Dg5KE28JGYNuAAk4zqd+j +Eftxj5vU1yaotAHzJGTrEgoyxkLL5yKZp5M3G3nnSmpfhj1zvXez5fjhrwYvL4Ov +598670HkjRLgIosiMGdkz3OdCA++lHDAAhAPHlwGJ/nV6fUclf7k7h+21eeVt9OW +iOymNSKQa7BYRwvcATU0vr9weM3NAgMBAAGjggHJMIIBxTASBgNVHRMBAf8ECDAG +AQH/AgEAMA4GA1UdDwEB/wQEAwIBhjB7BggrBgEFBQcBAQRvMG0wQAYIKwYBBQUH +MAKGNGh0dHA6Ly92YWxpZGF0aW9uLmlkZW50cnVzdC5jb20vcm9vdHMvaWdjcm9v +dGNhMS5wN2MwKQYIKwYBBQUHMAGGHWh0dHA6Ly9pZ2Mub2NzcC5pZGVudHJ1c3Qu +Y29tMB8GA1UdIwQYMBaAFPj5iy9/kEOfj+aMLLVJuE+SixZ0MIGBBgNVHSAEejB4 +MA0GC2CGSAGG+S8AZAIBMA0GC2CGSAGG+S8AZAICMA0GC2CGSAGG+S8AZAIDMA0G +C2CGSAGG+S8AZAIEMA0GC2CGSAGG+S8AZAIFMA0GC2CGSAGG+S8AZAIGMA0GC2CG +SAGG+S8AZAIHMA0GC2CGSAGG+S8AZAIIMD8GA1UdHwQ4MDYwNKAyoDCGLmh0dHA6 +Ly92YWxpZGF0aW9uLmlkZW50cnVzdC5jb20vY3JsL2lnY2NhMS5jcmwwHQYDVR0O +BBYEFEF/tiyWzrBqd7c0C6JctJumE4rHMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggr +BgEFBQcDBDANBgkqhkiG9w0BAQsFAAOCAgEAXA3quFSCYKiWYWjPPh8kR/RYjy6s +wtJwq1X/OQFIhhRRBR5lnXwuB1pv2kOWE9YvIT0LIIMBu9W+v0Vkobrt6Gr0O60r +U/t0ZJKz0z4b0txr3I6klJmI0S7x5LZM+l4CB/8Cl1Tlv9GNEpIWwep/qn1RMw6W +uljIgd/kI5K8c79rz0SlxsQsfSuJIo8xCfRLv4Vty5YUdtZZfVBGHjiuccQdFezh +FIjRVGJ+6VGb7rqZiRZo03YnDNfN7GAdq15F3QwVk7EqQ2gEXx80FcSfe6as6W2M +PKayzFQI9N6YBjWxrMBd2c9Ka5XaZC73uEJsA6dDR77gFnnSeE9/Wu5THk8WqmvT +7pWJ/ElLW4TfsVrQUDzqpZ5iqXRjdY3HmAc71MWe1wpiZBftIYo2JCgr/WmJdiro +68DUBj5STHt3JScYBMfAy0FfNrmGeAQf7KiV/fDdkqbEYbb0Tb3053yfR+36E7Mp +dCii9tKKW8Yr7GW7KvREZT+8h9+iroZqiWSzB3B9zaTVJp3KRgI7jTb+BIPiRiku +K0brRAvxWaw64t2up4jgZp1dCY8gHLZ+sqITfBBEVXqbA8FOp2qbSN1NVg4qWCqq +vLs4cplcx3EwHSUpSwVT4Op6Mfn/SZx1zXRRoI9Pf/l3CLA7qIbA/G/I5GQjV/6D +e+JXq/PFM6EMAL4= +-----END CERTIFICATE----- Subject: /C=US/O=U.S. Government/OU=Department of Commerce/CN=Bureau of the Census Agency CA Issuer: /C=US/O=Symantec Corporation/CN=Symantec SSP Intermediate CA - G4 -----BEGIN CERTIFICATE----- @@ -1877,50 +1918,44 @@ q1q/XYClv/3L0L8lvaG82+IZpQIzGrphIFmuw25nMaUkT3NzRQaIPaZxRRzXOFvh uh8vuWzo4YP2hPOfVO18EMXH0M639REKtqDMIkllBuNOHD8RcMu+CJ/xSxdUrra5 Kao6TKIjbio9/JhCr5XL7ee3a0tjkt9p -----END CERTIFICATE----- -Subject: /C=CA/O=Carillon Information Security Inc./OU=Certification Authorities/CN=Carillon PKI Services G2 Root CA 3 -Issuer: /C=US/O=SAFE Identity/OU=Certification Authorities/CN=SAFE Identity Bridge CA ------BEGIN CERTIFICATE----- -MIIHnTCCBYWgAwIBAgIQC6yv7m8fVCFW0BOX6R0S0jANBgkqhkiG9w0BAQwFADBr -MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNU0FGRSBJZGVudGl0eTEiMCAGA1UECxMZ -Q2VydGlmaWNhdGlvbiBBdXRob3JpdGllczEgMB4GA1UEAxMXU0FGRSBJZGVudGl0 -eSBCcmlkZ2UgQ0EwHhcNMjExMDI4MDAwMDAwWhcNMjIxMDMxMjM1OTU5WjCBizEL -MAkGA1UEBhMCQ0ExKzApBgNVBAoTIkNhcmlsbG9uIEluZm9ybWF0aW9uIFNlY3Vy -aXR5IEluYy4xIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxKzAp -BgNVBAMTIkNhcmlsbG9uIFBLSSBTZXJ2aWNlcyBHMiBSb290IENBIDMwggIiMA0G -CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDyJSAjmhFSnyjquDuf4cPyuJ8dvJPn -bq9Fk6/9tILWkr/LwTYrLR+wMCGql2XvoUnXsDzTxLX96PHxmG5KRnUGD37ZMwCc -5ALFr1hAUS7PQdcSj7aUAjxeclMKt4HerQp72j4KVaR3kdm0Mvdy3VqVIydk5NCJ -xhTmcsBy+hAIXz7y/V6OG/P2a0gVcAJ/hYFyoXRvvomTvhte4Ki1utblUx/s2H3O -/xOTyC5sfO/c4X5wNOEyB7kFGoikbwrFU9ZkWZm/vwl9aLuqPfAf5BGGTa09TD4W -wtKG/v2sUX0iqk/KRbdOW+CD5UPo2AX6NEqkg0l0yVonfSO+6uDayasQTUtI8Qxk -hF7Y1mNJhZZSymktBVnojkRHKC1WhZ1d3CyTB61iSeYBfSKKqErMcQy5u4CeSPi5 -pZQK+OfLB7DN6OwjS+ZVCRnP96SwSi3h7Y8yus8obRLn33kDwqoskhmHMayLkeW/ -NMJg/6JEDB7+VRrQ6PIEPMiJxWs4c4nVopMtdjVCgoSvpF/M7UfI7E+kfKsbMjHQ -FenxIcCrDSD+qidbI4/RV6M8lN79oQOQHodPEBJTS6LGsQK9uK2bml1ur0wDYNvg -yC2DmGqkrW1sNfZRgBbcJDbBx0E52DAuNQaCAeD5WCukqH2hFd5wYAx+7TNlasfq -1h/MY5tvfhlSTwIDAQABo4ICGjCCAhYwEgYDVR0TAQH/BAgwBgEB/wIBATA6BgNV -HR8EMzAxMC+gLaArhilodHRwOi8vY3JsLm1ha2VpZGVudGl0eXNhZmUuY29tL3Np -YmNhLmNybDAOBgNVHQ8BAf8EBAMCAQYwCgYDVR02BAMCAQAwEgYDVR0kAQH/BAgw -BoABAIEBADAdBgNVHQ4EFgQUXjd0qkEonho9dbrtSgkN28QQk+kwXQYDVR0gBFYw -VDAMBgorBgEEAYG0fQEEMAwGCisGAQQBgbR9ARIwDAYKKwYBBAGBtH0BBTAMBgor -BgEEAYG0fQEGMAwGCisGAQQBgbR9ARswDAYKKwYBBAGBtH0BHDCBrQYDVR0hBIGl -MIGiMBkGCisGAQQBgbR9AQQGCysGAQQBgcNeAwEJMBkGCisGAQQBgbR9ARIGCysG -AQQBgcNeAwEKMBkGCisGAQQBgbR9AQUGCysGAQQBgcNeAwELMBkGCisGAQQBgbR9 -AQYGCysGAQQBgcNeAwEMMBkGCisGAQQBgbR9ARsGCysGAQQBgcNeAwENMBkGCisG -AQQBgbR9ARwGCysGAQQBgcNeAwEOMEUGCCsGAQUFBwEBBDkwNzA1BggrBgEFBQcw -AoYpaHR0cDovL2FpYS5tYWtlaWRlbnRpdHlzYWZlLmNvbS9zaWJjYS5wN2MwHwYD -VR0jBBgwFoAUmaQazdxvxqgIPq22lmx+1883pMkwDQYJKoZIhvcNAQEMBQADggIB -ACLfWUQQ6v6kpM9doK3nPmdAexO1S6mgIMvv9zCefUuh5MkvN34lV6n+75O5mPoY -jlC4AsiA6pYaNj+9TW1JeKA66LS20LnAt+LkprNaX5qjsJ1G06V5r4uv5myZ5xHx -GGz4qyeMrWtv1HbvYRMMV9szsvNa+4MLuHg+2XfJOVsWz9y0nQwvzy0iAhANg+av -4Y+5Dv4PV9BpAIiZ5MFoayMJjVfC/bc4D0zAzNKLwAekHskqz8yaElDIwBi/opxH -5RzGe9NuYjt+ahc5To0wm44UVQnsHFXiq/xLOfA/sIttxvlHmmBGm+nOAb3MtyaP -Kf5MBzF03im7JJNllpdBnc6kRlUTTL6de7o3HxgVag2yjMHGtZ0ihrDtLZ14vJF+ -cdHyV9rx5452yG0L5fSdSWtELL092HCKUzJ4/wg9V8TMup0DbdeJbVIMYURADhV6 -yRUIgAR0EBAMyCwjvQTIgkSHCRRKmSRyvN6BSaFSQwyEmL5MEd/o+Cwy0wfoZmbW -qpQJN21PmY8zvnuvNSbyY59m7260mIkD6kZDahmPwBdSCewMIqnPgWV8XAZ2RtXz -uFPAsqom2MFAimGAx3bZgyYK7nYN8J1UDVQZVBWM9KpyVuzB6ZjB0pqQ8+nJaDEZ -MCxwf87KgqQFigREZinWwk3qPORjs901LfUyWTfrRqXd +Subject: /C=US/O=IdenTrust/OU=IdenTrust Global Common/CN=IGC Device CA 2 +Issuer: /C=US/O=IdenTrust/CN=IdenTrust Global Common Root CA 1 +-----BEGIN CERTIFICATE----- +MIIGiTCCBHGgAwIBAgIQQAGDzXXwJtgoZhgWEUwLMDANBgkqhkiG9w0BAQsFADBN +MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVu +VHJ1c3QgR2xvYmFsIENvbW1vbiBSb290IENBIDEwHhcNMjIxMDEyMTgzMDAyWhcN +MzIxMDExMTgzMDAyWjBdMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0 +MSAwHgYDVQQLExdJZGVuVHJ1c3QgR2xvYmFsIENvbW1vbjEYMBYGA1UEAxMPSUdD +IERldmljZSBDQSAyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwpvo ++EM/nDcIW3G5zRNdYZnWr2JO/H+K2l0kVZJlg22+GuloB3ybZxGys0hCeSbXD6Ob +XQ61aJfl5a/KzG7T3lh/3GZIbx+lgZhDSeAWc4YNzsvaQbqIh4aDgsCrwwlNP3ht +sDctfQPsJzMLtdLgJQF+qLOELwj8ngN4Lb5hkCOQaJ7CeHm6KUS+HS9uhggp8jjm +k21xjX/cMoPROKmfLCMYUlFglh44COFsJWGy6txilg0UQRGR+rU3cGhTghAJHcpC +LsirkWM/hsZYWOfYv480cExy0ChUBUs3lGhrrEzuthHqQAkCEj3a5Sm6xPXvucyH +RtGdxrK7Bo03Xvb2/zCbFsuzt1vgqNtX3UCd9/Y3r5KNquFqJQyLngVs675Xhtz0 +XTyV1hHW4IoJaUxc8tiCFSEC9gVoQdxsdyrNF1EJuUMgVdAy8y5I96o9NyMtwNyF +T5oSclN1MuPVINpwT/wFQH6vQX4pZs+ZFedClDJjC+sXlhN3RTn5WY9t8bCVaw7s +XIChkRpdFvNX/D1wjUcqcDFltkdLsa7rJcPLNYqeByX2AFsNX6PEPcqVTkYRkSOW +/1KU6XAnXlteDm2zvkZgMt3Czw3yC1PeemjcHGTziR+ylqI1U4+bgRf6Bbfn2dTh +MSuexPnHHVpI/pxF+/pQx9FXQxjgmJM8G/P26YcCAwEAAaOCAVMwggFPMBIGA1Ud +EwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMHsGCCsGAQUFBwEBBG8wbTAp +BggrBgEFBQcwAYYdaHR0cDovL2lnYy5vY3NwLmlkZW50cnVzdC5jb20wQAYIKwYB +BQUHMAKGNGh0dHA6Ly92YWxpZGF0aW9uLmlkZW50cnVzdC5jb20vcm9vdHMvaWdj +cm9vdGNhMS5wN2MwHwYDVR0jBBgwFoAU+PmLL3+QQ5+P5owstUm4T5KLFnQwJwYD +VR0gBCAwHjANBgtghkgBhvkvAGQlAjANBgtghkgBhvkvAGQmAjBDBgNVHR8EPDA6 +MDigNqA0hjJodHRwOi8vdmFsaWRhdGlvbi5pZGVudHJ1c3QuY29tL2NybC9pZ2Ny +b290Y2ExLmNybDAdBgNVHQ4EFgQUP4tHrmEd62UjlcQ6Le27SNUjKSIwDQYJKoZI +hvcNAQELBQADggIBAF0Qgd08wpH5nbXLq3GVt3dLl0anW0+X9SWgyqvQYfq4VMUF +V1j6aTGtvhcROkE68sWniXL2QwLDN7MA4/Oi38gQezUlk3WITxYsacerJpCarttv +HTbY00f5i+nWlWc+6eNZVS6+HhxypTqqkUfdKIzPcMXphBlZ/FFM4QxaMotCDsbn +gw9E6nk8b+1IReXKaVE15WEmScEJpFryNVkRvnIltYWCMuNT/6DkE/0Q1urJMTzV +M4r5oeTRDYDTyAi4wuBOOI8RE9UhxVo1N2nhPq/qHWFsZDCwpbEmOXLIzBH3I2T1 +Xe9KQ4VUsTUWPBVx/1h0py/qebJPiNRWGQxnm4b++NJ+8nLPULcTsviEp4YB9BRv +vgtrT0qqgaVCtlxPtG03b0r+Q5ewyEzmK2y8IJ6icpbqIqE9QjtYgd25UnPm1TVG +KRHHsixosuEJZ3V752XB4lGh6atQKb4EI0mSpC3AqlD9eWInsM1FlpHDkGvYFHmW +tN4TN0ixHIbAABxDCv5z5EiTlR/v+sE8BTwKmoCr6OII9A6Shzq0Ti4amANCGNc0 +/K8UzhrTNIlWEDi5p6L2CULOSl3E+DPkTMY4hHVUYKtLWGPgAlGs/4rKOH8h43PY +4DVWy7fM3QGn1gdwykTA7Jw/aCBharoTFoRVSRJwGQTrfJsBKaZIeQJhK9Xc -----END CERTIFICATE----- Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD SW CA-60 Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 @@ -3419,49 +3454,6 @@ DFgkQ3k6J5eQsT9+dIXdY42UIFsJzDjkObIuguuIsPlNd3/Sf9vI334Qhw9JdNFX YIhhv6p5vJh33iJaGj/fXof0EW3FresyG5chZvTv46fCq8Yo8rgjzRKaJzMhPp9L zDS03oNFf3kzEEf56IoXbkXniLgpNw6Uas2dDb7AB37ammqnQwgP4X49 -----END CERTIFICATE----- -Subject: /C=US/O=U.S. Government/OU=FPKI/CN=Federal Bridge CA G4 -Issuer: /C=US/O=U.S. Government/OU=FPKI/CN=Federal Common Policy CA G2 ------BEGIN CERTIFICATE----- -MIIHNDCCBRygAwIBAgIUI0IAvqptraZY9TtAP0GClSkMroIwDQYJKoZIhvcNAQEM -BQAwXDELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDENMAsG -A1UECxMERlBLSTEkMCIGA1UEAxMbRmVkZXJhbCBDb21tb24gUG9saWN5IENBIEcy -MB4XDTIwMTAxNTE1NTI0NloXDTI5MTIwNjE2NTI0NlowVTELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDENMAsGA1UECxMERlBLSTEdMBsGA1UE -AxMURmVkZXJhbCBCcmlkZ2UgQ0EgRzQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw -ggEKAoIBAQDlJxRYAIEBQGhhiUzNMWWrVUSvyQ4Lc+6ltq+L6l+023wOsa+VFdcz -CUJQHT9v75gUXQ+RQpFOzvp8xp6jz7rGtSj9avrPw3n9c2nhkg8sHQhYyfkzMrXM -qxh3QwELhMGwZHUQZMZWr8Vr0Vwx8DddhGxyQwpyv7GusjVwJ79qEduI38fl6hxa -ju8LrfN8oBFeDhWpAM6Dip0vY60TK2ymVoRvI8zy3Gy4fjOlSbnjwNpf0knOyKXY -xYCdmUmIbeVZffIK+pNxidx96khD6F/q5w/7QnI50srpKGURzhkJgGggb2SfA7dy -YVNptvl01B7dww3f02vrUol1VUwn+37fAgMBAAGjggLzMIIC7zAdBgNVHQ4EFgQU -efAASet/d8JdQQJlNIqQI5seB28wHwYDVR0jBBgwFoAU9CdcqcN8R/T6pqewWZeq -3TUmF+MwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgfkGA1UdIASB -8TCB7jAMBgpghkgBZQMCAQMBMAwGCmCGSAFlAwIBAwIwDAYKYIZIAWUDAgEDDjAM -BgpghkgBZQMCAQMPMAwGCmCGSAFlAwIBAxIwDAYKYIZIAWUDAgEDEzAMBgpghkgB -ZQMCAQMUMAwGCmCGSAFlAwIBAwYwDAYKYIZIAWUDAgEDBzAMBgpghkgBZQMCAQMI -MAwGCmCGSAFlAwIBAyQwDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMQMAwGCmCG -SAFlAwIBAxEwDAYKYIZIAWUDAgEDJzAMBgpghkgBZQMCAQMoMAwGCmCGSAFlAwIB -AykwgY0GA1UdIQSBhTCBgjAYBgpghkgBZQMCAQMGBgpghkgBZQMCAQMDMBgGCmCG -SAFlAwIBAwcGCmCGSAFlAwIBAwwwGAYKYIZIAWUDAgEDEAYKYIZIAWUDAgEDBDAY -BgpghkgBZQMCAQMIBgpghkgBZQMCAQMlMBgGCmCGSAFlAwIBAyQGCmCGSAFlAwIB -AyYwUQYIKwYBBQUHAQsERTBDMEEGCCsGAQUFBzAFhjVodHRwOi8vcmVwby5mcGtp -Lmdvdi9icmlkZ2UvY2FDZXJ0c0lzc3VlZEJ5ZmJjYWc0LnA3YzASBgNVHSQBAf8E -CDAGgAEAgQECMA0GA1UdNgEB/wQDAgEAMFEGCCsGAQUFBwEBBEUwQzBBBggrBgEF -BQcwAoY1aHR0cDovL3JlcG8uZnBraS5nb3YvZmNwY2EvY2FDZXJ0c0lzc3VlZFRv -ZmNwY2FnMi5wN2MwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL3JlcG8uZnBraS5n -b3YvZmNwY2EvZmNwY2FnMi5jcmwwDQYJKoZIhvcNAQEMBQADggIBABqJXcmGT7KQ -FbGtDn1t2sSlzjk7uneiOkIhtBECXHm0tCAdgbhfaFpaKP6tRwVMgurJRxRFo+Ei -LtJOSx8VvBLMlrNznKP5NIPIHi1LQbJyigx4Vku+XND41XYFgr4Tid6oDAfrKR/5 -IDhcuK4wQ7ygAw8gXfCqp0Xh6M1hJyJv5UgecKxXh2mt6SY5ymJWfQHwCOBjDfQa -WV6DRgJKtWtyB3KDGPOo3Ri8sxnVD3whUMiCp4g4iiKAlWafsRMSxrT5QA+nMA5s -D/i+YyYO6oUOfLzLGai6EVXHG2oDeUD+Z15h88K0O3hQqzlWI/6hyZqVDB63NPVm -AYDyDcvAIFcaVKcjh/7v26D6d0YqA6mD0GaKKMBHuEvdasZ1nSUm0mj37U97mTL4 -UQoRy2pCw20EidhxP81obO5wCw9ZNWh96/pGQ4Bof/jiSmIP75ZulsvtVbVE3aFm -0ejfwNahXtwEgMAsxlv1KvXN0Cj8f6QgYojJuavgpXdUSQmqN3iZj+cpmPuGC9EZ -pjk3DSnKqqgZdGNgAba7DsDGWQ5ZTqAVKvuQSPeL/wGpghuX75cNkPKG9XnCxAI5 -9sOJp+xyuKHSr/YQ+/H0Im2Oq9YWIbwV5b4vfdihUbA9Y4n2EyDCrkcypREh1zbj -ESKiXDB4NvDPciGH+u3lXW8kKBMYV2t8 ------END CERTIFICATE----- Subject: /DC=sbu/DC=state/CN=Configuration/CN=Services/CN=Public Key Services/CN=AIA/CN=U.S. Department of State AD Root CA Issuer: /DC=sbu/DC=state/CN=Configuration/CN=Services/CN=Public Key Services/CN=AIA/CN=U.S. Department of State AD Root CA -----BEGIN CERTIFICATE----- @@ -4232,49 +4224,6 @@ Fiw7W6mV82lJnysChQkKqNVzzXB3b+9lhNHsZKJJ4Rh4cjA7/t8KcCu8vrZJw57t 6SnukBX3949BynMFFUH1UVMgi0/QOBWAoL76Kd9dfuXD1OnOchysB4agvveJ2nF5 ppanUX30 -----END CERTIFICATE----- -Subject: /C=US/O=IdenTrust/OU=IdenTrust Global Common/CN=IGC CA 1 -Issuer: /C=US/O=IdenTrust/CN=IdenTrust Global Common Root CA 1 ------BEGIN CERTIFICATE----- -MIIHOzCCBSOgAwIBAgIQQAFfogGydKNMgHydFcQtITANBgkqhkiG9w0BAQsFADBN -MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVu -VHJ1c3QgR2xvYmFsIENvbW1vbiBSb290IENBIDEwHhcNMTcxMTA5MTgxOTAxWhcN -MjcxMTA3MTgxOTAxWjBWMQswCQYDVQQGEwJVUzESMBAGA1UECgwJSWRlblRydXN0 -MSAwHgYDVQQLDBdJZGVuVHJ1c3QgR2xvYmFsIENvbW1vbjERMA8GA1UEAwwISUdD -IENBIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+PjUxzWmD/upc -/DwguPonIC8WbR/FJZ8/uEGLbCya/aLewhSD4UHXyVjUnpWMjUGyVXlK18RfbHtN -Jo6FYqaFQN82VxU35orHEswMoBbo5aywtIjh18Go0AZxr3T+L+x+lsvsLLH+PlbN -z/W2kS77EO37AJHTjI21iNNHGLd5x0sANxKy/m9/t/zoZiiL8UPlpD4TAHSfOxqn -JQrRfgjbmTny7Dc5v0/zU/Cb8ZFjCGyrVvebddI9J6e8FqXkx9ksjUoYerdsNd4G -t5QIpd7fnKPeKvrwksm0XlFj9ptUwihPvIxcaBTCnOB8BfvCirgFBVZgCsrZYX7E -ILEhdDd3AgMBAAGjggMMMIIDCDASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB -/wQEAwIBhjB7BggrBgEFBQcBAQRvMG0wKQYIKwYBBQUHMAGGHWh0dHA6Ly9pZ2Mu -b2NzcC5pZGVudHJ1c3QuY29tMEAGCCsGAQUFBzAChjRodHRwOi8vdmFsaWRhdGlv -bi5pZGVudHJ1c3QuY29tL3Jvb3RzL2lnY3Jvb3RjYTEucDdjMB8GA1UdIwQYMBaA -FPj5iy9/kEOfj+aMLLVJuE+SixZ0MIIB3gYDVR0gBIIB1TCCAdEwDQYLYIZIAYb5 -LwBkAgEwDQYLYIZIAYb5LwBkAgIwDQYLYIZIAYb5LwBkAgMwDQYLYIZIAYb5LwBk -AgQwDQYLYIZIAYb5LwBkAgUwDQYLYIZIAYb5LwBkAgYwDQYLYIZIAYb5LwBkAgcw -DQYLYIZIAYb5LwBkAggwDQYLYIZIAYb5LwBkAwEwDQYLYIZIAYb5LwBkAwIwDQYL -YIZIAYb5LwBkAwMwDQYLYIZIAYb5LwBkAwQwDQYLYIZIAYb5LwBkAwUwDQYLYIZI -AYb5LwBkAwYwDQYLYIZIAYb5LwBkDgEwDQYLYIZIAYb5LwBkDgIwDQYLYIZIAYb5 -LwBkDAEwDQYLYIZIAYb5LwBkDAIwDQYLYIZIAYb5LwBkDAMwDQYLYIZIAYb5LwBk -DAQwDQYLYIZIAYb5LwBkDwEwDQYLYIZIAYb5LwBkDwIwDQYLYIZIAYb5LwBkDwMw -DQYLYIZIAYb5LwBkDwQwDQYLYIZIAYb5LwBkEgAwDQYLYIZIAYb5LwBkEgEwDQYL -YIZIAYb5LwBkEgIwDQYLYIZIAYb5LwBkEwEwDQYLYIZIAYb5LwBkFAEwDQYLYIZI -AYb5LwBkJQEwDQYLYIZIAYb5LwBkJgEwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDov -L3ZhbGlkYXRpb24uaWRlbnRydXN0LmNvbS9jcmwvaWdjcm9vdGNhMS5jcmwwHQYD -VR0OBBYEFAjlXYGueRQcvBigwQYC/x6qlLztMA0GCSqGSIb3DQEBCwUAA4ICAQAH -cbu3cVlaewD3mhydu2reXMPnMXIysZjgI9WQV+uvsJy9uk42eAsobNqdaFo+FJNf -9JyhNr0PBTb+n7E9tbd2yyhTPJyoALg3y2n1LvJ05WDNNPdTF79jtfblt/Q7Jthz -HVxLSpDxzCd3ugjCFqWvOCRpPmwguyY9LAZHf0BmhPnhH+H/MeyU+hAIGnDb9vu4 -ZAYoxnE8U1qg5j8878iMeUP2hldI1XoONWIGTXSY2Bn08m6pEqag+/x22nFHMmdx -NWwdvRFAw6skOoSFGj6B/p+N8g78ZK/VeVsOCXNU12fhbwU4Vz4B4Ot0SJIzzCN8 -865XMnZhkF8dNi80pCzdPDQUmtJjo0jRmSNCyaNQ4JyG3h/cCNvfZGYpBGWIePlW -wbrr90NhpD6kEWi5U5t/lFM+4ZLFJ0SPdB/E7Cjkq3LNn1uXWQCTu/qSn/RjWXuh -jr3RfROu3M0goUeX65g4WicpXF0NM+aOUefQUFuzcx7PAOR2uO6Ks2Q2z09QV4hq -nS5BXUkxOHfUD0rdSKmKIrIodaU4+1dkdTnXEnAAMVYawVW+vlr36noAtBnGOEZz -+9+RvcReHhEH5fWdowSGxm7dtLZ/naVDQdgHTkyjeTVru3SyfaHUH0Do/QaXwHvV -cQU6yDQaVUIyUiHcl/PJUKA5KpKujllZYMgPAUW//w== ------END CERTIFICATE----- Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-62 Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 -----BEGIN CERTIFICATE----- @@ -4807,6 +4756,47 @@ aNTZANvU3e/U+O7jo8+PrRpIzCqY72QLKxAHw9VknWmEzWjkkWBYltdzka9CPuM0 6rHkpFYOQic91Z59ExUlHmHb9+GYlyYBvJX5LnrDi+Ai6CvLqCLnmldOnm7rPyyf mzywCD7A3TRBcaiksPGLPQtIoRL4qpGNoI6/iwbmCf+ZJRsGCXVAwg== -----END CERTIFICATE----- +Subject: /DC=gov/DC=uspto/CN=Configuration/CN=Services/CN=Public Key Services/CN=AIA/CN=USPTO_INTR_CA1 +Issuer: /C=US/O=U.S. Government/OU=FPKI/CN=Federal Bridge CA G4 +-----BEGIN CERTIFICATE----- +MIIG2zCCBcOgAwIBAgIUF4oefEkZ1zCoDQiv0rj+pmvf8PYwDQYJKoZIhvcNAQEL +BQAwVTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDENMAsG +A1UECxMERlBLSTEdMBsGA1UEAxMURmVkZXJhbCBCcmlkZ2UgQ0EgRzQwHhcNMjIx +MTA5MTQ0NTU1WhcNMjUxMTA5MTQ0NTU1WjCBnDETMBEGCgmSJomT8ixkARkWA2dv +djEVMBMGCgmSJomT8ixkARkWBXVzcHRvMRYwFAYDVQQDEw1Db25maWd1cmF0aW9u +MREwDwYDVQQDEwhTZXJ2aWNlczEcMBoGA1UEAxMTUHVibGljIEtleSBTZXJ2aWNl +czEMMAoGA1UEAxMDQUlBMRcwFQYDVQQDFA5VU1BUT19JTlRSX0NBMTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBANV2rJoHW5W0anbgBM0m4kQqFZYtOl5q +lovpVS9r5KziQRDGBT9/C+gyOwR2ClCSRnh6Layh/uD3OfnVQtRttJ/fZBhM52hy +BTV9m1EmazHNNtLgUlpnYRRWK7RbiIrz5/uq82Z3X+uwBKPEIB9t5LT6aiaGRg55 +zjcirF8iWNJQH5oL7n24RBtA5zpYZsDXDcc5hd0A5bGCGG0EuZ47yOUQIPr5s5Ld +bHTEx5+jerNn0v6xZ8h4m0vqUo5GYV/Q/1V1b7zvqhfJgwWps9Y2sopdXAkIKj6l +32ry7AGrG6onBmkojI0bM/IsGzmisxEur8YYlJRqXO6ZlzATxe+ZjqkCAwEAAaOC +A1kwggNVMB0GA1UdDgQWBBSNR0rRXkXq7i9RWEchTxLrynqhXzAfBgNVHSMEGDAW +gBR58ABJ6393wl1BAmU0ipAjmx4HbzAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ +BAUwAwEB/zCBiAYDVR0gBIGAMH4wDAYKYIZIAWUDAgEDAjAMBgpghkgBZQMCAQMD +MAwGCmCGSAFlAwIBAwwwDAYKYIZIAWUDAgEDJTAMBgpghkgBZQMCAQMmMAwGCmCG +SAFlAwIBAw0wDAYKYIZIAWUDAgEDETAMBgpghkgBZQMCAQMnMAwGCmCGSAFlAwIB +AwgwgY0GA1UdIQSBhTCBgjAYBgpghkgBZQMCAQMCBgpghkgBZQMCAQIHMBgGCmCG +SAFlAwIBAwMGCmCGSAFlAwIBAggwGAYKYIZIAWUDAgEDDAYKYIZIAWUDAgECCTAY +BgpghkgBZQMCAQMlBgpghkgBZQMCAQILMBgGCmCGSAFlAwIBAyYGCmCGSAFlAwIB +AgwwTAYIKwYBBQUHAQsEQDA+MDwGCCsGAQUFBzAFhjBodHRwOi8vaXBraS51c3B0 +by5nb3YvSVBLSS9DZXJ0cy9JUEtJQ0FDZXJ0cy5wN2MwgdkGA1UdHgEB/wSBzjCB +y6CByDAwpC4wLDETMBEGCgmSJomT8ixkARkWA2dvdjEVMBMGCgmSJomT8ixkARkW +BXVzcHRvMDCkLjAsMRMwEQYKCZImiZPyLGQBGRYDZ292MRUwEwYKCZImiZPyLGQB +GRYFVVNQVE8wMKQuMCwxEzARBgoJkiaJk/IsZAEZFgNHT1YxFTATBgoJkiaJk/Is +ZAEZFgVVU1BUTzAwpC4wLDETMBEGCgmSJomT8ixkARkWA0dPVjEVMBMGCgmSJomT +8ixkARkWBXVzcHRvMBIGA1UdJAEB/wQIMAaAAQCBAQAwDQYDVR02AQH/BAMCAQAw +UQYIKwYBBQUHAQEERTBDMEEGCCsGAQUFBzAChjVodHRwOi8vcmVwby5mcGtpLmdv +di9icmlkZ2UvY2FDZXJ0c0lzc3VlZFRvZmJjYWc0LnA3YzA3BgNVHR8EMDAuMCyg +KqAohiZodHRwOi8vcmVwby5mcGtpLmdvdi9icmlkZ2UvZmJjYWc0LmNybDANBgkq +hkiG9w0BAQsFAAOCAQEAHaAwTjGPDU7ZF8XnYR30GeDivsU8SSdRsrtFN3d/utKX +bKNRQd9CIQIf8YWGh4ahNe+LPhF/lclj739gXfL+o1jV7jCIOQ5dhAC/LCQY1ybc +eZ1+2oMcnZajLao8LYh8wE2e8uH5Nj9Pe3a2rr3fXbty5BahCwYEczGBCWIK8YWi +WG5ip/OWETl0Otdy7hP0uN6QBWIk89xUPDXYRFpfS9RDN2hPxmnxLeMY45yMrZVO +yNHsrX+iH7ovDd8rjLHI0DmuY233fP+L6EWTYDqYN/3zeI/PVZUo1BeQ5ug3/W1X +k4slu5Vhcxmo9tAqRekXOiyudrx84HMWXWAn5Sc8oQ== +-----END CERTIFICATE----- Subject: /C=US/O=U.S. Government/OU=U.S. Nuclear Regulatory Commission/CN=NRC SSP Agency CA G3 Issuer: /C=US/O=Symantec Corporation/CN=Symantec SSP Intermediate CA - G4 -----BEGIN CERTIFICATE----- @@ -5301,55 +5291,6 @@ AjHO8CdE4oGsdTGUsJ63ippR7Bi8KVCJfteI5N9jM9T7UI7W6mVd8xqzM57ELpgj Uqb3ET0D/Z0GRKolWwdPO97u6iGr3B9ZwRdI7oNXeZ4QI1No3gsHp3yL3VJ85Vxj C1AMhdxFtgQHKP/1A0E= -----END CERTIFICATE----- -Subject: /C=US/O=IdenTrust/OU=IdenTrust Global Common/CN=IdenTrust SAFE-BioPharma CA 1 -Issuer: /C=US/O=SAFE Identity/OU=Certification Authorities/CN=SAFE Identity Bridge CA ------BEGIN CERTIFICATE----- -MIIIbDCCBlSgAwIBAgIQG6FgKejX7Se7UmgqGI/hwjANBgkqhkiG9w0BAQwFADBr -MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNU0FGRSBJZGVudGl0eTEiMCAGA1UECxMZ -Q2VydGlmaWNhdGlvbiBBdXRob3JpdGllczEgMB4GA1UEAxMXU0FGRSBJZGVudGl0 -eSBCcmlkZ2UgQ0EwHhcNMjExMDI4MDAwMDAwWhcNMjIxMDMxMjM1OTU5WjBrMQsw -CQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MSAwHgYDVQQLExdJZGVuVHJ1 -c3QgR2xvYmFsIENvbW1vbjEmMCQGA1UEAxMdSWRlblRydXN0IFNBRkUtQmlvUGhh -cm1hIENBIDEwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDHOwA/1648 -j9RoHQjXun713vwN7mwfSqafNKlZdqkhKFwaHfWUaP5+TAywwNYZQu+IXku14X32 -0iAhQxqL7vnAJ0Uo5t3xfFwgv2Uru24g2qslGZ+08dDe6dxoHgcuQ0GYZWxIkvAq -tVIcr80I0iZhI9pRXjc3MHRi5MtseoTQJp9B7MRDQGDRQSA2eiF33YbJ6fqVVOD6 -QarCoxA6tDTbMMpc/4EvEIi/lpyZIvZkqhQrfBZgJbjWstwVbwstSwrOM5lQWfTa -8FXG8h+Fsycz2zJY9DzITWEktV0cHIc8ouLHo4HIz2zGDjhAqcDEi7zzb7B3X1tN -j8DiyptSkUFjM0ivYXTuuOc6STBzk+qJ3BVMeZVZ4I6+MUf0+Omo7deXi8hgjVp5 -P7wqK3GpiRr9AvxP2fMFlDs2uCaMRZqtTHGmlcIhSHUciR8/UcoEI9wQis3zIxCz -U2nnuPXdHuNgAdna/GFxpiyLozF59Wkyk/3G4MBS3ifw0a+4lkDmhCkCAwEAAaOC -A4owggOGMB0GA1UdDgQWBBQMfkYIOWv/Lia7rkeT+X4qD65wKDASBgNVHRMBAf8E -CDAGAQH/AgEBMGsGA1UdIARkMGIwDAYKKwYBBAGBtH0BBDAMBgorBgEEAYG0fQES -MAwGCisGAQQBgbR9AQUwDAYKKwYBBAGBtH0BBjAMBgorBgEEAYG0fQEIMAwGCisG -AQQBgbR9ARswDAYKKwYBBAGBtH0BHDA6BgNVHR8EMzAxMC+gLaArhilodHRwOi8v -Y3JsLm1ha2VpZGVudGl0eXNhZmUuY29tL3NpYmNhLmNybDAOBgNVHQ8BAf8EBAMC -AQYwCgYDVR02BAMCAQAwEgYDVR0kAQH/BAgwBoABAIEBADCCAg4GA1UdIQSCAgUw -ggIBMBkGCisGAQQBgbR9AQQGC2CGSAGG+S8AZAIDMBkGCisGAQQBgbR9AQQGC2CG -SAGG+S8AZAIEMBkGCisGAQQBgbR9ARIGC2CGSAGG+S8AZAIFMBkGCisGAQQBgbR9 -ARIGC2CGSAGG+S8AZAIGMBkGCisGAQQBgbR9ARIGC2CGSAGG+S8AZAIIMBkGCisG -AQQBgbR9AQUGC2CGSAGG+S8AZAMBMBkGCisGAQQBgbR9AQUGC2CGSAGG+S8AZAMC -MBkGCisGAQQBgbR9AQUGC2CGSAGG+S8AZA4BMBkGCisGAQQBgbR9AQUGC2CGSAGG -+S8AZA4CMBkGCisGAQQBgbR9AQYGC2CGSAGG+S8AZAwBMBkGCisGAQQBgbR9AQYG -C2CGSAGG+S8AZAwCMBkGCisGAQQBgbR9AQYGC2CGSAGG+S8AZAwEMBkGCisGAQQB -gbR9AQYGC2CGSAGG+S8AZA8BMBkGCisGAQQBgbR9AQYGC2CGSAGG+S8AZA8CMBkG -CisGAQQBgbR9AQYGC2CGSAGG+S8AZA8EMBkGCisGAQQBgbR9AQgGC2CGSAGG+S8A -ZAMDMBkGCisGAQQBgbR9AQgGC2CGSAGG+S8AZAMEMBkGCisGAQQBgbR9ARsGC2CG -SAGG+S8AZCUBMBkGCisGAQQBgbR9ARwGC2CGSAGG+S8AZCYBMEUGCCsGAQUFBwEB -BDkwNzA1BggrBgEFBQcwAoYpaHR0cDovL2FpYS5tYWtlaWRlbnRpdHlzYWZlLmNv -bS9zaWJjYS5wN2MwHwYDVR0jBBgwFoAUmaQazdxvxqgIPq22lmx+1883pMkwDQYJ -KoZIhvcNAQEMBQADggIBAI7W6/+E22pGpkWhbsdsIkzHofF9LrS4CdjbHopgC7dh -2U1nitjRsXwqJSCn1kXjJ1dX+6vkJmpQdmVSOLkqLx2tLoj9x1x9C2biDHFJTPSe -jFHQLYlJV40pB3aqFeql/4WtlCX4MGNcAIa2lXloPVFyUp6OLE5WEC/BuxBKyRaB -X4aurWEFq8JG/m/62XuAspzd/rhu/yz8UGlChOXjOUkExFwsO4/l1DhqpyutkiPA -Y8AAwauKSY0QHUj5d0bfV7kY2HxV5zlFCQKCzyJ2smUAUb9a6ZLMCx62K20ghLPN -xz0baZX/S6x6aCDwUZyC7osKvd7CwgX1WjLS5U+FqBFY7tw1RLFwKeMP4aWlRZeL -EmJ1UHxoL0FTnXPoGlKstgqf6GVmwCG7wA32hIWGBn2eH7H9HHt/uBCMr4Lf7oeB -fD31NJNaFQo5JbDNy+s6j0wdlLWQCMtMID1MdB58asN0uSM/KSZ2SUd+8TuegSmJ -7qpc9+B8NZ9Hg2aOGhlf7eYPx6FOz51WPsON37aULx7I19f9sLLRUVeLmL6VAQVH -+rUX+PxJxXmUtu8nos6imbswMmo2wMpHMUGnAn44sREF13uCxzxZWbapYHLewD26 -fD6T16RGOqUE7kEDJRiTZrPu4zWotd8hg08YZqqbJwVEMPLLzzJwxL24pIAcHo49 ------END CERTIFICATE----- Subject: /DC=gov/DC=va/OU=Services/OU=PKI/CN=Veterans Affairs CA B3 Issuer: /C=US/O=Verizon/OU=SSP/CN=Verizon SSP CA A2 -----BEGIN CERTIFICATE----- diff --git a/config/cert_bundles/login_bundle.pem b/config/cert_bundles/login_bundle.pem index 15a0182f8..54bfc3ab9 100644 --- a/config/cert_bundles/login_bundle.pem +++ b/config/cert_bundles/login_bundle.pem @@ -291,35 +291,6 @@ zFrJ2ZIDfVzn1EG8qosPWN2vzBE633eBfm9VWobMR4Uxs7ZiFzJFRDy/ai5DGJ1j fxVglI8q1YD4UU0/yaeMVgaGwoCx9sb+q5XCXEn9MV2dbmVf4D+jVm12xYYd146M G6vK43wgw7eLa6LNYNCF1g== -----END CERTIFICATE----- -Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD SW CA-53 -Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 ------BEGIN CERTIFICATE----- -MIIEjzCCA3egAwIBAgICASswDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL -EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM1MDM1WhcN -MjIxMTIzMTM1MDM1WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl -cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E -IFNXIENBLTUzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwTewS9iv -ChYtMvNBYEOjVcVqr+3VOAEgyjt7ieJUVPrFDgtL9Sz+eXX+uBXkJwYjS0gtex6L -RuNtdcLkukoJu34ZxnfUwc8rgTwNV8VtIyI2GJq/u/FjGwK8fHkzslOzwF8KoA6N -NTYvKy9XohBDrrYGpRq/RuDttVfiJ4Yvcii5J6+uZTvT9035EksqjV7A+sJkFVqI -3MZ83kN9O0ZJf4dEj4h4DKqQYHTRrpy/BL4pTGxmSpnQHne63ToqsoZntTYCYhB5 -6izOakbsUTYVauwYqlNVf0j20IwcZibztp7wqV2NgGzA81LndhYLQh+8KsDabTSV -sZMvLHfEAeLdhwIDAQABo4IBXDCCAVgwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW -qvLczmbuRcAwHQYDVR0OBBYEFFHEizOZlMB+uzYd4+I6Bb0ydJ1TMA4GA1UdDwEB -/wQEAwIBhjA9BgNVHSAENjA0MAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ -YIZIAWUCAQsqMAsGCWCGSAFlAgELOzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1Ud -JAQFMAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9j -cmwvRE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5o -dHRwOi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAG -CCsGAQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOC -AQEACZtxX9lr6sye0RUSOLYzLCU4jVDNSQgz3qq8Kk7dJ97GdsuBzACcCIwFDpNd -tjMtD+mwNjgfeRY5ovyMEH3ZzVhIqGpQo4WLeE+bjy3fNcU3rsb2SHNaEpRddWQ3 -jnOc3jlyg/sHaR6Jg4JfQ1G9za46AReVa1nJLHjt/BO5m/3D4iJmpJvq2Qp6N4eF -a2VL6s8uAZKnLCocjZU2B3wYZMyaSgppaE4TOe/Hc5HJw245/cFLUL8I02iYfv9E -KQDuTGqNzGrBuKp9LMpRrBWb0boFrZaONcVXjtCqi05fo1Fd/JhuvfraTpgxmVXi -1OvgVGwq5lsxW2pbjSpBFebaRw== ------END CERTIFICATE----- Subject: /C=US/O=U.S. Government/OU=U.S. Department of Transportation/CN=U.S. Department of Transportation Device CA G5 Issuer: /C=US/O=DigiCert, Inc./CN=DigiCert Federal SSP Intermediate CA - G5 -----BEGIN CERTIFICATE----- @@ -420,35 +391,6 @@ BTZMdZmvoNtjemqmgcBXHsf0ctVm0m6tH5uYqyVxu8tfyUis6Cf303PHj+spWP1k gc5PYnVF0ot7qAmNFENIpbKg3BdusBkF9rGxLaDSUBvSc7+s9iQz9d/iRuAebrYu +eqUlJ2lsjS1U8qyPmlH+spfPNbAEQEsuP32Aw== -----END CERTIFICATE----- -Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD SW CA-54 -Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 ------BEGIN CERTIFICATE----- -MIIEjzCCA3egAwIBAgICASwwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL -EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM1MTI4WhcN -MjIxMTIzMTM1MTI4WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl -cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E -IFNXIENBLTU0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq0wnaj/j -ZzXRnZnNDN5rMZW7OmPPcrG+8IQW6oHretQqvj/HCnAyX3sl5TvT6bLCG4UfLBAx -4VRCvpsVW9fME/43E+N8pyUDjlhYe8BHO9e0RfbVjMgDh6tLagvjN3MfThg8E94C -6TRisdifkP6WonplO1sbv8YD49GjmBWLs8KtU3xzw/StQrwNfymY8aW4lXJQa/Ca -+FXzz/tRh7Mclrlz6QCzgdHAliWK4s5tsXDxeZls2/tvTaZQCVCiyccDdc//lYzL -UIwg3lnPcoV6CPhhw+QW4q42Y4oSu48Z9g/fAvqhrK1U0S9mHl1vWLDTHI3hkwmd -T/O2WgKh8nvx8wIDAQABo4IBXDCCAVgwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW -qvLczmbuRcAwHQYDVR0OBBYEFLC3KL8sBImKdCavqhOMAhBVgXmxMA4GA1UdDwEB -/wQEAwIBhjA9BgNVHSAENjA0MAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ -YIZIAWUCAQsqMAsGCWCGSAFlAgELOzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1Ud -JAQFMAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9j -cmwvRE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5o -dHRwOi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAG -CCsGAQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOC -AQEAZF047yS8bq8lkMpoxFrJjmbdD1TNpjnWRmImQ32uPwNkrDbspNJ4GdqAh3N6 -ueIMcPUSmrIEs9GRZGJzOeTQ6tcQKCyWy+npsI1DQ/k5Xz0H375Bw17gnq2Bpjdy -s8zeg8I+2lDOjSNr7RgVWWB+2sVWXdvILx4Wkh6vX57uEud046HBmc4NeDiHAer8 -NIac5A7e379NRyuusNGXkAm3g7GsE/Y7MrFsKKsMlHb+gFXVgD0DBhtF22YqmA/R -QvTz7Ij1AD++Gv5I4IIzJFMryN6ED6XduWcTtk9Cnf0uY0z+VY8RFw9nOkECFc2b -BA8L2LlruBOzMWbFy4kH7G/hrA== ------END CERTIFICATE----- Subject: /C=US/O=U.S. Government/OU=Department of the Treasury/OU=Certification Authorities/OU=US Treasury Root CA Issuer: /C=US/O=U.S. Government/OU=Department of the Treasury/OU=Certification Authorities/OU=US Treasury Root CA -----BEGIN CERTIFICATE----- @@ -1001,36 +943,6 @@ x0dvpCIInDyfIib9dcE0cdGVlEpeAEMQFjpUbmCNpTlKUtSroY8CfZCOmi+Rp/fT O1Le2QJvSK0J9dS21rwV6SCtf+en2Razi0/S44tzOFa4fRdJLHTYPutu69p6+YMh Sul++7G14BLwhmWa2iRcjw+AlQ== -----END CERTIFICATE----- -Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-50 -Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 ------BEGIN CERTIFICATE----- -MIIEuTCCA6GgAwIBAgICASgwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL -EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0ODQ3WhcN -MjIxMTIzMTM0ODQ3WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl -cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E -IElEIENBLTUwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy1ncM1bN -JJHiu1Bh5jQ8r+Y1L2pvw+6YDLGE71z5gquBqisOC6XLKffKdBSF2U55vvp0m5J8 -WdF5DSfyfdAJ7S1HlzFYVW+0KjGLELKV5tWZh/aXu8V85ZaaYkvJeeEU5cIYWLKK -RAr1iygwnslhy1Kb7xhYV7gLYc29Wm1EgZiJ2Xm9M11FIauo40EXmQFniz4FLE/S -4JB1lbYiP1jGa4zJrdnec1k65tZk/K4hdi2diS+9mEUz3PWrzNqjrHKxFocnh9qS -NGqJfyfXxXgKTrZw2UG83IxHKvIpMPodX4SYUwRm5HRbrG6c1Fx12NC2go16w3dD -ilH+aUduTNpmFQIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW -qvLczmbuRcAwHQYDVR0OBBYEFDYuUt50qp7sux+T0b62ULXGaQv5MA4GA1UdDwEB -/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ -YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB -AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA -AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E -Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v -Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF -BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEAbAli -o7+gWX5YytmPMD9ic+aX2s0NaSdSauFYmb6khtN0CCocIqTI/TyfRJTjhI6wRNoa -ckcjVa5H3EOp4vOrtLN4TxbhNqdE+IHafWE4/btDstI5PrA2hlFZb1zvM5EQC8u0 -BZQ/DqyShOjypvxldvol6UGjys7wecPxt3cBJC7uroY+nqfxHnOIxRFoJGdC7pSm -f90/uDcX87oCbK/FrzJBO+/V2lGHiByC7ahcP59a4Xd69lHSMtRWquclAyBEy1Mx -p7Bx/v5kCpv14JE6SBlYEwhFrTt4aT49FQEQ9aJFKRv7j20sS/6wxPzGx24HE0Gb -XwusK9jo5skGLLUC3g== ------END CERTIFICATE----- Subject: /C=US/O=U.S. Government/OU=Department of Energy/OU=Certification Authorities/CN=DOE SSP CA Issuer: /C=US/O=Entrust/OU=Certification Authorities/OU=Entrust Managed Services Root CA -----BEGIN CERTIFICATE----- @@ -1276,36 +1188,6 @@ FELs8KtqM6X5uLKGPUhjGOeLBijzYxF+nd1GM9kRiyw5v7j06jrVTuIVwcSQPcsX pHNtbzW/Tx2dRfHn0w8WkSQdDvwSTuo1pWOYBo6yJhRwSm3/4rmawxlp3p8lXuiB SlUDxA== -----END CERTIFICATE----- -Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-49 -Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 ------BEGIN CERTIFICATE----- -MIIEuTCCA6GgAwIBAgICAScwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL -EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0ODE1WhcN -MjIxMTIzMTM0ODE1WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl -cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E -IElEIENBLTQ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2EngKIwP -Cl9+dsIByO2uONNLKhpnFypBAE+LM8+kekt4/HG6StaU/fmqFTRiVI0Uh+td9BWe -8NXOYrhQRo6FVSxBkLtWZX8Px2IHxiqQ1lnrZK9UlCo8h3MPpiN8VEjH2bP/WSa0 -oZEWzEDKLB5tSKerddc+QL2uEHb+Gfym6i+5qPOLXjV00FY24FdNOyHaRjQTM/Lf -sjWoFItHTKp5B9QogdKnyg+WkAARYtbd1nqtDXv6Fph5HaT39SEnRhc+lkrRDpDY -c+HAU6Xywik+stgv2yFk1MhFpF5/rndEwMLIST0+lSpahJKGmYtg1VKcnDcq5CER -C31gl6Yr7ffjAwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW -qvLczmbuRcAwHQYDVR0OBBYEFNhnk8pG3MmVppSzBBicziU6lhxNMA4GA1UdDwEB -/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ -YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB -AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA -AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E -Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v -Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF -BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEATmfP -QPkolF5PB0fS/9DrngX0tmdSwlidBtrkY6vL/V7IMKqJk7r+hHW6k9+nxijHFj6Y -J1+4ElpH/PwWPsqwVIshQxECvJKfo3OfN3a8Mn6Hog5kXJl5dMb0vJOpWQ9UhmG2 -m9UUZ9847wSlbW0vMHL0puuTso0365vilPO5JkapEXcFXdc3LDxXW8BR5NHyaN3V -mvfD/qAqe4BiBx2+WAxsolTJQ5IMjG5tIN7WE6VJdUAm6EIgbuFfvG1KiWQJLHkL -XdTvwdUTqX9JQYswfvoCwvHRh+I2mZX+/iH5HKLcaxqW8b9JnHCtfMSBZqLdI3nG -IBw48tRul8lbrg0mJw== ------END CERTIFICATE----- Subject: /C=US/O=U.S. Government/OU=U.S. Department of Education/CN=U.S. Department of Education Agency CA - G5 Issuer: /C=US/O=DigiCert, Inc./CN=DigiCert Federal SSP Intermediate CA - G5 -----BEGIN CERTIFICATE----- @@ -1373,36 +1255,6 @@ U8jc2aPDIK5KTCtzh2tfEG6dkjykPosx5ZwNjcZ8IkTFoIh7hsLxniu8kHhOd2k0 6nM+ctNiBdl2nCQ7GpDSJaL+1MJsXkVjav8ZCBRL9CXwAZSodu2RpkSuNSwrmLmw V0lxFBzM+0lGoM8FlV31siMrQBoi0pjDgSjkkJFMFA== -----END CERTIFICATE----- -Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-52 -Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 ------BEGIN CERTIFICATE----- -MIIEvDCCA6SgAwIBAgICASYwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL -EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0NzI4WhcN -MjIxMTIzMTM0NzI4WjBdMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl -cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEYMBYGA1UEAwwPRE9E -IEVNQUlMIENBLTUyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw4pb -qFZ5LPm9gcWT24lCj8yLQHYdzntTWgMqPVyveG88rA+bXiAWO6zWUsjPlYQHfxiN -qTZemKgK8OUkVQA4oiQ59EzcNiRsZp1hy7nvDpFcW/0WJzHY5M84ThI57zRH20Ac -iNw1DB7XmR5yJFKTFusipWgsqwWRTtpJlLGJXhTHyG6aNxP6HEXbTLAM4x/0LM9Z -Q2yYihUufgtJYGeLapNb1pPLsPVchhJOQjLFyp3Kx9W1xfjUFftE9FQAwCBJHyC7 -tFMk6DlITy4s7ptst1nNbPYdzGmiix/P7+I702Yn8H3YbmhFD3d+fkhCXqsjio0y -0wWFDaa6vmm3RqF1GQIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHId -gXoWqvLczmbuRcAwHQYDVR0OBBYEFOlmDFyb4lpKsgM2NP18yab4qwc5MA4GA1Ud -DwEB/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycw -CwYJYIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFl -AwIBAxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQF -MAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwv -RE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRw -Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsG -AQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEA -dYEfuTkBoJLwzyIZ/lrxB3ECCes2zWMLe1RsRrQ3QUhkeLcqxxwG1z+UbbmWkrSS -JS0Q1XeLRiT7P1x+ycs1Gvoy5V4CFOryb5eNaDpOclJdXOiRjOGvS0wSeSLGnT/d -lRPrQZcoEm+DFvtSMasu/zR8DnaepKpWLvyFXwvoimvsQVvz4tOS2o4u400KLPBo -MQbTwpDmk39wxf4Aq4m8hznf2BhAy20YH6jY08gXg0pNDVh4CZIxyF2gmE0TDXPv -sx77lxYKW3Bx0ZxHIcfBKifjSiTrGlLeEP9LfEQdpCjJqhG/3BFy6flzwJDEHqHH -swhN9DCJn+3xTeq25PUXPg== ------END CERTIFICATE----- Subject: /C=US/O=U.S. Government/OU=Department of Veterans Affairs/OU=Certification Authorities/OU=Department of Veterans Affairs CA Issuer: /C=US/O=U.S. Government/OU=Department of the Treasury/OU=Certification Authorities/OU=US Treasury Root CA -----BEGIN CERTIFICATE----- @@ -1554,36 +1406,6 @@ Tlyy7D2vD4jtU5pzzLIcZfjdL9xydeb00ElrEcEUG3dsS9YBod8hfIz84s7UffaL 6Igr+uBfalHjzhjOdBtVitlpSW2gkj535BjwMO5yGtfz2j8za4+pHPhSsp6EErWz UH9cx4yPX6UoeQn16s8X2RNER/JZ5t+otYRevg== -----END CERTIFICATE----- -Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-52 -Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 ------BEGIN CERTIFICATE----- -MIIEuTCCA6GgAwIBAgICASowDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL -EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0OTU3WhcN -MjIxMTIzMTM0OTU3WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl -cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E -IElEIENBLTUyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAltzcMp2O -02t+fwd7rTlugoKqYF8eo/3M+JVdppPAHTiJVaVt0JSeM4xyZsKNoPBoFW/yshnx -lRv/LyNx0VBbn+4mJ7Ea1U4FBPxCSZ68VYqKdV64UMhndawVBJM3Oy8Y3ZxPldTD -f9ApCg4dZXSEiSnShO8YuphrNbYAd6YrdUn1IhDAhw90VTU3GMLru4vx60vFHscW -eZHpHfET8AsClbAyqu65bsa1+o0XvGLQy2GTMzEVaR1NhYVWKRSwgqW57gbE8pV+ -63WYNwi8XIr/2TaJ5GvgBVCbgJWAwsSfFTz21ZqOou0d5xYu79iIIue5DEoRW1bm -qserHNG7gsMvHwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW -qvLczmbuRcAwHQYDVR0OBBYEFJroUayRVNeUmgRI+iJ5/8bV7oYrMA4GA1UdDwEB -/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ -YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB -AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA -AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E -Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v -Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF -BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEAkxvd -sbOh2zGZCsj3nu9fHEMClJVtK4kJzPJZPi44gdSn+U8X5lbtT0kxsRrqCAZntlgQ -mp+DxnQClr35fjao3wF79nQaIOP2789a9VWZgyJfPrV2KLsxAH4/oOd2ZYdUtHfC -lbfZwbpxFulBqPWxysKQOx3XC/3LszCR0YFqbV/c5hBRB1A4sWBlF8KRGQyKdAyc -K7PrLcSMnLq04ugd5MfYWuJjJx/USNNWlil/LzqyCFzxPp4nGBB8y8s2LcZyvofh -HIBN9qxl3+EXcJyeyqyNiVZcgJi+DLSmBCckb2J6lN9tbGWV02WK+8OiAiZ31CfJ -/sezZ58EZayGYS031Q== ------END CERTIFICATE----- Subject: /C=GB/O=Exostar UK Limited/CN=Exostar Digital Certificate Service Signing CA 1 Issuer: /C=US/O=Exostar LLC/OU=Certification Authorities/CN=Exostar Federated Identity Service Root CA 2 -----BEGIN CERTIFICATE----- @@ -1614,36 +1436,6 @@ ZmXvNKKeBi/JmMdMP11csWCCN66ISagssDkTfvWjb7zyfU7UtLOM40jbYgqeT5NV I+mASpi8tL7F7wVU7fpKammnKaKEirRz9W0yrd7UqtsJx4Tstv41OaS184IheHrt uKsGw9eQRzgNSJJmQQT3lMyc6CXT -----END CERTIFICATE----- -Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-49 -Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 ------BEGIN CERTIFICATE----- -MIIEvDCCA6SgAwIBAgICASMwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL -EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0MzE0WhcN -MjIxMTIzMTM0MzE0WjBdMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl -cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEYMBYGA1UEAwwPRE9E -IEVNQUlMIENBLTQ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAus23 -xtOAbfLxPh+OS8U3N/c7ZsnTNZGki6KjnEg4EVHnUKwBB1pWLeQbZTVp01dHWlxR -KyvANnk+8ozM8tucowx0q6fo5J/YteD9qHFAoWjJQpRB6Hvn2vvHvUbu7iAY5Pel -0B6A0NN/lKW26tTlim6NkV1MuCcvpCGrwH0f2TOCzkDf7IPqQDvLWOjPQP9nmNMG -nS+qCvF5F0iGFXTH1NDeI8EPvKMBQE+LgJ4PAF8eFdDo0mDE6iLfPAIXBzfYUdFk -MS3eVpJOWPzOEYeRLcWQkORvczfxN0obxSH3TGoBLB3ubELOoiqgsTF7rLKE1Kyz -Wrao15uoYf29O9jatQIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHId -gXoWqvLczmbuRcAwHQYDVR0OBBYEFGlEHxqVTqUaf4g6zHsSOSwfzxoxMA4GA1Ud -DwEB/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycw -CwYJYIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFl -AwIBAxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQF -MAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwv -RE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRw -Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsG -AQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEA -XDNkaD2Gwe4ZoWklwvAvveoOYK5s8fJbjZOjI2V1tZjIP5edw8YSvLDGTqsaDlao -28hCVhoOU0+V234p0CAGKNKID6WCR46s7uAALaaWfd4aHDzf20qYsnMrl0eKCv6F -sUtKBkIYJBjxpoaIpudRCnSmQkxweKzCGCtjWCT2MGSJro2Q0eQWTDxnJX9/v8z7 -dZ8ddZO1zgoU1xnAx9LxdrVl6H2VcB17z6t2d5TqSLM/OnuSHT7LWqYbVJERf38D -U0WSQ7VOp2x1SkInJqpewvi+0rl/yh97UoDZuS/GUkVIMFbpJkbcadiEGBINErRl -R5vQZDesBpGqUxNYuIIJbA== ------END CERTIFICATE----- Subject: /C=US/O=Entrust/OU=Certification Authorities/OU=Entrust Managed Services Root CA Issuer: /C=US/O=Entrust/OU=Certification Authorities/OU=Entrust Managed Services Root CA -----BEGIN CERTIFICATE----- @@ -2293,66 +2085,6 @@ ENHMsB3X0MJDxV8JmqT3sJ0eLGFf/4iEEZCuj5Bwk3byddnJimxXdk54Txd+vCg1 +yRLzU6xwep+SiFmZMd7kjSq3jX3Y4I2xiLpymIgX4qw28fXjA2Yq7JCb0lNTHvZ orq3DN/saJE3L1yiArkPGug8NQWXyFhIcEP+ -----END CERTIFICATE----- -Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-50 -Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 ------BEGIN CERTIFICATE----- -MIIEvDCCA6SgAwIBAgICASQwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL -EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0NTAwWhcN -MjIxMTIzMTM0NTAwWjBdMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl -cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEYMBYGA1UEAwwPRE9E -IEVNQUlMIENBLTUwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAorU5 -fwMKXKwK4SrttozvWb8Zx9g+7pGrzD+cbaZbISrTvNTi9MhDYASMo23nzG/ShHQM -c0qCc10AVUqpAfwRhm9FbphD3r30SWKQsrKeObBW63iMeB6gfhg/+zScvkJxlqj6 -x5cHglMCFQfdqjgmjtcuWIGr7cDf1WQJLGfCz6ilKH/H2no0a3AyoFEAglrUyhC5 -n0IVsmyrWY4Hy9A/0xe84hl+68cJfB4VD+8A+YrUqEgspiqzocvzcuN/GNdeD9Lw -XPqylqnF8SN0HYoHmjbimscIn86wCxARO0siWZ7hStrcbkb+cgFoY5aScdldUkni -YI2cmRy0C5jv+wAfXwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHId -gXoWqvLczmbuRcAwHQYDVR0OBBYEFGUKe10mGzDKLdz81nPHHsF/BIzIMA4GA1Ud -DwEB/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycw -CwYJYIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFl -AwIBAxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQF -MAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwv -RE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRw -Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsG -AQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEA -VnLKwRdYBaPnEONJnTpHoC4znIQMHBsEpQbR8P5j49IXtHRjCpl5PKRIwuAc+Ff3 -ixM3jv/G+LBi26G0ZNGZ4iI11rJ3TLxUqHT12/WXTuS91jePA/f3WIHkGBEFeRs+ -wiROXSAveyMAt1ThK9Bil7BYlLmpgfci7eiKHC6OlA7VZo4OrS03VZTlaaBaU5Te -+tX8XYQ7Kllh9LreXZ2Cks14oNBlS4vzOcZOpw1bamaEbIA13IsGyY/kF7LqSPW2 -b7Jy628ObLeU3a+0lm+nIkjH25FDvtfxD9+2qQHEpRaRclskwIGTmA/Tg/YrrS2Z -am9RD+6E/tsgIIlQE09NEA== ------END CERTIFICATE----- -Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-51 -Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 ------BEGIN CERTIFICATE----- -MIIEvDCCA6SgAwIBAgICASUwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL -EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0NjQ5WhcN -MjIxMTIzMTM0NjQ5WjBdMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl -cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEYMBYGA1UEAwwPRE9E -IEVNQUlMIENBLTUxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnw7P -Taj5UGSMi8whxGpPsoChGMjVQRk1Fzp9J/mPjx/oXc2MwMahK3xpE3YB86q/SeH1 -Cv5hc9Pa99HtSF/RaHAo3frFoPnRNoPDLj6ihPGmEWwMKywUgOCnTQcGSlNqR0es -tYrMTxti9bKE3uc0hgWibZYlukiGYg0UygYPS4+afMtzaBljiUWeQFrmCaEgeG3B -UvX/zgNdSqtG9KX1LjqtNZB91hIDrRUNohX5xSLxPMpojC5d391u/0GfAEXeKyAy -bPN8BdVjqJ7FlyueVKUgIAB/t/k6NO3lKEiC+QsrhrwaFI3Yme9JfRsZU8/Yhv0L -wKeJhoz3552oT0e4PwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHId -gXoWqvLczmbuRcAwHQYDVR0OBBYEFDXvECJsuhIPvcJNGeTOfY8FV1w0MA4GA1Ud -DwEB/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycw -CwYJYIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFl -AwIBAxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQF -MAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwv -RE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRw -Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsG -AQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEA -Y2UKHMi98mslNJ9qUBT8ZNGKim+nYkfLfBgdP136smJYYDcwUOXwHt3b1aOy4sXI -0BkNNS6tO5fdvZ7W4/zYFouIVnImaa8hjDiJNoAi5dYKDxkB8iOWYlAP8TZwpKNy -sbGh4EQHWWQ8wDuFcdA5/9ElnxpQ/JJzSgUOHhtGm8vrEQmmJKW0FvbGXhGydHx2 -I5GtDvGHqlpF8GFIAA5HNAaw1s5De2StEYCTS/y95naqZafCxYG62cGbHir8dp0U -KQOUQt88tTh0TAqzcLKz1OJIoIkbfpzV6XiXuL0VSob+W0peZeqTVq+w7nWP1cNr -44ligwwVjeF04L3sZKA54w== ------END CERTIFICATE----- Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-62 Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 -----BEGIN CERTIFICATE----- @@ -2901,36 +2633,6 @@ K+Lz8WhxNEXJHA9vnS2lk5k/Tw5HM9xKYGgzBS3vD7TJ552mYga52pXdL+Jicgeo 45NO+AFwQrFDdo9bQMPQ/HfXkmaRazn+fCZRa/yvb1juMH94YytSl/yuCgxcBRfh Btk6EbqrFsx3nD13jLsLMdNorzV2L0TIxg== -----END CERTIFICATE----- -Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-51 -Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 ------BEGIN CERTIFICATE----- -MIIEuTCCA6GgAwIBAgICASkwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL -EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0OTI3WhcN -MjIxMTIzMTM0OTI3WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl -cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E -IElEIENBLTUxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjjtDs/iL -TIf25t9SGGMP49gCFIYXcEtvTtc/vh+Cghf7qVwiNvUYCaGMq5q7F/pgL5xsw6Bn -iCMau2bZtLfl5xnMk2VMl2GRwUayHQ/0lyteeKid6fa8sfnlyNLh8lvPuHqQFJZX -5vpfAC24NDQCrr8YIkkNRyxJihCpj8HHYuzTplDRIpMljahhAWCsQkUqlq/5Lite -XHYA/+EnT2hspkitSU+FUIWo0FKK95oo+i2uXX8x3cXWEUCXoR23Slk5NrGTwAsf -TUd16xWA1acvksunx8eK3uOVCV02Q0sldVN19NaGm8lpoBfbtiNz3lo/j1VT558q -35LmOYWI6KzSTwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW -qvLczmbuRcAwHQYDVR0OBBYEFJ2kwVzT+WZxSaiEIwO24a8pdy2uMA4GA1UdDwEB -/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ -YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB -AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA -AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E -Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v -Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF -BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEAigQ4 -aOduTUCpDvC0ue0B0GV49B0aek8HXWKc10bPb1iUCQL2DT4aIf0u+yQqrzVpTw/x -5mVPRn2Zi2iEV5A8PsN4dReF3lblQSrSVvKFw7cq66Z8ab2ijXjpAMTJCUIOir8w -KoOV03cnVcaW0VDTH+gOslXnm95kPqdfbxJMh06Q00XfvWfRjfnB9D8ZDXbytM5X -mkZRyuUvWY+DKyJUy1HAuardaFpgA5WowjeQm9sAvx72LzaS7zmv+hxOliGXYOn7 -gbJATcT+zt1Ffwa9M19FjoQDSzWihW8P5cFRt6xVEwZHeD8VG++jcQfAujwX0v7U -hFKu8gxm3wlNXOalzA== ------END CERTIFICATE----- Subject: /DC=com/DC=evincible/CN=Exostar Federated Identity Service Signing CA 3 Issuer: /C=US/O=Exostar LLC/OU=Certification Authorities/CN=Exostar Federated Identity Service Root CA 2 -----BEGIN CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-49.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-49.pem deleted file mode 100644 index badcb806d..000000000 --- a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-49.pem +++ /dev/null @@ -1,30 +0,0 @@ -Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-49 -Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 ------BEGIN CERTIFICATE----- -MIIEvDCCA6SgAwIBAgICASMwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL -EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0MzE0WhcN -MjIxMTIzMTM0MzE0WjBdMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl -cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEYMBYGA1UEAwwPRE9E -IEVNQUlMIENBLTQ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAus23 -xtOAbfLxPh+OS8U3N/c7ZsnTNZGki6KjnEg4EVHnUKwBB1pWLeQbZTVp01dHWlxR -KyvANnk+8ozM8tucowx0q6fo5J/YteD9qHFAoWjJQpRB6Hvn2vvHvUbu7iAY5Pel -0B6A0NN/lKW26tTlim6NkV1MuCcvpCGrwH0f2TOCzkDf7IPqQDvLWOjPQP9nmNMG -nS+qCvF5F0iGFXTH1NDeI8EPvKMBQE+LgJ4PAF8eFdDo0mDE6iLfPAIXBzfYUdFk -MS3eVpJOWPzOEYeRLcWQkORvczfxN0obxSH3TGoBLB3ubELOoiqgsTF7rLKE1Kyz -Wrao15uoYf29O9jatQIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHId -gXoWqvLczmbuRcAwHQYDVR0OBBYEFGlEHxqVTqUaf4g6zHsSOSwfzxoxMA4GA1Ud -DwEB/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycw -CwYJYIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFl -AwIBAxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQF -MAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwv -RE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRw -Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsG -AQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEA -XDNkaD2Gwe4ZoWklwvAvveoOYK5s8fJbjZOjI2V1tZjIP5edw8YSvLDGTqsaDlao -28hCVhoOU0+V234p0CAGKNKID6WCR46s7uAALaaWfd4aHDzf20qYsnMrl0eKCv6F -sUtKBkIYJBjxpoaIpudRCnSmQkxweKzCGCtjWCT2MGSJro2Q0eQWTDxnJX9/v8z7 -dZ8ddZO1zgoU1xnAx9LxdrVl6H2VcB17z6t2d5TqSLM/OnuSHT7LWqYbVJERf38D -U0WSQ7VOp2x1SkInJqpewvi+0rl/yh97UoDZuS/GUkVIMFbpJkbcadiEGBINErRl -R5vQZDesBpGqUxNYuIIJbA== ------END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-50.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-50.pem deleted file mode 100644 index ac55c5b9a..000000000 --- a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-50.pem +++ /dev/null @@ -1,30 +0,0 @@ -Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-50 -Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 ------BEGIN CERTIFICATE----- -MIIEvDCCA6SgAwIBAgICASQwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL -EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0NTAwWhcN -MjIxMTIzMTM0NTAwWjBdMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl -cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEYMBYGA1UEAwwPRE9E -IEVNQUlMIENBLTUwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAorU5 -fwMKXKwK4SrttozvWb8Zx9g+7pGrzD+cbaZbISrTvNTi9MhDYASMo23nzG/ShHQM -c0qCc10AVUqpAfwRhm9FbphD3r30SWKQsrKeObBW63iMeB6gfhg/+zScvkJxlqj6 -x5cHglMCFQfdqjgmjtcuWIGr7cDf1WQJLGfCz6ilKH/H2no0a3AyoFEAglrUyhC5 -n0IVsmyrWY4Hy9A/0xe84hl+68cJfB4VD+8A+YrUqEgspiqzocvzcuN/GNdeD9Lw -XPqylqnF8SN0HYoHmjbimscIn86wCxARO0siWZ7hStrcbkb+cgFoY5aScdldUkni -YI2cmRy0C5jv+wAfXwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHId -gXoWqvLczmbuRcAwHQYDVR0OBBYEFGUKe10mGzDKLdz81nPHHsF/BIzIMA4GA1Ud -DwEB/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycw -CwYJYIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFl -AwIBAxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQF -MAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwv -RE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRw -Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsG -AQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEA -VnLKwRdYBaPnEONJnTpHoC4znIQMHBsEpQbR8P5j49IXtHRjCpl5PKRIwuAc+Ff3 -ixM3jv/G+LBi26G0ZNGZ4iI11rJ3TLxUqHT12/WXTuS91jePA/f3WIHkGBEFeRs+ -wiROXSAveyMAt1ThK9Bil7BYlLmpgfci7eiKHC6OlA7VZo4OrS03VZTlaaBaU5Te -+tX8XYQ7Kllh9LreXZ2Cks14oNBlS4vzOcZOpw1bamaEbIA13IsGyY/kF7LqSPW2 -b7Jy628ObLeU3a+0lm+nIkjH25FDvtfxD9+2qQHEpRaRclskwIGTmA/Tg/YrrS2Z -am9RD+6E/tsgIIlQE09NEA== ------END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-51.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-51.pem deleted file mode 100644 index 97629f711..000000000 --- a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-51.pem +++ /dev/null @@ -1,30 +0,0 @@ -Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-51 -Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 ------BEGIN CERTIFICATE----- -MIIEvDCCA6SgAwIBAgICASUwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL -EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0NjQ5WhcN -MjIxMTIzMTM0NjQ5WjBdMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl -cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEYMBYGA1UEAwwPRE9E -IEVNQUlMIENBLTUxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnw7P -Taj5UGSMi8whxGpPsoChGMjVQRk1Fzp9J/mPjx/oXc2MwMahK3xpE3YB86q/SeH1 -Cv5hc9Pa99HtSF/RaHAo3frFoPnRNoPDLj6ihPGmEWwMKywUgOCnTQcGSlNqR0es -tYrMTxti9bKE3uc0hgWibZYlukiGYg0UygYPS4+afMtzaBljiUWeQFrmCaEgeG3B -UvX/zgNdSqtG9KX1LjqtNZB91hIDrRUNohX5xSLxPMpojC5d391u/0GfAEXeKyAy -bPN8BdVjqJ7FlyueVKUgIAB/t/k6NO3lKEiC+QsrhrwaFI3Yme9JfRsZU8/Yhv0L -wKeJhoz3552oT0e4PwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHId -gXoWqvLczmbuRcAwHQYDVR0OBBYEFDXvECJsuhIPvcJNGeTOfY8FV1w0MA4GA1Ud -DwEB/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycw -CwYJYIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFl -AwIBAxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQF -MAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwv -RE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRw -Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsG -AQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEA -Y2UKHMi98mslNJ9qUBT8ZNGKim+nYkfLfBgdP136smJYYDcwUOXwHt3b1aOy4sXI -0BkNNS6tO5fdvZ7W4/zYFouIVnImaa8hjDiJNoAi5dYKDxkB8iOWYlAP8TZwpKNy -sbGh4EQHWWQ8wDuFcdA5/9ElnxpQ/JJzSgUOHhtGm8vrEQmmJKW0FvbGXhGydHx2 -I5GtDvGHqlpF8GFIAA5HNAaw1s5De2StEYCTS/y95naqZafCxYG62cGbHir8dp0U -KQOUQt88tTh0TAqzcLKz1OJIoIkbfpzV6XiXuL0VSob+W0peZeqTVq+w7nWP1cNr -44ligwwVjeF04L3sZKA54w== ------END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-52.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-52.pem deleted file mode 100644 index dbe07dfcf..000000000 --- a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-52.pem +++ /dev/null @@ -1,30 +0,0 @@ -Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-52 -Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 ------BEGIN CERTIFICATE----- -MIIEvDCCA6SgAwIBAgICASYwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL -EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0NzI4WhcN -MjIxMTIzMTM0NzI4WjBdMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl -cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEYMBYGA1UEAwwPRE9E -IEVNQUlMIENBLTUyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw4pb -qFZ5LPm9gcWT24lCj8yLQHYdzntTWgMqPVyveG88rA+bXiAWO6zWUsjPlYQHfxiN -qTZemKgK8OUkVQA4oiQ59EzcNiRsZp1hy7nvDpFcW/0WJzHY5M84ThI57zRH20Ac -iNw1DB7XmR5yJFKTFusipWgsqwWRTtpJlLGJXhTHyG6aNxP6HEXbTLAM4x/0LM9Z -Q2yYihUufgtJYGeLapNb1pPLsPVchhJOQjLFyp3Kx9W1xfjUFftE9FQAwCBJHyC7 -tFMk6DlITy4s7ptst1nNbPYdzGmiix/P7+I702Yn8H3YbmhFD3d+fkhCXqsjio0y -0wWFDaa6vmm3RqF1GQIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHId -gXoWqvLczmbuRcAwHQYDVR0OBBYEFOlmDFyb4lpKsgM2NP18yab4qwc5MA4GA1Ud -DwEB/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycw -CwYJYIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFl -AwIBAxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQF -MAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwv -RE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRw -Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsG -AQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEA -dYEfuTkBoJLwzyIZ/lrxB3ECCes2zWMLe1RsRrQ3QUhkeLcqxxwG1z+UbbmWkrSS -JS0Q1XeLRiT7P1x+ycs1Gvoy5V4CFOryb5eNaDpOclJdXOiRjOGvS0wSeSLGnT/d -lRPrQZcoEm+DFvtSMasu/zR8DnaepKpWLvyFXwvoimvsQVvz4tOS2o4u400KLPBo -MQbTwpDmk39wxf4Aq4m8hznf2BhAy20YH6jY08gXg0pNDVh4CZIxyF2gmE0TDXPv -sx77lxYKW3Bx0ZxHIcfBKifjSiTrGlLeEP9LfEQdpCjJqhG/3BFy6flzwJDEHqHH -swhN9DCJn+3xTeq25PUXPg== ------END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-49.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-49.pem deleted file mode 100644 index d0002c3bc..000000000 --- a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-49.pem +++ /dev/null @@ -1,30 +0,0 @@ -Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-49 -Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 ------BEGIN CERTIFICATE----- -MIIEuTCCA6GgAwIBAgICAScwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL -EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0ODE1WhcN -MjIxMTIzMTM0ODE1WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl -cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E -IElEIENBLTQ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2EngKIwP -Cl9+dsIByO2uONNLKhpnFypBAE+LM8+kekt4/HG6StaU/fmqFTRiVI0Uh+td9BWe -8NXOYrhQRo6FVSxBkLtWZX8Px2IHxiqQ1lnrZK9UlCo8h3MPpiN8VEjH2bP/WSa0 -oZEWzEDKLB5tSKerddc+QL2uEHb+Gfym6i+5qPOLXjV00FY24FdNOyHaRjQTM/Lf -sjWoFItHTKp5B9QogdKnyg+WkAARYtbd1nqtDXv6Fph5HaT39SEnRhc+lkrRDpDY -c+HAU6Xywik+stgv2yFk1MhFpF5/rndEwMLIST0+lSpahJKGmYtg1VKcnDcq5CER -C31gl6Yr7ffjAwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW -qvLczmbuRcAwHQYDVR0OBBYEFNhnk8pG3MmVppSzBBicziU6lhxNMA4GA1UdDwEB -/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ -YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB -AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA -AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E -Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v -Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF -BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEATmfP -QPkolF5PB0fS/9DrngX0tmdSwlidBtrkY6vL/V7IMKqJk7r+hHW6k9+nxijHFj6Y -J1+4ElpH/PwWPsqwVIshQxECvJKfo3OfN3a8Mn6Hog5kXJl5dMb0vJOpWQ9UhmG2 -m9UUZ9847wSlbW0vMHL0puuTso0365vilPO5JkapEXcFXdc3LDxXW8BR5NHyaN3V -mvfD/qAqe4BiBx2+WAxsolTJQ5IMjG5tIN7WE6VJdUAm6EIgbuFfvG1KiWQJLHkL -XdTvwdUTqX9JQYswfvoCwvHRh+I2mZX+/iH5HKLcaxqW8b9JnHCtfMSBZqLdI3nG -IBw48tRul8lbrg0mJw== ------END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-50.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-50.pem deleted file mode 100644 index 3ec32dfea..000000000 --- a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-50.pem +++ /dev/null @@ -1,30 +0,0 @@ -Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-50 -Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 ------BEGIN CERTIFICATE----- -MIIEuTCCA6GgAwIBAgICASgwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL -EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0ODQ3WhcN -MjIxMTIzMTM0ODQ3WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl -cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E -IElEIENBLTUwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy1ncM1bN -JJHiu1Bh5jQ8r+Y1L2pvw+6YDLGE71z5gquBqisOC6XLKffKdBSF2U55vvp0m5J8 -WdF5DSfyfdAJ7S1HlzFYVW+0KjGLELKV5tWZh/aXu8V85ZaaYkvJeeEU5cIYWLKK -RAr1iygwnslhy1Kb7xhYV7gLYc29Wm1EgZiJ2Xm9M11FIauo40EXmQFniz4FLE/S -4JB1lbYiP1jGa4zJrdnec1k65tZk/K4hdi2diS+9mEUz3PWrzNqjrHKxFocnh9qS -NGqJfyfXxXgKTrZw2UG83IxHKvIpMPodX4SYUwRm5HRbrG6c1Fx12NC2go16w3dD -ilH+aUduTNpmFQIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW -qvLczmbuRcAwHQYDVR0OBBYEFDYuUt50qp7sux+T0b62ULXGaQv5MA4GA1UdDwEB -/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ -YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB -AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA -AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E -Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v -Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF -BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEAbAli -o7+gWX5YytmPMD9ic+aX2s0NaSdSauFYmb6khtN0CCocIqTI/TyfRJTjhI6wRNoa -ckcjVa5H3EOp4vOrtLN4TxbhNqdE+IHafWE4/btDstI5PrA2hlFZb1zvM5EQC8u0 -BZQ/DqyShOjypvxldvol6UGjys7wecPxt3cBJC7uroY+nqfxHnOIxRFoJGdC7pSm -f90/uDcX87oCbK/FrzJBO+/V2lGHiByC7ahcP59a4Xd69lHSMtRWquclAyBEy1Mx -p7Bx/v5kCpv14JE6SBlYEwhFrTt4aT49FQEQ9aJFKRv7j20sS/6wxPzGx24HE0Gb -XwusK9jo5skGLLUC3g== ------END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-51.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-51.pem deleted file mode 100644 index a0b406554..000000000 --- a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-51.pem +++ /dev/null @@ -1,30 +0,0 @@ -Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-51 -Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 ------BEGIN CERTIFICATE----- -MIIEuTCCA6GgAwIBAgICASkwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL -EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0OTI3WhcN -MjIxMTIzMTM0OTI3WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl -cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E -IElEIENBLTUxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjjtDs/iL -TIf25t9SGGMP49gCFIYXcEtvTtc/vh+Cghf7qVwiNvUYCaGMq5q7F/pgL5xsw6Bn -iCMau2bZtLfl5xnMk2VMl2GRwUayHQ/0lyteeKid6fa8sfnlyNLh8lvPuHqQFJZX -5vpfAC24NDQCrr8YIkkNRyxJihCpj8HHYuzTplDRIpMljahhAWCsQkUqlq/5Lite -XHYA/+EnT2hspkitSU+FUIWo0FKK95oo+i2uXX8x3cXWEUCXoR23Slk5NrGTwAsf -TUd16xWA1acvksunx8eK3uOVCV02Q0sldVN19NaGm8lpoBfbtiNz3lo/j1VT558q -35LmOYWI6KzSTwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW -qvLczmbuRcAwHQYDVR0OBBYEFJ2kwVzT+WZxSaiEIwO24a8pdy2uMA4GA1UdDwEB -/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ -YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB -AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA -AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E -Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v -Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF -BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEAigQ4 -aOduTUCpDvC0ue0B0GV49B0aek8HXWKc10bPb1iUCQL2DT4aIf0u+yQqrzVpTw/x -5mVPRn2Zi2iEV5A8PsN4dReF3lblQSrSVvKFw7cq66Z8ab2ijXjpAMTJCUIOir8w -KoOV03cnVcaW0VDTH+gOslXnm95kPqdfbxJMh06Q00XfvWfRjfnB9D8ZDXbytM5X -mkZRyuUvWY+DKyJUy1HAuardaFpgA5WowjeQm9sAvx72LzaS7zmv+hxOliGXYOn7 -gbJATcT+zt1Ffwa9M19FjoQDSzWihW8P5cFRt6xVEwZHeD8VG++jcQfAujwX0v7U -hFKu8gxm3wlNXOalzA== ------END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-52.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-52.pem deleted file mode 100644 index caff9d9ef..000000000 --- a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-52.pem +++ /dev/null @@ -1,30 +0,0 @@ -Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-52 -Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 ------BEGIN CERTIFICATE----- -MIIEuTCCA6GgAwIBAgICASowDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL -EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM0OTU3WhcN -MjIxMTIzMTM0OTU3WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl -cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E -IElEIENBLTUyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAltzcMp2O -02t+fwd7rTlugoKqYF8eo/3M+JVdppPAHTiJVaVt0JSeM4xyZsKNoPBoFW/yshnx -lRv/LyNx0VBbn+4mJ7Ea1U4FBPxCSZ68VYqKdV64UMhndawVBJM3Oy8Y3ZxPldTD -f9ApCg4dZXSEiSnShO8YuphrNbYAd6YrdUn1IhDAhw90VTU3GMLru4vx60vFHscW -eZHpHfET8AsClbAyqu65bsa1+o0XvGLQy2GTMzEVaR1NhYVWKRSwgqW57gbE8pV+ -63WYNwi8XIr/2TaJ5GvgBVCbgJWAwsSfFTz21ZqOou0d5xYu79iIIue5DEoRW1bm -qserHNG7gsMvHwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW -qvLczmbuRcAwHQYDVR0OBBYEFJroUayRVNeUmgRI+iJ5/8bV7oYrMA4GA1UdDwEB -/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ -YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB -AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA -AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E -Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v -Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF -BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEAkxvd -sbOh2zGZCsj3nu9fHEMClJVtK4kJzPJZPi44gdSn+U8X5lbtT0kxsRrqCAZntlgQ -mp+DxnQClr35fjao3wF79nQaIOP2789a9VWZgyJfPrV2KLsxAH4/oOd2ZYdUtHfC -lbfZwbpxFulBqPWxysKQOx3XC/3LszCR0YFqbV/c5hBRB1A4sWBlF8KRGQyKdAyc -K7PrLcSMnLq04ugd5MfYWuJjJx/USNNWlil/LzqyCFzxPp4nGBB8y8s2LcZyvofh -HIBN9qxl3+EXcJyeyqyNiVZcgJi+DLSmBCckb2J6lN9tbGWV02WK+8OiAiZ31CfJ -/sezZ58EZayGYS031Q== ------END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-53.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-53.pem deleted file mode 100644 index 37fee6b84..000000000 --- a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-53.pem +++ /dev/null @@ -1,29 +0,0 @@ -Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD SW CA-53 -Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 ------BEGIN CERTIFICATE----- -MIIEjzCCA3egAwIBAgICASswDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL -EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM1MDM1WhcN -MjIxMTIzMTM1MDM1WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl -cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E -IFNXIENBLTUzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwTewS9iv -ChYtMvNBYEOjVcVqr+3VOAEgyjt7ieJUVPrFDgtL9Sz+eXX+uBXkJwYjS0gtex6L -RuNtdcLkukoJu34ZxnfUwc8rgTwNV8VtIyI2GJq/u/FjGwK8fHkzslOzwF8KoA6N -NTYvKy9XohBDrrYGpRq/RuDttVfiJ4Yvcii5J6+uZTvT9035EksqjV7A+sJkFVqI -3MZ83kN9O0ZJf4dEj4h4DKqQYHTRrpy/BL4pTGxmSpnQHne63ToqsoZntTYCYhB5 -6izOakbsUTYVauwYqlNVf0j20IwcZibztp7wqV2NgGzA81LndhYLQh+8KsDabTSV -sZMvLHfEAeLdhwIDAQABo4IBXDCCAVgwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW -qvLczmbuRcAwHQYDVR0OBBYEFFHEizOZlMB+uzYd4+I6Bb0ydJ1TMA4GA1UdDwEB -/wQEAwIBhjA9BgNVHSAENjA0MAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ -YIZIAWUCAQsqMAsGCWCGSAFlAgELOzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1Ud -JAQFMAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9j -cmwvRE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5o -dHRwOi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAG -CCsGAQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOC -AQEACZtxX9lr6sye0RUSOLYzLCU4jVDNSQgz3qq8Kk7dJ97GdsuBzACcCIwFDpNd -tjMtD+mwNjgfeRY5ovyMEH3ZzVhIqGpQo4WLeE+bjy3fNcU3rsb2SHNaEpRddWQ3 -jnOc3jlyg/sHaR6Jg4JfQ1G9za46AReVa1nJLHjt/BO5m/3D4iJmpJvq2Qp6N4eF -a2VL6s8uAZKnLCocjZU2B3wYZMyaSgppaE4TOe/Hc5HJw245/cFLUL8I02iYfv9E -KQDuTGqNzGrBuKp9LMpRrBWb0boFrZaONcVXjtCqi05fo1Fd/JhuvfraTpgxmVXi -1OvgVGwq5lsxW2pbjSpBFebaRw== ------END CERTIFICATE----- diff --git a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-54.pem b/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-54.pem deleted file mode 100644 index 59b66acb3..000000000 --- a/config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-54.pem +++ /dev/null @@ -1,29 +0,0 @@ -Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD SW CA-54 -Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 ------BEGIN CERTIFICATE----- -MIIEjzCCA3egAwIBAgICASwwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL -EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMTYxMTIyMTM1MTI4WhcN -MjIxMTIzMTM1MTI4WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPVS5TLiBHb3Zl -cm5tZW50MQwwCgYDVQQLDANEb0QxDDAKBgNVBAsMA1BLSTEVMBMGA1UEAwwMRE9E -IFNXIENBLTU0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq0wnaj/j -ZzXRnZnNDN5rMZW7OmPPcrG+8IQW6oHretQqvj/HCnAyX3sl5TvT6bLCG4UfLBAx -4VRCvpsVW9fME/43E+N8pyUDjlhYe8BHO9e0RfbVjMgDh6tLagvjN3MfThg8E94C -6TRisdifkP6WonplO1sbv8YD49GjmBWLs8KtU3xzw/StQrwNfymY8aW4lXJQa/Ca -+FXzz/tRh7Mclrlz6QCzgdHAliWK4s5tsXDxeZls2/tvTaZQCVCiyccDdc//lYzL -UIwg3lnPcoV6CPhhw+QW4q42Y4oSu48Z9g/fAvqhrK1U0S9mHl1vWLDTHI3hkwmd -T/O2WgKh8nvx8wIDAQABo4IBXDCCAVgwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW -qvLczmbuRcAwHQYDVR0OBBYEFLC3KL8sBImKdCavqhOMAhBVgXmxMA4GA1UdDwEB -/wQEAwIBhjA9BgNVHSAENjA0MAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ -YIZIAWUCAQsqMAsGCWCGSAFlAgELOzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1Ud -JAQFMAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9j -cmwvRE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5o -dHRwOi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAG -CCsGAQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOC -AQEAZF047yS8bq8lkMpoxFrJjmbdD1TNpjnWRmImQ32uPwNkrDbspNJ4GdqAh3N6 -ueIMcPUSmrIEs9GRZGJzOeTQ6tcQKCyWy+npsI1DQ/k5Xz0H375Bw17gnq2Bpjdy -s8zeg8I+2lDOjSNr7RgVWWB+2sVWXdvILx4Wkh6vX57uEud046HBmc4NeDiHAer8 -NIac5A7e379NRyuusNGXkAm3g7GsE/Y7MrFsKKsMlHb+gFXVgD0DBhtF22YqmA/R -QvTz7Ij1AD++Gv5I4IIzJFMryN6ED6XduWcTtk9Cnf0uY0z+VY8RFw9nOkECFc2b -BA8L2LlruBOzMWbFy4kH7G/hrA== ------END CERTIFICATE----- From 68a02aa8b84e19ae53a5122c7810a506a12504c7 Mon Sep 17 00:00:00 2001 From: Mitchell Henke Date: Thu, 14 Sep 2023 09:45:56 -0500 Subject: [PATCH 10/18] Update CI Image (#406) --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index f04f0dc8b..6b49bdedd 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -6,7 +6,7 @@ variables: ECR_REGISTRY: '${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com' IDP_WORKER_IMAGE_TAG: 'main' - PIVCAC_CI_SHA: 'sha256:1b280037c653d00685e10890afe01f83c943ed409a810c398ee9dcb90cdfbd11' + PIVCAC_CI_SHA: 'sha256:41c2b811ee61aa06c662e2d631812cda04d06a0dd15e177ec04997dcaeb1cc9c' CI: 'true' default: From c92bec0e4c3cfbe0a31de6c462b72605f277f26f Mon Sep 17 00:00:00 2001 From: "timothy.spencer" Date: Wed, 11 Sep 2024 21:03:58 +0000 Subject: [PATCH 11/18] This is to get an image that we can use in kubernetes-land in a production-like way. * Add prod pivcac image * Make sure image is largely read-only to the app user * Add RDS cert bundle * Add nginx image * make prod pivcac image and nginx images be built automatically by gitlab --- .gitlab-ci.yml | 80 +++++++++++++++++++ Dockerfile | 79 ++++++++++++++++-- Gemfile.lock | 2 +- k8.Dockerfile | 8 +- k8files/nginx-prod.conf | 172 ++++++++++++++++++++++++++++++++++++++++ k8files/update-ips.sh | 21 +++++ nginx.Dockerfile | 11 +++ prod.Dockerfile | 153 +++++++++++++++++++++++++++++++++++ 8 files changed, 513 insertions(+), 13 deletions(-) create mode 100644 k8files/nginx-prod.conf create mode 100755 k8files/update-ips.sh create mode 100644 nginx.Dockerfile create mode 100644 prod.Dockerfile diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 2b34e26e7..2d4d55bda 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -210,6 +210,86 @@ build-pivcac-image: --compressed-caching=false --build-arg "http_proxy=${http_proxy}" --build-arg "https_proxy=${https_proxy}" --build-arg "no_proxy=${no_proxy}" +# Build a container image async, and don't block CI tests +# Cache intermediate images for 1 week (168 hours) +build-prod-pivcac-image: + stage: review + needs: [] + interruptible: true + variables: + BRANCH_TAGGING_STRING: "" + rules: + - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH + variables: + BRANCH_TAGGING_STRING: "--destination ${ECR_REGISTRY}/identity-pivcac/review:main" + - if: $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH + - if: $CI_PIPELINE_SOURCE != "merge_request_event" + when: never + tags: + - build-pool + image: + name: gcr.io/kaniko-project/executor:debug + entrypoint: [''] + script: + - mkdir -p /kaniko/.docker + - |- + KANIKOCFG="\"credsStore\":\"ecr-login\"" + if [ "x${http_proxy}" != "x" -o "x${https_proxy}" != "x" ]; then + KANIKOCFG="${KANIKOCFG}, \"proxies\": { \"default\": { \"httpProxy\": \"${http_proxy}\", \"httpsProxy\": \"${https_proxy}\", \"noProxy\": \"${no_proxy}\"}}" + fi + KANIKOCFG="{ ${KANIKOCFG} }" + echo "${KANIKOCFG}" > /kaniko/.docker/config.json + - >- + /kaniko/executor + --context "${CI_PROJECT_DIR}" + --dockerfile "${CI_PROJECT_DIR}/prod.Dockerfile" + --destination "${ECR_REGISTRY}/identity-pivcac/pivcac:${CI_COMMIT_SHA}" + ${BRANCH_TAGGING_STRING} + --cache-repo="${ECR_REGISTRY}/identity-pivcac/pivcac/cache" + --cache-ttl=168h + --cache=true + --compressed-caching=false + --build-arg "http_proxy=${http_proxy}" --build-arg "https_proxy=${https_proxy}" --build-arg "no_proxy=${no_proxy}" + +build-prod-nginx-image: + stage: review + needs: [] + interruptible: true + variables: + BRANCH_TAGGING_STRING: "" + rules: + - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH + variables: + BRANCH_TAGGING_STRING: "--destination ${ECR_REGISTRY}/identity-pivcac/review:main" + - if: $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH + - if: $CI_PIPELINE_SOURCE != "merge_request_event" + when: never + tags: + - build-pool + image: + name: gcr.io/kaniko-project/executor:debug + entrypoint: [''] + script: + - mkdir -p /kaniko/.docker + - |- + KANIKOCFG="\"credsStore\":\"ecr-login\"" + if [ "x${http_proxy}" != "x" -o "x${https_proxy}" != "x" ]; then + KANIKOCFG="${KANIKOCFG}, \"proxies\": { \"default\": { \"httpProxy\": \"${http_proxy}\", \"httpsProxy\": \"${https_proxy}\", \"noProxy\": \"${no_proxy}\"}}" + fi + KANIKOCFG="{ ${KANIKOCFG} }" + echo "${KANIKOCFG}" > /kaniko/.docker/config.json + - >- + /kaniko/executor + --context "${CI_PROJECT_DIR}" + --dockerfile "${CI_PROJECT_DIR}/nginx.Dockerfile" + --destination "${ECR_REGISTRY}/identity-pivcac/nginx:${CI_COMMIT_SHA}" + ${BRANCH_TAGGING_STRING} + --cache-repo="${ECR_REGISTRY}/identity-pivcac/pivcac/cache" + --cache-ttl=168h + --cache=true + --compressed-caching=false + --build-arg "http_proxy=${http_proxy}" --build-arg "https_proxy=${https_proxy}" --build-arg "no_proxy=${no_proxy}" + review-app: stage: review allow_failure: true diff --git a/Dockerfile b/Dockerfile index 440c1efe0..d7613a141 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,27 @@ # Use the official Ruby image because the Rails images have been deprecated -FROM logindotgov/build as build +FROM ruby:3.3.1-slim as build + +RUN apt-get update && \ + apt-get install -y \ + git-core \ + build-essential \ + git-lfs \ + curl \ + zlib1g-dev \ + libssl-dev \ + libreadline-dev \ + libyaml-dev \ + libsqlite3-dev \ + sqlite3 \ + libxml2-dev \ + libxslt1-dev \ + libcurl4-openssl-dev \ + software-properties-common \ + libffi-dev \ + libpq-dev \ + xz-utils \ + unzip && \ + rm -rf /var/lib/apt/lists/* # Everything happens here from now on WORKDIR /pivcac @@ -9,20 +31,61 @@ COPY Gemfile* ./ RUN gem install bundler --conservative && \ bundle install --without deploy production -# Copy everything else over -COPY . . +# Generate and place SSL certificates for puma +RUN mkdir -p /pivcac/keys +RUN openssl req -x509 -sha256 -nodes -newkey rsa:2048 -days 1825 \ + -keyout /pivcac/keys/localhost.key \ + -out /pivcac/keys/localhost.crt \ + -subj "/C=US/ST=Fake/L=Fakerton/O=Dis/CN=localhost" && \ + chmod 644 /pivcac/keys/localhost.key /pivcac/keys/localhost.crt + +# Download RDS Combined CA Bundle +RUN mkdir -p /usr/local/share/aws \ + && curl https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem > /usr/local/share/aws/rds-combined-ca-bundle.pem \ + && chmod 644 /usr/local/share/aws/rds-combined-ca-bundle.pem + # Switch to base image -FROM logindotgov/base +FROM ruby:3.3.1-slim WORKDIR /pivcac +RUN apt-get update && \ + apt-get install -y \ + curl \ + zlib1g-dev \ + libssl-dev \ + libreadline-dev \ + libyaml-dev \ + libxml2-dev \ + libxslt1-dev \ + libcurl4-openssl-dev \ + libffi-dev \ + libpq-dev && \ + rm -rf /var/lib/apt/lists/* + # Copy Gems, NPMs, and other relevant items from build layer -COPY --chown=appuser:appuser --from=build /pivcac . +COPY --from=build /pivcac . # Copy in whole source (minus items matched in .dockerignore) -COPY --chown=appuser:appuser . . +COPY . . + +# Create a new user and set up the working directory +RUN addgroup --gid 1000 app && \ + adduser --uid 1000 --gid 1000 --disabled-password --gecos "" app && \ + mkdir -p /pivcac && \ + mkdir -p /pivcac/tmp/pids && \ + mkdir -p /pivcac/log + +# make everything the proper perms after everything is initialized +RUN chown -R app:app /pivcac/tmp && \ + chown -R app:app /pivcac/log && \ + find /pivcac -type d | xargs chmod 755 + +# get rid of suid/sgid binaries +RUN find / -perm /4000 -type f | xargs chmod u-s +RUN find / -perm /2000 -type f | xargs chmod g-s -USER appuser +USER app EXPOSE 8443 -CMD ["bundle", "exec", "rackup", "config.ru", "--host", "ssl://localhost:8443?key=config/local-certs/server.key&cert=config/local-certs/server.crt"] +CMD ["bundle", "exec", "rackup", "config.ru", "--host", "ssl://0.0.0.0:3000?key=/pivcac/keys/localhost.key&cert=/pivcac/keys/localhost.crt"] diff --git a/Gemfile.lock b/Gemfile.lock index a2bb377f3..d8fbe290f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -260,7 +260,7 @@ GEM regexp_parser (2.7.0) request_store (1.5.1) rack (>= 1.4) - rexml (3.3.3) + rexml (3.3.6) strscan rgl (0.5.6) lazy_priority_queue (~> 0.1.0) diff --git a/k8.Dockerfile b/k8.Dockerfile index 250c80f46..099a8bfa6 100644 --- a/k8.Dockerfile +++ b/k8.Dockerfile @@ -21,13 +21,13 @@ ENV TZ=Etc/UTC RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone # Install dependencies -RUN apt-get update && apt-get install -y \ +RUN apt-get update && apt-get install -y \ build-essential \ cron \ - curl \ + curl \ gettext-base \ git-core \ - tar \ + tar \ unzip \ jq \ libcurl4-openssl-dev \ @@ -99,7 +99,7 @@ COPY --chmod=644 ./k8files/status.conf /opt/nginx/conf/sites.d/ COPY ./k8files/pivcac.conf /opt/nginx/conf/sites.d/pivcac.conftemp # Download RDS Combined CA Bundles -RUN wget -P /usr/local/share/aws/ https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem +RUN wget -P /usr/local/share/aws/ https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem # Create cron jobs RUN echo '* */4 * * * websrv flock -n /tmp/update_cert_revocations.lock -c /usr/local/bin/update_cert_revocations' > /etc/cron.d/update_cert_revocations; \ diff --git a/k8files/nginx-prod.conf b/k8files/nginx-prod.conf new file mode 100644 index 000000000..416475ba4 --- /dev/null +++ b/k8files/nginx-prod.conf @@ -0,0 +1,172 @@ +#user nginx; +worker_processes 2; +worker_rlimit_nofile 2048; +pid /var/run/nginx.pid; +daemon off; +load_module /usr/lib/nginx/modules/ngx_http_headers_more_filter_module.so; + + +events { + worker_connections 1024; +} + +http { + include mime.types; + default_type application/octet-stream; + + sendfile on; + tcp_nopush off; + keepalive_timeout 60 50; + gzip on; + gzip_types text/plain text/css application/xml application/javascript application/json image/jpg image/jpeg image/png image/gif image/svg+xml font/woff2 woff2; + + # Timeouts definition + client_body_timeout 10; + client_header_timeout 10; + send_timeout 10; + # Set buffer size limits + client_body_buffer_size 1k; + client_header_buffer_size 1k; + client_max_body_size 20k; + large_client_header_buffers 2 20k; + # Limit connections + limit_conn addr 20; + limit_conn_status 429; + limit_conn_zone $binary_remote_addr zone=addr:5m; + # Disable sending server info and versions + server_tokens off; + more_clear_headers Server; + more_clear_headers X-Powered-By; + # Prevent clickJacking attack + add_header X-Frame-Options SAMEORIGIN; + # Disable content-type sniffing + add_header X-Content-Type-Options nosniff; + # Enable XSS filter + add_header X-XSS-Protection "1; mode=block"; + + # Enables nginx to check multiple set_real_ip_from lines + real_ip_recursive on; + + real_ip_header X-Forwarded-For; + + # Exclude all private IPv4 space from client source calculation when + # processing the X-Forewarded-For header + set_real_ip_from 10.0.0.0/8; + set_real_ip_from 100.64.0.0/10; + set_real_ip_from 172.16.0.0/12; + set_real_ip_from 192.168.0.0/16; + # TODO - IPv6 CIDR for VPCs will require autoconfiguration + + # Add CloudFront source address ranges to trusted CIDR range for real ip computation + include /etc/nginx/cloudfront-ips.conf; + + # logging + access_log /dev/stdout; + error_log /dev/stdout info; + + # Specify a key=value format useful for machine parsing + log_format kv escape=json + '{' + '"time": "$time_local", ' + '"hostname": "$host", ' + '"dest_port": "$server_port", ' + '"dest_ip": "$server_addr", ' + '"src": "$remote_addr", ' + '"src_ip": "$realip_remote_addr", ' + '"user": "$remote_user", ' + '"protocol": "$server_protocol", ' + '"http_method": "$request_method", ' + '"status": "$status", ' + '"bytes_out": "$body_bytes_sent", ' + '"bytes_in": "$request_length", ' + '"http_referer": "$http_referer", ' + '"http_user_agent": "$http_user_agent", ' + '"nginx_version": "$nginx_version", ' + '"http_cloudfront_viewer_address": "$http_cloudfront_viewer_address", ' + '"http_cloudfront_viewer_http_version": "$http_cloudfront_viewer_http_version", ' + '"http_cloudfront_viewer_tls": "$http_cloudfront_viewer_tls", ' + '"http_cloudfront_viewer_country": "$http_cloudfront_viewer_country", ' + '"http_cloudfront_viewer_country_region": "$http_cloudfront_viewer_country_region", ' + '"http_x_forwarded_for": "$http_x_forwarded_for", ' + '"http_x_amzn_trace_id": "$http_x_amzn_trace_id", ' + '"response_time": "$upstream_response_time", ' + '"request_time": "$request_time", ' + '"request": "$request", ' + '"tls_protocol": "$ssl_protocol", ' + '"tls_cipher": "$ssl_cipher", ' + '"uri_path": "$uri", ' + '"uri_query": "$query_string",' + '"log_filename": "nginx_access.log"' + '}'; + + # Get $status_reason variable, a human readable version of $status + include status-map.conf; + + # Set HSTS header only if not already set by app. Some clients get unhappy if + # you set multiple Strict-Transport-Security headers. + # https://serverfault.com/a/598106 + map $upstream_http_strict_transport_security $sts_value { + '' "max-age=31536000; preload"; + } + + # Always add a HSTS header - This is still inside the http block, so will not + # conflict with headers set in nginx.conf + add_header Strict-Transport-Security $sts_value always; + + server { + listen 8443 ssl; + server_name _; + access_log /dev/stdout kv; + + ssl_certificate /keys/tls.crt; + ssl_certificate_key /keys/tls.key; + ssl_client_certificate /etc/nginx/ficam_bundle.pem; + ssl_verify_client optional_no_ca; # on; + ssl_verify_depth 10; + + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!ECDHE-RSA-AES256-SHA384:!ECDHE-RSA-AES256-SHA:!DHE-RSA-AES256-SHA256:!DHE-RSA-AES256-SHA'; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_prefer_server_ciphers on; + ssl_protocols TLSv1.2; + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 5m; + ssl_stapling on; + ssl_stapling_verify on; + proxy_buffer_size 32k; + proxy_buffers 8 32k; + proxy_busy_buffers_size 64k; + + location ~* \.(html|txt|ico|png|json)$ { + root "/srv"; + try_files $uri @backend; + } + + location / { + proxy_pass https://0.0.0.0:3000; + + proxy_set_header X-Real-Host $host; + proxy_set_header X-Real-Ip $remote_addr; + proxy_set_header X-Real-Proto https; + proxy_set_header X-Client-Verify $ssl_client_verify; + proxy_set_header X-Client-S-Dn $ssl_client_s_dn; + proxy_set_header X-Client-I-Dn $ssl_client_i_dn; + proxy_set_header X-Client-Serial $ssl_client_serial; + proxy_set_header X-Client-Fingerprint $ssl_client_fingerprint; + proxy_set_header X-Client-Cert $ssl_client_escaped_cert; + } + + location @backend { + proxy_pass https://0.0.0.0:3000; + + proxy_set_header X-Real-Host $host; + proxy_set_header X-Real-Ip $remote_addr; + proxy_set_header X-Real-Proto https; + proxy_set_header X-Client-Verify $ssl_client_verify; + proxy_set_header X-Client-S-Dn $ssl_client_s_dn; + proxy_set_header X-Client-I-Dn $ssl_client_i_dn; + proxy_set_header X-Client-Serial $ssl_client_serial; + proxy_set_header X-Client-Fingerprint $ssl_client_fingerprint; + proxy_set_header X-Client-Cert $ssl_client_escaped_cert; + } + } +} diff --git a/k8files/update-ips.sh b/k8files/update-ips.sh new file mode 100755 index 000000000..102c2ee86 --- /dev/null +++ b/k8files/update-ips.sh @@ -0,0 +1,21 @@ +#!/bin/sh +# +# This script updates the ips.conf file so that we have +# up-to-date cloudfront IP information. +# +set -e + +IPS_CONF="/etc/nginx/cloudfront-ips.conf" +echo "Updating $IPS_CONF" + +rm -f "$IPS_CONF" +echo '# cloudfront IP ranges' > $IPS_CONF +echo '# ' >> $IPS_CONF + +curl -s https://ip-ranges.amazonaws.com/ip-ranges.json | jq -r '.prefixes[] | select(.service=="CLOUDFRONT_ORIGIN_FACING") | .ip_prefix' | while read i ; do + echo "set_real_ip_from $i;" >> $IPS_CONF +done + +curl -s https://ip-ranges.amazonaws.com/ip-ranges.json | jq -r '.ipv6_prefixes[] | select(.service=="CLOUDFRONT") | .ipv6_prefix' | while read i ; do + echo "set_real_ip_from $i;" >> $IPS_CONF +done diff --git a/nginx.Dockerfile b/nginx.Dockerfile new file mode 100644 index 000000000..c79e52043 --- /dev/null +++ b/nginx.Dockerfile @@ -0,0 +1,11 @@ +FROM public.ecr.aws/docker/library/alpine:3 + +RUN apk add --no-cache jq curl nginx nginx-mod-http-headers-more + +COPY ./k8files/update-ips.sh /update-ips.sh +COPY ./k8files/nginx-prod.conf /etc/nginx/nginx.conf +COPY ./k8files/status-map.conf /etc/nginx/ +COPY ./config/cert_bundles/ficam_bundle.pem /etc/nginx/ +RUN /update-ips.sh + +ENTRYPOINT ["/usr/sbin/nginx"] diff --git a/prod.Dockerfile b/prod.Dockerfile new file mode 100644 index 000000000..b6e740240 --- /dev/null +++ b/prod.Dockerfile @@ -0,0 +1,153 @@ +# this part builds everything +FROM ruby:3.3.4-slim-bullseye as builder + +# Set environment variables +ENV RAILS_ROOT /app +ENV RAILS_ENV production +ENV BUNDLE_PATH /app/vendor/bundle +ENV NGINX_VERSION 1.22.0 + +# Install dependencies +RUN apt-get update && apt-get install -y \ + build-essential \ + curl \ + gettext-base \ + git-core \ + tar \ + unzip \ + jq \ + libcurl4-openssl-dev \ + libjemalloc-dev \ + libpcre3 \ + libpcre3-dev \ + libssl-dev \ + libpq-dev \ + patch \ + python3 \ + python3-pip \ + python3-venv \ + util-linux \ + wget \ + && rm -rf /var/lib/apt/lists/* + +# Download RDS Combined CA Bundle +RUN mkdir -p /usr/local/share/aws \ + && curl https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem > /usr/local/share/aws/rds-combined-ca-bundle.pem \ + && chmod 644 /usr/local/share/aws/rds-combined-ca-bundle.pem + +# Create working directory +WORKDIR $RAILS_ROOT + +# do a bundle install +COPY .ruby-version $RAILS_ROOT/.ruby-version +COPY Gemfile $RAILS_ROOT/Gemfile +COPY Gemfile.lock $RAILS_ROOT/Gemfile.lock +RUN bundle config build.nokogiri --use-system-libraries +RUN bundle config set --local deployment 'true' +RUN bundle config set --local path $BUNDLE_PATH +RUN bundle config set --local without 'deploy development doc test' +RUN bundle install --jobs $(nproc) +RUN bundle binstubs --all + + + +##################################################### +# here is where the actual image gets built +FROM ruby:3.3.4-slim-bullseye + +SHELL ["/bin/bash", "-c"] + +# Set environment variables +ENV RAILS_ROOT /app +ENV RAILS_ENV production +ENV BUNDLE_PATH /app/vendor/bundle + +# Prevent documentation installation +RUN echo 'path-exclude=/usr/share/doc/*' > /etc/dpkg/dpkg.cfg.d/00_nodoc && \ + echo 'path-exclude=/usr/share/man/*' >> /etc/dpkg/dpkg.cfg.d/00_nodoc && \ + echo 'path-exclude=/usr/share/groff/*' >> /etc/dpkg/dpkg.cfg.d/00_nodoc && \ + echo 'path-exclude=/usr/share/info/*' >> /etc/dpkg/dpkg.cfg.d/00_nodoc && \ + echo 'path-exclude=/usr/share/lintian/*' >> /etc/dpkg/dpkg.cfg.d/00_nodoc && \ + echo 'path-exclude=/usr/share/linda/*' >> /etc/dpkg/dpkg.cfg.d/00_nodoc + +# Setup timezone data +ENV TZ=Etc/UTC +RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone + +# Install dependencies +RUN apt-get update && apt-get install -y \ + gettext-base \ + git-core \ + curl \ + libcurl4-openssl-dev \ + libjemalloc-dev \ + libpcre3 \ + libpcre3-dev \ + libssl-dev \ + libpq-dev \ + patch \ + util-linux \ + postgresql-contrib \ + && rm -rf /var/lib/apt/lists/* + +# Create user and setup working directory +RUN addgroup --gid 1000 app && \ + adduser --uid 1000 --gid 1000 --disabled-password --gecos "" app && \ + mkdir -p $RAILS_ROOT && \ + mkdir -p $RAILS_ROOT/tmp/pids && \ + mkdir -p $RAILS_ROOT/log + +# copy rds cert from builder +COPY --from=builder /usr/local/share/aws/rds-combined-ca-bundle.pem /usr/local/share/aws/rds-combined-ca-bundle.pem + +# Copy bundle in +COPY --from=builder $RAILS_ROOT $RAILS_ROOT + +COPY package.json $RAILS_ROOT/package.json + +WORKDIR $RAILS_ROOT + +# Copy Application Code +COPY ./lib ./lib +COPY ./app ./app +COPY ./config ./config +COPY ./config.ru ./config.ru +COPY ./db ./db +COPY ./bin ./bin +COPY ./public ./public +COPY ./spec ./spec +COPY ./vendor ./vendor +COPY ./Rakefile ./Rakefile +COPY ./Makefile ./Makefile +COPY ./Procfile ./Procfile +COPY ./log ./log +COPY ./tmp ./tmp +RUN mkdir -p ${RAILS_ROOT}/keys; chmod -R 0755 ${RAILS_ROOT}/keys; \ + mkdir -p ${RAILS_ROOT}/tmp/cache; chmod -R 0755 ${RAILS_ROOT}/tmp/cache; \ + mkdir -p ${RAILS_ROOT}/tmp/pids; chmod -R 0755 ${RAILS_ROOT}/tmp/pids; \ + mkdir -p ${RAILS_ROOT}/tmp/sockets; chmod -R 0755 ${RAILS_ROOT}/tmp/sockets; \ + mkdir -p ${RAILS_ROOT}/config/puma; chmod -R 0755 ${RAILS_ROOT}/config/puma; +COPY --chmod=644 ./k8files/newrelic.yml ./config/newrelic.yml + +# set bundler up +RUN bundle config build.nokogiri --use-system-libraries +RUN bundle config set --local deployment 'true' +RUN bundle config set --local path $BUNDLE_PATH +RUN bundle config set --local without 'deploy development doc test' + +# make everything the proper perms after everything is initialized +RUN chown -R app:app $RAILS_ROOT/tmp && \ + chown -R app:app $RAILS_ROOT/log && \ + find $RAILS_ROOT -type d | xargs chmod 755 + +# get rid of suid/sgid binaries +RUN find / -perm /4000 -type f | xargs chmod u-s +RUN find / -perm /2000 -type f | xargs chmod g-s + +# Expose port the app runs on +EXPOSE 443 + +USER app + +# The keys here are getting mapped in from a secret in the deployment. +CMD ["bundle", "exec", "rackup", "config.ru", "--host", "ssl://0.0.0.0:3000?key=/app/keys/tls.key&cert=/app/keys/tls.crt"] From adfe686965e58ef7a3427acb0e3a6893316498dc Mon Sep 17 00:00:00 2001 From: "andrew.duthie" Date: Wed, 2 Oct 2024 16:17:42 +0000 Subject: [PATCH 12/18] Add a default merge request template * Add a default merge request template See merge request lg/identity-pki!22 --- .github/pull_request_template.md | 6 +++++- .gitlab/merge_request_templates/default.md | 15 +++++++++++++++ 2 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 .gitlab/merge_request_templates/default.md diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index fcd19b66a..5f26aa004 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -1 +1,5 @@ -This repo has been moved! Please [open a merge request on GitLab](https://gitlab.login.gov/lg/identity-pki/-/merge_requests/new). +The source code for this repository is now managed in GitLab! + +Please [open a merge request on GitLab](https://gitlab.login.gov/lg/identity-pki/-/merge_requests/new). + +If you're an external contributor, please feel free to open a pull request. A project maintainer will facilitate your contribution. diff --git a/.gitlab/merge_request_templates/default.md b/.gitlab/merge_request_templates/default.md new file mode 100644 index 000000000..24f3d53f1 --- /dev/null +++ b/.gitlab/merge_request_templates/default.md @@ -0,0 +1,15 @@ +## 🎫 Ticket + +[Link to the relevant ticket] + +## 🛠 Summary of changes + +[Write a brief description of what you changed] + +## 📜 Testing Plan + +[Provide a list of steps to confirm the changes] + +## 👀 Screenshots + +[If relevant, include a screenshot or screen capture of the changes] From d5ad8d0369149aae885594b864d7c3c93731eb17 Mon Sep 17 00:00:00 2001 From: "mitchell.henke" Date: Thu, 3 Oct 2024 17:23:46 +0000 Subject: [PATCH 13/18] Fix platform-specific gem specifications * remove platform-specific gems in lockfile * remove echo ok * Fix deprecated bundle config usage See merge request lg/identity-pki!28 --- .gitlab-ci.yml | 7 +++++-- Gemfile.lock | 6 ++++-- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 7116148f3..7e798cb7f 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -14,7 +14,11 @@ default: image: '${ECR_REGISTRY}/pivcac/ci@${PIVCAC_CI_SHA}' .bundle_install: &bundle_install - - bundle check || bundle install --deployment --jobs=4 --retry=3 --without deploy development doc production --path vendor/ruby + - bundle config set --local deployment true + - bundle config set --local frozen true + - bundle config set --local without deploy development doc production + - bundle config set --local path vendor/ruby + - bundle check || bundle install --jobs $(nproc) --retry=3 .build_cache: - &ruby_cache @@ -52,7 +56,6 @@ install: - echo "'$CI_PIPELINE_SOURCE'" - echo "'$CI_MERGE_REQUEST_IID'" - echo "'$CI_EXTERNAL_PULL_REQUEST_IID'" - - echo 'ok' - *bundle_install specs: diff --git a/Gemfile.lock b/Gemfile.lock index 89cbb130e..04d4d4473 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -152,7 +152,7 @@ GEM factory_bot_rails (6.4.3) factory_bot (~> 6.4) railties (>= 5.0.0) - ffi (1.17.0-arm64-darwin) + ffi (1.17.0) globalid (1.2.1) activesupport (>= 6.1) hashdiff (1.0.1) @@ -185,6 +185,7 @@ GEM method_source (1.1.0) mini_cache (1.1.0) mini_mime (1.1.5) + mini_portile2 (2.8.7) minitest (5.25.1) msgpack (1.7.2) mutex_m (0.2.0) @@ -199,7 +200,8 @@ GEM net-protocol newrelic_rpm (8.16.0) nio4r (2.7.3) - nokogiri (1.16.7-arm64-darwin) + nokogiri (1.16.7) + mini_portile2 (~> 2.8.2) racc (~> 1.4) parallel (1.22.1) parser (3.3.5.0) From bf37fe895de99792f6349c9d8e9db4b4d378d329 Mon Sep 17 00:00:00 2001 From: "mitchell.henke" Date: Fri, 4 Oct 2024 13:07:59 +0000 Subject: [PATCH 14/18] Add new Entrust cert * fix bug in find matching certs script * Add new Entrust cert See merge request lg/identity-pki!29 --- config/cert_bundles/ficam_bundle.pem | 784 ++++++++---------- config/cert_bundles/login_bundle.pem | 32 + ...ust Managed Services SSP CA 1920665011.pem | 32 + lib/tasks/certs.rake | 2 +- 4 files changed, 410 insertions(+), 440 deletions(-) create mode 100644 config/certs/C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services SSP CA 1920665011.pem diff --git a/config/cert_bundles/ficam_bundle.pem b/config/cert_bundles/ficam_bundle.pem index d508faa5e..d90cb5151 100644 --- a/config/cert_bundles/ficam_bundle.pem +++ b/config/cert_bundles/ficam_bundle.pem @@ -291,66 +291,6 @@ RESK7dTWNoWkTCyMxnawNdSkxq84ADIlO8V3yUHnYKJS5AjVMBQNgkWYwGB1o5dN 3aRfoQ6R7nQcudq92nzMKIBYg0Ep+x+Xh9mn5j6EUInJ7Bz2qqQ9U1w4bCZb7IBi kw== -----END CERTIFICATE----- -Subject: /C=CA/O=Carillon Information Security Inc./OU=Certification Authorities/CN=Carillon PKI Services CA 2 -Issuer: /C=CA/O=Carillon Information Security Inc./OU=Certification Authorities/CN=Carillon PKI Services G2 Root CA 2 ------BEGIN CERTIFICATE----- -MIIKazCCCFOgAwIBAgIGDPYcANu0MA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQG -EwJDQTErMCkGA1UEChMiQ2FyaWxsb24gSW5mb3JtYXRpb24gU2VjdXJpdHkgSW5j -LjEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRob3JpdGllczErMCkGA1UEAxMi -Q2FyaWxsb24gUEtJIFNlcnZpY2VzIEcyIFJvb3QgQ0EgMjAeFw0yMTA0MjAxNjA5 -MzZaFw0zMDAxMjAxNjA5MzZaMIGDMQswCQYDVQQGEwJDQTErMCkGA1UEChMiQ2Fy -aWxsb24gSW5mb3JtYXRpb24gU2VjdXJpdHkgSW5jLjEiMCAGA1UECxMZQ2VydGlm -aWNhdGlvbiBBdXRob3JpdGllczEjMCEGA1UEAxMaQ2FyaWxsb24gUEtJIFNlcnZp -Y2VzIENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCdc4bYc4no -NZ5FH4RgyFrqSdtsI4Tqdkmvui4xZ7wiXNJfQKlD4n/TMLcfDwCnvFlDQTvzKWVI -fyXDt9+v0XkKwhQX7g6Sy8ZY89xTJZcLeQ7iwQXhdeBQ0jnClb9kstJqOjF5LKvL -8s3pt+OusyC/FYLTU6k+t9L6ljEm0mXdyE570N0zJr2ZoXaCY3FIhVAN2m+DznMj -XG+XpID/xZktQnrgp0kjFBsLaMKtORszXDeODnpl5N9apeSaX220QXA4x88UA0YF -HUTWSDgvOnjKafYoVJRvRbjOwItGgJf3djb7mqp1SdQtCHXA9mqfxfgO52DLkwQh -QEsLGnwwofmIcw9vVu8OChxGTSOP3zetS8J1QSzyGdU8WgNvcu3HSrNKcXpLVGop -cqsyDCqIU7kzO+T3lhFtJN2mUh7ASNWvZq4jW4ruhFuqRDmdxUF4+j5HwoRVPpxT -fmX5wy/Fr7Bq6crVF5Dzzp5k1n9c73CfaLrAuVEmQPncY5rpdXLxOOaGX+gMtkpZ -U1kFtuJq+WVHbIrJ84DuwplcLHE4VByqpzO7BcsI9mp22yyq16ovC8hwaVAivkT4 -1Hu/0WsQb4N1x80EyF5fE3CV9jCMRYJttt7TDE7P8fa1nUUUA+DACUhaUzuAsk16 -yKcysSijCHEd1tJU2lzHw6u7nlVrPpotoQIDAQABo4IE2TCCBNUwHQYDVR0OBBYE -FJ0+x2oIKlHAC7Wy/VQ9+cLed0+UMB8GA1UdIwQYMBaAFP4BF6aKLnoK25nuD0uU -gwSK3JGRMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMIID6AYD -VR0gBIID3zCCA9swDQYLKwYBBAGBw14DAQMwDQYLKwYBBAGBw14DAQQwDQYLKwYB -BAGBw14DAQUwDQYLKwYBBAGBw14DAQYwDQYLKwYBBAGBw14DAQcwDQYLKwYBBAGB -w14DAQgwDQYLKwYBBAGBw14DAREwDQYLKwYBBAGBw14DARIwDQYLKwYBBAGBw14D -AQkwDQYLKwYBBAGBw14DAQowDQYLKwYBBAGBw14DAR4wDQYLKwYBBAGBw14DAQsw -DQYLKwYBBAGBw14DAR8wDQYLKwYBBAGBw14DAQwwDQYLKwYBBAGBw14DAQ0wDQYL -KwYBBAGBw14DAQ4wDQYLKwYBBAGBw14DAQ8wDQYLKwYBBAGBw14DARAwgewGCysG -AQQBgcNeAwEUMIHcMDkGCCsGAQUFBwIBFi1odHRwczovL3B1Yi5jYXJpbGxvbi5j -YS9DZXJ0aWZpY2F0ZVBvbGljeS5wZGYwgZ4GCCsGAQUFBwICMIGRGoGOVGhpcyBj -ZXJ0aWZpY2F0ZSBoYXMgYmVlbiBpc3N1ZWQgaW4gYWNjb3JkYW5jZSB3aXRoIHRo -ZSBDYXJpbGxvbiBJbmZvcm1hdGlvbiBTZWN1cml0eSBJbmMuIENlcnRpZmljYXRl -IFBvbGljeSBhcyBmb3VuZCBpbiB0aGUgQ1BTcG9pbnRlciBmaWVsZDCB7AYLKwYB -BAGBw14DARUwgdwwOQYIKwYBBQUHAgEWLWh0dHBzOi8vcHViLmNhcmlsbG9uLmNh -L0NlcnRpZmljYXRlUG9saWN5LnBkZjCBngYIKwYBBQUHAgIwgZEagY5UaGlzIGNl -cnRpZmljYXRlIGhhcyBiZWVuIGlzc3VlZCBpbiBhY2NvcmRhbmNlIHdpdGggdGhl -IENhcmlsbG9uIEluZm9ybWF0aW9uIFNlY3VyaXR5IEluYy4gQ2VydGlmaWNhdGUg -UG9saWN5IGFzIGZvdW5kIGluIHRoZSBDUFNwb2ludGVyIGZpZWxkMIHsBgsrBgEE -AYHDXgMBFjCB3DA5BggrBgEFBQcCARYtaHR0cHM6Ly9wdWIuY2FyaWxsb24uY2Ev -Q2VydGlmaWNhdGVQb2xpY3kucGRmMIGeBggrBgEFBQcCAjCBkRqBjlRoaXMgY2Vy -dGlmaWNhdGUgaGFzIGJlZW4gaXNzdWVkIGluIGFjY29yZGFuY2Ugd2l0aCB0aGUg -Q2FyaWxsb24gSW5mb3JtYXRpb24gU2VjdXJpdHkgSW5jLiBDZXJ0aWZpY2F0ZSBQ -b2xpY3kgYXMgZm91bmQgaW4gdGhlIENQU3BvaW50ZXIgZmllbGQwSAYIKwYBBQUH -AQEEPDA6MDgGCCsGAQUFBzAChixodHRwOi8vcHViLmNhcmlsbG9uLmNhL0NBY2Vy -dHMvQ0lTRzJSQ0EyLnA3YzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vcHViLmNh -cmlsbG9uLmNhL0NSTC9DSVNHMlJDQTIuY3JsMA0GCSqGSIb3DQEBCwUAA4ICAQCZ -w4/muyjv/FJnsjV88ew4uwV4JRLWmHWpK55fW9obFnrvE1UadXctlU3PrF3AcFFC -U6Frw5N3wQ98ou+DdJQh9VAddOpIPLCQEtYbB529OdrQHvkWmo0F7GoqMmSaTPIG -8h3XyF+PNi3CeXTy3WAL/By+HR9K0jNmjHuv15aSxsI6wy9mNpkEPOBidAfEzoVv -iuIe3IJeX2z16ZcgPB/wE8PFzRT2nKQYIjt3XCZiTSwidLVX86XoewL40g8a4bYi -SaZG/qINxoS6cXMM3ikGTrQniq//fcaOgG0gcRhlXCnYPG4o3EZ7uXb0idL6SqC6 -GBAcoQRh3qf1bdupYgO7op0/SI9Sd3JAQYDoYqVbSyFyQyM7AjAuUOtDHrqPfkkN -xBjT2fP/mnq2Wxc7/XEOB1RRFl4CQpGFVIonHAjJ3hvbP+aB6FollmgYe6yAQdHQ -y6o4xOrbW5/uLU/D7DU5DMydfP5rQRQg3/yl0LZGFnCQOC4ukOSfz6orF+yN6fWm -N4c7A1vPoU1YKAXK83nGlm0DvYLP3ATd15g5GpHZLj5YCLLiZafKDj+l2GDssowe -cQ13yQhqSz1Hy6YuZRff3RTeFoJfG9NwLxTJLKwK3FWQvZ4dzwDNANbux7pwuqoP -UHH1k2dZaoeOP5CGgHlMTX8TK7ATEQC5zpsqwQLNlA== ------END CERTIFICATE----- Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-62 Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 -----BEGIN CERTIFICATE----- @@ -679,42 +619,6 @@ mr1PIWTHdCVJiTCqodADVsK+e5vFw25ueE/eeIxAuDdN6idaNzOG6T4ZvS3WPEKX BZ6B9eIpklYG6ezZYDmhFq47+er2/dIxk3s6Dioo1QS6HZB7/S86nFiY4IOQ6lwh WRk= -----END CERTIFICATE----- -Subject: /C=US/O=DocuSign Inc./OU=TSCP/CN=DocuSign Root CA -Issuer: /C=US/O=TSCP Inc./OU=CAs/CN=TSCP SHA256 Bridge CA ------BEGIN CERTIFICATE----- -MIIF3zCCBMegAwIBAgIQG4UwFGP2EYFwkICGCRwMVzANBgkqhkiG9w0BAQsFADBP -MQswCQYDVQQGEwJVUzESMBAGA1UEChMJVFNDUCBJbmMuMQwwCgYDVQQLEwNDQXMx -HjAcBgNVBAMTFVRTQ1AgU0hBMjU2IEJyaWRnZSBDQTAeFw0yMzA4MTcwMDAwMDBa -Fw0yNDA4MTYyMzU5NTlaME8xCzAJBgNVBAYTAlVTMRYwFAYDVQQKDA1Eb2N1U2ln -biBJbmMuMQ0wCwYDVQQLDARUU0NQMRkwFwYDVQQDDBBEb2N1U2lnbiBSb290IENB -MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0bm9VLekG+c/fXQB2s0U -G+DY68pCZYlgra4rLUPMtry9q/ANF7lHKSwqpuxQnQPe8Z1mXwLw9jMbT+Z1vrgk -A2WNTBKKboaRT895xDnV1J3Q4Au830pQUnZI1DZCSGh0bIfhN8U2Jb/K8OmSu9HP -U1TOmbZSKw/xJkvmCTvL3N/K415oNmq4bQAUfRpsQSQ21SfmbJDnU8R+0mgHz8cj -kz6ivcgwiwPth990gK3zpo4WFoKdXGfxg+VU/ZgQzuq6QqsGJpLNo4Gf4AYi3VIC -Q+wGNr6mwK+iRs8C6I3VoWjz5TjXfwCQ5dLN2XS2vCTvK8KEKbVx1adULY6x4Wg2 -e3x0gzUA41TZr5wC2BBS+2Zvdsbrt0s7snZonqM1slFmAKADE/PCP9+AiowAKjly -mGtBsXd57PXCXrfamFhUSmcZmK9Kds5QB0lqOIk7m/Cnl+h0Xz+khaHa+zlFt1JE -PmY1gkGsF7119jrn8v/sjhnu7mqvQOmC7Yr/WHncE+wRpMi+r948TTr/mwqconyi -lI0c1X7BzeFacKlohxGXqlO6T+l3XZSNG1NGTk21cIdGw6cHHBFthS4XcVObbVkD -l42vyWU6TAMUilNEeOYWIeUZYEW9mAJ2GCVKMrW734JfgMj+zyf3kz2AJpqVUcVI -W0eFl4Ms8J5bw1RUtk4JO2cCAwEAAaOCAbUwggGxMB0GA1UdDgQWBBSZahBFuZtn -iNLIWoCC9aErD2YdSDAPBgNVHRMBAf8EBTADAQH/MD4GA1UdHwQ3MDUwM6AxoC+G -LWh0dHA6Ly90c2NwLWNybC5zeW1hdXRoLmNvbS90c2NwYmNhc2hhMjU2LmNybDAO -BgNVHQ8BAf8EBAMCAQYwCgYDVR02BAMCAQAwSQYDVR0gBEIwQDAOBgwrBgEEAYKp -UwEBAQEwDgYMKwYBBAGCqVMBAQECMA4GDCsGAQQBgqlTAQEBDDAOBgwrBgEEAYKp -UwEBAQ0wYwYDVR0hBFwwWjAcBgwrBgEEAYKpUwEBAQEGDCsGAQQBgstyAgEBATAc -BgwrBgEEAYKpUwEBAQIGDCsGAQQBgstyAgEBATAcBgwrBgEEAYKpUwEBAQ0GDCsG -AQQBgstyAgEBAzBSBggrBgEFBQcBAQRGMEQwQgYIKwYBBQUHMAKGNmh0dHA6Ly90 -c2NwLWFpYS5zeW1hdXRoLmNvbS9Jc3N1ZWRUby10c2NwYmNhc2hhMjU2LnA3YzAf -BgNVHSMEGDAWgBS4UWJmMEW+5QxXHCNofuZP9ws+9zANBgkqhkiG9w0BAQsFAAOC -AQEAeY+c9VO95D+w+AW4qfJHN4pheRBmAWcbJ1NELgEH/B5D+gZScBwfkHydsQ2Q -LU9427iJiy3cpNUcAuLEFiBVR5MeEYiHEOC66Bt7WLpz3bgcOFafM7r6ihpU15xC -A7Rth+aRQk/+ApQ1PjKvnk/pL2pcNO+NnLhTztwn83ozUskrljm7rtUTu4cSq4cm -oREoEsYvAQ1Bm/o8CUvpUpkCfo1GWr/fOL/95EY9BwK9sX1WCwuF8oUS0R7PBC79 -YdHv1wrO4Is02uC2xdih1WUjSplCWKbRXXuxyYu4RV059WTY+XytRAkQ9iGoxaaC -5AP4v9V5zF4J9GWlIJ2bFMQTtg== ------END CERTIFICATE----- Subject: /C=US/O=Northrop Grumman Corporation/OU=Northrop Grumman Enterprise Services/CN=Northrop Grumman Corporate Signing CA-384 Issuer: /C=US/O=Northrop Grumman Corporation/OU=Northrop Grumman Enterprise Services/CN=Northrop Grumman Corporate Root CA-384 -----BEGIN CERTIFICATE----- @@ -765,39 +669,48 @@ BKPG429O2liokBqjZPFxvihZrERWysusd+BB5kyDm3YpJRDvTGo2DhJ0kzvzcxct rUMHyKKlymoWOOztDO0Ddb1BEGsd9TUZ/Fyzb37zqs+c20+cPOPncyctgKof6YfQ 8hFjM/52MAhj/UqrHmS5o5knexIPWmCysnhJT0k1PahbrlEFjFnU3kpEBT1JcA== -----END CERTIFICATE----- -Subject: /C=US/O=U.S. Government/OU=ECA/CN=ECA Root CA 4 -Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Interoperability Root CA 2 ------BEGIN CERTIFICATE----- -MIIFezCCBGOgAwIBAgICCAgwDQYJKoZIhvcNAQELBQAwbDELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL -EwNQS0kxJzAlBgNVBAMTHkRvRCBJbnRlcm9wZXJhYmlsaXR5IFJvb3QgQ0EgMjAe -Fw0yMTA3MDYxNDQ0NTBaFw0yNDA3MDYxNDQ0NTBaME0xCzAJBgNVBAYTAlVTMRgw -FgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0VDQTEWMBQGA1UEAxMN -RUNBIFJvb3QgQ0EgNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALhw -aVe9gFpBwBnmlefUghPcLDhLioLKHIhdjn48DG9l4dq4HHEYtt4UCHnbxoqZ7foh -3WIYAC3wFMxaTnee8uh3FAMUxqn9shKgZ/8fN3rQcI+W13AkDi2dRV48ABPuoDox -GpAgV2XkMBfGyQR53R7/oMjvX6wAJToBv5acBJWOrVKzkXD09Owz4Q8IF4K4hgo/ -OdHckDnHPrkzKYPZCugT4F49DSWAxGzPLC6AKtAtQEkbxJy28zYpJuwxAHMazXeV -reUsS/EUKTboMVze9VyPdlurAdbP580nq/S0c1BCNCWHV1oeVJk7mwHqxd2Vo7By -tuxwoSqqhfrxqTiUFQcCAwEAAaOCAkQwggJAMB8GA1UdIwQYMBaAFP/4rhOLkit5 -kkGjdlwsgZ6axZx4MA4GA1UdDwEB/wQEAwIBBjBHBgNVHR8EQDA+MDygOqA4hjZo -dHRwOi8vY3JsLmRpc2EubWlsL2NybC9ET0RJTlRFUk9QRVJBQklMSVRZUk9PVENB -Mi5jcmwwHQYDVR0OBBYEFDNbpW96VWArgUsmFMx5v0q6izK9MHwGCCsGAQUFBwEB -BHAwbjBKBggrBgEFBQcwAoY+aHR0cDovL2NybC5kaXNhLm1pbC9pc3N1ZWR0by9E -T0RJTlRFUk9QRVJBQklMSVRZUk9PVENBMl9JVC5wN2MwIAYIKwYBBQUHMAGGFGh0 -dHA6Ly9vY3NwLmRpc2EubWlsMGsGA1UdIARkMGIwDAYKYIZIAWUDAgEMBDAMBgpg -hkgBZQMCAQwFMAwGCmCGSAFlAwIBDAYwDAYKYIZIAWUDAgEMBzAMBgpghkgBZQMC -AQwIMAwGCmCGSAFlAwIBDAkwDAYKYIZIAWUDAgEMCjASBgNVHRMBAf8ECDAGAQH/ -AgEBMEkGA1UdHgEB/wQ/MD2gOzA5pDcwNTELMAkGA1UEBhMCVVMxGDAWBgNVBAoT -D1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRUNBMA8GA1UdJAEB/wQFMAOAAQAw -SgYIKwYBBQUHAQsEPjA8MDoGCCsGAQUFBzAFhi5odHRwOi8vY3JsLmRpc2EubWls -L2lzc3VlZGJ5L0VDQVJPT1RDQTRfSUIucDdjMA0GCSqGSIb3DQEBCwUAA4IBAQDA -f4ml0MinZH8hLrXIwHmqppYIwU86FQUbAjskGiRy53ETPtc8pnHIBy2Y+BhWUqMB -pUWw9VyKoKighrxXx31bSempRA0dWiE5IcY4oGFiRek4+4wZI4Ld0RcIGnTcUdOq -DGDXygEIOsaKE0L04TGRWLQfPvPdCK4uxEbbKhax5SWuc9XHoOlxBJ217NFN+JlO -6Zo7CzUl7LH5A2QL9DdkEpIEhsuQo4m4O4HOgq0hiRUXDZeBx8ana8CQl2FUWxo0 -ru9id7sAjfSpn7uNmxTxbFL1QsavrV3UXjlWgj8Aku7tX5p+8mCut/8y66VxNeir -pt97kBi1e+eSeQ+4hGba +Subject: /C=US/O=U.S. Government/OU=ECA/OU=Certification Authorities/CN=WidePoint ECA 9 +Issuer: /C=US/O=U.S. Government/OU=ECA/CN=ECA Root CA 5 +-----BEGIN CERTIFICATE----- +MIIHHjCCBQagAwIBAgIBCDANBgkqhkiG9w0BAQwFADBNMQswCQYDVQQGEwJVUzEY +MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNFQ0ExFjAUBgNVBAMT +DUVDQSBSb290IENBIDUwHhcNMjQwNTA3MTUwMTAzWhcNMzQwNTA2MTUwMTAzWjBz +MQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQL +EwNFQ0ExIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxGDAWBgNV +BAMTD1dpZGVQb2ludCBFQ0EgOTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBAO25ZvZ0ZdYh9x5U4e+ljy/Q6ZcHkRP2EkuNMKVwOBCAsiMfvvZfVWplnxN3 +uYxRuR07FbcaCu4QefkG/pkd+oXJjqc9J8HJ9fT221GECZ/W+wUB21k5IqBmlrn1 +Iia5RQD0+vW4cdExdeJAvDbqX50aKt/n8RlKXBawE5UM4ZAx9hwaUlXxC9J/9++L +kKfmz6aPig0IJeMjOcUioaIRbBXb1xISXgWiDn8X3q+9t97MV/LlSmCQH1jFcvYI +/S9d+akMOlthLtnKHOFDuFPv8HSnSr4CnNmTh+e5snSQDyUBGzF+pXBs9cPISsVh ++5iA/fIp5A9XPSaySoCB8xxVWHa6CwXaxmOceMmcBOBe0oPu3jqPmhoxyRBQAlaL +u/DlSREjkJGVxQmhhgtrpQLXTbprpvlPBMnewBte22z1/POw/In4q2p1ySfPdV5V +Yt1o6+77t8cPLKB5NqLnZPKAN8UNZPppT9gJq1YHeZFh9qI2Vx2ObEPyxxnspy0A ++2bMhxMgr0dWOkcusQ9tlr5Zneq9uYL9ZZZt1doHx3tsoat8B9YQvDN5XX/a4SaY +ueVdkspxw98A8SRa42SLHCgyqs4B1I6/Mx3FbbFvsBeICZ1fFIwN0Fyxa7IoReJm +nTvTJA/QnMW55micGA76k1EJIHDog+0OJH5gs/jUKIh5zxg/AgMBAAGjggHhMIIB +3TAfBgNVHSMEGDAWgBTPlMfbf90zkOdhQS1wEOIH7G7nqjAdBgNVHQ4EFgQUESaH +xcKHXyLRqaAO2g8Ht4i6NKkwDgYDVR0PAQH/BAQDAgGGMIHBBgNVHSAEgbkwgbYw +DAYKYIZIAWUDAgEMBDAMBgpghkgBZQMCAQwFMAwGCmCGSAFlAwIBDAYwDAYKYIZI +AWUDAgEMBzAMBgpghkgBZQMCAQwIMAwGCmCGSAFlAwIBDAkwDAYKYIZIAWUDAgEM +CjAMBgpghkgBZQMCAQwLMAwGCmCGSAFlAwIBDAwwDAYKYIZIAWUDAgEMDTAMBgpg +hkgBZQMCAQwOMAwGCmCGSAFlAwIBDA8wDAYKYIZIAWUDAgEMEDASBgNVHRMBAf8E +CDAGAQH/AgEAMAwGA1UdJAQFMAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDov +L2NybC5kaXNhLm1pbC9jcmwvRUNBUk9PVENBNS5jcmwwbAYIKwYBBQUHAQEEYDBe +MDoGCCsGAQUFBzAChi5odHRwOi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0VDQVJP +T1RDQTVfSVQucDdjMCAGCCsGAQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDAN +BgkqhkiG9w0BAQwFAAOCAgEAc7fbyvlI/mXp/EEcNuQCPFQX0eQ1bk3C4o38FWkI +WyEuO2otiYcgGIXyFCxwo0Y2YxdSAdptmsvoKkBjHE7iqptmJbB5GYpT9k2RWBrS +mGnuiaGvtMNIcXavP2AaNHGNQ4nTIrfwnch+jK8vlgMOExEt2yhcs/okE/O30tQs +kPvBbSXM9wsWAgRAlB+ZQlA30ogTxdez9U6wp7NfWzUZvKOU7zi/bD2U+z+9Xdro +pOSvBbYwv5/S1Hdlo02HUxQn7RS+YuW3OW0fJAS3v/A3EZpqRdbKU3Vv6v1IvDD0 +rHuJvAqu2iDJPOWdS9ZmkK3ekskmD6uTXjZ7kX6Ze8kaDlgXq/EjKYuCZpyAC2Bh +B9lL9tml/HsX6JB0ZAk7l7bNcuju8dge2ftqgW1RLRS7W+WyaWQlZ9dd+hckUQlp +Eq3OctzysCys9TVIC75moDhHjaQ+NZ2OtCqqonoeOxY3oYKycmnYliiIJ56gkwLp +4faGtS6iEbWdtKvkztEbAk6yy111+tb72SvxCW7S0iRTiFLIz+SB16LKcbvvHmt2 +JPX6CrZKSfQ838xNgUOjYX+FUgueMKqDv0DU73jITyoZOofFm+iafyAF4YQWjg7R +4JY9jpIaOWHMGq61kVFJYEoFe7FWqSfHIYqCptOhHUhQ92mu1sp9esnP9Tmb6OJP +SaI= -----END CERTIFICATE----- Subject: /C=US/O=U.S. Government/OU=U.S. Department of Transportation/CN=U.S. Department of Transportation Device CA G5 Issuer: /C=US/O=DigiCert, Inc./CN=DigiCert Federal SSP Intermediate CA - G5 @@ -1008,6 +921,92 @@ e1VHlgxF81vSSC2kGdPZR36OObt4Y4Mk2ozNaxtJzRS7oMOGSWPNGXZlBUCYI2UY phfnJzzjIXlSd/kLByU8No0BMnBHaT8ytfKfNKUD/4rnyrz5EUbXecvLdq8WYXsA 55b6Xzb1r3KvhjyKHCjpRpwWWhFuJ1k5KomNRA== -----END CERTIFICATE----- +Subject: /C=US/O=Entrust/OU=Certification Authorities/CN=Entrust Managed PKI Federal Issuing CA G2 +Issuer: /C=US/O=Entrust/OU=Certification Authorities/CN=Entrust Managed PKI Federal Root CA G2 +-----BEGIN CERTIFICATE----- +MIIHgzCCBWugAwIBAgIQbGSs4XPaFEA0trZ3aYOKTDANBgkqhkiG9w0BAQwFADB0 +MQswCQYDVQQGEwJVUzEQMA4GA1UEChMHRW50cnVzdDEiMCAGA1UECxMZQ2VydGlm +aWNhdGlvbiBBdXRob3JpdGllczEvMC0GA1UEAxMmRW50cnVzdCBNYW5hZ2VkIFBL +SSBGZWRlcmFsIFJvb3QgQ0EgRzIwHhcNMjQwNjI4MjAxMDMyWhcNMzQwNjI4MjA0 +MDMyWjB3MQswCQYDVQQGEwJVUzEQMA4GA1UEChMHRW50cnVzdDEiMCAGA1UECxMZ +Q2VydGlmaWNhdGlvbiBBdXRob3JpdGllczEyMDAGA1UEAxMpRW50cnVzdCBNYW5h +Z2VkIFBLSSBGZWRlcmFsIElzc3VpbmcgQ0EgRzIwggIiMA0GCSqGSIb3DQEBAQUA +A4ICDwAwggIKAoICAQDLnnzCrwwLGZ/5kn6+vLZt91KKKaHNRBNBvTHkudCUeiDw +ZOW35fMLBD1hAb2vJmOoJEfbVOhvQBCO1anF9QrfWX2FBXSPcp9QgDyivT+Ao/4X +0R+MLgm/VNfCCSoBa6a2AFCS4Mxi/l62azJQW2h6zNDqkUReIQoSN0iOfy9EqZTC +4fk8HZ7aGxQFkJj4pBXVN01lhYZok8MGV7Q3mKPoEiToIR5Z9TooHWLb+SFmBQu4 +ySq67ssnqqa1XsTR3CZgM2zVG3AIM+vUlwVKh6T058E4WBV2000aKh2P0Gp98j46 +wUtr1wPyC65Tjn0ZKFNT9mCjGqKdsyBRPdyGvXkFtbhtrt86Z3Ehy8loAQf11wo0 +JKJty/bWFOemircp7GJZKt7+THewYEt78sd7gbY9GCtR372uTw3L/au8j1WAgm3P +XOaVYnHhJiUaGDgZTJ8Tl6vIOVkncDAUPGN8ST5iydvMBB7Ju3Od3K42aosqCFRk +T/wsUTH3EH4oC+WytMhtI5jIqbzGmZLcQsvO1IZKA1wHfgScZVuPWAa6wNu+qfxJ +SatNmjj8eBOpNtYoSVhMFTkniq2rtj93gY1Pvxpf0WgIxHJeA4bTzNSJr42WKgIX +dq8Kqe7P1MogH+h2/mMEQqmsYtj9fUvpn49/Jw4CHNFNgNeQbc/3HL3WP0zCFQID +AQABo4ICDDCCAggwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAw +gbMGA1UdIASBqzCBqDAMBgpghkgBZQMCAQMGMAwGCmCGSAFlAwIBAwcwDAYKYIZI +AWUDAgEDCDAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIBAxEwDAYKYIZIAWUDAgED +JzAMBgpghkgBZQMCAQMkMAwGCmCGSAFlAwIBAygwDAYKYIZIAWUDAgEDKTAMBgpg +hkgBZQMCAQMtMAwGCmCGSAFlAwIBAy4wDAYKYIZIAWUDAgEDLzCBnAYIKwYBBQUH +AQEEgY8wgYwwVAYIKwYBBQUHMAKGSGh0dHA6Ly9mZWRyb290ZzJjcmwubWFuYWdl +ZC5lbnRydXN0LmNvbS9BSUEvQ2VydHNJc3N1ZWRUb0ZlZFJvb3RDQUcyLnA3YzA0 +BggrBgEFBQcwAYYoaHR0cDovL2ZlZHJvb3RnMm9jc3AubWFuYWdlZC5lbnRydXN0 +LmNvbTBNBgNVHR8ERjBEMEKgQKA+hjxodHRwOi8vZmVkcm9vdGcyY3JsLm1hbmFn +ZWQuZW50cnVzdC5jb20vQ1JMcy9GZWRSb290RzJDQS5jcmwwHwYDVR0jBBgwFoAU +C8BKfjpiWf5SoHetbFPJn/lQmtowHQYDVR0OBBYEFDuDH0yBph/T2vsZy/yfkGgG +EDDrMA0GCSqGSIb3DQEBDAUAA4ICAQArt7vm8Phtl1p4Riy8nb6bE1Xd4OHsh5H/ +OgLUO+f9ToFQxufX8NeauFBsGEie35ZmZx/DeS84rFESz0dOzONpD2xlsX0l2YW8 +G2qZHV2cPCIgGE98XaeM7h1LJRQjUuZHvM/9xSz4f4IUvqw6Jxgdi1gUUABMsk0U +QdXi0k/l302RGwmjPd2VCbqpc9LA4QwtovG9iGY26J1WnZlcT1XxokMHiK9t8OTS +tbbyOcSAu1P7kc8zgi+uwcvZxzxuP7/0ler+Ig/3fRCW7AaS3iThAQih6mSmhnLZ +a6/pPaUm9t2khZEsjH7kWYYXtwKZgQPK9nIXS5rGRUt45H8TR17lkRDU/aVNKXQ9 +pt7GcN+5zr4knw3Hm+SkToEWQ20Q31VZOzp6uww1/v/22rZjSAqsZg1TyqRCXXRt +3FvI+EEfN6mN+lxqtXP2HLGe4ZpHSj79oXvWmTjtbXR1PJq0gjJwWLzrji4MXmUf +xyMgkXV9Qu6OgalyhtqNixGqh6IaXqUimN6vGe12QkqaH51xxRvto1AB/lXx6pls +k/JpeRlIpwAa/DIrTVeszGnfIXJYXABhbVXo9db/+dnTsmm+b/hjcdwKMUNVBCzg +hagFt50ZSu0N2G8n+VVQXN8ntmtaDpKi1mBdWFlz+QTfm6ZTZo5wDX+4xMoUMsvI +RgB2hTPnQQ== +-----END CERTIFICATE----- +Subject: /C=US/O=Entrust/OU=Certification Authorities/OU=Entrust Managed Services NFI Root CA +Issuer: /C=US/O=U.S. Government/OU=FPKI/CN=Federal Bridge CA G4 +-----BEGIN CERTIFICATE----- +MIIG5DCCBcygAwIBAgIUF0feSbimcB3+AwLZdZfj1N3agLswDQYJKoZIhvcNAQEL +BQAwVTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDENMAsG +A1UECxMERlBLSTEdMBsGA1UEAxMURmVkZXJhbCBCcmlkZ2UgQ0EgRzQwHhcNMjQw +OTExMTQwMzIxWhcNMjcwOTExMTQwMzIxWjByMQswCQYDVQQGEwJVUzEQMA4GA1UE +ChMHRW50cnVzdDEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRob3JpdGllczEt +MCsGA1UECxMkRW50cnVzdCBNYW5hZ2VkIFNlcnZpY2VzIE5GSSBSb290IENBMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1fyw54a+2cBXtH06x4HB6ECX +sgVx/MJUQODXit/paoMSmlPjgnp8Ob0Hp+9t5REQ29l29mj9FZUoc8epuIqTyprx +q4J27DYXPbSCf7tnLQJUp0WvjPewWqXZ8BIsiJL/HcgSYFNuRVoNaa+7nCkI3F3E +liQW/WPA1q8Z3TOR/l6I9nSbrcQaJuF2YLzMSMhNvLbK2Ma2KwnxMsiKWrkGh0IP +XQVrNYJtuYiOjfzVt0G4rHdAnpv6YZ8TsKSXfeiH9+qfuGuXKUKZvsGIDn0zMesc +JZFV2b42pADg72lTQyZLQBGuIOh+1tYGzinI09iG+hNdIZjvlNS2BuK/bXxldQID +AQABo4IDjTCCA4kwHQYDVR0OBBYEFPPtObnaG00DPCYVOdgztQjvOD45MB8GA1Ud +IwQYMBaAFHnwAEnrf3fCXUECZTSKkCObHgdvMA4GA1UdDwEB/wQEAwIBBjAPBgNV +HRMBAf8EBTADAQH/MIGlBgNVHSAEgZ0wgZowDAYKYIZIAWUDAgEDATAMBgpghkgB +ZQMCAQMCMAwGCmCGSAFlAwIBAwMwDAYKYIZIAWUDAgEDDDAMBgpghkgBZQMCAQMO +MAwGCmCGSAFlAwIBAw8wDAYKYIZIAWUDAgEDEjAMBgpghkgBZQMCAQMTMAwGCmCG +SAFlAwIBAxQwDAYKYIZIAWUDAgEDJTAMBgpghkgBZQMCAQMmMIIBaQYDVR0hBIIB +YDCCAVwwGwYKYIZIAWUDAgEDAQYNYIZIAYb6a4FIAwoHCDAbBgpghkgBZQMCAQMC +Bg1ghkgBhvprgUgDCgcHMBsGCmCGSAFlAwIBAwMGDWCGSAGG+muBSAMKBwEwGwYK +YIZIAWUDAgEDDgYNYIZIAYb6a4FIAwoHDjAbBgpghkgBZQMCAQMMBg1ghkgBhvpr +gUgDCgcCMBsGCmCGSAFlAwIBAwwGDWCGSAGG+muBSAMKBwQwGwYKYIZIAWUDAgED +DwYNYIZIAYb6a4FIAwoHDzAbBgpghkgBZQMCAQMSBg1ghkgBhvprgUgDCgcGMBsG +CmCGSAFlAwIBAxMGDWCGSAGG+muBSAMKBw0wGwYKYIZIAWUDAgEDFAYNYIZIAYb6 +a4FIAwoHCTAbBgpghkgBZQMCAQMlBg1ghkgBhvprgUgDCgcDMBsGCmCGSAFlAwIB +AyYGDWCGSAGG+muBSAMKBxAwYgYIKwYBBQUHAQsEVjBUMFIGCCsGAQUFBzAFhkZo +dHRwOi8vbmZpcm9vdHdlYi5tYW5hZ2VkLmVudHJ1c3QuY29tL1NJQS9DQWNlcnRz +SXNzdWVkQnlORklSb290Q0EucDdjMBIGA1UdJAEB/wQIMAaAAQCBAQAwDQYDVR02 +AQH/BAMCAQAwUQYIKwYBBQUHAQEERTBDMEEGCCsGAQUFBzAChjVodHRwOi8vcmVw +by5mcGtpLmdvdi9icmlkZ2UvY2FDZXJ0c0lzc3VlZFRvZmJjYWc0LnA3YzA3BgNV +HR8EMDAuMCygKqAohiZodHRwOi8vcmVwby5mcGtpLmdvdi9icmlkZ2UvZmJjYWc0 +LmNybDANBgkqhkiG9w0BAQsFAAOCAQEAxudod5vh4t6anL7bWHGdqCeA8SHCXxDM +KEy9htRbzc6Ob8izGKOXLFivpWAodpWaxAItIxEX7UTqwgetCoCW1fmqb5bGuPjF +9vgBhz1jCesNgpvpco/vL0V8m1Fdsd/oP/h15rU8+2XeZAVugYSg+RoM64+hFVkE +mnB3ChRYQM69fTw/NbhppYluuC1CDLwdLTekz9H34yGrjdQWMHLeVK/9+52G1mIp +VofC86WWrHBZ3+Z3Mv50zXECi9nb3+Ffb5Dnyth23MARmCanoomh1fGgPrfL8eYo +UG8Rpo1BLe0cPVmBIh7wqcD1Cmy2MWZsZ0ZGYgfxWMaet1awiIIeaQ== +-----END CERTIFICATE----- Subject: /C=US/O=U.S. Government/OU=Department of the Treasury/OU=Certification Authorities/OU=OCIO CA Issuer: /C=US/O=U.S. Government/OU=Department of the Treasury/OU=Certification Authorities/OU=US Treasury Root CA -----BEGIN CERTIFICATE----- @@ -1058,6 +1057,53 @@ riYtyMI/LLWyo5mOuuqDRSlNCVkV8TsWFjzeNHUij7gvDJbFLR7genGzPpnf9MXn IgttrHJcj0OsmE+k080h2pFxxj+dk7Nt35LGxpbpSFI52B902dLxouGk37aIsZ+1 G2jPo1WzA056YEJXQ4GS+5/ELxfxW+eQ3vwZnQ== -----END CERTIFICATE----- +Subject: /C=US/O=Entrust/OU=Certification Authorities/CN=Entrust Managed PKI Federal Root CA G2 +Issuer: /C=US/O=U.S. Government/OU=FPKI/CN=Federal Common Policy CA G2 +-----BEGIN CERTIFICATE----- +MIIH5jCCBc6gAwIBAgIUKSN/QZUEZSaQUXMOKsN1et0JCIMwDQYJKoZIhvcNAQEM +BQAwXDELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDENMAsG +A1UECxMERlBLSTEkMCIGA1UEAxMbRmVkZXJhbCBDb21tb24gUG9saWN5IENBIEcy +MB4XDTI0MDcwOTEzNTU1MloXDTM0MDcwOTEzNTU1MlowdDELMAkGA1UEBhMCVVMx +EDAOBgNVBAoTB0VudHJ1c3QxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9y +aXRpZXMxLzAtBgNVBAMTJkVudHJ1c3QgTWFuYWdlZCBQS0kgRmVkZXJhbCBSb290 +IENBIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwa9JuwKlWMCK +wQczUt+EMM/V1+K1+GKvnoRE+NGep6VPboDGaI4sOdlQkOGf+gZWT6ErdHQyKs7I +BB2J4cIfkqKErXyUMuLeaUOu1bTlPutJcFY3BROYf09SaeqnVHk7SN0Af7cuPMUj +TMFXlcBkhuav4NcSRNFITxPYGHlKN812+/R5/mNUAMUDy8JO6V03tl6K0FWUANAD +6kMQhpLnJew6geyU7fe/6MoiM2zGA5VvqH5lf3Ps7+GpA/ThP/P2MiKsgfzLppsW +N1nWUaTLOwzbIHMijiwrP6B8kSKtDYEZK7rkfS4d8kKzXR8J1rihf/5fq2Iu+7EX +mIMpxI+JD7HX8uXShOwY6LQnaLByZZlbQMKbJGXiuYft5AU7QZjogoVxfMKj5EFI +7R0hqxHQ+y0rCiajYs6B0PqkaTXfmx392Q8+Wgu31dl6FUhq4syw8D7ZZH7HUMLB +fdzPsKTtvkHh08wTq4Le2XApREhXhME6QbLz429SOmyYo69gDLYqwx6HbJr5kD3q +73yPC5sC5mFPgebmG3+4b6Owsditvht7yuXLknl96V6rfRhx5y/a6AKLiOHYr3Pe +jJs8MpYOpchoNO2pLJifju85EEE0hA8YoKhL2C7YF/LwhE9Gfr1Bma+NfEoNKkCQ +ByWuqoWLv6SbJEatVdeVrLM1D/sikh0CAwEAAaOCAoYwggKCMB0GA1UdDgQWBBQL +wEp+OmJZ/lKgd61sU8mf+VCa2jAfBgNVHSMEGDAWgBT0J1ypw3xH9Pqmp7BZl6rd +NSYX4zAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zCBswYDVR0gBIGr +MIGoMAwGCmCGSAFlAwIBAxIwDAYKYIZIAWUDAgEDEzAMBgpghkgBZQMCAQMUMAwG +CmCGSAFlAwIBAwYwDAYKYIZIAWUDAgEDBzAMBgpghkgBZQMCAQMIMAwGCmCGSAFl +AwIBAyQwDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMRMAwGCmCGSAFlAwIBAycw +DAYKYIZIAWUDAgEDKDAMBgpghkgBZQMCAQMpMGEGCCsGAQUFBwELBFUwUzBRBggr +BgEFBQcwBYZFaHR0cDovL3Jvb3R3ZWIubWFuYWdlZC5lbnRydXN0LmNvbS9TSUEv +Q0FDZXJ0c0lzc3VlZEJ5RmVkUm9vdEcyQ0EucDdjMBIGA1UdJAEB/wQIMAaAAQCB +AQAwDQYDVR02AQH/BAMCAQAwUQYIKwYBBQUHAQEERTBDMEEGCCsGAQUFBzAChjVo +dHRwOi8vcmVwby5mcGtpLmdvdi9mY3BjYS9jYUNlcnRzSXNzdWVkVG9mY3BjYWcy +LnA3YzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vcmVwby5mcGtpLmdvdi9mY3Bj +YS9mY3BjYWcyLmNybDBXBgNVHSEEUDBOMBgGCmCGSAFlAwIBAxIGCmCGSAFlAwIB +Ay0wGAYKYIZIAWUDAgEDEwYKYIZIAWUDAgEDLjAYBgpghkgBZQMCAQMUBgpghkgB +ZQMCAQMvMA0GCSqGSIb3DQEBDAUAA4ICAQAqK0MHTCbHzG1pdPkeqkASdd3y10Ry +O3xIyQryXjh6+kCQqqYZ+VMgP/FLjpfg8ABz7qTFqwgmrpTZ+F4QYCimB1atPFDL +ehdQBfjqd87RR/k438MCWVOjon8+2wddQrP91ducLVZ7xN8oaKhemiPjQaY1sjgC +URrW7TSfARLJ15U21/UNUwJEqHndG7Q6N2D+qranPGwiVVHf+YumLneYed6KNuWo +IuisGBGFJXvnwzFamclqOAYh6oj/Kbju7cql8QlNVOyv0WweT1orRoAxV65NeUaJ +/lmyUXJvcAtAr68VTLmjQc1BTaoE2Zs+hndin+/KMccbl39A4ttITFhkgCTYWiXe +i5o5N+eM4jGZ3dgaDQtM/cRygJsl5ryAf/BnhPW/wCjiT3S+a13Yp1XS5IR8oBNU +yRJ/cFkyecQ5BYhp9D2YLAQVXVWYNE8Lzc/nwKOt3RwLkJJq0xHFRzC21WJh1crI +WvM227yTc6p73YCfb+GThlTcZpzbee6wSCfJgiM1hky2/n/1ZHgFBlIT7hM2oAFZ +2pVALuiEqBdmV7KrPXvQzmUyUDeeUrdC0bOjelSGaRriQRQ+oymbHZ0GEVt5V7pK +wz+2s9LIpjsOW5Uo+W/FdbkAIV0vT0FhGT3ieQeF16qRyDIxe9ko/1t6rECkr2d1 +RShtAA0YtLIVXQ== +-----END CERTIFICATE----- Subject: /C=US/O=U.S. Government/OU=HHS/OU=Certification Authorities/CN=HHS-FPKI-Intermediate-CA-E1 Issuer: /C=US/O=Entrust/OU=Certification Authorities/OU=Entrust Managed Services Root CA -----BEGIN CERTIFICATE----- @@ -1884,47 +1930,6 @@ x0dvpCIInDyfIib9dcE0cdGVlEpeAEMQFjpUbmCNpTlKUtSroY8CfZCOmi+Rp/fT O1Le2QJvSK0J9dS21rwV6SCtf+en2Razi0/S44tzOFa4fRdJLHTYPutu69p6+YMh Sul++7G14BLwhmWa2iRcjw+AlQ== -----END CERTIFICATE----- -Subject: /C=US/O=Carillon Federal Services Inc./OU=Certification Authorities/CN=Carillon Federal Services PIV-I CA2 -Issuer: /C=US/O=TSCP Inc./OU=CAs/CN=TSCP SHA256 Bridge CA ------BEGIN CERTIFICATE----- -MIIGvTCCBaWgAwIBAgIQP5czKzuw3BaO5p05pL1QWTANBgkqhkiG9w0BAQsFADBP -MQswCQYDVQQGEwJVUzESMBAGA1UEChMJVFNDUCBJbmMuMQwwCgYDVQQLEwNDQXMx -HjAcBgNVBAMTFVRTQ1AgU0hBMjU2IEJyaWRnZSBDQTAeFw0yMzA4MTcwMDAwMDBa -Fw0yNDA4MTYyMzU5NTlaMIGIMQswCQYDVQQGEwJVUzEnMCUGA1UEChMeQ2FyaWxs -b24gRmVkZXJhbCBTZXJ2aWNlcyBJbmMuMSIwIAYDVQQLExlDZXJ0aWZpY2F0aW9u -IEF1dGhvcml0aWVzMSwwKgYDVQQDEyNDYXJpbGxvbiBGZWRlcmFsIFNlcnZpY2Vz -IFBJVi1JIENBMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKPZVykV -6mbYVk9C6QbfVgNzgU+Z319HtN4Nvz+j1AfAtTS5hFtZVh/HLqS+JkTcxLxikmsv -dbgeYIKP3jl7RzrcIZIw8DXqoelVbNTMOuZf0/y09gF+roG9bR7MOZO68e5uVT9P -WY4M4aRAdKNk2mqHz9lZ4fi6FaNurY2EjboC6CmDRE3fqXYq6/3DhGdqAi9lJIJC -m4+UUJESIEp292OoIldNNIGMiURpEHHFuF1pSZBj9Qvs2DHW6xUa3BfZZn4tvWUv -ifvGRAfkze3BLcRr4ykznEkVglkeRrET0sqy7CkDoCAbRHKN3v5KhGHEI43H053J -c45B6gwmoGodxIR4cjziO+ECxd7x77r0z5VuMcCGi64ew9Rj6ZSrdy3EdOXFkV9n -vXcC3qHrVTh64Hpe8wojlkyqVpifpKZ7CjaG85bJ6KhMgCNLr8A+b4IxiweKeBLq -AXV1kXyTTv9vnAeZq4vgiyicYXcyt4gWLP3ybeEdR0RNiGUDsrob7rJ+LZw6+AX6 -LSqCpXd+8MsWnZjsSh9w07S7PxYYfTlSNTudu7c1+NKafexr+Rub1AWhtKbupInt -MEY9yCeMNar8qZFhduzCtxmwEbgU1dKIqX/HRQsYhOHaTuLXhZ2nlgoPmvUbZP1S -HOV5CvlGb/mnSLX34YhgOzqzWD+DguMqLxpPAgMBAAGjggJZMIICVTAPBgNVHRMB -Af8EBTADAQH/MHkGA1UdIARyMHAwDgYMKwYBBAGCqVMBAQEBMA4GDCsGAQQBgqlT -AQEBAjAOBgwrBgEEAYKpUwEBAQUwDgYMKwYBBAGCqVMBAQEGMA4GDCsGAQQBgqlT -AQEBBzAOBgwrBgEEAYKpUwEBAQwwDgYMKwYBBAGCqVMBAQENMD4GA1UdHwQ3MDUw -M6AxoC+GLWh0dHA6Ly90c2NwLWNybC5zeW1hdXRoLmNvbS90c2NwYmNhc2hhMjU2 -LmNybDAOBgNVHQ8BAf8EBAMCAQYwCgYDVR02BAMCAQAwgdYGA1UdIQSBzjCByzAb -BgwrBgEEAYKpUwEBAQEGCysGAQQBguQmAwELMBsGDCsGAQQBgqlTAQEBAgYLKwYB -BAGC5CYDAQwwGwYMKwYBBAGCqVMBAQEMBgsrBgEEAYLkJgMBDTAbBgwrBgEEAYKp -UwEBAQ0GCysGAQQBguQmAwEOMBsGDCsGAQQBgqlTAQEBBQYLKwYBBAGC5CYDARQw -GwYMKwYBBAGCqVMBAQEGBgsrBgEEAYLkJgMBFTAbBgwrBgEEAYKpUwEBAQcGCysG -AQQBguQmAwEWMB0GA1UdDgQWBBQJ5HhWQQKkayDak+hF9jHhTMTE/DBSBggrBgEF -BQcBAQRGMEQwQgYIKwYBBQUHMAKGNmh0dHA6Ly90c2NwLWFpYS5zeW1hdXRoLmNv -bS9Jc3N1ZWRUby10c2NwYmNhc2hhMjU2LnA3YzAfBgNVHSMEGDAWgBS4UWJmMEW+ -5QxXHCNofuZP9ws+9zANBgkqhkiG9w0BAQsFAAOCAQEAgLvw0Gp1AXvUXFleUX+z -lTGHCZt+zp7u7QIw+Kdtf5xNV+aXZAducQiwpCtaMWF3EphetYEUNVX1Qe5qpy1L -A/Okfzcmtzvn1YJ0Di/rY86wkQugQRjTgkS68HfeM5OJzAcpSN8gN702Hc1teaEL -r1J5WV8xgSPLhBOSbi8Cwcaf87iRuaJCd+gfVXrmH4VRu/598OJrOu3MB2qAiz93 -e9W/epnk9TUStTi+3jpu09A5ziv0FuTLzvtHY9e5Vj5IRvIzjpLUnNk7MYElpJl0 -+ehZS/jS2eabXreoz/jX/CzdF0eYxC+BoXUHYiPMCDWLOb4VZq0Usk4bG7ZV4rrh -FQ== ------END CERTIFICATE----- Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-70 Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 6 -----BEGIN CERTIFICATE----- @@ -2497,65 +2502,6 @@ VVQjMLp64+IO/4tiG9MfKrQgeVC6EyNU3bph4wohwbaNImQM2XoS0k2EGCfrlptW RrMV1HTv/nUmhehzCImuHyAphTsDu7ahLrwaWuTB3VbA6DkZZqJKO0gA7HZEo4AD bIz2 -----END CERTIFICATE----- -Subject: /C=CA/O=Carillon Information Security Inc./OU=Certification Authorities/CN=Carillon PKI Services CA 1 -Issuer: /C=CA/O=Carillon Information Security Inc./OU=Certification Authorities/CN=Carillon PKI Services G2 Root CA 2 ------BEGIN CERTIFICATE----- -MIIKLzCCCBegAwIBAgIGCOW5AwpiMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQG -EwJDQTErMCkGA1UEChMiQ2FyaWxsb24gSW5mb3JtYXRpb24gU2VjdXJpdHkgSW5j -LjEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRob3JpdGllczErMCkGA1UEAxMi -Q2FyaWxsb24gUEtJIFNlcnZpY2VzIEcyIFJvb3QgQ0EgMjAeFw0yMDAxMjAyMDI1 -MTNaFw0yNzEwMjMyMDI1MTNaMIGDMQswCQYDVQQGEwJDQTErMCkGA1UEChMiQ2Fy -aWxsb24gSW5mb3JtYXRpb24gU2VjdXJpdHkgSW5jLjEiMCAGA1UECxMZQ2VydGlm -aWNhdGlvbiBBdXRob3JpdGllczEjMCEGA1UEAxMaQ2FyaWxsb24gUEtJIFNlcnZp -Y2VzIENBIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCmfig70NvZ -sDdkhiyivFSvLxvNb1w3oel5u/j51p8VCpHrMBl9Gp25s0qvW13IK0o1vvx3ZXMW -Jjme3p/DYtRdKIbbj8Kd5T9iUpKZlmY8RIOapzEPFPrTdgdO2wWNW30IgbPcidj7 -naGuChrBdrP5KrOr2mU6hjH5HGbVEWL0Pc1PrDuZ/78C05+ZmXiFuAmTSisxKRu2 -uoyghyAm2hTv1QHTOe0NO7aZA2zfw4UB1laDXWzVWvzNWnAJqozmnmxeP+O4vfog -KUoSB+F6nIgs63qGYmUPV/d5YCm2SnL3V1/oxf4lDRD6tLB2uncgYK8Zj3oGCpHc -jUJRwmrfzfNjWWPvvnv3Kl6adazNXXHbkkx64PFoh6QrVXh08ED9s7wWg4W/SMKa -IGuQ/+xKxTeUgT/BnJ4xSpS6AcRPK/MxiecVoe837yLRN3q+lh56XYArlCuI/r5/ -bAHJyJG7bOebgdTZk5VB10e/e5n4VPWeUVgzEZ4290pmYiohBmxe4qmUrAgPEZw4 -4Y0HFi0lSTrlz467cV0puPpCUvyPMtheiBRXptyfFu4/3hPXAbTS4MV1Ul/hwYiA -yTHVxbTvTE4EVHD0vRYxLdj9xHN33HX6dPNtHZnEXZgHBwgpYdPbjwCwyrC4Ge0I -1jKu63HH7fy52uPvel57ZIsJltPlP64mWQIDAQABo4IEnTCCBJkwHQYDVR0OBBYE -FCH4GUdEx3wYkb2ODzUTVQbU4++lMB8GA1UdIwQYMBaAFP4BF6aKLnoK25nuD0uU -gwSK3JGRMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMIIDrAYD -VR0gBIIDozCCA58wDQYLKwYBBAGBw14DAQMwDQYLKwYBBAGBw14DAQQwDQYLKwYB -BAGBw14DAQUwDQYLKwYBBAGBw14DAQYwDQYLKwYBBAGBw14DAQcwDQYLKwYBBAGB -w14DAQgwDQYLKwYBBAGBw14DAQkwDQYLKwYBBAGBw14DAQowDQYLKwYBBAGBw14D -AR4wDQYLKwYBBAGBw14DAQswDQYLKwYBBAGBw14DAR8wDQYLKwYBBAGBw14DAQww -DQYLKwYBBAGBw14DAQ0wDQYLKwYBBAGBw14DAQ4wgewGCysGAQQBgcNeAwEUMIHc -MDkGCCsGAQUFBwIBFi1odHRwczovL3B1Yi5jYXJpbGxvbi5jYS9DZXJ0aWZpY2F0 -ZVBvbGljeS5wZGYwgZ4GCCsGAQUFBwICMIGRGoGOVGhpcyBjZXJ0aWZpY2F0ZSBo -YXMgYmVlbiBpc3N1ZWQgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBDYXJpbGxvbiBJ -bmZvcm1hdGlvbiBTZWN1cml0eSBJbmMuIENlcnRpZmljYXRlIFBvbGljeSBhcyBm -b3VuZCBpbiB0aGUgQ1BTcG9pbnRlciBmaWVsZDCB7AYLKwYBBAGBw14DARUwgdww -OQYIKwYBBQUHAgEWLWh0dHBzOi8vcHViLmNhcmlsbG9uLmNhL0NlcnRpZmljYXRl -UG9saWN5LnBkZjCBngYIKwYBBQUHAgIwgZEagY5UaGlzIGNlcnRpZmljYXRlIGhh -cyBiZWVuIGlzc3VlZCBpbiBhY2NvcmRhbmNlIHdpdGggdGhlIENhcmlsbG9uIElu -Zm9ybWF0aW9uIFNlY3VyaXR5IEluYy4gQ2VydGlmaWNhdGUgUG9saWN5IGFzIGZv -dW5kIGluIHRoZSBDUFNwb2ludGVyIGZpZWxkMIHsBgsrBgEEAYHDXgMBFjCB3DA5 -BggrBgEFBQcCARYtaHR0cHM6Ly9wdWIuY2FyaWxsb24uY2EvQ2VydGlmaWNhdGVQ -b2xpY3kucGRmMIGeBggrBgEFBQcCAjCBkRqBjlRoaXMgY2VydGlmaWNhdGUgaGFz -IGJlZW4gaXNzdWVkIGluIGFjY29yZGFuY2Ugd2l0aCB0aGUgQ2FyaWxsb24gSW5m -b3JtYXRpb24gU2VjdXJpdHkgSW5jLiBDZXJ0aWZpY2F0ZSBQb2xpY3kgYXMgZm91 -bmQgaW4gdGhlIENQU3BvaW50ZXIgZmllbGQwSAYIKwYBBQUHAQEEPDA6MDgGCCsG -AQUFBzAChixodHRwOi8vcHViLmNhcmlsbG9uLmNhL0NBY2VydHMvQ0lTRzJSQ0Ey -LnA3YzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vcHViLmNhcmlsbG9uLmNhL0NS -TC9DSVNHMlJDQTIuY3JsMA0GCSqGSIb3DQEBCwUAA4ICAQCxCKjuGIqZfVo4MfvY -BTrbfh+td4F8r1JU8dpcDi1ZUaCEaT7iONqFLN/R52OYHYyyRLm+bkeJuN79BVjf -KqcBYacEEbpOqJJjVDqbHKh0p6rq5TvO8DfaH1j8d3DEphFTmWA4EgdVNUZEZGyD -xFUDwxIbjHPsUAd2q37kwx+BZwA04/DEdYj7wTNWc59w9fZMLvrbvLY5A9dr8h7e -U5VDP3RzNlfWYaqHmzG6KBXipcpQjs5MFjTbgPaZ22hAQ7fzilywlzh3DQrlVSqw -lOYWFuEDraX/qmCS1xWQ07KfQ9o76j8kgnIwF344t/9ayjiucFPxPAC3YbXtSlN5 -17QcuD6ciHhWGtFFGnDOT3fFkhEREk8UVCOvpooIH4FeghFUP/QNol1pejXIkdcA -8ehSYppM8EyIAKCemF65ChsHCUWlOocC0rPGYQUnZ3vyjzIoG2TkiwM1ZwozgUHl -Me8ZoNfcgKrJ3rFP2Q9bKAMGq90/DwM1EbVMEa0/3Z2dJg871BQhgulf3bgsy1pT -sohqdShDl6crY7kkjuGMMBTVuMB3pvoTQVrfbMIOlv0MZ8z3tPPonmEmrJRJKDO2 -H/PHZZNQtiYEB+FBg318uY6hkEAcAyqz9MaJA8OaN2dKmqFLuVXY5HeNOAYTt3uV -ncpco5240zqYScBBURTxuM+VFg== ------END CERTIFICATE----- Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD SW CA-67 Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 -----BEGIN CERTIFICATE----- @@ -2664,6 +2610,50 @@ FP5ed63Ab5qeKmXWp37Lvt3/gSF7vXkBvZnxBV4FM1hZkcOttIm80aemT2Wjo9nS YGhcdMwXgiUMDo9tR6hXhhTQaEP2a+aU9PxsydmS6u/uxCedpIMHBp5wstfFdXw5 NzYsxyfd -----END CERTIFICATE----- +Subject: /O=Leidos/CN=Leidos FBCA Cloud PKI CA-2 +Issuer: /C=US/O=IdenTrust/CN=IdenTrust Global Common Root CA 1 +-----BEGIN CERTIFICATE----- +MIIHWDCCBUCgAwIBAgIQQAGP6f6scck5vTWgAFyLkDANBgkqhkiG9w0BAQsFADBN +MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVu +VHJ1c3QgR2xvYmFsIENvbW1vbiBSb290IENBIDEwHhcNMjQwNjA1MjAwMjEyWhcN +MzQwMTE2MTgwNTA1WjA2MQ8wDQYDVQQKEwZMZWlkb3MxIzAhBgNVBAMTGkxlaWRv +cyBGQkNBIENsb3VkIFBLSSBDQS0yMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEAtqEzgA0M0v5s0JhV+Tj2rWKcdHZj/1/e7c7a01diJO9zScSCIWSAoKB1 +Byj5ZeQeViPWBN9RqOjasY6YpwQyMUaPKmlgxCzJsE9/ipAHy+3d0ZOQraHfDtNB +BhiCk86aZtKyLEPyJdug3d+TNR4WzvUphvaTYk4K7auB2RaTBN8hBbwDzGqIgP1k +9dFX0Y0XOwECLPsgjVyfecGZjICWt22Ic2vEFn3ZxHabkeed56FQ9mOfvlSzqn3E +uJ1h1rdfmFcIIOkU+KB6A2W34ItZyTpbWR+uELCMqTnhJtDSTJPfXwXMYxOhXJsY +tAzCL5XsHvyHNxNTgKjLLdxt25Yn5kfq0dbJMGAB5rjp2dxKsCVxUF5NDYXfMQv8 +iX2ARCeO/IO2VL+5OsBa2QZHMn40KPJomFSRLPhwR2JepuS6uZDfvJl3j2r8dOId +gR6vefBVZU8xvL4zVNSSrAKZ8X4uiORcUfZ24K+HsFnpUddbPAMBGY0W1Us+gmtw +3KUA+w2RxQ8TZFaURjT0SKrDHvgeaHRmS7h2Sy56iarlacfPN0p1X5UuAs4bUzCg +lRmOqX2Rjt0mwbHwdfO9H5uZ40KlSb7r9DQl0uUk3U30qywx0U53rJhh4EzdtD9S +GaqzpLgI/Rf9LLG3luh9eQNNpWYJyV+ZJrT88RCNvDpVsbtS0MMCAwEAAaOCAkkw +ggJFMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMHsGCCsGAQUF +BwEBBG8wbTApBggrBgEFBQcwAYYdaHR0cDovL2lnYy5vY3NwLmlkZW50cnVzdC5j +b20wQAYIKwYBBQUHMAKGNGh0dHA6Ly92YWxpZGF0aW9uLmlkZW50cnVzdC5jb20v +cm9vdHMvaWdjcm9vdGNhMS5wN2MwHwYDVR0jBBgwFoAU+PmLL3+QQ5+P5owstUm4 +T5KLFnQwggEbBgNVHSAEggESMIIBDjANBgtghkgBhvkvAGQCATANBgtghkgBhvkv +AGQCAjANBgtghkgBhvkvAGQCAzANBgtghkgBhvkvAGQCBDANBgtghkgBhvkvAGQC +BTANBgtghkgBhvkvAGQCBjANBgtghkgBhvkvAGQCBzANBgtghkgBhvkvAGQCCDAN +BgtghkgBhvkvAGQDATANBgtghkgBhvkvAGQDAjANBgtghkgBhvkvAGQDAzANBgtg +hkgBhvkvAGQDBDANBgtghkgBhvkvAGQDBTANBgtghkgBhvkvAGQDBjANBgtghkgB +hvkvAGQMATANBgtghkgBhvkvAGQMAjANBgtghkgBhvkvAGQMAzANBgtghkgBhvkv +AGQMBDBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vdmFsaWRhdGlvbi5pZGVudHJ1 +c3QuY29tL2NybC9pZ2Nyb290Y2ExLmNybDAdBgNVHQ4EFgQULHfE1DWus5YBf0dE +FU4MQmIaX3cwDQYJKoZIhvcNAQELBQADggIBADUK7JrSAeFHvPRc75j5UEjyh9eA +ExmwFXugx3tY3WUIHLp/WBIWZSkvS22SvOGSvhoMeeEb8xRo2wo6mvXVfkL3b6Ed +ymMNjP4PtD6AipfFsssuLACgIFv6L7xErquYIa/MEpjnX70imDo+n9t57Upno54x +K59P+0Rm00/kzAP4joBHlGg+us5aR9u6Jk5V9PwoY2Uq5HFsfUuda/6F16xe7vIC +6Zi1tI+LISa8pvsa63A7Jk0j91udOd76UPttjSUicTyuVSHgfQtRrRjer761At9R +96NjP6CLIcQ7UweaxACdL62bzGoTaxV2DZ6AfGEoMFsVT6p4KvLLhMtrhSJAIdE3 +7SploFbO6K8a3BpV8XCb14p1HZpaDq8aY5zI6ZKuy7Gx2My+r/zZuPV+KEtYHdcC ++1ste9YeoCy3DiEi2EA8st6ZTNPx0/AqMMDhSWnqxg3rpwozSBgD0B3kr3VGO9JK +utuGMcRggpkI1M3vSV/ng4MBqcq0w8r/v7Ai/Kt2KEeJde4GZs9nMxrnL3LZ3Ch+ +2VC2OffkOG9jr9qt9+dRKlmL1UHYjIGrMD2yaiX9bEhagUDspQ/uVjSOy27Bq9sr +r+bHhiedW1wb2HPCt1pcJ5LatWVNLk+kE/HljHSqSgpJDIWAo+YTTqFnPtNMmMiq +LhFHtU36ELtJQ03/ +-----END CERTIFICATE----- Subject: /C=US/O=U.S. Government/OU=U.S. Senate/OU=Office of the Sergeant at Arms/CN=Senate PIV-I CA G5 PROD Issuer: /C=US/O=DigiCert, Inc./CN=DigiCert Class 3 SSP Intermediate CA - G4 -----BEGIN CERTIFICATE----- @@ -3140,6 +3130,60 @@ m++tSolwssG3s1sw4yiH/65g4Phyk5eUSl2Tt7vgq6be8ZA/T5VevkoSBmFxhhdn FwWG3Fqt7DbQ+CMF1CrekZTWGCnuVLXa0aKyZ+4a+wJSWrVWomYXiqoWoSXIDWOT OWDx -----END CERTIFICATE----- +Subject: /DC=com/DC=rtx/O=CAs/OU=Class3-G3/CN=Raytheon Technologies Medium Assurance CA +Issuer: /C=US/O=CertiPath/OU=Certification Authorities/CN=CertiPath Bridge CA - G3 +-----BEGIN CERTIFICATE----- +MIIJPDCCBySgAwIBAgIQLcTNYTmcLy9T3JcAu2VtFTANBgkqhkiG9w0BAQwFADBo +MQswCQYDVQQGEwJVUzESMBAGA1UEChMJQ2VydGlQYXRoMSIwIAYDVQQLExlDZXJ0 +aWZpY2F0aW9uIEF1dGhvcml0aWVzMSEwHwYDVQQDExhDZXJ0aVBhdGggQnJpZGdl +IENBIC0gRzMwHhcNMjQwNzE3MDAwMDAwWhcNMjUwNzMxMjM1OTU5WjCBgDETMBEG +CgmSJomT8ixkARkWA2NvbTETMBEGCgmSJomT8ixkARkWA3J0eDEMMAoGA1UEChMD +Q0FzMRIwEAYDVQQLEwlDbGFzczMtRzMxMjAwBgNVBAMTKVJheXRoZW9uIFRlY2hu +b2xvZ2llcyBNZWRpdW0gQXNzdXJhbmNlIENBMIIBojANBgkqhkiG9w0BAQEFAAOC +AY8AMIIBigKCAYEAkx/EEgnF109IAsR2JR0SI0bl8q0guDJlKyaOFC1GjZy1B5y3 +3FddEPJdR2tB0sIAki2CiWYpy3kJ4M80zRknWJ+WhLF4FYCNzqD1jvffnvGUcGpn +NTiffIq/a7K7VtsEhjCQIumgSjSsxR5IdpMbjspi+ZCetLxL3URdPIlty0oVtnHB +EH/tQOZ9u5GFy6tycAC3WqtPHp1SZjeUGsNDKcsF6KtyxeVxvn4CNcadp4dGbzxU +65XchRkepj+ZcRt8vS2+le8jxVYN4LC0Nn6zQuW7g2ZPy2XQWseqr2hla9/XbjvN +ESjfixDQVBsF3dVKN5oRiUp4EtBJirXI+irtBBSdeGeFwqW5UUaLW/T6WTA5tjgC +THYMT7emOEXTe2o+osu9cwNXNjxZfv/TKYNd/Bq4sdf0bXLHZ0rPpSAmpt6qYpe+ +Pv5PcZ/Bjl9xobZCt0kzQy+aI4AN91XjvK8uQedTiIxX970/W8tEqFUo5UCmtQ6b +xRxnHu0p3yeYhrQ7AgMBAAGjggRHMIIEQzASBgNVHRMBAf8ECDAGAQH/AgEAMGkG +A1UdIARiMGAwDgYMKwYBBAGBu1MBAQEBMA4GDCsGAQQBgbtTAQEBAjAOBgwrBgEE +AYG7UwEBAQQwDgYMKwYBBAGBu1MBAQEFMA4GDCsGAQQBgbtTAQEBFzAOBgwrBgEE +AYG7UwEBARgwQgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2NybC5jZXJ0aXBhdGgu +Y29tL0NlcnRpUGF0aEJyaWRnZUNBLUczLmNybDAOBgNVHQ8BAf8EBAMCAQYwCgYD +VR02BAMCAQAwggESBgNVHSEEggEJMIIBBTAbBgwrBgEEAYG7UwEBAQEGCysGAQQB +gdERCgENMBsGDCsGAQQBgbtTAQEBAgYLKwYBBAGB0REKAQwwGwYMKwYBBAGBu1MB +AQEEBgsrBgEEAYHREQoBDzAbBgwrBgEEAYG7UwEBAQUGCysGAQQBgdERCgEOMBsG +DCsGAQQBgbtTAQEBFwYLKwYBBAGB0REKARMwGwYMKwYBBAGBu1MBAQEYBgsrBgEE +AYHREQoBEjAbBgwrBgEEAYG7UwEBAQEGCysGAQQBgdERCgEMMBsGDCsGAQQBgbtT +AQEBBAYLKwYBBAGB0REKAQ4wGwYMKwYBBAGBu1MBAQEXBgsrBgEEAYHREQoBEjAS +BgNVHSQBAf8ECDAGgAEAgQEAMB0GA1UdDgQWBBSXaW39fivlp/JivXXqlh7gDMCp +RjBNBggrBgEFBQcBAQRBMD8wPQYIKwYBBQUHMAKGMWh0dHA6Ly9haWEuY2VydGlw +YXRoLmNvbS9DZXJ0aVBhdGhCcmlkZ2VDQS1HMy5wN2MwggGnBgNVHR4BAf8EggGb +MIIBl6CCAZMwCoEILmJibi5jb20wDoEMLmNvbGxpbnMuY29tMBOBES5wcmF0dHdo +aXRuZXkuY29tMAqBCC5yYXkuY29tMA+BDS5yYXl0aGVvbi5jb20wCoEILnJ0eC5j +b20wDYELLnNpZ292cy5jb20wCoEILnV0Yy5jb20wCYEHYmJuLmNvbTANgQtjb2xs +aW5zLmNvbTASgRBwcmF0dHdoaXRuZXkuY29tMAmBB3JheS5jb20wDoEMcmF5dGhl +b24uY29tMAmBB3J0eC5jb20wDIEKc2lnb3ZzLmNvbTAJgQd1dGMuY29tMAmCB2Ji +bi5jb20wDYILY29sbGlucy5jb20wEoIQcHJhdHR3aGl0bmV5LmNvbTAJggdyYXku +Y29tMA6CDHJheXRoZW9uLmNvbTAJggdydHguY29tMAyCCnNpZ292cy5jb20wCYIH +dXRjLmNvbTAupCwwKjETMBEGCgmSJomT8ixkARkWA2NvbTETMBEGCgmSJomT8ixk +ARkWA3J0eDASpBAwDjEMMAoGA1UEChMDcnR4MB8GA1UdIwQYMBaAFHqLPAaS3B6o +0oKsG3RvdD1O0aibMA0GCSqGSIb3DQEBDAUAA4ICAQC+YcgUo+joG2gA7puVzFui +2nytenD2Psm+r57rNicNhUpk5jVokNo1Qj9pOgCQxuT8DE4s20a/FZdAquvd/kcs +Rm9p5gWkIyOUzjqmdVNERf82PndSQpILe5/IC6uJ4/1lLfEZvE70Jro1ybn+/IO0 +Zv/XvAcqSJAFNa4f4USVTHduBkudBi6NcRS9rOlVRAg0HioB5+gt2m4YVJl+LXP1 +eHfNmVmLnicw0cjZiEqYee1t9O2X8yFNoYAulWKQN750LHM9Wrm41V/sm/qZFmmV ++t+GEmgwJIm3n+TnGLKH/lS9KNqZo8tBt2bSLbUXcVsbKO0NpN1Va7KJ20+cTq3M +h2NlJJW/KaAlKBXi1cRRodbR8VgFnlV0w0Qy0LvpYKSiAH2GqzzCrefShiaXZn35 +bG25nqia0KYnd3knLF+RHLohIjFRqGlsurJCtzYE7h4nqGZghM+IkjqUuOtqThXs +0CxTNXLgubw7sqk7CXVZfyXUBJVw1tAb6Rm+UMntw8VM4/06/E6d35+/HFmEsbuy +GAnmWq6/RXCvkDxsZ822ZmBCllBo78hzBWAuowYmv1TS/BiL6kuWyoKimX45DVTK +daZcDyIGzUQTIr9XAgGIly83M8KgmWpi/oG8HJwRrpesiTgrCJ/mTdB2YJGJ04Cx +d3gnw2AeegPJH9V944niFg== +-----END CERTIFICATE----- Subject: /C=US/O=U.S. Government/OU=FPKI/CN=Federal Bridge CA G4 Issuer: /C=US/O=U.S. Government/OU=FPKI/CN=Federal Common Policy CA G2 -----BEGIN CERTIFICATE----- @@ -3577,60 +3621,6 @@ g+UU+0OQbGaw3Rilx3Juzq/ZN2gxttIC0leO/o0eUYxZof3SbpI/ZeRhgp+Q/Y3w EtrZ17e+93hIwxZsgBPKJAm5HAR8v+s8FvXrTc7yt0pMkD5oBLKqR9gfc4dVwK82 qHRzSSPS -----END CERTIFICATE----- -Subject: /DC=com/DC=rtx/O=CAs/OU=Class3-G3/CN=Raytheon Technologies Medium Assurance CA -Issuer: /C=US/O=CertiPath/OU=Certification Authorities/CN=CertiPath Bridge CA - G3 ------BEGIN CERTIFICATE----- -MIIJPDCCBySgAwIBAgIQcHOmLgAWlEcHrNTBsRik1TANBgkqhkiG9w0BAQwFADBo -MQswCQYDVQQGEwJVUzESMBAGA1UEChMJQ2VydGlQYXRoMSIwIAYDVQQLExlDZXJ0 -aWZpY2F0aW9uIEF1dGhvcml0aWVzMSEwHwYDVQQDExhDZXJ0aVBhdGggQnJpZGdl -IENBIC0gRzMwHhcNMjMwNzE5MDAwMDAwWhcNMjQwNzMxMjM1OTU5WjCBgDETMBEG -CgmSJomT8ixkARkWA2NvbTETMBEGCgmSJomT8ixkARkWA3J0eDEMMAoGA1UEChMD -Q0FzMRIwEAYDVQQLEwlDbGFzczMtRzMxMjAwBgNVBAMTKVJheXRoZW9uIFRlY2hu -b2xvZ2llcyBNZWRpdW0gQXNzdXJhbmNlIENBMIIBojANBgkqhkiG9w0BAQEFAAOC -AY8AMIIBigKCAYEAkx/EEgnF109IAsR2JR0SI0bl8q0guDJlKyaOFC1GjZy1B5y3 -3FddEPJdR2tB0sIAki2CiWYpy3kJ4M80zRknWJ+WhLF4FYCNzqD1jvffnvGUcGpn -NTiffIq/a7K7VtsEhjCQIumgSjSsxR5IdpMbjspi+ZCetLxL3URdPIlty0oVtnHB -EH/tQOZ9u5GFy6tycAC3WqtPHp1SZjeUGsNDKcsF6KtyxeVxvn4CNcadp4dGbzxU -65XchRkepj+ZcRt8vS2+le8jxVYN4LC0Nn6zQuW7g2ZPy2XQWseqr2hla9/XbjvN -ESjfixDQVBsF3dVKN5oRiUp4EtBJirXI+irtBBSdeGeFwqW5UUaLW/T6WTA5tjgC -THYMT7emOEXTe2o+osu9cwNXNjxZfv/TKYNd/Bq4sdf0bXLHZ0rPpSAmpt6qYpe+ -Pv5PcZ/Bjl9xobZCt0kzQy+aI4AN91XjvK8uQedTiIxX970/W8tEqFUo5UCmtQ6b -xRxnHu0p3yeYhrQ7AgMBAAGjggRHMIIEQzASBgNVHRMBAf8ECDAGAQH/AgEAMGkG -A1UdIARiMGAwDgYMKwYBBAGBu1MBAQEBMA4GDCsGAQQBgbtTAQEBAjAOBgwrBgEE -AYG7UwEBAQQwDgYMKwYBBAGBu1MBAQEFMA4GDCsGAQQBgbtTAQEBFzAOBgwrBgEE -AYG7UwEBARgwQgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2NybC5jZXJ0aXBhdGgu -Y29tL0NlcnRpUGF0aEJyaWRnZUNBLUczLmNybDAOBgNVHQ8BAf8EBAMCAQYwCgYD -VR02BAMCAQAwggESBgNVHSEEggEJMIIBBTAbBgwrBgEEAYG7UwEBAQEGCysGAQQB -gdERCgENMBsGDCsGAQQBgbtTAQEBAgYLKwYBBAGB0REKAQwwGwYMKwYBBAGBu1MB -AQEEBgsrBgEEAYHREQoBDzAbBgwrBgEEAYG7UwEBAQUGCysGAQQBgdERCgEOMBsG -DCsGAQQBgbtTAQEBFwYLKwYBBAGB0REKARMwGwYMKwYBBAGBu1MBAQEYBgsrBgEE -AYHREQoBEjAbBgwrBgEEAYG7UwEBAQEGCysGAQQBgdERCgEMMBsGDCsGAQQBgbtT -AQEBBAYLKwYBBAGB0REKAQ4wGwYMKwYBBAGBu1MBAQEXBgsrBgEEAYHREQoBEjAS -BgNVHSQBAf8ECDAGgAEAgQEAMB0GA1UdDgQWBBSXaW39fivlp/JivXXqlh7gDMCp -RjBNBggrBgEFBQcBAQRBMD8wPQYIKwYBBQUHMAKGMWh0dHA6Ly9haWEuY2VydGlw -YXRoLmNvbS9DZXJ0aVBhdGhCcmlkZ2VDQS1HMy5wN2MwggGnBgNVHR4BAf8EggGb -MIIBl6CCAZMwCoEILmJibi5jb20wDoEMLmNvbGxpbnMuY29tMBOBES5wcmF0dHdo -aXRuZXkuY29tMAqBCC5yYXkuY29tMA+BDS5yYXl0aGVvbi5jb20wCoEILnJ0eC5j -b20wDYELLnNpZ292cy5jb20wCoEILnV0Yy5jb20wCYEHYmJuLmNvbTANgQtjb2xs -aW5zLmNvbTASgRBwcmF0dHdoaXRuZXkuY29tMAmBB3JheS5jb20wDoEMcmF5dGhl -b24uY29tMAmBB3J0eC5jb20wDIEKc2lnb3ZzLmNvbTAJgQd1dGMuY29tMAmCB2Ji -bi5jb20wDYILY29sbGlucy5jb20wEoIQcHJhdHR3aGl0bmV5LmNvbTAJggdyYXku -Y29tMA6CDHJheXRoZW9uLmNvbTAJggdydHguY29tMAyCCnNpZ292cy5jb20wCYIH -dXRjLmNvbTAupCwwKjETMBEGCgmSJomT8ixkARkWA2NvbTETMBEGCgmSJomT8ixk -ARkWA3J0eDASpBAwDjEMMAoGA1UEChMDcnR4MB8GA1UdIwQYMBaAFHqLPAaS3B6o -0oKsG3RvdD1O0aibMA0GCSqGSIb3DQEBDAUAA4ICAQBpt5+O9y9nj1a2XwXmoEJG -q8nKzgfna0t5Kn12McVwzsXKzlFQnJp44zIWcpvn4nHzTWeotxrq1ks9RUa1i63h -ISdDftcJDaPWoLdglbUNqMkrO+ytPWSKF4XfoFCAtlDv8IEYl87+PWNW5ArDx9yf -hBJuQhK/ekweI8JoC92KQCwCwZeBFRPWDjPVDMuB9HUR6hg5DvANmQdZllDIhWpB -CP03g90AapX9A192tUCGPDS2FBPicZkyNI7Fk4SwqfSctLORwja7wGiW8cKYn9uJ -XPNSgGo/mIofs4IC5OOjW/cOokl3sYdySeX9QI1nAewoXk5ONssqMwQuuFOrqhzC -80ob8wYfu9z3rspt7qOhCVDraZ/cXTBwDgFxJWfLTTCdXWeC2dOBYvLsgnEz9zBg -4JBnkxHM13tShCigc/BnIYbb/daWiwtFHChBzsEh7SKHwGYeoMPwyG0FtlOihtaN -hRsev2XsR0hFRFbEb9s5qAhC4JUX8IIW7kw+rioCQ3H5wWeBGefjcbL+ihlg0X0/ -nqkhQqDvWdHCMIFC9ce3eGIhNiiX4gdq7dthFHB5ddRHZ50sNkfyTgQi4Qra3F6z -AWbcHUe/HqCvI3eQe7z+YcjgSR4819Or5GyyD5VR7pkCds6IEhL1ofcfTUhv1b7C -n33UFX3RwnMwXpA/1BPa0g== ------END CERTIFICATE----- Subject: /C=US/O=U.S. Government/OU=U.S. Department of Transportation/CN=U.S. Department of Transportation Agency CA G5 Issuer: /C=US/O=DigiCert, Inc./CN=DigiCert Federal SSP Intermediate CA - G5 -----BEGIN CERTIFICATE----- @@ -3891,49 +3881,39 @@ vw7JAVnS9QwqkSPLQrMQpocVuaf5dyNEPXfTLy2Xzb/Ig0I9bBKzeLhmEoS6Y0og v5CHgTGZL+hPYYrkAuf+q6qbjtsG0zqrG0zI3LAgeltVr/Ca15ogIs1iCKqOwkvM uFLCrMh9RhowahEio8AG3fG3p/M= -----END CERTIFICATE----- -Subject: /C=US/ST=Mississippi/O=IdenTrust/OU=IdenTrust Global Common/CN=Advanced Health Systems Inc Direct CA 2 -Issuer: /C=US/O=IdenTrust/CN=IdenTrust Global Common Root CA 1 +Subject: /C=US/O=U.S. Government/OU=ECA/CN=ECA Root CA 4 +Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Interoperability Root CA 2 -----BEGIN CERTIFICATE----- -MIIHaDCCBVCgAwIBAgIQQAGLJVh6X3iPds4svUmNKjANBgkqhkiG9w0BAQsFADBN -MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVu -VHJ1c3QgR2xvYmFsIENvbW1vbiBSb290IENBIDEwHhcNMjMxMDEyMTkyMzU3WhcN -MzMxMDA4MTkyMzU2WjCBizELMAkGA1UEBhMCVVMxFDASBgNVBAgTC01pc3Npc3Np -cHBpMRIwEAYDVQQKEwlJZGVuVHJ1c3QxIDAeBgNVBAsTF0lkZW5UcnVzdCBHbG9i -YWwgQ29tbW9uMTAwLgYDVQQDEydBZHZhbmNlZCBIZWFsdGggU3lzdGVtcyBJbmMg -RGlyZWN0IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCfUZ3c -HtyK/P5RCs2+R753nGeLMhSCFsGkzlMbBgiZraL3IxnSTsv2GbOHdQkwVC4HXT/4 -pMBOF0K1r04wM2ecgxSEwGpa+qc3EnKJJ9VjR8IEcBhleXclNsZCTJBB1jy9fLm/ -iLvtox0pfKQJjOmUx7jbpogiK8AwiJGy6R3HC9pGf3jkpQWTGKqhXyGVbBHltYMD -vJSRsuL9K9ttrE12sy2Qn0IWGIagZXeRUMN+7XDS5GoXbTkHHXow1uuRfzi7ZK2W -Ri+bIGTyKZhTddOQ45i059d88ZijXuNmosW/acrW0WeDmG7bV6z5kyyyh57iclX6 -+Bm6KZKJTYk5T42n3UZr+qJPkw0d085WWTJA31tvYbfzJX/1paCFR+OF3aIkDLUo -q8LYMBBI8E+aFgeSYoqbjqU53yTrqzs5D5lHL1zBfG85We2VmgBQJ74c7vPiUVyT -KDN5hytVT0T1QiOHwDoc+LI62n5sBlG1jJPT5Ts3mfe3LmZvoh6FrOVTHfxv3ARu -6u0SlVlh5LPHzR7x/xNej/x7680GWNcDlOp4ymRJwwBMFgU5glMpeYrviFjWtuND -J36uqq4xXgKO+J3VQ9cJiD0JsHXF5KBtGbspVvyuEcsAX/5zL4vEa7oA7fE8ZsSX -GiEiWj2+IxaxokViTlk/WDv4Ew96junCH+PfbQIDAQABo4ICAzCCAf8wEgYDVR0T -AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwewYIKwYBBQUHAQEEbzBtMCkG -CCsGAQUFBzABhh1odHRwOi8vaWdjLm9jc3AuaWRlbnRydXN0LmNvbTBABggrBgEF -BQcwAoY0aHR0cDovL3ZhbGlkYXRpb24uaWRlbnRydXN0LmNvbS9yb290cy9pZ2Ny -b290Y2ExLnA3YzAfBgNVHSMEGDAWgBT4+Ysvf5BDn4/mjCy1SbhPkosWdDCB1gYD -VR0gBIHOMIHLMA0GC2CGSAGG+S8AZAMDMA0GC2CGSAGG+S8AZAMEMA0GC2CGSAGG -+S8AZAMFMA0GC2CGSAGG+S8AZAMGMA0GC2CGSAGG+S8AZCUDMA0GC2CGSAGG+S8A -ZCUEMA0GCysGAQQBgsFbAAIAMAwGCisGAQQBgsFbAgEwDAYKKwYBBAGCwVsCAjAM -BgorBgEEAYLBWwIDMAwGCisGAQQBgsFbAgQwDAYKKwYBBAGCwVsCBTAMBgorBgEE -AYLBWwEDMAwGCisGAQQBgsFbAQUwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL3Zh -bGlkYXRpb24uaWRlbnRydXN0LmNvbS9jcmwvaWdjcm9vdGNhMS5jcmwwHQYDVR0O -BBYEFMDpbD8613wiZUCfnpBIcRqe9npxMA0GCSqGSIb3DQEBCwUAA4ICAQCCNB8Z -iNm+fK+MDSEkPUm2iERDF6zQW2WMp4PW7VQqhXTKlszvSIJpcPkfUmIgyvt/QfCV -e+LlsCcP4zhVfltBFUwdDtFO3wO0w818esJrA7PB7sTRWqFkLrZnxMBfymmevLub -Iux2Yi1Izphg5yKNT4AQJiSt3wUIT3qc9250JfS/yLjiVEdQa700pSG3Xp6dvP/r -lHIs6hvESkbi49aCuyoqjtyd25XkoYrmsGN4FdJmEPHh/LdY+u3wQbYW/Cxkbqxv -kBcuGL9XJP6HicJZCiWtTM3PwNLnqufe0gpMpJLwV+ILlSswyUkImpyXPE2zY5Cr -vhGp1cf7YVvEOEVm28kF66dLfG5rsL3odchJkfKkSuft5GUiN3FBtXdnwBibzyQe -LRxjw1L4nNs8o1MuzOv2eIzOdgR3erKWMFexL/Wk48/7IQijy6YFicNdZYMv5aaE -se0njsQOzhBAR+m0kzK+ktSZYpzbaB9J+RaRkdwxFy50x+iTzJjX/B37fdvjpknt -v7uxJfMul5hvSGLQaAzi8PrwRaV+GIOpsFWAqqi48XnmTI8/TYUKIGBWB+lgU9dl -9ovjNxMFD0PLTSE1e0J3DAOQJq/1dwJn92b8zsjxRrF5UL6QMrX+14KfVgGI3F6g -Yo0PWuUrb8bxltvkEtGk1neYDGEEyqDg7W2phA== +MIIFiTCCBHGgAwIBAgICCs8wDQYJKoZIhvcNAQELBQAwbDELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL +EwNQS0kxJzAlBgNVBAMTHkRvRCBJbnRlcm9wZXJhYmlsaXR5IFJvb3QgQ0EgMjAe +Fw0yNDA2MjUxNDQ1MjlaFw0yNzA2MjYxNDQ1MjlaME0xCzAJBgNVBAYTAlVTMRgw +FgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0VDQTEWMBQGA1UEAxMN +RUNBIFJvb3QgQ0EgNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALhw +aVe9gFpBwBnmlefUghPcLDhLioLKHIhdjn48DG9l4dq4HHEYtt4UCHnbxoqZ7foh +3WIYAC3wFMxaTnee8uh3FAMUxqn9shKgZ/8fN3rQcI+W13AkDi2dRV48ABPuoDox +GpAgV2XkMBfGyQR53R7/oMjvX6wAJToBv5acBJWOrVKzkXD09Owz4Q8IF4K4hgo/ +OdHckDnHPrkzKYPZCugT4F49DSWAxGzPLC6AKtAtQEkbxJy28zYpJuwxAHMazXeV +reUsS/EUKTboMVze9VyPdlurAdbP580nq/S0c1BCNCWHV1oeVJk7mwHqxd2Vo7By +tuxwoSqqhfrxqTiUFQcCAwEAAaOCAlIwggJOMB8GA1UdIwQYMBaAFP/4rhOLkit5 +kkGjdlwsgZ6axZx4MA4GA1UdDwEB/wQEAwIBBjBHBgNVHR8EQDA+MDygOqA4hjZo +dHRwOi8vY3JsLmRpc2EubWlsL2NybC9ET0RJTlRFUk9QRVJBQklMSVRZUk9PVENB +Mi5jcmwwHQYDVR0OBBYEFDNbpW96VWArgUsmFMx5v0q6izK9MHwGCCsGAQUFBwEB +BHAwbjBKBggrBgEFBQcwAoY+aHR0cDovL2NybC5kaXNhLm1pbC9pc3N1ZWR0by9E +T0RJTlRFUk9QRVJBQklMSVRZUk9PVENBMl9JVC5wN2MwIAYIKwYBBQUHMAGGFGh0 +dHA6Ly9vY3NwLmRpc2EubWlsMHkGA1UdIARyMHAwDAYKYIZIAWUDAgEMBDAMBgpg +hkgBZQMCAQwFMAwGCmCGSAFlAwIBDAYwDAYKYIZIAWUDAgEMBzAMBgpghkgBZQMC +AQwIMAwGCmCGSAFlAwIBDAkwDAYKYIZIAWUDAgEMCjAMBgpghkgBZQMCAQwQMBIG +A1UdEwEB/wQIMAYBAf8CAQEwSQYDVR0eAQH/BD8wPaA7MDmkNzA1MQswCQYDVQQG +EwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNFQ0EwDwYD +VR0kAQH/BAUwA4ABADBKBggrBgEFBQcBCwQ+MDwwOgYIKwYBBQUHMAWGLmh0dHA6 +Ly9jcmwuZGlzYS5taWwvaXNzdWVkYnkvRUNBUk9PVENBNF9JQi5wN2MwDQYJKoZI +hvcNAQELBQADggEBAAFdVDJGqNfsjg/lXRz8RrXS1EB+/ZChjZy/QQgOqXouXbx1 +nqJeAU1c4WQzHQkQy4fCktBN5i+tJHuBVTlrl7hQ61LVkQei5+Bn7jE/TSdC8GrC +pORPntTqFYS3kBlPaVkQ4FuyiMWlOXNSKsbD+2B2eo5zilQGgYNecyY4U3FCHEb6 ++Iy13udYErTcSSG7s10yjlGGkVZj21URY6VfUU+pnLzrUKWOllc+ArgCedayhnE9 +N0zRey1BmWuEo+bFx3gqAMgjdbbrcChvXURrCBiUUXODVY50aQjD7xD0xsuhE+YE +EZ9YAjpEY8615mlq43eQu+GVyJgY7N1uy9CrhTA= -----END CERTIFICATE----- Subject: /C=US/O=Boeing/OU=certservers/CN=Boeing PCA G3 Issuer: /C=US/O=CertiPath/OU=Certification Authorities/CN=CertiPath Bridge CA - G3 @@ -4217,47 +4197,46 @@ L7nl8ri2+gTNBQmk6avN2NqB+eZDP6Tzd26zR1HCJAc6k4+PF91oEG668Lxk1oeD 10xiQQpWVJkhaXcLSNeYb3cPSk4SuNWwtHC7vJWeExBQMUicrho8ZIQSl3quy60U ozvE/mx7Xrurnd+ifZPcYOW6yKk1tq4qQgRBLQ== -----END CERTIFICATE----- -Subject: /C=RO/O=Trans Sped S.A./organizationIdentifier=VATRO-12458924/OU=Trans Sped Trust Services/CN=Trans Sped Root CA G3 -Issuer: /C=US/O=DirectTrust.org, inc./OU=Certification Authorities/CN=DirectTrust Identity Bridge CA ------BEGIN CERTIFICATE----- -MIIHGTCCBQGgAwIBAgIQaKZ34VOui1uvhvnbAaPJvzANBgkqhkiG9w0BAQwFADB6 -MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVRGlyZWN0VHJ1c3Qub3JnLCBpbmMuMSIw -IAYDVQQLExlDZXJ0aWZpY2F0aW9uIEF1dGhvcml0aWVzMScwJQYDVQQDEx5EaXJl -Y3RUcnVzdCBJZGVudGl0eSBCcmlkZ2UgQ0EwHhcNMjMxMDE4MDAwMDAwWhcNMjYx -MDMxMjM1OTU5WjCBhDELMAkGA1UEBhMCUk8xGDAWBgNVBAoMD1RyYW5zIFNwZWQg -Uy5BLjEXMBUGA1UEYQwOVkFUUk8tMTI0NTg5MjQxIjAgBgNVBAsMGVRyYW5zIFNw -ZWQgVHJ1c3QgU2VydmljZXMxHjAcBgNVBAMMFVRyYW5zIFNwZWQgUm9vdCBDQSBH -MzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMgQN5bfR8rJwJ0/AVNV -U2p2v8QWwcuNtEZtM01TWuimcvQVC/lXO7M3KkUx2yIuZ65RH2feLFXddnZID64q -jHdMXUL9jpb4ShcIXfi75rH39DfoVhSRhyT+57ko8qeS/OZqQdLyNLry4ZKblQ3T -/prO7yAhzSZHl0PLCqLQLtghIry6ZaAijhuRnxbtcZ+bQ5CUyed4PXELKWtulYBz -6wV2zkTPWM81jTZ2K8NMiGigH5jEeoJFkQ1bqaxLCAhEfihyBSz+cC1SxAK14J/9 -rVvwHKZ5qt+ogvi0eLeqdqDxv8tFFBtrM4F5OrF2ECMdCRKOM+APZPGPRs0lHQ7g -d7Wwql1cRFny5n3td0A9styQiDkONefpTc68D6QNcVihlQgf4Fw41GdcrrrQN9XT -vkRCB+8EtK0BPdSgebOHWRNKLGtCtbYF7f1Up/e810KwXoDByMUZWYtTaMdJaN/6 -LsoXFQdB4cV2kQJBevJ+DAYE5MVKNfP1zgAuPpQ13xFPm5cZ43pTbIwnyxPtrfud -s5FgtrhxPozIY1LabtkTVnmPhxOXHyNLX/e1JaTgtQ7k6+wHl4MSS6Cy2GWaxKnu -xG164iy3aRzGT7OjfnyONrTFutb7+bQCnQQQ1Txa7IGcGr8HDlGMTd97vqQHK6BP -wk2Pz4fJVt448uyIXDY4LBB9AgMBAAGjggGOMIIBijASBgNVHRMBAf8ECDAGAQH/ -AgEBMB0GA1UdDgQWBBRzwM8w84Tu9WsQH3OvAYPGCLfkczAlBgNVHSAEHjAcMAwG -CisGAQQBgbR9AQQwDAYKKwYBBAGBtH0BBjA6BgNVHR8EMzAxMC+gLaArhilodHRw -Oi8vY3JsLm1ha2VpZGVudGl0eXNhZmUuY29tL3NpYmNhLmNybDAOBgNVHQ8BAf8E -BAMCAQYwWgYDVR0hBFMwUTAZBgorBgEEAYG0fQEGBgsrBgEEAYK4HQEBATAZBgor -BgEEAYG0fQEGBgsrBgEEAYK4HQQBATAZBgorBgEEAYG0fQEEBgsrBgEEAYK4HQYB -ATAKBgNVHTYEAwIBADASBgNVHSQBAf8ECDAGgAEAgQEAMEUGCCsGAQUFBwEBBDkw -NzA1BggrBgEFBQcwAoYpaHR0cDovL2FpYS5tYWtlaWRlbnRpdHlzYWZlLmNvbS9z -aWJjYS5wN2MwHwYDVR0jBBgwFoAUmaQazdxvxqgIPq22lmx+1883pMkwDQYJKoZI -hvcNAQEMBQADggIBAJPv+/1q44CccHhNHIsaUrAV5WXZnX+T9aBJccFDhLfgERPo -dbILzi7I4wPzasJ8XfXUsFDvd9KBT/CqxBPXWZruuRZlgLOWbNvFHxCVOoMsZrFz -D62av6C6vqXbpwn5o61UT7Zk5U2fjIteCCwbKqol0Ey1He31xGDLEG+4iTZCUflx -RQuxUbflg07EqtR4QrSCfJ1+EeKMN4HlAFGigZKbBA8tnJ5KCXH6wWLH/T2sbG7N -qTFqh5d3I3reIUw5DvzEaYbW0IzCIcoHBWV1bRDoL6czkkPP/Jv4vyygpXVbLu3l -bK5AdtgJlcCFHB2CJMIi/6Rm894IiXxJ/374bQnszAOHKz2gGvbFx/OVOSvXZsun -I+UXZo13gL1Ff2tmKF9QiQqIfev53FZNI1T2NMlaWilvInTF8t4YVrONsIpwwwTG -RXSHMeP7dpU83S8KpJeqQ0Xq9JTztqJozUg1BJqC84j2pPEHFCXAa4e8Jt4cyPES -cZ3VEQ81hHx/UhFpsRKotKBS2hNuc4Hb0o5URjONcojTiC97AxxcaycOQzyXiHgI -5dlgzblERgV6PnPGhJVjHltdiA7UjSf96MJyRU/El5lfKRYKrsc+vM8eh7GB9Sg3 -H4/MZMOXAQaEQN1AJ2xQ1U0m03WQalAxf7tGOwOy7SDQwsH28T5bEqeDzQFJ +Subject: /C=US/O=Carillon Federal Services Inc./OU=Certification Authorities/CN=Carillon Federal Services PIV-I CA2 +Issuer: /C=US/O=TSCP Inc./OU=CAs/CN=TSCP SHA256 Bridge CA +-----BEGIN CERTIFICATE----- +MIIGvTCCBaWgAwIBAgIQMgIKvan9OFtO47agRxbi3jANBgkqhkiG9w0BAQsFADBP +MQswCQYDVQQGEwJVUzESMBAGA1UEChMJVFNDUCBJbmMuMQwwCgYDVQQLEwNDQXMx +HjAcBgNVBAMTFVRTQ1AgU0hBMjU2IEJyaWRnZSBDQTAeFw0yNDA4MDgwMDAwMDBa +Fw0yNTA0MzAyMzU5NTlaMIGIMQswCQYDVQQGEwJVUzEnMCUGA1UEChMeQ2FyaWxs +b24gRmVkZXJhbCBTZXJ2aWNlcyBJbmMuMSIwIAYDVQQLExlDZXJ0aWZpY2F0aW9u +IEF1dGhvcml0aWVzMSwwKgYDVQQDEyNDYXJpbGxvbiBGZWRlcmFsIFNlcnZpY2Vz +IFBJVi1JIENBMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKPZVykV +6mbYVk9C6QbfVgNzgU+Z319HtN4Nvz+j1AfAtTS5hFtZVh/HLqS+JkTcxLxikmsv +dbgeYIKP3jl7RzrcIZIw8DXqoelVbNTMOuZf0/y09gF+roG9bR7MOZO68e5uVT9P +WY4M4aRAdKNk2mqHz9lZ4fi6FaNurY2EjboC6CmDRE3fqXYq6/3DhGdqAi9lJIJC +m4+UUJESIEp292OoIldNNIGMiURpEHHFuF1pSZBj9Qvs2DHW6xUa3BfZZn4tvWUv +ifvGRAfkze3BLcRr4ykznEkVglkeRrET0sqy7CkDoCAbRHKN3v5KhGHEI43H053J +c45B6gwmoGodxIR4cjziO+ECxd7x77r0z5VuMcCGi64ew9Rj6ZSrdy3EdOXFkV9n +vXcC3qHrVTh64Hpe8wojlkyqVpifpKZ7CjaG85bJ6KhMgCNLr8A+b4IxiweKeBLq +AXV1kXyTTv9vnAeZq4vgiyicYXcyt4gWLP3ybeEdR0RNiGUDsrob7rJ+LZw6+AX6 +LSqCpXd+8MsWnZjsSh9w07S7PxYYfTlSNTudu7c1+NKafexr+Rub1AWhtKbupInt +MEY9yCeMNar8qZFhduzCtxmwEbgU1dKIqX/HRQsYhOHaTuLXhZ2nlgoPmvUbZP1S +HOV5CvlGb/mnSLX34YhgOzqzWD+DguMqLxpPAgMBAAGjggJZMIICVTAPBgNVHRMB +Af8EBTADAQH/MHkGA1UdIARyMHAwDgYMKwYBBAGCqVMBAQEBMA4GDCsGAQQBgqlT +AQEBAjAOBgwrBgEEAYKpUwEBAQUwDgYMKwYBBAGCqVMBAQEGMA4GDCsGAQQBgqlT +AQEBBzAOBgwrBgEEAYKpUwEBAQwwDgYMKwYBBAGCqVMBAQENMD4GA1UdHwQ3MDUw +M6AxoC+GLWh0dHA6Ly90c2NwLWNybC5zeW1hdXRoLmNvbS90c2NwYmNhc2hhMjU2 +LmNybDAOBgNVHQ8BAf8EBAMCAQYwCgYDVR02BAMCAQAwgdYGA1UdIQSBzjCByzAb +BgwrBgEEAYKpUwEBAQEGCysGAQQBguQmAwELMBsGDCsGAQQBgqlTAQEBAgYLKwYB +BAGC5CYDAQwwGwYMKwYBBAGCqVMBAQEMBgsrBgEEAYLkJgMBDTAbBgwrBgEEAYKp +UwEBAQ0GCysGAQQBguQmAwEOMBsGDCsGAQQBgqlTAQEBBQYLKwYBBAGC5CYDARQw +GwYMKwYBBAGCqVMBAQEGBgsrBgEEAYLkJgMBFTAbBgwrBgEEAYKpUwEBAQcGCysG +AQQBguQmAwEWMB0GA1UdDgQWBBQJ5HhWQQKkayDak+hF9jHhTMTE/DBSBggrBgEF +BQcBAQRGMEQwQgYIKwYBBQUHMAKGNmh0dHA6Ly90c2NwLWFpYS5zeW1hdXRoLmNv +bS9Jc3N1ZWRUby10c2NwYmNhc2hhMjU2LnA3YzAfBgNVHSMEGDAWgBS4UWJmMEW+ +5QxXHCNofuZP9ws+9zANBgkqhkiG9w0BAQsFAAOCAQEAt0d/SHJkJnTx2Oyu0REO +zrmftw75rLRowcydEO9DIWjgPuvKQ/ym+3JtMYgG83ddi6LqP6QwQfja1IEMuFPq +IfXAKZb+NQePWyvyfHCt/8Mzy2df77UscfSUyzVNixfJMXxWWOpky0wajSQ7F1hL +L6zzYglsZW2S/JxPwoGfhk7fOWNab9FTZQ6R03ObhOu1t4zOqJE4Htu7zDfpKUBz +U5Pb35+G6O78VcfalUjs8f4UyVU16fDh0T5jTYSR3qOHE4o3Bn+fJtHOv/3WALKF +lOIlMZjVyJxM/uLXIGaMpkH+XltHFQ/WZrvbLLSs4PvhinY4ZSlkfcDrZG3/VwcQ +SA== -----END CERTIFICATE----- Subject: /C=US/O=Entrust/OU=Certification Authorities/OU=Entrust Managed Services NFI Root CA Issuer: /C=US/O=U.S. Government/OU=FPKI/CN=Federal Bridge CA G4 @@ -4808,49 +4787,6 @@ QwDHEMXDkK6/oJW+W2hHrL28wcWWUo9w+ha+Skn5b0lLm/iC/t7CkvrPPJGEkSmE 5S59rJO3grpl7SXhz8QiPmifqYTK265DnXVaOvSJR4FcTHXoQMgDRWtp6FQk5eBW 3KM6TA== -----END CERTIFICATE----- -Subject: /C=US/O=DirectTrust.org, inc./OU=Certification Authorities/CN=DirectTrust Identity Bridge CA -Issuer: /C=US/O=U.S. Government/OU=FPKI/CN=Federal Bridge CA G4 ------BEGIN CERTIFICATE----- -MIIHMTCCBhmgAwIBAgIUFF358RTykdh4VYwxSslH/LZmTowwDQYJKoZIhvcNAQEL -BQAwVTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDENMAsG -A1UECxMERlBLSTEdMBsGA1UEAxMURmVkZXJhbCBCcmlkZ2UgQ0EgRzQwHhcNMjMx -MDI0MTMyNzMzWhcNMjYxMDI0MTMyNzMzWjB6MQswCQYDVQQGEwJVUzEeMBwGA1UE -ChMVRGlyZWN0VHJ1c3Qub3JnLCBpbmMuMSIwIAYDVQQLExlDZXJ0aWZpY2F0aW9u -IEF1dGhvcml0aWVzMScwJQYDVQQDEx5EaXJlY3RUcnVzdCBJZGVudGl0eSBCcmlk -Z2UgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCs3PM4XWt1y1P/ -nKndlj0vSBRFSRYMbOQMsXJagA8mScCOsqefi/vimVE4+m00+gWFrCB7X/kcVjWM -uwU0RnhzBfdFbt7KblOuF5q5qwi/DSSknEFRN1DwpcFr3/ESz3RgDqlNx4pPC5ju -0YoIvhBL+aGX4eLJEF9jx23IL0qt/WWAR7HOua8BXjM4+bEL9rYsfPlHDRgpE7wc -WYbusFvd52+r44B+uwOsegx8QPpnsY24V9Aooz+4iLk+inwu4qANZZOmRMc+YYD7 -kVQH7eDRmNaoQOMfwlHsTInFaBPv/ZaD4yIDDdn4Bw6yLK2Ero0j/4d9COmkbpua -sa3rhj4faAqosb+RA7NUaShIlP3gJmnvAcVXFnQKg9I/FQkQ1fiM3CRoWdPsUR/a -wG4Kqo9w3Np+IHycKxJGK+UljllB6dppI/PNalOJ3X2yAovo44DzuEXP02qn1H0p -K82k5RZaaY0hfvpforOjK8onUp5FGxrosNYd2BXufVJem0zFyI8YT+Qx+XhaAuFS -pPeOXwnO17fRolledR93IUu77bd+R2X7+VqtKYpoBX6HTjLIin+Qc2IgmoNaiKh8 -oiR9Bbl9hW9o64zZ0tfN5F+owlIcvt24vrAP/w5TguIqDzYXInPJ4VcPe/zpELBp -qpCuRTkk5JtjqRd0zaTpt0R2qYDMnwIDAQABo4IC0jCCAs4wHQYDVR0OBBYEFJmk -Gs3cb8aoCD6ttpZsftfPN6TJMB8GA1UdIwQYMBaAFHnwAEnrf3fCXUECZTSKkCOb -HgdvMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ME8GA1UdIARIMEYw -DAYKYIZIAWUDAgEDAjAMBgpghkgBZQMCAQMOMAwGCmCGSAFlAwIBAw8wDAYKYIZI -AWUDAgEDJTAMBgpghkgBZQMCAQMmMIGnBgNVHSEEgZ8wgZwwGAYKYIZIAWUDAgED -AgYKKwYBBAGBtH0BBDAYBgpghkgBZQMCAQMOBgorBgEEAYG0fQEFMBgGCmCGSAFl -AwIBAw8GCisGAQQBgbR9AQYwGAYKYIZIAWUDAgEDJQYKKwYBBAGBtH0BGzAYBgpg -hkgBZQMCAQMmBgorBgEEAYG0fQEcMBgGCmCGSAFlAwIBAwIGCisGAQQBgbR9ARIw -TgYIKwYBBQUHAQsEQjBAMD4GCCsGAQUFBzAFhjJodHRwOi8vYWlhLm1ha2VpZGVu -dGl0eXNhZmUuY29tL2lzc3VlZGJ5LXNpYmNhLnA3YzASBgNVHSQBAf8ECDAGgAEA -gQEBMA0GA1UdNgEB/wQDAgEAMFEGCCsGAQUFBwEBBEUwQzBBBggrBgEFBQcwAoY1 -aHR0cDovL3JlcG8uZnBraS5nb3YvYnJpZGdlL2NhQ2VydHNJc3N1ZWRUb2ZiY2Fn -NC5wN2MwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL3JlcG8uZnBraS5nb3YvYnJp -ZGdlL2ZiY2FnNC5jcmwwcQYDVR0eAQH/BGcwZaFjMBmkFzAVMRMwEQYKCZImiZPy -LGQBGRYDbWlsMBmkFzAVMRMwEQYKCZImiZPyLGQBGRYDZ292MCukKTAnMQswCQYD -VQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MA0GCSqGSIb3DQEBCwUA -A4IBAQBWY10ZiAEbPVidKL9kDqfZ/GZk9i4DKazZiT+yRL1esaClSoOVxlalTEpR -OzXr42PIiHpcfprDZ/+heKgc8VdiZvtlcIQFkE+io7w+vRD0orjUlEeMYFtiysvF -6cL9VTXo/sdZS2c0lsLLDmGLWfrRNcy9iD+nB0QvmVVHtIGsxDcXiJIBSXFq1Kw8 -VK+PS0yXqi8KoKSYsb7J+6nzK/3QuKZhJkVbEMjSuFZKPUzlfZsou2VJZiXVREhU -TFGjiPiTzMmn67q/CxCAezDZpnjkYXOr7Juc00oRMuyS5urUNw/qfI6V0e3FvTNn -da1dbGFvJB5h4s/qKGiPIq9pgNrX ------END CERTIFICATE----- Subject: /C=US/O=Entrust/OU=Certification Authorities/OU=Entrust Managed Services SSP CA Issuer: /C=US/O=Entrust/OU=Certification Authorities/OU=Entrust Managed Services Root CA -----BEGIN CERTIFICATE----- @@ -5308,36 +5244,6 @@ ypxEajZkmamhdXnr0/+vpkZ/jqVsp2kma3j9gyK22/wRDnCjl+Q93B03MJolTGz5 X/LiycNJiXp+yTMqYtVzN/GZUmsgoAh1W0LGqi9fZtHqywxxz0dnNr9RmcDgrwPO U1r0msLhtAUizDcUef4t7/RjV0heemM= -----END CERTIFICATE----- -Subject: /C=US/O=U.S. Government/OU=ECA/OU=Certification Authorities/CN=WidePoint ORC ECA 7 -Issuer: /C=US/O=U.S. Government/OU=ECA/CN=ECA Root CA 4 ------BEGIN CERTIFICATE----- -MIIEzDCCA7SgAwIBAgICAjQwDQYJKoZIhvcNAQELBQAwTTELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRUNBMRYwFAYDVQQD -Ew1FQ0EgUm9vdCBDQSA0MB4XDTE4MDYwNTEzNDkyOFoXDTI0MDYwNTEzNDkyOFow -dzELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UE -CxMDRUNBMSIwIAYDVQQLExlDZXJ0aWZpY2F0aW9uIEF1dGhvcml0aWVzMRwwGgYD -VQQDExNXaWRlUG9pbnQgT1JDIEVDQSA3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAvtuFaXd3+8szVmamJpzse7qJ5q85J/5mhRhtAh5C80939wfimaaf -dwQS1Ut3MBG3yW1+cMPvfAtEojyw+AMkg1c7SdmuFhTWFgQhABmknXOj8VhWfkp/ -02nMu8XTgx6qiZAl4IL14hx8rT30aqtquzPBeZn+qVziYAsDljiMRaYOXVxVLEeG -gv2zcIM9z4EJRuCtfDBBB7BCZEyxvMzzAyJWfyGSs9Jj0feRvoOXQe+Jw945TRfT -BPDThQHM26XQPN18GmZjyZg2DFYcUEseJbaEUlLMeWlFMMh2xMF0423s/ZAhjfPS -n/5FyS2eslUvZthM9NzkmaXAqJbdSO0QNQIDAQABo4IBijCCAYYwHwYDVR0jBBgw -FoAUM1ulb3pVYCuBSyYUzHm/SrqLMr0wHQYDVR0OBBYEFGI8UDR5OeAq7ONDKPlF -pGN6YKjjMA4GA1UdDwEB/wQEAwIBhjBrBgNVHSAEZDBiMAwGCmCGSAFlAwIBDAQw -DAYKYIZIAWUDAgEMBTAMBgpghkgBZQMCAQwGMAwGCmCGSAFlAwIBDAcwDAYKYIZI -AWUDAgEMCDAMBgpghkgBZQMCAQwJMAwGCmCGSAFlAwIBDAowEgYDVR0TAQH/BAgw -BgEB/wIBADAMBgNVHSQEBTADgAEAMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly9j -cmwuZGlzYS5taWwvY3JsL0VDQVJPT1RDQTQuY3JsMGwGCCsGAQUFBwEBBGAwXjA6 -BggrBgEFBQcwAoYuaHR0cDovL2NybC5kaXNhLm1pbC9pc3N1ZWR0by9FQ0FST09U -Q0E0X0lULnA3YzAgBggrBgEFBQcwAYYUaHR0cDovL29jc3AuZGlzYS5taWwwDQYJ -KoZIhvcNAQELBQADggEBAAFgESRlaRWruZkcaANgEV8BJPBn0qkXtDuMciUsg7nN -Fbrkr2b4yqW9w3J8W3+FXgiz1Q0zytql4oNsvr1WIgyXkIikJ7IZxVVOPRHE7NCn -biHhln+/UiJXgDIoU/OJERwXfEmY8vOp3r8ZA9B+9G4GP7LWkLuVHahuBRAR9bjJ -PK1y8zF0dvZ2jt7WZuIHZFVGN8TjTpmlANHGteRhbG5uFGEqBIlNHL8SkSJgT7N4 -YKSsLwM2GZnVBlqwfilWBGzOgm6INBRc7R5912ctWBxQG11QtV50xxg+OtiTwZbG -/Zjk2D0xlEQoRN+8rjFR+TgYaKTa3jEf4gUDM01FDGs= ------END CERTIFICATE----- Subject: /C=US/O=U.S. Government/OU=U.S. Department of Energy/CN=Naval Reactors SSP Device CA G3 Issuer: /C=US/O=Symantec Corporation/CN=Symantec SSP Intermediate CA - G4 -----BEGIN CERTIFICATE----- diff --git a/config/cert_bundles/login_bundle.pem b/config/cert_bundles/login_bundle.pem index b2a09db33..64211113b 100644 --- a/config/cert_bundles/login_bundle.pem +++ b/config/cert_bundles/login_bundle.pem @@ -352,6 +352,38 @@ n4u0TmWu2SeqBpctvdcfSFXkzQBZGT1aD/W2Fv00KwoQgB2l2eiVk56mEjN/MeI5 Kp4n57mpREsHutP4XnLQ01ZN2qgn+844JRrzPQ0pazPYiSl4PeI2FUItErA6Ob/D PF0ba2y3k4dFkUTApw== -----END CERTIFICATE----- +Subject: /C=US/O=Entrust/OU=Certification Authorities/OU=Entrust Managed Services SSP CA +Issuer: /C=US/O=Entrust/OU=Certification Authorities/OU=Entrust Managed Services Root CA +-----BEGIN CERTIFICATE----- +MIIFLjCCBBagAwIBAgIERIGyLzANBgkqhkiG9w0BAQsFADBuMQswCQYDVQQGEwJV +UzEQMA4GA1UEChMHRW50cnVzdDEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRo +b3JpdGllczEpMCcGA1UECxMgRW50cnVzdCBNYW5hZ2VkIFNlcnZpY2VzIFJvb3Qg +Q0EwHhcNMjMwNzExMjEzMzMxWhcNMzAxMTExMjIwMzMxWjBtMQswCQYDVQQGEwJV +UzEQMA4GA1UEChMHRW50cnVzdDEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRo +b3JpdGllczEoMCYGA1UECxMfRW50cnVzdCBNYW5hZ2VkIFNlcnZpY2VzIFNTUCBD +QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMAGndnOscVr13p4WiQI +Pt893DK1LeACg6qgW636I8VLlJGJQwao4lrT1kajgKR2Wx4KLMv6yKmqUfUuAoyq +PEHaDNVpWTqKI6g5m3Hckq73Sr8fIGxVMzi5qxxyll2SKvNh+qQnloFSKmSerF6d +nkaIfMOb3FH21akkYdwnQkAdsETmjfhiowapyd2LJzsuhWFybaNHJBYb1cUeNlGS +StD0gMmkHZqKll+LW+LAJJW18KXf8IT6QTTlb6syemcXUHkxFPtgsupWnhzuoo2k +yUFXiCmACvD1aBT06OCK/qhAO5Aif98ejzzf/Y9yFiJyigY2D2YVONp+j52DLZvI +7DMCAwEAAaOCAdMwggHPMA4GA1UdDwEB/wQEAwIBBjB5BgNVHSAEcjBwMAwGCmCG +SAFlAwIBAwYwDAYKYIZIAWUDAgEDBzAMBgpghkgBZQMCAQMIMAwGCmCGSAFlAwIB +Aw0wDAYKYIZIAWUDAgEDETAMBgpghkgBZQMCAQMnMAwGCmCGSAFlAwIBAygwDAYK +YIZIAWUDAgEDKTASBgNVHRMBAf8ECDAGAQH/AgEAMIGkBggrBgEFBQcBAQSBlzCB +lDBNBggrBgEFBQcwAoZBaHR0cDovL3Jvb3R3ZWIubWFuYWdlZC5lbnRydXN0LmNv +bS9BSUEvQ2VydHNJc3N1ZWRUb0VNU1Jvb3RDQS5wN2MwQwYIKwYBBQUHMAGGN2h0 +dHA6Ly9vY3NwLm1hbmFnZWQuZW50cnVzdC5jb20vT0NTUC9FTVNSb290Q0FSZXNw +b25kZXIwRwYDVR0fBEAwPjA8oDqgOIY2aHR0cDovL3Jvb3R3ZWIubWFuYWdlZC5l +bnRydXN0LmNvbS9DUkxzL0VNU1Jvb3RDQTQuY3JsMB8GA1UdIwQYMBaAFBwh9eOV +sXV+BodOt7DoM7HYigtlMB0GA1UdDgQWBBSbf7YpDdHvrjJAb/jC2Xy0wJdQljAN +BgkqhkiG9w0BAQsFAAOCAQEA1vUT2MZh/9O2onlBBakuMo0vGE6898nSJWnftaUt +coCmHvMcT1URGxv7pb9oap4aXq37IItLpw5Fp/0hncaX0ebivk3FiY28mHEm1Bpr +cx+Ooo0Yfg0y2ShRDMUpYdy4QvCggwewvKgv8A9tGTHlsWAgd/WctcIjwGxH9YYK +yOYEYQVZACFNAist3WCrnp65JpEJIyerpxGNQJMqDTFSABt8pTy/5u3OP8N/KiEW +sB/OBQidSSnUdpHGinY6G+5tXxOAKbUM5qWkAGpg5NEyZLbIVMrGbU11F8INIz3o +VBd4nYfYZ3vNgNMHnhHgxFWs0uxiXK+TBD0Qc1ycCX+B3A== +-----END CERTIFICATE----- Subject: /C=US/O=U.S. Government/OU=U.S. Nuclear Regulatory Commission/CN=NRC SSP Agency CA G4 Issuer: /C=US/O=DigiCert, Inc./CN=DigiCert Federal SSP Intermediate CA - G5 -----BEGIN CERTIFICATE----- diff --git a/config/certs/C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services SSP CA 1920665011.pem b/config/certs/C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services SSP CA 1920665011.pem new file mode 100644 index 000000000..9b9ee6fec --- /dev/null +++ b/config/certs/C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services SSP CA 1920665011.pem @@ -0,0 +1,32 @@ +Subject: /C=US/O=Entrust/OU=Certification Authorities/OU=Entrust Managed Services SSP CA +Issuer: /C=US/O=Entrust/OU=Certification Authorities/OU=Entrust Managed Services Root CA +-----BEGIN CERTIFICATE----- +MIIFLjCCBBagAwIBAgIERIGyLzANBgkqhkiG9w0BAQsFADBuMQswCQYDVQQGEwJV +UzEQMA4GA1UEChMHRW50cnVzdDEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRo +b3JpdGllczEpMCcGA1UECxMgRW50cnVzdCBNYW5hZ2VkIFNlcnZpY2VzIFJvb3Qg +Q0EwHhcNMjMwNzExMjEzMzMxWhcNMzAxMTExMjIwMzMxWjBtMQswCQYDVQQGEwJV +UzEQMA4GA1UEChMHRW50cnVzdDEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRo +b3JpdGllczEoMCYGA1UECxMfRW50cnVzdCBNYW5hZ2VkIFNlcnZpY2VzIFNTUCBD +QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMAGndnOscVr13p4WiQI +Pt893DK1LeACg6qgW636I8VLlJGJQwao4lrT1kajgKR2Wx4KLMv6yKmqUfUuAoyq +PEHaDNVpWTqKI6g5m3Hckq73Sr8fIGxVMzi5qxxyll2SKvNh+qQnloFSKmSerF6d +nkaIfMOb3FH21akkYdwnQkAdsETmjfhiowapyd2LJzsuhWFybaNHJBYb1cUeNlGS +StD0gMmkHZqKll+LW+LAJJW18KXf8IT6QTTlb6syemcXUHkxFPtgsupWnhzuoo2k +yUFXiCmACvD1aBT06OCK/qhAO5Aif98ejzzf/Y9yFiJyigY2D2YVONp+j52DLZvI +7DMCAwEAAaOCAdMwggHPMA4GA1UdDwEB/wQEAwIBBjB5BgNVHSAEcjBwMAwGCmCG +SAFlAwIBAwYwDAYKYIZIAWUDAgEDBzAMBgpghkgBZQMCAQMIMAwGCmCGSAFlAwIB +Aw0wDAYKYIZIAWUDAgEDETAMBgpghkgBZQMCAQMnMAwGCmCGSAFlAwIBAygwDAYK +YIZIAWUDAgEDKTASBgNVHRMBAf8ECDAGAQH/AgEAMIGkBggrBgEFBQcBAQSBlzCB +lDBNBggrBgEFBQcwAoZBaHR0cDovL3Jvb3R3ZWIubWFuYWdlZC5lbnRydXN0LmNv +bS9BSUEvQ2VydHNJc3N1ZWRUb0VNU1Jvb3RDQS5wN2MwQwYIKwYBBQUHMAGGN2h0 +dHA6Ly9vY3NwLm1hbmFnZWQuZW50cnVzdC5jb20vT0NTUC9FTVNSb290Q0FSZXNw +b25kZXIwRwYDVR0fBEAwPjA8oDqgOIY2aHR0cDovL3Jvb3R3ZWIubWFuYWdlZC5l +bnRydXN0LmNvbS9DUkxzL0VNU1Jvb3RDQTQuY3JsMB8GA1UdIwQYMBaAFBwh9eOV +sXV+BodOt7DoM7HYigtlMB0GA1UdDgQWBBSbf7YpDdHvrjJAb/jC2Xy0wJdQljAN +BgkqhkiG9w0BAQsFAAOCAQEA1vUT2MZh/9O2onlBBakuMo0vGE6898nSJWnftaUt +coCmHvMcT1URGxv7pb9oap4aXq37IItLpw5Fp/0hncaX0ebivk3FiY28mHEm1Bpr +cx+Ooo0Yfg0y2ShRDMUpYdy4QvCggwewvKgv8A9tGTHlsWAgd/WctcIjwGxH9YYK +yOYEYQVZACFNAist3WCrnp65JpEJIyerpxGNQJMqDTFSABt8pTy/5u3OP8N/KiEW +sB/OBQidSSnUdpHGinY6G+5tXxOAKbUM5qWkAGpg5NEyZLbIVMrGbU11F8INIz3o +VBd4nYfYZ3vNgNMHnhHgxFWs0uxiXK+TBD0Qc1ycCX+B3A== +-----END CERTIFICATE----- diff --git a/lib/tasks/certs.rake b/lib/tasks/certs.rake index 0ef880c2d..8cc3c4a13 100644 --- a/lib/tasks/certs.rake +++ b/lib/tasks/certs.rake @@ -104,7 +104,7 @@ namespace :certs do input = raw_input == 'ALL' ? 0...matching_certs.length : raw_input.split(',').map(&:to_i) puts '' - return if input.blank? + exit 0 if input.blank? Array.wrap(matching_certs.values_at(*input)).each do |matching_cert| path = Pathname.new("./config/certs") + matching_cert.pem_filename From ddd252bd66ba504e26cfb248009537eb3a5e49c3 Mon Sep 17 00:00:00 2001 From: "lily.rappaport" Date: Mon, 7 Oct 2024 21:49:21 +0000 Subject: [PATCH 15/18] Add eks deploy step * it worked, back to main * Add eks deploy step See merge request lg/identity-pki!30 --- .gitlab-ci.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 7e798cb7f..89a12ab35 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -34,6 +34,7 @@ stages: - test - review - scan + - deploy_eks workflow: rules: @@ -608,3 +609,15 @@ ecr-scan: - gl-container-scanning-report.json reports: container_scanning: gl-container-scanning-report.json + +# EKS deployment +deploy_eks: + trigger: + project: lg-public/identity-eks-control + branch: main + stage: deploy_eks + variables: + APP: pivcac + IMAGE_TAG: $CI_COMMIT_SHA + rules: + - if: $CI_COMMIT_BRANCH == "main" From 50f6204f2db1bd94524d82cdcc630a277670baf6 Mon Sep 17 00:00:00 2001 From: "stephen.shelton" Date: Wed, 9 Oct 2024 21:39:32 +0000 Subject: [PATCH 16/18] Adding in kustomize based deploy, and application.yaml * Adding in url for argocd application deploy * Adding in final changes * revert * testing * testing * testing * Switching this back again * Anything in here * Seeing if there is any useful output here * Seeing if this makes the logs happier * more testing * more testing * testing * bundle * add bundle check * change nokogiri * add frozen gemfile to bundler * Adding in kustomize based deploy, and application.yaml Co-authored-by: Mitchell Henke See merge request lg/identity-pki!27 --- .gitlab-ci.yml | 147 ++-------- k8files/application.yaml | 565 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 584 insertions(+), 128 deletions(-) create mode 100644 k8files/application.yaml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 89a12ab35..1487d85c2 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -9,6 +9,7 @@ variables: DASHBOARD_IMAGE_TAG: 'main' PIVCAC_CI_SHA: 'sha256:04f6efe81f49a29ab112faad41e096220af5ffca3b66ea2486e1d1611afff215' CI: 'true' + APPLICATION_MANIFEST: k8files/application.yaml default: image: '${ECR_REGISTRY}/pivcac/ci@${PIVCAC_CI_SHA}' @@ -306,139 +307,29 @@ review-app: - kubectl config get-contexts - export CONTEXT=$(kubectl config get-contexts | grep reviewapp | awk '{print $1}' | head -1) - kubectl config use-context "$CONTEXT" - - |- - export IDP_CONFIG=$(cat <- - helm upgrade --install --namespace review-apps - --debug - --set env="reviewapps-$CI_ENVIRONMENT_SLUG" - --set idp.image.repository="${ECR_REGISTRY}/identity-idp/review" - --set idp.image.tag="${IDP_IMAGE_TAG}" - --set worker.image.repository="${ECR_REGISTRY}/identity-idp/review" - --set worker.image.tag="${IDP_IMAGE_TAG}" - --set pivcac.image.repository="${ECR_REGISTRY}/identity-pivcac/review" - --set pivcac.image.tag="${CI_COMMIT_SHA}" - --set pivcac.image.pullPolicy="Always" - --set dashboard.image.repository="${ECR_REGISTRY}/identity-dashboard/review" - --set dashboard.image.tag="${DASHBOARD_IMAGE_TAG}" - --set dashboard.image.pullPolicy="Always" - --set-json dashboard.config="$DASHBOARD_CONFIG" - --set-json dashboard.enabled=true - --set-json idp.config="$IDP_CONFIG" - --set-json worker.config="$WORKER_CONFIG" - --set-json pivcac.config="$PIVCAC_CONFIG" - --set-json idp.ingress.hosts="[{\"host\": \"$CI_ENVIRONMENT_SLUG.reviewapp.identitysandbox.gov\", \"paths\": [{\"path\": \"/\", \"pathType\": \"Prefix\"}]}]" - --set-json pivcac.ingress.hosts="[{\"host\": \"$CI_ENVIRONMENT_SLUG.pivcac.reviewapp.identitysandbox.gov\", \"paths\": [{\"path\": \"/\", \"pathType\": \"Prefix\"}]}]" - --set-json dashboard.ingress.hosts="[{\"host\": \"$CI_ENVIRONMENT_SLUG-dashboard.reviewapp.identitysandbox.gov\", \"paths\": [{\"path\": \"/\", \"pathType\": \"Prefix\"}]}]" - $CI_ENVIRONMENT_SLUG ./identity-idp-helm-chart + - export SANITIZED_BRANCH_NAME=$(echo "$CI_COMMIT_REF_NAME" | tr '/' '-' | tr -c '[:alnum:]-_' '-' | sed 's/-*$//') + - echo "${CI_COMMIT_REF_NAME}" + - echo "${SANITIZED_BRANCH_NAME}" + # Dynamically populate review environment settings + - sed -i "s|{{ENVIRONMENT}}|${CI_ENVIRONMENT_SLUG}|g" ${APPLICATION_MANIFEST} + - sed -i "s|{{SANITIZED_BRANCH_NAME}}|${SANITIZED_BRANCH_NAME}|g" ${APPLICATION_MANIFEST} + - sed -i "s|{{IDP_CONTAINER_TAG}}|${IDP_IMAGE_TAG}|g" ${APPLICATION_MANIFEST} + - sed -i "s|{{DASHBOARD_CONTAINER_TAG}}|${DASHBOARD_IMAGE_TAG}|g" ${APPLICATION_MANIFEST} + - sed -i "s|{{PIVCAC_CONTAINER_TAG}}|${CI_COMMIT_SHA}|g" ${APPLICATION_MANIFEST} + - sed -i "s|{{ECR_REGISTRY}}|${ECR_REGISTRY}|g" ${APPLICATION_MANIFEST} + - cat ${APPLICATION_MANIFEST} + # Apply our ArgoCD Application + - kubectl apply -f ${APPLICATION_MANIFEST} -n argocd + - echo "View your applications deployment progress at https://argocd.reviewapp.identitysandbox.gov/applications/argocd/${CI_ENVIRONMENT_SLUG}?view=tree&resource=" - echo "DNS may take a while to propagate, so be patient if it doesn't show up right away" - echo "To access the rails console, first run 'aws-vault exec sandbox-power -- aws eks update-kubeconfig --name reviewapp'" - echo "Then run aws-vault exec sandbox-power -- kubectl exec -it service/$CI_ENVIRONMENT_SLUG-login-chart-idp -n review-apps -- /app/bin/rails console" - echo "Address of IDP review app:" - - echo https://$CI_ENVIRONMENT_SLUG.reviewapp.identitysandbox.gov + - echo https://$CI_ENVIRONMENT_SLUG.reviewapps.identitysandbox.gov - echo "Address of PIVCAC review app:" - - echo https://$CI_ENVIRONMENT_SLUG.pivcac.reviewapp.identitysandbox.gov + - echo https://$CI_ENVIRONMENT_SLUG.pivcac.reviewapps.identitysandbox.gov - echo "Address of Dashboard review app:" - - echo https://$CI_ENVIRONMENT_SLUG-dashboard.reviewapp.identitysandbox.gov + - echo https://$CI_ENVIRONMENT_SLUG-dashboard.reviewapps.identitysandbox.gov environment: name: review/$CI_COMMIT_REF_NAME url: https://$CI_ENVIRONMENT_SLUG.pivcac.reviewapp.identitysandbox.gov @@ -454,7 +345,7 @@ stop-review-app: script: - export CONTEXT=$(kubectl config get-contexts | grep reviewapp | awk '{print $1}' | head -1) - kubectl config use-context "$CONTEXT" - - helm uninstall --namespace review-apps $CI_ENVIRONMENT_SLUG + - kubectl delete application $CI_ENVIRONMENT_SLUG -n argocd stage: review image: name: dtzar/helm-kubectl:latest diff --git a/k8files/application.yaml b/k8files/application.yaml new file mode 100644 index 000000000..965992707 --- /dev/null +++ b/k8files/application.yaml @@ -0,0 +1,565 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: {{ENVIRONMENT}} + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + source: + repoURL: 'git@gitlab.login.gov:lg-public/identity-eks-control.git' + targetRevision: main + path: cluster-reviewapp/envs/reviewapps + kustomize: + namePrefix: "{{ENVIRONMENT}}-" + commonLabels: + env: {{ENVIRONMENT}} + branch: {{SANITIZED_BRANCH_NAME}} + # ArgoCD does not support patchesStrategicMerge + patches: + # Patch ConfigMap for IDP + - target: + kind: ConfigMap + name: idp-config + patch: |- + - op: add + path: /data/ASSET_HOST + value: "https://{{ENVIRONMENT}}.reviewapps.identitysandbox.gov" + - op: add + path: /data/DASHBOARD_URL + value: "https://{{ENVIRONMENT}}-dashboard.reviewapps.identitysandbox.gov" + - op: add + path: /data/DOMAIN_NAME + value: "{{ENVIRONMENT}}.reviewapps.identitysandbox.gov" + - op: add + path: /data/KUBERNETES_REVIEW_APP + value: "true" + - op: add + path: /data/POSTGRES_HOST + value: "{{ENVIRONMENT}}-idp-pg.review-apps" + - op: add + path: /data/POSTGRES_NAME + value: "idp" + - op: add + path: /data/POSTGRES_SSLMODE + value: "prefer" + - op: add + path: /data/LOGIN_ENV + value: "{{ENVIRONMENT}}" + - op: add + path: /data/LOGIN_HOST_ROLE + value: "idp" + - op: add + path: /data/LOGIN_SKIP_REMOTE_CONFIG + value: "true" + - op: add + path: /data/PIV_CAC_SERVICE_URL + value: "https://{{ENVIRONMENT}}.pivcac.reviewapps.identitysandbox.gov/" + - op: add + path: /data/PIV_CAC_VERIFY_TOKEN_URL + value: "https://{{ENVIRONMENT}}.pivcac.reviewapps.identitysandbox.gov/" + - op: add + path: /data/NEW_RELIC_LOG + value: "stdout" + - op: add + path: /data/PIDFILE + value: "/dev/null" + - op: add + path: /data/ENABLE_BOOTSNAP + value: "false" + - op: add + path: /data/BOOTSNAP_READONLY + value: "true" + - op: add + path: /data/REDIS_URL + value: "redis://{{ENVIRONMENT}}-redis.review-apps:6379" + - op: add + path: /data/REDIS_THROTTLE_URL + value: "redis://{{ENVIRONMENT}}-redis.review-apps:6379/1" + - op: add + path: /data/REDIS_IRS_ATTEMPTS_API_URL + value: "redis://{{ENVIRONMENT}}-redis.review-apps:6379/2" + - target: + kind: ConfigMap + name: idp-config-dbsetup + patch: |- + - op: add + path: /data/ASSET_HOST + value: "https://{{ENVIRONMENT}}.reviewapps.identitysandbox.gov" + - op: add + path: /data/DASHBOARD_URL + value: "https://{{ENVIRONMENT}}-dashboard.reviewapps.identitysandbox.gov" + - op: add + path: /data/DOMAIN_NAME + value: "{{ENVIRONMENT}}.reviewapps.identitysandbox.gov" + - op: add + path: /data/KUBERNETES_REVIEW_APP + value: "true" + - op: add + path: /data/POSTGRES_HOST + value: "{{ENVIRONMENT}}-idp-pg.review-apps" + - op: add + path: /data/POSTGRES_NAME + value: "idp" + - op: add + path: /data/POSTGRES_SSLMODE + value: "prefer" + - op: add + path: /data/LOGIN_ENV + value: "{{ENVIRONMENT}}" + - op: add + path: /data/LOGIN_HOST_ROLE + value: "idp" + - op: add + path: /data/LOGIN_SKIP_REMOTE_CONFIG + value: "true" + - op: add + path: /data/PIV_CAC_SERVICE_URL + value: "https://{{ENVIRONMENT}}.pivcac.reviewapps.identitysandbox.gov/" + - op: add + path: /data/PIV_CAC_VERIFY_TOKEN_URL + value: "https://{{ENVIRONMENT}}.pivcac.reviewapps.identitysandbox.gov/" + - op: add + path: /data/NEW_RELIC_LOG + value: "stdout" + - op: add + path: /data/PIDFILE + value: "/dev/null" + - op: add + path: /data/ENABLE_BOOTSNAP + value: "false" + - op: add + path: /data/BOOTSNAP_READONLY + value: "true" + - op: add + path: /data/REDIS_URL + value: "redis://{{ENVIRONMENT}}-redis.review-apps:6379" + - op: add + path: /data/REDIS_THROTTLE_URL + value: "redis://{{ENVIRONMENT}}-redis.review-apps:6379/1" + - op: add + path: /data/REDIS_IRS_ATTEMPTS_API_URL + value: "redis://{{ENVIRONMENT}}-redis.review-apps:6379/2" + # Patch ConfigMap for Worker + - target: + kind: ConfigMap + name: worker-config + patch: |- + - op: add + path: /data/DASHBOARD_URL + value: "https://{{ENVIRONMENT}}-dashboard.reviewapps.identitysandbox.gov" + - op: add + path: /data/KUBERNETES_REVIEW_APP + value: "true" + - op: add + path: /data/POSTGRES_SSLMODE + value: "prefer" + - op: add + path: /data/POSTGRES_NAME + value: "idp" + - op: add + path: /data/POSTGRES_HOST + value: "{{ENVIRONMENT}}-idp-pg.review-apps" + - op: add + path: /data/LOGIN_ENV + value: "{{ENVIRONMENT}}" + - op: add + path: /data/LOGIN_HOST_ROLE + value: "worker" + - op: add + path: /data/LOGIN_SKIP_REMOTE_CONFIG + value: "true" + - op: add + path: /data/PIV_CAC_SERVICE_URL + value: "https://{{ENVIRONMENT}}.pivcac.reviewapps.identitysandbox.gov/" + - op: add + path: /data/PIV_CAC_VERIFY_TOKEN_URL + value: "https://{{ENVIRONMENT}}.pivcac.reviewapps.identitysandbox.gov/" + - op: add + path: /data/DOMAIN_NAME + value: "{{ENVIRONMENT}}.reviewapps.identitysandbox.gov" + - target: + kind: ConfigMap + name: worker-config-dbsetup + patch: |- + - op: add + path: /data/DASHBOARD_URL + value: "https://{{ENVIRONMENT}}-dashboard.reviewapps.identitysandbox.gov" + - op: add + path: /data/KUBERNETES_REVIEW_APP + value: "true" + - op: add + path: /data/POSTGRES_SSLMODE + value: "prefer" + - op: add + path: /data/POSTGRES_NAME + value: "idp" + - op: add + path: /data/POSTGRES_HOST + value: "{{ENVIRONMENT}}-idp-pg.review-apps" + - op: add + path: /data/LOGIN_ENV + value: "{{ENVIRONMENT}}" + - op: add + path: /data/LOGIN_HOST_ROLE + value: "worker" + - op: add + path: /data/LOGIN_SKIP_REMOTE_CONFIG + value: "true" + - op: add + path: /data/PIV_CAC_SERVICE_URL + value: "https://{{ENVIRONMENT}}.pivcac.reviewapps.identitysandbox.gov/" + - op: add + path: /data/PIV_CAC_VERIFY_TOKEN_URL + value: "https://{{ENVIRONMENT}}.pivcac.reviewapps.identitysandbox.gov/" + - op: add + path: /data/DOMAIN_NAME + value: "{{ENVIRONMENT}}.reviewapps.identitysandbox.gov" + # Patch ConfigMap for PIVCAC + - target: + kind: ConfigMap + name: pivcac-config + patch: |- + - op: add + path: /data/KUBERNETES_REVIEW_APP + value: "true" + - op: add + path: /data/CLIENT_CERT_S3_BUCKET + value: "login-gov-pivcac-public-cert-reviewapps.894947205914-us-west-2" + - op: add + path: /data/POSTGRES_NAME + value: "identity_pki_production" + - op: add + path: /data/POSTGRES_SSLMODE + value: "prefer" + - op: add + path: /data/POSTGRES_HOST + value: "{{ENVIRONMENT}}-pivcac-pg.review-apps" + - op: add + path: /data/PIDFILE + value: "/dev/null" + - op: add + path: /data/IDP_HOST + value: "{{ENVIRONMENT}}.reviewapps.identitysandbox.gov" + - op: add + path: /data/DOMAIN_NAME + value: "{{ENVIRONMENT}}.pivcac.reviewapps.identitysandbox.gov" + - target: + kind: ConfigMap + name: pivcac-config-dbsetup + patch: |- + - op: add + path: /data/KUBERNETES_REVIEW_APP + value: "true" + - op: add + path: /data/CLIENT_CERT_S3_BUCKET + value: "login-gov-pivcac-public-cert-reviewapps.894947205914-us-west-2" + - op: add + path: /data/POSTGRES_NAME + value: "identity_pki_production" + - op: add + path: /data/POSTGRES_SSLMODE + value: "prefer" + - op: add + path: /data/POSTGRES_HOST + value: "{{ENVIRONMENT}}-pivcac-pg.review-apps" + - op: add + path: /data/PIDFILE + value: "/dev/null" + - op: add + path: /data/IDP_HOST + value: "{{ENVIRONMENT}}.reviewapps.identitysandbox.gov" + - op: add + path: /data/DOMAIN_NAME + value: "{{ENVIRONMENT}}.pivcac.reviewapps.identitysandbox.gov" + # Patch ConfigMap for Dashboard + - target: + kind: ConfigMap + name: dashboard-config + patch: |- + - op: add + path: /data/KUBERNETES_REVIEW_APP + value: "true" + - op: add + path: /data/POSTGRES_NAME + value: "dashboard" + - op: add + path: /data/POSTGRES_HOST + value: "{{ENVIRONMENT}}-dashboard-pg.review-apps" + - op: add + path: /data/POSTGRES_SSLMODE + value: "prefer" + - op: add + path: /data/NEW_RELIC_ENABLED + value: "false" + - op: add + path: /data/SAML_SP_ISSUER + value: "https://{{ENVIRONMENT}}-dashboard.reviewapps.identitysandbox.gov" + - op: add + path: /data/IDP_URL + value: "https://{{ENVIRONMENT}}.reviewapps.identitysandbox.gov" + - op: add + path: /data/IDP_SP_URL + value: "https://{{ENVIRONMENT}}.reviewapps.identitysandbox.gov" + - op: add + path: /data/POST_LOGOUT_URL + value: "https://{{ENVIRONMENT}}-dashboard.reviewapps.identitysandbox.gov" + - op: add + path: /data/DOMAIN_NAME + value: "https://{{ENVIRONMENT}}-dashboard.reviewapps.identitysandbox.gov" + - target: + kind: ConfigMap + name: dashboard-config-dbsetup + patch: |- + - op: add + path: /data/KUBERNETES_REVIEW_APP + value: "true" + - op: add + path: /data/POSTGRES_NAME + value: "dashboard" + - op: add + path: /data/POSTGRES_HOST + value: "{{ENVIRONMENT}}-dashboard-pg.review-apps" + - op: add + path: /data/POSTGRES_SSLMODE + value: "prefer" + - op: add + path: /data/NEW_RELIC_ENABLED + value: "false" + - op: add + path: /data/SAML_SP_ISSUER + value: "https://{{ENVIRONMENT}}-dashboard.reviewapps.identitysandbox.gov" + - op: add + path: /data/IDP_URL + value: "https://{{ENVIRONMENT}}.reviewapps.identitysandbox.gov" + - op: add + path: /data/IDP_SP_URL + value: "https://{{ENVIRONMENT}}.reviewapps.identitysandbox.gov" + - op: add + path: /data/POST_LOGOUT_URL + value: "https://{{ENVIRONMENT}}-dashboard.reviewapps.identitysandbox.gov" + - op: add + path: /data/DOMAIN_NAME + value: "https://{{ENVIRONMENT}}-dashboard.reviewapps.identitysandbox.gov" + # Patch ConfigMap for Dashboard service_providers.yml + - target: + kind: ConfigMap + name: service-providers-yml + patch: |- + - op: replace + path: /data/service_providers.yml + value: | + production: + 'urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:dashboard': + friendly_name: 'Dashboard' + agency: 'GSA' + agency_id: 2 + logo: '18f.svg' + certs: + - 'identity_dashboard_cert' + return_to_sp_url: 'https://dashboard.{{ENVIRONMENT}}.identitysandbox.gov/' + redirect_uris: + - 'https://dashboard.{{ENVIRONMENT}}.identitysandbox.gov/auth/logindotgov/callback' + - 'https://dashboard.{{ENVIRONMENT}}.identitysandbox.gov' + push_notification_url: 'https://dashboard.{{ENVIRONMENT}}.identitysandbox.gov/api/security_events' + # Patch idp database setup jobs + - target: + kind: Job + name: create-database + patch: |- + - op: replace + path: /spec/template/spec/containers/0/image + value: {{ECR_REGISTRY}}/identity-idp/review:{{IDP_CONTAINER_TAG}} + - op: replace + path: /spec/template/spec/containers/0/imagePullPolicy + value: Always + - target: + kind: Job + name: migrate-database + patch: |- + - op: replace + path: /spec/template/spec/containers/0/image + value: {{ECR_REGISTRY}}/identity-idp/review:{{IDP_CONTAINER_TAG}} + - op: replace + path: /spec/template/spec/containers/0/imagePullPolicy + value: Always + - target: + kind: Job + name: seed-database + patch: |- + - op: replace + path: /spec/template/spec/containers/0/image + value: {{ECR_REGISTRY}}/identity-idp/review:{{IDP_CONTAINER_TAG}} + - op: replace + path: /spec/template/spec/containers/0/imagePullPolicy + value: Always + # Patch dashboard database setup jobs + - target: + kind: Job + name: create-dashboard-database + patch: |- + - op: replace + path: /spec/template/spec/containers/0/image + value: {{ECR_REGISTRY}}/identity-dashboard/review:{{DASHBOARD_CONTAINER_TAG}} + - op: replace + path: /spec/template/spec/containers/0/imagePullPolicy + value: Always + - target: + kind: Job + name: migrate-dashboard-database + patch: |- + - op: replace + path: /spec/template/spec/containers/0/image + value: {{ECR_REGISTRY}}/identity-dashboard/review:{{DASHBOARD_CONTAINER_TAG}} + - op: replace + path: /spec/template/spec/containers/0/imagePullPolicy + value: Always + - target: + kind: Job + name: seed-dashboard-database + patch: |- + - op: replace + path: /spec/template/spec/containers/0/image + value: {{ECR_REGISTRY}}/identity-dashboard/review:{{DASHBOARD_CONTAINER_TAG}} + - op: replace + path: /spec/template/spec/containers/0/imagePullPolicy + value: Always + # Patch pivcac database jobs/update crl CronJob + - target: + kind: Job + name: create-pivcac-database + patch: |- + - op: replace + path: /spec/template/spec/containers/0/image + value: {{ECR_REGISTRY}}/identity-pivcac/pivcac:{{PIVCAC_CONTAINER_TAG}} + - op: replace + path: /spec/template/spec/containers/0/imagePullPolicy + value: Always + - target: + kind: Job + name: migrate-pivcac-database + patch: |- + - op: replace + path: /spec/template/spec/containers/0/image + value: {{ECR_REGISTRY}}/identity-pivcac/pivcac:{{PIVCAC_CONTAINER_TAG}} + - op: replace + path: /spec/template/spec/containers/0/imagePullPolicy + value: Always + - target: + kind: CronJob + name: update-pivcac-crls + patch: |- + - op: replace + path: /spec/jobTemplate/spec/template/spec/containers/0/image + value: {{ECR_REGISTRY}}/identity-pivcac/pivcac:{{PIVCAC_CONTAINER_TAG}} + - op: replace + path: /spec/jobTemplate/spec/template/spec/containers/0/imagePullPolicy + value: Always + # Patch IDP image + - target: + kind: Rollout + name: idp-rollout + patch: |- + - op: replace + path: /spec/template/spec/containers/0/image + value: {{ECR_REGISTRY}}/identity-idp/review:{{IDP_CONTAINER_TAG}} + - op: replace + path: /spec/template/spec/containers/0/imagePullPolicy + value: Always + # Patch Worker Image + - target: + kind: Deployment + name: worker + patch: |- + - op: replace + path: /spec/template/spec/containers/0/image + value: {{ECR_REGISTRY}}/identity-idp/review:{{IDP_CONTAINER_TAG}} + - op: replace + path: /spec/template/spec/containers/0/imagePullPolicy + value: Always + # Patch PIVCAC Image + - target: + kind: Deployment + name: pivcac + patch: |- + - op: replace + path: /spec/template/spec/containers/0/image + value: {{ECR_REGISTRY}}/identity-pivcac/pivcac:{{PIVCAC_CONTAINER_TAG}} + - op: replace + path: /spec/template/spec/containers/1/image + value: {{ECR_REGISTRY}}/identity-pivcac/nginx:{{PIVCAC_CONTAINER_TAG}} + - op: replace + path: /spec/template/spec/containers/0/imagePullPolicy + value: Always + - op: replace + path: /spec/template/spec/containers/1/imagePullPolicy + value: Always + # Patch Dashboard Image + - target: + kind: Deployment + name: dashboard + patch: |- + - op: replace + path: /spec/template/spec/containers/0/image + value: {{ECR_REGISTRY}}/identity-dashboard/review:{{DASHBOARD_CONTAINER_TAG}} + - op: replace + path: /spec/template/spec/initContainers/0/image + value: {{ECR_REGISTRY}}/identity-dashboard/review:{{DASHBOARD_CONTAINER_TAG}} + - op: replace + path: /spec/template/spec/containers/0/imagePullPolicy + value: Always + - op: replace + path: /spec/template/spec/initContainers/0/imagePullPolicy + value: Always + # Patch in lower pod number in IDP HPA + - target: + kind: HorizontalPodAutoscaler + name: idp + patch: |- + - op: replace + path: /spec/minReplicas + value: 1 + - op: replace + path: /spec/maxReplicas + value: 2 + # Patch ingress names + - target: + kind: Ingress + name: idp + patch: |- + - op: replace + path: /metadata/annotations/alb.ingress.kubernetes.io~1group.name + value: review-app + - op: replace + path: /spec/rules/0/host + value: {{ENVIRONMENT}}.reviewapps.identitysandbox.gov + - op: replace + path: /spec/rules/0/http/paths/0/backend/service/port/name + value: https + - target: + kind: Ingress + name: dashboard + patch: |- + - op: replace + path: /metadata/annotations/alb.ingress.kubernetes.io~1group.name + value: review-app-dashboard + - op: replace + path: /spec/rules/0/host + value: {{ENVIRONMENT}}-dashboard.reviewapps.identitysandbox.gov + - target: + kind: Ingress + name: pivcac + patch: |- + - op: replace + path: /spec/rules/0/host + value: {{ENVIRONMENT}}.pivcac.reviewapps.identitysandbox.gov + + destination: + server: 'https://kubernetes.default.svc' + namespace: review-apps + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true \ No newline at end of file From d6880fe7dc3bccaa8720519df5f15bdf961f3bed Mon Sep 17 00:00:00 2001 From: "stephen.shelton" Date: Thu, 10 Oct 2024 17:23:25 +0000 Subject: [PATCH 17/18] Adding an info and label with some tracing info to the ArgoCD Application * Changing this to match merge request format * Adding in missing sed commands * Adding an info and label with some tracing info to the ArgoCD Application See merge request lg/identity-pki!31 --- .gitlab-ci.yml | 3 +++ k8files/application.yaml | 7 ++++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 1487d85c2..a04af520f 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -317,6 +317,9 @@ review-app: - sed -i "s|{{DASHBOARD_CONTAINER_TAG}}|${DASHBOARD_IMAGE_TAG}|g" ${APPLICATION_MANIFEST} - sed -i "s|{{PIVCAC_CONTAINER_TAG}}|${CI_COMMIT_SHA}|g" ${APPLICATION_MANIFEST} - sed -i "s|{{ECR_REGISTRY}}|${ECR_REGISTRY}|g" ${APPLICATION_MANIFEST} + - sed -i "s|{{CI_MERGE_REQUEST_SOURCE_PROJECT_URL}}|${CI_MERGE_REQUEST_SOURCE_PROJECT_URL}|g" ${APPLICATION_MANIFEST} + - sed -i "s|{{CI_PROJECT_NAME}}|${CI_PROJECT_NAME}|g" ${APPLICATION_MANIFEST} + - sed -i "s|{{CI_MERGE_REQUEST_IID}}|${CI_MERGE_REQUEST_IID}|g" ${APPLICATION_MANIFEST} - cat ${APPLICATION_MANIFEST} # Apply our ArgoCD Application - kubectl apply -f ${APPLICATION_MANIFEST} -n argocd diff --git a/k8files/application.yaml b/k8files/application.yaml index 965992707..47d88013e 100644 --- a/k8files/application.yaml +++ b/k8files/application.yaml @@ -4,6 +4,8 @@ metadata: name: {{ENVIRONMENT}} finalizers: - resources-finalizer.argocd.argoproj.io + labels: + project-name: {{CI_PROJECT_NAME}} spec: project: default source: @@ -562,4 +564,7 @@ spec: prune: true selfHeal: true syncOptions: - - CreateNamespace=true \ No newline at end of file + - CreateNamespace=true + info: + - name: Merge Request + value: {{CI_MERGE_REQUEST_SOURCE_PROJECT_URL}}/-/merge_requests/{{CI_MERGE_REQUEST_IID}} \ No newline at end of file From ff8fca444e0a4d33b0e2e64f5ac755f562ae27f0 Mon Sep 17 00:00:00 2001 From: "andrew.duthie" Date: Thu, 17 Oct 2024 19:15:30 +0000 Subject: [PATCH 18/18] Update Rails to 7.1.4.1 * Update Rails to 7.1.4.1 See merge request lg/identity-pki!33 --- Gemfile.lock | 220 ++++++++++++++++++++++++++------------------------- 1 file changed, 112 insertions(+), 108 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 04d4d4473..c50d187bb 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -20,35 +20,35 @@ GIT GEM remote: https://rubygems.org/ specs: - actioncable (7.1.4) - actionpack (= 7.1.4) - activesupport (= 7.1.4) + actioncable (7.1.4.1) + actionpack (= 7.1.4.1) + activesupport (= 7.1.4.1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) zeitwerk (~> 2.6) - actionmailbox (7.1.4) - actionpack (= 7.1.4) - activejob (= 7.1.4) - activerecord (= 7.1.4) - activestorage (= 7.1.4) - activesupport (= 7.1.4) + actionmailbox (7.1.4.1) + actionpack (= 7.1.4.1) + activejob (= 7.1.4.1) + activerecord (= 7.1.4.1) + activestorage (= 7.1.4.1) + activesupport (= 7.1.4.1) mail (>= 2.7.1) net-imap net-pop net-smtp - actionmailer (7.1.4) - actionpack (= 7.1.4) - actionview (= 7.1.4) - activejob (= 7.1.4) - activesupport (= 7.1.4) + actionmailer (7.1.4.1) + actionpack (= 7.1.4.1) + actionview (= 7.1.4.1) + activejob (= 7.1.4.1) + activesupport (= 7.1.4.1) mail (~> 2.5, >= 2.5.4) net-imap net-pop net-smtp rails-dom-testing (~> 2.2) - actionpack (7.1.4) - actionview (= 7.1.4) - activesupport (= 7.1.4) + actionpack (7.1.4.1) + actionview (= 7.1.4.1) + activesupport (= 7.1.4.1) nokogiri (>= 1.8.5) racc rack (>= 2.2.4) @@ -56,37 +56,37 @@ GEM rack-test (>= 0.6.3) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) - actiontext (7.1.4) - actionpack (= 7.1.4) - activerecord (= 7.1.4) - activestorage (= 7.1.4) - activesupport (= 7.1.4) + actiontext (7.1.4.1) + actionpack (= 7.1.4.1) + activerecord (= 7.1.4.1) + activestorage (= 7.1.4.1) + activesupport (= 7.1.4.1) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.1.4) - activesupport (= 7.1.4) + actionview (7.1.4.1) + activesupport (= 7.1.4.1) builder (~> 3.1) erubi (~> 1.11) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) - activejob (7.1.4) - activesupport (= 7.1.4) + activejob (7.1.4.1) + activesupport (= 7.1.4.1) globalid (>= 0.3.6) - activemodel (7.1.4) - activesupport (= 7.1.4) - activerecord (7.1.4) - activemodel (= 7.1.4) - activesupport (= 7.1.4) + activemodel (7.1.4.1) + activesupport (= 7.1.4.1) + activerecord (7.1.4.1) + activemodel (= 7.1.4.1) + activesupport (= 7.1.4.1) timeout (>= 0.4.0) - activerecord-import (1.5.0) + activerecord-import (1.8.1) activerecord (>= 4.2) - activestorage (7.1.4) - actionpack (= 7.1.4) - activejob (= 7.1.4) - activerecord (= 7.1.4) - activesupport (= 7.1.4) + activestorage (7.1.4.1) + actionpack (= 7.1.4.1) + activejob (= 7.1.4.1) + activerecord (= 7.1.4.1) + activesupport (= 7.1.4.1) marcel (~> 1.0) - activesupport (7.1.4) + activesupport (7.1.4.1) base64 bigdecimal concurrent-ruby (~> 1.0, >= 1.0.2) @@ -96,33 +96,32 @@ GEM minitest (>= 5.1) mutex_m tzinfo (~> 2.0) - addressable (2.8.0) - public_suffix (>= 2.0.2, < 5.0) + addressable (2.8.7) + public_suffix (>= 2.0.2, < 7.0) ast (2.4.2) aws-eventstream (1.3.0) - aws-partitions (1.943.0) - aws-sdk-core (3.197.0) + aws-partitions (1.991.0) + aws-sdk-core (3.209.1) aws-eventstream (~> 1, >= 1.3.0) aws-partitions (~> 1, >= 1.651.0) - aws-sigv4 (~> 1.8) + aws-sigv4 (~> 1.9) jmespath (~> 1, >= 1.6.1) - aws-sdk-kms (1.53.0) - aws-sdk-core (~> 3, >= 3.125.0) - aws-sigv4 (~> 1.1) - aws-sdk-s3 (1.110.0) - aws-sdk-core (~> 3, >= 3.125.0) + aws-sdk-kms (1.94.0) + aws-sdk-core (~> 3, >= 3.207.0) + aws-sigv4 (~> 1.5) + aws-sdk-s3 (1.168.0) + aws-sdk-core (~> 3, >= 3.207.0) aws-sdk-kms (~> 1) - aws-sigv4 (~> 1.4) - aws-sigv4 (1.8.0) + aws-sigv4 (~> 1.5) + aws-sigv4 (1.10.0) aws-eventstream (~> 1, >= 1.0.2) base64 (0.2.0) - better_errors (2.9.1) - coderay (>= 1.0.0) + better_errors (2.10.1) erubi (>= 1.0.0) rack (>= 0.9.0) + rouge (>= 1.0.0) bigdecimal (3.1.8) - bloomfilter-rb (2.1.1) - redis + bloomfilter-rb (2.1.2) bootsnap (1.18.4) msgpack (~> 1.2) brakeman (6.2.1) @@ -138,13 +137,14 @@ GEM coderay (1.1.3) concurrent-ruby (1.3.4) connection_pool (2.4.1) - crack (0.4.5) + crack (1.0.0) + bigdecimal rexml crass (1.0.6) csv (3.3.0) date (3.3.4) diff-lcs (1.5.1) - docile (1.4.0) + docile (1.4.1) drb (2.2.1) erubi (1.13.0) factory_bot (6.5.0) @@ -155,7 +155,7 @@ GEM ffi (1.17.0) globalid (1.2.1) activesupport (>= 6.1) - hashdiff (1.0.1) + hashdiff (1.1.1) i18n (1.14.6) concurrent-ruby (~> 1.0) io-console (0.7.2) @@ -164,11 +164,11 @@ GEM reline (>= 0.4.2) jmespath (1.6.2) json (2.7.2) - lazy_priority_queue (0.1.1) + language_server-protocol (3.17.0.3) listen (3.9.0) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) - lograge (0.11.2) + lograge (0.14.0) actionpack (>= 4) activesupport (>= 4) railties (>= 4) @@ -187,9 +187,9 @@ GEM mini_mime (1.1.5) mini_portile2 (2.8.7) minitest (5.25.1) - msgpack (1.7.2) + msgpack (1.7.3) mutex_m (0.2.0) - net-imap (0.4.16) + net-imap (0.5.0) date net-protocol net-pop (0.1.2) @@ -203,26 +203,27 @@ GEM nokogiri (1.16.7) mini_portile2 (~> 2.8.2) racc (~> 1.4) - parallel (1.22.1) + pairing_heap (3.1.0) + parallel (1.26.3) parser (3.3.5.0) ast (~> 2.4.1) racc - pg (1.5.3) + pg (1.5.8) pry (0.14.2) coderay (~> 1.1) method_source (~> 1.0) pry-byebug (3.10.1) byebug (~> 11.0) pry (>= 0.13, < 0.15) - pry-rails (0.3.9) - pry (>= 0.10.4) + pry-rails (0.3.11) + pry (>= 0.13.0) psych (5.1.2) stringio - public_suffix (4.0.6) + public_suffix (6.0.1) puma (6.4.3) nio4r (~> 2.0) racc (1.8.1) - rack (3.1.7) + rack (3.1.8) rack-session (2.0.0) rack (>= 3.0.0) rack-test (2.1.0) @@ -230,20 +231,20 @@ GEM rackup (2.1.0) rack (>= 3) webrick (~> 1.8) - rails (7.1.4) - actioncable (= 7.1.4) - actionmailbox (= 7.1.4) - actionmailer (= 7.1.4) - actionpack (= 7.1.4) - actiontext (= 7.1.4) - actionview (= 7.1.4) - activejob (= 7.1.4) - activemodel (= 7.1.4) - activerecord (= 7.1.4) - activestorage (= 7.1.4) - activesupport (= 7.1.4) + rails (7.1.4.1) + actioncable (= 7.1.4.1) + actionmailbox (= 7.1.4.1) + actionmailer (= 7.1.4.1) + actionpack (= 7.1.4.1) + actiontext (= 7.1.4.1) + actionview (= 7.1.4.1) + activejob (= 7.1.4.1) + activemodel (= 7.1.4.1) + activerecord (= 7.1.4.1) + activestorage (= 7.1.4.1) + activesupport (= 7.1.4.1) bundler (>= 1.15.0) - railties (= 7.1.4) + railties (= 7.1.4.1) rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) actionview (>= 5.0.1.rc1) @@ -255,9 +256,9 @@ GEM rails-html-sanitizer (1.6.0) loofah (~> 2.21) nokogiri (~> 1.14) - railties (7.1.4) - actionpack (= 7.1.4) - activesupport (= 7.1.4) + railties (7.1.4.1) + actionpack (= 7.1.4.1) + activesupport (= 7.1.4.1) irb rackup (>= 1.0.0) rake (>= 12.2) @@ -271,25 +272,27 @@ GEM rdoc (6.7.0) psych (>= 4.0.0) redacted_struct (2.0.0) - redis (5.2.0) + redis (5.3.0) redis-client (>= 0.22.0) - redis-client (0.22.1) + redis-client (0.22.2) connection_pool regexp_parser (2.9.2) reline (0.5.10) io-console (~> 0.5) - request_store (1.5.1) + request_store (1.7.0) rack (>= 1.4) - rexml (3.3.7) - rgl (0.5.6) - lazy_priority_queue (~> 0.1.0) - stream (~> 0.5.2) + rexml (3.3.8) + rgl (0.6.6) + pairing_heap (>= 0.3, < 4.0) + rexml (~> 3.2, >= 3.2.4) + stream (~> 0.5.3) + rouge (4.4.0) rspec-core (3.13.1) rspec-support (~> 3.13.0) rspec-expectations (3.13.3) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.13.0) - rspec-mocks (3.13.1) + rspec-mocks (3.13.2) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.13.0) rspec-rails (6.1.5) @@ -303,25 +306,26 @@ GEM rspec-support (3.13.1) rspec_junit_formatter (0.6.0) rspec-core (>= 2, < 4, != 2.12.0) - rubocop (1.50.1) + rubocop (1.67.0) json (~> 2.3) + language_server-protocol (>= 3.17.0) parallel (~> 1.10) - parser (>= 3.2.0.0) + parser (>= 3.3.0.2) rainbow (>= 2.2.2, < 4.0) - regexp_parser (>= 1.8, < 3.0) - rexml (>= 3.2.5, < 4.0) - rubocop-ast (>= 1.28.0, < 2.0) + regexp_parser (>= 2.4, < 3.0) + rubocop-ast (>= 1.32.2, < 2.0) ruby-progressbar (~> 1.7) unicode-display_width (>= 2.4.0, < 3.0) - rubocop-ast (1.28.0) - parser (>= 3.2.1.0) - rubocop-performance (1.17.1) - rubocop (>= 1.7.0, < 2.0) - rubocop-ast (>= 0.4.0) - rubocop-rails (2.19.0) + rubocop-ast (1.32.3) + parser (>= 3.3.1.0) + rubocop-performance (1.22.1) + rubocop (>= 1.48.1, < 2.0) + rubocop-ast (>= 1.31.1, < 2.0) + rubocop-rails (2.26.2) activesupport (>= 4.2.0) rack (>= 1.1) - rubocop (>= 1.33.0, < 2.0) + rubocop (>= 1.52.0, < 2.0) + rubocop-ast (>= 1.31.1, < 2.0) ruby-progressbar (1.13.0) shoulda-matchers (3.1.3) activesupport (>= 4.0.0) @@ -329,17 +333,17 @@ GEM docile (~> 1.1) simplecov-html (~> 0.11) simplecov_json_formatter (~> 0.1) - simplecov-html (0.12.3) + simplecov-html (0.13.1) simplecov_json_formatter (0.1.4) - stream (0.5.2) + stream (0.5.5) stringio (3.1.1) thor (1.3.2) timeout (0.4.1) tzinfo (2.0.6) concurrent-ruby (~> 1.0) - unicode-display_width (2.4.2) + unicode-display_width (2.6.0) uniform_notifier (1.16.0) - webmock (3.14.0) + webmock (3.24.0) addressable (>= 2.8.0) crack (>= 0.3.2) hashdiff (>= 0.4.0, < 2.0.0) @@ -347,7 +351,7 @@ GEM websocket-driver (0.7.6) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) - zeitwerk (2.6.18) + zeitwerk (2.7.0) PLATFORMS ruby