Refactor SSLConfigurationReloaderTests

Based on the changes to key and trust material reloading that were
introduced in  elastic#30509. DSA and EC keys are regenerated and the
associated certificates are constructed with the correct SAN.

x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/SSLConfigurationReloaderTests.java

@@ -127,13 +127,12 @@ public void testReloadingKeyStore() throws Exception {
                     server.start();
                     SSLHandshakeException sslException = expectThrows(SSLHandshakeException.class, () ->
                         privilegedConnect(() -> client.execute(new HttpGet("https://localhost:" + server.getPort())).close()));
-                    assertThat(sslException.getCause().getMessage(), containsString("PKIX path building failed"));
+                    assertThat(sslException.getCause().getMessage(), containsString("PKIX path validation failed"));
                 } catch (Exception e) {
                     throw new RuntimeException("Exception starting or connecting to the mock server", e);
                 }
             };
             validateSSLConfigurationIsReloaded(settings, env, keyMaterialPreChecks, modifier, keyMaterialPostChecks);
-
         }
     }
     /**
@@ -144,10 +143,13 @@ public void testPEMKeyConfigReloading() throws Exception {
         Path keyPath = tempDir.resolve("testnode.pem");
         Path updatedKeyPath = tempDir.resolve("testnode_updated.pem");
         Path certPath = tempDir.resolve("testnode.crt");
+        Path updatedCertPath = tempDir.resolve("testnode_updated.crt");
         final Path clientTruststorePath = tempDir.resolve("testnode.jks");
         Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.pem"), keyPath);
         Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode_updated.pem"), updatedKeyPath);
+        Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode_updated.crt"), updatedCertPath);
         Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt"), certPath);
+        Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks"), clientTruststorePath);
         MockSecureSettings secureSettings = new MockSecureSettings();
         secureSettings.setString("xpack.ssl.secure_key_passphrase", "testnode");
         final Settings settings = Settings.builder()
@@ -172,6 +174,7 @@ public void testPEMKeyConfigReloading() throws Exception {
             final Runnable modifier = () -> {
                 try {
                     atomicMoveIfPossible(updatedKeyPath, keyPath);
+                    atomicMoveIfPossible(updatedCertPath, certPath);
                 } catch (Exception e) {
                     throw new RuntimeException("failed to modify file", e);
                 }
@@ -184,7 +187,7 @@ public void testPEMKeyConfigReloading() throws Exception {
                     server.start();
                     SSLHandshakeException sslException = expectThrows(SSLHandshakeException.class, () ->
                         privilegedConnect(() -> client.execute(new HttpGet("https://localhost:" + server.getPort())).close()));
-                    assertThat(sslException.getCause().getMessage(), containsString("PKIX path building failed"));
+                    assertThat(sslException.getCause().getMessage(), containsString("PKIX path validation failed"));
                 } catch (Exception e) {
                     throw new RuntimeException("Exception starting or connecting to the mock server", e);
                 }
@@ -211,7 +214,7 @@ public void testReloadingTrustStore() throws Exception {
             .setSecureSettings(secureSettings)
             .build();
         Environment env = randomBoolean() ? null : TestEnvironment.newEnvironment(settings);
-// Create the MockWebServer once for both pre and post checks
+        // Create the MockWebServer once for both pre and post checks
         try (MockWebServer server = getSslServer(trustStorePath, "testnode")) {
             final Consumer<SSLContext> trustMaterialPreChecks = (context) -> {
                 try (CloseableHttpClient client = HttpClients.custom().setSSLContext(context).build()) {
@@ -239,7 +242,6 @@ public void testReloadingTrustStore() throws Exception {
                     throw new RuntimeException("Error closing CloseableHttpClient", e);
                 }
             };
-
             validateSSLConfigurationIsReloaded(settings, env, trustMaterialPreChecks, modifier, trustMaterialPostChecks);
         }
     }
@@ -251,13 +253,15 @@ public void testReloadingPEMTrustConfig() throws Exception {
         Path clientCertPath = tempDir.resolve("testnode.crt");
         Path keyStorePath = tempDir.resolve("testnode.jks");
         Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks"), keyStorePath);
-        Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt"), clientCertPath);
+        //Our keystore contains two Certificates it can present. One build from the RSA keypair and one build from the EC keypair. EC is
+        // used since it keyManager presents the first one in alias alphabetical order (and testnode_ec comes before testnode_rsa)
+        Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode_ec.crt"), clientCertPath);
         Settings settings = Settings.builder()
-                .putList("xpack.ssl.certificate_authorities", clientCertPath.toString())
+            .putList("xpack.ssl.certificate_authorities", clientCertPath.toString())
                 .put("path.home", createTempDir())
                 .build();
         Environment env = randomBoolean() ? null : TestEnvironment.newEnvironment(settings);
-// Create the MockWebServer once for both pre and post checks
+        // Create the MockWebServer once for both pre and post checks
         try (MockWebServer server = getSslServer(keyStorePath, "testnode")) {
             final Consumer<SSLContext> trustMaterialPreChecks = (context) -> {
                 try (CloseableHttpClient client = HttpClients.custom().setSSLContext(context).build()) {
@@ -277,6 +281,7 @@ public void testReloadingPEMTrustConfig() throws Exception {
                     throw new RuntimeException("failed to modify file", e);
                 }
             };
+
             // Client doesn't trust the Server certificate anymore so SSLHandshake should fail
             final Consumer<SSLContext> trustMaterialPostChecks = (updatedContext) -> {
                 try (CloseableHttpClient client = HttpClients.custom().setSSLContext(updatedContext).build()) {
@@ -287,7 +292,6 @@ public void testReloadingPEMTrustConfig() throws Exception {
                     throw new RuntimeException("Error closing CloseableHttpClient", e);
                 }
             };
-
             validateSSLConfigurationIsReloaded(settings, env, trustMaterialPreChecks, modifier, trustMaterialPostChecks);
         }
     }
@@ -509,5 +513,4 @@ private static void privilegedConnect(CheckedRunnable<Exception> runnable) throw
             throw (Exception) e.getCause();
         }
     }
-
 }

x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/SSLServiceTests.java

@@ -541,18 +541,18 @@ public void testReadCertificateInformation() throws Exception {
         assertThat(cert.alias(), equalTo("testnode_dsa"));
         assertThat(cert.path(), equalTo(jksPath.toString()));
         assertThat(cert.format(), equalTo("jks"));
-        assertThat(cert.serialNumber(), equalTo("58925f5a"));
-        assertThat(cert.subjectDn(), equalTo("CN=testnode"));
-        assertThat(cert.expiry(), equalTo(DateTime.parse("2028-01-16T07:28:46.000Z")));
+        assertThat(cert.serialNumber(), equalTo("223c736a"));
+        assertThat(cert.subjectDn(), equalTo("CN=Elasticsearch Test Node"));
+        assertThat(cert.expiry(), equalTo(DateTime.parse("2045-10-02T09:43:18.000Z")));
         assertThat(cert.hasPrivateKey(), equalTo(true));
 
         cert = iterator.next();
         assertThat(cert.alias(), equalTo("testnode_ec"));
         assertThat(cert.path(), equalTo(jksPath.toString()));
         assertThat(cert.format(), equalTo("jks"));
-        assertThat(cert.serialNumber(), equalTo("792353ce"));
-        assertThat(cert.subjectDn(), equalTo("CN=testnode"));
-        assertThat(cert.expiry(), equalTo(DateTime.parse("2028-01-16T07:27:22.000Z")));
+        assertThat(cert.serialNumber(), equalTo("7268203b"));
+        assertThat(cert.subjectDn(), equalTo("CN=Elasticsearch Test Node"));
+        assertThat(cert.expiry(), equalTo(DateTime.parse("2045-10-02T09:36:10.000Z")));
         assertThat(cert.hasPrivateKey(), equalTo(true));
 
         cert = iterator.next();

x-pack/plugin/core/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/README.asciidoc

@@ -66,13 +66,15 @@ Adding `DSA` and `EC` Keys to the Keystore
 
 [source,shell]
 ------
-keytool -genkeypair -keyalg DSA -alias testnode_DSA -keystore testnode.jks -storepass testnode \
-        -keypass testnode -validity 10000 -keysize 1024 -dname "CN=testnode"
+keytool -genkeypair -keyalg DSA -alias testnode_dsa -keystore testnode.jks -storepass testnode \
+        -keypass testnode -validity 10000 -keysize 1024 -dname "CN=Elasticsearch Test Node" \
+        -ext SAN=dns:localhost,dns:localhost.localdomain,dns:localhost4,dns:localhost4.localdomain4,dns:localhost6,dns:localhost6.localdomain6,ip:127.0.0.1,ip:0:0:0:0:0:0:0:1
 ------
 [source,shell]
 ------
-keytool -genkeypair -keyalg EC -alias testnode_EC -keystore testnode.jks -storepass testnode \
-        -keypass testnode -validity 10000 -keysize 256 -dname "CN=testnode"
+keytool -genkeypair -keyalg EC -alias testnode_ec -keystore testnode.jks -storepass testnode \
+        -keypass testnode -validity 10000 -keysize 256 -dname "CN=Elasticsearch Test Node" \
+        -ext SAN=dns:localhost,dns:localhost.localdomain,dns:localhost4,dns:localhost4.localdomain4,dns:localhost6,dns:localhost6.localdomain6,ip:127.0.0.1,ip:0:0:0:0:0:0:0:1
 ------
 
 Exporting the `DSA` and `EC` private keys from the keystore

x-pack/plugin/core/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/dsa_key_openssl_encrypted.pem

@@ -1,15 +1,15 @@
 -----BEGIN DSA PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,55FAF7DECF1C70AA
+DEK-Info: DES-EDE3-CBC,BE9A0B63873F6B7A
 
-sd+cOZKc6LLBYkJWviEn20PQKVAdgSDX+uMQK+D2hMZmbaNHj/Bw2CH23T+vsb24
-FwbbTBXW05wixmrRLyVBkMuXPqsTKzwqCb5odt3kll/v0txoold6L/URO0v1OHyU
-m97t72qz0dumo+9Ch9qrPC+3LEzofv2bVKq38jziBdtYcYNKpBr8Qsxnf7X31H5j
-ErzzN/oDm8kFIihgPFmmorkCb2AXwnZP4NxeaH+Cc+p/QsmBrNHo0xcumHR4IEah
-GVN1TQQ31ujVAUaEyx+h5TsIO3AmdC71+2xn871HNs/A9zhqyNKUUAzMSoZ0Tlgh
-3knRLG/eVSvd3mYJV1xgpxU6afWWe+iI+TNaLl6NI9vp6msYUb4vIUR0DKO8b/to
-wJp6iziTRGwboQdNa9fFtm+cQIpEjL00ylS2h4X8olcsslivCW3vOxOoUJDG1BuS
-FPTOXTX+2dV98Q7E8ggNltS8XLYvjwpA383GQgJpIOySxXqBtsejN2cf4F7WTdIC
-Mbs8ikv2NDHjeFH7HiVcmp9/7REa8f8QYo1O/gzGgLmeVpvqSRtIpcg4u+JKig5k
-7x7Y6Oi22vRt9aGk/SjNPHX8hI+evHA6
+lGSpJkwN0J9p+2Wm58706EYz6mmjgz7okjMtsR87GMIiK/wVwjKmyUa73QTVVs15
+N/EOySftBk3VUSPx9G1ZMxKpp3l/hvkIcsDDfCPAZFqwdQQJ8BEeF9jDd5ZoI6Yz
+Yus1+X8A1OpX1O7PCZ08e2fLeVuEWg62/JQcNukuvL7AKm+qa1sda5/ktquv2eMZ
+nbTiOE3Xe+uDsgABQdy1h4EsMEaMdE6QrWdxLGWDGcdzSzfltvnhmmsK2CQsV4e1
+huQeb8ylShJuIr+mgtKgUlIlJwSd7ka8hIdmGt1LO9+NZOPUGN04daQkETtfwsmu
+YIYkh66CuLbT4nZny64Spa7AeINSmf9GA72/QtRSo3M7Khlw/95Lz24iKAy7/Lbt
+AKYenSQeJtlNgWzPcDIeUrIzXXmAXHN5YGMg/7X0h7EGu5BxYbLydkBRvSkV9gzU
+Ms6JD5aON10DQhjIUwUcBnhSnwPPpIVa2xf9mqytkcg+zDgr57ygZ9n4D+iv4jiC
+ZJuFCFrgeqHrCEKRphWRckyhPo25ix9XXv7FmUw8jxb/3uTk93CS4Wv5LK4JkK6Z
+AyF99S2kDqsE1u71qHJU2w==
 -----END DSA PRIVATE KEY-----

x-pack/plugin/core/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/dsa_key_openssl_plain.pem

@@ -1,12 +1,12 @@
 -----BEGIN DSA PRIVATE KEY-----
-MIIBvQIBAAKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR
+MIIBuwIBAAKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR
 +1k9jVj6v8X1ujD2y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb
 +DtX58aophUPBPuD9tPFHsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdg
 UI8VIwvMspK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlX
 TAs9B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCj
 rh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQB
-TDv+z0kqAoGBAN1rrhG0MVbuzsW8GiTF8x3/d5eOXG5cNKrpnaGoiDADy19AbzOj
-iXgJPP9tE7G04d4ovcHqqSF0dMCtaT1dPCCeJgMLnwnRqNptnMBhzUVYqwuQkS6S
-t2yH9wGuO9gJfptnevZpavj3kEexhc9nrTMtejNfbYZTEvejn63CXJToAhUAgEtK
-P4qNIE/UcQ5UamvodeHAP5U=
+TDv+z0kqAoGAd0xuuUUSAXsXaQ/dp9ThBTVzdVhGk6VAcWb403uMXUyXKsnCIAST
+m6bVWKjNxO1EsP3Slyd5CwbqIRUBK5NjzdQP/hHGtEIbqtYKY1VZI7T91Lk8/Dc/
+p9Vgh27bPR8Yq8wPKU3EIJzYi0Nw8AxZf10yK+5tQ6pPUa3dH6lXt5oCFF1LyfuB
+qBYh7hyIsfkb+cZoQ57t
 -----END DSA PRIVATE KEY-----

x-pack/plugin/core/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/dsa_key_openssl_plain_with_params.pem

@@ -5,14 +5,14 @@ fexykg9Kxe/QBfDtcj3CEJNH/xoptJQVx3hi+0BPPK8+eUXTjwkQerGMwUD7UQak
 xuUS/22GakHZV5G/kCc=
 -----END DSA PARAMETERS-----
 -----BEGIN DSA PRIVATE KEY-----
-MIIBvQIBAAKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR
+MIIBuwIBAAKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR
 +1k9jVj6v8X1ujD2y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb
 +DtX58aophUPBPuD9tPFHsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdg
 UI8VIwvMspK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlX
 TAs9B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCj
 rh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQB
-TDv+z0kqAoGBAN1rrhG0MVbuzsW8GiTF8x3/d5eOXG5cNKrpnaGoiDADy19AbzOj
-iXgJPP9tE7G04d4ovcHqqSF0dMCtaT1dPCCeJgMLnwnRqNptnMBhzUVYqwuQkS6S
-t2yH9wGuO9gJfptnevZpavj3kEexhc9nrTMtejNfbYZTEvejn63CXJToAhUAgEtK
-P4qNIE/UcQ5UamvodeHAP5U=
+TDv+z0kqAoGAd0xuuUUSAXsXaQ/dp9ThBTVzdVhGk6VAcWb403uMXUyXKsnCIAST
+m6bVWKjNxO1EsP3Slyd5CwbqIRUBK5NjzdQP/hHGtEIbqtYKY1VZI7T91Lk8/Dc/
+p9Vgh27bPR8Yq8wPKU3EIJzYi0Nw8AxZf10yK+5tQ6pPUa3dH6lXt5oCFF1LyfuB
+qBYh7hyIsfkb+cZoQ57t
 -----END DSA PRIVATE KEY-----

x-pack/plugin/core/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/dsa_key_pkcs8_plain.pem

@@ -1,9 +1,9 @@
 -----BEGIN PRIVATE KEY-----
-MIIBTAIBADCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdS
+MIIBSwIBADCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdS
 PO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVCl
 pJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith
 1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUCgYEA9+GghdabPd7L
 vKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3
 zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImo
-g9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoEFwIVAIBLSj+KjSBP1HEOVGpr6HXhwD+V
+g9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoEFgIUXUvJ+4GoFiHuHIix+Rv5xmhDnu0=
 -----END PRIVATE KEY-----

x-pack/plugin/core/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/ec_key_openssl_encrypted.pem

@@ -1,7 +1,7 @@
 -----BEGIN EC PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
-DEK-Info: AES-128-CBC,567E762B3A8E50580840B6EA13E75693
+DEK-Info: AES-128-CBC,692E4272CB077E56A0D4772B323EFB14
 
-6ZgeotCi4v3IVdalZkVYCRQw5jnCzJJnM1D+6gUZU3F3gSqayJECwsekk8YFVUg4
-+FI+9ilvB9PAfgGaAB9Jgg==
+BXvDiK0ulUFKw1fDq5TMVb9gAXCeWCGUGOg/+A65aaxd1zU+aR2dxhCGXjsiLzRn
+YFSZR2J/L7YP1qvWC7f0NQ==
 -----END EC PRIVATE KEY-----

x-pack/plugin/core/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/ec_key_openssl_plain.pem

@@ -1,4 +1,4 @@
 -----BEGIN EC PRIVATE KEY-----
-MDECAQEEIEpAaLjV5aiQ8SHYOPEsf359Uuzk/rmdzT7PfEck635qoAoGCCqGSM49
+MDECAQEEILEXCgqp9wZqKVmG6HTESPeCyx2O4TDoFqyILz7OGocEoAoGCCqGSM49
 AwEH
 -----END EC PRIVATE KEY-----

x-pack/plugin/core/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/ec_key_openssl_plain_with_params.pem

@@ -2,6 +2,6 @@
 Notvalidbutnotparsed
 -----END EC PARAMETERS-----
 -----BEGIN EC PRIVATE KEY-----
-MDECAQEEIEpAaLjV5aiQ8SHYOPEsf359Uuzk/rmdzT7PfEck635qoAoGCCqGSM49
+MDECAQEEILEXCgqp9wZqKVmG6HTESPeCyx2O4TDoFqyILz7OGocEoAoGCCqGSM49
 AwEH
 -----END EC PRIVATE KEY-----

x-pack/plugin/core/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/ec_key_pkcs8_plain.pem

@@ -1,4 +1,4 @@
 -----BEGIN PRIVATE KEY-----
-MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCBKQGi41eWokPEh2Djx
-LH9+fVLs5P65nc0+z3xHJOt+ag==
+MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCCxFwoKqfcGailZhuh0
+xEj3gssdjuEw6BasiC8+zhqHBA==
 -----END PRIVATE KEY-----

x-pack/plugin/core/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode_ec.crt

@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB7zCCAZOgAwIBAgIEcmggOzAMBggqhkjOPQQDAgUAMCIxIDAeBgNVBAMTF0Vs
+YXN0aWNzZWFyY2ggVGVzdCBOb2RlMB4XDTE4MDUxNzA5MzYxMFoXDTQ1MTAwMjA5
+MzYxMFowIjEgMB4GA1UEAxMXRWxhc3RpY3NlYXJjaCBUZXN0IE5vZGUwWTATBgcq
+hkjOPQIBBggqhkjOPQMBBwNCAATuZRlXGn/ROcO7yFJJ50b20YvgV3U+FpRx0nx/
+yigWj6xiEMKnWbbUnM0mKF8c3GHGk5g8OXPnbK96uj6tpMB5o4G0MIGxMB0GA1Ud
+DgQWBBRNAGO77mUhG6SQvIXQTbpcFwlf2TCBjwYDVR0RBIGHMIGEgglsb2NhbGhv
+c3SCFWxvY2FsaG9zdC5sb2NhbGRvbWFpboIKbG9jYWxob3N0NIIXbG9jYWxob3N0
+NC5sb2NhbGRvbWFpbjSCCmxvY2FsaG9zdDaCF2xvY2FsaG9zdDYubG9jYWxkb21h
+aW42hwR/AAABhxAAAAAAAAAAAAAAAAAAAAABMAwGCCqGSM49BAMCBQADSAAwRQIg
+Z3IvdmY5LFdbxoVSs6pV2tJ5+U833Chu0+ZzPo77IVUCIQDRx1FVitVuzBpqwhSW
++Zprt2RLPllC4s4BCApGDh8i1g==
+-----END CERTIFICATE-----