CAS TLS Certificates

Certificate information for UC Berkeley's CAS servers

This article provides details about the EV TLS certificates from Comodo deployed to the auth.b.e cluster. The server certificate for auth-test.b.e and its trust chain is also included below.

The Comodo trust chain for EV certificates

  1. The CAS server EV cert is signed by the COMODO RSA Extended Validation Secure Server CA intermediate CA.
  2. The Comodo RSA EV Secure Server cert is signed by the COMODO RSA Certification Authority intermediate CA.

    The CA identity in this intermediate cross-signed certificate also exists in a self-signed Root CA certificate in many newer browsers. Thus, depending on the browser, the chain of trust may end at this point. For other browsers, the chain continues to the AddTrust External CA below.

  3. The Comodo RSA CA cross-signed cert is signed by Comodo's AddTrust External CA Root certificate (a self-signed Root CA).

New chain

You also can use the OpenSSL s_client utility or a web browser to download these trust chain certificates directly from the CAS server. For example, using the Chrome browser Developer tools while displaying the URL https://auth.berkeley.edu/, click on the Security tab, then the View certificate button. On the Details tab, select one of the intermediate or the root certificate from the Certificate Hierarchy to save to a file using the Export... button. Finally, if needed (see note below), import this file into your application's or JVM's trusted Root CA storage.

Root CA

Most current widely available default truststores (those that come with Java, for example) will already contain Comodo's AddTrust External CA Root and/or the COMODO RSA CA (self-signed Root CA) certificate. Either of these is sufficient to establish trust for the entire server EV certificate chain.

See also: LDAP SSL Public Key

Validation for CAS clients

All CAS clients accessing auth.b.e or auth-test.b.e via TLS must be configured so that they use a trust store having either one of two common trust configurations:

  • Comodo's AddTrust External CA Root certificate is installed in the truststore to provide implicit trust via the certificate chain of trust for all server certificates signed by Comodo's Root CA.
  • Alternatively, only the current server certificates themselves are installed in the truststore to provide explicit trust for just those particular servers which have matching private keys.

This is to allow CAS clients to trust the host certificate (i.e. the CA-signed public key) asserted by auth.b.e or auth-test.b.e during the negotiation for a secure network connection. See above for information about the Comodo certificate trust chain.

Note: In the case of Java trust stores, since (1) applications may use trust stores other than the JVM default cacerts file, and since (2) more than one JVM may be installed on a system, be sure that you have identified the correct trust store file being used by your application. Also, a restart of the JVM is probably necessary for any change in the trust store content to be recognized.

Using OpenSSL

When using OpenSSL-based libraries, it may be necessary to create symbolic links to the actual certificate files using a procedure such as the following:

Generate a symbolic link based on the hash value for the certificate:

ln -s COMODO-RootCA.crt \ $(openssl x509 -hash -noout < COMODO-RootCA.crt).0

These symlink hash files and the certificates to which they point are placed together in a trust store directory which is referenced by the application's configuration files.

Resources

For questions, please write to CalNet Support at calnet-admin@berkeley.edu.

Certificates

auth.b.e [X.509 EV certificate, deployed May, 2017]

-----BEGIN CERTIFICATE-----
MIIIrTCCB5WgAwIBAgIQR21LzPf4sty6n1e6EIutWTANBgkqhkiG9w0BAQsFADCB
kjELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxODA2BgNV
BAMTL0NPTU9ETyBSU0EgRXh0ZW5kZWQgVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVy
IENBMB4XDTE3MDQxODAwMDAwMFoXDTE5MDQxODIzNTk1OVowggFTMREwDwYDVQQF
EwhDMDAwODExNjETMBEGCysGAQQBgjc8AgEDEwJVUzEaMBgGA1UEDxMRR292ZXJu
bWVudCBFbnRpdHkxCzAJBgNVBAYTAlVTMRIwEAYDVQQREwk5NDcyMDE1MDAxEzAR
BgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCEJlcmtlbGV5MSEwHwYDVQQJExgy
MDAgQ2FsaWZvcm5pYSBIYWxsIDE1MDAxSDBGBgNVBAoTP1VuaXZlcnNpdHkgb2Yg
Q2FsaWZvcm5pYSwgQmVya2VsZXkgKFJlZ2VudHMgb2YgdGhlIFVuaXYuIG9mIENB
KTEWMBQGA1UECxMNSVNULUNhbE5ldElkTTEjMCEGA1UECxMaQ09NT0RPIEVWIE11
bHRpLURvbWFpbiBTU0wxGjAYBgNVBAMTEWF1dGguYmVya2VsZXkuZWR1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwLIrud2xR/Qis3+yBJmxEdLnDCpI
kEbiPaNn1LAgfnUm60kndlJGoaxmDEG8DwA/LrZxt7imnGUsLn3K8kIgz34S8DMb
gLoy6t85BvL+ocXyvZD/XlfVW5zWYIH3w+UnMv1Ornt92Q+c6uwSpJPASdNyxQ6f
8PaHYhgFLQcnC+lnnYHdIbhtHqpalZpLU7DRUPEca+/5aGhVvy5KYwQUy+5jCFj1
NxOYq8iY63qNvM2FgRkwtBaHG6iNoOeQl74W8ElpsfTKC6cXHJnYe/8PMVgAmm/B
Rz9kZX3kVw9TUDfRwZOS3h03/scbZAphjMjn4jliHWapfayMvGxfcpQ2IwIDAQAB
o4IEOTCCBDUwHwYDVR0jBBgwFoAUOdr/yigUiqh0Ewi55A6p0vp+nWkwHQYDVR0O
BBYEFIqejYSQ+fmf9tHg5YN3Ar+FAeYLMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMB
Af8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBGBgNVHSAEPzA9
MDsGDCsGAQQBsjEBAgEFATArMCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5j
b21vZG8uY29tL0NQUzBWBgNVHR8ETzBNMEugSaBHhkVodHRwOi8vY3JsLmNvbW9k
b2NhLmNvbS9DT01PRE9SU0FFeHRlbmRlZFZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJD
QS5jcmwwgYcGCCsGAQUFBwEBBHsweTBRBggrBgEFBQcwAoZFaHR0cDovL2NydC5j
b21vZG9jYS5jb20vQ09NT0RPUlNBRXh0ZW5kZWRWYWxpZGF0aW9uU2VjdXJlU2Vy
dmVyQ0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20w
ggEHBgNVHREEgf8wgfyCEWF1dGguYmVya2VsZXkuZWR1ghthdXRoLXAxLmNhbG5l
dC5iZXJrZWxleS5lZHWCG2F1dGgtcDIuY2FsbmV0LmJlcmtlbGV5LmVkdYIbYXV0
aC1wMy5jYWxuZXQuYmVya2VsZXkuZWR1ghthdXRoLXA0LmNhbG5ldC5iZXJrZWxl
eS5lZHWCG2F1dGgtcDUuY2FsbmV0LmJlcmtlbGV5LmVkdYIbYXV0aC1wNi5jYWxu
ZXQuYmVya2VsZXkuZWR1ghhhdXRoLmNhbG5ldC5iZXJrZWxleS5lZHWCH2Nhcy1v
ZmZzaXRlLmNhbG5ldC5iZXJrZWxleS5lZHUwggF/BgorBgEEAdZ5AgQCBIIBbwSC
AWsBaQB3AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABW4EIeqUA
AAQDAEgwRgIhAMulSQVm5zNBzCduzTTSdamH2OsZQ/U5DO5vcCaaVA6VAiEAuPYg
wY++B4VQPnIelPQJmmIkcwPAZf4UGuU6Qj/Ow40AdgBWFAaaL9fC7NP14b1Esj7H
Rna5vJkRXMDvlJhV1onQ3QAAAVuBCHhaAAAEAwBHMEUCIQCl3Ditgy3DUS/66bK3
zNJqsCG9YZKnZjOjSU36V83TXgIgdcsp6ou9AHWNIUFSWT4763a3bZaI+vfDx5OD
zhv91b4AdgDuS723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAVuBCHqr
AAAEAwBHMEUCIQDF0hxr36axcQ0Uu9byzJM4E3qGm/5JF6CsTiWRYzIp5gIgcNks
gw3dvjKMGdDB4uGEMjVboKWv1EI2OYJRd1I93TQwDQYJKoZIhvcNAQELBQADggEB
ACPPiuySusRb87QIS+/NAnKAY4lYWywsobbB6cDPOLwyHJf1ILvUM2VqdRFy0MIy
DJaLwK6EevGrL/iq/mizSUNeIZEwSOQPW6O2q457zWbk+ZKei8W3pavuwJUQKHkc
AIhRtL0NlujP1kEXbu1NbreumTlG3vx5j7JAWUanHAWm9t0pX2S8xKLuxD8WSLsy
uRonY6lY01lQhSnmNbve2Ngl94ELKyX7Q742/drz8paWr11lxtkJ1wuS0CpWl4Rs
BotePcJLqj1dyAabcell0e2yRKzXrOXdiyFdizF/Xu6rix3QPGHhqdsjzAoAgnS/
8/4MxFWBjtCJjU/LKt9H9FE=
-----END CERTIFICATE-----

auth.b.e [X.509 EV certificate, deployed Jan, 2016]:

-----BEGIN CERTIFICATE-----
MIIJdTCCCF2gAwIBAgIRAO0IvzwYkpbK5fd+6mqNGwYwDQYJKoZIhvcNAQELBQAw
gZIxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTgwNgYD
VQQDEy9DT01PRE8gUlNBIEV4dGVuZGVkIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZl
ciBDQTAeFw0xNjAxMTQwMDAwMDBaFw0xODAxMTMyMzU5NTlaMIIBbDERMA8GA1UE
BRMIQzAwMDgxMTYxEzARBgsrBgEEAYI3PAIBAxMCVVMxEzARBgsrBgEEAYI3PAIB
AhMCQ0ExGjAYBgNVBA8TEUdvdmVybm1lbnQgRW50aXR5MQswCQYDVQQGEwJVUzES
MBAGA1UEERMJOTQ3MjAxNTAwMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQH
EwhCZXJrZWxleTElMCMGA1UECQwcMjAwIENhbGlmb3JuaWEgSGFsbCBcXFwjMTUw
MDFIMEYGA1UEChM/VW5pdmVyc2l0eSBvZiBDYWxpZm9ybmlhLCBCZXJrZWxleSAo
UmVnZW50cyBvZiB0aGUgVW5pdi4gb2YgQ0EpMRYwFAYDVQQLEw1JU1QtQ2FsTmV0
SWRNMSMwIQYDVQQLExpDT01PRE8gRVYgTXVsdGktRG9tYWluIFNTTDEaMBgGA1UE
AxMRYXV0aC5iZXJrZWxleS5lZHUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC5B3fCR/JibXDMvhj+PR1Vffexk2aehLa8QwJwopD+iKI/q52gwr5tkFUW
pTMhIGrRnKpZkBfrIgBWWajrnbMnvFQhhE97eR00BTXMjdFAAKtVHcgiDcSSXUqM
3fvJ2CZDN3qorBr2MphQxXnkBnocTZbQxRFwqNyS/jbiGAfxAFRfJ5WXw1JzQUb+
Kd5kQwqX5xZBW6EUUzXWBA3fSm/o0wpGaKC2DlHpr/rEx5sfhHW119mUXgFNKa4P
Cgy0pA2nvlB9RiQX4KjVw/HwfPZJpVNv17RSlc9qle4hg2Om5gK4KKGWMAytBlfE
H4A/po9AFExj8+4Mn0PPNrtAy+BjAgMBAAGjggTnMIIE4zAfBgNVHSMEGDAWgBQ5
2v/KKBSKqHQTCLnkDqnS+n6daTAdBgNVHQ4EFgQUvSZg+SkvisMMoSJtHcuDaSxO
/n4wDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYB
BQUHAwEGCCsGAQUFBwMCMEYGA1UdIAQ/MD0wOwYMKwYBBAGyMQECAQUBMCswKQYI
KwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5jb20vQ1BTMFYGA1UdHwRP
ME0wS6BJoEeGRWh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NPTU9ET1JTQUV4dGVu
ZGVkVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNybDCBhwYIKwYBBQUHAQEEezB5
MFEGCCsGAQUFBzAChkVodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9SU0FF
eHRlbmRlZFZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQwJAYIKwYBBQUHMAGG
GGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTCCAbYGA1UdEQSCAa0wggGpghFhdXRo
LmJlcmtlbGV5LmVkdYISYXV0aDIuYmVya2VsZXkuZWR1gh9jYXMtb2Zmc2l0ZS5j
YWxuZXQuYmVya2VsZXkuZWR1ghpjYXMtcDEuY2FsbmV0LmJlcmtlbGV5LmVkdYIa
Y2FzLXAyLmNhbG5ldC5iZXJrZWxleS5lZHWCGmNhcy1wMy5jYWxuZXQuYmVya2Vs
ZXkuZWR1ghpjYXMtcDQuY2FsbmV0LmJlcmtlbGV5LmVkdYIaY2FzLXA1LmNhbG5l
dC5iZXJrZWxleS5lZHWCGmNhcy1wNi5jYWxuZXQuYmVya2VsZXkuZWR1ghpjYXMt
cDcuY2FsbmV0LmJlcmtlbGV5LmVkdYIXY2FzLmNhbG5ldC5iZXJrZWxleS5lZHWC
G25jYXMtcDEuY2FsbmV0LmJlcmtlbGV5LmVkdYIbbmNhcy1wMi5jYWxuZXQuYmVy
a2VsZXkuZWR1ghtuY2FzLXAzLmNhbG5ldC5iZXJrZWxleS5lZHWCEW5jYXMuYmVy
a2VsZXkuZWR1ghhuY2FzLmNhbG5ldC5iZXJrZWxleS5lZHUwggF+BgorBgEEAdZ5
AgQCBIIBbgSCAWoBaAB3AGj2mPgfZIK+OozuuSgdTPxxUV1nk9RE0QpnrLtPT/vE
AAABUkGFVe8AAAQDAEgwRgIhAK7oHy6TYaMwfZja7jYvLHyI9gqIkVScnSWBLIIV
hU8TAiEAgBopTxpdtw7Hts+tXu9h1cLuOem6pcYlcSt4+q/uqtkAdgBWFAaaL9fC
7NP14b1Esj7HRna5vJkRXMDvlJhV1onQ3QAAAVJBhVN8AAAEAwBHMEUCIH7gUy19
3XRKGcV1TlVoyESmZecsdbdlMY9We8CaDO/bAiEAx7NbyC+LVhmuaQ7F+4/z6Baa
p/wDspArIvnNB39nfPcAdQCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3c
EAAAAVJBhVX3AAAEAwBGMEQCIAnXgCvf6weK8Cs4Vxs1zt5T8BPs3TWNqlSli7xw
7gREAiBRMuZgPfM8ciY+Jmp5Bauk46T8uPC4VsPfJmt1OCSE/jANBgkqhkiG9w0B
AQsFAAOCAQEAkCQRcsdvf3+2Nff13wLvH0NsDvvh1E3WeWD915txczVARh/AavZb
2zW4FVA8ymWA/qW/qGDXDsSpmlQeBTwMYRfp4Akn97LhS42c48OwRVHk2wh0w2nJ
1j2O6mnpvxpaB7rrQw6LzqzA/nXMdZWYRSzP9YzLLI/Xq+56oe/ged7uyolmOkM9
NY+72vhzlFpRLRNX36eQYAXcc0HfO0whEjs+3BogdMWJcy6Cc5Tsxz0TqgS4zEid
r0PcLPOjUS2hFUPTf2iXR7Z64H8NzYlOFMFruDvFUaVzAjIp2FFJcGiSPj664AcU
1tgyowTOViLxHQbF42Ngl6YWB9mb7o45YA==
-----END CERTIFICATE-----

COMODO RSA Extended Validation Secure Server CA [intermediate,
X.509 certificate, base64-encoded DER]:

-----BEGIN CERTIFICATE-----
MIIGDjCCA/agAwIBAgIQBqdDgNTr/tQ1taP34Wq92DANBgkqhkiG9w0BAQwFADCB
hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV
BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTIwMjEy
MDAwMDAwWhcNMjcwMjExMjM1OTU5WjCBkjELMAkGA1UEBhMCR0IxGzAZBgNVBAgT
EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR
Q09NT0RPIENBIExpbWl0ZWQxODA2BgNVBAMTL0NPTU9ETyBSU0EgRXh0ZW5kZWQg
VmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAlVbeVLTf1QJJe9FbXKKyHo+cK2JMK40SKPMalaPGEP0p3uGf
CzhAk9HvbpUQ/OGQF3cs7nU+e2PsYZJuTzurgElr3wDqAwB/L3XVKC/sVmePgIOj
vdwDmZOLlJFWW6G4ajo/Br0OksxgnP214J9mMF/b5pTwlWqvyIqvgNnmiDkBfBzA
xSr3e5Wg8narbZtyOTDr0VdVAZ1YEZ18bYSPSeidCfw8/QpKdhQhXBZzQCMZdMO6
WAqmli7eNuWf0MLw4eDBYuPCGEUZUaoXHugjddTI0JYT/8ck0YwLJ66eetw6YWNg
iJctXQUL5Tvrrs46R3N2qPos3cCHF+msMJn4HwIDAQABo4IBaTCCAWUwHwYDVR0j
BBgwFoAUu69+Aj36pvE8hI6t7jiY7NkyMtQwHQYDVR0OBBYEFDna/8ooFIqodBMI
ueQOqdL6fp1pMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEAMD4G
A1UdIAQ3MDUwMwYEVR0gADArMCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5j
b21vZG8uY29tL0NQUzBMBgNVHR8ERTBDMEGgP6A9hjtodHRwOi8vY3JsLmNvbW9k
b2NhLmNvbS9DT01PRE9SU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDBxBggr
BgEFBQcBAQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29tb2RvY2EuY29t
L0NPTU9ET1JTQUFkZFRydXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2Nz
cC5jb21vZG9jYS5jb20wDQYJKoZIhvcNAQEMBQADggIBAERCnUFRK0iIXZebeV4R
AUpSGXtBLMeJPNBy3IX6WK/VJeQT+FhlZ58N/1eLqYVeyqZLsKeyLeCMIs37/3mk
jCuN/gI9JN6pXV/kD0fQ22YlPodHDK4ixVAihNftSlka9pOlk7DgG4HyVsTIEFPk
1Hax0VtpS3ey4E/EhOfUoFDuPPpE/NBXueEoU/1Tzdy5H3pAvTA/2GzS8+cHnx8i
teoiccsq8FZ8/qyo0QYPFBRSTP5kKwxpKrgNUG4+BAe/eiCL+O5lCeHHSQgyPQ0o
fkkdt0rvAucNgBfIXOBhYsvss2B5JdoaZXOcOBCgJjqwyBZ9kzEi7nQLiMBciUEA
KKlHMd99SUWa9eanRRrSjhMQ34Ovmw2tfn6dNVA0BM7pINae253UqNpktNEvWS5e
ojZh1CSggjMziqHRbO9haKPl0latxf1eYusVqHQSTC8xjOnB3xBLAer2VBvNfzu9
XJ/B288ByvK6YBIhMe2pZLiySVgXbVrXzYxtvp5/4gJYp9vDLVj2dAZqmvZh+fYA
tmnYOosxWd2R5nwnI4fdAw+PKowegwFOAWEMUnNt/AiiuSpm5HZNMaBWm9lTjaK2
jwLI5jqmBNFI+8NKAnb9L9K8E7bobTQk+p0pisehKxTxlgBzuRPpwLk6R1YCcYAn
pLwltum95OmYdBbxN4SBB7SC
-----END CERTIFICATE-----
COMODO RSA Certification Authority [intermediate, X.509 certificate,
base64-encoded DER]:
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgIQJ2buVutJ846r13Ci/ITeIjANBgkqhkiG9w0BAQwFADBv
MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow
gYUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSswKQYD
VQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkq
hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAkehUktIKVrGsDSTdxc9EZ3SZKzejfSNw
AHG8U9/E+ioSj0t/EFa9n3Byt2F/yUsPF6c947AEYe7/EZfH9IY+Cvo+XPmT5jR6
2RRr55yzhaCCenavcZDX7P0N+pxs+t+wgvQUfvm+xKYvT3+Zf7X8Z0NyvQwA1onr
ayzT7Y+YHBSrfuXjbvzYqOSSJNpDa2K4Vf3qwbxstovzDo2a5JtsaZn4eEgwRdWt
4Q08RWD8MpZRJ7xnw8outmvqRsfHIKCxH2XeSAi6pE6p8oNGN4Tr6MyBSENnTnIq
m1y9TBsoilwie7SrmNnu4FGDwwlGTm0+mfqVF9p8M1dBPI1R7Qu2XK8sYxrfV8g/
vOldxJuvRZnio1oktLqpVj3Pb6r/SVi+8Kj/9Lit6Tf7urj0Czr56ENCHonYhMsT
8dm74YlguIwoVqwUHZwK53Hrzw7dPamWoUi9PPevtQ0iTMARgexWO/bTouJbt7IE
IlKVgJNp6I5MZfGRAy1wdALqi2cVKWlSArvX31BqVUa/oKMoYX9w0MOiqiwhqkfO
KJwGRXa/ghgntNWutMtQ5mv0TIZxMOmm3xaG4Nj/QN370EKIf6MzOi5cHkERgWPO
GHFrK+ymircxXDpqR+DDeVnWIBqv8mqYqnK8V0rSS527EPywTEHl7R09XiidnMy/
s1Hap0flhFMCAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTvA73g
JMtUGjAdBgNVHQ4EFgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQD
AgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1UdHwQ9
MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVy
bmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6
Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAGS/g/FfmoXQ
zbihKVcN6Fr30ek+8nYEbvFScLsePP9NDXRqzIGCJdPDoCpdTPW6i6FtxFQJdcfj
Jw5dhHk3QBN39bSsHNA7qxcS1u80GH4r6XnTq1dFDK8o+tDb5VCViLvfhVdpfZLY
Uspzgb8c8+a4bmYRBbMelC1/kZWSWfFMzqORcUx8Rww7Cxn2obFshj5cqsQugsv5
B5a6SE2Q8pTIqXOi6wZ7I53eovNNVZ96YUWYGGjHXkBrI/V5eu+MtWuLt29G9Hvx
PUsE2JOAWVrgQSQdso8VYFhH2+9uRv0V9dlfmrPb2LjkQLPNlzmuhbsdjrzch5vR
pu/xO28QOG8=
-----END CERTIFICATE-----

auth-test.b.e [X.509 certificate, base64-encoded DER (PEM), deployed April 2017]:

-----BEGIN CERTIFICATE-----
MIIGFTCCBP2gAwIBAgIQTlpdElhPipoZALAiX4cInzANBgkqhkiG9w0BAQsFADB2
MQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUkxEjAQBgNVBAcTCUFubiBBcmJvcjES
MBAGA1UEChMJSW50ZXJuZXQyMREwDwYDVQQLEwhJbkNvbW1vbjEfMB0GA1UEAxMW
SW5Db21tb24gUlNBIFNlcnZlciBDQTAeFw0xNzA0MDMwMDAwMDBaFw0yMDA0MDIy
MzU5NTlaMIHvMQswCQYDVQQGEwJVUzESMBAGA1UEERMJOTQ3MjAxNTAwMRMwEQYD
VQQIEwpDYWxpZm9ybmlhMREwDwYDVQQHEwhCZXJrZWxleTEhMB8GA1UECRMYMjAw
IENhbGlmb3JuaWEgSGFsbCAxNTAwMUgwRgYDVQQKEz9Vbml2ZXJzaXR5IG9mIENh
bGlmb3JuaWEsIEJlcmtlbGV5IChSZWdlbnRzIG9mIHRoZSBVbml2LiBvZiBDQSkx
FjAUBgNVBAsTDUlTVC1DYWxOZXRJZE0xHzAdBgNVBAMTFmF1dGgtdGVzdC5iZXJr
ZWxleS5lZHUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7k08JYYkA
2JTbOVIiox1GuClz3BFhRI0PD34mnefN76e6bFoU8nnb9i95nG1Z79Lcc2dFQ3cj
NFNErwzMF20vJFoaIi50tuOTIAHq/HYy/2I1asFhgHDykgB50JvVloYaK4143ixw
wb3XxpfrSrUbEPUvx2pCXzM0SngzYcGBMvFjMmUlY8bAPBdR/jQJzQX9aD3QAuaI
O8V8etgn1DpM8joX6s5wWckILkEaFV19LByk/baiJcRpVtY3ZmukMmpD+XiSnoPb
gBWRYi4d4+pe0+TurTLAVw8NznknzQPD45xaQv9o3VeHNgtTV1qZF0xTtevPopA0
nXgHIpQbmBgnAgMBAAGjggIjMIICHzAfBgNVHSMEGDAWgBQeBaN3j2yW4luHS6a0
hqxxAAznODAdBgNVHQ4EFgQUTmatmsreQJ5haQzzqsbDHAwgqBYwDgYDVR0PAQH/
BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
BwMCMGcGA1UdIARgMF4wUgYMKwYBBAGuIwEEAwEBMEIwQAYIKwYBBQUHAgEWNGh0
dHBzOi8vd3d3LmluY29tbW9uLm9yZy9jZXJ0L3JlcG9zaXRvcnkvY3BzX3NzbC5w
ZGYwCAYGZ4EMAQICMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwuaW5jb21t
b24tcnNhLm9yZy9JbkNvbW1vblJTQVNlcnZlckNBLmNybDB1BggrBgEFBQcBAQRp
MGcwPgYIKwYBBQUHMAKGMmh0dHA6Ly9jcnQudXNlcnRydXN0LmNvbS9JbkNvbW1v
blJTQVNlcnZlckNBXzIuY3J0MCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2Vy
dHJ1c3QuY29tMHoGA1UdEQRzMHGCFmF1dGgtdGVzdC5iZXJrZWxleS5lZHWCG2F1
dGgtdDEuY2FsbmV0LmJlcmtlbGV5LmVkdYIbYXV0aC10Mi5jYWxuZXQuYmVya2Vs
ZXkuZWR1gh1hdXRoLXRlc3QuY2FsbmV0LmJlcmtlbGV5LmVkdTANBgkqhkiG9w0B
AQsFAAOCAQEAc8T90za41PHjfGUffrVsQrAb33q9owcgWNwRYUWM+TBEVYWZfhpP
/aRg0EGi3i/nAk3cX7JOB/R2/Adl/y6I2O6VcAsc3DnDiJUDKbDsJrzyx9WUi6Yf
HxL5mjaa9ZZrxOVSN74LDwms2Go+tkomlinnErNWcIdTc5xiyk6L/kZrXzuOJCpy
m82EKuSL8NqirpUKPTxEEO4cdHavyd4Y7V9mnk0edcmRxSfSNo53RX+KPVV5FSbd
oKG3uBsbOXgbEJurRvkQSzMekT4LvwnDeiG3neYduGA75C9T7oNCDc4u+wN+vHJk
wW+uTPsGeWw4gtk30rDPtXusqA09BhEV7Q==
-----END CERTIFICATE-----

InCommon RSA Server CA [intermediate, X.509 certificate, base64-encoded DER]:

-----BEGIN CERTIFICATE-----
MIIF+TCCA+GgAwIBAgIQRyDQ+oVGGn4XoWQCkYRjdDANBgkqhkiG9w0BAQwFADCB
iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTQx
MDA2MDAwMDAwWhcNMjQxMDA1MjM1OTU5WjB2MQswCQYDVQQGEwJVUzELMAkGA1UE
CBMCTUkxEjAQBgNVBAcTCUFubiBBcmJvcjESMBAGA1UEChMJSW50ZXJuZXQyMREw
DwYDVQQLEwhJbkNvbW1vbjEfMB0GA1UEAxMWSW5Db21tb24gUlNBIFNlcnZlciBD
QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJwb8bsvf2MYFVFRVA+e
xU5NEFj6MJsXKZDmMwysE1N8VJG06thum4ltuzM+j9INpun5uukNDBqeso7JcC7v
HgV9lestjaKpTbOc5/MZNrun8XzmCB5hJ0R6lvSoNNviQsil2zfVtefkQnI/tBPP
iwckRR6MkYNGuQmm/BijBgLsNI0yZpUn6uGX6Ns1oytW61fo8BBZ321wDGZq0GTl
qKOYMa0dYtX6kuOaQ80tNfvZnjNbRX3EhigsZhLI2w8ZMA0/6fDqSl5AB8f2IHpT
eIFken5FahZv9JNYyWL7KSd9oX8hzudPR9aKVuDjZvjs3YncJowZaDuNi+L7RyML
fzcCAwEAAaOCAW4wggFqMB8GA1UdIwQYMBaAFFN5v1qqK0rPVIDh2JvAnfKyA2bL
MB0GA1UdDgQWBBQeBaN3j2yW4luHS6a0hqxxAAznODAOBgNVHQ8BAf8EBAMCAYYw
EgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
AwIwGwYDVR0gBBQwEjAGBgRVHSAAMAgGBmeBDAECAjBQBgNVHR8ESTBHMEWgQ6BB
hj9odHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQ2VydGlmaWNh
dGlvbkF1dGhvcml0eS5jcmwwdgYIKwYBBQUHAQEEajBoMD8GCCsGAQUFBzAChjNo
dHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQWRkVHJ1c3RDQS5j
cnQwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZI
hvcNAQEMBQADggIBAC0RBjjW29dYaK+qOGcXjeIT16MUJNkGE+vrkS/fT2ctyNMU
11ZlUp5uH5gIjppIG8GLWZqjV5vbhvhZQPwZsHURKsISNrqOcooGTie3jVgU0W+0
+Wj8mN2knCVANt69F2YrA394gbGAdJ5fOrQmL2pIhDY0jqco74fzYefbZ/VS29fR
5jBxu4uj1P+5ZImem4Gbj1e4ZEzVBhmO55GFfBjRidj26h1oFBHZ7heDH1Bjzw72
hipu47Gkyfr2NEx3KoCGMLCj3Btx7ASn5Ji8FoU+hCazwOU1VX55mKPU1I2250Lo
RCASN18JyfsD5PVldJbtyrmz9gn/TKbRXTr80U2q5JhyvjhLf4lOJo/UzL5WCXED
Smyj4jWG3R7Z8TED9xNNCxGBMXnMete+3PvzdhssvbORDwBZByogQ9xL2LUZFI/i
eoQp0UM/L8zfP527vWjEzuDN5xwxMnhi+vCToh7J159o5ah29mP+aJnvujbXEnGa
nrNxHzu+AGOePV8hwrGGG7hOIcPDQwkuYwzN/xT29iLp/cqf9ZhEtkGcQcIImH3b
oJ8ifsCnSbu0GB9L06Yqh7lcyvKDTEADslIaeSEINxhO2Y1fmcYFX/Fqrrp1WnhH
OjplXuXE0OPa0utaKC25Aplgom88L2Z8mEWcyfoB7zKOfD759AN7JKZWCYwk
-----END CERTIFICATE-----

USERTrust RSA Certification Authority [intermediate, X.509 certificate, base64-encoded DER]:

-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgIQE+oocFv07O0MNmMJgGFDNjANBgkqhkiG9w0BAQwFADBv
MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow
gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK
ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD
VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sIs9CsVw127c0n00yt
UINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnGvDoZtF+mvX2do2NC
tnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQIjy8/hPwhxR79uQf
jtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfbIWax1Jt4A8BQOujM
8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0tyA9yn8iNK5+O2hm
AUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97Exwzf4TKuzJM7UXiV
Z4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNVicQNwZNUMBkTrNN9
N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5D9kCnusSTJV882sF
qV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJWBp/kjbmUZIO8yZ9
HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ5lhCLkMaTLTwJUdZ
+gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzGKAgEJTm4Diup8kyX
HAc/DVL17e8vgg8CAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTv
A73gJMtUGjAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/
BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1Ud
HwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4
dGVybmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0
dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAJNl9jeD
lQ9ew4IcH9Z35zyKwKoJ8OkLJvHgwmp1ocd5yblSYMgpEg7wrQPWCcR23+WmgZWn
RtqCV6mVksW2jwMibDN3wXsyF24HzloUQToFJBv2FAY7qCUkDrvMKnXduXBBP3zQ
YzYhBx9G/2CkkeFnvN4ffhkUyWNnkepnB2u0j4vAbkN9w6GAbLIevFOFfdyQoaS8
Le9Gclc1Bb+7RrtubTeZtv8jkpHGbkD4jylW6l/VXxRTrPBPYer3IsynVgviuDQf
Jtl7GQVoP7o81DgGotPmjw7jtHFtQELFhLRAlSv0ZaBIefYdgWOWnU914Ph85I6p
0fKtirOMxyHNwu8=
-----END CERTIFICATE-----