summaryrefslogtreecommitdiff
path: root/SSL
diff options
context:
space:
mode:
Diffstat (limited to 'SSL')
-rw-r--r--SSL/NOTES376
-rw-r--r--SSL/cacert.pem20
-rw-r--r--SSL/client-cert.pem66
-rw-r--r--SSL/client-key.pem15
-rw-r--r--SSL/client-req.pem30
-rwxr-xr-xSSL/run-client10
-rwxr-xr-xSSL/run-server9
-rw-r--r--SSL/server-cert.pem65
-rw-r--r--SSL/server-key.pem15
-rw-r--r--SSL/server-req.pem30
10 files changed, 636 insertions, 0 deletions
diff --git a/SSL/NOTES b/SSL/NOTES
new file mode 100644
index 00000000000..413c724c583
--- /dev/null
+++ b/SSL/NOTES
@@ -0,0 +1,376 @@
+Quick notes:
+--------------------------------------------
+[tonu@x153 mysql-4.0]$ cat /etc/my.cnf
+[mysqld]
+ssl-ca=SSL/cacert.pem
+ssl-cert=SSL/server-cert.pem
+ssl-key=SSL/server-key.pem
+
+[mysql]
+ssl-ca=SSL/cacert.pem
+ssl-cert=SSL/client-cert.pem
+ssl-key=SSL/client-key.pem
+
+[mysqldump]
+ssl-ca=SSL/cacert.pem
+ssl-cert=SSL/client-cert.pem
+ssl-key=SSL/client-key.pem
+
+[tonu@x153 mysql-4.0]$
+--------------------------------------------
+To remove passwords from keyfiles:
+[tonu@x153 SSL]$ openssl rsa -inform pem < server-req.pem > server-key.pem
+read RSA key
+Enter PEM pass phrase:
+writing RSA key
+[tonu@x153 SSL]$
+--------------------------------------------
+To run server:
+
+sql/mysqld --ssl-ca=SSL/cacert.pem --ssl-cert=SSL/server-cert.pem --ssl-key=SSL/server-key.pem --skip-grant --debug='d:t:O,-' > /tmp/mysqld.trace
+--------------------------------------------
+To run client:
+
+client/mysql --ssl-ca=SSL/cacert.pem --ssl-cert=SSL/server-cert.pem --ssl-key=SSL/server-key.pem --debug='d:t:O,/tmp/client.trace' -h 127.0.0.1
+--------------------------------------------
+openssl s_client -host 127.0.0.1 -port 1111 -debug -verify 1 -cert ../SSL/client-cert.pem -key ../SSL/client-key.pem -CAfile ../SSL/cacert.pem -pause -showcerts -state
+
+--------------------------------------------
+openssl s_server -port 1111 -cert ../SSL/server-cert.pem -key ../SSL/server-key.pem
+
+
+
+
+--------------------------------------------
+
+CA stuff:
+
+[tonu@x153 bin]$ pwd
+/usr/local/ssl/bin
+[tonu@x153 bin]$
+[tonu@x153 bin]$ ./CA.sh
+[tonu@x153 bin]$ ./CA.sh -h
+usage: CA -newcert|-newreq|-newca|-sign|-verify
+[tonu@x153 bin]$
+[root@x153 bin]# ./CA.sh -newca
+CA certificate filename (or enter to create)
+
+Making CA certificate ...
+Using configuration from /usr/lib/ssl/openssl.cnf
+Generating a 1024 bit RSA private key
+.++++++
+................++++++
+writing new private key to './demoCA/private/./cakey.pem'
+Enter PEM pass phrase:
+Verifying password - Enter PEM pass phrase:
+phrase is too short, needs to be at least 4 chars
+Enter PEM pass phrase:
+Verifying password - Enter PEM pass phrase:
+-----
+You are about to be asked to enter information that will be incorporated
+into your certificate request.
+What you are about to enter is what is called a Distinguished Name or a DN.
+There are quite a few fields but you can leave some blank
+For some fields there will be a default value,
+If you enter '.', the field will be left blank.
+-----
+ountry Name (2 letter code) [AU]:FI
+State or Province Name (full name) [Some-State]:
+Locality Name (eg, city) []:Helsinki
+Organization Name (eg, company) [Internet Widgits Pty Ltd]:MySQL Finland AB
+Organizational Unit Name (eg, section) []:
+Common Name (eg, YOUR name) []:Tonu Samuel
+Email Address []:tonu@mysql.com
+[root@x153 bin]#
+[root@x153 bin]# ls -la demoCA/
+total 13
+drwxr-xr-x 6 root root 232 Jun 24 18:50 ./
+drwxr-xr-x 3 root root 2136 Jun 24 18:41 ../
+-rw-r--r-- 1 root root 1241 Jun 24 18:50 cacert.pem
+drwxr-xr-x 2 root root 48 Jun 24 18:41 certs/
+drwxr-xr-x 2 root root 48 Jun 24 18:41 crl/
+-rw-r--r-- 1 root root 0 Jun 24 18:44 index.txt
+drwxr-xr-x 2 root root 48 Jun 24 18:41 newcerts/
+drwxr-xr-x 2 root root 80 Jun 24 18:44 private/
+-rw-r--r-- 1 root root 3 Jun 24 18:44 serial
+[root@x153 bin]#
+[root@x153 bin]# ls -la demoCA/private/
+total 5
+drwxr-xr-x 2 root root 80 Jun 24 18:44 ./
+drwxr-xr-x 6 root root 232 Jun 24 18:50 ../
+-rw-r--r-- 1 root root 963 Jun 24 18:50 cakey.pem
+[root@x153 bin]#
+[root@x153 bin]# ./CA.sh -newreq
+Using configuration from /usr/lib/ssl/openssl.cnf
+Generating a 1024 bit RSA private key
+..................++++++
+........................++++++
+writing new private key to 'newreq.pem'
+Enter PEM pass phrase: <- new key password, not CA
+Verifying password - Enter PEM pass phrase:
+-----
+You are about to be asked to enter information that will be incorporated
+into your certificate request.
+What you are about to enter is what is called a Distinguished Name or a DN.
+There are quite a few fields but you can leave some blank
+For some fields there will be a default value,
+If you enter '.', the field will be left blank.
+-----
+Country Name (2 letter code) [AU]:EE
+State or Province Name (full name) [Some-State]:
+Locality Name (eg, city) []:Tallinn
+Organization Name (eg, company) [Internet Widgits Pty Ltd]:Noname
+Organizational Unit Name (eg, section) []:
+Common Name (eg, YOUR name) []:Mr Noname
+Email Address []:a@b.c
+
+Please enter the following 'extra' attributes
+to be sent with your certificate request
+A challenge password []:
+An optional company name []:
+Request (and private key) is in newreq.pem
+[root@x153 bin]#
+[root@x153 bin]# ls -la newreq.pem
+-rw-r--r-- 1 root root 1623 Jun 24 18:54 newreq.pem
+[root@x153 bin]#
+[root@x153 bin]# ./CA.sh -sign
+Using configuration from /usr/lib/ssl/openssl.cnf
+Enter PEM pass phrase: <- CA's one!
+Check that the request matches the signature
+Signature ok
+The Subjects Distinguished Name is as follows
+countryName :PRINTABLE:'EE'
+stateOrProvinceName :PRINTABLE:'Some-State'
+localityName :PRINTABLE:'Tallinn'
+organizationName :PRINTABLE:'Noname'
+commonName :PRINTABLE:'Mr Noname'
+emailAddress :IA5STRING:'a@b.c'
+Certificate is to be certified until Jun 24 15:50:23 2002 GMT (365 days)
+Sign the certificate? [y/n]:y
+
+
+1 out of 1 certificate requests certified, commit? [y/n]y
+Write out database with 1 new entries
+Data Base Updated
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 1 (0x1)
+ Signature Algorithm: md5WithRSAEncryption
+ Issuer: C=FI, ST=Some-State, L=Helsinki, O=MySQL Finland AB, CN=Tonu Samuel/Email=tonu@mysql.com
+ Validity
+ Not Before: Jun 24 15:50:23 2001 GMT
+ Not After : Jun 24 15:50:23 2002 GMT
+ Subject: C=EE, ST=Some-State, L=Tallinn, O=Noname, CN=Mr Noname/Email=a@b.c
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:ab:3b:7d:5b:6c:93:f6:46:1a:2c:46:73:6f:89:
+ 8a:99:bb:e9:6b:94:0d:74:aa:aa:c4:5c:a2:61:cf:
+ 56:bb:a1:a9:5a:37:c4:4e:b2:ec:5c:18:3a:a4:8d:
+ af:3d:23:66:7c:85:7f:d1:f2:e3:fc:16:a7:4c:a2:
+ d6:45:06:92:75:d8:a2:3b:f9:aa:77:da:26:b9:87:
+ e0:df:50:54:e4:36:9f:35:87:39:8e:a6:7c:3e:a8:
+ e4:49:1a:76:c2:6f:73:0b:22:93:2a:04:67:0d:7d:
+ ae:34:5c:fe:7c:29:b8:a2:fe:1e:ef:d1:0c:4d:dd:
+ 5b:7a:67:b0:0a:22:88:a0:af
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 83:D1:0D:52:0F:DE:61:2D:A6:10:20:B8:46:0C:77:D5:D2:D0:BE:20
+ X509v3 Authority Key Identifier:
+ keyid:A5:0A:D6:72:B5:DF:E4:C2:2B:7B:07:5E:D3:4D:52:07:E1:83:6B:7F
+ DirName:/C=FI/ST=Some-State/L=Helsinki/O=MySQL Finland AB/CN=Tonu Samuel/Email=tonu@mysql.com
+ serial:00
+
+ Signature Algorithm: md5WithRSAEncryption
+ 60:85:f7:d0:54:2a:67:88:0e:37:a6:a8:8e:fd:a0:c9:a1:d7:
+ c6:fc:4c:2e:59:8d:88:6d:69:0a:b8:b2:67:5f:81:94:39:0e:
+ ab:67:fc:8b:62:de:85:f6:b3:8c:2d:1a:e3:dc:28:fc:f5:99:
+ 39:f0:3d:50:ca:88:c0:8e:f8:c2:02:5d:34:19:63:9f:c4:a2:
+ f6:a8:81:c9:8d:6d:bd:c4:42:4a:0c:49:5a:cc:24:ea:65:80:
+ dd:79:20:89:9e:ea:6b:80:7a:86:f9:bb:6d:24:3c:80:13:5b:
+ e6:16:fc:3d:8d:f6:16:ea:33:25:c6:90:20:81:a4:b0:15:2e:
+ 9c:1c
+-----BEGIN CERTIFICATE-----
+MIIDfjCCAuegAwIBAgIBATANBgkqhkiG9w0BAQQFADCBhTELMAkGA1UEBhMCRkkx
+EzARBgNVBAgTClNvbWUtU3RhdGUxETAPBgNVBAcTCEhlbHNpbmtpMRkwFwYDVQQK
+ExBNeVNRTCBGaW5sYW5kIEFCMRQwEgYDVQQDEwtUb251IFNhbXVlbDEdMBsGCSqG
+SIb3DQEJARYOdG9udUBteXNxbC5jb20wHhcNMDEwNjI0MTU1MDIzWhcNMDIwNjI0
+MTU1MDIzWjBvMQswCQYDVQQGEwJFRTETMBEGA1UECBMKU29tZS1TdGF0ZTEQMA4G
+A1UEBxMHVGFsbGlubjEPMA0GA1UEChMGTm9uYW1lMRIwEAYDVQQDEwlNciBOb25h
+bWUxFDASBgkqhkiG9w0BCQEWBWFAYi5jMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCrO31bbJP2RhosRnNviYqZu+lrlA10qqrEXKJhz1a7oalaN8ROsuxcGDqk
+ja89I2Z8hX/R8uP8FqdMotZFBpJ12KI7+ap32ia5h+DfUFTkNp81hzmOpnw+qORJ
+GnbCb3MLIpMqBGcNfa40XP58Kbii/h7v0QxN3Vt6Z7AKIoigrwIDAQABo4IBETCC
+AQ0wCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQg
+Q2VydGlmaWNhdGUwHQYDVR0OBBYEFIPRDVIP3mEtphAguEYMd9XS0L4gMIGyBgNV
+HSMEgaowgaeAFKUK1nK13+TCK3sHXtNNUgfhg2t/oYGLpIGIMIGFMQswCQYDVQQG
+EwJGSTETMBEGA1UECBMKU29tZS1TdGF0ZTERMA8GA1UEBxMISGVsc2lua2kxGTAX
+BgNVBAoTEE15U1FMIEZpbmxhbmQgQUIxFDASBgNVBAMTC1RvbnUgU2FtdWVsMR0w
+GwYJKoZIhvcNAQkBFg50b251QG15c3FsLmNvbYIBADANBgkqhkiG9w0BAQQFAAOB
+gQBghffQVCpniA43pqiO/aDJodfG/EwuWY2IbWkKuLJnX4GUOQ6rZ/yLYt6F9rOM
+LRrj3Cj89Zk58D1QyojAjvjCAl00GWOfxKL2qIHJjW29xEJKDElazCTqZYDdeSCJ
+nuprgHqG+bttJDyAE1vmFvw9jfYW6jMlxpAggaSwFS6cHA==
+-----END CERTIFICATE-----
+Signed certificate is in newcert.pem
+[root@x153 bin]# ls -la demoCA/newcerts/
+total 5
+drwxr-xr-x 2 root root 72 Jun 24 18:58 ./
+drwxr-xr-x 6 root root 296 Jun 24 18:58 ../
+-rw-r--r-- 1 root root 3533 Jun 24 18:58 01.pem
+[root@x153 bin]#
+[root@x153 mysql-4.0]# ./sql/mysqld --ssl-cert=SSL/server-cert.pem --ssl-ca=SSL/cacert.pem --ssl-ke
+y=SSL/server-req.pem -L /home/tonu/mysql-4.0/sql/share/english/ -u root
+Enter PEM pass phrase:
+./sql/mysqld: ready for connections
+[tonu@x153 mysql-4.0]$ client/mysql --ssl-key=SSL/client-req.pem --ssl-ca=SSL/cacert.pem --ssl-cert
+=SSL/client-cert.pem
+Enter PEM pass phrase:
+ERROR:
+
+[tonu@x153 mysql-4.0]$
+
+
+
+
+-8<------------------------
+SSL encrypts data between MySQL server and client.
+
+You need openssl (formerly SSLeay) for MySQL SSL support. Development
+and testing was done on openssl version 0.9.3a
+
+To compile MySQL one must do:
+./configure --with-openssl=/usr
+
+or
+
+./configure --with-openssl=yes
+
+There are sample keys and certificates included with MySQL tarball in
+directory ./SSL. They are meant to be for quick start and
+testing only. Using them in production environment means same as not
+using encryption. This is because private keys are publicly
+accessible for everyone. You must use openssl distribution for new key
+and certificate generation for both client and server.
+
+----------- for manual: ---------------------
+*New API calls:*
+
+mysql_ssl_set() - Set SSL properties (key, certificate,
+certificates authority certificate). Must be called before
+mysql_real_connect();
+mysql_ssl_clear() - Clear and free resources occupied by
+mysql_ssl_set() API call.
+char *mysql_ssl_cipher(MYSQL *) - returns cipher in use. For example
+"DES-CDC3-SHA" means that you have combined triple DES symmetric
+algorithm and SHA
+hashing algorithm.
+
+
+*New command line switches:*
+--ssl Use SSL for connection (automatically set with
+other flags. This means one can use encrypted connection without strong
+cryptological authentication. Normally one must use all switches
+together including ssl-key, ssl-cert and ssl-ca and never mind about
+--ssl because this is assumed by defult if any of them (--ssl-...)
+included.
+--ssl-key X509 key in PEM format (implies --ssl)
+--ssl-cert X509 cert in PEM format (implies --ssl)
+--ssl-ca CA file in PEM format (check OpenSSL docs,
+implies --ssl)
+--ssl-capath CA directory (check OpenSSL docs, implies --ssl
+ ----------------
+ This is about using SSL in MySQL privilege system. My idea is to make
+ possible use of x509 certificates and keys instead of MySQL native
+ passwords
+Some basic theory about crypt, SSL and x509:
+x509 is standard for certificates. SSL is standard for secure
+communication. Certificates are issued by someone anyone can trust. This
+trusted party is called "Certificate Authority" or "CA". This is
+someone, we MUST trust. Everyone must have some "fingerprint" of CA (so
+called "CA certificate" or "CA cert") using which one can verify
+authenticity of other
+certificates issued by this CA. CA uses his power to give certificates
+to persons (they can be physical (like "monty") or logical (like some
+process). Person is identified by "subject" like
+"/C=EE/ST=Harjumaa/L=Tallinn/O=MySQL client bogus certificate/CN=Tonu
+Samuel/Email=<EMAIL: PROTECTED>". and signed cryptologically. This sign can be
+verified using CA-cert. So, if we trust CA, then we can trust identity
+of user.
+There can be many CA-s (usually not but who knows). Also there can be
+some users we don`t trust or have different privileges. This means we
+must have one table to hold CA-certs and other table to hold so called
+"subjects" (users). I think it`s a good idea to use existing structure
+of host/user/db/field and add some x509 relationship. Then we can
+use usual simple user/host pair or x509 subject/CA pair.
+So I think user must grant rights using old method GRANT blabla ON
+blabla TO blabla IDENTIFIED BY blabla
+or new way:
+-----------8<---------------------------
+GRANT blabla ON blabla TO blabla
+IDENTIFIED BY X509 SUBJECT "/C=EE/ST=Harjumaa/L=Tallinn/O=MySQL client
+bogus certificate/CN=Tonu Samuel/Email=<EMAIL: PROTECTED>" AND ISSUER
+"/C=EE/ST=Harjumaa/L=Tallinn/O=TCX AB/CN=Tonu
+Samuel/Email=<EMAIL: PROTECTED>";
+-----------8<---------------------------
+Please note the difference in Subject and Issuer. This command requests
+user to authenticate itself with exact subject and exact certificate
+issuer. Next possibility is just have any certificate of some good CA:
+-----------8<---------------------------
+GRANT blabla ON blabla TO blabla IDENTIFIED BY X509 ISSUER
+"/C=EE/ST=Harjumaa/L=Tallinn/O=TCX
+AB/CN=Tonu Samuel/Email=<EMAIL: PROTECTED>";
+-----------8<---------------------------
+or if any registered CA is good enough (usual case when only one CA is
+registered)
+but we care about exact user, then something like:
+-----------8<---------------------------
+GRANT blabla ON blabla TO blabla IDENTIFIED BY X509 SUBJECT
+"/C=EE/ST=Harjumaa/L=Tallinn/O=MySQL client
+bogus certificate/CN=Tonu Samuel/Email=<EMAIL: PROTECTED>";
+-----------8<---------------------------
+And case if user must authenticate itself but we don`t care about exact
+person until he have some certificate issued by CA registered in our
+system:
+-----------8<---------------------------
+GRANT blabla ON blabla TO blabla IDENTIFIED BY X509;
+-----------8<---------------------------
+Then additionally we need one exception. Let`s assume we need SSL
+encryption
+for preventing eavesdropping but we don`t care who it is at all. We need
+privilege to exclude all non-SSL users but we accept anyone using SSL.
+How
+this must be done in GRANT syntax? Maybe:
+-----------8<---------------------------
+GRANT blabla ON blabla TO blabla
+IDENTIFIED BY blabla AND USING SSL
+-----------8<---------------------------
+But maybe we want to add in future possibility to check different
+algorithms and key lengths? Something like:
+-----------8<---------------------------
+GRANT blabla ON blabla TO blabla IDENTIFIED BY blabla AND USING SSL WITH
+CIPHER "DES-CBC3-SHA" OR "DES-CBC3-MD5"
+-----------8<---------------------------
+Also we need some command to include/exclude CA certificates. This must
+be some commands like INSERT/DELETE/UPDATE/REPLACE to do it.
+All examples is given for clarify my problem. I asking for help because
+I don`t know
+any similar command in other SQL-s.
+------------8<------------------------
+
+So, at moment SSL communications is ready and working. I don`t have this
+command iterface at moment yet and this can be changed a lot if someone
+can suggest good idea or reason to change them. We are ready to listen
+every opinion.
+About Kerberos: I just don`t know much about it. I have to read this
+again before I can comment. I never used it itself and forgot most of
+theory. Sorry. Anyway now the problem/need is known and I will put
+thinking about this in personal TODO.
+
+
diff --git a/SSL/cacert.pem b/SSL/cacert.pem
new file mode 100644
index 00000000000..698784b49f9
--- /dev/null
+++ b/SSL/cacert.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDQjCCAqugAwIBAgIBADANBgkqhkiG9w0BAQQFADB6MQswCQYDVQQGEwJSVTET
+MBEGA1UECBMKU29tZS1TdGF0ZTERMA8GA1UEBxMIT3JlbmJ1cmcxETAPBgNVBAoT
+CE15U1FMIEFCMQ8wDQYDVQQDEwZXYWxydXMxHzAdBgkqhkiG9w0BCQEWEHdhbHJ1
+c0BteXNxbC5jb20wHhcNMDIwODAyMjE1NTUzWhcNMDMwODAyMjE1NTUzWjB6MQsw
+CQYDVQQGEwJSVTETMBEGA1UECBMKU29tZS1TdGF0ZTERMA8GA1UEBxMIT3JlbmJ1
+cmcxETAPBgNVBAoTCE15U1FMIEFCMQ8wDQYDVQQDEwZXYWxydXMxHzAdBgkqhkiG
+9w0BCQEWEHdhbHJ1c0BteXNxbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
+AoGBALFLPDNDeq213XvhBP3TxhC0NcGKJ/sWzaHkNmunQ8sTbV8AfdFafvP7cSHk
+O3jh7smpVWnxmcIbq1dpsbb7X5vQVc8ru07Z8VhCJWx6H8kgI95Am6wbm2ho2Lok
+9ODG8f/lA4kLv8Vo0hqtfV5T1mnZpSzkh6G4b0yPzHu8gtObAgMBAAGjgdcwgdQw
+HQYDVR0OBBYEFNnYan2rzhBiGhb86Wr03PFmrNC5MIGkBgNVHSMEgZwwgZmAFNnY
+an2rzhBiGhb86Wr03PFmrNC5oX6kfDB6MQswCQYDVQQGEwJSVTETMBEGA1UECBMK
+U29tZS1TdGF0ZTERMA8GA1UEBxMIT3JlbmJ1cmcxETAPBgNVBAoTCE15U1FMIEFC
+MQ8wDQYDVQQDEwZXYWxydXMxHzAdBgkqhkiG9w0BCQEWEHdhbHJ1c0BteXNxbC5j
+b22CAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQADeMZEA5Rh4PDq
+DmS9cYyogjb9gkuLHeo/pqfU8iSZVsSaf6Uqh6TWKQOuK3I4R1K8iMo4cW6LhxxH
+HLFrVIQn6xhLvfC0T6Zl7G0w6rAY2+QlbEhjnsgHtLGrB5xjSYLq6Uz3gAMbEsA4
+rCpQJECDe2PzoUXZj9mE2sdljiGcvQ==
+-----END CERTIFICATE-----
diff --git a/SSL/client-cert.pem b/SSL/client-cert.pem
new file mode 100644
index 00000000000..729379babdc
--- /dev/null
+++ b/SSL/client-cert.pem
@@ -0,0 +1,66 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 2 (0x2)
+ Signature Algorithm: md5WithRSAEncryption
+ Issuer: C=RU, ST=Some-State, L=Orenburg, O=MySQL AB, CN=Walrus/Email=walrus@mysql.com
+ Validity
+ Not Before: Aug 2 22:08:07 2002 GMT
+ Not After : Aug 2 22:08:07 2003 GMT
+ Subject: C=RU, L=orenburg, O=MySQL AB, OU=client, CN=walrus/Email=walrus@mysql.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:ab:27:e4:1e:f0:34:8b:a9:50:df:0a:b0:55:20:
+ b3:1f:0f:cf:f1:51:1e:66:48:a6:f8:4e:0d:d4:49:
+ f4:ea:d3:41:6b:7e:06:78:3c:29:9d:8e:d3:33:4d:
+ 0b:fc:34:4d:18:88:48:61:af:11:da:db:84:c0:92:
+ 91:81:6a:b6:21:d5:8e:9b:f2:6f:d8:06:ad:d6:77:
+ f6:8b:bd:07:d5:b7:fb:c6:f0:64:e6:3f:58:f0:6a:
+ 1e:81:73:97:6d:9d:c6:ec:b0:5e:1e:c6:57:82:b0:
+ 98:9c:ae:26:84:43:0d:98:6c:b4:d8:52:13:70:15:
+ 79:61:40:84:19:ea:f6:63:3f
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ A6:D9:70:92:AC:2B:F6:48:A5:FB:29:CF:78:4A:57:B5:3B:43:97:EE
+ X509v3 Authority Key Identifier:
+ keyid:D9:D8:6A:7D:AB:CE:10:62:1A:16:FC:E9:6A:F4:DC:F1:66:AC:D0:B9
+ DirName:/C=RU/ST=Some-State/L=Orenburg/O=MySQL AB/CN=Walrus/Email=walrus@mysql.com
+ serial:00
+
+ Signature Algorithm: md5WithRSAEncryption
+ 15:96:43:10:89:e0:a6:82:a4:91:0f:7e:2e:d8:80:54:ba:63:
+ e2:8f:b0:aa:ea:be:35:2c:8f:0d:03:a9:86:2e:32:51:33:8a:
+ cc:b2:5e:b3:12:cb:b7:42:06:40:89:ce:92:87:40:f1:6a:79:
+ 0c:3e:00:1d:06:bf:3c:c1:da:f6:3b:e1:42:e6:55:4c:31:e1:
+ b9:79:f3:99:14:f6:68:9e:67:2b:e3:71:88:6b:2b:e2:08:bd:
+ 67:79:ea:0e:7d:34:0d:41:22:3a:f4:8f:4d:51:07:6f:5a:44:
+ 34:05:d1:b3:ca:cf:09:2b:43:25:a1:7f:ac:f4:54:f1:e3:93:
+ 47:44
+-----BEGIN CERTIFICATE-----
+MIIDajCCAtOgAwIBAgIBAjANBgkqhkiG9w0BAQQFADB6MQswCQYDVQQGEwJSVTET
+MBEGA1UECBMKU29tZS1TdGF0ZTERMA8GA1UEBxMIT3JlbmJ1cmcxETAPBgNVBAoT
+CE15U1FMIEFCMQ8wDQYDVQQDEwZXYWxydXMxHzAdBgkqhkiG9w0BCQEWEHdhbHJ1
+c0BteXNxbC5jb20wHhcNMDIwODAyMjIwODA3WhcNMDMwODAyMjIwODA3WjB2MQsw
+CQYDVQQGEwJSVTERMA8GA1UEBxMIb3JlbmJ1cmcxETAPBgNVBAoTCE15U1FMIEFC
+MQ8wDQYDVQQLEwZjbGllbnQxDzANBgNVBAMTBndhbHJ1czEfMB0GCSqGSIb3DQEJ
+ARYQd2FscnVzQG15c3FsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+qyfkHvA0i6lQ3wqwVSCzHw/P8VEeZkim+E4N1En06tNBa34GeDwpnY7TM00L/DRN
+GIhIYa8R2tuEwJKRgWq2IdWOm/Jv2Aat1nf2i70H1bf7xvBk5j9Y8GoegXOXbZ3G
+7LBeHsZXgrCYnK4mhEMNmGy02FITcBV5YUCEGer2Yz8CAwEAAaOCAQIwgf8wCQYD
+VR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlm
+aWNhdGUwHQYDVR0OBBYEFKbZcJKsK/ZIpfspz3hKV7U7Q5fuMIGkBgNVHSMEgZww
+gZmAFNnYan2rzhBiGhb86Wr03PFmrNC5oX6kfDB6MQswCQYDVQQGEwJSVTETMBEG
+A1UECBMKU29tZS1TdGF0ZTERMA8GA1UEBxMIT3JlbmJ1cmcxETAPBgNVBAoTCE15
+U1FMIEFCMQ8wDQYDVQQDEwZXYWxydXMxHzAdBgkqhkiG9w0BCQEWEHdhbHJ1c0Bt
+eXNxbC5jb22CAQAwDQYJKoZIhvcNAQEEBQADgYEAFZZDEIngpoKkkQ9+LtiAVLpj
+4o+wquq+NSyPDQOphi4yUTOKzLJesxLLt0IGQInOkodA8Wp5DD4AHQa/PMHa9jvh
+QuZVTDHhuXnzmRT2aJ5nK+NxiGsr4gi9Z3nqDn00DUEiOvSPTVEHb1pENAXRs8rP
+CStDJaF/rPRU8eOTR0Q=
+-----END CERTIFICATE-----
diff --git a/SSL/client-key.pem b/SSL/client-key.pem
new file mode 100644
index 00000000000..feff11bfdb7
--- /dev/null
+++ b/SSL/client-key.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCrJ+Qe8DSLqVDfCrBVILMfD8/xUR5mSKb4Tg3USfTq00FrfgZ4
+PCmdjtMzTQv8NE0YiEhhrxHa24TAkpGBarYh1Y6b8m/YBq3Wd/aLvQfVt/vG8GTm
+P1jwah6Bc5dtncbssF4exleCsJicriaEQw2YbLTYUhNwFXlhQIQZ6vZjPwIDAQAB
+AoGAChyxPaKzeAzo2kSnZmAoNQ2aG4fPY/um4cS6zHASKE2S7+biOvhS/RwTHlTP
+AHeWlnx2yk6tn2CY10fRkPPdDsnyj7FpuZmjhmFtprOn+1Mwft7gNTMdKN2EV46/
+hMQxm8/Wu9ejm6IhOeg3Q7lBFwE9tY0kgMzU4zDI3A0HDQECQQDUcxFgxIrOi4Gw
+EGxmJgopL+NjG7/4PdT2FM5z1bbwOtfsD1fHKWSiODbfpK8eMwBReI4wfDQ7ViND
+xmuDykFDAkEAzj3QH9s8Ej3Vgt88326OhY1W5jTH6M0XkuZ0YatELz3MvLwFhIF4
+puouLJQVo3pQBLV+Tmnh2LQqkii7xA7oVQJBALZxzvW0M6QmyAvEPuMGPema94KQ
+PS7ZIr7lpVpyqTTqw600i+Q8VvC8p9stmTmtANP2XN2kfFKMqaI1jvVRxvMCQDJE
+8sOxBjVUCQS7MPUs12RKDRJTbx6ZTtOphFiCDD6Pi6W9FoMzo5rbnaGT/qo4F+Tt
+7/lg6YGOeInjj9C76XkCQQC2m6j8NeX9E4Pimp1GDE93N2JJ+biJxLI8yFqruv7N
+B2M/28JKLGLjam6YVJy4eSA9clXVqwWNxii3fb8qQ7u6
+-----END RSA PRIVATE KEY-----
diff --git a/SSL/client-req.pem b/SSL/client-req.pem
new file mode 100644
index 00000000000..ef11a22165f
--- /dev/null
+++ b/SSL/client-req.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,8CE2AB38FB50D4B9
+
+rrnYZLUKlzV4U7+wqe5CWzTd4RLJb5h4M77aBRQfuHGejSaRsskN2ffpO8uQEAYM
+WTJSRC+NO+jDMBZhzt1ktWqCs8d6l6azHoBybIrMJsbUhwybm+OiOfp23RrbNoS/
+S4fsgNdAAGhsRvKDdsItCyYvdH8nTzn+g9r/z2V4tOOXd6MYuT42XA6Uz2tis2SZ
+GWEGa7mAweApzSiibE+pzjPS+fdX4E12n6NCVYLhn1JuvzVva/KFSebs4Wh75miC
+WvRgkt/5eDQn+vkV67hE3I6p9pPcLh1+PMfaQ25U8VM/r7ejnVFWm7teGH6GKPKJ
+cU+PYfblyWcgtiO/fwfGMIqSyNtHj/C3VFVie5D1MTJzBopiPGEcfz00LjBccjjh
+j1meTRVN8pMZTgkxlnIFwbU6TPPvx8a9urFVQIJ4z8r2EMvYh5Cqpq87+lH9Pn0C
+vzCl78Tz5QLghXNnMbbdD2aPP0PwPEXgh86iZxo06g85n0l26WUzYJlWzBYD4DrF
+SbnEUAftTujEOm6MqJNLpJN6UPOtq/HvSaHl1bykGK+zU4gqHj0ur03HlF0l4xNg
+OfsoNsJV+O9RUUJ0+D5eqUALJjN8TCV1wNMXOVzr/ue3QCVdlWVfZY4RPffwK9Yp
+Fh52T7a2v+shhqZUQNtFDAg50Ac7deUthSWNmi5N680POnJg9KdtBdMhYLa1j3rP
+D9oasSK0ugevHuQ6wUiD/95CzZlJXE9K4kTTYmaRk5MTWXhFQxdqHZo1v+pGtaNI
+f+/E7q7BiNesSt31U/vkX0Tm3oJ1dgOnS8M2uxiYiKH2mJ/E32tZKw==
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB0jCCATsCAQAwgZExCzAJBgNVBAYTAkVFMRMwEQYDVQQIEwpTb21lLVN0YXRl
+MRAwDgYDVQQHEwdUYWxsaW5uMSYwJAYDVQQKEx1NeVNRTCBkZW1vIGNsaWVudCBj
+ZXJ0aWZpY2F0ZTEUMBIGA1UEAxMLVG9udSBTYW11ZWwxHTAbBgkqhkiG9w0BCQEW
+DnRvbnVAbXlzcWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDo1FLN
+TruWFjrwiWuQTNvgMHVaAnJiv+3avgnogNuAVDDWde3jEKUVRFspkRL+DLd2Telf
+VlxFPK2ycS1qesu8BIAIdNZ99nxcdts1xPb12NSJn53MP04/c8E+QX5OCb/qGtmi
+Ew3RDNrY9Ju4VCEXrtezAmGHqQH/9P6cevxnQwIDAQABoAAwDQYJKoZIhvcNAQEE
+BQADgYEAvENK1JAQfC8xnrFGw2IxfUmUwlRidiRtYTgtVfTr7vA+m4WaaKioni6E
+PQXjcvl6kfyRoxc4qWsGi3T7QM2RnvCtbwR2NGSIKX1cBTS31RMr12NSAeXn6Twz
+ZwSZ55EHj9N2hArTPNlVjxvDQX3D6/ZBi6JnHAxXigzDqhArgjU=
+-----END CERTIFICATE REQUEST-----
diff --git a/SSL/run-client b/SSL/run-client
new file mode 100755
index 00000000000..f3b29eb273b
--- /dev/null
+++ b/SSL/run-client
@@ -0,0 +1,10 @@
+#! /bin/sh
+
+cmd () {
+ echo $*
+ $*
+}
+
+client/mysql --port=4407 --socket=/tmp/test.mysql.sock --ssl-ca=SSL/cacert.pem --ssl-cert=SSL/client-cert.pem --ssl-key=SSL/client-key.pem --debug='d:t:O,/tmp/client.trace' -h 127.0.0.1 -u root
+#--execute="select version();show status"
+
diff --git a/SSL/run-server b/SSL/run-server
new file mode 100755
index 00000000000..e90a7644b83
--- /dev/null
+++ b/SSL/run-server
@@ -0,0 +1,9 @@
+#! /bin/sh
+
+cmd () {
+ echo $*
+ $*
+}
+
+cmd sql/mysqld --port=4407 --socket=/tmp/test.mysql.sock --ssl-ca=SSL/cacert.pem --ssl-cert=SSL/server-cert.pem --ssl-key=SSL/server-key.pem --debug='d:t:O,/tmp/mysqld.trace' -uroot >& /tmp/mysqld.output
+
diff --git a/SSL/server-cert.pem b/SSL/server-cert.pem
new file mode 100644
index 00000000000..b15bd04a25c
--- /dev/null
+++ b/SSL/server-cert.pem
@@ -0,0 +1,65 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 1 (0x1)
+ Signature Algorithm: md5WithRSAEncryption
+ Issuer: C=RU, ST=Some-State, L=Orenburg, O=MySQL AB, CN=Walrus/Email=walrus@mysql.com
+ Validity
+ Not Before: Aug 2 21:59:26 2002 GMT
+ Not After : Aug 2 21:59:26 2003 GMT
+ Subject: C=RU, L=Orenburg, O=MySQL AB, CN=server/Email=walrus@mysql.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:bd:7d:f1:91:51:38:fe:4b:79:b5:ff:e0:41:ae:
+ 0e:a8:bb:7b:60:42:95:01:75:e7:22:74:55:7d:74:
+ 4d:50:51:0c:5e:09:4b:2b:0c:8e:3f:9f:14:3f:5e:
+ d9:25:36:9b:cc:77:35:30:e9:8c:bf:3b:bd:da:62:
+ 85:4c:90:c8:de:71:2c:0a:7b:dc:e6:85:fd:b4:24:
+ 88:a7:8f:03:3d:15:7c:59:3d:f8:73:f0:36:2a:b8:
+ 80:7c:d8:c7:d6:1f:6d:b2:b7:b7:48:9f:24:56:81:
+ 2c:2e:9c:b9:95:48:50:56:9f:1a:60:96:c4:c0:eb:
+ 8d:2d:55:38:3f:6b:82:bc:b3
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ C9:D0:D2:F7:17:79:27:1C:4B:C9:E7:92:D5:5E:8C:7E:F2:FE:A7:B7
+ X509v3 Authority Key Identifier:
+ keyid:D9:D8:6A:7D:AB:CE:10:62:1A:16:FC:E9:6A:F4:DC:F1:66:AC:D0:B9
+ DirName:/C=RU/ST=Some-State/L=Orenburg/O=MySQL AB/CN=Walrus/Email=walrus@mysql.com
+ serial:00
+
+ Signature Algorithm: md5WithRSAEncryption
+ 62:77:bc:16:dc:4c:70:63:4d:03:ce:19:5e:c4:6c:31:0e:57:
+ 26:d8:6e:25:08:f2:01:ae:98:59:0a:ba:b7:32:c0:39:69:b8:
+ 4b:aa:59:7c:97:72:4e:50:02:ee:ef:d6:d6:62:b8:25:36:91:
+ b6:3b:8f:6f:2f:3c:d8:9d:b7:cf:8f:f6:29:50:e9:31:54:77:
+ 2b:7b:21:72:0f:60:4c:d4:1c:bb:c4:46:e5:fd:a7:5f:ea:46:
+ e4:df:e9:95:77:2d:91:f8:3b:33:78:83:5d:10:de:98:7c:38:
+ 91:27:f6:52:8a:b6:54:f1:0f:7a:f0:1d:da:a5:22:d2:75:cc:
+ 4c:c3
+-----BEGIN CERTIFICATE-----
+MIIDWTCCAsKgAwIBAgIBATANBgkqhkiG9w0BAQQFADB6MQswCQYDVQQGEwJSVTET
+MBEGA1UECBMKU29tZS1TdGF0ZTERMA8GA1UEBxMIT3JlbmJ1cmcxETAPBgNVBAoT
+CE15U1FMIEFCMQ8wDQYDVQQDEwZXYWxydXMxHzAdBgkqhkiG9w0BCQEWEHdhbHJ1
+c0BteXNxbC5jb20wHhcNMDIwODAyMjE1OTI2WhcNMDMwODAyMjE1OTI2WjBlMQsw
+CQYDVQQGEwJSVTERMA8GA1UEBxMIT3JlbmJ1cmcxETAPBgNVBAoTCE15U1FMIEFC
+MQ8wDQYDVQQDEwZzZXJ2ZXIxHzAdBgkqhkiG9w0BCQEWEHdhbHJ1c0BteXNxbC5j
+b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL198ZFROP5LebX/4EGuDqi7
+e2BClQF15yJ0VX10TVBRDF4JSysMjj+fFD9e2SU2m8x3NTDpjL87vdpihUyQyN5x
+LAp73OaF/bQkiKePAz0VfFk9+HPwNiq4gHzYx9YfbbK3t0ifJFaBLC6cuZVIUFaf
+GmCWxMDrjS1VOD9rgryzAgMBAAGjggECMIH/MAkGA1UdEwQCMAAwLAYJYIZIAYb4
+QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBTJ
+0NL3F3knHEvJ55LVXox+8v6ntzCBpAYDVR0jBIGcMIGZgBTZ2Gp9q84QYhoW/Olq
+9NzxZqzQuaF+pHwwejELMAkGA1UEBhMCUlUxEzARBgNVBAgTClNvbWUtU3RhdGUx
+ETAPBgNVBAcTCE9yZW5idXJnMREwDwYDVQQKEwhNeVNRTCBBQjEPMA0GA1UEAxMG
+V2FscnVzMR8wHQYJKoZIhvcNAQkBFhB3YWxydXNAbXlzcWwuY29tggEAMA0GCSqG
+SIb3DQEBBAUAA4GBAGJ3vBbcTHBjTQPOGV7EbDEOVybYbiUI8gGumFkKurcywDlp
+uEuqWXyXck5QAu7v1tZiuCU2kbY7j28vPNidt8+P9ilQ6TFUdyt7IXIPYEzUHLvE
+RuX9p1/qRuTf6ZV3LZH4OzN4g10Q3ph8OJEn9lKKtlTxD3rwHdqlItJ1zEzD
+-----END CERTIFICATE-----
diff --git a/SSL/server-key.pem b/SSL/server-key.pem
new file mode 100644
index 00000000000..5afd717e07c
--- /dev/null
+++ b/SSL/server-key.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQC9ffGRUTj+S3m1/+BBrg6ou3tgQpUBdecidFV9dE1QUQxeCUsr
+DI4/nxQ/XtklNpvMdzUw6Yy/O73aYoVMkMjecSwKe9zmhf20JIinjwM9FXxZPfhz
+8DYquIB82MfWH22yt7dInyRWgSwunLmVSFBWnxpglsTA640tVTg/a4K8swIDAQAB
+AoGARciG2NRHn+aduPe1V5rJDTyWD/oVM8d+ykJ7ZUsaWdSvMEZN51mlXSqxYzED
+2N+GesL/1LZ9vcM7hJw5qNu9DQOc7CtMT4k/bmhPJsT226roKKVbw/ocOEY5dK8+
+T9/x8qgo7zC3Qk/bKgjj61m8cQ7Mz/J7ZCEMmDNNrORCzRECQQDrcvJlsBTALilr
+MaAqNyaa0tykEabzg2mUFx5uvmzlwNx9ApSidoU5Xop9c6u00zgCDpsDlcwjhOs1
+jcqRkBTrAkEAzggY7BeN3FnW8tsV0Wq4LL6vK30pe0JIylxrKsFjY4LTo9t/8TKK
+6ZOEETVtM7sepIkxECw5RCBi9sxi3NClWQJAbrA5WKjw+HA7NJO98lq/IWYkKFXM
+IQsUpXRA8FtBormKbpK6Aa6qbxANF3E7teTencj0Azl3IPOqCCFCrDAKRQJAc6bv
+9ncyVqLHmgOJN8ikIdnYEp1rj5khqxY9wf5UgCOMEcrBAu/QMlVwKQjIh+VdyhaI
+x/9LFgboBomsZS9p4QJBAIXaX/WoqL/wgBGS2UroianFFXL6/Bt//CUoGpYgKQYQ
++x+8heMRppmM0to2J7j9nGE83ikMWfPUwMi4TbyWH3Q=
+-----END RSA PRIVATE KEY-----
diff --git a/SSL/server-req.pem b/SSL/server-req.pem
new file mode 100644
index 00000000000..4cd6610e735
--- /dev/null
+++ b/SSL/server-req.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6CBD09E71246DC01
+
+byRzq5+j3r8FX2kQerTUZT5Bw/N6zrN3cmH6NHGJcrqD+vcPdtWf+Rk+mpNXgSQn
+ldkfmniU/htzJ0cUV+KE229Qx10Hx9mIJIbf0Y/rBCUBuaXWVrQB36W9w3rkNPFA
+EEuRMkreOJF42RD16+NBJv+RcHIGzGejXecJKUGF5DKlN0U8YHXnkXTQl54kIdr0
+H7rTrvJygwPk9/ik0M9/vmwduAMvTaHDmvgeolpMlJkxwz8vYkbUnFFJZhB6XNCb
+1w3lJ0EmRJicK5BnZmCEmgt8xiv0PAtg00jBbwddQbn1reAyViBtBT9iXdusHXS5
+Po63rSt7r3MO8aetcMQ6FkklH+ChuS/vFoNY57AwrzF4uEI4GSoZP0ESrRC5Ar5W
+Lzg/HrQAWbPCRlb6Jj3db1woRzFS8joOashROsZdeV/5P4Emhc6J7QMTvB1OHAhQ
+ugOJazJtxjg0DN8+9cM1wtHI7N89PLHhOg13LZNLeeehzIlPwKI2JLqXUc6oR407
+i+S7GCqu7wU+if0Enux8Dj7yrvnTUiqVCL2dyKTS3sBq0Cm2UhbecHclor13y6no
+y1o50TKKD6Zig2hZmSpqKznMxGMVIT36BE0aOMQUmk+aVnRuROclwTTL0ZNLzA+g
+QRTRfQ6iNMf34ypqAMdAMPzDGLPycKuFdxVQxFEVaM2/mrdWFwVAqFsLvzyGvdrh
+nkNyRgTWR/pfH9b3mXLqf6gMPNs764WhFIcZIDk9a4XBBUm2YDb2CxDzDCo/EUMA
+jvIiU0Jt132SEHHF/wAka6d2DnwZ3vexRp6Tebv/uy9IlMLPE+68dw==
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB0jCCATsCAQAwgZExCzAJBgNVBAYTAkVFMRMwEQYDVQQIEwpTb21lLVN0YXRl
+MRAwDgYDVQQHEwdUYWxsaW5uMSYwJAYDVQQKEx1NeVNRTCBzZXJ2ZXIgZGVtbyBj
+ZXJ0aWZpY2F0ZTEUMBIGA1UEAxMLVG9udSBTYW11ZWwxHTAbBgkqhkiG9w0BCQEW
+DnRvbnVAbXlzcWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCerI3Y
+HZyy/YiWLLpCU/pdvYWK5crTD8ABPPKSRk/ZgK4qic/v6NRl/Pb1OiZMKdsG+jSh
+h/OXtTyU8YQFrK1XJdkC2wBx4KmqtB0pNl6ppA3yRbmDdCtF8+IjvOdc5hG29t3E
+rO1lQiw5RyrJ619FAxCrI7zKXIKat7NtZxjSxwIDAQABoAAwDQYJKoZIhvcNAQEE
+BQADgYEAlrUnGX4LYIiVjztHA4gUcOSVeEHCci2qEUq+7yY1JhAw54YDa2MLTTwa
+cH+rXLHjN0MTNfv9tRxdSX+trk3pyvhgFjssD100dJkF83RfVv2tKg9kscVOGQp7
+MkwOnJjfAjQBlTbTOQM46BTjv2FgvsppkO3ViryI//YxKvj/628=
+-----END CERTIFICATE REQUEST-----
View Lorry Controller Status