From 997ced88f24ddded5ca5c21b9db2a3c825763e53 Mon Sep 17 00:00:00 2001
From: "icksishu@gmail.com" <icksishu@gmail.com>
Date: Thu, 18 Dec 2025 14:13:41 +0900
Subject: [PATCH] =?UTF-8?q?Key=20=EA=B4=80=EB=A6=AC=20=EA=B8=B0=EB=8A=A5?=
 =?UTF-8?q?=20=EC=9E=91=EC=97=85=EC=A4=91=20-=20Key=20=EC=83=9D=EC=84=B1?=
 =?UTF-8?q?=20=EC=A0=95=EB=A6=AC?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/certificate/create-leaf.md                | 123 ++++++++++++++++++
 src/certificate/create-rootca.md              |  16 +--
 .../pki/intermediate/ca-chain-kdn.crt         |  63 +++++++++
 .../pki/intermediate/intermediate-kdn.crt     |  32 +++++
 .../pki/intermediate/intermediate-kdn.csr     |  27 ++++
 .../pki/intermediate/intermediate-kdn.key     |  54 ++++++++
 .../pki/leaf-kdn/dfxagent-kdn-leaf-ext.cnf    |  11 ++
 .../pki/leaf-kdn/dfxagent-kdn-req.cnf         |  19 +++
 src/certificate/pki/leaf-kdn/dfxagent-kdn.crt |  27 ++++
 src/certificate/pki/leaf-kdn/dfxagent-kdn.csr |  17 +++
 src/certificate/pki/leaf-kdn/dfxagent-kdn.key |  28 ++++
 src/certificate/pki/leaf-kdn/dfxagent-kdn.p12 | Bin 0 -> 5906 bytes
 .../pki/leaf-kdn/truststore-kdn.jks           | Bin 0 -> 1782 bytes
 src/certificate/pki/root/root-ext-kdn.cnf     |   5 +
 src/certificate/pki/root/rootca-kdn.crt       |  31 +++++
 src/certificate/pki/root/rootca-kdn.key       |  54 ++++++++
 16 files changed, 495 insertions(+), 12 deletions(-)
 create mode 100644 src/certificate/create-leaf.md
 create mode 100644 src/certificate/pki/intermediate/ca-chain-kdn.crt
 create mode 100644 src/certificate/pki/intermediate/intermediate-kdn.crt
 create mode 100644 src/certificate/pki/intermediate/intermediate-kdn.csr
 create mode 100644 src/certificate/pki/intermediate/intermediate-kdn.key
 create mode 100644 src/certificate/pki/leaf-kdn/dfxagent-kdn-leaf-ext.cnf
 create mode 100644 src/certificate/pki/leaf-kdn/dfxagent-kdn-req.cnf
 create mode 100644 src/certificate/pki/leaf-kdn/dfxagent-kdn.crt
 create mode 100644 src/certificate/pki/leaf-kdn/dfxagent-kdn.csr
 create mode 100644 src/certificate/pki/leaf-kdn/dfxagent-kdn.key
 create mode 100644 src/certificate/pki/leaf-kdn/dfxagent-kdn.p12
 create mode 100644 src/certificate/pki/leaf-kdn/truststore-kdn.jks
 create mode 100644 src/certificate/pki/root/root-ext-kdn.cnf
 create mode 100644 src/certificate/pki/root/rootca-kdn.crt
 create mode 100644 src/certificate/pki/root/rootca-kdn.key

diff --git a/src/certificate/create-leaf.md b/src/certificate/create-leaf.md
new file mode 100644
index 0000000..49f7269
--- /dev/null
+++ b/src/certificate/create-leaf.md
@@ -0,0 +1,123 @@
+# 고객사 설치용 leaf 인증서 생성
+
+## 1) leaf 개인키 생성
+
+```bash
+mkdir -p pki/leaf-kdn
+cd pki/leaf-kdn
+openssl genrsa -out dfxagent-kdn.key 2048
+```
+
+---
+
+## 2) CSR 생성 + SAN(도메인/IP) 넣기
+
+### 2-1) CSR용 설정 파일 만들기: `dfxagent-kdn-req.cnf`
+
+```ini
+[ req ]
+default_bits       = 2048
+prompt             = no
+default_md         = sha256
+distinguished_name = dn
+req_extensions     = req_ext
+
+[ dn ]
+C  = KR
+O  = KDN
+OU = DFX
+CN = dfxagent-kdn-01
+
+[ req_ext ]
+subjectAltName = @alt_names
+
+[ alt_names ]
+IP.1  = 10.100.12.86
+```
+
+### 2-2) CSR 생성
+
+```bash
+openssl req -new -key dfxagent-kdn.key -out dfxagent-kdn.csr -config dfxagent-kdn-req.cnf
+```
+
+---
+
+## 3) Intermediate로 leaf 인증서 서명(발급)
+
+### 3-1) leaf 확장 파일 만들기: `dfxagent-kdn-leaf-ext.cnf`
+
+#### ✅ 서버용(HTTPS), mTLS 클라이언트 겸용
+
+```ini
+[ v3_server ]
+basicConstraints = critical, CA:false
+keyUsage = critical, digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth, clientAuth
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer
+subjectAltName = @alt_names
+
+[ alt_names ]
+IP.1  = 10.10.10.11
+```
+
+### 3-2) Intermediate로 서명
+
+```bash
+openssl x509 -req -in dfxagent-kdn.csr -CA ../intermediate/intermediate-kdn.crt -CAkey ../intermediate/intermediate-kdn.key -CAcreateserial -out dfxagent-kdn.crt -days 825 -sha256 -extfile dfxagent-kdn-leaf-ext.cnf -extensions v3_server
+```
+
+> `-days`는 운영 정책에 맞춰 조정(예: 365, 730 등).
+
+---
+
+## 4) 체인 검증(중요)
+
+```bash
+openssl verify -CAfile ca-chain.crt dfxagent-kdn.crt
+```
+
+`OK`가 나오는지 확인
+
+---
+
+## 5) (Java/톰캣용) PKCS12 keystore(p12) 만들기
+
+DFXAgent가 Spring Boot(내장 톰캣)이므로 `p12`를 keystore로 사용
+
+```bash
+openssl pkcs12 -export -inkey dfxagent-kdn.key -in dfxagent-kdn.crt -certfile ca-chain-kdn.crt -out dfxagent-kdn.p12 -name dfxagent-kdn-01
+```
+
+---
+
+## 6) (클라이언트 검증용) truststore 만들기 - JKS truststore (Java에서 흔함)
+
+```bash
+keytool -importcert -alias bsm-ca-chain -file ../intermediate/ca-chain-kdn.crt -keystore truststore-kdn.jks -storepass changeit -noprompt
+```
+
+---
+
+## settings.json 구조 예시
+
+```json
+{
+  "tls": {
+    "enabled": true,
+    "port": 8443,
+    "keyStorePath": "cert/dfxagent-kdn.p12",
+    "keyStorePassword": "qortpals1!",
+    "keyStoreType": "PKCS12",
+    "trustStorePath": "cert/truststore-kdn.jks",
+    "trustStorePassword": "qortpals1!",
+    "trustStoreType": "JKS",
+    "clientAuth": "none"
+  },
+  "outboundTls": {
+    "enabled": true,
+    "useClientCert": false
+  }
+}
+```
\ No newline at end of file
diff --git a/src/certificate/create-rootca.md b/src/certificate/create-rootca.md
index 9a091e4..af0ebbb 100644
--- a/src/certificate/create-rootca.md
+++ b/src/certificate/create-rootca.md
@@ -52,8 +52,7 @@ openssl req -new -key intermediate-kdn.key -subj "/C=KR/O=BSM-LAB/CN=BSM-LAB KDN
 ```
 
 ### 2-3) Root로 Intermediate 인증서 서명
-
-여기서 `v3_intermediate_ca` 확장(Constraints/KeyUsage)을 꼭 넣는 게 좋습니다. 간단히 쓸 수 있는 `root-ext.cnf` 파일을 하나 만듭니다.
+`v3_intermediate_ca` 확장(Constraints/KeyUsage) 작성 `root-ext-kdn.cnf`
 
 **(root-ext.cnf)**
 
@@ -70,22 +69,15 @@ authorityKeyIdentifier = keyid:always,issuer
 ```bash
 # root 폴더로 돌아가 Root 키/인증서로 서명
 cd ../root
-
-openssl x509 -req -in ../intermediate/intermediate.csr \
-  -CA rootca.crt -CAkey rootca.key -CAcreateserial \
-  -out ../intermediate/intermediate.crt \
-  -days 1825 -sha256 \
-  -extfile root-ext.cnf -extensions v3_intermediate_ca
+openssl x509 -req -in ../intermediate/intermediate-kdn.csr -CA rootca-kdn.crt -CAkey rootca-kdn.key -CAcreateserial -out ../intermediate/intermediate-kdn.crt -days 1825 -sha256 -extfile root-ext-kdn.cnf -extensions v3_intermediate_ca
 ```
 
 ### 2-4) CA 체인 파일 만들기
-
+고객사 설치용 CA 체인 생성. 추후 truststore 저장
 ```bash
-cat ../intermediate/intermediate.crt rootca.crt > ../intermediate/ca-chain.crt
+cat ../intermediate/intermediate-kdn.crt rootca-kdn.crt > ../intermediate/ca-chain-kdn.crt
 ```
 
-이 `ca-chain.crt`가 “고객사 설치용 CA 체인”으로 자주 쓰입니다(신뢰 저장소에 넣기 좋음).
-
 ---
 
 ## 3) 다음 단계(참고): leaf(에이전트/웹서버) 발급은 Intermediate로
diff --git a/src/certificate/pki/intermediate/ca-chain-kdn.crt b/src/certificate/pki/intermediate/ca-chain-kdn.crt
new file mode 100644
index 0000000..f748bd8
--- /dev/null
+++ b/src/certificate/pki/intermediate/ca-chain-kdn.crt
@@ -0,0 +1,63 @@
+-----BEGIN CERTIFICATE-----
+MIIFdjCCA16gAwIBAgIUagcY/EA8YhiKbdXbIFcNeZorkMkwDQYJKoZIhvcNAQEL
+BQAwPTELMAkGA1UEBhMCS1IxEDAOBgNVBAoMB0JTTS1MQUIxHDAaBgNVBAMME0JT
+TS1MQUIgS0ROIFJvb3QgQ0EwHhcNMjUxMjE4MDMyMjA2WhcNMzAxMjE3MDMyMjA2
+WjBFMQswCQYDVQQGEwJLUjEQMA4GA1UECgwHQlNNLUxBQjEkMCIGA1UEAwwbQlNN
+LUxBQiBLRE4gSW50ZXJtZWRpYXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+MIICCgKCAgEAmlhljugoaMwZIAnSHrgXCxVu9+DYMskqbEOlgJFpffPYf77fAadv
+R8omaKzFWjwno+l8ziJo26zwUNTSFCfhw2refgmoyJwSakQ2FFsRKgg8pEAJOi85
+MGFBXS41ECNzTp8Y7cMv4xq/96tFpW4lvOxVQdr29sTd6kjdANqAtisI/ZUmslrE
+c7J9MlpWJ7HI9kMbRPcFjni3yDib2SV02lYlEtOT9/vURcnNsq8RsjDwD7idngll
+ioIS7WlXWo2+ENuEEq8CQnoJ+ZTZZM10y+9arHW6r8UrWR0trqyMW6NfcI3IJ273
+a8O5rABkroRIp9e67b3o4uFYE71fEP5yZ8JIv77J5a3QzXJWd39IdxranGJS8QpH
+NpbGz1KchRKHiIfz5L6VMQeperr/H2sGzNCyJHOdodYlMoXKpwUYdKSOqzLLx62b
+3cdUxZouCShgvMQBCtBaw+dBVwdLEbTpuBdIlodC528SB8qYe/yBNlWTWTYbX11v
+khGM3g8NiKOJasWEbTjvWkjLFq92tIbfjWQAAJvSi9ZUGNqHPHVb+37GQ+Rew9b8
+d1mTUbdiD4gbKHVO9s0c24aAJMv1wyE7DkPBykeTnkb1ejFEdOF1BYJeT7dyM/o1
+q0oJvmQDCYhPkmRErd3ZA+r/pNNHvBQDAigZmwGKP1dYQ9974M2yfTUCAwEAAaNm
+MGQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE
+FFlMwDCEbM1mlKMWE8D/6GMTOMUaMB8GA1UdIwQYMBaAFAuqzxzumB+rXYYs1Bzf
+xaufvt6gMA0GCSqGSIb3DQEBCwUAA4ICAQBJvhagYrQ1fM2qti8ZDCeU+xyAamXl
+Kf/pe4wmV/FukhK+dNgHjCEGsNuQSiOc22KjaozTWWBUI+ClfG6uLscgX66PhAO7
+oGIzUgI5cA9hY8OfjZxAmw+MCrIknZz0AQZ3I3RJo2mOyfXvnPs1p28OVawT/GHw
+1eYtRrwjKRUr6UVKygZZnXeRpGNPWpmTyASWIJAkCGrNGs5O4x8c/FOrKxjAHfFD
+NcJQb68IJ8nLyHONuocHPNiZTWMguJROScz9ykowshFO1PoUSOHHKXOf/72fNmA0
+IFYrl98EVwWQvDh8KPaIJ3NvGie2cVkeaauWTqHygyO+/qClGZysHIxSICQgIvPT
+diOwCCYJOmG/suCcLa85qOfCEP2HrJuXf0VK6VrAnrwWhit7zMpJ7yW6/nq3NXIU
+7xT2XYshpeQO/NNYa1xSGjfSzqAbxt2Z1Wo1F0NEem4LjXfFICAIFVgEVBsIhRoP
+CmzD585CsxzinLUy6ubPXIHWkq/QrPSvrtiacgQfJvdNXwXgbMyeQK6fr/WSQp1Z
+96KoGdVv57DArXe0/usKWKeogioBMRyqUPPXbsVz7U8H4tuqP07kKzY+KZB33q9Q
+gtcvVl6UAQd6DfsImTGEl+AIYsgd862ggcyFoOzA57qEeWIdAOHvzW5JBGil3SwS
+ekELOLfSwn9p+A==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFWzCCA0OgAwIBAgIUHS2vme1ULV9M11i9OdaCmy1QuDYwDQYJKoZIhvcNAQEL
+BQAwPTELMAkGA1UEBhMCS1IxEDAOBgNVBAoMB0JTTS1MQUIxHDAaBgNVBAMME0JT
+TS1MQUIgS0ROIFJvb3QgQ0EwHhcNMjUxMjE1MDgzNjA4WhcNMzUxMjEzMDgzNjA4
+WjA9MQswCQYDVQQGEwJLUjEQMA4GA1UECgwHQlNNLUxBQjEcMBoGA1UEAwwTQlNN
+LUxBQiBLRE4gUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
+AOANyCJLnChz+nIpXMdQjuwZDUWFYrieMI1psNGLcEWyn/DJux2rF1r0riJA0Oc5
+VLSK62oljMeAeYxMTyeu84t+QHT9jBRRaCyAdSddnh7kURb6Q32juinTJjlxVx1/
+qTyyASR4R1BSdHzRNpczKCHAxZArObq+XOzUjgDWxxkXtopu4k52E3W+OqWliW/r
+6c3xOiILP1mMybbhpYAI9QyU+OjFsESWAnxWOl6MLcAXjzQw2mO9JDy3Y7JJjVsd
+tKqoPIsOc6ziwoSbE11T4xwg+k3CQDcmNQINH+qDlLiIRhcIJjPjjNhevVfVkDXe
+bqoQT50+4qEgwJd0I881GqARc3QoUpYYRsUwR+EBgoK8JJHdljZIC1lhdolAeyux
+U+ksfj1icWAhnKdrAgMr2Ph6zVYICMVVenTEdkMF3NfSRfwCJkkAhM9jjPE1ghPq
+2qHAbCN2IK+zJlfdsXmHiF19/uGnIj8FCxVXwOwrwxMXQHJ8qvr4vTjKlgzmWfIw
+L7E6STuU8ub4PNmvsRKmYN//+o+O+j6HMfCvBcnQnq3ecC6px+Uq4p9BnYCrUczS
+IwvE4GEmHCDcItOTgMR6gTHq0xvdB0nm41TasbvBFu0yUfo5pHo2WMluvisHP1KW
+3lxfljIICU157X2TZTFaGHGnWwHNDB+iVys+YD2yo72vAgMBAAGjUzBRMB0GA1Ud
+DgQWBBQLqs8c7pgfq12GLNQc38Wrn77eoDAfBgNVHSMEGDAWgBQLqs8c7pgfq12G
+LNQc38Wrn77eoDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQAp
+M0fJw/46yn6bVFqJeFT4vJ7n0wWD4fwb/vHtKnGiqEysnLSln/f3qv+203C1P1Y9
+xAob0k6w7MGRwN7dQIABAFWgxXK0ONL0zwc5Wrodp5JXhFJyf53KuQ26fBecUcQc
+KlpF8hddOc3aHMrVX15JK1orN0YpjpCoiuZvFwIohvBHrYUKhk8YRvTdxp/tAZTC
+L7AG9f2j8ib8762BqVMFmjbvA4dK9mPb/ajg2EEUOnPHF3yqndG1VFUCaVyJ3/Pu
+IeM1Wfy2R0uCk9hhOr+RylKT8Z0srv8W/cxV2EAym5XFqGqKKGQHWm58lfAEG9Uw
+dcpR6JjPWqCV0/xbJEj3O8SWlZ8D14x+iKvP6VQHPccNrLPJUiKUOXlwgRz437ve
+wx7Ehnb21TkH4rWA7VUd1dYLLlvt7p3EQtgl2AxRzO/jJil+8IPmXWJjkzLgm1WK
+6KP8jprJHhT/PC6MMZNh0K+BjKWW2dG4cL90RxaPdUNmaXttQnrJJ+mZT7kpoSIw
+nveO7vWWsd3KOfgEY95m3o91cigCoSFzBm/OulLAQJQo9fH2jggS6f21+YQwBXg8
+xBSHceSpmoGtGaKFcghc98vr0B/L8hvmNfujJd3cw6i+jxVlSnxAbDBxE7cxcLpH
+3d4+A7RQhFTSXqinU/ect/OodDlgtL0TBEs6vGBYYg==
+-----END CERTIFICATE-----
diff --git a/src/certificate/pki/intermediate/intermediate-kdn.crt b/src/certificate/pki/intermediate/intermediate-kdn.crt
new file mode 100644
index 0000000..d05e178
--- /dev/null
+++ b/src/certificate/pki/intermediate/intermediate-kdn.crt
@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFdjCCA16gAwIBAgIUagcY/EA8YhiKbdXbIFcNeZorkMkwDQYJKoZIhvcNAQEL
+BQAwPTELMAkGA1UEBhMCS1IxEDAOBgNVBAoMB0JTTS1MQUIxHDAaBgNVBAMME0JT
+TS1MQUIgS0ROIFJvb3QgQ0EwHhcNMjUxMjE4MDMyMjA2WhcNMzAxMjE3MDMyMjA2
+WjBFMQswCQYDVQQGEwJLUjEQMA4GA1UECgwHQlNNLUxBQjEkMCIGA1UEAwwbQlNN
+LUxBQiBLRE4gSW50ZXJtZWRpYXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+MIICCgKCAgEAmlhljugoaMwZIAnSHrgXCxVu9+DYMskqbEOlgJFpffPYf77fAadv
+R8omaKzFWjwno+l8ziJo26zwUNTSFCfhw2refgmoyJwSakQ2FFsRKgg8pEAJOi85
+MGFBXS41ECNzTp8Y7cMv4xq/96tFpW4lvOxVQdr29sTd6kjdANqAtisI/ZUmslrE
+c7J9MlpWJ7HI9kMbRPcFjni3yDib2SV02lYlEtOT9/vURcnNsq8RsjDwD7idngll
+ioIS7WlXWo2+ENuEEq8CQnoJ+ZTZZM10y+9arHW6r8UrWR0trqyMW6NfcI3IJ273
+a8O5rABkroRIp9e67b3o4uFYE71fEP5yZ8JIv77J5a3QzXJWd39IdxranGJS8QpH
+NpbGz1KchRKHiIfz5L6VMQeperr/H2sGzNCyJHOdodYlMoXKpwUYdKSOqzLLx62b
+3cdUxZouCShgvMQBCtBaw+dBVwdLEbTpuBdIlodC528SB8qYe/yBNlWTWTYbX11v
+khGM3g8NiKOJasWEbTjvWkjLFq92tIbfjWQAAJvSi9ZUGNqHPHVb+37GQ+Rew9b8
+d1mTUbdiD4gbKHVO9s0c24aAJMv1wyE7DkPBykeTnkb1ejFEdOF1BYJeT7dyM/o1
+q0oJvmQDCYhPkmRErd3ZA+r/pNNHvBQDAigZmwGKP1dYQ9974M2yfTUCAwEAAaNm
+MGQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE
+FFlMwDCEbM1mlKMWE8D/6GMTOMUaMB8GA1UdIwQYMBaAFAuqzxzumB+rXYYs1Bzf
+xaufvt6gMA0GCSqGSIb3DQEBCwUAA4ICAQBJvhagYrQ1fM2qti8ZDCeU+xyAamXl
+Kf/pe4wmV/FukhK+dNgHjCEGsNuQSiOc22KjaozTWWBUI+ClfG6uLscgX66PhAO7
+oGIzUgI5cA9hY8OfjZxAmw+MCrIknZz0AQZ3I3RJo2mOyfXvnPs1p28OVawT/GHw
+1eYtRrwjKRUr6UVKygZZnXeRpGNPWpmTyASWIJAkCGrNGs5O4x8c/FOrKxjAHfFD
+NcJQb68IJ8nLyHONuocHPNiZTWMguJROScz9ykowshFO1PoUSOHHKXOf/72fNmA0
+IFYrl98EVwWQvDh8KPaIJ3NvGie2cVkeaauWTqHygyO+/qClGZysHIxSICQgIvPT
+diOwCCYJOmG/suCcLa85qOfCEP2HrJuXf0VK6VrAnrwWhit7zMpJ7yW6/nq3NXIU
+7xT2XYshpeQO/NNYa1xSGjfSzqAbxt2Z1Wo1F0NEem4LjXfFICAIFVgEVBsIhRoP
+CmzD585CsxzinLUy6ubPXIHWkq/QrPSvrtiacgQfJvdNXwXgbMyeQK6fr/WSQp1Z
+96KoGdVv57DArXe0/usKWKeogioBMRyqUPPXbsVz7U8H4tuqP07kKzY+KZB33q9Q
+gtcvVl6UAQd6DfsImTGEl+AIYsgd862ggcyFoOzA57qEeWIdAOHvzW5JBGil3SwS
+ekELOLfSwn9p+A==
+-----END CERTIFICATE-----
diff --git a/src/certificate/pki/intermediate/intermediate-kdn.csr b/src/certificate/pki/intermediate/intermediate-kdn.csr
new file mode 100644
index 0000000..de17ff5
--- /dev/null
+++ b/src/certificate/pki/intermediate/intermediate-kdn.csr
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIEijCCAnICAQAwRTELMAkGA1UEBhMCS1IxEDAOBgNVBAoMB0JTTS1MQUIxJDAi
+BgNVBAMMG0JTTS1MQUIgS0ROIEludGVybWVkaWF0ZSBDQTCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBAJpYZY7oKGjMGSAJ0h64FwsVbvfg2DLJKmxDpYCR
+aX3z2H++3wGnb0fKJmisxVo8J6PpfM4iaNus8FDU0hQn4cNq3n4JqMicEmpENhRb
+ESoIPKRACTovOTBhQV0uNRAjc06fGO3DL+Mav/erRaVuJbzsVUHa9vbE3epI3QDa
+gLYrCP2VJrJaxHOyfTJaViexyPZDG0T3BY54t8g4m9kldNpWJRLTk/f71EXJzbKv
+EbIw8A+4nZ4JZYqCEu1pV1qNvhDbhBKvAkJ6CfmU2WTNdMvvWqx1uq/FK1kdLa6s
+jFujX3CNyCdu92vDuawAZK6ESKfXuu296OLhWBO9XxD+cmfCSL++yeWt0M1yVnd/
+SHca2pxiUvEKRzaWxs9SnIUSh4iH8+S+lTEHqXq6/x9rBszQsiRznaHWJTKFyqcF
+GHSkjqsyy8etm93HVMWaLgkoYLzEAQrQWsPnQVcHSxG06bgXSJaHQudvEgfKmHv8
+gTZVk1k2G19db5IRjN4PDYijiWrFhG0471pIyxavdrSG341kAACb0ovWVBjahzx1
+W/t+xkPkXsPW/HdZk1G3Yg+IGyh1TvbNHNuGgCTL9cMhOw5DwcpHk55G9XoxRHTh
+dQWCXk+3cjP6NatKCb5kAwmIT5JkRK3d2QPq/6TTR7wUAwIoGZsBij9XWEPfe+DN
+sn01AgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAgyqUMO2bWCk87U0Q7CVMvOfc
+jowL38t06vinnvtF0/WNwNJOitbU2Mxlyf0hx3H8t9JX98SXsNX1RDhEViFFjf43
+HYfbOvzTwS4nmc7ZJ6Sacr2p8f2VVuhBoDIBvRLWdqlB1eFGObVxoHduu2yr+1z9
+MixEahmpI8ZXzLXTXgLpbyPWg26bjOok6QcWlfDNGN3XSobLfrNzlxdtZve9YYuE
+Z5xjzln6aqjUNnUMIXtspAh9U614pQC5Tzp40LGPvPnhOOmXZS8Gx5EUEDDH/yfB
+F+/pHimHpBq7ht/wlrLroYaS6ohtt47MQDcG53jrb3co8mfPTFmRIgaQaLR8fQ/H
+poqu36u8p0nk0/N0eL8qXZ3Rtuoc2xUEMpjEgnVyc6/84w8YDxoBBqzR5GCWBC2E
+NuYlgiXO4PtEiKmIvDRxEc78vi++2GqcslpCit8OVm0QP032IrZT1EmF4ksn2BGE
+Dj46yb3u8V8yjqqj+5lY3WrpbptOkkHaWnAHYg+g72aVwWcNbt1yGk2EROXW1qci
+LyA9nHZIxYmf8DxIHW6Wqa8nw6XCnMv7BsADNw+LoFV6UMRlGTPwtObfnzvsNCYN
+Bbt6YvuOsNWu8XOQ8Sc4Uj5FeI6V2MeRtIytw64w3xCdv74F9PrGHcSNbnHjYEih
++5irxdtnmppZCKq2enE=
+-----END CERTIFICATE REQUEST-----
diff --git a/src/certificate/pki/intermediate/intermediate-kdn.key b/src/certificate/pki/intermediate/intermediate-kdn.key
new file mode 100644
index 0000000..282b1e2
--- /dev/null
+++ b/src/certificate/pki/intermediate/intermediate-kdn.key
@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJrTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIWij54e6t/OcCAggA
+MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBAIRbupksGgeVTMd6/aDZyaBIIJ
+UNXbCb/2+fMeZJIESA8+Ev5u73fUX1vDBDZkzoax/wTyYazu4ig1yA5TsIcZ92zO
+K3X7BFo2pMttKtQyJcZMSgQELeQzWQQ9t2OzVhA1IN5Y6GSblV16AyUBV1hSB0UC
+/PdYXFw56ZfX4XAQOSpIu5uCdv57hw315IZvuVy78jHz2W99Pv8RJTTQaCH1hThg
+6px/zYiEz4164F1WzV0J1xBpCqx92qGvM17iJxwCu82YIhl+lpxUHp1Tin2fnmVj
+uKzQT7LPU/Qoaml+K/r5eHi8+5UBjuUNzUoK4vSrwQTksrCX9may6FyWAekujTQ4
+oB/ncOvRWizKUrsV5TdCH9G7jNjC7BJdDJ3ijsTu/vCsvcpVKue3u/FiS76rgar5
+cfB79dHPH1VBjdUhUECP0mURc9XLvLYc8DiSwGlgLOYl1JQV9ntXrpxlCqAv7ZSp
+UbnKNNm6fOV43J3oJ14W08PeTunpcEMsFDGgQqkYO1gni8KMyQg1qT+3DRiR4tvM
+/aN+9gpCO1sqlAdVnrecq0DJgSiKOvpU7HhGzMmLwyV796KVjuSrPs5xl1r4rQPt
+uNdEg/Ds3vmm5INhDIZ4Ml+TbT+sj0635/vsqReZocU4ZDQK5T01z8aqhvI6thzT
+gSHPScArAcobpaUsSAX4prbVTzZHe0sshikvGqCu85usnAcVTBQx/pChVhEkz2vf
+fwN87yE4bjscQtUEVVztCXYV7Ms8jc7CBj/T4PuV5MSPZqMyaOHcpaIIW6gKG+Yv
+X3ZnY9NfrLrwJgq16qiy5b5LkkgoLWCqMWqnlE7ZbL/YMA2eZIC7VxvoQqL4t9gB
+EqAdORkCTQ3sfICctzHez4de1nLZqAnYqgKBWeW9XILPKdTMRgmDKh5vGgASi0Ak
+G/L7QXBkIMvK0UIHw25qnQ65l4eRCtAckGz9V0k+zlsXhIyPxN2+joRwkLnF/LAn
+2H0U7PLGgLOMDqP2Q33kQda9BBE5PEAX5hF4Nc1MqS5UdEglwbs0e/idCdNYpGZa
+uD+SOQHDyvCFoLoayj3Z1xvG91MnUUwraVJWCo9aOJhikGHGKAV+CqU1ob4xJz9I
+rRsVHoqD0IbWxnAqAd+iza6aqumfkrlbS9TaynHHNq/sPFCjjYs4uGWVDqoLmcyk
+3AkM/nJ+zJ87wdiu3qmr0uMVj9zwLpMJweE2YnLCGBQpr9Fv/F9OPo0lBgDfNFgx
+ZnY8cA187orVA6BUn3C4lXUfw5ItlKUnl+XOrVm+thdvoCSp6RoUkFtIw0lA6Omv
+Z37eY3amns2tsqS8WEfVCfAYc8BGD6P1DVmUqrRzVBNJ411VwjzDaY609niQMyDH
+bwnN7CaR5WIsukLlXHkRn6UfusfVTqQSgdzPx1ILbvHBrBUwqyeCUfONFltYJ4RS
+BSnoScMuvaJrehmtEg+ExCfhecNEVt0da5LZxCbVgytP0x6jxfiQUedDpsn4igOU
+FqcrIVOTegGu5piVYfQiQAPpZet+XBLhaGz7Ml4KkkddKh3IRQDiGd1ikeyqFQra
+w7ZcPd47YJiGklWZZV+fxTH+BdFLPHoBRJeLbrnVBf2koC3VD6/T5oeib9VVKp6A
+/uJoHHNUkXBL/ZMnyom6xCYIa1fyfFwxsi3I1acF7x15KuTaQWHlGabJgd5hoDch
+3qN5TSRFK/Rwwzo0lRdNmA/zGPFVXajwMyMzf2f0RMAhd83i6E4n+eZdyZMiC8ji
+CGZ7XKpjGIzsvZy65mNYzIpFLvGW4vePEATkF6x+sPm40gwVT7uvQ5vg/yJzbSYd
+JfK2UaJGjRR8HdMUttTOFcDHWLDRfUbbs0cgLV2MjloQJmBp1rgS5uAPFaw9zIjQ
+jx70kI5myH00hUeazREvuTfY3+FsJI8fiSEYX7UP6gXIo+OEhlmIxitj5VbS8XxH
+6C3VWS16sc7z4J3AE1Xjqm1zvpUoqH/XNkWri8q9Min3nLQxjZpfFDG2Axx3YIHa
+r1mdyPm0IUwadU3WkBg2pZEpcgvAWbzmfgqsYLec3hyqxqBe0/fNXtM+Qb41a77V
+YUhwcNJvIR4NA3o9zH/Z8ZWkjN1l4uwZnCLdAPAwLaIW35YENqZqeoiLAc/flLQ4
+qpuDc1kK3YbcYlNqEWFnRM9ESb9UEgo0bkMpsJ87RrHeAvitGBb3MizYownBAqw/
+qnjWQoTad7QicyHmQ4AfWBhmrEQqMx0Gpoof1ukrIUEYzGRTuE5loNO1i2Ph4hk6
+LrpEsBxNnEwOMknuz1G8nWlEDQMMMLLuCJDeThWkF0z5uuXxjeCtGMYzhsiF1sg1
+NTcvqNJEhUUbb+mUJWeb8pWnkj6Xg4oWe6JDlcl9qEmn1Zx4sXZURswsQl7Ugis5
+IpEEMO0DknM2w20acSGi2W5v2TLfKOL/EPknT8KSFH1Dfob8JpFA8DhyVZdjfzaJ
+gsWOl1u8q96On7Vn6L9QlbNpTBFbeZ9rt9myEMVbhC9bqHcgvhfu7DyDVJVoX+0C
+NP9UAQ60McD8+fnZa9DyIGxlD0Z8oMZjby8E5SiXo1Snju8YDWHchXPtJydjwjYX
+izz1lgFFf/THa+kzjyNVKwd4FzNSO94JaZrBY1I81UBSWQn4sG2VnNJUgMYrhONV
+UrvbPBOGKMm6V9aglhoT06H5qQno4dp2LC6qo9JVrhsuZP7XUutbxYBqHtQsDL3l
+4uOMU+H5HAXzqmENL6sCl0joNlXzmW36OeKBFLma983BSroFfWV2sVExiBltQnyI
+1kykH1Pl4UcOjNTTi5b1Y1VihWZIsnAxLnMF9z4/cIpXlfAtivKVKLuLBcdzL+ER
+/vDZ8bPFj360iTUaZ43fsBw0hMz/mbC+Osm6w60AtoZAPHAYo5UjJQMww+nLBCbS
+h2wJWelwratcJD2FI1NEVmBlucOSJMx+AxznetafU44p4T3SgdUFdsk7PbQ5/5qK
+1BzseITkVpmK5m4Y7aftSHeRYKYgUGfgpJTi2SNGOz0fFYJ7iYVoJnVblqM8tpIg
+TO+bPGpVZbI7Cse57KGvJTpgI25XqNKOvJeynh2swIr54cAC2i6o7St0DlAVdhvw
+0O1mzRF0+UROnq10Rz7p1Az5jQ+4dxwfcXPTa3+mwTXEZeibCXiEFMlUNqvuGl9t
+dDq5OyG/4jXE2dAh4EOdFRMN0r73L//u0UbuRoV8yHLi
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/src/certificate/pki/leaf-kdn/dfxagent-kdn-leaf-ext.cnf b/src/certificate/pki/leaf-kdn/dfxagent-kdn-leaf-ext.cnf
new file mode 100644
index 0000000..af4f398
--- /dev/null
+++ b/src/certificate/pki/leaf-kdn/dfxagent-kdn-leaf-ext.cnf
@@ -0,0 +1,11 @@
+[ v3_server ]
+basicConstraints = critical, CA:false
+keyUsage = critical, digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth, clientAuth
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer
+subjectAltName = @alt_names
+
+[ alt_names ]
+IP.1  = 10.10.10.11
+
diff --git a/src/certificate/pki/leaf-kdn/dfxagent-kdn-req.cnf b/src/certificate/pki/leaf-kdn/dfxagent-kdn-req.cnf
new file mode 100644
index 0000000..91b9296
--- /dev/null
+++ b/src/certificate/pki/leaf-kdn/dfxagent-kdn-req.cnf
@@ -0,0 +1,19 @@
+[ req ]
+default_bits       = 2048
+prompt             = no
+default_md         = sha256
+distinguished_name = dn
+req_extensions     = req_ext
+
+[ dn ]
+C  = KR
+O  = KDN
+OU = DFX
+CN = dfxagent-kdn-01
+
+[ req_ext ]
+subjectAltName = @alt_names
+
+[ alt_names ]
+IP.1  = 10.100.12.86
+
diff --git a/src/certificate/pki/leaf-kdn/dfxagent-kdn.crt b/src/certificate/pki/leaf-kdn/dfxagent-kdn.crt
new file mode 100644
index 0000000..f57fa7e
--- /dev/null
+++ b/src/certificate/pki/leaf-kdn/dfxagent-kdn.crt
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEqDCCApCgAwIBAgIUYj+gmelJCkYXejbDbJDs+NErEtowDQYJKoZIhvcNAQEL
+BQAwRTELMAkGA1UEBhMCS1IxEDAOBgNVBAoMB0JTTS1MQUIxJDAiBgNVBAMMG0JT
+TS1MQUIgS0ROIEludGVybWVkaWF0ZSBDQTAeFw0yNTEyMTgwMzQyMThaFw0yODAz
+MjIwMzQyMThaMEMxCzAJBgNVBAYTAktSMQwwCgYDVQQKDANLRE4xDDAKBgNVBAsM
+A0RGWDEYMBYGA1UEAwwPZGZ4YWdlbnQta2RuLTAxMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAsG9Inmy7kQ3QhThrm6Sg6xHO72oFMdIMEsKgjySRygiL
+LHpZE+fjIaEAXlYCcxRia5LNo7oH36umN/8oqE4EJUA7vXBzD/OJFXsfHpCKOhR1
+4LdSgDC+ZTsnD5+CMER6lGSuTibB6vsOb6ig0ywrGyFnzPunUt+znTJ9/Uii2CxW
+b0VdKu3atVL94WVrvunt1Ry6oNG+LDqMV9q0mYLOANSLPVNuQXTkT4dbbPRFEijO
+k0XET9kHH4zaCZdA2gMLwHEMULvXs62nV7MY2gg9AdzCkwARYJOD6DLS/n7Owsme
+/Hyv0F5XJ4Jl6YWhtRwDM+NSAbmA0QtRoZFN7rLMgwIDAQABo4GRMIGOMAwGA1Ud
+EwEB/wQCMAAwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
+BgEFBQcDAjAdBgNVHQ4EFgQUwgqZuP6ax1F6zG5QOox3S6+ul80wHwYDVR0jBBgw
+FoAUWUzAMIRszWaUoxYTwP/oYxM4xRowDwYDVR0RBAgwBocECgoKCzANBgkqhkiG
+9w0BAQsFAAOCAgEADjM1yiCRyC+/8OdVZWaMM7tV7ar+VYP0+DAfwJ3Hctv91Zh9
+YbhNgUFv/j3twHf6vW22d08U5yk04k4oILaizeef1bcUtRhwD6T+KwR1ggifApRW
+z/bayK31zqUV6AVSAocM2889eneeoMC8k6rgh1ZahPjVd4zXiOJj29g8X82ae/7Y
+xi4Okkkk8yWp0gooWGcZdmACKHP9OiQo1W4KOHW+KzDe8lr9qzghYN44MCEDa9xq
+Yf+RDz0/G0qkA/Ht+3EQh0zJaDFmmYKXdZlm6aHXM+Wvg638jUu6m185L6icxOp4
+bnjCXcoT1W7Mc1twYxxN7uR5WqFpzkUP8JNlZCLHxajxGnxwwqYmY/olSbPz53Lp
+Yq4rUWwh71mkYy5Q9LWtoFWrqnQL/OdyOxDyaxvbjC4b4RKJiiGO+7i/DAgaGxoT
+aKMEMZf9uTKV3r3iKzHNHEIuFrlvfcmlmup/BO0Wy9WUKIe2DxmrCJGis0ubh3fG
+ZT43SODQhDJLKcPpY71wMngJfgBneO/Xg3qelph2QoQxyC89g0iqGGw0Cg7wjkzp
+DrEmfy3G0r7WqWql/vLr0urcRuyBoNgfYJhgK+ZtcbOdt16pLqEdx9JHSJOI/DUJ
+ubn3aW6oHdEf48pY4XFZ6Lx+tOhTiRQ90+VVWgQA1mJpTrVz6nIRO3UCwzg=
+-----END CERTIFICATE-----
diff --git a/src/certificate/pki/leaf-kdn/dfxagent-kdn.csr b/src/certificate/pki/leaf-kdn/dfxagent-kdn.csr
new file mode 100644
index 0000000..de93f03
--- /dev/null
+++ b/src/certificate/pki/leaf-kdn/dfxagent-kdn.csr
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICqjCCAZICAQAwQzELMAkGA1UEBhMCS1IxDDAKBgNVBAoMA0tETjEMMAoGA1UE
+CwwDREZYMRgwFgYDVQQDDA9kZnhhZ2VudC1rZG4tMDEwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQCwb0iebLuRDdCFOGubpKDrEc7vagUx0gwSwqCPJJHK
+CIsselkT5+MhoQBeVgJzFGJrks2jugffq6Y3/yioTgQlQDu9cHMP84kVex8ekIo6
+FHXgt1KAML5lOycPn4IwRHqUZK5OJsHq+w5vqKDTLCsbIWfM+6dS37OdMn39SKLY
+LFZvRV0q7dq1Uv3hZWu+6e3VHLqg0b4sOoxX2rSZgs4A1Is9U25BdORPh1ts9EUS
+KM6TRcRP2QcfjNoJl0DaAwvAcQxQu9ezradXsxjaCD0B3MKTABFgk4PoMtL+fs7C
+yZ78fK/QXlcngmXphaG1HAMz41IBuYDRC1GhkU3ussyDAgMBAAGgIjAgBgkqhkiG
+9w0BCQ4xEzARMA8GA1UdEQQIMAaHBApkDFYwDQYJKoZIhvcNAQELBQADggEBAGSm
+/sjjml7h8tL6BZLVZYfn1Q1ccuImTv5FVd85oB7WOPCQgTjVTVw+uI7s/WGVVMAK
+eZZozKyKOGjq7JWavqpUZtHHU9GHCKHcy5aBYlHE9J4KXaFlaYgDOaAfVG1ClK7K
+rV5/2kfYUkgNnYRT1h5nyvCVoFKjZna7nJ+hJryLywMV+pK/UUfMAPTTd2ZAp3Pe
+F3DqwYQWd6v0/M7Lf+TmEUPw0enGjIFIJUHsPBIXvZBOEZO8rWsO04XxLHFPGdsD
+wjSnqIKkQup0AIZ10M2VoEDLX07tHwMXRRWeOY7pfn7D5fkxpCuOhymImBCo4Is1
+POrEvTN7zXRQAHBgx+Q=
+-----END CERTIFICATE REQUEST-----
diff --git a/src/certificate/pki/leaf-kdn/dfxagent-kdn.key b/src/certificate/pki/leaf-kdn/dfxagent-kdn.key
new file mode 100644
index 0000000..ed0bf9d
--- /dev/null
+++ b/src/certificate/pki/leaf-kdn/dfxagent-kdn.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCwb0iebLuRDdCF
+OGubpKDrEc7vagUx0gwSwqCPJJHKCIsselkT5+MhoQBeVgJzFGJrks2jugffq6Y3
+/yioTgQlQDu9cHMP84kVex8ekIo6FHXgt1KAML5lOycPn4IwRHqUZK5OJsHq+w5v
+qKDTLCsbIWfM+6dS37OdMn39SKLYLFZvRV0q7dq1Uv3hZWu+6e3VHLqg0b4sOoxX
+2rSZgs4A1Is9U25BdORPh1ts9EUSKM6TRcRP2QcfjNoJl0DaAwvAcQxQu9ezradX
+sxjaCD0B3MKTABFgk4PoMtL+fs7CyZ78fK/QXlcngmXphaG1HAMz41IBuYDRC1Gh
+kU3ussyDAgMBAAECggEAL3nSfabelfq0qJR1CE21a2vAVlYeDbjqvMWYdMwvWsEP
+yikl/SBB0xPCyJ+2SwcqMK4xHaR6Z+qFcL39T8SmguuU57XxkFJFCf22cwAL4fMN
+gSlzTsFPCmhva1nNq3VR0sqAyNDPD4785Hjoxco10zga+WKiNL+zUlJ66oP4Jdjd
+MeppfAI2lYtKgMJZ6At9L+yqh/qq5pihg6ugWMCwCyzRDYo7tP8jE8uczwXq8JGR
+RVpJJJT+nqyBq9d1MCFxj8SpS8UuCx4rpz1lbC3jLOs0B9OdsTthB7aTMTB3YqEw
+K7LWrV4tOgDUK9ow55tgdEzmn9geWpgPmhARIRHpsQKBgQC8Ewo7b12fhAKXZAYD
+Zv9Q3cwh4MZa+5IV/llAp7ngG7WIEjswO14+jPAyOj8K/x83R06LZcoMw6PPf7Zf
+QBIFCjKnRWTIvc0hDe0lclIRHQTgM1PolZXCrmYyr+1sFGRhRFCLhQ3p9oCr/mWm
+5kRDJ5DmbuRISAtmHutCmd+bqQKBgQDwKBBnVWZqM2u4SjudUr4o9UFvS8OEgHZo
+Un37srW2V46zHmN2sXWDJ0+hAj2ypF7DG+SptchDxjLs8uAChDN1ZdVHd743TDf2
+FsaYLK7DSktSJqgO4g6a0ET8Dh6Fm1Otzbq7lUOG9KzNOurWiLHNjaFrqhPi1VnV
+Ngjtr73iSwKBgQCTQg028EHMDl7BDs4uh8zNEn0s4YQt5OBDXD2iBDHjqY5/llbF
+sxZdv5iqmzSVdaCJdcmoF/EWAXEXnRW8irwROiTjF9CL5SDiCrduJI7hW2lf6pB+
+gfEa19apRVqOz4CxL/4o3+s/D4U8JhqNjapRMn+gDZ+sgMx8DyWBpl2Q0QKBgDiA
+hJN7QTQ9UtuyA2KZRAoo4bNItQBopPMYbXGZcy0qXnV/8dDMIaSwzAhKma99ApqO
+5naTQUHI0NR0tAWDiwPU6J/+6S7jbMsmQqUs5hUmVqBGXgXaY6tC0ugmfkHa8I4U
+uBlIHfITgNBsSzIcSRDegJrvEeytW4xRQTqCvX8PAoGAcxI6qVspt5ycjmSqOALe
+rp+1ptWEDVF/gUEzEerELakqQErMV5bMQ7rF8qJdW88eOL8JQJtZ3f4gCbZmgu5H
+5l/gkz7pNZCI38p6g818RzVHWVpaEgnbYCYbXR21QUHMR2c7P8aAojwZsNiv+Yvi
+QIu6GToonjjmjGXTpePJDCI=
+-----END PRIVATE KEY-----
diff --git a/src/certificate/pki/leaf-kdn/dfxagent-kdn.p12 b/src/certificate/pki/leaf-kdn/dfxagent-kdn.p12
new file mode 100644
index 0000000000000000000000000000000000000000..9e45ec18ff9530edaf6d9e14da0ed3d37a8a1212
GIT binary patch
literal 5906
zcmai&RZtwzvaV-fkij9i6Wj;)put@Nf#4S0Jp>qhaCe6=xNC4HID{m)yF+k0IdyOC
z{dgW$b@lgm)q3l$`XEpuECe7T1WGu73}y+F54*(#q5$)ugiRnQVckDm1%cvR{x?F-
zhvIDgLu&{?z`ye6zX=ec`=1606QT%V{%?x`AqSxbeZEi-JC=_?KtKgRFpyFI-){(D
zBmjg08Eg_J541!C0a-veqjatZ&0B@JxPOB@8UKzq2SRb2_dJh3pdm-3X}mp83tLYj
zL>9vv)tdf_8AbKu4f*O*r*25i!=hF54!V5MUDw0GVzl?6vn(W~fhmbhzBgcL5$1lR
z1C~jd+;~xQi!&5R54NhULr^Ri1SdFQcCR2g%&<81yIS!7c$ZB^<<n*7+3tCNT>6WX
zgEhblQ8NGV6;DeJ@|J7;>45KQ@Xw_}J>o;V985aV#KiJ`D<reIA$+uX#jQX<ys^ly
z?7ZSBYt_5i29Z!2;kkY`h0)$F=N<Yz+n(`}wR{yhrv9v%fuR5@-AiLB)WhcCW|iDr
zs+{T!iC{b@qr-%JOuVLMTcp^DGC3s6U)t7tM-~9FO>2+stKMV&sXEgs6nsmmU`Zz_
z)rlM?4EurOP-jl}bCZ3W!fuT&!hdIKWc80>fANI)xN(PMwqwYvV&1oj!??*5a4D54
zmN(0^i(5@EujKZw5s|^7)Yp1+AA?sXsHC10Dw7lSsLL!p{W@z_Q#BQ+pJ|@0HU4<i
zEHIGfzMo)KbMs+CJjAtnT<g+N0d^&E-!;;&Uen^br7NS;a9t3_7SA{Ru}ssO_Z0|6
zpt&&Y)4fVZ8772$YLiYzO5Qjj?B29T&a`~nQ~bwyaZT{<-PgtU<N8?Lg-@a&JIi=)
zqB{IJ7MZy>jrbbqJmLwRU0m(>E;#kINcmh8=d5Pcq0kKXX%C5vsQzjV9w3UcI_lid
z7adD9pDc0TnKyba;-0WJwOZyk2XVnH$m|U)kym#sA=_2Xo*3QdqmeH#F%F_sL96zj
z<~G{Uv4<A&LY>O=bve=lk-+@-s?CuSzI6UN?ke&+t_nu-jS}Qc;j>d%VV1{-HxgoR
zhc81dxW2|2jGf#(x}=YP{{A)b)L>T?QT4ak!r*X0BsQ_M*L$~0Kcm!(Cu<Z$&h???
zpBRGAi>Ka`^cYm(!B5sn-1p2qcahq%3gL=85!a+gF3Yd^T3n#EzBj8<RbeZKhj+h=
zIj5ZIpSr8QBpa8x>nqre@;dxgYU4IcuOgnFMx5sRevnNa^t2>!luU3b)hfKiHNW_`
z$Yr39)*)=37jZt>X#5%}eoUaka)?I0H=6Wrx1@N4Zt*T%wM<=V`~xW$aI=a~wBJZ&
zK(mCjftmdv4PNIr7AX-V5%9DQR0u4=sk;ywmnL-A=OZB+5j-unT0H4w-&mT1XMmpg
z?x$XR)YO;wOvFx2MN>T#rwJEi6gQvz@MlYQFjIwcqq@*xmJ$g<qNf~x0!0XngJDS|
ze57raqP0;KG_+Y$!2TBHsCAjt(hpbi-y3R*b!>o*Ylmz3mu?{44{wpTn;mV8>k+)s
zi;f8XS|7?S0EB7wj2EgWvp>6wB{R61F~n7khLSq0*x*fIZ~2D6ujsrt{J*)L{FI4M
zSaZP2*U|Ejyby@#+3647*kEiLwle|_vN}wKPD4X!#@T#(#IB3JDMYv`%Ut<@a8H(E
zSEjVUMHbQ`dTkTYN!Rp$iV~xLb3Pyu0K>T)eo+>)K$tzKg54@T$ja$t2lpbsq2}`O
z)##y+lK8*QR0>TLIaM;<lecXI`Fj|moskdHO3i()t07yQx2(p@Tc-o_#oWJHNgdxp
zRJT`O@sQ$o*k1bmRhdJL6Ye5^&etpaS*$nKD&#zQ_}WpgI%LEvZ<@&@HP~skjnJG3
z65>Vk3>3T}m0);zA;bQSN--2Qe`k~-I@3OG^NE+-pz?8XCHvjv+aj|nY`)D>QS%j*
zmB6#I9brGbmJQ7u!o7_jJ{xfyOGM?k{Z&dN9eR7tY|Y|9xih82Fvs|FvCjKNMU0R8
zH2bv#wJ$|&I(6~pud>v}p&@AQXI^!JW1)&7F7F`#<5VLe_?i>FY<<6=+atoxl4Oxi
zzkKzQ*>{Ptgt$$6Ek^#mCkESEZjKstM=<3DhjxKR$JnZ5$yE6Y?%rbjPsb;H#2&%<
z;HI&t0Lm%9ADM0eV}PpP@8KLmopn@4D1`PnOss2K<?bqa*;Nxuub+B@NX~-RUaW1l
zDgQnk19qY&Na<hKe+UbQ28*u;;3^h1Ny6k<V!w9pYw*glsq8TNbVbYJxV@8ob?wiU
zO2YtBCYgtcDs&vomp0-yA*?)XG(-voy)RlM;Gpf(bYV2;PI<d9yES3kP3E1gK@%i7
zs{PVXbj^jYEH#FC4%lu4&Yl%rlpX!{L{|9{1=JLMdY>S3i;d><4qMv7exX!ZIHz1K
z775o?o0n*A{nUOg&s*Ddd<Rd&%AF)rf=tx4Ql#ShJy>8`jmmb<!SID`K3nG2?$Ist
z(XyUdFG|45vx7V~m~Kjcv9pOcxj^P5Ow3JBB+lM4?mK%Tc9T*1JM<W4FSez4P_eM*
zdcjH><u`Bj`7bFK+4?ZS7{UXOL4R3sItiXkGdO~;ZHXDZ!AK#;K>I?mlc+JLeC}ak
zda(xVrT`|J_wi8wC-JXX3*x&sf2Fdg<nTOo1o%<hj@EWYA|u^)+4d#Irt-859^1@=
zV8=5XrM_;_a5u%y4rgWcANc1yT><we71C|QEFAWmV3fB0ZM=}`=h4vx)k+jS$;h(9
z7Y#2&tUCTmK--_kD<dY8ix`UJL8WFYP@$bbP%QhllsyKqChCT<i|g4RT}fDB!DOuA
z>H6(X@6{ngDo-O}m`m;e<(?Ymspf8E4YM8E$gnv~OwP2<@FcL&EldWKeq-x%j>j=P
zGH~E9awM}%xk0&lY0`yLs)Qz~=jkDCDrhqS=(|%i#O2IVZtattrTUcH{w2lGNOXD2
z{?$_8u|cgcU+0MIv_d>U07@sX1r41Kv{K=v7}^@NXp%_vHN!2J54CX}8{T{|w}GkD
zg!xIh^vNb(dojVeIJT8Z8#CTtqK*nvKfd`)D@mLo-WO%3k`tR6d^BbYQFf{`2jYs7
zU^28x_Q)H2xnIsmt_o@K`mvqBqQe)PA*I1S5D_01>T0^`pysn-YG;}2mA4v1Vm;@k
zpq_PNx(e;a<rZKhYBZCzwqD`i7<r6Q{d^62_oD=ff&t@|vYfl`S5U@fYu_QGt(b6G
z(wypAY|t{(Yv$?#Q{+CUgApwlwJRYLX^zb2M{h@Kci{&`y2OtgP0QK_DO1FXZM($#
z`8dA?qBilDbwQOQD?jW%PG!D1ODSP;B$ZFEUy2ydu$X)ZN8-Wn8C6<n@kfY<OEc3n
z@6#DFa&a5`M|5Rc5Nvlkn>udNd7_D{C09Tbt~)+}1<cIl6ZWT#TU3`rcBV;$rdS@B
z(PxNK!Zg0fvEAU`;AuCwlHXYtkFiC~_$Mzbbr`SuP%us@N#wl|P7*qw+EXaVK6Ncu
zB^I3{(t7xSjt}R0>OLR35}?Z&Z?Ih7noID0VJ&F?X|oCD#vx)zWh{)L=x0of=E7@?
zy}lr-{sqnzDH<W%y7@x>SnP6#WDHxUcq@a(vWs_ZJH>}pC<F(4PD!N%MN<S6=aXCC
zr>vKoWz20=5;e`ar2#6ZGuc)%J=A9uuhWmsC_XYA?udJf4|7%_a|6!DGjK>rWjM}g
zN*!_-(jT3%Le&M#RFJP!626-1O^ylr*iT#ceIIaNUM%?_1&r!3NBnpEGIFMyCK5i>
z;0Ve1f#+)c-PMi6^2nCr2Og}XO-XAsHnfu{=q_F4OUk>fR2C2iUyhKP3RZvN_YB2b
zS7QTg<dvRDrX@LOtIEv?Ieo+~O9@abi7YvdnVz4x!!Ip$u^zf1P&a`(ENU|)&ubno
zf2o=1&+gP>X0}n0!KI3SNzI@9Y}E_3W4D9kL<6r$sT_OR5B0xMy2ef10{<*X+#ebF
zkbc%pNfBtU=<FF##F{Z%`xHAvSzgX3KTxgBNy5wKBK~2_OEY)UJa-xIGBa_OT9}#Q
z2nUXmG)bfCmx`4l?Dw1Hi9EYA;u`n%B5XSroawv@pX<3$ZP9NztC|Y;E9z<2bW}wk
z(^X=x;TkApn3fjr1rvbz#olh6tGhFA2WcMX=mh3wA6?Sko(;m>>suAoSV9i)n+o!>
zkMv|3Q=FJ?@j8)lX`9ytQxwR9H}CBlX#>-Y5xrHx5ot<9nv~2Vsn>Tz@KApvFuES=
zfW~x(AxkT8b9{qR5ez%RAjWRslOaAHw6pU8c`VpIeB6DShx0B!o57hU4+`N!ld0vY
zzC<B|ya;o#v$e=n4#cSDc?7o{p%NCMDyE=akVI@lzN)K6gm@#!BaB3S%(7-kRqQW?
zQ&3KOT9YnC&wa!sE5!wAH<}Aevp))o&zfs$2KVpptD{T!5n%Fz>RUOl7_@%+4}J1m
zR-3ym`tj`-k>RvQzHfJzuBiD?@4=v9h~3%3eR2BnD7{BQX{(w4veVgpAZ~&Wsle)M
zOK4~kvg0~|(<iTtpb%y3@q}d#Et&zYD4m0k?^x==NPH)boZO3EsBe3F`(>9~qT#x`
z)ZB?CVCF>H)b)}41->F0mg*uZ)71zqs@$B!(%M@$3Dyx<$TV!q6xe*5wEt!1^wxF~
zap@JaV<ggv$m>>3P5O&-CdDTgI+^s2BR#i#D1XM^rS?EA-Nj$D24Lp3n494D`1vzW
z*qGDru?c;bLM@`Oij-1fG_@37jExPOXYOD1SF%%o){8RJ=q$<S3?EK(Ylwu&UbX)s
zMmNGCuxW1vX&>R2F*ZadJ7r;Zksp$lB`W)sn19Nv1alc5-C5@MXb_umOB)Ia8@b5I
zuu{;ol^O3J3u%!Prj(fRp)501vMV{y80>?WLIhc38_988@i-rx3+v(;Thi8wn8Sh~
zBK1D#dm)NAo^Q8af4M2V2X}}25hr-IYUA~PW6)hp4TTEGGIqEx_c6_cn{e4t?7bs}
z>FLyXP*(%3cbOF*YuWppaba$eFR~YXoh`?sh%xE#)1TzcSc7oSvRT4YvrXOY9bUqF
z_WJR?JInbXQtH~x6Pdr9O};W1hZ%z@RWYcvENyWPF0eEh(MQ%pcY9PEEsduzNi79<
zwAQ{V1+BBDkE-9eb4-FKY8Q34T_kKB6(CI)#-N|pXUP+a9^oMG8Bm-PjB0V~@YR)P
zo-1h#=q{u31fQhCyjaqEyE7b{8B9gYxNw#0j?O`?`r4W=2-3Ya^mf_TuKtSJFFbl@
z*iJUY*P6+=J2an}wF<`>_$>LjGDjlHe|zy!Mz*u0s<8Jb!T!4!sn^MBxyZAXirTko
zhds-k!iV(*Gl}xmmQ0mI;K&~<2w8%B98;7e$%9?UCzKkD_iW)=95WMXCj)gwI9oZ`
zD_LB{R<Y5@u9GA;#-wBcj&f!5&vtyPJ{BT<SqaCz_Vg)pQNv5ooz?MXqm*9eM7Miz
z{5@f?Q9&rvBta`)$PMnU)Hge7PN$!y=17EpXivD~ekqqhs*mn~p&N9UC-75?sPL}T
z63u>!-Dlqf%A+&d7p!v-QZh5Za^M_6D4Tt!_gYJ&qAGz9VU&sw{R<AZDaqZwa46qZ
z4q7|6Xz5r7bD{ahBR7%G(`Yl1z9s_ieUHhn5X+_fsl-e#@0_z>rReW?s4D`p#&I#N
zA!PFTMj1Y!E8c`RttKsl`GU(L4VDtWk2Q?YFWIIgyPC}*P^5<c_>2D)B1pv`C{q4E
zoc-^mBcuO+SAu~CMEDnS{e$fPmjJod-G%S=n}__L0z@cdTs7)1KYF5?`Y2D8(i8{^
zny#4dEIi<zkkd4&ZnttMXdAANtK~r%Ak@7Oc=j5~FJvU*pEhBUChhvfJw&ptaXtED
zD9!jAbnA!Wydq=56st?cUjEHP&h9M>20I7zsJs82!tS<%CC?!32J1iyF6Cu6|07Tn
zL^wI<#$9})6!|imhV(LZDilECkM>8?G)qWgng2j6%lzsK&DQUsEzu2W_HQUW3D#u0
zyH%LPo@>e~!aR8;C^{s-)GZ$gMohL}i%Xv^lCc<;=xRAwE{(|0eXFO?p1|7dNr#f_
z+ZZ&>pDTaTd|)roTp&#12yTcNQf$DitW187my6F)Sb(-Pq30fDvxZ+(NE5R|v>5GB
zpov-k4i~=z0AEwPt3LObL?Gy_e-;EY+Hu555KbWnndpl{pNAD5fF#u!3|!y&53k1g
z<D_bq2EwRuHvIcwI-Teqw+I}*X8JDlYlE^`f*z(jJTHFkdU2pHf%0DX$-L<|hs{yp
z!#?wTU12IoJisi2yMsXReSjXD3(HFN?#(18hVs+*B<d|nE0Q<-54}drXcc{FRPmLB
zptZg@{x=<|NNdnRmYC*6Vi7L3?;nfBQp?<g{0lk0Q89W-McKctpw@7M&KVxpGO7ez
zyofpUfy&l#>HiEdXni%3eKcYpTT!Fwd8ow~vqohq9Hdu)$IXNl(73ic<!NpoJRa~E
z)CVdU<}dFD*$8pmaP27IFI*f0fOOT=G{4XGc`I}+^v46y(LU^2xsl{uU&;xsHFy|P
zb*4G=ezp+aNJ}#Zrt?gQuls~MnmAphS)R~YAfe+m(8FhRKi$uM8Ef^;bKvf)d!B3+
z!3MGc-a+@Dp6@tTRcy6w#AkPq)=}IoX(2ABJ2#%MF40vo?_Yy_8ig8&Kh~mI?&_=d
zCQ*MMp0u{>?9)Z)B0a=A-&e;bDxFyLATy_ijfbC*q5pj1MJD=E8rW<p$QHHZe!_rn
zp3SAu0S|_TNRsu0E_oLc_=YmU44iEZj*fp%-r;e|DCf5Xv)e$QD&?KWc=~F4pO;oW
zM%1ShdkZTRFE$}|OhIpYHx>@L(>mG7-uLFgKE=@UoqydX54tGOlIH1PLtMCR{z!Y_
z2LqgW$9rWlkNx;Uvu=fI#d>w%xmDpdJY+PL7u%wqJ#|mCY0_1(r!zA2P!QTX!$oZ(
z@1yeTm=q=4wo78*9rM@##-bVXrh15O%WprSuss@X;@~^HnRQt7G^@c)M6}!Bw#r8@
zif$ss;MQ%E1eProzu8#3Uu!4&KwbmMc2Pk-EQ4>04`m<c&u|Jq$8Cm%Dzr;3VN(4`
z?bd>(L$gSo+d-6hASu$e`E~NWzI}1V0OIIdh*b6LYekg<_#32clwGaPx?ULaT=ITQ
z`8?ip_OI3*wNZ4T@*I}wZc=9O%H<ztoMy`KUZniueK&0S9Xl=@Zha3dQK7O5(iYJa
zmo0!a4`%?fiMty#XW+TGGk?=uXYUZ+>k(FSq70NoP510W`_M5vv=fWzp;!SyxWC*h
zTtnrr7|QeQjoz+l8b^xw<(t92-|xtttBxg8Y692o`}Xyo{F1T3Ft>0sR?wdDNONl0
zp7z*LuGigp5RdzsT*n%DRMV8?TcCaejg+Q949g5@oX+eAWWXSoHiY&+3l>bkMF_$V
z?H;p|PQZ4F#YuH=!I3Uz?PuYJu>W@mpNpE35?}$a0(b*V0oDLZfFr;izz(qc#~lAv
z2!IPB3E_fZ{>LUG0FeM7>ItaSm6&mH(tUZkXku^C=e42z{5siGVub?Qn1o7qWDx4M
PGv%?y-V*eGH}n4hdMP1M

literal 0
HcmV?d00001

diff --git a/src/certificate/pki/leaf-kdn/truststore-kdn.jks b/src/certificate/pki/leaf-kdn/truststore-kdn.jks
new file mode 100644
index 0000000000000000000000000000000000000000..3977c995145dd5d3ff9784b530cc5f86688bf975
GIT binary patch
literal 1782
zcmV<S1_}8vf(G&e0Ru3C2Al>7Duzgg_YDCD0ic2gjRb-Qi7<i&g)o8!fd&aGhDe6@
z4FLxRpn?W+FoFhd0s#Opf(B;>2`Yw2hW8Bt2LUi<1_>&LNQU<f0R;^(Sui*T2`Yw2
zhW8Bt1q?7N1Qgf-R76;#;vgT?vX1Mgy|x^zX3zoxClCSwATSID2r7n1hW8Bu2?YQ!
z9R>+thDZTr0|Wso1Q5%F3;#lb<6`gG6ANZVPGNw81@Q8CXK(2k@LKA%8s&o?q}F<u
zga2W6)LNFAQrua$MyK5VK)mSLPd<s>h%)0XWVhcjEIuexD%t;J8dW;2%z962b^n=i
zYnRl%N4YmHfTrxW7qQXA<<05Ujs&iA_i9KtZ+7(Z>FR{BDySGOD$wPcY772`G7K_`
z29EMlTPR5dmUty?(z!_HN_z)uAVoxeT7zHH9V9USs1#-v7eC6Z#frQe3%ASG(;_pI
zYIT|ZLQv`;6a1zOO1(=B<H5u!7S2(R^Ge+T7YaY_Zig?fHq|=MG~wCG_iIQ9Dhqj&
zD0$%5amrWc^+KF1^GwU(kDV@0vEHRWwcJcX)3=7_Z~VoVyA?1O+)kMq+IW8{)p3oX
zGYY@Cltr|+wuNYS3cOBa6ng~BNR9c2<4N<1YIkm5AsGR;hfW3ng2I(FU9kel_{NmD
zqY~Yv&<F>k*pD)gG#@!Lnc9qaZ2I_$2ZsF#_J@08iO2xAEQ0-O^SsRdAu?55#T+M)
z>FmaggCf1_Xk0U#@&F{WSwZk8*>l|c`9Y_iOqdQ}xYAARLNGAzKR~@<owFZaH=cOZ
z#ef`subFHoiYDvf3N>coU8N(~1eehxlX;B)VlMwujTJ;}sPu)HxATs9IFsyH&fkF3
zqUtpl@Rj4Nibu48eX}{PZQd4#!Y$ylCE;bRW!c$|q&kQI@Iq(U0=zHy;SO(13oZPJ
zqo)ui;?0v8Be}Y3jK*b8t|f*FcY)hp=!yY{#tb_*-=Z@f_a4xS*>>0a`iYIUTWoFT
z%>P^{jRiQ0-QrgeQ|VnCi*}Pw4>?G!u^8c=)N0HLfR9v0EpAs#-sG+aGf$kK|J9D;
zA>ar|>$dN*_lrIr5Y6Bp6FV|3w4r3VcJ!S(1lQ<}QWk!B+peki>l>nxJ0`8*ATGZw
zH-CA%CrMHn5=N<(+DLU?Am^;iQ}2E$Axk^&TI7L=yc57x!Z>z5<LdEUM+4)oCtXr9
zG#f>~5xHw=8l&Fjx_QMIoCfiyxZ`g_A^ByzC9-g25WZ&a2rC9)2koPwNp!Hu1z4D-
zmEu2vjpv>2`@1zw2<!t9PoYEtHADDcpuzNhbXlmbc$92KTxd%YXB#VU`k6EpSCg2}
zLTmuL0UCVHSfm-^=xBuKXv=5(zITgZ8#7u|jMYaML*XH5>KAaigAQwbk{tfa4h0uV
zeImo>@4if#Wp00Y<8(Y#YD9FetySSC0ot?rUFu;d3X?}+kPn?{CJmE*T58{v&wrPJ
zQ@-&$&aE)z5NXTWAW0(N>lr@o>sgZjG?@}1YjKkg_3SMfIcJBr0)x6xz2#i@54J9<
zzHsKOqx^KYCqF7b`C&T3UOEEETDchC*@txLuiW$}e(rDmPG|R#WfP{ooMYG?!51>C
zIO&vzy`Pm3S!0@j6Wg4bPlMd)SKZ>3=B4*q_$tlb!|AcGp_7|HccX#&oEIp#pp;~h
zSUcfal~*BFXOzG!4KFefg0c+2QpQJqFDprI!TObasfBHofQSL0P?7RToWn2PvE$V$
z)F?27$t5%~L+<rh&+xn<AX;oAQWEBev%fFhp>72(DEWmf3YInM45jq6^m-@@k|H1~
zb)(;Xz;l1_Ol_OC%SfsF(J5&$=um`--!j?Eijk$dH>41>VIaGu8|4Yia(qm<>)Ic_
z;oUwFJUy$?P|c@LIuvl0o5f{}txkd-FvQtzdf3{ilDtTjmfdpT>wjLcH>kX%z(F*L
zN*{xutqjR4?4EVlxMZC<6R8I2)j8N;9Z*~YvXo?eNw|c%28o)s`TyGEjZg4=IXM&3
z5ji1}?~|?8&43SotXeMuk#r(V&}o}eCG8yo(pT#!vAYin0j)!%<4VFgj(-6WV;`(8
z*zxQ@6>ZdIPQkd^14bCHn;e4aZn34&gCazml*{_!+zhd?TqA<NRU_>?C+Fus3&uW*
zY0$>CwS0j<Hg6yLS`&^j(YSEfY4_pm9Q}zo7wlP9tfj&!K)pY#X(E9YYnw1lFflL<
z1_@w>NC9O71OfpC00bc1OxUWM1&;REECsI9MoWm09~U)bhYYXNJaN4Q3>mrv6omCB
YHFh&$!)K4uL_>@i-KIXX#sUH-5bwrI2mk;8

literal 0
HcmV?d00001

diff --git a/src/certificate/pki/root/root-ext-kdn.cnf b/src/certificate/pki/root/root-ext-kdn.cnf
new file mode 100644
index 0000000..2b1fd10
--- /dev/null
+++ b/src/certificate/pki/root/root-ext-kdn.cnf
@@ -0,0 +1,5 @@
+[ v3_intermediate_ca ]
+basicConstraints = critical, CA:true, pathlen:0
+keyUsage = critical, keyCertSign, cRLSign
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
diff --git a/src/certificate/pki/root/rootca-kdn.crt b/src/certificate/pki/root/rootca-kdn.crt
new file mode 100644
index 0000000..272c367
--- /dev/null
+++ b/src/certificate/pki/root/rootca-kdn.crt
@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFWzCCA0OgAwIBAgIUHS2vme1ULV9M11i9OdaCmy1QuDYwDQYJKoZIhvcNAQEL
+BQAwPTELMAkGA1UEBhMCS1IxEDAOBgNVBAoMB0JTTS1MQUIxHDAaBgNVBAMME0JT
+TS1MQUIgS0ROIFJvb3QgQ0EwHhcNMjUxMjE1MDgzNjA4WhcNMzUxMjEzMDgzNjA4
+WjA9MQswCQYDVQQGEwJLUjEQMA4GA1UECgwHQlNNLUxBQjEcMBoGA1UEAwwTQlNN
+LUxBQiBLRE4gUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
+AOANyCJLnChz+nIpXMdQjuwZDUWFYrieMI1psNGLcEWyn/DJux2rF1r0riJA0Oc5
+VLSK62oljMeAeYxMTyeu84t+QHT9jBRRaCyAdSddnh7kURb6Q32juinTJjlxVx1/
+qTyyASR4R1BSdHzRNpczKCHAxZArObq+XOzUjgDWxxkXtopu4k52E3W+OqWliW/r
+6c3xOiILP1mMybbhpYAI9QyU+OjFsESWAnxWOl6MLcAXjzQw2mO9JDy3Y7JJjVsd
+tKqoPIsOc6ziwoSbE11T4xwg+k3CQDcmNQINH+qDlLiIRhcIJjPjjNhevVfVkDXe
+bqoQT50+4qEgwJd0I881GqARc3QoUpYYRsUwR+EBgoK8JJHdljZIC1lhdolAeyux
+U+ksfj1icWAhnKdrAgMr2Ph6zVYICMVVenTEdkMF3NfSRfwCJkkAhM9jjPE1ghPq
+2qHAbCN2IK+zJlfdsXmHiF19/uGnIj8FCxVXwOwrwxMXQHJ8qvr4vTjKlgzmWfIw
+L7E6STuU8ub4PNmvsRKmYN//+o+O+j6HMfCvBcnQnq3ecC6px+Uq4p9BnYCrUczS
+IwvE4GEmHCDcItOTgMR6gTHq0xvdB0nm41TasbvBFu0yUfo5pHo2WMluvisHP1KW
+3lxfljIICU157X2TZTFaGHGnWwHNDB+iVys+YD2yo72vAgMBAAGjUzBRMB0GA1Ud
+DgQWBBQLqs8c7pgfq12GLNQc38Wrn77eoDAfBgNVHSMEGDAWgBQLqs8c7pgfq12G
+LNQc38Wrn77eoDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQAp
+M0fJw/46yn6bVFqJeFT4vJ7n0wWD4fwb/vHtKnGiqEysnLSln/f3qv+203C1P1Y9
+xAob0k6w7MGRwN7dQIABAFWgxXK0ONL0zwc5Wrodp5JXhFJyf53KuQ26fBecUcQc
+KlpF8hddOc3aHMrVX15JK1orN0YpjpCoiuZvFwIohvBHrYUKhk8YRvTdxp/tAZTC
+L7AG9f2j8ib8762BqVMFmjbvA4dK9mPb/ajg2EEUOnPHF3yqndG1VFUCaVyJ3/Pu
+IeM1Wfy2R0uCk9hhOr+RylKT8Z0srv8W/cxV2EAym5XFqGqKKGQHWm58lfAEG9Uw
+dcpR6JjPWqCV0/xbJEj3O8SWlZ8D14x+iKvP6VQHPccNrLPJUiKUOXlwgRz437ve
+wx7Ehnb21TkH4rWA7VUd1dYLLlvt7p3EQtgl2AxRzO/jJil+8IPmXWJjkzLgm1WK
+6KP8jprJHhT/PC6MMZNh0K+BjKWW2dG4cL90RxaPdUNmaXttQnrJJ+mZT7kpoSIw
+nveO7vWWsd3KOfgEY95m3o91cigCoSFzBm/OulLAQJQo9fH2jggS6f21+YQwBXg8
+xBSHceSpmoGtGaKFcghc98vr0B/L8hvmNfujJd3cw6i+jxVlSnxAbDBxE7cxcLpH
+3d4+A7RQhFTSXqinU/ect/OodDlgtL0TBEs6vGBYYg==
+-----END CERTIFICATE-----
diff --git a/src/certificate/pki/root/rootca-kdn.key b/src/certificate/pki/root/rootca-kdn.key
new file mode 100644
index 0000000..3a17d64
--- /dev/null
+++ b/src/certificate/pki/root/rootca-kdn.key
@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJrTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQI7bZZy6ptJpwCAggA
+MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBBrkecuy2G85ThOIPGcNtx2BIIJ
+UAURsJ0Zy32Hfkcke7tRohX8RNU/Aj03zDap+dTSy/+Z4eTCjygUCRScMvQlJlBe
+GXNwL+arKj3Y6FNugTebhOxrUTX9j5AXJMMe0R9t7DuYRG5VtYR2jeovLlQboJs8
+OQs0wIRsXJSwmFsF/wZA10bTzFpWScB7N9XHFXkKkCSlN2pSZXG5PxYLevtHha9v
+KVN6Am04YhAxMZfC4uTZfRP4eujXiL3IZNLWGQvK6TK4peOxrWChrBAsClHwknfL
+Y2iUj0dZhXG56suvH/rsboJgjipRVrAvlAOTP7F4GxLqFGU/A0ZwxAueQ219MTbO
+LMsMk5RJNKHFSCr9er/yqMGwIVyuWSJRCuoW1lGgV6tJ85CfDly+To9AHZeZPE1m
+q7Afr5Pp1RmY9mk3YZUHq/+mDuFyKc1j1z89s1ufj86xZoxvSZrrLhX5rAiTnexw
+Vl5EYBmLThtmFh4X4P3yImPKNrn8G1rSIofN+PW7zvJL2aMoOa/eV5k4xA4pUD56
+aOQF4guZvxR5AbJvWqUfMxR04oVuGmARb8RqZgByoPDQqZZCENaXpgC5W6EpbVjX
+Sr0iE6uAgY2aX/PJ2rB70hkVupk8rTVfArn/UUFy5XD4Ifg5ph1LY2dmRerrKQfK
+NG32kkSD3sFUIRboBw8botrSHiyxyNGM9JZf9pPuVE3BkUtQqqBdispPpvVITIxG
+DWNrp/NOzktuVb2xRYyAa/Goo+FL7E/W/voAdDILYTjNXqWtTwQuas1myAthPJ+f
+l2lMA8bRRqKEJOpIGwN49XPBtOcTPINI4eC4q+H+xGThbukUmkPO8O3xinZRbELN
+NOIcCqYHcJuwsJAqlgrc200/5UAIuOFJrCcg1TBt310CWdsqFLIBuFrlbhVrFBBT
+Pp7ZogEcmp/ogY7ttSReza9HeiwJOWHqw6PNP+8zztsrqf2I07CR03H0E+20VZty
+jerUqa5KsCTKaNtPT2p7IOv+IsdWDr+HX1OzbRiULsE/5etAFDblbTP2dKcVNdLO
+OSbejQX1NfJ2CNn9uiV0bOTUkCOvU87TTntPPke10H2knADfZ/E8XBaX0Qs/wuk4
+tQzQoar1Y8V4Zjnu0lEzydZN3hGiJ0pz0BdKNV168Oa3df+dTTAkNI8KulRKnRHs
+V+oy/XWouUeUj3Ra3DuPnWayUHi9Ojca0fE3raWoIbO3FFnzLsedKeIkCoX1gb7h
+/+CbUiMz4wT7fsqGcM7wpiXNdMlAeoDhgOLpssZEY8Vb0ElUNxqypAh2MkEErHrj
+qMDkx0OtqYFMqQqZSmlF9oDVg+0ra3aC9tZlPNtuS8TxMqEA0Pb+FgySM3YVRTBU
+vnilQQbFa+Q0Spo7uB4cEfN6B2kLpW/Of2Tjtpe7hzOMXbpCDhooI5aGeGERZIPg
+PpyvAZn1KJMaFrjFVzS08pitNRRynJIsUIUUFekISnuu9JfaA7H8cpdXiz+wIxbW
+79qWujCIV7vur1gy8Wdnu4ixzzdlctc2zeJeRRjDTTgCLMDI/Q0h/ettJBOGtc3e
+19k+vBxRmVTubLmSBqRZSONi78vLZboyzpBnbHWUMOZiMGtcAWsfY2Y07W37UZNk
+rS2ysB+3o6Ag1wUoMs8SE9YvNNx1Slnn2T2inS6GeO3nX24/DTjBesiTi4hR15L2
+CIZ8ifGB5yTk3gpR8pSEAl6E875ZI6nXbxBL9fYCpSZk7hoKNUKniJHPObokRE7O
+HpcU6/VBKIGHm30xLrgb2qMniCAdUSl0PdrXZ6LYx7WJe/ak9IyPp3B8jkp31Lul
+FmjS9QDx32UbrZfd7ekZZj6Bry8GZfaqJDW57+NOEhbwvduB0f37dskN4UswSDEw
+O1XKeEPL6QXqv+CkPB/q74T0fHhTdgI6np33ETcARYECdC7llHkxPgtRbys/Ykn8
+XfSFk1hM2mwMhKkb40QMfuYpNiwN32iKwlaIE5q0j4SIKGLsa8jOGbEAGDig3+Rx
+vNOYiZeeBMnrhx5FeQRMlW+QaetCdUGGARGTR3/zmll7EqDuB2R+nH9XlcTSwrTw
+Xy+xH8vLR9tED2pJ/hTBSvRbr+Lj07U7SvuLdcCmF3BV8O7x8y6GxjEbgDvcYHpG
+qLGLHqjDjXd+1uwkBOeYlqIKbG9IdSgzHY/BeFNfGccoBVDq73N4uL0EN+YI3vR0
+HXeb/mQhbSs6ivncIc4Qb68VEIJi0iBRtabegyFZdXMqoQP8BEnBadWIYFFsFeAy
+mZsDUPMQbixtkdkQgP0n2QFQhqIUHRljQmJfLORPKC2xUbeXJd9kFh3BdW8aVOEW
+g+pTGN4LqNZwBvamTXpGcP0VGTVoxtJD3RYjIsDvqyM2cq72p8PryCoQjqgvF8Mt
+XmWJRkJd1Ivp3p5f4vn4Z/IpN9jBtjEpgh0xQMM5naoFCDcu7iUm9X2vUgknz/62
+2mamZjtoQmu+RdpQpj+bHWaJeL5EEIGnzFhogmpb2JrbnzpNQ8dnCG/A9jD6F96d
+3+P+4b7VESWeHNLKMno0ewSKmxOXn/s4UWhqSRBBU1jd1elwrmHTkPxcxwpZLCsQ
+59qfp9tvZqgugAlSKIi3d8rWMPNPcB7OIHs062fZbnB6tpRXRgHQwPWNZzQrazpF
+wJFlFvfn4xUYN19LvhLqT7ksB4Q9Vd0vN3rYyxH7QFChLZgRKGqzywmD3RxcOv2/
+b7S2vY87Cgd+4H2GqFFWy8Of/HhvU/gck8x0U1l2GyW//2U9TfsC+KlQVBqdnvZ/
+vqTdMYI1QEIYFttKot9kTjc9q7oPZlivVyb7pG3bwm48+Ujpest6cQ5x6/7NLjxd
+5AjYKWr3xSajjW8cKH940Mx+7s2rFrPOE4X4NhlWEafAti/V9B/ThZjEZpkl0E7q
+BbO4Prh8kSVnaPlkvKGXYq+7+j7LqL0uSR/xO6CcT98uDPVW+ofMl9MzqelRBBdG
+vXvKCDTYL+ewMMQs2SJ5rXAm0oYzRYKWbBDBcmzC+Qt5t4XU79mZw/fAgC5JYO2G
+tZjopYc+kOSX1SoJ5e1F+sZlPPNWZ4fi1c2LwpERyZx6wn9b3xagQcV6U6ZAbCd3
+00N+pK11AluK/ZXD2k48yh2VjHFLL2JLrHD/KjCgiC3yTcQaSQMAUz/9wQcWUD5o
+iio8UAtxqSppPdRMkWr92QIcprKZjlppP+IgaLKZEnoL
+-----END ENCRYPTED PRIVATE KEY-----