diff --git a/buildimages.yml b/buildimages.yml
index 8a935836e253947d7181cf637718e66cb6b80b23..d30f905968d72cffd2aaf2973fcf65a33a3107b2 100644
--- a/buildimages.yml
+++ b/buildimages.yml
@@ -1,7 +1,7 @@
---
- name: Build docker images
- hosts: soctoolsmain
+ hosts: dsldev
roles:
- build
diff --git a/inventories/build/group_vars/all.yml b/inventories/build/group_vars/all.yml
new file mode 100644
index 0000000000000000000000000000000000000000..704323666712c480e383ad2c4bf695794b1c6cb0
--- /dev/null
+++ b/inventories/build/group_vars/all.yml
@@ -0,0 +1,4 @@
+---
+
+docker_image_path: images
+base_image: python:2.7-stretch
diff --git a/inventories/build/hosts.yml b/inventories/build/hosts.yml
new file mode 100644
index 0000000000000000000000000000000000000000..485463850c4bf51c14826fb6b13adbad2a1a18ed
--- /dev/null
+++ b/inventories/build/hosts.yml
@@ -0,0 +1,12 @@
+all:
+ hosts:
+ nifi-image:
+ ansible_connection: docker
+ ansible_python_interpreter: /usr/bin/python
+ localhost:
+ ansible_python_interpreter: /usr/bin/python
+ ansible_connection: local
+ children:
+ nifi:
+ hosts:
+ localhost:
diff --git a/inventories/deploy/group_vars/haproxy.yml b/inventories/deploy/group_vars/haproxy.yml
new file mode 100644
index 0000000000000000000000000000000000000000..b53d50d6b11f23d908ad3fe74b42e70f318e2119
--- /dev/null
+++ b/inventories/deploy/group_vars/haproxy.yml
@@ -0,0 +1,11 @@
+---
+index: haproxy
+scale: "{{ haproxy_scale | default('1')}}"
+docker:
+ haproxy:
+ image: haproxy:latest
+ volumes:
+ - /usr/local/etc/haproxy/:/usr/local/etc/haproxy:ro
+ ports:
+ - "80:80"
+ source: pull
\ No newline at end of file
diff --git a/inventories/deploy/group_vars/nifi.yml b/inventories/deploy/group_vars/nifi.yml
new file mode 100644
index 0000000000000000000000000000000000000000..5b718692a776eb9418de06d5c9bf18b8c1a5724b
--- /dev/null
+++ b/inventories/deploy/group_vars/nifi.yml
@@ -0,0 +1,19 @@
+---
+index: nifi
+scale: "{{ nifi_scale | default('1')}}"
+docker:
+ nifi:
+# image: nifi-soctools #For nifi image built by soctools
+# source: load
+ image: apache/nifi:latest
+ source: pull
+ command: /opt/nifi/nifi-current/scripts/start.sh
+ env:
+ NIFI_HOME: "/opt/nifi/nifi-current"
+ NIFI_LOG_DIR: "/opt/nifi/nifi-current/logs"
+ NIFI_PID_DIR: "/opt/nifi/nifi-current/run"
+ NIFI_CLUSTER_IS_NODE: "true"
+ NIFI_ZK_CONNECT_STRING: "zookeeper_1:2181"
+ NIFI_CLUSTER_NODE_PROTOCOL_PORT: "8082"
+ NIFI_ELECTION_MAX_WAIT: "1 min"
+ load_path: "{{ image_location }}/nifi-soctools.tar"
diff --git a/inventories/deploy/group_vars/zookeeper.yml b/inventories/deploy/group_vars/zookeeper.yml
new file mode 100644
index 0000000000000000000000000000000000000000..5604be8138d47975f9e1ed6fb075ebc27d392e13
--- /dev/null
+++ b/inventories/deploy/group_vars/zookeeper.yml
@@ -0,0 +1,7 @@
+---
+index: zookeeper
+scale: "{{ zookeeper_scale | default('1')}}"
+docker:
+ zookeeper:
+ image: zookeeper:latest
+ source: pull
\ No newline at end of file
diff --git a/inventories/deploy/hosts.yml.example b/inventories/deploy/hosts.yml.example
new file mode 100644
index 0000000000000000000000000000000000000000..7d85e5bdf3a5030bbfbd114016b78808000bcd73
--- /dev/null
+++ b/inventories/deploy/hosts.yml.example
@@ -0,0 +1,21 @@
+all:
+ hosts:
+ host1:
+ ansible_ssh_user: debian
+ ansible_python_interpreter: /usr/bin/python
+ become: yes
+ children:
+ soctools_server:
+ hosts:
+ host1:
+ nifi:
+ hosts:
+ host1:
+ nifi_scale: 3
+ haproxy:
+ hosts:
+ host1:
+ zookeeper:
+ hosts:
+ host1:
+ zookeeper_scale: 3
\ No newline at end of file
diff --git a/razliki b/razliki
new file mode 100644
index 0000000000000000000000000000000000000000..10e6a9e7ce17525e689c4ff4546b9f6cd8a2962c
--- /dev/null
+++ b/razliki
@@ -0,0 +1,466 @@
+diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml
+index 6bb820d..c6adf5f 100644
+--- a/group_vars/all/main.yml
++++ b/group_vars/all/main.yml
+@@ -4,8 +4,32 @@ dslproxy: "dsoclab.gn4-3-wp8-soc.sunet.se"
+
+ # TheHive Button plugin
+ THEHIVE_URL: "https://hive.gn4-3-wp8-soc.sunet.se/"
+-THEHIVE_API_KEY: "5LymseWiurZBrQN8Kqp8O+9KniTL5cE0"
+-THEHIVE_OWNER: "admin"
++# here enter API key for default admin user
++THEHIVE_API_KEY: "bs2Jc3tGJqhVv0AYyX2NYlhMlorPz7mX"
++# ID of the default admin user
++THEHIVE_OWNER: "admin@thehive.local"
++
++# TheHive Create Organisation and Users
++# Login as default admin user and create API key, populate it here
++# thehive_admin_api: "KoHrKbIJm8XMsJxA9nZLs6YemCu76o3u"
++# thehive_writer: "[write]"
++
++#THEHIVE_API_KEY: "1gFdNhmUSxO3BRe1SBB5JYEvkW9UOo6s"
++THEHIVE_USERS:
++ - kiril:
++ username: "kiril"
++ name: "Kiril"
++ surname: "Kiroski"
++ roles: '["read", "write", "admin"]'
++ organization: "uninett.no"
++ - temur:
++ username: "temur"
++ name: "Temur"
++ surname: "Maisuradze"
++ roles: '["read", "write", "admin"]'
++ organization: "uninett.no"
++
++
+
+ soctools_netname: "soctoolsnet"
+ soctools_network: "172.22.0.0/16"
+@@ -82,6 +106,13 @@ soctools_users:
+ DN: "CN=Arne Oslebo"
+ CN: "Arne Oslebo"
+ password: "Pass002"
++ - firstname: "Kiril"
++ lastname: "Kjiroski"
++ username: "kiril.kjiroski"
++ email: "kiril.kjiroski@finki.ukim.mk"
++ DN: "CN=Kiril Kjiroski"
++ CN: "Kiril Kjiroski"
++ password: "Pass003"
+
+ odfees_img: "{{repo}}/odfees:{{version}}{{suffix}}"
+ odfekibana_img: "{{repo}}/odfekibana:{{version}}{{suffix}}"
+diff --git a/roles/ca/tasks/main.yml b/roles/ca/tasks/main.yml
+index ec25dad..6ca350a 100644
+--- a/roles/ca/tasks/main.yml
++++ b/roles/ca/tasks/main.yml
+@@ -229,6 +229,7 @@
+ - keycloak
+ - misp
+ - cortex
++ - thehive
+
+ - name: Copy ca cert to roles
+ copy:
+diff --git a/roles/cortex/tasks/main.yml b/roles/cortex/tasks/main.yml
+index 5d1eeb2..06b2639 100644
+--- a/roles/cortex/tasks/main.yml
++++ b/roles/cortex/tasks/main.yml
+@@ -31,6 +31,12 @@
+ - start
+ - startcortex
+
++- name: Get openid authkey
++ set_fact:
++ cortexsecret: "{{lookup('file', 'files/cortexsecret',convert_data=False) | from_json }}"
++ tags:
++ - start
++
+ - name: Configure embedded Elasticsearch 6
+ remote_user: root
+ template:
+@@ -61,6 +67,13 @@
+ - start
+ - startcortex
+
++- name: Configure Cortex logging
++ copy:
++ src: logback.xml
++ dest: /etc/cortex/logback.xml
++ tags:
++ - start
++
+ - name: Start Cortex
+ command: >
+ daemonize
+diff --git a/roles/cortex/templates/application.conf.j2 b/roles/cortex/templates/application.conf.j2
+index 35323e0..6d6d09c 100644
+--- a/roles/cortex/templates/application.conf.j2
++++ b/roles/cortex/templates/application.conf.j2
+@@ -66,7 +66,7 @@ auth {
+ # the "ad" section below.
+ # - ldap : use LDAP to authenticate users. The associated configuration shall be done in the
+ # "ldap" section below.
+- provider = [local]
++ provider = [local,oauth2]
+
+ ad {
+ # The Windows domain name in DNS format. This parameter is required if you do not use
+@@ -108,6 +108,84 @@ auth {
+ # If 'true', use SSL to connect to the LDAP directory server.
+ #useSSL = true
+ }
++ oauth2 {
++ # URL of the authorization server
++ clientId = "dsoclab-cortex"
++ clientSecret = {{cortexsecret.value}}
++ redirectUri = "https://{{dslproxy}}:9001/api/ssoLogin"
++ responseType = "code"
++ grantType = "authorization_code"
++
++ # URL from where to get the access token
++ authorizationUrl = "https://{{dslproxy}}:12443/auth/realms/{{openid_realm}}/protocol/openid-connect/auth"
++ authorizationHeader = "Bearer"
++ tokenUrl = "https://{{dslproxy}}:12443/auth/realms/{{openid_realm}}/protocol/openid-connect/token"
++
++
++ # The endpoint from which to obtain user details using the OAuth token, after successful login
++ userUrl = "https://{{dslproxy}}:12443/auth/realms/{{openid_realm}}/protocol/openid-connect/userinfo"
++ scope = "profile"
++ userIdField = "email"
++ #userUrl = "https://auth-site.com/api/User"
++ #scope = ["openid profile"]
++ }
++
++ ws.ssl.trustManager {
++ stores = [
++ {
++ type = "JKS" // JKS or PEM
++ path = "cacerts.jks"
++ password = "{{tspass}}"
++ }
++ ]
++ }
++
++
++ # Single-Sign On
++ sso {
++ # Autocreate user in database?
++ autocreate = true
++
++ # Autoupdate its profile and roles?
++ autoupdate = true
++
++ # Autologin user using SSO?
++ autologin = true
++
++ # Name of mapping class from user resource to backend user ('simple' or 'group')
++ #mapper = group
++ #mapper = simple
++ #attributes {
++ # login = "user"
++ # name = "name"
++ # groups = "groups"
++ # organization = "org"
++ #}
++# defaultRoles = ["read", "write", "admin"]
++# defaultOrganization = "uninett.no"
++ #defaultRoles = ["read"]
++ #defaultOrganization = "csirt"
++ #groups {
++ # # URL to retreive groups (leave empty if you are using OIDC)
++ # #url = "https://auth-site.com/api/Groups"
++ # # Group mappings, you can have multiple roles for each group: they are merged
++ # mappings {
++ # admin-profile-name = ["admin"]
++ # editor-profile-name = ["write"]
++ # reader-profile-name = ["read"]
++ # }
++ #}
++
++ mapper = simple
++ attributes {
++ login = "user"
++ name = "name"
++ roles = "roles"
++ organization = "org"
++ }
++ defaultRoles = ["read", "analyze"]
++ defaultOrganization = "uninett.no"
++ }
+ }
+
+ ## ANALYZERS
+diff --git a/roles/docker/tasks/thehive.yml b/roles/docker/tasks/thehive.yml
+index f8effea..30b11c8 100644
+--- a/roles/docker/tasks/thehive.yml
++++ b/roles/docker/tasks/thehive.yml
+@@ -15,6 +15,7 @@
+ with_items: "{{ groups['thehive'] }}"
+ tags:
+ - start
++ - thehivestart
+
+ - name: Disconnect thehive containers from network and remove
+ docker_container:
+@@ -23,4 +24,4 @@
+ with_items: "{{ groups['thehive'] }}"
+ tags:
+ - stop
+-
++ - thehivestop
+diff --git a/roles/keycloak/tasks/main.yml b/roles/keycloak/tasks/main.yml
+index 9c8f81e..2bb6a62 100644
+--- a/roles/keycloak/tasks/main.yml
++++ b/roles/keycloak/tasks/main.yml
+@@ -4,7 +4,7 @@
+ copy:
+ src: "{{ item.local }}"
+ dest: "{{ item.remote }}"
+- mode: "{{ item.mode}}"
++ mode: "{{ item.mode }}"
+ with_items:
+ - local: "files/{{ inventory_hostname }}.crt"
+ remote: /etc/x509/https/tls.crt
+@@ -20,6 +20,7 @@
+ mode: '0644'
+ tags:
+ - start
++ - startkeycloak
+
+ - name: Generate Keycloak secure config
+ command: "/opt/jboss/tools/x509.sh"
+@@ -27,11 +28,14 @@
+ X509_CA_BUNDLE: "/etc/x509/ca/ca.crt"
+ tags:
+ - start
++ - startkeycloak
+
+ - name: Set admin password
+ command: /opt/jboss/keycloak/bin/add-user-keycloak.sh --user "admin" --password "{{keycloak_adminpass}}"
++ ignore_errors: yes
+ tags:
+ - start
++ - startkeycloak
+
+ - name: Configure Keycloak start script
+ template:
+@@ -43,12 +47,14 @@
+ - initkeycloakrealm.sh
+ tags:
+ - start
++ - startkeycloak
+
+
+ - name: Start Keycloak IdP
+ command: /opt/jboss/tools/startkeycloak.sh
+ tags:
+ - start
++ - startkeycloak
+
+ - name: Wait for Keycloak
+ wait_for:
+@@ -58,11 +64,13 @@
+ delay: 5
+ tags:
+ - start
++ - startkeycloak
+
+ - name: Initialize Keycloak realm
+ command: /opt/jboss/tools/initkeycloakrealm.sh
+ tags:
+ - start
++ - startkeycloak
+
+ - name: Copy secrets from Keycloak
+ fetch:
+@@ -74,10 +82,16 @@
+ local: "roles/nifi/files/nifisecret"
+ - remote: "{{ ansible_facts.env['JBOSS_HOME'] }}/kibanasecret"
+ local: "roles/odfekibana/files/kibanasecret"
++ - remote: "{{ ansible_facts.env['JBOSS_HOME'] }}/thehivesecret"
++ local: "roles/thehive/files/thehivesecret"
++ - remote: "{{ ansible_facts.env['JBOSS_HOME'] }}/cortexsecret"
++ local: "roles/cortex/files/cortexsecret"
+ tags:
+ - start
++ - startkeycloak
+
+ - name: Stop Keycloak
+ command: "pkill -SIGTERM -F {{inventory_hostname}}.pid"
+ tags:
+ - stop
++ - stopkeycloak
+diff --git a/roles/keycloak/templates/initkeycloakrealm.sh.j2 b/roles/keycloak/templates/initkeycloakrealm.sh.j2
+index f3f0073..d6fc946 100644
+--- a/roles/keycloak/templates/initkeycloakrealm.sh.j2
++++ b/roles/keycloak/templates/initkeycloakrealm.sh.j2
+@@ -28,6 +28,12 @@ kcadm.sh get realms/{{openid_realm}}/clients/${NIFICLIENT}/client-secret --field
+ KIBANACLIENT=$(kcadm.sh create realms/{{openid_realm}}/clients -i -b '{"enabled":true, "clientId":"dsoclab-kibana","protocol":"openid-connect","clientAuthenticatorType": "client-secret","rootUrl": "https://{{dslproxy}}:5601","adminUrl": "","redirectUris": ["https://{{dslproxy}}:5601", "https://{{dslproxy}}:5601/auth/openid/login", "https://{{dslproxy}}:5601/app/kibana" ],"webOrigins": [], "publicClient": false }')
+ kcadm.sh get realms/{{openid_realm}}/clients/${KIBANACLIENT}/client-secret --fields value > /opt/jboss/keycloak/kibanasecret
+
++THEHIVECLIENT=$(kcadm.sh create realms/{{openid_realm}}/clients -i -b '{"enabled":true, "clientId":"dsoclab-thehive","protocol":"openid-connect","clientAuthenticatorType": "client-secret","adminUrl": "","redirectUris": ["https://{{dslproxy}}:9000/api/ssoLogin"],"webOrigins": [], "publicClient": false }')
++kcadm.sh get realms/{{openid_realm}}/clients/${THEHIVECLIENT}/client-secret --fields value > /opt/jboss/keycloak/thehivesecret
++
++CORTEXCLIENT=$(kcadm.sh create realms/{{openid_realm}}/clients -i -b '{"enabled":true, "clientId":"dsoclab-cortex","protocol":"openid-connect","clientAuthenticatorType": "client-secret","adminUrl": "","redirectUris": ["https://{{dslproxy}}:9001/api/ssoLogin"],"webOrigins": [], "publicClient": false }')
++kcadm.sh get realms/{{openid_realm}}/clients/${CORTEXCLIENT}/client-secret --fields value > /opt/jboss/keycloak/cortexsecret
++
+
+ kcadm.sh config truststore --delete
+
+diff --git a/roles/thehive/tasks/main.yml b/roles/thehive/tasks/main.yml
+index 7d8f859..0e560e7 100644
+--- a/roles/thehive/tasks/main.yml
++++ b/roles/thehive/tasks/main.yml
+@@ -1,5 +1,39 @@
+ ---
+
++- name: Copy cacert to ca-trust dir
++ remote_user: root
++ copy:
++ src: "files/{{ca_cn}}.crt"
++ dest: /etc/pki/ca-trust/source/anchors/ca.crt
++ tags:
++ - start
++
++- name: Install cacert to root truststore
++ remote_user: root
++ command: "update-ca-trust"
++ tags:
++ - start
++
++- name: Copy certificates in thehive conf dir
++ copy:
++ src: "{{ item }}"
++ dest: "/etc/thehive/{{ item }}"
++ mode: 0600
++ with_items:
++ - "{{ inventory_hostname }}.crt"
++ - "{{ inventory_hostname }}.key"
++ - cacerts.jks
++ - "{{ca_cn}}.crt"
++ tags:
++ - start
++
++- name: Get openid authkey
++ set_fact:
++ thehivesecret: "{{lookup('file', 'files/thehivesecret',convert_data=False) | from_json }}"
++ tags:
++ - start
++
++
+ - name: Configure TheHive
+ template:
+ src: application.conf.j2
+@@ -7,6 +41,14 @@
+ tags:
+ - start
+
++- name: Configure TheHive logging
++ copy:
++ src: logback.xml
++ dest: /etc/thehive/logback.xml
++ tags:
++ - start
++
++
+ - name: Start TheHive
+ command: >
+ daemonize
+@@ -31,8 +73,15 @@
+ tags:
+ - start
+
++- name: Create TheHive users
++ include: createusers.yml
++ tags:
++ - createusers
++ - start
++
+ - name: Stop TheHive
+ command: "pkill -SIGTERM -F /tmp/thehive.pid"
+ tags:
+ - stop
++ - stopthehive
+
+diff --git a/roles/thehive/templates/application.conf.j2 b/roles/thehive/templates/application.conf.j2
+index 6fa36eb..a92e4f7 100644
+--- a/roles/thehive/templates/application.conf.j2
++++ b/roles/thehive/templates/application.conf.j2
+@@ -13,7 +13,7 @@ db.janusgraph {
+ ## Cassandra configuration
+ # More information at https://docs.janusgraph.org/basics/configuration-reference/#storagecql
+ backend: cql
+- hostname: ["{{groups['cassandra'][0]}}.{{soctools_netname}}"]
++ hostname: ["{{groups['cassandra'][0]}}.{{soctools_netname}}:9042"]
+ # Cassandra authentication (if configured)
+ // username: "thehive"
+ // password: "password"
+@@ -47,17 +47,61 @@ storage {
+
+ ## Authentication configuration
+ # More information at https://github.com/TheHive-Project/TheHiveDocs/TheHive4/Administration/Authentication.md
+-//auth {
+-// providers: [
++auth {
++ providers: [
+ // {name: session} # required !
+ // {name: basic, realm: thehive}
+ // {name: local}
+ // {name: key}
+-// ]
++ {name: session} # required !
++ {name: basic, realm: thehive}
++ {name: local}
++ {name: key}
++ {
++ name: oauth2
++ clientId: "dsoclab-thehive"
++ clientSecret: {{thehivesecret.value}}
++ redirectUri: "https://{{dslproxy}}:9000/api/ssoLogin"
++ responseType: "code"
++ grantType: "authorization_code"
++ authorizationUrl: "https://{{dslproxy}}:12443/auth/realms/{{openid_realm}}/protocol/openid-connect/auth"
++ authorizationHeader: "Bearer"
++ tokenUrl: "https://{{dslproxy}}:12443/auth/realms/{{openid_realm}}/protocol/openid-connect/token"
++ userUrl: "https://{{dslproxy}}:12443/auth/realms/{{openid_realm}}/protocol/openid-connect/userinfo"
++// scope: ["openid", "email"]
++ scope: ["openid"]
++ userIdField: "email"
++// userIdField: "name"
++ }
++ ]
++ sso {
++ autocreate: true
++ autoupdate: true
++ autologin: true
++ mapper: "simple"
++// attributes {
++// login: "login"
++// name: "name"
++// roles: "role"
++// }
++ defaultRoles: ["read", "write", "admin"]
++ defaultOrganization: "uninett.no"
++// defaultOrganization: "demo"
++ }
++ ws.ssl.trustManager {
++ stores = [
++ {
++ type: "JKS" // JKS or PEM
++ path: "cacerts.jks"
++ password: "{{tspass}}"
++ }
++ ]
++ }
+ # The format of logins must be valid email address format. If the provided login doesn't contain `@` the following
+ # domain is automatically appended
+-// defaultUserDomain: "thehive.local"
+-//}
++ defaultUserDomain: "uninett.no"
++# defaultUserDomain: "thehive.local"
++}
+
+ ## CORTEX configuration
+ # More information at https://github.com/TheHive-Project/TheHiveDocs/TheHive4/Administration/Connectors.md
diff --git a/roles/build/files/cassandraDockerfile b/roles/build/files/cassandraDockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..c1b73887b9bdfe51d27938507bf3280e7966fbc1
--- /dev/null
+++ b/roles/build/files/cassandraDockerfile
@@ -0,0 +1,35 @@
+FROM gn43-dsl/openjdk:7a20201004
+
+USER root
+#COPY cassandra.repo /etc/yum.repos.d/cassandra.repo
+#COPY supervisord.conf /etc/supervisord.conf
+#COPY start.sh /start.sh
+RUN echo "[cassandra]" > /etc/yum.repos.d/cassandra.repo && \
+ echo "name=Apache Cassandra" >> /etc/yum.repos.d/cassandra.repo && \
+ echo "baseurl=https://downloads.apache.org/cassandra/redhat/311x/" >> /etc/yum.repos.d/cassandra.repo && \
+ echo "gpgcheck=1" >> /etc/yum.repos.d/cassandra.repo && \
+ echo "repo_gpgcheck=1" >> /etc/yum.repos.d/cassandra.repo && \
+ echo "gpgkey=https://downloads.apache.org/cassandra/KEYS" >> /etc/yum.repos.d/cassandra.repo && \
+ echo '#!/bin/bash' > /start.sh && \
+ echo 'export CASSANDRA_HOME=/usr/share/cassandra' >> /start.sh && \
+ echo 'export CASSANDRA_CONF=$CASSANDRA_HOME/conf' >> /start.sh && \
+ echo 'export CASSANDRA_INCLUDE=$CASSANDRA_HOME/cassandra.in.sh' >> /start.sh && \
+ echo 'log_file=/var/log/cassandra/cassandra.log' >> /start.sh && \
+ echo 'pid_file=/var/run/cassandra/cassandra.pid' >> /start.sh && \
+ echo 'lock_file=/var/lock/subsys/cassandra' >> /start.sh && \
+ echo 'CASSANDRA_PROG=/usr/sbin/cassandra' >> /start.sh && \
+ echo '' >> /start.sh && \
+ echo '$CASSANDRA_PROG -p $pid_file > $log_file 2>&1' >> /start.sh && \
+ yum install -y epel-release && \
+ yum install -y cassandra supervisor && \
+ mkdir /usr/share/cassandra/conf && \
+ cp -a /etc/cassandra/conf/* /usr/share/cassandra/conf && \
+ chown -R cassandra:cassandra /usr/share/cassandra && \
+ chown -R cassandra:cassandra /var/lib/cassandra && \
+ sed -i -e 's,/etc/cassandra,/usr/share/cassandra,g' /usr/share/cassandra/cassandra.in.sh && \
+ chmod a+x /start.sh && \
+ yum -y clean all
+EXPOSE 7000 9042
+#ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
+USER cassandra
+# ENTRYPOINT ["/start.sh"]
diff --git a/roles/build/files/cortexDockerfile b/roles/build/files/cortexDockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..014cdf01134d97139671c702bbc6dde96682ee8e
--- /dev/null
+++ b/roles/build/files/cortexDockerfile
@@ -0,0 +1,32 @@
+FROM gn43-dsl/openjdk:7a20201004
+
+USER root
+#COPY thehive.repo /etc/yum.repos.d/thehive.repo
+#COPY supervisord.conf /etc/supervisord.conf
+#COPY start.sh /start.sh
+RUN echo "[thehive-project]" > /etc/yum.repos.d/thehive.repo && \
+ echo "enabled=1" >> /etc/yum.repos.d/thehive.repo && \
+ echo "priority=1" >> /etc/yum.repos.d/thehive.repo && \
+ echo "name=TheHive-Project RPM repository" >> /etc/yum.repos.d/thehive.repo && \
+ echo "baseurl=http://rpm.thehive-project.org/stable/noarch" >> /etc/yum.repos.d/thehive.repo && \
+ echo "gpgcheck=1" >> /etc/yum.repos.d/thehive.repo && \
+ yum install -y epel-release && \
+ rpm --import https://raw.githubusercontent.com/TheHive-Project/TheHive/master/PGP-PUBLIC-KEY && \
+ rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch && \
+ yum install -y cortex supervisor daemonize vim net-tools telnet htop python3-pip.noarch git gcc python3-devel.x86_64 ssdeep-devel.x86_64 python3-wheel.noarch libexif-devel.x86_64 libexif.x86_64 perl-Image-ExifTool.noarch gcc-c++ whois && \
+ rpm -Uvh https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-oss-6.8.13.rpm && \
+ chown -R elasticsearch:elasticsearch /etc/elasticsearch && \
+ mkdir -p /home/cortex && \
+ chown -R cortex:cortex /home/cortex && \
+ chown -R cortex:cortex /etc/cortex && \
+ cd /opt && \
+ git clone https://github.com/TheHive-Project/Cortex-Analyzers && \
+ chown -R cortex:cortex /opt/Cortex-Analyzers && \
+ cd /opt/Cortex-Analyzers && \
+ for I in analyzers/*/requirements.txt; do LC_ALL=en_US.UTF-8 pip3 install --no-cache-dir -U -r $I || true; done && \
+ for I in responders/*/requirements.txt; do LC_ALL=en_US.UTF-8 pip3 install --no-cache-dir -U -r $I || true; done && \
+ yum -y clean all
+EXPOSE 9001
+#ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
+USER cortex
+# ENTRYPOINT ["/start.sh"]
diff --git a/roles/build/files/elasticDockerfile b/roles/build/files/elasticDockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..dba40032af25404c9470cb7ca39cf3ccc43b4ff3
--- /dev/null
+++ b/roles/build/files/elasticDockerfile
@@ -0,0 +1,21 @@
+FROM gn43-dsl/openjdk:7a20201004
+
+ENV PATH="/usr/share/elasticsearch/bin:${PATH}"
+
+RUN groupadd -g 1000 elasticsearch && \
+ adduser -u 1000 -g 1000 -d /usr/share/elasticsearch elasticsearch
+
+WORKDIR /usr/share/elasticsearch
+
+RUN rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch && \
+ rpm -Uvh https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-oss-7.4.2-no-jdk-x86_64.rpm && \
+ cp -a /etc/elasticsearch/ /usr/share/elasticsearch/config/ && \
+ chown -R elasticsearch /usr/share/elasticsearch/config && \
+ mkdir -p /usr/share/elasticsearch/data && \
+ chown -R elasticsearch /usr/share/elasticsearch/data && \
+ sed -i -e 's,ES_PATH_CONF=/etc/elasticsearch,ES_PATH_CONF=/usr/share/elasticsearch/config,g' /etc/sysconfig/elasticsearch
+
+EXPOSE 9200 9300
+USER elasticsearch
+ENTRYPOINT ["/bin/bash"]
+
diff --git a/roles/build/files/haproxyDockerfile b/roles/build/files/haproxyDockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..f36d8f4cfb974f7a641bbf60d4473a0c39afa0f8
--- /dev/null
+++ b/roles/build/files/haproxyDockerfile
@@ -0,0 +1,71 @@
+FROM gn43-dsl/centos:7a20201004
+
+ENV HAPROXY_VERSION 2.2.3
+ENV HAPROXY_URL https://www.haproxy.org/download/2.2/src/haproxy-2.2.3.tar.gz
+ENV HAPROXY_SHA256 7209db363d4dbecb21133f37b01048df666aebc14ff543525dbea79be202064e
+ENV OPENSSL_VERSION=1.0.2u
+
+
+# see https://sources.debian.net/src/haproxy/jessie/debian/rules/ for some helpful navigation of the possible "make" arguments
+RUN \
+ yum install -y epel-release && \
+ yum update -y && \
+ `# Install build tools. Note: perl needed to compile openssl...` \
+ yum install -y \
+ inotify-tools \
+ wget \
+ tar \
+ gzip \
+ make \
+ gcc \
+ perl \
+ pcre-devel \
+ zlib-devel \
+ iptables \
+ pcre2-devel \
+ daemonize \
+ pth-devel && \
+ `# Install newest openssl...` \
+ wget -O /tmp/openssl.tgz https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz && \
+ tar -zxf /tmp/openssl.tgz -C /tmp && \
+ cd /tmp/openssl-* && \
+ ./config --prefix=/usr \
+ --openssldir=/etc/ssl \
+ --libdir=lib \
+ no-shared zlib-dynamic && \
+ make -j$(getconf _NPROCESSORS_ONLN) V= && make install_sw && \
+ cd && rm -rf /tmp/openssl* && \
+ `# Install HAProxy...` \
+ && wget -O haproxy.tar.gz "$HAPROXY_URL" \
+ && echo "$HAPROXY_SHA256 *haproxy.tar.gz" | sha256sum -c \
+ && mkdir -p /usr/src/haproxy \
+ && tar -xzf haproxy.tar.gz -C /usr/src/haproxy --strip-components=1 \
+ && rm haproxy.tar.gz \
+ \
+ && makeOpts=' \
+ TARGET=linux-glibc \
+ USE_GETADDRINFO=1 \
+ USE_OPENSSL=1 \
+ USE_PCRE2=1 USE_PCRE2_JIT=1 \
+ USE_ZLIB=1 \
+ \
+ EXTRA_OBJS=" \
+# see https://github.com/docker-library/haproxy/issues/94#issuecomment-505673353 for more details about prometheus support
+ contrib/prometheus-exporter/service-prometheus.o \
+ " \
+ ' \
+ && nproc="$(nproc)" \
+ && eval "make -C /usr/src/haproxy -j '$nproc' all $makeOpts" \
+ && eval "make -C /usr/src/haproxy install-bin $makeOpts" \
+ \
+ && mkdir -p /usr/local/etc/haproxy \
+ && cp -R /usr/src/haproxy/examples/errorfiles /usr/local/etc/haproxy/errors \
+ && rm -rf /usr/src/haproxy
+
+ENTRYPOINT ["/bin/bash"]
+
+# https://www.haproxy.org/download/1.8/doc/management.txt
+# "4. Stopping and restarting HAProxy"
+# "when the SIGTERM signal is sent to the haproxy process, it immediately quits and all established connections are closed"
+# "graceful stop is triggered when the SIGUSR1 signal is sent to the haproxy process"
+STOPSIGNAL SIGUSR1
diff --git a/roles/build/files/keycloakDockerfile b/roles/build/files/keycloakDockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..ba6e7c130c1ec511d49e743d068c43d9bde1dc85
--- /dev/null
+++ b/roles/build/files/keycloakDockerfile
@@ -0,0 +1,41 @@
+FROM gn43-dsl/openjdk:7a20201004
+
+ENV KEYCLOAK_VERSION 10.0.1
+ENV JDBC_POSTGRES_VERSION 42.2.5
+ENV JBOSS_HOME /opt/jboss/keycloak
+
+ARG KEYCLOAK_DIST=https://downloads.jboss.org/keycloak/$KEYCLOAK_VERSION/keycloak-$KEYCLOAK_VERSION.tar.gz
+
+USER root
+
+#ADD //root/ansible-soctools-scm-uninett-no/soctools-buildtest-20201022/roles/build/templates/keycloak/keycloak-tools /opt/jboss/tools
+ADD keycloak-tools /opt/jboss/tools
+#ADD ../templates/keycloak/keycloak-tools /opt/jboss/tools
+RUN yum -y install openssl && yum -y clean all && \
+ mkdir -p /opt/jboss/ && cd /opt/jboss/ && \
+ curl -L $KEYCLOAK_DIST | tar zx && \
+ mv /opt/jboss/keycloak-* /opt/jboss/keycloak && \
+ mkdir -p /opt/jboss/keycloak/modules/system/layers/base/org/postgresql/jdbc/main && \
+ cd /opt/jboss/keycloak/modules/system/layers/base/org/postgresql/jdbc/main && \
+ curl -L https://repo1.maven.org/maven2/org/postgresql/postgresql/$JDBC_POSTGRES_VERSION/postgresql-$JDBC_POSTGRES_VERSION.jar > postgres-jdbc.jar && \
+ cp /opt/jboss/tools/databases/postgres/module.xml . && \
+ cd /opt/jboss/keycloak && \
+ bin/jboss-cli.sh --file=/opt/jboss/tools/cli/standalone-configuration.cli && \
+ rm -rf /opt/jboss/keycloak/standalone/configuration/standalone_xml_history && \
+ rm -rf /opt/jboss/keycloak/standalone/tmp/auth && \
+ rm -rf /opt/jboss/keycloak/domain/tmp/auth && \
+ adduser -u 1000 -g 0 -d /opt/jboss jboss && \
+ chown -R jboss:root /opt/jboss && \
+ chmod -R g+rwX /opt/jboss && \
+ mkdir -p /etc/x509/{https,ca} && chown -R jboss:root /etc/x509/{https,ca}
+
+ENV PATH="/opt/jboss/keycloak/bin:${PATH}"
+
+WORKDIR /opt/jboss/keycloak
+
+EXPOSE 8080
+EXPOSE 8443
+
+USER jboss
+ENTRYPOINT ["/bin/bash"]
+
diff --git a/roles/build/files/kibanaDockerfile b/roles/build/files/kibanaDockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..0f137e085aae12dbae9099256a584e71c0dc9fbd
--- /dev/null
+++ b/roles/build/files/kibanaDockerfile
@@ -0,0 +1,18 @@
+FROM gn43-dsl/centos:7a20201004
+
+ENV PATH="/usr/share/kibana/bin:${PATH}"
+
+RUN groupadd -g 1000 kibana && \
+ adduser -u 1000 -g 1000 -d /usr/share/kibana kibana
+
+WORKDIR /usr/share/kibana
+
+RUN rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch && \
+ rpm -Uvh https://artifacts.elastic.co/downloads/kibana/kibana-oss-7.4.2-x86_64.rpm && \
+ cp -a /etc/kibana/ /usr/share/kibana/config/ && \
+ chown -R kibana /usr/share/kibana/config/
+
+EXPOSE 5601
+USER kibana
+ENTRYPOINT ["/bin/bash"]
+
diff --git a/roles/build/files/mispDockerfile b/roles/build/files/mispDockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..26f09fb32e6420b2cdcc83d1d7af3c436e730201
--- /dev/null
+++ b/roles/build/files/mispDockerfile
@@ -0,0 +1,84 @@
+FROM gn43-dsl/centos:7a20201004
+
+USER root
+RUN yum install -y epel-release centos-release-scl scl-utils ; \
+ yum install -y gcc git zip openssl supervisor rh-git218 httpd24 mod_ssl mod_auth_openidc rh-redis32 libxslt-devel zlib-devel libcaca-devel ssdeep-devel rh-php72 rh-php72-php-fpm rh-php72-php-devel rh-php72-php-mysqlnd rh-php72-php-mbstring rh-php72-php-xml rh-php72-php-bcmath rh-php72-php-opcache rh-php72-php-gd mariadb devtoolset-7 make cmake3 cppcheck libcxx-devel gpgme-devel openjpeg-devel gcc gcc-c++ poppler-cpp-devel pkgconfig python-devel redhat-rpm-config rubygem-rouge rubygem-asciidoctor zbar-devel opencv-devel wget screen rh-python36-mod_wsgi postfix curl make cmake python3 python3-devel python3-pip python3-yara python3-wheel python3-redis python3-zmq python3-setuptools redis sudo vim zip sqlite moreutils rng-tools libxml2-devel libxslt-devel zlib-devel libpqxx openjpeg2-devel ssdeep-devel ruby asciidoctor tesseract ImageMagick poppler-cpp-devel python36-virtualenv opencv-devel zbar zbar-devel ; \
+ yum -y clean all ; \
+ sed -i "s/max_execution_time = 30/max_execution_time = 300/" /etc/opt/rh/rh-php72/php.ini ; \
+ sed -i "s/memory_limit = 128M/memory_limit = 2048M/" /etc/opt/rh/rh-php72/php.ini ; \
+ sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 50M/" /etc/opt/rh/rh-php72/php.ini ; \
+ sed -i "s/post_max_size = 8M/post_max_size = 50M/" /etc/opt/rh/rh-php72/php.ini ; \
+ mkdir -p /var/www/MISP ; \
+ chown -R apache:apache /var/www/MISP
+
+USER apache
+WORKDIR /var/www/MISP
+RUN git clone https://github.com/MISP/MISP.git /var/www/MISP ; \
+ git submodule update --init --recursive ; \
+ git submodule foreach --recursive git config core.filemode false ; \
+ git config core.filemode false
+
+USER root
+RUN pip3 install --upgrade pip ; \
+ pip3 install git+https://github.com/CybOXProject/mixbox.git ; \
+ pip3 install git+https://github.com/CybOXProject/python-cybox.git ; \
+ pip3 install git+https://github.com/STIXProject/python-stix.git ; \
+ pip3 install git+https://github.com/MAECProject/python-maec.git ; \
+ pip3 install /var/www/MISP/cti-python-stix2 ; \
+ pip3 install /var/www/MISP/PyMISP ; \
+ pip3 install git+https://github.com/kbandla/pydeep.git ; \
+ pip3 install https://github.com/lief-project/packages/raw/lief-master-latest/pylief-0.9.0.dev.zip ; \
+ pip3 install jsonschema ; \
+ pip3 install reportlab ; \
+ pip3 install python-magic ; \
+ pip3 install pyzmq ; \
+ pip3 install redis
+
+USER apache
+WORKDIR /var/www/MISP
+RUN git submodule init ; \
+ git submodule update
+
+USER root
+WORKDIR /usr/local/src
+RUN git clone https://github.com/MISP/misp-modules.git
+WORKDIR /usr/local/src/misp-modules
+RUN git checkout ; \
+ # sudo pip3 install -I -r REQUIREMENTS ; \
+ LANG=en_US.UTF-8 pip3 install -I -r REQUIREMENTS; \
+ pip3 install -I . ; \
+ mkdir /var/www/.composer && chown -R apache:apache /var/www/.composer ; \
+ cd /tmp ; \
+ wget https://github.com/ssdeep-project/ssdeep/releases/download/release-2.14.1/ssdeep-2.14.1.tar.gz ; \
+ tar zxvf ssdeep-2.14.1.tar.gz && cd ssdeep-2.14.1 && ./configure && make && make install ; \
+ /usr/bin/scl enable rh-php72 "pecl install ssdeep" ; \
+ echo "extension=ssdeep.so" > /etc/opt/rh/rh-php72/php.d/88-ssdeep.ini ; \
+ cd
+
+USER apache
+WORKDIR /var/www/MISP/app
+RUN wget https://getcomposer.org/download/1.2.1/composer.phar -O composer.phar ; \
+ COMPOSER_CACHE_DIR=/var/www/.composer /usr/bin/scl enable rh-php72 "php composer.phar require kamisama/cake-resque:4.1.2" ; \
+ COMPOSER_CACHE_DIR=/var/www/.composer /usr/bin/scl enable rh-php72 "php composer.phar config vendor-dir Vendor" ; \
+ COMPOSER_CACHE_DIR=/var/www/.composer /usr/bin/scl enable rh-php72 "php composer.phar install" ; \
+ sed -i -e "s/bind 127.0.0.1/bind 0.0.0.0/" /etc/redis.conf ; \
+ cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/CakeResque/Config/config.php ; \
+ cp -a /var/www/MISP/app/Config/bootstrap.default.php /var/www/MISP/app/Config/bootstrap.php ; \
+ cp -a /var/www/MISP/app/Config/database.default.php /var/www/MISP/app/Config/database.php ; \
+ cp -a /var/www/MISP/app/Config/core.default.php /var/www/MISP/app/Config/core.php ; \
+ cp -a /var/www/MISP/app/Config/config.default.php /var/www/MISP/app/Config/config.php
+
+USER root
+COPY mispstart.sh /var/www/MISP/app/Console/worker/start.sh
+RUN chown -R apache:apache /var/www/MISP ; \
+ chmod -R 750 /var/www/MISP ; \
+ chmod -R g+ws /var/www/MISP/app/tmp ; \
+ chmod -R g+ws /var/www/MISP/app/files ; \
+ chmod -R g+ws /var/www/MISP/app/files/scripts/tmp
+
+# 80/443 - MISP web server, 3306 - mysql, 6379 - redis, 6666 - MISP modules, 50000 - MISP ZeroMQ
+EXPOSE 80 443 6443 6379 6666 50000
+
+COPY mispsupervisord.conf /etc/supervisord.conf
+#ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
+
diff --git a/roles/build/files/mispstart.sh b/roles/build/files/mispstart.sh
new file mode 100644
index 0000000000000000000000000000000000000000..d6a5fc0fc4f104e832265adc1ebfefa722e289ac
--- /dev/null
+++ b/roles/build/files/mispstart.sh
@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+#dockerfile from ansible
+
+# Check if run as root
+if [ "$EUID" -eq 0 ]; then
+ echo "Please DO NOT run the worker script as root"
+ exit 1
+fi
+
+PATH_TO_MISP='/var/www/MISP'
+RUN_PHP="/usr/bin/scl enable rh-php72"
+PHP_INI="/etc/opt/rh/rh-php72/php.ini"
+CAKE="${PATH_TO_MISP}/app/Console/cake"
+
+# Extract base directory where this script is and cd into it
+cd "${0%/*}"
+$RUN_PHP -- $CAKE CakeResque.CakeResque stop --all
+$RUN_PHP -- $CAKE CakeResque.CakeResque start --interval 5 --queue default
+$RUN_PHP -- $CAKE CakeResque.CakeResque start --interval 5 --queue prio
+$RUN_PHP -- $CAKE CakeResque.CakeResque start --interval 5 --queue cache
+$RUN_PHP -- $CAKE CakeResque.CakeResque start --interval 5 --queue email
+$RUN_PHP -- $CAKE CakeResque.CakeResque start --interval 5 --queue update
+$RUN_PHP -- $CAKE CakeResque.CakeResque startscheduler --interval 5
+
+exit 0
diff --git a/roles/build/files/mispsupervisord.conf b/roles/build/files/mispsupervisord.conf
new file mode 100644
index 0000000000000000000000000000000000000000..fbd4dea3bbd292aa2eea51772ecc559dc0b51703
--- /dev/null
+++ b/roles/build/files/mispsupervisord.conf
@@ -0,0 +1,25 @@
+[supervisord]
+nodaemon=false
+user=root
+
+[program:php-fpm]
+# EnvironmentFile=/etc/opt/rh/rh-php72/sysconfig/php-fpm
+command=/opt/rh/rh-php72/root/usr/sbin/php-fpm --nodaemonize
+
+[program:redis-server]
+process_name = redis-server
+directory = /var/opt/rh/rh-redis32/lib/redis/
+command=/opt/rh/rh-redis32/root/usr/bin/redis-server /etc/opt/rh/rh-redis32/redis.conf
+user=redis
+
+[program:apache2]
+command=/usr/sbin/httpd -DFOREGROUND
+
+[program:misp-modules]
+command=/bin/bash -c "/usr/local/bin/misp-modules -l '0.0.0.0' -s"
+user = apache
+startsecs = 0
+
+[program:workers]
+command=/bin/bash /var/www/MISP/app/Console/worker/start.sh
+user=apache
diff --git a/roles/build/files/mysqlDockerfile b/roles/build/files/mysqlDockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..7c547b1e5959c3352c807b6ec9002673228709c6
--- /dev/null
+++ b/roles/build/files/mysqlDockerfile
@@ -0,0 +1,13 @@
+FROM gn43-dsl/centos:7a20201004
+
+USER root
+RUN yum -y update && yum install -y epel-release centos-release-scl scl-utils && \
+ yum install -y rh-mariadb103 python36-PyMySQL MySQL-python supervisor && \
+ /usr/bin/scl enable rh-mariadb103 -- /opt/rh/rh-mariadb103/root/usr/libexec/mysql-prepare-db-dir /var/opt/rh/rh-mariadb103/lib/mysql
+RUN yum clean all
+
+EXPOSE 3306
+COPY mysqlsupervisord.conf /etc/supervisord.conf
+
+ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
+
diff --git a/roles/build/files/mysqlsupervisord.conf b/roles/build/files/mysqlsupervisord.conf
new file mode 100644
index 0000000000000000000000000000000000000000..e44e9fe1189eae3241d8bb1001c3a081a386353c
--- /dev/null
+++ b/roles/build/files/mysqlsupervisord.conf
@@ -0,0 +1,7 @@
+[supervisord]
+loglevel=debug
+nodaemon=true
+[program:mysql]
+user=mysql
+directory=/var/lib/mysql
+command=/opt/rh/rh-mariadb103/root/usr/libexec/mysqld-scl-helper enable rh-mariadb103 -- /opt/rh/rh-mariadb103/root/usr/libexec/mysqld --basedir=/opt/rh/rh-mariadb103/root/usr
diff --git a/roles/build/files/nifiDockerfile b/roles/build/files/nifiDockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..c3ef342673bb0ddaec532229bf8f5d588a753526
--- /dev/null
+++ b/roles/build/files/nifiDockerfile
@@ -0,0 +1,97 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+FROM gn43-dsl/openjdk:7a20201004
+#LABEL maintainer="Apache NiFi <dev@nifi.apache.org>"
+#LABEL site="https://nifi.apache.org"
+
+ARG UID=1000
+ARG GID=1000
+ARG NIFI_VERSION=1.11.4
+ARG BASE_URL=https://archive.apache.org/dist
+ARG MIRROR_BASE_URL=${MIRROR_BASE_URL:-${BASE_URL}}
+ARG NIFI_BINARY_PATH=${NIFI_BINARY_PATH:-/nifi/${NIFI_VERSION}/nifi-${NIFI_VERSION}-bin.zip}
+ARG NIFI_TOOLKIT_BINARY_PATH=${NIFI_TOOLKIT_BINARY_PATH:-/nifi/${NIFI_VERSION}/nifi-toolkit-${NIFI_VERSION}-bin.zip}
+
+ENV NIFI_BASE_DIR=/opt/nifi
+ENV NIFI_HOME ${NIFI_BASE_DIR}/nifi-current
+ENV NIFI_TOOLKIT_HOME ${NIFI_BASE_DIR}/nifi-toolkit-current
+
+ENV NIFI_PID_DIR=${NIFI_HOME}/run
+ENV NIFI_LOG_DIR=${NIFI_HOME}/logs
+
+# ADD sh/ ${NIFI_BASE_DIR}/scripts/
+
+# Setup NiFi user and create necessary directories
+RUN groupadd -g ${GID} nifi || groupmod -n nifi `getent group ${GID} | cut -d: -f1` \
+ && useradd --shell /bin/bash -u ${UID} -g ${GID} -m nifi \
+ && mkdir -p ${NIFI_BASE_DIR} \
+ && chown -R nifi:nifi ${NIFI_BASE_DIR} \
+ && yum -y install jq xmlstarlet procps-ng
+
+USER nifi
+
+# Download, validate, and expand Apache NiFi Toolkit binary.
+RUN curl -fSL ${MIRROR_BASE_URL}/${NIFI_TOOLKIT_BINARY_PATH} -o ${NIFI_BASE_DIR}/nifi-toolkit-${NIFI_VERSION}-bin.zip \
+ && echo "$(curl ${BASE_URL}/${NIFI_TOOLKIT_BINARY_PATH}.sha256) *${NIFI_BASE_DIR}/nifi-toolkit-${NIFI_VERSION}-bin.zip" | sha256sum -c - \
+ && unzip ${NIFI_BASE_DIR}/nifi-toolkit-${NIFI_VERSION}-bin.zip -d ${NIFI_BASE_DIR} \
+ && rm ${NIFI_BASE_DIR}/nifi-toolkit-${NIFI_VERSION}-bin.zip \
+ && mv ${NIFI_BASE_DIR}/nifi-toolkit-${NIFI_VERSION} ${NIFI_TOOLKIT_HOME} \
+ && ln -s ${NIFI_TOOLKIT_HOME} ${NIFI_BASE_DIR}/nifi-toolkit-${NIFI_VERSION}
+
+# Download, validate, and expand Apache NiFi binary.
+RUN curl -fSL ${MIRROR_BASE_URL}/${NIFI_BINARY_PATH} -o ${NIFI_BASE_DIR}/nifi-${NIFI_VERSION}-bin.zip \
+ && echo "$(curl ${BASE_URL}/${NIFI_BINARY_PATH}.sha256) *${NIFI_BASE_DIR}/nifi-${NIFI_VERSION}-bin.zip" | sha256sum -c - \
+ && unzip ${NIFI_BASE_DIR}/nifi-${NIFI_VERSION}-bin.zip -d ${NIFI_BASE_DIR} \
+ && rm ${NIFI_BASE_DIR}/nifi-${NIFI_VERSION}-bin.zip \
+ && mv ${NIFI_BASE_DIR}/nifi-${NIFI_VERSION} ${NIFI_HOME} \
+ && mkdir -p ${NIFI_HOME}/conf \
+ && mkdir -p ${NIFI_HOME}/database_repository \
+ && mkdir -p ${NIFI_HOME}/flowfile_repository \
+ && mkdir -p ${NIFI_HOME}/content_repository \
+ && mkdir -p ${NIFI_HOME}/provenance_repository \
+ && mkdir -p ${NIFI_HOME}/state \
+ && mkdir -p ${NIFI_LOG_DIR} \
+ && ln -s ${NIFI_HOME} ${NIFI_BASE_DIR}/nifi-${NIFI_VERSION}
+
+#VOLUME ${NIFI_LOG_DIR} \
+# ${NIFI_HOME}/conf \
+# ${NIFI_HOME}/database_repository \
+# ${NIFI_HOME}/flowfile_repository \
+# ${NIFI_HOME}/content_repository \
+# ${NIFI_HOME}/provenance_repository \
+# ${NIFI_HOME}/state
+
+# Clear nifi-env.sh in favour of configuring all environment variables in the Dockerfile
+RUN echo "#!/bin/sh\n" > $NIFI_HOME/bin/nifi-env.sh
+
+# Web HTTP(s) & Socket Site-to-Site Ports
+EXPOSE 8080 8443 10000 8000
+
+WORKDIR ${NIFI_HOME}
+
+# Apply configuration and start NiFi
+#
+# We need to use the exec form to avoid running our command in a subshell and omitting signals,
+# thus being unable to shut down gracefully:
+# https://docs.docker.com/engine/reference/builder/#entrypoint
+#
+# Also we need to use relative path, because the exec form does not invoke a command shell,
+# thus normal shell processing does not happen:
+# https://docs.docker.com/engine/reference/builder/#exec-form-entrypoint-example
+ENTRYPOINT ["/bin/bash"]
diff --git a/roles/build/files/odfeesDockerfile b/roles/build/files/odfeesDockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..fedbee116f53049f01eff626f04d0901f61a6095
--- /dev/null
+++ b/roles/build/files/odfeesDockerfile
@@ -0,0 +1,16 @@
+FROM gn43-dsl/elasticsearch:7a20201004
+
+ENV PATH="/usr/share/elasticsearch/bin:${PATH}"
+
+USER root
+WORKDIR /usr/share/elasticsearch
+
+RUN for PLUGIN in \
+ https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins/opendistro-security/opendistro_security-1.4.0.0.zip \
+ https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins/opendistro-alerting/opendistro_alerting-1.4.0.0.zip \
+ https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins/opendistro-sql/opendistro_sql-1.4.0.0.zip; \
+ do bin/elasticsearch-plugin install -b ${PLUGIN}; done && \
+ chown -R elasticsearch plugins/opendistro_security
+
+USER elasticsearch
+
diff --git a/roles/build/files/odfekibanaDockerfile b/roles/build/files/odfekibanaDockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..1945e272dbe7ad17523b795b3ae00d984fa822e5
--- /dev/null
+++ b/roles/build/files/odfekibanaDockerfile
@@ -0,0 +1,18 @@
+FROM gn43-dsl/kibana:7a20201004
+
+ENV PATH="/usr/share/kibana/bin:${PATH}"
+
+USER root
+WORKDIR /usr/share/kibana
+
+RUN for PLUGIN in \
+ https://d3g5vo6xdbdb9a.cloudfront.net/downloads/kibana-plugins/opendistro-security/opendistro_security_kibana_plugin-1.4.0.0.zip \
+ https://d3g5vo6xdbdb9a.cloudfront.net/downloads/kibana-plugins/opendistro-alerting/opendistro-alerting-1.4.0.0.zip \
+ https://d3g5vo6xdbdb9a.cloudfront.net/downloads/kibana-plugins/opendistro-index-management/opendistro_index_management_kibana-1.4.0.0.zip; \
+ do bin/kibana-plugin install --allow-root ${PLUGIN}; done
+
+ADD thehive_button /usr/share/kibana/plugins/thehive_button
+RUN chown -R kibana:kibana /usr/share/kibana/plugins/thehive_button
+
+USER kibana
+
diff --git a/roles/build/files/openjdkDockerfile b/roles/build/files/openjdkDockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..2d83f47915490b23565d16b38b19c44bd2dea498
--- /dev/null
+++ b/roles/build/files/openjdkDockerfile
@@ -0,0 +1,11 @@
+FROM gn43-dsl/centos:7a20201004
+
+RUN yum update -y; \
+ yum install -y wget unzip curl java-1.8.0-openjdk-headless.x86_64
+
+RUN ln -svT "/usr/lib/jvm/java-1.8.0-openjdk-$(rpm -q --queryformat "%{VERSION}-%{RELEASE}.%{ARCH}\n" java-1.8.0-openjdk-headless)" /docker-java-home
+ENV JAVA_HOME /docker-java-home/jre
+
+RUN yum clean all
+
+CMD ["/bin/bash"]
diff --git a/roles/build/files/thehiveDockerfile b/roles/build/files/thehiveDockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..ce8ddb82f09b5629c48fad91cb7635b82aacea87
--- /dev/null
+++ b/roles/build/files/thehiveDockerfile
@@ -0,0 +1,24 @@
+FROM gn43-dsl/openjdk:7a20201004
+
+USER root
+#COPY thehive.repo /etc/yum.repos.d/thehive.repo
+#COPY supervisord.conf /etc/supervisord.conf
+#COPY start.sh /start.sh
+RUN echo "[thehive-project]" > /etc/yum.repos.d/thehive.repo && \
+ echo "enabled=1" >> /etc/yum.repos.d/thehive.repo && \
+ echo "priority=1" >> /etc/yum.repos.d/thehive.repo && \
+ echo "name=TheHive-Project RPM repository" >> /etc/yum.repos.d/thehive.repo && \
+ echo "baseurl=http://rpm.thehive-project.org/stable/noarch" >> /etc/yum.repos.d/thehive.repo && \
+ echo "gpgcheck=1" >> /etc/yum.repos.d/thehive.repo && \
+ yum install -y epel-release && \
+ rpm --import https://raw.githubusercontent.com/TheHive-Project/TheHive/master/PGP-PUBLIC-KEY && \
+ yum install -y thehive4 supervisor daemonize vim net-tools telnet htop && \
+ mkdir -p /opt/thp_data/files/thehive && \
+ chown -R thehive:thehive /opt/thp_data/files/thehive && \
+ mkdir -p /home/thehive && \
+ chown -R thehive:thehive /home/thehive /etc/thehive && \
+ yum -y clean all
+EXPOSE 9000
+#ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
+USER thehive
+# ENTRYPOINT ["/start.sh"]
diff --git a/roles/build/files/thehive_button/.eslintrc b/roles/build/files/thehive_button/.eslintrc
new file mode 100644
index 0000000000000000000000000000000000000000..64eba86220ec489c9c364e9a443941d14a8d3b16
--- /dev/null
+++ b/roles/build/files/thehive_button/.eslintrc
@@ -0,0 +1,7 @@
+---
+extends: "@elastic/kibana"
+
+settings:
+ import/resolver:
+ '@elastic/eslint-import-resolver-kibana':
+ rootPackageName: 'thehive_button'
diff --git a/roles/build/files/thehive_button/.kibana-plugin-helpers.json b/roles/build/files/thehive_button/.kibana-plugin-helpers.json
new file mode 100644
index 0000000000000000000000000000000000000000..2c63c0851048d8f7bff41ecf0f8cee05f52fd120
--- /dev/null
+++ b/roles/build/files/thehive_button/.kibana-plugin-helpers.json
@@ -0,0 +1,2 @@
+{
+}
diff --git a/roles/build/files/thehive_button/index.js b/roles/build/files/thehive_button/index.js
new file mode 100644
index 0000000000000000000000000000000000000000..fa69c75c30d7ee40f8d7089d6debd6cf69c8d402
--- /dev/null
+++ b/roles/build/files/thehive_button/index.js
@@ -0,0 +1,19 @@
+import newCaseRoute from './server/routes/newcase';
+
+export default function (kibana) {
+ return new kibana.Plugin({
+ require: [], //['elasticsearch'],
+ name: 'thehive_button',
+ uiExports: {
+ visTypes: [
+ 'plugins/thehive_button/main',
+ ],
+ },
+
+ init(server, options) { // eslint-disable-line no-unused-vars
+ // Add server routes and initialize the plugin here
+ newCaseRoute(server);
+ }
+ });
+}
+
diff --git a/roles/build/files/thehive_button/package.json b/roles/build/files/thehive_button/package.json
new file mode 100644
index 0000000000000000000000000000000000000000..e1c070d62c2e69b0f42fa4c5d47e1e8c0b408988
--- /dev/null
+++ b/roles/build/files/thehive_button/package.json
@@ -0,0 +1,35 @@
+{
+ "name": "thehive_button",
+ "version": "1.0.0",
+ "description": "Visualisation plugin which creates a simple button to create a new case in The Hive.",
+ "main": "index.js",
+ "kibana": {
+ "version": "7.4.2"
+ },
+ "scripts": {
+ "lint": "eslint .",
+ "start": "plugin-helpers start",
+ "build": "plugin-helpers build"
+ },
+ "dependencies": {
+ "request": "^2.88.0",
+ "@elastic/eui": "10.4.2",
+ "react": "^16.8.0"
+ },
+ "devDependencies": {
+ "@elastic/eslint-config-kibana": "link:../../packages/eslint-config-kibana",
+ "@elastic/eslint-import-resolver-kibana": "link:../../packages/kbn-eslint-import-resolver-kibana",
+ "@kbn/plugin-helpers": "link:../../packages/kbn-plugin-helpers",
+ "babel-eslint": "^9.0.0",
+ "eslint": "^5.6.0",
+ "eslint-plugin-babel": "^5.2.0",
+ "eslint-plugin-import": "^2.14.0",
+ "eslint-plugin-jest": "^21.26.2",
+ "eslint-plugin-jsx-a11y": "^6.1.2",
+ "eslint-plugin-mocha": "^5.2.0",
+ "eslint-plugin-no-unsanitized": "^3.0.2",
+ "eslint-plugin-prefer-object-spread": "^1.2.1",
+ "eslint-plugin-react": "^7.11.1",
+ "expect.js": "^0.3.1"
+ }
+}
diff --git a/roles/build/files/thehive_button/public/create_case.js b/roles/build/files/thehive_button/public/create_case.js
new file mode 100644
index 0000000000000000000000000000000000000000..fc8edd6f6f1e4ccb1b24ec5554e55e2d6503cf6c
--- /dev/null
+++ b/roles/build/files/thehive_button/public/create_case.js
@@ -0,0 +1,101 @@
+// Functions to send data to Kibana endpoints
+
+import chrome from 'ui/chrome';
+
+// Create a new Case in The Hive via its API
+// Return a Promise which resolves to object with ID of the new case ('id' attr) or error message ('error' attr)
+export function createTheHiveCase(base_url, api_key, title, descr, severity, startDate, owner, flag, tlp, tags) {
+ // Prepare data
+ var data = JSON.stringify({
+ "base_url": base_url,
+ "api_key": api_key,
+ "body": {
+ "title": title,
+ "description": descr,
+ "severity": severity, // number: 1=low, 2=medium, 3=high
+ "startDate": startDate,
+ "owner": owner, // user name the case will be assigned to
+ "flag": flag, // bool
+ "tlp": tlp, // number: 0=white, 1=green, 2=amber, 3=red
+ "tags": tags, // array of strings
+ }
+ });
+ console.log("TheHiveButton: Sending request to API endpoint 'new_case':", data);
+ var kibana_endpoint_url = chrome.addBasePath('/api/thehive_button/new_case');
+
+ return new Promise(function (resolve, reject) {
+ // Create AJAX request
+ var xhr = new XMLHttpRequest();
+
+ // Listener to process reply
+ xhr.onreadystatechange = function () {
+ if (this.readyState != 4) {
+ return; // response not ready yet
+ }
+ if (this.status == 200) {
+ const resp = JSON.parse(this.responseText);
+ console.log("TheHiveButton: Response from backend:", resp);
+ if ("error" in resp) {
+ resolve({"error": resp.error});
+ }
+ else if (resp.status_code != 201) {
+ resolve({"error": "Unexpected reply received from The Hive: [" + resp.status_code + "] " + resp.status_msg});
+ }
+ else {
+ resolve({"id": resp.body.id}); // return ID of the new case
+ }
+ }
+ else {
+ console.log("TheHiveButton: Error " + this.status + ": " + this.statusText);
+ resolve({"error": "Error " + this.status + ": " + this.statusText});
+ }
+ }
+
+ // Send the AJAX request
+ xhr.open("POST", kibana_endpoint_url);
+ xhr.setRequestHeader("Content-Type", "application/json");
+ xhr.setRequestHeader("kbn-xsrf", "thehive_plugin"); // this header must be set, although its content is probably irrelevant
+ xhr.send(data);
+ });
+}
+
+// Add observables to an existing Case in The Hive
+// (send the list of observables to our backend endpoint, it pushes them to The Hive)
+export function addCaseObservables(base_url, api_key, caseid, observables) {
+ const kibana_endpoint_url = chrome.addBasePath('/api/thehive_button/add_observables');
+ const data = JSON.stringify({
+ "base_url": base_url,
+ "api_key": api_key,
+ "caseid": caseid,
+ "observables": observables,
+ });
+ console.log("TheHiveButton: Sending request to API endpoint 'add_observables':", data);
+
+ return new Promise(function (resolve, reject) {
+ // Create AJAX request
+ var xhr = new XMLHttpRequest();
+
+ // Listener to process reply
+ xhr.onreadystatechange = function () {
+ if (this.readyState != 4) {
+ return; // response not ready yet
+ }
+ if (this.status == 200) {
+ const resp = JSON.parse(this.responseText);
+ console.log("TheHiveButton: Response from backend:", resp);
+ resolve(resp);
+ }
+ else {
+ console.log("TheHiveButton: Error " + this.status + ": " + this.statusText);
+ resolve({"error": "Error " + this.status + ": " + this.statusText});
+ }
+ }
+
+ // Send the AJAX request
+ xhr.open("POST", kibana_endpoint_url);
+ xhr.setRequestHeader("Content-Type", "application/json");
+ xhr.setRequestHeader("kbn-xsrf", "thehive_plugin"); // this header must be set, although its content is probably irrelevant
+ xhr.send(data);
+ });
+}
+
diff --git a/roles/build/files/thehive_button/public/env.js b/roles/build/files/thehive_button/public/env.js
new file mode 100644
index 0000000000000000000000000000000000000000..4321b85f5ee1682abd17871889a165ae8d96b465
--- /dev/null
+++ b/roles/build/files/thehive_button/public/env.js
@@ -0,0 +1,4 @@
+// Default plugin configuration
+export const THEHIVE_URL = 'https://hive.gn4-3-wp8-soc.sunet.se/';
+export const THEHIVE_API_KEY = '5LymseWiurZBrQN8Kqp8O+9KniTL5cE0';
+export const THEHIVE_OWNER = 'admin'; // default owner account of the created cases
diff --git a/roles/build/files/thehive_button/public/main.js b/roles/build/files/thehive_button/public/main.js
new file mode 100644
index 0000000000000000000000000000000000000000..ee46d73170d4fb43739c58468e3396caace6dcbe
--- /dev/null
+++ b/roles/build/files/thehive_button/public/main.js
@@ -0,0 +1,54 @@
+import { THEHIVE_API_KEY, THEHIVE_URL, THEHIVE_OWNER } from './env';
+import { TheHiveButtonVisComponent } from './vis_controller';
+import { theHiveButtonRequestHandlerProvider } from './request_handler';
+import { optionsEditor } from './options_editor';
+
+import { VisFactoryProvider } from 'ui/vis/vis_factory';
+import { VisTypesRegistryProvider } from 'ui/registry/vis_types';
+import { DefaultEditorSize } from 'ui/vis/editor_size';
+
+
+function TheHiveButtonVisProvider(Private) {
+ const VisFactory = Private(VisFactoryProvider);
+
+ //console.log("default URL:", THEHIVE_URL);
+ //console.log("default API key:", THEHIVE_API_KEY);
+
+ return VisFactory.createReactVisualization({
+ name: 'thehive_button',
+ title: 'The Hive Case',
+ icon: 'alert',
+ description: 'A button to create a new Case in The Hive.',
+ //requiresUpdateStatus: [Status.PARAMS, Status.RESIZE, Status.UI_STATE],
+ visConfig: {
+ component: TheHiveButtonVisComponent,
+ defaults: {
+ // add default parameters
+ url: THEHIVE_URL,
+ apikey: THEHIVE_API_KEY,
+ owner: THEHIVE_OWNER,
+ obsFields: [], // list of objects, e.g. {name: "clientip", type: "ip", cnt: 100}
+ }
+ },
+ //editor: 'default',
+ editorConfig: {
+ optionTabs: [
+ {
+ name: "options",
+ title: "Options",
+ editor: optionsEditor,
+ }
+ ],
+ defaultSize: DefaultEditorSize.LARGE,
+ },
+// optionsTemplate: optionsEditor, //optionsTemplate,
+// //enableAutoApply: true,
+// },
+ requestHandler: 'theHiveButtonRequestHandler', // own request handler
+ responseHandler: 'none', // pass data as returned by requestHandler
+ });
+}
+
+// register the provider with the visTypes registry
+VisTypesRegistryProvider.register(TheHiveButtonVisProvider);
+
diff --git a/roles/build/files/thehive_button/public/options_editor.js b/roles/build/files/thehive_button/public/options_editor.js
new file mode 100644
index 0000000000000000000000000000000000000000..38762bd463115702a0c4f03f099434485f5d59dc
--- /dev/null
+++ b/roles/build/files/thehive_button/public/options_editor.js
@@ -0,0 +1,176 @@
+import React from 'react';
+import {
+ EuiForm,
+ EuiFormRow,
+ EuiTitle,
+ EuiSpacer,
+ EuiFieldText,
+ EuiFieldNumber,
+ EuiSelect,
+ EuiFlexGroup,
+ EuiFlexItem,
+ EuiButton,
+ EuiButtonIcon,
+} from '@elastic/eui';
+
+// Default data types in The Hive
+const DEFAULT_THE_HIVE_TYPES = [
+ '',
+ 'autonomous-system',
+ 'domain',
+ 'file',
+ 'filename',
+ 'fqdn',
+ 'hash',
+ 'ip',
+ 'mail',
+ 'mail_subject',
+ 'regexp',
+ 'registry',
+ 'uri_path',
+ 'url',
+ 'user-agent',
+ 'other',
+];
+
+// Options for EuiSelect for selection of field's data type in TheHive
+const typesOptions = DEFAULT_THE_HIVE_TYPES.map( dt => ({value: dt, text: dt}) );
+
+export function optionsEditor(props) {
+ //console.log("editor render(), props:", props);
+ const { stateParams, setValue, setValidity, vis } = props;
+
+ // onClick/onChange handlers
+ const obsAddNew = () => {
+ const newObsFields = [...stateParams.obsFields, {name: "", type: "", cnt: 100}];
+ // For some reason, first click on the button after editor is loaded does
+ // nothing. Calling setValue twice here fixes it.
+ setValue("obsFields", newObsFields);
+ setValue("obsFields", newObsFields);
+// setValidity(false); // since new row is empty, form is always invalid
+ };
+ const obsRemove = (ix) => {
+ let newArray = [...stateParams.obsFields];
+ newArray.splice(ix, 1);
+ setValue("obsFields", newArray);
+// validate();
+ }
+ const obsSetName = (ix, name) => {
+ let newArray = [...stateParams.obsFields];
+ newArray[ix].name = name;
+ setValue("obsFields", newArray);
+// validate();
+ }
+ const obsSetType = (ix, type) => {
+ let newArray = [...stateParams.obsFields];
+ newArray[ix].type = type;
+ setValue("obsFields", newArray);
+// validate();
+ }
+ const obsSetCnt = (ix, cnt) => {
+ let newArray = [...stateParams.obsFields];
+ newArray[ix].cnt = parseInt(cnt);
+ setValue("obsFields", newArray);
+// validate();
+ }
+// const validate = () => {
+// let valid = true;
+// for (let field of stateParams.obsFields) {
+// if (field.name == "" || field.type == "" || field.cnt == "") {
+// valid = false;
+// break;
+// }
+// }
+// // TODO check for duplicate fields
+// setValidity(valid);
+// }
+
+ // Get list of all fields in index (except those beginning with "_" or "@")
+ // and create "options" parameter for EuiSelect.
+ // Also, fields with "aggregatable=false" are removed, as they can't be used
+ // with "terms" aggregation we need.
+ // See this for details: https://www.elastic.co/guide/en/elasticsearch/reference/7.x/fielddata.html
+ // Empty field is added at the beginning, meaning "no selection yet".
+ const fieldOptions = [{value: "", text: ""}].concat(
+ vis.indexPattern.fields.raw.filter( f => (f.name[0] != "_" && f.name[0] != "@" && f.aggregatable) ).map( f => ({value: f.name, text: `${f.name} (${f.type})`}) )
+ );
+
+ return <EuiForm>
+ <EuiFormRow fullWidth={true} label="Base URL of The Hive">
+ <EuiFieldText
+ fullWidth={true}
+ value={stateParams.url}
+ onChange={e => setValue('url', e.target.value)}
+ isInvalid={stateParams.url == ""}
+ />
+ </EuiFormRow>
+ <EuiFlexGroup>
+ <EuiFlexItem grow={1}>
+ <EuiFormRow label="API key to access The Hive" helpText="API key of a user with write permission.">
+ <EuiFieldText
+ fullWidth={true}
+ value={stateParams.apikey}
+ onChange={e => setValue('apikey', e.target.value)}
+ isInvalid={stateParams.apikey == ""}
+ />
+ </EuiFormRow>
+ </EuiFlexItem>
+ <EuiFlexItem grow={1}>
+ <EuiFormRow label="Assignee" helpText="User to assign created cases to. Must be a valid username from The Hive instance.">
+ <EuiFieldText
+ value={stateParams.owner}
+ onChange={e => setValue('owner', e.target.value)}
+ isInvalid={stateParams.owner == ""}
+ />
+ </EuiFormRow>
+ </EuiFlexItem>
+ </EuiFlexGroup>
+ <EuiTitle size="s"><h3>Fields to get potential observables from ...</h3></EuiTitle>
+ <EuiSpacer size="s" />
+ {stateParams.obsFields.map( (field, ix) => (
+ <EuiFlexGroup key={ix} gutterSize="s">
+ <EuiFlexItem grow={3}>
+ <EuiFormRow label="Field name">
+ <EuiSelect
+ options={fieldOptions}
+ value={field.name}
+ onChange={ e => obsSetName(ix, e.target.value) }
+ isInvalid={field.name == ""}
+ />
+ </EuiFormRow>
+ </EuiFlexItem>
+ <EuiFlexItem grow={2}>
+ <EuiFormRow label="Data type in The Hive">
+ <EuiSelect
+ options={typesOptions}
+ value={field.type}
+ onChange={ e => obsSetType(ix, e.target.value) }
+ isInvalid={field.type == ""}
+ />
+ </EuiFormRow>
+ </EuiFlexItem>
+ <EuiFlexItem grow={1}>
+ <EuiFormRow label="Max items shown">
+ <EuiFieldNumber
+ min={1}
+ max={1000}
+ value={parseInt(field.cnt)}
+ onChange={ e => obsSetCnt(ix, e.target.value) }
+ isInvalid={!(field.cnt > 0)}
+ />
+ </EuiFormRow>
+ </EuiFlexItem>
+ <EuiFlexItem grow={false}>
+ <EuiFormRow hasEmptyLabelSpace>
+ <EuiButtonIcon iconType="trash" iconSize="m" color="danger" aria-label="Remove field" onClick={ e => obsRemove(ix) } />
+ </EuiFormRow>
+ </EuiFlexItem>
+ </EuiFlexGroup>
+ ))}
+ <EuiFlexGroup>
+ <EuiFlexItem grow={false}>
+ <EuiButton iconType="plusInCircleFilled" color="primary" onClick={obsAddNew}>Add new field ...</EuiButton>
+ </EuiFlexItem>
+ </EuiFlexGroup>
+ </EuiForm>
+}
diff --git a/roles/build/files/thehive_button/public/options_template.html b/roles/build/files/thehive_button/public/options_template.html
new file mode 100644
index 0000000000000000000000000000000000000000..ef996577786150282c2ffb0d28652a3d1712842b
--- /dev/null
+++ b/roles/build/files/thehive_button/public/options_template.html
@@ -0,0 +1,8 @@
+<div class="form-group">
+ <p><label>Base URL of The Hive</label>
+ <input ng-model="editorState.params.url" class=form-control /></p>
+ <p><label>API key</label>
+ <input ng-model="editorState.params.apikey" class=form-control /></p>
+ <p><label>User name to use as the owner of cases created from here</label>
+ <input ng-model="editorState.params.owner" class=form-control /></p>
+</div>
diff --git a/roles/build/files/thehive_button/public/request_handler.js b/roles/build/files/thehive_button/public/request_handler.js
new file mode 100644
index 0000000000000000000000000000000000000000..bdbb0f4ebee4ff5307a1bf549706bf1ecc92e11b
--- /dev/null
+++ b/roles/build/files/thehive_button/public/request_handler.js
@@ -0,0 +1,195 @@
+import { CourierRequestHandlerProvider as courierRequestHandlerProvider } from 'ui/vis/request_handlers/courier';
+import { SearchSourceProvider } from 'ui/courier/search_source';
+import { RequestAdapter, DataAdapter } from 'ui/inspector/adapters';
+import { VisRequestHandlersRegistryProvider } from 'ui/registry/vis_request_handlers';
+import { AggConfig } from 'ui/vis/agg_config';
+import { AggConfigs } from 'ui/vis/agg_configs';
+import { getTime } from 'ui/timefilter/get_time';
+import { i18n } from '@kbn/i18n';
+import { has } from 'lodash';
+import { calculateObjectHash } from 'ui/vis/lib/calculate_object_hash';
+import { getRequestInspectorStats, getResponseInspectorStats } from 'ui/courier/utils/courier_inspector_utils';
+import chrome from 'ui/chrome';
+
+// Maximum number of unique values of each field (observables) to fetch
+const MAX_NUMBER_OF_TERMS = 5;
+
+const handleCourierRequest = courierRequestHandlerProvider().handler;
+
+// Register new RaquestHandlerProvider
+const theHiveButtonRequestHandlerProvider = function () {
+ return {
+ name: 'theHiveButtonRequestHandler',
+ handler: theHiveButtonRequestHandler,
+ }
+}
+VisRequestHandlersRegistryProvider.register(theHiveButtonRequestHandlerProvider);
+
+export {theHiveButtonRequestHandlerProvider, theHiveButtonRequestHandler};
+
+
+// The request handler function itself
+async function theHiveButtonRequestHandler(params) {
+ //console.log("theHiveButtonRequestHandler params:", params);
+
+ let index = params.index;
+ let partialRows = params.partialRows;
+ let metricsAtAllLevels = params.metricsAtAllLevels;
+ let timeRange = params.timeRange;
+ let query = params.query;
+ let filters = params.filters;
+ let inspectorAdapters = params.inspectorAdapters;
+ let queryFilter = params.queryFilter;
+ let forceFetch = params.forceFetch;
+ // our own confiuration:
+ // list of fields to get potential observables from
+ // (each "field" is object {name: str, type: str, cnt: int})
+ let obsFields = params.visParams.obsFields;
+
+ // filter out invalid field specifications
+ obsFields = obsFields.filter( f => (f.name != "" && f.type != "" && f.cnt > 0) );
+
+ if (obsFields.length == 0) {
+ //console.log("theHiveButtonRequestHandler: Empty obsFields, nothing to do")
+ return {} // no fields specified, nothing to do
+ }
+
+ // === Prepare request to ask for unique values of all selected fields ===
+
+ // Construct a query for ElasticSearch
+ // Get "terms" (most common unique values) for each field of obsFields
+ const aggs_dsl = {}
+ for (let field of obsFields) {
+ aggs_dsl[field.name] = {
+ terms: {
+ field: field.name,
+ size: field.cnt,
+ order: {_count: "desc"}
+ }
+ };
+ }
+ //console.log("aggs_dsl:", aggs_dsl);
+
+ // Create empty AggConfigs
+ // (We could pass specifications of a metric and the buckets here,
+ // but default processing functions assume multiple buckets are sub-buckets,
+ // which is not what we want. So we must do a "hack" and manually create
+ // query directly in format for ElasticSearch)
+ const aggs = new AggConfigs(params.index, []);
+
+ // === Some magic to get searchSource object ===
+ // (inspired by https://github.com/fbaligand/kibana-enhanced-table/blob/7.4/public/data_load/enhanced-table-request-handler.js)
+ // (I don't understand it, but it works)
+
+ let $injector = await chrome.dangerouslyGetActiveInjector();
+ let Private = $injector.get('Private');
+ let SearchSource = Private(SearchSourceProvider);
+ let searchSource = new SearchSource();
+ searchSource.setField('index', index);
+ searchSource.setField('size', 0);
+
+ inspectorAdapters.requests = new RequestAdapter();
+ inspectorAdapters.data = new DataAdapter();
+
+
+ // === Execute query ===
+ // We could call standard "courier" here, but it tries to convert the response
+ // to a table, which fails in our case, so we copied the main code of courier
+ // and modified it here.
+
+ const abortSignal = false;
+
+ const timeFilterSearchSource = searchSource.createChild({ callParentStartHandlers: true });
+ const requestSearchSource = timeFilterSearchSource.createChild({ callParentStartHandlers: true });
+
+ aggs.setTimeRange(timeRange);
+
+ // For now we need to mirror the history of the passed search source, since
+ // the request inspector wouldn't work otherwise.
+ Object.defineProperty(requestSearchSource, 'history', {
+ get() {
+ return searchSource.history;
+ },
+ set(history) {
+ return searchSource.history = history;
+ }
+ });
+
+ // This has been modified to override DSL format by ours
+// requestSearchSource.setField('aggs', function () {
+// return aggs.toDsl(metricsAtAllLevels);
+// });
+ requestSearchSource.setField('aggs', aggs_dsl);
+
+ requestSearchSource.onRequestStart((searchSource, searchRequest) => {
+ return aggs.onSearchRequestStart(searchSource, searchRequest);
+ });
+
+ if (timeRange) {
+ timeFilterSearchSource.setField('filter', () => {
+ return getTime(searchSource.getField('index'), timeRange);
+ });
+ }
+
+ requestSearchSource.setField('filter', filters);
+ requestSearchSource.setField('query', query);
+
+ const reqBody = await requestSearchSource.getSearchRequestBody();
+
+ const queryHash = calculateObjectHash(reqBody);
+ // We only need to reexecute the query, if forceFetch was true or the hash of the request body has changed
+ // since the last request
+ const shouldQuery = forceFetch || (searchSource.lastQuery !== queryHash);
+
+ if (shouldQuery) {
+ inspectorAdapters.requests.reset();
+ const request = inspectorAdapters.requests.start(
+ i18n.translate('common.ui.vis.courier.inspector.dataRequest.title', { defaultMessage: 'Data' }),
+ {
+ description: i18n.translate('common.ui.vis.courier.inspector.dataRequest.description',
+ { defaultMessage: 'This request queries Elasticsearch to fetch the data for the visualization.' }),
+ }
+ );
+ request.stats(getRequestInspectorStats(requestSearchSource));
+
+ try {
+ // Abort any in-progress requests before fetching again
+ if (abortSignal) {
+ abortSignal.addEventListener('abort', () => requestSearchSource.cancelQueued());
+ }
+
+ const response = await requestSearchSource.fetch();
+ //console.log("raw response:", response);
+
+ searchSource.lastQuery = queryHash;
+
+ request
+ .stats(getResponseInspectorStats(searchSource, response))
+ .ok({ json: response });
+
+ searchSource.rawResponse = response;
+ } catch(e) {
+ // Log any error during request to the inspector
+ request.error({ json: e });
+ throw e;
+ } finally {
+ // Add the request body no matter if things went fine or not
+ requestSearchSource.getSearchRequestBody().then(req => {
+ request.json(req);
+ });
+ }
+ }
+
+ // === Copy of courier code ends here, now we parse the response ===
+
+ const resp = searchSource.rawResponse;
+ // Return as object containing a list of unique values (terms) for each
+ // requested field
+ let unique_values_lists = {}
+ for (let field of obsFields) {
+ unique_values_lists[field.name] = resp.aggregations[field.name].buckets.map( (x) => x.key );
+ }
+
+ //console.log("Final lists:", unique_values_lists);
+ return unique_values_lists;
+}
diff --git a/roles/build/files/thehive_button/public/vis.less b/roles/build/files/thehive_button/public/vis.less
new file mode 100644
index 0000000000000000000000000000000000000000..b6f887afaef57a7674a0d0f06ee6f821a0fc015e
--- /dev/null
+++ b/roles/build/files/thehive_button/public/vis.less
@@ -0,0 +1,3 @@
+.myvis-container-div {
+ padding: 1em;
+}
diff --git a/roles/build/files/thehive_button/public/vis_controller.js b/roles/build/files/thehive_button/public/vis_controller.js
new file mode 100644
index 0000000000000000000000000000000000000000..8b23222700ab072c9665442851982e11cdc56788
--- /dev/null
+++ b/roles/build/files/thehive_button/public/vis_controller.js
@@ -0,0 +1,555 @@
+//import { Status } from 'ui/vis/update_status';
+import { toastNotifications } from 'ui/notify';
+import { createTheHiveCase, addCaseObservables } from './create_case';
+//import vis_template from './vis_template.html';
+
+import React, { Component } from 'react';
+import {
+ EuiButton,
+ EuiButtonEmpty,
+ EuiModal,
+ EuiModalBody,
+ EuiModalFooter,
+ EuiModalHeader,
+ EuiModalHeaderTitle,
+ EuiOverlayMask,
+ EuiTitle,
+ EuiFlexGroup,
+ EuiFlexItem,
+ EuiSpacer,
+ EuiForm,
+ EuiFormRow,
+ EuiFieldText,
+ EuiTextArea,
+ EuiSuperSelect,
+ EuiBasicTable,
+ EuiCheckbox,
+ makeId,
+} from '@elastic/eui';
+
+
+// ********** React components **********
+
+// Main React component - the root of visualization
+export class TheHiveButtonVisComponent extends Component {
+ render() {
+ //console.log("TheHiveButtonVisComponent.render(), props:", this.props);
+ return (
+ <div>
+ <NewCaseButton params={this.props.vis.params} observables={this.props.visData} />
+ </div>
+ );
+ }
+
+ componentDidMount() {
+ this.props.renderComplete();
+ }
+
+ componentDidUpdate() {
+ this.props.renderComplete();
+ }
+}
+
+// Button to show the pop-up window (modal)
+// Props:
+// .params - visualization parameters (from vis.params)
+// .observables - object with lists of potential observables to add to the Case
+// for each field in params.obsFields there should be a key in this object
+// containing list of observables (this is returned by request_handler)
+class NewCaseButton extends Component {
+
+ constructor(props) {
+ super(props);
+ // Filter out invalid obsField specifications
+ this.obsFields = props.params.obsFields.filter( f => (f.name != "" && f.type != "" && f.cnt > 0) );
+ //console.log("Filtered field specs:", this.obsFields);
+
+ // The complete state is here, so it's kept even when modal is closed
+ this.state = {
+ isModalVisible: false,
+ isWorking: false, // used to show a spinner on submit button
+ ...this.create_initial_state(),
+ }
+
+ this.resetCnt = 0; // used to change Modal component key on each form reset
+
+ // Each handler function in a class (method) must be "binded" this way
+ this.closeModal = this.closeModal.bind(this);
+ this.showModal = this.showModal.bind(this);
+ this.resetForm = this.resetForm.bind(this);
+
+ this.onTitleChange = this.onTitleChange.bind(this);
+ this.onSeverityChange = this.onSeverityChange.bind(this);
+ this.onTLPChange = this.onTLPChange.bind(this);
+ this.onDescriptionChange = this.onDescriptionChange.bind(this);
+
+ this.onObsSelectionChange = this.onObsSelectionChange.bind(this);
+ this.onObsDataChange = this.onObsDataChange.bind(this);
+
+ this.submitCase = this.submitCase.bind(this);
+ }
+
+ create_initial_state() {
+ // create a new instance of initial state definition
+ let initial_state = {
+ // Case parameters
+ title: "",
+ description: "\n\n--\nCreated from Kibana",
+ severity: "2", // medium
+ tlp: "2", // amber
+ tags: [], // TODO (not implemented yet)
+ obsData: {}, // state of observables form fields (obsData->field->index->{descr,tlp,ioc,tags})
+ obsSel: {}, // list of observable selections (obsSel->field->list_of_selected_indices)
+ }
+ // pre-fill state of each observable to defaults
+ const initial_field_data = {descr: "", tlp: 2, ioc: false, tags: []};
+ for (let field of this.obsFields) {
+ const n_obs = this.props.observables[field.name].length;
+ // fill obsData with new copies of initial_field_data
+ initial_state.obsData[field.name] = new Array(n_obs).fill().map((_)=>({...initial_field_data}));
+ // nothing is selected
+ initial_state.obsSel[field.name] = new Array();
+ }
+ return initial_state;
+ }
+
+ componentDidUpdate(prevProps) {
+ // If list of observables was updated or obsFields setting has changed,
+ // reset the component state and precomputed variables.
+ if (this.props.observables != prevProps.observables) {
+ if (this.props.params.obsFields != prevProps.params.obsFields) {
+ // when obsFields change, observables must change as well, so this "if"
+ // can be inside the first one.
+ // Filter out invalid obsField specifications
+ this.obsFields = this.props.params.obsFields.filter( f => (f.name != "" && f.type != "" && f.cnt && f.cnt > 0) );
+ //console.log("Filtered field specs:", this.obsFields);
+ }
+ //console.log("New list of observables, resetting form.");
+ this.resetForm();
+ }
+ }
+
+ resetForm() {
+ this.setState(this.create_initial_state());
+ this.resetCnt += 1; // this changes the key of ModalContent, causing it to be replaced by new DOM elelments (otherwise, not all things are reset properly)
+ this.forceUpdate();
+ }
+
+ closeModal() {
+ this.setState({ isModalVisible: false });
+ }
+
+ showModal() {
+ this.setState({ isModalVisible: true });
+ }
+
+ // Event handlers for change of case parameter
+ onTitleChange(evt) {
+ this.setState({title: evt.target.value});
+ }
+ onSeverityChange(value) {
+ this.setState({severity: value});
+ }
+ onTLPChange(value) {
+ this.setState({tlp: value});
+ }
+ onDescriptionChange(evt) {
+ this.setState({description: evt.target.value});
+ }
+
+ // Event handler for observable (de)selection
+ onObsSelectionChange(fieldName, selectedItems) {
+ // Extract indices from the items and store them into state
+ const selectedIndices = selectedItems.map(item4 => item4.i);
+ this.setState((state, props) => {
+ let newObsSel = {...this.state.obsSel};
+ newObsSel[fieldName] = selectedIndices;
+ return {obsSel: newObsSel};
+ });
+ }
+
+ // Event handler for edit of a form field in observable row
+ // - fieldName: which field (table of observables)
+ // - ix: index of the observable in the field's table
+ // - param: one of: descr,tlp,ioc,tags
+ // - value: new value of the form field
+ onObsDataChange(fieldName, ix, param, value) {
+ this.setState((state, props) => {
+ let newObsData = {...this.state.obsData};
+ newObsData[fieldName][ix][param] = value;
+ return {obsData: newObsData};
+ });
+ }
+
+ // Render function
+ render() {
+ let modal;
+ if (this.state.isModalVisible) {
+ modal = <ModalContent
+ resetCnt={this.resetCnt} // used to change "key" of modalBody, causing all form fields to be re-created (some things are not reset properly by reseting state only)
+ close={this.closeModal}
+ reset={this.resetForm}
+ fields={this.obsFields}
+ observables={this.props.observables}
+ // form state
+ title={this.state.title}
+ description={this.state.description}
+ severity={this.state.severity}
+ tlp={this.state.tlp}
+ tags={this.state.tags}
+ obsData={this.state.obsData}
+ obsSel={this.state.obsSel}
+ spinner={this.state.isWorking}
+ // event handlers
+ onTitleChange={this.onTitleChange}
+ onSeverityChange={this.onSeverityChange}
+ onTLPChange={this.onTLPChange}
+ onDescriptionChange={this.onDescriptionChange}
+ onObsSelectionChange={this.onObsSelectionChange}
+ onObsDataChange={this.onObsDataChange}
+ submitCase={this.submitCase}
+ />;
+ }
+ return (
+ <div>
+ <EuiButton fill iconType="alert" color="danger" onClick={this.showModal}>Create new Case ...</EuiButton>
+ {modal}
+ </div>
+ );
+ }
+
+ // Submit case button handler
+ async submitCase(evt) {
+ const params = this.props.params;
+
+ // Get case parameters
+ const title = this.state.title;
+ const descr = this.state.description;
+ const severity = parseInt(this.state.severity);
+ const start_date = null;
+ const owner = params.owner;
+ const flag = false;
+ const tlp = parseInt(this.state.tlp);
+ const tags = this.state.tags;
+
+ if (!title) {
+ toastNotifications.addDanger("Title can't be empty");
+ return;
+ }
+
+ // Get list of selected observables and their params
+ let observables = [];
+ for (let field of this.obsFields) {
+ let selectionIndices = [...this.state.obsSel[field.name]]; // make a copy
+ selectionIndices.sort();
+ for (let i = 0; i < selectionIndices.length; i++) {
+ const j = selectionIndices[i]; // index of a selected obs. in the list of all observables
+ // fill in observable definition according to model at
+ // https://github.com/TheHive-Project/TheHiveDocs/blob/master/api/artifact.md
+ const obs = {
+ dataType: field.type,
+ data: this.props.observables[field.name][j],
+ message: this.state.obsData[field.name][j].descr,
+ tlp: this.state.obsData[field.name][j].tlp,
+ ioc: this.state.obsData[field.name][j].ioc,
+ tags: this.state.obsData[field.name][j].tags,
+ };
+ observables.push(obs);
+ }
+ }
+
+ //console.log("Selected observables:", observables);
+
+ // Check '/' at the end of base URL, add it if needed
+ let base_url = params.url;
+ if (base_url[base_url.length-1] != "/") {
+ base_url += "/";
+ }
+
+ // Show spinner at submit button
+ this.setState({isWorking: true});
+
+ // Submit request to create the case, handle response
+ let resp;
+ resp = await createTheHiveCase(base_url, params.apikey, title, descr, severity, start_date, owner, flag, tlp, tags);
+
+ if ('error' in resp) {
+ // Error contacting The Hive
+ console.error("TheHiveButton: ERROR when trying to create new case:", resp.error);
+ toastNotifications.addDanger("ERROR: " + resp.error);
+ this.setState({isWorking: false}); // Hide spinner
+ return;
+ }
+
+ console.log("TheHiveButton: Case created:", resp);
+ const case_id = resp.id;
+ const case_url = base_url + "index.html#/case/" + case_id + "/details";
+
+ // Show notification
+ let obs_text;
+ if (observables.length > 0) {
+ obs_text = "Adding " + observables.length + " observables in background ...";
+ }
+ else {
+ obs_text = "(no observables added)";
+ }
+ toastNotifications.add({
+ title: "Case created",
+ color: "success",
+ iconType: "checkInCircleFilled",
+ text: (
+ <div>
+ <p><b><a href={case_url} target="_blank">Edit the new Case</a></b></p>
+ <p>{obs_text}</p>
+ </div>
+ ),
+ });
+
+ // Close the popup window, reset form fields and hide spinner
+ this.closeModal();
+ this.resetForm();
+ this.setState({isWorking: false});
+
+ // Open a new window with the case in The Hive
+ // (adding observables may take some time, so the case is opened first;
+ // The Hive web is dynamic so the observables appear as they are added)
+ window.open(case_url, '_blank');
+
+ if (observables.length == 0)
+ return;
+
+ // Submit request to add observables
+ console.log("TheHiveButton: adding " + observables.length + " observables ...");
+ resp = await addCaseObservables(base_url, params.apikey, case_id, observables);
+
+ if ('error' in resp) {
+ console.error("TheHiveButton: ERROR when trying to add observables: " + resp.error);
+ toastNotifications.addDanger("ERROR when trying to add observables: " + resp.error);
+ }
+ else {
+ console.log("TheHiveButton: Done, observables added.");
+ toastNotifications.add("Done, observables added.");
+ }
+ }
+}
+
+
+// The popup window with a form
+// props:
+// - spinner: when true, disable form and show a spinner over it
+class ModalContent extends Component {
+ constructor(props) {
+ super(props);
+ // No state here, everything is in the parent class (NewCaseButton)
+
+ // "Select" options
+ this.severityOptions = [
+ {value: "1", inputDisplay: "low"},
+ {value: "2", inputDisplay: "medium"},
+ {value: "3", inputDisplay: "high"},
+ ];
+ this.tlpOptions = [
+ {value: "0", inputDisplay: "white"},
+ {value: "1", inputDisplay: "green"},
+ {value: "2", inputDisplay: "amber"},
+ {value: "3", inputDisplay: "red"},
+ ];
+ }
+
+ // Main render function
+ render() {
+ // TODO: replace Modal with Flyout?
+
+ // Note: onClick on EuiOverlayMask causes close of modal when clicked outside,
+ // implementation inspired by PR: https://github.com/elastic/eui/pull/3462/files#diff-c8fda532e48f75c94c343247cbc6b2d3R53-R60
+ return (
+ <EuiOverlayMask onClick={(evt) => {if (evt.target.classList.contains("euiOverlayMask")) this.props.close();} }>
+ <EuiModal onClose={this.props.close} maxWidth={false} initialFocus="[name=title]">
+ <EuiModalHeader>
+ <EuiModalHeaderTitle>Create a new case in The Hive</EuiModalHeaderTitle>
+ </EuiModalHeader>
+
+ <EuiModalBody key={this.props.resetCnt}>
+ <EuiForm style={{width: "800px"}}>
+ <EuiFlexGroup>
+ <EuiFlexItem grow={1}>
+ <EuiFormRow label="Title" fullWidth>
+ <EuiFieldText name="title" value={this.props.title} onChange={this.props.onTitleChange} required={true} fullWidth />
+ </EuiFormRow>
+ </EuiFlexItem>
+ <EuiFlexItem grow={false}>
+ <EuiFormRow label="Severity">
+ <EuiSuperSelect
+ options={this.severityOptions}
+ valueOfSelected={this.props.severity}
+ onChange={this.props.onSeverityChange}
+ />
+ </EuiFormRow>
+ </EuiFlexItem>
+ <EuiFlexItem grow={false}>
+ <EuiFormRow label="TLP">
+ <EuiSuperSelect
+ prepend="TLP"
+ options={this.tlpOptions}
+ valueOfSelected={this.props.tlp}
+ onChange={this.props.onTLPChange}
+ />
+ </EuiFormRow>
+ </EuiFlexItem>
+ </EuiFlexGroup>
+ <EuiFormRow label="Description" fullWidth>
+ <EuiTextArea
+ defaultValue={this.props.description}
+ onChange={this.props.onDescriptionChange}
+ rows={4}
+ fullWidth
+ />
+ </EuiFormRow>
+
+ {this.props.fields.length > 0 && <EuiTitle size="s"><h3>Add observables from current query ...</h3></EuiTitle>}
+ {this.props.fields.map((field,ix) => (
+ <ObservablesTable
+ key={field.name + ":" + this.props.resetCnt}
+ fieldName={field.name}
+ observables={this.props.observables[field.name]}
+ obsData={this.props.obsData[field.name]}
+ obsSel={this.props.obsSel[field.name]}
+ onObsSelectionChange={this.props.onObsSelectionChange}
+ onObsDataChange={this.props.onObsDataChange}
+ />
+ ))}
+ </EuiForm>
+ </EuiModalBody>
+
+ <EuiModalFooter>
+ <EuiButtonEmpty onClick={this.props.close}>Close</EuiButtonEmpty>
+ <EuiButtonEmpty onClick={this.props.reset}>Reset</EuiButtonEmpty>
+ <EuiButton onClick={this.props.submitCase} fill isLoading={this.props.spinner}>Create Case</EuiButton>
+ </EuiModalFooter>
+ </EuiModal>
+ </EuiOverlayMask>
+ );
+ }
+}
+
+// Table of potential observables taken from a given field, allowing to select
+// which observables to send to The Hive.
+// Props:
+// fieldName - name of the field this table is for
+// observables - list of observable IDs of this field
+// obsData - array of objects specifying state of form fields in the table (.descr, .tlp, ...)
+// obsSel - array of indices of selected observables
+class ObservablesTable extends Component {
+
+ constructor(props) {
+ super(props);
+
+ // Table columns definition
+ this.columns = [
+ {
+ field: "id",
+ name: "Observable",
+ },
+ {
+ field: "descr",
+ name: "Description",
+ description: "Description of the observable in the context of the case",
+ render: (value, item1) => (<EuiFieldText
+ value={item1.descr}
+ onChange={(e) => this.props.onObsDataChange(props.fieldName, item1.i, "descr", e.target.value)}
+ disabled={!item1.selected}
+ />)
+ },
+ /*{
+ field: "tlp",
+ name: "TLP",
+ dataType: "number",
+ // TODO render and process changes
+ },*/
+ {
+ field: "ioc",
+ name: "Is IOC",
+ dataType: "boolean",
+ description: "Indicates if the observable is an IOC",
+ render: (value, item2) => (<EuiCheckbox
+ id={"ioc-checkbox-"+item2.id}
+ checked={item2.ioc}
+ onChange={(e) => this.props.onObsDataChange(props.fieldName, item2.i, "ioc", e.target.checked)}
+ disabled={!item2.selected}
+ />)
+ },
+ /*{
+ field: "tags",
+ name: "Tags",
+ // TODO render and process changes
+ },*/
+ ]
+
+ // Create a reference to EuiBasicTable, so it's node can be accessed in componentDidMount
+ this.tableRef = React.createRef();
+ }
+
+ render() {
+ // Table data definition (convert props to format suitable for EuiBasicTable)
+ const n_obs = this.props.observables.length;
+ this.table_data = new Array(n_obs);
+ for (let i = 0; i < n_obs; i++) {
+ this.table_data[i] = {
+ id: this.props.observables[i],
+ descr: this.props.obsData[i].descr,
+ tlp: this.props.obsData[i].tlp,
+ ioc: this.props.obsData[i].ioc,
+ tags: this.props.obsData[i].tags,
+ // auxiliary fields, not shown in table:
+ i: i, // row index
+ selected: this.props.obsSel.includes(i),
+ };
+ }
+
+ return (
+ <>
+ <EuiTitle size="xs"><h4>{this.props.fieldName}</h4></EuiTitle>
+ <EuiBasicTable
+ ref={this.tableRef}
+ columns={this.columns}
+ items={this.table_data}
+ itemId={(item3) => item3.id}
+ selection={ {onSelectionChange: (selectedItems) => this.props.onObsSelectionChange(this.props.fieldName, selectedItems) } }
+ noItemsMessage="No observables found"
+ rowProps={{
+ // Hack to allow selection by clicking anywhere in the table row
+ // (except input elements)
+ onClick: (e) => {
+ if (e.target.tagName != "INPUT") {
+ // simulate click on the first checkbox in the row to (de)select the row
+ e.currentTarget.querySelector("input").click();
+ e.currentTarget.blur(); // without this the focus remains on the row after click (results in different color)
+ }
+ },
+ tabIndex: "-1", // prevents focus on row by keyboard navigation
+ }}
+ />
+ <EuiSpacer size="l" />
+ </>
+ )
+ }
+
+ componentDidMount() {
+ // There's no way to specify initially selected items in EuiBasicTable by
+ // props, but we may need to select some (in case a user selects some obs.,
+ // closes the modal and opens it again).
+ // However, the selection is stored as a 'selection' field of table's state,
+ // so here we directly edit the state just after the table is created.
+
+ // Prepare the 'selection' array - it should contain a list of selected row specifications
+ let selection = [];
+ for (let ix of this.props.obsSel) {
+ selection.push(this.table_data[ix]);
+ }
+
+ // Get ref to EuiBasicTable element and update its state
+ const table_node = this.tableRef.current;
+ table_node.setState({selection: selection});
+ }
+}
+
diff --git a/roles/build/files/thehive_button/server/routes/newcase.js b/roles/build/files/thehive_button/server/routes/newcase.js
new file mode 100644
index 0000000000000000000000000000000000000000..175dee818c5569a5e5e02db31a6e443abe5f03fb
--- /dev/null
+++ b/roles/build/files/thehive_button/server/routes/newcase.js
@@ -0,0 +1,153 @@
+const request = require('request');
+//const fs = require('fs');
+//const path = require('path');
+
+//const caFile = path.resolve(__dirname, '../../ca.cert.pem'); // TODO resolve where the CA file should be located / configured
+
+export default function (server) {
+ server.route({
+ path: '/api/thehive_button/new_case',
+ method: 'POST',
+ handler: newCaseHandler,
+ });
+ server.route({
+ path: '/api/thehive_button/add_observables',
+ method: 'POST',
+ handler: addObservablesHandler,
+ });
+}
+
+// Handler of ajax requests to create a new Case in The Hive
+function newCaseHandler(req, resp) {
+ // Parse the request to get connection parameters
+ // (everything is configured in forntend and sent as part of the request,
+ // since I don't know how to configure the backend)
+ var base_url = req.payload['base_url'];
+ var api_key = req.payload['api_key'];
+ var req_body = req.payload['body'];
+
+ // check it's a valid URL with slash at the end
+ if (!base_url) {
+ return {'error': 'Base URL not set'};
+ }
+ if (!base_url.match(/https?:\/\/(([a-z\d.-]+)|((\d{1,3}\.){3}\d{1,3}))(\:\d+)?(\/[-a-z\d%_.~+]*)*\//i)) {
+ //if (!base_url.match(/https?:\/\/.*\//)) {
+ return {'error': 'Invalid base URL (it must begin with "http[s]" and end with "/")'};
+ }
+ if (!api_key) {
+ return {'error': 'API key not set'};
+ }
+
+ return new Promise( function(resolve, reject) {
+ request({
+ method: 'POST',
+ url: base_url + 'api/case',
+ auth: {'bearer': api_key},
+ json: true,
+ body: req_body,
+ //ca: fs.readFileSync(caFile), // TODO resolve the issue with custom CA, where to get its cert?
+ rejectUnauthorized: false,
+ },
+ // handler of the reply from The Hive - just return as reply
+ function (error, response, body) {
+ // TODO: find out how to set response code, for now we always return sucess and encode original status code in the content
+ if (error) {
+ console.error("ERROR when trying to send request to The Hive:", error);
+ resolve({'error': error.message});
+ }
+ else {
+ if (response.statusCode < 200 || response.statusCode >= 300) {
+ console.error("ERROR Unexpected reply received from The Hive:", response.statusCode, response.statusMessage, "\n", body)
+ }
+ resolve({
+ 'status_code': response.statusCode,
+ 'status_msg': response.statusMessage,
+ 'body': body
+ });
+ }
+ } // handler function
+ ); // request()
+ }); // Promise()
+}
+
+// Note:
+// There are two ways to create multiple Observables (artifacts) via The Hive API:
+// 1. post one request with an array of observables in "data" field
+// - this allows to create all in one request, but doesn't allow to set
+// different parameters (IOC, TLP, etc.) to different observables
+// 2. post each observable in a separate request
+// The second way is used here.
+
+// Handler of ajax requests to add Observables to a Case in The Hive
+function addObservablesHandler(req, resp) {
+ // Parse the request to get connection parameters
+ // (everything is configured in forntend and sent as part of the request,
+ // since I don't know how to configure the backend)
+ var base_url = req.payload['base_url'];
+ var api_key = req.payload['api_key'];
+
+ // check it's a valid URL with slash at the end
+ if (!base_url) {
+ return {'error': 'Base URL not set'};
+ }
+ if (!base_url.match(/https?:\/\/(([a-z\d.-]+)|((\d{1,3}\.){3}\d{1,3}))(\:\d+)?(\/[-a-z\d%_.~+]*)*\//i)) {
+ //if (!base_url.match(/https?:\/\/.*\//)) {
+ return {'error': 'Invalid base URL (it must begin with "http[s]" and end with "/")'};
+ }
+ // TODO add "/" to the end automatically
+ if (!api_key) {
+ return {'error': 'API key not set'};
+ }
+
+ const caseid = req.payload['caseid'];
+ const observables = req.payload['observables']; // array of obersvable specifications
+
+ return new Promise( async function(resolve, reject) {
+ // Run one request for each observable
+ // (A way to run multiple async tasks sequentially inspired by:
+ // https://jrsinclair.com/articles/2019/how-to-run-async-js-in-parallel-or-sequential/ )
+ const starterPromise = Promise.resolve(null);
+ await observables.reduce(
+ (p, obs) => p.then(() => addObservable(base_url, api_key, caseid, obs)),
+ starterPromise
+ ).catch((err_msg) => {
+ console.error(err_msg); // log whole message
+ resolve({'error': err_msg.split("\n", 1)[0]}); // send the first line to frontend
+ return;
+ }
+ );
+ resolve({});
+ });
+}
+
+function addObservable(base_url, api_key, caseid, obs) {
+ return new Promise( function(resolve, reject) {
+ //console.log("Adding observable:", obs);
+ request({
+ method: 'POST',
+ url: base_url + 'api/case/' + caseid + "/artifact",
+ auth: {'bearer': api_key},
+ json: true,
+ body: obs,
+ //ca: fs.readFileSync(caFile), // TODO resolve the issue with custom CA, where to get its cert?
+ rejectUnauthorized: false,
+ },
+ // handler of the reply from The Hive - just return as reply
+ function (error, response, body) {
+ if (error) {
+ reject("ERROR when trying to send request to The Hive: " + error);
+ }
+ else if (response.statusCode < 200 || response.statusCode >= 300) {
+ reject("ERROR: Unexpected reply received from The Hive: " + response.statusCode + " " + response.statusMessage + "\n" + JSON.stringify(body));
+ }
+ else {
+ // success - continue with the next observable
+ resolve("OK");
+ resolve({})
+ }
+ } // handler function
+ ); // request()
+ }); //Promise()
+}
+
+
diff --git a/roles/build/files/thehive_button/thehive_button/.eslintrc b/roles/build/files/thehive_button/thehive_button/.eslintrc
new file mode 100644
index 0000000000000000000000000000000000000000..64eba86220ec489c9c364e9a443941d14a8d3b16
--- /dev/null
+++ b/roles/build/files/thehive_button/thehive_button/.eslintrc
@@ -0,0 +1,7 @@
+---
+extends: "@elastic/kibana"
+
+settings:
+ import/resolver:
+ '@elastic/eslint-import-resolver-kibana':
+ rootPackageName: 'thehive_button'
diff --git a/roles/build/files/thehive_button/thehive_button/.kibana-plugin-helpers.json b/roles/build/files/thehive_button/thehive_button/.kibana-plugin-helpers.json
new file mode 100644
index 0000000000000000000000000000000000000000..2c63c0851048d8f7bff41ecf0f8cee05f52fd120
--- /dev/null
+++ b/roles/build/files/thehive_button/thehive_button/.kibana-plugin-helpers.json
@@ -0,0 +1,2 @@
+{
+}
diff --git a/roles/build/files/thehive_button/thehive_button/index.js b/roles/build/files/thehive_button/thehive_button/index.js
new file mode 100644
index 0000000000000000000000000000000000000000..fa69c75c30d7ee40f8d7089d6debd6cf69c8d402
--- /dev/null
+++ b/roles/build/files/thehive_button/thehive_button/index.js
@@ -0,0 +1,19 @@
+import newCaseRoute from './server/routes/newcase';
+
+export default function (kibana) {
+ return new kibana.Plugin({
+ require: [], //['elasticsearch'],
+ name: 'thehive_button',
+ uiExports: {
+ visTypes: [
+ 'plugins/thehive_button/main',
+ ],
+ },
+
+ init(server, options) { // eslint-disable-line no-unused-vars
+ // Add server routes and initialize the plugin here
+ newCaseRoute(server);
+ }
+ });
+}
+
diff --git a/roles/build/files/thehive_button/thehive_button/package.json b/roles/build/files/thehive_button/thehive_button/package.json
new file mode 100644
index 0000000000000000000000000000000000000000..e1c070d62c2e69b0f42fa4c5d47e1e8c0b408988
--- /dev/null
+++ b/roles/build/files/thehive_button/thehive_button/package.json
@@ -0,0 +1,35 @@
+{
+ "name": "thehive_button",
+ "version": "1.0.0",
+ "description": "Visualisation plugin which creates a simple button to create a new case in The Hive.",
+ "main": "index.js",
+ "kibana": {
+ "version": "7.4.2"
+ },
+ "scripts": {
+ "lint": "eslint .",
+ "start": "plugin-helpers start",
+ "build": "plugin-helpers build"
+ },
+ "dependencies": {
+ "request": "^2.88.0",
+ "@elastic/eui": "10.4.2",
+ "react": "^16.8.0"
+ },
+ "devDependencies": {
+ "@elastic/eslint-config-kibana": "link:../../packages/eslint-config-kibana",
+ "@elastic/eslint-import-resolver-kibana": "link:../../packages/kbn-eslint-import-resolver-kibana",
+ "@kbn/plugin-helpers": "link:../../packages/kbn-plugin-helpers",
+ "babel-eslint": "^9.0.0",
+ "eslint": "^5.6.0",
+ "eslint-plugin-babel": "^5.2.0",
+ "eslint-plugin-import": "^2.14.0",
+ "eslint-plugin-jest": "^21.26.2",
+ "eslint-plugin-jsx-a11y": "^6.1.2",
+ "eslint-plugin-mocha": "^5.2.0",
+ "eslint-plugin-no-unsanitized": "^3.0.2",
+ "eslint-plugin-prefer-object-spread": "^1.2.1",
+ "eslint-plugin-react": "^7.11.1",
+ "expect.js": "^0.3.1"
+ }
+}
diff --git a/roles/build/files/thehive_button/thehive_button/public/create_case.js b/roles/build/files/thehive_button/thehive_button/public/create_case.js
new file mode 100644
index 0000000000000000000000000000000000000000..fc8edd6f6f1e4ccb1b24ec5554e55e2d6503cf6c
--- /dev/null
+++ b/roles/build/files/thehive_button/thehive_button/public/create_case.js
@@ -0,0 +1,101 @@
+// Functions to send data to Kibana endpoints
+
+import chrome from 'ui/chrome';
+
+// Create a new Case in The Hive via its API
+// Return a Promise which resolves to object with ID of the new case ('id' attr) or error message ('error' attr)
+export function createTheHiveCase(base_url, api_key, title, descr, severity, startDate, owner, flag, tlp, tags) {
+ // Prepare data
+ var data = JSON.stringify({
+ "base_url": base_url,
+ "api_key": api_key,
+ "body": {
+ "title": title,
+ "description": descr,
+ "severity": severity, // number: 1=low, 2=medium, 3=high
+ "startDate": startDate,
+ "owner": owner, // user name the case will be assigned to
+ "flag": flag, // bool
+ "tlp": tlp, // number: 0=white, 1=green, 2=amber, 3=red
+ "tags": tags, // array of strings
+ }
+ });
+ console.log("TheHiveButton: Sending request to API endpoint 'new_case':", data);
+ var kibana_endpoint_url = chrome.addBasePath('/api/thehive_button/new_case');
+
+ return new Promise(function (resolve, reject) {
+ // Create AJAX request
+ var xhr = new XMLHttpRequest();
+
+ // Listener to process reply
+ xhr.onreadystatechange = function () {
+ if (this.readyState != 4) {
+ return; // response not ready yet
+ }
+ if (this.status == 200) {
+ const resp = JSON.parse(this.responseText);
+ console.log("TheHiveButton: Response from backend:", resp);
+ if ("error" in resp) {
+ resolve({"error": resp.error});
+ }
+ else if (resp.status_code != 201) {
+ resolve({"error": "Unexpected reply received from The Hive: [" + resp.status_code + "] " + resp.status_msg});
+ }
+ else {
+ resolve({"id": resp.body.id}); // return ID of the new case
+ }
+ }
+ else {
+ console.log("TheHiveButton: Error " + this.status + ": " + this.statusText);
+ resolve({"error": "Error " + this.status + ": " + this.statusText});
+ }
+ }
+
+ // Send the AJAX request
+ xhr.open("POST", kibana_endpoint_url);
+ xhr.setRequestHeader("Content-Type", "application/json");
+ xhr.setRequestHeader("kbn-xsrf", "thehive_plugin"); // this header must be set, although its content is probably irrelevant
+ xhr.send(data);
+ });
+}
+
+// Add observables to an existing Case in The Hive
+// (send the list of observables to our backend endpoint, it pushes them to The Hive)
+export function addCaseObservables(base_url, api_key, caseid, observables) {
+ const kibana_endpoint_url = chrome.addBasePath('/api/thehive_button/add_observables');
+ const data = JSON.stringify({
+ "base_url": base_url,
+ "api_key": api_key,
+ "caseid": caseid,
+ "observables": observables,
+ });
+ console.log("TheHiveButton: Sending request to API endpoint 'add_observables':", data);
+
+ return new Promise(function (resolve, reject) {
+ // Create AJAX request
+ var xhr = new XMLHttpRequest();
+
+ // Listener to process reply
+ xhr.onreadystatechange = function () {
+ if (this.readyState != 4) {
+ return; // response not ready yet
+ }
+ if (this.status == 200) {
+ const resp = JSON.parse(this.responseText);
+ console.log("TheHiveButton: Response from backend:", resp);
+ resolve(resp);
+ }
+ else {
+ console.log("TheHiveButton: Error " + this.status + ": " + this.statusText);
+ resolve({"error": "Error " + this.status + ": " + this.statusText});
+ }
+ }
+
+ // Send the AJAX request
+ xhr.open("POST", kibana_endpoint_url);
+ xhr.setRequestHeader("Content-Type", "application/json");
+ xhr.setRequestHeader("kbn-xsrf", "thehive_plugin"); // this header must be set, although its content is probably irrelevant
+ xhr.send(data);
+ });
+}
+
diff --git a/roles/build/files/thehive_button/thehive_button/public/env.js b/roles/build/files/thehive_button/thehive_button/public/env.js
new file mode 100644
index 0000000000000000000000000000000000000000..4321b85f5ee1682abd17871889a165ae8d96b465
--- /dev/null
+++ b/roles/build/files/thehive_button/thehive_button/public/env.js
@@ -0,0 +1,4 @@
+// Default plugin configuration
+export const THEHIVE_URL = 'https://hive.gn4-3-wp8-soc.sunet.se/';
+export const THEHIVE_API_KEY = '5LymseWiurZBrQN8Kqp8O+9KniTL5cE0';
+export const THEHIVE_OWNER = 'admin'; // default owner account of the created cases
diff --git a/roles/build/files/thehive_button/thehive_button/public/main.js b/roles/build/files/thehive_button/thehive_button/public/main.js
new file mode 100644
index 0000000000000000000000000000000000000000..ee46d73170d4fb43739c58468e3396caace6dcbe
--- /dev/null
+++ b/roles/build/files/thehive_button/thehive_button/public/main.js
@@ -0,0 +1,54 @@
+import { THEHIVE_API_KEY, THEHIVE_URL, THEHIVE_OWNER } from './env';
+import { TheHiveButtonVisComponent } from './vis_controller';
+import { theHiveButtonRequestHandlerProvider } from './request_handler';
+import { optionsEditor } from './options_editor';
+
+import { VisFactoryProvider } from 'ui/vis/vis_factory';
+import { VisTypesRegistryProvider } from 'ui/registry/vis_types';
+import { DefaultEditorSize } from 'ui/vis/editor_size';
+
+
+function TheHiveButtonVisProvider(Private) {
+ const VisFactory = Private(VisFactoryProvider);
+
+ //console.log("default URL:", THEHIVE_URL);
+ //console.log("default API key:", THEHIVE_API_KEY);
+
+ return VisFactory.createReactVisualization({
+ name: 'thehive_button',
+ title: 'The Hive Case',
+ icon: 'alert',
+ description: 'A button to create a new Case in The Hive.',
+ //requiresUpdateStatus: [Status.PARAMS, Status.RESIZE, Status.UI_STATE],
+ visConfig: {
+ component: TheHiveButtonVisComponent,
+ defaults: {
+ // add default parameters
+ url: THEHIVE_URL,
+ apikey: THEHIVE_API_KEY,
+ owner: THEHIVE_OWNER,
+ obsFields: [], // list of objects, e.g. {name: "clientip", type: "ip", cnt: 100}
+ }
+ },
+ //editor: 'default',
+ editorConfig: {
+ optionTabs: [
+ {
+ name: "options",
+ title: "Options",
+ editor: optionsEditor,
+ }
+ ],
+ defaultSize: DefaultEditorSize.LARGE,
+ },
+// optionsTemplate: optionsEditor, //optionsTemplate,
+// //enableAutoApply: true,
+// },
+ requestHandler: 'theHiveButtonRequestHandler', // own request handler
+ responseHandler: 'none', // pass data as returned by requestHandler
+ });
+}
+
+// register the provider with the visTypes registry
+VisTypesRegistryProvider.register(TheHiveButtonVisProvider);
+
diff --git a/roles/build/files/thehive_button/thehive_button/public/options_editor.js b/roles/build/files/thehive_button/thehive_button/public/options_editor.js
new file mode 100644
index 0000000000000000000000000000000000000000..38762bd463115702a0c4f03f099434485f5d59dc
--- /dev/null
+++ b/roles/build/files/thehive_button/thehive_button/public/options_editor.js
@@ -0,0 +1,176 @@
+import React from 'react';
+import {
+ EuiForm,
+ EuiFormRow,
+ EuiTitle,
+ EuiSpacer,
+ EuiFieldText,
+ EuiFieldNumber,
+ EuiSelect,
+ EuiFlexGroup,
+ EuiFlexItem,
+ EuiButton,
+ EuiButtonIcon,
+} from '@elastic/eui';
+
+// Default data types in The Hive
+const DEFAULT_THE_HIVE_TYPES = [
+ '',
+ 'autonomous-system',
+ 'domain',
+ 'file',
+ 'filename',
+ 'fqdn',
+ 'hash',
+ 'ip',
+ 'mail',
+ 'mail_subject',
+ 'regexp',
+ 'registry',
+ 'uri_path',
+ 'url',
+ 'user-agent',
+ 'other',
+];
+
+// Options for EuiSelect for selection of field's data type in TheHive
+const typesOptions = DEFAULT_THE_HIVE_TYPES.map( dt => ({value: dt, text: dt}) );
+
+export function optionsEditor(props) {
+ //console.log("editor render(), props:", props);
+ const { stateParams, setValue, setValidity, vis } = props;
+
+ // onClick/onChange handlers
+ const obsAddNew = () => {
+ const newObsFields = [...stateParams.obsFields, {name: "", type: "", cnt: 100}];
+ // For some reason, first click on the button after editor is loaded does
+ // nothing. Calling setValue twice here fixes it.
+ setValue("obsFields", newObsFields);
+ setValue("obsFields", newObsFields);
+// setValidity(false); // since new row is empty, form is always invalid
+ };
+ const obsRemove = (ix) => {
+ let newArray = [...stateParams.obsFields];
+ newArray.splice(ix, 1);
+ setValue("obsFields", newArray);
+// validate();
+ }
+ const obsSetName = (ix, name) => {
+ let newArray = [...stateParams.obsFields];
+ newArray[ix].name = name;
+ setValue("obsFields", newArray);
+// validate();
+ }
+ const obsSetType = (ix, type) => {
+ let newArray = [...stateParams.obsFields];
+ newArray[ix].type = type;
+ setValue("obsFields", newArray);
+// validate();
+ }
+ const obsSetCnt = (ix, cnt) => {
+ let newArray = [...stateParams.obsFields];
+ newArray[ix].cnt = parseInt(cnt);
+ setValue("obsFields", newArray);
+// validate();
+ }
+// const validate = () => {
+// let valid = true;
+// for (let field of stateParams.obsFields) {
+// if (field.name == "" || field.type == "" || field.cnt == "") {
+// valid = false;
+// break;
+// }
+// }
+// // TODO check for duplicate fields
+// setValidity(valid);
+// }
+
+ // Get list of all fields in index (except those beginning with "_" or "@")
+ // and create "options" parameter for EuiSelect.
+ // Also, fields with "aggregatable=false" are removed, as they can't be used
+ // with "terms" aggregation we need.
+ // See this for details: https://www.elastic.co/guide/en/elasticsearch/reference/7.x/fielddata.html
+ // Empty field is added at the beginning, meaning "no selection yet".
+ const fieldOptions = [{value: "", text: ""}].concat(
+ vis.indexPattern.fields.raw.filter( f => (f.name[0] != "_" && f.name[0] != "@" && f.aggregatable) ).map( f => ({value: f.name, text: `${f.name} (${f.type})`}) )
+ );
+
+ return <EuiForm>
+ <EuiFormRow fullWidth={true} label="Base URL of The Hive">
+ <EuiFieldText
+ fullWidth={true}
+ value={stateParams.url}
+ onChange={e => setValue('url', e.target.value)}
+ isInvalid={stateParams.url == ""}
+ />
+ </EuiFormRow>
+ <EuiFlexGroup>
+ <EuiFlexItem grow={1}>
+ <EuiFormRow label="API key to access The Hive" helpText="API key of a user with write permission.">
+ <EuiFieldText
+ fullWidth={true}
+ value={stateParams.apikey}
+ onChange={e => setValue('apikey', e.target.value)}
+ isInvalid={stateParams.apikey == ""}
+ />
+ </EuiFormRow>
+ </EuiFlexItem>
+ <EuiFlexItem grow={1}>
+ <EuiFormRow label="Assignee" helpText="User to assign created cases to. Must be a valid username from The Hive instance.">
+ <EuiFieldText
+ value={stateParams.owner}
+ onChange={e => setValue('owner', e.target.value)}
+ isInvalid={stateParams.owner == ""}
+ />
+ </EuiFormRow>
+ </EuiFlexItem>
+ </EuiFlexGroup>
+ <EuiTitle size="s"><h3>Fields to get potential observables from ...</h3></EuiTitle>
+ <EuiSpacer size="s" />
+ {stateParams.obsFields.map( (field, ix) => (
+ <EuiFlexGroup key={ix} gutterSize="s">
+ <EuiFlexItem grow={3}>
+ <EuiFormRow label="Field name">
+ <EuiSelect
+ options={fieldOptions}
+ value={field.name}
+ onChange={ e => obsSetName(ix, e.target.value) }
+ isInvalid={field.name == ""}
+ />
+ </EuiFormRow>
+ </EuiFlexItem>
+ <EuiFlexItem grow={2}>
+ <EuiFormRow label="Data type in The Hive">
+ <EuiSelect
+ options={typesOptions}
+ value={field.type}
+ onChange={ e => obsSetType(ix, e.target.value) }
+ isInvalid={field.type == ""}
+ />
+ </EuiFormRow>
+ </EuiFlexItem>
+ <EuiFlexItem grow={1}>
+ <EuiFormRow label="Max items shown">
+ <EuiFieldNumber
+ min={1}
+ max={1000}
+ value={parseInt(field.cnt)}
+ onChange={ e => obsSetCnt(ix, e.target.value) }
+ isInvalid={!(field.cnt > 0)}
+ />
+ </EuiFormRow>
+ </EuiFlexItem>
+ <EuiFlexItem grow={false}>
+ <EuiFormRow hasEmptyLabelSpace>
+ <EuiButtonIcon iconType="trash" iconSize="m" color="danger" aria-label="Remove field" onClick={ e => obsRemove(ix) } />
+ </EuiFormRow>
+ </EuiFlexItem>
+ </EuiFlexGroup>
+ ))}
+ <EuiFlexGroup>
+ <EuiFlexItem grow={false}>
+ <EuiButton iconType="plusInCircleFilled" color="primary" onClick={obsAddNew}>Add new field ...</EuiButton>
+ </EuiFlexItem>
+ </EuiFlexGroup>
+ </EuiForm>
+}
diff --git a/roles/build/files/thehive_button/thehive_button/public/options_template.html b/roles/build/files/thehive_button/thehive_button/public/options_template.html
new file mode 100644
index 0000000000000000000000000000000000000000..ef996577786150282c2ffb0d28652a3d1712842b
--- /dev/null
+++ b/roles/build/files/thehive_button/thehive_button/public/options_template.html
@@ -0,0 +1,8 @@
+<div class="form-group">
+ <p><label>Base URL of The Hive</label>
+ <input ng-model="editorState.params.url" class=form-control /></p>
+ <p><label>API key</label>
+ <input ng-model="editorState.params.apikey" class=form-control /></p>
+ <p><label>User name to use as the owner of cases created from here</label>
+ <input ng-model="editorState.params.owner" class=form-control /></p>
+</div>
diff --git a/roles/build/files/thehive_button/thehive_button/public/request_handler.js b/roles/build/files/thehive_button/thehive_button/public/request_handler.js
new file mode 100644
index 0000000000000000000000000000000000000000..bdbb0f4ebee4ff5307a1bf549706bf1ecc92e11b
--- /dev/null
+++ b/roles/build/files/thehive_button/thehive_button/public/request_handler.js
@@ -0,0 +1,195 @@
+import { CourierRequestHandlerProvider as courierRequestHandlerProvider } from 'ui/vis/request_handlers/courier';
+import { SearchSourceProvider } from 'ui/courier/search_source';
+import { RequestAdapter, DataAdapter } from 'ui/inspector/adapters';
+import { VisRequestHandlersRegistryProvider } from 'ui/registry/vis_request_handlers';
+import { AggConfig } from 'ui/vis/agg_config';
+import { AggConfigs } from 'ui/vis/agg_configs';
+import { getTime } from 'ui/timefilter/get_time';
+import { i18n } from '@kbn/i18n';
+import { has } from 'lodash';
+import { calculateObjectHash } from 'ui/vis/lib/calculate_object_hash';
+import { getRequestInspectorStats, getResponseInspectorStats } from 'ui/courier/utils/courier_inspector_utils';
+import chrome from 'ui/chrome';
+
+// Maximum number of unique values of each field (observables) to fetch
+const MAX_NUMBER_OF_TERMS = 5;
+
+const handleCourierRequest = courierRequestHandlerProvider().handler;
+
+// Register new RaquestHandlerProvider
+const theHiveButtonRequestHandlerProvider = function () {
+ return {
+ name: 'theHiveButtonRequestHandler',
+ handler: theHiveButtonRequestHandler,
+ }
+}
+VisRequestHandlersRegistryProvider.register(theHiveButtonRequestHandlerProvider);
+
+export {theHiveButtonRequestHandlerProvider, theHiveButtonRequestHandler};
+
+
+// The request handler function itself
+async function theHiveButtonRequestHandler(params) {
+ //console.log("theHiveButtonRequestHandler params:", params);
+
+ let index = params.index;
+ let partialRows = params.partialRows;
+ let metricsAtAllLevels = params.metricsAtAllLevels;
+ let timeRange = params.timeRange;
+ let query = params.query;
+ let filters = params.filters;
+ let inspectorAdapters = params.inspectorAdapters;
+ let queryFilter = params.queryFilter;
+ let forceFetch = params.forceFetch;
+ // our own confiuration:
+ // list of fields to get potential observables from
+ // (each "field" is object {name: str, type: str, cnt: int})
+ let obsFields = params.visParams.obsFields;
+
+ // filter out invalid field specifications
+ obsFields = obsFields.filter( f => (f.name != "" && f.type != "" && f.cnt > 0) );
+
+ if (obsFields.length == 0) {
+ //console.log("theHiveButtonRequestHandler: Empty obsFields, nothing to do")
+ return {} // no fields specified, nothing to do
+ }
+
+ // === Prepare request to ask for unique values of all selected fields ===
+
+ // Construct a query for ElasticSearch
+ // Get "terms" (most common unique values) for each field of obsFields
+ const aggs_dsl = {}
+ for (let field of obsFields) {
+ aggs_dsl[field.name] = {
+ terms: {
+ field: field.name,
+ size: field.cnt,
+ order: {_count: "desc"}
+ }
+ };
+ }
+ //console.log("aggs_dsl:", aggs_dsl);
+
+ // Create empty AggConfigs
+ // (We could pass specifications of a metric and the buckets here,
+ // but default processing functions assume multiple buckets are sub-buckets,
+ // which is not what we want. So we must do a "hack" and manually create
+ // query directly in format for ElasticSearch)
+ const aggs = new AggConfigs(params.index, []);
+
+ // === Some magic to get searchSource object ===
+ // (inspired by https://github.com/fbaligand/kibana-enhanced-table/blob/7.4/public/data_load/enhanced-table-request-handler.js)
+ // (I don't understand it, but it works)
+
+ let $injector = await chrome.dangerouslyGetActiveInjector();
+ let Private = $injector.get('Private');
+ let SearchSource = Private(SearchSourceProvider);
+ let searchSource = new SearchSource();
+ searchSource.setField('index', index);
+ searchSource.setField('size', 0);
+
+ inspectorAdapters.requests = new RequestAdapter();
+ inspectorAdapters.data = new DataAdapter();
+
+
+ // === Execute query ===
+ // We could call standard "courier" here, but it tries to convert the response
+ // to a table, which fails in our case, so we copied the main code of courier
+ // and modified it here.
+
+ const abortSignal = false;
+
+ const timeFilterSearchSource = searchSource.createChild({ callParentStartHandlers: true });
+ const requestSearchSource = timeFilterSearchSource.createChild({ callParentStartHandlers: true });
+
+ aggs.setTimeRange(timeRange);
+
+ // For now we need to mirror the history of the passed search source, since
+ // the request inspector wouldn't work otherwise.
+ Object.defineProperty(requestSearchSource, 'history', {
+ get() {
+ return searchSource.history;
+ },
+ set(history) {
+ return searchSource.history = history;
+ }
+ });
+
+ // This has been modified to override DSL format by ours
+// requestSearchSource.setField('aggs', function () {
+// return aggs.toDsl(metricsAtAllLevels);
+// });
+ requestSearchSource.setField('aggs', aggs_dsl);
+
+ requestSearchSource.onRequestStart((searchSource, searchRequest) => {
+ return aggs.onSearchRequestStart(searchSource, searchRequest);
+ });
+
+ if (timeRange) {
+ timeFilterSearchSource.setField('filter', () => {
+ return getTime(searchSource.getField('index'), timeRange);
+ });
+ }
+
+ requestSearchSource.setField('filter', filters);
+ requestSearchSource.setField('query', query);
+
+ const reqBody = await requestSearchSource.getSearchRequestBody();
+
+ const queryHash = calculateObjectHash(reqBody);
+ // We only need to reexecute the query, if forceFetch was true or the hash of the request body has changed
+ // since the last request
+ const shouldQuery = forceFetch || (searchSource.lastQuery !== queryHash);
+
+ if (shouldQuery) {
+ inspectorAdapters.requests.reset();
+ const request = inspectorAdapters.requests.start(
+ i18n.translate('common.ui.vis.courier.inspector.dataRequest.title', { defaultMessage: 'Data' }),
+ {
+ description: i18n.translate('common.ui.vis.courier.inspector.dataRequest.description',
+ { defaultMessage: 'This request queries Elasticsearch to fetch the data for the visualization.' }),
+ }
+ );
+ request.stats(getRequestInspectorStats(requestSearchSource));
+
+ try {
+ // Abort any in-progress requests before fetching again
+ if (abortSignal) {
+ abortSignal.addEventListener('abort', () => requestSearchSource.cancelQueued());
+ }
+
+ const response = await requestSearchSource.fetch();
+ //console.log("raw response:", response);
+
+ searchSource.lastQuery = queryHash;
+
+ request
+ .stats(getResponseInspectorStats(searchSource, response))
+ .ok({ json: response });
+
+ searchSource.rawResponse = response;
+ } catch(e) {
+ // Log any error during request to the inspector
+ request.error({ json: e });
+ throw e;
+ } finally {
+ // Add the request body no matter if things went fine or not
+ requestSearchSource.getSearchRequestBody().then(req => {
+ request.json(req);
+ });
+ }
+ }
+
+ // === Copy of courier code ends here, now we parse the response ===
+
+ const resp = searchSource.rawResponse;
+ // Return as object containing a list of unique values (terms) for each
+ // requested field
+ let unique_values_lists = {}
+ for (let field of obsFields) {
+ unique_values_lists[field.name] = resp.aggregations[field.name].buckets.map( (x) => x.key );
+ }
+
+ //console.log("Final lists:", unique_values_lists);
+ return unique_values_lists;
+}
diff --git a/roles/build/files/thehive_button/thehive_button/public/vis.less b/roles/build/files/thehive_button/thehive_button/public/vis.less
new file mode 100644
index 0000000000000000000000000000000000000000..b6f887afaef57a7674a0d0f06ee6f821a0fc015e
--- /dev/null
+++ b/roles/build/files/thehive_button/thehive_button/public/vis.less
@@ -0,0 +1,3 @@
+.myvis-container-div {
+ padding: 1em;
+}
diff --git a/roles/build/files/thehive_button/thehive_button/public/vis_controller.js b/roles/build/files/thehive_button/thehive_button/public/vis_controller.js
new file mode 100644
index 0000000000000000000000000000000000000000..8b23222700ab072c9665442851982e11cdc56788
--- /dev/null
+++ b/roles/build/files/thehive_button/thehive_button/public/vis_controller.js
@@ -0,0 +1,555 @@
+//import { Status } from 'ui/vis/update_status';
+import { toastNotifications } from 'ui/notify';
+import { createTheHiveCase, addCaseObservables } from './create_case';
+//import vis_template from './vis_template.html';
+
+import React, { Component } from 'react';
+import {
+ EuiButton,
+ EuiButtonEmpty,
+ EuiModal,
+ EuiModalBody,
+ EuiModalFooter,
+ EuiModalHeader,
+ EuiModalHeaderTitle,
+ EuiOverlayMask,
+ EuiTitle,
+ EuiFlexGroup,
+ EuiFlexItem,
+ EuiSpacer,
+ EuiForm,
+ EuiFormRow,
+ EuiFieldText,
+ EuiTextArea,
+ EuiSuperSelect,
+ EuiBasicTable,
+ EuiCheckbox,
+ makeId,
+} from '@elastic/eui';
+
+
+// ********** React components **********
+
+// Main React component - the root of visualization
+export class TheHiveButtonVisComponent extends Component {
+ render() {
+ //console.log("TheHiveButtonVisComponent.render(), props:", this.props);
+ return (
+ <div>
+ <NewCaseButton params={this.props.vis.params} observables={this.props.visData} />
+ </div>
+ );
+ }
+
+ componentDidMount() {
+ this.props.renderComplete();
+ }
+
+ componentDidUpdate() {
+ this.props.renderComplete();
+ }
+}
+
+// Button to show the pop-up window (modal)
+// Props:
+// .params - visualization parameters (from vis.params)
+// .observables - object with lists of potential observables to add to the Case
+// for each field in params.obsFields there should be a key in this object
+// containing list of observables (this is returned by request_handler)
+class NewCaseButton extends Component {
+
+ constructor(props) {
+ super(props);
+ // Filter out invalid obsField specifications
+ this.obsFields = props.params.obsFields.filter( f => (f.name != "" && f.type != "" && f.cnt > 0) );
+ //console.log("Filtered field specs:", this.obsFields);
+
+ // The complete state is here, so it's kept even when modal is closed
+ this.state = {
+ isModalVisible: false,
+ isWorking: false, // used to show a spinner on submit button
+ ...this.create_initial_state(),
+ }
+
+ this.resetCnt = 0; // used to change Modal component key on each form reset
+
+ // Each handler function in a class (method) must be "binded" this way
+ this.closeModal = this.closeModal.bind(this);
+ this.showModal = this.showModal.bind(this);
+ this.resetForm = this.resetForm.bind(this);
+
+ this.onTitleChange = this.onTitleChange.bind(this);
+ this.onSeverityChange = this.onSeverityChange.bind(this);
+ this.onTLPChange = this.onTLPChange.bind(this);
+ this.onDescriptionChange = this.onDescriptionChange.bind(this);
+
+ this.onObsSelectionChange = this.onObsSelectionChange.bind(this);
+ this.onObsDataChange = this.onObsDataChange.bind(this);
+
+ this.submitCase = this.submitCase.bind(this);
+ }
+
+ create_initial_state() {
+ // create a new instance of initial state definition
+ let initial_state = {
+ // Case parameters
+ title: "",
+ description: "\n\n--\nCreated from Kibana",
+ severity: "2", // medium
+ tlp: "2", // amber
+ tags: [], // TODO (not implemented yet)
+ obsData: {}, // state of observables form fields (obsData->field->index->{descr,tlp,ioc,tags})
+ obsSel: {}, // list of observable selections (obsSel->field->list_of_selected_indices)
+ }
+ // pre-fill state of each observable to defaults
+ const initial_field_data = {descr: "", tlp: 2, ioc: false, tags: []};
+ for (let field of this.obsFields) {
+ const n_obs = this.props.observables[field.name].length;
+ // fill obsData with new copies of initial_field_data
+ initial_state.obsData[field.name] = new Array(n_obs).fill().map((_)=>({...initial_field_data}));
+ // nothing is selected
+ initial_state.obsSel[field.name] = new Array();
+ }
+ return initial_state;
+ }
+
+ componentDidUpdate(prevProps) {
+ // If list of observables was updated or obsFields setting has changed,
+ // reset the component state and precomputed variables.
+ if (this.props.observables != prevProps.observables) {
+ if (this.props.params.obsFields != prevProps.params.obsFields) {
+ // when obsFields change, observables must change as well, so this "if"
+ // can be inside the first one.
+ // Filter out invalid obsField specifications
+ this.obsFields = this.props.params.obsFields.filter( f => (f.name != "" && f.type != "" && f.cnt && f.cnt > 0) );
+ //console.log("Filtered field specs:", this.obsFields);
+ }
+ //console.log("New list of observables, resetting form.");
+ this.resetForm();
+ }
+ }
+
+ resetForm() {
+ this.setState(this.create_initial_state());
+ this.resetCnt += 1; // this changes the key of ModalContent, causing it to be replaced by new DOM elelments (otherwise, not all things are reset properly)
+ this.forceUpdate();
+ }
+
+ closeModal() {
+ this.setState({ isModalVisible: false });
+ }
+
+ showModal() {
+ this.setState({ isModalVisible: true });
+ }
+
+ // Event handlers for change of case parameter
+ onTitleChange(evt) {
+ this.setState({title: evt.target.value});
+ }
+ onSeverityChange(value) {
+ this.setState({severity: value});
+ }
+ onTLPChange(value) {
+ this.setState({tlp: value});
+ }
+ onDescriptionChange(evt) {
+ this.setState({description: evt.target.value});
+ }
+
+ // Event handler for observable (de)selection
+ onObsSelectionChange(fieldName, selectedItems) {
+ // Extract indices from the items and store them into state
+ const selectedIndices = selectedItems.map(item4 => item4.i);
+ this.setState((state, props) => {
+ let newObsSel = {...this.state.obsSel};
+ newObsSel[fieldName] = selectedIndices;
+ return {obsSel: newObsSel};
+ });
+ }
+
+ // Event handler for edit of a form field in observable row
+ // - fieldName: which field (table of observables)
+ // - ix: index of the observable in the field's table
+ // - param: one of: descr,tlp,ioc,tags
+ // - value: new value of the form field
+ onObsDataChange(fieldName, ix, param, value) {
+ this.setState((state, props) => {
+ let newObsData = {...this.state.obsData};
+ newObsData[fieldName][ix][param] = value;
+ return {obsData: newObsData};
+ });
+ }
+
+ // Render function
+ render() {
+ let modal;
+ if (this.state.isModalVisible) {
+ modal = <ModalContent
+ resetCnt={this.resetCnt} // used to change "key" of modalBody, causing all form fields to be re-created (some things are not reset properly by reseting state only)
+ close={this.closeModal}
+ reset={this.resetForm}
+ fields={this.obsFields}
+ observables={this.props.observables}
+ // form state
+ title={this.state.title}
+ description={this.state.description}
+ severity={this.state.severity}
+ tlp={this.state.tlp}
+ tags={this.state.tags}
+ obsData={this.state.obsData}
+ obsSel={this.state.obsSel}
+ spinner={this.state.isWorking}
+ // event handlers
+ onTitleChange={this.onTitleChange}
+ onSeverityChange={this.onSeverityChange}
+ onTLPChange={this.onTLPChange}
+ onDescriptionChange={this.onDescriptionChange}
+ onObsSelectionChange={this.onObsSelectionChange}
+ onObsDataChange={this.onObsDataChange}
+ submitCase={this.submitCase}
+ />;
+ }
+ return (
+ <div>
+ <EuiButton fill iconType="alert" color="danger" onClick={this.showModal}>Create new Case ...</EuiButton>
+ {modal}
+ </div>
+ );
+ }
+
+ // Submit case button handler
+ async submitCase(evt) {
+ const params = this.props.params;
+
+ // Get case parameters
+ const title = this.state.title;
+ const descr = this.state.description;
+ const severity = parseInt(this.state.severity);
+ const start_date = null;
+ const owner = params.owner;
+ const flag = false;
+ const tlp = parseInt(this.state.tlp);
+ const tags = this.state.tags;
+
+ if (!title) {
+ toastNotifications.addDanger("Title can't be empty");
+ return;
+ }
+
+ // Get list of selected observables and their params
+ let observables = [];
+ for (let field of this.obsFields) {
+ let selectionIndices = [...this.state.obsSel[field.name]]; // make a copy
+ selectionIndices.sort();
+ for (let i = 0; i < selectionIndices.length; i++) {
+ const j = selectionIndices[i]; // index of a selected obs. in the list of all observables
+ // fill in observable definition according to model at
+ // https://github.com/TheHive-Project/TheHiveDocs/blob/master/api/artifact.md
+ const obs = {
+ dataType: field.type,
+ data: this.props.observables[field.name][j],
+ message: this.state.obsData[field.name][j].descr,
+ tlp: this.state.obsData[field.name][j].tlp,
+ ioc: this.state.obsData[field.name][j].ioc,
+ tags: this.state.obsData[field.name][j].tags,
+ };
+ observables.push(obs);
+ }
+ }
+
+ //console.log("Selected observables:", observables);
+
+ // Check '/' at the end of base URL, add it if needed
+ let base_url = params.url;
+ if (base_url[base_url.length-1] != "/") {
+ base_url += "/";
+ }
+
+ // Show spinner at submit button
+ this.setState({isWorking: true});
+
+ // Submit request to create the case, handle response
+ let resp;
+ resp = await createTheHiveCase(base_url, params.apikey, title, descr, severity, start_date, owner, flag, tlp, tags);
+
+ if ('error' in resp) {
+ // Error contacting The Hive
+ console.error("TheHiveButton: ERROR when trying to create new case:", resp.error);
+ toastNotifications.addDanger("ERROR: " + resp.error);
+ this.setState({isWorking: false}); // Hide spinner
+ return;
+ }
+
+ console.log("TheHiveButton: Case created:", resp);
+ const case_id = resp.id;
+ const case_url = base_url + "index.html#/case/" + case_id + "/details";
+
+ // Show notification
+ let obs_text;
+ if (observables.length > 0) {
+ obs_text = "Adding " + observables.length + " observables in background ...";
+ }
+ else {
+ obs_text = "(no observables added)";
+ }
+ toastNotifications.add({
+ title: "Case created",
+ color: "success",
+ iconType: "checkInCircleFilled",
+ text: (
+ <div>
+ <p><b><a href={case_url} target="_blank">Edit the new Case</a></b></p>
+ <p>{obs_text}</p>
+ </div>
+ ),
+ });
+
+ // Close the popup window, reset form fields and hide spinner
+ this.closeModal();
+ this.resetForm();
+ this.setState({isWorking: false});
+
+ // Open a new window with the case in The Hive
+ // (adding observables may take some time, so the case is opened first;
+ // The Hive web is dynamic so the observables appear as they are added)
+ window.open(case_url, '_blank');
+
+ if (observables.length == 0)
+ return;
+
+ // Submit request to add observables
+ console.log("TheHiveButton: adding " + observables.length + " observables ...");
+ resp = await addCaseObservables(base_url, params.apikey, case_id, observables);
+
+ if ('error' in resp) {
+ console.error("TheHiveButton: ERROR when trying to add observables: " + resp.error);
+ toastNotifications.addDanger("ERROR when trying to add observables: " + resp.error);
+ }
+ else {
+ console.log("TheHiveButton: Done, observables added.");
+ toastNotifications.add("Done, observables added.");
+ }
+ }
+}
+
+
+// The popup window with a form
+// props:
+// - spinner: when true, disable form and show a spinner over it
+class ModalContent extends Component {
+ constructor(props) {
+ super(props);
+ // No state here, everything is in the parent class (NewCaseButton)
+
+ // "Select" options
+ this.severityOptions = [
+ {value: "1", inputDisplay: "low"},
+ {value: "2", inputDisplay: "medium"},
+ {value: "3", inputDisplay: "high"},
+ ];
+ this.tlpOptions = [
+ {value: "0", inputDisplay: "white"},
+ {value: "1", inputDisplay: "green"},
+ {value: "2", inputDisplay: "amber"},
+ {value: "3", inputDisplay: "red"},
+ ];
+ }
+
+ // Main render function
+ render() {
+ // TODO: replace Modal with Flyout?
+
+ // Note: onClick on EuiOverlayMask causes close of modal when clicked outside,
+ // implementation inspired by PR: https://github.com/elastic/eui/pull/3462/files#diff-c8fda532e48f75c94c343247cbc6b2d3R53-R60
+ return (
+ <EuiOverlayMask onClick={(evt) => {if (evt.target.classList.contains("euiOverlayMask")) this.props.close();} }>
+ <EuiModal onClose={this.props.close} maxWidth={false} initialFocus="[name=title]">
+ <EuiModalHeader>
+ <EuiModalHeaderTitle>Create a new case in The Hive</EuiModalHeaderTitle>
+ </EuiModalHeader>
+
+ <EuiModalBody key={this.props.resetCnt}>
+ <EuiForm style={{width: "800px"}}>
+ <EuiFlexGroup>
+ <EuiFlexItem grow={1}>
+ <EuiFormRow label="Title" fullWidth>
+ <EuiFieldText name="title" value={this.props.title} onChange={this.props.onTitleChange} required={true} fullWidth />
+ </EuiFormRow>
+ </EuiFlexItem>
+ <EuiFlexItem grow={false}>
+ <EuiFormRow label="Severity">
+ <EuiSuperSelect
+ options={this.severityOptions}
+ valueOfSelected={this.props.severity}
+ onChange={this.props.onSeverityChange}
+ />
+ </EuiFormRow>
+ </EuiFlexItem>
+ <EuiFlexItem grow={false}>
+ <EuiFormRow label="TLP">
+ <EuiSuperSelect
+ prepend="TLP"
+ options={this.tlpOptions}
+ valueOfSelected={this.props.tlp}
+ onChange={this.props.onTLPChange}
+ />
+ </EuiFormRow>
+ </EuiFlexItem>
+ </EuiFlexGroup>
+ <EuiFormRow label="Description" fullWidth>
+ <EuiTextArea
+ defaultValue={this.props.description}
+ onChange={this.props.onDescriptionChange}
+ rows={4}
+ fullWidth
+ />
+ </EuiFormRow>
+
+ {this.props.fields.length > 0 && <EuiTitle size="s"><h3>Add observables from current query ...</h3></EuiTitle>}
+ {this.props.fields.map((field,ix) => (
+ <ObservablesTable
+ key={field.name + ":" + this.props.resetCnt}
+ fieldName={field.name}
+ observables={this.props.observables[field.name]}
+ obsData={this.props.obsData[field.name]}
+ obsSel={this.props.obsSel[field.name]}
+ onObsSelectionChange={this.props.onObsSelectionChange}
+ onObsDataChange={this.props.onObsDataChange}
+ />
+ ))}
+ </EuiForm>
+ </EuiModalBody>
+
+ <EuiModalFooter>
+ <EuiButtonEmpty onClick={this.props.close}>Close</EuiButtonEmpty>
+ <EuiButtonEmpty onClick={this.props.reset}>Reset</EuiButtonEmpty>
+ <EuiButton onClick={this.props.submitCase} fill isLoading={this.props.spinner}>Create Case</EuiButton>
+ </EuiModalFooter>
+ </EuiModal>
+ </EuiOverlayMask>
+ );
+ }
+}
+
+// Table of potential observables taken from a given field, allowing to select
+// which observables to send to The Hive.
+// Props:
+// fieldName - name of the field this table is for
+// observables - list of observable IDs of this field
+// obsData - array of objects specifying state of form fields in the table (.descr, .tlp, ...)
+// obsSel - array of indices of selected observables
+class ObservablesTable extends Component {
+
+ constructor(props) {
+ super(props);
+
+ // Table columns definition
+ this.columns = [
+ {
+ field: "id",
+ name: "Observable",
+ },
+ {
+ field: "descr",
+ name: "Description",
+ description: "Description of the observable in the context of the case",
+ render: (value, item1) => (<EuiFieldText
+ value={item1.descr}
+ onChange={(e) => this.props.onObsDataChange(props.fieldName, item1.i, "descr", e.target.value)}
+ disabled={!item1.selected}
+ />)
+ },
+ /*{
+ field: "tlp",
+ name: "TLP",
+ dataType: "number",
+ // TODO render and process changes
+ },*/
+ {
+ field: "ioc",
+ name: "Is IOC",
+ dataType: "boolean",
+ description: "Indicates if the observable is an IOC",
+ render: (value, item2) => (<EuiCheckbox
+ id={"ioc-checkbox-"+item2.id}
+ checked={item2.ioc}
+ onChange={(e) => this.props.onObsDataChange(props.fieldName, item2.i, "ioc", e.target.checked)}
+ disabled={!item2.selected}
+ />)
+ },
+ /*{
+ field: "tags",
+ name: "Tags",
+ // TODO render and process changes
+ },*/
+ ]
+
+ // Create a reference to EuiBasicTable, so it's node can be accessed in componentDidMount
+ this.tableRef = React.createRef();
+ }
+
+ render() {
+ // Table data definition (convert props to format suitable for EuiBasicTable)
+ const n_obs = this.props.observables.length;
+ this.table_data = new Array(n_obs);
+ for (let i = 0; i < n_obs; i++) {
+ this.table_data[i] = {
+ id: this.props.observables[i],
+ descr: this.props.obsData[i].descr,
+ tlp: this.props.obsData[i].tlp,
+ ioc: this.props.obsData[i].ioc,
+ tags: this.props.obsData[i].tags,
+ // auxiliary fields, not shown in table:
+ i: i, // row index
+ selected: this.props.obsSel.includes(i),
+ };
+ }
+
+ return (
+ <>
+ <EuiTitle size="xs"><h4>{this.props.fieldName}</h4></EuiTitle>
+ <EuiBasicTable
+ ref={this.tableRef}
+ columns={this.columns}
+ items={this.table_data}
+ itemId={(item3) => item3.id}
+ selection={ {onSelectionChange: (selectedItems) => this.props.onObsSelectionChange(this.props.fieldName, selectedItems) } }
+ noItemsMessage="No observables found"
+ rowProps={{
+ // Hack to allow selection by clicking anywhere in the table row
+ // (except input elements)
+ onClick: (e) => {
+ if (e.target.tagName != "INPUT") {
+ // simulate click on the first checkbox in the row to (de)select the row
+ e.currentTarget.querySelector("input").click();
+ e.currentTarget.blur(); // without this the focus remains on the row after click (results in different color)
+ }
+ },
+ tabIndex: "-1", // prevents focus on row by keyboard navigation
+ }}
+ />
+ <EuiSpacer size="l" />
+ </>
+ )
+ }
+
+ componentDidMount() {
+ // There's no way to specify initially selected items in EuiBasicTable by
+ // props, but we may need to select some (in case a user selects some obs.,
+ // closes the modal and opens it again).
+ // However, the selection is stored as a 'selection' field of table's state,
+ // so here we directly edit the state just after the table is created.
+
+ // Prepare the 'selection' array - it should contain a list of selected row specifications
+ let selection = [];
+ for (let ix of this.props.obsSel) {
+ selection.push(this.table_data[ix]);
+ }
+
+ // Get ref to EuiBasicTable element and update its state
+ const table_node = this.tableRef.current;
+ table_node.setState({selection: selection});
+ }
+}
+
diff --git a/roles/build/files/thehive_button/thehive_button/server/routes/newcase.js b/roles/build/files/thehive_button/thehive_button/server/routes/newcase.js
new file mode 100644
index 0000000000000000000000000000000000000000..175dee818c5569a5e5e02db31a6e443abe5f03fb
--- /dev/null
+++ b/roles/build/files/thehive_button/thehive_button/server/routes/newcase.js
@@ -0,0 +1,153 @@
+const request = require('request');
+//const fs = require('fs');
+//const path = require('path');
+
+//const caFile = path.resolve(__dirname, '../../ca.cert.pem'); // TODO resolve where the CA file should be located / configured
+
+export default function (server) {
+ server.route({
+ path: '/api/thehive_button/new_case',
+ method: 'POST',
+ handler: newCaseHandler,
+ });
+ server.route({
+ path: '/api/thehive_button/add_observables',
+ method: 'POST',
+ handler: addObservablesHandler,
+ });
+}
+
+// Handler of ajax requests to create a new Case in The Hive
+function newCaseHandler(req, resp) {
+ // Parse the request to get connection parameters
+ // (everything is configured in forntend and sent as part of the request,
+ // since I don't know how to configure the backend)
+ var base_url = req.payload['base_url'];
+ var api_key = req.payload['api_key'];
+ var req_body = req.payload['body'];
+
+ // check it's a valid URL with slash at the end
+ if (!base_url) {
+ return {'error': 'Base URL not set'};
+ }
+ if (!base_url.match(/https?:\/\/(([a-z\d.-]+)|((\d{1,3}\.){3}\d{1,3}))(\:\d+)?(\/[-a-z\d%_.~+]*)*\//i)) {
+ //if (!base_url.match(/https?:\/\/.*\//)) {
+ return {'error': 'Invalid base URL (it must begin with "http[s]" and end with "/")'};
+ }
+ if (!api_key) {
+ return {'error': 'API key not set'};
+ }
+
+ return new Promise( function(resolve, reject) {
+ request({
+ method: 'POST',
+ url: base_url + 'api/case',
+ auth: {'bearer': api_key},
+ json: true,
+ body: req_body,
+ //ca: fs.readFileSync(caFile), // TODO resolve the issue with custom CA, where to get its cert?
+ rejectUnauthorized: false,
+ },
+ // handler of the reply from The Hive - just return as reply
+ function (error, response, body) {
+ // TODO: find out how to set response code, for now we always return sucess and encode original status code in the content
+ if (error) {
+ console.error("ERROR when trying to send request to The Hive:", error);
+ resolve({'error': error.message});
+ }
+ else {
+ if (response.statusCode < 200 || response.statusCode >= 300) {
+ console.error("ERROR Unexpected reply received from The Hive:", response.statusCode, response.statusMessage, "\n", body)
+ }
+ resolve({
+ 'status_code': response.statusCode,
+ 'status_msg': response.statusMessage,
+ 'body': body
+ });
+ }
+ } // handler function
+ ); // request()
+ }); // Promise()
+}
+
+// Note:
+// There are two ways to create multiple Observables (artifacts) via The Hive API:
+// 1. post one request with an array of observables in "data" field
+// - this allows to create all in one request, but doesn't allow to set
+// different parameters (IOC, TLP, etc.) to different observables
+// 2. post each observable in a separate request
+// The second way is used here.
+
+// Handler of ajax requests to add Observables to a Case in The Hive
+function addObservablesHandler(req, resp) {
+ // Parse the request to get connection parameters
+ // (everything is configured in forntend and sent as part of the request,
+ // since I don't know how to configure the backend)
+ var base_url = req.payload['base_url'];
+ var api_key = req.payload['api_key'];
+
+ // check it's a valid URL with slash at the end
+ if (!base_url) {
+ return {'error': 'Base URL not set'};
+ }
+ if (!base_url.match(/https?:\/\/(([a-z\d.-]+)|((\d{1,3}\.){3}\d{1,3}))(\:\d+)?(\/[-a-z\d%_.~+]*)*\//i)) {
+ //if (!base_url.match(/https?:\/\/.*\//)) {
+ return {'error': 'Invalid base URL (it must begin with "http[s]" and end with "/")'};
+ }
+ // TODO add "/" to the end automatically
+ if (!api_key) {
+ return {'error': 'API key not set'};
+ }
+
+ const caseid = req.payload['caseid'];
+ const observables = req.payload['observables']; // array of obersvable specifications
+
+ return new Promise( async function(resolve, reject) {
+ // Run one request for each observable
+ // (A way to run multiple async tasks sequentially inspired by:
+ // https://jrsinclair.com/articles/2019/how-to-run-async-js-in-parallel-or-sequential/ )
+ const starterPromise = Promise.resolve(null);
+ await observables.reduce(
+ (p, obs) => p.then(() => addObservable(base_url, api_key, caseid, obs)),
+ starterPromise
+ ).catch((err_msg) => {
+ console.error(err_msg); // log whole message
+ resolve({'error': err_msg.split("\n", 1)[0]}); // send the first line to frontend
+ return;
+ }
+ );
+ resolve({});
+ });
+}
+
+function addObservable(base_url, api_key, caseid, obs) {
+ return new Promise( function(resolve, reject) {
+ //console.log("Adding observable:", obs);
+ request({
+ method: 'POST',
+ url: base_url + 'api/case/' + caseid + "/artifact",
+ auth: {'bearer': api_key},
+ json: true,
+ body: obs,
+ //ca: fs.readFileSync(caFile), // TODO resolve the issue with custom CA, where to get its cert?
+ rejectUnauthorized: false,
+ },
+ // handler of the reply from The Hive - just return as reply
+ function (error, response, body) {
+ if (error) {
+ reject("ERROR when trying to send request to The Hive: " + error);
+ }
+ else if (response.statusCode < 200 || response.statusCode >= 300) {
+ reject("ERROR: Unexpected reply received from The Hive: " + response.statusCode + " " + response.statusMessage + "\n" + JSON.stringify(body));
+ }
+ else {
+ // success - continue with the next observable
+ resolve("OK");
+ resolve({})
+ }
+ } // handler function
+ ); // request()
+ }); //Promise()
+}
+
+
diff --git a/roles/build/files/zookeeperDockerfile b/roles/build/files/zookeeperDockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..33ea38ad66a5b006a77ee2c5fd396a285ff654f7
--- /dev/null
+++ b/roles/build/files/zookeeperDockerfile
@@ -0,0 +1,34 @@
+FROM gn43-dsl/openjdk:7a20201004
+#LABEL maintainer="Apache NiFi <dev@nifi.apache.org>"
+#LABEL site="https://nifi.apache.org"
+
+#ARG UID=1000
+#ARG GID=1000
+ARG ZOOKEEPER_VERSION=3.5.5
+ARG BASE_URL=https://archive.apache.org/dist
+ARG MIRROR_BASE_URL=${MIRROR_BASE_URL:-${BASE_URL}}
+ARG ZOOKEEPER_BINARY_PATH=${ZOOKEEPER_BINARY_PATH:-/zookeeper/zookeeper-${ZOOKEEPER_VERSION}/apache-zookeeper-${ZOOKEEPER_VERSION}-bin.tar.gz}
+
+ENV ZOOKEEPER_BASE_DIR=/opt
+
+#ENV ZOOKEEPER_PID_DIR=${ZOOKEEPER_HOME}/run
+#ENV ZOOKEEPER_LOG_DIR=${ZOOKEEPER_HOME}/logs
+
+# USER nifi
+
+# Download, validate, and expand Apache NiFi binary.
+RUN curl -fSL ${MIRROR_BASE_URL}/${ZOOKEEPER_BINARY_PATH} -o ${ZOOKEEPER_BASE_DIR}/apache-zookeeper-${ZOOKEEPER_VERSION}-bin.tar.gz \
+# && echo "$(curl ${BASE_URL}/${ZOOKEEPER_BINARY_PATH}.sha512) *${ZOOKEEPER_BASE_DIR}/apache-zookeeper-${ZOOKEEPER_VERSION}-bin.tar.gz" | sha256sum -c - \
+ && tar -xzf ${ZOOKEEPER_BASE_DIR}/apache-zookeeper-${ZOOKEEPER_VERSION}-bin.tar.gz -C ${ZOOKEEPER_BASE_DIR} \
+ && mv ${ZOOKEEPER_BASE_DIR}/apache-zookeeper-${ZOOKEEPER_VERSION}-bin ${ZOOKEEPER_BASE_DIR}/zookeeper \
+ && rm ${ZOOKEEPER_BASE_DIR}/apache-zookeeper-${ZOOKEEPER_VERSION}-bin.tar.gz \
+ && cp ${ZOOKEEPER_BASE_DIR}/zookeeper/conf/zoo_sample.cfg ${ZOOKEEPER_BASE_DIR}/zookeeper/conf/zoo.cfg
+
+# Web HTTP(s) & Socket Site-to-Site Ports
+EXPOSE 2181 2888 3888
+
+WORKDIR ${ZOOKEEPER_BASE_DIR}/zookeeper
+
+ENTRYPOINT ["/opt/zookeeper/bin/zkServer.sh"]
+CMD ["start-foreground"]
+
diff --git a/roles/build/tasks/cassandra.yml b/roles/build/tasks/cassandra.yml
new file mode 100644
index 0000000000000000000000000000000000000000..1c0a2c6930135fe01a0e9e872e036f6c911eccd3
--- /dev/null
+++ b/roles/build/tasks/cassandra.yml
@@ -0,0 +1,11 @@
+---
+
+- name: Configure the cassandra Dockerfile
+ template:
+ src: cassandra/Dockerfile.j2
+ dest: "{{role_path}}/files/cassandraDockerfile"
+
+- name: Build cassandra image
+ command: docker build -t {{repo}}/cassandra:{{version}}{{suffix}} -f {{role_path}}/files/cassandraDockerfile {{role_path}}/files
+
+
diff --git a/roles/build/tasks/cortex.yml b/roles/build/tasks/cortex.yml
new file mode 100644
index 0000000000000000000000000000000000000000..9a5adbef67cf1fee1f7eb48f23e4d083a8c6631d
--- /dev/null
+++ b/roles/build/tasks/cortex.yml
@@ -0,0 +1,11 @@
+---
+
+- name: Configure the Cortex Dockerfile
+ template:
+ src: cortex/Dockerfile.j2
+ dest: "{{role_path}}/files/cortexDockerfile"
+
+- name: Build the Cortex image
+ command: docker build -t {{repo}}/cortex:{{version}}{{suffix}} -f {{role_path}}/files/cortexDockerfile {{role_path}}/files
+
+
diff --git a/roles/build/tasks/haproxy.yml b/roles/build/tasks/haproxy.yml
new file mode 100644
index 0000000000000000000000000000000000000000..9cb45f840be6ad255b6420abcabc83fbed79b96a
--- /dev/null
+++ b/roles/build/tasks/haproxy.yml
@@ -0,0 +1,10 @@
+---
+
+- name: Configure the haproxy Dockerfile
+ template:
+ src: haproxy/Dockerfile.j2
+ dest: "{{role_path}}/files/haproxyDockerfile"
+
+- name: Build haproxy image
+ command: docker build -t {{repo}}/haproxy:{{version}}{{suffix}} -f {{role_path}}/files/haproxyDockerfile {{role_path}}/files
+
diff --git a/roles/build/tasks/keycloak.yml b/roles/build/tasks/keycloak.yml
new file mode 100644
index 0000000000000000000000000000000000000000..f7a7c2b1989bf013e7a23a1646e7d7e62500098e
--- /dev/null
+++ b/roles/build/tasks/keycloak.yml
@@ -0,0 +1,18 @@
+---
+
+- name: Configure the keycloak Dockerfile
+ template:
+ src: keycloak/Dockerfile.j2
+ dest: "{{role_path}}/files/keycloakDockerfile"
+
+- name: Copy tools to build path
+ command: "cp -av {{role_path}}/templates/keycloak/keycloak-tools/ {{role_path}}/files/keycloak-tools/"
+
+- name: Build keycloak image
+ command: docker build -t {{repo}}/keycloak:{{version}}{{suffix}} -f {{role_path}}/files/keycloakDockerfile {{role_path}}/files
+
+- name: Remove tools from build path
+ file:
+ path: "{{role_path}}/files/keycloak-tools/"
+ state: absent
+
diff --git a/roles/build/tasks/misp.yml b/roles/build/tasks/misp.yml
new file mode 100644
index 0000000000000000000000000000000000000000..d52c39c7d0292a5b6285fbc23220b3cf33be422d
--- /dev/null
+++ b/roles/build/tasks/misp.yml
@@ -0,0 +1,20 @@
+---
+
+- name: Configure the misp Dockerfile
+ template:
+ src: misp/Dockerfile.j2
+ dest: "{{role_path}}/files/mispDockerfile"
+
+- name: Configure the misp supervisor
+ template:
+ src: misp/supervisord.conf.j2
+ dest: "{{role_path}}/files/mispsupervisord.conf"
+
+- name: Configure the misp worker startscript
+ template:
+ src: misp/start.sh.j2
+ dest: "{{role_path}}/files/mispstart.sh"
+
+- name: Build misp image
+ command: docker build -t {{repo}}/misp:{{version}}{{suffix}} -f {{role_path}}/files/mispDockerfile {{role_path}}/files
+
diff --git a/roles/build/tasks/mysql.yml b/roles/build/tasks/mysql.yml
new file mode 100644
index 0000000000000000000000000000000000000000..a0281907e39a5f8aaa59648b8eae0b90ce968f58
--- /dev/null
+++ b/roles/build/tasks/mysql.yml
@@ -0,0 +1,15 @@
+---
+
+- name: Configure the mysql Dockerfile
+ template:
+ src: mysql/Dockerfile.j2
+ dest: "{{role_path}}/files/mysqlDockerfile"
+
+- name: Configure the mysql supervisor
+ template:
+ src: mysql/supervisord.conf.j2
+ dest: "{{role_path}}/files/mysqlsupervisord.conf"
+
+- name: Build mysql image
+ command: docker build -t {{repo}}/mysql:{{version}}{{suffix}} -f {{role_path}}/files/mysqlDockerfile {{role_path}}/files
+
diff --git a/roles/build/tasks/nifi.yml b/roles/build/tasks/nifi.yml
new file mode 100644
index 0000000000000000000000000000000000000000..423978d987b5ced99a995ddc5a3e733cf56504da
--- /dev/null
+++ b/roles/build/tasks/nifi.yml
@@ -0,0 +1,11 @@
+---
+
+- name: Configure the nifi Dockerfile
+ template:
+ src: nifi/Dockerfile.j2
+ dest: "{{role_path}}/files/nifiDockerfile"
+
+- name: Build nifi image
+ command: docker build -t {{repo}}/nifi:{{version}}{{suffix}} -f {{role_path}}/files/nifiDockerfile {{role_path}}/files
+
+
diff --git a/roles/build/tasks/odfees.yml b/roles/build/tasks/odfees.yml
new file mode 100644
index 0000000000000000000000000000000000000000..5741223fdd61d30801eec2fc4c2bdbe1fdb7ed36
--- /dev/null
+++ b/roles/build/tasks/odfees.yml
@@ -0,0 +1,18 @@
+---
+
+- name: Configure elasticsearch Dockerfile
+ template:
+ src: odfees/Dockerfile-elastic.j2
+ dest: "{{role_path}}/files/elasticDockerfile"
+
+- name: Build elasticsearch image
+ command: docker build -t {{repo}}/elasticsearch:{{version}}{{suffix}} -f {{role_path}}/files/elasticDockerfile {{role_path}}/files
+
+- name: Configure odfe elasticsearch Dockerfile
+ template:
+ src: odfees/Dockerfile-odfeelastic.j2
+ dest: "{{role_path}}/files/odfeesDockerfile"
+
+- name: Build odfe elasticsearch image
+ command: docker build -t {{repo}}/odfees:{{version}}{{suffix}} -f {{role_path}}/files/odfeesDockerfile {{role_path}}/files
+
diff --git a/roles/build/tasks/odfekibana.yml b/roles/build/tasks/odfekibana.yml
new file mode 100644
index 0000000000000000000000000000000000000000..8e1980a7680f5f23b7370d61dba057e457430291
--- /dev/null
+++ b/roles/build/tasks/odfekibana.yml
@@ -0,0 +1,22 @@
+---
+
+- name: Configure kibana Dockerfile
+ template:
+ src: odfekibana/Dockerfile-kibana.j2
+ dest: "{{role_path}}/files/kibanaDockerfile"
+
+- name: Copy tools to build path
+ command: "cp -av {{role_path}}/templates/odfekibana/thehive_button/ {{role_path}}/files/thehive_button/"
+
+- name: Build kibana image
+ command: docker build -t {{repo}}/kibana:{{version}}{{suffix}} -f {{role_path}}/files/kibanaDockerfile {{role_path}}/files
+
+- name: Configure odfe kibana Dockerfile
+ template:
+ src: odfekibana/Dockerfile-odfekibana.j2
+ dest: "{{role_path}}/files/odfekibanaDockerfile"
+
+- name: Build odfe kibana image
+ command: docker build -t {{repo}}/odfekibana:{{version}}{{suffix}} -f {{role_path}}/files/odfekibanaDockerfile {{role_path}}/files
+
+
diff --git a/roles/build/tasks/openjdk.yml b/roles/build/tasks/openjdk.yml
new file mode 100644
index 0000000000000000000000000000000000000000..8754ac7fdf7d6147ab522f936b8888a5fd5a7e60
--- /dev/null
+++ b/roles/build/tasks/openjdk.yml
@@ -0,0 +1,11 @@
+---
+
+- name: Configure the openjdk Dockerfile
+ template:
+ src: openjdk/Dockerfile.j2
+ dest: "{{role_path}}/files/openjdkDockerfile"
+
+- name: Build openjdk image
+ command: docker build -t {{repo}}/openjdk:{{version}}{{suffix}} -f {{role_path}}/files/openjdkDockerfile {{role_path}}/files
+
+
diff --git a/roles/build/tasks/thehive.yml b/roles/build/tasks/thehive.yml
new file mode 100644
index 0000000000000000000000000000000000000000..35fe08ebf7d5da456a40f0a0de273d102d5eada2
--- /dev/null
+++ b/roles/build/tasks/thehive.yml
@@ -0,0 +1,11 @@
+---
+
+- name: Configure theHive Dockerfile
+ template:
+ src: thehive/Dockerfile.j2
+ dest: "{{role_path}}/files/thehiveDockerfile"
+
+- name: Build theHive image
+ command: docker build -t {{repo}}/thehive:{{version}}{{suffix}} -f {{role_path}}/files/thehiveDockerfile {{role_path}}/files
+
+
diff --git a/roles/build/tasks/zookeeper.yml b/roles/build/tasks/zookeeper.yml
new file mode 100644
index 0000000000000000000000000000000000000000..a61a6b397f8d1d34559da24f290df8ea93b85f94
--- /dev/null
+++ b/roles/build/tasks/zookeeper.yml
@@ -0,0 +1,11 @@
+---
+
+- name: Configure the zookeeper Dockerfile
+ template:
+ src: zookeeper/Dockerfile.j2
+ dest: "{{role_path}}/files/zookeeperDockerfile"
+
+- name: Build zookeeper image
+ command: docker build -t {{repo}}/zookeeper:{{version}}{{suffix}} -f {{role_path}}/files/zookeeperDockerfile {{role_path}}/files
+
+
diff --git a/roles/build/templates/cassandra/cassandra.repo.j2 b/roles/build/templates/cassandra/cassandra.repo.j2
new file mode 100644
index 0000000000000000000000000000000000000000..8fdb78c9a4e3868ea6693110941914adc511877e
--- /dev/null
+++ b/roles/build/templates/cassandra/cassandra.repo.j2
@@ -0,0 +1,6 @@
+[cassandra]
+name=Apache Cassandra
+baseurl=https://downloads.apache.org/cassandra/redhat/311x/
+gpgcheck=1
+repo_gpgcheck=1
+gpgkey=https://downloads.apache.org/cassandra/KEYS
diff --git a/roles/build/templates/cassandra/start.sh.j2 b/roles/build/templates/cassandra/start.sh.j2
new file mode 100644
index 0000000000000000000000000000000000000000..fa91e921956d5d2d6fa1be6812a9794071b20965
--- /dev/null
+++ b/roles/build/templates/cassandra/start.sh.j2
@@ -0,0 +1,10 @@
+#!/bin/bash
+export CASSANDRA_HOME=/usr/share/cassandra
+export CASSANDRA_CONF=$CASSANDRA_HOME/conf
+export CASSANDRA_INCLUDE=$CASSANDRA_HOME/cassandra.in.sh
+log_file=/var/log/cassandra/cassandra.log
+pid_file=/var/run/cassandra/cassandra.pid
+lock_file=/var/lock/subsys/cassandra
+CASSANDRA_PROG=/usr/sbin/cassandra
+
+$CASSANDRA_PROG -p $pid_file > $log_file 2>&1
diff --git a/roles/build/templates/cassandra/supervisord.conf.j2 b/roles/build/templates/cassandra/supervisord.conf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..d1f405eb91d5bae99af653dae0d5c246ae723f08
--- /dev/null
+++ b/roles/build/templates/cassandra/supervisord.conf.j2
@@ -0,0 +1,10 @@
+[supervisord]
+loglevel=debug
+nodaemon=true
+[program:cassandra]
+user=cassandra
+directory=/usr/share/cassandra
+stdout_logfile=/var/log/cassandra/cassandra.log
+redirect_stderr=true
+environment=CASSANDRA_HOME="/usr/share/cassandra",CASSANDRA_CONF="/usr/share/cassandra/conf",CASSANDRA_INCLUDE="$CASSANDRA_HOME/cassandra.in.sh"
+command=/usr/sbin/cassandra -p /var/run/cassandra/cassandra.pid
diff --git a/roles/build/templates/misp/supervisord.conf.j2 b/roles/build/templates/misp/supervisord.conf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..fbd4dea3bbd292aa2eea51772ecc559dc0b51703
--- /dev/null
+++ b/roles/build/templates/misp/supervisord.conf.j2
@@ -0,0 +1,25 @@
+[supervisord]
+nodaemon=false
+user=root
+
+[program:php-fpm]
+# EnvironmentFile=/etc/opt/rh/rh-php72/sysconfig/php-fpm
+command=/opt/rh/rh-php72/root/usr/sbin/php-fpm --nodaemonize
+
+[program:redis-server]
+process_name = redis-server
+directory = /var/opt/rh/rh-redis32/lib/redis/
+command=/opt/rh/rh-redis32/root/usr/bin/redis-server /etc/opt/rh/rh-redis32/redis.conf
+user=redis
+
+[program:apache2]
+command=/usr/sbin/httpd -DFOREGROUND
+
+[program:misp-modules]
+command=/bin/bash -c "/usr/local/bin/misp-modules -l '0.0.0.0' -s"
+user = apache
+startsecs = 0
+
+[program:workers]
+command=/bin/bash /var/www/MISP/app/Console/worker/start.sh
+user=apache
diff --git a/roles/build/templates/mysql/supervisord.conf.j2 b/roles/build/templates/mysql/supervisord.conf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..e44e9fe1189eae3241d8bb1001c3a081a386353c
--- /dev/null
+++ b/roles/build/templates/mysql/supervisord.conf.j2
@@ -0,0 +1,7 @@
+[supervisord]
+loglevel=debug
+nodaemon=true
+[program:mysql]
+user=mysql
+directory=/var/lib/mysql
+command=/opt/rh/rh-mariadb103/root/usr/libexec/mysqld-scl-helper enable rh-mariadb103 -- /opt/rh/rh-mariadb103/root/usr/libexec/mysqld --basedir=/opt/rh/rh-mariadb103/root/usr
diff --git a/roles/build/templates/odfees/Dockerfile-elastic.j2 b/roles/build/templates/odfees/Dockerfile-elastic.j2
new file mode 100644
index 0000000000000000000000000000000000000000..dd2ad126108e11ad523a8357393f1810de46d650
--- /dev/null
+++ b/roles/build/templates/odfees/Dockerfile-elastic.j2
@@ -0,0 +1,21 @@
+FROM {{repo}}/openjdk:{{version}}{{suffix}}
+
+ENV PATH="/usr/share/elasticsearch/bin:${PATH}"
+
+RUN groupadd -g 1000 elasticsearch && \
+ adduser -u 1000 -g 1000 -d /usr/share/elasticsearch elasticsearch
+
+WORKDIR /usr/share/elasticsearch
+
+RUN rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch && \
+ rpm -Uvh https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-{{elk_version}}-no-jdk-x86_64.rpm && \
+ cp -a /etc/elasticsearch/ /usr/share/elasticsearch/config/ && \
+ chown -R elasticsearch /usr/share/elasticsearch/config && \
+ mkdir -p /usr/share/elasticsearch/data && \
+ chown -R elasticsearch /usr/share/elasticsearch/data && \
+ sed -i -e 's,ES_PATH_CONF=/etc/elasticsearch,ES_PATH_CONF=/usr/share/elasticsearch/config,g' /etc/sysconfig/elasticsearch
+
+EXPOSE 9200 9300
+USER elasticsearch
+ENTRYPOINT ["/bin/bash"]
+
diff --git a/roles/build/templates/odfees/Dockerfile-odfeelastic.j2 b/roles/build/templates/odfees/Dockerfile-odfeelastic.j2
new file mode 100644
index 0000000000000000000000000000000000000000..0803d0bf517d57ce14364bd35be194f6bdbae0cc
--- /dev/null
+++ b/roles/build/templates/odfees/Dockerfile-odfeelastic.j2
@@ -0,0 +1,16 @@
+FROM {{repo}}/elasticsearch:{{version}}{{suffix}}
+
+ENV PATH="/usr/share/elasticsearch/bin:${PATH}"
+
+USER root
+WORKDIR /usr/share/elasticsearch
+
+RUN for PLUGIN in \
+ https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins/opendistro-security/opendistro_security-{{odfeplugin_version}}.zip \
+ https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins/opendistro-alerting/opendistro_alerting-{{odfeplugin_version}}.zip \
+ https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins/opendistro-sql/opendistro_sql-{{odfeplugin_version}}.zip; \
+ do bin/elasticsearch-plugin install -b ${PLUGIN}; done && \
+ chown -R elasticsearch plugins/opendistro_security
+
+USER elasticsearch
+
diff --git a/roles/build/templates/odfekibana/Dockerfile-odfekibana.j2 b/roles/build/templates/odfekibana/Dockerfile-odfekibana.j2
new file mode 100644
index 0000000000000000000000000000000000000000..ee69568d34d6fe879de100414f8f3b96b2252d7f
--- /dev/null
+++ b/roles/build/templates/odfekibana/Dockerfile-odfekibana.j2
@@ -0,0 +1,18 @@
+FROM {{repo}}/kibana:{{version}}{{suffix}}
+
+ENV PATH="/usr/share/kibana/bin:${PATH}"
+
+USER root
+WORKDIR /usr/share/kibana
+
+RUN for PLUGIN in \
+ https://d3g5vo6xdbdb9a.cloudfront.net/downloads/kibana-plugins/opendistro-security/opendistro_security_kibana_plugin-{{odfeplugin_version}}.zip \
+ https://d3g5vo6xdbdb9a.cloudfront.net/downloads/kibana-plugins/opendistro-alerting/opendistro-alerting-{{odfeplugin_version}}.zip \
+ https://d3g5vo6xdbdb9a.cloudfront.net/downloads/kibana-plugins/opendistro-index-management/opendistro_index_management_kibana-{{odfeplugin_version}}.zip; \
+ do bin/kibana-plugin install --allow-root ${PLUGIN}; done
+
+ADD thehive_button /usr/share/kibana/plugins/thehive_button
+RUN chown -R kibana:kibana /usr/share/kibana/plugins/thehive_button
+
+USER kibana
+
diff --git a/roles/build/templates/thehive/start.sh b/roles/build/templates/thehive/start.sh
new file mode 100644
index 0000000000000000000000000000000000000000..fa91e921956d5d2d6fa1be6812a9794071b20965
--- /dev/null
+++ b/roles/build/templates/thehive/start.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+export CASSANDRA_HOME=/usr/share/cassandra
+export CASSANDRA_CONF=$CASSANDRA_HOME/conf
+export CASSANDRA_INCLUDE=$CASSANDRA_HOME/cassandra.in.sh
+log_file=/var/log/cassandra/cassandra.log
+pid_file=/var/run/cassandra/cassandra.pid
+lock_file=/var/lock/subsys/cassandra
+CASSANDRA_PROG=/usr/sbin/cassandra
+
+$CASSANDRA_PROG -p $pid_file > $log_file 2>&1
diff --git a/roles/build/templates/thehive/supervisord.conf b/roles/build/templates/thehive/supervisord.conf
new file mode 100644
index 0000000000000000000000000000000000000000..d1f405eb91d5bae99af653dae0d5c246ae723f08
--- /dev/null
+++ b/roles/build/templates/thehive/supervisord.conf
@@ -0,0 +1,10 @@
+[supervisord]
+loglevel=debug
+nodaemon=true
+[program:cassandra]
+user=cassandra
+directory=/usr/share/cassandra
+stdout_logfile=/var/log/cassandra/cassandra.log
+redirect_stderr=true
+environment=CASSANDRA_HOME="/usr/share/cassandra",CASSANDRA_CONF="/usr/share/cassandra/conf",CASSANDRA_INCLUDE="$CASSANDRA_HOME/cassandra.in.sh"
+command=/usr/sbin/cassandra -p /var/run/cassandra/cassandra.pid
diff --git a/roles/build/templates/thehive/thehive.repo b/roles/build/templates/thehive/thehive.repo
new file mode 100644
index 0000000000000000000000000000000000000000..ff3806454fc41de2193c94a2a4da095b763d95bf
--- /dev/null
+++ b/roles/build/templates/thehive/thehive.repo
@@ -0,0 +1,7 @@
+[thehive-project]
+enabled=1
+priority=1
+name=TheHive-Project RPM repository
+baseurl=http://rpm.thehive-project.org/stable/noarch
+gpgcheck=1
+
diff --git a/roles/ca/files/CA/.rnd b/roles/ca/files/CA/.rnd
new file mode 100644
index 0000000000000000000000000000000000000000..b7292db0335ef4cf2d62de2a5e033524b2ad01a1
Binary files /dev/null and b/roles/ca/files/CA/.rnd differ
diff --git a/roles/ca/files/CA/ca.crt b/roles/ca/files/CA/ca.crt
new file mode 100644
index 0000000000000000000000000000000000000000..04b1f203d036d2219c23c4ea3630115d68510eb8
--- /dev/null
+++ b/roles/ca/files/CA/ca.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNTCCAh2gAwIBAgIJAIp0kyaAW0K3MA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV
+BAMMC1NPQ1RPT0xTLUNBMB4XDTIwMTAzMDEwNDcxOFoXDTMwMTAyODEwNDcxOFow
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC1GZDFZJPR7AYkhEsB9U6qtK+40di3KOeTwRosJ7hvP1FQjwnIC37B
+UlVq15KEgRTCcXgLH0CdtzC1Rkz+AUCLyKTOGmNCqmvyMcESdpuoI1NULkv0QeYX
+Mj4Q1Lh0RldqZpEr32UfsVowBPPhijAUlVAHeJLvji/tnUvI++9no2hx03UAhjTM
+M59AviYsRT3DUkciNSllpwV+7B2pgnpRgzsbVGP2cheaaRYG9DAbRTLrAtVxO0WJ
+c/zNGSpvXuOyBK30/pwGMvhNGPeckElSpDfaepuA8ZDcfaKNk0kEBvzIlUrpZBmv
+tBc5DmpfEBlSk5UK/0XSblKE5dOqlWc1AgMBAAGjgYUwgYIwHQYDVR0OBBYEFHkG
+ykDTn5pUrtMzTfI4PrYL8z3PMEYGA1UdIwQ/MD2AFHkGykDTn5pUrtMzTfI4PrYL
+8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09MUy1DQYIJAIp0kyaAW0K3MAwGA1Ud
+EwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQA0XK1+Eg+j
+JdwKnUpnwPq+fsyrCs4TF1DgwtqY4yr1KCw0QSPMK9ldLp62lJaRnrPE7ZGOQ7sd
+z82yEM8nMulNREp3TZwuVFaWgs0yLVKkfqZ0jNGDuEf8AJAynI4ynRbtYxtYzBDy
+XgJPk9lKK/gR14IXBet/dGbZf4yHiMzldMCb0dWzyDS1S+Y1iLTRCmpmRbFow12g
+CjNoSxdyoJPZavcOVWa4tDc3PLMdkgdY20ewo3IvCQTOg9ogVX4Hq5/M4xTz8XUX
+nHeUqshdkPVGFCIujCBg9131RYSE0SkVrPUaIbP9tgzabkZWwhiq8oSpTBmIi9qh
+GPiQTFGknE1U
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/01EC4DAD3E5E47CF4E4B98495932B337.pem b/roles/ca/files/CA/certs_by_serial/01EC4DAD3E5E47CF4E4B98495932B337.pem
new file mode 100644
index 0000000000000000000000000000000000000000..ad6921cea4ea5b8001bf8a8586b1e446dc752e9d
--- /dev/null
+++ b/roles/ca/files/CA/certs_by_serial/01EC4DAD3E5E47CF4E4B98495932B337.pem
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 01:ec:4d:ad:3e:5e:47:cf:4e:4b:98:49:59:32:b3:37
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:25 2020 GMT
+ Not After : Oct 15 10:47:25 2023 GMT
+ Subject: CN=dsoclab-nifi-1
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:c3:af:ef:b7:a1:95:47:5f:55:ea:7e:e8:d6:fd:
+ d5:e3:19:68:2e:72:1f:90:62:a8:79:76:d8:d2:f6:
+ 51:df:71:80:37:5a:ec:7d:fb:6d:78:6e:37:fe:e5:
+ 1b:c8:d5:73:e4:c9:a5:cb:e8:4a:48:26:c6:e0:a6:
+ 5e:14:2c:90:b1:81:b2:69:31:e2:44:85:97:f5:60:
+ 12:88:06:9d:8d:cf:4a:a2:77:b3:d9:ff:f3:41:40:
+ 4c:21:e1:73:8d:98:82:2f:37:27:0c:24:d8:67:bd:
+ c7:05:50:40:c5:a9:d0:e4:3f:bb:0c:72:29:7c:be:
+ 06:01:96:03:b8:a0:42:c4:6f:6f:da:aa:17:34:5f:
+ 5e:f3:73:0e:77:b5:7a:9a:59:e3:3c:d1:39:50:17:
+ 2f:53:18:05:82:34:29:1b:19:56:2e:c2:db:24:79:
+ 51:0f:a8:d9:66:3c:72:1e:a0:f7:03:d6:e9:e5:c6:
+ b9:be:94:e4:84:bd:cd:93:26:eb:3b:17:bb:cd:e5:
+ 58:25:f2:28:35:a4:b1:70:df:32:54:85:f6:3c:20:
+ 9f:88:8b:5d:83:a2:c4:1e:31:d9:a1:76:1d:2e:3c:
+ f8:78:64:a4:dd:3a:b2:56:65:bf:a8:2a:a8:ed:62:
+ c9:62:2c:72:bd:9d:7e:6b:1f:80:ea:bc:33:60:47:
+ d3:0f
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 87:9A:8D:12:3A:69:8D:89:98:F6:95:D0:F2:ED:C3:DC:ED:A0:22:12
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-nifi-1, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 8d:23:38:a7:aa:d0:58:03:f2:98:19:da:62:c6:55:cb:d5:c5:
+ 05:dd:55:c5:f9:41:46:ec:75:06:be:0a:0b:7b:0f:ac:10:dd:
+ 86:bf:4f:6e:05:c1:7b:c1:1d:1c:ce:c7:f0:a9:0c:6e:79:fe:
+ c2:49:18:d5:5d:4a:ae:c8:d8:ab:ec:45:95:94:c1:8b:30:da:
+ 52:1a:42:3c:41:77:65:9e:8a:63:f5:52:c2:71:b7:e2:56:43:
+ bd:89:3a:fa:14:bd:d7:7a:b2:60:43:82:c0:df:4a:e0:a7:02:
+ fd:d7:f6:56:9a:0f:ad:f4:ee:00:06:fb:75:b9:96:63:c8:b3:
+ 75:1f:c6:9d:3b:9d:1a:29:cd:09:f0:80:31:5c:4e:97:62:91:
+ 73:84:aa:11:cc:4b:00:15:a1:92:62:2a:6b:d4:d6:4c:ed:a5:
+ 89:fe:12:c9:d1:0b:48:b8:97:26:e4:5b:ab:da:fe:2d:54:ca:
+ 55:23:8b:22:7f:a1:12:4a:21:3e:9e:bb:48:d6:82:b6:a2:cc:
+ 83:15:5d:5f:c7:52:a1:01:01:70:60:3f:64:b4:1d:85:4f:56:
+ b7:67:77:b8:ea:59:7a:85:ce:e3:4a:e1:d6:2f:e0:b2:60:44:
+ 3a:08:3a:b5:0e:fc:88:ad:e5:a1:f1:a8:79:37:c4:52:02:f0:
+ 5b:05:94:0e
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIQAexNrT5eR89OS5hJWTKzNzANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjVaFw0yMzEwMTUx
+MDQ3MjVaMBkxFzAVBgNVBAMMDmRzb2NsYWItbmlmaS0xMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAw6/vt6GVR19V6n7o1v3V4xloLnIfkGKoeXbY0vZR
+33GAN1rsfftteG43/uUbyNVz5Mmly+hKSCbG4KZeFCyQsYGyaTHiRIWX9WASiAad
+jc9Konez2f/zQUBMIeFzjZiCLzcnDCTYZ73HBVBAxanQ5D+7DHIpfL4GAZYDuKBC
+xG9v2qoXNF9e83MOd7V6mlnjPNE5UBcvUxgFgjQpGxlWLsLbJHlRD6jZZjxyHqD3
+A9bp5ca5vpTkhL3NkybrOxe7zeVYJfIoNaSxcN8yVIX2PCCfiItdg6LEHjHZoXYd
+Ljz4eGSk3TqyVmW/qCqo7WLJYixyvZ1+ax+A6rwzYEfTDwIDAQABo4HcMIHZMAkG
+A1UdEwQCMAAwHQYDVR0OBBYEFIeajRI6aY2JmPaV0PLtw9ztoCISMEYGA1UdIwQ/
+MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
+Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
+BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1uaWZpLTGCHmRzb2NsYWIu
+Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEAjSM4p6rQ
+WAPymBnaYsZVy9XFBd1VxflBRux1Br4KC3sPrBDdhr9PbgXBe8EdHM7H8KkMbnn+
+wkkY1V1KrsjYq+xFlZTBizDaUhpCPEF3ZZ6KY/VSwnG34lZDvYk6+hS913qyYEOC
+wN9K4KcC/df2VpoPrfTuAAb7dbmWY8izdR/GnTudGinNCfCAMVxOl2KRc4SqEcxL
+ABWhkmIqa9TWTO2lif4SydELSLiXJuRbq9r+LVTKVSOLIn+hEkohPp67SNaCtqLM
+gxVdX8dSoQEBcGA/ZLQdhU9Wt2d3uOpZeoXO40rh1i/gsmBEOgg6tQ78iK3lofGo
+eTfEUgLwWwWUDg==
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/1DD9AF5415359961C578D1B98BFA6E9F.pem b/roles/ca/files/CA/certs_by_serial/1DD9AF5415359961C578D1B98BFA6E9F.pem
new file mode 100644
index 0000000000000000000000000000000000000000..af57c1e1d395c9d3bdbf1f4c5c18458fdcc4e02d
--- /dev/null
+++ b/roles/ca/files/CA/certs_by_serial/1DD9AF5415359961C578D1B98BFA6E9F.pem
@@ -0,0 +1,84 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 1d:d9:af:54:15:35:99:61:c5:78:d1:b9:8b:fa:6e:9f
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:52 2020 GMT
+ Not After : Oct 15 10:47:52 2023 GMT
+ Subject: CN=Bozidar Proevski
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:9a:de:00:fd:f1:e9:b9:29:d9:58:d0:47:21:cf:
+ 4b:67:17:f7:a9:02:93:17:cf:57:5b:6f:db:26:90:
+ 30:09:0b:d9:c5:66:5e:f6:22:66:ab:48:06:aa:6c:
+ 88:b3:fd:93:45:a4:60:c9:5f:2b:6c:af:db:68:5e:
+ 27:e6:85:71:27:b7:20:52:61:df:14:1b:da:06:39:
+ b2:21:20:4b:22:48:b7:4b:76:44:02:b1:89:5f:0e:
+ 59:22:cb:b9:c9:1e:8d:a0:ac:28:5d:e5:ae:c8:ea:
+ cc:05:20:a2:60:11:12:8d:6d:88:0a:73:e8:7c:68:
+ 9c:48:2c:c9:a8:c6:9d:c3:3c:c1:e7:f4:07:f7:5b:
+ 6e:42:3d:3d:0f:85:6f:e2:b9:88:a9:d0:02:84:b8:
+ 19:6a:ae:13:a1:97:50:98:16:c8:0c:1b:bd:02:c8:
+ 5f:a3:2f:73:7e:25:f8:8c:e7:92:43:c7:6a:75:bc:
+ 85:ea:1c:47:28:ce:2c:9b:3a:8f:a8:07:e9:8c:8a:
+ 75:3e:c1:97:32:ce:e3:c5:ca:1e:0a:d7:3c:77:0a:
+ d2:ab:51:c3:e5:dc:37:90:1a:35:bf:a0:4a:aa:bd:
+ 38:ef:9e:6d:f8:81:37:7f:d3:77:23:c6:5b:63:98:
+ 64:07:2f:47:fd:7d:21:2f:57:c2:d8:44:00:c2:29:
+ 22:79
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ A3:9F:29:21:E0:E5:18:E4:CB:4C:2D:7F:84:2F:AF:F2:49:F0:83:3A
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: sha256WithRSAEncryption
+ ad:cb:66:5d:b7:29:e5:19:7b:7c:ae:23:50:58:34:db:c9:79:
+ 39:de:57:83:34:03:6d:bc:bf:e2:31:79:9d:2b:a2:7a:e0:c4:
+ c8:19:96:e0:20:f3:05:2a:a6:f4:b8:90:c4:ea:8d:5e:86:e1:
+ 13:99:59:0f:da:c8:3d:96:0d:78:04:4f:26:9c:6a:7c:8e:50:
+ 5a:30:f1:37:dc:26:99:28:35:f8:25:b9:4b:f8:d2:f0:d3:b5:
+ 61:32:c9:9c:43:39:21:43:c1:de:0d:4d:8e:e5:6f:a1:58:e5:
+ 01:84:d6:a5:de:88:2a:55:9f:ec:de:be:b1:13:61:33:dd:50:
+ 19:89:dd:11:48:5e:c2:14:8d:69:8f:a9:43:73:80:71:8f:54:
+ ba:da:74:b4:26:ec:5b:82:88:84:90:6d:f7:58:3f:78:d3:20:
+ 5b:c3:9b:82:85:b7:ef:98:12:4f:ba:e8:38:f3:8c:af:85:91:
+ 66:40:fe:a9:b2:fd:d6:76:ad:70:b7:b5:33:88:64:31:97:81:
+ d9:c6:ec:47:9b:af:3f:31:c8:de:0c:cc:88:3d:b7:6f:6f:19:
+ 24:f1:ae:ff:de:95:31:3f:38:e5:ed:a1:e1:e4:6b:54:1f:26:
+ b8:53:79:cf:fe:89:ba:bc:35:a1:bc:2f:8a:07:a2:eb:0d:90:
+ 72:ad:8a:60
+-----BEGIN CERTIFICATE-----
+MIIDUzCCAjugAwIBAgIQHdmvVBU1mWHFeNG5i/punzANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3NTJaFw0yMzEwMTUx
+MDQ3NTJaMBsxGTAXBgNVBAMMEEJvemlkYXIgUHJvZXZza2kwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQCa3gD98em5KdlY0Echz0tnF/epApMXz1dbb9sm
+kDAJC9nFZl72ImarSAaqbIiz/ZNFpGDJXytsr9toXifmhXEntyBSYd8UG9oGObIh
+IEsiSLdLdkQCsYlfDlkiy7nJHo2grChd5a7I6swFIKJgERKNbYgKc+h8aJxILMmo
+xp3DPMHn9Af3W25CPT0PhW/iuYip0AKEuBlqrhOhl1CYFsgMG70CyF+jL3N+JfiM
+55JDx2p1vIXqHEcoziybOo+oB+mMinU+wZcyzuPFyh4K1zx3CtKrUcPl3DeQGjW/
+oEqqvTjvnm34gTd/03cjxltjmGQHL0f9fSEvV8LYRADCKSJ5AgMBAAGjgZcwgZQw
+CQYDVR0TBAIwADAdBgNVHQ4EFgQUo58pIeDlGOTLTC1/hC+v8knwgzowRgYDVR0j
+BD8wPYAUeQbKQNOfmlSu0zNN8jg+tgvzPc+hGqQYMBYxFDASBgNVBAMMC1NPQ1RP
+T0xTLUNBggkAinSTJoBbQrcwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQD
+AgeAMA0GCSqGSIb3DQEBCwUAA4IBAQCty2ZdtynlGXt8riNQWDTbyXk53leDNANt
+vL/iMXmdK6J64MTIGZbgIPMFKqb0uJDE6o1ehuETmVkP2sg9lg14BE8mnGp8jlBa
+MPE33CaZKDX4JblL+NLw07VhMsmcQzkhQ8HeDU2O5W+hWOUBhNal3ogqVZ/s3r6x
+E2Ez3VAZid0RSF7CFI1pj6lDc4Bxj1S62nS0JuxbgoiEkG33WD940yBbw5uChbfv
+mBJPuug484yvhZFmQP6psv3Wdq1wt7UziGQxl4HZxuxHm68/McjeDMyIPbdvbxkk
+8a7/3pUxPzjl7aHh5GtUHya4U3nP/om6vDWhvC+KB6LrDZByrYpg
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/560A99C5A03FC4B9FC92FDC62F419BB9.pem b/roles/ca/files/CA/certs_by_serial/560A99C5A03FC4B9FC92FDC62F419BB9.pem
new file mode 100644
index 0000000000000000000000000000000000000000..a648174921d6bb3ffe09aaffedfee1e442fccce6
--- /dev/null
+++ b/roles/ca/files/CA/certs_by_serial/560A99C5A03FC4B9FC92FDC62F419BB9.pem
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 56:0a:99:c5:a0:3f:c4:b9:fc:92:fd:c6:2f:41:9b:b9
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:27 2020 GMT
+ Not After : Oct 15 10:47:27 2023 GMT
+ Subject: CN=dsoclab-odfe-2
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:c7:a5:e1:3f:e0:a3:22:69:f1:b4:15:5e:b9:3c:
+ db:d7:44:bb:d9:c7:69:94:5b:c1:7d:a3:34:4d:3e:
+ 88:0a:e2:8f:2e:d3:98:94:ae:b4:1f:49:a3:fd:4b:
+ 27:16:70:ab:03:ab:cd:4c:02:2a:7b:ed:3a:ff:49:
+ 49:2e:3b:88:f6:59:85:26:de:37:b4:47:9e:1c:be:
+ a3:38:8e:b0:22:6b:ca:c5:12:e5:be:40:9c:57:7a:
+ 4d:02:0c:db:13:c5:9d:d2:85:df:99:57:32:90:37:
+ 54:08:16:46:01:54:da:0c:77:31:63:39:46:27:88:
+ 3f:f4:ad:4e:e6:fd:0a:3e:9d:98:9a:53:98:90:be:
+ 9b:ee:e3:b2:91:c7:7f:3f:a1:b9:62:f8:7a:1e:cc:
+ b4:23:ed:82:a0:5c:ad:86:7b:50:53:c9:ec:57:04:
+ 44:1c:12:f6:33:3f:68:42:f8:b7:2f:25:91:1c:aa:
+ b0:df:17:6b:ed:6d:cc:6d:a7:d6:b7:07:6b:61:a5:
+ 16:51:9f:02:07:ad:b2:42:42:ca:0b:b1:2e:c1:6e:
+ 94:2d:3e:5e:88:48:8f:b6:8b:15:b0:48:8e:35:58:
+ ea:b5:90:9c:fb:5a:fa:f5:c7:27:b7:11:30:7a:cb:
+ 36:7c:4f:ea:52:00:47:40:e9:f0:ca:67:63:32:e0:
+ 33:73
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ E6:41:BE:4B:A2:E1:07:EF:2A:FD:16:A7:B6:68:3D:0F:81:F5:15:80
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-odfe-2, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 84:64:d0:92:f6:96:07:be:f1:52:f6:49:15:cd:d0:99:ea:ca:
+ 7f:06:a8:d2:68:e3:8e:c3:a3:a9:2d:f2:b7:4a:74:75:9f:02:
+ b4:6f:77:14:ec:89:f9:a3:b5:35:c8:f2:ad:50:df:24:05:d3:
+ 0a:a8:49:be:19:de:fc:84:a4:61:af:ff:c0:2c:f7:8b:11:87:
+ 34:10:e3:dc:9b:d2:b8:66:0a:f7:3f:05:11:37:41:09:9f:3d:
+ f3:a1:97:b7:62:64:db:5a:46:d9:5a:7a:c8:f7:79:e4:f8:61:
+ 2e:5c:e8:82:8d:fc:0e:8d:a4:4f:fd:33:f1:76:0e:8d:21:f4:
+ 00:5a:e1:a6:96:21:e0:bb:e4:e6:35:8e:b6:61:49:8a:f2:c1:
+ 25:96:cf:c0:f6:e0:0a:0b:75:b5:d5:6c:be:ad:0c:a8:4b:33:
+ 44:72:cc:ef:5f:db:09:e7:b9:6e:60:80:7d:02:e9:ab:06:81:
+ 24:d3:9d:c3:de:f9:a1:f1:f7:77:ee:6d:49:ab:13:72:c6:62:
+ 39:b2:80:32:07:20:51:a3:3e:1a:cf:b9:3a:bc:e3:a1:58:33:
+ 22:6f:68:a9:e9:33:0b:8d:24:72:ea:e3:75:68:a3:69:11:a8:
+ 2d:86:ed:f2:00:74:d6:d4:ab:fc:30:3f:68:6b:b6:d3:61:30:
+ 51:84:09:da
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIQVgqZxaA/xLn8kv3GL0GbuTANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjdaFw0yMzEwMTUx
+MDQ3MjdaMBkxFzAVBgNVBAMMDmRzb2NsYWItb2RmZS0yMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAx6XhP+CjImnxtBVeuTzb10S72cdplFvBfaM0TT6I
+CuKPLtOYlK60H0mj/UsnFnCrA6vNTAIqe+06/0lJLjuI9lmFJt43tEeeHL6jOI6w
+ImvKxRLlvkCcV3pNAgzbE8Wd0oXfmVcykDdUCBZGAVTaDHcxYzlGJ4g/9K1O5v0K
+Pp2YmlOYkL6b7uOykcd/P6G5Yvh6Hsy0I+2CoFythntQU8nsVwREHBL2Mz9oQvi3
+LyWRHKqw3xdr7W3MbafWtwdrYaUWUZ8CB62yQkLKC7EuwW6ULT5eiEiPtosVsEiO
+NVjqtZCc+1r69ccntxEwess2fE/qUgBHQOnwymdjMuAzcwIDAQABo4HcMIHZMAkG
+A1UdEwQCMAAwHQYDVR0OBBYEFOZBvkui4QfvKv0Wp7ZoPQ+B9RWAMEYGA1UdIwQ/
+MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
+Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
+BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1vZGZlLTKCHmRzb2NsYWIu
+Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEAhGTQkvaW
+B77xUvZJFc3QmerKfwao0mjjjsOjqS3yt0p0dZ8CtG93FOyJ+aO1NcjyrVDfJAXT
+CqhJvhne/ISkYa//wCz3ixGHNBDj3JvSuGYK9z8FETdBCZ8986GXt2Jk21pG2Vp6
+yPd55PhhLlzogo38Do2kT/0z8XYOjSH0AFrhppYh4Lvk5jWOtmFJivLBJZbPwPbg
+Cgt1tdVsvq0MqEszRHLM71/bCee5bmCAfQLpqwaBJNOdw975ofH3d+5tSasTcsZi
+ObKAMgcgUaM+Gs+5OrzjoVgzIm9oqekzC40kcurjdWijaRGoLYbt8gB01tSr/DA/
+aGu202EwUYQJ2g==
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/5969918F10EF8D2BAE46B26D6D629D8E.pem b/roles/ca/files/CA/certs_by_serial/5969918F10EF8D2BAE46B26D6D629D8E.pem
new file mode 100644
index 0000000000000000000000000000000000000000..796e826426e3266b0a221d1c60110c897892b308
--- /dev/null
+++ b/roles/ca/files/CA/certs_by_serial/5969918F10EF8D2BAE46B26D6D629D8E.pem
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 59:69:91:8f:10:ef:8d:2b:ae:46:b2:6d:6d:62:9d:8e
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:26 2020 GMT
+ Not After : Oct 15 10:47:26 2023 GMT
+ Subject: CN=dsoclab-nifi-3
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:a7:48:a0:d3:ab:1e:8c:49:60:8b:b8:bd:9a:aa:
+ 5c:09:62:01:79:89:c9:e5:5f:30:64:38:ca:f1:95:
+ 2d:48:20:81:ef:60:aa:6f:d1:ef:b4:ac:89:8e:e9:
+ f5:16:7d:64:07:b0:3b:75:c3:e1:e1:15:71:64:60:
+ 8f:15:8e:16:8b:de:b8:97:79:a7:83:19:77:5b:aa:
+ 36:82:37:b9:51:a7:95:b5:1f:ac:9d:81:c6:ec:fb:
+ 14:3a:84:77:1e:9c:dd:3c:06:30:a1:5e:d0:8f:b0:
+ c9:5a:13:ad:0e:56:57:bc:1d:3f:be:d7:4c:4b:37:
+ a2:88:72:4d:1a:62:88:08:a0:57:bb:20:ce:7e:af:
+ b7:72:f2:ee:86:1a:b1:28:3b:41:f4:d3:ea:14:74:
+ 90:e1:33:41:1a:92:e2:2e:ec:d3:20:60:60:61:d6:
+ fc:0e:3f:57:43:88:5f:10:29:20:51:40:46:ed:5d:
+ 9f:d1:5a:e7:4b:52:f4:d4:23:60:4a:22:a7:92:6c:
+ d4:cb:20:01:a6:b9:53:71:7a:71:02:e1:05:72:41:
+ a5:42:9f:41:47:2c:30:7e:0c:b1:73:cc:f7:63:60:
+ 27:3f:3d:36:93:14:aa:7e:12:ed:1b:f1:cb:4d:e8:
+ 7c:32:20:50:f5:2d:7d:06:0a:93:cf:7a:85:2b:0b:
+ a6:b1
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ C9:B8:02:23:C4:2E:F5:FE:C9:34:45:77:33:0D:89:CE:D9:A3:30:2A
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-nifi-3, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 32:20:b3:1c:e1:c9:a4:19:75:14:32:1b:cd:c2:83:59:49:07:
+ e3:b8:62:73:ec:4e:69:cb:9b:49:0d:f5:d0:ea:8b:b6:de:3e:
+ 76:03:c4:e8:68:0f:01:96:aa:40:b2:1e:99:06:d2:75:f5:31:
+ ec:b7:93:e6:1b:b0:ab:7e:1b:1d:65:46:6d:9f:ac:97:ed:55:
+ 53:ca:53:00:5a:ca:c5:83:48:c3:2a:51:db:e7:e7:e1:40:4a:
+ bf:b2:9d:d4:71:d4:54:84:2b:4b:d4:a2:22:73:95:e1:62:51:
+ ce:e3:e2:f6:24:dd:40:08:07:01:6f:ee:27:3e:fc:17:1d:1f:
+ 30:da:7f:37:78:7e:b8:af:d8:2c:d9:48:84:92:be:4e:8e:a7:
+ b8:e6:9f:d4:91:5d:44:c9:8b:82:9f:13:eb:d5:2c:00:fa:ef:
+ d6:49:ff:92:0d:83:22:57:45:4a:ac:b6:5e:a2:c6:c1:73:ff:
+ f5:dd:a7:d8:79:9a:a7:96:33:b4:51:17:7f:80:6e:3b:52:a8:
+ 61:53:ae:08:1f:02:5a:0c:5b:37:3c:3a:36:ee:74:e2:9e:df:
+ df:01:b5:f6:d0:b8:fa:58:79:53:fd:70:9e:54:c3:6c:68:a7:
+ 3f:b0:e4:20:a6:a8:2f:87:5a:8a:08:01:41:de:35:ed:5e:85:
+ ae:dd:e0:3e
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIQWWmRjxDvjSuuRrJtbWKdjjANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjZaFw0yMzEwMTUx
+MDQ3MjZaMBkxFzAVBgNVBAMMDmRzb2NsYWItbmlmaS0zMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAp0ig06sejElgi7i9mqpcCWIBeYnJ5V8wZDjK8ZUt
+SCCB72Cqb9HvtKyJjun1Fn1kB7A7dcPh4RVxZGCPFY4Wi964l3mngxl3W6o2gje5
+UaeVtR+snYHG7PsUOoR3HpzdPAYwoV7Qj7DJWhOtDlZXvB0/vtdMSzeiiHJNGmKI
+CKBXuyDOfq+3cvLuhhqxKDtB9NPqFHSQ4TNBGpLiLuzTIGBgYdb8Dj9XQ4hfECkg
+UUBG7V2f0VrnS1L01CNgSiKnkmzUyyABprlTcXpxAuEFckGlQp9BRywwfgyxc8z3
+Y2AnPz02kxSqfhLtG/HLTeh8MiBQ9S19BgqTz3qFKwumsQIDAQABo4HcMIHZMAkG
+A1UdEwQCMAAwHQYDVR0OBBYEFMm4AiPELvX+yTRFdzMNic7ZozAqMEYGA1UdIwQ/
+MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
+Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
+BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1uaWZpLTOCHmRzb2NsYWIu
+Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEAMiCzHOHJ
+pBl1FDIbzcKDWUkH47hic+xOacubSQ310OqLtt4+dgPE6GgPAZaqQLIemQbSdfUx
+7LeT5huwq34bHWVGbZ+sl+1VU8pTAFrKxYNIwypR2+fn4UBKv7Kd1HHUVIQrS9Si
+InOV4WJRzuPi9iTdQAgHAW/uJz78Fx0fMNp/N3h+uK/YLNlIhJK+To6nuOaf1JFd
+RMmLgp8T69UsAPrv1kn/kg2DIldFSqy2XqLGwXP/9d2n2Hmap5YztFEXf4BuO1Ko
+YVOuCB8CWgxbNzw6Nu504p7f3wG19tC4+lh5U/1wnlTDbGinP7DkIKaoL4daiggB
+Qd417V6Frt3gPg==
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/5DC4BC495FA076A813A4C23261640D92.pem b/roles/ca/files/CA/certs_by_serial/5DC4BC495FA076A813A4C23261640D92.pem
new file mode 100644
index 0000000000000000000000000000000000000000..a743bd0055110d9dbad79cdcc70e2ccfe946b100
--- /dev/null
+++ b/roles/ca/files/CA/certs_by_serial/5DC4BC495FA076A813A4C23261640D92.pem
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 5d:c4:bc:49:5f:a0:76:a8:13:a4:c2:32:61:64:0d:92
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:29 2020 GMT
+ Not After : Oct 15 10:47:29 2023 GMT
+ Subject: CN=dsoclab-cortex
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:cd:09:6b:14:33:4a:47:75:5b:d3:d9:67:3b:4d:
+ ad:1f:a7:1f:33:ab:86:b1:aa:3b:09:ab:1a:a6:fb:
+ a0:60:04:e3:68:33:0e:85:54:d1:70:61:8a:b9:d5:
+ d6:b5:6c:c2:b3:36:02:94:b7:1d:18:93:5f:88:81:
+ ff:2a:f4:99:58:6d:d7:96:e2:d2:64:77:b9:74:44:
+ 3c:f0:fb:5b:0f:43:7d:38:5d:fe:b0:db:05:7a:a9:
+ c5:10:24:75:13:c8:2d:da:69:be:e3:43:33:f0:28:
+ 30:9a:53:f8:f8:d3:10:32:35:ec:1d:87:ab:1e:2c:
+ b5:00:7c:9f:8f:61:e0:5d:56:15:8c:46:45:09:78:
+ 02:78:10:c0:af:2f:25:6c:c2:5b:ed:5f:c1:33:0b:
+ f8:c8:13:dc:df:c3:fc:05:90:ff:06:9e:cb:bc:1d:
+ 2b:c2:57:f2:bd:aa:22:b3:4b:f5:ca:b2:b8:00:18:
+ f1:14:10:b8:5e:69:9f:ed:fc:04:83:d9:2e:b7:9a:
+ 8a:45:1c:54:71:8f:61:02:6a:8a:84:2f:67:df:92:
+ 3a:0c:5f:e5:b6:e7:6c:27:69:1f:5b:06:d6:7f:e6:
+ df:ab:2f:31:a5:cd:63:32:60:c0:07:50:6c:0d:39:
+ cb:68:ae:3c:b2:da:0f:20:06:77:2c:28:ab:3a:30:
+ 92:1b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 9A:0E:E1:26:13:A7:12:5F:A4:F1:41:C0:09:FC:AD:EB:4E:66:C2:50
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-cortex, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 27:2e:a1:0c:8d:fb:b1:36:ff:4e:ac:00:91:75:81:4b:20:79:
+ 3f:da:1c:e1:80:b9:8c:6b:60:47:a5:8c:bf:1f:34:98:61:95:
+ 00:bb:79:d4:9e:c8:fb:dc:fb:6a:48:b2:69:d1:1a:04:cc:52:
+ ca:0b:48:01:3e:94:1e:68:0b:e3:4d:fa:12:c4:aa:ff:b6:5b:
+ 0c:3c:80:21:fe:50:87:8a:14:3a:7d:e7:a3:5e:b6:dc:22:ba:
+ cc:97:69:00:a8:78:08:dd:66:d1:cb:ca:28:41:b9:cc:8a:6b:
+ 7c:40:b7:5e:1d:a1:88:5a:b3:fd:18:77:e9:c4:48:fd:38:8f:
+ 06:6e:78:0e:f1:1a:1b:b2:6c:0a:df:38:11:e3:5a:3d:2a:5b:
+ de:41:63:14:ab:25:8e:a6:9f:a8:b7:32:9e:dc:23:45:f3:6b:
+ 6d:86:b7:17:b3:53:df:55:bd:cb:41:a1:b7:73:ae:21:1b:68:
+ b3:b1:0a:e5:e6:0c:2a:77:76:23:f3:87:ee:5f:0e:6d:cd:3b:
+ 94:9a:6f:f2:fd:4f:2d:72:a3:21:94:55:c0:4a:6c:2b:13:e3:
+ 82:13:a5:1f:82:6b:ae:6e:e2:ec:eb:7a:25:6a:f2:9e:45:d7:
+ 0a:7d:75:be:9d:f7:94:6f:ce:a5:27:d6:9b:dc:d2:12:54:64:
+ 09:c4:f6:a9
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIQXcS8SV+gdqgTpMIyYWQNkjANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjlaFw0yMzEwMTUx
+MDQ3MjlaMBkxFzAVBgNVBAMMDmRzb2NsYWItY29ydGV4MIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAzQlrFDNKR3Vb09lnO02tH6cfM6uGsao7Casapvug
+YATjaDMOhVTRcGGKudXWtWzCszYClLcdGJNfiIH/KvSZWG3XluLSZHe5dEQ88Ptb
+D0N9OF3+sNsFeqnFECR1E8gt2mm+40Mz8CgwmlP4+NMQMjXsHYerHiy1AHyfj2Hg
+XVYVjEZFCXgCeBDAry8lbMJb7V/BMwv4yBPc38P8BZD/Bp7LvB0rwlfyvaois0v1
+yrK4ABjxFBC4Xmmf7fwEg9kut5qKRRxUcY9hAmqKhC9n35I6DF/ltudsJ2kfWwbW
+f+bfqy8xpc1jMmDAB1BsDTnLaK48stoPIAZ3LCirOjCSGwIDAQABo4HcMIHZMAkG
+A1UdEwQCMAAwHQYDVR0OBBYEFJoO4SYTpxJfpPFBwAn8retOZsJQMEYGA1UdIwQ/
+MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
+Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
+BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1jb3J0ZXiCHmRzb2NsYWIu
+Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEAJy6hDI37
+sTb/TqwAkXWBSyB5P9oc4YC5jGtgR6WMvx80mGGVALt51J7I+9z7akiyadEaBMxS
+ygtIAT6UHmgL4036EsSq/7ZbDDyAIf5Qh4oUOn3no1623CK6zJdpAKh4CN1m0cvK
+KEG5zIprfEC3Xh2hiFqz/Rh36cRI/TiPBm54DvEaG7JsCt84EeNaPSpb3kFjFKsl
+jqafqLcyntwjRfNrbYa3F7NT31W9y0Ght3OuIRtos7EK5eYMKnd2I/OH7l8Obc07
+lJpv8v1PLXKjIZRVwEpsKxPjghOlH4Jrrm7i7Ot6JWrynkXXCn11vp33lG/OpSfW
+m9zSElRkCcT2qQ==
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/61095C2C8D35EE291C99CEABD42B3CA4.pem b/roles/ca/files/CA/certs_by_serial/61095C2C8D35EE291C99CEABD42B3CA4.pem
new file mode 100644
index 0000000000000000000000000000000000000000..0d474c2a1277de93ba6357ca841a7eac3b1cce44
--- /dev/null
+++ b/roles/ca/files/CA/certs_by_serial/61095C2C8D35EE291C99CEABD42B3CA4.pem
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 61:09:5c:2c:8d:35:ee:29:1c:99:ce:ab:d4:2b:3c:a4
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:29 2020 GMT
+ Not After : Oct 15 10:47:29 2023 GMT
+ Subject: CN=dsoclab-thehive
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:ba:c5:4d:20:a4:60:b7:61:21:ed:16:a1:6f:72:
+ c4:de:a1:00:c0:ef:fc:5d:a1:89:34:07:15:d2:b4:
+ 3a:14:b8:95:75:8e:81:71:49:46:1d:c8:81:cb:f1:
+ ec:c7:5a:12:f6:89:60:e4:c8:98:1a:61:c8:2d:12:
+ 8f:73:ee:f8:9d:88:b5:7f:30:70:97:29:b4:ab:43:
+ 2d:dc:db:a7:10:47:c7:b5:26:9b:11:85:fb:d3:27:
+ 8f:3a:55:bc:ea:78:17:b8:89:10:a3:a4:10:60:39:
+ c3:7f:42:25:a9:fe:84:7f:38:5e:f4:3d:c3:98:3d:
+ 56:b9:ba:81:06:55:8d:65:12:f0:4e:23:88:1d:98:
+ 0c:2f:6e:4f:67:fd:4e:67:39:91:b9:01:52:12:aa:
+ 9e:bb:7a:c8:ea:8f:4a:2d:18:f8:69:9a:3a:a0:c8:
+ 6e:e3:de:c6:db:be:4c:59:e0:cf:bc:34:4f:2c:b0:
+ ef:3e:82:5a:df:68:be:b8:fb:cc:5f:6a:f2:3e:66:
+ d4:c6:c5:f6:0b:67:e9:64:85:15:87:60:6f:dc:b4:
+ 5b:13:6f:b0:9b:f8:f3:da:c1:91:9e:81:5f:16:ca:
+ 9e:14:01:c1:1c:ce:2a:d3:c8:3c:0f:be:b1:37:aa:
+ c9:08:68:2b:de:f9:44:6c:1e:90:a4:12:bc:f5:3c:
+ 46:bd
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 5B:08:8E:F2:1B:8F:12:03:BA:31:02:9C:CE:CC:BC:9F:FC:19:D1:E1
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-thehive, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 7f:b2:fa:33:d6:e3:6c:57:8a:4a:9a:ef:8b:81:2b:df:f3:d6:
+ fb:8c:bc:02:cf:71:54:a0:f2:0d:ae:3b:30:cf:5c:69:d7:d0:
+ aa:cc:16:80:4d:9d:c8:1f:a7:98:9d:26:dc:ae:8e:24:2b:bc:
+ c1:11:a6:8d:4f:ca:13:1f:7f:8f:4c:ef:dd:46:df:d6:97:0a:
+ 88:51:4e:f7:46:aa:3d:e3:70:e9:19:e8:9f:7e:22:fa:b6:38:
+ 30:00:0a:94:38:09:bf:b8:64:6c:c1:b7:05:6d:4f:f3:27:0c:
+ df:04:ef:a1:4e:e8:2d:4c:06:d0:c0:4f:4f:da:d0:6d:b8:f2:
+ b3:79:18:63:bd:62:83:53:55:38:94:d9:64:ca:e7:4d:71:ce:
+ d1:05:6d:b1:6c:fb:1a:4c:b6:ef:70:2b:3d:9b:1d:66:d8:d9:
+ 9f:f0:e5:48:29:50:e8:1b:1a:fb:b4:d2:5e:38:ec:05:45:c2:
+ e7:de:9a:9d:aa:34:67:c5:66:18:e3:86:8b:0c:1a:c4:21:20:
+ 7e:b7:ad:e2:0b:d0:0d:d4:76:e6:53:ca:77:bc:ce:d0:9b:7b:
+ 7c:fd:42:94:da:63:d8:a7:52:d2:45:f2:d5:55:ef:37:f1:a5:
+ 0e:ba:29:c9:b4:ce:99:45:04:21:2b:86:27:bb:c1:f2:86:9a:
+ 7c:51:5c:3b
+-----BEGIN CERTIFICATE-----
+MIIDmDCCAoCgAwIBAgIQYQlcLI017ikcmc6r1Cs8pDANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjlaFw0yMzEwMTUx
+MDQ3MjlaMBoxGDAWBgNVBAMMD2Rzb2NsYWItdGhlaGl2ZTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALrFTSCkYLdhIe0WoW9yxN6hAMDv/F2hiTQHFdK0
+OhS4lXWOgXFJRh3Igcvx7MdaEvaJYOTImBphyC0Sj3Pu+J2ItX8wcJcptKtDLdzb
+pxBHx7UmmxGF+9MnjzpVvOp4F7iJEKOkEGA5w39CJan+hH84XvQ9w5g9Vrm6gQZV
+jWUS8E4jiB2YDC9uT2f9Tmc5kbkBUhKqnrt6yOqPSi0Y+GmaOqDIbuPextu+TFng
+z7w0Tyyw7z6CWt9ovrj7zF9q8j5m1MbF9gtn6WSFFYdgb9y0WxNvsJv489rBkZ6B
+XxbKnhQBwRzOKtPIPA++sTeqyQhoK975RGwekKQSvPU8Rr0CAwEAAaOB3TCB2jAJ
+BgNVHRMEAjAAMB0GA1UdDgQWBBRbCI7yG48SA7oxApzOzLyf/BnR4TBGBgNVHSME
+PzA9gBR5BspA05+aVK7TM03yOD62C/M9z6EapBgwFjEUMBIGA1UEAwwLU09DVE9P
+TFMtQ0GCCQCKdJMmgFtCtzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
+CwYDVR0PBAQDAgWgMDoGA1UdEQQzMDGCD2Rzb2NsYWItdGhlaGl2ZYIeZHNvY2xh
+Yi5nbjQtMy13cDgtc29jLnN1bmV0LnNlMA0GCSqGSIb3DQEBCwUAA4IBAQB/svoz
+1uNsV4pKmu+LgSvf89b7jLwCz3FUoPINrjswz1xp19CqzBaATZ3IH6eYnSbcro4k
+K7zBEaaNT8oTH3+PTO/dRt/WlwqIUU73Rqo943DpGeiffiL6tjgwAAqUOAm/uGRs
+wbcFbU/zJwzfBO+hTugtTAbQwE9P2tBtuPKzeRhjvWKDU1U4lNlkyudNcc7RBW2x
+bPsaTLbvcCs9mx1m2Nmf8OVIKVDoGxr7tNJeOOwFRcLn3pqdqjRnxWYY44aLDBrE
+ISB+t63iC9AN1HbmU8p3vM7Qm3t8/UKU2mPYp1LSRfLVVe838aUOuinJtM6ZRQQh
+K4Ynu8Hyhpp8UVw7
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/7587FCE4CF3EC68117199076B12CD5D2.pem b/roles/ca/files/CA/certs_by_serial/7587FCE4CF3EC68117199076B12CD5D2.pem
new file mode 100644
index 0000000000000000000000000000000000000000..f83010441e252486cc934677a1e0a0de1ebe2328
--- /dev/null
+++ b/roles/ca/files/CA/certs_by_serial/7587FCE4CF3EC68117199076B12CD5D2.pem
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 75:87:fc:e4:cf:3e:c6:81:17:19:90:76:b1:2c:d5:d2
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:28 2020 GMT
+ Not After : Oct 15 10:47:28 2023 GMT
+ Subject: CN=dsoclab-misp
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:cf:b1:1b:e7:a2:ae:70:81:71:a5:57:46:14:2e:
+ 47:64:89:4e:bd:7d:f0:82:2d:03:19:d6:87:44:b3:
+ 42:bf:72:78:03:cc:91:98:5b:36:42:14:55:e2:82:
+ 16:12:58:60:54:44:8f:15:f6:1b:1f:76:36:22:2e:
+ e8:ac:d3:3c:0a:df:46:c7:f1:04:bc:3a:bf:fe:4b:
+ 8f:2a:53:83:e3:50:82:06:09:fc:2a:fa:fe:94:a0:
+ 7b:7f:c2:3e:0b:3e:dc:72:b8:94:10:0a:0b:90:fd:
+ 45:76:29:85:52:bf:0f:20:43:78:fe:3b:d3:49:20:
+ 8f:9a:a5:0c:89:bb:0e:97:f2:67:b0:2d:f0:17:53:
+ 25:a6:9b:4b:64:0e:72:8a:bf:c9:e3:8e:41:bb:ed:
+ f3:33:6a:55:5f:8d:52:84:fa:a3:67:1a:7b:71:fb:
+ 90:f1:5f:61:df:44:ea:0b:77:88:f2:e5:c1:83:71:
+ 58:c7:58:8a:9b:39:45:59:4e:e0:db:16:b6:96:72:
+ 90:8c:ee:c2:13:75:ea:15:c6:6b:e2:dc:3a:de:c8:
+ 07:de:18:84:2d:96:b6:c4:4c:e1:4a:4d:13:6f:6c:
+ 9a:1d:e5:f9:6f:cc:7e:1b:4a:3a:75:1a:b9:37:b0:
+ 6d:a0:1b:69:35:f1:b6:e6:c2:a5:d3:56:d3:57:c7:
+ 0e:8b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 65:C5:56:88:65:AF:77:F1:53:B2:71:5E:16:10:D1:0B:30:FF:28:BE
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-misp, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 5a:57:76:90:fd:a5:0d:ea:b0:22:c9:02:2e:18:91:81:04:d1:
+ f4:64:58:58:19:27:03:9b:5a:dc:de:6c:0e:fb:b7:76:eb:b1:
+ 97:36:e2:c7:76:ef:7d:d8:00:c3:20:c0:3d:a7:cf:61:f8:16:
+ 4c:96:4c:7c:c8:89:21:d6:d4:eb:3a:c1:3d:98:34:74:6e:39:
+ 81:20:6f:9b:4b:8d:b9:35:60:c5:76:19:30:30:06:0f:89:b1:
+ 1a:f6:c4:88:52:28:98:41:52:f1:9a:77:82:79:ae:c9:71:ba:
+ d9:e5:e9:b7:ba:08:32:59:eb:5e:7d:11:e0:a8:27:20:91:46:
+ 05:56:1e:e6:0b:4d:49:17:52:7f:4b:c4:a3:e0:cd:30:bd:4e:
+ 6a:70:2a:f5:77:4d:d1:d6:64:13:8d:4b:1a:d3:0b:0f:8a:49:
+ 1e:bf:b4:c0:4f:43:dc:92:e3:c0:f2:2f:4a:c8:30:45:fc:5a:
+ d2:de:92:b2:a1:48:b8:da:ff:f4:0b:04:5d:5d:a7:30:d8:4b:
+ ca:cf:0c:01:6a:50:45:5f:d4:a8:cf:dd:fa:f7:68:0c:4c:45:
+ 47:be:3a:c2:39:bb:04:ff:62:a0:bc:91:a0:f2:2b:67:09:89:
+ 5a:ff:e6:53:c1:89:18:12:a1:0f:5a:d7:e1:12:8b:88:88:89:
+ ca:b0:30:27
+-----BEGIN CERTIFICATE-----
+MIIDkjCCAnqgAwIBAgIQdYf85M8+xoEXGZB2sSzV0jANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjhaFw0yMzEwMTUx
+MDQ3MjhaMBcxFTATBgNVBAMMDGRzb2NsYWItbWlzcDCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAM+xG+eirnCBcaVXRhQuR2SJTr198IItAxnWh0SzQr9y
+eAPMkZhbNkIUVeKCFhJYYFREjxX2Gx92NiIu6KzTPArfRsfxBLw6v/5LjypTg+NQ
+ggYJ/Cr6/pSge3/CPgs+3HK4lBAKC5D9RXYphVK/DyBDeP4700kgj5qlDIm7Dpfy
+Z7At8BdTJaabS2QOcoq/yeOOQbvt8zNqVV+NUoT6o2cae3H7kPFfYd9E6gt3iPLl
+wYNxWMdYips5RVlO4NsWtpZykIzuwhN16hXGa+LcOt7IB94YhC2WtsRM4UpNE29s
+mh3l+W/MfhtKOnUauTewbaAbaTXxtubCpdNW01fHDosCAwEAAaOB2jCB1zAJBgNV
+HRMEAjAAMB0GA1UdDgQWBBRlxVaIZa938VOycV4WENELMP8ovjBGBgNVHSMEPzA9
+gBR5BspA05+aVK7TM03yOD62C/M9z6EapBgwFjEUMBIGA1UEAwwLU09DVE9PTFMt
+Q0GCCQCKdJMmgFtCtzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYD
+VR0PBAQDAgWgMDcGA1UdEQQwMC6CDGRzb2NsYWItbWlzcIIeZHNvY2xhYi5nbjQt
+My13cDgtc29jLnN1bmV0LnNlMA0GCSqGSIb3DQEBCwUAA4IBAQBaV3aQ/aUN6rAi
+yQIuGJGBBNH0ZFhYGScDm1rc3mwO+7d267GXNuLHdu992ADDIMA9p89h+BZMlkx8
+yIkh1tTrOsE9mDR0bjmBIG+bS425NWDFdhkwMAYPibEa9sSIUiiYQVLxmneCea7J
+cbrZ5em3uggyWetefRHgqCcgkUYFVh7mC01JF1J/S8Sj4M0wvU5qcCr1d03R1mQT
+jUsa0wsPikkev7TAT0PckuPA8i9KyDBF/FrS3pKyoUi42v/0CwRdXacw2EvKzwwB
+alBFX9Soz93692gMTEVHvjrCObsE/2KgvJGg8itnCYla/+ZTwYkYEqEPWtfhEouI
+iInKsDAn
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/7DFC33457573E8F16094A74E6B2F23F1.pem b/roles/ca/files/CA/certs_by_serial/7DFC33457573E8F16094A74E6B2F23F1.pem
new file mode 100644
index 0000000000000000000000000000000000000000..f47839f66eda87805afce110cf5d0c2e136e8abe
--- /dev/null
+++ b/roles/ca/files/CA/certs_by_serial/7DFC33457573E8F16094A74E6B2F23F1.pem
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 7d:fc:33:45:75:73:e8:f1:60:94:a7:4e:6b:2f:23:f1
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:27 2020 GMT
+ Not After : Oct 15 10:47:27 2023 GMT
+ Subject: CN=dsoclab-kibana
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:ce:4f:c9:0f:84:4d:4e:7b:dc:11:90:c9:49:a8:
+ f3:60:44:a8:25:1b:59:83:64:0b:d1:e0:bc:59:50:
+ 22:a5:f5:88:7a:c8:40:65:e4:22:3d:77:d2:8f:9e:
+ 30:17:80:5e:20:85:bc:70:67:61:cb:d8:e2:9f:9a:
+ 7c:7b:a6:e8:4e:79:7b:cd:86:6e:26:52:37:45:b6:
+ ab:b7:6f:40:8f:7a:55:8b:d1:91:cc:21:6f:55:37:
+ 50:3b:72:1f:2d:3b:bf:75:47:91:88:6a:1c:ea:39:
+ dd:8b:25:31:55:0e:bc:52:6f:bf:0b:96:ef:e3:12:
+ 5c:da:63:22:54:e5:b3:95:8b:02:9e:57:3e:7b:4f:
+ a0:f5:6f:07:a8:5b:45:7c:cb:34:83:77:34:a5:b1:
+ ff:05:12:88:8f:cc:c4:05:5d:e9:e7:7d:2b:12:fa:
+ bb:4d:25:f4:f7:04:e7:95:06:95:ea:a9:c4:75:4e:
+ f7:03:67:2d:9c:9a:f4:01:f6:2a:8d:6c:6d:d0:59:
+ a9:ce:1f:12:b1:76:39:c8:07:d4:20:73:1e:f3:9c:
+ b9:67:83:3b:a8:7c:6e:fb:86:ea:3f:6a:8e:98:4c:
+ 39:a9:d1:4d:be:9f:0a:43:49:1b:fd:09:67:b6:62:
+ 71:fd:87:9a:63:25:00:aa:c7:a1:4d:23:12:e3:56:
+ 0f:6f
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 50:F3:7D:4F:B2:8C:A5:09:FD:64:CB:C1:97:F1:F8:49:C8:6B:30:4D
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-kibana, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ ae:be:82:6f:6d:e6:c4:cb:c3:2a:d9:d6:ee:11:52:a6:de:89:
+ 9e:31:a3:e2:86:07:e9:d1:fe:95:c9:a2:38:90:df:05:ff:e5:
+ 99:27:e8:d8:55:00:8a:85:b3:15:a5:e5:5b:ce:4e:4f:01:3b:
+ 74:a4:b2:09:fc:6e:95:92:94:2f:76:0d:c7:97:1b:78:c1:08:
+ 1e:3a:0e:fa:a6:ab:db:1e:22:26:86:39:f4:bb:89:a1:a1:d1:
+ 55:f6:c3:ff:9b:a5:eb:1b:6a:84:8a:1d:3c:5f:7c:03:0d:08:
+ 42:6f:d7:14:86:61:38:66:65:f7:c2:86:68:db:81:e9:41:0f:
+ 82:cf:bb:be:fd:d7:94:48:cc:f8:cf:4a:40:ce:33:c4:75:51:
+ 00:7e:c7:93:f6:3b:92:c1:5e:8a:ce:5f:2c:c2:f4:fe:ec:77:
+ 9e:ea:30:d9:53:ee:f9:b9:fd:50:f5:6b:92:1c:57:d2:e0:f3:
+ 05:d8:79:a9:63:16:13:09:cf:5f:39:dc:ec:43:e4:65:45:43:
+ 65:e4:7c:39:a3:a2:81:47:ab:8f:57:a9:89:9d:56:4b:77:b1:
+ 04:c8:9c:54:d2:5c:28:f5:d3:66:ae:9a:9c:a5:91:c7:eb:20:
+ 69:fb:58:99:c7:5e:be:ec:4a:7a:62:09:fe:3b:30:f2:4a:d7:
+ 1d:f9:0b:c3
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIQffwzRXVz6PFglKdOay8j8TANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjdaFw0yMzEwMTUx
+MDQ3MjdaMBkxFzAVBgNVBAMMDmRzb2NsYWIta2liYW5hMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAzk/JD4RNTnvcEZDJSajzYESoJRtZg2QL0eC8WVAi
+pfWIeshAZeQiPXfSj54wF4BeIIW8cGdhy9jin5p8e6boTnl7zYZuJlI3Rbart29A
+j3pVi9GRzCFvVTdQO3IfLTu/dUeRiGoc6jndiyUxVQ68Um+/C5bv4xJc2mMiVOWz
+lYsCnlc+e0+g9W8HqFtFfMs0g3c0pbH/BRKIj8zEBV3p530rEvq7TSX09wTnlQaV
+6qnEdU73A2ctnJr0AfYqjWxt0Fmpzh8SsXY5yAfUIHMe85y5Z4M7qHxu+4bqP2qO
+mEw5qdFNvp8KQ0kb/QlntmJx/YeaYyUAqsehTSMS41YPbwIDAQABo4HcMIHZMAkG
+A1UdEwQCMAAwHQYDVR0OBBYEFFDzfU+yjKUJ/WTLwZfx+EnIazBNMEYGA1UdIwQ/
+MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
+Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
+BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1raWJhbmGCHmRzb2NsYWIu
+Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEArr6Cb23m
+xMvDKtnW7hFSpt6JnjGj4oYH6dH+lcmiOJDfBf/lmSfo2FUAioWzFaXlW85OTwE7
+dKSyCfxulZKUL3YNx5cbeMEIHjoO+qar2x4iJoY59LuJoaHRVfbD/5ul6xtqhIod
+PF98Aw0IQm/XFIZhOGZl98KGaNuB6UEPgs+7vv3XlEjM+M9KQM4zxHVRAH7Hk/Y7
+ksFeis5fLML0/ux3nuow2VPu+bn9UPVrkhxX0uDzBdh5qWMWEwnPXznc7EPkZUVD
+ZeR8OaOigUerj1epiZ1WS3exBMicVNJcKPXTZq6anKWRx+sgaftYmcdevuxKemIJ
+/jsw8krXHfkLww==
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/8B69055F8586CEDD21660B2493412660.pem b/roles/ca/files/CA/certs_by_serial/8B69055F8586CEDD21660B2493412660.pem
new file mode 100644
index 0000000000000000000000000000000000000000..56a67ac49f381e3f9c9db191d4b79dbbdeb58fc2
--- /dev/null
+++ b/roles/ca/files/CA/certs_by_serial/8B69055F8586CEDD21660B2493412660.pem
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 8b:69:05:5f:85:86:ce:dd:21:66:0b:24:93:41:26:60
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:25 2020 GMT
+ Not After : Oct 15 10:47:25 2023 GMT
+ Subject: CN=dsoclab-nifi-2
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:ac:b7:4b:e2:d5:87:7f:8e:15:9b:cf:c0:17:eb:
+ db:8c:e3:1b:83:c0:69:b9:06:91:a0:9b:c6:35:dc:
+ 2f:e8:8c:72:28:50:02:82:c5:b1:eb:da:d9:e3:9d:
+ 95:d2:d9:dd:e1:08:35:6d:83:73:95:98:ba:19:fd:
+ 3e:04:67:9a:09:37:45:79:d3:1d:0b:ec:0a:43:cb:
+ b8:24:cc:68:5c:ce:2e:ae:db:48:d8:6e:5a:f3:31:
+ be:87:28:86:76:8e:8f:8d:68:95:1f:72:6c:65:4a:
+ fc:9e:b8:7d:e2:83:e2:3d:b0:30:5d:c1:73:06:ae:
+ 9b:f7:9a:54:b8:02:6b:82:90:11:08:3f:d6:5f:59:
+ 5c:df:aa:25:59:c0:67:7a:fc:e1:f0:c9:4a:8b:e0:
+ 31:b6:53:13:c2:bf:8c:4f:3a:e6:ed:11:30:a6:41:
+ 26:ad:56:8f:03:0b:ad:87:6c:b2:73:c4:2e:41:3e:
+ 99:1a:b6:29:6d:e0:dc:af:8f:45:6e:d5:69:17:0d:
+ f1:58:a6:7e:8c:80:32:72:24:21:d2:e9:b4:44:23:
+ f6:10:8f:9f:64:7f:ef:e6:ab:f1:43:94:d0:8a:97:
+ 0e:e4:91:bd:86:b9:1f:42:f4:96:39:85:05:26:ed:
+ 90:01:91:11:a3:1f:04:5b:46:ff:1b:a9:74:77:db:
+ 18:03
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 1F:5E:EF:0E:58:69:FD:21:93:48:19:98:81:48:13:2E:FC:31:61:0C
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-nifi-2, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 21:2d:9b:f7:0c:74:cd:d4:30:b1:42:5b:32:98:d8:ef:9f:a9:
+ 9b:1b:f0:54:67:c3:20:5b:f1:87:4d:ff:e4:a5:db:af:eb:34:
+ 8a:b3:fa:d6:14:4a:3c:31:11:8f:09:b0:af:25:39:5a:5e:89:
+ 32:cf:c7:48:68:f3:14:72:a0:35:15:ec:76:c7:bb:a7:5b:0c:
+ d5:7e:5b:8c:d8:40:a2:5e:fa:f8:f2:cf:dd:56:65:7e:94:ef:
+ b4:99:25:ba:9f:78:94:7d:54:0c:83:b9:cf:b8:b4:9d:78:6d:
+ 62:e3:6c:98:1f:40:b9:35:3c:51:b5:9f:82:7b:1e:77:db:25:
+ f2:71:df:3d:e9:56:93:86:fe:61:48:4f:db:76:5b:5f:b1:96:
+ f9:46:72:5e:01:80:87:b5:be:b4:00:3b:37:7f:5e:44:d4:7e:
+ c5:87:ed:40:6b:9e:f4:ca:1b:b0:4b:84:97:1f:07:0f:7c:8b:
+ d2:7b:b1:3d:a7:f8:ae:39:07:34:50:41:70:1f:07:ba:a6:a2:
+ 0d:ca:e5:7b:d4:77:2c:95:4d:16:0c:34:e0:a5:59:7f:43:c7:
+ a0:dd:a0:f0:ed:75:5a:0f:61:76:52:34:ef:7c:a7:21:e4:de:
+ 3a:24:cd:39:b6:77:3a:c8:f3:1f:09:2b:80:9a:f0:5d:7f:5e:
+ 73:9d:73:eb
+-----BEGIN CERTIFICATE-----
+MIIDlzCCAn+gAwIBAgIRAItpBV+Fhs7dIWYLJJNBJmAwDQYJKoZIhvcNAQELBQAw
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzI1WhcNMjMxMDE1
+MTA0NzI1WjAZMRcwFQYDVQQDDA5kc29jbGFiLW5pZmktMjCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAKy3S+LVh3+OFZvPwBfr24zjG4PAabkGkaCbxjXc
+L+iMcihQAoLFseva2eOdldLZ3eEINW2Dc5WYuhn9PgRnmgk3RXnTHQvsCkPLuCTM
+aFzOLq7bSNhuWvMxvocohnaOj41olR9ybGVK/J64feKD4j2wMF3Bcwaum/eaVLgC
+a4KQEQg/1l9ZXN+qJVnAZ3r84fDJSovgMbZTE8K/jE865u0RMKZBJq1WjwMLrYds
+snPELkE+mRq2KW3g3K+PRW7VaRcN8VimfoyAMnIkIdLptEQj9hCPn2R/7+ar8UOU
+0IqXDuSRvYa5H0L0ljmFBSbtkAGREaMfBFtG/xupdHfbGAMCAwEAAaOB3DCB2TAJ
+BgNVHRMEAjAAMB0GA1UdDgQWBBQfXu8OWGn9IZNIGZiBSBMu/DFhDDBGBgNVHSME
+PzA9gBR5BspA05+aVK7TM03yOD62C/M9z6EapBgwFjEUMBIGA1UEAwwLU09DVE9P
+TFMtQ0GCCQCKdJMmgFtCtzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
+CwYDVR0PBAQDAgWgMDkGA1UdEQQyMDCCDmRzb2NsYWItbmlmaS0ygh5kc29jbGFi
+LmduNC0zLXdwOC1zb2Muc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggEBACEtm/cM
+dM3UMLFCWzKY2O+fqZsb8FRnwyBb8YdN/+Sl26/rNIqz+tYUSjwxEY8JsK8lOVpe
+iTLPx0ho8xRyoDUV7HbHu6dbDNV+W4zYQKJe+vjyz91WZX6U77SZJbqfeJR9VAyD
+uc+4tJ14bWLjbJgfQLk1PFG1n4J7HnfbJfJx3z3pVpOG/mFIT9t2W1+xlvlGcl4B
+gIe1vrQAOzd/XkTUfsWH7UBrnvTKG7BLhJcfBw98i9J7sT2n+K45BzRQQXAfB7qm
+og3K5XvUdyyVTRYMNOClWX9Dx6DdoPDtdVoPYXZSNO98pyHk3jokzTm2dzrI8x8J
+K4Ca8F1/XnOdc+s=
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/97D2D0CF2300C0A966D103CA89A99212.pem b/roles/ca/files/CA/certs_by_serial/97D2D0CF2300C0A966D103CA89A99212.pem
new file mode 100644
index 0000000000000000000000000000000000000000..71baad05685f6d498afb76ee0ce3c737cb475275
--- /dev/null
+++ b/roles/ca/files/CA/certs_by_serial/97D2D0CF2300C0A966D103CA89A99212.pem
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 97:d2:d0:cf:23:00:c0:a9:66:d1:03:ca:89:a9:92:12
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:26 2020 GMT
+ Not After : Oct 15 10:47:26 2023 GMT
+ Subject: CN=dsoclab-odfe-1
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:e5:46:f6:71:ce:a2:3f:61:5e:9b:f3:c6:61:88:
+ 87:99:0a:ac:b8:e8:9d:3c:5f:8c:60:2b:41:5b:36:
+ fb:39:0a:6f:a1:16:02:31:ac:0d:bd:0e:ff:95:59:
+ d8:f1:21:6b:bd:96:d6:7b:79:01:d1:65:1c:ca:09:
+ 22:50:30:01:ea:ed:b4:29:bf:b4:70:25:db:b3:1d:
+ e9:73:ed:63:93:02:4c:90:22:04:6d:31:74:31:ae:
+ 85:3c:12:8d:b3:f6:92:2f:de:75:75:8f:ca:a5:f2:
+ a2:12:94:fb:e8:73:30:37:f1:7c:b5:4e:59:ab:71:
+ 73:26:80:9a:46:8d:49:94:b0:09:e5:27:10:34:9d:
+ c0:53:3b:fa:77:2e:06:c0:73:8e:0f:9a:1e:8c:27:
+ 32:0c:eb:f2:d2:0c:a7:52:48:c6:ee:12:21:15:e3:
+ 45:30:89:81:63:7f:bf:0a:5b:d1:05:c8:1c:fc:5f:
+ bb:b8:82:2a:92:3b:3a:ae:19:9d:e9:a7:62:7c:0a:
+ f2:c2:2a:e6:a8:d4:9b:0a:a8:a2:5a:ec:e5:a3:1a:
+ 73:e0:83:3d:d2:e8:74:a9:0b:b0:e4:b0:fd:fe:ad:
+ 1e:57:e8:0d:20:7c:aa:1f:31:69:b5:0d:8c:3f:1c:
+ 8d:dc:d3:71:5b:f1:04:6a:ae:b9:2d:a8:be:28:11:
+ f5:4b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ DB:92:49:8B:D9:27:41:85:16:AE:C9:CA:F6:8D:11:53:8B:EE:B0:5E
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-odfe-1, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 0f:83:fb:ba:2a:0d:aa:14:3f:3f:0b:00:be:f9:37:f4:7f:29:
+ 1e:21:4e:18:07:e0:ae:e1:84:f7:cf:a1:21:a5:36:ba:77:6c:
+ 0c:00:11:d5:7d:d8:31:b3:f5:cc:fd:6b:27:8f:99:5f:99:4c:
+ 57:88:d0:1a:e7:66:6b:8a:fd:d1:01:e3:88:37:91:8c:7b:e9:
+ e2:22:dd:80:62:64:9e:22:e7:25:b5:b9:89:45:e4:24:f5:19:
+ c0:5d:10:50:57:80:66:23:0c:b1:8e:bd:b3:f1:fa:95:7e:6f:
+ 04:d1:da:c2:e8:a1:b2:55:55:66:3a:bc:5b:71:50:8c:a8:56:
+ 86:f4:a9:9c:c7:4b:d6:91:73:8e:a9:93:ef:e0:85:5e:5c:53:
+ ae:b3:a7:a4:31:80:f3:b3:e4:03:ad:da:96:f0:14:7b:25:e4:
+ ff:68:9b:8f:28:cd:fc:94:05:5f:38:80:84:d6:f5:d4:b7:bd:
+ 43:79:bd:fb:f2:ce:30:73:01:e8:ee:ad:45:4a:ea:88:3f:d1:
+ a2:ef:22:f5:49:cc:d4:27:22:3c:bc:1f:50:81:58:5a:65:9d:
+ d6:14:3b:3f:b2:8f:90:35:2b:e7:1a:9b:58:db:96:06:9b:cf:
+ 44:0b:f5:9f:aa:57:28:3c:ab:70:fa:bc:93:90:d9:94:d7:fe:
+ 6f:fe:39:2a
+-----BEGIN CERTIFICATE-----
+MIIDlzCCAn+gAwIBAgIRAJfS0M8jAMCpZtEDyompkhIwDQYJKoZIhvcNAQELBQAw
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzI2WhcNMjMxMDE1
+MTA0NzI2WjAZMRcwFQYDVQQDDA5kc29jbGFiLW9kZmUtMTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAOVG9nHOoj9hXpvzxmGIh5kKrLjonTxfjGArQVs2
++zkKb6EWAjGsDb0O/5VZ2PEha72W1nt5AdFlHMoJIlAwAerttCm/tHAl27Md6XPt
+Y5MCTJAiBG0xdDGuhTwSjbP2ki/edXWPyqXyohKU++hzMDfxfLVOWatxcyaAmkaN
+SZSwCeUnEDSdwFM7+ncuBsBzjg+aHownMgzr8tIMp1JIxu4SIRXjRTCJgWN/vwpb
+0QXIHPxfu7iCKpI7Oq4ZnemnYnwK8sIq5qjUmwqoolrs5aMac+CDPdLodKkLsOSw
+/f6tHlfoDSB8qh8xabUNjD8cjdzTcVvxBGquuS2ovigR9UsCAwEAAaOB3DCB2TAJ
+BgNVHRMEAjAAMB0GA1UdDgQWBBTbkkmL2SdBhRauycr2jRFTi+6wXjBGBgNVHSME
+PzA9gBR5BspA05+aVK7TM03yOD62C/M9z6EapBgwFjEUMBIGA1UEAwwLU09DVE9P
+TFMtQ0GCCQCKdJMmgFtCtzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
+CwYDVR0PBAQDAgWgMDkGA1UdEQQyMDCCDmRzb2NsYWItb2RmZS0xgh5kc29jbGFi
+LmduNC0zLXdwOC1zb2Muc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggEBAA+D+7oq
+DaoUPz8LAL75N/R/KR4hThgH4K7hhPfPoSGlNrp3bAwAEdV92DGz9cz9ayePmV+Z
+TFeI0BrnZmuK/dEB44g3kYx76eIi3YBiZJ4i5yW1uYlF5CT1GcBdEFBXgGYjDLGO
+vbPx+pV+bwTR2sLoobJVVWY6vFtxUIyoVob0qZzHS9aRc46pk+/ghV5cU66zp6Qx
+gPOz5AOt2pbwFHsl5P9om48ozfyUBV84gITW9dS3vUN5vfvyzjBzAejurUVK6og/
+0aLvIvVJzNQnIjy8H1CBWFplndYUOz+yj5A1K+cam1jblgabz0QL9Z+qVyg8q3D6
+vJOQ2ZTX/m/+OSo=
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/A7217943DDD1145BC6F68CBA362CB35B.pem b/roles/ca/files/CA/certs_by_serial/A7217943DDD1145BC6F68CBA362CB35B.pem
new file mode 100644
index 0000000000000000000000000000000000000000..4baf981ca39d7c8e6270b7823a40dd9e1661d9c3
--- /dev/null
+++ b/roles/ca/files/CA/certs_by_serial/A7217943DDD1145BC6F68CBA362CB35B.pem
@@ -0,0 +1,84 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ a7:21:79:43:dd:d1:14:5b:c6:f6:8c:ba:36:2c:b3:5b
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:52 2020 GMT
+ Not After : Oct 15 10:47:52 2023 GMT
+ Subject: CN=Arne Oslebo
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:ce:4c:02:19:21:6e:1c:f2:ed:93:d8:fd:bc:1a:
+ a4:c2:11:3b:e1:55:73:e5:26:92:d3:d9:e8:a6:dd:
+ 7d:a2:1d:be:6a:7c:64:06:39:60:33:38:7d:6a:ca:
+ 89:9d:e5:11:58:21:69:f3:3a:88:5e:ea:e5:2e:e1:
+ 9d:bb:00:1f:59:19:69:4f:6b:32:3d:2f:1a:da:95:
+ 3d:99:95:53:9f:b2:ea:db:13:48:63:2d:4a:dc:0c:
+ 4b:a6:1c:4c:62:e2:d0:11:25:67:cb:80:52:02:e8:
+ f8:3b:3c:eb:cb:f4:71:03:5a:be:d9:a0:49:fe:d1:
+ 72:fe:4f:be:e1:ac:a1:ed:a5:15:06:f4:4e:c9:06:
+ ab:9b:92:c2:3e:b9:58:0c:f4:15:0e:04:c0:91:1b:
+ 85:73:9d:b6:97:a1:6c:70:0a:1a:a0:ce:4c:8d:ac:
+ 29:e4:c5:17:00:26:03:44:32:a8:7b:83:52:49:43:
+ 60:11:53:c8:1e:b8:eb:9f:1f:e3:13:54:81:77:c4:
+ 47:4a:2e:20:8d:48:8c:91:2e:e0:d4:e5:37:0b:5c:
+ bb:5f:40:37:92:e9:60:3b:a0:f9:98:7f:6d:b3:20:
+ 92:3c:da:8c:f0:79:81:f2:ea:77:ba:b4:7b:06:54:
+ 75:89:77:7e:ad:08:3a:ae:1e:dc:1c:11:63:08:43:
+ 14:97
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ BA:57:27:B7:A6:72:56:05:70:2F:E2:6E:47:CA:0F:2F:C4:26:44:86
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: sha256WithRSAEncryption
+ 53:30:05:cf:78:2f:0b:25:a1:64:0a:94:06:11:9b:a8:07:d3:
+ 5d:4f:0c:80:78:9c:cb:8e:07:d8:21:29:68:d0:ea:43:55:3f:
+ 14:18:dc:40:cc:a4:84:da:11:24:07:71:35:63:49:3e:bc:10:
+ 3a:93:cd:b8:61:22:e1:43:a8:d4:c5:2b:13:e4:27:62:00:f1:
+ c8:31:d0:27:05:27:6b:0e:77:df:1b:f0:e5:6e:d9:0b:8a:9a:
+ 0b:5f:97:20:2c:dd:e1:37:64:94:1a:9e:f7:a7:63:37:88:71:
+ 0e:57:a2:da:10:1f:2c:a3:a9:e1:40:01:48:58:74:2e:b3:11:
+ 8f:d1:21:30:49:b9:53:29:c5:92:85:85:6b:51:20:05:b4:c5:
+ af:b9:b2:9b:a3:50:1d:59:ac:fa:bf:33:57:61:f4:f1:c3:ee:
+ a2:9a:99:b2:04:de:8b:fc:d2:3c:58:38:ab:9d:d2:6d:f2:e3:
+ 0c:69:a5:76:78:df:ae:c9:67:0a:97:55:3d:f0:8f:5a:5e:de:
+ e6:56:1b:4e:66:c9:34:77:97:54:d4:66:e2:24:3c:f0:43:01:
+ 24:05:0c:32:a0:65:38:09:53:6c:0e:38:ea:7c:b1:d6:51:11:
+ 60:8f:28:9f:ab:13:d0:75:f3:93:13:f2:1e:a4:bd:18:ae:b0:
+ 0f:f6:29:d4
+-----BEGIN CERTIFICATE-----
+MIIDTzCCAjegAwIBAgIRAKcheUPd0RRbxvaMujYss1swDQYJKoZIhvcNAQELBQAw
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzUyWhcNMjMxMDE1
+MTA0NzUyWjAWMRQwEgYDVQQDDAtBcm5lIE9zbGVibzCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAM5MAhkhbhzy7ZPY/bwapMIRO+FVc+UmktPZ6KbdfaId
+vmp8ZAY5YDM4fWrKiZ3lEVghafM6iF7q5S7hnbsAH1kZaU9rMj0vGtqVPZmVU5+y
+6tsTSGMtStwMS6YcTGLi0BElZ8uAUgLo+Ds868v0cQNavtmgSf7Rcv5PvuGsoe2l
+FQb0TskGq5uSwj65WAz0FQ4EwJEbhXOdtpehbHAKGqDOTI2sKeTFFwAmA0QyqHuD
+UklDYBFTyB64658f4xNUgXfER0ouII1IjJEu4NTlNwtcu19AN5LpYDug+Zh/bbMg
+kjzajPB5gfLqd7q0ewZUdYl3fq0IOq4e3BwRYwhDFJcCAwEAAaOBlzCBlDAJBgNV
+HRMEAjAAMB0GA1UdDgQWBBS6Vye3pnJWBXAv4m5Hyg8vxCZEhjBGBgNVHSMEPzA9
+gBR5BspA05+aVK7TM03yOD62C/M9z6EapBgwFjEUMBIGA1UEAwwLU09DVE9PTFMt
+Q0GCCQCKdJMmgFtCtzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4Aw
+DQYJKoZIhvcNAQELBQADggEBAFMwBc94LwsloWQKlAYRm6gH011PDIB4nMuOB9gh
+KWjQ6kNVPxQY3EDMpITaESQHcTVjST68EDqTzbhhIuFDqNTFKxPkJ2IA8cgx0CcF
+J2sOd98b8OVu2QuKmgtflyAs3eE3ZJQanvenYzeIcQ5XotoQHyyjqeFAAUhYdC6z
+EY/RITBJuVMpxZKFhWtRIAW0xa+5spujUB1ZrPq/M1dh9PHD7qKambIE3ov80jxY
+OKud0m3y4wxppXZ4367JZwqXVT3wj1pe3uZWG05myTR3l1TUZuIkPPBDASQFDDKg
+ZTgJU2wOOOp8sdZREWCPKJ+rE9B185MT8h6kvRiusA/2KdQ=
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/D27B43CB9BFB09CFCC86EFD1019A42FC.pem b/roles/ca/files/CA/certs_by_serial/D27B43CB9BFB09CFCC86EFD1019A42FC.pem
new file mode 100644
index 0000000000000000000000000000000000000000..5be39cb377745bb5bc5303c2b7d55d44877f9260
--- /dev/null
+++ b/roles/ca/files/CA/certs_by_serial/D27B43CB9BFB09CFCC86EFD1019A42FC.pem
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ d2:7b:43:cb:9b:fb:09:cf:cc:86:ef:d1:01:9a:42:fc
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:30 2020 GMT
+ Not After : Oct 15 10:47:30 2023 GMT
+ Subject: CN=dsoclab-haproxy
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:c9:c7:22:33:0b:0b:0f:a0:8c:c4:a9:81:37:bd:
+ 51:2f:47:32:fa:1b:88:45:b1:bb:11:43:3d:de:b3:
+ 70:67:d7:8b:39:5a:8f:13:fb:2f:78:08:b1:b1:32:
+ c6:d1:0e:e4:d3:2e:3a:db:84:db:d2:65:6b:26:24:
+ 6c:d7:16:e5:a5:90:8e:02:46:13:02:0a:96:66:46:
+ 87:b7:b0:ee:56:4c:3c:d8:ae:4c:7d:ef:5b:aa:6e:
+ 01:8e:89:fe:4c:b9:de:6c:ba:e4:3f:8d:f8:d7:3a:
+ ed:b2:29:9a:5b:ac:5a:86:66:05:f3:19:2f:59:8d:
+ 7c:8b:6a:97:1e:43:8a:36:80:b2:e9:e1:84:f6:94:
+ bc:13:11:31:b8:d2:5a:72:ed:68:c3:b1:37:e4:5b:
+ 91:82:62:aa:13:f2:b6:e0:3a:aa:85:66:70:0a:a9:
+ ad:5c:a7:52:ff:dc:f9:99:5e:e5:15:d5:0c:fe:cd:
+ 27:cb:98:9e:5a:69:ca:71:74:31:e6:26:df:ec:d2:
+ 42:43:b9:f3:04:8e:2c:7a:28:a6:f9:8e:ba:64:3c:
+ 69:0e:ac:f5:dc:d5:f3:2a:50:47:50:d4:8c:f5:ee:
+ 31:08:73:69:1f:ae:42:1d:52:84:5d:47:68:dd:a3:
+ 1f:07:57:ec:3e:9e:0d:23:78:16:41:bc:68:f2:4f:
+ e9:19
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 49:DC:74:02:17:71:C3:D0:A0:64:31:9E:60:2B:B4:38:43:62:DE:98
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-haproxy, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 04:a0:71:31:d2:11:93:09:96:c8:1b:2a:31:b8:b9:34:07:ac:
+ 89:cb:b0:6c:b0:f0:17:5f:18:3c:a6:96:ca:b3:fa:c7:af:40:
+ 17:e1:7e:e4:dc:ee:fe:5c:dc:86:40:b7:2f:9d:c0:9e:fd:16:
+ 6b:85:ab:c2:a8:63:1f:fe:03:2b:89:6a:80:c9:2e:ae:cc:3d:
+ 19:75:32:0e:56:57:16:27:02:51:49:1d:b3:78:aa:57:d3:00:
+ 9b:93:fe:6d:a3:37:ad:26:35:57:e1:5f:90:bf:ef:30:bc:68:
+ f3:bf:7c:59:69:4f:61:30:2d:48:66:a6:44:2a:51:63:6e:4f:
+ a7:8f:96:7e:91:b2:b2:46:bc:97:1b:01:df:c0:24:5c:b2:aa:
+ 8d:20:3a:25:5d:8a:1c:84:53:0d:d4:f6:d5:81:5d:30:de:c4:
+ d7:fa:42:9c:79:68:92:56:b7:76:69:c6:c9:ad:07:47:a6:d2:
+ 46:d4:a5:0c:10:a9:03:21:4d:56:40:e5:28:e3:fa:70:1b:23:
+ 32:68:07:3d:d6:8a:3a:fb:6d:3b:a6:20:16:1b:09:f3:47:f0:
+ 2a:4f:dc:97:86:56:37:96:42:1b:89:b8:76:1a:ab:7a:25:4e:
+ e8:62:d9:a0:3b:ec:62:72:64:64:ca:87:9c:be:0a:08:09:52:
+ ab:03:89:2b
+-----BEGIN CERTIFICATE-----
+MIIDmTCCAoGgAwIBAgIRANJ7Q8ub+wnPzIbv0QGaQvwwDQYJKoZIhvcNAQELBQAw
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzMwWhcNMjMxMDE1
+MTA0NzMwWjAaMRgwFgYDVQQDDA9kc29jbGFiLWhhcHJveHkwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDJxyIzCwsPoIzEqYE3vVEvRzL6G4hFsbsRQz3e
+s3Bn14s5Wo8T+y94CLGxMsbRDuTTLjrbhNvSZWsmJGzXFuWlkI4CRhMCCpZmRoe3
+sO5WTDzYrkx971uqbgGOif5Mud5suuQ/jfjXOu2yKZpbrFqGZgXzGS9ZjXyLapce
+Q4o2gLLp4YT2lLwTETG40lpy7WjDsTfkW5GCYqoT8rbgOqqFZnAKqa1cp1L/3PmZ
+XuUV1Qz+zSfLmJ5aacpxdDHmJt/s0kJDufMEjix6KKb5jrpkPGkOrPXc1fMqUEdQ
+1Iz17jEIc2kfrkIdUoRdR2jdox8HV+w+ng0jeBZBvGjyT+kZAgMBAAGjgd0wgdow
+CQYDVR0TBAIwADAdBgNVHQ4EFgQUSdx0Ahdxw9CgZDGeYCu0OENi3pgwRgYDVR0j
+BD8wPYAUeQbKQNOfmlSu0zNN8jg+tgvzPc+hGqQYMBYxFDASBgNVBAMMC1NPQ1RP
+T0xTLUNBggkAinSTJoBbQrcwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
+MAsGA1UdDwQEAwIFoDA6BgNVHREEMzAxgg9kc29jbGFiLWhhcHJveHmCHmRzb2Ns
+YWIuZ240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEABKBx
+MdIRkwmWyBsqMbi5NAesicuwbLDwF18YPKaWyrP6x69AF+F+5Nzu/lzchkC3L53A
+nv0Wa4WrwqhjH/4DK4lqgMkursw9GXUyDlZXFicCUUkds3iqV9MAm5P+baM3rSY1
+V+FfkL/vMLxo8798WWlPYTAtSGamRCpRY25Pp4+WfpGyska8lxsB38AkXLKqjSA6
+JV2KHIRTDdT21YFdMN7E1/pCnHlokla3dmnGya0HR6bSRtSlDBCpAyFNVkDlKOP6
+cBsjMmgHPdaKOvttO6YgFhsJ80fwKk/cl4ZWN5ZCG4m4dhqreiVO6GLZoDvsYnJk
+ZMqHnL4KCAlSqwOJKw==
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/FE7583DEF2355A2C2BBA09720BD80948.pem b/roles/ca/files/CA/certs_by_serial/FE7583DEF2355A2C2BBA09720BD80948.pem
new file mode 100644
index 0000000000000000000000000000000000000000..92b6893716cacfa9e7fb863ad4c4379077e7ac1e
--- /dev/null
+++ b/roles/ca/files/CA/certs_by_serial/FE7583DEF2355A2C2BBA09720BD80948.pem
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ fe:75:83:de:f2:35:5a:2c:2b:ba:09:72:0b:d8:09:48
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:28 2020 GMT
+ Not After : Oct 15 10:47:28 2023 GMT
+ Subject: CN=dsoclab-keycloak
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:ea:a9:ea:6b:2f:6c:9c:9f:6d:9c:89:4e:01:ba:
+ c6:c0:32:df:59:26:2b:95:f4:c2:3d:c8:7e:22:ce:
+ b6:78:03:e8:22:28:81:9c:9a:a6:a7:ba:fd:05:66:
+ a3:50:81:85:71:c1:d9:ea:bc:21:e1:5d:0a:87:7b:
+ be:55:b0:7d:01:57:de:4c:fe:3a:c5:c9:54:77:2e:
+ 15:fc:12:07:f8:ef:9f:7b:f7:09:01:70:75:53:3b:
+ dc:b1:0c:65:4d:49:c4:fb:1d:42:20:6f:81:45:42:
+ d3:db:1d:4c:57:1b:1d:3b:81:39:ee:b2:cf:95:4b:
+ 29:d0:a8:39:98:d6:93:36:99:bf:c5:43:26:8d:4d:
+ db:6d:24:3b:fc:16:76:a1:fd:6f:c6:19:11:c7:12:
+ 0d:80:16:4c:88:da:2c:09:78:3d:1b:7c:6c:ec:db:
+ 9e:01:50:5f:a3:56:7f:d4:3b:a4:26:d2:6d:42:7b:
+ 88:4e:8d:64:ed:1e:1a:0e:05:58:65:58:47:83:60:
+ 9e:b4:ed:15:ce:72:4f:a0:b5:22:dd:9f:a4:da:88:
+ 86:fe:cb:84:6e:72:3d:00:42:da:8b:85:2a:f2:ef:
+ d7:ee:bb:85:42:ba:b9:fb:d9:9d:d2:2c:58:0f:7c:
+ 02:23:b7:46:d0:69:06:37:40:9d:58:74:89:ca:b7:
+ 12:e5
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ FD:C5:77:F8:79:AD:0A:7E:6A:A0:2E:3B:58:6A:9F:43:51:55:0B:DF
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-keycloak, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 9a:c0:35:a3:68:ec:ec:cc:c3:65:5a:bf:03:d0:ee:8d:a0:41:
+ db:6d:89:3e:97:d4:90:7d:63:8e:73:37:43:ae:9a:e2:d0:2b:
+ a7:5e:b2:88:9b:4d:8f:b6:81:bf:f6:46:a0:87:ca:77:ec:5c:
+ af:cd:6b:d8:e8:60:5a:aa:86:be:64:d5:ad:e9:1e:41:7b:6a:
+ df:01:1d:16:86:94:57:82:51:91:be:6b:d6:ae:f0:b9:8c:3d:
+ 11:99:c4:93:eb:f7:fa:9e:a3:e3:f8:97:19:cf:63:55:6a:6e:
+ 4f:e9:a2:64:a7:35:0d:7e:68:23:89:e1:c6:06:4b:34:67:38:
+ 40:d1:81:b3:73:95:3a:3b:67:d2:5a:e4:8e:49:34:b1:ab:6f:
+ b6:60:87:ac:55:5d:f5:59:c0:d5:d3:d8:de:3b:76:c9:41:28:
+ b4:d7:23:ec:a2:3f:1d:3f:74:2e:f0:45:40:35:38:d1:06:50:
+ b2:93:45:df:de:33:5e:0b:89:86:d8:c9:14:61:1c:d2:94:21:
+ 1f:bf:df:32:f0:2f:91:52:b0:08:b7:b9:c2:b7:55:2b:ca:05:
+ e4:eb:91:e1:63:45:5d:1a:6f:e8:76:07:89:e8:42:3e:ec:7b:
+ 51:0e:a0:d5:8e:c3:3d:26:e3:45:b0:5b:61:d1:98:3b:c3:d4:
+ 37:9f:c1:7c
+-----BEGIN CERTIFICATE-----
+MIIDmzCCAoOgAwIBAgIRAP51g97yNVosK7oJcgvYCUgwDQYJKoZIhvcNAQELBQAw
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzI4WhcNMjMxMDE1
+MTA0NzI4WjAbMRkwFwYDVQQDDBBkc29jbGFiLWtleWNsb2FrMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6qnqay9snJ9tnIlOAbrGwDLfWSYrlfTCPch+
+Is62eAPoIiiBnJqmp7r9BWajUIGFccHZ6rwh4V0Kh3u+VbB9AVfeTP46xclUdy4V
+/BIH+O+fe/cJAXB1UzvcsQxlTUnE+x1CIG+BRULT2x1MVxsdO4E57rLPlUsp0Kg5
+mNaTNpm/xUMmjU3bbSQ7/BZ2of1vxhkRxxINgBZMiNosCXg9G3xs7NueAVBfo1Z/
+1DukJtJtQnuITo1k7R4aDgVYZVhHg2CetO0VznJPoLUi3Z+k2oiG/suEbnI9AELa
+i4Uq8u/X7ruFQrq5+9md0ixYD3wCI7dG0GkGN0CdWHSJyrcS5QIDAQABo4HeMIHb
+MAkGA1UdEwQCMAAwHQYDVR0OBBYEFP3Fd/h5rQp+aqAuO1hqn0NRVQvfMEYGA1Ud
+IwQ/MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NU
+T09MUy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD
+AjALBgNVHQ8EBAMCBaAwOwYDVR0RBDQwMoIQZHNvY2xhYi1rZXljbG9ha4IeZHNv
+Y2xhYi5nbjQtMy13cDgtc29jLnN1bmV0LnNlMA0GCSqGSIb3DQEBCwUAA4IBAQCa
+wDWjaOzszMNlWr8D0O6NoEHbbYk+l9SQfWOOczdDrpri0CunXrKIm02PtoG/9kag
+h8p37FyvzWvY6GBaqoa+ZNWt6R5Be2rfAR0WhpRXglGRvmvWrvC5jD0RmcST6/f6
+nqPj+JcZz2NVam5P6aJkpzUNfmgjieHGBks0ZzhA0YGzc5U6O2fSWuSOSTSxq2+2
+YIesVV31WcDV09jeO3bJQSi01yPsoj8dP3Qu8EVANTjRBlCyk0Xf3jNeC4mG2MkU
+YRzSlCEfv98y8C+RUrAIt7nCt1UrygXk65HhY0VdGm/odgeJ6EI+7HtRDqDVjsM9
+JuNFsFth0Zg7w9Q3n8F8
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/extensions.temp b/roles/ca/files/CA/extensions.temp
new file mode 100644
index 0000000000000000000000000000000000000000..5680ec98c31b681502f8c828605876ce30e19995
--- /dev/null
+++ b/roles/ca/files/CA/extensions.temp
@@ -0,0 +1,15 @@
+# X509 extensions added to every signed cert
+
+# This file is included for every cert signed, and by default does nothing.
+# It could be used to add values every cert should have, such as a CDP as
+# demonstrated in the following example:
+
+#crlDistributionPoints = URI:http://example.net/pki/my_ca.crl
+# X509 extensions for a client
+
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+extendedKeyUsage = clientAuth
+keyUsage = digitalSignature
+
diff --git a/roles/ca/files/CA/index.txt b/roles/ca/files/CA/index.txt
new file mode 100644
index 0000000000000000000000000000000000000000..221d42dd9a77ccea288c5b3e083e699777e86d7e
--- /dev/null
+++ b/roles/ca/files/CA/index.txt
@@ -0,0 +1,13 @@
+V 231015104725Z 01EC4DAD3E5E47CF4E4B98495932B337 unknown /CN=dsoclab-nifi-1
+V 231015104725Z 8B69055F8586CEDD21660B2493412660 unknown /CN=dsoclab-nifi-2
+V 231015104726Z 5969918F10EF8D2BAE46B26D6D629D8E unknown /CN=dsoclab-nifi-3
+V 231015104726Z 97D2D0CF2300C0A966D103CA89A99212 unknown /CN=dsoclab-odfe-1
+V 231015104727Z 560A99C5A03FC4B9FC92FDC62F419BB9 unknown /CN=dsoclab-odfe-2
+V 231015104727Z 7DFC33457573E8F16094A74E6B2F23F1 unknown /CN=dsoclab-kibana
+V 231015104728Z FE7583DEF2355A2C2BBA09720BD80948 unknown /CN=dsoclab-keycloak
+V 231015104728Z 7587FCE4CF3EC68117199076B12CD5D2 unknown /CN=dsoclab-misp
+V 231015104729Z 61095C2C8D35EE291C99CEABD42B3CA4 unknown /CN=dsoclab-thehive
+V 231015104729Z 5DC4BC495FA076A813A4C23261640D92 unknown /CN=dsoclab-cortex
+V 231015104730Z D27B43CB9BFB09CFCC86EFD1019A42FC unknown /CN=dsoclab-haproxy
+V 231015104752Z 1DD9AF5415359961C578D1B98BFA6E9F unknown /CN=Bozidar Proevski
+V 231015104752Z A7217943DDD1145BC6F68CBA362CB35B unknown /CN=Arne Oslebo
diff --git a/roles/ca/files/CA/index.txt.attr b/roles/ca/files/CA/index.txt.attr
new file mode 100644
index 0000000000000000000000000000000000000000..3a7e39e6ee60a25017c2fd64fed55b665faa387c
--- /dev/null
+++ b/roles/ca/files/CA/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = no
diff --git a/roles/ca/files/CA/index.txt.attr.old b/roles/ca/files/CA/index.txt.attr.old
new file mode 100644
index 0000000000000000000000000000000000000000..3a7e39e6ee60a25017c2fd64fed55b665faa387c
--- /dev/null
+++ b/roles/ca/files/CA/index.txt.attr.old
@@ -0,0 +1 @@
+unique_subject = no
diff --git a/roles/ca/files/CA/index.txt.old b/roles/ca/files/CA/index.txt.old
new file mode 100644
index 0000000000000000000000000000000000000000..022f25472252e7019c5dc2c66f9ba279f0e2b11f
--- /dev/null
+++ b/roles/ca/files/CA/index.txt.old
@@ -0,0 +1,12 @@
+V 231015104725Z 01EC4DAD3E5E47CF4E4B98495932B337 unknown /CN=dsoclab-nifi-1
+V 231015104725Z 8B69055F8586CEDD21660B2493412660 unknown /CN=dsoclab-nifi-2
+V 231015104726Z 5969918F10EF8D2BAE46B26D6D629D8E unknown /CN=dsoclab-nifi-3
+V 231015104726Z 97D2D0CF2300C0A966D103CA89A99212 unknown /CN=dsoclab-odfe-1
+V 231015104727Z 560A99C5A03FC4B9FC92FDC62F419BB9 unknown /CN=dsoclab-odfe-2
+V 231015104727Z 7DFC33457573E8F16094A74E6B2F23F1 unknown /CN=dsoclab-kibana
+V 231015104728Z FE7583DEF2355A2C2BBA09720BD80948 unknown /CN=dsoclab-keycloak
+V 231015104728Z 7587FCE4CF3EC68117199076B12CD5D2 unknown /CN=dsoclab-misp
+V 231015104729Z 61095C2C8D35EE291C99CEABD42B3CA4 unknown /CN=dsoclab-thehive
+V 231015104729Z 5DC4BC495FA076A813A4C23261640D92 unknown /CN=dsoclab-cortex
+V 231015104730Z D27B43CB9BFB09CFCC86EFD1019A42FC unknown /CN=dsoclab-haproxy
+V 231015104752Z 1DD9AF5415359961C578D1B98BFA6E9F unknown /CN=Bozidar Proevski
diff --git a/roles/ca/files/CA/issued/Arne Oslebo.crt b/roles/ca/files/CA/issued/Arne Oslebo.crt
new file mode 100644
index 0000000000000000000000000000000000000000..4baf981ca39d7c8e6270b7823a40dd9e1661d9c3
--- /dev/null
+++ b/roles/ca/files/CA/issued/Arne Oslebo.crt
@@ -0,0 +1,84 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ a7:21:79:43:dd:d1:14:5b:c6:f6:8c:ba:36:2c:b3:5b
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:52 2020 GMT
+ Not After : Oct 15 10:47:52 2023 GMT
+ Subject: CN=Arne Oslebo
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:ce:4c:02:19:21:6e:1c:f2:ed:93:d8:fd:bc:1a:
+ a4:c2:11:3b:e1:55:73:e5:26:92:d3:d9:e8:a6:dd:
+ 7d:a2:1d:be:6a:7c:64:06:39:60:33:38:7d:6a:ca:
+ 89:9d:e5:11:58:21:69:f3:3a:88:5e:ea:e5:2e:e1:
+ 9d:bb:00:1f:59:19:69:4f:6b:32:3d:2f:1a:da:95:
+ 3d:99:95:53:9f:b2:ea:db:13:48:63:2d:4a:dc:0c:
+ 4b:a6:1c:4c:62:e2:d0:11:25:67:cb:80:52:02:e8:
+ f8:3b:3c:eb:cb:f4:71:03:5a:be:d9:a0:49:fe:d1:
+ 72:fe:4f:be:e1:ac:a1:ed:a5:15:06:f4:4e:c9:06:
+ ab:9b:92:c2:3e:b9:58:0c:f4:15:0e:04:c0:91:1b:
+ 85:73:9d:b6:97:a1:6c:70:0a:1a:a0:ce:4c:8d:ac:
+ 29:e4:c5:17:00:26:03:44:32:a8:7b:83:52:49:43:
+ 60:11:53:c8:1e:b8:eb:9f:1f:e3:13:54:81:77:c4:
+ 47:4a:2e:20:8d:48:8c:91:2e:e0:d4:e5:37:0b:5c:
+ bb:5f:40:37:92:e9:60:3b:a0:f9:98:7f:6d:b3:20:
+ 92:3c:da:8c:f0:79:81:f2:ea:77:ba:b4:7b:06:54:
+ 75:89:77:7e:ad:08:3a:ae:1e:dc:1c:11:63:08:43:
+ 14:97
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ BA:57:27:B7:A6:72:56:05:70:2F:E2:6E:47:CA:0F:2F:C4:26:44:86
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: sha256WithRSAEncryption
+ 53:30:05:cf:78:2f:0b:25:a1:64:0a:94:06:11:9b:a8:07:d3:
+ 5d:4f:0c:80:78:9c:cb:8e:07:d8:21:29:68:d0:ea:43:55:3f:
+ 14:18:dc:40:cc:a4:84:da:11:24:07:71:35:63:49:3e:bc:10:
+ 3a:93:cd:b8:61:22:e1:43:a8:d4:c5:2b:13:e4:27:62:00:f1:
+ c8:31:d0:27:05:27:6b:0e:77:df:1b:f0:e5:6e:d9:0b:8a:9a:
+ 0b:5f:97:20:2c:dd:e1:37:64:94:1a:9e:f7:a7:63:37:88:71:
+ 0e:57:a2:da:10:1f:2c:a3:a9:e1:40:01:48:58:74:2e:b3:11:
+ 8f:d1:21:30:49:b9:53:29:c5:92:85:85:6b:51:20:05:b4:c5:
+ af:b9:b2:9b:a3:50:1d:59:ac:fa:bf:33:57:61:f4:f1:c3:ee:
+ a2:9a:99:b2:04:de:8b:fc:d2:3c:58:38:ab:9d:d2:6d:f2:e3:
+ 0c:69:a5:76:78:df:ae:c9:67:0a:97:55:3d:f0:8f:5a:5e:de:
+ e6:56:1b:4e:66:c9:34:77:97:54:d4:66:e2:24:3c:f0:43:01:
+ 24:05:0c:32:a0:65:38:09:53:6c:0e:38:ea:7c:b1:d6:51:11:
+ 60:8f:28:9f:ab:13:d0:75:f3:93:13:f2:1e:a4:bd:18:ae:b0:
+ 0f:f6:29:d4
+-----BEGIN CERTIFICATE-----
+MIIDTzCCAjegAwIBAgIRAKcheUPd0RRbxvaMujYss1swDQYJKoZIhvcNAQELBQAw
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzUyWhcNMjMxMDE1
+MTA0NzUyWjAWMRQwEgYDVQQDDAtBcm5lIE9zbGVibzCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAM5MAhkhbhzy7ZPY/bwapMIRO+FVc+UmktPZ6KbdfaId
+vmp8ZAY5YDM4fWrKiZ3lEVghafM6iF7q5S7hnbsAH1kZaU9rMj0vGtqVPZmVU5+y
+6tsTSGMtStwMS6YcTGLi0BElZ8uAUgLo+Ds868v0cQNavtmgSf7Rcv5PvuGsoe2l
+FQb0TskGq5uSwj65WAz0FQ4EwJEbhXOdtpehbHAKGqDOTI2sKeTFFwAmA0QyqHuD
+UklDYBFTyB64658f4xNUgXfER0ouII1IjJEu4NTlNwtcu19AN5LpYDug+Zh/bbMg
+kjzajPB5gfLqd7q0ewZUdYl3fq0IOq4e3BwRYwhDFJcCAwEAAaOBlzCBlDAJBgNV
+HRMEAjAAMB0GA1UdDgQWBBS6Vye3pnJWBXAv4m5Hyg8vxCZEhjBGBgNVHSMEPzA9
+gBR5BspA05+aVK7TM03yOD62C/M9z6EapBgwFjEUMBIGA1UEAwwLU09DVE9PTFMt
+Q0GCCQCKdJMmgFtCtzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4Aw
+DQYJKoZIhvcNAQELBQADggEBAFMwBc94LwsloWQKlAYRm6gH011PDIB4nMuOB9gh
+KWjQ6kNVPxQY3EDMpITaESQHcTVjST68EDqTzbhhIuFDqNTFKxPkJ2IA8cgx0CcF
+J2sOd98b8OVu2QuKmgtflyAs3eE3ZJQanvenYzeIcQ5XotoQHyyjqeFAAUhYdC6z
+EY/RITBJuVMpxZKFhWtRIAW0xa+5spujUB1ZrPq/M1dh9PHD7qKambIE3ov80jxY
+OKud0m3y4wxppXZ4367JZwqXVT3wj1pe3uZWG05myTR3l1TUZuIkPPBDASQFDDKg
+ZTgJU2wOOOp8sdZREWCPKJ+rE9B185MT8h6kvRiusA/2KdQ=
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/Bozidar Proevski.crt b/roles/ca/files/CA/issued/Bozidar Proevski.crt
new file mode 100644
index 0000000000000000000000000000000000000000..af57c1e1d395c9d3bdbf1f4c5c18458fdcc4e02d
--- /dev/null
+++ b/roles/ca/files/CA/issued/Bozidar Proevski.crt
@@ -0,0 +1,84 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 1d:d9:af:54:15:35:99:61:c5:78:d1:b9:8b:fa:6e:9f
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:52 2020 GMT
+ Not After : Oct 15 10:47:52 2023 GMT
+ Subject: CN=Bozidar Proevski
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:9a:de:00:fd:f1:e9:b9:29:d9:58:d0:47:21:cf:
+ 4b:67:17:f7:a9:02:93:17:cf:57:5b:6f:db:26:90:
+ 30:09:0b:d9:c5:66:5e:f6:22:66:ab:48:06:aa:6c:
+ 88:b3:fd:93:45:a4:60:c9:5f:2b:6c:af:db:68:5e:
+ 27:e6:85:71:27:b7:20:52:61:df:14:1b:da:06:39:
+ b2:21:20:4b:22:48:b7:4b:76:44:02:b1:89:5f:0e:
+ 59:22:cb:b9:c9:1e:8d:a0:ac:28:5d:e5:ae:c8:ea:
+ cc:05:20:a2:60:11:12:8d:6d:88:0a:73:e8:7c:68:
+ 9c:48:2c:c9:a8:c6:9d:c3:3c:c1:e7:f4:07:f7:5b:
+ 6e:42:3d:3d:0f:85:6f:e2:b9:88:a9:d0:02:84:b8:
+ 19:6a:ae:13:a1:97:50:98:16:c8:0c:1b:bd:02:c8:
+ 5f:a3:2f:73:7e:25:f8:8c:e7:92:43:c7:6a:75:bc:
+ 85:ea:1c:47:28:ce:2c:9b:3a:8f:a8:07:e9:8c:8a:
+ 75:3e:c1:97:32:ce:e3:c5:ca:1e:0a:d7:3c:77:0a:
+ d2:ab:51:c3:e5:dc:37:90:1a:35:bf:a0:4a:aa:bd:
+ 38:ef:9e:6d:f8:81:37:7f:d3:77:23:c6:5b:63:98:
+ 64:07:2f:47:fd:7d:21:2f:57:c2:d8:44:00:c2:29:
+ 22:79
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ A3:9F:29:21:E0:E5:18:E4:CB:4C:2D:7F:84:2F:AF:F2:49:F0:83:3A
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: sha256WithRSAEncryption
+ ad:cb:66:5d:b7:29:e5:19:7b:7c:ae:23:50:58:34:db:c9:79:
+ 39:de:57:83:34:03:6d:bc:bf:e2:31:79:9d:2b:a2:7a:e0:c4:
+ c8:19:96:e0:20:f3:05:2a:a6:f4:b8:90:c4:ea:8d:5e:86:e1:
+ 13:99:59:0f:da:c8:3d:96:0d:78:04:4f:26:9c:6a:7c:8e:50:
+ 5a:30:f1:37:dc:26:99:28:35:f8:25:b9:4b:f8:d2:f0:d3:b5:
+ 61:32:c9:9c:43:39:21:43:c1:de:0d:4d:8e:e5:6f:a1:58:e5:
+ 01:84:d6:a5:de:88:2a:55:9f:ec:de:be:b1:13:61:33:dd:50:
+ 19:89:dd:11:48:5e:c2:14:8d:69:8f:a9:43:73:80:71:8f:54:
+ ba:da:74:b4:26:ec:5b:82:88:84:90:6d:f7:58:3f:78:d3:20:
+ 5b:c3:9b:82:85:b7:ef:98:12:4f:ba:e8:38:f3:8c:af:85:91:
+ 66:40:fe:a9:b2:fd:d6:76:ad:70:b7:b5:33:88:64:31:97:81:
+ d9:c6:ec:47:9b:af:3f:31:c8:de:0c:cc:88:3d:b7:6f:6f:19:
+ 24:f1:ae:ff:de:95:31:3f:38:e5:ed:a1:e1:e4:6b:54:1f:26:
+ b8:53:79:cf:fe:89:ba:bc:35:a1:bc:2f:8a:07:a2:eb:0d:90:
+ 72:ad:8a:60
+-----BEGIN CERTIFICATE-----
+MIIDUzCCAjugAwIBAgIQHdmvVBU1mWHFeNG5i/punzANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3NTJaFw0yMzEwMTUx
+MDQ3NTJaMBsxGTAXBgNVBAMMEEJvemlkYXIgUHJvZXZza2kwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQCa3gD98em5KdlY0Echz0tnF/epApMXz1dbb9sm
+kDAJC9nFZl72ImarSAaqbIiz/ZNFpGDJXytsr9toXifmhXEntyBSYd8UG9oGObIh
+IEsiSLdLdkQCsYlfDlkiy7nJHo2grChd5a7I6swFIKJgERKNbYgKc+h8aJxILMmo
+xp3DPMHn9Af3W25CPT0PhW/iuYip0AKEuBlqrhOhl1CYFsgMG70CyF+jL3N+JfiM
+55JDx2p1vIXqHEcoziybOo+oB+mMinU+wZcyzuPFyh4K1zx3CtKrUcPl3DeQGjW/
+oEqqvTjvnm34gTd/03cjxltjmGQHL0f9fSEvV8LYRADCKSJ5AgMBAAGjgZcwgZQw
+CQYDVR0TBAIwADAdBgNVHQ4EFgQUo58pIeDlGOTLTC1/hC+v8knwgzowRgYDVR0j
+BD8wPYAUeQbKQNOfmlSu0zNN8jg+tgvzPc+hGqQYMBYxFDASBgNVBAMMC1NPQ1RP
+T0xTLUNBggkAinSTJoBbQrcwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQD
+AgeAMA0GCSqGSIb3DQEBCwUAA4IBAQCty2ZdtynlGXt8riNQWDTbyXk53leDNANt
+vL/iMXmdK6J64MTIGZbgIPMFKqb0uJDE6o1ehuETmVkP2sg9lg14BE8mnGp8jlBa
+MPE33CaZKDX4JblL+NLw07VhMsmcQzkhQ8HeDU2O5W+hWOUBhNal3ogqVZ/s3r6x
+E2Ez3VAZid0RSF7CFI1pj6lDc4Bxj1S62nS0JuxbgoiEkG33WD940yBbw5uChbfv
+mBJPuug484yvhZFmQP6psv3Wdq1wt7UziGQxl4HZxuxHm68/McjeDMyIPbdvbxkk
+8a7/3pUxPzjl7aHh5GtUHya4U3nP/om6vDWhvC+KB6LrDZByrYpg
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/dsoclab-cortex.crt b/roles/ca/files/CA/issued/dsoclab-cortex.crt
new file mode 100644
index 0000000000000000000000000000000000000000..a743bd0055110d9dbad79cdcc70e2ccfe946b100
--- /dev/null
+++ b/roles/ca/files/CA/issued/dsoclab-cortex.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 5d:c4:bc:49:5f:a0:76:a8:13:a4:c2:32:61:64:0d:92
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:29 2020 GMT
+ Not After : Oct 15 10:47:29 2023 GMT
+ Subject: CN=dsoclab-cortex
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:cd:09:6b:14:33:4a:47:75:5b:d3:d9:67:3b:4d:
+ ad:1f:a7:1f:33:ab:86:b1:aa:3b:09:ab:1a:a6:fb:
+ a0:60:04:e3:68:33:0e:85:54:d1:70:61:8a:b9:d5:
+ d6:b5:6c:c2:b3:36:02:94:b7:1d:18:93:5f:88:81:
+ ff:2a:f4:99:58:6d:d7:96:e2:d2:64:77:b9:74:44:
+ 3c:f0:fb:5b:0f:43:7d:38:5d:fe:b0:db:05:7a:a9:
+ c5:10:24:75:13:c8:2d:da:69:be:e3:43:33:f0:28:
+ 30:9a:53:f8:f8:d3:10:32:35:ec:1d:87:ab:1e:2c:
+ b5:00:7c:9f:8f:61:e0:5d:56:15:8c:46:45:09:78:
+ 02:78:10:c0:af:2f:25:6c:c2:5b:ed:5f:c1:33:0b:
+ f8:c8:13:dc:df:c3:fc:05:90:ff:06:9e:cb:bc:1d:
+ 2b:c2:57:f2:bd:aa:22:b3:4b:f5:ca:b2:b8:00:18:
+ f1:14:10:b8:5e:69:9f:ed:fc:04:83:d9:2e:b7:9a:
+ 8a:45:1c:54:71:8f:61:02:6a:8a:84:2f:67:df:92:
+ 3a:0c:5f:e5:b6:e7:6c:27:69:1f:5b:06:d6:7f:e6:
+ df:ab:2f:31:a5:cd:63:32:60:c0:07:50:6c:0d:39:
+ cb:68:ae:3c:b2:da:0f:20:06:77:2c:28:ab:3a:30:
+ 92:1b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 9A:0E:E1:26:13:A7:12:5F:A4:F1:41:C0:09:FC:AD:EB:4E:66:C2:50
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-cortex, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 27:2e:a1:0c:8d:fb:b1:36:ff:4e:ac:00:91:75:81:4b:20:79:
+ 3f:da:1c:e1:80:b9:8c:6b:60:47:a5:8c:bf:1f:34:98:61:95:
+ 00:bb:79:d4:9e:c8:fb:dc:fb:6a:48:b2:69:d1:1a:04:cc:52:
+ ca:0b:48:01:3e:94:1e:68:0b:e3:4d:fa:12:c4:aa:ff:b6:5b:
+ 0c:3c:80:21:fe:50:87:8a:14:3a:7d:e7:a3:5e:b6:dc:22:ba:
+ cc:97:69:00:a8:78:08:dd:66:d1:cb:ca:28:41:b9:cc:8a:6b:
+ 7c:40:b7:5e:1d:a1:88:5a:b3:fd:18:77:e9:c4:48:fd:38:8f:
+ 06:6e:78:0e:f1:1a:1b:b2:6c:0a:df:38:11:e3:5a:3d:2a:5b:
+ de:41:63:14:ab:25:8e:a6:9f:a8:b7:32:9e:dc:23:45:f3:6b:
+ 6d:86:b7:17:b3:53:df:55:bd:cb:41:a1:b7:73:ae:21:1b:68:
+ b3:b1:0a:e5:e6:0c:2a:77:76:23:f3:87:ee:5f:0e:6d:cd:3b:
+ 94:9a:6f:f2:fd:4f:2d:72:a3:21:94:55:c0:4a:6c:2b:13:e3:
+ 82:13:a5:1f:82:6b:ae:6e:e2:ec:eb:7a:25:6a:f2:9e:45:d7:
+ 0a:7d:75:be:9d:f7:94:6f:ce:a5:27:d6:9b:dc:d2:12:54:64:
+ 09:c4:f6:a9
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIQXcS8SV+gdqgTpMIyYWQNkjANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjlaFw0yMzEwMTUx
+MDQ3MjlaMBkxFzAVBgNVBAMMDmRzb2NsYWItY29ydGV4MIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAzQlrFDNKR3Vb09lnO02tH6cfM6uGsao7Casapvug
+YATjaDMOhVTRcGGKudXWtWzCszYClLcdGJNfiIH/KvSZWG3XluLSZHe5dEQ88Ptb
+D0N9OF3+sNsFeqnFECR1E8gt2mm+40Mz8CgwmlP4+NMQMjXsHYerHiy1AHyfj2Hg
+XVYVjEZFCXgCeBDAry8lbMJb7V/BMwv4yBPc38P8BZD/Bp7LvB0rwlfyvaois0v1
+yrK4ABjxFBC4Xmmf7fwEg9kut5qKRRxUcY9hAmqKhC9n35I6DF/ltudsJ2kfWwbW
+f+bfqy8xpc1jMmDAB1BsDTnLaK48stoPIAZ3LCirOjCSGwIDAQABo4HcMIHZMAkG
+A1UdEwQCMAAwHQYDVR0OBBYEFJoO4SYTpxJfpPFBwAn8retOZsJQMEYGA1UdIwQ/
+MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
+Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
+BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1jb3J0ZXiCHmRzb2NsYWIu
+Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEAJy6hDI37
+sTb/TqwAkXWBSyB5P9oc4YC5jGtgR6WMvx80mGGVALt51J7I+9z7akiyadEaBMxS
+ygtIAT6UHmgL4036EsSq/7ZbDDyAIf5Qh4oUOn3no1623CK6zJdpAKh4CN1m0cvK
+KEG5zIprfEC3Xh2hiFqz/Rh36cRI/TiPBm54DvEaG7JsCt84EeNaPSpb3kFjFKsl
+jqafqLcyntwjRfNrbYa3F7NT31W9y0Ght3OuIRtos7EK5eYMKnd2I/OH7l8Obc07
+lJpv8v1PLXKjIZRVwEpsKxPjghOlH4Jrrm7i7Ot6JWrynkXXCn11vp33lG/OpSfW
+m9zSElRkCcT2qQ==
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/dsoclab-haproxy.crt b/roles/ca/files/CA/issued/dsoclab-haproxy.crt
new file mode 100644
index 0000000000000000000000000000000000000000..5be39cb377745bb5bc5303c2b7d55d44877f9260
--- /dev/null
+++ b/roles/ca/files/CA/issued/dsoclab-haproxy.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ d2:7b:43:cb:9b:fb:09:cf:cc:86:ef:d1:01:9a:42:fc
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:30 2020 GMT
+ Not After : Oct 15 10:47:30 2023 GMT
+ Subject: CN=dsoclab-haproxy
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:c9:c7:22:33:0b:0b:0f:a0:8c:c4:a9:81:37:bd:
+ 51:2f:47:32:fa:1b:88:45:b1:bb:11:43:3d:de:b3:
+ 70:67:d7:8b:39:5a:8f:13:fb:2f:78:08:b1:b1:32:
+ c6:d1:0e:e4:d3:2e:3a:db:84:db:d2:65:6b:26:24:
+ 6c:d7:16:e5:a5:90:8e:02:46:13:02:0a:96:66:46:
+ 87:b7:b0:ee:56:4c:3c:d8:ae:4c:7d:ef:5b:aa:6e:
+ 01:8e:89:fe:4c:b9:de:6c:ba:e4:3f:8d:f8:d7:3a:
+ ed:b2:29:9a:5b:ac:5a:86:66:05:f3:19:2f:59:8d:
+ 7c:8b:6a:97:1e:43:8a:36:80:b2:e9:e1:84:f6:94:
+ bc:13:11:31:b8:d2:5a:72:ed:68:c3:b1:37:e4:5b:
+ 91:82:62:aa:13:f2:b6:e0:3a:aa:85:66:70:0a:a9:
+ ad:5c:a7:52:ff:dc:f9:99:5e:e5:15:d5:0c:fe:cd:
+ 27:cb:98:9e:5a:69:ca:71:74:31:e6:26:df:ec:d2:
+ 42:43:b9:f3:04:8e:2c:7a:28:a6:f9:8e:ba:64:3c:
+ 69:0e:ac:f5:dc:d5:f3:2a:50:47:50:d4:8c:f5:ee:
+ 31:08:73:69:1f:ae:42:1d:52:84:5d:47:68:dd:a3:
+ 1f:07:57:ec:3e:9e:0d:23:78:16:41:bc:68:f2:4f:
+ e9:19
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 49:DC:74:02:17:71:C3:D0:A0:64:31:9E:60:2B:B4:38:43:62:DE:98
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-haproxy, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 04:a0:71:31:d2:11:93:09:96:c8:1b:2a:31:b8:b9:34:07:ac:
+ 89:cb:b0:6c:b0:f0:17:5f:18:3c:a6:96:ca:b3:fa:c7:af:40:
+ 17:e1:7e:e4:dc:ee:fe:5c:dc:86:40:b7:2f:9d:c0:9e:fd:16:
+ 6b:85:ab:c2:a8:63:1f:fe:03:2b:89:6a:80:c9:2e:ae:cc:3d:
+ 19:75:32:0e:56:57:16:27:02:51:49:1d:b3:78:aa:57:d3:00:
+ 9b:93:fe:6d:a3:37:ad:26:35:57:e1:5f:90:bf:ef:30:bc:68:
+ f3:bf:7c:59:69:4f:61:30:2d:48:66:a6:44:2a:51:63:6e:4f:
+ a7:8f:96:7e:91:b2:b2:46:bc:97:1b:01:df:c0:24:5c:b2:aa:
+ 8d:20:3a:25:5d:8a:1c:84:53:0d:d4:f6:d5:81:5d:30:de:c4:
+ d7:fa:42:9c:79:68:92:56:b7:76:69:c6:c9:ad:07:47:a6:d2:
+ 46:d4:a5:0c:10:a9:03:21:4d:56:40:e5:28:e3:fa:70:1b:23:
+ 32:68:07:3d:d6:8a:3a:fb:6d:3b:a6:20:16:1b:09:f3:47:f0:
+ 2a:4f:dc:97:86:56:37:96:42:1b:89:b8:76:1a:ab:7a:25:4e:
+ e8:62:d9:a0:3b:ec:62:72:64:64:ca:87:9c:be:0a:08:09:52:
+ ab:03:89:2b
+-----BEGIN CERTIFICATE-----
+MIIDmTCCAoGgAwIBAgIRANJ7Q8ub+wnPzIbv0QGaQvwwDQYJKoZIhvcNAQELBQAw
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzMwWhcNMjMxMDE1
+MTA0NzMwWjAaMRgwFgYDVQQDDA9kc29jbGFiLWhhcHJveHkwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDJxyIzCwsPoIzEqYE3vVEvRzL6G4hFsbsRQz3e
+s3Bn14s5Wo8T+y94CLGxMsbRDuTTLjrbhNvSZWsmJGzXFuWlkI4CRhMCCpZmRoe3
+sO5WTDzYrkx971uqbgGOif5Mud5suuQ/jfjXOu2yKZpbrFqGZgXzGS9ZjXyLapce
+Q4o2gLLp4YT2lLwTETG40lpy7WjDsTfkW5GCYqoT8rbgOqqFZnAKqa1cp1L/3PmZ
+XuUV1Qz+zSfLmJ5aacpxdDHmJt/s0kJDufMEjix6KKb5jrpkPGkOrPXc1fMqUEdQ
+1Iz17jEIc2kfrkIdUoRdR2jdox8HV+w+ng0jeBZBvGjyT+kZAgMBAAGjgd0wgdow
+CQYDVR0TBAIwADAdBgNVHQ4EFgQUSdx0Ahdxw9CgZDGeYCu0OENi3pgwRgYDVR0j
+BD8wPYAUeQbKQNOfmlSu0zNN8jg+tgvzPc+hGqQYMBYxFDASBgNVBAMMC1NPQ1RP
+T0xTLUNBggkAinSTJoBbQrcwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
+MAsGA1UdDwQEAwIFoDA6BgNVHREEMzAxgg9kc29jbGFiLWhhcHJveHmCHmRzb2Ns
+YWIuZ240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEABKBx
+MdIRkwmWyBsqMbi5NAesicuwbLDwF18YPKaWyrP6x69AF+F+5Nzu/lzchkC3L53A
+nv0Wa4WrwqhjH/4DK4lqgMkursw9GXUyDlZXFicCUUkds3iqV9MAm5P+baM3rSY1
+V+FfkL/vMLxo8798WWlPYTAtSGamRCpRY25Pp4+WfpGyska8lxsB38AkXLKqjSA6
+JV2KHIRTDdT21YFdMN7E1/pCnHlokla3dmnGya0HR6bSRtSlDBCpAyFNVkDlKOP6
+cBsjMmgHPdaKOvttO6YgFhsJ80fwKk/cl4ZWN5ZCG4m4dhqreiVO6GLZoDvsYnJk
+ZMqHnL4KCAlSqwOJKw==
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/dsoclab-keycloak.crt b/roles/ca/files/CA/issued/dsoclab-keycloak.crt
new file mode 100644
index 0000000000000000000000000000000000000000..92b6893716cacfa9e7fb863ad4c4379077e7ac1e
--- /dev/null
+++ b/roles/ca/files/CA/issued/dsoclab-keycloak.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ fe:75:83:de:f2:35:5a:2c:2b:ba:09:72:0b:d8:09:48
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:28 2020 GMT
+ Not After : Oct 15 10:47:28 2023 GMT
+ Subject: CN=dsoclab-keycloak
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:ea:a9:ea:6b:2f:6c:9c:9f:6d:9c:89:4e:01:ba:
+ c6:c0:32:df:59:26:2b:95:f4:c2:3d:c8:7e:22:ce:
+ b6:78:03:e8:22:28:81:9c:9a:a6:a7:ba:fd:05:66:
+ a3:50:81:85:71:c1:d9:ea:bc:21:e1:5d:0a:87:7b:
+ be:55:b0:7d:01:57:de:4c:fe:3a:c5:c9:54:77:2e:
+ 15:fc:12:07:f8:ef:9f:7b:f7:09:01:70:75:53:3b:
+ dc:b1:0c:65:4d:49:c4:fb:1d:42:20:6f:81:45:42:
+ d3:db:1d:4c:57:1b:1d:3b:81:39:ee:b2:cf:95:4b:
+ 29:d0:a8:39:98:d6:93:36:99:bf:c5:43:26:8d:4d:
+ db:6d:24:3b:fc:16:76:a1:fd:6f:c6:19:11:c7:12:
+ 0d:80:16:4c:88:da:2c:09:78:3d:1b:7c:6c:ec:db:
+ 9e:01:50:5f:a3:56:7f:d4:3b:a4:26:d2:6d:42:7b:
+ 88:4e:8d:64:ed:1e:1a:0e:05:58:65:58:47:83:60:
+ 9e:b4:ed:15:ce:72:4f:a0:b5:22:dd:9f:a4:da:88:
+ 86:fe:cb:84:6e:72:3d:00:42:da:8b:85:2a:f2:ef:
+ d7:ee:bb:85:42:ba:b9:fb:d9:9d:d2:2c:58:0f:7c:
+ 02:23:b7:46:d0:69:06:37:40:9d:58:74:89:ca:b7:
+ 12:e5
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ FD:C5:77:F8:79:AD:0A:7E:6A:A0:2E:3B:58:6A:9F:43:51:55:0B:DF
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-keycloak, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 9a:c0:35:a3:68:ec:ec:cc:c3:65:5a:bf:03:d0:ee:8d:a0:41:
+ db:6d:89:3e:97:d4:90:7d:63:8e:73:37:43:ae:9a:e2:d0:2b:
+ a7:5e:b2:88:9b:4d:8f:b6:81:bf:f6:46:a0:87:ca:77:ec:5c:
+ af:cd:6b:d8:e8:60:5a:aa:86:be:64:d5:ad:e9:1e:41:7b:6a:
+ df:01:1d:16:86:94:57:82:51:91:be:6b:d6:ae:f0:b9:8c:3d:
+ 11:99:c4:93:eb:f7:fa:9e:a3:e3:f8:97:19:cf:63:55:6a:6e:
+ 4f:e9:a2:64:a7:35:0d:7e:68:23:89:e1:c6:06:4b:34:67:38:
+ 40:d1:81:b3:73:95:3a:3b:67:d2:5a:e4:8e:49:34:b1:ab:6f:
+ b6:60:87:ac:55:5d:f5:59:c0:d5:d3:d8:de:3b:76:c9:41:28:
+ b4:d7:23:ec:a2:3f:1d:3f:74:2e:f0:45:40:35:38:d1:06:50:
+ b2:93:45:df:de:33:5e:0b:89:86:d8:c9:14:61:1c:d2:94:21:
+ 1f:bf:df:32:f0:2f:91:52:b0:08:b7:b9:c2:b7:55:2b:ca:05:
+ e4:eb:91:e1:63:45:5d:1a:6f:e8:76:07:89:e8:42:3e:ec:7b:
+ 51:0e:a0:d5:8e:c3:3d:26:e3:45:b0:5b:61:d1:98:3b:c3:d4:
+ 37:9f:c1:7c
+-----BEGIN CERTIFICATE-----
+MIIDmzCCAoOgAwIBAgIRAP51g97yNVosK7oJcgvYCUgwDQYJKoZIhvcNAQELBQAw
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzI4WhcNMjMxMDE1
+MTA0NzI4WjAbMRkwFwYDVQQDDBBkc29jbGFiLWtleWNsb2FrMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6qnqay9snJ9tnIlOAbrGwDLfWSYrlfTCPch+
+Is62eAPoIiiBnJqmp7r9BWajUIGFccHZ6rwh4V0Kh3u+VbB9AVfeTP46xclUdy4V
+/BIH+O+fe/cJAXB1UzvcsQxlTUnE+x1CIG+BRULT2x1MVxsdO4E57rLPlUsp0Kg5
+mNaTNpm/xUMmjU3bbSQ7/BZ2of1vxhkRxxINgBZMiNosCXg9G3xs7NueAVBfo1Z/
+1DukJtJtQnuITo1k7R4aDgVYZVhHg2CetO0VznJPoLUi3Z+k2oiG/suEbnI9AELa
+i4Uq8u/X7ruFQrq5+9md0ixYD3wCI7dG0GkGN0CdWHSJyrcS5QIDAQABo4HeMIHb
+MAkGA1UdEwQCMAAwHQYDVR0OBBYEFP3Fd/h5rQp+aqAuO1hqn0NRVQvfMEYGA1Ud
+IwQ/MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NU
+T09MUy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD
+AjALBgNVHQ8EBAMCBaAwOwYDVR0RBDQwMoIQZHNvY2xhYi1rZXljbG9ha4IeZHNv
+Y2xhYi5nbjQtMy13cDgtc29jLnN1bmV0LnNlMA0GCSqGSIb3DQEBCwUAA4IBAQCa
+wDWjaOzszMNlWr8D0O6NoEHbbYk+l9SQfWOOczdDrpri0CunXrKIm02PtoG/9kag
+h8p37FyvzWvY6GBaqoa+ZNWt6R5Be2rfAR0WhpRXglGRvmvWrvC5jD0RmcST6/f6
+nqPj+JcZz2NVam5P6aJkpzUNfmgjieHGBks0ZzhA0YGzc5U6O2fSWuSOSTSxq2+2
+YIesVV31WcDV09jeO3bJQSi01yPsoj8dP3Qu8EVANTjRBlCyk0Xf3jNeC4mG2MkU
+YRzSlCEfv98y8C+RUrAIt7nCt1UrygXk65HhY0VdGm/odgeJ6EI+7HtRDqDVjsM9
+JuNFsFth0Zg7w9Q3n8F8
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/dsoclab-kibana.crt b/roles/ca/files/CA/issued/dsoclab-kibana.crt
new file mode 100644
index 0000000000000000000000000000000000000000..f47839f66eda87805afce110cf5d0c2e136e8abe
--- /dev/null
+++ b/roles/ca/files/CA/issued/dsoclab-kibana.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 7d:fc:33:45:75:73:e8:f1:60:94:a7:4e:6b:2f:23:f1
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:27 2020 GMT
+ Not After : Oct 15 10:47:27 2023 GMT
+ Subject: CN=dsoclab-kibana
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:ce:4f:c9:0f:84:4d:4e:7b:dc:11:90:c9:49:a8:
+ f3:60:44:a8:25:1b:59:83:64:0b:d1:e0:bc:59:50:
+ 22:a5:f5:88:7a:c8:40:65:e4:22:3d:77:d2:8f:9e:
+ 30:17:80:5e:20:85:bc:70:67:61:cb:d8:e2:9f:9a:
+ 7c:7b:a6:e8:4e:79:7b:cd:86:6e:26:52:37:45:b6:
+ ab:b7:6f:40:8f:7a:55:8b:d1:91:cc:21:6f:55:37:
+ 50:3b:72:1f:2d:3b:bf:75:47:91:88:6a:1c:ea:39:
+ dd:8b:25:31:55:0e:bc:52:6f:bf:0b:96:ef:e3:12:
+ 5c:da:63:22:54:e5:b3:95:8b:02:9e:57:3e:7b:4f:
+ a0:f5:6f:07:a8:5b:45:7c:cb:34:83:77:34:a5:b1:
+ ff:05:12:88:8f:cc:c4:05:5d:e9:e7:7d:2b:12:fa:
+ bb:4d:25:f4:f7:04:e7:95:06:95:ea:a9:c4:75:4e:
+ f7:03:67:2d:9c:9a:f4:01:f6:2a:8d:6c:6d:d0:59:
+ a9:ce:1f:12:b1:76:39:c8:07:d4:20:73:1e:f3:9c:
+ b9:67:83:3b:a8:7c:6e:fb:86:ea:3f:6a:8e:98:4c:
+ 39:a9:d1:4d:be:9f:0a:43:49:1b:fd:09:67:b6:62:
+ 71:fd:87:9a:63:25:00:aa:c7:a1:4d:23:12:e3:56:
+ 0f:6f
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 50:F3:7D:4F:B2:8C:A5:09:FD:64:CB:C1:97:F1:F8:49:C8:6B:30:4D
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-kibana, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ ae:be:82:6f:6d:e6:c4:cb:c3:2a:d9:d6:ee:11:52:a6:de:89:
+ 9e:31:a3:e2:86:07:e9:d1:fe:95:c9:a2:38:90:df:05:ff:e5:
+ 99:27:e8:d8:55:00:8a:85:b3:15:a5:e5:5b:ce:4e:4f:01:3b:
+ 74:a4:b2:09:fc:6e:95:92:94:2f:76:0d:c7:97:1b:78:c1:08:
+ 1e:3a:0e:fa:a6:ab:db:1e:22:26:86:39:f4:bb:89:a1:a1:d1:
+ 55:f6:c3:ff:9b:a5:eb:1b:6a:84:8a:1d:3c:5f:7c:03:0d:08:
+ 42:6f:d7:14:86:61:38:66:65:f7:c2:86:68:db:81:e9:41:0f:
+ 82:cf:bb:be:fd:d7:94:48:cc:f8:cf:4a:40:ce:33:c4:75:51:
+ 00:7e:c7:93:f6:3b:92:c1:5e:8a:ce:5f:2c:c2:f4:fe:ec:77:
+ 9e:ea:30:d9:53:ee:f9:b9:fd:50:f5:6b:92:1c:57:d2:e0:f3:
+ 05:d8:79:a9:63:16:13:09:cf:5f:39:dc:ec:43:e4:65:45:43:
+ 65:e4:7c:39:a3:a2:81:47:ab:8f:57:a9:89:9d:56:4b:77:b1:
+ 04:c8:9c:54:d2:5c:28:f5:d3:66:ae:9a:9c:a5:91:c7:eb:20:
+ 69:fb:58:99:c7:5e:be:ec:4a:7a:62:09:fe:3b:30:f2:4a:d7:
+ 1d:f9:0b:c3
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIQffwzRXVz6PFglKdOay8j8TANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjdaFw0yMzEwMTUx
+MDQ3MjdaMBkxFzAVBgNVBAMMDmRzb2NsYWIta2liYW5hMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAzk/JD4RNTnvcEZDJSajzYESoJRtZg2QL0eC8WVAi
+pfWIeshAZeQiPXfSj54wF4BeIIW8cGdhy9jin5p8e6boTnl7zYZuJlI3Rbart29A
+j3pVi9GRzCFvVTdQO3IfLTu/dUeRiGoc6jndiyUxVQ68Um+/C5bv4xJc2mMiVOWz
+lYsCnlc+e0+g9W8HqFtFfMs0g3c0pbH/BRKIj8zEBV3p530rEvq7TSX09wTnlQaV
+6qnEdU73A2ctnJr0AfYqjWxt0Fmpzh8SsXY5yAfUIHMe85y5Z4M7qHxu+4bqP2qO
+mEw5qdFNvp8KQ0kb/QlntmJx/YeaYyUAqsehTSMS41YPbwIDAQABo4HcMIHZMAkG
+A1UdEwQCMAAwHQYDVR0OBBYEFFDzfU+yjKUJ/WTLwZfx+EnIazBNMEYGA1UdIwQ/
+MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
+Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
+BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1raWJhbmGCHmRzb2NsYWIu
+Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEArr6Cb23m
+xMvDKtnW7hFSpt6JnjGj4oYH6dH+lcmiOJDfBf/lmSfo2FUAioWzFaXlW85OTwE7
+dKSyCfxulZKUL3YNx5cbeMEIHjoO+qar2x4iJoY59LuJoaHRVfbD/5ul6xtqhIod
+PF98Aw0IQm/XFIZhOGZl98KGaNuB6UEPgs+7vv3XlEjM+M9KQM4zxHVRAH7Hk/Y7
+ksFeis5fLML0/ux3nuow2VPu+bn9UPVrkhxX0uDzBdh5qWMWEwnPXznc7EPkZUVD
+ZeR8OaOigUerj1epiZ1WS3exBMicVNJcKPXTZq6anKWRx+sgaftYmcdevuxKemIJ
+/jsw8krXHfkLww==
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/dsoclab-misp.crt b/roles/ca/files/CA/issued/dsoclab-misp.crt
new file mode 100644
index 0000000000000000000000000000000000000000..f83010441e252486cc934677a1e0a0de1ebe2328
--- /dev/null
+++ b/roles/ca/files/CA/issued/dsoclab-misp.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 75:87:fc:e4:cf:3e:c6:81:17:19:90:76:b1:2c:d5:d2
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:28 2020 GMT
+ Not After : Oct 15 10:47:28 2023 GMT
+ Subject: CN=dsoclab-misp
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:cf:b1:1b:e7:a2:ae:70:81:71:a5:57:46:14:2e:
+ 47:64:89:4e:bd:7d:f0:82:2d:03:19:d6:87:44:b3:
+ 42:bf:72:78:03:cc:91:98:5b:36:42:14:55:e2:82:
+ 16:12:58:60:54:44:8f:15:f6:1b:1f:76:36:22:2e:
+ e8:ac:d3:3c:0a:df:46:c7:f1:04:bc:3a:bf:fe:4b:
+ 8f:2a:53:83:e3:50:82:06:09:fc:2a:fa:fe:94:a0:
+ 7b:7f:c2:3e:0b:3e:dc:72:b8:94:10:0a:0b:90:fd:
+ 45:76:29:85:52:bf:0f:20:43:78:fe:3b:d3:49:20:
+ 8f:9a:a5:0c:89:bb:0e:97:f2:67:b0:2d:f0:17:53:
+ 25:a6:9b:4b:64:0e:72:8a:bf:c9:e3:8e:41:bb:ed:
+ f3:33:6a:55:5f:8d:52:84:fa:a3:67:1a:7b:71:fb:
+ 90:f1:5f:61:df:44:ea:0b:77:88:f2:e5:c1:83:71:
+ 58:c7:58:8a:9b:39:45:59:4e:e0:db:16:b6:96:72:
+ 90:8c:ee:c2:13:75:ea:15:c6:6b:e2:dc:3a:de:c8:
+ 07:de:18:84:2d:96:b6:c4:4c:e1:4a:4d:13:6f:6c:
+ 9a:1d:e5:f9:6f:cc:7e:1b:4a:3a:75:1a:b9:37:b0:
+ 6d:a0:1b:69:35:f1:b6:e6:c2:a5:d3:56:d3:57:c7:
+ 0e:8b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 65:C5:56:88:65:AF:77:F1:53:B2:71:5E:16:10:D1:0B:30:FF:28:BE
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-misp, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 5a:57:76:90:fd:a5:0d:ea:b0:22:c9:02:2e:18:91:81:04:d1:
+ f4:64:58:58:19:27:03:9b:5a:dc:de:6c:0e:fb:b7:76:eb:b1:
+ 97:36:e2:c7:76:ef:7d:d8:00:c3:20:c0:3d:a7:cf:61:f8:16:
+ 4c:96:4c:7c:c8:89:21:d6:d4:eb:3a:c1:3d:98:34:74:6e:39:
+ 81:20:6f:9b:4b:8d:b9:35:60:c5:76:19:30:30:06:0f:89:b1:
+ 1a:f6:c4:88:52:28:98:41:52:f1:9a:77:82:79:ae:c9:71:ba:
+ d9:e5:e9:b7:ba:08:32:59:eb:5e:7d:11:e0:a8:27:20:91:46:
+ 05:56:1e:e6:0b:4d:49:17:52:7f:4b:c4:a3:e0:cd:30:bd:4e:
+ 6a:70:2a:f5:77:4d:d1:d6:64:13:8d:4b:1a:d3:0b:0f:8a:49:
+ 1e:bf:b4:c0:4f:43:dc:92:e3:c0:f2:2f:4a:c8:30:45:fc:5a:
+ d2:de:92:b2:a1:48:b8:da:ff:f4:0b:04:5d:5d:a7:30:d8:4b:
+ ca:cf:0c:01:6a:50:45:5f:d4:a8:cf:dd:fa:f7:68:0c:4c:45:
+ 47:be:3a:c2:39:bb:04:ff:62:a0:bc:91:a0:f2:2b:67:09:89:
+ 5a:ff:e6:53:c1:89:18:12:a1:0f:5a:d7:e1:12:8b:88:88:89:
+ ca:b0:30:27
+-----BEGIN CERTIFICATE-----
+MIIDkjCCAnqgAwIBAgIQdYf85M8+xoEXGZB2sSzV0jANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjhaFw0yMzEwMTUx
+MDQ3MjhaMBcxFTATBgNVBAMMDGRzb2NsYWItbWlzcDCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAM+xG+eirnCBcaVXRhQuR2SJTr198IItAxnWh0SzQr9y
+eAPMkZhbNkIUVeKCFhJYYFREjxX2Gx92NiIu6KzTPArfRsfxBLw6v/5LjypTg+NQ
+ggYJ/Cr6/pSge3/CPgs+3HK4lBAKC5D9RXYphVK/DyBDeP4700kgj5qlDIm7Dpfy
+Z7At8BdTJaabS2QOcoq/yeOOQbvt8zNqVV+NUoT6o2cae3H7kPFfYd9E6gt3iPLl
+wYNxWMdYips5RVlO4NsWtpZykIzuwhN16hXGa+LcOt7IB94YhC2WtsRM4UpNE29s
+mh3l+W/MfhtKOnUauTewbaAbaTXxtubCpdNW01fHDosCAwEAAaOB2jCB1zAJBgNV
+HRMEAjAAMB0GA1UdDgQWBBRlxVaIZa938VOycV4WENELMP8ovjBGBgNVHSMEPzA9
+gBR5BspA05+aVK7TM03yOD62C/M9z6EapBgwFjEUMBIGA1UEAwwLU09DVE9PTFMt
+Q0GCCQCKdJMmgFtCtzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYD
+VR0PBAQDAgWgMDcGA1UdEQQwMC6CDGRzb2NsYWItbWlzcIIeZHNvY2xhYi5nbjQt
+My13cDgtc29jLnN1bmV0LnNlMA0GCSqGSIb3DQEBCwUAA4IBAQBaV3aQ/aUN6rAi
+yQIuGJGBBNH0ZFhYGScDm1rc3mwO+7d267GXNuLHdu992ADDIMA9p89h+BZMlkx8
+yIkh1tTrOsE9mDR0bjmBIG+bS425NWDFdhkwMAYPibEa9sSIUiiYQVLxmneCea7J
+cbrZ5em3uggyWetefRHgqCcgkUYFVh7mC01JF1J/S8Sj4M0wvU5qcCr1d03R1mQT
+jUsa0wsPikkev7TAT0PckuPA8i9KyDBF/FrS3pKyoUi42v/0CwRdXacw2EvKzwwB
+alBFX9Soz93692gMTEVHvjrCObsE/2KgvJGg8itnCYla/+ZTwYkYEqEPWtfhEouI
+iInKsDAn
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/dsoclab-nifi-1.crt b/roles/ca/files/CA/issued/dsoclab-nifi-1.crt
new file mode 100644
index 0000000000000000000000000000000000000000..ad6921cea4ea5b8001bf8a8586b1e446dc752e9d
--- /dev/null
+++ b/roles/ca/files/CA/issued/dsoclab-nifi-1.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 01:ec:4d:ad:3e:5e:47:cf:4e:4b:98:49:59:32:b3:37
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:25 2020 GMT
+ Not After : Oct 15 10:47:25 2023 GMT
+ Subject: CN=dsoclab-nifi-1
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:c3:af:ef:b7:a1:95:47:5f:55:ea:7e:e8:d6:fd:
+ d5:e3:19:68:2e:72:1f:90:62:a8:79:76:d8:d2:f6:
+ 51:df:71:80:37:5a:ec:7d:fb:6d:78:6e:37:fe:e5:
+ 1b:c8:d5:73:e4:c9:a5:cb:e8:4a:48:26:c6:e0:a6:
+ 5e:14:2c:90:b1:81:b2:69:31:e2:44:85:97:f5:60:
+ 12:88:06:9d:8d:cf:4a:a2:77:b3:d9:ff:f3:41:40:
+ 4c:21:e1:73:8d:98:82:2f:37:27:0c:24:d8:67:bd:
+ c7:05:50:40:c5:a9:d0:e4:3f:bb:0c:72:29:7c:be:
+ 06:01:96:03:b8:a0:42:c4:6f:6f:da:aa:17:34:5f:
+ 5e:f3:73:0e:77:b5:7a:9a:59:e3:3c:d1:39:50:17:
+ 2f:53:18:05:82:34:29:1b:19:56:2e:c2:db:24:79:
+ 51:0f:a8:d9:66:3c:72:1e:a0:f7:03:d6:e9:e5:c6:
+ b9:be:94:e4:84:bd:cd:93:26:eb:3b:17:bb:cd:e5:
+ 58:25:f2:28:35:a4:b1:70:df:32:54:85:f6:3c:20:
+ 9f:88:8b:5d:83:a2:c4:1e:31:d9:a1:76:1d:2e:3c:
+ f8:78:64:a4:dd:3a:b2:56:65:bf:a8:2a:a8:ed:62:
+ c9:62:2c:72:bd:9d:7e:6b:1f:80:ea:bc:33:60:47:
+ d3:0f
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 87:9A:8D:12:3A:69:8D:89:98:F6:95:D0:F2:ED:C3:DC:ED:A0:22:12
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-nifi-1, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 8d:23:38:a7:aa:d0:58:03:f2:98:19:da:62:c6:55:cb:d5:c5:
+ 05:dd:55:c5:f9:41:46:ec:75:06:be:0a:0b:7b:0f:ac:10:dd:
+ 86:bf:4f:6e:05:c1:7b:c1:1d:1c:ce:c7:f0:a9:0c:6e:79:fe:
+ c2:49:18:d5:5d:4a:ae:c8:d8:ab:ec:45:95:94:c1:8b:30:da:
+ 52:1a:42:3c:41:77:65:9e:8a:63:f5:52:c2:71:b7:e2:56:43:
+ bd:89:3a:fa:14:bd:d7:7a:b2:60:43:82:c0:df:4a:e0:a7:02:
+ fd:d7:f6:56:9a:0f:ad:f4:ee:00:06:fb:75:b9:96:63:c8:b3:
+ 75:1f:c6:9d:3b:9d:1a:29:cd:09:f0:80:31:5c:4e:97:62:91:
+ 73:84:aa:11:cc:4b:00:15:a1:92:62:2a:6b:d4:d6:4c:ed:a5:
+ 89:fe:12:c9:d1:0b:48:b8:97:26:e4:5b:ab:da:fe:2d:54:ca:
+ 55:23:8b:22:7f:a1:12:4a:21:3e:9e:bb:48:d6:82:b6:a2:cc:
+ 83:15:5d:5f:c7:52:a1:01:01:70:60:3f:64:b4:1d:85:4f:56:
+ b7:67:77:b8:ea:59:7a:85:ce:e3:4a:e1:d6:2f:e0:b2:60:44:
+ 3a:08:3a:b5:0e:fc:88:ad:e5:a1:f1:a8:79:37:c4:52:02:f0:
+ 5b:05:94:0e
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIQAexNrT5eR89OS5hJWTKzNzANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjVaFw0yMzEwMTUx
+MDQ3MjVaMBkxFzAVBgNVBAMMDmRzb2NsYWItbmlmaS0xMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAw6/vt6GVR19V6n7o1v3V4xloLnIfkGKoeXbY0vZR
+33GAN1rsfftteG43/uUbyNVz5Mmly+hKSCbG4KZeFCyQsYGyaTHiRIWX9WASiAad
+jc9Konez2f/zQUBMIeFzjZiCLzcnDCTYZ73HBVBAxanQ5D+7DHIpfL4GAZYDuKBC
+xG9v2qoXNF9e83MOd7V6mlnjPNE5UBcvUxgFgjQpGxlWLsLbJHlRD6jZZjxyHqD3
+A9bp5ca5vpTkhL3NkybrOxe7zeVYJfIoNaSxcN8yVIX2PCCfiItdg6LEHjHZoXYd
+Ljz4eGSk3TqyVmW/qCqo7WLJYixyvZ1+ax+A6rwzYEfTDwIDAQABo4HcMIHZMAkG
+A1UdEwQCMAAwHQYDVR0OBBYEFIeajRI6aY2JmPaV0PLtw9ztoCISMEYGA1UdIwQ/
+MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
+Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
+BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1uaWZpLTGCHmRzb2NsYWIu
+Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEAjSM4p6rQ
+WAPymBnaYsZVy9XFBd1VxflBRux1Br4KC3sPrBDdhr9PbgXBe8EdHM7H8KkMbnn+
+wkkY1V1KrsjYq+xFlZTBizDaUhpCPEF3ZZ6KY/VSwnG34lZDvYk6+hS913qyYEOC
+wN9K4KcC/df2VpoPrfTuAAb7dbmWY8izdR/GnTudGinNCfCAMVxOl2KRc4SqEcxL
+ABWhkmIqa9TWTO2lif4SydELSLiXJuRbq9r+LVTKVSOLIn+hEkohPp67SNaCtqLM
+gxVdX8dSoQEBcGA/ZLQdhU9Wt2d3uOpZeoXO40rh1i/gsmBEOgg6tQ78iK3lofGo
+eTfEUgLwWwWUDg==
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/dsoclab-nifi-2.crt b/roles/ca/files/CA/issued/dsoclab-nifi-2.crt
new file mode 100644
index 0000000000000000000000000000000000000000..56a67ac49f381e3f9c9db191d4b79dbbdeb58fc2
--- /dev/null
+++ b/roles/ca/files/CA/issued/dsoclab-nifi-2.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 8b:69:05:5f:85:86:ce:dd:21:66:0b:24:93:41:26:60
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:25 2020 GMT
+ Not After : Oct 15 10:47:25 2023 GMT
+ Subject: CN=dsoclab-nifi-2
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:ac:b7:4b:e2:d5:87:7f:8e:15:9b:cf:c0:17:eb:
+ db:8c:e3:1b:83:c0:69:b9:06:91:a0:9b:c6:35:dc:
+ 2f:e8:8c:72:28:50:02:82:c5:b1:eb:da:d9:e3:9d:
+ 95:d2:d9:dd:e1:08:35:6d:83:73:95:98:ba:19:fd:
+ 3e:04:67:9a:09:37:45:79:d3:1d:0b:ec:0a:43:cb:
+ b8:24:cc:68:5c:ce:2e:ae:db:48:d8:6e:5a:f3:31:
+ be:87:28:86:76:8e:8f:8d:68:95:1f:72:6c:65:4a:
+ fc:9e:b8:7d:e2:83:e2:3d:b0:30:5d:c1:73:06:ae:
+ 9b:f7:9a:54:b8:02:6b:82:90:11:08:3f:d6:5f:59:
+ 5c:df:aa:25:59:c0:67:7a:fc:e1:f0:c9:4a:8b:e0:
+ 31:b6:53:13:c2:bf:8c:4f:3a:e6:ed:11:30:a6:41:
+ 26:ad:56:8f:03:0b:ad:87:6c:b2:73:c4:2e:41:3e:
+ 99:1a:b6:29:6d:e0:dc:af:8f:45:6e:d5:69:17:0d:
+ f1:58:a6:7e:8c:80:32:72:24:21:d2:e9:b4:44:23:
+ f6:10:8f:9f:64:7f:ef:e6:ab:f1:43:94:d0:8a:97:
+ 0e:e4:91:bd:86:b9:1f:42:f4:96:39:85:05:26:ed:
+ 90:01:91:11:a3:1f:04:5b:46:ff:1b:a9:74:77:db:
+ 18:03
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 1F:5E:EF:0E:58:69:FD:21:93:48:19:98:81:48:13:2E:FC:31:61:0C
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-nifi-2, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 21:2d:9b:f7:0c:74:cd:d4:30:b1:42:5b:32:98:d8:ef:9f:a9:
+ 9b:1b:f0:54:67:c3:20:5b:f1:87:4d:ff:e4:a5:db:af:eb:34:
+ 8a:b3:fa:d6:14:4a:3c:31:11:8f:09:b0:af:25:39:5a:5e:89:
+ 32:cf:c7:48:68:f3:14:72:a0:35:15:ec:76:c7:bb:a7:5b:0c:
+ d5:7e:5b:8c:d8:40:a2:5e:fa:f8:f2:cf:dd:56:65:7e:94:ef:
+ b4:99:25:ba:9f:78:94:7d:54:0c:83:b9:cf:b8:b4:9d:78:6d:
+ 62:e3:6c:98:1f:40:b9:35:3c:51:b5:9f:82:7b:1e:77:db:25:
+ f2:71:df:3d:e9:56:93:86:fe:61:48:4f:db:76:5b:5f:b1:96:
+ f9:46:72:5e:01:80:87:b5:be:b4:00:3b:37:7f:5e:44:d4:7e:
+ c5:87:ed:40:6b:9e:f4:ca:1b:b0:4b:84:97:1f:07:0f:7c:8b:
+ d2:7b:b1:3d:a7:f8:ae:39:07:34:50:41:70:1f:07:ba:a6:a2:
+ 0d:ca:e5:7b:d4:77:2c:95:4d:16:0c:34:e0:a5:59:7f:43:c7:
+ a0:dd:a0:f0:ed:75:5a:0f:61:76:52:34:ef:7c:a7:21:e4:de:
+ 3a:24:cd:39:b6:77:3a:c8:f3:1f:09:2b:80:9a:f0:5d:7f:5e:
+ 73:9d:73:eb
+-----BEGIN CERTIFICATE-----
+MIIDlzCCAn+gAwIBAgIRAItpBV+Fhs7dIWYLJJNBJmAwDQYJKoZIhvcNAQELBQAw
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzI1WhcNMjMxMDE1
+MTA0NzI1WjAZMRcwFQYDVQQDDA5kc29jbGFiLW5pZmktMjCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAKy3S+LVh3+OFZvPwBfr24zjG4PAabkGkaCbxjXc
+L+iMcihQAoLFseva2eOdldLZ3eEINW2Dc5WYuhn9PgRnmgk3RXnTHQvsCkPLuCTM
+aFzOLq7bSNhuWvMxvocohnaOj41olR9ybGVK/J64feKD4j2wMF3Bcwaum/eaVLgC
+a4KQEQg/1l9ZXN+qJVnAZ3r84fDJSovgMbZTE8K/jE865u0RMKZBJq1WjwMLrYds
+snPELkE+mRq2KW3g3K+PRW7VaRcN8VimfoyAMnIkIdLptEQj9hCPn2R/7+ar8UOU
+0IqXDuSRvYa5H0L0ljmFBSbtkAGREaMfBFtG/xupdHfbGAMCAwEAAaOB3DCB2TAJ
+BgNVHRMEAjAAMB0GA1UdDgQWBBQfXu8OWGn9IZNIGZiBSBMu/DFhDDBGBgNVHSME
+PzA9gBR5BspA05+aVK7TM03yOD62C/M9z6EapBgwFjEUMBIGA1UEAwwLU09DVE9P
+TFMtQ0GCCQCKdJMmgFtCtzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
+CwYDVR0PBAQDAgWgMDkGA1UdEQQyMDCCDmRzb2NsYWItbmlmaS0ygh5kc29jbGFi
+LmduNC0zLXdwOC1zb2Muc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggEBACEtm/cM
+dM3UMLFCWzKY2O+fqZsb8FRnwyBb8YdN/+Sl26/rNIqz+tYUSjwxEY8JsK8lOVpe
+iTLPx0ho8xRyoDUV7HbHu6dbDNV+W4zYQKJe+vjyz91WZX6U77SZJbqfeJR9VAyD
+uc+4tJ14bWLjbJgfQLk1PFG1n4J7HnfbJfJx3z3pVpOG/mFIT9t2W1+xlvlGcl4B
+gIe1vrQAOzd/XkTUfsWH7UBrnvTKG7BLhJcfBw98i9J7sT2n+K45BzRQQXAfB7qm
+og3K5XvUdyyVTRYMNOClWX9Dx6DdoPDtdVoPYXZSNO98pyHk3jokzTm2dzrI8x8J
+K4Ca8F1/XnOdc+s=
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/dsoclab-nifi-3.crt b/roles/ca/files/CA/issued/dsoclab-nifi-3.crt
new file mode 100644
index 0000000000000000000000000000000000000000..796e826426e3266b0a221d1c60110c897892b308
--- /dev/null
+++ b/roles/ca/files/CA/issued/dsoclab-nifi-3.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 59:69:91:8f:10:ef:8d:2b:ae:46:b2:6d:6d:62:9d:8e
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:26 2020 GMT
+ Not After : Oct 15 10:47:26 2023 GMT
+ Subject: CN=dsoclab-nifi-3
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:a7:48:a0:d3:ab:1e:8c:49:60:8b:b8:bd:9a:aa:
+ 5c:09:62:01:79:89:c9:e5:5f:30:64:38:ca:f1:95:
+ 2d:48:20:81:ef:60:aa:6f:d1:ef:b4:ac:89:8e:e9:
+ f5:16:7d:64:07:b0:3b:75:c3:e1:e1:15:71:64:60:
+ 8f:15:8e:16:8b:de:b8:97:79:a7:83:19:77:5b:aa:
+ 36:82:37:b9:51:a7:95:b5:1f:ac:9d:81:c6:ec:fb:
+ 14:3a:84:77:1e:9c:dd:3c:06:30:a1:5e:d0:8f:b0:
+ c9:5a:13:ad:0e:56:57:bc:1d:3f:be:d7:4c:4b:37:
+ a2:88:72:4d:1a:62:88:08:a0:57:bb:20:ce:7e:af:
+ b7:72:f2:ee:86:1a:b1:28:3b:41:f4:d3:ea:14:74:
+ 90:e1:33:41:1a:92:e2:2e:ec:d3:20:60:60:61:d6:
+ fc:0e:3f:57:43:88:5f:10:29:20:51:40:46:ed:5d:
+ 9f:d1:5a:e7:4b:52:f4:d4:23:60:4a:22:a7:92:6c:
+ d4:cb:20:01:a6:b9:53:71:7a:71:02:e1:05:72:41:
+ a5:42:9f:41:47:2c:30:7e:0c:b1:73:cc:f7:63:60:
+ 27:3f:3d:36:93:14:aa:7e:12:ed:1b:f1:cb:4d:e8:
+ 7c:32:20:50:f5:2d:7d:06:0a:93:cf:7a:85:2b:0b:
+ a6:b1
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ C9:B8:02:23:C4:2E:F5:FE:C9:34:45:77:33:0D:89:CE:D9:A3:30:2A
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-nifi-3, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 32:20:b3:1c:e1:c9:a4:19:75:14:32:1b:cd:c2:83:59:49:07:
+ e3:b8:62:73:ec:4e:69:cb:9b:49:0d:f5:d0:ea:8b:b6:de:3e:
+ 76:03:c4:e8:68:0f:01:96:aa:40:b2:1e:99:06:d2:75:f5:31:
+ ec:b7:93:e6:1b:b0:ab:7e:1b:1d:65:46:6d:9f:ac:97:ed:55:
+ 53:ca:53:00:5a:ca:c5:83:48:c3:2a:51:db:e7:e7:e1:40:4a:
+ bf:b2:9d:d4:71:d4:54:84:2b:4b:d4:a2:22:73:95:e1:62:51:
+ ce:e3:e2:f6:24:dd:40:08:07:01:6f:ee:27:3e:fc:17:1d:1f:
+ 30:da:7f:37:78:7e:b8:af:d8:2c:d9:48:84:92:be:4e:8e:a7:
+ b8:e6:9f:d4:91:5d:44:c9:8b:82:9f:13:eb:d5:2c:00:fa:ef:
+ d6:49:ff:92:0d:83:22:57:45:4a:ac:b6:5e:a2:c6:c1:73:ff:
+ f5:dd:a7:d8:79:9a:a7:96:33:b4:51:17:7f:80:6e:3b:52:a8:
+ 61:53:ae:08:1f:02:5a:0c:5b:37:3c:3a:36:ee:74:e2:9e:df:
+ df:01:b5:f6:d0:b8:fa:58:79:53:fd:70:9e:54:c3:6c:68:a7:
+ 3f:b0:e4:20:a6:a8:2f:87:5a:8a:08:01:41:de:35:ed:5e:85:
+ ae:dd:e0:3e
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIQWWmRjxDvjSuuRrJtbWKdjjANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjZaFw0yMzEwMTUx
+MDQ3MjZaMBkxFzAVBgNVBAMMDmRzb2NsYWItbmlmaS0zMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAp0ig06sejElgi7i9mqpcCWIBeYnJ5V8wZDjK8ZUt
+SCCB72Cqb9HvtKyJjun1Fn1kB7A7dcPh4RVxZGCPFY4Wi964l3mngxl3W6o2gje5
+UaeVtR+snYHG7PsUOoR3HpzdPAYwoV7Qj7DJWhOtDlZXvB0/vtdMSzeiiHJNGmKI
+CKBXuyDOfq+3cvLuhhqxKDtB9NPqFHSQ4TNBGpLiLuzTIGBgYdb8Dj9XQ4hfECkg
+UUBG7V2f0VrnS1L01CNgSiKnkmzUyyABprlTcXpxAuEFckGlQp9BRywwfgyxc8z3
+Y2AnPz02kxSqfhLtG/HLTeh8MiBQ9S19BgqTz3qFKwumsQIDAQABo4HcMIHZMAkG
+A1UdEwQCMAAwHQYDVR0OBBYEFMm4AiPELvX+yTRFdzMNic7ZozAqMEYGA1UdIwQ/
+MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
+Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
+BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1uaWZpLTOCHmRzb2NsYWIu
+Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEAMiCzHOHJ
+pBl1FDIbzcKDWUkH47hic+xOacubSQ310OqLtt4+dgPE6GgPAZaqQLIemQbSdfUx
+7LeT5huwq34bHWVGbZ+sl+1VU8pTAFrKxYNIwypR2+fn4UBKv7Kd1HHUVIQrS9Si
+InOV4WJRzuPi9iTdQAgHAW/uJz78Fx0fMNp/N3h+uK/YLNlIhJK+To6nuOaf1JFd
+RMmLgp8T69UsAPrv1kn/kg2DIldFSqy2XqLGwXP/9d2n2Hmap5YztFEXf4BuO1Ko
+YVOuCB8CWgxbNzw6Nu504p7f3wG19tC4+lh5U/1wnlTDbGinP7DkIKaoL4daiggB
+Qd417V6Frt3gPg==
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/dsoclab-odfe-1.crt b/roles/ca/files/CA/issued/dsoclab-odfe-1.crt
new file mode 100644
index 0000000000000000000000000000000000000000..71baad05685f6d498afb76ee0ce3c737cb475275
--- /dev/null
+++ b/roles/ca/files/CA/issued/dsoclab-odfe-1.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 97:d2:d0:cf:23:00:c0:a9:66:d1:03:ca:89:a9:92:12
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:26 2020 GMT
+ Not After : Oct 15 10:47:26 2023 GMT
+ Subject: CN=dsoclab-odfe-1
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:e5:46:f6:71:ce:a2:3f:61:5e:9b:f3:c6:61:88:
+ 87:99:0a:ac:b8:e8:9d:3c:5f:8c:60:2b:41:5b:36:
+ fb:39:0a:6f:a1:16:02:31:ac:0d:bd:0e:ff:95:59:
+ d8:f1:21:6b:bd:96:d6:7b:79:01:d1:65:1c:ca:09:
+ 22:50:30:01:ea:ed:b4:29:bf:b4:70:25:db:b3:1d:
+ e9:73:ed:63:93:02:4c:90:22:04:6d:31:74:31:ae:
+ 85:3c:12:8d:b3:f6:92:2f:de:75:75:8f:ca:a5:f2:
+ a2:12:94:fb:e8:73:30:37:f1:7c:b5:4e:59:ab:71:
+ 73:26:80:9a:46:8d:49:94:b0:09:e5:27:10:34:9d:
+ c0:53:3b:fa:77:2e:06:c0:73:8e:0f:9a:1e:8c:27:
+ 32:0c:eb:f2:d2:0c:a7:52:48:c6:ee:12:21:15:e3:
+ 45:30:89:81:63:7f:bf:0a:5b:d1:05:c8:1c:fc:5f:
+ bb:b8:82:2a:92:3b:3a:ae:19:9d:e9:a7:62:7c:0a:
+ f2:c2:2a:e6:a8:d4:9b:0a:a8:a2:5a:ec:e5:a3:1a:
+ 73:e0:83:3d:d2:e8:74:a9:0b:b0:e4:b0:fd:fe:ad:
+ 1e:57:e8:0d:20:7c:aa:1f:31:69:b5:0d:8c:3f:1c:
+ 8d:dc:d3:71:5b:f1:04:6a:ae:b9:2d:a8:be:28:11:
+ f5:4b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ DB:92:49:8B:D9:27:41:85:16:AE:C9:CA:F6:8D:11:53:8B:EE:B0:5E
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-odfe-1, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 0f:83:fb:ba:2a:0d:aa:14:3f:3f:0b:00:be:f9:37:f4:7f:29:
+ 1e:21:4e:18:07:e0:ae:e1:84:f7:cf:a1:21:a5:36:ba:77:6c:
+ 0c:00:11:d5:7d:d8:31:b3:f5:cc:fd:6b:27:8f:99:5f:99:4c:
+ 57:88:d0:1a:e7:66:6b:8a:fd:d1:01:e3:88:37:91:8c:7b:e9:
+ e2:22:dd:80:62:64:9e:22:e7:25:b5:b9:89:45:e4:24:f5:19:
+ c0:5d:10:50:57:80:66:23:0c:b1:8e:bd:b3:f1:fa:95:7e:6f:
+ 04:d1:da:c2:e8:a1:b2:55:55:66:3a:bc:5b:71:50:8c:a8:56:
+ 86:f4:a9:9c:c7:4b:d6:91:73:8e:a9:93:ef:e0:85:5e:5c:53:
+ ae:b3:a7:a4:31:80:f3:b3:e4:03:ad:da:96:f0:14:7b:25:e4:
+ ff:68:9b:8f:28:cd:fc:94:05:5f:38:80:84:d6:f5:d4:b7:bd:
+ 43:79:bd:fb:f2:ce:30:73:01:e8:ee:ad:45:4a:ea:88:3f:d1:
+ a2:ef:22:f5:49:cc:d4:27:22:3c:bc:1f:50:81:58:5a:65:9d:
+ d6:14:3b:3f:b2:8f:90:35:2b:e7:1a:9b:58:db:96:06:9b:cf:
+ 44:0b:f5:9f:aa:57:28:3c:ab:70:fa:bc:93:90:d9:94:d7:fe:
+ 6f:fe:39:2a
+-----BEGIN CERTIFICATE-----
+MIIDlzCCAn+gAwIBAgIRAJfS0M8jAMCpZtEDyompkhIwDQYJKoZIhvcNAQELBQAw
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzI2WhcNMjMxMDE1
+MTA0NzI2WjAZMRcwFQYDVQQDDA5kc29jbGFiLW9kZmUtMTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAOVG9nHOoj9hXpvzxmGIh5kKrLjonTxfjGArQVs2
++zkKb6EWAjGsDb0O/5VZ2PEha72W1nt5AdFlHMoJIlAwAerttCm/tHAl27Md6XPt
+Y5MCTJAiBG0xdDGuhTwSjbP2ki/edXWPyqXyohKU++hzMDfxfLVOWatxcyaAmkaN
+SZSwCeUnEDSdwFM7+ncuBsBzjg+aHownMgzr8tIMp1JIxu4SIRXjRTCJgWN/vwpb
+0QXIHPxfu7iCKpI7Oq4ZnemnYnwK8sIq5qjUmwqoolrs5aMac+CDPdLodKkLsOSw
+/f6tHlfoDSB8qh8xabUNjD8cjdzTcVvxBGquuS2ovigR9UsCAwEAAaOB3DCB2TAJ
+BgNVHRMEAjAAMB0GA1UdDgQWBBTbkkmL2SdBhRauycr2jRFTi+6wXjBGBgNVHSME
+PzA9gBR5BspA05+aVK7TM03yOD62C/M9z6EapBgwFjEUMBIGA1UEAwwLU09DVE9P
+TFMtQ0GCCQCKdJMmgFtCtzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
+CwYDVR0PBAQDAgWgMDkGA1UdEQQyMDCCDmRzb2NsYWItb2RmZS0xgh5kc29jbGFi
+LmduNC0zLXdwOC1zb2Muc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggEBAA+D+7oq
+DaoUPz8LAL75N/R/KR4hThgH4K7hhPfPoSGlNrp3bAwAEdV92DGz9cz9ayePmV+Z
+TFeI0BrnZmuK/dEB44g3kYx76eIi3YBiZJ4i5yW1uYlF5CT1GcBdEFBXgGYjDLGO
+vbPx+pV+bwTR2sLoobJVVWY6vFtxUIyoVob0qZzHS9aRc46pk+/ghV5cU66zp6Qx
+gPOz5AOt2pbwFHsl5P9om48ozfyUBV84gITW9dS3vUN5vfvyzjBzAejurUVK6og/
+0aLvIvVJzNQnIjy8H1CBWFplndYUOz+yj5A1K+cam1jblgabz0QL9Z+qVyg8q3D6
+vJOQ2ZTX/m/+OSo=
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/dsoclab-odfe-2.crt b/roles/ca/files/CA/issued/dsoclab-odfe-2.crt
new file mode 100644
index 0000000000000000000000000000000000000000..a648174921d6bb3ffe09aaffedfee1e442fccce6
--- /dev/null
+++ b/roles/ca/files/CA/issued/dsoclab-odfe-2.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 56:0a:99:c5:a0:3f:c4:b9:fc:92:fd:c6:2f:41:9b:b9
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:27 2020 GMT
+ Not After : Oct 15 10:47:27 2023 GMT
+ Subject: CN=dsoclab-odfe-2
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:c7:a5:e1:3f:e0:a3:22:69:f1:b4:15:5e:b9:3c:
+ db:d7:44:bb:d9:c7:69:94:5b:c1:7d:a3:34:4d:3e:
+ 88:0a:e2:8f:2e:d3:98:94:ae:b4:1f:49:a3:fd:4b:
+ 27:16:70:ab:03:ab:cd:4c:02:2a:7b:ed:3a:ff:49:
+ 49:2e:3b:88:f6:59:85:26:de:37:b4:47:9e:1c:be:
+ a3:38:8e:b0:22:6b:ca:c5:12:e5:be:40:9c:57:7a:
+ 4d:02:0c:db:13:c5:9d:d2:85:df:99:57:32:90:37:
+ 54:08:16:46:01:54:da:0c:77:31:63:39:46:27:88:
+ 3f:f4:ad:4e:e6:fd:0a:3e:9d:98:9a:53:98:90:be:
+ 9b:ee:e3:b2:91:c7:7f:3f:a1:b9:62:f8:7a:1e:cc:
+ b4:23:ed:82:a0:5c:ad:86:7b:50:53:c9:ec:57:04:
+ 44:1c:12:f6:33:3f:68:42:f8:b7:2f:25:91:1c:aa:
+ b0:df:17:6b:ed:6d:cc:6d:a7:d6:b7:07:6b:61:a5:
+ 16:51:9f:02:07:ad:b2:42:42:ca:0b:b1:2e:c1:6e:
+ 94:2d:3e:5e:88:48:8f:b6:8b:15:b0:48:8e:35:58:
+ ea:b5:90:9c:fb:5a:fa:f5:c7:27:b7:11:30:7a:cb:
+ 36:7c:4f:ea:52:00:47:40:e9:f0:ca:67:63:32:e0:
+ 33:73
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ E6:41:BE:4B:A2:E1:07:EF:2A:FD:16:A7:B6:68:3D:0F:81:F5:15:80
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-odfe-2, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 84:64:d0:92:f6:96:07:be:f1:52:f6:49:15:cd:d0:99:ea:ca:
+ 7f:06:a8:d2:68:e3:8e:c3:a3:a9:2d:f2:b7:4a:74:75:9f:02:
+ b4:6f:77:14:ec:89:f9:a3:b5:35:c8:f2:ad:50:df:24:05:d3:
+ 0a:a8:49:be:19:de:fc:84:a4:61:af:ff:c0:2c:f7:8b:11:87:
+ 34:10:e3:dc:9b:d2:b8:66:0a:f7:3f:05:11:37:41:09:9f:3d:
+ f3:a1:97:b7:62:64:db:5a:46:d9:5a:7a:c8:f7:79:e4:f8:61:
+ 2e:5c:e8:82:8d:fc:0e:8d:a4:4f:fd:33:f1:76:0e:8d:21:f4:
+ 00:5a:e1:a6:96:21:e0:bb:e4:e6:35:8e:b6:61:49:8a:f2:c1:
+ 25:96:cf:c0:f6:e0:0a:0b:75:b5:d5:6c:be:ad:0c:a8:4b:33:
+ 44:72:cc:ef:5f:db:09:e7:b9:6e:60:80:7d:02:e9:ab:06:81:
+ 24:d3:9d:c3:de:f9:a1:f1:f7:77:ee:6d:49:ab:13:72:c6:62:
+ 39:b2:80:32:07:20:51:a3:3e:1a:cf:b9:3a:bc:e3:a1:58:33:
+ 22:6f:68:a9:e9:33:0b:8d:24:72:ea:e3:75:68:a3:69:11:a8:
+ 2d:86:ed:f2:00:74:d6:d4:ab:fc:30:3f:68:6b:b6:d3:61:30:
+ 51:84:09:da
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIQVgqZxaA/xLn8kv3GL0GbuTANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjdaFw0yMzEwMTUx
+MDQ3MjdaMBkxFzAVBgNVBAMMDmRzb2NsYWItb2RmZS0yMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAx6XhP+CjImnxtBVeuTzb10S72cdplFvBfaM0TT6I
+CuKPLtOYlK60H0mj/UsnFnCrA6vNTAIqe+06/0lJLjuI9lmFJt43tEeeHL6jOI6w
+ImvKxRLlvkCcV3pNAgzbE8Wd0oXfmVcykDdUCBZGAVTaDHcxYzlGJ4g/9K1O5v0K
+Pp2YmlOYkL6b7uOykcd/P6G5Yvh6Hsy0I+2CoFythntQU8nsVwREHBL2Mz9oQvi3
+LyWRHKqw3xdr7W3MbafWtwdrYaUWUZ8CB62yQkLKC7EuwW6ULT5eiEiPtosVsEiO
+NVjqtZCc+1r69ccntxEwess2fE/qUgBHQOnwymdjMuAzcwIDAQABo4HcMIHZMAkG
+A1UdEwQCMAAwHQYDVR0OBBYEFOZBvkui4QfvKv0Wp7ZoPQ+B9RWAMEYGA1UdIwQ/
+MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
+Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
+BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1vZGZlLTKCHmRzb2NsYWIu
+Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEAhGTQkvaW
+B77xUvZJFc3QmerKfwao0mjjjsOjqS3yt0p0dZ8CtG93FOyJ+aO1NcjyrVDfJAXT
+CqhJvhne/ISkYa//wCz3ixGHNBDj3JvSuGYK9z8FETdBCZ8986GXt2Jk21pG2Vp6
+yPd55PhhLlzogo38Do2kT/0z8XYOjSH0AFrhppYh4Lvk5jWOtmFJivLBJZbPwPbg
+Cgt1tdVsvq0MqEszRHLM71/bCee5bmCAfQLpqwaBJNOdw975ofH3d+5tSasTcsZi
+ObKAMgcgUaM+Gs+5OrzjoVgzIm9oqekzC40kcurjdWijaRGoLYbt8gB01tSr/DA/
+aGu202EwUYQJ2g==
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/dsoclab-thehive.crt b/roles/ca/files/CA/issued/dsoclab-thehive.crt
new file mode 100644
index 0000000000000000000000000000000000000000..0d474c2a1277de93ba6357ca841a7eac3b1cce44
--- /dev/null
+++ b/roles/ca/files/CA/issued/dsoclab-thehive.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 61:09:5c:2c:8d:35:ee:29:1c:99:ce:ab:d4:2b:3c:a4
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:29 2020 GMT
+ Not After : Oct 15 10:47:29 2023 GMT
+ Subject: CN=dsoclab-thehive
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:ba:c5:4d:20:a4:60:b7:61:21:ed:16:a1:6f:72:
+ c4:de:a1:00:c0:ef:fc:5d:a1:89:34:07:15:d2:b4:
+ 3a:14:b8:95:75:8e:81:71:49:46:1d:c8:81:cb:f1:
+ ec:c7:5a:12:f6:89:60:e4:c8:98:1a:61:c8:2d:12:
+ 8f:73:ee:f8:9d:88:b5:7f:30:70:97:29:b4:ab:43:
+ 2d:dc:db:a7:10:47:c7:b5:26:9b:11:85:fb:d3:27:
+ 8f:3a:55:bc:ea:78:17:b8:89:10:a3:a4:10:60:39:
+ c3:7f:42:25:a9:fe:84:7f:38:5e:f4:3d:c3:98:3d:
+ 56:b9:ba:81:06:55:8d:65:12:f0:4e:23:88:1d:98:
+ 0c:2f:6e:4f:67:fd:4e:67:39:91:b9:01:52:12:aa:
+ 9e:bb:7a:c8:ea:8f:4a:2d:18:f8:69:9a:3a:a0:c8:
+ 6e:e3:de:c6:db:be:4c:59:e0:cf:bc:34:4f:2c:b0:
+ ef:3e:82:5a:df:68:be:b8:fb:cc:5f:6a:f2:3e:66:
+ d4:c6:c5:f6:0b:67:e9:64:85:15:87:60:6f:dc:b4:
+ 5b:13:6f:b0:9b:f8:f3:da:c1:91:9e:81:5f:16:ca:
+ 9e:14:01:c1:1c:ce:2a:d3:c8:3c:0f:be:b1:37:aa:
+ c9:08:68:2b:de:f9:44:6c:1e:90:a4:12:bc:f5:3c:
+ 46:bd
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 5B:08:8E:F2:1B:8F:12:03:BA:31:02:9C:CE:CC:BC:9F:FC:19:D1:E1
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-thehive, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 7f:b2:fa:33:d6:e3:6c:57:8a:4a:9a:ef:8b:81:2b:df:f3:d6:
+ fb:8c:bc:02:cf:71:54:a0:f2:0d:ae:3b:30:cf:5c:69:d7:d0:
+ aa:cc:16:80:4d:9d:c8:1f:a7:98:9d:26:dc:ae:8e:24:2b:bc:
+ c1:11:a6:8d:4f:ca:13:1f:7f:8f:4c:ef:dd:46:df:d6:97:0a:
+ 88:51:4e:f7:46:aa:3d:e3:70:e9:19:e8:9f:7e:22:fa:b6:38:
+ 30:00:0a:94:38:09:bf:b8:64:6c:c1:b7:05:6d:4f:f3:27:0c:
+ df:04:ef:a1:4e:e8:2d:4c:06:d0:c0:4f:4f:da:d0:6d:b8:f2:
+ b3:79:18:63:bd:62:83:53:55:38:94:d9:64:ca:e7:4d:71:ce:
+ d1:05:6d:b1:6c:fb:1a:4c:b6:ef:70:2b:3d:9b:1d:66:d8:d9:
+ 9f:f0:e5:48:29:50:e8:1b:1a:fb:b4:d2:5e:38:ec:05:45:c2:
+ e7:de:9a:9d:aa:34:67:c5:66:18:e3:86:8b:0c:1a:c4:21:20:
+ 7e:b7:ad:e2:0b:d0:0d:d4:76:e6:53:ca:77:bc:ce:d0:9b:7b:
+ 7c:fd:42:94:da:63:d8:a7:52:d2:45:f2:d5:55:ef:37:f1:a5:
+ 0e:ba:29:c9:b4:ce:99:45:04:21:2b:86:27:bb:c1:f2:86:9a:
+ 7c:51:5c:3b
+-----BEGIN CERTIFICATE-----
+MIIDmDCCAoCgAwIBAgIQYQlcLI017ikcmc6r1Cs8pDANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjlaFw0yMzEwMTUx
+MDQ3MjlaMBoxGDAWBgNVBAMMD2Rzb2NsYWItdGhlaGl2ZTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALrFTSCkYLdhIe0WoW9yxN6hAMDv/F2hiTQHFdK0
+OhS4lXWOgXFJRh3Igcvx7MdaEvaJYOTImBphyC0Sj3Pu+J2ItX8wcJcptKtDLdzb
+pxBHx7UmmxGF+9MnjzpVvOp4F7iJEKOkEGA5w39CJan+hH84XvQ9w5g9Vrm6gQZV
+jWUS8E4jiB2YDC9uT2f9Tmc5kbkBUhKqnrt6yOqPSi0Y+GmaOqDIbuPextu+TFng
+z7w0Tyyw7z6CWt9ovrj7zF9q8j5m1MbF9gtn6WSFFYdgb9y0WxNvsJv489rBkZ6B
+XxbKnhQBwRzOKtPIPA++sTeqyQhoK975RGwekKQSvPU8Rr0CAwEAAaOB3TCB2jAJ
+BgNVHRMEAjAAMB0GA1UdDgQWBBRbCI7yG48SA7oxApzOzLyf/BnR4TBGBgNVHSME
+PzA9gBR5BspA05+aVK7TM03yOD62C/M9z6EapBgwFjEUMBIGA1UEAwwLU09DVE9P
+TFMtQ0GCCQCKdJMmgFtCtzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
+CwYDVR0PBAQDAgWgMDoGA1UdEQQzMDGCD2Rzb2NsYWItdGhlaGl2ZYIeZHNvY2xh
+Yi5nbjQtMy13cDgtc29jLnN1bmV0LnNlMA0GCSqGSIb3DQEBCwUAA4IBAQB/svoz
+1uNsV4pKmu+LgSvf89b7jLwCz3FUoPINrjswz1xp19CqzBaATZ3IH6eYnSbcro4k
+K7zBEaaNT8oTH3+PTO/dRt/WlwqIUU73Rqo943DpGeiffiL6tjgwAAqUOAm/uGRs
+wbcFbU/zJwzfBO+hTugtTAbQwE9P2tBtuPKzeRhjvWKDU1U4lNlkyudNcc7RBW2x
+bPsaTLbvcCs9mx1m2Nmf8OVIKVDoGxr7tNJeOOwFRcLn3pqdqjRnxWYY44aLDBrE
+ISB+t63iC9AN1HbmU8p3vM7Qm3t8/UKU2mPYp1LSRfLVVe838aUOuinJtM6ZRQQh
+K4Ynu8Hyhpp8UVw7
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/openssl-easyrsa.cnf b/roles/ca/files/CA/openssl-easyrsa.cnf
new file mode 100644
index 0000000000000000000000000000000000000000..11394147697414e4d5fac6329cfdc8210ab98d8a
--- /dev/null
+++ b/roles/ca/files/CA/openssl-easyrsa.cnf
@@ -0,0 +1,140 @@
+# For use with Easy-RSA 3.1 and OpenSSL or LibreSSL
+
+RANDFILE = $ENV::EASYRSA_PKI/.rnd
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = $ENV::EASYRSA_PKI # Where everything is kept
+certs = $dir # Where the issued certs are kept
+crl_dir = $dir # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+new_certs_dir = $dir/certs_by_serial # default place for new certs.
+
+certificate = $dir/ca.crt # The CA certificate
+serial = $dir/serial # The current serial number
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/ca.key # The private key
+RANDFILE = $dir/.rand # private random number file
+
+x509_extensions = basic_exts # The extentions to add to the cert
+
+# This allows a V2 CRL. Ancient browsers don't like it, but anything Easy-RSA
+# is designed for will. In return, we get the Issuer attached to CRLs.
+crl_extensions = crl_ext
+
+default_days = $ENV::EASYRSA_CERT_EXPIRE # how long to certify for
+default_crl_days= $ENV::EASYRSA_CRL_DAYS # how long before next CRL
+default_md = $ENV::EASYRSA_DIGEST # use public key default MD
+preserve = no # keep passed DN ordering
+
+# This allows to renew certificates which have not been revoked
+unique_subject = no
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_anything
+
+# For the 'anything' policy, which defines allowed DN fields
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+name = optional
+emailAddress = optional
+
+####################################################################
+# Easy-RSA request handling
+# We key off $DN_MODE to determine how to format the DN
+[ req ]
+default_bits = $ENV::EASYRSA_KEY_SIZE
+default_keyfile = privkey.pem
+default_md = $ENV::EASYRSA_DIGEST
+distinguished_name = $ENV::EASYRSA_DN
+x509_extensions = easyrsa_ca # The extentions to add to the self signed cert
+
+# A placeholder to handle the $EXTRA_EXTS feature:
+#%EXTRA_EXTS% # Do NOT remove or change this line as $EXTRA_EXTS support requires it
+
+####################################################################
+# Easy-RSA DN (Subject) handling
+
+# Easy-RSA DN for cn_only support:
+[ cn_only ]
+commonName = Common Name (eg: your user, host, or server name)
+commonName_max = 64
+commonName_default = $ENV::EASYRSA_REQ_CN
+
+# Easy-RSA DN for org support:
+[ org ]
+countryName = Country Name (2 letter code)
+countryName_default = $ENV::EASYRSA_REQ_COUNTRY
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = $ENV::EASYRSA_REQ_PROVINCE
+
+localityName = Locality Name (eg, city)
+localityName_default = $ENV::EASYRSA_REQ_CITY
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = $ENV::EASYRSA_REQ_ORG
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+organizationalUnitName_default = $ENV::EASYRSA_REQ_OU
+
+commonName = Common Name (eg: your user, host, or server name)
+commonName_max = 64
+commonName_default = $ENV::EASYRSA_REQ_CN
+
+emailAddress = Email Address
+emailAddress_default = $ENV::EASYRSA_REQ_EMAIL
+emailAddress_max = 64
+
+####################################################################
+# Easy-RSA cert extension handling
+
+# This section is effectively unused as the main script sets extensions
+# dynamically. This core section is left to support the odd usecase where
+# a user calls openssl directly.
+[ basic_exts ]
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+
+# The Easy-RSA CA extensions
+[ easyrsa_ca ]
+
+# PKIX recommendations:
+
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This could be marked critical, but it's nice to support reading by any
+# broken clients who attempt to do so.
+basicConstraints = CA:true
+
+# Limit key usage to CA tasks. If you really want to use the generated pair as
+# a self-signed cert, comment this out.
+keyUsage = cRLSign, keyCertSign
+
+# nsCertType omitted by default. Let's try to let the deprecated stuff die.
+# nsCertType = sslCA
+
+# CRL extensions.
+[ crl_ext ]
+
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
diff --git a/roles/ca/files/CA/private/Arne Oslebo.key b/roles/ca/files/CA/private/Arne Oslebo.key
new file mode 100644
index 0000000000000000000000000000000000000000..677703bcfe457628ee511c934138eb469254b706
--- /dev/null
+++ b/roles/ca/files/CA/private/Arne Oslebo.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDOTAIZIW4c8u2T
+2P28GqTCETvhVXPlJpLT2eim3X2iHb5qfGQGOWAzOH1qyomd5RFYIWnzOohe6uUu
+4Z27AB9ZGWlPazI9LxralT2ZlVOfsurbE0hjLUrcDEumHExi4tARJWfLgFIC6Pg7
+POvL9HEDWr7ZoEn+0XL+T77hrKHtpRUG9E7JBqubksI+uVgM9BUOBMCRG4VznbaX
+oWxwChqgzkyNrCnkxRcAJgNEMqh7g1JJQ2ARU8geuOufH+MTVIF3xEdKLiCNSIyR
+LuDU5TcLXLtfQDeS6WA7oPmYf22zIJI82ozweYHy6ne6tHsGVHWJd36tCDquHtwc
+EWMIQxSXAgMBAAECggEAe0rx9hMEvEhztOj6vHEwBsxF/WYU3d8v4W1anl/BtiIQ
+q5OsNAwWcoZQboKdvMAqnYFa0QMqfY/laR9uJVTtZ1LIna5zWB3O7tRC/IdCcy97
+LXNYz+1B0EGI9L306SSlNZolbnpCiXqy4LSIOFzfLiIN7gLeNmz3TQZcDoQeQuhT
+SA42/6EW1GFWWlFjqFy/W9X9VY3AHZAuf4M9Sv5YK6L7w8dwv190F/JXZz/7z0ad
+ElDfUh09xqsfvFhqvAzpWkGglhh6Ns9DGfH4bueoHZ0gF3nbdLxfpPp4eyRv/Ox4
+Ozf0E0snyJPG2N93Pluks5BKnC8yYYAvGo6hE2/wAQKBgQD2nrK2XCvh36uQIhGe
+iGIzRFGeeKB4jt4ZAM45PryrzBqtXMnndV8V4WoZkPRl5D8/HmoeMVbA6Bb1zdLy
+SDLs/U0IquMe8K6QR+F+wjWFLebu+aNaPsKnu8fJOVmDmNGReX7q3thTja+rcSDA
+5h5dEi9viM0OsRl2Xf5zLuzUSQKBgQDWJLDem/cV7vyrB3r60EeVSY9pwj0AD7oZ
+Tbcx2DuibP6ojvsDpUDbh3nuIlu69jRO0kl0rdCVnoWu3eaerDtFKd8EUsoQJv9B
+CV+rD4xoNa/1C+1DggIyAcTrAGxTS+Z/qsgVBy1YGLWtdaqg1TZI47F7m+fVtZRZ
+BMgW8lLh3wKBgQCRltRHxZf+Sw28E/C01yypuT45wFpzcVv6BLi5oKi+/soM6Acl
+heuxPhZlq2YsNJeFyo2470WYsirDx1MtxqORtmNgp4lW/Zz//f9H1pzD13pKP8NI
+hl5hqQBjcWC/yFqHd+MOAqpQgQdgvXMpjXAFX7PzMx5i+vfeIdUR6HTVSQKBgQCR
+fVAljjVrU3mbAXQOX9+ij9297tfe6NB5TJHAbbbmfcLu5mWobmgIPp0aq4FDHu8e
+9kQt38GtRYxx6BU9jKqgLPh2SYE7RCN8HlA/Okscqg0oIbhLe1LegtE1EI6IcTLj
+XjaeAshN6EvW0/DfYLyG/RuibaQvUDS/3j3LSUwCZQKBgGbI4n8JyQx0N5N7seLH
+E874B33QrURfoZqm1Pu03jWzzupzIL3Li+osgS/IAeh2tscCifaWX4eop973NGUe
+FfSGoQal+iQStVoEhKG79k5q3Yut8YFNt0Oy6tYrl7rWm5kSdok97u10lylPJKJY
+jryMaRsmZMcFRwby70+VtnoW
+-----END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/Arne Oslebo.p12 b/roles/ca/files/CA/private/Arne Oslebo.p12
new file mode 100644
index 0000000000000000000000000000000000000000..273c8018b7bed8f691d9e9c24f5fa9d6425a0e79
Binary files /dev/null and b/roles/ca/files/CA/private/Arne Oslebo.p12 differ
diff --git a/roles/ca/files/CA/private/Bozidar Proevski.key b/roles/ca/files/CA/private/Bozidar Proevski.key
new file mode 100644
index 0000000000000000000000000000000000000000..8a141bb9744a155880cb97a7512e228c251611f2
--- /dev/null
+++ b/roles/ca/files/CA/private/Bozidar Proevski.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCa3gD98em5KdlY
+0Echz0tnF/epApMXz1dbb9smkDAJC9nFZl72ImarSAaqbIiz/ZNFpGDJXytsr9to
+XifmhXEntyBSYd8UG9oGObIhIEsiSLdLdkQCsYlfDlkiy7nJHo2grChd5a7I6swF
+IKJgERKNbYgKc+h8aJxILMmoxp3DPMHn9Af3W25CPT0PhW/iuYip0AKEuBlqrhOh
+l1CYFsgMG70CyF+jL3N+JfiM55JDx2p1vIXqHEcoziybOo+oB+mMinU+wZcyzuPF
+yh4K1zx3CtKrUcPl3DeQGjW/oEqqvTjvnm34gTd/03cjxltjmGQHL0f9fSEvV8LY
+RADCKSJ5AgMBAAECggEABfbe2ujiM3tlH4KF+stdAA9wPlYXDCe0GZVpP0b2UqLe
+NDgJGDmi8p3Hg/DCIwx1C42VHKxJo9nx/UcDCmHBReJLoGCcks2vy+WU8qmnux5J
+0OIxJFlqDPske66U7SX8FmAK/fLGlH5WdSwYlNKTgFbjkmN8ZK4ytqTi71kW4ln5
+VUlXPd9FYlHc29u4qXJeaRLj9PIz/6FxYl0Ub13dXV8hfVEG8JaeosFjOhZqpgLg
+t1oNaPrKBywYvJ1P+PKfX7lsFV6dllpaosP1j0OEjAVZ3USOAyVgMHmKqqvCynlg
+IuKKF169bsJAb02KKtz1RMY3/Tao3VboHIGSNFSM8QKBgQDOALdl8uRaLSFHjJ6x
+UQWks+Hzs8eCC4qJ39Yj7Eqznat3GmZwc6S5/1s414VAOz8lX1S+xKLEiuxRH1kL
+etFRpGGA7XBHGI7EpRiHc4jyuzt/vMDZyA1Hh8iSsr03uDA5okVi6YWM647b/byU
+Xl9aWZzqX72RDerikpRPMvERgwKBgQDAdCar1Y3flctOl4iRatpya3PWCLVDNGTA
+88/m2DEGtwJxRdhfztNsrXIao8WkwPkvW+fnS5c6M8cXDOph3j5E56xsH4w+9vXG
++eN0/w6ci1ajZtCu6fCttwCVPBu5dzMSWAfNmnYbnnFQvzHLCV5ZbR3Z0dDMLM7o
+2gD3JdynUwKBgD+aBQWa6lnVGTNH/S7tvvpM93QQi4ZhHdLXovvQVngCNBA/vGT3
+r2IlrvprwB5GrIZTWozTlRVtduzM6ucacknsoJX3uPSaZmncNyiKyTt4BzS3CCu1
+EjSFfa2dNcJgQbNpoFablrodeCv/uRttz67LgCD0kkiYrW5qpxOUvM0VAoGBAKbx
+msIgg+tZs3y/clZCjLAIifk2oJZlkqjWVph3HUAn7NR5tBKYBUsWwg5d1oruYro0
+TVyUc+CnHaLfL0oqUXXQSf+Y9j2AWP97sVXCEti0/jjMbWXtxTvLrZPHCn296u2U
+s2AlByM6NC3JTNZFkDSetPBIU4lprSrMQV4i19/FAoGAe7iRaTkcmMZaE1cvZs2j
+Uv2TzZrXtj9MWtjxV7Tu1NrAcMV2WG4FJHxt+2V30beUrWFlg647Wo62ww2ylrze
+kyQoE0/eccfGI6z7qh8D8026xAoh7oeoLubhzFszz/dqOfJPiUv1GyzyD2m2kSvZ
+DlY3mCb9rL+6jbbXcS+7Iuw=
+-----END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/Bozidar Proevski.p12 b/roles/ca/files/CA/private/Bozidar Proevski.p12
new file mode 100644
index 0000000000000000000000000000000000000000..24010a64063a960d554cd4e895e17b9e2e62362a
Binary files /dev/null and b/roles/ca/files/CA/private/Bozidar Proevski.p12 differ
diff --git a/roles/ca/files/CA/private/ca.key b/roles/ca/files/CA/private/ca.key
new file mode 100644
index 0000000000000000000000000000000000000000..3c45faa018da0516d63a00a2604f9792344c3913
--- /dev/null
+++ b/roles/ca/files/CA/private/ca.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAtRmQxWST0ewGJIRLAfVOqrSvuNHYtyjnk8EaLCe4bz9RUI8J
+yAt+wVJVateShIEUwnF4Cx9AnbcwtUZM/gFAi8ikzhpjQqpr8jHBEnabqCNTVC5L
+9EHmFzI+ENS4dEZXamaRK99lH7FaMATz4YowFJVQB3iS744v7Z1LyPvvZ6NocdN1
+AIY0zDOfQL4mLEU9w1JHIjUpZacFfuwdqYJ6UYM7G1Rj9nIXmmkWBvQwG0Uy6wLV
+cTtFiXP8zRkqb17jsgSt9P6cBjL4TRj3nJBJUqQ32nqbgPGQ3H2ijZNJBAb8yJVK
+6WQZr7QXOQ5qXxAZUpOVCv9F0m5ShOXTqpVnNQIDAQABAoIBAFg1QJd0mq9Hx+In
+caVdh1iMM37Q7z6fNNR53LafDi1ZaNDVKs1+E9ozsRkeMOZLPQJMZEz+humK3bWd
+rUiW8YpkSyl8HtbMzVElPMYycTSfKCo7dpFdO6YWubZW9hTkYhWYKaN15vpd1vDG
+qMc1GKAd7eIFr4Pw/JU+5TfaxkvysCuih6Q6/MZwddM61eCZO6VBYMf0k94RHn0I
+gIY4hCeyJQ3RoIpzZr4XqUAGdLOvTmzPSTlqT4g7RVgsGQT1p6yG3o42kev0l+Y4
+L92dA25xWeHirWkaQLRj46tX4un67SWA8OkxwA1D49i3keIfhRjsa0d3YELmV8tG
+60l6RcECgYEA6alfHn3zGMw7npN4V/iGEwv7Y4xDcDPdlWTCQ8Btc8XanHuVxcTu
+bENrMouddeM6GI6sz7GVg4vXVyPXa0ZCBPIK61ArS8aNlmggqRd86pgQRWkgCVi2
+gXANwrV6NZNXYZ3X+glIljlRoqlNm7rH9hMQ2KwUW02Q9AdclgvpfQUCgYEAxmnM
+leiSy+s0H/0Wo+LdvpC1NaZPTML6N8cmjwH9xe2mcsGI2a8EQdfqMHE6aWTuHErj
+I3juwSDSBbPlQsf0nRku+qMuLTzsVbCVfG9NiYr5YPxdT7LnW/F/Kuxyn3mW1wgD
+WXi4DM0muRPskw6c8f604crFShSpszLTcYE12HECgYA/exlxgkxiR1JHQc9nLwjV
+8eJpaDkGKcEgjlBM8eGKm41KCDVnlpoj5akhAVdVKNemxlRi1N9G7t4hOYaUCXF0
+QIIA7jXlD1t2KnH9Hnl8jrWU9fuTLnve7J+Ab6d1GMObrLN5pb4HuijYpWCFV5ht
+3T4tb4rUR12DPuDDjxbvNQKBgGEzb4B5IYE4xp5tNGwxNgSni76urOakFkTBEYi5
+pwMR+5r4aPyLmwBOsHHu5ni/c070+PVlx0FhvMICcWwX3SQhNDyhOHv8/qK0EWeW
+d1vMc4Mp3uSudl06n9v9XeH2hQju6gUo+LF8x12f/yPD4utCpoZ++cvi94fMfH18
+mU5hAoGADsoT85//n1VPQLysZpW6FjYIp8quuGS94FAdkiQVKa7u6vO/Vy19ZxFI
+7Cub8sg+e80wGakCCEi22AN6RwJyV9R8ec8ct+K/HeNqujKoDZN6ZDQzXo0a/vgj
+BibssPr6+b3DVE+/e2qlfzjwQA+GqcSmP70fmg8tGlKbZwwBJxk=
+-----END RSA PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-cortex.key b/roles/ca/files/CA/private/dsoclab-cortex.key
new file mode 100644
index 0000000000000000000000000000000000000000..827da545bbbd7bdc9b8c8527f8dfb4b086ba5221
--- /dev/null
+++ b/roles/ca/files/CA/private/dsoclab-cortex.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDNCWsUM0pHdVvT
+2Wc7Ta0fpx8zq4axqjsJqxqm+6BgBONoMw6FVNFwYYq51da1bMKzNgKUtx0Yk1+I
+gf8q9JlYbdeW4tJkd7l0RDzw+1sPQ304Xf6w2wV6qcUQJHUTyC3aab7jQzPwKDCa
+U/j40xAyNewdh6seLLUAfJ+PYeBdVhWMRkUJeAJ4EMCvLyVswlvtX8EzC/jIE9zf
+w/wFkP8Gnsu8HSvCV/K9qiKzS/XKsrgAGPEUELheaZ/t/ASD2S63mopFHFRxj2EC
+aoqEL2ffkjoMX+W252wnaR9bBtZ/5t+rLzGlzWMyYMAHUGwNOctorjyy2g8gBncs
+KKs6MJIbAgMBAAECggEAIdhGJqV4w2bp64Rdd/qQc0Mg8WSE7VrOOABYe+vZQ0BL
+UW3sHbIsiEJxpc9Yi8YSNYba0jWPxfi9skjTGAIcNe6bwbpbRF5G7Jw++wBivZhE
+WUOawRLGSsMvVkTOVp+agg0mh1kWf7QCodbuqBQe/krMWOuGIYr7rcLki8R6Rq2d
+WuW8Kf697ciklh/6cyy1J6axe1LNT906lYvyRock246KbN517wWw7/fu47Mb2fdC
+U6beFxbmbc5vk4lrViE7gSNkY97Vr/uXW9xlyRzvpNJuzZrm00CgNF1MnOnwf3l1
+k8kc63RMkUJGVWcxo5ubzLXpv4CnnmUNPfaSx+CeUQKBgQDuUT8JOu2vfzAC2VOQ
+OfKR4NgMQ8fnK6T67zpLDeNUAGW+hBi62ewD8xxRse0j/rWXgvADBE1GplPXicZI
+Q0o0VgIiL3NFQgCP7rvtPGE9VQXHYgd+ULKCHcPEBwonlbAhiHSwVnBqSFoqWdj+
+SHiBn4AD1ARoD6WSEVi3X6UU/QKBgQDcQATvzbbcr41vQHm9u1O7v0slk306A4yY
+ItXk+GbtLEoLAiLy7n0REKybZAzniuLCDAQ1h1bWLkqRle26XqVfg3YaxGpoJODy
+gPgr2Hi4Y/lcFrwRThUHEu8eaUWVRtY3B9Rgi5VjLVqydgI3/AFWdlzIVkhBeN0w
+MOtKdEg69wKBgG+wD/TJcz8+QkfzhiAfqDkJwPbuhS8n2yfnGdC274UcspI44kYf
+f2bSdsEqu9KUupIJQWaIi5bCuKRY415Wet5QOKvAxSr+JblOzy/9jizqPc0VeiGO
+vDoSrP6ftfibRHJSuy0xNXn58pfKh9GUMTW+hIZGxNHoE1aDXqqB3qIZAoGBAIIc
+A46SDLNDtZ6CDSjrD6T6dW8GONTboeOBuK+hmlQDdN4Z7gFqp1E8c2r8aK8jmZ8e
+MCJbCA5QnFZyplQRc0oAQ/W+EEnjd0tqqrBkGbR7wqQG/iSO5tcd9UoW0DdF+Gfb
+5Tb/XkmPUmPYWKkv4q5sD5V9ewPKXYgJbgW2ubCzAoGACfaFTBM3zZ2rqjJUk8+F
+fGcuDeh/ZFk4MgcN5nbdKHwyXDhBlUY1FzLZlKi5J1lRyTInZUP8KYnXogw757Md
+oa5wPlnw0a6VSHX1ZZUwa0yz1Rrv5M5CA4vyNBENCaHELKLoRWwbAook1gFie6cV
+nrCXNbsWttgWkzqLDWkPT5M=
+-----END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-cortex.p12 b/roles/ca/files/CA/private/dsoclab-cortex.p12
new file mode 100644
index 0000000000000000000000000000000000000000..252b3e7ef466cf7a4090ab3d5c551bd8dcaf5e5f
Binary files /dev/null and b/roles/ca/files/CA/private/dsoclab-cortex.p12 differ
diff --git a/roles/ca/files/CA/private/dsoclab-haproxy.key b/roles/ca/files/CA/private/dsoclab-haproxy.key
new file mode 100644
index 0000000000000000000000000000000000000000..abcca5eaafc03ebe472bc28a09ae04de65e2fa7f
--- /dev/null
+++ b/roles/ca/files/CA/private/dsoclab-haproxy.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDJxyIzCwsPoIzE
+qYE3vVEvRzL6G4hFsbsRQz3es3Bn14s5Wo8T+y94CLGxMsbRDuTTLjrbhNvSZWsm
+JGzXFuWlkI4CRhMCCpZmRoe3sO5WTDzYrkx971uqbgGOif5Mud5suuQ/jfjXOu2y
+KZpbrFqGZgXzGS9ZjXyLapceQ4o2gLLp4YT2lLwTETG40lpy7WjDsTfkW5GCYqoT
+8rbgOqqFZnAKqa1cp1L/3PmZXuUV1Qz+zSfLmJ5aacpxdDHmJt/s0kJDufMEjix6
+KKb5jrpkPGkOrPXc1fMqUEdQ1Iz17jEIc2kfrkIdUoRdR2jdox8HV+w+ng0jeBZB
+vGjyT+kZAgMBAAECggEAUcxwiNDJQySK7I7q23XcG5Z5i/rtW5OZin3/7vA/eVlg
+D3gu2KLTs42Su4siHk4zZYkwQx2xH7INpgDOPsQBhQT9DN7rhcBVCFE/Y7BObp2p
+bQ375HHMb2L5Lpeyh9gx21JIhZtAbcBt6/QBp3hPmnxxnQNwtpUtEDe923714PHD
+SfJ1Nd+mgeJ3ShPrk2jhcDdU82/mQrk5eH8M5QJqlTEWCvBgJaKhBf89T2XrX8jf
+oPzeVijOqgLg49QEtAPmI98GlE1OAp3boFx4/QA/s76pgWZhYIm1hcm1AguYhQvJ
+bi96IgdgVQQp/y7L+ix8zsq+YRxwPuCSBl+9BotYoQKBgQDm4neNC87XV4RhGuHG
+w8WpFXFe1uOucPfyfTMmjifh61GZa4aWgBQByBQxBs729MOr9TFrNApTGWPO8Lag
+ANnREyNndaUAUFgtCdY7Gc99deWyIx861aAVU7GGIFVkCo3OK0twbbyzqOj+B+H8
+c/P1tXXMayt/gPVuRDj7sq90VwKBgQDfuh6Clxa2sq0GdKsRkiDXaY8eZxJZchYw
++0MsYQjX8hPOGn0YWGy14ppE7JEPTEWSRuzCf5cwem/em8AIESgdCUWcGkgcQO5n
+DvZeXrHHpVrTmGE5xEVNYrD/NPY7VizUsyLNvn5yC4hyByWkwLV+AUGpACE3HP2s
+7xTakmmoDwKBgHKEfXuuEafptrVbWgT2cYHOKu85crDBQ5o40zgaZlm+GDkahiT7
+3fCMRseScvE2sh8GfL6Jj11sSH8KEesGwQLclUDpry+aqkGckW+6+5lk8ssKdKD/
++GjbnD/EpdX7Dh7mhoJ7S49pBjeJvWM0OBr1KDp+JZMWaaWJnSHqnO/9AoGAXvM4
+m6fP5f3y3PiK2cwwz/tm2DpaWUfID0Wz/pO4Ex4UNbacPMbabF8dpf7Ymat/I1Oi
+i/FmkxaDf/COEV5mrdwPhO7Kh+MuyuJYwThjLx4IbCERsliQKQWnpMgvcINkR2k3
+biZYt8IZSHusCD4ZSL7zxOvfLOrK5qgZK6JT4RUCgYEAk94TNC+rYRZOfOIaYA7+
+K1qTQAe8tawTBlKauXptWCzMFtMSEwozuHuxgnyAS/uRUKFMgRk00KrSvnuyGEBX
+5QxqqhBOMvGDs672q/kVZ5C9M06+y5+Zpg0Mf3r+zOBqB5tCASnl2KfOCZkAt8rV
+kyb4KyOsi81/fpVM/WeOL7w=
+-----END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-keycloak.key b/roles/ca/files/CA/private/dsoclab-keycloak.key
new file mode 100644
index 0000000000000000000000000000000000000000..8c5ebed5a514facf489a59ce2a2e487c6a0da78f
--- /dev/null
+++ b/roles/ca/files/CA/private/dsoclab-keycloak.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDqqeprL2ycn22c
+iU4BusbAMt9ZJiuV9MI9yH4izrZ4A+giKIGcmqanuv0FZqNQgYVxwdnqvCHhXQqH
+e75VsH0BV95M/jrFyVR3LhX8Egf475979wkBcHVTO9yxDGVNScT7HUIgb4FFQtPb
+HUxXGx07gTnuss+VSynQqDmY1pM2mb/FQyaNTdttJDv8Fnah/W/GGRHHEg2AFkyI
+2iwJeD0bfGzs254BUF+jVn/UO6Qm0m1Ce4hOjWTtHhoOBVhlWEeDYJ607RXOck+g
+tSLdn6TaiIb+y4Rucj0AQtqLhSry79fuu4VCurn72Z3SLFgPfAIjt0bQaQY3QJ1Y
+dInKtxLlAgMBAAECggEBAIj6HCLq8NxP15zLLSSnUQK571PLix+iWovT74UD4tEV
+frgJqvat81/vL2iqq+P/ZtSrUjfKD4DMXawOGGFOfvl8v/9zWv0+8zYKSbz1DYBK
+525mGfSkH2gxhjY2xR8jU389ae8jB3NVefLqHDiwVBT67sUdzTwZPtRUjiJgBliU
+soJCsCutHAy7GW68N79F0BQItHhjMt02fYybnFxNvBntD4lodZDn7K9iqBoZPduX
+TBsH1FcwZQyvQuiUlJgjUFM//5zrZUMjErv+3ev5c/WdpY4ycbo6VVBGZouVbyeX
+RAWeDUE1nrsEsLBSnTkXVInFjPS6mBxsIi/+hlf6XCECgYEA+bWYDKPgelSe8ii5
+mK94wcLr6MybO+GrBHT4lIP1UggGsvPtXTifNvgGrYx90gmmL6F9QWHE+4lxyh5L
+yEXCTHXl4QopgZCxWnnKekz0ma0lFlGYGr4KA0Z3Ntp+sCb/hcqVW/n24wVhNnmo
+z3ztlSI/GY3B598R7dO9sR/RoYkCgYEA8JNKbTegmeeaAyBehEPy3eajAiT6759p
+7m6Ml1P6IC3Ff3fllJrNWRi+JDKnJF9SUePOVWLWSgYSJyFLoiWK1CzoyLPdbcW9
+Ap9XNzD/aoDi6DBbKCFhRpBCsmTPnT8eFvA9PhuYY60w2UoM7byH+i2aJ1Do3izl
+tLsHJbcT230CgYEA5S4Sl/9MBlpl6xEPjh/2L7drdyVaj/IFWLjWcNBPtnMhWtrf
+joBqODQZRO09iSlL+kk3wWsvNEEoS33UxcGomy5Vxl3iTET1UXmYKPk6QVUVRc+r
+T1f9rpXc0l5kid2xBSUyQdFAE4obd7jfA1fAYfClgxmEzv//34xHfCoc5ykCgYEA
+01sD00pA3ZXc+AwzHY64y3z6D0M/9s+d+GzFNZoAsM6lqaRDXbhW2oTjX9fkgg8A
+upMiTl/kFeqZfilBUnYbLuc5qEJlMjC8KpakwAdbDk2njAgXvfz9gknxXts0j1jJ
+bauokm0aB9A7j1sAWsj8ya3QtePegnr9YDfEQr1CQ90CgYBfAQaYG9ldXcxTlERG
+jOGu0bh9DtnmwsenwTZQD4mNHpvL0MkmIQxR5FAL8XXbNBq50zCiOapLLrhdqbh0
+ih3WoOdqxLIDQtAJYs3ANhOmEAxvQPxpPKhRHRKPGXxyzgW9zeQ08GpYoR/M7VRF
+TypqufvopzWOpbxpgbfiJQmd8g==
+-----END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-keycloak.p12 b/roles/ca/files/CA/private/dsoclab-keycloak.p12
new file mode 100644
index 0000000000000000000000000000000000000000..41e7ba3a2fe1ed26a9e29ffe24a723a5812760d3
Binary files /dev/null and b/roles/ca/files/CA/private/dsoclab-keycloak.p12 differ
diff --git a/roles/ca/files/CA/private/dsoclab-kibana.key b/roles/ca/files/CA/private/dsoclab-kibana.key
new file mode 100644
index 0000000000000000000000000000000000000000..9eec2e4fa77aee5162699b82640aad24869304a8
--- /dev/null
+++ b/roles/ca/files/CA/private/dsoclab-kibana.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDOT8kPhE1Oe9wR
+kMlJqPNgRKglG1mDZAvR4LxZUCKl9Yh6yEBl5CI9d9KPnjAXgF4ghbxwZ2HL2OKf
+mnx7puhOeXvNhm4mUjdFtqu3b0CPelWL0ZHMIW9VN1A7ch8tO791R5GIahzqOd2L
+JTFVDrxSb78Llu/jElzaYyJU5bOViwKeVz57T6D1bweoW0V8yzSDdzSlsf8FEoiP
+zMQFXennfSsS+rtNJfT3BOeVBpXqqcR1TvcDZy2cmvQB9iqNbG3QWanOHxKxdjnI
+B9Qgcx7znLlngzuofG77huo/ao6YTDmp0U2+nwpDSRv9CWe2YnH9h5pjJQCqx6FN
+IxLjVg9vAgMBAAECggEBAKJC7gdeLs8Da1oFXcqpLoEQfo5wrD5CeWlgL8Ku3BFa
+wzSOOtfoTWW6z8hUyc4yD9XUWRiutqP0uIh+oFlANIVD1rMWf5t0HjSeLv/eaBBw
+Tsfg06KQyVdkYZ3fa9XPoA1FdJitnIA7cpr1bY9QP502djNPSux0jMLWJTJQVqXN
+fXykLoIvB8xIPWbJAJMgF75turJMFT3wGN+qjCzbsZqIHmqp4eaKoH4Mz+Y6SJcA
+uSzCdGKVPxHUVZbtkXn5GZXFx5YQ0wwRHJRWQ6Fn49HtKc5vBc7PN8fG18+s3DA2
+BR7MLgIaHGBKsnJgcOOZQiRCQP/uBBEIxIF0qU3h5UECgYEA6aiUvvBNcShCRaaH
+Wf5GpYTT1ANNv5+3sCTy4KKt3yCxyyn5ENEFL1i8w6/LffGIAsoLnoEcxWV/fhLy
+ZH5FzIYxlR/w2rddUyOXENx/9CWw/IhL91U9525JCJ0B0TBkZ9842ORX7kcI8+0g
+4oaC5bDYTZotAto4ftNIzmfznesCgYEA4gnREIl4nv9v28x5aUS+HhSpsH9kkVrr
+FQ0amCJSHu4U9J39MXS3Fju3rlmZG59J9ymEQ4tr0Hq3S+tsTy4hP5d67/KtoxKr
+3smyKduX6gfOmEy3TjCSc+OMebM7lX0crX2+0JCm355yDC8fxdAGxpmqYvwmVw9Q
+NbIb2mHR/40CgYEAjshlnQhbSnq/hLBupZ+srBivGS+rox2Gsizh/kNq3J6uBuhv
+Osd/0572Ot6CC0Q9SPcOgp2DZ1zOu8v4M1C2dnTKd8Y8+Gp0rQlilvsndZpSvP7M
+7Sc53OKX3puTMLHRqWfO5TskQIdIAUc2gTaRZqragxFj0App25ZhN0BurmECgYEA
+uM8L5vhu7ZitjUk17zKsOo3sW4kc4ZczY4fOOZq+B9niukm+LMRfuUbkHCHXg/UN
+lY6VPGBuqwraeLEoYei2eHbSpgKFozHt4f6Is55+K3Nsn6sBqGUgKK5gOVSon8Wm
+P9byvzW1qlmyp3GUCbjXAWO8IqhEdKPpka1pBnk6KDUCgYAhGqRGJ7NG4+Wz/0/5
+Z/IQeEsLO4lB7EuIADn9udmrYgYqv7sHDzhIUOviJPRgf2ag68LEXXZsC029famu
+/wbhD6pw1yq0QKGDcgH/LzHL9+74TqRlT7drPyOFPqOGPKtc88wL/aXRC90n7dsT
+jFEbunnLOfUUjgxXiJpNU0FtjQ==
+-----END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-kibana.p12 b/roles/ca/files/CA/private/dsoclab-kibana.p12
new file mode 100644
index 0000000000000000000000000000000000000000..f9e8737d615ab77c25857cf3b3c8eb2d77f03104
Binary files /dev/null and b/roles/ca/files/CA/private/dsoclab-kibana.p12 differ
diff --git a/roles/ca/files/CA/private/dsoclab-misp.key b/roles/ca/files/CA/private/dsoclab-misp.key
new file mode 100644
index 0000000000000000000000000000000000000000..9b8a5d677ac4cfa58bdee7fe6fec0d74c30240ab
--- /dev/null
+++ b/roles/ca/files/CA/private/dsoclab-misp.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDPsRvnoq5wgXGl
+V0YULkdkiU69ffCCLQMZ1odEs0K/cngDzJGYWzZCFFXighYSWGBURI8V9hsfdjYi
+Luis0zwK30bH8QS8Or/+S48qU4PjUIIGCfwq+v6UoHt/wj4LPtxyuJQQCguQ/UV2
+KYVSvw8gQ3j+O9NJII+apQyJuw6X8mewLfAXUyWmm0tkDnKKv8njjkG77fMzalVf
+jVKE+qNnGntx+5DxX2HfROoLd4jy5cGDcVjHWIqbOUVZTuDbFraWcpCM7sITdeoV
+xmvi3DreyAfeGIQtlrbETOFKTRNvbJod5flvzH4bSjp1Grk3sG2gG2k18bbmwqXT
+VtNXxw6LAgMBAAECggEBAIb/4VqMVQTOLvfBJc0iU8eWtLbZMMb8ySI3Xs+aEc3t
+cvNNOmolB7ymCTllQ0GDboH32mX1BaZKqV9IzHbiCwoqHZEDKgfLzFZX+OQTSwwr
+nYidXur1IRuswPnHYZrfrl1net5+GQyShF8NGBs0E3nuQaxHaMwEvTNRCzhPfWnn
+u/g3IExtSdE/XSxRnTGRQqSnMAf9OXs9bw/iTSR5cQO2mW/dRLr4aUCQOJ5Hx4mO
+ub172vkNeNwOSUzc9FjtZyQZOtn25WoS7SusK7y9ToDqqR5OcI5M+kxq+fQo8Wvu
+XlIeOvTKTHOBaih6QYEzHo9zq893I/c0xiOmfOr0v7kCgYEA7WQ7g5z+2Lyt35Sq
+XmzyQyAEbx+PMPc7yTQC62YuvpEAaDFDHMphDw1zM2mraLO+2IuBuDz7CTlsf1zl
+xwEJoEZa3odRi2McpqiUVQgJYD+bCUv35J8X93K4/7tLHvXDJQ3BKBNNoLHxjD5P
+SlR5xBCFwZiiXAkquWpZaaWAbg0CgYEA3/jjf723dlWRrVcG/m7VJrhTWq10Jltp
+8y786INKU1IUrwqFt7ph4c9/Jbop40QVkJKzsPojzWreDf3EZYGnBVhOLA5p4MC0
+X1ZTzN86dn1Y3SDCopGnJVP8X2EdDGfsTkfXxOjRCzSPOyZzxzseACw9WWAmullU
+zQs4K6/4YPcCgYB117znb8bepoMVqwILz79PbRRmaV82qnRGRAhy/I2V0ftGvbWY
+FCqsQzv9uKX7WscRTed+It9nS9c9PkteR3iU1HgFYV0seW3emW7Q6yVkXw7CRbDw
+D73g+1U0ta/r1Yoi2boZ/8MYU10aBlBsEJVFrAIKAZAPagmIc2+hTyP6/QKBgQDX
+FHSr3C0NJzkhA7zEovxwFXx+TKmImCqTjKD0S/gZMW6JdYpZmFOc/Jz2RuMoyt4G
+msqSfnPZNPIO744liC8zM8zGBAVq/sN39je9OvUyikbG+0nNwh+H+jIWCfVST44e
+0mEDSCxPHWcaf1+ZiEzUD6fOZ0Zpl5WW3lpPocncmwKBgQDIR7uJctv3UZkEO+oq
+g1Q4jLUYJFUb/3fk1mEmpq+b90e/xQMqZHlu/KHiHcKrukdWj67d/LY4mrw4DebR
+PTgdj9e0O8V9M7BYxDN+zEYrvmmY4A+tg07zm8aqmhCNKpOMsW0MkKFFuRiMkiCh
+bopZVfjdd+d/56vLZW+GSBaCew==
+-----END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-misp.p12 b/roles/ca/files/CA/private/dsoclab-misp.p12
new file mode 100644
index 0000000000000000000000000000000000000000..34e63cf61702da91592e85b97cc2c41066f4089a
Binary files /dev/null and b/roles/ca/files/CA/private/dsoclab-misp.p12 differ
diff --git a/roles/ca/files/CA/private/dsoclab-nifi-1.key b/roles/ca/files/CA/private/dsoclab-nifi-1.key
new file mode 100644
index 0000000000000000000000000000000000000000..2d054afbf080153a8869b097e3385dcc2fc0e709
--- /dev/null
+++ b/roles/ca/files/CA/private/dsoclab-nifi-1.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDDr++3oZVHX1Xq
+fujW/dXjGWguch+QYqh5dtjS9lHfcYA3Wux9+214bjf+5RvI1XPkyaXL6EpIJsbg
+pl4ULJCxgbJpMeJEhZf1YBKIBp2Nz0qid7PZ//NBQEwh4XONmIIvNycMJNhnvccF
+UEDFqdDkP7sMcil8vgYBlgO4oELEb2/aqhc0X17zcw53tXqaWeM80TlQFy9TGAWC
+NCkbGVYuwtskeVEPqNlmPHIeoPcD1unlxrm+lOSEvc2TJus7F7vN5Vgl8ig1pLFw
+3zJUhfY8IJ+Ii12DosQeMdmhdh0uPPh4ZKTdOrJWZb+oKqjtYsliLHK9nX5rH4Dq
+vDNgR9MPAgMBAAECggEAJ4fH/il3FXbtzTQb5ypZ5cmBITjOpYU4kWjvvhYiTegI
+xaXpdj2vTI+/Yg94QGbWRZZylrFzKAYlUMZq5Npn1GPl3ZhFJCB0pQ3mUHI9q6L/
+abiSrWwmAL1zY7i+dhEj41PZ4Hsk+Df/F1Sx8PwwBZvWNlpthRSB9BoQ4GAHfNTH
+qkJPz7IZ8ZCWZRRve71+h7rBSJVnrz3iWUmKgGigFWErD/vW0PpD4apGkwe9egkR
+2MDvf+x/QQ1vudzYHJEkKg2OMdsKokLmoJGmSh3Cq1dswAjnBqM+MPXUklHK6gZm
+L3x3GwBowQSVI/EHJT6MeMyZSGAwJlouX0oN/Prg2QKBgQDkY2ZTbV7ih1wgIJDS
+hKYqo7swHOo84JaMtz2FZBfv7KdYYUwAQObPD7jnrvV6EqI6yIOfo0WN28obz6fw
+rgugYeAlFka5g1Gg5fTGCgWIy8yTm5RvOrNn7lOsE8xx1dPuSqniCtTHjGVqc0EJ
+6yL+uZSKfL3Mgfli/RHTXmcv1QKBgQDbWHE5ZyudNF61xHAn6sFjESSOwLA4LsIG
+qeZN0l1WIZjwq33HrK9YK4F3k7AySYGlla03rOWVArM13fAPlNq+1WRZ4a6iArdx
+s3Wri9b7spzxz+OD9e+sPMjR3+odSAamZyWzk0++F+wQlu13rCX2kNO71laWOrSE
+u6vvmg+NUwKBgQClMYxy7ZoDCdtF1ahKzO2Py+v6Sf/XVq8uSt/x2stBnBAS6hVZ
+3ZfUz090LOWbjVzQXfZugl8t03slkJatjIYWVJUW3jz7tBNX6NyaXedQ4fAwGAlO
+Rsw7cXQN9CgdcoefRVwJhsIPL+qvC3xQm0YtrrfVT5LNGHn08o1xMEg8nQKBgBDy
+3Iza8/vJuCfDbgcnlJnbEUAWk4dD1ao+JpWM07l8Dx1JowZyyXm+otpihxLbqzDo
+R+Itce/5rW9UHuCVV/G2+3IWhi/ulc4rV8RRoeMBAi+NKL9hmYtthvbwnl502k6x
+WbBuiZLetlbx0peUrbpHppS1Eyu4jYpUFg0Fkn4RAoGAZsuipVjJpM/nj+aS6aUJ
++FNYaqZRsSpad/IY509ZD9G8lf/ANNxjwZuX4P3Im/m3772LcCe2LEv4f8sOfaF6
+wz/noWgJxaTqSaNmugNDhPJpXTgdgsTeqnq20MtHrpi4ZXUs21CDsJph5dlS/gWl
+AQQhj15wJkiYTHv093f2vaY=
+-----END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-nifi-1.p12 b/roles/ca/files/CA/private/dsoclab-nifi-1.p12
new file mode 100644
index 0000000000000000000000000000000000000000..0076ad1207c243f877de929e2424ed953f60469c
Binary files /dev/null and b/roles/ca/files/CA/private/dsoclab-nifi-1.p12 differ
diff --git a/roles/ca/files/CA/private/dsoclab-nifi-2.key b/roles/ca/files/CA/private/dsoclab-nifi-2.key
new file mode 100644
index 0000000000000000000000000000000000000000..a6d173357217a1ecec773826d1b017655a4f3b7f
--- /dev/null
+++ b/roles/ca/files/CA/private/dsoclab-nifi-2.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCst0vi1Yd/jhWb
+z8AX69uM4xuDwGm5BpGgm8Y13C/ojHIoUAKCxbHr2tnjnZXS2d3hCDVtg3OVmLoZ
+/T4EZ5oJN0V50x0L7ApDy7gkzGhczi6u20jYblrzMb6HKIZ2jo+NaJUfcmxlSvye
+uH3ig+I9sDBdwXMGrpv3mlS4AmuCkBEIP9ZfWVzfqiVZwGd6/OHwyUqL4DG2UxPC
+v4xPOubtETCmQSatVo8DC62HbLJzxC5BPpkatilt4Nyvj0Vu1WkXDfFYpn6MgDJy
+JCHS6bREI/YQj59kf+/mq/FDlNCKlw7kkb2GuR9C9JY5hQUm7ZABkRGjHwRbRv8b
+qXR32xgDAgMBAAECggEAIutEGm5VYMKXN9M+4Rc8YjWgYHjMZy4ezzvvTQBhZ0DN
+67yRZWMW37p1hwFbQy/tHgwM0UFcYwhnx81ddoKDsA1OrJy0KK7mPGK5ribtiqXc
+5llLVwaouLZ78NOOq/WSrGJSk/MMW0ZX4LcoLF3BpfszLCFqYhV3Tw4Sxskmd1TY
+DAIJ8P0mcAuiEw1G2VuVEsy8c6Ojkp/cJZudlhUk4J/Dqzhq3XcdRu+IoTOg1FTY
+Tw6aW0dwW9niZWaTCzksjnsY6ydIoe6v2GMiCOzCnfmogAgfuTH8Hg2oDvJDqFel
+zXNwxn52Q7HMvySnDn5j2BAYOyfybNkUDvjq170BkQKBgQDfwI+q22h24zg6ZLiC
+0AlqdKNliU1qdtaXu1bU1Mm0/9/o70+TP6GUDeZ0xJVPDpgf/qULaY8k2H4Ucb7i
+PNCPVYNF21qd591qaZA3i/YDNbXmzYNgy+hCPjY9+jW+DBEKOMDSCbUgUP9RJpNj
+CgEadH2xvumPeuLLhFwnmDn3XQKBgQDFm7tWnpUiyOVWcdEZ+xXPiqRr3JZFcjHk
+N3vSOVsS0xjaYPbyBnUNiw8Mxdm0xmaCCDHjv7lmIOCEUtD1YU/bp/e6UqvAULg7
+UasrT0h63eQPxS4tLpDaIjk5Zk7A/NFAHoTKrtbZEs1YONL8ltkrqOYUv4jaX1ae
+76f+1/s23wKBgAUDDzTIjWJ8XHoSX3+uoUddLXvMw4sq9kuXyq4hxhLj2GQjWCj4
+N+pVFWBwNtf6f7XXwmKrDqXIo6pZkekHa7SKOdKKw1DeLLuBedWEsRIJVfXBjLvS
+VXWGZzikLif/pTIRa2BJD2GV7uImdw603ql1Cou8twabvhDI+jd41XORAoGAW8b2
+fUZt8Zfom/uEqFJrUNcNgmMTD/H3pgz23y5wVA/jDRnX15SULNQXC1GgyUsUNPRl
+Z2eWTg6a+BoWnsCxfE1Iyyq2Rj23MyW9IAJUoWwJDiIATk/ASu92MGiJzywca3FB
+L3mAo5UN9hl+NH5DIvnw0lYa04FQE8Uu+zeIn3UCgYAgWQECDVgkUgoTtUZBmUAT
+wL5cXXfmDnMNLVn2TJNQRDvLMkdI0naQ94Dxvky6BIbSqaKx67PA3I7yRIDUYhGZ
+RM4RC0WpGtjxYmWyHkdClGLAJjSp4RPDUcCNAqmQhTySGCL4gBMalERbDzo16SSM
+lyWQP3MOrilDi/GjbUi3JA==
+-----END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-nifi-2.p12 b/roles/ca/files/CA/private/dsoclab-nifi-2.p12
new file mode 100644
index 0000000000000000000000000000000000000000..fdbd25a1e50851b8ea865781bc903dcc78a1cc8f
Binary files /dev/null and b/roles/ca/files/CA/private/dsoclab-nifi-2.p12 differ
diff --git a/roles/ca/files/CA/private/dsoclab-nifi-3.key b/roles/ca/files/CA/private/dsoclab-nifi-3.key
new file mode 100644
index 0000000000000000000000000000000000000000..4c508b05ddb691868f07f9952a5352a9a9a247a7
--- /dev/null
+++ b/roles/ca/files/CA/private/dsoclab-nifi-3.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCnSKDTqx6MSWCL
+uL2aqlwJYgF5icnlXzBkOMrxlS1IIIHvYKpv0e+0rImO6fUWfWQHsDt1w+HhFXFk
+YI8VjhaL3riXeaeDGXdbqjaCN7lRp5W1H6ydgcbs+xQ6hHcenN08BjChXtCPsMla
+E60OVle8HT++10xLN6KIck0aYogIoFe7IM5+r7dy8u6GGrEoO0H00+oUdJDhM0Ea
+kuIu7NMgYGBh1vwOP1dDiF8QKSBRQEbtXZ/RWudLUvTUI2BKIqeSbNTLIAGmuVNx
+enEC4QVyQaVCn0FHLDB+DLFzzPdjYCc/PTaTFKp+Eu0b8ctN6HwyIFD1LX0GCpPP
+eoUrC6axAgMBAAECggEAIwh9zfZvTlfrpTdKVgLJhZmFz4tAwg2eV87hCZkBQ7Kz
+I4uuBf8EYWUk5c4vasdV1JpeyXn9ayMPfUMPlCcOp7o8FFUA9N63dXX/NmQvJl+f
+ZbA9eTr9ixHGGb82Jy4Y0wJE2va9XOpcMMYgHvmMJDRH7lKugq4jFspBRX5PGOcM
+6MxlzOSEcPZFrccDFcVJIU57rJ3HO85mF8OUmQoReA7SH9qNLFFtERrsgCSkWlwq
++Pdz+FwkK2tmSBU6+4J2YTyJ0AvF5DUex8tf6rAD7H1AGz70VEFumlbjyz+OZgsS
+oeoAFRm6Uzoo2kU7mB3fPpA2oCGVWVIY6fgHbyZHsQKBgQDR0L/WuzeTpYB3oXbX
+2rPcbZVa/wK0Evl1dfj1UZUBqazkVntMVko02Xt5RHt8FTaorTqi2ieEGfcbOonn
+cSZzChPNCvyr6MJJHRcqNP4pgxd4b1LfP8sCLZTvi7HdBA1DPamgWuiKOkqGghHs
+38BX7SPz3/gTxEjwCE7g9970FQKBgQDMGy+CjGI8btlbKBK4LkebuGGWgWUIXa+V
+2OhoEZzIwDQf6LotauA8pdljTeeQ0VG4kO365hN2v5bL02SOCo3ciaLkQ2tQhRNt
+1xSDoKf2ipbjFZr9o6uDHGtVKZF1B20j48vEWBu5EEZ8yf7L68BWBm/RCVeN32oL
+jpmIMySDLQKBgQCwbv/CzDASAkwjTS2omgpBRA0iNerKDmKjeY7ei7nnag0u/eI0
+8SL5iiCgewvz7crG0NTL+PLdzQ/UX8dzTdztQ/4eoCyVSueFn+bI4UMRGWF1Lvfb
+L8PAkx/4x9nLZwrYDlRDue5tvlLJBTuZmxYdWhavjxkHVjmXTwU1fHqJeQKBgQCO
+Rgj5FEhJ3e8PFsDtt/zcdEs6MVou2bdSWc+u80/5s9jhwUU98Xj7bZQ6H4ziKrav
+U/8/XG+G4AgKboFybbLzXtG4EbLVft3LPBilpDBQr8x74IyYbyVYEFBVHdOx4wpV
+8S0R4WT5vHmV9OvyU5RPos8AxGVOlMSD59Pn19aExQKBgFTfUARZ/liWznEU8X5Q
+krL97ge1+oaqQBI0iS3jmi8cfRNpwWFxc+uRgHW5WybGC9PxV/n3yu1i4wIyrwfC
+g4f0HH19x+VTFs9+H09wudytJh0K8LLTns5G3Nu3WW+o0gtJDQDcAxijvEr2jn08
+qnSQ95GLsDqLTauqOMzEyhM8
+-----END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-nifi-3.p12 b/roles/ca/files/CA/private/dsoclab-nifi-3.p12
new file mode 100644
index 0000000000000000000000000000000000000000..4d4b23daaa41114bb1ab95eea974f0c2618dbbeb
Binary files /dev/null and b/roles/ca/files/CA/private/dsoclab-nifi-3.p12 differ
diff --git a/roles/ca/files/CA/private/dsoclab-odfe-1.key b/roles/ca/files/CA/private/dsoclab-odfe-1.key
new file mode 100644
index 0000000000000000000000000000000000000000..f10604dac97618a3da392c9eb505dae7ce87a0da
--- /dev/null
+++ b/roles/ca/files/CA/private/dsoclab-odfe-1.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDlRvZxzqI/YV6b
+88ZhiIeZCqy46J08X4xgK0FbNvs5Cm+hFgIxrA29Dv+VWdjxIWu9ltZ7eQHRZRzK
+CSJQMAHq7bQpv7RwJduzHelz7WOTAkyQIgRtMXQxroU8Eo2z9pIv3nV1j8ql8qIS
+lPvoczA38Xy1TlmrcXMmgJpGjUmUsAnlJxA0ncBTO/p3LgbAc44Pmh6MJzIM6/LS
+DKdSSMbuEiEV40UwiYFjf78KW9EFyBz8X7u4giqSOzquGZ3pp2J8CvLCKuao1JsK
+qKJa7OWjGnPggz3S6HSpC7DksP3+rR5X6A0gfKofMWm1DYw/HI3c03Fb8QRqrrkt
+qL4oEfVLAgMBAAECggEAGkUQNaf8VRC9+1ZqE4DGMJXVhnY4ldNIzTgHjAD3tehp
+M+bGp5RUGqZeSGl7/tzacGWY+5q4x5ozOz7irJdjkNxdeS8a6IKd8p7pwbugXha0
+WQtcwHobGxoo7+IcVFNbGpr9kFPCX1M2mLRzTIXuL2q+5DMu+QLNs8qmYpELrjpp
+wiY3yQ6zcv4ndWJloMWo+CzTXq+Gh0L7cWB8dk9NOGu0dAF1HIVokvud+xUejyIB
+2bBN/J9ErGBX366C5yqzMei1JhDXBT7N3XATs/i5tx5jHxO9/G7Psz6Ka7wQ2XlF
+9gY9AndkXGFNt/YnKpvN+h39caH7lRvC/AADwidsYQKBgQD+dHoAUKrCKfrHDazQ
+gQRPGNOY/J9anHhKvPKUwkoY8VZ2MDqB1uwSWioambx2CVc81eeHWmRQUAp7Qw94
+p9DWhqcPdhqGZDRQGSolw8uXnSLKLkJ0f1VxRv7B16wwLyaMgdcwn0JaZ0iaQqwk
+VX7V3OnRpbaji+7pkoJUetbyOwKBgQDmq1mSa8G+/5K8CURJz6K7/ItI29VCFm4t
+ggeQ2QdjpCEhg7b5wyW7Y+CjbWoUx/zKnT4FFX213Ca3TaOKn/sU2lu0J7AP4A85
+yV6JizecpU/aDsAelezO4PfpAdHiUN49lWt6VCTWzOM/+hKdLE1GVpOfqBCtEEYZ
+DJwS8JdIMQKBgHm9Sl16OqhYo1W20jaTc3dQXnQ0cR1N/TNswPaxGfhjBsXW/zb9
+l8aUAs7lPMiQYX+Gq5YThijykoE0rWNBjuYEWEtKaxhfOrQTxhl5Wp+4G1v10++e
+uEdQ+zPMtuH6vQu+VzE5EOrlvVOokGl1yhAR+IBIM2B945k2ckpu1wXfAoGAEGtY
+B+UluGvGzR23v61I/yqd24TSbE7ebtzXnwbj0MLpHNKcXrD2aZ1VayyppWsK4n1I
+4eHCvgQ6uUeMgZybqcNVTcCZdrfTPaDI2u+O+NaHlZUBNewkHCHFY8+eWga5mxac
+vOtqZ+PTtUUeuBNkOMKG5ZF4BmmnI7dTEMIRcrECgYEA0LJjKYwHmqHXe7Yel/f5
+6U3fQka70cpS0hg9T1qHlC2A8Goj4p2uchJmRkH3uYd0FTtImkoiAqksnWu949pI
+YFdI65eKm/7a7Pmoy0C7TMM6pN2ibbN7XBoZ7bZ6Fj6FI74MLgUBUIwMyKXWRhTX
+RWpegcD8h8CCEagLjZ6PN3I=
+-----END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-odfe-1.p12 b/roles/ca/files/CA/private/dsoclab-odfe-1.p12
new file mode 100644
index 0000000000000000000000000000000000000000..ed4bd60a1d96595774f510ecfd8c864a09e8d338
Binary files /dev/null and b/roles/ca/files/CA/private/dsoclab-odfe-1.p12 differ
diff --git a/roles/ca/files/CA/private/dsoclab-odfe-2.key b/roles/ca/files/CA/private/dsoclab-odfe-2.key
new file mode 100644
index 0000000000000000000000000000000000000000..6b56b08c72d66f58917d079dadd02f0bac21718e
--- /dev/null
+++ b/roles/ca/files/CA/private/dsoclab-odfe-2.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDHpeE/4KMiafG0
+FV65PNvXRLvZx2mUW8F9ozRNPogK4o8u05iUrrQfSaP9SycWcKsDq81MAip77Tr/
+SUkuO4j2WYUm3je0R54cvqM4jrAia8rFEuW+QJxXek0CDNsTxZ3Shd+ZVzKQN1QI
+FkYBVNoMdzFjOUYniD/0rU7m/Qo+nZiaU5iQvpvu47KRx38/obli+HoezLQj7YKg
+XK2Ge1BTyexXBEQcEvYzP2hC+LcvJZEcqrDfF2vtbcxtp9a3B2thpRZRnwIHrbJC
+QsoLsS7BbpQtPl6ISI+2ixWwSI41WOq1kJz7Wvr1xye3ETB6yzZ8T+pSAEdA6fDK
+Z2My4DNzAgMBAAECggEBAJlsPTQ0cckRd1/3iCp7vUmplV5fYyBSftgI4jl2E1+i
+CXxnuPqRYvQkSDRvW2NgQ9t3XDXL+E/x14O1EtrHf5Io6y0aWd5dpwDZ816UMIDT
+KyjVQ943kq2a27D2piiElarhnBofq0iubBIm47dEOKiZtEdXDTV1/AgQYvEZhZTl
+dZWsX21gP6YbMgGE/ZFz2tMjFlaK/f0XygJd64gGwwt0wzhBnJsb5Nf1nyrqfuNk
+XIKXQCBx3IbFxxHSd0LxeokYR1+nWcdw2i2T396UjlFJn4n58oPJEQSQAuq5RXHe
+aJDCiPLx16Hx0sqSgwXfjptXwdxYt7DQKYZkYHdUZtkCgYEA44g/xK6aUJWfhc5n
+QeOAB/maCa6GmSaGhvjIjOVu2nimmHl4jBF3Fi6FyWG8Tqj7XBgDaByuLBy5NIAQ
++/cQ3IGMHlI7SboQRllmsUMrCApOFyENBn5V+2dyCIRIqzstYHWGefv9ElrCroZa
+a/XZrDGO2zj3psoaKwat+b9i710CgYEA4KCC2NnP7henjH/rDbQfebIg+NSBeSn4
+1PDh37p3vm0gIclhygWS9vL1ERlvt9N3o272ago9jM+PaVK9fFBiqGuMU8X0/2qx
+LnPppWUKY3WKPkDKSBgz5J5jkTTneL6wPLY0saHB8Ob4zIKpfh8dsIXBwmiYsmO1
+x+q+HAL7EQ8CgYAjKZsxOgp/CaBtfUhX1mCi2uADPwVuBZYkpa3YmFxZRuv4BE2s
+18Yfl3D1fjUrstGlmdBs9oG0L3wvsNrvFW91pE+TIAIpkqeRN5+3JToxM+Z9jI4G
+wt9mysXEqyzPyYVpsr/lehvSClSrw/eVV5kcE0yQdG1RSUph+9ZHElynwQKBgEcy
++WaM27iHLOd+4F1um49yY7sbeJKUODgeximpLC1i3412DJYBYE0AQ6eQ3XVyBPj7
+wgVoi4vneniS7lbKEAt8U3V2SKrxAYpM2WFAfqN57UDAPp3Ndh1gCwVKtJf0MV59
+DoTDVfrq6y+/tsOwTzPVoc3iY4wfyM2+XVX5p+UHAoGABD84C3yYWYZ9gBkEkXHH
+jjKUcDCWUTcbErUtaloI9AU+Fw3XP+H21b1ahblQ8JtGcGIosYLOGreZyjN/gVJO
+Us14LTFkYwnSQMJ0KLmfZ2qEL89xl8fIFbjmccJUmW01F1y2M9yZVTVeNiAiq/VL
+j+8aCEyjHb06KrRCjseb1u4=
+-----END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-odfe-2.p12 b/roles/ca/files/CA/private/dsoclab-odfe-2.p12
new file mode 100644
index 0000000000000000000000000000000000000000..106170ff7a325bccade7cfecf2f60642e866a4a0
Binary files /dev/null and b/roles/ca/files/CA/private/dsoclab-odfe-2.p12 differ
diff --git a/roles/ca/files/CA/private/dsoclab-thehive.key b/roles/ca/files/CA/private/dsoclab-thehive.key
new file mode 100644
index 0000000000000000000000000000000000000000..6d4d8bb01b413adbe679481a68241bfe71a1c9dc
--- /dev/null
+++ b/roles/ca/files/CA/private/dsoclab-thehive.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6xU0gpGC3YSHt
+FqFvcsTeoQDA7/xdoYk0BxXStDoUuJV1joFxSUYdyIHL8ezHWhL2iWDkyJgaYcgt
+Eo9z7vidiLV/MHCXKbSrQy3c26cQR8e1JpsRhfvTJ486VbzqeBe4iRCjpBBgOcN/
+QiWp/oR/OF70PcOYPVa5uoEGVY1lEvBOI4gdmAwvbk9n/U5nOZG5AVISqp67esjq
+j0otGPhpmjqgyG7j3sbbvkxZ4M+8NE8ssO8+glrfaL64+8xfavI+ZtTGxfYLZ+lk
+hRWHYG/ctFsTb7Cb+PPawZGegV8Wyp4UAcEczirTyDwPvrE3qskIaCve+URsHpCk
+Erz1PEa9AgMBAAECggEARJH9cBeJfqoFp6LgYCd1yfq4aR1yvPl6gwR66aHLlSHz
+lXZdZbcuK+8aYEMQ2FvkjGkBjt1qonz13j5rNngtBMFVST4CiC0CrMH8S5LFMj/4
+PTTQR822F971QciKlFbE9rYzyrCIZpuuf8FMTK4p/P84NVmbvv/+IDAuAKJWSB3b
+TXVeYzqET/cENXrNZNsTMHVoPAudtsHXXa5w3yXJXhTlRQrjMtMHgV+H1O2iOvi5
+IAJUm2HVmGON9aqQKZlzYvx9txSBRczEwQK+fLPoXGEG/KhskiBPMU0y9a60SV5F
+Oi94zzBCOSf/k+C4+EhkvfSq727ZFs60zGcoEW7rzQKBgQD08umyOtqJEB6dk5hg
+RA1mc3qx332Li0Ep9ciPD0oOyt9H/pQBMYHlV4Vf26dmjxg7XMPqB38topjbnVcY
+r1QigQ8tnHXktcO1tUpx6MhTkN4sBH9dvZE4TdBiarlcThgnuCfZUhjyfyr715tR
+BIC8TA9bd/6oUaf/zd0S4aGcEwKBgQDDMnKe7PoDlHtjxaiDs8VLRRgNKocT/jaD
+SZ5j5a1e+fvIK+lqpW7pXT/AlBVvxC6ke2Zb1csgndgF0p45ZO9WsB5fV3x8AREM
+zIvrqpH4hdRBEF7o1syVDMXmTQLsPOLzj6B2UC5mpqoo2GkI9yyXpJhNR0kqzkDy
+Pclu3xZL7wKBgQCZsFAxI/w6Q4LyG8lfnVNLFOnG8RM0mwsn6K8OE+nDnka6RWFX
+3lhCLcfhfVBraR0rIelKzaleWMbQBMjBFEEV5SRA2gqele1V9YngLs6CoELGG4xO
+pMKZMTmuhogHAnjlcwaNtJUykdfGbGFnVAvyGUcJfSCrO5DNT72GO0vLQQKBgQCF
+WyPf2/r7Eygxg8qbH+h8ghnqdNGQIS9RBqzFhxapOpR/rzBrAdcCbAiwIvt6Pke3
+a+8Ecs2x3OTHJZufjovNZ8l4TaboeToSynQVb5UGezgFs4+D96wRcIaLzrVefEJ5
+L/jqm+D3lInQGfm4fFXkzDiZI0ijjAHm/btumc771QKBgBTu4KvY6rzgmHbymux1
++tr+xl3/Nb29XQJHpZV+hgFGg1+aWaR9c0WXz9mKovBanEUHJb5khqFQDFZuWMNG
+tNQ1JbwTXwxmAfVJbLYbSHnuePkh+qtpmTVa3H5NdRBI/062/Km6Rxcf5JljB8/J
+k+SqVxdKSTfaWxGqyyAZgVis
+-----END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-thehive.p12 b/roles/ca/files/CA/private/dsoclab-thehive.p12
new file mode 100644
index 0000000000000000000000000000000000000000..4651a2126460e39b52b3c9404b73b982758cf006
Binary files /dev/null and b/roles/ca/files/CA/private/dsoclab-thehive.p12 differ
diff --git a/roles/ca/files/CA/reqs/Arne Oslebo.req b/roles/ca/files/CA/reqs/Arne Oslebo.req
new file mode 100644
index 0000000000000000000000000000000000000000..dcf639293b92b30d5786fe09e9e1b6306274e43d
--- /dev/null
+++ b/roles/ca/files/CA/reqs/Arne Oslebo.req
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICWzCCAUMCAQAwFjEUMBIGA1UEAwwLQXJuZSBPc2xlYm8wggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDOTAIZIW4c8u2T2P28GqTCETvhVXPlJpLT2eim
+3X2iHb5qfGQGOWAzOH1qyomd5RFYIWnzOohe6uUu4Z27AB9ZGWlPazI9LxralT2Z
+lVOfsurbE0hjLUrcDEumHExi4tARJWfLgFIC6Pg7POvL9HEDWr7ZoEn+0XL+T77h
+rKHtpRUG9E7JBqubksI+uVgM9BUOBMCRG4VznbaXoWxwChqgzkyNrCnkxRcAJgNE
+Mqh7g1JJQ2ARU8geuOufH+MTVIF3xEdKLiCNSIyRLuDU5TcLXLtfQDeS6WA7oPmY
+f22zIJI82ozweYHy6ne6tHsGVHWJd36tCDquHtwcEWMIQxSXAgMBAAGgADANBgkq
+hkiG9w0BAQsFAAOCAQEAg1Qb6ZHRANNpMip4Swkowrq8EqkMwnaei5l9ODVzlYa9
+Wo5f+kiGVMnza76E40/OOTRT8624hZEbaOzh2bLRd/9MCxE3oGWeSVtu/MOkN0f4
+vERTql3zlcIzOmQHXp2obtJXdpSt+8jlYbFQm9HV9k6qCnv+k9zjkIEkNaZ26NIa
+CzsR4d6J5l9B9eEnpZHEcbtD5SyB8pde3d5lGDkJ7tdwVc874cbxSA/402lOf6Gh
+5huX7ID1xN92VHEdtiwtOkcWjtzp87Dr0GxlFd9u48ctOmvfvxL/wBPXAYDnwLrB
+d89p+JzRZzr8eRj5KCEW2W7AbOVpaL05IBAR6a/4GQ==
+-----END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/Bozidar Proevski.req b/roles/ca/files/CA/reqs/Bozidar Proevski.req
new file mode 100644
index 0000000000000000000000000000000000000000..cde307a9f149d38650af558e1c9ac2150c93a326
--- /dev/null
+++ b/roles/ca/files/CA/reqs/Bozidar Proevski.req
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICYDCCAUgCAQAwGzEZMBcGA1UEAwwQQm96aWRhciBQcm9ldnNraTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAJreAP3x6bkp2VjQRyHPS2cX96kCkxfP
+V1tv2yaQMAkL2cVmXvYiZqtIBqpsiLP9k0WkYMlfK2yv22heJ+aFcSe3IFJh3xQb
+2gY5siEgSyJIt0t2RAKxiV8OWSLLuckejaCsKF3lrsjqzAUgomAREo1tiApz6Hxo
+nEgsyajGncM8wef0B/dbbkI9PQ+Fb+K5iKnQAoS4GWquE6GXUJgWyAwbvQLIX6Mv
+c34l+IznkkPHanW8heocRyjOLJs6j6gH6YyKdT7BlzLO48XKHgrXPHcK0qtRw+Xc
+N5AaNb+gSqq9OO+ebfiBN3/TdyPGW2OYZAcvR/19IS9XwthEAMIpInkCAwEAAaAA
+MA0GCSqGSIb3DQEBCwUAA4IBAQBI2j+FMBWk7pwuvK10IHSgJl+MW/PS4LALPy00
+QCo6DUrkN3EsIY+wsY+jCUS2VGTlOehilOywH/RpmhFBxT3N+NmSyRHPhCBAJAHF
+lmziZfPU25xOt/q5TAbBgEgWJuZuMVUEXY0EV/BxHyaZLPOFogXMijP6jhLxx3yg
+8XU3aWYyFu3Dl5wwvhgtgXN4Bt5jHK7y4Cy+ChrybXabU6x380XlBDnlBLCmLmPP
+ASQ+xzmacFGIY3SVqI1sHBgSMGueVQLWmGEgT3uD7mX0sD1teFR4MA6pySrkhJeg
+7kZiw1lMNnFziruBsrk0wfVK5X4fy13lfOBZEc0YgVykUklo
+-----END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/dsoclab-cortex.req b/roles/ca/files/CA/reqs/dsoclab-cortex.req
new file mode 100644
index 0000000000000000000000000000000000000000..1959ae3968783dc47efbfd43251a6fa40b20d33e
--- /dev/null
+++ b/roles/ca/files/CA/reqs/dsoclab-cortex.req
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICqjCCAZICAQAwGTEXMBUGA1UEAwwOZHNvY2xhYi1jb3J0ZXgwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNCWsUM0pHdVvT2Wc7Ta0fpx8zq4axqjsJ
+qxqm+6BgBONoMw6FVNFwYYq51da1bMKzNgKUtx0Yk1+Igf8q9JlYbdeW4tJkd7l0
+RDzw+1sPQ304Xf6w2wV6qcUQJHUTyC3aab7jQzPwKDCaU/j40xAyNewdh6seLLUA
+fJ+PYeBdVhWMRkUJeAJ4EMCvLyVswlvtX8EzC/jIE9zfw/wFkP8Gnsu8HSvCV/K9
+qiKzS/XKsrgAGPEUELheaZ/t/ASD2S63mopFHFRxj2ECaoqEL2ffkjoMX+W252wn
+aR9bBtZ/5t+rLzGlzWMyYMAHUGwNOctorjyy2g8gBncsKKs6MJIbAgMBAAGgTDBK
+BgkqhkiG9w0BCQ4xPTA7MDkGA1UdEQQyMDCCDmRzb2NsYWItY29ydGV4gh5kc29j
+bGFiLmduNC0zLXdwOC1zb2Muc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggEBABmN
+TbZUl+mAgRYgyBhG8QxYAD8sLcKqPDrldqy/5qsGuLQSA4txQ7uEMFb9mr5RsjvA
+rsKljltvjmEMyLjOio00NanddY/qTAwqfk8VoPK49g0Sf1c73E/84JwhzjzTqR5v
+4Evckh4r2lrgtqos0sZHr5SUdYiMpAJ18WUAp+PCa6RydUt5+Upwu391lgjQpSr+
+M7DCM+KDSZ4X0eaSf6oFrfNA035FlDaHdRHGMIW5aE+fBXSXEU7EwgjCEMuy6iLR
+Arpjo8t2Kj5P+zJVXo5021VhWtTR221GI1v+JJxSkolHAziTohsj45m0jA1cCKbL
+bzpzNH/WwlpNEH7tWGs=
+-----END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/dsoclab-haproxy.req b/roles/ca/files/CA/reqs/dsoclab-haproxy.req
new file mode 100644
index 0000000000000000000000000000000000000000..7377346b4e1b94227e731ebe0c462eada026a77e
--- /dev/null
+++ b/roles/ca/files/CA/reqs/dsoclab-haproxy.req
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICrDCCAZQCAQAwGjEYMBYGA1UEAwwPZHNvY2xhYi1oYXByb3h5MIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAycciMwsLD6CMxKmBN71RL0cy+huIRbG7
+EUM93rNwZ9eLOVqPE/sveAixsTLG0Q7k0y4624Tb0mVrJiRs1xblpZCOAkYTAgqW
+ZkaHt7DuVkw82K5Mfe9bqm4Bjon+TLnebLrkP4341zrtsimaW6xahmYF8xkvWY18
+i2qXHkOKNoCy6eGE9pS8ExExuNJacu1ow7E35FuRgmKqE/K24DqqhWZwCqmtXKdS
+/9z5mV7lFdUM/s0ny5ieWmnKcXQx5ibf7NJCQ7nzBI4seiim+Y66ZDxpDqz13NXz
+KlBHUNSM9e4xCHNpH65CHVKEXUdo3aMfB1fsPp4NI3gWQbxo8k/pGQIDAQABoE0w
+SwYJKoZIhvcNAQkOMT4wPDA6BgNVHREEMzAxgg9kc29jbGFiLWhhcHJveHmCHmRz
+b2NsYWIuZ240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEA
+afvEI0PRtJHdn9wjijMSmeFqcKb7LrV3cXKgMNlps/7+D9S3E2id457QpHLteOLn
+G7YOlL+xddxa/rn95ovL/p+qU4i4bPfE3tG/Yj6GclQTNb4JWocZq6ukgDzPaLPu
+7XyS42sreCN8QlDuHDM+lNpb4wyzyLVKV8pUGLn9QjskKvAFmwXNOV9X20RLSlAo
+NhOYFxCoiwcCT/wyOh83uh5FcGOzZOPrG/J95rV+RyYOQGttu2l00nDVTD7Gbjza
+tv30d2Gj6tJAxTqXZm99qJ8zi7wBgymX7uQoaw+D4uZqRCzUqgEe9j72N0Jh+yF0
+/wo9Lx4oVJj6GR0I7jY24Q==
+-----END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/dsoclab-keycloak.req b/roles/ca/files/CA/reqs/dsoclab-keycloak.req
new file mode 100644
index 0000000000000000000000000000000000000000..c9316cf972da90037dbf93717ca8dc9414257150
--- /dev/null
+++ b/roles/ca/files/CA/reqs/dsoclab-keycloak.req
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICrjCCAZYCAQAwGzEZMBcGA1UEAwwQZHNvY2xhYi1rZXljbG9hazCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAOqp6msvbJyfbZyJTgG6xsAy31kmK5X0
+wj3IfiLOtngD6CIogZyapqe6/QVmo1CBhXHB2eq8IeFdCod7vlWwfQFX3kz+OsXJ
+VHcuFfwSB/jvn3v3CQFwdVM73LEMZU1JxPsdQiBvgUVC09sdTFcbHTuBOe6yz5VL
+KdCoOZjWkzaZv8VDJo1N220kO/wWdqH9b8YZEccSDYAWTIjaLAl4PRt8bOzbngFQ
+X6NWf9Q7pCbSbUJ7iE6NZO0eGg4FWGVYR4NgnrTtFc5yT6C1It2fpNqIhv7LhG5y
+PQBC2ouFKvLv1+67hUK6ufvZndIsWA98AiO3RtBpBjdAnVh0icq3EuUCAwEAAaBO
+MEwGCSqGSIb3DQEJDjE/MD0wOwYDVR0RBDQwMoIQZHNvY2xhYi1rZXljbG9ha4Ie
+ZHNvY2xhYi5nbjQtMy13cDgtc29jLnN1bmV0LnNlMA0GCSqGSIb3DQEBCwUAA4IB
+AQAFuWENWuE+yIOLn3KkTz1HoJrOwzn6g/XkrhMcmQtRucKd9T1CMr384yWXkGcP
+f+BrrW/m2WSpPGikR6i+gW5aW1zKOtu+IABFpjsOcHTuKZGjsAgzSWXIffuNzrMt
+TvmOdtlez0sBmxPQ+JmpmNkGzSzEr/qnMxdxHonn17/pLV5P5Z4Dy5vMhTKlw32I
+1C6gD1yfjoF1nI0BWmu6vSih1IBApR2tdexa/gGZT68z1XncTD7zzUnPBoqWJjJf
+7NZ/HUxmQBcM4/sYNFnfx+XHY83Hm4+i2PS18SgC7WN+GTaGnOYdgLPbUGwCEv0t
+TnDRqK0EfRbr8E/6wCgkyhz6
+-----END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/dsoclab-kibana.req b/roles/ca/files/CA/reqs/dsoclab-kibana.req
new file mode 100644
index 0000000000000000000000000000000000000000..c7425201deb9b14a657ea917f997e047b37d6669
--- /dev/null
+++ b/roles/ca/files/CA/reqs/dsoclab-kibana.req
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICqjCCAZICAQAwGTEXMBUGA1UEAwwOZHNvY2xhYi1raWJhbmEwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOT8kPhE1Oe9wRkMlJqPNgRKglG1mDZAvR
+4LxZUCKl9Yh6yEBl5CI9d9KPnjAXgF4ghbxwZ2HL2OKfmnx7puhOeXvNhm4mUjdF
+tqu3b0CPelWL0ZHMIW9VN1A7ch8tO791R5GIahzqOd2LJTFVDrxSb78Llu/jElza
+YyJU5bOViwKeVz57T6D1bweoW0V8yzSDdzSlsf8FEoiPzMQFXennfSsS+rtNJfT3
+BOeVBpXqqcR1TvcDZy2cmvQB9iqNbG3QWanOHxKxdjnIB9Qgcx7znLlngzuofG77
+huo/ao6YTDmp0U2+nwpDSRv9CWe2YnH9h5pjJQCqx6FNIxLjVg9vAgMBAAGgTDBK
+BgkqhkiG9w0BCQ4xPTA7MDkGA1UdEQQyMDCCDmRzb2NsYWIta2liYW5hgh5kc29j
+bGFiLmduNC0zLXdwOC1zb2Muc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggEBAD3L
+9U2PcNoNGQu7wDkVblw29QoEkbm7yXvcXt5fFlcd85Tw3+Wig4fXC2AVLBxTvK7C
+1wLGTMVtQfzH7+H+xQvhiQG+Rz2dLD6K10sPK+Uj5iXZyyeb82cqw7QwaH40jCot
+uLgvSIIrChFWGijW0tHy2UmHjTh6+cPzwGe58yYXTK/OBJwbEKKox3IL9XtF3QJJ
+wNhuCYPNbNmy1qZQ7Fny9cCU+syHDRkJwIYBAcfKVvq4/L7txkYZasnoQqE8H2Tq
+UnCOD97mt85wXID6vhi8gqUvujr/NHqCIJqd4yZ3fi8/uxbK2Igw6sr4d1y90Dj5
+iUsJ9h+hlzojGLzqB98=
+-----END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/dsoclab-misp.req b/roles/ca/files/CA/reqs/dsoclab-misp.req
new file mode 100644
index 0000000000000000000000000000000000000000..051c713561519155d72428452581bd9dc4b891e0
--- /dev/null
+++ b/roles/ca/files/CA/reqs/dsoclab-misp.req
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICpjCCAY4CAQAwFzEVMBMGA1UEAwwMZHNvY2xhYi1taXNwMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz7Eb56KucIFxpVdGFC5HZIlOvX3wgi0DGdaH
+RLNCv3J4A8yRmFs2QhRV4oIWElhgVESPFfYbH3Y2Ii7orNM8Ct9Gx/EEvDq//kuP
+KlOD41CCBgn8Kvr+lKB7f8I+Cz7ccriUEAoLkP1FdimFUr8PIEN4/jvTSSCPmqUM
+ibsOl/JnsC3wF1MlpptLZA5yir/J445Bu+3zM2pVX41ShPqjZxp7cfuQ8V9h30Tq
+C3eI8uXBg3FYx1iKmzlFWU7g2xa2lnKQjO7CE3XqFcZr4tw63sgH3hiELZa2xEzh
+Sk0Tb2yaHeX5b8x+G0o6dRq5N7BtoBtpNfG25sKl01bTV8cOiwIDAQABoEowSAYJ
+KoZIhvcNAQkOMTswOTA3BgNVHREEMDAuggxkc29jbGFiLW1pc3CCHmRzb2NsYWIu
+Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEAdn/gw4DW
+EuPNCWcDYqlXVmwo0a0Enf5awha/1A9IxU22Tl4jv7KOb+SFRRy6d2UURGP+12EB
+iUq7e27L9byhs2gR9xXrw4CQlLjZ7egRg4a6fW1YeL2gKU68PvppOyMGxxH0saCL
+LmAM5N8ClvujX8wvLudCXu/NNrsBwQGaQ5CXtysYXrV7FyHwkO7FP2CTbvGbyYj/
+WJT8g3P4RM3PKd7+7+mmNoqKCOySj1gnB6xEn0iPoBWRRcC/2SlyUXi6idG45C0p
+G04CKFxHJHn2x2nV+3Ym/1ctCTaxg5tGTrZ7Mw3Fkp2QGsmlQuq8ukeO0wTMJlyt
+41DA9acx/R0vAg==
+-----END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/dsoclab-nifi-1.req b/roles/ca/files/CA/reqs/dsoclab-nifi-1.req
new file mode 100644
index 0000000000000000000000000000000000000000..6984cbb76e1391cc8e76c34ffbcf3407d5459cd3
--- /dev/null
+++ b/roles/ca/files/CA/reqs/dsoclab-nifi-1.req
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICqjCCAZICAQAwGTEXMBUGA1UEAwwOZHNvY2xhYi1uaWZpLTEwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDr++3oZVHX1XqfujW/dXjGWguch+QYqh5
+dtjS9lHfcYA3Wux9+214bjf+5RvI1XPkyaXL6EpIJsbgpl4ULJCxgbJpMeJEhZf1
+YBKIBp2Nz0qid7PZ//NBQEwh4XONmIIvNycMJNhnvccFUEDFqdDkP7sMcil8vgYB
+lgO4oELEb2/aqhc0X17zcw53tXqaWeM80TlQFy9TGAWCNCkbGVYuwtskeVEPqNlm
+PHIeoPcD1unlxrm+lOSEvc2TJus7F7vN5Vgl8ig1pLFw3zJUhfY8IJ+Ii12DosQe
+Mdmhdh0uPPh4ZKTdOrJWZb+oKqjtYsliLHK9nX5rH4DqvDNgR9MPAgMBAAGgTDBK
+BgkqhkiG9w0BCQ4xPTA7MDkGA1UdEQQyMDCCDmRzb2NsYWItbmlmaS0xgh5kc29j
+bGFiLmduNC0zLXdwOC1zb2Muc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggEBAHM0
+gTZ4mCfbnMSSETTVJM90A9LvYRYegrDd9iiyrHnA1ybJh4wfvmKYq1UfD04Q/wT5
+MT5ebLiCOtnicU1XtZIOdqVjrdHgYh5AiNuqGfWPTJ5714XtUfuV0U47iGgs8OtV
+W0C+DvWOm2v5xMs66QIMZRJObXiNjz/5NnigHAf0eyKj+fkmfB7oW3O28vD9drPk
+WCZYRFOTxEviwWAgapI5JCmlpvAu61gljYEDJhk7x+l2obOxEt1ibTJoobQCSt5U
+BF2ZBNI/nAKz6pQhj1bW25Gc5o2QM5bkv7uIzjHMprgGMKnJnbBZjEBdHKRxv7n7
+Pa0EZRioaWxc7VVDYbM=
+-----END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/dsoclab-nifi-2.req b/roles/ca/files/CA/reqs/dsoclab-nifi-2.req
new file mode 100644
index 0000000000000000000000000000000000000000..31f0180a40f7d46e29d16f18b3226e56269f5506
--- /dev/null
+++ b/roles/ca/files/CA/reqs/dsoclab-nifi-2.req
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICqjCCAZICAQAwGTEXMBUGA1UEAwwOZHNvY2xhYi1uaWZpLTIwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCst0vi1Yd/jhWbz8AX69uM4xuDwGm5BpGg
+m8Y13C/ojHIoUAKCxbHr2tnjnZXS2d3hCDVtg3OVmLoZ/T4EZ5oJN0V50x0L7ApD
+y7gkzGhczi6u20jYblrzMb6HKIZ2jo+NaJUfcmxlSvyeuH3ig+I9sDBdwXMGrpv3
+mlS4AmuCkBEIP9ZfWVzfqiVZwGd6/OHwyUqL4DG2UxPCv4xPOubtETCmQSatVo8D
+C62HbLJzxC5BPpkatilt4Nyvj0Vu1WkXDfFYpn6MgDJyJCHS6bREI/YQj59kf+/m
+q/FDlNCKlw7kkb2GuR9C9JY5hQUm7ZABkRGjHwRbRv8bqXR32xgDAgMBAAGgTDBK
+BgkqhkiG9w0BCQ4xPTA7MDkGA1UdEQQyMDCCDmRzb2NsYWItbmlmaS0ygh5kc29j
+bGFiLmduNC0zLXdwOC1zb2Muc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggEBAG7p
+jsz6CmL0Am6fDwlnBWML8EMgYcBhhFyiemX+6hrGxZLeTXCfFn/rSKpA8oDTfNyf
+OK2BceBxePb4JJDzqkH3lAdqsuEqByJMnUQfEpLHEorXl1CN2iMaQ4F/1aX7H2g4
+dwtdYcHD/vsBu9bP3q4FM+SKE6GHcpgM+R6gyJ/yRhSWO2pmdbxSGM7MWRHc9XBz
++8kJNwhraGqNRYlwruCFxtqL3iMyMzz0x9QS4To1T/klybmCxZ+JJaFTdZtD5fFa
+aL1/PoTJUl01ycxiL8nS0vVwh/UyFe/9c2z2OnUdJo2rsKp8NHRnHpkm8SfxYy/D
+J2jaavn1ViQDB7T8OUc=
+-----END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/dsoclab-nifi-3.req b/roles/ca/files/CA/reqs/dsoclab-nifi-3.req
new file mode 100644
index 0000000000000000000000000000000000000000..be09de63a31ae4519ae390fd681f8b97d05275d9
--- /dev/null
+++ b/roles/ca/files/CA/reqs/dsoclab-nifi-3.req
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICqjCCAZICAQAwGTEXMBUGA1UEAwwOZHNvY2xhYi1uaWZpLTMwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnSKDTqx6MSWCLuL2aqlwJYgF5icnlXzBk
+OMrxlS1IIIHvYKpv0e+0rImO6fUWfWQHsDt1w+HhFXFkYI8VjhaL3riXeaeDGXdb
+qjaCN7lRp5W1H6ydgcbs+xQ6hHcenN08BjChXtCPsMlaE60OVle8HT++10xLN6KI
+ck0aYogIoFe7IM5+r7dy8u6GGrEoO0H00+oUdJDhM0EakuIu7NMgYGBh1vwOP1dD
+iF8QKSBRQEbtXZ/RWudLUvTUI2BKIqeSbNTLIAGmuVNxenEC4QVyQaVCn0FHLDB+
+DLFzzPdjYCc/PTaTFKp+Eu0b8ctN6HwyIFD1LX0GCpPPeoUrC6axAgMBAAGgTDBK
+BgkqhkiG9w0BCQ4xPTA7MDkGA1UdEQQyMDCCDmRzb2NsYWItbmlmaS0zgh5kc29j
+bGFiLmduNC0zLXdwOC1zb2Muc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggEBAKKZ
+4Wy4xgX3E+O7mrt791MpRJTTl4qE0bgn54Y7Pzz2Do3SNeC7OpCtFHAVVfGDjpKY
+vac+9+rtdn21ttT7IjwOIao2vKUdxzbLhqM5onUDQmattCqvh5ewMtH4rVfbKg4C
+S7MlCb9tezg8zBx6T9ZO7eoTcIZwnS6jEoRhNABb1D46AAfEkW/4psXUpJ/e1Vv8
+UFt+mGqLIzZ2MLwINv7RM5koCEw/9WU4haEjJWvvTLmXVedV3eDidJCFQrNwRF68
+/VHLs21e+lZK7t0wAWGf/tzQOTzgy1AydtMI1cpRVFV1OcjEvSwjZProAVNjqBoq
+CHJSL39w3B0+e51cKUo=
+-----END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/dsoclab-odfe-1.req b/roles/ca/files/CA/reqs/dsoclab-odfe-1.req
new file mode 100644
index 0000000000000000000000000000000000000000..c680ab26ebc91c7b59863531443390ac7f630772
--- /dev/null
+++ b/roles/ca/files/CA/reqs/dsoclab-odfe-1.req
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICqjCCAZICAQAwGTEXMBUGA1UEAwwOZHNvY2xhYi1vZGZlLTEwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDlRvZxzqI/YV6b88ZhiIeZCqy46J08X4xg
+K0FbNvs5Cm+hFgIxrA29Dv+VWdjxIWu9ltZ7eQHRZRzKCSJQMAHq7bQpv7RwJduz
+Helz7WOTAkyQIgRtMXQxroU8Eo2z9pIv3nV1j8ql8qISlPvoczA38Xy1TlmrcXMm
+gJpGjUmUsAnlJxA0ncBTO/p3LgbAc44Pmh6MJzIM6/LSDKdSSMbuEiEV40UwiYFj
+f78KW9EFyBz8X7u4giqSOzquGZ3pp2J8CvLCKuao1JsKqKJa7OWjGnPggz3S6HSp
+C7DksP3+rR5X6A0gfKofMWm1DYw/HI3c03Fb8QRqrrktqL4oEfVLAgMBAAGgTDBK
+BgkqhkiG9w0BCQ4xPTA7MDkGA1UdEQQyMDCCDmRzb2NsYWItb2RmZS0xgh5kc29j
+bGFiLmduNC0zLXdwOC1zb2Muc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggEBAKzr
+ygHDc8j5mTfhtfsRGfnEGfZiLYCV6YGBDazc+JaQiKzRXb5FWWTPbWZ0EtiQyVJA
+J/yfkRQug6qQKLaNa22br7iP1LrPu0xQD6uTH9FgYu6J9YyfibBb0aav8em10JGQ
+fdW7AmpLRwdLVii+DwJURcd5GEBBYyRPJzwloQmktPoBsnQ1EATqcStasE6AVoGu
+1h2jlb6amEGJzUIe22CDuYs0SO5wHrn/t32EC4sub1I+jjmbiLo0r7uku1JAHT/C
+wL19wSfauW079sNjgBPgJkFbjIW8lC4VQe8X0YmCXT/d6dqsPc3mJPK3AojYZGaM
+Df8uQI9AQthiaGo1Yr8=
+-----END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/dsoclab-odfe-2.req b/roles/ca/files/CA/reqs/dsoclab-odfe-2.req
new file mode 100644
index 0000000000000000000000000000000000000000..e97a63925ee9173215adae268769715699bb0dda
--- /dev/null
+++ b/roles/ca/files/CA/reqs/dsoclab-odfe-2.req
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICqjCCAZICAQAwGTEXMBUGA1UEAwwOZHNvY2xhYi1vZGZlLTIwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHpeE/4KMiafG0FV65PNvXRLvZx2mUW8F9
+ozRNPogK4o8u05iUrrQfSaP9SycWcKsDq81MAip77Tr/SUkuO4j2WYUm3je0R54c
+vqM4jrAia8rFEuW+QJxXek0CDNsTxZ3Shd+ZVzKQN1QIFkYBVNoMdzFjOUYniD/0
+rU7m/Qo+nZiaU5iQvpvu47KRx38/obli+HoezLQj7YKgXK2Ge1BTyexXBEQcEvYz
+P2hC+LcvJZEcqrDfF2vtbcxtp9a3B2thpRZRnwIHrbJCQsoLsS7BbpQtPl6ISI+2
+ixWwSI41WOq1kJz7Wvr1xye3ETB6yzZ8T+pSAEdA6fDKZ2My4DNzAgMBAAGgTDBK
+BgkqhkiG9w0BCQ4xPTA7MDkGA1UdEQQyMDCCDmRzb2NsYWItb2RmZS0ygh5kc29j
+bGFiLmduNC0zLXdwOC1zb2Muc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggEBAA0a
+Y6OxjtMpOkPMMTCOeMniiS4yzTxgfWe4ky6wOGE0E7ZXuQgb58CypGd7vJuUJvv2
+scIov+MH65NqswlHXoENSi1j042gc9+ce/Jr1MsLMwVW0JaY2fb5uxj8oi2GTcyF
+ldcLvD6Ga/zCcyttkMy3zidOlWUd0VsMJFyQl+N9BaiUOoNP3M0ux22FQ0a6OcG4
+GlsD0w59dx/jYKlmp0eKFQ7ogaYWu3O2X+BFMigGFq2rISd57WdEZk+K8ZGazNW8
+li3076e1DflticRO/uy7q9xzvuLFlfSFLoQgem8Zp9CgNJYfa/QVnfVQH7iZLm2K
+8AHzPPLphDavqr2iy5o=
+-----END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/dsoclab-thehive.req b/roles/ca/files/CA/reqs/dsoclab-thehive.req
new file mode 100644
index 0000000000000000000000000000000000000000..1bcb0467ac08e107f3e7c80da3257c8335d48d0e
--- /dev/null
+++ b/roles/ca/files/CA/reqs/dsoclab-thehive.req
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICrDCCAZQCAQAwGjEYMBYGA1UEAwwPZHNvY2xhYi10aGVoaXZlMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAusVNIKRgt2Eh7Rahb3LE3qEAwO/8XaGJ
+NAcV0rQ6FLiVdY6BcUlGHciBy/Hsx1oS9olg5MiYGmHILRKPc+74nYi1fzBwlym0
+q0Mt3NunEEfHtSabEYX70yePOlW86ngXuIkQo6QQYDnDf0Ilqf6Efzhe9D3DmD1W
+ubqBBlWNZRLwTiOIHZgML25PZ/1OZzmRuQFSEqqeu3rI6o9KLRj4aZo6oMhu497G
+275MWeDPvDRPLLDvPoJa32i+uPvMX2ryPmbUxsX2C2fpZIUVh2Bv3LRbE2+wm/jz
+2sGRnoFfFsqeFAHBHM4q08g8D76xN6rJCGgr3vlEbB6QpBK89TxGvQIDAQABoE0w
+SwYJKoZIhvcNAQkOMT4wPDA6BgNVHREEMzAxgg9kc29jbGFiLXRoZWhpdmWCHmRz
+b2NsYWIuZ240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEA
+SrEnsOQ1zqalbv8SBBMBhRXlrKH74UUc8uhwqS9peQv0ILmJQqZ2FZx3HRyRcM2X
+30qhiND97sMs0H1D4ViDAk5lScX4LNCgPx7YhAVtxXAR8Y1An47GQHF2ln1veRGo
+UJ6kZO0VTnf0TSWAbEv2EwHIT6GsRiWv9xDebrtRByZXWEJF2z/PkAMfXOaYHu+9
+ZHc7oyHm06/iN9bC7n6dfPSq+odfuYKYc90Bc5pS/bOLZuUCNuWS8fZ1QdtaTAdK
+FGms4qBL3IIWWrKzxGBtCa0B/fvCrqrNENaE0J5In2nYiobU2A8wdAb3qCrMHsDW
+sXrXrXiWYjb0jUyMIOsKhg==
+-----END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/safessl-easyrsa.cnf b/roles/ca/files/CA/safessl-easyrsa.cnf
new file mode 100644
index 0000000000000000000000000000000000000000..936ba8b4a76789eb9c7d2d01446cae2905c65965
--- /dev/null
+++ b/roles/ca/files/CA/safessl-easyrsa.cnf
@@ -0,0 +1,140 @@
+# For use with Easy-RSA 3.1 and OpenSSL or LibreSSL
+
+RANDFILE = roles/ca/files/CA/.rnd
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = roles/ca/files/CA # Where everything is kept
+certs = roles/ca/files/CA # Where the issued certs are kept
+crl_dir = roles/ca/files/CA # Where the issued crl are kept
+database = roles/ca/files/CA/index.txt # database index file.
+new_certs_dir = roles/ca/files/CA/certs_by_serial # default place for new certs.
+
+certificate = roles/ca/files/CA/ca.crt # The CA certificate
+serial = roles/ca/files/CA/serial # The current serial number
+crl = roles/ca/files/CA/crl.pem # The current CRL
+private_key = roles/ca/files/CA/private/ca.key # The private key
+RANDFILE = roles/ca/files/CA/.rand # private random number file
+
+x509_extensions = basic_exts # The extentions to add to the cert
+
+# This allows a V2 CRL. Ancient browsers don't like it, but anything Easy-RSA
+# is designed for will. In return, we get the Issuer attached to CRLs.
+crl_extensions = crl_ext
+
+default_days = 1080 # how long to certify for
+default_crl_days= 180 # how long before next CRL
+default_md = sha256 # use public key default MD
+preserve = no # keep passed DN ordering
+
+# This allows to renew certificates which have not been revoked
+unique_subject = no
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_anything
+
+# For the 'anything' policy, which defines allowed DN fields
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+name = optional
+emailAddress = optional
+
+####################################################################
+# Easy-RSA request handling
+# We key off $DN_MODE to determine how to format the DN
+[ req ]
+default_bits = 2048
+default_keyfile = privkey.pem
+default_md = sha256
+distinguished_name = cn_only
+x509_extensions = easyrsa_ca # The extentions to add to the self signed cert
+
+# A placeholder to handle the $EXTRA_EXTS feature:
+#%EXTRA_EXTS% # Do NOT remove or change this line as $EXTRA_EXTS support requires it
+
+####################################################################
+# Easy-RSA DN (Subject) handling
+
+# Easy-RSA DN for cn_only support:
+[ cn_only ]
+commonName = Common Name (eg: your user, host, or server name)
+commonName_max = 64
+commonName_default = ChangeMe
+
+# Easy-RSA DN for org support:
+[ org ]
+countryName = Country Name (2 letter code)
+countryName_default = US
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = California
+
+localityName = Locality Name (eg, city)
+localityName_default = San Francisco
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = Copyleft Certificate Co
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+organizationalUnitName_default = My Organizational Unit
+
+commonName = Common Name (eg: your user, host, or server name)
+commonName_max = 64
+commonName_default = ChangeMe
+
+emailAddress = Email Address
+emailAddress_default = me@example.net
+emailAddress_max = 64
+
+####################################################################
+# Easy-RSA cert extension handling
+
+# This section is effectively unused as the main script sets extensions
+# dynamically. This core section is left to support the odd usecase where
+# a user calls openssl directly.
+[ basic_exts ]
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+
+# The Easy-RSA CA extensions
+[ easyrsa_ca ]
+
+# PKIX recommendations:
+
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This could be marked critical, but it's nice to support reading by any
+# broken clients who attempt to do so.
+basicConstraints = CA:true
+
+# Limit key usage to CA tasks. If you really want to use the generated pair as
+# a self-signed cert, comment this out.
+keyUsage = cRLSign, keyCertSign
+
+# nsCertType omitted by default. Let's try to let the deprecated stuff die.
+# nsCertType = sslCA
+
+# CRL extensions.
+[ crl_ext ]
+
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
diff --git a/roles/ca/files/CA/serial b/roles/ca/files/CA/serial
new file mode 100644
index 0000000000000000000000000000000000000000..a09a0c3783cdf79ac1c2fc8708b6d123c22e0f2b
--- /dev/null
+++ b/roles/ca/files/CA/serial
@@ -0,0 +1 @@
+A7217943DDD1145BC6F68CBA362CB35C
diff --git a/roles/ca/files/CA/serial.old b/roles/ca/files/CA/serial.old
new file mode 100644
index 0000000000000000000000000000000000000000..576257103e125420328f8dea4368ca88ed4e365f
--- /dev/null
+++ b/roles/ca/files/CA/serial.old
@@ -0,0 +1 @@
+a7217943ddd1145bc6f68cba362cb35b
diff --git a/roles/ca/files/truststore/SOCTOOLS-CA.crt b/roles/ca/files/truststore/SOCTOOLS-CA.crt
new file mode 100644
index 0000000000000000000000000000000000000000..04b1f203d036d2219c23c4ea3630115d68510eb8
--- /dev/null
+++ b/roles/ca/files/truststore/SOCTOOLS-CA.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNTCCAh2gAwIBAgIJAIp0kyaAW0K3MA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV
+BAMMC1NPQ1RPT0xTLUNBMB4XDTIwMTAzMDEwNDcxOFoXDTMwMTAyODEwNDcxOFow
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC1GZDFZJPR7AYkhEsB9U6qtK+40di3KOeTwRosJ7hvP1FQjwnIC37B
+UlVq15KEgRTCcXgLH0CdtzC1Rkz+AUCLyKTOGmNCqmvyMcESdpuoI1NULkv0QeYX
+Mj4Q1Lh0RldqZpEr32UfsVowBPPhijAUlVAHeJLvji/tnUvI++9no2hx03UAhjTM
+M59AviYsRT3DUkciNSllpwV+7B2pgnpRgzsbVGP2cheaaRYG9DAbRTLrAtVxO0WJ
+c/zNGSpvXuOyBK30/pwGMvhNGPeckElSpDfaepuA8ZDcfaKNk0kEBvzIlUrpZBmv
+tBc5DmpfEBlSk5UK/0XSblKE5dOqlWc1AgMBAAGjgYUwgYIwHQYDVR0OBBYEFHkG
+ykDTn5pUrtMzTfI4PrYL8z3PMEYGA1UdIwQ/MD2AFHkGykDTn5pUrtMzTfI4PrYL
+8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09MUy1DQYIJAIp0kyaAW0K3MAwGA1Ud
+EwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQA0XK1+Eg+j
+JdwKnUpnwPq+fsyrCs4TF1DgwtqY4yr1KCw0QSPMK9ldLp62lJaRnrPE7ZGOQ7sd
+z82yEM8nMulNREp3TZwuVFaWgs0yLVKkfqZ0jNGDuEf8AJAynI4ynRbtYxtYzBDy
+XgJPk9lKK/gR14IXBet/dGbZf4yHiMzldMCb0dWzyDS1S+Y1iLTRCmpmRbFow12g
+CjNoSxdyoJPZavcOVWa4tDc3PLMdkgdY20ewo3IvCQTOg9ogVX4Hq5/M4xTz8XUX
+nHeUqshdkPVGFCIujCBg9131RYSE0SkVrPUaIbP9tgzabkZWwhiq8oSpTBmIi9qh
+GPiQTFGknE1U
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/truststore/cacerts.jks b/roles/ca/files/truststore/cacerts.jks
new file mode 100644
index 0000000000000000000000000000000000000000..9d4001b7d9a466941cda896b6bf145bf2f02020c
Binary files /dev/null and b/roles/ca/files/truststore/cacerts.jks differ
diff --git a/roles/cortex/files/SOCTOOLS-CA.crt b/roles/cortex/files/SOCTOOLS-CA.crt
new file mode 100644
index 0000000000000000000000000000000000000000..04b1f203d036d2219c23c4ea3630115d68510eb8
--- /dev/null
+++ b/roles/cortex/files/SOCTOOLS-CA.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNTCCAh2gAwIBAgIJAIp0kyaAW0K3MA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV
+BAMMC1NPQ1RPT0xTLUNBMB4XDTIwMTAzMDEwNDcxOFoXDTMwMTAyODEwNDcxOFow
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC1GZDFZJPR7AYkhEsB9U6qtK+40di3KOeTwRosJ7hvP1FQjwnIC37B
+UlVq15KEgRTCcXgLH0CdtzC1Rkz+AUCLyKTOGmNCqmvyMcESdpuoI1NULkv0QeYX
+Mj4Q1Lh0RldqZpEr32UfsVowBPPhijAUlVAHeJLvji/tnUvI++9no2hx03UAhjTM
+M59AviYsRT3DUkciNSllpwV+7B2pgnpRgzsbVGP2cheaaRYG9DAbRTLrAtVxO0WJ
+c/zNGSpvXuOyBK30/pwGMvhNGPeckElSpDfaepuA8ZDcfaKNk0kEBvzIlUrpZBmv
+tBc5DmpfEBlSk5UK/0XSblKE5dOqlWc1AgMBAAGjgYUwgYIwHQYDVR0OBBYEFHkG
+ykDTn5pUrtMzTfI4PrYL8z3PMEYGA1UdIwQ/MD2AFHkGykDTn5pUrtMzTfI4PrYL
+8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09MUy1DQYIJAIp0kyaAW0K3MAwGA1Ud
+EwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQA0XK1+Eg+j
+JdwKnUpnwPq+fsyrCs4TF1DgwtqY4yr1KCw0QSPMK9ldLp62lJaRnrPE7ZGOQ7sd
+z82yEM8nMulNREp3TZwuVFaWgs0yLVKkfqZ0jNGDuEf8AJAynI4ynRbtYxtYzBDy
+XgJPk9lKK/gR14IXBet/dGbZf4yHiMzldMCb0dWzyDS1S+Y1iLTRCmpmRbFow12g
+CjNoSxdyoJPZavcOVWa4tDc3PLMdkgdY20ewo3IvCQTOg9ogVX4Hq5/M4xTz8XUX
+nHeUqshdkPVGFCIujCBg9131RYSE0SkVrPUaIbP9tgzabkZWwhiq8oSpTBmIi9qh
+GPiQTFGknE1U
+-----END CERTIFICATE-----
diff --git a/roles/cortex/files/cacerts.jks b/roles/cortex/files/cacerts.jks
new file mode 100644
index 0000000000000000000000000000000000000000..9d4001b7d9a466941cda896b6bf145bf2f02020c
Binary files /dev/null and b/roles/cortex/files/cacerts.jks differ
diff --git a/roles/cortex/files/cortexsecret b/roles/cortex/files/cortexsecret
new file mode 100644
index 0000000000000000000000000000000000000000..3119d1268684d95f0882fb9be3d331e62b0e26bc
--- /dev/null
+++ b/roles/cortex/files/cortexsecret
@@ -0,0 +1,3 @@
+{
+ "value" : "06ca9734-9621-4c6d-bb04-8ee68e028dd9"
+}
\ No newline at end of file
diff --git a/roles/cortex/files/dsoclab-cortex.crt b/roles/cortex/files/dsoclab-cortex.crt
new file mode 100644
index 0000000000000000000000000000000000000000..a743bd0055110d9dbad79cdcc70e2ccfe946b100
--- /dev/null
+++ b/roles/cortex/files/dsoclab-cortex.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 5d:c4:bc:49:5f:a0:76:a8:13:a4:c2:32:61:64:0d:92
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:29 2020 GMT
+ Not After : Oct 15 10:47:29 2023 GMT
+ Subject: CN=dsoclab-cortex
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:cd:09:6b:14:33:4a:47:75:5b:d3:d9:67:3b:4d:
+ ad:1f:a7:1f:33:ab:86:b1:aa:3b:09:ab:1a:a6:fb:
+ a0:60:04:e3:68:33:0e:85:54:d1:70:61:8a:b9:d5:
+ d6:b5:6c:c2:b3:36:02:94:b7:1d:18:93:5f:88:81:
+ ff:2a:f4:99:58:6d:d7:96:e2:d2:64:77:b9:74:44:
+ 3c:f0:fb:5b:0f:43:7d:38:5d:fe:b0:db:05:7a:a9:
+ c5:10:24:75:13:c8:2d:da:69:be:e3:43:33:f0:28:
+ 30:9a:53:f8:f8:d3:10:32:35:ec:1d:87:ab:1e:2c:
+ b5:00:7c:9f:8f:61:e0:5d:56:15:8c:46:45:09:78:
+ 02:78:10:c0:af:2f:25:6c:c2:5b:ed:5f:c1:33:0b:
+ f8:c8:13:dc:df:c3:fc:05:90:ff:06:9e:cb:bc:1d:
+ 2b:c2:57:f2:bd:aa:22:b3:4b:f5:ca:b2:b8:00:18:
+ f1:14:10:b8:5e:69:9f:ed:fc:04:83:d9:2e:b7:9a:
+ 8a:45:1c:54:71:8f:61:02:6a:8a:84:2f:67:df:92:
+ 3a:0c:5f:e5:b6:e7:6c:27:69:1f:5b:06:d6:7f:e6:
+ df:ab:2f:31:a5:cd:63:32:60:c0:07:50:6c:0d:39:
+ cb:68:ae:3c:b2:da:0f:20:06:77:2c:28:ab:3a:30:
+ 92:1b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 9A:0E:E1:26:13:A7:12:5F:A4:F1:41:C0:09:FC:AD:EB:4E:66:C2:50
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-cortex, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 27:2e:a1:0c:8d:fb:b1:36:ff:4e:ac:00:91:75:81:4b:20:79:
+ 3f:da:1c:e1:80:b9:8c:6b:60:47:a5:8c:bf:1f:34:98:61:95:
+ 00:bb:79:d4:9e:c8:fb:dc:fb:6a:48:b2:69:d1:1a:04:cc:52:
+ ca:0b:48:01:3e:94:1e:68:0b:e3:4d:fa:12:c4:aa:ff:b6:5b:
+ 0c:3c:80:21:fe:50:87:8a:14:3a:7d:e7:a3:5e:b6:dc:22:ba:
+ cc:97:69:00:a8:78:08:dd:66:d1:cb:ca:28:41:b9:cc:8a:6b:
+ 7c:40:b7:5e:1d:a1:88:5a:b3:fd:18:77:e9:c4:48:fd:38:8f:
+ 06:6e:78:0e:f1:1a:1b:b2:6c:0a:df:38:11:e3:5a:3d:2a:5b:
+ de:41:63:14:ab:25:8e:a6:9f:a8:b7:32:9e:dc:23:45:f3:6b:
+ 6d:86:b7:17:b3:53:df:55:bd:cb:41:a1:b7:73:ae:21:1b:68:
+ b3:b1:0a:e5:e6:0c:2a:77:76:23:f3:87:ee:5f:0e:6d:cd:3b:
+ 94:9a:6f:f2:fd:4f:2d:72:a3:21:94:55:c0:4a:6c:2b:13:e3:
+ 82:13:a5:1f:82:6b:ae:6e:e2:ec:eb:7a:25:6a:f2:9e:45:d7:
+ 0a:7d:75:be:9d:f7:94:6f:ce:a5:27:d6:9b:dc:d2:12:54:64:
+ 09:c4:f6:a9
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIQXcS8SV+gdqgTpMIyYWQNkjANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjlaFw0yMzEwMTUx
+MDQ3MjlaMBkxFzAVBgNVBAMMDmRzb2NsYWItY29ydGV4MIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAzQlrFDNKR3Vb09lnO02tH6cfM6uGsao7Casapvug
+YATjaDMOhVTRcGGKudXWtWzCszYClLcdGJNfiIH/KvSZWG3XluLSZHe5dEQ88Ptb
+D0N9OF3+sNsFeqnFECR1E8gt2mm+40Mz8CgwmlP4+NMQMjXsHYerHiy1AHyfj2Hg
+XVYVjEZFCXgCeBDAry8lbMJb7V/BMwv4yBPc38P8BZD/Bp7LvB0rwlfyvaois0v1
+yrK4ABjxFBC4Xmmf7fwEg9kut5qKRRxUcY9hAmqKhC9n35I6DF/ltudsJ2kfWwbW
+f+bfqy8xpc1jMmDAB1BsDTnLaK48stoPIAZ3LCirOjCSGwIDAQABo4HcMIHZMAkG
+A1UdEwQCMAAwHQYDVR0OBBYEFJoO4SYTpxJfpPFBwAn8retOZsJQMEYGA1UdIwQ/
+MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
+Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
+BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1jb3J0ZXiCHmRzb2NsYWIu
+Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEAJy6hDI37
+sTb/TqwAkXWBSyB5P9oc4YC5jGtgR6WMvx80mGGVALt51J7I+9z7akiyadEaBMxS
+ygtIAT6UHmgL4036EsSq/7ZbDDyAIf5Qh4oUOn3no1623CK6zJdpAKh4CN1m0cvK
+KEG5zIprfEC3Xh2hiFqz/Rh36cRI/TiPBm54DvEaG7JsCt84EeNaPSpb3kFjFKsl
+jqafqLcyntwjRfNrbYa3F7NT31W9y0Ght3OuIRtos7EK5eYMKnd2I/OH7l8Obc07
+lJpv8v1PLXKjIZRVwEpsKxPjghOlH4Jrrm7i7Ot6JWrynkXXCn11vp33lG/OpSfW
+m9zSElRkCcT2qQ==
+-----END CERTIFICATE-----
diff --git a/roles/cortex/files/dsoclab-cortex.key b/roles/cortex/files/dsoclab-cortex.key
new file mode 100644
index 0000000000000000000000000000000000000000..827da545bbbd7bdc9b8c8527f8dfb4b086ba5221
--- /dev/null
+++ b/roles/cortex/files/dsoclab-cortex.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDNCWsUM0pHdVvT
+2Wc7Ta0fpx8zq4axqjsJqxqm+6BgBONoMw6FVNFwYYq51da1bMKzNgKUtx0Yk1+I
+gf8q9JlYbdeW4tJkd7l0RDzw+1sPQ304Xf6w2wV6qcUQJHUTyC3aab7jQzPwKDCa
+U/j40xAyNewdh6seLLUAfJ+PYeBdVhWMRkUJeAJ4EMCvLyVswlvtX8EzC/jIE9zf
+w/wFkP8Gnsu8HSvCV/K9qiKzS/XKsrgAGPEUELheaZ/t/ASD2S63mopFHFRxj2EC
+aoqEL2ffkjoMX+W252wnaR9bBtZ/5t+rLzGlzWMyYMAHUGwNOctorjyy2g8gBncs
+KKs6MJIbAgMBAAECggEAIdhGJqV4w2bp64Rdd/qQc0Mg8WSE7VrOOABYe+vZQ0BL
+UW3sHbIsiEJxpc9Yi8YSNYba0jWPxfi9skjTGAIcNe6bwbpbRF5G7Jw++wBivZhE
+WUOawRLGSsMvVkTOVp+agg0mh1kWf7QCodbuqBQe/krMWOuGIYr7rcLki8R6Rq2d
+WuW8Kf697ciklh/6cyy1J6axe1LNT906lYvyRock246KbN517wWw7/fu47Mb2fdC
+U6beFxbmbc5vk4lrViE7gSNkY97Vr/uXW9xlyRzvpNJuzZrm00CgNF1MnOnwf3l1
+k8kc63RMkUJGVWcxo5ubzLXpv4CnnmUNPfaSx+CeUQKBgQDuUT8JOu2vfzAC2VOQ
+OfKR4NgMQ8fnK6T67zpLDeNUAGW+hBi62ewD8xxRse0j/rWXgvADBE1GplPXicZI
+Q0o0VgIiL3NFQgCP7rvtPGE9VQXHYgd+ULKCHcPEBwonlbAhiHSwVnBqSFoqWdj+
+SHiBn4AD1ARoD6WSEVi3X6UU/QKBgQDcQATvzbbcr41vQHm9u1O7v0slk306A4yY
+ItXk+GbtLEoLAiLy7n0REKybZAzniuLCDAQ1h1bWLkqRle26XqVfg3YaxGpoJODy
+gPgr2Hi4Y/lcFrwRThUHEu8eaUWVRtY3B9Rgi5VjLVqydgI3/AFWdlzIVkhBeN0w
+MOtKdEg69wKBgG+wD/TJcz8+QkfzhiAfqDkJwPbuhS8n2yfnGdC274UcspI44kYf
+f2bSdsEqu9KUupIJQWaIi5bCuKRY415Wet5QOKvAxSr+JblOzy/9jizqPc0VeiGO
+vDoSrP6ftfibRHJSuy0xNXn58pfKh9GUMTW+hIZGxNHoE1aDXqqB3qIZAoGBAIIc
+A46SDLNDtZ6CDSjrD6T6dW8GONTboeOBuK+hmlQDdN4Z7gFqp1E8c2r8aK8jmZ8e
+MCJbCA5QnFZyplQRc0oAQ/W+EEnjd0tqqrBkGbR7wqQG/iSO5tcd9UoW0DdF+Gfb
+5Tb/XkmPUmPYWKkv4q5sD5V9ewPKXYgJbgW2ubCzAoGACfaFTBM3zZ2rqjJUk8+F
+fGcuDeh/ZFk4MgcN5nbdKHwyXDhBlUY1FzLZlKi5J1lRyTInZUP8KYnXogw757Md
+oa5wPlnw0a6VSHX1ZZUwa0yz1Rrv5M5CA4vyNBENCaHELKLoRWwbAook1gFie6cV
+nrCXNbsWttgWkzqLDWkPT5M=
+-----END PRIVATE KEY-----
diff --git a/roles/cortex/files/dsoclab-cortex.p12 b/roles/cortex/files/dsoclab-cortex.p12
new file mode 100644
index 0000000000000000000000000000000000000000..252b3e7ef466cf7a4090ab3d5c551bd8dcaf5e5f
Binary files /dev/null and b/roles/cortex/files/dsoclab-cortex.p12 differ
diff --git a/roles/cortex/files/logback.xml b/roles/cortex/files/logback.xml
new file mode 100644
index 0000000000000000000000000000000000000000..2dfba2682f91f345376aa4266794eacff13623d3
--- /dev/null
+++ b/roles/cortex/files/logback.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration debug="false">
+
+ <conversionRule conversionWord="coloredLevel"
+ converterClass="play.api.libs.logback.ColoredLevel"/>
+
+ <appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/cortex/application.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>/var/log/cortex/application.%i.log.zip</fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>10</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>10MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>%date [%level] from %logger in %thread - %message%n%xException</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>%coloredLevel %logger{15} - %message%n%xException{10}
+ </pattern>
+ </encoder>
+ </appender>
+
+ <appender name="ASYNCFILE" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="FILE"/>
+ </appender>
+
+ <appender name="ASYNCSTDOUT" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT"/>
+ </appender>
+
+ <logger name="play" level="DEBUG"/>
+ <logger name="application" level="DEBUG"/>
+
+ <logger name="com.gargoylesoftware.htmlunit.javascript" level="OFF"/>
+
+ <root level="INFO">
+ <appender-ref ref="ASYNCFILE"/>
+ <appender-ref ref="ASYNCSTDOUT"/>
+ </root>
+
+</configuration>
diff --git a/roles/haproxy/files/dsoclab-haproxy.crt b/roles/haproxy/files/dsoclab-haproxy.crt
new file mode 100644
index 0000000000000000000000000000000000000000..5be39cb377745bb5bc5303c2b7d55d44877f9260
--- /dev/null
+++ b/roles/haproxy/files/dsoclab-haproxy.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ d2:7b:43:cb:9b:fb:09:cf:cc:86:ef:d1:01:9a:42:fc
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:30 2020 GMT
+ Not After : Oct 15 10:47:30 2023 GMT
+ Subject: CN=dsoclab-haproxy
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:c9:c7:22:33:0b:0b:0f:a0:8c:c4:a9:81:37:bd:
+ 51:2f:47:32:fa:1b:88:45:b1:bb:11:43:3d:de:b3:
+ 70:67:d7:8b:39:5a:8f:13:fb:2f:78:08:b1:b1:32:
+ c6:d1:0e:e4:d3:2e:3a:db:84:db:d2:65:6b:26:24:
+ 6c:d7:16:e5:a5:90:8e:02:46:13:02:0a:96:66:46:
+ 87:b7:b0:ee:56:4c:3c:d8:ae:4c:7d:ef:5b:aa:6e:
+ 01:8e:89:fe:4c:b9:de:6c:ba:e4:3f:8d:f8:d7:3a:
+ ed:b2:29:9a:5b:ac:5a:86:66:05:f3:19:2f:59:8d:
+ 7c:8b:6a:97:1e:43:8a:36:80:b2:e9:e1:84:f6:94:
+ bc:13:11:31:b8:d2:5a:72:ed:68:c3:b1:37:e4:5b:
+ 91:82:62:aa:13:f2:b6:e0:3a:aa:85:66:70:0a:a9:
+ ad:5c:a7:52:ff:dc:f9:99:5e:e5:15:d5:0c:fe:cd:
+ 27:cb:98:9e:5a:69:ca:71:74:31:e6:26:df:ec:d2:
+ 42:43:b9:f3:04:8e:2c:7a:28:a6:f9:8e:ba:64:3c:
+ 69:0e:ac:f5:dc:d5:f3:2a:50:47:50:d4:8c:f5:ee:
+ 31:08:73:69:1f:ae:42:1d:52:84:5d:47:68:dd:a3:
+ 1f:07:57:ec:3e:9e:0d:23:78:16:41:bc:68:f2:4f:
+ e9:19
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 49:DC:74:02:17:71:C3:D0:A0:64:31:9E:60:2B:B4:38:43:62:DE:98
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-haproxy, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 04:a0:71:31:d2:11:93:09:96:c8:1b:2a:31:b8:b9:34:07:ac:
+ 89:cb:b0:6c:b0:f0:17:5f:18:3c:a6:96:ca:b3:fa:c7:af:40:
+ 17:e1:7e:e4:dc:ee:fe:5c:dc:86:40:b7:2f:9d:c0:9e:fd:16:
+ 6b:85:ab:c2:a8:63:1f:fe:03:2b:89:6a:80:c9:2e:ae:cc:3d:
+ 19:75:32:0e:56:57:16:27:02:51:49:1d:b3:78:aa:57:d3:00:
+ 9b:93:fe:6d:a3:37:ad:26:35:57:e1:5f:90:bf:ef:30:bc:68:
+ f3:bf:7c:59:69:4f:61:30:2d:48:66:a6:44:2a:51:63:6e:4f:
+ a7:8f:96:7e:91:b2:b2:46:bc:97:1b:01:df:c0:24:5c:b2:aa:
+ 8d:20:3a:25:5d:8a:1c:84:53:0d:d4:f6:d5:81:5d:30:de:c4:
+ d7:fa:42:9c:79:68:92:56:b7:76:69:c6:c9:ad:07:47:a6:d2:
+ 46:d4:a5:0c:10:a9:03:21:4d:56:40:e5:28:e3:fa:70:1b:23:
+ 32:68:07:3d:d6:8a:3a:fb:6d:3b:a6:20:16:1b:09:f3:47:f0:
+ 2a:4f:dc:97:86:56:37:96:42:1b:89:b8:76:1a:ab:7a:25:4e:
+ e8:62:d9:a0:3b:ec:62:72:64:64:ca:87:9c:be:0a:08:09:52:
+ ab:03:89:2b
+-----BEGIN CERTIFICATE-----
+MIIDmTCCAoGgAwIBAgIRANJ7Q8ub+wnPzIbv0QGaQvwwDQYJKoZIhvcNAQELBQAw
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzMwWhcNMjMxMDE1
+MTA0NzMwWjAaMRgwFgYDVQQDDA9kc29jbGFiLWhhcHJveHkwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDJxyIzCwsPoIzEqYE3vVEvRzL6G4hFsbsRQz3e
+s3Bn14s5Wo8T+y94CLGxMsbRDuTTLjrbhNvSZWsmJGzXFuWlkI4CRhMCCpZmRoe3
+sO5WTDzYrkx971uqbgGOif5Mud5suuQ/jfjXOu2yKZpbrFqGZgXzGS9ZjXyLapce
+Q4o2gLLp4YT2lLwTETG40lpy7WjDsTfkW5GCYqoT8rbgOqqFZnAKqa1cp1L/3PmZ
+XuUV1Qz+zSfLmJ5aacpxdDHmJt/s0kJDufMEjix6KKb5jrpkPGkOrPXc1fMqUEdQ
+1Iz17jEIc2kfrkIdUoRdR2jdox8HV+w+ng0jeBZBvGjyT+kZAgMBAAGjgd0wgdow
+CQYDVR0TBAIwADAdBgNVHQ4EFgQUSdx0Ahdxw9CgZDGeYCu0OENi3pgwRgYDVR0j
+BD8wPYAUeQbKQNOfmlSu0zNN8jg+tgvzPc+hGqQYMBYxFDASBgNVBAMMC1NPQ1RP
+T0xTLUNBggkAinSTJoBbQrcwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
+MAsGA1UdDwQEAwIFoDA6BgNVHREEMzAxgg9kc29jbGFiLWhhcHJveHmCHmRzb2Ns
+YWIuZ240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEABKBx
+MdIRkwmWyBsqMbi5NAesicuwbLDwF18YPKaWyrP6x69AF+F+5Nzu/lzchkC3L53A
+nv0Wa4WrwqhjH/4DK4lqgMkursw9GXUyDlZXFicCUUkds3iqV9MAm5P+baM3rSY1
+V+FfkL/vMLxo8798WWlPYTAtSGamRCpRY25Pp4+WfpGyska8lxsB38AkXLKqjSA6
+JV2KHIRTDdT21YFdMN7E1/pCnHlokla3dmnGya0HR6bSRtSlDBCpAyFNVkDlKOP6
+cBsjMmgHPdaKOvttO6YgFhsJ80fwKk/cl4ZWN5ZCG4m4dhqreiVO6GLZoDvsYnJk
+ZMqHnL4KCAlSqwOJKw==
+-----END CERTIFICATE-----
diff --git a/roles/haproxy/files/dsoclab-haproxy.key b/roles/haproxy/files/dsoclab-haproxy.key
new file mode 100644
index 0000000000000000000000000000000000000000..abcca5eaafc03ebe472bc28a09ae04de65e2fa7f
--- /dev/null
+++ b/roles/haproxy/files/dsoclab-haproxy.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDJxyIzCwsPoIzE
+qYE3vVEvRzL6G4hFsbsRQz3es3Bn14s5Wo8T+y94CLGxMsbRDuTTLjrbhNvSZWsm
+JGzXFuWlkI4CRhMCCpZmRoe3sO5WTDzYrkx971uqbgGOif5Mud5suuQ/jfjXOu2y
+KZpbrFqGZgXzGS9ZjXyLapceQ4o2gLLp4YT2lLwTETG40lpy7WjDsTfkW5GCYqoT
+8rbgOqqFZnAKqa1cp1L/3PmZXuUV1Qz+zSfLmJ5aacpxdDHmJt/s0kJDufMEjix6
+KKb5jrpkPGkOrPXc1fMqUEdQ1Iz17jEIc2kfrkIdUoRdR2jdox8HV+w+ng0jeBZB
+vGjyT+kZAgMBAAECggEAUcxwiNDJQySK7I7q23XcG5Z5i/rtW5OZin3/7vA/eVlg
+D3gu2KLTs42Su4siHk4zZYkwQx2xH7INpgDOPsQBhQT9DN7rhcBVCFE/Y7BObp2p
+bQ375HHMb2L5Lpeyh9gx21JIhZtAbcBt6/QBp3hPmnxxnQNwtpUtEDe923714PHD
+SfJ1Nd+mgeJ3ShPrk2jhcDdU82/mQrk5eH8M5QJqlTEWCvBgJaKhBf89T2XrX8jf
+oPzeVijOqgLg49QEtAPmI98GlE1OAp3boFx4/QA/s76pgWZhYIm1hcm1AguYhQvJ
+bi96IgdgVQQp/y7L+ix8zsq+YRxwPuCSBl+9BotYoQKBgQDm4neNC87XV4RhGuHG
+w8WpFXFe1uOucPfyfTMmjifh61GZa4aWgBQByBQxBs729MOr9TFrNApTGWPO8Lag
+ANnREyNndaUAUFgtCdY7Gc99deWyIx861aAVU7GGIFVkCo3OK0twbbyzqOj+B+H8
+c/P1tXXMayt/gPVuRDj7sq90VwKBgQDfuh6Clxa2sq0GdKsRkiDXaY8eZxJZchYw
++0MsYQjX8hPOGn0YWGy14ppE7JEPTEWSRuzCf5cwem/em8AIESgdCUWcGkgcQO5n
+DvZeXrHHpVrTmGE5xEVNYrD/NPY7VizUsyLNvn5yC4hyByWkwLV+AUGpACE3HP2s
+7xTakmmoDwKBgHKEfXuuEafptrVbWgT2cYHOKu85crDBQ5o40zgaZlm+GDkahiT7
+3fCMRseScvE2sh8GfL6Jj11sSH8KEesGwQLclUDpry+aqkGckW+6+5lk8ssKdKD/
++GjbnD/EpdX7Dh7mhoJ7S49pBjeJvWM0OBr1KDp+JZMWaaWJnSHqnO/9AoGAXvM4
+m6fP5f3y3PiK2cwwz/tm2DpaWUfID0Wz/pO4Ex4UNbacPMbabF8dpf7Ymat/I1Oi
+i/FmkxaDf/COEV5mrdwPhO7Kh+MuyuJYwThjLx4IbCERsliQKQWnpMgvcINkR2k3
+biZYt8IZSHusCD4ZSL7zxOvfLOrK5qgZK6JT4RUCgYEAk94TNC+rYRZOfOIaYA7+
+K1qTQAe8tawTBlKauXptWCzMFtMSEwozuHuxgnyAS/uRUKFMgRk00KrSvnuyGEBX
+5QxqqhBOMvGDs672q/kVZ5C9M06+y5+Zpg0Mf3r+zOBqB5tCASnl2KfOCZkAt8rV
+kyb4KyOsi81/fpVM/WeOL7w=
+-----END PRIVATE KEY-----
diff --git a/roles/haproxy/files/haproxy.cfg b/roles/haproxy/files/haproxy.cfg
new file mode 100644
index 0000000000000000000000000000000000000000..e102cf4d928a0f73102c86fa3e8372c1613bb9ac
--- /dev/null
+++ b/roles/haproxy/files/haproxy.cfg
@@ -0,0 +1,17 @@
+global
+ quiet
+
+defaults
+ mode http
+ maxconn 5000
+
+ timeout connect 5s
+ timeout client 20s
+ timeout server 20s
+
+frontend public
+ bind *:80
+ default_backend apps
+
+backend apps
+ server nifi_1 nifi_1:8080 check
diff --git a/roles/keycloak/files/SOCTOOLS-CA.crt b/roles/keycloak/files/SOCTOOLS-CA.crt
new file mode 100644
index 0000000000000000000000000000000000000000..04b1f203d036d2219c23c4ea3630115d68510eb8
--- /dev/null
+++ b/roles/keycloak/files/SOCTOOLS-CA.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNTCCAh2gAwIBAgIJAIp0kyaAW0K3MA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV
+BAMMC1NPQ1RPT0xTLUNBMB4XDTIwMTAzMDEwNDcxOFoXDTMwMTAyODEwNDcxOFow
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC1GZDFZJPR7AYkhEsB9U6qtK+40di3KOeTwRosJ7hvP1FQjwnIC37B
+UlVq15KEgRTCcXgLH0CdtzC1Rkz+AUCLyKTOGmNCqmvyMcESdpuoI1NULkv0QeYX
+Mj4Q1Lh0RldqZpEr32UfsVowBPPhijAUlVAHeJLvji/tnUvI++9no2hx03UAhjTM
+M59AviYsRT3DUkciNSllpwV+7B2pgnpRgzsbVGP2cheaaRYG9DAbRTLrAtVxO0WJ
+c/zNGSpvXuOyBK30/pwGMvhNGPeckElSpDfaepuA8ZDcfaKNk0kEBvzIlUrpZBmv
+tBc5DmpfEBlSk5UK/0XSblKE5dOqlWc1AgMBAAGjgYUwgYIwHQYDVR0OBBYEFHkG
+ykDTn5pUrtMzTfI4PrYL8z3PMEYGA1UdIwQ/MD2AFHkGykDTn5pUrtMzTfI4PrYL
+8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09MUy1DQYIJAIp0kyaAW0K3MAwGA1Ud
+EwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQA0XK1+Eg+j
+JdwKnUpnwPq+fsyrCs4TF1DgwtqY4yr1KCw0QSPMK9ldLp62lJaRnrPE7ZGOQ7sd
+z82yEM8nMulNREp3TZwuVFaWgs0yLVKkfqZ0jNGDuEf8AJAynI4ynRbtYxtYzBDy
+XgJPk9lKK/gR14IXBet/dGbZf4yHiMzldMCb0dWzyDS1S+Y1iLTRCmpmRbFow12g
+CjNoSxdyoJPZavcOVWa4tDc3PLMdkgdY20ewo3IvCQTOg9ogVX4Hq5/M4xTz8XUX
+nHeUqshdkPVGFCIujCBg9131RYSE0SkVrPUaIbP9tgzabkZWwhiq8oSpTBmIi9qh
+GPiQTFGknE1U
+-----END CERTIFICATE-----
diff --git a/roles/keycloak/files/cacerts.jks b/roles/keycloak/files/cacerts.jks
new file mode 100644
index 0000000000000000000000000000000000000000..9d4001b7d9a466941cda896b6bf145bf2f02020c
Binary files /dev/null and b/roles/keycloak/files/cacerts.jks differ
diff --git a/roles/keycloak/files/dsoclab-keycloak.crt b/roles/keycloak/files/dsoclab-keycloak.crt
new file mode 100644
index 0000000000000000000000000000000000000000..92b6893716cacfa9e7fb863ad4c4379077e7ac1e
--- /dev/null
+++ b/roles/keycloak/files/dsoclab-keycloak.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ fe:75:83:de:f2:35:5a:2c:2b:ba:09:72:0b:d8:09:48
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:28 2020 GMT
+ Not After : Oct 15 10:47:28 2023 GMT
+ Subject: CN=dsoclab-keycloak
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:ea:a9:ea:6b:2f:6c:9c:9f:6d:9c:89:4e:01:ba:
+ c6:c0:32:df:59:26:2b:95:f4:c2:3d:c8:7e:22:ce:
+ b6:78:03:e8:22:28:81:9c:9a:a6:a7:ba:fd:05:66:
+ a3:50:81:85:71:c1:d9:ea:bc:21:e1:5d:0a:87:7b:
+ be:55:b0:7d:01:57:de:4c:fe:3a:c5:c9:54:77:2e:
+ 15:fc:12:07:f8:ef:9f:7b:f7:09:01:70:75:53:3b:
+ dc:b1:0c:65:4d:49:c4:fb:1d:42:20:6f:81:45:42:
+ d3:db:1d:4c:57:1b:1d:3b:81:39:ee:b2:cf:95:4b:
+ 29:d0:a8:39:98:d6:93:36:99:bf:c5:43:26:8d:4d:
+ db:6d:24:3b:fc:16:76:a1:fd:6f:c6:19:11:c7:12:
+ 0d:80:16:4c:88:da:2c:09:78:3d:1b:7c:6c:ec:db:
+ 9e:01:50:5f:a3:56:7f:d4:3b:a4:26:d2:6d:42:7b:
+ 88:4e:8d:64:ed:1e:1a:0e:05:58:65:58:47:83:60:
+ 9e:b4:ed:15:ce:72:4f:a0:b5:22:dd:9f:a4:da:88:
+ 86:fe:cb:84:6e:72:3d:00:42:da:8b:85:2a:f2:ef:
+ d7:ee:bb:85:42:ba:b9:fb:d9:9d:d2:2c:58:0f:7c:
+ 02:23:b7:46:d0:69:06:37:40:9d:58:74:89:ca:b7:
+ 12:e5
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ FD:C5:77:F8:79:AD:0A:7E:6A:A0:2E:3B:58:6A:9F:43:51:55:0B:DF
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-keycloak, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 9a:c0:35:a3:68:ec:ec:cc:c3:65:5a:bf:03:d0:ee:8d:a0:41:
+ db:6d:89:3e:97:d4:90:7d:63:8e:73:37:43:ae:9a:e2:d0:2b:
+ a7:5e:b2:88:9b:4d:8f:b6:81:bf:f6:46:a0:87:ca:77:ec:5c:
+ af:cd:6b:d8:e8:60:5a:aa:86:be:64:d5:ad:e9:1e:41:7b:6a:
+ df:01:1d:16:86:94:57:82:51:91:be:6b:d6:ae:f0:b9:8c:3d:
+ 11:99:c4:93:eb:f7:fa:9e:a3:e3:f8:97:19:cf:63:55:6a:6e:
+ 4f:e9:a2:64:a7:35:0d:7e:68:23:89:e1:c6:06:4b:34:67:38:
+ 40:d1:81:b3:73:95:3a:3b:67:d2:5a:e4:8e:49:34:b1:ab:6f:
+ b6:60:87:ac:55:5d:f5:59:c0:d5:d3:d8:de:3b:76:c9:41:28:
+ b4:d7:23:ec:a2:3f:1d:3f:74:2e:f0:45:40:35:38:d1:06:50:
+ b2:93:45:df:de:33:5e:0b:89:86:d8:c9:14:61:1c:d2:94:21:
+ 1f:bf:df:32:f0:2f:91:52:b0:08:b7:b9:c2:b7:55:2b:ca:05:
+ e4:eb:91:e1:63:45:5d:1a:6f:e8:76:07:89:e8:42:3e:ec:7b:
+ 51:0e:a0:d5:8e:c3:3d:26:e3:45:b0:5b:61:d1:98:3b:c3:d4:
+ 37:9f:c1:7c
+-----BEGIN CERTIFICATE-----
+MIIDmzCCAoOgAwIBAgIRAP51g97yNVosK7oJcgvYCUgwDQYJKoZIhvcNAQELBQAw
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzI4WhcNMjMxMDE1
+MTA0NzI4WjAbMRkwFwYDVQQDDBBkc29jbGFiLWtleWNsb2FrMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6qnqay9snJ9tnIlOAbrGwDLfWSYrlfTCPch+
+Is62eAPoIiiBnJqmp7r9BWajUIGFccHZ6rwh4V0Kh3u+VbB9AVfeTP46xclUdy4V
+/BIH+O+fe/cJAXB1UzvcsQxlTUnE+x1CIG+BRULT2x1MVxsdO4E57rLPlUsp0Kg5
+mNaTNpm/xUMmjU3bbSQ7/BZ2of1vxhkRxxINgBZMiNosCXg9G3xs7NueAVBfo1Z/
+1DukJtJtQnuITo1k7R4aDgVYZVhHg2CetO0VznJPoLUi3Z+k2oiG/suEbnI9AELa
+i4Uq8u/X7ruFQrq5+9md0ixYD3wCI7dG0GkGN0CdWHSJyrcS5QIDAQABo4HeMIHb
+MAkGA1UdEwQCMAAwHQYDVR0OBBYEFP3Fd/h5rQp+aqAuO1hqn0NRVQvfMEYGA1Ud
+IwQ/MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NU
+T09MUy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD
+AjALBgNVHQ8EBAMCBaAwOwYDVR0RBDQwMoIQZHNvY2xhYi1rZXljbG9ha4IeZHNv
+Y2xhYi5nbjQtMy13cDgtc29jLnN1bmV0LnNlMA0GCSqGSIb3DQEBCwUAA4IBAQCa
+wDWjaOzszMNlWr8D0O6NoEHbbYk+l9SQfWOOczdDrpri0CunXrKIm02PtoG/9kag
+h8p37FyvzWvY6GBaqoa+ZNWt6R5Be2rfAR0WhpRXglGRvmvWrvC5jD0RmcST6/f6
+nqPj+JcZz2NVam5P6aJkpzUNfmgjieHGBks0ZzhA0YGzc5U6O2fSWuSOSTSxq2+2
+YIesVV31WcDV09jeO3bJQSi01yPsoj8dP3Qu8EVANTjRBlCyk0Xf3jNeC4mG2MkU
+YRzSlCEfv98y8C+RUrAIt7nCt1UrygXk65HhY0VdGm/odgeJ6EI+7HtRDqDVjsM9
+JuNFsFth0Zg7w9Q3n8F8
+-----END CERTIFICATE-----
diff --git a/roles/keycloak/files/dsoclab-keycloak.key b/roles/keycloak/files/dsoclab-keycloak.key
new file mode 100644
index 0000000000000000000000000000000000000000..8c5ebed5a514facf489a59ce2a2e487c6a0da78f
--- /dev/null
+++ b/roles/keycloak/files/dsoclab-keycloak.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDqqeprL2ycn22c
+iU4BusbAMt9ZJiuV9MI9yH4izrZ4A+giKIGcmqanuv0FZqNQgYVxwdnqvCHhXQqH
+e75VsH0BV95M/jrFyVR3LhX8Egf475979wkBcHVTO9yxDGVNScT7HUIgb4FFQtPb
+HUxXGx07gTnuss+VSynQqDmY1pM2mb/FQyaNTdttJDv8Fnah/W/GGRHHEg2AFkyI
+2iwJeD0bfGzs254BUF+jVn/UO6Qm0m1Ce4hOjWTtHhoOBVhlWEeDYJ607RXOck+g
+tSLdn6TaiIb+y4Rucj0AQtqLhSry79fuu4VCurn72Z3SLFgPfAIjt0bQaQY3QJ1Y
+dInKtxLlAgMBAAECggEBAIj6HCLq8NxP15zLLSSnUQK571PLix+iWovT74UD4tEV
+frgJqvat81/vL2iqq+P/ZtSrUjfKD4DMXawOGGFOfvl8v/9zWv0+8zYKSbz1DYBK
+525mGfSkH2gxhjY2xR8jU389ae8jB3NVefLqHDiwVBT67sUdzTwZPtRUjiJgBliU
+soJCsCutHAy7GW68N79F0BQItHhjMt02fYybnFxNvBntD4lodZDn7K9iqBoZPduX
+TBsH1FcwZQyvQuiUlJgjUFM//5zrZUMjErv+3ev5c/WdpY4ycbo6VVBGZouVbyeX
+RAWeDUE1nrsEsLBSnTkXVInFjPS6mBxsIi/+hlf6XCECgYEA+bWYDKPgelSe8ii5
+mK94wcLr6MybO+GrBHT4lIP1UggGsvPtXTifNvgGrYx90gmmL6F9QWHE+4lxyh5L
+yEXCTHXl4QopgZCxWnnKekz0ma0lFlGYGr4KA0Z3Ntp+sCb/hcqVW/n24wVhNnmo
+z3ztlSI/GY3B598R7dO9sR/RoYkCgYEA8JNKbTegmeeaAyBehEPy3eajAiT6759p
+7m6Ml1P6IC3Ff3fllJrNWRi+JDKnJF9SUePOVWLWSgYSJyFLoiWK1CzoyLPdbcW9
+Ap9XNzD/aoDi6DBbKCFhRpBCsmTPnT8eFvA9PhuYY60w2UoM7byH+i2aJ1Do3izl
+tLsHJbcT230CgYEA5S4Sl/9MBlpl6xEPjh/2L7drdyVaj/IFWLjWcNBPtnMhWtrf
+joBqODQZRO09iSlL+kk3wWsvNEEoS33UxcGomy5Vxl3iTET1UXmYKPk6QVUVRc+r
+T1f9rpXc0l5kid2xBSUyQdFAE4obd7jfA1fAYfClgxmEzv//34xHfCoc5ykCgYEA
+01sD00pA3ZXc+AwzHY64y3z6D0M/9s+d+GzFNZoAsM6lqaRDXbhW2oTjX9fkgg8A
+upMiTl/kFeqZfilBUnYbLuc5qEJlMjC8KpakwAdbDk2njAgXvfz9gknxXts0j1jJ
+bauokm0aB9A7j1sAWsj8ya3QtePegnr9YDfEQr1CQ90CgYBfAQaYG9ldXcxTlERG
+jOGu0bh9DtnmwsenwTZQD4mNHpvL0MkmIQxR5FAL8XXbNBq50zCiOapLLrhdqbh0
+ih3WoOdqxLIDQtAJYs3ANhOmEAxvQPxpPKhRHRKPGXxyzgW9zeQ08GpYoR/M7VRF
+TypqufvopzWOpbxpgbfiJQmd8g==
+-----END PRIVATE KEY-----
diff --git a/roles/misp/files/SOCTOOLS-CA.crt b/roles/misp/files/SOCTOOLS-CA.crt
new file mode 100644
index 0000000000000000000000000000000000000000..04b1f203d036d2219c23c4ea3630115d68510eb8
--- /dev/null
+++ b/roles/misp/files/SOCTOOLS-CA.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNTCCAh2gAwIBAgIJAIp0kyaAW0K3MA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV
+BAMMC1NPQ1RPT0xTLUNBMB4XDTIwMTAzMDEwNDcxOFoXDTMwMTAyODEwNDcxOFow
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC1GZDFZJPR7AYkhEsB9U6qtK+40di3KOeTwRosJ7hvP1FQjwnIC37B
+UlVq15KEgRTCcXgLH0CdtzC1Rkz+AUCLyKTOGmNCqmvyMcESdpuoI1NULkv0QeYX
+Mj4Q1Lh0RldqZpEr32UfsVowBPPhijAUlVAHeJLvji/tnUvI++9no2hx03UAhjTM
+M59AviYsRT3DUkciNSllpwV+7B2pgnpRgzsbVGP2cheaaRYG9DAbRTLrAtVxO0WJ
+c/zNGSpvXuOyBK30/pwGMvhNGPeckElSpDfaepuA8ZDcfaKNk0kEBvzIlUrpZBmv
+tBc5DmpfEBlSk5UK/0XSblKE5dOqlWc1AgMBAAGjgYUwgYIwHQYDVR0OBBYEFHkG
+ykDTn5pUrtMzTfI4PrYL8z3PMEYGA1UdIwQ/MD2AFHkGykDTn5pUrtMzTfI4PrYL
+8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09MUy1DQYIJAIp0kyaAW0K3MAwGA1Ud
+EwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQA0XK1+Eg+j
+JdwKnUpnwPq+fsyrCs4TF1DgwtqY4yr1KCw0QSPMK9ldLp62lJaRnrPE7ZGOQ7sd
+z82yEM8nMulNREp3TZwuVFaWgs0yLVKkfqZ0jNGDuEf8AJAynI4ynRbtYxtYzBDy
+XgJPk9lKK/gR14IXBet/dGbZf4yHiMzldMCb0dWzyDS1S+Y1iLTRCmpmRbFow12g
+CjNoSxdyoJPZavcOVWa4tDc3PLMdkgdY20ewo3IvCQTOg9ogVX4Hq5/M4xTz8XUX
+nHeUqshdkPVGFCIujCBg9131RYSE0SkVrPUaIbP9tgzabkZWwhiq8oSpTBmIi9qh
+GPiQTFGknE1U
+-----END CERTIFICATE-----
diff --git a/roles/misp/files/cacerts.jks b/roles/misp/files/cacerts.jks
new file mode 100644
index 0000000000000000000000000000000000000000..9d4001b7d9a466941cda896b6bf145bf2f02020c
Binary files /dev/null and b/roles/misp/files/cacerts.jks differ
diff --git a/roles/misp/files/dsoclab-misp.crt b/roles/misp/files/dsoclab-misp.crt
new file mode 100644
index 0000000000000000000000000000000000000000..f83010441e252486cc934677a1e0a0de1ebe2328
--- /dev/null
+++ b/roles/misp/files/dsoclab-misp.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 75:87:fc:e4:cf:3e:c6:81:17:19:90:76:b1:2c:d5:d2
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:28 2020 GMT
+ Not After : Oct 15 10:47:28 2023 GMT
+ Subject: CN=dsoclab-misp
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:cf:b1:1b:e7:a2:ae:70:81:71:a5:57:46:14:2e:
+ 47:64:89:4e:bd:7d:f0:82:2d:03:19:d6:87:44:b3:
+ 42:bf:72:78:03:cc:91:98:5b:36:42:14:55:e2:82:
+ 16:12:58:60:54:44:8f:15:f6:1b:1f:76:36:22:2e:
+ e8:ac:d3:3c:0a:df:46:c7:f1:04:bc:3a:bf:fe:4b:
+ 8f:2a:53:83:e3:50:82:06:09:fc:2a:fa:fe:94:a0:
+ 7b:7f:c2:3e:0b:3e:dc:72:b8:94:10:0a:0b:90:fd:
+ 45:76:29:85:52:bf:0f:20:43:78:fe:3b:d3:49:20:
+ 8f:9a:a5:0c:89:bb:0e:97:f2:67:b0:2d:f0:17:53:
+ 25:a6:9b:4b:64:0e:72:8a:bf:c9:e3:8e:41:bb:ed:
+ f3:33:6a:55:5f:8d:52:84:fa:a3:67:1a:7b:71:fb:
+ 90:f1:5f:61:df:44:ea:0b:77:88:f2:e5:c1:83:71:
+ 58:c7:58:8a:9b:39:45:59:4e:e0:db:16:b6:96:72:
+ 90:8c:ee:c2:13:75:ea:15:c6:6b:e2:dc:3a:de:c8:
+ 07:de:18:84:2d:96:b6:c4:4c:e1:4a:4d:13:6f:6c:
+ 9a:1d:e5:f9:6f:cc:7e:1b:4a:3a:75:1a:b9:37:b0:
+ 6d:a0:1b:69:35:f1:b6:e6:c2:a5:d3:56:d3:57:c7:
+ 0e:8b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 65:C5:56:88:65:AF:77:F1:53:B2:71:5E:16:10:D1:0B:30:FF:28:BE
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-misp, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 5a:57:76:90:fd:a5:0d:ea:b0:22:c9:02:2e:18:91:81:04:d1:
+ f4:64:58:58:19:27:03:9b:5a:dc:de:6c:0e:fb:b7:76:eb:b1:
+ 97:36:e2:c7:76:ef:7d:d8:00:c3:20:c0:3d:a7:cf:61:f8:16:
+ 4c:96:4c:7c:c8:89:21:d6:d4:eb:3a:c1:3d:98:34:74:6e:39:
+ 81:20:6f:9b:4b:8d:b9:35:60:c5:76:19:30:30:06:0f:89:b1:
+ 1a:f6:c4:88:52:28:98:41:52:f1:9a:77:82:79:ae:c9:71:ba:
+ d9:e5:e9:b7:ba:08:32:59:eb:5e:7d:11:e0:a8:27:20:91:46:
+ 05:56:1e:e6:0b:4d:49:17:52:7f:4b:c4:a3:e0:cd:30:bd:4e:
+ 6a:70:2a:f5:77:4d:d1:d6:64:13:8d:4b:1a:d3:0b:0f:8a:49:
+ 1e:bf:b4:c0:4f:43:dc:92:e3:c0:f2:2f:4a:c8:30:45:fc:5a:
+ d2:de:92:b2:a1:48:b8:da:ff:f4:0b:04:5d:5d:a7:30:d8:4b:
+ ca:cf:0c:01:6a:50:45:5f:d4:a8:cf:dd:fa:f7:68:0c:4c:45:
+ 47:be:3a:c2:39:bb:04:ff:62:a0:bc:91:a0:f2:2b:67:09:89:
+ 5a:ff:e6:53:c1:89:18:12:a1:0f:5a:d7:e1:12:8b:88:88:89:
+ ca:b0:30:27
+-----BEGIN CERTIFICATE-----
+MIIDkjCCAnqgAwIBAgIQdYf85M8+xoEXGZB2sSzV0jANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjhaFw0yMzEwMTUx
+MDQ3MjhaMBcxFTATBgNVBAMMDGRzb2NsYWItbWlzcDCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAM+xG+eirnCBcaVXRhQuR2SJTr198IItAxnWh0SzQr9y
+eAPMkZhbNkIUVeKCFhJYYFREjxX2Gx92NiIu6KzTPArfRsfxBLw6v/5LjypTg+NQ
+ggYJ/Cr6/pSge3/CPgs+3HK4lBAKC5D9RXYphVK/DyBDeP4700kgj5qlDIm7Dpfy
+Z7At8BdTJaabS2QOcoq/yeOOQbvt8zNqVV+NUoT6o2cae3H7kPFfYd9E6gt3iPLl
+wYNxWMdYips5RVlO4NsWtpZykIzuwhN16hXGa+LcOt7IB94YhC2WtsRM4UpNE29s
+mh3l+W/MfhtKOnUauTewbaAbaTXxtubCpdNW01fHDosCAwEAAaOB2jCB1zAJBgNV
+HRMEAjAAMB0GA1UdDgQWBBRlxVaIZa938VOycV4WENELMP8ovjBGBgNVHSMEPzA9
+gBR5BspA05+aVK7TM03yOD62C/M9z6EapBgwFjEUMBIGA1UEAwwLU09DVE9PTFMt
+Q0GCCQCKdJMmgFtCtzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYD
+VR0PBAQDAgWgMDcGA1UdEQQwMC6CDGRzb2NsYWItbWlzcIIeZHNvY2xhYi5nbjQt
+My13cDgtc29jLnN1bmV0LnNlMA0GCSqGSIb3DQEBCwUAA4IBAQBaV3aQ/aUN6rAi
+yQIuGJGBBNH0ZFhYGScDm1rc3mwO+7d267GXNuLHdu992ADDIMA9p89h+BZMlkx8
+yIkh1tTrOsE9mDR0bjmBIG+bS425NWDFdhkwMAYPibEa9sSIUiiYQVLxmneCea7J
+cbrZ5em3uggyWetefRHgqCcgkUYFVh7mC01JF1J/S8Sj4M0wvU5qcCr1d03R1mQT
+jUsa0wsPikkev7TAT0PckuPA8i9KyDBF/FrS3pKyoUi42v/0CwRdXacw2EvKzwwB
+alBFX9Soz93692gMTEVHvjrCObsE/2KgvJGg8itnCYla/+ZTwYkYEqEPWtfhEouI
+iInKsDAn
+-----END CERTIFICATE-----
diff --git a/roles/misp/files/dsoclab-misp.key b/roles/misp/files/dsoclab-misp.key
new file mode 100644
index 0000000000000000000000000000000000000000..9b8a5d677ac4cfa58bdee7fe6fec0d74c30240ab
--- /dev/null
+++ b/roles/misp/files/dsoclab-misp.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDPsRvnoq5wgXGl
+V0YULkdkiU69ffCCLQMZ1odEs0K/cngDzJGYWzZCFFXighYSWGBURI8V9hsfdjYi
+Luis0zwK30bH8QS8Or/+S48qU4PjUIIGCfwq+v6UoHt/wj4LPtxyuJQQCguQ/UV2
+KYVSvw8gQ3j+O9NJII+apQyJuw6X8mewLfAXUyWmm0tkDnKKv8njjkG77fMzalVf
+jVKE+qNnGntx+5DxX2HfROoLd4jy5cGDcVjHWIqbOUVZTuDbFraWcpCM7sITdeoV
+xmvi3DreyAfeGIQtlrbETOFKTRNvbJod5flvzH4bSjp1Grk3sG2gG2k18bbmwqXT
+VtNXxw6LAgMBAAECggEBAIb/4VqMVQTOLvfBJc0iU8eWtLbZMMb8ySI3Xs+aEc3t
+cvNNOmolB7ymCTllQ0GDboH32mX1BaZKqV9IzHbiCwoqHZEDKgfLzFZX+OQTSwwr
+nYidXur1IRuswPnHYZrfrl1net5+GQyShF8NGBs0E3nuQaxHaMwEvTNRCzhPfWnn
+u/g3IExtSdE/XSxRnTGRQqSnMAf9OXs9bw/iTSR5cQO2mW/dRLr4aUCQOJ5Hx4mO
+ub172vkNeNwOSUzc9FjtZyQZOtn25WoS7SusK7y9ToDqqR5OcI5M+kxq+fQo8Wvu
+XlIeOvTKTHOBaih6QYEzHo9zq893I/c0xiOmfOr0v7kCgYEA7WQ7g5z+2Lyt35Sq
+XmzyQyAEbx+PMPc7yTQC62YuvpEAaDFDHMphDw1zM2mraLO+2IuBuDz7CTlsf1zl
+xwEJoEZa3odRi2McpqiUVQgJYD+bCUv35J8X93K4/7tLHvXDJQ3BKBNNoLHxjD5P
+SlR5xBCFwZiiXAkquWpZaaWAbg0CgYEA3/jjf723dlWRrVcG/m7VJrhTWq10Jltp
+8y786INKU1IUrwqFt7ph4c9/Jbop40QVkJKzsPojzWreDf3EZYGnBVhOLA5p4MC0
+X1ZTzN86dn1Y3SDCopGnJVP8X2EdDGfsTkfXxOjRCzSPOyZzxzseACw9WWAmullU
+zQs4K6/4YPcCgYB117znb8bepoMVqwILz79PbRRmaV82qnRGRAhy/I2V0ftGvbWY
+FCqsQzv9uKX7WscRTed+It9nS9c9PkteR3iU1HgFYV0seW3emW7Q6yVkXw7CRbDw
+D73g+1U0ta/r1Yoi2boZ/8MYU10aBlBsEJVFrAIKAZAPagmIc2+hTyP6/QKBgQDX
+FHSr3C0NJzkhA7zEovxwFXx+TKmImCqTjKD0S/gZMW6JdYpZmFOc/Jz2RuMoyt4G
+msqSfnPZNPIO744liC8zM8zGBAVq/sN39je9OvUyikbG+0nNwh+H+jIWCfVST44e
+0mEDSCxPHWcaf1+ZiEzUD6fOZ0Zpl5WW3lpPocncmwKBgQDIR7uJctv3UZkEO+oq
+g1Q4jLUYJFUb/3fk1mEmpq+b90e/xQMqZHlu/KHiHcKrukdWj67d/LY4mrw4DebR
+PTgdj9e0O8V9M7BYxDN+zEYrvmmY4A+tg07zm8aqmhCNKpOMsW0MkKFFuRiMkiCh
+bopZVfjdd+d/56vLZW+GSBaCew==
+-----END PRIVATE KEY-----
diff --git a/roles/misp/templates/config.php.j2 b/roles/misp/templates/config.php.j2
new file mode 100644
index 0000000000000000000000000000000000000000..46ca1ca0aadfb26b91e4c4469afcf8c967333288
--- /dev/null
+++ b/roles/misp/templates/config.php.j2
@@ -0,0 +1,84 @@
+<?php
+$config = array (
+ 'debug' => 0,
+ 'MISP' =>
+ array (
+ 'baseurl' => 'https://{{dslproxy}}:6443',
+ 'footermidleft' => '',
+ 'footermidright' => '',
+ 'org' => 'ORGNAME',
+ 'showorg' => true,
+ 'threatlevel_in_email_subject' => true,
+ 'email_subject_TLP_string' => 'tlp:amber',
+ 'email_subject_tag' => 'tlp',
+ 'email_subject_include_tag_name' => true,
+ 'background_jobs' => true,
+ 'cached_attachments' => true,
+ 'email' => 'email@address.com',
+ 'contact' => 'email@address.com',
+ 'cveurl' => 'https://cve.circl.lu/cve/',
+ 'cweurl' => 'https://cve.circl.lu/cwe/',
+ 'disablerestalert' => false,
+ 'default_event_distribution' => '1',
+ 'default_attribute_distribution' => 'event',
+ 'tagging' => true,
+ 'full_tags_on_event_index' => true,
+ 'attribute_tagging' => true,
+ 'full_tags_on_attribute_index' => true,
+ 'footer_logo' => '',
+ 'take_ownership_xml_import' => false,
+ 'unpublishedprivate' => false,
+ 'disable_emailing' => false,
+ 'manage_workers' => true,
+ 'Attributes_Values_Filter_In_Event' => 'id, uuid, value, comment, type, category, Tag.name',
+ 'uuid' => '6ec3e533-99f9-42ac-952d-002664d1500f',
+ 'live' => true,
+ ),
+ 'GnuPG' =>
+ array (
+ 'onlyencrypted' => false,
+ 'email' => '',
+ 'homedir' => '',
+ 'password' => '',
+ 'bodyonlyencrypted' => false,
+ 'sign' => true,
+ 'obscure_subject' => false,
+ ),
+ 'SMIME' =>
+ array (
+ 'enabled' => false,
+ 'email' => '',
+ 'cert_public_sign' => '',
+ 'key_sign' => '',
+ 'password' => '',
+ ),
+ 'Proxy' =>
+ array (
+ 'host' => '',
+ 'port' => '',
+ 'method' => '',
+ 'user' => '',
+ 'password' => '',
+ ),
+ 'SecureAuth' =>
+ array (
+ 'amount' => 5,
+ 'expire' => 300,
+ ),
+ 'Security' =>
+ array (
+ 'level' => 'medium',
+ 'salt' => '{{misp_salt}}',
+ 'cipherSeed' => '',
+ ),
+ 'Session.defaults' => 'php',
+ 'Session.timeout' => 60,
+ 'Session.cookieTimeout' => 60,
+ 'Session.autoRegenerate' => false,
+ 'Session.checkAgent' => false,
+ 'site_admin_debug' => NULL,
+ 'Plugin' => NULL,
+ 'CertAuth' => NULL,
+ 'ApacheShibbAuth' => NULL,
+ 'ApacheSecureAuth' => NULL,
+);
diff --git a/roles/nifi/files/SOCTOOLS-CA.crt b/roles/nifi/files/SOCTOOLS-CA.crt
new file mode 100644
index 0000000000000000000000000000000000000000..04b1f203d036d2219c23c4ea3630115d68510eb8
--- /dev/null
+++ b/roles/nifi/files/SOCTOOLS-CA.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNTCCAh2gAwIBAgIJAIp0kyaAW0K3MA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV
+BAMMC1NPQ1RPT0xTLUNBMB4XDTIwMTAzMDEwNDcxOFoXDTMwMTAyODEwNDcxOFow
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC1GZDFZJPR7AYkhEsB9U6qtK+40di3KOeTwRosJ7hvP1FQjwnIC37B
+UlVq15KEgRTCcXgLH0CdtzC1Rkz+AUCLyKTOGmNCqmvyMcESdpuoI1NULkv0QeYX
+Mj4Q1Lh0RldqZpEr32UfsVowBPPhijAUlVAHeJLvji/tnUvI++9no2hx03UAhjTM
+M59AviYsRT3DUkciNSllpwV+7B2pgnpRgzsbVGP2cheaaRYG9DAbRTLrAtVxO0WJ
+c/zNGSpvXuOyBK30/pwGMvhNGPeckElSpDfaepuA8ZDcfaKNk0kEBvzIlUrpZBmv
+tBc5DmpfEBlSk5UK/0XSblKE5dOqlWc1AgMBAAGjgYUwgYIwHQYDVR0OBBYEFHkG
+ykDTn5pUrtMzTfI4PrYL8z3PMEYGA1UdIwQ/MD2AFHkGykDTn5pUrtMzTfI4PrYL
+8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09MUy1DQYIJAIp0kyaAW0K3MAwGA1Ud
+EwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQA0XK1+Eg+j
+JdwKnUpnwPq+fsyrCs4TF1DgwtqY4yr1KCw0QSPMK9ldLp62lJaRnrPE7ZGOQ7sd
+z82yEM8nMulNREp3TZwuVFaWgs0yLVKkfqZ0jNGDuEf8AJAynI4ynRbtYxtYzBDy
+XgJPk9lKK/gR14IXBet/dGbZf4yHiMzldMCb0dWzyDS1S+Y1iLTRCmpmRbFow12g
+CjNoSxdyoJPZavcOVWa4tDc3PLMdkgdY20ewo3IvCQTOg9ogVX4Hq5/M4xTz8XUX
+nHeUqshdkPVGFCIujCBg9131RYSE0SkVrPUaIbP9tgzabkZWwhiq8oSpTBmIi9qh
+GPiQTFGknE1U
+-----END CERTIFICATE-----
diff --git a/roles/nifi/files/cacerts.jks b/roles/nifi/files/cacerts.jks
new file mode 100644
index 0000000000000000000000000000000000000000..9d4001b7d9a466941cda896b6bf145bf2f02020c
Binary files /dev/null and b/roles/nifi/files/cacerts.jks differ
diff --git a/roles/nifi/files/dsoclab-nifi-1.p12 b/roles/nifi/files/dsoclab-nifi-1.p12
new file mode 100644
index 0000000000000000000000000000000000000000..0076ad1207c243f877de929e2424ed953f60469c
Binary files /dev/null and b/roles/nifi/files/dsoclab-nifi-1.p12 differ
diff --git a/roles/nifi/files/dsoclab-nifi-2.p12 b/roles/nifi/files/dsoclab-nifi-2.p12
new file mode 100644
index 0000000000000000000000000000000000000000..fdbd25a1e50851b8ea865781bc903dcc78a1cc8f
Binary files /dev/null and b/roles/nifi/files/dsoclab-nifi-2.p12 differ
diff --git a/roles/nifi/files/dsoclab-nifi-3.p12 b/roles/nifi/files/dsoclab-nifi-3.p12
new file mode 100644
index 0000000000000000000000000000000000000000..4d4b23daaa41114bb1ab95eea974f0c2618dbbeb
Binary files /dev/null and b/roles/nifi/files/dsoclab-nifi-3.p12 differ
diff --git a/roles/nifi/files/nifisecret b/roles/nifi/files/nifisecret
new file mode 100644
index 0000000000000000000000000000000000000000..cbbcd4a597c58e86283a43a3b7acc6397c3a95ca
--- /dev/null
+++ b/roles/nifi/files/nifisecret
@@ -0,0 +1,3 @@
+{
+ "value" : "ccfda830-defc-4fec-85fc-9b2b7c98e8ba"
+}
\ No newline at end of file
diff --git a/roles/odfees/files/Arne Oslebo.p12 b/roles/odfees/files/Arne Oslebo.p12
new file mode 100644
index 0000000000000000000000000000000000000000..273c8018b7bed8f691d9e9c24f5fa9d6425a0e79
Binary files /dev/null and b/roles/odfees/files/Arne Oslebo.p12 differ
diff --git a/roles/odfees/files/Bozidar Proevski.p12 b/roles/odfees/files/Bozidar Proevski.p12
new file mode 100644
index 0000000000000000000000000000000000000000..24010a64063a960d554cd4e895e17b9e2e62362a
Binary files /dev/null and b/roles/odfees/files/Bozidar Proevski.p12 differ
diff --git a/roles/odfees/files/SOCTOOLS-CA.crt b/roles/odfees/files/SOCTOOLS-CA.crt
new file mode 100644
index 0000000000000000000000000000000000000000..04b1f203d036d2219c23c4ea3630115d68510eb8
--- /dev/null
+++ b/roles/odfees/files/SOCTOOLS-CA.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNTCCAh2gAwIBAgIJAIp0kyaAW0K3MA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV
+BAMMC1NPQ1RPT0xTLUNBMB4XDTIwMTAzMDEwNDcxOFoXDTMwMTAyODEwNDcxOFow
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC1GZDFZJPR7AYkhEsB9U6qtK+40di3KOeTwRosJ7hvP1FQjwnIC37B
+UlVq15KEgRTCcXgLH0CdtzC1Rkz+AUCLyKTOGmNCqmvyMcESdpuoI1NULkv0QeYX
+Mj4Q1Lh0RldqZpEr32UfsVowBPPhijAUlVAHeJLvji/tnUvI++9no2hx03UAhjTM
+M59AviYsRT3DUkciNSllpwV+7B2pgnpRgzsbVGP2cheaaRYG9DAbRTLrAtVxO0WJ
+c/zNGSpvXuOyBK30/pwGMvhNGPeckElSpDfaepuA8ZDcfaKNk0kEBvzIlUrpZBmv
+tBc5DmpfEBlSk5UK/0XSblKE5dOqlWc1AgMBAAGjgYUwgYIwHQYDVR0OBBYEFHkG
+ykDTn5pUrtMzTfI4PrYL8z3PMEYGA1UdIwQ/MD2AFHkGykDTn5pUrtMzTfI4PrYL
+8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09MUy1DQYIJAIp0kyaAW0K3MAwGA1Ud
+EwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQA0XK1+Eg+j
+JdwKnUpnwPq+fsyrCs4TF1DgwtqY4yr1KCw0QSPMK9ldLp62lJaRnrPE7ZGOQ7sd
+z82yEM8nMulNREp3TZwuVFaWgs0yLVKkfqZ0jNGDuEf8AJAynI4ynRbtYxtYzBDy
+XgJPk9lKK/gR14IXBet/dGbZf4yHiMzldMCb0dWzyDS1S+Y1iLTRCmpmRbFow12g
+CjNoSxdyoJPZavcOVWa4tDc3PLMdkgdY20ewo3IvCQTOg9ogVX4Hq5/M4xTz8XUX
+nHeUqshdkPVGFCIujCBg9131RYSE0SkVrPUaIbP9tgzabkZWwhiq8oSpTBmIi9qh
+GPiQTFGknE1U
+-----END CERTIFICATE-----
diff --git a/roles/odfees/files/cacerts.jks b/roles/odfees/files/cacerts.jks
new file mode 100644
index 0000000000000000000000000000000000000000..9d4001b7d9a466941cda896b6bf145bf2f02020c
Binary files /dev/null and b/roles/odfees/files/cacerts.jks differ
diff --git a/roles/odfees/files/dsoclab-odfe-1.p12 b/roles/odfees/files/dsoclab-odfe-1.p12
new file mode 100644
index 0000000000000000000000000000000000000000..ed4bd60a1d96595774f510ecfd8c864a09e8d338
Binary files /dev/null and b/roles/odfees/files/dsoclab-odfe-1.p12 differ
diff --git a/roles/odfees/files/dsoclab-odfe-2.p12 b/roles/odfees/files/dsoclab-odfe-2.p12
new file mode 100644
index 0000000000000000000000000000000000000000..106170ff7a325bccade7cfecf2f60642e866a4a0
Binary files /dev/null and b/roles/odfees/files/dsoclab-odfe-2.p12 differ
diff --git a/roles/odfekibana/files/Arne Oslebo.p12 b/roles/odfekibana/files/Arne Oslebo.p12
new file mode 100644
index 0000000000000000000000000000000000000000..273c8018b7bed8f691d9e9c24f5fa9d6425a0e79
Binary files /dev/null and b/roles/odfekibana/files/Arne Oslebo.p12 differ
diff --git a/roles/odfekibana/files/Bozidar Proevski.p12 b/roles/odfekibana/files/Bozidar Proevski.p12
new file mode 100644
index 0000000000000000000000000000000000000000..24010a64063a960d554cd4e895e17b9e2e62362a
Binary files /dev/null and b/roles/odfekibana/files/Bozidar Proevski.p12 differ
diff --git a/roles/odfekibana/files/SOCTOOLS-CA.crt b/roles/odfekibana/files/SOCTOOLS-CA.crt
new file mode 100644
index 0000000000000000000000000000000000000000..04b1f203d036d2219c23c4ea3630115d68510eb8
--- /dev/null
+++ b/roles/odfekibana/files/SOCTOOLS-CA.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNTCCAh2gAwIBAgIJAIp0kyaAW0K3MA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV
+BAMMC1NPQ1RPT0xTLUNBMB4XDTIwMTAzMDEwNDcxOFoXDTMwMTAyODEwNDcxOFow
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC1GZDFZJPR7AYkhEsB9U6qtK+40di3KOeTwRosJ7hvP1FQjwnIC37B
+UlVq15KEgRTCcXgLH0CdtzC1Rkz+AUCLyKTOGmNCqmvyMcESdpuoI1NULkv0QeYX
+Mj4Q1Lh0RldqZpEr32UfsVowBPPhijAUlVAHeJLvji/tnUvI++9no2hx03UAhjTM
+M59AviYsRT3DUkciNSllpwV+7B2pgnpRgzsbVGP2cheaaRYG9DAbRTLrAtVxO0WJ
+c/zNGSpvXuOyBK30/pwGMvhNGPeckElSpDfaepuA8ZDcfaKNk0kEBvzIlUrpZBmv
+tBc5DmpfEBlSk5UK/0XSblKE5dOqlWc1AgMBAAGjgYUwgYIwHQYDVR0OBBYEFHkG
+ykDTn5pUrtMzTfI4PrYL8z3PMEYGA1UdIwQ/MD2AFHkGykDTn5pUrtMzTfI4PrYL
+8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09MUy1DQYIJAIp0kyaAW0K3MAwGA1Ud
+EwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQA0XK1+Eg+j
+JdwKnUpnwPq+fsyrCs4TF1DgwtqY4yr1KCw0QSPMK9ldLp62lJaRnrPE7ZGOQ7sd
+z82yEM8nMulNREp3TZwuVFaWgs0yLVKkfqZ0jNGDuEf8AJAynI4ynRbtYxtYzBDy
+XgJPk9lKK/gR14IXBet/dGbZf4yHiMzldMCb0dWzyDS1S+Y1iLTRCmpmRbFow12g
+CjNoSxdyoJPZavcOVWa4tDc3PLMdkgdY20ewo3IvCQTOg9ogVX4Hq5/M4xTz8XUX
+nHeUqshdkPVGFCIujCBg9131RYSE0SkVrPUaIbP9tgzabkZWwhiq8oSpTBmIi9qh
+GPiQTFGknE1U
+-----END CERTIFICATE-----
diff --git a/roles/odfekibana/files/cacerts.jks b/roles/odfekibana/files/cacerts.jks
new file mode 100644
index 0000000000000000000000000000000000000000..9d4001b7d9a466941cda896b6bf145bf2f02020c
Binary files /dev/null and b/roles/odfekibana/files/cacerts.jks differ
diff --git a/roles/odfekibana/files/dsoclab-kibana.crt b/roles/odfekibana/files/dsoclab-kibana.crt
new file mode 100644
index 0000000000000000000000000000000000000000..f47839f66eda87805afce110cf5d0c2e136e8abe
--- /dev/null
+++ b/roles/odfekibana/files/dsoclab-kibana.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 7d:fc:33:45:75:73:e8:f1:60:94:a7:4e:6b:2f:23:f1
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:27 2020 GMT
+ Not After : Oct 15 10:47:27 2023 GMT
+ Subject: CN=dsoclab-kibana
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:ce:4f:c9:0f:84:4d:4e:7b:dc:11:90:c9:49:a8:
+ f3:60:44:a8:25:1b:59:83:64:0b:d1:e0:bc:59:50:
+ 22:a5:f5:88:7a:c8:40:65:e4:22:3d:77:d2:8f:9e:
+ 30:17:80:5e:20:85:bc:70:67:61:cb:d8:e2:9f:9a:
+ 7c:7b:a6:e8:4e:79:7b:cd:86:6e:26:52:37:45:b6:
+ ab:b7:6f:40:8f:7a:55:8b:d1:91:cc:21:6f:55:37:
+ 50:3b:72:1f:2d:3b:bf:75:47:91:88:6a:1c:ea:39:
+ dd:8b:25:31:55:0e:bc:52:6f:bf:0b:96:ef:e3:12:
+ 5c:da:63:22:54:e5:b3:95:8b:02:9e:57:3e:7b:4f:
+ a0:f5:6f:07:a8:5b:45:7c:cb:34:83:77:34:a5:b1:
+ ff:05:12:88:8f:cc:c4:05:5d:e9:e7:7d:2b:12:fa:
+ bb:4d:25:f4:f7:04:e7:95:06:95:ea:a9:c4:75:4e:
+ f7:03:67:2d:9c:9a:f4:01:f6:2a:8d:6c:6d:d0:59:
+ a9:ce:1f:12:b1:76:39:c8:07:d4:20:73:1e:f3:9c:
+ b9:67:83:3b:a8:7c:6e:fb:86:ea:3f:6a:8e:98:4c:
+ 39:a9:d1:4d:be:9f:0a:43:49:1b:fd:09:67:b6:62:
+ 71:fd:87:9a:63:25:00:aa:c7:a1:4d:23:12:e3:56:
+ 0f:6f
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 50:F3:7D:4F:B2:8C:A5:09:FD:64:CB:C1:97:F1:F8:49:C8:6B:30:4D
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-kibana, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ ae:be:82:6f:6d:e6:c4:cb:c3:2a:d9:d6:ee:11:52:a6:de:89:
+ 9e:31:a3:e2:86:07:e9:d1:fe:95:c9:a2:38:90:df:05:ff:e5:
+ 99:27:e8:d8:55:00:8a:85:b3:15:a5:e5:5b:ce:4e:4f:01:3b:
+ 74:a4:b2:09:fc:6e:95:92:94:2f:76:0d:c7:97:1b:78:c1:08:
+ 1e:3a:0e:fa:a6:ab:db:1e:22:26:86:39:f4:bb:89:a1:a1:d1:
+ 55:f6:c3:ff:9b:a5:eb:1b:6a:84:8a:1d:3c:5f:7c:03:0d:08:
+ 42:6f:d7:14:86:61:38:66:65:f7:c2:86:68:db:81:e9:41:0f:
+ 82:cf:bb:be:fd:d7:94:48:cc:f8:cf:4a:40:ce:33:c4:75:51:
+ 00:7e:c7:93:f6:3b:92:c1:5e:8a:ce:5f:2c:c2:f4:fe:ec:77:
+ 9e:ea:30:d9:53:ee:f9:b9:fd:50:f5:6b:92:1c:57:d2:e0:f3:
+ 05:d8:79:a9:63:16:13:09:cf:5f:39:dc:ec:43:e4:65:45:43:
+ 65:e4:7c:39:a3:a2:81:47:ab:8f:57:a9:89:9d:56:4b:77:b1:
+ 04:c8:9c:54:d2:5c:28:f5:d3:66:ae:9a:9c:a5:91:c7:eb:20:
+ 69:fb:58:99:c7:5e:be:ec:4a:7a:62:09:fe:3b:30:f2:4a:d7:
+ 1d:f9:0b:c3
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIQffwzRXVz6PFglKdOay8j8TANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjdaFw0yMzEwMTUx
+MDQ3MjdaMBkxFzAVBgNVBAMMDmRzb2NsYWIta2liYW5hMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAzk/JD4RNTnvcEZDJSajzYESoJRtZg2QL0eC8WVAi
+pfWIeshAZeQiPXfSj54wF4BeIIW8cGdhy9jin5p8e6boTnl7zYZuJlI3Rbart29A
+j3pVi9GRzCFvVTdQO3IfLTu/dUeRiGoc6jndiyUxVQ68Um+/C5bv4xJc2mMiVOWz
+lYsCnlc+e0+g9W8HqFtFfMs0g3c0pbH/BRKIj8zEBV3p530rEvq7TSX09wTnlQaV
+6qnEdU73A2ctnJr0AfYqjWxt0Fmpzh8SsXY5yAfUIHMe85y5Z4M7qHxu+4bqP2qO
+mEw5qdFNvp8KQ0kb/QlntmJx/YeaYyUAqsehTSMS41YPbwIDAQABo4HcMIHZMAkG
+A1UdEwQCMAAwHQYDVR0OBBYEFFDzfU+yjKUJ/WTLwZfx+EnIazBNMEYGA1UdIwQ/
+MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
+Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
+BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1raWJhbmGCHmRzb2NsYWIu
+Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEArr6Cb23m
+xMvDKtnW7hFSpt6JnjGj4oYH6dH+lcmiOJDfBf/lmSfo2FUAioWzFaXlW85OTwE7
+dKSyCfxulZKUL3YNx5cbeMEIHjoO+qar2x4iJoY59LuJoaHRVfbD/5ul6xtqhIod
+PF98Aw0IQm/XFIZhOGZl98KGaNuB6UEPgs+7vv3XlEjM+M9KQM4zxHVRAH7Hk/Y7
+ksFeis5fLML0/ux3nuow2VPu+bn9UPVrkhxX0uDzBdh5qWMWEwnPXznc7EPkZUVD
+ZeR8OaOigUerj1epiZ1WS3exBMicVNJcKPXTZq6anKWRx+sgaftYmcdevuxKemIJ
+/jsw8krXHfkLww==
+-----END CERTIFICATE-----
diff --git a/roles/odfekibana/files/dsoclab-kibana.key b/roles/odfekibana/files/dsoclab-kibana.key
new file mode 100644
index 0000000000000000000000000000000000000000..9eec2e4fa77aee5162699b82640aad24869304a8
--- /dev/null
+++ b/roles/odfekibana/files/dsoclab-kibana.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDOT8kPhE1Oe9wR
+kMlJqPNgRKglG1mDZAvR4LxZUCKl9Yh6yEBl5CI9d9KPnjAXgF4ghbxwZ2HL2OKf
+mnx7puhOeXvNhm4mUjdFtqu3b0CPelWL0ZHMIW9VN1A7ch8tO791R5GIahzqOd2L
+JTFVDrxSb78Llu/jElzaYyJU5bOViwKeVz57T6D1bweoW0V8yzSDdzSlsf8FEoiP
+zMQFXennfSsS+rtNJfT3BOeVBpXqqcR1TvcDZy2cmvQB9iqNbG3QWanOHxKxdjnI
+B9Qgcx7znLlngzuofG77huo/ao6YTDmp0U2+nwpDSRv9CWe2YnH9h5pjJQCqx6FN
+IxLjVg9vAgMBAAECggEBAKJC7gdeLs8Da1oFXcqpLoEQfo5wrD5CeWlgL8Ku3BFa
+wzSOOtfoTWW6z8hUyc4yD9XUWRiutqP0uIh+oFlANIVD1rMWf5t0HjSeLv/eaBBw
+Tsfg06KQyVdkYZ3fa9XPoA1FdJitnIA7cpr1bY9QP502djNPSux0jMLWJTJQVqXN
+fXykLoIvB8xIPWbJAJMgF75turJMFT3wGN+qjCzbsZqIHmqp4eaKoH4Mz+Y6SJcA
+uSzCdGKVPxHUVZbtkXn5GZXFx5YQ0wwRHJRWQ6Fn49HtKc5vBc7PN8fG18+s3DA2
+BR7MLgIaHGBKsnJgcOOZQiRCQP/uBBEIxIF0qU3h5UECgYEA6aiUvvBNcShCRaaH
+Wf5GpYTT1ANNv5+3sCTy4KKt3yCxyyn5ENEFL1i8w6/LffGIAsoLnoEcxWV/fhLy
+ZH5FzIYxlR/w2rddUyOXENx/9CWw/IhL91U9525JCJ0B0TBkZ9842ORX7kcI8+0g
+4oaC5bDYTZotAto4ftNIzmfznesCgYEA4gnREIl4nv9v28x5aUS+HhSpsH9kkVrr
+FQ0amCJSHu4U9J39MXS3Fju3rlmZG59J9ymEQ4tr0Hq3S+tsTy4hP5d67/KtoxKr
+3smyKduX6gfOmEy3TjCSc+OMebM7lX0crX2+0JCm355yDC8fxdAGxpmqYvwmVw9Q
+NbIb2mHR/40CgYEAjshlnQhbSnq/hLBupZ+srBivGS+rox2Gsizh/kNq3J6uBuhv
+Osd/0572Ot6CC0Q9SPcOgp2DZ1zOu8v4M1C2dnTKd8Y8+Gp0rQlilvsndZpSvP7M
+7Sc53OKX3puTMLHRqWfO5TskQIdIAUc2gTaRZqragxFj0App25ZhN0BurmECgYEA
+uM8L5vhu7ZitjUk17zKsOo3sW4kc4ZczY4fOOZq+B9niukm+LMRfuUbkHCHXg/UN
+lY6VPGBuqwraeLEoYei2eHbSpgKFozHt4f6Is55+K3Nsn6sBqGUgKK5gOVSon8Wm
+P9byvzW1qlmyp3GUCbjXAWO8IqhEdKPpka1pBnk6KDUCgYAhGqRGJ7NG4+Wz/0/5
+Z/IQeEsLO4lB7EuIADn9udmrYgYqv7sHDzhIUOviJPRgf2ag68LEXXZsC029famu
+/wbhD6pw1yq0QKGDcgH/LzHL9+74TqRlT7drPyOFPqOGPKtc88wL/aXRC90n7dsT
+jFEbunnLOfUUjgxXiJpNU0FtjQ==
+-----END PRIVATE KEY-----
diff --git a/roles/odfekibana/files/dsoclab-kibana.p12 b/roles/odfekibana/files/dsoclab-kibana.p12
new file mode 100644
index 0000000000000000000000000000000000000000..f9e8737d615ab77c25857cf3b3c8eb2d77f03104
Binary files /dev/null and b/roles/odfekibana/files/dsoclab-kibana.p12 differ
diff --git a/roles/odfekibana/files/kibanasecret b/roles/odfekibana/files/kibanasecret
new file mode 100644
index 0000000000000000000000000000000000000000..ec28be7e844bd0eaefbc32f1d4196e27aa41e19b
--- /dev/null
+++ b/roles/odfekibana/files/kibanasecret
@@ -0,0 +1,3 @@
+{
+ "value" : "19125de3-27fa-40e8-83bf-fdb8c8338b99"
+}
\ No newline at end of file
diff --git a/roles/thehive/vars/main.yml b/roles/thehive/vars/main.yml
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..9bd28130c01061a4f27223a674704f228dc654d6 100644
--- a/roles/thehive/vars/main.yml
+++ b/roles/thehive/vars/main.yml
@@ -0,0 +1,16 @@
+---
+
+THEHIVE_USERS:
+ - kiril:
+ username: "kiril"
+ name: "Kiril"
+ surname: "Kiroski"
+ roles: '["read", "write", "admin"]'
+ organization: "uninett.no"
+ - temur:
+ username: "temur"
+ name: "Temur"
+ surname: "Maisuradze"
+ roles: '["read", "write", "admin"]'
+ organization: "uninett.no"
+
diff --git a/soctools-inventory b/soctools-inventory
new file mode 100644
index 0000000000000000000000000000000000000000..cff0d648d769176bf1292cfcd88493c12ac03120
--- /dev/null
+++ b/soctools-inventory
@@ -0,0 +1,35 @@
+[dsldev]
+localhost ansible_connection=local
+
+[nificontainers]
+dsoclab-nifi-1 ansible_connection=docker
+dsoclab-nifi-2 ansible_connection=docker
+dsoclab-nifi-3 ansible_connection=docker
+
+[odfeescontainers]
+dsoclab-odfe-1 ansible_connection=docker
+dsoclab-odfe-2 ansible_connection=docker
+
+[odfekibanacontainers]
+dsoclab-kibana ansible_connection=docker
+
+[keycloakcontainers]
+dsoclab-keycloak ansible_connection=docker
+
+[mysql]
+dsoclab-mysql ansible_connection=docker
+
+[mispcontainers]
+dsoclab-misp ansible_connection=docker
+
+[cassandra]
+dsoclab-cassandra ansible_connection=docker
+
+[thehive]
+dsoclab-thehive ansible_connection=docker
+
+[cortex]
+dsoclab-cortex ansible_connection=docker
+
+[haproxy]
+dsoclab-haproxy ansible_connection=docker