[tomcat] branch master updated: Renew all the server test certs

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

[tomcat] branch master updated: Renew all the server test certs

markt
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
     new e322a6b  Renew all the server test certs
e322a6b is described below

commit e322a6b6b10623dc0adf7cf05c8423aba89bedab
Author: Mark Thomas <[hidden email]>
AuthorDate: Wed Feb 17 17:11:41 2021 +0000

    Renew all the server test certs
---
 .../apache/tomcat/util/net/localhost-ec-cert.pem   | 122 ++++++++--------
 .../apache/tomcat/util/net/localhost-ec-key.pem    |  13 +-
 test/org/apache/tomcat/util/net/localhost-ec.jks   | Bin 3089 -> 1372 bytes
 .../apache/tomcat/util/net/localhost-rsa-cert.pem  | 160 ++++++++++-----------
 .../apache/tomcat/util/net/localhost-rsa-copy1.jks | Bin 2737 -> 2688 bytes
 .../apache/tomcat/util/net/localhost-rsa-key.pem   |  52 +++----
 test/org/apache/tomcat/util/net/localhost-rsa.jks  | Bin 4455 -> 4406 bytes
 7 files changed, 173 insertions(+), 174 deletions(-)

diff --git a/test/org/apache/tomcat/util/net/localhost-ec-cert.pem b/test/org/apache/tomcat/util/net/localhost-ec-cert.pem
index c918bcc..a8ebc43 100644
--- a/test/org/apache/tomcat/util/net/localhost-ec-cert.pem
+++ b/test/org/apache/tomcat/util/net/localhost-ec-cert.pem
@@ -1,22 +1,22 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number: 4098 (0x1002)
-    Signature Algorithm: sha256WithRSAEncryption
+        Serial Number: 4106 (0x100a)
+        Signature Algorithm: sha256WithRSAEncryption
         Issuer: C=US, ST=MA, L=Wakefield, O=The Apache Software Foundation, OU=Apache Tomcat PMC, CN=Apache Tomcat Test CA
         Validity
-            Not Before: Feb 15 19:32:18 2019 GMT
-            Not After : Feb 14 19:32:18 2021 GMT
-        Subject: C=US, ST=MA, L=Wakefield, O=The Apache Software Foundation, OU=Apache Tomcat PMC, CN=localhost
+            Not Before: Feb 17 15:12:12 2021 GMT
+            Not After : Feb 17 15:12:12 2023 GMT
+        Subject: C=US, ST=DE, L=Wilmington, O=The Apache Software Foundation, OU=Apache Tomcat PMC, CN=localhost
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
                 Public-Key: (256 bit)
                 pub:
-                    04:10:cc:24:b7:0c:2a:fe:a6:af:ea:b2:dc:26:f1:
-                    81:06:ae:0b:eb:f0:c0:5f:a3:ee:5a:e3:d3:7c:02:
-                    b0:58:6c:47:0e:6e:08:ac:30:e1:76:e5:9c:06:80:
-                    af:42:ce:a7:6f:49:b5:ec:95:08:b1:a9:e3:7a:f7:
-                    84:4f:e2:05:60
+                    04:ab:46:91:f9:d4:b7:5a:92:57:70:32:5c:04:ce:
+                    ce:31:39:66:30:cb:2e:59:97:6c:1f:06:0e:51:9d:
+                    78:20:bd:23:5f:44:36:00:5e:13:da:dc:63:a4:98:
+                    44:48:50:ba:65:1b:e9:4c:b8:e3:b6:da:66:63:c8:
+                    0c:40:ee:3e:23
                 ASN1 OID: prime256v1
                 NIST CURVE: P-256
         X509v3 extensions:
@@ -25,62 +25,62 @@ Certificate:
             Netscape Comment:
                 OpenSSL Generated Certificate
             X509v3 Subject Key Identifier:
-                F8:98:B3:3A:75:F3:09:EB:FF:CC:6E:26:39:F0:B5:FF:1F:0F:FB:01
+                51:59:C0:F4:44:A9:DD:9B:AE:0E:19:2E:66:89:CC:C1:ED:56:B6:3F
             X509v3 Authority Key Identifier:
                 keyid:00:F2:98:4D:21:2C:00:3C:40:9B:84:F4:DE:2A:F0:26:EE:32:0E:9F
 
     Signature Algorithm: sha256WithRSAEncryption
-         66:3f:a4:8e:4b:e0:3c:a2:54:d3:8d:6a:6d:83:fe:02:13:a8:
-         79:41:55:68:33:7a:13:84:2f:92:db:aa:06:ab:4c:69:a7:fe:
-         47:2f:31:a0:16:e8:cb:df:a8:d7:b3:21:27:2b:51:e2:77:05:
-         65:40:17:40:ff:9c:b8:3c:9f:c7:bf:65:8e:00:6f:ce:01:6d:
-         30:37:84:96:bd:78:11:26:be:27:22:53:67:c8:ac:cb:04:cb:
-         e2:96:a3:9e:a3:16:af:bf:97:be:c6:3d:0a:0f:1d:e9:45:0b:
-         ea:77:47:a7:d5:79:b2:5a:bc:83:4c:8c:2a:ca:b7:4c:0c:d4:
-         17:d5:24:b1:b1:5b:2c:6e:59:5d:30:40:b5:72:6f:3a:b1:f4:
-         f9:0d:7e:b9:aa:99:26:19:21:b0:07:4d:49:c3:e7:c2:3d:c8:
-         98:62:cd:b6:d5:9a:21:f8:c7:b0:1a:72:59:02:80:0f:83:af:
-         d7:3b:8a:7e:53:38:8c:0d:e9:03:9d:c8:f9:1d:5c:82:7f:49:
-         8d:87:d3:89:69:a1:39:d3:fd:04:17:e5:63:af:55:02:ef:60:
-         d7:70:1d:60:6c:aa:53:43:13:f1:82:f6:b6:41:71:7b:38:ff:
-         82:78:73:73:11:e7:48:2f:f8:e8:77:27:7a:0f:a3:14:b0:33:
-         f9:aa:65:0c:8f:69:3b:2f:ee:b3:51:d6:5d:8a:67:80:47:1e:
-         a3:bd:d2:03:c3:62:45:1a:ac:dd:79:2e:84:a7:3d:8a:27:89:
-         c4:31:cc:1c:0b:37:a6:9d:a4:e4:65:03:8b:a3:5a:63:60:fb:
-         b9:7b:44:7f:8d:6a:74:9f:52:0e:b8:e7:12:52:98:5f:e9:34:
-         20:5a:f6:b7:15:a1:81:5e:f4:18:6c:18:c7:e8:dc:64:f8:d1:
-         a2:6f:98:a6:fd:36:e8:be:e7:a8:3f:a5:cb:de:1f:8f:ef:4a:
-         29:ee:69:f3:81:cd:ce:ec:5f:d7:b8:61:c1:41:4b:b0:49:5c:
-         29:eb:dd:e8:a6:54:4c:61:72:af:9c:50:da:16:1d:da:14:c9:
-         5f:8a:ae:2a:41:3b:9d:1e:72:7d:c8:eb:28:f2:a5:49:9b:ca:
-         0c:38:88:09:b3:5f:a9:83:13:6a:93:03:f9:3c:92:22:b8:cb:
-         ad:ba:dc:9b:6d:a6:9e:b0:d5:5a:57:ea:ae:f7:e9:8f:03:c2:
-         24:80:f8:50:21:94:7c:58:ac:b0:86:58:13:f2:d4:ef:f3:c1:
-         53:96:88:f9:dd:19:a7:83:fe:a9:d1:0a:1c:d0:10:23:6e:24:
-         47:41:3b:d4:dd:a1:06:2d:8a:ba:51:ef:34:e7:81:f0:94:51:
-         28:3a:44:8e:de:25:fa:e3
+         a2:fd:07:71:93:5d:9f:2c:16:75:9c:e7:11:3e:6c:f6:19:78:
+         9c:6d:bf:b3:ef:62:e9:20:25:93:a3:95:f7:64:db:b3:ed:c2:
+         36:3b:da:29:3c:1c:59:d7:5b:56:b8:4b:03:7f:28:94:7b:71:
+         fb:a9:06:18:da:f8:da:ff:ee:82:9e:da:b4:8c:e1:4a:d4:bf:
+         84:a1:e7:37:de:f3:d8:d4:5f:3f:b2:8d:e2:33:3e:47:86:d7:
+         01:13:14:2d:4c:65:f8:05:d4:fa:d2:55:61:40:f5:b0:95:3d:
+         da:57:7a:e3:06:39:45:f4:a3:59:a7:75:d7:6c:44:c9:85:e7:
+         e9:78:ab:04:f2:92:7b:9d:62:16:cb:33:33:4e:10:42:e3:86:
+         34:47:8a:22:4f:45:f3:ca:2d:a7:24:6a:bf:78:07:e9:78:47:
+         c7:36:db:7d:f0:3f:14:ab:20:82:fb:e1:d8:4c:05:98:df:97:
+         15:be:31:51:f6:6f:73:6b:3a:b7:39:dc:78:e2:36:f0:da:9a:
+         ff:d9:00:88:f6:66:8c:36:53:e2:4f:f5:ab:d3:cb:3e:0a:69:
+         56:df:63:cb:89:34:b7:d5:6d:81:eb:38:1a:76:0e:59:0f:5e:
+         d3:d9:54:b0:e7:a3:2c:70:89:4c:1e:9c:5f:c2:6a:22:70:05:
+         e5:c9:9f:57:41:30:3f:c8:dc:27:dd:11:c8:25:76:a9:49:5b:
+         26:18:96:44:18:31:10:21:bb:8a:fe:2c:41:40:9d:c8:e7:6a:
+         1c:01:1b:11:10:72:7c:e7:50:e0:23:c2:81:81:6e:40:44:09:
+         90:e0:d8:cc:6b:71:b0:fa:87:47:d8:bb:ce:e8:21:a1:29:30:
+         4e:bc:46:1b:6c:2e:88:d8:2d:d2:44:6d:eb:0b:ee:e1:9c:df:
+         d7:90:2a:fc:10:22:92:23:5d:2b:62:01:85:54:98:c7:ef:a0:
+         50:7c:38:6b:ca:46:e9:e6:33:40:b3:66:b8:73:79:7a:cb:a4:
+         98:15:53:de:16:67:03:52:77:1b:a3:6f:a2:0d:f6:4d:35:dd:
+         78:5c:60:f0:f3:cc:56:77:4b:3a:fe:21:dc:7c:b9:9e:37:be:
+         7a:79:db:fa:39:97:b5:98:d9:fa:3f:77:af:df:e3:55:25:da:
+         14:82:30:8e:9e:66:02:11:83:bf:23:63:1b:e5:2b:a7:37:e1:
+         b1:2e:95:dd:91:7c:3a:f0:58:26:32:fc:51:84:5b:0d:1f:a4:
+         8d:1d:f3:a1:67:1a:48:af:91:e2:39:25:39:0e:78:06:b8:fb:
+         c2:ef:b0:f3:24:fb:aa:20:36:ab:67:c1:45:79:5e:11:f1:2e:
+         30:20:69:fc:46:9e:9e:0d
 -----BEGIN CERTIFICATE-----
-MIIESDCCAjCgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwgZMxCzAJBgNVBAYTAlVT
+MIIESTCCAjGgAwIBAgICEAowDQYJKoZIhvcNAQELBQAwgZMxCzAJBgNVBAYTAlVT
 MQswCQYDVQQIEwJNQTESMBAGA1UEBxMJV2FrZWZpZWxkMScwJQYDVQQKEx5UaGUg
 QXBhY2hlIFNvZnR3YXJlIEZvdW5kYXRpb24xGjAYBgNVBAsTEUFwYWNoZSBUb21j
-YXQgUE1DMR4wHAYDVQQDExVBcGFjaGUgVG9tY2F0IFRlc3QgQ0EwHhcNMTkwMjE1
-MTkzMjE4WhcNMjEwMjE0MTkzMjE4WjCBhzELMAkGA1UEBhMCVVMxCzAJBgNVBAgM
-Ak1BMRIwEAYDVQQHDAlXYWtlZmllbGQxJzAlBgNVBAoMHlRoZSBBcGFjaGUgU29m
-dHdhcmUgRm91bmRhdGlvbjEaMBgGA1UECwwRQXBhY2hlIFRvbWNhdCBQTUMxEjAQ
-BgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBDMJLcM
-Kv6mr+qy3CbxgQauC+vwwF+j7lrj03wCsFhsRw5uCKww4XblnAaAr0LOp29JteyV
-CLGp43r3hE/iBWCjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5T
-U0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBT4mLM6dfMJ6//MbiY5
-8LX/Hw/7ATAfBgNVHSMEGDAWgBQA8phNISwAPECbhPTeKvAm7jIOnzANBgkqhkiG
-9w0BAQsFAAOCAgEAZj+kjkvgPKJU041qbYP+AhOoeUFVaDN6E4QvktuqBqtMaaf+
-Ry8xoBboy9+o17MhJytR4ncFZUAXQP+cuDyfx79ljgBvzgFtMDeElr14ESa+JyJT
-Z8isywTL4pajnqMWr7+XvsY9Cg8d6UUL6ndHp9V5slq8g0yMKsq3TAzUF9UksbFb
-LG5ZXTBAtXJvOrH0+Q1+uaqZJhkhsAdNScPnwj3ImGLNttWaIfjHsBpyWQKAD4Ov
-1zuKflM4jA3pA53I+R1cgn9JjYfTiWmhOdP9BBflY69VAu9g13AdYGyqU0MT8YL2
-tkFxezj/gnhzcxHnSC/46Hcneg+jFLAz+aplDI9pOy/us1HWXYpngEceo73SA8Ni
-RRqs3XkuhKc9iieJxDHMHAs3pp2k5GUDi6NaY2D7uXtEf41qdJ9SDrjnElKYX+k0
-IFr2txWhgV70GGwYx+jcZPjRom+Ypv026L7nqD+ly94fj+9KKe5p84HNzuxf17hh
-wUFLsElcKevd6KZUTGFyr5xQ2hYd2hTJX4quKkE7nR5yfcjrKPKlSZvKDDiICbNf
-qYMTapMD+TySIrjLrbrcm22mnrDVWlfqrvfpjwPCJID4UCGUfFissIZYE/LU7/PB
-U5aI+d0Zp4P+qdEKHNAQI24kR0E71N2hBi2KulHvNOeB8JRRKDpEjt4l+uM=
+YXQgUE1DMR4wHAYDVQQDExVBcGFjaGUgVG9tY2F0IFRlc3QgQ0EwHhcNMjEwMjE3
+MTUxMjEyWhcNMjMwMjE3MTUxMjEyWjCBiDELMAkGA1UEBhMCVVMxCzAJBgNVBAgM
+AkRFMRMwEQYDVQQHDApXaWxtaW5ndG9uMScwJQYDVQQKDB5UaGUgQXBhY2hlIFNv
+ZnR3YXJlIEZvdW5kYXRpb24xGjAYBgNVBAsMEUFwYWNoZSBUb21jYXQgUE1DMRIw
+EAYDVQQDDAlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASrRpH5
+1LdakldwMlwEzs4xOWYwyy5Zl2wfBg5RnXggvSNfRDYAXhPa3GOkmERIULplG+lM
+uOO22mZjyAxA7j4jo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVu
+U1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUUVnA9ESp3ZuuDhku
+ZonMwe1Wtj8wHwYDVR0jBBgwFoAUAPKYTSEsADxAm4T03irwJu4yDp8wDQYJKoZI
+hvcNAQELBQADggIBAKL9B3GTXZ8sFnWc5xE+bPYZeJxtv7PvYukgJZOjlfdk27Pt
+wjY72ik8HFnXW1a4SwN/KJR7cfupBhja+Nr/7oKe2rSM4UrUv4Sh5zfe89jUXz+y
+jeIzPkeG1wETFC1MZfgF1PrSVWFA9bCVPdpXeuMGOUX0o1mndddsRMmF5+l4qwTy
+knudYhbLMzNOEELjhjRHiiJPRfPKLackar94B+l4R8c2233wPxSrIIL74dhMBZjf
+lxW+MVH2b3NrOrc53HjiNvDamv/ZAIj2Zow2U+JP9avTyz4KaVbfY8uJNLfVbYHr
+OBp2DlkPXtPZVLDnoyxwiUwenF/CaiJwBeXJn1dBMD/I3CfdEcgldqlJWyYYlkQY
+MRAhu4r+LEFAncjnahwBGxEQcnznUOAjwoGBbkBECZDg2MxrcbD6h0fYu87oIaEp
+ME68RhtsLojYLdJEbesL7uGc39eQKvwQIpIjXStiAYVUmMfvoFB8OGvKRunmM0Cz
+ZrhzeXrLpJgVU94WZwNSdxujb6IN9k013XhcYPDzzFZ3Szr+Idx8uZ43vnp52/o5
+l7WY2fo/d6/f41Ul2hSCMI6eZgIRg78jYxvlK6c34bEuld2RfDrwWCYy/FGEWw0f
+pI0d86FnGkivkeI5JTkOeAa4+8LvsPMk+6ogNqtnwUV5XhHxLjAgafxGnp4N
 -----END CERTIFICATE-----
diff --git a/test/org/apache/tomcat/util/net/localhost-ec-key.pem b/test/org/apache/tomcat/util/net/localhost-ec-key.pem
index 85ecdc8..65c1196 100644
--- a/test/org/apache/tomcat/util/net/localhost-ec-key.pem
+++ b/test/org/apache/tomcat/util/net/localhost-ec-key.pem
@@ -1,5 +1,8 @@
------BEGIN PRIVATE KEY-----
-MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg0U7ZRpeTEzVDXCCP
-oKwgWnN0tf7CMaE9dJmLIPpNgnChRANCAAQQzCS3DCr+pq/qstwm8YEGrgvr8MBf
-o+5a49N8ArBYbEcObgisMOF25ZwGgK9CzqdvSbXslQixqeN694RP4gVg
------END PRIVATE KEY-----
+-----BEGIN EC PARAMETERS-----
+BggqhkjOPQMBBw==
+-----END EC PARAMETERS-----
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIOze3lg2jyXDE1jY5l6GMD98TsYhgO5EqGNnEKcRQNE4oAoGCCqGSM49
+AwEHoUQDQgAEq0aR+dS3WpJXcDJcBM7OMTlmMMsuWZdsHwYOUZ14IL0jX0Q2AF4T
+2txjpJhESFC6ZRvpTLjjttpmY8gMQO4+Iw==
+-----END EC PRIVATE KEY-----
diff --git a/test/org/apache/tomcat/util/net/localhost-ec.jks b/test/org/apache/tomcat/util/net/localhost-ec.jks
index a6572af..c867e47 100644
Binary files a/test/org/apache/tomcat/util/net/localhost-ec.jks and b/test/org/apache/tomcat/util/net/localhost-ec.jks differ
diff --git a/test/org/apache/tomcat/util/net/localhost-rsa-cert.pem b/test/org/apache/tomcat/util/net/localhost-rsa-cert.pem
index 24bb60a..7ee1d71 100644
--- a/test/org/apache/tomcat/util/net/localhost-rsa-cert.pem
+++ b/test/org/apache/tomcat/util/net/localhost-rsa-cert.pem
@@ -1,35 +1,35 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number: 4102 (0x1006)
+        Serial Number: 4105 (0x1009)
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C=US, ST=MA, L=Wakefield, O=The Apache Software Foundation, OU=Apache Tomcat PMC, CN=Apache Tomcat Test CA
         Validity
-            Not Before: Aug  7 20:30:28 2019 GMT
-            Not After : Aug  6 20:30:28 2021 GMT
-        Subject: C=US, ST=MA, L=Wakefield, O=The Apache Software Foundation, OU=Apache Tomcat PMC, CN=localhost
+            Not Before: Feb 17 14:28:35 2021 GMT
+            Not After : Feb 17 14:28:35 2023 GMT
+        Subject: C=US, ST=DE, L=Wilmington, O=The Apache Software Foundation, OU=Apache Tomcat PMC, CN=localhost
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
                 RSA Public-Key: (2048 bit)
                 Modulus:
-                    00:cf:e2:56:a6:67:a6:e8:e7:f3:94:86:6e:f9:06:
-                    46:cf:20:66:b5:cd:b1:c7:d6:50:ea:4d:46:44:ed:
-                    45:65:ea:b6:9b:2e:49:a5:25:c1:8e:36:f6:2c:bc:
-                    8e:09:35:0b:2f:43:70:73:07:47:1d:78:a1:12:e9:
-                    56:5d:ab:84:15:16:0e:38:01:bb:81:87:2d:c4:3b:
-                    dc:2e:4a:e1:d4:66:1b:ce:87:2c:a9:b8:e3:aa:80:
-                    75:79:b1:98:f3:dd:df:66:d0:0d:e1:06:d8:6c:6c:
-                    50:f0:00:80:32:70:55:7b:dd:eb:ae:f2:6a:bf:93:
-                    3d:15:e1:25:f8:75:ce:d8:46:dc:c4:6b:ee:f9:f5:
-                    93:39:ad:90:47:15:4b:fa:ca:5b:fe:ca:1b:29:8a:
-                    74:19:2a:cb:1e:4f:20:d9:74:75:24:a0:06:d1:3a:
-                    ed:9b:88:87:f3:1b:0f:a6:14:67:e9:ed:47:2e:a1:
-                    25:6a:c2:97:04:13:f4:9f:62:38:cd:5a:e7:ad:c2:
-                    64:2c:8f:9c:3d:04:58:12:42:e5:0c:8e:8c:ce:78:
-                    3d:60:38:ce:06:ff:9c:ea:9c:c9:0f:73:90:b2:1a:
-                    4a:16:99:c9:fe:95:88:7b:3c:7f:19:d0:26:27:11:
-                    78:f9:92:5c:b4:f5:d4:cb:b0:84:0c:74:37:3d:87:
-                    1a:0b
+                    00:96:38:b8:2a:ba:3b:f8:2c:65:74:96:50:fd:45:
+                    ae:4a:93:a7:69:80:7a:c5:1f:2e:26:0e:07:58:77:
+                    95:b1:c7:e1:8c:6f:02:6b:3a:e1:bb:14:63:01:52:
+                    74:c8:39:ad:8e:84:43:16:12:93:de:c1:5a:04:fb:
+                    c4:65:0d:d1:fd:b2:3e:fd:2a:e2:6f:3c:03:79:61:
+                    ec:62:ff:34:14:2b:fa:d5:6f:97:2b:98:17:4e:31:
+                    8e:7d:d2:46:1f:5d:6d:6b:39:d8:cb:f0:31:05:28:
+                    1d:6a:4d:67:9a:17:a8:a0:09:7f:1b:3d:b9:99:1d:
+                    2d:50:52:72:b3:69:73:04:5a:04:af:19:af:77:39:
+                    7f:10:4b:6b:92:ff:aa:01:14:08:0a:97:bf:9f:21:
+                    db:07:62:0d:04:23:dc:18:b7:72:14:ec:4a:8b:c5:
+                    e6:80:25:a1:2c:97:b4:4d:df:79:79:44:b4:18:ce:
+                    88:92:ab:ac:15:c2:f6:3f:47:ff:56:09:8f:82:15:
+                    b0:5a:14:76:92:98:54:96:97:3b:20:ff:a6:a9:cf:
+                    da:2d:f6:0e:a3:3c:b4:92:2a:7b:b6:3d:0e:18:6f:
+                    39:f5:72:4d:c3:c6:e3:44:3a:0b:e7:a5:82:c8:31:
+                    aa:36:1f:13:ec:4b:7b:cf:79:fd:2a:05:e4:46:5e:
+                    2c:17
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Basic Constraints:
@@ -37,73 +37,69 @@ Certificate:
             Netscape Comment:
                 OpenSSL Generated Certificate
             X509v3 Subject Key Identifier:
-                0D:86:88:1D:07:59:CE:14:B4:89:81:58:C6:0B:FF:4C:CA:25:52:80
+                CD:35:CB:AD:62:91:65:C4:C5:46:C8:C3:0A:C7:D3:57:43:46:E8:FD
             X509v3 Authority Key Identifier:
                 keyid:00:F2:98:4D:21:2C:00:3C:40:9B:84:F4:DE:2A:F0:26:EE:32:0E:9F
 
-            Authority Information Access:
-                OCSP - URI:http://127.0.0.1:8888
-
             X509v3 Subject Alternative Name:
                 DNS:localhost, IP Address:127.0.0.1
     Signature Algorithm: sha256WithRSAEncryption
-         7d:dc:b1:0f:dd:34:df:26:63:73:02:8a:d6:39:64:73:c3:fc:
-         40:75:26:b6:9b:42:72:af:c9:63:41:68:d0:78:c7:47:ef:c2:
-         44:5a:b3:58:95:a3:2c:f3:b1:f4:a3:3d:0b:94:ff:b4:97:6a:
-         e9:4b:4b:c2:3a:f6:36:43:af:ee:2f:39:3e:f2:5f:2c:a2:b7:
-         43:3c:13:42:d8:4e:e0:36:bc:23:c5:43:88:46:92:f7:77:14:
-         67:73:14:5b:43:0e:3d:b5:1a:69:e9:ca:84:08:20:27:9f:23:
-         4d:60:db:cb:98:4a:b3:3e:71:e6:e8:a1:11:1c:7e:7e:43:fb:
-         6d:a5:41:c0:7e:3f:84:ed:06:28:dc:aa:80:17:76:ec:8a:e6:
-         65:45:21:85:13:48:e0:5b:87:c8:2a:1a:0f:37:0f:2a:64:53:
-         a8:e3:49:04:84:88:fe:8b:a2:3c:cc:41:c7:c0:ad:26:d6:e1:
-         67:69:9a:50:c7:eb:3d:1c:7f:da:88:08:24:14:6e:a1:ab:3e:
-         77:3f:88:12:55:98:97:9f:db:ad:09:e2:20:fe:8d:1f:ea:4f:
-         46:7e:d8:aa:ba:14:bd:a8:c2:6f:1b:47:62:d9:05:ca:c7:30:
-         7b:1e:95:2e:55:10:1d:b1:e3:44:95:07:25:6e:8c:9d:69:5b:
-         5c:ad:5f:56:27:e8:60:9f:d2:f4:64:7f:f7:8f:dc:bb:ee:bf:
-         be:0b:ea:34:9b:37:de:f0:5c:e0:64:c2:52:42:a6:0d:20:7d:
-         78:34:42:c1:1c:43:a1:98:e8:48:7b:92:49:2b:d9:63:91:6a:
-         70:02:d0:1b:a5:2a:ee:e5:1b:12:4f:cb:c9:e7:18:ae:66:f5:
-         04:d9:d2:68:95:c1:31:fe:57:9d:51:f5:fc:ed:43:3b:79:bf:
-         c3:9d:85:68:d8:98:a5:3c:a2:bb:fb:5b:19:5b:de:f0:7e:c8:
-         5e:47:ba:5d:8a:5b:44:f1:44:54:64:c0:da:95:a6:f0:bf:a9:
-         3f:5d:4c:72:97:86:ae:1e:0d:cd:20:4b:85:e0:4e:26:4d:29:
-         4e:96:43:b0:fd:30:5f:53:24:97:bc:35:d8:31:4b:6c:ea:a7:
-         f9:64:f9:cb:a0:14:c4:fc:54:78:13:52:b5:06:8f:7a:c2:00:
-         14:97:18:06:ef:bc:2f:2a:31:fc:11:25:7f:47:e3:3b:54:e7:
-         46:62:78:ba:52:07:32:41:48:9d:47:bd:1c:f4:eb:49:11:42:
-         40:9c:36:5a:e0:84:bd:09:44:91:bb:5c:d1:c4:28:6a:68:34:
-         f9:2c:22:b7:fc:43:bb:c4:96:02:ce:73:43:be:de:02:9c:e1:
-         d2:2a:4a:76:19:d6:3f:b0
+         70:45:e7:c9:6b:6c:22:26:f3:39:06:0c:8b:11:13:0b:b1:48:
+         46:2c:1f:61:b3:e8:36:3b:ea:ac:e8:b0:28:46:fa:b6:37:14:
+         91:91:4c:6c:7d:fc:c0:4d:c7:7c:a4:3e:1c:6e:1b:a7:ab:8d:
+         a8:c3:97:e1:67:ee:01:98:56:29:08:f9:1a:35:97:5a:a7:49:
+         fb:68:3d:e5:32:a1:4b:b4:9c:f3:a7:c7:89:c5:49:8f:b6:e9:
+         ae:24:e3:f0:04:b9:0e:ec:0b:0a:32:99:ae:0c:16:11:16:02:
+         db:7d:68:e1:40:40:bd:58:0a:08:e5:57:ed:c9:d9:1e:cf:32:
+         e4:59:af:20:f2:e5:fc:89:ac:2b:85:5a:d4:e2:58:b9:4c:9c:
+         dc:96:8e:3c:f8:3f:89:8d:cb:e3:fe:79:d3:3a:6d:df:70:2f:
+         b7:f3:82:69:0b:86:b6:af:5d:64:6c:71:2c:90:56:86:cd:3c:
+         e0:28:5c:f8:90:91:a9:9d:22:05:c3:d6:03:a5:7a:fc:a8:33:
+         0a:2c:17:30:f3:89:2c:26:cf:ac:21:91:4c:1f:93:a8:23:81:
+         45:40:0f:4b:74:fe:e6:3b:47:20:1b:78:7c:61:03:c9:0b:f4:
+         b5:e3:a4:55:fd:f5:3f:55:0c:22:4a:77:08:02:c2:bf:28:07:
+         37:2f:e8:c9:2c:73:5c:c7:52:78:70:a4:84:14:b4:a0:be:3d:
+         36:c5:9e:d3:fc:6f:4b:1a:5c:ff:1b:f8:d0:cb:7f:d7:c9:39:
+         01:08:27:55:b3:9b:c8:fc:fe:95:c3:a8:89:a3:e9:70:5d:1e:
+         6e:c2:8e:e7:33:dd:75:fd:e9:ff:f9:9d:a0:8b:16:e4:ee:a1:
+         f1:58:65:8f:ec:58:a6:40:9d:60:6e:a8:8e:97:27:60:fa:60:
+         51:2e:8e:e4:56:64:ee:87:2c:48:80:a1:dc:89:72:22:0e:58:
+         79:78:d9:c4:bb:9f:93:10:6f:91:2e:d6:9f:64:e3:57:50:15:
+         da:1a:be:fa:6b:3b:6f:3b:8d:fe:a1:ec:5e:8e:9a:02:1b:60:
+         a3:40:57:2c:2c:f5:17:c0:da:3c:cc:a5:eb:39:c0:21:1c:bf:
+         ab:23:03:c1:5b:7c:af:b5:f6:7b:1a:05:6b:e2:76:fe:b0:35:
+         53:0b:44:9a:46:ce:8f:cf:88:14:20:55:ba:45:ad:19:92:e0:
+         88:e0:cf:ee:f3:3c:1d:a5:dd:7c:ba:29:d5:27:20:75:5c:fc:
+         eb:08:90:4f:e2:ca:e8:40:81:91:6a:62:9e:1d:d0:03:e9:53:
+         2d:df:dd:6e:fb:1c:87:17:7a:65:81:15:cd:e1:c2:d7:59:55:
+         68:92:f6:88:59:5b:db:8d
 -----BEGIN CERTIFICATE-----
-MIIFZDCCA0ygAwIBAgICEAYwDQYJKoZIhvcNAQELBQAwgZMxCzAJBgNVBAYTAlVT
+MIIFMjCCAxqgAwIBAgICEAkwDQYJKoZIhvcNAQELBQAwgZMxCzAJBgNVBAYTAlVT
 MQswCQYDVQQIEwJNQTESMBAGA1UEBxMJV2FrZWZpZWxkMScwJQYDVQQKEx5UaGUg
 QXBhY2hlIFNvZnR3YXJlIEZvdW5kYXRpb24xGjAYBgNVBAsTEUFwYWNoZSBUb21j
-YXQgUE1DMR4wHAYDVQQDExVBcGFjaGUgVG9tY2F0IFRlc3QgQ0EwHhcNMTkwODA3
-MjAzMDI4WhcNMjEwODA2MjAzMDI4WjCBhzELMAkGA1UEBhMCVVMxCzAJBgNVBAgT
-Ak1BMRIwEAYDVQQHEwlXYWtlZmllbGQxJzAlBgNVBAoTHlRoZSBBcGFjaGUgU29m
-dHdhcmUgRm91bmRhdGlvbjEaMBgGA1UECxMRQXBhY2hlIFRvbWNhdCBQTUMxEjAQ
-BgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-AM/iVqZnpujn85SGbvkGRs8gZrXNscfWUOpNRkTtRWXqtpsuSaUlwY429iy8jgk1
-Cy9DcHMHRx14oRLpVl2rhBUWDjgBu4GHLcQ73C5K4dRmG86HLKm446qAdXmxmPPd
-32bQDeEG2GxsUPAAgDJwVXvd667yar+TPRXhJfh1zthG3MRr7vn1kzmtkEcVS/rK
-W/7KGymKdBkqyx5PINl0dSSgBtE67ZuIh/MbD6YUZ+ntRy6hJWrClwQT9J9iOM1a
-563CZCyPnD0EWBJC5QyOjM54PWA4zgb/nOqcyQ9zkLIaShaZyf6ViHs8fxnQJicR
-ePmSXLT11MuwhAx0Nz2HGgsCAwEAAaOByzCByDAJBgNVHRMEAjAAMCwGCWCGSAGG
-+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU
-DYaIHQdZzhS0iYFYxgv/TMolUoAwHwYDVR0jBBgwFoAUAPKYTSEsADxAm4T03irw
-Ju4yDp8wMQYIKwYBBQUHAQEEJTAjMCEGCCsGAQUFBzABhhVodHRwOi8vMTI3LjAu
-MC4xOjg4ODgwGgYDVR0RBBMwEYIJbG9jYWxob3N0hwR/AAABMA0GCSqGSIb3DQEB
-CwUAA4ICAQB93LEP3TTfJmNzAorWOWRzw/xAdSa2m0Jyr8ljQWjQeMdH78JEWrNY
-laMs87H0oz0LlP+0l2rpS0vCOvY2Q6/uLzk+8l8sordDPBNC2E7gNrwjxUOIRpL3
-dxRncxRbQw49tRpp6cqECCAnnyNNYNvLmEqzPnHm6KERHH5+Q/ttpUHAfj+E7QYo
-3KqAF3bsiuZlRSGFE0jgW4fIKhoPNw8qZFOo40kEhIj+i6I8zEHHwK0m1uFnaZpQ
-x+s9HH/aiAgkFG6hqz53P4gSVZiXn9utCeIg/o0f6k9GftiquhS9qMJvG0di2QXK
-xzB7HpUuVRAdseNElQclboydaVtcrV9WJ+hgn9L0ZH/3j9y77r++C+o0mzfe8Fzg
-ZMJSQqYNIH14NELBHEOhmOhIe5JJK9ljkWpwAtAbpSru5RsST8vJ5xiuZvUE2dJo
-lcEx/ledUfX87UM7eb/DnYVo2JilPKK7+1sZW97wfsheR7pdiltE8URUZMDalabw
-v6k/XUxyl4auHg3NIEuF4E4mTSlOlkOw/TBfUySXvDXYMUts6qf5ZPnLoBTE/FR4
-E1K1Bo96wgAUlxgG77wvKjH8ESV/R+M7VOdGYni6UgcyQUidR70c9OtJEUJAnDZa
-4IS9CUSRu1zRxChqaDT5LCK3/EO7xJYCznNDvt4CnOHSKkp2GdY/sA==
+YXQgUE1DMR4wHAYDVQQDExVBcGFjaGUgVG9tY2F0IFRlc3QgQ0EwHhcNMjEwMjE3
+MTQyODM1WhcNMjMwMjE3MTQyODM1WjCBiDELMAkGA1UEBhMCVVMxCzAJBgNVBAgT
+AkRFMRMwEQYDVQQHEwpXaWxtaW5ndG9uMScwJQYDVQQKEx5UaGUgQXBhY2hlIFNv
+ZnR3YXJlIEZvdW5kYXRpb24xGjAYBgNVBAsTEUFwYWNoZSBUb21jYXQgUE1DMRIw
+EAYDVQQDEwlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCWOLgqujv4LGV0llD9Ra5Kk6dpgHrFHy4mDgdYd5Wxx+GMbwJrOuG7FGMBUnTI
+Oa2OhEMWEpPewVoE+8RlDdH9sj79KuJvPAN5Yexi/zQUK/rVb5crmBdOMY590kYf
+XW1rOdjL8DEFKB1qTWeaF6igCX8bPbmZHS1QUnKzaXMEWgSvGa93OX8QS2uS/6oB
+FAgKl7+fIdsHYg0EI9wYt3IU7EqLxeaAJaEsl7RN33l5RLQYzoiSq6wVwvY/R/9W
+CY+CFbBaFHaSmFSWlzsg/6apz9ot9g6jPLSSKnu2PQ4Ybzn1ck3DxuNEOgvnpYLI
+Mao2HxPsS3vPef0qBeRGXiwXAgMBAAGjgZgwgZUwCQYDVR0TBAIwADAsBglghkgB
+hvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYE
+FM01y61ikWXExUbIwwrH01dDRuj9MB8GA1UdIwQYMBaAFADymE0hLAA8QJuE9N4q
+8CbuMg6fMBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAAATANBgkqhkiG9w0BAQsF
+AAOCAgEAcEXnyWtsIibzOQYMixETC7FIRiwfYbPoNjvqrOiwKEb6tjcUkZFMbH38
+wE3HfKQ+HG4bp6uNqMOX4WfuAZhWKQj5GjWXWqdJ+2g95TKhS7Sc86fHicVJj7bp
+riTj8AS5DuwLCjKZrgwWERYC231o4UBAvVgKCOVX7cnZHs8y5FmvIPLl/ImsK4Va
+1OJYuUyc3JaOPPg/iY3L4/550zpt33Avt/OCaQuGtq9dZGxxLJBWhs084Chc+JCR
+qZ0iBcPWA6V6/KgzCiwXMPOJLCbPrCGRTB+TqCOBRUAPS3T+5jtHIBt4fGEDyQv0
+teOkVf31P1UMIkp3CALCvygHNy/oySxzXMdSeHCkhBS0oL49NsWe0/xvSxpc/xv4
+0Mt/18k5AQgnVbObyPz+lcOoiaPpcF0ebsKO5zPddf3p//mdoIsW5O6h8Vhlj+xY
+pkCdYG6ojpcnYPpgUS6O5FZk7ocsSICh3IlyIg5YeXjZxLufkxBvkS7Wn2TjV1AV
+2hq++ms7bzuN/qHsXo6aAhtgo0BXLCz1F8DaPMyl6znAIRy/qyMDwVt8r7X2exoF
+a+J2/rA1UwtEmkbOj8+IFCBVukWtGZLgiODP7vM8HaXdfLop1ScgdVz86wiQT+LK
+6ECBkWpinh3QA+lTLd/dbvschxd6ZYEVzeHC11lVaJL2iFlb240=
 -----END CERTIFICATE-----
diff --git a/test/org/apache/tomcat/util/net/localhost-rsa-copy1.jks b/test/org/apache/tomcat/util/net/localhost-rsa-copy1.jks
index df3eb23..3ee20d4 100644
Binary files a/test/org/apache/tomcat/util/net/localhost-rsa-copy1.jks and b/test/org/apache/tomcat/util/net/localhost-rsa-copy1.jks differ
diff --git a/test/org/apache/tomcat/util/net/localhost-rsa-key.pem b/test/org/apache/tomcat/util/net/localhost-rsa-key.pem
index 6611669..2615d12 100644
--- a/test/org/apache/tomcat/util/net/localhost-rsa-key.pem
+++ b/test/org/apache/tomcat/util/net/localhost-rsa-key.pem
@@ -1,28 +1,28 @@
 -----BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDP4lamZ6bo5/OU
-hm75BkbPIGa1zbHH1lDqTUZE7UVl6rabLkmlJcGONvYsvI4JNQsvQ3BzB0cdeKES
-6VZdq4QVFg44AbuBhy3EO9wuSuHUZhvOhyypuOOqgHV5sZjz3d9m0A3hBthsbFDw
-AIAycFV73euu8mq/kz0V4SX4dc7YRtzEa+759ZM5rZBHFUv6ylv+yhspinQZKsse
-TyDZdHUkoAbROu2biIfzGw+mFGfp7UcuoSVqwpcEE/SfYjjNWuetwmQsj5w9BFgS
-QuUMjozOeD1gOM4G/5zqnMkPc5CyGkoWmcn+lYh7PH8Z0CYnEXj5kly09dTLsIQM
-dDc9hxoLAgMBAAECggEAXfOqO6yux6ZE9MRJFSzcBbJcGSBsj6dxjGL+NhqR+by5
-aKrjx8qnjpGScqeI/epGMsck5CfO4SfqjDR+vvjMSgdcx70otCKW8ZAoM5fONoMr
-YAzBh7cy1ZUXArfcK6MD22B+VUwVtfLCJaXkSmdwivnCEaAn1ItD2UaXNZJwuFeF
-pT9Veif4MwfRhrVvHeEK+hEsrUePOOZ7bvfvIyd2pKtBuniiaoP9LIE2E/s+G458
-xFZUHDxSgumEekZLv1mt03rcNDW9B9kLELaDuVbO4mQBn3edolvmL7N2iZpPIhM/
-UDMqs7HfZ70bLcENa26UAZqIenbkueg7UkZgCF5RWQKBgQDxVTizo8vF+f7BhY8o
-VSvGEhyRsJsyt9wb5AkVUCSM6Q+fKTimRBoDBQijDVc20uV5HpYIy35THphmXYX8
-qIYNQiaGyLwBk6YWJDfqcfCjKBm6P7vtSFWjroRj2c0GjmXBZPk4sGYj16P4Qy00
-ZssPsa+ENYgc4mox6szTp5Zp1wKBgQDchLRPaz1tWoLIlIl35a5GLHZwf6GGDeDI
-2bxTMhBAohbjW9NSWf7GeZgeigRd7p5s6m2EriEJwsn61W0IWUzPLJ7iTHKOrVxU
-tGxHd+SV3KhOkGn1EJ8zFiNIma/nAZraGW9zH/lhq09G8ygf1y3lSCQIABG8pAbK
-xHmn3BoS7QKBgQCi0hSHXqNE1v4CItILLCt0XxPXV4feGB3w01Eth/yg9T0M7QrD
-Yn8KOoMxPvbwjik0JmajWGfKPIIlzkNvy2Nl3pOPrC7sAWm01orDKkxoR83T0tw/
-ouXkoQHBPFkPa1NLv4xFqv2+gOanwOrmx9OIqyD32gYTNs7fDsNSqWbZ0QKBgCup
-WsoewZrVQO/V+SH0J/1c8FZ17tVMCiW6dr9COlWRwlZh6AV2LCvAB46EZTjz9go6
-oFSU5ZW5K6SufVgZ1ktu2kaUPFpjmNRspMPByVCiz/A+R7xt/hdvWq0VQO7MMozc
-XGS+//GGqbuyiU9Em6G6Fug+m0RudanQHQZPXhpBAoGBAIuWHrYCOWJRHDw8WdOE
-811QFYHpMbYc0G4/50+O/1qKADWKbqAZpnbIW8NpHrcfggkgJw6E9kmtt8HbBu/3
-NuCWK1K/0aLwQQMXqgrwuNYvk1QRXbAx86fbC1XVrY2KwmuCg6snXjJZqsTI91xm
-jO0LxqN3mDyK11I9/XuearPH
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCWOLgqujv4LGV0
+llD9Ra5Kk6dpgHrFHy4mDgdYd5Wxx+GMbwJrOuG7FGMBUnTIOa2OhEMWEpPewVoE
++8RlDdH9sj79KuJvPAN5Yexi/zQUK/rVb5crmBdOMY590kYfXW1rOdjL8DEFKB1q
+TWeaF6igCX8bPbmZHS1QUnKzaXMEWgSvGa93OX8QS2uS/6oBFAgKl7+fIdsHYg0E
+I9wYt3IU7EqLxeaAJaEsl7RN33l5RLQYzoiSq6wVwvY/R/9WCY+CFbBaFHaSmFSW
+lzsg/6apz9ot9g6jPLSSKnu2PQ4Ybzn1ck3DxuNEOgvnpYLIMao2HxPsS3vPef0q
+BeRGXiwXAgMBAAECggEABZHo0jzBiHws7tu7+QgiZEWBSZon8zMqxOJ0R0V32XWt
+2UUsc8llIUiqOxxRlDL/Sm+BBUp/DR1iNxkWuSCADsYTK9PxPWqePlvxJeKMjcrr
+rApNMqKbCp0vyV6IlxUhv34PmdA4IRbRsGVaWA5UhEqV2e65+QFp8rZ75kccqqaV
+RmpE5cG2bX0mZmPwMCXVgSustPXWXJQKtSloQygw9L9+zHXnGeAejJ3J+cHZrawr
+2JOavEPwfjqlXqsXyFGzKwqwWxuqEBM7WX1EPwf9Zqf3YeWIhUcLiE0KU2wx4BJ4
+HBbcbXhQuZ5Atid/0PvWGZ/AwCIkRPWdXoABDTQOAQKBgQDHhDPd7AdJkA/o1MH6
+4YqijB2m1ZIu6Yn+n2wg7nUZtcS6SKPuL0umF6ht17LbK6uvs1oOaODpfLWzhMSb
+RZnowm0R070nea2OBzJl/iem0QOKYb1VckEecBQkFffB3iqQ33RR/3oldI6It0C2
+299qwc8WIa2Yc3mT/TGOFv5FgQKBgQDAv+kNK0N3iLR2yBuzU/+is6jikhcDTWtp
+FAH1QjsrZMu/Cs1Qn1BZZc7D4CythhS/oSQP+//Gy0n8AXhjEpkAo6aTYQuLYoaL
+ER6yjMz/W3+c7aBX+TFwspEdNqfEuDry+41qWWWVXSg2PaVGE/gqOwSFfnXQEdj5
+s/QzFOutlwKBgQCb/RGsNYhxDFBUAlvzMXl5osDgGmSjhvXb/HrGuIkXY9T+rCJ2
+68Vig2atEpKE5vzhbwE++OK3ykgppektWNp/b9tkr75Y6bo2rAvMUExiEVKKU+Z6
+ssyU5p3opMBDc9al0/8WyP6P4DQ8UcIn9XoU9phZPlWCNu5cNP4UkIeWgQKBgQC5
+eHDygQzceqjcG1W8SzmS/7mkutp2DQssA1qW+3IgIU+Etwo1Z/dS7on1JUMYfgp9
+Eru2vc+zJG4+ldOX0Y90dASXkCwhpV69dm3JdX7UwOCcynMd8+VFAi5so+jvfC8N
+HE1JZlg/T3KgLtVYB2Mmj7+cDMGkw2e7bxOuC5V0ZQKBgQCK80rYnQC/SPxzfj25
+aFtKisLLwU0dQYiAQrAI3Bai3tFYBJ/R/cm7Idq6hZrsgeDi9wHBq+F7cW/gsbFD
+oFWe/KVVJR8Z7UltlKaY70jWh8fQ+qzOoc4PFIgyVOtL81uwzbfMatn1ok08P/1m
+87Aw7ckQ6vkKUlhcSgJr4zq69w==
 -----END PRIVATE KEY-----
diff --git a/test/org/apache/tomcat/util/net/localhost-rsa.jks b/test/org/apache/tomcat/util/net/localhost-rsa.jks
index a2be48a..83b525e 100644
Binary files a/test/org/apache/tomcat/util/net/localhost-rsa.jks and b/test/org/apache/tomcat/util/net/localhost-rsa.jks differ


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [tomcat] branch master updated: Renew all the server test certs

Christopher Schultz-2
Mark,

Why not simply mint a self-signed cert that lasts a long time? They are
self-signed so global trust isn't important. If global-trust isn't
important then it's okay if someone "steals" them any time they like.

Having to re-generate the certs is just a nuissance and causes
revision-churn.

I think it would be better to either mint the certs as needed (e.g. in
the tests themselves) or just use a cert that lasts a long time (e.g. 30
years). Minting on-demand might kill the entropy on the server, so
that's not a great idea.

-chris

On 2/17/21 12:12, [hidden email] wrote:

> This is an automated email from the ASF dual-hosted git repository.
>
> markt pushed a commit to branch master
> in repository https://gitbox.apache.org/repos/asf/tomcat.git
>
>
> The following commit(s) were added to refs/heads/master by this push:
>       new e322a6b  Renew all the server test certs
> e322a6b is described below
>
> commit e322a6b6b10623dc0adf7cf05c8423aba89bedab
> Author: Mark Thomas <[hidden email]>
> AuthorDate: Wed Feb 17 17:11:41 2021 +0000
>
>      Renew all the server test certs
> ---
>   .../apache/tomcat/util/net/localhost-ec-cert.pem   | 122 ++++++++--------
>   .../apache/tomcat/util/net/localhost-ec-key.pem    |  13 +-
>   test/org/apache/tomcat/util/net/localhost-ec.jks   | Bin 3089 -> 1372 bytes
>   .../apache/tomcat/util/net/localhost-rsa-cert.pem  | 160 ++++++++++-----------
>   .../apache/tomcat/util/net/localhost-rsa-copy1.jks | Bin 2737 -> 2688 bytes
>   .../apache/tomcat/util/net/localhost-rsa-key.pem   |  52 +++----
>   test/org/apache/tomcat/util/net/localhost-rsa.jks  | Bin 4455 -> 4406 bytes
>   7 files changed, 173 insertions(+), 174 deletions(-)
>
> diff --git a/test/org/apache/tomcat/util/net/localhost-ec-cert.pem b/test/org/apache/tomcat/util/net/localhost-ec-cert.pem
> index c918bcc..a8ebc43 100644
> --- a/test/org/apache/tomcat/util/net/localhost-ec-cert.pem
> +++ b/test/org/apache/tomcat/util/net/localhost-ec-cert.pem
> @@ -1,22 +1,22 @@
>   Certificate:
>       Data:
>           Version: 3 (0x2)
> -        Serial Number: 4098 (0x1002)
> -    Signature Algorithm: sha256WithRSAEncryption
> +        Serial Number: 4106 (0x100a)
> +        Signature Algorithm: sha256WithRSAEncryption
>           Issuer: C=US, ST=MA, L=Wakefield, O=The Apache Software Foundation, OU=Apache Tomcat PMC, CN=Apache Tomcat Test CA
>           Validity
> -            Not Before: Feb 15 19:32:18 2019 GMT
> -            Not After : Feb 14 19:32:18 2021 GMT
> -        Subject: C=US, ST=MA, L=Wakefield, O=The Apache Software Foundation, OU=Apache Tomcat PMC, CN=localhost
> +            Not Before: Feb 17 15:12:12 2021 GMT
> +            Not After : Feb 17 15:12:12 2023 GMT
> +        Subject: C=US, ST=DE, L=Wilmington, O=The Apache Software Foundation, OU=Apache Tomcat PMC, CN=localhost
>           Subject Public Key Info:
>               Public Key Algorithm: id-ecPublicKey
>                   Public-Key: (256 bit)
>                   pub:
> -                    04:10:cc:24:b7:0c:2a:fe:a6:af:ea:b2:dc:26:f1:
> -                    81:06:ae:0b:eb:f0:c0:5f:a3:ee:5a:e3:d3:7c:02:
> -                    b0:58:6c:47:0e:6e:08:ac:30:e1:76:e5:9c:06:80:
> -                    af:42:ce:a7:6f:49:b5:ec:95:08:b1:a9:e3:7a:f7:
> -                    84:4f:e2:05:60
> +                    04:ab:46:91:f9:d4:b7:5a:92:57:70:32:5c:04:ce:
> +                    ce:31:39:66:30:cb:2e:59:97:6c:1f:06:0e:51:9d:
> +                    78:20:bd:23:5f:44:36:00:5e:13:da:dc:63:a4:98:
> +                    44:48:50:ba:65:1b:e9:4c:b8:e3:b6:da:66:63:c8:
> +                    0c:40:ee:3e:23
>                   ASN1 OID: prime256v1
>                   NIST CURVE: P-256
>           X509v3 extensions:
> @@ -25,62 +25,62 @@ Certificate:
>               Netscape Comment:
>                   OpenSSL Generated Certificate
>               X509v3 Subject Key Identifier:
> -                F8:98:B3:3A:75:F3:09:EB:FF:CC:6E:26:39:F0:B5:FF:1F:0F:FB:01
> +                51:59:C0:F4:44:A9:DD:9B:AE:0E:19:2E:66:89:CC:C1:ED:56:B6:3F
>               X509v3 Authority Key Identifier:
>                   keyid:00:F2:98:4D:21:2C:00:3C:40:9B:84:F4:DE:2A:F0:26:EE:32:0E:9F
>  
>       Signature Algorithm: sha256WithRSAEncryption
> -         66:3f:a4:8e:4b:e0:3c:a2:54:d3:8d:6a:6d:83:fe:02:13:a8:
> -         79:41:55:68:33:7a:13:84:2f:92:db:aa:06:ab:4c:69:a7:fe:
> -         47:2f:31:a0:16:e8:cb:df:a8:d7:b3:21:27:2b:51:e2:77:05:
> -         65:40:17:40:ff:9c:b8:3c:9f:c7:bf:65:8e:00:6f:ce:01:6d:
> -         30:37:84:96:bd:78:11:26:be:27:22:53:67:c8:ac:cb:04:cb:
> -         e2:96:a3:9e:a3:16:af:bf:97:be:c6:3d:0a:0f:1d:e9:45:0b:
> -         ea:77:47:a7:d5:79:b2:5a:bc:83:4c:8c:2a:ca:b7:4c:0c:d4:
> -         17:d5:24:b1:b1:5b:2c:6e:59:5d:30:40:b5:72:6f:3a:b1:f4:
> -         f9:0d:7e:b9:aa:99:26:19:21:b0:07:4d:49:c3:e7:c2:3d:c8:
> -         98:62:cd:b6:d5:9a:21:f8:c7:b0:1a:72:59:02:80:0f:83:af:
> -         d7:3b:8a:7e:53:38:8c:0d:e9:03:9d:c8:f9:1d:5c:82:7f:49:
> -         8d:87:d3:89:69:a1:39:d3:fd:04:17:e5:63:af:55:02:ef:60:
> -         d7:70:1d:60:6c:aa:53:43:13:f1:82:f6:b6:41:71:7b:38:ff:
> -         82:78:73:73:11:e7:48:2f:f8:e8:77:27:7a:0f:a3:14:b0:33:
> -         f9:aa:65:0c:8f:69:3b:2f:ee:b3:51:d6:5d:8a:67:80:47:1e:
> -         a3:bd:d2:03:c3:62:45:1a:ac:dd:79:2e:84:a7:3d:8a:27:89:
> -         c4:31:cc:1c:0b:37:a6:9d:a4:e4:65:03:8b:a3:5a:63:60:fb:
> -         b9:7b:44:7f:8d:6a:74:9f:52:0e:b8:e7:12:52:98:5f:e9:34:
> -         20:5a:f6:b7:15:a1:81:5e:f4:18:6c:18:c7:e8:dc:64:f8:d1:
> -         a2:6f:98:a6:fd:36:e8:be:e7:a8:3f:a5:cb:de:1f:8f:ef:4a:
> -         29:ee:69:f3:81:cd:ce:ec:5f:d7:b8:61:c1:41:4b:b0:49:5c:
> -         29:eb:dd:e8:a6:54:4c:61:72:af:9c:50:da:16:1d:da:14:c9:
> -         5f:8a:ae:2a:41:3b:9d:1e:72:7d:c8:eb:28:f2:a5:49:9b:ca:
> -         0c:38:88:09:b3:5f:a9:83:13:6a:93:03:f9:3c:92:22:b8:cb:
> -         ad:ba:dc:9b:6d:a6:9e:b0:d5:5a:57:ea:ae:f7:e9:8f:03:c2:
> -         24:80:f8:50:21:94:7c:58:ac:b0:86:58:13:f2:d4:ef:f3:c1:
> -         53:96:88:f9:dd:19:a7:83:fe:a9:d1:0a:1c:d0:10:23:6e:24:
> -         47:41:3b:d4:dd:a1:06:2d:8a:ba:51:ef:34:e7:81:f0:94:51:
> -         28:3a:44:8e:de:25:fa:e3
> +         a2:fd:07:71:93:5d:9f:2c:16:75:9c:e7:11:3e:6c:f6:19:78:
> +         9c:6d:bf:b3:ef:62:e9:20:25:93:a3:95:f7:64:db:b3:ed:c2:
> +         36:3b:da:29:3c:1c:59:d7:5b:56:b8:4b:03:7f:28:94:7b:71:
> +         fb:a9:06:18:da:f8:da:ff:ee:82:9e:da:b4:8c:e1:4a:d4:bf:
> +         84:a1:e7:37:de:f3:d8:d4:5f:3f:b2:8d:e2:33:3e:47:86:d7:
> +         01:13:14:2d:4c:65:f8:05:d4:fa:d2:55:61:40:f5:b0:95:3d:
> +         da:57:7a:e3:06:39:45:f4:a3:59:a7:75:d7:6c:44:c9:85:e7:
> +         e9:78:ab:04:f2:92:7b:9d:62:16:cb:33:33:4e:10:42:e3:86:
> +         34:47:8a:22:4f:45:f3:ca:2d:a7:24:6a:bf:78:07:e9:78:47:
> +         c7:36:db:7d:f0:3f:14:ab:20:82:fb:e1:d8:4c:05:98:df:97:
> +         15:be:31:51:f6:6f:73:6b:3a:b7:39:dc:78:e2:36:f0:da:9a:
> +         ff:d9:00:88:f6:66:8c:36:53:e2:4f:f5:ab:d3:cb:3e:0a:69:
> +         56:df:63:cb:89:34:b7:d5:6d:81:eb:38:1a:76:0e:59:0f:5e:
> +         d3:d9:54:b0:e7:a3:2c:70:89:4c:1e:9c:5f:c2:6a:22:70:05:
> +         e5:c9:9f:57:41:30:3f:c8:dc:27:dd:11:c8:25:76:a9:49:5b:
> +         26:18:96:44:18:31:10:21:bb:8a:fe:2c:41:40:9d:c8:e7:6a:
> +         1c:01:1b:11:10:72:7c:e7:50:e0:23:c2:81:81:6e:40:44:09:
> +         90:e0:d8:cc:6b:71:b0:fa:87:47:d8:bb:ce:e8:21:a1:29:30:
> +         4e:bc:46:1b:6c:2e:88:d8:2d:d2:44:6d:eb:0b:ee:e1:9c:df:
> +         d7:90:2a:fc:10:22:92:23:5d:2b:62:01:85:54:98:c7:ef:a0:
> +         50:7c:38:6b:ca:46:e9:e6:33:40:b3:66:b8:73:79:7a:cb:a4:
> +         98:15:53:de:16:67:03:52:77:1b:a3:6f:a2:0d:f6:4d:35:dd:
> +         78:5c:60:f0:f3:cc:56:77:4b:3a:fe:21:dc:7c:b9:9e:37:be:
> +         7a:79:db:fa:39:97:b5:98:d9:fa:3f:77:af:df:e3:55:25:da:
> +         14:82:30:8e:9e:66:02:11:83:bf:23:63:1b:e5:2b:a7:37:e1:
> +         b1:2e:95:dd:91:7c:3a:f0:58:26:32:fc:51:84:5b:0d:1f:a4:
> +         8d:1d:f3:a1:67:1a:48:af:91:e2:39:25:39:0e:78:06:b8:fb:
> +         c2:ef:b0:f3:24:fb:aa:20:36:ab:67:c1:45:79:5e:11:f1:2e:
> +         30:20:69:fc:46:9e:9e:0d
>   -----BEGIN CERTIFICATE-----
> -MIIESDCCAjCgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwgZMxCzAJBgNVBAYTAlVT
> +MIIESTCCAjGgAwIBAgICEAowDQYJKoZIhvcNAQELBQAwgZMxCzAJBgNVBAYTAlVT
>   MQswCQYDVQQIEwJNQTESMBAGA1UEBxMJV2FrZWZpZWxkMScwJQYDVQQKEx5UaGUg
>   QXBhY2hlIFNvZnR3YXJlIEZvdW5kYXRpb24xGjAYBgNVBAsTEUFwYWNoZSBUb21j
> -YXQgUE1DMR4wHAYDVQQDExVBcGFjaGUgVG9tY2F0IFRlc3QgQ0EwHhcNMTkwMjE1
> -MTkzMjE4WhcNMjEwMjE0MTkzMjE4WjCBhzELMAkGA1UEBhMCVVMxCzAJBgNVBAgM
> -Ak1BMRIwEAYDVQQHDAlXYWtlZmllbGQxJzAlBgNVBAoMHlRoZSBBcGFjaGUgU29m
> -dHdhcmUgRm91bmRhdGlvbjEaMBgGA1UECwwRQXBhY2hlIFRvbWNhdCBQTUMxEjAQ
> -BgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBDMJLcM
> -Kv6mr+qy3CbxgQauC+vwwF+j7lrj03wCsFhsRw5uCKww4XblnAaAr0LOp29JteyV
> -CLGp43r3hE/iBWCjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5T
> -U0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBT4mLM6dfMJ6//MbiY5
> -8LX/Hw/7ATAfBgNVHSMEGDAWgBQA8phNISwAPECbhPTeKvAm7jIOnzANBgkqhkiG
> -9w0BAQsFAAOCAgEAZj+kjkvgPKJU041qbYP+AhOoeUFVaDN6E4QvktuqBqtMaaf+
> -Ry8xoBboy9+o17MhJytR4ncFZUAXQP+cuDyfx79ljgBvzgFtMDeElr14ESa+JyJT
> -Z8isywTL4pajnqMWr7+XvsY9Cg8d6UUL6ndHp9V5slq8g0yMKsq3TAzUF9UksbFb
> -LG5ZXTBAtXJvOrH0+Q1+uaqZJhkhsAdNScPnwj3ImGLNttWaIfjHsBpyWQKAD4Ov
> -1zuKflM4jA3pA53I+R1cgn9JjYfTiWmhOdP9BBflY69VAu9g13AdYGyqU0MT8YL2
> -tkFxezj/gnhzcxHnSC/46Hcneg+jFLAz+aplDI9pOy/us1HWXYpngEceo73SA8Ni
> -RRqs3XkuhKc9iieJxDHMHAs3pp2k5GUDi6NaY2D7uXtEf41qdJ9SDrjnElKYX+k0
> -IFr2txWhgV70GGwYx+jcZPjRom+Ypv026L7nqD+ly94fj+9KKe5p84HNzuxf17hh
> -wUFLsElcKevd6KZUTGFyr5xQ2hYd2hTJX4quKkE7nR5yfcjrKPKlSZvKDDiICbNf
> -qYMTapMD+TySIrjLrbrcm22mnrDVWlfqrvfpjwPCJID4UCGUfFissIZYE/LU7/PB
> -U5aI+d0Zp4P+qdEKHNAQI24kR0E71N2hBi2KulHvNOeB8JRRKDpEjt4l+uM=
> +YXQgUE1DMR4wHAYDVQQDExVBcGFjaGUgVG9tY2F0IFRlc3QgQ0EwHhcNMjEwMjE3
> +MTUxMjEyWhcNMjMwMjE3MTUxMjEyWjCBiDELMAkGA1UEBhMCVVMxCzAJBgNVBAgM
> +AkRFMRMwEQYDVQQHDApXaWxtaW5ndG9uMScwJQYDVQQKDB5UaGUgQXBhY2hlIFNv
> +ZnR3YXJlIEZvdW5kYXRpb24xGjAYBgNVBAsMEUFwYWNoZSBUb21jYXQgUE1DMRIw
> +EAYDVQQDDAlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASrRpH5
> +1LdakldwMlwEzs4xOWYwyy5Zl2wfBg5RnXggvSNfRDYAXhPa3GOkmERIULplG+lM
> +uOO22mZjyAxA7j4jo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVu
> +U1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUUVnA9ESp3ZuuDhku
> +ZonMwe1Wtj8wHwYDVR0jBBgwFoAUAPKYTSEsADxAm4T03irwJu4yDp8wDQYJKoZI
> +hvcNAQELBQADggIBAKL9B3GTXZ8sFnWc5xE+bPYZeJxtv7PvYukgJZOjlfdk27Pt
> +wjY72ik8HFnXW1a4SwN/KJR7cfupBhja+Nr/7oKe2rSM4UrUv4Sh5zfe89jUXz+y
> +jeIzPkeG1wETFC1MZfgF1PrSVWFA9bCVPdpXeuMGOUX0o1mndddsRMmF5+l4qwTy
> +knudYhbLMzNOEELjhjRHiiJPRfPKLackar94B+l4R8c2233wPxSrIIL74dhMBZjf
> +lxW+MVH2b3NrOrc53HjiNvDamv/ZAIj2Zow2U+JP9avTyz4KaVbfY8uJNLfVbYHr
> +OBp2DlkPXtPZVLDnoyxwiUwenF/CaiJwBeXJn1dBMD/I3CfdEcgldqlJWyYYlkQY
> +MRAhu4r+LEFAncjnahwBGxEQcnznUOAjwoGBbkBECZDg2MxrcbD6h0fYu87oIaEp
> +ME68RhtsLojYLdJEbesL7uGc39eQKvwQIpIjXStiAYVUmMfvoFB8OGvKRunmM0Cz
> +ZrhzeXrLpJgVU94WZwNSdxujb6IN9k013XhcYPDzzFZ3Szr+Idx8uZ43vnp52/o5
> +l7WY2fo/d6/f41Ul2hSCMI6eZgIRg78jYxvlK6c34bEuld2RfDrwWCYy/FGEWw0f
> +pI0d86FnGkivkeI5JTkOeAa4+8LvsPMk+6ogNqtnwUV5XhHxLjAgafxGnp4N
>   -----END CERTIFICATE-----
> diff --git a/test/org/apache/tomcat/util/net/localhost-ec-key.pem b/test/org/apache/tomcat/util/net/localhost-ec-key.pem
> index 85ecdc8..65c1196 100644
> --- a/test/org/apache/tomcat/util/net/localhost-ec-key.pem
> +++ b/test/org/apache/tomcat/util/net/localhost-ec-key.pem
> @@ -1,5 +1,8 @@
> ------BEGIN PRIVATE KEY-----
> -MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg0U7ZRpeTEzVDXCCP
> -oKwgWnN0tf7CMaE9dJmLIPpNgnChRANCAAQQzCS3DCr+pq/qstwm8YEGrgvr8MBf
> -o+5a49N8ArBYbEcObgisMOF25ZwGgK9CzqdvSbXslQixqeN694RP4gVg
> ------END PRIVATE KEY-----
> +-----BEGIN EC PARAMETERS-----
> +BggqhkjOPQMBBw==
> +-----END EC PARAMETERS-----
> +-----BEGIN EC PRIVATE KEY-----
> +MHcCAQEEIOze3lg2jyXDE1jY5l6GMD98TsYhgO5EqGNnEKcRQNE4oAoGCCqGSM49
> +AwEHoUQDQgAEq0aR+dS3WpJXcDJcBM7OMTlmMMsuWZdsHwYOUZ14IL0jX0Q2AF4T
> +2txjpJhESFC6ZRvpTLjjttpmY8gMQO4+Iw==
> +-----END EC PRIVATE KEY-----
> diff --git a/test/org/apache/tomcat/util/net/localhost-ec.jks b/test/org/apache/tomcat/util/net/localhost-ec.jks
> index a6572af..c867e47 100644
> Binary files a/test/org/apache/tomcat/util/net/localhost-ec.jks and b/test/org/apache/tomcat/util/net/localhost-ec.jks differ
> diff --git a/test/org/apache/tomcat/util/net/localhost-rsa-cert.pem b/test/org/apache/tomcat/util/net/localhost-rsa-cert.pem
> index 24bb60a..7ee1d71 100644
> --- a/test/org/apache/tomcat/util/net/localhost-rsa-cert.pem
> +++ b/test/org/apache/tomcat/util/net/localhost-rsa-cert.pem
> @@ -1,35 +1,35 @@
>   Certificate:
>       Data:
>           Version: 3 (0x2)
> -        Serial Number: 4102 (0x1006)
> +        Serial Number: 4105 (0x1009)
>           Signature Algorithm: sha256WithRSAEncryption
>           Issuer: C=US, ST=MA, L=Wakefield, O=The Apache Software Foundation, OU=Apache Tomcat PMC, CN=Apache Tomcat Test CA
>           Validity
> -            Not Before: Aug  7 20:30:28 2019 GMT
> -            Not After : Aug  6 20:30:28 2021 GMT
> -        Subject: C=US, ST=MA, L=Wakefield, O=The Apache Software Foundation, OU=Apache Tomcat PMC, CN=localhost
> +            Not Before: Feb 17 14:28:35 2021 GMT
> +            Not After : Feb 17 14:28:35 2023 GMT
> +        Subject: C=US, ST=DE, L=Wilmington, O=The Apache Software Foundation, OU=Apache Tomcat PMC, CN=localhost
>           Subject Public Key Info:
>               Public Key Algorithm: rsaEncryption
>                   RSA Public-Key: (2048 bit)
>                   Modulus:
> -                    00:cf:e2:56:a6:67:a6:e8:e7:f3:94:86:6e:f9:06:
> -                    46:cf:20:66:b5:cd:b1:c7:d6:50:ea:4d:46:44:ed:
> -                    45:65:ea:b6:9b:2e:49:a5:25:c1:8e:36:f6:2c:bc:
> -                    8e:09:35:0b:2f:43:70:73:07:47:1d:78:a1:12:e9:
> -                    56:5d:ab:84:15:16:0e:38:01:bb:81:87:2d:c4:3b:
> -                    dc:2e:4a:e1:d4:66:1b:ce:87:2c:a9:b8:e3:aa:80:
> -                    75:79:b1:98:f3:dd:df:66:d0:0d:e1:06:d8:6c:6c:
> -                    50:f0:00:80:32:70:55:7b:dd:eb:ae:f2:6a:bf:93:
> -                    3d:15:e1:25:f8:75:ce:d8:46:dc:c4:6b:ee:f9:f5:
> -                    93:39:ad:90:47:15:4b:fa:ca:5b:fe:ca:1b:29:8a:
> -                    74:19:2a:cb:1e:4f:20:d9:74:75:24:a0:06:d1:3a:
> -                    ed:9b:88:87:f3:1b:0f:a6:14:67:e9:ed:47:2e:a1:
> -                    25:6a:c2:97:04:13:f4:9f:62:38:cd:5a:e7:ad:c2:
> -                    64:2c:8f:9c:3d:04:58:12:42:e5:0c:8e:8c:ce:78:
> -                    3d:60:38:ce:06:ff:9c:ea:9c:c9:0f:73:90:b2:1a:
> -                    4a:16:99:c9:fe:95:88:7b:3c:7f:19:d0:26:27:11:
> -                    78:f9:92:5c:b4:f5:d4:cb:b0:84:0c:74:37:3d:87:
> -                    1a:0b
> +                    00:96:38:b8:2a:ba:3b:f8:2c:65:74:96:50:fd:45:
> +                    ae:4a:93:a7:69:80:7a:c5:1f:2e:26:0e:07:58:77:
> +                    95:b1:c7:e1:8c:6f:02:6b:3a:e1:bb:14:63:01:52:
> +                    74:c8:39:ad:8e:84:43:16:12:93:de:c1:5a:04:fb:
> +                    c4:65:0d:d1:fd:b2:3e:fd:2a:e2:6f:3c:03:79:61:
> +                    ec:62:ff:34:14:2b:fa:d5:6f:97:2b:98:17:4e:31:
> +                    8e:7d:d2:46:1f:5d:6d:6b:39:d8:cb:f0:31:05:28:
> +                    1d:6a:4d:67:9a:17:a8:a0:09:7f:1b:3d:b9:99:1d:
> +                    2d:50:52:72:b3:69:73:04:5a:04:af:19:af:77:39:
> +                    7f:10:4b:6b:92:ff:aa:01:14:08:0a:97:bf:9f:21:
> +                    db:07:62:0d:04:23:dc:18:b7:72:14:ec:4a:8b:c5:
> +                    e6:80:25:a1:2c:97:b4:4d:df:79:79:44:b4:18:ce:
> +                    88:92:ab:ac:15:c2:f6:3f:47:ff:56:09:8f:82:15:
> +                    b0:5a:14:76:92:98:54:96:97:3b:20:ff:a6:a9:cf:
> +                    da:2d:f6:0e:a3:3c:b4:92:2a:7b:b6:3d:0e:18:6f:
> +                    39:f5:72:4d:c3:c6:e3:44:3a:0b:e7:a5:82:c8:31:
> +                    aa:36:1f:13:ec:4b:7b:cf:79:fd:2a:05:e4:46:5e:
> +                    2c:17
>                   Exponent: 65537 (0x10001)
>           X509v3 extensions:
>               X509v3 Basic Constraints:
> @@ -37,73 +37,69 @@ Certificate:
>               Netscape Comment:
>                   OpenSSL Generated Certificate
>               X509v3 Subject Key Identifier:
> -                0D:86:88:1D:07:59:CE:14:B4:89:81:58:C6:0B:FF:4C:CA:25:52:80
> +                CD:35:CB:AD:62:91:65:C4:C5:46:C8:C3:0A:C7:D3:57:43:46:E8:FD
>               X509v3 Authority Key Identifier:
>                   keyid:00:F2:98:4D:21:2C:00:3C:40:9B:84:F4:DE:2A:F0:26:EE:32:0E:9F
>  
> -            Authority Information Access:
> -                OCSP - URI:http://127.0.0.1:8888
> -
>               X509v3 Subject Alternative Name:
>                   DNS:localhost, IP Address:127.0.0.1
>       Signature Algorithm: sha256WithRSAEncryption
> -         7d:dc:b1:0f:dd:34:df:26:63:73:02:8a:d6:39:64:73:c3:fc:
> -         40:75:26:b6:9b:42:72:af:c9:63:41:68:d0:78:c7:47:ef:c2:
> -         44:5a:b3:58:95:a3:2c:f3:b1:f4:a3:3d:0b:94:ff:b4:97:6a:
> -         e9:4b:4b:c2:3a:f6:36:43:af:ee:2f:39:3e:f2:5f:2c:a2:b7:
> -         43:3c:13:42:d8:4e:e0:36:bc:23:c5:43:88:46:92:f7:77:14:
> -         67:73:14:5b:43:0e:3d:b5:1a:69:e9:ca:84:08:20:27:9f:23:
> -         4d:60:db:cb:98:4a:b3:3e:71:e6:e8:a1:11:1c:7e:7e:43:fb:
> -         6d:a5:41:c0:7e:3f:84:ed:06:28:dc:aa:80:17:76:ec:8a:e6:
> -         65:45:21:85:13:48:e0:5b:87:c8:2a:1a:0f:37:0f:2a:64:53:
> -         a8:e3:49:04:84:88:fe:8b:a2:3c:cc:41:c7:c0:ad:26:d6:e1:
> -         67:69:9a:50:c7:eb:3d:1c:7f:da:88:08:24:14:6e:a1:ab:3e:
> -         77:3f:88:12:55:98:97:9f:db:ad:09:e2:20:fe:8d:1f:ea:4f:
> -         46:7e:d8:aa:ba:14:bd:a8:c2:6f:1b:47:62:d9:05:ca:c7:30:
> -         7b:1e:95:2e:55:10:1d:b1:e3:44:95:07:25:6e:8c:9d:69:5b:
> -         5c:ad:5f:56:27:e8:60:9f:d2:f4:64:7f:f7:8f:dc:bb:ee:bf:
> -         be:0b:ea:34:9b:37:de:f0:5c:e0:64:c2:52:42:a6:0d:20:7d:
> -         78:34:42:c1:1c:43:a1:98:e8:48:7b:92:49:2b:d9:63:91:6a:
> -         70:02:d0:1b:a5:2a:ee:e5:1b:12:4f:cb:c9:e7:18:ae:66:f5:
> -         04:d9:d2:68:95:c1:31:fe:57:9d:51:f5:fc:ed:43:3b:79:bf:
> -         c3:9d:85:68:d8:98:a5:3c:a2:bb:fb:5b:19:5b:de:f0:7e:c8:
> -         5e:47:ba:5d:8a:5b:44:f1:44:54:64:c0:da:95:a6:f0:bf:a9:
> -         3f:5d:4c:72:97:86:ae:1e:0d:cd:20:4b:85:e0:4e:26:4d:29:
> -         4e:96:43:b0:fd:30:5f:53:24:97:bc:35:d8:31:4b:6c:ea:a7:
> -         f9:64:f9:cb:a0:14:c4:fc:54:78:13:52:b5:06:8f:7a:c2:00:
> -         14:97:18:06:ef:bc:2f:2a:31:fc:11:25:7f:47:e3:3b:54:e7:
> -         46:62:78:ba:52:07:32:41:48:9d:47:bd:1c:f4:eb:49:11:42:
> -         40:9c:36:5a:e0:84:bd:09:44:91:bb:5c:d1:c4:28:6a:68:34:
> -         f9:2c:22:b7:fc:43:bb:c4:96:02:ce:73:43:be:de:02:9c:e1:
> -         d2:2a:4a:76:19:d6:3f:b0
> +         70:45:e7:c9:6b:6c:22:26:f3:39:06:0c:8b:11:13:0b:b1:48:
> +         46:2c:1f:61:b3:e8:36:3b:ea:ac:e8:b0:28:46:fa:b6:37:14:
> +         91:91:4c:6c:7d:fc:c0:4d:c7:7c:a4:3e:1c:6e:1b:a7:ab:8d:
> +         a8:c3:97:e1:67:ee:01:98:56:29:08:f9:1a:35:97:5a:a7:49:
> +         fb:68:3d:e5:32:a1:4b:b4:9c:f3:a7:c7:89:c5:49:8f:b6:e9:
> +         ae:24:e3:f0:04:b9:0e:ec:0b:0a:32:99:ae:0c:16:11:16:02:
> +         db:7d:68:e1:40:40:bd:58:0a:08:e5:57:ed:c9:d9:1e:cf:32:
> +         e4:59:af:20:f2:e5:fc:89:ac:2b:85:5a:d4:e2:58:b9:4c:9c:
> +         dc:96:8e:3c:f8:3f:89:8d:cb:e3:fe:79:d3:3a:6d:df:70:2f:
> +         b7:f3:82:69:0b:86:b6:af:5d:64:6c:71:2c:90:56:86:cd:3c:
> +         e0:28:5c:f8:90:91:a9:9d:22:05:c3:d6:03:a5:7a:fc:a8:33:
> +         0a:2c:17:30:f3:89:2c:26:cf:ac:21:91:4c:1f:93:a8:23:81:
> +         45:40:0f:4b:74:fe:e6:3b:47:20:1b:78:7c:61:03:c9:0b:f4:
> +         b5:e3:a4:55:fd:f5:3f:55:0c:22:4a:77:08:02:c2:bf:28:07:
> +         37:2f:e8:c9:2c:73:5c:c7:52:78:70:a4:84:14:b4:a0:be:3d:
> +         36:c5:9e:d3:fc:6f:4b:1a:5c:ff:1b:f8:d0:cb:7f:d7:c9:39:
> +         01:08:27:55:b3:9b:c8:fc:fe:95:c3:a8:89:a3:e9:70:5d:1e:
> +         6e:c2:8e:e7:33:dd:75:fd:e9:ff:f9:9d:a0:8b:16:e4:ee:a1:
> +         f1:58:65:8f:ec:58:a6:40:9d:60:6e:a8:8e:97:27:60:fa:60:
> +         51:2e:8e:e4:56:64:ee:87:2c:48:80:a1:dc:89:72:22:0e:58:
> +         79:78:d9:c4:bb:9f:93:10:6f:91:2e:d6:9f:64:e3:57:50:15:
> +         da:1a:be:fa:6b:3b:6f:3b:8d:fe:a1:ec:5e:8e:9a:02:1b:60:
> +         a3:40:57:2c:2c:f5:17:c0:da:3c:cc:a5:eb:39:c0:21:1c:bf:
> +         ab:23:03:c1:5b:7c:af:b5:f6:7b:1a:05:6b:e2:76:fe:b0:35:
> +         53:0b:44:9a:46:ce:8f:cf:88:14:20:55:ba:45:ad:19:92:e0:
> +         88:e0:cf:ee:f3:3c:1d:a5:dd:7c:ba:29:d5:27:20:75:5c:fc:
> +         eb:08:90:4f:e2:ca:e8:40:81:91:6a:62:9e:1d:d0:03:e9:53:
> +         2d:df:dd:6e:fb:1c:87:17:7a:65:81:15:cd:e1:c2:d7:59:55:
> +         68:92:f6:88:59:5b:db:8d
>   -----BEGIN CERTIFICATE-----
> -MIIFZDCCA0ygAwIBAgICEAYwDQYJKoZIhvcNAQELBQAwgZMxCzAJBgNVBAYTAlVT
> +MIIFMjCCAxqgAwIBAgICEAkwDQYJKoZIhvcNAQELBQAwgZMxCzAJBgNVBAYTAlVT
>   MQswCQYDVQQIEwJNQTESMBAGA1UEBxMJV2FrZWZpZWxkMScwJQYDVQQKEx5UaGUg
>   QXBhY2hlIFNvZnR3YXJlIEZvdW5kYXRpb24xGjAYBgNVBAsTEUFwYWNoZSBUb21j
> -YXQgUE1DMR4wHAYDVQQDExVBcGFjaGUgVG9tY2F0IFRlc3QgQ0EwHhcNMTkwODA3
> -MjAzMDI4WhcNMjEwODA2MjAzMDI4WjCBhzELMAkGA1UEBhMCVVMxCzAJBgNVBAgT
> -Ak1BMRIwEAYDVQQHEwlXYWtlZmllbGQxJzAlBgNVBAoTHlRoZSBBcGFjaGUgU29m
> -dHdhcmUgRm91bmRhdGlvbjEaMBgGA1UECxMRQXBhY2hlIFRvbWNhdCBQTUMxEjAQ
> -BgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
> -AM/iVqZnpujn85SGbvkGRs8gZrXNscfWUOpNRkTtRWXqtpsuSaUlwY429iy8jgk1
> -Cy9DcHMHRx14oRLpVl2rhBUWDjgBu4GHLcQ73C5K4dRmG86HLKm446qAdXmxmPPd
> -32bQDeEG2GxsUPAAgDJwVXvd667yar+TPRXhJfh1zthG3MRr7vn1kzmtkEcVS/rK
> -W/7KGymKdBkqyx5PINl0dSSgBtE67ZuIh/MbD6YUZ+ntRy6hJWrClwQT9J9iOM1a
> -563CZCyPnD0EWBJC5QyOjM54PWA4zgb/nOqcyQ9zkLIaShaZyf6ViHs8fxnQJicR
> -ePmSXLT11MuwhAx0Nz2HGgsCAwEAAaOByzCByDAJBgNVHRMEAjAAMCwGCWCGSAGG
> -+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU
> -DYaIHQdZzhS0iYFYxgv/TMolUoAwHwYDVR0jBBgwFoAUAPKYTSEsADxAm4T03irw
> -Ju4yDp8wMQYIKwYBBQUHAQEEJTAjMCEGCCsGAQUFBzABhhVodHRwOi8vMTI3LjAu
> -MC4xOjg4ODgwGgYDVR0RBBMwEYIJbG9jYWxob3N0hwR/AAABMA0GCSqGSIb3DQEB
> -CwUAA4ICAQB93LEP3TTfJmNzAorWOWRzw/xAdSa2m0Jyr8ljQWjQeMdH78JEWrNY
> -laMs87H0oz0LlP+0l2rpS0vCOvY2Q6/uLzk+8l8sordDPBNC2E7gNrwjxUOIRpL3
> -dxRncxRbQw49tRpp6cqECCAnnyNNYNvLmEqzPnHm6KERHH5+Q/ttpUHAfj+E7QYo
> -3KqAF3bsiuZlRSGFE0jgW4fIKhoPNw8qZFOo40kEhIj+i6I8zEHHwK0m1uFnaZpQ
> -x+s9HH/aiAgkFG6hqz53P4gSVZiXn9utCeIg/o0f6k9GftiquhS9qMJvG0di2QXK
> -xzB7HpUuVRAdseNElQclboydaVtcrV9WJ+hgn9L0ZH/3j9y77r++C+o0mzfe8Fzg
> -ZMJSQqYNIH14NELBHEOhmOhIe5JJK9ljkWpwAtAbpSru5RsST8vJ5xiuZvUE2dJo
> -lcEx/ledUfX87UM7eb/DnYVo2JilPKK7+1sZW97wfsheR7pdiltE8URUZMDalabw
> -v6k/XUxyl4auHg3NIEuF4E4mTSlOlkOw/TBfUySXvDXYMUts6qf5ZPnLoBTE/FR4
> -E1K1Bo96wgAUlxgG77wvKjH8ESV/R+M7VOdGYni6UgcyQUidR70c9OtJEUJAnDZa
> -4IS9CUSRu1zRxChqaDT5LCK3/EO7xJYCznNDvt4CnOHSKkp2GdY/sA==
> +YXQgUE1DMR4wHAYDVQQDExVBcGFjaGUgVG9tY2F0IFRlc3QgQ0EwHhcNMjEwMjE3
> +MTQyODM1WhcNMjMwMjE3MTQyODM1WjCBiDELMAkGA1UEBhMCVVMxCzAJBgNVBAgT
> +AkRFMRMwEQYDVQQHEwpXaWxtaW5ndG9uMScwJQYDVQQKEx5UaGUgQXBhY2hlIFNv
> +ZnR3YXJlIEZvdW5kYXRpb24xGjAYBgNVBAsTEUFwYWNoZSBUb21jYXQgUE1DMRIw
> +EAYDVQQDEwlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
> +AQCWOLgqujv4LGV0llD9Ra5Kk6dpgHrFHy4mDgdYd5Wxx+GMbwJrOuG7FGMBUnTI
> +Oa2OhEMWEpPewVoE+8RlDdH9sj79KuJvPAN5Yexi/zQUK/rVb5crmBdOMY590kYf
> +XW1rOdjL8DEFKB1qTWeaF6igCX8bPbmZHS1QUnKzaXMEWgSvGa93OX8QS2uS/6oB
> +FAgKl7+fIdsHYg0EI9wYt3IU7EqLxeaAJaEsl7RN33l5RLQYzoiSq6wVwvY/R/9W
> +CY+CFbBaFHaSmFSWlzsg/6apz9ot9g6jPLSSKnu2PQ4Ybzn1ck3DxuNEOgvnpYLI
> +Mao2HxPsS3vPef0qBeRGXiwXAgMBAAGjgZgwgZUwCQYDVR0TBAIwADAsBglghkgB
> +hvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYE
> +FM01y61ikWXExUbIwwrH01dDRuj9MB8GA1UdIwQYMBaAFADymE0hLAA8QJuE9N4q
> +8CbuMg6fMBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAAATANBgkqhkiG9w0BAQsF
> +AAOCAgEAcEXnyWtsIibzOQYMixETC7FIRiwfYbPoNjvqrOiwKEb6tjcUkZFMbH38
> +wE3HfKQ+HG4bp6uNqMOX4WfuAZhWKQj5GjWXWqdJ+2g95TKhS7Sc86fHicVJj7bp
> +riTj8AS5DuwLCjKZrgwWERYC231o4UBAvVgKCOVX7cnZHs8y5FmvIPLl/ImsK4Va
> +1OJYuUyc3JaOPPg/iY3L4/550zpt33Avt/OCaQuGtq9dZGxxLJBWhs084Chc+JCR
> +qZ0iBcPWA6V6/KgzCiwXMPOJLCbPrCGRTB+TqCOBRUAPS3T+5jtHIBt4fGEDyQv0
> +teOkVf31P1UMIkp3CALCvygHNy/oySxzXMdSeHCkhBS0oL49NsWe0/xvSxpc/xv4
> +0Mt/18k5AQgnVbObyPz+lcOoiaPpcF0ebsKO5zPddf3p//mdoIsW5O6h8Vhlj+xY
> +pkCdYG6ojpcnYPpgUS6O5FZk7ocsSICh3IlyIg5YeXjZxLufkxBvkS7Wn2TjV1AV
> +2hq++ms7bzuN/qHsXo6aAhtgo0BXLCz1F8DaPMyl6znAIRy/qyMDwVt8r7X2exoF
> +a+J2/rA1UwtEmkbOj8+IFCBVukWtGZLgiODP7vM8HaXdfLop1ScgdVz86wiQT+LK
> +6ECBkWpinh3QA+lTLd/dbvschxd6ZYEVzeHC11lVaJL2iFlb240=
>   -----END CERTIFICATE-----
> diff --git a/test/org/apache/tomcat/util/net/localhost-rsa-copy1.jks b/test/org/apache/tomcat/util/net/localhost-rsa-copy1.jks
> index df3eb23..3ee20d4 100644
> Binary files a/test/org/apache/tomcat/util/net/localhost-rsa-copy1.jks and b/test/org/apache/tomcat/util/net/localhost-rsa-copy1.jks differ
> diff --git a/test/org/apache/tomcat/util/net/localhost-rsa-key.pem b/test/org/apache/tomcat/util/net/localhost-rsa-key.pem
> index 6611669..2615d12 100644
> --- a/test/org/apache/tomcat/util/net/localhost-rsa-key.pem
> +++ b/test/org/apache/tomcat/util/net/localhost-rsa-key.pem
> @@ -1,28 +1,28 @@
>   -----BEGIN PRIVATE KEY-----
> -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDP4lamZ6bo5/OU
> -hm75BkbPIGa1zbHH1lDqTUZE7UVl6rabLkmlJcGONvYsvI4JNQsvQ3BzB0cdeKES
> -6VZdq4QVFg44AbuBhy3EO9wuSuHUZhvOhyypuOOqgHV5sZjz3d9m0A3hBthsbFDw
> -AIAycFV73euu8mq/kz0V4SX4dc7YRtzEa+759ZM5rZBHFUv6ylv+yhspinQZKsse
> -TyDZdHUkoAbROu2biIfzGw+mFGfp7UcuoSVqwpcEE/SfYjjNWuetwmQsj5w9BFgS
> -QuUMjozOeD1gOM4G/5zqnMkPc5CyGkoWmcn+lYh7PH8Z0CYnEXj5kly09dTLsIQM
> -dDc9hxoLAgMBAAECggEAXfOqO6yux6ZE9MRJFSzcBbJcGSBsj6dxjGL+NhqR+by5
> -aKrjx8qnjpGScqeI/epGMsck5CfO4SfqjDR+vvjMSgdcx70otCKW8ZAoM5fONoMr
> -YAzBh7cy1ZUXArfcK6MD22B+VUwVtfLCJaXkSmdwivnCEaAn1ItD2UaXNZJwuFeF
> -pT9Veif4MwfRhrVvHeEK+hEsrUePOOZ7bvfvIyd2pKtBuniiaoP9LIE2E/s+G458
> -xFZUHDxSgumEekZLv1mt03rcNDW9B9kLELaDuVbO4mQBn3edolvmL7N2iZpPIhM/
> -UDMqs7HfZ70bLcENa26UAZqIenbkueg7UkZgCF5RWQKBgQDxVTizo8vF+f7BhY8o
> -VSvGEhyRsJsyt9wb5AkVUCSM6Q+fKTimRBoDBQijDVc20uV5HpYIy35THphmXYX8
> -qIYNQiaGyLwBk6YWJDfqcfCjKBm6P7vtSFWjroRj2c0GjmXBZPk4sGYj16P4Qy00
> -ZssPsa+ENYgc4mox6szTp5Zp1wKBgQDchLRPaz1tWoLIlIl35a5GLHZwf6GGDeDI
> -2bxTMhBAohbjW9NSWf7GeZgeigRd7p5s6m2EriEJwsn61W0IWUzPLJ7iTHKOrVxU
> -tGxHd+SV3KhOkGn1EJ8zFiNIma/nAZraGW9zH/lhq09G8ygf1y3lSCQIABG8pAbK
> -xHmn3BoS7QKBgQCi0hSHXqNE1v4CItILLCt0XxPXV4feGB3w01Eth/yg9T0M7QrD
> -Yn8KOoMxPvbwjik0JmajWGfKPIIlzkNvy2Nl3pOPrC7sAWm01orDKkxoR83T0tw/
> -ouXkoQHBPFkPa1NLv4xFqv2+gOanwOrmx9OIqyD32gYTNs7fDsNSqWbZ0QKBgCup
> -WsoewZrVQO/V+SH0J/1c8FZ17tVMCiW6dr9COlWRwlZh6AV2LCvAB46EZTjz9go6
> -oFSU5ZW5K6SufVgZ1ktu2kaUPFpjmNRspMPByVCiz/A+R7xt/hdvWq0VQO7MMozc
> -XGS+//GGqbuyiU9Em6G6Fug+m0RudanQHQZPXhpBAoGBAIuWHrYCOWJRHDw8WdOE
> -811QFYHpMbYc0G4/50+O/1qKADWKbqAZpnbIW8NpHrcfggkgJw6E9kmtt8HbBu/3
> -NuCWK1K/0aLwQQMXqgrwuNYvk1QRXbAx86fbC1XVrY2KwmuCg6snXjJZqsTI91xm
> -jO0LxqN3mDyK11I9/XuearPH
> +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCWOLgqujv4LGV0
> +llD9Ra5Kk6dpgHrFHy4mDgdYd5Wxx+GMbwJrOuG7FGMBUnTIOa2OhEMWEpPewVoE
> ++8RlDdH9sj79KuJvPAN5Yexi/zQUK/rVb5crmBdOMY590kYfXW1rOdjL8DEFKB1q
> +TWeaF6igCX8bPbmZHS1QUnKzaXMEWgSvGa93OX8QS2uS/6oBFAgKl7+fIdsHYg0E
> +I9wYt3IU7EqLxeaAJaEsl7RN33l5RLQYzoiSq6wVwvY/R/9WCY+CFbBaFHaSmFSW
> +lzsg/6apz9ot9g6jPLSSKnu2PQ4Ybzn1ck3DxuNEOgvnpYLIMao2HxPsS3vPef0q
> +BeRGXiwXAgMBAAECggEABZHo0jzBiHws7tu7+QgiZEWBSZon8zMqxOJ0R0V32XWt
> +2UUsc8llIUiqOxxRlDL/Sm+BBUp/DR1iNxkWuSCADsYTK9PxPWqePlvxJeKMjcrr
> +rApNMqKbCp0vyV6IlxUhv34PmdA4IRbRsGVaWA5UhEqV2e65+QFp8rZ75kccqqaV
> +RmpE5cG2bX0mZmPwMCXVgSustPXWXJQKtSloQygw9L9+zHXnGeAejJ3J+cHZrawr
> +2JOavEPwfjqlXqsXyFGzKwqwWxuqEBM7WX1EPwf9Zqf3YeWIhUcLiE0KU2wx4BJ4
> +HBbcbXhQuZ5Atid/0PvWGZ/AwCIkRPWdXoABDTQOAQKBgQDHhDPd7AdJkA/o1MH6
> +4YqijB2m1ZIu6Yn+n2wg7nUZtcS6SKPuL0umF6ht17LbK6uvs1oOaODpfLWzhMSb
> +RZnowm0R070nea2OBzJl/iem0QOKYb1VckEecBQkFffB3iqQ33RR/3oldI6It0C2
> +299qwc8WIa2Yc3mT/TGOFv5FgQKBgQDAv+kNK0N3iLR2yBuzU/+is6jikhcDTWtp
> +FAH1QjsrZMu/Cs1Qn1BZZc7D4CythhS/oSQP+//Gy0n8AXhjEpkAo6aTYQuLYoaL
> +ER6yjMz/W3+c7aBX+TFwspEdNqfEuDry+41qWWWVXSg2PaVGE/gqOwSFfnXQEdj5
> +s/QzFOutlwKBgQCb/RGsNYhxDFBUAlvzMXl5osDgGmSjhvXb/HrGuIkXY9T+rCJ2
> +68Vig2atEpKE5vzhbwE++OK3ykgppektWNp/b9tkr75Y6bo2rAvMUExiEVKKU+Z6
> +ssyU5p3opMBDc9al0/8WyP6P4DQ8UcIn9XoU9phZPlWCNu5cNP4UkIeWgQKBgQC5
> +eHDygQzceqjcG1W8SzmS/7mkutp2DQssA1qW+3IgIU+Etwo1Z/dS7on1JUMYfgp9
> +Eru2vc+zJG4+ldOX0Y90dASXkCwhpV69dm3JdX7UwOCcynMd8+VFAi5so+jvfC8N
> +HE1JZlg/T3KgLtVYB2Mmj7+cDMGkw2e7bxOuC5V0ZQKBgQCK80rYnQC/SPxzfj25
> +aFtKisLLwU0dQYiAQrAI3Bai3tFYBJ/R/cm7Idq6hZrsgeDi9wHBq+F7cW/gsbFD
> +oFWe/KVVJR8Z7UltlKaY70jWh8fQ+qzOoc4PFIgyVOtL81uwzbfMatn1ok08P/1m
> +87Aw7ckQ6vkKUlhcSgJr4zq69w==
>   -----END PRIVATE KEY-----
> diff --git a/test/org/apache/tomcat/util/net/localhost-rsa.jks b/test/org/apache/tomcat/util/net/localhost-rsa.jks
> index a2be48a..83b525e 100644
> Binary files a/test/org/apache/tomcat/util/net/localhost-rsa.jks and b/test/org/apache/tomcat/util/net/localhost-rsa.jks differ
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [tomcat] branch master updated: Renew all the server test certs

markt
On 17/02/2021 17:16, Christopher Schultz wrote:
> Mark,
>
> Why not simply mint a self-signed cert that lasts a long time? They are
> self-signed so global trust isn't important. If global-trust isn't
> important then it's okay if someone "steals" them any time they like.

Mainly to act as a deterrent to anyone using these certs in any sort of
production system. Yes, that would be a monumentally bad idea but I
wouldn't be surprised if it happened.

It is also nice to see things expiring. It reassures me that stuff is
working as it should :)

> Having to re-generate the certs is just a nuissance and causes
> revision-churn.

Updating the certs is trivial. Just copy and past a handful of commands
in the text file in the PMC repo. Given the ever changing requirements
of server certs, I don't think the revision churn would be that
different with longer expiry times.

> I think it would be better to either mint the certs as needed (e.g. in
> the tests themselves) or just use a cert that lasts a long time (e.g. 30
> years). Minting on-demand might kill the entropy on the server, so
> that's not a great idea.

Yeah, creation on demand would be nice but it currently requires OpenSSL
which isn't guaranteed to be available. The entropy issue is a larger
concern.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [tomcat] branch master updated: Renew all the server test certs

Christopher Schultz-2
Mark,

On 2/17/21 12:25, Mark Thomas wrote:

> On 17/02/2021 17:16, Christopher Schultz wrote:
>> Mark,
>>
>> Why not simply mint a self-signed cert that lasts a long time? They are
>> self-signed so global trust isn't important. If global-trust isn't
>> important then it's okay if someone "steals" them any time they like.
>
> Mainly to act as a deterrent to anyone using these certs in any sort of
> production system. Yes, that would be a monumentally bad idea but I
> wouldn't be surprised if it happened.
>
> It is also nice to see things expiring. It reassures me that stuff is
> working as it should :)
>
>> Having to re-generate the certs is just a nuissance and causes
>> revision-churn.
>
> Updating the certs is trivial. Just copy and past a handful of commands
> in the text file in the PMC repo. Given the ever changing requirements
> of server certs, I don't think the revision churn would be that
> different with longer expiry times.
>
>> I think it would be better to either mint the certs as needed (e.g. in
>> the tests themselves) or just use a cert that lasts a long time (e.g. 30
>> years). Minting on-demand might kill the entropy on the server, so
>> that's not a great idea.
>
> Yeah, creation on demand would be nice but it currently requires OpenSSL
> which isn't guaranteed to be available.

Why not keytool or a "simple" Java driver to do the same?

 > The entropy issue is a larger concern.

Yup. Unless we can convince the system to use /dev/urandom for key
generation, which is something we *always* recommend against, and for
good reason.

If we write our own cert-creator, perhaps we can rig it to use an awful
source of entropy so it's nice and fast.

-chris

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [tomcat] branch master updated: Renew all the server test certs

markt
On 17/02/2021 21:58, Christopher Schultz wrote:

<snip/>

>> Yeah, creation on demand would be nice but it currently requires OpenSSL
>> which isn't guaranteed to be available.
>
> Why not keytool or a "simple" Java driver to do the same?
>
>> The entropy issue is a larger concern.
>
> Yup. Unless we can convince the system to use /dev/urandom for key
> generation, which is something we *always* recommend against, and for
> good reason.
>
> If we write our own cert-creator, perhaps we can rig it to use an awful
> source of entropy so it's nice and fast.

As is pretty much always the case, someone else has made the point I'd
like to make in response and far more eloquently than I ever could:

https://xkcd.com/1205/

The only thing I'd like to add is that generating new certs on the fly
every time is going require compute time/energy on every test run.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]