summaryrefslogtreecommitdiff
path: root/testing/hosts/winnetou/etc/openssl
diff options
context:
space:
mode:
Diffstat (limited to 'testing/hosts/winnetou/etc/openssl')
-rw-r--r--testing/hosts/winnetou/etc/openssl/index.txt1
-rw-r--r--testing/hosts/winnetou/etc/openssl/index.txt.old1
-rw-r--r--testing/hosts/winnetou/etc/openssl/newcerts/13.pem26
-rwxr-xr-xtesting/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi11
-rw-r--r--testing/hosts/winnetou/etc/openssl/ocspCert-self.pem26
-rw-r--r--testing/hosts/winnetou/etc/openssl/ocspKey-self.pem27
-rw-r--r--testing/hosts/winnetou/etc/openssl/openssl.cnf5
-rw-r--r--testing/hosts/winnetou/etc/openssl/research/index.txt1
-rw-r--r--testing/hosts/winnetou/etc/openssl/research/index.txt.old1
-rw-r--r--testing/hosts/winnetou/etc/openssl/research/newcerts/03.pem26
-rwxr-xr-xtesting/hosts/winnetou/etc/openssl/research/ocsp/ocsp.cgi11
-rw-r--r--testing/hosts/winnetou/etc/openssl/research/ocspCert.pem26
-rw-r--r--testing/hosts/winnetou/etc/openssl/research/ocspKey.pem27
-rw-r--r--testing/hosts/winnetou/etc/openssl/research/openssl.cnf2
-rw-r--r--testing/hosts/winnetou/etc/openssl/research/serial2
-rw-r--r--testing/hosts/winnetou/etc/openssl/research/serial.old2
-rw-r--r--testing/hosts/winnetou/etc/openssl/sales/index.txt1
-rw-r--r--testing/hosts/winnetou/etc/openssl/sales/index.txt.old1
-rw-r--r--testing/hosts/winnetou/etc/openssl/sales/newcerts/03.pem26
-rwxr-xr-xtesting/hosts/winnetou/etc/openssl/sales/ocsp/ocsp.cgi11
-rw-r--r--testing/hosts/winnetou/etc/openssl/sales/ocspCert.pem26
-rw-r--r--testing/hosts/winnetou/etc/openssl/sales/ocspKey.pem27
-rw-r--r--testing/hosts/winnetou/etc/openssl/sales/openssl.cnf2
-rw-r--r--testing/hosts/winnetou/etc/openssl/sales/serial2
-rw-r--r--testing/hosts/winnetou/etc/openssl/sales/serial.old2
-rw-r--r--testing/hosts/winnetou/etc/openssl/serial2
-rw-r--r--testing/hosts/winnetou/etc/openssl/serial.old2
-rwxr-xr-xtesting/hosts/winnetou/etc/openssl/start-ocsp20
28 files changed, 287 insertions, 30 deletions
diff --git a/testing/hosts/winnetou/etc/openssl/index.txt b/testing/hosts/winnetou/etc/openssl/index.txt
index 9e744674d..12025d75c 100644
--- a/testing/hosts/winnetou/etc/openssl/index.txt
+++ b/testing/hosts/winnetou/etc/openssl/index.txt
@@ -16,3 +16,4 @@ V 100620195806Z 0F unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA
V 111007105811Z 10 unknown /C=CH/O=Linux strongSwan/OU=SHA-256/CN=moon.strongswan.org
V 111007121250Z 11 unknown /C=CH/O=Linux strongSwan/OU=SHA-384/CN=carol@strongswan.org
V 111007122112Z 12 unknown /C=CH/O=Linux strongSwan/OU=SHA-512/CN=dave@strongswan.org
+V 120224075857Z 13 unknown /C=CH/O=Linux strongSwan/OU=OCSP/CN=carol@strongswan.org
diff --git a/testing/hosts/winnetou/etc/openssl/index.txt.old b/testing/hosts/winnetou/etc/openssl/index.txt.old
index 4d7201a35..9e744674d 100644
--- a/testing/hosts/winnetou/etc/openssl/index.txt.old
+++ b/testing/hosts/winnetou/etc/openssl/index.txt.old
@@ -15,3 +15,4 @@ V 100607191714Z 0E unknown /C=CH/O=Linux strongSwan/CN=winnetou.strongswan.org
V 100620195806Z 0F unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA
V 111007105811Z 10 unknown /C=CH/O=Linux strongSwan/OU=SHA-256/CN=moon.strongswan.org
V 111007121250Z 11 unknown /C=CH/O=Linux strongSwan/OU=SHA-384/CN=carol@strongswan.org
+V 111007122112Z 12 unknown /C=CH/O=Linux strongSwan/OU=SHA-512/CN=dave@strongswan.org
diff --git a/testing/hosts/winnetou/etc/openssl/newcerts/13.pem b/testing/hosts/winnetou/etc/openssl/newcerts/13.pem
new file mode 100644
index 000000000..aeca7e1db
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/newcerts/13.pem
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEWzCCA0OgAwIBAgIBEzANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTA3MDIyNTA3NTg1N1oXDTEyMDIyNDA3NTg1N1owVjELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDTALBgNVBAsTBE9DU1Ax
+HTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAyO4WxrPomcQSspX+ZnPit3t+tzYE/wi1E8rH3h5aO3e5
+vVZX3YxNvBqge2RPB3oQHrWwWT8vKmqzZNjJUx4bRIqd1JdTRI7L0f6XJHjnrRv8
+G7M2uHe+JbHQKPRT7IefJ4PZ1FEA8SCwKfWs5vk1/w/cabM6DVzzjtWTV9DXKD6J
+5rRlvXtJDbhAvI2w8pCC1Gt6H8qjVSb7ItJ+SD3BlW3tq3nBsYFJRL24TyQg+Kdt
+kkCRQYirog29q+J59SErjolse59dte+MhNTv+SnVFgpQE9IGEo6yaKMAWLSTv0If
+pPr/QaEV9rcsYFmR3RtHc+QaaP0hvDAPMaKdhQMIUwIDAQABo4IBQzCCAT8wCQYD
+VR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFDRTWKccFIi95BslK3U92mIQ
+2rWGMG0GA1UdIwRmMGSAFF2n3XAGUTJ+57Zts7Xl4GDqLk3voUmkRzBFMQswCQYD
+VQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ry
+b25nU3dhbiBSb290IENBggEAMB8GA1UdEQQYMBaBFGNhcm9sQHN0cm9uZ3N3YW4u
+b3JnMDsGCCsGAQUFBwEBBC8wLTArBggrBgEFBQcwAYYfaHR0cDovL29jc3Auc3Ry
+b25nc3dhbi5vcmc6ODg4MDA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0
+cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQAc
+1bBYLYcc+js3UsHVk7W17Nr/qoNFzQZJ5Er3RjhNAgzAX1wOTrNgKXztwZde1Alj
+o05ZLXUFkB4coQwl7xo7I3EMJPUmSdHoyYyG7c7AgfcL/wwnzz4rWQl74WIZjySc
+ON0Ny9vrzbVboktYof/9Yp/+HgeKopfsaIiuNCAwmAWxiYqvDmlxxn16oOXeJFV8
+pFzZMirQ5l7QRD9iuabOdcnBp8ASH+5AbD4KjFQjo5RBVg92LwOkJo3Pf1twI57s
+pObrcM4JbHVohDornYQYfr9ymkMxJbqqkEgD8oIip0NFSbziam4ZkwgUlRIMUMU1
+/xsH+BXYZtKJbYjlnyc8
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi b/testing/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi
new file mode 100755
index 000000000..cb585ed08
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+cd /etc/openssl
+
+echo "Content-type: application/ocsp-response"
+echo ""
+
+/usr/bin/openssl ocsp -index index.txt -CA strongswanCert.pem \
+ -rkey ocspKey.pem -rsigner ocspCert.pem \
+ -nmin 5 \
+ -reqin /dev/stdin -respout /dev/stdout
diff --git a/testing/hosts/winnetou/etc/openssl/ocspCert-self.pem b/testing/hosts/winnetou/etc/openssl/ocspCert-self.pem
new file mode 100644
index 000000000..77f5bde52
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/ocspCert-self.pem
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEbjCCA1agAwIBAgIJALN2wqyLTIzfMA0GCSqGSIb3DQEBBQUAMGsxCzAJBgNV
+BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMSMwIQYDVQQLExpPQ1NQ
+IFNlbGYtU2lnbmVkIEF1dGhvcml0eTEcMBoGA1UEAxMTb2NzcC5zdHJvbmdzd2Fu
+Lm9yZzAeFw0wNzAzMTQxMjM0MDNaFw0xMjAzMTIxMjM0MDNaMGsxCzAJBgNVBAYT
+AkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMSMwIQYDVQQLExpPQ1NQIFNl
+bGYtU2lnbmVkIEF1dGhvcml0eTEcMBoGA1UEAxMTb2NzcC5zdHJvbmdzd2FuLm9y
+ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMgSOFeDdWxYKGPUSUhM
+BFAELGmHKfg2R25aWlE8ju//I0ByaoIsm8BPapSiiiwTdho/JPP44/nvHcDQu828
+P3uY5XbSPZpiiBgFoo8BC2/Y/rxY/skjEzqoHEXjg/vO1bA0tqjVn5a0jpkai7pD
+mUyBrmn1ArOjhR/HAupCHsIb7sAL+IEXByMcZQK6bvNL9PMTYI1T72+t/9cZAAEJ
+DfEhyJZMxQKgmT1SNzLwyszy1M1HF95D59gBok4PaRWWsLdwzplfTKh61CeGCYqb
+UP3qpMKrJ8Y7uv+e1vVzuYbJg5DR+bF1IGIc9QRyJlTkhZco+zTCQYxpvsNO18yr
+4qcCAwEAAaOCARMwggEPMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgECMB0GA1UdDgQW
+BBQHqEiJbwUSQJDtrfhopkda0nXrLTCBnQYDVR0jBIGVMIGSgBQHqEiJbwUSQJDt
+rfhopkda0nXrLaFvpG0wazELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0
+cm9uZ1N3YW4xIzAhBgNVBAsTGk9DU1AgU2VsZi1TaWduZWQgQXV0aG9yaXR5MRww
+GgYDVQQDExNvY3NwLnN0cm9uZ3N3YW4ub3JnggkAs3bCrItMjN8wHgYDVR0RBBcw
+FYITb2NzcC5zdHJvbmdzd2FuLm9yZzAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCTAN
+BgkqhkiG9w0BAQUFAAOCAQEAi//I0DOlUXNHxzLuuxyr6k5gO55zMCmHUcVfjVFZ
+9e+UpLLFZY+qbxOfzVLpKyDch6dKDIA/H+SzX1GZ+uW4FFQ1wYlHcK1Sio9hOgqI
+zeWdY5uHF6iERVYgOU/xp0+0LS5l4ezCvOKVkYJEFWe2eyn9rd4PGLW4/lTQiK1V
+14YzPyAhB7n8Sln5LBxAeY7U7Y8jEMLXZ+VF21mjH2sxZzWV/qWZdNWVUNaLZTYL
+lTqyzqsk40v5BTrjSvAWHN+c1WzydMvatFDzghlPnvR8dufRN2bnlj10J8sizn+v
+1iDtM6uYi8+Yn26yMGjCP+RYW+bwKQ927Gr43UkqqGsbCg==
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/ocspKey-self.pem b/testing/hosts/winnetou/etc/openssl/ocspKey-self.pem
new file mode 100644
index 000000000..1af5ecdb9
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/ocspKey-self.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAyBI4V4N1bFgoY9RJSEwEUAQsaYcp+DZHblpaUTyO7/8jQHJq
+giybwE9qlKKKLBN2Gj8k8/jj+e8dwNC7zbw/e5jldtI9mmKIGAWijwELb9j+vFj+
+ySMTOqgcReOD+87VsDS2qNWflrSOmRqLukOZTIGuafUCs6OFH8cC6kIewhvuwAv4
+gRcHIxxlArpu80v08xNgjVPvb63/1xkAAQkN8SHIlkzFAqCZPVI3MvDKzPLUzUcX
+3kPn2AGiTg9pFZawt3DOmV9MqHrUJ4YJiptQ/eqkwqsnxju6/57W9XO5hsmDkNH5
+sXUgYhz1BHImVOSFlyj7NMJBjGm+w07XzKvipwIDAQABAoIBABXLPk3yKQFjXQr6
+3fy9Ix8gRUI9kgnSx9cyinIc+akVDt7/V7DUcSbyv7ZvOkPw3sWfKURWUWcxb/lI
+A502q2eoUR6vajx+DTsoqfuP7pIBfkZAH4kDhB24oFPQo9jzP/3Q0DD2DEtbYck1
+xhDFOlbGLZynLuMopeC/SgcAqt8UAIe5AHoUdkPUZH3MqJppH+PCjhkMzreaY9wc
+mEh7tjKuItdGYt0ZmdrnQboyklMhOikn3nKOQWVINtzTLD4AsOcExPmO3m5j4m+n
+h0AGDFyxUvY/l/DH2xC1C5qu13yumesJ1irURShdwO05nrWUzqT0BH4VyJCvcZiC
+TnLhELkCgYEA6vmBxHXbh58VpJEfnXl8D01ZI7YgXHaNPb43j4GA26pd8JVYkPcQ
+TBRZYRGEYL9CT7mfssJ6yie1ZLdGn+vkKyT2LWXxbO8kvfX5lG93sFmE1oauEuug
+zau/eEh1k5fzlm6KClvFGnmMHqqxy0YMUVkAdT0Kb7PG36Bd9tDMLjsCgYEA2fkw
+p8JVIAwyWF99iubxIL9sNnjJgq2j4Rj4zjtT45ZA1LCe7L1EGhQGsP/0u5u+miX6
+GdMSzwehHVBtTl/Gkg/IjWUQbL/jILeFQM2i6hdo8BCmi8k4f6ZF/Pf+m7ZRcLb/
+opJhvhhelnxfNwxHrshohCvGpGVGvSS8xtXzuoUCgYEAmxeuwHauPNkTFvk27eD2
+sr7x/DFFMOKLHVrFH3JyFAtiT96zg5OfbSftSrWeM6Fp6mdx8jKNi4skHmMeOYYg
+px2RY6uq66T5Em0dnAzq6jpcBKEGmrRuAfK/wWvKN24POJajhGzIL05U3xT5n1sP
+3E2rkLaGge4ecRJPkw6EBmsCgYBQWhL8lJ/Ku5RHjZP7A106JDag8e/e02HJFeqK
+I8at6/KkNSOww6h6MI2y6/fsvOILcxp6MJwLY5WZ988DiDzsFRNqRCpE3Iu+wMhH
+dkarIswVSx4KA7hnHgVI1qauAgyNj3g3Ft0fNV6Q/PIgmc9G+CvHJVgJvCfSi9tn
+NPGu/QKBgExju7N5hrJUlfylwydp7X7jymHJGAac9J2+VhqWIhveCnTYrlwTcuJ6
+NqQDdBvDT0F+7fMxQ9wRglMadfnrwWh0Y7BGybzhlR4NDAAZk1GoxegWOR7HnacT
+bbHir6keeWggJgWHsRew3Yxckzqvi+vn/v3MF/wfRijzXzSAenNl
+-----END RSA PRIVATE KEY-----
diff --git a/testing/hosts/winnetou/etc/openssl/openssl.cnf b/testing/hosts/winnetou/etc/openssl/openssl.cnf
index dbe31abbd..165d8bbeb 100644
--- a/testing/hosts/winnetou/etc/openssl/openssl.cnf
+++ b/testing/hosts/winnetou/etc/openssl/openssl.cnf
@@ -43,7 +43,7 @@ crl_extensions = crl_ext # The extentions to add to the CRL
default_days = 1825 # how long to certify for
default_crl_days= 30 # how long before next CRL
-default_md = md5 # which md to use.
+default_md = sha1 # which md to use.
preserve = no # keep passed DN ordering
email_in_dn = no # allow/forbid EMail in DN
@@ -146,7 +146,7 @@ keyUsage = digitalSignature, keyEncipherment, keyAgreement
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid, issuer:always
subjectAltName = DNS:$ENV::COMMON_NAME
-#extendedKeyUsage = OCSPSigner
+#extendedKeyUsage = OCSPSigning
crlDistributionPoints = URI:http://crl.strongswan.org/strongswan.crl
####################################################################
@@ -158,6 +158,7 @@ keyUsage = digitalSignature, keyEncipherment, keyAgreemen
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid, issuer:always
subjectAltName = email:$ENV::COMMON_NAME
+#authorityInfoAccess = OCSP;URI:http://ocsp.strongswan.org:8880
crlDistributionPoints = URI:http://crl.strongswan.org/strongswan.crl
####################################################################
diff --git a/testing/hosts/winnetou/etc/openssl/research/index.txt b/testing/hosts/winnetou/etc/openssl/research/index.txt
index 4bd650072..2ccf6489c 100644
--- a/testing/hosts/winnetou/etc/openssl/research/index.txt
+++ b/testing/hosts/winnetou/etc/openssl/research/index.txt
@@ -1,2 +1,3 @@
V 100322070423Z 01 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org
V 100615195710Z 02 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=Sales CA
+V 120323210330Z 03 unknown /C=CH/O=Linux strongSwan/OU=Research OCSP Signing Authority/CN=ocsp.research.strongswan.org
diff --git a/testing/hosts/winnetou/etc/openssl/research/index.txt.old b/testing/hosts/winnetou/etc/openssl/research/index.txt.old
index 148bab7d6..4bd650072 100644
--- a/testing/hosts/winnetou/etc/openssl/research/index.txt.old
+++ b/testing/hosts/winnetou/etc/openssl/research/index.txt.old
@@ -1 +1,2 @@
V 100322070423Z 01 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org
+V 100615195710Z 02 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=Sales CA
diff --git a/testing/hosts/winnetou/etc/openssl/research/newcerts/03.pem b/testing/hosts/winnetou/etc/openssl/research/newcerts/03.pem
new file mode 100644
index 000000000..279b4191d
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/research/newcerts/03.pem
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEaDCCA1CgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA3MDMyNTIxMDMzMFoXDTEyMDMyMzIxMDMz
+MFoweTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xKDAm
+BgNVBAsTH1Jlc2VhcmNoIE9DU1AgU2lnbmluZyBBdXRob3JpdHkxJTAjBgNVBAMT
+HG9jc3AucmVzZWFyY2guc3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQCuXf1wGjBk5wthfyJcNgYu5uVdK9fqB7k5Qswy76M2JjZ2
+ECv8JZMvGDC9ciKwEqL3QkN+E90RusdCqgabAl2K3AvbR4VOpaCdy31pdPaKfRXA
+TazIH0GG8T/BImWTuweFt0XmsCl65ShoVul0DHWTli4jOAgHIj6eoYlQpRI6CbZs
+qdcGZJRWzZMPa86Q3i2nKAsOiWh7jg04uLFsWu+2uBYmsPSbKqZe76FY5m+PgAwo
+h0bFJI9qy4aryvNZiFT1+t3hd/wt/ZXnqYX4WsZcGlPOlKZoiDlmXzU1K1YY71io
+HUiH7QOYBYY+8+Mc5kwt/ropYEbfLfAENC7WV+8tAgMBAAGjggEhMIIBHTAJBgNV
+HRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQU8xU4ukLOgkIafc7zHp5HlANw
+5/4wbQYDVR0jBGYwZIAU53XwoPKtIM3NYCPMx8gPKfPdVCChSaRHMEUxCzAJBgNV
+BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
+bmdTd2FuIFJvb3QgQ0GCAQ8wJwYDVR0RBCAwHoIcb2NzcC5yZXNlYXJjaC5zdHJv
+bmdzd2FuLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDCTA3BgNVHR8EMDAuMCygKqAo
+hiZodHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG
+9w0BAQUFAAOCAQEADH13ce0I8nXd5rjnDWck3JdBOgFMu2Wl8zpKIeLVYZnUc/Sn
+l0sULX6AIdMzKVsPh78CgsQf4tggdVCdbTURMp3SdLO5TDNlqPVMnjHjajWR+C0D
+4TQWnBz/bEg3aXGjjJlu00eXWx8kRLrOP/wMWba+SEwYDqANgmUgxpcBeg8/0Q78
+d7xEJPOPDXlO5Nh3zeVIXaDT+y2ENzgyTx9YGoAURxl5eTpBNI7dJm5fjXdGlbwj
+1vO+UprMEU6rB9BDFSfyXaXcQoIgRr0oZqvAUS/cF9LQRf4iUXCpr8Th7Wddqi2r
+qiwDZt4o+3EYtCcMEK9zKJK3KMZc9A9HPCE+RA==
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/research/ocsp/ocsp.cgi b/testing/hosts/winnetou/etc/openssl/research/ocsp/ocsp.cgi
new file mode 100755
index 000000000..c193e8779
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/research/ocsp/ocsp.cgi
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+cd /etc/openssl/research
+
+echo "Content-type: application/ocsp-response"
+echo ""
+
+/usr/bin/openssl ocsp -index index.txt -CA researchCert.pem \
+ -rkey ocspKey.pem -rsigner ocspCert.pem \
+ -nmin 5 \
+ -reqin /dev/stdin -respout /dev/stdout
diff --git a/testing/hosts/winnetou/etc/openssl/research/ocspCert.pem b/testing/hosts/winnetou/etc/openssl/research/ocspCert.pem
new file mode 100644
index 000000000..279b4191d
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/research/ocspCert.pem
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEaDCCA1CgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA3MDMyNTIxMDMzMFoXDTEyMDMyMzIxMDMz
+MFoweTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xKDAm
+BgNVBAsTH1Jlc2VhcmNoIE9DU1AgU2lnbmluZyBBdXRob3JpdHkxJTAjBgNVBAMT
+HG9jc3AucmVzZWFyY2guc3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQCuXf1wGjBk5wthfyJcNgYu5uVdK9fqB7k5Qswy76M2JjZ2
+ECv8JZMvGDC9ciKwEqL3QkN+E90RusdCqgabAl2K3AvbR4VOpaCdy31pdPaKfRXA
+TazIH0GG8T/BImWTuweFt0XmsCl65ShoVul0DHWTli4jOAgHIj6eoYlQpRI6CbZs
+qdcGZJRWzZMPa86Q3i2nKAsOiWh7jg04uLFsWu+2uBYmsPSbKqZe76FY5m+PgAwo
+h0bFJI9qy4aryvNZiFT1+t3hd/wt/ZXnqYX4WsZcGlPOlKZoiDlmXzU1K1YY71io
+HUiH7QOYBYY+8+Mc5kwt/ropYEbfLfAENC7WV+8tAgMBAAGjggEhMIIBHTAJBgNV
+HRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQU8xU4ukLOgkIafc7zHp5HlANw
+5/4wbQYDVR0jBGYwZIAU53XwoPKtIM3NYCPMx8gPKfPdVCChSaRHMEUxCzAJBgNV
+BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
+bmdTd2FuIFJvb3QgQ0GCAQ8wJwYDVR0RBCAwHoIcb2NzcC5yZXNlYXJjaC5zdHJv
+bmdzd2FuLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDCTA3BgNVHR8EMDAuMCygKqAo
+hiZodHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG
+9w0BAQUFAAOCAQEADH13ce0I8nXd5rjnDWck3JdBOgFMu2Wl8zpKIeLVYZnUc/Sn
+l0sULX6AIdMzKVsPh78CgsQf4tggdVCdbTURMp3SdLO5TDNlqPVMnjHjajWR+C0D
+4TQWnBz/bEg3aXGjjJlu00eXWx8kRLrOP/wMWba+SEwYDqANgmUgxpcBeg8/0Q78
+d7xEJPOPDXlO5Nh3zeVIXaDT+y2ENzgyTx9YGoAURxl5eTpBNI7dJm5fjXdGlbwj
+1vO+UprMEU6rB9BDFSfyXaXcQoIgRr0oZqvAUS/cF9LQRf4iUXCpr8Th7Wddqi2r
+qiwDZt4o+3EYtCcMEK9zKJK3KMZc9A9HPCE+RA==
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/research/ocspKey.pem b/testing/hosts/winnetou/etc/openssl/research/ocspKey.pem
new file mode 100644
index 000000000..adbfe0f92
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/research/ocspKey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEArl39cBowZOcLYX8iXDYGLublXSvX6ge5OULMMu+jNiY2dhAr
+/CWTLxgwvXIisBKi90JDfhPdEbrHQqoGmwJditwL20eFTqWgnct9aXT2in0VwE2s
+yB9BhvE/wSJlk7sHhbdF5rApeuUoaFbpdAx1k5YuIzgIByI+nqGJUKUSOgm2bKnX
+BmSUVs2TD2vOkN4tpygLDoloe44NOLixbFrvtrgWJrD0myqmXu+hWOZvj4AMKIdG
+xSSPasuGq8rzWYhU9frd4Xf8Lf2V56mF+FrGXBpTzpSmaIg5Zl81NStWGO9YqB1I
+h+0DmAWGPvPjHOZMLf66KWBG3y3wBDQu1lfvLQIDAQABAoIBAEx5LnknE0h9yJEH
+GEPG8elKHRhC7VxX7NV/RV2lmjhahBI9v3zD4gyKmH3N/Aaq9cxpxH4cKh3nhBLp
+zSHY5LvNDGossPuwSoRKRgOlZ6ePeqWvq3LNuoh7cFG9Sz2CjqcHnWGyq06aCKHS
+VGswN7T17eBGZ8bxLvOVt0qmSxsmg2A2tmZQCAhc6IkEe3L4sqtS4N1y+8J1GSuu
+KlIuT9NtReDiXXQNxr48QJeddj6RE+5xgInUEUGPUrOnv+lllxN42u0Yrqnnci7M
+SNuxiCkYmvUm47zem3mUKrTJnr4uyKSVnzY5wKcbjebnjlaJmWefM6L7wTKYGbbF
+KsXXwOUCgYEA5cXCD09Oeb888dwgvOaVgZqfJaCex2wZ2Wgu8dm3y2YcrNHbrj13
+PU+1fBp29AE4cNowUitL0rHPE232WyKPCsvEt4H/ioucWvXUc9rzNlo+2H4J6ZMI
+4GQp2WXQZeqEAAI35qdcRwIDMRJdsDlg9fAwKAGJAYLhL4fZewmPb8cCgYEAwkU3
+ynMCj1XMvZzhPNS9bACD1euSLTopdAzlASX9bVnDGJ5/KeWl2PqJjrmV3LCjX/4t
+WnGsP5bgv6IGVRpTcjeJSebF2kEA/pwYEZJezwh304JUqsqg4K4QF1ra5v3Wp06e
+Y+sMdUphzTQFAvGzWTSQweSVlXHgrW+VWxdIEWsCgYApwL7b01h6TSMA/DRCv0/p
+pjRHPSG9MUqdNA5bymlYn6yURuo5hlfVn1dmPtTg0Bv2fd+L/uwfVEpByJicxPHj
+T1Xm1sud3HLEIKnDh8TsWofTBUw90ocpZ2onZBXzfyMPcVfBJSZijN4Rm7nEnRie
+eE/35ReFW8gZwADoF7ul3wKBgELkXo+BBnKgUn0/lXbCse6MRtjT4mNcUYW6IuhA
+UoDilYDWomakwnRx4Aea83UoBTk6ZhdsaKkEpKKXgaKwC+eaI9Wkdp/uHg+NY+Q5
+CBg1jDzx9YFRgA+dH8FK8XD0GoNFWNiCyKliUUa9ELSw0NZ4eReqQ69PpNNTRpQ0
+8gW9AoGBAIUpz52BrP0XcIEE+f9ONKGJq+cr1cRXDZlgHBE90GA/b5hfMiAmvaGm
+SVdBXfUzIwEv6fHRqFjXsGqRI1qD6my69khnoObu3H+DR4Dsk/3iwxDMEpK63dfM
+p2fp/wc8G/s/5YVQeAOW0NpPY7qyGDoXN5UcHfLjJw23gbkUJD58
+-----END RSA PRIVATE KEY-----
diff --git a/testing/hosts/winnetou/etc/openssl/research/openssl.cnf b/testing/hosts/winnetou/etc/openssl/research/openssl.cnf
index b5afd3d2e..706a52635 100644
--- a/testing/hosts/winnetou/etc/openssl/research/openssl.cnf
+++ b/testing/hosts/winnetou/etc/openssl/research/openssl.cnf
@@ -145,7 +145,7 @@ keyUsage = digitalSignature, keyEncipherment, keyAgreement
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid, issuer:always
subjectAltName = DNS:$ENV::COMMON_NAME
-#extendedKeyUsage = OCSPSigner
+#extendedKeyUsage = OCSPSigning
crlDistributionPoints = URI:http://crl.strongswan.org/research.crl
####################################################################
diff --git a/testing/hosts/winnetou/etc/openssl/research/serial b/testing/hosts/winnetou/etc/openssl/research/serial
index 75016ea36..64969239d 100644
--- a/testing/hosts/winnetou/etc/openssl/research/serial
+++ b/testing/hosts/winnetou/etc/openssl/research/serial
@@ -1 +1 @@
-03
+04
diff --git a/testing/hosts/winnetou/etc/openssl/research/serial.old b/testing/hosts/winnetou/etc/openssl/research/serial.old
index 9e22bcb8e..75016ea36 100644
--- a/testing/hosts/winnetou/etc/openssl/research/serial.old
+++ b/testing/hosts/winnetou/etc/openssl/research/serial.old
@@ -1 +1 @@
-02
+03
diff --git a/testing/hosts/winnetou/etc/openssl/sales/index.txt b/testing/hosts/winnetou/etc/openssl/sales/index.txt
index 5093b34e9..ab3c06416 100644
--- a/testing/hosts/winnetou/etc/openssl/sales/index.txt
+++ b/testing/hosts/winnetou/etc/openssl/sales/index.txt
@@ -1,2 +1,3 @@
V 100322071017Z 01 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=dave@strongswan.org
V 100615195536Z 02 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA
+V 120323211811Z 03 unknown /C=CH/O=Linux strongSwan/OU=Sales OCSP Signing Authority/CN=ocsp.sales.strongswan.org
diff --git a/testing/hosts/winnetou/etc/openssl/sales/index.txt.old b/testing/hosts/winnetou/etc/openssl/sales/index.txt.old
index 7378ebb8a..5093b34e9 100644
--- a/testing/hosts/winnetou/etc/openssl/sales/index.txt.old
+++ b/testing/hosts/winnetou/etc/openssl/sales/index.txt.old
@@ -1 +1,2 @@
V 100322071017Z 01 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=dave@strongswan.org
+V 100615195536Z 02 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA
diff --git a/testing/hosts/winnetou/etc/openssl/sales/newcerts/03.pem b/testing/hosts/winnetou/etc/openssl/sales/newcerts/03.pem
new file mode 100644
index 000000000..ce2ff7b9d
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/sales/newcerts/03.pem
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEVjCCAz6gAwIBAgIBAzANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV
+BAMTCFNhbGVzIENBMB4XDTA3MDMyNTIxMTgxMVoXDTEyMDMyMzIxMTgxMVowczEL
+MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xJTAjBgNVBAsT
+HFNhbGVzIE9DU1AgU2lnbmluZyBBdXRob3JpdHkxIjAgBgNVBAMTGW9jc3Auc2Fs
+ZXMuc3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDGgB20WTzEVUNGDU/iwxN/eybmYAQ2rUytxoyKUHoN8Q7tATg7bwH3HrMdc5JV
+AA4uiWFdrNw7GGu+QJVrYi+7jdt76ffcck6eQjLmmVsGp4T16U900ZzFh6zLnhs9
+K/Sw8yiGMQcYncblST4Sl3Yd6XdiY/fZHscsbFjxVpPGxwebZPPirukeWDFLUwVO
+yc5A7pdqNlvmfy5tiO5Ds8hQMQyVqpmlDYwTQz3yZS2+X4In8GrgvBnUZ/etGzq8
+N+309wX/g2WvcKYDpWLqu3KxkwL+QTTYhIM6NvQXtPGCf3M5yBtoNqPzgIqXveuT
+oMwJwF+uDZddBWjAeI1G+J8BAgMBAAGjggEbMIIBFzAJBgNVHRMEAjAAMAsGA1Ud
+DwQEAwIDqDAdBgNVHQ4EFgQUY33heVHJfDUOz5Va8B1VPepgam4wbQYDVR0jBGYw
+ZIAUX5sTRvkgcsgA1Yi1p0wul+oLkyihSaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYD
+VQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJvb3Qg
+Q0GCAQ0wJAYDVR0RBB0wG4IZb2NzcC5zYWxlcy5zdHJvbmdzd2FuLm9yZzATBgNV
+HSUEDDAKBggrBgEFBQcDCTA0BgNVHR8ELTArMCmgJ6AlhiNodHRwOi8vY3JsLnN0
+cm9uZ3N3YW4ub3JnL3NhbGVzLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAXvU0ucW8
+DUgNkNdzIYtL48d44e+vDRuVZ6BmuovHqZuuWXfmxtM0q8zPUgrtXwX50nhVg8Y3
+csLLa4o7WOmDTMftvzuh9+T9CV8WIX6vioI7zS550ZwUwB0V08JTfrCiRaCql7Eg
+pDEZDfKXJCaq+I/FAH1Q03vXsDk+wTtJSeqoWCt7IiEYePwFLQ0ANjPhK6BbbcyH
+XkqZE2hYmroGele+UGwflRL9CP6F8UTFdg2LefeiZmZiSkgO2a0i4ik0ShQAPyIl
+is5KBiKuvsqkbMTCxdk0gdRqcTF0YUHcOCY0gHMiApsNC157fokP0Mg6rBDRCJkH
+kiJdzc42Apd8uw==
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/sales/ocsp/ocsp.cgi b/testing/hosts/winnetou/etc/openssl/sales/ocsp/ocsp.cgi
new file mode 100755
index 000000000..c53cb9a76
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/sales/ocsp/ocsp.cgi
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+cd /etc/openssl/sales
+
+echo "Content-type: application/ocsp-response"
+echo ""
+
+/usr/bin/openssl ocsp -index index.txt -CA salesCert.pem \
+ -rkey ocspKey.pem -rsigner ocspCert.pem \
+ -nmin 5 \
+ -reqin /dev/stdin -respout /dev/stdout
diff --git a/testing/hosts/winnetou/etc/openssl/sales/ocspCert.pem b/testing/hosts/winnetou/etc/openssl/sales/ocspCert.pem
new file mode 100644
index 000000000..ce2ff7b9d
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/sales/ocspCert.pem
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEVjCCAz6gAwIBAgIBAzANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV
+BAMTCFNhbGVzIENBMB4XDTA3MDMyNTIxMTgxMVoXDTEyMDMyMzIxMTgxMVowczEL
+MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xJTAjBgNVBAsT
+HFNhbGVzIE9DU1AgU2lnbmluZyBBdXRob3JpdHkxIjAgBgNVBAMTGW9jc3Auc2Fs
+ZXMuc3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDGgB20WTzEVUNGDU/iwxN/eybmYAQ2rUytxoyKUHoN8Q7tATg7bwH3HrMdc5JV
+AA4uiWFdrNw7GGu+QJVrYi+7jdt76ffcck6eQjLmmVsGp4T16U900ZzFh6zLnhs9
+K/Sw8yiGMQcYncblST4Sl3Yd6XdiY/fZHscsbFjxVpPGxwebZPPirukeWDFLUwVO
+yc5A7pdqNlvmfy5tiO5Ds8hQMQyVqpmlDYwTQz3yZS2+X4In8GrgvBnUZ/etGzq8
+N+309wX/g2WvcKYDpWLqu3KxkwL+QTTYhIM6NvQXtPGCf3M5yBtoNqPzgIqXveuT
+oMwJwF+uDZddBWjAeI1G+J8BAgMBAAGjggEbMIIBFzAJBgNVHRMEAjAAMAsGA1Ud
+DwQEAwIDqDAdBgNVHQ4EFgQUY33heVHJfDUOz5Va8B1VPepgam4wbQYDVR0jBGYw
+ZIAUX5sTRvkgcsgA1Yi1p0wul+oLkyihSaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYD
+VQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJvb3Qg
+Q0GCAQ0wJAYDVR0RBB0wG4IZb2NzcC5zYWxlcy5zdHJvbmdzd2FuLm9yZzATBgNV
+HSUEDDAKBggrBgEFBQcDCTA0BgNVHR8ELTArMCmgJ6AlhiNodHRwOi8vY3JsLnN0
+cm9uZ3N3YW4ub3JnL3NhbGVzLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAXvU0ucW8
+DUgNkNdzIYtL48d44e+vDRuVZ6BmuovHqZuuWXfmxtM0q8zPUgrtXwX50nhVg8Y3
+csLLa4o7WOmDTMftvzuh9+T9CV8WIX6vioI7zS550ZwUwB0V08JTfrCiRaCql7Eg
+pDEZDfKXJCaq+I/FAH1Q03vXsDk+wTtJSeqoWCt7IiEYePwFLQ0ANjPhK6BbbcyH
+XkqZE2hYmroGele+UGwflRL9CP6F8UTFdg2LefeiZmZiSkgO2a0i4ik0ShQAPyIl
+is5KBiKuvsqkbMTCxdk0gdRqcTF0YUHcOCY0gHMiApsNC157fokP0Mg6rBDRCJkH
+kiJdzc42Apd8uw==
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/sales/ocspKey.pem b/testing/hosts/winnetou/etc/openssl/sales/ocspKey.pem
new file mode 100644
index 000000000..5d10a3467
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/sales/ocspKey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAxoAdtFk8xFVDRg1P4sMTf3sm5mAENq1MrcaMilB6DfEO7QE4
+O28B9x6zHXOSVQAOLolhXazcOxhrvkCVa2Ivu43be+n33HJOnkIy5plbBqeE9elP
+dNGcxYesy54bPSv0sPMohjEHGJ3G5Uk+Epd2Hel3YmP32R7HLGxY8VaTxscHm2Tz
+4q7pHlgxS1MFTsnOQO6XajZb5n8ubYjuQ7PIUDEMlaqZpQ2ME0M98mUtvl+CJ/Bq
+4LwZ1Gf3rRs6vDft9PcF/4Nlr3CmA6Vi6rtysZMC/kE02ISDOjb0F7Txgn9zOcgb
+aDaj84CKl73rk6DMCcBfrg2XXQVowHiNRvifAQIDAQABAoIBAQCUOZL02zYfPbPw
+mXwvzo++wA16NfSvh5UcpojHt/SMeJc2r5R3/Rqwl8IUmfqJcnMkmP2V38DMeB3s
+gXmSKE2QdguRalLl0I2Ya8Jqo9VvEKSepMvqZaP1dKy5l6SrdylPASQfoHi2Dws4
+qAqsA2H2UCIP3Kp0/SCpsXZxML9EzIWtYtvrqJ0p0EI9ZzEn5uFok91qTYqD9c3T
+v142OyfmHlwICLy7UlFkmawrV4PIIP2RGTRgr2b16Vis7mAkRC7blsFXUEBb8hwE
+SmISdZYXc+NCesonXYGeRhln8PPLI3/T+HHH8G2eFhyQISHgE0CbjK+zvFcAddvD
+BbeceDPhAoGBAOkXwIklHvzSj4QoCi572QNkNIkxlIa6PL3I2ygJczeB1vj9kvVc
+CV2onhvBL3FGy0BJrQI7UBySW59/GdSs+WJFQWlIwI9QglDS8itAQK6+9zeyg69U
+NbGw784NGn5cP3F4P3QCGEUg5Oj8t0iE8gKbljz6rlSjO5uhXYOYf0rtAoGBANoC
+E0noRtG4QloEbIiHjLbnNAjabOO9KNm9FLZZFnGvTHQ1690i+GBOXC/cbP3jo6tz
+07+Ob/+IKhXhEj9opGu8ZvEfarHmBEWxj6TdvFmlaHEcEFD0LqGu5ssSfW3S3AEB
+Z3rBLkEeJYUYQqCU+vgZHEbrLWeBt33AIeB1nN3lAoGAL0LJnwUPy2NGBh24MsSZ
+s75ViJus6cRJHJHlHbEM02xYEhQX//exTnQp2qbI38bi3x4RHiq4i5KBUU2MBzsr
+NWmlYZuGr4g7Y/fhcjOM6eF+bqSbXqlMWcLuXHD7tjMuCeu/sd3a3elVgIf9AY8z
+IqQ5ShPp1O9j3qJRO6Vn6eECgYBIu9KFoOonxArXD4zKTDcFOsPghEc5//0mD/Be
+GgDj8vFWADtt7uHg96PIEAmI9y6+4Ajwauww29P2sr2szBO3IgdSQQIO0kfwnJnp
+DlVtr0LWId/LsnvwU3MKo2OXhXcDGt3UValB7nXkHsDz5GCK743Al2vxkZSPbs+e
+nH62hQKBgQC8AouEwXXXQD8+MnW+qcIbaAzVMirc94sI3fQH1AnfiZHH6aMCOh/4
+xoh/RzylotQlOk1xjCOB4O/Hhd+MAnlH9ZawCnRdvB/4usxd4j2AYr0Np7Q+VUyx
+EFejvkdm20j1dh29jfSbiXHd2RCoFimX0Dr3weiRqffqi9aV2tdqLQ==
+-----END RSA PRIVATE KEY-----
diff --git a/testing/hosts/winnetou/etc/openssl/sales/openssl.cnf b/testing/hosts/winnetou/etc/openssl/sales/openssl.cnf
index adb204bc2..687956d60 100644
--- a/testing/hosts/winnetou/etc/openssl/sales/openssl.cnf
+++ b/testing/hosts/winnetou/etc/openssl/sales/openssl.cnf
@@ -145,7 +145,7 @@ keyUsage = digitalSignature, keyEncipherment, keyAgreement
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid, issuer:always
subjectAltName = DNS:$ENV::COMMON_NAME
-#extendedKeyUsage = OCSPSigner
+#extendedKeyUsage = OCSPSigning
crlDistributionPoints = URI:http://crl.strongswan.org/sales.crl
####################################################################
diff --git a/testing/hosts/winnetou/etc/openssl/sales/serial b/testing/hosts/winnetou/etc/openssl/sales/serial
index 75016ea36..64969239d 100644
--- a/testing/hosts/winnetou/etc/openssl/sales/serial
+++ b/testing/hosts/winnetou/etc/openssl/sales/serial
@@ -1 +1 @@
-03
+04
diff --git a/testing/hosts/winnetou/etc/openssl/sales/serial.old b/testing/hosts/winnetou/etc/openssl/sales/serial.old
index 9e22bcb8e..75016ea36 100644
--- a/testing/hosts/winnetou/etc/openssl/sales/serial.old
+++ b/testing/hosts/winnetou/etc/openssl/sales/serial.old
@@ -1 +1 @@
-02
+03
diff --git a/testing/hosts/winnetou/etc/openssl/serial b/testing/hosts/winnetou/etc/openssl/serial
index b1bd38b62..8351c1939 100644
--- a/testing/hosts/winnetou/etc/openssl/serial
+++ b/testing/hosts/winnetou/etc/openssl/serial
@@ -1 +1 @@
-13
+14
diff --git a/testing/hosts/winnetou/etc/openssl/serial.old b/testing/hosts/winnetou/etc/openssl/serial.old
index 48082f72f..b1bd38b62 100644
--- a/testing/hosts/winnetou/etc/openssl/serial.old
+++ b/testing/hosts/winnetou/etc/openssl/serial.old
@@ -1 +1 @@
-12
+13
diff --git a/testing/hosts/winnetou/etc/openssl/start-ocsp b/testing/hosts/winnetou/etc/openssl/start-ocsp
deleted file mode 100755
index bdc5dab38..000000000
--- a/testing/hosts/winnetou/etc/openssl/start-ocsp
+++ /dev/null
@@ -1,20 +0,0 @@
-#! /bin/sh
-# start an OpenSSL-based OCSP server
-#
-# Copyright (C) 2004 Andreas Steffen
-# Zuercher Hochschule Winterthur
-#
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by the
-# Free Software Foundation; either version 2 of the License, or (at your
-# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-# for more details.
-#
-# RCSID $Id: start-ocsp,v 1.3 2005/01/01 18:12:14 as Exp $
-
-cd /etc/openssl
-openssl ocsp -index index.txt -CA strongswanCert.pem -port 8880 -rkey ocspKey.pem -rsigner ocspCert.pem -nmin 5 < /dev/null > /dev/null 2>&1 &
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 22:07:00 +0000