NDS SSL Public Key

Renewed certificate information for nds.berkeley.edu (to be deployed December 2nd, 2018)

The Comodo/InCommon certificate trust chain:

Overview

We will renew the certificate signed by Comodo's InCommon RSA Server CA intermediate, which in turn is signed by the USERTrust RSA CA intermediate, which finally is signed by the AddTrust External root CA.  This is required because the current certificate on the legacy LDAP cluster, nds.berkeley.edu, is expiring.

The deployment time line

  • December 2nd, 2018:  Renewed Comodo certificates will be installed on the nds.berkeley.edu legacy LDAP cluster.
  • January 31st, 2019:  The nds.berkeley.edu LDAP cluster will be retired.  All customers should use ldap.berkeley.edu.

For questions, please write to the calnet-developers@lists.b.e list or send directly to calnet-admin@lists.b.e


Workaround if needed for untrusted certificates

If your TLS/SSL libraries do not accept the nds.berkeley.edu certificates as trusted, here are some suggested workarounds if installing the Comodo AddTrust root CA alone, or the root CA together with the intermediate CAs, does not provide a proper chain of trust. Typically, using the RootCA or the RootCA plus intermediate CA certificate(s) would be sufficient, but in some cases these workarounds are required or desired:

  1. Not recommended: Disable certificate validation checking.
  2. Recommended, only if needed: Add the host certificate directly to your trust store rather than depending on the Root CA signature to chain the trust. See below for the included host certificate needed for this option. Using this option (2) means that any change of the LDAP server host certificate in the future will require establishing trust again via this procedure and using the new LDAP server host certificate when it becomes available.

Steps for option 1 (not recommended) for OpenLDAP clients like ldapsearch

Set TLS_REQCERT allow in /etc/openldap/ldap.conf, or, for temporary disablement, set an environment variable as in the following example for the bash shell:

export LDAPTLS_REQCERT=allow

Do this at some point before using the LDAP client.

Steps for option 2 (recommended, only if needed)

We have the nds.calnet.b.e, host certificate PEM-encoded below. Only if needed (see above), import this file into your application's or JVM's trusted Root CA storage.

renewed nds.b.e/nds.calnet.b.e, host X.509 cert, PEM-encoded

-----BEGIN CERTIFICATE-----
MIIIxjCCB66gAwIBAgIRAP+zogwGYgX5YUmP3ZwNzFMwDQYJKoZIhvcNAQELBQAw
djELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1JMRIwEAYDVQQHEwlBbm4gQXJib3Ix
EjAQBgNVBAoTCUludGVybmV0MjERMA8GA1UECxMISW5Db21tb24xHzAdBgNVBAMT
FkluQ29tbW9uIFJTQSBTZXJ2ZXIgQ0EwHhcNMTgxMTA4MDAwMDAwWhcNMjAxMTA3
MjM1OTU5WjCB3zELMAkGA1UEBhMCVVMxDjAMBgNVBBETBTk0NzIwMQswCQYDVQQI
EwJDQTERMA8GA1UEBxMIQmVya2VsZXkxIjAgBgNVBAkMGTIwMCBDYWxpZm9ybmlh
IEhhbGwgIzE1MDAxSDBGBgNVBAoTP1VuaXZlcnNpdHkgb2YgQ2FsaWZvcm5pYSwg
QmVya2VsZXkgKFJlZ2VudHMgb2YgdGhlIFVuaXYuIG9mIENBKTEWMBQGA1UECxMN
SVNULUNhbE5ldElkTTEaMBgGA1UEAxMRbGRhcC5iZXJrZWxleS5lZHUwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCq7kPfPCt1TUaMWBLvPZAD61t8XYSE
HRx1l0fVxf06YUzGxDoFw3lcvoEbqqGInWxK8xESzI4WOsEqiI8xd7z6rACZ+dn5
aMx9e7NARpP8FrqNtLVIkBKE6hNZLyYDqVWQDuiSr1biocwKuR3NB/nIjrPFJ5Mm
rqwnyK98asZ5nTTBXrjkH+xlVpDN8ApBQwK3QOUEZTmE/hUFyhUoT/lNIGBt2cvT
5uAy0qf6ejKTC9b6nbXKHIgrc43V6lBYY1SQrs8IwA4dgfrulBJiduXG/wfbYsIB
+p9v8PHVjRQsQNwKsSfYHCjiYcqEyWsuQRJxosc4Qr6JNIaqGqmnpJYJAgMBAAGj
ggTjMIIE3zAfBgNVHSMEGDAWgBQeBaN3j2yW4luHS6a0hqxxAAznODAdBgNVHQ4E
FgQUdnVIg/c/MD9Ftd3TKBHA7cWvGgowDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB
/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGcGA1UdIARgMF4w
UgYMKwYBBAGuIwEEAwEBMEIwQAYIKwYBBQUHAgEWNGh0dHBzOi8vd3d3LmluY29t
bW9uLm9yZy9jZXJ0L3JlcG9zaXRvcnkvY3BzX3NzbC5wZGYwCAYGZ4EMAQICMEQG
A1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwuaW5jb21tb24tcnNhLm9yZy9JbkNv
bW1vblJTQVNlcnZlckNBLmNybDB1BggrBgEFBQcBAQRpMGcwPgYIKwYBBQUHMAKG
Mmh0dHA6Ly9jcnQudXNlcnRydXN0LmNvbS9JbkNvbW1vblJTQVNlcnZlckNBXzIu
Y3J0MCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1c3QuY29tMIIBuAYD
VR0RBIIBrzCCAauCEWxkYXAuYmVya2VsZXkuZWR1giBsZGFwLW9mZnNpdGUuY2Fs
bmV0LmJlcmtlbGV5LmVkdYIhbmRzLWF1dGguY2FsbmV0LjE5MTguYmVya2VsZXku
ZWR1ghpuZHMtcDEuY2FsbmV0LmJlcmtlbGV5LmVkdYIgbmRzLXAxMC5jYWxuZXQu
MTkxOC5iZXJrZWxleS5lZHWCGm5kcy1wMi5jYWxuZXQuYmVya2VsZXkuZWR1ghpu
ZHMtcDMuY2FsbmV0LmJlcmtlbGV5LmVkdYIfbmRzLXA0LmNhbG5ldC4xOTE4LmJl
cmtlbGV5LmVkdYIfbmRzLXA1LmNhbG5ldC4xOTE4LmJlcmtlbGV5LmVkdYIabmRz
LXA2LmNhbG5ldC5iZXJrZWxleS5lZHWCGm5kcy1wNy5jYWxuZXQuYmVya2VsZXku
ZWR1ghpuZHMtcDguY2FsbmV0LmJlcmtlbGV5LmVkdYIabmRzLXA5LmNhbG5ldC5i
ZXJrZWxleS5lZHWCEG5kcy5iZXJrZWxleS5lZHWCF25kcy5jYWxuZXQuYmVya2Vs
ZXkuZWR1MIIBfAYKKwYBBAHWeQIEAgSCAWwEggFoAWYAdQDuS723dc5guuFCaR+r
4Z5mow9+X7By2IMAxHuJeqj9ywAAAWb0OYsPAAAEAwBGMEQCIACcIj6/XDw5JlB4
Eq01V0RcPcJ9GgX7zWgjKdnYmVV6AiAk9Rm0YKayYfnKj6aOFOysNxw3Ad/w5Yd4
dOV+70bCQgB1AF6nc/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABZvQ5
i5cAAAQDAEYwRAIgPirGOHCdL+5Wor22Ytb+qeztBiFcJ1FAGhbj2ZnTlgQCIAjN
Fvmy8jNVoBmBu+hLeSPYGNk1x22VRllSYGYywWlyAHYA8JWkWfIA0YJAEC0vk4iO
rUv+HUfjmeHQNKawqKqOsnMAAAFm9DmLWAAABAMARzBFAiEAijgaQ0xIaVBV5fcy
VSspmJkxnK4gq5ytJISpzAddqD8CIFJlAyZwbcchhlWg39HwsUV73VCzoH6w0OCA
oJDR+IyEMA0GCSqGSIb3DQEBCwUAA4IBAQCbXcEQs4l7eOhWCr+H14im990I9W0Q
Y0eZwAYanPQ31gAfdLWFVhxmFQAIs3XnNIi59iGmLVUpwQSXk2LcigkHb4QfvkJm
Uy58kNI8px5487lAO+qLpAoOt71TfTYeehPZwWIze/SFs01Oho0TD77S8/MKK6s6
xHMSpdirq2Ea3+AUmjKF0XQpXzsJBeyET3eOSL3qXIRqRJfqBD9EKAR4of+614oR
dBr0RXQn5KHek3ZrSQh1giznEb2gyfdCv9gs0gX7d/ie98SzGgIEHmBKUQQBvfZ2
lJWjzhgaIFzuEoOc/5jFE8C6WMk8rFzmVc2Ju/HFbTRrWG6Od6t/dYvH
-----END CERTIFICATE-----
current nds.b.e/nds.calnet.b.e, host X.509 cert, PEM-encoded [to be replaced December 2nd, 2018]
-----BEGIN CERTIFICATE-----
MIIHUjCCBjqgAwIBAgIRAMzjq00nDocBs2FtLDh7I04wDQYJKoZIhvcNAQELBQAw
djELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1JMRIwEAYDVQQHEwlBbm4gQXJib3Ix
EjAQBgNVBAoTCUludGVybmV0MjERMA8GA1UECxMISW5Db21tb24xHzAdBgNVBAMT
FkluQ29tbW9uIFJTQSBTZXJ2ZXIgQ0EwHhcNMTUxMjA3MDAwMDAwWhcNMTgxMjA2
MjM1OTU5WjCB6zELMAkGA1UEBhMCVVMxEjAQBgNVBBETCTk0NzIwMTUwMDETMBEG
A1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIQmVya2VsZXkxIjAgBgNVBAkMGTIw
MCBDYWxpZm9ybmlhIEhhbGwgIzE1MDAxSDBGBgNVBAoTP1VuaXZlcnNpdHkgb2Yg
Q2FsaWZvcm5pYSwgQmVya2VsZXkgKFJlZ2VudHMgb2YgdGhlIFVuaXYuIG9mIENB
KTEWMBQGA1UECxMNSVNULUNhbE5ldElkTTEaMBgGA1UEAxMRbGRhcC5iZXJrZWxl
eS5lZHUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCq7kPfPCt1TUaM
WBLvPZAD61t8XYSEHRx1l0fVxf06YUzGxDoFw3lcvoEbqqGInWxK8xESzI4WOsEq
iI8xd7z6rACZ+dn5aMx9e7NARpP8FrqNtLVIkBKE6hNZLyYDqVWQDuiSr1biocwK
uR3NB/nIjrPFJ5MmrqwnyK98asZ5nTTBXrjkH+xlVpDN8ApBQwK3QOUEZTmE/hUF
yhUoT/lNIGBt2cvT5uAy0qf6ejKTC9b6nbXKHIgrc43V6lBYY1SQrs8IwA4dgfru
lBJiduXG/wfbYsIB+p9v8PHVjRQsQNwKsSfYHCjiYcqEyWsuQRJxosc4Qr6JNIaq
GqmnpJYJAgMBAAGjggNjMIIDXzAfBgNVHSMEGDAWgBQeBaN3j2yW4luHS6a0hqxx
AAznODAdBgNVHQ4EFgQUdnVIg/c/MD9Ftd3TKBHA7cWvGgowDgYDVR0PAQH/BAQD
AgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
MGcGA1UdIARgMF4wUgYMKwYBBAGuIwEEAwEBMEIwQAYIKwYBBQUHAgEWNGh0dHBz
Oi8vd3d3LmluY29tbW9uLm9yZy9jZXJ0L3JlcG9zaXRvcnkvY3BzX3NzbC5wZGYw
CAYGZ4EMAQICMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwuaW5jb21tb24t
cnNhLm9yZy9JbkNvbW1vblJTQVNlcnZlckNBLmNybDB1BggrBgEFBQcBAQRpMGcw
PgYIKwYBBQUHMAKGMmh0dHA6Ly9jcnQudXNlcnRydXN0LmNvbS9JbkNvbW1vblJT
QVNlcnZlckNBXzIuY3J0MCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1
c3QuY29tMIIBuAYDVR0RBIIBrzCCAauCEWxkYXAuYmVya2VsZXkuZWR1giBsZGFw
LW9mZnNpdGUuY2FsbmV0LmJlcmtlbGV5LmVkdYIhbmRzLWF1dGguY2FsbmV0LjE5
MTguYmVya2VsZXkuZWR1ghpuZHMtcDEuY2FsbmV0LmJlcmtlbGV5LmVkdYIgbmRz
LXAxMC5jYWxuZXQuMTkxOC5iZXJrZWxleS5lZHWCGm5kcy1wMi5jYWxuZXQuYmVy
a2VsZXkuZWR1ghpuZHMtcDMuY2FsbmV0LmJlcmtlbGV5LmVkdYIfbmRzLXA0LmNh
bG5ldC4xOTE4LmJlcmtlbGV5LmVkdYIfbmRzLXA1LmNhbG5ldC4xOTE4LmJlcmtl
bGV5LmVkdYIabmRzLXA2LmNhbG5ldC5iZXJrZWxleS5lZHWCGm5kcy1wNy5jYWxu
ZXQuYmVya2VsZXkuZWR1ghpuZHMtcDguY2FsbmV0LmJlcmtlbGV5LmVkdYIabmRz
LXA5LmNhbG5ldC5iZXJrZWxleS5lZHWCEG5kcy5iZXJrZWxleS5lZHWCF25kcy5j
YWxuZXQuYmVya2VsZXkuZWR1MA0GCSqGSIb3DQEBCwUAA4IBAQA5yVftduiAaBJO
OhpvofFT8nEWYvrs9c32NMta7PZ8T9ppzUkZz9H5gOELVc5FO8isVujJI+PXjveQ
wyAZV87n1FD1ZdOGvUxWtM4vFna+MSdP2GM6hxBW4na5ti10VNQygq7dihso77ZY
Ttx8bajil0Y2FwJYuZdXuxTC4i1UiD1s51omBRuaM8Ug7HAdQofsP3Rc2kVqHbA0
2QapRxzha7yyBD2JmtQGcK/Py2cv/801Sk2MqlgXgAmO8Hi3Z3pcQravsXPtKk0X
5fXsEkFCeUwrjpdZJH17Ei1NGFkvviHtVU9tpYhDaffvQw8Qi6FKXiDWgwsHO3kA
9qWWWzuG
-----END CERTIFICATE-----

USERTrust RSA Certification Authority

-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgIQE+oocFv07O0MNmMJgGFDNjANBgkqhkiG9w0BAQwFADBv
MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow
gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK
ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD
VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sIs9CsVw127c0n00yt
UINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnGvDoZtF+mvX2do2NC
tnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQIjy8/hPwhxR79uQf
jtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfbIWax1Jt4A8BQOujM
8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0tyA9yn8iNK5+O2hm
AUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97Exwzf4TKuzJM7UXiV
Z4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNVicQNwZNUMBkTrNN9
N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5D9kCnusSTJV882sF
qV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJWBp/kjbmUZIO8yZ9
HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ5lhCLkMaTLTwJUdZ
+gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzGKAgEJTm4Diup8kyX
HAc/DVL17e8vgg8CAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTv
A73gJMtUGjAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/
BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1Ud
HwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4
dGVybmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0
dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAJNl9jeD
lQ9ew4IcH9Z35zyKwKoJ8OkLJvHgwmp1ocd5yblSYMgpEg7wrQPWCcR23+WmgZWn
RtqCV6mVksW2jwMibDN3wXsyF24HzloUQToFJBv2FAY7qCUkDrvMKnXduXBBP3zQ
YzYhBx9G/2CkkeFnvN4ffhkUyWNnkepnB2u0j4vAbkN9w6GAbLIevFOFfdyQoaS8
Le9Gclc1Bb+7RrtubTeZtv8jkpHGbkD4jylW6l/VXxRTrPBPYer3IsynVgviuDQf
Jtl7GQVoP7o81DgGotPmjw7jtHFtQELFhLRAlSv0ZaBIefYdgWOWnU914Ph85I6p
0fKtirOMxyHNwu8=
-----END CERTIFICATE-----

InCommon RSA Server CA

-----BEGIN CERTIFICATE-----
MIIF+TCCA+GgAwIBAgIQRyDQ+oVGGn4XoWQCkYRjdDANBgkqhkiG9w0BAQwFADCB
iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTQx
MDA2MDAwMDAwWhcNMjQxMDA1MjM1OTU5WjB2MQswCQYDVQQGEwJVUzELMAkGA1UE
CBMCTUkxEjAQBgNVBAcTCUFubiBBcmJvcjESMBAGA1UEChMJSW50ZXJuZXQyMREw
DwYDVQQLEwhJbkNvbW1vbjEfMB0GA1UEAxMWSW5Db21tb24gUlNBIFNlcnZlciBD
QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJwb8bsvf2MYFVFRVA+e
xU5NEFj6MJsXKZDmMwysE1N8VJG06thum4ltuzM+j9INpun5uukNDBqeso7JcC7v
HgV9lestjaKpTbOc5/MZNrun8XzmCB5hJ0R6lvSoNNviQsil2zfVtefkQnI/tBPP
iwckRR6MkYNGuQmm/BijBgLsNI0yZpUn6uGX6Ns1oytW61fo8BBZ321wDGZq0GTl
qKOYMa0dYtX6kuOaQ80tNfvZnjNbRX3EhigsZhLI2w8ZMA0/6fDqSl5AB8f2IHpT
eIFken5FahZv9JNYyWL7KSd9oX8hzudPR9aKVuDjZvjs3YncJowZaDuNi+L7RyML
fzcCAwEAAaOCAW4wggFqMB8GA1UdIwQYMBaAFFN5v1qqK0rPVIDh2JvAnfKyA2bL
MB0GA1UdDgQWBBQeBaN3j2yW4luHS6a0hqxxAAznODAOBgNVHQ8BAf8EBAMCAYYw
EgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
AwIwGwYDVR0gBBQwEjAGBgRVHSAAMAgGBmeBDAECAjBQBgNVHR8ESTBHMEWgQ6BB
hj9odHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQ2VydGlmaWNh
dGlvbkF1dGhvcml0eS5jcmwwdgYIKwYBBQUHAQEEajBoMD8GCCsGAQUFBzAChjNo
dHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQWRkVHJ1c3RDQS5j
cnQwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZI
hvcNAQEMBQADggIBAC0RBjjW29dYaK+qOGcXjeIT16MUJNkGE+vrkS/fT2ctyNMU
11ZlUp5uH5gIjppIG8GLWZqjV5vbhvhZQPwZsHURKsISNrqOcooGTie3jVgU0W+0
+Wj8mN2knCVANt69F2YrA394gbGAdJ5fOrQmL2pIhDY0jqco74fzYefbZ/VS29fR
5jBxu4uj1P+5ZImem4Gbj1e4ZEzVBhmO55GFfBjRidj26h1oFBHZ7heDH1Bjzw72
hipu47Gkyfr2NEx3KoCGMLCj3Btx7ASn5Ji8FoU+hCazwOU1VX55mKPU1I2250Lo
RCASN18JyfsD5PVldJbtyrmz9gn/TKbRXTr80U2q5JhyvjhLf4lOJo/UzL5WCXED
Smyj4jWG3R7Z8TED9xNNCxGBMXnMete+3PvzdhssvbORDwBZByogQ9xL2LUZFI/i
eoQp0UM/L8zfP527vWjEzuDN5xwxMnhi+vCToh7J159o5ah29mP+aJnvujbXEnGa
nrNxHzu+AGOePV8hwrGGG7hOIcPDQwkuYwzN/xT29iLp/cqf9ZhEtkGcQcIImH3b
oJ8ifsCnSbu0GB9L06Yqh7lcyvKDTEADslIaeSEINxhO2Y1fmcYFX/Fqrrp1WnhH
OjplXuXE0OPa0utaKC25Aplgom88L2Z8mEWcyfoB7zKOfD759AN7JKZWCYwk
-----END CERTIFICATE-----