diff --git a/src/certificate/create-leaf.md b/src/certificate/create-leaf.md
new file mode 100644
index 0000000..49f7269
--- /dev/null
+++ b/src/certificate/create-leaf.md
@@ -0,0 +1,123 @@
+# 고객사 설치용 leaf 인증서 생성
+
+## 1) leaf 개인키 생성
+
+```bash
+mkdir -p pki/leaf-kdn
+cd pki/leaf-kdn
+openssl genrsa -out dfxagent-kdn.key 2048
+```
+
+---
+
+## 2) CSR 생성 + SAN(도메인/IP) 넣기
+
+### 2-1) CSR용 설정 파일 만들기: `dfxagent-kdn-req.cnf`
+
+```ini
+[ req ]
+default_bits       = 2048
+prompt             = no
+default_md         = sha256
+distinguished_name = dn
+req_extensions     = req_ext
+
+[ dn ]
+C  = KR
+O  = KDN
+OU = DFX
+CN = dfxagent-kdn-01
+
+[ req_ext ]
+subjectAltName = @alt_names
+
+[ alt_names ]
+IP.1  = 10.100.12.86
+```
+
+### 2-2) CSR 생성
+
+```bash
+openssl req -new -key dfxagent-kdn.key -out dfxagent-kdn.csr -config dfxagent-kdn-req.cnf
+```
+
+---
+
+## 3) Intermediate로 leaf 인증서 서명(발급)
+
+### 3-1) leaf 확장 파일 만들기: `dfxagent-kdn-leaf-ext.cnf`
+
+#### ✅ 서버용(HTTPS), mTLS 클라이언트 겸용
+
+```ini
+[ v3_server ]
+basicConstraints = critical, CA:false
+keyUsage = critical, digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth, clientAuth
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer
+subjectAltName = @alt_names
+
+[ alt_names ]
+IP.1  = 10.10.10.11
+```
+
+### 3-2) Intermediate로 서명
+
+```bash
+openssl x509 -req -in dfxagent-kdn.csr -CA ../intermediate/intermediate-kdn.crt -CAkey ../intermediate/intermediate-kdn.key -CAcreateserial -out dfxagent-kdn.crt -days 825 -sha256 -extfile dfxagent-kdn-leaf-ext.cnf -extensions v3_server
+```
+
+> `-days`는 운영 정책에 맞춰 조정(예: 365, 730 등).
+
+---
+
+## 4) 체인 검증(중요)
+
+```bash
+openssl verify -CAfile ca-chain.crt dfxagent-kdn.crt
+```
+
+`OK`가 나오는지 확인
+
+---
+
+## 5) (Java/톰캣용) PKCS12 keystore(p12) 만들기
+
+DFXAgent가 Spring Boot(내장 톰캣)이므로 `p12`를 keystore로 사용
+
+```bash
+openssl pkcs12 -export -inkey dfxagent-kdn.key -in dfxagent-kdn.crt -certfile ca-chain-kdn.crt -out dfxagent-kdn.p12 -name dfxagent-kdn-01
+```
+
+---
+
+## 6) (클라이언트 검증용) truststore 만들기 - JKS truststore (Java에서 흔함)
+
+```bash
+keytool -importcert -alias bsm-ca-chain -file ../intermediate/ca-chain-kdn.crt -keystore truststore-kdn.jks -storepass changeit -noprompt
+```
+
+---
+
+## settings.json 구조 예시
+
+```json
+{
+  "tls": {
+    "enabled": true,
+    "port": 8443,
+    "keyStorePath": "cert/dfxagent-kdn.p12",
+    "keyStorePassword": "qortpals1!",
+    "keyStoreType": "PKCS12",
+    "trustStorePath": "cert/truststore-kdn.jks",
+    "trustStorePassword": "qortpals1!",
+    "trustStoreType": "JKS",
+    "clientAuth": "none"
+  },
+  "outboundTls": {
+    "enabled": true,
+    "useClientCert": false
+  }
+}
+```
\ No newline at end of file
diff --git a/src/certificate/create-rootca.md b/src/certificate/create-rootca.md
index 9a091e4..af0ebbb 100644
--- a/src/certificate/create-rootca.md
+++ b/src/certificate/create-rootca.md
@@ -52,8 +52,7 @@ openssl req -new -key intermediate-kdn.key -subj "/C=KR/O=BSM-LAB/CN=BSM-LAB KDN
 ```
 
 ### 2-3) Root로 Intermediate 인증서 서명
-
-여기서 `v3_intermediate_ca` 확장(Constraints/KeyUsage)을 꼭 넣는 게 좋습니다. 간단히 쓸 수 있는 `root-ext.cnf` 파일을 하나 만듭니다.
+`v3_intermediate_ca` 확장(Constraints/KeyUsage) 작성 `root-ext-kdn.cnf`
 
 **(root-ext.cnf)**
 
@@ -70,22 +69,15 @@ authorityKeyIdentifier = keyid:always,issuer
 ```bash
 # root 폴더로 돌아가 Root 키/인증서로 서명
 cd ../root
-
-openssl x509 -req -in ../intermediate/intermediate.csr \
-  -CA rootca.crt -CAkey rootca.key -CAcreateserial \
-  -out ../intermediate/intermediate.crt \
-  -days 1825 -sha256 \
-  -extfile root-ext.cnf -extensions v3_intermediate_ca
+openssl x509 -req -in ../intermediate/intermediate-kdn.csr -CA rootca-kdn.crt -CAkey rootca-kdn.key -CAcreateserial -out ../intermediate/intermediate-kdn.crt -days 1825 -sha256 -extfile root-ext-kdn.cnf -extensions v3_intermediate_ca
 ```
 
 ### 2-4) CA 체인 파일 만들기
-
+고객사 설치용 CA 체인 생성. 추후 truststore 저장
 ```bash
-cat ../intermediate/intermediate.crt rootca.crt > ../intermediate/ca-chain.crt
+cat ../intermediate/intermediate-kdn.crt rootca-kdn.crt > ../intermediate/ca-chain-kdn.crt
 ```
 
-이 `ca-chain.crt`가 “고객사 설치용 CA 체인”으로 자주 쓰입니다(신뢰 저장소에 넣기 좋음).
-
 ---
 
 ## 3) 다음 단계(참고): leaf(에이전트/웹서버) 발급은 Intermediate로
diff --git a/src/certificate/pki/intermediate/ca-chain-kdn.crt b/src/certificate/pki/intermediate/ca-chain-kdn.crt
new file mode 100644
index 0000000..f748bd8
--- /dev/null
+++ b/src/certificate/pki/intermediate/ca-chain-kdn.crt
@@ -0,0 +1,63 @@
+-----BEGIN CERTIFICATE-----
+MIIFdjCCA16gAwIBAgIUagcY/EA8YhiKbdXbIFcNeZorkMkwDQYJKoZIhvcNAQEL
+BQAwPTELMAkGA1UEBhMCS1IxEDAOBgNVBAoMB0JTTS1MQUIxHDAaBgNVBAMME0JT
+TS1MQUIgS0ROIFJvb3QgQ0EwHhcNMjUxMjE4MDMyMjA2WhcNMzAxMjE3MDMyMjA2
+WjBFMQswCQYDVQQGEwJLUjEQMA4GA1UECgwHQlNNLUxBQjEkMCIGA1UEAwwbQlNN
+LUxBQiBLRE4gSW50ZXJtZWRpYXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+MIICCgKCAgEAmlhljugoaMwZIAnSHrgXCxVu9+DYMskqbEOlgJFpffPYf77fAadv
+R8omaKzFWjwno+l8ziJo26zwUNTSFCfhw2refgmoyJwSakQ2FFsRKgg8pEAJOi85
+MGFBXS41ECNzTp8Y7cMv4xq/96tFpW4lvOxVQdr29sTd6kjdANqAtisI/ZUmslrE
+c7J9MlpWJ7HI9kMbRPcFjni3yDib2SV02lYlEtOT9/vURcnNsq8RsjDwD7idngll
+ioIS7WlXWo2+ENuEEq8CQnoJ+ZTZZM10y+9arHW6r8UrWR0trqyMW6NfcI3IJ273
+a8O5rABkroRIp9e67b3o4uFYE71fEP5yZ8JIv77J5a3QzXJWd39IdxranGJS8QpH
+NpbGz1KchRKHiIfz5L6VMQeperr/H2sGzNCyJHOdodYlMoXKpwUYdKSOqzLLx62b
+3cdUxZouCShgvMQBCtBaw+dBVwdLEbTpuBdIlodC528SB8qYe/yBNlWTWTYbX11v
+khGM3g8NiKOJasWEbTjvWkjLFq92tIbfjWQAAJvSi9ZUGNqHPHVb+37GQ+Rew9b8
+d1mTUbdiD4gbKHVO9s0c24aAJMv1wyE7DkPBykeTnkb1ejFEdOF1BYJeT7dyM/o1
+q0oJvmQDCYhPkmRErd3ZA+r/pNNHvBQDAigZmwGKP1dYQ9974M2yfTUCAwEAAaNm
+MGQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE
+FFlMwDCEbM1mlKMWE8D/6GMTOMUaMB8GA1UdIwQYMBaAFAuqzxzumB+rXYYs1Bzf
+xaufvt6gMA0GCSqGSIb3DQEBCwUAA4ICAQBJvhagYrQ1fM2qti8ZDCeU+xyAamXl
+Kf/pe4wmV/FukhK+dNgHjCEGsNuQSiOc22KjaozTWWBUI+ClfG6uLscgX66PhAO7
+oGIzUgI5cA9hY8OfjZxAmw+MCrIknZz0AQZ3I3RJo2mOyfXvnPs1p28OVawT/GHw
+1eYtRrwjKRUr6UVKygZZnXeRpGNPWpmTyASWIJAkCGrNGs5O4x8c/FOrKxjAHfFD
+NcJQb68IJ8nLyHONuocHPNiZTWMguJROScz9ykowshFO1PoUSOHHKXOf/72fNmA0
+IFYrl98EVwWQvDh8KPaIJ3NvGie2cVkeaauWTqHygyO+/qClGZysHIxSICQgIvPT
+diOwCCYJOmG/suCcLa85qOfCEP2HrJuXf0VK6VrAnrwWhit7zMpJ7yW6/nq3NXIU
+7xT2XYshpeQO/NNYa1xSGjfSzqAbxt2Z1Wo1F0NEem4LjXfFICAIFVgEVBsIhRoP
+CmzD585CsxzinLUy6ubPXIHWkq/QrPSvrtiacgQfJvdNXwXgbMyeQK6fr/WSQp1Z
+96KoGdVv57DArXe0/usKWKeogioBMRyqUPPXbsVz7U8H4tuqP07kKzY+KZB33q9Q
+gtcvVl6UAQd6DfsImTGEl+AIYsgd862ggcyFoOzA57qEeWIdAOHvzW5JBGil3SwS
+ekELOLfSwn9p+A==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFWzCCA0OgAwIBAgIUHS2vme1ULV9M11i9OdaCmy1QuDYwDQYJKoZIhvcNAQEL
+BQAwPTELMAkGA1UEBhMCS1IxEDAOBgNVBAoMB0JTTS1MQUIxHDAaBgNVBAMME0JT
+TS1MQUIgS0ROIFJvb3QgQ0EwHhcNMjUxMjE1MDgzNjA4WhcNMzUxMjEzMDgzNjA4
+WjA9MQswCQYDVQQGEwJLUjEQMA4GA1UECgwHQlNNLUxBQjEcMBoGA1UEAwwTQlNN
+LUxBQiBLRE4gUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
+AOANyCJLnChz+nIpXMdQjuwZDUWFYrieMI1psNGLcEWyn/DJux2rF1r0riJA0Oc5
+VLSK62oljMeAeYxMTyeu84t+QHT9jBRRaCyAdSddnh7kURb6Q32juinTJjlxVx1/
+qTyyASR4R1BSdHzRNpczKCHAxZArObq+XOzUjgDWxxkXtopu4k52E3W+OqWliW/r
+6c3xOiILP1mMybbhpYAI9QyU+OjFsESWAnxWOl6MLcAXjzQw2mO9JDy3Y7JJjVsd
+tKqoPIsOc6ziwoSbE11T4xwg+k3CQDcmNQINH+qDlLiIRhcIJjPjjNhevVfVkDXe
+bqoQT50+4qEgwJd0I881GqARc3QoUpYYRsUwR+EBgoK8JJHdljZIC1lhdolAeyux
+U+ksfj1icWAhnKdrAgMr2Ph6zVYICMVVenTEdkMF3NfSRfwCJkkAhM9jjPE1ghPq
+2qHAbCN2IK+zJlfdsXmHiF19/uGnIj8FCxVXwOwrwxMXQHJ8qvr4vTjKlgzmWfIw
+L7E6STuU8ub4PNmvsRKmYN//+o+O+j6HMfCvBcnQnq3ecC6px+Uq4p9BnYCrUczS
+IwvE4GEmHCDcItOTgMR6gTHq0xvdB0nm41TasbvBFu0yUfo5pHo2WMluvisHP1KW
+3lxfljIICU157X2TZTFaGHGnWwHNDB+iVys+YD2yo72vAgMBAAGjUzBRMB0GA1Ud
+DgQWBBQLqs8c7pgfq12GLNQc38Wrn77eoDAfBgNVHSMEGDAWgBQLqs8c7pgfq12G
+LNQc38Wrn77eoDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQAp
+M0fJw/46yn6bVFqJeFT4vJ7n0wWD4fwb/vHtKnGiqEysnLSln/f3qv+203C1P1Y9
+xAob0k6w7MGRwN7dQIABAFWgxXK0ONL0zwc5Wrodp5JXhFJyf53KuQ26fBecUcQc
+KlpF8hddOc3aHMrVX15JK1orN0YpjpCoiuZvFwIohvBHrYUKhk8YRvTdxp/tAZTC
+L7AG9f2j8ib8762BqVMFmjbvA4dK9mPb/ajg2EEUOnPHF3yqndG1VFUCaVyJ3/Pu
+IeM1Wfy2R0uCk9hhOr+RylKT8Z0srv8W/cxV2EAym5XFqGqKKGQHWm58lfAEG9Uw
+dcpR6JjPWqCV0/xbJEj3O8SWlZ8D14x+iKvP6VQHPccNrLPJUiKUOXlwgRz437ve
+wx7Ehnb21TkH4rWA7VUd1dYLLlvt7p3EQtgl2AxRzO/jJil+8IPmXWJjkzLgm1WK
+6KP8jprJHhT/PC6MMZNh0K+BjKWW2dG4cL90RxaPdUNmaXttQnrJJ+mZT7kpoSIw
+nveO7vWWsd3KOfgEY95m3o91cigCoSFzBm/OulLAQJQo9fH2jggS6f21+YQwBXg8
+xBSHceSpmoGtGaKFcghc98vr0B/L8hvmNfujJd3cw6i+jxVlSnxAbDBxE7cxcLpH
+3d4+A7RQhFTSXqinU/ect/OodDlgtL0TBEs6vGBYYg==
+-----END CERTIFICATE-----
diff --git a/src/certificate/pki/intermediate/intermediate-kdn.crt b/src/certificate/pki/intermediate/intermediate-kdn.crt
new file mode 100644
index 0000000..d05e178
--- /dev/null
+++ b/src/certificate/pki/intermediate/intermediate-kdn.crt
@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFdjCCA16gAwIBAgIUagcY/EA8YhiKbdXbIFcNeZorkMkwDQYJKoZIhvcNAQEL
+BQAwPTELMAkGA1UEBhMCS1IxEDAOBgNVBAoMB0JTTS1MQUIxHDAaBgNVBAMME0JT
+TS1MQUIgS0ROIFJvb3QgQ0EwHhcNMjUxMjE4MDMyMjA2WhcNMzAxMjE3MDMyMjA2
+WjBFMQswCQYDVQQGEwJLUjEQMA4GA1UECgwHQlNNLUxBQjEkMCIGA1UEAwwbQlNN
+LUxBQiBLRE4gSW50ZXJtZWRpYXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+MIICCgKCAgEAmlhljugoaMwZIAnSHrgXCxVu9+DYMskqbEOlgJFpffPYf77fAadv
+R8omaKzFWjwno+l8ziJo26zwUNTSFCfhw2refgmoyJwSakQ2FFsRKgg8pEAJOi85
+MGFBXS41ECNzTp8Y7cMv4xq/96tFpW4lvOxVQdr29sTd6kjdANqAtisI/ZUmslrE
+c7J9MlpWJ7HI9kMbRPcFjni3yDib2SV02lYlEtOT9/vURcnNsq8RsjDwD7idngll
+ioIS7WlXWo2+ENuEEq8CQnoJ+ZTZZM10y+9arHW6r8UrWR0trqyMW6NfcI3IJ273
+a8O5rABkroRIp9e67b3o4uFYE71fEP5yZ8JIv77J5a3QzXJWd39IdxranGJS8QpH
+NpbGz1KchRKHiIfz5L6VMQeperr/H2sGzNCyJHOdodYlMoXKpwUYdKSOqzLLx62b
+3cdUxZouCShgvMQBCtBaw+dBVwdLEbTpuBdIlodC528SB8qYe/yBNlWTWTYbX11v
+khGM3g8NiKOJasWEbTjvWkjLFq92tIbfjWQAAJvSi9ZUGNqHPHVb+37GQ+Rew9b8
+d1mTUbdiD4gbKHVO9s0c24aAJMv1wyE7DkPBykeTnkb1ejFEdOF1BYJeT7dyM/o1
+q0oJvmQDCYhPkmRErd3ZA+r/pNNHvBQDAigZmwGKP1dYQ9974M2yfTUCAwEAAaNm
+MGQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE
+FFlMwDCEbM1mlKMWE8D/6GMTOMUaMB8GA1UdIwQYMBaAFAuqzxzumB+rXYYs1Bzf
+xaufvt6gMA0GCSqGSIb3DQEBCwUAA4ICAQBJvhagYrQ1fM2qti8ZDCeU+xyAamXl
+Kf/pe4wmV/FukhK+dNgHjCEGsNuQSiOc22KjaozTWWBUI+ClfG6uLscgX66PhAO7
+oGIzUgI5cA9hY8OfjZxAmw+MCrIknZz0AQZ3I3RJo2mOyfXvnPs1p28OVawT/GHw
+1eYtRrwjKRUr6UVKygZZnXeRpGNPWpmTyASWIJAkCGrNGs5O4x8c/FOrKxjAHfFD
+NcJQb68IJ8nLyHONuocHPNiZTWMguJROScz9ykowshFO1PoUSOHHKXOf/72fNmA0
+IFYrl98EVwWQvDh8KPaIJ3NvGie2cVkeaauWTqHygyO+/qClGZysHIxSICQgIvPT
+diOwCCYJOmG/suCcLa85qOfCEP2HrJuXf0VK6VrAnrwWhit7zMpJ7yW6/nq3NXIU
+7xT2XYshpeQO/NNYa1xSGjfSzqAbxt2Z1Wo1F0NEem4LjXfFICAIFVgEVBsIhRoP
+CmzD585CsxzinLUy6ubPXIHWkq/QrPSvrtiacgQfJvdNXwXgbMyeQK6fr/WSQp1Z
+96KoGdVv57DArXe0/usKWKeogioBMRyqUPPXbsVz7U8H4tuqP07kKzY+KZB33q9Q
+gtcvVl6UAQd6DfsImTGEl+AIYsgd862ggcyFoOzA57qEeWIdAOHvzW5JBGil3SwS
+ekELOLfSwn9p+A==
+-----END CERTIFICATE-----
diff --git a/src/certificate/pki/intermediate/intermediate-kdn.csr b/src/certificate/pki/intermediate/intermediate-kdn.csr
new file mode 100644
index 0000000..de17ff5
--- /dev/null
+++ b/src/certificate/pki/intermediate/intermediate-kdn.csr
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIEijCCAnICAQAwRTELMAkGA1UEBhMCS1IxEDAOBgNVBAoMB0JTTS1MQUIxJDAi
+BgNVBAMMG0JTTS1MQUIgS0ROIEludGVybWVkaWF0ZSBDQTCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBAJpYZY7oKGjMGSAJ0h64FwsVbvfg2DLJKmxDpYCR
+aX3z2H++3wGnb0fKJmisxVo8J6PpfM4iaNus8FDU0hQn4cNq3n4JqMicEmpENhRb
+ESoIPKRACTovOTBhQV0uNRAjc06fGO3DL+Mav/erRaVuJbzsVUHa9vbE3epI3QDa
+gLYrCP2VJrJaxHOyfTJaViexyPZDG0T3BY54t8g4m9kldNpWJRLTk/f71EXJzbKv
+EbIw8A+4nZ4JZYqCEu1pV1qNvhDbhBKvAkJ6CfmU2WTNdMvvWqx1uq/FK1kdLa6s
+jFujX3CNyCdu92vDuawAZK6ESKfXuu296OLhWBO9XxD+cmfCSL++yeWt0M1yVnd/
+SHca2pxiUvEKRzaWxs9SnIUSh4iH8+S+lTEHqXq6/x9rBszQsiRznaHWJTKFyqcF
+GHSkjqsyy8etm93HVMWaLgkoYLzEAQrQWsPnQVcHSxG06bgXSJaHQudvEgfKmHv8
+gTZVk1k2G19db5IRjN4PDYijiWrFhG0471pIyxavdrSG341kAACb0ovWVBjahzx1
+W/t+xkPkXsPW/HdZk1G3Yg+IGyh1TvbNHNuGgCTL9cMhOw5DwcpHk55G9XoxRHTh
+dQWCXk+3cjP6NatKCb5kAwmIT5JkRK3d2QPq/6TTR7wUAwIoGZsBij9XWEPfe+DN
+sn01AgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAgyqUMO2bWCk87U0Q7CVMvOfc
+jowL38t06vinnvtF0/WNwNJOitbU2Mxlyf0hx3H8t9JX98SXsNX1RDhEViFFjf43
+HYfbOvzTwS4nmc7ZJ6Sacr2p8f2VVuhBoDIBvRLWdqlB1eFGObVxoHduu2yr+1z9
+MixEahmpI8ZXzLXTXgLpbyPWg26bjOok6QcWlfDNGN3XSobLfrNzlxdtZve9YYuE
+Z5xjzln6aqjUNnUMIXtspAh9U614pQC5Tzp40LGPvPnhOOmXZS8Gx5EUEDDH/yfB
+F+/pHimHpBq7ht/wlrLroYaS6ohtt47MQDcG53jrb3co8mfPTFmRIgaQaLR8fQ/H
+poqu36u8p0nk0/N0eL8qXZ3Rtuoc2xUEMpjEgnVyc6/84w8YDxoBBqzR5GCWBC2E
+NuYlgiXO4PtEiKmIvDRxEc78vi++2GqcslpCit8OVm0QP032IrZT1EmF4ksn2BGE
+Dj46yb3u8V8yjqqj+5lY3WrpbptOkkHaWnAHYg+g72aVwWcNbt1yGk2EROXW1qci
+LyA9nHZIxYmf8DxIHW6Wqa8nw6XCnMv7BsADNw+LoFV6UMRlGTPwtObfnzvsNCYN
+Bbt6YvuOsNWu8XOQ8Sc4Uj5FeI6V2MeRtIytw64w3xCdv74F9PrGHcSNbnHjYEih
++5irxdtnmppZCKq2enE=
+-----END CERTIFICATE REQUEST-----
diff --git a/src/certificate/pki/intermediate/intermediate-kdn.key b/src/certificate/pki/intermediate/intermediate-kdn.key
new file mode 100644
index 0000000..282b1e2
--- /dev/null
+++ b/src/certificate/pki/intermediate/intermediate-kdn.key
@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJrTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIWij54e6t/OcCAggA
+MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBAIRbupksGgeVTMd6/aDZyaBIIJ
+UNXbCb/2+fMeZJIESA8+Ev5u73fUX1vDBDZkzoax/wTyYazu4ig1yA5TsIcZ92zO
+K3X7BFo2pMttKtQyJcZMSgQELeQzWQQ9t2OzVhA1IN5Y6GSblV16AyUBV1hSB0UC
+/PdYXFw56ZfX4XAQOSpIu5uCdv57hw315IZvuVy78jHz2W99Pv8RJTTQaCH1hThg
+6px/zYiEz4164F1WzV0J1xBpCqx92qGvM17iJxwCu82YIhl+lpxUHp1Tin2fnmVj
+uKzQT7LPU/Qoaml+K/r5eHi8+5UBjuUNzUoK4vSrwQTksrCX9may6FyWAekujTQ4
+oB/ncOvRWizKUrsV5TdCH9G7jNjC7BJdDJ3ijsTu/vCsvcpVKue3u/FiS76rgar5
+cfB79dHPH1VBjdUhUECP0mURc9XLvLYc8DiSwGlgLOYl1JQV9ntXrpxlCqAv7ZSp
+UbnKNNm6fOV43J3oJ14W08PeTunpcEMsFDGgQqkYO1gni8KMyQg1qT+3DRiR4tvM
+/aN+9gpCO1sqlAdVnrecq0DJgSiKOvpU7HhGzMmLwyV796KVjuSrPs5xl1r4rQPt
+uNdEg/Ds3vmm5INhDIZ4Ml+TbT+sj0635/vsqReZocU4ZDQK5T01z8aqhvI6thzT
+gSHPScArAcobpaUsSAX4prbVTzZHe0sshikvGqCu85usnAcVTBQx/pChVhEkz2vf
+fwN87yE4bjscQtUEVVztCXYV7Ms8jc7CBj/T4PuV5MSPZqMyaOHcpaIIW6gKG+Yv
+X3ZnY9NfrLrwJgq16qiy5b5LkkgoLWCqMWqnlE7ZbL/YMA2eZIC7VxvoQqL4t9gB
+EqAdORkCTQ3sfICctzHez4de1nLZqAnYqgKBWeW9XILPKdTMRgmDKh5vGgASi0Ak
+G/L7QXBkIMvK0UIHw25qnQ65l4eRCtAckGz9V0k+zlsXhIyPxN2+joRwkLnF/LAn
+2H0U7PLGgLOMDqP2Q33kQda9BBE5PEAX5hF4Nc1MqS5UdEglwbs0e/idCdNYpGZa
+uD+SOQHDyvCFoLoayj3Z1xvG91MnUUwraVJWCo9aOJhikGHGKAV+CqU1ob4xJz9I
+rRsVHoqD0IbWxnAqAd+iza6aqumfkrlbS9TaynHHNq/sPFCjjYs4uGWVDqoLmcyk
+3AkM/nJ+zJ87wdiu3qmr0uMVj9zwLpMJweE2YnLCGBQpr9Fv/F9OPo0lBgDfNFgx
+ZnY8cA187orVA6BUn3C4lXUfw5ItlKUnl+XOrVm+thdvoCSp6RoUkFtIw0lA6Omv
+Z37eY3amns2tsqS8WEfVCfAYc8BGD6P1DVmUqrRzVBNJ411VwjzDaY609niQMyDH
+bwnN7CaR5WIsukLlXHkRn6UfusfVTqQSgdzPx1ILbvHBrBUwqyeCUfONFltYJ4RS
+BSnoScMuvaJrehmtEg+ExCfhecNEVt0da5LZxCbVgytP0x6jxfiQUedDpsn4igOU
+FqcrIVOTegGu5piVYfQiQAPpZet+XBLhaGz7Ml4KkkddKh3IRQDiGd1ikeyqFQra
+w7ZcPd47YJiGklWZZV+fxTH+BdFLPHoBRJeLbrnVBf2koC3VD6/T5oeib9VVKp6A
+/uJoHHNUkXBL/ZMnyom6xCYIa1fyfFwxsi3I1acF7x15KuTaQWHlGabJgd5hoDch
+3qN5TSRFK/Rwwzo0lRdNmA/zGPFVXajwMyMzf2f0RMAhd83i6E4n+eZdyZMiC8ji
+CGZ7XKpjGIzsvZy65mNYzIpFLvGW4vePEATkF6x+sPm40gwVT7uvQ5vg/yJzbSYd
+JfK2UaJGjRR8HdMUttTOFcDHWLDRfUbbs0cgLV2MjloQJmBp1rgS5uAPFaw9zIjQ
+jx70kI5myH00hUeazREvuTfY3+FsJI8fiSEYX7UP6gXIo+OEhlmIxitj5VbS8XxH
+6C3VWS16sc7z4J3AE1Xjqm1zvpUoqH/XNkWri8q9Min3nLQxjZpfFDG2Axx3YIHa
+r1mdyPm0IUwadU3WkBg2pZEpcgvAWbzmfgqsYLec3hyqxqBe0/fNXtM+Qb41a77V
+YUhwcNJvIR4NA3o9zH/Z8ZWkjN1l4uwZnCLdAPAwLaIW35YENqZqeoiLAc/flLQ4
+qpuDc1kK3YbcYlNqEWFnRM9ESb9UEgo0bkMpsJ87RrHeAvitGBb3MizYownBAqw/
+qnjWQoTad7QicyHmQ4AfWBhmrEQqMx0Gpoof1ukrIUEYzGRTuE5loNO1i2Ph4hk6
+LrpEsBxNnEwOMknuz1G8nWlEDQMMMLLuCJDeThWkF0z5uuXxjeCtGMYzhsiF1sg1
+NTcvqNJEhUUbb+mUJWeb8pWnkj6Xg4oWe6JDlcl9qEmn1Zx4sXZURswsQl7Ugis5
+IpEEMO0DknM2w20acSGi2W5v2TLfKOL/EPknT8KSFH1Dfob8JpFA8DhyVZdjfzaJ
+gsWOl1u8q96On7Vn6L9QlbNpTBFbeZ9rt9myEMVbhC9bqHcgvhfu7DyDVJVoX+0C
+NP9UAQ60McD8+fnZa9DyIGxlD0Z8oMZjby8E5SiXo1Snju8YDWHchXPtJydjwjYX
+izz1lgFFf/THa+kzjyNVKwd4FzNSO94JaZrBY1I81UBSWQn4sG2VnNJUgMYrhONV
+UrvbPBOGKMm6V9aglhoT06H5qQno4dp2LC6qo9JVrhsuZP7XUutbxYBqHtQsDL3l
+4uOMU+H5HAXzqmENL6sCl0joNlXzmW36OeKBFLma983BSroFfWV2sVExiBltQnyI
+1kykH1Pl4UcOjNTTi5b1Y1VihWZIsnAxLnMF9z4/cIpXlfAtivKVKLuLBcdzL+ER
+/vDZ8bPFj360iTUaZ43fsBw0hMz/mbC+Osm6w60AtoZAPHAYo5UjJQMww+nLBCbS
+h2wJWelwratcJD2FI1NEVmBlucOSJMx+AxznetafU44p4T3SgdUFdsk7PbQ5/5qK
+1BzseITkVpmK5m4Y7aftSHeRYKYgUGfgpJTi2SNGOz0fFYJ7iYVoJnVblqM8tpIg
+TO+bPGpVZbI7Cse57KGvJTpgI25XqNKOvJeynh2swIr54cAC2i6o7St0DlAVdhvw
+0O1mzRF0+UROnq10Rz7p1Az5jQ+4dxwfcXPTa3+mwTXEZeibCXiEFMlUNqvuGl9t
+dDq5OyG/4jXE2dAh4EOdFRMN0r73L//u0UbuRoV8yHLi
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/src/certificate/pki/leaf-kdn/dfxagent-kdn-leaf-ext.cnf b/src/certificate/pki/leaf-kdn/dfxagent-kdn-leaf-ext.cnf
new file mode 100644
index 0000000..af4f398
--- /dev/null
+++ b/src/certificate/pki/leaf-kdn/dfxagent-kdn-leaf-ext.cnf
@@ -0,0 +1,11 @@
+[ v3_server ]
+basicConstraints = critical, CA:false
+keyUsage = critical, digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth, clientAuth
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer
+subjectAltName = @alt_names
+
+[ alt_names ]
+IP.1  = 10.10.10.11
+
diff --git a/src/certificate/pki/leaf-kdn/dfxagent-kdn-req.cnf b/src/certificate/pki/leaf-kdn/dfxagent-kdn-req.cnf
new file mode 100644
index 0000000..91b9296
--- /dev/null
+++ b/src/certificate/pki/leaf-kdn/dfxagent-kdn-req.cnf
@@ -0,0 +1,19 @@
+[ req ]
+default_bits       = 2048
+prompt             = no
+default_md         = sha256
+distinguished_name = dn
+req_extensions     = req_ext
+
+[ dn ]
+C  = KR
+O  = KDN
+OU = DFX
+CN = dfxagent-kdn-01
+
+[ req_ext ]
+subjectAltName = @alt_names
+
+[ alt_names ]
+IP.1  = 10.100.12.86
+
diff --git a/src/certificate/pki/leaf-kdn/dfxagent-kdn.crt b/src/certificate/pki/leaf-kdn/dfxagent-kdn.crt
new file mode 100644
index 0000000..f57fa7e
--- /dev/null
+++ b/src/certificate/pki/leaf-kdn/dfxagent-kdn.crt
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEqDCCApCgAwIBAgIUYj+gmelJCkYXejbDbJDs+NErEtowDQYJKoZIhvcNAQEL
+BQAwRTELMAkGA1UEBhMCS1IxEDAOBgNVBAoMB0JTTS1MQUIxJDAiBgNVBAMMG0JT
+TS1MQUIgS0ROIEludGVybWVkaWF0ZSBDQTAeFw0yNTEyMTgwMzQyMThaFw0yODAz
+MjIwMzQyMThaMEMxCzAJBgNVBAYTAktSMQwwCgYDVQQKDANLRE4xDDAKBgNVBAsM
+A0RGWDEYMBYGA1UEAwwPZGZ4YWdlbnQta2RuLTAxMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAsG9Inmy7kQ3QhThrm6Sg6xHO72oFMdIMEsKgjySRygiL
+LHpZE+fjIaEAXlYCcxRia5LNo7oH36umN/8oqE4EJUA7vXBzD/OJFXsfHpCKOhR1
+4LdSgDC+ZTsnD5+CMER6lGSuTibB6vsOb6ig0ywrGyFnzPunUt+znTJ9/Uii2CxW
+b0VdKu3atVL94WVrvunt1Ry6oNG+LDqMV9q0mYLOANSLPVNuQXTkT4dbbPRFEijO
+k0XET9kHH4zaCZdA2gMLwHEMULvXs62nV7MY2gg9AdzCkwARYJOD6DLS/n7Owsme
+/Hyv0F5XJ4Jl6YWhtRwDM+NSAbmA0QtRoZFN7rLMgwIDAQABo4GRMIGOMAwGA1Ud
+EwEB/wQCMAAwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
+BgEFBQcDAjAdBgNVHQ4EFgQUwgqZuP6ax1F6zG5QOox3S6+ul80wHwYDVR0jBBgw
+FoAUWUzAMIRszWaUoxYTwP/oYxM4xRowDwYDVR0RBAgwBocECgoKCzANBgkqhkiG
+9w0BAQsFAAOCAgEADjM1yiCRyC+/8OdVZWaMM7tV7ar+VYP0+DAfwJ3Hctv91Zh9
+YbhNgUFv/j3twHf6vW22d08U5yk04k4oILaizeef1bcUtRhwD6T+KwR1ggifApRW
+z/bayK31zqUV6AVSAocM2889eneeoMC8k6rgh1ZahPjVd4zXiOJj29g8X82ae/7Y
+xi4Okkkk8yWp0gooWGcZdmACKHP9OiQo1W4KOHW+KzDe8lr9qzghYN44MCEDa9xq
+Yf+RDz0/G0qkA/Ht+3EQh0zJaDFmmYKXdZlm6aHXM+Wvg638jUu6m185L6icxOp4
+bnjCXcoT1W7Mc1twYxxN7uR5WqFpzkUP8JNlZCLHxajxGnxwwqYmY/olSbPz53Lp
+Yq4rUWwh71mkYy5Q9LWtoFWrqnQL/OdyOxDyaxvbjC4b4RKJiiGO+7i/DAgaGxoT
+aKMEMZf9uTKV3r3iKzHNHEIuFrlvfcmlmup/BO0Wy9WUKIe2DxmrCJGis0ubh3fG
+ZT43SODQhDJLKcPpY71wMngJfgBneO/Xg3qelph2QoQxyC89g0iqGGw0Cg7wjkzp
+DrEmfy3G0r7WqWql/vLr0urcRuyBoNgfYJhgK+ZtcbOdt16pLqEdx9JHSJOI/DUJ
+ubn3aW6oHdEf48pY4XFZ6Lx+tOhTiRQ90+VVWgQA1mJpTrVz6nIRO3UCwzg=
+-----END CERTIFICATE-----
diff --git a/src/certificate/pki/leaf-kdn/dfxagent-kdn.csr b/src/certificate/pki/leaf-kdn/dfxagent-kdn.csr
new file mode 100644
index 0000000..de93f03
--- /dev/null
+++ b/src/certificate/pki/leaf-kdn/dfxagent-kdn.csr
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICqjCCAZICAQAwQzELMAkGA1UEBhMCS1IxDDAKBgNVBAoMA0tETjEMMAoGA1UE
+CwwDREZYMRgwFgYDVQQDDA9kZnhhZ2VudC1rZG4tMDEwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQCwb0iebLuRDdCFOGubpKDrEc7vagUx0gwSwqCPJJHK
+CIsselkT5+MhoQBeVgJzFGJrks2jugffq6Y3/yioTgQlQDu9cHMP84kVex8ekIo6
+FHXgt1KAML5lOycPn4IwRHqUZK5OJsHq+w5vqKDTLCsbIWfM+6dS37OdMn39SKLY
+LFZvRV0q7dq1Uv3hZWu+6e3VHLqg0b4sOoxX2rSZgs4A1Is9U25BdORPh1ts9EUS
+KM6TRcRP2QcfjNoJl0DaAwvAcQxQu9ezradXsxjaCD0B3MKTABFgk4PoMtL+fs7C
+yZ78fK/QXlcngmXphaG1HAMz41IBuYDRC1GhkU3ussyDAgMBAAGgIjAgBgkqhkiG
+9w0BCQ4xEzARMA8GA1UdEQQIMAaHBApkDFYwDQYJKoZIhvcNAQELBQADggEBAGSm
+/sjjml7h8tL6BZLVZYfn1Q1ccuImTv5FVd85oB7WOPCQgTjVTVw+uI7s/WGVVMAK
+eZZozKyKOGjq7JWavqpUZtHHU9GHCKHcy5aBYlHE9J4KXaFlaYgDOaAfVG1ClK7K
+rV5/2kfYUkgNnYRT1h5nyvCVoFKjZna7nJ+hJryLywMV+pK/UUfMAPTTd2ZAp3Pe
+F3DqwYQWd6v0/M7Lf+TmEUPw0enGjIFIJUHsPBIXvZBOEZO8rWsO04XxLHFPGdsD
+wjSnqIKkQup0AIZ10M2VoEDLX07tHwMXRRWeOY7pfn7D5fkxpCuOhymImBCo4Is1
+POrEvTN7zXRQAHBgx+Q=
+-----END CERTIFICATE REQUEST-----
diff --git a/src/certificate/pki/leaf-kdn/dfxagent-kdn.key b/src/certificate/pki/leaf-kdn/dfxagent-kdn.key
new file mode 100644
index 0000000..ed0bf9d
--- /dev/null
+++ b/src/certificate/pki/leaf-kdn/dfxagent-kdn.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCwb0iebLuRDdCF
+OGubpKDrEc7vagUx0gwSwqCPJJHKCIsselkT5+MhoQBeVgJzFGJrks2jugffq6Y3
+/yioTgQlQDu9cHMP84kVex8ekIo6FHXgt1KAML5lOycPn4IwRHqUZK5OJsHq+w5v
+qKDTLCsbIWfM+6dS37OdMn39SKLYLFZvRV0q7dq1Uv3hZWu+6e3VHLqg0b4sOoxX
+2rSZgs4A1Is9U25BdORPh1ts9EUSKM6TRcRP2QcfjNoJl0DaAwvAcQxQu9ezradX
+sxjaCD0B3MKTABFgk4PoMtL+fs7CyZ78fK/QXlcngmXphaG1HAMz41IBuYDRC1Gh
+kU3ussyDAgMBAAECggEAL3nSfabelfq0qJR1CE21a2vAVlYeDbjqvMWYdMwvWsEP
+yikl/SBB0xPCyJ+2SwcqMK4xHaR6Z+qFcL39T8SmguuU57XxkFJFCf22cwAL4fMN
+gSlzTsFPCmhva1nNq3VR0sqAyNDPD4785Hjoxco10zga+WKiNL+zUlJ66oP4Jdjd
+MeppfAI2lYtKgMJZ6At9L+yqh/qq5pihg6ugWMCwCyzRDYo7tP8jE8uczwXq8JGR
+RVpJJJT+nqyBq9d1MCFxj8SpS8UuCx4rpz1lbC3jLOs0B9OdsTthB7aTMTB3YqEw
+K7LWrV4tOgDUK9ow55tgdEzmn9geWpgPmhARIRHpsQKBgQC8Ewo7b12fhAKXZAYD
+Zv9Q3cwh4MZa+5IV/llAp7ngG7WIEjswO14+jPAyOj8K/x83R06LZcoMw6PPf7Zf
+QBIFCjKnRWTIvc0hDe0lclIRHQTgM1PolZXCrmYyr+1sFGRhRFCLhQ3p9oCr/mWm
+5kRDJ5DmbuRISAtmHutCmd+bqQKBgQDwKBBnVWZqM2u4SjudUr4o9UFvS8OEgHZo
+Un37srW2V46zHmN2sXWDJ0+hAj2ypF7DG+SptchDxjLs8uAChDN1ZdVHd743TDf2
+FsaYLK7DSktSJqgO4g6a0ET8Dh6Fm1Otzbq7lUOG9KzNOurWiLHNjaFrqhPi1VnV
+Ngjtr73iSwKBgQCTQg028EHMDl7BDs4uh8zNEn0s4YQt5OBDXD2iBDHjqY5/llbF
+sxZdv5iqmzSVdaCJdcmoF/EWAXEXnRW8irwROiTjF9CL5SDiCrduJI7hW2lf6pB+
+gfEa19apRVqOz4CxL/4o3+s/D4U8JhqNjapRMn+gDZ+sgMx8DyWBpl2Q0QKBgDiA
+hJN7QTQ9UtuyA2KZRAoo4bNItQBopPMYbXGZcy0qXnV/8dDMIaSwzAhKma99ApqO
+5naTQUHI0NR0tAWDiwPU6J/+6S7jbMsmQqUs5hUmVqBGXgXaY6tC0ugmfkHa8I4U
+uBlIHfITgNBsSzIcSRDegJrvEeytW4xRQTqCvX8PAoGAcxI6qVspt5ycjmSqOALe
+rp+1ptWEDVF/gUEzEerELakqQErMV5bMQ7rF8qJdW88eOL8JQJtZ3f4gCbZmgu5H
+5l/gkz7pNZCI38p6g818RzVHWVpaEgnbYCYbXR21QUHMR2c7P8aAojwZsNiv+Yvi
+QIu6GToonjjmjGXTpePJDCI=
+-----END PRIVATE KEY-----
diff --git a/src/certificate/pki/leaf-kdn/dfxagent-kdn.p12 b/src/certificate/pki/leaf-kdn/dfxagent-kdn.p12
new file mode 100644
index 0000000..9e45ec1
Binary files /dev/null and b/src/certificate/pki/leaf-kdn/dfxagent-kdn.p12 differ
diff --git a/src/certificate/pki/leaf-kdn/truststore-kdn.jks b/src/certificate/pki/leaf-kdn/truststore-kdn.jks
new file mode 100644
index 0000000..3977c99
Binary files /dev/null and b/src/certificate/pki/leaf-kdn/truststore-kdn.jks differ
diff --git a/src/certificate/pki/root/root-ext-kdn.cnf b/src/certificate/pki/root/root-ext-kdn.cnf
new file mode 100644
index 0000000..2b1fd10
--- /dev/null
+++ b/src/certificate/pki/root/root-ext-kdn.cnf
@@ -0,0 +1,5 @@
+[ v3_intermediate_ca ]
+basicConstraints = critical, CA:true, pathlen:0
+keyUsage = critical, keyCertSign, cRLSign
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
diff --git a/src/certificate/pki/root/rootca-kdn.crt b/src/certificate/pki/root/rootca-kdn.crt
new file mode 100644
index 0000000..272c367
--- /dev/null
+++ b/src/certificate/pki/root/rootca-kdn.crt
@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFWzCCA0OgAwIBAgIUHS2vme1ULV9M11i9OdaCmy1QuDYwDQYJKoZIhvcNAQEL
+BQAwPTELMAkGA1UEBhMCS1IxEDAOBgNVBAoMB0JTTS1MQUIxHDAaBgNVBAMME0JT
+TS1MQUIgS0ROIFJvb3QgQ0EwHhcNMjUxMjE1MDgzNjA4WhcNMzUxMjEzMDgzNjA4
+WjA9MQswCQYDVQQGEwJLUjEQMA4GA1UECgwHQlNNLUxBQjEcMBoGA1UEAwwTQlNN
+LUxBQiBLRE4gUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
+AOANyCJLnChz+nIpXMdQjuwZDUWFYrieMI1psNGLcEWyn/DJux2rF1r0riJA0Oc5
+VLSK62oljMeAeYxMTyeu84t+QHT9jBRRaCyAdSddnh7kURb6Q32juinTJjlxVx1/
+qTyyASR4R1BSdHzRNpczKCHAxZArObq+XOzUjgDWxxkXtopu4k52E3W+OqWliW/r
+6c3xOiILP1mMybbhpYAI9QyU+OjFsESWAnxWOl6MLcAXjzQw2mO9JDy3Y7JJjVsd
+tKqoPIsOc6ziwoSbE11T4xwg+k3CQDcmNQINH+qDlLiIRhcIJjPjjNhevVfVkDXe
+bqoQT50+4qEgwJd0I881GqARc3QoUpYYRsUwR+EBgoK8JJHdljZIC1lhdolAeyux
+U+ksfj1icWAhnKdrAgMr2Ph6zVYICMVVenTEdkMF3NfSRfwCJkkAhM9jjPE1ghPq
+2qHAbCN2IK+zJlfdsXmHiF19/uGnIj8FCxVXwOwrwxMXQHJ8qvr4vTjKlgzmWfIw
+L7E6STuU8ub4PNmvsRKmYN//+o+O+j6HMfCvBcnQnq3ecC6px+Uq4p9BnYCrUczS
+IwvE4GEmHCDcItOTgMR6gTHq0xvdB0nm41TasbvBFu0yUfo5pHo2WMluvisHP1KW
+3lxfljIICU157X2TZTFaGHGnWwHNDB+iVys+YD2yo72vAgMBAAGjUzBRMB0GA1Ud
+DgQWBBQLqs8c7pgfq12GLNQc38Wrn77eoDAfBgNVHSMEGDAWgBQLqs8c7pgfq12G
+LNQc38Wrn77eoDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQAp
+M0fJw/46yn6bVFqJeFT4vJ7n0wWD4fwb/vHtKnGiqEysnLSln/f3qv+203C1P1Y9
+xAob0k6w7MGRwN7dQIABAFWgxXK0ONL0zwc5Wrodp5JXhFJyf53KuQ26fBecUcQc
+KlpF8hddOc3aHMrVX15JK1orN0YpjpCoiuZvFwIohvBHrYUKhk8YRvTdxp/tAZTC
+L7AG9f2j8ib8762BqVMFmjbvA4dK9mPb/ajg2EEUOnPHF3yqndG1VFUCaVyJ3/Pu
+IeM1Wfy2R0uCk9hhOr+RylKT8Z0srv8W/cxV2EAym5XFqGqKKGQHWm58lfAEG9Uw
+dcpR6JjPWqCV0/xbJEj3O8SWlZ8D14x+iKvP6VQHPccNrLPJUiKUOXlwgRz437ve
+wx7Ehnb21TkH4rWA7VUd1dYLLlvt7p3EQtgl2AxRzO/jJil+8IPmXWJjkzLgm1WK
+6KP8jprJHhT/PC6MMZNh0K+BjKWW2dG4cL90RxaPdUNmaXttQnrJJ+mZT7kpoSIw
+nveO7vWWsd3KOfgEY95m3o91cigCoSFzBm/OulLAQJQo9fH2jggS6f21+YQwBXg8
+xBSHceSpmoGtGaKFcghc98vr0B/L8hvmNfujJd3cw6i+jxVlSnxAbDBxE7cxcLpH
+3d4+A7RQhFTSXqinU/ect/OodDlgtL0TBEs6vGBYYg==
+-----END CERTIFICATE-----
diff --git a/src/certificate/pki/root/rootca-kdn.key b/src/certificate/pki/root/rootca-kdn.key
new file mode 100644
index 0000000..3a17d64
--- /dev/null
+++ b/src/certificate/pki/root/rootca-kdn.key
@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJrTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQI7bZZy6ptJpwCAggA
+MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBBrkecuy2G85ThOIPGcNtx2BIIJ
+UAURsJ0Zy32Hfkcke7tRohX8RNU/Aj03zDap+dTSy/+Z4eTCjygUCRScMvQlJlBe
+GXNwL+arKj3Y6FNugTebhOxrUTX9j5AXJMMe0R9t7DuYRG5VtYR2jeovLlQboJs8
+OQs0wIRsXJSwmFsF/wZA10bTzFpWScB7N9XHFXkKkCSlN2pSZXG5PxYLevtHha9v
+KVN6Am04YhAxMZfC4uTZfRP4eujXiL3IZNLWGQvK6TK4peOxrWChrBAsClHwknfL
+Y2iUj0dZhXG56suvH/rsboJgjipRVrAvlAOTP7F4GxLqFGU/A0ZwxAueQ219MTbO
+LMsMk5RJNKHFSCr9er/yqMGwIVyuWSJRCuoW1lGgV6tJ85CfDly+To9AHZeZPE1m
+q7Afr5Pp1RmY9mk3YZUHq/+mDuFyKc1j1z89s1ufj86xZoxvSZrrLhX5rAiTnexw
+Vl5EYBmLThtmFh4X4P3yImPKNrn8G1rSIofN+PW7zvJL2aMoOa/eV5k4xA4pUD56
+aOQF4guZvxR5AbJvWqUfMxR04oVuGmARb8RqZgByoPDQqZZCENaXpgC5W6EpbVjX
+Sr0iE6uAgY2aX/PJ2rB70hkVupk8rTVfArn/UUFy5XD4Ifg5ph1LY2dmRerrKQfK
+NG32kkSD3sFUIRboBw8botrSHiyxyNGM9JZf9pPuVE3BkUtQqqBdispPpvVITIxG
+DWNrp/NOzktuVb2xRYyAa/Goo+FL7E/W/voAdDILYTjNXqWtTwQuas1myAthPJ+f
+l2lMA8bRRqKEJOpIGwN49XPBtOcTPINI4eC4q+H+xGThbukUmkPO8O3xinZRbELN
+NOIcCqYHcJuwsJAqlgrc200/5UAIuOFJrCcg1TBt310CWdsqFLIBuFrlbhVrFBBT
+Pp7ZogEcmp/ogY7ttSReza9HeiwJOWHqw6PNP+8zztsrqf2I07CR03H0E+20VZty
+jerUqa5KsCTKaNtPT2p7IOv+IsdWDr+HX1OzbRiULsE/5etAFDblbTP2dKcVNdLO
+OSbejQX1NfJ2CNn9uiV0bOTUkCOvU87TTntPPke10H2knADfZ/E8XBaX0Qs/wuk4
+tQzQoar1Y8V4Zjnu0lEzydZN3hGiJ0pz0BdKNV168Oa3df+dTTAkNI8KulRKnRHs
+V+oy/XWouUeUj3Ra3DuPnWayUHi9Ojca0fE3raWoIbO3FFnzLsedKeIkCoX1gb7h
+/+CbUiMz4wT7fsqGcM7wpiXNdMlAeoDhgOLpssZEY8Vb0ElUNxqypAh2MkEErHrj
+qMDkx0OtqYFMqQqZSmlF9oDVg+0ra3aC9tZlPNtuS8TxMqEA0Pb+FgySM3YVRTBU
+vnilQQbFa+Q0Spo7uB4cEfN6B2kLpW/Of2Tjtpe7hzOMXbpCDhooI5aGeGERZIPg
+PpyvAZn1KJMaFrjFVzS08pitNRRynJIsUIUUFekISnuu9JfaA7H8cpdXiz+wIxbW
+79qWujCIV7vur1gy8Wdnu4ixzzdlctc2zeJeRRjDTTgCLMDI/Q0h/ettJBOGtc3e
+19k+vBxRmVTubLmSBqRZSONi78vLZboyzpBnbHWUMOZiMGtcAWsfY2Y07W37UZNk
+rS2ysB+3o6Ag1wUoMs8SE9YvNNx1Slnn2T2inS6GeO3nX24/DTjBesiTi4hR15L2
+CIZ8ifGB5yTk3gpR8pSEAl6E875ZI6nXbxBL9fYCpSZk7hoKNUKniJHPObokRE7O
+HpcU6/VBKIGHm30xLrgb2qMniCAdUSl0PdrXZ6LYx7WJe/ak9IyPp3B8jkp31Lul
+FmjS9QDx32UbrZfd7ekZZj6Bry8GZfaqJDW57+NOEhbwvduB0f37dskN4UswSDEw
+O1XKeEPL6QXqv+CkPB/q74T0fHhTdgI6np33ETcARYECdC7llHkxPgtRbys/Ykn8
+XfSFk1hM2mwMhKkb40QMfuYpNiwN32iKwlaIE5q0j4SIKGLsa8jOGbEAGDig3+Rx
+vNOYiZeeBMnrhx5FeQRMlW+QaetCdUGGARGTR3/zmll7EqDuB2R+nH9XlcTSwrTw
+Xy+xH8vLR9tED2pJ/hTBSvRbr+Lj07U7SvuLdcCmF3BV8O7x8y6GxjEbgDvcYHpG
+qLGLHqjDjXd+1uwkBOeYlqIKbG9IdSgzHY/BeFNfGccoBVDq73N4uL0EN+YI3vR0
+HXeb/mQhbSs6ivncIc4Qb68VEIJi0iBRtabegyFZdXMqoQP8BEnBadWIYFFsFeAy
+mZsDUPMQbixtkdkQgP0n2QFQhqIUHRljQmJfLORPKC2xUbeXJd9kFh3BdW8aVOEW
+g+pTGN4LqNZwBvamTXpGcP0VGTVoxtJD3RYjIsDvqyM2cq72p8PryCoQjqgvF8Mt
+XmWJRkJd1Ivp3p5f4vn4Z/IpN9jBtjEpgh0xQMM5naoFCDcu7iUm9X2vUgknz/62
+2mamZjtoQmu+RdpQpj+bHWaJeL5EEIGnzFhogmpb2JrbnzpNQ8dnCG/A9jD6F96d
+3+P+4b7VESWeHNLKMno0ewSKmxOXn/s4UWhqSRBBU1jd1elwrmHTkPxcxwpZLCsQ
+59qfp9tvZqgugAlSKIi3d8rWMPNPcB7OIHs062fZbnB6tpRXRgHQwPWNZzQrazpF
+wJFlFvfn4xUYN19LvhLqT7ksB4Q9Vd0vN3rYyxH7QFChLZgRKGqzywmD3RxcOv2/
+b7S2vY87Cgd+4H2GqFFWy8Of/HhvU/gck8x0U1l2GyW//2U9TfsC+KlQVBqdnvZ/
+vqTdMYI1QEIYFttKot9kTjc9q7oPZlivVyb7pG3bwm48+Ujpest6cQ5x6/7NLjxd
+5AjYKWr3xSajjW8cKH940Mx+7s2rFrPOE4X4NhlWEafAti/V9B/ThZjEZpkl0E7q
+BbO4Prh8kSVnaPlkvKGXYq+7+j7LqL0uSR/xO6CcT98uDPVW+ofMl9MzqelRBBdG
+vXvKCDTYL+ewMMQs2SJ5rXAm0oYzRYKWbBDBcmzC+Qt5t4XU79mZw/fAgC5JYO2G
+tZjopYc+kOSX1SoJ5e1F+sZlPPNWZ4fi1c2LwpERyZx6wn9b3xagQcV6U6ZAbCd3
+00N+pK11AluK/ZXD2k48yh2VjHFLL2JLrHD/KjCgiC3yTcQaSQMAUz/9wQcWUD5o
+iio8UAtxqSppPdRMkWr92QIcprKZjlppP+IgaLKZEnoL
+-----END ENCRYPTED PRIVATE KEY-----