SERVER-40841 Re-issue invalid test certificates

author: Jonathan Reams <jbreams@mongodb.com> 2019-05-10 10:43:42 -0400
committer: Jonathan Reams <jbreams@mongodb.com> 2019-05-20 15:59:18 -0400
commit: fae0c3f0fa4d5dfbe2f4fb03715b60e9ce3e2d93 (patch)
tree: 53ba77cbc82b4b87017f22102e6cd6cc94331867 /jstests/libs
parent: 31967340abb31476910730163c04782f2e915d01 (diff)
download: mongo-fae0c3f0fa4d5dfbe2f4fb03715b60e9ce3e2d93.tar.gz
17 files changed, 1190 insertions, 416 deletions
diff --git a/jstests/libs/README.ssl b/jstests/libs/README.ssl
index 05f19beb847..532e70dc2fe 100644
--- a/jstests/libs/README.ssl
+++ b/jstests/libs/README.ssl
@@ -62,7 +62,6 @@ combine key and certificate
 cat mycrt.crt mykey.key > mycrt.pem
 
 ---------------------------
-The other ceriticates in this directory come from x509gen.
 How to generate a certificate with a custom extension:
 
 1. Generate a normal certificate signing request without an extension
@@ -95,3 +94,54 @@ cat roles.pem roles2.key > roles_final.pem
 Example Commands for UTF-8
 --------------------------
 openssl req -new -utf8 -nameopt multiline,utf8  -config .\jstests\libs\client_utf8.cnf -newkey rsa:2048 -nodes -keyout roles.key -out roles.csr
+
+Generating other certificates
+-----------------------------
+
+The openssl_configs directory contains the openssl config files to create/sign certificates from the
+test CA. There is one config file per certificate. As an example, to generate server.pem:
+
+Reset the CA state with fresh directories and a new serial
+$ mkdir ca_state
+$ echo '01' > ca_state/serial
+$ touch ca_state/index.txt
+
+Create the CSR for the server certificate from its config (this will also generate server.key)
+$ openssl req -new -config openssl_config/server.cnf -out server.csr
+
+Sign the certificate with the CA (this will update ca_state and output the certificate as server.pem)
+$ openssl ca -config openssl_config/ca.cnf -out server.pem -in server.csr
+
+Concatenate the server key into the certificate you just generated
+$ cat server.key >> server.pem
+
+Clean up - we don't keep the ca_state around
+$ rm -rf ca_state server.key server.csr
+
+Generating CRLs
+---------------
+
+Issue your certificate using the ca config above and then revoke it/create a CRL file:
+
+Reset the CA state with fresh directories and a new serial
+$ mkdir ca_state
+$ echo '01' > ca_state/serial
+$ touch ca_state/index.txt
+
+Create the CSR for the server certificate from its config (this will also generate server.key)
+$ openssl req -new -config openssl_config/client_revoked.cnf -out client_revoked.csr
+
+Sign the certificate
+$ openssl ca -config openssl_config/ca.cnf -out client_revoked.pem -in client_revoked.csr
+
+Revoked the certificate
+$ openssl ca -config openssl_config/ca.cnf -revoke client_revoked.pem
+
+Generate the CRL
+$ openssl ca -config openssl_config/ca.cnf -gencrl -out crl_client_revoked.pem
+
+Concatenate the revoked certificate
+$ cat client_revoked.key >> client_revoked.pem
+
+Clean up
+$ rm -rf ca_state client_revoked.key client_revoked.csr
diff --git a/jstests/libs/badSAN.pem b/jstests/libs/badSAN.pem
index d8e362731e0..ae60404bada 100644
--- a/jstests/libs/badSAN.pem
+++ b/jstests/libs/badSAN.pem
@@ -1,48 +1,111 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDF+7hf6dwP/V2K
+HevGuQ15WyEI9FqbHgOGKEtaB9BUORyRM24ITXA3qPxPW59kwSCZA4pNmLhV9lRR
+hbFEGxWBaLOSUupvX8p3hHlQX+rv5lXN4UHn95nTAwhGBkRZsDcNSvkeuTdXYQlD
+AvmUYPuXMAsMLobPAYbAawOZgHjccUZ2+wGXPxzyH+rURl36y7PgeJPVdPvIRhEe
+9+BimC2Fh2QMQYxHGueP8CZ/124R5d3gteWxImP5yp1JXg0AjiKdrstahXxBcI4W
+NCDtSxauyloK8msitSOMr3MLyN8Q60PLdBsQcv7cfyeVaa2hGPWzEGyv+Bh/hNcm
+H6kZLMmLAgMBAAECggEAJXjDKMQmdpBJx/5pxa74seNhmURGcd14ZUfzGxMnhwlY
+MtM9HC0r9BzzxEFfJb634L4eyxkAqqR4yQU4y98kbt3WPveaj4Hd3EkifOfqm4VI
+8DKWOsVOQ/Xq9vXwsdj8UnPCOuJrawpeqmRBwKeqdq8NKD0WHs/3JSwb/k2mknI4
+zE5w9E5p9+/F3G9LUn+t411zRKm30BfRI+G7kzB+fgK4pTI4yaYa6l+ZJUKoxzcY
+JKMODD9y8bPaQc3VIGqZd53AtjmK6nSjkmBnVzxFmrKJxJObemxuoHJ2fkZNolB0
+vZj42A0i0vN3clR4ULDUX1VQe2D4ugJJ/LfFnJimQQKBgQDqxBshBQsIg5/OC3as
+u4zQR4sGmPMzH6en3ag0yOSxTSyH79lZb9Vq7BFX8kBMsXCdaQgj/ntmByCBlyU9
+tP0VtMB88VhmsXhV+CA/TGkrnIh1r5gj5tkJ8jnNBDvgtImZGC1WikHL8E/CoqOn
+TXLLJN15YlslUpVtaTSGSQdSKQKBgQDX4+1j25tj9xdll8AYPMomUhw5Efim21CJ
+ijrLnMESarAVUpX5ojZJCLMQKnJvL8D3k+3DXQNN1iApSI0Jcwh3m0N+ybfAXd5W
+hIcXYOk/i5vdxVLY5lXtlXvcqj+PUB7RSw7UBfHnOAFHmsXOFWE2MTVZKRgeSi39
+My6d+d88kwKBgQDAbK7j2LNbbi+M/j5uhGd9zDY62SD19WtBH2Cgq00vulbWsRRQ
+x2aBdi8dC9YCRqpMi2t9vTe9v/e34IBI3NFYekgP4O4ZdjtxE6iy2VmWwn3jIGMu
+gifBjEYuMds2aiQiVPvMZBRcKYPmv9It7kA6G+RgeurEY7VQ8Zt4ueEDSQKBgQCj
+b+vxYvl6bj8KLB3Cu5KV/CddlRtWxkVsOndUWbFYjegL3F+pgoHyPGHC5T+IqPA+
+/YBMHAg6TtY+KqyK8MkCM0qfm3o+aVG+0cmrizRJZRl0hMO5bHa0zCve3AwOJKuP
+6nCpVm7RinZ9jNAeudTEP/CRNSkLFUFHpA2wjs/PfQKBgA7pP6k4d/KrCAsA0VcL
+yjjNZK/GS+FCA6nA6Dgf7EEWINYwaWWMU8EqmYRN808zmRF8c6+u4ssT7aMNpNru
+nfELb9FbmtQTYI7aF6liwQEtQnVH5jfLFlGh324aP/kTm+XOkAt6MS0YmY4RoyPm
+xxpnbjWiQcnGCHe63dS8r2t/
+-----END PRIVATE KEY-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3 (0x3)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=Kernel Test CA, OU=Kernel, O=MongoDB, L=New York City, ST=New York, C=US
+        Validity
+            Not Before: May 13 14:45:18 2019 GMT
+            Not After : May 10 14:45:18 2029 GMT
+        Subject: C=US, ST=New York, L=New York City, O=MongoDB, OU=Kernel, CN=127.0.0.1
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:c5:fb:b8:5f:e9:dc:0f:fd:5d:8a:1d:eb:c6:b9:
+                    0d:79:5b:21:08:f4:5a:9b:1e:03:86:28:4b:5a:07:
+                    d0:54:39:1c:91:33:6e:08:4d:70:37:a8:fc:4f:5b:
+                    9f:64:c1:20:99:03:8a:4d:98:b8:55:f6:54:51:85:
+                    b1:44:1b:15:81:68:b3:92:52:ea:6f:5f:ca:77:84:
+                    79:50:5f:ea:ef:e6:55:cd:e1:41:e7:f7:99:d3:03:
+                    08:46:06:44:59:b0:37:0d:4a:f9:1e:b9:37:57:61:
+                    09:43:02:f9:94:60:fb:97:30:0b:0c:2e:86:cf:01:
+                    86:c0:6b:03:99:80:78:dc:71:46:76:fb:01:97:3f:
+                    1c:f2:1f:ea:d4:46:5d:fa:cb:b3:e0:78:93:d5:74:
+                    fb:c8:46:11:1e:f7:e0:62:98:2d:85:87:64:0c:41:
+                    8c:47:1a:e7:8f:f0:26:7f:d7:6e:11:e5:dd:e0:b5:
+                    e5:b1:22:63:f9:ca:9d:49:5e:0d:00:8e:22:9d:ae:
+                    cb:5a:85:7c:41:70:8e:16:34:20:ed:4b:16:ae:ca:
+                    5a:0a:f2:6b:22:b5:23:8c:af:73:0b:c8:df:10:eb:
+                    43:cb:74:1b:10:72:fe:dc:7f:27:95:69:ad:a1:18:
+                    f5:b3:10:6c:af:f8:18:7f:84:d7:26:1f:a9:19:2c:
+                    c9:8b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Alternative Name: 
+                DNS:badSAN
+            X509v3 Subject Key Identifier: 
+                4F:2B:89:C6:AF:A0:C2:D2:D5:FC:C4:B9:5A:57:19:82:DE:95:F4:A5
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+    Signature Algorithm: sha256WithRSAEncryption
+         5a:20:97:d9:c9:67:77:73:13:0b:da:5f:03:45:2b:33:7a:03:
+         19:67:b8:f4:4c:90:85:f9:19:c3:53:6a:3e:b0:9c:07:6c:f7:
+         09:69:20:dc:c7:ab:53:01:1a:c1:36:5f:02:39:9a:59:43:43:
+         3b:82:49:95:9e:3f:cb:70:08:4f:3b:f7:89:20:24:3a:87:20:
+         19:2c:9f:21:5b:c7:c3:ac:21:2f:2d:58:5d:25:50:04:fe:f8:
+         ca:d7:bf:1e:dd:5d:46:3a:db:36:e4:8f:7b:d2:7e:24:35:c5:
+         fd:9d:be:87:85:3e:0f:34:b5:13:63:99:80:1c:a4:50:1d:5e:
+         f8:ff:88:da:c5:12:20:28:94:dc:1f:0b:c6:e6:55:b0:66:d4:
+         19:0b:f0:d3:c0:69:11:85:18:6d:4e:98:1d:37:87:fb:68:90:
+         a0:bb:02:fc:68:da:6c:a0:87:a4:bc:27:6e:f0:a7:7b:98:7f:
+         63:ec:38:56:42:8f:92:06:bd:3f:70:87:db:9c:2d:31:56:52:
+         10:81:e2:25:b1:53:96:ed:df:12:5b:80:a6:59:f7:4f:86:7d:
+         5c:6e:2f:37:78:f5:45:a4:3e:07:87:5b:3a:4a:57:82:9e:b3:
+         1a:be:54:28:17:98:b8:9f:35:10:d8:71:77:70:59:17:3f:f4:
+         30:c8:f9:8b
 -----BEGIN CERTIFICATE-----
-MIIDdTCCAl2gAwIBAgIDAYKXMA0GCSqGSIb3DQEBBQUAMHQxFzAVBgNVBAMTDktl
-cm5lbCBUZXN0IENBMQ8wDQYDVQQLEwZLZXJuZWwxEDAOBgNVBAoTB01vbmdvREIx
-FjAUBgNVBAcTDU5ldyBZb3JrIENpdHkxETAPBgNVBAgTCE5ldyBZb3JrMQswCQYD
-VQQGEwJVUzAeFw0xNDA5MjMxNTE3MjNaFw0zNDA5MjMxNTE3MjNaMG8xEjAQBgNV
-BAMTCTEyNy4wLjAuMTEPMA0GA1UECxMGS2VybmVsMRAwDgYDVQQKEwdNb25nb0RC
-MRYwFAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQIEwhOZXcgWW9yazELMAkG
-A1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCDB/lxuzeU
-OHR5nnOTJM0fHz0WeicnuUfGG5wP89Mbkd3Y+BNS0ozbnkW+NAGhD+ehNBjogISZ
-jLCd+uaYu7TLWpkgki+1+gM99Ro0vv7dIc8vD7ToILKMbM8xQmLbSxDT2tCUoXlc
-m7ccgDZl9oW1scQYQ8gWHjmk3yK8sCoGa/uwr49u74aVM7673tLsK41m8oYPzt/q
-VGT+mXpBJQcGXkTNQtIPxBtD25jr+aPietS3u70zrVPY6ZDsGE7DofEeRl97kVoF
-NcpaQmVEwEo8KCWaT6OaPaUUUjAMwzqiZaHNZ6mL1pCr65bLXP6T9tiMtWLw5+SG
-3E09fhQuWod5AgMBAAGjFTATMBEGA1UdEQQKMAiCBmJhZFNBTjANBgkqhkiG9w0B
-AQUFAAOCAQEAQzlibJvlUpJG3vc5JppdrudpXoVAP3wtpzvnkrY0GTWIUE52mCIf
-MJ5sARvjzs/uMhV5GLnjqTcT+DFkihqKyFo1tKBD7LSuSjfDvjmggG9lq0/xDvVU
-uczAuNtI1T7N+6P7LyTG4HqniYouPMDWyCKBOmzzNsk+r1OJb6cxU7QQwmSWw1n1
-ztNcF6JzCQVcd9Isau9AEXZ9q0M0sjD9mL67Qo3Dh3Mvf4UkJKqm3KOQOupUHZLU
-vJwfsS2u+gfHY1Plywzq3AuT7ygbksR3Pqfs8LFPnuRAH+41sFTGUM52hiU7mNPj
-ebl8s1tjK7WQ+a8GTABJV0hDNeWd3Sr+Og==
+MIIDvzCCAqegAwIBAgIBAzANBgkqhkiG9w0BAQsFADB0MRcwFQYDVQQDEw5LZXJu
+ZWwgVGVzdCBDQTEPMA0GA1UECxMGS2VybmVsMRAwDgYDVQQKEwdNb25nb0RCMRYw
+FAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQIEwhOZXcgWW9yazELMAkGA1UE
+BhMCVVMwHhcNMTkwNTEzMTQ0NTE4WhcNMjkwNTEwMTQ0NTE4WjBvMQswCQYDVQQG
+EwJVUzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkx
+EDAOBgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDESMBAGA1UEAwwJMTI3
+LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxfu4X+ncD/1d
+ih3rxrkNeVshCPRamx4DhihLWgfQVDkckTNuCE1wN6j8T1ufZMEgmQOKTZi4VfZU
+UYWxRBsVgWizklLqb1/Kd4R5UF/q7+ZVzeFB5/eZ0wMIRgZEWbA3DUr5Hrk3V2EJ
+QwL5lGD7lzALDC6GzwGGwGsDmYB43HFGdvsBlz8c8h/q1EZd+suz4HiT1XT7yEYR
+HvfgYpgthYdkDEGMRxrnj/Amf9duEeXd4LXlsSJj+cqdSV4NAI4ina7LWoV8QXCO
+FjQg7UsWrspaCvJrIrUjjK9zC8jfEOtDy3QbEHL+3H8nlWmtoRj1sxBsr/gYf4TX
+Jh+pGSzJiwIDAQABo2EwXzAJBgNVHRMEAjAAMBEGA1UdEQQKMAiCBmJhZFNBTjAd
+BgNVHQ4EFgQUTyuJxq+gwtLV/MS5WlcZgt6V9KUwCwYDVR0PBAQDAgWgMBMGA1Ud
+JQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IBAQBaIJfZyWd3cxML2l8D
+RSszegMZZ7j0TJCF+RnDU2o+sJwHbPcJaSDcx6tTARrBNl8COZpZQ0M7gkmVnj/L
+cAhPO/eJICQ6hyAZLJ8hW8fDrCEvLVhdJVAE/vjK178e3V1GOts25I970n4kNcX9
+nb6HhT4PNLUTY5mAHKRQHV74/4jaxRIgKJTcHwvG5lWwZtQZC/DTwGkRhRhtTpgd
+N4f7aJCguwL8aNpsoIekvCdu8Kd7mH9j7DhWQo+SBr0/cIfbnC0xVlIQgeIlsVOW
+7d8SW4CmWfdPhn1cbi83ePVFpD4Hh1s6SleCnrMavlQoF5i4nzUQ2HF3cFkXP/Qw
+yPmL
 -----END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAgwf5cbs3lDh0eZ5zkyTNHx89FnonJ7lHxhucD/PTG5Hd2PgT
-UtKM255FvjQBoQ/noTQY6ICEmYywnfrmmLu0y1qZIJIvtfoDPfUaNL7+3SHPLw+0
-6CCyjGzPMUJi20sQ09rQlKF5XJu3HIA2ZfaFtbHEGEPIFh45pN8ivLAqBmv7sK+P
-bu+GlTO+u97S7CuNZvKGD87f6lRk/pl6QSUHBl5EzULSD8QbQ9uY6/mj4nrUt7u9
-M61T2OmQ7BhOw6HxHkZfe5FaBTXKWkJlRMBKPCglmk+jmj2lFFIwDMM6omWhzWep
-i9aQq+uWy1z+k/bYjLVi8OfkhtxNPX4ULlqHeQIDAQABAoIBAC4Bx8jyJmKpq+Pk
-CcqZelg6HLXesA7XlGbv3M0RHIeqoM2E1SwYd5LJMM3G7ueBcR/97dz8+xH6/yyJ
-Ixxvk9xu9CMmkRABN9AyVkA867nzHA73Idr7WBXMQreWCqXa5o6sXt5BEB6/If0k
-23TTqUERqLuoWQHDHRRRsJ218RuNmbvBe8TGXcfunC0eeDVKDeqAXol6bD5lztdu
-B6jkdLt5UZSQ7X8OmClbeDlac90B8usNi+pUE9q1p7X462vAw8LohkxLY2nyIcmU
-feNdTNHP+lklv+E+p9w/Az7Hf6zxm525tw90QVI048fr9SL3ftLHOt4FhucSCn0Z
-CjylP4ECgYEA+nQrNVdVwmxcWCVn69LR1grNXUSz+fLHCo+QKma4IyC1kuuZ+BBo
-Iwdf9t/S1tgtTYru3uxzCpQg7J1iDeEFEsMHl0rc6U1MmIE+6OvACVG3yotqoOqE
-852pi1OWIe94yTk2ZmNXJ8gpUE/gtMprbcSWOb7IzzrXy2lDcaEMuGkCgYEAhe7L
-ZvYI4LEvu6GSPp97qBzDH9m5UrHaTZIJk/Nu7ie919Sdg62LTfphsaK+pSyA55XQ
-8L9P7wNUPC44NnE+7CIJZsIuKdYqR5QI6No9RdTyij0Hgljfc7KuH2b8lf8EjvuH
-qZAf5zL3pIOQs8E8/MYHlGIqmTkYK41eCAcS9JECgYEADnra6KmU9rmnGR2IhZTZ
-tuNG/kZzlVbY9R5ZumnX6YgBl23xp+ri6muJu88y9GLpM5t9tfu7pvfrc2KiAaVp
-0qzd6nxUi1SBwituxK6kmqVT1+z5jDYi26bY34pEms+qjw+0unSx3EXxRYhouGsf
-jOgZu1rxZzHCuirq0E38W0kCgYBzOK16RX37t9OFywlioJekWCIxu4BouSNCirl8
-s/eiIUR8cqiUCPAIRLhZNtZmiTPYiBW5mAyvZiDIqUao56InSVznL3TBf0LeU2ea
-023VLs79yGU2aTjLc1PDJjl03XDRhWj/okMgBsPvn1QUoNDT8ZXBvPZC3VCC31qe
-818GUQKBgQDBUP2BC/Th/0dErOQ5lWkY3YbmzrTp2pDsHGZJRD+OdQ5B8FUvCP8m
-JESk/0ATn7niUqawnOy/2KlKIkeBBV2XL1rjIGEhCkBUuhCiInNDqz1AGdXzIKaT
-myoZ4PhIsH1D643e6iLhyAZuUAA4yB31E2a3l7EMyhV3vKbdWWygGQ==
------END RSA PRIVATE KEY-----
diff --git a/jstests/libs/client-self-signed.pem b/jstests/libs/client-self-signed.pem
index 27fbf225059..5da5d7539de 100644
--- a/jstests/libs/client-self-signed.pem
+++ b/jstests/libs/client-self-signed.pem
@@ -1,47 +1,114 @@
------BEGIN CERTIFICATE-----
-MIIDXDCCAkQCCQCDkcJhHXlrtzANBgkqhkiG9w0BAQsFADBwMQ8wDQYDVQQDDAZj
-bGllbnQxEzARBgNVBAsMCktlcm5lbFVzZXIxEDAOBgNVBAoMB01vbmdvREIxFjAU
-BgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5ldyBZb3JrMQswCQYDVQQG
-EwJVUzAeFw0xODA1MDgxOTA2MTdaFw0yMDA3MTcxOTA2MTdaMHAxDzANBgNVBAMM
-BmNsaWVudDETMBEGA1UECwwKS2VybmVsVXNlcjEQMA4GA1UECgwHTW9uZ29EQjEW
-MBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UECAwITmV3IFlvcmsxCzAJBgNV
-BAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxIP1BCsp6e+B
-5BpefH+yDvdVwDteI3H7CKh8X0TJYAYHAy5bOJ9fS0PB50gAXYqDFTHWTnGGxTaq
-67d4Hc5ZB+UgnNralBvhVYB6jFpV4oBqdht//VhcdLBq8n6aRmM63zP82dKA5Ehz
-q7jhwLI0v/m3lZfkE+qKWb+E87KS47BstOHDIqAUIeUJutrC/usS7aatRhHqtmg2
-8pEVJV8/YBPL4DWZkKoqrg+hJjXNjpy7ec2GAvgk+5ZWvjmNUBTtrE+47l8Eq3nM
-TLsTDqtPHqv/udZScaCltPkw2ffGMhhp/eFLF+F3E9NpZC5mpUfe4+E5iZAXL9/r
-IRO4ESbI9wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQB4DscFT2z5hgzHC64SVjHk
-Rpodjct0/kLkcJpaAZ/VTU6J6JI0TRDI0lsYV+UlogPxNWHgo7OGmG26tUPh61TX
-XCq0Y1SbUsJFJa61d4fl30cBsA/w+eN1GRMua+eo1DTeFC8n0bVUqCjaMzumZWnX
-bOR5eUUGw2r/JbCvCU2QNuL6/LKg2e2/C6pwkxQzFpKVTgvc0mq9+rifAIo0a9JV
-41FIpgbJrojXCjP1gs2On3Uvr0XJsiMd9+T6duZt5MNh4M3Mfrr+tzATM61JM0Mg
-VryKakzERFMLnTH3aS/JfTMGlCvUJEiMU2N9mePmSucNnJHX6wYjmOr++6RoLBhc
------END CERTIFICATE-----
 -----BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEAxIP1BCsp6e+B5BpefH+yDvdVwDteI3H7CKh8X0TJYAYHAy5b
-OJ9fS0PB50gAXYqDFTHWTnGGxTaq67d4Hc5ZB+UgnNralBvhVYB6jFpV4oBqdht/
-/VhcdLBq8n6aRmM63zP82dKA5Ehzq7jhwLI0v/m3lZfkE+qKWb+E87KS47BstOHD
-IqAUIeUJutrC/usS7aatRhHqtmg28pEVJV8/YBPL4DWZkKoqrg+hJjXNjpy7ec2G
-Avgk+5ZWvjmNUBTtrE+47l8Eq3nMTLsTDqtPHqv/udZScaCltPkw2ffGMhhp/eFL
-F+F3E9NpZC5mpUfe4+E5iZAXL9/rIRO4ESbI9wIDAQABAoIBAEV/SUJNJYiG3E/Y
-B3xOCKGEVP4jwLoWUCoSs9FZWUItP4OffEE9E41hjAyICSELoCn5swmQ2pGaML4l
-50PbOt8w5+Sw/UYNyhXb1vsV43Oz6HKWbSAihKf70AasQVENPL+8+fnqmQyils2v
-F593JnKSFJvB2LY2ZvEwawtoJsyAdENw+NacVnEoMbaJqn0x0XsFb0RAvV9PQaFD
-U29yg3T3TxnoDHxmnPaLUhn4ht7bOc66PjeJEl2jvnhNdSwPND9dg+hF/hX966Io
-vNfKyp5q5nr6dnshjMWciyAu3v0FhaQ+7MTG2pij1yR1L1XM/gxL7u65bCCw3D2d
-BEiiB2ECgYEA7HoiLTImR2IN3QSkKi/j6YzLIhpZgfl1XW3P2EKXcbToghDsbZtV
-81ZtPwX5R5gCSKR7c05hPOgio2ext71jomRQYDHHTFu2gbKyk0iC3fhY7u44ugRQ
-KOMqQE2WZUV4Ll9QOflMoSWypDmSzgG5hYF86dSW1Leuoo8nDUnvcocCgYEA1L0/
-YNZoF+h4OsO3t7zJ38X6vmn7vwkWwlFC8puaseUmL0ENWGZxtBZzuzcVHWzSTxzk
-+lpKNUloXeEE39btVWonDUx4uPajHsXE3i8/jjgOxden36cGxXxV1yWaSGTC7ikM
-TPSzhtyMxlsmG7cXgIELCiWF0H2Mt+RGwTnz4hECgYEApQD/keu5O/vWUo7ngaxS
-6mbcYppiNEf9Ncjmyy6D/8pMplzqq/xEd/upVN11OBiAF3H11douDVKowL4dCmky
-+V/nmYeCWexwp4UqB40EC6A7ZdSBboKN8Em59I5uz5Eur6TAFQO4DYWBZgfqQKaB
-bf+RSpOU/y5/w1wB0srxMkcCgYEAyq36geIDjjOWyDXLBKxCkIVoXJ1QkTKxkjQl
-WkpRWYb9mCub8Uq4rWBupkDWRxB0VZcruDDpXlcvrbFCGZgEyUm3Jv5iTaX8xsaY
-xy2wmWhi+q55a6UP2Hqatb1Hfg0xggFtjKvdlnDtVdVlOyZ2p6FJyULyeC4FMPW1
-S0ZRSmECgYEAyjTgEjvIUsd4NkVdMcBBHO/WKl7gMQDcUGOnlrpyEPumXC1+H2jy
-GWbnBoWyXJ+SrMP3MFpCEG7BZ7P5oFjLDBJ8+xUiHWPLLGRRhp2tyySeR/urjgRO
-kLX6W+WWErw2V5+KmgEJb/SpbAGcJhDyLCN56L/Osqrod9avQ4/YW60=
+MIIEowIBAAKCAQEAwiVDsnHAL2fRW7lFMrkZOGbIuKXB/zjO4wctQLVEdH/YW0Ho
+Oifh2zSwENU4LPm+FqPqRyWYr63LyzmnakA74d47Vp2np+MCsOji6ktDgbZkOuC5
+NSsw0Fg5PjhKzvC2LtXtB6MO4JJnG2t67fImZyHRoFrNWVK7khhF3fc6PKEkQ6zc
+Z40cSTOLrEqPoj9AAgH+HWcgPg909EW1GrDA/nds7H8tbXmWyEr6TJ6/7YGe6QOl
+cLUvkdc0Sq2jQR3fCIjVqI2KA2EQGoaDNUq8K5Mqza2sZpXw+sX8P//eGe2Q23CR
+q83hRJMMzpRTZKT5YfyEGwMJ8SpkezkQnnZdEQIDAQABAoIBAQCGSyqRw7dx0zlx
+Xi2skXcNmaOcfiQ8O/p39h3qVbjdcRWiwms11yKW89IaQrMSAUro9Ed5IVuFog2H
+LQFOMNJ7QbMADhvLuO7CmsVj1d4DWrvoMkxKp+6jH3OxQ1UT4lPS/+1uy+7djse9
+otIsx8SisDUF2+mRsPXIb/vcN0hUaNiFIo2myv8L8YHkwQtPnB1650uZsd3FCEGl
+5+1uvCj63Y3PP8R1HqX+U8p3QbvbBnVdXHMlKXj2FJm7bmTL8uxpjxlM3LWNLSki
+X+TZBAiFcfuROdLALfLuxq0AETq/X7uiNS3Wzw/ZABXF5oo7KMWM9uotIwONyFt3
+/iIqppL1AoGBAPlfaAeKNjMIts+UDF+UsZW40O3+Qq1QwK6vnL2o7rOeM6NM0ErT
+Akm4lY82YUymTvZmLZBGbu7ZWVayD/ePJHPts7VIIz3IsODNx2RMuE140ceYrNnX
+Oz0RbEeFDBSoORoKo7PkaGLx7XaaMIkX38F4sqwKyZV054yAJ91JKTcPAoGBAMdO
+H5QrYmjXw6hYZmUKqN9VrEqJCjFkmM9NekB5fb8c26VGRPPvWkY3m004Fm8RFemM
+vJa8AXKmMpF3qKFjJ1U5qDuZ/MOnn1Z0KcVHOUXg2ZAMq17m1dH6bfDYWYx2nu/1
+In+qFTo9tS9wVP58hyQ3Nz9PHAYqL8iFy81qYinfAoGAA9Xj07nce4x2w1qTliTD
+VnoxPHfcrq2/SPCKiKBAi6KzSJ+11HDKaDfelQVRGcy1CjUoHj/3FNVi+mJivHwH
+I4FUckVZxWmAzvRbTL+hVg+1qkw+3FrjHl1WPQNe3DJ6LlxbiDjLIjp2XIyiknk7
+h85DcUH5N8NEjHSsKEsnxyECgYAW/zKxnBfs1Qikgh6+he5aZr5Mk2dzr5HaSaxT
+iDE0PhYyCdum8fVOqNfonxInmqcWncCc+/CG1Bp9onr4tEIzmUWKKwh5YvwFs72m
+H8PCBmHUN0IG30fIxMauxaf/hyhrs7NZW7y7Tad8Y8/K1X+adCyRx4UKSQ/eaWHM
+v/u3rQKBgCDj9s/ls+1360dgDVVDqoxzHfUltjr5bmJZe5xA8P26nESLj/OBDVzb
+vj50Wey1KiEl2Pj74ttn4ItRu6DA/3dzhopropLh5cmY7Nac+vXuuAsUql2vBHX6
+CCZyOW36kf9yt+0Zay2RGOW6xcBXGIPxp8SM8V63DF58XrZUnyIJ
 -----END RSA PRIVATE KEY-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 7 (0x7)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, ST=New York, L=New York City, O=MongoDB, OU=KernelUser, CN=client
+        Validity
+            Not Before: May  9 18:00:36 2019 GMT
+            Not After : May  6 18:00:36 2029 GMT
+        Subject: C=US, ST=New York, L=New York City, O=MongoDB, OU=KernelUser, CN=client
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:c2:25:43:b2:71:c0:2f:67:d1:5b:b9:45:32:b9:
+                    19:38:66:c8:b8:a5:c1:ff:38:ce:e3:07:2d:40:b5:
+                    44:74:7f:d8:5b:41:e8:3a:27:e1:db:34:b0:10:d5:
+                    38:2c:f9:be:16:a3:ea:47:25:98:af:ad:cb:cb:39:
+                    a7:6a:40:3b:e1:de:3b:56:9d:a7:a7:e3:02:b0:e8:
+                    e2:ea:4b:43:81:b6:64:3a:e0:b9:35:2b:30:d0:58:
+                    39:3e:38:4a:ce:f0:b6:2e:d5:ed:07:a3:0e:e0:92:
+                    67:1b:6b:7a:ed:f2:26:67:21:d1:a0:5a:cd:59:52:
+                    bb:92:18:45:dd:f7:3a:3c:a1:24:43:ac:dc:67:8d:
+                    1c:49:33:8b:ac:4a:8f:a2:3f:40:02:01:fe:1d:67:
+                    20:3e:0f:74:f4:45:b5:1a:b0:c0:fe:77:6c:ec:7f:
+                    2d:6d:79:96:c8:4a:fa:4c:9e:bf:ed:81:9e:e9:03:
+                    a5:70:b5:2f:91:d7:34:4a:ad:a3:41:1d:df:08:88:
+                    d5:a8:8d:8a:03:61:10:1a:86:83:35:4a:bc:2b:93:
+                    2a:cd:ad:ac:66:95:f0:fa:c5:fc:3f:ff:de:19:ed:
+                    90:db:70:91:ab:cd:e1:44:93:0c:ce:94:53:64:a4:
+                    f9:61:fc:84:1b:03:09:f1:2a:64:7b:39:10:9e:76:
+                    5d:11
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Key Usage: 
+                Digital Signature, Non Repudiation, Key Encipherment
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                25:6A:3B:7A:80:BD:CF:5D:71:36:A3:5B:1E:75:86:87:63:52:B9:23
+            X509v3 Authority Key Identifier: 
+                keyid:25:6A:3B:7A:80:BD:CF:5D:71:36:A3:5B:1E:75:86:87:63:52:B9:23
+
+    Signature Algorithm: sha256WithRSAEncryption
+         bc:79:dc:c8:06:70:f0:8a:20:db:27:5a:b0:8e:98:28:12:7e:
+         74:77:0d:9f:5b:17:49:65:d7:28:65:27:36:93:0b:3f:4f:86:
+         59:e2:9b:ca:63:3e:0f:69:5b:64:0c:99:25:76:7d:99:1c:81:
+         ee:4a:08:d6:0b:e9:3c:ec:b8:ed:33:2b:c6:ab:f0:fb:4d:79:
+         a9:e0:19:22:ab:5a:8d:ab:f6:4d:2a:17:df:8d:aa:2b:26:61:
+         92:8a:3e:17:71:07:0a:b9:70:73:36:1f:48:2b:f0:0c:2a:b6:
+         fc:17:bd:a3:1c:fb:a5:a7:cc:c3:c2:0b:de:ef:bc:17:07:9e:
+         53:59:74:1a:3e:2a:96:e4:91:f4:59:7d:59:33:23:ad:c9:67:
+         22:7e:af:88:9b:27:0c:13:b2:e3:3e:57:c4:55:d4:c2:be:96:
+         e8:f3:67:24:f9:81:ee:a4:f6:66:52:fd:6e:ae:55:b8:86:de:
+         79:49:8f:d7:08:d5:db:1e:3b:77:b6:89:37:9d:43:04:5b:2e:
+         d1:88:47:47:75:64:3c:e9:59:87:74:84:3b:b7:41:c4:e7:15:
+         0a:e5:59:f7:5e:e0:09:45:39:89:ac:3d:54:2f:c7:02:fd:9e:
+         95:77:09:71:53:06:9a:5f:be:73:38:f7:4a:7a:83:81:1c:a1:
+         63:35:8e:95
+-----BEGIN CERTIFICATE-----
+MIID+jCCAuKgAwIBAgIBBzANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzER
+MA8GA1UECBMITmV3IFlvcmsxFjAUBgNVBAcTDU5ldyBZb3JrIENpdHkxEDAOBgNV
+BAoTB01vbmdvREIxEzARBgNVBAsTCktlcm5lbFVzZXIxDzANBgNVBAMTBmNsaWVu
+dDAeFw0xOTA1MDkxODAwMzZaFw0yOTA1MDYxODAwMzZaMHAxCzAJBgNVBAYTAlVT
+MREwDwYDVQQIEwhOZXcgWW9yazEWMBQGA1UEBxMNTmV3IFlvcmsgQ2l0eTEQMA4G
+A1UEChMHTW9uZ29EQjETMBEGA1UECxMKS2VybmVsVXNlcjEPMA0GA1UEAxMGY2xp
+ZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwiVDsnHAL2fRW7lF
+MrkZOGbIuKXB/zjO4wctQLVEdH/YW0HoOifh2zSwENU4LPm+FqPqRyWYr63Lyzmn
+akA74d47Vp2np+MCsOji6ktDgbZkOuC5NSsw0Fg5PjhKzvC2LtXtB6MO4JJnG2t6
+7fImZyHRoFrNWVK7khhF3fc6PKEkQ6zcZ40cSTOLrEqPoj9AAgH+HWcgPg909EW1
+GrDA/nds7H8tbXmWyEr6TJ6/7YGe6QOlcLUvkdc0Sq2jQR3fCIjVqI2KA2EQGoaD
+NUq8K5Mqza2sZpXw+sX8P//eGe2Q23CRq83hRJMMzpRTZKT5YfyEGwMJ8SpkezkQ
+nnZdEQIDAQABo4GeMIGbMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMBMGA1UdJQQM
+MAoGCCsGAQUFBwMCMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBD
+ZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUJWo7eoC9z11xNqNbHnWGh2NSuSMwHwYDVR0j
+BBgwFoAUJWo7eoC9z11xNqNbHnWGh2NSuSMwDQYJKoZIhvcNAQELBQADggEBALx5
+3MgGcPCKINsnWrCOmCgSfnR3DZ9bF0ll1yhlJzaTCz9Phlnim8pjPg9pW2QMmSV2
+fZkcge5KCNYL6TzsuO0zK8ar8PtNeangGSKrWo2r9k0qF9+NqismYZKKPhdxBwq5
+cHM2H0gr8AwqtvwXvaMc+6WnzMPCC97vvBcHnlNZdBo+KpbkkfRZfVkzI63JZyJ+
+r4ibJwwTsuM+V8RV1MK+lujzZyT5ge6k9mZS/W6uVbiG3nlJj9cI1dseO3e2iTed
+QwRbLtGIR0d1ZDzpWYd0hDu3QcTnFQrlWfde4AlFOYmsPVQvxwL9npV3CXFTBppf
+vnM490p6g4EcoWM1jpU=
+-----END CERTIFICATE-----
diff --git a/jstests/libs/client.pem b/jstests/libs/client.pem
index 50a64e41728..b5d4bbc7cd5 100644
--- a/jstests/libs/client.pem
+++ b/jstests/libs/client.pem
@@ -1,48 +1,108 @@
------BEGIN CERTIFICATE-----
-MIIDXTCCAkWgAwIBAgIBAzANBgkqhkiG9w0BAQUFADB0MRcwFQYDVQQDEw5LZXJu
-ZWwgVGVzdCBDQTEPMA0GA1UECxMGS2VybmVsMRAwDgYDVQQKEwdNb25nb0RCMRYw
-FAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQIEwhOZXcgWW9yazELMAkGA1UE
-BhMCVVMwHhcNMTQwNzE3MTYwMDAwWhcNMjAwNzE3MTYwMDAwWjBwMQ8wDQYDVQQD
-EwZjbGllbnQxEzARBgNVBAsTCktlcm5lbFVzZXIxEDAOBgNVBAoTB01vbmdvREIx
-FjAUBgNVBAcTDU5ldyBZb3JrIENpdHkxETAPBgNVBAgTCE5ldyBZb3JrMQswCQYD
-VQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJIFboAk9Fdi
-DY5Xld2iw36vB3IpHEfgWIimd+l1HX4jyp35i6xoqkZZHJUL/NMbUFJ6+44EfFJ5
-biB1y1Twr6GqpYp/3R30jKQU4PowO7DSal38MR34yiRFYPG4ZPPXXfwPSuwKrSNo
-bjqa0/DRJRVQlnGwzJkPsWxIgCjc8KNO/dSHv/CGymc9TjiFAI0VVOhMok1CBNvc
-ifwWjGBg5V1s3ItMw9x5qk+b9ff5hiOAGxPiCrr8R0C7RoeXg7ZG8K/TqXbsOZEG
-AOQPRGcrmqG3t4RNBJpZugarPWW6lr11zMpiPLFTrbq3ZNYB9akdsps4R43TKI4J
-AOtGMJmK430CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAA+nPgVT4addi13yB6mjW
-+UhdUkFwtb1Wcg0sLtnNucopHZLlCj5FfDdp1RQxe3CyMonxyHTKkrWtQmVtUyvf
-C/fjpIKt9A9kAmveMHBiu9FTNTc0sbiXcrEBeHF5cD7N+Uwfoc/4rJm0WjEGNkAd
-pYLCCLVZXPVr3bnc3ZLY1dFZPsJrdH3nJGMjLgUmoNsKnaGozcjiKiXqm6doFzkg
-0Le5yD4C/QTaie2ycFa1X5bJfrgoMP7NqKko05h4l0B0+DnjpoTJN+zRreNTMKvE
-ETGvpUu0IYGxe8ZVAFnlEO/lUeMrPFvH+nDmJYsxO1Sjpds2hi1M1JoeyrTQPwXj
-2Q==
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDJyauFhtHK3W3b
+kFUiz/24lEi0VOesmDF5c/sUO67h+IXVdLUSz/v2tb30cgk8GhppczwcpZp98gTx
+NgI3Z5ZRPumzK9Aw8l1p23YtDGzSdfsXGjOeab2MieRCHtbL847doxHae3C7YofJ
+NTmJOVan4vviUT7YRBK0kSDgADOGtkt9YeviyPoX6vr9izcyTTg2Z/Zbm64zMNOo
+ifyvi6i0P1HN708KVPsKpek87Hdi8LAy1QfLdDe3Z7dhUP0H0A5EQhDcd7FlAxwh
+WqdMmm81STj4cvgWx1XSAHL7vj1s4O0qN5nEAb4lenSIIP7flGKyevU7fnGZg2I7
+rVQ3D0wRAgMBAAECggEBAK/uL6hMYk8f/a8nyMKAWvL5/eWT/SWCz+fXUfpTCuej
+mXQAu/q58TEpRYOBhUGsdIip2qgTTn4ua1auwwHxQ6J0WqdHNM3oEb/AgulF4v8f
+tBpxUr3z7TpB4wwu/RF2uYHNsjwt0ZzejArGZ/KXVlEr2nZ4ZXWC7FgYDHSgWExC
+ySoI/XeeB+t3jJPjvKOj/EjexNC1qIJwV+YSrbZ4geAJsJf4TvzeY49G+Fng+c6b
+bxD+aay+8NuROYt0zI+ufnMqr96FLyyrsO79auJRxeitwU6A2Hl/KLLoOn2vK5Q7
+6K/HmBsFC5k1NXTOG8hO3PdnqjCaslbwRCqUWlaxMsECgYEA7LJLAIYJ2gPZta/H
+aKPbFYaVcBjkwN6QST6KyjlYTuHYITyMuLwdpeXyo0WZnohLA6L7FMN/JZF9i8f4
+3ip4TnOHuNvzerrtyjjyiMsLX/pMSPTTl6gtRNrppSRlPBphH+KbBdI4TZXmx8d9
+IoOe/kRomgukroZ90xy4CCTs8SkCgYEA2j6PRqZ0TCBhuAUbPNLtz2KbzIlXBU8I
+KNurI34La72bgyjJ1Nc+l964VnRM2XA63Xix7H5dTWuUHdv93WMn3PvPVE8vk9eF
+6ox3ANfa/+WU36ajP224iTLDNpmbLG808gGUKhcRGW+NcbhQKoVMxl9mfl1zn/NL
+QjecaIeOWKkCgYAGBUb5HW+0tvJbt7vnwns5IfI9JrTy3vZmlourNygy4XXA6qxd
+qpNKe/3e/084BBl8XzHpxks+pmO+IXkIFaZ3wGKMZjPcRFL2GNq6dge1CkXUeT3E
+lseH/9V/mNxmWflseTQeQsmh15VGMaHSNezeZNkQSgmHUu5yZ0GbG21XeQKBgHoI
+3UjeLs2alcm2YUKjl4KNWx0F9vjq9l8SZiHUi0JVpa2zkxhGu6NkUKNXKNm1HdVV
+dfgNuNJfw1Tm/I9csJ+q1oYIOUxsCV/b53c7PCQ3FgXxQftnuPZOwkW3osM3890W
+8OiQOWmFrQvXykvcec+67K7gRpU8D+sY+YahtgDxAoGBAJOduSQpjFgd4oTHBwI6
+ULhnGIPX7Yguf8MdP4rjbbbUyvbbMqYsMKaXvRhj8h/Fh9NhvST1dSV6y6RtLo3E
++MNuHDERk2C1RI9OipsttsBB2C6RKpTdHh+iAdUM8BkQYhvwvKJCHWpYdJ5239b3
+5Ghd3XrN4HKu9FaiEz01IKVH
+-----END PRIVATE KEY-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=Kernel Test CA, OU=Kernel, O=MongoDB, L=New York City, ST=New York, C=US
+        Validity
+            Not Before: May 13 14:39:50 2019 GMT
+            Not After : May 10 14:39:50 2029 GMT
+        Subject: C=US, ST=New York, L=New York City, O=MongoDB, OU=KernelUser, CN=client
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:c9:c9:ab:85:86:d1:ca:dd:6d:db:90:55:22:cf:
+                    fd:b8:94:48:b4:54:e7:ac:98:31:79:73:fb:14:3b:
+                    ae:e1:f8:85:d5:74:b5:12:cf:fb:f6:b5:bd:f4:72:
+                    09:3c:1a:1a:69:73:3c:1c:a5:9a:7d:f2:04:f1:36:
+                    02:37:67:96:51:3e:e9:b3:2b:d0:30:f2:5d:69:db:
+                    76:2d:0c:6c:d2:75:fb:17:1a:33:9e:69:bd:8c:89:
+                    e4:42:1e:d6:cb:f3:8e:dd:a3:11:da:7b:70:bb:62:
+                    87:c9:35:39:89:39:56:a7:e2:fb:e2:51:3e:d8:44:
+                    12:b4:91:20:e0:00:33:86:b6:4b:7d:61:eb:e2:c8:
+                    fa:17:ea:fa:fd:8b:37:32:4d:38:36:67:f6:5b:9b:
+                    ae:33:30:d3:a8:89:fc:af:8b:a8:b4:3f:51:cd:ef:
+                    4f:0a:54:fb:0a:a5:e9:3c:ec:77:62:f0:b0:32:d5:
+                    07:cb:74:37:b7:67:b7:61:50:fd:07:d0:0e:44:42:
+                    10:dc:77:b1:65:03:1c:21:5a:a7:4c:9a:6f:35:49:
+                    38:f8:72:f8:16:c7:55:d2:00:72:fb:be:3d:6c:e0:
+                    ed:2a:37:99:c4:01:be:25:7a:74:88:20:fe:df:94:
+                    62:b2:7a:f5:3b:7e:71:99:83:62:3b:ad:54:37:0f:
+                    4c:11
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                72:41:CD:3B:19:0F:71:1B:98:A6:94:61:25:B8:9C:58:7C:6F:4D:B3
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+    Signature Algorithm: sha256WithRSAEncryption
+         06:f1:f9:fd:38:a8:e5:8d:94:2e:6b:1f:74:b9:70:eb:52:98:
+         fe:62:b2:47:76:a2:df:f7:1b:af:72:51:6f:b8:8a:33:4a:3f:
+         78:41:d3:b0:5d:94:2e:1c:ab:e7:3d:8d:88:51:66:5c:35:ff:
+         22:4c:a7:a6:df:b9:0e:ec:95:22:63:a4:f0:89:9e:ee:00:2f:
+         07:33:fc:1a:a5:72:34:e4:5b:a4:75:de:a9:7f:ca:a4:39:14:
+         c5:ae:98:6a:9d:f8:8c:16:cf:6c:d2:aa:45:5b:66:05:a1:ae:
+         e8:65:3d:c3:18:80:54:6d:45:14:01:a2:ee:5e:29:23:9e:ee:
+         65:43:ff:88:11:00:09:32:7f:6b:e8:14:a3:74:20:20:02:ec:
+         fb:01:f7:cd:1c:82:de:1e:ac:52:b7:f4:e9:a1:a4:de:6d:1e:
+         31:e5:fa:7f:6e:06:01:5b:83:97:45:94:93:16:f2:95:66:21:
+         b3:6f:fc:03:8f:6c:3a:30:ba:16:cd:b8:0d:7c:f9:97:d9:a9:
+         76:76:98:07:9f:0f:bf:8f:17:e4:76:7e:a4:00:6c:cb:35:6f:
+         69:7f:62:d5:dd:62:51:09:ad:c6:9d:8c:e4:58:08:53:7b:fa:
+         4a:d2:69:8d:59:06:a2:e9:6a:2a:2e:b4:94:0c:f8:12:15:86:
+         bf:ef:af:60
+-----BEGIN CERTIFICATE-----
+MIIDrTCCApWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADB0MRcwFQYDVQQDEw5LZXJu
+ZWwgVGVzdCBDQTEPMA0GA1UECxMGS2VybmVsMRAwDgYDVQQKEwdNb25nb0RCMRYw
+FAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQIEwhOZXcgWW9yazELMAkGA1UE
+BhMCVVMwHhcNMTkwNTEzMTQzOTUwWhcNMjkwNTEwMTQzOTUwWjBwMQswCQYDVQQG
+EwJVUzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkx
+EDAOBgNVBAoMB01vbmdvREIxEzARBgNVBAsMCktlcm5lbFVzZXIxDzANBgNVBAMM
+BmNsaWVudDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMnJq4WG0crd
+bduQVSLP/biUSLRU56yYMXlz+xQ7ruH4hdV0tRLP+/a1vfRyCTwaGmlzPBylmn3y
+BPE2AjdnllE+6bMr0DDyXWnbdi0MbNJ1+xcaM55pvYyJ5EIe1svzjt2jEdp7cLti
+h8k1OYk5Vqfi++JRPthEErSRIOAAM4a2S31h6+LI+hfq+v2LNzJNODZn9lubrjMw
+06iJ/K+LqLQ/Uc3vTwpU+wql6Tzsd2LwsDLVB8t0N7dnt2FQ/QfQDkRCENx3sWUD
+HCFap0yabzVJOPhy+BbHVdIAcvu+PWzg7So3mcQBviV6dIgg/t+UYrJ69Tt+cZmD
+YjutVDcPTBECAwEAAaNOMEwwCQYDVR0TBAIwADAdBgNVHQ4EFgQUckHNOxkPcRuY
+ppRhJbicWHxvTbMwCwYDVR0PBAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0G
+CSqGSIb3DQEBCwUAA4IBAQAG8fn9OKjljZQuax90uXDrUpj+YrJHdqLf9xuvclFv
+uIozSj94QdOwXZQuHKvnPY2IUWZcNf8iTKem37kO7JUiY6TwiZ7uAC8HM/wapXI0
+5Fukdd6pf8qkORTFrphqnfiMFs9s0qpFW2YFoa7oZT3DGIBUbUUUAaLuXikjnu5l
+Q/+IEQAJMn9r6BSjdCAgAuz7AffNHILeHqxSt/TpoaTebR4x5fp/bgYBW4OXRZST
+FvKVZiGzb/wDj2w6MLoWzbgNfPmX2al2dpgHnw+/jxfkdn6kAGzLNW9pf2LV3WJR
+Ca3GnYzkWAhTe/pK0mmNWQai6WoqLrSUDPgSFYa/769g
 -----END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAkgVugCT0V2INjleV3aLDfq8HcikcR+BYiKZ36XUdfiPKnfmL
-rGiqRlkclQv80xtQUnr7jgR8UnluIHXLVPCvoaqlin/dHfSMpBTg+jA7sNJqXfwx
-HfjKJEVg8bhk89dd/A9K7AqtI2huOprT8NElFVCWcbDMmQ+xbEiAKNzwo0791Ie/
-8IbKZz1OOIUAjRVU6EyiTUIE29yJ/BaMYGDlXWzci0zD3HmqT5v19/mGI4AbE+IK
-uvxHQLtGh5eDtkbwr9Opduw5kQYA5A9EZyuaobe3hE0Emlm6Bqs9ZbqWvXXMymI8
-sVOturdk1gH1qR2ymzhHjdMojgkA60YwmYrjfQIDAQABAoIBAB249VEoNIRE9TVw
-JpVCuEBlKELYk2UeCWdnWykuKZ6vcmLNlNy3QVGoeeTs172w5ZykY+f4icXP6da5
-o3XauCVUMvYKKNwcFzSe+1xxzPSlH/mZh/Xt2left6f8PLBVuk/AXSPG2I9Ihodv
-VIzERaQdD0J9FmhhhV/hMhUfQ+w5rTCaDpq1KVGU61ks+JAtlQ46g+cvPF9c80cI
-TEC875n2LqWKmLRN43JUnctV3uGTmolIqCRMHPAs/egl+lG2RXJjqXSQ2uFLOvC/
-PXtBb597yadSs2BWPnTu/r7LbLGBAExzlQK1uFsTvuKsBPb3qrvUux0L68qwPuiv
-W24N8BECgYEAydtAvVB7OymQEX3mck2j7ixDN01wc1ZaCLBDvYPYS/Pvzq4MBiAD
-lHRtbIa6HPGA5jskbccPqQn8WGnJWCaYvCQryvgaA+BBgo1UTLfQJUo/7N5517vv
-KvbUa6NF0nj3VwfDV1vvy+amoWi9NOVn6qOh0K84PF4gwagb1EVy9MsCgYEAuTAt
-KCWdZ/aNcKgJc4NCUqBpLPF7EQypX14teixrbF/IRNS1YC9S20hpkG25HMBXjpBe
-tVg/MJe8R8CKzYjCt3z5Ff1bUQ2bzivbAtgjcaO0Groo8WWjnamQlrIQcvWM7vBf
-dnIflQ0slxbHfCi3XEe8tj2T69R7wJZ8L7PxR9cCgYEACgwNtt6Qo6s37obzt3DB
-3hL57YC/Ph5oMNKFLKOpWm5z2zeyhYOGahc5cxNppBMpNUxwTb6AuwsyMjxhty+E
-nqi2PU4IDXVWDWd3cLIdfB2r/OA99Ez4ZI0QmaLw0L8QoJZUVL7QurdqR9JsyHs6
-puUqIrb195s/yiPR7sjeJe0CgYEAuJviKEd3JxCN52RcJ58OGrh2oKsJ9/EbV0rX
-Ixfs7th9GMDDHuOOQbNqKOR4yMSlhCU/hKA4PgTFWPIEbOiM08XtuZIb2i0qyNjH
-N4qnqr166bny3tJnzOAgl1ljNHa8y+UsBTO3cCr17Jh0vL0KLSAGa9XvBAWKaG6b
-1iIXwXkCgYAVz+DA1yy0qfXdS1pgPiCJGlGZXpbBcFnqvbpGSclKWyUG4obYCbrb
-p5VKVfoK7uU0ly60w9+PNIRsX/VN/6SVcoOzKx40qQBMuYfJ72DQrsPjPYvNg/Nb
-4SK94Qhp9TlAyXbqKJ02DjtuDim44sGZ8g7b+k3FfoK4OtzNsqdVdQ==
------END RSA PRIVATE KEY-----
-\ No newline at end of file
diff --git a/jstests/libs/client_revoked.pem b/jstests/libs/client_revoked.pem
index 03db67deb50..221c59e8427 100644
--- a/jstests/libs/client_revoked.pem
+++ b/jstests/libs/client_revoked.pem
@@ -1,48 +1,108 @@
------BEGIN CERTIFICATE-----
-MIIDZTCCAk2gAwIBAgIBAjANBgkqhkiG9w0BAQUFADB0MRcwFQYDVQQDEw5LZXJu
-ZWwgVGVzdCBDQTEPMA0GA1UECxMGS2VybmVsMRAwDgYDVQQKEwdNb25nb0RCMRYw
-FAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQIEwhOZXcgWW9yazELMAkGA1UE
-BhMCVVMwHhcNMTQwNzE3MTYwMDAwWhcNMjAwNzE3MTYwMDAwWjB4MRcwFQYDVQQD
-Ew5jbGllbnRfcmV2b2tlZDETMBEGA1UECxMKS2VybmVsVXNlcjEQMA4GA1UEChMH
-TW9uZ29EQjEWMBQGA1UEBxMNTmV3IFlvcmsgQ2l0eTERMA8GA1UECBMITmV3IFlv
-cmsxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
-lJog+grPpvDFKFn9mxxToLgkx1uM+LmuRf1XG707TIccGfSKyZMGCcqlYVQmqT/J
-Fnq2rvtXGG9yxPhHoBwKw4x9rfQEy8Z93BAMNRoIlbt505HaWv7b+M3qksRHDLpw
-/Ix0Yay+fjT9DGmcrahC9h8c8SVtyHoODvxdmR7P+p7e6F6/6vcUkg/aU/50MRUN
-qGUSMkm/kpcjFNmDqRSLQoDPE8G2UOIolG/m95uaCOkGCT4lQjrCpR36fkr5a+vI
-UbDJP8M26Kp2fFnvObKzoSFSEVOMGeBM9p4qa88I4hwfthNFvGDOCNBKZK5ZxLZ3
-gGFcR6kL6u11y4zoLrZ6xwIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQB8WQMn/cjh
-9qFtr7JL4VPIz/+96QaBmkHxMqiYL/iMg5Vko3GllLc1mgfWQfaWOvyRJClKj395
-595L2u8wBKon3DXUPAkinc6+VOwDWsxFLNtWl+jhigat5UDzGm8ZKFhl0WwNhqzZ
-dlNPrh2LJZzPFfimfGyVkhPHYYdELvn+bnEMT8ae1jw2yQEeVFzHe7ZdlV5nMOE7
-Gx6ZZhYlS+jgpIxez5aiKqit/0azq5GGkpCv2H8/EXxkR4gLZGYnIqGuZP3r34NY
-Lkh5J3Qnpyhdopa/34yOCa8mY1wW7vEro0fb/Dh21bpyEOz6tBk3C1QRaGD+XQOM
-cedxtUjYmWqn
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDAIpegzAwgnae4
+RwVEaI+hRszc/6Z//UnDoAEi7bBT4rP+AuSERQnTnx6xkka+maxGFbEpWd5q8zsj
+Q16TUxF0Ud8CjR2dLhmLzKgXlzyE6u8g6bcn9g+IsT6eJ9GoE8ezD0xuMdAU8VwQ
+a4WNiEWKHH7iNNHePz+5UCs0VVSPdHnoBErE70aHOKIaBb+uELytVk8hBEmLONXL
+8tF4bL85fl2WmGfrpkGYFslz8Z4EKjXVyFOv6bAKuYGAYcd0cojugvV8IhJlfWc2
+gwZ5hQF16FKyzG45j0MMhMu7S860V+p2UKEpxWITxfMKdbBNglRcpLp+AR+xb074
+2+CwVm/hAgMBAAECggEBAK0m/6tD+LH0ItCqAI80BCz+F2YbZzv1UmLgceW+e6g9
+qKSEitjBNyfmQM0a3HKtH1pR9kUj3pRX+7W94x+2PwarOeWcs1GR2CfrGpmYDExl
+RXhN6Gg1Eq7HvXzeuc1VdiVi5ihw7+vP0H5jyApTAwiCwb6uh2xZZ95j52vUcs6M
+QcLWFucjgyz6VqDv9ySA87Sw+qoGr9Xo22w320go2KEwZgqbhjfCqZByVAivaVE2
+8tKd4RVtbCZvRZJpdL1fgiP/1AsD/VLyjBVQVaexLaSIyWAoxssHeXmOjG9tIvsa
+SDXBBmXt8p1bc8Rzr1fg+bDjSwo1EkQSySVWwQL1vSECgYEA9sQNR+conpXADL+H
+bsX2ClEXmU1OG0JmU0W+NIjd+pCtcBuB7FFgGR7259Kuoq0rKrClMuUWFm0yAy0k
+ZvnANyEvLgMdVmGNc0e/GNtDX6IJQTsWM0OdebVNdHaBfWbj+9oxWBBSY+RGNo3t
+xRIH19Sbu3/prfmafhU0J4mK7IUCgYEAx1MxhvCPQrty5focScvRQNWkAjZtPdwc
+oah6BJ+3iwdardsQB5TuIzBidvs0FHxHpSHA2b7PMH9WkP/OZKdxsgCja3dsXEf4
+l1vKr4pXJHfx5/LIbkf8QZuhdNaaMeuVrJriyPGNua23nGCenWWFYpPSDZxDV1wc
+OYfPHyaKUq0CgYAyv6MTlICQDLAQbxtFNsUg3giCaJmVlZRBr+gsGbG9JB/nHGEd
+3qZqxCl3B6cOoZptDyMKUn62YgKVEKWZ3+cd718qkU1pRGq4uJqeXAmBE2vf1Gz+
+Yfty2kxxlSWQSqa8VuUq/UBUds/RzGKH0ut2Aa19ZBMEyn5xS58MOoctmQKBgQC3
+dTsAmClDooP+aFXhFldi9UAfSTkC1rUDla2408h7jilIG3iFge4tNTtrh4pH0Jug
+wZBe2eCZIprqmoe83OEolK3VG/YAeb20kifbqdjLGBrvAea4mkjzmerhPyRtDgiU
+9XoGuU1YuStmIwfalrZOJQAQxuK0ZXMVAIsCgNaPgQKBgC9K8Not3nYOFh1hmPZs
+xvJ7nVsz0xKJK9gq0kqnmg+UkGDvlieZEamXXiJFKGMAs/75SG0IERbvDEHXlSQd
+69pje5L0RIoG63vEtI5EoigNHnpfdzGZZinvGSA8OdPzhHZG7AXH0kmCIvu8Ipwi
+QU8sipT2m0P/OTldqTRtBb2J
+-----END PRIVATE KEY-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4 (0x4)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=Kernel Test CA, OU=Kernel, O=MongoDB, L=New York City, ST=New York, C=US
+        Validity
+            Not Before: May 13 14:47:19 2019 GMT
+            Not After : May 10 14:47:19 2029 GMT
+        Subject: C=US, ST=New York, L=New York City, O=MongoDB, OU=KernelUser, CN=client_revoked
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:c0:22:97:a0:cc:0c:20:9d:a7:b8:47:05:44:68:
+                    8f:a1:46:cc:dc:ff:a6:7f:fd:49:c3:a0:01:22:ed:
+                    b0:53:e2:b3:fe:02:e4:84:45:09:d3:9f:1e:b1:92:
+                    46:be:99:ac:46:15:b1:29:59:de:6a:f3:3b:23:43:
+                    5e:93:53:11:74:51:df:02:8d:1d:9d:2e:19:8b:cc:
+                    a8:17:97:3c:84:ea:ef:20:e9:b7:27:f6:0f:88:b1:
+                    3e:9e:27:d1:a8:13:c7:b3:0f:4c:6e:31:d0:14:f1:
+                    5c:10:6b:85:8d:88:45:8a:1c:7e:e2:34:d1:de:3f:
+                    3f:b9:50:2b:34:55:54:8f:74:79:e8:04:4a:c4:ef:
+                    46:87:38:a2:1a:05:bf:ae:10:bc:ad:56:4f:21:04:
+                    49:8b:38:d5:cb:f2:d1:78:6c:bf:39:7e:5d:96:98:
+                    67:eb:a6:41:98:16:c9:73:f1:9e:04:2a:35:d5:c8:
+                    53:af:e9:b0:0a:b9:81:80:61:c7:74:72:88:ee:82:
+                    f5:7c:22:12:65:7d:67:36:83:06:79:85:01:75:e8:
+                    52:b2:cc:6e:39:8f:43:0c:84:cb:bb:4b:ce:b4:57:
+                    ea:76:50:a1:29:c5:62:13:c5:f3:0a:75:b0:4d:82:
+                    54:5c:a4:ba:7e:01:1f:b1:6f:4e:f8:db:e0:b0:56:
+                    6f:e1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                FA:44:60:2A:D2:67:5E:08:C5:74:4E:A9:8A:35:38:4F:5F:5E:73:F3
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+    Signature Algorithm: sha256WithRSAEncryption
+         1d:d4:bc:e7:37:1e:52:7b:09:76:99:ad:47:fc:fe:20:7f:13:
+         9f:42:ed:0d:6e:37:7d:a1:41:58:e0:4e:39:3b:67:93:fc:a7:
+         3b:fe:71:33:a5:d8:1f:76:b8:e4:2e:ab:0a:17:95:8f:c5:62:
+         47:21:65:66:ca:7b:35:e9:e5:16:e4:c2:28:5a:42:22:06:78:
+         1c:bf:54:80:5d:90:e6:0d:bf:bf:67:75:7a:b7:30:22:18:9a:
+         01:92:1b:af:0c:d7:60:22:7e:ea:9b:d1:4a:6f:69:8c:63:9c:
+         a7:6b:e8:fb:70:20:4b:0e:be:5b:df:df:ed:08:be:c7:91:3a:
+         b8:01:4f:55:6f:dc:8d:dc:09:30:22:83:fc:fa:a0:f3:96:fb:
+         0b:ae:f8:ee:97:f0:0e:fa:8f:05:ad:64:cc:67:4e:b2:14:21:
+         44:61:d3:5c:b9:3a:4c:fb:54:6a:20:18:2f:6c:97:31:35:05:
+         64:15:9f:b5:df:5d:a5:e3:81:b2:e5:58:5c:be:42:09:d0:65:
+         96:44:a4:8f:ec:89:f9:29:23:8a:38:19:c0:20:54:fa:a2:ee:
+         fe:17:a1:30:b2:f4:f2:f3:a6:e2:bf:76:47:be:ac:f4:f5:54:
+         1d:99:cc:c0:52:74:8f:bb:f8:dd:2a:52:41:49:57:af:11:b1:
+         d6:b9:b7:a4
+-----BEGIN CERTIFICATE-----
+MIIDtTCCAp2gAwIBAgIBBDANBgkqhkiG9w0BAQsFADB0MRcwFQYDVQQDEw5LZXJu
+ZWwgVGVzdCBDQTEPMA0GA1UECxMGS2VybmVsMRAwDgYDVQQKEwdNb25nb0RCMRYw
+FAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQIEwhOZXcgWW9yazELMAkGA1UE
+BhMCVVMwHhcNMTkwNTEzMTQ0NzE5WhcNMjkwNTEwMTQ0NzE5WjB4MQswCQYDVQQG
+EwJVUzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkx
+EDAOBgNVBAoMB01vbmdvREIxEzARBgNVBAsMCktlcm5lbFVzZXIxFzAVBgNVBAMM
+DmNsaWVudF9yZXZva2VkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+wCKXoMwMIJ2nuEcFRGiPoUbM3P+mf/1Jw6ABIu2wU+Kz/gLkhEUJ058esZJGvpms
+RhWxKVneavM7I0Nek1MRdFHfAo0dnS4Zi8yoF5c8hOrvIOm3J/YPiLE+nifRqBPH
+sw9MbjHQFPFcEGuFjYhFihx+4jTR3j8/uVArNFVUj3R56ARKxO9GhziiGgW/rhC8
+rVZPIQRJizjVy/LReGy/OX5dlphn66ZBmBbJc/GeBCo11chTr+mwCrmBgGHHdHKI
+7oL1fCISZX1nNoMGeYUBdehSssxuOY9DDITLu0vOtFfqdlChKcViE8XzCnWwTYJU
+XKS6fgEfsW9O+NvgsFZv4QIDAQABo04wTDAJBgNVHRMEAjAAMB0GA1UdDgQWBBT6
+RGAq0mdeCMV0TqmKNThPX15z8zALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYIKwYB
+BQUHAwIwDQYJKoZIhvcNAQELBQADggEBAB3UvOc3HlJ7CXaZrUf8/iB/E59C7Q1u
+N32hQVjgTjk7Z5P8pzv+cTOl2B92uOQuqwoXlY/FYkchZWbKezXp5RbkwihaQiIG
+eBy/VIBdkOYNv79ndXq3MCIYmgGSG68M12Aifuqb0UpvaYxjnKdr6PtwIEsOvlvf
+3+0IvseROrgBT1Vv3I3cCTAig/z6oPOW+wuu+O6X8A76jwWtZMxnTrIUIURh01y5
+Okz7VGogGC9slzE1BWQVn7XfXaXjgbLlWFy+QgnQZZZEpI/sifkpI4o4GcAgVPqi
+7v4XoTCy9PLzpuK/dke+rPT1VB2ZzMBSdI+7+N0qUkFJV68Rsda5t6Q=
 -----END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAlJog+grPpvDFKFn9mxxToLgkx1uM+LmuRf1XG707TIccGfSK
-yZMGCcqlYVQmqT/JFnq2rvtXGG9yxPhHoBwKw4x9rfQEy8Z93BAMNRoIlbt505Ha
-Wv7b+M3qksRHDLpw/Ix0Yay+fjT9DGmcrahC9h8c8SVtyHoODvxdmR7P+p7e6F6/
-6vcUkg/aU/50MRUNqGUSMkm/kpcjFNmDqRSLQoDPE8G2UOIolG/m95uaCOkGCT4l
-QjrCpR36fkr5a+vIUbDJP8M26Kp2fFnvObKzoSFSEVOMGeBM9p4qa88I4hwfthNF
-vGDOCNBKZK5ZxLZ3gGFcR6kL6u11y4zoLrZ6xwIDAQABAoIBAFlu0T3q18Iu0VlR
-n5GEYMgvSuM4NAVVKo8wwwYMwu1xuvXb+NMLyuyFqzaCQKpHmywOOnfhCC/KkxX8
-Ho87kTbTDKhuXZyOHx0cA1zKCDSlGdK8yt9M1vJMa0pdGi2M34b+uOQ35IVsOocH
-4KWayIH7g52V2xZ2bpOSSnpm0uCPZSBTgClCgTUYepOT2wbLn/8V0NtVpZhDsBqg
-fORuEHkiurrbLa8yjQsvbR+hsR/XbGhre8sTQapj4EITXvkEuOL/vwbRebhOFHgh
-8sipsXZ9CMaJkBpVoLZTxTKQID/9006cczJK2MGKFhn6mvP6AeFuJAM3xqLGZTc4
-xxpfJyECgYEA0+iKxy5r1WUpBHR8jTh7WjLc6r5MFJQlGgLPjdQW6gCIe/PZc+b9
-x5vDp27EQ1cAEePEu0glQ/yk19yfxbxrqHsRjRrgwoiYTXjGI5zZSjXKArHyEgBj
-XOyo5leO5XMFnk2AShPlh+/RhAW3NhxcWkBEAsCD6QyC3BPvP6aaAXkCgYEAs4WH
-dTuweTdnyquHQm59ijatvBeP8h4tBozSupflQjB9WxJeW5uEa8lNQ3lSz1F4TV3M
-xvGdDSqwftLRS2mWGho/1jaCeAzjsiUQ2WUHChxprt0+QU7XkJbaBY9eF+6THZFw
-sDG688TiolxqoD8OYi8EtxmIvbQhXHmXnrk3jj8CgYBSi74rkrisuqg8tQejl0Ht
-w+xsgM5wIblGJZwmOlzmsGh6KGYnkO6Ap/uSKELJnIVJcrk63wKtNigccjPGufwR
-+EbA+ZxeCwmQ/B/q1XmLP+K+JAUQ4BfUpdexSqA+XwzsOnJj6NY7mr65t+RDbs7G
-1Uvo6oc37Ai5pAZJfCN3uQKBgQAJr5qvaJkM8UBYXwjdPLjpTCnzjBHoLlifkdmM
-18U23QbmcwdESg/LAQF6MoGVTf//rJ/v2/ltTHBZZ2aDex7uKZxoImjHsWpXokhW
-cmz+zqmlFarWOzrGQl1hD2s0P1sQrVg3KXe8z1KrD/Fw0/Yitga7GlWWZrGmG6li
-lvu4YQKBgQANODQYEaz739IoPNnMfTpTqAoQIOR4PNdMfCXSQrCB8i0Hh4z48E4F
-DEAd1xIYyxI8pu7r52dQlBk7yrILOTG0gmgLJd5xKdtCTrasYAICI3hsRLtP8dVA
-8WeykXY4Wf1bYQ+VzKVImkwL/SBm2ik5woyxCzT8JSjyoAwRrQp9Vw==
------END RSA PRIVATE KEY-----
-\ No newline at end of file
diff --git a/jstests/libs/crl_client_revoked.pem b/jstests/libs/crl_client_revoked.pem
index 0b99d56936e..4ac5ae7f5a8 100644
--- a/jstests/libs/crl_client_revoked.pem
+++ b/jstests/libs/crl_client_revoked.pem
@@ -1,41 +1,12 @@
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-    Signature Algorithm: sha256WithRSAEncryption
-        Issuer: /CN=Kernel Test CA/OU=Kernel/O=MongoDB/L=New York City/ST=New York/C=US
-        Last Update: Aug 21 13:43:27 2014 GMT
-        Next Update: Aug 18 13:43:27 2024 GMT
-        CRL extensions:
-            X509v3 CRL Number: 
-                4096
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Aug 21 13:43:27 2014 GMT
-    Signature Algorithm: sha256WithRSAEncryption
-         24:86:73:8d:7f:55:15:d0:d6:8a:47:53:cf:97:f7:e5:3d:0b:
-         4a:ea:fb:02:6a:2e:79:c6:b1:38:b2:ac:f0:c0:64:47:b0:3e:
-         ad:4e:2e:94:e6:64:ed:79:34:bd:74:c0:d4:3d:b9:a1:bb:38:
-         89:5c:02:6a:ad:6b:dc:3b:64:34:6a:2d:4c:90:36:82:95:0c:
-         19:88:e2:a3:bf:8e:1b:56:98:37:32:87:ed:f0:bd:dd:e2:0d:
-         f9:80:dc:f2:a5:b4:ee:d9:bb:83:fe:b8:3a:13:e0:da:fc:04:
-         77:fb:ce:f9:c5:2a:54:a7:f0:34:09:2a:b2:3d:46:1b:48:e6:
-         e8:16:c7:a1:3c:88:8c:72:cd:cc:53:dc:f8:54:63:1f:b9:8b:
-         ea:2c:e5:26:c5:b4:a4:9f:8b:e1:6c:85:9b:c6:63:6f:2f:ae:
-         18:c5:6a:23:f0:58:27:85:5c:0f:01:04:da:d2:8b:de:9e:ab:
-         46:00:22:07:28:e1:ef:46:91:90:06:58:95:05:68:67:58:6e:
-         67:a8:0b:06:1a:73:d9:04:18:c9:a3:e4:e3:d6:94:a3:e1:5c:
-         e5:08:1b:b3:9d:ab:3e:ea:20:b1:04:e5:90:e1:42:54:b2:58:
-         bb:51:1a:48:87:60:b0:95:4a:2e:ce:a0:4f:8c:17:6d:6b:4c:
-         37:aa:4d:d7
 -----BEGIN X509 CRL-----
-MIIB5DCBzQIBATANBgkqhkiG9w0BAQsFADB0MRcwFQYDVQQDEw5LZXJuZWwgVGVz
-dCBDQTEPMA0GA1UECxMGS2VybmVsMRAwDgYDVQQKEwdNb25nb0RCMRYwFAYDVQQH
-Ew1OZXcgWW9yayBDaXR5MREwDwYDVQQIEwhOZXcgWW9yazELMAkGA1UEBhMCVVMX
-DTE0MDgyMTEzNDMyN1oXDTI0MDgxODEzNDMyN1owFDASAgECFw0xNDA4MjExMzQz
-MjdaoA8wDTALBgNVHRQEBAICEAAwDQYJKoZIhvcNAQELBQADggEBACSGc41/VRXQ
-1opHU8+X9+U9C0rq+wJqLnnGsTiyrPDAZEewPq1OLpTmZO15NL10wNQ9uaG7OIlc
-Amqta9w7ZDRqLUyQNoKVDBmI4qO/jhtWmDcyh+3wvd3iDfmA3PKltO7Zu4P+uDoT
-4Nr8BHf7zvnFKlSn8DQJKrI9RhtI5ugWx6E8iIxyzcxT3PhUYx+5i+os5SbFtKSf
-i+FshZvGY28vrhjFaiPwWCeFXA8BBNrSi96eq0YAIgco4e9GkZAGWJUFaGdYbmeo
-CwYac9kEGMmj5OPWlKPhXOUIG7Odqz7qILEE5ZDhQlSyWLtRGkiHYLCVSi7OoE+M
-F21rTDeqTdc=
+MIIB0DCBuTANBgkqhkiG9w0BAQsFADB0MRcwFQYDVQQDEw5LZXJuZWwgVGVzdCBD
+QTEPMA0GA1UECxMGS2VybmVsMRAwDgYDVQQKEwdNb25nb0RCMRYwFAYDVQQHEw1O
+ZXcgWW9yayBDaXR5MREwDwYDVQQIEwhOZXcgWW9yazELMAkGA1UEBhMCVVMXDTE5
+MDUxMzE1MTYzOVoXDTI5MDUxMDE1MTYzOVowFDASAgEEFw0xOTA1MTMxNTE2MDZa
+MA0GCSqGSIb3DQEBCwUAA4IBAQBm+QuZ+D8/Qw1CTXAJlAnT+WGI+9Gv+OvLbzej
+LUYGCHpKoKO356HV7kf0DvDbaj5GooFtfeH4H0BxIPw/Ok4WQa9W1BqW/uEY9qn7
+waiwv3KMKu5xai6EhbU92jB45f6jrVfRpx3GS0Y11jrvj0g3fj4D4+qXC3efTBre
+yd2daMMU9WHmZvfuOjtqN3KRh+sw/jX4B/ANigUY3ulWWI9czTyJRy8EHerJci/o
+y3btw8HVDf1f7OTArsycVankwai1jfaPsQKUJ8vjUboYl8PzgfPN2vRhRKc1PZJ2
+LFRzAuQMCjTMAWhlybEIo8FkjoXBtaVHPDHSFqw8dOYKDald
 -----END X509 CRL-----
diff --git a/jstests/libs/localhostnameCN.pem b/jstests/libs/localhostnameCN.pem
index e6aca6a217d..b926d9bba1e 100644
--- a/jstests/libs/localhostnameCN.pem
+++ b/jstests/libs/localhostnameCN.pem
@@ -1,48 +1,111 @@
------BEGIN CERTIFICATE-----
-MIIDgTCCAmmgAwIBAgIBBTANBgkqhkiG9w0BAQUFADB0MRcwFQYDVQQDEw5LZXJu
-ZWwgVGVzdCBDQTEPMA0GA1UECxMGS2VybmVsMRAwDgYDVQQKEwdNb25nb0RCMRYw
-FAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQIEwhOZXcgWW9yazELMAkGA1UE
-BhMCVVMwHhcNMTQwNzE3MTYwMDAwWhcNMjAwNzE3MTYwMDAwWjBvMRIwEAYDVQQD
-EwkxMjcuMC4wLjExDzANBgNVBAsTBktlcm5lbDEQMA4GA1UEChMHTW9uZ29EQjEW
-MBQGA1UEBxMNTmV3IFlvcmsgQ2l0eTERMA8GA1UECBMITmV3IFlvcmsxCzAJBgNV
-BAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiqQNGgQggL8S
-LlxRgpM3qoktt3J9Pd3WXkknz7OjQr4dyj9wd0VNuD6+Ycg1mBbopO+M/K/ZWv8c
-7WDMM13DDZtpWjm+Q6uFc+vlI9Q9bLHgsZF9kVGRb2bNAfV2bC5/UnO1ulQdHoIB
-p3e/Jtko2WmruzVQFGVMBGCY7RlMRyxe3R8rwNNFvooMRg8yq8tq0qBkVhh85kct
-HHPggXD4/uM2Yc/Q94t5MhDFabewdzsFOLqvI/Y5eIeZLhdIzAv37kolr8AuyqIR
-qcJKztXIrFbLgEZBjoCNkOYZOQE+l8iwwiZxoZN9Jv7x5LyiA+ijtQ+5aI/kMPqG
-nox+/bNFCQIDAQABoyMwITAfBgNVHREEGDAWgglsb2NhbGhvc3SCCTEyNy4wLjAu
-MTANBgkqhkiG9w0BAQUFAAOCAQEAVJJNuUVzMRaft17NH6AzMSTiJxMFWoafmYgx
-jZnzA42XDPoPROuN7Bst6WVYDNpPb1AhPDco9qDylSZl0d341nHAuZNc84fD0omN
-Mbqieu8WseRQ300cbnS8p11c9aYpO/fNQ5iaYhGsRT7pnLs9MIgR468KVjY2xt49
-V0rshG6RxZj83KKuJd0T4X+5UeYz4B677y+SR0aoK2I2Sh+cffrMX2LotHc2I+JI
-Y9SDLvQT7chD9GzaWz634kmy3EEY0LreMm6AxhMOsr0lbZx5O8wLTScSjKARJ6OH
-nPxM1gYT07mkNmfyEnl1ChAN0MPgcLHQqEfe7x7ZQSbAv2gWfA==
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCRzOZXV5+ob+Me
+iwWYxwNxpDCCIG4IyZJgk0zDVsNtQsTdtQ9GVtBTUJImSmxy1vxeTc1JD/pAGUcZ
+e8Ecy1T5YD6S6qlR1t+kvwlrNyJNEfjeU/3vBMubQH2a8E8Orm3YAhhWlPVacd0j
+R4L+gL5vByrJaIwLTfpq4Q7N+3XS4X47LT/V5PeV9T1c+nbF2BZfoEq2+r/7P2Nu
+37mhH2jsFhZgcJd9kKUBJH3mhOD5jXOaIv/E+MoSSV9fZ5EeYcz6Qkv7eeA7SjwG
+zDQT8xlmvWVf+taQ+DUuKFg7z/AXOPymPNTaGsO45xhMeygEdCedGexx9SKZwLQW
+pwU0/uuxAgMBAAECggEAOa17OfY5/OI2UPDiR+wC2sP/RJsbrHJBa98ZsPTz3pdZ
+VfO4lTTmuO7YwjkS6eNOdugEW/DsKMtXKyef34o4lWaTmn8meG+ujXfdfAKVmTOQ
+5jMH87RL76D1j4OdYstyPM+nXSkUXrFIsBosIg5AR5/oN0EalaZFeF6MAsSFeeSN
+tYcfJBopdYX1zRXAWqQ6PijZXq8VU48SsCfUSOSFF4p4i+BtzuAqHRmQyagef8VI
+doWES633ENhVLSvZqzk/8RWScHn6w0Uz8Ge9ltI20X37OfEK2Luo5lK1aq8xnoo6
+5PZ091H8/0q9UfeBZ6c4xABn1KE39b5TQqE9CjGZoQKBgQDCGkOkHgFzUW9J5Tx8
+vY0eUkSiOm5h4EcgS0KErJe0HO//33LI6tmQIoaW/mX8kunIJPOX2KDAuoqm3mII
+WarEWZWJxfGH2DbDRNvgMQhkqoQy6sO37Ry2Wg8ZvhvF2T08WLoz/2nO+tPWh9To
+/JyxnSk+hUh/tVMO+Or7RrUC/QKBgQDAS3FQP0WNeTzeU5ZEmVH4j9Ng1/ChdhDT
+tLOJv4lxvhwxauw20AjZsMiefyDsvGO4xSq3rPfks4W04AqU4iakC48AmBzwyzDJ
+S79Ar28zzNLzsqZ5SbhdzyVGBW3llEQilFCqUOV744BSaMBcJfOyejYd6HoxWTzq
+XWEKeDnLxQKBgE4cz7fOM3s6/HRaglsY1R+sr94xcZaF8Vm3r89AvdRICPWJ8OGW
+UXPF0TAWtOhOHzLiW/1xuk+VQpMgz4bYvvZBrwJA3JB0nKU8ote4I86PKKBtBdKQ
+44sm9wi/DuIyKIiOlHC0ito26uVcyHvynQSFYMG+VYy/ZeuSlM4GiHXpAoGAVQpI
+L3v7z2gZgh0nLGk9thYtHfwBn/Yt1OJqL/Xz28h+gWBO3KK99z/WSTnhnrBlzZXs
+oVQuQQcfj3ExXMxy2EOAV3vt+JNznOIRz5KGNDtV445TTvpKPbpZOpE2G7ypMT20
+Os4R3usqmcdXoqjqEDk565ofR+m2JdNsEgw/Sx0CgYAlvd1tACLh9uWmAbKB9ade
+PGyUcEbEPbWGMexvu2Oo0hcpdncvGdtVQbgTqLQRPTC8IDeZrlq6tvxgml2W1DiV
++PnhiIOCxXxgwBleKsa2Veqk7UXg3m1E5KO+Hf4hA1Eh63+hqfTSwTPtdHh7URlV
+PqAq4twgWQ8UZy7c/5vVrQ==
+-----END PRIVATE KEY-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 5 (0x5)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=Kernel Test CA, OU=Kernel, O=MongoDB, L=New York City, ST=New York, C=US
+        Validity
+            Not Before: May 13 14:54:59 2019 GMT
+            Not After : May 10 14:54:59 2029 GMT
+        Subject: C=US, ST=New York, L=New York City, O=MongoDB, OU=Kernel, CN=127.0.0.1
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:91:cc:e6:57:57:9f:a8:6f:e3:1e:8b:05:98:c7:
+                    03:71:a4:30:82:20:6e:08:c9:92:60:93:4c:c3:56:
+                    c3:6d:42:c4:dd:b5:0f:46:56:d0:53:50:92:26:4a:
+                    6c:72:d6:fc:5e:4d:cd:49:0f:fa:40:19:47:19:7b:
+                    c1:1c:cb:54:f9:60:3e:92:ea:a9:51:d6:df:a4:bf:
+                    09:6b:37:22:4d:11:f8:de:53:fd:ef:04:cb:9b:40:
+                    7d:9a:f0:4f:0e:ae:6d:d8:02:18:56:94:f5:5a:71:
+                    dd:23:47:82:fe:80:be:6f:07:2a:c9:68:8c:0b:4d:
+                    fa:6a:e1:0e:cd:fb:75:d2:e1:7e:3b:2d:3f:d5:e4:
+                    f7:95:f5:3d:5c:fa:76:c5:d8:16:5f:a0:4a:b6:fa:
+                    bf:fb:3f:63:6e:df:b9:a1:1f:68:ec:16:16:60:70:
+                    97:7d:90:a5:01:24:7d:e6:84:e0:f9:8d:73:9a:22:
+                    ff:c4:f8:ca:12:49:5f:5f:67:91:1e:61:cc:fa:42:
+                    4b:fb:79:e0:3b:4a:3c:06:cc:34:13:f3:19:66:bd:
+                    65:5f:fa:d6:90:f8:35:2e:28:58:3b:cf:f0:17:38:
+                    fc:a6:3c:d4:da:1a:c3:b8:e7:18:4c:7b:28:04:74:
+                    27:9d:19:ec:71:f5:22:99:c0:b4:16:a7:05:34:fe:
+                    eb:b1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Alternative Name: 
+                DNS:localhost, DNS:127.0.0.1
+            X509v3 Subject Key Identifier: 
+                74:B6:E6:1F:C2:00:FD:0B:E9:23:64:B5:F9:55:6F:5C:83:13:74:45
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+    Signature Algorithm: sha256WithRSAEncryption
+         4e:b6:51:b9:5b:c5:27:a3:3c:c9:ac:80:25:4f:9b:d0:82:65:
+         55:be:ec:f3:a8:7a:78:5f:88:1e:6f:f7:9e:55:ac:6f:5b:93:
+         48:6e:ae:1c:72:f7:14:2a:66:4e:28:2f:70:ba:29:63:47:4c:
+         1b:52:95:92:76:2a:ed:d6:fb:2a:8e:1b:18:91:3b:b5:3b:34:
+         d2:1b:8d:3d:7f:59:44:b1:e6:f4:6a:92:16:39:df:9a:97:7b:
+         e6:58:8b:a4:cd:6b:8d:9b:4a:f5:5b:4a:96:52:66:d7:f5:36:
+         21:a7:b6:f1:4e:c8:f2:0f:15:ee:bf:53:8a:13:50:5e:b6:76:
+         83:7f:f3:7d:59:b7:d3:6a:85:ee:cf:f8:b4:b1:41:91:57:c3:
+         37:f8:81:9c:16:24:49:6f:4f:3e:6c:ee:b1:5b:8c:bb:29:1e:
+         52:a6:c9:c6:67:aa:77:b9:c6:fc:43:f9:31:78:57:2c:84:c0:
+         61:ca:8e:64:2b:b7:1d:0b:c8:35:e0:d5:62:0a:64:4e:ca:30:
+         e3:b4:d1:65:65:fa:3b:b5:2d:41:f5:f0:83:19:ce:4a:90:61:
+         7c:8d:b5:f4:b6:95:67:16:39:72:da:67:43:7e:a1:02:ea:d2:
+         de:17:3b:4a:9c:a5:f8:72:c2:6a:8c:31:e6:c3:87:23:a6:6b:
+         d8:b4:b3:83
+-----BEGIN CERTIFICATE-----
+MIIDzTCCArWgAwIBAgIBBTANBgkqhkiG9w0BAQsFADB0MRcwFQYDVQQDEw5LZXJu
+ZWwgVGVzdCBDQTEPMA0GA1UECxMGS2VybmVsMRAwDgYDVQQKEwdNb25nb0RCMRYw
+FAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQIEwhOZXcgWW9yazELMAkGA1UE
+BhMCVVMwHhcNMTkwNTEzMTQ1NDU5WhcNMjkwNTEwMTQ1NDU5WjBvMQswCQYDVQQG
+EwJVUzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkx
+EDAOBgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDESMBAGA1UEAwwJMTI3
+LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkczmV1efqG/j
+HosFmMcDcaQwgiBuCMmSYJNMw1bDbULE3bUPRlbQU1CSJkpsctb8Xk3NSQ/6QBlH
+GXvBHMtU+WA+kuqpUdbfpL8JazciTRH43lP97wTLm0B9mvBPDq5t2AIYVpT1WnHd
+I0eC/oC+bwcqyWiMC036auEOzft10uF+Oy0/1eT3lfU9XPp2xdgWX6BKtvq/+z9j
+bt+5oR9o7BYWYHCXfZClASR95oTg+Y1zmiL/xPjKEklfX2eRHmHM+kJL+3ngO0o8
+Bsw0E/MZZr1lX/rWkPg1LihYO8/wFzj8pjzU2hrDuOcYTHsoBHQnnRnscfUimcC0
+FqcFNP7rsQIDAQABo28wbTAJBgNVHRMEAjAAMB8GA1UdEQQYMBaCCWxvY2FsaG9z
+dIIJMTI3LjAuMC4xMB0GA1UdDgQWBBR0tuYfwgD9C+kjZLX5VW9cgxN0RTALBgNV
+HQ8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEB
+AE62UblbxSejPMmsgCVPm9CCZVW+7POoenhfiB5v955VrG9bk0hurhxy9xQqZk4o
+L3C6KWNHTBtSlZJ2Ku3W+yqOGxiRO7U7NNIbjT1/WUSx5vRqkhY535qXe+ZYi6TN
+a42bSvVbSpZSZtf1NiGntvFOyPIPFe6/U4oTUF62doN/831Zt9Nqhe7P+LSxQZFX
+wzf4gZwWJElvTz5s7rFbjLspHlKmycZnqne5xvxD+TF4VyyEwGHKjmQrtx0LyDXg
+1WIKZE7KMOO00WVl+ju1LUH18IMZzkqQYXyNtfS2lWcWOXLaZ0N+oQLq0t4XO0qc
+pfhywmqMMebDhyOma9i0s4M=
 -----END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEAiqQNGgQggL8SLlxRgpM3qoktt3J9Pd3WXkknz7OjQr4dyj9w
-d0VNuD6+Ycg1mBbopO+M/K/ZWv8c7WDMM13DDZtpWjm+Q6uFc+vlI9Q9bLHgsZF9
-kVGRb2bNAfV2bC5/UnO1ulQdHoIBp3e/Jtko2WmruzVQFGVMBGCY7RlMRyxe3R8r
-wNNFvooMRg8yq8tq0qBkVhh85kctHHPggXD4/uM2Yc/Q94t5MhDFabewdzsFOLqv
-I/Y5eIeZLhdIzAv37kolr8AuyqIRqcJKztXIrFbLgEZBjoCNkOYZOQE+l8iwwiZx
-oZN9Jv7x5LyiA+ijtQ+5aI/kMPqGnox+/bNFCQIDAQABAoIBAQAMiUT+Az2FJsHY
-G1Trf7Ba5UiS+/FDNNn7cJX++/lZQaOj9BSRVFzwuguw/8+Izxl+QIL5HlWDGupc
-tJICWwoWIuVl2S7RI6NPlhcEJF7hgzwUElnOWBfUgPEsqitpINM2e2wFSzHO3maT
-5AoO0zgUYK+8n9d74KT9CFcLqWvyS3iksK/FXfCZt0T1EoJ4LsDjeCTfVKqrku2U
-+fCnZZYNkrgUI7Hku94EJfOh462V4KQAUGsvllwb1lfmR5NR86G6VX6oyMGctL5e
-1M6XQv+JQGEmAe6uULtCUGh32fzwJ9Un3j2GXOHT0LWrVc5iLuXwwzQvCGaMYtKm
-FAIDpPxhAoGBAMtwzpRyhf2op/REzZn+0aV5FWKjeq69Yxd62RaOf2EetcPwvUOs
-yQXcP0KZv15VWU/XhZUmTkPf52f0YHV/b1Sm6wUOiMNQ4XpnRj2THf0N7RS4idMm
-VwtMf1pxqttxQVKPpOvPEiTyIh2Nx/juyfD4CWkOVNTvOCd1w+av6ukNAoGBAK51
-gIXDuwJ2e5h3IJyewN/HOZqlgPKyMjnACaeXQ5wPJSrz4+UkJkuXT2dYKhv6u7K/
-GtucTdvBIJeq61+LjjkYk7OVDzoqP/uWU7p1y7gU9LZq+7tgq7r8cgeaC3IBQe7X
-jdFPEy1+zAEBh6MfFjnLZ2Kop9qbH3cNih/g9pTtAoGBAJ8dmdUtRXNByCsa7Rv2
-243qiDlf14J4CdrBcK1dwm75j/yye7VEnO2Cd8/lZHGpm3MBBC/FiA06QElkL1V2
-2GKDMun/liP9TH1p7NwYBqp3i+ha9SE6qXXi3PCmWpXLnOWwB7OPf4d6AgjPbYpb
-aYKY3PNYDC2G9IqYZyI0kSy5AoGBAJ5Fe5PfPom9c+OeL7fnTpO16kyiWZnUkDxU
-PG4OjQfHtbCCEv6PDS8G1sKq+Yjor+A5/+O8qeX0D92I8oB720txQI5rbKUYL3PP
-raY7t9YJLPlRlY8o5KN+4vSCjF+hRG+qnr6FPqDHp8xB1wvl6AQGxIR8/csVcDZR
-0j2ZmhsBAoGAO1Cpk/hWXOLAhSj8P8Q/+3439HEctTZheVBd8q/TtdwXocaZMLi8
-MXURuVTw0GtS9TmdqOFXzloFeaMhJx6TQzZ2aPcxu95b7RjEDtVHus3ed2cSJ2El
-AuRvFT2RCVvTu1mM0Ti7id+d8QBcpbIpPjNjK2Wxir/19gtEawlqlkA=
------END RSA PRIVATE KEY-----
-\ No newline at end of file
diff --git a/jstests/libs/localhostnameSAN.pem b/jstests/libs/localhostnameSAN.pem
index 480300f29e1..ed6492e0090 100644
--- a/jstests/libs/localhostnameSAN.pem
+++ b/jstests/libs/localhostnameSAN.pem
@@ -1,49 +1,112 @@
------BEGIN CERTIFICATE-----
-MIIDpDCCAoygAwIBAgIBBjANBgkqhkiG9w0BAQUFADB0MRcwFQYDVQQDEw5LZXJu
-ZWwgVGVzdCBDQTEPMA0GA1UECxMGS2VybmVsMRAwDgYDVQQKEwdNb25nb0RCMRYw
-FAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQIEwhOZXcgWW9yazELMAkGA1UE
-BhMCVVMwHhcNMTQwNzE3MTYwMDAwWhcNMjAwNzE3MTYwMDAwWjB5MRwwGgYDVQQD
-ExNzYW50ZXN0aG9zdG5hbWUuY29tMQ8wDQYDVQQLEwZLZXJuZWwxEDAOBgNVBAoT
-B01vbmdvREIxFjAUBgNVBAcTDU5ldyBZb3JrIENpdHkxETAPBgNVBAgTCE5ldyBZ
-b3JrMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-AJKOLTNEPv08IVmhfkv6Xq1dT6pki76ggpJ7UpwdUSsTsWDKO2o1c7wnzEjfhYQ+
-CtlEvbYyL3O7f8AaO15WJdi53SMuWS+QfCKs6b0symYbinSXlZGb4oZYFSrodSxH
-+G8u+TUxyeaXgTHowMWArmTRi2LgtIwXwwHJawfhFDxji3cSmLAr5YQMAaXUynq3
-g0DEAGMaeOlyn1PkJ2ZfJsX2di+sceKb+KK1xT+2vUSsvnIumBCYqMhU6y3WjBWK
-6WrmOcsldWo4IcgyzwVRlZiuuYoe6ZsxZ4nMyTdYebALPqgkt8QVXqkgcjWK8F18
-nuqWIAn1ISTjj73H4cnzYv0CAwEAAaM8MDowOAYDVR0RBDEwL4INKi5leGFtcGxl
-LmNvbYIJMTI3LjAuMC4xgghtb3JlZnVuIYIJbG9jYWxob3N0MA0GCSqGSIb3DQEB
-BQUAA4IBAQA5M3U4wvQYI3jz/+Eh4POrJAs9eSRGkUhz1lP7D6Fcyp+BbbXB1fa9
-5qpD4bp1ZoDP2R2zca2uwwfd3DTWPbmwFMNqs2D7d0hgX71Vg9DCAwExFjoeRo44
-cCE9kakZtE3kT/tiH6SpYpnBa3dizxTmiY48z212Pw813SSXSPMN1myx5sMJof5I
-whJNQhSQOw6WHw5swZJZT4FkzxjQMrTWdF6r0d5EU9K2WWk5DTwq4QaysplB5l0H
-8qm+fnC6xI+2qgqMO9xqc6qMtHHICXtdUOup6wj/bdeo7bAQdVDyKlFKiYivDXvO
-RJNp2cwsBgxU+qdrtOLp7/j/0R3tUqWb
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDIFYKNonJfhIJu
+bgg+46we/wQfbmpcqDyRSTPDV4yMZ+0QW+dFDh1gBrTb5juVx4mTWjTyy48/FARi
+naq/spbant/O7GtTswu71+ahGC5LOS8LIFWZonzKU6H8y13JDr4EtpNtLAKWbkh6
+3WP1CUiOqB9Q0zX//IySMK3pmZq1tQQST9/a8u0Ip9tUDQvqDxr1E/IJRzViFUB1
+zR2W/JAnFDbH348hvSZN5JkelywPRXnX2BNRXO+g8jEfSkAC7263Hb23osgG7/Ev
+8SH6F3gFRuBOlMA1w+SttLXRB7YAAws7uO0K9W/43mAZ+QbWz+C0ncaZBGFEu2pE
+/RBcARnPAgMBAAECggEBAK7AEqlPYyNHoX9/fJYo1RCxXFFzZ1QL3/Jog9wtn+SV
+dDigfAoU/NT8poOUvx/fCap309zmqvLFsdrLp/ELsrO4pPKeDFMrAqmKNLUoYG50
+wECwefLYNrOjfcxDdmL/DDkjmPl1wcDPC2C78ex2sjdeYRN/lR9B3Shlec+Xx8bA
+ijkUB89TfqKoch1RepCUC3EBzQaQHj3OSOj6PDaJG+O4YEHdTyP+GjNDw6TW7FNT
+lJpYixhyl+kHLA3QtP7ZLsQSZ2fGUVdVQpHprFX0BufPVgrgTUGGJwR4qciAhuo1
+CXg8pFu4OFPXJboG4N/JHerdDi2ZXD9C+9IOran/UakCgYEA43VMv9UPZqUEtMvk
+hbcvr3EyK2sItAC30yoOjhBsQ3btthcZN2US3jK4QIBQtBlr07B9fQh9pSstQm1P
+NnrAt8UT8DSRTysJe8ibbm7rKZUQBHnCDgrIBPgMKbIi2OTyQT4okq8uX+8x42zN
+Vja7DTRJ0iGqZkqswV7TA4QHc/sCgYEA4TDctiT+VCPonREiVtyeSq2SwYpOIzeZ
+P2A0jp5miJ/ekUhG/3eD4CstB+abJ3fViyrJvnTbHvQYDZB3B0w2+PiycbtFRrle
+unZdnK6ZEZUEZ8dS1PANf1oQQ023ByTJ+So4lkCVFSCP0N/eMPt9ZgBzeOgdFFHM
+GHXXHSSOtT0CgYBKf4vQtN7jdp7w/GrvpM0YgFG3SMpD8oxCvF6iBxz+h8BZyHz4
+2MDyR9hzP9Ou+TiI0CB5yEMmytp7DERKiq/+QK1EGmORc34ardzCsc+SAgGKBbsa
+UEus3PVW3sJtGaeC2PH/ASOGRlinrWYfm7NuIrce/OnLsR+eAgnI+ABc6wKBgQCZ
+Vr5TwSj1fmYc3df2MdAPpdWyuEywqmFNyGLBYpcLHWFeqErAFk/US1IkeSDZZT4h
+v4cUi1nR4ACo6+BBNeKQ8jgAPbbUi9E3QvZHhJRyZnhTemSq3rMyLs+4JKkm0iQ9
+6EQT+/IIKt4DKw2PaRBgbpoykEuM1I4XcdaC36vVOQKBgQC3RQGZvehpTdGJmqPd
+o5+VQO+J/74ey07ZF3HMYgM4JyleD+Izjzd66QG4hepiqZAaLmCnq2THztJvNE6V
+Ly1yxYg8sBitncLcirCGDkoMtKm1L4JrbaxUZY35OvTWRfD8FuCWAGR0QXO65owh
+I8vHlFlEm2s/1Ipp2v/qQVNoIA==
+-----END PRIVATE KEY-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 6 (0x6)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=Kernel Test CA, OU=Kernel, O=MongoDB, L=New York City, ST=New York, C=US
+        Validity
+            Not Before: May 13 14:55:25 2019 GMT
+            Not After : May 10 14:55:25 2029 GMT
+        Subject: C=US, ST=New York, L=New York City, O=MongoDB, OU=Kernel, CN=santesthostname.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:c8:15:82:8d:a2:72:5f:84:82:6e:6e:08:3e:e3:
+                    ac:1e:ff:04:1f:6e:6a:5c:a8:3c:91:49:33:c3:57:
+                    8c:8c:67:ed:10:5b:e7:45:0e:1d:60:06:b4:db:e6:
+                    3b:95:c7:89:93:5a:34:f2:cb:8f:3f:14:04:62:9d:
+                    aa:bf:b2:96:da:9e:df:ce:ec:6b:53:b3:0b:bb:d7:
+                    e6:a1:18:2e:4b:39:2f:0b:20:55:99:a2:7c:ca:53:
+                    a1:fc:cb:5d:c9:0e:be:04:b6:93:6d:2c:02:96:6e:
+                    48:7a:dd:63:f5:09:48:8e:a8:1f:50:d3:35:ff:fc:
+                    8c:92:30:ad:e9:99:9a:b5:b5:04:12:4f:df:da:f2:
+                    ed:08:a7:db:54:0d:0b:ea:0f:1a:f5:13:f2:09:47:
+                    35:62:15:40:75:cd:1d:96:fc:90:27:14:36:c7:df:
+                    8f:21:bd:26:4d:e4:99:1e:97:2c:0f:45:79:d7:d8:
+                    13:51:5c:ef:a0:f2:31:1f:4a:40:02:ef:6e:b7:1d:
+                    bd:b7:a2:c8:06:ef:f1:2f:f1:21:fa:17:78:05:46:
+                    e0:4e:94:c0:35:c3:e4:ad:b4:b5:d1:07:b6:00:03:
+                    0b:3b:b8:ed:0a:f5:6f:f8:de:60:19:f9:06:d6:cf:
+                    e0:b4:9d:c6:99:04:61:44:bb:6a:44:fd:10:5c:01:
+                    19:cf
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Alternative Name: 
+                DNS:*.example.com, DNS:127.0.0.1, DNS:morefun!, DNS:localhost
+            X509v3 Subject Key Identifier: 
+                D5:F5:A8:F8:D3:85:48:B2:99:95:40:74:26:FD:69:D3:60:55:14:AF
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+    Signature Algorithm: sha256WithRSAEncryption
+         1b:c8:9c:5e:e9:5f:85:ba:c7:3c:13:5f:11:7f:4d:fa:64:1d:
+         77:b0:6f:c8:b7:e4:31:16:d4:e6:07:5d:1e:16:92:03:b2:cb:
+         0e:82:9c:df:c9:c8:54:c3:6a:2c:a1:b8:7d:32:02:19:67:1c:
+         b6:1c:52:c1:e2:27:42:5f:06:b4:95:bf:21:af:9f:38:47:5d:
+         66:eb:26:b4:c0:0c:ec:cc:46:86:65:e3:a7:1d:58:22:eb:07:
+         fb:ba:82:a7:9e:5e:91:91:1e:9a:a7:eb:11:dd:bd:60:4f:38:
+         82:63:c8:9c:26:c9:f8:e6:9b:6d:37:a0:14:2f:20:34:94:0a:
+         1c:ea:04:95:22:97:9d:13:9b:df:2d:36:3b:e0:05:9a:4f:dc:
+         18:82:78:a4:be:0f:01:43:14:d4:8b:1c:b0:9a:c4:43:72:19:
+         b5:9d:b6:bf:2c:d1:0a:20:14:a9:da:d6:81:59:c8:3f:45:24:
+         00:39:10:30:34:7f:85:0b:02:9d:42:04:32:74:bf:c0:fd:34:
+         76:37:cc:f0:a1:45:7c:13:d0:f2:d3:c6:92:fa:49:ab:89:c9:
+         60:fb:6a:62:cb:8c:55:e4:30:8c:e0:f7:4e:46:f4:41:e2:5d:
+         b0:8b:ba:f6:16:69:c0:60:a9:72:d3:9e:7a:9c:fb:ef:e2:70:
+         0a:fd:2d:a0
+-----BEGIN CERTIFICATE-----
+MIID8jCCAtqgAwIBAgIBBjANBgkqhkiG9w0BAQsFADB0MRcwFQYDVQQDEw5LZXJu
+ZWwgVGVzdCBDQTEPMA0GA1UECxMGS2VybmVsMRAwDgYDVQQKEwdNb25nb0RCMRYw
+FAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQIEwhOZXcgWW9yazELMAkGA1UE
+BhMCVVMwHhcNMTkwNTEzMTQ1NTI1WhcNMjkwNTEwMTQ1NTI1WjB5MQswCQYDVQQG
+EwJVUzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkx
+EDAOBgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEcMBoGA1UEAwwTc2Fu
+dGVzdGhvc3RuYW1lLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AMgVgo2icl+Egm5uCD7jrB7/BB9ualyoPJFJM8NXjIxn7RBb50UOHWAGtNvmO5XH
+iZNaNPLLjz8UBGKdqr+yltqe387sa1OzC7vX5qEYLks5LwsgVZmifMpTofzLXckO
+vgS2k20sApZuSHrdY/UJSI6oH1DTNf/8jJIwremZmrW1BBJP39ry7Qin21QNC+oP
+GvUT8glHNWIVQHXNHZb8kCcUNsffjyG9Jk3kmR6XLA9FedfYE1Fc76DyMR9KQALv
+brcdvbeiyAbv8S/xIfoXeAVG4E6UwDXD5K20tdEHtgADCzu47Qr1b/jeYBn5BtbP
+4LSdxpkEYUS7akT9EFwBGc8CAwEAAaOBiTCBhjAJBgNVHRMEAjAAMDgGA1UdEQQx
+MC+CDSouZXhhbXBsZS5jb22CCTEyNy4wLjAuMYIIbW9yZWZ1biGCCWxvY2FsaG9z
+dDAdBgNVHQ4EFgQU1fWo+NOFSLKZlUB0Jv1p02BVFK8wCwYDVR0PBAQDAgWgMBMG
+A1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IBAQAbyJxe6V+Fusc8
+E18Rf036ZB13sG/It+QxFtTmB10eFpIDsssOgpzfychUw2osobh9MgIZZxy2HFLB
+4idCXwa0lb8hr584R11m6ya0wAzszEaGZeOnHVgi6wf7uoKnnl6RkR6ap+sR3b1g
+TziCY8icJsn45pttN6AULyA0lAoc6gSVIpedE5vfLTY74AWaT9wYgnikvg8BQxTU
+ixywmsRDchm1nba/LNEKIBSp2taBWcg/RSQAORAwNH+FCwKdQgQydL/A/TR2N8zw
+oUV8E9Dy08aS+kmriclg+2piy4xV5DCM4PdORvRB4l2wi7r2FmnAYKly0556nPvv
+4nAK/S2g
 -----END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAko4tM0Q+/TwhWaF+S/perV1PqmSLvqCCkntSnB1RKxOxYMo7
-ajVzvCfMSN+FhD4K2US9tjIvc7t/wBo7XlYl2LndIy5ZL5B8IqzpvSzKZhuKdJeV
-kZvihlgVKuh1LEf4by75NTHJ5peBMejAxYCuZNGLYuC0jBfDAclrB+EUPGOLdxKY
-sCvlhAwBpdTKereDQMQAYxp46XKfU+QnZl8mxfZ2L6xx4pv4orXFP7a9RKy+ci6Y
-EJioyFTrLdaMFYrpauY5yyV1ajghyDLPBVGVmK65ih7pmzFniczJN1h5sAs+qCS3
-xBVeqSByNYrwXXye6pYgCfUhJOOPvcfhyfNi/QIDAQABAoIBADqGMkClwS2pJHxB
-hEjc+4/pklWt/ywpttq+CpgzEOXN4GiRebaJD+WUUvzK3euYRwbKb6PhWJezyWky
-UID0j/qDBm71JEJdRWUnfdPAnja2Ss0Sd3UFNimF5TYUTC5ZszjbHkOC1WiTGdGP
-a+Oy5nF2SF4883x6RLJi963W0Rjn3jIW9LoLeTgm9bjWXg3iqonCo3AjREdkR/SG
-BZaCvulGEWl/A3a7NmW5EGGNUMvzZOxrqQz4EX+VnYdb7SPrH3pmQJyJpAqUlvD5
-y7pO01fI0wg9kOWiIR0vd3Gbm9NaFmlH9Gr2oyan3CWt1h1gPzkH/V17rZzVYb5L
-RnjLdyECgYEA6X16A5Gpb5rOVR/SK/JZGd+3z52+hRR8je4WhXkZqRZmbn2deKha
-LKZi1eVl11t8zitLg/OSN1uZ/873iESKtp/R6vcGcriUCd87cDh7KTyW/7ZW5jdj
-o6Y3Liai3Xrf6dL+V2xYw964Map9oK9qatYw/L+Ke6b9wbGi+hduf1kCgYEAoK8n
-pzctajS3Ntmk147n4ZVtcv78nWItBNH2B8UaofdkBlSRyUURsEY9nA34zLNWI0f3
-k59+cR13iofkQ0rKqJw1HbTTncrSsFqptyEDt23iWSmmaU3/9Us8lcNGqRm7a35V
-Km0XBFLnE0mGFGFoTpNt8oiR4WGASJPi482xkEUCgYEAwPmQn2SDCheDEr2zAdlR
-pN3O2EwCi5DMBK3TdUsKV0KJNCajwHY72Q1HQItQ6XXWp7sGta7YmOIfXFodIUWs
-85URdMXnUWeWCrayNGSp/gHytrNoDOuYcUfN8VnDX5PPfjyBM5X7ox7vUzUakXSJ
-WnVelXZlKR9yOOTs0xAMpjkCgYAbF61N6mXD5IOHwgajObsrM/CyVP/u4WDJ0UT0
-Zm1pJbc9wgCauQSUfiNhLpHmoc5CQJ4jy96b3+YJ+4OnPPMSntPt4FFV557CkWbQ
-M8bWpLZnZjhixP4FM9xRPA2r8WTCaRifAKnC1t+TRvBOe2YE6aK+I/zEzZW9pwG4
-ezQXKQKBgQAIBSJLa6xWbfbzqyPsvmRNgiEjIamF7wcb1sRjgqWM6sCzYwYv8f5v
-9C4YhNXEn+c5V2KevgYeg6iPSQuzEAfJx64QV7JD8kEBf5GNETnuW45Yg7KwKPD6
-ZCealfpy/o9iiNqbWqDNND91pj2/g5oZnac3misJg5tGCJbJsBFXag==
------END RSA PRIVATE KEY-----
-\ No newline at end of file
diff --git a/jstests/libs/openssl_config/badSAN.cnf b/jstests/libs/openssl_config/badSAN.cnf
new file mode 100644
index 00000000000..4e223df5e2f
--- /dev/null
+++ b/jstests/libs/openssl_config/badSAN.cnf
@@ -0,0 +1,29 @@
+# This is the openssl config file for generating the CSR for the badSAN.pem certificate
+
+[ req ]
+default_bits = 2048
+default_keyfile = badSAN.key
+encrypt_key = no
+default_md = sha256
+prompt = no
+utf8 = yes
+distinguished_name = badSAN_req_distinguished_name
+req_extensions = badSAN_extensions
+
+[ badSAN_req_distinguished_name ]
+C = US
+ST = New York
+L = New York City
+O  = MongoDB
+OU = Kernel
+CN = 127.0.0.1
+
+[ badSAN_extensions ]
+basicConstraints=CA:FALSE
+subjectAltName=@badSAN_subject_alt_names
+subjectKeyIdentifier = hash
+keyUsage = keyEncipherment, digitalSignature
+extendedKeyUsage = serverAuth
+
+[ badSAN_subject_alt_names ]
+DNS.1 = badSAN
diff --git a/jstests/libs/openssl_config/ca.cnf b/jstests/libs/openssl_config/ca.cnf
new file mode 100644
index 00000000000..231939d5b28
--- /dev/null
+++ b/jstests/libs/openssl_config/ca.cnf
@@ -0,0 +1,72 @@
+[ ca ]
+default_ca      = CA_default            # The default ca section
+
+[ CA_default ]
+dir            = .                     # top dir
+database       = $dir/ca_state/index.txt        # index file.
+new_certs_dir	= $dir/ca_state/newcerts        # new certs dir
+RANDFILE       = $dir/ca_state/.rand    # random number file
+ 
+certificate    = $dir/ca.pem       # The CA cert
+serial         = $dir/ca_state/serial           # serial no file
+private_key    = $dir/ca.pem        # CA private key
+ 
+default_days   = 3650                  # how long to certify for
+default_crl_days= 3650                   # how long before next CRL
+default_md     = sha256                   # md to use
+copy_extensions = copy
+unique_subject = no
+
+policy         = policy_any            # default policy
+
+[ policy_any ]
+countryName            = optional
+stateOrProvinceName    = optional
+localityName           = optional
+organizationName       = optional
+organizationalUnitName = optional
+commonName             = supplied
+emailAddress           = optional
+
+[ req ]
+default_bits		= 2048
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extensions to add to the self signed cert
+
+string_mask = utf8only
+
+[ req_distinguished_name ]
+commonName			= Common Name (e.g. server FQDN or YOUR name)
+commonName_max			= 64
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+organizationalUnitName_default	= Kernel
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= MongoDB
+
+localityName			= Locality Name (eg, city)
+localityName_default            = New York City
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= New York
+
+countryName			= Country Name (2 letter code)
+countryName_default		= US
+countryName_min			= 2
+countryName_max			= 2 
+
+[ v3_req ]
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer
+basicConstraints = critical,CA:true
+
+[ crl_ext ]
+authorityKeyIdentifier=keyid:always
+
diff --git a/jstests/libs/openssl_config/client.cnf b/jstests/libs/openssl_config/client.cnf
new file mode 100644
index 00000000000..208f3a456cd
--- /dev/null
+++ b/jstests/libs/openssl_config/client.cnf
@@ -0,0 +1,26 @@
+# This is the openssl config file for generating the CSR for the client.pem certificate
+
+[ req ]
+default_bits = 2048
+default_keyfile = client.key
+encrypt_key = no
+default_md = sha256
+prompt = no
+utf8 = yes
+distinguished_name = client_req_distinguished_name
+req_extensions = client_extensions
+
+[ client_req_distinguished_name ]
+C = US
+ST = New York
+L = New York City
+O  = MongoDB
+OU = KernelUser
+CN = client
+
+[ client_extensions ]
+basicConstraints=CA:FALSE
+subjectKeyIdentifier = hash
+keyUsage = digitalSignature, keyEncipherment
+extendedKeyUsage = clientAuth
+
diff --git a/jstests/libs/openssl_config/client_revoked.cnf b/jstests/libs/openssl_config/client_revoked.cnf
new file mode 100644
index 00000000000..3c7ae32c2bc
--- /dev/null
+++ b/jstests/libs/openssl_config/client_revoked.cnf
@@ -0,0 +1,26 @@
+# This is the openssl config file for generating the CSR for the client.pem certificate
+
+[ req ]
+default_bits = 2048
+default_keyfile = client_revoked.key
+encrypt_key = no
+default_md = sha256
+prompt = no
+utf8 = yes
+distinguished_name = client_revoked_req_distinguished_name
+req_extensions = client_revoked_extensions
+
+[ client_revoked_req_distinguished_name ]
+C = US
+ST = New York
+L = New York City
+O  = MongoDB
+OU = KernelUser
+CN = client_revoked
+
+[ client_revoked_extensions ]
+basicConstraints=CA:FALSE
+subjectKeyIdentifier = hash
+keyUsage = digitalSignature, keyEncipherment
+extendedKeyUsage = clientAuth
+
diff --git a/jstests/libs/openssl_config/localhostnameCN.cnf b/jstests/libs/openssl_config/localhostnameCN.cnf
new file mode 100644
index 00000000000..99e84946a30
--- /dev/null
+++ b/jstests/libs/openssl_config/localhostnameCN.cnf
@@ -0,0 +1,30 @@
+# This is the openssl config file for generating the CSR for the localhostnameCN.pem certificate
+
+[ req ]
+default_bits = 2048
+default_keyfile = localhostnameCN.key
+encrypt_key = no
+default_md = sha256
+prompt = no
+utf8 = yes
+distinguished_name = localhostnameCN_req_distinguished_name
+req_extensions = localhostnameCN_extensions
+
+[ localhostnameCN_req_distinguished_name ]
+C = US
+ST = New York
+L = New York City
+O  = MongoDB
+OU = Kernel
+CN = 127.0.0.1
+
+[ localhostnameCN_extensions ]
+basicConstraints=CA:FALSE
+subjectAltName=@localhostnameCN_subject_alt_names
+subjectKeyIdentifier = hash
+keyUsage = keyEncipherment, digitalSignature
+extendedKeyUsage = serverAuth
+
+[ localhostnameCN_subject_alt_names ]
+DNS.1 = localhost
+DNS.2 = 127.0.0.1
diff --git a/jstests/libs/openssl_config/localhostnameSAN.cnf b/jstests/libs/openssl_config/localhostnameSAN.cnf
new file mode 100644
index 00000000000..c5376765e33
--- /dev/null
+++ b/jstests/libs/openssl_config/localhostnameSAN.cnf
@@ -0,0 +1,32 @@
+# This is the openssl config file for generating the CSR for the localhostnameSAN.pem certificate
+
+[ req ]
+default_bits = 2048
+default_keyfile = localhostnameSAN.key
+encrypt_key = no
+default_md = sha256
+prompt = no
+utf8 = yes
+distinguished_name = localhostnameSAN_req_distinguished_name
+req_extensions = localhostnameSAN_extensions
+
+[ localhostnameSAN_req_distinguished_name ]
+C = US
+ST = New York
+L = New York City
+O  = MongoDB
+OU = Kernel
+CN = santesthostname.com
+
+[ localhostnameSAN_extensions ]
+basicConstraints=CA:FALSE
+subjectAltName=@localhostnameSAN_subject_alt_names
+subjectKeyIdentifier = hash
+keyUsage = keyEncipherment, digitalSignature
+extendedKeyUsage = serverAuth
+
+[ localhostnameSAN_subject_alt_names ]
+DNS.1 = *.example.com
+DNS.2 = 127.0.0.1
+DNS.3 = morefun!
+DNS.4 = localhost
diff --git a/jstests/libs/openssl_config/server.cnf b/jstests/libs/openssl_config/server.cnf
new file mode 100644
index 00000000000..0c85f360504
--- /dev/null
+++ b/jstests/libs/openssl_config/server.cnf
@@ -0,0 +1,30 @@
+# This is the openssl config file for generating the CSR for the server.pem certificate
+
+[ req ]
+default_bits = 2048
+default_keyfile = server.key
+encrypt_key = no
+default_md = sha256
+prompt = no
+utf8 = yes
+distinguished_name = server_req_distinguished_name
+req_extensions = server_extensions
+
+[ server_req_distinguished_name ]
+C = US
+ST = New York
+L = New York City
+O  = MongoDB
+OU = Kernel
+CN = server
+
+[ server_extensions ]
+basicConstraints=CA:FALSE
+subjectAltName=@server_subject_alt_names
+subjectKeyIdentifier = hash
+keyUsage = keyEncipherment, digitalSignature
+extendedKeyUsage = serverAuth, clientAuth
+
+[ server_subject_alt_names ]
+DNS.1 = localhost
+DNS.2 = 127.0.0.1
diff --git a/jstests/libs/password_protected.pem b/jstests/libs/password_protected.pem
index 2a9b8ea4aa4..cfe86b03a83 100644
--- a/jstests/libs/password_protected.pem
+++ b/jstests/libs/password_protected.pem
@@ -1,51 +1,120 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,CA3A35762D730A5C72B1F25CBBD5AC25
+
+QkFhwdG6X6kb58wz4lb3ezLsMAEhdRJCxCfk6OivL4zLPpL7eL1SMuHrs0DpSxpQ
+27FJ0M6fu2XaMeLf2GlCyY37z7aCRn0Cxyk90rBHztKCBLBlMGCfjFsPTDctrmJE
+tmtVSYSEJ4Ydb2EsUlXmRtSyCjzzKZ0Unt9FXziURVklqwCVKsWcPh/bEd4bxJyS
+3ddlqZw48KSUcQKSo/xJ36Bn1t/FSpU3i4lkyo2bmbEkJl52MB7vtE9IkfMECRqY
+lfWHepErG1p9/oIqdd2xDdKCt/M3KCcp99uFw0hVmTAaLv0G8ymyqVly8NJEyC8c
+tYKR/4vr1KOClB4u4tH2F7THHwfvAIvqOqZIhiTRl+h4/pnXHBeldmkDy6yY0VgF
+irOf+eb/JSUoe67gdQf4rQRaVuDe4PeU+CyldddLYEQiMr1FshZC1wtPH9kdP/OE
+sRi1PND3dON9ovfIW4v+bS+0Oq8ycAtkmZYOSwqt9m67xKKURZebcoxVuPDHXrre
+7CthjsWDB91y3YkMPCYlgtApGdCQZKf6nbVcYqp6SuRwO2MyvxOLo5/Oyi8JY6Uu
+Npbonj83qmpoIyGVASKr9eR4a8kFQDOEMHjg37D7dWVEs4M6SGLJA9EmWFsbyfBc
+ir2yBmIYKZU0a255QfF7zWTUnQQDthVXH3vp4a4QdShj2YGR8ctqExeeJ4JCrRWR
+UB7T0IR+PCbKlFFMvdZTlS/vJZP6xvvzSFCqrkO3z5oqlEhNu4HagfteiSvcqYhv
+bxWpX/pksTJuiVcz+G8srfCfotsQ9wVflSIHmyiiCsL5igr/IFATvyEqBWgvdfUR
+4s+yY3OoOAihOqOdIb+j4I6Qlv0lAIFmoxoQj2JHjtFMoX6JRkb0hz17wvICJcrL
+DE/OZ/WgbPufFbz6XFEu8H+wj0ITHX0Hp6CrJMKFZlJO4OgKAtNasOHl10blroUM
+xZYc2H0fnmzjEVvTjiAcFZXyLpgwrRD0OVphPqBh1WNWjMDYDyd/6VIIy/g4/AtQ
++YWWomuiNdGefaG8j0+KjEOo7y19UFvuCE88UkAbjjwvsvRvNYWg5lDdyE7rpVnM
+oOyVJGraM4+vECDtHTq0z0SVtE/wnIDO6azdy4mP2RMPLBsQ2UZ9jFtGRnq6rsQ6
+2/RgjARHlomfEmsxgYMZxyetoqFl5iJbf+92aYcWwF0g3TpezkR9ZVYlUHHgmOap
+aufSFv+yGjZlHYQyYGYNpjIxIpaBVyEO4AdvESfhBYRLGhpa2oRHHdseZHEgXc0r
+uGseGIxEJisgm4l0p8xciVXrrt8H1Yuc0tmjMjy58eY8Ey8uJWu2J3Su1XbO2WXi
+zBufXgvzgoyULDSTIijGMp/oYm/zwTFiBLX5+ti51clrFh5S8RLANvkSf+c/eRDH
+7PVQOsapCE+4QtcJOO/OLbybHtSGe5Zy28tsq832FRfHvALG5V/KsyQtGsl+x7lZ
+24oC1rwZJJej9MYBKYqc4gyBwcNvKeSOQgQcuwL+xkELGE4XkaFzgsW+YY4v/M4w
+QhKtDvsHHiW0BaH6W5WSstwxWNbfF4JOuv0g6NpMIxYGllCupaUrm98Bfto45FF8
+-----END RSA PRIVATE KEY-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 8 (0x8)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=Kernel Test CA, OU=Kernel, O=MongoDB, L=New York City, ST=New York, C=US
+        Validity
+            Not Before: May  9 19:30:52 2019 GMT
+            Not After : May  6 19:30:52 2029 GMT
+        Subject: C=US, ST=New York, L=New York City, O=MongoDB, OU=Kernel, CN=server
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:d7:9e:63:d8:75:ed:e0:df:8c:8b:bd:1d:08:f3:
+                    34:a3:b3:d9:ef:5f:0b:ca:a9:32:e4:a5:b3:2f:c7:
+                    ee:6c:78:94:5f:46:6c:a1:a3:54:6e:b0:52:2f:e6:
+                    2a:b6:27:a2:43:7e:42:8c:40:2a:47:9a:d6:1b:3e:
+                    50:1e:04:34:40:48:87:f4:18:3b:71:91:1f:5b:d1:
+                    dc:e1:fd:d5:61:c8:5c:4f:55:e5:fa:88:5d:d3:51:
+                    ba:97:d4:d4:b7:4c:27:c6:61:8a:db:a1:02:99:d3:
+                    c8:cc:49:72:f6:28:dd:9f:46:32:f8:51:89:01:38:
+                    5b:1b:9e:67:75:27:6b:3c:dc:3a:5d:36:70:de:c9:
+                    bc:81:d6:41:b7:65:b7:9f:ac:da:25:cf:29:91:6a:
+                    f5:d4:54:1c:78:8d:fc:68:6a:74:47:14:72:1d:f3:
+                    d1:9a:80:11:24:f2:be:a4:c1:0c:61:15:01:de:ee:
+                    f0:8a:9a:24:79:77:5c:66:b2:75:86:39:ca:93:6e:
+                    0a:32:d9:d5:32:03:69:61:81:5b:3f:34:e7:b5:9a:
+                    fe:a1:ed:4b:06:3e:74:71:b3:e7:55:52:23:93:91:
+                    c7:7a:08:c6:a4:33:5d:cf:27:2b:d8:b5:db:08:44:
+                    c3:54:8d:e3:43:99:ef:b9:1b:4e:b6:51:a7:0d:8a:
+                    1c:d5
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Subject Alternative Name: 
+                DNS:localhost, DNS:127.0.0.1
+            X509v3 Subject Key Identifier: 
+                5C:78:7C:37:A4:38:82:F0:EA:E1:CA:CA:D8:F2:FB:00:09:92:47:09
+            X509v3 Authority Key Identifier: 
+                DirName:/CN=Kernel Test CA/OU=Kernel/O=MongoDB/L=New York City/ST=New York/C=US
+                serial:01
+
+    Signature Algorithm: sha256WithRSAEncryption
+         0d:e1:de:62:dd:fc:a2:c6:05:22:53:f2:b2:83:ad:c6:9f:ae:
+         db:08:49:b9:d8:c6:21:f2:ec:b1:56:fc:7f:24:0f:6b:1a:6f:
+         34:73:6e:bf:7b:e0:d0:59:98:5e:a6:82:2f:87:df:64:1c:8d:
+         45:82:95:6b:c0:76:28:d6:b5:1b:28:4b:1b:91:47:2f:29:0e:
+         2b:89:2c:94:92:a9:ff:eb:3c:38:7b:79:fa:e3:6a:68:1c:ce:
+         52:a5:18:96:9a:29:1c:78:a3:bd:46:98:e3:93:f9:c3:3a:3a:
+         0a:a3:24:ab:22:a1:50:f5:79:53:ca:e6:fc:ba:c4:31:73:c4:
+         3b:bf:ba:5d:86:f4:2b:25:0a:e9:57:99:13:48:94:0b:c0:a7:
+         f1:b2:91:db:c4:32:24:50:7f:0b:5a:0a:8a:7d:22:13:c3:ee:
+         05:20:a2:4a:4e:2d:f5:6c:7c:ec:7e:4f:23:61:9c:83:6c:35:
+         52:8e:3b:9b:6f:4b:fd:22:26:e5:54:59:6e:47:86:5f:9a:f3:
+         d8:98:0d:08:be:79:35:91:8d:60:f0:e6:c9:7c:1b:5f:20:86:
+         2a:95:70:f9:e6:f7:ee:89:b1:e9:ef:fc:a8:e3:41:1a:28:c7:
+         a2:0f:41:0d:b4:f1:9a:35:8e:b2:e4:2a:35:6a:ff:56:4c:16:
+         9f:80:ec:83
 -----BEGIN CERTIFICATE-----
-MIIDfjCCAmagAwIBAgIDBUEVMA0GCSqGSIb3DQEBBQUAMHQxFzAVBgNVBAMTDktl
-cm5lbCBUZXN0IENBMQ8wDQYDVQQLEwZLZXJuZWwxEDAOBgNVBAoTB01vbmdvREIx
-FjAUBgNVBAcTDU5ldyBZb3JrIENpdHkxETAPBgNVBAgTCE5ldyBZb3JrMQswCQYD
-VQQGEwJVUzAeFw0xNjA5MjIxODE1MTJaFw0zNjA5MjIxODE1MTJaMG8xEjAQBgNV
-BAMTCWxvY2FsaG9zdDEPMA0GA1UECxMGS2VybmVsMRAwDgYDVQQKEwdNb25nb0RC
-MRYwFAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQIEwhOZXcgWW9yazELMAkG
-A1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTHMXV0LEZ
-OCuDZ292e26NbbrMaib6IL3obp/5tOvNVCNnvfgYyJwCCTIZq/mwCjAV5N8Y7tJM
-v0JrrGIWgJ3qtPMQ/1VxfzLLW598nnBuqZG2HiR3CTfhd0JBmnjKDMscz90+xB2x
-DUDVe6PkbZWnN2otsBzVbW+AAJRVTgUb3cjSbGcC0eTMg3SGaWiB+DtiJIAe3bl8
-6TTmrUKVvbzbJrdrFWpz+NVxf5ejZje+Wlz6OXgkWki5U41PtA7aDFIX3mo1J3c0
-jW957fC/q76jrBoTCbufYPaLQIb5QSex+aJZ40rHpSSV75tsXNUkn22u83Bes+Ih
-X0As7g5kW2TDAgMBAAGjHjAcMBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAAATAN
-BgkqhkiG9w0BAQUFAAOCAQEAEDzWG64/IlXSEFQZom1z0uBLSLVaxrNg4se6geLH
-Bt63EW78H+JMf97AA32DsDiT3ih5uo8yUcOVoEUwontUOSjekHrYfagF/KxMvyMy
-sWX+8m5SLrU6s4FysUCtlXa92g1Nh/rET074U2sNShhALgNB2XSw9P5n9GnKt5VT
-Rkh0AeBJd09WcOGnSHs30+kKGNV8A5a2GTJbDma0dLa7zlhV6VU91Z9LA0aamyrX
-eWwnymJvRcIYvxGqgNDxN/8MsaU1EcW0MNEDkc+kDE1LbOwlAQbCeLQDq/w6AlmC
-smoCi0pp6Bf8tZM2RhcUN/xXxgEKcZzhlDOI4v8RNHOyMg==
+MIIEVTCCAz2gAwIBAgIBCDANBgkqhkiG9w0BAQsFADB0MRcwFQYDVQQDEw5LZXJu
+ZWwgVGVzdCBDQTEPMA0GA1UECxMGS2VybmVsMRAwDgYDVQQKEwdNb25nb0RCMRYw
+FAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQIEwhOZXcgWW9yazELMAkGA1UE
+BhMCVVMwHhcNMTkwNTA5MTkzMDUyWhcNMjkwNTA2MTkzMDUyWjBsMQswCQYDVQQG
+EwJVUzERMA8GA1UECBMITmV3IFlvcmsxFjAUBgNVBAcTDU5ldyBZb3JrIENpdHkx
+EDAOBgNVBAoTB01vbmdvREIxDzANBgNVBAsTBktlcm5lbDEPMA0GA1UEAxMGc2Vy
+dmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA155j2HXt4N+Mi70d
+CPM0o7PZ718Lyqky5KWzL8fubHiUX0ZsoaNUbrBSL+YqtieiQ35CjEAqR5rWGz5Q
+HgQ0QEiH9Bg7cZEfW9Hc4f3VYchcT1Xl+ohd01G6l9TUt0wnxmGK26ECmdPIzEly
+9ijdn0Yy+FGJAThbG55ndSdrPNw6XTZw3sm8gdZBt2W3n6zaJc8pkWr11FQceI38
+aGp0RxRyHfPRmoARJPK+pMEMYRUB3u7wipokeXdcZrJ1hjnKk24KMtnVMgNpYYFb
+PzTntZr+oe1LBj50cbPnVVIjk5HHegjGpDNdzycr2LXbCETDVI3jQ5nvuRtOtlGn
+DYoc1QIDAQABo4H5MIH2MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgMBMGA1UdJQQM
+MAoGCCsGAQUFBwMBMB8GA1UdEQQYMBaCCWxvY2FsaG9zdIIJMTI3LjAuMC4xMB0G
+A1UdDgQWBBRceHw3pDiC8OrhysrY8vsACZJHCTCBhgYDVR0jBH8wfaF4pHYwdDEX
+MBUGA1UEAxMOS2VybmVsIFRlc3QgQ0ExDzANBgNVBAsTBktlcm5lbDEQMA4GA1UE
+ChMHTW9uZ29EQjEWMBQGA1UEBxMNTmV3IFlvcmsgQ2l0eTERMA8GA1UECBMITmV3
+IFlvcmsxCzAJBgNVBAYTAlVTggEBMA0GCSqGSIb3DQEBCwUAA4IBAQAN4d5i3fyi
+xgUiU/Kyg63Gn67bCEm52MYh8uyxVvx/JA9rGm80c26/e+DQWZhepoIvh99kHI1F
+gpVrwHYo1rUbKEsbkUcvKQ4riSyUkqn/6zw4e3n642poHM5SpRiWmikceKO9Rpjj
+k/nDOjoKoySrIqFQ9XlTyub8usQxc8Q7v7pdhvQrJQrpV5kTSJQLwKfxspHbxDIk
+UH8LWgqKfSITw+4FIKJKTi31bHzsfk8jYZyDbDVSjjubb0v9IiblVFluR4ZfmvPY
+mA0Ivnk1kY1g8ObJfBtfIIYqlXD55vfuibHp7/yo40EaKMeiD0ENtPGaNY6y5Co1
+av9WTBafgOyD
 -----END CERTIFICATE-----
------BEGIN ENCRYPTED PRIVATE KEY-----
-MIIFHzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIP80PLbXYYHUCAggA
-MB0GCWCGSAFlAwQBAgQQu1qZnln9ymhZVDJmGJpIJQSCBNDufC1nGCgwBWtkzqP+
-MN3/UJD4cX6TQDjGotN484gLvCm138yB8EPSuFz2RUcOFQImKm3fuqBKgx08jen6
-DQRNekzW1ngIV3BZwn5kMwr0lJK4ibpfEmdTYu/2INq55ljsFx7pq+69PLOqskPa
-l+1CzPub0xPC8spG6H0xxOV3HYZlzNX6SKgpK/GPCyGzspgijdacn+x+KFpvMRG3
-fDvdGTP5F/lk6++EHFM/LBfitNV0qkd9GoOIbcDkinu6EytSfJY/mY337AhitWQZ
-zdhgC3nA+QYy9s/hs2hXBepkIsFzLMRF162Cqc7KPNObpVGBPxFS+an3c7FyYXVw
-ekTf1XrUpdsqNIgvSQkUhzkPc01jHWd4paHgSCLayLx6c9jPXiCxgASZ7BcjAZOC
-VLqoi9RHYrEdpoZBwMnSheHa6OVdqPbitlx4vA41s1ERuRktz9hXuhl/Rje+IF5i
-2N2l4q3ix4K2yvtZ4wmoc92/WPy2XVudeBinupIxLbrq82HIs1KvLZZ78s+s2Gfh
-PDH/1gMiraOWyBY1/4DtAnptl2qKW3YsTwMGCfrX8euRC7WCk/QBw6SBy1XlV2pc
-uc1ZOAgWQHwDSRK6XJHgElrQkgVRlszg5vofJ1RdRxJo6XossIc3vx/IUqv2+7xx
-mGBE+71FYDg4vmN5nAgN2MjEGdyMEGL4WiKT6Y/WSOTrtRVKRFTilzxuOmx6Hq37
-rldBokhttrx0JikU0fqDWSaDbERSslmv5TinygKyq/PnGOHtcBzHC0c+AIlp2Rj8
-Z5TbgMVcxjV0GZ0SojjO6DO9weJ5c5iBom+VJrniYNDc4jqn0OqIQEembgGuTdHk
-37Dqp7oxonLZS1Qi+YNljxQvGUeaoy0hSJS/9C2ANWoo+POB/BkhdS3NT2CQAxNZ
-ca4ThdtyLvhSjLIEEMJH7J+LFVuE32hbivWtjKcha8vJ/sYz5gZE193Jfz5H92Zq
-3Ee7ipvaKQrxATCp7xJdX5ftHp2+dMsiRKxff8TOO9TVwoJkWOw9zSOMidI+znuL
-IF2kTMMPu/o1EbOzEvgck/dcvPlTzWQEGy6eCSixndB4c9yjcVnZpzYnWJEhV7to
-W9OfcBkQ/3V5jn96yQPCXm1br2j9FS5QDmWP+GOlLUEPwb27jUajTs3emeqvC0qJ
-OALtJsKkwT9L7Cq/cZNByBrbmimEI1NkaVRPjauHhQSzPYIJWBkaJPoZIkbCJ5eO
-vRi/2Bd74fda8pVFxm9kUNP8wwpz9JSXmzVRzGXOJ3lS1TKAXl++gb5HX+bieSNy
-QHcjw6rBwOkdac40vs5mxGb0XHtP8Qqvn0+fzmKan4MBGKGrB2nlfBrhI2Uopni5
-WRSWbZjDe3ofsjlaj39rxQksvSnZEN/us4JHl2QWfYhpg9tYiCmO0zPREqdWKoi2
-IgydR30JXmNx+W2UBoh1iIPgxeqkDXsxWusGbAgyZs4s7/dcrlcVQz5vzHm0zXsK
-hix58eAuxTJORkGKaxva5fmdwvHJJPt5/nPPsGdm81WVqm79yKRRE4mjl+PTBryE
-4IuFZjGksVDHpi1LMpW4FMmaYjf/oNm9/ZAqOtxJYC8CFIyyVbqSMOwrqSDxmE8O
-gHyWskGclbX/lOH8H83lXnh2xw==
------END ENCRYPTED PRIVATE KEY-----
diff --git a/jstests/libs/server.pem b/jstests/libs/server.pem
index df2b49163d6..fa75453b8d8 100644
--- a/jstests/libs/server.pem
+++ b/jstests/libs/server.pem
@@ -1,48 +1,111 @@
------BEGIN CERTIFICATE-----
-MIIDfjCCAmagAwIBAgIBBzANBgkqhkiG9w0BAQUFADB0MRcwFQYDVQQDEw5LZXJu
-ZWwgVGVzdCBDQTEPMA0GA1UECxMGS2VybmVsMRAwDgYDVQQKEwdNb25nb0RCMRYw
-FAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQIEwhOZXcgWW9yazELMAkGA1UE
-BhMCVVMwHhcNMTQwNzE3MTYwMDAwWhcNMjAwNzE3MTYwMDAwWjBsMQ8wDQYDVQQD
-EwZzZXJ2ZXIxDzANBgNVBAsTBktlcm5lbDEQMA4GA1UEChMHTW9uZ29EQjEWMBQG
-A1UEBxMNTmV3IFlvcmsgQ2l0eTERMA8GA1UECBMITmV3IFlvcmsxCzAJBgNVBAYT
-AlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp76KJeDczBqjSPJj
-5f8DHdtrWpQDK9AWNDlslWpi6+pL8hMqwbX0D7hC2r3kAgccMyFoNIudPqIXfXVd
-1LOh6vyY+jveRvqjKW/UZVzZeiL4Gy4bhke6R8JRC3O5aMKIAbaiQUAI1Nd8LxIt
-LGvH+ia/DFza1whgB8ym/uzVQB6igOifJ1qHWJbTtIhDKaW8gvjOhv5R3jzjfLEb
-R9r5Q0ZyE0lrO27kTkqgBnHKPmu54GSzU/r0HM3B+Sc/6UN+xNhNbuR+LZ+EvJHm
-r4de8jhW8wivmjTIvte33jlLibQ5nYIHrlpDLEwlzvDGaIio+OfWcgs2WuPk98MU
-tht0IQIDAQABoyMwITAfBgNVHREEGDAWgglsb2NhbGhvc3SCCTEyNy4wLjAuMTAN
-BgkqhkiG9w0BAQUFAAOCAQEANoYxvVFsIol09BQA0fwryAye/Z4dYItvKhmwB9VS
-t99DsmJcyx0P5meB3Ed8SnwkD0NGCm5TkUY/YLacPP9uJ4SkbPkNZ1fRISyShCCn
-SGgQUJWHbCbcIEj+vssFb91c5RFJbvnenDkQokRvD2VJWspwioeLzuwtARUoMH3Y
-qg0k0Mn7Bx1bW1Y6xQJHeVlnZtzxfeueoFO55ZRkZ0ceAD/q7q1ohTXi0vMydYgu
-1CB6VkDuibGlv56NdjbttPJm2iQoPaez8tZGpBo76N/Z1ydan0ow2pVjDXVOR84Y
-2HSZgbHOGBiycNw2W3vfw7uK0OmiPRTFpJCmewDjYwZ/6w==
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCw9AqYTsI8akw5
+8/f2eQ9bzYbUdp5ok9ip5DiN1cbrF1br7pREgHgkfXuVJ7vtgcdDVtZkvPqTYgOG
+rUpU82gIn74V5hshvQFgFgwxzJFZsUnnmI7JWprhTdCZXdomE2T5OqtaUwKK2YTx
+svtjwu96ijWcPendBD5SqDh9h/Zq5fa0ckXyKA4vnQtiJ90/6/2tX60zV+y1AEyu
+BTa4xvobSD5TY4YVMwqBYQ/d4MSRJEaoxLgLjBtNhxiOQs9OTZGDzcjDrEygU/M5
+8QOcQJd/QTvt4rPTB+enFn3goN67axJmy0u3qH0T/yfQI+UYnsrbWRc9ylrsgtYd
+r1oGm8KvAgMBAAECggEAOur2wCGxIKaP/NfTnxhN2dZD52gbdFyNzntzrR4Z3lrm
+ESZd7bUMy7GQPWh+dSU58JzwQ5h8oigHXodCcaid4gk2JFp6fDBPTevpYYdoegHC
+xr8QA9EMMqpTI02Rfg4FF8rGFQwAk7S7RDLA60WTsSxlj0E6JeHs0l66eGmVzZ93
+3A79SJZEtjX3E967WbBFLbJd+xvWv4TnLBV9rzy8rqrewtJER/j3PvBMrRjpiv2n
+qXR8hK6qD/BjXgTYxhwfof3VPYkDdG4Brx/Mo9fHcJKMt9JVYAB0JJYJO+cF4rco
+N6D5Av6+B3KXqlhbAmEbk01JFd1ohgUPnxEp8oaW6QKBgQDnWcrl2i5KKoaHgpjn
+rUrGBIN6K++zH2mUIwoC9PaSj2zxoFQOfJYIva36PGxl9hi35p7OMcI3eMYHCxu9
+P2G659i57gDFWGkJ9NxkjoRr0JcH5fMtQp7WRj+c4ne6vuZXQ9DBL70oWIeWZoeU
+mfnVzNjmj0r/POpsByzIWxoexQKBgQDDzoffFXVkYGCEHB7M7cdY7nJn1Akd5J5N
+oYikytwmIv29PBN0bP3Tt9sSMEhVIKIOt05geBt83ZU8GBLk7S6GZb0zNfA35fOX
+Z1fw9SnoIFim55Qk6o9J19JFN+zXbXjP8I2XirnejjLLdlnifRIoVOSuLNTm6gNR
+pigs2bAy4wKBgG3c9D9m9uh9fVlIqXgLkSCr8AvKZY/4cNjKMuzoi1daCPBNpN0k
+SNNpz/6vRwK8dUyPlgZxFrvk/JVHryqVuMFbbE4POgp9S5RQ1YBjNXtFmRNFHc/2
+fRtgTMEhwp3KHfR+3dl/5CIOuISxt9zXqg7fsnj6vzCqKuCWH6wdpy/JAoGBAJB4
+u3GTIKmuHqh7IxKrQpHQZaNMJGnk/BRlYi/M6cBNwxAz2lrl7CahmkcCTuxYhpn7
+EB5HoGhyCaFsVcyJX/GT8ZRucM6doSyN+Kn2CjSWYTLM3VabppuiXSfrSpns0N4E
+LESq+9dE7h+HNGzTQWl2sb/9nhy+fzJoOW5WNBZnAoGAWZ32/+1CvZmWFADvCBws
+5m1fOVpahJQgqvwY+MzwZJcwmq1D/BQj8XBIIR4s1qL6j/gMNnW8FMx1eSfB0Tdd
+5KO+wpIVFrEYzMltSAQoA8m+f/9Femjsi/7UZAIYqDZQrq93aD4e5mUeoEAS2EG7
+rAtXjDyW239JXThOyTxLgYo=
+-----END PRIVATE KEY-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=Kernel Test CA, OU=Kernel, O=MongoDB, L=New York City, ST=New York, C=US
+        Validity
+            Not Before: May 13 14:39:33 2019 GMT
+            Not After : May 10 14:39:33 2029 GMT
+        Subject: C=US, ST=New York, L=New York City, O=MongoDB, OU=Kernel, CN=server
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:b0:f4:0a:98:4e:c2:3c:6a:4c:39:f3:f7:f6:79:
+                    0f:5b:cd:86:d4:76:9e:68:93:d8:a9:e4:38:8d:d5:
+                    c6:eb:17:56:eb:ee:94:44:80:78:24:7d:7b:95:27:
+                    bb:ed:81:c7:43:56:d6:64:bc:fa:93:62:03:86:ad:
+                    4a:54:f3:68:08:9f:be:15:e6:1b:21:bd:01:60:16:
+                    0c:31:cc:91:59:b1:49:e7:98:8e:c9:5a:9a:e1:4d:
+                    d0:99:5d:da:26:13:64:f9:3a:ab:5a:53:02:8a:d9:
+                    84:f1:b2:fb:63:c2:ef:7a:8a:35:9c:3d:e9:dd:04:
+                    3e:52:a8:38:7d:87:f6:6a:e5:f6:b4:72:45:f2:28:
+                    0e:2f:9d:0b:62:27:dd:3f:eb:fd:ad:5f:ad:33:57:
+                    ec:b5:00:4c:ae:05:36:b8:c6:fa:1b:48:3e:53:63:
+                    86:15:33:0a:81:61:0f:dd:e0:c4:91:24:46:a8:c4:
+                    b8:0b:8c:1b:4d:87:18:8e:42:cf:4e:4d:91:83:cd:
+                    c8:c3:ac:4c:a0:53:f3:39:f1:03:9c:40:97:7f:41:
+                    3b:ed:e2:b3:d3:07:e7:a7:16:7d:e0:a0:de:bb:6b:
+                    12:66:cb:4b:b7:a8:7d:13:ff:27:d0:23:e5:18:9e:
+                    ca:db:59:17:3d:ca:5a:ec:82:d6:1d:af:5a:06:9b:
+                    c2:af
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Alternative Name: 
+                DNS:localhost, DNS:127.0.0.1
+            X509v3 Subject Key Identifier: 
+                7D:61:7F:88:97:FA:09:A9:93:23:91:4F:68:B2:F2:94:03:37:8A:2E
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication, TLS Web Client Authentication
+    Signature Algorithm: sha256WithRSAEncryption
+         56:1e:67:3f:a4:2e:cc:e9:6f:56:0b:70:5e:96:9f:66:1a:9f:
+         e6:b3:b8:d2:43:1d:77:6f:a7:b8:2e:8d:b0:3e:58:db:24:a2:
+         f1:26:cd:eb:d9:b4:a0:9f:88:8b:48:02:a8:9d:aa:fc:96:e6:
+         ac:6e:05:e2:7e:ab:1a:be:18:6d:cf:aa:53:7c:0d:aa:b3:15:
+         ec:79:2c:56:46:b1:38:87:d0:d5:1c:6b:29:cb:97:6a:86:fa:
+         1c:f5:c6:4d:5b:ea:0a:01:4f:d3:d0:cc:dd:27:43:ce:89:34:
+         51:8f:6b:5b:9d:14:b1:5b:82:a8:ab:3a:75:11:b1:78:35:3b:
+         f5:19:65:70:b4:89:aa:6c:20:cb:32:b1:80:5b:fe:c5:8b:93:
+         90:b8:7c:18:9d:61:9f:4b:40:5d:20:89:4d:70:46:80:e6:a7:
+         15:be:96:cf:93:59:c1:0f:f0:2a:bc:ed:b8:97:2b:df:2b:1d:
+         df:29:67:2f:4a:d2:12:d5:85:03:66:8e:74:3a:e1:27:b0:b9:
+         b7:69:59:3c:c0:42:90:d1:71:b3:2a:87:f2:23:47:6b:5e:5f:
+         3c:3e:3e:cb:e7:e4:4e:f6:88:89:6d:af:ee:78:43:a2:15:78:
+         37:7c:c0:94:45:08:0c:0b:2c:51:b7:b0:df:af:eb:38:fb:9f:
+         6f:72:33:7f
+-----BEGIN CERTIFICATE-----
+MIID1DCCArygAwIBAgIBATANBgkqhkiG9w0BAQsFADB0MRcwFQYDVQQDEw5LZXJu
+ZWwgVGVzdCBDQTEPMA0GA1UECxMGS2VybmVsMRAwDgYDVQQKEwdNb25nb0RCMRYw
+FAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQIEwhOZXcgWW9yazELMAkGA1UE
+BhMCVVMwHhcNMTkwNTEzMTQzOTMzWhcNMjkwNTEwMTQzOTMzWjBsMQswCQYDVQQG
+EwJVUzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkx
+EDAOBgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEPMA0GA1UEAwwGc2Vy
+dmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsPQKmE7CPGpMOfP3
+9nkPW82G1HaeaJPYqeQ4jdXG6xdW6+6URIB4JH17lSe77YHHQ1bWZLz6k2IDhq1K
+VPNoCJ++FeYbIb0BYBYMMcyRWbFJ55iOyVqa4U3QmV3aJhNk+TqrWlMCitmE8bL7
+Y8Lveoo1nD3p3QQ+Uqg4fYf2auX2tHJF8igOL50LYifdP+v9rV+tM1fstQBMrgU2
+uMb6G0g+U2OGFTMKgWEP3eDEkSRGqMS4C4wbTYcYjkLPTk2Rg83Iw6xMoFPzOfED
+nECXf0E77eKz0wfnpxZ94KDeu2sSZstLt6h9E/8n0CPlGJ7K21kXPcpa7ILWHa9a
+BpvCrwIDAQABo3kwdzAJBgNVHRMEAjAAMB8GA1UdEQQYMBaCCWxvY2FsaG9zdIIJ
+MTI3LjAuMC4xMB0GA1UdDgQWBBR9YX+Il/oJqZMjkU9osvKUAzeKLjALBgNVHQ8E
+BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEB
+CwUAA4IBAQBWHmc/pC7M6W9WC3Belp9mGp/ms7jSQx13b6e4Lo2wPljbJKLxJs3r
+2bSgn4iLSAKonar8luasbgXifqsavhhtz6pTfA2qsxXseSxWRrE4h9DVHGspy5dq
+hvoc9cZNW+oKAU/T0MzdJ0POiTRRj2tbnRSxW4Koqzp1EbF4NTv1GWVwtImqbCDL
+MrGAW/7Fi5OQuHwYnWGfS0BdIIlNcEaA5qcVvpbPk1nBD/AqvO24lyvfKx3fKWcv
+StIS1YUDZo50OuEnsLm3aVk8wEKQ0XGzKofyI0drXl88Pj7L5+RO9oiJba/ueEOi
+FXg3fMCURQgMCyxRt7Dfr+s4+59vcjN/
 -----END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAp76KJeDczBqjSPJj5f8DHdtrWpQDK9AWNDlslWpi6+pL8hMq
-wbX0D7hC2r3kAgccMyFoNIudPqIXfXVd1LOh6vyY+jveRvqjKW/UZVzZeiL4Gy4b
-hke6R8JRC3O5aMKIAbaiQUAI1Nd8LxItLGvH+ia/DFza1whgB8ym/uzVQB6igOif
-J1qHWJbTtIhDKaW8gvjOhv5R3jzjfLEbR9r5Q0ZyE0lrO27kTkqgBnHKPmu54GSz
-U/r0HM3B+Sc/6UN+xNhNbuR+LZ+EvJHmr4de8jhW8wivmjTIvte33jlLibQ5nYIH
-rlpDLEwlzvDGaIio+OfWcgs2WuPk98MUtht0IQIDAQABAoIBACgi1ilECXCouwMc
-RDzm7Jb7Rk+Q9MVJ79YlG08Q+oRaNjvAzE03PSN5wj1WjDTUALJXPvi7oy82V4qE
-R6Q6Kvbv46aUJpYzKFEk2dw7ACpSLa1LNfjGNtMusnecA/QF/8bxLReRu8s5mBQn
-NDnZvCqllLbfjNlAvsF+/UIn5sqFZpAZPMtPwkTAeh5ge8H9JvrG8y8aXsiFGAhV
-Z7tMZyn8wPCUrRi14NLvVB4hxM66G/tuTp8r9AmeTU+PV+qbCnKXd+v0IS52hvX9
-z75OPfAc66nm4bbPCapb6Yx7WaewPXXU0HDxeaT0BeQ/YfoNa5OT+ZOX1KndSfHa
-VhtmEsECgYEA3m86yYMsNOo+dkhqctNVRw2N+8gTO28GmWxNV9AC+fy1epW9+FNR
-yTQXpBkRrR7qrd5mF7WBc7vAIiSfVs021RMofzn5B1x7jzkH34VZtlviNdE3TZhx
-lPinqo0Yy3UEksgsCBJFIofuCmeTLk4ZtqoiZnXr35RYibaZoQdUT4kCgYEAwQ6Y
-xsKFYFks1+HYl29kR0qUkXFlVbKOhQIlj/dPm0JjZ0xYkUxmzoXD68HrOWgz7hc2
-hZaQTgWf+8cRaZNfh7oL+Iglczc2UXuwuUYguYssD/G6/ZPY15PhItgCghaU5Ewy
-hMwIJ81NENY2EQTgk/Z1KZitXdVJfHl/IPMQgdkCgYASdqkqkPjaa5dDuj8byO8L
-NtTSUYlHJbAmjBbfcyTMG230/vkF4+SmDuznci1FcYuJYyyWSzqzoKISM3gGfIJQ
-rYZvCSDiu4qGGPXOWANaX8YnMXalukGzW/CO96dXPB9lD7iX8uxKMX5Q3sgYz+LS
-hszUNHWf2XB//ehCtZkKAQKBgQCxL2luepeZHx82H9T+38BkYgHLHw0HQzLkxlyd
-LjlE4QCEjSB4cmukvkZbuYXfEVEgAvQKVW6p/SWhGkpT4Gt8EXftKV9dyF21GVXQ
-JZnhUOcm1xBsrWYGLXYi2agrpvgONBTlprERfq5tdnz2z8giZL+RZswu45Nnh8bz
-AcKzuQKBgQCGOQvKvNL5XKKmws/KRkfJbXgsyRT2ubO6pVL9jGQG5wntkeIRaEpT
-oxFtWMdPx3b3cxtgSP2ojllEiISk87SFIN1zEhHZy/JpTF0GlU1qg3VIaA78M1p2
-ZdpUsuqJzYmc3dDbQMepIaqdW4xMoTtZFyenUJyoezz6eWy/NlZ/XQ==
------END RSA PRIVATE KEY-----
-\ No newline at end of file
author	Jonathan Reams <jbreams@mongodb.com>	2019-05-10 10:43:42 -0400
committer	Jonathan Reams <jbreams@mongodb.com>	2019-05-20 15:59:18 -0400
commit	fae0c3f0fa4d5dfbe2f4fb03715b60e9ce3e2d93 (patch)
tree	53ba77cbc82b4b87017f22102e6cd6cc94331867 /jstests/libs
parent	31967340abb31476910730163c04782f2e915d01 (diff)
download	mongo-fae0c3f0fa4d5dfbe2f4fb03715b60e9ce3e2d93.tar.gz