mongodb · blink1073 · Jun 4, 2026 · Jun 4, 2026 · Jun 4, 2026 · Jun 4, 2026
@@ -74,8 +74,8 @@ EOT
 
 # Write the .env file for drivers-tools.
 rm -rf $DRIVERS_TOOLS
-BRANCH=master
-ORG=mongodb-labs
+BRANCH=allow-cert-folder-override
+ORG=blink1073
 git clone --branch $BRANCH https://github.com/$ORG/drivers-evergreen-tools.git $DRIVERS_TOOLS
 
 cat <<EOT > ${DRIVERS_TOOLS}/.env

@@ -341,10 +341,8 @@ def handle_test_env() -> None:
         run_command(cmd, cwd=DRIVERS_TOOLS)
 
     if SSL != "nossl":
-        if not DRIVERS_TOOLS:
-            raise RuntimeError("Missing DRIVERS_TOOLS")
-        write_env("CLIENT_PEM", f"{DRIVERS_TOOLS}/.evergreen/x509gen/client.pem")
-        write_env("CA_PEM", f"{DRIVERS_TOOLS}/.evergreen/x509gen/ca.pem")
+        write_env("CLIENT_PEM", ROOT / "test/certificates/client.pem")
+        write_env("CA_PEM", ROOT / "test/certificates/ca.pem")
 
     compressors = os.environ.get("COMPRESSORS") or opts.compressor
     if compressors == "snappy":
@@ -382,6 +380,20 @@ def handle_test_env() -> None:
         if not DRIVERS_TOOLS:
             raise RuntimeError("Missing DRIVERS_TOOLS")
         csfle_dir = Path(f"{DRIVERS_TOOLS}/.evergreen/csfle")
+
+        # Set CSFLE TLS cert paths to our AKI-enabled test/certificates/ before
+        # setup-secrets.sh runs. setup-secrets.sh uses ${VAR:-default} so
+        # pre-setting these vars causes them to flow into secrets-export.sh via
+        # csfle/setup_secrets.py (which reads os.environ for these keys).
+        # load_config_from_file then persists all vars from that file for the
+        # test runner, so no separate write_env calls are needed.
+        certs = ROOT / "test/certificates"
+        os.environ["CSFLE_TLS_CA_FILE"] = str(certs / "ca.pem")
+        os.environ["CSFLE_TLS_CERT_FILE"] = str(certs / "server.pem")
+        os.environ["CSFLE_TLS_CLIENT_CERT_FILE"] = str(certs / "client.pem")
+        os.environ["CSFLE_TLS_WRONG_HOST_FILE"] = str(certs / "wrong-host.pem")
+        os.environ["CSFLE_TLS_EXPIRED_FILE"] = str(certs / "expired.pem")
+
         run_command(f"bash {csfle_dir.as_posix()}/setup-secrets.sh", cwd=csfle_dir)
         load_config_from_file(csfle_dir / "secrets-export.sh")
         run_command(f"bash {csfle_dir.as_posix()}/start-servers.sh")

@@ -219,12 +219,16 @@ jobs:
       - id: setup-mongodb
         uses: mongodb-labs/drivers-evergreen-tools@master
       - name: Run tests
-        run:  |
+        run: |
           just integration-tests
       - id: setup-mongodb-ssl
         uses: mongodb-labs/drivers-evergreen-tools@master
         with:
           ssl: true
+        env:
+          TLS_PEM_KEY_FILE: ${{ github.workspace }}/test/certificates/server.pem
+          TLS_CA_FILE: ${{ github.workspace }}/test/certificates/ca.pem
+          TLS_CERT_KEY_FILE: ${{ github.workspace }}/test/certificates/client.pem
       - name: Run tests
         run: |
           just integration-tests

@@ -250,6 +250,16 @@ client = MongoClient(
 If you want to use the actual certificate file then set `tlsCertificateKeyFile` to the local path
 to `<repo_roo>/test/certificates/client.pem` and `tlsCAFile` to the local path to `<repo_roo>/test/certificates/ca.pem`.
 
+#### Regenerating test certificates
+
+If the test certificates in `test/certificates/` need to be regenerated (e.g. after expiry or to add missing extensions), run:
+
+```bash
+cd test/certificates && bash gen-certs.sh
+```
+
+See `test/certificates/README.md` for full details and constraints on certificate subjects/SANs that must be preserved.
+
 ### Encryption tests
 
 - Run `just run-server` to start the server.

@@ -3047,8 +3047,6 @@ async def http_post(self, path, data=None):
         # each request because the server is single threaded.
         ctx = ssl.create_default_context(cafile=CA_PEM)
         ctx.load_cert_chain(CLIENT_PEM)
-        ctx.check_hostname = False
-        ctx.verify_mode = ssl.CERT_NONE
         conn = http.client.HTTPSConnection("127.0.0.1:9003", context=ctx)
         try:
             if data is not None:

@@ -0,0 +1,40 @@
+# Test TLS Certificates
+
+These certificates are used by the PyMongo test suite for TLS/SSL integration tests.
+
+## Regenerating certificates
+
+Run the generation script from this directory:
+
+```bash
+bash gen-certs.sh
+```
+
+**Prerequisites:** OpenSSL 1.1+ or LibreSSL 3+
+
+## Certificate details
+
+| File | Subject | Signed by | Purpose |
+|---|---|---|---|
+| `ca.pem` | `CN=Drivers Testing CA, ...` | Self (CA) | Root CA for test certs |
+| `server.pem` | `CN=localhost, ...` + SAN | Drivers Testing CA | MongoDB server cert (key + cert) |
+| `client.pem` | `CN=client, O=MDB, ...` | Drivers Testing CA | Client auth cert (key + cert) |
+| `password_protected.pem` | Same as client | Drivers Testing CA | Client cert with AES-256 encrypted key |
+| `crl.pem` | — | Drivers Testing CA | Empty Certificate Revocation List |
+| `trusted-ca.pem` | `CN=Trusted Kernel Test CA, OU=Kernel, ...` | Self (CA) | Separate CA for bundle tests |
+
+**Password** for `password_protected.pem`: `qwerty`
+
+## Important constraints
+
+The following values are hardcoded in tests and **must not change**:
+
+- Client cert subject: `C=US,ST=New York,L=New York City,O=MDB,OU=Drivers,CN=client`
+  (used as the MongoDB X.509 username in `test/test_ssl.py`)
+- Server cert SAN: `DNS:localhost, IP:127.0.0.1, IP:::1`
+- The `server` hostname alias for `127.0.0.1` must be present in `/etc/hosts` for SSL tests to pass
+  (added automatically by `.evergreen/scripts/setup-system.sh`)
+
+## Background
+
+Certificates were regenerated to add the **Authority Key Identifier (AKI)** extension, which Python 3.13 requires for TLS certificate chain validation (PYTHON-5040). Prior to regeneration, certs were missing AKI, causing `ssl.SSLCertVerificationError: Missing Authority Key Identifier` on macOS and Windows with Python 3.13.
@@ -1,21 +1,23 @@
 -----BEGIN CERTIFICATE-----
-MIIDfzCCAmegAwIBAgIDB1MGMA0GCSqGSIb3DQEBCwUAMHkxGzAZBgNVBAMTEkRy
-aXZlcnMgVGVzdGluZyBDQTEQMA4GA1UECxMHRHJpdmVyczEQMA4GA1UEChMHTW9u
-Z29EQjEWMBQGA1UEBxMNTmV3IFlvcmsgQ2l0eTERMA8GA1UECBMITmV3IFlvcmsx
-CzAJBgNVBAYTAlVTMB4XDTE5MDUyMjIwMjMxMVoXDTM5MDUyMjIwMjMxMVoweTEb
-MBkGA1UEAxMSRHJpdmVycyBUZXN0aW5nIENBMRAwDgYDVQQLEwdEcml2ZXJzMRAw
-DgYDVQQKEwdNb25nb0RCMRYwFAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQI
-EwhOZXcgWW9yazELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQCl7VN+WsQfHlwapcOpTLZVoeMAl1LTbWTFuXSAavIyy0W1Ytky1UP/
-bxCSW0mSWwCgqoJ5aXbAvrNRp6ArWu3LsTQIEcD3pEdrFIVQhYzWUs9fXqPyI9k+
-QNNQ+MRFKeGteTPYwF2eVEtPzUHU5ws3+OKp1m6MCLkwAG3RBFUAfddUnLvGoZiT
-pd8/eNabhgHvdrCw+tYFCWvSjz7SluEVievpQehrSEPKe8DxJq/IM3tSl3tdylzT
-zeiKNO7c7LuQrgjAfrZl7n2SriHIlNmqiDR/kdd8+TxBuxjFlcf2WyHCO3lIcIgH
-KXTlhUCg50KfHaxHu05Qw0x8869yIzqbAgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8w
-DQYJKoZIhvcNAQELBQADggEBAEHuhTL8KQZcKCTSJbYA9MgZj7U32arMGBbc1hiq
-VBREwvdVz4+9tIyWMzN9R/YCKmUTnCq8z3wTlC8kBtxYn/l4Tj8nJYcgLJjQ0Fwe
-gT564CmvkUat8uXPz6olOCdwkMpJ9Sj62i0mpgXJdBfxKQ6TZ9yGz6m3jannjZpN
-LchB7xSAEWtqUgvNusq0dApJsf4n7jZ+oBZVaQw2+tzaMfaLqHgMwcu1FzA8UKCD
-sxCgIsZUs8DdxaD418Ot6nPfheOTqe24n+TTa+Z6O0W0QtnofJBx7tmAo1aEc57i
-77s89pfwIJetpIlhzNSMKurCAocFCJMJLAASJFuu6dyDvPo=
+MIIDwjCCAqqgAwIBAgIUG4yLbLc0MS98Rr9VPU52i4oeEcMwDQYJKoZIhvcNAQEL
+BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O
+ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz
+MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDE0MzE4WhcN
+NDYwNTMxMDE0MzE4WjB5MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx
+FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV
+BAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMgVGVzdGluZyBDQTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMUpxRwvIP/vSWHitv/vN/T2k3zZO3+I
+7j6fxLyQ3kqT9c3VZOCOV3yf9ESfEJpoKiOrUsWE7U/dBDT2gcBsYFuaRc9kzOzV
+1XDIdfAhNMeSb9OHxW5gKN+bIiMOlEwzGsfty1hhmpAkZycfTkCvbQ/uyEtRApfC
+QnvFYtn/gZ/1jXOa94Zz9uxDVwzBsCQlHf1WpD6h/Uk+QJWTj11osm6nGCFDkugd
+BHF7iqcb05IFchM2u3MJQ9GcqHf+HIn/JuPbPP5/Y9kuFomHsabvqIq3Nj3iLUWx
+emprLjwpchELbB4VfgOTX9dShQKPQaDZsZI/tsMtRe77AEMubDCsbeMCAwEAAaNC
+MEAwHQYDVR0OBBYEFAedCCKz7kaIvK9mkpHLdhyfGtFyMA8GA1UdEwEB/wQFMAMB
+Af8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4IBAQCjoRcYDpno/ja9
+jnRtJYBpqnKPv9L2cjChqMxQzfOqmD3aGW3mvn9tyqZ4gDpGrFuwojL7R2syALwX
+OtII89+elyMuod/POley5nFBfko6UN6Ot3Anbk3d8YC7BeSJYlpOYJOjb5Cqk2ld
+O8sUm2YxT64LdRQZbf0y068UgJiEhBUdY2gYrfj8DAjn+8TMOwXmXqJIzIdl+yX6
+jz8VL5RX++i79HE/PfqKR7uAgA19/KWcUUpT5dEJcFAH5uV+zP39ihlRCAYbEa/d
+lI/p/Q4KfpdGSsNvrBK+0abYkH7JLsO6fXDhag8+es45LQPT6yCucXznq5tvl+QT
+Z4yZLc0w
 -----END CERTIFICATE-----
@@ -1,48 +1,51 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAsNS8UEuin7/K29jXfIOLpIoh1jEyWVqxiie2Onx7uJJKcoKo
-khA3XeUnVN0k6X5MwYWcN52xcns7LYtyt06nRpTG2/emoV44w9uKTuHsvUbiOwSV
-m/ToKQQ4FUFZoqorXH+ZmJuIpJNfoW+3CkE1vEDCIecIq6BNg5ySsPtvSuSJHGjp
-mc7/5ZUDvFE2aJ8QbJU3Ws0HXiEb6ymi048LlzEL2VKX3w6mqqh+7dcZGAy7qYk2
-5FZ9ktKvCeQau7mTyU1hsPrKFiKtMN8Q2ZAItX13asw5/IeSTq2LgLFHlbj5Kpq4
-GmLdNCshzH5X7Ew3IYM8EHmsX8dmD6mhv7vpVwIDAQABAoIBABOdpb4qhcG+3twA
-c/cGCKmaASLnljQ/UU6IFTjrsjXJVKTbRaPeVKX/05sgZQXZ0t3s2mV5AsQ2U1w8
-Cd+3w+qaemzQThW8hAOGCROzEDX29QWi/o2sX0ydgTMqaq0Wv3SlWv6I0mGfT45y
-/BURIsrdTCvCmz2erLqa1dL4MWJXRFjT9UTs5twlecIOM2IHKoGGagFhymRK4kDe
-wTRC9fpfoAgyfus3pCO/wi/F8yKGPDEwY+zgkhrJQ+kSeki7oKdGD1H540vB8gRt
-EIqssE0Y6rEYf97WssQlxJgvoJBDSftOijS6mwvoasDUwfFqyyPiirawXWWhHXkc
-DjIi/XECgYEA5xfjilw9YyM2UGQNESbNNunPcj7gDZbN347xJwmYmi9AUdPLt9xN
-3XaMqqR22k1DUOxC/5hH0uiXir7mDfqmC+XS/ic/VOsa3CDWejkEnyGLiwSHY502
-wD/xWgHwUiGVAG9HY64vnDGm6L3KGXA2oqxanL4V0+0+Ht49pZ16i8sCgYEAw+Ox
-CHGtpkzjCP/z8xr+1VTSdpc/4CP2HONnYopcn48KfQnf7Nale69/1kZpypJlvQSG
-eeA3jMGigNJEkb8/kaVoRLCisXcwLc0XIfCTeiK6FS0Ka30D/84Qm8UsHxRdpGkM
-kYITAa2r64tgRL8as4/ukeXBKE+oOhX43LeEfyUCgYBkf7IX2Ndlhsm3GlvIarxy
-NipeP9PGdR/hKlPbq0OvQf9R1q7QrcE7H7Q6/b0mYNV2mtjkOQB7S2WkFDMOP0P5
-BqDEoKLdNkV/F9TOYH+PCNKbyYNrodJOt0Ap6Y/u1+Xpw3sjcXwJDFrO+sKqX2+T
-PStG4S+y84jBedsLbDoAEwKBgQCTz7/KC11o2yOFqv09N+WKvBKDgeWlD/2qFr3w
-UU9K5viXGVhqshz0k5z25vL09Drowf1nAZVpFMO2SPOMtq8VC6b+Dfr1xmYIaXVH
-Gu1tf77CM9Zk/VSDNc66e7GrUgbHBK2DLo+A+Ld9aRIfTcSsMbNnS+LQtCrQibvb
-cG7+MQKBgQCY11oMT2dUekoZEyW4no7W5D74lR8ztMjp/fWWTDo/AZGPBY6cZoZF
-IICrzYtDT/5BzB0Jh1f4O9ZQkm5+OvlFbmoZoSbMzHL3oJCBOY5K0/kdGXL46WWh
-IRJSYakNU6VIS7SjDpKgm9D8befQqZeoSggSjIIULIiAtYgS80vmGA==
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIEugIBADANBgkqhkiG9w0BAQEFAASCBKQwggSgAgEAAoIBAQC4AKy3yN1ylUiC
+rP8wqfYzO7c+l+lL9V8Itz05uzHDOnxFVVeVs0Xfvzb7Sc/xepnBlCIRDP5ucmyi
+CQw2paK+Sqdk4dteBj5pBXpx5KC8oi6vIrU16gB46f1fpTVMpU6AxMbMOy0i8mtJ
+SAH+YgBcyGjpix2I2PQUNSp2tAt9DJlxzmRcclJkkkyHZPMZPkCH0R3Fw6MIGwgm
+h14eQhqxvUxcnXDKVt0y0e6uVU6dF7bqyAivzxIU3qFmxxWCsFSANppU0P6TBkIx
+ysUgdV/rYkBVxIEi+NZomeGjR3/iKVkpo6yerQoaROWIWnJLLY5BzJc9oG5xnoAg
+1qJM1EDRAgMBAAECgf9JSFDXDDN7jzkcfQn7DQtLxwdpm9cECZWamGAqE1lJB+IL
+5bwcQxTGfWwdvigIuhYX+DIZLbOntAAlXgp0jpi3xm56H080WLLtNjauEFXJdaO3
+h3s5yG39D4l6A7JWnv/FCUSj0m2ySBpdSpsrVUdlAexxbJaMCjGBBYEEBcZi5r95
+e8K/F78rZXuHJbHfOx+xhKwyIalM8wyp63v6KLBscDy+DaAunOJij8NCpEwENohU
+R15jAr60liAOnqJpvUctjjiUdjztbh3v9pQaOrsQ1wgGUL86P7rWV6TgXDe/LWel
+6MNLJ/N6Mwmy86Qjoz4mlnaY4LYBUWdAzqd/zKkCgYEA3KvY7Kd4tTs/iElMGk0v
+k+l4rONn/GjabyOkkZlc7TulM+7DDKvd/V+ms8c2E1TpW6c2Fn7gaBuC+Wfw23T/
+kXF3T0jFNLI4zOHjE33yT9fqg+0m1iAPVgn4e0eQ+xeB0fr3ILl7hbQY9n3fAM6y
+DjfrWDhbDr4x4gBy6C4J70kCgYEA1XX5D8Roa9sGA4RjZz0FlUT1fq3pxEt9O+5a
+bId3BAjd1nv6vD6Dln5AGLizv/VnQA/W6lj9ZfPsPrQMQHUpHaeyrcewmbfJ5PVQ
+YGQea7ZjuCU1T0IcjrHvLYZIHqAGPrOxDzRiLYuPmKwkl9yokqs1LWYgt1nMd93z
+mYwF3UkCgYBhXESqLT2ZoFlolQZJuHJcbS78AJ1ZhR2S2YP7ZVHVrXI3FoniJlYc
+Oz5+pU8bemQ3NvArPrFd3X2M8qoW+Wjkz84XIgE4PcXHx4X7jJ8DUT08Fb8DzENX
+77A9HBdAYV+6uGKegpeYJxy4bFKetZNjqJJiawLp30p87zvDasShWQKBgA7+5qxQ
+4/UPwfBlUIZkJwxBd+2aUh3UH8wiBoAxVA8YgF0dAJRQ3/WmkOIrt5T4rHQ3qKV1
+8vdCl4ogI+wzTtwid871hFaILsrC4Q6kee6fNYouMvyKbG8p2N+d21srasTk4r9q
+sqr4bvIOxdNVURJcrLOvxQScblzNXtuelprhAoGAf51AFgJR+K13Y329T3Lex5ee
+qvjMMuJIKMTddj0In7TeL5MqUBtMNjvmXQ/mJ2kAyAl7yod6xjAqmTSNc3Nju6qB
+/9n2u8NBH9CRdxq7m6mJIbfvAMlqPw32B5jG/dP65eFacsjamTNjWcDy0coZOcQ3
+OfeAwH0y5PwSCsVtmLs=
+-----END PRIVATE KEY-----
 -----BEGIN CERTIFICATE-----
-MIIDgzCCAmugAwIBAgIDAxOUMA0GCSqGSIb3DQEBCwUAMHkxGzAZBgNVBAMTEkRy
-aXZlcnMgVGVzdGluZyBDQTEQMA4GA1UECxMHRHJpdmVyczEQMA4GA1UEChMHTW9u
-Z29EQjEWMBQGA1UEBxMNTmV3IFlvcmsgQ2l0eTERMA8GA1UECBMITmV3IFlvcmsx
-CzAJBgNVBAYTAlVTMB4XDTE5MDUyMjIzNTU1NFoXDTM5MDUyMjIzNTU1NFowaTEP
-MA0GA1UEAxMGY2xpZW50MRAwDgYDVQQLEwdEcml2ZXJzMQwwCgYDVQQKEwNNREIx
-FjAUBgNVBAcTDU5ldyBZb3JrIENpdHkxETAPBgNVBAgTCE5ldyBZb3JrMQswCQYD
-VQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALDUvFBLop+/
-ytvY13yDi6SKIdYxMllasYontjp8e7iSSnKCqJIQN13lJ1TdJOl+TMGFnDedsXJ7
-Oy2LcrdOp0aUxtv3pqFeOMPbik7h7L1G4jsElZv06CkEOBVBWaKqK1x/mZibiKST
-X6FvtwpBNbxAwiHnCKugTYOckrD7b0rkiRxo6ZnO/+WVA7xRNmifEGyVN1rNB14h
-G+spotOPC5cxC9lSl98Opqqofu3XGRgMu6mJNuRWfZLSrwnkGru5k8lNYbD6yhYi
-rTDfENmQCLV9d2rMOfyHkk6ti4CxR5W4+SqauBpi3TQrIcx+V+xMNyGDPBB5rF/H
-Zg+pob+76VcCAwEAAaMkMCIwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUF
-BwMCMA0GCSqGSIb3DQEBCwUAA4IBAQAqRcLAGvYMaGYOV4HJTzNotT2qE0I9THNQ
-wOV1fBg69x6SrUQTQLjJEptpOA288Wue6Jt3H+p5qAGV5GbXjzN/yjCoItggSKxG
-Xg7279nz6/C5faoIKRjpS9R+MsJGlttP9nUzdSxrHvvqm62OuSVFjjETxD39DupE
-YPFQoHOxdFTtBQlc/zIKxVdd20rs1xJeeU2/L7jtRBSPuR/Sk8zot7G2/dQHX49y
-kHrq8qz12kj1T6XDXf8KZawFywXaz0/Ur+fUYKmkVk1T0JZaNtF4sKqDeNE4zcns
-p3xLVDSl1Q5Gwj7bgph9o4Hxs9izPwiqjmNaSjPimGYZ399zcurY
+MIID1DCCArygAwIBAgIUAYDeF//Jvzjf1eM+TBMe+oo6hhswDQYJKoZIhvcNAQEL
+BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O
+ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz
+MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDE0MzE4WhcN
+NDYwNTMxMDE0MzE4WjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl
+cnMxDDAKBgNVBAoMA01EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UE
+CAwITmV3IFlvcmsxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAuACst8jdcpVIgqz/MKn2Mzu3PpfpS/VfCLc9Obsxwzp8RVVXlbNF
+3782+0nP8XqZwZQiEQz+bnJsogkMNqWivkqnZOHbXgY+aQV6ceSgvKIuryK1NeoA
+eOn9X6U1TKVOgMTGzDstIvJrSUgB/mIAXMho6YsdiNj0FDUqdrQLfQyZcc5kXHJS
+ZJJMh2TzGT5Ah9EdxcOjCBsIJodeHkIasb1MXJ1wylbdMtHurlVOnRe26sgIr88S
+FN6hZscVgrBUgDaaVND+kwZCMcrFIHVf62JAVcSBIvjWaJnho0d/4ilZKaOsnq0K
+GkTliFpySy2OQcyXPaBucZ6AINaiTNRA0QIDAQABo2QwYjAdBgNVHQ4EFgQUPQii
+N1XUM2emxoJgNj8ry0yxRh4wHwYDVR0jBBgwFoAUB50IIrPuRoi8r2aSkct2HJ8a
+0XIwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB
+CwUAA4IBAQBIcLppLz1x+xEqvIWuopnRNqejMOxBqoHgoJs4p8EAmgi0HYZZq3NA
+EnIMWE6AUIDbeI1bM64oKY17dQrNKF0okoNUNXW66vfsHLiKhnXsAxanlCeHLYIZ
+cKS0/npzpFhKPd2GZM2jPXDNM2u9RAyoi+da5/NcWEoH6QEeAoll5/7dGABS2EM/
+tnKf74sjVQuYwPcWP0S4d5PIkb1t9PwCaKQ0wwZ6WM8lmtiiWOVNpgAjszBrvR5F
+52xHHyoTkoXJRd/xV+xD2QPxPX12haVSeQNwAeW6vg4U0oSAECC3WIS/TfnkP1zS
+cbmduwH5VCdKRaJXcKXP+YuK8XQfV3IA
 -----END CERTIFICATE-----
@@ -1,13 +1,13 @@
 -----BEGIN X509 CRL-----
-MIIB6jCB0wIBATANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDExJEcml2ZXJzIFRl
-c3RpbmcgQ0ExEDAOBgNVBAsTB0RyaXZlcnMxEDAOBgNVBAoTB01vbmdvREIxFjAU
-BgNVBAcTDU5ldyBZb3JrIENpdHkxETAPBgNVBAgTCE5ldyBZb3JrMQswCQYDVQQG
-EwJVUxcNMTkwNTIyMjI0NTUzWhcNMTkwNjIxMjI0NTUzWjAVMBMCAncVFw0xOTA1
-MjIyMjQ1MzJaoA8wDTALBgNVHRQEBAICEAAwDQYJKoZIhvcNAQELBQADggEBACwQ
-W9OF6ExJSzzYbpCRroznkfdLG7ghNSxIpBQUGtcnYbkP4em6TdtAj5K3yBjcKn4a
-hnUoa5EJGr2Xgg0QascV/1GuWEJC9rsYYB9boVi95l1CrkS0pseaunM086iItZ4a
-hRVza8qEMBc3rdsracA7hElYMKdFTRLpIGciJehXzv40yT5XFBHGy/HIT0CD50O7
-BDOHzA+rCFCvxX8UY9myDfb1r1zUW7Gzjn241VT7bcIJmhFE9oV0popzDyqr6GvP
-qB2t5VmFpbnSwkuc4ie8Jizip1P8Hg73lut3oVAHACFGPpfaNIAp4GcSH61zJmff
-9UBe3CJ1INwqyiuqGeA=
+MIIB6DCB0QIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzERMA8GA1UE
+CAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01v
+bmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMgVGVzdGlu
+ZyBDQRcNMjYwNjA1MDE0MzE4WhcNNDYwNTMxMDE0MzE4WjAUMBICAQEXDTI2MDYw
+NTAxNDMxOFqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQBh3+5E
+QMyGj5BWnN7hC4/ZNj5Q0Rfm0qIZrKQJ2EsiRo/lT33/QGv1oHdd/i7QOWee3UaA
+uow1hxHhhUw1gwL6RZz2HmxxxvsecoYIImNq4e+D3Na6B19earihYiZs6JXOi0n0
+2fMxvKd0GqhNyva5nZSNguoL2Bx6nMt2HH0jjKbJYLhfW21aazXjqLBbvXyJ6NMg
+Mnoh7/23fqnjtow2lGcICq5N5lH0wvNb62xyqr4viaYy0Heox/yr0DxxAZ9ipXYp
+3Ru/T2bnfu0gt+pcbdHq4u+FXtaila08P4pAMHKaXFGpxlv6S2lTuKKMgIV/yKtR
+Em4RerccVwXzeI6T
 -----END X509 CRL-----
@@ -0,0 +1,51 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCUqmrhMtP8RnGs
+9TcWYFHSdLjdjezTmCNCVNIPnTky9oX7O6MwCahwaXJRNmGSvED2DK1q44QbSNRX
+WMBtTFhckmx2aRCGVfaRFHHaUx58+DWTDQyc3YHQgIw+wo8endBlcSaCiyF6A7Xd
+oir8IGTL90703GwS8pqM+urY4QcgrRrVfoGWgEdzLUSlqk1hC+jFwh0++Ob7EzX3
+I4WfUtLhRRevhS/V08PT1Q4n3kxUt3phFPFD5sb4dIUAZLbNmQ1oO8nnIjpQwhMC
+WlAwhWVNYf8H9zkwW7ZPLT3hSeqgrUN1/l0wT1w5AaVElnrDsai2j/3DQdfW18qK
+59Y+/y+/AgMBAAECggEAHSCwtTPYvfZtYlZfNzajAWmWKO6cRq7pxZ7J035aDSap
+BJrgM9LImlHGsKvHfVD+J1c/iRBPu2rPE9gTR7bsHyMfNioKr09bcnx/fCfJ8vFM
+yeWGIZvyyc/N6qQDF5wTDzUWtwAcjIP6l5Sk+GY+aYoogahIUoQPDO1Co0CfvWJw
+wpAlaAIvEO1RgaEQVEq3YgbCIpmDEjgwQllVqQ+QBkXUDsw+aYFaktcYkz+LPp6M
+MtPhe4DLRABeqDsFtLbi8L07rDdByZNDCa3GFLZOy71YrHHzqENAzvy/6HN+SYn9
+elrWc+qvuSRP/z1JBa8P2Bf5TLCKgSm5amRMFm4brQKBgQDJJF1PA5jmPKiG0ftD
+ASn5375OGnTw3SkDFEWJKbEVu2TUa6eZhqUQzRz0j9qNDnpaVVa+88c/tJl1lymV
+RG+EsPsoKzHEQJ5FYg+SJz/IR5XMqO9D9Yd+vGRBY9nqO7Q5lbyQqdBiHrQIzKS8
+VRCobA8MZSyGUifnJPNS6JXfqwKBgQC9Ni46GNF8za664JTfyD3PGq92edzMAWZd
+x5yLBUC+eh9WKawjr98FFS4UEH22Hrznjp4FqqQnQ04DaDNd6Peeb0G9co2LSguv
+8PXiuG4QshmA/yHLTFXbAGCPDV/CF0XqPTyMpHVax8Du/ITpucykenm83s8lhf+T
+FwzvqQasPQKBgAQmQ+aFZHobdj6RxmUzePI2s25ZDWCKr3XozSZvPb/9Ba98KRD5
+vh4CnT5OWWvfiJakfA2kac/eoevTGoCB0Osj24qQmY465wj3ZOrW9HHlSCnYslbs
+kccDi+3taWlzodwuQp2ZYzsi9wPXdO6NsrJGyGixDaIXv8r88CgdtDnRAoGAVSG+
+lNc70kp89oo7kaB35uobzlOwO33ZwBIi5g37/nfWB5+CWyAzWQcZj1+IIFweJJVv
+lh8b8qp+vFuy2OsMFpX6XzHea7BqJ8Rj7ZmLtCld/kNMwjrbWkkGKPccgaiVBXp9
+9s28G5dKwHyPlNXLNKoCgi9BxqFOx7CUWnSTkwUCgYB2a+06EPZi290XgnnN2akt
+/GI2xdnY2GDF4AyZuslffdm2MV8Gl8d0xUi5zkps7oEoqJUFg88FUxnnVxTAycLP
+gJBSquCgzYaTlg7UrrYEUu27w+VV84zUzf9qnAy+YcqQcyROoDugP5AEhGoXLqke
+DwKg2EIYHmc/qhVQXCKvuA==
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIID5zCCAs+gAwIBAgIUAYDeF//Jvzjf1eM+TBMe+oo6hh0wDQYJKoZIhvcNAQEL
+BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O
+ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz
+MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMDAwMTAxMDAwMDAwWhcN
+MDEwMTAxMDAwMDAwWjBwMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx
+FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV
+BAsMB0RyaXZlcnMxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAJSqauEy0/xGcaz1NxZgUdJ0uN2N7NOYI0JU0g+dOTL2
+hfs7ozAJqHBpclE2YZK8QPYMrWrjhBtI1FdYwG1MWFySbHZpEIZV9pEUcdpTHnz4
+NZMNDJzdgdCAjD7Cjx6d0GVxJoKLIXoDtd2iKvwgZMv3TvTcbBLymoz66tjhByCt
+GtV+gZaAR3MtRKWqTWEL6MXCHT745vsTNfcjhZ9S0uFFF6+FL9XTw9PVDifeTFS3
+emEU8UPmxvh0hQBkts2ZDWg7yeciOlDCEwJaUDCFZU1h/wf3OTBbtk8tPeFJ6qCt
+Q3X+XTBPXDkBpUSWesOxqLaP/cNB19bXyorn1j7/L78CAwEAAaNwMG4wHQYDVR0O
+BBYEFLwmWBzr5HQiC9AMIH8MaBKiVhPGMB8GA1UdIwQYMBaAFAedCCKz7kaIvK9m
+kpHLdhyfGtFyMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcEfwAAAYcQAAAAAAAAAAAA
+AAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEAvAHnUpmT11dC3y6sEUyg5EqSQSD9
+dpOEIVnQ8kLyLAEhxu2LNyJFM0s+luhe4m/5OINlyOKizjGAA0MXjShNFfLioIlf
+Gg1gPeTvGXJofIrHPF5EnVLcGGx3bjn3E5d5MEX2V6swA5jxcoiJpfIJACfZfY3M
+n13NNIXKXtsoXE8G9HuW2TkINnyJCHJPT6aD7uuA+UElvGMQm1XEZiE69VZbWGgx
+lCsR5Y8M9PaXJaO+WGubr4P08LAa+ZA/zFbJyY5ThXr15GkatW6kQvBo1g6zOdGp
+inJ+VxAgjOMSlmES3IgypKvliTp1rSRU0j+xwGQNZ2j46ju+oqfV1bQ8wQ==
+-----END CERTIFICATE-----