Generate Test mTLS Certificates
Eric Weber edited this page Jan 29, 2024
·
3 revisions
Longhorn supports mTLS between longhorn-manager and various gRPC services provided by longhorn-instance-manager. All (instance-manager) servers and (longhorn-manager) clients use the same certificate and private key. We provide generic requirements and instructions in the Longhorn documentation, but the details are likely specific to each user.
The purpose of this document is to provide Longhorn developers with a set of commands they can quickly run to generate an mTLS secret for testing.
- Ensure you have OpenSSL v3 installed. Older versions of OpenSSL may not have all of the below flags. (The workstation used to generate these instructions is running openSUSE Leap v15.4, which does NOT come with OpenSSL v3 pre-installed.)
--> openssl version
OpenSSL 1.1.1l-fips 24 Aug 2021 SUSE release 150400.7.60.2
--> sudo zypper install -y openssl-3
# Output removed for brevity.
--> openssl-3 version
OpenSSL 3.0.8 7 Feb 2023 (Library: OpenSSL 3.0.8 7 Feb 2023)
- Generate a new key to be used by the signing certificate authority.
--> openssl-3 genrsa 2048 > ca-key.pem
- Generate a new certificate for the certificate authority.
--> openssl-3 req -new -x509 -nodes -days 365000 -key ca-key.pem -out ca.crt -subj "/CN=longhorn-ca"
- Generate a certificate signing request and a new key to be used by the Longhorn components. (Note the use of the
addext
flag to ensure the request includes all of the requiredsubjectAltName
values.)
--> openssl-3 req -newkey rsa:2048 -nodes -keyout tls.key -out tls-req.pem -subj "/CN=longhorn-backend" -addext "subjectAltName = DNS:longhorn-backend, DNS:longhorn-backend.longhorn-system, DNS:longhorn-backend.longhorn-system.svc, DNS:longhorn-frontend, DNS:longhorn-frontend.longhorn-system, DNS:longhorn-frontend.longhorn-system.svc, DNS:longhorn-engine-manager, DNS:longhorn-engine-manager.longhorn-system, DNS:longhorn-engine-manager.longhorn-system.svc, DNS:longhorn-replica-manager, DNS:longhorn-replica-manager.longhorn-system, DNS:longhorn-replica-manager.longhorn-system.svc, DNS:longhorn-csi, DNS:longhorn-csi.longhorn-system, DNS:longhorn-csi.longhorn-system.svc, DNS:longhorn-backend, IP:127.0.0.1"
# Output removed for brevity.
- Generate the certificate for the Longhorn components. (Note the use of the
copy_extensions
flag to ensure the requiredsubejctAltName
values are copied to the certificate.)
--> openssl-3 x509 -req -days 365000 -set_serial 01 -in tls-req.pem -out tls.crt -CA ca.crt -CAkey ca-key.pem -copy_extensions copy
Certificate request self-signature ok
subject=CN = longhorn-backend
- Check the contents of the certificate for the Longhorn components.
--> openssl x509 -in tls.crt -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN = longhorn-ca
Validity
Not Before: Jan 26 17:59:38 2024 GMT
Not After : May 29 17:59:38 3023 GMT
Subject: CN = longhorn-backend
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:6a:cd:45:72:18:fa:34:fa:f8:78:ca:ec:08:
19:b2:36:ba:f3:05:9f:4b:2f:67:68:80:7f:d1:45:
80:61:5a:49:29:ce:9e:9d:a9:21:58:fd:a9:8b:51:
f6:7d:d1:a4:e2:02:b8:7a:0a:5e:7a:dd:f7:d6:ea:
7d:94:84:a6:98:e6:98:cd:bf:6a:a2:ea:7c:e5:43:
29:90:fa:c8:37:60:69:a0:ae:ef:98:fc:3e:98:41:
27:c6:86:fb:d4:f4:6e:c8:47:1a:5e:10:8d:f1:a8:
2f:ef:af:9b:39:4f:bc:ea:17:83:4d:67:9f:ba:07:
17:95:6b:91:ce:9c:2c:59:a3:93:81:77:07:18:08:
17:f9:d9:71:b5:13:7b:45:2d:8e:92:e4:e2:85:93:
1b:a6:33:88:4b:26:eb:8a:41:19:91:b8:3b:a6:ef:
16:26:6f:b3:16:23:2b:fe:c3:50:63:c6:1b:df:c5:
30:be:87:fd:0e:6a:0a:c2:76:de:59:8d:2e:fa:e6:
f4:20:68:cd:33:20:fe:62:4e:a7:9a:fd:51:db:7b:
1a:56:b5:dc:f0:e9:9b:e3:c9:a7:56:64:c4:27:ef:
54:d4:bb:bd:e9:1f:42:cf:1d:fe:6c:9d:0a:54:3f:
e3:c1:05:18:d9:bf:54:89:f7:49:6c:87:63:d1:d6:
2c:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:longhorn-backend, DNS:longhorn-backend.longhorn-system, DNS:longhorn-backend.longhorn-system.svc, DNS:longhorn-frontend, DNS:longhorn-frontend.longhorn-system, DNS:longhorn-frontend.longhorn-system.svc, DNS:longhorn-engine-manager, DNS:longhorn-engine-manager.longhorn-system, DNS:longhorn-engine-manager.longhorn-system.svc, DNS:longhorn-replica-manager, DNS:longhorn-replica-manager.longhorn-system, DNS:longhorn-replica-manager.longhorn-system.svc, DNS:longhorn-csi, DNS:longhorn-csi.longhorn-system, DNS:longhorn-csi.longhorn-system.svc, DNS:longhorn-backend, IP Address:127.0.0.1
X509v3 Subject Key Identifier:
87:70:A9:F4:FD:66:54:EA:4F:E6:C8:F4:1C:67:6E:B9:8A:BA:E1:8F
X509v3 Authority Key Identifier:
keyid:DE:B9:DE:6B:93:E1:4D:4B:35:44:11:E6:60:E2:11:BE:08:86:26:E8
Signature Algorithm: sha256WithRSAEncryption
72:3d:60:0e:f5:89:f6:ed:ba:3c:06:1d:25:78:95:dc:6f:22:
42:67:9b:a1:83:70:c4:c3:a9:c4:3a:43:af:82:df:9d:42:c5:
c7:ee:3f:c0:bb:ea:ad:58:1e:68:27:47:0c:67:d4:5c:44:70:
ec:eb:17:99:c0:a7:7b:b1:0a:9d:3a:fb:91:15:01:70:22:89:
af:08:b8:31:fd:0c:ce:da:7a:7d:3d:fb:05:5a:7c:3c:dc:7f:
f7:f7:bc:eb:eb:34:70:91:a6:2d:45:b5:47:1d:c4:65:83:1b:
19:fb:ff:1c:b1:a5:1e:5d:6b:45:a0:08:1d:b0:ba:c9:54:66:
f4:32:07:6c:2b:c1:51:12:46:e2:41:b2:9d:ef:36:b1:e0:3e:
ec:01:05:62:11:7d:a5:eb:92:40:f2:75:6a:2e:e4:9f:95:70:
98:e3:a1:50:93:c1:2a:3b:15:6d:69:5c:4c:e2:6f:da:62:69:
81:2c:d5:48:92:30:bf:51:5b:3f:49:9b:65:90:34:8d:07:58:
e1:61:d5:22:fa:35:68:6d:51:1e:0c:c2:81:6a:32:2e:a3:4d:
52:51:7e:96:3f:eb:ed:01:57:44:52:84:a3:b0:68:e0:e0:b3:
18:31:78:62:3f:d4:36:bd:ef:96:0b:c2:c1:c5:f0:21:bc:71:
04:de:18:fb
- For each of the important files
ca.crt
,tls.crt
,tls.key
, base64 encode it and add it to the secret template below.
apiVersion: v1
kind: Secret
metadata:
name: longhorn-grpc-tls
namespace: longhorn-system
type: kubernetes.io/tls
data:
ca.crt:
tls.crt:
tls.key:
--> base64 -w 0 ca.crt
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREekNDQWZlZ0F3SUJBZ0lVTHN6YnlpMVN6dSs5UlJmZkl3TDJlNFkzSytzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xiRzl1WjJodmNtNHRZMkV3SUJjTk1qUXdNVEkyTVRjMU5EUTVXaGdQTXpBeQpNekExTWpreE56VTBORGxhTUJZeEZEQVNCZ05WQkFNTUMyeHZibWRvYjNKdUxXTmhNSUlCSWpBTkJna3Foa2lHCjl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFucGFFbG4xRjFhT2hzekZTcVJ0TUliNWdLTkNZSUhzRml4WGEKZTJiZ2hKRThQdUZ0bUdzekhlQVpBeWNueHM1L1J3cU1ieVBPbDFuL3FlU2RJMUg5QnMvNUQwZk1tUEFQMm94aQozZ3B2cXhRbzZwdE5PMGwxUnVBcmZmKytQKzNqd2RNdWpDMDdWVW9HZUpsbWoxNUpLbTZRQWJ1cURnejEyaDNjCmYvUzg5bWJWeXowZXMwMktTQnRqVm5RRTBlSVdGakg1SnVyVEU0bEJpT1hWbktHSUZnQXYzZ3pxeXZsdUo3VVgKUml5TC9UaVp1VS9aSnFtQlJpQyttWGpiUndlVTRvMW1mNGlrN1dPQXIzY2FNOUUzQVgvaDlMbzhYTXhDM1hqVAphdkZta2NnWXZhSlhicWhqak9VWVhlNmo1UmN6dnNUVk8wOXBsL3RlTld3Mkx4ZmFsUUlEQVFBQm8xTXdVVEFkCkJnTlZIUTRFRmdRVTNybmVhNVBoVFVzMVJCSG1ZT0lSdmdpR0p1Z3dId1lEVlIwakJCZ3dGb0FVM3JuZWE1UGgKVFVzMVJCSG1ZT0lSdmdpR0p1Z3dEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQwpBUUVBR3F4emxpdHVrVlFhUFZENmFZSC9xQ0IyRnh5WW1WU3pBVGJncGlwU3JrZHFBWmJRVUNQdXUvSnVMdGlSCjBuYXFicHkzZ2J6K0IzY1VPZlJjQWpxd2VQclpRMUVOTVF4TUZGZEJ2MG51Tko2TllFWWlKUEVhSFlhdE1IZlgKaXVndTZwcXNmZW56dlROMG1MeGx0eDBycVdXNnFiT1k4OGdVKzA1bXl2c0dTUjdWUldsQ2Yyc1FnQmtteWJHbgozSTBuaFFMVHd1N2Y2VkUrd21GeEhlUDl3OWN1Mk8wbFdMV1ZHTno1ZExybGdDcCsrdWttZDlMOFlPbW1tT3lVCkhVVm5rOGY5Ykk2NG9ENjNNS0M2UU83Kzk0ZnRETFBSRFZxVHBReE5pV25QOWl2M0lIVlQvUS93TkN5OVNYQUIKRzJ3Qm1nLzJ0eFY0S09HSHRCamxlb1BxcUE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
--> base64 -w 0 tls.crt
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZBekNDQSt1Z0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFXTVJRd0VnWURWUVFEREF0c2IyNW4KYUc5eWJpMWpZVEFnRncweU5EQXhNall4TnpVNU16aGFHQTh6TURJek1EVXlPVEUzTlRrek9Gb3dHekVaTUJjRwpBMVVFQXd3UWJHOXVaMmh2Y200dFltRmphMlZ1WkRDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDCkFRb0NnZ0VCQUpOcXpVVnlHUG8wK3ZoNHl1d0lHYkkydXZNRm4wc3ZaMmlBZjlGRmdHRmFTU25PbnAycElWajkKcVl0UjluM1JwT0lDdUhvS1hucmQ5OWJxZlpTRXBwam1tTTIvYXFMcWZPVkRLWkQ2eURkZ2FhQ3U3NWo4UHBoQgpKOGFHKzlUMGJzaEhHbDRRamZHb0wrK3ZtemxQdk9vWGcwMW5uN29IRjVWcmtjNmNMRm1qazRGM0J4Z0lGL25aCmNiVVRlMFV0anBMazRvV1RHNll6aUVzbTY0cEJHWkc0TzZidkZpWnZzeFlqSy83RFVHUEdHOS9GTUw2SC9RNXEKQ3NKMjNsbU5MdnJtOUNCb3pUTWcvbUpPcDVyOVVkdDdHbGExM1BEcG0rUEpwMVpreENmdlZOUzd2ZWtmUXM4ZAovbXlkQ2xRLzQ4RUZHTm0vVkluM1NXeUhZOUhXTEowQ0F3RUFBYU9DQWxNd2dnSlBNSUlDQ3dZRFZSMFJCSUlDCkFqQ0NBZjZDRUd4dmJtZG9iM0p1TFdKaFkydGxibVNDSUd4dmJtZG9iM0p1TFdKaFkydGxibVF1Ykc5dVoyaHYKY200dGMzbHpkR1Z0Z2lSc2IyNW5hRzl5YmkxaVlXTnJaVzVrTG14dmJtZG9iM0p1TFhONWMzUmxiUzV6ZG1PQwpFV3h2Ym1kb2IzSnVMV1p5YjI1MFpXNWtnaUZzYjI1bmFHOXliaTFtY205dWRHVnVaQzVzYjI1bmFHOXliaTF6CmVYTjBaVzJDSld4dmJtZG9iM0p1TFdaeWIyNTBaVzVrTG14dmJtZG9iM0p1TFhONWMzUmxiUzV6ZG1PQ0YyeHYKYm1kb2IzSnVMV1Z1WjJsdVpTMXRZVzVoWjJWeWdpZHNiMjVuYUc5eWJpMWxibWRwYm1VdGJXRnVZV2RsY2k1cwpiMjVuYUc5eWJpMXplWE4wWlcyQ0syeHZibWRvYjNKdUxXVnVaMmx1WlMxdFlXNWhaMlZ5TG14dmJtZG9iM0p1CkxYTjVjM1JsYlM1emRtT0NHR3h2Ym1kb2IzSnVMWEpsY0d4cFkyRXRiV0Z1WVdkbGNvSW9iRzl1WjJodmNtNHQKY21Wd2JHbGpZUzF0WVc1aFoyVnlMbXh2Ym1kb2IzSnVMWE41YzNSbGJZSXNiRzl1WjJodmNtNHRjbVZ3YkdsagpZUzF0WVc1aFoyVnlMbXh2Ym1kb2IzSnVMWE41YzNSbGJTNXpkbU9DREd4dmJtZG9iM0p1TFdOemFZSWNiRzl1CloyaHZjbTR0WTNOcExteHZibWRvYjNKdUxYTjVjM1JsYllJZ2JHOXVaMmh2Y200dFkzTnBMbXh2Ym1kb2IzSnUKTFhONWMzUmxiUzV6ZG1PQ0VHeHZibWRvYjNKdUxXSmhZMnRsYm1TSEJIOEFBQUV3SFFZRFZSME9CQllFRklkdwpxZlQ5WmxUcVQrYkk5QnhuYnJtS3V1R1BNQjhHQTFVZEl3UVlNQmFBRk42NTNtdVQ0VTFMTlVRUjVtRGlFYjRJCmhpYm9NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUJ5UFdBTzlZbjI3Ym84QmgwbGVKWGNieUpDWjV1aGczREUKdzZuRU9rT3ZndCtkUXNYSDdqL0F1K3F0V0I1b0owY01aOVJjUkhEczZ4ZVp3S2Q3c1FxZE92dVJGUUZ3SW9tdgpDTGd4L1F6TzJucDlQZnNGV253ODNILzM5N3pyNnpSd2thWXRSYlZISGNSbGd4c1orLzhjc2FVZVhXdEZvQWdkCnNMckpWR2IwTWdkc0s4RlJFa2JpUWJLZDd6YXg0RDdzQVFWaUVYMmw2NUpBOG5WcUx1U2ZsWENZNDZGUWs4RXEKT3hWdGFWeE00bS9hWW1tQkxOVklrakMvVVZzL1NadGxrRFNOQjFqaFlkVWkralZvYlZFZURNS0Jhakl1bzAxUwpVWDZXUCt2dEFWZEVVb1Nqc0dqZzRMTVlNWGhpUDlRMnZlK1dDOExCeGZBaHZIRUUzaGo3Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
--> base64 -w 0 tls.key
LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRQ1RhczFGY2hqNk5QcjQKZU1yc0NCbXlOcnJ6Qlo5TEwyZG9nSC9SUllCaFdra3B6cDZkcVNGWS9hbUxVZlo5MGFUaUFyaDZDbDU2M2ZmVwo2bjJVaEthWTVwak52MnFpNm56bFF5bVErc2czWUdtZ3J1K1kvRDZZUVNmR2h2dlU5RzdJUnhwZUVJM3hxQy92CnI1czVUN3pxRjROTlo1KzZCeGVWYTVIT25DeFpvNU9CZHdjWUNCZjUyWEcxRTN0RkxZNlM1T0tGa3h1bU00aEwKSnV1S1FSbVJ1RHVtN3hZbWI3TVdJeXYrdzFCanhodmZ4VEMraC8wT2FnckNkdDVaalM3NjV2UWdhTTB6SVA1aQpUcWVhL1ZIYmV4cFd0ZHp3Nlp2anlhZFdaTVFuNzFUVXU3M3BIMExQSGY1c25RcFVQK1BCQlJqWnYxU0o5MGxzCmgyUFIxaXlkQWdNQkFBRUNnZ0VBUjVYTzdXQ3RHVjg5MmdmS1Bsam1wWUJuUXhqaFZDREdYZHc4ZFZLRE40TWcKMFNEcExGVlRnTVBaSDNMak9CRGtPTzRxUi9VZUVSc1Z2WExzSFlGVzV4dmZhdFgvZ2ZKTlNRVld1M1RVWWZPNwpCMUM3djdZSjdXU0NYS2p5eEdRWUljQkpZUkUzNUhnUUl4dkt6RWRZelBJekRCVDhYdGtQempySXVLUms4dmU3CnVNNkY0TE9tNEhtL0xIWlZteVNpNGhxQkhtSWEzS1diVEhGRGk5ODBqZm0vQjVORWNzV0sxSk96TW1DeS9lV0gKSU9jK0p4Nmk5dFk3YTliQ3ladlBzVFFOazV3dXlTaUQvMFloTVhBalBUVGNnRDlYL2xSRGtKRjVzejd5UXk4Ngpyemw0UU9QMXpSWG04Ykt6WUxCcFpxc2M1em4wcEdrTXJzd2ZXYmxXbndLQmdRREZhQWZQWXExRVdpMmd4WFE2ClFHZkRWQk1UK0pNSGIyZE4wL3k2NkVzS2huc2dEN2tFOVFqdm4vSnVCd3haRXZveDhPcHhzdFU0UjM2YmNHYnQKYUUyOTFyU3BDckpwK1R3OVVmamg0SlB3c1R0bjZvZXNjaVZHcDZGMzVlaFZTQlNnaVJ2L2hEdXhQaThwVWFRagpGS1FDbFhFTkliU3MwNy9oNFdYdzFjVmNYd0tCZ1FDL0xGVUdSSGl4bnNYelJsRkhITHZ1Znk1eSswSmNTcFVnCmFncFN3MFFNRE04VWpybnVIc3lxWXlBbkk4c1UyVXdJUVlFNkU5cEwrWWNVRVVrYUJsU2wyYkNibWVFVkpLZVkKOWlpUmwvejZ5T2Y1WlJ0Y09MdVhBRUtabTU4WVd0bFRaWGJvYnd3RVZNa1N0KzJNWml1SjZrQjlyMnRoOWxySwpMNG16SVRFWWd3S0JnUUNmTVA5clhGWUIwdjhNc1c3RE13RDZZYWhvNklJWTh0dkp4WFAvZmloVnVwRThEN0hTCnI0K2ZQY3NRczVwZmtwQTFDZVRsLzZNMm1XRWVGSXpNVXRxdWhxQjEyV3g3VFVRbzV4dmZlMjJTSWpxWDJHZkUKeHVBTWxFNEFGR1ZCc0xrQnBNL3hSRCttOVZDdTcybC82THRDWWlVaXc5V2hzYmtCZlBUcVBGbkYzUUtCZ0RidwpkSmJTZ3FUNDdnWlZ4UEhjemgxaUsyVWIxQnhWeXJsLy8rdDg5a2RJUHhLM1diT1c0bFp0R2tabFFPMkM3UmpLClNtcjRYWm5MNGdmZ1Y5UEUwZnEvcnNObzI0aUoraWc1UmJ0aHBIQWw0SlNKZSsxcTJHNHl3dkVHQ2hpanN5VUcKV2IrK2VnT2NvaFJoQzBGMzh6YzFQTWRoN0VoQTFpS1l1c2ZoMkF3bEFvR0JBTDBtOW9od1lhK3N0aytQTUI0SgpSaE1WeHNGUzlBRENXQ01jVHFrVktHQnRseVc3S1Q0ZVh4NGRFVUpYQktnaVJURVI1VCtyMzI4OVdEd05HWTIzCmFuN0dHTThCSHJ4WVdKdGtpOEFnNE1scHkvbS9YN1c4bkFjUjZpSGVVWEpPL21pa21ydjR4M0ZKODNJK2RUZlAKLy9QaU4rOFkyR1VHMGNYSzlsbFFaT0dKCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
apiVersion: v1
kind: Secret
metadata:
name: longhorn-grpc-tls
namespace: longhorn-system
type: kubernetes.io/tls
data:
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREekNDQWZlZ0F3SUJBZ0lVTHN6YnlpMVN6dSs5UlJmZkl3TDJlNFkzSytzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xiRzl1WjJodmNtNHRZMkV3SUJjTk1qUXdNVEkyTVRjMU5EUTVXaGdQTXpBeQpNekExTWpreE56VTBORGxhTUJZeEZEQVNCZ05WQkFNTUMyeHZibWRvYjNKdUxXTmhNSUlCSWpBTkJna3Foa2lHCjl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFucGFFbG4xRjFhT2hzekZTcVJ0TUliNWdLTkNZSUhzRml4WGEKZTJiZ2hKRThQdUZ0bUdzekhlQVpBeWNueHM1L1J3cU1ieVBPbDFuL3FlU2RJMUg5QnMvNUQwZk1tUEFQMm94aQozZ3B2cXhRbzZwdE5PMGwxUnVBcmZmKytQKzNqd2RNdWpDMDdWVW9HZUpsbWoxNUpLbTZRQWJ1cURnejEyaDNjCmYvUzg5bWJWeXowZXMwMktTQnRqVm5RRTBlSVdGakg1SnVyVEU0bEJpT1hWbktHSUZnQXYzZ3pxeXZsdUo3VVgKUml5TC9UaVp1VS9aSnFtQlJpQyttWGpiUndlVTRvMW1mNGlrN1dPQXIzY2FNOUUzQVgvaDlMbzhYTXhDM1hqVAphdkZta2NnWXZhSlhicWhqak9VWVhlNmo1UmN6dnNUVk8wOXBsL3RlTld3Mkx4ZmFsUUlEQVFBQm8xTXdVVEFkCkJnTlZIUTRFRmdRVTNybmVhNVBoVFVzMVJCSG1ZT0lSdmdpR0p1Z3dId1lEVlIwakJCZ3dGb0FVM3JuZWE1UGgKVFVzMVJCSG1ZT0lSdmdpR0p1Z3dEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQwpBUUVBR3F4emxpdHVrVlFhUFZENmFZSC9xQ0IyRnh5WW1WU3pBVGJncGlwU3JrZHFBWmJRVUNQdXUvSnVMdGlSCjBuYXFicHkzZ2J6K0IzY1VPZlJjQWpxd2VQclpRMUVOTVF4TUZGZEJ2MG51Tko2TllFWWlKUEVhSFlhdE1IZlgKaXVndTZwcXNmZW56dlROMG1MeGx0eDBycVdXNnFiT1k4OGdVKzA1bXl2c0dTUjdWUldsQ2Yyc1FnQmtteWJHbgozSTBuaFFMVHd1N2Y2VkUrd21GeEhlUDl3OWN1Mk8wbFdMV1ZHTno1ZExybGdDcCsrdWttZDlMOFlPbW1tT3lVCkhVVm5rOGY5Ykk2NG9ENjNNS0M2UU83Kzk0ZnRETFBSRFZxVHBReE5pV25QOWl2M0lIVlQvUS93TkN5OVNYQUIKRzJ3Qm1nLzJ0eFY0S09HSHRCamxlb1BxcUE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZBekNDQSt1Z0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFXTVJRd0VnWURWUVFEREF0c2IyNW4KYUc5eWJpMWpZVEFnRncweU5EQXhNall4TnpVNU16aGFHQTh6TURJek1EVXlPVEUzTlRrek9Gb3dHekVaTUJjRwpBMVVFQXd3UWJHOXVaMmh2Y200dFltRmphMlZ1WkRDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDCkFRb0NnZ0VCQUpOcXpVVnlHUG8wK3ZoNHl1d0lHYkkydXZNRm4wc3ZaMmlBZjlGRmdHRmFTU25PbnAycElWajkKcVl0UjluM1JwT0lDdUhvS1hucmQ5OWJxZlpTRXBwam1tTTIvYXFMcWZPVkRLWkQ2eURkZ2FhQ3U3NWo4UHBoQgpKOGFHKzlUMGJzaEhHbDRRamZHb0wrK3ZtemxQdk9vWGcwMW5uN29IRjVWcmtjNmNMRm1qazRGM0J4Z0lGL25aCmNiVVRlMFV0anBMazRvV1RHNll6aUVzbTY0cEJHWkc0TzZidkZpWnZzeFlqSy83RFVHUEdHOS9GTUw2SC9RNXEKQ3NKMjNsbU5MdnJtOUNCb3pUTWcvbUpPcDVyOVVkdDdHbGExM1BEcG0rUEpwMVpreENmdlZOUzd2ZWtmUXM4ZAovbXlkQ2xRLzQ4RUZHTm0vVkluM1NXeUhZOUhXTEowQ0F3RUFBYU9DQWxNd2dnSlBNSUlDQ3dZRFZSMFJCSUlDCkFqQ0NBZjZDRUd4dmJtZG9iM0p1TFdKaFkydGxibVNDSUd4dmJtZG9iM0p1TFdKaFkydGxibVF1Ykc5dVoyaHYKY200dGMzbHpkR1Z0Z2lSc2IyNW5hRzl5YmkxaVlXTnJaVzVrTG14dmJtZG9iM0p1TFhONWMzUmxiUzV6ZG1PQwpFV3h2Ym1kb2IzSnVMV1p5YjI1MFpXNWtnaUZzYjI1bmFHOXliaTFtY205dWRHVnVaQzVzYjI1bmFHOXliaTF6CmVYTjBaVzJDSld4dmJtZG9iM0p1TFdaeWIyNTBaVzVrTG14dmJtZG9iM0p1TFhONWMzUmxiUzV6ZG1PQ0YyeHYKYm1kb2IzSnVMV1Z1WjJsdVpTMXRZVzVoWjJWeWdpZHNiMjVuYUc5eWJpMWxibWRwYm1VdGJXRnVZV2RsY2k1cwpiMjVuYUc5eWJpMXplWE4wWlcyQ0syeHZibWRvYjNKdUxXVnVaMmx1WlMxdFlXNWhaMlZ5TG14dmJtZG9iM0p1CkxYTjVjM1JsYlM1emRtT0NHR3h2Ym1kb2IzSnVMWEpsY0d4cFkyRXRiV0Z1WVdkbGNvSW9iRzl1WjJodmNtNHQKY21Wd2JHbGpZUzF0WVc1aFoyVnlMbXh2Ym1kb2IzSnVMWE41YzNSbGJZSXNiRzl1WjJodmNtNHRjbVZ3YkdsagpZUzF0WVc1aFoyVnlMbXh2Ym1kb2IzSnVMWE41YzNSbGJTNXpkbU9DREd4dmJtZG9iM0p1TFdOemFZSWNiRzl1CloyaHZjbTR0WTNOcExteHZibWRvYjNKdUxYTjVjM1JsYllJZ2JHOXVaMmh2Y200dFkzTnBMbXh2Ym1kb2IzSnUKTFhONWMzUmxiUzV6ZG1PQ0VHeHZibWRvYjNKdUxXSmhZMnRsYm1TSEJIOEFBQUV3SFFZRFZSME9CQllFRklkdwpxZlQ5WmxUcVQrYkk5QnhuYnJtS3V1R1BNQjhHQTFVZEl3UVlNQmFBRk42NTNtdVQ0VTFMTlVRUjVtRGlFYjRJCmhpYm9NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUJ5UFdBTzlZbjI3Ym84QmgwbGVKWGNieUpDWjV1aGczREUKdzZuRU9rT3ZndCtkUXNYSDdqL0F1K3F0V0I1b0owY01aOVJjUkhEczZ4ZVp3S2Q3c1FxZE92dVJGUUZ3SW9tdgpDTGd4L1F6TzJucDlQZnNGV253ODNILzM5N3pyNnpSd2thWXRSYlZISGNSbGd4c1orLzhjc2FVZVhXdEZvQWdkCnNMckpWR2IwTWdkc0s4RlJFa2JpUWJLZDd6YXg0RDdzQVFWaUVYMmw2NUpBOG5WcUx1U2ZsWENZNDZGUWs4RXEKT3hWdGFWeE00bS9hWW1tQkxOVklrakMvVVZzL1NadGxrRFNOQjFqaFlkVWkralZvYlZFZURNS0Jhakl1bzAxUwpVWDZXUCt2dEFWZEVVb1Nqc0dqZzRMTVlNWGhpUDlRMnZlK1dDOExCeGZBaHZIRUUzaGo3Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRQ1RhczFGY2hqNk5QcjQKZU1yc0NCbXlOcnJ6Qlo5TEwyZG9nSC9SUllCaFdra3B6cDZkcVNGWS9hbUxVZlo5MGFUaUFyaDZDbDU2M2ZmVwo2bjJVaEthWTVwak52MnFpNm56bFF5bVErc2czWUdtZ3J1K1kvRDZZUVNmR2h2dlU5RzdJUnhwZUVJM3hxQy92CnI1czVUN3pxRjROTlo1KzZCeGVWYTVIT25DeFpvNU9CZHdjWUNCZjUyWEcxRTN0RkxZNlM1T0tGa3h1bU00aEwKSnV1S1FSbVJ1RHVtN3hZbWI3TVdJeXYrdzFCanhodmZ4VEMraC8wT2FnckNkdDVaalM3NjV2UWdhTTB6SVA1aQpUcWVhL1ZIYmV4cFd0ZHp3Nlp2anlhZFdaTVFuNzFUVXU3M3BIMExQSGY1c25RcFVQK1BCQlJqWnYxU0o5MGxzCmgyUFIxaXlkQWdNQkFBRUNnZ0VBUjVYTzdXQ3RHVjg5MmdmS1Bsam1wWUJuUXhqaFZDREdYZHc4ZFZLRE40TWcKMFNEcExGVlRnTVBaSDNMak9CRGtPTzRxUi9VZUVSc1Z2WExzSFlGVzV4dmZhdFgvZ2ZKTlNRVld1M1RVWWZPNwpCMUM3djdZSjdXU0NYS2p5eEdRWUljQkpZUkUzNUhnUUl4dkt6RWRZelBJekRCVDhYdGtQempySXVLUms4dmU3CnVNNkY0TE9tNEhtL0xIWlZteVNpNGhxQkhtSWEzS1diVEhGRGk5ODBqZm0vQjVORWNzV0sxSk96TW1DeS9lV0gKSU9jK0p4Nmk5dFk3YTliQ3ladlBzVFFOazV3dXlTaUQvMFloTVhBalBUVGNnRDlYL2xSRGtKRjVzejd5UXk4Ngpyemw0UU9QMXpSWG04Ykt6WUxCcFpxc2M1em4wcEdrTXJzd2ZXYmxXbndLQmdRREZhQWZQWXExRVdpMmd4WFE2ClFHZkRWQk1UK0pNSGIyZE4wL3k2NkVzS2huc2dEN2tFOVFqdm4vSnVCd3haRXZveDhPcHhzdFU0UjM2YmNHYnQKYUUyOTFyU3BDckpwK1R3OVVmamg0SlB3c1R0bjZvZXNjaVZHcDZGMzVlaFZTQlNnaVJ2L2hEdXhQaThwVWFRagpGS1FDbFhFTkliU3MwNy9oNFdYdzFjVmNYd0tCZ1FDL0xGVUdSSGl4bnNYelJsRkhITHZ1Znk1eSswSmNTcFVnCmFncFN3MFFNRE04VWpybnVIc3lxWXlBbkk4c1UyVXdJUVlFNkU5cEwrWWNVRVVrYUJsU2wyYkNibWVFVkpLZVkKOWlpUmwvejZ5T2Y1WlJ0Y09MdVhBRUtabTU4WVd0bFRaWGJvYnd3RVZNa1N0KzJNWml1SjZrQjlyMnRoOWxySwpMNG16SVRFWWd3S0JnUUNmTVA5clhGWUIwdjhNc1c3RE13RDZZYWhvNklJWTh0dkp4WFAvZmloVnVwRThEN0hTCnI0K2ZQY3NRczVwZmtwQTFDZVRsLzZNMm1XRWVGSXpNVXRxdWhxQjEyV3g3VFVRbzV4dmZlMjJTSWpxWDJHZkUKeHVBTWxFNEFGR1ZCc0xrQnBNL3hSRCttOVZDdTcybC82THRDWWlVaXc5V2hzYmtCZlBUcVBGbkYzUUtCZ0RidwpkSmJTZ3FUNDdnWlZ4UEhjemgxaUsyVWIxQnhWeXJsLy8rdDg5a2RJUHhLM1diT1c0bFp0R2tabFFPMkM3UmpLClNtcjRYWm5MNGdmZ1Y5UEUwZnEvcnNObzI0aUoraWc1UmJ0aHBIQWw0SlNKZSsxcTJHNHl3dkVHQ2hpanN5VUcKV2IrK2VnT2NvaFJoQzBGMzh6YzFQTWRoN0VoQTFpS1l1c2ZoMkF3bEFvR0JBTDBtOW9od1lhK3N0aytQTUI0SgpSaE1WeHNGUzlBRENXQ01jVHFrVktHQnRseVc3S1Q0ZVh4NGRFVUpYQktnaVJURVI1VCtyMzI4OVdEd05HWTIzCmFuN0dHTThCSHJ4WVdKdGtpOEFnNE1scHkvbS9YN1c4bkFjUjZpSGVVWEpPL21pa21ydjR4M0ZKODNJK2RUZlAKLy9QaU4rOFkyR1VHMGNYSzlsbFFaT0dKCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
It should be possible to use the above secret for testing until 3023...