summaryrefslogtreecommitdiff
path: root/testing/hosts/winnetou
diff options
context:
space:
mode:
authorRene Mayrhofer <rene@mayrhofer.eu.org>2009-04-01 20:13:30 +0000
committerRene Mayrhofer <rene@mayrhofer.eu.org>2009-04-01 20:13:30 +0000
commitc3e7f611ea8273c6b3909cb006ade4903a74aad0 (patch)
treea5ae5b5059f98c0e5366d61b1b19cd9e70162f9f /testing/hosts/winnetou
parent7a229aeb240cc750546f55ad089022f0ca7dc44f (diff)
downloadvyos-strongswan-c3e7f611ea8273c6b3909cb006ade4903a74aad0.tar.gz
vyos-strongswan-c3e7f611ea8273c6b3909cb006ade4903a74aad0.zip
[svn-upgrade] Integrating new upstream version, strongswan (4.2.14)
Diffstat (limited to 'testing/hosts/winnetou')
-rwxr-xr-xtesting/hosts/winnetou/etc/openssl/generate-crl5
-rw-r--r--testing/hosts/winnetou/etc/openssl/monster/crlnumber1
-rw-r--r--testing/hosts/winnetou/etc/openssl/monster/index.txt2
-rw-r--r--testing/hosts/winnetou/etc/openssl/monster/index.txt.attr1
-rw-r--r--testing/hosts/winnetou/etc/openssl/monster/index.txt.attr.old1
-rw-r--r--testing/hosts/winnetou/etc/openssl/monster/index.txt.old1
-rw-r--r--testing/hosts/winnetou/etc/openssl/monster/newcerts/01.pem46
-rw-r--r--testing/hosts/winnetou/etc/openssl/monster/newcerts/02.pem46
-rw-r--r--testing/hosts/winnetou/etc/openssl/monster/openssl.cnf184
-rw-r--r--testing/hosts/winnetou/etc/openssl/monster/serial1
-rw-r--r--testing/hosts/winnetou/etc/openssl/monster/serial.old1
-rw-r--r--testing/hosts/winnetou/etc/openssl/monster/strongswanCert-monster.pem55
-rw-r--r--testing/hosts/winnetou/etc/openssl/monster/strongswanKey-monster.pem99
-rw-r--r--testing/hosts/winnetou/etc/openssl/research/index.txt2
-rw-r--r--testing/hosts/winnetou/etc/openssl/research/newcerts/04.pem42
-rw-r--r--testing/hosts/winnetou/etc/openssl/sales/index.txt2
-rw-r--r--testing/hosts/winnetou/etc/openssl/sales/newcerts/04.pem44
17 files changed, 488 insertions, 45 deletions
diff --git a/testing/hosts/winnetou/etc/openssl/generate-crl b/testing/hosts/winnetou/etc/openssl/generate-crl
index 199ecf10e..78e91bdd6 100755
--- a/testing/hosts/winnetou/etc/openssl/generate-crl
+++ b/testing/hosts/winnetou/etc/openssl/generate-crl
@@ -36,3 +36,8 @@ cd /etc/openssl/ecdsa
openssl ca -gencrl -crldays 15 -config /etc/openssl/ecdsa/openssl.cnf -out crl.pem
openssl crl -in crl.pem -outform der -out strongswan_ec.crl
cp strongswan_ec.crl /var/www/localhost/htdocs/
+cd /etc/openssl/monster
+openssl ca -gencrl -crldays 15 -config /etc/openssl/monster/openssl.cnf -out crl.pem
+openssl crl -in crl.pem -outform der -out strongswan-monster.crl
+cp strongswan-monster.crl /var/www/localhost/htdocs/
+
diff --git a/testing/hosts/winnetou/etc/openssl/monster/crlnumber b/testing/hosts/winnetou/etc/openssl/monster/crlnumber
new file mode 100644
index 000000000..eeee65ec4
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/monster/crlnumber
@@ -0,0 +1 @@
+05
diff --git a/testing/hosts/winnetou/etc/openssl/monster/index.txt b/testing/hosts/winnetou/etc/openssl/monster/index.txt
new file mode 100644
index 000000000..cd9407ee9
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/monster/index.txt
@@ -0,0 +1,2 @@
+V 390321140608Z 01 unknown /C=CH/O=Linux strongSwan/OU=Monster/CN=carol@strongswan.org
+V 390321140716Z 02 unknown /C=CH/O=Linux strongSwan/OU=Monster/CN=moon.strongswan.org
diff --git a/testing/hosts/winnetou/etc/openssl/monster/index.txt.attr b/testing/hosts/winnetou/etc/openssl/monster/index.txt.attr
new file mode 100644
index 000000000..3a7e39e6e
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/monster/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = no
diff --git a/testing/hosts/winnetou/etc/openssl/monster/index.txt.attr.old b/testing/hosts/winnetou/etc/openssl/monster/index.txt.attr.old
new file mode 100644
index 000000000..8f7e63a34
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/monster/index.txt.attr.old
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/testing/hosts/winnetou/etc/openssl/monster/index.txt.old b/testing/hosts/winnetou/etc/openssl/monster/index.txt.old
new file mode 100644
index 000000000..fbbcb81d3
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/monster/index.txt.old
@@ -0,0 +1 @@
+V 390321140608Z 01 unknown /C=CH/O=Linux strongSwan/OU=Monster/CN=carol@strongswan.org
diff --git a/testing/hosts/winnetou/etc/openssl/monster/newcerts/01.pem b/testing/hosts/winnetou/etc/openssl/monster/newcerts/01.pem
new file mode 100644
index 000000000..2ce2ce3c9
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/monster/newcerts/01.pem
@@ -0,0 +1,46 @@
+-----BEGIN CERTIFICATE-----
+MIIINzCCBB+gAwIBAgIBATANBgkqhkiG9w0BAQ0FADBIMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBN
+b25zdGVyIENBMB4XDTA5MDMyODE0MDYwOFoXDTM5MDMyMTE0MDYwOFowWTELMAkG
+A1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEDAOBgNVBAsTB01v
+bnN0ZXIxHTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMIICIjANBgkqhkiG
+9w0BAQEFAAOCAg8AMIICCgKCAgEAqYq89COSvnLQplrjtSrDyvqvJqXN7mfmgfgR
+yGVG6HVoA3DU/vJPo8xHT43eTIBkT9wxernYxGw7UZwG6iiY3Me7Q82f+2TmX8mp
+dYtP53SWASOHBiLk7d3yJJjCY2GGP8Vb0avJa8GEOy9ZHTOf5HWwMDt9EQKxOzkw
+BebpMLCf2Mi1robNUj/lEgE+3AGfikF39E3JaXhna3mm+7PwO5J5udpxC/rVa+bO
+FPoBoBOY7v4fuq0CV5x5q/bXn9oVWteF/U1fnnOf5Dhe3P057oj7kARsmGk8e0DW
+kk1vTt4jplSg6jhH7izy4OhiqWkR7QV/BMOQBqBd6bw9Ojk12LFZBQulM0Lmtou5
+mGabckTMvtI591UCGNqGMcVDsxFIX2ZMvfScMahS6pUq+hjiR95mwez2Z1Sg014l
+cFg11mzjXGGBFuTCl3smJqRT7UaI6JfjNz1f6p/7z8QhjKChVA/xnJ5yoJWNPest
+2X0psHe3AlocUFRxqnD2ZmNO6IuKN5bmN0O4Lfc50rl2hPATXdh0HC8HvcYbRK9C
+uezkuM1QEvkev5SFbzgivXb1A2hdRCc1/XRND7Pm9sCjjh3tn5otCMnalc1mk5v+
+t8GhCKV6B7RTzFqu+ry0pe6OlqqzU0yNdqYFK1hoCDXUQzEMJzmI9mIw+n6EE3Hh
+fTZstGECAwEAAaOCARkwggEVMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1Ud
+DgQWBBTy8LU5yQdnV8pfwhCPY7q/CiNyzjB4BgNVHSMEcTBvgBQZYq2Wq8b7148Q
+xFb/QGMiQnB2DqFMpEowSDELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0
+cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3YW4gTW9uc3RlciBDQYIJAIORWNru
+S4GuMB8GA1UdEQQYMBaBFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMEEGA1UdHwQ6MDgw
+NqA0oDKGMGh0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbi1tb25z
+dGVyLmNybDANBgkqhkiG9w0BAQ0FAAOCBAEAi39l78OCI9S0I3X62HbkxiLguvnc
+CbXY6Tqmz0Ms8xqZgYzJOk7FLB/4v/zJohOH5nd7KxJ81KbcERyASpybaLM0/V+V
+oGT0rDGGH5cS4H2uYfs9HsKFKKPbZeCnExFyCamXjBZkl5IZNjdpS9TLyXRJSyFN
+OIRNhILPSriqdtzgRuGOeX798U8o0ObizGQRVlT0p0lI4t64dzZbIh3jSXjCf1Tz
+cmVOC8qhhGvxLlorSy5K98t2zNY7DvzwtvoQrNFGtso1kvfmaO4XRCvSZsmqPpC5
+mmWJjNEG2qcbmfpt8TotyUHgEJTZXwXlPVVb5OXHTW6jXk/MN0UiMTLJYcvJ1gji
+kSnGNHzRH2rKlYRED+jlzzHAWSv0mBGcOTdmfBV6+TJ7QhWhLZBzAUfwqXpAy9Vk
+idtyB0eSWBTIvhZY6SzB0Rvkdj0FtZ+tNURT4dPtiO0D+LXm/ojpdKKI2tFNOgwY
+n8df2u3xnCRvHqcF6lvu+ptnwUkUDDGDuiM20+sm0HHhLIj51v8tTm3Q/MzI0BAb
+G4HOSQNDzymWDgzIE67UTxBwXVDbSLkzH1vhFXtZQlD1UHqOUT/4FQm5ZlVMF8na
+FKxHakqoh1CdI8TAmM64h3hp1zp+G9Zn0lfcHRhvWBvpU8mgF1cbEvgbzjd9+xLe
+q45/8xuZPnU7XIBvDcZTUk8LRIThcTxQRlQdI1UJnvPOBYG3mUrLs2UdEZGwsooG
+zMOj3EQwqrR67rQiuGo65IMPDix4mwHjcZ8Gr4eqLDwSUS5yoPX1qI2qNLQbI1Ni
+8PEYMXQ0Xm+9Z86ZkI0dAIBWLkEGkz5Ngqk4O3JLzF1O/XPG4E9hGJ8WsHQW6pk9
++quv5nVNCAO0z6FYfQoYprdbDBur+N/no+BYIcSFSpLcNgafLXgj3I65iJ2VmRi0
+V0xAfxcRiQN2+/7aao2zLrrSPHU8YsW48ISw9ibQ9EckZMVtnhuYpBJuX8+auZ8f
+OgBmgRi7fCtEcMlXsiisQehymMs470eDRfWFUMzgJC8tMOQIWNdYM0Bo29wYUJPN
+jD+NO0n+PisFMilBEyoT2pD1i94+5DWQau/7STb3GbpBsLb7JbIrQEp0oSdsvsNR
+SaJQEqMxepJM0OGp3FMr79s+/a13+TMm+jl65M6sV/YTDdYFlplkWyHDjbL+WjUu
+lvDEURfBJrtT7u673RakCEzl5e53fP01HXFhqgMSloR7j2XNiyCeEUBp+zetXxwb
+8e6IKtbXWU+WcXIdNOHAL+OtD1vUK3gxupJPrRNW6daZKWUDbjRixzXnjeyIw8It
+bRldc5VjyM0G4FMbmIROgRcvjJ74MUwnHpgPl9zQ28HmbxKbANiJJZHIDw==
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/monster/newcerts/02.pem b/testing/hosts/winnetou/etc/openssl/monster/newcerts/02.pem
new file mode 100644
index 000000000..e83798c07
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/monster/newcerts/02.pem
@@ -0,0 +1,46 @@
+-----BEGIN CERTIFICATE-----
+MIIINTCCBB2gAwIBAgIBAjANBgkqhkiG9w0BAQ0FADBIMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBN
+b25zdGVyIENBMB4XDTA5MDMyODE0MDcxNloXDTM5MDMyMTE0MDcxNlowWDELMAkG
+A1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEDAOBgNVBAsTB01v
+bnN0ZXIxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dhbi5vcmcwggIiMA0GCSqGSIb3
+DQEBAQUAA4ICDwAwggIKAoICAQC/9647SgAcK/or/Qs/3cRc19po7oex5EBdPR7b
+vInAuzrVMK84+ifneBWscVhBnxcUI37D0SpKx0onrdskMOyv5nmkdcgQf8931eip
+scNsw8bC8MJsbc5Jfn3DKPurbKK2/uFFE8ot7S65HY9tVBsxKsrjS5YFPE+DKKP+
+BgVk/9hL0Kqq2iKuWTq8YTRMu5iskpLIxqvuz362G46BKoW52pFegeDzpz/Bs/7y
+0oWPRcNcuRQR5XFTpF2L3UosniMkr7aYU5Z8s7IqiEx7txGh5SxRB+TYIZwB1ODa
+L+bnclQeMsBiFqlO9UI38UaxEQgk/+UhgpaX/DPrZg8KJmjW3e+x8xcwL3ouRLy2
+2Z99WMnV6TlwpTKj24EQJALmLG+UJG+hbV9P9j6Mkql3FHb4aLZH71CvyCqeg2yh
+FGiuaGEe8vS9+Dj5LKv8hSbBe/MSQDiPhKT1gb84TiQMsWfxLN7oDXunohnhMZfu
+sydB/c/R/ooA5ri+lE5c65bP2Mk+ml61p6z7lJv+DXBDXW/o4v8Imjx2OMsL85LZ
+vYWJppdJrThd/m4OVnCXYfuHMZqedsIvNR5blnldATLBjWWbeoKhOyqZb8hZ6HFR
+dlJ11LhxnGg9itG385L3Espl+EVcakWBZWrOn5/LGNKZH3UedclEBNci6lSadZaP
+/UfRCwIDAQABo4IBGDCCARQwCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0O
+BBYEFOQpYirU7vrMZUWDkqDijTPuhPQiMHgGA1UdIwRxMG+AFBlirZarxvvXjxDE
+Vv9AYyJCcHYOoUykSjBIMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ry
+b25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBNb25zdGVyIENBggkAg5FY2u5L
+ga4wHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzBBBgNVHR8EOjA4MDag
+NKAyhjBodHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW4tbW9uc3Rl
+ci5jcmwwDQYJKoZIhvcNAQENBQADggQBAAEsjsebEspAIANEBVWRjRpowIJlVSLf
+WKzblIPlhClXafHGJbhiamdtS2FmEh/rkzz3Ml+9cJy1KnB1Pn6+4JLSJe5xAywK
+lKTT2iY0KDdOsaK5j+CNJ2tW9NrJPxwtIz+nGGqqyyEUPJE1FYxphbLgmwFNBm2o
+HyeUVYI+gyfmhyHaXHKOmbsDG0o+pUX2tVOs0KdyU6deaAtEf1E6aA5TpCAi1OZs
+pdRDXFUfjdekRkfRr1PZ41Xwk3t6E32YhIE++r7QneQPhXymxVO9nepmpuSoHvlX
+Hb4JN2EQ0zCkkkOfqCuF46zVxsR46/3cfKbRsaVmdfGjvmDSCDI47AreluYiPTGA
+zN4XN91Y5rPZuT9OJYV4UrYv9N1jH5StVmSz19rbYOeozJXX0PBjdCKHEonD1FHY
+xWRpijVUG6NWVLKpvdg3RiFw78wIrNPAeVDvLL+112nbszNDNLSoOJjOUBySHJda
+WYFtg2IoAUis9r/o7uykNcC6KiU4Y1nC8PEIhMi4AMA9UgBCn4ixYtHI9jkfHcrD
+O1kvPRUo3hKzrhftLYtfiBfTEh+3Xab615lt5vNNhdI7d4knqUXvVdURtvlfJLZv
+W0YdvwjJtrVJAiCtX3wyxy72O1ZOG5kHCcK5oHUHg5W172rK9hK4LByk5ESqtc/t
+YDG7TmZLtUceV5yK4gz7pwIwXthA8yayRy+lbk8BFxRMfOEfb6rPdm0vvmPpHHDu
+yHR5SJTgpGo+/I8N1zS6PNeUBh0RAbSnxHJSMLn+GYTs8s6Atnq05SIuVYxvXyAQ
+ULf+ppNN5lngSZHPaOFJNpC1QL1+DdMNueDITVxYx5DV8SkWRPhzS77tsYeUxVGI
+IpUVEqSggGe6Q4YWv2smAjSeqaS5HNGxstE+Ybat/cp9QMbLc7gwKxwRQHhVRZ5O
+0rVq2bZUyly8y4wX8G8WFMNuCoAcHAdMvKh4JtmdDDZlbxdC2mSVbLSuTBfGvKc1
+ScwOBtSqQkm9PsTMitZM31s97WJLQIZbq82g2ns7hfEXMMIgzcFLYlM1SovbDZI5
+ZM63NBVTaKyj+Gxy8FcAPBPtPWwAQT+Gdi8gFwtcEilTOBECL5y0hzlL9aJpsJEq
+4KV5nnM5rutUufiYzQMZqME3g9VWk0kQteVpa4x+4zsKH9lJSSS/y0eCo/jArS8l
+HSmzUDkj2cWmf/azdrcig7g/mHeEbKu1JH1X5lRdZekqcRCW6v1OjP025B/5nSnL
+WYPUI9RLb01fmPjWdrc4+hPnHjePp8w6tuM6U6huMCwstnOel6d2FL5hOWvXNmIH
+I+8zv7SHhIWQmUbC0YQn8BFqvqDC08In5x42YiTe+42YEtafkTkbY8o=
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/monster/openssl.cnf b/testing/hosts/winnetou/etc/openssl/monster/openssl.cnf
new file mode 100644
index 000000000..e5a716f28
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/monster/openssl.cnf
@@ -0,0 +1,184 @@
+# openssl.cnf - OpenSSL configuration file for the ZHW PKI
+# Mario Strasser <mario.strasser@zhwin.ch>
+#
+# $Id: openssl.cnf,v 1.2 2005/08/15 21:25:22 as Exp $
+#
+
+# This definitions were set by the ca_init script DO NOT change
+# them manualy.
+CAHOME = /etc/openssl/monster
+RANDFILE = $CAHOME/.rand
+
+# Extra OBJECT IDENTIFIER info:
+oid_section = new_oids
+
+[ new_oids ]
+SmartcardLogin = 1.3.6.1.4.1.311.20.2
+ClientAuthentication = 1.3.6.1.4.1.311.20.2.2
+
+####################################################################
+
+[ ca ]
+default_ca = root_ca # The default ca section
+
+####################################################################
+
+[ root_ca ]
+
+dir = $CAHOME
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = $dir/strongswanCert-monster.pem # The CA certificate
+serial = $dir/serial # The current serial number
+crl = $dir/crl.pem # The current CRL
+crlnumber = $dir/crlnumber # The current CRL serial number
+private_key = $dir/strongswanKey-monster.pem # The private key
+RANDFILE = $dir/.rand # private random number file
+
+x509_extensions = host_ext # The extentions to add to the cert
+
+crl_extensions = crl_ext # The extentions to add to the CRL
+
+default_days = 10950 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = sha512 # which md to use.
+preserve = no # keep passed DN ordering
+email_in_dn = no # allow/forbid EMail in DN
+
+policy = policy_match # specifying how similar the request must look
+
+####################################################################
+
+# the 'match' policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = optional
+localityName = optional
+organizationName = match
+organizationalUnitName = optional
+userId = optional
+serialNumber = optional
+commonName = supplied
+emailAddress = optional
+
+# the 'anything' policy
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = ca_ext # The extentions to add to the self signed cert
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+####################################################################
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = CH
+countryName_min = 2
+countryName_max = 2
+
+#stateOrProvinceName = State or Province Name (full name)
+#stateOrProvinceName_default = ZH
+
+#localityName = Locality Name (eg, city)
+#localityName_default = Winterthur
+
+organizationName = Organization Name (eg, company)
+organizationName_default = Linux strongSwan
+
+0.organizationalUnitName = Organizational Unit Name (eg, section)
+#0.organizationalUnitName_default = Research
+
+#1.organizationalUnitName = Type (eg, Staff)
+#1.organizationalUnitName_default = Staff
+
+#userId = UID
+
+commonName = Common Name (eg, YOUR name)
+commonName_default = $ENV::COMMON_NAME
+commonName_max = 64
+
+#0.emailAddress = Email Address (eg, foo@bar.com)
+#0.emailAddress_min = 0
+#0.emailAddress_max = 40
+
+#1.emailAddress = Second Email Address (eg, foo@bar.com)
+#1.emailAddress_min = 0
+#1.emailAddress_max = 40
+
+####################################################################
+
+[ req_attributes ]
+
+####################################################################
+
+[ host_ext ]
+
+basicConstraints = CA:FALSE
+keyUsage = digitalSignature, keyEncipherment, keyAgreement
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid, issuer:always
+subjectAltName = DNS:$ENV::COMMON_NAME
+#extendedKeyUsage = OCSPSigning
+crlDistributionPoints = URI:http://crl.strongswan.org/strongswan-monster.crl
+
+####################################################################
+
+[ user_ext ]
+
+basicConstraints = CA:FALSE
+keyUsage = digitalSignature, keyEncipherment, keyAgreement
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid, issuer:always
+subjectAltName = email:$ENV::COMMON_NAME
+#authorityInfoAccess = OCSP;URI:http://ocsp.strongswan.org:8880
+crlDistributionPoints = URI:http://crl.strongswan.org/strongswan-monster.crl
+
+####################################################################
+
+[ ca_ext ]
+
+basicConstraints = critical, CA:TRUE
+keyUsage = cRLSign, keyCertSign
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid, issuer:always
+
+####################################################################
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+#issuerAltName = issuer:copy
+authorityKeyIdentifier = keyid:always, issuer:always
+
+# eof
diff --git a/testing/hosts/winnetou/etc/openssl/monster/serial b/testing/hosts/winnetou/etc/openssl/monster/serial
new file mode 100644
index 000000000..75016ea36
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/monster/serial
@@ -0,0 +1 @@
+03
diff --git a/testing/hosts/winnetou/etc/openssl/monster/serial.old b/testing/hosts/winnetou/etc/openssl/monster/serial.old
new file mode 100644
index 000000000..9e22bcb8e
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/monster/serial.old
@@ -0,0 +1 @@
+02
diff --git a/testing/hosts/winnetou/etc/openssl/monster/strongswanCert-monster.pem b/testing/hosts/winnetou/etc/openssl/monster/strongswanCert-monster.pem
new file mode 100644
index 000000000..03b57243b
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/monster/strongswanCert-monster.pem
@@ -0,0 +1,55 @@
+-----BEGIN CERTIFICATE-----
+MIIJ0DCCBbigAwIBAgIJAIORWNruS4GuMA0GCSqGSIb3DQEBDQUAMEgxCzAJBgNV
+BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJv
+bmdTd2FuIE1vbnN0ZXIgQ0EwIBcNMDkwMzI4MDgwMDUzWhgPMjA1OTAzMTYwODAw
+NTNaMEgxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4w
+HAYDVQQDExVzdHJvbmdTd2FuIE1vbnN0ZXIgQ0EwggQiMA0GCSqGSIb3DQEBAQUA
+A4IEDwAwggQKAoIEAQDL3Cy8fYlD/Lqc6vXnWakywyvB7rouV7CIdxZMGHz/6zO4
+4sZaeqWy4Fmp6zPuLI8RtxsIyrZAJzqnTDNRb6FhosdluTy/QL2N+M2U0fKeRjAd
+2IInFOabqSSheB8Np53xK28oZ3xe75vbpSRiqGItmqZHioFPpNV+gRv2NC2NSUqr
+ta9aRo35m2ZyQuav4+oOYalayApZWr44w8qQJRILvFo6jc7x5bE+LgFNRfe15/MY
+dyrabatILkOucP61VE7QqftLj465w1GG3kzyt4PsX5FKkSkhs3wMnQKLJyvxUIlk
+sC7m/NzABRAEAfLAODJJ9indUCVjcLDC81avQPoHOSD736hkYpWRnlrgvu14q+5d
+kBRvyCQu+SoBPj0oMtEEdaPk7aBGjXDvKkeJAZYEcOP8h9oKUQjwYUQhQ7Np0f33
+YBaQSCv/6kfl+260XXMWQrQd4iDY17x5H8wA6mncTQ01JHIJy5pixXt09dPmWaAh
+qZWaDbkSLslO05zai45QpTFQ2Qtw3d6w5BY3u2bREB7HnyFfZF8n43pvsInNv5pQ
+HLVHN5/TP/YVwbZj4UXXgAjkL/4t6DGELk62VkrxB1dQDopimFRmaGctAGWbo8ro
+UVpGDXnSHCn9SPmEqeetK1fJHcCeQskVFakIB3qdRJM+rsWcOFA4c40D6uKyvLHe
+xZbqaOjpL2r9vfuzMtbUMUinZNBqVf7dCkxY02gdi1HpTB5p1VBSRbXdaC1Zow4O
+Rn2Ekd6/lr5G45S8ljr7EeGnAUKFOoyU8F6dYmvgwBTgNwQsGa+MbWkuaaxuIq0f
+/e3J3PYkdQ+7tNXPsqoDXcOtc0ZPlBRwDx9Js+qh86e5HKh85DzBjjl97giv/3PC
+Ek6imgHhx0QsulWUfGzls+sd3SXf8azBFt6Jh7lUJQafNH++fLZvryGYa2gjEn4V
+Cwr8PTaWLm5TwgHlyJTH8Zkk7yEVZvzJfs6UC8tEaYitmAb8e9cYTztA0e4gPeY/
+9UTyb0XAnol368DGKi5T5L1x1NVHkPc5zVXcGUvUFpEd4q4aJWj9xUyskt13fl8V
+9BOKc1BJZUdCkxRSt1wF4tlcFs9EVbOoYOT2+KJiaWB59ke+O7HUxnjFzNfPFLO9
+ItgNHhahXrhX22e//B9QhzQ5O29UhXpX0y624DK/e/bj96c6ve5NqDIcZdOyVduT
+XiEyfUpP0ZjvwRbS42A1VYs34ELBt5ntUhRvgivXAbBnC19pv/WFurMzaxueQgjh
+e/TUX1FWXh8zq5qPvASxkupdo5GOrcjn6a8zTmRPS6V8jVLQmUHMsCsyFcVUECsL
+99wet1nlFAloL59Z6Cjj3LkyLpeIG/o4ItGEdw5bAgMBAAGjgbowgbcwDwYDVR0T
+AQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFBlirZarxvvXjxDEVv9A
+YyJCcHYOMHgGA1UdIwRxMG+AFBlirZarxvvXjxDEVv9AYyJCcHYOoUykSjBIMQsw
+CQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMV
+c3Ryb25nU3dhbiBNb25zdGVyIENBggkAg5FY2u5Lga4wDQYJKoZIhvcNAQENBQAD
+ggQBAHcfJo343EP+u0T1DTa3oJbYtqON1F7UdkJcOUxRhp4HFlPEOFxSnHU5Qi2f
+hzxWZTQEKI2q62AXdyHDygI44dCpSFZNPcZHdwBl26maMHubv7JXFl7TWupvki57
+71ttz+0wc5iU38g3ktVkrcjzUiqKU2BXnvIuLteOHfnSMGR+JG0v94nYl60EEtZr
+/Ru0Orcq93mrQyih4MZMrcssNBI+2HSFmjITBSGAz9G81d/kojtCEsmY37dqpkqO
+lOo57HLTUzuMHW1W+c7wCLAl2rhy0xIJ/t5XpNBvPzc7xKZex01A7kKIcUV5vlvj
+8+NTuMF4NAZjgtODj0Z3kKsxaIlq0O1+SfubdnHE9pNZPXWm4SSW8w1C+n1+MAA2
+RpK7T1T7BiOQD2fSKsCPvocefiWFOUuHkyRPG5vE0Ob5XH5qT5R3xTq1ta1cpxsA
+Rq0s4QHYePZ+gU/7edI7LvZtueOGL4BeR1TSIcbij5+LfFlIjz9ETp3cWc5rxjsm
+xBGeHyCslH2EKuufzg5czqmnTdwC4zGNVUyn8c5YUVpOxEZOpnrrGpR7xCHG6n0s
+PFpXRuSp6JHSDVCFkJLLrIH0MNmXirgsNLQEOX3WBPeK2hj9X3kzV+iRd5YXqBld
+6x1Jnx66iNhJyKHDXfZ84PIZzxaKrDrR35PK3DsZUATx0l56uBWAY3n1Zl5ZrWkd
+c66yvP8/WXqO1IctddURFn1ohkkbCVd8ke45ZQoyHIb+cC2gTU53aYNNAZDHh/C/
+MrU7+d5yH29dLjtv+J3JrDwdtBLMZa4RcIOZxhk7MhheNW3K+Q5xpKrdsqourQ2T
+vBwEmrfiLHRb+Hk8UbPpDW5m3yaXYmn8bQinkD1BP2ru/f6r4Rj+aAtNvz8ofgAg
+RcUcD+jeIDAEWnFCKtHxtp+fLYm5npnwfyCyOID2Lr3K1Z7SpqzoYYq9bfc3AdtL
+uHr9RSjdfsuG0l44xESwC2+Pp6rHwvAIPfPgcZiOX1GObytxXexWYCy9g/DKmUVv
+inTJNjHpH48ffPmCBE2LoylgBv/dSmf6hQSf5lqsKQ3tKApJv8t0oO6jqyvn+aqs
+CTi4WALKhZn9YRKRzcwzYVav1g0fHkrwRQxv8TRM0tYWZ5V01qgumxD3L/37vqDR
+8bx9KvgiF3DbP2q8IbVuVMLwjU6xPH+5sWJCS0Cx2haW1oVw7ppd9sgAkj/wxzt8
+9jl/bx3rD3YwoobFvqry0Rhe4J1LidAAKX+E69c4GwoTIe3eqL/TYkis7YIFLjea
+cm2lumjrrFcnbZLvDK5S/+kfZ2Flt2QoUznNeTTNY1nAnJSgqOgOocvyYDA9vx6H
+d/Fp6btmZH31IEyJrRNVOpCwZPI=
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/monster/strongswanKey-monster.pem b/testing/hosts/winnetou/etc/openssl/monster/strongswanKey-monster.pem
new file mode 100644
index 000000000..8d24aaecc
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/monster/strongswanKey-monster.pem
@@ -0,0 +1,99 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIISKAIBAAKCBAEAy9wsvH2JQ/y6nOr151mpMsMrwe66LlewiHcWTBh8/+szuOLG
+WnqlsuBZqesz7iyPEbcbCMq2QCc6p0wzUW+hYaLHZbk8v0C9jfjNlNHynkYwHdiC
+JxTmm6kkoXgfDaed8StvKGd8Xu+b26UkYqhiLZqmR4qBT6TVfoEb9jQtjUlKq7Wv
+WkaN+ZtmckLmr+PqDmGpWsgKWVq+OMPKkCUSC7xaOo3O8eWxPi4BTUX3tefzGHcq
+2m2rSC5DrnD+tVRO0Kn7S4+OucNRht5M8reD7F+RSpEpIbN8DJ0Ciycr8VCJZLAu
+5vzcwAUQBAHywDgySfYp3VAlY3CwwvNWr0D6Bzkg+9+oZGKVkZ5a4L7teKvuXZAU
+b8gkLvkqAT49KDLRBHWj5O2gRo1w7ypHiQGWBHDj/IfaClEI8GFEIUOzadH992AW
+kEgr/+pH5ftutF1zFkK0HeIg2Ne8eR/MAOpp3E0NNSRyCcuaYsV7dPXT5lmgIamV
+mg25Ei7JTtOc2ouOUKUxUNkLcN3esOQWN7tm0RAex58hX2RfJ+N6b7CJzb+aUBy1
+Rzef0z/2FcG2Y+FF14AI5C/+LegxhC5OtlZK8QdXUA6KYphUZmhnLQBlm6PK6FFa
+Rg150hwp/Uj5hKnnrStXyR3AnkLJFRWpCAd6nUSTPq7FnDhQOHONA+risryx3sWW
+6mjo6S9q/b37szLW1DFIp2TQalX+3QpMWNNoHYtR6UweadVQUkW13WgtWaMODkZ9
+hJHev5a+RuOUvJY6+xHhpwFChTqMlPBenWJr4MAU4DcELBmvjG1pLmmsbiKtH/3t
+ydz2JHUPu7TVz7KqA13DrXNGT5QUcA8fSbPqofOnuRyofOQ8wY45fe4Ir/9zwhJO
+opoB4cdELLpVlHxs5bPrHd0l3/GswRbeiYe5VCUGnzR/vny2b68hmGtoIxJ+FQsK
+/D02li5uU8IB5ciUx/GZJO8hFWb8yX7OlAvLRGmIrZgG/HvXGE87QNHuID3mP/VE
+8m9FwJ6Jd+vAxiouU+S9cdTVR5D3Oc1V3BlL1BaRHeKuGiVo/cVMrJLdd35fFfQT
+inNQSWVHQpMUUrdcBeLZXBbPRFWzqGDk9viiYmlgefZHvjux1MZ4xczXzxSzvSLY
+DR4WoV64V9tnv/wfUIc0OTtvVIV6V9MutuAyv3v24/enOr3uTagyHGXTslXbk14h
+Mn1KT9GY78EW0uNgNVWLN+BCwbeZ7VIUb4Ir1wGwZwtfab/1hbqzM2sbnkII4Xv0
+1F9RVl4fM6uaj7wEsZLqXaORjq3I5+mvM05kT0ulfI1S0JlBzLArMhXFVBArC/fc
+HrdZ5RQJaC+fWego49y5Mi6XiBv6OCLRhHcOWwIDAQABAoIEAH/5PqgxElt4qtlY
+8neCJKI2PSDoMT5oU+zG/VtVwBqT1wtIaQZhmeVZy0/M0/O/SyzuymzRfGl3du2Q
++2Iy9pcpLY1hJI5XIOef+cZjqa/MFeaWhNXt2/p5ywIGO1BCGfdMseImXL/oIOpY
+mCfK1p8URy//9b8+lbttZ1U+Wh4olVSHoIXGZtf7wusVrmVaaRMQIdVYYI7JVUKj
+PmUQsGxnmCjL3s6hx4tmK/ELbD5oVoXUQTWPxQdx65D1ZCAGxddd7d/4Rbu9rk9A
+/AMeSxW2xKmPyMdcOhJc+jzKoV5ClY18wGTG9fkg9HXflzktzfv6KTvCVUZAduZb
+Bd7MpmikZ11WgQpLjOM2CoytrrujCub3TK0Dcht+1Oyk2pWCmQ34n6NVvNitb+jj
+nLaYJUmyaJyd17XEOx1TogZTzqwuZATH8EIw3FYyB2KLXWqig13FD/b2fnJBtBJB
+cLpebYgbYqAqueAGTWuV1zOMIrKnLswS/lQQK08LydnPI9dZ5kQf/35mUjVPQr2+
+4WepIBk7yma8MaIFi2qp9bFpnIhpsIB8FRyZAZ8Gtv/fdBTtVP+8Y1iD/EdrTLJS
+s5zpPPBkEF60UhEk2U7UWXi5mA+FWhpO/6GcUg4hGgbjqaerVUGzRM9++u0etcaj
+q1HcCA/z/Y9K/chc3ZciirKb4CYdCZ/84QjurI13yubhKmODHBS8hsn7fPLroymQ
+UkbREZwLYHii4LdesnWYuDn85WCM3uroiKtgCTTKMMTBbuZhg6Z89xy+Hr1gn/6l
+VJ4W2ZfKgzKMAlcz91bqHZ2EsdMmvl78iFye/WjQe38hj4Ccgub+wGOIsdo4tWKD
+phL5kGbUI2PNhcERva710o4K8KwMyfhZ5iRbE51TiCv1xlfaYh+kwSKHh49j14TF
+P7Xp42DRAR4RYW4vs2krXQdoTwBMzC0DyWz0tSMU13XQsuut7A/rvhF8oUswBKCt
+UfZ0LpDJd67jMKQ+8ccvax4Zcapv0Ifz7xOfQVQGEyKtpt32d3qgBbvDpq9BHGst
+ux0cHi75g3aKpxZYSPsqRea0sKNdj84e1xUPc8JQGT5i4KrGof405OqnkOi4sl5z
+WLD+9Y8hUzXE3UJ3DMMeQqddmAOS1LuSG/XOsAoM78ukBKv2yfYOcOZNCCJh24GE
+KzHwLG5/AemObThqO2ztqttmcDlrKhg0VGngAXctxluCWPRHXwKrwtaWMsqadCQJ
+Na3DigjXmuFteBX8Z5Jbw7pJtiINa9w3izoGQdM3vi99DDm22YjxpLBpB36eMoq4
+Mv0pgP0okjjZWmDZ0lTiGFHpzSTSZ5MzXKS/brUYX1WoUA83qwU9NbZ3vuniMuLZ
+ksk9lJECggIBAOdVcKtE/7DHHj43W37T6oNxLN/L4nHIR6bQL02UPWuQpe9Ch4vi
+ETDQiKGOw6fcz3+GCeCMQSPQJ9SZZOUKhpu0vkKRWSIg8JSXYu0ViaHo1SSUb5Gr
+vDVcE2nmZI0ptf7DcP0NUPAKxCTM4ForSIgjPdyTXMYCBYcDe053y5Svebx1q9Vo
+OzKtu0Bn7YALvRY82w3KKhRlR3TGOFPnLiKE7/K0EyrFV1OIRskLbtUVoeMQgaqH
+P/UhDHz84JjeoE0xtwgdDUMejYADr/h7fjtixvqnEXZALlaTg+sO/aQ/e2Jlt43a
+w+lJRBeujWQg59M9BTs7naLILB2o3gQJmmbs0uE1l7iZkEU4LsUPf727rfStZhqq
+lQr/3XX1lFnYPAuY3fgLqnV8eohJVakgMmi7mj/ZjpjoUKk2W3Us1N/ro2bgFfuI
+IntWYctiGK3XOQ8WicjDySe3lJa+vfKrCBBAugH3pcmj1p+I7fhRDtc8ogeI5GkU
+urQQ9PJS0ArRw4soYo3khnf7vB7Ioos846sfPlgy4OHbyiu81l04v7+e6svoWKPb
+TYyKW+qQpiKMb2O/5wqtvYTGlPM2MAUvYgVI7WalGjcbKtQ2q/uRjZzzFLyPo+7e
+/6fqwuPXerAAVCZYJKGt2RGnmhxVm3eRkOXF+MXPejlh2T80iKP0diqpAoICAQDh
+mM3Ppvsb61tQUE5bN3iQqr2AO3PKb3Nz8C90R243Qkz+OFwc75kziQL3IbcmOxJY
+Wq3T+KQIkX1aDNwU/ip3Qf3wpqbtxlpzJpgYQpAEzFdEKzP36rMYdxekskeesVIu
+s8v/PxYwJztfaHxeTuxsEDB7uxg6h9IkypY2w/vdpruKR6XOQSxKyxekLkRK2JTW
+lzsVUt0VQHhIt65D7I8sN6RJaOhQpSnCVblZo/HrEN4pfkSffk3AUyd+AS2xjRa8
+Yp9FB/TRabC7kgWTIrBmXSWalR8K1B4y1DGXz9x/KUT85Id2k+kDC5y00FVtqsaQ
+m6D2UkR0XLnvdCAj2Iky8HjSYuvvyoi/BaHJfLnw/S/j542yQxh55Z4bneH5wYgJ
+KBU8KGTtuxP0RC1AmalkCWViWadItTP7mPtq5YbvyCoWNJEvQx7JbLVyYkCcFOY8
++aNfkdhEMCQvLAkmwMqHwrVdSVHOic+kS/amVWtRjQwZJ7AIVlcIfLkTI/vZN+oV
+58jqBruIDjW8zN62QYa/D4os8B7vyv60p/v4LufCThgtFiB4MevlD2LNjR/0q/nF
+zsuFRKV4pfP8gtLEzkcfj827nGzOGT/1B2SoB+YJxNR3rfLloCvMNKvKtf60idRY
+jAH5ArX56HH9XOcKeKalu0fvKAE8+sbxBNTaK3B3YwKCAgBSlziAjUPUc2Kix9TM
+tRAXGYLx67LO+LhMICujQPekvaHgiBoooO+ORAVj2LqV5cnXN52zI5/mD10JFDLn
+axif4qnCzm3KN4RtKJdTGctnmN7wDma+1Vd+nX744h6oH2owqMpgLi7lZJKeqN64
+kpd0s1BUve/zaalbiKyvWSm/zd5ioIhWyr3H3CrsVa5/drFtjRCQHctkOLyIPnTB
+z9myzU91kUD+ljIVSqQrBv/s56pCjRQeM+drtv7kaMwvB9yncsZsCSNBAVl3iNl8
+l2p7/UoZFyiu1T81/bitZU69I0UD3ljoNmCXm2bKJbGpO+5IhpKlkSU4hsrpU+7f
+9iW/9XFcomumpnzRmbto852hua3jmzzG7HwFz0/b22+5m+/kHBGzi0ayZ1y/557D
+oREeP0xU23GDuf2CTDve28CsqU5PXlW61eGpsy97E2zIM/zVHDDZEr1whqRwJW1f
+hBx+4P0H0sjH8syfbJ25eAcaZTVcB021DoeR3jP1iAdqtXVg62w0SJCRqbiCLROL
+LpQB9kel6ZRMTtIhR2wpICelXDFr12o+Jf/L22Hxnu8Rip4COPNd5qWxD80CACio
+0T/nrx/C89MmNXbXCSXhzReIH2kZ4RagI9GWu8QU4EuXJqbkgbeiWZUULohg8Vdu
+GvRmdIXa6bYzYnHTlQfrsU228QKCAgBlZVibzGFw2wffwTh2pyf5XcRurkoM4qrx
+oTKzAKf5DkOsv4gnOUmScDJ1ASJgfIxySc93Rnnzn/DHWKBSjypnD7IjR8QfeteM
+ifwyazhv76gJa6Gf/E0i4eQukjK+kNRvSUCXKLPAUOHOsBe2C6MXru8bravmIsXA
+441AcDX0GcyRCkLrwT83HrExidoICfBbwv07SFM2ChQGGwioXtq69QdSN2SzWoi6
+X+0+7QD+tkYkQCx3wz0PBFDrwXvYIaHmai1LyZevx+E3bRo0V5MRbyxHnl6lb1Fj
+ZxwjL7nbLaFkSRLZqQFB7SYx3rGG6Qr2U/y0uaUq58JqbbdEZT7FNnAXn36L+Gwd
+71oYRYcNWb78oEZ/qMiHgTzfDMdUijeqZemlcEJs13jQgRQVxPrti4uV+NXHSCpl
+Gw1lrmRHwZ+o+1eF9pUP01x6XM7NWFdjcJCNk++wNjMNQK2cTWq6OjlqBFpQioBZ
+SAtEF4B01wBpDf2Awc28ctJ8V+AKcac00UjsZrpDHJ/qi+pN4IW/uixQplxBSuvQ
+JvCJTAu+uXsESL2vSEDOY2v1F0kVn3ZUAe5Xp9L3tx9Cj0pMSqqM9QVzHYuJ1q94
+YipLm8E5As68O+LAco086y+LnOEuJATdB5Cbayx/dopFZkwx2KiONO7P/xsPXWet
+TI6ewId8IQKCAgEA1tzZKsVfohvP9CYa67EdkJ24HWEzmiv+8Y1/UZZXi4PTpBNt
+EdgE3cc5K67aSzTV3yuLFCQ4xCrnMYo5ZdOEQAqkApW23M/fOkPQA1oPcmNVLSVb
+DrXtjTk30ILr3jWG7ekLiQ2RrtGVzHTZd9mQL8uOL2+cDbkwR+gG38GR0V9TKXOP
+HtnuSezc0B72SMs+TaTwZXmt8d603ImLAwCUj06PZlknySP+SFUn/P20cDyZCeHu
+lKqONhsR5zJSXg8twJvEHuBK7ZtgoGmuQYIGSREiXZPl000+DQ4Tu6OF2CiUYl0C
+2zCyuoBFJbEcTdvoQMcf1TZZ7uazCy9HkvK+KL/y+VVkHmYrrNvWZ2e7/dsca/Sp
+ma1+ABfb2GaIWp97SNVNhmSAeEHkJVfKY7Aqlh5blGorXQSd4pxkjBWo+gY9ZNgJ
+S3weoP2GSGTY+gUf1wCOhUS/738ee+af+4iGonIsdKV8IFOlnLH5rC+MFF0eBNBb
+SuzYn8rl8eoZFIay/kivyx5IBU3d02If4a7vs4rMnPVX3Y0TFSa33Q8T9ykew8vQ
+UJH9ZJs7lRPNB+x7GimfvLajR8jZB/ezYVpJ+gT5fkEgggBtJKpuDtPYUxFb6fld
+T+9VoObYb60kv3hAomX9DmPAAHdJL0cPI+A97k4LLwj2gk3hMivjXWexJmw=
+-----END RSA PRIVATE KEY-----
diff --git a/testing/hosts/winnetou/etc/openssl/research/index.txt b/testing/hosts/winnetou/etc/openssl/research/index.txt
index 05e38f050..26e68d4f3 100644
--- a/testing/hosts/winnetou/etc/openssl/research/index.txt
+++ b/testing/hosts/winnetou/etc/openssl/research/index.txt
@@ -1,4 +1,4 @@
V 100322070423Z 01 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org
V 100615195710Z 02 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=Sales CA
V 120323210330Z 03 unknown /C=CH/O=Linux strongSwan/OU=Research OCSP Signing Authority/CN=ocsp.research.strongswan.org
-V 120418092554Z 04 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org
+V 140323203747Z 04 unknown /C=CH/O=Linux strongSwan/OU=Research no CDP/CN=carol@strongswan.org
diff --git a/testing/hosts/winnetou/etc/openssl/research/newcerts/04.pem b/testing/hosts/winnetou/etc/openssl/research/newcerts/04.pem
index 894bf7dbd..f586a9414 100644
--- a/testing/hosts/winnetou/etc/openssl/research/newcerts/04.pem
+++ b/testing/hosts/winnetou/etc/openssl/research/newcerts/04.pem
@@ -1,24 +1,24 @@
-----BEGIN CERTIFICATE-----
-MIID8TCCAtmgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
+MIID+DCCAuCgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA3MDQyMDA5MjU1NFoXDTEyMDQxODA5MjU1
-NFowWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
-BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR
-dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO
-dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u
-57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw
-5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI
-hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC
-AwEAAaOByjCBxzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQUi6jZ
-/eq7FoNJDiWP3Mlw9iaZzyIwbQYDVR0jBGYwZIAU53XwoPKtIM3NYCPMx8gPKfPd
-VCChSaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2Fu
-MRswGQYDVQQDExJzdHJvbmdTd2FuIFJvb3QgQ0GCAQ8wHwYDVR0RBBgwFoEUY2Fy
-b2xAc3Ryb25nc3dhbi5vcmcwDQYJKoZIhvcNAQEFBQADggEBADHYFhLgIo3jrKcw
-bmfkqHLrwI0sHgyJJrEf1hl3cdc16VdKVW+V3qMwumdlMobK20yTRtW90x1ErULS
-RClHlQ5UtDubtQTwjcc6Uc8tOcBdAAH1SQk2xLikxQq19UGFpRRA0VxDXzF5yXnJ
-oM9mJZvgscQZeZPqMEXd3yQclK3Ouap70zE1J8kcyT/yrdkTM3nMbiq8aPytr3Al
-njoW+ToTsDqcTZYWeF3A3tfSZ5+AhlValx1btbcNPZVjjhBx46knOrOFeQLE5f5C
-3XYxVaWPX7hcjfQz/e3T4Rnb8nVQqoCnycUPfYxG/4z7pp/GplS/MEuMNNGDhSsI
-nTjnJgY=
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA5MDMyNDIwMzc0N1oXDTE0MDMyMzIwMzc0
+N1owYTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGDAW
+BgNVBAsTD1Jlc2VhcmNoIG5vIENEUDEdMBsGA1UEAxQUY2Fyb2xAc3Ryb25nc3dh
+bi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPqE4le5QodSA+
+NXnQ1IFI0XWcBDDwQDNcQ6qMScSCaboPFCLrlC9E70J2eGeX2v/UDTQpEOxQ4fGX
+Efk0/MdJjnWGAO95jEInNJ+DuexfrP5REiryKDfryA0d6xiQb/a2M7UuDgxPgyZf
+VyvU7SHebue4317v5NyGJeRnkN3/onNpdjpWu9Le9DqenBQ2SITgo7NsVsNsqhnT
+1jg2jfxJ8OXzi7/6JvuxxweCoDxr+KeKIViFAqNlyufeyIvowdjHTlJRvN/9Wl+/
+jPiHmFcIyIc1o8EUHzM9AEIWtB2DeHL62e7LVJbjMXsLAkTggc3BkGE2cWFOBY0f
+J4R+AKWDAgMBAAGjgcowgccwCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0O
+BBYEFIuo2f3quxaDSQ4lj9zJcPYmmc8iMG0GA1UdIwRmMGSAFOd18KDyrSDNzWAj
+zMfIDynz3VQgoUmkRzBFMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ry
+b25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBSb290IENBggEPMB8GA1UdEQQY
+MBaBFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMA0GCSqGSIb3DQEBBQUAA4IBAQBiOKAx
+ePEwlga++nOpkfBg6ESag5/VWfnAp1zRpXHXnRak10OTtCPDjmJiDUzlKBwolwJN
+I6T3S7eg+M04E3r5IHn3i+HtQcENkq02YUPiUXS5cvLtzKMPIm8pYCj7/5pXxAek
+nHGRdBZkQiGDz49H9rPKxLdJDTLCXpj4l9uOFgsbiQ3k5SyWq5oMhtZsf4VKqAd+
+77Mbn9pnjjy53wLuzjaMVX+K5KKotPNeSHH/pWh9RqNROmf6F2B0nZhW5Aryxa9/
+24GRkZEPZ+cqhtwgVjq5aImzdSrARJQ1tu6lZqNB5b9klYSAi+al0FrvUFoG58Qt
+eWeiFXLvAtXTGoax
-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/sales/index.txt b/testing/hosts/winnetou/etc/openssl/sales/index.txt
index 87af9dd15..3e39e973b 100644
--- a/testing/hosts/winnetou/etc/openssl/sales/index.txt
+++ b/testing/hosts/winnetou/etc/openssl/sales/index.txt
@@ -1,4 +1,4 @@
V 100322071017Z 01 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=dave@strongswan.org
V 100615195536Z 02 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA
V 120323211811Z 03 unknown /C=CH/O=Linux strongSwan/OU=Sales OCSP Signing Authority/CN=ocsp.sales.strongswan.org
-V 120418093600Z 04 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=dave@strongswan.org
+V 140323211053Z 04 unknown /C=CH/O=Linux strongSwan/OU=Sales no CDP/CN=dave@strongswan.org
diff --git a/testing/hosts/winnetou/etc/openssl/sales/newcerts/04.pem b/testing/hosts/winnetou/etc/openssl/sales/newcerts/04.pem
index c19c7333a..cae8184f6 100644
--- a/testing/hosts/winnetou/etc/openssl/sales/newcerts/04.pem
+++ b/testing/hosts/winnetou/etc/openssl/sales/newcerts/04.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIEJjCCAw6gAwIBAgIBBDANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ
+MIIELTCCAxWgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV
-BAMTCFNhbGVzIENBMB4XDTA3MDQyMDA5MzYwMFoXDTEyMDQxODA5MzYwMFowVjEL
-MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT
-BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GS
-zZwo/q4AE4v6OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+
-1V42Qkh61VJW1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJN
-P3p8wUpfwReImAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1+
-+eTSMvLXSkQeujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSP
-aSRhuz0gubuMpr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABo4IBCDCC
-AQQwCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFILLnutR01FvK1SR
-EZgaOaO9d8izMG0GA1UdIwRmMGSAFF+bE0b5IHLIANWItadMLpfqC5MooUmkRzBF
-MQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UE
-AxMSc3Ryb25nU3dhbiBSb290IENBggENMB4GA1UdEQQXMBWBE2RhdmVAc3Ryb25n
-c3dhbi5vcmcwPAYIKwYBBQUHAQEEMDAuMCwGCCsGAQUFBzABhiBodHRwOi8vb2Nz
-cDIuc3Ryb25nc3dhbi5vcmc6ODg4MjANBgkqhkiG9w0BAQUFAAOCAQEAhhebUzkR
-5bllLrfSb0H+Uns0Fw/hfyrvJPjKOcb/otwPZOeGftGYQgihGu3X0Wi6IPX3/I6v
-tAnjYTyMXO68Cm2Zw3ZjjjSupQ3LOtyUhKPehk1EXNI5S1WnpYvEjocaBeT5DBaH
-fjMHL4L32dUcyzU49zbrkFEY7ffka44s3SUf4tEaw5QlBfAnwoij2A/rucokWNeQ
-6KVE9wfYJri6P7ztVTWFsAD6MXRCjzYrS6lOo02w32k2Rpp5SdAWuiwnXLY1BPi9
-U031sS6eh2aRM+u1UKuCGQtUDCMOI6yDv5U2aWQuxYS2uTW05PlWwKAg2atFt7uZ
-P35gzzpJWopPqw==
+BAMTCFNhbGVzIENBMB4XDTA5MDMyNDIxMTA1M1oXDTE0MDMyMzIxMTA1M1owXTEL
+MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFTATBgNVBAsT
+DFNhbGVzIG5vIENEUDEcMBoGA1UEAxQTZGF2ZUBzdHJvbmdzd2FuLm9yZzCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMqgEdIrRiLkrf0UfCB4xUyx/5cs
+Ka5h1MNBks2cKP6uABOL+jnlkRtyVFIOOCuNMgcK+873LC87UU32zapbe6Ph46aN
+5M9ADMA6PtVeNkJIetVSVtT9DUL5II4kJ/hJUjINbt7omAiDAIWDGKNmTCsR18Ua
+o1O/QFbiTT96fMFKX8EXiJgMt/5+vOWG0s1nGz6gn40R/2K52EvBmu5v0M3TX67c
+YQFgBqMNfvnk0jLy10pEHro1OjgiTTj1DQd55ydSKGa0JvMDT/GOQeR87zkshRLz
+bhxXOt4Ej2kkYbs9ILm7jKa9XfUYI58vCYLHwhGzpLZSsJ2xXkgfAAIFTI8CAwEA
+AaOCAQgwggEEMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSCy57r
+UdNRbytUkRGYGjmjvXfIszBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guT
+KKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4x
+GzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDTAeBgNVHREEFzAVgRNkYXZl
+QHN0cm9uZ3N3YW4ub3JnMDwGCCsGAQUFBwEBBDAwLjAsBggrBgEFBQcwAYYgaHR0
+cDovL29jc3AyLnN0cm9uZ3N3YW4ub3JnOjg4ODIwDQYJKoZIhvcNAQEFBQADggEB
+ADn1ow4aGxckB4HsJQf1Z6LFpiCOExqhqcK/+fsFcl/WM3F0F+1TbEWzwFzDj3Yu
+5gH6DQ/c0Fp+WYCKAbZXdYoKHJDSZY0BsoD7Nglc1r+l1wFRv1UGF5DoYZPryHGA
+FkusMTUQMvWRRmN9PsURQ77DsmAtryKi5aDQ/rAiPIJK67bQ0HmvPAynO8IF2Fd9
+GpqFSc0gZni9NQszVUH33nuLlZP1hFC5MDeqhcqgmUL/GZbs7DZYThF4INBryfOg
+xFE73CpyNQHHmfT23TLsrFD5IXCp3z3oMtCtTphwUnCJrEzZ1H7mJ+xSJoJ3MOqd
+mNs1ygehz0a99cPoX1j/iwo=
-----END CERTIFICATE-----