From 26d099df2d591ac2b661b75d32ba183dde324f66 Mon Sep 17 00:00:00 2001
From: "kiril.kjiroski@finki.ukim.mk" <kiril.kjiroski@finki.ukim.mk>
Date: Fri, 29 Jan 2021 14:10:42 +0000
Subject: [PATCH] Working version with implemented keycloak integration for
thehive & user creation via API
---
buildimages.yml | 2 +-
inventories/build/group_vars/all.yml | 4 +
inventories/build/hosts.yml | 12 +
inventories/deploy/group_vars/haproxy.yml | 11 +
inventories/deploy/group_vars/nifi.yml | 19 +
inventories/deploy/group_vars/zookeeper.yml | 7 +
inventories/deploy/hosts.yml.example | 21 +
razliki | 466 +++++++++++++++
roles/build/files/cassandraDockerfile | 35 ++
roles/build/files/cortexDockerfile | 32 +
roles/build/files/elasticDockerfile | 21 +
roles/build/files/haproxyDockerfile | 71 +++
roles/build/files/keycloakDockerfile | 41 ++
roles/build/files/kibanaDockerfile | 18 +
roles/build/files/mispDockerfile | 84 +++
roles/build/files/mispstart.sh | 25 +
roles/build/files/mispsupervisord.conf | 25 +
roles/build/files/mysqlDockerfile | 13 +
roles/build/files/mysqlsupervisord.conf | 7 +
roles/build/files/nifiDockerfile | 97 +++
roles/build/files/odfeesDockerfile | 16 +
roles/build/files/odfekibanaDockerfile | 18 +
roles/build/files/openjdkDockerfile | 11 +
roles/build/files/thehiveDockerfile | 24 +
roles/build/files/thehive_button/.eslintrc | 7 +
.../.kibana-plugin-helpers.json | 2 +
roles/build/files/thehive_button/index.js | 19 +
roles/build/files/thehive_button/package.json | 35 ++
.../thehive_button/public/create_case.js | 101 ++++
.../build/files/thehive_button/public/env.js | 4 +
.../build/files/thehive_button/public/main.js | 54 ++
.../thehive_button/public/options_editor.js | 176 ++++++
.../public/options_template.html | 8 +
.../thehive_button/public/request_handler.js | 195 ++++++
.../files/thehive_button/public/vis.less | 3 +
.../thehive_button/public/vis_controller.js | 555 ++++++++++++++++++
.../thehive_button/server/routes/newcase.js | 153 +++++
.../thehive_button/thehive_button/.eslintrc | 7 +
.../.kibana-plugin-helpers.json | 2 +
.../thehive_button/thehive_button/index.js | 19 +
.../thehive_button/package.json | 35 ++
.../thehive_button/public/create_case.js | 101 ++++
.../thehive_button/public/env.js | 4 +
.../thehive_button/public/main.js | 54 ++
.../thehive_button/public/options_editor.js | 176 ++++++
.../public/options_template.html | 8 +
.../thehive_button/public/request_handler.js | 195 ++++++
.../thehive_button/public/vis.less | 3 +
.../thehive_button/public/vis_controller.js | 555 ++++++++++++++++++
.../thehive_button/server/routes/newcase.js | 153 +++++
roles/build/files/zookeeperDockerfile | 34 ++
roles/build/tasks/cassandra.yml | 11 +
roles/build/tasks/cortex.yml | 11 +
roles/build/tasks/haproxy.yml | 10 +
roles/build/tasks/keycloak.yml | 18 +
roles/build/tasks/misp.yml | 20 +
roles/build/tasks/mysql.yml | 15 +
roles/build/tasks/nifi.yml | 11 +
roles/build/tasks/odfees.yml | 18 +
roles/build/tasks/odfekibana.yml | 22 +
roles/build/tasks/openjdk.yml | 11 +
roles/build/tasks/thehive.yml | 11 +
roles/build/tasks/zookeeper.yml | 11 +
.../templates/cassandra/cassandra.repo.j2 | 6 +
roles/build/templates/cassandra/start.sh.j2 | 10 +
.../templates/cassandra/supervisord.conf.j2 | 10 +
.../build/templates/misp/supervisord.conf.j2 | 25 +
.../build/templates/mysql/supervisord.conf.j2 | 7 +
.../templates/odfees/Dockerfile-elastic.j2 | 21 +
.../odfees/Dockerfile-odfeelastic.j2 | 16 +
.../odfekibana/Dockerfile-odfekibana.j2 | 18 +
roles/build/templates/thehive/start.sh | 10 +
.../build/templates/thehive/supervisord.conf | 10 +
roles/build/templates/thehive/thehive.repo | 7 +
roles/ca/files/CA/.rnd | Bin 0 -> 1024 bytes
roles/ca/files/CA/ca.crt | 20 +
.../01EC4DAD3E5E47CF4E4B98495932B337.pem | 88 +++
.../1DD9AF5415359961C578D1B98BFA6E9F.pem | 84 +++
.../560A99C5A03FC4B9FC92FDC62F419BB9.pem | 88 +++
.../5969918F10EF8D2BAE46B26D6D629D8E.pem | 88 +++
.../5DC4BC495FA076A813A4C23261640D92.pem | 88 +++
.../61095C2C8D35EE291C99CEABD42B3CA4.pem | 88 +++
.../7587FCE4CF3EC68117199076B12CD5D2.pem | 88 +++
.../7DFC33457573E8F16094A74E6B2F23F1.pem | 88 +++
.../8B69055F8586CEDD21660B2493412660.pem | 88 +++
.../97D2D0CF2300C0A966D103CA89A99212.pem | 88 +++
.../A7217943DDD1145BC6F68CBA362CB35B.pem | 84 +++
.../D27B43CB9BFB09CFCC86EFD1019A42FC.pem | 88 +++
.../FE7583DEF2355A2C2BBA09720BD80948.pem | 88 +++
roles/ca/files/CA/extensions.temp | 15 +
roles/ca/files/CA/index.txt | 13 +
roles/ca/files/CA/index.txt.attr | 1 +
roles/ca/files/CA/index.txt.attr.old | 1 +
roles/ca/files/CA/index.txt.old | 12 +
roles/ca/files/CA/issued/Arne Oslebo.crt | 84 +++
roles/ca/files/CA/issued/Bozidar Proevski.crt | 84 +++
roles/ca/files/CA/issued/dsoclab-cortex.crt | 88 +++
roles/ca/files/CA/issued/dsoclab-haproxy.crt | 88 +++
roles/ca/files/CA/issued/dsoclab-keycloak.crt | 88 +++
roles/ca/files/CA/issued/dsoclab-kibana.crt | 88 +++
roles/ca/files/CA/issued/dsoclab-misp.crt | 88 +++
roles/ca/files/CA/issued/dsoclab-nifi-1.crt | 88 +++
roles/ca/files/CA/issued/dsoclab-nifi-2.crt | 88 +++
roles/ca/files/CA/issued/dsoclab-nifi-3.crt | 88 +++
roles/ca/files/CA/issued/dsoclab-odfe-1.crt | 88 +++
roles/ca/files/CA/issued/dsoclab-odfe-2.crt | 88 +++
roles/ca/files/CA/issued/dsoclab-thehive.crt | 88 +++
roles/ca/files/CA/openssl-easyrsa.cnf | 140 +++++
roles/ca/files/CA/private/Arne Oslebo.key | 28 +
roles/ca/files/CA/private/Arne Oslebo.p12 | Bin 0 -> 3325 bytes
.../ca/files/CA/private/Bozidar Proevski.key | 28 +
.../ca/files/CA/private/Bozidar Proevski.p12 | Bin 0 -> 3325 bytes
roles/ca/files/CA/private/ca.key | 27 +
roles/ca/files/CA/private/dsoclab-cortex.key | 28 +
roles/ca/files/CA/private/dsoclab-cortex.p12 | Bin 0 -> 3397 bytes
roles/ca/files/CA/private/dsoclab-haproxy.key | 28 +
.../ca/files/CA/private/dsoclab-keycloak.key | 28 +
.../ca/files/CA/private/dsoclab-keycloak.p12 | Bin 0 -> 3397 bytes
roles/ca/files/CA/private/dsoclab-kibana.key | 28 +
roles/ca/files/CA/private/dsoclab-kibana.p12 | Bin 0 -> 3397 bytes
roles/ca/files/CA/private/dsoclab-misp.key | 28 +
roles/ca/files/CA/private/dsoclab-misp.p12 | Bin 0 -> 3389 bytes
roles/ca/files/CA/private/dsoclab-nifi-1.key | 28 +
roles/ca/files/CA/private/dsoclab-nifi-1.p12 | Bin 0 -> 3397 bytes
roles/ca/files/CA/private/dsoclab-nifi-2.key | 28 +
roles/ca/files/CA/private/dsoclab-nifi-2.p12 | Bin 0 -> 3397 bytes
roles/ca/files/CA/private/dsoclab-nifi-3.key | 28 +
roles/ca/files/CA/private/dsoclab-nifi-3.p12 | Bin 0 -> 3397 bytes
roles/ca/files/CA/private/dsoclab-odfe-1.key | 28 +
roles/ca/files/CA/private/dsoclab-odfe-1.p12 | Bin 0 -> 3397 bytes
roles/ca/files/CA/private/dsoclab-odfe-2.key | 28 +
roles/ca/files/CA/private/dsoclab-odfe-2.p12 | Bin 0 -> 3397 bytes
roles/ca/files/CA/private/dsoclab-thehive.key | 28 +
roles/ca/files/CA/private/dsoclab-thehive.p12 | Bin 0 -> 3397 bytes
roles/ca/files/CA/reqs/Arne Oslebo.req | 15 +
roles/ca/files/CA/reqs/Bozidar Proevski.req | 15 +
roles/ca/files/CA/reqs/dsoclab-cortex.req | 17 +
roles/ca/files/CA/reqs/dsoclab-haproxy.req | 17 +
roles/ca/files/CA/reqs/dsoclab-keycloak.req | 17 +
roles/ca/files/CA/reqs/dsoclab-kibana.req | 17 +
roles/ca/files/CA/reqs/dsoclab-misp.req | 17 +
roles/ca/files/CA/reqs/dsoclab-nifi-1.req | 17 +
roles/ca/files/CA/reqs/dsoclab-nifi-2.req | 17 +
roles/ca/files/CA/reqs/dsoclab-nifi-3.req | 17 +
roles/ca/files/CA/reqs/dsoclab-odfe-1.req | 17 +
roles/ca/files/CA/reqs/dsoclab-odfe-2.req | 17 +
roles/ca/files/CA/reqs/dsoclab-thehive.req | 17 +
roles/ca/files/CA/safessl-easyrsa.cnf | 140 +++++
roles/ca/files/CA/serial | 1 +
roles/ca/files/CA/serial.old | 1 +
roles/ca/files/truststore/SOCTOOLS-CA.crt | 20 +
roles/ca/files/truststore/cacerts.jks | Bin 0 -> 893 bytes
roles/cortex/files/SOCTOOLS-CA.crt | 20 +
roles/cortex/files/cacerts.jks | Bin 0 -> 893 bytes
roles/cortex/files/cortexsecret | 3 +
roles/cortex/files/dsoclab-cortex.crt | 88 +++
roles/cortex/files/dsoclab-cortex.key | 28 +
roles/cortex/files/dsoclab-cortex.p12 | Bin 0 -> 3397 bytes
roles/cortex/files/logback.xml | 47 ++
roles/haproxy/files/dsoclab-haproxy.crt | 88 +++
roles/haproxy/files/dsoclab-haproxy.key | 28 +
roles/haproxy/files/haproxy.cfg | 17 +
roles/keycloak/files/SOCTOOLS-CA.crt | 20 +
roles/keycloak/files/cacerts.jks | Bin 0 -> 893 bytes
roles/keycloak/files/dsoclab-keycloak.crt | 88 +++
roles/keycloak/files/dsoclab-keycloak.key | 28 +
roles/misp/files/SOCTOOLS-CA.crt | 20 +
roles/misp/files/cacerts.jks | Bin 0 -> 893 bytes
roles/misp/files/dsoclab-misp.crt | 88 +++
roles/misp/files/dsoclab-misp.key | 28 +
roles/misp/templates/config.php.j2 | 84 +++
roles/nifi/files/SOCTOOLS-CA.crt | 20 +
roles/nifi/files/cacerts.jks | Bin 0 -> 893 bytes
roles/nifi/files/dsoclab-nifi-1.p12 | Bin 0 -> 3397 bytes
roles/nifi/files/dsoclab-nifi-2.p12 | Bin 0 -> 3397 bytes
roles/nifi/files/dsoclab-nifi-3.p12 | Bin 0 -> 3397 bytes
roles/nifi/files/nifisecret | 3 +
roles/odfees/files/Arne Oslebo.p12 | Bin 0 -> 3325 bytes
roles/odfees/files/Bozidar Proevski.p12 | Bin 0 -> 3325 bytes
roles/odfees/files/SOCTOOLS-CA.crt | 20 +
roles/odfees/files/cacerts.jks | Bin 0 -> 893 bytes
roles/odfees/files/dsoclab-odfe-1.p12 | Bin 0 -> 3397 bytes
roles/odfees/files/dsoclab-odfe-2.p12 | Bin 0 -> 3397 bytes
roles/odfekibana/files/Arne Oslebo.p12 | Bin 0 -> 3325 bytes
roles/odfekibana/files/Bozidar Proevski.p12 | Bin 0 -> 3325 bytes
roles/odfekibana/files/SOCTOOLS-CA.crt | 20 +
roles/odfekibana/files/cacerts.jks | Bin 0 -> 893 bytes
roles/odfekibana/files/dsoclab-kibana.crt | 88 +++
roles/odfekibana/files/dsoclab-kibana.key | 28 +
roles/odfekibana/files/dsoclab-kibana.p12 | Bin 0 -> 3397 bytes
roles/odfekibana/files/kibanasecret | 3 +
roles/thehive/vars/main.yml | 16 +
soctools-inventory | 35 ++
193 files changed, 8198 insertions(+), 1 deletion(-)
create mode 100644 inventories/build/group_vars/all.yml
create mode 100644 inventories/build/hosts.yml
create mode 100644 inventories/deploy/group_vars/haproxy.yml
create mode 100644 inventories/deploy/group_vars/nifi.yml
create mode 100644 inventories/deploy/group_vars/zookeeper.yml
create mode 100644 inventories/deploy/hosts.yml.example
create mode 100644 razliki
create mode 100644 roles/build/files/cassandraDockerfile
create mode 100644 roles/build/files/cortexDockerfile
create mode 100644 roles/build/files/elasticDockerfile
create mode 100644 roles/build/files/haproxyDockerfile
create mode 100644 roles/build/files/keycloakDockerfile
create mode 100644 roles/build/files/kibanaDockerfile
create mode 100644 roles/build/files/mispDockerfile
create mode 100644 roles/build/files/mispstart.sh
create mode 100644 roles/build/files/mispsupervisord.conf
create mode 100644 roles/build/files/mysqlDockerfile
create mode 100644 roles/build/files/mysqlsupervisord.conf
create mode 100644 roles/build/files/nifiDockerfile
create mode 100644 roles/build/files/odfeesDockerfile
create mode 100644 roles/build/files/odfekibanaDockerfile
create mode 100644 roles/build/files/openjdkDockerfile
create mode 100644 roles/build/files/thehiveDockerfile
create mode 100644 roles/build/files/thehive_button/.eslintrc
create mode 100644 roles/build/files/thehive_button/.kibana-plugin-helpers.json
create mode 100644 roles/build/files/thehive_button/index.js
create mode 100644 roles/build/files/thehive_button/package.json
create mode 100644 roles/build/files/thehive_button/public/create_case.js
create mode 100644 roles/build/files/thehive_button/public/env.js
create mode 100644 roles/build/files/thehive_button/public/main.js
create mode 100644 roles/build/files/thehive_button/public/options_editor.js
create mode 100644 roles/build/files/thehive_button/public/options_template.html
create mode 100644 roles/build/files/thehive_button/public/request_handler.js
create mode 100644 roles/build/files/thehive_button/public/vis.less
create mode 100644 roles/build/files/thehive_button/public/vis_controller.js
create mode 100644 roles/build/files/thehive_button/server/routes/newcase.js
create mode 100644 roles/build/files/thehive_button/thehive_button/.eslintrc
create mode 100644 roles/build/files/thehive_button/thehive_button/.kibana-plugin-helpers.json
create mode 100644 roles/build/files/thehive_button/thehive_button/index.js
create mode 100644 roles/build/files/thehive_button/thehive_button/package.json
create mode 100644 roles/build/files/thehive_button/thehive_button/public/create_case.js
create mode 100644 roles/build/files/thehive_button/thehive_button/public/env.js
create mode 100644 roles/build/files/thehive_button/thehive_button/public/main.js
create mode 100644 roles/build/files/thehive_button/thehive_button/public/options_editor.js
create mode 100644 roles/build/files/thehive_button/thehive_button/public/options_template.html
create mode 100644 roles/build/files/thehive_button/thehive_button/public/request_handler.js
create mode 100644 roles/build/files/thehive_button/thehive_button/public/vis.less
create mode 100644 roles/build/files/thehive_button/thehive_button/public/vis_controller.js
create mode 100644 roles/build/files/thehive_button/thehive_button/server/routes/newcase.js
create mode 100644 roles/build/files/zookeeperDockerfile
create mode 100644 roles/build/tasks/cassandra.yml
create mode 100644 roles/build/tasks/cortex.yml
create mode 100644 roles/build/tasks/haproxy.yml
create mode 100644 roles/build/tasks/keycloak.yml
create mode 100644 roles/build/tasks/misp.yml
create mode 100644 roles/build/tasks/mysql.yml
create mode 100644 roles/build/tasks/nifi.yml
create mode 100644 roles/build/tasks/odfees.yml
create mode 100644 roles/build/tasks/odfekibana.yml
create mode 100644 roles/build/tasks/openjdk.yml
create mode 100644 roles/build/tasks/thehive.yml
create mode 100644 roles/build/tasks/zookeeper.yml
create mode 100644 roles/build/templates/cassandra/cassandra.repo.j2
create mode 100644 roles/build/templates/cassandra/start.sh.j2
create mode 100644 roles/build/templates/cassandra/supervisord.conf.j2
create mode 100644 roles/build/templates/misp/supervisord.conf.j2
create mode 100644 roles/build/templates/mysql/supervisord.conf.j2
create mode 100644 roles/build/templates/odfees/Dockerfile-elastic.j2
create mode 100644 roles/build/templates/odfees/Dockerfile-odfeelastic.j2
create mode 100644 roles/build/templates/odfekibana/Dockerfile-odfekibana.j2
create mode 100644 roles/build/templates/thehive/start.sh
create mode 100644 roles/build/templates/thehive/supervisord.conf
create mode 100644 roles/build/templates/thehive/thehive.repo
create mode 100644 roles/ca/files/CA/.rnd
create mode 100644 roles/ca/files/CA/ca.crt
create mode 100644 roles/ca/files/CA/certs_by_serial/01EC4DAD3E5E47CF4E4B98495932B337.pem
create mode 100644 roles/ca/files/CA/certs_by_serial/1DD9AF5415359961C578D1B98BFA6E9F.pem
create mode 100644 roles/ca/files/CA/certs_by_serial/560A99C5A03FC4B9FC92FDC62F419BB9.pem
create mode 100644 roles/ca/files/CA/certs_by_serial/5969918F10EF8D2BAE46B26D6D629D8E.pem
create mode 100644 roles/ca/files/CA/certs_by_serial/5DC4BC495FA076A813A4C23261640D92.pem
create mode 100644 roles/ca/files/CA/certs_by_serial/61095C2C8D35EE291C99CEABD42B3CA4.pem
create mode 100644 roles/ca/files/CA/certs_by_serial/7587FCE4CF3EC68117199076B12CD5D2.pem
create mode 100644 roles/ca/files/CA/certs_by_serial/7DFC33457573E8F16094A74E6B2F23F1.pem
create mode 100644 roles/ca/files/CA/certs_by_serial/8B69055F8586CEDD21660B2493412660.pem
create mode 100644 roles/ca/files/CA/certs_by_serial/97D2D0CF2300C0A966D103CA89A99212.pem
create mode 100644 roles/ca/files/CA/certs_by_serial/A7217943DDD1145BC6F68CBA362CB35B.pem
create mode 100644 roles/ca/files/CA/certs_by_serial/D27B43CB9BFB09CFCC86EFD1019A42FC.pem
create mode 100644 roles/ca/files/CA/certs_by_serial/FE7583DEF2355A2C2BBA09720BD80948.pem
create mode 100644 roles/ca/files/CA/extensions.temp
create mode 100644 roles/ca/files/CA/index.txt
create mode 100644 roles/ca/files/CA/index.txt.attr
create mode 100644 roles/ca/files/CA/index.txt.attr.old
create mode 100644 roles/ca/files/CA/index.txt.old
create mode 100644 roles/ca/files/CA/issued/Arne Oslebo.crt
create mode 100644 roles/ca/files/CA/issued/Bozidar Proevski.crt
create mode 100644 roles/ca/files/CA/issued/dsoclab-cortex.crt
create mode 100644 roles/ca/files/CA/issued/dsoclab-haproxy.crt
create mode 100644 roles/ca/files/CA/issued/dsoclab-keycloak.crt
create mode 100644 roles/ca/files/CA/issued/dsoclab-kibana.crt
create mode 100644 roles/ca/files/CA/issued/dsoclab-misp.crt
create mode 100644 roles/ca/files/CA/issued/dsoclab-nifi-1.crt
create mode 100644 roles/ca/files/CA/issued/dsoclab-nifi-2.crt
create mode 100644 roles/ca/files/CA/issued/dsoclab-nifi-3.crt
create mode 100644 roles/ca/files/CA/issued/dsoclab-odfe-1.crt
create mode 100644 roles/ca/files/CA/issued/dsoclab-odfe-2.crt
create mode 100644 roles/ca/files/CA/issued/dsoclab-thehive.crt
create mode 100644 roles/ca/files/CA/openssl-easyrsa.cnf
create mode 100644 roles/ca/files/CA/private/Arne Oslebo.key
create mode 100644 roles/ca/files/CA/private/Arne Oslebo.p12
create mode 100644 roles/ca/files/CA/private/Bozidar Proevski.key
create mode 100644 roles/ca/files/CA/private/Bozidar Proevski.p12
create mode 100644 roles/ca/files/CA/private/ca.key
create mode 100644 roles/ca/files/CA/private/dsoclab-cortex.key
create mode 100644 roles/ca/files/CA/private/dsoclab-cortex.p12
create mode 100644 roles/ca/files/CA/private/dsoclab-haproxy.key
create mode 100644 roles/ca/files/CA/private/dsoclab-keycloak.key
create mode 100644 roles/ca/files/CA/private/dsoclab-keycloak.p12
create mode 100644 roles/ca/files/CA/private/dsoclab-kibana.key
create mode 100644 roles/ca/files/CA/private/dsoclab-kibana.p12
create mode 100644 roles/ca/files/CA/private/dsoclab-misp.key
create mode 100644 roles/ca/files/CA/private/dsoclab-misp.p12
create mode 100644 roles/ca/files/CA/private/dsoclab-nifi-1.key
create mode 100644 roles/ca/files/CA/private/dsoclab-nifi-1.p12
create mode 100644 roles/ca/files/CA/private/dsoclab-nifi-2.key
create mode 100644 roles/ca/files/CA/private/dsoclab-nifi-2.p12
create mode 100644 roles/ca/files/CA/private/dsoclab-nifi-3.key
create mode 100644 roles/ca/files/CA/private/dsoclab-nifi-3.p12
create mode 100644 roles/ca/files/CA/private/dsoclab-odfe-1.key
create mode 100644 roles/ca/files/CA/private/dsoclab-odfe-1.p12
create mode 100644 roles/ca/files/CA/private/dsoclab-odfe-2.key
create mode 100644 roles/ca/files/CA/private/dsoclab-odfe-2.p12
create mode 100644 roles/ca/files/CA/private/dsoclab-thehive.key
create mode 100644 roles/ca/files/CA/private/dsoclab-thehive.p12
create mode 100644 roles/ca/files/CA/reqs/Arne Oslebo.req
create mode 100644 roles/ca/files/CA/reqs/Bozidar Proevski.req
create mode 100644 roles/ca/files/CA/reqs/dsoclab-cortex.req
create mode 100644 roles/ca/files/CA/reqs/dsoclab-haproxy.req
create mode 100644 roles/ca/files/CA/reqs/dsoclab-keycloak.req
create mode 100644 roles/ca/files/CA/reqs/dsoclab-kibana.req
create mode 100644 roles/ca/files/CA/reqs/dsoclab-misp.req
create mode 100644 roles/ca/files/CA/reqs/dsoclab-nifi-1.req
create mode 100644 roles/ca/files/CA/reqs/dsoclab-nifi-2.req
create mode 100644 roles/ca/files/CA/reqs/dsoclab-nifi-3.req
create mode 100644 roles/ca/files/CA/reqs/dsoclab-odfe-1.req
create mode 100644 roles/ca/files/CA/reqs/dsoclab-odfe-2.req
create mode 100644 roles/ca/files/CA/reqs/dsoclab-thehive.req
create mode 100644 roles/ca/files/CA/safessl-easyrsa.cnf
create mode 100644 roles/ca/files/CA/serial
create mode 100644 roles/ca/files/CA/serial.old
create mode 100644 roles/ca/files/truststore/SOCTOOLS-CA.crt
create mode 100644 roles/ca/files/truststore/cacerts.jks
create mode 100644 roles/cortex/files/SOCTOOLS-CA.crt
create mode 100644 roles/cortex/files/cacerts.jks
create mode 100644 roles/cortex/files/cortexsecret
create mode 100644 roles/cortex/files/dsoclab-cortex.crt
create mode 100644 roles/cortex/files/dsoclab-cortex.key
create mode 100644 roles/cortex/files/dsoclab-cortex.p12
create mode 100644 roles/cortex/files/logback.xml
create mode 100644 roles/haproxy/files/dsoclab-haproxy.crt
create mode 100644 roles/haproxy/files/dsoclab-haproxy.key
create mode 100644 roles/haproxy/files/haproxy.cfg
create mode 100644 roles/keycloak/files/SOCTOOLS-CA.crt
create mode 100644 roles/keycloak/files/cacerts.jks
create mode 100644 roles/keycloak/files/dsoclab-keycloak.crt
create mode 100644 roles/keycloak/files/dsoclab-keycloak.key
create mode 100644 roles/misp/files/SOCTOOLS-CA.crt
create mode 100644 roles/misp/files/cacerts.jks
create mode 100644 roles/misp/files/dsoclab-misp.crt
create mode 100644 roles/misp/files/dsoclab-misp.key
create mode 100644 roles/misp/templates/config.php.j2
create mode 100644 roles/nifi/files/SOCTOOLS-CA.crt
create mode 100644 roles/nifi/files/cacerts.jks
create mode 100644 roles/nifi/files/dsoclab-nifi-1.p12
create mode 100644 roles/nifi/files/dsoclab-nifi-2.p12
create mode 100644 roles/nifi/files/dsoclab-nifi-3.p12
create mode 100644 roles/nifi/files/nifisecret
create mode 100644 roles/odfees/files/Arne Oslebo.p12
create mode 100644 roles/odfees/files/Bozidar Proevski.p12
create mode 100644 roles/odfees/files/SOCTOOLS-CA.crt
create mode 100644 roles/odfees/files/cacerts.jks
create mode 100644 roles/odfees/files/dsoclab-odfe-1.p12
create mode 100644 roles/odfees/files/dsoclab-odfe-2.p12
create mode 100644 roles/odfekibana/files/Arne Oslebo.p12
create mode 100644 roles/odfekibana/files/Bozidar Proevski.p12
create mode 100644 roles/odfekibana/files/SOCTOOLS-CA.crt
create mode 100644 roles/odfekibana/files/cacerts.jks
create mode 100644 roles/odfekibana/files/dsoclab-kibana.crt
create mode 100644 roles/odfekibana/files/dsoclab-kibana.key
create mode 100644 roles/odfekibana/files/dsoclab-kibana.p12
create mode 100644 roles/odfekibana/files/kibanasecret
create mode 100644 soctools-inventory
diff --git a/buildimages.yml b/buildimages.yml
index 8a93583..d30f905 100644
--- a/buildimages.yml
+++ b/buildimages.yml
@@ -1,7 +1,7 @@
---
- name: Build docker images
- hosts: soctoolsmain
+ hosts: dsldev
roles:
- build
diff --git a/inventories/build/group_vars/all.yml b/inventories/build/group_vars/all.yml
new file mode 100644
index 0000000..7043236
--- /dev/null
+++ b/inventories/build/group_vars/all.yml
@@ -0,0 +1,4 @@
+---
+
+docker_image_path: images
+base_image: python:2.7-stretch
diff --git a/inventories/build/hosts.yml b/inventories/build/hosts.yml
new file mode 100644
index 0000000..4854638
--- /dev/null
+++ b/inventories/build/hosts.yml
@@ -0,0 +1,12 @@
+all:
+ hosts:
+ nifi-image:
+ ansible_connection: docker
+ ansible_python_interpreter: /usr/bin/python
+ localhost:
+ ansible_python_interpreter: /usr/bin/python
+ ansible_connection: local
+ children:
+ nifi:
+ hosts:
+ localhost:
diff --git a/inventories/deploy/group_vars/haproxy.yml b/inventories/deploy/group_vars/haproxy.yml
new file mode 100644
index 0000000..b53d50d
--- /dev/null
+++ b/inventories/deploy/group_vars/haproxy.yml
@@ -0,0 +1,11 @@
+---
+index: haproxy
+scale: "{{ haproxy_scale | default('1')}}"
+docker:
+ haproxy:
+ image: haproxy:latest
+ volumes:
+ - /usr/local/etc/haproxy/:/usr/local/etc/haproxy:ro
+ ports:
+ - "80:80"
+ source: pull
\ No newline at end of file
diff --git a/inventories/deploy/group_vars/nifi.yml b/inventories/deploy/group_vars/nifi.yml
new file mode 100644
index 0000000..5b71869
--- /dev/null
+++ b/inventories/deploy/group_vars/nifi.yml
@@ -0,0 +1,19 @@
+---
+index: nifi
+scale: "{{ nifi_scale | default('1')}}"
+docker:
+ nifi:
+# image: nifi-soctools #For nifi image built by soctools
+# source: load
+ image: apache/nifi:latest
+ source: pull
+ command: /opt/nifi/nifi-current/scripts/start.sh
+ env:
+ NIFI_HOME: "/opt/nifi/nifi-current"
+ NIFI_LOG_DIR: "/opt/nifi/nifi-current/logs"
+ NIFI_PID_DIR: "/opt/nifi/nifi-current/run"
+ NIFI_CLUSTER_IS_NODE: "true"
+ NIFI_ZK_CONNECT_STRING: "zookeeper_1:2181"
+ NIFI_CLUSTER_NODE_PROTOCOL_PORT: "8082"
+ NIFI_ELECTION_MAX_WAIT: "1 min"
+ load_path: "{{ image_location }}/nifi-soctools.tar"
diff --git a/inventories/deploy/group_vars/zookeeper.yml b/inventories/deploy/group_vars/zookeeper.yml
new file mode 100644
index 0000000..5604be8
--- /dev/null
+++ b/inventories/deploy/group_vars/zookeeper.yml
@@ -0,0 +1,7 @@
+---
+index: zookeeper
+scale: "{{ zookeeper_scale | default('1')}}"
+docker:
+ zookeeper:
+ image: zookeeper:latest
+ source: pull
\ No newline at end of file
diff --git a/inventories/deploy/hosts.yml.example b/inventories/deploy/hosts.yml.example
new file mode 100644
index 0000000..7d85e5b
--- /dev/null
+++ b/inventories/deploy/hosts.yml.example
@@ -0,0 +1,21 @@
+all:
+ hosts:
+ host1:
+ ansible_ssh_user: debian
+ ansible_python_interpreter: /usr/bin/python
+ become: yes
+ children:
+ soctools_server:
+ hosts:
+ host1:
+ nifi:
+ hosts:
+ host1:
+ nifi_scale: 3
+ haproxy:
+ hosts:
+ host1:
+ zookeeper:
+ hosts:
+ host1:
+ zookeeper_scale: 3
\ No newline at end of file
diff --git a/razliki b/razliki
new file mode 100644
index 0000000..10e6a9e
--- /dev/null
+++ b/razliki
@@ -0,0 +1,466 @@
+diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml
+index 6bb820d..c6adf5f 100644
+--- a/group_vars/all/main.yml
++++ b/group_vars/all/main.yml
+@@ -4,8 +4,32 @@ dslproxy: "dsoclab.gn4-3-wp8-soc.sunet.se"
+
+ # TheHive Button plugin
+ THEHIVE_URL: "https://hive.gn4-3-wp8-soc.sunet.se/"
+-THEHIVE_API_KEY: "5LymseWiurZBrQN8Kqp8O+9KniTL5cE0"
+-THEHIVE_OWNER: "admin"
++# here enter API key for default admin user
++THEHIVE_API_KEY: "bs2Jc3tGJqhVv0AYyX2NYlhMlorPz7mX"
++# ID of the default admin user
++THEHIVE_OWNER: "admin@thehive.local"
++
++# TheHive Create Organisation and Users
++# Login as default admin user and create API key, populate it here
++# thehive_admin_api: "KoHrKbIJm8XMsJxA9nZLs6YemCu76o3u"
++# thehive_writer: "[write]"
++
++#THEHIVE_API_KEY: "1gFdNhmUSxO3BRe1SBB5JYEvkW9UOo6s"
++THEHIVE_USERS:
++ - kiril:
++ username: "kiril"
++ name: "Kiril"
++ surname: "Kiroski"
++ roles: '["read", "write", "admin"]'
++ organization: "uninett.no"
++ - temur:
++ username: "temur"
++ name: "Temur"
++ surname: "Maisuradze"
++ roles: '["read", "write", "admin"]'
++ organization: "uninett.no"
++
++
+
+ soctools_netname: "soctoolsnet"
+ soctools_network: "172.22.0.0/16"
+@@ -82,6 +106,13 @@ soctools_users:
+ DN: "CN=Arne Oslebo"
+ CN: "Arne Oslebo"
+ password: "Pass002"
++ - firstname: "Kiril"
++ lastname: "Kjiroski"
++ username: "kiril.kjiroski"
++ email: "kiril.kjiroski@finki.ukim.mk"
++ DN: "CN=Kiril Kjiroski"
++ CN: "Kiril Kjiroski"
++ password: "Pass003"
+
+ odfees_img: "{{repo}}/odfees:{{version}}{{suffix}}"
+ odfekibana_img: "{{repo}}/odfekibana:{{version}}{{suffix}}"
+diff --git a/roles/ca/tasks/main.yml b/roles/ca/tasks/main.yml
+index ec25dad..6ca350a 100644
+--- a/roles/ca/tasks/main.yml
++++ b/roles/ca/tasks/main.yml
+@@ -229,6 +229,7 @@
+ - keycloak
+ - misp
+ - cortex
++ - thehive
+
+ - name: Copy ca cert to roles
+ copy:
+diff --git a/roles/cortex/tasks/main.yml b/roles/cortex/tasks/main.yml
+index 5d1eeb2..06b2639 100644
+--- a/roles/cortex/tasks/main.yml
++++ b/roles/cortex/tasks/main.yml
+@@ -31,6 +31,12 @@
+ - start
+ - startcortex
+
++- name: Get openid authkey
++ set_fact:
++ cortexsecret: "{{lookup('file', 'files/cortexsecret',convert_data=False) | from_json }}"
++ tags:
++ - start
++
+ - name: Configure embedded Elasticsearch 6
+ remote_user: root
+ template:
+@@ -61,6 +67,13 @@
+ - start
+ - startcortex
+
++- name: Configure Cortex logging
++ copy:
++ src: logback.xml
++ dest: /etc/cortex/logback.xml
++ tags:
++ - start
++
+ - name: Start Cortex
+ command: >
+ daemonize
+diff --git a/roles/cortex/templates/application.conf.j2 b/roles/cortex/templates/application.conf.j2
+index 35323e0..6d6d09c 100644
+--- a/roles/cortex/templates/application.conf.j2
++++ b/roles/cortex/templates/application.conf.j2
+@@ -66,7 +66,7 @@ auth {
+ # the "ad" section below.
+ # - ldap : use LDAP to authenticate users. The associated configuration shall be done in the
+ # "ldap" section below.
+- provider = [local]
++ provider = [local,oauth2]
+
+ ad {
+ # The Windows domain name in DNS format. This parameter is required if you do not use
+@@ -108,6 +108,84 @@ auth {
+ # If 'true', use SSL to connect to the LDAP directory server.
+ #useSSL = true
+ }
++ oauth2 {
++ # URL of the authorization server
++ clientId = "dsoclab-cortex"
++ clientSecret = {{cortexsecret.value}}
++ redirectUri = "https://{{dslproxy}}:9001/api/ssoLogin"
++ responseType = "code"
++ grantType = "authorization_code"
++
++ # URL from where to get the access token
++ authorizationUrl = "https://{{dslproxy}}:12443/auth/realms/{{openid_realm}}/protocol/openid-connect/auth"
++ authorizationHeader = "Bearer"
++ tokenUrl = "https://{{dslproxy}}:12443/auth/realms/{{openid_realm}}/protocol/openid-connect/token"
++
++
++ # The endpoint from which to obtain user details using the OAuth token, after successful login
++ userUrl = "https://{{dslproxy}}:12443/auth/realms/{{openid_realm}}/protocol/openid-connect/userinfo"
++ scope = "profile"
++ userIdField = "email"
++ #userUrl = "https://auth-site.com/api/User"
++ #scope = ["openid profile"]
++ }
++
++ ws.ssl.trustManager {
++ stores = [
++ {
++ type = "JKS" // JKS or PEM
++ path = "cacerts.jks"
++ password = "{{tspass}}"
++ }
++ ]
++ }
++
++
++ # Single-Sign On
++ sso {
++ # Autocreate user in database?
++ autocreate = true
++
++ # Autoupdate its profile and roles?
++ autoupdate = true
++
++ # Autologin user using SSO?
++ autologin = true
++
++ # Name of mapping class from user resource to backend user ('simple' or 'group')
++ #mapper = group
++ #mapper = simple
++ #attributes {
++ # login = "user"
++ # name = "name"
++ # groups = "groups"
++ # organization = "org"
++ #}
++# defaultRoles = ["read", "write", "admin"]
++# defaultOrganization = "uninett.no"
++ #defaultRoles = ["read"]
++ #defaultOrganization = "csirt"
++ #groups {
++ # # URL to retreive groups (leave empty if you are using OIDC)
++ # #url = "https://auth-site.com/api/Groups"
++ # # Group mappings, you can have multiple roles for each group: they are merged
++ # mappings {
++ # admin-profile-name = ["admin"]
++ # editor-profile-name = ["write"]
++ # reader-profile-name = ["read"]
++ # }
++ #}
++
++ mapper = simple
++ attributes {
++ login = "user"
++ name = "name"
++ roles = "roles"
++ organization = "org"
++ }
++ defaultRoles = ["read", "analyze"]
++ defaultOrganization = "uninett.no"
++ }
+ }
+
+ ## ANALYZERS
+diff --git a/roles/docker/tasks/thehive.yml b/roles/docker/tasks/thehive.yml
+index f8effea..30b11c8 100644
+--- a/roles/docker/tasks/thehive.yml
++++ b/roles/docker/tasks/thehive.yml
+@@ -15,6 +15,7 @@
+ with_items: "{{ groups['thehive'] }}"
+ tags:
+ - start
++ - thehivestart
+
+ - name: Disconnect thehive containers from network and remove
+ docker_container:
+@@ -23,4 +24,4 @@
+ with_items: "{{ groups['thehive'] }}"
+ tags:
+ - stop
+-
++ - thehivestop
+diff --git a/roles/keycloak/tasks/main.yml b/roles/keycloak/tasks/main.yml
+index 9c8f81e..2bb6a62 100644
+--- a/roles/keycloak/tasks/main.yml
++++ b/roles/keycloak/tasks/main.yml
+@@ -4,7 +4,7 @@
+ copy:
+ src: "{{ item.local }}"
+ dest: "{{ item.remote }}"
+- mode: "{{ item.mode}}"
++ mode: "{{ item.mode }}"
+ with_items:
+ - local: "files/{{ inventory_hostname }}.crt"
+ remote: /etc/x509/https/tls.crt
+@@ -20,6 +20,7 @@
+ mode: '0644'
+ tags:
+ - start
++ - startkeycloak
+
+ - name: Generate Keycloak secure config
+ command: "/opt/jboss/tools/x509.sh"
+@@ -27,11 +28,14 @@
+ X509_CA_BUNDLE: "/etc/x509/ca/ca.crt"
+ tags:
+ - start
++ - startkeycloak
+
+ - name: Set admin password
+ command: /opt/jboss/keycloak/bin/add-user-keycloak.sh --user "admin" --password "{{keycloak_adminpass}}"
++ ignore_errors: yes
+ tags:
+ - start
++ - startkeycloak
+
+ - name: Configure Keycloak start script
+ template:
+@@ -43,12 +47,14 @@
+ - initkeycloakrealm.sh
+ tags:
+ - start
++ - startkeycloak
+
+
+ - name: Start Keycloak IdP
+ command: /opt/jboss/tools/startkeycloak.sh
+ tags:
+ - start
++ - startkeycloak
+
+ - name: Wait for Keycloak
+ wait_for:
+@@ -58,11 +64,13 @@
+ delay: 5
+ tags:
+ - start
++ - startkeycloak
+
+ - name: Initialize Keycloak realm
+ command: /opt/jboss/tools/initkeycloakrealm.sh
+ tags:
+ - start
++ - startkeycloak
+
+ - name: Copy secrets from Keycloak
+ fetch:
+@@ -74,10 +82,16 @@
+ local: "roles/nifi/files/nifisecret"
+ - remote: "{{ ansible_facts.env['JBOSS_HOME'] }}/kibanasecret"
+ local: "roles/odfekibana/files/kibanasecret"
++ - remote: "{{ ansible_facts.env['JBOSS_HOME'] }}/thehivesecret"
++ local: "roles/thehive/files/thehivesecret"
++ - remote: "{{ ansible_facts.env['JBOSS_HOME'] }}/cortexsecret"
++ local: "roles/cortex/files/cortexsecret"
+ tags:
+ - start
++ - startkeycloak
+
+ - name: Stop Keycloak
+ command: "pkill -SIGTERM -F {{inventory_hostname}}.pid"
+ tags:
+ - stop
++ - stopkeycloak
+diff --git a/roles/keycloak/templates/initkeycloakrealm.sh.j2 b/roles/keycloak/templates/initkeycloakrealm.sh.j2
+index f3f0073..d6fc946 100644
+--- a/roles/keycloak/templates/initkeycloakrealm.sh.j2
++++ b/roles/keycloak/templates/initkeycloakrealm.sh.j2
+@@ -28,6 +28,12 @@ kcadm.sh get realms/{{openid_realm}}/clients/${NIFICLIENT}/client-secret --field
+ KIBANACLIENT=$(kcadm.sh create realms/{{openid_realm}}/clients -i -b '{"enabled":true, "clientId":"dsoclab-kibana","protocol":"openid-connect","clientAuthenticatorType": "client-secret","rootUrl": "https://{{dslproxy}}:5601","adminUrl": "","redirectUris": ["https://{{dslproxy}}:5601", "https://{{dslproxy}}:5601/auth/openid/login", "https://{{dslproxy}}:5601/app/kibana" ],"webOrigins": [], "publicClient": false }')
+ kcadm.sh get realms/{{openid_realm}}/clients/${KIBANACLIENT}/client-secret --fields value > /opt/jboss/keycloak/kibanasecret
+
++THEHIVECLIENT=$(kcadm.sh create realms/{{openid_realm}}/clients -i -b '{"enabled":true, "clientId":"dsoclab-thehive","protocol":"openid-connect","clientAuthenticatorType": "client-secret","adminUrl": "","redirectUris": ["https://{{dslproxy}}:9000/api/ssoLogin"],"webOrigins": [], "publicClient": false }')
++kcadm.sh get realms/{{openid_realm}}/clients/${THEHIVECLIENT}/client-secret --fields value > /opt/jboss/keycloak/thehivesecret
++
++CORTEXCLIENT=$(kcadm.sh create realms/{{openid_realm}}/clients -i -b '{"enabled":true, "clientId":"dsoclab-cortex","protocol":"openid-connect","clientAuthenticatorType": "client-secret","adminUrl": "","redirectUris": ["https://{{dslproxy}}:9001/api/ssoLogin"],"webOrigins": [], "publicClient": false }')
++kcadm.sh get realms/{{openid_realm}}/clients/${CORTEXCLIENT}/client-secret --fields value > /opt/jboss/keycloak/cortexsecret
++
+
+ kcadm.sh config truststore --delete
+
+diff --git a/roles/thehive/tasks/main.yml b/roles/thehive/tasks/main.yml
+index 7d8f859..0e560e7 100644
+--- a/roles/thehive/tasks/main.yml
++++ b/roles/thehive/tasks/main.yml
+@@ -1,5 +1,39 @@
+ ---
+
++- name: Copy cacert to ca-trust dir
++ remote_user: root
++ copy:
++ src: "files/{{ca_cn}}.crt"
++ dest: /etc/pki/ca-trust/source/anchors/ca.crt
++ tags:
++ - start
++
++- name: Install cacert to root truststore
++ remote_user: root
++ command: "update-ca-trust"
++ tags:
++ - start
++
++- name: Copy certificates in thehive conf dir
++ copy:
++ src: "{{ item }}"
++ dest: "/etc/thehive/{{ item }}"
++ mode: 0600
++ with_items:
++ - "{{ inventory_hostname }}.crt"
++ - "{{ inventory_hostname }}.key"
++ - cacerts.jks
++ - "{{ca_cn}}.crt"
++ tags:
++ - start
++
++- name: Get openid authkey
++ set_fact:
++ thehivesecret: "{{lookup('file', 'files/thehivesecret',convert_data=False) | from_json }}"
++ tags:
++ - start
++
++
+ - name: Configure TheHive
+ template:
+ src: application.conf.j2
+@@ -7,6 +41,14 @@
+ tags:
+ - start
+
++- name: Configure TheHive logging
++ copy:
++ src: logback.xml
++ dest: /etc/thehive/logback.xml
++ tags:
++ - start
++
++
+ - name: Start TheHive
+ command: >
+ daemonize
+@@ -31,8 +73,15 @@
+ tags:
+ - start
+
++- name: Create TheHive users
++ include: createusers.yml
++ tags:
++ - createusers
++ - start
++
+ - name: Stop TheHive
+ command: "pkill -SIGTERM -F /tmp/thehive.pid"
+ tags:
+ - stop
++ - stopthehive
+
+diff --git a/roles/thehive/templates/application.conf.j2 b/roles/thehive/templates/application.conf.j2
+index 6fa36eb..a92e4f7 100644
+--- a/roles/thehive/templates/application.conf.j2
++++ b/roles/thehive/templates/application.conf.j2
+@@ -13,7 +13,7 @@ db.janusgraph {
+ ## Cassandra configuration
+ # More information at https://docs.janusgraph.org/basics/configuration-reference/#storagecql
+ backend: cql
+- hostname: ["{{groups['cassandra'][0]}}.{{soctools_netname}}"]
++ hostname: ["{{groups['cassandra'][0]}}.{{soctools_netname}}:9042"]
+ # Cassandra authentication (if configured)
+ // username: "thehive"
+ // password: "password"
+@@ -47,17 +47,61 @@ storage {
+
+ ## Authentication configuration
+ # More information at https://github.com/TheHive-Project/TheHiveDocs/TheHive4/Administration/Authentication.md
+-//auth {
+-// providers: [
++auth {
++ providers: [
+ // {name: session} # required !
+ // {name: basic, realm: thehive}
+ // {name: local}
+ // {name: key}
+-// ]
++ {name: session} # required !
++ {name: basic, realm: thehive}
++ {name: local}
++ {name: key}
++ {
++ name: oauth2
++ clientId: "dsoclab-thehive"
++ clientSecret: {{thehivesecret.value}}
++ redirectUri: "https://{{dslproxy}}:9000/api/ssoLogin"
++ responseType: "code"
++ grantType: "authorization_code"
++ authorizationUrl: "https://{{dslproxy}}:12443/auth/realms/{{openid_realm}}/protocol/openid-connect/auth"
++ authorizationHeader: "Bearer"
++ tokenUrl: "https://{{dslproxy}}:12443/auth/realms/{{openid_realm}}/protocol/openid-connect/token"
++ userUrl: "https://{{dslproxy}}:12443/auth/realms/{{openid_realm}}/protocol/openid-connect/userinfo"
++// scope: ["openid", "email"]
++ scope: ["openid"]
++ userIdField: "email"
++// userIdField: "name"
++ }
++ ]
++ sso {
++ autocreate: true
++ autoupdate: true
++ autologin: true
++ mapper: "simple"
++// attributes {
++// login: "login"
++// name: "name"
++// roles: "role"
++// }
++ defaultRoles: ["read", "write", "admin"]
++ defaultOrganization: "uninett.no"
++// defaultOrganization: "demo"
++ }
++ ws.ssl.trustManager {
++ stores = [
++ {
++ type: "JKS" // JKS or PEM
++ path: "cacerts.jks"
++ password: "{{tspass}}"
++ }
++ ]
++ }
+ # The format of logins must be valid email address format. If the provided login doesn't contain `@` the following
+ # domain is automatically appended
+-// defaultUserDomain: "thehive.local"
+-//}
++ defaultUserDomain: "uninett.no"
++# defaultUserDomain: "thehive.local"
++}
+
+ ## CORTEX configuration
+ # More information at https://github.com/TheHive-Project/TheHiveDocs/TheHive4/Administration/Connectors.md
diff --git a/roles/build/files/cassandraDockerfile b/roles/build/files/cassandraDockerfile
new file mode 100644
index 0000000..c1b7388
--- /dev/null
+++ b/roles/build/files/cassandraDockerfile
@@ -0,0 +1,35 @@
+FROM gn43-dsl/openjdk:7a20201004
+
+USER root
+#COPY cassandra.repo /etc/yum.repos.d/cassandra.repo
+#COPY supervisord.conf /etc/supervisord.conf
+#COPY start.sh /start.sh
+RUN echo "[cassandra]" > /etc/yum.repos.d/cassandra.repo && \
+ echo "name=Apache Cassandra" >> /etc/yum.repos.d/cassandra.repo && \
+ echo "baseurl=https://downloads.apache.org/cassandra/redhat/311x/" >> /etc/yum.repos.d/cassandra.repo && \
+ echo "gpgcheck=1" >> /etc/yum.repos.d/cassandra.repo && \
+ echo "repo_gpgcheck=1" >> /etc/yum.repos.d/cassandra.repo && \
+ echo "gpgkey=https://downloads.apache.org/cassandra/KEYS" >> /etc/yum.repos.d/cassandra.repo && \
+ echo '#!/bin/bash' > /start.sh && \
+ echo 'export CASSANDRA_HOME=/usr/share/cassandra' >> /start.sh && \
+ echo 'export CASSANDRA_CONF=$CASSANDRA_HOME/conf' >> /start.sh && \
+ echo 'export CASSANDRA_INCLUDE=$CASSANDRA_HOME/cassandra.in.sh' >> /start.sh && \
+ echo 'log_file=/var/log/cassandra/cassandra.log' >> /start.sh && \
+ echo 'pid_file=/var/run/cassandra/cassandra.pid' >> /start.sh && \
+ echo 'lock_file=/var/lock/subsys/cassandra' >> /start.sh && \
+ echo 'CASSANDRA_PROG=/usr/sbin/cassandra' >> /start.sh && \
+ echo '' >> /start.sh && \
+ echo '$CASSANDRA_PROG -p $pid_file > $log_file 2>&1' >> /start.sh && \
+ yum install -y epel-release && \
+ yum install -y cassandra supervisor && \
+ mkdir /usr/share/cassandra/conf && \
+ cp -a /etc/cassandra/conf/* /usr/share/cassandra/conf && \
+ chown -R cassandra:cassandra /usr/share/cassandra && \
+ chown -R cassandra:cassandra /var/lib/cassandra && \
+ sed -i -e 's,/etc/cassandra,/usr/share/cassandra,g' /usr/share/cassandra/cassandra.in.sh && \
+ chmod a+x /start.sh && \
+ yum -y clean all
+EXPOSE 7000 9042
+#ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
+USER cassandra
+# ENTRYPOINT ["/start.sh"]
diff --git a/roles/build/files/cortexDockerfile b/roles/build/files/cortexDockerfile
new file mode 100644
index 0000000..014cdf0
--- /dev/null
+++ b/roles/build/files/cortexDockerfile
@@ -0,0 +1,32 @@
+FROM gn43-dsl/openjdk:7a20201004
+
+USER root
+#COPY thehive.repo /etc/yum.repos.d/thehive.repo
+#COPY supervisord.conf /etc/supervisord.conf
+#COPY start.sh /start.sh
+RUN echo "[thehive-project]" > /etc/yum.repos.d/thehive.repo && \
+ echo "enabled=1" >> /etc/yum.repos.d/thehive.repo && \
+ echo "priority=1" >> /etc/yum.repos.d/thehive.repo && \
+ echo "name=TheHive-Project RPM repository" >> /etc/yum.repos.d/thehive.repo && \
+ echo "baseurl=http://rpm.thehive-project.org/stable/noarch" >> /etc/yum.repos.d/thehive.repo && \
+ echo "gpgcheck=1" >> /etc/yum.repos.d/thehive.repo && \
+ yum install -y epel-release && \
+ rpm --import https://raw.githubusercontent.com/TheHive-Project/TheHive/master/PGP-PUBLIC-KEY && \
+ rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch && \
+ yum install -y cortex supervisor daemonize vim net-tools telnet htop python3-pip.noarch git gcc python3-devel.x86_64 ssdeep-devel.x86_64 python3-wheel.noarch libexif-devel.x86_64 libexif.x86_64 perl-Image-ExifTool.noarch gcc-c++ whois && \
+ rpm -Uvh https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-oss-6.8.13.rpm && \
+ chown -R elasticsearch:elasticsearch /etc/elasticsearch && \
+ mkdir -p /home/cortex && \
+ chown -R cortex:cortex /home/cortex && \
+ chown -R cortex:cortex /etc/cortex && \
+ cd /opt && \
+ git clone https://github.com/TheHive-Project/Cortex-Analyzers && \
+ chown -R cortex:cortex /opt/Cortex-Analyzers && \
+ cd /opt/Cortex-Analyzers && \
+ for I in analyzers/*/requirements.txt; do LC_ALL=en_US.UTF-8 pip3 install --no-cache-dir -U -r $I || true; done && \
+ for I in responders/*/requirements.txt; do LC_ALL=en_US.UTF-8 pip3 install --no-cache-dir -U -r $I || true; done && \
+ yum -y clean all
+EXPOSE 9001
+#ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
+USER cortex
+# ENTRYPOINT ["/start.sh"]
diff --git a/roles/build/files/elasticDockerfile b/roles/build/files/elasticDockerfile
new file mode 100644
index 0000000..dba4003
--- /dev/null
+++ b/roles/build/files/elasticDockerfile
@@ -0,0 +1,21 @@
+FROM gn43-dsl/openjdk:7a20201004
+
+ENV PATH="/usr/share/elasticsearch/bin:${PATH}"
+
+RUN groupadd -g 1000 elasticsearch && \
+ adduser -u 1000 -g 1000 -d /usr/share/elasticsearch elasticsearch
+
+WORKDIR /usr/share/elasticsearch
+
+RUN rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch && \
+ rpm -Uvh https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-oss-7.4.2-no-jdk-x86_64.rpm && \
+ cp -a /etc/elasticsearch/ /usr/share/elasticsearch/config/ && \
+ chown -R elasticsearch /usr/share/elasticsearch/config && \
+ mkdir -p /usr/share/elasticsearch/data && \
+ chown -R elasticsearch /usr/share/elasticsearch/data && \
+ sed -i -e 's,ES_PATH_CONF=/etc/elasticsearch,ES_PATH_CONF=/usr/share/elasticsearch/config,g' /etc/sysconfig/elasticsearch
+
+EXPOSE 9200 9300
+USER elasticsearch
+ENTRYPOINT ["/bin/bash"]
+
diff --git a/roles/build/files/haproxyDockerfile b/roles/build/files/haproxyDockerfile
new file mode 100644
index 0000000..f36d8f4
--- /dev/null
+++ b/roles/build/files/haproxyDockerfile
@@ -0,0 +1,71 @@
+FROM gn43-dsl/centos:7a20201004
+
+ENV HAPROXY_VERSION 2.2.3
+ENV HAPROXY_URL https://www.haproxy.org/download/2.2/src/haproxy-2.2.3.tar.gz
+ENV HAPROXY_SHA256 7209db363d4dbecb21133f37b01048df666aebc14ff543525dbea79be202064e
+ENV OPENSSL_VERSION=1.0.2u
+
+
+# see https://sources.debian.net/src/haproxy/jessie/debian/rules/ for some helpful navigation of the possible "make" arguments
+RUN \
+ yum install -y epel-release && \
+ yum update -y && \
+ `# Install build tools. Note: perl needed to compile openssl...` \
+ yum install -y \
+ inotify-tools \
+ wget \
+ tar \
+ gzip \
+ make \
+ gcc \
+ perl \
+ pcre-devel \
+ zlib-devel \
+ iptables \
+ pcre2-devel \
+ daemonize \
+ pth-devel && \
+ `# Install newest openssl...` \
+ wget -O /tmp/openssl.tgz https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz && \
+ tar -zxf /tmp/openssl.tgz -C /tmp && \
+ cd /tmp/openssl-* && \
+ ./config --prefix=/usr \
+ --openssldir=/etc/ssl \
+ --libdir=lib \
+ no-shared zlib-dynamic && \
+ make -j$(getconf _NPROCESSORS_ONLN) V= && make install_sw && \
+ cd && rm -rf /tmp/openssl* && \
+ `# Install HAProxy...` \
+ && wget -O haproxy.tar.gz "$HAPROXY_URL" \
+ && echo "$HAPROXY_SHA256 *haproxy.tar.gz" | sha256sum -c \
+ && mkdir -p /usr/src/haproxy \
+ && tar -xzf haproxy.tar.gz -C /usr/src/haproxy --strip-components=1 \
+ && rm haproxy.tar.gz \
+ \
+ && makeOpts=' \
+ TARGET=linux-glibc \
+ USE_GETADDRINFO=1 \
+ USE_OPENSSL=1 \
+ USE_PCRE2=1 USE_PCRE2_JIT=1 \
+ USE_ZLIB=1 \
+ \
+ EXTRA_OBJS=" \
+# see https://github.com/docker-library/haproxy/issues/94#issuecomment-505673353 for more details about prometheus support
+ contrib/prometheus-exporter/service-prometheus.o \
+ " \
+ ' \
+ && nproc="$(nproc)" \
+ && eval "make -C /usr/src/haproxy -j '$nproc' all $makeOpts" \
+ && eval "make -C /usr/src/haproxy install-bin $makeOpts" \
+ \
+ && mkdir -p /usr/local/etc/haproxy \
+ && cp -R /usr/src/haproxy/examples/errorfiles /usr/local/etc/haproxy/errors \
+ && rm -rf /usr/src/haproxy
+
+ENTRYPOINT ["/bin/bash"]
+
+# https://www.haproxy.org/download/1.8/doc/management.txt
+# "4. Stopping and restarting HAProxy"
+# "when the SIGTERM signal is sent to the haproxy process, it immediately quits and all established connections are closed"
+# "graceful stop is triggered when the SIGUSR1 signal is sent to the haproxy process"
+STOPSIGNAL SIGUSR1
diff --git a/roles/build/files/keycloakDockerfile b/roles/build/files/keycloakDockerfile
new file mode 100644
index 0000000..ba6e7c1
--- /dev/null
+++ b/roles/build/files/keycloakDockerfile
@@ -0,0 +1,41 @@
+FROM gn43-dsl/openjdk:7a20201004
+
+ENV KEYCLOAK_VERSION 10.0.1
+ENV JDBC_POSTGRES_VERSION 42.2.5
+ENV JBOSS_HOME /opt/jboss/keycloak
+
+ARG KEYCLOAK_DIST=https://downloads.jboss.org/keycloak/$KEYCLOAK_VERSION/keycloak-$KEYCLOAK_VERSION.tar.gz
+
+USER root
+
+#ADD //root/ansible-soctools-scm-uninett-no/soctools-buildtest-20201022/roles/build/templates/keycloak/keycloak-tools /opt/jboss/tools
+ADD keycloak-tools /opt/jboss/tools
+#ADD ../templates/keycloak/keycloak-tools /opt/jboss/tools
+RUN yum -y install openssl && yum -y clean all && \
+ mkdir -p /opt/jboss/ && cd /opt/jboss/ && \
+ curl -L $KEYCLOAK_DIST | tar zx && \
+ mv /opt/jboss/keycloak-* /opt/jboss/keycloak && \
+ mkdir -p /opt/jboss/keycloak/modules/system/layers/base/org/postgresql/jdbc/main && \
+ cd /opt/jboss/keycloak/modules/system/layers/base/org/postgresql/jdbc/main && \
+ curl -L https://repo1.maven.org/maven2/org/postgresql/postgresql/$JDBC_POSTGRES_VERSION/postgresql-$JDBC_POSTGRES_VERSION.jar > postgres-jdbc.jar && \
+ cp /opt/jboss/tools/databases/postgres/module.xml . && \
+ cd /opt/jboss/keycloak && \
+ bin/jboss-cli.sh --file=/opt/jboss/tools/cli/standalone-configuration.cli && \
+ rm -rf /opt/jboss/keycloak/standalone/configuration/standalone_xml_history && \
+ rm -rf /opt/jboss/keycloak/standalone/tmp/auth && \
+ rm -rf /opt/jboss/keycloak/domain/tmp/auth && \
+ adduser -u 1000 -g 0 -d /opt/jboss jboss && \
+ chown -R jboss:root /opt/jboss && \
+ chmod -R g+rwX /opt/jboss && \
+ mkdir -p /etc/x509/{https,ca} && chown -R jboss:root /etc/x509/{https,ca}
+
+ENV PATH="/opt/jboss/keycloak/bin:${PATH}"
+
+WORKDIR /opt/jboss/keycloak
+
+EXPOSE 8080
+EXPOSE 8443
+
+USER jboss
+ENTRYPOINT ["/bin/bash"]
+
diff --git a/roles/build/files/kibanaDockerfile b/roles/build/files/kibanaDockerfile
new file mode 100644
index 0000000..0f137e0
--- /dev/null
+++ b/roles/build/files/kibanaDockerfile
@@ -0,0 +1,18 @@
+FROM gn43-dsl/centos:7a20201004
+
+ENV PATH="/usr/share/kibana/bin:${PATH}"
+
+RUN groupadd -g 1000 kibana && \
+ adduser -u 1000 -g 1000 -d /usr/share/kibana kibana
+
+WORKDIR /usr/share/kibana
+
+RUN rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch && \
+ rpm -Uvh https://artifacts.elastic.co/downloads/kibana/kibana-oss-7.4.2-x86_64.rpm && \
+ cp -a /etc/kibana/ /usr/share/kibana/config/ && \
+ chown -R kibana /usr/share/kibana/config/
+
+EXPOSE 5601
+USER kibana
+ENTRYPOINT ["/bin/bash"]
+
diff --git a/roles/build/files/mispDockerfile b/roles/build/files/mispDockerfile
new file mode 100644
index 0000000..26f09fb
--- /dev/null
+++ b/roles/build/files/mispDockerfile
@@ -0,0 +1,84 @@
+FROM gn43-dsl/centos:7a20201004
+
+USER root
+RUN yum install -y epel-release centos-release-scl scl-utils ; \
+ yum install -y gcc git zip openssl supervisor rh-git218 httpd24 mod_ssl mod_auth_openidc rh-redis32 libxslt-devel zlib-devel libcaca-devel ssdeep-devel rh-php72 rh-php72-php-fpm rh-php72-php-devel rh-php72-php-mysqlnd rh-php72-php-mbstring rh-php72-php-xml rh-php72-php-bcmath rh-php72-php-opcache rh-php72-php-gd mariadb devtoolset-7 make cmake3 cppcheck libcxx-devel gpgme-devel openjpeg-devel gcc gcc-c++ poppler-cpp-devel pkgconfig python-devel redhat-rpm-config rubygem-rouge rubygem-asciidoctor zbar-devel opencv-devel wget screen rh-python36-mod_wsgi postfix curl make cmake python3 python3-devel python3-pip python3-yara python3-wheel python3-redis python3-zmq python3-setuptools redis sudo vim zip sqlite moreutils rng-tools libxml2-devel libxslt-devel zlib-devel libpqxx openjpeg2-devel ssdeep-devel ruby asciidoctor tesseract ImageMagick poppler-cpp-devel python36-virtualenv opencv-devel zbar zbar-devel ; \
+ yum -y clean all ; \
+ sed -i "s/max_execution_time = 30/max_execution_time = 300/" /etc/opt/rh/rh-php72/php.ini ; \
+ sed -i "s/memory_limit = 128M/memory_limit = 2048M/" /etc/opt/rh/rh-php72/php.ini ; \
+ sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 50M/" /etc/opt/rh/rh-php72/php.ini ; \
+ sed -i "s/post_max_size = 8M/post_max_size = 50M/" /etc/opt/rh/rh-php72/php.ini ; \
+ mkdir -p /var/www/MISP ; \
+ chown -R apache:apache /var/www/MISP
+
+USER apache
+WORKDIR /var/www/MISP
+RUN git clone https://github.com/MISP/MISP.git /var/www/MISP ; \
+ git submodule update --init --recursive ; \
+ git submodule foreach --recursive git config core.filemode false ; \
+ git config core.filemode false
+
+USER root
+RUN pip3 install --upgrade pip ; \
+ pip3 install git+https://github.com/CybOXProject/mixbox.git ; \
+ pip3 install git+https://github.com/CybOXProject/python-cybox.git ; \
+ pip3 install git+https://github.com/STIXProject/python-stix.git ; \
+ pip3 install git+https://github.com/MAECProject/python-maec.git ; \
+ pip3 install /var/www/MISP/cti-python-stix2 ; \
+ pip3 install /var/www/MISP/PyMISP ; \
+ pip3 install git+https://github.com/kbandla/pydeep.git ; \
+ pip3 install https://github.com/lief-project/packages/raw/lief-master-latest/pylief-0.9.0.dev.zip ; \
+ pip3 install jsonschema ; \
+ pip3 install reportlab ; \
+ pip3 install python-magic ; \
+ pip3 install pyzmq ; \
+ pip3 install redis
+
+USER apache
+WORKDIR /var/www/MISP
+RUN git submodule init ; \
+ git submodule update
+
+USER root
+WORKDIR /usr/local/src
+RUN git clone https://github.com/MISP/misp-modules.git
+WORKDIR /usr/local/src/misp-modules
+RUN git checkout ; \
+ # sudo pip3 install -I -r REQUIREMENTS ; \
+ LANG=en_US.UTF-8 pip3 install -I -r REQUIREMENTS; \
+ pip3 install -I . ; \
+ mkdir /var/www/.composer && chown -R apache:apache /var/www/.composer ; \
+ cd /tmp ; \
+ wget https://github.com/ssdeep-project/ssdeep/releases/download/release-2.14.1/ssdeep-2.14.1.tar.gz ; \
+ tar zxvf ssdeep-2.14.1.tar.gz && cd ssdeep-2.14.1 && ./configure && make && make install ; \
+ /usr/bin/scl enable rh-php72 "pecl install ssdeep" ; \
+ echo "extension=ssdeep.so" > /etc/opt/rh/rh-php72/php.d/88-ssdeep.ini ; \
+ cd
+
+USER apache
+WORKDIR /var/www/MISP/app
+RUN wget https://getcomposer.org/download/1.2.1/composer.phar -O composer.phar ; \
+ COMPOSER_CACHE_DIR=/var/www/.composer /usr/bin/scl enable rh-php72 "php composer.phar require kamisama/cake-resque:4.1.2" ; \
+ COMPOSER_CACHE_DIR=/var/www/.composer /usr/bin/scl enable rh-php72 "php composer.phar config vendor-dir Vendor" ; \
+ COMPOSER_CACHE_DIR=/var/www/.composer /usr/bin/scl enable rh-php72 "php composer.phar install" ; \
+ sed -i -e "s/bind 127.0.0.1/bind 0.0.0.0/" /etc/redis.conf ; \
+ cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/CakeResque/Config/config.php ; \
+ cp -a /var/www/MISP/app/Config/bootstrap.default.php /var/www/MISP/app/Config/bootstrap.php ; \
+ cp -a /var/www/MISP/app/Config/database.default.php /var/www/MISP/app/Config/database.php ; \
+ cp -a /var/www/MISP/app/Config/core.default.php /var/www/MISP/app/Config/core.php ; \
+ cp -a /var/www/MISP/app/Config/config.default.php /var/www/MISP/app/Config/config.php
+
+USER root
+COPY mispstart.sh /var/www/MISP/app/Console/worker/start.sh
+RUN chown -R apache:apache /var/www/MISP ; \
+ chmod -R 750 /var/www/MISP ; \
+ chmod -R g+ws /var/www/MISP/app/tmp ; \
+ chmod -R g+ws /var/www/MISP/app/files ; \
+ chmod -R g+ws /var/www/MISP/app/files/scripts/tmp
+
+# 80/443 - MISP web server, 3306 - mysql, 6379 - redis, 6666 - MISP modules, 50000 - MISP ZeroMQ
+EXPOSE 80 443 6443 6379 6666 50000
+
+COPY mispsupervisord.conf /etc/supervisord.conf
+#ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
+
diff --git a/roles/build/files/mispstart.sh b/roles/build/files/mispstart.sh
new file mode 100644
index 0000000..d6a5fc0
--- /dev/null
+++ b/roles/build/files/mispstart.sh
@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+#dockerfile from ansible
+
+# Check if run as root
+if [ "$EUID" -eq 0 ]; then
+ echo "Please DO NOT run the worker script as root"
+ exit 1
+fi
+
+PATH_TO_MISP='/var/www/MISP'
+RUN_PHP="/usr/bin/scl enable rh-php72"
+PHP_INI="/etc/opt/rh/rh-php72/php.ini"
+CAKE="${PATH_TO_MISP}/app/Console/cake"
+
+# Extract base directory where this script is and cd into it
+cd "${0%/*}"
+$RUN_PHP -- $CAKE CakeResque.CakeResque stop --all
+$RUN_PHP -- $CAKE CakeResque.CakeResque start --interval 5 --queue default
+$RUN_PHP -- $CAKE CakeResque.CakeResque start --interval 5 --queue prio
+$RUN_PHP -- $CAKE CakeResque.CakeResque start --interval 5 --queue cache
+$RUN_PHP -- $CAKE CakeResque.CakeResque start --interval 5 --queue email
+$RUN_PHP -- $CAKE CakeResque.CakeResque start --interval 5 --queue update
+$RUN_PHP -- $CAKE CakeResque.CakeResque startscheduler --interval 5
+
+exit 0
diff --git a/roles/build/files/mispsupervisord.conf b/roles/build/files/mispsupervisord.conf
new file mode 100644
index 0000000..fbd4dea
--- /dev/null
+++ b/roles/build/files/mispsupervisord.conf
@@ -0,0 +1,25 @@
+[supervisord]
+nodaemon=false
+user=root
+
+[program:php-fpm]
+# EnvironmentFile=/etc/opt/rh/rh-php72/sysconfig/php-fpm
+command=/opt/rh/rh-php72/root/usr/sbin/php-fpm --nodaemonize
+
+[program:redis-server]
+process_name = redis-server
+directory = /var/opt/rh/rh-redis32/lib/redis/
+command=/opt/rh/rh-redis32/root/usr/bin/redis-server /etc/opt/rh/rh-redis32/redis.conf
+user=redis
+
+[program:apache2]
+command=/usr/sbin/httpd -DFOREGROUND
+
+[program:misp-modules]
+command=/bin/bash -c "/usr/local/bin/misp-modules -l '0.0.0.0' -s"
+user = apache
+startsecs = 0
+
+[program:workers]
+command=/bin/bash /var/www/MISP/app/Console/worker/start.sh
+user=apache
diff --git a/roles/build/files/mysqlDockerfile b/roles/build/files/mysqlDockerfile
new file mode 100644
index 0000000..7c547b1
--- /dev/null
+++ b/roles/build/files/mysqlDockerfile
@@ -0,0 +1,13 @@
+FROM gn43-dsl/centos:7a20201004
+
+USER root
+RUN yum -y update && yum install -y epel-release centos-release-scl scl-utils && \
+ yum install -y rh-mariadb103 python36-PyMySQL MySQL-python supervisor && \
+ /usr/bin/scl enable rh-mariadb103 -- /opt/rh/rh-mariadb103/root/usr/libexec/mysql-prepare-db-dir /var/opt/rh/rh-mariadb103/lib/mysql
+RUN yum clean all
+
+EXPOSE 3306
+COPY mysqlsupervisord.conf /etc/supervisord.conf
+
+ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
+
diff --git a/roles/build/files/mysqlsupervisord.conf b/roles/build/files/mysqlsupervisord.conf
new file mode 100644
index 0000000..e44e9fe
--- /dev/null
+++ b/roles/build/files/mysqlsupervisord.conf
@@ -0,0 +1,7 @@
+[supervisord]
+loglevel=debug
+nodaemon=true
+[program:mysql]
+user=mysql
+directory=/var/lib/mysql
+command=/opt/rh/rh-mariadb103/root/usr/libexec/mysqld-scl-helper enable rh-mariadb103 -- /opt/rh/rh-mariadb103/root/usr/libexec/mysqld --basedir=/opt/rh/rh-mariadb103/root/usr
diff --git a/roles/build/files/nifiDockerfile b/roles/build/files/nifiDockerfile
new file mode 100644
index 0000000..c3ef342
--- /dev/null
+++ b/roles/build/files/nifiDockerfile
@@ -0,0 +1,97 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+FROM gn43-dsl/openjdk:7a20201004
+#LABEL maintainer="Apache NiFi <dev@nifi.apache.org>"
+#LABEL site="https://nifi.apache.org"
+
+ARG UID=1000
+ARG GID=1000
+ARG NIFI_VERSION=1.11.4
+ARG BASE_URL=https://archive.apache.org/dist
+ARG MIRROR_BASE_URL=${MIRROR_BASE_URL:-${BASE_URL}}
+ARG NIFI_BINARY_PATH=${NIFI_BINARY_PATH:-/nifi/${NIFI_VERSION}/nifi-${NIFI_VERSION}-bin.zip}
+ARG NIFI_TOOLKIT_BINARY_PATH=${NIFI_TOOLKIT_BINARY_PATH:-/nifi/${NIFI_VERSION}/nifi-toolkit-${NIFI_VERSION}-bin.zip}
+
+ENV NIFI_BASE_DIR=/opt/nifi
+ENV NIFI_HOME ${NIFI_BASE_DIR}/nifi-current
+ENV NIFI_TOOLKIT_HOME ${NIFI_BASE_DIR}/nifi-toolkit-current
+
+ENV NIFI_PID_DIR=${NIFI_HOME}/run
+ENV NIFI_LOG_DIR=${NIFI_HOME}/logs
+
+# ADD sh/ ${NIFI_BASE_DIR}/scripts/
+
+# Setup NiFi user and create necessary directories
+RUN groupadd -g ${GID} nifi || groupmod -n nifi `getent group ${GID} | cut -d: -f1` \
+ && useradd --shell /bin/bash -u ${UID} -g ${GID} -m nifi \
+ && mkdir -p ${NIFI_BASE_DIR} \
+ && chown -R nifi:nifi ${NIFI_BASE_DIR} \
+ && yum -y install jq xmlstarlet procps-ng
+
+USER nifi
+
+# Download, validate, and expand Apache NiFi Toolkit binary.
+RUN curl -fSL ${MIRROR_BASE_URL}/${NIFI_TOOLKIT_BINARY_PATH} -o ${NIFI_BASE_DIR}/nifi-toolkit-${NIFI_VERSION}-bin.zip \
+ && echo "$(curl ${BASE_URL}/${NIFI_TOOLKIT_BINARY_PATH}.sha256) *${NIFI_BASE_DIR}/nifi-toolkit-${NIFI_VERSION}-bin.zip" | sha256sum -c - \
+ && unzip ${NIFI_BASE_DIR}/nifi-toolkit-${NIFI_VERSION}-bin.zip -d ${NIFI_BASE_DIR} \
+ && rm ${NIFI_BASE_DIR}/nifi-toolkit-${NIFI_VERSION}-bin.zip \
+ && mv ${NIFI_BASE_DIR}/nifi-toolkit-${NIFI_VERSION} ${NIFI_TOOLKIT_HOME} \
+ && ln -s ${NIFI_TOOLKIT_HOME} ${NIFI_BASE_DIR}/nifi-toolkit-${NIFI_VERSION}
+
+# Download, validate, and expand Apache NiFi binary.
+RUN curl -fSL ${MIRROR_BASE_URL}/${NIFI_BINARY_PATH} -o ${NIFI_BASE_DIR}/nifi-${NIFI_VERSION}-bin.zip \
+ && echo "$(curl ${BASE_URL}/${NIFI_BINARY_PATH}.sha256) *${NIFI_BASE_DIR}/nifi-${NIFI_VERSION}-bin.zip" | sha256sum -c - \
+ && unzip ${NIFI_BASE_DIR}/nifi-${NIFI_VERSION}-bin.zip -d ${NIFI_BASE_DIR} \
+ && rm ${NIFI_BASE_DIR}/nifi-${NIFI_VERSION}-bin.zip \
+ && mv ${NIFI_BASE_DIR}/nifi-${NIFI_VERSION} ${NIFI_HOME} \
+ && mkdir -p ${NIFI_HOME}/conf \
+ && mkdir -p ${NIFI_HOME}/database_repository \
+ && mkdir -p ${NIFI_HOME}/flowfile_repository \
+ && mkdir -p ${NIFI_HOME}/content_repository \
+ && mkdir -p ${NIFI_HOME}/provenance_repository \
+ && mkdir -p ${NIFI_HOME}/state \
+ && mkdir -p ${NIFI_LOG_DIR} \
+ && ln -s ${NIFI_HOME} ${NIFI_BASE_DIR}/nifi-${NIFI_VERSION}
+
+#VOLUME ${NIFI_LOG_DIR} \
+# ${NIFI_HOME}/conf \
+# ${NIFI_HOME}/database_repository \
+# ${NIFI_HOME}/flowfile_repository \
+# ${NIFI_HOME}/content_repository \
+# ${NIFI_HOME}/provenance_repository \
+# ${NIFI_HOME}/state
+
+# Clear nifi-env.sh in favour of configuring all environment variables in the Dockerfile
+RUN echo "#!/bin/sh\n" > $NIFI_HOME/bin/nifi-env.sh
+
+# Web HTTP(s) & Socket Site-to-Site Ports
+EXPOSE 8080 8443 10000 8000
+
+WORKDIR ${NIFI_HOME}
+
+# Apply configuration and start NiFi
+#
+# We need to use the exec form to avoid running our command in a subshell and omitting signals,
+# thus being unable to shut down gracefully:
+# https://docs.docker.com/engine/reference/builder/#entrypoint
+#
+# Also we need to use relative path, because the exec form does not invoke a command shell,
+# thus normal shell processing does not happen:
+# https://docs.docker.com/engine/reference/builder/#exec-form-entrypoint-example
+ENTRYPOINT ["/bin/bash"]
diff --git a/roles/build/files/odfeesDockerfile b/roles/build/files/odfeesDockerfile
new file mode 100644
index 0000000..fedbee1
--- /dev/null
+++ b/roles/build/files/odfeesDockerfile
@@ -0,0 +1,16 @@
+FROM gn43-dsl/elasticsearch:7a20201004
+
+ENV PATH="/usr/share/elasticsearch/bin:${PATH}"
+
+USER root
+WORKDIR /usr/share/elasticsearch
+
+RUN for PLUGIN in \
+ https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins/opendistro-security/opendistro_security-1.4.0.0.zip \
+ https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins/opendistro-alerting/opendistro_alerting-1.4.0.0.zip \
+ https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins/opendistro-sql/opendistro_sql-1.4.0.0.zip; \
+ do bin/elasticsearch-plugin install -b ${PLUGIN}; done && \
+ chown -R elasticsearch plugins/opendistro_security
+
+USER elasticsearch
+
diff --git a/roles/build/files/odfekibanaDockerfile b/roles/build/files/odfekibanaDockerfile
new file mode 100644
index 0000000..1945e27
--- /dev/null
+++ b/roles/build/files/odfekibanaDockerfile
@@ -0,0 +1,18 @@
+FROM gn43-dsl/kibana:7a20201004
+
+ENV PATH="/usr/share/kibana/bin:${PATH}"
+
+USER root
+WORKDIR /usr/share/kibana
+
+RUN for PLUGIN in \
+ https://d3g5vo6xdbdb9a.cloudfront.net/downloads/kibana-plugins/opendistro-security/opendistro_security_kibana_plugin-1.4.0.0.zip \
+ https://d3g5vo6xdbdb9a.cloudfront.net/downloads/kibana-plugins/opendistro-alerting/opendistro-alerting-1.4.0.0.zip \
+ https://d3g5vo6xdbdb9a.cloudfront.net/downloads/kibana-plugins/opendistro-index-management/opendistro_index_management_kibana-1.4.0.0.zip; \
+ do bin/kibana-plugin install --allow-root ${PLUGIN}; done
+
+ADD thehive_button /usr/share/kibana/plugins/thehive_button
+RUN chown -R kibana:kibana /usr/share/kibana/plugins/thehive_button
+
+USER kibana
+
diff --git a/roles/build/files/openjdkDockerfile b/roles/build/files/openjdkDockerfile
new file mode 100644
index 0000000..2d83f47
--- /dev/null
+++ b/roles/build/files/openjdkDockerfile
@@ -0,0 +1,11 @@
+FROM gn43-dsl/centos:7a20201004
+
+RUN yum update -y; \
+ yum install -y wget unzip curl java-1.8.0-openjdk-headless.x86_64
+
+RUN ln -svT "/usr/lib/jvm/java-1.8.0-openjdk-$(rpm -q --queryformat "%{VERSION}-%{RELEASE}.%{ARCH}\n" java-1.8.0-openjdk-headless)" /docker-java-home
+ENV JAVA_HOME /docker-java-home/jre
+
+RUN yum clean all
+
+CMD ["/bin/bash"]
diff --git a/roles/build/files/thehiveDockerfile b/roles/build/files/thehiveDockerfile
new file mode 100644
index 0000000..ce8ddb8
--- /dev/null
+++ b/roles/build/files/thehiveDockerfile
@@ -0,0 +1,24 @@
+FROM gn43-dsl/openjdk:7a20201004
+
+USER root
+#COPY thehive.repo /etc/yum.repos.d/thehive.repo
+#COPY supervisord.conf /etc/supervisord.conf
+#COPY start.sh /start.sh
+RUN echo "[thehive-project]" > /etc/yum.repos.d/thehive.repo && \
+ echo "enabled=1" >> /etc/yum.repos.d/thehive.repo && \
+ echo "priority=1" >> /etc/yum.repos.d/thehive.repo && \
+ echo "name=TheHive-Project RPM repository" >> /etc/yum.repos.d/thehive.repo && \
+ echo "baseurl=http://rpm.thehive-project.org/stable/noarch" >> /etc/yum.repos.d/thehive.repo && \
+ echo "gpgcheck=1" >> /etc/yum.repos.d/thehive.repo && \
+ yum install -y epel-release && \
+ rpm --import https://raw.githubusercontent.com/TheHive-Project/TheHive/master/PGP-PUBLIC-KEY && \
+ yum install -y thehive4 supervisor daemonize vim net-tools telnet htop && \
+ mkdir -p /opt/thp_data/files/thehive && \
+ chown -R thehive:thehive /opt/thp_data/files/thehive && \
+ mkdir -p /home/thehive && \
+ chown -R thehive:thehive /home/thehive /etc/thehive && \
+ yum -y clean all
+EXPOSE 9000
+#ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
+USER thehive
+# ENTRYPOINT ["/start.sh"]
diff --git a/roles/build/files/thehive_button/.eslintrc b/roles/build/files/thehive_button/.eslintrc
new file mode 100644
index 0000000..64eba86
--- /dev/null
+++ b/roles/build/files/thehive_button/.eslintrc
@@ -0,0 +1,7 @@
+---
+extends: "@elastic/kibana"
+
+settings:
+ import/resolver:
+ '@elastic/eslint-import-resolver-kibana':
+ rootPackageName: 'thehive_button'
diff --git a/roles/build/files/thehive_button/.kibana-plugin-helpers.json b/roles/build/files/thehive_button/.kibana-plugin-helpers.json
new file mode 100644
index 0000000..2c63c08
--- /dev/null
+++ b/roles/build/files/thehive_button/.kibana-plugin-helpers.json
@@ -0,0 +1,2 @@
+{
+}
diff --git a/roles/build/files/thehive_button/index.js b/roles/build/files/thehive_button/index.js
new file mode 100644
index 0000000..fa69c75
--- /dev/null
+++ b/roles/build/files/thehive_button/index.js
@@ -0,0 +1,19 @@
+import newCaseRoute from './server/routes/newcase';
+
+export default function (kibana) {
+ return new kibana.Plugin({
+ require: [], //['elasticsearch'],
+ name: 'thehive_button',
+ uiExports: {
+ visTypes: [
+ 'plugins/thehive_button/main',
+ ],
+ },
+
+ init(server, options) { // eslint-disable-line no-unused-vars
+ // Add server routes and initialize the plugin here
+ newCaseRoute(server);
+ }
+ });
+}
+
diff --git a/roles/build/files/thehive_button/package.json b/roles/build/files/thehive_button/package.json
new file mode 100644
index 0000000..e1c070d
--- /dev/null
+++ b/roles/build/files/thehive_button/package.json
@@ -0,0 +1,35 @@
+{
+ "name": "thehive_button",
+ "version": "1.0.0",
+ "description": "Visualisation plugin which creates a simple button to create a new case in The Hive.",
+ "main": "index.js",
+ "kibana": {
+ "version": "7.4.2"
+ },
+ "scripts": {
+ "lint": "eslint .",
+ "start": "plugin-helpers start",
+ "build": "plugin-helpers build"
+ },
+ "dependencies": {
+ "request": "^2.88.0",
+ "@elastic/eui": "10.4.2",
+ "react": "^16.8.0"
+ },
+ "devDependencies": {
+ "@elastic/eslint-config-kibana": "link:../../packages/eslint-config-kibana",
+ "@elastic/eslint-import-resolver-kibana": "link:../../packages/kbn-eslint-import-resolver-kibana",
+ "@kbn/plugin-helpers": "link:../../packages/kbn-plugin-helpers",
+ "babel-eslint": "^9.0.0",
+ "eslint": "^5.6.0",
+ "eslint-plugin-babel": "^5.2.0",
+ "eslint-plugin-import": "^2.14.0",
+ "eslint-plugin-jest": "^21.26.2",
+ "eslint-plugin-jsx-a11y": "^6.1.2",
+ "eslint-plugin-mocha": "^5.2.0",
+ "eslint-plugin-no-unsanitized": "^3.0.2",
+ "eslint-plugin-prefer-object-spread": "^1.2.1",
+ "eslint-plugin-react": "^7.11.1",
+ "expect.js": "^0.3.1"
+ }
+}
diff --git a/roles/build/files/thehive_button/public/create_case.js b/roles/build/files/thehive_button/public/create_case.js
new file mode 100644
index 0000000..fc8edd6
--- /dev/null
+++ b/roles/build/files/thehive_button/public/create_case.js
@@ -0,0 +1,101 @@
+// Functions to send data to Kibana endpoints
+
+import chrome from 'ui/chrome';
+
+// Create a new Case in The Hive via its API
+// Return a Promise which resolves to object with ID of the new case ('id' attr) or error message ('error' attr)
+export function createTheHiveCase(base_url, api_key, title, descr, severity, startDate, owner, flag, tlp, tags) {
+ // Prepare data
+ var data = JSON.stringify({
+ "base_url": base_url,
+ "api_key": api_key,
+ "body": {
+ "title": title,
+ "description": descr,
+ "severity": severity, // number: 1=low, 2=medium, 3=high
+ "startDate": startDate,
+ "owner": owner, // user name the case will be assigned to
+ "flag": flag, // bool
+ "tlp": tlp, // number: 0=white, 1=green, 2=amber, 3=red
+ "tags": tags, // array of strings
+ }
+ });
+ console.log("TheHiveButton: Sending request to API endpoint 'new_case':", data);
+ var kibana_endpoint_url = chrome.addBasePath('/api/thehive_button/new_case');
+
+ return new Promise(function (resolve, reject) {
+ // Create AJAX request
+ var xhr = new XMLHttpRequest();
+
+ // Listener to process reply
+ xhr.onreadystatechange = function () {
+ if (this.readyState != 4) {
+ return; // response not ready yet
+ }
+ if (this.status == 200) {
+ const resp = JSON.parse(this.responseText);
+ console.log("TheHiveButton: Response from backend:", resp);
+ if ("error" in resp) {
+ resolve({"error": resp.error});
+ }
+ else if (resp.status_code != 201) {
+ resolve({"error": "Unexpected reply received from The Hive: [" + resp.status_code + "] " + resp.status_msg});
+ }
+ else {
+ resolve({"id": resp.body.id}); // return ID of the new case
+ }
+ }
+ else {
+ console.log("TheHiveButton: Error " + this.status + ": " + this.statusText);
+ resolve({"error": "Error " + this.status + ": " + this.statusText});
+ }
+ }
+
+ // Send the AJAX request
+ xhr.open("POST", kibana_endpoint_url);
+ xhr.setRequestHeader("Content-Type", "application/json");
+ xhr.setRequestHeader("kbn-xsrf", "thehive_plugin"); // this header must be set, although its content is probably irrelevant
+ xhr.send(data);
+ });
+}
+
+// Add observables to an existing Case in The Hive
+// (send the list of observables to our backend endpoint, it pushes them to The Hive)
+export function addCaseObservables(base_url, api_key, caseid, observables) {
+ const kibana_endpoint_url = chrome.addBasePath('/api/thehive_button/add_observables');
+ const data = JSON.stringify({
+ "base_url": base_url,
+ "api_key": api_key,
+ "caseid": caseid,
+ "observables": observables,
+ });
+ console.log("TheHiveButton: Sending request to API endpoint 'add_observables':", data);
+
+ return new Promise(function (resolve, reject) {
+ // Create AJAX request
+ var xhr = new XMLHttpRequest();
+
+ // Listener to process reply
+ xhr.onreadystatechange = function () {
+ if (this.readyState != 4) {
+ return; // response not ready yet
+ }
+ if (this.status == 200) {
+ const resp = JSON.parse(this.responseText);
+ console.log("TheHiveButton: Response from backend:", resp);
+ resolve(resp);
+ }
+ else {
+ console.log("TheHiveButton: Error " + this.status + ": " + this.statusText);
+ resolve({"error": "Error " + this.status + ": " + this.statusText});
+ }
+ }
+
+ // Send the AJAX request
+ xhr.open("POST", kibana_endpoint_url);
+ xhr.setRequestHeader("Content-Type", "application/json");
+ xhr.setRequestHeader("kbn-xsrf", "thehive_plugin"); // this header must be set, although its content is probably irrelevant
+ xhr.send(data);
+ });
+}
+
diff --git a/roles/build/files/thehive_button/public/env.js b/roles/build/files/thehive_button/public/env.js
new file mode 100644
index 0000000..4321b85
--- /dev/null
+++ b/roles/build/files/thehive_button/public/env.js
@@ -0,0 +1,4 @@
+// Default plugin configuration
+export const THEHIVE_URL = 'https://hive.gn4-3-wp8-soc.sunet.se/';
+export const THEHIVE_API_KEY = '5LymseWiurZBrQN8Kqp8O+9KniTL5cE0';
+export const THEHIVE_OWNER = 'admin'; // default owner account of the created cases
diff --git a/roles/build/files/thehive_button/public/main.js b/roles/build/files/thehive_button/public/main.js
new file mode 100644
index 0000000..ee46d73
--- /dev/null
+++ b/roles/build/files/thehive_button/public/main.js
@@ -0,0 +1,54 @@
+import { THEHIVE_API_KEY, THEHIVE_URL, THEHIVE_OWNER } from './env';
+import { TheHiveButtonVisComponent } from './vis_controller';
+import { theHiveButtonRequestHandlerProvider } from './request_handler';
+import { optionsEditor } from './options_editor';
+
+import { VisFactoryProvider } from 'ui/vis/vis_factory';
+import { VisTypesRegistryProvider } from 'ui/registry/vis_types';
+import { DefaultEditorSize } from 'ui/vis/editor_size';
+
+
+function TheHiveButtonVisProvider(Private) {
+ const VisFactory = Private(VisFactoryProvider);
+
+ //console.log("default URL:", THEHIVE_URL);
+ //console.log("default API key:", THEHIVE_API_KEY);
+
+ return VisFactory.createReactVisualization({
+ name: 'thehive_button',
+ title: 'The Hive Case',
+ icon: 'alert',
+ description: 'A button to create a new Case in The Hive.',
+ //requiresUpdateStatus: [Status.PARAMS, Status.RESIZE, Status.UI_STATE],
+ visConfig: {
+ component: TheHiveButtonVisComponent,
+ defaults: {
+ // add default parameters
+ url: THEHIVE_URL,
+ apikey: THEHIVE_API_KEY,
+ owner: THEHIVE_OWNER,
+ obsFields: [], // list of objects, e.g. {name: "clientip", type: "ip", cnt: 100}
+ }
+ },
+ //editor: 'default',
+ editorConfig: {
+ optionTabs: [
+ {
+ name: "options",
+ title: "Options",
+ editor: optionsEditor,
+ }
+ ],
+ defaultSize: DefaultEditorSize.LARGE,
+ },
+// optionsTemplate: optionsEditor, //optionsTemplate,
+// //enableAutoApply: true,
+// },
+ requestHandler: 'theHiveButtonRequestHandler', // own request handler
+ responseHandler: 'none', // pass data as returned by requestHandler
+ });
+}
+
+// register the provider with the visTypes registry
+VisTypesRegistryProvider.register(TheHiveButtonVisProvider);
+
diff --git a/roles/build/files/thehive_button/public/options_editor.js b/roles/build/files/thehive_button/public/options_editor.js
new file mode 100644
index 0000000..38762bd
--- /dev/null
+++ b/roles/build/files/thehive_button/public/options_editor.js
@@ -0,0 +1,176 @@
+import React from 'react';
+import {
+ EuiForm,
+ EuiFormRow,
+ EuiTitle,
+ EuiSpacer,
+ EuiFieldText,
+ EuiFieldNumber,
+ EuiSelect,
+ EuiFlexGroup,
+ EuiFlexItem,
+ EuiButton,
+ EuiButtonIcon,
+} from '@elastic/eui';
+
+// Default data types in The Hive
+const DEFAULT_THE_HIVE_TYPES = [
+ '',
+ 'autonomous-system',
+ 'domain',
+ 'file',
+ 'filename',
+ 'fqdn',
+ 'hash',
+ 'ip',
+ 'mail',
+ 'mail_subject',
+ 'regexp',
+ 'registry',
+ 'uri_path',
+ 'url',
+ 'user-agent',
+ 'other',
+];
+
+// Options for EuiSelect for selection of field's data type in TheHive
+const typesOptions = DEFAULT_THE_HIVE_TYPES.map( dt => ({value: dt, text: dt}) );
+
+export function optionsEditor(props) {
+ //console.log("editor render(), props:", props);
+ const { stateParams, setValue, setValidity, vis } = props;
+
+ // onClick/onChange handlers
+ const obsAddNew = () => {
+ const newObsFields = [...stateParams.obsFields, {name: "", type: "", cnt: 100}];
+ // For some reason, first click on the button after editor is loaded does
+ // nothing. Calling setValue twice here fixes it.
+ setValue("obsFields", newObsFields);
+ setValue("obsFields", newObsFields);
+// setValidity(false); // since new row is empty, form is always invalid
+ };
+ const obsRemove = (ix) => {
+ let newArray = [...stateParams.obsFields];
+ newArray.splice(ix, 1);
+ setValue("obsFields", newArray);
+// validate();
+ }
+ const obsSetName = (ix, name) => {
+ let newArray = [...stateParams.obsFields];
+ newArray[ix].name = name;
+ setValue("obsFields", newArray);
+// validate();
+ }
+ const obsSetType = (ix, type) => {
+ let newArray = [...stateParams.obsFields];
+ newArray[ix].type = type;
+ setValue("obsFields", newArray);
+// validate();
+ }
+ const obsSetCnt = (ix, cnt) => {
+ let newArray = [...stateParams.obsFields];
+ newArray[ix].cnt = parseInt(cnt);
+ setValue("obsFields", newArray);
+// validate();
+ }
+// const validate = () => {
+// let valid = true;
+// for (let field of stateParams.obsFields) {
+// if (field.name == "" || field.type == "" || field.cnt == "") {
+// valid = false;
+// break;
+// }
+// }
+// // TODO check for duplicate fields
+// setValidity(valid);
+// }
+
+ // Get list of all fields in index (except those beginning with "_" or "@")
+ // and create "options" parameter for EuiSelect.
+ // Also, fields with "aggregatable=false" are removed, as they can't be used
+ // with "terms" aggregation we need.
+ // See this for details: https://www.elastic.co/guide/en/elasticsearch/reference/7.x/fielddata.html
+ // Empty field is added at the beginning, meaning "no selection yet".
+ const fieldOptions = [{value: "", text: ""}].concat(
+ vis.indexPattern.fields.raw.filter( f => (f.name[0] != "_" && f.name[0] != "@" && f.aggregatable) ).map( f => ({value: f.name, text: `${f.name} (${f.type})`}) )
+ );
+
+ return <EuiForm>
+ <EuiFormRow fullWidth={true} label="Base URL of The Hive">
+ <EuiFieldText
+ fullWidth={true}
+ value={stateParams.url}
+ onChange={e => setValue('url', e.target.value)}
+ isInvalid={stateParams.url == ""}
+ />
+ </EuiFormRow>
+ <EuiFlexGroup>
+ <EuiFlexItem grow={1}>
+ <EuiFormRow label="API key to access The Hive" helpText="API key of a user with write permission.">
+ <EuiFieldText
+ fullWidth={true}
+ value={stateParams.apikey}
+ onChange={e => setValue('apikey', e.target.value)}
+ isInvalid={stateParams.apikey == ""}
+ />
+ </EuiFormRow>
+ </EuiFlexItem>
+ <EuiFlexItem grow={1}>
+ <EuiFormRow label="Assignee" helpText="User to assign created cases to. Must be a valid username from The Hive instance.">
+ <EuiFieldText
+ value={stateParams.owner}
+ onChange={e => setValue('owner', e.target.value)}
+ isInvalid={stateParams.owner == ""}
+ />
+ </EuiFormRow>
+ </EuiFlexItem>
+ </EuiFlexGroup>
+ <EuiTitle size="s"><h3>Fields to get potential observables from ...</h3></EuiTitle>
+ <EuiSpacer size="s" />
+ {stateParams.obsFields.map( (field, ix) => (
+ <EuiFlexGroup key={ix} gutterSize="s">
+ <EuiFlexItem grow={3}>
+ <EuiFormRow label="Field name">
+ <EuiSelect
+ options={fieldOptions}
+ value={field.name}
+ onChange={ e => obsSetName(ix, e.target.value) }
+ isInvalid={field.name == ""}
+ />
+ </EuiFormRow>
+ </EuiFlexItem>
+ <EuiFlexItem grow={2}>
+ <EuiFormRow label="Data type in The Hive">
+ <EuiSelect
+ options={typesOptions}
+ value={field.type}
+ onChange={ e => obsSetType(ix, e.target.value) }
+ isInvalid={field.type == ""}
+ />
+ </EuiFormRow>
+ </EuiFlexItem>
+ <EuiFlexItem grow={1}>
+ <EuiFormRow label="Max items shown">
+ <EuiFieldNumber
+ min={1}
+ max={1000}
+ value={parseInt(field.cnt)}
+ onChange={ e => obsSetCnt(ix, e.target.value) }
+ isInvalid={!(field.cnt > 0)}
+ />
+ </EuiFormRow>
+ </EuiFlexItem>
+ <EuiFlexItem grow={false}>
+ <EuiFormRow hasEmptyLabelSpace>
+ <EuiButtonIcon iconType="trash" iconSize="m" color="danger" aria-label="Remove field" onClick={ e => obsRemove(ix) } />
+ </EuiFormRow>
+ </EuiFlexItem>
+ </EuiFlexGroup>
+ ))}
+ <EuiFlexGroup>
+ <EuiFlexItem grow={false}>
+ <EuiButton iconType="plusInCircleFilled" color="primary" onClick={obsAddNew}>Add new field ...</EuiButton>
+ </EuiFlexItem>
+ </EuiFlexGroup>
+ </EuiForm>
+}
diff --git a/roles/build/files/thehive_button/public/options_template.html b/roles/build/files/thehive_button/public/options_template.html
new file mode 100644
index 0000000..ef99657
--- /dev/null
+++ b/roles/build/files/thehive_button/public/options_template.html
@@ -0,0 +1,8 @@
+<div class="form-group">
+ <p><label>Base URL of The Hive</label>
+ <input ng-model="editorState.params.url" class=form-control /></p>
+ <p><label>API key</label>
+ <input ng-model="editorState.params.apikey" class=form-control /></p>
+ <p><label>User name to use as the owner of cases created from here</label>
+ <input ng-model="editorState.params.owner" class=form-control /></p>
+</div>
diff --git a/roles/build/files/thehive_button/public/request_handler.js b/roles/build/files/thehive_button/public/request_handler.js
new file mode 100644
index 0000000..bdbb0f4
--- /dev/null
+++ b/roles/build/files/thehive_button/public/request_handler.js
@@ -0,0 +1,195 @@
+import { CourierRequestHandlerProvider as courierRequestHandlerProvider } from 'ui/vis/request_handlers/courier';
+import { SearchSourceProvider } from 'ui/courier/search_source';
+import { RequestAdapter, DataAdapter } from 'ui/inspector/adapters';
+import { VisRequestHandlersRegistryProvider } from 'ui/registry/vis_request_handlers';
+import { AggConfig } from 'ui/vis/agg_config';
+import { AggConfigs } from 'ui/vis/agg_configs';
+import { getTime } from 'ui/timefilter/get_time';
+import { i18n } from '@kbn/i18n';
+import { has } from 'lodash';
+import { calculateObjectHash } from 'ui/vis/lib/calculate_object_hash';
+import { getRequestInspectorStats, getResponseInspectorStats } from 'ui/courier/utils/courier_inspector_utils';
+import chrome from 'ui/chrome';
+
+// Maximum number of unique values of each field (observables) to fetch
+const MAX_NUMBER_OF_TERMS = 5;
+
+const handleCourierRequest = courierRequestHandlerProvider().handler;
+
+// Register new RaquestHandlerProvider
+const theHiveButtonRequestHandlerProvider = function () {
+ return {
+ name: 'theHiveButtonRequestHandler',
+ handler: theHiveButtonRequestHandler,
+ }
+}
+VisRequestHandlersRegistryProvider.register(theHiveButtonRequestHandlerProvider);
+
+export {theHiveButtonRequestHandlerProvider, theHiveButtonRequestHandler};
+
+
+// The request handler function itself
+async function theHiveButtonRequestHandler(params) {
+ //console.log("theHiveButtonRequestHandler params:", params);
+
+ let index = params.index;
+ let partialRows = params.partialRows;
+ let metricsAtAllLevels = params.metricsAtAllLevels;
+ let timeRange = params.timeRange;
+ let query = params.query;
+ let filters = params.filters;
+ let inspectorAdapters = params.inspectorAdapters;
+ let queryFilter = params.queryFilter;
+ let forceFetch = params.forceFetch;
+ // our own confiuration:
+ // list of fields to get potential observables from
+ // (each "field" is object {name: str, type: str, cnt: int})
+ let obsFields = params.visParams.obsFields;
+
+ // filter out invalid field specifications
+ obsFields = obsFields.filter( f => (f.name != "" && f.type != "" && f.cnt > 0) );
+
+ if (obsFields.length == 0) {
+ //console.log("theHiveButtonRequestHandler: Empty obsFields, nothing to do")
+ return {} // no fields specified, nothing to do
+ }
+
+ // === Prepare request to ask for unique values of all selected fields ===
+
+ // Construct a query for ElasticSearch
+ // Get "terms" (most common unique values) for each field of obsFields
+ const aggs_dsl = {}
+ for (let field of obsFields) {
+ aggs_dsl[field.name] = {
+ terms: {
+ field: field.name,
+ size: field.cnt,
+ order: {_count: "desc"}
+ }
+ };
+ }
+ //console.log("aggs_dsl:", aggs_dsl);
+
+ // Create empty AggConfigs
+ // (We could pass specifications of a metric and the buckets here,
+ // but default processing functions assume multiple buckets are sub-buckets,
+ // which is not what we want. So we must do a "hack" and manually create
+ // query directly in format for ElasticSearch)
+ const aggs = new AggConfigs(params.index, []);
+
+ // === Some magic to get searchSource object ===
+ // (inspired by https://github.com/fbaligand/kibana-enhanced-table/blob/7.4/public/data_load/enhanced-table-request-handler.js)
+ // (I don't understand it, but it works)
+
+ let $injector = await chrome.dangerouslyGetActiveInjector();
+ let Private = $injector.get('Private');
+ let SearchSource = Private(SearchSourceProvider);
+ let searchSource = new SearchSource();
+ searchSource.setField('index', index);
+ searchSource.setField('size', 0);
+
+ inspectorAdapters.requests = new RequestAdapter();
+ inspectorAdapters.data = new DataAdapter();
+
+
+ // === Execute query ===
+ // We could call standard "courier" here, but it tries to convert the response
+ // to a table, which fails in our case, so we copied the main code of courier
+ // and modified it here.
+
+ const abortSignal = false;
+
+ const timeFilterSearchSource = searchSource.createChild({ callParentStartHandlers: true });
+ const requestSearchSource = timeFilterSearchSource.createChild({ callParentStartHandlers: true });
+
+ aggs.setTimeRange(timeRange);
+
+ // For now we need to mirror the history of the passed search source, since
+ // the request inspector wouldn't work otherwise.
+ Object.defineProperty(requestSearchSource, 'history', {
+ get() {
+ return searchSource.history;
+ },
+ set(history) {
+ return searchSource.history = history;
+ }
+ });
+
+ // This has been modified to override DSL format by ours
+// requestSearchSource.setField('aggs', function () {
+// return aggs.toDsl(metricsAtAllLevels);
+// });
+ requestSearchSource.setField('aggs', aggs_dsl);
+
+ requestSearchSource.onRequestStart((searchSource, searchRequest) => {
+ return aggs.onSearchRequestStart(searchSource, searchRequest);
+ });
+
+ if (timeRange) {
+ timeFilterSearchSource.setField('filter', () => {
+ return getTime(searchSource.getField('index'), timeRange);
+ });
+ }
+
+ requestSearchSource.setField('filter', filters);
+ requestSearchSource.setField('query', query);
+
+ const reqBody = await requestSearchSource.getSearchRequestBody();
+
+ const queryHash = calculateObjectHash(reqBody);
+ // We only need to reexecute the query, if forceFetch was true or the hash of the request body has changed
+ // since the last request
+ const shouldQuery = forceFetch || (searchSource.lastQuery !== queryHash);
+
+ if (shouldQuery) {
+ inspectorAdapters.requests.reset();
+ const request = inspectorAdapters.requests.start(
+ i18n.translate('common.ui.vis.courier.inspector.dataRequest.title', { defaultMessage: 'Data' }),
+ {
+ description: i18n.translate('common.ui.vis.courier.inspector.dataRequest.description',
+ { defaultMessage: 'This request queries Elasticsearch to fetch the data for the visualization.' }),
+ }
+ );
+ request.stats(getRequestInspectorStats(requestSearchSource));
+
+ try {
+ // Abort any in-progress requests before fetching again
+ if (abortSignal) {
+ abortSignal.addEventListener('abort', () => requestSearchSource.cancelQueued());
+ }
+
+ const response = await requestSearchSource.fetch();
+ //console.log("raw response:", response);
+
+ searchSource.lastQuery = queryHash;
+
+ request
+ .stats(getResponseInspectorStats(searchSource, response))
+ .ok({ json: response });
+
+ searchSource.rawResponse = response;
+ } catch(e) {
+ // Log any error during request to the inspector
+ request.error({ json: e });
+ throw e;
+ } finally {
+ // Add the request body no matter if things went fine or not
+ requestSearchSource.getSearchRequestBody().then(req => {
+ request.json(req);
+ });
+ }
+ }
+
+ // === Copy of courier code ends here, now we parse the response ===
+
+ const resp = searchSource.rawResponse;
+ // Return as object containing a list of unique values (terms) for each
+ // requested field
+ let unique_values_lists = {}
+ for (let field of obsFields) {
+ unique_values_lists[field.name] = resp.aggregations[field.name].buckets.map( (x) => x.key );
+ }
+
+ //console.log("Final lists:", unique_values_lists);
+ return unique_values_lists;
+}
diff --git a/roles/build/files/thehive_button/public/vis.less b/roles/build/files/thehive_button/public/vis.less
new file mode 100644
index 0000000..b6f887a
--- /dev/null
+++ b/roles/build/files/thehive_button/public/vis.less
@@ -0,0 +1,3 @@
+.myvis-container-div {
+ padding: 1em;
+}
diff --git a/roles/build/files/thehive_button/public/vis_controller.js b/roles/build/files/thehive_button/public/vis_controller.js
new file mode 100644
index 0000000..8b23222
--- /dev/null
+++ b/roles/build/files/thehive_button/public/vis_controller.js
@@ -0,0 +1,555 @@
+//import { Status } from 'ui/vis/update_status';
+import { toastNotifications } from 'ui/notify';
+import { createTheHiveCase, addCaseObservables } from './create_case';
+//import vis_template from './vis_template.html';
+
+import React, { Component } from 'react';
+import {
+ EuiButton,
+ EuiButtonEmpty,
+ EuiModal,
+ EuiModalBody,
+ EuiModalFooter,
+ EuiModalHeader,
+ EuiModalHeaderTitle,
+ EuiOverlayMask,
+ EuiTitle,
+ EuiFlexGroup,
+ EuiFlexItem,
+ EuiSpacer,
+ EuiForm,
+ EuiFormRow,
+ EuiFieldText,
+ EuiTextArea,
+ EuiSuperSelect,
+ EuiBasicTable,
+ EuiCheckbox,
+ makeId,
+} from '@elastic/eui';
+
+
+// ********** React components **********
+
+// Main React component - the root of visualization
+export class TheHiveButtonVisComponent extends Component {
+ render() {
+ //console.log("TheHiveButtonVisComponent.render(), props:", this.props);
+ return (
+ <div>
+ <NewCaseButton params={this.props.vis.params} observables={this.props.visData} />
+ </div>
+ );
+ }
+
+ componentDidMount() {
+ this.props.renderComplete();
+ }
+
+ componentDidUpdate() {
+ this.props.renderComplete();
+ }
+}
+
+// Button to show the pop-up window (modal)
+// Props:
+// .params - visualization parameters (from vis.params)
+// .observables - object with lists of potential observables to add to the Case
+// for each field in params.obsFields there should be a key in this object
+// containing list of observables (this is returned by request_handler)
+class NewCaseButton extends Component {
+
+ constructor(props) {
+ super(props);
+ // Filter out invalid obsField specifications
+ this.obsFields = props.params.obsFields.filter( f => (f.name != "" && f.type != "" && f.cnt > 0) );
+ //console.log("Filtered field specs:", this.obsFields);
+
+ // The complete state is here, so it's kept even when modal is closed
+ this.state = {
+ isModalVisible: false,
+ isWorking: false, // used to show a spinner on submit button
+ ...this.create_initial_state(),
+ }
+
+ this.resetCnt = 0; // used to change Modal component key on each form reset
+
+ // Each handler function in a class (method) must be "binded" this way
+ this.closeModal = this.closeModal.bind(this);
+ this.showModal = this.showModal.bind(this);
+ this.resetForm = this.resetForm.bind(this);
+
+ this.onTitleChange = this.onTitleChange.bind(this);
+ this.onSeverityChange = this.onSeverityChange.bind(this);
+ this.onTLPChange = this.onTLPChange.bind(this);
+ this.onDescriptionChange = this.onDescriptionChange.bind(this);
+
+ this.onObsSelectionChange = this.onObsSelectionChange.bind(this);
+ this.onObsDataChange = this.onObsDataChange.bind(this);
+
+ this.submitCase = this.submitCase.bind(this);
+ }
+
+ create_initial_state() {
+ // create a new instance of initial state definition
+ let initial_state = {
+ // Case parameters
+ title: "",
+ description: "\n\n--\nCreated from Kibana",
+ severity: "2", // medium
+ tlp: "2", // amber
+ tags: [], // TODO (not implemented yet)
+ obsData: {}, // state of observables form fields (obsData->field->index->{descr,tlp,ioc,tags})
+ obsSel: {}, // list of observable selections (obsSel->field->list_of_selected_indices)
+ }
+ // pre-fill state of each observable to defaults
+ const initial_field_data = {descr: "", tlp: 2, ioc: false, tags: []};
+ for (let field of this.obsFields) {
+ const n_obs = this.props.observables[field.name].length;
+ // fill obsData with new copies of initial_field_data
+ initial_state.obsData[field.name] = new Array(n_obs).fill().map((_)=>({...initial_field_data}));
+ // nothing is selected
+ initial_state.obsSel[field.name] = new Array();
+ }
+ return initial_state;
+ }
+
+ componentDidUpdate(prevProps) {
+ // If list of observables was updated or obsFields setting has changed,
+ // reset the component state and precomputed variables.
+ if (this.props.observables != prevProps.observables) {
+ if (this.props.params.obsFields != prevProps.params.obsFields) {
+ // when obsFields change, observables must change as well, so this "if"
+ // can be inside the first one.
+ // Filter out invalid obsField specifications
+ this.obsFields = this.props.params.obsFields.filter( f => (f.name != "" && f.type != "" && f.cnt && f.cnt > 0) );
+ //console.log("Filtered field specs:", this.obsFields);
+ }
+ //console.log("New list of observables, resetting form.");
+ this.resetForm();
+ }
+ }
+
+ resetForm() {
+ this.setState(this.create_initial_state());
+ this.resetCnt += 1; // this changes the key of ModalContent, causing it to be replaced by new DOM elelments (otherwise, not all things are reset properly)
+ this.forceUpdate();
+ }
+
+ closeModal() {
+ this.setState({ isModalVisible: false });
+ }
+
+ showModal() {
+ this.setState({ isModalVisible: true });
+ }
+
+ // Event handlers for change of case parameter
+ onTitleChange(evt) {
+ this.setState({title: evt.target.value});
+ }
+ onSeverityChange(value) {
+ this.setState({severity: value});
+ }
+ onTLPChange(value) {
+ this.setState({tlp: value});
+ }
+ onDescriptionChange(evt) {
+ this.setState({description: evt.target.value});
+ }
+
+ // Event handler for observable (de)selection
+ onObsSelectionChange(fieldName, selectedItems) {
+ // Extract indices from the items and store them into state
+ const selectedIndices = selectedItems.map(item4 => item4.i);
+ this.setState((state, props) => {
+ let newObsSel = {...this.state.obsSel};
+ newObsSel[fieldName] = selectedIndices;
+ return {obsSel: newObsSel};
+ });
+ }
+
+ // Event handler for edit of a form field in observable row
+ // - fieldName: which field (table of observables)
+ // - ix: index of the observable in the field's table
+ // - param: one of: descr,tlp,ioc,tags
+ // - value: new value of the form field
+ onObsDataChange(fieldName, ix, param, value) {
+ this.setState((state, props) => {
+ let newObsData = {...this.state.obsData};
+ newObsData[fieldName][ix][param] = value;
+ return {obsData: newObsData};
+ });
+ }
+
+ // Render function
+ render() {
+ let modal;
+ if (this.state.isModalVisible) {
+ modal = <ModalContent
+ resetCnt={this.resetCnt} // used to change "key" of modalBody, causing all form fields to be re-created (some things are not reset properly by reseting state only)
+ close={this.closeModal}
+ reset={this.resetForm}
+ fields={this.obsFields}
+ observables={this.props.observables}
+ // form state
+ title={this.state.title}
+ description={this.state.description}
+ severity={this.state.severity}
+ tlp={this.state.tlp}
+ tags={this.state.tags}
+ obsData={this.state.obsData}
+ obsSel={this.state.obsSel}
+ spinner={this.state.isWorking}
+ // event handlers
+ onTitleChange={this.onTitleChange}
+ onSeverityChange={this.onSeverityChange}
+ onTLPChange={this.onTLPChange}
+ onDescriptionChange={this.onDescriptionChange}
+ onObsSelectionChange={this.onObsSelectionChange}
+ onObsDataChange={this.onObsDataChange}
+ submitCase={this.submitCase}
+ />;
+ }
+ return (
+ <div>
+ <EuiButton fill iconType="alert" color="danger" onClick={this.showModal}>Create new Case ...</EuiButton>
+ {modal}
+ </div>
+ );
+ }
+
+ // Submit case button handler
+ async submitCase(evt) {
+ const params = this.props.params;
+
+ // Get case parameters
+ const title = this.state.title;
+ const descr = this.state.description;
+ const severity = parseInt(this.state.severity);
+ const start_date = null;
+ const owner = params.owner;
+ const flag = false;
+ const tlp = parseInt(this.state.tlp);
+ const tags = this.state.tags;
+
+ if (!title) {
+ toastNotifications.addDanger("Title can't be empty");
+ return;
+ }
+
+ // Get list of selected observables and their params
+ let observables = [];
+ for (let field of this.obsFields) {
+ let selectionIndices = [...this.state.obsSel[field.name]]; // make a copy
+ selectionIndices.sort();
+ for (let i = 0; i < selectionIndices.length; i++) {
+ const j = selectionIndices[i]; // index of a selected obs. in the list of all observables
+ // fill in observable definition according to model at
+ // https://github.com/TheHive-Project/TheHiveDocs/blob/master/api/artifact.md
+ const obs = {
+ dataType: field.type,
+ data: this.props.observables[field.name][j],
+ message: this.state.obsData[field.name][j].descr,
+ tlp: this.state.obsData[field.name][j].tlp,
+ ioc: this.state.obsData[field.name][j].ioc,
+ tags: this.state.obsData[field.name][j].tags,
+ };
+ observables.push(obs);
+ }
+ }
+
+ //console.log("Selected observables:", observables);
+
+ // Check '/' at the end of base URL, add it if needed
+ let base_url = params.url;
+ if (base_url[base_url.length-1] != "/") {
+ base_url += "/";
+ }
+
+ // Show spinner at submit button
+ this.setState({isWorking: true});
+
+ // Submit request to create the case, handle response
+ let resp;
+ resp = await createTheHiveCase(base_url, params.apikey, title, descr, severity, start_date, owner, flag, tlp, tags);
+
+ if ('error' in resp) {
+ // Error contacting The Hive
+ console.error("TheHiveButton: ERROR when trying to create new case:", resp.error);
+ toastNotifications.addDanger("ERROR: " + resp.error);
+ this.setState({isWorking: false}); // Hide spinner
+ return;
+ }
+
+ console.log("TheHiveButton: Case created:", resp);
+ const case_id = resp.id;
+ const case_url = base_url + "index.html#/case/" + case_id + "/details";
+
+ // Show notification
+ let obs_text;
+ if (observables.length > 0) {
+ obs_text = "Adding " + observables.length + " observables in background ...";
+ }
+ else {
+ obs_text = "(no observables added)";
+ }
+ toastNotifications.add({
+ title: "Case created",
+ color: "success",
+ iconType: "checkInCircleFilled",
+ text: (
+ <div>
+ <p><b><a href={case_url} target="_blank">Edit the new Case</a></b></p>
+ <p>{obs_text}</p>
+ </div>
+ ),
+ });
+
+ // Close the popup window, reset form fields and hide spinner
+ this.closeModal();
+ this.resetForm();
+ this.setState({isWorking: false});
+
+ // Open a new window with the case in The Hive
+ // (adding observables may take some time, so the case is opened first;
+ // The Hive web is dynamic so the observables appear as they are added)
+ window.open(case_url, '_blank');
+
+ if (observables.length == 0)
+ return;
+
+ // Submit request to add observables
+ console.log("TheHiveButton: adding " + observables.length + " observables ...");
+ resp = await addCaseObservables(base_url, params.apikey, case_id, observables);
+
+ if ('error' in resp) {
+ console.error("TheHiveButton: ERROR when trying to add observables: " + resp.error);
+ toastNotifications.addDanger("ERROR when trying to add observables: " + resp.error);
+ }
+ else {
+ console.log("TheHiveButton: Done, observables added.");
+ toastNotifications.add("Done, observables added.");
+ }
+ }
+}
+
+
+// The popup window with a form
+// props:
+// - spinner: when true, disable form and show a spinner over it
+class ModalContent extends Component {
+ constructor(props) {
+ super(props);
+ // No state here, everything is in the parent class (NewCaseButton)
+
+ // "Select" options
+ this.severityOptions = [
+ {value: "1", inputDisplay: "low"},
+ {value: "2", inputDisplay: "medium"},
+ {value: "3", inputDisplay: "high"},
+ ];
+ this.tlpOptions = [
+ {value: "0", inputDisplay: "white"},
+ {value: "1", inputDisplay: "green"},
+ {value: "2", inputDisplay: "amber"},
+ {value: "3", inputDisplay: "red"},
+ ];
+ }
+
+ // Main render function
+ render() {
+ // TODO: replace Modal with Flyout?
+
+ // Note: onClick on EuiOverlayMask causes close of modal when clicked outside,
+ // implementation inspired by PR: https://github.com/elastic/eui/pull/3462/files#diff-c8fda532e48f75c94c343247cbc6b2d3R53-R60
+ return (
+ <EuiOverlayMask onClick={(evt) => {if (evt.target.classList.contains("euiOverlayMask")) this.props.close();} }>
+ <EuiModal onClose={this.props.close} maxWidth={false} initialFocus="[name=title]">
+ <EuiModalHeader>
+ <EuiModalHeaderTitle>Create a new case in The Hive</EuiModalHeaderTitle>
+ </EuiModalHeader>
+
+ <EuiModalBody key={this.props.resetCnt}>
+ <EuiForm style={{width: "800px"}}>
+ <EuiFlexGroup>
+ <EuiFlexItem grow={1}>
+ <EuiFormRow label="Title" fullWidth>
+ <EuiFieldText name="title" value={this.props.title} onChange={this.props.onTitleChange} required={true} fullWidth />
+ </EuiFormRow>
+ </EuiFlexItem>
+ <EuiFlexItem grow={false}>
+ <EuiFormRow label="Severity">
+ <EuiSuperSelect
+ options={this.severityOptions}
+ valueOfSelected={this.props.severity}
+ onChange={this.props.onSeverityChange}
+ />
+ </EuiFormRow>
+ </EuiFlexItem>
+ <EuiFlexItem grow={false}>
+ <EuiFormRow label="TLP">
+ <EuiSuperSelect
+ prepend="TLP"
+ options={this.tlpOptions}
+ valueOfSelected={this.props.tlp}
+ onChange={this.props.onTLPChange}
+ />
+ </EuiFormRow>
+ </EuiFlexItem>
+ </EuiFlexGroup>
+ <EuiFormRow label="Description" fullWidth>
+ <EuiTextArea
+ defaultValue={this.props.description}
+ onChange={this.props.onDescriptionChange}
+ rows={4}
+ fullWidth
+ />
+ </EuiFormRow>
+
+ {this.props.fields.length > 0 && <EuiTitle size="s"><h3>Add observables from current query ...</h3></EuiTitle>}
+ {this.props.fields.map((field,ix) => (
+ <ObservablesTable
+ key={field.name + ":" + this.props.resetCnt}
+ fieldName={field.name}
+ observables={this.props.observables[field.name]}
+ obsData={this.props.obsData[field.name]}
+ obsSel={this.props.obsSel[field.name]}
+ onObsSelectionChange={this.props.onObsSelectionChange}
+ onObsDataChange={this.props.onObsDataChange}
+ />
+ ))}
+ </EuiForm>
+ </EuiModalBody>
+
+ <EuiModalFooter>
+ <EuiButtonEmpty onClick={this.props.close}>Close</EuiButtonEmpty>
+ <EuiButtonEmpty onClick={this.props.reset}>Reset</EuiButtonEmpty>
+ <EuiButton onClick={this.props.submitCase} fill isLoading={this.props.spinner}>Create Case</EuiButton>
+ </EuiModalFooter>
+ </EuiModal>
+ </EuiOverlayMask>
+ );
+ }
+}
+
+// Table of potential observables taken from a given field, allowing to select
+// which observables to send to The Hive.
+// Props:
+// fieldName - name of the field this table is for
+// observables - list of observable IDs of this field
+// obsData - array of objects specifying state of form fields in the table (.descr, .tlp, ...)
+// obsSel - array of indices of selected observables
+class ObservablesTable extends Component {
+
+ constructor(props) {
+ super(props);
+
+ // Table columns definition
+ this.columns = [
+ {
+ field: "id",
+ name: "Observable",
+ },
+ {
+ field: "descr",
+ name: "Description",
+ description: "Description of the observable in the context of the case",
+ render: (value, item1) => (<EuiFieldText
+ value={item1.descr}
+ onChange={(e) => this.props.onObsDataChange(props.fieldName, item1.i, "descr", e.target.value)}
+ disabled={!item1.selected}
+ />)
+ },
+ /*{
+ field: "tlp",
+ name: "TLP",
+ dataType: "number",
+ // TODO render and process changes
+ },*/
+ {
+ field: "ioc",
+ name: "Is IOC",
+ dataType: "boolean",
+ description: "Indicates if the observable is an IOC",
+ render: (value, item2) => (<EuiCheckbox
+ id={"ioc-checkbox-"+item2.id}
+ checked={item2.ioc}
+ onChange={(e) => this.props.onObsDataChange(props.fieldName, item2.i, "ioc", e.target.checked)}
+ disabled={!item2.selected}
+ />)
+ },
+ /*{
+ field: "tags",
+ name: "Tags",
+ // TODO render and process changes
+ },*/
+ ]
+
+ // Create a reference to EuiBasicTable, so it's node can be accessed in componentDidMount
+ this.tableRef = React.createRef();
+ }
+
+ render() {
+ // Table data definition (convert props to format suitable for EuiBasicTable)
+ const n_obs = this.props.observables.length;
+ this.table_data = new Array(n_obs);
+ for (let i = 0; i < n_obs; i++) {
+ this.table_data[i] = {
+ id: this.props.observables[i],
+ descr: this.props.obsData[i].descr,
+ tlp: this.props.obsData[i].tlp,
+ ioc: this.props.obsData[i].ioc,
+ tags: this.props.obsData[i].tags,
+ // auxiliary fields, not shown in table:
+ i: i, // row index
+ selected: this.props.obsSel.includes(i),
+ };
+ }
+
+ return (
+ <>
+ <EuiTitle size="xs"><h4>{this.props.fieldName}</h4></EuiTitle>
+ <EuiBasicTable
+ ref={this.tableRef}
+ columns={this.columns}
+ items={this.table_data}
+ itemId={(item3) => item3.id}
+ selection={ {onSelectionChange: (selectedItems) => this.props.onObsSelectionChange(this.props.fieldName, selectedItems) } }
+ noItemsMessage="No observables found"
+ rowProps={{
+ // Hack to allow selection by clicking anywhere in the table row
+ // (except input elements)
+ onClick: (e) => {
+ if (e.target.tagName != "INPUT") {
+ // simulate click on the first checkbox in the row to (de)select the row
+ e.currentTarget.querySelector("input").click();
+ e.currentTarget.blur(); // without this the focus remains on the row after click (results in different color)
+ }
+ },
+ tabIndex: "-1", // prevents focus on row by keyboard navigation
+ }}
+ />
+ <EuiSpacer size="l" />
+ </>
+ )
+ }
+
+ componentDidMount() {
+ // There's no way to specify initially selected items in EuiBasicTable by
+ // props, but we may need to select some (in case a user selects some obs.,
+ // closes the modal and opens it again).
+ // However, the selection is stored as a 'selection' field of table's state,
+ // so here we directly edit the state just after the table is created.
+
+ // Prepare the 'selection' array - it should contain a list of selected row specifications
+ let selection = [];
+ for (let ix of this.props.obsSel) {
+ selection.push(this.table_data[ix]);
+ }
+
+ // Get ref to EuiBasicTable element and update its state
+ const table_node = this.tableRef.current;
+ table_node.setState({selection: selection});
+ }
+}
+
diff --git a/roles/build/files/thehive_button/server/routes/newcase.js b/roles/build/files/thehive_button/server/routes/newcase.js
new file mode 100644
index 0000000..175dee8
--- /dev/null
+++ b/roles/build/files/thehive_button/server/routes/newcase.js
@@ -0,0 +1,153 @@
+const request = require('request');
+//const fs = require('fs');
+//const path = require('path');
+
+//const caFile = path.resolve(__dirname, '../../ca.cert.pem'); // TODO resolve where the CA file should be located / configured
+
+export default function (server) {
+ server.route({
+ path: '/api/thehive_button/new_case',
+ method: 'POST',
+ handler: newCaseHandler,
+ });
+ server.route({
+ path: '/api/thehive_button/add_observables',
+ method: 'POST',
+ handler: addObservablesHandler,
+ });
+}
+
+// Handler of ajax requests to create a new Case in The Hive
+function newCaseHandler(req, resp) {
+ // Parse the request to get connection parameters
+ // (everything is configured in forntend and sent as part of the request,
+ // since I don't know how to configure the backend)
+ var base_url = req.payload['base_url'];
+ var api_key = req.payload['api_key'];
+ var req_body = req.payload['body'];
+
+ // check it's a valid URL with slash at the end
+ if (!base_url) {
+ return {'error': 'Base URL not set'};
+ }
+ if (!base_url.match(/https?:\/\/(([a-z\d.-]+)|((\d{1,3}\.){3}\d{1,3}))(\:\d+)?(\/[-a-z\d%_.~+]*)*\//i)) {
+ //if (!base_url.match(/https?:\/\/.*\//)) {
+ return {'error': 'Invalid base URL (it must begin with "http[s]" and end with "/")'};
+ }
+ if (!api_key) {
+ return {'error': 'API key not set'};
+ }
+
+ return new Promise( function(resolve, reject) {
+ request({
+ method: 'POST',
+ url: base_url + 'api/case',
+ auth: {'bearer': api_key},
+ json: true,
+ body: req_body,
+ //ca: fs.readFileSync(caFile), // TODO resolve the issue with custom CA, where to get its cert?
+ rejectUnauthorized: false,
+ },
+ // handler of the reply from The Hive - just return as reply
+ function (error, response, body) {
+ // TODO: find out how to set response code, for now we always return sucess and encode original status code in the content
+ if (error) {
+ console.error("ERROR when trying to send request to The Hive:", error);
+ resolve({'error': error.message});
+ }
+ else {
+ if (response.statusCode < 200 || response.statusCode >= 300) {
+ console.error("ERROR Unexpected reply received from The Hive:", response.statusCode, response.statusMessage, "\n", body)
+ }
+ resolve({
+ 'status_code': response.statusCode,
+ 'status_msg': response.statusMessage,
+ 'body': body
+ });
+ }
+ } // handler function
+ ); // request()
+ }); // Promise()
+}
+
+// Note:
+// There are two ways to create multiple Observables (artifacts) via The Hive API:
+// 1. post one request with an array of observables in "data" field
+// - this allows to create all in one request, but doesn't allow to set
+// different parameters (IOC, TLP, etc.) to different observables
+// 2. post each observable in a separate request
+// The second way is used here.
+
+// Handler of ajax requests to add Observables to a Case in The Hive
+function addObservablesHandler(req, resp) {
+ // Parse the request to get connection parameters
+ // (everything is configured in forntend and sent as part of the request,
+ // since I don't know how to configure the backend)
+ var base_url = req.payload['base_url'];
+ var api_key = req.payload['api_key'];
+
+ // check it's a valid URL with slash at the end
+ if (!base_url) {
+ return {'error': 'Base URL not set'};
+ }
+ if (!base_url.match(/https?:\/\/(([a-z\d.-]+)|((\d{1,3}\.){3}\d{1,3}))(\:\d+)?(\/[-a-z\d%_.~+]*)*\//i)) {
+ //if (!base_url.match(/https?:\/\/.*\//)) {
+ return {'error': 'Invalid base URL (it must begin with "http[s]" and end with "/")'};
+ }
+ // TODO add "/" to the end automatically
+ if (!api_key) {
+ return {'error': 'API key not set'};
+ }
+
+ const caseid = req.payload['caseid'];
+ const observables = req.payload['observables']; // array of obersvable specifications
+
+ return new Promise( async function(resolve, reject) {
+ // Run one request for each observable
+ // (A way to run multiple async tasks sequentially inspired by:
+ // https://jrsinclair.com/articles/2019/how-to-run-async-js-in-parallel-or-sequential/ )
+ const starterPromise = Promise.resolve(null);
+ await observables.reduce(
+ (p, obs) => p.then(() => addObservable(base_url, api_key, caseid, obs)),
+ starterPromise
+ ).catch((err_msg) => {
+ console.error(err_msg); // log whole message
+ resolve({'error': err_msg.split("\n", 1)[0]}); // send the first line to frontend
+ return;
+ }
+ );
+ resolve({});
+ });
+}
+
+function addObservable(base_url, api_key, caseid, obs) {
+ return new Promise( function(resolve, reject) {
+ //console.log("Adding observable:", obs);
+ request({
+ method: 'POST',
+ url: base_url + 'api/case/' + caseid + "/artifact",
+ auth: {'bearer': api_key},
+ json: true,
+ body: obs,
+ //ca: fs.readFileSync(caFile), // TODO resolve the issue with custom CA, where to get its cert?
+ rejectUnauthorized: false,
+ },
+ // handler of the reply from The Hive - just return as reply
+ function (error, response, body) {
+ if (error) {
+ reject("ERROR when trying to send request to The Hive: " + error);
+ }
+ else if (response.statusCode < 200 || response.statusCode >= 300) {
+ reject("ERROR: Unexpected reply received from The Hive: " + response.statusCode + " " + response.statusMessage + "\n" + JSON.stringify(body));
+ }
+ else {
+ // success - continue with the next observable
+ resolve("OK");
+ resolve({})
+ }
+ } // handler function
+ ); // request()
+ }); //Promise()
+}
+
+
diff --git a/roles/build/files/thehive_button/thehive_button/.eslintrc b/roles/build/files/thehive_button/thehive_button/.eslintrc
new file mode 100644
index 0000000..64eba86
--- /dev/null
+++ b/roles/build/files/thehive_button/thehive_button/.eslintrc
@@ -0,0 +1,7 @@
+---
+extends: "@elastic/kibana"
+
+settings:
+ import/resolver:
+ '@elastic/eslint-import-resolver-kibana':
+ rootPackageName: 'thehive_button'
diff --git a/roles/build/files/thehive_button/thehive_button/.kibana-plugin-helpers.json b/roles/build/files/thehive_button/thehive_button/.kibana-plugin-helpers.json
new file mode 100644
index 0000000..2c63c08
--- /dev/null
+++ b/roles/build/files/thehive_button/thehive_button/.kibana-plugin-helpers.json
@@ -0,0 +1,2 @@
+{
+}
diff --git a/roles/build/files/thehive_button/thehive_button/index.js b/roles/build/files/thehive_button/thehive_button/index.js
new file mode 100644
index 0000000..fa69c75
--- /dev/null
+++ b/roles/build/files/thehive_button/thehive_button/index.js
@@ -0,0 +1,19 @@
+import newCaseRoute from './server/routes/newcase';
+
+export default function (kibana) {
+ return new kibana.Plugin({
+ require: [], //['elasticsearch'],
+ name: 'thehive_button',
+ uiExports: {
+ visTypes: [
+ 'plugins/thehive_button/main',
+ ],
+ },
+
+ init(server, options) { // eslint-disable-line no-unused-vars
+ // Add server routes and initialize the plugin here
+ newCaseRoute(server);
+ }
+ });
+}
+
diff --git a/roles/build/files/thehive_button/thehive_button/package.json b/roles/build/files/thehive_button/thehive_button/package.json
new file mode 100644
index 0000000..e1c070d
--- /dev/null
+++ b/roles/build/files/thehive_button/thehive_button/package.json
@@ -0,0 +1,35 @@
+{
+ "name": "thehive_button",
+ "version": "1.0.0",
+ "description": "Visualisation plugin which creates a simple button to create a new case in The Hive.",
+ "main": "index.js",
+ "kibana": {
+ "version": "7.4.2"
+ },
+ "scripts": {
+ "lint": "eslint .",
+ "start": "plugin-helpers start",
+ "build": "plugin-helpers build"
+ },
+ "dependencies": {
+ "request": "^2.88.0",
+ "@elastic/eui": "10.4.2",
+ "react": "^16.8.0"
+ },
+ "devDependencies": {
+ "@elastic/eslint-config-kibana": "link:../../packages/eslint-config-kibana",
+ "@elastic/eslint-import-resolver-kibana": "link:../../packages/kbn-eslint-import-resolver-kibana",
+ "@kbn/plugin-helpers": "link:../../packages/kbn-plugin-helpers",
+ "babel-eslint": "^9.0.0",
+ "eslint": "^5.6.0",
+ "eslint-plugin-babel": "^5.2.0",
+ "eslint-plugin-import": "^2.14.0",
+ "eslint-plugin-jest": "^21.26.2",
+ "eslint-plugin-jsx-a11y": "^6.1.2",
+ "eslint-plugin-mocha": "^5.2.0",
+ "eslint-plugin-no-unsanitized": "^3.0.2",
+ "eslint-plugin-prefer-object-spread": "^1.2.1",
+ "eslint-plugin-react": "^7.11.1",
+ "expect.js": "^0.3.1"
+ }
+}
diff --git a/roles/build/files/thehive_button/thehive_button/public/create_case.js b/roles/build/files/thehive_button/thehive_button/public/create_case.js
new file mode 100644
index 0000000..fc8edd6
--- /dev/null
+++ b/roles/build/files/thehive_button/thehive_button/public/create_case.js
@@ -0,0 +1,101 @@
+// Functions to send data to Kibana endpoints
+
+import chrome from 'ui/chrome';
+
+// Create a new Case in The Hive via its API
+// Return a Promise which resolves to object with ID of the new case ('id' attr) or error message ('error' attr)
+export function createTheHiveCase(base_url, api_key, title, descr, severity, startDate, owner, flag, tlp, tags) {
+ // Prepare data
+ var data = JSON.stringify({
+ "base_url": base_url,
+ "api_key": api_key,
+ "body": {
+ "title": title,
+ "description": descr,
+ "severity": severity, // number: 1=low, 2=medium, 3=high
+ "startDate": startDate,
+ "owner": owner, // user name the case will be assigned to
+ "flag": flag, // bool
+ "tlp": tlp, // number: 0=white, 1=green, 2=amber, 3=red
+ "tags": tags, // array of strings
+ }
+ });
+ console.log("TheHiveButton: Sending request to API endpoint 'new_case':", data);
+ var kibana_endpoint_url = chrome.addBasePath('/api/thehive_button/new_case');
+
+ return new Promise(function (resolve, reject) {
+ // Create AJAX request
+ var xhr = new XMLHttpRequest();
+
+ // Listener to process reply
+ xhr.onreadystatechange = function () {
+ if (this.readyState != 4) {
+ return; // response not ready yet
+ }
+ if (this.status == 200) {
+ const resp = JSON.parse(this.responseText);
+ console.log("TheHiveButton: Response from backend:", resp);
+ if ("error" in resp) {
+ resolve({"error": resp.error});
+ }
+ else if (resp.status_code != 201) {
+ resolve({"error": "Unexpected reply received from The Hive: [" + resp.status_code + "] " + resp.status_msg});
+ }
+ else {
+ resolve({"id": resp.body.id}); // return ID of the new case
+ }
+ }
+ else {
+ console.log("TheHiveButton: Error " + this.status + ": " + this.statusText);
+ resolve({"error": "Error " + this.status + ": " + this.statusText});
+ }
+ }
+
+ // Send the AJAX request
+ xhr.open("POST", kibana_endpoint_url);
+ xhr.setRequestHeader("Content-Type", "application/json");
+ xhr.setRequestHeader("kbn-xsrf", "thehive_plugin"); // this header must be set, although its content is probably irrelevant
+ xhr.send(data);
+ });
+}
+
+// Add observables to an existing Case in The Hive
+// (send the list of observables to our backend endpoint, it pushes them to The Hive)
+export function addCaseObservables(base_url, api_key, caseid, observables) {
+ const kibana_endpoint_url = chrome.addBasePath('/api/thehive_button/add_observables');
+ const data = JSON.stringify({
+ "base_url": base_url,
+ "api_key": api_key,
+ "caseid": caseid,
+ "observables": observables,
+ });
+ console.log("TheHiveButton: Sending request to API endpoint 'add_observables':", data);
+
+ return new Promise(function (resolve, reject) {
+ // Create AJAX request
+ var xhr = new XMLHttpRequest();
+
+ // Listener to process reply
+ xhr.onreadystatechange = function () {
+ if (this.readyState != 4) {
+ return; // response not ready yet
+ }
+ if (this.status == 200) {
+ const resp = JSON.parse(this.responseText);
+ console.log("TheHiveButton: Response from backend:", resp);
+ resolve(resp);
+ }
+ else {
+ console.log("TheHiveButton: Error " + this.status + ": " + this.statusText);
+ resolve({"error": "Error " + this.status + ": " + this.statusText});
+ }
+ }
+
+ // Send the AJAX request
+ xhr.open("POST", kibana_endpoint_url);
+ xhr.setRequestHeader("Content-Type", "application/json");
+ xhr.setRequestHeader("kbn-xsrf", "thehive_plugin"); // this header must be set, although its content is probably irrelevant
+ xhr.send(data);
+ });
+}
+
diff --git a/roles/build/files/thehive_button/thehive_button/public/env.js b/roles/build/files/thehive_button/thehive_button/public/env.js
new file mode 100644
index 0000000..4321b85
--- /dev/null
+++ b/roles/build/files/thehive_button/thehive_button/public/env.js
@@ -0,0 +1,4 @@
+// Default plugin configuration
+export const THEHIVE_URL = 'https://hive.gn4-3-wp8-soc.sunet.se/';
+export const THEHIVE_API_KEY = '5LymseWiurZBrQN8Kqp8O+9KniTL5cE0';
+export const THEHIVE_OWNER = 'admin'; // default owner account of the created cases
diff --git a/roles/build/files/thehive_button/thehive_button/public/main.js b/roles/build/files/thehive_button/thehive_button/public/main.js
new file mode 100644
index 0000000..ee46d73
--- /dev/null
+++ b/roles/build/files/thehive_button/thehive_button/public/main.js
@@ -0,0 +1,54 @@
+import { THEHIVE_API_KEY, THEHIVE_URL, THEHIVE_OWNER } from './env';
+import { TheHiveButtonVisComponent } from './vis_controller';
+import { theHiveButtonRequestHandlerProvider } from './request_handler';
+import { optionsEditor } from './options_editor';
+
+import { VisFactoryProvider } from 'ui/vis/vis_factory';
+import { VisTypesRegistryProvider } from 'ui/registry/vis_types';
+import { DefaultEditorSize } from 'ui/vis/editor_size';
+
+
+function TheHiveButtonVisProvider(Private) {
+ const VisFactory = Private(VisFactoryProvider);
+
+ //console.log("default URL:", THEHIVE_URL);
+ //console.log("default API key:", THEHIVE_API_KEY);
+
+ return VisFactory.createReactVisualization({
+ name: 'thehive_button',
+ title: 'The Hive Case',
+ icon: 'alert',
+ description: 'A button to create a new Case in The Hive.',
+ //requiresUpdateStatus: [Status.PARAMS, Status.RESIZE, Status.UI_STATE],
+ visConfig: {
+ component: TheHiveButtonVisComponent,
+ defaults: {
+ // add default parameters
+ url: THEHIVE_URL,
+ apikey: THEHIVE_API_KEY,
+ owner: THEHIVE_OWNER,
+ obsFields: [], // list of objects, e.g. {name: "clientip", type: "ip", cnt: 100}
+ }
+ },
+ //editor: 'default',
+ editorConfig: {
+ optionTabs: [
+ {
+ name: "options",
+ title: "Options",
+ editor: optionsEditor,
+ }
+ ],
+ defaultSize: DefaultEditorSize.LARGE,
+ },
+// optionsTemplate: optionsEditor, //optionsTemplate,
+// //enableAutoApply: true,
+// },
+ requestHandler: 'theHiveButtonRequestHandler', // own request handler
+ responseHandler: 'none', // pass data as returned by requestHandler
+ });
+}
+
+// register the provider with the visTypes registry
+VisTypesRegistryProvider.register(TheHiveButtonVisProvider);
+
diff --git a/roles/build/files/thehive_button/thehive_button/public/options_editor.js b/roles/build/files/thehive_button/thehive_button/public/options_editor.js
new file mode 100644
index 0000000..38762bd
--- /dev/null
+++ b/roles/build/files/thehive_button/thehive_button/public/options_editor.js
@@ -0,0 +1,176 @@
+import React from 'react';
+import {
+ EuiForm,
+ EuiFormRow,
+ EuiTitle,
+ EuiSpacer,
+ EuiFieldText,
+ EuiFieldNumber,
+ EuiSelect,
+ EuiFlexGroup,
+ EuiFlexItem,
+ EuiButton,
+ EuiButtonIcon,
+} from '@elastic/eui';
+
+// Default data types in The Hive
+const DEFAULT_THE_HIVE_TYPES = [
+ '',
+ 'autonomous-system',
+ 'domain',
+ 'file',
+ 'filename',
+ 'fqdn',
+ 'hash',
+ 'ip',
+ 'mail',
+ 'mail_subject',
+ 'regexp',
+ 'registry',
+ 'uri_path',
+ 'url',
+ 'user-agent',
+ 'other',
+];
+
+// Options for EuiSelect for selection of field's data type in TheHive
+const typesOptions = DEFAULT_THE_HIVE_TYPES.map( dt => ({value: dt, text: dt}) );
+
+export function optionsEditor(props) {
+ //console.log("editor render(), props:", props);
+ const { stateParams, setValue, setValidity, vis } = props;
+
+ // onClick/onChange handlers
+ const obsAddNew = () => {
+ const newObsFields = [...stateParams.obsFields, {name: "", type: "", cnt: 100}];
+ // For some reason, first click on the button after editor is loaded does
+ // nothing. Calling setValue twice here fixes it.
+ setValue("obsFields", newObsFields);
+ setValue("obsFields", newObsFields);
+// setValidity(false); // since new row is empty, form is always invalid
+ };
+ const obsRemove = (ix) => {
+ let newArray = [...stateParams.obsFields];
+ newArray.splice(ix, 1);
+ setValue("obsFields", newArray);
+// validate();
+ }
+ const obsSetName = (ix, name) => {
+ let newArray = [...stateParams.obsFields];
+ newArray[ix].name = name;
+ setValue("obsFields", newArray);
+// validate();
+ }
+ const obsSetType = (ix, type) => {
+ let newArray = [...stateParams.obsFields];
+ newArray[ix].type = type;
+ setValue("obsFields", newArray);
+// validate();
+ }
+ const obsSetCnt = (ix, cnt) => {
+ let newArray = [...stateParams.obsFields];
+ newArray[ix].cnt = parseInt(cnt);
+ setValue("obsFields", newArray);
+// validate();
+ }
+// const validate = () => {
+// let valid = true;
+// for (let field of stateParams.obsFields) {
+// if (field.name == "" || field.type == "" || field.cnt == "") {
+// valid = false;
+// break;
+// }
+// }
+// // TODO check for duplicate fields
+// setValidity(valid);
+// }
+
+ // Get list of all fields in index (except those beginning with "_" or "@")
+ // and create "options" parameter for EuiSelect.
+ // Also, fields with "aggregatable=false" are removed, as they can't be used
+ // with "terms" aggregation we need.
+ // See this for details: https://www.elastic.co/guide/en/elasticsearch/reference/7.x/fielddata.html
+ // Empty field is added at the beginning, meaning "no selection yet".
+ const fieldOptions = [{value: "", text: ""}].concat(
+ vis.indexPattern.fields.raw.filter( f => (f.name[0] != "_" && f.name[0] != "@" && f.aggregatable) ).map( f => ({value: f.name, text: `${f.name} (${f.type})`}) )
+ );
+
+ return <EuiForm>
+ <EuiFormRow fullWidth={true} label="Base URL of The Hive">
+ <EuiFieldText
+ fullWidth={true}
+ value={stateParams.url}
+ onChange={e => setValue('url', e.target.value)}
+ isInvalid={stateParams.url == ""}
+ />
+ </EuiFormRow>
+ <EuiFlexGroup>
+ <EuiFlexItem grow={1}>
+ <EuiFormRow label="API key to access The Hive" helpText="API key of a user with write permission.">
+ <EuiFieldText
+ fullWidth={true}
+ value={stateParams.apikey}
+ onChange={e => setValue('apikey', e.target.value)}
+ isInvalid={stateParams.apikey == ""}
+ />
+ </EuiFormRow>
+ </EuiFlexItem>
+ <EuiFlexItem grow={1}>
+ <EuiFormRow label="Assignee" helpText="User to assign created cases to. Must be a valid username from The Hive instance.">
+ <EuiFieldText
+ value={stateParams.owner}
+ onChange={e => setValue('owner', e.target.value)}
+ isInvalid={stateParams.owner == ""}
+ />
+ </EuiFormRow>
+ </EuiFlexItem>
+ </EuiFlexGroup>
+ <EuiTitle size="s"><h3>Fields to get potential observables from ...</h3></EuiTitle>
+ <EuiSpacer size="s" />
+ {stateParams.obsFields.map( (field, ix) => (
+ <EuiFlexGroup key={ix} gutterSize="s">
+ <EuiFlexItem grow={3}>
+ <EuiFormRow label="Field name">
+ <EuiSelect
+ options={fieldOptions}
+ value={field.name}
+ onChange={ e => obsSetName(ix, e.target.value) }
+ isInvalid={field.name == ""}
+ />
+ </EuiFormRow>
+ </EuiFlexItem>
+ <EuiFlexItem grow={2}>
+ <EuiFormRow label="Data type in The Hive">
+ <EuiSelect
+ options={typesOptions}
+ value={field.type}
+ onChange={ e => obsSetType(ix, e.target.value) }
+ isInvalid={field.type == ""}
+ />
+ </EuiFormRow>
+ </EuiFlexItem>
+ <EuiFlexItem grow={1}>
+ <EuiFormRow label="Max items shown">
+ <EuiFieldNumber
+ min={1}
+ max={1000}
+ value={parseInt(field.cnt)}
+ onChange={ e => obsSetCnt(ix, e.target.value) }
+ isInvalid={!(field.cnt > 0)}
+ />
+ </EuiFormRow>
+ </EuiFlexItem>
+ <EuiFlexItem grow={false}>
+ <EuiFormRow hasEmptyLabelSpace>
+ <EuiButtonIcon iconType="trash" iconSize="m" color="danger" aria-label="Remove field" onClick={ e => obsRemove(ix) } />
+ </EuiFormRow>
+ </EuiFlexItem>
+ </EuiFlexGroup>
+ ))}
+ <EuiFlexGroup>
+ <EuiFlexItem grow={false}>
+ <EuiButton iconType="plusInCircleFilled" color="primary" onClick={obsAddNew}>Add new field ...</EuiButton>
+ </EuiFlexItem>
+ </EuiFlexGroup>
+ </EuiForm>
+}
diff --git a/roles/build/files/thehive_button/thehive_button/public/options_template.html b/roles/build/files/thehive_button/thehive_button/public/options_template.html
new file mode 100644
index 0000000..ef99657
--- /dev/null
+++ b/roles/build/files/thehive_button/thehive_button/public/options_template.html
@@ -0,0 +1,8 @@
+<div class="form-group">
+ <p><label>Base URL of The Hive</label>
+ <input ng-model="editorState.params.url" class=form-control /></p>
+ <p><label>API key</label>
+ <input ng-model="editorState.params.apikey" class=form-control /></p>
+ <p><label>User name to use as the owner of cases created from here</label>
+ <input ng-model="editorState.params.owner" class=form-control /></p>
+</div>
diff --git a/roles/build/files/thehive_button/thehive_button/public/request_handler.js b/roles/build/files/thehive_button/thehive_button/public/request_handler.js
new file mode 100644
index 0000000..bdbb0f4
--- /dev/null
+++ b/roles/build/files/thehive_button/thehive_button/public/request_handler.js
@@ -0,0 +1,195 @@
+import { CourierRequestHandlerProvider as courierRequestHandlerProvider } from 'ui/vis/request_handlers/courier';
+import { SearchSourceProvider } from 'ui/courier/search_source';
+import { RequestAdapter, DataAdapter } from 'ui/inspector/adapters';
+import { VisRequestHandlersRegistryProvider } from 'ui/registry/vis_request_handlers';
+import { AggConfig } from 'ui/vis/agg_config';
+import { AggConfigs } from 'ui/vis/agg_configs';
+import { getTime } from 'ui/timefilter/get_time';
+import { i18n } from '@kbn/i18n';
+import { has } from 'lodash';
+import { calculateObjectHash } from 'ui/vis/lib/calculate_object_hash';
+import { getRequestInspectorStats, getResponseInspectorStats } from 'ui/courier/utils/courier_inspector_utils';
+import chrome from 'ui/chrome';
+
+// Maximum number of unique values of each field (observables) to fetch
+const MAX_NUMBER_OF_TERMS = 5;
+
+const handleCourierRequest = courierRequestHandlerProvider().handler;
+
+// Register new RaquestHandlerProvider
+const theHiveButtonRequestHandlerProvider = function () {
+ return {
+ name: 'theHiveButtonRequestHandler',
+ handler: theHiveButtonRequestHandler,
+ }
+}
+VisRequestHandlersRegistryProvider.register(theHiveButtonRequestHandlerProvider);
+
+export {theHiveButtonRequestHandlerProvider, theHiveButtonRequestHandler};
+
+
+// The request handler function itself
+async function theHiveButtonRequestHandler(params) {
+ //console.log("theHiveButtonRequestHandler params:", params);
+
+ let index = params.index;
+ let partialRows = params.partialRows;
+ let metricsAtAllLevels = params.metricsAtAllLevels;
+ let timeRange = params.timeRange;
+ let query = params.query;
+ let filters = params.filters;
+ let inspectorAdapters = params.inspectorAdapters;
+ let queryFilter = params.queryFilter;
+ let forceFetch = params.forceFetch;
+ // our own confiuration:
+ // list of fields to get potential observables from
+ // (each "field" is object {name: str, type: str, cnt: int})
+ let obsFields = params.visParams.obsFields;
+
+ // filter out invalid field specifications
+ obsFields = obsFields.filter( f => (f.name != "" && f.type != "" && f.cnt > 0) );
+
+ if (obsFields.length == 0) {
+ //console.log("theHiveButtonRequestHandler: Empty obsFields, nothing to do")
+ return {} // no fields specified, nothing to do
+ }
+
+ // === Prepare request to ask for unique values of all selected fields ===
+
+ // Construct a query for ElasticSearch
+ // Get "terms" (most common unique values) for each field of obsFields
+ const aggs_dsl = {}
+ for (let field of obsFields) {
+ aggs_dsl[field.name] = {
+ terms: {
+ field: field.name,
+ size: field.cnt,
+ order: {_count: "desc"}
+ }
+ };
+ }
+ //console.log("aggs_dsl:", aggs_dsl);
+
+ // Create empty AggConfigs
+ // (We could pass specifications of a metric and the buckets here,
+ // but default processing functions assume multiple buckets are sub-buckets,
+ // which is not what we want. So we must do a "hack" and manually create
+ // query directly in format for ElasticSearch)
+ const aggs = new AggConfigs(params.index, []);
+
+ // === Some magic to get searchSource object ===
+ // (inspired by https://github.com/fbaligand/kibana-enhanced-table/blob/7.4/public/data_load/enhanced-table-request-handler.js)
+ // (I don't understand it, but it works)
+
+ let $injector = await chrome.dangerouslyGetActiveInjector();
+ let Private = $injector.get('Private');
+ let SearchSource = Private(SearchSourceProvider);
+ let searchSource = new SearchSource();
+ searchSource.setField('index', index);
+ searchSource.setField('size', 0);
+
+ inspectorAdapters.requests = new RequestAdapter();
+ inspectorAdapters.data = new DataAdapter();
+
+
+ // === Execute query ===
+ // We could call standard "courier" here, but it tries to convert the response
+ // to a table, which fails in our case, so we copied the main code of courier
+ // and modified it here.
+
+ const abortSignal = false;
+
+ const timeFilterSearchSource = searchSource.createChild({ callParentStartHandlers: true });
+ const requestSearchSource = timeFilterSearchSource.createChild({ callParentStartHandlers: true });
+
+ aggs.setTimeRange(timeRange);
+
+ // For now we need to mirror the history of the passed search source, since
+ // the request inspector wouldn't work otherwise.
+ Object.defineProperty(requestSearchSource, 'history', {
+ get() {
+ return searchSource.history;
+ },
+ set(history) {
+ return searchSource.history = history;
+ }
+ });
+
+ // This has been modified to override DSL format by ours
+// requestSearchSource.setField('aggs', function () {
+// return aggs.toDsl(metricsAtAllLevels);
+// });
+ requestSearchSource.setField('aggs', aggs_dsl);
+
+ requestSearchSource.onRequestStart((searchSource, searchRequest) => {
+ return aggs.onSearchRequestStart(searchSource, searchRequest);
+ });
+
+ if (timeRange) {
+ timeFilterSearchSource.setField('filter', () => {
+ return getTime(searchSource.getField('index'), timeRange);
+ });
+ }
+
+ requestSearchSource.setField('filter', filters);
+ requestSearchSource.setField('query', query);
+
+ const reqBody = await requestSearchSource.getSearchRequestBody();
+
+ const queryHash = calculateObjectHash(reqBody);
+ // We only need to reexecute the query, if forceFetch was true or the hash of the request body has changed
+ // since the last request
+ const shouldQuery = forceFetch || (searchSource.lastQuery !== queryHash);
+
+ if (shouldQuery) {
+ inspectorAdapters.requests.reset();
+ const request = inspectorAdapters.requests.start(
+ i18n.translate('common.ui.vis.courier.inspector.dataRequest.title', { defaultMessage: 'Data' }),
+ {
+ description: i18n.translate('common.ui.vis.courier.inspector.dataRequest.description',
+ { defaultMessage: 'This request queries Elasticsearch to fetch the data for the visualization.' }),
+ }
+ );
+ request.stats(getRequestInspectorStats(requestSearchSource));
+
+ try {
+ // Abort any in-progress requests before fetching again
+ if (abortSignal) {
+ abortSignal.addEventListener('abort', () => requestSearchSource.cancelQueued());
+ }
+
+ const response = await requestSearchSource.fetch();
+ //console.log("raw response:", response);
+
+ searchSource.lastQuery = queryHash;
+
+ request
+ .stats(getResponseInspectorStats(searchSource, response))
+ .ok({ json: response });
+
+ searchSource.rawResponse = response;
+ } catch(e) {
+ // Log any error during request to the inspector
+ request.error({ json: e });
+ throw e;
+ } finally {
+ // Add the request body no matter if things went fine or not
+ requestSearchSource.getSearchRequestBody().then(req => {
+ request.json(req);
+ });
+ }
+ }
+
+ // === Copy of courier code ends here, now we parse the response ===
+
+ const resp = searchSource.rawResponse;
+ // Return as object containing a list of unique values (terms) for each
+ // requested field
+ let unique_values_lists = {}
+ for (let field of obsFields) {
+ unique_values_lists[field.name] = resp.aggregations[field.name].buckets.map( (x) => x.key );
+ }
+
+ //console.log("Final lists:", unique_values_lists);
+ return unique_values_lists;
+}
diff --git a/roles/build/files/thehive_button/thehive_button/public/vis.less b/roles/build/files/thehive_button/thehive_button/public/vis.less
new file mode 100644
index 0000000..b6f887a
--- /dev/null
+++ b/roles/build/files/thehive_button/thehive_button/public/vis.less
@@ -0,0 +1,3 @@
+.myvis-container-div {
+ padding: 1em;
+}
diff --git a/roles/build/files/thehive_button/thehive_button/public/vis_controller.js b/roles/build/files/thehive_button/thehive_button/public/vis_controller.js
new file mode 100644
index 0000000..8b23222
--- /dev/null
+++ b/roles/build/files/thehive_button/thehive_button/public/vis_controller.js
@@ -0,0 +1,555 @@
+//import { Status } from 'ui/vis/update_status';
+import { toastNotifications } from 'ui/notify';
+import { createTheHiveCase, addCaseObservables } from './create_case';
+//import vis_template from './vis_template.html';
+
+import React, { Component } from 'react';
+import {
+ EuiButton,
+ EuiButtonEmpty,
+ EuiModal,
+ EuiModalBody,
+ EuiModalFooter,
+ EuiModalHeader,
+ EuiModalHeaderTitle,
+ EuiOverlayMask,
+ EuiTitle,
+ EuiFlexGroup,
+ EuiFlexItem,
+ EuiSpacer,
+ EuiForm,
+ EuiFormRow,
+ EuiFieldText,
+ EuiTextArea,
+ EuiSuperSelect,
+ EuiBasicTable,
+ EuiCheckbox,
+ makeId,
+} from '@elastic/eui';
+
+
+// ********** React components **********
+
+// Main React component - the root of visualization
+export class TheHiveButtonVisComponent extends Component {
+ render() {
+ //console.log("TheHiveButtonVisComponent.render(), props:", this.props);
+ return (
+ <div>
+ <NewCaseButton params={this.props.vis.params} observables={this.props.visData} />
+ </div>
+ );
+ }
+
+ componentDidMount() {
+ this.props.renderComplete();
+ }
+
+ componentDidUpdate() {
+ this.props.renderComplete();
+ }
+}
+
+// Button to show the pop-up window (modal)
+// Props:
+// .params - visualization parameters (from vis.params)
+// .observables - object with lists of potential observables to add to the Case
+// for each field in params.obsFields there should be a key in this object
+// containing list of observables (this is returned by request_handler)
+class NewCaseButton extends Component {
+
+ constructor(props) {
+ super(props);
+ // Filter out invalid obsField specifications
+ this.obsFields = props.params.obsFields.filter( f => (f.name != "" && f.type != "" && f.cnt > 0) );
+ //console.log("Filtered field specs:", this.obsFields);
+
+ // The complete state is here, so it's kept even when modal is closed
+ this.state = {
+ isModalVisible: false,
+ isWorking: false, // used to show a spinner on submit button
+ ...this.create_initial_state(),
+ }
+
+ this.resetCnt = 0; // used to change Modal component key on each form reset
+
+ // Each handler function in a class (method) must be "binded" this way
+ this.closeModal = this.closeModal.bind(this);
+ this.showModal = this.showModal.bind(this);
+ this.resetForm = this.resetForm.bind(this);
+
+ this.onTitleChange = this.onTitleChange.bind(this);
+ this.onSeverityChange = this.onSeverityChange.bind(this);
+ this.onTLPChange = this.onTLPChange.bind(this);
+ this.onDescriptionChange = this.onDescriptionChange.bind(this);
+
+ this.onObsSelectionChange = this.onObsSelectionChange.bind(this);
+ this.onObsDataChange = this.onObsDataChange.bind(this);
+
+ this.submitCase = this.submitCase.bind(this);
+ }
+
+ create_initial_state() {
+ // create a new instance of initial state definition
+ let initial_state = {
+ // Case parameters
+ title: "",
+ description: "\n\n--\nCreated from Kibana",
+ severity: "2", // medium
+ tlp: "2", // amber
+ tags: [], // TODO (not implemented yet)
+ obsData: {}, // state of observables form fields (obsData->field->index->{descr,tlp,ioc,tags})
+ obsSel: {}, // list of observable selections (obsSel->field->list_of_selected_indices)
+ }
+ // pre-fill state of each observable to defaults
+ const initial_field_data = {descr: "", tlp: 2, ioc: false, tags: []};
+ for (let field of this.obsFields) {
+ const n_obs = this.props.observables[field.name].length;
+ // fill obsData with new copies of initial_field_data
+ initial_state.obsData[field.name] = new Array(n_obs).fill().map((_)=>({...initial_field_data}));
+ // nothing is selected
+ initial_state.obsSel[field.name] = new Array();
+ }
+ return initial_state;
+ }
+
+ componentDidUpdate(prevProps) {
+ // If list of observables was updated or obsFields setting has changed,
+ // reset the component state and precomputed variables.
+ if (this.props.observables != prevProps.observables) {
+ if (this.props.params.obsFields != prevProps.params.obsFields) {
+ // when obsFields change, observables must change as well, so this "if"
+ // can be inside the first one.
+ // Filter out invalid obsField specifications
+ this.obsFields = this.props.params.obsFields.filter( f => (f.name != "" && f.type != "" && f.cnt && f.cnt > 0) );
+ //console.log("Filtered field specs:", this.obsFields);
+ }
+ //console.log("New list of observables, resetting form.");
+ this.resetForm();
+ }
+ }
+
+ resetForm() {
+ this.setState(this.create_initial_state());
+ this.resetCnt += 1; // this changes the key of ModalContent, causing it to be replaced by new DOM elelments (otherwise, not all things are reset properly)
+ this.forceUpdate();
+ }
+
+ closeModal() {
+ this.setState({ isModalVisible: false });
+ }
+
+ showModal() {
+ this.setState({ isModalVisible: true });
+ }
+
+ // Event handlers for change of case parameter
+ onTitleChange(evt) {
+ this.setState({title: evt.target.value});
+ }
+ onSeverityChange(value) {
+ this.setState({severity: value});
+ }
+ onTLPChange(value) {
+ this.setState({tlp: value});
+ }
+ onDescriptionChange(evt) {
+ this.setState({description: evt.target.value});
+ }
+
+ // Event handler for observable (de)selection
+ onObsSelectionChange(fieldName, selectedItems) {
+ // Extract indices from the items and store them into state
+ const selectedIndices = selectedItems.map(item4 => item4.i);
+ this.setState((state, props) => {
+ let newObsSel = {...this.state.obsSel};
+ newObsSel[fieldName] = selectedIndices;
+ return {obsSel: newObsSel};
+ });
+ }
+
+ // Event handler for edit of a form field in observable row
+ // - fieldName: which field (table of observables)
+ // - ix: index of the observable in the field's table
+ // - param: one of: descr,tlp,ioc,tags
+ // - value: new value of the form field
+ onObsDataChange(fieldName, ix, param, value) {
+ this.setState((state, props) => {
+ let newObsData = {...this.state.obsData};
+ newObsData[fieldName][ix][param] = value;
+ return {obsData: newObsData};
+ });
+ }
+
+ // Render function
+ render() {
+ let modal;
+ if (this.state.isModalVisible) {
+ modal = <ModalContent
+ resetCnt={this.resetCnt} // used to change "key" of modalBody, causing all form fields to be re-created (some things are not reset properly by reseting state only)
+ close={this.closeModal}
+ reset={this.resetForm}
+ fields={this.obsFields}
+ observables={this.props.observables}
+ // form state
+ title={this.state.title}
+ description={this.state.description}
+ severity={this.state.severity}
+ tlp={this.state.tlp}
+ tags={this.state.tags}
+ obsData={this.state.obsData}
+ obsSel={this.state.obsSel}
+ spinner={this.state.isWorking}
+ // event handlers
+ onTitleChange={this.onTitleChange}
+ onSeverityChange={this.onSeverityChange}
+ onTLPChange={this.onTLPChange}
+ onDescriptionChange={this.onDescriptionChange}
+ onObsSelectionChange={this.onObsSelectionChange}
+ onObsDataChange={this.onObsDataChange}
+ submitCase={this.submitCase}
+ />;
+ }
+ return (
+ <div>
+ <EuiButton fill iconType="alert" color="danger" onClick={this.showModal}>Create new Case ...</EuiButton>
+ {modal}
+ </div>
+ );
+ }
+
+ // Submit case button handler
+ async submitCase(evt) {
+ const params = this.props.params;
+
+ // Get case parameters
+ const title = this.state.title;
+ const descr = this.state.description;
+ const severity = parseInt(this.state.severity);
+ const start_date = null;
+ const owner = params.owner;
+ const flag = false;
+ const tlp = parseInt(this.state.tlp);
+ const tags = this.state.tags;
+
+ if (!title) {
+ toastNotifications.addDanger("Title can't be empty");
+ return;
+ }
+
+ // Get list of selected observables and their params
+ let observables = [];
+ for (let field of this.obsFields) {
+ let selectionIndices = [...this.state.obsSel[field.name]]; // make a copy
+ selectionIndices.sort();
+ for (let i = 0; i < selectionIndices.length; i++) {
+ const j = selectionIndices[i]; // index of a selected obs. in the list of all observables
+ // fill in observable definition according to model at
+ // https://github.com/TheHive-Project/TheHiveDocs/blob/master/api/artifact.md
+ const obs = {
+ dataType: field.type,
+ data: this.props.observables[field.name][j],
+ message: this.state.obsData[field.name][j].descr,
+ tlp: this.state.obsData[field.name][j].tlp,
+ ioc: this.state.obsData[field.name][j].ioc,
+ tags: this.state.obsData[field.name][j].tags,
+ };
+ observables.push(obs);
+ }
+ }
+
+ //console.log("Selected observables:", observables);
+
+ // Check '/' at the end of base URL, add it if needed
+ let base_url = params.url;
+ if (base_url[base_url.length-1] != "/") {
+ base_url += "/";
+ }
+
+ // Show spinner at submit button
+ this.setState({isWorking: true});
+
+ // Submit request to create the case, handle response
+ let resp;
+ resp = await createTheHiveCase(base_url, params.apikey, title, descr, severity, start_date, owner, flag, tlp, tags);
+
+ if ('error' in resp) {
+ // Error contacting The Hive
+ console.error("TheHiveButton: ERROR when trying to create new case:", resp.error);
+ toastNotifications.addDanger("ERROR: " + resp.error);
+ this.setState({isWorking: false}); // Hide spinner
+ return;
+ }
+
+ console.log("TheHiveButton: Case created:", resp);
+ const case_id = resp.id;
+ const case_url = base_url + "index.html#/case/" + case_id + "/details";
+
+ // Show notification
+ let obs_text;
+ if (observables.length > 0) {
+ obs_text = "Adding " + observables.length + " observables in background ...";
+ }
+ else {
+ obs_text = "(no observables added)";
+ }
+ toastNotifications.add({
+ title: "Case created",
+ color: "success",
+ iconType: "checkInCircleFilled",
+ text: (
+ <div>
+ <p><b><a href={case_url} target="_blank">Edit the new Case</a></b></p>
+ <p>{obs_text}</p>
+ </div>
+ ),
+ });
+
+ // Close the popup window, reset form fields and hide spinner
+ this.closeModal();
+ this.resetForm();
+ this.setState({isWorking: false});
+
+ // Open a new window with the case in The Hive
+ // (adding observables may take some time, so the case is opened first;
+ // The Hive web is dynamic so the observables appear as they are added)
+ window.open(case_url, '_blank');
+
+ if (observables.length == 0)
+ return;
+
+ // Submit request to add observables
+ console.log("TheHiveButton: adding " + observables.length + " observables ...");
+ resp = await addCaseObservables(base_url, params.apikey, case_id, observables);
+
+ if ('error' in resp) {
+ console.error("TheHiveButton: ERROR when trying to add observables: " + resp.error);
+ toastNotifications.addDanger("ERROR when trying to add observables: " + resp.error);
+ }
+ else {
+ console.log("TheHiveButton: Done, observables added.");
+ toastNotifications.add("Done, observables added.");
+ }
+ }
+}
+
+
+// The popup window with a form
+// props:
+// - spinner: when true, disable form and show a spinner over it
+class ModalContent extends Component {
+ constructor(props) {
+ super(props);
+ // No state here, everything is in the parent class (NewCaseButton)
+
+ // "Select" options
+ this.severityOptions = [
+ {value: "1", inputDisplay: "low"},
+ {value: "2", inputDisplay: "medium"},
+ {value: "3", inputDisplay: "high"},
+ ];
+ this.tlpOptions = [
+ {value: "0", inputDisplay: "white"},
+ {value: "1", inputDisplay: "green"},
+ {value: "2", inputDisplay: "amber"},
+ {value: "3", inputDisplay: "red"},
+ ];
+ }
+
+ // Main render function
+ render() {
+ // TODO: replace Modal with Flyout?
+
+ // Note: onClick on EuiOverlayMask causes close of modal when clicked outside,
+ // implementation inspired by PR: https://github.com/elastic/eui/pull/3462/files#diff-c8fda532e48f75c94c343247cbc6b2d3R53-R60
+ return (
+ <EuiOverlayMask onClick={(evt) => {if (evt.target.classList.contains("euiOverlayMask")) this.props.close();} }>
+ <EuiModal onClose={this.props.close} maxWidth={false} initialFocus="[name=title]">
+ <EuiModalHeader>
+ <EuiModalHeaderTitle>Create a new case in The Hive</EuiModalHeaderTitle>
+ </EuiModalHeader>
+
+ <EuiModalBody key={this.props.resetCnt}>
+ <EuiForm style={{width: "800px"}}>
+ <EuiFlexGroup>
+ <EuiFlexItem grow={1}>
+ <EuiFormRow label="Title" fullWidth>
+ <EuiFieldText name="title" value={this.props.title} onChange={this.props.onTitleChange} required={true} fullWidth />
+ </EuiFormRow>
+ </EuiFlexItem>
+ <EuiFlexItem grow={false}>
+ <EuiFormRow label="Severity">
+ <EuiSuperSelect
+ options={this.severityOptions}
+ valueOfSelected={this.props.severity}
+ onChange={this.props.onSeverityChange}
+ />
+ </EuiFormRow>
+ </EuiFlexItem>
+ <EuiFlexItem grow={false}>
+ <EuiFormRow label="TLP">
+ <EuiSuperSelect
+ prepend="TLP"
+ options={this.tlpOptions}
+ valueOfSelected={this.props.tlp}
+ onChange={this.props.onTLPChange}
+ />
+ </EuiFormRow>
+ </EuiFlexItem>
+ </EuiFlexGroup>
+ <EuiFormRow label="Description" fullWidth>
+ <EuiTextArea
+ defaultValue={this.props.description}
+ onChange={this.props.onDescriptionChange}
+ rows={4}
+ fullWidth
+ />
+ </EuiFormRow>
+
+ {this.props.fields.length > 0 && <EuiTitle size="s"><h3>Add observables from current query ...</h3></EuiTitle>}
+ {this.props.fields.map((field,ix) => (
+ <ObservablesTable
+ key={field.name + ":" + this.props.resetCnt}
+ fieldName={field.name}
+ observables={this.props.observables[field.name]}
+ obsData={this.props.obsData[field.name]}
+ obsSel={this.props.obsSel[field.name]}
+ onObsSelectionChange={this.props.onObsSelectionChange}
+ onObsDataChange={this.props.onObsDataChange}
+ />
+ ))}
+ </EuiForm>
+ </EuiModalBody>
+
+ <EuiModalFooter>
+ <EuiButtonEmpty onClick={this.props.close}>Close</EuiButtonEmpty>
+ <EuiButtonEmpty onClick={this.props.reset}>Reset</EuiButtonEmpty>
+ <EuiButton onClick={this.props.submitCase} fill isLoading={this.props.spinner}>Create Case</EuiButton>
+ </EuiModalFooter>
+ </EuiModal>
+ </EuiOverlayMask>
+ );
+ }
+}
+
+// Table of potential observables taken from a given field, allowing to select
+// which observables to send to The Hive.
+// Props:
+// fieldName - name of the field this table is for
+// observables - list of observable IDs of this field
+// obsData - array of objects specifying state of form fields in the table (.descr, .tlp, ...)
+// obsSel - array of indices of selected observables
+class ObservablesTable extends Component {
+
+ constructor(props) {
+ super(props);
+
+ // Table columns definition
+ this.columns = [
+ {
+ field: "id",
+ name: "Observable",
+ },
+ {
+ field: "descr",
+ name: "Description",
+ description: "Description of the observable in the context of the case",
+ render: (value, item1) => (<EuiFieldText
+ value={item1.descr}
+ onChange={(e) => this.props.onObsDataChange(props.fieldName, item1.i, "descr", e.target.value)}
+ disabled={!item1.selected}
+ />)
+ },
+ /*{
+ field: "tlp",
+ name: "TLP",
+ dataType: "number",
+ // TODO render and process changes
+ },*/
+ {
+ field: "ioc",
+ name: "Is IOC",
+ dataType: "boolean",
+ description: "Indicates if the observable is an IOC",
+ render: (value, item2) => (<EuiCheckbox
+ id={"ioc-checkbox-"+item2.id}
+ checked={item2.ioc}
+ onChange={(e) => this.props.onObsDataChange(props.fieldName, item2.i, "ioc", e.target.checked)}
+ disabled={!item2.selected}
+ />)
+ },
+ /*{
+ field: "tags",
+ name: "Tags",
+ // TODO render and process changes
+ },*/
+ ]
+
+ // Create a reference to EuiBasicTable, so it's node can be accessed in componentDidMount
+ this.tableRef = React.createRef();
+ }
+
+ render() {
+ // Table data definition (convert props to format suitable for EuiBasicTable)
+ const n_obs = this.props.observables.length;
+ this.table_data = new Array(n_obs);
+ for (let i = 0; i < n_obs; i++) {
+ this.table_data[i] = {
+ id: this.props.observables[i],
+ descr: this.props.obsData[i].descr,
+ tlp: this.props.obsData[i].tlp,
+ ioc: this.props.obsData[i].ioc,
+ tags: this.props.obsData[i].tags,
+ // auxiliary fields, not shown in table:
+ i: i, // row index
+ selected: this.props.obsSel.includes(i),
+ };
+ }
+
+ return (
+ <>
+ <EuiTitle size="xs"><h4>{this.props.fieldName}</h4></EuiTitle>
+ <EuiBasicTable
+ ref={this.tableRef}
+ columns={this.columns}
+ items={this.table_data}
+ itemId={(item3) => item3.id}
+ selection={ {onSelectionChange: (selectedItems) => this.props.onObsSelectionChange(this.props.fieldName, selectedItems) } }
+ noItemsMessage="No observables found"
+ rowProps={{
+ // Hack to allow selection by clicking anywhere in the table row
+ // (except input elements)
+ onClick: (e) => {
+ if (e.target.tagName != "INPUT") {
+ // simulate click on the first checkbox in the row to (de)select the row
+ e.currentTarget.querySelector("input").click();
+ e.currentTarget.blur(); // without this the focus remains on the row after click (results in different color)
+ }
+ },
+ tabIndex: "-1", // prevents focus on row by keyboard navigation
+ }}
+ />
+ <EuiSpacer size="l" />
+ </>
+ )
+ }
+
+ componentDidMount() {
+ // There's no way to specify initially selected items in EuiBasicTable by
+ // props, but we may need to select some (in case a user selects some obs.,
+ // closes the modal and opens it again).
+ // However, the selection is stored as a 'selection' field of table's state,
+ // so here we directly edit the state just after the table is created.
+
+ // Prepare the 'selection' array - it should contain a list of selected row specifications
+ let selection = [];
+ for (let ix of this.props.obsSel) {
+ selection.push(this.table_data[ix]);
+ }
+
+ // Get ref to EuiBasicTable element and update its state
+ const table_node = this.tableRef.current;
+ table_node.setState({selection: selection});
+ }
+}
+
diff --git a/roles/build/files/thehive_button/thehive_button/server/routes/newcase.js b/roles/build/files/thehive_button/thehive_button/server/routes/newcase.js
new file mode 100644
index 0000000..175dee8
--- /dev/null
+++ b/roles/build/files/thehive_button/thehive_button/server/routes/newcase.js
@@ -0,0 +1,153 @@
+const request = require('request');
+//const fs = require('fs');
+//const path = require('path');
+
+//const caFile = path.resolve(__dirname, '../../ca.cert.pem'); // TODO resolve where the CA file should be located / configured
+
+export default function (server) {
+ server.route({
+ path: '/api/thehive_button/new_case',
+ method: 'POST',
+ handler: newCaseHandler,
+ });
+ server.route({
+ path: '/api/thehive_button/add_observables',
+ method: 'POST',
+ handler: addObservablesHandler,
+ });
+}
+
+// Handler of ajax requests to create a new Case in The Hive
+function newCaseHandler(req, resp) {
+ // Parse the request to get connection parameters
+ // (everything is configured in forntend and sent as part of the request,
+ // since I don't know how to configure the backend)
+ var base_url = req.payload['base_url'];
+ var api_key = req.payload['api_key'];
+ var req_body = req.payload['body'];
+
+ // check it's a valid URL with slash at the end
+ if (!base_url) {
+ return {'error': 'Base URL not set'};
+ }
+ if (!base_url.match(/https?:\/\/(([a-z\d.-]+)|((\d{1,3}\.){3}\d{1,3}))(\:\d+)?(\/[-a-z\d%_.~+]*)*\//i)) {
+ //if (!base_url.match(/https?:\/\/.*\//)) {
+ return {'error': 'Invalid base URL (it must begin with "http[s]" and end with "/")'};
+ }
+ if (!api_key) {
+ return {'error': 'API key not set'};
+ }
+
+ return new Promise( function(resolve, reject) {
+ request({
+ method: 'POST',
+ url: base_url + 'api/case',
+ auth: {'bearer': api_key},
+ json: true,
+ body: req_body,
+ //ca: fs.readFileSync(caFile), // TODO resolve the issue with custom CA, where to get its cert?
+ rejectUnauthorized: false,
+ },
+ // handler of the reply from The Hive - just return as reply
+ function (error, response, body) {
+ // TODO: find out how to set response code, for now we always return sucess and encode original status code in the content
+ if (error) {
+ console.error("ERROR when trying to send request to The Hive:", error);
+ resolve({'error': error.message});
+ }
+ else {
+ if (response.statusCode < 200 || response.statusCode >= 300) {
+ console.error("ERROR Unexpected reply received from The Hive:", response.statusCode, response.statusMessage, "\n", body)
+ }
+ resolve({
+ 'status_code': response.statusCode,
+ 'status_msg': response.statusMessage,
+ 'body': body
+ });
+ }
+ } // handler function
+ ); // request()
+ }); // Promise()
+}
+
+// Note:
+// There are two ways to create multiple Observables (artifacts) via The Hive API:
+// 1. post one request with an array of observables in "data" field
+// - this allows to create all in one request, but doesn't allow to set
+// different parameters (IOC, TLP, etc.) to different observables
+// 2. post each observable in a separate request
+// The second way is used here.
+
+// Handler of ajax requests to add Observables to a Case in The Hive
+function addObservablesHandler(req, resp) {
+ // Parse the request to get connection parameters
+ // (everything is configured in forntend and sent as part of the request,
+ // since I don't know how to configure the backend)
+ var base_url = req.payload['base_url'];
+ var api_key = req.payload['api_key'];
+
+ // check it's a valid URL with slash at the end
+ if (!base_url) {
+ return {'error': 'Base URL not set'};
+ }
+ if (!base_url.match(/https?:\/\/(([a-z\d.-]+)|((\d{1,3}\.){3}\d{1,3}))(\:\d+)?(\/[-a-z\d%_.~+]*)*\//i)) {
+ //if (!base_url.match(/https?:\/\/.*\//)) {
+ return {'error': 'Invalid base URL (it must begin with "http[s]" and end with "/")'};
+ }
+ // TODO add "/" to the end automatically
+ if (!api_key) {
+ return {'error': 'API key not set'};
+ }
+
+ const caseid = req.payload['caseid'];
+ const observables = req.payload['observables']; // array of obersvable specifications
+
+ return new Promise( async function(resolve, reject) {
+ // Run one request for each observable
+ // (A way to run multiple async tasks sequentially inspired by:
+ // https://jrsinclair.com/articles/2019/how-to-run-async-js-in-parallel-or-sequential/ )
+ const starterPromise = Promise.resolve(null);
+ await observables.reduce(
+ (p, obs) => p.then(() => addObservable(base_url, api_key, caseid, obs)),
+ starterPromise
+ ).catch((err_msg) => {
+ console.error(err_msg); // log whole message
+ resolve({'error': err_msg.split("\n", 1)[0]}); // send the first line to frontend
+ return;
+ }
+ );
+ resolve({});
+ });
+}
+
+function addObservable(base_url, api_key, caseid, obs) {
+ return new Promise( function(resolve, reject) {
+ //console.log("Adding observable:", obs);
+ request({
+ method: 'POST',
+ url: base_url + 'api/case/' + caseid + "/artifact",
+ auth: {'bearer': api_key},
+ json: true,
+ body: obs,
+ //ca: fs.readFileSync(caFile), // TODO resolve the issue with custom CA, where to get its cert?
+ rejectUnauthorized: false,
+ },
+ // handler of the reply from The Hive - just return as reply
+ function (error, response, body) {
+ if (error) {
+ reject("ERROR when trying to send request to The Hive: " + error);
+ }
+ else if (response.statusCode < 200 || response.statusCode >= 300) {
+ reject("ERROR: Unexpected reply received from The Hive: " + response.statusCode + " " + response.statusMessage + "\n" + JSON.stringify(body));
+ }
+ else {
+ // success - continue with the next observable
+ resolve("OK");
+ resolve({})
+ }
+ } // handler function
+ ); // request()
+ }); //Promise()
+}
+
+
diff --git a/roles/build/files/zookeeperDockerfile b/roles/build/files/zookeeperDockerfile
new file mode 100644
index 0000000..33ea38a
--- /dev/null
+++ b/roles/build/files/zookeeperDockerfile
@@ -0,0 +1,34 @@
+FROM gn43-dsl/openjdk:7a20201004
+#LABEL maintainer="Apache NiFi <dev@nifi.apache.org>"
+#LABEL site="https://nifi.apache.org"
+
+#ARG UID=1000
+#ARG GID=1000
+ARG ZOOKEEPER_VERSION=3.5.5
+ARG BASE_URL=https://archive.apache.org/dist
+ARG MIRROR_BASE_URL=${MIRROR_BASE_URL:-${BASE_URL}}
+ARG ZOOKEEPER_BINARY_PATH=${ZOOKEEPER_BINARY_PATH:-/zookeeper/zookeeper-${ZOOKEEPER_VERSION}/apache-zookeeper-${ZOOKEEPER_VERSION}-bin.tar.gz}
+
+ENV ZOOKEEPER_BASE_DIR=/opt
+
+#ENV ZOOKEEPER_PID_DIR=${ZOOKEEPER_HOME}/run
+#ENV ZOOKEEPER_LOG_DIR=${ZOOKEEPER_HOME}/logs
+
+# USER nifi
+
+# Download, validate, and expand Apache NiFi binary.
+RUN curl -fSL ${MIRROR_BASE_URL}/${ZOOKEEPER_BINARY_PATH} -o ${ZOOKEEPER_BASE_DIR}/apache-zookeeper-${ZOOKEEPER_VERSION}-bin.tar.gz \
+# && echo "$(curl ${BASE_URL}/${ZOOKEEPER_BINARY_PATH}.sha512) *${ZOOKEEPER_BASE_DIR}/apache-zookeeper-${ZOOKEEPER_VERSION}-bin.tar.gz" | sha256sum -c - \
+ && tar -xzf ${ZOOKEEPER_BASE_DIR}/apache-zookeeper-${ZOOKEEPER_VERSION}-bin.tar.gz -C ${ZOOKEEPER_BASE_DIR} \
+ && mv ${ZOOKEEPER_BASE_DIR}/apache-zookeeper-${ZOOKEEPER_VERSION}-bin ${ZOOKEEPER_BASE_DIR}/zookeeper \
+ && rm ${ZOOKEEPER_BASE_DIR}/apache-zookeeper-${ZOOKEEPER_VERSION}-bin.tar.gz \
+ && cp ${ZOOKEEPER_BASE_DIR}/zookeeper/conf/zoo_sample.cfg ${ZOOKEEPER_BASE_DIR}/zookeeper/conf/zoo.cfg
+
+# Web HTTP(s) & Socket Site-to-Site Ports
+EXPOSE 2181 2888 3888
+
+WORKDIR ${ZOOKEEPER_BASE_DIR}/zookeeper
+
+ENTRYPOINT ["/opt/zookeeper/bin/zkServer.sh"]
+CMD ["start-foreground"]
+
diff --git a/roles/build/tasks/cassandra.yml b/roles/build/tasks/cassandra.yml
new file mode 100644
index 0000000..1c0a2c6
--- /dev/null
+++ b/roles/build/tasks/cassandra.yml
@@ -0,0 +1,11 @@
+---
+
+- name: Configure the cassandra Dockerfile
+ template:
+ src: cassandra/Dockerfile.j2
+ dest: "{{role_path}}/files/cassandraDockerfile"
+
+- name: Build cassandra image
+ command: docker build -t {{repo}}/cassandra:{{version}}{{suffix}} -f {{role_path}}/files/cassandraDockerfile {{role_path}}/files
+
+
diff --git a/roles/build/tasks/cortex.yml b/roles/build/tasks/cortex.yml
new file mode 100644
index 0000000..9a5adbe
--- /dev/null
+++ b/roles/build/tasks/cortex.yml
@@ -0,0 +1,11 @@
+---
+
+- name: Configure the Cortex Dockerfile
+ template:
+ src: cortex/Dockerfile.j2
+ dest: "{{role_path}}/files/cortexDockerfile"
+
+- name: Build the Cortex image
+ command: docker build -t {{repo}}/cortex:{{version}}{{suffix}} -f {{role_path}}/files/cortexDockerfile {{role_path}}/files
+
+
diff --git a/roles/build/tasks/haproxy.yml b/roles/build/tasks/haproxy.yml
new file mode 100644
index 0000000..9cb45f8
--- /dev/null
+++ b/roles/build/tasks/haproxy.yml
@@ -0,0 +1,10 @@
+---
+
+- name: Configure the haproxy Dockerfile
+ template:
+ src: haproxy/Dockerfile.j2
+ dest: "{{role_path}}/files/haproxyDockerfile"
+
+- name: Build haproxy image
+ command: docker build -t {{repo}}/haproxy:{{version}}{{suffix}} -f {{role_path}}/files/haproxyDockerfile {{role_path}}/files
+
diff --git a/roles/build/tasks/keycloak.yml b/roles/build/tasks/keycloak.yml
new file mode 100644
index 0000000..f7a7c2b
--- /dev/null
+++ b/roles/build/tasks/keycloak.yml
@@ -0,0 +1,18 @@
+---
+
+- name: Configure the keycloak Dockerfile
+ template:
+ src: keycloak/Dockerfile.j2
+ dest: "{{role_path}}/files/keycloakDockerfile"
+
+- name: Copy tools to build path
+ command: "cp -av {{role_path}}/templates/keycloak/keycloak-tools/ {{role_path}}/files/keycloak-tools/"
+
+- name: Build keycloak image
+ command: docker build -t {{repo}}/keycloak:{{version}}{{suffix}} -f {{role_path}}/files/keycloakDockerfile {{role_path}}/files
+
+- name: Remove tools from build path
+ file:
+ path: "{{role_path}}/files/keycloak-tools/"
+ state: absent
+
diff --git a/roles/build/tasks/misp.yml b/roles/build/tasks/misp.yml
new file mode 100644
index 0000000..d52c39c
--- /dev/null
+++ b/roles/build/tasks/misp.yml
@@ -0,0 +1,20 @@
+---
+
+- name: Configure the misp Dockerfile
+ template:
+ src: misp/Dockerfile.j2
+ dest: "{{role_path}}/files/mispDockerfile"
+
+- name: Configure the misp supervisor
+ template:
+ src: misp/supervisord.conf.j2
+ dest: "{{role_path}}/files/mispsupervisord.conf"
+
+- name: Configure the misp worker startscript
+ template:
+ src: misp/start.sh.j2
+ dest: "{{role_path}}/files/mispstart.sh"
+
+- name: Build misp image
+ command: docker build -t {{repo}}/misp:{{version}}{{suffix}} -f {{role_path}}/files/mispDockerfile {{role_path}}/files
+
diff --git a/roles/build/tasks/mysql.yml b/roles/build/tasks/mysql.yml
new file mode 100644
index 0000000..a028190
--- /dev/null
+++ b/roles/build/tasks/mysql.yml
@@ -0,0 +1,15 @@
+---
+
+- name: Configure the mysql Dockerfile
+ template:
+ src: mysql/Dockerfile.j2
+ dest: "{{role_path}}/files/mysqlDockerfile"
+
+- name: Configure the mysql supervisor
+ template:
+ src: mysql/supervisord.conf.j2
+ dest: "{{role_path}}/files/mysqlsupervisord.conf"
+
+- name: Build mysql image
+ command: docker build -t {{repo}}/mysql:{{version}}{{suffix}} -f {{role_path}}/files/mysqlDockerfile {{role_path}}/files
+
diff --git a/roles/build/tasks/nifi.yml b/roles/build/tasks/nifi.yml
new file mode 100644
index 0000000..423978d
--- /dev/null
+++ b/roles/build/tasks/nifi.yml
@@ -0,0 +1,11 @@
+---
+
+- name: Configure the nifi Dockerfile
+ template:
+ src: nifi/Dockerfile.j2
+ dest: "{{role_path}}/files/nifiDockerfile"
+
+- name: Build nifi image
+ command: docker build -t {{repo}}/nifi:{{version}}{{suffix}} -f {{role_path}}/files/nifiDockerfile {{role_path}}/files
+
+
diff --git a/roles/build/tasks/odfees.yml b/roles/build/tasks/odfees.yml
new file mode 100644
index 0000000..5741223
--- /dev/null
+++ b/roles/build/tasks/odfees.yml
@@ -0,0 +1,18 @@
+---
+
+- name: Configure elasticsearch Dockerfile
+ template:
+ src: odfees/Dockerfile-elastic.j2
+ dest: "{{role_path}}/files/elasticDockerfile"
+
+- name: Build elasticsearch image
+ command: docker build -t {{repo}}/elasticsearch:{{version}}{{suffix}} -f {{role_path}}/files/elasticDockerfile {{role_path}}/files
+
+- name: Configure odfe elasticsearch Dockerfile
+ template:
+ src: odfees/Dockerfile-odfeelastic.j2
+ dest: "{{role_path}}/files/odfeesDockerfile"
+
+- name: Build odfe elasticsearch image
+ command: docker build -t {{repo}}/odfees:{{version}}{{suffix}} -f {{role_path}}/files/odfeesDockerfile {{role_path}}/files
+
diff --git a/roles/build/tasks/odfekibana.yml b/roles/build/tasks/odfekibana.yml
new file mode 100644
index 0000000..8e1980a
--- /dev/null
+++ b/roles/build/tasks/odfekibana.yml
@@ -0,0 +1,22 @@
+---
+
+- name: Configure kibana Dockerfile
+ template:
+ src: odfekibana/Dockerfile-kibana.j2
+ dest: "{{role_path}}/files/kibanaDockerfile"
+
+- name: Copy tools to build path
+ command: "cp -av {{role_path}}/templates/odfekibana/thehive_button/ {{role_path}}/files/thehive_button/"
+
+- name: Build kibana image
+ command: docker build -t {{repo}}/kibana:{{version}}{{suffix}} -f {{role_path}}/files/kibanaDockerfile {{role_path}}/files
+
+- name: Configure odfe kibana Dockerfile
+ template:
+ src: odfekibana/Dockerfile-odfekibana.j2
+ dest: "{{role_path}}/files/odfekibanaDockerfile"
+
+- name: Build odfe kibana image
+ command: docker build -t {{repo}}/odfekibana:{{version}}{{suffix}} -f {{role_path}}/files/odfekibanaDockerfile {{role_path}}/files
+
+
diff --git a/roles/build/tasks/openjdk.yml b/roles/build/tasks/openjdk.yml
new file mode 100644
index 0000000..8754ac7
--- /dev/null
+++ b/roles/build/tasks/openjdk.yml
@@ -0,0 +1,11 @@
+---
+
+- name: Configure the openjdk Dockerfile
+ template:
+ src: openjdk/Dockerfile.j2
+ dest: "{{role_path}}/files/openjdkDockerfile"
+
+- name: Build openjdk image
+ command: docker build -t {{repo}}/openjdk:{{version}}{{suffix}} -f {{role_path}}/files/openjdkDockerfile {{role_path}}/files
+
+
diff --git a/roles/build/tasks/thehive.yml b/roles/build/tasks/thehive.yml
new file mode 100644
index 0000000..35fe08e
--- /dev/null
+++ b/roles/build/tasks/thehive.yml
@@ -0,0 +1,11 @@
+---
+
+- name: Configure theHive Dockerfile
+ template:
+ src: thehive/Dockerfile.j2
+ dest: "{{role_path}}/files/thehiveDockerfile"
+
+- name: Build theHive image
+ command: docker build -t {{repo}}/thehive:{{version}}{{suffix}} -f {{role_path}}/files/thehiveDockerfile {{role_path}}/files
+
+
diff --git a/roles/build/tasks/zookeeper.yml b/roles/build/tasks/zookeeper.yml
new file mode 100644
index 0000000..a61a6b3
--- /dev/null
+++ b/roles/build/tasks/zookeeper.yml
@@ -0,0 +1,11 @@
+---
+
+- name: Configure the zookeeper Dockerfile
+ template:
+ src: zookeeper/Dockerfile.j2
+ dest: "{{role_path}}/files/zookeeperDockerfile"
+
+- name: Build zookeeper image
+ command: docker build -t {{repo}}/zookeeper:{{version}}{{suffix}} -f {{role_path}}/files/zookeeperDockerfile {{role_path}}/files
+
+
diff --git a/roles/build/templates/cassandra/cassandra.repo.j2 b/roles/build/templates/cassandra/cassandra.repo.j2
new file mode 100644
index 0000000..8fdb78c
--- /dev/null
+++ b/roles/build/templates/cassandra/cassandra.repo.j2
@@ -0,0 +1,6 @@
+[cassandra]
+name=Apache Cassandra
+baseurl=https://downloads.apache.org/cassandra/redhat/311x/
+gpgcheck=1
+repo_gpgcheck=1
+gpgkey=https://downloads.apache.org/cassandra/KEYS
diff --git a/roles/build/templates/cassandra/start.sh.j2 b/roles/build/templates/cassandra/start.sh.j2
new file mode 100644
index 0000000..fa91e92
--- /dev/null
+++ b/roles/build/templates/cassandra/start.sh.j2
@@ -0,0 +1,10 @@
+#!/bin/bash
+export CASSANDRA_HOME=/usr/share/cassandra
+export CASSANDRA_CONF=$CASSANDRA_HOME/conf
+export CASSANDRA_INCLUDE=$CASSANDRA_HOME/cassandra.in.sh
+log_file=/var/log/cassandra/cassandra.log
+pid_file=/var/run/cassandra/cassandra.pid
+lock_file=/var/lock/subsys/cassandra
+CASSANDRA_PROG=/usr/sbin/cassandra
+
+$CASSANDRA_PROG -p $pid_file > $log_file 2>&1
diff --git a/roles/build/templates/cassandra/supervisord.conf.j2 b/roles/build/templates/cassandra/supervisord.conf.j2
new file mode 100644
index 0000000..d1f405e
--- /dev/null
+++ b/roles/build/templates/cassandra/supervisord.conf.j2
@@ -0,0 +1,10 @@
+[supervisord]
+loglevel=debug
+nodaemon=true
+[program:cassandra]
+user=cassandra
+directory=/usr/share/cassandra
+stdout_logfile=/var/log/cassandra/cassandra.log
+redirect_stderr=true
+environment=CASSANDRA_HOME="/usr/share/cassandra",CASSANDRA_CONF="/usr/share/cassandra/conf",CASSANDRA_INCLUDE="$CASSANDRA_HOME/cassandra.in.sh"
+command=/usr/sbin/cassandra -p /var/run/cassandra/cassandra.pid
diff --git a/roles/build/templates/misp/supervisord.conf.j2 b/roles/build/templates/misp/supervisord.conf.j2
new file mode 100644
index 0000000..fbd4dea
--- /dev/null
+++ b/roles/build/templates/misp/supervisord.conf.j2
@@ -0,0 +1,25 @@
+[supervisord]
+nodaemon=false
+user=root
+
+[program:php-fpm]
+# EnvironmentFile=/etc/opt/rh/rh-php72/sysconfig/php-fpm
+command=/opt/rh/rh-php72/root/usr/sbin/php-fpm --nodaemonize
+
+[program:redis-server]
+process_name = redis-server
+directory = /var/opt/rh/rh-redis32/lib/redis/
+command=/opt/rh/rh-redis32/root/usr/bin/redis-server /etc/opt/rh/rh-redis32/redis.conf
+user=redis
+
+[program:apache2]
+command=/usr/sbin/httpd -DFOREGROUND
+
+[program:misp-modules]
+command=/bin/bash -c "/usr/local/bin/misp-modules -l '0.0.0.0' -s"
+user = apache
+startsecs = 0
+
+[program:workers]
+command=/bin/bash /var/www/MISP/app/Console/worker/start.sh
+user=apache
diff --git a/roles/build/templates/mysql/supervisord.conf.j2 b/roles/build/templates/mysql/supervisord.conf.j2
new file mode 100644
index 0000000..e44e9fe
--- /dev/null
+++ b/roles/build/templates/mysql/supervisord.conf.j2
@@ -0,0 +1,7 @@
+[supervisord]
+loglevel=debug
+nodaemon=true
+[program:mysql]
+user=mysql
+directory=/var/lib/mysql
+command=/opt/rh/rh-mariadb103/root/usr/libexec/mysqld-scl-helper enable rh-mariadb103 -- /opt/rh/rh-mariadb103/root/usr/libexec/mysqld --basedir=/opt/rh/rh-mariadb103/root/usr
diff --git a/roles/build/templates/odfees/Dockerfile-elastic.j2 b/roles/build/templates/odfees/Dockerfile-elastic.j2
new file mode 100644
index 0000000..dd2ad12
--- /dev/null
+++ b/roles/build/templates/odfees/Dockerfile-elastic.j2
@@ -0,0 +1,21 @@
+FROM {{repo}}/openjdk:{{version}}{{suffix}}
+
+ENV PATH="/usr/share/elasticsearch/bin:${PATH}"
+
+RUN groupadd -g 1000 elasticsearch && \
+ adduser -u 1000 -g 1000 -d /usr/share/elasticsearch elasticsearch
+
+WORKDIR /usr/share/elasticsearch
+
+RUN rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch && \
+ rpm -Uvh https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-{{elk_version}}-no-jdk-x86_64.rpm && \
+ cp -a /etc/elasticsearch/ /usr/share/elasticsearch/config/ && \
+ chown -R elasticsearch /usr/share/elasticsearch/config && \
+ mkdir -p /usr/share/elasticsearch/data && \
+ chown -R elasticsearch /usr/share/elasticsearch/data && \
+ sed -i -e 's,ES_PATH_CONF=/etc/elasticsearch,ES_PATH_CONF=/usr/share/elasticsearch/config,g' /etc/sysconfig/elasticsearch
+
+EXPOSE 9200 9300
+USER elasticsearch
+ENTRYPOINT ["/bin/bash"]
+
diff --git a/roles/build/templates/odfees/Dockerfile-odfeelastic.j2 b/roles/build/templates/odfees/Dockerfile-odfeelastic.j2
new file mode 100644
index 0000000..0803d0b
--- /dev/null
+++ b/roles/build/templates/odfees/Dockerfile-odfeelastic.j2
@@ -0,0 +1,16 @@
+FROM {{repo}}/elasticsearch:{{version}}{{suffix}}
+
+ENV PATH="/usr/share/elasticsearch/bin:${PATH}"
+
+USER root
+WORKDIR /usr/share/elasticsearch
+
+RUN for PLUGIN in \
+ https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins/opendistro-security/opendistro_security-{{odfeplugin_version}}.zip \
+ https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins/opendistro-alerting/opendistro_alerting-{{odfeplugin_version}}.zip \
+ https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins/opendistro-sql/opendistro_sql-{{odfeplugin_version}}.zip; \
+ do bin/elasticsearch-plugin install -b ${PLUGIN}; done && \
+ chown -R elasticsearch plugins/opendistro_security
+
+USER elasticsearch
+
diff --git a/roles/build/templates/odfekibana/Dockerfile-odfekibana.j2 b/roles/build/templates/odfekibana/Dockerfile-odfekibana.j2
new file mode 100644
index 0000000..ee69568
--- /dev/null
+++ b/roles/build/templates/odfekibana/Dockerfile-odfekibana.j2
@@ -0,0 +1,18 @@
+FROM {{repo}}/kibana:{{version}}{{suffix}}
+
+ENV PATH="/usr/share/kibana/bin:${PATH}"
+
+USER root
+WORKDIR /usr/share/kibana
+
+RUN for PLUGIN in \
+ https://d3g5vo6xdbdb9a.cloudfront.net/downloads/kibana-plugins/opendistro-security/opendistro_security_kibana_plugin-{{odfeplugin_version}}.zip \
+ https://d3g5vo6xdbdb9a.cloudfront.net/downloads/kibana-plugins/opendistro-alerting/opendistro-alerting-{{odfeplugin_version}}.zip \
+ https://d3g5vo6xdbdb9a.cloudfront.net/downloads/kibana-plugins/opendistro-index-management/opendistro_index_management_kibana-{{odfeplugin_version}}.zip; \
+ do bin/kibana-plugin install --allow-root ${PLUGIN}; done
+
+ADD thehive_button /usr/share/kibana/plugins/thehive_button
+RUN chown -R kibana:kibana /usr/share/kibana/plugins/thehive_button
+
+USER kibana
+
diff --git a/roles/build/templates/thehive/start.sh b/roles/build/templates/thehive/start.sh
new file mode 100644
index 0000000..fa91e92
--- /dev/null
+++ b/roles/build/templates/thehive/start.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+export CASSANDRA_HOME=/usr/share/cassandra
+export CASSANDRA_CONF=$CASSANDRA_HOME/conf
+export CASSANDRA_INCLUDE=$CASSANDRA_HOME/cassandra.in.sh
+log_file=/var/log/cassandra/cassandra.log
+pid_file=/var/run/cassandra/cassandra.pid
+lock_file=/var/lock/subsys/cassandra
+CASSANDRA_PROG=/usr/sbin/cassandra
+
+$CASSANDRA_PROG -p $pid_file > $log_file 2>&1
diff --git a/roles/build/templates/thehive/supervisord.conf b/roles/build/templates/thehive/supervisord.conf
new file mode 100644
index 0000000..d1f405e
--- /dev/null
+++ b/roles/build/templates/thehive/supervisord.conf
@@ -0,0 +1,10 @@
+[supervisord]
+loglevel=debug
+nodaemon=true
+[program:cassandra]
+user=cassandra
+directory=/usr/share/cassandra
+stdout_logfile=/var/log/cassandra/cassandra.log
+redirect_stderr=true
+environment=CASSANDRA_HOME="/usr/share/cassandra",CASSANDRA_CONF="/usr/share/cassandra/conf",CASSANDRA_INCLUDE="$CASSANDRA_HOME/cassandra.in.sh"
+command=/usr/sbin/cassandra -p /var/run/cassandra/cassandra.pid
diff --git a/roles/build/templates/thehive/thehive.repo b/roles/build/templates/thehive/thehive.repo
new file mode 100644
index 0000000..ff38064
--- /dev/null
+++ b/roles/build/templates/thehive/thehive.repo
@@ -0,0 +1,7 @@
+[thehive-project]
+enabled=1
+priority=1
+name=TheHive-Project RPM repository
+baseurl=http://rpm.thehive-project.org/stable/noarch
+gpgcheck=1
+
diff --git a/roles/ca/files/CA/.rnd b/roles/ca/files/CA/.rnd
new file mode 100644
index 0000000000000000000000000000000000000000..b7292db0335ef4cf2d62de2a5e033524b2ad01a1
GIT binary patch
literal 1024
zcmZ3+zv+--X62(;88!#2d)rJ{1j}aT6d%m~I^*V#^~!Uq&0K5dWjS=k?_d0R@5Dse
zvqvtPw>_QsHYi~0xAx3Qi}UNA75RiV&b=3rc(u@}iQnWw%_Ze^*H~||D=7Q^uYNp1
z_E^#U{D+bCYaTt@!5m+*bk;iUJ3H2O^yJ->4UxHZWY*6u<+Hej4MitR-qSI8h14H8
zG42a_GLhR#E^j=p;&&o4cBaLyty%5LOnGPCT3t#`xxSw5^nS0n2ECe)`pw-ZqIY~K
zYGysRNjiGs_l*^-b#sqiyY$3oV-)Z9DG7@XZdke?#Vs=Jl)lEJyH#wuR#yZn#9}tQ
zW~y(kWGVb}(rxZ!WAR+J%_%`1D`c`}SSf34OV(`R`aI#Rfz-QcM!m;a{uM0anBUP5
zVq=>VlgYE}!MV&dQ!cMPj1oUg7Bjxyd}RK&_hx@)y7g{cv;Ty}{E6p%cU+xR%;NCe
z;vQpB9ydqx!m!2GQC2NMEPCM|bxtg|otd5xczl-TOjhrQhcY7$MVyyvU=^<sx72yO
zmP1{+ZRN76=UwyV*DrQ?$GP5Pd(%R{uvIa3j}EH4$gJR~WHh@P^~vDou0kQ>{YPvn
zUrFA7yoWpQz^k@@@4^FC%<7!?)^)KAzxruUmRq4;uJ$MED%SAi*u^SX&b}#-y`sy&
z<MYKN_vxF%w;C;qdUto{#}8i=TVLl-UVHQ8m$sxSn~zl)W##O9Csel8I{k=q_}Tlb
z)0uW(GdaznpD0`TU`^DCPcfGqV)M;T-kEgU<YcEP<7K1sDYh)n8Z};q=y+D=C)G0C
znKNgJ)9YIA-*4CDHec4tkH~2ZH>hm4d>DVv&L+Kz&Ell&#A|^|9>(=PN|QVi6Em6n
zcJ}K(F=i@{e-+#8=-{h#zcx*vaJ}ED<DrTAv-e1@>)IFa>yBl`FVS>+>CHx`<Cf?K
zBs~y3QowBepmJ64-ngi;s(H;zw@q*_y0(4pi?IH=%NRBbUU1!|^O^N#?0fEtiLVkZ
zK3N=A@xAqbL4?Y~MqORW{l3*liqy`$<E}6^v43lH(Pa*|eHDjkQGrBCp~bEr+D!BJ
zGcB!Q*B4hP+J1y<>#b5_SC6Ti54J7cqjk6?-LLNL?0H*H-sd>Ie9`~KS^~%F5?<97
z+3#+A)>ZI$Tke%fM%_P-xjf%_as9a@)f)#xzvxL{dcbGB+xvBvlJ0?h&TCxsdY`}K
z^E$kqsq#sgv&!<enYXvzZc?7w%qMi0`LfB2b9d%1_u|W9%$)np-Qa@f2W_i>GqbB^
z2{d!%)l_Jl?l{4p8RE{(r2g*9Qbm_#kF;jU{|{VqflVkY@W<pue?#OVGamU{#ulAA
u`P6w6lY8>)%&E(d<On^;J{{A}Z<=@6TtV#8M%SN54n}UiaDeUQG7|tcZuh+a
literal 0
HcmV?d00001
diff --git a/roles/ca/files/CA/ca.crt b/roles/ca/files/CA/ca.crt
new file mode 100644
index 0000000..04b1f20
--- /dev/null
+++ b/roles/ca/files/CA/ca.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNTCCAh2gAwIBAgIJAIp0kyaAW0K3MA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV
+BAMMC1NPQ1RPT0xTLUNBMB4XDTIwMTAzMDEwNDcxOFoXDTMwMTAyODEwNDcxOFow
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC1GZDFZJPR7AYkhEsB9U6qtK+40di3KOeTwRosJ7hvP1FQjwnIC37B
+UlVq15KEgRTCcXgLH0CdtzC1Rkz+AUCLyKTOGmNCqmvyMcESdpuoI1NULkv0QeYX
+Mj4Q1Lh0RldqZpEr32UfsVowBPPhijAUlVAHeJLvji/tnUvI++9no2hx03UAhjTM
+M59AviYsRT3DUkciNSllpwV+7B2pgnpRgzsbVGP2cheaaRYG9DAbRTLrAtVxO0WJ
+c/zNGSpvXuOyBK30/pwGMvhNGPeckElSpDfaepuA8ZDcfaKNk0kEBvzIlUrpZBmv
+tBc5DmpfEBlSk5UK/0XSblKE5dOqlWc1AgMBAAGjgYUwgYIwHQYDVR0OBBYEFHkG
+ykDTn5pUrtMzTfI4PrYL8z3PMEYGA1UdIwQ/MD2AFHkGykDTn5pUrtMzTfI4PrYL
+8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09MUy1DQYIJAIp0kyaAW0K3MAwGA1Ud
+EwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQA0XK1+Eg+j
+JdwKnUpnwPq+fsyrCs4TF1DgwtqY4yr1KCw0QSPMK9ldLp62lJaRnrPE7ZGOQ7sd
+z82yEM8nMulNREp3TZwuVFaWgs0yLVKkfqZ0jNGDuEf8AJAynI4ynRbtYxtYzBDy
+XgJPk9lKK/gR14IXBet/dGbZf4yHiMzldMCb0dWzyDS1S+Y1iLTRCmpmRbFow12g
+CjNoSxdyoJPZavcOVWa4tDc3PLMdkgdY20ewo3IvCQTOg9ogVX4Hq5/M4xTz8XUX
+nHeUqshdkPVGFCIujCBg9131RYSE0SkVrPUaIbP9tgzabkZWwhiq8oSpTBmIi9qh
+GPiQTFGknE1U
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/01EC4DAD3E5E47CF4E4B98495932B337.pem b/roles/ca/files/CA/certs_by_serial/01EC4DAD3E5E47CF4E4B98495932B337.pem
new file mode 100644
index 0000000..ad6921c
--- /dev/null
+++ b/roles/ca/files/CA/certs_by_serial/01EC4DAD3E5E47CF4E4B98495932B337.pem
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 01:ec:4d:ad:3e:5e:47:cf:4e:4b:98:49:59:32:b3:37
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:25 2020 GMT
+ Not After : Oct 15 10:47:25 2023 GMT
+ Subject: CN=dsoclab-nifi-1
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:c3:af:ef:b7:a1:95:47:5f:55:ea:7e:e8:d6:fd:
+ d5:e3:19:68:2e:72:1f:90:62:a8:79:76:d8:d2:f6:
+ 51:df:71:80:37:5a:ec:7d:fb:6d:78:6e:37:fe:e5:
+ 1b:c8:d5:73:e4:c9:a5:cb:e8:4a:48:26:c6:e0:a6:
+ 5e:14:2c:90:b1:81:b2:69:31:e2:44:85:97:f5:60:
+ 12:88:06:9d:8d:cf:4a:a2:77:b3:d9:ff:f3:41:40:
+ 4c:21:e1:73:8d:98:82:2f:37:27:0c:24:d8:67:bd:
+ c7:05:50:40:c5:a9:d0:e4:3f:bb:0c:72:29:7c:be:
+ 06:01:96:03:b8:a0:42:c4:6f:6f:da:aa:17:34:5f:
+ 5e:f3:73:0e:77:b5:7a:9a:59:e3:3c:d1:39:50:17:
+ 2f:53:18:05:82:34:29:1b:19:56:2e:c2:db:24:79:
+ 51:0f:a8:d9:66:3c:72:1e:a0:f7:03:d6:e9:e5:c6:
+ b9:be:94:e4:84:bd:cd:93:26:eb:3b:17:bb:cd:e5:
+ 58:25:f2:28:35:a4:b1:70:df:32:54:85:f6:3c:20:
+ 9f:88:8b:5d:83:a2:c4:1e:31:d9:a1:76:1d:2e:3c:
+ f8:78:64:a4:dd:3a:b2:56:65:bf:a8:2a:a8:ed:62:
+ c9:62:2c:72:bd:9d:7e:6b:1f:80:ea:bc:33:60:47:
+ d3:0f
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 87:9A:8D:12:3A:69:8D:89:98:F6:95:D0:F2:ED:C3:DC:ED:A0:22:12
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-nifi-1, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 8d:23:38:a7:aa:d0:58:03:f2:98:19:da:62:c6:55:cb:d5:c5:
+ 05:dd:55:c5:f9:41:46:ec:75:06:be:0a:0b:7b:0f:ac:10:dd:
+ 86:bf:4f:6e:05:c1:7b:c1:1d:1c:ce:c7:f0:a9:0c:6e:79:fe:
+ c2:49:18:d5:5d:4a:ae:c8:d8:ab:ec:45:95:94:c1:8b:30:da:
+ 52:1a:42:3c:41:77:65:9e:8a:63:f5:52:c2:71:b7:e2:56:43:
+ bd:89:3a:fa:14:bd:d7:7a:b2:60:43:82:c0:df:4a:e0:a7:02:
+ fd:d7:f6:56:9a:0f:ad:f4:ee:00:06:fb:75:b9:96:63:c8:b3:
+ 75:1f:c6:9d:3b:9d:1a:29:cd:09:f0:80:31:5c:4e:97:62:91:
+ 73:84:aa:11:cc:4b:00:15:a1:92:62:2a:6b:d4:d6:4c:ed:a5:
+ 89:fe:12:c9:d1:0b:48:b8:97:26:e4:5b:ab:da:fe:2d:54:ca:
+ 55:23:8b:22:7f:a1:12:4a:21:3e:9e:bb:48:d6:82:b6:a2:cc:
+ 83:15:5d:5f:c7:52:a1:01:01:70:60:3f:64:b4:1d:85:4f:56:
+ b7:67:77:b8:ea:59:7a:85:ce:e3:4a:e1:d6:2f:e0:b2:60:44:
+ 3a:08:3a:b5:0e:fc:88:ad:e5:a1:f1:a8:79:37:c4:52:02:f0:
+ 5b:05:94:0e
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIQAexNrT5eR89OS5hJWTKzNzANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjVaFw0yMzEwMTUx
+MDQ3MjVaMBkxFzAVBgNVBAMMDmRzb2NsYWItbmlmaS0xMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAw6/vt6GVR19V6n7o1v3V4xloLnIfkGKoeXbY0vZR
+33GAN1rsfftteG43/uUbyNVz5Mmly+hKSCbG4KZeFCyQsYGyaTHiRIWX9WASiAad
+jc9Konez2f/zQUBMIeFzjZiCLzcnDCTYZ73HBVBAxanQ5D+7DHIpfL4GAZYDuKBC
+xG9v2qoXNF9e83MOd7V6mlnjPNE5UBcvUxgFgjQpGxlWLsLbJHlRD6jZZjxyHqD3
+A9bp5ca5vpTkhL3NkybrOxe7zeVYJfIoNaSxcN8yVIX2PCCfiItdg6LEHjHZoXYd
+Ljz4eGSk3TqyVmW/qCqo7WLJYixyvZ1+ax+A6rwzYEfTDwIDAQABo4HcMIHZMAkG
+A1UdEwQCMAAwHQYDVR0OBBYEFIeajRI6aY2JmPaV0PLtw9ztoCISMEYGA1UdIwQ/
+MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
+Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
+BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1uaWZpLTGCHmRzb2NsYWIu
+Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEAjSM4p6rQ
+WAPymBnaYsZVy9XFBd1VxflBRux1Br4KC3sPrBDdhr9PbgXBe8EdHM7H8KkMbnn+
+wkkY1V1KrsjYq+xFlZTBizDaUhpCPEF3ZZ6KY/VSwnG34lZDvYk6+hS913qyYEOC
+wN9K4KcC/df2VpoPrfTuAAb7dbmWY8izdR/GnTudGinNCfCAMVxOl2KRc4SqEcxL
+ABWhkmIqa9TWTO2lif4SydELSLiXJuRbq9r+LVTKVSOLIn+hEkohPp67SNaCtqLM
+gxVdX8dSoQEBcGA/ZLQdhU9Wt2d3uOpZeoXO40rh1i/gsmBEOgg6tQ78iK3lofGo
+eTfEUgLwWwWUDg==
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/1DD9AF5415359961C578D1B98BFA6E9F.pem b/roles/ca/files/CA/certs_by_serial/1DD9AF5415359961C578D1B98BFA6E9F.pem
new file mode 100644
index 0000000..af57c1e
--- /dev/null
+++ b/roles/ca/files/CA/certs_by_serial/1DD9AF5415359961C578D1B98BFA6E9F.pem
@@ -0,0 +1,84 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 1d:d9:af:54:15:35:99:61:c5:78:d1:b9:8b:fa:6e:9f
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:52 2020 GMT
+ Not After : Oct 15 10:47:52 2023 GMT
+ Subject: CN=Bozidar Proevski
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:9a:de:00:fd:f1:e9:b9:29:d9:58:d0:47:21:cf:
+ 4b:67:17:f7:a9:02:93:17:cf:57:5b:6f:db:26:90:
+ 30:09:0b:d9:c5:66:5e:f6:22:66:ab:48:06:aa:6c:
+ 88:b3:fd:93:45:a4:60:c9:5f:2b:6c:af:db:68:5e:
+ 27:e6:85:71:27:b7:20:52:61:df:14:1b:da:06:39:
+ b2:21:20:4b:22:48:b7:4b:76:44:02:b1:89:5f:0e:
+ 59:22:cb:b9:c9:1e:8d:a0:ac:28:5d:e5:ae:c8:ea:
+ cc:05:20:a2:60:11:12:8d:6d:88:0a:73:e8:7c:68:
+ 9c:48:2c:c9:a8:c6:9d:c3:3c:c1:e7:f4:07:f7:5b:
+ 6e:42:3d:3d:0f:85:6f:e2:b9:88:a9:d0:02:84:b8:
+ 19:6a:ae:13:a1:97:50:98:16:c8:0c:1b:bd:02:c8:
+ 5f:a3:2f:73:7e:25:f8:8c:e7:92:43:c7:6a:75:bc:
+ 85:ea:1c:47:28:ce:2c:9b:3a:8f:a8:07:e9:8c:8a:
+ 75:3e:c1:97:32:ce:e3:c5:ca:1e:0a:d7:3c:77:0a:
+ d2:ab:51:c3:e5:dc:37:90:1a:35:bf:a0:4a:aa:bd:
+ 38:ef:9e:6d:f8:81:37:7f:d3:77:23:c6:5b:63:98:
+ 64:07:2f:47:fd:7d:21:2f:57:c2:d8:44:00:c2:29:
+ 22:79
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ A3:9F:29:21:E0:E5:18:E4:CB:4C:2D:7F:84:2F:AF:F2:49:F0:83:3A
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: sha256WithRSAEncryption
+ ad:cb:66:5d:b7:29:e5:19:7b:7c:ae:23:50:58:34:db:c9:79:
+ 39:de:57:83:34:03:6d:bc:bf:e2:31:79:9d:2b:a2:7a:e0:c4:
+ c8:19:96:e0:20:f3:05:2a:a6:f4:b8:90:c4:ea:8d:5e:86:e1:
+ 13:99:59:0f:da:c8:3d:96:0d:78:04:4f:26:9c:6a:7c:8e:50:
+ 5a:30:f1:37:dc:26:99:28:35:f8:25:b9:4b:f8:d2:f0:d3:b5:
+ 61:32:c9:9c:43:39:21:43:c1:de:0d:4d:8e:e5:6f:a1:58:e5:
+ 01:84:d6:a5:de:88:2a:55:9f:ec:de:be:b1:13:61:33:dd:50:
+ 19:89:dd:11:48:5e:c2:14:8d:69:8f:a9:43:73:80:71:8f:54:
+ ba:da:74:b4:26:ec:5b:82:88:84:90:6d:f7:58:3f:78:d3:20:
+ 5b:c3:9b:82:85:b7:ef:98:12:4f:ba:e8:38:f3:8c:af:85:91:
+ 66:40:fe:a9:b2:fd:d6:76:ad:70:b7:b5:33:88:64:31:97:81:
+ d9:c6:ec:47:9b:af:3f:31:c8:de:0c:cc:88:3d:b7:6f:6f:19:
+ 24:f1:ae:ff:de:95:31:3f:38:e5:ed:a1:e1:e4:6b:54:1f:26:
+ b8:53:79:cf:fe:89:ba:bc:35:a1:bc:2f:8a:07:a2:eb:0d:90:
+ 72:ad:8a:60
+-----BEGIN CERTIFICATE-----
+MIIDUzCCAjugAwIBAgIQHdmvVBU1mWHFeNG5i/punzANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3NTJaFw0yMzEwMTUx
+MDQ3NTJaMBsxGTAXBgNVBAMMEEJvemlkYXIgUHJvZXZza2kwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQCa3gD98em5KdlY0Echz0tnF/epApMXz1dbb9sm
+kDAJC9nFZl72ImarSAaqbIiz/ZNFpGDJXytsr9toXifmhXEntyBSYd8UG9oGObIh
+IEsiSLdLdkQCsYlfDlkiy7nJHo2grChd5a7I6swFIKJgERKNbYgKc+h8aJxILMmo
+xp3DPMHn9Af3W25CPT0PhW/iuYip0AKEuBlqrhOhl1CYFsgMG70CyF+jL3N+JfiM
+55JDx2p1vIXqHEcoziybOo+oB+mMinU+wZcyzuPFyh4K1zx3CtKrUcPl3DeQGjW/
+oEqqvTjvnm34gTd/03cjxltjmGQHL0f9fSEvV8LYRADCKSJ5AgMBAAGjgZcwgZQw
+CQYDVR0TBAIwADAdBgNVHQ4EFgQUo58pIeDlGOTLTC1/hC+v8knwgzowRgYDVR0j
+BD8wPYAUeQbKQNOfmlSu0zNN8jg+tgvzPc+hGqQYMBYxFDASBgNVBAMMC1NPQ1RP
+T0xTLUNBggkAinSTJoBbQrcwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQD
+AgeAMA0GCSqGSIb3DQEBCwUAA4IBAQCty2ZdtynlGXt8riNQWDTbyXk53leDNANt
+vL/iMXmdK6J64MTIGZbgIPMFKqb0uJDE6o1ehuETmVkP2sg9lg14BE8mnGp8jlBa
+MPE33CaZKDX4JblL+NLw07VhMsmcQzkhQ8HeDU2O5W+hWOUBhNal3ogqVZ/s3r6x
+E2Ez3VAZid0RSF7CFI1pj6lDc4Bxj1S62nS0JuxbgoiEkG33WD940yBbw5uChbfv
+mBJPuug484yvhZFmQP6psv3Wdq1wt7UziGQxl4HZxuxHm68/McjeDMyIPbdvbxkk
+8a7/3pUxPzjl7aHh5GtUHya4U3nP/om6vDWhvC+KB6LrDZByrYpg
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/560A99C5A03FC4B9FC92FDC62F419BB9.pem b/roles/ca/files/CA/certs_by_serial/560A99C5A03FC4B9FC92FDC62F419BB9.pem
new file mode 100644
index 0000000..a648174
--- /dev/null
+++ b/roles/ca/files/CA/certs_by_serial/560A99C5A03FC4B9FC92FDC62F419BB9.pem
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 56:0a:99:c5:a0:3f:c4:b9:fc:92:fd:c6:2f:41:9b:b9
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:27 2020 GMT
+ Not After : Oct 15 10:47:27 2023 GMT
+ Subject: CN=dsoclab-odfe-2
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:c7:a5:e1:3f:e0:a3:22:69:f1:b4:15:5e:b9:3c:
+ db:d7:44:bb:d9:c7:69:94:5b:c1:7d:a3:34:4d:3e:
+ 88:0a:e2:8f:2e:d3:98:94:ae:b4:1f:49:a3:fd:4b:
+ 27:16:70:ab:03:ab:cd:4c:02:2a:7b:ed:3a:ff:49:
+ 49:2e:3b:88:f6:59:85:26:de:37:b4:47:9e:1c:be:
+ a3:38:8e:b0:22:6b:ca:c5:12:e5:be:40:9c:57:7a:
+ 4d:02:0c:db:13:c5:9d:d2:85:df:99:57:32:90:37:
+ 54:08:16:46:01:54:da:0c:77:31:63:39:46:27:88:
+ 3f:f4:ad:4e:e6:fd:0a:3e:9d:98:9a:53:98:90:be:
+ 9b:ee:e3:b2:91:c7:7f:3f:a1:b9:62:f8:7a:1e:cc:
+ b4:23:ed:82:a0:5c:ad:86:7b:50:53:c9:ec:57:04:
+ 44:1c:12:f6:33:3f:68:42:f8:b7:2f:25:91:1c:aa:
+ b0:df:17:6b:ed:6d:cc:6d:a7:d6:b7:07:6b:61:a5:
+ 16:51:9f:02:07:ad:b2:42:42:ca:0b:b1:2e:c1:6e:
+ 94:2d:3e:5e:88:48:8f:b6:8b:15:b0:48:8e:35:58:
+ ea:b5:90:9c:fb:5a:fa:f5:c7:27:b7:11:30:7a:cb:
+ 36:7c:4f:ea:52:00:47:40:e9:f0:ca:67:63:32:e0:
+ 33:73
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ E6:41:BE:4B:A2:E1:07:EF:2A:FD:16:A7:B6:68:3D:0F:81:F5:15:80
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-odfe-2, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 84:64:d0:92:f6:96:07:be:f1:52:f6:49:15:cd:d0:99:ea:ca:
+ 7f:06:a8:d2:68:e3:8e:c3:a3:a9:2d:f2:b7:4a:74:75:9f:02:
+ b4:6f:77:14:ec:89:f9:a3:b5:35:c8:f2:ad:50:df:24:05:d3:
+ 0a:a8:49:be:19:de:fc:84:a4:61:af:ff:c0:2c:f7:8b:11:87:
+ 34:10:e3:dc:9b:d2:b8:66:0a:f7:3f:05:11:37:41:09:9f:3d:
+ f3:a1:97:b7:62:64:db:5a:46:d9:5a:7a:c8:f7:79:e4:f8:61:
+ 2e:5c:e8:82:8d:fc:0e:8d:a4:4f:fd:33:f1:76:0e:8d:21:f4:
+ 00:5a:e1:a6:96:21:e0:bb:e4:e6:35:8e:b6:61:49:8a:f2:c1:
+ 25:96:cf:c0:f6:e0:0a:0b:75:b5:d5:6c:be:ad:0c:a8:4b:33:
+ 44:72:cc:ef:5f:db:09:e7:b9:6e:60:80:7d:02:e9:ab:06:81:
+ 24:d3:9d:c3:de:f9:a1:f1:f7:77:ee:6d:49:ab:13:72:c6:62:
+ 39:b2:80:32:07:20:51:a3:3e:1a:cf:b9:3a:bc:e3:a1:58:33:
+ 22:6f:68:a9:e9:33:0b:8d:24:72:ea:e3:75:68:a3:69:11:a8:
+ 2d:86:ed:f2:00:74:d6:d4:ab:fc:30:3f:68:6b:b6:d3:61:30:
+ 51:84:09:da
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIQVgqZxaA/xLn8kv3GL0GbuTANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjdaFw0yMzEwMTUx
+MDQ3MjdaMBkxFzAVBgNVBAMMDmRzb2NsYWItb2RmZS0yMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAx6XhP+CjImnxtBVeuTzb10S72cdplFvBfaM0TT6I
+CuKPLtOYlK60H0mj/UsnFnCrA6vNTAIqe+06/0lJLjuI9lmFJt43tEeeHL6jOI6w
+ImvKxRLlvkCcV3pNAgzbE8Wd0oXfmVcykDdUCBZGAVTaDHcxYzlGJ4g/9K1O5v0K
+Pp2YmlOYkL6b7uOykcd/P6G5Yvh6Hsy0I+2CoFythntQU8nsVwREHBL2Mz9oQvi3
+LyWRHKqw3xdr7W3MbafWtwdrYaUWUZ8CB62yQkLKC7EuwW6ULT5eiEiPtosVsEiO
+NVjqtZCc+1r69ccntxEwess2fE/qUgBHQOnwymdjMuAzcwIDAQABo4HcMIHZMAkG
+A1UdEwQCMAAwHQYDVR0OBBYEFOZBvkui4QfvKv0Wp7ZoPQ+B9RWAMEYGA1UdIwQ/
+MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
+Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
+BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1vZGZlLTKCHmRzb2NsYWIu
+Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEAhGTQkvaW
+B77xUvZJFc3QmerKfwao0mjjjsOjqS3yt0p0dZ8CtG93FOyJ+aO1NcjyrVDfJAXT
+CqhJvhne/ISkYa//wCz3ixGHNBDj3JvSuGYK9z8FETdBCZ8986GXt2Jk21pG2Vp6
+yPd55PhhLlzogo38Do2kT/0z8XYOjSH0AFrhppYh4Lvk5jWOtmFJivLBJZbPwPbg
+Cgt1tdVsvq0MqEszRHLM71/bCee5bmCAfQLpqwaBJNOdw975ofH3d+5tSasTcsZi
+ObKAMgcgUaM+Gs+5OrzjoVgzIm9oqekzC40kcurjdWijaRGoLYbt8gB01tSr/DA/
+aGu202EwUYQJ2g==
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/5969918F10EF8D2BAE46B26D6D629D8E.pem b/roles/ca/files/CA/certs_by_serial/5969918F10EF8D2BAE46B26D6D629D8E.pem
new file mode 100644
index 0000000..796e826
--- /dev/null
+++ b/roles/ca/files/CA/certs_by_serial/5969918F10EF8D2BAE46B26D6D629D8E.pem
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 59:69:91:8f:10:ef:8d:2b:ae:46:b2:6d:6d:62:9d:8e
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:26 2020 GMT
+ Not After : Oct 15 10:47:26 2023 GMT
+ Subject: CN=dsoclab-nifi-3
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:a7:48:a0:d3:ab:1e:8c:49:60:8b:b8:bd:9a:aa:
+ 5c:09:62:01:79:89:c9:e5:5f:30:64:38:ca:f1:95:
+ 2d:48:20:81:ef:60:aa:6f:d1:ef:b4:ac:89:8e:e9:
+ f5:16:7d:64:07:b0:3b:75:c3:e1:e1:15:71:64:60:
+ 8f:15:8e:16:8b:de:b8:97:79:a7:83:19:77:5b:aa:
+ 36:82:37:b9:51:a7:95:b5:1f:ac:9d:81:c6:ec:fb:
+ 14:3a:84:77:1e:9c:dd:3c:06:30:a1:5e:d0:8f:b0:
+ c9:5a:13:ad:0e:56:57:bc:1d:3f:be:d7:4c:4b:37:
+ a2:88:72:4d:1a:62:88:08:a0:57:bb:20:ce:7e:af:
+ b7:72:f2:ee:86:1a:b1:28:3b:41:f4:d3:ea:14:74:
+ 90:e1:33:41:1a:92:e2:2e:ec:d3:20:60:60:61:d6:
+ fc:0e:3f:57:43:88:5f:10:29:20:51:40:46:ed:5d:
+ 9f:d1:5a:e7:4b:52:f4:d4:23:60:4a:22:a7:92:6c:
+ d4:cb:20:01:a6:b9:53:71:7a:71:02:e1:05:72:41:
+ a5:42:9f:41:47:2c:30:7e:0c:b1:73:cc:f7:63:60:
+ 27:3f:3d:36:93:14:aa:7e:12:ed:1b:f1:cb:4d:e8:
+ 7c:32:20:50:f5:2d:7d:06:0a:93:cf:7a:85:2b:0b:
+ a6:b1
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ C9:B8:02:23:C4:2E:F5:FE:C9:34:45:77:33:0D:89:CE:D9:A3:30:2A
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-nifi-3, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 32:20:b3:1c:e1:c9:a4:19:75:14:32:1b:cd:c2:83:59:49:07:
+ e3:b8:62:73:ec:4e:69:cb:9b:49:0d:f5:d0:ea:8b:b6:de:3e:
+ 76:03:c4:e8:68:0f:01:96:aa:40:b2:1e:99:06:d2:75:f5:31:
+ ec:b7:93:e6:1b:b0:ab:7e:1b:1d:65:46:6d:9f:ac:97:ed:55:
+ 53:ca:53:00:5a:ca:c5:83:48:c3:2a:51:db:e7:e7:e1:40:4a:
+ bf:b2:9d:d4:71:d4:54:84:2b:4b:d4:a2:22:73:95:e1:62:51:
+ ce:e3:e2:f6:24:dd:40:08:07:01:6f:ee:27:3e:fc:17:1d:1f:
+ 30:da:7f:37:78:7e:b8:af:d8:2c:d9:48:84:92:be:4e:8e:a7:
+ b8:e6:9f:d4:91:5d:44:c9:8b:82:9f:13:eb:d5:2c:00:fa:ef:
+ d6:49:ff:92:0d:83:22:57:45:4a:ac:b6:5e:a2:c6:c1:73:ff:
+ f5:dd:a7:d8:79:9a:a7:96:33:b4:51:17:7f:80:6e:3b:52:a8:
+ 61:53:ae:08:1f:02:5a:0c:5b:37:3c:3a:36:ee:74:e2:9e:df:
+ df:01:b5:f6:d0:b8:fa:58:79:53:fd:70:9e:54:c3:6c:68:a7:
+ 3f:b0:e4:20:a6:a8:2f:87:5a:8a:08:01:41:de:35:ed:5e:85:
+ ae:dd:e0:3e
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIQWWmRjxDvjSuuRrJtbWKdjjANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjZaFw0yMzEwMTUx
+MDQ3MjZaMBkxFzAVBgNVBAMMDmRzb2NsYWItbmlmaS0zMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAp0ig06sejElgi7i9mqpcCWIBeYnJ5V8wZDjK8ZUt
+SCCB72Cqb9HvtKyJjun1Fn1kB7A7dcPh4RVxZGCPFY4Wi964l3mngxl3W6o2gje5
+UaeVtR+snYHG7PsUOoR3HpzdPAYwoV7Qj7DJWhOtDlZXvB0/vtdMSzeiiHJNGmKI
+CKBXuyDOfq+3cvLuhhqxKDtB9NPqFHSQ4TNBGpLiLuzTIGBgYdb8Dj9XQ4hfECkg
+UUBG7V2f0VrnS1L01CNgSiKnkmzUyyABprlTcXpxAuEFckGlQp9BRywwfgyxc8z3
+Y2AnPz02kxSqfhLtG/HLTeh8MiBQ9S19BgqTz3qFKwumsQIDAQABo4HcMIHZMAkG
+A1UdEwQCMAAwHQYDVR0OBBYEFMm4AiPELvX+yTRFdzMNic7ZozAqMEYGA1UdIwQ/
+MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
+Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
+BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1uaWZpLTOCHmRzb2NsYWIu
+Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEAMiCzHOHJ
+pBl1FDIbzcKDWUkH47hic+xOacubSQ310OqLtt4+dgPE6GgPAZaqQLIemQbSdfUx
+7LeT5huwq34bHWVGbZ+sl+1VU8pTAFrKxYNIwypR2+fn4UBKv7Kd1HHUVIQrS9Si
+InOV4WJRzuPi9iTdQAgHAW/uJz78Fx0fMNp/N3h+uK/YLNlIhJK+To6nuOaf1JFd
+RMmLgp8T69UsAPrv1kn/kg2DIldFSqy2XqLGwXP/9d2n2Hmap5YztFEXf4BuO1Ko
+YVOuCB8CWgxbNzw6Nu504p7f3wG19tC4+lh5U/1wnlTDbGinP7DkIKaoL4daiggB
+Qd417V6Frt3gPg==
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/5DC4BC495FA076A813A4C23261640D92.pem b/roles/ca/files/CA/certs_by_serial/5DC4BC495FA076A813A4C23261640D92.pem
new file mode 100644
index 0000000..a743bd0
--- /dev/null
+++ b/roles/ca/files/CA/certs_by_serial/5DC4BC495FA076A813A4C23261640D92.pem
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 5d:c4:bc:49:5f:a0:76:a8:13:a4:c2:32:61:64:0d:92
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:29 2020 GMT
+ Not After : Oct 15 10:47:29 2023 GMT
+ Subject: CN=dsoclab-cortex
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:cd:09:6b:14:33:4a:47:75:5b:d3:d9:67:3b:4d:
+ ad:1f:a7:1f:33:ab:86:b1:aa:3b:09:ab:1a:a6:fb:
+ a0:60:04:e3:68:33:0e:85:54:d1:70:61:8a:b9:d5:
+ d6:b5:6c:c2:b3:36:02:94:b7:1d:18:93:5f:88:81:
+ ff:2a:f4:99:58:6d:d7:96:e2:d2:64:77:b9:74:44:
+ 3c:f0:fb:5b:0f:43:7d:38:5d:fe:b0:db:05:7a:a9:
+ c5:10:24:75:13:c8:2d:da:69:be:e3:43:33:f0:28:
+ 30:9a:53:f8:f8:d3:10:32:35:ec:1d:87:ab:1e:2c:
+ b5:00:7c:9f:8f:61:e0:5d:56:15:8c:46:45:09:78:
+ 02:78:10:c0:af:2f:25:6c:c2:5b:ed:5f:c1:33:0b:
+ f8:c8:13:dc:df:c3:fc:05:90:ff:06:9e:cb:bc:1d:
+ 2b:c2:57:f2:bd:aa:22:b3:4b:f5:ca:b2:b8:00:18:
+ f1:14:10:b8:5e:69:9f:ed:fc:04:83:d9:2e:b7:9a:
+ 8a:45:1c:54:71:8f:61:02:6a:8a:84:2f:67:df:92:
+ 3a:0c:5f:e5:b6:e7:6c:27:69:1f:5b:06:d6:7f:e6:
+ df:ab:2f:31:a5:cd:63:32:60:c0:07:50:6c:0d:39:
+ cb:68:ae:3c:b2:da:0f:20:06:77:2c:28:ab:3a:30:
+ 92:1b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 9A:0E:E1:26:13:A7:12:5F:A4:F1:41:C0:09:FC:AD:EB:4E:66:C2:50
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-cortex, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 27:2e:a1:0c:8d:fb:b1:36:ff:4e:ac:00:91:75:81:4b:20:79:
+ 3f:da:1c:e1:80:b9:8c:6b:60:47:a5:8c:bf:1f:34:98:61:95:
+ 00:bb:79:d4:9e:c8:fb:dc:fb:6a:48:b2:69:d1:1a:04:cc:52:
+ ca:0b:48:01:3e:94:1e:68:0b:e3:4d:fa:12:c4:aa:ff:b6:5b:
+ 0c:3c:80:21:fe:50:87:8a:14:3a:7d:e7:a3:5e:b6:dc:22:ba:
+ cc:97:69:00:a8:78:08:dd:66:d1:cb:ca:28:41:b9:cc:8a:6b:
+ 7c:40:b7:5e:1d:a1:88:5a:b3:fd:18:77:e9:c4:48:fd:38:8f:
+ 06:6e:78:0e:f1:1a:1b:b2:6c:0a:df:38:11:e3:5a:3d:2a:5b:
+ de:41:63:14:ab:25:8e:a6:9f:a8:b7:32:9e:dc:23:45:f3:6b:
+ 6d:86:b7:17:b3:53:df:55:bd:cb:41:a1:b7:73:ae:21:1b:68:
+ b3:b1:0a:e5:e6:0c:2a:77:76:23:f3:87:ee:5f:0e:6d:cd:3b:
+ 94:9a:6f:f2:fd:4f:2d:72:a3:21:94:55:c0:4a:6c:2b:13:e3:
+ 82:13:a5:1f:82:6b:ae:6e:e2:ec:eb:7a:25:6a:f2:9e:45:d7:
+ 0a:7d:75:be:9d:f7:94:6f:ce:a5:27:d6:9b:dc:d2:12:54:64:
+ 09:c4:f6:a9
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIQXcS8SV+gdqgTpMIyYWQNkjANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjlaFw0yMzEwMTUx
+MDQ3MjlaMBkxFzAVBgNVBAMMDmRzb2NsYWItY29ydGV4MIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAzQlrFDNKR3Vb09lnO02tH6cfM6uGsao7Casapvug
+YATjaDMOhVTRcGGKudXWtWzCszYClLcdGJNfiIH/KvSZWG3XluLSZHe5dEQ88Ptb
+D0N9OF3+sNsFeqnFECR1E8gt2mm+40Mz8CgwmlP4+NMQMjXsHYerHiy1AHyfj2Hg
+XVYVjEZFCXgCeBDAry8lbMJb7V/BMwv4yBPc38P8BZD/Bp7LvB0rwlfyvaois0v1
+yrK4ABjxFBC4Xmmf7fwEg9kut5qKRRxUcY9hAmqKhC9n35I6DF/ltudsJ2kfWwbW
+f+bfqy8xpc1jMmDAB1BsDTnLaK48stoPIAZ3LCirOjCSGwIDAQABo4HcMIHZMAkG
+A1UdEwQCMAAwHQYDVR0OBBYEFJoO4SYTpxJfpPFBwAn8retOZsJQMEYGA1UdIwQ/
+MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
+Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
+BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1jb3J0ZXiCHmRzb2NsYWIu
+Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEAJy6hDI37
+sTb/TqwAkXWBSyB5P9oc4YC5jGtgR6WMvx80mGGVALt51J7I+9z7akiyadEaBMxS
+ygtIAT6UHmgL4036EsSq/7ZbDDyAIf5Qh4oUOn3no1623CK6zJdpAKh4CN1m0cvK
+KEG5zIprfEC3Xh2hiFqz/Rh36cRI/TiPBm54DvEaG7JsCt84EeNaPSpb3kFjFKsl
+jqafqLcyntwjRfNrbYa3F7NT31W9y0Ght3OuIRtos7EK5eYMKnd2I/OH7l8Obc07
+lJpv8v1PLXKjIZRVwEpsKxPjghOlH4Jrrm7i7Ot6JWrynkXXCn11vp33lG/OpSfW
+m9zSElRkCcT2qQ==
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/61095C2C8D35EE291C99CEABD42B3CA4.pem b/roles/ca/files/CA/certs_by_serial/61095C2C8D35EE291C99CEABD42B3CA4.pem
new file mode 100644
index 0000000..0d474c2
--- /dev/null
+++ b/roles/ca/files/CA/certs_by_serial/61095C2C8D35EE291C99CEABD42B3CA4.pem
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 61:09:5c:2c:8d:35:ee:29:1c:99:ce:ab:d4:2b:3c:a4
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:29 2020 GMT
+ Not After : Oct 15 10:47:29 2023 GMT
+ Subject: CN=dsoclab-thehive
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:ba:c5:4d:20:a4:60:b7:61:21:ed:16:a1:6f:72:
+ c4:de:a1:00:c0:ef:fc:5d:a1:89:34:07:15:d2:b4:
+ 3a:14:b8:95:75:8e:81:71:49:46:1d:c8:81:cb:f1:
+ ec:c7:5a:12:f6:89:60:e4:c8:98:1a:61:c8:2d:12:
+ 8f:73:ee:f8:9d:88:b5:7f:30:70:97:29:b4:ab:43:
+ 2d:dc:db:a7:10:47:c7:b5:26:9b:11:85:fb:d3:27:
+ 8f:3a:55:bc:ea:78:17:b8:89:10:a3:a4:10:60:39:
+ c3:7f:42:25:a9:fe:84:7f:38:5e:f4:3d:c3:98:3d:
+ 56:b9:ba:81:06:55:8d:65:12:f0:4e:23:88:1d:98:
+ 0c:2f:6e:4f:67:fd:4e:67:39:91:b9:01:52:12:aa:
+ 9e:bb:7a:c8:ea:8f:4a:2d:18:f8:69:9a:3a:a0:c8:
+ 6e:e3:de:c6:db:be:4c:59:e0:cf:bc:34:4f:2c:b0:
+ ef:3e:82:5a:df:68:be:b8:fb:cc:5f:6a:f2:3e:66:
+ d4:c6:c5:f6:0b:67:e9:64:85:15:87:60:6f:dc:b4:
+ 5b:13:6f:b0:9b:f8:f3:da:c1:91:9e:81:5f:16:ca:
+ 9e:14:01:c1:1c:ce:2a:d3:c8:3c:0f:be:b1:37:aa:
+ c9:08:68:2b:de:f9:44:6c:1e:90:a4:12:bc:f5:3c:
+ 46:bd
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 5B:08:8E:F2:1B:8F:12:03:BA:31:02:9C:CE:CC:BC:9F:FC:19:D1:E1
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-thehive, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 7f:b2:fa:33:d6:e3:6c:57:8a:4a:9a:ef:8b:81:2b:df:f3:d6:
+ fb:8c:bc:02:cf:71:54:a0:f2:0d:ae:3b:30:cf:5c:69:d7:d0:
+ aa:cc:16:80:4d:9d:c8:1f:a7:98:9d:26:dc:ae:8e:24:2b:bc:
+ c1:11:a6:8d:4f:ca:13:1f:7f:8f:4c:ef:dd:46:df:d6:97:0a:
+ 88:51:4e:f7:46:aa:3d:e3:70:e9:19:e8:9f:7e:22:fa:b6:38:
+ 30:00:0a:94:38:09:bf:b8:64:6c:c1:b7:05:6d:4f:f3:27:0c:
+ df:04:ef:a1:4e:e8:2d:4c:06:d0:c0:4f:4f:da:d0:6d:b8:f2:
+ b3:79:18:63:bd:62:83:53:55:38:94:d9:64:ca:e7:4d:71:ce:
+ d1:05:6d:b1:6c:fb:1a:4c:b6:ef:70:2b:3d:9b:1d:66:d8:d9:
+ 9f:f0:e5:48:29:50:e8:1b:1a:fb:b4:d2:5e:38:ec:05:45:c2:
+ e7:de:9a:9d:aa:34:67:c5:66:18:e3:86:8b:0c:1a:c4:21:20:
+ 7e:b7:ad:e2:0b:d0:0d:d4:76:e6:53:ca:77:bc:ce:d0:9b:7b:
+ 7c:fd:42:94:da:63:d8:a7:52:d2:45:f2:d5:55:ef:37:f1:a5:
+ 0e:ba:29:c9:b4:ce:99:45:04:21:2b:86:27:bb:c1:f2:86:9a:
+ 7c:51:5c:3b
+-----BEGIN CERTIFICATE-----
+MIIDmDCCAoCgAwIBAgIQYQlcLI017ikcmc6r1Cs8pDANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjlaFw0yMzEwMTUx
+MDQ3MjlaMBoxGDAWBgNVBAMMD2Rzb2NsYWItdGhlaGl2ZTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALrFTSCkYLdhIe0WoW9yxN6hAMDv/F2hiTQHFdK0
+OhS4lXWOgXFJRh3Igcvx7MdaEvaJYOTImBphyC0Sj3Pu+J2ItX8wcJcptKtDLdzb
+pxBHx7UmmxGF+9MnjzpVvOp4F7iJEKOkEGA5w39CJan+hH84XvQ9w5g9Vrm6gQZV
+jWUS8E4jiB2YDC9uT2f9Tmc5kbkBUhKqnrt6yOqPSi0Y+GmaOqDIbuPextu+TFng
+z7w0Tyyw7z6CWt9ovrj7zF9q8j5m1MbF9gtn6WSFFYdgb9y0WxNvsJv489rBkZ6B
+XxbKnhQBwRzOKtPIPA++sTeqyQhoK975RGwekKQSvPU8Rr0CAwEAAaOB3TCB2jAJ
+BgNVHRMEAjAAMB0GA1UdDgQWBBRbCI7yG48SA7oxApzOzLyf/BnR4TBGBgNVHSME
+PzA9gBR5BspA05+aVK7TM03yOD62C/M9z6EapBgwFjEUMBIGA1UEAwwLU09DVE9P
+TFMtQ0GCCQCKdJMmgFtCtzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
+CwYDVR0PBAQDAgWgMDoGA1UdEQQzMDGCD2Rzb2NsYWItdGhlaGl2ZYIeZHNvY2xh
+Yi5nbjQtMy13cDgtc29jLnN1bmV0LnNlMA0GCSqGSIb3DQEBCwUAA4IBAQB/svoz
+1uNsV4pKmu+LgSvf89b7jLwCz3FUoPINrjswz1xp19CqzBaATZ3IH6eYnSbcro4k
+K7zBEaaNT8oTH3+PTO/dRt/WlwqIUU73Rqo943DpGeiffiL6tjgwAAqUOAm/uGRs
+wbcFbU/zJwzfBO+hTugtTAbQwE9P2tBtuPKzeRhjvWKDU1U4lNlkyudNcc7RBW2x
+bPsaTLbvcCs9mx1m2Nmf8OVIKVDoGxr7tNJeOOwFRcLn3pqdqjRnxWYY44aLDBrE
+ISB+t63iC9AN1HbmU8p3vM7Qm3t8/UKU2mPYp1LSRfLVVe838aUOuinJtM6ZRQQh
+K4Ynu8Hyhpp8UVw7
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/7587FCE4CF3EC68117199076B12CD5D2.pem b/roles/ca/files/CA/certs_by_serial/7587FCE4CF3EC68117199076B12CD5D2.pem
new file mode 100644
index 0000000..f830104
--- /dev/null
+++ b/roles/ca/files/CA/certs_by_serial/7587FCE4CF3EC68117199076B12CD5D2.pem
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 75:87:fc:e4:cf:3e:c6:81:17:19:90:76:b1:2c:d5:d2
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:28 2020 GMT
+ Not After : Oct 15 10:47:28 2023 GMT
+ Subject: CN=dsoclab-misp
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:cf:b1:1b:e7:a2:ae:70:81:71:a5:57:46:14:2e:
+ 47:64:89:4e:bd:7d:f0:82:2d:03:19:d6:87:44:b3:
+ 42:bf:72:78:03:cc:91:98:5b:36:42:14:55:e2:82:
+ 16:12:58:60:54:44:8f:15:f6:1b:1f:76:36:22:2e:
+ e8:ac:d3:3c:0a:df:46:c7:f1:04:bc:3a:bf:fe:4b:
+ 8f:2a:53:83:e3:50:82:06:09:fc:2a:fa:fe:94:a0:
+ 7b:7f:c2:3e:0b:3e:dc:72:b8:94:10:0a:0b:90:fd:
+ 45:76:29:85:52:bf:0f:20:43:78:fe:3b:d3:49:20:
+ 8f:9a:a5:0c:89:bb:0e:97:f2:67:b0:2d:f0:17:53:
+ 25:a6:9b:4b:64:0e:72:8a:bf:c9:e3:8e:41:bb:ed:
+ f3:33:6a:55:5f:8d:52:84:fa:a3:67:1a:7b:71:fb:
+ 90:f1:5f:61:df:44:ea:0b:77:88:f2:e5:c1:83:71:
+ 58:c7:58:8a:9b:39:45:59:4e:e0:db:16:b6:96:72:
+ 90:8c:ee:c2:13:75:ea:15:c6:6b:e2:dc:3a:de:c8:
+ 07:de:18:84:2d:96:b6:c4:4c:e1:4a:4d:13:6f:6c:
+ 9a:1d:e5:f9:6f:cc:7e:1b:4a:3a:75:1a:b9:37:b0:
+ 6d:a0:1b:69:35:f1:b6:e6:c2:a5:d3:56:d3:57:c7:
+ 0e:8b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 65:C5:56:88:65:AF:77:F1:53:B2:71:5E:16:10:D1:0B:30:FF:28:BE
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-misp, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 5a:57:76:90:fd:a5:0d:ea:b0:22:c9:02:2e:18:91:81:04:d1:
+ f4:64:58:58:19:27:03:9b:5a:dc:de:6c:0e:fb:b7:76:eb:b1:
+ 97:36:e2:c7:76:ef:7d:d8:00:c3:20:c0:3d:a7:cf:61:f8:16:
+ 4c:96:4c:7c:c8:89:21:d6:d4:eb:3a:c1:3d:98:34:74:6e:39:
+ 81:20:6f:9b:4b:8d:b9:35:60:c5:76:19:30:30:06:0f:89:b1:
+ 1a:f6:c4:88:52:28:98:41:52:f1:9a:77:82:79:ae:c9:71:ba:
+ d9:e5:e9:b7:ba:08:32:59:eb:5e:7d:11:e0:a8:27:20:91:46:
+ 05:56:1e:e6:0b:4d:49:17:52:7f:4b:c4:a3:e0:cd:30:bd:4e:
+ 6a:70:2a:f5:77:4d:d1:d6:64:13:8d:4b:1a:d3:0b:0f:8a:49:
+ 1e:bf:b4:c0:4f:43:dc:92:e3:c0:f2:2f:4a:c8:30:45:fc:5a:
+ d2:de:92:b2:a1:48:b8:da:ff:f4:0b:04:5d:5d:a7:30:d8:4b:
+ ca:cf:0c:01:6a:50:45:5f:d4:a8:cf:dd:fa:f7:68:0c:4c:45:
+ 47:be:3a:c2:39:bb:04:ff:62:a0:bc:91:a0:f2:2b:67:09:89:
+ 5a:ff:e6:53:c1:89:18:12:a1:0f:5a:d7:e1:12:8b:88:88:89:
+ ca:b0:30:27
+-----BEGIN CERTIFICATE-----
+MIIDkjCCAnqgAwIBAgIQdYf85M8+xoEXGZB2sSzV0jANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjhaFw0yMzEwMTUx
+MDQ3MjhaMBcxFTATBgNVBAMMDGRzb2NsYWItbWlzcDCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAM+xG+eirnCBcaVXRhQuR2SJTr198IItAxnWh0SzQr9y
+eAPMkZhbNkIUVeKCFhJYYFREjxX2Gx92NiIu6KzTPArfRsfxBLw6v/5LjypTg+NQ
+ggYJ/Cr6/pSge3/CPgs+3HK4lBAKC5D9RXYphVK/DyBDeP4700kgj5qlDIm7Dpfy
+Z7At8BdTJaabS2QOcoq/yeOOQbvt8zNqVV+NUoT6o2cae3H7kPFfYd9E6gt3iPLl
+wYNxWMdYips5RVlO4NsWtpZykIzuwhN16hXGa+LcOt7IB94YhC2WtsRM4UpNE29s
+mh3l+W/MfhtKOnUauTewbaAbaTXxtubCpdNW01fHDosCAwEAAaOB2jCB1zAJBgNV
+HRMEAjAAMB0GA1UdDgQWBBRlxVaIZa938VOycV4WENELMP8ovjBGBgNVHSMEPzA9
+gBR5BspA05+aVK7TM03yOD62C/M9z6EapBgwFjEUMBIGA1UEAwwLU09DVE9PTFMt
+Q0GCCQCKdJMmgFtCtzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYD
+VR0PBAQDAgWgMDcGA1UdEQQwMC6CDGRzb2NsYWItbWlzcIIeZHNvY2xhYi5nbjQt
+My13cDgtc29jLnN1bmV0LnNlMA0GCSqGSIb3DQEBCwUAA4IBAQBaV3aQ/aUN6rAi
+yQIuGJGBBNH0ZFhYGScDm1rc3mwO+7d267GXNuLHdu992ADDIMA9p89h+BZMlkx8
+yIkh1tTrOsE9mDR0bjmBIG+bS425NWDFdhkwMAYPibEa9sSIUiiYQVLxmneCea7J
+cbrZ5em3uggyWetefRHgqCcgkUYFVh7mC01JF1J/S8Sj4M0wvU5qcCr1d03R1mQT
+jUsa0wsPikkev7TAT0PckuPA8i9KyDBF/FrS3pKyoUi42v/0CwRdXacw2EvKzwwB
+alBFX9Soz93692gMTEVHvjrCObsE/2KgvJGg8itnCYla/+ZTwYkYEqEPWtfhEouI
+iInKsDAn
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/7DFC33457573E8F16094A74E6B2F23F1.pem b/roles/ca/files/CA/certs_by_serial/7DFC33457573E8F16094A74E6B2F23F1.pem
new file mode 100644
index 0000000..f47839f
--- /dev/null
+++ b/roles/ca/files/CA/certs_by_serial/7DFC33457573E8F16094A74E6B2F23F1.pem
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 7d:fc:33:45:75:73:e8:f1:60:94:a7:4e:6b:2f:23:f1
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:27 2020 GMT
+ Not After : Oct 15 10:47:27 2023 GMT
+ Subject: CN=dsoclab-kibana
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:ce:4f:c9:0f:84:4d:4e:7b:dc:11:90:c9:49:a8:
+ f3:60:44:a8:25:1b:59:83:64:0b:d1:e0:bc:59:50:
+ 22:a5:f5:88:7a:c8:40:65:e4:22:3d:77:d2:8f:9e:
+ 30:17:80:5e:20:85:bc:70:67:61:cb:d8:e2:9f:9a:
+ 7c:7b:a6:e8:4e:79:7b:cd:86:6e:26:52:37:45:b6:
+ ab:b7:6f:40:8f:7a:55:8b:d1:91:cc:21:6f:55:37:
+ 50:3b:72:1f:2d:3b:bf:75:47:91:88:6a:1c:ea:39:
+ dd:8b:25:31:55:0e:bc:52:6f:bf:0b:96:ef:e3:12:
+ 5c:da:63:22:54:e5:b3:95:8b:02:9e:57:3e:7b:4f:
+ a0:f5:6f:07:a8:5b:45:7c:cb:34:83:77:34:a5:b1:
+ ff:05:12:88:8f:cc:c4:05:5d:e9:e7:7d:2b:12:fa:
+ bb:4d:25:f4:f7:04:e7:95:06:95:ea:a9:c4:75:4e:
+ f7:03:67:2d:9c:9a:f4:01:f6:2a:8d:6c:6d:d0:59:
+ a9:ce:1f:12:b1:76:39:c8:07:d4:20:73:1e:f3:9c:
+ b9:67:83:3b:a8:7c:6e:fb:86:ea:3f:6a:8e:98:4c:
+ 39:a9:d1:4d:be:9f:0a:43:49:1b:fd:09:67:b6:62:
+ 71:fd:87:9a:63:25:00:aa:c7:a1:4d:23:12:e3:56:
+ 0f:6f
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 50:F3:7D:4F:B2:8C:A5:09:FD:64:CB:C1:97:F1:F8:49:C8:6B:30:4D
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-kibana, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ ae:be:82:6f:6d:e6:c4:cb:c3:2a:d9:d6:ee:11:52:a6:de:89:
+ 9e:31:a3:e2:86:07:e9:d1:fe:95:c9:a2:38:90:df:05:ff:e5:
+ 99:27:e8:d8:55:00:8a:85:b3:15:a5:e5:5b:ce:4e:4f:01:3b:
+ 74:a4:b2:09:fc:6e:95:92:94:2f:76:0d:c7:97:1b:78:c1:08:
+ 1e:3a:0e:fa:a6:ab:db:1e:22:26:86:39:f4:bb:89:a1:a1:d1:
+ 55:f6:c3:ff:9b:a5:eb:1b:6a:84:8a:1d:3c:5f:7c:03:0d:08:
+ 42:6f:d7:14:86:61:38:66:65:f7:c2:86:68:db:81:e9:41:0f:
+ 82:cf:bb:be:fd:d7:94:48:cc:f8:cf:4a:40:ce:33:c4:75:51:
+ 00:7e:c7:93:f6:3b:92:c1:5e:8a:ce:5f:2c:c2:f4:fe:ec:77:
+ 9e:ea:30:d9:53:ee:f9:b9:fd:50:f5:6b:92:1c:57:d2:e0:f3:
+ 05:d8:79:a9:63:16:13:09:cf:5f:39:dc:ec:43:e4:65:45:43:
+ 65:e4:7c:39:a3:a2:81:47:ab:8f:57:a9:89:9d:56:4b:77:b1:
+ 04:c8:9c:54:d2:5c:28:f5:d3:66:ae:9a:9c:a5:91:c7:eb:20:
+ 69:fb:58:99:c7:5e:be:ec:4a:7a:62:09:fe:3b:30:f2:4a:d7:
+ 1d:f9:0b:c3
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIQffwzRXVz6PFglKdOay8j8TANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjdaFw0yMzEwMTUx
+MDQ3MjdaMBkxFzAVBgNVBAMMDmRzb2NsYWIta2liYW5hMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAzk/JD4RNTnvcEZDJSajzYESoJRtZg2QL0eC8WVAi
+pfWIeshAZeQiPXfSj54wF4BeIIW8cGdhy9jin5p8e6boTnl7zYZuJlI3Rbart29A
+j3pVi9GRzCFvVTdQO3IfLTu/dUeRiGoc6jndiyUxVQ68Um+/C5bv4xJc2mMiVOWz
+lYsCnlc+e0+g9W8HqFtFfMs0g3c0pbH/BRKIj8zEBV3p530rEvq7TSX09wTnlQaV
+6qnEdU73A2ctnJr0AfYqjWxt0Fmpzh8SsXY5yAfUIHMe85y5Z4M7qHxu+4bqP2qO
+mEw5qdFNvp8KQ0kb/QlntmJx/YeaYyUAqsehTSMS41YPbwIDAQABo4HcMIHZMAkG
+A1UdEwQCMAAwHQYDVR0OBBYEFFDzfU+yjKUJ/WTLwZfx+EnIazBNMEYGA1UdIwQ/
+MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
+Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
+BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1raWJhbmGCHmRzb2NsYWIu
+Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEArr6Cb23m
+xMvDKtnW7hFSpt6JnjGj4oYH6dH+lcmiOJDfBf/lmSfo2FUAioWzFaXlW85OTwE7
+dKSyCfxulZKUL3YNx5cbeMEIHjoO+qar2x4iJoY59LuJoaHRVfbD/5ul6xtqhIod
+PF98Aw0IQm/XFIZhOGZl98KGaNuB6UEPgs+7vv3XlEjM+M9KQM4zxHVRAH7Hk/Y7
+ksFeis5fLML0/ux3nuow2VPu+bn9UPVrkhxX0uDzBdh5qWMWEwnPXznc7EPkZUVD
+ZeR8OaOigUerj1epiZ1WS3exBMicVNJcKPXTZq6anKWRx+sgaftYmcdevuxKemIJ
+/jsw8krXHfkLww==
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/8B69055F8586CEDD21660B2493412660.pem b/roles/ca/files/CA/certs_by_serial/8B69055F8586CEDD21660B2493412660.pem
new file mode 100644
index 0000000..56a67ac
--- /dev/null
+++ b/roles/ca/files/CA/certs_by_serial/8B69055F8586CEDD21660B2493412660.pem
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 8b:69:05:5f:85:86:ce:dd:21:66:0b:24:93:41:26:60
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:25 2020 GMT
+ Not After : Oct 15 10:47:25 2023 GMT
+ Subject: CN=dsoclab-nifi-2
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:ac:b7:4b:e2:d5:87:7f:8e:15:9b:cf:c0:17:eb:
+ db:8c:e3:1b:83:c0:69:b9:06:91:a0:9b:c6:35:dc:
+ 2f:e8:8c:72:28:50:02:82:c5:b1:eb:da:d9:e3:9d:
+ 95:d2:d9:dd:e1:08:35:6d:83:73:95:98:ba:19:fd:
+ 3e:04:67:9a:09:37:45:79:d3:1d:0b:ec:0a:43:cb:
+ b8:24:cc:68:5c:ce:2e:ae:db:48:d8:6e:5a:f3:31:
+ be:87:28:86:76:8e:8f:8d:68:95:1f:72:6c:65:4a:
+ fc:9e:b8:7d:e2:83:e2:3d:b0:30:5d:c1:73:06:ae:
+ 9b:f7:9a:54:b8:02:6b:82:90:11:08:3f:d6:5f:59:
+ 5c:df:aa:25:59:c0:67:7a:fc:e1:f0:c9:4a:8b:e0:
+ 31:b6:53:13:c2:bf:8c:4f:3a:e6:ed:11:30:a6:41:
+ 26:ad:56:8f:03:0b:ad:87:6c:b2:73:c4:2e:41:3e:
+ 99:1a:b6:29:6d:e0:dc:af:8f:45:6e:d5:69:17:0d:
+ f1:58:a6:7e:8c:80:32:72:24:21:d2:e9:b4:44:23:
+ f6:10:8f:9f:64:7f:ef:e6:ab:f1:43:94:d0:8a:97:
+ 0e:e4:91:bd:86:b9:1f:42:f4:96:39:85:05:26:ed:
+ 90:01:91:11:a3:1f:04:5b:46:ff:1b:a9:74:77:db:
+ 18:03
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 1F:5E:EF:0E:58:69:FD:21:93:48:19:98:81:48:13:2E:FC:31:61:0C
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-nifi-2, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 21:2d:9b:f7:0c:74:cd:d4:30:b1:42:5b:32:98:d8:ef:9f:a9:
+ 9b:1b:f0:54:67:c3:20:5b:f1:87:4d:ff:e4:a5:db:af:eb:34:
+ 8a:b3:fa:d6:14:4a:3c:31:11:8f:09:b0:af:25:39:5a:5e:89:
+ 32:cf:c7:48:68:f3:14:72:a0:35:15:ec:76:c7:bb:a7:5b:0c:
+ d5:7e:5b:8c:d8:40:a2:5e:fa:f8:f2:cf:dd:56:65:7e:94:ef:
+ b4:99:25:ba:9f:78:94:7d:54:0c:83:b9:cf:b8:b4:9d:78:6d:
+ 62:e3:6c:98:1f:40:b9:35:3c:51:b5:9f:82:7b:1e:77:db:25:
+ f2:71:df:3d:e9:56:93:86:fe:61:48:4f:db:76:5b:5f:b1:96:
+ f9:46:72:5e:01:80:87:b5:be:b4:00:3b:37:7f:5e:44:d4:7e:
+ c5:87:ed:40:6b:9e:f4:ca:1b:b0:4b:84:97:1f:07:0f:7c:8b:
+ d2:7b:b1:3d:a7:f8:ae:39:07:34:50:41:70:1f:07:ba:a6:a2:
+ 0d:ca:e5:7b:d4:77:2c:95:4d:16:0c:34:e0:a5:59:7f:43:c7:
+ a0:dd:a0:f0:ed:75:5a:0f:61:76:52:34:ef:7c:a7:21:e4:de:
+ 3a:24:cd:39:b6:77:3a:c8:f3:1f:09:2b:80:9a:f0:5d:7f:5e:
+ 73:9d:73:eb
+-----BEGIN CERTIFICATE-----
+MIIDlzCCAn+gAwIBAgIRAItpBV+Fhs7dIWYLJJNBJmAwDQYJKoZIhvcNAQELBQAw
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzI1WhcNMjMxMDE1
+MTA0NzI1WjAZMRcwFQYDVQQDDA5kc29jbGFiLW5pZmktMjCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAKy3S+LVh3+OFZvPwBfr24zjG4PAabkGkaCbxjXc
+L+iMcihQAoLFseva2eOdldLZ3eEINW2Dc5WYuhn9PgRnmgk3RXnTHQvsCkPLuCTM
+aFzOLq7bSNhuWvMxvocohnaOj41olR9ybGVK/J64feKD4j2wMF3Bcwaum/eaVLgC
+a4KQEQg/1l9ZXN+qJVnAZ3r84fDJSovgMbZTE8K/jE865u0RMKZBJq1WjwMLrYds
+snPELkE+mRq2KW3g3K+PRW7VaRcN8VimfoyAMnIkIdLptEQj9hCPn2R/7+ar8UOU
+0IqXDuSRvYa5H0L0ljmFBSbtkAGREaMfBFtG/xupdHfbGAMCAwEAAaOB3DCB2TAJ
+BgNVHRMEAjAAMB0GA1UdDgQWBBQfXu8OWGn9IZNIGZiBSBMu/DFhDDBGBgNVHSME
+PzA9gBR5BspA05+aVK7TM03yOD62C/M9z6EapBgwFjEUMBIGA1UEAwwLU09DVE9P
+TFMtQ0GCCQCKdJMmgFtCtzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
+CwYDVR0PBAQDAgWgMDkGA1UdEQQyMDCCDmRzb2NsYWItbmlmaS0ygh5kc29jbGFi
+LmduNC0zLXdwOC1zb2Muc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggEBACEtm/cM
+dM3UMLFCWzKY2O+fqZsb8FRnwyBb8YdN/+Sl26/rNIqz+tYUSjwxEY8JsK8lOVpe
+iTLPx0ho8xRyoDUV7HbHu6dbDNV+W4zYQKJe+vjyz91WZX6U77SZJbqfeJR9VAyD
+uc+4tJ14bWLjbJgfQLk1PFG1n4J7HnfbJfJx3z3pVpOG/mFIT9t2W1+xlvlGcl4B
+gIe1vrQAOzd/XkTUfsWH7UBrnvTKG7BLhJcfBw98i9J7sT2n+K45BzRQQXAfB7qm
+og3K5XvUdyyVTRYMNOClWX9Dx6DdoPDtdVoPYXZSNO98pyHk3jokzTm2dzrI8x8J
+K4Ca8F1/XnOdc+s=
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/97D2D0CF2300C0A966D103CA89A99212.pem b/roles/ca/files/CA/certs_by_serial/97D2D0CF2300C0A966D103CA89A99212.pem
new file mode 100644
index 0000000..71baad0
--- /dev/null
+++ b/roles/ca/files/CA/certs_by_serial/97D2D0CF2300C0A966D103CA89A99212.pem
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 97:d2:d0:cf:23:00:c0:a9:66:d1:03:ca:89:a9:92:12
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:26 2020 GMT
+ Not After : Oct 15 10:47:26 2023 GMT
+ Subject: CN=dsoclab-odfe-1
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:e5:46:f6:71:ce:a2:3f:61:5e:9b:f3:c6:61:88:
+ 87:99:0a:ac:b8:e8:9d:3c:5f:8c:60:2b:41:5b:36:
+ fb:39:0a:6f:a1:16:02:31:ac:0d:bd:0e:ff:95:59:
+ d8:f1:21:6b:bd:96:d6:7b:79:01:d1:65:1c:ca:09:
+ 22:50:30:01:ea:ed:b4:29:bf:b4:70:25:db:b3:1d:
+ e9:73:ed:63:93:02:4c:90:22:04:6d:31:74:31:ae:
+ 85:3c:12:8d:b3:f6:92:2f:de:75:75:8f:ca:a5:f2:
+ a2:12:94:fb:e8:73:30:37:f1:7c:b5:4e:59:ab:71:
+ 73:26:80:9a:46:8d:49:94:b0:09:e5:27:10:34:9d:
+ c0:53:3b:fa:77:2e:06:c0:73:8e:0f:9a:1e:8c:27:
+ 32:0c:eb:f2:d2:0c:a7:52:48:c6:ee:12:21:15:e3:
+ 45:30:89:81:63:7f:bf:0a:5b:d1:05:c8:1c:fc:5f:
+ bb:b8:82:2a:92:3b:3a:ae:19:9d:e9:a7:62:7c:0a:
+ f2:c2:2a:e6:a8:d4:9b:0a:a8:a2:5a:ec:e5:a3:1a:
+ 73:e0:83:3d:d2:e8:74:a9:0b:b0:e4:b0:fd:fe:ad:
+ 1e:57:e8:0d:20:7c:aa:1f:31:69:b5:0d:8c:3f:1c:
+ 8d:dc:d3:71:5b:f1:04:6a:ae:b9:2d:a8:be:28:11:
+ f5:4b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ DB:92:49:8B:D9:27:41:85:16:AE:C9:CA:F6:8D:11:53:8B:EE:B0:5E
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-odfe-1, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 0f:83:fb:ba:2a:0d:aa:14:3f:3f:0b:00:be:f9:37:f4:7f:29:
+ 1e:21:4e:18:07:e0:ae:e1:84:f7:cf:a1:21:a5:36:ba:77:6c:
+ 0c:00:11:d5:7d:d8:31:b3:f5:cc:fd:6b:27:8f:99:5f:99:4c:
+ 57:88:d0:1a:e7:66:6b:8a:fd:d1:01:e3:88:37:91:8c:7b:e9:
+ e2:22:dd:80:62:64:9e:22:e7:25:b5:b9:89:45:e4:24:f5:19:
+ c0:5d:10:50:57:80:66:23:0c:b1:8e:bd:b3:f1:fa:95:7e:6f:
+ 04:d1:da:c2:e8:a1:b2:55:55:66:3a:bc:5b:71:50:8c:a8:56:
+ 86:f4:a9:9c:c7:4b:d6:91:73:8e:a9:93:ef:e0:85:5e:5c:53:
+ ae:b3:a7:a4:31:80:f3:b3:e4:03:ad:da:96:f0:14:7b:25:e4:
+ ff:68:9b:8f:28:cd:fc:94:05:5f:38:80:84:d6:f5:d4:b7:bd:
+ 43:79:bd:fb:f2:ce:30:73:01:e8:ee:ad:45:4a:ea:88:3f:d1:
+ a2:ef:22:f5:49:cc:d4:27:22:3c:bc:1f:50:81:58:5a:65:9d:
+ d6:14:3b:3f:b2:8f:90:35:2b:e7:1a:9b:58:db:96:06:9b:cf:
+ 44:0b:f5:9f:aa:57:28:3c:ab:70:fa:bc:93:90:d9:94:d7:fe:
+ 6f:fe:39:2a
+-----BEGIN CERTIFICATE-----
+MIIDlzCCAn+gAwIBAgIRAJfS0M8jAMCpZtEDyompkhIwDQYJKoZIhvcNAQELBQAw
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzI2WhcNMjMxMDE1
+MTA0NzI2WjAZMRcwFQYDVQQDDA5kc29jbGFiLW9kZmUtMTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAOVG9nHOoj9hXpvzxmGIh5kKrLjonTxfjGArQVs2
++zkKb6EWAjGsDb0O/5VZ2PEha72W1nt5AdFlHMoJIlAwAerttCm/tHAl27Md6XPt
+Y5MCTJAiBG0xdDGuhTwSjbP2ki/edXWPyqXyohKU++hzMDfxfLVOWatxcyaAmkaN
+SZSwCeUnEDSdwFM7+ncuBsBzjg+aHownMgzr8tIMp1JIxu4SIRXjRTCJgWN/vwpb
+0QXIHPxfu7iCKpI7Oq4ZnemnYnwK8sIq5qjUmwqoolrs5aMac+CDPdLodKkLsOSw
+/f6tHlfoDSB8qh8xabUNjD8cjdzTcVvxBGquuS2ovigR9UsCAwEAAaOB3DCB2TAJ
+BgNVHRMEAjAAMB0GA1UdDgQWBBTbkkmL2SdBhRauycr2jRFTi+6wXjBGBgNVHSME
+PzA9gBR5BspA05+aVK7TM03yOD62C/M9z6EapBgwFjEUMBIGA1UEAwwLU09DVE9P
+TFMtQ0GCCQCKdJMmgFtCtzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
+CwYDVR0PBAQDAgWgMDkGA1UdEQQyMDCCDmRzb2NsYWItb2RmZS0xgh5kc29jbGFi
+LmduNC0zLXdwOC1zb2Muc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggEBAA+D+7oq
+DaoUPz8LAL75N/R/KR4hThgH4K7hhPfPoSGlNrp3bAwAEdV92DGz9cz9ayePmV+Z
+TFeI0BrnZmuK/dEB44g3kYx76eIi3YBiZJ4i5yW1uYlF5CT1GcBdEFBXgGYjDLGO
+vbPx+pV+bwTR2sLoobJVVWY6vFtxUIyoVob0qZzHS9aRc46pk+/ghV5cU66zp6Qx
+gPOz5AOt2pbwFHsl5P9om48ozfyUBV84gITW9dS3vUN5vfvyzjBzAejurUVK6og/
+0aLvIvVJzNQnIjy8H1CBWFplndYUOz+yj5A1K+cam1jblgabz0QL9Z+qVyg8q3D6
+vJOQ2ZTX/m/+OSo=
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/A7217943DDD1145BC6F68CBA362CB35B.pem b/roles/ca/files/CA/certs_by_serial/A7217943DDD1145BC6F68CBA362CB35B.pem
new file mode 100644
index 0000000..4baf981
--- /dev/null
+++ b/roles/ca/files/CA/certs_by_serial/A7217943DDD1145BC6F68CBA362CB35B.pem
@@ -0,0 +1,84 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ a7:21:79:43:dd:d1:14:5b:c6:f6:8c:ba:36:2c:b3:5b
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:52 2020 GMT
+ Not After : Oct 15 10:47:52 2023 GMT
+ Subject: CN=Arne Oslebo
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:ce:4c:02:19:21:6e:1c:f2:ed:93:d8:fd:bc:1a:
+ a4:c2:11:3b:e1:55:73:e5:26:92:d3:d9:e8:a6:dd:
+ 7d:a2:1d:be:6a:7c:64:06:39:60:33:38:7d:6a:ca:
+ 89:9d:e5:11:58:21:69:f3:3a:88:5e:ea:e5:2e:e1:
+ 9d:bb:00:1f:59:19:69:4f:6b:32:3d:2f:1a:da:95:
+ 3d:99:95:53:9f:b2:ea:db:13:48:63:2d:4a:dc:0c:
+ 4b:a6:1c:4c:62:e2:d0:11:25:67:cb:80:52:02:e8:
+ f8:3b:3c:eb:cb:f4:71:03:5a:be:d9:a0:49:fe:d1:
+ 72:fe:4f:be:e1:ac:a1:ed:a5:15:06:f4:4e:c9:06:
+ ab:9b:92:c2:3e:b9:58:0c:f4:15:0e:04:c0:91:1b:
+ 85:73:9d:b6:97:a1:6c:70:0a:1a:a0:ce:4c:8d:ac:
+ 29:e4:c5:17:00:26:03:44:32:a8:7b:83:52:49:43:
+ 60:11:53:c8:1e:b8:eb:9f:1f:e3:13:54:81:77:c4:
+ 47:4a:2e:20:8d:48:8c:91:2e:e0:d4:e5:37:0b:5c:
+ bb:5f:40:37:92:e9:60:3b:a0:f9:98:7f:6d:b3:20:
+ 92:3c:da:8c:f0:79:81:f2:ea:77:ba:b4:7b:06:54:
+ 75:89:77:7e:ad:08:3a:ae:1e:dc:1c:11:63:08:43:
+ 14:97
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ BA:57:27:B7:A6:72:56:05:70:2F:E2:6E:47:CA:0F:2F:C4:26:44:86
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: sha256WithRSAEncryption
+ 53:30:05:cf:78:2f:0b:25:a1:64:0a:94:06:11:9b:a8:07:d3:
+ 5d:4f:0c:80:78:9c:cb:8e:07:d8:21:29:68:d0:ea:43:55:3f:
+ 14:18:dc:40:cc:a4:84:da:11:24:07:71:35:63:49:3e:bc:10:
+ 3a:93:cd:b8:61:22:e1:43:a8:d4:c5:2b:13:e4:27:62:00:f1:
+ c8:31:d0:27:05:27:6b:0e:77:df:1b:f0:e5:6e:d9:0b:8a:9a:
+ 0b:5f:97:20:2c:dd:e1:37:64:94:1a:9e:f7:a7:63:37:88:71:
+ 0e:57:a2:da:10:1f:2c:a3:a9:e1:40:01:48:58:74:2e:b3:11:
+ 8f:d1:21:30:49:b9:53:29:c5:92:85:85:6b:51:20:05:b4:c5:
+ af:b9:b2:9b:a3:50:1d:59:ac:fa:bf:33:57:61:f4:f1:c3:ee:
+ a2:9a:99:b2:04:de:8b:fc:d2:3c:58:38:ab:9d:d2:6d:f2:e3:
+ 0c:69:a5:76:78:df:ae:c9:67:0a:97:55:3d:f0:8f:5a:5e:de:
+ e6:56:1b:4e:66:c9:34:77:97:54:d4:66:e2:24:3c:f0:43:01:
+ 24:05:0c:32:a0:65:38:09:53:6c:0e:38:ea:7c:b1:d6:51:11:
+ 60:8f:28:9f:ab:13:d0:75:f3:93:13:f2:1e:a4:bd:18:ae:b0:
+ 0f:f6:29:d4
+-----BEGIN CERTIFICATE-----
+MIIDTzCCAjegAwIBAgIRAKcheUPd0RRbxvaMujYss1swDQYJKoZIhvcNAQELBQAw
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzUyWhcNMjMxMDE1
+MTA0NzUyWjAWMRQwEgYDVQQDDAtBcm5lIE9zbGVibzCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAM5MAhkhbhzy7ZPY/bwapMIRO+FVc+UmktPZ6KbdfaId
+vmp8ZAY5YDM4fWrKiZ3lEVghafM6iF7q5S7hnbsAH1kZaU9rMj0vGtqVPZmVU5+y
+6tsTSGMtStwMS6YcTGLi0BElZ8uAUgLo+Ds868v0cQNavtmgSf7Rcv5PvuGsoe2l
+FQb0TskGq5uSwj65WAz0FQ4EwJEbhXOdtpehbHAKGqDOTI2sKeTFFwAmA0QyqHuD
+UklDYBFTyB64658f4xNUgXfER0ouII1IjJEu4NTlNwtcu19AN5LpYDug+Zh/bbMg
+kjzajPB5gfLqd7q0ewZUdYl3fq0IOq4e3BwRYwhDFJcCAwEAAaOBlzCBlDAJBgNV
+HRMEAjAAMB0GA1UdDgQWBBS6Vye3pnJWBXAv4m5Hyg8vxCZEhjBGBgNVHSMEPzA9
+gBR5BspA05+aVK7TM03yOD62C/M9z6EapBgwFjEUMBIGA1UEAwwLU09DVE9PTFMt
+Q0GCCQCKdJMmgFtCtzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4Aw
+DQYJKoZIhvcNAQELBQADggEBAFMwBc94LwsloWQKlAYRm6gH011PDIB4nMuOB9gh
+KWjQ6kNVPxQY3EDMpITaESQHcTVjST68EDqTzbhhIuFDqNTFKxPkJ2IA8cgx0CcF
+J2sOd98b8OVu2QuKmgtflyAs3eE3ZJQanvenYzeIcQ5XotoQHyyjqeFAAUhYdC6z
+EY/RITBJuVMpxZKFhWtRIAW0xa+5spujUB1ZrPq/M1dh9PHD7qKambIE3ov80jxY
+OKud0m3y4wxppXZ4367JZwqXVT3wj1pe3uZWG05myTR3l1TUZuIkPPBDASQFDDKg
+ZTgJU2wOOOp8sdZREWCPKJ+rE9B185MT8h6kvRiusA/2KdQ=
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/D27B43CB9BFB09CFCC86EFD1019A42FC.pem b/roles/ca/files/CA/certs_by_serial/D27B43CB9BFB09CFCC86EFD1019A42FC.pem
new file mode 100644
index 0000000..5be39cb
--- /dev/null
+++ b/roles/ca/files/CA/certs_by_serial/D27B43CB9BFB09CFCC86EFD1019A42FC.pem
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ d2:7b:43:cb:9b:fb:09:cf:cc:86:ef:d1:01:9a:42:fc
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:30 2020 GMT
+ Not After : Oct 15 10:47:30 2023 GMT
+ Subject: CN=dsoclab-haproxy
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:c9:c7:22:33:0b:0b:0f:a0:8c:c4:a9:81:37:bd:
+ 51:2f:47:32:fa:1b:88:45:b1:bb:11:43:3d:de:b3:
+ 70:67:d7:8b:39:5a:8f:13:fb:2f:78:08:b1:b1:32:
+ c6:d1:0e:e4:d3:2e:3a:db:84:db:d2:65:6b:26:24:
+ 6c:d7:16:e5:a5:90:8e:02:46:13:02:0a:96:66:46:
+ 87:b7:b0:ee:56:4c:3c:d8:ae:4c:7d:ef:5b:aa:6e:
+ 01:8e:89:fe:4c:b9:de:6c:ba:e4:3f:8d:f8:d7:3a:
+ ed:b2:29:9a:5b:ac:5a:86:66:05:f3:19:2f:59:8d:
+ 7c:8b:6a:97:1e:43:8a:36:80:b2:e9:e1:84:f6:94:
+ bc:13:11:31:b8:d2:5a:72:ed:68:c3:b1:37:e4:5b:
+ 91:82:62:aa:13:f2:b6:e0:3a:aa:85:66:70:0a:a9:
+ ad:5c:a7:52:ff:dc:f9:99:5e:e5:15:d5:0c:fe:cd:
+ 27:cb:98:9e:5a:69:ca:71:74:31:e6:26:df:ec:d2:
+ 42:43:b9:f3:04:8e:2c:7a:28:a6:f9:8e:ba:64:3c:
+ 69:0e:ac:f5:dc:d5:f3:2a:50:47:50:d4:8c:f5:ee:
+ 31:08:73:69:1f:ae:42:1d:52:84:5d:47:68:dd:a3:
+ 1f:07:57:ec:3e:9e:0d:23:78:16:41:bc:68:f2:4f:
+ e9:19
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 49:DC:74:02:17:71:C3:D0:A0:64:31:9E:60:2B:B4:38:43:62:DE:98
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-haproxy, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 04:a0:71:31:d2:11:93:09:96:c8:1b:2a:31:b8:b9:34:07:ac:
+ 89:cb:b0:6c:b0:f0:17:5f:18:3c:a6:96:ca:b3:fa:c7:af:40:
+ 17:e1:7e:e4:dc:ee:fe:5c:dc:86:40:b7:2f:9d:c0:9e:fd:16:
+ 6b:85:ab:c2:a8:63:1f:fe:03:2b:89:6a:80:c9:2e:ae:cc:3d:
+ 19:75:32:0e:56:57:16:27:02:51:49:1d:b3:78:aa:57:d3:00:
+ 9b:93:fe:6d:a3:37:ad:26:35:57:e1:5f:90:bf:ef:30:bc:68:
+ f3:bf:7c:59:69:4f:61:30:2d:48:66:a6:44:2a:51:63:6e:4f:
+ a7:8f:96:7e:91:b2:b2:46:bc:97:1b:01:df:c0:24:5c:b2:aa:
+ 8d:20:3a:25:5d:8a:1c:84:53:0d:d4:f6:d5:81:5d:30:de:c4:
+ d7:fa:42:9c:79:68:92:56:b7:76:69:c6:c9:ad:07:47:a6:d2:
+ 46:d4:a5:0c:10:a9:03:21:4d:56:40:e5:28:e3:fa:70:1b:23:
+ 32:68:07:3d:d6:8a:3a:fb:6d:3b:a6:20:16:1b:09:f3:47:f0:
+ 2a:4f:dc:97:86:56:37:96:42:1b:89:b8:76:1a:ab:7a:25:4e:
+ e8:62:d9:a0:3b:ec:62:72:64:64:ca:87:9c:be:0a:08:09:52:
+ ab:03:89:2b
+-----BEGIN CERTIFICATE-----
+MIIDmTCCAoGgAwIBAgIRANJ7Q8ub+wnPzIbv0QGaQvwwDQYJKoZIhvcNAQELBQAw
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzMwWhcNMjMxMDE1
+MTA0NzMwWjAaMRgwFgYDVQQDDA9kc29jbGFiLWhhcHJveHkwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDJxyIzCwsPoIzEqYE3vVEvRzL6G4hFsbsRQz3e
+s3Bn14s5Wo8T+y94CLGxMsbRDuTTLjrbhNvSZWsmJGzXFuWlkI4CRhMCCpZmRoe3
+sO5WTDzYrkx971uqbgGOif5Mud5suuQ/jfjXOu2yKZpbrFqGZgXzGS9ZjXyLapce
+Q4o2gLLp4YT2lLwTETG40lpy7WjDsTfkW5GCYqoT8rbgOqqFZnAKqa1cp1L/3PmZ
+XuUV1Qz+zSfLmJ5aacpxdDHmJt/s0kJDufMEjix6KKb5jrpkPGkOrPXc1fMqUEdQ
+1Iz17jEIc2kfrkIdUoRdR2jdox8HV+w+ng0jeBZBvGjyT+kZAgMBAAGjgd0wgdow
+CQYDVR0TBAIwADAdBgNVHQ4EFgQUSdx0Ahdxw9CgZDGeYCu0OENi3pgwRgYDVR0j
+BD8wPYAUeQbKQNOfmlSu0zNN8jg+tgvzPc+hGqQYMBYxFDASBgNVBAMMC1NPQ1RP
+T0xTLUNBggkAinSTJoBbQrcwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
+MAsGA1UdDwQEAwIFoDA6BgNVHREEMzAxgg9kc29jbGFiLWhhcHJveHmCHmRzb2Ns
+YWIuZ240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEABKBx
+MdIRkwmWyBsqMbi5NAesicuwbLDwF18YPKaWyrP6x69AF+F+5Nzu/lzchkC3L53A
+nv0Wa4WrwqhjH/4DK4lqgMkursw9GXUyDlZXFicCUUkds3iqV9MAm5P+baM3rSY1
+V+FfkL/vMLxo8798WWlPYTAtSGamRCpRY25Pp4+WfpGyska8lxsB38AkXLKqjSA6
+JV2KHIRTDdT21YFdMN7E1/pCnHlokla3dmnGya0HR6bSRtSlDBCpAyFNVkDlKOP6
+cBsjMmgHPdaKOvttO6YgFhsJ80fwKk/cl4ZWN5ZCG4m4dhqreiVO6GLZoDvsYnJk
+ZMqHnL4KCAlSqwOJKw==
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/FE7583DEF2355A2C2BBA09720BD80948.pem b/roles/ca/files/CA/certs_by_serial/FE7583DEF2355A2C2BBA09720BD80948.pem
new file mode 100644
index 0000000..92b6893
--- /dev/null
+++ b/roles/ca/files/CA/certs_by_serial/FE7583DEF2355A2C2BBA09720BD80948.pem
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ fe:75:83:de:f2:35:5a:2c:2b:ba:09:72:0b:d8:09:48
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:28 2020 GMT
+ Not After : Oct 15 10:47:28 2023 GMT
+ Subject: CN=dsoclab-keycloak
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:ea:a9:ea:6b:2f:6c:9c:9f:6d:9c:89:4e:01:ba:
+ c6:c0:32:df:59:26:2b:95:f4:c2:3d:c8:7e:22:ce:
+ b6:78:03:e8:22:28:81:9c:9a:a6:a7:ba:fd:05:66:
+ a3:50:81:85:71:c1:d9:ea:bc:21:e1:5d:0a:87:7b:
+ be:55:b0:7d:01:57:de:4c:fe:3a:c5:c9:54:77:2e:
+ 15:fc:12:07:f8:ef:9f:7b:f7:09:01:70:75:53:3b:
+ dc:b1:0c:65:4d:49:c4:fb:1d:42:20:6f:81:45:42:
+ d3:db:1d:4c:57:1b:1d:3b:81:39:ee:b2:cf:95:4b:
+ 29:d0:a8:39:98:d6:93:36:99:bf:c5:43:26:8d:4d:
+ db:6d:24:3b:fc:16:76:a1:fd:6f:c6:19:11:c7:12:
+ 0d:80:16:4c:88:da:2c:09:78:3d:1b:7c:6c:ec:db:
+ 9e:01:50:5f:a3:56:7f:d4:3b:a4:26:d2:6d:42:7b:
+ 88:4e:8d:64:ed:1e:1a:0e:05:58:65:58:47:83:60:
+ 9e:b4:ed:15:ce:72:4f:a0:b5:22:dd:9f:a4:da:88:
+ 86:fe:cb:84:6e:72:3d:00:42:da:8b:85:2a:f2:ef:
+ d7:ee:bb:85:42:ba:b9:fb:d9:9d:d2:2c:58:0f:7c:
+ 02:23:b7:46:d0:69:06:37:40:9d:58:74:89:ca:b7:
+ 12:e5
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ FD:C5:77:F8:79:AD:0A:7E:6A:A0:2E:3B:58:6A:9F:43:51:55:0B:DF
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-keycloak, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 9a:c0:35:a3:68:ec:ec:cc:c3:65:5a:bf:03:d0:ee:8d:a0:41:
+ db:6d:89:3e:97:d4:90:7d:63:8e:73:37:43:ae:9a:e2:d0:2b:
+ a7:5e:b2:88:9b:4d:8f:b6:81:bf:f6:46:a0:87:ca:77:ec:5c:
+ af:cd:6b:d8:e8:60:5a:aa:86:be:64:d5:ad:e9:1e:41:7b:6a:
+ df:01:1d:16:86:94:57:82:51:91:be:6b:d6:ae:f0:b9:8c:3d:
+ 11:99:c4:93:eb:f7:fa:9e:a3:e3:f8:97:19:cf:63:55:6a:6e:
+ 4f:e9:a2:64:a7:35:0d:7e:68:23:89:e1:c6:06:4b:34:67:38:
+ 40:d1:81:b3:73:95:3a:3b:67:d2:5a:e4:8e:49:34:b1:ab:6f:
+ b6:60:87:ac:55:5d:f5:59:c0:d5:d3:d8:de:3b:76:c9:41:28:
+ b4:d7:23:ec:a2:3f:1d:3f:74:2e:f0:45:40:35:38:d1:06:50:
+ b2:93:45:df:de:33:5e:0b:89:86:d8:c9:14:61:1c:d2:94:21:
+ 1f:bf:df:32:f0:2f:91:52:b0:08:b7:b9:c2:b7:55:2b:ca:05:
+ e4:eb:91:e1:63:45:5d:1a:6f:e8:76:07:89:e8:42:3e:ec:7b:
+ 51:0e:a0:d5:8e:c3:3d:26:e3:45:b0:5b:61:d1:98:3b:c3:d4:
+ 37:9f:c1:7c
+-----BEGIN CERTIFICATE-----
+MIIDmzCCAoOgAwIBAgIRAP51g97yNVosK7oJcgvYCUgwDQYJKoZIhvcNAQELBQAw
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzI4WhcNMjMxMDE1
+MTA0NzI4WjAbMRkwFwYDVQQDDBBkc29jbGFiLWtleWNsb2FrMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6qnqay9snJ9tnIlOAbrGwDLfWSYrlfTCPch+
+Is62eAPoIiiBnJqmp7r9BWajUIGFccHZ6rwh4V0Kh3u+VbB9AVfeTP46xclUdy4V
+/BIH+O+fe/cJAXB1UzvcsQxlTUnE+x1CIG+BRULT2x1MVxsdO4E57rLPlUsp0Kg5
+mNaTNpm/xUMmjU3bbSQ7/BZ2of1vxhkRxxINgBZMiNosCXg9G3xs7NueAVBfo1Z/
+1DukJtJtQnuITo1k7R4aDgVYZVhHg2CetO0VznJPoLUi3Z+k2oiG/suEbnI9AELa
+i4Uq8u/X7ruFQrq5+9md0ixYD3wCI7dG0GkGN0CdWHSJyrcS5QIDAQABo4HeMIHb
+MAkGA1UdEwQCMAAwHQYDVR0OBBYEFP3Fd/h5rQp+aqAuO1hqn0NRVQvfMEYGA1Ud
+IwQ/MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NU
+T09MUy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD
+AjALBgNVHQ8EBAMCBaAwOwYDVR0RBDQwMoIQZHNvY2xhYi1rZXljbG9ha4IeZHNv
+Y2xhYi5nbjQtMy13cDgtc29jLnN1bmV0LnNlMA0GCSqGSIb3DQEBCwUAA4IBAQCa
+wDWjaOzszMNlWr8D0O6NoEHbbYk+l9SQfWOOczdDrpri0CunXrKIm02PtoG/9kag
+h8p37FyvzWvY6GBaqoa+ZNWt6R5Be2rfAR0WhpRXglGRvmvWrvC5jD0RmcST6/f6
+nqPj+JcZz2NVam5P6aJkpzUNfmgjieHGBks0ZzhA0YGzc5U6O2fSWuSOSTSxq2+2
+YIesVV31WcDV09jeO3bJQSi01yPsoj8dP3Qu8EVANTjRBlCyk0Xf3jNeC4mG2MkU
+YRzSlCEfv98y8C+RUrAIt7nCt1UrygXk65HhY0VdGm/odgeJ6EI+7HtRDqDVjsM9
+JuNFsFth0Zg7w9Q3n8F8
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/extensions.temp b/roles/ca/files/CA/extensions.temp
new file mode 100644
index 0000000..5680ec9
--- /dev/null
+++ b/roles/ca/files/CA/extensions.temp
@@ -0,0 +1,15 @@
+# X509 extensions added to every signed cert
+
+# This file is included for every cert signed, and by default does nothing.
+# It could be used to add values every cert should have, such as a CDP as
+# demonstrated in the following example:
+
+#crlDistributionPoints = URI:http://example.net/pki/my_ca.crl
+# X509 extensions for a client
+
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+extendedKeyUsage = clientAuth
+keyUsage = digitalSignature
+
diff --git a/roles/ca/files/CA/index.txt b/roles/ca/files/CA/index.txt
new file mode 100644
index 0000000..221d42d
--- /dev/null
+++ b/roles/ca/files/CA/index.txt
@@ -0,0 +1,13 @@
+V 231015104725Z 01EC4DAD3E5E47CF4E4B98495932B337 unknown /CN=dsoclab-nifi-1
+V 231015104725Z 8B69055F8586CEDD21660B2493412660 unknown /CN=dsoclab-nifi-2
+V 231015104726Z 5969918F10EF8D2BAE46B26D6D629D8E unknown /CN=dsoclab-nifi-3
+V 231015104726Z 97D2D0CF2300C0A966D103CA89A99212 unknown /CN=dsoclab-odfe-1
+V 231015104727Z 560A99C5A03FC4B9FC92FDC62F419BB9 unknown /CN=dsoclab-odfe-2
+V 231015104727Z 7DFC33457573E8F16094A74E6B2F23F1 unknown /CN=dsoclab-kibana
+V 231015104728Z FE7583DEF2355A2C2BBA09720BD80948 unknown /CN=dsoclab-keycloak
+V 231015104728Z 7587FCE4CF3EC68117199076B12CD5D2 unknown /CN=dsoclab-misp
+V 231015104729Z 61095C2C8D35EE291C99CEABD42B3CA4 unknown /CN=dsoclab-thehive
+V 231015104729Z 5DC4BC495FA076A813A4C23261640D92 unknown /CN=dsoclab-cortex
+V 231015104730Z D27B43CB9BFB09CFCC86EFD1019A42FC unknown /CN=dsoclab-haproxy
+V 231015104752Z 1DD9AF5415359961C578D1B98BFA6E9F unknown /CN=Bozidar Proevski
+V 231015104752Z A7217943DDD1145BC6F68CBA362CB35B unknown /CN=Arne Oslebo
diff --git a/roles/ca/files/CA/index.txt.attr b/roles/ca/files/CA/index.txt.attr
new file mode 100644
index 0000000..3a7e39e
--- /dev/null
+++ b/roles/ca/files/CA/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = no
diff --git a/roles/ca/files/CA/index.txt.attr.old b/roles/ca/files/CA/index.txt.attr.old
new file mode 100644
index 0000000..3a7e39e
--- /dev/null
+++ b/roles/ca/files/CA/index.txt.attr.old
@@ -0,0 +1 @@
+unique_subject = no
diff --git a/roles/ca/files/CA/index.txt.old b/roles/ca/files/CA/index.txt.old
new file mode 100644
index 0000000..022f254
--- /dev/null
+++ b/roles/ca/files/CA/index.txt.old
@@ -0,0 +1,12 @@
+V 231015104725Z 01EC4DAD3E5E47CF4E4B98495932B337 unknown /CN=dsoclab-nifi-1
+V 231015104725Z 8B69055F8586CEDD21660B2493412660 unknown /CN=dsoclab-nifi-2
+V 231015104726Z 5969918F10EF8D2BAE46B26D6D629D8E unknown /CN=dsoclab-nifi-3
+V 231015104726Z 97D2D0CF2300C0A966D103CA89A99212 unknown /CN=dsoclab-odfe-1
+V 231015104727Z 560A99C5A03FC4B9FC92FDC62F419BB9 unknown /CN=dsoclab-odfe-2
+V 231015104727Z 7DFC33457573E8F16094A74E6B2F23F1 unknown /CN=dsoclab-kibana
+V 231015104728Z FE7583DEF2355A2C2BBA09720BD80948 unknown /CN=dsoclab-keycloak
+V 231015104728Z 7587FCE4CF3EC68117199076B12CD5D2 unknown /CN=dsoclab-misp
+V 231015104729Z 61095C2C8D35EE291C99CEABD42B3CA4 unknown /CN=dsoclab-thehive
+V 231015104729Z 5DC4BC495FA076A813A4C23261640D92 unknown /CN=dsoclab-cortex
+V 231015104730Z D27B43CB9BFB09CFCC86EFD1019A42FC unknown /CN=dsoclab-haproxy
+V 231015104752Z 1DD9AF5415359961C578D1B98BFA6E9F unknown /CN=Bozidar Proevski
diff --git a/roles/ca/files/CA/issued/Arne Oslebo.crt b/roles/ca/files/CA/issued/Arne Oslebo.crt
new file mode 100644
index 0000000..4baf981
--- /dev/null
+++ b/roles/ca/files/CA/issued/Arne Oslebo.crt
@@ -0,0 +1,84 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ a7:21:79:43:dd:d1:14:5b:c6:f6:8c:ba:36:2c:b3:5b
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:52 2020 GMT
+ Not After : Oct 15 10:47:52 2023 GMT
+ Subject: CN=Arne Oslebo
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:ce:4c:02:19:21:6e:1c:f2:ed:93:d8:fd:bc:1a:
+ a4:c2:11:3b:e1:55:73:e5:26:92:d3:d9:e8:a6:dd:
+ 7d:a2:1d:be:6a:7c:64:06:39:60:33:38:7d:6a:ca:
+ 89:9d:e5:11:58:21:69:f3:3a:88:5e:ea:e5:2e:e1:
+ 9d:bb:00:1f:59:19:69:4f:6b:32:3d:2f:1a:da:95:
+ 3d:99:95:53:9f:b2:ea:db:13:48:63:2d:4a:dc:0c:
+ 4b:a6:1c:4c:62:e2:d0:11:25:67:cb:80:52:02:e8:
+ f8:3b:3c:eb:cb:f4:71:03:5a:be:d9:a0:49:fe:d1:
+ 72:fe:4f:be:e1:ac:a1:ed:a5:15:06:f4:4e:c9:06:
+ ab:9b:92:c2:3e:b9:58:0c:f4:15:0e:04:c0:91:1b:
+ 85:73:9d:b6:97:a1:6c:70:0a:1a:a0:ce:4c:8d:ac:
+ 29:e4:c5:17:00:26:03:44:32:a8:7b:83:52:49:43:
+ 60:11:53:c8:1e:b8:eb:9f:1f:e3:13:54:81:77:c4:
+ 47:4a:2e:20:8d:48:8c:91:2e:e0:d4:e5:37:0b:5c:
+ bb:5f:40:37:92:e9:60:3b:a0:f9:98:7f:6d:b3:20:
+ 92:3c:da:8c:f0:79:81:f2:ea:77:ba:b4:7b:06:54:
+ 75:89:77:7e:ad:08:3a:ae:1e:dc:1c:11:63:08:43:
+ 14:97
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ BA:57:27:B7:A6:72:56:05:70:2F:E2:6E:47:CA:0F:2F:C4:26:44:86
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: sha256WithRSAEncryption
+ 53:30:05:cf:78:2f:0b:25:a1:64:0a:94:06:11:9b:a8:07:d3:
+ 5d:4f:0c:80:78:9c:cb:8e:07:d8:21:29:68:d0:ea:43:55:3f:
+ 14:18:dc:40:cc:a4:84:da:11:24:07:71:35:63:49:3e:bc:10:
+ 3a:93:cd:b8:61:22:e1:43:a8:d4:c5:2b:13:e4:27:62:00:f1:
+ c8:31:d0:27:05:27:6b:0e:77:df:1b:f0:e5:6e:d9:0b:8a:9a:
+ 0b:5f:97:20:2c:dd:e1:37:64:94:1a:9e:f7:a7:63:37:88:71:
+ 0e:57:a2:da:10:1f:2c:a3:a9:e1:40:01:48:58:74:2e:b3:11:
+ 8f:d1:21:30:49:b9:53:29:c5:92:85:85:6b:51:20:05:b4:c5:
+ af:b9:b2:9b:a3:50:1d:59:ac:fa:bf:33:57:61:f4:f1:c3:ee:
+ a2:9a:99:b2:04:de:8b:fc:d2:3c:58:38:ab:9d:d2:6d:f2:e3:
+ 0c:69:a5:76:78:df:ae:c9:67:0a:97:55:3d:f0:8f:5a:5e:de:
+ e6:56:1b:4e:66:c9:34:77:97:54:d4:66:e2:24:3c:f0:43:01:
+ 24:05:0c:32:a0:65:38:09:53:6c:0e:38:ea:7c:b1:d6:51:11:
+ 60:8f:28:9f:ab:13:d0:75:f3:93:13:f2:1e:a4:bd:18:ae:b0:
+ 0f:f6:29:d4
+-----BEGIN CERTIFICATE-----
+MIIDTzCCAjegAwIBAgIRAKcheUPd0RRbxvaMujYss1swDQYJKoZIhvcNAQELBQAw
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzUyWhcNMjMxMDE1
+MTA0NzUyWjAWMRQwEgYDVQQDDAtBcm5lIE9zbGVibzCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAM5MAhkhbhzy7ZPY/bwapMIRO+FVc+UmktPZ6KbdfaId
+vmp8ZAY5YDM4fWrKiZ3lEVghafM6iF7q5S7hnbsAH1kZaU9rMj0vGtqVPZmVU5+y
+6tsTSGMtStwMS6YcTGLi0BElZ8uAUgLo+Ds868v0cQNavtmgSf7Rcv5PvuGsoe2l
+FQb0TskGq5uSwj65WAz0FQ4EwJEbhXOdtpehbHAKGqDOTI2sKeTFFwAmA0QyqHuD
+UklDYBFTyB64658f4xNUgXfER0ouII1IjJEu4NTlNwtcu19AN5LpYDug+Zh/bbMg
+kjzajPB5gfLqd7q0ewZUdYl3fq0IOq4e3BwRYwhDFJcCAwEAAaOBlzCBlDAJBgNV
+HRMEAjAAMB0GA1UdDgQWBBS6Vye3pnJWBXAv4m5Hyg8vxCZEhjBGBgNVHSMEPzA9
+gBR5BspA05+aVK7TM03yOD62C/M9z6EapBgwFjEUMBIGA1UEAwwLU09DVE9PTFMt
+Q0GCCQCKdJMmgFtCtzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4Aw
+DQYJKoZIhvcNAQELBQADggEBAFMwBc94LwsloWQKlAYRm6gH011PDIB4nMuOB9gh
+KWjQ6kNVPxQY3EDMpITaESQHcTVjST68EDqTzbhhIuFDqNTFKxPkJ2IA8cgx0CcF
+J2sOd98b8OVu2QuKmgtflyAs3eE3ZJQanvenYzeIcQ5XotoQHyyjqeFAAUhYdC6z
+EY/RITBJuVMpxZKFhWtRIAW0xa+5spujUB1ZrPq/M1dh9PHD7qKambIE3ov80jxY
+OKud0m3y4wxppXZ4367JZwqXVT3wj1pe3uZWG05myTR3l1TUZuIkPPBDASQFDDKg
+ZTgJU2wOOOp8sdZREWCPKJ+rE9B185MT8h6kvRiusA/2KdQ=
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/Bozidar Proevski.crt b/roles/ca/files/CA/issued/Bozidar Proevski.crt
new file mode 100644
index 0000000..af57c1e
--- /dev/null
+++ b/roles/ca/files/CA/issued/Bozidar Proevski.crt
@@ -0,0 +1,84 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 1d:d9:af:54:15:35:99:61:c5:78:d1:b9:8b:fa:6e:9f
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:52 2020 GMT
+ Not After : Oct 15 10:47:52 2023 GMT
+ Subject: CN=Bozidar Proevski
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:9a:de:00:fd:f1:e9:b9:29:d9:58:d0:47:21:cf:
+ 4b:67:17:f7:a9:02:93:17:cf:57:5b:6f:db:26:90:
+ 30:09:0b:d9:c5:66:5e:f6:22:66:ab:48:06:aa:6c:
+ 88:b3:fd:93:45:a4:60:c9:5f:2b:6c:af:db:68:5e:
+ 27:e6:85:71:27:b7:20:52:61:df:14:1b:da:06:39:
+ b2:21:20:4b:22:48:b7:4b:76:44:02:b1:89:5f:0e:
+ 59:22:cb:b9:c9:1e:8d:a0:ac:28:5d:e5:ae:c8:ea:
+ cc:05:20:a2:60:11:12:8d:6d:88:0a:73:e8:7c:68:
+ 9c:48:2c:c9:a8:c6:9d:c3:3c:c1:e7:f4:07:f7:5b:
+ 6e:42:3d:3d:0f:85:6f:e2:b9:88:a9:d0:02:84:b8:
+ 19:6a:ae:13:a1:97:50:98:16:c8:0c:1b:bd:02:c8:
+ 5f:a3:2f:73:7e:25:f8:8c:e7:92:43:c7:6a:75:bc:
+ 85:ea:1c:47:28:ce:2c:9b:3a:8f:a8:07:e9:8c:8a:
+ 75:3e:c1:97:32:ce:e3:c5:ca:1e:0a:d7:3c:77:0a:
+ d2:ab:51:c3:e5:dc:37:90:1a:35:bf:a0:4a:aa:bd:
+ 38:ef:9e:6d:f8:81:37:7f:d3:77:23:c6:5b:63:98:
+ 64:07:2f:47:fd:7d:21:2f:57:c2:d8:44:00:c2:29:
+ 22:79
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ A3:9F:29:21:E0:E5:18:E4:CB:4C:2D:7F:84:2F:AF:F2:49:F0:83:3A
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: sha256WithRSAEncryption
+ ad:cb:66:5d:b7:29:e5:19:7b:7c:ae:23:50:58:34:db:c9:79:
+ 39:de:57:83:34:03:6d:bc:bf:e2:31:79:9d:2b:a2:7a:e0:c4:
+ c8:19:96:e0:20:f3:05:2a:a6:f4:b8:90:c4:ea:8d:5e:86:e1:
+ 13:99:59:0f:da:c8:3d:96:0d:78:04:4f:26:9c:6a:7c:8e:50:
+ 5a:30:f1:37:dc:26:99:28:35:f8:25:b9:4b:f8:d2:f0:d3:b5:
+ 61:32:c9:9c:43:39:21:43:c1:de:0d:4d:8e:e5:6f:a1:58:e5:
+ 01:84:d6:a5:de:88:2a:55:9f:ec:de:be:b1:13:61:33:dd:50:
+ 19:89:dd:11:48:5e:c2:14:8d:69:8f:a9:43:73:80:71:8f:54:
+ ba:da:74:b4:26:ec:5b:82:88:84:90:6d:f7:58:3f:78:d3:20:
+ 5b:c3:9b:82:85:b7:ef:98:12:4f:ba:e8:38:f3:8c:af:85:91:
+ 66:40:fe:a9:b2:fd:d6:76:ad:70:b7:b5:33:88:64:31:97:81:
+ d9:c6:ec:47:9b:af:3f:31:c8:de:0c:cc:88:3d:b7:6f:6f:19:
+ 24:f1:ae:ff:de:95:31:3f:38:e5:ed:a1:e1:e4:6b:54:1f:26:
+ b8:53:79:cf:fe:89:ba:bc:35:a1:bc:2f:8a:07:a2:eb:0d:90:
+ 72:ad:8a:60
+-----BEGIN CERTIFICATE-----
+MIIDUzCCAjugAwIBAgIQHdmvVBU1mWHFeNG5i/punzANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3NTJaFw0yMzEwMTUx
+MDQ3NTJaMBsxGTAXBgNVBAMMEEJvemlkYXIgUHJvZXZza2kwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQCa3gD98em5KdlY0Echz0tnF/epApMXz1dbb9sm
+kDAJC9nFZl72ImarSAaqbIiz/ZNFpGDJXytsr9toXifmhXEntyBSYd8UG9oGObIh
+IEsiSLdLdkQCsYlfDlkiy7nJHo2grChd5a7I6swFIKJgERKNbYgKc+h8aJxILMmo
+xp3DPMHn9Af3W25CPT0PhW/iuYip0AKEuBlqrhOhl1CYFsgMG70CyF+jL3N+JfiM
+55JDx2p1vIXqHEcoziybOo+oB+mMinU+wZcyzuPFyh4K1zx3CtKrUcPl3DeQGjW/
+oEqqvTjvnm34gTd/03cjxltjmGQHL0f9fSEvV8LYRADCKSJ5AgMBAAGjgZcwgZQw
+CQYDVR0TBAIwADAdBgNVHQ4EFgQUo58pIeDlGOTLTC1/hC+v8knwgzowRgYDVR0j
+BD8wPYAUeQbKQNOfmlSu0zNN8jg+tgvzPc+hGqQYMBYxFDASBgNVBAMMC1NPQ1RP
+T0xTLUNBggkAinSTJoBbQrcwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQD
+AgeAMA0GCSqGSIb3DQEBCwUAA4IBAQCty2ZdtynlGXt8riNQWDTbyXk53leDNANt
+vL/iMXmdK6J64MTIGZbgIPMFKqb0uJDE6o1ehuETmVkP2sg9lg14BE8mnGp8jlBa
+MPE33CaZKDX4JblL+NLw07VhMsmcQzkhQ8HeDU2O5W+hWOUBhNal3ogqVZ/s3r6x
+E2Ez3VAZid0RSF7CFI1pj6lDc4Bxj1S62nS0JuxbgoiEkG33WD940yBbw5uChbfv
+mBJPuug484yvhZFmQP6psv3Wdq1wt7UziGQxl4HZxuxHm68/McjeDMyIPbdvbxkk
+8a7/3pUxPzjl7aHh5GtUHya4U3nP/om6vDWhvC+KB6LrDZByrYpg
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/dsoclab-cortex.crt b/roles/ca/files/CA/issued/dsoclab-cortex.crt
new file mode 100644
index 0000000..a743bd0
--- /dev/null
+++ b/roles/ca/files/CA/issued/dsoclab-cortex.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 5d:c4:bc:49:5f:a0:76:a8:13:a4:c2:32:61:64:0d:92
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:29 2020 GMT
+ Not After : Oct 15 10:47:29 2023 GMT
+ Subject: CN=dsoclab-cortex
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:cd:09:6b:14:33:4a:47:75:5b:d3:d9:67:3b:4d:
+ ad:1f:a7:1f:33:ab:86:b1:aa:3b:09:ab:1a:a6:fb:
+ a0:60:04:e3:68:33:0e:85:54:d1:70:61:8a:b9:d5:
+ d6:b5:6c:c2:b3:36:02:94:b7:1d:18:93:5f:88:81:
+ ff:2a:f4:99:58:6d:d7:96:e2:d2:64:77:b9:74:44:
+ 3c:f0:fb:5b:0f:43:7d:38:5d:fe:b0:db:05:7a:a9:
+ c5:10:24:75:13:c8:2d:da:69:be:e3:43:33:f0:28:
+ 30:9a:53:f8:f8:d3:10:32:35:ec:1d:87:ab:1e:2c:
+ b5:00:7c:9f:8f:61:e0:5d:56:15:8c:46:45:09:78:
+ 02:78:10:c0:af:2f:25:6c:c2:5b:ed:5f:c1:33:0b:
+ f8:c8:13:dc:df:c3:fc:05:90:ff:06:9e:cb:bc:1d:
+ 2b:c2:57:f2:bd:aa:22:b3:4b:f5:ca:b2:b8:00:18:
+ f1:14:10:b8:5e:69:9f:ed:fc:04:83:d9:2e:b7:9a:
+ 8a:45:1c:54:71:8f:61:02:6a:8a:84:2f:67:df:92:
+ 3a:0c:5f:e5:b6:e7:6c:27:69:1f:5b:06:d6:7f:e6:
+ df:ab:2f:31:a5:cd:63:32:60:c0:07:50:6c:0d:39:
+ cb:68:ae:3c:b2:da:0f:20:06:77:2c:28:ab:3a:30:
+ 92:1b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 9A:0E:E1:26:13:A7:12:5F:A4:F1:41:C0:09:FC:AD:EB:4E:66:C2:50
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-cortex, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 27:2e:a1:0c:8d:fb:b1:36:ff:4e:ac:00:91:75:81:4b:20:79:
+ 3f:da:1c:e1:80:b9:8c:6b:60:47:a5:8c:bf:1f:34:98:61:95:
+ 00:bb:79:d4:9e:c8:fb:dc:fb:6a:48:b2:69:d1:1a:04:cc:52:
+ ca:0b:48:01:3e:94:1e:68:0b:e3:4d:fa:12:c4:aa:ff:b6:5b:
+ 0c:3c:80:21:fe:50:87:8a:14:3a:7d:e7:a3:5e:b6:dc:22:ba:
+ cc:97:69:00:a8:78:08:dd:66:d1:cb:ca:28:41:b9:cc:8a:6b:
+ 7c:40:b7:5e:1d:a1:88:5a:b3:fd:18:77:e9:c4:48:fd:38:8f:
+ 06:6e:78:0e:f1:1a:1b:b2:6c:0a:df:38:11:e3:5a:3d:2a:5b:
+ de:41:63:14:ab:25:8e:a6:9f:a8:b7:32:9e:dc:23:45:f3:6b:
+ 6d:86:b7:17:b3:53:df:55:bd:cb:41:a1:b7:73:ae:21:1b:68:
+ b3:b1:0a:e5:e6:0c:2a:77:76:23:f3:87:ee:5f:0e:6d:cd:3b:
+ 94:9a:6f:f2:fd:4f:2d:72:a3:21:94:55:c0:4a:6c:2b:13:e3:
+ 82:13:a5:1f:82:6b:ae:6e:e2:ec:eb:7a:25:6a:f2:9e:45:d7:
+ 0a:7d:75:be:9d:f7:94:6f:ce:a5:27:d6:9b:dc:d2:12:54:64:
+ 09:c4:f6:a9
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIQXcS8SV+gdqgTpMIyYWQNkjANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjlaFw0yMzEwMTUx
+MDQ3MjlaMBkxFzAVBgNVBAMMDmRzb2NsYWItY29ydGV4MIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAzQlrFDNKR3Vb09lnO02tH6cfM6uGsao7Casapvug
+YATjaDMOhVTRcGGKudXWtWzCszYClLcdGJNfiIH/KvSZWG3XluLSZHe5dEQ88Ptb
+D0N9OF3+sNsFeqnFECR1E8gt2mm+40Mz8CgwmlP4+NMQMjXsHYerHiy1AHyfj2Hg
+XVYVjEZFCXgCeBDAry8lbMJb7V/BMwv4yBPc38P8BZD/Bp7LvB0rwlfyvaois0v1
+yrK4ABjxFBC4Xmmf7fwEg9kut5qKRRxUcY9hAmqKhC9n35I6DF/ltudsJ2kfWwbW
+f+bfqy8xpc1jMmDAB1BsDTnLaK48stoPIAZ3LCirOjCSGwIDAQABo4HcMIHZMAkG
+A1UdEwQCMAAwHQYDVR0OBBYEFJoO4SYTpxJfpPFBwAn8retOZsJQMEYGA1UdIwQ/
+MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
+Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
+BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1jb3J0ZXiCHmRzb2NsYWIu
+Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEAJy6hDI37
+sTb/TqwAkXWBSyB5P9oc4YC5jGtgR6WMvx80mGGVALt51J7I+9z7akiyadEaBMxS
+ygtIAT6UHmgL4036EsSq/7ZbDDyAIf5Qh4oUOn3no1623CK6zJdpAKh4CN1m0cvK
+KEG5zIprfEC3Xh2hiFqz/Rh36cRI/TiPBm54DvEaG7JsCt84EeNaPSpb3kFjFKsl
+jqafqLcyntwjRfNrbYa3F7NT31W9y0Ght3OuIRtos7EK5eYMKnd2I/OH7l8Obc07
+lJpv8v1PLXKjIZRVwEpsKxPjghOlH4Jrrm7i7Ot6JWrynkXXCn11vp33lG/OpSfW
+m9zSElRkCcT2qQ==
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/dsoclab-haproxy.crt b/roles/ca/files/CA/issued/dsoclab-haproxy.crt
new file mode 100644
index 0000000..5be39cb
--- /dev/null
+++ b/roles/ca/files/CA/issued/dsoclab-haproxy.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ d2:7b:43:cb:9b:fb:09:cf:cc:86:ef:d1:01:9a:42:fc
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:30 2020 GMT
+ Not After : Oct 15 10:47:30 2023 GMT
+ Subject: CN=dsoclab-haproxy
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:c9:c7:22:33:0b:0b:0f:a0:8c:c4:a9:81:37:bd:
+ 51:2f:47:32:fa:1b:88:45:b1:bb:11:43:3d:de:b3:
+ 70:67:d7:8b:39:5a:8f:13:fb:2f:78:08:b1:b1:32:
+ c6:d1:0e:e4:d3:2e:3a:db:84:db:d2:65:6b:26:24:
+ 6c:d7:16:e5:a5:90:8e:02:46:13:02:0a:96:66:46:
+ 87:b7:b0:ee:56:4c:3c:d8:ae:4c:7d:ef:5b:aa:6e:
+ 01:8e:89:fe:4c:b9:de:6c:ba:e4:3f:8d:f8:d7:3a:
+ ed:b2:29:9a:5b:ac:5a:86:66:05:f3:19:2f:59:8d:
+ 7c:8b:6a:97:1e:43:8a:36:80:b2:e9:e1:84:f6:94:
+ bc:13:11:31:b8:d2:5a:72:ed:68:c3:b1:37:e4:5b:
+ 91:82:62:aa:13:f2:b6:e0:3a:aa:85:66:70:0a:a9:
+ ad:5c:a7:52:ff:dc:f9:99:5e:e5:15:d5:0c:fe:cd:
+ 27:cb:98:9e:5a:69:ca:71:74:31:e6:26:df:ec:d2:
+ 42:43:b9:f3:04:8e:2c:7a:28:a6:f9:8e:ba:64:3c:
+ 69:0e:ac:f5:dc:d5:f3:2a:50:47:50:d4:8c:f5:ee:
+ 31:08:73:69:1f:ae:42:1d:52:84:5d:47:68:dd:a3:
+ 1f:07:57:ec:3e:9e:0d:23:78:16:41:bc:68:f2:4f:
+ e9:19
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 49:DC:74:02:17:71:C3:D0:A0:64:31:9E:60:2B:B4:38:43:62:DE:98
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-haproxy, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 04:a0:71:31:d2:11:93:09:96:c8:1b:2a:31:b8:b9:34:07:ac:
+ 89:cb:b0:6c:b0:f0:17:5f:18:3c:a6:96:ca:b3:fa:c7:af:40:
+ 17:e1:7e:e4:dc:ee:fe:5c:dc:86:40:b7:2f:9d:c0:9e:fd:16:
+ 6b:85:ab:c2:a8:63:1f:fe:03:2b:89:6a:80:c9:2e:ae:cc:3d:
+ 19:75:32:0e:56:57:16:27:02:51:49:1d:b3:78:aa:57:d3:00:
+ 9b:93:fe:6d:a3:37:ad:26:35:57:e1:5f:90:bf:ef:30:bc:68:
+ f3:bf:7c:59:69:4f:61:30:2d:48:66:a6:44:2a:51:63:6e:4f:
+ a7:8f:96:7e:91:b2:b2:46:bc:97:1b:01:df:c0:24:5c:b2:aa:
+ 8d:20:3a:25:5d:8a:1c:84:53:0d:d4:f6:d5:81:5d:30:de:c4:
+ d7:fa:42:9c:79:68:92:56:b7:76:69:c6:c9:ad:07:47:a6:d2:
+ 46:d4:a5:0c:10:a9:03:21:4d:56:40:e5:28:e3:fa:70:1b:23:
+ 32:68:07:3d:d6:8a:3a:fb:6d:3b:a6:20:16:1b:09:f3:47:f0:
+ 2a:4f:dc:97:86:56:37:96:42:1b:89:b8:76:1a:ab:7a:25:4e:
+ e8:62:d9:a0:3b:ec:62:72:64:64:ca:87:9c:be:0a:08:09:52:
+ ab:03:89:2b
+-----BEGIN CERTIFICATE-----
+MIIDmTCCAoGgAwIBAgIRANJ7Q8ub+wnPzIbv0QGaQvwwDQYJKoZIhvcNAQELBQAw
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzMwWhcNMjMxMDE1
+MTA0NzMwWjAaMRgwFgYDVQQDDA9kc29jbGFiLWhhcHJveHkwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDJxyIzCwsPoIzEqYE3vVEvRzL6G4hFsbsRQz3e
+s3Bn14s5Wo8T+y94CLGxMsbRDuTTLjrbhNvSZWsmJGzXFuWlkI4CRhMCCpZmRoe3
+sO5WTDzYrkx971uqbgGOif5Mud5suuQ/jfjXOu2yKZpbrFqGZgXzGS9ZjXyLapce
+Q4o2gLLp4YT2lLwTETG40lpy7WjDsTfkW5GCYqoT8rbgOqqFZnAKqa1cp1L/3PmZ
+XuUV1Qz+zSfLmJ5aacpxdDHmJt/s0kJDufMEjix6KKb5jrpkPGkOrPXc1fMqUEdQ
+1Iz17jEIc2kfrkIdUoRdR2jdox8HV+w+ng0jeBZBvGjyT+kZAgMBAAGjgd0wgdow
+CQYDVR0TBAIwADAdBgNVHQ4EFgQUSdx0Ahdxw9CgZDGeYCu0OENi3pgwRgYDVR0j
+BD8wPYAUeQbKQNOfmlSu0zNN8jg+tgvzPc+hGqQYMBYxFDASBgNVBAMMC1NPQ1RP
+T0xTLUNBggkAinSTJoBbQrcwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
+MAsGA1UdDwQEAwIFoDA6BgNVHREEMzAxgg9kc29jbGFiLWhhcHJveHmCHmRzb2Ns
+YWIuZ240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEABKBx
+MdIRkwmWyBsqMbi5NAesicuwbLDwF18YPKaWyrP6x69AF+F+5Nzu/lzchkC3L53A
+nv0Wa4WrwqhjH/4DK4lqgMkursw9GXUyDlZXFicCUUkds3iqV9MAm5P+baM3rSY1
+V+FfkL/vMLxo8798WWlPYTAtSGamRCpRY25Pp4+WfpGyska8lxsB38AkXLKqjSA6
+JV2KHIRTDdT21YFdMN7E1/pCnHlokla3dmnGya0HR6bSRtSlDBCpAyFNVkDlKOP6
+cBsjMmgHPdaKOvttO6YgFhsJ80fwKk/cl4ZWN5ZCG4m4dhqreiVO6GLZoDvsYnJk
+ZMqHnL4KCAlSqwOJKw==
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/dsoclab-keycloak.crt b/roles/ca/files/CA/issued/dsoclab-keycloak.crt
new file mode 100644
index 0000000..92b6893
--- /dev/null
+++ b/roles/ca/files/CA/issued/dsoclab-keycloak.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ fe:75:83:de:f2:35:5a:2c:2b:ba:09:72:0b:d8:09:48
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:28 2020 GMT
+ Not After : Oct 15 10:47:28 2023 GMT
+ Subject: CN=dsoclab-keycloak
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:ea:a9:ea:6b:2f:6c:9c:9f:6d:9c:89:4e:01:ba:
+ c6:c0:32:df:59:26:2b:95:f4:c2:3d:c8:7e:22:ce:
+ b6:78:03:e8:22:28:81:9c:9a:a6:a7:ba:fd:05:66:
+ a3:50:81:85:71:c1:d9:ea:bc:21:e1:5d:0a:87:7b:
+ be:55:b0:7d:01:57:de:4c:fe:3a:c5:c9:54:77:2e:
+ 15:fc:12:07:f8:ef:9f:7b:f7:09:01:70:75:53:3b:
+ dc:b1:0c:65:4d:49:c4:fb:1d:42:20:6f:81:45:42:
+ d3:db:1d:4c:57:1b:1d:3b:81:39:ee:b2:cf:95:4b:
+ 29:d0:a8:39:98:d6:93:36:99:bf:c5:43:26:8d:4d:
+ db:6d:24:3b:fc:16:76:a1:fd:6f:c6:19:11:c7:12:
+ 0d:80:16:4c:88:da:2c:09:78:3d:1b:7c:6c:ec:db:
+ 9e:01:50:5f:a3:56:7f:d4:3b:a4:26:d2:6d:42:7b:
+ 88:4e:8d:64:ed:1e:1a:0e:05:58:65:58:47:83:60:
+ 9e:b4:ed:15:ce:72:4f:a0:b5:22:dd:9f:a4:da:88:
+ 86:fe:cb:84:6e:72:3d:00:42:da:8b:85:2a:f2:ef:
+ d7:ee:bb:85:42:ba:b9:fb:d9:9d:d2:2c:58:0f:7c:
+ 02:23:b7:46:d0:69:06:37:40:9d:58:74:89:ca:b7:
+ 12:e5
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ FD:C5:77:F8:79:AD:0A:7E:6A:A0:2E:3B:58:6A:9F:43:51:55:0B:DF
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-keycloak, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 9a:c0:35:a3:68:ec:ec:cc:c3:65:5a:bf:03:d0:ee:8d:a0:41:
+ db:6d:89:3e:97:d4:90:7d:63:8e:73:37:43:ae:9a:e2:d0:2b:
+ a7:5e:b2:88:9b:4d:8f:b6:81:bf:f6:46:a0:87:ca:77:ec:5c:
+ af:cd:6b:d8:e8:60:5a:aa:86:be:64:d5:ad:e9:1e:41:7b:6a:
+ df:01:1d:16:86:94:57:82:51:91:be:6b:d6:ae:f0:b9:8c:3d:
+ 11:99:c4:93:eb:f7:fa:9e:a3:e3:f8:97:19:cf:63:55:6a:6e:
+ 4f:e9:a2:64:a7:35:0d:7e:68:23:89:e1:c6:06:4b:34:67:38:
+ 40:d1:81:b3:73:95:3a:3b:67:d2:5a:e4:8e:49:34:b1:ab:6f:
+ b6:60:87:ac:55:5d:f5:59:c0:d5:d3:d8:de:3b:76:c9:41:28:
+ b4:d7:23:ec:a2:3f:1d:3f:74:2e:f0:45:40:35:38:d1:06:50:
+ b2:93:45:df:de:33:5e:0b:89:86:d8:c9:14:61:1c:d2:94:21:
+ 1f:bf:df:32:f0:2f:91:52:b0:08:b7:b9:c2:b7:55:2b:ca:05:
+ e4:eb:91:e1:63:45:5d:1a:6f:e8:76:07:89:e8:42:3e:ec:7b:
+ 51:0e:a0:d5:8e:c3:3d:26:e3:45:b0:5b:61:d1:98:3b:c3:d4:
+ 37:9f:c1:7c
+-----BEGIN CERTIFICATE-----
+MIIDmzCCAoOgAwIBAgIRAP51g97yNVosK7oJcgvYCUgwDQYJKoZIhvcNAQELBQAw
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzI4WhcNMjMxMDE1
+MTA0NzI4WjAbMRkwFwYDVQQDDBBkc29jbGFiLWtleWNsb2FrMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6qnqay9snJ9tnIlOAbrGwDLfWSYrlfTCPch+
+Is62eAPoIiiBnJqmp7r9BWajUIGFccHZ6rwh4V0Kh3u+VbB9AVfeTP46xclUdy4V
+/BIH+O+fe/cJAXB1UzvcsQxlTUnE+x1CIG+BRULT2x1MVxsdO4E57rLPlUsp0Kg5
+mNaTNpm/xUMmjU3bbSQ7/BZ2of1vxhkRxxINgBZMiNosCXg9G3xs7NueAVBfo1Z/
+1DukJtJtQnuITo1k7R4aDgVYZVhHg2CetO0VznJPoLUi3Z+k2oiG/suEbnI9AELa
+i4Uq8u/X7ruFQrq5+9md0ixYD3wCI7dG0GkGN0CdWHSJyrcS5QIDAQABo4HeMIHb
+MAkGA1UdEwQCMAAwHQYDVR0OBBYEFP3Fd/h5rQp+aqAuO1hqn0NRVQvfMEYGA1Ud
+IwQ/MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NU
+T09MUy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD
+AjALBgNVHQ8EBAMCBaAwOwYDVR0RBDQwMoIQZHNvY2xhYi1rZXljbG9ha4IeZHNv
+Y2xhYi5nbjQtMy13cDgtc29jLnN1bmV0LnNlMA0GCSqGSIb3DQEBCwUAA4IBAQCa
+wDWjaOzszMNlWr8D0O6NoEHbbYk+l9SQfWOOczdDrpri0CunXrKIm02PtoG/9kag
+h8p37FyvzWvY6GBaqoa+ZNWt6R5Be2rfAR0WhpRXglGRvmvWrvC5jD0RmcST6/f6
+nqPj+JcZz2NVam5P6aJkpzUNfmgjieHGBks0ZzhA0YGzc5U6O2fSWuSOSTSxq2+2
+YIesVV31WcDV09jeO3bJQSi01yPsoj8dP3Qu8EVANTjRBlCyk0Xf3jNeC4mG2MkU
+YRzSlCEfv98y8C+RUrAIt7nCt1UrygXk65HhY0VdGm/odgeJ6EI+7HtRDqDVjsM9
+JuNFsFth0Zg7w9Q3n8F8
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/dsoclab-kibana.crt b/roles/ca/files/CA/issued/dsoclab-kibana.crt
new file mode 100644
index 0000000..f47839f
--- /dev/null
+++ b/roles/ca/files/CA/issued/dsoclab-kibana.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 7d:fc:33:45:75:73:e8:f1:60:94:a7:4e:6b:2f:23:f1
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:27 2020 GMT
+ Not After : Oct 15 10:47:27 2023 GMT
+ Subject: CN=dsoclab-kibana
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:ce:4f:c9:0f:84:4d:4e:7b:dc:11:90:c9:49:a8:
+ f3:60:44:a8:25:1b:59:83:64:0b:d1:e0:bc:59:50:
+ 22:a5:f5:88:7a:c8:40:65:e4:22:3d:77:d2:8f:9e:
+ 30:17:80:5e:20:85:bc:70:67:61:cb:d8:e2:9f:9a:
+ 7c:7b:a6:e8:4e:79:7b:cd:86:6e:26:52:37:45:b6:
+ ab:b7:6f:40:8f:7a:55:8b:d1:91:cc:21:6f:55:37:
+ 50:3b:72:1f:2d:3b:bf:75:47:91:88:6a:1c:ea:39:
+ dd:8b:25:31:55:0e:bc:52:6f:bf:0b:96:ef:e3:12:
+ 5c:da:63:22:54:e5:b3:95:8b:02:9e:57:3e:7b:4f:
+ a0:f5:6f:07:a8:5b:45:7c:cb:34:83:77:34:a5:b1:
+ ff:05:12:88:8f:cc:c4:05:5d:e9:e7:7d:2b:12:fa:
+ bb:4d:25:f4:f7:04:e7:95:06:95:ea:a9:c4:75:4e:
+ f7:03:67:2d:9c:9a:f4:01:f6:2a:8d:6c:6d:d0:59:
+ a9:ce:1f:12:b1:76:39:c8:07:d4:20:73:1e:f3:9c:
+ b9:67:83:3b:a8:7c:6e:fb:86:ea:3f:6a:8e:98:4c:
+ 39:a9:d1:4d:be:9f:0a:43:49:1b:fd:09:67:b6:62:
+ 71:fd:87:9a:63:25:00:aa:c7:a1:4d:23:12:e3:56:
+ 0f:6f
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 50:F3:7D:4F:B2:8C:A5:09:FD:64:CB:C1:97:F1:F8:49:C8:6B:30:4D
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-kibana, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ ae:be:82:6f:6d:e6:c4:cb:c3:2a:d9:d6:ee:11:52:a6:de:89:
+ 9e:31:a3:e2:86:07:e9:d1:fe:95:c9:a2:38:90:df:05:ff:e5:
+ 99:27:e8:d8:55:00:8a:85:b3:15:a5:e5:5b:ce:4e:4f:01:3b:
+ 74:a4:b2:09:fc:6e:95:92:94:2f:76:0d:c7:97:1b:78:c1:08:
+ 1e:3a:0e:fa:a6:ab:db:1e:22:26:86:39:f4:bb:89:a1:a1:d1:
+ 55:f6:c3:ff:9b:a5:eb:1b:6a:84:8a:1d:3c:5f:7c:03:0d:08:
+ 42:6f:d7:14:86:61:38:66:65:f7:c2:86:68:db:81:e9:41:0f:
+ 82:cf:bb:be:fd:d7:94:48:cc:f8:cf:4a:40:ce:33:c4:75:51:
+ 00:7e:c7:93:f6:3b:92:c1:5e:8a:ce:5f:2c:c2:f4:fe:ec:77:
+ 9e:ea:30:d9:53:ee:f9:b9:fd:50:f5:6b:92:1c:57:d2:e0:f3:
+ 05:d8:79:a9:63:16:13:09:cf:5f:39:dc:ec:43:e4:65:45:43:
+ 65:e4:7c:39:a3:a2:81:47:ab:8f:57:a9:89:9d:56:4b:77:b1:
+ 04:c8:9c:54:d2:5c:28:f5:d3:66:ae:9a:9c:a5:91:c7:eb:20:
+ 69:fb:58:99:c7:5e:be:ec:4a:7a:62:09:fe:3b:30:f2:4a:d7:
+ 1d:f9:0b:c3
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIQffwzRXVz6PFglKdOay8j8TANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjdaFw0yMzEwMTUx
+MDQ3MjdaMBkxFzAVBgNVBAMMDmRzb2NsYWIta2liYW5hMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAzk/JD4RNTnvcEZDJSajzYESoJRtZg2QL0eC8WVAi
+pfWIeshAZeQiPXfSj54wF4BeIIW8cGdhy9jin5p8e6boTnl7zYZuJlI3Rbart29A
+j3pVi9GRzCFvVTdQO3IfLTu/dUeRiGoc6jndiyUxVQ68Um+/C5bv4xJc2mMiVOWz
+lYsCnlc+e0+g9W8HqFtFfMs0g3c0pbH/BRKIj8zEBV3p530rEvq7TSX09wTnlQaV
+6qnEdU73A2ctnJr0AfYqjWxt0Fmpzh8SsXY5yAfUIHMe85y5Z4M7qHxu+4bqP2qO
+mEw5qdFNvp8KQ0kb/QlntmJx/YeaYyUAqsehTSMS41YPbwIDAQABo4HcMIHZMAkG
+A1UdEwQCMAAwHQYDVR0OBBYEFFDzfU+yjKUJ/WTLwZfx+EnIazBNMEYGA1UdIwQ/
+MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
+Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
+BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1raWJhbmGCHmRzb2NsYWIu
+Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEArr6Cb23m
+xMvDKtnW7hFSpt6JnjGj4oYH6dH+lcmiOJDfBf/lmSfo2FUAioWzFaXlW85OTwE7
+dKSyCfxulZKUL3YNx5cbeMEIHjoO+qar2x4iJoY59LuJoaHRVfbD/5ul6xtqhIod
+PF98Aw0IQm/XFIZhOGZl98KGaNuB6UEPgs+7vv3XlEjM+M9KQM4zxHVRAH7Hk/Y7
+ksFeis5fLML0/ux3nuow2VPu+bn9UPVrkhxX0uDzBdh5qWMWEwnPXznc7EPkZUVD
+ZeR8OaOigUerj1epiZ1WS3exBMicVNJcKPXTZq6anKWRx+sgaftYmcdevuxKemIJ
+/jsw8krXHfkLww==
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/dsoclab-misp.crt b/roles/ca/files/CA/issued/dsoclab-misp.crt
new file mode 100644
index 0000000..f830104
--- /dev/null
+++ b/roles/ca/files/CA/issued/dsoclab-misp.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 75:87:fc:e4:cf:3e:c6:81:17:19:90:76:b1:2c:d5:d2
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:28 2020 GMT
+ Not After : Oct 15 10:47:28 2023 GMT
+ Subject: CN=dsoclab-misp
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:cf:b1:1b:e7:a2:ae:70:81:71:a5:57:46:14:2e:
+ 47:64:89:4e:bd:7d:f0:82:2d:03:19:d6:87:44:b3:
+ 42:bf:72:78:03:cc:91:98:5b:36:42:14:55:e2:82:
+ 16:12:58:60:54:44:8f:15:f6:1b:1f:76:36:22:2e:
+ e8:ac:d3:3c:0a:df:46:c7:f1:04:bc:3a:bf:fe:4b:
+ 8f:2a:53:83:e3:50:82:06:09:fc:2a:fa:fe:94:a0:
+ 7b:7f:c2:3e:0b:3e:dc:72:b8:94:10:0a:0b:90:fd:
+ 45:76:29:85:52:bf:0f:20:43:78:fe:3b:d3:49:20:
+ 8f:9a:a5:0c:89:bb:0e:97:f2:67:b0:2d:f0:17:53:
+ 25:a6:9b:4b:64:0e:72:8a:bf:c9:e3:8e:41:bb:ed:
+ f3:33:6a:55:5f:8d:52:84:fa:a3:67:1a:7b:71:fb:
+ 90:f1:5f:61:df:44:ea:0b:77:88:f2:e5:c1:83:71:
+ 58:c7:58:8a:9b:39:45:59:4e:e0:db:16:b6:96:72:
+ 90:8c:ee:c2:13:75:ea:15:c6:6b:e2:dc:3a:de:c8:
+ 07:de:18:84:2d:96:b6:c4:4c:e1:4a:4d:13:6f:6c:
+ 9a:1d:e5:f9:6f:cc:7e:1b:4a:3a:75:1a:b9:37:b0:
+ 6d:a0:1b:69:35:f1:b6:e6:c2:a5:d3:56:d3:57:c7:
+ 0e:8b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 65:C5:56:88:65:AF:77:F1:53:B2:71:5E:16:10:D1:0B:30:FF:28:BE
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-misp, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 5a:57:76:90:fd:a5:0d:ea:b0:22:c9:02:2e:18:91:81:04:d1:
+ f4:64:58:58:19:27:03:9b:5a:dc:de:6c:0e:fb:b7:76:eb:b1:
+ 97:36:e2:c7:76:ef:7d:d8:00:c3:20:c0:3d:a7:cf:61:f8:16:
+ 4c:96:4c:7c:c8:89:21:d6:d4:eb:3a:c1:3d:98:34:74:6e:39:
+ 81:20:6f:9b:4b:8d:b9:35:60:c5:76:19:30:30:06:0f:89:b1:
+ 1a:f6:c4:88:52:28:98:41:52:f1:9a:77:82:79:ae:c9:71:ba:
+ d9:e5:e9:b7:ba:08:32:59:eb:5e:7d:11:e0:a8:27:20:91:46:
+ 05:56:1e:e6:0b:4d:49:17:52:7f:4b:c4:a3:e0:cd:30:bd:4e:
+ 6a:70:2a:f5:77:4d:d1:d6:64:13:8d:4b:1a:d3:0b:0f:8a:49:
+ 1e:bf:b4:c0:4f:43:dc:92:e3:c0:f2:2f:4a:c8:30:45:fc:5a:
+ d2:de:92:b2:a1:48:b8:da:ff:f4:0b:04:5d:5d:a7:30:d8:4b:
+ ca:cf:0c:01:6a:50:45:5f:d4:a8:cf:dd:fa:f7:68:0c:4c:45:
+ 47:be:3a:c2:39:bb:04:ff:62:a0:bc:91:a0:f2:2b:67:09:89:
+ 5a:ff:e6:53:c1:89:18:12:a1:0f:5a:d7:e1:12:8b:88:88:89:
+ ca:b0:30:27
+-----BEGIN CERTIFICATE-----
+MIIDkjCCAnqgAwIBAgIQdYf85M8+xoEXGZB2sSzV0jANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjhaFw0yMzEwMTUx
+MDQ3MjhaMBcxFTATBgNVBAMMDGRzb2NsYWItbWlzcDCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAM+xG+eirnCBcaVXRhQuR2SJTr198IItAxnWh0SzQr9y
+eAPMkZhbNkIUVeKCFhJYYFREjxX2Gx92NiIu6KzTPArfRsfxBLw6v/5LjypTg+NQ
+ggYJ/Cr6/pSge3/CPgs+3HK4lBAKC5D9RXYphVK/DyBDeP4700kgj5qlDIm7Dpfy
+Z7At8BdTJaabS2QOcoq/yeOOQbvt8zNqVV+NUoT6o2cae3H7kPFfYd9E6gt3iPLl
+wYNxWMdYips5RVlO4NsWtpZykIzuwhN16hXGa+LcOt7IB94YhC2WtsRM4UpNE29s
+mh3l+W/MfhtKOnUauTewbaAbaTXxtubCpdNW01fHDosCAwEAAaOB2jCB1zAJBgNV
+HRMEAjAAMB0GA1UdDgQWBBRlxVaIZa938VOycV4WENELMP8ovjBGBgNVHSMEPzA9
+gBR5BspA05+aVK7TM03yOD62C/M9z6EapBgwFjEUMBIGA1UEAwwLU09DVE9PTFMt
+Q0GCCQCKdJMmgFtCtzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYD
+VR0PBAQDAgWgMDcGA1UdEQQwMC6CDGRzb2NsYWItbWlzcIIeZHNvY2xhYi5nbjQt
+My13cDgtc29jLnN1bmV0LnNlMA0GCSqGSIb3DQEBCwUAA4IBAQBaV3aQ/aUN6rAi
+yQIuGJGBBNH0ZFhYGScDm1rc3mwO+7d267GXNuLHdu992ADDIMA9p89h+BZMlkx8
+yIkh1tTrOsE9mDR0bjmBIG+bS425NWDFdhkwMAYPibEa9sSIUiiYQVLxmneCea7J
+cbrZ5em3uggyWetefRHgqCcgkUYFVh7mC01JF1J/S8Sj4M0wvU5qcCr1d03R1mQT
+jUsa0wsPikkev7TAT0PckuPA8i9KyDBF/FrS3pKyoUi42v/0CwRdXacw2EvKzwwB
+alBFX9Soz93692gMTEVHvjrCObsE/2KgvJGg8itnCYla/+ZTwYkYEqEPWtfhEouI
+iInKsDAn
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/dsoclab-nifi-1.crt b/roles/ca/files/CA/issued/dsoclab-nifi-1.crt
new file mode 100644
index 0000000..ad6921c
--- /dev/null
+++ b/roles/ca/files/CA/issued/dsoclab-nifi-1.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 01:ec:4d:ad:3e:5e:47:cf:4e:4b:98:49:59:32:b3:37
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:25 2020 GMT
+ Not After : Oct 15 10:47:25 2023 GMT
+ Subject: CN=dsoclab-nifi-1
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:c3:af:ef:b7:a1:95:47:5f:55:ea:7e:e8:d6:fd:
+ d5:e3:19:68:2e:72:1f:90:62:a8:79:76:d8:d2:f6:
+ 51:df:71:80:37:5a:ec:7d:fb:6d:78:6e:37:fe:e5:
+ 1b:c8:d5:73:e4:c9:a5:cb:e8:4a:48:26:c6:e0:a6:
+ 5e:14:2c:90:b1:81:b2:69:31:e2:44:85:97:f5:60:
+ 12:88:06:9d:8d:cf:4a:a2:77:b3:d9:ff:f3:41:40:
+ 4c:21:e1:73:8d:98:82:2f:37:27:0c:24:d8:67:bd:
+ c7:05:50:40:c5:a9:d0:e4:3f:bb:0c:72:29:7c:be:
+ 06:01:96:03:b8:a0:42:c4:6f:6f:da:aa:17:34:5f:
+ 5e:f3:73:0e:77:b5:7a:9a:59:e3:3c:d1:39:50:17:
+ 2f:53:18:05:82:34:29:1b:19:56:2e:c2:db:24:79:
+ 51:0f:a8:d9:66:3c:72:1e:a0:f7:03:d6:e9:e5:c6:
+ b9:be:94:e4:84:bd:cd:93:26:eb:3b:17:bb:cd:e5:
+ 58:25:f2:28:35:a4:b1:70:df:32:54:85:f6:3c:20:
+ 9f:88:8b:5d:83:a2:c4:1e:31:d9:a1:76:1d:2e:3c:
+ f8:78:64:a4:dd:3a:b2:56:65:bf:a8:2a:a8:ed:62:
+ c9:62:2c:72:bd:9d:7e:6b:1f:80:ea:bc:33:60:47:
+ d3:0f
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 87:9A:8D:12:3A:69:8D:89:98:F6:95:D0:F2:ED:C3:DC:ED:A0:22:12
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-nifi-1, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 8d:23:38:a7:aa:d0:58:03:f2:98:19:da:62:c6:55:cb:d5:c5:
+ 05:dd:55:c5:f9:41:46:ec:75:06:be:0a:0b:7b:0f:ac:10:dd:
+ 86:bf:4f:6e:05:c1:7b:c1:1d:1c:ce:c7:f0:a9:0c:6e:79:fe:
+ c2:49:18:d5:5d:4a:ae:c8:d8:ab:ec:45:95:94:c1:8b:30:da:
+ 52:1a:42:3c:41:77:65:9e:8a:63:f5:52:c2:71:b7:e2:56:43:
+ bd:89:3a:fa:14:bd:d7:7a:b2:60:43:82:c0:df:4a:e0:a7:02:
+ fd:d7:f6:56:9a:0f:ad:f4:ee:00:06:fb:75:b9:96:63:c8:b3:
+ 75:1f:c6:9d:3b:9d:1a:29:cd:09:f0:80:31:5c:4e:97:62:91:
+ 73:84:aa:11:cc:4b:00:15:a1:92:62:2a:6b:d4:d6:4c:ed:a5:
+ 89:fe:12:c9:d1:0b:48:b8:97:26:e4:5b:ab:da:fe:2d:54:ca:
+ 55:23:8b:22:7f:a1:12:4a:21:3e:9e:bb:48:d6:82:b6:a2:cc:
+ 83:15:5d:5f:c7:52:a1:01:01:70:60:3f:64:b4:1d:85:4f:56:
+ b7:67:77:b8:ea:59:7a:85:ce:e3:4a:e1:d6:2f:e0:b2:60:44:
+ 3a:08:3a:b5:0e:fc:88:ad:e5:a1:f1:a8:79:37:c4:52:02:f0:
+ 5b:05:94:0e
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIQAexNrT5eR89OS5hJWTKzNzANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjVaFw0yMzEwMTUx
+MDQ3MjVaMBkxFzAVBgNVBAMMDmRzb2NsYWItbmlmaS0xMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAw6/vt6GVR19V6n7o1v3V4xloLnIfkGKoeXbY0vZR
+33GAN1rsfftteG43/uUbyNVz5Mmly+hKSCbG4KZeFCyQsYGyaTHiRIWX9WASiAad
+jc9Konez2f/zQUBMIeFzjZiCLzcnDCTYZ73HBVBAxanQ5D+7DHIpfL4GAZYDuKBC
+xG9v2qoXNF9e83MOd7V6mlnjPNE5UBcvUxgFgjQpGxlWLsLbJHlRD6jZZjxyHqD3
+A9bp5ca5vpTkhL3NkybrOxe7zeVYJfIoNaSxcN8yVIX2PCCfiItdg6LEHjHZoXYd
+Ljz4eGSk3TqyVmW/qCqo7WLJYixyvZ1+ax+A6rwzYEfTDwIDAQABo4HcMIHZMAkG
+A1UdEwQCMAAwHQYDVR0OBBYEFIeajRI6aY2JmPaV0PLtw9ztoCISMEYGA1UdIwQ/
+MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
+Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
+BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1uaWZpLTGCHmRzb2NsYWIu
+Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEAjSM4p6rQ
+WAPymBnaYsZVy9XFBd1VxflBRux1Br4KC3sPrBDdhr9PbgXBe8EdHM7H8KkMbnn+
+wkkY1V1KrsjYq+xFlZTBizDaUhpCPEF3ZZ6KY/VSwnG34lZDvYk6+hS913qyYEOC
+wN9K4KcC/df2VpoPrfTuAAb7dbmWY8izdR/GnTudGinNCfCAMVxOl2KRc4SqEcxL
+ABWhkmIqa9TWTO2lif4SydELSLiXJuRbq9r+LVTKVSOLIn+hEkohPp67SNaCtqLM
+gxVdX8dSoQEBcGA/ZLQdhU9Wt2d3uOpZeoXO40rh1i/gsmBEOgg6tQ78iK3lofGo
+eTfEUgLwWwWUDg==
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/dsoclab-nifi-2.crt b/roles/ca/files/CA/issued/dsoclab-nifi-2.crt
new file mode 100644
index 0000000..56a67ac
--- /dev/null
+++ b/roles/ca/files/CA/issued/dsoclab-nifi-2.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 8b:69:05:5f:85:86:ce:dd:21:66:0b:24:93:41:26:60
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:25 2020 GMT
+ Not After : Oct 15 10:47:25 2023 GMT
+ Subject: CN=dsoclab-nifi-2
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:ac:b7:4b:e2:d5:87:7f:8e:15:9b:cf:c0:17:eb:
+ db:8c:e3:1b:83:c0:69:b9:06:91:a0:9b:c6:35:dc:
+ 2f:e8:8c:72:28:50:02:82:c5:b1:eb:da:d9:e3:9d:
+ 95:d2:d9:dd:e1:08:35:6d:83:73:95:98:ba:19:fd:
+ 3e:04:67:9a:09:37:45:79:d3:1d:0b:ec:0a:43:cb:
+ b8:24:cc:68:5c:ce:2e:ae:db:48:d8:6e:5a:f3:31:
+ be:87:28:86:76:8e:8f:8d:68:95:1f:72:6c:65:4a:
+ fc:9e:b8:7d:e2:83:e2:3d:b0:30:5d:c1:73:06:ae:
+ 9b:f7:9a:54:b8:02:6b:82:90:11:08:3f:d6:5f:59:
+ 5c:df:aa:25:59:c0:67:7a:fc:e1:f0:c9:4a:8b:e0:
+ 31:b6:53:13:c2:bf:8c:4f:3a:e6:ed:11:30:a6:41:
+ 26:ad:56:8f:03:0b:ad:87:6c:b2:73:c4:2e:41:3e:
+ 99:1a:b6:29:6d:e0:dc:af:8f:45:6e:d5:69:17:0d:
+ f1:58:a6:7e:8c:80:32:72:24:21:d2:e9:b4:44:23:
+ f6:10:8f:9f:64:7f:ef:e6:ab:f1:43:94:d0:8a:97:
+ 0e:e4:91:bd:86:b9:1f:42:f4:96:39:85:05:26:ed:
+ 90:01:91:11:a3:1f:04:5b:46:ff:1b:a9:74:77:db:
+ 18:03
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 1F:5E:EF:0E:58:69:FD:21:93:48:19:98:81:48:13:2E:FC:31:61:0C
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-nifi-2, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 21:2d:9b:f7:0c:74:cd:d4:30:b1:42:5b:32:98:d8:ef:9f:a9:
+ 9b:1b:f0:54:67:c3:20:5b:f1:87:4d:ff:e4:a5:db:af:eb:34:
+ 8a:b3:fa:d6:14:4a:3c:31:11:8f:09:b0:af:25:39:5a:5e:89:
+ 32:cf:c7:48:68:f3:14:72:a0:35:15:ec:76:c7:bb:a7:5b:0c:
+ d5:7e:5b:8c:d8:40:a2:5e:fa:f8:f2:cf:dd:56:65:7e:94:ef:
+ b4:99:25:ba:9f:78:94:7d:54:0c:83:b9:cf:b8:b4:9d:78:6d:
+ 62:e3:6c:98:1f:40:b9:35:3c:51:b5:9f:82:7b:1e:77:db:25:
+ f2:71:df:3d:e9:56:93:86:fe:61:48:4f:db:76:5b:5f:b1:96:
+ f9:46:72:5e:01:80:87:b5:be:b4:00:3b:37:7f:5e:44:d4:7e:
+ c5:87:ed:40:6b:9e:f4:ca:1b:b0:4b:84:97:1f:07:0f:7c:8b:
+ d2:7b:b1:3d:a7:f8:ae:39:07:34:50:41:70:1f:07:ba:a6:a2:
+ 0d:ca:e5:7b:d4:77:2c:95:4d:16:0c:34:e0:a5:59:7f:43:c7:
+ a0:dd:a0:f0:ed:75:5a:0f:61:76:52:34:ef:7c:a7:21:e4:de:
+ 3a:24:cd:39:b6:77:3a:c8:f3:1f:09:2b:80:9a:f0:5d:7f:5e:
+ 73:9d:73:eb
+-----BEGIN CERTIFICATE-----
+MIIDlzCCAn+gAwIBAgIRAItpBV+Fhs7dIWYLJJNBJmAwDQYJKoZIhvcNAQELBQAw
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzI1WhcNMjMxMDE1
+MTA0NzI1WjAZMRcwFQYDVQQDDA5kc29jbGFiLW5pZmktMjCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAKy3S+LVh3+OFZvPwBfr24zjG4PAabkGkaCbxjXc
+L+iMcihQAoLFseva2eOdldLZ3eEINW2Dc5WYuhn9PgRnmgk3RXnTHQvsCkPLuCTM
+aFzOLq7bSNhuWvMxvocohnaOj41olR9ybGVK/J64feKD4j2wMF3Bcwaum/eaVLgC
+a4KQEQg/1l9ZXN+qJVnAZ3r84fDJSovgMbZTE8K/jE865u0RMKZBJq1WjwMLrYds
+snPELkE+mRq2KW3g3K+PRW7VaRcN8VimfoyAMnIkIdLptEQj9hCPn2R/7+ar8UOU
+0IqXDuSRvYa5H0L0ljmFBSbtkAGREaMfBFtG/xupdHfbGAMCAwEAAaOB3DCB2TAJ
+BgNVHRMEAjAAMB0GA1UdDgQWBBQfXu8OWGn9IZNIGZiBSBMu/DFhDDBGBgNVHSME
+PzA9gBR5BspA05+aVK7TM03yOD62C/M9z6EapBgwFjEUMBIGA1UEAwwLU09DVE9P
+TFMtQ0GCCQCKdJMmgFtCtzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
+CwYDVR0PBAQDAgWgMDkGA1UdEQQyMDCCDmRzb2NsYWItbmlmaS0ygh5kc29jbGFi
+LmduNC0zLXdwOC1zb2Muc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggEBACEtm/cM
+dM3UMLFCWzKY2O+fqZsb8FRnwyBb8YdN/+Sl26/rNIqz+tYUSjwxEY8JsK8lOVpe
+iTLPx0ho8xRyoDUV7HbHu6dbDNV+W4zYQKJe+vjyz91WZX6U77SZJbqfeJR9VAyD
+uc+4tJ14bWLjbJgfQLk1PFG1n4J7HnfbJfJx3z3pVpOG/mFIT9t2W1+xlvlGcl4B
+gIe1vrQAOzd/XkTUfsWH7UBrnvTKG7BLhJcfBw98i9J7sT2n+K45BzRQQXAfB7qm
+og3K5XvUdyyVTRYMNOClWX9Dx6DdoPDtdVoPYXZSNO98pyHk3jokzTm2dzrI8x8J
+K4Ca8F1/XnOdc+s=
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/dsoclab-nifi-3.crt b/roles/ca/files/CA/issued/dsoclab-nifi-3.crt
new file mode 100644
index 0000000..796e826
--- /dev/null
+++ b/roles/ca/files/CA/issued/dsoclab-nifi-3.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 59:69:91:8f:10:ef:8d:2b:ae:46:b2:6d:6d:62:9d:8e
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:26 2020 GMT
+ Not After : Oct 15 10:47:26 2023 GMT
+ Subject: CN=dsoclab-nifi-3
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:a7:48:a0:d3:ab:1e:8c:49:60:8b:b8:bd:9a:aa:
+ 5c:09:62:01:79:89:c9:e5:5f:30:64:38:ca:f1:95:
+ 2d:48:20:81:ef:60:aa:6f:d1:ef:b4:ac:89:8e:e9:
+ f5:16:7d:64:07:b0:3b:75:c3:e1:e1:15:71:64:60:
+ 8f:15:8e:16:8b:de:b8:97:79:a7:83:19:77:5b:aa:
+ 36:82:37:b9:51:a7:95:b5:1f:ac:9d:81:c6:ec:fb:
+ 14:3a:84:77:1e:9c:dd:3c:06:30:a1:5e:d0:8f:b0:
+ c9:5a:13:ad:0e:56:57:bc:1d:3f:be:d7:4c:4b:37:
+ a2:88:72:4d:1a:62:88:08:a0:57:bb:20:ce:7e:af:
+ b7:72:f2:ee:86:1a:b1:28:3b:41:f4:d3:ea:14:74:
+ 90:e1:33:41:1a:92:e2:2e:ec:d3:20:60:60:61:d6:
+ fc:0e:3f:57:43:88:5f:10:29:20:51:40:46:ed:5d:
+ 9f:d1:5a:e7:4b:52:f4:d4:23:60:4a:22:a7:92:6c:
+ d4:cb:20:01:a6:b9:53:71:7a:71:02:e1:05:72:41:
+ a5:42:9f:41:47:2c:30:7e:0c:b1:73:cc:f7:63:60:
+ 27:3f:3d:36:93:14:aa:7e:12:ed:1b:f1:cb:4d:e8:
+ 7c:32:20:50:f5:2d:7d:06:0a:93:cf:7a:85:2b:0b:
+ a6:b1
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ C9:B8:02:23:C4:2E:F5:FE:C9:34:45:77:33:0D:89:CE:D9:A3:30:2A
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-nifi-3, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 32:20:b3:1c:e1:c9:a4:19:75:14:32:1b:cd:c2:83:59:49:07:
+ e3:b8:62:73:ec:4e:69:cb:9b:49:0d:f5:d0:ea:8b:b6:de:3e:
+ 76:03:c4:e8:68:0f:01:96:aa:40:b2:1e:99:06:d2:75:f5:31:
+ ec:b7:93:e6:1b:b0:ab:7e:1b:1d:65:46:6d:9f:ac:97:ed:55:
+ 53:ca:53:00:5a:ca:c5:83:48:c3:2a:51:db:e7:e7:e1:40:4a:
+ bf:b2:9d:d4:71:d4:54:84:2b:4b:d4:a2:22:73:95:e1:62:51:
+ ce:e3:e2:f6:24:dd:40:08:07:01:6f:ee:27:3e:fc:17:1d:1f:
+ 30:da:7f:37:78:7e:b8:af:d8:2c:d9:48:84:92:be:4e:8e:a7:
+ b8:e6:9f:d4:91:5d:44:c9:8b:82:9f:13:eb:d5:2c:00:fa:ef:
+ d6:49:ff:92:0d:83:22:57:45:4a:ac:b6:5e:a2:c6:c1:73:ff:
+ f5:dd:a7:d8:79:9a:a7:96:33:b4:51:17:7f:80:6e:3b:52:a8:
+ 61:53:ae:08:1f:02:5a:0c:5b:37:3c:3a:36:ee:74:e2:9e:df:
+ df:01:b5:f6:d0:b8:fa:58:79:53:fd:70:9e:54:c3:6c:68:a7:
+ 3f:b0:e4:20:a6:a8:2f:87:5a:8a:08:01:41:de:35:ed:5e:85:
+ ae:dd:e0:3e
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIQWWmRjxDvjSuuRrJtbWKdjjANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjZaFw0yMzEwMTUx
+MDQ3MjZaMBkxFzAVBgNVBAMMDmRzb2NsYWItbmlmaS0zMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAp0ig06sejElgi7i9mqpcCWIBeYnJ5V8wZDjK8ZUt
+SCCB72Cqb9HvtKyJjun1Fn1kB7A7dcPh4RVxZGCPFY4Wi964l3mngxl3W6o2gje5
+UaeVtR+snYHG7PsUOoR3HpzdPAYwoV7Qj7DJWhOtDlZXvB0/vtdMSzeiiHJNGmKI
+CKBXuyDOfq+3cvLuhhqxKDtB9NPqFHSQ4TNBGpLiLuzTIGBgYdb8Dj9XQ4hfECkg
+UUBG7V2f0VrnS1L01CNgSiKnkmzUyyABprlTcXpxAuEFckGlQp9BRywwfgyxc8z3
+Y2AnPz02kxSqfhLtG/HLTeh8MiBQ9S19BgqTz3qFKwumsQIDAQABo4HcMIHZMAkG
+A1UdEwQCMAAwHQYDVR0OBBYEFMm4AiPELvX+yTRFdzMNic7ZozAqMEYGA1UdIwQ/
+MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
+Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
+BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1uaWZpLTOCHmRzb2NsYWIu
+Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEAMiCzHOHJ
+pBl1FDIbzcKDWUkH47hic+xOacubSQ310OqLtt4+dgPE6GgPAZaqQLIemQbSdfUx
+7LeT5huwq34bHWVGbZ+sl+1VU8pTAFrKxYNIwypR2+fn4UBKv7Kd1HHUVIQrS9Si
+InOV4WJRzuPi9iTdQAgHAW/uJz78Fx0fMNp/N3h+uK/YLNlIhJK+To6nuOaf1JFd
+RMmLgp8T69UsAPrv1kn/kg2DIldFSqy2XqLGwXP/9d2n2Hmap5YztFEXf4BuO1Ko
+YVOuCB8CWgxbNzw6Nu504p7f3wG19tC4+lh5U/1wnlTDbGinP7DkIKaoL4daiggB
+Qd417V6Frt3gPg==
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/dsoclab-odfe-1.crt b/roles/ca/files/CA/issued/dsoclab-odfe-1.crt
new file mode 100644
index 0000000..71baad0
--- /dev/null
+++ b/roles/ca/files/CA/issued/dsoclab-odfe-1.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 97:d2:d0:cf:23:00:c0:a9:66:d1:03:ca:89:a9:92:12
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:26 2020 GMT
+ Not After : Oct 15 10:47:26 2023 GMT
+ Subject: CN=dsoclab-odfe-1
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:e5:46:f6:71:ce:a2:3f:61:5e:9b:f3:c6:61:88:
+ 87:99:0a:ac:b8:e8:9d:3c:5f:8c:60:2b:41:5b:36:
+ fb:39:0a:6f:a1:16:02:31:ac:0d:bd:0e:ff:95:59:
+ d8:f1:21:6b:bd:96:d6:7b:79:01:d1:65:1c:ca:09:
+ 22:50:30:01:ea:ed:b4:29:bf:b4:70:25:db:b3:1d:
+ e9:73:ed:63:93:02:4c:90:22:04:6d:31:74:31:ae:
+ 85:3c:12:8d:b3:f6:92:2f:de:75:75:8f:ca:a5:f2:
+ a2:12:94:fb:e8:73:30:37:f1:7c:b5:4e:59:ab:71:
+ 73:26:80:9a:46:8d:49:94:b0:09:e5:27:10:34:9d:
+ c0:53:3b:fa:77:2e:06:c0:73:8e:0f:9a:1e:8c:27:
+ 32:0c:eb:f2:d2:0c:a7:52:48:c6:ee:12:21:15:e3:
+ 45:30:89:81:63:7f:bf:0a:5b:d1:05:c8:1c:fc:5f:
+ bb:b8:82:2a:92:3b:3a:ae:19:9d:e9:a7:62:7c:0a:
+ f2:c2:2a:e6:a8:d4:9b:0a:a8:a2:5a:ec:e5:a3:1a:
+ 73:e0:83:3d:d2:e8:74:a9:0b:b0:e4:b0:fd:fe:ad:
+ 1e:57:e8:0d:20:7c:aa:1f:31:69:b5:0d:8c:3f:1c:
+ 8d:dc:d3:71:5b:f1:04:6a:ae:b9:2d:a8:be:28:11:
+ f5:4b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ DB:92:49:8B:D9:27:41:85:16:AE:C9:CA:F6:8D:11:53:8B:EE:B0:5E
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-odfe-1, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 0f:83:fb:ba:2a:0d:aa:14:3f:3f:0b:00:be:f9:37:f4:7f:29:
+ 1e:21:4e:18:07:e0:ae:e1:84:f7:cf:a1:21:a5:36:ba:77:6c:
+ 0c:00:11:d5:7d:d8:31:b3:f5:cc:fd:6b:27:8f:99:5f:99:4c:
+ 57:88:d0:1a:e7:66:6b:8a:fd:d1:01:e3:88:37:91:8c:7b:e9:
+ e2:22:dd:80:62:64:9e:22:e7:25:b5:b9:89:45:e4:24:f5:19:
+ c0:5d:10:50:57:80:66:23:0c:b1:8e:bd:b3:f1:fa:95:7e:6f:
+ 04:d1:da:c2:e8:a1:b2:55:55:66:3a:bc:5b:71:50:8c:a8:56:
+ 86:f4:a9:9c:c7:4b:d6:91:73:8e:a9:93:ef:e0:85:5e:5c:53:
+ ae:b3:a7:a4:31:80:f3:b3:e4:03:ad:da:96:f0:14:7b:25:e4:
+ ff:68:9b:8f:28:cd:fc:94:05:5f:38:80:84:d6:f5:d4:b7:bd:
+ 43:79:bd:fb:f2:ce:30:73:01:e8:ee:ad:45:4a:ea:88:3f:d1:
+ a2:ef:22:f5:49:cc:d4:27:22:3c:bc:1f:50:81:58:5a:65:9d:
+ d6:14:3b:3f:b2:8f:90:35:2b:e7:1a:9b:58:db:96:06:9b:cf:
+ 44:0b:f5:9f:aa:57:28:3c:ab:70:fa:bc:93:90:d9:94:d7:fe:
+ 6f:fe:39:2a
+-----BEGIN CERTIFICATE-----
+MIIDlzCCAn+gAwIBAgIRAJfS0M8jAMCpZtEDyompkhIwDQYJKoZIhvcNAQELBQAw
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzI2WhcNMjMxMDE1
+MTA0NzI2WjAZMRcwFQYDVQQDDA5kc29jbGFiLW9kZmUtMTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAOVG9nHOoj9hXpvzxmGIh5kKrLjonTxfjGArQVs2
++zkKb6EWAjGsDb0O/5VZ2PEha72W1nt5AdFlHMoJIlAwAerttCm/tHAl27Md6XPt
+Y5MCTJAiBG0xdDGuhTwSjbP2ki/edXWPyqXyohKU++hzMDfxfLVOWatxcyaAmkaN
+SZSwCeUnEDSdwFM7+ncuBsBzjg+aHownMgzr8tIMp1JIxu4SIRXjRTCJgWN/vwpb
+0QXIHPxfu7iCKpI7Oq4ZnemnYnwK8sIq5qjUmwqoolrs5aMac+CDPdLodKkLsOSw
+/f6tHlfoDSB8qh8xabUNjD8cjdzTcVvxBGquuS2ovigR9UsCAwEAAaOB3DCB2TAJ
+BgNVHRMEAjAAMB0GA1UdDgQWBBTbkkmL2SdBhRauycr2jRFTi+6wXjBGBgNVHSME
+PzA9gBR5BspA05+aVK7TM03yOD62C/M9z6EapBgwFjEUMBIGA1UEAwwLU09DVE9P
+TFMtQ0GCCQCKdJMmgFtCtzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
+CwYDVR0PBAQDAgWgMDkGA1UdEQQyMDCCDmRzb2NsYWItb2RmZS0xgh5kc29jbGFi
+LmduNC0zLXdwOC1zb2Muc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggEBAA+D+7oq
+DaoUPz8LAL75N/R/KR4hThgH4K7hhPfPoSGlNrp3bAwAEdV92DGz9cz9ayePmV+Z
+TFeI0BrnZmuK/dEB44g3kYx76eIi3YBiZJ4i5yW1uYlF5CT1GcBdEFBXgGYjDLGO
+vbPx+pV+bwTR2sLoobJVVWY6vFtxUIyoVob0qZzHS9aRc46pk+/ghV5cU66zp6Qx
+gPOz5AOt2pbwFHsl5P9om48ozfyUBV84gITW9dS3vUN5vfvyzjBzAejurUVK6og/
+0aLvIvVJzNQnIjy8H1CBWFplndYUOz+yj5A1K+cam1jblgabz0QL9Z+qVyg8q3D6
+vJOQ2ZTX/m/+OSo=
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/dsoclab-odfe-2.crt b/roles/ca/files/CA/issued/dsoclab-odfe-2.crt
new file mode 100644
index 0000000..a648174
--- /dev/null
+++ b/roles/ca/files/CA/issued/dsoclab-odfe-2.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 56:0a:99:c5:a0:3f:c4:b9:fc:92:fd:c6:2f:41:9b:b9
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:27 2020 GMT
+ Not After : Oct 15 10:47:27 2023 GMT
+ Subject: CN=dsoclab-odfe-2
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:c7:a5:e1:3f:e0:a3:22:69:f1:b4:15:5e:b9:3c:
+ db:d7:44:bb:d9:c7:69:94:5b:c1:7d:a3:34:4d:3e:
+ 88:0a:e2:8f:2e:d3:98:94:ae:b4:1f:49:a3:fd:4b:
+ 27:16:70:ab:03:ab:cd:4c:02:2a:7b:ed:3a:ff:49:
+ 49:2e:3b:88:f6:59:85:26:de:37:b4:47:9e:1c:be:
+ a3:38:8e:b0:22:6b:ca:c5:12:e5:be:40:9c:57:7a:
+ 4d:02:0c:db:13:c5:9d:d2:85:df:99:57:32:90:37:
+ 54:08:16:46:01:54:da:0c:77:31:63:39:46:27:88:
+ 3f:f4:ad:4e:e6:fd:0a:3e:9d:98:9a:53:98:90:be:
+ 9b:ee:e3:b2:91:c7:7f:3f:a1:b9:62:f8:7a:1e:cc:
+ b4:23:ed:82:a0:5c:ad:86:7b:50:53:c9:ec:57:04:
+ 44:1c:12:f6:33:3f:68:42:f8:b7:2f:25:91:1c:aa:
+ b0:df:17:6b:ed:6d:cc:6d:a7:d6:b7:07:6b:61:a5:
+ 16:51:9f:02:07:ad:b2:42:42:ca:0b:b1:2e:c1:6e:
+ 94:2d:3e:5e:88:48:8f:b6:8b:15:b0:48:8e:35:58:
+ ea:b5:90:9c:fb:5a:fa:f5:c7:27:b7:11:30:7a:cb:
+ 36:7c:4f:ea:52:00:47:40:e9:f0:ca:67:63:32:e0:
+ 33:73
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ E6:41:BE:4B:A2:E1:07:EF:2A:FD:16:A7:B6:68:3D:0F:81:F5:15:80
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-odfe-2, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 84:64:d0:92:f6:96:07:be:f1:52:f6:49:15:cd:d0:99:ea:ca:
+ 7f:06:a8:d2:68:e3:8e:c3:a3:a9:2d:f2:b7:4a:74:75:9f:02:
+ b4:6f:77:14:ec:89:f9:a3:b5:35:c8:f2:ad:50:df:24:05:d3:
+ 0a:a8:49:be:19:de:fc:84:a4:61:af:ff:c0:2c:f7:8b:11:87:
+ 34:10:e3:dc:9b:d2:b8:66:0a:f7:3f:05:11:37:41:09:9f:3d:
+ f3:a1:97:b7:62:64:db:5a:46:d9:5a:7a:c8:f7:79:e4:f8:61:
+ 2e:5c:e8:82:8d:fc:0e:8d:a4:4f:fd:33:f1:76:0e:8d:21:f4:
+ 00:5a:e1:a6:96:21:e0:bb:e4:e6:35:8e:b6:61:49:8a:f2:c1:
+ 25:96:cf:c0:f6:e0:0a:0b:75:b5:d5:6c:be:ad:0c:a8:4b:33:
+ 44:72:cc:ef:5f:db:09:e7:b9:6e:60:80:7d:02:e9:ab:06:81:
+ 24:d3:9d:c3:de:f9:a1:f1:f7:77:ee:6d:49:ab:13:72:c6:62:
+ 39:b2:80:32:07:20:51:a3:3e:1a:cf:b9:3a:bc:e3:a1:58:33:
+ 22:6f:68:a9:e9:33:0b:8d:24:72:ea:e3:75:68:a3:69:11:a8:
+ 2d:86:ed:f2:00:74:d6:d4:ab:fc:30:3f:68:6b:b6:d3:61:30:
+ 51:84:09:da
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIQVgqZxaA/xLn8kv3GL0GbuTANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjdaFw0yMzEwMTUx
+MDQ3MjdaMBkxFzAVBgNVBAMMDmRzb2NsYWItb2RmZS0yMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAx6XhP+CjImnxtBVeuTzb10S72cdplFvBfaM0TT6I
+CuKPLtOYlK60H0mj/UsnFnCrA6vNTAIqe+06/0lJLjuI9lmFJt43tEeeHL6jOI6w
+ImvKxRLlvkCcV3pNAgzbE8Wd0oXfmVcykDdUCBZGAVTaDHcxYzlGJ4g/9K1O5v0K
+Pp2YmlOYkL6b7uOykcd/P6G5Yvh6Hsy0I+2CoFythntQU8nsVwREHBL2Mz9oQvi3
+LyWRHKqw3xdr7W3MbafWtwdrYaUWUZ8CB62yQkLKC7EuwW6ULT5eiEiPtosVsEiO
+NVjqtZCc+1r69ccntxEwess2fE/qUgBHQOnwymdjMuAzcwIDAQABo4HcMIHZMAkG
+A1UdEwQCMAAwHQYDVR0OBBYEFOZBvkui4QfvKv0Wp7ZoPQ+B9RWAMEYGA1UdIwQ/
+MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
+Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
+BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1vZGZlLTKCHmRzb2NsYWIu
+Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEAhGTQkvaW
+B77xUvZJFc3QmerKfwao0mjjjsOjqS3yt0p0dZ8CtG93FOyJ+aO1NcjyrVDfJAXT
+CqhJvhne/ISkYa//wCz3ixGHNBDj3JvSuGYK9z8FETdBCZ8986GXt2Jk21pG2Vp6
+yPd55PhhLlzogo38Do2kT/0z8XYOjSH0AFrhppYh4Lvk5jWOtmFJivLBJZbPwPbg
+Cgt1tdVsvq0MqEszRHLM71/bCee5bmCAfQLpqwaBJNOdw975ofH3d+5tSasTcsZi
+ObKAMgcgUaM+Gs+5OrzjoVgzIm9oqekzC40kcurjdWijaRGoLYbt8gB01tSr/DA/
+aGu202EwUYQJ2g==
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/dsoclab-thehive.crt b/roles/ca/files/CA/issued/dsoclab-thehive.crt
new file mode 100644
index 0000000..0d474c2
--- /dev/null
+++ b/roles/ca/files/CA/issued/dsoclab-thehive.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 61:09:5c:2c:8d:35:ee:29:1c:99:ce:ab:d4:2b:3c:a4
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:29 2020 GMT
+ Not After : Oct 15 10:47:29 2023 GMT
+ Subject: CN=dsoclab-thehive
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:ba:c5:4d:20:a4:60:b7:61:21:ed:16:a1:6f:72:
+ c4:de:a1:00:c0:ef:fc:5d:a1:89:34:07:15:d2:b4:
+ 3a:14:b8:95:75:8e:81:71:49:46:1d:c8:81:cb:f1:
+ ec:c7:5a:12:f6:89:60:e4:c8:98:1a:61:c8:2d:12:
+ 8f:73:ee:f8:9d:88:b5:7f:30:70:97:29:b4:ab:43:
+ 2d:dc:db:a7:10:47:c7:b5:26:9b:11:85:fb:d3:27:
+ 8f:3a:55:bc:ea:78:17:b8:89:10:a3:a4:10:60:39:
+ c3:7f:42:25:a9:fe:84:7f:38:5e:f4:3d:c3:98:3d:
+ 56:b9:ba:81:06:55:8d:65:12:f0:4e:23:88:1d:98:
+ 0c:2f:6e:4f:67:fd:4e:67:39:91:b9:01:52:12:aa:
+ 9e:bb:7a:c8:ea:8f:4a:2d:18:f8:69:9a:3a:a0:c8:
+ 6e:e3:de:c6:db:be:4c:59:e0:cf:bc:34:4f:2c:b0:
+ ef:3e:82:5a:df:68:be:b8:fb:cc:5f:6a:f2:3e:66:
+ d4:c6:c5:f6:0b:67:e9:64:85:15:87:60:6f:dc:b4:
+ 5b:13:6f:b0:9b:f8:f3:da:c1:91:9e:81:5f:16:ca:
+ 9e:14:01:c1:1c:ce:2a:d3:c8:3c:0f:be:b1:37:aa:
+ c9:08:68:2b:de:f9:44:6c:1e:90:a4:12:bc:f5:3c:
+ 46:bd
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 5B:08:8E:F2:1B:8F:12:03:BA:31:02:9C:CE:CC:BC:9F:FC:19:D1:E1
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-thehive, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 7f:b2:fa:33:d6:e3:6c:57:8a:4a:9a:ef:8b:81:2b:df:f3:d6:
+ fb:8c:bc:02:cf:71:54:a0:f2:0d:ae:3b:30:cf:5c:69:d7:d0:
+ aa:cc:16:80:4d:9d:c8:1f:a7:98:9d:26:dc:ae:8e:24:2b:bc:
+ c1:11:a6:8d:4f:ca:13:1f:7f:8f:4c:ef:dd:46:df:d6:97:0a:
+ 88:51:4e:f7:46:aa:3d:e3:70:e9:19:e8:9f:7e:22:fa:b6:38:
+ 30:00:0a:94:38:09:bf:b8:64:6c:c1:b7:05:6d:4f:f3:27:0c:
+ df:04:ef:a1:4e:e8:2d:4c:06:d0:c0:4f:4f:da:d0:6d:b8:f2:
+ b3:79:18:63:bd:62:83:53:55:38:94:d9:64:ca:e7:4d:71:ce:
+ d1:05:6d:b1:6c:fb:1a:4c:b6:ef:70:2b:3d:9b:1d:66:d8:d9:
+ 9f:f0:e5:48:29:50:e8:1b:1a:fb:b4:d2:5e:38:ec:05:45:c2:
+ e7:de:9a:9d:aa:34:67:c5:66:18:e3:86:8b:0c:1a:c4:21:20:
+ 7e:b7:ad:e2:0b:d0:0d:d4:76:e6:53:ca:77:bc:ce:d0:9b:7b:
+ 7c:fd:42:94:da:63:d8:a7:52:d2:45:f2:d5:55:ef:37:f1:a5:
+ 0e:ba:29:c9:b4:ce:99:45:04:21:2b:86:27:bb:c1:f2:86:9a:
+ 7c:51:5c:3b
+-----BEGIN CERTIFICATE-----
+MIIDmDCCAoCgAwIBAgIQYQlcLI017ikcmc6r1Cs8pDANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjlaFw0yMzEwMTUx
+MDQ3MjlaMBoxGDAWBgNVBAMMD2Rzb2NsYWItdGhlaGl2ZTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALrFTSCkYLdhIe0WoW9yxN6hAMDv/F2hiTQHFdK0
+OhS4lXWOgXFJRh3Igcvx7MdaEvaJYOTImBphyC0Sj3Pu+J2ItX8wcJcptKtDLdzb
+pxBHx7UmmxGF+9MnjzpVvOp4F7iJEKOkEGA5w39CJan+hH84XvQ9w5g9Vrm6gQZV
+jWUS8E4jiB2YDC9uT2f9Tmc5kbkBUhKqnrt6yOqPSi0Y+GmaOqDIbuPextu+TFng
+z7w0Tyyw7z6CWt9ovrj7zF9q8j5m1MbF9gtn6WSFFYdgb9y0WxNvsJv489rBkZ6B
+XxbKnhQBwRzOKtPIPA++sTeqyQhoK975RGwekKQSvPU8Rr0CAwEAAaOB3TCB2jAJ
+BgNVHRMEAjAAMB0GA1UdDgQWBBRbCI7yG48SA7oxApzOzLyf/BnR4TBGBgNVHSME
+PzA9gBR5BspA05+aVK7TM03yOD62C/M9z6EapBgwFjEUMBIGA1UEAwwLU09DVE9P
+TFMtQ0GCCQCKdJMmgFtCtzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
+CwYDVR0PBAQDAgWgMDoGA1UdEQQzMDGCD2Rzb2NsYWItdGhlaGl2ZYIeZHNvY2xh
+Yi5nbjQtMy13cDgtc29jLnN1bmV0LnNlMA0GCSqGSIb3DQEBCwUAA4IBAQB/svoz
+1uNsV4pKmu+LgSvf89b7jLwCz3FUoPINrjswz1xp19CqzBaATZ3IH6eYnSbcro4k
+K7zBEaaNT8oTH3+PTO/dRt/WlwqIUU73Rqo943DpGeiffiL6tjgwAAqUOAm/uGRs
+wbcFbU/zJwzfBO+hTugtTAbQwE9P2tBtuPKzeRhjvWKDU1U4lNlkyudNcc7RBW2x
+bPsaTLbvcCs9mx1m2Nmf8OVIKVDoGxr7tNJeOOwFRcLn3pqdqjRnxWYY44aLDBrE
+ISB+t63iC9AN1HbmU8p3vM7Qm3t8/UKU2mPYp1LSRfLVVe838aUOuinJtM6ZRQQh
+K4Ynu8Hyhpp8UVw7
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/openssl-easyrsa.cnf b/roles/ca/files/CA/openssl-easyrsa.cnf
new file mode 100644
index 0000000..1139414
--- /dev/null
+++ b/roles/ca/files/CA/openssl-easyrsa.cnf
@@ -0,0 +1,140 @@
+# For use with Easy-RSA 3.1 and OpenSSL or LibreSSL
+
+RANDFILE = $ENV::EASYRSA_PKI/.rnd
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = $ENV::EASYRSA_PKI # Where everything is kept
+certs = $dir # Where the issued certs are kept
+crl_dir = $dir # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+new_certs_dir = $dir/certs_by_serial # default place for new certs.
+
+certificate = $dir/ca.crt # The CA certificate
+serial = $dir/serial # The current serial number
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/ca.key # The private key
+RANDFILE = $dir/.rand # private random number file
+
+x509_extensions = basic_exts # The extentions to add to the cert
+
+# This allows a V2 CRL. Ancient browsers don't like it, but anything Easy-RSA
+# is designed for will. In return, we get the Issuer attached to CRLs.
+crl_extensions = crl_ext
+
+default_days = $ENV::EASYRSA_CERT_EXPIRE # how long to certify for
+default_crl_days= $ENV::EASYRSA_CRL_DAYS # how long before next CRL
+default_md = $ENV::EASYRSA_DIGEST # use public key default MD
+preserve = no # keep passed DN ordering
+
+# This allows to renew certificates which have not been revoked
+unique_subject = no
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_anything
+
+# For the 'anything' policy, which defines allowed DN fields
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+name = optional
+emailAddress = optional
+
+####################################################################
+# Easy-RSA request handling
+# We key off $DN_MODE to determine how to format the DN
+[ req ]
+default_bits = $ENV::EASYRSA_KEY_SIZE
+default_keyfile = privkey.pem
+default_md = $ENV::EASYRSA_DIGEST
+distinguished_name = $ENV::EASYRSA_DN
+x509_extensions = easyrsa_ca # The extentions to add to the self signed cert
+
+# A placeholder to handle the $EXTRA_EXTS feature:
+#%EXTRA_EXTS% # Do NOT remove or change this line as $EXTRA_EXTS support requires it
+
+####################################################################
+# Easy-RSA DN (Subject) handling
+
+# Easy-RSA DN for cn_only support:
+[ cn_only ]
+commonName = Common Name (eg: your user, host, or server name)
+commonName_max = 64
+commonName_default = $ENV::EASYRSA_REQ_CN
+
+# Easy-RSA DN for org support:
+[ org ]
+countryName = Country Name (2 letter code)
+countryName_default = $ENV::EASYRSA_REQ_COUNTRY
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = $ENV::EASYRSA_REQ_PROVINCE
+
+localityName = Locality Name (eg, city)
+localityName_default = $ENV::EASYRSA_REQ_CITY
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = $ENV::EASYRSA_REQ_ORG
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+organizationalUnitName_default = $ENV::EASYRSA_REQ_OU
+
+commonName = Common Name (eg: your user, host, or server name)
+commonName_max = 64
+commonName_default = $ENV::EASYRSA_REQ_CN
+
+emailAddress = Email Address
+emailAddress_default = $ENV::EASYRSA_REQ_EMAIL
+emailAddress_max = 64
+
+####################################################################
+# Easy-RSA cert extension handling
+
+# This section is effectively unused as the main script sets extensions
+# dynamically. This core section is left to support the odd usecase where
+# a user calls openssl directly.
+[ basic_exts ]
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+
+# The Easy-RSA CA extensions
+[ easyrsa_ca ]
+
+# PKIX recommendations:
+
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This could be marked critical, but it's nice to support reading by any
+# broken clients who attempt to do so.
+basicConstraints = CA:true
+
+# Limit key usage to CA tasks. If you really want to use the generated pair as
+# a self-signed cert, comment this out.
+keyUsage = cRLSign, keyCertSign
+
+# nsCertType omitted by default. Let's try to let the deprecated stuff die.
+# nsCertType = sslCA
+
+# CRL extensions.
+[ crl_ext ]
+
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
diff --git a/roles/ca/files/CA/private/Arne Oslebo.key b/roles/ca/files/CA/private/Arne Oslebo.key
new file mode 100644
index 0000000..677703b
--- /dev/null
+++ b/roles/ca/files/CA/private/Arne Oslebo.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDOTAIZIW4c8u2T
+2P28GqTCETvhVXPlJpLT2eim3X2iHb5qfGQGOWAzOH1qyomd5RFYIWnzOohe6uUu
+4Z27AB9ZGWlPazI9LxralT2ZlVOfsurbE0hjLUrcDEumHExi4tARJWfLgFIC6Pg7
+POvL9HEDWr7ZoEn+0XL+T77hrKHtpRUG9E7JBqubksI+uVgM9BUOBMCRG4VznbaX
+oWxwChqgzkyNrCnkxRcAJgNEMqh7g1JJQ2ARU8geuOufH+MTVIF3xEdKLiCNSIyR
+LuDU5TcLXLtfQDeS6WA7oPmYf22zIJI82ozweYHy6ne6tHsGVHWJd36tCDquHtwc
+EWMIQxSXAgMBAAECggEAe0rx9hMEvEhztOj6vHEwBsxF/WYU3d8v4W1anl/BtiIQ
+q5OsNAwWcoZQboKdvMAqnYFa0QMqfY/laR9uJVTtZ1LIna5zWB3O7tRC/IdCcy97
+LXNYz+1B0EGI9L306SSlNZolbnpCiXqy4LSIOFzfLiIN7gLeNmz3TQZcDoQeQuhT
+SA42/6EW1GFWWlFjqFy/W9X9VY3AHZAuf4M9Sv5YK6L7w8dwv190F/JXZz/7z0ad
+ElDfUh09xqsfvFhqvAzpWkGglhh6Ns9DGfH4bueoHZ0gF3nbdLxfpPp4eyRv/Ox4
+Ozf0E0snyJPG2N93Pluks5BKnC8yYYAvGo6hE2/wAQKBgQD2nrK2XCvh36uQIhGe
+iGIzRFGeeKB4jt4ZAM45PryrzBqtXMnndV8V4WoZkPRl5D8/HmoeMVbA6Bb1zdLy
+SDLs/U0IquMe8K6QR+F+wjWFLebu+aNaPsKnu8fJOVmDmNGReX7q3thTja+rcSDA
+5h5dEi9viM0OsRl2Xf5zLuzUSQKBgQDWJLDem/cV7vyrB3r60EeVSY9pwj0AD7oZ
+Tbcx2DuibP6ojvsDpUDbh3nuIlu69jRO0kl0rdCVnoWu3eaerDtFKd8EUsoQJv9B
+CV+rD4xoNa/1C+1DggIyAcTrAGxTS+Z/qsgVBy1YGLWtdaqg1TZI47F7m+fVtZRZ
+BMgW8lLh3wKBgQCRltRHxZf+Sw28E/C01yypuT45wFpzcVv6BLi5oKi+/soM6Acl
+heuxPhZlq2YsNJeFyo2470WYsirDx1MtxqORtmNgp4lW/Zz//f9H1pzD13pKP8NI
+hl5hqQBjcWC/yFqHd+MOAqpQgQdgvXMpjXAFX7PzMx5i+vfeIdUR6HTVSQKBgQCR
+fVAljjVrU3mbAXQOX9+ij9297tfe6NB5TJHAbbbmfcLu5mWobmgIPp0aq4FDHu8e
+9kQt38GtRYxx6BU9jKqgLPh2SYE7RCN8HlA/Okscqg0oIbhLe1LegtE1EI6IcTLj
+XjaeAshN6EvW0/DfYLyG/RuibaQvUDS/3j3LSUwCZQKBgGbI4n8JyQx0N5N7seLH
+E874B33QrURfoZqm1Pu03jWzzupzIL3Li+osgS/IAeh2tscCifaWX4eop973NGUe
+FfSGoQal+iQStVoEhKG79k5q3Yut8YFNt0Oy6tYrl7rWm5kSdok97u10lylPJKJY
+jryMaRsmZMcFRwby70+VtnoW
+-----END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/Arne Oslebo.p12 b/roles/ca/files/CA/private/Arne Oslebo.p12
new file mode 100644
index 0000000000000000000000000000000000000000..273c8018b7bed8f691d9e9c24f5fa9d6425a0e79
GIT binary patch
literal 3325
zcmXqL;`zzM$ZXKWv!9JqtIebBJ1-+U<ANrh4J=JOYYdurRv0v~$0MZJ7BsO37&Ni_
zFflS1G_kuPWEc%(*tno3@G!C&@Ud`s@lK!gTfNSPiHU=up^05$Z{d_(t&GJt7$3D7
z$8I!c_ItQJ%%!Ef(cf$BntMCfy>FjpJMUrthy3#6H32Jc-q;#=_Lq04#;r@IWqa~v
z_b(_qa_(it#~T4L)*+Pzm#fxq_sSM*O=p+Xu5f&P`qNwI{IV#^!*;n7T4xG<o*eeG
z`)<5itWm)%{?^@B{n!70HTkWW`#rhxRnKGET-OBEO!s~3BKVy90o!X<6<K?>iiwAc
zGCX#qIUQ_Nn{F}PCg;M*<*5uOHrWd;f49j$>~d1Crpr;2Ggp>~_59V;ycjuQQd6Jw
zIrk!Fn@;h~CY!IxY%5!;bVBiU&#j4J6_%&B2#6?ISV~X+XMONJ_a?2={0l=f`!CIx
z`n<rO-E-I3TG{ka-McB;^=nSpshYkQu-Ce^Y>r=G`E8&1Axv(UFa9=~KH2#5jZJIx
zTPDgLUb8aykInjN4toy03-3#RVbJyd*`|_(e-3{*&H7<K+y3gtbJzC%&&XrFH=`;0
z?L5<;#wI3vMfJmWiR`@2!uyCjvml4zzxivM3eOGCB|;e{s$6rDU%P+RhH5wA1fk|O
zfs0MkyxBBky#CtmQf0kwd%R32WMM#$zT3CzbM?MK(^Q^3YB3g+-=Nc|9wbzn5+pBN
z^)WI=uVD2QzAb+WBwC}N8(;d=kZ^9>+Wa0zLxb(NOus4^m+^NUWDOBt&pem^pw7*e
z*KQiVH(Ijs+ltxW;sSMS)B|T+Q|x9t;qgk`itl7oxPMdWscy{zw!=>>3)-G673aIK
zQtg_Q-VCb)I&8;Ja2~XDaTWVsoN794f^^Egm#19s-LZL=bNy^?iKoiBlndM4tMBYw
zub{f)a=Y+@bsnNVF<)0y-G5S+)YD?Evv%YAZ2q}gEp6&o=I(ZVCy{A+J>;C8@chRs
zgj#kR-gvU?^x@|-3cuV96)rn37qdU>`oD!c)x%k0V!niW?8-~&h*YxuwQ`1z<*YNa
zw!E=1I{9q!|EMF8d#s8+Z+j^8_p3w9pV<bVrySSsNQ>4}x7wAk=Tok66o=TV2NPFk
z%sg2m#B+DuhP$76*qhs>*q!Gp*e#N|QPsazWnTXNsT`(<#06~I*2yY8vwADYCjad>
zr{brrr&mZ9zy3C1>uw+Yt8C&~C3ARR6*zJ%J-owx1M{+(PE*|sbn4;{USjI@+}NHy
zDeJGlhshFW`K27cu1yHyniks~9C5D3u-|jZ`vs@U>vtPSy8lkA_MW!)>63K=(=r)c
zG|J`_TVI~`zb(#xPtY#*Lyscc{Lim7<7Ts+bdslGs*!v`)Pakes*Y-(_BIh)6{}a+
zUy^!wFU$5P4~q}`E?dpYQMBX9>!_5?Q6lEd=U%^a@%Gf1e}3|u{4ym$r|=sWqy-;K
zaLo6(Hq%~n;eXS*+3$^&q%J6)ubr-SD0R(sgALkKC$l_o(VUfc?B5L56<1$fV3S!m
zU&`@<{`<1kdj2k6F8o(hnt3~Nx?3H}Rf?opX6~85J>BKy_fL#=5tiAv4yXUk%)7or
z<Bo*F(KR2MmacsAZmHAk+`Up&GM@Je0uJ+<Ot|vYWYx#M?lm&&BA+;De3VcA6Y_ES
zB<<)0KDTa75ecntJhkW3uk{=y*Zu0dH{4IFJD&bG=0x6wCwFH#roH;I@6qoYk`}yQ
zE`6%AYBYOyZq1$s-j1_Z;@C4~KRgp%QI^!FU~;RCGqxjd&yl?+MDlufSzg)DcB48)
zVLsdY=V20Yso8p0<y1V^nC_h1a_%kXu|K@)lASM|U9msUsZ}XN=5q4|hrBh<x9eUo
zo7gtV|5Rh@LUolFHS_%MPW0L7Wubm-@|3;(MPUc{j%57xpL)JIde+mpeJUrqA1^-i
zV(~WZ=gx-%Jomros5<!S!M$e^`DHfK^;WmDZWGHre!6{=gulR{0{J6#vYUUg#544>
zpV;PCntEy*kN;BB*gnB&+-!dyxh@X){JdJhZ^s0m_3cw$u<nhz6sq(o+Q(McSheBZ
zf-=3Qc9o_vLUzLE&hAY59k=C9jGkK7<HkO7^YXS6J12&2sJR)WCSv=%c2k|^L!IN+
zjVGTP`nNxx%lhNmJlCIkTAwqg|7vZ2HuKKLc{AQ5ip~vM^yU1IS$>_`Ow*3DJ1M?h
z*0<xbR!vFRy7QGGQI?<l&gW#rZZWMW`mW=%pC><CuOrF7GrII%75}NeWv8clw$A5u
zx^nsUl*5~ERL|y9`*^iEDDu_rBk!BD&iHPa9@J=YShPp5ggrlh(wwS{-<kKf)yw$>
z{pI?gXCGyLfPHdI`nos`@0a#JHU`waym+8y+H;S`MVI<I%DSdE?Q%6b9rNn?Ql1zI
z!N*^!6ic7ZemsGfeFgIst%%ijJ!?Mco}Ir~d>NC%t{<Nzjec2d%{#lCty*e&?_;U0
zAEnDZ@?T!Mm0Eitia#fP<+aq?dQXLd70zWl<zGB>L+RSg_bM$frUdi8n0Eff@<%OS
z8YXVfyfnwiIiYl75uZWg;k^8pXI*5a*}6Z^yqU7ppo!HHsUls_#A?LS#Hwe|#HwY`
z#Hz-|4XakU7?~C{vAi>AVtIv9+cJY{+fPy9`>*qd6oYD8mL`@Hg$9p`N~*qoV_CFv
z!T!C`OI}#)Xqq3>*nhUSSlLc6>{0thwl9gbB3I`n&f9QR#8fEod;PsPB7e5%?~=T@
z{Ni8ty&PNe^Ho|M=l2D&-n}s`>GsXDN1OY1-T1j^(VwZJ8%mjYFEgCfO+5H*kDt`O
zqNHt4qB$paJa7uy5~;15wD--UiCK;xrSHu<)KOHRDmF>NdDZ3gOYH9)Z){RY(flf7
z_UivMlj(B1kE}U!{^!}Za&ud^$5?uw49o55nI9yj9r7%P_r&XrCB>6!crU4Ntk*r&
z_~n*Po!*nbYm)8zSFQ||GT89S`t!4({!e>e_O{(wzQ3#CX6~+#d14ELuJ>50#w*2~
zQQhFx`07&h4d?4QvoG&Dbk&e`-}l+GcsKRD`z6Q{lW=<H{_cIVba+da?=5|Q*J*(Q
z^WOehLAJl&_#I@~Qma_<!^=7O&CC#QjR*b$4!rWS>v?h`UQHKMU8U&h^5p8-2VvX&
zTUPIxaGTqA`J!)M_TK#7c_Gnv)rmcwPLt<|Uf?@A^HccGyblFy5Bk1e$5%N0rkPBH
zWJ<k$hId3(QKaH!CQ}0@hQB%sysloKU$LA${NDP%d-WN`mY-|Nz1lG4*VWT;M^dBn
z_pP}lB&R=XRnFhLi~s(z3`!}NKRq*3L&qy*`q!^n(fbQKWz%(h{SH~rb1k^O#3j){
z#9YL}<LTnMS?Qq{s&^IGpFUL`)wtiMUS28q!|O8_E#r5;*83b=yHD8U<G<NAZtSlM
z{&iVg>)*FWb3S!SPN@!B6E(T7eI<``sfFbW<^HnNdowST2&Pq>c)(p0amJEG=+(KI
zoZ;tUIgZSHD0P0)oT@bYz?EOGz5liJ+|L^#pD$0kEc*A6lIq)Uj~1^o*RP*)cZ1DO
z|GTxG9s%<df)1`^nw9Y={<is6rd0;4FT$?Zo_(?B+sg|azQ%vWbjxCe%eA@`&iEdm
zxJN2LP5bTB<2Pg76<9-$^G%qclAf*kuygzAH~LczFU|eiyT^rrMey3!XMca|Hb#~|
zN@VWqG2lB@JW*cTpzz{1Ri=`Qb6LH1trPC&uzYmeL7Q*Ft@)cyo^03ku<l@z_<Hn5
z<w^^gdfm-`EVh0~_xVujb7ki*IXCybe$&4hJkuL<Vs6+()iY)8XgfOP_FK76wKZ+Y
zz8`NhU63?0&ia0w<ATESq=m;EZ#-Xe%Pf4}iSy<gDwASEt(W=-Zfh%X5nSWQ^x*%O
zqR)z7-BSIZfB3XR;r1yr%?sxaUh&LjHeS-w(4V&N<=b16OQcej<mc53Ykg4s!yA>{
zEN8dKOLB{olBQ-lpYNvpJ0_h10lK%OQq+!x1TcPdGFJY>_G2|etneAl9}iPQ))}b&
zw9>w_#l+bBZM1woYZ~|du4%6|9#kIQ(yJ+7?KR2eZUNJ>!_uKORi_tTu+bCVX3{0J
zJmf^*)C+lRH>yvS-i^FF;kaXH;L!#NYo2FEmoco2E7`haUAb#%vFy`@m##l;Og^!@
znf2|8S(W;0{&qV=9@bB@keHx(f#WCVOVvZ4y(e!_y886MrFoI=pS#XvinaxX1m3wM
z+-JVc!gF^1@3Rw(@Ag#OtX!s|*6}v$#;R4RKB`7pOtZabTUpAc>CP~bxMLq@)Oljb
z7wd{0k1qKdzP@tV`^7)kEqA%}#b;-pOyJjHaO&{eW2kDN3@;ryMGeJRL~<S}UzA#8
zYkq%z-NWzqxrKDo7&QzG4HOMH*;uvtn3<$l8CXOXI(Jsjc9K0YG0yS`!>c|%<;nN%
SvT*onuj~K4uqy#nN&)~L2}KS7
literal 0
HcmV?d00001
diff --git a/roles/ca/files/CA/private/Bozidar Proevski.key b/roles/ca/files/CA/private/Bozidar Proevski.key
new file mode 100644
index 0000000..8a141bb
--- /dev/null
+++ b/roles/ca/files/CA/private/Bozidar Proevski.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCa3gD98em5KdlY
+0Echz0tnF/epApMXz1dbb9smkDAJC9nFZl72ImarSAaqbIiz/ZNFpGDJXytsr9to
+XifmhXEntyBSYd8UG9oGObIhIEsiSLdLdkQCsYlfDlkiy7nJHo2grChd5a7I6swF
+IKJgERKNbYgKc+h8aJxILMmoxp3DPMHn9Af3W25CPT0PhW/iuYip0AKEuBlqrhOh
+l1CYFsgMG70CyF+jL3N+JfiM55JDx2p1vIXqHEcoziybOo+oB+mMinU+wZcyzuPF
+yh4K1zx3CtKrUcPl3DeQGjW/oEqqvTjvnm34gTd/03cjxltjmGQHL0f9fSEvV8LY
+RADCKSJ5AgMBAAECggEABfbe2ujiM3tlH4KF+stdAA9wPlYXDCe0GZVpP0b2UqLe
+NDgJGDmi8p3Hg/DCIwx1C42VHKxJo9nx/UcDCmHBReJLoGCcks2vy+WU8qmnux5J
+0OIxJFlqDPske66U7SX8FmAK/fLGlH5WdSwYlNKTgFbjkmN8ZK4ytqTi71kW4ln5
+VUlXPd9FYlHc29u4qXJeaRLj9PIz/6FxYl0Ub13dXV8hfVEG8JaeosFjOhZqpgLg
+t1oNaPrKBywYvJ1P+PKfX7lsFV6dllpaosP1j0OEjAVZ3USOAyVgMHmKqqvCynlg
+IuKKF169bsJAb02KKtz1RMY3/Tao3VboHIGSNFSM8QKBgQDOALdl8uRaLSFHjJ6x
+UQWks+Hzs8eCC4qJ39Yj7Eqznat3GmZwc6S5/1s414VAOz8lX1S+xKLEiuxRH1kL
+etFRpGGA7XBHGI7EpRiHc4jyuzt/vMDZyA1Hh8iSsr03uDA5okVi6YWM647b/byU
+Xl9aWZzqX72RDerikpRPMvERgwKBgQDAdCar1Y3flctOl4iRatpya3PWCLVDNGTA
+88/m2DEGtwJxRdhfztNsrXIao8WkwPkvW+fnS5c6M8cXDOph3j5E56xsH4w+9vXG
++eN0/w6ci1ajZtCu6fCttwCVPBu5dzMSWAfNmnYbnnFQvzHLCV5ZbR3Z0dDMLM7o
+2gD3JdynUwKBgD+aBQWa6lnVGTNH/S7tvvpM93QQi4ZhHdLXovvQVngCNBA/vGT3
+r2IlrvprwB5GrIZTWozTlRVtduzM6ucacknsoJX3uPSaZmncNyiKyTt4BzS3CCu1
+EjSFfa2dNcJgQbNpoFablrodeCv/uRttz67LgCD0kkiYrW5qpxOUvM0VAoGBAKbx
+msIgg+tZs3y/clZCjLAIifk2oJZlkqjWVph3HUAn7NR5tBKYBUsWwg5d1oruYro0
+TVyUc+CnHaLfL0oqUXXQSf+Y9j2AWP97sVXCEti0/jjMbWXtxTvLrZPHCn296u2U
+s2AlByM6NC3JTNZFkDSetPBIU4lprSrMQV4i19/FAoGAe7iRaTkcmMZaE1cvZs2j
+Uv2TzZrXtj9MWtjxV7Tu1NrAcMV2WG4FJHxt+2V30beUrWFlg647Wo62ww2ylrze
+kyQoE0/eccfGI6z7qh8D8026xAoh7oeoLubhzFszz/dqOfJPiUv1GyzyD2m2kSvZ
+DlY3mCb9rL+6jbbXcS+7Iuw=
+-----END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/Bozidar Proevski.p12 b/roles/ca/files/CA/private/Bozidar Proevski.p12
new file mode 100644
index 0000000000000000000000000000000000000000..24010a64063a960d554cd4e895e17b9e2e62362a
GIT binary patch
literal 3325
zcmXqL;`zzM$ZXKWv!9JqtIebBJ1-+U<ANrh4J=JOYYdurRv0v~$0MZJ7BsO37&Ni_
zFflS1G_kuPWEc%(*tno3@G!C&@Ud{@pAm@?KUTG!iHU=up^07M-_B68Da(!WpME~x
zZCt6<q<!Sk^6!!@7xVufn0!ucb)Kus@z>Mc_Z_UC{lcqxBg3VQyN|7Czu4*hGdcg-
z9%do$moM+!oByiiZR#dlK8>)xK5y>ZF*!5O@g7z9px(g!_F<Q^E7P^TpSR6B?z)!c
zs1ftlMYo+3=7%M%;BTH8p#S~;`iVz%w@DevvuE947LM0w*J~->zvhQuzRh7NU#axD
zCwCN2`|QHMXm?$jR#Ez{*Aar2((SyrW;LI9eB<naBPXJFMi>`xAANIOWQwBtA$@}n
zc30FAC*R&_w2eLPZ_YmHH(PDR6SNL}w|nr-XnKWW_;>cDFIMMXdX*dItnvEEKW%Qt
z_o64abM$o9#k>_S+sm<U>dvOk9&g^~zWO}#saAmf3F9lXSO4DV+pojg)LXOmpvB%-
zj$f@R&D#2dZvEZOdCPOUZ{vL}nY}T(dt^&JKRx17Ta(T4>8#B9hr0P~KOI%}2<ENM
z$Sr6(@WxZ`#H7mnvs`~~NX8s2G|3c83n|hv4cULg=W*~NQ4e>u7s-p_wD-Sx&b(-e
z;%UZhoFUu(`B(0CeWk0reCpQQ>+D09%zEmxcS_msm+>qTJ&sQVm>cd@E&QA*^v+=R
zH?t3?I#muH?#%x4t+eP_@(jz#3mhw0xl)2`bUZ|ic55&7DcZbFPbRZ~?QK?S-p;jY
z3~#UP&AvCQ<8e!y*lFjQ1?%%1&5C&yj+rNv?cQ$4Dzn4Q`BEe6_Wc4W=N9MjIwVa@
zJ(=)lH@~F4+Z4;d$mXvCzmDHu%JS8iaq>h{gXE6ozc1zQc>7|tP_rOwkGJsU2ZtSB
z%yL#QxgFg8DEvGVdt!&{s*=Qm|AJ<vYByc>x%p5@#il=w%~$r&7ulX8oMCfKYz4o)
z4o;9g`Sj@j^0u0fm5Uxle_~j?!1O~{dx8kdmxB7qegD>Eu^rm|MC;58Q#Xr>*z+0>
zm#qyKs$Xh<>#E4p$K@BlnH^#Ins{FS=;YN}DMwBl1$SAt$R7w@en;fRb`$wh!<~`Q
zbHb|DJ^T1LrTB!-;#Y3ET`Lz{dR4z=SzKDKk>JM9y<C2)r|s?8Thcz^;qHAwCoFz^
z+EU;Cx9a?n)6xPz;+<z09g_a!?dv<|_Zp3P;fni|&RR>q3JJd~#x=V@#<@bixH0-^
z)&}Xkjr#<XW9+9SWt<lO{7a3~YR~?F-t%8RdJFVstTvM=nruAxYWREQAXC$8vWXq;
z^HU!QWPC|-+%@UKrJw0qyx$L7?VfcxZEoy_+AnKrB7^;}DW7=Pv}DVbh~Jh1w$7Wg
zjQ@+?{^v5k$L)}K`t6nX5BH@=*UCyd@?_rFP|#3hEpS0+b3=#vUr}@S$2#f4Y{_k&
zCeJ$dIhMq?xjyz)y!KWsxz8Y@<K6GOZyN&E6}O*zKWlR2uH+AYe$V;2&tb1kL7w~L
z%RjgemVQf{@HRqs{^mU{OJXuqs`FO=(5m>txHES7?Dv;Ex7TSJ_g0%I^K_(oE}pPL
z#&Mr?z2^zrMoV3l1<d8qZ}sOsZ1ZJUByhg>r-NTl;k{jdzwRpfop5{eylLzAaDB{7
z>u}!J=;vdYbno3SrWkYghsTr>?%cLM`R0IL&$>JPR|@{@TIXPQ!BvZ);c?23yC<zO
zn1tij3YO0nxyxw%-Y=g~BFpXe>_)-j5Xo-W$JeX9kH+lUQIaR=z3cVCQ}-QaTDW_2
zOmA5|uhGA2dF!`0N9C=v;}lx%R%qQ*EuX%iGD3nwur$}-O?RRb@9w>ND^j$juEy+B
zo~Z1!raB;IF<<|T6JKIdHgM|vp83{HwE5X*`9}8dy0dsTFgDzb>B!XloUv|Yg0{eJ
zelA~;fRA49<ZPR}7!CNp2AqEvKA|Q`&7?EcvC8-Sg+g!Db?V!TOV~WVKYs0RIj>K4
z-I6=T26B(>W^RdJwC#HdyQjvzN|Az&$(2%%i<SAcS@_-C?<e?A(qoeHmOJRSEb)rL
zf}bS`N4`~a)=tiq7s%Y^u2<XT;>11ERsZ|bk8UrwNZ;=%SAIW#!=Y!tetc#>{4b^~
z^yu?N7Ns{A<mpezS<)c7#Q6RPBh#f$bIjD-H{3thcjWl?SC0c1#a!@Sqs`H)mX|tP
z-a~)chWWl$HM6JIb<Z){cVUeU$Kx~0#d|Y0{!~tua9WjM#(wI=-tFRLofF=K{@=0d
z&^ZnJQ@w4yipIC=CU}OQ&&Z69)#lGrNc*|_bmSM`701F0fBapwda(@C#3MVdFRfF%
z;g`}_^6ulJ<Lqw)yYja0UJ)W~=*1;8pK;?^?ww|AqHc4JdY;Kyw5R$Z$LVyn&E6)r
z8}m9P(igr=ZA(+M;7o1aZozBRY^%D?SFGMigr_3H%u2@RKzvQ?`hVr0wy2*~$P@Rk
z{J>PO^#)5*?wJ+ga%<a{_H-!TE}pY8DE}6FnOsSS_{>LtoqHlb@aEgjpRVV#dG2!g
z?|H0D^ZLI%DCw7YdGPFyzwytK92|B2lq{AoXkv9lsz?_!u^O>7vFaH#v1%DKv8u6g
z!>Uy-My3T#Ebk1OSYDyjw#=Z~_OLUD%=deLZ9ugxOB2h9y|ZkO8Qpd{D*K}G=b{%p
z2agwX-997VvsRYJG_b5@8~aa}P}QwP=klUupY%NMo8FLe-_)PY`a!_e_j7Xmo-~~Q
zxVR%K|AzYC$&c>K#9I0mWnR4^8(36X<tkOJaj)y4Zl}Jxf(4gd%ys5Z;sR=2X^j@n
zZ&y~Ve*aT^)(f5HN{>IH(|o7Q5m{H(`O!ej^<DB4cb^H&;a%Tm{;GYq^n<Us#&^~0
z%PY-3>F8}PH7J}d!}h6{sluC0=fF=B-l@B-ulAX5ONy(JscGIM`LXYA_TAeHVpMhs
zXryp3{5X|+Fy(Og)u}RFj}8|V#s2%rQ(~!EkSEWZvviZ+egEy-6aTb#9(7Pudi==i
z55w=1hHL>biHg@O68x_1_uUpHSrVBq=s%&CZC6KOsnUwn$sG4sw$9k{#@FC?$?uC-
zBAnZ$mFBlFX{_C{MdtVF|4nu3=g!GGy)KV9s(+Pt-c8#Tt4s@aPLVOOi+EjebiYC8
zZkEM$r6qAoc}ssSb*SN3w6#|Khuiri{%!V?H5N88?7q;m)R*@-@5h}otJ{*}w@+BL
zG*zJNJMXJ6j(#Ua9hU7#FY+_LY_{s`DW8A|Z%f?%zj{`9Y02FaVf_`8j;T4{+Q4FC
znI`jKRms(No0YznMDI8KsweBYH;4VylpKr8r(SX$=3y<G>uPVZDAe>CTlkKp`F~dW
zPI>LAm%6@8ezSbD!Su6sUaHIm678aH{VgHZFA7?ho$JYB5y;6~!C4z;bFuWDM(YfX
zDWSFzO38;cUIos2+<ivt`1&15^WJKDM10ZnE0%wFTjJ)t{fE@+xf7X%PfHywd@`}d
zQtfQx44vBM+&i;Ud}<PF&pw(ic6`Z!S^7I{A3pPYbyOrHbQg<$-JiQ2XF{F?&e#9m
zbG&xSx|TWTXI{vZH+|t(e&XIgjp(a;VoNVAj1D|M_oAYz6=SyHm9Tw1I+;5rty=j_
za;+5qfrm%Svl)6{e>T72yHUpC&^<NFjdhE>>W{qfemGHe(&M@_N36^DeB(TI?&R9!
zw5f*{Tl&50Z!~D@+AtyYCeNcwZ!R92UHNvxjPNYR$V11c9Ap<MEY6yx700PP=e2}-
z<BFTYk!$W>Ocrd)*Wb^zO(^}?`(M|Eu6$2j7yNx$NY(x+E4n^KOq`HVs(Rsvk%!co
zoh1`{9>)o^sr>lhc>CYZk`o-(v(7Hxw_kq6-@D~qY1fuJyqLT6Uij`-pSycXUtcoY
z+I9NPb=GHJ_>{sK@9r#rzW%1SfRv@~Nv6f=*LvH}hcTAg&p-e6Nc5~)k?Fx2Y1K_C
z+#9E?EWG9+WZWv08Z`Im^P{JW!q|NGi-fp6mH2n0I8%JlcGf>VT)m4Tx6W*rd(0+n
zUg+R9)8$=Ru<Js0wP)6|?RdnFUY`Bn%1=Z8NVmq<tGucbuN^G4{8r1iYV$w0Et`%N
z9nDogG<W`lX|Hl3PByz7NeZqJve@gv7<x?P-<zwKci%Xx(w^EIe{tr*^CrKeC+Z3@
zrJN5}EY`n!--OldUPF@C#x?Gm_rDn5Q(xJ(zP)$)-A^or8jp9R&)R=VStR`rYq(kc
zhgWv)4RhXx@GEx;y=S_$nL+Jf-ej}?%i|?gFW-Lp*rKene3JaVs-@e*?M$Of&IqK1
zExIbJF1mY3srTo_l`9fAN6mhu<o<@?OuM(Cs(~`RbmSB@6k`#Q^!q4Qsr+Z!8T0S^
za!#*YsA%<jlYyauq5&rxt2Q4qlN2ihi^u|21Mj}M-czp`eKY;fw>tO-Z!sSWM<5IL
MzLJB#K7&e00Bh$qdH?_b
literal 0
HcmV?d00001
diff --git a/roles/ca/files/CA/private/ca.key b/roles/ca/files/CA/private/ca.key
new file mode 100644
index 0000000..3c45faa
--- /dev/null
+++ b/roles/ca/files/CA/private/ca.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAtRmQxWST0ewGJIRLAfVOqrSvuNHYtyjnk8EaLCe4bz9RUI8J
+yAt+wVJVateShIEUwnF4Cx9AnbcwtUZM/gFAi8ikzhpjQqpr8jHBEnabqCNTVC5L
+9EHmFzI+ENS4dEZXamaRK99lH7FaMATz4YowFJVQB3iS744v7Z1LyPvvZ6NocdN1
+AIY0zDOfQL4mLEU9w1JHIjUpZacFfuwdqYJ6UYM7G1Rj9nIXmmkWBvQwG0Uy6wLV
+cTtFiXP8zRkqb17jsgSt9P6cBjL4TRj3nJBJUqQ32nqbgPGQ3H2ijZNJBAb8yJVK
+6WQZr7QXOQ5qXxAZUpOVCv9F0m5ShOXTqpVnNQIDAQABAoIBAFg1QJd0mq9Hx+In
+caVdh1iMM37Q7z6fNNR53LafDi1ZaNDVKs1+E9ozsRkeMOZLPQJMZEz+humK3bWd
+rUiW8YpkSyl8HtbMzVElPMYycTSfKCo7dpFdO6YWubZW9hTkYhWYKaN15vpd1vDG
+qMc1GKAd7eIFr4Pw/JU+5TfaxkvysCuih6Q6/MZwddM61eCZO6VBYMf0k94RHn0I
+gIY4hCeyJQ3RoIpzZr4XqUAGdLOvTmzPSTlqT4g7RVgsGQT1p6yG3o42kev0l+Y4
+L92dA25xWeHirWkaQLRj46tX4un67SWA8OkxwA1D49i3keIfhRjsa0d3YELmV8tG
+60l6RcECgYEA6alfHn3zGMw7npN4V/iGEwv7Y4xDcDPdlWTCQ8Btc8XanHuVxcTu
+bENrMouddeM6GI6sz7GVg4vXVyPXa0ZCBPIK61ArS8aNlmggqRd86pgQRWkgCVi2
+gXANwrV6NZNXYZ3X+glIljlRoqlNm7rH9hMQ2KwUW02Q9AdclgvpfQUCgYEAxmnM
+leiSy+s0H/0Wo+LdvpC1NaZPTML6N8cmjwH9xe2mcsGI2a8EQdfqMHE6aWTuHErj
+I3juwSDSBbPlQsf0nRku+qMuLTzsVbCVfG9NiYr5YPxdT7LnW/F/Kuxyn3mW1wgD
+WXi4DM0muRPskw6c8f604crFShSpszLTcYE12HECgYA/exlxgkxiR1JHQc9nLwjV
+8eJpaDkGKcEgjlBM8eGKm41KCDVnlpoj5akhAVdVKNemxlRi1N9G7t4hOYaUCXF0
+QIIA7jXlD1t2KnH9Hnl8jrWU9fuTLnve7J+Ab6d1GMObrLN5pb4HuijYpWCFV5ht
+3T4tb4rUR12DPuDDjxbvNQKBgGEzb4B5IYE4xp5tNGwxNgSni76urOakFkTBEYi5
+pwMR+5r4aPyLmwBOsHHu5ni/c070+PVlx0FhvMICcWwX3SQhNDyhOHv8/qK0EWeW
+d1vMc4Mp3uSudl06n9v9XeH2hQju6gUo+LF8x12f/yPD4utCpoZ++cvi94fMfH18
+mU5hAoGADsoT85//n1VPQLysZpW6FjYIp8quuGS94FAdkiQVKa7u6vO/Vy19ZxFI
+7Cub8sg+e80wGakCCEi22AN6RwJyV9R8ec8ct+K/HeNqujKoDZN6ZDQzXo0a/vgj
+BibssPr6+b3DVE+/e2qlfzjwQA+GqcSmP70fmg8tGlKbZwwBJxk=
+-----END RSA PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-cortex.key b/roles/ca/files/CA/private/dsoclab-cortex.key
new file mode 100644
index 0000000..827da54
--- /dev/null
+++ b/roles/ca/files/CA/private/dsoclab-cortex.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDNCWsUM0pHdVvT
+2Wc7Ta0fpx8zq4axqjsJqxqm+6BgBONoMw6FVNFwYYq51da1bMKzNgKUtx0Yk1+I
+gf8q9JlYbdeW4tJkd7l0RDzw+1sPQ304Xf6w2wV6qcUQJHUTyC3aab7jQzPwKDCa
+U/j40xAyNewdh6seLLUAfJ+PYeBdVhWMRkUJeAJ4EMCvLyVswlvtX8EzC/jIE9zf
+w/wFkP8Gnsu8HSvCV/K9qiKzS/XKsrgAGPEUELheaZ/t/ASD2S63mopFHFRxj2EC
+aoqEL2ffkjoMX+W252wnaR9bBtZ/5t+rLzGlzWMyYMAHUGwNOctorjyy2g8gBncs
+KKs6MJIbAgMBAAECggEAIdhGJqV4w2bp64Rdd/qQc0Mg8WSE7VrOOABYe+vZQ0BL
+UW3sHbIsiEJxpc9Yi8YSNYba0jWPxfi9skjTGAIcNe6bwbpbRF5G7Jw++wBivZhE
+WUOawRLGSsMvVkTOVp+agg0mh1kWf7QCodbuqBQe/krMWOuGIYr7rcLki8R6Rq2d
+WuW8Kf697ciklh/6cyy1J6axe1LNT906lYvyRock246KbN517wWw7/fu47Mb2fdC
+U6beFxbmbc5vk4lrViE7gSNkY97Vr/uXW9xlyRzvpNJuzZrm00CgNF1MnOnwf3l1
+k8kc63RMkUJGVWcxo5ubzLXpv4CnnmUNPfaSx+CeUQKBgQDuUT8JOu2vfzAC2VOQ
+OfKR4NgMQ8fnK6T67zpLDeNUAGW+hBi62ewD8xxRse0j/rWXgvADBE1GplPXicZI
+Q0o0VgIiL3NFQgCP7rvtPGE9VQXHYgd+ULKCHcPEBwonlbAhiHSwVnBqSFoqWdj+
+SHiBn4AD1ARoD6WSEVi3X6UU/QKBgQDcQATvzbbcr41vQHm9u1O7v0slk306A4yY
+ItXk+GbtLEoLAiLy7n0REKybZAzniuLCDAQ1h1bWLkqRle26XqVfg3YaxGpoJODy
+gPgr2Hi4Y/lcFrwRThUHEu8eaUWVRtY3B9Rgi5VjLVqydgI3/AFWdlzIVkhBeN0w
+MOtKdEg69wKBgG+wD/TJcz8+QkfzhiAfqDkJwPbuhS8n2yfnGdC274UcspI44kYf
+f2bSdsEqu9KUupIJQWaIi5bCuKRY415Wet5QOKvAxSr+JblOzy/9jizqPc0VeiGO
+vDoSrP6ftfibRHJSuy0xNXn58pfKh9GUMTW+hIZGxNHoE1aDXqqB3qIZAoGBAIIc
+A46SDLNDtZ6CDSjrD6T6dW8GONTboeOBuK+hmlQDdN4Z7gFqp1E8c2r8aK8jmZ8e
+MCJbCA5QnFZyplQRc0oAQ/W+EEnjd0tqqrBkGbR7wqQG/iSO5tcd9UoW0DdF+Gfb
+5Tb/XkmPUmPYWKkv4q5sD5V9ewPKXYgJbgW2ubCzAoGACfaFTBM3zZ2rqjJUk8+F
+fGcuDeh/ZFk4MgcN5nbdKHwyXDhBlUY1FzLZlKi5J1lRyTInZUP8KYnXogw757Md
+oa5wPlnw0a6VSHX1ZZUwa0yz1Rrv5M5CA4vyNBENCaHELKLoRWwbAook1gFie6cV
+nrCXNbsWttgWkzqLDWkPT5M=
+-----END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-cortex.p12 b/roles/ca/files/CA/private/dsoclab-cortex.p12
new file mode 100644
index 0000000000000000000000000000000000000000..252b3e7ef466cf7a4090ab3d5c551bd8dcaf5e5f
GIT binary patch
literal 3397
zcmXqL;&o(VWHxBxWoP5mYV&CO&dbQoxS)yW2TK#r7lS6A4+c%_%Mns+3!2zx7&Ng@
zVPa%3Xkzb0$S@knuyH|6;9+Dl;A7#aTyiR9(y|32OiUaM4NdF`^3v+fOukvCq+fAX
zxwrpy-L%(J+a#$?@WjvS3qNVdxRoDP(K`2b;}nx=99~^XCZVdU94A^HSuLYqyTnao
z=Z}8XPeuD3d>>`L{#MwxcG~Tm&lPTYOv_Z;IZa3Vtp6eRYi6~lWGu?NqxDwKeEH;}
z(9YVnT%*;;7nn31xF2a1a<u62hG*A)tDHS^&3K=q@ZpJ{Y~nRGHnas#KUNZLE^+*`
zdYyS<#>}jp54J1v?C5dJ*}F{0N4r3W{iW^Gw^ys<4HVZ(oqG6q^Y^V{%wAh6?=HW(
zaOcE`s@>}?&%5b+PUCSt9qN5pUw%=P;{~Puq7<Q`OTw2cH{E#|%K7r#(XPkg^I4xg
z=ukbvwD+o$|MK%DhcmRjojA(>&D!{7rMt?3kkcI(e#~Fh@ZKw`Yh#c(%c4NulL2vB
z>rbf6oqp}|44Wfg-md+<CuUFS0`WPP-<v~TS$W@ZsMg5bXZCP+;tuV<Q}6U|7x1xr
z{#m$o-^AS&yI=RrE#+!($ZfOUrDAThgY|nX%MrfWJEyd`Z$4n%p|_m(#ec5WJK^Cg
z-Co`^45`(U_20a3>Y|A2EOBnn3Qir@RCoI!e<WIR<1L|O#}20K^i+R%)$Zjzrv)~w
z)`eSqi|zVfXw-77c~r;iH;eCl;THym>TGZO_n*BL1Gh!QFuW7tl5xEu*m(4dr+G!o
z*2GUUtHrf8i)}spL@>kFX7+C0sdG<zh^amj(J0RJ(7uqsmTkN=__ih|qlt#arj?o>
zclw&n-y}J)VX{s51gVb<tBf?5T|ZX^_dCuune#n_r}|y^ntvHPuFg8FJ89m(1?*Wm
z;qTWz6HW_P4|%?1+mbBZpC+?~EKSaZJ+;4|rTpqc&*Uo!Hx(_LZz+4)-#a`%mVK>7
zYK+vp?>F>nW~9#)nR5MU?Q(9tLtE~y^sq3nJl^|pp{$Wh#Y5#+Zyjw;95l`Djdf}~
zDC}Al5wT((kM^G||HmD(5~l0@mg81D|EK0&+;_+NKN8(>U%q|TJdr2j&5(S^L@?i`
zdFlBu$-lmvJbHq7uPD2|Ic|L5{S}{@Q1$J$!kQ1(f7`~U;-D7szJ9`j^2$b=41Vd=
zHo4J^ygXkQubwN;w#)pSF(cc|;@T@e{eD(SrEf5;i8k56x>ljIj`?hE;k8TmdQF5M
zy-8uph%aqOSHJvfnm*t5i}TVrUsqX7{55Bddvl___t(y2H$?aO`WefX&UVz4c=w5E
z#mqF5BezO7dZr4WyJfyza8cB*M*f6p8O0wCJq)y&^<eh~%WOW=2T#u2x0{o{(NwhN
zz~rD;-M1^k%)flw=e}>{<|u}Fy8`D08Aq94{gj)X&-ifu*Ai2~_jyOJs2OMQy{fH$
z!hGbOr`V0An}=?CTE4av$v-eBwe#kGpM}3RXt=G+&pLX!V3iclRKvPN#$_zUKR&UA
z-2T*ktM_wBdDZ6a9@0<y_2uU?e*ZCT*`1Z271((@)m|KlGW9m7wNG2F?Q-t&spO|K
z87f0;FGt+6EAr{vySr_P|0_>Z<^x69vO6w)oKx_EwOex@WAn-9iu+e6E^CZ>63k#x
zlY08ue`9a=%u`k~#6HJ3g_THp*9z}cE0p`SC*p%zn3MVIz*V<=PcC42H}mi|nT>nb
ztrnAa65Va_{e^Gg7rWB3l>dkS$h7Y&{-3(6W?jDidA3873^{*V{+trLck0BY*2iz`
zy|>-$YoETv(z#Mgn^)N-y5ACvlVo4${#!JrV~NeQoE?JEWjZeXyPR7}555f6N>B5x
z{T-rExoFAix#9DY)W7_FQ_JclP;b;6!OI(4wv{WpqO!x=>B^~jeOec{KA4=Uvn*}O
z42h<YUCEwD*QIVz%ipbYTe)%N#d{{4Yi}HqX_`ALyJKZF^VQkgv{UYUuT!;Kz+%2s
zZofsX>l)RUSyk5eV!mpKao_Cxz3<bTCoXmDN3#r`J$>sNBF0{DaM6Y|6V6v!b8aL=
zm$vcE?2CI;&am>$Iy1RRmM52AF6-iVz59XR;YHvbkMzA|k{Vkxy(iA>G%c3Po)#vU
zzxk5X(&^i#wL8q4l4!*3wrVBQl-`Bq?|5YL51oAb!mTKPCI01J`<grMffq$<-aT(n
z3e8n6)aMFa*7LjTXChb8JFa;RQ*#@yU*4|VJafkKP4PR|ct=0p-u!!4?<(JwlO~DO
zutz-i3GDxK>Uf`z*zyiP?eE$vggo`<*Em03%*=S4rN5|DhAnZo{BN^Bp1!qwR}Q6o
z(vdTgbxAAxQJUuXT=ezNl#BU^oV>+PkNJKO_~@IqJo;9}t#^;>g>F1xZMSW`>A3fD
zJ)3(E%m147&ZZN)JAW%>SuVe7b8zwU-@3fFHf0^1ct@k>aZSvlAEBqx7aM#?4p`&)
zEcn?WiBmQSG7Bbr-)DXQY*_7nrG(hVhTG!L*`Beq{*m2zqV?)Yl^I4wSsX?m_NX68
z_c?!NbDKt1U4ZGGJ87D7nFq4x+rL`7wzaY43D2J9Q0H%fAHvR6w;aw$x+Rr8?aFH{
zK@mNslr0%cH|KY+dS86-)SP+wTQ0ts`ZL)~&hcENL0ijd(fo8NmGe85d|n>8FuT2G
zuR#;5BT|LDpo!IprHNI~povw>povwDjT=@yb1^b4XkvM1(8TfzrPgK!)!L@B6qp3=
zPJaNZwON{2PJGz>IQ>P)r1M7KIbQWW{bL-w#k28%4!5)zhbPY>gZn3pj%2-(n6p}O
zW%Io1Ee7qp1=CM_^)7y#d_#7ZukVT1kM3VA*ws7#jy&f(uZL1!3Vjx=PI<pT$o{=c
zM?rCs(Bzzr*B#T2UNd_0&82<j)QPG#MGrZrM9ly5{ot0%$9<Rgd$?^{wfU*(LeDD0
zh^WT%5{@f<OA^m{Dk%%gzq`{l-C!591DDTr)6Is;fp7GAudDQVv7552jCT3h%FFj*
z<{XJ*j9(H~ls~$=A}5*oo`TFn`-Kvx^$pJo{ODaid)edEnzcQPBevzWNeKy0-)^y=
z@&CEpGrv=I7(8bzy3=I2vPK|%!HHuBHr<@K{Y8^kgzF@}$9J<sE1n<R@_OmKZW+t(
zz8j|exA9hZde=5zmb>M^mcx}&pC3fHZ#HzZlrEA^W|*p8+<obpLZaP+qamt4R#@C}
zago1zm|w3-HB(f2Q~GB6IM&@(7dPhRM4#m1V9egMTPiPc|9q>Nx(~KJDL?u1WLRrx
z+M$21Ebg)V+q&}E&fC^ClkaI&t-kg!y<}DH%b@D`-+o5@r(ar~5Y0H&W<BqT`pa+I
zrQ)6cOjZuL)v?BY)6C6vrtx*=8aFj1<HT*<H@_3*%k&js<~hn`rs<qH%dds?)`ZlY
zm-$S>2V`vA3)f!H|CXwA=#l8rz2}!!PmNmdvCU?}lkS_-ep+0aYqurwqW+2gP1ovW
zt&CPhMEpLb|3hy7I@zzDX&m#GGPp&&Yx@<olu3be7l%O&<K0<VV%ywiC9Pe5CSo>M
zN81tMmO1{8_cavGu95rb$*lQt2b&GUAv3?(+l*dx__vx&2;TWjL)Fi@qfxQYNV#p_
z@%N?|#j5vSnWOly^TdXyuY~IpWpABWbo5^ELM}F!Q-4oOb}zD!^$)ricKqA(qW+Ru
zXAHG-xkP^Y+fGmqIIcOz*U|lv+=YF+=X0*xm?Lq#YcZ?)nV`f&xlUzmldoQ0c#5+>
zJ16ORsnz%S?e;J3Rn`1!_;;_TwR6X0#nQvs(~i&8aOTQC_{+GE!Q4?S*ns_wh-s&C
z*(Vk!_PK`w4Xz}w-0x}Za&+;86|1JddZeD<)nyy>bLE{6QgV)6xf*-C%L;EubF?K)
zD|*w$yy6bixrjf@KR-CI*l`uh5)aQ)-K)-T;B(n5-}~%oUP$joS3_BE<Cab5H~Y+E
zti4+oZ|?Nf)&I`T8&VH6b}j8$(~|bC*)T3`Z3f%dxzfqC5eqGq^fu3~<}FcpxGec#
z!mSBkFWItRe;NK($glK>*yZoM+156az85)MZ`}K4ab!WU<2AP_ca;{$zOfW%>5J*x
zetWM#fYQ7UpOpQpDlhJN!DMzco6DL*TJ80Ev7d^!81Li<tCpt+>OXZ_E_3k>%YUDy
zEv!M(%%)72IJO(xh;2-p>H9(X`j%XKxdnOu|Lu8n#p^xa+u1j*4T8%4Y9Dg!nANgf
z`gT{d-S?yVmjq>v;_vU35kB(C^Q8Ls>q=4{>?b=I^<FYhvYHZP!}Et>`U8gY*tB;Y
z!X1h?7tdhXDt&I-LI0d{Gj={X)%@Yc8P-;ZWr4qQl@1v$m3=I+<jp3*jjVk-FZN`w
zT)scT;=1|l1>O5AjRdXvPKk<Y-rM<T)%A`4et*3w9&7YLD^ODVhQ`C2?<-F-{#nd^
z$xzim8D2VaiW-Wsh$Lmr7xlgxQR}V}cWAG!`_(P(?$-?r4HOMH*;uvtn3<$l8CXO*
mJ8Y!w|0unBy2wC4<ixN4tpN{Dvv4HxUw`#7%G(uGN&*0kPfV2n
literal 0
HcmV?d00001
diff --git a/roles/ca/files/CA/private/dsoclab-haproxy.key b/roles/ca/files/CA/private/dsoclab-haproxy.key
new file mode 100644
index 0000000..abcca5e
--- /dev/null
+++ b/roles/ca/files/CA/private/dsoclab-haproxy.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDJxyIzCwsPoIzE
+qYE3vVEvRzL6G4hFsbsRQz3es3Bn14s5Wo8T+y94CLGxMsbRDuTTLjrbhNvSZWsm
+JGzXFuWlkI4CRhMCCpZmRoe3sO5WTDzYrkx971uqbgGOif5Mud5suuQ/jfjXOu2y
+KZpbrFqGZgXzGS9ZjXyLapceQ4o2gLLp4YT2lLwTETG40lpy7WjDsTfkW5GCYqoT
+8rbgOqqFZnAKqa1cp1L/3PmZXuUV1Qz+zSfLmJ5aacpxdDHmJt/s0kJDufMEjix6
+KKb5jrpkPGkOrPXc1fMqUEdQ1Iz17jEIc2kfrkIdUoRdR2jdox8HV+w+ng0jeBZB
+vGjyT+kZAgMBAAECggEAUcxwiNDJQySK7I7q23XcG5Z5i/rtW5OZin3/7vA/eVlg
+D3gu2KLTs42Su4siHk4zZYkwQx2xH7INpgDOPsQBhQT9DN7rhcBVCFE/Y7BObp2p
+bQ375HHMb2L5Lpeyh9gx21JIhZtAbcBt6/QBp3hPmnxxnQNwtpUtEDe923714PHD
+SfJ1Nd+mgeJ3ShPrk2jhcDdU82/mQrk5eH8M5QJqlTEWCvBgJaKhBf89T2XrX8jf
+oPzeVijOqgLg49QEtAPmI98GlE1OAp3boFx4/QA/s76pgWZhYIm1hcm1AguYhQvJ
+bi96IgdgVQQp/y7L+ix8zsq+YRxwPuCSBl+9BotYoQKBgQDm4neNC87XV4RhGuHG
+w8WpFXFe1uOucPfyfTMmjifh61GZa4aWgBQByBQxBs729MOr9TFrNApTGWPO8Lag
+ANnREyNndaUAUFgtCdY7Gc99deWyIx861aAVU7GGIFVkCo3OK0twbbyzqOj+B+H8
+c/P1tXXMayt/gPVuRDj7sq90VwKBgQDfuh6Clxa2sq0GdKsRkiDXaY8eZxJZchYw
++0MsYQjX8hPOGn0YWGy14ppE7JEPTEWSRuzCf5cwem/em8AIESgdCUWcGkgcQO5n
+DvZeXrHHpVrTmGE5xEVNYrD/NPY7VizUsyLNvn5yC4hyByWkwLV+AUGpACE3HP2s
+7xTakmmoDwKBgHKEfXuuEafptrVbWgT2cYHOKu85crDBQ5o40zgaZlm+GDkahiT7
+3fCMRseScvE2sh8GfL6Jj11sSH8KEesGwQLclUDpry+aqkGckW+6+5lk8ssKdKD/
++GjbnD/EpdX7Dh7mhoJ7S49pBjeJvWM0OBr1KDp+JZMWaaWJnSHqnO/9AoGAXvM4
+m6fP5f3y3PiK2cwwz/tm2DpaWUfID0Wz/pO4Ex4UNbacPMbabF8dpf7Ymat/I1Oi
+i/FmkxaDf/COEV5mrdwPhO7Kh+MuyuJYwThjLx4IbCERsliQKQWnpMgvcINkR2k3
+biZYt8IZSHusCD4ZSL7zxOvfLOrK5qgZK6JT4RUCgYEAk94TNC+rYRZOfOIaYA7+
+K1qTQAe8tawTBlKauXptWCzMFtMSEwozuHuxgnyAS/uRUKFMgRk00KrSvnuyGEBX
+5QxqqhBOMvGDs672q/kVZ5C9M06+y5+Zpg0Mf3r+zOBqB5tCASnl2KfOCZkAt8rV
+kyb4KyOsi81/fpVM/WeOL7w=
+-----END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-keycloak.key b/roles/ca/files/CA/private/dsoclab-keycloak.key
new file mode 100644
index 0000000..8c5ebed
--- /dev/null
+++ b/roles/ca/files/CA/private/dsoclab-keycloak.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDqqeprL2ycn22c
+iU4BusbAMt9ZJiuV9MI9yH4izrZ4A+giKIGcmqanuv0FZqNQgYVxwdnqvCHhXQqH
+e75VsH0BV95M/jrFyVR3LhX8Egf475979wkBcHVTO9yxDGVNScT7HUIgb4FFQtPb
+HUxXGx07gTnuss+VSynQqDmY1pM2mb/FQyaNTdttJDv8Fnah/W/GGRHHEg2AFkyI
+2iwJeD0bfGzs254BUF+jVn/UO6Qm0m1Ce4hOjWTtHhoOBVhlWEeDYJ607RXOck+g
+tSLdn6TaiIb+y4Rucj0AQtqLhSry79fuu4VCurn72Z3SLFgPfAIjt0bQaQY3QJ1Y
+dInKtxLlAgMBAAECggEBAIj6HCLq8NxP15zLLSSnUQK571PLix+iWovT74UD4tEV
+frgJqvat81/vL2iqq+P/ZtSrUjfKD4DMXawOGGFOfvl8v/9zWv0+8zYKSbz1DYBK
+525mGfSkH2gxhjY2xR8jU389ae8jB3NVefLqHDiwVBT67sUdzTwZPtRUjiJgBliU
+soJCsCutHAy7GW68N79F0BQItHhjMt02fYybnFxNvBntD4lodZDn7K9iqBoZPduX
+TBsH1FcwZQyvQuiUlJgjUFM//5zrZUMjErv+3ev5c/WdpY4ycbo6VVBGZouVbyeX
+RAWeDUE1nrsEsLBSnTkXVInFjPS6mBxsIi/+hlf6XCECgYEA+bWYDKPgelSe8ii5
+mK94wcLr6MybO+GrBHT4lIP1UggGsvPtXTifNvgGrYx90gmmL6F9QWHE+4lxyh5L
+yEXCTHXl4QopgZCxWnnKekz0ma0lFlGYGr4KA0Z3Ntp+sCb/hcqVW/n24wVhNnmo
+z3ztlSI/GY3B598R7dO9sR/RoYkCgYEA8JNKbTegmeeaAyBehEPy3eajAiT6759p
+7m6Ml1P6IC3Ff3fllJrNWRi+JDKnJF9SUePOVWLWSgYSJyFLoiWK1CzoyLPdbcW9
+Ap9XNzD/aoDi6DBbKCFhRpBCsmTPnT8eFvA9PhuYY60w2UoM7byH+i2aJ1Do3izl
+tLsHJbcT230CgYEA5S4Sl/9MBlpl6xEPjh/2L7drdyVaj/IFWLjWcNBPtnMhWtrf
+joBqODQZRO09iSlL+kk3wWsvNEEoS33UxcGomy5Vxl3iTET1UXmYKPk6QVUVRc+r
+T1f9rpXc0l5kid2xBSUyQdFAE4obd7jfA1fAYfClgxmEzv//34xHfCoc5ykCgYEA
+01sD00pA3ZXc+AwzHY64y3z6D0M/9s+d+GzFNZoAsM6lqaRDXbhW2oTjX9fkgg8A
+upMiTl/kFeqZfilBUnYbLuc5qEJlMjC8KpakwAdbDk2njAgXvfz9gknxXts0j1jJ
+bauokm0aB9A7j1sAWsj8ya3QtePegnr9YDfEQr1CQ90CgYBfAQaYG9ldXcxTlERG
+jOGu0bh9DtnmwsenwTZQD4mNHpvL0MkmIQxR5FAL8XXbNBq50zCiOapLLrhdqbh0
+ih3WoOdqxLIDQtAJYs3ANhOmEAxvQPxpPKhRHRKPGXxyzgW9zeQ08GpYoR/M7VRF
+TypqufvopzWOpbxpgbfiJQmd8g==
+-----END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-keycloak.p12 b/roles/ca/files/CA/private/dsoclab-keycloak.p12
new file mode 100644
index 0000000000000000000000000000000000000000..41e7ba3a2fe1ed26a9e29ffe24a723a5812760d3
GIT binary patch
literal 3397
zcmXqL;&o(VWHxBxWoP5mYV&CO&dbQoxS)yW2TK#r7lS6A4+c%_%Mns+3!2zx7&Ng@
zVPa%3Xkzb0$S@knuyH|6;9+Dl;A7!1y&c?}<+*7u6B7qRLlb*~o9*=(D~h@ORwc$R
zW7(e6P#$DyKDVv5pz`VQNc$vZ?>_0be2W(^6PEcBd*e}C&uqRG_n9-BA5XdSkz=X8
zQ~G}2jSH(Ix0{L=2rszWe|wRx)#KX+_K$>G)~@{0s&V{By2A(U!d;z91isuZK76xy
zpXCqjkPFpMrk-+G^<-kw3HF&DlKM9Fd%}&IrFTjQ%nF;=S)9r7#ANZ~^Ky#!FKUF(
zGdkgsoo&YcnEU1P^FHm*&0JcnI8;B)U4GMNhtuVV-Gv5%-|Nptl|}Ps*>=slwpFHe
zQoHXKrG0OcEmQUSAN|RX=`NJmu*M+x>6x2OJWh8D?kuqsl(;#YF+^Xg`jYRQR6cF(
zmB);Jig}-MUEm|z`;GVgjIdG(#lVZ2%r{ix;<iP}#08#W{+-@rY;y7Jg@5P1-St*=
zTs_zHipx8Xn#msj4yex4$@ksi7^s?BR^`e!lT$!F|CBqk_5apK{O5vNxxT5+jjz$S
zH_Kt0Y^eCj<kyy|^Buq6DPm4v*~qKXFo)-e``t>hAG!$wizRIqZl5k2T^afIGWXX>
za)xPX8`mArn#C-mFR|BU;msFbn;GvsG)@Xmbul&E^LF~O*CKa+7k}C=YS5nD$HCHd
zBSYinmguG1L>1VAlRob7KDc&5OrV4HDgVox%aaYhJ-JuPzhlRX<v&h*w_atl!ge8p
zSl2y{z5LNTzj?;}JbP8lMzm(xjsM>(6y3O!Esj0bR0`f%acHJ_+I+sE$xfbg0!!sY
zGx@JZEa_e3cU^vMy_VbEd-9tfmS)bnA-7TfPq@<BPfUNgC*1G8$kfp*`7~sm$Hv1I
zQ`47+oi+WtT6f1A?+HG_{}0%N7;2`vyb&-D^|Hv(^uL`m_l(i9ONOf-&MkU*PIQS}
z@be`(9LL=xMN513?AR2vSA*wDVB%Vn%Fi|L9yEI=u3ySl7PqPUe4pvD{P|UH1=lZs
zd8j3qPh;Ood-32e%Z_c2-e&esb@hRV6J@rCDyH>`FmA8<wmrLVpRI4_SKTIszX}r`
z$LW1hH(ns0BK?jdpl1I!iw<U6RxYtf%>>7@iB~?oZcCpvPoO(*R`bDazc09P`s8g7
ztXyM#A$3c$`0B))92?tBe46T;-#yoHD(qhJJeTuxa)}XFQcP=gbE(?K9sa&P0m;1!
z-n;m#7CrrW{-N$mz3ST^<9u71K67qb=3l)ylv(HHr5SraTThu2w_w{e%^%*6J_f(M
zIUzMnMP&DNjqQIz5+?n4up`~@-Q&;)(+?<}D%dsQ!<HDy+eIn$Q5P@!9axf@fB13u
zoO0!({)?_Hbr)y+b8h24?P&S1g_+lNB-X3Fd>?XO_ldgGL3YMR+k$2+n!Q}JPxSKj
zJ(p@YZf$;h#a1xy*oFM3oT0YfCUZX5-Is`3TRzFW%GO!7G*Vdq*xar5meY+lEq`~5
zc{kg-fR^vfcc1RFI;!~dwY<=ox*0NGHZo~mWSjZymy-HT-#h93(L0&`3(6Fh$R6w3
zzHaxv*}aho+#OB5U1#oAUtHrZtrKV6X!FeI2lvlhi`{ug&N*hbEmu)4aNK!XO?bhY
z(6u*~%fHmCe3F&NAriCGWWrH3d0+RXsfQwR@1Apg;=#0Se@?}ND_jpZ&Q7j&d1|yv
z^PZ7aef_rjFthbC$;TLkEsautl(hbI_<ql2jnCaVomK~bcvMcY{Fddq%`V^E`OD@@
z(_BOj+V7cqr1j16D-BNHWzrLBmwdi`sYpHRTtU)?DXY5qQ<*nhGn}z~^{TZ;oKG<N
z?pyZms-yR|v?b@?-C6pA`>zCx>5Bb|&i9|KKOF18JHue#^v<ZQax*vQiES6_T>T><
ze@<|q@a1-m<2#BDugEH0VcT9_`c};O`yysZj`Tu<8sW6#!EX;Z{CIEJtXylqVe-5A
zCR+RMyZt_)(!B2a<2mjQ(<YrO6y44&Q&RJD6Z48^W<Gw?r2gjlyDxpwAmMr{G)iFB
z=}&I&eoC<&%oKM1&G*>hk#_Dk2Zw_P{FojY{Nr*=+)*?$`lsf1o7_Z=mG?M)o0Lt`
z`Wt+!a^Fn}j&I%XtQw^I82$eD=UAOxci8RFI&Gc(VZM@Sm*W4p^^45@eQ58@YQNV%
zi_TxxYLN-#`s*wf#Z&o2U|p(dbF6I9*XNZp@2xreL1EvTnyS}#|6iK;M)QTb2+wAr
z9h`ht8{|)~Jk0y#z2-g%g>0TWpGltVS<JT^G~A{n&QhHD^ALyn(XUn4?k6RkRV}&u
z@!|uQ2UiYxnuZG(ubMlf!7lTj#?$wkZacJG>sRNt+URusv*lGS-Gd+RFD|{o@3+KD
zW_M|8@dWu<&-(;IxDrmBtrqlmcU#|h^xWR#_f?af7cA62`6Wm}Vq@vA&uhOooxFMO
zxo*E|<NPJO2fjG&E0+45b(1CX$NSkYt@nL-vQb|q<m1Bd=D0J>hyIj2bNbX=vqYIE
z`hlX&se8^J`hGr8JGZVTePxsV{dniI7d(vxv=sAg#bs}>h&VmgeETEqsb=f`qw#T!
z`_|X|UjN|DEUDV7L5Xq)E2^E2Ot|eIA8<%lNHgZha;6JTOv@5eIhDTr)Y)~C>)rg)
zu6#d(CRRtJ3VA^js}V~RtDZp<tCm3%s~Q_Ota|2RWLnU~^3I@%<rPY;%?zrw=WV%t
z)#S85I;hrWX<|8Xe#MVH5f51I)m~c?Wb){zV@xhL=X24olVZgt8J(^4sC;tx<f3cN
zs;O5c{hjuP8J_4~S9!Smm0<h#MOSBiC|;qW{)T(<io0%iesJ`22rfSoxBS7(v*xS4
zq+CS3GeXoKEf45Fa=kO8OylK>#|`)QUfB?QW}jtKU{vx&!Fh9YTzV{)C+_5#zf3e=
zc=nQ<zjsn%IbPP^yndSViTlEt$3kBn?NpZa{Qcdcwk^m0oBH3fg|}UnvpZ@hPx_%?
z|5d){Pg_#A^d9bz2yt!seY>t+s?nd^Ir)<0My~?j^LwhN|LV$+b9l$6tuy`j`oCu{
z=klzzGL$%WyeuU}`e9t@DfR<K{ww&7y5Hzay*7(8^P<HzYg3J%^U_6jK4MF~HT6>B
zkE2JGWV}r5*3>@=dhH{VD}8Hw%%TK;jrT>tVrz>XtnW+371VWQZj}3J|3s$nWI?Q7
zOZ%JDDL<lwuhkSMzUbp{RQ!_neBHx`5xburxgOm(uRgrwl;M(NFYLQk%C)qscI^y*
zGd1CUvCt%`bwAasmiB+Y;8{5TLVr+#*xLPnr@nf5S=f?|`LA7?^Od%pZ?3JroBrld
z^4nv2Hx$;~ko>vG``+wrYptKTJ8|nzP(1K`(#-mx+aAhVhZLN-t?c_8dFq_h#k?lm
zZ(f`-NBm*G(OCw8mq#n@<s~*9J*#o7JMv^y(bNjD##E;3&dRf;9<8@Oec;AvqlM`c
zrvGWl_<iJu)W>)cwr#&`3P0aX+hml~@v8HmoU_<$fdlp2&MzZhnW|R5-E8^bp6dHW
zb%vY^Zr<gs*I%pIw%u@T=kt|~bvul|SKga<r*nH)W7YNi)aT!Xl-N5wtMs#yt1U$5
zwmnJWdf%$6C-&7detxp&>j^S%{_k&izm}<qQ8>YSjiBAG9+8+&-(xQEzRKrLS+-T3
zH|nNtoQ;t77Y;TX6F*Z2mfVn*ZyB10EDi|u8rPm)G{>ja*{k!MU9o~!yj$3%=wnNh
zo}ZZ^a?`N)P@=_`^tI}H>Z5Y>J2m?b2F&~tcKV7|b-E?PGrsF#v+9hL8&c!gcD61{
zG&)%>@bH<>txtj;;@oGZ32%{&S~KgtQ&5NV#Kd`8b52QV6!Yg?SShIRLRzG5Np#fN
zg^w5gefY`v(nssX2QnF)tTQ6N6nn;gwVkSKo%woQ(3J3?q9w-8$!;1t8_Xk(-YuOk
zz$iCk@#m&}YTG4R_9Un8n-x&u(pmI%asRD9!nxahE?$k)UG!SJYUv%{3qIWfuUZ^W
zy)cX8+`m8K8|Tuk%FAB*3+hagFZN?<dp+H%<*xAc>028=ehOZ%GU=a3>O|jddn6C4
z<n&3-FM4;P{d>%w;2%{hr|f*!bl*m5!M~r`Ex%3Nd&Dk2WWT0={969|8Gog>h)g;A
zJ^%ZK=)}m!YCr0B)GW{Z@M@pZ;m=B@Y}tipcKmES>t)5d@j`*R&Cd4xw%D}XSvlNy
z&cApfyN~OwaYwlSmMh^54^tMcR!lh<7?tjk^kVv>OM5~zHs`0GJ>jE}^SYrYwPTu~
zRiF5B_C><&df^K%skuI$H1(X(iI6;v>RK_LB&C8s9KyPHK3x(!+S%Q-z}ILEhhCpS
zl>LdWHwqq(N4Ew3m@)0vjfh7ET1PnJe_5;*V|EvqZWe#)K=VtlGZEA3RDzlgD4TdX
z7^)g5!%Ig_QA05nkv-D0w`HHT6m>OueysY}-B+tCSP~2j4HOMH*;uvtn3<$l8CXOL
l3x0`cr`sK||F`G0{K`6~$o2OdSU3c|FVA2Pm>CW#B>~lqTi*Zx
literal 0
HcmV?d00001
diff --git a/roles/ca/files/CA/private/dsoclab-kibana.key b/roles/ca/files/CA/private/dsoclab-kibana.key
new file mode 100644
index 0000000..9eec2e4
--- /dev/null
+++ b/roles/ca/files/CA/private/dsoclab-kibana.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDOT8kPhE1Oe9wR
+kMlJqPNgRKglG1mDZAvR4LxZUCKl9Yh6yEBl5CI9d9KPnjAXgF4ghbxwZ2HL2OKf
+mnx7puhOeXvNhm4mUjdFtqu3b0CPelWL0ZHMIW9VN1A7ch8tO791R5GIahzqOd2L
+JTFVDrxSb78Llu/jElzaYyJU5bOViwKeVz57T6D1bweoW0V8yzSDdzSlsf8FEoiP
+zMQFXennfSsS+rtNJfT3BOeVBpXqqcR1TvcDZy2cmvQB9iqNbG3QWanOHxKxdjnI
+B9Qgcx7znLlngzuofG77huo/ao6YTDmp0U2+nwpDSRv9CWe2YnH9h5pjJQCqx6FN
+IxLjVg9vAgMBAAECggEBAKJC7gdeLs8Da1oFXcqpLoEQfo5wrD5CeWlgL8Ku3BFa
+wzSOOtfoTWW6z8hUyc4yD9XUWRiutqP0uIh+oFlANIVD1rMWf5t0HjSeLv/eaBBw
+Tsfg06KQyVdkYZ3fa9XPoA1FdJitnIA7cpr1bY9QP502djNPSux0jMLWJTJQVqXN
+fXykLoIvB8xIPWbJAJMgF75turJMFT3wGN+qjCzbsZqIHmqp4eaKoH4Mz+Y6SJcA
+uSzCdGKVPxHUVZbtkXn5GZXFx5YQ0wwRHJRWQ6Fn49HtKc5vBc7PN8fG18+s3DA2
+BR7MLgIaHGBKsnJgcOOZQiRCQP/uBBEIxIF0qU3h5UECgYEA6aiUvvBNcShCRaaH
+Wf5GpYTT1ANNv5+3sCTy4KKt3yCxyyn5ENEFL1i8w6/LffGIAsoLnoEcxWV/fhLy
+ZH5FzIYxlR/w2rddUyOXENx/9CWw/IhL91U9525JCJ0B0TBkZ9842ORX7kcI8+0g
+4oaC5bDYTZotAto4ftNIzmfznesCgYEA4gnREIl4nv9v28x5aUS+HhSpsH9kkVrr
+FQ0amCJSHu4U9J39MXS3Fju3rlmZG59J9ymEQ4tr0Hq3S+tsTy4hP5d67/KtoxKr
+3smyKduX6gfOmEy3TjCSc+OMebM7lX0crX2+0JCm355yDC8fxdAGxpmqYvwmVw9Q
+NbIb2mHR/40CgYEAjshlnQhbSnq/hLBupZ+srBivGS+rox2Gsizh/kNq3J6uBuhv
+Osd/0572Ot6CC0Q9SPcOgp2DZ1zOu8v4M1C2dnTKd8Y8+Gp0rQlilvsndZpSvP7M
+7Sc53OKX3puTMLHRqWfO5TskQIdIAUc2gTaRZqragxFj0App25ZhN0BurmECgYEA
+uM8L5vhu7ZitjUk17zKsOo3sW4kc4ZczY4fOOZq+B9niukm+LMRfuUbkHCHXg/UN
+lY6VPGBuqwraeLEoYei2eHbSpgKFozHt4f6Is55+K3Nsn6sBqGUgKK5gOVSon8Wm
+P9byvzW1qlmyp3GUCbjXAWO8IqhEdKPpka1pBnk6KDUCgYAhGqRGJ7NG4+Wz/0/5
+Z/IQeEsLO4lB7EuIADn9udmrYgYqv7sHDzhIUOviJPRgf2ag68LEXXZsC029famu
+/wbhD6pw1yq0QKGDcgH/LzHL9+74TqRlT7drPyOFPqOGPKtc88wL/aXRC90n7dsT
+jFEbunnLOfUUjgxXiJpNU0FtjQ==
+-----END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-kibana.p12 b/roles/ca/files/CA/private/dsoclab-kibana.p12
new file mode 100644
index 0000000000000000000000000000000000000000..f9e8737d615ab77c25857cf3b3c8eb2d77f03104
GIT binary patch
literal 3397
zcmXqL;&o(VWHxBxWoP5mYV&CO&dbQoxS)yW2TK#r7lS6A4+c%_%Mns+3!2zx7&Ng@
zVPa%3Xkzb0$S@knuyH|6;9+Dl;A7zkz3X<M_;O+c6B7qRLlb+#{#WVQ=WboLTA<Bx
z_;#%94`HK*EBdpqgb7EV()ly9`tzHXpTRnB|8KLm3||$dGt=tWqsPD3B+WejGSNKM
zd%sDrX=Z-#S>r=lXR0=QU)HxbD2VZPOH;}1?xTVQx!V-nvi`k2ch@yXT2XIWtylVG
zYsvMl&MudVXP*`9uQNYlp?j1$wB-Ec;FB|c7|&WPlP)WxwP_xQ;th%N>-~jF5^4WT
zi>K?R?w88@b&K!JcKrq0pYlC_d+Pk{@Vb2c{&Qs(@~849C||m_?%ipH{yi@qsz=`Y
z865k=|7_caBO8k5C5J1ShTRKsbAP&ewM+OpV>>g~)5q>u+k3s0Uf}HAzBKhoovq{A
z{}SaqS>k@V$I}lRulCwF&0(>8pp97iD=mMEn~%jmdGs~D>b-LKg>NH!n5l-QLzSm>
zxYhC7LFzlT?v^f}=y*|9yGEMX&V1V0(|T{561wMHN^yRDmpjiXr>gk%zIQjWBChT7
zJ8)BL(w(@Q%iLz4d6KFTrZDUJlPb}|;Lhl6OO$^;IDGiUbzzZzJMYUbxL+K-|5=;m
z8NaBb{cjq)7`OhAXk^=9ec?wwTR_eC&4zwijfpRAy?;Jc+x8o$#F7>1d*5+}n6@%@
zmo<q;vDStQZ;4*B??}FMu=gpp)9<e@*?4Qou4WOp#*f??S6z?0yD44V5W4?(?Nf!C
zS@BKF@3hT5ZSQ@n?XS;qm7dF+y!STxPdc{s-{zc?+ooKfpwxXVY?V>=*Rm}a4oh5P
zPC6m+nZ-@c{BHNdwnb@ak7m2Q_<u)ciPZ9tQk}minM$r%ea#Z8icvZ2)^RY;a{g0!
zvnIui9kUPrwG|KFkXOU>Ym)oxTS_SpJKjnhNLh8R$MM&{$(mw37eZ&UDt-NS^<mDO
zUalqFk-HtIC-PRaob+7CB3gfI@1LkE6(POHeq^X>hMP;R)qU}0zm>t^AO(}7SJLdA
z#1gfZJ~j1Tq-Pq-Ftu~x-G@aDU-=#|9NV8VHLa!C|NVM*-^**Jq;aou2zV407Tn&;
z&ab<nwCT)hyD9g$7Om1TH_}<(#PHHC-}%5j<5j7;i&j0CwCS28qLyxF>d))BRQuPJ
z=_T%SPhX$)U{6Mo{xmKdVJWx0fzK5ceyLZ9ESPcn&Kse<_A2q+Tob$*?|1(@^X|XV
zwY@SzSC72lm})F=z-Fy5AKO&9u%B;4l#fK;dna&V!HHA%TpE-OEZ@oZ_*+ft>0HRw
z6SDogH;Yn`v&hk(I~x>C9T)N*S(Vw$WtjQ-mz^Y2!OK6s*K2yeJpA{gbUk;1xyNj~
zo^Y8GC5EQ?Gpw$iK9w=aM4*N5-rl}#H!3Sk&j?9=U9DyD$n5hK+XH79YCI-OuwTA@
zamk6(KbT|A`W#OGTzt6v07HPOYKhpXis?y>$BxfAB>nS-hG@Y@rtRS@*-7o1b1$Eo
z%`@A1cY~L)e`dJQYVA|@zdDL?|L`lD8^ks62#Q_qEYOah`exy&{Tn*^QdxuLuE{>l
z-WmIB@#aIDJF6}lUt`p2(fv1JQ>1TO@$clS1(q5XPv;u`-DJ_`y)0sN&yxA!kNVi$
z%pBI&tc$yK$H;f?%q^cLew*nKzk2;LHP>A)&bOx7G{67#PhjO$m1_}ou4kEb%jP^`
zytHZV^x3-?cCXp>pYQYe<jIVdOiGiOE{HB_oSgMJS9;a8yUT+fKJBkMeDhn>p2u<y
z=MCSd1-a*`X2*Fil&-W8KGGMEdT!IQsj5NAE(>K7dEFN+d;6t2WajB_x55tgCCu-C
z^IM!{%5Awj0b*~?JD<(mH`5_z%fa$(2lguI&bS+=6VTqd{Lviyth+VmW?Ytbe1B$M
zVzZi2;I=r4TU^q|jvCv{mYqDc$F*o@k>>TAe$W58bU)M#*5a32dVb@xqQfB$>Sy%3
zDrf9ixZnv(^n^=qG%VIjFS&a#<d*Wf?1dT{CLijqKHUC`d6n6c`%khSFs$NSzH;G&
zjt}{pwThA@G?j$TwXB<-K2zw^+v(5DAK7ep?wRcRT;Gnj?VjFM|ISa9ix;ztD~a|!
zT=S-K*V;9zn=)2--h8EdPPWy`-&t>i%f`p74<7ePu2_@e|2!)#bke!|FW0aZi9ZzL
z@#R{t$m2RgFj7-nMDt8cb$@UhYp1kV3^#9NX`Q_9x8|=K*GVL6@a$NVXnEk<1wW2D
z7bWf$m#kXvFE0@)&z@-6y2q%+?9#sY{b^F{^%oYb$e#XN*sJq3%cKpmiFX7Z&hn`K
zb5C*0%OHVe*M9EK2%qq%CpYR)dG$snkq(!~`O*jf%{Y1T&@l$7wKr@h?=1g4*WGgV
zzQ?z%Yh~4r@p?@B8X6^XvRO2eT{tT1)AHwakBt;x=O!@c{qCQ8zr<NR@7g6lEuosf
zorxD#1srK)np^goy-N5^<}AI-tNdPkI+a{~>sxna-j=!lk`2V-Pk${@=sVc=B4OE8
zkK(rv=iD)gdpQ4N(A;WCR->P%TVK7}<*8P-d-blBQB02yg=H%DKb-vP`j%~9&oMc@
z(ePwfzjPurxu{>}$oxlXo4BG2wWAf*uTV%6-`ug9BWP0D!>NDtyefCDK6zNM;z#Ye
zx2AT^22HGvNEPyeCRQVsCRROzCRQzjCRQ~zZdmoq#mKaviRGO^6U!@<TALYEYv=L`
zY+d>!<vys^W@%zM(Nklr_Hcpi+OxHeRa{)Fgi{)yeYWpQEt)wuIrqWgO8aRss|t4I
zr1CCnyxpSy$<yWVCIRykE_=6KcK;sz>}4an?E3`~q5Eqh<}b~N6Lx3(eZKp)=$5A}
zwY$PU9SbgVddu&da{kFCk-Y5^Ez&OE4<ER(<HK5o*L^YlM{E!L3*30Xv3jHCHkH&T
zH9LPVh`zl2@GG9Q#mmfFT|@g$pJFqQ?tQ2K+r47{@>7e})w$2-+^y~>#%OvrRYJ_?
z&q>{PMP3^g8Mj=LYq9$^=gJh-7L@~SYm0CC%URejO|W|1yI(UVM|Gom=t=STTf9uK
zD*lL8O*2Sg5Q@IOB<^O{frQih^}M%qce-tP<H0+jvG4EflbpB3_+twhYJ_!vT(9??
zoXvl{qG_>)^se{z{B6m0-K);nvX)M9-}*oFb>#eg=E=LSuGgE&w5iihie-AEX!T`}
zvWaYu+ApLxvA<)R*3eYS%@bmG_~W(YE4TJ`oit>6eJ6-#x_Z(U+xe02Hr!8+unRNS
zocky|M*NK7uK=Z3xp^IhAs3c(zv11-@owtBf7f?O=WOx5U8$&=X7}fP;^es^+4@Rz
zW*+kRTf8dB-FlyamF0=>9ky1D`}}`0g}weGa8`Ho2CKq=Dc9FbvfFWLnbqMm`=?*-
zKde9fT!TTy{aK>)jmf^o+gdkvUo7f;%K2$i%4NZq_oEy?ar<!{)X_}i;<uG8<<7aX
ziE*F9B&G+G+H7vzDv6$RX?}226E7!=;F)P`UksUbr0!oT5eRloet$fD)rL(io3DTM
zU(x>e-SnfgR$Qq6IHSVbyKhnSk$by2LwGn}<@D7VGfmStwb%b1L+nob2Xj={U7M(%
zS-N{d)6DOT&kuCAT~gNTDox_JT6=TW%Fip~7ajQL7X9>x{h>hdkoiuhg<YPDHw%^T
zWUSn3<Dr-E%2NL9?N?o2xq}sT`zxz$bToLrwJ}&Mdv`L4>Du~DVntJ|-6yU7t=3%M
zF5y4(>a6Jxx7Dd|8JNwxtRWZFxc!>!jwYpTduo<lVtSx`hj&u-&6=lTa=U*TD@b}p
z-?LY05S!Se^?Y8k#ie%T`}0z+tzqDvXBgw=rj%%T?W?Opzr=L8c`cRwAFLyy_A)<E
znr&9vd)#YM>dwVmjl;HFQ<}f%yztU{Hiu@aY!f@A{PV%lbiQX1Is%`cZn6AQRFk=U
z$)BAsUm5o=wpni)+Q_ukK6Co!6D^+BM-sdD?x|?bo0w(9E-+Cb(uYTvFLOU5UwU-C
z-CP-&_jlA*Z`im)Mt+X|+ORdx!k@-m+GM`rcFHWz$$q^rukLS-KKf?KwAZc=gtv3Q
zxb~`)Eon>X8J&Y&a?Q5Z*EZhEp1%Ag)A~9gHg}2d7uH3`n&dy~zhuyCSl5{7es-eF
zqAJ1S=QRqd;?e6{Jq`Wddhg1yx#Lzi)pF+2s+AWDqjgflS8uJ<x3;;L(Y8wKV1-V&
zYQBw7XGF$}zH^PMmuz^>udumr|4e>2sRiLI-A`gRX@p<viZ(6zEA~%Q^VgaM*{<sT
zn~dITi{v*pZBRU`7TLiZ>~LI4{T;&t|35RH`v1+nIQhMNGC$icm#543M%zX!pZs&{
zwC5+YsK2SXdtN>``5{u=_>%Xvbt`@-?ta7cpd&#@IYx=)_bmZM56)!_Wfdn^&A$62
zkJ(VwKp9>-a*7&?v51`WJ*KDBa$wW1ra3m%KWxu05n69#U}&Idz{$p{&Bx3n#mc}U
m(*G#1OKZ{c+x>ps?;lI6@E$Qpo5R8(rlp+|ogU&1DkTBWK2}fw
literal 0
HcmV?d00001
diff --git a/roles/ca/files/CA/private/dsoclab-misp.key b/roles/ca/files/CA/private/dsoclab-misp.key
new file mode 100644
index 0000000..9b8a5d6
--- /dev/null
+++ b/roles/ca/files/CA/private/dsoclab-misp.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDPsRvnoq5wgXGl
+V0YULkdkiU69ffCCLQMZ1odEs0K/cngDzJGYWzZCFFXighYSWGBURI8V9hsfdjYi
+Luis0zwK30bH8QS8Or/+S48qU4PjUIIGCfwq+v6UoHt/wj4LPtxyuJQQCguQ/UV2
+KYVSvw8gQ3j+O9NJII+apQyJuw6X8mewLfAXUyWmm0tkDnKKv8njjkG77fMzalVf
+jVKE+qNnGntx+5DxX2HfROoLd4jy5cGDcVjHWIqbOUVZTuDbFraWcpCM7sITdeoV
+xmvi3DreyAfeGIQtlrbETOFKTRNvbJod5flvzH4bSjp1Grk3sG2gG2k18bbmwqXT
+VtNXxw6LAgMBAAECggEBAIb/4VqMVQTOLvfBJc0iU8eWtLbZMMb8ySI3Xs+aEc3t
+cvNNOmolB7ymCTllQ0GDboH32mX1BaZKqV9IzHbiCwoqHZEDKgfLzFZX+OQTSwwr
+nYidXur1IRuswPnHYZrfrl1net5+GQyShF8NGBs0E3nuQaxHaMwEvTNRCzhPfWnn
+u/g3IExtSdE/XSxRnTGRQqSnMAf9OXs9bw/iTSR5cQO2mW/dRLr4aUCQOJ5Hx4mO
+ub172vkNeNwOSUzc9FjtZyQZOtn25WoS7SusK7y9ToDqqR5OcI5M+kxq+fQo8Wvu
+XlIeOvTKTHOBaih6QYEzHo9zq893I/c0xiOmfOr0v7kCgYEA7WQ7g5z+2Lyt35Sq
+XmzyQyAEbx+PMPc7yTQC62YuvpEAaDFDHMphDw1zM2mraLO+2IuBuDz7CTlsf1zl
+xwEJoEZa3odRi2McpqiUVQgJYD+bCUv35J8X93K4/7tLHvXDJQ3BKBNNoLHxjD5P
+SlR5xBCFwZiiXAkquWpZaaWAbg0CgYEA3/jjf723dlWRrVcG/m7VJrhTWq10Jltp
+8y786INKU1IUrwqFt7ph4c9/Jbop40QVkJKzsPojzWreDf3EZYGnBVhOLA5p4MC0
+X1ZTzN86dn1Y3SDCopGnJVP8X2EdDGfsTkfXxOjRCzSPOyZzxzseACw9WWAmullU
+zQs4K6/4YPcCgYB117znb8bepoMVqwILz79PbRRmaV82qnRGRAhy/I2V0ftGvbWY
+FCqsQzv9uKX7WscRTed+It9nS9c9PkteR3iU1HgFYV0seW3emW7Q6yVkXw7CRbDw
+D73g+1U0ta/r1Yoi2boZ/8MYU10aBlBsEJVFrAIKAZAPagmIc2+hTyP6/QKBgQDX
+FHSr3C0NJzkhA7zEovxwFXx+TKmImCqTjKD0S/gZMW6JdYpZmFOc/Jz2RuMoyt4G
+msqSfnPZNPIO744liC8zM8zGBAVq/sN39je9OvUyikbG+0nNwh+H+jIWCfVST44e
+0mEDSCxPHWcaf1+ZiEzUD6fOZ0Zpl5WW3lpPocncmwKBgQDIR7uJctv3UZkEO+oq
+g1Q4jLUYJFUb/3fk1mEmpq+b90e/xQMqZHlu/KHiHcKrukdWj67d/LY4mrw4DebR
+PTgdj9e0O8V9M7BYxDN+zEYrvmmY4A+tg07zm8aqmhCNKpOMsW0MkKFFuRiMkiCh
+bopZVfjdd+d/56vLZW+GSBaCew==
+-----END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-misp.p12 b/roles/ca/files/CA/private/dsoclab-misp.p12
new file mode 100644
index 0000000000000000000000000000000000000000..34e63cf61702da91592e85b97cc2c41066f4089a
GIT binary patch
literal 3389
zcmXqL;<aRAWHxBx`On6w)#lOmotKfFaX}N$2bLzDHwH~SFASR4=Od)p7BsO>Flb`$
zVPa%3Xku?g$S@knuyH|6;9+Dl;A7#~W`A?S%O4B!n3y;i8k*Q69HY1z_Oa@3PW_hK
zk~?LZ*^ARp`yUuP8mMekesuhy(1|Hq6N9hie_pxfYDiO#;hz~g`{j)G`?7?eiZE4Z
zjP7^fJ9uOlzmBZ0&;QCtYxk#Y|E%z0*1Uq_`TG?b-*!F;iAb8gWRs2d8s}SlpF$U2
zNywH7(z_$>+uyJ>YV&jH?{^%+jmw1Q?~FMiy5`^^yI}A8th^iMtDH|i$$I3ZwPLWE
z&!Y;B*5y|xEbcrJlI7cJ|ETiZQr#n}pPLu`on^eIK%e#b!{BWPw=V2y<DR!fIJf!r
zq<xK7`wIiCxY&N|HsJL=nSIxI#mU8=_FR2ub+BQ<siQ~EO{fw4vaoD#$Fd!1d)lWw
zD`nhLV83F%(U}i?G5z%o*W?P<2Ieo4sNQt$$)&Y-?!9uHyVgU4XUfyO-ig0o#GiXF
zyL>*A%cX|y`)$mON3!3m>dcy4GcPXw?hAW^q=<cAw;D~-p5)eR?PN9c`<L4X|D8<q
zu@kIG;Y#TYvwk8Qz}%j=OZn=Nl2G59X=mThpD335nIrJR{M(`3Q|u-@EdQx_+n-zW
zJmcgKQD3Trt2+;KR2`f7&|7Ot*A>-TsScg}B1dfU67{a>Je_V*U~YJ1*V~^#e;<4c
z5lwyjYSyADi#|mqab4eYRQW`gz%Fb3t@B<g`mf@iEqmwo>GM{*oHnuFc+LA@v+vPr
zKVA75Lcask`Ab_W*9y7o-!#?UCZZ^G-k-hk&H^*8Yy4Gns?I-Y`*AFK9kce0qtmv2
z;PaerdV6lfEyl#D57umY_Obkv{M6hTyVl&URSEXG{Lf!Hx-Vm|-t1Xx0z9XcG$*pn
zcPP;CwJj3Q4tr5==l^R1Ut;0Ocl+ge1fHC?x>e78$>P|`w+_?4wMoCURkcgHdC%(f
zj++lHIbO~2c0LjLJ7KrG=UX?)kdF&K%-Q;Ka|7GkFF&I?9pxj%Y{fW!e0LQItbE;Y
zKu&+}mW`FhGcC_GF_%2=*_bEs**^N8`L%+cM&4BiU5z@=Ha>sC@$N^p+1^&ke9rX-
zVn0%Um)|x~x!1VnT;=Ncl<<h@(!Q>i7e3~TicWmxWN2U0BXQ~Gi`7XNLQ}ThxRSCn
z_jYs3oan>Pof<{h@9u1T!|f(@|4G`d75{xK+{+7>RsT!6`0o6)@P}7B_kQ?z)tPT+
zZl{9w37?Z*FO{n&)riP&?~JdrGK(#8y}aAZ#@6-hB)_Ec%9!J+drpi0d16+Ut@7j9
z+I#O>i(^)rPkv%pY}x(yw=3@iNtJm0<Uct#Cx#Wj_*GzL_<ib?!;iWD?3G&O@I>2v
z`j3@0ihG~e9>4vSm3<x4SuUnp<!@CMtwALs8}d$ky!(A+di#rco*rBdk<*iV>x}I;
z>(y;vb^U;O-FfHAsHJMRmNNy{+~a3BesEFpwf9GL4#s|W+g)b<Ptt7v6g~e9PldjJ
z`hIigbKXM>U(MM4{>v}(oxYEj)-n9sIOnb0yL|Dp8>Fw9e?Kab#(Qr*@6R85a!<^i
zy=Q&--;NvWv?V{su7BJ=-I{IM)^$ree+W-gys4VZ(5V&c5P#EWeoX8#)to~N<>zlc
zEY=aqztrtnbE9}iVMDW=^c1!z_LoauTqrAgA(A+)VL{HJTgT>YJ*M$aRNt*IqvZ6v
zwBN@WOu3FKub8na@UYt)pUZQm^grA*)rS3@NYbCT*3%pFey;cSUo_icGu!vGpZI#h
zPhYttRIw`j%O2~w@%=6)A&Z1#yA>DRoA7dp$}OWKu?=4)u!Wwfi~DWNdUBPxWxk_c
znW^(<r@OOm>0Z3-XDXm_pj(1<!NKf%XYaoVxN<kU&vLm_#=}w-qn|8~J>&cYZdIJn
zYJI~h>m<1LQi*=hqTQ03JElK8xcAqOTS;oG=j1;Bb>c<3(2heVge`jy#%D;sQfr_8
zK;|32<!W{w#?uQP?)oX%#k_Y%(=;vC(CA$L*!Uvm4~(0>@xH8Hw0Zs)ABOL4)9W_Q
zewQfzA^v-;@4ce^3$jyBi&|A4*V0P}dMwMgS#Ggxf8~z<MxS*Y+~4Rf^*d4{b@t|-
zxn*Ha>1!70Snj-?e0*x-+dY~eH9uukY?wK(>(<Q$rm@)`C#P~(bXYv&U)}d$=O;zI
zsl|4NVQ2O+O?-E_aa}3%)XR=ZRr-$)ecZU}tn-Q3-?cYimS$eubx@FD?)sbZK@NQP
z)^7U#dHKFG=4(2?pEj(^b*|d(xx(OCrrU}7=7jCbJ~4)D-8D<MYw8N!o&Nh&T791G
z_|W5#;{SK5%x|TPRcaN}-$sZW`o%EUGA!({=%R<q8ic)S)bsYti?d3YlCVo|QAWJZ
z2QQAd!MA$;XEcPHNJpC8a9lQR*OR`oZ8L=hw;FqGpVMI?-hN7ap*a^%>gl)_-<LIg
z;J@YRmUTj<;!90XYNEHFQ*E&9`^NAyuhM5|?mypk_~A|2+%%4Ze)l=GXGFi3D`9-U
zw)yJA%DHV_d&7?vwRH$^RmuNgoBe+FEU7!Gz0+J~i7Oubn>c;i<O^$s9&TivtM#v(
z|Gf31^q;y$?#{Xo6l#q;xCPI$72kAO?eUUBc(%%+TV<J|yABth53M`M)5~##^HH6e
zK@+PZQboL=iPeauiB->_iB-#>iB*k_8&)lIF)}S^VtHrK#PZ4jxwd8o)z(wG|GYY}
z_DvY5wq|K!Il;9iq@mn?vqJiL!C32q8y##Oub2|OLMYqkosnZWgJ~x#i`%63?I)%+
zz7IQiRbk%anFV>P@;011WY4~H_Wz^_>EYJbb~QM@ymxG|xSp}w^i2*Q4jz2md`bCq
z;)YBet~G(p$;{pvZO6QS>#8SIa9n<`c+2hmqoqF=`8@e+d9C8HRd=8dbG=pWZ6@Ax
zKi>VAl+{`z$80=tOO$MNMKQnKgQ%BYM>KUWiLcyK&Jf=aV(&8Rmh`h#TWe1)c)=)b
zG5d!4qY0JFMlP#;j>UAC1?e>17p<77!0hrVWmnj&@bLG|&laq9XWv&C@yDom@lWrK
zvA<?-Exz-t;#qzCy|R>kW}}ULJEJ>Xzglmq+;Y!ZX#LL}`4it%%)j<By8qmE!<&VB
zzcbnY=i&WRzIo0|`-hruencvLXDK;;X_a})M~~$jy6c&vdREyAe)23{XMfV&AhYKQ
zPsHuz&iXE=TO4;jbnJ7tQ44SCUNrG;!Lx-o10S%JhsE=2PyLqgAac*2sgLD8Pl}gu
zdJ=xDQ))Gj$~;NGIg*~S5{>WdB7goDyLrXYdWQ$!B1QF=lb=*P5l`=o`n)w(t=Zdt
z^CWqn9nGR&v-i$8slg|4)8G8qbJ2?q4Lee<&6~`)CFaGNCkzqp+z&#hs!8cdy7|5j
zyLPD4C{6s}<o-B@-bDvjzGnTrW$lK8k;U=bi-VZgJByc2nti%ej^*1^BW5;(yecE7
z{u3-JJyRzepM0EmpfT3w5KG1#!MT3LUnZ1t=60Rf)h=sd{#fC@h1z-{?Xxv^<o_0*
zF}U;AKZAYGCVR2Vyew{;F8uT8`u(|dN`&!h!>s0T4|~?v6YgvjyJ2wi^06PkAJsik
znY=S?$C{VACqw7&JoNMWDh7on=9X;9t3Qn9|I*Pg^__iS5|3-{x{Iq#Cp^yLJOB0p
zL+dX^>oYGEW=^?S?a`*TefBq=E31RUjwCBCOup9MDb!aH|7q&NLrk}Oo>g4%VSIh)
zUb0!Aj$hU6xy}*Yy-7Kb9z<LfDKvGsw9vil>q5_+i&L1DcCds$;eYkQYR0;Q9d|ts
zbaS+B+L5Yfm16Zy*dbHzVE)S%FNG-q+iKdG70wte{<iBeZ<*@atv6gXe5L9Wi>#_Q
z=F6MBW}h%iJF(W}@9fs;^W(R@a?&cDezqujn$oSzBe#@wQdyU$xAZQ4G0Uv>XT*c#
z=9uMwC+`g0wMglHxLIGwiR&Wj7FCB&muG&+G!#1Rd~HE!i+Eb|44FepraB*@)<-Y4
z5N6)yB^fT?_y23(eox_BC9Qw7zvrawzjI%#X5zGa%9D>~SLLVm^5=+7?(~?$(`eT<
z*FofPd2X#CZ?^Ux(}*{g(@&*_oL$v?>iGY?SJntGdFWjz=8^a!?`?ZX?QFx9_w>*B
zW^L`!xK@yMJ#NK`>Acb}W_f&lzIAc0ib>zyblFsgKYgq$m)~i<6TK%lQ?2@XOW<lF
zp=9^yH~(3yJU-RT*_nE9u29vC4F>+1UoUO_Dfmn9J^K@dPyhEiv>aUR{P-&~^RcHh
z99KW|JCw8~`L}oJ3bx6YW%tiLYgxu~b*&~tbl8LTC11{-wccL$bl!yhZ^GZ3Nv)o|
zr&}|aL*JXLFxYzf%}2MV99=j`T2gssP*%TuyJt#{{>$qke&-wyAG!SJr;*+y#{HKb
z8LAp6!%Ig_QA05nkqf`2U({Ggv})@~91c+xsGHRF+1S9)K+%Acja8eEnMsP3fkotV
mW$DQ@l~)zV#Wwza;JDoG%hh*RSvV$Nc+hQXyW1U9N&*08xp)Zx
literal 0
HcmV?d00001
diff --git a/roles/ca/files/CA/private/dsoclab-nifi-1.key b/roles/ca/files/CA/private/dsoclab-nifi-1.key
new file mode 100644
index 0000000..2d054af
--- /dev/null
+++ b/roles/ca/files/CA/private/dsoclab-nifi-1.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDDr++3oZVHX1Xq
+fujW/dXjGWguch+QYqh5dtjS9lHfcYA3Wux9+214bjf+5RvI1XPkyaXL6EpIJsbg
+pl4ULJCxgbJpMeJEhZf1YBKIBp2Nz0qid7PZ//NBQEwh4XONmIIvNycMJNhnvccF
+UEDFqdDkP7sMcil8vgYBlgO4oELEb2/aqhc0X17zcw53tXqaWeM80TlQFy9TGAWC
+NCkbGVYuwtskeVEPqNlmPHIeoPcD1unlxrm+lOSEvc2TJus7F7vN5Vgl8ig1pLFw
+3zJUhfY8IJ+Ii12DosQeMdmhdh0uPPh4ZKTdOrJWZb+oKqjtYsliLHK9nX5rH4Dq
+vDNgR9MPAgMBAAECggEAJ4fH/il3FXbtzTQb5ypZ5cmBITjOpYU4kWjvvhYiTegI
+xaXpdj2vTI+/Yg94QGbWRZZylrFzKAYlUMZq5Npn1GPl3ZhFJCB0pQ3mUHI9q6L/
+abiSrWwmAL1zY7i+dhEj41PZ4Hsk+Df/F1Sx8PwwBZvWNlpthRSB9BoQ4GAHfNTH
+qkJPz7IZ8ZCWZRRve71+h7rBSJVnrz3iWUmKgGigFWErD/vW0PpD4apGkwe9egkR
+2MDvf+x/QQ1vudzYHJEkKg2OMdsKokLmoJGmSh3Cq1dswAjnBqM+MPXUklHK6gZm
+L3x3GwBowQSVI/EHJT6MeMyZSGAwJlouX0oN/Prg2QKBgQDkY2ZTbV7ih1wgIJDS
+hKYqo7swHOo84JaMtz2FZBfv7KdYYUwAQObPD7jnrvV6EqI6yIOfo0WN28obz6fw
+rgugYeAlFka5g1Gg5fTGCgWIy8yTm5RvOrNn7lOsE8xx1dPuSqniCtTHjGVqc0EJ
+6yL+uZSKfL3Mgfli/RHTXmcv1QKBgQDbWHE5ZyudNF61xHAn6sFjESSOwLA4LsIG
+qeZN0l1WIZjwq33HrK9YK4F3k7AySYGlla03rOWVArM13fAPlNq+1WRZ4a6iArdx
+s3Wri9b7spzxz+OD9e+sPMjR3+odSAamZyWzk0++F+wQlu13rCX2kNO71laWOrSE
+u6vvmg+NUwKBgQClMYxy7ZoDCdtF1ahKzO2Py+v6Sf/XVq8uSt/x2stBnBAS6hVZ
+3ZfUz090LOWbjVzQXfZugl8t03slkJatjIYWVJUW3jz7tBNX6NyaXedQ4fAwGAlO
+Rsw7cXQN9CgdcoefRVwJhsIPL+qvC3xQm0YtrrfVT5LNGHn08o1xMEg8nQKBgBDy
+3Iza8/vJuCfDbgcnlJnbEUAWk4dD1ao+JpWM07l8Dx1JowZyyXm+otpihxLbqzDo
+R+Itce/5rW9UHuCVV/G2+3IWhi/ulc4rV8RRoeMBAi+NKL9hmYtthvbwnl502k6x
+WbBuiZLetlbx0peUrbpHppS1Eyu4jYpUFg0Fkn4RAoGAZsuipVjJpM/nj+aS6aUJ
++FNYaqZRsSpad/IY509ZD9G8lf/ANNxjwZuX4P3Im/m3772LcCe2LEv4f8sOfaF6
+wz/noWgJxaTqSaNmugNDhPJpXTgdgsTeqnq20MtHrpi4ZXUs21CDsJph5dlS/gWl
+AQQhj15wJkiYTHv093f2vaY=
+-----END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-nifi-1.p12 b/roles/ca/files/CA/private/dsoclab-nifi-1.p12
new file mode 100644
index 0000000000000000000000000000000000000000..0076ad1207c243f877de929e2424ed953f60469c
GIT binary patch
literal 3397
zcmXqL;&o(VWHxBxWoP5mYV&CO&dbQoxS)yW2TK#r7lS6A4+c%_%Mns+3!2zx7&Ng@
zVPa%3Xkzb0$S@knuyH|6;9+Dl;A7#4ZIbWgSC<rJV&Y(EXkt%zP#db>QP)$rSZBd}
zzN;mSmBBNYo|TqpvE9D?<G;ttE*bo|74&xIs~-kB6V5CD7nEb@?|WXz!p3o6&*wMS
zFE5DsFL`;vyF8{H0U6&_sy5{B^%jijzoHb<H%E_4Le<JYlJ!JL<bT$TNymQiYjEoS
z3O=$uaIZ*rRVM#cuA3!Hj-RFSDwpo<+v3o0)x>}Hg`iWc7q36`NpRs<@6yE2!r&{&
zw!JUzgXpj55SAxxrj2)YtuCIu;hFc<Ro1$j`xSXpTz4(nUViRkknC9|M#b&wfuS8g
z;=g~}8OpL)?EAgNS6myK+0NAZCU)F9nHIF8gGGPtV$L+T;O0d=31<&Y{<6M6)ZuNX
zM0VDn86qsTd`*icC%c82ZG6ac=$0MJRyiR(xrHa|MB|lb^gn1jQQ*>XrBMIS>m7>?
z&(2hw$`e(x@Ma6wy0r&)GKQ8N=UkrD6~Jv(wxb~PY=q)@RvCpk%Sx;ldM^qz`8UO+
zqN~6$`1bFWUpA)Ic30kWvA_3m(~Xo#!q3eLxti>4i@1yOgD%A1XGy*!a^-{kC9@+&
z3eIN@nlpFKXQ=z{vee^JTlJn<Q3fhCdgbEt<qesVvNQhNp4fS?M(n19z*dp{#!c<k
zn@aWMl*-C3GhDW3xv0LN#WCXFbe?@X^LH$Y5IKF}ctO^IuRMBx&3$iZ1f6)Hxv*J#
z+ok7*Oba)CKV)7pWr|M56!qAU4z)QCmoiyo`tR)9S8eXH<Ke+mQId0A|H_vBzPF)9
ze#Mq^;f$M&;-9_>t_kI@&TPr~8=BU1+M->}N;CI+W}ei9ZH>3Sa7<|X8}nFcL#u+#
zy)}JIA*PaZ-!1zSallo;Y1@Ju<y+=2c(9Pu%Exo!K8G{UmKSdSroH&+C7!F7+RjPY
zR;<+ibinVi>!f3@Yx>#r=Xag+4A`=;Xxhi<=G?@Rz%ymlsX6=CE9^S5ku|~7SToT>
z<l^u9Y_Fni?#l@Zx;h^J*t2NE%re#T&+iY+-g5fwZ);gThtJ#9j%V3!n-jvgMR|`u
z&$X@QYp?85GXB)IbMcW#o*Ch`Uze=qe7D3VySTSpQ$oaSgV>Kbe?L}Ab+rXg@ezw|
zJs<M@{0BZ}hb`*$hGjQA-wHkHSaNIjw29f9R!ur)_5N|K>dGZwr}Qh`yO$Sz{``T$
zvXWM-bYD}uxAoS77lIoaIWqe1ZOeYSb=sW`XAOequ_W6RT=7l4u3Mx%Z~aa_ucum#
zFEyn1m#e>i?kBS0j?3E~8yz2;bZPDt+Yf~I*B;a@|20+Z?TO-5J9t9VIq&s*{8HN*
zontsR@p`P-kJWPdWk(nnWIL+fITbiZC!SZJd-ruot=s!%cPdO1Q;jlQ_{S{l%IgR7
zV_9yV>3s3id8cU8frl4LcI$idO_Ub0<_PF9yu3G!Z}!Ud_q%w1-q2Z{vGsvx#UwxT
z9icH>?p=zV`0$nX<|F+A>$G3%3aIn4A8g&q(rNbex@FSt&c)?tTOBkH{`I(Q{#U2S
z@-KgK#8>4Xm8$d3-cIVg{7lC->94=mZkHCr6=r!BUZ#5A9$xUCvwF|u2l*F$OW4$v
z(#lnju_Ur=zwx&`czXNnPfyZkE&A{+AntZSsnz<|+tQmJ6_!UC{Ev63{jl_#{G@y5
z^rlV|)IO8Juv3xG_G09wo%|O+gzcOWvC`wSt0-@~#v`S3-;ON{X%Y6yW{R%=7<lmZ
z&S_y+XS4s-UAD|xVXB^X`h_F+9-g{b%2fT$&tv|b8<$T{Zu4EWxUsy%#I(v`&WEJx
zN3AK=&$0!LT;64G-+e4P+BE#g>Me$9R*fPBUp8{OUK3*q|6qOT|FczWR$@{+f4pe6
z)XDU7n4vzcBeY`8m6_~E%I@(kyYPdNv01#|MB;w;fhp6LUA@wK|Cq3#-}G0`x?87*
ze&=mC@9cJtLEzZ?i|St|e=N!}dTrE@Z}(LF&bQ}s{sq5OzGc_6De&iS+opM2ojce#
zdbQNFU*=O1Cx`By{!?|e<HNoie36ck+qM7ScFGdI!MDO+G&$xt1KW$RqN%s)w<zS_
ze|7%VvXUjLleXC2pL%2||6EIdk-UXpl0HbOi3WA@XkPn&$$Gxc;RZK-xhUUGtt6jl
z*A%9Y7O@{x(!boT%hvdLL{~QKT<kyZ@7LLuE?wWfd)m~f_I%z0tJLJ*DXyBKC2@T1
zvAItVoe^0ub8A}Pj}MKX9?m)z*Oq_t@&3Mkwl1R|R%wnc#!-8Md!7H4JZIUrKbG;x
zQ_*v|2PexnTb*BNf8M>!I^ygnR);IMCWuLd+Rd<d-YnPqU~5B&z+s~ap8FMpJq2G(
z&n(%Jx=Y!qy?Xfu?j6;VEc@AC8n&uB@mF`vJhlAy3KxER;S28fzwCIluBg-7cv|@G
zc~1^0iR?eqx8z#*&!hth|F)IS>pa;tDJ#6%VZPG>Z}A|ZV{!7Igx>!V(b(8oo2436
z5~J30V)@f>gDU}YB~=#>yX}3j^P$Gn9m192`TNebGG|I>Fg65zdVi`)_i^Z#7MIz*
zayy?|<gL!`IyX&H?Fqx<xkq;j?oi`%c<wnrWsSDO*0K=&a`vwc?_a3~CciqDw05^$
zszDR0BT|LDpo!IprHNI~povw>povwDjT=@yb1^b4XkvM1(8Th}0J+v?2G!b}^O-_>
zTv)h3wKhu=%ZbTrmi_HdE?}Bo{PLTpU+u~3r{vFd=LWm+KF*Lm_2l&r<KT@lE&gB5
zhA!IOIP*()`kUwkPS<-sUf*+bDd?Wcm(v(5Q|JC$K6T>$JJV0GCi-l;o%`dX$kxt1
z?q7;D+s&@7)_9${ENGkBr!z;awS4b29gNx+F#oHx?Cq*M3jYJRkNoqy8&z+)+wZ?X
z>6=(3@9vn~q%5xDd%JaZHeT7<Q|snxf5=```rE~C$FCmX_#xv~y`$vNitgo)db|Z=
zH-C+M`E-Mt+UM?!XPZJdIlbp$i+B<x)@;_|7U&UsU~Ry4$tt0B7JPzJj;gNgZ!?~q
zC|%-I-(dA>iu{%@nO{Of_j=A<QWB!VtEaK*t;Xl2XZM_z->+`SXtZ9=`Fj7J{GC15
zgFl}45ejz<P`I*|yZm8{Tg-8j>zA&r4Ey=wt4mZ+ukBKo37U)v$rBGe(v2z?vQ_Fo
z_~^OfHY4p@_g-9$J}&4tled4xbD1CdjE5%wNSJ<bYIe^4=_~lwnp7vAD>CmCoKn4S
zgY3pV=DY`=>2NM~Fbh#CUY@jL>e2U`omkg={;93MljFvl3N`(A1*MVulQwK{Gbla!
zsh?>pi~4od5Z~oH`7VfRA7{Pg8IZhb`iC8SGr287&u8^aKdchFCXUHxqDSmzuU|sJ
zi2|E~SM^^?Y418T@703TOZVQ-DK}4Bx2DFzYSWGj^Bz1goD{NPqmXybkG0S0Quk_Y
z`M$ZRj`b7ktQD(lw=aA6QtF9o<eO{WUfC^&-*YC0Rv+%wXEi!tH21Gz+n(4TVm~YQ
zthLg~xw`NU+l%U-4!y^@UBsBqEj*UI$oPK8$Bh4Hr}XwmS>(Uju*|_SNKi|Hd)9m3
zIo}0h%r@M+6PvXDr;MoeuifRm9Y2CIEhm4w^`>#^zG#icx{rAgdvezZJ`b6jx%b`i
zrloGWCvMMXJaheaQ-X%a%||Z2ox8#nO^$5e<Ewr=e{%Du9{Zi{`$GhnT}!qa&v@Ud
zKa1ts`(1w?9j#(<{XTK|)B}c_1U~K+;&9(4!Mp8GC&%(14E^tz<}OGN6Lfv$th4{&
zjE|3Q<pd;(JQABEd%1LXW`CzZTI=6OS@yM$mz|P7XR`nIx;%|;t!0<=H0M^gIUj4E
z5fjG!YvK<^n}1i<`t}wt@SFa_YOmRL>864P?r%4*npB_aEhv8aR><js`m22kGSbTC
zP7_)dDj81h%jCGSf7$+UYmPd{&1)~m9+dq0{;lW<d((w2g{`SGC62kyTb%f9^)bDd
zXVffqJufs?%{>;Bc<0e8wy0Crzg)YvEzM-bc7w|c5A!k~om#@K+OPVO#qM~9nAtS@
z9nq`hcdOXH%VqLp&D#4!Y4*+9%eCK{r_@c3Q02(t3()H5Xypz{wTl-^d#LOAK>Exw
zwTU%hYc_6K_)yHNQvd2|JqzvS67StMRDGW_OLW7j9Fv_stSOg@SD#F-NPe-@^=+H~
zY#BROMoo{KrjwVijeX~`qgQX;53U~9Bl0foy;-8B9zU*^M_%$ujDND@n6~#f*-D0`
z`?Xq(!YBP+Ga;lxb?OB3ukpKov<Fz;Re#{IO-}ml(&NnvCh`V5(k8J#@O$=k|L^=e
z%6iM<?=`bk9A4aI`)x)o|LxNcCAoR|FP_-XU|HxH|2CnuyN%azmqYE92fu98&pnkt
z$zZ5zpbRe^IYkY{SVY!)?NL4%<!^B}s_dyW`_iX#PI1&37#b)VaI&##^D#3?u`;lT
mM0`zA5i#{unO7`1SC6sfsP~=+CM+EG5A!4vE<`bbN=X1(3{!Ui
literal 0
HcmV?d00001
diff --git a/roles/ca/files/CA/private/dsoclab-nifi-2.key b/roles/ca/files/CA/private/dsoclab-nifi-2.key
new file mode 100644
index 0000000..a6d1733
--- /dev/null
+++ b/roles/ca/files/CA/private/dsoclab-nifi-2.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCst0vi1Yd/jhWb
+z8AX69uM4xuDwGm5BpGgm8Y13C/ojHIoUAKCxbHr2tnjnZXS2d3hCDVtg3OVmLoZ
+/T4EZ5oJN0V50x0L7ApDy7gkzGhczi6u20jYblrzMb6HKIZ2jo+NaJUfcmxlSvye
+uH3ig+I9sDBdwXMGrpv3mlS4AmuCkBEIP9ZfWVzfqiVZwGd6/OHwyUqL4DG2UxPC
+v4xPOubtETCmQSatVo8DC62HbLJzxC5BPpkatilt4Nyvj0Vu1WkXDfFYpn6MgDJy
+JCHS6bREI/YQj59kf+/mq/FDlNCKlw7kkb2GuR9C9JY5hQUm7ZABkRGjHwRbRv8b
+qXR32xgDAgMBAAECggEAIutEGm5VYMKXN9M+4Rc8YjWgYHjMZy4ezzvvTQBhZ0DN
+67yRZWMW37p1hwFbQy/tHgwM0UFcYwhnx81ddoKDsA1OrJy0KK7mPGK5ribtiqXc
+5llLVwaouLZ78NOOq/WSrGJSk/MMW0ZX4LcoLF3BpfszLCFqYhV3Tw4Sxskmd1TY
+DAIJ8P0mcAuiEw1G2VuVEsy8c6Ojkp/cJZudlhUk4J/Dqzhq3XcdRu+IoTOg1FTY
+Tw6aW0dwW9niZWaTCzksjnsY6ydIoe6v2GMiCOzCnfmogAgfuTH8Hg2oDvJDqFel
+zXNwxn52Q7HMvySnDn5j2BAYOyfybNkUDvjq170BkQKBgQDfwI+q22h24zg6ZLiC
+0AlqdKNliU1qdtaXu1bU1Mm0/9/o70+TP6GUDeZ0xJVPDpgf/qULaY8k2H4Ucb7i
+PNCPVYNF21qd591qaZA3i/YDNbXmzYNgy+hCPjY9+jW+DBEKOMDSCbUgUP9RJpNj
+CgEadH2xvumPeuLLhFwnmDn3XQKBgQDFm7tWnpUiyOVWcdEZ+xXPiqRr3JZFcjHk
+N3vSOVsS0xjaYPbyBnUNiw8Mxdm0xmaCCDHjv7lmIOCEUtD1YU/bp/e6UqvAULg7
+UasrT0h63eQPxS4tLpDaIjk5Zk7A/NFAHoTKrtbZEs1YONL8ltkrqOYUv4jaX1ae
+76f+1/s23wKBgAUDDzTIjWJ8XHoSX3+uoUddLXvMw4sq9kuXyq4hxhLj2GQjWCj4
+N+pVFWBwNtf6f7XXwmKrDqXIo6pZkekHa7SKOdKKw1DeLLuBedWEsRIJVfXBjLvS
+VXWGZzikLif/pTIRa2BJD2GV7uImdw603ql1Cou8twabvhDI+jd41XORAoGAW8b2
+fUZt8Zfom/uEqFJrUNcNgmMTD/H3pgz23y5wVA/jDRnX15SULNQXC1GgyUsUNPRl
+Z2eWTg6a+BoWnsCxfE1Iyyq2Rj23MyW9IAJUoWwJDiIATk/ASu92MGiJzywca3FB
+L3mAo5UN9hl+NH5DIvnw0lYa04FQE8Uu+zeIn3UCgYAgWQECDVgkUgoTtUZBmUAT
+wL5cXXfmDnMNLVn2TJNQRDvLMkdI0naQ94Dxvky6BIbSqaKx67PA3I7yRIDUYhGZ
+RM4RC0WpGtjxYmWyHkdClGLAJjSp4RPDUcCNAqmQhTySGCL4gBMalERbDzo16SSM
+lyWQP3MOrilDi/GjbUi3JA==
+-----END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-nifi-2.p12 b/roles/ca/files/CA/private/dsoclab-nifi-2.p12
new file mode 100644
index 0000000000000000000000000000000000000000..fdbd25a1e50851b8ea865781bc903dcc78a1cc8f
GIT binary patch
literal 3397
zcmXqL;&o(VWHxBxWoP5mYV&CO&dbQoxS)yW2TK#r7lS6A4+c%_%Mns+3!2zx7&Ng@
zVPa%3Xkzb0$S@knuyH|6;9+Dl;A7#CldqpBfAU)#6B7qRLlb+#*4<IrYbFNQ1q()2
zW$?s*US7GN>z8qJRdnn71gqz6;f*{YlMXy8c({r8OPyxkB+<{YQ;L@}DjKi+>1+1&
z#m|-b+^6<36n_11d<xg`6UX~wtJXcLf9UW`w0+xL7e7U*eOu=In5kH#x7{&unV!kp
zdv6t1{o=8xI_Ms8`rJDut)25L1h?I&w@_X$a;tmGYQ7cHiq>z`dP*O>t}xPmtzyCy
z{BHImlgwquj$68IlL>3H^L-Nk;HqEA;c^BUkHS*@nI$_8KG;6z$aHHRlXl@PcjH9(
z&ddwAx~16ctm6Tp>=$!#%AGvgqnobYeP4O;QLx#bDjV6<eOW7SE_BOx;pOe$b!~cY
zS=#cRa1&4G&5a71jhH_jwV!n;YJ<68>-nVX%N0I{-@eMn9;1HQ;cnTtsctPZgk$F#
zY*^^EOmTbE!6#yh&7rlwUMF_+rM*4&Dvl}Ux`Wn}K*QsGPJO;59Uc6}AB#21cb0FO
z5g*m4(i}NCZqAV@MT!0bGiEM0!B97K+RQ&zev{5UEd96oM0fZ)c{>Bq^vcF7$4ehL
zR@^F>rRSOcNoz)&F8>#ct6co95)Y>LatPXP{B51H&xG4NvG|C_xA(R2HrI4-ttfVW
zA)EB}^c9cZx%+Ru>T<c=Gf81l+VwDowFd+YMd$ro{O-jY-**m-WeWPMofj_XdT=a8
z?1i`^=a%h8Kd-w_s1Lc_b4!D}`E$GAqu-~SuL-}su_<uIqt_R7L-h9gOZ0tqN~kEE
zUADcYhi7F}iOb5udNvj348e*&LbDUj1iJ*r?YO%qUFVgB{d1*F`m1*)-D|nsx^gC4
zoderf2ai?rz6sA~P|IDWvEg9eU!HXj+CH6Rc~`#KRGPUoz3r40d+w2{8&|h}NV{R<
zURmh8ef{ZtnedxmUta%Qv!Km=k6%ROY9|vB*&yK^%Vs4VGT5<GUM{=!i&uv9%d6Hu
zjN^lN-mJYZchS5o^Q_-BgO~far%v8lENRB>=AE(ozT%NNt-l{UIot5Zj7w})^psRz
z!=7tf4>9_^oab^lINfH+x3d2SkBU9+k%*S&mgat;S2K6joZ78RgMTaT=6lVV6n)U;
zuv|gDrM=_*t#fPFKFO>7ARi_FarU}Rp3_}lOn5uBzLWQMV0zgf`@+JBuMWid8BW}@
z`+}@q;Vz%3kIDz_1Ua0a8&p3jE-&ui>iBbo=9HytQiN9WtT@$uapFVgSsa(_o(0?t
z>s}H!i(zrvr^x}mCl+-qeG{Z%@TEP;<>%L+JF>q57AifMey_zYwB?1(fu%vYhd$j~
zU#<5hKIDDuMg7?;Tp!#|t~e4?Kj|cg1>a<zt*Vaio;^CZ=_0RSUx_v+v-huA?1y7-
z%hkDeZLBtOm8d>!a)agFL8%UfzIVM#_5@GcvgrS|7?zbq_R=4@7C0xIOOI{3zv-pB
zqwsf2=BCY-`ve5?&Twq5WqGW+M%X!iNdr$x&F++K2anv8m{GaT`c07Q!X+8&@>3?o
z6#diOm}2$UraLa~vd!x9Z>k>`FvjS)FTD^d^Er!CNh9dY#H>WsZ5pzn+M?W1+Ya!a
zzxC$oU0uz)rD9@7IKt$NU0R!NDX?v3KIx^W5hXQSt*XNArsmSa$xD~F94=J6eYMr<
zhJSzQhu#aumFrH{EO^J-a9m}k?uROd36myeeJ>W@z4N0d$GqbiPyU_LW4bW;(w)32
zW3OLsDtc?QGOiYRRj^;%s(wo~lXtD-U2RoaA(kpxaleO5N@qJI*S!evXHeL@_QS>;
z{<qh2ZW+HZe)%bbvu)<KtTv{l+7stYNI8CN!L{cMtW%E_Gso=O{cUCF#zwX+&xKAe
zS-VQ|Ygc}4*sQC{Z|Cmf-xL({<+4{;)Ss8XFaHUWd*%P&pS(<ScYOZ*ABLBwxtY$X
z;>v!YXE0;KO131wZ?jL_%XFQ$;mowj5f}FzSbDEK=J}7;Y+s*<>~!?{VEtj1<*G>@
zQnlw6ybcvERm?At|J&bL_A#APro;Mj_&;%{6Q|eos3<(^XSt#9mm`&F_qJoAk0i1$
z@toKg_~%V)<8*O`*><gt69cL{<#l(iytuWoeMis<waRZn<!AT2s;%Afz%OW>xt#n(
zSG7Ms+i%X4JaVk<ue8*my}g(1{@lENMBe@BBVX-_f2Y2_(xL49etMSMp{Z9mDh?gu
z3F-0;-oS8jcCX9N7wdk%c<}VaPS>xt@&y-~I83D0>2qz~Fw-HS?p&F8*(^W(D4kQ*
z4hk|$g?hI7i}v-{R&rOH>ANuc+8=Mz+P^9KS=Y85$MVfjCvHo68_l|>B~W<lp%ZLw
z^S-%H{N5B|z2#{RPu=xY!7Z7I<!bY$JF*&WxL^42e9+4On>Oag`Mo$gb)BE_C%(0b
zhegfXLv|c%yFZ<Ga?-4r7pK_N&uTI|*NSLQ|6G5z?DN%yKf(iUt#-0=V|2?&y)1J_
zj^$_YPO}HQrx<MW7uFB3a$DDUp;*Hv#cI}zxpI!DMgQJ*of#Q=I-^6f<oy&8@rJ$A
zN}S$q+x~3x|EF0AZT~jya+jGR=68PQlbZd@wEcC9E}S~`*UD+z<ZfSPv9750?|<fP
zTz@9epo!HHsX|`R#A?LS#Hwe|#HwY`#Hz-|4Xd8H7?~C{vAi>AVtIv9Ycqpt?cnEk
z{`TAdRRh)9EKMvYq*(Gl@V-0wh&k;1((2>O`QqJUrth3TGon^5d(Vl#bD!KW`*0-W
zXXopAg{}4X_$#A!{84XnD`nnd6Ee+Cpl^Pi*AZLY@PqbYt3(d8m<hbf@4O~HV})I!
z?vz}1lU2Ls9WL#Nx;KL-Ui{56!-MH@c6;p>`2F=-Wn*<-Y=*ayj(bYdFWWWQb4CBI
zj@3K5UBPI}4FlP~9E*9J)^A=XYj*y`)17MUE8Gp9rzd@zwf@ZZfNP2(aW8A%eA4rC
zVK~_)aKFBTX<HnVFz2+zfm@jMr<`_Kw6FBSBQ=9t@4dD<NZe4~&%`6ZGy8zZUr)Z!
zL<5VL8(6<AV|bIg(8JYigZ;rRyH}e1o#!Kz5GKR;EpFq!!p{aXvc1)-!rBVwuTTv!
zGj2{*dd^|fspNkn=;HMm>f6OcW~`Hpxy9<B^egevp8%FzpF<mRpUXN#-!3}qpD^Q@
z!)j-*oJDJ=Z#Z%+SNP7_?3>j#vpyFIuU=sxYxJi!?>bxBkuw2Nid_?~uGf-~m-4Ue
zyO+19d~RNQ&OwIXO8@p<^3wnO=LWauX}gz7?i0+Ia^9IIzH9h+C-Or?@FY<&<^1CL
zHMS8`S*>T=t7){lUsl^y_48vzEko!Br5Q6?zumHC<@;OW)pQ_tUZsCETfX7N%wU-<
zuVP(4hCX}#+S}sm&U-D-3px6Yc5_bH;%K#6^+4ag?`yWQNtiBA<mi9Fa@R*(-0HW`
zj@eq#>oYeUaB~TpdM)lu=e>KAd1KD1mA;Rb6mgpLp#JI(ixoe4?l;HH?OiFm^!URg
z2`=epW?lPq>G5oNo`k?D*^1J~%1>t9Pl{7xG|k*r*L?T;a_!KAXP$N*yMAfLj<dpg
zPgG21tnWPY_ozz9@|)}Zw@%-(J=ThEZ{VjhTi)s4@`&j+{yK|~^~c77FcHUlk{l98
zGoE@c7rP<ydiTw)ZAaC2m;C+IwRn4u<UPhOxzjcWNrt4~d)2VMUjI<zk=_q`b4+$O
z|K#Yk5We~{<+J(y3a?BX=93>}_Vdopwf*zDJ3+okVd0(EDY4la%U=a49y@$g+QRJ4
z8{zZsJmY?OywutCLXi1|bnuTIeRZ9R;szz_UArf}vsSPE_H|a>gEPB>dmr-2K3#G$
zM*3<6TUIjT#Wbfa0h|}IIyOseF-&iL@N}=B)up=H<sM7Dr?=hSdg0o=^?g&;*yv1|
zaOvaU|9di1PgkiuI>VGCJw@nSQ2HVLBPJqYOndAjPgnglJai!4VttaPi2s5=5zM^j
z1o#Zs`de<u_@7)eRlAJ${aSIg6C0OvbI9_q*`YK4<!sTJ-fofJ%@NwITmAc<tookG
z&VQ2UeN&T04$G#9+=iyyi)}JO)<#@jnU9TJa^r(8eh#gY;QYKbTx{D^Erw}lKYq?n
zdK8<MBqQM!v}@X-%{@Oazb`I-61`}ViE-S_eEHWZ^;b-`eUQGSwv{<%W^ccaV~P92
z_N<AyyA~eV@#(hMn(9ObRj)NJLVb6xa;rBchc>>-xo0%R*SEXYyyVj2|6i{eZ&$d%
z{`*s{vRH1%Ul*ojte!#ZUCp+3&RH?pw5D%=Ol=BZ=7S$!zO3HDxOuZj{8QnH>Ke~E
zk1S7{`CKncBy!=zHJ_gTGydJDWK;OO@CjGr^PCu8rAKR}<)T-+2AA^)Uj3o`dYQ?G
z_pc094V2-fBd4gL7>kHw9sj9s#;T`p1RV&O*I};`X0)Nzz|cU^fRl|?n~#}Eij{#y
nB$)3<qSM72SA)OJnwIjcb9Y6b1QQEKOoy0v_C53Opi&Y5zxP{D
literal 0
HcmV?d00001
diff --git a/roles/ca/files/CA/private/dsoclab-nifi-3.key b/roles/ca/files/CA/private/dsoclab-nifi-3.key
new file mode 100644
index 0000000..4c508b0
--- /dev/null
+++ b/roles/ca/files/CA/private/dsoclab-nifi-3.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCnSKDTqx6MSWCL
+uL2aqlwJYgF5icnlXzBkOMrxlS1IIIHvYKpv0e+0rImO6fUWfWQHsDt1w+HhFXFk
+YI8VjhaL3riXeaeDGXdbqjaCN7lRp5W1H6ydgcbs+xQ6hHcenN08BjChXtCPsMla
+E60OVle8HT++10xLN6KIck0aYogIoFe7IM5+r7dy8u6GGrEoO0H00+oUdJDhM0Ea
+kuIu7NMgYGBh1vwOP1dDiF8QKSBRQEbtXZ/RWudLUvTUI2BKIqeSbNTLIAGmuVNx
+enEC4QVyQaVCn0FHLDB+DLFzzPdjYCc/PTaTFKp+Eu0b8ctN6HwyIFD1LX0GCpPP
+eoUrC6axAgMBAAECggEAIwh9zfZvTlfrpTdKVgLJhZmFz4tAwg2eV87hCZkBQ7Kz
+I4uuBf8EYWUk5c4vasdV1JpeyXn9ayMPfUMPlCcOp7o8FFUA9N63dXX/NmQvJl+f
+ZbA9eTr9ixHGGb82Jy4Y0wJE2va9XOpcMMYgHvmMJDRH7lKugq4jFspBRX5PGOcM
+6MxlzOSEcPZFrccDFcVJIU57rJ3HO85mF8OUmQoReA7SH9qNLFFtERrsgCSkWlwq
++Pdz+FwkK2tmSBU6+4J2YTyJ0AvF5DUex8tf6rAD7H1AGz70VEFumlbjyz+OZgsS
+oeoAFRm6Uzoo2kU7mB3fPpA2oCGVWVIY6fgHbyZHsQKBgQDR0L/WuzeTpYB3oXbX
+2rPcbZVa/wK0Evl1dfj1UZUBqazkVntMVko02Xt5RHt8FTaorTqi2ieEGfcbOonn
+cSZzChPNCvyr6MJJHRcqNP4pgxd4b1LfP8sCLZTvi7HdBA1DPamgWuiKOkqGghHs
+38BX7SPz3/gTxEjwCE7g9970FQKBgQDMGy+CjGI8btlbKBK4LkebuGGWgWUIXa+V
+2OhoEZzIwDQf6LotauA8pdljTeeQ0VG4kO365hN2v5bL02SOCo3ciaLkQ2tQhRNt
+1xSDoKf2ipbjFZr9o6uDHGtVKZF1B20j48vEWBu5EEZ8yf7L68BWBm/RCVeN32oL
+jpmIMySDLQKBgQCwbv/CzDASAkwjTS2omgpBRA0iNerKDmKjeY7ei7nnag0u/eI0
+8SL5iiCgewvz7crG0NTL+PLdzQ/UX8dzTdztQ/4eoCyVSueFn+bI4UMRGWF1Lvfb
+L8PAkx/4x9nLZwrYDlRDue5tvlLJBTuZmxYdWhavjxkHVjmXTwU1fHqJeQKBgQCO
+Rgj5FEhJ3e8PFsDtt/zcdEs6MVou2bdSWc+u80/5s9jhwUU98Xj7bZQ6H4ziKrav
+U/8/XG+G4AgKboFybbLzXtG4EbLVft3LPBilpDBQr8x74IyYbyVYEFBVHdOx4wpV
+8S0R4WT5vHmV9OvyU5RPos8AxGVOlMSD59Pn19aExQKBgFTfUARZ/liWznEU8X5Q
+krL97ge1+oaqQBI0iS3jmi8cfRNpwWFxc+uRgHW5WybGC9PxV/n3yu1i4wIyrwfC
+g4f0HH19x+VTFs9+H09wudytJh0K8LLTns5G3Nu3WW+o0gtJDQDcAxijvEr2jn08
+qnSQ95GLsDqLTauqOMzEyhM8
+-----END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-nifi-3.p12 b/roles/ca/files/CA/private/dsoclab-nifi-3.p12
new file mode 100644
index 0000000000000000000000000000000000000000..4d4b23daaa41114bb1ab95eea974f0c2618dbbeb
GIT binary patch
literal 3397
zcmXqL;&o(VWHxBxWoP5mYV&CO&dbQoxS)yW2TK#r7lS6A4+c%_%Mns+3!2zx7&Ng@
zVPa%3Xkzb0$S@knuyH|6;9+Dl;A7!1x_UZtSw-|=CMFJsh9>rePtUS0g<U8(SfyO@
z)M(#ayG+M=?>kG&E~+qFtozPB<IX-s58c&A4i|*n{rjb>Cb^Vfl(RU!?4*pP>*tP}
zMQP2och82MIVZH$qjj%PQT9cbpSMr>d#PWa<EGdhct52i;G<l7T8=}KPG*Ls)C=F^
zH<$UnKFa%ci>dR69dB2?>8M&_bNK5X^@0hip=_(Kx!*0>_%T_U{dMZm6TvU9#)oQL
zy#CNpPUFUd#pk0er>O|CZvXxwZ}D#<%O#6GpU8FgoH4a~sn~M!(5_Qk@19PNU7Rsl
zf49Yi>E}LlzJI84M7MZtNm!6^Mejz--pzME-qhUkDy!)H@=J4m{$_TI&XeSIwBf2u
zJUMql|EZ-WZJ}WT%XwUR|Njcw5p*DH?}~*H(zl|%T@Q3?`P*FY<J@{$Jj3jClcR^G
z>y@Kcy*b+VR_LEzDROA7ztQsp57!#~RQbttX)=Gyb`I{T=l3!G|Enro#%ap7=&r-X
zSHI^?(a-<QE?Zo9!*`O<n-J%{jh96G%J)t=t|mKS!mYx>FRu?Q&ba8@v~ioQzLSTu
zPs?<k)HSV2k`eq*|4%iSe3%$e{gP4NF1wy{kB-=~8?$!)U%XiH^)^AJc?}^=cjqkV
zGpXf1AFkqJabB|SOw+8@_j``z%x$l(C<%C3`XKP6+`Zt2m0#Ry)=u6e8YLxbIitq^
zXC(WR{^Pa&Z=WT-4)kC+{b+yA$=tV6HpiaHJ~(klVAD3%uknw?1G$^`*4w|=Q!#c}
zI>lV2=1I_#zM{qVKgY+NPGntnfk*Dq&npuSY<<0V>BE<YfAz~>duz9Ex9>NOvo8Yn
zSFAZA)cftC|B>#?Yo#3=u7*~di+)J8d|j9GhW$G0Ug=I&hOR&J`o!mo@3#NY|FH0A
zF{@+pU;Q~^?19`V^OgJF1hhNrT$uQH*Xj<@i$~iZXViY(^G?)0Hf}<p>cYC^UljQK
zXZD?KGpe^eAr!%*6(l5{a3oQ`blHBTJB`az+NOWfFJYOs_qvOq#yPK|Il6+Wmy9o+
z4m#!~GNX2D@)6;#iFPYoc&03MbXu+2Uzu<%{q^zBH?Dcy-*7JEvS-i95arO6>X>Si
z6L)SE$k-&XZ+WddQ^ZF~@1&_wSj?kC=CfTZGxO(aPvK{@a`63fT*Rn*&F<H#8nZqr
zSf1mznU}lB?Dp<>%Na7Y=9S7Dm3nm>w;DWtdCq5R=c4OU%RNtjEl_%Oc<Y&Tqq9~m
zr>C>K2hP+g4>Ho0a28n2*kDq*c8ifr!a3e8wkfO6TlAe)F%pwKFwbL>XCB9sj@oVQ
z3s*gB@-jEtm;TOp=T<h!84vw0e?1y{^vV{iE8*SB?GIaDZk|6Y@z-Uq_ZK($uY5jZ
zr+hc>ljVzcS<PSTvtL&+-q!Ya!;IT$)1Q4yvo{Dmy1egU+Ej_>pQdDW`}i&soc7Ue
z|Ln&Z_rv2?E&cjHZg22s+XupvYaewOcWC~WklWC|A;oOUg2z4?XFJ5$=4QQ?F=V-4
z*s|rg+Wn@O>rxued7qu|y>@c*Qy=ZhC$if*yY~LFT0iyuuN$k_H6~c6ud?4388!3x
zv_g$@vzjDJH@<H8d$hdE?uKr!`EqMd&6~bUk7P_~+N^P)=>LO*J)ZX$q_~7AUp>6n
zZ%L!s!=#g^Lsw3ly;^({XZJHH&!tLt@7;Ij<uU)jsvr=zWP!no=|7gbFZsIRseRF!
z9kze`OnAQsU!Nz%yYKsvF1dKl{*bjMZ1G~M5^qoLnr^nelKa1iUhS95Q}6v;^>ZCV
z`fd)93tye`9+=(9?kj(Na;eRX&SIt&?cM@CzqB0$IWsq$sdvpWkiEFew>ZnUIK$Ae
zGGboIo~zv{_a6(0><%-^ExmX<`OmTJvs$mV=xhz%_Pp<I+)36a2RWh`Q<pu9{kX*S
z=+C8G-tRK^Ea_gDRF_^7<32rh(^}`PfiF0ApS~wDC0!-9@Y_rljw*x8ITvEp9d9@v
zNl|L$n6>7r`+>^3wmIszQd9qI`=**-t1tKa!DsOu39+JlqDP&pW;k8?vPpI;=R5`(
zHNPsi1@Eo?Z0<Dp!@gQkw6ZzA=T~}2<;=owTxl^Lk3<W$Oj>_&evj^MmS@L5c6^YT
zKILWPsy=x>g+1X4l4pJ_5AN1JE^*#r1IMemrUu-5A58rtWn-K9PC@YUiD%pzcW#}0
znb^3hsJv|5s!ZXH4L(tY_r>;AZhswJvEiI&--=mR*1kGY^Dj<)dcbYt<KLCTJ}=Mw
zzQNy*-(Gb|eU+U2sSh{ULpMsl?chC`v+x#kOYin6>azuR2x!Jw2TN)fEfBj@vSqS=
z;M0%)zNejvywktyssY~u$E_=Fn&rmIXh<$w+TDAqM(&0{-J=Vv%Nq{I`_8#}Jof{4
zP~WagceEvLH~skiMzUA&`d@*by@sosyyH*Y|K<0fdP+pK=qJVY#-HK(!O3&)F<kGJ
zDr0ca`LuaYX|CYGpU2<pngoBk{8&B2DUfgLnN99SGi^m)AMiHWIGOvzzkoUNlY9CS
zIIi;RPk*rc@{F4Kb06zmPR(k`ReBL6X7|qZH+#T_-`5^U9azmZrCU7qpL6y8H`b1y
zJF3DC)EhLhIwDob3z}GsSejV%44PQA44PQg*tlWUGZ!P%f+m)C22CulP-<;vP^~RL
z{oa;#fzmagTAQVb<wQV#Ov9-l!F8f8TTcq*J<5KQeW<_m=whqKQ70ySogb>_cIAIM
z%TJDTvEo~n&0i5Nso0k){G<HiZP$nEx-}2|F+OFNZyDdwcFI}CeNk1StW;3E;)6T(
zo7U`jnsKt*+uY{WlvSoj`6Qfn=v>*9`fI|8f`9k@F2yMC3P{$?i`=As>GjKRZww12
zw=D^}>u<mJ=vIc7=x2ZYZG+2mC!3{fAMLmy5ct4ivfx7T-He`WrS|`vWTduFN%{N3
zMkc9g(zdlvBc82$RI<Hujnl(pce7=@ckym|Y1zKY{=%Ks|C<XnS|{=Ud-BUAy~wUK
zE>U~e9`?Hb+}z6fJ@eW2+}?5Hce=P+tK(beh2jk5)vF#xdrI9pFf;3!`O^5WbDwBD
zIC1z~4*#R8<|$So_RDtWd9@w3Ia79f(XPe38zWEh^960;w_(cUn!e#tlWnIwf1~C0
zw@W@mtZ&`F_Vcc-W()Wh6`GhB`n|~6ocHbFpX*L1ro6PXe!7nR(antls{*-CKdhhJ
zx08R7!M3(D&o@u4cU<ffnV{lZJ4rv{<utp>H16WEJ$rkcws;4#q*oV<xk>PghWB33
zll}Na<?y;&T}KaF2&%kvx0hXfvG&@INAJ0NI=-_6^z3#xFZEzU+o`0|)4Ug#a7=zK
zxaenwUGSVehvyu;w`11j2BZ8ndBrbI-<XnQ{dvXn-@EuKLh2+Mcc1On65RK;{dVq=
zzeaLC4p#+BVsD<y>yYDZpV(!mGe^s7Nuh(^KC%5=9M2UromZ4SOFjE{zU-5N-T!76
z-M(M<UT<yQj2io*HTz2S|F=whay0$$-t@NLr6&J>7jRt;tXCAQ^R6_mKOh*qsI#%Y
zFYR5o{l>em-^%V4id_F;+q~qN|4$`<x)H4~F|BgCYU2BboF_IsKU5SJTq^HAwngt)
z!<wZ_ZA4z)a8=v?qQRlvxMur-IlZcVGYcQDV0dp_AoXHKea5_2p_o@izgo54ElF{*
zciwk6Hm=xCtLT|Q>8jQ+_np@n{Vp`RZ4>S0+SXRwJkRMA*Lwwbs{<Fz_iFq;(aa@S
zzsP9eDY^Ln&--^~3pk!rI39C>RrrI|bj!ZwKZ+M+O??@*dEr%^lk5DQl>6uZ-TwW%
zr>Eu1wak%n0hTv+$}XO<zUjK-;^y;D&iNN=nVy<E?SqW>@*COWnGgJgvg;;_i)8ft
zJNEVK)D71JrYzcaihGTWde^+D8+z*9r56vb6SaTb#h~_CH0|>PxdV~@_ZSX-ynZ9q
z{F2e>ePO3=Z0d>P`1ss5^WU8CJzqs~W2SRV_p^4|cY4E#15MZ1icF$cXl0%|>|eUR
z<h-0oh3eN!y=p5DE4=-%jk#c9L&u)Y)0#JKk$y1c`|R~cyjAk{wHwcTA(_ZyulDN1
z*^`~q@1-s>QtrE_vAzBDq>J*W!g;5ApWH5fe^<`@h^x_(d77`5?7cCeX0E5r+)JBg
zYlzt7N^Hw8v|VU-{>tb7S&CM5oMPTtUHc?&uGEd6)+BI0bK;B4pf(5H+agzI&0gdB
zzvb)3ddo$RTlej|B;nw^sQ=gfu61YKmj1uHLvZ=zPaiI|uK3c++Wjle{O?ucoHbp?
zWu>>tO8ssNN$FFnQVnc3x&LLd-^#%A4^5uET-DH)qtMiSMrY{^CaY5gW~;-`9N?Mz
zBcOT>+j`z<hN=e2@Y0b})KH8?<X>a<xymgZrJ;Xw)~??q|Gq`(<`n}&14RQ)Hdbvu
tW+o|C1{RT@yk}k>G<K<GZjLT2)(i->`@D2B3y0*+l5@t<9}a;^NdS_9f~Eif
literal 0
HcmV?d00001
diff --git a/roles/ca/files/CA/private/dsoclab-odfe-1.key b/roles/ca/files/CA/private/dsoclab-odfe-1.key
new file mode 100644
index 0000000..f10604d
--- /dev/null
+++ b/roles/ca/files/CA/private/dsoclab-odfe-1.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDlRvZxzqI/YV6b
+88ZhiIeZCqy46J08X4xgK0FbNvs5Cm+hFgIxrA29Dv+VWdjxIWu9ltZ7eQHRZRzK
+CSJQMAHq7bQpv7RwJduzHelz7WOTAkyQIgRtMXQxroU8Eo2z9pIv3nV1j8ql8qIS
+lPvoczA38Xy1TlmrcXMmgJpGjUmUsAnlJxA0ncBTO/p3LgbAc44Pmh6MJzIM6/LS
+DKdSSMbuEiEV40UwiYFjf78KW9EFyBz8X7u4giqSOzquGZ3pp2J8CvLCKuao1JsK
+qKJa7OWjGnPggz3S6HSpC7DksP3+rR5X6A0gfKofMWm1DYw/HI3c03Fb8QRqrrkt
+qL4oEfVLAgMBAAECggEAGkUQNaf8VRC9+1ZqE4DGMJXVhnY4ldNIzTgHjAD3tehp
+M+bGp5RUGqZeSGl7/tzacGWY+5q4x5ozOz7irJdjkNxdeS8a6IKd8p7pwbugXha0
+WQtcwHobGxoo7+IcVFNbGpr9kFPCX1M2mLRzTIXuL2q+5DMu+QLNs8qmYpELrjpp
+wiY3yQ6zcv4ndWJloMWo+CzTXq+Gh0L7cWB8dk9NOGu0dAF1HIVokvud+xUejyIB
+2bBN/J9ErGBX366C5yqzMei1JhDXBT7N3XATs/i5tx5jHxO9/G7Psz6Ka7wQ2XlF
+9gY9AndkXGFNt/YnKpvN+h39caH7lRvC/AADwidsYQKBgQD+dHoAUKrCKfrHDazQ
+gQRPGNOY/J9anHhKvPKUwkoY8VZ2MDqB1uwSWioambx2CVc81eeHWmRQUAp7Qw94
+p9DWhqcPdhqGZDRQGSolw8uXnSLKLkJ0f1VxRv7B16wwLyaMgdcwn0JaZ0iaQqwk
+VX7V3OnRpbaji+7pkoJUetbyOwKBgQDmq1mSa8G+/5K8CURJz6K7/ItI29VCFm4t
+ggeQ2QdjpCEhg7b5wyW7Y+CjbWoUx/zKnT4FFX213Ca3TaOKn/sU2lu0J7AP4A85
+yV6JizecpU/aDsAelezO4PfpAdHiUN49lWt6VCTWzOM/+hKdLE1GVpOfqBCtEEYZ
+DJwS8JdIMQKBgHm9Sl16OqhYo1W20jaTc3dQXnQ0cR1N/TNswPaxGfhjBsXW/zb9
+l8aUAs7lPMiQYX+Gq5YThijykoE0rWNBjuYEWEtKaxhfOrQTxhl5Wp+4G1v10++e
+uEdQ+zPMtuH6vQu+VzE5EOrlvVOokGl1yhAR+IBIM2B945k2ckpu1wXfAoGAEGtY
+B+UluGvGzR23v61I/yqd24TSbE7ebtzXnwbj0MLpHNKcXrD2aZ1VayyppWsK4n1I
+4eHCvgQ6uUeMgZybqcNVTcCZdrfTPaDI2u+O+NaHlZUBNewkHCHFY8+eWga5mxac
+vOtqZ+PTtUUeuBNkOMKG5ZF4BmmnI7dTEMIRcrECgYEA0LJjKYwHmqHXe7Yel/f5
+6U3fQka70cpS0hg9T1qHlC2A8Goj4p2uchJmRkH3uYd0FTtImkoiAqksnWu949pI
+YFdI65eKm/7a7Pmoy0C7TMM6pN2ibbN7XBoZ7bZ6Fj6FI74MLgUBUIwMyKXWRhTX
+RWpegcD8h8CCEagLjZ6PN3I=
+-----END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-odfe-1.p12 b/roles/ca/files/CA/private/dsoclab-odfe-1.p12
new file mode 100644
index 0000000000000000000000000000000000000000..ed4bd60a1d96595774f510ecfd8c864a09e8d338
GIT binary patch
literal 3397
zcmXqL;&o(VWHxBxWoP5mYV&CO&dbQoxS)yW2TK#r7lS6A4+c%_%Mns+3!2zx7&Ng@
zVPa%3Xkzb0$S@knuyH|6;9+Dl;A7!neEr7FF8!J!6B7qRLlb*KLgF=lr}DlvSH7<H
z)8`4|a(~+UXJ2EDNgVrSk@W4hOMBW5Ybm6DjO4yj`0^0D!G+cbAv640H&!^ePuF$n
zyAxo1*s$tNP^|WBeXqK_{DdQJ`%cZ^eZf9Oe9hS>HQo~IPh6PtuSqO5pzw9(91Fc`
z7Pj|hrS|22bT}KI&g-F`)a^LKZJG7fv_92(w@;pYj<uS~jX4kcy4a4Um<y`5)Hl{k
zE2U5DQ<gu}_WZ?e-L@Z+k)6)@YyB=hT4^(7)`ADNG8)_ML;vb|l%(ETnQhabpTl7M
z*j4QQoV_V-a~_JMW?#C|HnB!v_LI}DyuYXP@MUgNm>c9G?A7;i-ab{kcKy`nRsz#X
ztDCB|^TKi&bd58=B>ZXl`$VQC=bz4WJ655+cRS90|Hu5MbGnh#jb-K*?|Tv)OxIu2
zIym$BwIyva)<+I(FFE=|{Au&${17jRT)r3UyKV$sw)DPH<#~VN^+}V@X#{Wjwf*xZ
zk^A4TyevK!fBp}jpJ|s5XT&|---<_Kza}fJ>et-Mw@y@%XSKXgnW4~!v$eC?Ca*tH
zf6IEV$ikzye&4^HUYoz6{Xy(p?><92&b5v6_s2|r^;Y%oH#TSf@QdG>9~kmA_dek`
zf9Y_!)4BT|t0h<8IDKY8#ta5iC#}-17Wu1%QHgu>KQ^n~aM|JE6tQyYqJ6Eu9Bi2b
z)|)-Zw`xC<J1=X3etKxh)_<mpKSmu}zxm<L`t$ENPi!z<(xP$FjNdQ9t2;(%9+LyV
z=DO1h7O&WP&UODD!zW=0^8K18=QAYTY0rHUWnX)JiH?-cFRjD*3#MhS-RUydqW#SN
z<wi{A8&7&X%L`NvD9b))lzIB_8t3KP_I$Zp>ZH)H>$aiRxB31rJ5~qJ(=1#koyqU<
zuru$!4)f$yVtktYf6iPMnep&QRE3(vntKx(moTgkzjbBS(%Ayco5FY1-o7>QLz#T%
zx{LC2C3na#%ZkXgu6J$9+I8&V(Ja3TcK)oWq&@FuY-g4<N!+>C_V*d@!<|aIC+u6b
z)wt=`hd{5#C-+_sEGhc2uCm75B#dS10fBW!Oj&Wy1$bh1RUO~-B~s*~l%&yCA?YoT
za&21=R*F7lf0FucLC{6nDH~@mJt&f~=Y*M<SzWbM&$K4f$ugX~H9U+s@6XrJU~%Jp
zvN?O%E}NQw#%JylyM9G~Tea%X+VH0WlT_A6NiBHB=5bIvPvPB_tHrag`zL=)NJ}m}
zx_`sE->&aI%iLgoJ+Wc&+qs<ISrVr#+RWZ*UM4>)d%~}YH{5Ro2;7mJH+OTIvzx~5
z*RFg1H?KNzGf#EZ?K!F8b6$MoX!DysY4Z79GZGCh{mc8IV(dC;mv-I5?Qgour!Ts;
zO{&zdC}-cxUB6avd@KL_W?$HIpLMa>N^0g@M-H!#<Sv}^Z*shx-_@qsFRyhT-D2;<
z{=a<kX49OQ8TWtKJYTCOu}b*BX(_FHiro$eZ2qX~Ox!Eoaa2USWSYc<X%Tu>Hy4~u
z&=ZT@q1yIphrE*<i)OIvgt(>Edw4axOXn<mz_IH=p&!3}*u`D`OLj<xeOnQ}S4U^V
z4>jf()rR$*EShKK&x!J`&ga>~ovW(2I#cnaHIMuM=N->(N{6Ui7P@#&>fMQCz2(=U
zv~P?4>F0jCU7>TGSb;=W;@cXnq?Y*2dSYK+zuo)yh2NLdV+BWVF+csVI8iNn0{4x}
z)nbx0K9c@gB0dh@O_6nWSNnF>hN#v|_}rV|RCca%b(8vnJTVtFv0%qzOZquJr8{rn
zdOmMvYg$Bx(8Is?pB!3od+NNo#TV56{CiY7>uN;I`Tg?_oZiiOYi(KJTa`arTjt+B
z&ZJ*6XUbd0Cr5vNvPk<=Ah1j}t9*90Vo-b&UtI8)m51-Nh6fsmGkfrdMg6~5xMx;g
z>_!c@$jE-7BK086+_!4NK7~=6O|q5-J$S~Ouc+T>I(?qYtkzIhDba@=nr0I@Pneq@
zmXL2#VCej8yewYE!*A}Yya+kH$lnJuf2wkZ#J>LG+tkD09{F;A)SZnsiQz(vUL58V
z`!2pVtwyr+h_;fr(^D<Z^|RH!*M-0EeR--;x4(PCvDI&We36oSKPhv|{|zb8lCI5K
z?<f7T3I3)~n|}DJO6i7wJ&ztr9^ZUJj<J6FMdrEP|1L7N1_jMEn)hT&Q;ky@*V}XM
zn^w=#7yjk<?O}$^-0A%vyzOdN-T3RegY)He=B4@p-`2M=-|3wHNqNGfeG?<zP2c(O
z%$J`P7O!^v7FptTBaD0PO63(tA~zq={FC{Lt#IPRMc+*B^_-csRjA|QpBbktALo9G
z@SD*q^Jqoek?kM18e8u@BX924w$AD9tN<zTr&r|GeZF_s=Z>who^a`kg-mMKZ#pS=
zZ*RS%alNoga*y}a`G2k6bWgjs$7r7KKX!Xnv&21n=e@DGukW35c?L_3%$Kgedy9Jx
zpFFnkceayl&7!AQGqfI@ew^`D`PHr$%{u>jzi!#TSf25wMlS2kfXCOJA70A~mi%nK
zLhY%0>}mb)r3a)KUPPSSQL|G`Pe9N^X7_(DtNH7*UrzQH_}Ka8zSjPKd?kK8ZkriS
zW{NsA8Z@ywB2~x>npllknppJ=npm|AnpoA?xM9^Z7bDYxCYE;wO)RfaYHemvt^IV7
ztGU5lM|DuG&C<kjB9#51n~U#3{>vH?S@tqZL`|0II#2y8ao;;ku-B6(G)AkP@n#Qm
zP-u<ETGu?$n}?t9{(7L@>u%3^F+=T7NYoepIZS($UtRpVSVFpCUexxo;^3b~(rvyU
z`F_V9{u0qLz5ev6A`yGZpEm9CTxK&Yzr?mbX`7InW>^2xeY;OKmu+Oe{5|U$9o~cS
zf7Y2f-hVRPJ3%|zSYC6Ich+-;7r!P%cXbE+mlu`Xal%SY$nchFVWm7*yz1ZXn)8#s
zi}qeuuzXy+eD+<gGfFEDbF!%#PFK6I^Te$Oo&isrx-0(|&FVJE%v68OBc@+{t<FN@
z$R(ZMmM2a*K6sVVHg~)Cc9VqKsxuiczUJ*Yd4?nArr452JGQ;4EVNUNR{4{!AhM!9
zdU;xI)N(D}a~C(P_{T11%lzXI`|(b`S$|JXEX>Z{y>$7}yCPp=E9@(~+x=Is7JbcC
zb3$VBjaJEpO~2lSE^NIR`+HfadFIj^?Rl+{g-P!76)Jl^v)XN}J1k^(eoA71ozjD;
z0?{vTYX$$~JREEG_2VLD=`9Bv&zgKI_O?51pmoo9hiA%3&9W;&^{ZWzM1*R2^>tS_
z&YiV!g<7JKcZ1fQE$!Uj(#>`#FH%VB&AAaYU3-D!>-~#+t3%8$@~dy}oMY9Y^kl||
zrM5RjXV3D#axHpAy2F$FYN=@Vd(-wkv6MUPaqeMe;Jex+o(s{hf49AxWU$tTi{sA6
zE%m|o`Ooh9)$!!uIscv0m_-*X|K<{{G*S8fmh_pgW1^~4g}A<j+ip0^(tow(4F7}l
zgZmH9+bX>Gr{LTgS&x5i^Tqc3^yl-u_S<~-S;=bwZ(IxJBrcMeBQJbFIpEi_KcCoC
zmd(iTm$*F9FQP!8bn`sl(@$<~*S4y!3bVNXAw5G=Txa$Yu8`AG>`~^L7sD&g%v`@$
zu$?EmGKxD`K6CZ77PDfP1N=WM{(QK*xY>L1<mcD>1FXbc)_GdboqTA=?uGGIM#(cw
zr<8e}eph(0?ogq=q#V=yX=lY&J$-j~%M?qw+kHDc`z#OL%qW`G?)@=}eOJn_yXp<e
zTkQ82Jhx@$E8ccQFh#Sv>yFR#lBZ&l!CC4o(Pj@~3|oWMYS$S>`af7x^nJ%whOEc+
zRkxnR|JuFFUfd~rHt!C>pT<kmwx1}w`F?77ZV%6mHO|-U6;`iVbK}``)`Vxv`PV<a
zl3<-)-yA;ab=9Y~>qcsl_quP^9ekOW(POCOV|VKP&c+!{bNBGao$lCVqv@|JATWVb
z#>7m?Oa7kJ*~ODC1*U6EG}-*N#f`;{gEQ?ZlXZ>F2VOzl6-?7hC$Bhu@YUo0e|}eQ
zn%;S(KEYpS^RFd>9L`5se=qgvlUb1Hu;9YX*}We%Z|D?%l-g?fn0-Q|^wUF~Wzok=
zd|ojYEpo2?$i!UnUu2CrtIzdQst*-*s7L7ueyB;SQaHY?vVWTFthu)o-%cyH^in%~
zk*jraa*NWYpXb+IpERfG^0|+qa+Nbyos(ISrfn(~ve{+PvqLBLI~XcTsvNslqL-=Z
zP%WLJ(R|l&o4KgNY~9F{SG2B0YiNDr<uEp{y1nGF)$h{i?Sa~i{K8>JZr+OCxjsI;
zF{sltI>XAV+Of-Py8j8uOZQDa9BW!5P`zQFU-`R@dF!{W{Arunm|1=>(ENPkNh6+{
zhN=e2@Y0b})KH8?q~`pKQ}f>IO-(bHto10O^+~!+!F&Tl14RQ)HdbvuW+o|C1{RTn
m&03dMC`O3BTK~lJ=bx^%1@WHoEFAZom)ywXe)9xWN&*0g3sWxu
literal 0
HcmV?d00001
diff --git a/roles/ca/files/CA/private/dsoclab-odfe-2.key b/roles/ca/files/CA/private/dsoclab-odfe-2.key
new file mode 100644
index 0000000..6b56b08
--- /dev/null
+++ b/roles/ca/files/CA/private/dsoclab-odfe-2.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDHpeE/4KMiafG0
+FV65PNvXRLvZx2mUW8F9ozRNPogK4o8u05iUrrQfSaP9SycWcKsDq81MAip77Tr/
+SUkuO4j2WYUm3je0R54cvqM4jrAia8rFEuW+QJxXek0CDNsTxZ3Shd+ZVzKQN1QI
+FkYBVNoMdzFjOUYniD/0rU7m/Qo+nZiaU5iQvpvu47KRx38/obli+HoezLQj7YKg
+XK2Ge1BTyexXBEQcEvYzP2hC+LcvJZEcqrDfF2vtbcxtp9a3B2thpRZRnwIHrbJC
+QsoLsS7BbpQtPl6ISI+2ixWwSI41WOq1kJz7Wvr1xye3ETB6yzZ8T+pSAEdA6fDK
+Z2My4DNzAgMBAAECggEBAJlsPTQ0cckRd1/3iCp7vUmplV5fYyBSftgI4jl2E1+i
+CXxnuPqRYvQkSDRvW2NgQ9t3XDXL+E/x14O1EtrHf5Io6y0aWd5dpwDZ816UMIDT
+KyjVQ943kq2a27D2piiElarhnBofq0iubBIm47dEOKiZtEdXDTV1/AgQYvEZhZTl
+dZWsX21gP6YbMgGE/ZFz2tMjFlaK/f0XygJd64gGwwt0wzhBnJsb5Nf1nyrqfuNk
+XIKXQCBx3IbFxxHSd0LxeokYR1+nWcdw2i2T396UjlFJn4n58oPJEQSQAuq5RXHe
+aJDCiPLx16Hx0sqSgwXfjptXwdxYt7DQKYZkYHdUZtkCgYEA44g/xK6aUJWfhc5n
+QeOAB/maCa6GmSaGhvjIjOVu2nimmHl4jBF3Fi6FyWG8Tqj7XBgDaByuLBy5NIAQ
++/cQ3IGMHlI7SboQRllmsUMrCApOFyENBn5V+2dyCIRIqzstYHWGefv9ElrCroZa
+a/XZrDGO2zj3psoaKwat+b9i710CgYEA4KCC2NnP7henjH/rDbQfebIg+NSBeSn4
+1PDh37p3vm0gIclhygWS9vL1ERlvt9N3o272ago9jM+PaVK9fFBiqGuMU8X0/2qx
+LnPppWUKY3WKPkDKSBgz5J5jkTTneL6wPLY0saHB8Ob4zIKpfh8dsIXBwmiYsmO1
+x+q+HAL7EQ8CgYAjKZsxOgp/CaBtfUhX1mCi2uADPwVuBZYkpa3YmFxZRuv4BE2s
+18Yfl3D1fjUrstGlmdBs9oG0L3wvsNrvFW91pE+TIAIpkqeRN5+3JToxM+Z9jI4G
+wt9mysXEqyzPyYVpsr/lehvSClSrw/eVV5kcE0yQdG1RSUph+9ZHElynwQKBgEcy
++WaM27iHLOd+4F1um49yY7sbeJKUODgeximpLC1i3412DJYBYE0AQ6eQ3XVyBPj7
+wgVoi4vneniS7lbKEAt8U3V2SKrxAYpM2WFAfqN57UDAPp3Ndh1gCwVKtJf0MV59
+DoTDVfrq6y+/tsOwTzPVoc3iY4wfyM2+XVX5p+UHAoGABD84C3yYWYZ9gBkEkXHH
+jjKUcDCWUTcbErUtaloI9AU+Fw3XP+H21b1ahblQ8JtGcGIosYLOGreZyjN/gVJO
+Us14LTFkYwnSQMJ0KLmfZ2qEL89xl8fIFbjmccJUmW01F1y2M9yZVTVeNiAiq/VL
+j+8aCEyjHb06KrRCjseb1u4=
+-----END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-odfe-2.p12 b/roles/ca/files/CA/private/dsoclab-odfe-2.p12
new file mode 100644
index 0000000000000000000000000000000000000000..106170ff7a325bccade7cfecf2f60642e866a4a0
GIT binary patch
literal 3397
zcmXqL;&o(VWHxBxWoP5mYV&CO&dbQoxS)yW2TK#r7lS6A4+c%_%Mns+3!2zx7&Ng@
zVPa%3Xkzb0$S@knuyH|6;9+Dl;A7$NFWMiy)qmX`CMFJsh9>re&Pl(Xy6;x^3s|yq
z%WvL8`P<bsnrzbbCT=)C?Tw6%bvm0skyq<+ZW+V+6Gfh<cC+VgoOavnc8u)y%bWt+
zeed7)%<ANM>U5)}*ZfRu?&;EkU8`H>uU^o}yddxO1JjCC{i|NaPyEX=he17?cY0uR
zL#%f0UfC%RKM4fJ-Munf@1NjbP1mRY8GLU2m&^;VT)<h@{r37@hRJ7_{c7IAt1cxd
zRT*PdJ#+0Jn{1Dl%S|rJZ2TEo@_W5V)>jjzT-AT+U2`0KAHGOV5X`BP=xpR;vv$0B
zyW))O?o`cNhhK??t1<1?ni7*JSS56*;Ue$Uq8IA^=bi?z8}DxrE|?&1$bJ2%DATlE
z+m~PF>Z-iQ?kp}A7^-<U-qkf{OGkG@faB~F{Z~%Z+`Xl>qDTI<bxq4mqvI~g9VL!k
zH~S~wbhslu>qUZm!1|vG6?-3TXI)}-?UWtYqC3BSm+Uq>IKj%Wl5b^QpR&6dgYjJE
z`E#x9v{v$%DNoZ`awn15_ha$Xo~y-&GuM9dao?TvReGZIxy=l!L1jI^u65f@?QJYt
zA@pQxU81{!#@YPsEvXq@ukB+GOg0m{VRPGpZ*6~P<r+KR*G<`Kfi8(EiP=Kh<}c%V
zw@)`*afs)%l%4l7MWqVX-D|7+SNNa#@ajj`#<#PMPd*@?n*MoBu3plkwySRgKHW*{
z+G*IsG$H!_D~3o8mfuUCoK>4N^={kK4{v^Ge%SGK`If^~n<I*S>`!Wms4lheOZ=a6
z_~e60&Nt^wllEnk=UUVB;qvx~8+J!E?oO)^`yl53;A`udxz84N*@ZWrIGt*kHFdq(
z*}}EE8YZeG{P3-mdp+e&|Ap*Jn{WT{4cN7l^R)P-zrVC1`z~tiIKtUsZO`mC>xn)~
zgimzmTHYI_H*JLaJ$Jld^4QyFo~uy&>V3+y|DV|A%C8oBAz^3~yN<K5>C|P*-D=5o
z>p$DAYqa?NoZ(!^rSKW$?UO%oUzu=p`wW+^W6QUn`_=y-JgTL4O5b6bUuk_mO}>~f
z@0eAgv&5P|wJd0hl;iO&(@To?v>TU9c3bdjcJ$#)0pWYIpBXm_{F}9B_Tu`<My5qs
zi=F1pn5l5q=xu)N{2yhSXa8t#IXii_>i&KFi$3d0)vUSb|6WU;pUG;)?SS}glP9z7
zO;T-1{!n}5%FfUVvk7|-u9v<de(6CFvklkBy7mnw0;&6owLB{uB92VVm&k2>6|2>B
zT1v`H?7jWFwVMpM#de<-50&ZouuR{`W!L7igk@Ew>cvv&0ny=a4$MEe?$T`W`rGll
znhpxAnDL}*Pore&f*@PvxovydQ$FhcsxnXGb=t2~w`|M(Mt#F6OAa@+aa(v_(s*RM
z`OBNH-%fr%5b>YI_60lN4z5|E_3>xU=U(QY{^0=IglSIv%8%ECEHt;Om~ecC&Ofh5
ze<vKY?6AE0=<17)Ki8dYUwfkA+QPRdSf<MUs(iW1X;RRZ>YdMy)+zj5yUVr8<)(J(
zY|lLo)|$$*G@_aWJ5=WWV`urY_Iby?^1yR@n>^I#+Ui|<|1<gQXO(OBwub0)pRp3w
zJayB(U}I2M{nLJNlQ(|VQyuTzEMJ%+)}r7q@71tGxcoVjMV;w|_qX+8@)Pcyx}9H;
zwnz3mPkq4@=Cp9z;!?%l6N1+kuX}%YO6a^rbveDy`sEg7{x6)6{=u0+A+n8Wj*aFL
zk6P2Ie_r-Z`OV+NY~r~s^6RhDEi)DQ+I9u>W%eqY|C%RaZSURd`cOIi$HLH}Jq;2c
zZryuwERC6YO1O^N^>_chjmosM9{riVrNZ-gx#XvYeGJE~e@{zHJ9+i|nh5XgWTWnB
zPcQtMXfkDs#^YNlEmjZeKgpkz&U~!G`e3hjz?Iq$mX|9&NL+D~(Z4IAyGH-W?e53t
zR4m^2Pk#Eia$4+@O$|M7el1cf=h?m}yy2nb>PtVh_T5&0pM88=#6Goy%RG+6&b(`W
z<B|j?!}n$>w=EAuc^A&8zb(pHY^Py6>o>!}?-{8lw>@O5NQ|B8B=BlZTnL}?hLp*6
zpVV|eynggIC0HwC%CWmE^d>QVG~O)!PW08A+{Wkgul<^n^^M>8%b_^0o!5BgWymQ-
z$N9$H-7FtChdbc#7J+GRa!owNTxJJ0Mwvx1%)7GoFW14p)0`%Yoj!eLSq<CC=Eqqf
z+5wq=r+-$^V(D(}=dE;J_3@=iSDtacXQSC2g9eXV(|?;>nsfVL;#|)g2_J(p9y+P#
zvE{^G+w(-zPF?G;)3WfmcA-Tghk{K-h4v;$ZvVy4C41<k>YeLV@28%Ww*TSqHT=#;
zD?aAtI{|s2GZw#?JtO~+r(c^*=9yoyo9dq>$F&K(U#j(UwdGa^%hYq<W4f76n7K<D
zoWF3_(Dp;d^(Dnq=O!7P>2}v&?wM3SZ)Jl0<mG&-4=eVX$*;_l`}cCcckmC3X0~%v
zpDXHJF1F5Gpk(42o|~}L?wBQC;&w~PKI2yt?mz!jImNzbf<fEslx}n71@}T7>h?@K
z!P78JW~m={$#HkNsx>cTqn^b)o;rKy1J6YZ_7vQ>r4Z%cS@!a{&iQ}$52^>NuBa?u
zBiPho(8TJ9R3R^DVl`rEV%0NfV%0KeVpU_~hE>m8j7$rfSl$^lvAja5wV6S+HmmiP
zjf{eMcR{r_OB2h9UAy12HHyz@<ydCz_Tg)K@*2O&xbp`Ba{|+Nv_#rIJlkgBrWWUr
zI-!$KR%Wl)qk?4|Cz97U&#)<EI-fWHM||0IN57|MSg-8MXO3LS8aVBd4(}P}A6<(i
zr^=jp`k8x^;u=3A&*rICm*p}Sd);<hcGpw<2VVg@*WUv-54;j`sLR|{Qed)aqr_rw
zwsW&iu=>5<*QB;sec9|{dDo!qUC-|<KP6oAHbMRUxy7!PV)2vrChNWCUf#6Zf7N5{
z8I!Mya+{x0F@IOSaABMu)2@|wqk4?0D}^sezFNz=rJuoXC(B)1;jhp3+^}d>JO5~}
zt#02z<pobG=I6;Q%3O5vp7!gM?QR8@wv4;W+KoIG9Tu>8(*8*Hkov8<B~K#$?n&3+
zF`Rq6;6c4>_SKj6xeNPvTGr=D-q<}`YS;C*9}CZHickHvC*-_=?RxX<PrU9cl{T$e
zmgg|FR3&ukh69Z2LXJi3di?oiNY94EZ%rR(XoV=XY+bt4Gvck<?alYae)3#c<kVQR
ztM^Ig+zENnEGbLZY*|x(Zgrr`=7mu?3%7-xkTC8zw0w!!>3nNWql(agseSG?2lFxu
zUd}L>?eBj-+$g;7(NA`*S1UI4zPxR9c!^4r;q!~#<q1`7cJEH}Y^z;iQ_r#?*81FO
z+dS<JadEnCHbP&&ZG8RA{sDWR^ek14V&<904?f7-c4OO1p%cP-+WP9Vne;Zg_v&!1
z;yLzkhlb`Wr3Xsf3%*C!9T2~))t1`!_VuYE5#ev2t7d*{Rbko}xid!NVvWbKJrDle
zOTLu#d(HXd3%%Ydx$V$+U-0z&t-HV5c+^gBS?#PeX99oawQtfw7uA|~m>gN#dq%`w
zf02+)?2a<V#n)zMn0;aWr<WJz7`^&BZ@~+zZkE&ERp$R*Khf?yr=mfKj95`-h1CN?
z^RL+&=KSaXs7!nEJEOf}-kYPXx6VrFJ>#A9NBx$=>*Tzs{rjD>Z{01_i0``AwNdxL
zLBsBsW-6h{&Pn$cYlmBj#$IqJUXd>=cDnzqU`O=dvVZlhqT8>uy2$>L=3991^xFfW
z9wMtBOGce+3rv)fd@}#<$(OqP3KjzD$DZ8(`m_IggrxRq^Z2c+n<Zy_cq@O%n9auW
znCuI)Pex0(Mjd-)sbR4x*-d!+D*Zcqqw<^=NzObG$8~Jw`XkZ5)MlE0s9oMW!>wNZ
z>wW7fw@<boe6{h@#0ARxGxl~q*uao~Y9(uLm*Tru&t&%H?z(Yw=d|x)1sl%ned@K$
z@0&2EvsQW5rovhY^?;*WME@v6O~1M(q-fP%zyH}klg;m&E!;eBCeuaXo8f=7zb<`I
zU2c>h-LGcCuJ$axdHwP~-L|(jOx`WN@C&Pm+1>0jC35e7*VSzMD%n<XFX+sU9MPX~
zeC$_bU4KnG<97A*k@l1=i@znGIQH~p%Ra^fEx{H?=KV7Jc}Q}S2g`x2nO1K3FXUzS
z<%%uIHduDtYm@td%!pUpnb+(q`T3+{jmCs0`}0FHy3C}08OBWK`Py+pTjN2;TC29~
zBfmuDZ8!XW@P89i@&(03kA&wu)Iaj($FkPntvLsE*tRa&u)^-t`l_4jn}w%0ObXat
zkWt*cx_?RA*Q%|bjjz8*e7x}Xp@^IQcLjZew0+)dh#9`vqvaHpTOTi%Tb19=8S+6v
z>w~Mol{Q0F17&#W$SG<l#v)?IEs>|G9H1@lc5zz9gf8Fi*FEkAh6aiToNTPxe9TNz
rtPCt7zw_Sx7GtztIJ0d9TgX&_wKv|daj<YyCC{DnYrp7hP$>xjbF^(F
literal 0
HcmV?d00001
diff --git a/roles/ca/files/CA/private/dsoclab-thehive.key b/roles/ca/files/CA/private/dsoclab-thehive.key
new file mode 100644
index 0000000..6d4d8bb
--- /dev/null
+++ b/roles/ca/files/CA/private/dsoclab-thehive.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6xU0gpGC3YSHt
+FqFvcsTeoQDA7/xdoYk0BxXStDoUuJV1joFxSUYdyIHL8ezHWhL2iWDkyJgaYcgt
+Eo9z7vidiLV/MHCXKbSrQy3c26cQR8e1JpsRhfvTJ486VbzqeBe4iRCjpBBgOcN/
+QiWp/oR/OF70PcOYPVa5uoEGVY1lEvBOI4gdmAwvbk9n/U5nOZG5AVISqp67esjq
+j0otGPhpmjqgyG7j3sbbvkxZ4M+8NE8ssO8+glrfaL64+8xfavI+ZtTGxfYLZ+lk
+hRWHYG/ctFsTb7Cb+PPawZGegV8Wyp4UAcEczirTyDwPvrE3qskIaCve+URsHpCk
+Erz1PEa9AgMBAAECggEARJH9cBeJfqoFp6LgYCd1yfq4aR1yvPl6gwR66aHLlSHz
+lXZdZbcuK+8aYEMQ2FvkjGkBjt1qonz13j5rNngtBMFVST4CiC0CrMH8S5LFMj/4
+PTTQR822F971QciKlFbE9rYzyrCIZpuuf8FMTK4p/P84NVmbvv/+IDAuAKJWSB3b
+TXVeYzqET/cENXrNZNsTMHVoPAudtsHXXa5w3yXJXhTlRQrjMtMHgV+H1O2iOvi5
+IAJUm2HVmGON9aqQKZlzYvx9txSBRczEwQK+fLPoXGEG/KhskiBPMU0y9a60SV5F
+Oi94zzBCOSf/k+C4+EhkvfSq727ZFs60zGcoEW7rzQKBgQD08umyOtqJEB6dk5hg
+RA1mc3qx332Li0Ep9ciPD0oOyt9H/pQBMYHlV4Vf26dmjxg7XMPqB38topjbnVcY
+r1QigQ8tnHXktcO1tUpx6MhTkN4sBH9dvZE4TdBiarlcThgnuCfZUhjyfyr715tR
+BIC8TA9bd/6oUaf/zd0S4aGcEwKBgQDDMnKe7PoDlHtjxaiDs8VLRRgNKocT/jaD
+SZ5j5a1e+fvIK+lqpW7pXT/AlBVvxC6ke2Zb1csgndgF0p45ZO9WsB5fV3x8AREM
+zIvrqpH4hdRBEF7o1syVDMXmTQLsPOLzj6B2UC5mpqoo2GkI9yyXpJhNR0kqzkDy
+Pclu3xZL7wKBgQCZsFAxI/w6Q4LyG8lfnVNLFOnG8RM0mwsn6K8OE+nDnka6RWFX
+3lhCLcfhfVBraR0rIelKzaleWMbQBMjBFEEV5SRA2gqele1V9YngLs6CoELGG4xO
+pMKZMTmuhogHAnjlcwaNtJUykdfGbGFnVAvyGUcJfSCrO5DNT72GO0vLQQKBgQCF
+WyPf2/r7Eygxg8qbH+h8ghnqdNGQIS9RBqzFhxapOpR/rzBrAdcCbAiwIvt6Pke3
+a+8Ecs2x3OTHJZufjovNZ8l4TaboeToSynQVb5UGezgFs4+D96wRcIaLzrVefEJ5
+L/jqm+D3lInQGfm4fFXkzDiZI0ijjAHm/btumc771QKBgBTu4KvY6rzgmHbymux1
++tr+xl3/Nb29XQJHpZV+hgFGg1+aWaR9c0WXz9mKovBanEUHJb5khqFQDFZuWMNG
+tNQ1JbwTXwxmAfVJbLYbSHnuePkh+qtpmTVa3H5NdRBI/062/Km6Rxcf5JljB8/J
+k+SqVxdKSTfaWxGqyyAZgVis
+-----END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-thehive.p12 b/roles/ca/files/CA/private/dsoclab-thehive.p12
new file mode 100644
index 0000000000000000000000000000000000000000..4651a2126460e39b52b3c9404b73b982758cf006
GIT binary patch
literal 3397
zcmXqL;&o(VWHxBxWoP5mYV&CO&dbQoxS)yW2TK#r7lS6A4+c%_%Mns+3!2zx7&Ng@
zVPa%3Xkzb0$S@knuyH|6;9+Dl;A7#qs6Xw*oW;M^F)?v4G&Hd%END=)U6*!(LtgVl
z9z%z07^mut{mJ{z?+I0&w&m%*X9~V~%i`N!DKFMCUo0mh8tLQ2V|R<;kmSbcw(E;H
zma<r{Sd%HtzTNB4v==`A#qV;>pO6~#xQzK_1Xud(Z_0aaSkKD4eM}`#qjKf?Z^Ac!
z-cftl{NOapj)D^tIfAmE{wZV#Elw^J6yud*oO7>D^y#~K_wF;;9agP<B>6DVrKM$)
zaPzSeq0_V4C;q#0mvzk(pDCp^>Fy%?&-EIFwZ5!)^K=TolGnWS8%ra3*Rlu)T<&y@
zJ2mb5oT-lW&#JrB>RC4W<y7mLTK#|j@IQB7zV`&z;`_e0o2z~P>aZC;nP@Y`KYmYC
zO|87l48PYpt12ybgw;%$c=CUd$ALPP-<@_P^ER`%oS&^?C$RLz#-4c_!|!@dGx=)N
zWyG*VTvCAl(PwK-7O9C{&#juooQfRpHC~$$FIjZYeD}gV(+ZSs@4dxzcfMEsI*yRd
z+BzyP8Cw6Pn(03}Z(TUypzcyT)zjyWsC7gg?OFHSV@erU$u6O&a|?Ftc8Frx_^>zU
zGE1ShtuVtk=kw9m<L>K)c-CL^|KhIsu)p@6s(b%Qzp0PsRn^_=_xiQJD*UM??`vQ6
z<dOil)j#%Lz4Q5}=HH{I;yT(gO={|Q_RZF}?5c9Q@F-Ttr~l_it-96X!DUOQ{h!6Y
z*H?1=gCmTVs)31CuQc9k`v)AWo)We{#PP7&%csTLVs+w!x0X9JF1_D0{Z`7h)9Wlw
zhkT7PWIQ;-FIA$xt1k40`;Hm)xi@|q-(D=Q;_Fph^GsRD=Dae$f%vOt|NCdJTwbB!
zTHv%nizj~7hbNEXk|yu3{k(%mz2K;9@%QdkbDeFI-<xgQ>cIJ)Atio)cYoVcmlf5M
zGCyBAp<&sVc5)`m6}yO+OhwmSjSszF7qh*t@o~jGYhA6)Y%30)`qS1gUg8;OBeCJ}
z_TY#kM_lxtbLFm(Ql7UW!hZjuB$eOHca}_FEaFpMk?<|dLv`!tJ#G?Hdt$vd-&lS-
zeMa}9)my)x*|e~{kmci?nabh2BvT(x^Z2_q^1(vUXz?7C>J;~!W2a?&7;1&y{drSs
z&u$|Zu|v5frP+o5NR^Fz*@@5lCTs}%we`N)9&X8lx}E3Js&?gDZC<i}iuMirqt~wF
zG(MMjm{G1ePu0suvv@%d-|X{SzIT?!)E4F5*_8G3gz&L28D^o~ec62hpV(M?6N^=L
zJz{awda2<W_up7cI;1tpEZtRy<;0Y!?fY{3H?Xfe(rzf-q4DgY;?-n5!@}#jW*nzh
zx9QXxo3=8$^nJIxmt671VpC#jQis9=+oZtjKJ^_-b{XXEEqvD{Grv5K&&YwjA;E!D
z&_j3Umc3z}yW{OSkMDQ!;FetMW4!E7`No~abq@Thwaih>m-419IB%f2-*WwhmyFN%
zd^_NMzj)HerP)We*Ryh2`6>Ttjb;58SoOVb)*Q2|GfaGiul!%}myz#}^U`H+d=K{W
z7{9l<|2p;7lxOp-%?^eIbjOuAUNlS;?|wZwn9*^q$|74)mxBduKiej2O`H<8_fDB~
z!M$7C>n<9+vecTjZF|AKtNh;=ik@0E=aZpzZ|iOy72ZXbi#+fD+P+eGj&6b<*Q`{l
zls@ShS~nDK?bT}(@p^oP{iu{fLyPgtqdyKVbE=zYKGn<Skd^7%B}*T_O^IyvF@Chf
zVYO0K=!g8~2er=S3UyyBcosDYsGRAmn5tB%{eYF*J$UMiSCRE4=O<1zYxsY8S!9Dv
zshiiTuWz^C-&D;}zj<f>;cuVKeHdTw{q&@~bjjtHe{IdyC0Q=M#uc&TRJ#B5sm%hR
zQIjGI>T+K>y%m@ioBT@d<q5laf|LK3{f)`!ZjH@;`8%nByKr?xV2V(n#E*5FQ*W8g
zkYYCJS(MJN9kA$`<(--DMQ)e>-uW*lDCG0C64~np!W%<o9&F&8u5k30a&~=R{}X}p
zqFGJ;p*AO`PuTxqHRC<`H_3)~U#m?1y~F&ZzKKEpiN%-KE!lWrsnn#b&SukW8?WfV
z`)8%4<#w!e+SM62;Xz<&jnd;wZCQQO%r`37)o7fJ*O{rDeAnjgd5ii9zZ9=#nM>`S
z$Z(LSv^^ltW6{+2Y0N8sUuXF~cmMsc%ZFFnE!xq&SiCeLAjx1$-9|R0nWvXeWL|Bs
zHu<~f#iZ5gjGfabZ@;o<he(cO_(Z;S&VE<rFZ%7|<=5tC?`@NvR^+##B2Oh~hrrIy
zZ25mU4c0ELZ#`wAvgSXhK(mhh&iQk<ZeHD^FW>%pcKw^%;<FFV{dR5XhP30y(%xvU
z_<77l@7#_ZJULy5q#rl_<P$Amcx`gEM^ZZ7X4RgfTdXvfsZ{E3Khc-DKmBXoZ^rLJ
zR$GKlf4}zZ+595a)T8~Z6Uye9)t&U$oMoZ0<bqP`oV5r0?#x>(68`7+>&dOINgRec
z;axmsN8d~NhUSJOyB<->VKtRdPX5n+Mf6dGl3r8oW}o;K-PP|ppS&|W6eruepllg)
zyZHor(G^wh5s3>g$=p-Pd)47m$)9}rvh2+_C(bNgJJEN3(U!?2GS`0b$h}uy?!@`c
zpo!HHsX|`R#A?LS#Hwe|#HwY`#Hz-|4Xd8H7?~C{vAi>AVtIv9Ycqpt?dKP4^H-m*
za01oZEKMvY&ON9+ob%g3!llobzkBMMe)A^*`^$?z-|T<t9dt3cdTHq)2BxK6OLUhC
zY9&d@eCSV$=6kCs+{H9?vgK{nuSSxtr#jR=tP?#ZF@0Zso`mXTiFto*3?7|dWFn!=
zthm=itWnUUisN9+uWAFC3DXw6S2>UpFd^_xvFcGZ`He?1jkZMwFkZHheZ||6x1*W$
z_r+R+-f7qOFjz-T*<pI%MoK^X=Izn}>-J@GRNB0=4BM_#IVbb8;EpN#B+iAjJ^8|6
zw4#V5a`o=ZH~zb@uFP!T<5SI*{KRZl&e3x<^~-W!T{UXE^*{T+al7o><?gSJ{<!_n
zgu6ubehX*bl>c+yF-uL|EBEoq9qynHeLR)rtkd5d+keWa|BZTW>VnjA_BpK^ie{af
z{x`(n*#pn&&A0E*|7h}IO5Svxs}b6V7??Q@=1Ulq%b$|nXSSUG&*@E8acK`&!ghJ}
zF38hu+%Y|Is<eUVf$EJeGcE^69O#qoYX12)F6;l{C0E1Nx2}IR)#mZL6Z1ElUTPIs
z_n!Mp^PBp{Ir+7_K9zb1XlY+k*_Lf_ZY#UL%O(~3b^0qmy9%6K<n%`3%h&Xmg({xA
zyLK~f6j`!#dvbre+1C%|lRNiz|2Vu&_FL7~!w1eUf6H~FjA{4xGZ*)V7?&jk$e(fg
z{fd7@MQt%_zu1zu?{o|!#l?+wO7xsyR(6q{Vi2>Y_sc8IKx^qjvyxTDim#vDp0Ui-
z{$%vb(2OqSORHUHO!>yg#K-QYY?37H)UcOnhcnx}qIll}-)<#}Ty^mJdUZ}O=Z|UP
zyDZMn6yB;U!nDKo&Ekcv8ZpysUa=h&&As;M!-ZolX)LMo*6oUyznq#LIC1j+tcewT
zKGu<2+BWnUFO&NGU1sI91>p}^x8C{uN?X`3Wk<umD_8P#Jfo!6Xiv^x^XoYKj?}77
zmB}|l=YM;<bLW<27OdAicDdS~UX;~XZvXC9^3%Dk%gX{bxzF#mXixK3Fxu?<l2hQ5
z2T!iAaa8d|wdGYAvjiTCUfI2Hp31*tYf>|9J<Q)M>+3Qu+SfOQGbBkZoAGqU!L~%t
z-hJ`+ygugb2vON`JHgBN5>Ijb(Z4#1t`&);Ml9Or19x354OlllIJ|tDEQiMAw<ZBj
z?J=8!#LoSXc2k)eFy-WtPyg87OgWgHCo2|r;1~CAg>Slt@46ofmwB_Wmu>yBzl%jL
z%4Z)A*4)2Rl<j)w0{ctL3ZpxJZ0mM;dizYx(%nw3{#Rx8vHspv%+DP8?tK1*L=pEj
z2Qq_ZaVOc_otHFY!kQ~tx|84k&vGw4_e^5PoEb;{csxC)anbZn+XkUlfqPD=vscXS
zWZbYpbZUarrXal>MaddoGvRld5}W5}8`$zKY42`+_IcScc3<h4Z83+`m#DR|Uil#9
zC0eX(J&Ri-pwyGC-)O^gm&MWdADoJOUjE8ZGkZhM(g`A0u1zhfD%Ur@Br-WJ{t(x)
z&<(u*E(+|kd>ScT_@g<vZu0bdYYewu2|Ti*==VwGecxA0u1%OQ`Q)>j@5^Oe;<v5m
zeaOQ7`%}Z&^u}O|#VbFm)*SX@*>7~Z^>B1nk=<67Wv4f=Dr|Z5AWeAZhuw3+bXYyB
z#rIF^NN87GD7TY8ZFfzEe)WTe;yY`9y^u<rBJjb$%bazw*vu1`wZH9Ir!cXI`%q4b
zp{jv0ymaIgH56kJ$vQBhL@aEXzN($o!gJZ$`{vv$+GJp8plHC!#;VQ7%p}Fiz#{T`
l!}C|k3Qszkr|Ktsw6Xl+eyr&=3&+B;&DWid&fo!+k^r%JNe=)3
literal 0
HcmV?d00001
diff --git a/roles/ca/files/CA/reqs/Arne Oslebo.req b/roles/ca/files/CA/reqs/Arne Oslebo.req
new file mode 100644
index 0000000..dcf6392
--- /dev/null
+++ b/roles/ca/files/CA/reqs/Arne Oslebo.req
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICWzCCAUMCAQAwFjEUMBIGA1UEAwwLQXJuZSBPc2xlYm8wggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDOTAIZIW4c8u2T2P28GqTCETvhVXPlJpLT2eim
+3X2iHb5qfGQGOWAzOH1qyomd5RFYIWnzOohe6uUu4Z27AB9ZGWlPazI9LxralT2Z
+lVOfsurbE0hjLUrcDEumHExi4tARJWfLgFIC6Pg7POvL9HEDWr7ZoEn+0XL+T77h
+rKHtpRUG9E7JBqubksI+uVgM9BUOBMCRG4VznbaXoWxwChqgzkyNrCnkxRcAJgNE
+Mqh7g1JJQ2ARU8geuOufH+MTVIF3xEdKLiCNSIyRLuDU5TcLXLtfQDeS6WA7oPmY
+f22zIJI82ozweYHy6ne6tHsGVHWJd36tCDquHtwcEWMIQxSXAgMBAAGgADANBgkq
+hkiG9w0BAQsFAAOCAQEAg1Qb6ZHRANNpMip4Swkowrq8EqkMwnaei5l9ODVzlYa9
+Wo5f+kiGVMnza76E40/OOTRT8624hZEbaOzh2bLRd/9MCxE3oGWeSVtu/MOkN0f4
+vERTql3zlcIzOmQHXp2obtJXdpSt+8jlYbFQm9HV9k6qCnv+k9zjkIEkNaZ26NIa
+CzsR4d6J5l9B9eEnpZHEcbtD5SyB8pde3d5lGDkJ7tdwVc874cbxSA/402lOf6Gh
+5huX7ID1xN92VHEdtiwtOkcWjtzp87Dr0GxlFd9u48ctOmvfvxL/wBPXAYDnwLrB
+d89p+JzRZzr8eRj5KCEW2W7AbOVpaL05IBAR6a/4GQ==
+-----END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/Bozidar Proevski.req b/roles/ca/files/CA/reqs/Bozidar Proevski.req
new file mode 100644
index 0000000..cde307a
--- /dev/null
+++ b/roles/ca/files/CA/reqs/Bozidar Proevski.req
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICYDCCAUgCAQAwGzEZMBcGA1UEAwwQQm96aWRhciBQcm9ldnNraTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAJreAP3x6bkp2VjQRyHPS2cX96kCkxfP
+V1tv2yaQMAkL2cVmXvYiZqtIBqpsiLP9k0WkYMlfK2yv22heJ+aFcSe3IFJh3xQb
+2gY5siEgSyJIt0t2RAKxiV8OWSLLuckejaCsKF3lrsjqzAUgomAREo1tiApz6Hxo
+nEgsyajGncM8wef0B/dbbkI9PQ+Fb+K5iKnQAoS4GWquE6GXUJgWyAwbvQLIX6Mv
+c34l+IznkkPHanW8heocRyjOLJs6j6gH6YyKdT7BlzLO48XKHgrXPHcK0qtRw+Xc
+N5AaNb+gSqq9OO+ebfiBN3/TdyPGW2OYZAcvR/19IS9XwthEAMIpInkCAwEAAaAA
+MA0GCSqGSIb3DQEBCwUAA4IBAQBI2j+FMBWk7pwuvK10IHSgJl+MW/PS4LALPy00
+QCo6DUrkN3EsIY+wsY+jCUS2VGTlOehilOywH/RpmhFBxT3N+NmSyRHPhCBAJAHF
+lmziZfPU25xOt/q5TAbBgEgWJuZuMVUEXY0EV/BxHyaZLPOFogXMijP6jhLxx3yg
+8XU3aWYyFu3Dl5wwvhgtgXN4Bt5jHK7y4Cy+ChrybXabU6x380XlBDnlBLCmLmPP
+ASQ+xzmacFGIY3SVqI1sHBgSMGueVQLWmGEgT3uD7mX0sD1teFR4MA6pySrkhJeg
+7kZiw1lMNnFziruBsrk0wfVK5X4fy13lfOBZEc0YgVykUklo
+-----END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/dsoclab-cortex.req b/roles/ca/files/CA/reqs/dsoclab-cortex.req
new file mode 100644
index 0000000..1959ae3
--- /dev/null
+++ b/roles/ca/files/CA/reqs/dsoclab-cortex.req
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICqjCCAZICAQAwGTEXMBUGA1UEAwwOZHNvY2xhYi1jb3J0ZXgwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNCWsUM0pHdVvT2Wc7Ta0fpx8zq4axqjsJ
+qxqm+6BgBONoMw6FVNFwYYq51da1bMKzNgKUtx0Yk1+Igf8q9JlYbdeW4tJkd7l0
+RDzw+1sPQ304Xf6w2wV6qcUQJHUTyC3aab7jQzPwKDCaU/j40xAyNewdh6seLLUA
+fJ+PYeBdVhWMRkUJeAJ4EMCvLyVswlvtX8EzC/jIE9zfw/wFkP8Gnsu8HSvCV/K9
+qiKzS/XKsrgAGPEUELheaZ/t/ASD2S63mopFHFRxj2ECaoqEL2ffkjoMX+W252wn
+aR9bBtZ/5t+rLzGlzWMyYMAHUGwNOctorjyy2g8gBncsKKs6MJIbAgMBAAGgTDBK
+BgkqhkiG9w0BCQ4xPTA7MDkGA1UdEQQyMDCCDmRzb2NsYWItY29ydGV4gh5kc29j
+bGFiLmduNC0zLXdwOC1zb2Muc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggEBABmN
+TbZUl+mAgRYgyBhG8QxYAD8sLcKqPDrldqy/5qsGuLQSA4txQ7uEMFb9mr5RsjvA
+rsKljltvjmEMyLjOio00NanddY/qTAwqfk8VoPK49g0Sf1c73E/84JwhzjzTqR5v
+4Evckh4r2lrgtqos0sZHr5SUdYiMpAJ18WUAp+PCa6RydUt5+Upwu391lgjQpSr+
+M7DCM+KDSZ4X0eaSf6oFrfNA035FlDaHdRHGMIW5aE+fBXSXEU7EwgjCEMuy6iLR
+Arpjo8t2Kj5P+zJVXo5021VhWtTR221GI1v+JJxSkolHAziTohsj45m0jA1cCKbL
+bzpzNH/WwlpNEH7tWGs=
+-----END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/dsoclab-haproxy.req b/roles/ca/files/CA/reqs/dsoclab-haproxy.req
new file mode 100644
index 0000000..7377346
--- /dev/null
+++ b/roles/ca/files/CA/reqs/dsoclab-haproxy.req
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICrDCCAZQCAQAwGjEYMBYGA1UEAwwPZHNvY2xhYi1oYXByb3h5MIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAycciMwsLD6CMxKmBN71RL0cy+huIRbG7
+EUM93rNwZ9eLOVqPE/sveAixsTLG0Q7k0y4624Tb0mVrJiRs1xblpZCOAkYTAgqW
+ZkaHt7DuVkw82K5Mfe9bqm4Bjon+TLnebLrkP4341zrtsimaW6xahmYF8xkvWY18
+i2qXHkOKNoCy6eGE9pS8ExExuNJacu1ow7E35FuRgmKqE/K24DqqhWZwCqmtXKdS
+/9z5mV7lFdUM/s0ny5ieWmnKcXQx5ibf7NJCQ7nzBI4seiim+Y66ZDxpDqz13NXz
+KlBHUNSM9e4xCHNpH65CHVKEXUdo3aMfB1fsPp4NI3gWQbxo8k/pGQIDAQABoE0w
+SwYJKoZIhvcNAQkOMT4wPDA6BgNVHREEMzAxgg9kc29jbGFiLWhhcHJveHmCHmRz
+b2NsYWIuZ240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEA
+afvEI0PRtJHdn9wjijMSmeFqcKb7LrV3cXKgMNlps/7+D9S3E2id457QpHLteOLn
+G7YOlL+xddxa/rn95ovL/p+qU4i4bPfE3tG/Yj6GclQTNb4JWocZq6ukgDzPaLPu
+7XyS42sreCN8QlDuHDM+lNpb4wyzyLVKV8pUGLn9QjskKvAFmwXNOV9X20RLSlAo
+NhOYFxCoiwcCT/wyOh83uh5FcGOzZOPrG/J95rV+RyYOQGttu2l00nDVTD7Gbjza
+tv30d2Gj6tJAxTqXZm99qJ8zi7wBgymX7uQoaw+D4uZqRCzUqgEe9j72N0Jh+yF0
+/wo9Lx4oVJj6GR0I7jY24Q==
+-----END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/dsoclab-keycloak.req b/roles/ca/files/CA/reqs/dsoclab-keycloak.req
new file mode 100644
index 0000000..c9316cf
--- /dev/null
+++ b/roles/ca/files/CA/reqs/dsoclab-keycloak.req
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICrjCCAZYCAQAwGzEZMBcGA1UEAwwQZHNvY2xhYi1rZXljbG9hazCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAOqp6msvbJyfbZyJTgG6xsAy31kmK5X0
+wj3IfiLOtngD6CIogZyapqe6/QVmo1CBhXHB2eq8IeFdCod7vlWwfQFX3kz+OsXJ
+VHcuFfwSB/jvn3v3CQFwdVM73LEMZU1JxPsdQiBvgUVC09sdTFcbHTuBOe6yz5VL
+KdCoOZjWkzaZv8VDJo1N220kO/wWdqH9b8YZEccSDYAWTIjaLAl4PRt8bOzbngFQ
+X6NWf9Q7pCbSbUJ7iE6NZO0eGg4FWGVYR4NgnrTtFc5yT6C1It2fpNqIhv7LhG5y
+PQBC2ouFKvLv1+67hUK6ufvZndIsWA98AiO3RtBpBjdAnVh0icq3EuUCAwEAAaBO
+MEwGCSqGSIb3DQEJDjE/MD0wOwYDVR0RBDQwMoIQZHNvY2xhYi1rZXljbG9ha4Ie
+ZHNvY2xhYi5nbjQtMy13cDgtc29jLnN1bmV0LnNlMA0GCSqGSIb3DQEBCwUAA4IB
+AQAFuWENWuE+yIOLn3KkTz1HoJrOwzn6g/XkrhMcmQtRucKd9T1CMr384yWXkGcP
+f+BrrW/m2WSpPGikR6i+gW5aW1zKOtu+IABFpjsOcHTuKZGjsAgzSWXIffuNzrMt
+TvmOdtlez0sBmxPQ+JmpmNkGzSzEr/qnMxdxHonn17/pLV5P5Z4Dy5vMhTKlw32I
+1C6gD1yfjoF1nI0BWmu6vSih1IBApR2tdexa/gGZT68z1XncTD7zzUnPBoqWJjJf
+7NZ/HUxmQBcM4/sYNFnfx+XHY83Hm4+i2PS18SgC7WN+GTaGnOYdgLPbUGwCEv0t
+TnDRqK0EfRbr8E/6wCgkyhz6
+-----END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/dsoclab-kibana.req b/roles/ca/files/CA/reqs/dsoclab-kibana.req
new file mode 100644
index 0000000..c742520
--- /dev/null
+++ b/roles/ca/files/CA/reqs/dsoclab-kibana.req
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICqjCCAZICAQAwGTEXMBUGA1UEAwwOZHNvY2xhYi1raWJhbmEwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOT8kPhE1Oe9wRkMlJqPNgRKglG1mDZAvR
+4LxZUCKl9Yh6yEBl5CI9d9KPnjAXgF4ghbxwZ2HL2OKfmnx7puhOeXvNhm4mUjdF
+tqu3b0CPelWL0ZHMIW9VN1A7ch8tO791R5GIahzqOd2LJTFVDrxSb78Llu/jElza
+YyJU5bOViwKeVz57T6D1bweoW0V8yzSDdzSlsf8FEoiPzMQFXennfSsS+rtNJfT3
+BOeVBpXqqcR1TvcDZy2cmvQB9iqNbG3QWanOHxKxdjnIB9Qgcx7znLlngzuofG77
+huo/ao6YTDmp0U2+nwpDSRv9CWe2YnH9h5pjJQCqx6FNIxLjVg9vAgMBAAGgTDBK
+BgkqhkiG9w0BCQ4xPTA7MDkGA1UdEQQyMDCCDmRzb2NsYWIta2liYW5hgh5kc29j
+bGFiLmduNC0zLXdwOC1zb2Muc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggEBAD3L
+9U2PcNoNGQu7wDkVblw29QoEkbm7yXvcXt5fFlcd85Tw3+Wig4fXC2AVLBxTvK7C
+1wLGTMVtQfzH7+H+xQvhiQG+Rz2dLD6K10sPK+Uj5iXZyyeb82cqw7QwaH40jCot
+uLgvSIIrChFWGijW0tHy2UmHjTh6+cPzwGe58yYXTK/OBJwbEKKox3IL9XtF3QJJ
+wNhuCYPNbNmy1qZQ7Fny9cCU+syHDRkJwIYBAcfKVvq4/L7txkYZasnoQqE8H2Tq
+UnCOD97mt85wXID6vhi8gqUvujr/NHqCIJqd4yZ3fi8/uxbK2Igw6sr4d1y90Dj5
+iUsJ9h+hlzojGLzqB98=
+-----END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/dsoclab-misp.req b/roles/ca/files/CA/reqs/dsoclab-misp.req
new file mode 100644
index 0000000..051c713
--- /dev/null
+++ b/roles/ca/files/CA/reqs/dsoclab-misp.req
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICpjCCAY4CAQAwFzEVMBMGA1UEAwwMZHNvY2xhYi1taXNwMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz7Eb56KucIFxpVdGFC5HZIlOvX3wgi0DGdaH
+RLNCv3J4A8yRmFs2QhRV4oIWElhgVESPFfYbH3Y2Ii7orNM8Ct9Gx/EEvDq//kuP
+KlOD41CCBgn8Kvr+lKB7f8I+Cz7ccriUEAoLkP1FdimFUr8PIEN4/jvTSSCPmqUM
+ibsOl/JnsC3wF1MlpptLZA5yir/J445Bu+3zM2pVX41ShPqjZxp7cfuQ8V9h30Tq
+C3eI8uXBg3FYx1iKmzlFWU7g2xa2lnKQjO7CE3XqFcZr4tw63sgH3hiELZa2xEzh
+Sk0Tb2yaHeX5b8x+G0o6dRq5N7BtoBtpNfG25sKl01bTV8cOiwIDAQABoEowSAYJ
+KoZIhvcNAQkOMTswOTA3BgNVHREEMDAuggxkc29jbGFiLW1pc3CCHmRzb2NsYWIu
+Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEAdn/gw4DW
+EuPNCWcDYqlXVmwo0a0Enf5awha/1A9IxU22Tl4jv7KOb+SFRRy6d2UURGP+12EB
+iUq7e27L9byhs2gR9xXrw4CQlLjZ7egRg4a6fW1YeL2gKU68PvppOyMGxxH0saCL
+LmAM5N8ClvujX8wvLudCXu/NNrsBwQGaQ5CXtysYXrV7FyHwkO7FP2CTbvGbyYj/
+WJT8g3P4RM3PKd7+7+mmNoqKCOySj1gnB6xEn0iPoBWRRcC/2SlyUXi6idG45C0p
+G04CKFxHJHn2x2nV+3Ym/1ctCTaxg5tGTrZ7Mw3Fkp2QGsmlQuq8ukeO0wTMJlyt
+41DA9acx/R0vAg==
+-----END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/dsoclab-nifi-1.req b/roles/ca/files/CA/reqs/dsoclab-nifi-1.req
new file mode 100644
index 0000000..6984cbb
--- /dev/null
+++ b/roles/ca/files/CA/reqs/dsoclab-nifi-1.req
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICqjCCAZICAQAwGTEXMBUGA1UEAwwOZHNvY2xhYi1uaWZpLTEwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDr++3oZVHX1XqfujW/dXjGWguch+QYqh5
+dtjS9lHfcYA3Wux9+214bjf+5RvI1XPkyaXL6EpIJsbgpl4ULJCxgbJpMeJEhZf1
+YBKIBp2Nz0qid7PZ//NBQEwh4XONmIIvNycMJNhnvccFUEDFqdDkP7sMcil8vgYB
+lgO4oELEb2/aqhc0X17zcw53tXqaWeM80TlQFy9TGAWCNCkbGVYuwtskeVEPqNlm
+PHIeoPcD1unlxrm+lOSEvc2TJus7F7vN5Vgl8ig1pLFw3zJUhfY8IJ+Ii12DosQe
+Mdmhdh0uPPh4ZKTdOrJWZb+oKqjtYsliLHK9nX5rH4DqvDNgR9MPAgMBAAGgTDBK
+BgkqhkiG9w0BCQ4xPTA7MDkGA1UdEQQyMDCCDmRzb2NsYWItbmlmaS0xgh5kc29j
+bGFiLmduNC0zLXdwOC1zb2Muc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggEBAHM0
+gTZ4mCfbnMSSETTVJM90A9LvYRYegrDd9iiyrHnA1ybJh4wfvmKYq1UfD04Q/wT5
+MT5ebLiCOtnicU1XtZIOdqVjrdHgYh5AiNuqGfWPTJ5714XtUfuV0U47iGgs8OtV
+W0C+DvWOm2v5xMs66QIMZRJObXiNjz/5NnigHAf0eyKj+fkmfB7oW3O28vD9drPk
+WCZYRFOTxEviwWAgapI5JCmlpvAu61gljYEDJhk7x+l2obOxEt1ibTJoobQCSt5U
+BF2ZBNI/nAKz6pQhj1bW25Gc5o2QM5bkv7uIzjHMprgGMKnJnbBZjEBdHKRxv7n7
+Pa0EZRioaWxc7VVDYbM=
+-----END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/dsoclab-nifi-2.req b/roles/ca/files/CA/reqs/dsoclab-nifi-2.req
new file mode 100644
index 0000000..31f0180
--- /dev/null
+++ b/roles/ca/files/CA/reqs/dsoclab-nifi-2.req
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICqjCCAZICAQAwGTEXMBUGA1UEAwwOZHNvY2xhYi1uaWZpLTIwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCst0vi1Yd/jhWbz8AX69uM4xuDwGm5BpGg
+m8Y13C/ojHIoUAKCxbHr2tnjnZXS2d3hCDVtg3OVmLoZ/T4EZ5oJN0V50x0L7ApD
+y7gkzGhczi6u20jYblrzMb6HKIZ2jo+NaJUfcmxlSvyeuH3ig+I9sDBdwXMGrpv3
+mlS4AmuCkBEIP9ZfWVzfqiVZwGd6/OHwyUqL4DG2UxPCv4xPOubtETCmQSatVo8D
+C62HbLJzxC5BPpkatilt4Nyvj0Vu1WkXDfFYpn6MgDJyJCHS6bREI/YQj59kf+/m
+q/FDlNCKlw7kkb2GuR9C9JY5hQUm7ZABkRGjHwRbRv8bqXR32xgDAgMBAAGgTDBK
+BgkqhkiG9w0BCQ4xPTA7MDkGA1UdEQQyMDCCDmRzb2NsYWItbmlmaS0ygh5kc29j
+bGFiLmduNC0zLXdwOC1zb2Muc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggEBAG7p
+jsz6CmL0Am6fDwlnBWML8EMgYcBhhFyiemX+6hrGxZLeTXCfFn/rSKpA8oDTfNyf
+OK2BceBxePb4JJDzqkH3lAdqsuEqByJMnUQfEpLHEorXl1CN2iMaQ4F/1aX7H2g4
+dwtdYcHD/vsBu9bP3q4FM+SKE6GHcpgM+R6gyJ/yRhSWO2pmdbxSGM7MWRHc9XBz
++8kJNwhraGqNRYlwruCFxtqL3iMyMzz0x9QS4To1T/klybmCxZ+JJaFTdZtD5fFa
+aL1/PoTJUl01ycxiL8nS0vVwh/UyFe/9c2z2OnUdJo2rsKp8NHRnHpkm8SfxYy/D
+J2jaavn1ViQDB7T8OUc=
+-----END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/dsoclab-nifi-3.req b/roles/ca/files/CA/reqs/dsoclab-nifi-3.req
new file mode 100644
index 0000000..be09de6
--- /dev/null
+++ b/roles/ca/files/CA/reqs/dsoclab-nifi-3.req
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICqjCCAZICAQAwGTEXMBUGA1UEAwwOZHNvY2xhYi1uaWZpLTMwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnSKDTqx6MSWCLuL2aqlwJYgF5icnlXzBk
+OMrxlS1IIIHvYKpv0e+0rImO6fUWfWQHsDt1w+HhFXFkYI8VjhaL3riXeaeDGXdb
+qjaCN7lRp5W1H6ydgcbs+xQ6hHcenN08BjChXtCPsMlaE60OVle8HT++10xLN6KI
+ck0aYogIoFe7IM5+r7dy8u6GGrEoO0H00+oUdJDhM0EakuIu7NMgYGBh1vwOP1dD
+iF8QKSBRQEbtXZ/RWudLUvTUI2BKIqeSbNTLIAGmuVNxenEC4QVyQaVCn0FHLDB+
+DLFzzPdjYCc/PTaTFKp+Eu0b8ctN6HwyIFD1LX0GCpPPeoUrC6axAgMBAAGgTDBK
+BgkqhkiG9w0BCQ4xPTA7MDkGA1UdEQQyMDCCDmRzb2NsYWItbmlmaS0zgh5kc29j
+bGFiLmduNC0zLXdwOC1zb2Muc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggEBAKKZ
+4Wy4xgX3E+O7mrt791MpRJTTl4qE0bgn54Y7Pzz2Do3SNeC7OpCtFHAVVfGDjpKY
+vac+9+rtdn21ttT7IjwOIao2vKUdxzbLhqM5onUDQmattCqvh5ewMtH4rVfbKg4C
+S7MlCb9tezg8zBx6T9ZO7eoTcIZwnS6jEoRhNABb1D46AAfEkW/4psXUpJ/e1Vv8
+UFt+mGqLIzZ2MLwINv7RM5koCEw/9WU4haEjJWvvTLmXVedV3eDidJCFQrNwRF68
+/VHLs21e+lZK7t0wAWGf/tzQOTzgy1AydtMI1cpRVFV1OcjEvSwjZProAVNjqBoq
+CHJSL39w3B0+e51cKUo=
+-----END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/dsoclab-odfe-1.req b/roles/ca/files/CA/reqs/dsoclab-odfe-1.req
new file mode 100644
index 0000000..c680ab2
--- /dev/null
+++ b/roles/ca/files/CA/reqs/dsoclab-odfe-1.req
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICqjCCAZICAQAwGTEXMBUGA1UEAwwOZHNvY2xhYi1vZGZlLTEwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDlRvZxzqI/YV6b88ZhiIeZCqy46J08X4xg
+K0FbNvs5Cm+hFgIxrA29Dv+VWdjxIWu9ltZ7eQHRZRzKCSJQMAHq7bQpv7RwJduz
+Helz7WOTAkyQIgRtMXQxroU8Eo2z9pIv3nV1j8ql8qISlPvoczA38Xy1TlmrcXMm
+gJpGjUmUsAnlJxA0ncBTO/p3LgbAc44Pmh6MJzIM6/LSDKdSSMbuEiEV40UwiYFj
+f78KW9EFyBz8X7u4giqSOzquGZ3pp2J8CvLCKuao1JsKqKJa7OWjGnPggz3S6HSp
+C7DksP3+rR5X6A0gfKofMWm1DYw/HI3c03Fb8QRqrrktqL4oEfVLAgMBAAGgTDBK
+BgkqhkiG9w0BCQ4xPTA7MDkGA1UdEQQyMDCCDmRzb2NsYWItb2RmZS0xgh5kc29j
+bGFiLmduNC0zLXdwOC1zb2Muc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggEBAKzr
+ygHDc8j5mTfhtfsRGfnEGfZiLYCV6YGBDazc+JaQiKzRXb5FWWTPbWZ0EtiQyVJA
+J/yfkRQug6qQKLaNa22br7iP1LrPu0xQD6uTH9FgYu6J9YyfibBb0aav8em10JGQ
+fdW7AmpLRwdLVii+DwJURcd5GEBBYyRPJzwloQmktPoBsnQ1EATqcStasE6AVoGu
+1h2jlb6amEGJzUIe22CDuYs0SO5wHrn/t32EC4sub1I+jjmbiLo0r7uku1JAHT/C
+wL19wSfauW079sNjgBPgJkFbjIW8lC4VQe8X0YmCXT/d6dqsPc3mJPK3AojYZGaM
+Df8uQI9AQthiaGo1Yr8=
+-----END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/dsoclab-odfe-2.req b/roles/ca/files/CA/reqs/dsoclab-odfe-2.req
new file mode 100644
index 0000000..e97a639
--- /dev/null
+++ b/roles/ca/files/CA/reqs/dsoclab-odfe-2.req
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICqjCCAZICAQAwGTEXMBUGA1UEAwwOZHNvY2xhYi1vZGZlLTIwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHpeE/4KMiafG0FV65PNvXRLvZx2mUW8F9
+ozRNPogK4o8u05iUrrQfSaP9SycWcKsDq81MAip77Tr/SUkuO4j2WYUm3je0R54c
+vqM4jrAia8rFEuW+QJxXek0CDNsTxZ3Shd+ZVzKQN1QIFkYBVNoMdzFjOUYniD/0
+rU7m/Qo+nZiaU5iQvpvu47KRx38/obli+HoezLQj7YKgXK2Ge1BTyexXBEQcEvYz
+P2hC+LcvJZEcqrDfF2vtbcxtp9a3B2thpRZRnwIHrbJCQsoLsS7BbpQtPl6ISI+2
+ixWwSI41WOq1kJz7Wvr1xye3ETB6yzZ8T+pSAEdA6fDKZ2My4DNzAgMBAAGgTDBK
+BgkqhkiG9w0BCQ4xPTA7MDkGA1UdEQQyMDCCDmRzb2NsYWItb2RmZS0ygh5kc29j
+bGFiLmduNC0zLXdwOC1zb2Muc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggEBAA0a
+Y6OxjtMpOkPMMTCOeMniiS4yzTxgfWe4ky6wOGE0E7ZXuQgb58CypGd7vJuUJvv2
+scIov+MH65NqswlHXoENSi1j042gc9+ce/Jr1MsLMwVW0JaY2fb5uxj8oi2GTcyF
+ldcLvD6Ga/zCcyttkMy3zidOlWUd0VsMJFyQl+N9BaiUOoNP3M0ux22FQ0a6OcG4
+GlsD0w59dx/jYKlmp0eKFQ7ogaYWu3O2X+BFMigGFq2rISd57WdEZk+K8ZGazNW8
+li3076e1DflticRO/uy7q9xzvuLFlfSFLoQgem8Zp9CgNJYfa/QVnfVQH7iZLm2K
+8AHzPPLphDavqr2iy5o=
+-----END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/dsoclab-thehive.req b/roles/ca/files/CA/reqs/dsoclab-thehive.req
new file mode 100644
index 0000000..1bcb046
--- /dev/null
+++ b/roles/ca/files/CA/reqs/dsoclab-thehive.req
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICrDCCAZQCAQAwGjEYMBYGA1UEAwwPZHNvY2xhYi10aGVoaXZlMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAusVNIKRgt2Eh7Rahb3LE3qEAwO/8XaGJ
+NAcV0rQ6FLiVdY6BcUlGHciBy/Hsx1oS9olg5MiYGmHILRKPc+74nYi1fzBwlym0
+q0Mt3NunEEfHtSabEYX70yePOlW86ngXuIkQo6QQYDnDf0Ilqf6Efzhe9D3DmD1W
+ubqBBlWNZRLwTiOIHZgML25PZ/1OZzmRuQFSEqqeu3rI6o9KLRj4aZo6oMhu497G
+275MWeDPvDRPLLDvPoJa32i+uPvMX2ryPmbUxsX2C2fpZIUVh2Bv3LRbE2+wm/jz
+2sGRnoFfFsqeFAHBHM4q08g8D76xN6rJCGgr3vlEbB6QpBK89TxGvQIDAQABoE0w
+SwYJKoZIhvcNAQkOMT4wPDA6BgNVHREEMzAxgg9kc29jbGFiLXRoZWhpdmWCHmRz
+b2NsYWIuZ240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEA
+SrEnsOQ1zqalbv8SBBMBhRXlrKH74UUc8uhwqS9peQv0ILmJQqZ2FZx3HRyRcM2X
+30qhiND97sMs0H1D4ViDAk5lScX4LNCgPx7YhAVtxXAR8Y1An47GQHF2ln1veRGo
+UJ6kZO0VTnf0TSWAbEv2EwHIT6GsRiWv9xDebrtRByZXWEJF2z/PkAMfXOaYHu+9
+ZHc7oyHm06/iN9bC7n6dfPSq+odfuYKYc90Bc5pS/bOLZuUCNuWS8fZ1QdtaTAdK
+FGms4qBL3IIWWrKzxGBtCa0B/fvCrqrNENaE0J5In2nYiobU2A8wdAb3qCrMHsDW
+sXrXrXiWYjb0jUyMIOsKhg==
+-----END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/safessl-easyrsa.cnf b/roles/ca/files/CA/safessl-easyrsa.cnf
new file mode 100644
index 0000000..936ba8b
--- /dev/null
+++ b/roles/ca/files/CA/safessl-easyrsa.cnf
@@ -0,0 +1,140 @@
+# For use with Easy-RSA 3.1 and OpenSSL or LibreSSL
+
+RANDFILE = roles/ca/files/CA/.rnd
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = roles/ca/files/CA # Where everything is kept
+certs = roles/ca/files/CA # Where the issued certs are kept
+crl_dir = roles/ca/files/CA # Where the issued crl are kept
+database = roles/ca/files/CA/index.txt # database index file.
+new_certs_dir = roles/ca/files/CA/certs_by_serial # default place for new certs.
+
+certificate = roles/ca/files/CA/ca.crt # The CA certificate
+serial = roles/ca/files/CA/serial # The current serial number
+crl = roles/ca/files/CA/crl.pem # The current CRL
+private_key = roles/ca/files/CA/private/ca.key # The private key
+RANDFILE = roles/ca/files/CA/.rand # private random number file
+
+x509_extensions = basic_exts # The extentions to add to the cert
+
+# This allows a V2 CRL. Ancient browsers don't like it, but anything Easy-RSA
+# is designed for will. In return, we get the Issuer attached to CRLs.
+crl_extensions = crl_ext
+
+default_days = 1080 # how long to certify for
+default_crl_days= 180 # how long before next CRL
+default_md = sha256 # use public key default MD
+preserve = no # keep passed DN ordering
+
+# This allows to renew certificates which have not been revoked
+unique_subject = no
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_anything
+
+# For the 'anything' policy, which defines allowed DN fields
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+name = optional
+emailAddress = optional
+
+####################################################################
+# Easy-RSA request handling
+# We key off $DN_MODE to determine how to format the DN
+[ req ]
+default_bits = 2048
+default_keyfile = privkey.pem
+default_md = sha256
+distinguished_name = cn_only
+x509_extensions = easyrsa_ca # The extentions to add to the self signed cert
+
+# A placeholder to handle the $EXTRA_EXTS feature:
+#%EXTRA_EXTS% # Do NOT remove or change this line as $EXTRA_EXTS support requires it
+
+####################################################################
+# Easy-RSA DN (Subject) handling
+
+# Easy-RSA DN for cn_only support:
+[ cn_only ]
+commonName = Common Name (eg: your user, host, or server name)
+commonName_max = 64
+commonName_default = ChangeMe
+
+# Easy-RSA DN for org support:
+[ org ]
+countryName = Country Name (2 letter code)
+countryName_default = US
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = California
+
+localityName = Locality Name (eg, city)
+localityName_default = San Francisco
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = Copyleft Certificate Co
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+organizationalUnitName_default = My Organizational Unit
+
+commonName = Common Name (eg: your user, host, or server name)
+commonName_max = 64
+commonName_default = ChangeMe
+
+emailAddress = Email Address
+emailAddress_default = me@example.net
+emailAddress_max = 64
+
+####################################################################
+# Easy-RSA cert extension handling
+
+# This section is effectively unused as the main script sets extensions
+# dynamically. This core section is left to support the odd usecase where
+# a user calls openssl directly.
+[ basic_exts ]
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+
+# The Easy-RSA CA extensions
+[ easyrsa_ca ]
+
+# PKIX recommendations:
+
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This could be marked critical, but it's nice to support reading by any
+# broken clients who attempt to do so.
+basicConstraints = CA:true
+
+# Limit key usage to CA tasks. If you really want to use the generated pair as
+# a self-signed cert, comment this out.
+keyUsage = cRLSign, keyCertSign
+
+# nsCertType omitted by default. Let's try to let the deprecated stuff die.
+# nsCertType = sslCA
+
+# CRL extensions.
+[ crl_ext ]
+
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
diff --git a/roles/ca/files/CA/serial b/roles/ca/files/CA/serial
new file mode 100644
index 0000000..a09a0c3
--- /dev/null
+++ b/roles/ca/files/CA/serial
@@ -0,0 +1 @@
+A7217943DDD1145BC6F68CBA362CB35C
diff --git a/roles/ca/files/CA/serial.old b/roles/ca/files/CA/serial.old
new file mode 100644
index 0000000..5762571
--- /dev/null
+++ b/roles/ca/files/CA/serial.old
@@ -0,0 +1 @@
+a7217943ddd1145bc6f68cba362cb35b
diff --git a/roles/ca/files/truststore/SOCTOOLS-CA.crt b/roles/ca/files/truststore/SOCTOOLS-CA.crt
new file mode 100644
index 0000000..04b1f20
--- /dev/null
+++ b/roles/ca/files/truststore/SOCTOOLS-CA.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNTCCAh2gAwIBAgIJAIp0kyaAW0K3MA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV
+BAMMC1NPQ1RPT0xTLUNBMB4XDTIwMTAzMDEwNDcxOFoXDTMwMTAyODEwNDcxOFow
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC1GZDFZJPR7AYkhEsB9U6qtK+40di3KOeTwRosJ7hvP1FQjwnIC37B
+UlVq15KEgRTCcXgLH0CdtzC1Rkz+AUCLyKTOGmNCqmvyMcESdpuoI1NULkv0QeYX
+Mj4Q1Lh0RldqZpEr32UfsVowBPPhijAUlVAHeJLvji/tnUvI++9no2hx03UAhjTM
+M59AviYsRT3DUkciNSllpwV+7B2pgnpRgzsbVGP2cheaaRYG9DAbRTLrAtVxO0WJ
+c/zNGSpvXuOyBK30/pwGMvhNGPeckElSpDfaepuA8ZDcfaKNk0kEBvzIlUrpZBmv
+tBc5DmpfEBlSk5UK/0XSblKE5dOqlWc1AgMBAAGjgYUwgYIwHQYDVR0OBBYEFHkG
+ykDTn5pUrtMzTfI4PrYL8z3PMEYGA1UdIwQ/MD2AFHkGykDTn5pUrtMzTfI4PrYL
+8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09MUy1DQYIJAIp0kyaAW0K3MAwGA1Ud
+EwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQA0XK1+Eg+j
+JdwKnUpnwPq+fsyrCs4TF1DgwtqY4yr1KCw0QSPMK9ldLp62lJaRnrPE7ZGOQ7sd
+z82yEM8nMulNREp3TZwuVFaWgs0yLVKkfqZ0jNGDuEf8AJAynI4ynRbtYxtYzBDy
+XgJPk9lKK/gR14IXBet/dGbZf4yHiMzldMCb0dWzyDS1S+Y1iLTRCmpmRbFow12g
+CjNoSxdyoJPZavcOVWa4tDc3PLMdkgdY20ewo3IvCQTOg9ogVX4Hq5/M4xTz8XUX
+nHeUqshdkPVGFCIujCBg9131RYSE0SkVrPUaIbP9tgzabkZWwhiq8oSpTBmIi9qh
+GPiQTFGknE1U
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/truststore/cacerts.jks b/roles/ca/files/truststore/cacerts.jks
new file mode 100644
index 0000000000000000000000000000000000000000..9d4001b7d9a466941cda896b6bf145bf2f02020c
GIT binary patch
literal 893
zcmezO_TO6u1_mYu1_nkj&0U<IT#}!kQ>>eu$iTo@S}9llhJiIg&(y$@fq~i5po!Vk
zpovL#0W%XL6B8#xSIK0xhG?hl2E1&XT5TR}-+37sxmg(u#0*6YgxHuvS(tgagZ-UD
z{QZ4`b)6jz<ivT63=9p74GaxT%ndD~#CbtXBMT@Or@kgeC1fiYSs9p{82K3tni#p5
zniv@wwn|Ponlky~8#a{|Z^o~FtG2A)aq-4>jpvgOO6jQY$hQv+=;u7aU3V}jH0%1L
zmPV07g%#ZL4s*8~Y<2Vb$LP>~V#ztFWT#cxp9~KQmCatE92}zO{l)Q_xRIT}l^rE+
z;aO=DweP3OZ;Ucv`TVfUKxAqFd&Q*pefn?bdY}0HK7DaU;pI|>Hj^{P^Bwl7>A2b+
z4susA)l6N^TK7hFWm8pPv$b?c^0y-KS(##NUks#Ojb1ZdEwpy+EdFy=QY%01@g|nF
zU;fQuGy35x@qNw&&!8pdx2k40e4KEnc2VzSPZqX6C#HJ6Op#o_Mck4vD_%e{X!2C9
z|E`zvf?A$lUNtq{l!=*<fpKwTt3hLvfh-$ys4O3g7>h_H+bM_3^Jj&uyKL<H$--_M
z_h;Ml25ul}Wfpq_+Xk!(7D_FVz!eWoNHNX>GDnz&)qt6i@xK8#h{w;u!py|Th8$De
z;Fw}$Fo{`PC&a&4^$youuk-`I_SKzP&2>&#JmA5hTQeSOebvx0aa2B|eKS^X-nJ>z
zCeGV@<n6>h=iRdB&u$VpuWt0x*Tt*ccaC02*tDjzM!G>u>Xw!CTx{Oq{)b_L(VRY`
zxnggVr6bM=e2Qc8pM29x`-kB5CUMr+^(ARH>wDTe&O9wSF#F=w%_mH@dOtJm*m998
zE6sId#^KlnT*evR;zbK4-^}{X7n-(Xi@CYYX4y&X5x3npEH2XLWI5M-OChw5ef9h^
zk3~LzEES(qK4sO3*a=_VM3nS;6cWD2esyhWxu_|+=Bt$A=D*u`Zsoa!9g<k}sb!^)
nWJmX{g%Up|_yjJQ;~Qf5+vDoDTqXObIbI&Z%6$8^_~bbON?lF-
literal 0
HcmV?d00001
diff --git a/roles/cortex/files/SOCTOOLS-CA.crt b/roles/cortex/files/SOCTOOLS-CA.crt
new file mode 100644
index 0000000..04b1f20
--- /dev/null
+++ b/roles/cortex/files/SOCTOOLS-CA.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNTCCAh2gAwIBAgIJAIp0kyaAW0K3MA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV
+BAMMC1NPQ1RPT0xTLUNBMB4XDTIwMTAzMDEwNDcxOFoXDTMwMTAyODEwNDcxOFow
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC1GZDFZJPR7AYkhEsB9U6qtK+40di3KOeTwRosJ7hvP1FQjwnIC37B
+UlVq15KEgRTCcXgLH0CdtzC1Rkz+AUCLyKTOGmNCqmvyMcESdpuoI1NULkv0QeYX
+Mj4Q1Lh0RldqZpEr32UfsVowBPPhijAUlVAHeJLvji/tnUvI++9no2hx03UAhjTM
+M59AviYsRT3DUkciNSllpwV+7B2pgnpRgzsbVGP2cheaaRYG9DAbRTLrAtVxO0WJ
+c/zNGSpvXuOyBK30/pwGMvhNGPeckElSpDfaepuA8ZDcfaKNk0kEBvzIlUrpZBmv
+tBc5DmpfEBlSk5UK/0XSblKE5dOqlWc1AgMBAAGjgYUwgYIwHQYDVR0OBBYEFHkG
+ykDTn5pUrtMzTfI4PrYL8z3PMEYGA1UdIwQ/MD2AFHkGykDTn5pUrtMzTfI4PrYL
+8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09MUy1DQYIJAIp0kyaAW0K3MAwGA1Ud
+EwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQA0XK1+Eg+j
+JdwKnUpnwPq+fsyrCs4TF1DgwtqY4yr1KCw0QSPMK9ldLp62lJaRnrPE7ZGOQ7sd
+z82yEM8nMulNREp3TZwuVFaWgs0yLVKkfqZ0jNGDuEf8AJAynI4ynRbtYxtYzBDy
+XgJPk9lKK/gR14IXBet/dGbZf4yHiMzldMCb0dWzyDS1S+Y1iLTRCmpmRbFow12g
+CjNoSxdyoJPZavcOVWa4tDc3PLMdkgdY20ewo3IvCQTOg9ogVX4Hq5/M4xTz8XUX
+nHeUqshdkPVGFCIujCBg9131RYSE0SkVrPUaIbP9tgzabkZWwhiq8oSpTBmIi9qh
+GPiQTFGknE1U
+-----END CERTIFICATE-----
diff --git a/roles/cortex/files/cacerts.jks b/roles/cortex/files/cacerts.jks
new file mode 100644
index 0000000000000000000000000000000000000000..9d4001b7d9a466941cda896b6bf145bf2f02020c
GIT binary patch
literal 893
zcmezO_TO6u1_mYu1_nkj&0U<IT#}!kQ>>eu$iTo@S}9llhJiIg&(y$@fq~i5po!Vk
zpovL#0W%XL6B8#xSIK0xhG?hl2E1&XT5TR}-+37sxmg(u#0*6YgxHuvS(tgagZ-UD
z{QZ4`b)6jz<ivT63=9p74GaxT%ndD~#CbtXBMT@Or@kgeC1fiYSs9p{82K3tni#p5
zniv@wwn|Ponlky~8#a{|Z^o~FtG2A)aq-4>jpvgOO6jQY$hQv+=;u7aU3V}jH0%1L
zmPV07g%#ZL4s*8~Y<2Vb$LP>~V#ztFWT#cxp9~KQmCatE92}zO{l)Q_xRIT}l^rE+
z;aO=DweP3OZ;Ucv`TVfUKxAqFd&Q*pefn?bdY}0HK7DaU;pI|>Hj^{P^Bwl7>A2b+
z4susA)l6N^TK7hFWm8pPv$b?c^0y-KS(##NUks#Ojb1ZdEwpy+EdFy=QY%01@g|nF
zU;fQuGy35x@qNw&&!8pdx2k40e4KEnc2VzSPZqX6C#HJ6Op#o_Mck4vD_%e{X!2C9
z|E`zvf?A$lUNtq{l!=*<fpKwTt3hLvfh-$ys4O3g7>h_H+bM_3^Jj&uyKL<H$--_M
z_h;Ml25ul}Wfpq_+Xk!(7D_FVz!eWoNHNX>GDnz&)qt6i@xK8#h{w;u!py|Th8$De
z;Fw}$Fo{`PC&a&4^$youuk-`I_SKzP&2>&#JmA5hTQeSOebvx0aa2B|eKS^X-nJ>z
zCeGV@<n6>h=iRdB&u$VpuWt0x*Tt*ccaC02*tDjzM!G>u>Xw!CTx{Oq{)b_L(VRY`
zxnggVr6bM=e2Qc8pM29x`-kB5CUMr+^(ARH>wDTe&O9wSF#F=w%_mH@dOtJm*m998
zE6sId#^KlnT*evR;zbK4-^}{X7n-(Xi@CYYX4y&X5x3npEH2XLWI5M-OChw5ef9h^
zk3~LzEES(qK4sO3*a=_VM3nS;6cWD2esyhWxu_|+=Bt$A=D*u`Zsoa!9g<k}sb!^)
nWJmX{g%Up|_yjJQ;~Qf5+vDoDTqXObIbI&Z%6$8^_~bbON?lF-
literal 0
HcmV?d00001
diff --git a/roles/cortex/files/cortexsecret b/roles/cortex/files/cortexsecret
new file mode 100644
index 0000000..3119d12
--- /dev/null
+++ b/roles/cortex/files/cortexsecret
@@ -0,0 +1,3 @@
+{
+ "value" : "06ca9734-9621-4c6d-bb04-8ee68e028dd9"
+}
\ No newline at end of file
diff --git a/roles/cortex/files/dsoclab-cortex.crt b/roles/cortex/files/dsoclab-cortex.crt
new file mode 100644
index 0000000..a743bd0
--- /dev/null
+++ b/roles/cortex/files/dsoclab-cortex.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 5d:c4:bc:49:5f:a0:76:a8:13:a4:c2:32:61:64:0d:92
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:29 2020 GMT
+ Not After : Oct 15 10:47:29 2023 GMT
+ Subject: CN=dsoclab-cortex
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:cd:09:6b:14:33:4a:47:75:5b:d3:d9:67:3b:4d:
+ ad:1f:a7:1f:33:ab:86:b1:aa:3b:09:ab:1a:a6:fb:
+ a0:60:04:e3:68:33:0e:85:54:d1:70:61:8a:b9:d5:
+ d6:b5:6c:c2:b3:36:02:94:b7:1d:18:93:5f:88:81:
+ ff:2a:f4:99:58:6d:d7:96:e2:d2:64:77:b9:74:44:
+ 3c:f0:fb:5b:0f:43:7d:38:5d:fe:b0:db:05:7a:a9:
+ c5:10:24:75:13:c8:2d:da:69:be:e3:43:33:f0:28:
+ 30:9a:53:f8:f8:d3:10:32:35:ec:1d:87:ab:1e:2c:
+ b5:00:7c:9f:8f:61:e0:5d:56:15:8c:46:45:09:78:
+ 02:78:10:c0:af:2f:25:6c:c2:5b:ed:5f:c1:33:0b:
+ f8:c8:13:dc:df:c3:fc:05:90:ff:06:9e:cb:bc:1d:
+ 2b:c2:57:f2:bd:aa:22:b3:4b:f5:ca:b2:b8:00:18:
+ f1:14:10:b8:5e:69:9f:ed:fc:04:83:d9:2e:b7:9a:
+ 8a:45:1c:54:71:8f:61:02:6a:8a:84:2f:67:df:92:
+ 3a:0c:5f:e5:b6:e7:6c:27:69:1f:5b:06:d6:7f:e6:
+ df:ab:2f:31:a5:cd:63:32:60:c0:07:50:6c:0d:39:
+ cb:68:ae:3c:b2:da:0f:20:06:77:2c:28:ab:3a:30:
+ 92:1b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 9A:0E:E1:26:13:A7:12:5F:A4:F1:41:C0:09:FC:AD:EB:4E:66:C2:50
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-cortex, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 27:2e:a1:0c:8d:fb:b1:36:ff:4e:ac:00:91:75:81:4b:20:79:
+ 3f:da:1c:e1:80:b9:8c:6b:60:47:a5:8c:bf:1f:34:98:61:95:
+ 00:bb:79:d4:9e:c8:fb:dc:fb:6a:48:b2:69:d1:1a:04:cc:52:
+ ca:0b:48:01:3e:94:1e:68:0b:e3:4d:fa:12:c4:aa:ff:b6:5b:
+ 0c:3c:80:21:fe:50:87:8a:14:3a:7d:e7:a3:5e:b6:dc:22:ba:
+ cc:97:69:00:a8:78:08:dd:66:d1:cb:ca:28:41:b9:cc:8a:6b:
+ 7c:40:b7:5e:1d:a1:88:5a:b3:fd:18:77:e9:c4:48:fd:38:8f:
+ 06:6e:78:0e:f1:1a:1b:b2:6c:0a:df:38:11:e3:5a:3d:2a:5b:
+ de:41:63:14:ab:25:8e:a6:9f:a8:b7:32:9e:dc:23:45:f3:6b:
+ 6d:86:b7:17:b3:53:df:55:bd:cb:41:a1:b7:73:ae:21:1b:68:
+ b3:b1:0a:e5:e6:0c:2a:77:76:23:f3:87:ee:5f:0e:6d:cd:3b:
+ 94:9a:6f:f2:fd:4f:2d:72:a3:21:94:55:c0:4a:6c:2b:13:e3:
+ 82:13:a5:1f:82:6b:ae:6e:e2:ec:eb:7a:25:6a:f2:9e:45:d7:
+ 0a:7d:75:be:9d:f7:94:6f:ce:a5:27:d6:9b:dc:d2:12:54:64:
+ 09:c4:f6:a9
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIQXcS8SV+gdqgTpMIyYWQNkjANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjlaFw0yMzEwMTUx
+MDQ3MjlaMBkxFzAVBgNVBAMMDmRzb2NsYWItY29ydGV4MIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAzQlrFDNKR3Vb09lnO02tH6cfM6uGsao7Casapvug
+YATjaDMOhVTRcGGKudXWtWzCszYClLcdGJNfiIH/KvSZWG3XluLSZHe5dEQ88Ptb
+D0N9OF3+sNsFeqnFECR1E8gt2mm+40Mz8CgwmlP4+NMQMjXsHYerHiy1AHyfj2Hg
+XVYVjEZFCXgCeBDAry8lbMJb7V/BMwv4yBPc38P8BZD/Bp7LvB0rwlfyvaois0v1
+yrK4ABjxFBC4Xmmf7fwEg9kut5qKRRxUcY9hAmqKhC9n35I6DF/ltudsJ2kfWwbW
+f+bfqy8xpc1jMmDAB1BsDTnLaK48stoPIAZ3LCirOjCSGwIDAQABo4HcMIHZMAkG
+A1UdEwQCMAAwHQYDVR0OBBYEFJoO4SYTpxJfpPFBwAn8retOZsJQMEYGA1UdIwQ/
+MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
+Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
+BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1jb3J0ZXiCHmRzb2NsYWIu
+Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEAJy6hDI37
+sTb/TqwAkXWBSyB5P9oc4YC5jGtgR6WMvx80mGGVALt51J7I+9z7akiyadEaBMxS
+ygtIAT6UHmgL4036EsSq/7ZbDDyAIf5Qh4oUOn3no1623CK6zJdpAKh4CN1m0cvK
+KEG5zIprfEC3Xh2hiFqz/Rh36cRI/TiPBm54DvEaG7JsCt84EeNaPSpb3kFjFKsl
+jqafqLcyntwjRfNrbYa3F7NT31W9y0Ght3OuIRtos7EK5eYMKnd2I/OH7l8Obc07
+lJpv8v1PLXKjIZRVwEpsKxPjghOlH4Jrrm7i7Ot6JWrynkXXCn11vp33lG/OpSfW
+m9zSElRkCcT2qQ==
+-----END CERTIFICATE-----
diff --git a/roles/cortex/files/dsoclab-cortex.key b/roles/cortex/files/dsoclab-cortex.key
new file mode 100644
index 0000000..827da54
--- /dev/null
+++ b/roles/cortex/files/dsoclab-cortex.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDNCWsUM0pHdVvT
+2Wc7Ta0fpx8zq4axqjsJqxqm+6BgBONoMw6FVNFwYYq51da1bMKzNgKUtx0Yk1+I
+gf8q9JlYbdeW4tJkd7l0RDzw+1sPQ304Xf6w2wV6qcUQJHUTyC3aab7jQzPwKDCa
+U/j40xAyNewdh6seLLUAfJ+PYeBdVhWMRkUJeAJ4EMCvLyVswlvtX8EzC/jIE9zf
+w/wFkP8Gnsu8HSvCV/K9qiKzS/XKsrgAGPEUELheaZ/t/ASD2S63mopFHFRxj2EC
+aoqEL2ffkjoMX+W252wnaR9bBtZ/5t+rLzGlzWMyYMAHUGwNOctorjyy2g8gBncs
+KKs6MJIbAgMBAAECggEAIdhGJqV4w2bp64Rdd/qQc0Mg8WSE7VrOOABYe+vZQ0BL
+UW3sHbIsiEJxpc9Yi8YSNYba0jWPxfi9skjTGAIcNe6bwbpbRF5G7Jw++wBivZhE
+WUOawRLGSsMvVkTOVp+agg0mh1kWf7QCodbuqBQe/krMWOuGIYr7rcLki8R6Rq2d
+WuW8Kf697ciklh/6cyy1J6axe1LNT906lYvyRock246KbN517wWw7/fu47Mb2fdC
+U6beFxbmbc5vk4lrViE7gSNkY97Vr/uXW9xlyRzvpNJuzZrm00CgNF1MnOnwf3l1
+k8kc63RMkUJGVWcxo5ubzLXpv4CnnmUNPfaSx+CeUQKBgQDuUT8JOu2vfzAC2VOQ
+OfKR4NgMQ8fnK6T67zpLDeNUAGW+hBi62ewD8xxRse0j/rWXgvADBE1GplPXicZI
+Q0o0VgIiL3NFQgCP7rvtPGE9VQXHYgd+ULKCHcPEBwonlbAhiHSwVnBqSFoqWdj+
+SHiBn4AD1ARoD6WSEVi3X6UU/QKBgQDcQATvzbbcr41vQHm9u1O7v0slk306A4yY
+ItXk+GbtLEoLAiLy7n0REKybZAzniuLCDAQ1h1bWLkqRle26XqVfg3YaxGpoJODy
+gPgr2Hi4Y/lcFrwRThUHEu8eaUWVRtY3B9Rgi5VjLVqydgI3/AFWdlzIVkhBeN0w
+MOtKdEg69wKBgG+wD/TJcz8+QkfzhiAfqDkJwPbuhS8n2yfnGdC274UcspI44kYf
+f2bSdsEqu9KUupIJQWaIi5bCuKRY415Wet5QOKvAxSr+JblOzy/9jizqPc0VeiGO
+vDoSrP6ftfibRHJSuy0xNXn58pfKh9GUMTW+hIZGxNHoE1aDXqqB3qIZAoGBAIIc
+A46SDLNDtZ6CDSjrD6T6dW8GONTboeOBuK+hmlQDdN4Z7gFqp1E8c2r8aK8jmZ8e
+MCJbCA5QnFZyplQRc0oAQ/W+EEnjd0tqqrBkGbR7wqQG/iSO5tcd9UoW0DdF+Gfb
+5Tb/XkmPUmPYWKkv4q5sD5V9ewPKXYgJbgW2ubCzAoGACfaFTBM3zZ2rqjJUk8+F
+fGcuDeh/ZFk4MgcN5nbdKHwyXDhBlUY1FzLZlKi5J1lRyTInZUP8KYnXogw757Md
+oa5wPlnw0a6VSHX1ZZUwa0yz1Rrv5M5CA4vyNBENCaHELKLoRWwbAook1gFie6cV
+nrCXNbsWttgWkzqLDWkPT5M=
+-----END PRIVATE KEY-----
diff --git a/roles/cortex/files/dsoclab-cortex.p12 b/roles/cortex/files/dsoclab-cortex.p12
new file mode 100644
index 0000000000000000000000000000000000000000..252b3e7ef466cf7a4090ab3d5c551bd8dcaf5e5f
GIT binary patch
literal 3397
zcmXqL;&o(VWHxBxWoP5mYV&CO&dbQoxS)yW2TK#r7lS6A4+c%_%Mns+3!2zx7&Ng@
zVPa%3Xkzb0$S@knuyH|6;9+Dl;A7#aTyiR9(y|32OiUaM4NdF`^3v+fOukvCq+fAX
zxwrpy-L%(J+a#$?@WjvS3qNVdxRoDP(K`2b;}nx=99~^XCZVdU94A^HSuLYqyTnao
z=Z}8XPeuD3d>>`L{#MwxcG~Tm&lPTYOv_Z;IZa3Vtp6eRYi6~lWGu?NqxDwKeEH;}
z(9YVnT%*;;7nn31xF2a1a<u62hG*A)tDHS^&3K=q@ZpJ{Y~nRGHnas#KUNZLE^+*`
zdYyS<#>}jp54J1v?C5dJ*}F{0N4r3W{iW^Gw^ys<4HVZ(oqG6q^Y^V{%wAh6?=HW(
zaOcE`s@>}?&%5b+PUCSt9qN5pUw%=P;{~Puq7<Q`OTw2cH{E#|%K7r#(XPkg^I4xg
z=ukbvwD+o$|MK%DhcmRjojA(>&D!{7rMt?3kkcI(e#~Fh@ZKw`Yh#c(%c4NulL2vB
z>rbf6oqp}|44Wfg-md+<CuUFS0`WPP-<v~TS$W@ZsMg5bXZCP+;tuV<Q}6U|7x1xr
z{#m$o-^AS&yI=RrE#+!($ZfOUrDAThgY|nX%MrfWJEyd`Z$4n%p|_m(#ec5WJK^Cg
z-Co`^45`(U_20a3>Y|A2EOBnn3Qir@RCoI!e<WIR<1L|O#}20K^i+R%)$Zjzrv)~w
z)`eSqi|zVfXw-77c~r;iH;eCl;THym>TGZO_n*BL1Gh!QFuW7tl5xEu*m(4dr+G!o
z*2GUUtHrf8i)}spL@>kFX7+C0sdG<zh^amj(J0RJ(7uqsmTkN=__ih|qlt#arj?o>
zclw&n-y}J)VX{s51gVb<tBf?5T|ZX^_dCuune#n_r}|y^ntvHPuFg8FJ89m(1?*Wm
z;qTWz6HW_P4|%?1+mbBZpC+?~EKSaZJ+;4|rTpqc&*Uo!Hx(_LZz+4)-#a`%mVK>7
zYK+vp?>F>nW~9#)nR5MU?Q(9tLtE~y^sq3nJl^|pp{$Wh#Y5#+Zyjw;95l`Djdf}~
zDC}Al5wT((kM^G||HmD(5~l0@mg81D|EK0&+;_+NKN8(>U%q|TJdr2j&5(S^L@?i`
zdFlBu$-lmvJbHq7uPD2|Ic|L5{S}{@Q1$J$!kQ1(f7`~U;-D7szJ9`j^2$b=41Vd=
zHo4J^ygXkQubwN;w#)pSF(cc|;@T@e{eD(SrEf5;i8k56x>ljIj`?hE;k8TmdQF5M
zy-8uph%aqOSHJvfnm*t5i}TVrUsqX7{55Bddvl___t(y2H$?aO`WefX&UVz4c=w5E
z#mqF5BezO7dZr4WyJfyza8cB*M*f6p8O0wCJq)y&^<eh~%WOW=2T#u2x0{o{(NwhN
zz~rD;-M1^k%)flw=e}>{<|u}Fy8`D08Aq94{gj)X&-ifu*Ai2~_jyOJs2OMQy{fH$
z!hGbOr`V0An}=?CTE4av$v-eBwe#kGpM}3RXt=G+&pLX!V3iclRKvPN#$_zUKR&UA
z-2T*ktM_wBdDZ6a9@0<y_2uU?e*ZCT*`1Z271((@)m|KlGW9m7wNG2F?Q-t&spO|K
z87f0;FGt+6EAr{vySr_P|0_>Z<^x69vO6w)oKx_EwOex@WAn-9iu+e6E^CZ>63k#x
zlY08ue`9a=%u`k~#6HJ3g_THp*9z}cE0p`SC*p%zn3MVIz*V<=PcC42H}mi|nT>nb
ztrnAa65Va_{e^Gg7rWB3l>dkS$h7Y&{-3(6W?jDidA3873^{*V{+trLck0BY*2iz`
zy|>-$YoETv(z#Mgn^)N-y5ACvlVo4${#!JrV~NeQoE?JEWjZeXyPR7}555f6N>B5x
z{T-rExoFAix#9DY)W7_FQ_JclP;b;6!OI(4wv{WpqO!x=>B^~jeOec{KA4=Uvn*}O
z42h<YUCEwD*QIVz%ipbYTe)%N#d{{4Yi}HqX_`ALyJKZF^VQkgv{UYUuT!;Kz+%2s
zZofsX>l)RUSyk5eV!mpKao_Cxz3<bTCoXmDN3#r`J$>sNBF0{DaM6Y|6V6v!b8aL=
zm$vcE?2CI;&am>$Iy1RRmM52AF6-iVz59XR;YHvbkMzA|k{Vkxy(iA>G%c3Po)#vU
zzxk5X(&^i#wL8q4l4!*3wrVBQl-`Bq?|5YL51oAb!mTKPCI01J`<grMffq$<-aT(n
z3e8n6)aMFa*7LjTXChb8JFa;RQ*#@yU*4|VJafkKP4PR|ct=0p-u!!4?<(JwlO~DO
zutz-i3GDxK>Uf`z*zyiP?eE$vggo`<*Em03%*=S4rN5|DhAnZo{BN^Bp1!qwR}Q6o
z(vdTgbxAAxQJUuXT=ezNl#BU^oV>+PkNJKO_~@IqJo;9}t#^;>g>F1xZMSW`>A3fD
zJ)3(E%m147&ZZN)JAW%>SuVe7b8zwU-@3fFHf0^1ct@k>aZSvlAEBqx7aM#?4p`&)
zEcn?WiBmQSG7Bbr-)DXQY*_7nrG(hVhTG!L*`Beq{*m2zqV?)Yl^I4wSsX?m_NX68
z_c?!NbDKt1U4ZGGJ87D7nFq4x+rL`7wzaY43D2J9Q0H%fAHvR6w;aw$x+Rr8?aFH{
zK@mNslr0%cH|KY+dS86-)SP+wTQ0ts`ZL)~&hcENL0ijd(fo8NmGe85d|n>8FuT2G
zuR#;5BT|LDpo!IprHNI~povw>povwDjT=@yb1^b4XkvM1(8TfzrPgK!)!L@B6qp3=
zPJaNZwON{2PJGz>IQ>P)r1M7KIbQWW{bL-w#k28%4!5)zhbPY>gZn3pj%2-(n6p}O
zW%Io1Ee7qp1=CM_^)7y#d_#7ZukVT1kM3VA*ws7#jy&f(uZL1!3Vjx=PI<pT$o{=c
zM?rCs(Bzzr*B#T2UNd_0&82<j)QPG#MGrZrM9ly5{ot0%$9<Rgd$?^{wfU*(LeDD0
zh^WT%5{@f<OA^m{Dk%%gzq`{l-C!591DDTr)6Is;fp7GAudDQVv7552jCT3h%FFj*
z<{XJ*j9(H~ls~$=A}5*oo`TFn`-Kvx^$pJo{ODaid)edEnzcQPBevzWNeKy0-)^y=
z@&CEpGrv=I7(8bzy3=I2vPK|%!HHuBHr<@K{Y8^kgzF@}$9J<sE1n<R@_OmKZW+t(
zz8j|exA9hZde=5zmb>M^mcx}&pC3fHZ#HzZlrEA^W|*p8+<obpLZaP+qamt4R#@C}
zago1zm|w3-HB(f2Q~GB6IM&@(7dPhRM4#m1V9egMTPiPc|9q>Nx(~KJDL?u1WLRrx
z+M$21Ebg)V+q&}E&fC^ClkaI&t-kg!y<}DH%b@D`-+o5@r(ar~5Y0H&W<BqT`pa+I
zrQ)6cOjZuL)v?BY)6C6vrtx*=8aFj1<HT*<H@_3*%k&js<~hn`rs<qH%dds?)`ZlY
zm-$S>2V`vA3)f!H|CXwA=#l8rz2}!!PmNmdvCU?}lkS_-ep+0aYqurwqW+2gP1ovW
zt&CPhMEpLb|3hy7I@zzDX&m#GGPp&&Yx@<olu3be7l%O&<K0<VV%ywiC9Pe5CSo>M
zN81tMmO1{8_cavGu95rb$*lQt2b&GUAv3?(+l*dx__vx&2;TWjL)Fi@qfxQYNV#p_
z@%N?|#j5vSnWOly^TdXyuY~IpWpABWbo5^ELM}F!Q-4oOb}zD!^$)ricKqA(qW+Ru
zXAHG-xkP^Y+fGmqIIcOz*U|lv+=YF+=X0*xm?Lq#YcZ?)nV`f&xlUzmldoQ0c#5+>
zJ16ORsnz%S?e;J3Rn`1!_;;_TwR6X0#nQvs(~i&8aOTQC_{+GE!Q4?S*ns_wh-s&C
z*(Vk!_PK`w4Xz}w-0x}Za&+;86|1JddZeD<)nyy>bLE{6QgV)6xf*-C%L;EubF?K)
zD|*w$yy6bixrjf@KR-CI*l`uh5)aQ)-K)-T;B(n5-}~%oUP$joS3_BE<Cab5H~Y+E
zti4+oZ|?Nf)&I`T8&VH6b}j8$(~|bC*)T3`Z3f%dxzfqC5eqGq^fu3~<}FcpxGec#
z!mSBkFWItRe;NK($glK>*yZoM+156az85)MZ`}K4ab!WU<2AP_ca;{$zOfW%>5J*x
zetWM#fYQ7UpOpQpDlhJN!DMzco6DL*TJ80Ev7d^!81Li<tCpt+>OXZ_E_3k>%YUDy
zEv!M(%%)72IJO(xh;2-p>H9(X`j%XKxdnOu|Lu8n#p^xa+u1j*4T8%4Y9Dg!nANgf
z`gT{d-S?yVmjq>v;_vU35kB(C^Q8Ls>q=4{>?b=I^<FYhvYHZP!}Et>`U8gY*tB;Y
z!X1h?7tdhXDt&I-LI0d{Gj={X)%@Yc8P-;ZWr4qQl@1v$m3=I+<jp3*jjVk-FZN`w
zT)scT;=1|l1>O5AjRdXvPKk<Y-rM<T)%A`4et*3w9&7YLD^ODVhQ`C2?<-F-{#nd^
z$xzim8D2VaiW-Wsh$Lmr7xlgxQR}V}cWAG!`_(P(?$-?r4HOMH*;uvtn3<$l8CXO*
mJ8Y!w|0unBy2wC4<ixN4tpN{Dvv4HxUw`#7%G(uGN&*0kPfV2n
literal 0
HcmV?d00001
diff --git a/roles/cortex/files/logback.xml b/roles/cortex/files/logback.xml
new file mode 100644
index 0000000..2dfba26
--- /dev/null
+++ b/roles/cortex/files/logback.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration debug="false">
+
+ <conversionRule conversionWord="coloredLevel"
+ converterClass="play.api.libs.logback.ColoredLevel"/>
+
+ <appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/cortex/application.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>/var/log/cortex/application.%i.log.zip</fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>10</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>10MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>%date [%level] from %logger in %thread - %message%n%xException</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>%coloredLevel %logger{15} - %message%n%xException{10}
+ </pattern>
+ </encoder>
+ </appender>
+
+ <appender name="ASYNCFILE" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="FILE"/>
+ </appender>
+
+ <appender name="ASYNCSTDOUT" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT"/>
+ </appender>
+
+ <logger name="play" level="DEBUG"/>
+ <logger name="application" level="DEBUG"/>
+
+ <logger name="com.gargoylesoftware.htmlunit.javascript" level="OFF"/>
+
+ <root level="INFO">
+ <appender-ref ref="ASYNCFILE"/>
+ <appender-ref ref="ASYNCSTDOUT"/>
+ </root>
+
+</configuration>
diff --git a/roles/haproxy/files/dsoclab-haproxy.crt b/roles/haproxy/files/dsoclab-haproxy.crt
new file mode 100644
index 0000000..5be39cb
--- /dev/null
+++ b/roles/haproxy/files/dsoclab-haproxy.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ d2:7b:43:cb:9b:fb:09:cf:cc:86:ef:d1:01:9a:42:fc
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:30 2020 GMT
+ Not After : Oct 15 10:47:30 2023 GMT
+ Subject: CN=dsoclab-haproxy
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:c9:c7:22:33:0b:0b:0f:a0:8c:c4:a9:81:37:bd:
+ 51:2f:47:32:fa:1b:88:45:b1:bb:11:43:3d:de:b3:
+ 70:67:d7:8b:39:5a:8f:13:fb:2f:78:08:b1:b1:32:
+ c6:d1:0e:e4:d3:2e:3a:db:84:db:d2:65:6b:26:24:
+ 6c:d7:16:e5:a5:90:8e:02:46:13:02:0a:96:66:46:
+ 87:b7:b0:ee:56:4c:3c:d8:ae:4c:7d:ef:5b:aa:6e:
+ 01:8e:89:fe:4c:b9:de:6c:ba:e4:3f:8d:f8:d7:3a:
+ ed:b2:29:9a:5b:ac:5a:86:66:05:f3:19:2f:59:8d:
+ 7c:8b:6a:97:1e:43:8a:36:80:b2:e9:e1:84:f6:94:
+ bc:13:11:31:b8:d2:5a:72:ed:68:c3:b1:37:e4:5b:
+ 91:82:62:aa:13:f2:b6:e0:3a:aa:85:66:70:0a:a9:
+ ad:5c:a7:52:ff:dc:f9:99:5e:e5:15:d5:0c:fe:cd:
+ 27:cb:98:9e:5a:69:ca:71:74:31:e6:26:df:ec:d2:
+ 42:43:b9:f3:04:8e:2c:7a:28:a6:f9:8e:ba:64:3c:
+ 69:0e:ac:f5:dc:d5:f3:2a:50:47:50:d4:8c:f5:ee:
+ 31:08:73:69:1f:ae:42:1d:52:84:5d:47:68:dd:a3:
+ 1f:07:57:ec:3e:9e:0d:23:78:16:41:bc:68:f2:4f:
+ e9:19
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 49:DC:74:02:17:71:C3:D0:A0:64:31:9E:60:2B:B4:38:43:62:DE:98
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-haproxy, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 04:a0:71:31:d2:11:93:09:96:c8:1b:2a:31:b8:b9:34:07:ac:
+ 89:cb:b0:6c:b0:f0:17:5f:18:3c:a6:96:ca:b3:fa:c7:af:40:
+ 17:e1:7e:e4:dc:ee:fe:5c:dc:86:40:b7:2f:9d:c0:9e:fd:16:
+ 6b:85:ab:c2:a8:63:1f:fe:03:2b:89:6a:80:c9:2e:ae:cc:3d:
+ 19:75:32:0e:56:57:16:27:02:51:49:1d:b3:78:aa:57:d3:00:
+ 9b:93:fe:6d:a3:37:ad:26:35:57:e1:5f:90:bf:ef:30:bc:68:
+ f3:bf:7c:59:69:4f:61:30:2d:48:66:a6:44:2a:51:63:6e:4f:
+ a7:8f:96:7e:91:b2:b2:46:bc:97:1b:01:df:c0:24:5c:b2:aa:
+ 8d:20:3a:25:5d:8a:1c:84:53:0d:d4:f6:d5:81:5d:30:de:c4:
+ d7:fa:42:9c:79:68:92:56:b7:76:69:c6:c9:ad:07:47:a6:d2:
+ 46:d4:a5:0c:10:a9:03:21:4d:56:40:e5:28:e3:fa:70:1b:23:
+ 32:68:07:3d:d6:8a:3a:fb:6d:3b:a6:20:16:1b:09:f3:47:f0:
+ 2a:4f:dc:97:86:56:37:96:42:1b:89:b8:76:1a:ab:7a:25:4e:
+ e8:62:d9:a0:3b:ec:62:72:64:64:ca:87:9c:be:0a:08:09:52:
+ ab:03:89:2b
+-----BEGIN CERTIFICATE-----
+MIIDmTCCAoGgAwIBAgIRANJ7Q8ub+wnPzIbv0QGaQvwwDQYJKoZIhvcNAQELBQAw
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzMwWhcNMjMxMDE1
+MTA0NzMwWjAaMRgwFgYDVQQDDA9kc29jbGFiLWhhcHJveHkwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDJxyIzCwsPoIzEqYE3vVEvRzL6G4hFsbsRQz3e
+s3Bn14s5Wo8T+y94CLGxMsbRDuTTLjrbhNvSZWsmJGzXFuWlkI4CRhMCCpZmRoe3
+sO5WTDzYrkx971uqbgGOif5Mud5suuQ/jfjXOu2yKZpbrFqGZgXzGS9ZjXyLapce
+Q4o2gLLp4YT2lLwTETG40lpy7WjDsTfkW5GCYqoT8rbgOqqFZnAKqa1cp1L/3PmZ
+XuUV1Qz+zSfLmJ5aacpxdDHmJt/s0kJDufMEjix6KKb5jrpkPGkOrPXc1fMqUEdQ
+1Iz17jEIc2kfrkIdUoRdR2jdox8HV+w+ng0jeBZBvGjyT+kZAgMBAAGjgd0wgdow
+CQYDVR0TBAIwADAdBgNVHQ4EFgQUSdx0Ahdxw9CgZDGeYCu0OENi3pgwRgYDVR0j
+BD8wPYAUeQbKQNOfmlSu0zNN8jg+tgvzPc+hGqQYMBYxFDASBgNVBAMMC1NPQ1RP
+T0xTLUNBggkAinSTJoBbQrcwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
+MAsGA1UdDwQEAwIFoDA6BgNVHREEMzAxgg9kc29jbGFiLWhhcHJveHmCHmRzb2Ns
+YWIuZ240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEABKBx
+MdIRkwmWyBsqMbi5NAesicuwbLDwF18YPKaWyrP6x69AF+F+5Nzu/lzchkC3L53A
+nv0Wa4WrwqhjH/4DK4lqgMkursw9GXUyDlZXFicCUUkds3iqV9MAm5P+baM3rSY1
+V+FfkL/vMLxo8798WWlPYTAtSGamRCpRY25Pp4+WfpGyska8lxsB38AkXLKqjSA6
+JV2KHIRTDdT21YFdMN7E1/pCnHlokla3dmnGya0HR6bSRtSlDBCpAyFNVkDlKOP6
+cBsjMmgHPdaKOvttO6YgFhsJ80fwKk/cl4ZWN5ZCG4m4dhqreiVO6GLZoDvsYnJk
+ZMqHnL4KCAlSqwOJKw==
+-----END CERTIFICATE-----
diff --git a/roles/haproxy/files/dsoclab-haproxy.key b/roles/haproxy/files/dsoclab-haproxy.key
new file mode 100644
index 0000000..abcca5e
--- /dev/null
+++ b/roles/haproxy/files/dsoclab-haproxy.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDJxyIzCwsPoIzE
+qYE3vVEvRzL6G4hFsbsRQz3es3Bn14s5Wo8T+y94CLGxMsbRDuTTLjrbhNvSZWsm
+JGzXFuWlkI4CRhMCCpZmRoe3sO5WTDzYrkx971uqbgGOif5Mud5suuQ/jfjXOu2y
+KZpbrFqGZgXzGS9ZjXyLapceQ4o2gLLp4YT2lLwTETG40lpy7WjDsTfkW5GCYqoT
+8rbgOqqFZnAKqa1cp1L/3PmZXuUV1Qz+zSfLmJ5aacpxdDHmJt/s0kJDufMEjix6
+KKb5jrpkPGkOrPXc1fMqUEdQ1Iz17jEIc2kfrkIdUoRdR2jdox8HV+w+ng0jeBZB
+vGjyT+kZAgMBAAECggEAUcxwiNDJQySK7I7q23XcG5Z5i/rtW5OZin3/7vA/eVlg
+D3gu2KLTs42Su4siHk4zZYkwQx2xH7INpgDOPsQBhQT9DN7rhcBVCFE/Y7BObp2p
+bQ375HHMb2L5Lpeyh9gx21JIhZtAbcBt6/QBp3hPmnxxnQNwtpUtEDe923714PHD
+SfJ1Nd+mgeJ3ShPrk2jhcDdU82/mQrk5eH8M5QJqlTEWCvBgJaKhBf89T2XrX8jf
+oPzeVijOqgLg49QEtAPmI98GlE1OAp3boFx4/QA/s76pgWZhYIm1hcm1AguYhQvJ
+bi96IgdgVQQp/y7L+ix8zsq+YRxwPuCSBl+9BotYoQKBgQDm4neNC87XV4RhGuHG
+w8WpFXFe1uOucPfyfTMmjifh61GZa4aWgBQByBQxBs729MOr9TFrNApTGWPO8Lag
+ANnREyNndaUAUFgtCdY7Gc99deWyIx861aAVU7GGIFVkCo3OK0twbbyzqOj+B+H8
+c/P1tXXMayt/gPVuRDj7sq90VwKBgQDfuh6Clxa2sq0GdKsRkiDXaY8eZxJZchYw
++0MsYQjX8hPOGn0YWGy14ppE7JEPTEWSRuzCf5cwem/em8AIESgdCUWcGkgcQO5n
+DvZeXrHHpVrTmGE5xEVNYrD/NPY7VizUsyLNvn5yC4hyByWkwLV+AUGpACE3HP2s
+7xTakmmoDwKBgHKEfXuuEafptrVbWgT2cYHOKu85crDBQ5o40zgaZlm+GDkahiT7
+3fCMRseScvE2sh8GfL6Jj11sSH8KEesGwQLclUDpry+aqkGckW+6+5lk8ssKdKD/
++GjbnD/EpdX7Dh7mhoJ7S49pBjeJvWM0OBr1KDp+JZMWaaWJnSHqnO/9AoGAXvM4
+m6fP5f3y3PiK2cwwz/tm2DpaWUfID0Wz/pO4Ex4UNbacPMbabF8dpf7Ymat/I1Oi
+i/FmkxaDf/COEV5mrdwPhO7Kh+MuyuJYwThjLx4IbCERsliQKQWnpMgvcINkR2k3
+biZYt8IZSHusCD4ZSL7zxOvfLOrK5qgZK6JT4RUCgYEAk94TNC+rYRZOfOIaYA7+
+K1qTQAe8tawTBlKauXptWCzMFtMSEwozuHuxgnyAS/uRUKFMgRk00KrSvnuyGEBX
+5QxqqhBOMvGDs672q/kVZ5C9M06+y5+Zpg0Mf3r+zOBqB5tCASnl2KfOCZkAt8rV
+kyb4KyOsi81/fpVM/WeOL7w=
+-----END PRIVATE KEY-----
diff --git a/roles/haproxy/files/haproxy.cfg b/roles/haproxy/files/haproxy.cfg
new file mode 100644
index 0000000..e102cf4
--- /dev/null
+++ b/roles/haproxy/files/haproxy.cfg
@@ -0,0 +1,17 @@
+global
+ quiet
+
+defaults
+ mode http
+ maxconn 5000
+
+ timeout connect 5s
+ timeout client 20s
+ timeout server 20s
+
+frontend public
+ bind *:80
+ default_backend apps
+
+backend apps
+ server nifi_1 nifi_1:8080 check
diff --git a/roles/keycloak/files/SOCTOOLS-CA.crt b/roles/keycloak/files/SOCTOOLS-CA.crt
new file mode 100644
index 0000000..04b1f20
--- /dev/null
+++ b/roles/keycloak/files/SOCTOOLS-CA.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNTCCAh2gAwIBAgIJAIp0kyaAW0K3MA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV
+BAMMC1NPQ1RPT0xTLUNBMB4XDTIwMTAzMDEwNDcxOFoXDTMwMTAyODEwNDcxOFow
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC1GZDFZJPR7AYkhEsB9U6qtK+40di3KOeTwRosJ7hvP1FQjwnIC37B
+UlVq15KEgRTCcXgLH0CdtzC1Rkz+AUCLyKTOGmNCqmvyMcESdpuoI1NULkv0QeYX
+Mj4Q1Lh0RldqZpEr32UfsVowBPPhijAUlVAHeJLvji/tnUvI++9no2hx03UAhjTM
+M59AviYsRT3DUkciNSllpwV+7B2pgnpRgzsbVGP2cheaaRYG9DAbRTLrAtVxO0WJ
+c/zNGSpvXuOyBK30/pwGMvhNGPeckElSpDfaepuA8ZDcfaKNk0kEBvzIlUrpZBmv
+tBc5DmpfEBlSk5UK/0XSblKE5dOqlWc1AgMBAAGjgYUwgYIwHQYDVR0OBBYEFHkG
+ykDTn5pUrtMzTfI4PrYL8z3PMEYGA1UdIwQ/MD2AFHkGykDTn5pUrtMzTfI4PrYL
+8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09MUy1DQYIJAIp0kyaAW0K3MAwGA1Ud
+EwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQA0XK1+Eg+j
+JdwKnUpnwPq+fsyrCs4TF1DgwtqY4yr1KCw0QSPMK9ldLp62lJaRnrPE7ZGOQ7sd
+z82yEM8nMulNREp3TZwuVFaWgs0yLVKkfqZ0jNGDuEf8AJAynI4ynRbtYxtYzBDy
+XgJPk9lKK/gR14IXBet/dGbZf4yHiMzldMCb0dWzyDS1S+Y1iLTRCmpmRbFow12g
+CjNoSxdyoJPZavcOVWa4tDc3PLMdkgdY20ewo3IvCQTOg9ogVX4Hq5/M4xTz8XUX
+nHeUqshdkPVGFCIujCBg9131RYSE0SkVrPUaIbP9tgzabkZWwhiq8oSpTBmIi9qh
+GPiQTFGknE1U
+-----END CERTIFICATE-----
diff --git a/roles/keycloak/files/cacerts.jks b/roles/keycloak/files/cacerts.jks
new file mode 100644
index 0000000000000000000000000000000000000000..9d4001b7d9a466941cda896b6bf145bf2f02020c
GIT binary patch
literal 893
zcmezO_TO6u1_mYu1_nkj&0U<IT#}!kQ>>eu$iTo@S}9llhJiIg&(y$@fq~i5po!Vk
zpovL#0W%XL6B8#xSIK0xhG?hl2E1&XT5TR}-+37sxmg(u#0*6YgxHuvS(tgagZ-UD
z{QZ4`b)6jz<ivT63=9p74GaxT%ndD~#CbtXBMT@Or@kgeC1fiYSs9p{82K3tni#p5
zniv@wwn|Ponlky~8#a{|Z^o~FtG2A)aq-4>jpvgOO6jQY$hQv+=;u7aU3V}jH0%1L
zmPV07g%#ZL4s*8~Y<2Vb$LP>~V#ztFWT#cxp9~KQmCatE92}zO{l)Q_xRIT}l^rE+
z;aO=DweP3OZ;Ucv`TVfUKxAqFd&Q*pefn?bdY}0HK7DaU;pI|>Hj^{P^Bwl7>A2b+
z4susA)l6N^TK7hFWm8pPv$b?c^0y-KS(##NUks#Ojb1ZdEwpy+EdFy=QY%01@g|nF
zU;fQuGy35x@qNw&&!8pdx2k40e4KEnc2VzSPZqX6C#HJ6Op#o_Mck4vD_%e{X!2C9
z|E`zvf?A$lUNtq{l!=*<fpKwTt3hLvfh-$ys4O3g7>h_H+bM_3^Jj&uyKL<H$--_M
z_h;Ml25ul}Wfpq_+Xk!(7D_FVz!eWoNHNX>GDnz&)qt6i@xK8#h{w;u!py|Th8$De
z;Fw}$Fo{`PC&a&4^$youuk-`I_SKzP&2>&#JmA5hTQeSOebvx0aa2B|eKS^X-nJ>z
zCeGV@<n6>h=iRdB&u$VpuWt0x*Tt*ccaC02*tDjzM!G>u>Xw!CTx{Oq{)b_L(VRY`
zxnggVr6bM=e2Qc8pM29x`-kB5CUMr+^(ARH>wDTe&O9wSF#F=w%_mH@dOtJm*m998
zE6sId#^KlnT*evR;zbK4-^}{X7n-(Xi@CYYX4y&X5x3npEH2XLWI5M-OChw5ef9h^
zk3~LzEES(qK4sO3*a=_VM3nS;6cWD2esyhWxu_|+=Bt$A=D*u`Zsoa!9g<k}sb!^)
nWJmX{g%Up|_yjJQ;~Qf5+vDoDTqXObIbI&Z%6$8^_~bbON?lF-
literal 0
HcmV?d00001
diff --git a/roles/keycloak/files/dsoclab-keycloak.crt b/roles/keycloak/files/dsoclab-keycloak.crt
new file mode 100644
index 0000000..92b6893
--- /dev/null
+++ b/roles/keycloak/files/dsoclab-keycloak.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ fe:75:83:de:f2:35:5a:2c:2b:ba:09:72:0b:d8:09:48
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:28 2020 GMT
+ Not After : Oct 15 10:47:28 2023 GMT
+ Subject: CN=dsoclab-keycloak
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:ea:a9:ea:6b:2f:6c:9c:9f:6d:9c:89:4e:01:ba:
+ c6:c0:32:df:59:26:2b:95:f4:c2:3d:c8:7e:22:ce:
+ b6:78:03:e8:22:28:81:9c:9a:a6:a7:ba:fd:05:66:
+ a3:50:81:85:71:c1:d9:ea:bc:21:e1:5d:0a:87:7b:
+ be:55:b0:7d:01:57:de:4c:fe:3a:c5:c9:54:77:2e:
+ 15:fc:12:07:f8:ef:9f:7b:f7:09:01:70:75:53:3b:
+ dc:b1:0c:65:4d:49:c4:fb:1d:42:20:6f:81:45:42:
+ d3:db:1d:4c:57:1b:1d:3b:81:39:ee:b2:cf:95:4b:
+ 29:d0:a8:39:98:d6:93:36:99:bf:c5:43:26:8d:4d:
+ db:6d:24:3b:fc:16:76:a1:fd:6f:c6:19:11:c7:12:
+ 0d:80:16:4c:88:da:2c:09:78:3d:1b:7c:6c:ec:db:
+ 9e:01:50:5f:a3:56:7f:d4:3b:a4:26:d2:6d:42:7b:
+ 88:4e:8d:64:ed:1e:1a:0e:05:58:65:58:47:83:60:
+ 9e:b4:ed:15:ce:72:4f:a0:b5:22:dd:9f:a4:da:88:
+ 86:fe:cb:84:6e:72:3d:00:42:da:8b:85:2a:f2:ef:
+ d7:ee:bb:85:42:ba:b9:fb:d9:9d:d2:2c:58:0f:7c:
+ 02:23:b7:46:d0:69:06:37:40:9d:58:74:89:ca:b7:
+ 12:e5
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ FD:C5:77:F8:79:AD:0A:7E:6A:A0:2E:3B:58:6A:9F:43:51:55:0B:DF
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-keycloak, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 9a:c0:35:a3:68:ec:ec:cc:c3:65:5a:bf:03:d0:ee:8d:a0:41:
+ db:6d:89:3e:97:d4:90:7d:63:8e:73:37:43:ae:9a:e2:d0:2b:
+ a7:5e:b2:88:9b:4d:8f:b6:81:bf:f6:46:a0:87:ca:77:ec:5c:
+ af:cd:6b:d8:e8:60:5a:aa:86:be:64:d5:ad:e9:1e:41:7b:6a:
+ df:01:1d:16:86:94:57:82:51:91:be:6b:d6:ae:f0:b9:8c:3d:
+ 11:99:c4:93:eb:f7:fa:9e:a3:e3:f8:97:19:cf:63:55:6a:6e:
+ 4f:e9:a2:64:a7:35:0d:7e:68:23:89:e1:c6:06:4b:34:67:38:
+ 40:d1:81:b3:73:95:3a:3b:67:d2:5a:e4:8e:49:34:b1:ab:6f:
+ b6:60:87:ac:55:5d:f5:59:c0:d5:d3:d8:de:3b:76:c9:41:28:
+ b4:d7:23:ec:a2:3f:1d:3f:74:2e:f0:45:40:35:38:d1:06:50:
+ b2:93:45:df:de:33:5e:0b:89:86:d8:c9:14:61:1c:d2:94:21:
+ 1f:bf:df:32:f0:2f:91:52:b0:08:b7:b9:c2:b7:55:2b:ca:05:
+ e4:eb:91:e1:63:45:5d:1a:6f:e8:76:07:89:e8:42:3e:ec:7b:
+ 51:0e:a0:d5:8e:c3:3d:26:e3:45:b0:5b:61:d1:98:3b:c3:d4:
+ 37:9f:c1:7c
+-----BEGIN CERTIFICATE-----
+MIIDmzCCAoOgAwIBAgIRAP51g97yNVosK7oJcgvYCUgwDQYJKoZIhvcNAQELBQAw
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzI4WhcNMjMxMDE1
+MTA0NzI4WjAbMRkwFwYDVQQDDBBkc29jbGFiLWtleWNsb2FrMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6qnqay9snJ9tnIlOAbrGwDLfWSYrlfTCPch+
+Is62eAPoIiiBnJqmp7r9BWajUIGFccHZ6rwh4V0Kh3u+VbB9AVfeTP46xclUdy4V
+/BIH+O+fe/cJAXB1UzvcsQxlTUnE+x1CIG+BRULT2x1MVxsdO4E57rLPlUsp0Kg5
+mNaTNpm/xUMmjU3bbSQ7/BZ2of1vxhkRxxINgBZMiNosCXg9G3xs7NueAVBfo1Z/
+1DukJtJtQnuITo1k7R4aDgVYZVhHg2CetO0VznJPoLUi3Z+k2oiG/suEbnI9AELa
+i4Uq8u/X7ruFQrq5+9md0ixYD3wCI7dG0GkGN0CdWHSJyrcS5QIDAQABo4HeMIHb
+MAkGA1UdEwQCMAAwHQYDVR0OBBYEFP3Fd/h5rQp+aqAuO1hqn0NRVQvfMEYGA1Ud
+IwQ/MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NU
+T09MUy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD
+AjALBgNVHQ8EBAMCBaAwOwYDVR0RBDQwMoIQZHNvY2xhYi1rZXljbG9ha4IeZHNv
+Y2xhYi5nbjQtMy13cDgtc29jLnN1bmV0LnNlMA0GCSqGSIb3DQEBCwUAA4IBAQCa
+wDWjaOzszMNlWr8D0O6NoEHbbYk+l9SQfWOOczdDrpri0CunXrKIm02PtoG/9kag
+h8p37FyvzWvY6GBaqoa+ZNWt6R5Be2rfAR0WhpRXglGRvmvWrvC5jD0RmcST6/f6
+nqPj+JcZz2NVam5P6aJkpzUNfmgjieHGBks0ZzhA0YGzc5U6O2fSWuSOSTSxq2+2
+YIesVV31WcDV09jeO3bJQSi01yPsoj8dP3Qu8EVANTjRBlCyk0Xf3jNeC4mG2MkU
+YRzSlCEfv98y8C+RUrAIt7nCt1UrygXk65HhY0VdGm/odgeJ6EI+7HtRDqDVjsM9
+JuNFsFth0Zg7w9Q3n8F8
+-----END CERTIFICATE-----
diff --git a/roles/keycloak/files/dsoclab-keycloak.key b/roles/keycloak/files/dsoclab-keycloak.key
new file mode 100644
index 0000000..8c5ebed
--- /dev/null
+++ b/roles/keycloak/files/dsoclab-keycloak.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDqqeprL2ycn22c
+iU4BusbAMt9ZJiuV9MI9yH4izrZ4A+giKIGcmqanuv0FZqNQgYVxwdnqvCHhXQqH
+e75VsH0BV95M/jrFyVR3LhX8Egf475979wkBcHVTO9yxDGVNScT7HUIgb4FFQtPb
+HUxXGx07gTnuss+VSynQqDmY1pM2mb/FQyaNTdttJDv8Fnah/W/GGRHHEg2AFkyI
+2iwJeD0bfGzs254BUF+jVn/UO6Qm0m1Ce4hOjWTtHhoOBVhlWEeDYJ607RXOck+g
+tSLdn6TaiIb+y4Rucj0AQtqLhSry79fuu4VCurn72Z3SLFgPfAIjt0bQaQY3QJ1Y
+dInKtxLlAgMBAAECggEBAIj6HCLq8NxP15zLLSSnUQK571PLix+iWovT74UD4tEV
+frgJqvat81/vL2iqq+P/ZtSrUjfKD4DMXawOGGFOfvl8v/9zWv0+8zYKSbz1DYBK
+525mGfSkH2gxhjY2xR8jU389ae8jB3NVefLqHDiwVBT67sUdzTwZPtRUjiJgBliU
+soJCsCutHAy7GW68N79F0BQItHhjMt02fYybnFxNvBntD4lodZDn7K9iqBoZPduX
+TBsH1FcwZQyvQuiUlJgjUFM//5zrZUMjErv+3ev5c/WdpY4ycbo6VVBGZouVbyeX
+RAWeDUE1nrsEsLBSnTkXVInFjPS6mBxsIi/+hlf6XCECgYEA+bWYDKPgelSe8ii5
+mK94wcLr6MybO+GrBHT4lIP1UggGsvPtXTifNvgGrYx90gmmL6F9QWHE+4lxyh5L
+yEXCTHXl4QopgZCxWnnKekz0ma0lFlGYGr4KA0Z3Ntp+sCb/hcqVW/n24wVhNnmo
+z3ztlSI/GY3B598R7dO9sR/RoYkCgYEA8JNKbTegmeeaAyBehEPy3eajAiT6759p
+7m6Ml1P6IC3Ff3fllJrNWRi+JDKnJF9SUePOVWLWSgYSJyFLoiWK1CzoyLPdbcW9
+Ap9XNzD/aoDi6DBbKCFhRpBCsmTPnT8eFvA9PhuYY60w2UoM7byH+i2aJ1Do3izl
+tLsHJbcT230CgYEA5S4Sl/9MBlpl6xEPjh/2L7drdyVaj/IFWLjWcNBPtnMhWtrf
+joBqODQZRO09iSlL+kk3wWsvNEEoS33UxcGomy5Vxl3iTET1UXmYKPk6QVUVRc+r
+T1f9rpXc0l5kid2xBSUyQdFAE4obd7jfA1fAYfClgxmEzv//34xHfCoc5ykCgYEA
+01sD00pA3ZXc+AwzHY64y3z6D0M/9s+d+GzFNZoAsM6lqaRDXbhW2oTjX9fkgg8A
+upMiTl/kFeqZfilBUnYbLuc5qEJlMjC8KpakwAdbDk2njAgXvfz9gknxXts0j1jJ
+bauokm0aB9A7j1sAWsj8ya3QtePegnr9YDfEQr1CQ90CgYBfAQaYG9ldXcxTlERG
+jOGu0bh9DtnmwsenwTZQD4mNHpvL0MkmIQxR5FAL8XXbNBq50zCiOapLLrhdqbh0
+ih3WoOdqxLIDQtAJYs3ANhOmEAxvQPxpPKhRHRKPGXxyzgW9zeQ08GpYoR/M7VRF
+TypqufvopzWOpbxpgbfiJQmd8g==
+-----END PRIVATE KEY-----
diff --git a/roles/misp/files/SOCTOOLS-CA.crt b/roles/misp/files/SOCTOOLS-CA.crt
new file mode 100644
index 0000000..04b1f20
--- /dev/null
+++ b/roles/misp/files/SOCTOOLS-CA.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNTCCAh2gAwIBAgIJAIp0kyaAW0K3MA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV
+BAMMC1NPQ1RPT0xTLUNBMB4XDTIwMTAzMDEwNDcxOFoXDTMwMTAyODEwNDcxOFow
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC1GZDFZJPR7AYkhEsB9U6qtK+40di3KOeTwRosJ7hvP1FQjwnIC37B
+UlVq15KEgRTCcXgLH0CdtzC1Rkz+AUCLyKTOGmNCqmvyMcESdpuoI1NULkv0QeYX
+Mj4Q1Lh0RldqZpEr32UfsVowBPPhijAUlVAHeJLvji/tnUvI++9no2hx03UAhjTM
+M59AviYsRT3DUkciNSllpwV+7B2pgnpRgzsbVGP2cheaaRYG9DAbRTLrAtVxO0WJ
+c/zNGSpvXuOyBK30/pwGMvhNGPeckElSpDfaepuA8ZDcfaKNk0kEBvzIlUrpZBmv
+tBc5DmpfEBlSk5UK/0XSblKE5dOqlWc1AgMBAAGjgYUwgYIwHQYDVR0OBBYEFHkG
+ykDTn5pUrtMzTfI4PrYL8z3PMEYGA1UdIwQ/MD2AFHkGykDTn5pUrtMzTfI4PrYL
+8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09MUy1DQYIJAIp0kyaAW0K3MAwGA1Ud
+EwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQA0XK1+Eg+j
+JdwKnUpnwPq+fsyrCs4TF1DgwtqY4yr1KCw0QSPMK9ldLp62lJaRnrPE7ZGOQ7sd
+z82yEM8nMulNREp3TZwuVFaWgs0yLVKkfqZ0jNGDuEf8AJAynI4ynRbtYxtYzBDy
+XgJPk9lKK/gR14IXBet/dGbZf4yHiMzldMCb0dWzyDS1S+Y1iLTRCmpmRbFow12g
+CjNoSxdyoJPZavcOVWa4tDc3PLMdkgdY20ewo3IvCQTOg9ogVX4Hq5/M4xTz8XUX
+nHeUqshdkPVGFCIujCBg9131RYSE0SkVrPUaIbP9tgzabkZWwhiq8oSpTBmIi9qh
+GPiQTFGknE1U
+-----END CERTIFICATE-----
diff --git a/roles/misp/files/cacerts.jks b/roles/misp/files/cacerts.jks
new file mode 100644
index 0000000000000000000000000000000000000000..9d4001b7d9a466941cda896b6bf145bf2f02020c
GIT binary patch
literal 893
zcmezO_TO6u1_mYu1_nkj&0U<IT#}!kQ>>eu$iTo@S}9llhJiIg&(y$@fq~i5po!Vk
zpovL#0W%XL6B8#xSIK0xhG?hl2E1&XT5TR}-+37sxmg(u#0*6YgxHuvS(tgagZ-UD
z{QZ4`b)6jz<ivT63=9p74GaxT%ndD~#CbtXBMT@Or@kgeC1fiYSs9p{82K3tni#p5
zniv@wwn|Ponlky~8#a{|Z^o~FtG2A)aq-4>jpvgOO6jQY$hQv+=;u7aU3V}jH0%1L
zmPV07g%#ZL4s*8~Y<2Vb$LP>~V#ztFWT#cxp9~KQmCatE92}zO{l)Q_xRIT}l^rE+
z;aO=DweP3OZ;Ucv`TVfUKxAqFd&Q*pefn?bdY}0HK7DaU;pI|>Hj^{P^Bwl7>A2b+
z4susA)l6N^TK7hFWm8pPv$b?c^0y-KS(##NUks#Ojb1ZdEwpy+EdFy=QY%01@g|nF
zU;fQuGy35x@qNw&&!8pdx2k40e4KEnc2VzSPZqX6C#HJ6Op#o_Mck4vD_%e{X!2C9
z|E`zvf?A$lUNtq{l!=*<fpKwTt3hLvfh-$ys4O3g7>h_H+bM_3^Jj&uyKL<H$--_M
z_h;Ml25ul}Wfpq_+Xk!(7D_FVz!eWoNHNX>GDnz&)qt6i@xK8#h{w;u!py|Th8$De
z;Fw}$Fo{`PC&a&4^$youuk-`I_SKzP&2>&#JmA5hTQeSOebvx0aa2B|eKS^X-nJ>z
zCeGV@<n6>h=iRdB&u$VpuWt0x*Tt*ccaC02*tDjzM!G>u>Xw!CTx{Oq{)b_L(VRY`
zxnggVr6bM=e2Qc8pM29x`-kB5CUMr+^(ARH>wDTe&O9wSF#F=w%_mH@dOtJm*m998
zE6sId#^KlnT*evR;zbK4-^}{X7n-(Xi@CYYX4y&X5x3npEH2XLWI5M-OChw5ef9h^
zk3~LzEES(qK4sO3*a=_VM3nS;6cWD2esyhWxu_|+=Bt$A=D*u`Zsoa!9g<k}sb!^)
nWJmX{g%Up|_yjJQ;~Qf5+vDoDTqXObIbI&Z%6$8^_~bbON?lF-
literal 0
HcmV?d00001
diff --git a/roles/misp/files/dsoclab-misp.crt b/roles/misp/files/dsoclab-misp.crt
new file mode 100644
index 0000000..f830104
--- /dev/null
+++ b/roles/misp/files/dsoclab-misp.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 75:87:fc:e4:cf:3e:c6:81:17:19:90:76:b1:2c:d5:d2
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:28 2020 GMT
+ Not After : Oct 15 10:47:28 2023 GMT
+ Subject: CN=dsoclab-misp
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:cf:b1:1b:e7:a2:ae:70:81:71:a5:57:46:14:2e:
+ 47:64:89:4e:bd:7d:f0:82:2d:03:19:d6:87:44:b3:
+ 42:bf:72:78:03:cc:91:98:5b:36:42:14:55:e2:82:
+ 16:12:58:60:54:44:8f:15:f6:1b:1f:76:36:22:2e:
+ e8:ac:d3:3c:0a:df:46:c7:f1:04:bc:3a:bf:fe:4b:
+ 8f:2a:53:83:e3:50:82:06:09:fc:2a:fa:fe:94:a0:
+ 7b:7f:c2:3e:0b:3e:dc:72:b8:94:10:0a:0b:90:fd:
+ 45:76:29:85:52:bf:0f:20:43:78:fe:3b:d3:49:20:
+ 8f:9a:a5:0c:89:bb:0e:97:f2:67:b0:2d:f0:17:53:
+ 25:a6:9b:4b:64:0e:72:8a:bf:c9:e3:8e:41:bb:ed:
+ f3:33:6a:55:5f:8d:52:84:fa:a3:67:1a:7b:71:fb:
+ 90:f1:5f:61:df:44:ea:0b:77:88:f2:e5:c1:83:71:
+ 58:c7:58:8a:9b:39:45:59:4e:e0:db:16:b6:96:72:
+ 90:8c:ee:c2:13:75:ea:15:c6:6b:e2:dc:3a:de:c8:
+ 07:de:18:84:2d:96:b6:c4:4c:e1:4a:4d:13:6f:6c:
+ 9a:1d:e5:f9:6f:cc:7e:1b:4a:3a:75:1a:b9:37:b0:
+ 6d:a0:1b:69:35:f1:b6:e6:c2:a5:d3:56:d3:57:c7:
+ 0e:8b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 65:C5:56:88:65:AF:77:F1:53:B2:71:5E:16:10:D1:0B:30:FF:28:BE
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-misp, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 5a:57:76:90:fd:a5:0d:ea:b0:22:c9:02:2e:18:91:81:04:d1:
+ f4:64:58:58:19:27:03:9b:5a:dc:de:6c:0e:fb:b7:76:eb:b1:
+ 97:36:e2:c7:76:ef:7d:d8:00:c3:20:c0:3d:a7:cf:61:f8:16:
+ 4c:96:4c:7c:c8:89:21:d6:d4:eb:3a:c1:3d:98:34:74:6e:39:
+ 81:20:6f:9b:4b:8d:b9:35:60:c5:76:19:30:30:06:0f:89:b1:
+ 1a:f6:c4:88:52:28:98:41:52:f1:9a:77:82:79:ae:c9:71:ba:
+ d9:e5:e9:b7:ba:08:32:59:eb:5e:7d:11:e0:a8:27:20:91:46:
+ 05:56:1e:e6:0b:4d:49:17:52:7f:4b:c4:a3:e0:cd:30:bd:4e:
+ 6a:70:2a:f5:77:4d:d1:d6:64:13:8d:4b:1a:d3:0b:0f:8a:49:
+ 1e:bf:b4:c0:4f:43:dc:92:e3:c0:f2:2f:4a:c8:30:45:fc:5a:
+ d2:de:92:b2:a1:48:b8:da:ff:f4:0b:04:5d:5d:a7:30:d8:4b:
+ ca:cf:0c:01:6a:50:45:5f:d4:a8:cf:dd:fa:f7:68:0c:4c:45:
+ 47:be:3a:c2:39:bb:04:ff:62:a0:bc:91:a0:f2:2b:67:09:89:
+ 5a:ff:e6:53:c1:89:18:12:a1:0f:5a:d7:e1:12:8b:88:88:89:
+ ca:b0:30:27
+-----BEGIN CERTIFICATE-----
+MIIDkjCCAnqgAwIBAgIQdYf85M8+xoEXGZB2sSzV0jANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjhaFw0yMzEwMTUx
+MDQ3MjhaMBcxFTATBgNVBAMMDGRzb2NsYWItbWlzcDCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAM+xG+eirnCBcaVXRhQuR2SJTr198IItAxnWh0SzQr9y
+eAPMkZhbNkIUVeKCFhJYYFREjxX2Gx92NiIu6KzTPArfRsfxBLw6v/5LjypTg+NQ
+ggYJ/Cr6/pSge3/CPgs+3HK4lBAKC5D9RXYphVK/DyBDeP4700kgj5qlDIm7Dpfy
+Z7At8BdTJaabS2QOcoq/yeOOQbvt8zNqVV+NUoT6o2cae3H7kPFfYd9E6gt3iPLl
+wYNxWMdYips5RVlO4NsWtpZykIzuwhN16hXGa+LcOt7IB94YhC2WtsRM4UpNE29s
+mh3l+W/MfhtKOnUauTewbaAbaTXxtubCpdNW01fHDosCAwEAAaOB2jCB1zAJBgNV
+HRMEAjAAMB0GA1UdDgQWBBRlxVaIZa938VOycV4WENELMP8ovjBGBgNVHSMEPzA9
+gBR5BspA05+aVK7TM03yOD62C/M9z6EapBgwFjEUMBIGA1UEAwwLU09DVE9PTFMt
+Q0GCCQCKdJMmgFtCtzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYD
+VR0PBAQDAgWgMDcGA1UdEQQwMC6CDGRzb2NsYWItbWlzcIIeZHNvY2xhYi5nbjQt
+My13cDgtc29jLnN1bmV0LnNlMA0GCSqGSIb3DQEBCwUAA4IBAQBaV3aQ/aUN6rAi
+yQIuGJGBBNH0ZFhYGScDm1rc3mwO+7d267GXNuLHdu992ADDIMA9p89h+BZMlkx8
+yIkh1tTrOsE9mDR0bjmBIG+bS425NWDFdhkwMAYPibEa9sSIUiiYQVLxmneCea7J
+cbrZ5em3uggyWetefRHgqCcgkUYFVh7mC01JF1J/S8Sj4M0wvU5qcCr1d03R1mQT
+jUsa0wsPikkev7TAT0PckuPA8i9KyDBF/FrS3pKyoUi42v/0CwRdXacw2EvKzwwB
+alBFX9Soz93692gMTEVHvjrCObsE/2KgvJGg8itnCYla/+ZTwYkYEqEPWtfhEouI
+iInKsDAn
+-----END CERTIFICATE-----
diff --git a/roles/misp/files/dsoclab-misp.key b/roles/misp/files/dsoclab-misp.key
new file mode 100644
index 0000000..9b8a5d6
--- /dev/null
+++ b/roles/misp/files/dsoclab-misp.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDPsRvnoq5wgXGl
+V0YULkdkiU69ffCCLQMZ1odEs0K/cngDzJGYWzZCFFXighYSWGBURI8V9hsfdjYi
+Luis0zwK30bH8QS8Or/+S48qU4PjUIIGCfwq+v6UoHt/wj4LPtxyuJQQCguQ/UV2
+KYVSvw8gQ3j+O9NJII+apQyJuw6X8mewLfAXUyWmm0tkDnKKv8njjkG77fMzalVf
+jVKE+qNnGntx+5DxX2HfROoLd4jy5cGDcVjHWIqbOUVZTuDbFraWcpCM7sITdeoV
+xmvi3DreyAfeGIQtlrbETOFKTRNvbJod5flvzH4bSjp1Grk3sG2gG2k18bbmwqXT
+VtNXxw6LAgMBAAECggEBAIb/4VqMVQTOLvfBJc0iU8eWtLbZMMb8ySI3Xs+aEc3t
+cvNNOmolB7ymCTllQ0GDboH32mX1BaZKqV9IzHbiCwoqHZEDKgfLzFZX+OQTSwwr
+nYidXur1IRuswPnHYZrfrl1net5+GQyShF8NGBs0E3nuQaxHaMwEvTNRCzhPfWnn
+u/g3IExtSdE/XSxRnTGRQqSnMAf9OXs9bw/iTSR5cQO2mW/dRLr4aUCQOJ5Hx4mO
+ub172vkNeNwOSUzc9FjtZyQZOtn25WoS7SusK7y9ToDqqR5OcI5M+kxq+fQo8Wvu
+XlIeOvTKTHOBaih6QYEzHo9zq893I/c0xiOmfOr0v7kCgYEA7WQ7g5z+2Lyt35Sq
+XmzyQyAEbx+PMPc7yTQC62YuvpEAaDFDHMphDw1zM2mraLO+2IuBuDz7CTlsf1zl
+xwEJoEZa3odRi2McpqiUVQgJYD+bCUv35J8X93K4/7tLHvXDJQ3BKBNNoLHxjD5P
+SlR5xBCFwZiiXAkquWpZaaWAbg0CgYEA3/jjf723dlWRrVcG/m7VJrhTWq10Jltp
+8y786INKU1IUrwqFt7ph4c9/Jbop40QVkJKzsPojzWreDf3EZYGnBVhOLA5p4MC0
+X1ZTzN86dn1Y3SDCopGnJVP8X2EdDGfsTkfXxOjRCzSPOyZzxzseACw9WWAmullU
+zQs4K6/4YPcCgYB117znb8bepoMVqwILz79PbRRmaV82qnRGRAhy/I2V0ftGvbWY
+FCqsQzv9uKX7WscRTed+It9nS9c9PkteR3iU1HgFYV0seW3emW7Q6yVkXw7CRbDw
+D73g+1U0ta/r1Yoi2boZ/8MYU10aBlBsEJVFrAIKAZAPagmIc2+hTyP6/QKBgQDX
+FHSr3C0NJzkhA7zEovxwFXx+TKmImCqTjKD0S/gZMW6JdYpZmFOc/Jz2RuMoyt4G
+msqSfnPZNPIO744liC8zM8zGBAVq/sN39je9OvUyikbG+0nNwh+H+jIWCfVST44e
+0mEDSCxPHWcaf1+ZiEzUD6fOZ0Zpl5WW3lpPocncmwKBgQDIR7uJctv3UZkEO+oq
+g1Q4jLUYJFUb/3fk1mEmpq+b90e/xQMqZHlu/KHiHcKrukdWj67d/LY4mrw4DebR
+PTgdj9e0O8V9M7BYxDN+zEYrvmmY4A+tg07zm8aqmhCNKpOMsW0MkKFFuRiMkiCh
+bopZVfjdd+d/56vLZW+GSBaCew==
+-----END PRIVATE KEY-----
diff --git a/roles/misp/templates/config.php.j2 b/roles/misp/templates/config.php.j2
new file mode 100644
index 0000000..46ca1ca
--- /dev/null
+++ b/roles/misp/templates/config.php.j2
@@ -0,0 +1,84 @@
+<?php
+$config = array (
+ 'debug' => 0,
+ 'MISP' =>
+ array (
+ 'baseurl' => 'https://{{dslproxy}}:6443',
+ 'footermidleft' => '',
+ 'footermidright' => '',
+ 'org' => 'ORGNAME',
+ 'showorg' => true,
+ 'threatlevel_in_email_subject' => true,
+ 'email_subject_TLP_string' => 'tlp:amber',
+ 'email_subject_tag' => 'tlp',
+ 'email_subject_include_tag_name' => true,
+ 'background_jobs' => true,
+ 'cached_attachments' => true,
+ 'email' => 'email@address.com',
+ 'contact' => 'email@address.com',
+ 'cveurl' => 'https://cve.circl.lu/cve/',
+ 'cweurl' => 'https://cve.circl.lu/cwe/',
+ 'disablerestalert' => false,
+ 'default_event_distribution' => '1',
+ 'default_attribute_distribution' => 'event',
+ 'tagging' => true,
+ 'full_tags_on_event_index' => true,
+ 'attribute_tagging' => true,
+ 'full_tags_on_attribute_index' => true,
+ 'footer_logo' => '',
+ 'take_ownership_xml_import' => false,
+ 'unpublishedprivate' => false,
+ 'disable_emailing' => false,
+ 'manage_workers' => true,
+ 'Attributes_Values_Filter_In_Event' => 'id, uuid, value, comment, type, category, Tag.name',
+ 'uuid' => '6ec3e533-99f9-42ac-952d-002664d1500f',
+ 'live' => true,
+ ),
+ 'GnuPG' =>
+ array (
+ 'onlyencrypted' => false,
+ 'email' => '',
+ 'homedir' => '',
+ 'password' => '',
+ 'bodyonlyencrypted' => false,
+ 'sign' => true,
+ 'obscure_subject' => false,
+ ),
+ 'SMIME' =>
+ array (
+ 'enabled' => false,
+ 'email' => '',
+ 'cert_public_sign' => '',
+ 'key_sign' => '',
+ 'password' => '',
+ ),
+ 'Proxy' =>
+ array (
+ 'host' => '',
+ 'port' => '',
+ 'method' => '',
+ 'user' => '',
+ 'password' => '',
+ ),
+ 'SecureAuth' =>
+ array (
+ 'amount' => 5,
+ 'expire' => 300,
+ ),
+ 'Security' =>
+ array (
+ 'level' => 'medium',
+ 'salt' => '{{misp_salt}}',
+ 'cipherSeed' => '',
+ ),
+ 'Session.defaults' => 'php',
+ 'Session.timeout' => 60,
+ 'Session.cookieTimeout' => 60,
+ 'Session.autoRegenerate' => false,
+ 'Session.checkAgent' => false,
+ 'site_admin_debug' => NULL,
+ 'Plugin' => NULL,
+ 'CertAuth' => NULL,
+ 'ApacheShibbAuth' => NULL,
+ 'ApacheSecureAuth' => NULL,
+);
diff --git a/roles/nifi/files/SOCTOOLS-CA.crt b/roles/nifi/files/SOCTOOLS-CA.crt
new file mode 100644
index 0000000..04b1f20
--- /dev/null
+++ b/roles/nifi/files/SOCTOOLS-CA.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNTCCAh2gAwIBAgIJAIp0kyaAW0K3MA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV
+BAMMC1NPQ1RPT0xTLUNBMB4XDTIwMTAzMDEwNDcxOFoXDTMwMTAyODEwNDcxOFow
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC1GZDFZJPR7AYkhEsB9U6qtK+40di3KOeTwRosJ7hvP1FQjwnIC37B
+UlVq15KEgRTCcXgLH0CdtzC1Rkz+AUCLyKTOGmNCqmvyMcESdpuoI1NULkv0QeYX
+Mj4Q1Lh0RldqZpEr32UfsVowBPPhijAUlVAHeJLvji/tnUvI++9no2hx03UAhjTM
+M59AviYsRT3DUkciNSllpwV+7B2pgnpRgzsbVGP2cheaaRYG9DAbRTLrAtVxO0WJ
+c/zNGSpvXuOyBK30/pwGMvhNGPeckElSpDfaepuA8ZDcfaKNk0kEBvzIlUrpZBmv
+tBc5DmpfEBlSk5UK/0XSblKE5dOqlWc1AgMBAAGjgYUwgYIwHQYDVR0OBBYEFHkG
+ykDTn5pUrtMzTfI4PrYL8z3PMEYGA1UdIwQ/MD2AFHkGykDTn5pUrtMzTfI4PrYL
+8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09MUy1DQYIJAIp0kyaAW0K3MAwGA1Ud
+EwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQA0XK1+Eg+j
+JdwKnUpnwPq+fsyrCs4TF1DgwtqY4yr1KCw0QSPMK9ldLp62lJaRnrPE7ZGOQ7sd
+z82yEM8nMulNREp3TZwuVFaWgs0yLVKkfqZ0jNGDuEf8AJAynI4ynRbtYxtYzBDy
+XgJPk9lKK/gR14IXBet/dGbZf4yHiMzldMCb0dWzyDS1S+Y1iLTRCmpmRbFow12g
+CjNoSxdyoJPZavcOVWa4tDc3PLMdkgdY20ewo3IvCQTOg9ogVX4Hq5/M4xTz8XUX
+nHeUqshdkPVGFCIujCBg9131RYSE0SkVrPUaIbP9tgzabkZWwhiq8oSpTBmIi9qh
+GPiQTFGknE1U
+-----END CERTIFICATE-----
diff --git a/roles/nifi/files/cacerts.jks b/roles/nifi/files/cacerts.jks
new file mode 100644
index 0000000000000000000000000000000000000000..9d4001b7d9a466941cda896b6bf145bf2f02020c
GIT binary patch
literal 893
zcmezO_TO6u1_mYu1_nkj&0U<IT#}!kQ>>eu$iTo@S}9llhJiIg&(y$@fq~i5po!Vk
zpovL#0W%XL6B8#xSIK0xhG?hl2E1&XT5TR}-+37sxmg(u#0*6YgxHuvS(tgagZ-UD
z{QZ4`b)6jz<ivT63=9p74GaxT%ndD~#CbtXBMT@Or@kgeC1fiYSs9p{82K3tni#p5
zniv@wwn|Ponlky~8#a{|Z^o~FtG2A)aq-4>jpvgOO6jQY$hQv+=;u7aU3V}jH0%1L
zmPV07g%#ZL4s*8~Y<2Vb$LP>~V#ztFWT#cxp9~KQmCatE92}zO{l)Q_xRIT}l^rE+
z;aO=DweP3OZ;Ucv`TVfUKxAqFd&Q*pefn?bdY}0HK7DaU;pI|>Hj^{P^Bwl7>A2b+
z4susA)l6N^TK7hFWm8pPv$b?c^0y-KS(##NUks#Ojb1ZdEwpy+EdFy=QY%01@g|nF
zU;fQuGy35x@qNw&&!8pdx2k40e4KEnc2VzSPZqX6C#HJ6Op#o_Mck4vD_%e{X!2C9
z|E`zvf?A$lUNtq{l!=*<fpKwTt3hLvfh-$ys4O3g7>h_H+bM_3^Jj&uyKL<H$--_M
z_h;Ml25ul}Wfpq_+Xk!(7D_FVz!eWoNHNX>GDnz&)qt6i@xK8#h{w;u!py|Th8$De
z;Fw}$Fo{`PC&a&4^$youuk-`I_SKzP&2>&#JmA5hTQeSOebvx0aa2B|eKS^X-nJ>z
zCeGV@<n6>h=iRdB&u$VpuWt0x*Tt*ccaC02*tDjzM!G>u>Xw!CTx{Oq{)b_L(VRY`
zxnggVr6bM=e2Qc8pM29x`-kB5CUMr+^(ARH>wDTe&O9wSF#F=w%_mH@dOtJm*m998
zE6sId#^KlnT*evR;zbK4-^}{X7n-(Xi@CYYX4y&X5x3npEH2XLWI5M-OChw5ef9h^
zk3~LzEES(qK4sO3*a=_VM3nS;6cWD2esyhWxu_|+=Bt$A=D*u`Zsoa!9g<k}sb!^)
nWJmX{g%Up|_yjJQ;~Qf5+vDoDTqXObIbI&Z%6$8^_~bbON?lF-
literal 0
HcmV?d00001
diff --git a/roles/nifi/files/dsoclab-nifi-1.p12 b/roles/nifi/files/dsoclab-nifi-1.p12
new file mode 100644
index 0000000000000000000000000000000000000000..0076ad1207c243f877de929e2424ed953f60469c
GIT binary patch
literal 3397
zcmXqL;&o(VWHxBxWoP5mYV&CO&dbQoxS)yW2TK#r7lS6A4+c%_%Mns+3!2zx7&Ng@
zVPa%3Xkzb0$S@knuyH|6;9+Dl;A7#4ZIbWgSC<rJV&Y(EXkt%zP#db>QP)$rSZBd}
zzN;mSmBBNYo|TqpvE9D?<G;ttE*bo|74&xIs~-kB6V5CD7nEb@?|WXz!p3o6&*wMS
zFE5DsFL`;vyF8{H0U6&_sy5{B^%jijzoHb<H%E_4Le<JYlJ!JL<bT$TNymQiYjEoS
z3O=$uaIZ*rRVM#cuA3!Hj-RFSDwpo<+v3o0)x>}Hg`iWc7q36`NpRs<@6yE2!r&{&
zw!JUzgXpj55SAxxrj2)YtuCIu;hFc<Ro1$j`xSXpTz4(nUViRkknC9|M#b&wfuS8g
z;=g~}8OpL)?EAgNS6myK+0NAZCU)F9nHIF8gGGPtV$L+T;O0d=31<&Y{<6M6)ZuNX
zM0VDn86qsTd`*icC%c82ZG6ac=$0MJRyiR(xrHa|MB|lb^gn1jQQ*>XrBMIS>m7>?
z&(2hw$`e(x@Ma6wy0r&)GKQ8N=UkrD6~Jv(wxb~PY=q)@RvCpk%Sx;ldM^qz`8UO+
zqN~6$`1bFWUpA)Ic30kWvA_3m(~Xo#!q3eLxti>4i@1yOgD%A1XGy*!a^-{kC9@+&
z3eIN@nlpFKXQ=z{vee^JTlJn<Q3fhCdgbEt<qesVvNQhNp4fS?M(n19z*dp{#!c<k
zn@aWMl*-C3GhDW3xv0LN#WCXFbe?@X^LH$Y5IKF}ctO^IuRMBx&3$iZ1f6)Hxv*J#
z+ok7*Oba)CKV)7pWr|M56!qAU4z)QCmoiyo`tR)9S8eXH<Ke+mQId0A|H_vBzPF)9
ze#Mq^;f$M&;-9_>t_kI@&TPr~8=BU1+M->}N;CI+W}ei9ZH>3Sa7<|X8}nFcL#u+#
zy)}JIA*PaZ-!1zSallo;Y1@Ju<y+=2c(9Pu%Exo!K8G{UmKSdSroH&+C7!F7+RjPY
zR;<+ibinVi>!f3@Yx>#r=Xag+4A`=;Xxhi<=G?@Rz%ymlsX6=CE9^S5ku|~7SToT>
z<l^u9Y_Fni?#l@Zx;h^J*t2NE%re#T&+iY+-g5fwZ);gThtJ#9j%V3!n-jvgMR|`u
z&$X@QYp?85GXB)IbMcW#o*Ch`Uze=qe7D3VySTSpQ$oaSgV>Kbe?L}Ab+rXg@ezw|
zJs<M@{0BZ}hb`*$hGjQA-wHkHSaNIjw29f9R!ur)_5N|K>dGZwr}Qh`yO$Sz{``T$
zvXWM-bYD}uxAoS77lIoaIWqe1ZOeYSb=sW`XAOequ_W6RT=7l4u3Mx%Z~aa_ucum#
zFEyn1m#e>i?kBS0j?3E~8yz2;bZPDt+Yf~I*B;a@|20+Z?TO-5J9t9VIq&s*{8HN*
zontsR@p`P-kJWPdWk(nnWIL+fITbiZC!SZJd-ruot=s!%cPdO1Q;jlQ_{S{l%IgR7
zV_9yV>3s3id8cU8frl4LcI$idO_Ub0<_PF9yu3G!Z}!Ud_q%w1-q2Z{vGsvx#UwxT
z9icH>?p=zV`0$nX<|F+A>$G3%3aIn4A8g&q(rNbex@FSt&c)?tTOBkH{`I(Q{#U2S
z@-KgK#8>4Xm8$d3-cIVg{7lC->94=mZkHCr6=r!BUZ#5A9$xUCvwF|u2l*F$OW4$v
z(#lnju_Ur=zwx&`czXNnPfyZkE&A{+AntZSsnz<|+tQmJ6_!UC{Ev63{jl_#{G@y5
z^rlV|)IO8Juv3xG_G09wo%|O+gzcOWvC`wSt0-@~#v`S3-;ON{X%Y6yW{R%=7<lmZ
z&S_y+XS4s-UAD|xVXB^X`h_F+9-g{b%2fT$&tv|b8<$T{Zu4EWxUsy%#I(v`&WEJx
zN3AK=&$0!LT;64G-+e4P+BE#g>Me$9R*fPBUp8{OUK3*q|6qOT|FczWR$@{+f4pe6
z)XDU7n4vzcBeY`8m6_~E%I@(kyYPdNv01#|MB;w;fhp6LUA@wK|Cq3#-}G0`x?87*
ze&=mC@9cJtLEzZ?i|St|e=N!}dTrE@Z}(LF&bQ}s{sq5OzGc_6De&iS+opM2ojce#
zdbQNFU*=O1Cx`By{!?|e<HNoie36ck+qM7ScFGdI!MDO+G&$xt1KW$RqN%s)w<zS_
ze|7%VvXUjLleXC2pL%2||6EIdk-UXpl0HbOi3WA@XkPn&$$Gxc;RZK-xhUUGtt6jl
z*A%9Y7O@{x(!boT%hvdLL{~QKT<kyZ@7LLuE?wWfd)m~f_I%z0tJLJ*DXyBKC2@T1
zvAItVoe^0ub8A}Pj}MKX9?m)z*Oq_t@&3Mkwl1R|R%wnc#!-8Md!7H4JZIUrKbG;x
zQ_*v|2PexnTb*BNf8M>!I^ygnR);IMCWuLd+Rd<d-YnPqU~5B&z+s~ap8FMpJq2G(
z&n(%Jx=Y!qy?Xfu?j6;VEc@AC8n&uB@mF`vJhlAy3KxER;S28fzwCIluBg-7cv|@G
zc~1^0iR?eqx8z#*&!hth|F)IS>pa;tDJ#6%VZPG>Z}A|ZV{!7Igx>!V(b(8oo2436
z5~J30V)@f>gDU}YB~=#>yX}3j^P$Gn9m192`TNebGG|I>Fg65zdVi`)_i^Z#7MIz*
zayy?|<gL!`IyX&H?Fqx<xkq;j?oi`%c<wnrWsSDO*0K=&a`vwc?_a3~CciqDw05^$
zszDR0BT|LDpo!IprHNI~povw>povwDjT=@yb1^b4XkvM1(8Th}0J+v?2G!b}^O-_>
zTv)h3wKhu=%ZbTrmi_HdE?}Bo{PLTpU+u~3r{vFd=LWm+KF*Lm_2l&r<KT@lE&gB5
zhA!IOIP*()`kUwkPS<-sUf*+bDd?Wcm(v(5Q|JC$K6T>$JJV0GCi-l;o%`dX$kxt1
z?q7;D+s&@7)_9${ENGkBr!z;awS4b29gNx+F#oHx?Cq*M3jYJRkNoqy8&z+)+wZ?X
z>6=(3@9vn~q%5xDd%JaZHeT7<Q|snxf5=```rE~C$FCmX_#xv~y`$vNitgo)db|Z=
zH-C+M`E-Mt+UM?!XPZJdIlbp$i+B<x)@;_|7U&UsU~Ry4$tt0B7JPzJj;gNgZ!?~q
zC|%-I-(dA>iu{%@nO{Of_j=A<QWB!VtEaK*t;Xl2XZM_z->+`SXtZ9=`Fj7J{GC15
zgFl}45ejz<P`I*|yZm8{Tg-8j>zA&r4Ey=wt4mZ+ukBKo37U)v$rBGe(v2z?vQ_Fo
z_~^OfHY4p@_g-9$J}&4tled4xbD1CdjE5%wNSJ<bYIe^4=_~lwnp7vAD>CmCoKn4S
zgY3pV=DY`=>2NM~Fbh#CUY@jL>e2U`omkg={;93MljFvl3N`(A1*MVulQwK{Gbla!
zsh?>pi~4od5Z~oH`7VfRA7{Pg8IZhb`iC8SGr287&u8^aKdchFCXUHxqDSmzuU|sJ
zi2|E~SM^^?Y418T@703TOZVQ-DK}4Bx2DFzYSWGj^Bz1goD{NPqmXybkG0S0Quk_Y
z`M$ZRj`b7ktQD(lw=aA6QtF9o<eO{WUfC^&-*YC0Rv+%wXEi!tH21Gz+n(4TVm~YQ
zthLg~xw`NU+l%U-4!y^@UBsBqEj*UI$oPK8$Bh4Hr}XwmS>(Uju*|_SNKi|Hd)9m3
zIo}0h%r@M+6PvXDr;MoeuifRm9Y2CIEhm4w^`>#^zG#icx{rAgdvezZJ`b6jx%b`i
zrloGWCvMMXJaheaQ-X%a%||Z2ox8#nO^$5e<Ewr=e{%Du9{Zi{`$GhnT}!qa&v@Ud
zKa1ts`(1w?9j#(<{XTK|)B}c_1U~K+;&9(4!Mp8GC&%(14E^tz<}OGN6Lfv$th4{&
zjE|3Q<pd;(JQABEd%1LXW`CzZTI=6OS@yM$mz|P7XR`nIx;%|;t!0<=H0M^gIUj4E
z5fjG!YvK<^n}1i<`t}wt@SFa_YOmRL>864P?r%4*npB_aEhv8aR><js`m22kGSbTC
zP7_)dDj81h%jCGSf7$+UYmPd{&1)~m9+dq0{;lW<d((w2g{`SGC62kyTb%f9^)bDd
zXVffqJufs?%{>;Bc<0e8wy0Crzg)YvEzM-bc7w|c5A!k~om#@K+OPVO#qM~9nAtS@
z9nq`hcdOXH%VqLp&D#4!Y4*+9%eCK{r_@c3Q02(t3()H5Xypz{wTl-^d#LOAK>Exw
zwTU%hYc_6K_)yHNQvd2|JqzvS67StMRDGW_OLW7j9Fv_stSOg@SD#F-NPe-@^=+H~
zY#BROMoo{KrjwVijeX~`qgQX;53U~9Bl0foy;-8B9zU*^M_%$ujDND@n6~#f*-D0`
z`?Xq(!YBP+Ga;lxb?OB3ukpKov<Fz;Re#{IO-}ml(&NnvCh`V5(k8J#@O$=k|L^=e
z%6iM<?=`bk9A4aI`)x)o|LxNcCAoR|FP_-XU|HxH|2CnuyN%azmqYE92fu98&pnkt
z$zZ5zpbRe^IYkY{SVY!)?NL4%<!^B}s_dyW`_iX#PI1&37#b)VaI&##^D#3?u`;lT
mM0`zA5i#{unO7`1SC6sfsP~=+CM+EG5A!4vE<`bbN=X1(3{!Ui
literal 0
HcmV?d00001
diff --git a/roles/nifi/files/dsoclab-nifi-2.p12 b/roles/nifi/files/dsoclab-nifi-2.p12
new file mode 100644
index 0000000000000000000000000000000000000000..fdbd25a1e50851b8ea865781bc903dcc78a1cc8f
GIT binary patch
literal 3397
zcmXqL;&o(VWHxBxWoP5mYV&CO&dbQoxS)yW2TK#r7lS6A4+c%_%Mns+3!2zx7&Ng@
zVPa%3Xkzb0$S@knuyH|6;9+Dl;A7#CldqpBfAU)#6B7qRLlb+#*4<IrYbFNQ1q()2
zW$?s*US7GN>z8qJRdnn71gqz6;f*{YlMXy8c({r8OPyxkB+<{YQ;L@}DjKi+>1+1&
z#m|-b+^6<36n_11d<xg`6UX~wtJXcLf9UW`w0+xL7e7U*eOu=In5kH#x7{&unV!kp
zdv6t1{o=8xI_Ms8`rJDut)25L1h?I&w@_X$a;tmGYQ7cHiq>z`dP*O>t}xPmtzyCy
z{BHImlgwquj$68IlL>3H^L-Nk;HqEA;c^BUkHS*@nI$_8KG;6z$aHHRlXl@PcjH9(
z&ddwAx~16ctm6Tp>=$!#%AGvgqnobYeP4O;QLx#bDjV6<eOW7SE_BOx;pOe$b!~cY
zS=#cRa1&4G&5a71jhH_jwV!n;YJ<68>-nVX%N0I{-@eMn9;1HQ;cnTtsctPZgk$F#
zY*^^EOmTbE!6#yh&7rlwUMF_+rM*4&Dvl}Ux`Wn}K*QsGPJO;59Uc6}AB#21cb0FO
z5g*m4(i}NCZqAV@MT!0bGiEM0!B97K+RQ&zev{5UEd96oM0fZ)c{>Bq^vcF7$4ehL
zR@^F>rRSOcNoz)&F8>#ct6co95)Y>LatPXP{B51H&xG4NvG|C_xA(R2HrI4-ttfVW
zA)EB}^c9cZx%+Ru>T<c=Gf81l+VwDowFd+YMd$ro{O-jY-**m-WeWPMofj_XdT=a8
z?1i`^=a%h8Kd-w_s1Lc_b4!D}`E$GAqu-~SuL-}su_<uIqt_R7L-h9gOZ0tqN~kEE
zUADcYhi7F}iOb5udNvj348e*&LbDUj1iJ*r?YO%qUFVgB{d1*F`m1*)-D|nsx^gC4
zoderf2ai?rz6sA~P|IDWvEg9eU!HXj+CH6Rc~`#KRGPUoz3r40d+w2{8&|h}NV{R<
zURmh8ef{ZtnedxmUta%Qv!Km=k6%ROY9|vB*&yK^%Vs4VGT5<GUM{=!i&uv9%d6Hu
zjN^lN-mJYZchS5o^Q_-BgO~far%v8lENRB>=AE(ozT%NNt-l{UIot5Zj7w})^psRz
z!=7tf4>9_^oab^lINfH+x3d2SkBU9+k%*S&mgat;S2K6joZ78RgMTaT=6lVV6n)U;
zuv|gDrM=_*t#fPFKFO>7ARi_FarU}Rp3_}lOn5uBzLWQMV0zgf`@+JBuMWid8BW}@
z`+}@q;Vz%3kIDz_1Ua0a8&p3jE-&ui>iBbo=9HytQiN9WtT@$uapFVgSsa(_o(0?t
z>s}H!i(zrvr^x}mCl+-qeG{Z%@TEP;<>%L+JF>q57AifMey_zYwB?1(fu%vYhd$j~
zU#<5hKIDDuMg7?;Tp!#|t~e4?Kj|cg1>a<zt*Vaio;^CZ=_0RSUx_v+v-huA?1y7-
z%hkDeZLBtOm8d>!a)agFL8%UfzIVM#_5@GcvgrS|7?zbq_R=4@7C0xIOOI{3zv-pB
zqwsf2=BCY-`ve5?&Twq5WqGW+M%X!iNdr$x&F++K2anv8m{GaT`c07Q!X+8&@>3?o
z6#diOm}2$UraLa~vd!x9Z>k>`FvjS)FTD^d^Er!CNh9dY#H>WsZ5pzn+M?W1+Ya!a
zzxC$oU0uz)rD9@7IKt$NU0R!NDX?v3KIx^W5hXQSt*XNArsmSa$xD~F94=J6eYMr<
zhJSzQhu#aumFrH{EO^J-a9m}k?uROd36myeeJ>W@z4N0d$GqbiPyU_LW4bW;(w)32
zW3OLsDtc?QGOiYRRj^;%s(wo~lXtD-U2RoaA(kpxaleO5N@qJI*S!evXHeL@_QS>;
z{<qh2ZW+HZe)%bbvu)<KtTv{l+7stYNI8CN!L{cMtW%E_Gso=O{cUCF#zwX+&xKAe
zS-VQ|Ygc}4*sQC{Z|Cmf-xL({<+4{;)Ss8XFaHUWd*%P&pS(<ScYOZ*ABLBwxtY$X
z;>v!YXE0;KO131wZ?jL_%XFQ$;mowj5f}FzSbDEK=J}7;Y+s*<>~!?{VEtj1<*G>@
zQnlw6ybcvERm?At|J&bL_A#APro;Mj_&;%{6Q|eos3<(^XSt#9mm`&F_qJoAk0i1$
z@toKg_~%V)<8*O`*><gt69cL{<#l(iytuWoeMis<waRZn<!AT2s;%Afz%OW>xt#n(
zSG7Ms+i%X4JaVk<ue8*my}g(1{@lENMBe@BBVX-_f2Y2_(xL49etMSMp{Z9mDh?gu
z3F-0;-oS8jcCX9N7wdk%c<}VaPS>xt@&y-~I83D0>2qz~Fw-HS?p&F8*(^W(D4kQ*
z4hk|$g?hI7i}v-{R&rOH>ANuc+8=Mz+P^9KS=Y85$MVfjCvHo68_l|>B~W<lp%ZLw
z^S-%H{N5B|z2#{RPu=xY!7Z7I<!bY$JF*&WxL^42e9+4On>Oag`Mo$gb)BE_C%(0b
zhegfXLv|c%yFZ<Ga?-4r7pK_N&uTI|*NSLQ|6G5z?DN%yKf(iUt#-0=V|2?&y)1J_
zj^$_YPO}HQrx<MW7uFB3a$DDUp;*Hv#cI}zxpI!DMgQJ*of#Q=I-^6f<oy&8@rJ$A
zN}S$q+x~3x|EF0AZT~jya+jGR=68PQlbZd@wEcC9E}S~`*UD+z<ZfSPv9750?|<fP
zTz@9epo!HHsX|`R#A?LS#Hwe|#HwY`#Hz-|4Xd8H7?~C{vAi>AVtIv9Ycqpt?cnEk
z{`TAdRRh)9EKMvYq*(Gl@V-0wh&k;1((2>O`QqJUrth3TGon^5d(Vl#bD!KW`*0-W
zXXopAg{}4X_$#A!{84XnD`nnd6Ee+Cpl^Pi*AZLY@PqbYt3(d8m<hbf@4O~HV})I!
z?vz}1lU2Ls9WL#Nx;KL-Ui{56!-MH@c6;p>`2F=-Wn*<-Y=*ayj(bYdFWWWQb4CBI
zj@3K5UBPI}4FlP~9E*9J)^A=XYj*y`)17MUE8Gp9rzd@zwf@ZZfNP2(aW8A%eA4rC
zVK~_)aKFBTX<HnVFz2+zfm@jMr<`_Kw6FBSBQ=9t@4dD<NZe4~&%`6ZGy8zZUr)Z!
zL<5VL8(6<AV|bIg(8JYigZ;rRyH}e1o#!Kz5GKR;EpFq!!p{aXvc1)-!rBVwuTTv!
zGj2{*dd^|fspNkn=;HMm>f6OcW~`Hpxy9<B^egevp8%FzpF<mRpUXN#-!3}qpD^Q@
z!)j-*oJDJ=Z#Z%+SNP7_?3>j#vpyFIuU=sxYxJi!?>bxBkuw2Nid_?~uGf-~m-4Ue
zyO+19d~RNQ&OwIXO8@p<^3wnO=LWauX}gz7?i0+Ia^9IIzH9h+C-Or?@FY<&<^1CL
zHMS8`S*>T=t7){lUsl^y_48vzEko!Br5Q6?zumHC<@;OW)pQ_tUZsCETfX7N%wU-<
zuVP(4hCX}#+S}sm&U-D-3px6Yc5_bH;%K#6^+4ag?`yWQNtiBA<mi9Fa@R*(-0HW`
zj@eq#>oYeUaB~TpdM)lu=e>KAd1KD1mA;Rb6mgpLp#JI(ixoe4?l;HH?OiFm^!URg
z2`=epW?lPq>G5oNo`k?D*^1J~%1>t9Pl{7xG|k*r*L?T;a_!KAXP$N*yMAfLj<dpg
zPgG21tnWPY_ozz9@|)}Zw@%-(J=ThEZ{VjhTi)s4@`&j+{yK|~^~c77FcHUlk{l98
zGoE@c7rP<ydiTw)ZAaC2m;C+IwRn4u<UPhOxzjcWNrt4~d)2VMUjI<zk=_q`b4+$O
z|K#Yk5We~{<+J(y3a?BX=93>}_Vdopwf*zDJ3+okVd0(EDY4la%U=a49y@$g+QRJ4
z8{zZsJmY?OywutCLXi1|bnuTIeRZ9R;szz_UArf}vsSPE_H|a>gEPB>dmr-2K3#G$
zM*3<6TUIjT#Wbfa0h|}IIyOseF-&iL@N}=B)up=H<sM7Dr?=hSdg0o=^?g&;*yv1|
zaOvaU|9di1PgkiuI>VGCJw@nSQ2HVLBPJqYOndAjPgnglJai!4VttaPi2s5=5zM^j
z1o#Zs`de<u_@7)eRlAJ${aSIg6C0OvbI9_q*`YK4<!sTJ-fofJ%@NwITmAc<tookG
z&VQ2UeN&T04$G#9+=iyyi)}JO)<#@jnU9TJa^r(8eh#gY;QYKbTx{D^Erw}lKYq?n
zdK8<MBqQM!v}@X-%{@Oazb`I-61`}ViE-S_eEHWZ^;b-`eUQGSwv{<%W^ccaV~P92
z_N<AyyA~eV@#(hMn(9ObRj)NJLVb6xa;rBchc>>-xo0%R*SEXYyyVj2|6i{eZ&$d%
z{`*s{vRH1%Ul*ojte!#ZUCp+3&RH?pw5D%=Ol=BZ=7S$!zO3HDxOuZj{8QnH>Ke~E
zk1S7{`CKncBy!=zHJ_gTGydJDWK;OO@CjGr^PCu8rAKR}<)T-+2AA^)Uj3o`dYQ?G
z_pc094V2-fBd4gL7>kHw9sj9s#;T`p1RV&O*I};`X0)Nzz|cU^fRl|?n~#}Eij{#y
nB$)3<qSM72SA)OJnwIjcb9Y6b1QQEKOoy0v_C53Opi&Y5zxP{D
literal 0
HcmV?d00001
diff --git a/roles/nifi/files/dsoclab-nifi-3.p12 b/roles/nifi/files/dsoclab-nifi-3.p12
new file mode 100644
index 0000000000000000000000000000000000000000..4d4b23daaa41114bb1ab95eea974f0c2618dbbeb
GIT binary patch
literal 3397
zcmXqL;&o(VWHxBxWoP5mYV&CO&dbQoxS)yW2TK#r7lS6A4+c%_%Mns+3!2zx7&Ng@
zVPa%3Xkzb0$S@knuyH|6;9+Dl;A7!1x_UZtSw-|=CMFJsh9>rePtUS0g<U8(SfyO@
z)M(#ayG+M=?>kG&E~+qFtozPB<IX-s58c&A4i|*n{rjb>Cb^Vfl(RU!?4*pP>*tP}
zMQP2och82MIVZH$qjj%PQT9cbpSMr>d#PWa<EGdhct52i;G<l7T8=}KPG*Ls)C=F^
zH<$UnKFa%ci>dR69dB2?>8M&_bNK5X^@0hip=_(Kx!*0>_%T_U{dMZm6TvU9#)oQL
zy#CNpPUFUd#pk0er>O|CZvXxwZ}D#<%O#6GpU8FgoH4a~sn~M!(5_Qk@19PNU7Rsl
zf49Yi>E}LlzJI84M7MZtNm!6^Mejz--pzME-qhUkDy!)H@=J4m{$_TI&XeSIwBf2u
zJUMql|EZ-WZJ}WT%XwUR|Njcw5p*DH?}~*H(zl|%T@Q3?`P*FY<J@{$Jj3jClcR^G
z>y@Kcy*b+VR_LEzDROA7ztQsp57!#~RQbttX)=Gyb`I{T=l3!G|Enro#%ap7=&r-X
zSHI^?(a-<QE?Zo9!*`O<n-J%{jh96G%J)t=t|mKS!mYx>FRu?Q&ba8@v~ioQzLSTu
zPs?<k)HSV2k`eq*|4%iSe3%$e{gP4NF1wy{kB-=~8?$!)U%XiH^)^AJc?}^=cjqkV
zGpXf1AFkqJabB|SOw+8@_j``z%x$l(C<%C3`XKP6+`Zt2m0#Ry)=u6e8YLxbIitq^
zXC(WR{^Pa&Z=WT-4)kC+{b+yA$=tV6HpiaHJ~(klVAD3%uknw?1G$^`*4w|=Q!#c}
zI>lV2=1I_#zM{qVKgY+NPGntnfk*Dq&npuSY<<0V>BE<YfAz~>duz9Ex9>NOvo8Yn
zSFAZA)cftC|B>#?Yo#3=u7*~di+)J8d|j9GhW$G0Ug=I&hOR&J`o!mo@3#NY|FH0A
zF{@+pU;Q~^?19`V^OgJF1hhNrT$uQH*Xj<@i$~iZXViY(^G?)0Hf}<p>cYC^UljQK
zXZD?KGpe^eAr!%*6(l5{a3oQ`blHBTJB`az+NOWfFJYOs_qvOq#yPK|Il6+Wmy9o+
z4m#!~GNX2D@)6;#iFPYoc&03MbXu+2Uzu<%{q^zBH?Dcy-*7JEvS-i95arO6>X>Si
z6L)SE$k-&XZ+WddQ^ZF~@1&_wSj?kC=CfTZGxO(aPvK{@a`63fT*Rn*&F<H#8nZqr
zSf1mznU}lB?Dp<>%Na7Y=9S7Dm3nm>w;DWtdCq5R=c4OU%RNtjEl_%Oc<Y&Tqq9~m
zr>C>K2hP+g4>Ho0a28n2*kDq*c8ifr!a3e8wkfO6TlAe)F%pwKFwbL>XCB9sj@oVQ
z3s*gB@-jEtm;TOp=T<h!84vw0e?1y{^vV{iE8*SB?GIaDZk|6Y@z-Uq_ZK($uY5jZ
zr+hc>ljVzcS<PSTvtL&+-q!Ya!;IT$)1Q4yvo{Dmy1egU+Ej_>pQdDW`}i&soc7Ue
z|Ln&Z_rv2?E&cjHZg22s+XupvYaewOcWC~WklWC|A;oOUg2z4?XFJ5$=4QQ?F=V-4
z*s|rg+Wn@O>rxued7qu|y>@c*Qy=ZhC$if*yY~LFT0iyuuN$k_H6~c6ud?4388!3x
zv_g$@vzjDJH@<H8d$hdE?uKr!`EqMd&6~bUk7P_~+N^P)=>LO*J)ZX$q_~7AUp>6n
zZ%L!s!=#g^Lsw3ly;^({XZJHH&!tLt@7;Ij<uU)jsvr=zWP!no=|7gbFZsIRseRF!
z9kze`OnAQsU!Nz%yYKsvF1dKl{*bjMZ1G~M5^qoLnr^nelKa1iUhS95Q}6v;^>ZCV
z`fd)93tye`9+=(9?kj(Na;eRX&SIt&?cM@CzqB0$IWsq$sdvpWkiEFew>ZnUIK$Ae
zGGboIo~zv{_a6(0><%-^ExmX<`OmTJvs$mV=xhz%_Pp<I+)36a2RWh`Q<pu9{kX*S
z=+C8G-tRK^Ea_gDRF_^7<32rh(^}`PfiF0ApS~wDC0!-9@Y_rljw*x8ITvEp9d9@v
zNl|L$n6>7r`+>^3wmIszQd9qI`=**-t1tKa!DsOu39+JlqDP&pW;k8?vPpI;=R5`(
zHNPsi1@Eo?Z0<Dp!@gQkw6ZzA=T~}2<;=owTxl^Lk3<W$Oj>_&evj^MmS@L5c6^YT
zKILWPsy=x>g+1X4l4pJ_5AN1JE^*#r1IMemrUu-5A58rtWn-K9PC@YUiD%pzcW#}0
znb^3hsJv|5s!ZXH4L(tY_r>;AZhswJvEiI&--=mR*1kGY^Dj<)dcbYt<KLCTJ}=Mw
zzQNy*-(Gb|eU+U2sSh{ULpMsl?chC`v+x#kOYin6>azuR2x!Jw2TN)fEfBj@vSqS=
z;M0%)zNejvywktyssY~u$E_=Fn&rmIXh<$w+TDAqM(&0{-J=Vv%Nq{I`_8#}Jof{4
zP~WagceEvLH~skiMzUA&`d@*by@sosyyH*Y|K<0fdP+pK=qJVY#-HK(!O3&)F<kGJ
zDr0ca`LuaYX|CYGpU2<pngoBk{8&B2DUfgLnN99SGi^m)AMiHWIGOvzzkoUNlY9CS
zIIi;RPk*rc@{F4Kb06zmPR(k`ReBL6X7|qZH+#T_-`5^U9azmZrCU7qpL6y8H`b1y
zJF3DC)EhLhIwDob3z}GsSejV%44PQA44PQg*tlWUGZ!P%f+m)C22CulP-<;vP^~RL
z{oa;#fzmagTAQVb<wQV#Ov9-l!F8f8TTcq*J<5KQeW<_m=whqKQ70ySogb>_cIAIM
z%TJDTvEo~n&0i5Nso0k){G<HiZP$nEx-}2|F+OFNZyDdwcFI}CeNk1StW;3E;)6T(
zo7U`jnsKt*+uY{WlvSoj`6Qfn=v>*9`fI|8f`9k@F2yMC3P{$?i`=As>GjKRZww12
zw=D^}>u<mJ=vIc7=x2ZYZG+2mC!3{fAMLmy5ct4ivfx7T-He`WrS|`vWTduFN%{N3
zMkc9g(zdlvBc82$RI<Hujnl(pce7=@ckym|Y1zKY{=%Ks|C<XnS|{=Ud-BUAy~wUK
zE>U~e9`?Hb+}z6fJ@eW2+}?5Hce=P+tK(beh2jk5)vF#xdrI9pFf;3!`O^5WbDwBD
zIC1z~4*#R8<|$So_RDtWd9@w3Ia79f(XPe38zWEh^960;w_(cUn!e#tlWnIwf1~C0
zw@W@mtZ&`F_Vcc-W()Wh6`GhB`n|~6ocHbFpX*L1ro6PXe!7nR(antls{*-CKdhhJ
zx08R7!M3(D&o@u4cU<ffnV{lZJ4rv{<utp>H16WEJ$rkcws;4#q*oV<xk>PghWB33
zll}Na<?y;&T}KaF2&%kvx0hXfvG&@INAJ0NI=-_6^z3#xFZEzU+o`0|)4Ug#a7=zK
zxaenwUGSVehvyu;w`11j2BZ8ndBrbI-<XnQ{dvXn-@EuKLh2+Mcc1On65RK;{dVq=
zzeaLC4p#+BVsD<y>yYDZpV(!mGe^s7Nuh(^KC%5=9M2UromZ4SOFjE{zU-5N-T!76
z-M(M<UT<yQj2io*HTz2S|F=whay0$$-t@NLr6&J>7jRt;tXCAQ^R6_mKOh*qsI#%Y
zFYR5o{l>em-^%V4id_F;+q~qN|4$`<x)H4~F|BgCYU2BboF_IsKU5SJTq^HAwngt)
z!<wZ_ZA4z)a8=v?qQRlvxMur-IlZcVGYcQDV0dp_AoXHKea5_2p_o@izgo54ElF{*
zciwk6Hm=xCtLT|Q>8jQ+_np@n{Vp`RZ4>S0+SXRwJkRMA*Lwwbs{<Fz_iFq;(aa@S
zzsP9eDY^Ln&--^~3pk!rI39C>RrrI|bj!ZwKZ+M+O??@*dEr%^lk5DQl>6uZ-TwW%
zr>Eu1wak%n0hTv+$}XO<zUjK-;^y;D&iNN=nVy<E?SqW>@*COWnGgJgvg;;_i)8ft
zJNEVK)D71JrYzcaihGTWde^+D8+z*9r56vb6SaTb#h~_CH0|>PxdV~@_ZSX-ynZ9q
z{F2e>ePO3=Z0d>P`1ss5^WU8CJzqs~W2SRV_p^4|cY4E#15MZ1icF$cXl0%|>|eUR
z<h-0oh3eN!y=p5DE4=-%jk#c9L&u)Y)0#JKk$y1c`|R~cyjAk{wHwcTA(_ZyulDN1
z*^`~q@1-s>QtrE_vAzBDq>J*W!g;5ApWH5fe^<`@h^x_(d77`5?7cCeX0E5r+)JBg
zYlzt7N^Hw8v|VU-{>tb7S&CM5oMPTtUHc?&uGEd6)+BI0bK;B4pf(5H+agzI&0gdB
zzvb)3ddo$RTlej|B;nw^sQ=gfu61YKmj1uHLvZ=zPaiI|uK3c++Wjle{O?ucoHbp?
zWu>>tO8ssNN$FFnQVnc3x&LLd-^#%A4^5uET-DH)qtMiSMrY{^CaY5gW~;-`9N?Mz
zBcOT>+j`z<hN=e2@Y0b})KH8?<X>a<xymgZrJ;Xw)~??q|Gq`(<`n}&14RQ)Hdbvu
tW+o|C1{RT@yk}k>G<K<GZjLT2)(i->`@D2B3y0*+l5@t<9}a;^NdS_9f~Eif
literal 0
HcmV?d00001
diff --git a/roles/nifi/files/nifisecret b/roles/nifi/files/nifisecret
new file mode 100644
index 0000000..cbbcd4a
--- /dev/null
+++ b/roles/nifi/files/nifisecret
@@ -0,0 +1,3 @@
+{
+ "value" : "ccfda830-defc-4fec-85fc-9b2b7c98e8ba"
+}
\ No newline at end of file
diff --git a/roles/odfees/files/Arne Oslebo.p12 b/roles/odfees/files/Arne Oslebo.p12
new file mode 100644
index 0000000000000000000000000000000000000000..273c8018b7bed8f691d9e9c24f5fa9d6425a0e79
GIT binary patch
literal 3325
zcmXqL;`zzM$ZXKWv!9JqtIebBJ1-+U<ANrh4J=JOYYdurRv0v~$0MZJ7BsO37&Ni_
zFflS1G_kuPWEc%(*tno3@G!C&@Ud`s@lK!gTfNSPiHU=up^05$Z{d_(t&GJt7$3D7
z$8I!c_ItQJ%%!Ef(cf$BntMCfy>FjpJMUrthy3#6H32Jc-q;#=_Lq04#;r@IWqa~v
z_b(_qa_(it#~T4L)*+Pzm#fxq_sSM*O=p+Xu5f&P`qNwI{IV#^!*;n7T4xG<o*eeG
z`)<5itWm)%{?^@B{n!70HTkWW`#rhxRnKGET-OBEO!s~3BKVy90o!X<6<K?>iiwAc
zGCX#qIUQ_Nn{F}PCg;M*<*5uOHrWd;f49j$>~d1Crpr;2Ggp>~_59V;ycjuQQd6Jw
zIrk!Fn@;h~CY!IxY%5!;bVBiU&#j4J6_%&B2#6?ISV~X+XMONJ_a?2={0l=f`!CIx
z`n<rO-E-I3TG{ka-McB;^=nSpshYkQu-Ce^Y>r=G`E8&1Axv(UFa9=~KH2#5jZJIx
zTPDgLUb8aykInjN4toy03-3#RVbJyd*`|_(e-3{*&H7<K+y3gtbJzC%&&XrFH=`;0
z?L5<;#wI3vMfJmWiR`@2!uyCjvml4zzxivM3eOGCB|;e{s$6rDU%P+RhH5wA1fk|O
zfs0MkyxBBky#CtmQf0kwd%R32WMM#$zT3CzbM?MK(^Q^3YB3g+-=Nc|9wbzn5+pBN
z^)WI=uVD2QzAb+WBwC}N8(;d=kZ^9>+Wa0zLxb(NOus4^m+^NUWDOBt&pem^pw7*e
z*KQiVH(Ijs+ltxW;sSMS)B|T+Q|x9t;qgk`itl7oxPMdWscy{zw!=>>3)-G673aIK
zQtg_Q-VCb)I&8;Ja2~XDaTWVsoN794f^^Egm#19s-LZL=bNy^?iKoiBlndM4tMBYw
zub{f)a=Y+@bsnNVF<)0y-G5S+)YD?Evv%YAZ2q}gEp6&o=I(ZVCy{A+J>;C8@chRs
zgj#kR-gvU?^x@|-3cuV96)rn37qdU>`oD!c)x%k0V!niW?8-~&h*YxuwQ`1z<*YNa
zw!E=1I{9q!|EMF8d#s8+Z+j^8_p3w9pV<bVrySSsNQ>4}x7wAk=Tok66o=TV2NPFk
z%sg2m#B+DuhP$76*qhs>*q!Gp*e#N|QPsazWnTXNsT`(<#06~I*2yY8vwADYCjad>
zr{brrr&mZ9zy3C1>uw+Yt8C&~C3ARR6*zJ%J-owx1M{+(PE*|sbn4;{USjI@+}NHy
zDeJGlhshFW`K27cu1yHyniks~9C5D3u-|jZ`vs@U>vtPSy8lkA_MW!)>63K=(=r)c
zG|J`_TVI~`zb(#xPtY#*Lyscc{Lim7<7Ts+bdslGs*!v`)Pakes*Y-(_BIh)6{}a+
zUy^!wFU$5P4~q}`E?dpYQMBX9>!_5?Q6lEd=U%^a@%Gf1e}3|u{4ym$r|=sWqy-;K
zaLo6(Hq%~n;eXS*+3$^&q%J6)ubr-SD0R(sgALkKC$l_o(VUfc?B5L56<1$fV3S!m
zU&`@<{`<1kdj2k6F8o(hnt3~Nx?3H}Rf?opX6~85J>BKy_fL#=5tiAv4yXUk%)7or
z<Bo*F(KR2MmacsAZmHAk+`Up&GM@Je0uJ+<Ot|vYWYx#M?lm&&BA+;De3VcA6Y_ES
zB<<)0KDTa75ecntJhkW3uk{=y*Zu0dH{4IFJD&bG=0x6wCwFH#roH;I@6qoYk`}yQ
zE`6%AYBYOyZq1$s-j1_Z;@C4~KRgp%QI^!FU~;RCGqxjd&yl?+MDlufSzg)DcB48)
zVLsdY=V20Yso8p0<y1V^nC_h1a_%kXu|K@)lASM|U9msUsZ}XN=5q4|hrBh<x9eUo
zo7gtV|5Rh@LUolFHS_%MPW0L7Wubm-@|3;(MPUc{j%57xpL)JIde+mpeJUrqA1^-i
zV(~WZ=gx-%Jomros5<!S!M$e^`DHfK^;WmDZWGHre!6{=gulR{0{J6#vYUUg#544>
zpV;PCntEy*kN;BB*gnB&+-!dyxh@X){JdJhZ^s0m_3cw$u<nhz6sq(o+Q(McSheBZ
zf-=3Qc9o_vLUzLE&hAY59k=C9jGkK7<HkO7^YXS6J12&2sJR)WCSv=%c2k|^L!IN+
zjVGTP`nNxx%lhNmJlCIkTAwqg|7vZ2HuKKLc{AQ5ip~vM^yU1IS$>_`Ow*3DJ1M?h
z*0<xbR!vFRy7QGGQI?<l&gW#rZZWMW`mW=%pC><CuOrF7GrII%75}NeWv8clw$A5u
zx^nsUl*5~ERL|y9`*^iEDDu_rBk!BD&iHPa9@J=YShPp5ggrlh(wwS{-<kKf)yw$>
z{pI?gXCGyLfPHdI`nos`@0a#JHU`waym+8y+H;S`MVI<I%DSdE?Q%6b9rNn?Ql1zI
z!N*^!6ic7ZemsGfeFgIst%%ijJ!?Mco}Ir~d>NC%t{<Nzjec2d%{#lCty*e&?_;U0
zAEnDZ@?T!Mm0Eitia#fP<+aq?dQXLd70zWl<zGB>L+RSg_bM$frUdi8n0Eff@<%OS
z8YXVfyfnwiIiYl75uZWg;k^8pXI*5a*}6Z^yqU7ppo!HHsUls_#A?LS#Hwe|#HwY`
z#Hz-|4XakU7?~C{vAi>AVtIv9+cJY{+fPy9`>*qd6oYD8mL`@Hg$9p`N~*qoV_CFv
z!T!C`OI}#)Xqq3>*nhUSSlLc6>{0thwl9gbB3I`n&f9QR#8fEod;PsPB7e5%?~=T@
z{Ni8ty&PNe^Ho|M=l2D&-n}s`>GsXDN1OY1-T1j^(VwZJ8%mjYFEgCfO+5H*kDt`O
zqNHt4qB$paJa7uy5~;15wD--UiCK;xrSHu<)KOHRDmF>NdDZ3gOYH9)Z){RY(flf7
z_UivMlj(B1kE}U!{^!}Za&ud^$5?uw49o55nI9yj9r7%P_r&XrCB>6!crU4Ntk*r&
z_~n*Po!*nbYm)8zSFQ||GT89S`t!4({!e>e_O{(wzQ3#CX6~+#d14ELuJ>50#w*2~
zQQhFx`07&h4d?4QvoG&Dbk&e`-}l+GcsKRD`z6Q{lW=<H{_cIVba+da?=5|Q*J*(Q
z^WOehLAJl&_#I@~Qma_<!^=7O&CC#QjR*b$4!rWS>v?h`UQHKMU8U&h^5p8-2VvX&
zTUPIxaGTqA`J!)M_TK#7c_Gnv)rmcwPLt<|Uf?@A^HccGyblFy5Bk1e$5%N0rkPBH
zWJ<k$hId3(QKaH!CQ}0@hQB%sysloKU$LA${NDP%d-WN`mY-|Nz1lG4*VWT;M^dBn
z_pP}lB&R=XRnFhLi~s(z3`!}NKRq*3L&qy*`q!^n(fbQKWz%(h{SH~rb1k^O#3j){
z#9YL}<LTnMS?Qq{s&^IGpFUL`)wtiMUS28q!|O8_E#r5;*83b=yHD8U<G<NAZtSlM
z{&iVg>)*FWb3S!SPN@!B6E(T7eI<``sfFbW<^HnNdowST2&Pq>c)(p0amJEG=+(KI
zoZ;tUIgZSHD0P0)oT@bYz?EOGz5liJ+|L^#pD$0kEc*A6lIq)Uj~1^o*RP*)cZ1DO
z|GTxG9s%<df)1`^nw9Y={<is6rd0;4FT$?Zo_(?B+sg|azQ%vWbjxCe%eA@`&iEdm
zxJN2LP5bTB<2Pg76<9-$^G%qclAf*kuygzAH~LczFU|eiyT^rrMey3!XMca|Hb#~|
zN@VWqG2lB@JW*cTpzz{1Ri=`Qb6LH1trPC&uzYmeL7Q*Ft@)cyo^03ku<l@z_<Hn5
z<w^^gdfm-`EVh0~_xVujb7ki*IXCybe$&4hJkuL<Vs6+()iY)8XgfOP_FK76wKZ+Y
zz8`NhU63?0&ia0w<ATESq=m;EZ#-Xe%Pf4}iSy<gDwASEt(W=-Zfh%X5nSWQ^x*%O
zqR)z7-BSIZfB3XR;r1yr%?sxaUh&LjHeS-w(4V&N<=b16OQcej<mc53Ykg4s!yA>{
zEN8dKOLB{olBQ-lpYNvpJ0_h10lK%OQq+!x1TcPdGFJY>_G2|etneAl9}iPQ))}b&
zw9>w_#l+bBZM1woYZ~|du4%6|9#kIQ(yJ+7?KR2eZUNJ>!_uKORi_tTu+bCVX3{0J
zJmf^*)C+lRH>yvS-i^FF;kaXH;L!#NYo2FEmoco2E7`haUAb#%vFy`@m##l;Og^!@
znf2|8S(W;0{&qV=9@bB@keHx(f#WCVOVvZ4y(e!_y886MrFoI=pS#XvinaxX1m3wM
z+-JVc!gF^1@3Rw(@Ag#OtX!s|*6}v$#;R4RKB`7pOtZabTUpAc>CP~bxMLq@)Oljb
z7wd{0k1qKdzP@tV`^7)kEqA%}#b;-pOyJjHaO&{eW2kDN3@;ryMGeJRL~<S}UzA#8
zYkq%z-NWzqxrKDo7&QzG4HOMH*;uvtn3<$l8CXOXI(Jsjc9K0YG0yS`!>c|%<;nN%
SvT*onuj~K4uqy#nN&)~L2}KS7
literal 0
HcmV?d00001
diff --git a/roles/odfees/files/Bozidar Proevski.p12 b/roles/odfees/files/Bozidar Proevski.p12
new file mode 100644
index 0000000000000000000000000000000000000000..24010a64063a960d554cd4e895e17b9e2e62362a
GIT binary patch
literal 3325
zcmXqL;`zzM$ZXKWv!9JqtIebBJ1-+U<ANrh4J=JOYYdurRv0v~$0MZJ7BsO37&Ni_
zFflS1G_kuPWEc%(*tno3@G!C&@Ud{@pAm@?KUTG!iHU=up^07M-_B68Da(!WpME~x
zZCt6<q<!Sk^6!!@7xVufn0!ucb)Kus@z>Mc_Z_UC{lcqxBg3VQyN|7Czu4*hGdcg-
z9%do$moM+!oByiiZR#dlK8>)xK5y>ZF*!5O@g7z9px(g!_F<Q^E7P^TpSR6B?z)!c
zs1ftlMYo+3=7%M%;BTH8p#S~;`iVz%w@DevvuE947LM0w*J~->zvhQuzRh7NU#axD
zCwCN2`|QHMXm?$jR#Ez{*Aar2((SyrW;LI9eB<naBPXJFMi>`xAANIOWQwBtA$@}n
zc30FAC*R&_w2eLPZ_YmHH(PDR6SNL}w|nr-XnKWW_;>cDFIMMXdX*dItnvEEKW%Qt
z_o64abM$o9#k>_S+sm<U>dvOk9&g^~zWO}#saAmf3F9lXSO4DV+pojg)LXOmpvB%-
zj$f@R&D#2dZvEZOdCPOUZ{vL}nY}T(dt^&JKRx17Ta(T4>8#B9hr0P~KOI%}2<ENM
z$Sr6(@WxZ`#H7mnvs`~~NX8s2G|3c83n|hv4cULg=W*~NQ4e>u7s-p_wD-Sx&b(-e
z;%UZhoFUu(`B(0CeWk0reCpQQ>+D09%zEmxcS_msm+>qTJ&sQVm>cd@E&QA*^v+=R
zH?t3?I#muH?#%x4t+eP_@(jz#3mhw0xl)2`bUZ|ic55&7DcZbFPbRZ~?QK?S-p;jY
z3~#UP&AvCQ<8e!y*lFjQ1?%%1&5C&yj+rNv?cQ$4Dzn4Q`BEe6_Wc4W=N9MjIwVa@
zJ(=)lH@~F4+Z4;d$mXvCzmDHu%JS8iaq>h{gXE6ozc1zQc>7|tP_rOwkGJsU2ZtSB
z%yL#QxgFg8DEvGVdt!&{s*=Qm|AJ<vYByc>x%p5@#il=w%~$r&7ulX8oMCfKYz4o)
z4o;9g`Sj@j^0u0fm5Uxle_~j?!1O~{dx8kdmxB7qegD>Eu^rm|MC;58Q#Xr>*z+0>
zm#qyKs$Xh<>#E4p$K@BlnH^#Ins{FS=;YN}DMwBl1$SAt$R7w@en;fRb`$wh!<~`Q
zbHb|DJ^T1LrTB!-;#Y3ET`Lz{dR4z=SzKDKk>JM9y<C2)r|s?8Thcz^;qHAwCoFz^
z+EU;Cx9a?n)6xPz;+<z09g_a!?dv<|_Zp3P;fni|&RR>q3JJd~#x=V@#<@bixH0-^
z)&}Xkjr#<XW9+9SWt<lO{7a3~YR~?F-t%8RdJFVstTvM=nruAxYWREQAXC$8vWXq;
z^HU!QWPC|-+%@UKrJw0qyx$L7?VfcxZEoy_+AnKrB7^;}DW7=Pv}DVbh~Jh1w$7Wg
zjQ@+?{^v5k$L)}K`t6nX5BH@=*UCyd@?_rFP|#3hEpS0+b3=#vUr}@S$2#f4Y{_k&
zCeJ$dIhMq?xjyz)y!KWsxz8Y@<K6GOZyN&E6}O*zKWlR2uH+AYe$V;2&tb1kL7w~L
z%RjgemVQf{@HRqs{^mU{OJXuqs`FO=(5m>txHES7?Dv;Ex7TSJ_g0%I^K_(oE}pPL
z#&Mr?z2^zrMoV3l1<d8qZ}sOsZ1ZJUByhg>r-NTl;k{jdzwRpfop5{eylLzAaDB{7
z>u}!J=;vdYbno3SrWkYghsTr>?%cLM`R0IL&$>JPR|@{@TIXPQ!BvZ);c?23yC<zO
zn1tij3YO0nxyxw%-Y=g~BFpXe>_)-j5Xo-W$JeX9kH+lUQIaR=z3cVCQ}-QaTDW_2
zOmA5|uhGA2dF!`0N9C=v;}lx%R%qQ*EuX%iGD3nwur$}-O?RRb@9w>ND^j$juEy+B
zo~Z1!raB;IF<<|T6JKIdHgM|vp83{HwE5X*`9}8dy0dsTFgDzb>B!XloUv|Yg0{eJ
zelA~;fRA49<ZPR}7!CNp2AqEvKA|Q`&7?EcvC8-Sg+g!Db?V!TOV~WVKYs0RIj>K4
z-I6=T26B(>W^RdJwC#HdyQjvzN|Az&$(2%%i<SAcS@_-C?<e?A(qoeHmOJRSEb)rL
zf}bS`N4`~a)=tiq7s%Y^u2<XT;>11ERsZ|bk8UrwNZ;=%SAIW#!=Y!tetc#>{4b^~
z^yu?N7Ns{A<mpezS<)c7#Q6RPBh#f$bIjD-H{3thcjWl?SC0c1#a!@Sqs`H)mX|tP
z-a~)chWWl$HM6JIb<Z){cVUeU$Kx~0#d|Y0{!~tua9WjM#(wI=-tFRLofF=K{@=0d
z&^ZnJQ@w4yipIC=CU}OQ&&Z69)#lGrNc*|_bmSM`701F0fBapwda(@C#3MVdFRfF%
z;g`}_^6ulJ<Lqw)yYja0UJ)W~=*1;8pK;?^?ww|AqHc4JdY;Kyw5R$Z$LVyn&E6)r
z8}m9P(igr=ZA(+M;7o1aZozBRY^%D?SFGMigr_3H%u2@RKzvQ?`hVr0wy2*~$P@Rk
z{J>PO^#)5*?wJ+ga%<a{_H-!TE}pY8DE}6FnOsSS_{>LtoqHlb@aEgjpRVV#dG2!g
z?|H0D^ZLI%DCw7YdGPFyzwytK92|B2lq{AoXkv9lsz?_!u^O>7vFaH#v1%DKv8u6g
z!>Uy-My3T#Ebk1OSYDyjw#=Z~_OLUD%=deLZ9ugxOB2h9y|ZkO8Qpd{D*K}G=b{%p
z2agwX-997VvsRYJG_b5@8~aa}P}QwP=klUupY%NMo8FLe-_)PY`a!_e_j7Xmo-~~Q
zxVR%K|AzYC$&c>K#9I0mWnR4^8(36X<tkOJaj)y4Zl}Jxf(4gd%ys5Z;sR=2X^j@n
zZ&y~Ve*aT^)(f5HN{>IH(|o7Q5m{H(`O!ej^<DB4cb^H&;a%Tm{;GYq^n<Us#&^~0
z%PY-3>F8}PH7J}d!}h6{sluC0=fF=B-l@B-ulAX5ONy(JscGIM`LXYA_TAeHVpMhs
zXryp3{5X|+Fy(Og)u}RFj}8|V#s2%rQ(~!EkSEWZvviZ+egEy-6aTb#9(7Pudi==i
z55w=1hHL>biHg@O68x_1_uUpHSrVBq=s%&CZC6KOsnUwn$sG4sw$9k{#@FC?$?uC-
zBAnZ$mFBlFX{_C{MdtVF|4nu3=g!GGy)KV9s(+Pt-c8#Tt4s@aPLVOOi+EjebiYC8
zZkEM$r6qAoc}ssSb*SN3w6#|Khuiri{%!V?H5N88?7q;m)R*@-@5h}otJ{*}w@+BL
zG*zJNJMXJ6j(#Ua9hU7#FY+_LY_{s`DW8A|Z%f?%zj{`9Y02FaVf_`8j;T4{+Q4FC
znI`jKRms(No0YznMDI8KsweBYH;4VylpKr8r(SX$=3y<G>uPVZDAe>CTlkKp`F~dW
zPI>LAm%6@8ezSbD!Su6sUaHIm678aH{VgHZFA7?ho$JYB5y;6~!C4z;bFuWDM(YfX
zDWSFzO38;cUIos2+<ivt`1&15^WJKDM10ZnE0%wFTjJ)t{fE@+xf7X%PfHywd@`}d
zQtfQx44vBM+&i;Ud}<PF&pw(ic6`Z!S^7I{A3pPYbyOrHbQg<$-JiQ2XF{F?&e#9m
zbG&xSx|TWTXI{vZH+|t(e&XIgjp(a;VoNVAj1D|M_oAYz6=SyHm9Tw1I+;5rty=j_
za;+5qfrm%Svl)6{e>T72yHUpC&^<NFjdhE>>W{qfemGHe(&M@_N36^DeB(TI?&R9!
zw5f*{Tl&50Z!~D@+AtyYCeNcwZ!R92UHNvxjPNYR$V11c9Ap<MEY6yx700PP=e2}-
z<BFTYk!$W>Ocrd)*Wb^zO(^}?`(M|Eu6$2j7yNx$NY(x+E4n^KOq`HVs(Rsvk%!co
zoh1`{9>)o^sr>lhc>CYZk`o-(v(7Hxw_kq6-@D~qY1fuJyqLT6Uij`-pSycXUtcoY
z+I9NPb=GHJ_>{sK@9r#rzW%1SfRv@~Nv6f=*LvH}hcTAg&p-e6Nc5~)k?Fx2Y1K_C
z+#9E?EWG9+WZWv08Z`Im^P{JW!q|NGi-fp6mH2n0I8%JlcGf>VT)m4Tx6W*rd(0+n
zUg+R9)8$=Ru<Js0wP)6|?RdnFUY`Bn%1=Z8NVmq<tGucbuN^G4{8r1iYV$w0Et`%N
z9nDogG<W`lX|Hl3PByz7NeZqJve@gv7<x?P-<zwKci%Xx(w^EIe{tr*^CrKeC+Z3@
zrJN5}EY`n!--OldUPF@C#x?Gm_rDn5Q(xJ(zP)$)-A^or8jp9R&)R=VStR`rYq(kc
zhgWv)4RhXx@GEx;y=S_$nL+Jf-ej}?%i|?gFW-Lp*rKene3JaVs-@e*?M$Of&IqK1
zExIbJF1mY3srTo_l`9fAN6mhu<o<@?OuM(Cs(~`RbmSB@6k`#Q^!q4Qsr+Z!8T0S^
za!#*YsA%<jlYyauq5&rxt2Q4qlN2ihi^u|21Mj}M-czp`eKY;fw>tO-Z!sSWM<5IL
MzLJB#K7&e00Bh$qdH?_b
literal 0
HcmV?d00001
diff --git a/roles/odfees/files/SOCTOOLS-CA.crt b/roles/odfees/files/SOCTOOLS-CA.crt
new file mode 100644
index 0000000..04b1f20
--- /dev/null
+++ b/roles/odfees/files/SOCTOOLS-CA.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNTCCAh2gAwIBAgIJAIp0kyaAW0K3MA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV
+BAMMC1NPQ1RPT0xTLUNBMB4XDTIwMTAzMDEwNDcxOFoXDTMwMTAyODEwNDcxOFow
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC1GZDFZJPR7AYkhEsB9U6qtK+40di3KOeTwRosJ7hvP1FQjwnIC37B
+UlVq15KEgRTCcXgLH0CdtzC1Rkz+AUCLyKTOGmNCqmvyMcESdpuoI1NULkv0QeYX
+Mj4Q1Lh0RldqZpEr32UfsVowBPPhijAUlVAHeJLvji/tnUvI++9no2hx03UAhjTM
+M59AviYsRT3DUkciNSllpwV+7B2pgnpRgzsbVGP2cheaaRYG9DAbRTLrAtVxO0WJ
+c/zNGSpvXuOyBK30/pwGMvhNGPeckElSpDfaepuA8ZDcfaKNk0kEBvzIlUrpZBmv
+tBc5DmpfEBlSk5UK/0XSblKE5dOqlWc1AgMBAAGjgYUwgYIwHQYDVR0OBBYEFHkG
+ykDTn5pUrtMzTfI4PrYL8z3PMEYGA1UdIwQ/MD2AFHkGykDTn5pUrtMzTfI4PrYL
+8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09MUy1DQYIJAIp0kyaAW0K3MAwGA1Ud
+EwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQA0XK1+Eg+j
+JdwKnUpnwPq+fsyrCs4TF1DgwtqY4yr1KCw0QSPMK9ldLp62lJaRnrPE7ZGOQ7sd
+z82yEM8nMulNREp3TZwuVFaWgs0yLVKkfqZ0jNGDuEf8AJAynI4ynRbtYxtYzBDy
+XgJPk9lKK/gR14IXBet/dGbZf4yHiMzldMCb0dWzyDS1S+Y1iLTRCmpmRbFow12g
+CjNoSxdyoJPZavcOVWa4tDc3PLMdkgdY20ewo3IvCQTOg9ogVX4Hq5/M4xTz8XUX
+nHeUqshdkPVGFCIujCBg9131RYSE0SkVrPUaIbP9tgzabkZWwhiq8oSpTBmIi9qh
+GPiQTFGknE1U
+-----END CERTIFICATE-----
diff --git a/roles/odfees/files/cacerts.jks b/roles/odfees/files/cacerts.jks
new file mode 100644
index 0000000000000000000000000000000000000000..9d4001b7d9a466941cda896b6bf145bf2f02020c
GIT binary patch
literal 893
zcmezO_TO6u1_mYu1_nkj&0U<IT#}!kQ>>eu$iTo@S}9llhJiIg&(y$@fq~i5po!Vk
zpovL#0W%XL6B8#xSIK0xhG?hl2E1&XT5TR}-+37sxmg(u#0*6YgxHuvS(tgagZ-UD
z{QZ4`b)6jz<ivT63=9p74GaxT%ndD~#CbtXBMT@Or@kgeC1fiYSs9p{82K3tni#p5
zniv@wwn|Ponlky~8#a{|Z^o~FtG2A)aq-4>jpvgOO6jQY$hQv+=;u7aU3V}jH0%1L
zmPV07g%#ZL4s*8~Y<2Vb$LP>~V#ztFWT#cxp9~KQmCatE92}zO{l)Q_xRIT}l^rE+
z;aO=DweP3OZ;Ucv`TVfUKxAqFd&Q*pefn?bdY}0HK7DaU;pI|>Hj^{P^Bwl7>A2b+
z4susA)l6N^TK7hFWm8pPv$b?c^0y-KS(##NUks#Ojb1ZdEwpy+EdFy=QY%01@g|nF
zU;fQuGy35x@qNw&&!8pdx2k40e4KEnc2VzSPZqX6C#HJ6Op#o_Mck4vD_%e{X!2C9
z|E`zvf?A$lUNtq{l!=*<fpKwTt3hLvfh-$ys4O3g7>h_H+bM_3^Jj&uyKL<H$--_M
z_h;Ml25ul}Wfpq_+Xk!(7D_FVz!eWoNHNX>GDnz&)qt6i@xK8#h{w;u!py|Th8$De
z;Fw}$Fo{`PC&a&4^$youuk-`I_SKzP&2>&#JmA5hTQeSOebvx0aa2B|eKS^X-nJ>z
zCeGV@<n6>h=iRdB&u$VpuWt0x*Tt*ccaC02*tDjzM!G>u>Xw!CTx{Oq{)b_L(VRY`
zxnggVr6bM=e2Qc8pM29x`-kB5CUMr+^(ARH>wDTe&O9wSF#F=w%_mH@dOtJm*m998
zE6sId#^KlnT*evR;zbK4-^}{X7n-(Xi@CYYX4y&X5x3npEH2XLWI5M-OChw5ef9h^
zk3~LzEES(qK4sO3*a=_VM3nS;6cWD2esyhWxu_|+=Bt$A=D*u`Zsoa!9g<k}sb!^)
nWJmX{g%Up|_yjJQ;~Qf5+vDoDTqXObIbI&Z%6$8^_~bbON?lF-
literal 0
HcmV?d00001
diff --git a/roles/odfees/files/dsoclab-odfe-1.p12 b/roles/odfees/files/dsoclab-odfe-1.p12
new file mode 100644
index 0000000000000000000000000000000000000000..ed4bd60a1d96595774f510ecfd8c864a09e8d338
GIT binary patch
literal 3397
zcmXqL;&o(VWHxBxWoP5mYV&CO&dbQoxS)yW2TK#r7lS6A4+c%_%Mns+3!2zx7&Ng@
zVPa%3Xkzb0$S@knuyH|6;9+Dl;A7!neEr7FF8!J!6B7qRLlb*KLgF=lr}DlvSH7<H
z)8`4|a(~+UXJ2EDNgVrSk@W4hOMBW5Ybm6DjO4yj`0^0D!G+cbAv640H&!^ePuF$n
zyAxo1*s$tNP^|WBeXqK_{DdQJ`%cZ^eZf9Oe9hS>HQo~IPh6PtuSqO5pzw9(91Fc`
z7Pj|hrS|22bT}KI&g-F`)a^LKZJG7fv_92(w@;pYj<uS~jX4kcy4a4Um<y`5)Hl{k
zE2U5DQ<gu}_WZ?e-L@Z+k)6)@YyB=hT4^(7)`ADNG8)_ML;vb|l%(ETnQhabpTl7M
z*j4QQoV_V-a~_JMW?#C|HnB!v_LI}DyuYXP@MUgNm>c9G?A7;i-ab{kcKy`nRsz#X
ztDCB|^TKi&bd58=B>ZXl`$VQC=bz4WJ655+cRS90|Hu5MbGnh#jb-K*?|Tv)OxIu2
zIym$BwIyva)<+I(FFE=|{Au&${17jRT)r3UyKV$sw)DPH<#~VN^+}V@X#{Wjwf*xZ
zk^A4TyevK!fBp}jpJ|s5XT&|---<_Kza}fJ>et-Mw@y@%XSKXgnW4~!v$eC?Ca*tH
zf6IEV$ikzye&4^HUYoz6{Xy(p?><92&b5v6_s2|r^;Y%oH#TSf@QdG>9~kmA_dek`
zf9Y_!)4BT|t0h<8IDKY8#ta5iC#}-17Wu1%QHgu>KQ^n~aM|JE6tQyYqJ6Eu9Bi2b
z)|)-Zw`xC<J1=X3etKxh)_<mpKSmu}zxm<L`t$ENPi!z<(xP$FjNdQ9t2;(%9+LyV
z=DO1h7O&WP&UODD!zW=0^8K18=QAYTY0rHUWnX)JiH?-cFRjD*3#MhS-RUydqW#SN
z<wi{A8&7&X%L`NvD9b))lzIB_8t3KP_I$Zp>ZH)H>$aiRxB31rJ5~qJ(=1#koyqU<
zuru$!4)f$yVtktYf6iPMnep&QRE3(vntKx(moTgkzjbBS(%Ayco5FY1-o7>QLz#T%
zx{LC2C3na#%ZkXgu6J$9+I8&V(Ja3TcK)oWq&@FuY-g4<N!+>C_V*d@!<|aIC+u6b
z)wt=`hd{5#C-+_sEGhc2uCm75B#dS10fBW!Oj&Wy1$bh1RUO~-B~s*~l%&yCA?YoT
za&21=R*F7lf0FucLC{6nDH~@mJt&f~=Y*M<SzWbM&$K4f$ugX~H9U+s@6XrJU~%Jp
zvN?O%E}NQw#%JylyM9G~Tea%X+VH0WlT_A6NiBHB=5bIvPvPB_tHrag`zL=)NJ}m}
zx_`sE->&aI%iLgoJ+Wc&+qs<ISrVr#+RWZ*UM4>)d%~}YH{5Ro2;7mJH+OTIvzx~5
z*RFg1H?KNzGf#EZ?K!F8b6$MoX!DysY4Z79GZGCh{mc8IV(dC;mv-I5?Qgour!Ts;
zO{&zdC}-cxUB6avd@KL_W?$HIpLMa>N^0g@M-H!#<Sv}^Z*shx-_@qsFRyhT-D2;<
z{=a<kX49OQ8TWtKJYTCOu}b*BX(_FHiro$eZ2qX~Ox!Eoaa2USWSYc<X%Tu>Hy4~u
z&=ZT@q1yIphrE*<i)OIvgt(>Edw4axOXn<mz_IH=p&!3}*u`D`OLj<xeOnQ}S4U^V
z4>jf()rR$*EShKK&x!J`&ga>~ovW(2I#cnaHIMuM=N->(N{6Ui7P@#&>fMQCz2(=U
zv~P?4>F0jCU7>TGSb;=W;@cXnq?Y*2dSYK+zuo)yh2NLdV+BWVF+csVI8iNn0{4x}
z)nbx0K9c@gB0dh@O_6nWSNnF>hN#v|_}rV|RCca%b(8vnJTVtFv0%qzOZquJr8{rn
zdOmMvYg$Bx(8Is?pB!3od+NNo#TV56{CiY7>uN;I`Tg?_oZiiOYi(KJTa`arTjt+B
z&ZJ*6XUbd0Cr5vNvPk<=Ah1j}t9*90Vo-b&UtI8)m51-Nh6fsmGkfrdMg6~5xMx;g
z>_!c@$jE-7BK086+_!4NK7~=6O|q5-J$S~Ouc+T>I(?qYtkzIhDba@=nr0I@Pneq@
zmXL2#VCej8yewYE!*A}Yya+kH$lnJuf2wkZ#J>LG+tkD09{F;A)SZnsiQz(vUL58V
z`!2pVtwyr+h_;fr(^D<Z^|RH!*M-0EeR--;x4(PCvDI&We36oSKPhv|{|zb8lCI5K
z?<f7T3I3)~n|}DJO6i7wJ&ztr9^ZUJj<J6FMdrEP|1L7N1_jMEn)hT&Q;ky@*V}XM
zn^w=#7yjk<?O}$^-0A%vyzOdN-T3RegY)He=B4@p-`2M=-|3wHNqNGfeG?<zP2c(O
z%$J`P7O!^v7FptTBaD0PO63(tA~zq={FC{Lt#IPRMc+*B^_-csRjA|QpBbktALo9G
z@SD*q^Jqoek?kM18e8u@BX924w$AD9tN<zTr&r|GeZF_s=Z>who^a`kg-mMKZ#pS=
zZ*RS%alNoga*y}a`G2k6bWgjs$7r7KKX!Xnv&21n=e@DGukW35c?L_3%$Kgedy9Jx
zpFFnkceayl&7!AQGqfI@ew^`D`PHr$%{u>jzi!#TSf25wMlS2kfXCOJA70A~mi%nK
zLhY%0>}mb)r3a)KUPPSSQL|G`Pe9N^X7_(DtNH7*UrzQH_}Ka8zSjPKd?kK8ZkriS
zW{NsA8Z@ywB2~x>npllknppJ=npm|AnpoA?xM9^Z7bDYxCYE;wO)RfaYHemvt^IV7
ztGU5lM|DuG&C<kjB9#51n~U#3{>vH?S@tqZL`|0II#2y8ao;;ku-B6(G)AkP@n#Qm
zP-u<ETGu?$n}?t9{(7L@>u%3^F+=T7NYoepIZS($UtRpVSVFpCUexxo;^3b~(rvyU
z`F_V9{u0qLz5ev6A`yGZpEm9CTxK&Yzr?mbX`7InW>^2xeY;OKmu+Oe{5|U$9o~cS
zf7Y2f-hVRPJ3%|zSYC6Ich+-;7r!P%cXbE+mlu`Xal%SY$nchFVWm7*yz1ZXn)8#s
zi}qeuuzXy+eD+<gGfFEDbF!%#PFK6I^Te$Oo&isrx-0(|&FVJE%v68OBc@+{t<FN@
z$R(ZMmM2a*K6sVVHg~)Cc9VqKsxuiczUJ*Yd4?nArr452JGQ;4EVNUNR{4{!AhM!9
zdU;xI)N(D}a~C(P_{T11%lzXI`|(b`S$|JXEX>Z{y>$7}yCPp=E9@(~+x=Is7JbcC
zb3$VBjaJEpO~2lSE^NIR`+HfadFIj^?Rl+{g-P!76)Jl^v)XN}J1k^(eoA71ozjD;
z0?{vTYX$$~JREEG_2VLD=`9Bv&zgKI_O?51pmoo9hiA%3&9W;&^{ZWzM1*R2^>tS_
z&YiV!g<7JKcZ1fQE$!Uj(#>`#FH%VB&AAaYU3-D!>-~#+t3%8$@~dy}oMY9Y^kl||
zrM5RjXV3D#axHpAy2F$FYN=@Vd(-wkv6MUPaqeMe;Jex+o(s{hf49AxWU$tTi{sA6
zE%m|o`Ooh9)$!!uIscv0m_-*X|K<{{G*S8fmh_pgW1^~4g}A<j+ip0^(tow(4F7}l
zgZmH9+bX>Gr{LTgS&x5i^Tqc3^yl-u_S<~-S;=bwZ(IxJBrcMeBQJbFIpEi_KcCoC
zmd(iTm$*F9FQP!8bn`sl(@$<~*S4y!3bVNXAw5G=Txa$Yu8`AG>`~^L7sD&g%v`@$
zu$?EmGKxD`K6CZ77PDfP1N=WM{(QK*xY>L1<mcD>1FXbc)_GdboqTA=?uGGIM#(cw
zr<8e}eph(0?ogq=q#V=yX=lY&J$-j~%M?qw+kHDc`z#OL%qW`G?)@=}eOJn_yXp<e
zTkQ82Jhx@$E8ccQFh#Sv>yFR#lBZ&l!CC4o(Pj@~3|oWMYS$S>`af7x^nJ%whOEc+
zRkxnR|JuFFUfd~rHt!C>pT<kmwx1}w`F?77ZV%6mHO|-U6;`iVbK}``)`Vxv`PV<a
zl3<-)-yA;ab=9Y~>qcsl_quP^9ekOW(POCOV|VKP&c+!{bNBGao$lCVqv@|JATWVb
z#>7m?Oa7kJ*~ODC1*U6EG}-*N#f`;{gEQ?ZlXZ>F2VOzl6-?7hC$Bhu@YUo0e|}eQ
zn%;S(KEYpS^RFd>9L`5se=qgvlUb1Hu;9YX*}We%Z|D?%l-g?fn0-Q|^wUF~Wzok=
zd|ojYEpo2?$i!UnUu2CrtIzdQst*-*s7L7ueyB;SQaHY?vVWTFthu)o-%cyH^in%~
zk*jraa*NWYpXb+IpERfG^0|+qa+Nbyos(ISrfn(~ve{+PvqLBLI~XcTsvNslqL-=Z
zP%WLJ(R|l&o4KgNY~9F{SG2B0YiNDr<uEp{y1nGF)$h{i?Sa~i{K8>JZr+OCxjsI;
zF{sltI>XAV+Of-Py8j8uOZQDa9BW!5P`zQFU-`R@dF!{W{Arunm|1=>(ENPkNh6+{
zhN=e2@Y0b})KH8?q~`pKQ}f>IO-(bHto10O^+~!+!F&Tl14RQ)HdbvuW+o|C1{RTn
m&03dMC`O3BTK~lJ=bx^%1@WHoEFAZom)ywXe)9xWN&*0g3sWxu
literal 0
HcmV?d00001
diff --git a/roles/odfees/files/dsoclab-odfe-2.p12 b/roles/odfees/files/dsoclab-odfe-2.p12
new file mode 100644
index 0000000000000000000000000000000000000000..106170ff7a325bccade7cfecf2f60642e866a4a0
GIT binary patch
literal 3397
zcmXqL;&o(VWHxBxWoP5mYV&CO&dbQoxS)yW2TK#r7lS6A4+c%_%Mns+3!2zx7&Ng@
zVPa%3Xkzb0$S@knuyH|6;9+Dl;A7$NFWMiy)qmX`CMFJsh9>re&Pl(Xy6;x^3s|yq
z%WvL8`P<bsnrzbbCT=)C?Tw6%bvm0skyq<+ZW+V+6Gfh<cC+VgoOavnc8u)y%bWt+
zeed7)%<ANM>U5)}*ZfRu?&;EkU8`H>uU^o}yddxO1JjCC{i|NaPyEX=he17?cY0uR
zL#%f0UfC%RKM4fJ-Munf@1NjbP1mRY8GLU2m&^;VT)<h@{r37@hRJ7_{c7IAt1cxd
zRT*PdJ#+0Jn{1Dl%S|rJZ2TEo@_W5V)>jjzT-AT+U2`0KAHGOV5X`BP=xpR;vv$0B
zyW))O?o`cNhhK??t1<1?ni7*JSS56*;Ue$Uq8IA^=bi?z8}DxrE|?&1$bJ2%DATlE
z+m~PF>Z-iQ?kp}A7^-<U-qkf{OGkG@faB~F{Z~%Z+`Xl>qDTI<bxq4mqvI~g9VL!k
zH~S~wbhslu>qUZm!1|vG6?-3TXI)}-?UWtYqC3BSm+Uq>IKj%Wl5b^QpR&6dgYjJE
z`E#x9v{v$%DNoZ`awn15_ha$Xo~y-&GuM9dao?TvReGZIxy=l!L1jI^u65f@?QJYt
zA@pQxU81{!#@YPsEvXq@ukB+GOg0m{VRPGpZ*6~P<r+KR*G<`Kfi8(EiP=Kh<}c%V
zw@)`*afs)%l%4l7MWqVX-D|7+SNNa#@ajj`#<#PMPd*@?n*MoBu3plkwySRgKHW*{
z+G*IsG$H!_D~3o8mfuUCoK>4N^={kK4{v^Ge%SGK`If^~n<I*S>`!Wms4lheOZ=a6
z_~e60&Nt^wllEnk=UUVB;qvx~8+J!E?oO)^`yl53;A`udxz84N*@ZWrIGt*kHFdq(
z*}}EE8YZeG{P3-mdp+e&|Ap*Jn{WT{4cN7l^R)P-zrVC1`z~tiIKtUsZO`mC>xn)~
zgimzmTHYI_H*JLaJ$Jld^4QyFo~uy&>V3+y|DV|A%C8oBAz^3~yN<K5>C|P*-D=5o
z>p$DAYqa?NoZ(!^rSKW$?UO%oUzu=p`wW+^W6QUn`_=y-JgTL4O5b6bUuk_mO}>~f
z@0eAgv&5P|wJd0hl;iO&(@To?v>TU9c3bdjcJ$#)0pWYIpBXm_{F}9B_Tu`<My5qs
zi=F1pn5l5q=xu)N{2yhSXa8t#IXii_>i&KFi$3d0)vUSb|6WU;pUG;)?SS}glP9z7
zO;T-1{!n}5%FfUVvk7|-u9v<de(6CFvklkBy7mnw0;&6owLB{uB92VVm&k2>6|2>B
zT1v`H?7jWFwVMpM#de<-50&ZouuR{`W!L7igk@Ew>cvv&0ny=a4$MEe?$T`W`rGll
znhpxAnDL}*Pore&f*@PvxovydQ$FhcsxnXGb=t2~w`|M(Mt#F6OAa@+aa(v_(s*RM
z`OBNH-%fr%5b>YI_60lN4z5|E_3>xU=U(QY{^0=IglSIv%8%ECEHt;Om~ecC&Ofh5
ze<vKY?6AE0=<17)Ki8dYUwfkA+QPRdSf<MUs(iW1X;RRZ>YdMy)+zj5yUVr8<)(J(
zY|lLo)|$$*G@_aWJ5=WWV`urY_Iby?^1yR@n>^I#+Ui|<|1<gQXO(OBwub0)pRp3w
zJayB(U}I2M{nLJNlQ(|VQyuTzEMJ%+)}r7q@71tGxcoVjMV;w|_qX+8@)Pcyx}9H;
zwnz3mPkq4@=Cp9z;!?%l6N1+kuX}%YO6a^rbveDy`sEg7{x6)6{=u0+A+n8Wj*aFL
zk6P2Ie_r-Z`OV+NY~r~s^6RhDEi)DQ+I9u>W%eqY|C%RaZSURd`cOIi$HLH}Jq;2c
zZryuwERC6YO1O^N^>_chjmosM9{riVrNZ-gx#XvYeGJE~e@{zHJ9+i|nh5XgWTWnB
zPcQtMXfkDs#^YNlEmjZeKgpkz&U~!G`e3hjz?Iq$mX|9&NL+D~(Z4IAyGH-W?e53t
zR4m^2Pk#Eia$4+@O$|M7el1cf=h?m}yy2nb>PtVh_T5&0pM88=#6Goy%RG+6&b(`W
z<B|j?!}n$>w=EAuc^A&8zb(pHY^Py6>o>!}?-{8lw>@O5NQ|B8B=BlZTnL}?hLp*6
zpVV|eynggIC0HwC%CWmE^d>QVG~O)!PW08A+{Wkgul<^n^^M>8%b_^0o!5BgWymQ-
z$N9$H-7FtChdbc#7J+GRa!owNTxJJ0Mwvx1%)7GoFW14p)0`%Yoj!eLSq<CC=Eqqf
z+5wq=r+-$^V(D(}=dE;J_3@=iSDtacXQSC2g9eXV(|?;>nsfVL;#|)g2_J(p9y+P#
zvE{^G+w(-zPF?G;)3WfmcA-Tghk{K-h4v;$ZvVy4C41<k>YeLV@28%Ww*TSqHT=#;
zD?aAtI{|s2GZw#?JtO~+r(c^*=9yoyo9dq>$F&K(U#j(UwdGa^%hYq<W4f76n7K<D
zoWF3_(Dp;d^(Dnq=O!7P>2}v&?wM3SZ)Jl0<mG&-4=eVX$*;_l`}cCcckmC3X0~%v
zpDXHJF1F5Gpk(42o|~}L?wBQC;&w~PKI2yt?mz!jImNzbf<fEslx}n71@}T7>h?@K
z!P78JW~m={$#HkNsx>cTqn^b)o;rKy1J6YZ_7vQ>r4Z%cS@!a{&iQ}$52^>NuBa?u
zBiPho(8TJ9R3R^DVl`rEV%0NfV%0KeVpU_~hE>m8j7$rfSl$^lvAja5wV6S+HmmiP
zjf{eMcR{r_OB2h9UAy12HHyz@<ydCz_Tg)K@*2O&xbp`Ba{|+Nv_#rIJlkgBrWWUr
zI-!$KR%Wl)qk?4|Cz97U&#)<EI-fWHM||0IN57|MSg-8MXO3LS8aVBd4(}P}A6<(i
zr^=jp`k8x^;u=3A&*rICm*p}Sd);<hcGpw<2VVg@*WUv-54;j`sLR|{Qed)aqr_rw
zwsW&iu=>5<*QB;sec9|{dDo!qUC-|<KP6oAHbMRUxy7!PV)2vrChNWCUf#6Zf7N5{
z8I!Mya+{x0F@IOSaABMu)2@|wqk4?0D}^sezFNz=rJuoXC(B)1;jhp3+^}d>JO5~}
zt#02z<pobG=I6;Q%3O5vp7!gM?QR8@wv4;W+KoIG9Tu>8(*8*Hkov8<B~K#$?n&3+
zF`Rq6;6c4>_SKj6xeNPvTGr=D-q<}`YS;C*9}CZHickHvC*-_=?RxX<PrU9cl{T$e
zmgg|FR3&ukh69Z2LXJi3di?oiNY94EZ%rR(XoV=XY+bt4Gvck<?alYae)3#c<kVQR
ztM^Ig+zENnEGbLZY*|x(Zgrr`=7mu?3%7-xkTC8zw0w!!>3nNWql(agseSG?2lFxu
zUd}L>?eBj-+$g;7(NA`*S1UI4zPxR9c!^4r;q!~#<q1`7cJEH}Y^z;iQ_r#?*81FO
z+dS<JadEnCHbP&&ZG8RA{sDWR^ek14V&<904?f7-c4OO1p%cP-+WP9Vne;Zg_v&!1
z;yLzkhlb`Wr3Xsf3%*C!9T2~))t1`!_VuYE5#ev2t7d*{Rbko}xid!NVvWbKJrDle
zOTLu#d(HXd3%%Ydx$V$+U-0z&t-HV5c+^gBS?#PeX99oawQtfw7uA|~m>gN#dq%`w
zf02+)?2a<V#n)zMn0;aWr<WJz7`^&BZ@~+zZkE&ERp$R*Khf?yr=mfKj95`-h1CN?
z^RL+&=KSaXs7!nEJEOf}-kYPXx6VrFJ>#A9NBx$=>*Tzs{rjD>Z{01_i0``AwNdxL
zLBsBsW-6h{&Pn$cYlmBj#$IqJUXd>=cDnzqU`O=dvVZlhqT8>uy2$>L=3991^xFfW
z9wMtBOGce+3rv)fd@}#<$(OqP3KjzD$DZ8(`m_IggrxRq^Z2c+n<Zy_cq@O%n9auW
znCuI)Pex0(Mjd-)sbR4x*-d!+D*Zcqqw<^=NzObG$8~Jw`XkZ5)MlE0s9oMW!>wNZ
z>wW7fw@<boe6{h@#0ARxGxl~q*uao~Y9(uLm*Tru&t&%H?z(Yw=d|x)1sl%ned@K$
z@0&2EvsQW5rovhY^?;*WME@v6O~1M(q-fP%zyH}klg;m&E!;eBCeuaXo8f=7zb<`I
zU2c>h-LGcCuJ$axdHwP~-L|(jOx`WN@C&Pm+1>0jC35e7*VSzMD%n<XFX+sU9MPX~
zeC$_bU4KnG<97A*k@l1=i@znGIQH~p%Ra^fEx{H?=KV7Jc}Q}S2g`x2nO1K3FXUzS
z<%%uIHduDtYm@td%!pUpnb+(q`T3+{jmCs0`}0FHy3C}08OBWK`Py+pTjN2;TC29~
zBfmuDZ8!XW@P89i@&(03kA&wu)Iaj($FkPntvLsE*tRa&u)^-t`l_4jn}w%0ObXat
zkWt*cx_?RA*Q%|bjjz8*e7x}Xp@^IQcLjZew0+)dh#9`vqvaHpTOTi%Tb19=8S+6v
z>w~Mol{Q0F17&#W$SG<l#v)?IEs>|G9H1@lc5zz9gf8Fi*FEkAh6aiToNTPxe9TNz
rtPCt7zw_Sx7GtztIJ0d9TgX&_wKv|daj<YyCC{DnYrp7hP$>xjbF^(F
literal 0
HcmV?d00001
diff --git a/roles/odfekibana/files/Arne Oslebo.p12 b/roles/odfekibana/files/Arne Oslebo.p12
new file mode 100644
index 0000000000000000000000000000000000000000..273c8018b7bed8f691d9e9c24f5fa9d6425a0e79
GIT binary patch
literal 3325
zcmXqL;`zzM$ZXKWv!9JqtIebBJ1-+U<ANrh4J=JOYYdurRv0v~$0MZJ7BsO37&Ni_
zFflS1G_kuPWEc%(*tno3@G!C&@Ud`s@lK!gTfNSPiHU=up^05$Z{d_(t&GJt7$3D7
z$8I!c_ItQJ%%!Ef(cf$BntMCfy>FjpJMUrthy3#6H32Jc-q;#=_Lq04#;r@IWqa~v
z_b(_qa_(it#~T4L)*+Pzm#fxq_sSM*O=p+Xu5f&P`qNwI{IV#^!*;n7T4xG<o*eeG
z`)<5itWm)%{?^@B{n!70HTkWW`#rhxRnKGET-OBEO!s~3BKVy90o!X<6<K?>iiwAc
zGCX#qIUQ_Nn{F}PCg;M*<*5uOHrWd;f49j$>~d1Crpr;2Ggp>~_59V;ycjuQQd6Jw
zIrk!Fn@;h~CY!IxY%5!;bVBiU&#j4J6_%&B2#6?ISV~X+XMONJ_a?2={0l=f`!CIx
z`n<rO-E-I3TG{ka-McB;^=nSpshYkQu-Ce^Y>r=G`E8&1Axv(UFa9=~KH2#5jZJIx
zTPDgLUb8aykInjN4toy03-3#RVbJyd*`|_(e-3{*&H7<K+y3gtbJzC%&&XrFH=`;0
z?L5<;#wI3vMfJmWiR`@2!uyCjvml4zzxivM3eOGCB|;e{s$6rDU%P+RhH5wA1fk|O
zfs0MkyxBBky#CtmQf0kwd%R32WMM#$zT3CzbM?MK(^Q^3YB3g+-=Nc|9wbzn5+pBN
z^)WI=uVD2QzAb+WBwC}N8(;d=kZ^9>+Wa0zLxb(NOus4^m+^NUWDOBt&pem^pw7*e
z*KQiVH(Ijs+ltxW;sSMS)B|T+Q|x9t;qgk`itl7oxPMdWscy{zw!=>>3)-G673aIK
zQtg_Q-VCb)I&8;Ja2~XDaTWVsoN794f^^Egm#19s-LZL=bNy^?iKoiBlndM4tMBYw
zub{f)a=Y+@bsnNVF<)0y-G5S+)YD?Evv%YAZ2q}gEp6&o=I(ZVCy{A+J>;C8@chRs
zgj#kR-gvU?^x@|-3cuV96)rn37qdU>`oD!c)x%k0V!niW?8-~&h*YxuwQ`1z<*YNa
zw!E=1I{9q!|EMF8d#s8+Z+j^8_p3w9pV<bVrySSsNQ>4}x7wAk=Tok66o=TV2NPFk
z%sg2m#B+DuhP$76*qhs>*q!Gp*e#N|QPsazWnTXNsT`(<#06~I*2yY8vwADYCjad>
zr{brrr&mZ9zy3C1>uw+Yt8C&~C3ARR6*zJ%J-owx1M{+(PE*|sbn4;{USjI@+}NHy
zDeJGlhshFW`K27cu1yHyniks~9C5D3u-|jZ`vs@U>vtPSy8lkA_MW!)>63K=(=r)c
zG|J`_TVI~`zb(#xPtY#*Lyscc{Lim7<7Ts+bdslGs*!v`)Pakes*Y-(_BIh)6{}a+
zUy^!wFU$5P4~q}`E?dpYQMBX9>!_5?Q6lEd=U%^a@%Gf1e}3|u{4ym$r|=sWqy-;K
zaLo6(Hq%~n;eXS*+3$^&q%J6)ubr-SD0R(sgALkKC$l_o(VUfc?B5L56<1$fV3S!m
zU&`@<{`<1kdj2k6F8o(hnt3~Nx?3H}Rf?opX6~85J>BKy_fL#=5tiAv4yXUk%)7or
z<Bo*F(KR2MmacsAZmHAk+`Up&GM@Je0uJ+<Ot|vYWYx#M?lm&&BA+;De3VcA6Y_ES
zB<<)0KDTa75ecntJhkW3uk{=y*Zu0dH{4IFJD&bG=0x6wCwFH#roH;I@6qoYk`}yQ
zE`6%AYBYOyZq1$s-j1_Z;@C4~KRgp%QI^!FU~;RCGqxjd&yl?+MDlufSzg)DcB48)
zVLsdY=V20Yso8p0<y1V^nC_h1a_%kXu|K@)lASM|U9msUsZ}XN=5q4|hrBh<x9eUo
zo7gtV|5Rh@LUolFHS_%MPW0L7Wubm-@|3;(MPUc{j%57xpL)JIde+mpeJUrqA1^-i
zV(~WZ=gx-%Jomros5<!S!M$e^`DHfK^;WmDZWGHre!6{=gulR{0{J6#vYUUg#544>
zpV;PCntEy*kN;BB*gnB&+-!dyxh@X){JdJhZ^s0m_3cw$u<nhz6sq(o+Q(McSheBZ
zf-=3Qc9o_vLUzLE&hAY59k=C9jGkK7<HkO7^YXS6J12&2sJR)WCSv=%c2k|^L!IN+
zjVGTP`nNxx%lhNmJlCIkTAwqg|7vZ2HuKKLc{AQ5ip~vM^yU1IS$>_`Ow*3DJ1M?h
z*0<xbR!vFRy7QGGQI?<l&gW#rZZWMW`mW=%pC><CuOrF7GrII%75}NeWv8clw$A5u
zx^nsUl*5~ERL|y9`*^iEDDu_rBk!BD&iHPa9@J=YShPp5ggrlh(wwS{-<kKf)yw$>
z{pI?gXCGyLfPHdI`nos`@0a#JHU`waym+8y+H;S`MVI<I%DSdE?Q%6b9rNn?Ql1zI
z!N*^!6ic7ZemsGfeFgIst%%ijJ!?Mco}Ir~d>NC%t{<Nzjec2d%{#lCty*e&?_;U0
zAEnDZ@?T!Mm0Eitia#fP<+aq?dQXLd70zWl<zGB>L+RSg_bM$frUdi8n0Eff@<%OS
z8YXVfyfnwiIiYl75uZWg;k^8pXI*5a*}6Z^yqU7ppo!HHsUls_#A?LS#Hwe|#HwY`
z#Hz-|4XakU7?~C{vAi>AVtIv9+cJY{+fPy9`>*qd6oYD8mL`@Hg$9p`N~*qoV_CFv
z!T!C`OI}#)Xqq3>*nhUSSlLc6>{0thwl9gbB3I`n&f9QR#8fEod;PsPB7e5%?~=T@
z{Ni8ty&PNe^Ho|M=l2D&-n}s`>GsXDN1OY1-T1j^(VwZJ8%mjYFEgCfO+5H*kDt`O
zqNHt4qB$paJa7uy5~;15wD--UiCK;xrSHu<)KOHRDmF>NdDZ3gOYH9)Z){RY(flf7
z_UivMlj(B1kE}U!{^!}Za&ud^$5?uw49o55nI9yj9r7%P_r&XrCB>6!crU4Ntk*r&
z_~n*Po!*nbYm)8zSFQ||GT89S`t!4({!e>e_O{(wzQ3#CX6~+#d14ELuJ>50#w*2~
zQQhFx`07&h4d?4QvoG&Dbk&e`-}l+GcsKRD`z6Q{lW=<H{_cIVba+da?=5|Q*J*(Q
z^WOehLAJl&_#I@~Qma_<!^=7O&CC#QjR*b$4!rWS>v?h`UQHKMU8U&h^5p8-2VvX&
zTUPIxaGTqA`J!)M_TK#7c_Gnv)rmcwPLt<|Uf?@A^HccGyblFy5Bk1e$5%N0rkPBH
zWJ<k$hId3(QKaH!CQ}0@hQB%sysloKU$LA${NDP%d-WN`mY-|Nz1lG4*VWT;M^dBn
z_pP}lB&R=XRnFhLi~s(z3`!}NKRq*3L&qy*`q!^n(fbQKWz%(h{SH~rb1k^O#3j){
z#9YL}<LTnMS?Qq{s&^IGpFUL`)wtiMUS28q!|O8_E#r5;*83b=yHD8U<G<NAZtSlM
z{&iVg>)*FWb3S!SPN@!B6E(T7eI<``sfFbW<^HnNdowST2&Pq>c)(p0amJEG=+(KI
zoZ;tUIgZSHD0P0)oT@bYz?EOGz5liJ+|L^#pD$0kEc*A6lIq)Uj~1^o*RP*)cZ1DO
z|GTxG9s%<df)1`^nw9Y={<is6rd0;4FT$?Zo_(?B+sg|azQ%vWbjxCe%eA@`&iEdm
zxJN2LP5bTB<2Pg76<9-$^G%qclAf*kuygzAH~LczFU|eiyT^rrMey3!XMca|Hb#~|
zN@VWqG2lB@JW*cTpzz{1Ri=`Qb6LH1trPC&uzYmeL7Q*Ft@)cyo^03ku<l@z_<Hn5
z<w^^gdfm-`EVh0~_xVujb7ki*IXCybe$&4hJkuL<Vs6+()iY)8XgfOP_FK76wKZ+Y
zz8`NhU63?0&ia0w<ATESq=m;EZ#-Xe%Pf4}iSy<gDwASEt(W=-Zfh%X5nSWQ^x*%O
zqR)z7-BSIZfB3XR;r1yr%?sxaUh&LjHeS-w(4V&N<=b16OQcej<mc53Ykg4s!yA>{
zEN8dKOLB{olBQ-lpYNvpJ0_h10lK%OQq+!x1TcPdGFJY>_G2|etneAl9}iPQ))}b&
zw9>w_#l+bBZM1woYZ~|du4%6|9#kIQ(yJ+7?KR2eZUNJ>!_uKORi_tTu+bCVX3{0J
zJmf^*)C+lRH>yvS-i^FF;kaXH;L!#NYo2FEmoco2E7`haUAb#%vFy`@m##l;Og^!@
znf2|8S(W;0{&qV=9@bB@keHx(f#WCVOVvZ4y(e!_y886MrFoI=pS#XvinaxX1m3wM
z+-JVc!gF^1@3Rw(@Ag#OtX!s|*6}v$#;R4RKB`7pOtZabTUpAc>CP~bxMLq@)Oljb
z7wd{0k1qKdzP@tV`^7)kEqA%}#b;-pOyJjHaO&{eW2kDN3@;ryMGeJRL~<S}UzA#8
zYkq%z-NWzqxrKDo7&QzG4HOMH*;uvtn3<$l8CXOXI(Jsjc9K0YG0yS`!>c|%<;nN%
SvT*onuj~K4uqy#nN&)~L2}KS7
literal 0
HcmV?d00001
diff --git a/roles/odfekibana/files/Bozidar Proevski.p12 b/roles/odfekibana/files/Bozidar Proevski.p12
new file mode 100644
index 0000000000000000000000000000000000000000..24010a64063a960d554cd4e895e17b9e2e62362a
GIT binary patch
literal 3325
zcmXqL;`zzM$ZXKWv!9JqtIebBJ1-+U<ANrh4J=JOYYdurRv0v~$0MZJ7BsO37&Ni_
zFflS1G_kuPWEc%(*tno3@G!C&@Ud{@pAm@?KUTG!iHU=up^07M-_B68Da(!WpME~x
zZCt6<q<!Sk^6!!@7xVufn0!ucb)Kus@z>Mc_Z_UC{lcqxBg3VQyN|7Czu4*hGdcg-
z9%do$moM+!oByiiZR#dlK8>)xK5y>ZF*!5O@g7z9px(g!_F<Q^E7P^TpSR6B?z)!c
zs1ftlMYo+3=7%M%;BTH8p#S~;`iVz%w@DevvuE947LM0w*J~->zvhQuzRh7NU#axD
zCwCN2`|QHMXm?$jR#Ez{*Aar2((SyrW;LI9eB<naBPXJFMi>`xAANIOWQwBtA$@}n
zc30FAC*R&_w2eLPZ_YmHH(PDR6SNL}w|nr-XnKWW_;>cDFIMMXdX*dItnvEEKW%Qt
z_o64abM$o9#k>_S+sm<U>dvOk9&g^~zWO}#saAmf3F9lXSO4DV+pojg)LXOmpvB%-
zj$f@R&D#2dZvEZOdCPOUZ{vL}nY}T(dt^&JKRx17Ta(T4>8#B9hr0P~KOI%}2<ENM
z$Sr6(@WxZ`#H7mnvs`~~NX8s2G|3c83n|hv4cULg=W*~NQ4e>u7s-p_wD-Sx&b(-e
z;%UZhoFUu(`B(0CeWk0reCpQQ>+D09%zEmxcS_msm+>qTJ&sQVm>cd@E&QA*^v+=R
zH?t3?I#muH?#%x4t+eP_@(jz#3mhw0xl)2`bUZ|ic55&7DcZbFPbRZ~?QK?S-p;jY
z3~#UP&AvCQ<8e!y*lFjQ1?%%1&5C&yj+rNv?cQ$4Dzn4Q`BEe6_Wc4W=N9MjIwVa@
zJ(=)lH@~F4+Z4;d$mXvCzmDHu%JS8iaq>h{gXE6ozc1zQc>7|tP_rOwkGJsU2ZtSB
z%yL#QxgFg8DEvGVdt!&{s*=Qm|AJ<vYByc>x%p5@#il=w%~$r&7ulX8oMCfKYz4o)
z4o;9g`Sj@j^0u0fm5Uxle_~j?!1O~{dx8kdmxB7qegD>Eu^rm|MC;58Q#Xr>*z+0>
zm#qyKs$Xh<>#E4p$K@BlnH^#Ins{FS=;YN}DMwBl1$SAt$R7w@en;fRb`$wh!<~`Q
zbHb|DJ^T1LrTB!-;#Y3ET`Lz{dR4z=SzKDKk>JM9y<C2)r|s?8Thcz^;qHAwCoFz^
z+EU;Cx9a?n)6xPz;+<z09g_a!?dv<|_Zp3P;fni|&RR>q3JJd~#x=V@#<@bixH0-^
z)&}Xkjr#<XW9+9SWt<lO{7a3~YR~?F-t%8RdJFVstTvM=nruAxYWREQAXC$8vWXq;
z^HU!QWPC|-+%@UKrJw0qyx$L7?VfcxZEoy_+AnKrB7^;}DW7=Pv}DVbh~Jh1w$7Wg
zjQ@+?{^v5k$L)}K`t6nX5BH@=*UCyd@?_rFP|#3hEpS0+b3=#vUr}@S$2#f4Y{_k&
zCeJ$dIhMq?xjyz)y!KWsxz8Y@<K6GOZyN&E6}O*zKWlR2uH+AYe$V;2&tb1kL7w~L
z%RjgemVQf{@HRqs{^mU{OJXuqs`FO=(5m>txHES7?Dv;Ex7TSJ_g0%I^K_(oE}pPL
z#&Mr?z2^zrMoV3l1<d8qZ}sOsZ1ZJUByhg>r-NTl;k{jdzwRpfop5{eylLzAaDB{7
z>u}!J=;vdYbno3SrWkYghsTr>?%cLM`R0IL&$>JPR|@{@TIXPQ!BvZ);c?23yC<zO
zn1tij3YO0nxyxw%-Y=g~BFpXe>_)-j5Xo-W$JeX9kH+lUQIaR=z3cVCQ}-QaTDW_2
zOmA5|uhGA2dF!`0N9C=v;}lx%R%qQ*EuX%iGD3nwur$}-O?RRb@9w>ND^j$juEy+B
zo~Z1!raB;IF<<|T6JKIdHgM|vp83{HwE5X*`9}8dy0dsTFgDzb>B!XloUv|Yg0{eJ
zelA~;fRA49<ZPR}7!CNp2AqEvKA|Q`&7?EcvC8-Sg+g!Db?V!TOV~WVKYs0RIj>K4
z-I6=T26B(>W^RdJwC#HdyQjvzN|Az&$(2%%i<SAcS@_-C?<e?A(qoeHmOJRSEb)rL
zf}bS`N4`~a)=tiq7s%Y^u2<XT;>11ERsZ|bk8UrwNZ;=%SAIW#!=Y!tetc#>{4b^~
z^yu?N7Ns{A<mpezS<)c7#Q6RPBh#f$bIjD-H{3thcjWl?SC0c1#a!@Sqs`H)mX|tP
z-a~)chWWl$HM6JIb<Z){cVUeU$Kx~0#d|Y0{!~tua9WjM#(wI=-tFRLofF=K{@=0d
z&^ZnJQ@w4yipIC=CU}OQ&&Z69)#lGrNc*|_bmSM`701F0fBapwda(@C#3MVdFRfF%
z;g`}_^6ulJ<Lqw)yYja0UJ)W~=*1;8pK;?^?ww|AqHc4JdY;Kyw5R$Z$LVyn&E6)r
z8}m9P(igr=ZA(+M;7o1aZozBRY^%D?SFGMigr_3H%u2@RKzvQ?`hVr0wy2*~$P@Rk
z{J>PO^#)5*?wJ+ga%<a{_H-!TE}pY8DE}6FnOsSS_{>LtoqHlb@aEgjpRVV#dG2!g
z?|H0D^ZLI%DCw7YdGPFyzwytK92|B2lq{AoXkv9lsz?_!u^O>7vFaH#v1%DKv8u6g
z!>Uy-My3T#Ebk1OSYDyjw#=Z~_OLUD%=deLZ9ugxOB2h9y|ZkO8Qpd{D*K}G=b{%p
z2agwX-997VvsRYJG_b5@8~aa}P}QwP=klUupY%NMo8FLe-_)PY`a!_e_j7Xmo-~~Q
zxVR%K|AzYC$&c>K#9I0mWnR4^8(36X<tkOJaj)y4Zl}Jxf(4gd%ys5Z;sR=2X^j@n
zZ&y~Ve*aT^)(f5HN{>IH(|o7Q5m{H(`O!ej^<DB4cb^H&;a%Tm{;GYq^n<Us#&^~0
z%PY-3>F8}PH7J}d!}h6{sluC0=fF=B-l@B-ulAX5ONy(JscGIM`LXYA_TAeHVpMhs
zXryp3{5X|+Fy(Og)u}RFj}8|V#s2%rQ(~!EkSEWZvviZ+egEy-6aTb#9(7Pudi==i
z55w=1hHL>biHg@O68x_1_uUpHSrVBq=s%&CZC6KOsnUwn$sG4sw$9k{#@FC?$?uC-
zBAnZ$mFBlFX{_C{MdtVF|4nu3=g!GGy)KV9s(+Pt-c8#Tt4s@aPLVOOi+EjebiYC8
zZkEM$r6qAoc}ssSb*SN3w6#|Khuiri{%!V?H5N88?7q;m)R*@-@5h}otJ{*}w@+BL
zG*zJNJMXJ6j(#Ua9hU7#FY+_LY_{s`DW8A|Z%f?%zj{`9Y02FaVf_`8j;T4{+Q4FC
znI`jKRms(No0YznMDI8KsweBYH;4VylpKr8r(SX$=3y<G>uPVZDAe>CTlkKp`F~dW
zPI>LAm%6@8ezSbD!Su6sUaHIm678aH{VgHZFA7?ho$JYB5y;6~!C4z;bFuWDM(YfX
zDWSFzO38;cUIos2+<ivt`1&15^WJKDM10ZnE0%wFTjJ)t{fE@+xf7X%PfHywd@`}d
zQtfQx44vBM+&i;Ud}<PF&pw(ic6`Z!S^7I{A3pPYbyOrHbQg<$-JiQ2XF{F?&e#9m
zbG&xSx|TWTXI{vZH+|t(e&XIgjp(a;VoNVAj1D|M_oAYz6=SyHm9Tw1I+;5rty=j_
za;+5qfrm%Svl)6{e>T72yHUpC&^<NFjdhE>>W{qfemGHe(&M@_N36^DeB(TI?&R9!
zw5f*{Tl&50Z!~D@+AtyYCeNcwZ!R92UHNvxjPNYR$V11c9Ap<MEY6yx700PP=e2}-
z<BFTYk!$W>Ocrd)*Wb^zO(^}?`(M|Eu6$2j7yNx$NY(x+E4n^KOq`HVs(Rsvk%!co
zoh1`{9>)o^sr>lhc>CYZk`o-(v(7Hxw_kq6-@D~qY1fuJyqLT6Uij`-pSycXUtcoY
z+I9NPb=GHJ_>{sK@9r#rzW%1SfRv@~Nv6f=*LvH}hcTAg&p-e6Nc5~)k?Fx2Y1K_C
z+#9E?EWG9+WZWv08Z`Im^P{JW!q|NGi-fp6mH2n0I8%JlcGf>VT)m4Tx6W*rd(0+n
zUg+R9)8$=Ru<Js0wP)6|?RdnFUY`Bn%1=Z8NVmq<tGucbuN^G4{8r1iYV$w0Et`%N
z9nDogG<W`lX|Hl3PByz7NeZqJve@gv7<x?P-<zwKci%Xx(w^EIe{tr*^CrKeC+Z3@
zrJN5}EY`n!--OldUPF@C#x?Gm_rDn5Q(xJ(zP)$)-A^or8jp9R&)R=VStR`rYq(kc
zhgWv)4RhXx@GEx;y=S_$nL+Jf-ej}?%i|?gFW-Lp*rKene3JaVs-@e*?M$Of&IqK1
zExIbJF1mY3srTo_l`9fAN6mhu<o<@?OuM(Cs(~`RbmSB@6k`#Q^!q4Qsr+Z!8T0S^
za!#*YsA%<jlYyauq5&rxt2Q4qlN2ihi^u|21Mj}M-czp`eKY;fw>tO-Z!sSWM<5IL
MzLJB#K7&e00Bh$qdH?_b
literal 0
HcmV?d00001
diff --git a/roles/odfekibana/files/SOCTOOLS-CA.crt b/roles/odfekibana/files/SOCTOOLS-CA.crt
new file mode 100644
index 0000000..04b1f20
--- /dev/null
+++ b/roles/odfekibana/files/SOCTOOLS-CA.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNTCCAh2gAwIBAgIJAIp0kyaAW0K3MA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV
+BAMMC1NPQ1RPT0xTLUNBMB4XDTIwMTAzMDEwNDcxOFoXDTMwMTAyODEwNDcxOFow
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC1GZDFZJPR7AYkhEsB9U6qtK+40di3KOeTwRosJ7hvP1FQjwnIC37B
+UlVq15KEgRTCcXgLH0CdtzC1Rkz+AUCLyKTOGmNCqmvyMcESdpuoI1NULkv0QeYX
+Mj4Q1Lh0RldqZpEr32UfsVowBPPhijAUlVAHeJLvji/tnUvI++9no2hx03UAhjTM
+M59AviYsRT3DUkciNSllpwV+7B2pgnpRgzsbVGP2cheaaRYG9DAbRTLrAtVxO0WJ
+c/zNGSpvXuOyBK30/pwGMvhNGPeckElSpDfaepuA8ZDcfaKNk0kEBvzIlUrpZBmv
+tBc5DmpfEBlSk5UK/0XSblKE5dOqlWc1AgMBAAGjgYUwgYIwHQYDVR0OBBYEFHkG
+ykDTn5pUrtMzTfI4PrYL8z3PMEYGA1UdIwQ/MD2AFHkGykDTn5pUrtMzTfI4PrYL
+8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09MUy1DQYIJAIp0kyaAW0K3MAwGA1Ud
+EwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQA0XK1+Eg+j
+JdwKnUpnwPq+fsyrCs4TF1DgwtqY4yr1KCw0QSPMK9ldLp62lJaRnrPE7ZGOQ7sd
+z82yEM8nMulNREp3TZwuVFaWgs0yLVKkfqZ0jNGDuEf8AJAynI4ynRbtYxtYzBDy
+XgJPk9lKK/gR14IXBet/dGbZf4yHiMzldMCb0dWzyDS1S+Y1iLTRCmpmRbFow12g
+CjNoSxdyoJPZavcOVWa4tDc3PLMdkgdY20ewo3IvCQTOg9ogVX4Hq5/M4xTz8XUX
+nHeUqshdkPVGFCIujCBg9131RYSE0SkVrPUaIbP9tgzabkZWwhiq8oSpTBmIi9qh
+GPiQTFGknE1U
+-----END CERTIFICATE-----
diff --git a/roles/odfekibana/files/cacerts.jks b/roles/odfekibana/files/cacerts.jks
new file mode 100644
index 0000000000000000000000000000000000000000..9d4001b7d9a466941cda896b6bf145bf2f02020c
GIT binary patch
literal 893
zcmezO_TO6u1_mYu1_nkj&0U<IT#}!kQ>>eu$iTo@S}9llhJiIg&(y$@fq~i5po!Vk
zpovL#0W%XL6B8#xSIK0xhG?hl2E1&XT5TR}-+37sxmg(u#0*6YgxHuvS(tgagZ-UD
z{QZ4`b)6jz<ivT63=9p74GaxT%ndD~#CbtXBMT@Or@kgeC1fiYSs9p{82K3tni#p5
zniv@wwn|Ponlky~8#a{|Z^o~FtG2A)aq-4>jpvgOO6jQY$hQv+=;u7aU3V}jH0%1L
zmPV07g%#ZL4s*8~Y<2Vb$LP>~V#ztFWT#cxp9~KQmCatE92}zO{l)Q_xRIT}l^rE+
z;aO=DweP3OZ;Ucv`TVfUKxAqFd&Q*pefn?bdY}0HK7DaU;pI|>Hj^{P^Bwl7>A2b+
z4susA)l6N^TK7hFWm8pPv$b?c^0y-KS(##NUks#Ojb1ZdEwpy+EdFy=QY%01@g|nF
zU;fQuGy35x@qNw&&!8pdx2k40e4KEnc2VzSPZqX6C#HJ6Op#o_Mck4vD_%e{X!2C9
z|E`zvf?A$lUNtq{l!=*<fpKwTt3hLvfh-$ys4O3g7>h_H+bM_3^Jj&uyKL<H$--_M
z_h;Ml25ul}Wfpq_+Xk!(7D_FVz!eWoNHNX>GDnz&)qt6i@xK8#h{w;u!py|Th8$De
z;Fw}$Fo{`PC&a&4^$youuk-`I_SKzP&2>&#JmA5hTQeSOebvx0aa2B|eKS^X-nJ>z
zCeGV@<n6>h=iRdB&u$VpuWt0x*Tt*ccaC02*tDjzM!G>u>Xw!CTx{Oq{)b_L(VRY`
zxnggVr6bM=e2Qc8pM29x`-kB5CUMr+^(ARH>wDTe&O9wSF#F=w%_mH@dOtJm*m998
zE6sId#^KlnT*evR;zbK4-^}{X7n-(Xi@CYYX4y&X5x3npEH2XLWI5M-OChw5ef9h^
zk3~LzEES(qK4sO3*a=_VM3nS;6cWD2esyhWxu_|+=Bt$A=D*u`Zsoa!9g<k}sb!^)
nWJmX{g%Up|_yjJQ;~Qf5+vDoDTqXObIbI&Z%6$8^_~bbON?lF-
literal 0
HcmV?d00001
diff --git a/roles/odfekibana/files/dsoclab-kibana.crt b/roles/odfekibana/files/dsoclab-kibana.crt
new file mode 100644
index 0000000..f47839f
--- /dev/null
+++ b/roles/odfekibana/files/dsoclab-kibana.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 7d:fc:33:45:75:73:e8:f1:60:94:a7:4e:6b:2f:23:f1
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:27 2020 GMT
+ Not After : Oct 15 10:47:27 2023 GMT
+ Subject: CN=dsoclab-kibana
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:ce:4f:c9:0f:84:4d:4e:7b:dc:11:90:c9:49:a8:
+ f3:60:44:a8:25:1b:59:83:64:0b:d1:e0:bc:59:50:
+ 22:a5:f5:88:7a:c8:40:65:e4:22:3d:77:d2:8f:9e:
+ 30:17:80:5e:20:85:bc:70:67:61:cb:d8:e2:9f:9a:
+ 7c:7b:a6:e8:4e:79:7b:cd:86:6e:26:52:37:45:b6:
+ ab:b7:6f:40:8f:7a:55:8b:d1:91:cc:21:6f:55:37:
+ 50:3b:72:1f:2d:3b:bf:75:47:91:88:6a:1c:ea:39:
+ dd:8b:25:31:55:0e:bc:52:6f:bf:0b:96:ef:e3:12:
+ 5c:da:63:22:54:e5:b3:95:8b:02:9e:57:3e:7b:4f:
+ a0:f5:6f:07:a8:5b:45:7c:cb:34:83:77:34:a5:b1:
+ ff:05:12:88:8f:cc:c4:05:5d:e9:e7:7d:2b:12:fa:
+ bb:4d:25:f4:f7:04:e7:95:06:95:ea:a9:c4:75:4e:
+ f7:03:67:2d:9c:9a:f4:01:f6:2a:8d:6c:6d:d0:59:
+ a9:ce:1f:12:b1:76:39:c8:07:d4:20:73:1e:f3:9c:
+ b9:67:83:3b:a8:7c:6e:fb:86:ea:3f:6a:8e:98:4c:
+ 39:a9:d1:4d:be:9f:0a:43:49:1b:fd:09:67:b6:62:
+ 71:fd:87:9a:63:25:00:aa:c7:a1:4d:23:12:e3:56:
+ 0f:6f
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 50:F3:7D:4F:B2:8C:A5:09:FD:64:CB:C1:97:F1:F8:49:C8:6B:30:4D
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-kibana, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ ae:be:82:6f:6d:e6:c4:cb:c3:2a:d9:d6:ee:11:52:a6:de:89:
+ 9e:31:a3:e2:86:07:e9:d1:fe:95:c9:a2:38:90:df:05:ff:e5:
+ 99:27:e8:d8:55:00:8a:85:b3:15:a5:e5:5b:ce:4e:4f:01:3b:
+ 74:a4:b2:09:fc:6e:95:92:94:2f:76:0d:c7:97:1b:78:c1:08:
+ 1e:3a:0e:fa:a6:ab:db:1e:22:26:86:39:f4:bb:89:a1:a1:d1:
+ 55:f6:c3:ff:9b:a5:eb:1b:6a:84:8a:1d:3c:5f:7c:03:0d:08:
+ 42:6f:d7:14:86:61:38:66:65:f7:c2:86:68:db:81:e9:41:0f:
+ 82:cf:bb:be:fd:d7:94:48:cc:f8:cf:4a:40:ce:33:c4:75:51:
+ 00:7e:c7:93:f6:3b:92:c1:5e:8a:ce:5f:2c:c2:f4:fe:ec:77:
+ 9e:ea:30:d9:53:ee:f9:b9:fd:50:f5:6b:92:1c:57:d2:e0:f3:
+ 05:d8:79:a9:63:16:13:09:cf:5f:39:dc:ec:43:e4:65:45:43:
+ 65:e4:7c:39:a3:a2:81:47:ab:8f:57:a9:89:9d:56:4b:77:b1:
+ 04:c8:9c:54:d2:5c:28:f5:d3:66:ae:9a:9c:a5:91:c7:eb:20:
+ 69:fb:58:99:c7:5e:be:ec:4a:7a:62:09:fe:3b:30:f2:4a:d7:
+ 1d:f9:0b:c3
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIQffwzRXVz6PFglKdOay8j8TANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjdaFw0yMzEwMTUx
+MDQ3MjdaMBkxFzAVBgNVBAMMDmRzb2NsYWIta2liYW5hMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAzk/JD4RNTnvcEZDJSajzYESoJRtZg2QL0eC8WVAi
+pfWIeshAZeQiPXfSj54wF4BeIIW8cGdhy9jin5p8e6boTnl7zYZuJlI3Rbart29A
+j3pVi9GRzCFvVTdQO3IfLTu/dUeRiGoc6jndiyUxVQ68Um+/C5bv4xJc2mMiVOWz
+lYsCnlc+e0+g9W8HqFtFfMs0g3c0pbH/BRKIj8zEBV3p530rEvq7TSX09wTnlQaV
+6qnEdU73A2ctnJr0AfYqjWxt0Fmpzh8SsXY5yAfUIHMe85y5Z4M7qHxu+4bqP2qO
+mEw5qdFNvp8KQ0kb/QlntmJx/YeaYyUAqsehTSMS41YPbwIDAQABo4HcMIHZMAkG
+A1UdEwQCMAAwHQYDVR0OBBYEFFDzfU+yjKUJ/WTLwZfx+EnIazBNMEYGA1UdIwQ/
+MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
+Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
+BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1raWJhbmGCHmRzb2NsYWIu
+Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEArr6Cb23m
+xMvDKtnW7hFSpt6JnjGj4oYH6dH+lcmiOJDfBf/lmSfo2FUAioWzFaXlW85OTwE7
+dKSyCfxulZKUL3YNx5cbeMEIHjoO+qar2x4iJoY59LuJoaHRVfbD/5ul6xtqhIod
+PF98Aw0IQm/XFIZhOGZl98KGaNuB6UEPgs+7vv3XlEjM+M9KQM4zxHVRAH7Hk/Y7
+ksFeis5fLML0/ux3nuow2VPu+bn9UPVrkhxX0uDzBdh5qWMWEwnPXznc7EPkZUVD
+ZeR8OaOigUerj1epiZ1WS3exBMicVNJcKPXTZq6anKWRx+sgaftYmcdevuxKemIJ
+/jsw8krXHfkLww==
+-----END CERTIFICATE-----
diff --git a/roles/odfekibana/files/dsoclab-kibana.key b/roles/odfekibana/files/dsoclab-kibana.key
new file mode 100644
index 0000000..9eec2e4
--- /dev/null
+++ b/roles/odfekibana/files/dsoclab-kibana.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDOT8kPhE1Oe9wR
+kMlJqPNgRKglG1mDZAvR4LxZUCKl9Yh6yEBl5CI9d9KPnjAXgF4ghbxwZ2HL2OKf
+mnx7puhOeXvNhm4mUjdFtqu3b0CPelWL0ZHMIW9VN1A7ch8tO791R5GIahzqOd2L
+JTFVDrxSb78Llu/jElzaYyJU5bOViwKeVz57T6D1bweoW0V8yzSDdzSlsf8FEoiP
+zMQFXennfSsS+rtNJfT3BOeVBpXqqcR1TvcDZy2cmvQB9iqNbG3QWanOHxKxdjnI
+B9Qgcx7znLlngzuofG77huo/ao6YTDmp0U2+nwpDSRv9CWe2YnH9h5pjJQCqx6FN
+IxLjVg9vAgMBAAECggEBAKJC7gdeLs8Da1oFXcqpLoEQfo5wrD5CeWlgL8Ku3BFa
+wzSOOtfoTWW6z8hUyc4yD9XUWRiutqP0uIh+oFlANIVD1rMWf5t0HjSeLv/eaBBw
+Tsfg06KQyVdkYZ3fa9XPoA1FdJitnIA7cpr1bY9QP502djNPSux0jMLWJTJQVqXN
+fXykLoIvB8xIPWbJAJMgF75turJMFT3wGN+qjCzbsZqIHmqp4eaKoH4Mz+Y6SJcA
+uSzCdGKVPxHUVZbtkXn5GZXFx5YQ0wwRHJRWQ6Fn49HtKc5vBc7PN8fG18+s3DA2
+BR7MLgIaHGBKsnJgcOOZQiRCQP/uBBEIxIF0qU3h5UECgYEA6aiUvvBNcShCRaaH
+Wf5GpYTT1ANNv5+3sCTy4KKt3yCxyyn5ENEFL1i8w6/LffGIAsoLnoEcxWV/fhLy
+ZH5FzIYxlR/w2rddUyOXENx/9CWw/IhL91U9525JCJ0B0TBkZ9842ORX7kcI8+0g
+4oaC5bDYTZotAto4ftNIzmfznesCgYEA4gnREIl4nv9v28x5aUS+HhSpsH9kkVrr
+FQ0amCJSHu4U9J39MXS3Fju3rlmZG59J9ymEQ4tr0Hq3S+tsTy4hP5d67/KtoxKr
+3smyKduX6gfOmEy3TjCSc+OMebM7lX0crX2+0JCm355yDC8fxdAGxpmqYvwmVw9Q
+NbIb2mHR/40CgYEAjshlnQhbSnq/hLBupZ+srBivGS+rox2Gsizh/kNq3J6uBuhv
+Osd/0572Ot6CC0Q9SPcOgp2DZ1zOu8v4M1C2dnTKd8Y8+Gp0rQlilvsndZpSvP7M
+7Sc53OKX3puTMLHRqWfO5TskQIdIAUc2gTaRZqragxFj0App25ZhN0BurmECgYEA
+uM8L5vhu7ZitjUk17zKsOo3sW4kc4ZczY4fOOZq+B9niukm+LMRfuUbkHCHXg/UN
+lY6VPGBuqwraeLEoYei2eHbSpgKFozHt4f6Is55+K3Nsn6sBqGUgKK5gOVSon8Wm
+P9byvzW1qlmyp3GUCbjXAWO8IqhEdKPpka1pBnk6KDUCgYAhGqRGJ7NG4+Wz/0/5
+Z/IQeEsLO4lB7EuIADn9udmrYgYqv7sHDzhIUOviJPRgf2ag68LEXXZsC029famu
+/wbhD6pw1yq0QKGDcgH/LzHL9+74TqRlT7drPyOFPqOGPKtc88wL/aXRC90n7dsT
+jFEbunnLOfUUjgxXiJpNU0FtjQ==
+-----END PRIVATE KEY-----
diff --git a/roles/odfekibana/files/dsoclab-kibana.p12 b/roles/odfekibana/files/dsoclab-kibana.p12
new file mode 100644
index 0000000000000000000000000000000000000000..f9e8737d615ab77c25857cf3b3c8eb2d77f03104
GIT binary patch
literal 3397
zcmXqL;&o(VWHxBxWoP5mYV&CO&dbQoxS)yW2TK#r7lS6A4+c%_%Mns+3!2zx7&Ng@
zVPa%3Xkzb0$S@knuyH|6;9+Dl;A7zkz3X<M_;O+c6B7qRLlb+#{#WVQ=WboLTA<Bx
z_;#%94`HK*EBdpqgb7EV()ly9`tzHXpTRnB|8KLm3||$dGt=tWqsPD3B+WejGSNKM
zd%sDrX=Z-#S>r=lXR0=QU)HxbD2VZPOH;}1?xTVQx!V-nvi`k2ch@yXT2XIWtylVG
zYsvMl&MudVXP*`9uQNYlp?j1$wB-Ec;FB|c7|&WPlP)WxwP_xQ;th%N>-~jF5^4WT
zi>K?R?w88@b&K!JcKrq0pYlC_d+Pk{@Vb2c{&Qs(@~849C||m_?%ipH{yi@qsz=`Y
z865k=|7_caBO8k5C5J1ShTRKsbAP&ewM+OpV>>g~)5q>u+k3s0Uf}HAzBKhoovq{A
z{}SaqS>k@V$I}lRulCwF&0(>8pp97iD=mMEn~%jmdGs~D>b-LKg>NH!n5l-QLzSm>
zxYhC7LFzlT?v^f}=y*|9yGEMX&V1V0(|T{561wMHN^yRDmpjiXr>gk%zIQjWBChT7
zJ8)BL(w(@Q%iLz4d6KFTrZDUJlPb}|;Lhl6OO$^;IDGiUbzzZzJMYUbxL+K-|5=;m
z8NaBb{cjq)7`OhAXk^=9ec?wwTR_eC&4zwijfpRAy?;Jc+x8o$#F7>1d*5+}n6@%@
zmo<q;vDStQZ;4*B??}FMu=gpp)9<e@*?4Qou4WOp#*f??S6z?0yD44V5W4?(?Nf!C
zS@BKF@3hT5ZSQ@n?XS;qm7dF+y!STxPdc{s-{zc?+ooKfpwxXVY?V>=*Rm}a4oh5P
zPC6m+nZ-@c{BHNdwnb@ak7m2Q_<u)ciPZ9tQk}minM$r%ea#Z8icvZ2)^RY;a{g0!
zvnIui9kUPrwG|KFkXOU>Ym)oxTS_SpJKjnhNLh8R$MM&{$(mw37eZ&UDt-NS^<mDO
zUalqFk-HtIC-PRaob+7CB3gfI@1LkE6(POHeq^X>hMP;R)qU}0zm>t^AO(}7SJLdA
z#1gfZJ~j1Tq-Pq-Ftu~x-G@aDU-=#|9NV8VHLa!C|NVM*-^**Jq;aou2zV407Tn&;
z&ab<nwCT)hyD9g$7Om1TH_}<(#PHHC-}%5j<5j7;i&j0CwCS28qLyxF>d))BRQuPJ
z=_T%SPhX$)U{6Mo{xmKdVJWx0fzK5ceyLZ9ESPcn&Kse<_A2q+Tob$*?|1(@^X|XV
zwY@SzSC72lm})F=z-Fy5AKO&9u%B;4l#fK;dna&V!HHA%TpE-OEZ@oZ_*+ft>0HRw
z6SDogH;Yn`v&hk(I~x>C9T)N*S(Vw$WtjQ-mz^Y2!OK6s*K2yeJpA{gbUk;1xyNj~
zo^Y8GC5EQ?Gpw$iK9w=aM4*N5-rl}#H!3Sk&j?9=U9DyD$n5hK+XH79YCI-OuwTA@
zamk6(KbT|A`W#OGTzt6v07HPOYKhpXis?y>$BxfAB>nS-hG@Y@rtRS@*-7o1b1$Eo
z%`@A1cY~L)e`dJQYVA|@zdDL?|L`lD8^ks62#Q_qEYOah`exy&{Tn*^QdxuLuE{>l
z-WmIB@#aIDJF6}lUt`p2(fv1JQ>1TO@$clS1(q5XPv;u`-DJ_`y)0sN&yxA!kNVi$
z%pBI&tc$yK$H;f?%q^cLew*nKzk2;LHP>A)&bOx7G{67#PhjO$m1_}ou4kEb%jP^`
zytHZV^x3-?cCXp>pYQYe<jIVdOiGiOE{HB_oSgMJS9;a8yUT+fKJBkMeDhn>p2u<y
z=MCSd1-a*`X2*Fil&-W8KGGMEdT!IQsj5NAE(>K7dEFN+d;6t2WajB_x55tgCCu-C
z^IM!{%5Awj0b*~?JD<(mH`5_z%fa$(2lguI&bS+=6VTqd{Lviyth+VmW?Ytbe1B$M
zVzZi2;I=r4TU^q|jvCv{mYqDc$F*o@k>>TAe$W58bU)M#*5a32dVb@xqQfB$>Sy%3
zDrf9ixZnv(^n^=qG%VIjFS&a#<d*Wf?1dT{CLijqKHUC`d6n6c`%khSFs$NSzH;G&
zjt}{pwThA@G?j$TwXB<-K2zw^+v(5DAK7ep?wRcRT;Gnj?VjFM|ISa9ix;ztD~a|!
zT=S-K*V;9zn=)2--h8EdPPWy`-&t>i%f`p74<7ePu2_@e|2!)#bke!|FW0aZi9ZzL
z@#R{t$m2RgFj7-nMDt8cb$@UhYp1kV3^#9NX`Q_9x8|=K*GVL6@a$NVXnEk<1wW2D
z7bWf$m#kXvFE0@)&z@-6y2q%+?9#sY{b^F{^%oYb$e#XN*sJq3%cKpmiFX7Z&hn`K
zb5C*0%OHVe*M9EK2%qq%CpYR)dG$snkq(!~`O*jf%{Y1T&@l$7wKr@h?=1g4*WGgV
zzQ?z%Yh~4r@p?@B8X6^XvRO2eT{tT1)AHwakBt;x=O!@c{qCQ8zr<NR@7g6lEuosf
zorxD#1srK)np^goy-N5^<}AI-tNdPkI+a{~>sxna-j=!lk`2V-Pk${@=sVc=B4OE8
zkK(rv=iD)gdpQ4N(A;WCR->P%TVK7}<*8P-d-blBQB02yg=H%DKb-vP`j%~9&oMc@
z(ePwfzjPurxu{>}$oxlXo4BG2wWAf*uTV%6-`ug9BWP0D!>NDtyefCDK6zNM;z#Ye
zx2AT^22HGvNEPyeCRQVsCRROzCRQzjCRQ~zZdmoq#mKaviRGO^6U!@<TALYEYv=L`
zY+d>!<vys^W@%zM(Nklr_Hcpi+OxHeRa{)Fgi{)yeYWpQEt)wuIrqWgO8aRss|t4I
zr1CCnyxpSy$<yWVCIRykE_=6KcK;sz>}4an?E3`~q5Eqh<}b~N6Lx3(eZKp)=$5A}
zwY$PU9SbgVddu&da{kFCk-Y5^Ez&OE4<ER(<HK5o*L^YlM{E!L3*30Xv3jHCHkH&T
zH9LPVh`zl2@GG9Q#mmfFT|@g$pJFqQ?tQ2K+r47{@>7e})w$2-+^y~>#%OvrRYJ_?
z&q>{PMP3^g8Mj=LYq9$^=gJh-7L@~SYm0CC%URejO|W|1yI(UVM|Gom=t=STTf9uK
zD*lL8O*2Sg5Q@IOB<^O{frQih^}M%qce-tP<H0+jvG4EflbpB3_+twhYJ_!vT(9??
zoXvl{qG_>)^se{z{B6m0-K);nvX)M9-}*oFb>#eg=E=LSuGgE&w5iihie-AEX!T`}
zvWaYu+ApLxvA<)R*3eYS%@bmG_~W(YE4TJ`oit>6eJ6-#x_Z(U+xe02Hr!8+unRNS
zocky|M*NK7uK=Z3xp^IhAs3c(zv11-@owtBf7f?O=WOx5U8$&=X7}fP;^es^+4@Rz
zW*+kRTf8dB-FlyamF0=>9ky1D`}}`0g}weGa8`Ho2CKq=Dc9FbvfFWLnbqMm`=?*-
zKde9fT!TTy{aK>)jmf^o+gdkvUo7f;%K2$i%4NZq_oEy?ar<!{)X_}i;<uG8<<7aX
ziE*F9B&G+G+H7vzDv6$RX?}226E7!=;F)P`UksUbr0!oT5eRloet$fD)rL(io3DTM
zU(x>e-SnfgR$Qq6IHSVbyKhnSk$by2LwGn}<@D7VGfmStwb%b1L+nob2Xj={U7M(%
zS-N{d)6DOT&kuCAT~gNTDox_JT6=TW%Fip~7ajQL7X9>x{h>hdkoiuhg<YPDHw%^T
zWUSn3<Dr-E%2NL9?N?o2xq}sT`zxz$bToLrwJ}&Mdv`L4>Du~DVntJ|-6yU7t=3%M
zF5y4(>a6Jxx7Dd|8JNwxtRWZFxc!>!jwYpTduo<lVtSx`hj&u-&6=lTa=U*TD@b}p
z-?LY05S!Se^?Y8k#ie%T`}0z+tzqDvXBgw=rj%%T?W?Opzr=L8c`cRwAFLyy_A)<E
znr&9vd)#YM>dwVmjl;HFQ<}f%yztU{Hiu@aY!f@A{PV%lbiQX1Is%`cZn6AQRFk=U
z$)BAsUm5o=wpni)+Q_ukK6Co!6D^+BM-sdD?x|?bo0w(9E-+Cb(uYTvFLOU5UwU-C
z-CP-&_jlA*Z`im)Mt+X|+ORdx!k@-m+GM`rcFHWz$$q^rukLS-KKf?KwAZc=gtv3Q
zxb~`)Eon>X8J&Y&a?Q5Z*EZhEp1%Ag)A~9gHg}2d7uH3`n&dy~zhuyCSl5{7es-eF
zqAJ1S=QRqd;?e6{Jq`Wddhg1yx#Lzi)pF+2s+AWDqjgflS8uJ<x3;;L(Y8wKV1-V&
zYQBw7XGF$}zH^PMmuz^>udumr|4e>2sRiLI-A`gRX@p<viZ(6zEA~%Q^VgaM*{<sT
zn~dITi{v*pZBRU`7TLiZ>~LI4{T;&t|35RH`v1+nIQhMNGC$icm#543M%zX!pZs&{
zwC5+YsK2SXdtN>``5{u=_>%Xvbt`@-?ta7cpd&#@IYx=)_bmZM56)!_Wfdn^&A$62
zkJ(VwKp9>-a*7&?v51`WJ*KDBa$wW1ra3m%KWxu05n69#U}&Idz{$p{&Bx3n#mc}U
m(*G#1OKZ{c+x>ps?;lI6@E$Qpo5R8(rlp+|ogU&1DkTBWK2}fw
literal 0
HcmV?d00001
diff --git a/roles/odfekibana/files/kibanasecret b/roles/odfekibana/files/kibanasecret
new file mode 100644
index 0000000..ec28be7
--- /dev/null
+++ b/roles/odfekibana/files/kibanasecret
@@ -0,0 +1,3 @@
+{
+ "value" : "19125de3-27fa-40e8-83bf-fdb8c8338b99"
+}
\ No newline at end of file
diff --git a/roles/thehive/vars/main.yml b/roles/thehive/vars/main.yml
index e69de29..9bd2813 100644
--- a/roles/thehive/vars/main.yml
+++ b/roles/thehive/vars/main.yml
@@ -0,0 +1,16 @@
+---
+
+THEHIVE_USERS:
+ - kiril:
+ username: "kiril"
+ name: "Kiril"
+ surname: "Kiroski"
+ roles: '["read", "write", "admin"]'
+ organization: "uninett.no"
+ - temur:
+ username: "temur"
+ name: "Temur"
+ surname: "Maisuradze"
+ roles: '["read", "write", "admin"]'
+ organization: "uninett.no"
+
diff --git a/soctools-inventory b/soctools-inventory
new file mode 100644
index 0000000..cff0d64
--- /dev/null
+++ b/soctools-inventory
@@ -0,0 +1,35 @@
+[dsldev]
+localhost ansible_connection=local
+
+[nificontainers]
+dsoclab-nifi-1 ansible_connection=docker
+dsoclab-nifi-2 ansible_connection=docker
+dsoclab-nifi-3 ansible_connection=docker
+
+[odfeescontainers]
+dsoclab-odfe-1 ansible_connection=docker
+dsoclab-odfe-2 ansible_connection=docker
+
+[odfekibanacontainers]
+dsoclab-kibana ansible_connection=docker
+
+[keycloakcontainers]
+dsoclab-keycloak ansible_connection=docker
+
+[mysql]
+dsoclab-mysql ansible_connection=docker
+
+[mispcontainers]
+dsoclab-misp ansible_connection=docker
+
+[cassandra]
+dsoclab-cassandra ansible_connection=docker
+
+[thehive]
+dsoclab-thehive ansible_connection=docker
+
+[cortex]
+dsoclab-cortex ansible_connection=docker
+
+[haproxy]
+dsoclab-haproxy ansible_connection=docker
--
GitLab