Opennet CA: Unterschied zwischen den Versionen
(alte Teammitglieder aufgeräumt) |
(→Gültige CAs: Opennet CA 2022) |
||
Zeile 36: | Zeile 36: | ||
* Opennet CA Webinterface: https://ca.opennet-initiative.de/ | * Opennet CA Webinterface: https://ca.opennet-initiative.de/ | ||
− | * Opennet Root CA ''opennet-root.ca.on'', Laufzeit | + | * Opennet Root CA ''opennet-root.ca.on'', Laufzeit 15 Jahre, 4096 bit RSA Key, SHA-512 Signatur, Self Signed, CRL Laufzeit 30 Tage |
** Opennet VPN UGW CA ''opennet-vpn-ugw.ca.on'', Laufzeit 10 Jahre, 2048 bit RSA Key, SHA-256 Signatur, Signatur Opennet Root CA, CRL Laufzeit 30 Tage | ** Opennet VPN UGW CA ''opennet-vpn-ugw.ca.on'', Laufzeit 10 Jahre, 2048 bit RSA Key, SHA-256 Signatur, Signatur Opennet Root CA, CRL Laufzeit 30 Tage | ||
** Opennet VPN User CA ''opennet-vpn-user.ca.on'', Laufzeit 10 Jahre, 2048 bit RSA Key, SHA-256 Signatur, Signatur Opennet Root CA, CRL Laufzeit 30 Tage | ** Opennet VPN User CA ''opennet-vpn-user.ca.on'', Laufzeit 10 Jahre, 2048 bit RSA Key, SHA-256 Signatur, Signatur Opennet Root CA, CRL Laufzeit 30 Tage | ||
Zeile 45: | Zeile 45: | ||
|- | |- | ||
! | ! | ||
− | !opennet-root.ca.on (Serial | + | !opennet-root.ca.on (Serial 155EC6C0F6B384F8) |
|- | |- | ||
!CA | !CA | ||
− | |''Opennet Root CA, Issued | + | |''Opennet Root CA, Issued Nov 2022 Mathias Mahnke, Maintainer Opennet Admin Group'' |
|- | |- | ||
!Key | !Key | ||
Zeile 60: | Zeile 60: | ||
|- | |- | ||
!CRL | !CRL | ||
− | |fullname=URI:http://ca.opennet-initiative.de/root.crl<br>Signed SHA-512 + X.509 Subject Key Identifier, Valid 1 Month | + | |fullname=URI:http://ca.opennet-initiative.de/root.crl<br/>Signed SHA-512 + X.509 Subject Key Identifier, Valid 1 Month |
|- | |- | ||
!Ext | !Ext | ||
Zeile 66: | Zeile 66: | ||
|- | |- | ||
!Sign | !Sign | ||
− | |Self Signed, SHA-512, valid | + | |Self Signed, SHA-512, valid 2022/11/26 until 2037/11/26 |
|- | |- | ||
!Hashes | !Hashes | ||
− | |DN Hash 9106e34c<br>X.509 Subject Key Identifier FA:DA:A6:25:24:2C:20:E7:E5:A3:5F:2F:9F:6B:C1:EA:19:1A:F8:C1<br>MD5 Fingerprint | + | |DN Hash 9106e34c<br/>X.509 Subject Key Identifier FA:DA:A6:25:24:2C:20:E7:E5:A3:5F:2F:9F:6B:C1:EA:19:1A:F8:C1<br/>MD5 Fingerprint 4F:1D:64:09:6D:D4:C7:6F:CF:11:16:41:A2:21:CF:34<br/>SHA1 Fingerprint AF:13:9B:E5:B7:0D:85:EF:11:55:59:80:86:AB:F3:44:2D:C7:DC:85<br/>SHA265 Fingerprint 4D:68:41:2D:E7:04:E7:75:52:1C:D4:A0:08:D4:FF:18 |
+ | 1B:FD:6B:B7:4E:12:73:21:14:99:2C:91:DC:CB:A6:96 | ||
|- | |- | ||
!URL | !URL | ||
Zeile 79: | Zeile 80: | ||
|- | |- | ||
! | ! | ||
− | !opennet-vpn-ugw.ca.on (ID | + | !opennet-vpn-ugw.ca.on (ID 3D5E2270E11E5F8A) |
|- | |- | ||
!CA | !CA | ||
− | |''Opennet VPN UGW Sub-CA, Issued | + | |''Opennet VPN UGW Sub-CA, Issued Nov 2022 Mathias Mahnke, Maintainer Opennet Admin Group'' |
|- | |- | ||
!Key | !Key | ||
Zeile 94: | Zeile 95: | ||
|- | |- | ||
!CRL | !CRL | ||
− | |fullname=URI:http://ca.opennet-initiative.de/vpnugw.crl<br>Signed SHA-256 + X.509 Subject Key Identifier, Valid 1 Month | + | |fullname=URI:http://ca.opennet-initiative.de/vpnugw.crl<br/>Signed SHA-256 + X.509 Subject Key Identifier, Valid 1 Month |
|- | |- | ||
!Ext | !Ext | ||
Zeile 100: | Zeile 101: | ||
|- | |- | ||
!Sign | !Sign | ||
− | |opennet-root.ca.on (Serial D09411CA45BAB5F1), SHA-256, valid | + | |opennet-root.ca.on (Serial D09411CA45BAB5F1), SHA-256, valid 2022/11/24 until 2032/11/24 |
|- | |- | ||
!Hashes | !Hashes | ||
− | |DN Hash 216d4987<br>X.509 Subject Key Identifier C1:1F:4F:E4:A7:49:65:4B:0E:F8:E4:65:16:E2:28:76:49:A2:68:3B<br>X509v3 Authority Key Identifier FA:DA:A6:25:24:2C:20:E7:E5:A3:5F:2F:9F:6B:C1:EA:19:1A:F8:C1 serial:D0:94:11:CA:45:BA:B5:F1<br>MD5 Fingerprint | + | |DN Hash 216d4987<br/>X.509 Subject Key Identifier C1:1F:4F:E4:A7:49:65:4B:0E:F8:E4:65:16:E2:28:76:49:A2:68:3B<br/>X509v3 Authority Key Identifier FA:DA:A6:25:24:2C:20:E7:E5:A3:5F:2F:9F:6B:C1:EA:19:1A:F8:C1 serial:D0:94:11:CA:45:BA:B5:F1<br/>MD5 Fingerprint BD:73:3F:31:BA:F4:14:C3:8D:E9:6E:DA:C0:E8:E6:A2<br/>SHA1 Fingerprint 41:C4:32:12:D1:C6:31:80:97:78:5B:AF:85:D2:24:52:16:51:2D:92<br/>SHA265 Fingerprint D9:85:8E:F6:B5:B7:D4:6B:73:FA:A4:1B:E8:16:B2:94 |
+ | 20:3C:0B:11:BC:94:93:18:F3:90:66:20:4B:BB:CC:30 | ||
|- | |- | ||
!URL | !URL | ||
Zeile 113: | Zeile 115: | ||
|- | |- | ||
! | ! | ||
− | !opennet-vpn-user.ca.on (ID | + | !opennet-vpn-user.ca.on (ID 5A0048FE986DEBC7) |
|- | |- | ||
!CA | !CA | ||
− | |''Opennet VPN User Sub-CA, Issued | + | |''Opennet VPN User Sub-CA, Issued Nov 2022 Mathias Mahnke, Maintainer Opennet Admin Group'' |
|- | |- | ||
!Key | !Key | ||
Zeile 128: | Zeile 130: | ||
|- | |- | ||
!CRL | !CRL | ||
− | |fullname=URI:http://ca.opennet-initiative.de/vpnuser.crl<br>Signed SHA-256 + X.509 Subject Key Identifier, Valid 1 Month | + | |fullname=URI:http://ca.opennet-initiative.de/vpnuser.crl<br/>Signed SHA-256 + X.509 Subject Key Identifier, Valid 1 Month |
|- | |- | ||
!Ext | !Ext | ||
Zeile 134: | Zeile 136: | ||
|- | |- | ||
!Sign | !Sign | ||
− | |opennet-root.ca.on (Serial D09411CA45BAB5F1), SHA-256, valid | + | |opennet-root.ca.on (Serial D09411CA45BAB5F1), SHA-256, valid 2022/11/24 until 2032/11/24 |
|- | |- | ||
!Hashes | !Hashes | ||
− | |DN Hash 69a85ad3<br>X.509 Subject Key Identifier FA:75:C4:8D:8A:AA:D1:81:E1:29:15:A6:B4:55:E3:C0:32:05:F6:C7<br>X509v3 Authority Key Identifier FA:DA:A6:25:24:2C:20:E7:E5:A3:5F:2F:9F:6B:C1:EA:19:1A:F8:C1 serial:D0:94:11:CA:45:BA:B5:F1<br>MD5 Fingerprint | + | |DN Hash 69a85ad3<br/>X.509 Subject Key Identifier FA:75:C4:8D:8A:AA:D1:81:E1:29:15:A6:B4:55:E3:C0:32:05:F6:C7<br/>X509v3 Authority Key Identifier FA:DA:A6:25:24:2C:20:E7:E5:A3:5F:2F:9F:6B:C1:EA:19:1A:F8:C1 serial:D0:94:11:CA:45:BA:B5:F1<br/>MD5 Fingerprint 9F:35:14:07:AC:91:3C:CF:5E:78:93:2B:8E:E6:BA:9C<br/>SHA1 Fingerprint 94:1C:DD:D4:EB:B6:AB:F9:83:03:DA:31:99:36:AE:37:04:12:E0:F8<br/>SHA265 Fingerprint A8:99:60:91:8E:7E:7D:B4:F5:D1:13:F3:B7:87:15:62 |
+ | 76:D0:1D:97:8F:27:2B:EA:BE:93:6C:08:F8:E8:9A:AE | ||
|- | |- | ||
!URL | !URL | ||
Zeile 147: | Zeile 150: | ||
|- | |- | ||
! | ! | ||
− | !opennet-client.ca.on (ID | + | !opennet-client.ca.on (ID 0DDD811960089FAA) |
|- | |- | ||
!CA | !CA | ||
− | |''Opennet Client Sub-CA, Issued | + | |''Opennet Client Sub-CA, Issued Nov 2022 Mathias Mahnke, Maintainer Opennet Admin Group'' |
|- | |- | ||
!Key | !Key | ||
Zeile 162: | Zeile 165: | ||
|- | |- | ||
!CRL | !CRL | ||
− | |fullname=URI:http://ca.opennet-initiative.de/client.crl<br>Signed SHA-256 + X.509 Subject Key Identifier, Valid 1 Month | + | |fullname=URI:http://ca.opennet-initiative.de/client.crl<br/>Signed SHA-256 + X.509 Subject Key Identifier, Valid 1 Month |
|- | |- | ||
!Ext | !Ext | ||
Zeile 168: | Zeile 171: | ||
|- | |- | ||
!Sign | !Sign | ||
− | |opennet-root.ca.on (Serial D09411CA45BAB5F1), SHA-256, valid | + | |opennet-root.ca.on (Serial D09411CA45BAB5F1), SHA-256, valid 2022/11/24 until 2032/11/24 |
|- | |- | ||
!Hashes | !Hashes | ||
− | |DN Hash d8003700<br>X.509 Subject Key Identifier 77:97:CF:E9:CC:9A:47:FF:84:15:63:63:90:19:A0:99:82:28:2D:BA<br>X509v3 Authority Key Identifier FA:DA:A6:25:24:2C:20:E7:E5:A3:5F:2F:9F:6B:C1:EA:19:1A:F8:C1 serial:D0:94:11:CA:45:BA:B5:F1<br>MD5 Fingerprint | + | |DN Hash d8003700<br/>X.509 Subject Key Identifier 77:97:CF:E9:CC:9A:47:FF:84:15:63:63:90:19:A0:99:82:28:2D:BA<br/>X509v3 Authority Key Identifier FA:DA:A6:25:24:2C:20:E7:E5:A3:5F:2F:9F:6B:C1:EA:19:1A:F8:C1 serial:D0:94:11:CA:45:BA:B5:F1<br/>MD5 Fingerprint 8F:DF:8D:61:1A:A2:B5:89:1A:7E:A2:58:04:E2:41:CF<br/>SHA1 Fingerprint 52:45:A1:78:9F:B2:09:CD:77:07:CB:96:DE:33:86:BB:B8:BF:F3:4B<br/>SHA265 Fingerprint DA:94:77:32:A3:DA:D5:BD:E3:2F:7D:E2:B1:2B:FE:EC |
+ | E4:83:05:B7:A9:3E:27:B9:1C:20:74:32:F7:4B:9E:A8 | ||
|- | |- | ||
!URL | !URL | ||
Zeile 181: | Zeile 185: | ||
|- | |- | ||
! | ! | ||
− | !opennet-server.ca.on (ID | + | !opennet-server.ca.on (ID 016CE997D210A21C) |
|- | |- | ||
!CA | !CA | ||
− | |''Opennet Server Sub-CA, Issued | + | |''Opennet Server Sub-CA, Issued Nov 2022 Mathias Mahnke, Maintainer Opennet Admin Group'' |
|- | |- | ||
!Key | !Key | ||
Zeile 196: | Zeile 200: | ||
|- | |- | ||
!CRL | !CRL | ||
− | |fullname=URI:http://ca.opennet-initiative.de/server.crl<br>Signed SHA-256 + X.509 Subject Key Identifier, Valid 1 Month | + | |fullname=URI:http://ca.opennet-initiative.de/server.crl<br/>Signed SHA-256 + X.509 Subject Key Identifier, Valid 1 Month |
|- | |- | ||
!Ext | !Ext | ||
Zeile 202: | Zeile 206: | ||
|- | |- | ||
!Sign | !Sign | ||
− | |opennet-root.ca.on (Serial D09411CA45BAB5F1), SHA-256, valid | + | |opennet-root.ca.on (Serial D09411CA45BAB5F1), SHA-256, valid 2022/11/24 until 2032/11/24 |
|- | |- | ||
!Hashes | !Hashes | ||
− | |DN Hash 7e8721dd<br>X.509 Subject Key Identifier C1:C2:B5:2E:E4:85:E0:E9:43:D3:9A:4B:A2:39:76:94:0F:E1:C1:41<br>X509v3 Authority Key Identifier FA:DA:A6:25:24:2C:20:E7:E5:A3:5F:2F:9F:6B:C1:EA:19:1A:F8:C1 serial:D0:94:11:CA:45:BA:B5:F1<br>MD5 Fingerprint | + | |DN Hash 7e8721dd<br/>X.509 Subject Key Identifier C1:C2:B5:2E:E4:85:E0:E9:43:D3:9A:4B:A2:39:76:94:0F:E1:C1:41<br/>X509v3 Authority Key Identifier FA:DA:A6:25:24:2C:20:E7:E5:A3:5F:2F:9F:6B:C1:EA:19:1A:F8:C1 serial:D0:94:11:CA:45:BA:B5:F1<br/>MD5 Fingerprint EF:A0:B1:09:26:70:F0:45:A7:62:1A:74:C2:FC:F8:0B<br/>SHA1 Fingerprint 1E:01:19:76:00:30:D7:E1:F9:45:CE:25:B2:02:1D:29:B7:DC:65:61<br/>SHA265 Fingerprint E5:CC:1A:EC:D6:52:AC:4F:E7:9B:4E:5D:8F:6F:16:F5 |
+ | 72:E6:14:51:BB:9C:FF:B5:7B:09:BF:F7:C3:0E:16:FD | ||
|- | |- | ||
!URL | !URL |
Version vom 17. Juni 2023, 21:31 Uhr
Team |
Opennet CA |
Treffen: nur bei Bedarf |
Opennet Zertifizierungstelle |
Mitglieder: Christian W., Henning R., Jörg P., Mathias M., Philipp M., Lars K., Jan C. |
Kontakt: admin@opennet-initiative.de |
Inhaltsverzeichnis |
Einleitung
Die Opennet CA ist auf Server/amano beheimatet und wird durch Opennet verwaltet. Die Zertifizierungsstelle (Opennet CA) dient dem Signieren und Ausstellen von OpenSSL Zertifikaten für den OpenVPN Dienst innerhalb des Opennet Netzwerkes. OpenVPN wird eingesetzt, um die Nutzerzugänge abzusichern und User-Gateways sicher einzubinden. Basierend auf den Zertifikaten werden bei Opennet Berechtigungen an den Gateways für den Zugang zum Internet gesetzt.
Zertifikatsanfragen werden unter https://ca.opennet-initiative.de hochgeladen. Wenn ihr im Opennet CA Team mitarbeiten möchtet, meldet euch bitte bei admin@opennet-initiative.de. Für das Ausstellen und Aktivieren/Deaktivieren von Zertifikaten haben wir eine Intermediate-CA Instanz und HTTPS-Zugang erstellt. Zugriff haben die Opennet CA Teammitglieder, siehe oben rechts.
Anleitung
Zertifikatsanfrage hochladen
https://ca.opennet-initiative.de/csr/
Zertifikatserstellung freigeben
https://ca.opennet-initiative.de/internal/csr.html (Opennet CA Team)
Zertifikatsstatus abfragen
https://ca.opennet-initiative.de/
Dokumentation
Die technische Dokumentation des Opennet CA Backend Systems findet sich unter Server Installation/Opennet CA.
Das Einbinden von PKCS#12 Zertifikaten - notwendig für Opennet CA Teammitglieder - wird unter Browser Zertifikate beschrieben.
Gültige CAs
- Opennet CA Webinterface: https://ca.opennet-initiative.de/
- Opennet Root CA opennet-root.ca.on, Laufzeit 15 Jahre, 4096 bit RSA Key, SHA-512 Signatur, Self Signed, CRL Laufzeit 30 Tage
- Opennet VPN UGW CA opennet-vpn-ugw.ca.on, Laufzeit 10 Jahre, 2048 bit RSA Key, SHA-256 Signatur, Signatur Opennet Root CA, CRL Laufzeit 30 Tage
- Opennet VPN User CA opennet-vpn-user.ca.on, Laufzeit 10 Jahre, 2048 bit RSA Key, SHA-256 Signatur, Signatur Opennet Root CA, CRL Laufzeit 30 Tage
- Opennet Clients CA opennet-client.ca.on, Laufzeit 10 Jahre, 2048 bit RSA Key, SHA-256 Signatur, Signatur Opennet Root CA, CRL Laufzeit 30 Tage
- Opennet Server CA opennet-server.ca.on, Laufzeit 10 Jahre, 2048 bit RSA Key, SHA-256 Signatur, Signatur Opennet Root CA, CRL Laufzeit 30 Tage
opennet-root.ca.on (Serial 155EC6C0F6B384F8) | |
---|---|
CA | Opennet Root CA, Issued Nov 2022 Mathias Mahnke, Maintainer Opennet Admin Group |
Key | 4096 bit, RSA, SHA-512 |
DN | C=DE, ST=Mecklenburg-Vorpommern, O=Opennet Initiative e.V., OU=Opennet CA, CN=opennet-root.ca.on, emailAddress=admin@opennet-initiative.de |
Usage | keyUsage=keyCertSign, cRLSign, subjectKeyIdentifier=hash, basicConstraints=critical,CA:TRUE |
CRL | fullname=URI:http://ca.opennet-initiative.de/root.crl Signed SHA-512 + X.509 Subject Key Identifier, Valid 1 Month |
Ext | nsComment=Opennet Root CA, nsCaPolicyUrl=http://ca.opennet-initiative.de/, nsCaRevocationUrl=http://ca.opennet-initiative.de/root.crl, nsRevocationUrl=http://ca.opennet-initiative.de/root.crl, nsBaseUrl=http://ca.opennet-initiative.de/, nsCertType=sslCA,emailCA,objCA |
Sign | Self Signed, SHA-512, valid 2022/11/26 until 2037/11/26 |
Hashes | DN Hash 9106e34c X.509 Subject Key Identifier FA:DA:A6:25:24:2C:20:E7:E5:A3:5F:2F:9F:6B:C1:EA:19:1A:F8:C1 MD5 Fingerprint 4F:1D:64:09:6D:D4:C7:6F:CF:11:16:41:A2:21:CF:34 SHA1 Fingerprint AF:13:9B:E5:B7:0D:85:EF:11:55:59:80:86:AB:F3:44:2D:C7:DC:85 SHA265 Fingerprint 4D:68:41:2D:E7:04:E7:75:52:1C:D4:A0:08:D4:FF:18 1B:FD:6B:B7:4E:12:73:21:14:99:2C:91:DC:CB:A6:96 |
URL | http://ca.opennet-initiative.de/root.crt |
opennet-vpn-ugw.ca.on (ID 3D5E2270E11E5F8A) | |
---|---|
CA | Opennet VPN UGW Sub-CA, Issued Nov 2022 Mathias Mahnke, Maintainer Opennet Admin Group |
Key | 2048 bit, RSA, SHA-256 |
DN | C=DE, ST=Mecklenburg-Vorpommern, O=Opennet Initiative e.V., OU=Opennet CA, CN=opennet-vpn-ugw.ca.on, emailAddress=admin@opennet-initiative.de |
Usage | keyUsage=keyCertSign, cRLSign, subjectKeyIdentifier=hash, basicConstraints=critical,CA:TRUE, authorityKeyIdentifier=keyid,issuer, |
CRL | fullname=URI:http://ca.opennet-initiative.de/vpnugw.crl Signed SHA-256 + X.509 Subject Key Identifier, Valid 1 Month |
Ext | nsComment=Opennet Root CA, nsCaPolicyUrl=http://ca.opennet-initiative.de/, nsCaRevocationUrl=http://ca.opennet-initiative.de/vpnugw.crl, nsRevocationUrl=http://ca.opennet-initiative.de/vpnugw.crl, nsBaseUrl=http://ca.opennet-initiative.de/, nsCertType=sslCA,emailCA,objCA |
Sign | opennet-root.ca.on (Serial D09411CA45BAB5F1), SHA-256, valid 2022/11/24 until 2032/11/24 |
Hashes | DN Hash 216d4987 X.509 Subject Key Identifier C1:1F:4F:E4:A7:49:65:4B:0E:F8:E4:65:16:E2:28:76:49:A2:68:3B X509v3 Authority Key Identifier FA:DA:A6:25:24:2C:20:E7:E5:A3:5F:2F:9F:6B:C1:EA:19:1A:F8:C1 serial:D0:94:11:CA:45:BA:B5:F1 MD5 Fingerprint BD:73:3F:31:BA:F4:14:C3:8D:E9:6E:DA:C0:E8:E6:A2 SHA1 Fingerprint 41:C4:32:12:D1:C6:31:80:97:78:5B:AF:85:D2:24:52:16:51:2D:92 SHA265 Fingerprint D9:85:8E:F6:B5:B7:D4:6B:73:FA:A4:1B:E8:16:B2:94 20:3C:0B:11:BC:94:93:18:F3:90:66:20:4B:BB:CC:30 |
URL | http://ca.opennet-initiative.de/vpnugw.crt |
opennet-vpn-user.ca.on (ID 5A0048FE986DEBC7) | |
---|---|
CA | Opennet VPN User Sub-CA, Issued Nov 2022 Mathias Mahnke, Maintainer Opennet Admin Group |
Key | 2048 bit, RSA, SHA-256 |
DN | C=DE, ST=Mecklenburg-Vorpommern, O=Opennet Initiative e.V., OU=Opennet CA, CN=opennet-vpn-user.ca.on, emailAddress=admin@opennet-initiative.de |
Usage | keyUsage=keyCertSign, cRLSign, subjectKeyIdentifier=hash, basicConstraints=critical,CA:TRUE, authorityKeyIdentifier=keyid,issuer, |
CRL | fullname=URI:http://ca.opennet-initiative.de/vpnuser.crl Signed SHA-256 + X.509 Subject Key Identifier, Valid 1 Month |
Ext | nsComment=Opennet Root CA, nsCaPolicyUrl=http://ca.opennet-initiative.de/, nsCaRevocationUrl=http://ca.opennet-initiative.de/vpnuser.crl, nsRevocationUrl=http://ca.opennet-initiative.de/vpnuser.crl, nsBaseUrl=http://ca.opennet-initiative.de/, nsCertType=sslCA,emailCA,objCA |
Sign | opennet-root.ca.on (Serial D09411CA45BAB5F1), SHA-256, valid 2022/11/24 until 2032/11/24 |
Hashes | DN Hash 69a85ad3 X.509 Subject Key Identifier FA:75:C4:8D:8A:AA:D1:81:E1:29:15:A6:B4:55:E3:C0:32:05:F6:C7 X509v3 Authority Key Identifier FA:DA:A6:25:24:2C:20:E7:E5:A3:5F:2F:9F:6B:C1:EA:19:1A:F8:C1 serial:D0:94:11:CA:45:BA:B5:F1 MD5 Fingerprint 9F:35:14:07:AC:91:3C:CF:5E:78:93:2B:8E:E6:BA:9C SHA1 Fingerprint 94:1C:DD:D4:EB:B6:AB:F9:83:03:DA:31:99:36:AE:37:04:12:E0:F8 SHA265 Fingerprint A8:99:60:91:8E:7E:7D:B4:F5:D1:13:F3:B7:87:15:62 76:D0:1D:97:8F:27:2B:EA:BE:93:6C:08:F8:E8:9A:AE |
URL | http://ca.opennet-initiative.de/vpnuser.crt |
opennet-client.ca.on (ID 0DDD811960089FAA) | |
---|---|
CA | Opennet Client Sub-CA, Issued Nov 2022 Mathias Mahnke, Maintainer Opennet Admin Group |
Key | 2048 bit, RSA, SHA-256 |
DN | C=DE, ST=Mecklenburg-Vorpommern, O=Opennet Initiative e.V., OU=Opennet CA, CN=opennet-client.ca.on, emailAddress=admin@opennet-initiative.de |
Usage | keyUsage=keyCertSign, cRLSign, subjectKeyIdentifier=hash, basicConstraints=critical,CA:TRUE, authorityKeyIdentifier=keyid,issuer, |
CRL | fullname=URI:http://ca.opennet-initiative.de/client.crl Signed SHA-256 + X.509 Subject Key Identifier, Valid 1 Month |
Ext | nsComment=Opennet Root CA, nsCaPolicyUrl=http://ca.opennet-initiative.de/, nsCaRevocationUrl=http://ca.opennet-initiative.de/client.crl, nsRevocationUrl=http://ca.opennet-initiative.de/client.crl, nsBaseUrl=http://ca.opennet-initiative.de/, nsCertType=sslCA,emailCA,objCA |
Sign | opennet-root.ca.on (Serial D09411CA45BAB5F1), SHA-256, valid 2022/11/24 until 2032/11/24 |
Hashes | DN Hash d8003700 X.509 Subject Key Identifier 77:97:CF:E9:CC:9A:47:FF:84:15:63:63:90:19:A0:99:82:28:2D:BA X509v3 Authority Key Identifier FA:DA:A6:25:24:2C:20:E7:E5:A3:5F:2F:9F:6B:C1:EA:19:1A:F8:C1 serial:D0:94:11:CA:45:BA:B5:F1 MD5 Fingerprint 8F:DF:8D:61:1A:A2:B5:89:1A:7E:A2:58:04:E2:41:CF SHA1 Fingerprint 52:45:A1:78:9F:B2:09:CD:77:07:CB:96:DE:33:86:BB:B8:BF:F3:4B SHA265 Fingerprint DA:94:77:32:A3:DA:D5:BD:E3:2F:7D:E2:B1:2B:FE:EC E4:83:05:B7:A9:3E:27:B9:1C:20:74:32:F7:4B:9E:A8 |
URL | http://ca.opennet-initiative.de/client.crt |
opennet-server.ca.on (ID 016CE997D210A21C) | |
---|---|
CA | Opennet Server Sub-CA, Issued Nov 2022 Mathias Mahnke, Maintainer Opennet Admin Group |
Key | 2048 bit, RSA, SHA-256 |
DN | C=DE, ST=Mecklenburg-Vorpommern, O=Opennet Initiative e.V., OU=Opennet CA, CN=opennet-server.ca.on, emailAddress=admin@opennet-initiative.de |
Usage | keyUsage=keyCertSign, cRLSign, subjectKeyIdentifier=hash, basicConstraints=critical,CA:TRUE, authorityKeyIdentifier=keyid,issuer, |
CRL | fullname=URI:http://ca.opennet-initiative.de/server.crl Signed SHA-256 + X.509 Subject Key Identifier, Valid 1 Month |
Ext | nsComment=Opennet Root CA, nsCaPolicyUrl=http://ca.opennet-initiative.de/, nsCaRevocationUrl=http://ca.opennet-initiative.de/server.crl, nsRevocationUrl=http://ca.opennet-initiative.de/server.crl, nsBaseUrl=http://ca.opennet-initiative.de/, nsCertType=sslCA,emailCA,objCA |
Sign | opennet-root.ca.on (Serial D09411CA45BAB5F1), SHA-256, valid 2022/11/24 until 2032/11/24 |
Hashes | DN Hash 7e8721dd X.509 Subject Key Identifier C1:C2:B5:2E:E4:85:E0:E9:43:D3:9A:4B:A2:39:76:94:0F:E1:C1:41 X509v3 Authority Key Identifier FA:DA:A6:25:24:2C:20:E7:E5:A3:5F:2F:9F:6B:C1:EA:19:1A:F8:C1 serial:D0:94:11:CA:45:BA:B5:F1 MD5 Fingerprint EF:A0:B1:09:26:70:F0:45:A7:62:1A:74:C2:FC:F8:0B SHA1 Fingerprint 1E:01:19:76:00:30:D7:E1:F9:45:CE:25:B2:02:1D:29:B7:DC:65:61 SHA265 Fingerprint E5:CC:1A:EC:D6:52:AC:4F:E7:9B:4E:5D:8F:6F:16:F5 72:E6:14:51:BB:9C:FF:B5:7B:09:BF:F7:C3:0E:16:FD |
URL | http://ca.opennet-initiative.de/server.crt |
TODO
- Server Sub-CA hat fehlerhaften CRL Eintrag, ggf. Resign?
- "Cancel" Funktion in CSR Webinterface?