LDAP SSL Public Key

New Certificate information (new cert to be deployed October 31st, 2018)

The Comodo/InCommon certificate trust chain

See also: CAS TLS Certificates

Overview

We will deploy new certificates signed by Comodo's InCommon RSA Server CA intermediate, which in turn is signed by the USERTrust RSA CA intermediate, which finally is signed by the AddTrust External root CA.

The deployment time line

  • October 24th, 2018:  Newer Comodo certificates will be installed on the dir.calnet.b.e cluster.  Cluster will be upgraded to the last LDAP software.
  • October 31st, 2018:  The ldap.berkeley.edu DNS name will be pointed to the dir.calnet.b.e cluster.

Update and validation road map for LDAP clients

  • Starting October 24th, all LDAP clients can access dir.calnet.b.e via SSL/TLS to validate that their trust stores have at least the Comodo root CA certificate installed. This will allow implicit trust of the new host certificate installed on the cluster. See above for information about the new Comodo certificate trust chain.

    In the case of Java trust stores, since (1) applications may use trust stores other than the default cacerts file, and since (2) more than one JVM may be installed on a system, be sure that you have identified the correct trust store file being used by your application. Also, a restart of the JVM is probably necessary for any change in the trust store content to be recognized.

  • Once the same validation procedure is completed, clients should return to using the ldap.b.e name during the DNS transition.
  • When using OpenSSL-based libraries, it may be necessary to create symbolic links to the actual certificate files using a procedure such as the following:

    Generate a symbolic link based on the hash value for the certificate:
    ln -s COMODO-RootCA.crt \
      $(openssl x509 -hash -noout < COMODO-RootCA.crt).0

For questions, please write to the calnet-developers@lists.b.e list or send directly to calnet-admin@lists.b.e


Workaround if needed for untrusted certificates

If your TLS/SSL libraries do not accept the dir.calnet.b.e (to later become ldap.b.e), certificates as trusted, here are some suggested workarounds if installing the Comodo AddTrust root CA alone, or the root CA together with the intermediate CAs, does not provide a proper chain of trust. Typically, using the RootCA or the RootCA plus intermediate CA certificate(s) would be sufficient, but in some cases these workarounds are required or desired:

  1. Not recommended: Disable certificate validation checking.
  2. Recommended, only if needed: Add the host certificate directly to your trust store rather than depending on the Root CA signature to chain the trust. See below for the included host certificate needed for this option. Using this option (2) means that any change of the LDAP server host certificate in the future will require establishing trust again via this procedure and using the new LDAP server host certificate when it becomes available.

Steps for option 1 (not recommended) for OpenLDAP clients like ldapsearch

Set TLS_REQCERT allow in /etc/openldap/ldap.conf, or, for temporary disablement, set an environment variable as in the following example for the bash shell:

export LDAPTLS_REQCERT=allow

Do this at some point before using the LDAP client.

Steps for option 2 (recommended, only if needed)

We have the dir.calnet.b.e (later to become ldap.b.e), host certificate PEM-encoded below. Only if needed (see above), import this file into your application's or JVM's trusted Root CA storage.

new ldap.b.e/dir.calnet.b.e, host X.509 cert, PEM-encoded

deployed October 24, 2018 to dir.calnet.berkele.edu

deployed October 31, 2018 to ldap.berkeley.edu

-----BEGIN CERTIFICATE-----
MIII3zCCB8egAwIBAgIQJgINIUe+9YB7zOyQbFYb4TANBgkqhkiG9w0BAQsFADB2
MQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUkxEjAQBgNVBAcTCUFubiBBcmJvcjES
MBAGA1UEChMJSW50ZXJuZXQyMREwDwYDVQQLEwhJbkNvbW1vbjEfMB0GA1UEAxMW
SW5Db21tb24gUlNBIFNlcnZlciBDQTAeFw0xODA5MjYwMDAwMDBaFw0yMDA5MjUy
MzU5NTlaMIHfMQswCQYDVQQGEwJVUzEOMAwGA1UEERMFOTQ3MjAxCzAJBgNVBAgT
AkNBMREwDwYDVQQHEwhCZXJrZWxleTEiMCAGA1UECQwZMjAwIENhbGlmb3JuaWEg
SGFsbCAjMTUwMDFIMEYGA1UEChM/VW5pdmVyc2l0eSBvZiBDYWxpZm9ybmlhLCBC
ZXJrZWxleSAoUmVnZW50cyBvZiB0aGUgVW5pdi4gb2YgQ0EpMRYwFAYDVQQLEw1J
U1QtQ2FsTmV0SWRNMRowGAYDVQQDExFsZGFwLmJlcmtlbGV5LmVkdTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMAEhQqvyaRo8Zm1dh0dhjaCAMig3TMw
B3f5ulo/F3EmSNJaeDCr9OlumIZCQ1Fyo80gyIjO80Q0gzMjIJOpZwLy/4TkKEkU
kJvObVrGh7ycyhJOLh/61Mbamuwlc4J4Rt8p1r/ulv77O5fOVENgENvO2AAGT7m8
V+ykqFH41XT9aHLuPEiXAcAmlb08Qy8lPeAPV0SR6dcGVBlZlGgXn30UqX2HpUi+
9tAPwxEhA/evmlrzp1ukjf3ziwzNH0bqO2mO+HVlM3xeAOaKNPhOlEgeepQsNCt5
xqKzrNR2uYsJAO8qANzI7N6e2EI0ZIC3KfQxs1O1tz56q9ZoPhc0YSMCAwEAAaOC
BP0wggT5MB8GA1UdIwQYMBaAFB4Fo3ePbJbiW4dLprSGrHEADOc4MB0GA1UdDgQW
BBS68LDjYlrPpfMg2Oe7j9VQV2FdgDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/
BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwZwYDVR0gBGAwXjBS
BgwrBgEEAa4jAQQDAQEwQjBABggrBgEFBQcCARY0aHR0cHM6Ly93d3cuaW5jb21t
b24ub3JnL2NlcnQvcmVwb3NpdG9yeS9jcHNfc3NsLnBkZjAIBgZngQwBAgIwRAYD
VR0fBD0wOzA5oDegNYYzaHR0cDovL2NybC5pbmNvbW1vbi1yc2Eub3JnL0luQ29t
bW9uUlNBU2VydmVyQ0EuY3JsMHUGCCsGAQUFBwEBBGkwZzA+BggrBgEFBQcwAoYy
aHR0cDovL2NydC51c2VydHJ1c3QuY29tL0luQ29tbW9uUlNBU2VydmVyQ0FfMi5j
cnQwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wggHRBgNV
HREEggHIMIIBxIIRbGRhcC5iZXJrZWxleS5lZHWCIWRpci1hdXRoLmNhbG5ldC4x
OTE4LmJlcmtlbGV5LmVkdYIaZGlyLXAxLmNhbG5ldC5iZXJrZWxleS5lZHWCIGRp
ci1wMTAuY2FsbmV0LjE5MTguYmVya2VsZXkuZWR1ghpkaXItcDIuY2FsbmV0LmJl
cmtlbGV5LmVkdYIaZGlyLXAzLmNhbG5ldC5iZXJrZWxleS5lZHWCH2Rpci1wNC5j
YWxuZXQuMTkxOC5iZXJrZWxleS5lZHWCH2Rpci1wNS5jYWxuZXQuMTkxOC5iZXJr
ZWxleS5lZHWCGmRpci1wNi5jYWxuZXQuYmVya2VsZXkuZWR1ghpkaXItcDcuY2Fs
bmV0LmJlcmtlbGV5LmVkdYIaZGlyLXA4LmNhbG5ldC5iZXJrZWxleS5lZHWCGmRp
ci1wOS5jYWxuZXQuYmVya2VsZXkuZWR1ghdkaXIuY2FsbmV0LmJlcmtlbGV5LmVk
dYIgbGRhcC1vZmZzaXRlLmNhbG5ldC5iZXJrZWxleS5lZHWCEG5kcy5iZXJrZWxl
eS5lZHWCF25kcy5jYWxuZXQuYmVya2VsZXkuZWR1MIIBfQYKKwYBBAHWeQIEAgSC
AW0EggFpAWcAdgDuS723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAWYX
G2HiAAAEAwBHMEUCIQCXT1G+BDAdc1HHVgvV5c6xDThYQDSbZpOnYhVRryJLqwIg
QBeoTPLO37FrU6fXtw9b4DZ+q6QqWVwRDgCX07Nz1b0AdgBep3P531bA57U2SH3Q
SeAyepGaDIShEhKEGHWWgXFFWAAAAWYXG2IsAAAEAwBHMEUCIBxW+YlY2tbhxedk
5kxaNBHBvmwWSAk+jTucTxn2wJW+AiEAjSnbK2JzyeV38JG5X5oD8xw1EyiJtwm4
lPtIcoDL6rwAdQBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAWYX
G2H9AAAEAwBGMEQCIHkFSIm0MS3zUcZJZCbuX0GJZYYLObV/EjqgoBqFtWhrAiB+
zc3GSYdqut6nmA3NyXnV8I/yLSc9L+5KCtzudbAr4jANBgkqhkiG9w0BAQsFAAOC
AQEAF9ebnqdXy+ROh8e+/+gyBI5s1HuMl6z1I2mXvPjPyocqToOgOxlTVE7SBBk+
CPVbp0h0xNI/aK7QlprdFaNGmyqukMkIRJaHd3Hgsqj5aQ0caQNdv5MuhdWTWnbG
L3UZqJ+/X5uGfIsIlUltFEa/4w0IsLiC5CJ9WbTt4mqd8le2WMPAXOIh98NBrLZ9
iD7ApyI9VSz0ZhtWifuCLI+l3WpwrOaIXNqtlEJr1AMpCOfbbFEoe5w8WnS8ZeWH
Fzy9OHKQfnjL32U3NatoWNn/usL0N4gbL22e6QIMGVmJPxShzf3LCbnD5saPI0hN
yr6szqpPLBEtfo0Ax7O14Oa+Mg==
-----END CERTIFICATE-----
current ldap.b.e/nds.calnet.b.e, host X.509 cert, PEM-encoded [to be replaced October 31, 2018]
-----BEGIN CERTIFICATE-----
MIIHUjCCBjqgAwIBAgIRAMzjq00nDocBs2FtLDh7I04wDQYJKoZIhvcNAQELBQAw
djELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1JMRIwEAYDVQQHEwlBbm4gQXJib3Ix
EjAQBgNVBAoTCUludGVybmV0MjERMA8GA1UECxMISW5Db21tb24xHzAdBgNVBAMT
FkluQ29tbW9uIFJTQSBTZXJ2ZXIgQ0EwHhcNMTUxMjA3MDAwMDAwWhcNMTgxMjA2
MjM1OTU5WjCB6zELMAkGA1UEBhMCVVMxEjAQBgNVBBETCTk0NzIwMTUwMDETMBEG
A1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIQmVya2VsZXkxIjAgBgNVBAkMGTIw
MCBDYWxpZm9ybmlhIEhhbGwgIzE1MDAxSDBGBgNVBAoTP1VuaXZlcnNpdHkgb2Yg
Q2FsaWZvcm5pYSwgQmVya2VsZXkgKFJlZ2VudHMgb2YgdGhlIFVuaXYuIG9mIENB
KTEWMBQGA1UECxMNSVNULUNhbE5ldElkTTEaMBgGA1UEAxMRbGRhcC5iZXJrZWxl
eS5lZHUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCq7kPfPCt1TUaM
WBLvPZAD61t8XYSEHRx1l0fVxf06YUzGxDoFw3lcvoEbqqGInWxK8xESzI4WOsEq
iI8xd7z6rACZ+dn5aMx9e7NARpP8FrqNtLVIkBKE6hNZLyYDqVWQDuiSr1biocwK
uR3NB/nIjrPFJ5MmrqwnyK98asZ5nTTBXrjkH+xlVpDN8ApBQwK3QOUEZTmE/hUF
yhUoT/lNIGBt2cvT5uAy0qf6ejKTC9b6nbXKHIgrc43V6lBYY1SQrs8IwA4dgfru
lBJiduXG/wfbYsIB+p9v8PHVjRQsQNwKsSfYHCjiYcqEyWsuQRJxosc4Qr6JNIaq
GqmnpJYJAgMBAAGjggNjMIIDXzAfBgNVHSMEGDAWgBQeBaN3j2yW4luHS6a0hqxx
AAznODAdBgNVHQ4EFgQUdnVIg/c/MD9Ftd3TKBHA7cWvGgowDgYDVR0PAQH/BAQD
AgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
MGcGA1UdIARgMF4wUgYMKwYBBAGuIwEEAwEBMEIwQAYIKwYBBQUHAgEWNGh0dHBz
Oi8vd3d3LmluY29tbW9uLm9yZy9jZXJ0L3JlcG9zaXRvcnkvY3BzX3NzbC5wZGYw
CAYGZ4EMAQICMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwuaW5jb21tb24t
cnNhLm9yZy9JbkNvbW1vblJTQVNlcnZlckNBLmNybDB1BggrBgEFBQcBAQRpMGcw
PgYIKwYBBQUHMAKGMmh0dHA6Ly9jcnQudXNlcnRydXN0LmNvbS9JbkNvbW1vblJT
QVNlcnZlckNBXzIuY3J0MCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1
c3QuY29tMIIBuAYDVR0RBIIBrzCCAauCEWxkYXAuYmVya2VsZXkuZWR1giBsZGFw
LW9mZnNpdGUuY2FsbmV0LmJlcmtlbGV5LmVkdYIhbmRzLWF1dGguY2FsbmV0LjE5
MTguYmVya2VsZXkuZWR1ghpuZHMtcDEuY2FsbmV0LmJlcmtlbGV5LmVkdYIgbmRz
LXAxMC5jYWxuZXQuMTkxOC5iZXJrZWxleS5lZHWCGm5kcy1wMi5jYWxuZXQuYmVy
a2VsZXkuZWR1ghpuZHMtcDMuY2FsbmV0LmJlcmtlbGV5LmVkdYIfbmRzLXA0LmNh
bG5ldC4xOTE4LmJlcmtlbGV5LmVkdYIfbmRzLXA1LmNhbG5ldC4xOTE4LmJlcmtl
bGV5LmVkdYIabmRzLXA2LmNhbG5ldC5iZXJrZWxleS5lZHWCGm5kcy1wNy5jYWxu
ZXQuYmVya2VsZXkuZWR1ghpuZHMtcDguY2FsbmV0LmJlcmtlbGV5LmVkdYIabmRz
LXA5LmNhbG5ldC5iZXJrZWxleS5lZHWCEG5kcy5iZXJrZWxleS5lZHWCF25kcy5j
YWxuZXQuYmVya2VsZXkuZWR1MA0GCSqGSIb3DQEBCwUAA4IBAQA5yVftduiAaBJO
OhpvofFT8nEWYvrs9c32NMta7PZ8T9ppzUkZz9H5gOELVc5FO8isVujJI+PXjveQ
wyAZV87n1FD1ZdOGvUxWtM4vFna+MSdP2GM6hxBW4na5ti10VNQygq7dihso77ZY
Ttx8bajil0Y2FwJYuZdXuxTC4i1UiD1s51omBRuaM8Ug7HAdQofsP3Rc2kVqHbA0
2QapRxzha7yyBD2JmtQGcK/Py2cv/801Sk2MqlgXgAmO8Hi3Z3pcQravsXPtKk0X
5fXsEkFCeUwrjpdZJH17Ei1NGFkvviHtVU9tpYhDaffvQw8Qi6FKXiDWgwsHO3kA
9qWWWzuG
-----END CERTIFICATE-----

USERTrust RSA Certification Authority

-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgIQE+oocFv07O0MNmMJgGFDNjANBgkqhkiG9w0BAQwFADBv
MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow
gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK
ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD
VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sIs9CsVw127c0n00yt
UINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnGvDoZtF+mvX2do2NC
tnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQIjy8/hPwhxR79uQf
jtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfbIWax1Jt4A8BQOujM
8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0tyA9yn8iNK5+O2hm
AUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97Exwzf4TKuzJM7UXiV
Z4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNVicQNwZNUMBkTrNN9
N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5D9kCnusSTJV882sF
qV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJWBp/kjbmUZIO8yZ9
HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ5lhCLkMaTLTwJUdZ
+gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzGKAgEJTm4Diup8kyX
HAc/DVL17e8vgg8CAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTv
A73gJMtUGjAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/
BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1Ud
HwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4
dGVybmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0
dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAJNl9jeD
lQ9ew4IcH9Z35zyKwKoJ8OkLJvHgwmp1ocd5yblSYMgpEg7wrQPWCcR23+WmgZWn
RtqCV6mVksW2jwMibDN3wXsyF24HzloUQToFJBv2FAY7qCUkDrvMKnXduXBBP3zQ
YzYhBx9G/2CkkeFnvN4ffhkUyWNnkepnB2u0j4vAbkN9w6GAbLIevFOFfdyQoaS8
Le9Gclc1Bb+7RrtubTeZtv8jkpHGbkD4jylW6l/VXxRTrPBPYer3IsynVgviuDQf
Jtl7GQVoP7o81DgGotPmjw7jtHFtQELFhLRAlSv0ZaBIefYdgWOWnU914Ph85I6p
0fKtirOMxyHNwu8=
-----END CERTIFICATE-----

InCommon RSA Server CA

-----BEGIN CERTIFICATE-----
MIIF+TCCA+GgAwIBAgIQRyDQ+oVGGn4XoWQCkYRjdDANBgkqhkiG9w0BAQwFADCB
iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTQx
MDA2MDAwMDAwWhcNMjQxMDA1MjM1OTU5WjB2MQswCQYDVQQGEwJVUzELMAkGA1UE
CBMCTUkxEjAQBgNVBAcTCUFubiBBcmJvcjESMBAGA1UEChMJSW50ZXJuZXQyMREw
DwYDVQQLEwhJbkNvbW1vbjEfMB0GA1UEAxMWSW5Db21tb24gUlNBIFNlcnZlciBD
QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJwb8bsvf2MYFVFRVA+e
xU5NEFj6MJsXKZDmMwysE1N8VJG06thum4ltuzM+j9INpun5uukNDBqeso7JcC7v
HgV9lestjaKpTbOc5/MZNrun8XzmCB5hJ0R6lvSoNNviQsil2zfVtefkQnI/tBPP
iwckRR6MkYNGuQmm/BijBgLsNI0yZpUn6uGX6Ns1oytW61fo8BBZ321wDGZq0GTl
qKOYMa0dYtX6kuOaQ80tNfvZnjNbRX3EhigsZhLI2w8ZMA0/6fDqSl5AB8f2IHpT
eIFken5FahZv9JNYyWL7KSd9oX8hzudPR9aKVuDjZvjs3YncJowZaDuNi+L7RyML
fzcCAwEAAaOCAW4wggFqMB8GA1UdIwQYMBaAFFN5v1qqK0rPVIDh2JvAnfKyA2bL
MB0GA1UdDgQWBBQeBaN3j2yW4luHS6a0hqxxAAznODAOBgNVHQ8BAf8EBAMCAYYw
EgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
AwIwGwYDVR0gBBQwEjAGBgRVHSAAMAgGBmeBDAECAjBQBgNVHR8ESTBHMEWgQ6BB
hj9odHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQ2VydGlmaWNh
dGlvbkF1dGhvcml0eS5jcmwwdgYIKwYBBQUHAQEEajBoMD8GCCsGAQUFBzAChjNo
dHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQWRkVHJ1c3RDQS5j
cnQwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZI
hvcNAQEMBQADggIBAC0RBjjW29dYaK+qOGcXjeIT16MUJNkGE+vrkS/fT2ctyNMU
11ZlUp5uH5gIjppIG8GLWZqjV5vbhvhZQPwZsHURKsISNrqOcooGTie3jVgU0W+0
+Wj8mN2knCVANt69F2YrA394gbGAdJ5fOrQmL2pIhDY0jqco74fzYefbZ/VS29fR
5jBxu4uj1P+5ZImem4Gbj1e4ZEzVBhmO55GFfBjRidj26h1oFBHZ7heDH1Bjzw72
hipu47Gkyfr2NEx3KoCGMLCj3Btx7ASn5Ji8FoU+hCazwOU1VX55mKPU1I2250Lo
RCASN18JyfsD5PVldJbtyrmz9gn/TKbRXTr80U2q5JhyvjhLf4lOJo/UzL5WCXED
Smyj4jWG3R7Z8TED9xNNCxGBMXnMete+3PvzdhssvbORDwBZByogQ9xL2LUZFI/i
eoQp0UM/L8zfP527vWjEzuDN5xwxMnhi+vCToh7J159o5ah29mP+aJnvujbXEnGa
nrNxHzu+AGOePV8hwrGGG7hOIcPDQwkuYwzN/xT29iLp/cqf9ZhEtkGcQcIImH3b
oJ8ifsCnSbu0GB9L06Yqh7lcyvKDTEADslIaeSEINxhO2Y1fmcYFX/Fqrrp1WnhH
OjplXuXE0OPa0utaKC25Aplgom88L2Z8mEWcyfoB7zKOfD759AN7JKZWCYwk
-----END CERTIFICATE-----